From e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Mon, 11 May 2015 17:20:37 -0700 Subject: external/boringssl: bump revision. This change bumps the BoringSSL revision to the current tip-of-tree. Change-Id: I91d5bf467e16e8d86cb19a4de873985f524e5faa --- BORINGSSL_REVISION | 2 +- err_data.c | 2631 +++++++++++ linux-aarch64/crypto/aes/aesv8-armx.S | 520 +-- linux-aarch64/crypto/modes/ghashv8-armx.S | 251 +- linux-aarch64/crypto/sha/sha1-armv8.S | 664 +-- linux-aarch64/crypto/sha/sha256-armv8.S | 292 +- linux-aarch64/crypto/sha/sha512-armv8.S | 96 +- linux-arm/crypto/aes/aes-armv4.S | 93 +- linux-arm/crypto/aes/aesv8-armx.S | 748 ++-- linux-arm/crypto/aes/bsaes-armv7.S | 2331 +++++----- linux-arm/crypto/bn/armv4-mont.S | 322 +- linux-arm/crypto/modes/ghash-armv4.S | 325 +- linux-arm/crypto/modes/ghashv8-armx.S | 265 +- linux-arm/crypto/sha/sha1-armv4-large.S | 248 +- linux-arm/crypto/sha/sha256-armv4.S | 422 +- linux-arm/crypto/sha/sha512-armv4.S | 1457 ++++--- linux-x86/crypto/aes/aesni-x86.S | 789 ++-- linux-x86/crypto/bn/bn-586.S | 437 +- linux-x86/crypto/bn/x86-mont.S | 172 +- linux-x86/crypto/cpu-x86-asm.S | 28 +- linux-x86/crypto/sha/sha1-586.S | 1422 +++++- linux-x86/crypto/sha/sha256-586.S | 1643 ++++++- linux-x86/crypto/sha/sha512-586.S | 2271 +++++++++- linux-x86_64/crypto/aes/aesni-x86_64.S | 502 ++- linux-x86_64/crypto/cpu-x86_64-asm.S | 4 - linux-x86_64/crypto/rand/rdrand-x86_64.S | 11 + linux-x86_64/crypto/rc4/rc4-x86_64.S | 27 - mac-x86/crypto/aes/aesni-x86.S | 793 ++-- mac-x86/crypto/bn/bn-586.S | 441 +- mac-x86/crypto/bn/x86-mont.S | 176 +- mac-x86/crypto/cpu-x86-asm.S | 28 +- mac-x86/crypto/sha/sha1-586.S | 1422 +++++- mac-x86/crypto/sha/sha256-586.S | 1647 ++++++- mac-x86/crypto/sha/sha512-586.S | 2275 +++++++++- mac-x86_64/crypto/aes/aesni-x86_64.S | 502 ++- mac-x86_64/crypto/cpu-x86_64-asm.S | 4 - mac-x86_64/crypto/rand/rdrand-x86_64.S | 11 + mac-x86_64/crypto/rc4/rc4-x86_64.S | 27 - sources.mk | 70 +- src/BUILDING | 43 +- src/CMakeLists.txt | 42 +- src/STYLE | 198 + src/crypto/CMakeLists.txt | 33 +- src/crypto/aes/aes.c | 24 +- src/crypto/aes/asm/aes-armv4.pl | 43 +- src/crypto/aes/asm/aesni-x86.pl | 319 +- src/crypto/aes/asm/aesni-x86_64.pl | 945 +++- src/crypto/aes/asm/aesv8-armx.pl | 228 +- src/crypto/aes/asm/bsaes-armv7.pl | 54 +- src/crypto/asn1/CMakeLists.txt | 1 - src/crypto/asn1/a_d2i_fp.c | 2 +- src/crypto/asn1/a_gentm.c | 1 + src/crypto/asn1/a_time.c | 1 + src/crypto/asn1/a_type.c | 3 + src/crypto/asn1/a_utctm.c | 3 +- src/crypto/asn1/asn1_error.c | 203 - src/crypto/asn1/asn1_lib.c | 47 +- src/crypto/asn1/asn1_par.c | 40 +- src/crypto/asn1/bio_ndef.c | 6 + src/crypto/asn1/tasn_dec.c | 33 +- src/crypto/asn1/tasn_new.c | 10 +- src/crypto/asn1/tasn_prn.c | 3 + src/crypto/asn1/tasn_typ.c | 67 +- src/crypto/asn1/tasn_utl.c | 1 + src/crypto/base64/CMakeLists.txt | 2 +- src/crypto/base64/base64.c | 4 + src/crypto/base64/base64_test.c | 133 - src/crypto/base64/base64_test.cc | 128 + src/crypto/bio/CMakeLists.txt | 3 +- src/crypto/bio/bio.c | 28 +- src/crypto/bio/bio_error.c | 59 - src/crypto/bio/bio_test.c | 362 -- src/crypto/bio/bio_test.cc | 359 ++ src/crypto/bio/buffer.c | 13 +- src/crypto/bio/connect.c | 31 +- src/crypto/bio/pair.c | 14 +- src/crypto/bio/socket.c | 8 +- src/crypto/bn/CMakeLists.txt | 3 +- src/crypto/bn/asm/armv4-mont.pl | 42 +- src/crypto/bn/asm/x86_64-gcc.c | 74 +- src/crypto/bn/bn.c | 12 +- src/crypto/bn/bn_error.c | 63 - src/crypto/bn/bn_test.c | 1471 ------- src/crypto/bn/bn_test.cc | 1619 +++++++ src/crypto/bn/convert.c | 10 +- src/crypto/bn/ctx.c | 12 +- src/crypto/bn/div.c | 23 +- src/crypto/bn/exponentiation.c | 163 +- src/crypto/bn/gcd.c | 15 +- src/crypto/bn/generic.c | 33 +- src/crypto/bn/internal.h | 10 +- src/crypto/bn/montgomery.c | 62 +- src/crypto/bn/mul.c | 6 +- src/crypto/bn/prime.c | 14 +- src/crypto/bn/random.c | 4 +- src/crypto/bn/sqrt.c | 2 +- src/crypto/buf/CMakeLists.txt | 1 - src/crypto/buf/buf_error.c | 25 - src/crypto/bytestring/CMakeLists.txt | 2 +- src/crypto/bytestring/bytestring_test.c | 655 --- src/crypto/bytestring/bytestring_test.cc | 674 +++ src/crypto/bytestring/cbb.c | 15 +- src/crypto/bytestring/cbs.c | 16 +- src/crypto/chacha/chacha_vec.c | 23 +- src/crypto/chacha/chacha_vec_arm.S | 728 ++-- src/crypto/chacha/chacha_vec_arm_generate.go | 148 + src/crypto/cipher/CMakeLists.txt | 4 +- src/crypto/cipher/aead.c | 42 +- src/crypto/cipher/aead_test.c | 387 -- src/crypto/cipher/aead_test.cc | 276 ++ src/crypto/cipher/cipher.c | 10 +- src/crypto/cipher/cipher_error.c | 78 - src/crypto/cipher/cipher_test.c | 64 +- src/crypto/cipher/e_aes.c | 444 +- src/crypto/cipher/e_chacha20poly1305.c | 8 +- src/crypto/cipher/e_des.c | 30 +- src/crypto/cipher/e_rc4.c | 19 +- src/crypto/cipher/e_ssl3.c | 125 +- src/crypto/cipher/e_tls.c | 180 +- src/crypto/cipher/internal.h | 10 +- src/crypto/cipher/test/aes_128_ctr_hmac_sha256.txt | 336 ++ src/crypto/cipher/test/aes_256_ctr_hmac_sha256.txt | 336 ++ src/crypto/cipher/test/cipher_test.txt | 37 + src/crypto/cmac/CMakeLists.txt | 17 + src/crypto/cmac/cmac.c | 239 + src/crypto/cmac/cmac_test.cc | 154 + src/crypto/conf/CMakeLists.txt | 1 - src/crypto/conf/conf.c | 76 +- src/crypto/conf/conf_error.c | 31 - src/crypto/cpu-arm-asm.S | 32 + src/crypto/cpu-arm.c | 87 +- src/crypto/cpu-intel.c | 1 + src/crypto/cpu-x86-asm.pl | 4 - src/crypto/cpu-x86_64-asm.pl | 4 - src/crypto/crypto_error.c | 25 - src/crypto/crypto_error.h | 18 - src/crypto/des/des.c | 54 + src/crypto/dh/CMakeLists.txt | 3 +- src/crypto/dh/dh.c | 33 +- src/crypto/dh/dh_error.c | 29 - src/crypto/dh/dh_impl.c | 14 +- src/crypto/dh/dh_test.c | 502 --- src/crypto/dh/dh_test.cc | 480 ++ src/crypto/digest/CMakeLists.txt | 3 +- src/crypto/digest/digest.c | 2 - src/crypto/digest/digest_error.c | 24 - src/crypto/digest/digest_test.c | 244 -- src/crypto/digest/digest_test.cc | 249 ++ src/crypto/digest/md32_common.h | 18 +- src/crypto/directory_posix.c | 1 + src/crypto/directory_win.c | 3 + src/crypto/dsa/CMakeLists.txt | 1 - src/crypto/dsa/dsa.c | 64 +- src/crypto/dsa/dsa_error.c | 30 - src/crypto/dsa/dsa_impl.c | 68 +- src/crypto/dsa/dsa_test.c | 57 +- src/crypto/ec/CMakeLists.txt | 11 +- src/crypto/ec/ec.c | 53 +- src/crypto/ec/ec_asn1.c | 61 +- src/crypto/ec/ec_error.c | 107 - src/crypto/ec/ec_key.c | 95 +- src/crypto/ec/ec_montgomery.c | 129 +- src/crypto/ec/ec_test.c | 124 - src/crypto/ec/ec_test.cc | 185 + src/crypto/ec/internal.h | 47 +- src/crypto/ec/oct.c | 39 +- src/crypto/ec/p256-64.c | 1936 +++++++++ src/crypto/ec/simple.c | 611 ++- src/crypto/ec/util-64.c | 183 + src/crypto/ec/wnaf.c | 180 +- src/crypto/ecdh/CMakeLists.txt | 1 - src/crypto/ecdh/ecdh.c | 12 +- src/crypto/ecdh/ecdh_error.c | 25 - src/crypto/ecdsa/CMakeLists.txt | 3 +- src/crypto/ecdsa/ecdsa.c | 56 +- src/crypto/ecdsa/ecdsa_asn1.c | 27 +- src/crypto/ecdsa/ecdsa_error.c | 32 - src/crypto/ecdsa/ecdsa_test.c | 328 -- src/crypto/ecdsa/ecdsa_test.cc | 340 ++ src/crypto/engine/CMakeLists.txt | 1 - src/crypto/engine/engine.c | 42 +- src/crypto/engine/engine_error.c | 22 - src/crypto/err/CMakeLists.txt | 35 +- src/crypto/err/asn1.errordata | 152 + src/crypto/err/bio.errordata | 35 + src/crypto/err/bn.errordata | 42 + src/crypto/err/buf.errordata | 4 + src/crypto/err/cipher.errordata | 60 + src/crypto/err/conf.errordata | 10 + src/crypto/err/crypto.errordata | 4 + src/crypto/err/dh.errordata | 8 + src/crypto/err/digest.errordata | 3 + src/crypto/err/dsa.errordata | 9 + src/crypto/err/ec.errordata | 93 + src/crypto/err/ecdh.errordata | 4 + src/crypto/err/ecdsa.errordata | 10 + src/crypto/err/engine.errordata | 1 + src/crypto/err/err.c | 456 +- src/crypto/err/err_data_generate.go | 287 ++ src/crypto/err/err_impl.c | 323 -- src/crypto/err/err_test.c | 140 - src/crypto/err/err_test.cc | 134 + src/crypto/err/evp.errordata | 114 + src/crypto/err/hkdf.errordata | 2 + src/crypto/err/obj.errordata | 5 + src/crypto/err/pem.errordata | 39 + src/crypto/err/pkcs8.errordata | 43 + src/crypto/err/rsa.errordata | 69 + src/crypto/err/ssl.errordata | 376 ++ src/crypto/err/x509.errordata | 96 + src/crypto/err/x509v3.errordata | 120 + src/crypto/evp/CMakeLists.txt | 14 +- src/crypto/evp/asn1.c | 2 +- src/crypto/evp/digestsign.c | 35 +- src/crypto/evp/evp.c | 42 +- src/crypto/evp/evp_ctx.c | 41 +- src/crypto/evp/evp_error.c | 131 - src/crypto/evp/evp_extra_test.cc | 601 +++ src/crypto/evp/evp_test.c | 639 --- src/crypto/evp/evp_test.cc | 262 ++ src/crypto/evp/evp_tests.txt | 174 + src/crypto/evp/internal.h | 43 + src/crypto/evp/p_dsa_asn1.c | 569 +++ src/crypto/evp/p_ec.c | 10 +- src/crypto/evp/p_ec_asn1.c | 65 +- src/crypto/evp/p_hmac.c | 3 +- src/crypto/evp/p_rsa.c | 65 +- src/crypto/evp/p_rsa_asn1.c | 42 +- src/crypto/evp/pbkdf_test.cc | 179 + src/crypto/evp/sign.c | 10 +- src/crypto/ex_data.c | 196 +- src/crypto/ex_data_impl.c | 401 -- src/crypto/hkdf/CMakeLists.txt | 1 - src/crypto/hkdf/hkdf_error.c | 23 - src/crypto/hkdf/hkdf_test.c | 3 +- src/crypto/hmac/CMakeLists.txt | 3 +- src/crypto/hmac/hmac.c | 72 +- src/crypto/hmac/hmac_test.c | 223 - src/crypto/hmac/hmac_test.cc | 171 + src/crypto/hmac/hmac_tests.txt | 102 + src/crypto/internal.h | 241 +- src/crypto/lhash/make_macros.sh | 11 +- src/crypto/md4/md4.c | 1 + src/crypto/modes/asm/ghash-armv4.pl | 49 +- src/crypto/modes/asm/ghash-x86.pl | 4 +- src/crypto/modes/asm/ghashv8-armx.pl | 291 +- src/crypto/modes/cbc.c | 6 +- src/crypto/modes/ctr.c | 12 +- src/crypto/modes/gcm.c | 21 +- src/crypto/modes/gcm_test.c | 32 +- src/crypto/modes/internal.h | 3 + src/crypto/obj/CMakeLists.txt | 1 - src/crypto/obj/obj.c | 69 +- src/crypto/obj/obj_error.c | 26 - src/crypto/pem/CMakeLists.txt | 1 - src/crypto/pem/pem_error.c | 73 - src/crypto/pem/pem_lib.c | 3 +- src/crypto/pem/pem_pk8.c | 1 + src/crypto/perlasm/arm-xlate.pl | 165 + src/crypto/perlasm/ppc-xlate.pl | 167 - src/crypto/perlasm/sparcv9_modes.pl | 1680 ------- src/crypto/perlasm/x86masm.pl | 15 +- src/crypto/pkcs8/CMakeLists.txt | 3 +- src/crypto/pkcs8/pkcs12_test.c | 763 ---- src/crypto/pkcs8/pkcs12_test.cc | 759 ++++ src/crypto/pkcs8/pkcs8.c | 98 +- src/crypto/pkcs8/pkcs8_error.c | 68 - src/crypto/poly1305/poly1305.c | 24 +- src/crypto/poly1305/poly1305_arm.c | 33 +- src/crypto/poly1305/poly1305_vec.c | 15 +- src/crypto/rand/CMakeLists.txt | 13 + src/crypto/rand/asm/rdrand-x86_64.pl | 25 + src/crypto/rand/hwrand.c | 56 + src/crypto/rand/internal.h | 40 + src/crypto/rand/rand.c | 128 + src/crypto/rand/urandom.c | 58 +- src/crypto/rand/windows.c | 8 +- src/crypto/rc4/asm/rc4-x86_64.pl | 26 - src/crypto/rc4/rc4.c | 67 +- src/crypto/rsa/CMakeLists.txt | 1 - src/crypto/rsa/blinding.c | 36 +- src/crypto/rsa/internal.h | 3 +- src/crypto/rsa/padding.c | 19 +- src/crypto/rsa/rsa.c | 123 +- src/crypto/rsa/rsa_error.c | 95 - src/crypto/rsa/rsa_impl.c | 184 +- src/crypto/rsa/rsa_test.c | 37 +- src/crypto/sha/asm/sha1-586.pl | 2 +- src/crypto/sha/asm/sha1-armv4-large.pl | 23 +- src/crypto/sha/asm/sha1-armv8.pl | 17 +- src/crypto/sha/asm/sha256-armv4.pl | 101 +- src/crypto/sha/asm/sha512-armv4.pl | 100 +- src/crypto/sha/asm/sha512-armv8.pl | 35 +- src/crypto/sha/sha1.c | 3 +- src/crypto/sha/sha512.c | 24 +- src/crypto/stack/make_macros.sh | 3 + src/crypto/stack/stack.c | 38 +- src/crypto/test/CMakeLists.txt | 7 + src/crypto/test/file_test.cc | 326 ++ src/crypto/test/file_test.h | 166 + src/crypto/test/scoped_types.h | 120 + src/crypto/test/stl_compat.h | 144 + src/crypto/thread.c | 74 +- src/crypto/thread_none.c | 55 + src/crypto/thread_pthread.c | 162 + src/crypto/thread_test.c | 202 + src/crypto/thread_win.c | 282 ++ src/crypto/time_support.c | 12 +- src/crypto/x509/CMakeLists.txt | 1 - src/crypto/x509/asn1_gen.c | 73 +- src/crypto/x509/by_dir.c | 7 + src/crypto/x509/by_file.c | 5 +- src/crypto/x509/i2d_pr.c | 7 +- src/crypto/x509/pkcs7.c | 1 + src/crypto/x509/pkcs7_test.c | 1 + src/crypto/x509/vpm_int.h | 6 +- src/crypto/x509/x509_att.c | 2 +- src/crypto/x509/x509_error.c | 128 - src/crypto/x509/x509_lu.c | 5 +- src/crypto/x509/x509_req.c | 2 + src/crypto/x509/x509_v3.c | 2 +- src/crypto/x509/x509_vfy.c | 95 +- src/crypto/x509/x509_vpm.c | 126 +- src/crypto/x509/x_crl.c | 1 + src/crypto/x509/x_info.c | 1 + src/crypto/x509/x_name.c | 29 +- src/crypto/x509/x_pkey.c | 3 +- src/crypto/x509/x_pubkey.c | 5 +- src/crypto/x509/x_x509.c | 29 +- src/crypto/x509v3/CMakeLists.txt | 4 +- src/crypto/x509v3/tabtest.c | 9 + src/crypto/x509v3/v3_alt.c | 2 + src/crypto/x509v3/v3_conf.c | 76 +- src/crypto/x509v3/v3_cpols.c | 14 + src/crypto/x509v3/v3_purp.c | 3 +- src/crypto/x509v3/v3_utl.c | 88 +- src/crypto/x509v3/v3nametest.c | 11 +- src/crypto/x509v3/x509v3_error.c | 147 - src/decrepit/CMakeLists.txt | 9 + src/decrepit/blowfish/CMakeLists.txt | 9 + src/decrepit/blowfish/blowfish.c | 493 +++ src/decrepit/cast/CMakeLists.txt | 10 + src/decrepit/cast/cast.c | 416 ++ src/decrepit/cast/cast_tables.c | 425 ++ src/decrepit/macros.h | 123 + src/include/openssl/aead.h | 60 +- src/include/openssl/asn1.h | 336 +- src/include/openssl/asn1_mac.h | 504 +-- src/include/openssl/asn1t.h | 2 +- src/include/openssl/base.h | 13 +- src/include/openssl/bio.h | 95 +- src/include/openssl/blowfish.h | 93 + src/include/openssl/bn.h | 114 +- src/include/openssl/buf.h | 4 +- src/include/openssl/bytestring.h | 10 +- src/include/openssl/cast.h | 96 + src/include/openssl/cipher.h | 138 +- src/include/openssl/cmac.h | 76 + src/include/openssl/conf.h | 27 +- src/include/openssl/cpu.h | 1 - src/include/openssl/crypto.h | 12 +- src/include/openssl/des.h | 13 + src/include/openssl/dh.h | 21 +- src/include/openssl/digest.h | 7 +- src/include/openssl/dsa.h | 20 +- src/include/openssl/dtls1.h | 271 +- src/include/openssl/ec.h | 184 +- src/include/openssl/ec_key.h | 2 +- src/include/openssl/ecdh.h | 6 +- src/include/openssl/ecdsa.h | 27 +- src/include/openssl/engine.h | 10 +- src/include/openssl/err.h | 76 +- src/include/openssl/evp.h | 334 +- src/include/openssl/ex_data.h | 168 +- src/include/openssl/hmac.h | 13 +- src/include/openssl/lhash.h | 3 - src/include/openssl/lhash_macros.h | 116 - src/include/openssl/mem.h | 1 + src/include/openssl/obj.h | 8 +- src/include/openssl/opensslfeatures.h | 5 + src/include/openssl/opensslv.h | 2 +- src/include/openssl/pem.h | 87 +- src/include/openssl/pkcs8.h | 88 +- src/include/openssl/rand.h | 6 +- src/include/openssl/rc4.h | 7 +- src/include/openssl/rsa.h | 183 +- src/include/openssl/safe_stack.h | 16 - src/include/openssl/safestack.h | 16 + src/include/openssl/ssl.h | 2009 +++++---- src/include/openssl/ssl2.h | 4 - src/include/openssl/ssl3.h | 39 +- src/include/openssl/stack.h | 9 +- src/include/openssl/stack_macros.h | 624 ++- src/include/openssl/thread.h | 155 +- src/include/openssl/time_support.h | 1 - src/include/openssl/tls1.h | 101 +- src/include/openssl/x509.h | 201 +- src/include/openssl/x509_vfy.h | 9 +- src/include/openssl/x509v3.h | 255 +- src/ssl/CMakeLists.txt | 5 +- src/ssl/d1_both.c | 962 ++-- src/ssl/d1_clnt.c | 30 +- src/ssl/d1_lib.c | 237 +- src/ssl/d1_meth.c | 47 +- src/ssl/d1_pkt.c | 554 +-- src/ssl/d1_srtp.c | 7 +- src/ssl/d1_srvr.c | 96 +- src/ssl/internal.h | 1134 +++++ src/ssl/pqueue/pqueue.c | 3 + src/ssl/pqueue/pqueue_test.c | 15 +- src/ssl/s3_both.c | 75 +- src/ssl/s3_clnt.c | 310 +- src/ssl/s3_enc.c | 38 +- src/ssl/s3_lib.c | 778 +--- src/ssl/s3_meth.c | 9 +- src/ssl/s3_pkt.c | 472 +- src/ssl/s3_srvr.c | 439 +- src/ssl/ssl_algs.c | 9 +- src/ssl/ssl_asn1.c | 53 +- src/ssl/ssl_cert.c | 254 +- src/ssl/ssl_ciph.c | 1421 ------ src/ssl/ssl_cipher.c | 1362 ++++++ src/ssl/ssl_error.c | 566 --- src/ssl/ssl_lib.c | 927 ++-- src/ssl/ssl_locl.h | 1035 ----- src/ssl/ssl_rsa.c | 91 +- src/ssl/ssl_sess.c | 135 +- src/ssl/ssl_stat.c | 18 +- src/ssl/ssl_test.c | 456 -- src/ssl/ssl_test.cc | 509 +++ src/ssl/ssl_txt.c | 5 +- src/ssl/t1_enc.c | 141 +- src/ssl/t1_lib.c | 260 +- src/ssl/t1_reneg.c | 9 +- src/ssl/test/CMakeLists.txt | 3 - src/ssl/test/async_bio.cc | 62 +- src/ssl/test/async_bio.h | 18 +- src/ssl/test/bssl_shim.cc | 1079 +++-- src/ssl/test/malloc.cc | 19 +- src/ssl/test/packeted_bio.cc | 145 +- src/ssl/test/packeted_bio.h | 28 +- src/ssl/test/runner/chacha20_poly1305.go | 159 + src/ssl/test/runner/chacha20_poly1305_test.go | 99 + src/ssl/test/runner/cipher_suites.go | 29 +- src/ssl/test/runner/common.go | 130 +- src/ssl/test/runner/conn.go | 178 +- src/ssl/test/runner/dtls.go | 288 +- src/ssl/test/runner/handshake_client.go | 111 +- src/ssl/test/runner/handshake_server.go | 75 +- src/ssl/test/runner/key_agreement.go | 81 +- src/ssl/test/runner/packet_adapter.go | 101 +- src/ssl/test/runner/poly1305.go | 1540 +++++++ src/ssl/test/runner/prf.go | 4 +- src/ssl/test/runner/runner.go | 1084 ++++- src/ssl/test/runner/test_output.go | 79 + src/ssl/test/scoped_types.h | 28 + src/ssl/test/test_config.cc | 45 +- src/ssl/test/test_config.h | 69 +- src/tool/CMakeLists.txt | 7 +- src/tool/args.cc | 20 +- src/tool/client.cc | 190 +- src/tool/const.cc | 2 +- src/tool/digest.cc | 16 +- src/tool/internal.h | 10 +- src/tool/pkcs12.cc | 8 +- src/tool/rand.cc | 95 + src/tool/server.cc | 15 +- src/tool/speed.cc | 230 +- src/tool/tool.cc | 2 + src/tool/transport_common.cc | 13 +- src/util/aarch64-toolchain.cmake | 6 - src/util/all_tests.go | 240 + src/util/all_tests.sh | 85 - src/util/arm-toolchain.cmake | 6 - src/util/bot/DEPS | 134 + src/util/bot/README | 3 + src/util/bot/cmake-linux64.tar.gz.sha1 | 1 + src/util/bot/cmake-mac.tar.gz.sha1 | 1 + src/util/bot/cmake-win32.zip.sha1 | 1 + src/util/bot/extract.py | 139 + src/util/bot/go/bootstrap.py | 297 ++ src/util/bot/go/env.py | 49 + src/util/bot/perl-win32.zip.sha1 | 1 + src/util/bot/toolchain_vs2013.hash | 1 + src/util/bot/update_clang.py | 71 + src/util/bot/vs_env.py | 37 + src/util/bot/vs_toolchain.py | 114 + src/util/bot/yasm-win32.exe.sha1 | 1 + src/util/clang-toolchain.cmake | 2 - src/util/doc.config | 8 + src/util/doc.go | 21 +- src/util/generate_build_files.py | 341 ++ src/util/make_errors.go | 106 +- update_gypi_and_asm.py | 215 - win-x86/crypto/aes/aes-586.asm | 3219 ++++++++++++++ win-x86/crypto/aes/aesni-x86.asm | 2424 +++++++++++ win-x86/crypto/aes/vpaes-x86.asm | 649 +++ win-x86/crypto/bn/bn-586.asm | 1523 +++++++ win-x86/crypto/bn/co-586.asm | 1260 ++++++ win-x86/crypto/bn/x86-mont.asm | 469 ++ win-x86/crypto/cpu-x86-asm.asm | 303 ++ win-x86/crypto/md5/md5-586.asm | 691 +++ win-x86/crypto/modes/ghash-x86.asm | 1265 ++++++ win-x86/crypto/rc4/rc4-586.asm | 382 ++ win-x86/crypto/sha/sha1-586.asm | 2805 ++++++++++++ win-x86/crypto/sha/sha256-586.asm | 4591 ++++++++++++++++++++ win-x86/crypto/sha/sha512-586.asm | 2843 ++++++++++++ win-x86_64/crypto/aes/aes-x86_64.asm | 3506 ++++++++------- win-x86_64/crypto/aes/aesni-x86_64.asm | 3678 +++++++++------- win-x86_64/crypto/aes/bsaes-x86_64.asm | 2213 +++++----- win-x86_64/crypto/aes/vpaes-x86_64.asm | 972 ++--- win-x86_64/crypto/bn/rsaz-avx2.asm | 43 +- win-x86_64/crypto/bn/rsaz-x86_64.asm | 1048 +++-- win-x86_64/crypto/bn/x86_64-mont.asm | 808 ++-- win-x86_64/crypto/bn/x86_64-mont5.asm | 1575 ++++--- win-x86_64/crypto/cpu-x86_64-asm.asm | 130 +- win-x86_64/crypto/md5/md5-x86_64.asm | 470 +- win-x86_64/crypto/modes/aesni-gcm-x86_64.asm | 21 +- win-x86_64/crypto/modes/ghash-x86_64.asm | 1027 +++-- win-x86_64/crypto/rand/rdrand-x86_64.asm | 22 + win-x86_64/crypto/rc4/rc4-md5-x86_64.asm | 1020 +++-- win-x86_64/crypto/rc4/rc4-x86_64.asm | 848 ++-- win-x86_64/crypto/sha/sha1-x86_64.asm | 1397 +++--- win-x86_64/crypto/sha/sha256-x86_64.asm | 971 +++-- win-x86_64/crypto/sha/sha512-x86_64.asm | 786 ++-- 525 files changed, 89597 insertions(+), 41450 deletions(-) create mode 100644 err_data.c create mode 100644 linux-x86_64/crypto/rand/rdrand-x86_64.S create mode 100644 mac-x86_64/crypto/rand/rdrand-x86_64.S create mode 100644 src/STYLE delete mode 100644 src/crypto/asn1/asn1_error.c delete mode 100644 src/crypto/base64/base64_test.c create mode 100644 src/crypto/base64/base64_test.cc delete mode 100644 src/crypto/bio/bio_error.c delete mode 100644 src/crypto/bio/bio_test.c create mode 100644 src/crypto/bio/bio_test.cc delete mode 100644 src/crypto/bn/bn_error.c delete mode 100644 src/crypto/bn/bn_test.c create mode 100644 src/crypto/bn/bn_test.cc delete mode 100644 src/crypto/buf/buf_error.c delete mode 100644 src/crypto/bytestring/bytestring_test.c create mode 100644 src/crypto/bytestring/bytestring_test.cc create mode 100644 src/crypto/chacha/chacha_vec_arm_generate.go delete mode 100644 src/crypto/cipher/aead_test.c create mode 100644 src/crypto/cipher/aead_test.cc delete mode 100644 src/crypto/cipher/cipher_error.c create mode 100644 src/crypto/cipher/test/aes_128_ctr_hmac_sha256.txt create mode 100644 src/crypto/cipher/test/aes_256_ctr_hmac_sha256.txt create mode 100644 src/crypto/cmac/CMakeLists.txt create mode 100644 src/crypto/cmac/cmac.c create mode 100644 src/crypto/cmac/cmac_test.cc delete mode 100644 src/crypto/conf/conf_error.c create mode 100644 src/crypto/cpu-arm-asm.S delete mode 100644 src/crypto/crypto_error.c delete mode 100644 src/crypto/crypto_error.h delete mode 100644 src/crypto/dh/dh_error.c delete mode 100644 src/crypto/dh/dh_test.c create mode 100644 src/crypto/dh/dh_test.cc delete mode 100644 src/crypto/digest/digest_error.c delete mode 100644 src/crypto/digest/digest_test.c create mode 100644 src/crypto/digest/digest_test.cc delete mode 100644 src/crypto/dsa/dsa_error.c delete mode 100644 src/crypto/ec/ec_error.c delete mode 100644 src/crypto/ec/ec_test.c create mode 100644 src/crypto/ec/ec_test.cc create mode 100644 src/crypto/ec/p256-64.c create mode 100644 src/crypto/ec/util-64.c delete mode 100644 src/crypto/ecdh/ecdh_error.c delete mode 100644 src/crypto/ecdsa/ecdsa_error.c delete mode 100644 src/crypto/ecdsa/ecdsa_test.c create mode 100644 src/crypto/ecdsa/ecdsa_test.cc delete mode 100644 src/crypto/engine/engine_error.c create mode 100644 src/crypto/err/asn1.errordata create mode 100644 src/crypto/err/bio.errordata create mode 100644 src/crypto/err/bn.errordata create mode 100644 src/crypto/err/buf.errordata create mode 100644 src/crypto/err/cipher.errordata create mode 100644 src/crypto/err/conf.errordata create mode 100644 src/crypto/err/crypto.errordata create mode 100644 src/crypto/err/dh.errordata create mode 100644 src/crypto/err/digest.errordata create mode 100644 src/crypto/err/dsa.errordata create mode 100644 src/crypto/err/ec.errordata create mode 100644 src/crypto/err/ecdh.errordata create mode 100644 src/crypto/err/ecdsa.errordata create mode 100644 src/crypto/err/engine.errordata create mode 100644 src/crypto/err/err_data_generate.go delete mode 100644 src/crypto/err/err_impl.c delete mode 100644 src/crypto/err/err_test.c create mode 100644 src/crypto/err/err_test.cc create mode 100644 src/crypto/err/evp.errordata create mode 100644 src/crypto/err/hkdf.errordata create mode 100644 src/crypto/err/obj.errordata create mode 100644 src/crypto/err/pem.errordata create mode 100644 src/crypto/err/pkcs8.errordata create mode 100644 src/crypto/err/rsa.errordata create mode 100644 src/crypto/err/ssl.errordata create mode 100644 src/crypto/err/x509.errordata create mode 100644 src/crypto/err/x509v3.errordata delete mode 100644 src/crypto/evp/evp_error.c create mode 100644 src/crypto/evp/evp_extra_test.cc delete mode 100644 src/crypto/evp/evp_test.c create mode 100644 src/crypto/evp/evp_test.cc create mode 100644 src/crypto/evp/evp_tests.txt create mode 100644 src/crypto/evp/p_dsa_asn1.c create mode 100644 src/crypto/evp/pbkdf_test.cc delete mode 100644 src/crypto/ex_data_impl.c delete mode 100644 src/crypto/hkdf/hkdf_error.c delete mode 100644 src/crypto/hmac/hmac_test.c create mode 100644 src/crypto/hmac/hmac_test.cc create mode 100644 src/crypto/hmac/hmac_tests.txt delete mode 100644 src/crypto/obj/obj_error.c delete mode 100644 src/crypto/pem/pem_error.c create mode 100755 src/crypto/perlasm/arm-xlate.pl delete mode 100755 src/crypto/perlasm/ppc-xlate.pl delete mode 100644 src/crypto/perlasm/sparcv9_modes.pl delete mode 100644 src/crypto/pkcs8/pkcs12_test.c create mode 100644 src/crypto/pkcs8/pkcs12_test.cc delete mode 100644 src/crypto/pkcs8/pkcs8_error.c create mode 100644 src/crypto/rand/asm/rdrand-x86_64.pl create mode 100644 src/crypto/rand/hwrand.c create mode 100644 src/crypto/rand/internal.h delete mode 100644 src/crypto/rsa/rsa_error.c create mode 100644 src/crypto/test/CMakeLists.txt create mode 100644 src/crypto/test/file_test.cc create mode 100644 src/crypto/test/file_test.h create mode 100644 src/crypto/test/scoped_types.h create mode 100644 src/crypto/test/stl_compat.h create mode 100644 src/crypto/thread_none.c create mode 100644 src/crypto/thread_pthread.c create mode 100644 src/crypto/thread_test.c create mode 100644 src/crypto/thread_win.c delete mode 100644 src/crypto/x509/x509_error.c delete mode 100644 src/crypto/x509v3/x509v3_error.c create mode 100644 src/decrepit/CMakeLists.txt create mode 100644 src/decrepit/blowfish/CMakeLists.txt create mode 100644 src/decrepit/blowfish/blowfish.c create mode 100644 src/decrepit/cast/CMakeLists.txt create mode 100644 src/decrepit/cast/cast.c create mode 100644 src/decrepit/cast/cast_tables.c create mode 100644 src/decrepit/macros.h create mode 100644 src/include/openssl/blowfish.h create mode 100644 src/include/openssl/cast.h create mode 100644 src/include/openssl/cmac.h delete mode 100644 src/include/openssl/safe_stack.h create mode 100644 src/include/openssl/safestack.h create mode 100644 src/ssl/internal.h delete mode 100644 src/ssl/ssl_ciph.c create mode 100644 src/ssl/ssl_cipher.c delete mode 100644 src/ssl/ssl_error.c delete mode 100644 src/ssl/ssl_locl.h delete mode 100644 src/ssl/ssl_test.c create mode 100644 src/ssl/ssl_test.cc create mode 100644 src/ssl/test/runner/chacha20_poly1305.go create mode 100644 src/ssl/test/runner/chacha20_poly1305_test.go create mode 100644 src/ssl/test/runner/poly1305.go create mode 100644 src/ssl/test/runner/test_output.go create mode 100644 src/ssl/test/scoped_types.h create mode 100644 src/tool/rand.cc delete mode 100644 src/util/aarch64-toolchain.cmake create mode 100644 src/util/all_tests.go delete mode 100644 src/util/all_tests.sh delete mode 100644 src/util/arm-toolchain.cmake create mode 100644 src/util/bot/DEPS create mode 100644 src/util/bot/README create mode 100644 src/util/bot/cmake-linux64.tar.gz.sha1 create mode 100644 src/util/bot/cmake-mac.tar.gz.sha1 create mode 100644 src/util/bot/cmake-win32.zip.sha1 create mode 100644 src/util/bot/extract.py create mode 100755 src/util/bot/go/bootstrap.py create mode 100755 src/util/bot/go/env.py create mode 100644 src/util/bot/perl-win32.zip.sha1 create mode 100644 src/util/bot/toolchain_vs2013.hash create mode 100644 src/util/bot/update_clang.py create mode 100644 src/util/bot/vs_env.py create mode 100644 src/util/bot/vs_toolchain.py create mode 100644 src/util/bot/yasm-win32.exe.sha1 delete mode 100644 src/util/clang-toolchain.cmake create mode 100644 src/util/generate_build_files.py delete mode 100644 update_gypi_and_asm.py create mode 100644 win-x86/crypto/aes/aes-586.asm create mode 100644 win-x86/crypto/aes/aesni-x86.asm create mode 100644 win-x86/crypto/aes/vpaes-x86.asm create mode 100644 win-x86/crypto/bn/bn-586.asm create mode 100644 win-x86/crypto/bn/co-586.asm create mode 100644 win-x86/crypto/bn/x86-mont.asm create mode 100644 win-x86/crypto/cpu-x86-asm.asm create mode 100644 win-x86/crypto/md5/md5-586.asm create mode 100644 win-x86/crypto/modes/ghash-x86.asm create mode 100644 win-x86/crypto/rc4/rc4-586.asm create mode 100644 win-x86/crypto/sha/sha1-586.asm create mode 100644 win-x86/crypto/sha/sha256-586.asm create mode 100644 win-x86/crypto/sha/sha512-586.asm create mode 100644 win-x86_64/crypto/rand/rdrand-x86_64.asm diff --git a/BORINGSSL_REVISION b/BORINGSSL_REVISION index d740488..5c95a3d 100644 --- a/BORINGSSL_REVISION +++ b/BORINGSSL_REVISION @@ -1 +1 @@ -4cc1e838aef70be6194c2c77e1de9015b9b7410a +5aa8a8643851e309b48a1b5a5d91d2fd183eae52 diff --git a/err_data.c b/err_data.c new file mode 100644 index 0000000..68397e4 --- /dev/null +++ b/err_data.c @@ -0,0 +1,2631 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + + /* This file was generated by err_data_generate.go. */ + +#include +#include +#include + + +OPENSSL_COMPILE_ASSERT(ERR_LIB_NONE == 1, library_values_changed_1); +OPENSSL_COMPILE_ASSERT(ERR_LIB_SYS == 2, library_values_changed_2); +OPENSSL_COMPILE_ASSERT(ERR_LIB_BN == 3, library_values_changed_3); +OPENSSL_COMPILE_ASSERT(ERR_LIB_RSA == 4, library_values_changed_4); +OPENSSL_COMPILE_ASSERT(ERR_LIB_DH == 5, library_values_changed_5); +OPENSSL_COMPILE_ASSERT(ERR_LIB_EVP == 6, library_values_changed_6); +OPENSSL_COMPILE_ASSERT(ERR_LIB_BUF == 7, library_values_changed_7); +OPENSSL_COMPILE_ASSERT(ERR_LIB_OBJ == 8, library_values_changed_8); +OPENSSL_COMPILE_ASSERT(ERR_LIB_PEM == 9, library_values_changed_9); +OPENSSL_COMPILE_ASSERT(ERR_LIB_DSA == 10, library_values_changed_10); +OPENSSL_COMPILE_ASSERT(ERR_LIB_X509 == 11, library_values_changed_11); +OPENSSL_COMPILE_ASSERT(ERR_LIB_ASN1 == 12, library_values_changed_12); +OPENSSL_COMPILE_ASSERT(ERR_LIB_CONF == 13, library_values_changed_13); +OPENSSL_COMPILE_ASSERT(ERR_LIB_CRYPTO == 14, library_values_changed_14); +OPENSSL_COMPILE_ASSERT(ERR_LIB_EC == 15, library_values_changed_15); +OPENSSL_COMPILE_ASSERT(ERR_LIB_SSL == 16, library_values_changed_16); +OPENSSL_COMPILE_ASSERT(ERR_LIB_BIO == 17, library_values_changed_17); +OPENSSL_COMPILE_ASSERT(ERR_LIB_PKCS7 == 18, library_values_changed_18); +OPENSSL_COMPILE_ASSERT(ERR_LIB_PKCS8 == 19, library_values_changed_19); +OPENSSL_COMPILE_ASSERT(ERR_LIB_X509V3 == 20, library_values_changed_20); +OPENSSL_COMPILE_ASSERT(ERR_LIB_RAND == 21, library_values_changed_21); +OPENSSL_COMPILE_ASSERT(ERR_LIB_ENGINE == 22, library_values_changed_22); +OPENSSL_COMPILE_ASSERT(ERR_LIB_OCSP == 23, library_values_changed_23); +OPENSSL_COMPILE_ASSERT(ERR_LIB_UI == 24, library_values_changed_24); +OPENSSL_COMPILE_ASSERT(ERR_LIB_COMP == 25, library_values_changed_25); +OPENSSL_COMPILE_ASSERT(ERR_LIB_ECDSA == 26, library_values_changed_26); +OPENSSL_COMPILE_ASSERT(ERR_LIB_ECDH == 27, library_values_changed_27); +OPENSSL_COMPILE_ASSERT(ERR_LIB_HMAC == 28, library_values_changed_28); +OPENSSL_COMPILE_ASSERT(ERR_LIB_DIGEST == 29, library_values_changed_29); +OPENSSL_COMPILE_ASSERT(ERR_LIB_CIPHER == 30, library_values_changed_30); +OPENSSL_COMPILE_ASSERT(ERR_LIB_USER == 31, library_values_changed_31); +OPENSSL_COMPILE_ASSERT(ERR_LIB_HKDF == 32, library_values_changed_32); +OPENSSL_COMPILE_ASSERT(ERR_NUM_LIBS == 33, library_values_changed_num); + +const uint32_t kOpenSSLFunctionValues[] = { + 0xc320540, + 0xc32854b, + 0xc330556, + 0xc338563, + 0xc34056d, + 0xc348577, + 0xc35057e, + 0xc35858a, + 0xc360591, + 0xc3685a7, + 0xc3705bc, + 0xc3785cd, + 0xc3805dd, + 0xc3885f7, + 0xc39060c, + 0xc39861b, + 0xc3a0634, + 0xc3a8648, + 0xc3b0654, + 0xc3b865b, + 0xc3c0663, + 0xc3c8671, + 0xc3d0679, + 0xc3d8681, + 0xc3e068c, + 0x103218ee, + 0x10329905, + 0x1033191e, + 0x10339934, + 0x10341944, + 0x10349957, + 0x10351965, + 0x10359974, + 0x10361994, + 0x103699b3, + 0x103719d0, + 0x103799ed, + 0x10381a02, + 0x10389a24, + 0x10391a43, + 0x10399a62, + 0x103a1a79, + 0x103a9a90, + 0x103b1a99, + 0x103b9aa4, + 0x103c1abe, + 0x103c9ac6, + 0x103d1ace, + 0x103d9ad5, + 0x103e1ae8, + 0x103e9afa, + 0x103f1b0d, + 0x103f9b16, + 0x14320a2f, + 0x14328a3d, + 0x14330a49, + 0x14338a56, + 0x183611d5, + 0x18371203, + 0x18379214, + 0x1838122a, + 0x1839124d, + 0x18399262, + 0x183a1274, + 0x183c12b8, + 0x183c92c6, + 0x183d12d9, + 0x183d92e9, + 0x183e930f, + 0x183f1322, + 0x183f9331, + 0x1840935b, + 0x184113c7, + 0x184193d8, + 0x184213eb, + 0x184293fd, + 0x1843140f, + 0x18439420, + 0x18441431, + 0x18449442, + 0x18451453, + 0x18459460, + 0x18461482, + 0x18469495, + 0x184714a9, + 0x184794b6, + 0x184814c5, + 0x184894d4, + 0x184914e5, + 0x18499501, + 0x184a150f, + 0x184a9520, + 0x184b1531, + 0x184b953f, + 0x184c154f, + 0x184c9575, + 0x184d1584, + 0x184d9594, + 0x184e15a4, + 0x184e95b3, + 0x184f14f2, + 0x184f9164, + 0x18501107, + 0x1850911f, + 0x18511141, + 0x18519153, + 0x18521185, + 0x1852919e, + 0x185311af, + 0x185391c5, + 0x185411ea, + 0x1854923b, + 0x18551284, + 0x18559299, + 0x185612a6, + 0x185692fe, + 0x18571341, + 0x1857934e, + 0x1858136a, + 0x1858937b, + 0x1859138b, + 0x1859939b, + 0x185a13aa, + 0x185a93b9, + 0x185b146e, + 0x1c320699, + 0x1c3286a5, + 0x1c3306b0, + 0x1c3386bc, + 0x203215c7, + 0x203295d2, + 0x203315da, + 0x203395e6, + 0x243215f2, + 0x24329600, + 0x24331612, + 0x24339621, + 0x24341634, + 0x24349647, + 0x2435165e, + 0x24359676, + 0x24361684, + 0x2436969c, + 0x243716a5, + 0x243796b7, + 0x243816cb, + 0x243896d8, + 0x243916ee, + 0x24399706, + 0x243a171e, + 0x243a9728, + 0x243b173d, + 0x243b974b, + 0x243c1763, + 0x243c977a, + 0x243d1785, + 0x243d9793, + 0x28320a8f, + 0x28328a9e, + 0x28330aa9, + 0x28338aae, + 0x28340ab9, + 0x2c322a70, + 0x2c32aa7c, + 0x2c332a8f, + 0x2c33aaa0, + 0x2c342ab9, + 0x2c34aae1, + 0x2c352af8, + 0x2c35ab15, + 0x2c362b32, + 0x2c36ab4f, + 0x2c372b68, + 0x2c37ab81, + 0x2c382b97, + 0x2c38aba5, + 0x2c392bb7, + 0x2c39abd4, + 0x2c3a2bf1, + 0x2c3aabff, + 0x2c3b2c1d, + 0x2c3bac3b, + 0x2c3c2c56, + 0x2c3cac6a, + 0x2c3d2c7c, + 0x2c3dac8c, + 0x2c3e2c9a, + 0x2c3eacaa, + 0x2c3f2cba, + 0x2c3facd5, + 0x2c402ce6, + 0x2c40ad01, + 0x2c412d15, + 0x2c41ad28, + 0x2c422d47, + 0x2c42ad5b, + 0x2c432d6e, + 0x2c43ad7d, + 0x2c442d8c, + 0x2c44ada3, + 0x2c452dbe, + 0x2c45add6, + 0x2c462dea, + 0x2c46adfd, + 0x2c472e0e, + 0x2c47ae1f, + 0x2c482e30, + 0x2c48ae41, + 0x2c492e50, + 0x2c49ae5d, + 0x2c4a2e6a, + 0x2c4aae77, + 0x2c4b2e80, + 0x2c4bae94, + 0x2c4c2ea3, + 0x2c4caeb1, + 0x2c4d2ed3, + 0x2c4daee4, + 0x2c4e2ef5, + 0x2c4eaec0, + 0x2c4f2ad2, + 0x30320000, + 0x30328018, + 0x3033002c, + 0x30338042, + 0x3034005b, + 0x3034806c, + 0x3035007f, + 0x3035808f, + 0x3036009d, + 0x303680b3, + 0x303700c3, + 0x303780d8, + 0x303800e6, + 0x303880f7, + 0x30390103, + 0x3039810c, + 0x303a011d, + 0x303a812d, + 0x303b013a, + 0x303b8146, + 0x303c0157, + 0x303c8165, + 0x303d0176, + 0x303d8188, + 0x303e0199, + 0x303e81a8, + 0x303f01b9, + 0x303f81cd, + 0x304001df, + 0x304081ec, + 0x30410202, + 0x30418215, + 0x30420225, + 0x30428239, + 0x3043024a, + 0x3043825a, + 0x30440265, + 0x3044826d, + 0x3045027d, + 0x30458294, + 0x304602a1, + 0x304682b7, + 0x304702c9, + 0x304782d5, + 0x304802e1, + 0x304882ef, + 0x30490308, + 0x30498316, + 0x304a032b, + 0x304a8343, + 0x304b034d, + 0x304b8361, + 0x304c0372, + 0x304c8382, + 0x304d038f, + 0x304d83a0, + 0x304e03b0, + 0x304e83c2, + 0x304f03d3, + 0x304f83e2, + 0x305003f6, + 0x30508404, + 0x30510413, + 0x3051841c, + 0x343209b7, + 0x343289c7, + 0x343309d2, + 0x343389df, + 0x383209e8, + 0x38328a00, + 0x38330a13, + 0x38338a1d, + 0x3c320acc, + 0x3c328ada, + 0x3c330af1, + 0x3c338b05, + 0x3c340b20, + 0x3c348b31, + 0x3c350b3d, + 0x3c358b51, + 0x3c360b63, + 0x3c368b8c, + 0x3c370b99, + 0x3c378ba6, + 0x3c380bb4, + 0x3c388bc1, + 0x3c390bce, + 0x3c398bf2, + 0x3c3a0c02, + 0x3c3a8c1a, + 0x3c3b0c2f, + 0x3c3b8c44, + 0x3c3c0c51, + 0x3c3c8c64, + 0x3c3d0c77, + 0x3c3d8c9b, + 0x3c3e0cc3, + 0x3c3e8cdc, + 0x3c3f0cf2, + 0x3c3f8cff, + 0x3c400d12, + 0x3c408d23, + 0x3c410d34, + 0x3c418d4d, + 0x3c420d66, + 0x3c428d7c, + 0x3c430d99, + 0x3c438daf, + 0x3c440e33, + 0x3c448e5a, + 0x3c450e78, + 0x3c458e92, + 0x3c460eaa, + 0x3c468ec2, + 0x3c470eed, + 0x3c478f18, + 0x3c480f39, + 0x3c488f62, + 0x3c490f7d, + 0x3c498fa6, + 0x3c4a0fb3, + 0x3c4a8fca, + 0x3c4b0fe1, + 0x3c4b900a, + 0x3c4c101a, + 0x3c4c9026, + 0x3c4d103e, + 0x3c4d9051, + 0x3c4e1062, + 0x3c4e9073, + 0x3c4f1099, + 0x3c4f8ac0, + 0x3c500dcb, + 0x3c508deb, + 0x3c510e18, + 0x3c518f98, + 0x3c521083, + 0x40321b21, + 0x40329b3b, + 0x40331b63, + 0x40339b7b, + 0x40341b99, + 0x40349be0, + 0x40351bf7, + 0x40359c13, + 0x40361c2f, + 0x40369c49, + 0x40371c68, + 0x40379c87, + 0x40381c9f, + 0x40389cbc, + 0x40391cdf, + 0x40399cfc, + 0x403a1d1a, + 0x403a9d2a, + 0x403b1d3f, + 0x403b9d5b, + 0x403c1d75, + 0x403c9d80, + 0x403d1da3, + 0x403d9dc7, + 0x403e1ddd, + 0x403e9de7, + 0x403f1df3, + 0x403f9e04, + 0x40401e1c, + 0x40409e24, + 0x40411e2d, + 0x40419e36, + 0x40421e5e, + 0x40429e72, + 0x40431e7d, + 0x40439e89, + 0x40441edd, + 0x40449ee9, + 0x40451ef6, + 0x40459f09, + 0x40461f21, + 0x40469f39, + 0x40471f4f, + 0x40479f6a, + 0x40481f85, + 0x40489f99, + 0x40491fb2, + 0x40499fcb, + 0x404a1fe5, + 0x404a9fef, + 0x404b1fff, + 0x404ba020, + 0x404c203b, + 0x404ca049, + 0x404d2056, + 0x404da06a, + 0x404e2082, + 0x404ea090, + 0x404f20ba, + 0x404fa0d1, + 0x405020e3, + 0x4050a114, + 0x40512145, + 0x4051a15a, + 0x4052216b, + 0x4052a18b, + 0x405321a6, + 0x4053a1b6, + 0x4054a1c2, + 0x405521d8, + 0x4055a1f6, + 0x40562203, + 0x4056a20d, + 0x4057221b, + 0x4057a236, + 0x40582251, + 0x4058a270, + 0x40592285, + 0x4059a29a, + 0x405a22b7, + 0x405aa2cb, + 0x405b22e7, + 0x405ba2fd, + 0x405c231a, + 0x405ca32c, + 0x405d2343, + 0x405da354, + 0x405e2370, + 0x405ea384, + 0x405f2394, + 0x405fa3b0, + 0x406023c5, + 0x4060a3db, + 0x406123f8, + 0x4061a411, + 0x4062243b, + 0x4062a444, + 0x40632454, + 0x4063a48d, + 0x406424a3, + 0x4064a4c1, + 0x406524d6, + 0x4065a4f3, + 0x4066250a, + 0x4066a528, + 0x40672545, + 0x4067a55c, + 0x4068257a, + 0x4068a591, + 0x406925a9, + 0x4069a5ba, + 0x406a25cd, + 0x406aa5e0, + 0x406b25f4, + 0x406ba618, + 0x406c2633, + 0x406ca654, + 0x406d2678, + 0x406da693, + 0x406e26b4, + 0x406ea6c9, + 0x406f26e2, + 0x406fa6ef, + 0x407026fd, + 0x4070a70a, + 0x40712727, + 0x4071a747, + 0x40722762, + 0x4072a77b, + 0x40732792, + 0x4073a7ac, + 0x407427d0, + 0x4074a7e6, + 0x407527fa, + 0x4075a80f, + 0x40762829, + 0x4076a83b, + 0x40772850, + 0x4077a876, + 0x40782893, + 0x4078a8b6, + 0x407928dc, + 0x4079a8f9, + 0x407a291c, + 0x407aa938, + 0x407b2954, + 0x407ba966, + 0x407c2973, + 0x407e2980, + 0x407ea996, + 0x407f29ae, + 0x407fa9c1, + 0x408029d6, + 0x4080a9ef, + 0x40812a0d, + 0x4081aa2d, + 0x40822a36, + 0x4082aa52, + 0x40832a5b, + 0x4083a09f, + 0x4084212e, + 0x4084a0fe, + 0x4085247c, + 0x4085a460, + 0x40861bb8, + 0x40869bcb, + 0x40871ebd, + 0x40879ecc, + 0x40881b47, + 0x40889e46, + 0x40891ea4, + 0x4089a424, + 0x4432042a, + 0x4432843c, + 0x44330445, + 0x4433844d, + 0x4434045a, + 0x4434846a, + 0x44350485, + 0x443584a5, + 0x443604c1, + 0x443684e2, + 0x443704e9, + 0x443784f7, + 0x44380501, + 0x4438850d, + 0x44390517, + 0x44398522, + 0x443a052c, + 0x443a8536, + 0x4c32179b, + 0x4c3297aa, + 0x4c3317b9, + 0x4c3397d2, + 0x4c3417ed, + 0x4c349809, + 0x4c35181b, + 0x4c359829, + 0x4c36183e, + 0x4c36984f, + 0x4c37185d, + 0x4c37986b, + 0x4c38187d, + 0x4c38988d, + 0x4c391897, + 0x4c3998af, + 0x4c3a18c7, + 0x4c3a98da, + 0x50322f06, + 0x5032af1b, + 0x50332f2c, + 0x5033af3f, + 0x50342f50, + 0x5034af63, + 0x50352f72, + 0x5035af87, + 0x50362f97, + 0x5036afa6, + 0x50372fb7, + 0x5037afc7, + 0x50382fd8, + 0x5038afeb, + 0x50392ffd, + 0x5039b013, + 0x503a3025, + 0x503ab036, + 0x503b3047, + 0x503bb058, + 0x503c3063, + 0x503cb06f, + 0x503d307a, + 0x503db085, + 0x503e3092, + 0x503eb0a7, + 0x503f30b5, + 0x503fb0c9, + 0x504030dc, + 0x5040b0ed, + 0x50413107, + 0x5041b116, + 0x5042311f, + 0x5042b12e, + 0x50433140, + 0x5043b14c, + 0x50443154, + 0x5044b167, + 0x50453178, + 0x5045b18e, + 0x5046319a, + 0x5046b1ae, + 0x504731bc, + 0x5047b1d0, + 0x504831ea, + 0x5048b1fe, + 0x50493214, + 0x5049b22b, + 0x504a323d, + 0x504ab251, + 0x504b3266, + 0x504bb27d, + 0x504c3291, + 0x504cb29a, + 0x504d32a2, + 0x504db2b1, + 0x504e32c1, + 0x683210ba, + 0x683290cb, + 0x683310db, + 0x683390e9, + 0x683410f6, + 0x6c3210a9, + 0x74320a6a, + 0x74328a7c, + 0x783206c9, + 0x783286fc, + 0x7833070e, + 0x78338720, + 0x78340734, + 0x78348748, + 0x78350766, + 0x78358778, + 0x7836078c, + 0x783687fa, + 0x7837080c, + 0x7837881e, + 0x78380830, + 0x78388847, + 0x7839085e, + 0x78398875, + 0x783a0891, + 0x783a88ad, + 0x783b08c9, + 0x783b88df, + 0x783c08f5, + 0x783c890b, + 0x783d0928, + 0x783d8937, + 0x783e0946, + 0x783e8955, + 0x783f0971, + 0x783f897f, + 0x7840098d, + 0x7840899b, + 0x784109a8, + 0x784186db, + 0x784207a0, + 0x784287be, + 0x784307dc, + 0x803215c2, +}; + +const size_t kOpenSSLFunctionValuesLen = sizeof(kOpenSSLFunctionValues) / sizeof(kOpenSSLFunctionValues[0]); + +const char kOpenSSLFunctionStringData[] = + "ASN1_BIT_STRING_set_bit\0" + "ASN1_ENUMERATED_set\0" + "ASN1_ENUMERATED_to_BN\0" + "ASN1_GENERALIZEDTIME_adj\0" + "ASN1_INTEGER_set\0" + "ASN1_INTEGER_to_BN\0" + "ASN1_OBJECT_new\0" + "ASN1_PCTX_new\0" + "ASN1_STRING_TABLE_add\0" + "ASN1_STRING_set\0" + "ASN1_STRING_type_new\0" + "ASN1_TIME_adj\0" + "ASN1_UTCTIME_adj\0" + "ASN1_d2i_fp\0" + "ASN1_dup\0" + "ASN1_generate_v3\0" + "ASN1_get_object\0" + "ASN1_i2d_bio\0" + "ASN1_i2d_fp\0" + "ASN1_item_d2i_fp\0" + "ASN1_item_dup\0" + "ASN1_item_ex_d2i\0" + "ASN1_item_i2d_bio\0" + "ASN1_item_i2d_fp\0" + "ASN1_item_pack\0" + "ASN1_item_unpack\0" + "ASN1_mbstring_ncopy\0" + "ASN1_template_new\0" + "BIO_new_NDEF\0" + "BN_to_ASN1_ENUMERATED\0" + "BN_to_ASN1_INTEGER\0" + "a2d_ASN1_OBJECT\0" + "a2i_ASN1_ENUMERATED\0" + "a2i_ASN1_INTEGER\0" + "a2i_ASN1_STRING\0" + "append_exp\0" + "asn1_cb\0" + "asn1_check_tlen\0" + "asn1_collate_primitive\0" + "asn1_collect\0" + "asn1_d2i_ex_primitive\0" + "asn1_d2i_read_bio\0" + "asn1_do_adb\0" + "asn1_ex_c2i\0" + "asn1_find_end\0" + "asn1_item_ex_combine_new\0" + "asn1_str2type\0" + "asn1_template_ex_d2i\0" + "asn1_template_noexp_d2i\0" + "bitstr_cb\0" + "c2i_ASN1_BIT_STRING\0" + "c2i_ASN1_INTEGER\0" + "c2i_ASN1_OBJECT\0" + "collect_data\0" + "d2i_ASN1_BOOLEAN\0" + "d2i_ASN1_OBJECT\0" + "d2i_ASN1_UINTEGER\0" + "d2i_ASN1_UTCTIME\0" + "d2i_ASN1_bytes\0" + "d2i_ASN1_type_bytes\0" + "i2d_ASN1_TIME\0" + "i2d_PrivateKey\0" + "long_c2i\0" + "parse_tagging\0" + "BIO_callback_ctrl\0" + "BIO_ctrl\0" + "BIO_new\0" + "BIO_new_file\0" + "BIO_new_mem_buf\0" + "BIO_zero_copy_get_read_buf\0" + "BIO_zero_copy_get_read_buf_done\0" + "BIO_zero_copy_get_write_buf\0" + "BIO_zero_copy_get_write_buf_done\0" + "bio_io\0" + "bio_make_pair\0" + "bio_write\0" + "buffer_ctrl\0" + "conn_ctrl\0" + "conn_state\0" + "file_ctrl\0" + "file_read\0" + "mem_write\0" + "BN_CTX_get\0" + "BN_CTX_new\0" + "BN_CTX_start\0" + "BN_bn2dec\0" + "BN_bn2hex\0" + "BN_div\0" + "BN_div_recp\0" + "BN_exp\0" + "BN_generate_dsa_nonce\0" + "BN_generate_prime_ex\0" + "BN_mod_exp2_mont\0" + "BN_mod_exp_mont\0" + "BN_mod_exp_mont_consttime\0" + "BN_mod_exp_mont_word\0" + "BN_mod_inverse\0" + "BN_mod_inverse_no_branch\0" + "BN_mod_lshift_quick\0" + "BN_mod_sqrt\0" + "BN_new\0" + "BN_rand\0" + "BN_rand_range\0" + "BN_sqrt\0" + "BN_usub\0" + "bn_wexpand\0" + "mod_exp_recp\0" + "BUF_MEM_new\0" + "BUF_memdup\0" + "BUF_strndup\0" + "buf_mem_grow\0" + "EVP_AEAD_CTX_init\0" + "EVP_AEAD_CTX_init_with_direction\0" + "EVP_AEAD_CTX_open\0" + "EVP_AEAD_CTX_seal\0" + "EVP_CIPHER_CTX_copy\0" + "EVP_CIPHER_CTX_ctrl\0" + "EVP_CIPHER_CTX_set_key_length\0" + "EVP_CipherInit_ex\0" + "EVP_DecryptFinal_ex\0" + "EVP_EncryptFinal_ex\0" + "aead_aes_ctr_hmac_sha256_init\0" + "aead_aes_ctr_hmac_sha256_open\0" + "aead_aes_ctr_hmac_sha256_seal\0" + "aead_aes_gcm_init\0" + "aead_aes_gcm_open\0" + "aead_aes_gcm_seal\0" + "aead_aes_key_wrap_init\0" + "aead_aes_key_wrap_open\0" + "aead_aes_key_wrap_seal\0" + "aead_chacha20_poly1305_init\0" + "aead_chacha20_poly1305_open\0" + "aead_chacha20_poly1305_seal\0" + "aead_rc4_md5_tls_init\0" + "aead_rc4_md5_tls_open\0" + "aead_rc4_md5_tls_seal\0" + "aead_ssl3_ensure_cipher_init\0" + "aead_ssl3_init\0" + "aead_ssl3_open\0" + "aead_ssl3_seal\0" + "aead_tls_ensure_cipher_init\0" + "aead_tls_init\0" + "aead_tls_open\0" + "aead_tls_seal\0" + "aes_init_key\0" + "aesni_init_key\0" + "CONF_parse_list\0" + "NCONF_load\0" + "def_load_bio\0" + "str_copy\0" + "CRYPTO_get_ex_new_index\0" + "CRYPTO_set_ex_data\0" + "get_class\0" + "get_func_pointers\0" + "DH_new_method\0" + "compute_key\0" + "generate_key\0" + "generate_parameters\0" + "EVP_DigestInit_ex\0" + "EVP_MD_CTX_copy_ex\0" + "DSA_new_method\0" + "dsa_sig_cb\0" + "sign\0" + "sign_setup\0" + "verify\0" + "BN_to_felem\0" + "EC_GROUP_copy\0" + "EC_GROUP_get_curve_GFp\0" + "EC_GROUP_get_degree\0" + "EC_GROUP_new_by_curve_name\0" + "EC_KEY_check_key\0" + "EC_KEY_copy\0" + "EC_KEY_generate_key\0" + "EC_KEY_new_method\0" + "EC_KEY_set_public_key_affine_coordinates\0" + "EC_POINT_add\0" + "EC_POINT_cmp\0" + "EC_POINT_copy\0" + "EC_POINT_dbl\0" + "EC_POINT_dup\0" + "EC_POINT_get_affine_coordinates_GFp\0" + "EC_POINT_invert\0" + "EC_POINT_is_at_infinity\0" + "EC_POINT_is_on_curve\0" + "EC_POINT_make_affine\0" + "EC_POINT_new\0" + "EC_POINT_oct2point\0" + "EC_POINT_point2oct\0" + "EC_POINT_set_affine_coordinates_GFp\0" + "EC_POINT_set_compressed_coordinates_GFp\0" + "EC_POINT_set_to_infinity\0" + "EC_POINTs_make_affine\0" + "compute_wNAF\0" + "d2i_ECPKParameters\0" + "d2i_ECParameters\0" + "d2i_ECPrivateKey\0" + "ec_GFp_mont_field_decode\0" + "ec_GFp_mont_field_encode\0" + "ec_GFp_mont_field_mul\0" + "ec_GFp_mont_field_set_to_one\0" + "ec_GFp_mont_field_sqr\0" + "ec_GFp_mont_group_set_curve\0" + "ec_GFp_nistp256_group_set_curve\0" + "ec_GFp_nistp256_point_get_affine_coordinates\0" + "ec_GFp_nistp256_points_mul\0" + "ec_GFp_simple_group_check_discriminant\0" + "ec_GFp_simple_group_set_curve\0" + "ec_GFp_simple_make_affine\0" + "ec_GFp_simple_oct2point\0" + "ec_GFp_simple_point2oct\0" + "ec_GFp_simple_point_get_affine_coordinates\0" + "ec_GFp_simple_point_set_affine_coordinates\0" + "ec_GFp_simple_points_make_affine\0" + "ec_GFp_simple_set_compressed_coordinates\0" + "ec_asn1_group2pkparameters\0" + "ec_asn1_pkparameters2group\0" + "ec_group_copy\0" + "ec_group_new\0" + "ec_group_new_curve_GFp\0" + "ec_group_new_from_data\0" + "ec_point_set_Jprojective_coordinates_GFp\0" + "ec_pre_comp_new\0" + "ec_wNAF_mul\0" + "ec_wNAF_precompute_mult\0" + "i2d_ECPKParameters\0" + "i2d_ECParameters\0" + "i2d_ECPrivateKey\0" + "i2o_ECPublicKey\0" + "nistp256_pre_comp_new\0" + "o2i_ECPublicKey\0" + "ECDH_compute_key\0" + "ECDSA_do_sign_ex\0" + "ECDSA_do_verify\0" + "ECDSA_sign_ex\0" + "digest_to_bn\0" + "ecdsa_sign_setup\0" + "EVP_DigestSignAlgorithm\0" + "EVP_DigestVerifyInitFromAlgorithm\0" + "EVP_PKEY_CTX_ctrl\0" + "EVP_PKEY_CTX_dup\0" + "EVP_PKEY_CTX_get0_rsa_oaep_label\0" + "EVP_PKEY_copy_parameters\0" + "EVP_PKEY_decrypt\0" + "EVP_PKEY_decrypt_init\0" + "EVP_PKEY_derive\0" + "EVP_PKEY_derive_init\0" + "EVP_PKEY_derive_set_peer\0" + "EVP_PKEY_encrypt\0" + "EVP_PKEY_encrypt_init\0" + "EVP_PKEY_get1_DH\0" + "EVP_PKEY_get1_DSA\0" + "EVP_PKEY_get1_EC_KEY\0" + "EVP_PKEY_get1_RSA\0" + "EVP_PKEY_keygen\0" + "EVP_PKEY_keygen_init\0" + "EVP_PKEY_new\0" + "EVP_PKEY_set_type\0" + "EVP_PKEY_sign\0" + "EVP_PKEY_sign_init\0" + "EVP_PKEY_verify\0" + "EVP_PKEY_verify_init\0" + "check_padding_md\0" + "d2i_AutoPrivateKey\0" + "d2i_PrivateKey\0" + "do_EC_KEY_print\0" + "do_dsa_print\0" + "do_rsa_print\0" + "do_sigver_init\0" + "dsa_param_decode\0" + "dsa_priv_decode\0" + "dsa_priv_encode\0" + "dsa_pub_decode\0" + "dsa_pub_encode\0" + "dsa_sig_print\0" + "eckey_param2type\0" + "eckey_param_decode\0" + "eckey_priv_decode\0" + "eckey_priv_encode\0" + "eckey_pub_decode\0" + "eckey_pub_encode\0" + "eckey_type2param\0" + "evp_pkey_ctx_new\0" + "hmac_signctx\0" + "i2d_PublicKey\0" + "old_dsa_priv_decode\0" + "old_ec_priv_decode\0" + "old_rsa_priv_decode\0" + "pkey_ec_ctrl\0" + "pkey_ec_derive\0" + "pkey_ec_keygen\0" + "pkey_ec_paramgen\0" + "pkey_ec_sign\0" + "pkey_hmac_ctrl\0" + "pkey_rsa_ctrl\0" + "pkey_rsa_decrypt\0" + "pkey_rsa_encrypt\0" + "pkey_rsa_sign\0" + "rsa_algor_to_md\0" + "rsa_digest_verify_init_from_algorithm\0" + "rsa_mgf1_to_md\0" + "rsa_priv_decode\0" + "rsa_priv_encode\0" + "rsa_pss_to_ctx\0" + "rsa_pub_decode\0" + "HKDF\0" + "OBJ_create\0" + "OBJ_dup\0" + "OBJ_nid2obj\0" + "OBJ_txt2obj\0" + "PEM_ASN1_read\0" + "PEM_ASN1_read_bio\0" + "PEM_ASN1_write\0" + "PEM_ASN1_write_bio\0" + "PEM_X509_INFO_read\0" + "PEM_X509_INFO_read_bio\0" + "PEM_X509_INFO_write_bio\0" + "PEM_do_header\0" + "PEM_get_EVP_CIPHER_INFO\0" + "PEM_read\0" + "PEM_read_DHparams\0" + "PEM_read_PrivateKey\0" + "PEM_read_bio\0" + "PEM_read_bio_DHparams\0" + "PEM_read_bio_Parameters\0" + "PEM_read_bio_PrivateKey\0" + "PEM_write\0" + "PEM_write_PrivateKey\0" + "PEM_write_bio\0" + "d2i_PKCS8PrivateKey_bio\0" + "d2i_PKCS8PrivateKey_fp\0" + "do_pk8pkey\0" + "do_pk8pkey_fp\0" + "load_iv\0" + "EVP_PKCS82PKEY\0" + "EVP_PKEY2PKCS8\0" + "PKCS12_get_key_and_certs\0" + "PKCS12_handle_content_info\0" + "PKCS12_handle_content_infos\0" + "PKCS5_pbe2_set_iv\0" + "PKCS5_pbe_set\0" + "PKCS5_pbe_set0_algor\0" + "PKCS5_pbkdf2_set\0" + "PKCS8_decrypt\0" + "PKCS8_encrypt\0" + "PKCS8_encrypt_pbe\0" + "pbe_cipher_init\0" + "pbe_crypt\0" + "pkcs12_item_decrypt_d2i\0" + "pkcs12_item_i2d_encrypt\0" + "pkcs12_key_gen_raw\0" + "pkcs12_pbe_keyivgen\0" + "BN_BLINDING_convert_ex\0" + "BN_BLINDING_create_param\0" + "BN_BLINDING_invert_ex\0" + "BN_BLINDING_new\0" + "BN_BLINDING_update\0" + "RSA_check_key\0" + "RSA_new_method\0" + "RSA_padding_add_PKCS1_OAEP_mgf1\0" + "RSA_padding_add_PKCS1_PSS_mgf1\0" + "RSA_padding_add_PKCS1_type_1\0" + "RSA_padding_add_PKCS1_type_2\0" + "RSA_padding_add_none\0" + "RSA_padding_check_PKCS1_OAEP_mgf1\0" + "RSA_padding_check_PKCS1_type_1\0" + "RSA_padding_check_PKCS1_type_2\0" + "RSA_padding_check_none\0" + "RSA_recover_crt_params\0" + "RSA_sign\0" + "RSA_verify\0" + "RSA_verify_PKCS1_PSS_mgf1\0" + "decrypt\0" + "encrypt\0" + "keygen\0" + "pkcs1_prefixed_msg\0" + "private_transform\0" + "rsa_setup_blinding\0" + "sign_raw\0" + "verify_raw\0" + "SSL_CTX_check_private_key\0" + "SSL_CTX_new\0" + "SSL_CTX_set1_tls_channel_id\0" + "SSL_CTX_set_cipher_list\0" + "SSL_CTX_set_cipher_list_tls11\0" + "SSL_CTX_set_session_id_context\0" + "SSL_CTX_set_tmp_dh\0" + "SSL_CTX_set_tmp_ecdh\0" + "SSL_CTX_use_PrivateKey\0" + "SSL_CTX_use_PrivateKey_ASN1\0" + "SSL_CTX_use_PrivateKey_file\0" + "SSL_CTX_use_RSAPrivateKey\0" + "SSL_CTX_use_RSAPrivateKey_ASN1\0" + "SSL_CTX_use_RSAPrivateKey_file\0" + "SSL_CTX_use_certificate\0" + "SSL_CTX_use_certificate_ASN1\0" + "SSL_CTX_use_certificate_chain_file\0" + "SSL_CTX_use_certificate_file\0" + "SSL_CTX_use_psk_identity_hint\0" + "SSL_SESSION_new\0" + "SSL_SESSION_print_fp\0" + "SSL_SESSION_set1_id_context\0" + "SSL_SESSION_to_bytes_full\0" + "SSL_accept\0" + "SSL_add_dir_cert_subjects_to_stack\0" + "SSL_add_file_cert_subjects_to_stack\0" + "SSL_check_private_key\0" + "SSL_clear\0" + "SSL_connect\0" + "SSL_do_handshake\0" + "SSL_load_client_CA_file\0" + "SSL_new\0" + "SSL_peek\0" + "SSL_read\0" + "SSL_renegotiate\0" + "SSL_set1_tls_channel_id\0" + "SSL_set_cipher_list\0" + "SSL_set_fd\0" + "SSL_set_rfd\0" + "SSL_set_session_id_context\0" + "SSL_set_tlsext_host_name\0" + "SSL_set_tmp_dh\0" + "SSL_set_tmp_ecdh\0" + "SSL_set_wfd\0" + "SSL_shutdown\0" + "SSL_use_PrivateKey\0" + "SSL_use_PrivateKey_ASN1\0" + "SSL_use_PrivateKey_file\0" + "SSL_use_RSAPrivateKey\0" + "SSL_use_RSAPrivateKey_ASN1\0" + "SSL_use_RSAPrivateKey_file\0" + "SSL_use_certificate\0" + "SSL_use_certificate_ASN1\0" + "SSL_use_certificate_file\0" + "SSL_use_psk_identity_hint\0" + "SSL_write\0" + "d2i_SSL_SESSION\0" + "d2i_SSL_SESSION_get_octet_string\0" + "d2i_SSL_SESSION_get_string\0" + "do_ssl3_write\0" + "dtls1_accept\0" + "dtls1_buffer_record\0" + "dtls1_check_timeout_num\0" + "dtls1_connect\0" + "dtls1_do_write\0" + "dtls1_get_buffered_message\0" + "dtls1_get_hello_verify\0" + "dtls1_get_message\0" + "dtls1_get_message_fragment\0" + "dtls1_hm_fragment_new\0" + "dtls1_preprocess_fragment\0" + "dtls1_process_fragment\0" + "dtls1_process_record\0" + "dtls1_read_bytes\0" + "dtls1_send_hello_verify_request\0" + "dtls1_write_app_data_bytes\0" + "i2d_SSL_SESSION\0" + "ssl3_accept\0" + "ssl3_cert_verify_hash\0" + "ssl3_check_cert_and_algorithm\0" + "ssl3_connect\0" + "ssl3_ctrl\0" + "ssl3_ctx_ctrl\0" + "ssl3_digest_cached_records\0" + "ssl3_do_change_cipher_spec\0" + "ssl3_expect_change_cipher_spec\0" + "ssl3_get_cert_status\0" + "ssl3_get_cert_verify\0" + "ssl3_get_certificate_request\0" + "ssl3_get_channel_id\0" + "ssl3_get_client_certificate\0" + "ssl3_get_client_hello\0" + "ssl3_get_client_key_exchange\0" + "ssl3_get_finished\0" + "ssl3_get_initial_bytes\0" + "ssl3_get_message\0" + "ssl3_get_new_session_ticket\0" + "ssl3_get_next_proto\0" + "ssl3_get_record\0" + "ssl3_get_server_certificate\0" + "ssl3_get_server_done\0" + "ssl3_get_server_hello\0" + "ssl3_get_server_key_exchange\0" + "ssl3_get_v2_client_hello\0" + "ssl3_handshake_mac\0" + "ssl3_output_cert_chain\0" + "ssl3_prf\0" + "ssl3_read_bytes\0" + "ssl3_read_n\0" + "ssl3_record_sequence_update\0" + "ssl3_seal_record\0" + "ssl3_send_cert_verify\0" + "ssl3_send_certificate_request\0" + "ssl3_send_channel_id\0" + "ssl3_send_client_certificate\0" + "ssl3_send_client_hello\0" + "ssl3_send_client_key_exchange\0" + "ssl3_send_server_certificate\0" + "ssl3_send_server_hello\0" + "ssl3_send_server_key_exchange\0" + "ssl3_setup_read_buffer\0" + "ssl3_setup_write_buffer\0" + "ssl3_write_bytes\0" + "ssl3_write_pending\0" + "ssl_add_cert_chain\0" + "ssl_add_cert_to_buf\0" + "ssl_add_clienthello_renegotiate_ext\0" + "ssl_add_clienthello_tlsext\0" + "ssl_add_clienthello_use_srtp_ext\0" + "ssl_add_serverhello_renegotiate_ext\0" + "ssl_add_serverhello_tlsext\0" + "ssl_add_serverhello_use_srtp_ext\0" + "ssl_build_cert_chain\0" + "ssl_bytes_to_cipher_list\0" + "ssl_cert_dup\0" + "ssl_cert_inst\0" + "ssl_cert_new\0" + "ssl_check_serverhello_tlsext\0" + "ssl_check_srvr_ecc_cert_and_alg\0" + "ssl_cipher_process_rulestr\0" + "ssl_cipher_strength_sort\0" + "ssl_create_cipher_list\0" + "ssl_ctx_log_master_secret\0" + "ssl_ctx_log_rsa_client_key_exchange\0" + "ssl_ctx_make_profiles\0" + "ssl_get_new_session\0" + "ssl_get_prev_session\0" + "ssl_get_server_cert_index\0" + "ssl_get_sign_pkey\0" + "ssl_init_wbio_buffer\0" + "ssl_parse_clienthello_renegotiate_ext\0" + "ssl_parse_clienthello_tlsext\0" + "ssl_parse_clienthello_use_srtp_ext\0" + "ssl_parse_serverhello_renegotiate_ext\0" + "ssl_parse_serverhello_tlsext\0" + "ssl_parse_serverhello_use_srtp_ext\0" + "ssl_scan_clienthello_tlsext\0" + "ssl_scan_serverhello_tlsext\0" + "ssl_sess_cert_new\0" + "ssl_set_cert\0" + "ssl_set_pkey\0" + "ssl_verify_cert_chain\0" + "tls12_check_peer_sigalg\0" + "tls1_aead_ctx_init\0" + "tls1_cert_verify_mac\0" + "tls1_change_cipher_state\0" + "tls1_change_cipher_state_aead\0" + "tls1_check_duplicate_extensions\0" + "tls1_enc\0" + "tls1_export_keying_material\0" + "tls1_prf\0" + "tls1_setup_key_block\0" + "ASN1_digest\0" + "ASN1_item_sign_ctx\0" + "ASN1_item_verify\0" + "NETSCAPE_SPKI_b64_decode\0" + "NETSCAPE_SPKI_b64_encode\0" + "PKCS7_get_CRLs\0" + "PKCS7_get_certificates\0" + "X509_ATTRIBUTE_create_by_NID\0" + "X509_ATTRIBUTE_create_by_OBJ\0" + "X509_ATTRIBUTE_create_by_txt\0" + "X509_ATTRIBUTE_get0_data\0" + "X509_ATTRIBUTE_set1_data\0" + "X509_CRL_add0_revoked\0" + "X509_CRL_diff\0" + "X509_CRL_print_fp\0" + "X509_EXTENSION_create_by_NID\0" + "X509_EXTENSION_create_by_OBJ\0" + "X509_INFO_new\0" + "X509_NAME_ENTRY_create_by_NID\0" + "X509_NAME_ENTRY_create_by_txt\0" + "X509_NAME_ENTRY_set_object\0" + "X509_NAME_add_entry\0" + "X509_NAME_oneline\0" + "X509_NAME_print\0" + "X509_PKEY_new\0" + "X509_PUBKEY_get\0" + "X509_PUBKEY_set\0" + "X509_REQ_check_private_key\0" + "X509_REQ_to_X509\0" + "X509_STORE_CTX_get1_issuer\0" + "X509_STORE_CTX_init\0" + "X509_STORE_CTX_new\0" + "X509_STORE_CTX_purpose_inherit\0" + "X509_STORE_add_cert\0" + "X509_STORE_add_crl\0" + "X509_TRUST_add\0" + "X509_TRUST_set\0" + "X509_check_private_key\0" + "X509_get_pubkey_parameters\0" + "X509_load_cert_crl_file\0" + "X509_load_cert_file\0" + "X509_load_crl_file\0" + "X509_print_ex_fp\0" + "X509_to_X509_REQ\0" + "X509_verify_cert\0" + "X509at_add1_attr\0" + "X509v3_add_ext\0" + "add_cert_dir\0" + "by_file_ctrl\0" + "check_policy\0" + "dir_ctrl\0" + "get_cert_by_subject\0" + "i2d_DSA_PUBKEY\0" + "i2d_EC_PUBKEY\0" + "i2d_RSA_PUBKEY\0" + "pkcs7_parse_header\0" + "x509_name_encode\0" + "x509_name_ex_d2i\0" + "x509_name_ex_new\0" + "SXNET_add_id_INTEGER\0" + "SXNET_add_id_asc\0" + "SXNET_add_id_ulong\0" + "SXNET_get_id_asc\0" + "SXNET_get_id_ulong\0" + "X509V3_EXT_add\0" + "X509V3_EXT_add_alias\0" + "X509V3_EXT_free\0" + "X509V3_EXT_i2d\0" + "X509V3_EXT_nconf\0" + "X509V3_add1_i2d\0" + "X509V3_add_value\0" + "X509V3_get_section\0" + "X509V3_get_string\0" + "X509V3_get_value_bool\0" + "X509V3_parse_list\0" + "X509_PURPOSE_add\0" + "X509_PURPOSE_set\0" + "a2i_GENERAL_NAME\0" + "copy_email\0" + "copy_issuer\0" + "do_dirname\0" + "do_ext_i2d\0" + "do_ext_nconf\0" + "gnames_from_sectname\0" + "hex_to_string\0" + "i2s_ASN1_ENUMERATED\0" + "i2s_ASN1_IA5STRING\0" + "i2s_ASN1_INTEGER\0" + "i2v_AUTHORITY_INFO_ACCESS\0" + "notice_section\0" + "nref_nos\0" + "policy_section\0" + "process_pci_value\0" + "r2i_certpol\0" + "r2i_pci\0" + "s2i_ASN1_IA5STRING\0" + "s2i_ASN1_INTEGER\0" + "s2i_ASN1_OCTET_STRING\0" + "s2i_skey_id\0" + "set_dist_point_name\0" + "string_to_hex\0" + "v2i_ASN1_BIT_STRING\0" + "v2i_AUTHORITY_INFO_ACCESS\0" + "v2i_AUTHORITY_KEYID\0" + "v2i_BASIC_CONSTRAINTS\0" + "v2i_EXTENDED_KEY_USAGE\0" + "v2i_GENERAL_NAMES\0" + "v2i_GENERAL_NAME_ex\0" + "v2i_NAME_CONSTRAINTS\0" + "v2i_POLICY_CONSTRAINTS\0" + "v2i_POLICY_MAPPINGS\0" + "v2i_crld\0" + "v2i_idp\0" + "v2i_issuer_alt\0" + "v2i_subject_alt\0" + "v3_generic_extension\0" + ""; + +const uint32_t kOpenSSLReasonValues[] = { + 0xc3207ba, + 0xc3287c7, + 0xc3307d6, + 0xc3387e6, + 0xc3407f5, + 0xc34880e, + 0xc35081a, + 0xc358837, + 0xc360849, + 0xc368857, + 0xc370867, + 0xc378874, + 0xc380884, + 0xc38888f, + 0xc3908a5, + 0xc3988b4, + 0xc3a08c8, + 0x1032146b, + 0x10329477, + 0x10331490, + 0x103394a3, + 0x10340dd4, + 0x103494b6, + 0x103514cb, + 0x103594de, + 0x103614f7, + 0x1036950c, + 0x1037152a, + 0x10379539, + 0x10381555, + 0x10389570, + 0x1039157f, + 0x1039959b, + 0x103a15b6, + 0x103a95cd, + 0x103b15de, + 0x103b95f2, + 0x103c1611, + 0x103c9620, + 0x103d1637, + 0x103d964a, + 0x103e0b5f, + 0x103e965d, + 0x103f1670, + 0x103f968a, + 0x1040169a, + 0x104096ae, + 0x104116c4, + 0x104196dc, + 0x104216f1, + 0x10429705, + 0x10431717, + 0x104385d0, + 0x104408b4, + 0x1044972c, + 0x10451743, + 0x10459758, + 0x10461766, + 0x14320b42, + 0x14328b50, + 0x14330b5f, + 0x14338b71, + 0x18320083, + 0x18328e3a, + 0x18340e68, + 0x18348e7c, + 0x18358eb3, + 0x18368ee0, + 0x18370ef3, + 0x18378f07, + 0x18380f2b, + 0x18388f39, + 0x18390f4f, + 0x18398f63, + 0x183a0f73, + 0x183b0f83, + 0x183b8f98, + 0x183c8fc3, + 0x183d0fd7, + 0x183d8fe7, + 0x183e0b8e, + 0x183e8ff4, + 0x183f1006, + 0x183f9011, + 0x18401021, + 0x18409032, + 0x18411043, + 0x18419055, + 0x1842107e, + 0x184290b0, + 0x184310bf, + 0x18451128, + 0x1845913e, + 0x18461159, + 0x18468ecb, + 0x184709cc, + 0x18478094, + 0x18480faf, + 0x184890f4, + 0x18490e50, + 0x18498e91, + 0x184a118f, + 0x184a910c, + 0x184b10d3, + 0x184b8e2a, + 0x184c1097, + 0x184c866b, + 0x184d1174, + 0x203211b6, + 0x243211c2, + 0x243288fa, + 0x243311d4, + 0x243391e1, + 0x243411ee, + 0x24349200, + 0x2435120f, + 0x2435922c, + 0x24361239, + 0x24369247, + 0x24371255, + 0x24379263, + 0x2438126c, + 0x24389279, + 0x2439128c, + 0x28320b82, + 0x28328b8e, + 0x28330b5f, + 0x28338ba1, + 0x2c322a47, + 0x2c32aa55, + 0x2c332a67, + 0x2c33aa79, + 0x2c342a8d, + 0x2c34aa9f, + 0x2c352aba, + 0x2c35aacc, + 0x2c362adf, + 0x2c3682f3, + 0x2c372aec, + 0x2c37aafe, + 0x2c382b11, + 0x2c38ab1f, + 0x2c392b2f, + 0x2c39ab41, + 0x2c3a2b55, + 0x2c3aab66, + 0x2c3b134c, + 0x2c3bab77, + 0x2c3c2b8b, + 0x2c3caba1, + 0x2c3d2bba, + 0x2c3dabe8, + 0x2c3e2bf6, + 0x2c3eac0e, + 0x2c3f2c26, + 0x2c3fac33, + 0x2c402c56, + 0x2c40ac75, + 0x2c4111b6, + 0x2c41ac86, + 0x2c422c99, + 0x2c429128, + 0x2c432caa, + 0x2c4386a2, + 0x2c442bd7, + 0x30320000, + 0x30328015, + 0x3033001f, + 0x30338038, + 0x3034004a, + 0x30348064, + 0x3035006b, + 0x30358083, + 0x30360094, + 0x303680a1, + 0x303700b0, + 0x303780bd, + 0x303800d0, + 0x303880eb, + 0x30390100, + 0x30398114, + 0x303a0128, + 0x303a8139, + 0x303b0152, + 0x303b816f, + 0x303c017d, + 0x303c8191, + 0x303d01a1, + 0x303d81ba, + 0x303e01ca, + 0x303e81dd, + 0x303f01ec, + 0x303f81f8, + 0x3040020d, + 0x3040821d, + 0x30410234, + 0x30418241, + 0x30420254, + 0x30428263, + 0x30430278, + 0x30438299, + 0x304402ac, + 0x304482bf, + 0x304502d8, + 0x304582f3, + 0x30460310, + 0x30468329, + 0x30470337, + 0x30478348, + 0x30480357, + 0x3048836f, + 0x30490381, + 0x30498395, + 0x304a03b4, + 0x304a83c7, + 0x304b03d2, + 0x304b83e1, + 0x304c03f2, + 0x304c83fe, + 0x304d0414, + 0x304d8422, + 0x304e0438, + 0x304e844a, + 0x304f045c, + 0x304f846f, + 0x30500482, + 0x30508493, + 0x305104a3, + 0x305184bb, + 0x305204d0, + 0x305284e8, + 0x305304fc, + 0x30538514, + 0x3054052d, + 0x30548546, + 0x30550563, + 0x3055856e, + 0x30560586, + 0x30568596, + 0x305705a7, + 0x305785ba, + 0x305805d0, + 0x305885d9, + 0x305905ee, + 0x30598601, + 0x305a0610, + 0x305a8630, + 0x305b063f, + 0x305b864b, + 0x305c066b, + 0x305c8687, + 0x305d0698, + 0x305d86a2, + 0x34320abc, + 0x34328ad0, + 0x34330aed, + 0x34338b00, + 0x34340b0f, + 0x34348b2c, + 0x3c320083, + 0x3c328bcb, + 0x3c330be4, + 0x3c338bff, + 0x3c340c1c, + 0x3c348c37, + 0x3c350c52, + 0x3c358c67, + 0x3c360c80, + 0x3c368c98, + 0x3c370ca9, + 0x3c378cb7, + 0x3c380cc4, + 0x3c388cd8, + 0x3c390b8e, + 0x3c398cec, + 0x3c3a0d00, + 0x3c3a8874, + 0x3c3b0d10, + 0x3c3b8d2b, + 0x3c3c0d3d, + 0x3c3c8d53, + 0x3c3d0d5d, + 0x3c3d8d71, + 0x3c3e0d7f, + 0x3c3e8da4, + 0x3c3f0bb7, + 0x3c3f8d8d, + 0x4032177d, + 0x40329793, + 0x403317c1, + 0x403397cb, + 0x403417e2, + 0x40349800, + 0x40351810, + 0x40359822, + 0x4036182f, + 0x4036983b, + 0x40371850, + 0x40379865, + 0x40381877, + 0x40389882, + 0x40391894, + 0x40398dd4, + 0x403a18a4, + 0x403a98b7, + 0x403b18d8, + 0x403b98e9, + 0x403c18f9, + 0x403c8064, + 0x403d1905, + 0x403d9921, + 0x403e1937, + 0x403e9946, + 0x403f1959, + 0x403f9973, + 0x40401981, + 0x40409996, + 0x404119aa, + 0x404199c7, + 0x404219e0, + 0x404299fb, + 0x40431a14, + 0x40439a27, + 0x40441a3b, + 0x40449a53, + 0x40451a63, + 0x40459a71, + 0x40461a8f, + 0x40468094, + 0x40471aa4, + 0x40479ab6, + 0x40481ada, + 0x40489afa, + 0x40491b0e, + 0x40499b23, + 0x404a1b3c, + 0x404a9b5f, + 0x404b1b79, + 0x404b9b97, + 0x404c1bb2, + 0x404c9bcc, + 0x404d1be3, + 0x404d9c0b, + 0x404e1c22, + 0x404e9c3e, + 0x404f1c5a, + 0x404f9c7b, + 0x40501c9d, + 0x40509cb9, + 0x40511ccd, + 0x40519cda, + 0x40521cf1, + 0x40529d01, + 0x40531d11, + 0x40539d25, + 0x40541d40, + 0x40549d50, + 0x40551d67, + 0x40559d76, + 0x40561d91, + 0x40569da9, + 0x40571dc5, + 0x40579dde, + 0x40581df1, + 0x40589e06, + 0x40591e29, + 0x40599e37, + 0x405a1e44, + 0x405a9e5d, + 0x405b1e75, + 0x405b9e88, + 0x405c1e9d, + 0x405c9eaf, + 0x405d1ec4, + 0x405d9ed4, + 0x405e1eed, + 0x405e9f01, + 0x405f1f11, + 0x405f9f29, + 0x40601f3a, + 0x40609f4d, + 0x40611f5e, + 0x40619f7c, + 0x40621f8d, + 0x40629f9a, + 0x40631fb1, + 0x40639ff2, + 0x40642009, + 0x4064a016, + 0x40652024, + 0x4065a046, + 0x4066206e, + 0x4066a083, + 0x4067209a, + 0x4067a0ab, + 0x406820bc, + 0x4068a0cd, + 0x406920e2, + 0x4069a0f9, + 0x406a210a, + 0x406aa123, + 0x406b213e, + 0x406ba155, + 0x406c216d, + 0x406ca18e, + 0x406d21a1, + 0x406da1c2, + 0x406e21dd, + 0x406ea1f8, + 0x406f2219, + 0x406fa23f, + 0x4070225f, + 0x4070a27b, + 0x40712408, + 0x4071a42b, + 0x40722441, + 0x4072a460, + 0x40732478, + 0x4073a498, + 0x407426c2, + 0x4074a6e7, + 0x40752702, + 0x4075a721, + 0x40762750, + 0x4076a778, + 0x40772791, + 0x4077a7b0, + 0x407827d5, + 0x4078a7ec, + 0x407927ff, + 0x4079a81c, + 0x407a0782, + 0x407aa82e, + 0x407b2841, + 0x407ba85a, + 0x407c2872, + 0x407c90b0, + 0x407d2886, + 0x407da8a0, + 0x407e28b1, + 0x407ea8c5, + 0x407f28d3, + 0x407fa8ee, + 0x40801279, + 0x4080a913, + 0x40812935, + 0x4081a950, + 0x40822965, + 0x4082a97d, + 0x40832995, + 0x4083a9ac, + 0x408429c2, + 0x4084a9ce, + 0x408529e1, + 0x4085a9f6, + 0x40862a08, + 0x4086aa1d, + 0x40872a26, + 0x40879bf9, + 0x40880083, + 0x40889fd1, + 0x41f42333, + 0x41f923c5, + 0x41fe22b8, + 0x41fea4e9, + 0x41ff25da, + 0x4203234c, + 0x4208236e, + 0x4208a3aa, + 0x4209229c, + 0x4209a3e4, + 0x420a22f3, + 0x420aa2d3, + 0x420b2313, + 0x420ba38c, + 0x420c25f6, + 0x420ca4b6, + 0x420d24d0, + 0x420da507, + 0x42122521, + 0x421725bd, + 0x4217a563, + 0x421c2585, + 0x421f2540, + 0x4221260d, + 0x422625a0, + 0x422b26a6, + 0x422ba66f, + 0x422c268e, + 0x422ca649, + 0x422d2628, + 0x443206ad, + 0x443286bc, + 0x443306c8, + 0x443386d6, + 0x443406e9, + 0x443486fa, + 0x44350701, + 0x4435870b, + 0x4436071e, + 0x44368734, + 0x44370746, + 0x44378753, + 0x44380762, + 0x4438876a, + 0x44390782, + 0x44398790, + 0x443a07a3, + 0x4c3212a3, + 0x4c3292b3, + 0x4c3312c6, + 0x4c3392e6, + 0x4c340094, + 0x4c3480b0, + 0x4c3512f2, + 0x4c359300, + 0x4c36131c, + 0x4c36932f, + 0x4c37133e, + 0x4c37934c, + 0x4c381361, + 0x4c38936d, + 0x4c39138d, + 0x4c3993b7, + 0x4c3a13d0, + 0x4c3a93e9, + 0x4c3b05d0, + 0x4c3b9402, + 0x4c3c1414, + 0x4c3c9423, + 0x4c3d10b0, + 0x4c3d943c, + 0x4c3e1449, + 0x50322cbc, + 0x5032accb, + 0x50332cd6, + 0x5033ace6, + 0x50342cff, + 0x5034ad19, + 0x50352d27, + 0x5035ad3d, + 0x50362d4f, + 0x5036ad65, + 0x50372d7e, + 0x5037ad91, + 0x50382da9, + 0x5038adba, + 0x50392dcf, + 0x5039ade3, + 0x503a2e03, + 0x503aae19, + 0x503b2e31, + 0x503bae43, + 0x503c2e5f, + 0x503cae76, + 0x503d2e8f, + 0x503daea5, + 0x503e2eb2, + 0x503eaec8, + 0x503f2eda, + 0x503f8348, + 0x50402eed, + 0x5040aefd, + 0x50412f17, + 0x5041af26, + 0x50422f40, + 0x5042af5d, + 0x50432f6d, + 0x5043af7d, + 0x50442f8c, + 0x50448414, + 0x50452fa0, + 0x5045afbe, + 0x50462fd1, + 0x5046afe7, + 0x50472ff9, + 0x5047b00e, + 0x50483034, + 0x5048b042, + 0x50493055, + 0x5049b06a, + 0x504a3080, + 0x504ab090, + 0x504b30b0, + 0x504bb0c3, + 0x504c30e6, + 0x504cb114, + 0x504d3126, + 0x504db143, + 0x504e315e, + 0x504eb17a, + 0x504f318c, + 0x504fb1a3, + 0x505031b2, + 0x50508687, + 0x505131c5, + 0x58320e12, + 0x68320dd4, + 0x68328b8e, + 0x68330ba1, + 0x68338de2, + 0x68340df2, + 0x6c320db0, + 0x6c328b71, + 0x6c330dbb, + 0x74320980, + 0x783208e5, + 0x783288fa, + 0x78330906, + 0x78338083, + 0x78340915, + 0x7834892a, + 0x78350949, + 0x7835896b, + 0x78360980, + 0x78368996, + 0x783709a6, + 0x783789b9, + 0x783809cc, + 0x783889de, + 0x783909eb, + 0x78398a0a, + 0x783a0a1f, + 0x783a8a2d, + 0x783b0a37, + 0x783b8a4b, + 0x783c0a62, + 0x783c8a77, + 0x783d0a8e, + 0x783d8aa3, + 0x783e09f9, + 0x803211a5, +}; + +const size_t kOpenSSLReasonValuesLen = sizeof(kOpenSSLReasonValues) / sizeof(kOpenSSLReasonValues[0]); + +const char kOpenSSLReasonStringData[] = + "ASN1_LENGTH_MISMATCH\0" + "AUX_ERROR\0" + "BAD_GET_ASN1_OBJECT_CALL\0" + "BAD_OBJECT_HEADER\0" + "BMPSTRING_IS_WRONG_LENGTH\0" + "BN_LIB\0" + "BOOLEAN_IS_WRONG_LENGTH\0" + "BUFFER_TOO_SMALL\0" + "DECODE_ERROR\0" + "DEPTH_EXCEEDED\0" + "ENCODE_ERROR\0" + "ERROR_GETTING_TIME\0" + "EXPECTING_AN_ASN1_SEQUENCE\0" + "EXPECTING_AN_INTEGER\0" + "EXPECTING_AN_OBJECT\0" + "EXPECTING_A_BOOLEAN\0" + "EXPECTING_A_TIME\0" + "EXPLICIT_LENGTH_MISMATCH\0" + "EXPLICIT_TAG_NOT_CONSTRUCTED\0" + "FIELD_MISSING\0" + "FIRST_NUM_TOO_LARGE\0" + "HEADER_TOO_LONG\0" + "ILLEGAL_BITSTRING_FORMAT\0" + "ILLEGAL_BOOLEAN\0" + "ILLEGAL_CHARACTERS\0" + "ILLEGAL_FORMAT\0" + "ILLEGAL_HEX\0" + "ILLEGAL_IMPLICIT_TAG\0" + "ILLEGAL_INTEGER\0" + "ILLEGAL_NESTED_TAGGING\0" + "ILLEGAL_NULL\0" + "ILLEGAL_NULL_VALUE\0" + "ILLEGAL_OBJECT\0" + "ILLEGAL_OPTIONAL_ANY\0" + "ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE\0" + "ILLEGAL_TAGGED_ANY\0" + "ILLEGAL_TIME_VALUE\0" + "INTEGER_NOT_ASCII_FORMAT\0" + "INTEGER_TOO_LARGE_FOR_LONG\0" + "INVALID_BIT_STRING_BITS_LEFT\0" + "INVALID_BMPSTRING_LENGTH\0" + "INVALID_DIGIT\0" + "INVALID_MODIFIER\0" + "INVALID_NUMBER\0" + "INVALID_OBJECT_ENCODING\0" + "INVALID_SEPARATOR\0" + "INVALID_TIME_FORMAT\0" + "INVALID_UNIVERSALSTRING_LENGTH\0" + "INVALID_UTF8STRING\0" + "LIST_ERROR\0" + "MALLOC_FAILURE\0" + "MISSING_ASN1_EOS\0" + "MISSING_EOC\0" + "MISSING_SECOND_NUMBER\0" + "MISSING_VALUE\0" + "MSTRING_NOT_UNIVERSAL\0" + "MSTRING_WRONG_TAG\0" + "NESTED_ASN1_ERROR\0" + "NESTED_ASN1_STRING\0" + "NON_HEX_CHARACTERS\0" + "NOT_ASCII_FORMAT\0" + "NOT_ENOUGH_DATA\0" + "NO_MATCHING_CHOICE_TYPE\0" + "NULL_IS_WRONG_LENGTH\0" + "OBJECT_NOT_ASCII_FORMAT\0" + "ODD_NUMBER_OF_CHARS\0" + "SECOND_NUMBER_TOO_LARGE\0" + "SEQUENCE_LENGTH_MISMATCH\0" + "SEQUENCE_NOT_CONSTRUCTED\0" + "SEQUENCE_OR_SET_NEEDS_CONFIG\0" + "SHORT_LINE\0" + "STREAMING_NOT_SUPPORTED\0" + "STRING_TOO_LONG\0" + "STRING_TOO_SHORT\0" + "TAG_VALUE_TOO_HIGH\0" + "TIME_NOT_ASCII_FORMAT\0" + "TOO_LONG\0" + "TYPE_NOT_CONSTRUCTED\0" + "TYPE_NOT_PRIMITIVE\0" + "UNEXPECTED_EOC\0" + "UNIVERSALSTRING_IS_WRONG_LENGTH\0" + "UNKNOWN_FORMAT\0" + "UNKNOWN_TAG\0" + "UNSUPPORTED_ANY_DEFINED_BY_TYPE\0" + "UNSUPPORTED_PUBLIC_KEY_TYPE\0" + "UNSUPPORTED_TYPE\0" + "WRONG_TAG\0" + "WRONG_TYPE\0" + "BAD_FOPEN_MODE\0" + "BROKEN_PIPE\0" + "CONNECT_ERROR\0" + "ERROR_SETTING_NBIO\0" + "INVALID_ARGUMENT\0" + "IN_USE\0" + "KEEPALIVE\0" + "NBIO_CONNECT_ERROR\0" + "NO_HOSTNAME_SPECIFIED\0" + "NO_PORT_SPECIFIED\0" + "NO_SUCH_FILE\0" + "NULL_PARAMETER\0" + "SYS_LIB\0" + "UNABLE_TO_CREATE_SOCKET\0" + "UNINITIALIZED\0" + "UNSUPPORTED_METHOD\0" + "WRITE_TO_READ_ONLY_BIO\0" + "ARG2_LT_ARG3\0" + "BAD_RECIPROCAL\0" + "BIGNUM_TOO_LONG\0" + "BITS_TOO_SMALL\0" + "CALLED_WITH_EVEN_MODULUS\0" + "DIV_BY_ZERO\0" + "EXPAND_ON_STATIC_BIGNUM_DATA\0" + "INPUT_NOT_REDUCED\0" + "INVALID_RANGE\0" + "NEGATIVE_NUMBER\0" + "NOT_A_SQUARE\0" + "NOT_INITIALIZED\0" + "NO_INVERSE\0" + "PRIVATE_KEY_TOO_LARGE\0" + "P_IS_NOT_PRIME\0" + "TOO_MANY_ITERATIONS\0" + "TOO_MANY_TEMPORARY_VARIABLES\0" + "AES_KEY_SETUP_FAILED\0" + "BAD_DECRYPT\0" + "BAD_KEY_LENGTH\0" + "CTRL_NOT_IMPLEMENTED\0" + "CTRL_OPERATION_NOT_IMPLEMENTED\0" + "DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH\0" + "INITIALIZATION_ERROR\0" + "INPUT_NOT_INITIALIZED\0" + "INVALID_AD_SIZE\0" + "INVALID_KEY_LENGTH\0" + "INVALID_NONCE_SIZE\0" + "INVALID_OPERATION\0" + "IV_TOO_LARGE\0" + "NO_CIPHER_SET\0" + "NO_DIRECTION_SET\0" + "OUTPUT_ALIASES_INPUT\0" + "TAG_TOO_LARGE\0" + "TOO_LARGE\0" + "UNSUPPORTED_AD_SIZE\0" + "UNSUPPORTED_INPUT_SIZE\0" + "UNSUPPORTED_KEY_SIZE\0" + "UNSUPPORTED_NONCE_SIZE\0" + "UNSUPPORTED_TAG_SIZE\0" + "WRONG_FINAL_BLOCK_LENGTH\0" + "LIST_CANNOT_BE_NULL\0" + "MISSING_CLOSE_SQUARE_BRACKET\0" + "MISSING_EQUAL_SIGN\0" + "NO_CLOSE_BRACE\0" + "UNABLE_TO_CREATE_NEW_SECTION\0" + "VARIABLE_HAS_NO_VALUE\0" + "BAD_GENERATOR\0" + "INVALID_PUBKEY\0" + "MODULUS_TOO_LARGE\0" + "NO_PRIVATE_VALUE\0" + "BAD_Q_VALUE\0" + "MISSING_PARAMETERS\0" + "NEED_NEW_SETUP_VALUES\0" + "BIGNUM_OUT_OF_RANGE\0" + "COORDINATES_OUT_OF_RANGE\0" + "D2I_ECPKPARAMETERS_FAILURE\0" + "EC_GROUP_NEW_BY_NAME_FAILURE\0" + "GROUP2PKPARAMETERS_FAILURE\0" + "I2D_ECPKPARAMETERS_FAILURE\0" + "INCOMPATIBLE_OBJECTS\0" + "INVALID_COMPRESSED_POINT\0" + "INVALID_COMPRESSION_BIT\0" + "INVALID_ENCODING\0" + "INVALID_FIELD\0" + "INVALID_FORM\0" + "INVALID_GROUP_ORDER\0" + "INVALID_PRIVATE_KEY\0" + "MISSING_PRIVATE_KEY\0" + "NON_NAMED_CURVE\0" + "PKPARAMETERS2GROUP_FAILURE\0" + "POINT_AT_INFINITY\0" + "POINT_IS_NOT_ON_CURVE\0" + "SLOT_FULL\0" + "UNDEFINED_GENERATOR\0" + "UNKNOWN_GROUP\0" + "UNKNOWN_ORDER\0" + "WRONG_CURVE_PARAMETERS\0" + "WRONG_ORDER\0" + "KDF_FAILED\0" + "POINT_ARITHMETIC_FAILURE\0" + "BAD_SIGNATURE\0" + "NOT_IMPLEMENTED\0" + "RANDOM_NUMBER_GENERATION_FAILED\0" + "OPERATION_NOT_SUPPORTED\0" + "BN_DECODE_ERROR\0" + "COMMAND_NOT_SUPPORTED\0" + "CONTEXT_NOT_INITIALISED\0" + "DIFFERENT_KEY_TYPES\0" + "DIFFERENT_PARAMETERS\0" + "DIGEST_AND_KEY_TYPE_NOT_SUPPORTED\0" + "EXPECTING_AN_EC_KEY_KEY\0" + "EXPECTING_AN_RSA_KEY\0" + "EXPECTING_A_DH_KEY\0" + "EXPECTING_A_DSA_KEY\0" + "ILLEGAL_OR_UNSUPPORTED_PADDING_MODE\0" + "INVALID_CURVE\0" + "INVALID_DIGEST_LENGTH\0" + "INVALID_DIGEST_TYPE\0" + "INVALID_KEYBITS\0" + "INVALID_MGF1_MD\0" + "INVALID_PADDING_MODE\0" + "INVALID_PSS_PARAMETERS\0" + "INVALID_PSS_SALTLEN\0" + "INVALID_SALT_LENGTH\0" + "INVALID_TRAILER\0" + "KEYS_NOT_SET\0" + "NO_DEFAULT_DIGEST\0" + "NO_KEY_SET\0" + "NO_MDC2_SUPPORT\0" + "NO_NID_FOR_CURVE\0" + "NO_OPERATION_SET\0" + "NO_PARAMETERS_SET\0" + "OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE\0" + "OPERATON_NOT_INITIALIZED\0" + "PARAMETER_ENCODING_ERROR\0" + "UNKNOWN_DIGEST\0" + "UNKNOWN_MASK_DIGEST\0" + "UNKNOWN_MESSAGE_DIGEST_ALGORITHM\0" + "UNKNOWN_PUBLIC_KEY_TYPE\0" + "UNKNOWN_SIGNATURE_ALGORITHM\0" + "UNSUPPORTED_ALGORITHM\0" + "UNSUPPORTED_MASK_ALGORITHM\0" + "UNSUPPORTED_MASK_PARAMETER\0" + "UNSUPPORTED_SIGNATURE_TYPE\0" + "WRONG_PUBLIC_KEY_TYPE\0" + "OUTPUT_TOO_LARGE\0" + "UNKNOWN_NID\0" + "BAD_BASE64_DECODE\0" + "BAD_END_LINE\0" + "BAD_IV_CHARS\0" + "BAD_PASSWORD_READ\0" + "CIPHER_IS_NULL\0" + "ERROR_CONVERTING_PRIVATE_KEY\0" + "NOT_DEK_INFO\0" + "NOT_ENCRYPTED\0" + "NOT_PROC_TYPE\0" + "NO_START_LINE\0" + "READ_KEY\0" + "SHORT_HEADER\0" + "UNSUPPORTED_CIPHER\0" + "UNSUPPORTED_ENCRYPTION\0" + "BAD_PKCS12_DATA\0" + "BAD_PKCS12_VERSION\0" + "CIPHER_HAS_NO_OBJECT_IDENTIFIER\0" + "CRYPT_ERROR\0" + "ENCRYPT_ERROR\0" + "ERROR_SETTING_CIPHER_PARAMS\0" + "INCORRECT_PASSWORD\0" + "KEYGEN_FAILURE\0" + "KEY_GEN_ERROR\0" + "METHOD_NOT_SUPPORTED\0" + "MISSING_MAC\0" + "MULTIPLE_PRIVATE_KEYS_IN_PKCS12\0" + "PKCS12_PUBLIC_KEY_INTEGRITY_NOT_SUPPORTED\0" + "PKCS12_TOO_DEEPLY_NESTED\0" + "PRIVATE_KEY_DECODE_ERROR\0" + "PRIVATE_KEY_ENCODE_ERROR\0" + "UNKNOWN_ALGORITHM\0" + "UNKNOWN_CIPHER\0" + "UNKNOWN_CIPHER_ALGORITHM\0" + "UNKNOWN_HASH\0" + "UNSUPPORTED_PRIVATE_KEY_ALGORITHM\0" + "BAD_E_VALUE\0" + "BAD_FIXED_HEADER_DECRYPT\0" + "BAD_PAD_BYTE_COUNT\0" + "BAD_RSA_PARAMETERS\0" + "BLOCK_TYPE_IS_NOT_01\0" + "BN_NOT_INITIALIZED\0" + "CRT_PARAMS_ALREADY_GIVEN\0" + "CRT_VALUES_INCORRECT\0" + "DATA_LEN_NOT_EQUAL_TO_MOD_LEN\0" + "DATA_TOO_LARGE\0" + "DATA_TOO_LARGE_FOR_KEY_SIZE\0" + "DATA_TOO_LARGE_FOR_MODULUS\0" + "DATA_TOO_SMALL\0" + "DATA_TOO_SMALL_FOR_KEY_SIZE\0" + "DIGEST_TOO_BIG_FOR_RSA_KEY\0" + "D_E_NOT_CONGRUENT_TO_1\0" + "EMPTY_PUBLIC_KEY\0" + "FIRST_OCTET_INVALID\0" + "INCONSISTENT_SET_OF_CRT_VALUES\0" + "INTERNAL_ERROR\0" + "INVALID_MESSAGE_LENGTH\0" + "KEY_SIZE_TOO_SMALL\0" + "LAST_OCTET_INVALID\0" + "NO_PUBLIC_EXPONENT\0" + "NULL_BEFORE_BLOCK_MISSING\0" + "N_NOT_EQUAL_P_Q\0" + "OAEP_DECODING_ERROR\0" + "ONLY_ONE_OF_P_Q_GIVEN\0" + "OUTPUT_BUFFER_TOO_SMALL\0" + "PADDING_CHECK_FAILED\0" + "PKCS_DECODING_ERROR\0" + "SLEN_CHECK_FAILED\0" + "SLEN_RECOVERY_FAILED\0" + "UNKNOWN_ALGORITHM_TYPE\0" + "UNKNOWN_PADDING_TYPE\0" + "VALUE_MISSING\0" + "WRONG_SIGNATURE_LENGTH\0" + "APP_DATA_IN_HANDSHAKE\0" + "ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT\0" + "BAD_ALERT\0" + "BAD_CHANGE_CIPHER_SPEC\0" + "BAD_DATA_RETURNED_BY_CALLBACK\0" + "BAD_DH_P_LENGTH\0" + "BAD_DIGEST_LENGTH\0" + "BAD_ECC_CERT\0" + "BAD_ECPOINT\0" + "BAD_HANDSHAKE_LENGTH\0" + "BAD_HANDSHAKE_RECORD\0" + "BAD_HELLO_REQUEST\0" + "BAD_LENGTH\0" + "BAD_PACKET_LENGTH\0" + "BAD_RSA_ENCRYPT\0" + "BAD_SRTP_MKI_VALUE\0" + "BAD_SRTP_PROTECTION_PROFILE_LIST\0" + "BAD_SSL_FILETYPE\0" + "BAD_WRITE_RETRY\0" + "BIO_NOT_SET\0" + "CANNOT_SERIALIZE_PUBLIC_KEY\0" + "CA_DN_LENGTH_MISMATCH\0" + "CA_DN_TOO_LONG\0" + "CCS_RECEIVED_EARLY\0" + "CERTIFICATE_VERIFY_FAILED\0" + "CERT_CB_ERROR\0" + "CERT_LENGTH_MISMATCH\0" + "CHANNEL_ID_NOT_P256\0" + "CHANNEL_ID_SIGNATURE_INVALID\0" + "CIPHER_CODE_WRONG_LENGTH\0" + "CIPHER_OR_HASH_UNAVAILABLE\0" + "CLIENTHELLO_PARSE_FAILED\0" + "CLIENTHELLO_TLSEXT\0" + "CONNECTION_REJECTED\0" + "CONNECTION_TYPE_NOT_SET\0" + "COOKIE_MISMATCH\0" + "D2I_ECDSA_SIG\0" + "DATA_BETWEEN_CCS_AND_FINISHED\0" + "DATA_LENGTH_TOO_LONG\0" + "DECRYPTION_FAILED\0" + "DECRYPTION_FAILED_OR_BAD_RECORD_MAC\0" + "DH_PUBLIC_VALUE_LENGTH_IS_WRONG\0" + "DIGEST_CHECK_FAILED\0" + "DTLS_MESSAGE_TOO_BIG\0" + "ECC_CERT_NOT_FOR_SIGNING\0" + "EMPTY_SRTP_PROTECTION_PROFILE_LIST\0" + "ENCRYPTED_LENGTH_TOO_LONG\0" + "ERROR_IN_RECEIVED_CIPHER_LIST\0" + "EVP_DIGESTSIGNFINAL_FAILED\0" + "EVP_DIGESTSIGNINIT_FAILED\0" + "EXCESSIVE_MESSAGE_SIZE\0" + "EXTRA_DATA_IN_MESSAGE\0" + "FRAGMENT_MISMATCH\0" + "GOT_A_FIN_BEFORE_A_CCS\0" + "GOT_CHANNEL_ID_BEFORE_A_CCS\0" + "GOT_NEXT_PROTO_BEFORE_A_CCS\0" + "GOT_NEXT_PROTO_WITHOUT_EXTENSION\0" + "HANDSHAKE_FAILURE_ON_CLIENT_HELLO\0" + "HANDSHAKE_RECORD_BEFORE_CCS\0" + "HTTPS_PROXY_REQUEST\0" + "HTTP_REQUEST\0" + "INAPPROPRIATE_FALLBACK\0" + "INVALID_COMMAND\0" + "INVALID_MESSAGE\0" + "INVALID_SSL_SESSION\0" + "INVALID_TICKET_KEYS_LENGTH\0" + "LENGTH_MISMATCH\0" + "LIBRARY_HAS_NO_CIPHERS\0" + "MISSING_DH_KEY\0" + "MISSING_ECDSA_SIGNING_CERT\0" + "MISSING_RSA_CERTIFICATE\0" + "MISSING_RSA_ENCRYPTING_CERT\0" + "MISSING_RSA_SIGNING_CERT\0" + "MISSING_TMP_DH_KEY\0" + "MISSING_TMP_ECDH_KEY\0" + "MIXED_SPECIAL_OPERATOR_WITH_GROUPS\0" + "MTU_TOO_SMALL\0" + "NESTED_GROUP\0" + "NO_CERTIFICATES_RETURNED\0" + "NO_CERTIFICATE_ASSIGNED\0" + "NO_CERTIFICATE_SET\0" + "NO_CIPHERS_AVAILABLE\0" + "NO_CIPHERS_PASSED\0" + "NO_CIPHERS_SPECIFIED\0" + "NO_CIPHER_MATCH\0" + "NO_COMPRESSION_SPECIFIED\0" + "NO_METHOD_SPECIFIED\0" + "NO_P256_SUPPORT\0" + "NO_PRIVATE_KEY_ASSIGNED\0" + "NO_RENEGOTIATION\0" + "NO_REQUIRED_DIGEST\0" + "NO_SHARED_CIPHER\0" + "NO_SHARED_SIGATURE_ALGORITHMS\0" + "NO_SRTP_PROFILES\0" + "NULL_SSL_CTX\0" + "NULL_SSL_METHOD_PASSED\0" + "OLD_SESSION_CIPHER_NOT_RETURNED\0" + "OLD_SESSION_VERSION_NOT_RETURNED\0" + "PACKET_LENGTH_TOO_LONG\0" + "PARSE_TLSEXT\0" + "PATH_TOO_LONG\0" + "PEER_DID_NOT_RETURN_A_CERTIFICATE\0" + "PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE\0" + "PROTOCOL_IS_SHUTDOWN\0" + "PSK_IDENTITY_NOT_FOUND\0" + "PSK_NO_CLIENT_CB\0" + "PSK_NO_SERVER_CB\0" + "READ_BIO_NOT_SET\0" + "READ_TIMEOUT_EXPIRED\0" + "RECORD_LENGTH_MISMATCH\0" + "RECORD_TOO_LARGE\0" + "RENEGOTIATE_EXT_TOO_LONG\0" + "RENEGOTIATION_ENCODING_ERR\0" + "RENEGOTIATION_MISMATCH\0" + "REQUIRED_CIPHER_MISSING\0" + "SCSV_RECEIVED_WHEN_RENEGOTIATING\0" + "SERVERHELLO_TLSEXT\0" + "SESSION_ID_CONTEXT_UNINITIALIZED\0" + "SESSION_MAY_NOT_BE_CREATED\0" + "SIGNATURE_ALGORITHMS_ERROR\0" + "SRTP_COULD_NOT_ALLOCATE_PROFILES\0" + "SRTP_PROTECTION_PROFILE_LIST_TOO_LONG\0" + "SRTP_UNKNOWN_PROTECTION_PROFILE\0" + "SSL3_EXT_INVALID_SERVERNAME\0" + "SSL3_EXT_INVALID_SERVERNAME_TYPE\0" + "SSLV3_ALERT_BAD_CERTIFICATE\0" + "SSLV3_ALERT_BAD_RECORD_MAC\0" + "SSLV3_ALERT_CERTIFICATE_EXPIRED\0" + "SSLV3_ALERT_CERTIFICATE_REVOKED\0" + "SSLV3_ALERT_CERTIFICATE_UNKNOWN\0" + "SSLV3_ALERT_CLOSE_NOTIFY\0" + "SSLV3_ALERT_DECOMPRESSION_FAILURE\0" + "SSLV3_ALERT_HANDSHAKE_FAILURE\0" + "SSLV3_ALERT_ILLEGAL_PARAMETER\0" + "SSLV3_ALERT_NO_CERTIFICATE\0" + "SSLV3_ALERT_UNEXPECTED_MESSAGE\0" + "SSLV3_ALERT_UNSUPPORTED_CERTIFICATE\0" + "SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION\0" + "SSL_HANDSHAKE_FAILURE\0" + "SSL_SESSION_ID_CALLBACK_FAILED\0" + "SSL_SESSION_ID_CONFLICT\0" + "SSL_SESSION_ID_CONTEXT_TOO_LONG\0" + "SSL_SESSION_ID_HAS_BAD_LENGTH\0" + "TLSV1_ALERT_ACCESS_DENIED\0" + "TLSV1_ALERT_DECODE_ERROR\0" + "TLSV1_ALERT_DECRYPTION_FAILED\0" + "TLSV1_ALERT_DECRYPT_ERROR\0" + "TLSV1_ALERT_EXPORT_RESTRICTION\0" + "TLSV1_ALERT_INAPPROPRIATE_FALLBACK\0" + "TLSV1_ALERT_INSUFFICIENT_SECURITY\0" + "TLSV1_ALERT_INTERNAL_ERROR\0" + "TLSV1_ALERT_NO_RENEGOTIATION\0" + "TLSV1_ALERT_PROTOCOL_VERSION\0" + "TLSV1_ALERT_RECORD_OVERFLOW\0" + "TLSV1_ALERT_UNKNOWN_CA\0" + "TLSV1_ALERT_USER_CANCELLED\0" + "TLSV1_BAD_CERTIFICATE_HASH_VALUE\0" + "TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE\0" + "TLSV1_CERTIFICATE_UNOBTAINABLE\0" + "TLSV1_UNRECOGNIZED_NAME\0" + "TLSV1_UNSUPPORTED_EXTENSION\0" + "TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER\0" + "TLS_ILLEGAL_EXPORTER_LABEL\0" + "TLS_INVALID_ECPOINTFORMAT_LIST\0" + "TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST\0" + "TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG\0" + "TOO_MANY_EMPTY_FRAGMENTS\0" + "UNABLE_TO_FIND_ECDH_PARAMETERS\0" + "UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS\0" + "UNEXPECTED_GROUP_CLOSE\0" + "UNEXPECTED_MESSAGE\0" + "UNEXPECTED_OPERATOR_IN_GROUP\0" + "UNEXPECTED_RECORD\0" + "UNKNOWN_ALERT_TYPE\0" + "UNKNOWN_CERTIFICATE_TYPE\0" + "UNKNOWN_CIPHER_RETURNED\0" + "UNKNOWN_CIPHER_TYPE\0" + "UNKNOWN_KEY_EXCHANGE_TYPE\0" + "UNKNOWN_PROTOCOL\0" + "UNKNOWN_SSL_VERSION\0" + "UNKNOWN_STATE\0" + "UNPROCESSED_HANDSHAKE_DATA\0" + "UNSAFE_LEGACY_RENEGOTIATION_DISABLED\0" + "UNSUPPORTED_COMPRESSION_ALGORITHM\0" + "UNSUPPORTED_ELLIPTIC_CURVE\0" + "UNSUPPORTED_PROTOCOL\0" + "UNSUPPORTED_SSL_VERSION\0" + "USE_SRTP_NOT_NEGOTIATED\0" + "WRONG_CERTIFICATE_TYPE\0" + "WRONG_CIPHER_RETURNED\0" + "WRONG_CURVE\0" + "WRONG_MESSAGE_TYPE\0" + "WRONG_SIGNATURE_TYPE\0" + "WRONG_SSL_VERSION\0" + "WRONG_VERSION_NUMBER\0" + "X509_LIB\0" + "X509_VERIFICATION_SETUP_PROBLEMS\0" + "AKID_MISMATCH\0" + "BAD_PKCS7_VERSION\0" + "BAD_X509_FILETYPE\0" + "BASE64_DECODE_ERROR\0" + "CANT_CHECK_DH_KEY\0" + "CERT_ALREADY_IN_HASH_TABLE\0" + "CRL_ALREADY_DELTA\0" + "CRL_VERIFY_FAILURE\0" + "IDP_MISMATCH\0" + "INVALID_DIRECTORY\0" + "INVALID_FIELD_NAME\0" + "INVALID_TRUST\0" + "ISSUER_MISMATCH\0" + "KEY_TYPE_MISMATCH\0" + "KEY_VALUES_MISMATCH\0" + "LOADING_CERT_DIR\0" + "LOADING_DEFAULTS\0" + "NEWER_CRL_NOT_NEWER\0" + "NOT_PKCS7_SIGNED_DATA\0" + "NO_CERTIFICATES_INCLUDED\0" + "NO_CERT_SET_FOR_US_TO_VERIFY\0" + "NO_CRLS_INCLUDED\0" + "NO_CRL_NUMBER\0" + "PUBLIC_KEY_DECODE_ERROR\0" + "PUBLIC_KEY_ENCODE_ERROR\0" + "SHOULD_RETRY\0" + "UNABLE_TO_FIND_PARAMETERS_IN_CHAIN\0" + "UNABLE_TO_GET_CERTS_PUBLIC_KEY\0" + "UNKNOWN_KEY_TYPE\0" + "UNKNOWN_PURPOSE_ID\0" + "UNKNOWN_TRUST_ID\0" + "WRONG_LOOKUP_TYPE\0" + "BAD_IP_ADDRESS\0" + "BAD_OBJECT\0" + "BN_DEC2BN_ERROR\0" + "BN_TO_ASN1_INTEGER_ERROR\0" + "CANNOT_FIND_FREE_FUNCTION\0" + "DIRNAME_ERROR\0" + "DISTPOINT_ALREADY_SET\0" + "DUPLICATE_ZONE_ID\0" + "ERROR_CONVERTING_ZONE\0" + "ERROR_CREATING_EXTENSION\0" + "ERROR_IN_EXTENSION\0" + "EXPECTED_A_SECTION_NAME\0" + "EXTENSION_EXISTS\0" + "EXTENSION_NAME_ERROR\0" + "EXTENSION_NOT_FOUND\0" + "EXTENSION_SETTING_NOT_SUPPORTED\0" + "EXTENSION_VALUE_ERROR\0" + "ILLEGAL_EMPTY_EXTENSION\0" + "ILLEGAL_HEX_DIGIT\0" + "INCORRECT_POLICY_SYNTAX_TAG\0" + "INVALID_BOOLEAN_STRING\0" + "INVALID_EXTENSION_STRING\0" + "INVALID_MULTIPLE_RDNS\0" + "INVALID_NAME\0" + "INVALID_NULL_ARGUMENT\0" + "INVALID_NULL_NAME\0" + "INVALID_NULL_VALUE\0" + "INVALID_NUMBERS\0" + "INVALID_OBJECT_IDENTIFIER\0" + "INVALID_OPTION\0" + "INVALID_POLICY_IDENTIFIER\0" + "INVALID_PROXY_POLICY_SETTING\0" + "INVALID_PURPOSE\0" + "INVALID_SECTION\0" + "INVALID_SYNTAX\0" + "ISSUER_DECODE_ERROR\0" + "NEED_ORGANIZATION_AND_NUMBERS\0" + "NO_CONFIG_DATABASE\0" + "NO_ISSUER_CERTIFICATE\0" + "NO_ISSUER_DETAILS\0" + "NO_POLICY_IDENTIFIER\0" + "NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED\0" + "NO_PUBLIC_KEY\0" + "NO_SUBJECT_DETAILS\0" + "ODD_NUMBER_OF_DIGITS\0" + "OPERATION_NOT_DEFINED\0" + "OTHERNAME_ERROR\0" + "POLICY_LANGUAGE_ALREADY_DEFINED\0" + "POLICY_PATH_LENGTH\0" + "POLICY_PATH_LENGTH_ALREADY_DEFINED\0" + "POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY\0" + "SECTION_NOT_FOUND\0" + "UNABLE_TO_GET_ISSUER_DETAILS\0" + "UNABLE_TO_GET_ISSUER_KEYID\0" + "UNKNOWN_BIT_STRING_ARGUMENT\0" + "UNKNOWN_EXTENSION\0" + "UNKNOWN_EXTENSION_NAME\0" + "UNKNOWN_OPTION\0" + "UNSUPPORTED_OPTION\0" + "USER_TOO_LONG\0" + ""; + diff --git a/linux-aarch64/crypto/aes/aesv8-armx.S b/linux-aarch64/crypto/aes/aesv8-armx.S index e7ae46f..9c63291 100644 --- a/linux-aarch64/crypto/aes/aesv8-armx.S +++ b/linux-aarch64/crypto/aes/aesv8-armx.S @@ -6,7 +6,7 @@ .arch armv8-a+crypto #endif .align 5 -rcon: +.Lrcon: .long 0x01,0x01,0x01,0x01 .long 0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d // rotate-n-splat .long 0x1b,0x1b,0x1b,0x1b @@ -31,7 +31,7 @@ aes_v8_set_encrypt_key: tst w1,#0x3f b.ne .Lenc_key_abort - adr x3,rcon + adr x3,.Lrcon cmp w1,#192 eor v0.16b,v0.16b,v0.16b @@ -55,7 +55,7 @@ aes_v8_set_encrypt_key: ext v5.16b,v0.16b,v5.16b,#12 eor v3.16b,v3.16b,v5.16b ext v5.16b,v0.16b,v5.16b,#12 - eor v6.16b,v6.16b,v1.16b + eor v6.16b,v6.16b,v1.16b eor v3.16b,v3.16b,v5.16b shl v1.16b,v1.16b,#1 eor v3.16b,v3.16b,v6.16b @@ -72,7 +72,7 @@ aes_v8_set_encrypt_key: ext v5.16b,v0.16b,v5.16b,#12 eor v3.16b,v3.16b,v5.16b ext v5.16b,v0.16b,v5.16b,#12 - eor v6.16b,v6.16b,v1.16b + eor v6.16b,v6.16b,v1.16b eor v3.16b,v3.16b,v5.16b shl v1.16b,v1.16b,#1 eor v3.16b,v3.16b,v6.16b @@ -86,7 +86,7 @@ aes_v8_set_encrypt_key: ext v5.16b,v0.16b,v5.16b,#12 eor v3.16b,v3.16b,v5.16b ext v5.16b,v0.16b,v5.16b,#12 - eor v6.16b,v6.16b,v1.16b + eor v6.16b,v6.16b,v1.16b eor v3.16b,v3.16b,v5.16b eor v3.16b,v3.16b,v6.16b st1 {v3.4s},[x2] @@ -117,7 +117,7 @@ aes_v8_set_encrypt_key: dup v5.4s,v3.s[3] eor v5.16b,v5.16b,v4.16b - eor v6.16b,v6.16b,v1.16b + eor v6.16b,v6.16b,v1.16b ext v4.16b,v0.16b,v4.16b,#12 shl v1.16b,v1.16b,#1 eor v4.16b,v4.16b,v5.16b @@ -148,7 +148,7 @@ aes_v8_set_encrypt_key: ext v5.16b,v0.16b,v5.16b,#12 eor v3.16b,v3.16b,v5.16b ext v5.16b,v0.16b,v5.16b,#12 - eor v6.16b,v6.16b,v1.16b + eor v6.16b,v6.16b,v1.16b eor v3.16b,v3.16b,v5.16b shl v1.16b,v1.16b,#1 eor v3.16b,v3.16b,v6.16b @@ -229,17 +229,17 @@ aes_v8_encrypt: .Loop_enc: aese v2.16b,v0.16b - ld1 {v0.4s},[x2],#16 aesmc v2.16b,v2.16b + ld1 {v0.4s},[x2],#16 subs w3,w3,#2 aese v2.16b,v1.16b - ld1 {v1.4s},[x2],#16 aesmc v2.16b,v2.16b + ld1 {v1.4s},[x2],#16 b.gt .Loop_enc aese v2.16b,v0.16b - ld1 {v0.4s},[x2] aesmc v2.16b,v2.16b + ld1 {v0.4s},[x2] aese v2.16b,v1.16b eor v2.16b,v2.16b,v0.16b @@ -258,17 +258,17 @@ aes_v8_decrypt: .Loop_dec: aesd v2.16b,v0.16b - ld1 {v0.4s},[x2],#16 aesimc v2.16b,v2.16b + ld1 {v0.4s},[x2],#16 subs w3,w3,#2 aesd v2.16b,v1.16b - ld1 {v1.4s},[x2],#16 aesimc v2.16b,v2.16b + ld1 {v1.4s},[x2],#16 b.gt .Loop_dec aesd v2.16b,v0.16b - ld1 {v0.4s},[x2] aesimc v2.16b,v2.16b + ld1 {v0.4s},[x2] aesd v2.16b,v1.16b eor v2.16b,v2.16b,v0.16b @@ -292,13 +292,13 @@ aes_v8_cbc_encrypt: ld1 {v6.16b},[x4] ld1 {v0.16b},[x0],x8 - ld1 {v16.4s-v17.4s},[x3] // load key schedule... + ld1 {v16.4s,v17.4s},[x3] // load key schedule... sub w5,w5,#6 add x7,x3,x5,lsl#4 // pointer to last 7 round keys sub w5,w5,#2 - ld1 {v18.4s-v19.4s},[x7],#32 - ld1 {v20.4s-v21.4s},[x7],#32 - ld1 {v22.4s-v23.4s},[x7],#32 + ld1 {v18.4s,v19.4s},[x7],#32 + ld1 {v20.4s,v21.4s},[x7],#32 + ld1 {v22.4s,v23.4s},[x7],#32 ld1 {v7.4s},[x7] add x7,x3,#32 @@ -310,76 +310,99 @@ aes_v8_cbc_encrypt: eor v5.16b,v16.16b,v7.16b b.eq .Lcbc_enc128 + ld1 {v2.4s,v3.4s},[x7] + add x7,x3,#16 + add x6,x3,#16*4 + add x12,x3,#16*5 + aese v0.16b,v16.16b + aesmc v0.16b,v0.16b + add x14,x3,#16*6 + add x3,x3,#16*7 + b .Lenter_cbc_enc + +.align 4 .Loop_cbc_enc: aese v0.16b,v16.16b - ld1 {v16.4s},[x7],#16 aesmc v0.16b,v0.16b - subs w6,w6,#2 + st1 {v6.16b},[x1],#16 +.Lenter_cbc_enc: aese v0.16b,v17.16b - ld1 {v17.4s},[x7],#16 aesmc v0.16b,v0.16b - b.gt .Loop_cbc_enc + aese v0.16b,v2.16b + aesmc v0.16b,v0.16b + ld1 {v16.4s},[x6] + cmp w5,#4 + aese v0.16b,v3.16b + aesmc v0.16b,v0.16b + ld1 {v17.4s},[x12] + b.eq .Lcbc_enc192 aese v0.16b,v16.16b aesmc v0.16b,v0.16b - subs x2,x2,#16 + ld1 {v16.4s},[x14] aese v0.16b,v17.16b aesmc v0.16b,v0.16b - csel x8,xzr,x8,eq + ld1 {v17.4s},[x3] + nop + +.Lcbc_enc192: + aese v0.16b,v16.16b + aesmc v0.16b,v0.16b + subs x2,x2,#16 + aese v0.16b,v17.16b + aesmc v0.16b,v0.16b + csel x8,xzr,x8,eq aese v0.16b,v18.16b aesmc v0.16b,v0.16b - add x7,x3,#16 aese v0.16b,v19.16b aesmc v0.16b,v0.16b - ld1 {v16.16b},[x0],x8 + ld1 {v16.16b},[x0],x8 aese v0.16b,v20.16b aesmc v0.16b,v0.16b - eor v16.16b,v16.16b,v5.16b + eor v16.16b,v16.16b,v5.16b aese v0.16b,v21.16b aesmc v0.16b,v0.16b - ld1 {v17.4s},[x7],#16 // re-pre-load rndkey[1] + ld1 {v17.4s},[x7] // re-pre-load rndkey[1] aese v0.16b,v22.16b aesmc v0.16b,v0.16b aese v0.16b,v23.16b - - mov w6,w5 eor v6.16b,v0.16b,v7.16b - st1 {v6.16b},[x1],#16 b.hs .Loop_cbc_enc + st1 {v6.16b},[x1],#16 b .Lcbc_done .align 5 .Lcbc_enc128: - ld1 {v2.4s-v3.4s},[x7] + ld1 {v2.4s,v3.4s},[x7] aese v0.16b,v16.16b aesmc v0.16b,v0.16b b .Lenter_cbc_enc128 .Loop_cbc_enc128: aese v0.16b,v16.16b aesmc v0.16b,v0.16b - st1 {v6.16b},[x1],#16 + st1 {v6.16b},[x1],#16 .Lenter_cbc_enc128: aese v0.16b,v17.16b aesmc v0.16b,v0.16b - subs x2,x2,#16 + subs x2,x2,#16 aese v0.16b,v2.16b aesmc v0.16b,v0.16b - csel x8,xzr,x8,eq + csel x8,xzr,x8,eq aese v0.16b,v3.16b aesmc v0.16b,v0.16b aese v0.16b,v18.16b aesmc v0.16b,v0.16b aese v0.16b,v19.16b aesmc v0.16b,v0.16b - ld1 {v16.16b},[x0],x8 + ld1 {v16.16b},[x0],x8 aese v0.16b,v20.16b aesmc v0.16b,v0.16b aese v0.16b,v21.16b aesmc v0.16b,v0.16b aese v0.16b,v22.16b aesmc v0.16b,v0.16b - eor v16.16b,v16.16b,v5.16b + eor v16.16b,v16.16b,v5.16b aese v0.16b,v23.16b eor v6.16b,v0.16b,v7.16b b.hs .Loop_cbc_enc128 @@ -404,81 +427,80 @@ aes_v8_cbc_encrypt: .Loop3x_cbc_dec: aesd v0.16b,v16.16b - aesd v1.16b,v16.16b - aesd v18.16b,v16.16b - ld1 {v16.4s},[x7],#16 aesimc v0.16b,v0.16b + aesd v1.16b,v16.16b aesimc v1.16b,v1.16b + aesd v18.16b,v16.16b aesimc v18.16b,v18.16b + ld1 {v16.4s},[x7],#16 subs w6,w6,#2 aesd v0.16b,v17.16b - aesd v1.16b,v17.16b - aesd v18.16b,v17.16b - ld1 {v17.4s},[x7],#16 aesimc v0.16b,v0.16b + aesd v1.16b,v17.16b aesimc v1.16b,v1.16b + aesd v18.16b,v17.16b aesimc v18.16b,v18.16b + ld1 {v17.4s},[x7],#16 b.gt .Loop3x_cbc_dec aesd v0.16b,v16.16b - aesd v1.16b,v16.16b - aesd v18.16b,v16.16b - eor v4.16b,v6.16b,v7.16b aesimc v0.16b,v0.16b + aesd v1.16b,v16.16b aesimc v1.16b,v1.16b + aesd v18.16b,v16.16b aesimc v18.16b,v18.16b - eor v5.16b,v2.16b,v7.16b + eor v4.16b,v6.16b,v7.16b + subs x2,x2,#0x30 + eor v5.16b,v2.16b,v7.16b + csel x6,x2,x6,lo // x6, w6, is zero at this point aesd v0.16b,v17.16b - aesd v1.16b,v17.16b - aesd v18.16b,v17.16b - eor v17.16b,v3.16b,v7.16b - subs x2,x2,#0x30 aesimc v0.16b,v0.16b + aesd v1.16b,v17.16b aesimc v1.16b,v1.16b + aesd v18.16b,v17.16b aesimc v18.16b,v18.16b - orr v6.16b,v19.16b,v19.16b - csel x6,x2,x6,lo // x6, w6, is zero at this point - aesd v0.16b,v20.16b - aesd v1.16b,v20.16b - aesd v18.16b,v20.16b - add x0,x0,x6 // x0 is adjusted in such way that + eor v17.16b,v3.16b,v7.16b + add x0,x0,x6 // x0 is adjusted in such way that // at exit from the loop v1.16b-v18.16b // are loaded with last "words" + orr v6.16b,v19.16b,v19.16b + mov x7,x3 + aesd v0.16b,v20.16b aesimc v0.16b,v0.16b + aesd v1.16b,v20.16b aesimc v1.16b,v1.16b + aesd v18.16b,v20.16b aesimc v18.16b,v18.16b - mov x7,x3 + ld1 {v2.16b},[x0],#16 aesd v0.16b,v21.16b - aesd v1.16b,v21.16b - aesd v18.16b,v21.16b - ld1 {v2.16b},[x0],#16 aesimc v0.16b,v0.16b + aesd v1.16b,v21.16b aesimc v1.16b,v1.16b + aesd v18.16b,v21.16b aesimc v18.16b,v18.16b - ld1 {v3.16b},[x0],#16 + ld1 {v3.16b},[x0],#16 aesd v0.16b,v22.16b - aesd v1.16b,v22.16b - aesd v18.16b,v22.16b - ld1 {v19.16b},[x0],#16 aesimc v0.16b,v0.16b + aesd v1.16b,v22.16b aesimc v1.16b,v1.16b + aesd v18.16b,v22.16b aesimc v18.16b,v18.16b - ld1 {v16.4s},[x7],#16 // re-pre-load rndkey[0] + ld1 {v19.16b},[x0],#16 aesd v0.16b,v23.16b aesd v1.16b,v23.16b aesd v18.16b,v23.16b - - add w6,w5,#2 + ld1 {v16.4s},[x7],#16 // re-pre-load rndkey[0] + add w6,w5,#2 eor v4.16b,v4.16b,v0.16b eor v5.16b,v5.16b,v1.16b eor v18.16b,v18.16b,v17.16b - ld1 {v17.4s},[x7],#16 // re-pre-load rndkey[1] - orr v0.16b,v2.16b,v2.16b + ld1 {v17.4s},[x7],#16 // re-pre-load rndkey[1] st1 {v4.16b},[x1],#16 - orr v1.16b,v3.16b,v3.16b + orr v0.16b,v2.16b,v2.16b st1 {v5.16b},[x1],#16 + orr v1.16b,v3.16b,v3.16b st1 {v18.16b},[x1],#16 - orr v18.16b,v19.16b,v19.16b + orr v18.16b,v19.16b,v19.16b b.hs .Loop3x_cbc_dec cmn x2,#0x30 @@ -487,54 +509,54 @@ aes_v8_cbc_encrypt: .Lcbc_dec_tail: aesd v1.16b,v16.16b - aesd v18.16b,v16.16b - ld1 {v16.4s},[x7],#16 aesimc v1.16b,v1.16b + aesd v18.16b,v16.16b aesimc v18.16b,v18.16b + ld1 {v16.4s},[x7],#16 subs w6,w6,#2 aesd v1.16b,v17.16b - aesd v18.16b,v17.16b - ld1 {v17.4s},[x7],#16 aesimc v1.16b,v1.16b + aesd v18.16b,v17.16b aesimc v18.16b,v18.16b + ld1 {v17.4s},[x7],#16 b.gt .Lcbc_dec_tail aesd v1.16b,v16.16b - aesd v18.16b,v16.16b aesimc v1.16b,v1.16b + aesd v18.16b,v16.16b aesimc v18.16b,v18.16b aesd v1.16b,v17.16b - aesd v18.16b,v17.16b aesimc v1.16b,v1.16b + aesd v18.16b,v17.16b aesimc v18.16b,v18.16b aesd v1.16b,v20.16b - aesd v18.16b,v20.16b aesimc v1.16b,v1.16b + aesd v18.16b,v20.16b aesimc v18.16b,v18.16b - cmn x2,#0x20 + cmn x2,#0x20 aesd v1.16b,v21.16b - aesd v18.16b,v21.16b aesimc v1.16b,v1.16b + aesd v18.16b,v21.16b aesimc v18.16b,v18.16b - eor v5.16b,v6.16b,v7.16b + eor v5.16b,v6.16b,v7.16b aesd v1.16b,v22.16b - aesd v18.16b,v22.16b aesimc v1.16b,v1.16b + aesd v18.16b,v22.16b aesimc v18.16b,v18.16b - eor v17.16b,v3.16b,v7.16b + eor v17.16b,v3.16b,v7.16b aesd v1.16b,v23.16b aesd v18.16b,v23.16b b.eq .Lcbc_dec_one eor v5.16b,v5.16b,v1.16b eor v17.16b,v17.16b,v18.16b - orr v6.16b,v19.16b,v19.16b + orr v6.16b,v19.16b,v19.16b st1 {v5.16b},[x1],#16 st1 {v17.16b},[x1],#16 b .Lcbc_done .Lcbc_dec_one: eor v5.16b,v5.16b,v18.16b - orr v6.16b,v19.16b,v19.16b + orr v6.16b,v19.16b,v19.16b st1 {v5.16b},[x1],#16 .Lcbc_done: @@ -547,181 +569,181 @@ aes_v8_cbc_encrypt: .type aes_v8_ctr32_encrypt_blocks,%function .align 5 aes_v8_ctr32_encrypt_blocks: - stp x29,x30,[sp,#-16]! - add x29,sp,#0 - ldr w5,[x3,#240] - - ldr w8, [x4, #12] - ld1 {v0.4s},[x4] - - ld1 {v16.4s-v17.4s},[x3] // load key schedule... - sub w5,w5,#4 - mov x12,#16 - cmp x2,#2 - add x7,x3,x5,lsl#4 // pointer to last 5 round keys - sub w5,w5,#2 - ld1 {v20.4s-v21.4s},[x7],#32 - ld1 {v22.4s-v23.4s},[x7],#32 - ld1 {v7.4s},[x7] - add x7,x3,#32 - mov w6,w5 + stp x29,x30,[sp,#-16]! + add x29,sp,#0 + ldr w5,[x3,#240] + + ldr w8, [x4, #12] + ld1 {v0.4s},[x4] + + ld1 {v16.4s,v17.4s},[x3] // load key schedule... + sub w5,w5,#4 + mov x12,#16 + cmp x2,#2 + add x7,x3,x5,lsl#4 // pointer to last 5 round keys + sub w5,w5,#2 + ld1 {v20.4s,v21.4s},[x7],#32 + ld1 {v22.4s,v23.4s},[x7],#32 + ld1 {v7.4s},[x7] + add x7,x3,#32 + mov w6,w5 csel x12,xzr,x12,lo #ifndef __ARMEB__ - rev w8, w8 + rev w8, w8 #endif - orr v1.16b,v0.16b,v0.16b - add w10, w8, #1 - orr v18.16b,v0.16b,v0.16b - add w8, w8, #2 - orr v6.16b,v0.16b,v0.16b - rev w10, w10 - mov v1.s[3],w10 - b.ls .Lctr32_tail - rev w12, w8 - sub x2,x2,#3 // bias - mov v18.s[3],w12 - b .Loop3x_ctr32 + orr v1.16b,v0.16b,v0.16b + add w10, w8, #1 + orr v18.16b,v0.16b,v0.16b + add w8, w8, #2 + orr v6.16b,v0.16b,v0.16b + rev w10, w10 + mov v1.s[3],w10 + b.ls .Lctr32_tail + rev w12, w8 + sub x2,x2,#3 // bias + mov v18.s[3],w12 + b .Loop3x_ctr32 .align 4 .Loop3x_ctr32: - aese v0.16b,v16.16b - aese v1.16b,v16.16b - aese v18.16b,v16.16b - ld1 {v16.4s},[x7],#16 - aesmc v0.16b,v0.16b - aesmc v1.16b,v1.16b - aesmc v18.16b,v18.16b - subs w6,w6,#2 - aese v0.16b,v17.16b - aese v1.16b,v17.16b - aese v18.16b,v17.16b - ld1 {v17.4s},[x7],#16 - aesmc v0.16b,v0.16b - aesmc v1.16b,v1.16b - aesmc v18.16b,v18.16b - b.gt .Loop3x_ctr32 - - aese v0.16b,v16.16b - aese v1.16b,v16.16b - aese v18.16b,v16.16b - mov x7,x3 - aesmc v4.16b,v0.16b - ld1 {v2.16b},[x0],#16 - aesmc v5.16b,v1.16b - aesmc v18.16b,v18.16b - orr v0.16b,v6.16b,v6.16b - aese v4.16b,v17.16b - ld1 {v3.16b},[x0],#16 - aese v5.16b,v17.16b - aese v18.16b,v17.16b - orr v1.16b,v6.16b,v6.16b - aesmc v4.16b,v4.16b - ld1 {v19.16b},[x0],#16 - aesmc v5.16b,v5.16b - aesmc v17.16b,v18.16b - orr v18.16b,v6.16b,v6.16b - add w9,w8,#1 - aese v4.16b,v20.16b - aese v5.16b,v20.16b - aese v17.16b,v20.16b - eor v2.16b,v2.16b,v7.16b - add w10,w8,#2 - aesmc v4.16b,v4.16b - aesmc v5.16b,v5.16b - aesmc v17.16b,v17.16b - eor v3.16b,v3.16b,v7.16b - add w8,w8,#3 - aese v4.16b,v21.16b - aese v5.16b,v21.16b - aese v17.16b,v21.16b - eor v19.16b,v19.16b,v7.16b - rev w9,w9 - aesmc v4.16b,v4.16b - ld1 {v16.4s},[x7],#16 // re-pre-load rndkey[0] - aesmc v5.16b,v5.16b - aesmc v17.16b,v17.16b - mov v0.s[3], w9 - rev w10,w10 - aese v4.16b,v22.16b - aese v5.16b,v22.16b - aese v17.16b,v22.16b - mov v1.s[3], w10 - rev w12,w8 - aesmc v4.16b,v4.16b - aesmc v5.16b,v5.16b - aesmc v17.16b,v17.16b - mov v18.s[3], w12 - subs x2,x2,#3 - aese v4.16b,v23.16b - aese v5.16b,v23.16b - aese v17.16b,v23.16b - - mov w6,w5 - eor v2.16b,v2.16b,v4.16b - eor v3.16b,v3.16b,v5.16b - eor v19.16b,v19.16b,v17.16b - ld1 {v17.4s},[x7],#16 // re-pre-load rndkey[1] - st1 {v2.16b},[x1],#16 - st1 {v3.16b},[x1],#16 - st1 {v19.16b},[x1],#16 - b.hs .Loop3x_ctr32 - - adds x2,x2,#3 - b.eq .Lctr32_done - cmp x2,#1 - mov x12,#16 + aese v0.16b,v16.16b + aesmc v0.16b,v0.16b + aese v1.16b,v16.16b + aesmc v1.16b,v1.16b + aese v18.16b,v16.16b + aesmc v18.16b,v18.16b + ld1 {v16.4s},[x7],#16 + subs w6,w6,#2 + aese v0.16b,v17.16b + aesmc v0.16b,v0.16b + aese v1.16b,v17.16b + aesmc v1.16b,v1.16b + aese v18.16b,v17.16b + aesmc v18.16b,v18.16b + ld1 {v17.4s},[x7],#16 + b.gt .Loop3x_ctr32 + + aese v0.16b,v16.16b + aesmc v4.16b,v0.16b + aese v1.16b,v16.16b + aesmc v5.16b,v1.16b + ld1 {v2.16b},[x0],#16 + orr v0.16b,v6.16b,v6.16b + aese v18.16b,v16.16b + aesmc v18.16b,v18.16b + ld1 {v3.16b},[x0],#16 + orr v1.16b,v6.16b,v6.16b + aese v4.16b,v17.16b + aesmc v4.16b,v4.16b + aese v5.16b,v17.16b + aesmc v5.16b,v5.16b + ld1 {v19.16b},[x0],#16 + mov x7,x3 + aese v18.16b,v17.16b + aesmc v17.16b,v18.16b + orr v18.16b,v6.16b,v6.16b + add w9,w8,#1 + aese v4.16b,v20.16b + aesmc v4.16b,v4.16b + aese v5.16b,v20.16b + aesmc v5.16b,v5.16b + eor v2.16b,v2.16b,v7.16b + add w10,w8,#2 + aese v17.16b,v20.16b + aesmc v17.16b,v17.16b + eor v3.16b,v3.16b,v7.16b + add w8,w8,#3 + aese v4.16b,v21.16b + aesmc v4.16b,v4.16b + aese v5.16b,v21.16b + aesmc v5.16b,v5.16b + eor v19.16b,v19.16b,v7.16b + rev w9,w9 + aese v17.16b,v21.16b + aesmc v17.16b,v17.16b + mov v0.s[3], w9 + rev w10,w10 + aese v4.16b,v22.16b + aesmc v4.16b,v4.16b + aese v5.16b,v22.16b + aesmc v5.16b,v5.16b + mov v1.s[3], w10 + rev w12,w8 + aese v17.16b,v22.16b + aesmc v17.16b,v17.16b + mov v18.s[3], w12 + subs x2,x2,#3 + aese v4.16b,v23.16b + aese v5.16b,v23.16b + aese v17.16b,v23.16b + + eor v2.16b,v2.16b,v4.16b + ld1 {v16.4s},[x7],#16 // re-pre-load rndkey[0] + st1 {v2.16b},[x1],#16 + eor v3.16b,v3.16b,v5.16b + mov w6,w5 + st1 {v3.16b},[x1],#16 + eor v19.16b,v19.16b,v17.16b + ld1 {v17.4s},[x7],#16 // re-pre-load rndkey[1] + st1 {v19.16b},[x1],#16 + b.hs .Loop3x_ctr32 + + adds x2,x2,#3 + b.eq .Lctr32_done + cmp x2,#1 + mov x12,#16 csel x12,xzr,x12,eq .Lctr32_tail: - aese v0.16b,v16.16b - aese v1.16b,v16.16b - ld1 {v16.4s},[x7],#16 - aesmc v0.16b,v0.16b - aesmc v1.16b,v1.16b - subs w6,w6,#2 - aese v0.16b,v17.16b - aese v1.16b,v17.16b - ld1 {v17.4s},[x7],#16 - aesmc v0.16b,v0.16b - aesmc v1.16b,v1.16b - b.gt .Lctr32_tail - - aese v0.16b,v16.16b - aese v1.16b,v16.16b - aesmc v0.16b,v0.16b - aesmc v1.16b,v1.16b - aese v0.16b,v17.16b - aese v1.16b,v17.16b - aesmc v0.16b,v0.16b - aesmc v1.16b,v1.16b - ld1 {v2.16b},[x0],x12 - aese v0.16b,v20.16b - aese v1.16b,v20.16b - ld1 {v3.16b},[x0] - aesmc v0.16b,v0.16b - aesmc v1.16b,v1.16b - aese v0.16b,v21.16b - aese v1.16b,v21.16b - aesmc v0.16b,v0.16b - aesmc v1.16b,v1.16b - aese v0.16b,v22.16b - aese v1.16b,v22.16b - eor v2.16b,v2.16b,v7.16b - aesmc v0.16b,v0.16b - aesmc v1.16b,v1.16b - eor v3.16b,v3.16b,v7.16b - aese v0.16b,v23.16b - aese v1.16b,v23.16b - - cmp x2,#1 - eor v2.16b,v2.16b,v0.16b - eor v3.16b,v3.16b,v1.16b - st1 {v2.16b},[x1],#16 - b.eq .Lctr32_done - st1 {v3.16b},[x1] + aese v0.16b,v16.16b + aesmc v0.16b,v0.16b + aese v1.16b,v16.16b + aesmc v1.16b,v1.16b + ld1 {v16.4s},[x7],#16 + subs w6,w6,#2 + aese v0.16b,v17.16b + aesmc v0.16b,v0.16b + aese v1.16b,v17.16b + aesmc v1.16b,v1.16b + ld1 {v17.4s},[x7],#16 + b.gt .Lctr32_tail + + aese v0.16b,v16.16b + aesmc v0.16b,v0.16b + aese v1.16b,v16.16b + aesmc v1.16b,v1.16b + aese v0.16b,v17.16b + aesmc v0.16b,v0.16b + aese v1.16b,v17.16b + aesmc v1.16b,v1.16b + ld1 {v2.16b},[x0],x12 + aese v0.16b,v20.16b + aesmc v0.16b,v0.16b + aese v1.16b,v20.16b + aesmc v1.16b,v1.16b + ld1 {v3.16b},[x0] + aese v0.16b,v21.16b + aesmc v0.16b,v0.16b + aese v1.16b,v21.16b + aesmc v1.16b,v1.16b + eor v2.16b,v2.16b,v7.16b + aese v0.16b,v22.16b + aesmc v0.16b,v0.16b + aese v1.16b,v22.16b + aesmc v1.16b,v1.16b + eor v3.16b,v3.16b,v7.16b + aese v0.16b,v23.16b + aese v1.16b,v23.16b + + cmp x2,#1 + eor v2.16b,v2.16b,v0.16b + eor v3.16b,v3.16b,v1.16b + st1 {v2.16b},[x1],#16 + b.eq .Lctr32_done + st1 {v3.16b},[x1] .Lctr32_done: - ldr x29,[sp],#16 + ldr x29,[sp],#16 ret .size aes_v8_ctr32_encrypt_blocks,.-aes_v8_ctr32_encrypt_blocks #endif diff --git a/linux-aarch64/crypto/modes/ghashv8-armx.S b/linux-aarch64/crypto/modes/ghashv8-armx.S index 565146e..ad19074 100644 --- a/linux-aarch64/crypto/modes/ghashv8-armx.S +++ b/linux-aarch64/crypto/modes/ghashv8-armx.S @@ -4,114 +4,227 @@ #if !defined(__clang__) .arch armv8-a+crypto #endif -.global gcm_init_v8 +.globl gcm_init_v8 .type gcm_init_v8,%function .align 4 gcm_init_v8: - ld1 {v17.2d},[x1] //load H - movi v16.16b,#0xe1 - ext v3.16b,v17.16b,v17.16b,#8 - shl v16.2d,v16.2d,#57 - ushr v18.2d,v16.2d,#63 - ext v16.16b,v18.16b,v16.16b,#8 //t0=0xc2....01 - dup v17.4s,v17.s[1] - ushr v19.2d,v3.2d,#63 + ld1 {v17.2d},[x1] //load input H + movi v19.16b,#0xe1 + shl v19.2d,v19.2d,#57 //0xc2.0 + ext v3.16b,v17.16b,v17.16b,#8 + ushr v18.2d,v19.2d,#63 + dup v17.4s,v17.s[1] + ext v16.16b,v18.16b,v19.16b,#8 //t0=0xc2....01 + ushr v18.2d,v3.2d,#63 sshr v17.4s,v17.4s,#31 //broadcast carry bit - and v19.16b,v19.16b,v16.16b + and v18.16b,v18.16b,v16.16b shl v3.2d,v3.2d,#1 - ext v19.16b,v19.16b,v19.16b,#8 - and v16.16b,v16.16b,v17.16b - orr v3.16b,v3.16b,v19.16b //H<<<=1 - eor v3.16b,v3.16b,v16.16b //twisted H - st1 {v3.2d},[x0] + ext v18.16b,v18.16b,v18.16b,#8 + and v16.16b,v16.16b,v17.16b + orr v3.16b,v3.16b,v18.16b //H<<<=1 + eor v20.16b,v3.16b,v16.16b //twisted H + st1 {v20.2d},[x0],#16 //store Htable[0] + + //calculate H^2 + ext v16.16b,v20.16b,v20.16b,#8 //Karatsuba pre-processing + pmull v0.1q,v20.1d,v20.1d + eor v16.16b,v16.16b,v20.16b + pmull2 v2.1q,v20.2d,v20.2d + pmull v1.1q,v16.1d,v16.1d + + ext v17.16b,v0.16b,v2.16b,#8 //Karatsuba post-processing + eor v18.16b,v0.16b,v2.16b + eor v1.16b,v1.16b,v17.16b + eor v1.16b,v1.16b,v18.16b + pmull v18.1q,v0.1d,v19.1d //1st phase + + ins v2.d[0],v1.d[1] + ins v1.d[1],v0.d[0] + eor v0.16b,v1.16b,v18.16b + + ext v18.16b,v0.16b,v0.16b,#8 //2nd phase + pmull v0.1q,v0.1d,v19.1d + eor v18.16b,v18.16b,v2.16b + eor v22.16b,v0.16b,v18.16b + + ext v17.16b,v22.16b,v22.16b,#8 //Karatsuba pre-processing + eor v17.16b,v17.16b,v22.16b + ext v21.16b,v16.16b,v17.16b,#8 //pack Karatsuba pre-processed + st1 {v21.2d,v22.2d},[x0] //store Htable[1..2] ret .size gcm_init_v8,.-gcm_init_v8 - -.global gcm_gmult_v8 +.globl gcm_gmult_v8 .type gcm_gmult_v8,%function .align 4 gcm_gmult_v8: - ld1 {v17.2d},[x0] //load Xi - movi v19.16b,#0xe1 - ld1 {v20.2d},[x1] //load twisted H + ld1 {v17.2d},[x0] //load Xi + movi v19.16b,#0xe1 + ld1 {v20.2d,v21.2d},[x1] //load twisted H, ... shl v19.2d,v19.2d,#57 #ifndef __ARMEB__ rev64 v17.16b,v17.16b #endif - ext v21.16b,v20.16b,v20.16b,#8 - mov x3,#0 - ext v3.16b,v17.16b,v17.16b,#8 - mov x12,#0 - eor v21.16b,v21.16b,v20.16b //Karatsuba pre-processing - mov x2,x0 - b .Lgmult_v8 -.size gcm_gmult_v8,.-gcm_gmult_v8 + ext v3.16b,v17.16b,v17.16b,#8 + + pmull v0.1q,v20.1d,v3.1d //H.lo·Xi.lo + eor v17.16b,v17.16b,v3.16b //Karatsuba pre-processing + pmull2 v2.1q,v20.2d,v3.2d //H.hi·Xi.hi + pmull v1.1q,v21.1d,v17.1d //(H.lo+H.hi)·(Xi.lo+Xi.hi) + + ext v17.16b,v0.16b,v2.16b,#8 //Karatsuba post-processing + eor v18.16b,v0.16b,v2.16b + eor v1.16b,v1.16b,v17.16b + eor v1.16b,v1.16b,v18.16b + pmull v18.1q,v0.1d,v19.1d //1st phase of reduction + + ins v2.d[0],v1.d[1] + ins v1.d[1],v0.d[0] + eor v0.16b,v1.16b,v18.16b + + ext v18.16b,v0.16b,v0.16b,#8 //2nd phase of reduction + pmull v0.1q,v0.1d,v19.1d + eor v18.16b,v18.16b,v2.16b + eor v0.16b,v0.16b,v18.16b -.global gcm_ghash_v8 +#ifndef __ARMEB__ + rev64 v0.16b,v0.16b +#endif + ext v0.16b,v0.16b,v0.16b,#8 + st1 {v0.2d},[x0] //write out Xi + + ret +.size gcm_gmult_v8,.-gcm_gmult_v8 +.globl gcm_ghash_v8 .type gcm_ghash_v8,%function .align 4 gcm_ghash_v8: - ld1 {v0.2d},[x0] //load [rotated] Xi - subs x3,x3,#16 - movi v19.16b,#0xe1 - mov x12,#16 - ld1 {v20.2d},[x1] //load twisted H - csel x12,xzr,x12,eq - ext v0.16b,v0.16b,v0.16b,#8 - shl v19.2d,v19.2d,#57 - ld1 {v17.2d},[x2],x12 //load [rotated] inp - ext v21.16b,v20.16b,v20.16b,#8 + ld1 {v0.2d},[x0] //load [rotated] Xi + //"[rotated]" means that + //loaded value would have + //to be rotated in order to + //make it appear as in + //alorithm specification + subs x3,x3,#32 //see if x3 is 32 or larger + mov x12,#16 //x12 is used as post- + //increment for input pointer; + //as loop is modulo-scheduled + //x12 is zeroed just in time + //to preclude oversteping + //inp[len], which means that + //last block[s] are actually + //loaded twice, but last + //copy is not processed + ld1 {v20.2d,v21.2d},[x1],#32 //load twisted H, ..., H^2 + movi v19.16b,#0xe1 + ld1 {v22.2d},[x1] + csel x12,xzr,x12,eq //is it time to zero x12? + ext v0.16b,v0.16b,v0.16b,#8 //rotate Xi + ld1 {v16.2d},[x2],#16 //load [rotated] I[0] + shl v19.2d,v19.2d,#57 //compose 0xc2.0 constant #ifndef __ARMEB__ + rev64 v16.16b,v16.16b rev64 v0.16b,v0.16b +#endif + ext v3.16b,v16.16b,v16.16b,#8 //rotate I[0] + b.lo .Lodd_tail_v8 //x3 was less than 32 + ld1 {v17.2d},[x2],x12 //load [rotated] I[1] +#ifndef __ARMEB__ rev64 v17.16b,v17.16b #endif - eor v21.16b,v21.16b,v20.16b //Karatsuba pre-processing - ext v3.16b,v17.16b,v17.16b,#8 - b .Loop_v8 + ext v7.16b,v17.16b,v17.16b,#8 + eor v3.16b,v3.16b,v0.16b //I[i]^=Xi + pmull v4.1q,v20.1d,v7.1d //H·Ii+1 + eor v17.16b,v17.16b,v7.16b //Karatsuba pre-processing + pmull2 v6.1q,v20.2d,v7.2d + b .Loop_mod2x_v8 .align 4 -.Loop_v8: - ext v18.16b,v0.16b,v0.16b,#8 - eor v3.16b,v3.16b,v0.16b //inp^=Xi - eor v17.16b,v17.16b,v18.16b //v17.16b is rotated inp^Xi +.Loop_mod2x_v8: + ext v18.16b,v3.16b,v3.16b,#8 + subs x3,x3,#32 //is there more data? + pmull v0.1q,v22.1d,v3.1d //H^2.lo·Xi.lo + csel x12,xzr,x12,lo //is it time to zero x12? + + pmull v5.1q,v21.1d,v17.1d + eor v18.16b,v18.16b,v3.16b //Karatsuba pre-processing + pmull2 v2.1q,v22.2d,v3.2d //H^2.hi·Xi.hi + eor v0.16b,v0.16b,v4.16b //accumulate + pmull2 v1.1q,v21.2d,v18.2d //(H^2.lo+H^2.hi)·(Xi.lo+Xi.hi) + ld1 {v16.2d},[x2],x12 //load [rotated] I[i+2] + + eor v2.16b,v2.16b,v6.16b + csel x12,xzr,x12,eq //is it time to zero x12? + eor v1.16b,v1.16b,v5.16b + + ext v17.16b,v0.16b,v2.16b,#8 //Karatsuba post-processing + eor v18.16b,v0.16b,v2.16b + eor v1.16b,v1.16b,v17.16b + ld1 {v17.2d},[x2],x12 //load [rotated] I[i+3] +#ifndef __ARMEB__ + rev64 v16.16b,v16.16b +#endif + eor v1.16b,v1.16b,v18.16b + pmull v18.1q,v0.1d,v19.1d //1st phase of reduction + +#ifndef __ARMEB__ + rev64 v17.16b,v17.16b +#endif + ins v2.d[0],v1.d[1] + ins v1.d[1],v0.d[0] + ext v7.16b,v17.16b,v17.16b,#8 + ext v3.16b,v16.16b,v16.16b,#8 + eor v0.16b,v1.16b,v18.16b + pmull v4.1q,v20.1d,v7.1d //H·Ii+1 + eor v3.16b,v3.16b,v2.16b //accumulate v3.16b early + + ext v18.16b,v0.16b,v0.16b,#8 //2nd phase of reduction + pmull v0.1q,v0.1d,v19.1d + eor v3.16b,v3.16b,v18.16b + eor v17.16b,v17.16b,v7.16b //Karatsuba pre-processing + eor v3.16b,v3.16b,v0.16b + pmull2 v6.1q,v20.2d,v7.2d + b.hs .Loop_mod2x_v8 //there was at least 32 more bytes + + eor v2.16b,v2.16b,v18.16b + ext v3.16b,v16.16b,v16.16b,#8 //re-construct v3.16b + adds x3,x3,#32 //re-construct x3 + eor v0.16b,v0.16b,v2.16b //re-construct v0.16b + b.eq .Ldone_v8 //is x3 zero? +.Lodd_tail_v8: + ext v18.16b,v0.16b,v0.16b,#8 + eor v3.16b,v3.16b,v0.16b //inp^=Xi + eor v17.16b,v16.16b,v18.16b //v17.16b is rotated inp^Xi -.Lgmult_v8: pmull v0.1q,v20.1d,v3.1d //H.lo·Xi.lo - eor v17.16b,v17.16b,v3.16b //Karatsuba pre-processing + eor v17.16b,v17.16b,v3.16b //Karatsuba pre-processing pmull2 v2.1q,v20.2d,v3.2d //H.hi·Xi.hi - subs x3,x3,#16 pmull v1.1q,v21.1d,v17.1d //(H.lo+H.hi)·(Xi.lo+Xi.hi) - csel x12,xzr,x12,eq - ext v17.16b,v0.16b,v2.16b,#8 //Karatsuba post-processing - eor v18.16b,v0.16b,v2.16b - eor v1.16b,v1.16b,v17.16b - ld1 {v17.2d},[x2],x12 //load [rotated] inp - eor v1.16b,v1.16b,v18.16b - pmull v18.1q,v0.1d,v19.1d //1st phase + ext v17.16b,v0.16b,v2.16b,#8 //Karatsuba post-processing + eor v18.16b,v0.16b,v2.16b + eor v1.16b,v1.16b,v17.16b + eor v1.16b,v1.16b,v18.16b + pmull v18.1q,v0.1d,v19.1d //1st phase of reduction ins v2.d[0],v1.d[1] ins v1.d[1],v0.d[0] -#ifndef __ARMEB__ - rev64 v17.16b,v17.16b -#endif - eor v0.16b,v1.16b,v18.16b - ext v3.16b,v17.16b,v17.16b,#8 + eor v0.16b,v1.16b,v18.16b - ext v18.16b,v0.16b,v0.16b,#8 //2nd phase + ext v18.16b,v0.16b,v0.16b,#8 //2nd phase of reduction pmull v0.1q,v0.1d,v19.1d - eor v18.16b,v18.16b,v2.16b - eor v0.16b,v0.16b,v18.16b - b.hs .Loop_v8 + eor v18.16b,v18.16b,v2.16b + eor v0.16b,v0.16b,v18.16b +.Ldone_v8: #ifndef __ARMEB__ rev64 v0.16b,v0.16b #endif - ext v0.16b,v0.16b,v0.16b,#8 - st1 {v0.2d},[x0] //write out Xi + ext v0.16b,v0.16b,v0.16b,#8 + st1 {v0.2d},[x0] //write out Xi ret .size gcm_ghash_v8,.-gcm_ghash_v8 -.asciz "GHASH for ARMv8, CRYPTOGAMS by " -.align 2 +.byte 71,72,65,83,72,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 +.align 2 +.align 2 diff --git a/linux-aarch64/crypto/sha/sha1-armv8.S b/linux-aarch64/crypto/sha/sha1-armv8.S index f9d1262..ab6aa98 100644 --- a/linux-aarch64/crypto/sha/sha1-armv8.S +++ b/linux-aarch64/crypto/sha/sha1-armv8.S @@ -2,6 +2,7 @@ .text + .globl sha1_block_data_order .type sha1_block_data_order,%function .align 6 @@ -213,826 +214,826 @@ sha1_block_data_order: add w20,w20,w17 // future e+=X[i] add w21,w21,w25 // e+=F(b,c,d) lsr x19,x17,#32 - eor w3,w3,w5 + eor w3,w3,w5 bic w25,w24,w22 and w26,w23,w22 ror w27,w21,#27 - eor w3,w3,w11 + eor w3,w3,w11 add w24,w24,w28 // future e+=K orr w25,w25,w26 add w20,w20,w27 // e+=rot(a,5) - eor w3,w3,w16 + eor w3,w3,w16 ror w22,w22,#2 add w24,w24,w19 // future e+=X[i] add w20,w20,w25 // e+=F(b,c,d) - ror w3,w3,#31 - eor w4,w4,w6 + ror w3,w3,#31 + eor w4,w4,w6 bic w25,w23,w21 and w26,w22,w21 ror w27,w20,#27 - eor w4,w4,w12 + eor w4,w4,w12 add w23,w23,w28 // future e+=K orr w25,w25,w26 add w24,w24,w27 // e+=rot(a,5) - eor w4,w4,w17 + eor w4,w4,w17 ror w21,w21,#2 add w23,w23,w3 // future e+=X[i] add w24,w24,w25 // e+=F(b,c,d) - ror w4,w4,#31 - eor w5,w5,w7 + ror w4,w4,#31 + eor w5,w5,w7 bic w25,w22,w20 and w26,w21,w20 ror w27,w24,#27 - eor w5,w5,w13 + eor w5,w5,w13 add w22,w22,w28 // future e+=K orr w25,w25,w26 add w23,w23,w27 // e+=rot(a,5) - eor w5,w5,w19 + eor w5,w5,w19 ror w20,w20,#2 add w22,w22,w4 // future e+=X[i] add w23,w23,w25 // e+=F(b,c,d) - ror w5,w5,#31 - eor w6,w6,w8 + ror w5,w5,#31 + eor w6,w6,w8 bic w25,w21,w24 and w26,w20,w24 ror w27,w23,#27 - eor w6,w6,w14 + eor w6,w6,w14 add w21,w21,w28 // future e+=K orr w25,w25,w26 add w22,w22,w27 // e+=rot(a,5) - eor w6,w6,w3 + eor w6,w6,w3 ror w24,w24,#2 add w21,w21,w5 // future e+=X[i] add w22,w22,w25 // e+=F(b,c,d) - ror w6,w6,#31 - eor w7,w7,w9 + ror w6,w6,#31 + eor w7,w7,w9 bic w25,w20,w23 and w26,w24,w23 ror w27,w22,#27 - eor w7,w7,w15 + eor w7,w7,w15 add w20,w20,w28 // future e+=K orr w25,w25,w26 add w21,w21,w27 // e+=rot(a,5) - eor w7,w7,w4 + eor w7,w7,w4 ror w23,w23,#2 add w20,w20,w6 // future e+=X[i] add w21,w21,w25 // e+=F(b,c,d) - ror w7,w7,#31 + ror w7,w7,#31 movz w28,#0xeba1 movk w28,#0x6ed9,lsl#16 - eor w8,w8,w10 + eor w8,w8,w10 bic w25,w24,w22 and w26,w23,w22 ror w27,w21,#27 - eor w8,w8,w16 + eor w8,w8,w16 add w24,w24,w28 // future e+=K orr w25,w25,w26 add w20,w20,w27 // e+=rot(a,5) - eor w8,w8,w5 + eor w8,w8,w5 ror w22,w22,#2 add w24,w24,w7 // future e+=X[i] add w20,w20,w25 // e+=F(b,c,d) - ror w8,w8,#31 - eor w9,w9,w11 + ror w8,w8,#31 + eor w9,w9,w11 eor w25,w23,w21 ror w27,w20,#27 add w23,w23,w28 // future e+=K - eor w9,w9,w17 + eor w9,w9,w17 eor w25,w25,w22 add w24,w24,w27 // e+=rot(a,5) ror w21,w21,#2 - eor w9,w9,w6 + eor w9,w9,w6 add w23,w23,w8 // future e+=X[i] add w24,w24,w25 // e+=F(b,c,d) - ror w9,w9,#31 - eor w10,w10,w12 + ror w9,w9,#31 + eor w10,w10,w12 eor w25,w22,w20 ror w27,w24,#27 add w22,w22,w28 // future e+=K - eor w10,w10,w19 + eor w10,w10,w19 eor w25,w25,w21 add w23,w23,w27 // e+=rot(a,5) ror w20,w20,#2 - eor w10,w10,w7 + eor w10,w10,w7 add w22,w22,w9 // future e+=X[i] add w23,w23,w25 // e+=F(b,c,d) - ror w10,w10,#31 - eor w11,w11,w13 + ror w10,w10,#31 + eor w11,w11,w13 eor w25,w21,w24 ror w27,w23,#27 add w21,w21,w28 // future e+=K - eor w11,w11,w3 + eor w11,w11,w3 eor w25,w25,w20 add w22,w22,w27 // e+=rot(a,5) ror w24,w24,#2 - eor w11,w11,w8 + eor w11,w11,w8 add w21,w21,w10 // future e+=X[i] add w22,w22,w25 // e+=F(b,c,d) - ror w11,w11,#31 - eor w12,w12,w14 + ror w11,w11,#31 + eor w12,w12,w14 eor w25,w20,w23 ror w27,w22,#27 add w20,w20,w28 // future e+=K - eor w12,w12,w4 + eor w12,w12,w4 eor w25,w25,w24 add w21,w21,w27 // e+=rot(a,5) ror w23,w23,#2 - eor w12,w12,w9 + eor w12,w12,w9 add w20,w20,w11 // future e+=X[i] add w21,w21,w25 // e+=F(b,c,d) - ror w12,w12,#31 - eor w13,w13,w15 + ror w12,w12,#31 + eor w13,w13,w15 eor w25,w24,w22 ror w27,w21,#27 add w24,w24,w28 // future e+=K - eor w13,w13,w5 + eor w13,w13,w5 eor w25,w25,w23 add w20,w20,w27 // e+=rot(a,5) ror w22,w22,#2 - eor w13,w13,w10 + eor w13,w13,w10 add w24,w24,w12 // future e+=X[i] add w20,w20,w25 // e+=F(b,c,d) - ror w13,w13,#31 - eor w14,w14,w16 + ror w13,w13,#31 + eor w14,w14,w16 eor w25,w23,w21 ror w27,w20,#27 add w23,w23,w28 // future e+=K - eor w14,w14,w6 + eor w14,w14,w6 eor w25,w25,w22 add w24,w24,w27 // e+=rot(a,5) ror w21,w21,#2 - eor w14,w14,w11 + eor w14,w14,w11 add w23,w23,w13 // future e+=X[i] add w24,w24,w25 // e+=F(b,c,d) - ror w14,w14,#31 - eor w15,w15,w17 + ror w14,w14,#31 + eor w15,w15,w17 eor w25,w22,w20 ror w27,w24,#27 add w22,w22,w28 // future e+=K - eor w15,w15,w7 + eor w15,w15,w7 eor w25,w25,w21 add w23,w23,w27 // e+=rot(a,5) ror w20,w20,#2 - eor w15,w15,w12 + eor w15,w15,w12 add w22,w22,w14 // future e+=X[i] add w23,w23,w25 // e+=F(b,c,d) - ror w15,w15,#31 - eor w16,w16,w19 + ror w15,w15,#31 + eor w16,w16,w19 eor w25,w21,w24 ror w27,w23,#27 add w21,w21,w28 // future e+=K - eor w16,w16,w8 + eor w16,w16,w8 eor w25,w25,w20 add w22,w22,w27 // e+=rot(a,5) ror w24,w24,#2 - eor w16,w16,w13 + eor w16,w16,w13 add w21,w21,w15 // future e+=X[i] add w22,w22,w25 // e+=F(b,c,d) - ror w16,w16,#31 - eor w17,w17,w3 + ror w16,w16,#31 + eor w17,w17,w3 eor w25,w20,w23 ror w27,w22,#27 add w20,w20,w28 // future e+=K - eor w17,w17,w9 + eor w17,w17,w9 eor w25,w25,w24 add w21,w21,w27 // e+=rot(a,5) ror w23,w23,#2 - eor w17,w17,w14 + eor w17,w17,w14 add w20,w20,w16 // future e+=X[i] add w21,w21,w25 // e+=F(b,c,d) - ror w17,w17,#31 - eor w19,w19,w4 + ror w17,w17,#31 + eor w19,w19,w4 eor w25,w24,w22 ror w27,w21,#27 add w24,w24,w28 // future e+=K - eor w19,w19,w10 + eor w19,w19,w10 eor w25,w25,w23 add w20,w20,w27 // e+=rot(a,5) ror w22,w22,#2 - eor w19,w19,w15 + eor w19,w19,w15 add w24,w24,w17 // future e+=X[i] add w20,w20,w25 // e+=F(b,c,d) - ror w19,w19,#31 - eor w3,w3,w5 + ror w19,w19,#31 + eor w3,w3,w5 eor w25,w23,w21 ror w27,w20,#27 add w23,w23,w28 // future e+=K - eor w3,w3,w11 + eor w3,w3,w11 eor w25,w25,w22 add w24,w24,w27 // e+=rot(a,5) ror w21,w21,#2 - eor w3,w3,w16 + eor w3,w3,w16 add w23,w23,w19 // future e+=X[i] add w24,w24,w25 // e+=F(b,c,d) - ror w3,w3,#31 - eor w4,w4,w6 + ror w3,w3,#31 + eor w4,w4,w6 eor w25,w22,w20 ror w27,w24,#27 add w22,w22,w28 // future e+=K - eor w4,w4,w12 + eor w4,w4,w12 eor w25,w25,w21 add w23,w23,w27 // e+=rot(a,5) ror w20,w20,#2 - eor w4,w4,w17 + eor w4,w4,w17 add w22,w22,w3 // future e+=X[i] add w23,w23,w25 // e+=F(b,c,d) - ror w4,w4,#31 - eor w5,w5,w7 + ror w4,w4,#31 + eor w5,w5,w7 eor w25,w21,w24 ror w27,w23,#27 add w21,w21,w28 // future e+=K - eor w5,w5,w13 + eor w5,w5,w13 eor w25,w25,w20 add w22,w22,w27 // e+=rot(a,5) ror w24,w24,#2 - eor w5,w5,w19 + eor w5,w5,w19 add w21,w21,w4 // future e+=X[i] add w22,w22,w25 // e+=F(b,c,d) - ror w5,w5,#31 - eor w6,w6,w8 + ror w5,w5,#31 + eor w6,w6,w8 eor w25,w20,w23 ror w27,w22,#27 add w20,w20,w28 // future e+=K - eor w6,w6,w14 + eor w6,w6,w14 eor w25,w25,w24 add w21,w21,w27 // e+=rot(a,5) ror w23,w23,#2 - eor w6,w6,w3 + eor w6,w6,w3 add w20,w20,w5 // future e+=X[i] add w21,w21,w25 // e+=F(b,c,d) - ror w6,w6,#31 - eor w7,w7,w9 + ror w6,w6,#31 + eor w7,w7,w9 eor w25,w24,w22 ror w27,w21,#27 add w24,w24,w28 // future e+=K - eor w7,w7,w15 + eor w7,w7,w15 eor w25,w25,w23 add w20,w20,w27 // e+=rot(a,5) ror w22,w22,#2 - eor w7,w7,w4 + eor w7,w7,w4 add w24,w24,w6 // future e+=X[i] add w20,w20,w25 // e+=F(b,c,d) - ror w7,w7,#31 - eor w8,w8,w10 + ror w7,w7,#31 + eor w8,w8,w10 eor w25,w23,w21 ror w27,w20,#27 add w23,w23,w28 // future e+=K - eor w8,w8,w16 + eor w8,w8,w16 eor w25,w25,w22 add w24,w24,w27 // e+=rot(a,5) ror w21,w21,#2 - eor w8,w8,w5 + eor w8,w8,w5 add w23,w23,w7 // future e+=X[i] add w24,w24,w25 // e+=F(b,c,d) - ror w8,w8,#31 - eor w9,w9,w11 + ror w8,w8,#31 + eor w9,w9,w11 eor w25,w22,w20 ror w27,w24,#27 add w22,w22,w28 // future e+=K - eor w9,w9,w17 + eor w9,w9,w17 eor w25,w25,w21 add w23,w23,w27 // e+=rot(a,5) ror w20,w20,#2 - eor w9,w9,w6 + eor w9,w9,w6 add w22,w22,w8 // future e+=X[i] add w23,w23,w25 // e+=F(b,c,d) - ror w9,w9,#31 - eor w10,w10,w12 + ror w9,w9,#31 + eor w10,w10,w12 eor w25,w21,w24 ror w27,w23,#27 add w21,w21,w28 // future e+=K - eor w10,w10,w19 + eor w10,w10,w19 eor w25,w25,w20 add w22,w22,w27 // e+=rot(a,5) ror w24,w24,#2 - eor w10,w10,w7 + eor w10,w10,w7 add w21,w21,w9 // future e+=X[i] add w22,w22,w25 // e+=F(b,c,d) - ror w10,w10,#31 - eor w11,w11,w13 + ror w10,w10,#31 + eor w11,w11,w13 eor w25,w20,w23 ror w27,w22,#27 add w20,w20,w28 // future e+=K - eor w11,w11,w3 + eor w11,w11,w3 eor w25,w25,w24 add w21,w21,w27 // e+=rot(a,5) ror w23,w23,#2 - eor w11,w11,w8 + eor w11,w11,w8 add w20,w20,w10 // future e+=X[i] add w21,w21,w25 // e+=F(b,c,d) - ror w11,w11,#31 + ror w11,w11,#31 movz w28,#0xbcdc movk w28,#0x8f1b,lsl#16 - eor w12,w12,w14 + eor w12,w12,w14 eor w25,w24,w22 ror w27,w21,#27 add w24,w24,w28 // future e+=K - eor w12,w12,w4 + eor w12,w12,w4 eor w25,w25,w23 add w20,w20,w27 // e+=rot(a,5) ror w22,w22,#2 - eor w12,w12,w9 + eor w12,w12,w9 add w24,w24,w11 // future e+=X[i] add w20,w20,w25 // e+=F(b,c,d) - ror w12,w12,#31 + ror w12,w12,#31 orr w25,w21,w22 and w26,w21,w22 - eor w13,w13,w15 + eor w13,w13,w15 ror w27,w20,#27 and w25,w25,w23 add w23,w23,w28 // future e+=K - eor w13,w13,w5 + eor w13,w13,w5 add w24,w24,w27 // e+=rot(a,5) orr w25,w25,w26 ror w21,w21,#2 - eor w13,w13,w10 + eor w13,w13,w10 add w23,w23,w12 // future e+=X[i] add w24,w24,w25 // e+=F(b,c,d) - ror w13,w13,#31 + ror w13,w13,#31 orr w25,w20,w21 and w26,w20,w21 - eor w14,w14,w16 + eor w14,w14,w16 ror w27,w24,#27 and w25,w25,w22 add w22,w22,w28 // future e+=K - eor w14,w14,w6 + eor w14,w14,w6 add w23,w23,w27 // e+=rot(a,5) orr w25,w25,w26 ror w20,w20,#2 - eor w14,w14,w11 + eor w14,w14,w11 add w22,w22,w13 // future e+=X[i] add w23,w23,w25 // e+=F(b,c,d) - ror w14,w14,#31 + ror w14,w14,#31 orr w25,w24,w20 and w26,w24,w20 - eor w15,w15,w17 + eor w15,w15,w17 ror w27,w23,#27 and w25,w25,w21 add w21,w21,w28 // future e+=K - eor w15,w15,w7 + eor w15,w15,w7 add w22,w22,w27 // e+=rot(a,5) orr w25,w25,w26 ror w24,w24,#2 - eor w15,w15,w12 + eor w15,w15,w12 add w21,w21,w14 // future e+=X[i] add w22,w22,w25 // e+=F(b,c,d) - ror w15,w15,#31 + ror w15,w15,#31 orr w25,w23,w24 and w26,w23,w24 - eor w16,w16,w19 + eor w16,w16,w19 ror w27,w22,#27 and w25,w25,w20 add w20,w20,w28 // future e+=K - eor w16,w16,w8 + eor w16,w16,w8 add w21,w21,w27 // e+=rot(a,5) orr w25,w25,w26 ror w23,w23,#2 - eor w16,w16,w13 + eor w16,w16,w13 add w20,w20,w15 // future e+=X[i] add w21,w21,w25 // e+=F(b,c,d) - ror w16,w16,#31 + ror w16,w16,#31 orr w25,w22,w23 and w26,w22,w23 - eor w17,w17,w3 + eor w17,w17,w3 ror w27,w21,#27 and w25,w25,w24 add w24,w24,w28 // future e+=K - eor w17,w17,w9 + eor w17,w17,w9 add w20,w20,w27 // e+=rot(a,5) orr w25,w25,w26 ror w22,w22,#2 - eor w17,w17,w14 + eor w17,w17,w14 add w24,w24,w16 // future e+=X[i] add w20,w20,w25 // e+=F(b,c,d) - ror w17,w17,#31 + ror w17,w17,#31 orr w25,w21,w22 and w26,w21,w22 - eor w19,w19,w4 + eor w19,w19,w4 ror w27,w20,#27 and w25,w25,w23 add w23,w23,w28 // future e+=K - eor w19,w19,w10 + eor w19,w19,w10 add w24,w24,w27 // e+=rot(a,5) orr w25,w25,w26 ror w21,w21,#2 - eor w19,w19,w15 + eor w19,w19,w15 add w23,w23,w17 // future e+=X[i] add w24,w24,w25 // e+=F(b,c,d) - ror w19,w19,#31 + ror w19,w19,#31 orr w25,w20,w21 and w26,w20,w21 - eor w3,w3,w5 + eor w3,w3,w5 ror w27,w24,#27 and w25,w25,w22 add w22,w22,w28 // future e+=K - eor w3,w3,w11 + eor w3,w3,w11 add w23,w23,w27 // e+=rot(a,5) orr w25,w25,w26 ror w20,w20,#2 - eor w3,w3,w16 + eor w3,w3,w16 add w22,w22,w19 // future e+=X[i] add w23,w23,w25 // e+=F(b,c,d) - ror w3,w3,#31 + ror w3,w3,#31 orr w25,w24,w20 and w26,w24,w20 - eor w4,w4,w6 + eor w4,w4,w6 ror w27,w23,#27 and w25,w25,w21 add w21,w21,w28 // future e+=K - eor w4,w4,w12 + eor w4,w4,w12 add w22,w22,w27 // e+=rot(a,5) orr w25,w25,w26 ror w24,w24,#2 - eor w4,w4,w17 + eor w4,w4,w17 add w21,w21,w3 // future e+=X[i] add w22,w22,w25 // e+=F(b,c,d) - ror w4,w4,#31 + ror w4,w4,#31 orr w25,w23,w24 and w26,w23,w24 - eor w5,w5,w7 + eor w5,w5,w7 ror w27,w22,#27 and w25,w25,w20 add w20,w20,w28 // future e+=K - eor w5,w5,w13 + eor w5,w5,w13 add w21,w21,w27 // e+=rot(a,5) orr w25,w25,w26 ror w23,w23,#2 - eor w5,w5,w19 + eor w5,w5,w19 add w20,w20,w4 // future e+=X[i] add w21,w21,w25 // e+=F(b,c,d) - ror w5,w5,#31 + ror w5,w5,#31 orr w25,w22,w23 and w26,w22,w23 - eor w6,w6,w8 + eor w6,w6,w8 ror w27,w21,#27 and w25,w25,w24 add w24,w24,w28 // future e+=K - eor w6,w6,w14 + eor w6,w6,w14 add w20,w20,w27 // e+=rot(a,5) orr w25,w25,w26 ror w22,w22,#2 - eor w6,w6,w3 + eor w6,w6,w3 add w24,w24,w5 // future e+=X[i] add w20,w20,w25 // e+=F(b,c,d) - ror w6,w6,#31 + ror w6,w6,#31 orr w25,w21,w22 and w26,w21,w22 - eor w7,w7,w9 + eor w7,w7,w9 ror w27,w20,#27 and w25,w25,w23 add w23,w23,w28 // future e+=K - eor w7,w7,w15 + eor w7,w7,w15 add w24,w24,w27 // e+=rot(a,5) orr w25,w25,w26 ror w21,w21,#2 - eor w7,w7,w4 + eor w7,w7,w4 add w23,w23,w6 // future e+=X[i] add w24,w24,w25 // e+=F(b,c,d) - ror w7,w7,#31 + ror w7,w7,#31 orr w25,w20,w21 and w26,w20,w21 - eor w8,w8,w10 + eor w8,w8,w10 ror w27,w24,#27 and w25,w25,w22 add w22,w22,w28 // future e+=K - eor w8,w8,w16 + eor w8,w8,w16 add w23,w23,w27 // e+=rot(a,5) orr w25,w25,w26 ror w20,w20,#2 - eor w8,w8,w5 + eor w8,w8,w5 add w22,w22,w7 // future e+=X[i] add w23,w23,w25 // e+=F(b,c,d) - ror w8,w8,#31 + ror w8,w8,#31 orr w25,w24,w20 and w26,w24,w20 - eor w9,w9,w11 + eor w9,w9,w11 ror w27,w23,#27 and w25,w25,w21 add w21,w21,w28 // future e+=K - eor w9,w9,w17 + eor w9,w9,w17 add w22,w22,w27 // e+=rot(a,5) orr w25,w25,w26 ror w24,w24,#2 - eor w9,w9,w6 + eor w9,w9,w6 add w21,w21,w8 // future e+=X[i] add w22,w22,w25 // e+=F(b,c,d) - ror w9,w9,#31 + ror w9,w9,#31 orr w25,w23,w24 and w26,w23,w24 - eor w10,w10,w12 + eor w10,w10,w12 ror w27,w22,#27 and w25,w25,w20 add w20,w20,w28 // future e+=K - eor w10,w10,w19 + eor w10,w10,w19 add w21,w21,w27 // e+=rot(a,5) orr w25,w25,w26 ror w23,w23,#2 - eor w10,w10,w7 + eor w10,w10,w7 add w20,w20,w9 // future e+=X[i] add w21,w21,w25 // e+=F(b,c,d) - ror w10,w10,#31 + ror w10,w10,#31 orr w25,w22,w23 and w26,w22,w23 - eor w11,w11,w13 + eor w11,w11,w13 ror w27,w21,#27 and w25,w25,w24 add w24,w24,w28 // future e+=K - eor w11,w11,w3 + eor w11,w11,w3 add w20,w20,w27 // e+=rot(a,5) orr w25,w25,w26 ror w22,w22,#2 - eor w11,w11,w8 + eor w11,w11,w8 add w24,w24,w10 // future e+=X[i] add w20,w20,w25 // e+=F(b,c,d) - ror w11,w11,#31 + ror w11,w11,#31 orr w25,w21,w22 and w26,w21,w22 - eor w12,w12,w14 + eor w12,w12,w14 ror w27,w20,#27 and w25,w25,w23 add w23,w23,w28 // future e+=K - eor w12,w12,w4 + eor w12,w12,w4 add w24,w24,w27 // e+=rot(a,5) orr w25,w25,w26 ror w21,w21,#2 - eor w12,w12,w9 + eor w12,w12,w9 add w23,w23,w11 // future e+=X[i] add w24,w24,w25 // e+=F(b,c,d) - ror w12,w12,#31 + ror w12,w12,#31 orr w25,w20,w21 and w26,w20,w21 - eor w13,w13,w15 + eor w13,w13,w15 ror w27,w24,#27 and w25,w25,w22 add w22,w22,w28 // future e+=K - eor w13,w13,w5 + eor w13,w13,w5 add w23,w23,w27 // e+=rot(a,5) orr w25,w25,w26 ror w20,w20,#2 - eor w13,w13,w10 + eor w13,w13,w10 add w22,w22,w12 // future e+=X[i] add w23,w23,w25 // e+=F(b,c,d) - ror w13,w13,#31 + ror w13,w13,#31 orr w25,w24,w20 and w26,w24,w20 - eor w14,w14,w16 + eor w14,w14,w16 ror w27,w23,#27 and w25,w25,w21 add w21,w21,w28 // future e+=K - eor w14,w14,w6 + eor w14,w14,w6 add w22,w22,w27 // e+=rot(a,5) orr w25,w25,w26 ror w24,w24,#2 - eor w14,w14,w11 + eor w14,w14,w11 add w21,w21,w13 // future e+=X[i] add w22,w22,w25 // e+=F(b,c,d) - ror w14,w14,#31 + ror w14,w14,#31 orr w25,w23,w24 and w26,w23,w24 - eor w15,w15,w17 + eor w15,w15,w17 ror w27,w22,#27 and w25,w25,w20 add w20,w20,w28 // future e+=K - eor w15,w15,w7 + eor w15,w15,w7 add w21,w21,w27 // e+=rot(a,5) orr w25,w25,w26 ror w23,w23,#2 - eor w15,w15,w12 + eor w15,w15,w12 add w20,w20,w14 // future e+=X[i] add w21,w21,w25 // e+=F(b,c,d) - ror w15,w15,#31 + ror w15,w15,#31 movz w28,#0xc1d6 movk w28,#0xca62,lsl#16 orr w25,w22,w23 and w26,w22,w23 - eor w16,w16,w19 + eor w16,w16,w19 ror w27,w21,#27 and w25,w25,w24 add w24,w24,w28 // future e+=K - eor w16,w16,w8 + eor w16,w16,w8 add w20,w20,w27 // e+=rot(a,5) orr w25,w25,w26 ror w22,w22,#2 - eor w16,w16,w13 + eor w16,w16,w13 add w24,w24,w15 // future e+=X[i] add w20,w20,w25 // e+=F(b,c,d) - ror w16,w16,#31 - eor w17,w17,w3 + ror w16,w16,#31 + eor w17,w17,w3 eor w25,w23,w21 ror w27,w20,#27 add w23,w23,w28 // future e+=K - eor w17,w17,w9 + eor w17,w17,w9 eor w25,w25,w22 add w24,w24,w27 // e+=rot(a,5) ror w21,w21,#2 - eor w17,w17,w14 + eor w17,w17,w14 add w23,w23,w16 // future e+=X[i] add w24,w24,w25 // e+=F(b,c,d) - ror w17,w17,#31 - eor w19,w19,w4 + ror w17,w17,#31 + eor w19,w19,w4 eor w25,w22,w20 ror w27,w24,#27 add w22,w22,w28 // future e+=K - eor w19,w19,w10 + eor w19,w19,w10 eor w25,w25,w21 add w23,w23,w27 // e+=rot(a,5) ror w20,w20,#2 - eor w19,w19,w15 + eor w19,w19,w15 add w22,w22,w17 // future e+=X[i] add w23,w23,w25 // e+=F(b,c,d) - ror w19,w19,#31 - eor w3,w3,w5 + ror w19,w19,#31 + eor w3,w3,w5 eor w25,w21,w24 ror w27,w23,#27 add w21,w21,w28 // future e+=K - eor w3,w3,w11 + eor w3,w3,w11 eor w25,w25,w20 add w22,w22,w27 // e+=rot(a,5) ror w24,w24,#2 - eor w3,w3,w16 + eor w3,w3,w16 add w21,w21,w19 // future e+=X[i] add w22,w22,w25 // e+=F(b,c,d) - ror w3,w3,#31 - eor w4,w4,w6 + ror w3,w3,#31 + eor w4,w4,w6 eor w25,w20,w23 ror w27,w22,#27 add w20,w20,w28 // future e+=K - eor w4,w4,w12 + eor w4,w4,w12 eor w25,w25,w24 add w21,w21,w27 // e+=rot(a,5) ror w23,w23,#2 - eor w4,w4,w17 + eor w4,w4,w17 add w20,w20,w3 // future e+=X[i] add w21,w21,w25 // e+=F(b,c,d) - ror w4,w4,#31 - eor w5,w5,w7 + ror w4,w4,#31 + eor w5,w5,w7 eor w25,w24,w22 ror w27,w21,#27 add w24,w24,w28 // future e+=K - eor w5,w5,w13 + eor w5,w5,w13 eor w25,w25,w23 add w20,w20,w27 // e+=rot(a,5) ror w22,w22,#2 - eor w5,w5,w19 + eor w5,w5,w19 add w24,w24,w4 // future e+=X[i] add w20,w20,w25 // e+=F(b,c,d) - ror w5,w5,#31 - eor w6,w6,w8 + ror w5,w5,#31 + eor w6,w6,w8 eor w25,w23,w21 ror w27,w20,#27 add w23,w23,w28 // future e+=K - eor w6,w6,w14 + eor w6,w6,w14 eor w25,w25,w22 add w24,w24,w27 // e+=rot(a,5) ror w21,w21,#2 - eor w6,w6,w3 + eor w6,w6,w3 add w23,w23,w5 // future e+=X[i] add w24,w24,w25 // e+=F(b,c,d) - ror w6,w6,#31 - eor w7,w7,w9 + ror w6,w6,#31 + eor w7,w7,w9 eor w25,w22,w20 ror w27,w24,#27 add w22,w22,w28 // future e+=K - eor w7,w7,w15 + eor w7,w7,w15 eor w25,w25,w21 add w23,w23,w27 // e+=rot(a,5) ror w20,w20,#2 - eor w7,w7,w4 + eor w7,w7,w4 add w22,w22,w6 // future e+=X[i] add w23,w23,w25 // e+=F(b,c,d) - ror w7,w7,#31 - eor w8,w8,w10 + ror w7,w7,#31 + eor w8,w8,w10 eor w25,w21,w24 ror w27,w23,#27 add w21,w21,w28 // future e+=K - eor w8,w8,w16 + eor w8,w8,w16 eor w25,w25,w20 add w22,w22,w27 // e+=rot(a,5) ror w24,w24,#2 - eor w8,w8,w5 + eor w8,w8,w5 add w21,w21,w7 // future e+=X[i] add w22,w22,w25 // e+=F(b,c,d) - ror w8,w8,#31 - eor w9,w9,w11 + ror w8,w8,#31 + eor w9,w9,w11 eor w25,w20,w23 ror w27,w22,#27 add w20,w20,w28 // future e+=K - eor w9,w9,w17 + eor w9,w9,w17 eor w25,w25,w24 add w21,w21,w27 // e+=rot(a,5) ror w23,w23,#2 - eor w9,w9,w6 + eor w9,w9,w6 add w20,w20,w8 // future e+=X[i] add w21,w21,w25 // e+=F(b,c,d) - ror w9,w9,#31 - eor w10,w10,w12 + ror w9,w9,#31 + eor w10,w10,w12 eor w25,w24,w22 ror w27,w21,#27 add w24,w24,w28 // future e+=K - eor w10,w10,w19 + eor w10,w10,w19 eor w25,w25,w23 add w20,w20,w27 // e+=rot(a,5) ror w22,w22,#2 - eor w10,w10,w7 + eor w10,w10,w7 add w24,w24,w9 // future e+=X[i] add w20,w20,w25 // e+=F(b,c,d) - ror w10,w10,#31 - eor w11,w11,w13 + ror w10,w10,#31 + eor w11,w11,w13 eor w25,w23,w21 ror w27,w20,#27 add w23,w23,w28 // future e+=K - eor w11,w11,w3 + eor w11,w11,w3 eor w25,w25,w22 add w24,w24,w27 // e+=rot(a,5) ror w21,w21,#2 - eor w11,w11,w8 + eor w11,w11,w8 add w23,w23,w10 // future e+=X[i] add w24,w24,w25 // e+=F(b,c,d) - ror w11,w11,#31 - eor w12,w12,w14 + ror w11,w11,#31 + eor w12,w12,w14 eor w25,w22,w20 ror w27,w24,#27 add w22,w22,w28 // future e+=K - eor w12,w12,w4 + eor w12,w12,w4 eor w25,w25,w21 add w23,w23,w27 // e+=rot(a,5) ror w20,w20,#2 - eor w12,w12,w9 + eor w12,w12,w9 add w22,w22,w11 // future e+=X[i] add w23,w23,w25 // e+=F(b,c,d) - ror w12,w12,#31 - eor w13,w13,w15 + ror w12,w12,#31 + eor w13,w13,w15 eor w25,w21,w24 ror w27,w23,#27 add w21,w21,w28 // future e+=K - eor w13,w13,w5 + eor w13,w13,w5 eor w25,w25,w20 add w22,w22,w27 // e+=rot(a,5) ror w24,w24,#2 - eor w13,w13,w10 + eor w13,w13,w10 add w21,w21,w12 // future e+=X[i] add w22,w22,w25 // e+=F(b,c,d) - ror w13,w13,#31 - eor w14,w14,w16 + ror w13,w13,#31 + eor w14,w14,w16 eor w25,w20,w23 ror w27,w22,#27 add w20,w20,w28 // future e+=K - eor w14,w14,w6 + eor w14,w14,w6 eor w25,w25,w24 add w21,w21,w27 // e+=rot(a,5) ror w23,w23,#2 - eor w14,w14,w11 + eor w14,w14,w11 add w20,w20,w13 // future e+=X[i] add w21,w21,w25 // e+=F(b,c,d) - ror w14,w14,#31 - eor w15,w15,w17 + ror w14,w14,#31 + eor w15,w15,w17 eor w25,w24,w22 ror w27,w21,#27 add w24,w24,w28 // future e+=K - eor w15,w15,w7 + eor w15,w15,w7 eor w25,w25,w23 add w20,w20,w27 // e+=rot(a,5) ror w22,w22,#2 - eor w15,w15,w12 + eor w15,w15,w12 add w24,w24,w14 // future e+=X[i] add w20,w20,w25 // e+=F(b,c,d) - ror w15,w15,#31 - eor w16,w16,w19 + ror w15,w15,#31 + eor w16,w16,w19 eor w25,w23,w21 ror w27,w20,#27 add w23,w23,w28 // future e+=K - eor w16,w16,w8 + eor w16,w16,w8 eor w25,w25,w22 add w24,w24,w27 // e+=rot(a,5) ror w21,w21,#2 - eor w16,w16,w13 + eor w16,w16,w13 add w23,w23,w15 // future e+=X[i] add w24,w24,w25 // e+=F(b,c,d) - ror w16,w16,#31 - eor w17,w17,w3 + ror w16,w16,#31 + eor w17,w17,w3 eor w25,w22,w20 ror w27,w24,#27 add w22,w22,w28 // future e+=K - eor w17,w17,w9 + eor w17,w17,w9 eor w25,w25,w21 add w23,w23,w27 // e+=rot(a,5) ror w20,w20,#2 - eor w17,w17,w14 + eor w17,w17,w14 add w22,w22,w16 // future e+=X[i] add w23,w23,w25 // e+=F(b,c,d) - ror w17,w17,#31 - eor w19,w19,w4 + ror w17,w17,#31 + eor w19,w19,w4 eor w25,w21,w24 ror w27,w23,#27 add w21,w21,w28 // future e+=K - eor w19,w19,w10 + eor w19,w19,w10 eor w25,w25,w20 add w22,w22,w27 // e+=rot(a,5) ror w24,w24,#2 - eor w19,w19,w15 + eor w19,w19,w15 add w21,w21,w17 // future e+=X[i] add w22,w22,w25 // e+=F(b,c,d) - ror w19,w19,#31 + ror w19,w19,#31 ldp w4,w5,[x0] eor w25,w20,w23 ror w27,w22,#27 @@ -1080,10 +1081,10 @@ sha1_block_armv8: ld1 {v0.4s},[x0],#16 ld1 {v1.s}[0],[x0] sub x0,x0,#16 - ld1 {v16.4s-v19.4s},[x4] + ld1 {v16.4s,v17.4s,v18.4s,v19.4s},[x4] .Loop_hw: - ld1 {v4.16b-v7.16b},[x1],#64 + ld1 {v4.16b,v5.16b,v6.16b,v7.16b},[x1],#64 sub x2,x2,#1 rev32 v4.16b,v4.16b rev32 v5.16b,v5.16b @@ -1094,98 +1095,98 @@ sha1_block_armv8: add v21.4s,v16.4s,v5.4s rev32 v7.16b,v7.16b - .inst 0x5e280803 //sha1h v3.16b,v0.16b - .inst 0x5e140020 //sha1c v0.16b,v1.16b,v20.4s // 0 +.inst 0x5e280803 //sha1h v3.16b,v0.16b +.inst 0x5e140020 //sha1c v0.16b,v1.16b,v20.4s // 0 add v20.4s,v16.4s,v6.4s - .inst 0x5e0630a4 //sha1su0 v4.16b,v5.16b,v6.16b - .inst 0x5e280802 //sha1h v2.16b,v0.16b // 1 - .inst 0x5e150060 //sha1c v0.16b,v3.16b,v21.4s +.inst 0x5e0630a4 //sha1su0 v4.16b,v5.16b,v6.16b +.inst 0x5e280802 //sha1h v2.16b,v0.16b // 1 +.inst 0x5e150060 //sha1c v0.16b,v3.16b,v21.4s add v21.4s,v16.4s,v7.4s - .inst 0x5e2818e4 //sha1su1 v4.16b,v7.16b - .inst 0x5e0730c5 //sha1su0 v5.16b,v6.16b,v7.16b - .inst 0x5e280803 //sha1h v3.16b,v0.16b // 2 - .inst 0x5e140040 //sha1c v0.16b,v2.16b,v20.4s +.inst 0x5e2818e4 //sha1su1 v4.16b,v7.16b +.inst 0x5e0730c5 //sha1su0 v5.16b,v6.16b,v7.16b +.inst 0x5e280803 //sha1h v3.16b,v0.16b // 2 +.inst 0x5e140040 //sha1c v0.16b,v2.16b,v20.4s add v20.4s,v16.4s,v4.4s - .inst 0x5e281885 //sha1su1 v5.16b,v4.16b - .inst 0x5e0430e6 //sha1su0 v6.16b,v7.16b,v4.16b - .inst 0x5e280802 //sha1h v2.16b,v0.16b // 3 - .inst 0x5e150060 //sha1c v0.16b,v3.16b,v21.4s +.inst 0x5e281885 //sha1su1 v5.16b,v4.16b +.inst 0x5e0430e6 //sha1su0 v6.16b,v7.16b,v4.16b +.inst 0x5e280802 //sha1h v2.16b,v0.16b // 3 +.inst 0x5e150060 //sha1c v0.16b,v3.16b,v21.4s add v21.4s,v17.4s,v5.4s - .inst 0x5e2818a6 //sha1su1 v6.16b,v5.16b - .inst 0x5e053087 //sha1su0 v7.16b,v4.16b,v5.16b - .inst 0x5e280803 //sha1h v3.16b,v0.16b // 4 - .inst 0x5e140040 //sha1c v0.16b,v2.16b,v20.4s +.inst 0x5e2818a6 //sha1su1 v6.16b,v5.16b +.inst 0x5e053087 //sha1su0 v7.16b,v4.16b,v5.16b +.inst 0x5e280803 //sha1h v3.16b,v0.16b // 4 +.inst 0x5e140040 //sha1c v0.16b,v2.16b,v20.4s add v20.4s,v17.4s,v6.4s - .inst 0x5e2818c7 //sha1su1 v7.16b,v6.16b - .inst 0x5e0630a4 //sha1su0 v4.16b,v5.16b,v6.16b - .inst 0x5e280802 //sha1h v2.16b,v0.16b // 5 - .inst 0x5e151060 //sha1p v0.16b,v3.16b,v21.4s +.inst 0x5e2818c7 //sha1su1 v7.16b,v6.16b +.inst 0x5e0630a4 //sha1su0 v4.16b,v5.16b,v6.16b +.inst 0x5e280802 //sha1h v2.16b,v0.16b // 5 +.inst 0x5e151060 //sha1p v0.16b,v3.16b,v21.4s add v21.4s,v17.4s,v7.4s - .inst 0x5e2818e4 //sha1su1 v4.16b,v7.16b - .inst 0x5e0730c5 //sha1su0 v5.16b,v6.16b,v7.16b - .inst 0x5e280803 //sha1h v3.16b,v0.16b // 6 - .inst 0x5e141040 //sha1p v0.16b,v2.16b,v20.4s +.inst 0x5e2818e4 //sha1su1 v4.16b,v7.16b +.inst 0x5e0730c5 //sha1su0 v5.16b,v6.16b,v7.16b +.inst 0x5e280803 //sha1h v3.16b,v0.16b // 6 +.inst 0x5e141040 //sha1p v0.16b,v2.16b,v20.4s add v20.4s,v17.4s,v4.4s - .inst 0x5e281885 //sha1su1 v5.16b,v4.16b - .inst 0x5e0430e6 //sha1su0 v6.16b,v7.16b,v4.16b - .inst 0x5e280802 //sha1h v2.16b,v0.16b // 7 - .inst 0x5e151060 //sha1p v0.16b,v3.16b,v21.4s +.inst 0x5e281885 //sha1su1 v5.16b,v4.16b +.inst 0x5e0430e6 //sha1su0 v6.16b,v7.16b,v4.16b +.inst 0x5e280802 //sha1h v2.16b,v0.16b // 7 +.inst 0x5e151060 //sha1p v0.16b,v3.16b,v21.4s add v21.4s,v17.4s,v5.4s - .inst 0x5e2818a6 //sha1su1 v6.16b,v5.16b - .inst 0x5e053087 //sha1su0 v7.16b,v4.16b,v5.16b - .inst 0x5e280803 //sha1h v3.16b,v0.16b // 8 - .inst 0x5e141040 //sha1p v0.16b,v2.16b,v20.4s +.inst 0x5e2818a6 //sha1su1 v6.16b,v5.16b +.inst 0x5e053087 //sha1su0 v7.16b,v4.16b,v5.16b +.inst 0x5e280803 //sha1h v3.16b,v0.16b // 8 +.inst 0x5e141040 //sha1p v0.16b,v2.16b,v20.4s add v20.4s,v18.4s,v6.4s - .inst 0x5e2818c7 //sha1su1 v7.16b,v6.16b - .inst 0x5e0630a4 //sha1su0 v4.16b,v5.16b,v6.16b - .inst 0x5e280802 //sha1h v2.16b,v0.16b // 9 - .inst 0x5e151060 //sha1p v0.16b,v3.16b,v21.4s +.inst 0x5e2818c7 //sha1su1 v7.16b,v6.16b +.inst 0x5e0630a4 //sha1su0 v4.16b,v5.16b,v6.16b +.inst 0x5e280802 //sha1h v2.16b,v0.16b // 9 +.inst 0x5e151060 //sha1p v0.16b,v3.16b,v21.4s add v21.4s,v18.4s,v7.4s - .inst 0x5e2818e4 //sha1su1 v4.16b,v7.16b - .inst 0x5e0730c5 //sha1su0 v5.16b,v6.16b,v7.16b - .inst 0x5e280803 //sha1h v3.16b,v0.16b // 10 - .inst 0x5e142040 //sha1m v0.16b,v2.16b,v20.4s +.inst 0x5e2818e4 //sha1su1 v4.16b,v7.16b +.inst 0x5e0730c5 //sha1su0 v5.16b,v6.16b,v7.16b +.inst 0x5e280803 //sha1h v3.16b,v0.16b // 10 +.inst 0x5e142040 //sha1m v0.16b,v2.16b,v20.4s add v20.4s,v18.4s,v4.4s - .inst 0x5e281885 //sha1su1 v5.16b,v4.16b - .inst 0x5e0430e6 //sha1su0 v6.16b,v7.16b,v4.16b - .inst 0x5e280802 //sha1h v2.16b,v0.16b // 11 - .inst 0x5e152060 //sha1m v0.16b,v3.16b,v21.4s +.inst 0x5e281885 //sha1su1 v5.16b,v4.16b +.inst 0x5e0430e6 //sha1su0 v6.16b,v7.16b,v4.16b +.inst 0x5e280802 //sha1h v2.16b,v0.16b // 11 +.inst 0x5e152060 //sha1m v0.16b,v3.16b,v21.4s add v21.4s,v18.4s,v5.4s - .inst 0x5e2818a6 //sha1su1 v6.16b,v5.16b - .inst 0x5e053087 //sha1su0 v7.16b,v4.16b,v5.16b - .inst 0x5e280803 //sha1h v3.16b,v0.16b // 12 - .inst 0x5e142040 //sha1m v0.16b,v2.16b,v20.4s +.inst 0x5e2818a6 //sha1su1 v6.16b,v5.16b +.inst 0x5e053087 //sha1su0 v7.16b,v4.16b,v5.16b +.inst 0x5e280803 //sha1h v3.16b,v0.16b // 12 +.inst 0x5e142040 //sha1m v0.16b,v2.16b,v20.4s add v20.4s,v18.4s,v6.4s - .inst 0x5e2818c7 //sha1su1 v7.16b,v6.16b - .inst 0x5e0630a4 //sha1su0 v4.16b,v5.16b,v6.16b - .inst 0x5e280802 //sha1h v2.16b,v0.16b // 13 - .inst 0x5e152060 //sha1m v0.16b,v3.16b,v21.4s +.inst 0x5e2818c7 //sha1su1 v7.16b,v6.16b +.inst 0x5e0630a4 //sha1su0 v4.16b,v5.16b,v6.16b +.inst 0x5e280802 //sha1h v2.16b,v0.16b // 13 +.inst 0x5e152060 //sha1m v0.16b,v3.16b,v21.4s add v21.4s,v19.4s,v7.4s - .inst 0x5e2818e4 //sha1su1 v4.16b,v7.16b - .inst 0x5e0730c5 //sha1su0 v5.16b,v6.16b,v7.16b - .inst 0x5e280803 //sha1h v3.16b,v0.16b // 14 - .inst 0x5e142040 //sha1m v0.16b,v2.16b,v20.4s +.inst 0x5e2818e4 //sha1su1 v4.16b,v7.16b +.inst 0x5e0730c5 //sha1su0 v5.16b,v6.16b,v7.16b +.inst 0x5e280803 //sha1h v3.16b,v0.16b // 14 +.inst 0x5e142040 //sha1m v0.16b,v2.16b,v20.4s add v20.4s,v19.4s,v4.4s - .inst 0x5e281885 //sha1su1 v5.16b,v4.16b - .inst 0x5e0430e6 //sha1su0 v6.16b,v7.16b,v4.16b - .inst 0x5e280802 //sha1h v2.16b,v0.16b // 15 - .inst 0x5e151060 //sha1p v0.16b,v3.16b,v21.4s +.inst 0x5e281885 //sha1su1 v5.16b,v4.16b +.inst 0x5e0430e6 //sha1su0 v6.16b,v7.16b,v4.16b +.inst 0x5e280802 //sha1h v2.16b,v0.16b // 15 +.inst 0x5e151060 //sha1p v0.16b,v3.16b,v21.4s add v21.4s,v19.4s,v5.4s - .inst 0x5e2818a6 //sha1su1 v6.16b,v5.16b - .inst 0x5e053087 //sha1su0 v7.16b,v4.16b,v5.16b - .inst 0x5e280803 //sha1h v3.16b,v0.16b // 16 - .inst 0x5e141040 //sha1p v0.16b,v2.16b,v20.4s +.inst 0x5e2818a6 //sha1su1 v6.16b,v5.16b +.inst 0x5e053087 //sha1su0 v7.16b,v4.16b,v5.16b +.inst 0x5e280803 //sha1h v3.16b,v0.16b // 16 +.inst 0x5e141040 //sha1p v0.16b,v2.16b,v20.4s add v20.4s,v19.4s,v6.4s - .inst 0x5e2818c7 //sha1su1 v7.16b,v6.16b - .inst 0x5e280802 //sha1h v2.16b,v0.16b // 17 - .inst 0x5e151060 //sha1p v0.16b,v3.16b,v21.4s +.inst 0x5e2818c7 //sha1su1 v7.16b,v6.16b +.inst 0x5e280802 //sha1h v2.16b,v0.16b // 17 +.inst 0x5e151060 //sha1p v0.16b,v3.16b,v21.4s add v21.4s,v19.4s,v7.4s - .inst 0x5e280803 //sha1h v3.16b,v0.16b // 18 - .inst 0x5e141040 //sha1p v0.16b,v2.16b,v20.4s +.inst 0x5e280803 //sha1h v3.16b,v0.16b // 18 +.inst 0x5e141040 //sha1p v0.16b,v2.16b,v20.4s - .inst 0x5e280802 //sha1h v2.16b,v0.16b // 19 - .inst 0x5e151060 //sha1p v0.16b,v3.16b,v21.4s +.inst 0x5e280802 //sha1h v2.16b,v0.16b // 19 +.inst 0x5e151060 //sha1p v0.16b,v3.16b,v21.4s add v1.4s,v1.4s,v2.4s add v0.4s,v0.4s,v22.4s @@ -1206,6 +1207,7 @@ sha1_block_armv8: .long 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 //K_60_79 .LOPENSSL_armcap_P: .quad OPENSSL_armcap_P-. -.asciz "SHA1 block transform for ARMv8, CRYPTOGAMS by " +.byte 83,72,65,49,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 +.align 2 .align 2 .comm OPENSSL_armcap_P,4,4 diff --git a/linux-aarch64/crypto/sha/sha256-armv8.S b/linux-aarch64/crypto/sha/sha256-armv8.S index bd43b1f..ec572e9 100644 --- a/linux-aarch64/crypto/sha/sha256-armv8.S +++ b/linux-aarch64/crypto/sha/sha256-armv8.S @@ -2,6 +2,7 @@ .text + .globl sha256_block_data_order .type sha256_block_data_order,%function .align 6 @@ -27,7 +28,7 @@ sha256_block_data_order: ldp w24,w25,[x0,#4*4] add x2,x1,x2,lsl#6 // end of input ldp w26,w27,[x0,#6*4] - adr x30,K256 + adr x30,.LK256 stp x0,x2,[x29,#96] .Loop: @@ -975,167 +976,168 @@ sha256_block_data_order: .size sha256_block_data_order,.-sha256_block_data_order .align 6 -.type K256,%object -K256: - .long 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5 - .long 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5 - .long 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3 - .long 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174 - .long 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc - .long 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da - .long 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7 - .long 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967 - .long 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13 - .long 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85 - .long 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3 - .long 0xd192e819,0xd6990624,0xf40e3585,0x106aa070 - .long 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5 - .long 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3 - .long 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 - .long 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 - .long 0 //terminator -.size K256,.-K256 +.type .LK256,%object +.LK256: +.long 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5 +.long 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5 +.long 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3 +.long 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174 +.long 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc +.long 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da +.long 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7 +.long 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967 +.long 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13 +.long 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85 +.long 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3 +.long 0xd192e819,0xd6990624,0xf40e3585,0x106aa070 +.long 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5 +.long 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3 +.long 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 +.long 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 +.long 0 //terminator +.size .LK256,.-.LK256 .align 3 .LOPENSSL_armcap_P: - .quad OPENSSL_armcap_P-. -.asciz "SHA256 block transform for ARMv8, CRYPTOGAMS by " +.quad OPENSSL_armcap_P-. +.byte 83,72,65,50,53,54,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 +.align 2 .align 2 .type sha256_block_armv8,%function .align 6 sha256_block_armv8: .Lv8_entry: - stp x29,x30,[sp,#-16]! - add x29,sp,#0 + stp x29,x30,[sp,#-16]! + add x29,sp,#0 - ld1 {v0.4s,v1.4s},[x0] - adr x3,K256 + ld1 {v0.4s,v1.4s},[x0] + adr x3,.LK256 .Loop_hw: - ld1 {v4.16b-v7.16b},[x1],#64 - sub x2,x2,#1 - ld1 {v16.4s},[x3],#16 - rev32 v4.16b,v4.16b - rev32 v5.16b,v5.16b - rev32 v6.16b,v6.16b - rev32 v7.16b,v7.16b - orr v18.16b,v0.16b,v0.16b // offload - orr v19.16b,v1.16b,v1.16b - ld1 {v17.4s},[x3],#16 - add v16.4s,v16.4s,v4.4s - .inst 0x5e2828a4 //sha256su0 v4.16b,v5.16b - orr v2.16b,v0.16b,v0.16b - .inst 0x5e104020 //sha256h v0.16b,v1.16b,v16.4s - .inst 0x5e105041 //sha256h2 v1.16b,v2.16b,v16.4s - .inst 0x5e0760c4 //sha256su1 v4.16b,v6.16b,v7.16b - ld1 {v16.4s},[x3],#16 - add v17.4s,v17.4s,v5.4s - .inst 0x5e2828c5 //sha256su0 v5.16b,v6.16b - orr v2.16b,v0.16b,v0.16b - .inst 0x5e114020 //sha256h v0.16b,v1.16b,v17.4s - .inst 0x5e115041 //sha256h2 v1.16b,v2.16b,v17.4s - .inst 0x5e0460e5 //sha256su1 v5.16b,v7.16b,v4.16b - ld1 {v17.4s},[x3],#16 - add v16.4s,v16.4s,v6.4s - .inst 0x5e2828e6 //sha256su0 v6.16b,v7.16b - orr v2.16b,v0.16b,v0.16b - .inst 0x5e104020 //sha256h v0.16b,v1.16b,v16.4s - .inst 0x5e105041 //sha256h2 v1.16b,v2.16b,v16.4s - .inst 0x5e056086 //sha256su1 v6.16b,v4.16b,v5.16b - ld1 {v16.4s},[x3],#16 - add v17.4s,v17.4s,v7.4s - .inst 0x5e282887 //sha256su0 v7.16b,v4.16b - orr v2.16b,v0.16b,v0.16b - .inst 0x5e114020 //sha256h v0.16b,v1.16b,v17.4s - .inst 0x5e115041 //sha256h2 v1.16b,v2.16b,v17.4s - .inst 0x5e0660a7 //sha256su1 v7.16b,v5.16b,v6.16b - ld1 {v17.4s},[x3],#16 - add v16.4s,v16.4s,v4.4s - .inst 0x5e2828a4 //sha256su0 v4.16b,v5.16b - orr v2.16b,v0.16b,v0.16b - .inst 0x5e104020 //sha256h v0.16b,v1.16b,v16.4s - .inst 0x5e105041 //sha256h2 v1.16b,v2.16b,v16.4s - .inst 0x5e0760c4 //sha256su1 v4.16b,v6.16b,v7.16b - ld1 {v16.4s},[x3],#16 - add v17.4s,v17.4s,v5.4s - .inst 0x5e2828c5 //sha256su0 v5.16b,v6.16b - orr v2.16b,v0.16b,v0.16b - .inst 0x5e114020 //sha256h v0.16b,v1.16b,v17.4s - .inst 0x5e115041 //sha256h2 v1.16b,v2.16b,v17.4s - .inst 0x5e0460e5 //sha256su1 v5.16b,v7.16b,v4.16b - ld1 {v17.4s},[x3],#16 - add v16.4s,v16.4s,v6.4s - .inst 0x5e2828e6 //sha256su0 v6.16b,v7.16b - orr v2.16b,v0.16b,v0.16b - .inst 0x5e104020 //sha256h v0.16b,v1.16b,v16.4s - .inst 0x5e105041 //sha256h2 v1.16b,v2.16b,v16.4s - .inst 0x5e056086 //sha256su1 v6.16b,v4.16b,v5.16b - ld1 {v16.4s},[x3],#16 - add v17.4s,v17.4s,v7.4s - .inst 0x5e282887 //sha256su0 v7.16b,v4.16b - orr v2.16b,v0.16b,v0.16b - .inst 0x5e114020 //sha256h v0.16b,v1.16b,v17.4s - .inst 0x5e115041 //sha256h2 v1.16b,v2.16b,v17.4s - .inst 0x5e0660a7 //sha256su1 v7.16b,v5.16b,v6.16b - ld1 {v17.4s},[x3],#16 - add v16.4s,v16.4s,v4.4s - .inst 0x5e2828a4 //sha256su0 v4.16b,v5.16b - orr v2.16b,v0.16b,v0.16b - .inst 0x5e104020 //sha256h v0.16b,v1.16b,v16.4s - .inst 0x5e105041 //sha256h2 v1.16b,v2.16b,v16.4s - .inst 0x5e0760c4 //sha256su1 v4.16b,v6.16b,v7.16b - ld1 {v16.4s},[x3],#16 - add v17.4s,v17.4s,v5.4s - .inst 0x5e2828c5 //sha256su0 v5.16b,v6.16b - orr v2.16b,v0.16b,v0.16b - .inst 0x5e114020 //sha256h v0.16b,v1.16b,v17.4s - .inst 0x5e115041 //sha256h2 v1.16b,v2.16b,v17.4s - .inst 0x5e0460e5 //sha256su1 v5.16b,v7.16b,v4.16b - ld1 {v17.4s},[x3],#16 - add v16.4s,v16.4s,v6.4s - .inst 0x5e2828e6 //sha256su0 v6.16b,v7.16b - orr v2.16b,v0.16b,v0.16b - .inst 0x5e104020 //sha256h v0.16b,v1.16b,v16.4s - .inst 0x5e105041 //sha256h2 v1.16b,v2.16b,v16.4s - .inst 0x5e056086 //sha256su1 v6.16b,v4.16b,v5.16b - ld1 {v16.4s},[x3],#16 - add v17.4s,v17.4s,v7.4s - .inst 0x5e282887 //sha256su0 v7.16b,v4.16b - orr v2.16b,v0.16b,v0.16b - .inst 0x5e114020 //sha256h v0.16b,v1.16b,v17.4s - .inst 0x5e115041 //sha256h2 v1.16b,v2.16b,v17.4s - .inst 0x5e0660a7 //sha256su1 v7.16b,v5.16b,v6.16b - ld1 {v17.4s},[x3],#16 - add v16.4s,v16.4s,v4.4s - orr v2.16b,v0.16b,v0.16b - .inst 0x5e104020 //sha256h v0.16b,v1.16b,v16.4s - .inst 0x5e105041 //sha256h2 v1.16b,v2.16b,v16.4s + ld1 {v4.16b,v5.16b,v6.16b,v7.16b},[x1],#64 + sub x2,x2,#1 + ld1 {v16.4s},[x3],#16 + rev32 v4.16b,v4.16b + rev32 v5.16b,v5.16b + rev32 v6.16b,v6.16b + rev32 v7.16b,v7.16b + orr v18.16b,v0.16b,v0.16b // offload + orr v19.16b,v1.16b,v1.16b + ld1 {v17.4s},[x3],#16 + add v16.4s,v16.4s,v4.4s +.inst 0x5e2828a4 //sha256su0 v4.16b,v5.16b + orr v2.16b,v0.16b,v0.16b +.inst 0x5e104020 //sha256h v0.16b,v1.16b,v16.4s +.inst 0x5e105041 //sha256h2 v1.16b,v2.16b,v16.4s +.inst 0x5e0760c4 //sha256su1 v4.16b,v6.16b,v7.16b + ld1 {v16.4s},[x3],#16 + add v17.4s,v17.4s,v5.4s +.inst 0x5e2828c5 //sha256su0 v5.16b,v6.16b + orr v2.16b,v0.16b,v0.16b +.inst 0x5e114020 //sha256h v0.16b,v1.16b,v17.4s +.inst 0x5e115041 //sha256h2 v1.16b,v2.16b,v17.4s +.inst 0x5e0460e5 //sha256su1 v5.16b,v7.16b,v4.16b + ld1 {v17.4s},[x3],#16 + add v16.4s,v16.4s,v6.4s +.inst 0x5e2828e6 //sha256su0 v6.16b,v7.16b + orr v2.16b,v0.16b,v0.16b +.inst 0x5e104020 //sha256h v0.16b,v1.16b,v16.4s +.inst 0x5e105041 //sha256h2 v1.16b,v2.16b,v16.4s +.inst 0x5e056086 //sha256su1 v6.16b,v4.16b,v5.16b + ld1 {v16.4s},[x3],#16 + add v17.4s,v17.4s,v7.4s +.inst 0x5e282887 //sha256su0 v7.16b,v4.16b + orr v2.16b,v0.16b,v0.16b +.inst 0x5e114020 //sha256h v0.16b,v1.16b,v17.4s +.inst 0x5e115041 //sha256h2 v1.16b,v2.16b,v17.4s +.inst 0x5e0660a7 //sha256su1 v7.16b,v5.16b,v6.16b + ld1 {v17.4s},[x3],#16 + add v16.4s,v16.4s,v4.4s +.inst 0x5e2828a4 //sha256su0 v4.16b,v5.16b + orr v2.16b,v0.16b,v0.16b +.inst 0x5e104020 //sha256h v0.16b,v1.16b,v16.4s +.inst 0x5e105041 //sha256h2 v1.16b,v2.16b,v16.4s +.inst 0x5e0760c4 //sha256su1 v4.16b,v6.16b,v7.16b + ld1 {v16.4s},[x3],#16 + add v17.4s,v17.4s,v5.4s +.inst 0x5e2828c5 //sha256su0 v5.16b,v6.16b + orr v2.16b,v0.16b,v0.16b +.inst 0x5e114020 //sha256h v0.16b,v1.16b,v17.4s +.inst 0x5e115041 //sha256h2 v1.16b,v2.16b,v17.4s +.inst 0x5e0460e5 //sha256su1 v5.16b,v7.16b,v4.16b + ld1 {v17.4s},[x3],#16 + add v16.4s,v16.4s,v6.4s +.inst 0x5e2828e6 //sha256su0 v6.16b,v7.16b + orr v2.16b,v0.16b,v0.16b +.inst 0x5e104020 //sha256h v0.16b,v1.16b,v16.4s +.inst 0x5e105041 //sha256h2 v1.16b,v2.16b,v16.4s +.inst 0x5e056086 //sha256su1 v6.16b,v4.16b,v5.16b + ld1 {v16.4s},[x3],#16 + add v17.4s,v17.4s,v7.4s +.inst 0x5e282887 //sha256su0 v7.16b,v4.16b + orr v2.16b,v0.16b,v0.16b +.inst 0x5e114020 //sha256h v0.16b,v1.16b,v17.4s +.inst 0x5e115041 //sha256h2 v1.16b,v2.16b,v17.4s +.inst 0x5e0660a7 //sha256su1 v7.16b,v5.16b,v6.16b + ld1 {v17.4s},[x3],#16 + add v16.4s,v16.4s,v4.4s +.inst 0x5e2828a4 //sha256su0 v4.16b,v5.16b + orr v2.16b,v0.16b,v0.16b +.inst 0x5e104020 //sha256h v0.16b,v1.16b,v16.4s +.inst 0x5e105041 //sha256h2 v1.16b,v2.16b,v16.4s +.inst 0x5e0760c4 //sha256su1 v4.16b,v6.16b,v7.16b + ld1 {v16.4s},[x3],#16 + add v17.4s,v17.4s,v5.4s +.inst 0x5e2828c5 //sha256su0 v5.16b,v6.16b + orr v2.16b,v0.16b,v0.16b +.inst 0x5e114020 //sha256h v0.16b,v1.16b,v17.4s +.inst 0x5e115041 //sha256h2 v1.16b,v2.16b,v17.4s +.inst 0x5e0460e5 //sha256su1 v5.16b,v7.16b,v4.16b + ld1 {v17.4s},[x3],#16 + add v16.4s,v16.4s,v6.4s +.inst 0x5e2828e6 //sha256su0 v6.16b,v7.16b + orr v2.16b,v0.16b,v0.16b +.inst 0x5e104020 //sha256h v0.16b,v1.16b,v16.4s +.inst 0x5e105041 //sha256h2 v1.16b,v2.16b,v16.4s +.inst 0x5e056086 //sha256su1 v6.16b,v4.16b,v5.16b + ld1 {v16.4s},[x3],#16 + add v17.4s,v17.4s,v7.4s +.inst 0x5e282887 //sha256su0 v7.16b,v4.16b + orr v2.16b,v0.16b,v0.16b +.inst 0x5e114020 //sha256h v0.16b,v1.16b,v17.4s +.inst 0x5e115041 //sha256h2 v1.16b,v2.16b,v17.4s +.inst 0x5e0660a7 //sha256su1 v7.16b,v5.16b,v6.16b + ld1 {v17.4s},[x3],#16 + add v16.4s,v16.4s,v4.4s + orr v2.16b,v0.16b,v0.16b +.inst 0x5e104020 //sha256h v0.16b,v1.16b,v16.4s +.inst 0x5e105041 //sha256h2 v1.16b,v2.16b,v16.4s - ld1 {v16.4s},[x3],#16 - add v17.4s,v17.4s,v5.4s - orr v2.16b,v0.16b,v0.16b - .inst 0x5e114020 //sha256h v0.16b,v1.16b,v17.4s - .inst 0x5e115041 //sha256h2 v1.16b,v2.16b,v17.4s + ld1 {v16.4s},[x3],#16 + add v17.4s,v17.4s,v5.4s + orr v2.16b,v0.16b,v0.16b +.inst 0x5e114020 //sha256h v0.16b,v1.16b,v17.4s +.inst 0x5e115041 //sha256h2 v1.16b,v2.16b,v17.4s - ld1 {v17.4s},[x3] - add v16.4s,v16.4s,v6.4s - sub x3,x3,#64*4-16 // rewind - orr v2.16b,v0.16b,v0.16b - .inst 0x5e104020 //sha256h v0.16b,v1.16b,v16.4s - .inst 0x5e105041 //sha256h2 v1.16b,v2.16b,v16.4s + ld1 {v17.4s},[x3] + add v16.4s,v16.4s,v6.4s + sub x3,x3,#64*4-16 // rewind + orr v2.16b,v0.16b,v0.16b +.inst 0x5e104020 //sha256h v0.16b,v1.16b,v16.4s +.inst 0x5e105041 //sha256h2 v1.16b,v2.16b,v16.4s - add v17.4s,v17.4s,v7.4s - orr v2.16b,v0.16b,v0.16b - .inst 0x5e114020 //sha256h v0.16b,v1.16b,v17.4s - .inst 0x5e115041 //sha256h2 v1.16b,v2.16b,v17.4s + add v17.4s,v17.4s,v7.4s + orr v2.16b,v0.16b,v0.16b +.inst 0x5e114020 //sha256h v0.16b,v1.16b,v17.4s +.inst 0x5e115041 //sha256h2 v1.16b,v2.16b,v17.4s - add v0.4s,v0.4s,v18.4s - add v1.4s,v1.4s,v19.4s + add v0.4s,v0.4s,v18.4s + add v1.4s,v1.4s,v19.4s - cbnz x2,.Loop_hw + cbnz x2,.Loop_hw - st1 {v0.4s,v1.4s},[x0] + st1 {v0.4s,v1.4s},[x0] - ldr x29,[sp],#16 + ldr x29,[sp],#16 ret .size sha256_block_armv8,.-sha256_block_armv8 .comm OPENSSL_armcap_P,4,4 diff --git a/linux-aarch64/crypto/sha/sha512-armv8.S b/linux-aarch64/crypto/sha/sha512-armv8.S index 6b0d194..8fc342a 100644 --- a/linux-aarch64/crypto/sha/sha512-armv8.S +++ b/linux-aarch64/crypto/sha/sha512-armv8.S @@ -2,6 +2,7 @@ .text + .globl sha512_block_data_order .type sha512_block_data_order,%function .align 6 @@ -21,7 +22,7 @@ sha512_block_data_order: ldp x24,x25,[x0,#4*8] add x2,x1,x2,lsl#7 // end of input ldp x26,x27,[x0,#6*8] - adr x30,K512 + adr x30,.LK512 stp x0,x2,[x29,#96] .Loop: @@ -969,53 +970,54 @@ sha512_block_data_order: .size sha512_block_data_order,.-sha512_block_data_order .align 6 -.type K512,%object -K512: - .quad 0x428a2f98d728ae22,0x7137449123ef65cd - .quad 0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc - .quad 0x3956c25bf348b538,0x59f111f1b605d019 - .quad 0x923f82a4af194f9b,0xab1c5ed5da6d8118 - .quad 0xd807aa98a3030242,0x12835b0145706fbe - .quad 0x243185be4ee4b28c,0x550c7dc3d5ffb4e2 - .quad 0x72be5d74f27b896f,0x80deb1fe3b1696b1 - .quad 0x9bdc06a725c71235,0xc19bf174cf692694 - .quad 0xe49b69c19ef14ad2,0xefbe4786384f25e3 - .quad 0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65 - .quad 0x2de92c6f592b0275,0x4a7484aa6ea6e483 - .quad 0x5cb0a9dcbd41fbd4,0x76f988da831153b5 - .quad 0x983e5152ee66dfab,0xa831c66d2db43210 - .quad 0xb00327c898fb213f,0xbf597fc7beef0ee4 - .quad 0xc6e00bf33da88fc2,0xd5a79147930aa725 - .quad 0x06ca6351e003826f,0x142929670a0e6e70 - .quad 0x27b70a8546d22ffc,0x2e1b21385c26c926 - .quad 0x4d2c6dfc5ac42aed,0x53380d139d95b3df - .quad 0x650a73548baf63de,0x766a0abb3c77b2a8 - .quad 0x81c2c92e47edaee6,0x92722c851482353b - .quad 0xa2bfe8a14cf10364,0xa81a664bbc423001 - .quad 0xc24b8b70d0f89791,0xc76c51a30654be30 - .quad 0xd192e819d6ef5218,0xd69906245565a910 - .quad 0xf40e35855771202a,0x106aa07032bbd1b8 - .quad 0x19a4c116b8d2d0c8,0x1e376c085141ab53 - .quad 0x2748774cdf8eeb99,0x34b0bcb5e19b48a8 - .quad 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb - .quad 0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3 - .quad 0x748f82ee5defb2fc,0x78a5636f43172f60 - .quad 0x84c87814a1f0ab72,0x8cc702081a6439ec - .quad 0x90befffa23631e28,0xa4506cebde82bde9 - .quad 0xbef9a3f7b2c67915,0xc67178f2e372532b - .quad 0xca273eceea26619c,0xd186b8c721c0c207 - .quad 0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178 - .quad 0x06f067aa72176fba,0x0a637dc5a2c898a6 - .quad 0x113f9804bef90dae,0x1b710b35131c471b - .quad 0x28db77f523047d84,0x32caab7b40c72493 - .quad 0x3c9ebe0a15c9bebc,0x431d67c49c100d4c - .quad 0x4cc5d4becb3e42b6,0x597f299cfc657e2a - .quad 0x5fcb6fab3ad6faec,0x6c44198c4a475817 - .quad 0 // terminator -.size K512,.-K512 +.type .LK512,%object +.LK512: +.quad 0x428a2f98d728ae22,0x7137449123ef65cd +.quad 0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc +.quad 0x3956c25bf348b538,0x59f111f1b605d019 +.quad 0x923f82a4af194f9b,0xab1c5ed5da6d8118 +.quad 0xd807aa98a3030242,0x12835b0145706fbe +.quad 0x243185be4ee4b28c,0x550c7dc3d5ffb4e2 +.quad 0x72be5d74f27b896f,0x80deb1fe3b1696b1 +.quad 0x9bdc06a725c71235,0xc19bf174cf692694 +.quad 0xe49b69c19ef14ad2,0xefbe4786384f25e3 +.quad 0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65 +.quad 0x2de92c6f592b0275,0x4a7484aa6ea6e483 +.quad 0x5cb0a9dcbd41fbd4,0x76f988da831153b5 +.quad 0x983e5152ee66dfab,0xa831c66d2db43210 +.quad 0xb00327c898fb213f,0xbf597fc7beef0ee4 +.quad 0xc6e00bf33da88fc2,0xd5a79147930aa725 +.quad 0x06ca6351e003826f,0x142929670a0e6e70 +.quad 0x27b70a8546d22ffc,0x2e1b21385c26c926 +.quad 0x4d2c6dfc5ac42aed,0x53380d139d95b3df +.quad 0x650a73548baf63de,0x766a0abb3c77b2a8 +.quad 0x81c2c92e47edaee6,0x92722c851482353b +.quad 0xa2bfe8a14cf10364,0xa81a664bbc423001 +.quad 0xc24b8b70d0f89791,0xc76c51a30654be30 +.quad 0xd192e819d6ef5218,0xd69906245565a910 +.quad 0xf40e35855771202a,0x106aa07032bbd1b8 +.quad 0x19a4c116b8d2d0c8,0x1e376c085141ab53 +.quad 0x2748774cdf8eeb99,0x34b0bcb5e19b48a8 +.quad 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb +.quad 0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3 +.quad 0x748f82ee5defb2fc,0x78a5636f43172f60 +.quad 0x84c87814a1f0ab72,0x8cc702081a6439ec +.quad 0x90befffa23631e28,0xa4506cebde82bde9 +.quad 0xbef9a3f7b2c67915,0xc67178f2e372532b +.quad 0xca273eceea26619c,0xd186b8c721c0c207 +.quad 0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178 +.quad 0x06f067aa72176fba,0x0a637dc5a2c898a6 +.quad 0x113f9804bef90dae,0x1b710b35131c471b +.quad 0x28db77f523047d84,0x32caab7b40c72493 +.quad 0x3c9ebe0a15c9bebc,0x431d67c49c100d4c +.quad 0x4cc5d4becb3e42b6,0x597f299cfc657e2a +.quad 0x5fcb6fab3ad6faec,0x6c44198c4a475817 +.quad 0 // terminator +.size .LK512,.-.LK512 .align 3 .LOPENSSL_armcap_P: - .quad OPENSSL_armcap_P-. -.asciz "SHA512 block transform for ARMv8, CRYPTOGAMS by " +.quad OPENSSL_armcap_P-. +.byte 83,72,65,53,49,50,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 +.align 2 .align 2 .comm OPENSSL_armcap_P,4,4 diff --git a/linux-arm/crypto/aes/aes-armv4.S b/linux-arm/crypto/aes/aes-armv4.S index 0b7d193..1135020 100644 --- a/linux-arm/crypto/aes/aes-armv4.S +++ b/linux-arm/crypto/aes/aes-armv4.S @@ -43,7 +43,7 @@ .code 32 #else .syntax unified -# ifdef __thumb2__ +# if defined(__thumb2__) && !defined(__APPLE__) .thumb # else .code 32 @@ -158,9 +158,9 @@ AES_Te: @ void asm_AES_encrypt(const unsigned char *in, unsigned char *out, @ const AES_KEY *key) { -.global asm_AES_encrypt -.hidden asm_AES_encrypt -.type asm_AES_encrypt,%function +.globl asm_AES_encrypt +.hidden asm_AES_encrypt +.type asm_AES_encrypt,%function .align 5 asm_AES_encrypt: #if __ARM_ARCH__<7 @@ -168,10 +168,14 @@ asm_AES_encrypt: #else adr r3,asm_AES_encrypt #endif - stmdb sp!,{r1,r4-r12,lr} + stmdb sp!,{r1,r4-r12,lr} +#ifdef __APPLE__ + adr r10,AES_Te +#else + sub r10,r3,#asm_AES_encrypt-AES_Te @ Te +#endif mov r12,r0 @ inp mov r11,r2 - sub r10,r3,#asm_AES_encrypt-AES_Te @ Te #if __ARM_ARCH__<7 ldrb r0,[r12,#3] @ load input data in endian-neutral ldrb r4,[r12,#2] @ manner... @@ -258,20 +262,20 @@ asm_AES_encrypt: strb r3,[r12,#15] #endif #if __ARM_ARCH__>=5 - ldmia sp!,{r4-r12,pc} + ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc} #else - ldmia sp!,{r4-r12,lr} + ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} tst lr,#1 moveq pc,lr @ be binary compatible with V4, yet - .word 0xe12fff1e @ interoperable with Thumb ISA:-) +.word 0xe12fff1e @ interoperable with Thumb ISA:-) #endif .size asm_AES_encrypt,.-asm_AES_encrypt -.type _armv4_AES_encrypt,%function +.type _armv4_AES_encrypt,%function .align 2 _armv4_AES_encrypt: str lr,[sp,#-4]! @ push lr - ldmia r11!,{r4-r7} + ldmia r11!,{r4,r5,r6,r7} eor r0,r0,r4 ldr r12,[r11,#240-16] eor r1,r1,r5 @@ -404,9 +408,9 @@ _armv4_AES_encrypt: ldr pc,[sp],#4 @ pop and return .size _armv4_AES_encrypt,.-_armv4_AES_encrypt -.global asm_AES_set_encrypt_key -.hidden asm_AES_set_encrypt_key -.type asm_AES_set_encrypt_key,%function +.globl asm_AES_set_encrypt_key +.hidden asm_AES_set_encrypt_key +.type asm_AES_set_encrypt_key,%function .align 5 asm_AES_set_encrypt_key: _armv4_AES_set_encrypt_key: @@ -439,13 +443,17 @@ _armv4_AES_set_encrypt_key: movne r0,#-1 bne .Labrt -.Lok: stmdb sp!,{r4-r12,lr} - sub r10,r3,#_armv4_AES_set_encrypt_key-AES_Te-1024 @ Te4 - +.Lok: stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} mov r12,r0 @ inp mov lr,r1 @ bits mov r11,r2 @ key +#ifdef __APPLE__ + adr r10,AES_Te+1024 @ Te4 +#else + sub r10,r3,#_armv4_AES_set_encrypt_key-AES_Te-1024 @ Te4 +#endif + #if __ARM_ARCH__<7 ldrb r0,[r12,#3] @ load input data in endian-neutral ldrb r4,[r12,#2] @ manner... @@ -696,20 +704,20 @@ _armv4_AES_set_encrypt_key: .align 2 .Ldone: mov r0,#0 - ldmia sp!,{r4-r12,lr} + ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} .Labrt: -#if defined(__thumb2__) && __ARM_ARCH__>=7 - .short 0x4770 @ .word 0xe12fff1e in Thumb2 encoding +#if __ARM_ARCH__>=5 + bx lr @ .word 0xe12fff1e #else tst lr,#1 moveq pc,lr @ be binary compatible with V4, yet - .word 0xe12fff1e @ interoperable with Thumb ISA:-) +.word 0xe12fff1e @ interoperable with Thumb ISA:-) #endif .size asm_AES_set_encrypt_key,.-asm_AES_set_encrypt_key -.global asm_AES_set_decrypt_key -.hidden asm_AES_set_decrypt_key -.type asm_AES_set_decrypt_key,%function +.globl asm_AES_set_decrypt_key +.hidden asm_AES_set_decrypt_key +.type asm_AES_set_decrypt_key,%function .align 5 asm_AES_set_decrypt_key: str lr,[sp,#-4]! @ push lr @@ -724,13 +732,13 @@ asm_AES_set_decrypt_key: .size asm_AES_set_decrypt_key,.-asm_AES_set_decrypt_key @ void AES_set_enc2dec_key(const AES_KEY *inp,AES_KEY *out) -.global AES_set_enc2dec_key +.globl AES_set_enc2dec_key .hidden AES_set_enc2dec_key .type AES_set_enc2dec_key,%function .align 5 AES_set_enc2dec_key: _armv4_AES_set_enc2dec_key: - stmdb sp!,{r4-r12,lr} + stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} ldr r12,[r0,#240] mov r7,r0 @ input @@ -812,12 +820,12 @@ _armv4_AES_set_enc2dec_key: mov r0,#0 #if __ARM_ARCH__>=5 - ldmia sp!,{r4-r12,pc} + ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc} #else - ldmia sp!,{r4-r12,lr} + ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} tst lr,#1 moveq pc,lr @ be binary compatible with V4, yet - .word 0xe12fff1e @ interoperable with Thumb ISA:-) +.word 0xe12fff1e @ interoperable with Thumb ISA:-) #endif .size AES_set_enc2dec_key,.-AES_set_enc2dec_key @@ -925,9 +933,9 @@ AES_Td: @ void asm_AES_decrypt(const unsigned char *in, unsigned char *out, @ const AES_KEY *key) { -.global asm_AES_decrypt -.hidden asm_AES_decrypt -.type asm_AES_decrypt,%function +.globl asm_AES_decrypt +.hidden asm_AES_decrypt +.type asm_AES_decrypt,%function .align 5 asm_AES_decrypt: #if __ARM_ARCH__<7 @@ -935,10 +943,14 @@ asm_AES_decrypt: #else adr r3,asm_AES_decrypt #endif - stmdb sp!,{r1,r4-r12,lr} + stmdb sp!,{r1,r4-r12,lr} +#ifdef __APPLE__ + adr r10,AES_Td +#else + sub r10,r3,#asm_AES_decrypt-AES_Td @ Td +#endif mov r12,r0 @ inp mov r11,r2 - sub r10,r3,#asm_AES_decrypt-AES_Td @ Td #if __ARM_ARCH__<7 ldrb r0,[r12,#3] @ load input data in endian-neutral ldrb r4,[r12,#2] @ manner... @@ -1025,20 +1037,20 @@ asm_AES_decrypt: strb r3,[r12,#15] #endif #if __ARM_ARCH__>=5 - ldmia sp!,{r4-r12,pc} + ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc} #else - ldmia sp!,{r4-r12,lr} + ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} tst lr,#1 moveq pc,lr @ be binary compatible with V4, yet - .word 0xe12fff1e @ interoperable with Thumb ISA:-) +.word 0xe12fff1e @ interoperable with Thumb ISA:-) #endif .size asm_AES_decrypt,.-asm_AES_decrypt -.type _armv4_AES_decrypt,%function +.type _armv4_AES_decrypt,%function .align 2 _armv4_AES_decrypt: str lr,[sp,#-4]! @ push lr - ldmia r11!,{r4-r7} + ldmia r11!,{r4,r5,r6,r7} eor r0,r0,r4 ldr r12,[r11,#240-16] eor r1,r1,r5 @@ -1179,7 +1191,8 @@ _armv4_AES_decrypt: sub r10,r10,#1024 ldr pc,[sp],#4 @ pop and return .size _armv4_AES_decrypt,.-_armv4_AES_decrypt -.asciz "AES for ARMv4, CRYPTOGAMS by " +.byte 65,69,83,32,102,111,114,32,65,82,77,118,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 +.align 2 .align 2 #endif diff --git a/linux-arm/crypto/aes/aesv8-armx.S b/linux-arm/crypto/aes/aesv8-armx.S index fede6ed..006300c 100644 --- a/linux-arm/crypto/aes/aesv8-armx.S +++ b/linux-arm/crypto/aes/aesv8-armx.S @@ -6,7 +6,7 @@ .fpu neon .code 32 .align 5 -rcon: +.Lrcon: .long 0x01,0x01,0x01,0x01 .long 0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d @ rotate-n-splat .long 0x1b,0x1b,0x1b,0x1b @@ -29,7 +29,7 @@ aes_v8_set_encrypt_key: tst r1,#0x3f bne .Lenc_key_abort - adr r3,rcon + adr r3,.Lrcon cmp r1,#192 veor q0,q0,q0 @@ -47,14 +47,14 @@ aes_v8_set_encrypt_key: vtbl.8 d21,{q3},d5 vext.8 q9,q0,q3,#12 vst1.32 {q3},[r2]! - .byte 0x00,0x43,0xf0,0xf3 @ aese q10,q0 +.byte 0x00,0x43,0xf0,0xf3 @ aese q10,q0 subs r1,r1,#1 veor q3,q3,q9 vext.8 q9,q0,q9,#12 veor q3,q3,q9 vext.8 q9,q0,q9,#12 - veor q10,q10,q1 + veor q10,q10,q1 veor q3,q3,q9 vshl.u8 q1,q1,#1 veor q3,q3,q10 @@ -66,13 +66,13 @@ aes_v8_set_encrypt_key: vtbl.8 d21,{q3},d5 vext.8 q9,q0,q3,#12 vst1.32 {q3},[r2]! - .byte 0x00,0x43,0xf0,0xf3 @ aese q10,q0 +.byte 0x00,0x43,0xf0,0xf3 @ aese q10,q0 veor q3,q3,q9 vext.8 q9,q0,q9,#12 veor q3,q3,q9 vext.8 q9,q0,q9,#12 - veor q10,q10,q1 + veor q10,q10,q1 veor q3,q3,q9 vshl.u8 q1,q1,#1 veor q3,q3,q10 @@ -81,13 +81,13 @@ aes_v8_set_encrypt_key: vtbl.8 d21,{q3},d5 vext.8 q9,q0,q3,#12 vst1.32 {q3},[r2]! - .byte 0x00,0x43,0xf0,0xf3 @ aese q10,q0 +.byte 0x00,0x43,0xf0,0xf3 @ aese q10,q0 veor q3,q3,q9 vext.8 q9,q0,q9,#12 veor q3,q3,q9 vext.8 q9,q0,q9,#12 - veor q10,q10,q1 + veor q10,q10,q1 veor q3,q3,q9 veor q3,q3,q10 vst1.32 {q3},[r2] @@ -108,7 +108,7 @@ aes_v8_set_encrypt_key: vtbl.8 d21,{q8},d5 vext.8 q9,q0,q3,#12 vst1.32 {d16},[r2]! - .byte 0x00,0x43,0xf0,0xf3 @ aese q10,q0 +.byte 0x00,0x43,0xf0,0xf3 @ aese q10,q0 subs r1,r1,#1 veor q3,q3,q9 @@ -119,7 +119,7 @@ aes_v8_set_encrypt_key: vdup.32 q9,d7[1] veor q9,q9,q8 - veor q10,q10,q1 + veor q10,q10,q1 vext.8 q8,q0,q8,#12 vshl.u8 q1,q1,#1 veor q8,q8,q9 @@ -144,14 +144,14 @@ aes_v8_set_encrypt_key: vtbl.8 d21,{q8},d5 vext.8 q9,q0,q3,#12 vst1.32 {q8},[r2]! - .byte 0x00,0x43,0xf0,0xf3 @ aese q10,q0 +.byte 0x00,0x43,0xf0,0xf3 @ aese q10,q0 subs r1,r1,#1 veor q3,q3,q9 vext.8 q9,q0,q9,#12 veor q3,q3,q9 vext.8 q9,q0,q9,#12 - veor q10,q10,q1 + veor q10,q10,q1 veor q3,q3,q9 vshl.u8 q1,q1,#1 veor q3,q3,q10 @@ -160,7 +160,7 @@ aes_v8_set_encrypt_key: vdup.32 q10,d7[1] vext.8 q9,q0,q8,#12 - .byte 0x00,0x43,0xf0,0xf3 @ aese q10,q0 +.byte 0x00,0x43,0xf0,0xf3 @ aese q10,q0 veor q8,q8,q9 vext.8 q9,q0,q9,#12 @@ -177,7 +177,7 @@ aes_v8_set_encrypt_key: .Lenc_key_abort: mov r0,r3 @ return value - + bx lr .size aes_v8_set_encrypt_key,.-aes_v8_set_encrypt_key @@ -203,15 +203,15 @@ aes_v8_set_decrypt_key: .Loop_imc: vld1.32 {q0},[r2] vld1.32 {q1},[r0] - .byte 0xc0,0x03,0xb0,0xf3 @ aesimc q0,q0 - .byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1 +.byte 0xc0,0x03,0xb0,0xf3 @ aesimc q0,q0 +.byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1 vst1.32 {q0},[r0],r4 vst1.32 {q1},[r2]! cmp r0,r2 bhi .Loop_imc vld1.32 {q0},[r2] - .byte 0xc0,0x03,0xb0,0xf3 @ aesimc q0,q0 +.byte 0xc0,0x03,0xb0,0xf3 @ aesimc q0,q0 vst1.32 {q0},[r0] eor r0,r0,r0 @ return value @@ -229,19 +229,19 @@ aes_v8_encrypt: vld1.32 {q1},[r2]! .Loop_enc: - .byte 0x00,0x43,0xb0,0xf3 @ aese q2,q0 +.byte 0x00,0x43,0xb0,0xf3 @ aese q2,q0 +.byte 0x84,0x43,0xb0,0xf3 @ aesmc q2,q2 vld1.32 {q0},[r2]! - .byte 0x84,0x43,0xb0,0xf3 @ aesmc q2,q2 subs r3,r3,#2 - .byte 0x02,0x43,0xb0,0xf3 @ aese q2,q1 +.byte 0x02,0x43,0xb0,0xf3 @ aese q2,q1 +.byte 0x84,0x43,0xb0,0xf3 @ aesmc q2,q2 vld1.32 {q1},[r2]! - .byte 0x84,0x43,0xb0,0xf3 @ aesmc q2,q2 bgt .Loop_enc - .byte 0x00,0x43,0xb0,0xf3 @ aese q2,q0 +.byte 0x00,0x43,0xb0,0xf3 @ aese q2,q0 +.byte 0x84,0x43,0xb0,0xf3 @ aesmc q2,q2 vld1.32 {q0},[r2] - .byte 0x84,0x43,0xb0,0xf3 @ aesmc q2,q2 - .byte 0x02,0x43,0xb0,0xf3 @ aese q2,q1 +.byte 0x02,0x43,0xb0,0xf3 @ aese q2,q1 veor q2,q2,q0 vst1.8 {q2},[r1] @@ -258,19 +258,19 @@ aes_v8_decrypt: vld1.32 {q1},[r2]! .Loop_dec: - .byte 0x40,0x43,0xb0,0xf3 @ aesd q2,q0 +.byte 0x40,0x43,0xb0,0xf3 @ aesd q2,q0 +.byte 0xc4,0x43,0xb0,0xf3 @ aesimc q2,q2 vld1.32 {q0},[r2]! - .byte 0xc4,0x43,0xb0,0xf3 @ aesimc q2,q2 subs r3,r3,#2 - .byte 0x42,0x43,0xb0,0xf3 @ aesd q2,q1 +.byte 0x42,0x43,0xb0,0xf3 @ aesd q2,q1 +.byte 0xc4,0x43,0xb0,0xf3 @ aesimc q2,q2 vld1.32 {q1},[r2]! - .byte 0xc4,0x43,0xb0,0xf3 @ aesimc q2,q2 bgt .Loop_dec - .byte 0x40,0x43,0xb0,0xf3 @ aesd q2,q0 +.byte 0x40,0x43,0xb0,0xf3 @ aesd q2,q0 +.byte 0xc4,0x43,0xb0,0xf3 @ aesimc q2,q2 vld1.32 {q0},[r2] - .byte 0xc4,0x43,0xb0,0xf3 @ aesimc q2,q2 - .byte 0x42,0x43,0xb0,0xf3 @ aesd q2,q1 +.byte 0x42,0x43,0xb0,0xf3 @ aesd q2,q1 veor q2,q2,q0 vst1.8 {q2},[r1] @@ -281,9 +281,9 @@ aes_v8_decrypt: .align 5 aes_v8_cbc_encrypt: mov ip,sp - stmdb sp!,{r4-r8,lr} - vstmdb sp!,{d8-d15} @ ABI specification says so - ldmia ip,{r4-r5} @ load remaining args + stmdb sp!,{r4,r5,r6,r7,r8,lr} + vstmdb sp!,{d8,d9,d10,d11,d12,d13,d14,d15} @ ABI specification says so + ldmia ip,{r4,r5} @ load remaining args subs r2,r2,#16 mov r8,#16 blo .Lcbc_abort @@ -295,13 +295,13 @@ aes_v8_cbc_encrypt: vld1.8 {q6},[r4] vld1.8 {q0},[r0],r8 - vld1.32 {q8-q9},[r3] @ load key schedule... + vld1.32 {q8,q9},[r3] @ load key schedule... sub r5,r5,#6 add r7,r3,r5,lsl#4 @ pointer to last 7 round keys sub r5,r5,#2 - vld1.32 {q10-q11},[r7]! - vld1.32 {q12-q13},[r7]! - vld1.32 {q14-q15},[r7]! + vld1.32 {q10,q11},[r7]! + vld1.32 {q12,q13},[r7]! + vld1.32 {q14,q15},[r7]! vld1.32 {q7},[r7] add r7,r3,#32 @@ -313,77 +313,100 @@ aes_v8_cbc_encrypt: veor q5,q8,q7 beq .Lcbc_enc128 + vld1.32 {q2,q3},[r7] + add r7,r3,#16 + add r6,r3,#16*4 + add r12,r3,#16*5 +.byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8 +.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 + add r14,r3,#16*6 + add r3,r3,#16*7 + b .Lenter_cbc_enc + +.align 4 .Loop_cbc_enc: - .byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8 - vld1.32 {q8},[r7]! - .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 - subs r6,r6,#2 - .byte 0x22,0x03,0xb0,0xf3 @ aese q0,q9 - vld1.32 {q9},[r7]! - .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 - bgt .Loop_cbc_enc - - .byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8 - .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 - subs r2,r2,#16 - .byte 0x22,0x03,0xb0,0xf3 @ aese q0,q9 - .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 - moveq r8,#0 - .byte 0x24,0x03,0xb0,0xf3 @ aese q0,q10 - .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 - add r7,r3,#16 - .byte 0x26,0x03,0xb0,0xf3 @ aese q0,q11 - .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 - vld1.8 {q8},[r0],r8 - .byte 0x28,0x03,0xb0,0xf3 @ aese q0,q12 - .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 - veor q8,q8,q5 - .byte 0x2a,0x03,0xb0,0xf3 @ aese q0,q13 - .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 - vld1.32 {q9},[r7]! @ re-pre-load rndkey[1] - .byte 0x2c,0x03,0xb0,0xf3 @ aese q0,q14 - .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 - .byte 0x2e,0x03,0xb0,0xf3 @ aese q0,q15 - - mov r6,r5 - veor q6,q0,q7 +.byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8 +.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 vst1.8 {q6},[r1]! +.Lenter_cbc_enc: +.byte 0x22,0x03,0xb0,0xf3 @ aese q0,q9 +.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 +.byte 0x04,0x03,0xb0,0xf3 @ aese q0,q2 +.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 + vld1.32 {q8},[r6] + cmp r5,#4 +.byte 0x06,0x03,0xb0,0xf3 @ aese q0,q3 +.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 + vld1.32 {q9},[r12] + beq .Lcbc_enc192 + +.byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8 +.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 + vld1.32 {q8},[r14] +.byte 0x22,0x03,0xb0,0xf3 @ aese q0,q9 +.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 + vld1.32 {q9},[r3] + nop + +.Lcbc_enc192: +.byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8 +.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 + subs r2,r2,#16 +.byte 0x22,0x03,0xb0,0xf3 @ aese q0,q9 +.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 + moveq r8,#0 +.byte 0x24,0x03,0xb0,0xf3 @ aese q0,q10 +.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 +.byte 0x26,0x03,0xb0,0xf3 @ aese q0,q11 +.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 + vld1.8 {q8},[r0],r8 +.byte 0x28,0x03,0xb0,0xf3 @ aese q0,q12 +.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 + veor q8,q8,q5 +.byte 0x2a,0x03,0xb0,0xf3 @ aese q0,q13 +.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 + vld1.32 {q9},[r7] @ re-pre-load rndkey[1] +.byte 0x2c,0x03,0xb0,0xf3 @ aese q0,q14 +.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 +.byte 0x2e,0x03,0xb0,0xf3 @ aese q0,q15 + veor q6,q0,q7 bhs .Loop_cbc_enc + vst1.8 {q6},[r1]! b .Lcbc_done .align 5 .Lcbc_enc128: - vld1.32 {q2-q3},[r7] - .byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8 - .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 + vld1.32 {q2,q3},[r7] +.byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8 +.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 b .Lenter_cbc_enc128 .Loop_cbc_enc128: - .byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8 - .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 - vst1.8 {q6},[r1]! +.byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8 +.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 + vst1.8 {q6},[r1]! .Lenter_cbc_enc128: - .byte 0x22,0x03,0xb0,0xf3 @ aese q0,q9 - .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 - subs r2,r2,#16 - .byte 0x04,0x03,0xb0,0xf3 @ aese q0,q2 - .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 - moveq r8,#0 - .byte 0x06,0x03,0xb0,0xf3 @ aese q0,q3 - .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 - .byte 0x24,0x03,0xb0,0xf3 @ aese q0,q10 - .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 - .byte 0x26,0x03,0xb0,0xf3 @ aese q0,q11 - .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 - vld1.8 {q8},[r0],r8 - .byte 0x28,0x03,0xb0,0xf3 @ aese q0,q12 - .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 - .byte 0x2a,0x03,0xb0,0xf3 @ aese q0,q13 - .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 - .byte 0x2c,0x03,0xb0,0xf3 @ aese q0,q14 - .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 - veor q8,q8,q5 - .byte 0x2e,0x03,0xb0,0xf3 @ aese q0,q15 +.byte 0x22,0x03,0xb0,0xf3 @ aese q0,q9 +.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 + subs r2,r2,#16 +.byte 0x04,0x03,0xb0,0xf3 @ aese q0,q2 +.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 + moveq r8,#0 +.byte 0x06,0x03,0xb0,0xf3 @ aese q0,q3 +.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 +.byte 0x24,0x03,0xb0,0xf3 @ aese q0,q10 +.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 +.byte 0x26,0x03,0xb0,0xf3 @ aese q0,q11 +.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 + vld1.8 {q8},[r0],r8 +.byte 0x28,0x03,0xb0,0xf3 @ aese q0,q12 +.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 +.byte 0x2a,0x03,0xb0,0xf3 @ aese q0,q13 +.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 +.byte 0x2c,0x03,0xb0,0xf3 @ aese q0,q14 +.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 + veor q8,q8,q5 +.byte 0x2e,0x03,0xb0,0xf3 @ aese q0,q15 veor q6,q0,q7 bhs .Loop_cbc_enc128 @@ -406,82 +429,81 @@ aes_v8_cbc_encrypt: vorr q11,q10,q10 .Loop3x_cbc_dec: - .byte 0x60,0x03,0xb0,0xf3 @ aesd q0,q8 - .byte 0x60,0x23,0xb0,0xf3 @ aesd q1,q8 - .byte 0x60,0x43,0xf0,0xf3 @ aesd q10,q8 +.byte 0x60,0x03,0xb0,0xf3 @ aesd q0,q8 +.byte 0xc0,0x03,0xb0,0xf3 @ aesimc q0,q0 +.byte 0x60,0x23,0xb0,0xf3 @ aesd q1,q8 +.byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1 +.byte 0x60,0x43,0xf0,0xf3 @ aesd q10,q8 +.byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10 vld1.32 {q8},[r7]! - .byte 0xc0,0x03,0xb0,0xf3 @ aesimc q0,q0 - .byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1 - .byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10 subs r6,r6,#2 - .byte 0x62,0x03,0xb0,0xf3 @ aesd q0,q9 - .byte 0x62,0x23,0xb0,0xf3 @ aesd q1,q9 - .byte 0x62,0x43,0xf0,0xf3 @ aesd q10,q9 +.byte 0x62,0x03,0xb0,0xf3 @ aesd q0,q9 +.byte 0xc0,0x03,0xb0,0xf3 @ aesimc q0,q0 +.byte 0x62,0x23,0xb0,0xf3 @ aesd q1,q9 +.byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1 +.byte 0x62,0x43,0xf0,0xf3 @ aesd q10,q9 +.byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10 vld1.32 {q9},[r7]! - .byte 0xc0,0x03,0xb0,0xf3 @ aesimc q0,q0 - .byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1 - .byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10 bgt .Loop3x_cbc_dec - .byte 0x60,0x03,0xb0,0xf3 @ aesd q0,q8 - .byte 0x60,0x23,0xb0,0xf3 @ aesd q1,q8 - .byte 0x60,0x43,0xf0,0xf3 @ aesd q10,q8 - veor q4,q6,q7 - .byte 0xc0,0x03,0xb0,0xf3 @ aesimc q0,q0 - .byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1 - .byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10 - veor q5,q2,q7 - .byte 0x62,0x03,0xb0,0xf3 @ aesd q0,q9 - .byte 0x62,0x23,0xb0,0xf3 @ aesd q1,q9 - .byte 0x62,0x43,0xf0,0xf3 @ aesd q10,q9 - veor q9,q3,q7 - subs r2,r2,#0x30 - .byte 0xc0,0x03,0xb0,0xf3 @ aesimc q0,q0 - .byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1 - .byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10 - vorr q6,q11,q11 - movlo r6,r2 @ r6, r6, is zero at this point - .byte 0x68,0x03,0xb0,0xf3 @ aesd q0,q12 - .byte 0x68,0x23,0xb0,0xf3 @ aesd q1,q12 - .byte 0x68,0x43,0xf0,0xf3 @ aesd q10,q12 - add r0,r0,r6 @ r0 is adjusted in such way that +.byte 0x60,0x03,0xb0,0xf3 @ aesd q0,q8 +.byte 0xc0,0x03,0xb0,0xf3 @ aesimc q0,q0 +.byte 0x60,0x23,0xb0,0xf3 @ aesd q1,q8 +.byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1 +.byte 0x60,0x43,0xf0,0xf3 @ aesd q10,q8 +.byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10 + veor q4,q6,q7 + subs r2,r2,#0x30 + veor q5,q2,q7 + movlo r6,r2 @ r6, r6, is zero at this point +.byte 0x62,0x03,0xb0,0xf3 @ aesd q0,q9 +.byte 0xc0,0x03,0xb0,0xf3 @ aesimc q0,q0 +.byte 0x62,0x23,0xb0,0xf3 @ aesd q1,q9 +.byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1 +.byte 0x62,0x43,0xf0,0xf3 @ aesd q10,q9 +.byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10 + veor q9,q3,q7 + add r0,r0,r6 @ r0 is adjusted in such way that @ at exit from the loop q1-q10 @ are loaded with last "words" - .byte 0xc0,0x03,0xb0,0xf3 @ aesimc q0,q0 - .byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1 - .byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10 - mov r7,r3 - .byte 0x6a,0x03,0xb0,0xf3 @ aesd q0,q13 - .byte 0x6a,0x23,0xb0,0xf3 @ aesd q1,q13 - .byte 0x6a,0x43,0xf0,0xf3 @ aesd q10,q13 - vld1.8 {q2},[r0]! - .byte 0xc0,0x03,0xb0,0xf3 @ aesimc q0,q0 - .byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1 - .byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10 - vld1.8 {q3},[r0]! - .byte 0x6c,0x03,0xb0,0xf3 @ aesd q0,q14 - .byte 0x6c,0x23,0xb0,0xf3 @ aesd q1,q14 - .byte 0x6c,0x43,0xf0,0xf3 @ aesd q10,q14 - vld1.8 {q11},[r0]! - .byte 0xc0,0x03,0xb0,0xf3 @ aesimc q0,q0 - .byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1 - .byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10 - vld1.32 {q8},[r7]! @ re-pre-load rndkey[0] - .byte 0x6e,0x03,0xb0,0xf3 @ aesd q0,q15 - .byte 0x6e,0x23,0xb0,0xf3 @ aesd q1,q15 - .byte 0x6e,0x43,0xf0,0xf3 @ aesd q10,q15 - - add r6,r5,#2 + vorr q6,q11,q11 + mov r7,r3 +.byte 0x68,0x03,0xb0,0xf3 @ aesd q0,q12 +.byte 0xc0,0x03,0xb0,0xf3 @ aesimc q0,q0 +.byte 0x68,0x23,0xb0,0xf3 @ aesd q1,q12 +.byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1 +.byte 0x68,0x43,0xf0,0xf3 @ aesd q10,q12 +.byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10 + vld1.8 {q2},[r0]! +.byte 0x6a,0x03,0xb0,0xf3 @ aesd q0,q13 +.byte 0xc0,0x03,0xb0,0xf3 @ aesimc q0,q0 +.byte 0x6a,0x23,0xb0,0xf3 @ aesd q1,q13 +.byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1 +.byte 0x6a,0x43,0xf0,0xf3 @ aesd q10,q13 +.byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10 + vld1.8 {q3},[r0]! +.byte 0x6c,0x03,0xb0,0xf3 @ aesd q0,q14 +.byte 0xc0,0x03,0xb0,0xf3 @ aesimc q0,q0 +.byte 0x6c,0x23,0xb0,0xf3 @ aesd q1,q14 +.byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1 +.byte 0x6c,0x43,0xf0,0xf3 @ aesd q10,q14 +.byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10 + vld1.8 {q11},[r0]! +.byte 0x6e,0x03,0xb0,0xf3 @ aesd q0,q15 +.byte 0x6e,0x23,0xb0,0xf3 @ aesd q1,q15 +.byte 0x6e,0x43,0xf0,0xf3 @ aesd q10,q15 + vld1.32 {q8},[r7]! @ re-pre-load rndkey[0] + add r6,r5,#2 veor q4,q4,q0 veor q5,q5,q1 veor q10,q10,q9 - vld1.32 {q9},[r7]! @ re-pre-load rndkey[1] - vorr q0,q2,q2 + vld1.32 {q9},[r7]! @ re-pre-load rndkey[1] vst1.8 {q4},[r1]! - vorr q1,q3,q3 + vorr q0,q2,q2 vst1.8 {q5},[r1]! + vorr q1,q3,q3 vst1.8 {q10},[r1]! - vorr q10,q11,q11 + vorr q10,q11,q11 bhs .Loop3x_cbc_dec cmn r2,#0x30 @@ -489,244 +511,244 @@ aes_v8_cbc_encrypt: nop .Lcbc_dec_tail: - .byte 0x60,0x23,0xb0,0xf3 @ aesd q1,q8 - .byte 0x60,0x43,0xf0,0xf3 @ aesd q10,q8 +.byte 0x60,0x23,0xb0,0xf3 @ aesd q1,q8 +.byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1 +.byte 0x60,0x43,0xf0,0xf3 @ aesd q10,q8 +.byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10 vld1.32 {q8},[r7]! - .byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1 - .byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10 subs r6,r6,#2 - .byte 0x62,0x23,0xb0,0xf3 @ aesd q1,q9 - .byte 0x62,0x43,0xf0,0xf3 @ aesd q10,q9 +.byte 0x62,0x23,0xb0,0xf3 @ aesd q1,q9 +.byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1 +.byte 0x62,0x43,0xf0,0xf3 @ aesd q10,q9 +.byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10 vld1.32 {q9},[r7]! - .byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1 - .byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10 bgt .Lcbc_dec_tail - .byte 0x60,0x23,0xb0,0xf3 @ aesd q1,q8 - .byte 0x60,0x43,0xf0,0xf3 @ aesd q10,q8 - .byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1 - .byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10 - .byte 0x62,0x23,0xb0,0xf3 @ aesd q1,q9 - .byte 0x62,0x43,0xf0,0xf3 @ aesd q10,q9 - .byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1 - .byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10 - .byte 0x68,0x23,0xb0,0xf3 @ aesd q1,q12 - .byte 0x68,0x43,0xf0,0xf3 @ aesd q10,q12 - .byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1 - .byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10 - cmn r2,#0x20 - .byte 0x6a,0x23,0xb0,0xf3 @ aesd q1,q13 - .byte 0x6a,0x43,0xf0,0xf3 @ aesd q10,q13 - .byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1 - .byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10 - veor q5,q6,q7 - .byte 0x6c,0x23,0xb0,0xf3 @ aesd q1,q14 - .byte 0x6c,0x43,0xf0,0xf3 @ aesd q10,q14 - .byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1 - .byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10 - veor q9,q3,q7 - .byte 0x6e,0x23,0xb0,0xf3 @ aesd q1,q15 - .byte 0x6e,0x43,0xf0,0xf3 @ aesd q10,q15 +.byte 0x60,0x23,0xb0,0xf3 @ aesd q1,q8 +.byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1 +.byte 0x60,0x43,0xf0,0xf3 @ aesd q10,q8 +.byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10 +.byte 0x62,0x23,0xb0,0xf3 @ aesd q1,q9 +.byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1 +.byte 0x62,0x43,0xf0,0xf3 @ aesd q10,q9 +.byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10 +.byte 0x68,0x23,0xb0,0xf3 @ aesd q1,q12 +.byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1 +.byte 0x68,0x43,0xf0,0xf3 @ aesd q10,q12 +.byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10 + cmn r2,#0x20 +.byte 0x6a,0x23,0xb0,0xf3 @ aesd q1,q13 +.byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1 +.byte 0x6a,0x43,0xf0,0xf3 @ aesd q10,q13 +.byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10 + veor q5,q6,q7 +.byte 0x6c,0x23,0xb0,0xf3 @ aesd q1,q14 +.byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1 +.byte 0x6c,0x43,0xf0,0xf3 @ aesd q10,q14 +.byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10 + veor q9,q3,q7 +.byte 0x6e,0x23,0xb0,0xf3 @ aesd q1,q15 +.byte 0x6e,0x43,0xf0,0xf3 @ aesd q10,q15 beq .Lcbc_dec_one veor q5,q5,q1 veor q9,q9,q10 - vorr q6,q11,q11 + vorr q6,q11,q11 vst1.8 {q5},[r1]! vst1.8 {q9},[r1]! b .Lcbc_done .Lcbc_dec_one: veor q5,q5,q10 - vorr q6,q11,q11 + vorr q6,q11,q11 vst1.8 {q5},[r1]! .Lcbc_done: vst1.8 {q6},[r4] .Lcbc_abort: - vldmia sp!,{d8-d15} - ldmia sp!,{r4-r8,pc} + vldmia sp!,{d8,d9,d10,d11,d12,d13,d14,d15} + ldmia sp!,{r4,r5,r6,r7,r8,pc} .size aes_v8_cbc_encrypt,.-aes_v8_cbc_encrypt .globl aes_v8_ctr32_encrypt_blocks .type aes_v8_ctr32_encrypt_blocks,%function .align 5 aes_v8_ctr32_encrypt_blocks: - mov ip,sp - stmdb sp!,{r4-r10,lr} - vstmdb sp!,{d8-d15} @ ABI specification says so - ldr r4, [ip] @ load remaining arg - ldr r5,[r3,#240] - - ldr r8, [r4, #12] - vld1.32 {q0},[r4] - - vld1.32 {q8-q9},[r3] @ load key schedule... - sub r5,r5,#4 - mov r12,#16 - cmp r2,#2 - add r7,r3,r5,lsl#4 @ pointer to last 5 round keys - sub r5,r5,#2 - vld1.32 {q12-q13},[r7]! - vld1.32 {q14-q15},[r7]! - vld1.32 {q7},[r7] - add r7,r3,#32 - mov r6,r5 + mov ip,sp + stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,lr} + vstmdb sp!,{d8,d9,d10,d11,d12,d13,d14,d15} @ ABI specification says so + ldr r4, [ip] @ load remaining arg + ldr r5,[r3,#240] + + ldr r8, [r4, #12] + vld1.32 {q0},[r4] + + vld1.32 {q8,q9},[r3] @ load key schedule... + sub r5,r5,#4 + mov r12,#16 + cmp r2,#2 + add r7,r3,r5,lsl#4 @ pointer to last 5 round keys + sub r5,r5,#2 + vld1.32 {q12,q13},[r7]! + vld1.32 {q14,q15},[r7]! + vld1.32 {q7},[r7] + add r7,r3,#32 + mov r6,r5 movlo r12,#0 #ifndef __ARMEB__ - rev r8, r8 + rev r8, r8 #endif - vorr q1,q0,q0 - add r10, r8, #1 - vorr q10,q0,q0 - add r8, r8, #2 - vorr q6,q0,q0 - rev r10, r10 + vorr q1,q0,q0 + add r10, r8, #1 + vorr q10,q0,q0 + add r8, r8, #2 + vorr q6,q0,q0 + rev r10, r10 vmov.32 d3[1],r10 - bls .Lctr32_tail - rev r12, r8 - sub r2,r2,#3 @ bias + bls .Lctr32_tail + rev r12, r8 + sub r2,r2,#3 @ bias vmov.32 d21[1],r12 - b .Loop3x_ctr32 + b .Loop3x_ctr32 .align 4 .Loop3x_ctr32: - .byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8 - .byte 0x20,0x23,0xb0,0xf3 @ aese q1,q8 - .byte 0x20,0x43,0xf0,0xf3 @ aese q10,q8 - vld1.32 {q8},[r7]! - .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 - .byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1 - .byte 0xa4,0x43,0xf0,0xf3 @ aesmc q10,q10 - subs r6,r6,#2 - .byte 0x22,0x03,0xb0,0xf3 @ aese q0,q9 - .byte 0x22,0x23,0xb0,0xf3 @ aese q1,q9 - .byte 0x22,0x43,0xf0,0xf3 @ aese q10,q9 - vld1.32 {q9},[r7]! - .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 - .byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1 - .byte 0xa4,0x43,0xf0,0xf3 @ aesmc q10,q10 - bgt .Loop3x_ctr32 - - .byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8 - .byte 0x20,0x23,0xb0,0xf3 @ aese q1,q8 - .byte 0x20,0x43,0xf0,0xf3 @ aese q10,q8 - mov r7,r3 - .byte 0x80,0x83,0xb0,0xf3 @ aesmc q4,q0 - vld1.8 {q2},[r0]! - .byte 0x82,0xa3,0xb0,0xf3 @ aesmc q5,q1 - .byte 0xa4,0x43,0xf0,0xf3 @ aesmc q10,q10 - vorr q0,q6,q6 - .byte 0x22,0x83,0xb0,0xf3 @ aese q4,q9 - vld1.8 {q3},[r0]! - .byte 0x22,0xa3,0xb0,0xf3 @ aese q5,q9 - .byte 0x22,0x43,0xf0,0xf3 @ aese q10,q9 - vorr q1,q6,q6 - .byte 0x88,0x83,0xb0,0xf3 @ aesmc q4,q4 - vld1.8 {q11},[r0]! - .byte 0x8a,0xa3,0xb0,0xf3 @ aesmc q5,q5 - .byte 0xa4,0x23,0xf0,0xf3 @ aesmc q9,q10 - vorr q10,q6,q6 - add r9,r8,#1 - .byte 0x28,0x83,0xb0,0xf3 @ aese q4,q12 - .byte 0x28,0xa3,0xb0,0xf3 @ aese q5,q12 - .byte 0x28,0x23,0xf0,0xf3 @ aese q9,q12 - veor q2,q2,q7 - add r10,r8,#2 - .byte 0x88,0x83,0xb0,0xf3 @ aesmc q4,q4 - .byte 0x8a,0xa3,0xb0,0xf3 @ aesmc q5,q5 - .byte 0xa2,0x23,0xf0,0xf3 @ aesmc q9,q9 - veor q3,q3,q7 - add r8,r8,#3 - .byte 0x2a,0x83,0xb0,0xf3 @ aese q4,q13 - .byte 0x2a,0xa3,0xb0,0xf3 @ aese q5,q13 - .byte 0x2a,0x23,0xf0,0xf3 @ aese q9,q13 - veor q11,q11,q7 - rev r9,r9 - .byte 0x88,0x83,0xb0,0xf3 @ aesmc q4,q4 - vld1.32 {q8},[r7]! @ re-pre-load rndkey[0] - .byte 0x8a,0xa3,0xb0,0xf3 @ aesmc q5,q5 - .byte 0xa2,0x23,0xf0,0xf3 @ aesmc q9,q9 - vmov.32 d1[1], r9 - rev r10,r10 - .byte 0x2c,0x83,0xb0,0xf3 @ aese q4,q14 - .byte 0x2c,0xa3,0xb0,0xf3 @ aese q5,q14 - .byte 0x2c,0x23,0xf0,0xf3 @ aese q9,q14 - vmov.32 d3[1], r10 - rev r12,r8 - .byte 0x88,0x83,0xb0,0xf3 @ aesmc q4,q4 - .byte 0x8a,0xa3,0xb0,0xf3 @ aesmc q5,q5 - .byte 0xa2,0x23,0xf0,0xf3 @ aesmc q9,q9 - vmov.32 d21[1], r12 - subs r2,r2,#3 - .byte 0x2e,0x83,0xb0,0xf3 @ aese q4,q15 - .byte 0x2e,0xa3,0xb0,0xf3 @ aese q5,q15 - .byte 0x2e,0x23,0xf0,0xf3 @ aese q9,q15 - - mov r6,r5 - veor q2,q2,q4 - veor q3,q3,q5 - veor q11,q11,q9 - vld1.32 {q9},[r7]! @ re-pre-load rndkey[1] - vst1.8 {q2},[r1]! - vst1.8 {q3},[r1]! - vst1.8 {q11},[r1]! - bhs .Loop3x_ctr32 - - adds r2,r2,#3 - beq .Lctr32_done - cmp r2,#1 - mov r12,#16 +.byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8 +.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 +.byte 0x20,0x23,0xb0,0xf3 @ aese q1,q8 +.byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1 +.byte 0x20,0x43,0xf0,0xf3 @ aese q10,q8 +.byte 0xa4,0x43,0xf0,0xf3 @ aesmc q10,q10 + vld1.32 {q8},[r7]! + subs r6,r6,#2 +.byte 0x22,0x03,0xb0,0xf3 @ aese q0,q9 +.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 +.byte 0x22,0x23,0xb0,0xf3 @ aese q1,q9 +.byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1 +.byte 0x22,0x43,0xf0,0xf3 @ aese q10,q9 +.byte 0xa4,0x43,0xf0,0xf3 @ aesmc q10,q10 + vld1.32 {q9},[r7]! + bgt .Loop3x_ctr32 + +.byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8 +.byte 0x80,0x83,0xb0,0xf3 @ aesmc q4,q0 +.byte 0x20,0x23,0xb0,0xf3 @ aese q1,q8 +.byte 0x82,0xa3,0xb0,0xf3 @ aesmc q5,q1 + vld1.8 {q2},[r0]! + vorr q0,q6,q6 +.byte 0x20,0x43,0xf0,0xf3 @ aese q10,q8 +.byte 0xa4,0x43,0xf0,0xf3 @ aesmc q10,q10 + vld1.8 {q3},[r0]! + vorr q1,q6,q6 +.byte 0x22,0x83,0xb0,0xf3 @ aese q4,q9 +.byte 0x88,0x83,0xb0,0xf3 @ aesmc q4,q4 +.byte 0x22,0xa3,0xb0,0xf3 @ aese q5,q9 +.byte 0x8a,0xa3,0xb0,0xf3 @ aesmc q5,q5 + vld1.8 {q11},[r0]! + mov r7,r3 +.byte 0x22,0x43,0xf0,0xf3 @ aese q10,q9 +.byte 0xa4,0x23,0xf0,0xf3 @ aesmc q9,q10 + vorr q10,q6,q6 + add r9,r8,#1 +.byte 0x28,0x83,0xb0,0xf3 @ aese q4,q12 +.byte 0x88,0x83,0xb0,0xf3 @ aesmc q4,q4 +.byte 0x28,0xa3,0xb0,0xf3 @ aese q5,q12 +.byte 0x8a,0xa3,0xb0,0xf3 @ aesmc q5,q5 + veor q2,q2,q7 + add r10,r8,#2 +.byte 0x28,0x23,0xf0,0xf3 @ aese q9,q12 +.byte 0xa2,0x23,0xf0,0xf3 @ aesmc q9,q9 + veor q3,q3,q7 + add r8,r8,#3 +.byte 0x2a,0x83,0xb0,0xf3 @ aese q4,q13 +.byte 0x88,0x83,0xb0,0xf3 @ aesmc q4,q4 +.byte 0x2a,0xa3,0xb0,0xf3 @ aese q5,q13 +.byte 0x8a,0xa3,0xb0,0xf3 @ aesmc q5,q5 + veor q11,q11,q7 + rev r9,r9 +.byte 0x2a,0x23,0xf0,0xf3 @ aese q9,q13 +.byte 0xa2,0x23,0xf0,0xf3 @ aesmc q9,q9 + vmov.32 d1[1], r9 + rev r10,r10 +.byte 0x2c,0x83,0xb0,0xf3 @ aese q4,q14 +.byte 0x88,0x83,0xb0,0xf3 @ aesmc q4,q4 +.byte 0x2c,0xa3,0xb0,0xf3 @ aese q5,q14 +.byte 0x8a,0xa3,0xb0,0xf3 @ aesmc q5,q5 + vmov.32 d3[1], r10 + rev r12,r8 +.byte 0x2c,0x23,0xf0,0xf3 @ aese q9,q14 +.byte 0xa2,0x23,0xf0,0xf3 @ aesmc q9,q9 + vmov.32 d21[1], r12 + subs r2,r2,#3 +.byte 0x2e,0x83,0xb0,0xf3 @ aese q4,q15 +.byte 0x2e,0xa3,0xb0,0xf3 @ aese q5,q15 +.byte 0x2e,0x23,0xf0,0xf3 @ aese q9,q15 + + veor q2,q2,q4 + vld1.32 {q8},[r7]! @ re-pre-load rndkey[0] + vst1.8 {q2},[r1]! + veor q3,q3,q5 + mov r6,r5 + vst1.8 {q3},[r1]! + veor q11,q11,q9 + vld1.32 {q9},[r7]! @ re-pre-load rndkey[1] + vst1.8 {q11},[r1]! + bhs .Loop3x_ctr32 + + adds r2,r2,#3 + beq .Lctr32_done + cmp r2,#1 + mov r12,#16 moveq r12,#0 .Lctr32_tail: - .byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8 - .byte 0x20,0x23,0xb0,0xf3 @ aese q1,q8 - vld1.32 {q8},[r7]! - .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 - .byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1 - subs r6,r6,#2 - .byte 0x22,0x03,0xb0,0xf3 @ aese q0,q9 - .byte 0x22,0x23,0xb0,0xf3 @ aese q1,q9 - vld1.32 {q9},[r7]! - .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 - .byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1 - bgt .Lctr32_tail - - .byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8 - .byte 0x20,0x23,0xb0,0xf3 @ aese q1,q8 - .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 - .byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1 - .byte 0x22,0x03,0xb0,0xf3 @ aese q0,q9 - .byte 0x22,0x23,0xb0,0xf3 @ aese q1,q9 - .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 - .byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1 - vld1.8 {q2},[r0],r12 - .byte 0x28,0x03,0xb0,0xf3 @ aese q0,q12 - .byte 0x28,0x23,0xb0,0xf3 @ aese q1,q12 - vld1.8 {q3},[r0] - .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 - .byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1 - .byte 0x2a,0x03,0xb0,0xf3 @ aese q0,q13 - .byte 0x2a,0x23,0xb0,0xf3 @ aese q1,q13 - .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 - .byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1 - .byte 0x2c,0x03,0xb0,0xf3 @ aese q0,q14 - .byte 0x2c,0x23,0xb0,0xf3 @ aese q1,q14 - veor q2,q2,q7 - .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 - .byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1 - veor q3,q3,q7 - .byte 0x2e,0x03,0xb0,0xf3 @ aese q0,q15 - .byte 0x2e,0x23,0xb0,0xf3 @ aese q1,q15 - - cmp r2,#1 - veor q2,q2,q0 - veor q3,q3,q1 - vst1.8 {q2},[r1]! - beq .Lctr32_done - vst1.8 {q3},[r1] +.byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8 +.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 +.byte 0x20,0x23,0xb0,0xf3 @ aese q1,q8 +.byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1 + vld1.32 {q8},[r7]! + subs r6,r6,#2 +.byte 0x22,0x03,0xb0,0xf3 @ aese q0,q9 +.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 +.byte 0x22,0x23,0xb0,0xf3 @ aese q1,q9 +.byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1 + vld1.32 {q9},[r7]! + bgt .Lctr32_tail + +.byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8 +.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 +.byte 0x20,0x23,0xb0,0xf3 @ aese q1,q8 +.byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1 +.byte 0x22,0x03,0xb0,0xf3 @ aese q0,q9 +.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 +.byte 0x22,0x23,0xb0,0xf3 @ aese q1,q9 +.byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1 + vld1.8 {q2},[r0],r12 +.byte 0x28,0x03,0xb0,0xf3 @ aese q0,q12 +.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 +.byte 0x28,0x23,0xb0,0xf3 @ aese q1,q12 +.byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1 + vld1.8 {q3},[r0] +.byte 0x2a,0x03,0xb0,0xf3 @ aese q0,q13 +.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 +.byte 0x2a,0x23,0xb0,0xf3 @ aese q1,q13 +.byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1 + veor q2,q2,q7 +.byte 0x2c,0x03,0xb0,0xf3 @ aese q0,q14 +.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 +.byte 0x2c,0x23,0xb0,0xf3 @ aese q1,q14 +.byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1 + veor q3,q3,q7 +.byte 0x2e,0x03,0xb0,0xf3 @ aese q0,q15 +.byte 0x2e,0x23,0xb0,0xf3 @ aese q1,q15 + + cmp r2,#1 + veor q2,q2,q0 + veor q3,q3,q1 + vst1.8 {q2},[r1]! + beq .Lctr32_done + vst1.8 {q3},[r1] .Lctr32_done: - vldmia sp!,{d8-d15} - ldmia sp!,{r4-r10,pc} + vldmia sp!,{d8,d9,d10,d11,d12,d13,d14,d15} + ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,pc} .size aes_v8_ctr32_encrypt_blocks,.-aes_v8_ctr32_encrypt_blocks #endif diff --git a/linux-arm/crypto/aes/bsaes-armv7.S b/linux-arm/crypto/aes/bsaes-armv7.S index cbc32fb..0feeab0 100644 --- a/linux-arm/crypto/aes/bsaes-armv7.S +++ b/linux-arm/crypto/aes/bsaes-armv7.S @@ -60,135 +60,141 @@ # define BSAES_ASM_EXTENDED_KEY # define XTS_CHAIN_TWEAK # define __ARM_ARCH__ __LINUX_ARM_ARCH__ +# define __ARM_MAX_ARCH__ 7 #endif #ifdef __thumb__ # define adrl adr #endif -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 +.arch armv7-a +.fpu neon + .text .syntax unified @ ARMv7-capable assembler is expected to handle this -#ifdef __thumb2__ +#if defined(__thumb2__) && !defined(__APPLE__) .thumb #else -.code 32 +.code 32 #endif -.fpu neon - .type _bsaes_decrypt8,%function .align 4 _bsaes_decrypt8: adr r6,_bsaes_decrypt8 vldmia r4!, {q9} @ round 0 key +#ifdef __APPLE__ + adr r6,.LM0ISR +#else add r6,r6,#.LM0ISR-_bsaes_decrypt8 +#endif vldmia r6!, {q8} @ .LM0ISR veor q10, q0, q9 @ xor with round0 key veor q11, q1, q9 - vtbl.8 d0, {q10}, d16 - vtbl.8 d1, {q10}, d17 + vtbl.8 d0, {q10}, d16 + vtbl.8 d1, {q10}, d17 veor q12, q2, q9 - vtbl.8 d2, {q11}, d16 - vtbl.8 d3, {q11}, d17 + vtbl.8 d2, {q11}, d16 + vtbl.8 d3, {q11}, d17 veor q13, q3, q9 - vtbl.8 d4, {q12}, d16 - vtbl.8 d5, {q12}, d17 + vtbl.8 d4, {q12}, d16 + vtbl.8 d5, {q12}, d17 veor q14, q4, q9 - vtbl.8 d6, {q13}, d16 - vtbl.8 d7, {q13}, d17 + vtbl.8 d6, {q13}, d16 + vtbl.8 d7, {q13}, d17 veor q15, q5, q9 - vtbl.8 d8, {q14}, d16 - vtbl.8 d9, {q14}, d17 + vtbl.8 d8, {q14}, d16 + vtbl.8 d9, {q14}, d17 veor q10, q6, q9 - vtbl.8 d10, {q15}, d16 - vtbl.8 d11, {q15}, d17 + vtbl.8 d10, {q15}, d16 + vtbl.8 d11, {q15}, d17 veor q11, q7, q9 - vtbl.8 d12, {q10}, d16 - vtbl.8 d13, {q10}, d17 - vtbl.8 d14, {q11}, d16 - vtbl.8 d15, {q11}, d17 + vtbl.8 d12, {q10}, d16 + vtbl.8 d13, {q10}, d17 + vtbl.8 d14, {q11}, d16 + vtbl.8 d15, {q11}, d17 vmov.i8 q8,#0x55 @ compose .LBS0 vmov.i8 q9,#0x33 @ compose .LBS1 vshr.u64 q10, q6, #1 - vshr.u64 q11, q4, #1 - veor q10, q10, q7 - veor q11, q11, q5 - vand q10, q10, q8 - vand q11, q11, q8 - veor q7, q7, q10 + vshr.u64 q11, q4, #1 + veor q10, q10, q7 + veor q11, q11, q5 + vand q10, q10, q8 + vand q11, q11, q8 + veor q7, q7, q10 vshl.u64 q10, q10, #1 - veor q5, q5, q11 - vshl.u64 q11, q11, #1 - veor q6, q6, q10 - veor q4, q4, q11 + veor q5, q5, q11 + vshl.u64 q11, q11, #1 + veor q6, q6, q10 + veor q4, q4, q11 vshr.u64 q10, q2, #1 - vshr.u64 q11, q0, #1 - veor q10, q10, q3 - veor q11, q11, q1 - vand q10, q10, q8 - vand q11, q11, q8 - veor q3, q3, q10 + vshr.u64 q11, q0, #1 + veor q10, q10, q3 + veor q11, q11, q1 + vand q10, q10, q8 + vand q11, q11, q8 + veor q3, q3, q10 vshl.u64 q10, q10, #1 - veor q1, q1, q11 - vshl.u64 q11, q11, #1 - veor q2, q2, q10 - veor q0, q0, q11 + veor q1, q1, q11 + vshl.u64 q11, q11, #1 + veor q2, q2, q10 + veor q0, q0, q11 vmov.i8 q8,#0x0f @ compose .LBS2 vshr.u64 q10, q5, #2 - vshr.u64 q11, q4, #2 - veor q10, q10, q7 - veor q11, q11, q6 - vand q10, q10, q9 - vand q11, q11, q9 - veor q7, q7, q10 + vshr.u64 q11, q4, #2 + veor q10, q10, q7 + veor q11, q11, q6 + vand q10, q10, q9 + vand q11, q11, q9 + veor q7, q7, q10 vshl.u64 q10, q10, #2 - veor q6, q6, q11 - vshl.u64 q11, q11, #2 - veor q5, q5, q10 - veor q4, q4, q11 + veor q6, q6, q11 + vshl.u64 q11, q11, #2 + veor q5, q5, q10 + veor q4, q4, q11 vshr.u64 q10, q1, #2 - vshr.u64 q11, q0, #2 - veor q10, q10, q3 - veor q11, q11, q2 - vand q10, q10, q9 - vand q11, q11, q9 - veor q3, q3, q10 + vshr.u64 q11, q0, #2 + veor q10, q10, q3 + veor q11, q11, q2 + vand q10, q10, q9 + vand q11, q11, q9 + veor q3, q3, q10 vshl.u64 q10, q10, #2 - veor q2, q2, q11 - vshl.u64 q11, q11, #2 - veor q1, q1, q10 - veor q0, q0, q11 + veor q2, q2, q11 + vshl.u64 q11, q11, #2 + veor q1, q1, q10 + veor q0, q0, q11 vshr.u64 q10, q3, #4 - vshr.u64 q11, q2, #4 - veor q10, q10, q7 - veor q11, q11, q6 - vand q10, q10, q8 - vand q11, q11, q8 - veor q7, q7, q10 + vshr.u64 q11, q2, #4 + veor q10, q10, q7 + veor q11, q11, q6 + vand q10, q10, q8 + vand q11, q11, q8 + veor q7, q7, q10 vshl.u64 q10, q10, #4 - veor q6, q6, q11 - vshl.u64 q11, q11, #4 - veor q3, q3, q10 - veor q2, q2, q11 + veor q6, q6, q11 + vshl.u64 q11, q11, #4 + veor q3, q3, q10 + veor q2, q2, q11 vshr.u64 q10, q1, #4 - vshr.u64 q11, q0, #4 - veor q10, q10, q5 - veor q11, q11, q4 - vand q10, q10, q8 - vand q11, q11, q8 - veor q5, q5, q10 + vshr.u64 q11, q0, #4 + veor q10, q10, q5 + veor q11, q11, q4 + vand q10, q10, q8 + vand q11, q11, q8 + veor q5, q5, q10 vshl.u64 q10, q10, #4 - veor q4, q4, q11 - vshl.u64 q11, q11, #4 - veor q1, q1, q10 - veor q0, q0, q11 + veor q4, q4, q11 + vshl.u64 q11, q11, #4 + veor q1, q1, q10 + veor q0, q0, q11 sub r5,r5,#1 b .Ldec_sbox .align 4 .Ldec_loop: - vldmia r4!, {q8-q11} + vldmia r4!, {q8,q9,q10,q11} veor q8, q8, q0 veor q9, q9, q1 vtbl.8 d0, {q8}, d24 @@ -218,17 +224,17 @@ _bsaes_decrypt8: vtbl.8 d14, {q11}, d24 vtbl.8 d15, {q11}, d25 .Ldec_sbox: - veor q1, q1, q4 + veor q1, q1, q4 veor q3, q3, q4 veor q4, q4, q7 - veor q1, q1, q6 + veor q1, q1, q6 veor q2, q2, q7 veor q6, q6, q4 veor q0, q0, q1 veor q2, q2, q5 - veor q7, q7, q6 + veor q7, q7, q6 veor q3, q3, q0 veor q5, q5, q0 veor q1, q1, q3 @@ -236,7 +242,7 @@ _bsaes_decrypt8: veor q10, q7, q4 veor q9, q1, q6 veor q13, q4, q0 - vmov q8, q10 + vmov q8, q10 veor q12, q5, q2 vorr q10, q10, q9 @@ -293,7 +299,7 @@ _bsaes_decrypt8: veor q14, q14, q11 veor q12, q5, q2 veor q8, q1, q6 - veor q10, q15, q14 + veor q10, q15, q14 vand q10, q10, q5 veor q5, q5, q1 vand q11, q1, q15 @@ -303,19 +309,19 @@ _bsaes_decrypt8: veor q15, q15, q13 veor q14, q14, q9 veor q11, q15, q14 - veor q10, q13, q9 + veor q10, q13, q9 vand q11, q11, q12 - vand q10, q10, q2 + vand q10, q10, q2 veor q12, q12, q8 - veor q2, q2, q6 + veor q2, q2, q6 vand q8, q8, q15 - vand q6, q6, q13 + vand q6, q6, q13 vand q12, q12, q14 - vand q2, q2, q9 + vand q2, q2, q9 veor q8, q8, q12 - veor q2, q2, q6 + veor q2, q2, q6 veor q12, q12, q11 - veor q6, q6, q10 + veor q6, q6, q10 veor q5, q5, q12 veor q2, q2, q12 veor q1, q1, q8 @@ -324,22 +330,22 @@ _bsaes_decrypt8: veor q12, q3, q0 veor q8, q7, q4 veor q11, q15, q14 - veor q10, q13, q9 + veor q10, q13, q9 vand q11, q11, q12 - vand q10, q10, q0 + vand q10, q10, q0 veor q12, q12, q8 - veor q0, q0, q4 + veor q0, q0, q4 vand q8, q8, q15 - vand q4, q4, q13 + vand q4, q4, q13 vand q12, q12, q14 - vand q0, q0, q9 + vand q0, q0, q9 veor q8, q8, q12 - veor q0, q0, q4 + veor q0, q0, q4 veor q12, q12, q11 - veor q4, q4, q10 + veor q4, q4, q10 veor q15, q15, q13 veor q14, q14, q9 - veor q10, q15, q14 + veor q10, q15, q14 vand q10, q10, q3 veor q3, q3, q7 vand q11, q7, q15 @@ -357,10 +363,10 @@ _bsaes_decrypt8: veor q2, q2, q7 veor q5, q5, q7 veor q4, q4, q2 - veor q7, q7, q0 + veor q7, q7, q0 veor q4, q4, q5 - veor q3, q3, q6 - veor q6, q6, q1 + veor q3, q3, q6 + veor q6, q6, q1 veor q3, q3, q4 veor q4, q4, q0 @@ -385,58 +391,58 @@ _bsaes_decrypt8: veor q12, q12, q2 veor q13, q13, q7 - veor q0, q0, q14 - veor q1, q1, q14 - veor q6, q6, q8 - veor q2, q2, q10 - veor q4, q4, q9 - veor q1, q1, q15 - veor q6, q6, q15 - veor q2, q2, q14 - veor q7, q7, q11 - veor q4, q4, q14 - veor q3, q3, q12 - veor q2, q2, q15 - veor q7, q7, q15 - veor q5, q5, q13 + veor q0, q0, q14 + veor q1, q1, q14 + veor q6, q6, q8 + veor q2, q2, q10 + veor q4, q4, q9 + veor q1, q1, q15 + veor q6, q6, q15 + veor q2, q2, q14 + veor q7, q7, q11 + veor q4, q4, q14 + veor q3, q3, q12 + veor q2, q2, q15 + veor q7, q7, q15 + veor q5, q5, q13 vext.8 q8, q0, q0, #12 @ x0 <<< 32 vext.8 q9, q1, q1, #12 - veor q0, q0, q8 @ x0 ^ (x0 <<< 32) + veor q0, q0, q8 @ x0 ^ (x0 <<< 32) vext.8 q10, q6, q6, #12 - veor q1, q1, q9 + veor q1, q1, q9 vext.8 q11, q4, q4, #12 - veor q6, q6, q10 + veor q6, q6, q10 vext.8 q12, q2, q2, #12 - veor q4, q4, q11 + veor q4, q4, q11 vext.8 q13, q7, q7, #12 - veor q2, q2, q12 + veor q2, q2, q12 vext.8 q14, q3, q3, #12 - veor q7, q7, q13 + veor q7, q7, q13 vext.8 q15, q5, q5, #12 - veor q3, q3, q14 + veor q3, q3, q14 veor q9, q9, q0 - veor q5, q5, q15 - vext.8 q0, q0, q0, #8 @ (x0 ^ (x0 <<< 32)) <<< 64) + veor q5, q5, q15 + vext.8 q0, q0, q0, #8 @ (x0 ^ (x0 <<< 32)) <<< 64) veor q10, q10, q1 veor q8, q8, q5 veor q9, q9, q5 - vext.8 q1, q1, q1, #8 + vext.8 q1, q1, q1, #8 veor q13, q13, q2 - veor q0, q0, q8 + veor q0, q0, q8 veor q14, q14, q7 - veor q1, q1, q9 - vext.8 q8, q2, q2, #8 + veor q1, q1, q9 + vext.8 q8, q2, q2, #8 veor q12, q12, q4 - vext.8 q9, q7, q7, #8 + vext.8 q9, q7, q7, #8 veor q15, q15, q3 - vext.8 q2, q4, q4, #8 + vext.8 q2, q4, q4, #8 veor q11, q11, q6 - vext.8 q7, q5, q5, #8 + vext.8 q7, q5, q5, #8 veor q12, q12, q5 - vext.8 q4, q3, q3, #8 + vext.8 q4, q3, q3, #8 veor q11, q11, q5 - vext.8 q3, q6, q6, #8 + vext.8 q3, q6, q6, #8 veor q5, q9, q13 veor q11, q11, q2 veor q7, q7, q15 @@ -456,78 +462,78 @@ _bsaes_decrypt8: vmov.i8 q8,#0x55 @ compose .LBS0 vmov.i8 q9,#0x33 @ compose .LBS1 vshr.u64 q10, q3, #1 - vshr.u64 q11, q2, #1 - veor q10, q10, q5 - veor q11, q11, q7 - vand q10, q10, q8 - vand q11, q11, q8 - veor q5, q5, q10 + vshr.u64 q11, q2, #1 + veor q10, q10, q5 + veor q11, q11, q7 + vand q10, q10, q8 + vand q11, q11, q8 + veor q5, q5, q10 vshl.u64 q10, q10, #1 - veor q7, q7, q11 - vshl.u64 q11, q11, #1 - veor q3, q3, q10 - veor q2, q2, q11 + veor q7, q7, q11 + vshl.u64 q11, q11, #1 + veor q3, q3, q10 + veor q2, q2, q11 vshr.u64 q10, q6, #1 - vshr.u64 q11, q0, #1 - veor q10, q10, q4 - veor q11, q11, q1 - vand q10, q10, q8 - vand q11, q11, q8 - veor q4, q4, q10 + vshr.u64 q11, q0, #1 + veor q10, q10, q4 + veor q11, q11, q1 + vand q10, q10, q8 + vand q11, q11, q8 + veor q4, q4, q10 vshl.u64 q10, q10, #1 - veor q1, q1, q11 - vshl.u64 q11, q11, #1 - veor q6, q6, q10 - veor q0, q0, q11 + veor q1, q1, q11 + vshl.u64 q11, q11, #1 + veor q6, q6, q10 + veor q0, q0, q11 vmov.i8 q8,#0x0f @ compose .LBS2 vshr.u64 q10, q7, #2 - vshr.u64 q11, q2, #2 - veor q10, q10, q5 - veor q11, q11, q3 - vand q10, q10, q9 - vand q11, q11, q9 - veor q5, q5, q10 + vshr.u64 q11, q2, #2 + veor q10, q10, q5 + veor q11, q11, q3 + vand q10, q10, q9 + vand q11, q11, q9 + veor q5, q5, q10 vshl.u64 q10, q10, #2 - veor q3, q3, q11 - vshl.u64 q11, q11, #2 - veor q7, q7, q10 - veor q2, q2, q11 + veor q3, q3, q11 + vshl.u64 q11, q11, #2 + veor q7, q7, q10 + veor q2, q2, q11 vshr.u64 q10, q1, #2 - vshr.u64 q11, q0, #2 - veor q10, q10, q4 - veor q11, q11, q6 - vand q10, q10, q9 - vand q11, q11, q9 - veor q4, q4, q10 + vshr.u64 q11, q0, #2 + veor q10, q10, q4 + veor q11, q11, q6 + vand q10, q10, q9 + vand q11, q11, q9 + veor q4, q4, q10 vshl.u64 q10, q10, #2 - veor q6, q6, q11 - vshl.u64 q11, q11, #2 - veor q1, q1, q10 - veor q0, q0, q11 + veor q6, q6, q11 + vshl.u64 q11, q11, #2 + veor q1, q1, q10 + veor q0, q0, q11 vshr.u64 q10, q4, #4 - vshr.u64 q11, q6, #4 - veor q10, q10, q5 - veor q11, q11, q3 - vand q10, q10, q8 - vand q11, q11, q8 - veor q5, q5, q10 + vshr.u64 q11, q6, #4 + veor q10, q10, q5 + veor q11, q11, q3 + vand q10, q10, q8 + vand q11, q11, q8 + veor q5, q5, q10 vshl.u64 q10, q10, #4 - veor q3, q3, q11 - vshl.u64 q11, q11, #4 - veor q4, q4, q10 - veor q6, q6, q11 + veor q3, q3, q11 + vshl.u64 q11, q11, #4 + veor q4, q4, q10 + veor q6, q6, q11 vshr.u64 q10, q1, #4 - vshr.u64 q11, q0, #4 - veor q10, q10, q7 - veor q11, q11, q2 - vand q10, q10, q8 - vand q11, q11, q8 - veor q7, q7, q10 + vshr.u64 q11, q0, #4 + veor q10, q10, q7 + veor q11, q11, q2 + vand q10, q10, q8 + vand q11, q11, q8 + veor q7, q7, q10 vshl.u64 q10, q10, #4 - veor q2, q2, q11 - vshl.u64 q11, q11, #4 - veor q1, q1, q10 - veor q0, q0, q11 + veor q2, q2, q11 + vshl.u64 q11, q11, #4 + veor q1, q1, q10 + veor q0, q0, q11 vldmia r4, {q8} @ last round key veor q6, q6, q8 veor q4, q4, q8 @@ -543,23 +549,24 @@ _bsaes_decrypt8: .type _bsaes_const,%object .align 6 _bsaes_const: -.LM0ISR: @ InvShiftRows constants - .quad 0x0a0e0206070b0f03, 0x0004080c0d010509 +.LM0ISR:@ InvShiftRows constants +.quad 0x0a0e0206070b0f03, 0x0004080c0d010509 .LISR: - .quad 0x0504070602010003, 0x0f0e0d0c080b0a09 +.quad 0x0504070602010003, 0x0f0e0d0c080b0a09 .LISRM0: - .quad 0x01040b0e0205080f, 0x0306090c00070a0d -.LM0SR: @ ShiftRows constants - .quad 0x0a0e02060f03070b, 0x0004080c05090d01 +.quad 0x01040b0e0205080f, 0x0306090c00070a0d +.LM0SR:@ ShiftRows constants +.quad 0x0a0e02060f03070b, 0x0004080c05090d01 .LSR: - .quad 0x0504070600030201, 0x0f0e0d0c0a09080b +.quad 0x0504070600030201, 0x0f0e0d0c0a09080b .LSRM0: - .quad 0x0304090e00050a0f, 0x01060b0c0207080d +.quad 0x0304090e00050a0f, 0x01060b0c0207080d .LM0: - .quad 0x02060a0e03070b0f, 0x0004080c0105090d +.quad 0x02060a0e03070b0f, 0x0004080c0105090d .LREVM0SR: - .quad 0x090d01050c000408, 0x03070b0f060a0e02 -.asciz "Bit-sliced AES for NEON, CRYPTOGAMS by " +.quad 0x090d01050c000408, 0x03070b0f060a0e02 +.byte 66,105,116,45,115,108,105,99,101,100,32,65,69,83,32,102,111,114,32,78,69,79,78,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 +.align 2 .align 6 .size _bsaes_const,.-_bsaes_const @@ -568,115 +575,119 @@ _bsaes_const: _bsaes_encrypt8: adr r6,_bsaes_encrypt8 vldmia r4!, {q9} @ round 0 key +#ifdef __APPLE__ + adr r6,.LM0SR +#else sub r6,r6,#_bsaes_encrypt8-.LM0SR +#endif vldmia r6!, {q8} @ .LM0SR _bsaes_encrypt8_alt: veor q10, q0, q9 @ xor with round0 key veor q11, q1, q9 - vtbl.8 d0, {q10}, d16 - vtbl.8 d1, {q10}, d17 + vtbl.8 d0, {q10}, d16 + vtbl.8 d1, {q10}, d17 veor q12, q2, q9 - vtbl.8 d2, {q11}, d16 - vtbl.8 d3, {q11}, d17 + vtbl.8 d2, {q11}, d16 + vtbl.8 d3, {q11}, d17 veor q13, q3, q9 - vtbl.8 d4, {q12}, d16 - vtbl.8 d5, {q12}, d17 + vtbl.8 d4, {q12}, d16 + vtbl.8 d5, {q12}, d17 veor q14, q4, q9 - vtbl.8 d6, {q13}, d16 - vtbl.8 d7, {q13}, d17 + vtbl.8 d6, {q13}, d16 + vtbl.8 d7, {q13}, d17 veor q15, q5, q9 - vtbl.8 d8, {q14}, d16 - vtbl.8 d9, {q14}, d17 + vtbl.8 d8, {q14}, d16 + vtbl.8 d9, {q14}, d17 veor q10, q6, q9 - vtbl.8 d10, {q15}, d16 - vtbl.8 d11, {q15}, d17 + vtbl.8 d10, {q15}, d16 + vtbl.8 d11, {q15}, d17 veor q11, q7, q9 - vtbl.8 d12, {q10}, d16 - vtbl.8 d13, {q10}, d17 - vtbl.8 d14, {q11}, d16 - vtbl.8 d15, {q11}, d17 + vtbl.8 d12, {q10}, d16 + vtbl.8 d13, {q10}, d17 + vtbl.8 d14, {q11}, d16 + vtbl.8 d15, {q11}, d17 _bsaes_encrypt8_bitslice: vmov.i8 q8,#0x55 @ compose .LBS0 vmov.i8 q9,#0x33 @ compose .LBS1 vshr.u64 q10, q6, #1 - vshr.u64 q11, q4, #1 - veor q10, q10, q7 - veor q11, q11, q5 - vand q10, q10, q8 - vand q11, q11, q8 - veor q7, q7, q10 + vshr.u64 q11, q4, #1 + veor q10, q10, q7 + veor q11, q11, q5 + vand q10, q10, q8 + vand q11, q11, q8 + veor q7, q7, q10 vshl.u64 q10, q10, #1 - veor q5, q5, q11 - vshl.u64 q11, q11, #1 - veor q6, q6, q10 - veor q4, q4, q11 + veor q5, q5, q11 + vshl.u64 q11, q11, #1 + veor q6, q6, q10 + veor q4, q4, q11 vshr.u64 q10, q2, #1 - vshr.u64 q11, q0, #1 - veor q10, q10, q3 - veor q11, q11, q1 - vand q10, q10, q8 - vand q11, q11, q8 - veor q3, q3, q10 + vshr.u64 q11, q0, #1 + veor q10, q10, q3 + veor q11, q11, q1 + vand q10, q10, q8 + vand q11, q11, q8 + veor q3, q3, q10 vshl.u64 q10, q10, #1 - veor q1, q1, q11 - vshl.u64 q11, q11, #1 - veor q2, q2, q10 - veor q0, q0, q11 + veor q1, q1, q11 + vshl.u64 q11, q11, #1 + veor q2, q2, q10 + veor q0, q0, q11 vmov.i8 q8,#0x0f @ compose .LBS2 vshr.u64 q10, q5, #2 - vshr.u64 q11, q4, #2 - veor q10, q10, q7 - veor q11, q11, q6 - vand q10, q10, q9 - vand q11, q11, q9 - veor q7, q7, q10 + vshr.u64 q11, q4, #2 + veor q10, q10, q7 + veor q11, q11, q6 + vand q10, q10, q9 + vand q11, q11, q9 + veor q7, q7, q10 vshl.u64 q10, q10, #2 - veor q6, q6, q11 - vshl.u64 q11, q11, #2 - veor q5, q5, q10 - veor q4, q4, q11 + veor q6, q6, q11 + vshl.u64 q11, q11, #2 + veor q5, q5, q10 + veor q4, q4, q11 vshr.u64 q10, q1, #2 - vshr.u64 q11, q0, #2 - veor q10, q10, q3 - veor q11, q11, q2 - vand q10, q10, q9 - vand q11, q11, q9 - veor q3, q3, q10 + vshr.u64 q11, q0, #2 + veor q10, q10, q3 + veor q11, q11, q2 + vand q10, q10, q9 + vand q11, q11, q9 + veor q3, q3, q10 vshl.u64 q10, q10, #2 - veor q2, q2, q11 - vshl.u64 q11, q11, #2 - veor q1, q1, q10 - veor q0, q0, q11 + veor q2, q2, q11 + vshl.u64 q11, q11, #2 + veor q1, q1, q10 + veor q0, q0, q11 vshr.u64 q10, q3, #4 - vshr.u64 q11, q2, #4 - veor q10, q10, q7 - veor q11, q11, q6 - vand q10, q10, q8 - vand q11, q11, q8 - veor q7, q7, q10 + vshr.u64 q11, q2, #4 + veor q10, q10, q7 + veor q11, q11, q6 + vand q10, q10, q8 + vand q11, q11, q8 + veor q7, q7, q10 vshl.u64 q10, q10, #4 - veor q6, q6, q11 - vshl.u64 q11, q11, #4 - veor q3, q3, q10 - veor q2, q2, q11 + veor q6, q6, q11 + vshl.u64 q11, q11, #4 + veor q3, q3, q10 + veor q2, q2, q11 vshr.u64 q10, q1, #4 - vshr.u64 q11, q0, #4 - veor q10, q10, q5 - veor q11, q11, q4 - vand q10, q10, q8 - vand q11, q11, q8 - veor q5, q5, q10 + vshr.u64 q11, q0, #4 + veor q10, q10, q5 + veor q11, q11, q4 + vand q10, q10, q8 + vand q11, q11, q8 + veor q5, q5, q10 vshl.u64 q10, q10, #4 - veor q4, q4, q11 - vshl.u64 q11, q11, #4 - veor q1, q1, q10 - veor q0, q0, q11 + veor q4, q4, q11 + vshl.u64 q11, q11, #4 + veor q1, q1, q10 + veor q0, q0, q11 sub r5,r5,#1 b .Lenc_sbox .align 4 .Lenc_loop: - vldmia r4!, {q8-q11} + vldmia r4!, {q8,q9,q10,q11} veor q8, q8, q0 veor q9, q9, q1 vtbl.8 d0, {q8}, d24 @@ -725,7 +736,7 @@ _bsaes_encrypt8_bitslice: veor q10, q1, q2 veor q9, q5, q3 veor q13, q2, q4 - vmov q8, q10 + vmov q8, q10 veor q12, q6, q0 vorr q10, q10, q9 @@ -782,7 +793,7 @@ _bsaes_encrypt8_bitslice: veor q14, q14, q11 veor q12, q6, q0 veor q8, q5, q3 - veor q10, q15, q14 + veor q10, q15, q14 vand q10, q10, q6 veor q6, q6, q5 vand q11, q5, q15 @@ -792,19 +803,19 @@ _bsaes_encrypt8_bitslice: veor q15, q15, q13 veor q14, q14, q9 veor q11, q15, q14 - veor q10, q13, q9 + veor q10, q13, q9 vand q11, q11, q12 - vand q10, q10, q0 + vand q10, q10, q0 veor q12, q12, q8 - veor q0, q0, q3 + veor q0, q0, q3 vand q8, q8, q15 - vand q3, q3, q13 + vand q3, q3, q13 vand q12, q12, q14 - vand q0, q0, q9 + vand q0, q0, q9 veor q8, q8, q12 - veor q0, q0, q3 + veor q0, q0, q3 veor q12, q12, q11 - veor q3, q3, q10 + veor q3, q3, q10 veor q6, q6, q12 veor q0, q0, q12 veor q5, q5, q8 @@ -813,22 +824,22 @@ _bsaes_encrypt8_bitslice: veor q12, q7, q4 veor q8, q1, q2 veor q11, q15, q14 - veor q10, q13, q9 + veor q10, q13, q9 vand q11, q11, q12 - vand q10, q10, q4 + vand q10, q10, q4 veor q12, q12, q8 - veor q4, q4, q2 + veor q4, q4, q2 vand q8, q8, q15 - vand q2, q2, q13 + vand q2, q2, q13 vand q12, q12, q14 - vand q4, q4, q9 + vand q4, q4, q9 veor q8, q8, q12 - veor q4, q4, q2 + veor q4, q4, q2 veor q12, q12, q11 - veor q2, q2, q10 + veor q2, q2, q10 veor q15, q15, q13 veor q14, q14, q9 - veor q10, q15, q14 + veor q10, q15, q14 vand q10, q10, q7 veor q7, q7, q1 vand q11, q1, q15 @@ -856,42 +867,42 @@ _bsaes_encrypt8_bitslice: bcc .Lenc_done vext.8 q8, q0, q0, #12 @ x0 <<< 32 vext.8 q9, q1, q1, #12 - veor q0, q0, q8 @ x0 ^ (x0 <<< 32) + veor q0, q0, q8 @ x0 ^ (x0 <<< 32) vext.8 q10, q4, q4, #12 - veor q1, q1, q9 + veor q1, q1, q9 vext.8 q11, q6, q6, #12 - veor q4, q4, q10 + veor q4, q4, q10 vext.8 q12, q3, q3, #12 - veor q6, q6, q11 + veor q6, q6, q11 vext.8 q13, q7, q7, #12 - veor q3, q3, q12 + veor q3, q3, q12 vext.8 q14, q2, q2, #12 - veor q7, q7, q13 + veor q7, q7, q13 vext.8 q15, q5, q5, #12 - veor q2, q2, q14 + veor q2, q2, q14 veor q9, q9, q0 - veor q5, q5, q15 - vext.8 q0, q0, q0, #8 @ (x0 ^ (x0 <<< 32)) <<< 64) + veor q5, q5, q15 + vext.8 q0, q0, q0, #8 @ (x0 ^ (x0 <<< 32)) <<< 64) veor q10, q10, q1 veor q8, q8, q5 veor q9, q9, q5 - vext.8 q1, q1, q1, #8 + vext.8 q1, q1, q1, #8 veor q13, q13, q3 - veor q0, q0, q8 + veor q0, q0, q8 veor q14, q14, q7 - veor q1, q1, q9 - vext.8 q8, q3, q3, #8 + veor q1, q1, q9 + vext.8 q8, q3, q3, #8 veor q12, q12, q6 - vext.8 q9, q7, q7, #8 + vext.8 q9, q7, q7, #8 veor q15, q15, q2 - vext.8 q3, q6, q6, #8 + vext.8 q3, q6, q6, #8 veor q11, q11, q4 - vext.8 q7, q5, q5, #8 + vext.8 q7, q5, q5, #8 veor q12, q12, q5 - vext.8 q6, q2, q2, #8 + vext.8 q6, q2, q2, #8 veor q11, q11, q5 - vext.8 q2, q4, q4, #8 + vext.8 q2, q4, q4, #8 veor q5, q9, q13 veor q4, q8, q12 veor q3, q3, q11 @@ -911,78 +922,78 @@ _bsaes_encrypt8_bitslice: vmov.i8 q8,#0x55 @ compose .LBS0 vmov.i8 q9,#0x33 @ compose .LBS1 vshr.u64 q10, q2, #1 - vshr.u64 q11, q3, #1 - veor q10, q10, q5 - veor q11, q11, q7 - vand q10, q10, q8 - vand q11, q11, q8 - veor q5, q5, q10 + vshr.u64 q11, q3, #1 + veor q10, q10, q5 + veor q11, q11, q7 + vand q10, q10, q8 + vand q11, q11, q8 + veor q5, q5, q10 vshl.u64 q10, q10, #1 - veor q7, q7, q11 - vshl.u64 q11, q11, #1 - veor q2, q2, q10 - veor q3, q3, q11 + veor q7, q7, q11 + vshl.u64 q11, q11, #1 + veor q2, q2, q10 + veor q3, q3, q11 vshr.u64 q10, q4, #1 - vshr.u64 q11, q0, #1 - veor q10, q10, q6 - veor q11, q11, q1 - vand q10, q10, q8 - vand q11, q11, q8 - veor q6, q6, q10 + vshr.u64 q11, q0, #1 + veor q10, q10, q6 + veor q11, q11, q1 + vand q10, q10, q8 + vand q11, q11, q8 + veor q6, q6, q10 vshl.u64 q10, q10, #1 - veor q1, q1, q11 - vshl.u64 q11, q11, #1 - veor q4, q4, q10 - veor q0, q0, q11 + veor q1, q1, q11 + vshl.u64 q11, q11, #1 + veor q4, q4, q10 + veor q0, q0, q11 vmov.i8 q8,#0x0f @ compose .LBS2 vshr.u64 q10, q7, #2 - vshr.u64 q11, q3, #2 - veor q10, q10, q5 - veor q11, q11, q2 - vand q10, q10, q9 - vand q11, q11, q9 - veor q5, q5, q10 + vshr.u64 q11, q3, #2 + veor q10, q10, q5 + veor q11, q11, q2 + vand q10, q10, q9 + vand q11, q11, q9 + veor q5, q5, q10 vshl.u64 q10, q10, #2 - veor q2, q2, q11 - vshl.u64 q11, q11, #2 - veor q7, q7, q10 - veor q3, q3, q11 + veor q2, q2, q11 + vshl.u64 q11, q11, #2 + veor q7, q7, q10 + veor q3, q3, q11 vshr.u64 q10, q1, #2 - vshr.u64 q11, q0, #2 - veor q10, q10, q6 - veor q11, q11, q4 - vand q10, q10, q9 - vand q11, q11, q9 - veor q6, q6, q10 + vshr.u64 q11, q0, #2 + veor q10, q10, q6 + veor q11, q11, q4 + vand q10, q10, q9 + vand q11, q11, q9 + veor q6, q6, q10 vshl.u64 q10, q10, #2 - veor q4, q4, q11 - vshl.u64 q11, q11, #2 - veor q1, q1, q10 - veor q0, q0, q11 + veor q4, q4, q11 + vshl.u64 q11, q11, #2 + veor q1, q1, q10 + veor q0, q0, q11 vshr.u64 q10, q6, #4 - vshr.u64 q11, q4, #4 - veor q10, q10, q5 - veor q11, q11, q2 - vand q10, q10, q8 - vand q11, q11, q8 - veor q5, q5, q10 + vshr.u64 q11, q4, #4 + veor q10, q10, q5 + veor q11, q11, q2 + vand q10, q10, q8 + vand q11, q11, q8 + veor q5, q5, q10 vshl.u64 q10, q10, #4 - veor q2, q2, q11 - vshl.u64 q11, q11, #4 - veor q6, q6, q10 - veor q4, q4, q11 + veor q2, q2, q11 + vshl.u64 q11, q11, #4 + veor q6, q6, q10 + veor q4, q4, q11 vshr.u64 q10, q1, #4 - vshr.u64 q11, q0, #4 - veor q10, q10, q7 - veor q11, q11, q3 - vand q10, q10, q8 - vand q11, q11, q8 - veor q7, q7, q10 + vshr.u64 q11, q0, #4 + veor q10, q10, q7 + veor q11, q11, q3 + vand q10, q10, q8 + vand q11, q11, q8 + veor q7, q7, q10 vshl.u64 q10, q10, #4 - veor q3, q3, q11 - vshl.u64 q11, q11, #4 - veor q1, q1, q10 - veor q0, q0, q11 + veor q3, q3, q11 + vshl.u64 q11, q11, #4 + veor q1, q1, q10 + veor q0, q0, q11 vldmia r4, {q8} @ last round key veor q4, q4, q8 veor q6, q6, q8 @@ -999,7 +1010,11 @@ _bsaes_encrypt8_bitslice: _bsaes_key_convert: adr r6,_bsaes_key_convert vld1.8 {q7}, [r4]! @ load round 0 key +#ifdef __APPLE__ + adr r6,.LM0 +#else sub r6,r6,#_bsaes_key_convert-.LM0 +#endif vld1.8 {q15}, [r4]! @ load round 1 key vmov.i8 q8, #0x01 @ bit masks @@ -1042,17 +1057,17 @@ _bsaes_key_convert: vrev32.8 q15, q15 #endif subs r5,r5,#1 - vstmia r12!,{q0-q7} @ write bit-sliced round key + vstmia r12!,{q0,q1,q2,q3,q4,q5,q6,q7} @ write bit-sliced round key bne .Lkey_loop vmov.i8 q7,#0x63 @ compose .L63 @ don't save last round key bx lr .size _bsaes_key_convert,.-_bsaes_key_convert -.extern AES_cbc_encrypt -.extern AES_decrypt -.global bsaes_cbc_encrypt + + +.globl bsaes_cbc_encrypt .hidden bsaes_cbc_encrypt .type bsaes_cbc_encrypt,%function .align 5 @@ -1071,7 +1086,7 @@ bsaes_cbc_encrypt: @ it is up to the caller to make sure we are called with enc == 0 mov ip, sp - stmdb sp!, {r4-r10, lr} + stmdb sp!, {r4,r5,r6,r7,r8,r9,r10, lr} VFP_ABI_PUSH ldr r8, [ip] @ IV is 1st arg on the stack mov r2, r2, lsr#4 @ len in 16 byte blocks @@ -1111,7 +1126,7 @@ bsaes_cbc_encrypt: vstmia r4, {q7} .align 2 -0: + #endif vld1.8 {q15}, [r8] @ load IV @@ -1122,33 +1137,33 @@ bsaes_cbc_encrypt: subs r2, r2, #0x8 bmi .Lcbc_dec_loop_finish - vld1.8 {q0-q1}, [r0]! @ load input - vld1.8 {q2-q3}, [r0]! + vld1.8 {q0,q1}, [r0]! @ load input + vld1.8 {q2,q3}, [r0]! #ifndef BSAES_ASM_EXTENDED_KEY mov r4, sp @ pass the key #else add r4, r3, #248 #endif - vld1.8 {q4-q5}, [r0]! + vld1.8 {q4,q5}, [r0]! mov r5, r10 - vld1.8 {q6-q7}, [r0] + vld1.8 {q6,q7}, [r0] sub r0, r0, #0x60 vstmia r9, {q15} @ put aside IV bl _bsaes_decrypt8 vldmia r9, {q14} @ reload IV - vld1.8 {q8-q9}, [r0]! @ reload input + vld1.8 {q8,q9}, [r0]! @ reload input veor q0, q0, q14 @ ^= IV - vld1.8 {q10-q11}, [r0]! + vld1.8 {q10,q11}, [r0]! veor q1, q1, q8 veor q6, q6, q9 - vld1.8 {q12-q13}, [r0]! + vld1.8 {q12,q13}, [r0]! veor q4, q4, q10 veor q2, q2, q11 - vld1.8 {q14-q15}, [r0]! + vld1.8 {q14,q15}, [r0]! veor q7, q7, q12 - vst1.8 {q0-q1}, [r1]! @ write output + vst1.8 {q0,q1}, [r1]! @ write output veor q3, q3, q13 vst1.8 {q6}, [r1]! veor q5, q5, q14 @@ -1192,17 +1207,17 @@ bsaes_cbc_encrypt: bl _bsaes_decrypt8 vldmia r9, {q14} @ reload IV - vld1.8 {q8-q9}, [r0]! @ reload input + vld1.8 {q8,q9}, [r0]! @ reload input veor q0, q0, q14 @ ^= IV - vld1.8 {q10-q11}, [r0]! + vld1.8 {q10,q11}, [r0]! veor q1, q1, q8 veor q6, q6, q9 - vld1.8 {q12-q13}, [r0]! + vld1.8 {q12,q13}, [r0]! veor q4, q4, q10 veor q2, q2, q11 vld1.8 {q15}, [r0]! veor q7, q7, q12 - vst1.8 {q0-q1}, [r1]! @ write output + vst1.8 {q0,q1}, [r1]! @ write output veor q3, q3, q13 vst1.8 {q6}, [r1]! vst1.8 {q4}, [r1]! @@ -1215,9 +1230,9 @@ bsaes_cbc_encrypt: sub r0, r0, #0x60 bl _bsaes_decrypt8 vldmia r9,{q14} @ reload IV - vld1.8 {q8-q9}, [r0]! @ reload input + vld1.8 {q8,q9}, [r0]! @ reload input veor q0, q0, q14 @ ^= IV - vld1.8 {q10-q11}, [r0]! + vld1.8 {q10,q11}, [r0]! veor q1, q1, q8 veor q6, q6, q9 vld1.8 {q12}, [r0]! @@ -1225,7 +1240,7 @@ bsaes_cbc_encrypt: veor q2, q2, q11 vld1.8 {q15}, [r0]! veor q7, q7, q12 - vst1.8 {q0-q1}, [r1]! @ write output + vst1.8 {q0,q1}, [r1]! @ write output vst1.8 {q6}, [r1]! vst1.8 {q4}, [r1]! vst1.8 {q2}, [r1]! @@ -1236,14 +1251,14 @@ bsaes_cbc_encrypt: sub r0, r0, #0x50 bl _bsaes_decrypt8 vldmia r9, {q14} @ reload IV - vld1.8 {q8-q9}, [r0]! @ reload input + vld1.8 {q8,q9}, [r0]! @ reload input veor q0, q0, q14 @ ^= IV - vld1.8 {q10-q11}, [r0]! + vld1.8 {q10,q11}, [r0]! veor q1, q1, q8 veor q6, q6, q9 vld1.8 {q15}, [r0]! veor q4, q4, q10 - vst1.8 {q0-q1}, [r1]! @ write output + vst1.8 {q0,q1}, [r1]! @ write output veor q2, q2, q11 vst1.8 {q6}, [r1]! vst1.8 {q4}, [r1]! @@ -1254,14 +1269,14 @@ bsaes_cbc_encrypt: sub r0, r0, #0x40 bl _bsaes_decrypt8 vldmia r9, {q14} @ reload IV - vld1.8 {q8-q9}, [r0]! @ reload input + vld1.8 {q8,q9}, [r0]! @ reload input veor q0, q0, q14 @ ^= IV vld1.8 {q10}, [r0]! veor q1, q1, q8 veor q6, q6, q9 vld1.8 {q15}, [r0]! veor q4, q4, q10 - vst1.8 {q0-q1}, [r1]! @ write output + vst1.8 {q0,q1}, [r1]! @ write output vst1.8 {q6}, [r1]! vst1.8 {q4}, [r1]! b .Lcbc_dec_done @@ -1270,12 +1285,12 @@ bsaes_cbc_encrypt: sub r0, r0, #0x30 bl _bsaes_decrypt8 vldmia r9, {q14} @ reload IV - vld1.8 {q8-q9}, [r0]! @ reload input + vld1.8 {q8,q9}, [r0]! @ reload input veor q0, q0, q14 @ ^= IV vld1.8 {q15}, [r0]! veor q1, q1, q8 veor q6, q6, q9 - vst1.8 {q0-q1}, [r1]! @ write output + vst1.8 {q0,q1}, [r1]! @ write output vst1.8 {q6}, [r1]! b .Lcbc_dec_done .align 4 @@ -1287,7 +1302,7 @@ bsaes_cbc_encrypt: veor q0, q0, q14 @ ^= IV vld1.8 {q15}, [r0]! @ reload input veor q1, q1, q8 - vst1.8 {q0-q1}, [r1]! @ write output + vst1.8 {q0,q1}, [r1]! @ write output b .Lcbc_dec_done .align 4 .Lcbc_dec_one: @@ -1307,20 +1322,20 @@ bsaes_cbc_encrypt: #ifndef BSAES_ASM_EXTENDED_KEY vmov.i32 q0, #0 vmov.i32 q1, #0 -.Lcbc_dec_bzero: @ wipe key schedule [if any] - vstmia sp!, {q0-q1} - cmp sp, r9 - bne .Lcbc_dec_bzero +.Lcbc_dec_bzero:@ wipe key schedule [if any] + vstmia sp!, {q0,q1} + cmp sp, r9 + bne .Lcbc_dec_bzero #endif mov sp, r9 add sp, #0x10 @ add sp,r9,#0x10 is no good for thumb vst1.8 {q15}, [r8] @ return IV VFP_ABI_POP - ldmia sp!, {r4-r10, pc} + ldmia sp!, {r4,r5,r6,r7,r8,r9,r10, pc} .size bsaes_cbc_encrypt,.-bsaes_cbc_encrypt -.extern AES_encrypt -.global bsaes_ctr32_encrypt_blocks + +.globl bsaes_ctr32_encrypt_blocks .hidden bsaes_ctr32_encrypt_blocks .type bsaes_ctr32_encrypt_blocks,%function .align 5 @@ -1329,7 +1344,7 @@ bsaes_ctr32_encrypt_blocks: blo .Lctr_enc_short @ small sizes mov ip, sp - stmdb sp!, {r4-r10, lr} + stmdb sp!, {r4,r5,r6,r7,r8,r9,r10, lr} VFP_ABI_PUSH ldr r8, [ip] @ ctr is 1st arg on the stack sub sp, sp, #0x10 @ scratch space to carry over the ctr @@ -1350,7 +1365,12 @@ bsaes_ctr32_encrypt_blocks: vstmia r12, {q7} @ save last round key vld1.8 {q0}, [r8] @ load counter +#ifdef __APPLE__ + mov r8, #.LREVM0SR-.LM0 + add r8, r6, r8 +#else add r8, r6, #.LREVM0SR-.LM0 @ borrow r8 +#endif vldmia sp, {q4} @ load round0 key #else ldr r12, [r3, #244] @@ -1367,7 +1387,7 @@ bsaes_ctr32_encrypt_blocks: vstmia r12, {q7} @ save last round key .align 2 -0: add r12, r3, #248 + add r12, r3, #248 vld1.8 {q0}, [r8] @ load counter adrl r8, .LREVM0SR @ borrow r8 vldmia r12, {q4} @ load round0 key @@ -1375,9 +1395,9 @@ bsaes_ctr32_encrypt_blocks: #endif vmov.i32 q8,#1 @ compose 1<<96 - veor q9,q9,q9 + veor q9,q9,q9 vrev32.8 q0,q0 - vext.8 q8,q9,q8,#4 + vext.8 q8,q9,q8,#4 vrev32.8 q4,q4 vadd.u32 q9,q8,q8 @ compose 2<<96 vstmia sp, {q4} @ save adjusted round0 key @@ -1398,117 +1418,122 @@ bsaes_ctr32_encrypt_blocks: @ Borrow prologue from _bsaes_encrypt8 to use the opportunity @ to flip byte order in 32-bit counter - vldmia sp, {q9} @ load round0 key + vldmia sp, {q9} @ load round0 key #ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x10 @ pass next round key + add r4, sp, #0x10 @ pass next round key #else - add r4, r3, #264 + add r4, r3, #264 #endif - vldmia r8, {q8} @ .LREVM0SR - mov r5, r10 @ pass rounds - vstmia r9, {q10} @ save next counter - sub r6, r8, #.LREVM0SR-.LSR @ pass constants - - bl _bsaes_encrypt8_alt - - subs r2, r2, #8 - blo .Lctr_enc_loop_done - - vld1.8 {q8-q9}, [r0]! @ load input - vld1.8 {q10-q11}, [r0]! - veor q0, q8 - veor q1, q9 - vld1.8 {q12-q13}, [r0]! - veor q4, q10 - veor q6, q11 - vld1.8 {q14-q15}, [r0]! - veor q3, q12 - vst1.8 {q0-q1}, [r1]! @ write output - veor q7, q13 - veor q2, q14 - vst1.8 {q4}, [r1]! - veor q5, q15 - vst1.8 {q6}, [r1]! + vldmia r8, {q8} @ .LREVM0SR + mov r5, r10 @ pass rounds + vstmia r9, {q10} @ save next counter +#ifdef __APPLE__ + mov r6, #.LREVM0SR-.LSR + sub r6, r8, r6 +#else + sub r6, r8, #.LREVM0SR-.LSR @ pass constants +#endif + + bl _bsaes_encrypt8_alt + + subs r2, r2, #8 + blo .Lctr_enc_loop_done + + vld1.8 {q8,q9}, [r0]! @ load input + vld1.8 {q10,q11}, [r0]! + veor q0, q8 + veor q1, q9 + vld1.8 {q12,q13}, [r0]! + veor q4, q10 + veor q6, q11 + vld1.8 {q14,q15}, [r0]! + veor q3, q12 + vst1.8 {q0,q1}, [r1]! @ write output + veor q7, q13 + veor q2, q14 + vst1.8 {q4}, [r1]! + veor q5, q15 + vst1.8 {q6}, [r1]! vmov.i32 q8, #1 @ compose 1<<96 - vst1.8 {q3}, [r1]! - veor q9, q9, q9 - vst1.8 {q7}, [r1]! - vext.8 q8, q9, q8, #4 - vst1.8 {q2}, [r1]! + vst1.8 {q3}, [r1]! + veor q9, q9, q9 + vst1.8 {q7}, [r1]! + vext.8 q8, q9, q8, #4 + vst1.8 {q2}, [r1]! vadd.u32 q9,q8,q8 @ compose 2<<96 - vst1.8 {q5}, [r1]! - vldmia r9, {q0} @ load counter + vst1.8 {q5}, [r1]! + vldmia r9, {q0} @ load counter - bne .Lctr_enc_loop - b .Lctr_enc_done + bne .Lctr_enc_loop + b .Lctr_enc_done .align 4 .Lctr_enc_loop_done: - add r2, r2, #8 - vld1.8 {q8}, [r0]! @ load input - veor q0, q8 - vst1.8 {q0}, [r1]! @ write output - cmp r2, #2 - blo .Lctr_enc_done - vld1.8 {q9}, [r0]! - veor q1, q9 - vst1.8 {q1}, [r1]! - beq .Lctr_enc_done - vld1.8 {q10}, [r0]! - veor q4, q10 - vst1.8 {q4}, [r1]! - cmp r2, #4 - blo .Lctr_enc_done - vld1.8 {q11}, [r0]! - veor q6, q11 - vst1.8 {q6}, [r1]! - beq .Lctr_enc_done - vld1.8 {q12}, [r0]! - veor q3, q12 - vst1.8 {q3}, [r1]! - cmp r2, #6 - blo .Lctr_enc_done - vld1.8 {q13}, [r0]! - veor q7, q13 - vst1.8 {q7}, [r1]! - beq .Lctr_enc_done - vld1.8 {q14}, [r0] - veor q2, q14 - vst1.8 {q2}, [r1]! + add r2, r2, #8 + vld1.8 {q8}, [r0]! @ load input + veor q0, q8 + vst1.8 {q0}, [r1]! @ write output + cmp r2, #2 + blo .Lctr_enc_done + vld1.8 {q9}, [r0]! + veor q1, q9 + vst1.8 {q1}, [r1]! + beq .Lctr_enc_done + vld1.8 {q10}, [r0]! + veor q4, q10 + vst1.8 {q4}, [r1]! + cmp r2, #4 + blo .Lctr_enc_done + vld1.8 {q11}, [r0]! + veor q6, q11 + vst1.8 {q6}, [r1]! + beq .Lctr_enc_done + vld1.8 {q12}, [r0]! + veor q3, q12 + vst1.8 {q3}, [r1]! + cmp r2, #6 + blo .Lctr_enc_done + vld1.8 {q13}, [r0]! + veor q7, q13 + vst1.8 {q7}, [r1]! + beq .Lctr_enc_done + vld1.8 {q14}, [r0] + veor q2, q14 + vst1.8 {q2}, [r1]! .Lctr_enc_done: vmov.i32 q0, #0 vmov.i32 q1, #0 #ifndef BSAES_ASM_EXTENDED_KEY -.Lctr_enc_bzero: @ wipe key schedule [if any] - vstmia sp!, {q0-q1} - cmp sp, r9 - bne .Lctr_enc_bzero +.Lctr_enc_bzero:@ wipe key schedule [if any] + vstmia sp!, {q0,q1} + cmp sp, r9 + bne .Lctr_enc_bzero #else - vstmia sp, {q0-q1} + vstmia sp, {q0,q1} #endif mov sp, r9 add sp, #0x10 @ add sp,r9,#0x10 is no good for thumb VFP_ABI_POP - ldmia sp!, {r4-r10, pc} @ return + ldmia sp!, {r4,r5,r6,r7,r8,r9,r10, pc} @ return .align 4 .Lctr_enc_short: ldr ip, [sp] @ ctr pointer is passed on stack - stmdb sp!, {r4-r8, lr} + stmdb sp!, {r4,r5,r6,r7,r8, lr} mov r4, r0 @ copy arguments mov r5, r1 mov r6, r2 mov r7, r3 - ldr r8, [ip, #12] @ load counter LSW + ldr r8, [ip, #12] @ load counter .LSW vld1.8 {q1}, [ip] @ load whole counter value #ifdef __ARMEL__ rev r8, r8 #endif sub sp, sp, #0x10 - vst1.8 {q1}, [sp,:64] @ copy counter value + vst1.8 {q1}, [sp] @ copy counter value sub sp, sp, #0x10 .Lctr_enc_short_loop: @@ -1519,7 +1544,7 @@ bsaes_ctr32_encrypt_blocks: bl AES_encrypt vld1.8 {q0}, [r4]! @ load input - vld1.8 {q1}, [sp,:64] @ load encrypted counter + vld1.8 {q1}, [sp] @ load encrypted counter add r8, r8, #1 #ifdef __ARMEL__ rev r0, r8 @@ -1534,9 +1559,9 @@ bsaes_ctr32_encrypt_blocks: vmov.i32 q0, #0 vmov.i32 q1, #0 - vstmia sp!, {q0-q1} + vstmia sp!, {q0,q1} - ldmia sp!, {r4-r8, pc} + ldmia sp!, {r4,r5,r6,r7,r8, pc} .size bsaes_ctr32_encrypt_blocks,.-bsaes_ctr32_encrypt_blocks .globl bsaes_xts_encrypt .hidden bsaes_xts_encrypt @@ -1544,7 +1569,7 @@ bsaes_ctr32_encrypt_blocks: .align 4 bsaes_xts_encrypt: mov ip, sp - stmdb sp!, {r4-r10, lr} @ 0x20 + stmdb sp!, {r4,r5,r6,r7,r8,r9,r10, lr} @ 0x20 VFP_ABI_PUSH mov r6, sp @ future r3 @@ -1598,7 +1623,7 @@ bsaes_xts_encrypt: vstmia r12, {q7} .align 2 -0: sub sp, #0x90 @ place for tweak[9] + sub sp, #0x90 @ place for tweak[9] #endif vld1.8 {q8}, [r0] @ initial tweak @@ -1610,422 +1635,422 @@ bsaes_xts_encrypt: .align 4 .Lxts_enc_loop: - vldmia r2, {q5} @ load XTS magic + vldmia r2, {q5} @ load XTS magic vshr.s64 q6, q8, #63 - mov r0, sp - vand q6, q6, q5 + mov r0, sp + vand q6, q6, q5 vadd.u64 q9, q8, q8 - vst1.64 {q8}, [r0,:128]! - vswp d13,d12 + vst1.64 {q8}, [r0,:128]! + vswp d13,d12 vshr.s64 q7, q9, #63 - veor q9, q9, q6 - vand q7, q7, q5 + veor q9, q9, q6 + vand q7, q7, q5 vadd.u64 q10, q9, q9 - vst1.64 {q9}, [r0,:128]! - vswp d15,d14 + vst1.64 {q9}, [r0,:128]! + vswp d15,d14 vshr.s64 q6, q10, #63 - veor q10, q10, q7 - vand q6, q6, q5 - vld1.8 {q0}, [r7]! + veor q10, q10, q7 + vand q6, q6, q5 + vld1.8 {q0}, [r7]! vadd.u64 q11, q10, q10 - vst1.64 {q10}, [r0,:128]! - vswp d13,d12 + vst1.64 {q10}, [r0,:128]! + vswp d13,d12 vshr.s64 q7, q11, #63 - veor q11, q11, q6 - vand q7, q7, q5 - vld1.8 {q1}, [r7]! - veor q0, q0, q8 + veor q11, q11, q6 + vand q7, q7, q5 + vld1.8 {q1}, [r7]! + veor q0, q0, q8 vadd.u64 q12, q11, q11 - vst1.64 {q11}, [r0,:128]! - vswp d15,d14 + vst1.64 {q11}, [r0,:128]! + vswp d15,d14 vshr.s64 q6, q12, #63 - veor q12, q12, q7 - vand q6, q6, q5 - vld1.8 {q2}, [r7]! - veor q1, q1, q9 + veor q12, q12, q7 + vand q6, q6, q5 + vld1.8 {q2}, [r7]! + veor q1, q1, q9 vadd.u64 q13, q12, q12 - vst1.64 {q12}, [r0,:128]! - vswp d13,d12 + vst1.64 {q12}, [r0,:128]! + vswp d13,d12 vshr.s64 q7, q13, #63 - veor q13, q13, q6 - vand q7, q7, q5 - vld1.8 {q3}, [r7]! - veor q2, q2, q10 + veor q13, q13, q6 + vand q7, q7, q5 + vld1.8 {q3}, [r7]! + veor q2, q2, q10 vadd.u64 q14, q13, q13 - vst1.64 {q13}, [r0,:128]! - vswp d15,d14 + vst1.64 {q13}, [r0,:128]! + vswp d15,d14 vshr.s64 q6, q14, #63 - veor q14, q14, q7 - vand q6, q6, q5 - vld1.8 {q4}, [r7]! - veor q3, q3, q11 + veor q14, q14, q7 + vand q6, q6, q5 + vld1.8 {q4}, [r7]! + veor q3, q3, q11 vadd.u64 q15, q14, q14 - vst1.64 {q14}, [r0,:128]! - vswp d13,d12 + vst1.64 {q14}, [r0,:128]! + vswp d13,d12 vshr.s64 q7, q15, #63 - veor q15, q15, q6 - vand q7, q7, q5 - vld1.8 {q5}, [r7]! - veor q4, q4, q12 + veor q15, q15, q6 + vand q7, q7, q5 + vld1.8 {q5}, [r7]! + veor q4, q4, q12 vadd.u64 q8, q15, q15 - vst1.64 {q15}, [r0,:128]! - vswp d15,d14 - veor q8, q8, q7 - vst1.64 {q8}, [r0,:128] @ next round tweak + vst1.64 {q15}, [r0,:128]! + vswp d15,d14 + veor q8, q8, q7 + vst1.64 {q8}, [r0,:128] @ next round tweak - vld1.8 {q6-q7}, [r7]! - veor q5, q5, q13 + vld1.8 {q6,q7}, [r7]! + veor q5, q5, q13 #ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule + add r4, sp, #0x90 @ pass key schedule #else - add r4, r10, #248 @ pass key schedule + add r4, r10, #248 @ pass key schedule #endif - veor q6, q6, q14 - mov r5, r1 @ pass rounds - veor q7, q7, q15 - mov r0, sp - - bl _bsaes_encrypt8 - - vld1.64 {q8-q9}, [r0,:128]! - vld1.64 {q10-q11}, [r0,:128]! - veor q0, q0, q8 - vld1.64 {q12-q13}, [r0,:128]! - veor q1, q1, q9 - veor q8, q4, q10 - vst1.8 {q0-q1}, [r8]! - veor q9, q6, q11 - vld1.64 {q14-q15}, [r0,:128]! - veor q10, q3, q12 - vst1.8 {q8-q9}, [r8]! - veor q11, q7, q13 - veor q12, q2, q14 - vst1.8 {q10-q11}, [r8]! - veor q13, q5, q15 - vst1.8 {q12-q13}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - - subs r9, #0x80 - bpl .Lxts_enc_loop + veor q6, q6, q14 + mov r5, r1 @ pass rounds + veor q7, q7, q15 + mov r0, sp + + bl _bsaes_encrypt8 + + vld1.64 {q8,q9}, [r0,:128]! + vld1.64 {q10,q11}, [r0,:128]! + veor q0, q0, q8 + vld1.64 {q12,q13}, [r0,:128]! + veor q1, q1, q9 + veor q8, q4, q10 + vst1.8 {q0,q1}, [r8]! + veor q9, q6, q11 + vld1.64 {q14,q15}, [r0,:128]! + veor q10, q3, q12 + vst1.8 {q8,q9}, [r8]! + veor q11, q7, q13 + veor q12, q2, q14 + vst1.8 {q10,q11}, [r8]! + veor q13, q5, q15 + vst1.8 {q12,q13}, [r8]! + + vld1.64 {q8}, [r0,:128] @ next round tweak + + subs r9, #0x80 + bpl .Lxts_enc_loop .Lxts_enc_short: - adds r9, #0x70 - bmi .Lxts_enc_done + adds r9, #0x70 + bmi .Lxts_enc_done - vldmia r2, {q5} @ load XTS magic + vldmia r2, {q5} @ load XTS magic vshr.s64 q7, q8, #63 - mov r0, sp - vand q7, q7, q5 + mov r0, sp + vand q7, q7, q5 vadd.u64 q9, q8, q8 - vst1.64 {q8}, [r0,:128]! - vswp d15,d14 + vst1.64 {q8}, [r0,:128]! + vswp d15,d14 vshr.s64 q6, q9, #63 - veor q9, q9, q7 - vand q6, q6, q5 + veor q9, q9, q7 + vand q6, q6, q5 vadd.u64 q10, q9, q9 - vst1.64 {q9}, [r0,:128]! - vswp d13,d12 + vst1.64 {q9}, [r0,:128]! + vswp d13,d12 vshr.s64 q7, q10, #63 - veor q10, q10, q6 - vand q7, q7, q5 - vld1.8 {q0}, [r7]! - subs r9, #0x10 - bmi .Lxts_enc_1 + veor q10, q10, q6 + vand q7, q7, q5 + vld1.8 {q0}, [r7]! + subs r9, #0x10 + bmi .Lxts_enc_1 vadd.u64 q11, q10, q10 - vst1.64 {q10}, [r0,:128]! - vswp d15,d14 + vst1.64 {q10}, [r0,:128]! + vswp d15,d14 vshr.s64 q6, q11, #63 - veor q11, q11, q7 - vand q6, q6, q5 - vld1.8 {q1}, [r7]! - subs r9, #0x10 - bmi .Lxts_enc_2 - veor q0, q0, q8 + veor q11, q11, q7 + vand q6, q6, q5 + vld1.8 {q1}, [r7]! + subs r9, #0x10 + bmi .Lxts_enc_2 + veor q0, q0, q8 vadd.u64 q12, q11, q11 - vst1.64 {q11}, [r0,:128]! - vswp d13,d12 + vst1.64 {q11}, [r0,:128]! + vswp d13,d12 vshr.s64 q7, q12, #63 - veor q12, q12, q6 - vand q7, q7, q5 - vld1.8 {q2}, [r7]! - subs r9, #0x10 - bmi .Lxts_enc_3 - veor q1, q1, q9 + veor q12, q12, q6 + vand q7, q7, q5 + vld1.8 {q2}, [r7]! + subs r9, #0x10 + bmi .Lxts_enc_3 + veor q1, q1, q9 vadd.u64 q13, q12, q12 - vst1.64 {q12}, [r0,:128]! - vswp d15,d14 + vst1.64 {q12}, [r0,:128]! + vswp d15,d14 vshr.s64 q6, q13, #63 - veor q13, q13, q7 - vand q6, q6, q5 - vld1.8 {q3}, [r7]! - subs r9, #0x10 - bmi .Lxts_enc_4 - veor q2, q2, q10 + veor q13, q13, q7 + vand q6, q6, q5 + vld1.8 {q3}, [r7]! + subs r9, #0x10 + bmi .Lxts_enc_4 + veor q2, q2, q10 vadd.u64 q14, q13, q13 - vst1.64 {q13}, [r0,:128]! - vswp d13,d12 + vst1.64 {q13}, [r0,:128]! + vswp d13,d12 vshr.s64 q7, q14, #63 - veor q14, q14, q6 - vand q7, q7, q5 - vld1.8 {q4}, [r7]! - subs r9, #0x10 - bmi .Lxts_enc_5 - veor q3, q3, q11 + veor q14, q14, q6 + vand q7, q7, q5 + vld1.8 {q4}, [r7]! + subs r9, #0x10 + bmi .Lxts_enc_5 + veor q3, q3, q11 vadd.u64 q15, q14, q14 - vst1.64 {q14}, [r0,:128]! - vswp d15,d14 + vst1.64 {q14}, [r0,:128]! + vswp d15,d14 vshr.s64 q6, q15, #63 - veor q15, q15, q7 - vand q6, q6, q5 - vld1.8 {q5}, [r7]! - subs r9, #0x10 - bmi .Lxts_enc_6 - veor q4, q4, q12 - sub r9, #0x10 - vst1.64 {q15}, [r0,:128] @ next round tweak - - vld1.8 {q6}, [r7]! - veor q5, q5, q13 + veor q15, q15, q7 + vand q6, q6, q5 + vld1.8 {q5}, [r7]! + subs r9, #0x10 + bmi .Lxts_enc_6 + veor q4, q4, q12 + sub r9, #0x10 + vst1.64 {q15}, [r0,:128] @ next round tweak + + vld1.8 {q6}, [r7]! + veor q5, q5, q13 #ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule + add r4, sp, #0x90 @ pass key schedule #else - add r4, r10, #248 @ pass key schedule + add r4, r10, #248 @ pass key schedule #endif - veor q6, q6, q14 - mov r5, r1 @ pass rounds - mov r0, sp - - bl _bsaes_encrypt8 - - vld1.64 {q8-q9}, [r0,:128]! - vld1.64 {q10-q11}, [r0,:128]! - veor q0, q0, q8 - vld1.64 {q12-q13}, [r0,:128]! - veor q1, q1, q9 - veor q8, q4, q10 - vst1.8 {q0-q1}, [r8]! - veor q9, q6, q11 - vld1.64 {q14}, [r0,:128]! - veor q10, q3, q12 - vst1.8 {q8-q9}, [r8]! - veor q11, q7, q13 - veor q12, q2, q14 - vst1.8 {q10-q11}, [r8]! - vst1.8 {q12}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - b .Lxts_enc_done + veor q6, q6, q14 + mov r5, r1 @ pass rounds + mov r0, sp + + bl _bsaes_encrypt8 + + vld1.64 {q8,q9}, [r0,:128]! + vld1.64 {q10,q11}, [r0,:128]! + veor q0, q0, q8 + vld1.64 {q12,q13}, [r0,:128]! + veor q1, q1, q9 + veor q8, q4, q10 + vst1.8 {q0,q1}, [r8]! + veor q9, q6, q11 + vld1.64 {q14}, [r0,:128]! + veor q10, q3, q12 + vst1.8 {q8,q9}, [r8]! + veor q11, q7, q13 + veor q12, q2, q14 + vst1.8 {q10,q11}, [r8]! + vst1.8 {q12}, [r8]! + + vld1.64 {q8}, [r0,:128] @ next round tweak + b .Lxts_enc_done .align 4 .Lxts_enc_6: - vst1.64 {q14}, [r0,:128] @ next round tweak + vst1.64 {q14}, [r0,:128] @ next round tweak - veor q4, q4, q12 + veor q4, q4, q12 #ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule + add r4, sp, #0x90 @ pass key schedule #else - add r4, r10, #248 @ pass key schedule + add r4, r10, #248 @ pass key schedule #endif - veor q5, q5, q13 - mov r5, r1 @ pass rounds - mov r0, sp - - bl _bsaes_encrypt8 - - vld1.64 {q8-q9}, [r0,:128]! - vld1.64 {q10-q11}, [r0,:128]! - veor q0, q0, q8 - vld1.64 {q12-q13}, [r0,:128]! - veor q1, q1, q9 - veor q8, q4, q10 - vst1.8 {q0-q1}, [r8]! - veor q9, q6, q11 - veor q10, q3, q12 - vst1.8 {q8-q9}, [r8]! - veor q11, q7, q13 - vst1.8 {q10-q11}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - b .Lxts_enc_done + veor q5, q5, q13 + mov r5, r1 @ pass rounds + mov r0, sp + + bl _bsaes_encrypt8 + + vld1.64 {q8,q9}, [r0,:128]! + vld1.64 {q10,q11}, [r0,:128]! + veor q0, q0, q8 + vld1.64 {q12,q13}, [r0,:128]! + veor q1, q1, q9 + veor q8, q4, q10 + vst1.8 {q0,q1}, [r8]! + veor q9, q6, q11 + veor q10, q3, q12 + vst1.8 {q8,q9}, [r8]! + veor q11, q7, q13 + vst1.8 {q10,q11}, [r8]! + + vld1.64 {q8}, [r0,:128] @ next round tweak + b .Lxts_enc_done @ put this in range for both ARM and Thumb mode adr instructions .align 5 .Lxts_magic: - .quad 1, 0x87 +.quad 1, 0x87 .align 5 .Lxts_enc_5: - vst1.64 {q13}, [r0,:128] @ next round tweak + vst1.64 {q13}, [r0,:128] @ next round tweak - veor q3, q3, q11 + veor q3, q3, q11 #ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule + add r4, sp, #0x90 @ pass key schedule #else - add r4, r10, #248 @ pass key schedule + add r4, r10, #248 @ pass key schedule #endif - veor q4, q4, q12 - mov r5, r1 @ pass rounds - mov r0, sp - - bl _bsaes_encrypt8 - - vld1.64 {q8-q9}, [r0,:128]! - vld1.64 {q10-q11}, [r0,:128]! - veor q0, q0, q8 - vld1.64 {q12}, [r0,:128]! - veor q1, q1, q9 - veor q8, q4, q10 - vst1.8 {q0-q1}, [r8]! - veor q9, q6, q11 - veor q10, q3, q12 - vst1.8 {q8-q9}, [r8]! - vst1.8 {q10}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - b .Lxts_enc_done + veor q4, q4, q12 + mov r5, r1 @ pass rounds + mov r0, sp + + bl _bsaes_encrypt8 + + vld1.64 {q8,q9}, [r0,:128]! + vld1.64 {q10,q11}, [r0,:128]! + veor q0, q0, q8 + vld1.64 {q12}, [r0,:128]! + veor q1, q1, q9 + veor q8, q4, q10 + vst1.8 {q0,q1}, [r8]! + veor q9, q6, q11 + veor q10, q3, q12 + vst1.8 {q8,q9}, [r8]! + vst1.8 {q10}, [r8]! + + vld1.64 {q8}, [r0,:128] @ next round tweak + b .Lxts_enc_done .align 4 .Lxts_enc_4: - vst1.64 {q12}, [r0,:128] @ next round tweak + vst1.64 {q12}, [r0,:128] @ next round tweak - veor q2, q2, q10 + veor q2, q2, q10 #ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule + add r4, sp, #0x90 @ pass key schedule #else - add r4, r10, #248 @ pass key schedule + add r4, r10, #248 @ pass key schedule #endif - veor q3, q3, q11 - mov r5, r1 @ pass rounds - mov r0, sp - - bl _bsaes_encrypt8 - - vld1.64 {q8-q9}, [r0,:128]! - vld1.64 {q10-q11}, [r0,:128]! - veor q0, q0, q8 - veor q1, q1, q9 - veor q8, q4, q10 - vst1.8 {q0-q1}, [r8]! - veor q9, q6, q11 - vst1.8 {q8-q9}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - b .Lxts_enc_done + veor q3, q3, q11 + mov r5, r1 @ pass rounds + mov r0, sp + + bl _bsaes_encrypt8 + + vld1.64 {q8,q9}, [r0,:128]! + vld1.64 {q10,q11}, [r0,:128]! + veor q0, q0, q8 + veor q1, q1, q9 + veor q8, q4, q10 + vst1.8 {q0,q1}, [r8]! + veor q9, q6, q11 + vst1.8 {q8,q9}, [r8]! + + vld1.64 {q8}, [r0,:128] @ next round tweak + b .Lxts_enc_done .align 4 .Lxts_enc_3: - vst1.64 {q11}, [r0,:128] @ next round tweak + vst1.64 {q11}, [r0,:128] @ next round tweak - veor q1, q1, q9 + veor q1, q1, q9 #ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule + add r4, sp, #0x90 @ pass key schedule #else - add r4, r10, #248 @ pass key schedule + add r4, r10, #248 @ pass key schedule #endif - veor q2, q2, q10 - mov r5, r1 @ pass rounds - mov r0, sp - - bl _bsaes_encrypt8 - - vld1.64 {q8-q9}, [r0,:128]! - vld1.64 {q10}, [r0,:128]! - veor q0, q0, q8 - veor q1, q1, q9 - veor q8, q4, q10 - vst1.8 {q0-q1}, [r8]! - vst1.8 {q8}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - b .Lxts_enc_done + veor q2, q2, q10 + mov r5, r1 @ pass rounds + mov r0, sp + + bl _bsaes_encrypt8 + + vld1.64 {q8,q9}, [r0,:128]! + vld1.64 {q10}, [r0,:128]! + veor q0, q0, q8 + veor q1, q1, q9 + veor q8, q4, q10 + vst1.8 {q0,q1}, [r8]! + vst1.8 {q8}, [r8]! + + vld1.64 {q8}, [r0,:128] @ next round tweak + b .Lxts_enc_done .align 4 .Lxts_enc_2: - vst1.64 {q10}, [r0,:128] @ next round tweak + vst1.64 {q10}, [r0,:128] @ next round tweak - veor q0, q0, q8 + veor q0, q0, q8 #ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule + add r4, sp, #0x90 @ pass key schedule #else - add r4, r10, #248 @ pass key schedule + add r4, r10, #248 @ pass key schedule #endif - veor q1, q1, q9 - mov r5, r1 @ pass rounds - mov r0, sp + veor q1, q1, q9 + mov r5, r1 @ pass rounds + mov r0, sp - bl _bsaes_encrypt8 + bl _bsaes_encrypt8 - vld1.64 {q8-q9}, [r0,:128]! - veor q0, q0, q8 - veor q1, q1, q9 - vst1.8 {q0-q1}, [r8]! + vld1.64 {q8,q9}, [r0,:128]! + veor q0, q0, q8 + veor q1, q1, q9 + vst1.8 {q0,q1}, [r8]! - vld1.64 {q8}, [r0,:128] @ next round tweak - b .Lxts_enc_done + vld1.64 {q8}, [r0,:128] @ next round tweak + b .Lxts_enc_done .align 4 .Lxts_enc_1: - mov r0, sp - veor q0, q8 - mov r1, sp - vst1.8 {q0}, [sp,:128] - mov r2, r10 - mov r4, r3 @ preserve fp + mov r0, sp + veor q0, q8 + mov r1, sp + vst1.8 {q0}, [sp,:128] + mov r2, r10 + mov r4, r3 @ preserve fp - bl AES_encrypt + bl AES_encrypt - vld1.8 {q0}, [sp,:128] - veor q0, q0, q8 - vst1.8 {q0}, [r8]! - mov r3, r4 + vld1.8 {q0}, [sp,:128] + veor q0, q0, q8 + vst1.8 {q0}, [r8]! + mov r3, r4 - vmov q8, q9 @ next round tweak + vmov q8, q9 @ next round tweak .Lxts_enc_done: #ifndef XTS_CHAIN_TWEAK - adds r9, #0x10 - beq .Lxts_enc_ret - sub r6, r8, #0x10 + adds r9, #0x10 + beq .Lxts_enc_ret + sub r6, r8, #0x10 .Lxts_enc_steal: - ldrb r0, [r7], #1 - ldrb r1, [r8, #-0x10] - strb r0, [r8, #-0x10] - strb r1, [r8], #1 - - subs r9, #1 - bhi .Lxts_enc_steal - - vld1.8 {q0}, [r6] - mov r0, sp - veor q0, q0, q8 - mov r1, sp - vst1.8 {q0}, [sp,:128] - mov r2, r10 - mov r4, r3 @ preserve fp - - bl AES_encrypt - - vld1.8 {q0}, [sp,:128] - veor q0, q0, q8 - vst1.8 {q0}, [r6] - mov r3, r4 + ldrb r0, [r7], #1 + ldrb r1, [r8, #-0x10] + strb r0, [r8, #-0x10] + strb r1, [r8], #1 + + subs r9, #1 + bhi .Lxts_enc_steal + + vld1.8 {q0}, [r6] + mov r0, sp + veor q0, q0, q8 + mov r1, sp + vst1.8 {q0}, [sp,:128] + mov r2, r10 + mov r4, r3 @ preserve fp + + bl AES_encrypt + + vld1.8 {q0}, [sp,:128] + veor q0, q0, q8 + vst1.8 {q0}, [r6] + mov r3, r4 #endif .Lxts_enc_ret: - bic r0, r3, #0xf + bic r0, r3, #0xf vmov.i32 q0, #0 vmov.i32 q1, #0 #ifdef XTS_CHAIN_TWEAK - ldr r1, [r3, #0x20+VFP_ABI_FRAME] @ chain tweak + ldr r1, [r3, #0x20+VFP_ABI_FRAME] @ chain tweak #endif -.Lxts_enc_bzero: @ wipe key schedule [if any] - vstmia sp!, {q0-q1} - cmp sp, r0 - bne .Lxts_enc_bzero +.Lxts_enc_bzero:@ wipe key schedule [if any] + vstmia sp!, {q0,q1} + cmp sp, r0 + bne .Lxts_enc_bzero - mov sp, r3 + mov sp, r3 #ifdef XTS_CHAIN_TWEAK - vst1.8 {q8}, [r1] + vst1.8 {q8}, [r1] #endif VFP_ABI_POP - ldmia sp!, {r4-r10, pc} @ return + ldmia sp!, {r4,r5,r6,r7,r8,r9,r10, pc} @ return .size bsaes_xts_encrypt,.-bsaes_xts_encrypt @@ -2035,7 +2060,7 @@ bsaes_xts_encrypt: .align 4 bsaes_xts_decrypt: mov ip, sp - stmdb sp!, {r4-r10, lr} @ 0x20 + stmdb sp!, {r4,r5,r6,r7,r8,r9,r10, lr} @ 0x20 VFP_ABI_PUSH mov r6, sp @ future r3 @@ -2095,14 +2120,16 @@ bsaes_xts_decrypt: vstmia r4, {q7} .align 2 -0: sub sp, #0x90 @ place for tweak[9] + sub sp, #0x90 @ place for tweak[9] #endif vld1.8 {q8}, [r0] @ initial tweak adr r2, .Lxts_magic +#ifndef XTS_CHAIN_TWEAK tst r9, #0xf @ if not multiple of 16 it ne @ Thumb2 thing, sanity check in ARM subne r9, #0x10 @ subtract another 16 bytes +#endif subs r9, #0x80 blo .Lxts_dec_short @@ -2110,440 +2137,440 @@ bsaes_xts_decrypt: .align 4 .Lxts_dec_loop: - vldmia r2, {q5} @ load XTS magic + vldmia r2, {q5} @ load XTS magic vshr.s64 q6, q8, #63 - mov r0, sp - vand q6, q6, q5 + mov r0, sp + vand q6, q6, q5 vadd.u64 q9, q8, q8 - vst1.64 {q8}, [r0,:128]! - vswp d13,d12 + vst1.64 {q8}, [r0,:128]! + vswp d13,d12 vshr.s64 q7, q9, #63 - veor q9, q9, q6 - vand q7, q7, q5 + veor q9, q9, q6 + vand q7, q7, q5 vadd.u64 q10, q9, q9 - vst1.64 {q9}, [r0,:128]! - vswp d15,d14 + vst1.64 {q9}, [r0,:128]! + vswp d15,d14 vshr.s64 q6, q10, #63 - veor q10, q10, q7 - vand q6, q6, q5 - vld1.8 {q0}, [r7]! + veor q10, q10, q7 + vand q6, q6, q5 + vld1.8 {q0}, [r7]! vadd.u64 q11, q10, q10 - vst1.64 {q10}, [r0,:128]! - vswp d13,d12 + vst1.64 {q10}, [r0,:128]! + vswp d13,d12 vshr.s64 q7, q11, #63 - veor q11, q11, q6 - vand q7, q7, q5 - vld1.8 {q1}, [r7]! - veor q0, q0, q8 + veor q11, q11, q6 + vand q7, q7, q5 + vld1.8 {q1}, [r7]! + veor q0, q0, q8 vadd.u64 q12, q11, q11 - vst1.64 {q11}, [r0,:128]! - vswp d15,d14 + vst1.64 {q11}, [r0,:128]! + vswp d15,d14 vshr.s64 q6, q12, #63 - veor q12, q12, q7 - vand q6, q6, q5 - vld1.8 {q2}, [r7]! - veor q1, q1, q9 + veor q12, q12, q7 + vand q6, q6, q5 + vld1.8 {q2}, [r7]! + veor q1, q1, q9 vadd.u64 q13, q12, q12 - vst1.64 {q12}, [r0,:128]! - vswp d13,d12 + vst1.64 {q12}, [r0,:128]! + vswp d13,d12 vshr.s64 q7, q13, #63 - veor q13, q13, q6 - vand q7, q7, q5 - vld1.8 {q3}, [r7]! - veor q2, q2, q10 + veor q13, q13, q6 + vand q7, q7, q5 + vld1.8 {q3}, [r7]! + veor q2, q2, q10 vadd.u64 q14, q13, q13 - vst1.64 {q13}, [r0,:128]! - vswp d15,d14 + vst1.64 {q13}, [r0,:128]! + vswp d15,d14 vshr.s64 q6, q14, #63 - veor q14, q14, q7 - vand q6, q6, q5 - vld1.8 {q4}, [r7]! - veor q3, q3, q11 + veor q14, q14, q7 + vand q6, q6, q5 + vld1.8 {q4}, [r7]! + veor q3, q3, q11 vadd.u64 q15, q14, q14 - vst1.64 {q14}, [r0,:128]! - vswp d13,d12 + vst1.64 {q14}, [r0,:128]! + vswp d13,d12 vshr.s64 q7, q15, #63 - veor q15, q15, q6 - vand q7, q7, q5 - vld1.8 {q5}, [r7]! - veor q4, q4, q12 + veor q15, q15, q6 + vand q7, q7, q5 + vld1.8 {q5}, [r7]! + veor q4, q4, q12 vadd.u64 q8, q15, q15 - vst1.64 {q15}, [r0,:128]! - vswp d15,d14 - veor q8, q8, q7 - vst1.64 {q8}, [r0,:128] @ next round tweak + vst1.64 {q15}, [r0,:128]! + vswp d15,d14 + veor q8, q8, q7 + vst1.64 {q8}, [r0,:128] @ next round tweak - vld1.8 {q6-q7}, [r7]! - veor q5, q5, q13 + vld1.8 {q6,q7}, [r7]! + veor q5, q5, q13 #ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule + add r4, sp, #0x90 @ pass key schedule #else - add r4, r10, #248 @ pass key schedule + add r4, r10, #248 @ pass key schedule #endif - veor q6, q6, q14 - mov r5, r1 @ pass rounds - veor q7, q7, q15 - mov r0, sp - - bl _bsaes_decrypt8 - - vld1.64 {q8-q9}, [r0,:128]! - vld1.64 {q10-q11}, [r0,:128]! - veor q0, q0, q8 - vld1.64 {q12-q13}, [r0,:128]! - veor q1, q1, q9 - veor q8, q6, q10 - vst1.8 {q0-q1}, [r8]! - veor q9, q4, q11 - vld1.64 {q14-q15}, [r0,:128]! - veor q10, q2, q12 - vst1.8 {q8-q9}, [r8]! - veor q11, q7, q13 - veor q12, q3, q14 - vst1.8 {q10-q11}, [r8]! - veor q13, q5, q15 - vst1.8 {q12-q13}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - - subs r9, #0x80 - bpl .Lxts_dec_loop + veor q6, q6, q14 + mov r5, r1 @ pass rounds + veor q7, q7, q15 + mov r0, sp + + bl _bsaes_decrypt8 + + vld1.64 {q8,q9}, [r0,:128]! + vld1.64 {q10,q11}, [r0,:128]! + veor q0, q0, q8 + vld1.64 {q12,q13}, [r0,:128]! + veor q1, q1, q9 + veor q8, q6, q10 + vst1.8 {q0,q1}, [r8]! + veor q9, q4, q11 + vld1.64 {q14,q15}, [r0,:128]! + veor q10, q2, q12 + vst1.8 {q8,q9}, [r8]! + veor q11, q7, q13 + veor q12, q3, q14 + vst1.8 {q10,q11}, [r8]! + veor q13, q5, q15 + vst1.8 {q12,q13}, [r8]! + + vld1.64 {q8}, [r0,:128] @ next round tweak + + subs r9, #0x80 + bpl .Lxts_dec_loop .Lxts_dec_short: - adds r9, #0x70 - bmi .Lxts_dec_done + adds r9, #0x70 + bmi .Lxts_dec_done - vldmia r2, {q5} @ load XTS magic + vldmia r2, {q5} @ load XTS magic vshr.s64 q7, q8, #63 - mov r0, sp - vand q7, q7, q5 + mov r0, sp + vand q7, q7, q5 vadd.u64 q9, q8, q8 - vst1.64 {q8}, [r0,:128]! - vswp d15,d14 + vst1.64 {q8}, [r0,:128]! + vswp d15,d14 vshr.s64 q6, q9, #63 - veor q9, q9, q7 - vand q6, q6, q5 + veor q9, q9, q7 + vand q6, q6, q5 vadd.u64 q10, q9, q9 - vst1.64 {q9}, [r0,:128]! - vswp d13,d12 + vst1.64 {q9}, [r0,:128]! + vswp d13,d12 vshr.s64 q7, q10, #63 - veor q10, q10, q6 - vand q7, q7, q5 - vld1.8 {q0}, [r7]! - subs r9, #0x10 - bmi .Lxts_dec_1 + veor q10, q10, q6 + vand q7, q7, q5 + vld1.8 {q0}, [r7]! + subs r9, #0x10 + bmi .Lxts_dec_1 vadd.u64 q11, q10, q10 - vst1.64 {q10}, [r0,:128]! - vswp d15,d14 + vst1.64 {q10}, [r0,:128]! + vswp d15,d14 vshr.s64 q6, q11, #63 - veor q11, q11, q7 - vand q6, q6, q5 - vld1.8 {q1}, [r7]! - subs r9, #0x10 - bmi .Lxts_dec_2 - veor q0, q0, q8 + veor q11, q11, q7 + vand q6, q6, q5 + vld1.8 {q1}, [r7]! + subs r9, #0x10 + bmi .Lxts_dec_2 + veor q0, q0, q8 vadd.u64 q12, q11, q11 - vst1.64 {q11}, [r0,:128]! - vswp d13,d12 + vst1.64 {q11}, [r0,:128]! + vswp d13,d12 vshr.s64 q7, q12, #63 - veor q12, q12, q6 - vand q7, q7, q5 - vld1.8 {q2}, [r7]! - subs r9, #0x10 - bmi .Lxts_dec_3 - veor q1, q1, q9 + veor q12, q12, q6 + vand q7, q7, q5 + vld1.8 {q2}, [r7]! + subs r9, #0x10 + bmi .Lxts_dec_3 + veor q1, q1, q9 vadd.u64 q13, q12, q12 - vst1.64 {q12}, [r0,:128]! - vswp d15,d14 + vst1.64 {q12}, [r0,:128]! + vswp d15,d14 vshr.s64 q6, q13, #63 - veor q13, q13, q7 - vand q6, q6, q5 - vld1.8 {q3}, [r7]! - subs r9, #0x10 - bmi .Lxts_dec_4 - veor q2, q2, q10 + veor q13, q13, q7 + vand q6, q6, q5 + vld1.8 {q3}, [r7]! + subs r9, #0x10 + bmi .Lxts_dec_4 + veor q2, q2, q10 vadd.u64 q14, q13, q13 - vst1.64 {q13}, [r0,:128]! - vswp d13,d12 + vst1.64 {q13}, [r0,:128]! + vswp d13,d12 vshr.s64 q7, q14, #63 - veor q14, q14, q6 - vand q7, q7, q5 - vld1.8 {q4}, [r7]! - subs r9, #0x10 - bmi .Lxts_dec_5 - veor q3, q3, q11 + veor q14, q14, q6 + vand q7, q7, q5 + vld1.8 {q4}, [r7]! + subs r9, #0x10 + bmi .Lxts_dec_5 + veor q3, q3, q11 vadd.u64 q15, q14, q14 - vst1.64 {q14}, [r0,:128]! - vswp d15,d14 + vst1.64 {q14}, [r0,:128]! + vswp d15,d14 vshr.s64 q6, q15, #63 - veor q15, q15, q7 - vand q6, q6, q5 - vld1.8 {q5}, [r7]! - subs r9, #0x10 - bmi .Lxts_dec_6 - veor q4, q4, q12 - sub r9, #0x10 - vst1.64 {q15}, [r0,:128] @ next round tweak - - vld1.8 {q6}, [r7]! - veor q5, q5, q13 + veor q15, q15, q7 + vand q6, q6, q5 + vld1.8 {q5}, [r7]! + subs r9, #0x10 + bmi .Lxts_dec_6 + veor q4, q4, q12 + sub r9, #0x10 + vst1.64 {q15}, [r0,:128] @ next round tweak + + vld1.8 {q6}, [r7]! + veor q5, q5, q13 #ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule + add r4, sp, #0x90 @ pass key schedule #else - add r4, r10, #248 @ pass key schedule + add r4, r10, #248 @ pass key schedule #endif - veor q6, q6, q14 - mov r5, r1 @ pass rounds - mov r0, sp - - bl _bsaes_decrypt8 - - vld1.64 {q8-q9}, [r0,:128]! - vld1.64 {q10-q11}, [r0,:128]! - veor q0, q0, q8 - vld1.64 {q12-q13}, [r0,:128]! - veor q1, q1, q9 - veor q8, q6, q10 - vst1.8 {q0-q1}, [r8]! - veor q9, q4, q11 - vld1.64 {q14}, [r0,:128]! - veor q10, q2, q12 - vst1.8 {q8-q9}, [r8]! - veor q11, q7, q13 - veor q12, q3, q14 - vst1.8 {q10-q11}, [r8]! - vst1.8 {q12}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - b .Lxts_dec_done + veor q6, q6, q14 + mov r5, r1 @ pass rounds + mov r0, sp + + bl _bsaes_decrypt8 + + vld1.64 {q8,q9}, [r0,:128]! + vld1.64 {q10,q11}, [r0,:128]! + veor q0, q0, q8 + vld1.64 {q12,q13}, [r0,:128]! + veor q1, q1, q9 + veor q8, q6, q10 + vst1.8 {q0,q1}, [r8]! + veor q9, q4, q11 + vld1.64 {q14}, [r0,:128]! + veor q10, q2, q12 + vst1.8 {q8,q9}, [r8]! + veor q11, q7, q13 + veor q12, q3, q14 + vst1.8 {q10,q11}, [r8]! + vst1.8 {q12}, [r8]! + + vld1.64 {q8}, [r0,:128] @ next round tweak + b .Lxts_dec_done .align 4 .Lxts_dec_6: - vst1.64 {q14}, [r0,:128] @ next round tweak + vst1.64 {q14}, [r0,:128] @ next round tweak - veor q4, q4, q12 + veor q4, q4, q12 #ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule + add r4, sp, #0x90 @ pass key schedule #else - add r4, r10, #248 @ pass key schedule + add r4, r10, #248 @ pass key schedule #endif - veor q5, q5, q13 - mov r5, r1 @ pass rounds - mov r0, sp - - bl _bsaes_decrypt8 - - vld1.64 {q8-q9}, [r0,:128]! - vld1.64 {q10-q11}, [r0,:128]! - veor q0, q0, q8 - vld1.64 {q12-q13}, [r0,:128]! - veor q1, q1, q9 - veor q8, q6, q10 - vst1.8 {q0-q1}, [r8]! - veor q9, q4, q11 - veor q10, q2, q12 - vst1.8 {q8-q9}, [r8]! - veor q11, q7, q13 - vst1.8 {q10-q11}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - b .Lxts_dec_done + veor q5, q5, q13 + mov r5, r1 @ pass rounds + mov r0, sp + + bl _bsaes_decrypt8 + + vld1.64 {q8,q9}, [r0,:128]! + vld1.64 {q10,q11}, [r0,:128]! + veor q0, q0, q8 + vld1.64 {q12,q13}, [r0,:128]! + veor q1, q1, q9 + veor q8, q6, q10 + vst1.8 {q0,q1}, [r8]! + veor q9, q4, q11 + veor q10, q2, q12 + vst1.8 {q8,q9}, [r8]! + veor q11, q7, q13 + vst1.8 {q10,q11}, [r8]! + + vld1.64 {q8}, [r0,:128] @ next round tweak + b .Lxts_dec_done .align 4 .Lxts_dec_5: - vst1.64 {q13}, [r0,:128] @ next round tweak + vst1.64 {q13}, [r0,:128] @ next round tweak - veor q3, q3, q11 + veor q3, q3, q11 #ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule + add r4, sp, #0x90 @ pass key schedule #else - add r4, r10, #248 @ pass key schedule + add r4, r10, #248 @ pass key schedule #endif - veor q4, q4, q12 - mov r5, r1 @ pass rounds - mov r0, sp - - bl _bsaes_decrypt8 - - vld1.64 {q8-q9}, [r0,:128]! - vld1.64 {q10-q11}, [r0,:128]! - veor q0, q0, q8 - vld1.64 {q12}, [r0,:128]! - veor q1, q1, q9 - veor q8, q6, q10 - vst1.8 {q0-q1}, [r8]! - veor q9, q4, q11 - veor q10, q2, q12 - vst1.8 {q8-q9}, [r8]! - vst1.8 {q10}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - b .Lxts_dec_done + veor q4, q4, q12 + mov r5, r1 @ pass rounds + mov r0, sp + + bl _bsaes_decrypt8 + + vld1.64 {q8,q9}, [r0,:128]! + vld1.64 {q10,q11}, [r0,:128]! + veor q0, q0, q8 + vld1.64 {q12}, [r0,:128]! + veor q1, q1, q9 + veor q8, q6, q10 + vst1.8 {q0,q1}, [r8]! + veor q9, q4, q11 + veor q10, q2, q12 + vst1.8 {q8,q9}, [r8]! + vst1.8 {q10}, [r8]! + + vld1.64 {q8}, [r0,:128] @ next round tweak + b .Lxts_dec_done .align 4 .Lxts_dec_4: - vst1.64 {q12}, [r0,:128] @ next round tweak + vst1.64 {q12}, [r0,:128] @ next round tweak - veor q2, q2, q10 + veor q2, q2, q10 #ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule + add r4, sp, #0x90 @ pass key schedule #else - add r4, r10, #248 @ pass key schedule + add r4, r10, #248 @ pass key schedule #endif - veor q3, q3, q11 - mov r5, r1 @ pass rounds - mov r0, sp - - bl _bsaes_decrypt8 - - vld1.64 {q8-q9}, [r0,:128]! - vld1.64 {q10-q11}, [r0,:128]! - veor q0, q0, q8 - veor q1, q1, q9 - veor q8, q6, q10 - vst1.8 {q0-q1}, [r8]! - veor q9, q4, q11 - vst1.8 {q8-q9}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - b .Lxts_dec_done + veor q3, q3, q11 + mov r5, r1 @ pass rounds + mov r0, sp + + bl _bsaes_decrypt8 + + vld1.64 {q8,q9}, [r0,:128]! + vld1.64 {q10,q11}, [r0,:128]! + veor q0, q0, q8 + veor q1, q1, q9 + veor q8, q6, q10 + vst1.8 {q0,q1}, [r8]! + veor q9, q4, q11 + vst1.8 {q8,q9}, [r8]! + + vld1.64 {q8}, [r0,:128] @ next round tweak + b .Lxts_dec_done .align 4 .Lxts_dec_3: - vst1.64 {q11}, [r0,:128] @ next round tweak + vst1.64 {q11}, [r0,:128] @ next round tweak - veor q1, q1, q9 + veor q1, q1, q9 #ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule + add r4, sp, #0x90 @ pass key schedule #else - add r4, r10, #248 @ pass key schedule + add r4, r10, #248 @ pass key schedule #endif - veor q2, q2, q10 - mov r5, r1 @ pass rounds - mov r0, sp - - bl _bsaes_decrypt8 - - vld1.64 {q8-q9}, [r0,:128]! - vld1.64 {q10}, [r0,:128]! - veor q0, q0, q8 - veor q1, q1, q9 - veor q8, q6, q10 - vst1.8 {q0-q1}, [r8]! - vst1.8 {q8}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - b .Lxts_dec_done + veor q2, q2, q10 + mov r5, r1 @ pass rounds + mov r0, sp + + bl _bsaes_decrypt8 + + vld1.64 {q8,q9}, [r0,:128]! + vld1.64 {q10}, [r0,:128]! + veor q0, q0, q8 + veor q1, q1, q9 + veor q8, q6, q10 + vst1.8 {q0,q1}, [r8]! + vst1.8 {q8}, [r8]! + + vld1.64 {q8}, [r0,:128] @ next round tweak + b .Lxts_dec_done .align 4 .Lxts_dec_2: - vst1.64 {q10}, [r0,:128] @ next round tweak + vst1.64 {q10}, [r0,:128] @ next round tweak - veor q0, q0, q8 + veor q0, q0, q8 #ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule + add r4, sp, #0x90 @ pass key schedule #else - add r4, r10, #248 @ pass key schedule + add r4, r10, #248 @ pass key schedule #endif - veor q1, q1, q9 - mov r5, r1 @ pass rounds - mov r0, sp + veor q1, q1, q9 + mov r5, r1 @ pass rounds + mov r0, sp - bl _bsaes_decrypt8 + bl _bsaes_decrypt8 - vld1.64 {q8-q9}, [r0,:128]! - veor q0, q0, q8 - veor q1, q1, q9 - vst1.8 {q0-q1}, [r8]! + vld1.64 {q8,q9}, [r0,:128]! + veor q0, q0, q8 + veor q1, q1, q9 + vst1.8 {q0,q1}, [r8]! - vld1.64 {q8}, [r0,:128] @ next round tweak - b .Lxts_dec_done + vld1.64 {q8}, [r0,:128] @ next round tweak + b .Lxts_dec_done .align 4 .Lxts_dec_1: - mov r0, sp - veor q0, q8 - mov r1, sp - vst1.8 {q0}, [sp,:128] - mov r2, r10 - mov r4, r3 @ preserve fp - mov r5, r2 @ preserve magic + mov r0, sp + veor q0, q8 + mov r1, sp + vst1.8 {q0}, [sp,:128] + mov r2, r10 + mov r4, r3 @ preserve fp + mov r5, r2 @ preserve magic - bl AES_decrypt + bl AES_decrypt - vld1.8 {q0}, [sp,:128] - veor q0, q0, q8 - vst1.8 {q0}, [r8]! - mov r3, r4 - mov r2, r5 + vld1.8 {q0}, [sp,:128] + veor q0, q0, q8 + vst1.8 {q0}, [r8]! + mov r3, r4 + mov r2, r5 - vmov q8, q9 @ next round tweak + vmov q8, q9 @ next round tweak .Lxts_dec_done: #ifndef XTS_CHAIN_TWEAK - adds r9, #0x10 - beq .Lxts_dec_ret + adds r9, #0x10 + beq .Lxts_dec_ret @ calculate one round of extra tweak for the stolen ciphertext - vldmia r2, {q5} + vldmia r2, {q5} vshr.s64 q6, q8, #63 - vand q6, q6, q5 + vand q6, q6, q5 vadd.u64 q9, q8, q8 - vswp d13,d12 - veor q9, q9, q6 + vswp d13,d12 + veor q9, q9, q6 @ perform the final decryption with the last tweak value - vld1.8 {q0}, [r7]! - mov r0, sp - veor q0, q0, q9 - mov r1, sp - vst1.8 {q0}, [sp,:128] - mov r2, r10 - mov r4, r3 @ preserve fp + vld1.8 {q0}, [r7]! + mov r0, sp + veor q0, q0, q9 + mov r1, sp + vst1.8 {q0}, [sp,:128] + mov r2, r10 + mov r4, r3 @ preserve fp - bl AES_decrypt + bl AES_decrypt - vld1.8 {q0}, [sp,:128] - veor q0, q0, q9 - vst1.8 {q0}, [r8] + vld1.8 {q0}, [sp,:128] + veor q0, q0, q9 + vst1.8 {q0}, [r8] - mov r6, r8 + mov r6, r8 .Lxts_dec_steal: - ldrb r1, [r8] - ldrb r0, [r7], #1 - strb r1, [r8, #0x10] - strb r0, [r8], #1 - - subs r9, #1 - bhi .Lxts_dec_steal - - vld1.8 {q0}, [r6] - mov r0, sp - veor q0, q8 - mov r1, sp - vst1.8 {q0}, [sp,:128] - mov r2, r10 - - bl AES_decrypt - - vld1.8 {q0}, [sp,:128] - veor q0, q0, q8 - vst1.8 {q0}, [r6] - mov r3, r4 + ldrb r1, [r8] + ldrb r0, [r7], #1 + strb r1, [r8, #0x10] + strb r0, [r8], #1 + + subs r9, #1 + bhi .Lxts_dec_steal + + vld1.8 {q0}, [r6] + mov r0, sp + veor q0, q8 + mov r1, sp + vst1.8 {q0}, [sp,:128] + mov r2, r10 + + bl AES_decrypt + + vld1.8 {q0}, [sp,:128] + veor q0, q0, q8 + vst1.8 {q0}, [r6] + mov r3, r4 #endif .Lxts_dec_ret: - bic r0, r3, #0xf + bic r0, r3, #0xf vmov.i32 q0, #0 vmov.i32 q1, #0 #ifdef XTS_CHAIN_TWEAK - ldr r1, [r3, #0x20+VFP_ABI_FRAME] @ chain tweak + ldr r1, [r3, #0x20+VFP_ABI_FRAME] @ chain tweak #endif -.Lxts_dec_bzero: @ wipe key schedule [if any] - vstmia sp!, {q0-q1} - cmp sp, r0 - bne .Lxts_dec_bzero +.Lxts_dec_bzero:@ wipe key schedule [if any] + vstmia sp!, {q0,q1} + cmp sp, r0 + bne .Lxts_dec_bzero - mov sp, r3 + mov sp, r3 #ifdef XTS_CHAIN_TWEAK - vst1.8 {q8}, [r1] + vst1.8 {q8}, [r1] #endif VFP_ABI_POP - ldmia sp!, {r4-r10, pc} @ return + ldmia sp!, {r4,r5,r6,r7,r8,r9,r10, pc} @ return .size bsaes_xts_decrypt,.-bsaes_xts_decrypt #endif diff --git a/linux-arm/crypto/bn/armv4-mont.S b/linux-arm/crypto/bn/armv4-mont.S index fa30dab..81dcbeb 100644 --- a/linux-arm/crypto/bn/armv4-mont.S +++ b/linux-arm/crypto/bn/armv4-mont.S @@ -3,26 +3,30 @@ .text .code 32 -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 .align 5 .LOPENSSL_armcap: -.word OPENSSL_armcap_P-bn_mul_mont +.word OPENSSL_armcap_P-.Lbn_mul_mont #endif -.global bn_mul_mont +.globl bn_mul_mont .hidden bn_mul_mont .type bn_mul_mont,%function .align 5 bn_mul_mont: +.Lbn_mul_mont: ldr ip,[sp,#4] @ load num stmdb sp!,{r0,r2} @ sp points at argument block -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 tst ip,#7 bne .Lialu adr r0,bn_mul_mont ldr r2,.LOPENSSL_armcap ldr r0,[r0,r2] +#ifdef __APPLE__ + ldr r0,[r0] +#endif tst r0,#1 @ NEON available? ldmia sp, {r0,r2} beq .Lialu @@ -37,7 +41,7 @@ bn_mul_mont: addlt sp,sp,#2*4 blt .Labrt - stmdb sp!,{r4-r12,lr} @ save 10 registers + stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} @ save 10 registers mov r0,r0,lsl#2 @ rescale r0 for byte count sub sp,sp,r0 @ alloca(4*num) @@ -81,7 +85,7 @@ bn_mul_mont: adc r14,r14,#0 str r12,[r0] @ tp[num-1]= str r14,[r0,#4] @ tp[num]= - + .Louter: sub r7,r0,sp @ "original" r0-1 value sub r1,r1,r7 @ "rewind" ap to &ap[1] @@ -129,7 +133,7 @@ bn_mul_mont: cmp r4,r7 bne .Louter - + ldr r2,[r0,#12*4] @ pull rp add r0,r0,#4 @ r0 to point at &tp[num] sub r5,r0,sp @ "original" num value @@ -159,34 +163,40 @@ bn_mul_mont: bne .Lcopy add sp,r0,#4 @ skip over tp[num+1] - ldmia sp!,{r4-r12,lr} @ restore registers + ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} @ restore registers add sp,sp,#2*4 @ skip over {r0,r2} mov r0,#1 -.Labrt: tst lr,#1 +.Labrt: +#if __ARM_ARCH__>=5 + bx lr @ .word 0xe12fff1e +#else + tst lr,#1 moveq pc,lr @ be binary compatible with V4, yet - .word 0xe12fff1e @ interoperable with Thumb ISA:-) +.word 0xe12fff1e @ interoperable with Thumb ISA:-) +#endif .size bn_mul_mont,.-bn_mul_mont -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 +.arch armv7-a .fpu neon .type bn_mul8x_mont_neon,%function .align 5 bn_mul8x_mont_neon: mov ip,sp - stmdb sp!,{r4-r11} - vstmdb sp!,{d8-d15} @ ABI specification says so - ldmia ip,{r4-r5} @ load rest of parameter block - - sub r7,sp,#16 - vld1.32 {d28[0]}, [r2,:32]! - sub r7,r7,r5,lsl#4 - vld1.32 {d0-d3}, [r1]! @ can't specify :32 :-( - and r7,r7,#-64 - vld1.32 {d30[0]}, [r4,:32] - mov sp,r7 @ alloca - veor d8,d8,d8 - subs r8,r5,#8 - vzip.16 d28,d8 + stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,r11} + vstmdb sp!,{d8,d9,d10,d11,d12,d13,d14,d15} @ ABI specification says so + ldmia ip,{r4,r5} @ load rest of parameter block + + sub r7,sp,#16 + vld1.32 {d28[0]}, [r2,:32]! + sub r7,r7,r5,lsl#4 + vld1.32 {d0,d1,d2,d3}, [r1]! @ can't specify :32 :-( + and r7,r7,#-64 + vld1.32 {d30[0]}, [r4,:32] + mov sp,r7 @ alloca + veor d8,d8,d8 + subs r8,r5,#8 + vzip.16 d28,d8 vmull.u32 q6,d28,d0[0] vmull.u32 q7,d28,d0[1] @@ -195,14 +205,14 @@ bn_mul8x_mont_neon: vmull.u32 q9,d28,d1[1] vadd.u64 d10,d10,d12 - veor d8,d8,d8 + veor d8,d8,d8 vmul.u32 d29,d10,d30 vmull.u32 q10,d28,d2[0] - vld1.32 {d4-d7}, [r3]! + vld1.32 {d4,d5,d6,d7}, [r3]! vmull.u32 q11,d28,d2[1] vmull.u32 q12,d28,d3[0] - vzip.16 d29,d8 + vzip.16 d29,d8 vmull.u32 q13,d28,d3[1] bne .LNEON_1st @@ -210,35 +220,35 @@ bn_mul8x_mont_neon: @ special case for num=8, everything is in register bank... vmlal.u32 q6,d29,d4[0] - sub r9,r5,#1 + sub r9,r5,#1 vmlal.u32 q7,d29,d4[1] vmlal.u32 q8,d29,d5[0] vmlal.u32 q9,d29,d5[1] vmlal.u32 q10,d29,d6[0] - vmov q5,q6 + vmov q5,q6 vmlal.u32 q11,d29,d6[1] - vmov q6,q7 + vmov q6,q7 vmlal.u32 q12,d29,d7[0] - vmov q7,q8 + vmov q7,q8 vmlal.u32 q13,d29,d7[1] - vmov q8,q9 - vmov q9,q10 + vmov q8,q9 + vmov q9,q10 vshr.u64 d10,d10,#16 - vmov q10,q11 - vmov q11,q12 + vmov q10,q11 + vmov q11,q12 vadd.u64 d10,d10,d11 - vmov q12,q13 - veor q13,q13 + vmov q12,q13 + veor q13,q13 vshr.u64 d10,d10,#16 b .LNEON_outer8 .align 4 .LNEON_outer8: - vld1.32 {d28[0]}, [r2,:32]! - veor d8,d8,d8 - vzip.16 d28,d8 + vld1.32 {d28[0]}, [r2,:32]! + veor d8,d8,d8 + vzip.16 d28,d8 vadd.u64 d12,d12,d10 vmlal.u32 q6,d28,d0[0] @@ -248,14 +258,14 @@ bn_mul8x_mont_neon: vmlal.u32 q9,d28,d1[1] vadd.u64 d10,d10,d12 - veor d8,d8,d8 - subs r9,r9,#1 + veor d8,d8,d8 + subs r9,r9,#1 vmul.u32 d29,d10,d30 vmlal.u32 q10,d28,d2[0] vmlal.u32 q11,d28,d2[1] vmlal.u32 q12,d28,d3[0] - vzip.16 d29,d8 + vzip.16 d29,d8 vmlal.u32 q13,d28,d3[1] vmlal.u32 q6,d29,d4[0] @@ -264,59 +274,59 @@ bn_mul8x_mont_neon: vmlal.u32 q9,d29,d5[1] vmlal.u32 q10,d29,d6[0] - vmov q5,q6 + vmov q5,q6 vmlal.u32 q11,d29,d6[1] - vmov q6,q7 + vmov q6,q7 vmlal.u32 q12,d29,d7[0] - vmov q7,q8 + vmov q7,q8 vmlal.u32 q13,d29,d7[1] - vmov q8,q9 - vmov q9,q10 + vmov q8,q9 + vmov q9,q10 vshr.u64 d10,d10,#16 - vmov q10,q11 - vmov q11,q12 + vmov q10,q11 + vmov q11,q12 vadd.u64 d10,d10,d11 - vmov q12,q13 - veor q13,q13 + vmov q12,q13 + veor q13,q13 vshr.u64 d10,d10,#16 bne .LNEON_outer8 vadd.u64 d12,d12,d10 - mov r7,sp + mov r7,sp vshr.u64 d10,d12,#16 - mov r8,r5 + mov r8,r5 vadd.u64 d13,d13,d10 - add r6,sp,#16 + add r6,sp,#16 vshr.u64 d10,d13,#16 - vzip.16 d12,d13 + vzip.16 d12,d13 b .LNEON_tail2 .align 4 .LNEON_1st: vmlal.u32 q6,d29,d4[0] - vld1.32 {d0-d3}, [r1]! + vld1.32 {d0,d1,d2,d3}, [r1]! vmlal.u32 q7,d29,d4[1] - subs r8,r8,#8 + subs r8,r8,#8 vmlal.u32 q8,d29,d5[0] vmlal.u32 q9,d29,d5[1] vmlal.u32 q10,d29,d6[0] - vld1.32 {d4-d5}, [r3]! + vld1.32 {d4,d5}, [r3]! vmlal.u32 q11,d29,d6[1] - vst1.64 {q6-q7}, [r7,:256]! + vst1.64 {q6,q7}, [r7,:256]! vmlal.u32 q12,d29,d7[0] vmlal.u32 q13,d29,d7[1] - vst1.64 {q8-q9}, [r7,:256]! + vst1.64 {q8,q9}, [r7,:256]! vmull.u32 q6,d28,d0[0] - vld1.32 {d6-d7}, [r3]! + vld1.32 {d6,d7}, [r3]! vmull.u32 q7,d28,d0[1] - vst1.64 {q10-q11}, [r7,:256]! + vst1.64 {q10,q11}, [r7,:256]! vmull.u32 q8,d28,d1[0] vmull.u32 q9,d28,d1[1] - vst1.64 {q12-q13}, [r7,:256]! + vst1.64 {q12,q13}, [r7,:256]! vmull.u32 q10,d28,d2[0] vmull.u32 q11,d28,d2[1] @@ -326,93 +336,93 @@ bn_mul8x_mont_neon: bne .LNEON_1st vmlal.u32 q6,d29,d4[0] - add r6,sp,#16 + add r6,sp,#16 vmlal.u32 q7,d29,d4[1] - sub r1,r1,r5,lsl#2 @ rewind r1 + sub r1,r1,r5,lsl#2 @ rewind r1 vmlal.u32 q8,d29,d5[0] - vld1.64 {q5}, [sp,:128] + vld1.64 {q5}, [sp,:128] vmlal.u32 q9,d29,d5[1] - sub r9,r5,#1 + sub r9,r5,#1 vmlal.u32 q10,d29,d6[0] - vst1.64 {q6-q7}, [r7,:256]! + vst1.64 {q6,q7}, [r7,:256]! vmlal.u32 q11,d29,d6[1] vshr.u64 d10,d10,#16 - vld1.64 {q6}, [r6, :128]! + vld1.64 {q6}, [r6, :128]! vmlal.u32 q12,d29,d7[0] - vst1.64 {q8-q9}, [r7,:256]! + vst1.64 {q8,q9}, [r7,:256]! vmlal.u32 q13,d29,d7[1] - vst1.64 {q10-q11}, [r7,:256]! + vst1.64 {q10,q11}, [r7,:256]! vadd.u64 d10,d10,d11 - veor q4,q4,q4 - vst1.64 {q12-q13}, [r7,:256]! - vld1.64 {q7-q8}, [r6, :256]! - vst1.64 {q4}, [r7,:128] + veor q4,q4,q4 + vst1.64 {q12,q13}, [r7,:256]! + vld1.64 {q7,q8}, [r6, :256]! + vst1.64 {q4}, [r7,:128] vshr.u64 d10,d10,#16 - b .LNEON_outer + b .LNEON_outer .align 4 .LNEON_outer: - vld1.32 {d28[0]}, [r2,:32]! - sub r3,r3,r5,lsl#2 @ rewind r3 - vld1.32 {d0-d3}, [r1]! - veor d8,d8,d8 - mov r7,sp - vzip.16 d28,d8 - sub r8,r5,#8 + vld1.32 {d28[0]}, [r2,:32]! + sub r3,r3,r5,lsl#2 @ rewind r3 + vld1.32 {d0,d1,d2,d3}, [r1]! + veor d8,d8,d8 + mov r7,sp + vzip.16 d28,d8 + sub r8,r5,#8 vadd.u64 d12,d12,d10 vmlal.u32 q6,d28,d0[0] - vld1.64 {q9-q10},[r6,:256]! + vld1.64 {q9,q10},[r6,:256]! vmlal.u32 q7,d28,d0[1] vmlal.u32 q8,d28,d1[0] - vld1.64 {q11-q12},[r6,:256]! + vld1.64 {q11,q12},[r6,:256]! vmlal.u32 q9,d28,d1[1] vshl.i64 d10,d13,#16 - veor d8,d8,d8 + veor d8,d8,d8 vadd.u64 d10,d10,d12 - vld1.64 {q13},[r6,:128]! + vld1.64 {q13},[r6,:128]! vmul.u32 d29,d10,d30 vmlal.u32 q10,d28,d2[0] - vld1.32 {d4-d7}, [r3]! + vld1.32 {d4,d5,d6,d7}, [r3]! vmlal.u32 q11,d28,d2[1] vmlal.u32 q12,d28,d3[0] - vzip.16 d29,d8 + vzip.16 d29,d8 vmlal.u32 q13,d28,d3[1] .LNEON_inner: vmlal.u32 q6,d29,d4[0] - vld1.32 {d0-d3}, [r1]! + vld1.32 {d0,d1,d2,d3}, [r1]! vmlal.u32 q7,d29,d4[1] - subs r8,r8,#8 + subs r8,r8,#8 vmlal.u32 q8,d29,d5[0] vmlal.u32 q9,d29,d5[1] - vst1.64 {q6-q7}, [r7,:256]! + vst1.64 {q6,q7}, [r7,:256]! vmlal.u32 q10,d29,d6[0] - vld1.64 {q6}, [r6, :128]! + vld1.64 {q6}, [r6, :128]! vmlal.u32 q11,d29,d6[1] - vst1.64 {q8-q9}, [r7,:256]! + vst1.64 {q8,q9}, [r7,:256]! vmlal.u32 q12,d29,d7[0] - vld1.64 {q7-q8}, [r6, :256]! + vld1.64 {q7,q8}, [r6, :256]! vmlal.u32 q13,d29,d7[1] - vst1.64 {q10-q11}, [r7,:256]! + vst1.64 {q10,q11}, [r7,:256]! vmlal.u32 q6,d28,d0[0] - vld1.64 {q9-q10}, [r6, :256]! + vld1.64 {q9,q10}, [r6, :256]! vmlal.u32 q7,d28,d0[1] - vst1.64 {q12-q13}, [r7,:256]! + vst1.64 {q12,q13}, [r7,:256]! vmlal.u32 q8,d28,d1[0] - vld1.64 {q11-q12}, [r6, :256]! + vld1.64 {q11,q12}, [r6, :256]! vmlal.u32 q9,d28,d1[1] - vld1.32 {d4-d7}, [r3]! + vld1.32 {d4,d5,d6,d7}, [r3]! vmlal.u32 q10,d28,d2[0] - vld1.64 {q13}, [r6, :128]! + vld1.64 {q13}, [r6, :128]! vmlal.u32 q11,d28,d2[1] vmlal.u32 q12,d28,d3[0] vmlal.u32 q13,d28,d3[1] @@ -420,97 +430,97 @@ bn_mul8x_mont_neon: bne .LNEON_inner vmlal.u32 q6,d29,d4[0] - add r6,sp,#16 + add r6,sp,#16 vmlal.u32 q7,d29,d4[1] - sub r1,r1,r5,lsl#2 @ rewind r1 + sub r1,r1,r5,lsl#2 @ rewind r1 vmlal.u32 q8,d29,d5[0] - vld1.64 {q5}, [sp,:128] + vld1.64 {q5}, [sp,:128] vmlal.u32 q9,d29,d5[1] - subs r9,r9,#1 + subs r9,r9,#1 vmlal.u32 q10,d29,d6[0] - vst1.64 {q6-q7}, [r7,:256]! + vst1.64 {q6,q7}, [r7,:256]! vmlal.u32 q11,d29,d6[1] - vld1.64 {q6}, [r6, :128]! + vld1.64 {q6}, [r6, :128]! vshr.u64 d10,d10,#16 - vst1.64 {q8-q9}, [r7,:256]! + vst1.64 {q8,q9}, [r7,:256]! vmlal.u32 q12,d29,d7[0] - vld1.64 {q7-q8}, [r6, :256]! + vld1.64 {q7,q8}, [r6, :256]! vmlal.u32 q13,d29,d7[1] - vst1.64 {q10-q11}, [r7,:256]! + vst1.64 {q10,q11}, [r7,:256]! vadd.u64 d10,d10,d11 - vst1.64 {q12-q13}, [r7,:256]! + vst1.64 {q12,q13}, [r7,:256]! vshr.u64 d10,d10,#16 bne .LNEON_outer - mov r7,sp - mov r8,r5 + mov r7,sp + mov r8,r5 .LNEON_tail: vadd.u64 d12,d12,d10 - vld1.64 {q9-q10}, [r6, :256]! + vld1.64 {q9,q10}, [r6, :256]! vshr.u64 d10,d12,#16 vadd.u64 d13,d13,d10 - vld1.64 {q11-q12}, [r6, :256]! + vld1.64 {q11,q12}, [r6, :256]! vshr.u64 d10,d13,#16 - vld1.64 {q13}, [r6, :128]! - vzip.16 d12,d13 + vld1.64 {q13}, [r6, :128]! + vzip.16 d12,d13 .LNEON_tail2: vadd.u64 d14,d14,d10 - vst1.32 {d12[0]}, [r7, :32]! + vst1.32 {d12[0]}, [r7, :32]! vshr.u64 d10,d14,#16 vadd.u64 d15,d15,d10 vshr.u64 d10,d15,#16 - vzip.16 d14,d15 + vzip.16 d14,d15 vadd.u64 d16,d16,d10 - vst1.32 {d14[0]}, [r7, :32]! + vst1.32 {d14[0]}, [r7, :32]! vshr.u64 d10,d16,#16 vadd.u64 d17,d17,d10 vshr.u64 d10,d17,#16 - vzip.16 d16,d17 + vzip.16 d16,d17 vadd.u64 d18,d18,d10 - vst1.32 {d16[0]}, [r7, :32]! + vst1.32 {d16[0]}, [r7, :32]! vshr.u64 d10,d18,#16 vadd.u64 d19,d19,d10 vshr.u64 d10,d19,#16 - vzip.16 d18,d19 + vzip.16 d18,d19 vadd.u64 d20,d20,d10 - vst1.32 {d18[0]}, [r7, :32]! + vst1.32 {d18[0]}, [r7, :32]! vshr.u64 d10,d20,#16 vadd.u64 d21,d21,d10 vshr.u64 d10,d21,#16 - vzip.16 d20,d21 + vzip.16 d20,d21 vadd.u64 d22,d22,d10 - vst1.32 {d20[0]}, [r7, :32]! + vst1.32 {d20[0]}, [r7, :32]! vshr.u64 d10,d22,#16 vadd.u64 d23,d23,d10 vshr.u64 d10,d23,#16 - vzip.16 d22,d23 + vzip.16 d22,d23 vadd.u64 d24,d24,d10 - vst1.32 {d22[0]}, [r7, :32]! + vst1.32 {d22[0]}, [r7, :32]! vshr.u64 d10,d24,#16 vadd.u64 d25,d25,d10 - vld1.64 {q6}, [r6, :128]! + vld1.64 {q6}, [r6, :128]! vshr.u64 d10,d25,#16 - vzip.16 d24,d25 + vzip.16 d24,d25 vadd.u64 d26,d26,d10 - vst1.32 {d24[0]}, [r7, :32]! + vst1.32 {d24[0]}, [r7, :32]! vshr.u64 d10,d26,#16 vadd.u64 d27,d27,d10 - vld1.64 {q7-q8}, [r6, :256]! + vld1.64 {q7,q8}, [r6, :256]! vshr.u64 d10,d27,#16 - vzip.16 d26,d27 - subs r8,r8,#8 - vst1.32 {d26[0]}, [r7, :32]! + vzip.16 d26,d27 + subs r8,r8,#8 + vst1.32 {d26[0]}, [r7, :32]! bne .LNEON_tail @@ -520,14 +530,14 @@ bn_mul8x_mont_neon: add r2,sp,r5,lsl#2 .LNEON_sub: - ldmia r1!, {r4-r7} - ldmia r3!, {r8-r11} + ldmia r1!, {r4,r5,r6,r7} + ldmia r3!, {r8,r9,r10,r11} sbcs r8, r4,r8 sbcs r9, r5,r9 sbcs r10,r6,r10 sbcs r11,r7,r11 teq r1,r2 @ preserves carry - stmia r0!, {r8-r11} + stmia r0!, {r8,r9,r10,r11} bne .LNEON_sub ldr r10, [r1] @ load top-most bit @@ -540,36 +550,38 @@ bn_mul8x_mont_neon: sbcs r10,r10,#0 @ result is carry flag .LNEON_copy_n_zap: - ldmia r1!, {r4-r7} - ldmia r0, {r8-r11} + ldmia r1!, {r4,r5,r6,r7} + ldmia r0, {r8,r9,r10,r11} movcc r8, r4 - vst1.64 {q0-q1}, [r3,:256]! @ wipe + vst1.64 {q0,q1}, [r3,:256]! @ wipe movcc r9, r5 movcc r10,r6 - vst1.64 {q0-q1}, [r3,:256]! @ wipe + vst1.64 {q0,q1}, [r3,:256]! @ wipe movcc r11,r7 - ldmia r1, {r4-r7} - stmia r0!, {r8-r11} + ldmia r1, {r4,r5,r6,r7} + stmia r0!, {r8,r9,r10,r11} sub r1,r1,#16 - ldmia r0, {r8-r11} + ldmia r0, {r8,r9,r10,r11} movcc r8, r4 - vst1.64 {q0-q1}, [r1,:256]! @ wipe + vst1.64 {q0,q1}, [r1,:256]! @ wipe movcc r9, r5 movcc r10,r6 - vst1.64 {q0-q1}, [r3,:256]! @ wipe + vst1.64 {q0,q1}, [r3,:256]! @ wipe movcc r11,r7 teq r1,r2 @ preserves carry - stmia r0!, {r8-r11} + stmia r0!, {r8,r9,r10,r11} bne .LNEON_copy_n_zap sub sp,ip,#96 - vldmia sp!,{d8-d15} - ldmia sp!,{r4-r11} - .word 0xe12fff1e + vldmia sp!,{d8,d9,d10,d11,d12,d13,d14,d15} + ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11} + bx lr @ .word 0xe12fff1e .size bn_mul8x_mont_neon,.-bn_mul8x_mont_neon #endif -.asciz "Montgomery multiplication for ARMv4/NEON, CRYPTOGAMS by " +.byte 77,111,110,116,103,111,109,101,114,121,32,109,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,65,82,77,118,52,47,78,69,79,78,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 +.align 2 .align 2 -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 .comm OPENSSL_armcap_P,4,4 +.hidden OPENSSL_armcap_P #endif diff --git a/linux-arm/crypto/modes/ghash-armv4.S b/linux-arm/crypto/modes/ghash-armv4.S index 8c81975..b6c7e9b 100644 --- a/linux-arm/crypto/modes/ghash-armv4.S +++ b/linux-arm/crypto/modes/ghash-armv4.S @@ -1,11 +1,16 @@ #if defined(__arm__) #include "arm_arch.h" -.syntax unified +.syntax unified .text .code 32 +#ifdef __APPLE__ +#define ldrplb ldrbpl +#define ldrneb ldrbne +#endif + .type rem_4bit,%object .align 5 rem_4bit: @@ -23,17 +28,17 @@ rem_4bit_get: nop .size rem_4bit_get,.-rem_4bit_get -.global gcm_ghash_4bit +.globl gcm_ghash_4bit .hidden gcm_ghash_4bit .type gcm_ghash_4bit,%function gcm_ghash_4bit: sub r12,pc,#8 add r3,r2,r3 @ r3 to point at the end - stmdb sp!,{r3-r11,lr} @ save r3/end too + stmdb sp!,{r3,r4,r5,r6,r7,r8,r9,r10,r11,lr} @ save r3/end too sub r12,r12,#48 @ &rem_4bit - ldmia r12,{r4-r11} @ copy rem_4bit ... - stmdb sp!,{r4-r11} @ ... to stack + ldmia r12,{r4,r5,r6,r7,r8,r9,r10,r11} @ copy rem_4bit ... + stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,r11} @ ... to stack ldrb r12,[r2,#15] ldrb r14,[r0,#15] @@ -44,12 +49,12 @@ gcm_ghash_4bit: mov r3,#14 add r7,r1,r12,lsl#4 - ldmia r7,{r4-r7} @ load Htbl[nlo] + ldmia r7,{r4,r5,r6,r7} @ load Htbl[nlo] add r11,r1,r14 ldrb r12,[r2,#14] and r14,r4,#0xf @ rem - ldmia r11,{r8-r11} @ load Htbl[nhi] + ldmia r11,{r8,r9,r10,r11} @ load Htbl[nhi] add r14,r14,r14 eor r4,r8,r4,lsr#4 ldrh r8,[sp,r14] @ rem_4bit[rem] @@ -70,7 +75,7 @@ gcm_ghash_4bit: and r12,r4,#0xf @ rem subs r3,r3,#1 add r12,r12,r12 - ldmia r11,{r8-r11} @ load Htbl[nlo] + ldmia r11,{r8,r9,r10,r11} @ load Htbl[nlo] eor r4,r8,r4,lsr#4 eor r4,r4,r5,lsl#28 eor r5,r9,r5,lsr#4 @@ -85,7 +90,7 @@ gcm_ghash_4bit: and r14,r4,#0xf @ rem eor r7,r7,r8,lsl#16 @ ^= rem_4bit[rem] add r14,r14,r14 - ldmia r11,{r8-r11} @ load Htbl[nhi] + ldmia r11,{r8,r9,r10,r11} @ load Htbl[nhi] eor r4,r8,r4,lsr#4 ldrbpl r8,[r0,r3] eor r4,r4,r5,lsl#28 @@ -148,7 +153,7 @@ gcm_ghash_4bit: strb r10,[r0,#4+1] strb r11,[r0,#4] #endif - + #if __ARM_ARCH__>=7 && defined(__ARMEL__) rev r7,r7 str r7,[r0,#0] @@ -163,25 +168,25 @@ gcm_ghash_4bit: strb r10,[r0,#0+1] strb r11,[r0,#0] #endif - + bne .Louter add sp,sp,#36 #if __ARM_ARCH__>=5 - ldmia sp!,{r4-r11,pc} + ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,pc} #else - ldmia sp!,{r4-r11,lr} + ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,lr} tst lr,#1 moveq pc,lr @ be binary compatible with V4, yet - .word 0xe12fff1e @ interoperable with Thumb ISA:-) +.word 0xe12fff1e @ interoperable with Thumb ISA:-) #endif .size gcm_ghash_4bit,.-gcm_ghash_4bit -.global gcm_gmult_4bit +.globl gcm_gmult_4bit .hidden gcm_gmult_4bit .type gcm_gmult_4bit,%function gcm_gmult_4bit: - stmdb sp!,{r4-r11,lr} + stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,r11,lr} ldrb r12,[r0,#15] b rem_4bit_get .Lrem_4bit_got: @@ -190,12 +195,12 @@ gcm_gmult_4bit: mov r3,#14 add r7,r1,r12,lsl#4 - ldmia r7,{r4-r7} @ load Htbl[nlo] + ldmia r7,{r4,r5,r6,r7} @ load Htbl[nlo] ldrb r12,[r0,#14] add r11,r1,r14 and r14,r4,#0xf @ rem - ldmia r11,{r8-r11} @ load Htbl[nhi] + ldmia r11,{r8,r9,r10,r11} @ load Htbl[nhi] add r14,r14,r14 eor r4,r8,r4,lsr#4 ldrh r8,[r2,r14] @ rem_4bit[rem] @@ -214,7 +219,7 @@ gcm_gmult_4bit: and r12,r4,#0xf @ rem subs r3,r3,#1 add r12,r12,r12 - ldmia r11,{r8-r11} @ load Htbl[nlo] + ldmia r11,{r8,r9,r10,r11} @ load Htbl[nlo] eor r4,r8,r4,lsr#4 eor r4,r4,r5,lsl#28 eor r5,r9,r5,lsr#4 @@ -229,7 +234,7 @@ gcm_gmult_4bit: and r14,r4,#0xf @ rem eor r7,r7,r8,lsl#16 @ ^= rem_4bit[rem] add r14,r14,r14 - ldmia r11,{r8-r11} @ load Htbl[nhi] + ldmia r11,{r8,r9,r10,r11} @ load Htbl[nhi] eor r4,r8,r4,lsr#4 eor r4,r4,r5,lsl#28 eor r5,r9,r5,lsr#4 @@ -256,7 +261,7 @@ gcm_gmult_4bit: strb r10,[r0,#12+1] strb r11,[r0,#12] #endif - + #if __ARM_ARCH__>=7 && defined(__ARMEL__) rev r5,r5 str r5,[r0,#8] @@ -271,7 +276,7 @@ gcm_gmult_4bit: strb r10,[r0,#8+1] strb r11,[r0,#8] #endif - + #if __ARM_ARCH__>=7 && defined(__ARMEL__) rev r6,r6 str r6,[r0,#4] @@ -286,7 +291,7 @@ gcm_gmult_4bit: strb r10,[r0,#4+1] strb r11,[r0,#4] #endif - + #if __ARM_ARCH__>=7 && defined(__ARMEL__) rev r7,r7 str r7,[r0,#0] @@ -301,232 +306,234 @@ gcm_gmult_4bit: strb r10,[r0,#0+1] strb r11,[r0,#0] #endif - + #if __ARM_ARCH__>=5 - ldmia sp!,{r4-r11,pc} + ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,pc} #else - ldmia sp!,{r4-r11,lr} + ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,lr} tst lr,#1 moveq pc,lr @ be binary compatible with V4, yet - .word 0xe12fff1e @ interoperable with Thumb ISA:-) +.word 0xe12fff1e @ interoperable with Thumb ISA:-) #endif .size gcm_gmult_4bit,.-gcm_gmult_4bit -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 +.arch armv7-a .fpu neon -.global gcm_init_neon +.globl gcm_init_neon .hidden gcm_init_neon .type gcm_init_neon,%function .align 4 gcm_init_neon: - vld1.64 d7,[r1,:64]! @ load H - vmov.i8 q8,#0xe1 - vld1.64 d6,[r1,:64] + vld1.64 d7,[r1]! @ load H + vmov.i8 q8,#0xe1 + vld1.64 d6,[r1] vshl.i64 d17,#57 vshr.u64 d16,#63 @ t0=0xc2....01 - vdup.8 q9,d7[7] + vdup.8 q9,d7[7] vshr.u64 d26,d6,#63 - vshr.s8 q9,#7 @ broadcast carry bit + vshr.s8 q9,#7 @ broadcast carry bit vshl.i64 q3,q3,#1 - vand q8,q8,q9 - vorr d7,d26 @ H<<<=1 - veor q3,q3,q8 @ twisted H - vstmia r0,{q3} + vand q8,q8,q9 + vorr d7,d26 @ H<<<=1 + veor q3,q3,q8 @ twisted H + vstmia r0,{q3} - .word 0xe12fff1e + bx lr @ bx lr .size gcm_init_neon,.-gcm_init_neon -.global gcm_gmult_neon +.globl gcm_gmult_neon .hidden gcm_gmult_neon .type gcm_gmult_neon,%function .align 4 gcm_gmult_neon: - vld1.64 d7,[r0,:64]! @ load Xi - vld1.64 d6,[r0,:64]! + vld1.64 d7,[r0]! @ load Xi + vld1.64 d6,[r0]! vmov.i64 d29,#0x0000ffffffffffff - vldmia r1,{d26-d27} @ load twisted H + vldmia r1,{d26,d27} @ load twisted H vmov.i64 d30,#0x00000000ffffffff #ifdef __ARMEL__ vrev64.8 q3,q3 #endif vmov.i64 d31,#0x000000000000ffff - veor d28,d26,d27 @ Karatsuba pre-processing - mov r3,#16 - b .Lgmult_neon + veor d28,d26,d27 @ Karatsuba pre-processing + mov r3,#16 + b .Lgmult_neon .size gcm_gmult_neon,.-gcm_gmult_neon -.global gcm_ghash_neon +.globl gcm_ghash_neon .hidden gcm_ghash_neon .type gcm_ghash_neon,%function .align 4 gcm_ghash_neon: - vld1.64 d1,[r0,:64]! @ load Xi - vld1.64 d0,[r0,:64]! + vld1.64 d1,[r0]! @ load Xi + vld1.64 d0,[r0]! vmov.i64 d29,#0x0000ffffffffffff - vldmia r1,{d26-d27} @ load twisted H + vldmia r1,{d26,d27} @ load twisted H vmov.i64 d30,#0x00000000ffffffff #ifdef __ARMEL__ vrev64.8 q0,q0 #endif vmov.i64 d31,#0x000000000000ffff - veor d28,d26,d27 @ Karatsuba pre-processing + veor d28,d26,d27 @ Karatsuba pre-processing .Loop_neon: - vld1.64 d7,[r2]! @ load inp - vld1.64 d6,[r2]! + vld1.64 d7,[r2]! @ load inp + vld1.64 d6,[r2]! #ifdef __ARMEL__ vrev64.8 q3,q3 #endif - veor q3,q0 @ inp^=Xi + veor q3,q0 @ inp^=Xi .Lgmult_neon: - vext.8 d16, d26, d26, #1 @ A1 + vext.8 d16, d26, d26, #1 @ A1 vmull.p8 q8, d16, d6 @ F = A1*B - vext.8 d0, d6, d6, #1 @ B1 + vext.8 d0, d6, d6, #1 @ B1 vmull.p8 q0, d26, d0 @ E = A*B1 - vext.8 d18, d26, d26, #2 @ A2 + vext.8 d18, d26, d26, #2 @ A2 vmull.p8 q9, d18, d6 @ H = A2*B - vext.8 d22, d6, d6, #2 @ B2 + vext.8 d22, d6, d6, #2 @ B2 vmull.p8 q11, d26, d22 @ G = A*B2 - vext.8 d20, d26, d26, #3 @ A3 - veor q8, q8, q0 @ L = E + F + vext.8 d20, d26, d26, #3 @ A3 + veor q8, q8, q0 @ L = E + F vmull.p8 q10, d20, d6 @ J = A3*B - vext.8 d0, d6, d6, #3 @ B3 - veor q9, q9, q11 @ M = G + H + vext.8 d0, d6, d6, #3 @ B3 + veor q9, q9, q11 @ M = G + H vmull.p8 q0, d26, d0 @ I = A*B3 - veor d16, d16, d17 @ t0 = (L) (P0 + P1) << 8 - vand d17, d17, d29 - vext.8 d22, d6, d6, #4 @ B4 - veor d18, d18, d19 @ t1 = (M) (P2 + P3) << 16 - vand d19, d19, d30 + veor d16, d16, d17 @ t0 = (L) (P0 + P1) << 8 + vand d17, d17, d29 + vext.8 d22, d6, d6, #4 @ B4 + veor d18, d18, d19 @ t1 = (M) (P2 + P3) << 16 + vand d19, d19, d30 vmull.p8 q11, d26, d22 @ K = A*B4 - veor q10, q10, q0 @ N = I + J - veor d16, d16, d17 - veor d18, d18, d19 - veor d20, d20, d21 @ t2 = (N) (P4 + P5) << 24 - vand d21, d21, d31 - vext.8 q8, q8, q8, #15 - veor d22, d22, d23 @ t3 = (K) (P6 + P7) << 32 + veor q10, q10, q0 @ N = I + J + veor d16, d16, d17 + veor d18, d18, d19 + veor d20, d20, d21 @ t2 = (N) (P4 + P5) << 24 + vand d21, d21, d31 + vext.8 q8, q8, q8, #15 + veor d22, d22, d23 @ t3 = (K) (P6 + P7) << 32 vmov.i64 d23, #0 - vext.8 q9, q9, q9, #14 - veor d20, d20, d21 + vext.8 q9, q9, q9, #14 + veor d20, d20, d21 vmull.p8 q0, d26, d6 @ D = A*B - vext.8 q11, q11, q11, #12 - vext.8 q10, q10, q10, #13 - veor q8, q8, q9 - veor q10, q10, q11 - veor q0, q0, q8 - veor q0, q0, q10 - veor d6,d6,d7 @ Karatsuba pre-processing - vext.8 d16, d28, d28, #1 @ A1 + vext.8 q11, q11, q11, #12 + vext.8 q10, q10, q10, #13 + veor q8, q8, q9 + veor q10, q10, q11 + veor q0, q0, q8 + veor q0, q0, q10 + veor d6,d6,d7 @ Karatsuba pre-processing + vext.8 d16, d28, d28, #1 @ A1 vmull.p8 q8, d16, d6 @ F = A1*B - vext.8 d2, d6, d6, #1 @ B1 + vext.8 d2, d6, d6, #1 @ B1 vmull.p8 q1, d28, d2 @ E = A*B1 - vext.8 d18, d28, d28, #2 @ A2 + vext.8 d18, d28, d28, #2 @ A2 vmull.p8 q9, d18, d6 @ H = A2*B - vext.8 d22, d6, d6, #2 @ B2 + vext.8 d22, d6, d6, #2 @ B2 vmull.p8 q11, d28, d22 @ G = A*B2 - vext.8 d20, d28, d28, #3 @ A3 - veor q8, q8, q1 @ L = E + F + vext.8 d20, d28, d28, #3 @ A3 + veor q8, q8, q1 @ L = E + F vmull.p8 q10, d20, d6 @ J = A3*B - vext.8 d2, d6, d6, #3 @ B3 - veor q9, q9, q11 @ M = G + H + vext.8 d2, d6, d6, #3 @ B3 + veor q9, q9, q11 @ M = G + H vmull.p8 q1, d28, d2 @ I = A*B3 - veor d16, d16, d17 @ t0 = (L) (P0 + P1) << 8 - vand d17, d17, d29 - vext.8 d22, d6, d6, #4 @ B4 - veor d18, d18, d19 @ t1 = (M) (P2 + P3) << 16 - vand d19, d19, d30 + veor d16, d16, d17 @ t0 = (L) (P0 + P1) << 8 + vand d17, d17, d29 + vext.8 d22, d6, d6, #4 @ B4 + veor d18, d18, d19 @ t1 = (M) (P2 + P3) << 16 + vand d19, d19, d30 vmull.p8 q11, d28, d22 @ K = A*B4 - veor q10, q10, q1 @ N = I + J - veor d16, d16, d17 - veor d18, d18, d19 - veor d20, d20, d21 @ t2 = (N) (P4 + P5) << 24 - vand d21, d21, d31 - vext.8 q8, q8, q8, #15 - veor d22, d22, d23 @ t3 = (K) (P6 + P7) << 32 + veor q10, q10, q1 @ N = I + J + veor d16, d16, d17 + veor d18, d18, d19 + veor d20, d20, d21 @ t2 = (N) (P4 + P5) << 24 + vand d21, d21, d31 + vext.8 q8, q8, q8, #15 + veor d22, d22, d23 @ t3 = (K) (P6 + P7) << 32 vmov.i64 d23, #0 - vext.8 q9, q9, q9, #14 - veor d20, d20, d21 + vext.8 q9, q9, q9, #14 + veor d20, d20, d21 vmull.p8 q1, d28, d6 @ D = A*B - vext.8 q11, q11, q11, #12 - vext.8 q10, q10, q10, #13 - veor q8, q8, q9 - veor q10, q10, q11 - veor q1, q1, q8 - veor q1, q1, q10 - vext.8 d16, d27, d27, #1 @ A1 + vext.8 q11, q11, q11, #12 + vext.8 q10, q10, q10, #13 + veor q8, q8, q9 + veor q10, q10, q11 + veor q1, q1, q8 + veor q1, q1, q10 + vext.8 d16, d27, d27, #1 @ A1 vmull.p8 q8, d16, d7 @ F = A1*B - vext.8 d4, d7, d7, #1 @ B1 + vext.8 d4, d7, d7, #1 @ B1 vmull.p8 q2, d27, d4 @ E = A*B1 - vext.8 d18, d27, d27, #2 @ A2 + vext.8 d18, d27, d27, #2 @ A2 vmull.p8 q9, d18, d7 @ H = A2*B - vext.8 d22, d7, d7, #2 @ B2 + vext.8 d22, d7, d7, #2 @ B2 vmull.p8 q11, d27, d22 @ G = A*B2 - vext.8 d20, d27, d27, #3 @ A3 - veor q8, q8, q2 @ L = E + F + vext.8 d20, d27, d27, #3 @ A3 + veor q8, q8, q2 @ L = E + F vmull.p8 q10, d20, d7 @ J = A3*B - vext.8 d4, d7, d7, #3 @ B3 - veor q9, q9, q11 @ M = G + H + vext.8 d4, d7, d7, #3 @ B3 + veor q9, q9, q11 @ M = G + H vmull.p8 q2, d27, d4 @ I = A*B3 - veor d16, d16, d17 @ t0 = (L) (P0 + P1) << 8 - vand d17, d17, d29 - vext.8 d22, d7, d7, #4 @ B4 - veor d18, d18, d19 @ t1 = (M) (P2 + P3) << 16 - vand d19, d19, d30 + veor d16, d16, d17 @ t0 = (L) (P0 + P1) << 8 + vand d17, d17, d29 + vext.8 d22, d7, d7, #4 @ B4 + veor d18, d18, d19 @ t1 = (M) (P2 + P3) << 16 + vand d19, d19, d30 vmull.p8 q11, d27, d22 @ K = A*B4 - veor q10, q10, q2 @ N = I + J - veor d16, d16, d17 - veor d18, d18, d19 - veor d20, d20, d21 @ t2 = (N) (P4 + P5) << 24 - vand d21, d21, d31 - vext.8 q8, q8, q8, #15 - veor d22, d22, d23 @ t3 = (K) (P6 + P7) << 32 + veor q10, q10, q2 @ N = I + J + veor d16, d16, d17 + veor d18, d18, d19 + veor d20, d20, d21 @ t2 = (N) (P4 + P5) << 24 + vand d21, d21, d31 + vext.8 q8, q8, q8, #15 + veor d22, d22, d23 @ t3 = (K) (P6 + P7) << 32 vmov.i64 d23, #0 - vext.8 q9, q9, q9, #14 - veor d20, d20, d21 + vext.8 q9, q9, q9, #14 + veor d20, d20, d21 vmull.p8 q2, d27, d7 @ D = A*B - vext.8 q11, q11, q11, #12 - vext.8 q10, q10, q10, #13 - veor q8, q8, q9 - veor q10, q10, q11 - veor q2, q2, q8 - veor q2, q2, q10 - veor q1,q1,q0 @ Karatsuba post-processing - veor q1,q1,q2 - veor d1,d1,d2 - veor d4,d4,d3 @ Xh|Xl - 256-bit result + vext.8 q11, q11, q11, #12 + vext.8 q10, q10, q10, #13 + veor q8, q8, q9 + veor q10, q10, q11 + veor q2, q2, q8 + veor q2, q2, q10 + veor q1,q1,q0 @ Karatsuba post-processing + veor q1,q1,q2 + veor d1,d1,d2 + veor d4,d4,d3 @ Xh|Xl - 256-bit result @ equivalent of reduction_avx from ghash-x86_64.pl vshl.i64 q9,q0,#57 @ 1st phase vshl.i64 q10,q0,#62 - veor q10,q10,q9 @ + veor q10,q10,q9 @ vshl.i64 q9,q0,#63 - veor q10, q10, q9 @ - veor d1,d1,d20 @ - veor d4,d4,d21 + veor q10, q10, q9 @ + veor d1,d1,d20 @ + veor d4,d4,d21 vshr.u64 q10,q0,#1 @ 2nd phase - veor q2,q2,q0 - veor q0,q0,q10 @ + veor q2,q2,q0 + veor q0,q0,q10 @ vshr.u64 q10,q10,#6 vshr.u64 q0,q0,#1 @ - veor q0,q0,q2 @ - veor q0,q0,q10 @ + veor q0,q0,q2 @ + veor q0,q0,q10 @ - subs r3,#16 - bne .Loop_neon + subs r3,#16 + bne .Loop_neon #ifdef __ARMEL__ vrev64.8 q0,q0 #endif - sub r0,#16 - vst1.64 d1,[r0,:64]! @ write out Xi - vst1.64 d0,[r0,:64] + sub r0,#16 + vst1.64 d1,[r0]! @ write out Xi + vst1.64 d0,[r0] - .word 0xe12fff1e + bx lr @ bx lr .size gcm_ghash_neon,.-gcm_ghash_neon #endif -.asciz "GHASH for ARMv4/NEON, CRYPTOGAMS by " -.align 2 +.byte 71,72,65,83,72,32,102,111,114,32,65,82,77,118,52,47,78,69,79,78,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 +.align 2 +.align 2 #endif diff --git a/linux-arm/crypto/modes/ghashv8-armx.S b/linux-arm/crypto/modes/ghashv8-armx.S index 570d917..71913fb 100644 --- a/linux-arm/crypto/modes/ghashv8-armx.S +++ b/linux-arm/crypto/modes/ghashv8-armx.S @@ -3,114 +3,229 @@ .text .fpu neon .code 32 -.global gcm_init_v8 +.globl gcm_init_v8 .type gcm_init_v8,%function .align 4 gcm_init_v8: - vld1.64 {q9},[r1] @ load H - vmov.i8 q8,#0xe1 - vext.8 q3,q9,q9,#8 - vshl.i64 q8,q8,#57 - vshr.u64 q10,q8,#63 - vext.8 q8,q10,q8,#8 @ t0=0xc2....01 + vld1.64 {q9},[r1] @ load input H + vmov.i8 q11,#0xe1 + vshl.i64 q11,q11,#57 @ 0xc2.0 + vext.8 q3,q9,q9,#8 + vshr.u64 q10,q11,#63 vdup.32 q9,d18[1] - vshr.u64 q11,q3,#63 + vext.8 q8,q10,q11,#8 @ t0=0xc2....01 + vshr.u64 q10,q3,#63 vshr.s32 q9,q9,#31 @ broadcast carry bit - vand q11,q11,q8 + vand q10,q10,q8 vshl.i64 q3,q3,#1 - vext.8 q11,q11,q11,#8 - vand q8,q8,q9 - vorr q3,q3,q11 @ H<<<=1 - veor q3,q3,q8 @ twisted H - vst1.64 {q3},[r0] + vext.8 q10,q10,q10,#8 + vand q8,q8,q9 + vorr q3,q3,q10 @ H<<<=1 + veor q12,q3,q8 @ twisted H + vst1.64 {q12},[r0]! @ store Htable[0] + + @ calculate H^2 + vext.8 q8,q12,q12,#8 @ Karatsuba pre-processing +.byte 0xa8,0x0e,0xa8,0xf2 @ pmull q0,q12,q12 + veor q8,q8,q12 +.byte 0xa9,0x4e,0xa9,0xf2 @ pmull2 q2,q12,q12 +.byte 0xa0,0x2e,0xa0,0xf2 @ pmull q1,q8,q8 + + vext.8 q9,q0,q2,#8 @ Karatsuba post-processing + veor q10,q0,q2 + veor q1,q1,q9 + veor q1,q1,q10 +.byte 0x26,0x4e,0xe0,0xf2 @ pmull q10,q0,q11 @ 1st phase + + vmov d4,d3 @ Xh|Xm - 256-bit result + vmov d3,d0 @ Xm is rotated Xl + veor q0,q1,q10 + + vext.8 q10,q0,q0,#8 @ 2nd phase +.byte 0x26,0x0e,0xa0,0xf2 @ pmull q0,q0,q11 + veor q10,q10,q2 + veor q14,q0,q10 + + vext.8 q9,q14,q14,#8 @ Karatsuba pre-processing + veor q9,q9,q14 + vext.8 q13,q8,q9,#8 @ pack Karatsuba pre-processed + vst1.64 {q13,q14},[r0] @ store Htable[1..2] bx lr .size gcm_init_v8,.-gcm_init_v8 - -.global gcm_gmult_v8 +.globl gcm_gmult_v8 .type gcm_gmult_v8,%function .align 4 gcm_gmult_v8: - vld1.64 {q9},[r0] @ load Xi - vmov.i8 q11,#0xe1 - vld1.64 {q12},[r1] @ load twisted H + vld1.64 {q9},[r0] @ load Xi + vmov.i8 q11,#0xe1 + vld1.64 {q12,q13},[r1] @ load twisted H, ... vshl.u64 q11,q11,#57 #ifndef __ARMEB__ vrev64.8 q9,q9 #endif - vext.8 q13,q12,q12,#8 - mov r3,#0 - vext.8 q3,q9,q9,#8 - mov r12,#0 - veor q13,q13,q12 @ Karatsuba pre-processing - mov r2,r0 - b .Lgmult_v8 -.size gcm_gmult_v8,.-gcm_gmult_v8 + vext.8 q3,q9,q9,#8 + +.byte 0x86,0x0e,0xa8,0xf2 @ pmull q0,q12,q3 @ H.lo·Xi.lo + veor q9,q9,q3 @ Karatsuba pre-processing +.byte 0x87,0x4e,0xa9,0xf2 @ pmull2 q2,q12,q3 @ H.hi·Xi.hi +.byte 0xa2,0x2e,0xaa,0xf2 @ pmull q1,q13,q9 @ (H.lo+H.hi)·(Xi.lo+Xi.hi) -.global gcm_ghash_v8 + vext.8 q9,q0,q2,#8 @ Karatsuba post-processing + veor q10,q0,q2 + veor q1,q1,q9 + veor q1,q1,q10 +.byte 0x26,0x4e,0xe0,0xf2 @ pmull q10,q0,q11 @ 1st phase of reduction + + vmov d4,d3 @ Xh|Xm - 256-bit result + vmov d3,d0 @ Xm is rotated Xl + veor q0,q1,q10 + + vext.8 q10,q0,q0,#8 @ 2nd phase of reduction +.byte 0x26,0x0e,0xa0,0xf2 @ pmull q0,q0,q11 + veor q10,q10,q2 + veor q0,q0,q10 + +#ifndef __ARMEB__ + vrev64.8 q0,q0 +#endif + vext.8 q0,q0,q0,#8 + vst1.64 {q0},[r0] @ write out Xi + + bx lr +.size gcm_gmult_v8,.-gcm_gmult_v8 +.globl gcm_ghash_v8 .type gcm_ghash_v8,%function .align 4 gcm_ghash_v8: - vld1.64 {q0},[r0] @ load [rotated] Xi - subs r3,r3,#16 - vmov.i8 q11,#0xe1 - mov r12,#16 - vld1.64 {q12},[r1] @ load twisted H - moveq r12,#0 - vext.8 q0,q0,q0,#8 - vshl.u64 q11,q11,#57 - vld1.64 {q9},[r2],r12 @ load [rotated] inp - vext.8 q13,q12,q12,#8 + vstmdb sp!,{d8,d9,d10,d11,d12,d13,d14,d15} @ 32-bit ABI says so + vld1.64 {q0},[r0] @ load [rotated] Xi + @ "[rotated]" means that + @ loaded value would have + @ to be rotated in order to + @ make it appear as in + @ alorithm specification + subs r3,r3,#32 @ see if r3 is 32 or larger + mov r12,#16 @ r12 is used as post- + @ increment for input pointer; + @ as loop is modulo-scheduled + @ r12 is zeroed just in time + @ to preclude oversteping + @ inp[len], which means that + @ last block[s] are actually + @ loaded twice, but last + @ copy is not processed + vld1.64 {q12,q13},[r1]! @ load twisted H, ..., H^2 + vmov.i8 q11,#0xe1 + vld1.64 {q14},[r1] + moveq r12,#0 @ is it time to zero r12? + vext.8 q0,q0,q0,#8 @ rotate Xi + vld1.64 {q8},[r2]! @ load [rotated] I[0] + vshl.u64 q11,q11,#57 @ compose 0xc2.0 constant #ifndef __ARMEB__ + vrev64.8 q8,q8 vrev64.8 q0,q0 +#endif + vext.8 q3,q8,q8,#8 @ rotate I[0] + blo .Lodd_tail_v8 @ r3 was less than 32 + vld1.64 {q9},[r2],r12 @ load [rotated] I[1] +#ifndef __ARMEB__ vrev64.8 q9,q9 #endif - veor q13,q13,q12 @ Karatsuba pre-processing - vext.8 q3,q9,q9,#8 - b .Loop_v8 + vext.8 q7,q9,q9,#8 + veor q3,q3,q0 @ I[i]^=Xi +.byte 0x8e,0x8e,0xa8,0xf2 @ pmull q4,q12,q7 @ H·Ii+1 + veor q9,q9,q7 @ Karatsuba pre-processing +.byte 0x8f,0xce,0xa9,0xf2 @ pmull2 q6,q12,q7 + b .Loop_mod2x_v8 .align 4 -.Loop_v8: - vext.8 q10,q0,q0,#8 - veor q3,q3,q0 @ inp^=Xi - veor q9,q9,q10 @ q9 is rotated inp^Xi - -.Lgmult_v8: - .byte 0x86,0x0e,0xa8,0xf2 @ pmull q0,q12,q3 @ H.lo·Xi.lo - veor q9,q9,q3 @ Karatsuba pre-processing - .byte 0x87,0x4e,0xa9,0xf2 @ pmull2 q2,q12,q3 @ H.hi·Xi.hi - subs r3,r3,#16 - .byte 0xa2,0x2e,0xaa,0xf2 @ pmull q1,q13,q9 @ (H.lo+H.hi)·(Xi.lo+Xi.hi) - moveq r12,#0 - - vext.8 q9,q0,q2,#8 @ Karatsuba post-processing - veor q10,q0,q2 - veor q1,q1,q9 - vld1.64 {q9},[r2],r12 @ load [rotated] inp - veor q1,q1,q10 - .byte 0x26,0x4e,0xe0,0xf2 @ pmull q10,q0,q11 @ 1st phase - - vmov d4,d3 @ Xh|Xm - 256-bit result - vmov d3,d0 @ Xm is rotated Xl +.Loop_mod2x_v8: + vext.8 q10,q3,q3,#8 + subs r3,r3,#32 @ is there more data? +.byte 0x86,0x0e,0xac,0xf2 @ pmull q0,q14,q3 @ H^2.lo·Xi.lo + movlo r12,#0 @ is it time to zero r12? + +.byte 0xa2,0xae,0xaa,0xf2 @ pmull q5,q13,q9 + veor q10,q10,q3 @ Karatsuba pre-processing +.byte 0x87,0x4e,0xad,0xf2 @ pmull2 q2,q14,q3 @ H^2.hi·Xi.hi + veor q0,q0,q4 @ accumulate +.byte 0xa5,0x2e,0xab,0xf2 @ pmull2 q1,q13,q10 @ (H^2.lo+H^2.hi)·(Xi.lo+Xi.hi) + vld1.64 {q8},[r2],r12 @ load [rotated] I[i+2] + + veor q2,q2,q6 + moveq r12,#0 @ is it time to zero r12? + veor q1,q1,q5 + + vext.8 q9,q0,q2,#8 @ Karatsuba post-processing + veor q10,q0,q2 + veor q1,q1,q9 + vld1.64 {q9},[r2],r12 @ load [rotated] I[i+3] +#ifndef __ARMEB__ + vrev64.8 q8,q8 +#endif + veor q1,q1,q10 +.byte 0x26,0x4e,0xe0,0xf2 @ pmull q10,q0,q11 @ 1st phase of reduction + #ifndef __ARMEB__ - vrev64.8 q9,q9 + vrev64.8 q9,q9 #endif - veor q0,q1,q10 - vext.8 q3,q9,q9,#8 + vmov d4,d3 @ Xh|Xm - 256-bit result + vmov d3,d0 @ Xm is rotated Xl + vext.8 q7,q9,q9,#8 + vext.8 q3,q8,q8,#8 + veor q0,q1,q10 +.byte 0x8e,0x8e,0xa8,0xf2 @ pmull q4,q12,q7 @ H·Ii+1 + veor q3,q3,q2 @ accumulate q3 early + + vext.8 q10,q0,q0,#8 @ 2nd phase of reduction +.byte 0x26,0x0e,0xa0,0xf2 @ pmull q0,q0,q11 + veor q3,q3,q10 + veor q9,q9,q7 @ Karatsuba pre-processing + veor q3,q3,q0 +.byte 0x8f,0xce,0xa9,0xf2 @ pmull2 q6,q12,q7 + bhs .Loop_mod2x_v8 @ there was at least 32 more bytes + + veor q2,q2,q10 + vext.8 q3,q8,q8,#8 @ re-construct q3 + adds r3,r3,#32 @ re-construct r3 + veor q0,q0,q2 @ re-construct q0 + beq .Ldone_v8 @ is r3 zero? +.Lodd_tail_v8: + vext.8 q10,q0,q0,#8 + veor q3,q3,q0 @ inp^=Xi + veor q9,q8,q10 @ q9 is rotated inp^Xi + +.byte 0x86,0x0e,0xa8,0xf2 @ pmull q0,q12,q3 @ H.lo·Xi.lo + veor q9,q9,q3 @ Karatsuba pre-processing +.byte 0x87,0x4e,0xa9,0xf2 @ pmull2 q2,q12,q3 @ H.hi·Xi.hi +.byte 0xa2,0x2e,0xaa,0xf2 @ pmull q1,q13,q9 @ (H.lo+H.hi)·(Xi.lo+Xi.hi) + + vext.8 q9,q0,q2,#8 @ Karatsuba post-processing + veor q10,q0,q2 + veor q1,q1,q9 + veor q1,q1,q10 +.byte 0x26,0x4e,0xe0,0xf2 @ pmull q10,q0,q11 @ 1st phase of reduction + + vmov d4,d3 @ Xh|Xm - 256-bit result + vmov d3,d0 @ Xm is rotated Xl + veor q0,q1,q10 - vext.8 q10,q0,q0,#8 @ 2nd phase - .byte 0x26,0x0e,0xa0,0xf2 @ pmull q0,q0,q11 - veor q10,q10,q2 - veor q0,q0,q10 - bhs .Loop_v8 + vext.8 q10,q0,q0,#8 @ 2nd phase of reduction +.byte 0x26,0x0e,0xa0,0xf2 @ pmull q0,q0,q11 + veor q10,q10,q2 + veor q0,q0,q10 +.Ldone_v8: #ifndef __ARMEB__ vrev64.8 q0,q0 #endif - vext.8 q0,q0,q0,#8 - vst1.64 {q0},[r0] @ write out Xi + vext.8 q0,q0,q0,#8 + vst1.64 {q0},[r0] @ write out Xi + vldmia sp!,{d8,d9,d10,d11,d12,d13,d14,d15} @ 32-bit ABI says so bx lr .size gcm_ghash_v8,.-gcm_ghash_v8 -.asciz "GHASH for ARMv8, CRYPTOGAMS by " -.align 2 +.byte 71,72,65,83,72,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 +.align 2 +.align 2 diff --git a/linux-arm/crypto/sha/sha1-armv4-large.S b/linux-arm/crypto/sha/sha1-armv4-large.S index 5abc328..52c99bf 100644 --- a/linux-arm/crypto/sha/sha1-armv4-large.S +++ b/linux-arm/crypto/sha/sha1-armv4-large.S @@ -3,7 +3,7 @@ .text .code 32 -.global sha1_block_data_order +.globl sha1_block_data_order .type sha1_block_data_order,%function .align 5 @@ -12,12 +12,15 @@ sha1_block_data_order: sub r3,pc,#8 @ sha1_block_data_order ldr r12,.LOPENSSL_armcap ldr r12,[r3,r12] @ OPENSSL_armcap_P +#ifdef __APPLE__ + ldr r12,[r12] +#endif tst r12,#ARMV8_SHA1 bne .LARMv8 tst r12,#ARMV7_NEON bne .LNEON #endif - stmdb sp!,{r4-r12,lr} + stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} add r2,r1,r2,lsl#6 @ r2 to point at the end of r1 ldmia r0,{r3,r4,r5,r6,r7} .Lloop: @@ -193,7 +196,7 @@ sha1_block_data_order: add r6,r6,r7,ror#27 @ E+=ROR(A,27) eor r9,r9,r11,ror#31 str r9,[r14,#-4]! - and r10,r3,r10,ror#2 @ F_xx_xx + and r10,r3,r10,ror#2 @ F_xx_xx @ F_xx_xx add r6,r6,r9 @ E+=X[i] eor r10,r10,r5,ror#2 @ F_00_19(B,C,D) @@ -210,7 +213,7 @@ sha1_block_data_order: add r5,r5,r6,ror#27 @ E+=ROR(A,27) eor r9,r9,r11,ror#31 str r9,[r14,#-4]! - and r10,r7,r10,ror#2 @ F_xx_xx + and r10,r7,r10,ror#2 @ F_xx_xx @ F_xx_xx add r5,r5,r9 @ E+=X[i] eor r10,r10,r4,ror#2 @ F_00_19(B,C,D) @@ -227,7 +230,7 @@ sha1_block_data_order: add r4,r4,r5,ror#27 @ E+=ROR(A,27) eor r9,r9,r11,ror#31 str r9,[r14,#-4]! - and r10,r6,r10,ror#2 @ F_xx_xx + and r10,r6,r10,ror#2 @ F_xx_xx @ F_xx_xx add r4,r4,r9 @ E+=X[i] eor r10,r10,r3,ror#2 @ F_00_19(B,C,D) @@ -244,7 +247,7 @@ sha1_block_data_order: add r3,r3,r4,ror#27 @ E+=ROR(A,27) eor r9,r9,r11,ror#31 str r9,[r14,#-4]! - and r10,r5,r10,ror#2 @ F_xx_xx + and r10,r5,r10,ror#2 @ F_xx_xx @ F_xx_xx add r3,r3,r9 @ E+=X[i] eor r10,r10,r7,ror#2 @ F_00_19(B,C,D) @@ -265,7 +268,7 @@ sha1_block_data_order: add r7,r7,r3,ror#27 @ E+=ROR(A,27) eor r9,r9,r11,ror#31 str r9,[r14,#-4]! - eor r10,r4,r10,ror#2 @ F_xx_xx + eor r10,r4,r10,ror#2 @ F_xx_xx @ F_xx_xx add r7,r7,r9 @ E+=X[i] add r7,r7,r10 @ E+=F_20_39(B,C,D) @@ -281,7 +284,7 @@ sha1_block_data_order: add r6,r6,r7,ror#27 @ E+=ROR(A,27) eor r9,r9,r11,ror#31 str r9,[r14,#-4]! - eor r10,r3,r10,ror#2 @ F_xx_xx + eor r10,r3,r10,ror#2 @ F_xx_xx @ F_xx_xx add r6,r6,r9 @ E+=X[i] add r6,r6,r10 @ E+=F_20_39(B,C,D) @@ -297,7 +300,7 @@ sha1_block_data_order: add r5,r5,r6,ror#27 @ E+=ROR(A,27) eor r9,r9,r11,ror#31 str r9,[r14,#-4]! - eor r10,r7,r10,ror#2 @ F_xx_xx + eor r10,r7,r10,ror#2 @ F_xx_xx @ F_xx_xx add r5,r5,r9 @ E+=X[i] add r5,r5,r10 @ E+=F_20_39(B,C,D) @@ -313,7 +316,7 @@ sha1_block_data_order: add r4,r4,r5,ror#27 @ E+=ROR(A,27) eor r9,r9,r11,ror#31 str r9,[r14,#-4]! - eor r10,r6,r10,ror#2 @ F_xx_xx + eor r10,r6,r10,ror#2 @ F_xx_xx @ F_xx_xx add r4,r4,r9 @ E+=X[i] add r4,r4,r10 @ E+=F_20_39(B,C,D) @@ -329,7 +332,7 @@ sha1_block_data_order: add r3,r3,r4,ror#27 @ E+=ROR(A,27) eor r9,r9,r11,ror#31 str r9,[r14,#-4]! - eor r10,r5,r10,ror#2 @ F_xx_xx + eor r10,r5,r10,ror#2 @ F_xx_xx @ F_xx_xx add r3,r3,r9 @ E+=X[i] add r3,r3,r10 @ E+=F_20_39(B,C,D) @@ -352,8 +355,8 @@ sha1_block_data_order: add r7,r7,r3,ror#27 @ E+=ROR(A,27) eor r9,r9,r11,ror#31 str r9,[r14,#-4]! - and r10,r4,r10,ror#2 @ F_xx_xx - and r11,r5,r6 @ F_xx_xx + and r10,r4,r10,ror#2 @ F_xx_xx + and r11,r5,r6 @ F_xx_xx add r7,r7,r9 @ E+=X[i] add r7,r7,r10 @ E+=F_40_59(B,C,D) add r7,r7,r11,ror#2 @@ -369,8 +372,8 @@ sha1_block_data_order: add r6,r6,r7,ror#27 @ E+=ROR(A,27) eor r9,r9,r11,ror#31 str r9,[r14,#-4]! - and r10,r3,r10,ror#2 @ F_xx_xx - and r11,r4,r5 @ F_xx_xx + and r10,r3,r10,ror#2 @ F_xx_xx + and r11,r4,r5 @ F_xx_xx add r6,r6,r9 @ E+=X[i] add r6,r6,r10 @ E+=F_40_59(B,C,D) add r6,r6,r11,ror#2 @@ -386,8 +389,8 @@ sha1_block_data_order: add r5,r5,r6,ror#27 @ E+=ROR(A,27) eor r9,r9,r11,ror#31 str r9,[r14,#-4]! - and r10,r7,r10,ror#2 @ F_xx_xx - and r11,r3,r4 @ F_xx_xx + and r10,r7,r10,ror#2 @ F_xx_xx + and r11,r3,r4 @ F_xx_xx add r5,r5,r9 @ E+=X[i] add r5,r5,r10 @ E+=F_40_59(B,C,D) add r5,r5,r11,ror#2 @@ -403,8 +406,8 @@ sha1_block_data_order: add r4,r4,r5,ror#27 @ E+=ROR(A,27) eor r9,r9,r11,ror#31 str r9,[r14,#-4]! - and r10,r6,r10,ror#2 @ F_xx_xx - and r11,r7,r3 @ F_xx_xx + and r10,r6,r10,ror#2 @ F_xx_xx + and r11,r7,r3 @ F_xx_xx add r4,r4,r9 @ E+=X[i] add r4,r4,r10 @ E+=F_40_59(B,C,D) add r4,r4,r11,ror#2 @@ -420,8 +423,8 @@ sha1_block_data_order: add r3,r3,r4,ror#27 @ E+=ROR(A,27) eor r9,r9,r11,ror#31 str r9,[r14,#-4]! - and r10,r5,r10,ror#2 @ F_xx_xx - and r11,r6,r7 @ F_xx_xx + and r10,r5,r10,ror#2 @ F_xx_xx + and r11,r6,r7 @ F_xx_xx add r3,r3,r9 @ E+=X[i] add r3,r3,r10 @ E+=F_40_59(B,C,D) add r3,r3,r11,ror#2 @@ -445,25 +448,26 @@ sha1_block_data_order: bne .Lloop @ [+18], total 1307 #if __ARM_ARCH__>=5 - ldmia sp!,{r4-r12,pc} + ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc} #else - ldmia sp!,{r4-r12,lr} + ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} tst lr,#1 moveq pc,lr @ be binary compatible with V4, yet - .word 0xe12fff1e @ interoperable with Thumb ISA:-) +.word 0xe12fff1e @ interoperable with Thumb ISA:-) #endif .size sha1_block_data_order,.-sha1_block_data_order .align 5 -.LK_00_19: .word 0x5a827999 -.LK_20_39: .word 0x6ed9eba1 -.LK_40_59: .word 0x8f1bbcdc -.LK_60_79: .word 0xca62c1d6 +.LK_00_19:.word 0x5a827999 +.LK_20_39:.word 0x6ed9eba1 +.LK_40_59:.word 0x8f1bbcdc +.LK_60_79:.word 0xca62c1d6 #if __ARM_MAX_ARCH__>=7 .LOPENSSL_armcap: .word OPENSSL_armcap_P-sha1_block_data_order #endif -.asciz "SHA1 block transform for ARMv4/NEON/ARMv8, CRYPTOGAMS by " +.byte 83,72,65,49,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,65,82,77,118,52,47,78,69,79,78,47,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 +.align 2 .align 5 #if __ARM_MAX_ARCH__>=7 .arch armv7-a @@ -473,7 +477,7 @@ sha1_block_data_order: .align 4 sha1_block_data_order_neon: .LNEON: - stmdb sp!,{r4-r12,lr} + stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} add r2,r1,r2,lsl#6 @ r2 to point at the end of r1 @ dmb @ errata #451034 on early Cortex A8 @ vstmdb sp!,{d8-d15} @ ABI specification says so @@ -485,21 +489,21 @@ sha1_block_data_order_neon: ldmia r0,{r3,r4,r5,r6,r7} @ load context mov r12,sp - vld1.8 {q0-q1},[r1]! @ handles unaligned - veor q15,q15,q15 - vld1.8 {q2-q3},[r1]! - vld1.32 {d28[],d29[]},[r8,:32]! @ load K_00_19 + vld1.8 {q0,q1},[r1]! @ handles unaligned + veor q15,q15,q15 + vld1.8 {q2,q3},[r1]! + vld1.32 {d28[],d29[]},[r8,:32]! @ load K_00_19 vrev32.8 q0,q0 @ yes, even on vrev32.8 q1,q1 @ big-endian... vrev32.8 q2,q2 vadd.i32 q8,q0,q14 vrev32.8 q3,q3 vadd.i32 q9,q1,q14 - vst1.32 {q8},[r12,:128]! + vst1.32 {q8},[r12,:128]! vadd.i32 q10,q2,q14 - vst1.32 {q9},[r12,:128]! - vst1.32 {q10},[r12,:128]! - ldr r9,[sp] @ big RAW stall + vst1.32 {q9},[r12,:128]! + vst1.32 {q10},[r12,:128]! + ldr r9,[sp] @ big RAW stall .Loop_neon: vext.8 q8,q0,q1,#8 @@ -1177,10 +1181,10 @@ sha1_block_data_order_neon: teq r1,r2 sub r8,r8,#16 subeq r1,r1,#64 - vld1.8 {q0-q1},[r1]! + vld1.8 {q0,q1},[r1]! ldr r9,[sp,#4] eor r11,r10,r6 - vld1.8 {q2-q3},[r1]! + vld1.8 {q2,q3},[r1]! add r3,r3,r4,ror#27 mov r5,r5,ror#2 vld1.32 {d28[],d29[]},[r8,:32]! @@ -1313,7 +1317,7 @@ sha1_block_data_order_neon: bne .Loop_neon @ vldmia sp!,{d8-d15} - ldmia sp!,{r4-r12,pc} + ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc} .size sha1_block_data_order_neon,.-sha1_block_data_order_neon #endif #if __ARM_MAX_ARCH__>=7 @@ -1321,7 +1325,7 @@ sha1_block_data_order_neon: .align 5 sha1_block_data_order_armv8: .LARMv8: - vstmdb sp!,{d8-d15} @ ABI specification says so + vstmdb sp!,{d8,d9,d10,d11,d12,d13,d14,d15} @ ABI specification says so veor q1,q1,q1 adr r3,.LK_00_19 @@ -1334,119 +1338,119 @@ sha1_block_data_order_armv8: vld1.32 {d22[],d23[]},[r3,:32] .Loop_v8: - vld1.8 {q4-q5},[r1]! - vld1.8 {q6-q7},[r1]! + vld1.8 {q4,q5},[r1]! + vld1.8 {q6,q7},[r1]! vrev32.8 q4,q4 vrev32.8 q5,q5 vadd.i32 q12,q8,q4 vrev32.8 q6,q6 - vmov q14,q0 @ offload - subs r2,r2,#1 + vmov q14,q0 @ offload + subs r2,r2,#1 vadd.i32 q13,q8,q5 vrev32.8 q7,q7 - .byte 0xc0,0x62,0xb9,0xf3 @ sha1h q3,q0 @ 0 - .byte 0x68,0x0c,0x02,0xf2 @ sha1c q0,q1,q12 +.byte 0xc0,0x62,0xb9,0xf3 @ sha1h q3,q0 @ 0 +.byte 0x68,0x0c,0x02,0xf2 @ sha1c q0,q1,q12 vadd.i32 q12,q8,q6 - .byte 0x4c,0x8c,0x3a,0xf2 @ sha1su0 q4,q5,q6 - .byte 0xc0,0x42,0xb9,0xf3 @ sha1h q2,q0 @ 1 - .byte 0x6a,0x0c,0x06,0xf2 @ sha1c q0,q3,q13 +.byte 0x4c,0x8c,0x3a,0xf2 @ sha1su0 q4,q5,q6 +.byte 0xc0,0x42,0xb9,0xf3 @ sha1h q2,q0 @ 1 +.byte 0x6a,0x0c,0x06,0xf2 @ sha1c q0,q3,q13 vadd.i32 q13,q8,q7 - .byte 0x8e,0x83,0xba,0xf3 @ sha1su1 q4,q7 - .byte 0x4e,0xac,0x3c,0xf2 @ sha1su0 q5,q6,q7 - .byte 0xc0,0x62,0xb9,0xf3 @ sha1h q3,q0 @ 2 - .byte 0x68,0x0c,0x04,0xf2 @ sha1c q0,q2,q12 +.byte 0x8e,0x83,0xba,0xf3 @ sha1su1 q4,q7 +.byte 0x4e,0xac,0x3c,0xf2 @ sha1su0 q5,q6,q7 +.byte 0xc0,0x62,0xb9,0xf3 @ sha1h q3,q0 @ 2 +.byte 0x68,0x0c,0x04,0xf2 @ sha1c q0,q2,q12 vadd.i32 q12,q8,q4 - .byte 0x88,0xa3,0xba,0xf3 @ sha1su1 q5,q4 - .byte 0x48,0xcc,0x3e,0xf2 @ sha1su0 q6,q7,q4 - .byte 0xc0,0x42,0xb9,0xf3 @ sha1h q2,q0 @ 3 - .byte 0x6a,0x0c,0x06,0xf2 @ sha1c q0,q3,q13 +.byte 0x88,0xa3,0xba,0xf3 @ sha1su1 q5,q4 +.byte 0x48,0xcc,0x3e,0xf2 @ sha1su0 q6,q7,q4 +.byte 0xc0,0x42,0xb9,0xf3 @ sha1h q2,q0 @ 3 +.byte 0x6a,0x0c,0x06,0xf2 @ sha1c q0,q3,q13 vadd.i32 q13,q9,q5 - .byte 0x8a,0xc3,0xba,0xf3 @ sha1su1 q6,q5 - .byte 0x4a,0xec,0x38,0xf2 @ sha1su0 q7,q4,q5 - .byte 0xc0,0x62,0xb9,0xf3 @ sha1h q3,q0 @ 4 - .byte 0x68,0x0c,0x04,0xf2 @ sha1c q0,q2,q12 +.byte 0x8a,0xc3,0xba,0xf3 @ sha1su1 q6,q5 +.byte 0x4a,0xec,0x38,0xf2 @ sha1su0 q7,q4,q5 +.byte 0xc0,0x62,0xb9,0xf3 @ sha1h q3,q0 @ 4 +.byte 0x68,0x0c,0x04,0xf2 @ sha1c q0,q2,q12 vadd.i32 q12,q9,q6 - .byte 0x8c,0xe3,0xba,0xf3 @ sha1su1 q7,q6 - .byte 0x4c,0x8c,0x3a,0xf2 @ sha1su0 q4,q5,q6 - .byte 0xc0,0x42,0xb9,0xf3 @ sha1h q2,q0 @ 5 - .byte 0x6a,0x0c,0x16,0xf2 @ sha1p q0,q3,q13 +.byte 0x8c,0xe3,0xba,0xf3 @ sha1su1 q7,q6 +.byte 0x4c,0x8c,0x3a,0xf2 @ sha1su0 q4,q5,q6 +.byte 0xc0,0x42,0xb9,0xf3 @ sha1h q2,q0 @ 5 +.byte 0x6a,0x0c,0x16,0xf2 @ sha1p q0,q3,q13 vadd.i32 q13,q9,q7 - .byte 0x8e,0x83,0xba,0xf3 @ sha1su1 q4,q7 - .byte 0x4e,0xac,0x3c,0xf2 @ sha1su0 q5,q6,q7 - .byte 0xc0,0x62,0xb9,0xf3 @ sha1h q3,q0 @ 6 - .byte 0x68,0x0c,0x14,0xf2 @ sha1p q0,q2,q12 +.byte 0x8e,0x83,0xba,0xf3 @ sha1su1 q4,q7 +.byte 0x4e,0xac,0x3c,0xf2 @ sha1su0 q5,q6,q7 +.byte 0xc0,0x62,0xb9,0xf3 @ sha1h q3,q0 @ 6 +.byte 0x68,0x0c,0x14,0xf2 @ sha1p q0,q2,q12 vadd.i32 q12,q9,q4 - .byte 0x88,0xa3,0xba,0xf3 @ sha1su1 q5,q4 - .byte 0x48,0xcc,0x3e,0xf2 @ sha1su0 q6,q7,q4 - .byte 0xc0,0x42,0xb9,0xf3 @ sha1h q2,q0 @ 7 - .byte 0x6a,0x0c,0x16,0xf2 @ sha1p q0,q3,q13 +.byte 0x88,0xa3,0xba,0xf3 @ sha1su1 q5,q4 +.byte 0x48,0xcc,0x3e,0xf2 @ sha1su0 q6,q7,q4 +.byte 0xc0,0x42,0xb9,0xf3 @ sha1h q2,q0 @ 7 +.byte 0x6a,0x0c,0x16,0xf2 @ sha1p q0,q3,q13 vadd.i32 q13,q9,q5 - .byte 0x8a,0xc3,0xba,0xf3 @ sha1su1 q6,q5 - .byte 0x4a,0xec,0x38,0xf2 @ sha1su0 q7,q4,q5 - .byte 0xc0,0x62,0xb9,0xf3 @ sha1h q3,q0 @ 8 - .byte 0x68,0x0c,0x14,0xf2 @ sha1p q0,q2,q12 +.byte 0x8a,0xc3,0xba,0xf3 @ sha1su1 q6,q5 +.byte 0x4a,0xec,0x38,0xf2 @ sha1su0 q7,q4,q5 +.byte 0xc0,0x62,0xb9,0xf3 @ sha1h q3,q0 @ 8 +.byte 0x68,0x0c,0x14,0xf2 @ sha1p q0,q2,q12 vadd.i32 q12,q10,q6 - .byte 0x8c,0xe3,0xba,0xf3 @ sha1su1 q7,q6 - .byte 0x4c,0x8c,0x3a,0xf2 @ sha1su0 q4,q5,q6 - .byte 0xc0,0x42,0xb9,0xf3 @ sha1h q2,q0 @ 9 - .byte 0x6a,0x0c,0x16,0xf2 @ sha1p q0,q3,q13 +.byte 0x8c,0xe3,0xba,0xf3 @ sha1su1 q7,q6 +.byte 0x4c,0x8c,0x3a,0xf2 @ sha1su0 q4,q5,q6 +.byte 0xc0,0x42,0xb9,0xf3 @ sha1h q2,q0 @ 9 +.byte 0x6a,0x0c,0x16,0xf2 @ sha1p q0,q3,q13 vadd.i32 q13,q10,q7 - .byte 0x8e,0x83,0xba,0xf3 @ sha1su1 q4,q7 - .byte 0x4e,0xac,0x3c,0xf2 @ sha1su0 q5,q6,q7 - .byte 0xc0,0x62,0xb9,0xf3 @ sha1h q3,q0 @ 10 - .byte 0x68,0x0c,0x24,0xf2 @ sha1m q0,q2,q12 +.byte 0x8e,0x83,0xba,0xf3 @ sha1su1 q4,q7 +.byte 0x4e,0xac,0x3c,0xf2 @ sha1su0 q5,q6,q7 +.byte 0xc0,0x62,0xb9,0xf3 @ sha1h q3,q0 @ 10 +.byte 0x68,0x0c,0x24,0xf2 @ sha1m q0,q2,q12 vadd.i32 q12,q10,q4 - .byte 0x88,0xa3,0xba,0xf3 @ sha1su1 q5,q4 - .byte 0x48,0xcc,0x3e,0xf2 @ sha1su0 q6,q7,q4 - .byte 0xc0,0x42,0xb9,0xf3 @ sha1h q2,q0 @ 11 - .byte 0x6a,0x0c,0x26,0xf2 @ sha1m q0,q3,q13 +.byte 0x88,0xa3,0xba,0xf3 @ sha1su1 q5,q4 +.byte 0x48,0xcc,0x3e,0xf2 @ sha1su0 q6,q7,q4 +.byte 0xc0,0x42,0xb9,0xf3 @ sha1h q2,q0 @ 11 +.byte 0x6a,0x0c,0x26,0xf2 @ sha1m q0,q3,q13 vadd.i32 q13,q10,q5 - .byte 0x8a,0xc3,0xba,0xf3 @ sha1su1 q6,q5 - .byte 0x4a,0xec,0x38,0xf2 @ sha1su0 q7,q4,q5 - .byte 0xc0,0x62,0xb9,0xf3 @ sha1h q3,q0 @ 12 - .byte 0x68,0x0c,0x24,0xf2 @ sha1m q0,q2,q12 +.byte 0x8a,0xc3,0xba,0xf3 @ sha1su1 q6,q5 +.byte 0x4a,0xec,0x38,0xf2 @ sha1su0 q7,q4,q5 +.byte 0xc0,0x62,0xb9,0xf3 @ sha1h q3,q0 @ 12 +.byte 0x68,0x0c,0x24,0xf2 @ sha1m q0,q2,q12 vadd.i32 q12,q10,q6 - .byte 0x8c,0xe3,0xba,0xf3 @ sha1su1 q7,q6 - .byte 0x4c,0x8c,0x3a,0xf2 @ sha1su0 q4,q5,q6 - .byte 0xc0,0x42,0xb9,0xf3 @ sha1h q2,q0 @ 13 - .byte 0x6a,0x0c,0x26,0xf2 @ sha1m q0,q3,q13 +.byte 0x8c,0xe3,0xba,0xf3 @ sha1su1 q7,q6 +.byte 0x4c,0x8c,0x3a,0xf2 @ sha1su0 q4,q5,q6 +.byte 0xc0,0x42,0xb9,0xf3 @ sha1h q2,q0 @ 13 +.byte 0x6a,0x0c,0x26,0xf2 @ sha1m q0,q3,q13 vadd.i32 q13,q11,q7 - .byte 0x8e,0x83,0xba,0xf3 @ sha1su1 q4,q7 - .byte 0x4e,0xac,0x3c,0xf2 @ sha1su0 q5,q6,q7 - .byte 0xc0,0x62,0xb9,0xf3 @ sha1h q3,q0 @ 14 - .byte 0x68,0x0c,0x24,0xf2 @ sha1m q0,q2,q12 +.byte 0x8e,0x83,0xba,0xf3 @ sha1su1 q4,q7 +.byte 0x4e,0xac,0x3c,0xf2 @ sha1su0 q5,q6,q7 +.byte 0xc0,0x62,0xb9,0xf3 @ sha1h q3,q0 @ 14 +.byte 0x68,0x0c,0x24,0xf2 @ sha1m q0,q2,q12 vadd.i32 q12,q11,q4 - .byte 0x88,0xa3,0xba,0xf3 @ sha1su1 q5,q4 - .byte 0x48,0xcc,0x3e,0xf2 @ sha1su0 q6,q7,q4 - .byte 0xc0,0x42,0xb9,0xf3 @ sha1h q2,q0 @ 15 - .byte 0x6a,0x0c,0x16,0xf2 @ sha1p q0,q3,q13 +.byte 0x88,0xa3,0xba,0xf3 @ sha1su1 q5,q4 +.byte 0x48,0xcc,0x3e,0xf2 @ sha1su0 q6,q7,q4 +.byte 0xc0,0x42,0xb9,0xf3 @ sha1h q2,q0 @ 15 +.byte 0x6a,0x0c,0x16,0xf2 @ sha1p q0,q3,q13 vadd.i32 q13,q11,q5 - .byte 0x8a,0xc3,0xba,0xf3 @ sha1su1 q6,q5 - .byte 0x4a,0xec,0x38,0xf2 @ sha1su0 q7,q4,q5 - .byte 0xc0,0x62,0xb9,0xf3 @ sha1h q3,q0 @ 16 - .byte 0x68,0x0c,0x14,0xf2 @ sha1p q0,q2,q12 +.byte 0x8a,0xc3,0xba,0xf3 @ sha1su1 q6,q5 +.byte 0x4a,0xec,0x38,0xf2 @ sha1su0 q7,q4,q5 +.byte 0xc0,0x62,0xb9,0xf3 @ sha1h q3,q0 @ 16 +.byte 0x68,0x0c,0x14,0xf2 @ sha1p q0,q2,q12 vadd.i32 q12,q11,q6 - .byte 0x8c,0xe3,0xba,0xf3 @ sha1su1 q7,q6 - .byte 0xc0,0x42,0xb9,0xf3 @ sha1h q2,q0 @ 17 - .byte 0x6a,0x0c,0x16,0xf2 @ sha1p q0,q3,q13 +.byte 0x8c,0xe3,0xba,0xf3 @ sha1su1 q7,q6 +.byte 0xc0,0x42,0xb9,0xf3 @ sha1h q2,q0 @ 17 +.byte 0x6a,0x0c,0x16,0xf2 @ sha1p q0,q3,q13 vadd.i32 q13,q11,q7 - .byte 0xc0,0x62,0xb9,0xf3 @ sha1h q3,q0 @ 18 - .byte 0x68,0x0c,0x14,0xf2 @ sha1p q0,q2,q12 +.byte 0xc0,0x62,0xb9,0xf3 @ sha1h q3,q0 @ 18 +.byte 0x68,0x0c,0x14,0xf2 @ sha1p q0,q2,q12 - .byte 0xc0,0x42,0xb9,0xf3 @ sha1h q2,q0 @ 19 - .byte 0x6a,0x0c,0x16,0xf2 @ sha1p q0,q3,q13 +.byte 0xc0,0x42,0xb9,0xf3 @ sha1h q2,q0 @ 19 +.byte 0x6a,0x0c,0x16,0xf2 @ sha1p q0,q3,q13 vadd.i32 q1,q1,q2 vadd.i32 q0,q0,q14 - bne .Loop_v8 + bne .Loop_v8 - vst1.32 {q0},[r0]! - vst1.32 {d2[0]},[r0] + vst1.32 {q0},[r0]! + vst1.32 {d2[0]},[r0] - vldmia sp!,{d8-d15} + vldmia sp!,{d8,d9,d10,d11,d12,d13,d14,d15} bx lr @ bx lr .size sha1_block_data_order_armv8,.-sha1_block_data_order_armv8 #endif diff --git a/linux-arm/crypto/sha/sha256-armv4.S b/linux-arm/crypto/sha/sha256-armv4.S index 3c41010..ba37795 100644 --- a/linux-arm/crypto/sha/sha256-armv4.S +++ b/linux-arm/crypto/sha/sha256-armv4.S @@ -1,7 +1,60 @@ -#include "arm_arch.h" + +@ ==================================================================== +@ Written by Andy Polyakov for the OpenSSL +@ project. The module is, however, dual licensed under OpenSSL and +@ CRYPTOGAMS licenses depending on where you obtain it. For further +@ details see http://www.openssl.org/~appro/cryptogams/. +@ +@ Permission to use under GPL terms is granted. +@ ==================================================================== + +@ SHA256 block procedure for ARMv4. May 2007. + +@ Performance is ~2x better than gcc 3.4 generated code and in "abso- +@ lute" terms is ~2250 cycles per 64-byte block or ~35 cycles per +@ byte [on single-issue Xscale PXA250 core]. + +@ July 2010. +@ +@ Rescheduling for dual-issue pipeline resulted in 22% improvement on +@ Cortex A8 core and ~20 cycles per processed byte. + +@ February 2011. +@ +@ Profiler-assisted and platform-specific optimization resulted in 16% +@ improvement on Cortex A8 core and ~15.4 cycles per processed byte. + +@ September 2013. +@ +@ Add NEON implementation. On Cortex A8 it was measured to process one +@ byte in 12.5 cycles or 23% faster than integer-only code. Snapdragon +@ S4 does it in 12.5 cycles too, but it's 50% faster than integer-only +@ code (meaning that latter performs sub-optimally, nothing was done +@ about it). + +@ May 2014. +@ +@ Add ARMv8 code path performing at 2.0 cpb on Apple A7. + +#ifndef __KERNEL__ +# include "arm_arch.h" +#else +# define __ARM_ARCH__ __LINUX_ARM_ARCH__ +# define __ARM_MAX_ARCH__ 7 +#endif .text +#if __ARM_ARCH__<7 .code 32 +#else +.syntax unified +# if defined(__thumb2__) && !defined(__APPLE__) +# define adrl adr +.thumb +# else +.code 32 +# endif +#endif .type K256,%object .align 5 @@ -24,25 +77,33 @@ K256: .word 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 .size K256,.-K256 .word 0 @ terminator -#if __ARM_MAX_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) .LOPENSSL_armcap: -.word OPENSSL_armcap_P-sha256_block_data_order +.word OPENSSL_armcap_P-.Lsha256_block_data_order #endif .align 5 -.global sha256_block_data_order +.globl sha256_block_data_order .type sha256_block_data_order,%function sha256_block_data_order: +.Lsha256_block_data_order: +#if __ARM_ARCH__<7 sub r3,pc,#8 @ sha256_block_data_order - add r2,r1,r2,lsl#6 @ len to point at the end of inp -#if __ARM_MAX_ARCH__>=7 +#else + adr r3,sha256_block_data_order +#endif +#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) ldr r12,.LOPENSSL_armcap ldr r12,[r3,r12] @ OPENSSL_armcap_P +#ifdef __APPLE__ + ldr r12,[r12] +#endif tst r12,#ARMV8_SHA256 bne .LARMv8 tst r12,#ARMV7_NEON bne .LNEON #endif + add r2,r1,r2,lsl#6 @ len to point at the end of inp stmdb sp!,{r0,r1,r2,r4-r11,lr} ldmia r0,{r4,r5,r6,r7,r8,r9,r10,r11} sub r14,r3,#256+32 @ K256 @@ -63,7 +124,9 @@ sha256_block_data_order: eor r0,r8,r8,ror#5 add r4,r4,r12 @ h+=Maj(a,b,c) from the past eor r0,r0,r8,ror#19 @ Sigma1(e) +# ifndef __ARMEB__ rev r2,r2 +# endif #else @ ldrb r2,[r1,#3] @ 0 add r4,r4,r12 @ h+=Maj(a,b,c) from the past @@ -119,7 +182,9 @@ sha256_block_data_order: eor r0,r7,r7,ror#5 add r11,r11,r3 @ h+=Maj(a,b,c) from the past eor r0,r0,r7,ror#19 @ Sigma1(e) +# ifndef __ARMEB__ rev r2,r2 +# endif #else @ ldrb r2,[r1,#3] @ 1 add r11,r11,r3 @ h+=Maj(a,b,c) from the past @@ -175,7 +240,9 @@ sha256_block_data_order: eor r0,r6,r6,ror#5 add r10,r10,r12 @ h+=Maj(a,b,c) from the past eor r0,r0,r6,ror#19 @ Sigma1(e) +# ifndef __ARMEB__ rev r2,r2 +# endif #else @ ldrb r2,[r1,#3] @ 2 add r10,r10,r12 @ h+=Maj(a,b,c) from the past @@ -231,7 +298,9 @@ sha256_block_data_order: eor r0,r5,r5,ror#5 add r9,r9,r3 @ h+=Maj(a,b,c) from the past eor r0,r0,r5,ror#19 @ Sigma1(e) +# ifndef __ARMEB__ rev r2,r2 +# endif #else @ ldrb r2,[r1,#3] @ 3 add r9,r9,r3 @ h+=Maj(a,b,c) from the past @@ -287,7 +356,9 @@ sha256_block_data_order: eor r0,r4,r4,ror#5 add r8,r8,r12 @ h+=Maj(a,b,c) from the past eor r0,r0,r4,ror#19 @ Sigma1(e) +# ifndef __ARMEB__ rev r2,r2 +# endif #else @ ldrb r2,[r1,#3] @ 4 add r8,r8,r12 @ h+=Maj(a,b,c) from the past @@ -343,7 +414,9 @@ sha256_block_data_order: eor r0,r11,r11,ror#5 add r7,r7,r3 @ h+=Maj(a,b,c) from the past eor r0,r0,r11,ror#19 @ Sigma1(e) +# ifndef __ARMEB__ rev r2,r2 +# endif #else @ ldrb r2,[r1,#3] @ 5 add r7,r7,r3 @ h+=Maj(a,b,c) from the past @@ -399,7 +472,9 @@ sha256_block_data_order: eor r0,r10,r10,ror#5 add r6,r6,r12 @ h+=Maj(a,b,c) from the past eor r0,r0,r10,ror#19 @ Sigma1(e) +# ifndef __ARMEB__ rev r2,r2 +# endif #else @ ldrb r2,[r1,#3] @ 6 add r6,r6,r12 @ h+=Maj(a,b,c) from the past @@ -455,7 +530,9 @@ sha256_block_data_order: eor r0,r9,r9,ror#5 add r5,r5,r3 @ h+=Maj(a,b,c) from the past eor r0,r0,r9,ror#19 @ Sigma1(e) +# ifndef __ARMEB__ rev r2,r2 +# endif #else @ ldrb r2,[r1,#3] @ 7 add r5,r5,r3 @ h+=Maj(a,b,c) from the past @@ -511,7 +588,9 @@ sha256_block_data_order: eor r0,r8,r8,ror#5 add r4,r4,r12 @ h+=Maj(a,b,c) from the past eor r0,r0,r8,ror#19 @ Sigma1(e) +# ifndef __ARMEB__ rev r2,r2 +# endif #else @ ldrb r2,[r1,#3] @ 8 add r4,r4,r12 @ h+=Maj(a,b,c) from the past @@ -567,7 +646,9 @@ sha256_block_data_order: eor r0,r7,r7,ror#5 add r11,r11,r3 @ h+=Maj(a,b,c) from the past eor r0,r0,r7,ror#19 @ Sigma1(e) +# ifndef __ARMEB__ rev r2,r2 +# endif #else @ ldrb r2,[r1,#3] @ 9 add r11,r11,r3 @ h+=Maj(a,b,c) from the past @@ -623,7 +704,9 @@ sha256_block_data_order: eor r0,r6,r6,ror#5 add r10,r10,r12 @ h+=Maj(a,b,c) from the past eor r0,r0,r6,ror#19 @ Sigma1(e) +# ifndef __ARMEB__ rev r2,r2 +# endif #else @ ldrb r2,[r1,#3] @ 10 add r10,r10,r12 @ h+=Maj(a,b,c) from the past @@ -679,7 +762,9 @@ sha256_block_data_order: eor r0,r5,r5,ror#5 add r9,r9,r3 @ h+=Maj(a,b,c) from the past eor r0,r0,r5,ror#19 @ Sigma1(e) +# ifndef __ARMEB__ rev r2,r2 +# endif #else @ ldrb r2,[r1,#3] @ 11 add r9,r9,r3 @ h+=Maj(a,b,c) from the past @@ -735,7 +820,9 @@ sha256_block_data_order: eor r0,r4,r4,ror#5 add r8,r8,r12 @ h+=Maj(a,b,c) from the past eor r0,r0,r4,ror#19 @ Sigma1(e) +# ifndef __ARMEB__ rev r2,r2 +# endif #else @ ldrb r2,[r1,#3] @ 12 add r8,r8,r12 @ h+=Maj(a,b,c) from the past @@ -791,7 +878,9 @@ sha256_block_data_order: eor r0,r11,r11,ror#5 add r7,r7,r3 @ h+=Maj(a,b,c) from the past eor r0,r0,r11,ror#19 @ Sigma1(e) +# ifndef __ARMEB__ rev r2,r2 +# endif #else @ ldrb r2,[r1,#3] @ 13 add r7,r7,r3 @ h+=Maj(a,b,c) from the past @@ -847,7 +936,9 @@ sha256_block_data_order: eor r0,r10,r10,ror#5 add r6,r6,r12 @ h+=Maj(a,b,c) from the past eor r0,r0,r10,ror#19 @ Sigma1(e) +# ifndef __ARMEB__ rev r2,r2 +# endif #else @ ldrb r2,[r1,#3] @ 14 add r6,r6,r12 @ h+=Maj(a,b,c) from the past @@ -903,7 +994,9 @@ sha256_block_data_order: eor r0,r9,r9,ror#5 add r5,r5,r3 @ h+=Maj(a,b,c) from the past eor r0,r0,r9,ror#19 @ Sigma1(e) +# ifndef __ARMEB__ rev r2,r2 +# endif #else @ ldrb r2,[r1,#3] @ 15 add r5,r5,r3 @ h+=Maj(a,b,c) from the past @@ -1736,6 +1829,9 @@ sha256_block_data_order: eor r12,r12,r6 @ Maj(a,b,c) add r4,r4,r0,ror#2 @ h+=Sigma0(a) @ add r4,r4,r12 @ h+=Maj(a,b,c) +#if __ARM_ARCH__>=7 + ite eq @ Thumb2 thing, sanity check in ARM +#endif ldreq r3,[sp,#16*4] @ pull ctx bne .Lrounds_16_xx @@ -1765,61 +1861,64 @@ sha256_block_data_order: add sp,sp,#19*4 @ destroy frame #if __ARM_ARCH__>=5 - ldmia sp!,{r4-r11,pc} + ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,pc} #else - ldmia sp!,{r4-r11,lr} + ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,lr} tst lr,#1 moveq pc,lr @ be binary compatible with V4, yet - .word 0xe12fff1e @ interoperable with Thumb ISA:-) +.word 0xe12fff1e @ interoperable with Thumb ISA:-) #endif .size sha256_block_data_order,.-sha256_block_data_order #if __ARM_MAX_ARCH__>=7 .arch armv7-a .fpu neon +.globl sha256_block_data_order_neon .type sha256_block_data_order_neon,%function .align 4 sha256_block_data_order_neon: .LNEON: - stmdb sp!,{r4-r12,lr} + stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} + sub r11,sp,#16*4+16 + adr r14,K256 + bic r11,r11,#15 @ align for 128-bit stores mov r12,sp - sub sp,sp,#16*4+16 @ alloca - sub r14,r3,#256+32 @ K256 - bic sp,sp,#15 @ align for 128-bit stores + mov sp,r11 @ alloca + add r2,r1,r2,lsl#6 @ len to point at the end of inp - vld1.8 {q0},[r1]! - vld1.8 {q1},[r1]! - vld1.8 {q2},[r1]! - vld1.8 {q3},[r1]! - vld1.32 {q8},[r14,:128]! - vld1.32 {q9},[r14,:128]! - vld1.32 {q10},[r14,:128]! - vld1.32 {q11},[r14,:128]! + vld1.8 {q0},[r1]! + vld1.8 {q1},[r1]! + vld1.8 {q2},[r1]! + vld1.8 {q3},[r1]! + vld1.32 {q8},[r14,:128]! + vld1.32 {q9},[r14,:128]! + vld1.32 {q10},[r14,:128]! + vld1.32 {q11},[r14,:128]! vrev32.8 q0,q0 @ yes, even on - str r0,[sp,#64] + str r0,[sp,#64] vrev32.8 q1,q1 @ big-endian - str r1,[sp,#68] - mov r1,sp + str r1,[sp,#68] + mov r1,sp vrev32.8 q2,q2 - str r2,[sp,#72] + str r2,[sp,#72] vrev32.8 q3,q3 - str r12,[sp,#76] @ save original sp + str r12,[sp,#76] @ save original sp vadd.i32 q8,q8,q0 vadd.i32 q9,q9,q1 - vst1.32 {q8},[r1,:128]! + vst1.32 {q8},[r1,:128]! vadd.i32 q10,q10,q2 - vst1.32 {q9},[r1,:128]! + vst1.32 {q9},[r1,:128]! vadd.i32 q11,q11,q3 - vst1.32 {q10},[r1,:128]! - vst1.32 {q11},[r1,:128]! + vst1.32 {q10},[r1,:128]! + vst1.32 {q11},[r1,:128]! - ldmia r0,{r4-r11} - sub r1,r1,#64 - ldr r2,[sp,#0] - eor r12,r12,r12 - eor r3,r5,r6 - b .L_00_48 + ldmia r0,{r4,r5,r6,r7,r8,r9,r10,r11} + sub r1,r1,#64 + ldr r2,[sp,#0] + eor r12,r12,r12 + eor r3,r5,r6 + b .L_00_48 .align 4 .L_00_48: @@ -2220,17 +2319,19 @@ sha256_block_data_order_neon: sub r1,r1,#64 bne .L_00_48 - ldr r1,[sp,#68] - ldr r0,[sp,#72] - sub r14,r14,#256 @ rewind r14 - teq r1,r0 - subeq r1,r1,#64 @ avoid SEGV - vld1.8 {q0},[r1]! @ load next input block - vld1.8 {q1},[r1]! - vld1.8 {q2},[r1]! - vld1.8 {q3},[r1]! - strne r1,[sp,#68] - mov r1,sp + ldr r1,[sp,#68] + ldr r0,[sp,#72] + sub r14,r14,#256 @ rewind r14 + teq r1,r0 + it eq + subeq r1,r1,#64 @ avoid SEGV + vld1.8 {q0},[r1]! @ load next input block + vld1.8 {q1},[r1]! + vld1.8 {q2},[r1]! + vld1.8 {q3},[r1]! + it ne + strne r1,[sp,#68] + mov r1,sp add r11,r11,r2 eor r2,r9,r10 eor r0,r8,r8,ror#5 @@ -2540,157 +2641,176 @@ sha256_block_data_order_neon: str r6,[r2],#4 add r11,r11,r1 str r7,[r2],#4 - stmia r2,{r8-r11} + stmia r2,{r8,r9,r10,r11} + ittte ne movne r1,sp ldrne r2,[sp,#0] eorne r12,r12,r12 ldreq sp,[sp,#76] @ restore original sp + itt ne eorne r3,r5,r6 bne .L_00_48 - ldmia sp!,{r4-r12,pc} + ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc} .size sha256_block_data_order_neon,.-sha256_block_data_order_neon #endif -#if __ARM_MAX_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) + +# if defined(__thumb2__) && !defined(__APPLE__) +# define INST(a,b,c,d) .byte c,d|0xc,a,b +# else +# define INST(a,b,c,d) .byte a,b,c,d +# endif + .type sha256_block_data_order_armv8,%function .align 5 sha256_block_data_order_armv8: .LARMv8: vld1.32 {q0,q1},[r0] - sub r3,r3,#sha256_block_data_order-K256 +# ifdef __APPLE__ + sub r3,r3,#256+32 +# elif defined(__thumb2__) + adr r3,.LARMv8 + sub r3,r3,#.LARMv8-K256 +# else + adrl r3,K256 +# endif + add r2,r1,r2,lsl#6 @ len to point at the end of inp .Loop_v8: - vld1.8 {q8-q9},[r1]! - vld1.8 {q10-q11},[r1]! - vld1.32 {q12},[r3]! + vld1.8 {q8,q9},[r1]! + vld1.8 {q10,q11},[r1]! + vld1.32 {q12},[r3]! vrev32.8 q8,q8 vrev32.8 q9,q9 vrev32.8 q10,q10 vrev32.8 q11,q11 - vmov q14,q0 @ offload - vmov q15,q1 - teq r1,r2 - vld1.32 {q13},[r3]! + vmov q14,q0 @ offload + vmov q15,q1 + teq r1,r2 + vld1.32 {q13},[r3]! vadd.i32 q12,q12,q8 - .byte 0xe2,0x03,0xfa,0xf3 @ sha256su0 q8,q9 - vmov q2,q0 - .byte 0x68,0x0c,0x02,0xf3 @ sha256h q0,q1,q12 - .byte 0x68,0x2c,0x14,0xf3 @ sha256h2 q1,q2,q12 - .byte 0xe6,0x0c,0x64,0xf3 @ sha256su1 q8,q10,q11 - vld1.32 {q12},[r3]! + INST(0xe2,0x03,0xfa,0xf3) @ sha256su0 q8,q9 + vmov q2,q0 + INST(0x68,0x0c,0x02,0xf3) @ sha256h q0,q1,q12 + INST(0x68,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q12 + INST(0xe6,0x0c,0x64,0xf3) @ sha256su1 q8,q10,q11 + vld1.32 {q12},[r3]! vadd.i32 q13,q13,q9 - .byte 0xe4,0x23,0xfa,0xf3 @ sha256su0 q9,q10 - vmov q2,q0 - .byte 0x6a,0x0c,0x02,0xf3 @ sha256h q0,q1,q13 - .byte 0x6a,0x2c,0x14,0xf3 @ sha256h2 q1,q2,q13 - .byte 0xe0,0x2c,0x66,0xf3 @ sha256su1 q9,q11,q8 - vld1.32 {q13},[r3]! + INST(0xe4,0x23,0xfa,0xf3) @ sha256su0 q9,q10 + vmov q2,q0 + INST(0x6a,0x0c,0x02,0xf3) @ sha256h q0,q1,q13 + INST(0x6a,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q13 + INST(0xe0,0x2c,0x66,0xf3) @ sha256su1 q9,q11,q8 + vld1.32 {q13},[r3]! vadd.i32 q12,q12,q10 - .byte 0xe6,0x43,0xfa,0xf3 @ sha256su0 q10,q11 - vmov q2,q0 - .byte 0x68,0x0c,0x02,0xf3 @ sha256h q0,q1,q12 - .byte 0x68,0x2c,0x14,0xf3 @ sha256h2 q1,q2,q12 - .byte 0xe2,0x4c,0x60,0xf3 @ sha256su1 q10,q8,q9 - vld1.32 {q12},[r3]! + INST(0xe6,0x43,0xfa,0xf3) @ sha256su0 q10,q11 + vmov q2,q0 + INST(0x68,0x0c,0x02,0xf3) @ sha256h q0,q1,q12 + INST(0x68,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q12 + INST(0xe2,0x4c,0x60,0xf3) @ sha256su1 q10,q8,q9 + vld1.32 {q12},[r3]! vadd.i32 q13,q13,q11 - .byte 0xe0,0x63,0xfa,0xf3 @ sha256su0 q11,q8 - vmov q2,q0 - .byte 0x6a,0x0c,0x02,0xf3 @ sha256h q0,q1,q13 - .byte 0x6a,0x2c,0x14,0xf3 @ sha256h2 q1,q2,q13 - .byte 0xe4,0x6c,0x62,0xf3 @ sha256su1 q11,q9,q10 - vld1.32 {q13},[r3]! + INST(0xe0,0x63,0xfa,0xf3) @ sha256su0 q11,q8 + vmov q2,q0 + INST(0x6a,0x0c,0x02,0xf3) @ sha256h q0,q1,q13 + INST(0x6a,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q13 + INST(0xe4,0x6c,0x62,0xf3) @ sha256su1 q11,q9,q10 + vld1.32 {q13},[r3]! vadd.i32 q12,q12,q8 - .byte 0xe2,0x03,0xfa,0xf3 @ sha256su0 q8,q9 - vmov q2,q0 - .byte 0x68,0x0c,0x02,0xf3 @ sha256h q0,q1,q12 - .byte 0x68,0x2c,0x14,0xf3 @ sha256h2 q1,q2,q12 - .byte 0xe6,0x0c,0x64,0xf3 @ sha256su1 q8,q10,q11 - vld1.32 {q12},[r3]! + INST(0xe2,0x03,0xfa,0xf3) @ sha256su0 q8,q9 + vmov q2,q0 + INST(0x68,0x0c,0x02,0xf3) @ sha256h q0,q1,q12 + INST(0x68,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q12 + INST(0xe6,0x0c,0x64,0xf3) @ sha256su1 q8,q10,q11 + vld1.32 {q12},[r3]! vadd.i32 q13,q13,q9 - .byte 0xe4,0x23,0xfa,0xf3 @ sha256su0 q9,q10 - vmov q2,q0 - .byte 0x6a,0x0c,0x02,0xf3 @ sha256h q0,q1,q13 - .byte 0x6a,0x2c,0x14,0xf3 @ sha256h2 q1,q2,q13 - .byte 0xe0,0x2c,0x66,0xf3 @ sha256su1 q9,q11,q8 - vld1.32 {q13},[r3]! + INST(0xe4,0x23,0xfa,0xf3) @ sha256su0 q9,q10 + vmov q2,q0 + INST(0x6a,0x0c,0x02,0xf3) @ sha256h q0,q1,q13 + INST(0x6a,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q13 + INST(0xe0,0x2c,0x66,0xf3) @ sha256su1 q9,q11,q8 + vld1.32 {q13},[r3]! vadd.i32 q12,q12,q10 - .byte 0xe6,0x43,0xfa,0xf3 @ sha256su0 q10,q11 - vmov q2,q0 - .byte 0x68,0x0c,0x02,0xf3 @ sha256h q0,q1,q12 - .byte 0x68,0x2c,0x14,0xf3 @ sha256h2 q1,q2,q12 - .byte 0xe2,0x4c,0x60,0xf3 @ sha256su1 q10,q8,q9 - vld1.32 {q12},[r3]! + INST(0xe6,0x43,0xfa,0xf3) @ sha256su0 q10,q11 + vmov q2,q0 + INST(0x68,0x0c,0x02,0xf3) @ sha256h q0,q1,q12 + INST(0x68,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q12 + INST(0xe2,0x4c,0x60,0xf3) @ sha256su1 q10,q8,q9 + vld1.32 {q12},[r3]! vadd.i32 q13,q13,q11 - .byte 0xe0,0x63,0xfa,0xf3 @ sha256su0 q11,q8 - vmov q2,q0 - .byte 0x6a,0x0c,0x02,0xf3 @ sha256h q0,q1,q13 - .byte 0x6a,0x2c,0x14,0xf3 @ sha256h2 q1,q2,q13 - .byte 0xe4,0x6c,0x62,0xf3 @ sha256su1 q11,q9,q10 - vld1.32 {q13},[r3]! + INST(0xe0,0x63,0xfa,0xf3) @ sha256su0 q11,q8 + vmov q2,q0 + INST(0x6a,0x0c,0x02,0xf3) @ sha256h q0,q1,q13 + INST(0x6a,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q13 + INST(0xe4,0x6c,0x62,0xf3) @ sha256su1 q11,q9,q10 + vld1.32 {q13},[r3]! vadd.i32 q12,q12,q8 - .byte 0xe2,0x03,0xfa,0xf3 @ sha256su0 q8,q9 - vmov q2,q0 - .byte 0x68,0x0c,0x02,0xf3 @ sha256h q0,q1,q12 - .byte 0x68,0x2c,0x14,0xf3 @ sha256h2 q1,q2,q12 - .byte 0xe6,0x0c,0x64,0xf3 @ sha256su1 q8,q10,q11 - vld1.32 {q12},[r3]! + INST(0xe2,0x03,0xfa,0xf3) @ sha256su0 q8,q9 + vmov q2,q0 + INST(0x68,0x0c,0x02,0xf3) @ sha256h q0,q1,q12 + INST(0x68,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q12 + INST(0xe6,0x0c,0x64,0xf3) @ sha256su1 q8,q10,q11 + vld1.32 {q12},[r3]! vadd.i32 q13,q13,q9 - .byte 0xe4,0x23,0xfa,0xf3 @ sha256su0 q9,q10 - vmov q2,q0 - .byte 0x6a,0x0c,0x02,0xf3 @ sha256h q0,q1,q13 - .byte 0x6a,0x2c,0x14,0xf3 @ sha256h2 q1,q2,q13 - .byte 0xe0,0x2c,0x66,0xf3 @ sha256su1 q9,q11,q8 - vld1.32 {q13},[r3]! + INST(0xe4,0x23,0xfa,0xf3) @ sha256su0 q9,q10 + vmov q2,q0 + INST(0x6a,0x0c,0x02,0xf3) @ sha256h q0,q1,q13 + INST(0x6a,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q13 + INST(0xe0,0x2c,0x66,0xf3) @ sha256su1 q9,q11,q8 + vld1.32 {q13},[r3]! vadd.i32 q12,q12,q10 - .byte 0xe6,0x43,0xfa,0xf3 @ sha256su0 q10,q11 - vmov q2,q0 - .byte 0x68,0x0c,0x02,0xf3 @ sha256h q0,q1,q12 - .byte 0x68,0x2c,0x14,0xf3 @ sha256h2 q1,q2,q12 - .byte 0xe2,0x4c,0x60,0xf3 @ sha256su1 q10,q8,q9 - vld1.32 {q12},[r3]! + INST(0xe6,0x43,0xfa,0xf3) @ sha256su0 q10,q11 + vmov q2,q0 + INST(0x68,0x0c,0x02,0xf3) @ sha256h q0,q1,q12 + INST(0x68,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q12 + INST(0xe2,0x4c,0x60,0xf3) @ sha256su1 q10,q8,q9 + vld1.32 {q12},[r3]! vadd.i32 q13,q13,q11 - .byte 0xe0,0x63,0xfa,0xf3 @ sha256su0 q11,q8 - vmov q2,q0 - .byte 0x6a,0x0c,0x02,0xf3 @ sha256h q0,q1,q13 - .byte 0x6a,0x2c,0x14,0xf3 @ sha256h2 q1,q2,q13 - .byte 0xe4,0x6c,0x62,0xf3 @ sha256su1 q11,q9,q10 - vld1.32 {q13},[r3]! + INST(0xe0,0x63,0xfa,0xf3) @ sha256su0 q11,q8 + vmov q2,q0 + INST(0x6a,0x0c,0x02,0xf3) @ sha256h q0,q1,q13 + INST(0x6a,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q13 + INST(0xe4,0x6c,0x62,0xf3) @ sha256su1 q11,q9,q10 + vld1.32 {q13},[r3]! vadd.i32 q12,q12,q8 - vmov q2,q0 - .byte 0x68,0x0c,0x02,0xf3 @ sha256h q0,q1,q12 - .byte 0x68,0x2c,0x14,0xf3 @ sha256h2 q1,q2,q12 + vmov q2,q0 + INST(0x68,0x0c,0x02,0xf3) @ sha256h q0,q1,q12 + INST(0x68,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q12 - vld1.32 {q12},[r3]! + vld1.32 {q12},[r3]! vadd.i32 q13,q13,q9 - vmov q2,q0 - .byte 0x6a,0x0c,0x02,0xf3 @ sha256h q0,q1,q13 - .byte 0x6a,0x2c,0x14,0xf3 @ sha256h2 q1,q2,q13 + vmov q2,q0 + INST(0x6a,0x0c,0x02,0xf3) @ sha256h q0,q1,q13 + INST(0x6a,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q13 - vld1.32 {q13},[r3] + vld1.32 {q13},[r3] vadd.i32 q12,q12,q10 - sub r3,r3,#256-16 @ rewind - vmov q2,q0 - .byte 0x68,0x0c,0x02,0xf3 @ sha256h q0,q1,q12 - .byte 0x68,0x2c,0x14,0xf3 @ sha256h2 q1,q2,q12 + sub r3,r3,#256-16 @ rewind + vmov q2,q0 + INST(0x68,0x0c,0x02,0xf3) @ sha256h q0,q1,q12 + INST(0x68,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q12 vadd.i32 q13,q13,q11 - vmov q2,q0 - .byte 0x6a,0x0c,0x02,0xf3 @ sha256h q0,q1,q13 - .byte 0x6a,0x2c,0x14,0xf3 @ sha256h2 q1,q2,q13 + vmov q2,q0 + INST(0x6a,0x0c,0x02,0xf3) @ sha256h q0,q1,q13 + INST(0x6a,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q13 vadd.i32 q0,q0,q14 vadd.i32 q1,q1,q15 - bne .Loop_v8 + it ne + bne .Loop_v8 - vst1.32 {q0,q1},[r0] + vst1.32 {q0,q1},[r0] bx lr @ bx lr .size sha256_block_data_order_armv8,.-sha256_block_data_order_armv8 #endif -.asciz "SHA256 block transform for ARMv4/NEON/ARMv8, CRYPTOGAMS by " +.byte 83,72,65,50,53,54,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,65,82,77,118,52,47,78,69,79,78,47,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .align 2 -#if __ARM_MAX_ARCH__>=7 -.comm OPENSSL_armcap_P,4,4 -.hidden OPENSSL_armcap_P +.align 2 +#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) +.comm OPENSSL_armcap_P,4,4 +.hidden OPENSSL_armcap_P #endif diff --git a/linux-arm/crypto/sha/sha512-armv4.S b/linux-arm/crypto/sha/sha512-armv4.S index 37cfca3..1a3d467 100644 --- a/linux-arm/crypto/sha/sha512-armv4.S +++ b/linux-arm/crypto/sha/sha512-armv4.S @@ -1,4 +1,61 @@ -#include "arm_arch.h" + +@ ==================================================================== +@ Written by Andy Polyakov for the OpenSSL +@ project. The module is, however, dual licensed under OpenSSL and +@ CRYPTOGAMS licenses depending on where you obtain it. For further +@ details see http://www.openssl.org/~appro/cryptogams/. +@ +@ Permission to use under GPL terms is granted. +@ ==================================================================== + +@ SHA512 block procedure for ARMv4. September 2007. + +@ This code is ~4.5 (four and a half) times faster than code generated +@ by gcc 3.4 and it spends ~72 clock cycles per byte [on single-issue +@ Xscale PXA250 core]. +@ +@ July 2010. +@ +@ Rescheduling for dual-issue pipeline resulted in 6% improvement on +@ Cortex A8 core and ~40 cycles per processed byte. + +@ February 2011. +@ +@ Profiler-assisted and platform-specific optimization resulted in 7% +@ improvement on Coxtex A8 core and ~38 cycles per byte. + +@ March 2011. +@ +@ Add NEON implementation. On Cortex A8 it was measured to process +@ one byte in 23.3 cycles or ~60% faster than integer-only code. + +@ August 2012. +@ +@ Improve NEON performance by 12% on Snapdragon S4. In absolute +@ terms it's 22.6 cycles per byte, which is disappointing result. +@ Technical writers asserted that 3-way S4 pipeline can sustain +@ multiple NEON instructions per cycle, but dual NEON issue could +@ not be observed, see http://www.openssl.org/~appro/Snapdragon-S4.html +@ for further details. On side note Cortex-A15 processes one byte in +@ 16 cycles. + +@ Byte order [in]dependence. ========================================= +@ +@ Originally caller was expected to maintain specific *dword* order in +@ h[0-7], namely with most significant dword at *lower* address, which +@ was reflected in below two parameters as 0 and 4. Now caller is +@ expected to maintain native byte order for whole 64-bit values. +#ifndef __KERNEL__ +# include "arm_arch.h" +# define VFP_ABI_PUSH vstmdb sp!,{d8-d15} +# define VFP_ABI_POP vldmia sp!,{d8-d15} +#else +# define __ARM_ARCH__ __LINUX_ARM_ARCH__ +# define __ARM_MAX_ARCH__ 7 +# define VFP_ABI_PUSH +# define VFP_ABI_POP +#endif + #ifdef __ARMEL__ # define LO 0 # define HI 4 @@ -10,71 +67,90 @@ #endif .text +#if __ARM_ARCH__<7 || defined(__APPLE__) +.code 32 +#else +.syntax unified +# ifdef __thumb2__ +# define adrl adr +.thumb +# else .code 32 +# endif +#endif + .type K512,%object .align 5 K512: -WORD64(0x428a2f98,0xd728ae22, 0x71374491,0x23ef65cd) -WORD64(0xb5c0fbcf,0xec4d3b2f, 0xe9b5dba5,0x8189dbbc) -WORD64(0x3956c25b,0xf348b538, 0x59f111f1,0xb605d019) -WORD64(0x923f82a4,0xaf194f9b, 0xab1c5ed5,0xda6d8118) -WORD64(0xd807aa98,0xa3030242, 0x12835b01,0x45706fbe) -WORD64(0x243185be,0x4ee4b28c, 0x550c7dc3,0xd5ffb4e2) -WORD64(0x72be5d74,0xf27b896f, 0x80deb1fe,0x3b1696b1) -WORD64(0x9bdc06a7,0x25c71235, 0xc19bf174,0xcf692694) -WORD64(0xe49b69c1,0x9ef14ad2, 0xefbe4786,0x384f25e3) -WORD64(0x0fc19dc6,0x8b8cd5b5, 0x240ca1cc,0x77ac9c65) -WORD64(0x2de92c6f,0x592b0275, 0x4a7484aa,0x6ea6e483) -WORD64(0x5cb0a9dc,0xbd41fbd4, 0x76f988da,0x831153b5) -WORD64(0x983e5152,0xee66dfab, 0xa831c66d,0x2db43210) -WORD64(0xb00327c8,0x98fb213f, 0xbf597fc7,0xbeef0ee4) -WORD64(0xc6e00bf3,0x3da88fc2, 0xd5a79147,0x930aa725) -WORD64(0x06ca6351,0xe003826f, 0x14292967,0x0a0e6e70) -WORD64(0x27b70a85,0x46d22ffc, 0x2e1b2138,0x5c26c926) -WORD64(0x4d2c6dfc,0x5ac42aed, 0x53380d13,0x9d95b3df) -WORD64(0x650a7354,0x8baf63de, 0x766a0abb,0x3c77b2a8) -WORD64(0x81c2c92e,0x47edaee6, 0x92722c85,0x1482353b) -WORD64(0xa2bfe8a1,0x4cf10364, 0xa81a664b,0xbc423001) -WORD64(0xc24b8b70,0xd0f89791, 0xc76c51a3,0x0654be30) -WORD64(0xd192e819,0xd6ef5218, 0xd6990624,0x5565a910) -WORD64(0xf40e3585,0x5771202a, 0x106aa070,0x32bbd1b8) -WORD64(0x19a4c116,0xb8d2d0c8, 0x1e376c08,0x5141ab53) -WORD64(0x2748774c,0xdf8eeb99, 0x34b0bcb5,0xe19b48a8) -WORD64(0x391c0cb3,0xc5c95a63, 0x4ed8aa4a,0xe3418acb) -WORD64(0x5b9cca4f,0x7763e373, 0x682e6ff3,0xd6b2b8a3) -WORD64(0x748f82ee,0x5defb2fc, 0x78a5636f,0x43172f60) -WORD64(0x84c87814,0xa1f0ab72, 0x8cc70208,0x1a6439ec) -WORD64(0x90befffa,0x23631e28, 0xa4506ceb,0xde82bde9) -WORD64(0xbef9a3f7,0xb2c67915, 0xc67178f2,0xe372532b) -WORD64(0xca273ece,0xea26619c, 0xd186b8c7,0x21c0c207) -WORD64(0xeada7dd6,0xcde0eb1e, 0xf57d4f7f,0xee6ed178) -WORD64(0x06f067aa,0x72176fba, 0x0a637dc5,0xa2c898a6) -WORD64(0x113f9804,0xbef90dae, 0x1b710b35,0x131c471b) -WORD64(0x28db77f5,0x23047d84, 0x32caab7b,0x40c72493) -WORD64(0x3c9ebe0a,0x15c9bebc, 0x431d67c4,0x9c100d4c) -WORD64(0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a) -WORD64(0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817) + WORD64(0x428a2f98,0xd728ae22, 0x71374491,0x23ef65cd) + WORD64(0xb5c0fbcf,0xec4d3b2f, 0xe9b5dba5,0x8189dbbc) + WORD64(0x3956c25b,0xf348b538, 0x59f111f1,0xb605d019) + WORD64(0x923f82a4,0xaf194f9b, 0xab1c5ed5,0xda6d8118) + WORD64(0xd807aa98,0xa3030242, 0x12835b01,0x45706fbe) + WORD64(0x243185be,0x4ee4b28c, 0x550c7dc3,0xd5ffb4e2) + WORD64(0x72be5d74,0xf27b896f, 0x80deb1fe,0x3b1696b1) + WORD64(0x9bdc06a7,0x25c71235, 0xc19bf174,0xcf692694) + WORD64(0xe49b69c1,0x9ef14ad2, 0xefbe4786,0x384f25e3) + WORD64(0x0fc19dc6,0x8b8cd5b5, 0x240ca1cc,0x77ac9c65) + WORD64(0x2de92c6f,0x592b0275, 0x4a7484aa,0x6ea6e483) + WORD64(0x5cb0a9dc,0xbd41fbd4, 0x76f988da,0x831153b5) + WORD64(0x983e5152,0xee66dfab, 0xa831c66d,0x2db43210) + WORD64(0xb00327c8,0x98fb213f, 0xbf597fc7,0xbeef0ee4) + WORD64(0xc6e00bf3,0x3da88fc2, 0xd5a79147,0x930aa725) + WORD64(0x06ca6351,0xe003826f, 0x14292967,0x0a0e6e70) + WORD64(0x27b70a85,0x46d22ffc, 0x2e1b2138,0x5c26c926) + WORD64(0x4d2c6dfc,0x5ac42aed, 0x53380d13,0x9d95b3df) + WORD64(0x650a7354,0x8baf63de, 0x766a0abb,0x3c77b2a8) + WORD64(0x81c2c92e,0x47edaee6, 0x92722c85,0x1482353b) + WORD64(0xa2bfe8a1,0x4cf10364, 0xa81a664b,0xbc423001) + WORD64(0xc24b8b70,0xd0f89791, 0xc76c51a3,0x0654be30) + WORD64(0xd192e819,0xd6ef5218, 0xd6990624,0x5565a910) + WORD64(0xf40e3585,0x5771202a, 0x106aa070,0x32bbd1b8) + WORD64(0x19a4c116,0xb8d2d0c8, 0x1e376c08,0x5141ab53) + WORD64(0x2748774c,0xdf8eeb99, 0x34b0bcb5,0xe19b48a8) + WORD64(0x391c0cb3,0xc5c95a63, 0x4ed8aa4a,0xe3418acb) + WORD64(0x5b9cca4f,0x7763e373, 0x682e6ff3,0xd6b2b8a3) + WORD64(0x748f82ee,0x5defb2fc, 0x78a5636f,0x43172f60) + WORD64(0x84c87814,0xa1f0ab72, 0x8cc70208,0x1a6439ec) + WORD64(0x90befffa,0x23631e28, 0xa4506ceb,0xde82bde9) + WORD64(0xbef9a3f7,0xb2c67915, 0xc67178f2,0xe372532b) + WORD64(0xca273ece,0xea26619c, 0xd186b8c7,0x21c0c207) + WORD64(0xeada7dd6,0xcde0eb1e, 0xf57d4f7f,0xee6ed178) + WORD64(0x06f067aa,0x72176fba, 0x0a637dc5,0xa2c898a6) + WORD64(0x113f9804,0xbef90dae, 0x1b710b35,0x131c471b) + WORD64(0x28db77f5,0x23047d84, 0x32caab7b,0x40c72493) + WORD64(0x3c9ebe0a,0x15c9bebc, 0x431d67c4,0x9c100d4c) + WORD64(0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a) + WORD64(0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817) .size K512,.-K512 -#if __ARM_MAX_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) .LOPENSSL_armcap: -.word OPENSSL_armcap_P-sha512_block_data_order +.word OPENSSL_armcap_P-.Lsha512_block_data_order .skip 32-4 #else .skip 32 #endif -.global sha512_block_data_order +.globl sha512_block_data_order .type sha512_block_data_order,%function sha512_block_data_order: +.Lsha512_block_data_order: +#if __ARM_ARCH__<7 sub r3,pc,#8 @ sha512_block_data_order - add r2,r1,r2,lsl#7 @ len to point at the end of inp -#if __ARM_MAX_ARCH__>=7 +#else + adr r3,sha512_block_data_order +#endif +#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) ldr r12,.LOPENSSL_armcap ldr r12,[r3,r12] @ OPENSSL_armcap_P +#ifdef __APPLE__ + ldr r12,[r12] +#endif tst r12,#1 bne .LNEON #endif - stmdb sp!,{r4-r12,lr} + add r2,r1,r2,lsl#7 @ len to point at the end of inp + stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} sub r14,r3,#672 @ K512 sub sp,sp,#9*8 @@ -186,6 +262,9 @@ sha512_block_data_order: teq r9,#148 ldr r12,[sp,#16+0] @ c.lo +#if __ARM_ARCH__>=7 + it eq @ Thumb2 thing, sanity check in ARM +#endif orreq r14,r14,#1 @ Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) @ LO lo>>28^hi<<4 ^ hi>>2^lo<<30 ^ hi>>7^lo<<25 @@ -323,6 +402,9 @@ sha512_block_data_order: teq r9,#23 ldr r12,[sp,#16+0] @ c.lo +#if __ARM_ARCH__>=7 + it eq @ Thumb2 thing, sanity check in ARM +#endif orreq r14,r14,#1 @ Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) @ LO lo>>28^hi<<4 ^ hi>>2^lo<<30 ^ hi>>7^lo<<25 @@ -357,6 +439,9 @@ sha512_block_data_order: adc r6,r6,r4 @ h += T tst r14,#1 add r14,r14,#8 +#if __ARM_ARCH__>=7 + ittt eq @ Thumb2 thing, sanity check in ARM +#endif ldreq r9,[sp,#184+0] ldreq r10,[sp,#184+4] beq .L16_79 @@ -434,1343 +519,1349 @@ sha512_block_data_order: add sp,sp,#8*9 @ destroy frame #if __ARM_ARCH__>=5 - ldmia sp!,{r4-r12,pc} + ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc} #else - ldmia sp!,{r4-r12,lr} + ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} tst lr,#1 moveq pc,lr @ be binary compatible with V4, yet - .word 0xe12fff1e @ interoperable with Thumb ISA:-) +.word 0xe12fff1e @ interoperable with Thumb ISA:-) #endif +.size sha512_block_data_order,.-sha512_block_data_order #if __ARM_MAX_ARCH__>=7 .arch armv7-a .fpu neon +.globl sha512_block_data_order_neon +.type sha512_block_data_order_neon,%function .align 4 +sha512_block_data_order_neon: .LNEON: - dmb @ errata #451034 on early Cortex A8 - vstmdb sp!,{d8-d15} @ ABI specification says so - sub r3,r3,#672 @ K512 - vldmia r0,{d16-d23} @ load context + dmb @ errata #451034 on early Cortex A8 + add r2,r1,r2,lsl#7 @ len to point at the end of inp + adr r3,K512 + VFP_ABI_PUSH + vldmia r0,{d16,d17,d18,d19,d20,d21,d22,d23} @ load context .Loop_neon: vshr.u64 d24,d20,#14 @ 0 #if 0<16 - vld1.64 {d0},[r1]! @ handles unaligned + vld1.64 {d0},[r1]! @ handles unaligned #endif vshr.u64 d25,d20,#18 #if 0>0 - vadd.i64 d16,d30 @ h+=Maj from the past + vadd.i64 d16,d30 @ h+=Maj from the past #endif vshr.u64 d26,d20,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d20,#50 - vsli.64 d25,d20,#46 - vmov d29,d20 - vsli.64 d26,d20,#23 + vld1.64 {d28},[r3,:64]! @ K[i++] + vsli.64 d24,d20,#50 + vsli.64 d25,d20,#46 + vmov d29,d20 + vsli.64 d26,d20,#23 #if 0<16 && defined(__ARMEL__) vrev64.8 d0,d0 #endif - veor d25,d24 - vbsl d29,d21,d22 @ Ch(e,f,g) + veor d25,d24 + vbsl d29,d21,d22 @ Ch(e,f,g) vshr.u64 d24,d16,#28 - veor d26,d25 @ Sigma1(e) + veor d26,d25 @ Sigma1(e) vadd.i64 d27,d29,d23 vshr.u64 d25,d16,#34 - vsli.64 d24,d16,#36 + vsli.64 d24,d16,#36 vadd.i64 d27,d26 vshr.u64 d26,d16,#39 vadd.i64 d28,d0 - vsli.64 d25,d16,#30 - veor d30,d16,d17 - vsli.64 d26,d16,#25 - veor d23,d24,d25 + vsli.64 d25,d16,#30 + veor d30,d16,d17 + vsli.64 d26,d16,#25 + veor d23,d24,d25 vadd.i64 d27,d28 - vbsl d30,d18,d17 @ Maj(a,b,c) - veor d23,d26 @ Sigma0(a) + vbsl d30,d18,d17 @ Maj(a,b,c) + veor d23,d26 @ Sigma0(a) vadd.i64 d19,d27 vadd.i64 d30,d27 @ vadd.i64 d23,d30 vshr.u64 d24,d19,#14 @ 1 #if 1<16 - vld1.64 {d1},[r1]! @ handles unaligned + vld1.64 {d1},[r1]! @ handles unaligned #endif vshr.u64 d25,d19,#18 #if 1>0 - vadd.i64 d23,d30 @ h+=Maj from the past + vadd.i64 d23,d30 @ h+=Maj from the past #endif vshr.u64 d26,d19,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d19,#50 - vsli.64 d25,d19,#46 - vmov d29,d19 - vsli.64 d26,d19,#23 + vld1.64 {d28},[r3,:64]! @ K[i++] + vsli.64 d24,d19,#50 + vsli.64 d25,d19,#46 + vmov d29,d19 + vsli.64 d26,d19,#23 #if 1<16 && defined(__ARMEL__) vrev64.8 d1,d1 #endif - veor d25,d24 - vbsl d29,d20,d21 @ Ch(e,f,g) + veor d25,d24 + vbsl d29,d20,d21 @ Ch(e,f,g) vshr.u64 d24,d23,#28 - veor d26,d25 @ Sigma1(e) + veor d26,d25 @ Sigma1(e) vadd.i64 d27,d29,d22 vshr.u64 d25,d23,#34 - vsli.64 d24,d23,#36 + vsli.64 d24,d23,#36 vadd.i64 d27,d26 vshr.u64 d26,d23,#39 vadd.i64 d28,d1 - vsli.64 d25,d23,#30 - veor d30,d23,d16 - vsli.64 d26,d23,#25 - veor d22,d24,d25 + vsli.64 d25,d23,#30 + veor d30,d23,d16 + vsli.64 d26,d23,#25 + veor d22,d24,d25 vadd.i64 d27,d28 - vbsl d30,d17,d16 @ Maj(a,b,c) - veor d22,d26 @ Sigma0(a) + vbsl d30,d17,d16 @ Maj(a,b,c) + veor d22,d26 @ Sigma0(a) vadd.i64 d18,d27 vadd.i64 d30,d27 @ vadd.i64 d22,d30 vshr.u64 d24,d18,#14 @ 2 #if 2<16 - vld1.64 {d2},[r1]! @ handles unaligned + vld1.64 {d2},[r1]! @ handles unaligned #endif vshr.u64 d25,d18,#18 #if 2>0 - vadd.i64 d22,d30 @ h+=Maj from the past + vadd.i64 d22,d30 @ h+=Maj from the past #endif vshr.u64 d26,d18,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d18,#50 - vsli.64 d25,d18,#46 - vmov d29,d18 - vsli.64 d26,d18,#23 + vld1.64 {d28},[r3,:64]! @ K[i++] + vsli.64 d24,d18,#50 + vsli.64 d25,d18,#46 + vmov d29,d18 + vsli.64 d26,d18,#23 #if 2<16 && defined(__ARMEL__) vrev64.8 d2,d2 #endif - veor d25,d24 - vbsl d29,d19,d20 @ Ch(e,f,g) + veor d25,d24 + vbsl d29,d19,d20 @ Ch(e,f,g) vshr.u64 d24,d22,#28 - veor d26,d25 @ Sigma1(e) + veor d26,d25 @ Sigma1(e) vadd.i64 d27,d29,d21 vshr.u64 d25,d22,#34 - vsli.64 d24,d22,#36 + vsli.64 d24,d22,#36 vadd.i64 d27,d26 vshr.u64 d26,d22,#39 vadd.i64 d28,d2 - vsli.64 d25,d22,#30 - veor d30,d22,d23 - vsli.64 d26,d22,#25 - veor d21,d24,d25 + vsli.64 d25,d22,#30 + veor d30,d22,d23 + vsli.64 d26,d22,#25 + veor d21,d24,d25 vadd.i64 d27,d28 - vbsl d30,d16,d23 @ Maj(a,b,c) - veor d21,d26 @ Sigma0(a) + vbsl d30,d16,d23 @ Maj(a,b,c) + veor d21,d26 @ Sigma0(a) vadd.i64 d17,d27 vadd.i64 d30,d27 @ vadd.i64 d21,d30 vshr.u64 d24,d17,#14 @ 3 #if 3<16 - vld1.64 {d3},[r1]! @ handles unaligned + vld1.64 {d3},[r1]! @ handles unaligned #endif vshr.u64 d25,d17,#18 #if 3>0 - vadd.i64 d21,d30 @ h+=Maj from the past + vadd.i64 d21,d30 @ h+=Maj from the past #endif vshr.u64 d26,d17,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d17,#50 - vsli.64 d25,d17,#46 - vmov d29,d17 - vsli.64 d26,d17,#23 + vld1.64 {d28},[r3,:64]! @ K[i++] + vsli.64 d24,d17,#50 + vsli.64 d25,d17,#46 + vmov d29,d17 + vsli.64 d26,d17,#23 #if 3<16 && defined(__ARMEL__) vrev64.8 d3,d3 #endif - veor d25,d24 - vbsl d29,d18,d19 @ Ch(e,f,g) + veor d25,d24 + vbsl d29,d18,d19 @ Ch(e,f,g) vshr.u64 d24,d21,#28 - veor d26,d25 @ Sigma1(e) + veor d26,d25 @ Sigma1(e) vadd.i64 d27,d29,d20 vshr.u64 d25,d21,#34 - vsli.64 d24,d21,#36 + vsli.64 d24,d21,#36 vadd.i64 d27,d26 vshr.u64 d26,d21,#39 vadd.i64 d28,d3 - vsli.64 d25,d21,#30 - veor d30,d21,d22 - vsli.64 d26,d21,#25 - veor d20,d24,d25 + vsli.64 d25,d21,#30 + veor d30,d21,d22 + vsli.64 d26,d21,#25 + veor d20,d24,d25 vadd.i64 d27,d28 - vbsl d30,d23,d22 @ Maj(a,b,c) - veor d20,d26 @ Sigma0(a) + vbsl d30,d23,d22 @ Maj(a,b,c) + veor d20,d26 @ Sigma0(a) vadd.i64 d16,d27 vadd.i64 d30,d27 @ vadd.i64 d20,d30 vshr.u64 d24,d16,#14 @ 4 #if 4<16 - vld1.64 {d4},[r1]! @ handles unaligned + vld1.64 {d4},[r1]! @ handles unaligned #endif vshr.u64 d25,d16,#18 #if 4>0 - vadd.i64 d20,d30 @ h+=Maj from the past + vadd.i64 d20,d30 @ h+=Maj from the past #endif vshr.u64 d26,d16,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d16,#50 - vsli.64 d25,d16,#46 - vmov d29,d16 - vsli.64 d26,d16,#23 + vld1.64 {d28},[r3,:64]! @ K[i++] + vsli.64 d24,d16,#50 + vsli.64 d25,d16,#46 + vmov d29,d16 + vsli.64 d26,d16,#23 #if 4<16 && defined(__ARMEL__) vrev64.8 d4,d4 #endif - veor d25,d24 - vbsl d29,d17,d18 @ Ch(e,f,g) + veor d25,d24 + vbsl d29,d17,d18 @ Ch(e,f,g) vshr.u64 d24,d20,#28 - veor d26,d25 @ Sigma1(e) + veor d26,d25 @ Sigma1(e) vadd.i64 d27,d29,d19 vshr.u64 d25,d20,#34 - vsli.64 d24,d20,#36 + vsli.64 d24,d20,#36 vadd.i64 d27,d26 vshr.u64 d26,d20,#39 vadd.i64 d28,d4 - vsli.64 d25,d20,#30 - veor d30,d20,d21 - vsli.64 d26,d20,#25 - veor d19,d24,d25 + vsli.64 d25,d20,#30 + veor d30,d20,d21 + vsli.64 d26,d20,#25 + veor d19,d24,d25 vadd.i64 d27,d28 - vbsl d30,d22,d21 @ Maj(a,b,c) - veor d19,d26 @ Sigma0(a) + vbsl d30,d22,d21 @ Maj(a,b,c) + veor d19,d26 @ Sigma0(a) vadd.i64 d23,d27 vadd.i64 d30,d27 @ vadd.i64 d19,d30 vshr.u64 d24,d23,#14 @ 5 #if 5<16 - vld1.64 {d5},[r1]! @ handles unaligned + vld1.64 {d5},[r1]! @ handles unaligned #endif vshr.u64 d25,d23,#18 #if 5>0 - vadd.i64 d19,d30 @ h+=Maj from the past + vadd.i64 d19,d30 @ h+=Maj from the past #endif vshr.u64 d26,d23,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d23,#50 - vsli.64 d25,d23,#46 - vmov d29,d23 - vsli.64 d26,d23,#23 + vld1.64 {d28},[r3,:64]! @ K[i++] + vsli.64 d24,d23,#50 + vsli.64 d25,d23,#46 + vmov d29,d23 + vsli.64 d26,d23,#23 #if 5<16 && defined(__ARMEL__) vrev64.8 d5,d5 #endif - veor d25,d24 - vbsl d29,d16,d17 @ Ch(e,f,g) + veor d25,d24 + vbsl d29,d16,d17 @ Ch(e,f,g) vshr.u64 d24,d19,#28 - veor d26,d25 @ Sigma1(e) + veor d26,d25 @ Sigma1(e) vadd.i64 d27,d29,d18 vshr.u64 d25,d19,#34 - vsli.64 d24,d19,#36 + vsli.64 d24,d19,#36 vadd.i64 d27,d26 vshr.u64 d26,d19,#39 vadd.i64 d28,d5 - vsli.64 d25,d19,#30 - veor d30,d19,d20 - vsli.64 d26,d19,#25 - veor d18,d24,d25 + vsli.64 d25,d19,#30 + veor d30,d19,d20 + vsli.64 d26,d19,#25 + veor d18,d24,d25 vadd.i64 d27,d28 - vbsl d30,d21,d20 @ Maj(a,b,c) - veor d18,d26 @ Sigma0(a) + vbsl d30,d21,d20 @ Maj(a,b,c) + veor d18,d26 @ Sigma0(a) vadd.i64 d22,d27 vadd.i64 d30,d27 @ vadd.i64 d18,d30 vshr.u64 d24,d22,#14 @ 6 #if 6<16 - vld1.64 {d6},[r1]! @ handles unaligned + vld1.64 {d6},[r1]! @ handles unaligned #endif vshr.u64 d25,d22,#18 #if 6>0 - vadd.i64 d18,d30 @ h+=Maj from the past + vadd.i64 d18,d30 @ h+=Maj from the past #endif vshr.u64 d26,d22,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d22,#50 - vsli.64 d25,d22,#46 - vmov d29,d22 - vsli.64 d26,d22,#23 + vld1.64 {d28},[r3,:64]! @ K[i++] + vsli.64 d24,d22,#50 + vsli.64 d25,d22,#46 + vmov d29,d22 + vsli.64 d26,d22,#23 #if 6<16 && defined(__ARMEL__) vrev64.8 d6,d6 #endif - veor d25,d24 - vbsl d29,d23,d16 @ Ch(e,f,g) + veor d25,d24 + vbsl d29,d23,d16 @ Ch(e,f,g) vshr.u64 d24,d18,#28 - veor d26,d25 @ Sigma1(e) + veor d26,d25 @ Sigma1(e) vadd.i64 d27,d29,d17 vshr.u64 d25,d18,#34 - vsli.64 d24,d18,#36 + vsli.64 d24,d18,#36 vadd.i64 d27,d26 vshr.u64 d26,d18,#39 vadd.i64 d28,d6 - vsli.64 d25,d18,#30 - veor d30,d18,d19 - vsli.64 d26,d18,#25 - veor d17,d24,d25 + vsli.64 d25,d18,#30 + veor d30,d18,d19 + vsli.64 d26,d18,#25 + veor d17,d24,d25 vadd.i64 d27,d28 - vbsl d30,d20,d19 @ Maj(a,b,c) - veor d17,d26 @ Sigma0(a) + vbsl d30,d20,d19 @ Maj(a,b,c) + veor d17,d26 @ Sigma0(a) vadd.i64 d21,d27 vadd.i64 d30,d27 @ vadd.i64 d17,d30 vshr.u64 d24,d21,#14 @ 7 #if 7<16 - vld1.64 {d7},[r1]! @ handles unaligned + vld1.64 {d7},[r1]! @ handles unaligned #endif vshr.u64 d25,d21,#18 #if 7>0 - vadd.i64 d17,d30 @ h+=Maj from the past + vadd.i64 d17,d30 @ h+=Maj from the past #endif vshr.u64 d26,d21,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d21,#50 - vsli.64 d25,d21,#46 - vmov d29,d21 - vsli.64 d26,d21,#23 + vld1.64 {d28},[r3,:64]! @ K[i++] + vsli.64 d24,d21,#50 + vsli.64 d25,d21,#46 + vmov d29,d21 + vsli.64 d26,d21,#23 #if 7<16 && defined(__ARMEL__) vrev64.8 d7,d7 #endif - veor d25,d24 - vbsl d29,d22,d23 @ Ch(e,f,g) + veor d25,d24 + vbsl d29,d22,d23 @ Ch(e,f,g) vshr.u64 d24,d17,#28 - veor d26,d25 @ Sigma1(e) + veor d26,d25 @ Sigma1(e) vadd.i64 d27,d29,d16 vshr.u64 d25,d17,#34 - vsli.64 d24,d17,#36 + vsli.64 d24,d17,#36 vadd.i64 d27,d26 vshr.u64 d26,d17,#39 vadd.i64 d28,d7 - vsli.64 d25,d17,#30 - veor d30,d17,d18 - vsli.64 d26,d17,#25 - veor d16,d24,d25 + vsli.64 d25,d17,#30 + veor d30,d17,d18 + vsli.64 d26,d17,#25 + veor d16,d24,d25 vadd.i64 d27,d28 - vbsl d30,d19,d18 @ Maj(a,b,c) - veor d16,d26 @ Sigma0(a) + vbsl d30,d19,d18 @ Maj(a,b,c) + veor d16,d26 @ Sigma0(a) vadd.i64 d20,d27 vadd.i64 d30,d27 @ vadd.i64 d16,d30 vshr.u64 d24,d20,#14 @ 8 #if 8<16 - vld1.64 {d8},[r1]! @ handles unaligned + vld1.64 {d8},[r1]! @ handles unaligned #endif vshr.u64 d25,d20,#18 #if 8>0 - vadd.i64 d16,d30 @ h+=Maj from the past + vadd.i64 d16,d30 @ h+=Maj from the past #endif vshr.u64 d26,d20,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d20,#50 - vsli.64 d25,d20,#46 - vmov d29,d20 - vsli.64 d26,d20,#23 + vld1.64 {d28},[r3,:64]! @ K[i++] + vsli.64 d24,d20,#50 + vsli.64 d25,d20,#46 + vmov d29,d20 + vsli.64 d26,d20,#23 #if 8<16 && defined(__ARMEL__) vrev64.8 d8,d8 #endif - veor d25,d24 - vbsl d29,d21,d22 @ Ch(e,f,g) + veor d25,d24 + vbsl d29,d21,d22 @ Ch(e,f,g) vshr.u64 d24,d16,#28 - veor d26,d25 @ Sigma1(e) + veor d26,d25 @ Sigma1(e) vadd.i64 d27,d29,d23 vshr.u64 d25,d16,#34 - vsli.64 d24,d16,#36 + vsli.64 d24,d16,#36 vadd.i64 d27,d26 vshr.u64 d26,d16,#39 vadd.i64 d28,d8 - vsli.64 d25,d16,#30 - veor d30,d16,d17 - vsli.64 d26,d16,#25 - veor d23,d24,d25 + vsli.64 d25,d16,#30 + veor d30,d16,d17 + vsli.64 d26,d16,#25 + veor d23,d24,d25 vadd.i64 d27,d28 - vbsl d30,d18,d17 @ Maj(a,b,c) - veor d23,d26 @ Sigma0(a) + vbsl d30,d18,d17 @ Maj(a,b,c) + veor d23,d26 @ Sigma0(a) vadd.i64 d19,d27 vadd.i64 d30,d27 @ vadd.i64 d23,d30 vshr.u64 d24,d19,#14 @ 9 #if 9<16 - vld1.64 {d9},[r1]! @ handles unaligned + vld1.64 {d9},[r1]! @ handles unaligned #endif vshr.u64 d25,d19,#18 #if 9>0 - vadd.i64 d23,d30 @ h+=Maj from the past + vadd.i64 d23,d30 @ h+=Maj from the past #endif vshr.u64 d26,d19,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d19,#50 - vsli.64 d25,d19,#46 - vmov d29,d19 - vsli.64 d26,d19,#23 + vld1.64 {d28},[r3,:64]! @ K[i++] + vsli.64 d24,d19,#50 + vsli.64 d25,d19,#46 + vmov d29,d19 + vsli.64 d26,d19,#23 #if 9<16 && defined(__ARMEL__) vrev64.8 d9,d9 #endif - veor d25,d24 - vbsl d29,d20,d21 @ Ch(e,f,g) + veor d25,d24 + vbsl d29,d20,d21 @ Ch(e,f,g) vshr.u64 d24,d23,#28 - veor d26,d25 @ Sigma1(e) + veor d26,d25 @ Sigma1(e) vadd.i64 d27,d29,d22 vshr.u64 d25,d23,#34 - vsli.64 d24,d23,#36 + vsli.64 d24,d23,#36 vadd.i64 d27,d26 vshr.u64 d26,d23,#39 vadd.i64 d28,d9 - vsli.64 d25,d23,#30 - veor d30,d23,d16 - vsli.64 d26,d23,#25 - veor d22,d24,d25 + vsli.64 d25,d23,#30 + veor d30,d23,d16 + vsli.64 d26,d23,#25 + veor d22,d24,d25 vadd.i64 d27,d28 - vbsl d30,d17,d16 @ Maj(a,b,c) - veor d22,d26 @ Sigma0(a) + vbsl d30,d17,d16 @ Maj(a,b,c) + veor d22,d26 @ Sigma0(a) vadd.i64 d18,d27 vadd.i64 d30,d27 @ vadd.i64 d22,d30 vshr.u64 d24,d18,#14 @ 10 #if 10<16 - vld1.64 {d10},[r1]! @ handles unaligned + vld1.64 {d10},[r1]! @ handles unaligned #endif vshr.u64 d25,d18,#18 #if 10>0 - vadd.i64 d22,d30 @ h+=Maj from the past + vadd.i64 d22,d30 @ h+=Maj from the past #endif vshr.u64 d26,d18,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d18,#50 - vsli.64 d25,d18,#46 - vmov d29,d18 - vsli.64 d26,d18,#23 + vld1.64 {d28},[r3,:64]! @ K[i++] + vsli.64 d24,d18,#50 + vsli.64 d25,d18,#46 + vmov d29,d18 + vsli.64 d26,d18,#23 #if 10<16 && defined(__ARMEL__) vrev64.8 d10,d10 #endif - veor d25,d24 - vbsl d29,d19,d20 @ Ch(e,f,g) + veor d25,d24 + vbsl d29,d19,d20 @ Ch(e,f,g) vshr.u64 d24,d22,#28 - veor d26,d25 @ Sigma1(e) + veor d26,d25 @ Sigma1(e) vadd.i64 d27,d29,d21 vshr.u64 d25,d22,#34 - vsli.64 d24,d22,#36 + vsli.64 d24,d22,#36 vadd.i64 d27,d26 vshr.u64 d26,d22,#39 vadd.i64 d28,d10 - vsli.64 d25,d22,#30 - veor d30,d22,d23 - vsli.64 d26,d22,#25 - veor d21,d24,d25 + vsli.64 d25,d22,#30 + veor d30,d22,d23 + vsli.64 d26,d22,#25 + veor d21,d24,d25 vadd.i64 d27,d28 - vbsl d30,d16,d23 @ Maj(a,b,c) - veor d21,d26 @ Sigma0(a) + vbsl d30,d16,d23 @ Maj(a,b,c) + veor d21,d26 @ Sigma0(a) vadd.i64 d17,d27 vadd.i64 d30,d27 @ vadd.i64 d21,d30 vshr.u64 d24,d17,#14 @ 11 #if 11<16 - vld1.64 {d11},[r1]! @ handles unaligned + vld1.64 {d11},[r1]! @ handles unaligned #endif vshr.u64 d25,d17,#18 #if 11>0 - vadd.i64 d21,d30 @ h+=Maj from the past + vadd.i64 d21,d30 @ h+=Maj from the past #endif vshr.u64 d26,d17,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d17,#50 - vsli.64 d25,d17,#46 - vmov d29,d17 - vsli.64 d26,d17,#23 + vld1.64 {d28},[r3,:64]! @ K[i++] + vsli.64 d24,d17,#50 + vsli.64 d25,d17,#46 + vmov d29,d17 + vsli.64 d26,d17,#23 #if 11<16 && defined(__ARMEL__) vrev64.8 d11,d11 #endif - veor d25,d24 - vbsl d29,d18,d19 @ Ch(e,f,g) + veor d25,d24 + vbsl d29,d18,d19 @ Ch(e,f,g) vshr.u64 d24,d21,#28 - veor d26,d25 @ Sigma1(e) + veor d26,d25 @ Sigma1(e) vadd.i64 d27,d29,d20 vshr.u64 d25,d21,#34 - vsli.64 d24,d21,#36 + vsli.64 d24,d21,#36 vadd.i64 d27,d26 vshr.u64 d26,d21,#39 vadd.i64 d28,d11 - vsli.64 d25,d21,#30 - veor d30,d21,d22 - vsli.64 d26,d21,#25 - veor d20,d24,d25 + vsli.64 d25,d21,#30 + veor d30,d21,d22 + vsli.64 d26,d21,#25 + veor d20,d24,d25 vadd.i64 d27,d28 - vbsl d30,d23,d22 @ Maj(a,b,c) - veor d20,d26 @ Sigma0(a) + vbsl d30,d23,d22 @ Maj(a,b,c) + veor d20,d26 @ Sigma0(a) vadd.i64 d16,d27 vadd.i64 d30,d27 @ vadd.i64 d20,d30 vshr.u64 d24,d16,#14 @ 12 #if 12<16 - vld1.64 {d12},[r1]! @ handles unaligned + vld1.64 {d12},[r1]! @ handles unaligned #endif vshr.u64 d25,d16,#18 #if 12>0 - vadd.i64 d20,d30 @ h+=Maj from the past + vadd.i64 d20,d30 @ h+=Maj from the past #endif vshr.u64 d26,d16,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d16,#50 - vsli.64 d25,d16,#46 - vmov d29,d16 - vsli.64 d26,d16,#23 + vld1.64 {d28},[r3,:64]! @ K[i++] + vsli.64 d24,d16,#50 + vsli.64 d25,d16,#46 + vmov d29,d16 + vsli.64 d26,d16,#23 #if 12<16 && defined(__ARMEL__) vrev64.8 d12,d12 #endif - veor d25,d24 - vbsl d29,d17,d18 @ Ch(e,f,g) + veor d25,d24 + vbsl d29,d17,d18 @ Ch(e,f,g) vshr.u64 d24,d20,#28 - veor d26,d25 @ Sigma1(e) + veor d26,d25 @ Sigma1(e) vadd.i64 d27,d29,d19 vshr.u64 d25,d20,#34 - vsli.64 d24,d20,#36 + vsli.64 d24,d20,#36 vadd.i64 d27,d26 vshr.u64 d26,d20,#39 vadd.i64 d28,d12 - vsli.64 d25,d20,#30 - veor d30,d20,d21 - vsli.64 d26,d20,#25 - veor d19,d24,d25 + vsli.64 d25,d20,#30 + veor d30,d20,d21 + vsli.64 d26,d20,#25 + veor d19,d24,d25 vadd.i64 d27,d28 - vbsl d30,d22,d21 @ Maj(a,b,c) - veor d19,d26 @ Sigma0(a) + vbsl d30,d22,d21 @ Maj(a,b,c) + veor d19,d26 @ Sigma0(a) vadd.i64 d23,d27 vadd.i64 d30,d27 @ vadd.i64 d19,d30 vshr.u64 d24,d23,#14 @ 13 #if 13<16 - vld1.64 {d13},[r1]! @ handles unaligned + vld1.64 {d13},[r1]! @ handles unaligned #endif vshr.u64 d25,d23,#18 #if 13>0 - vadd.i64 d19,d30 @ h+=Maj from the past + vadd.i64 d19,d30 @ h+=Maj from the past #endif vshr.u64 d26,d23,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d23,#50 - vsli.64 d25,d23,#46 - vmov d29,d23 - vsli.64 d26,d23,#23 + vld1.64 {d28},[r3,:64]! @ K[i++] + vsli.64 d24,d23,#50 + vsli.64 d25,d23,#46 + vmov d29,d23 + vsli.64 d26,d23,#23 #if 13<16 && defined(__ARMEL__) vrev64.8 d13,d13 #endif - veor d25,d24 - vbsl d29,d16,d17 @ Ch(e,f,g) + veor d25,d24 + vbsl d29,d16,d17 @ Ch(e,f,g) vshr.u64 d24,d19,#28 - veor d26,d25 @ Sigma1(e) + veor d26,d25 @ Sigma1(e) vadd.i64 d27,d29,d18 vshr.u64 d25,d19,#34 - vsli.64 d24,d19,#36 + vsli.64 d24,d19,#36 vadd.i64 d27,d26 vshr.u64 d26,d19,#39 vadd.i64 d28,d13 - vsli.64 d25,d19,#30 - veor d30,d19,d20 - vsli.64 d26,d19,#25 - veor d18,d24,d25 + vsli.64 d25,d19,#30 + veor d30,d19,d20 + vsli.64 d26,d19,#25 + veor d18,d24,d25 vadd.i64 d27,d28 - vbsl d30,d21,d20 @ Maj(a,b,c) - veor d18,d26 @ Sigma0(a) + vbsl d30,d21,d20 @ Maj(a,b,c) + veor d18,d26 @ Sigma0(a) vadd.i64 d22,d27 vadd.i64 d30,d27 @ vadd.i64 d18,d30 vshr.u64 d24,d22,#14 @ 14 #if 14<16 - vld1.64 {d14},[r1]! @ handles unaligned + vld1.64 {d14},[r1]! @ handles unaligned #endif vshr.u64 d25,d22,#18 #if 14>0 - vadd.i64 d18,d30 @ h+=Maj from the past + vadd.i64 d18,d30 @ h+=Maj from the past #endif vshr.u64 d26,d22,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d22,#50 - vsli.64 d25,d22,#46 - vmov d29,d22 - vsli.64 d26,d22,#23 + vld1.64 {d28},[r3,:64]! @ K[i++] + vsli.64 d24,d22,#50 + vsli.64 d25,d22,#46 + vmov d29,d22 + vsli.64 d26,d22,#23 #if 14<16 && defined(__ARMEL__) vrev64.8 d14,d14 #endif - veor d25,d24 - vbsl d29,d23,d16 @ Ch(e,f,g) + veor d25,d24 + vbsl d29,d23,d16 @ Ch(e,f,g) vshr.u64 d24,d18,#28 - veor d26,d25 @ Sigma1(e) + veor d26,d25 @ Sigma1(e) vadd.i64 d27,d29,d17 vshr.u64 d25,d18,#34 - vsli.64 d24,d18,#36 + vsli.64 d24,d18,#36 vadd.i64 d27,d26 vshr.u64 d26,d18,#39 vadd.i64 d28,d14 - vsli.64 d25,d18,#30 - veor d30,d18,d19 - vsli.64 d26,d18,#25 - veor d17,d24,d25 + vsli.64 d25,d18,#30 + veor d30,d18,d19 + vsli.64 d26,d18,#25 + veor d17,d24,d25 vadd.i64 d27,d28 - vbsl d30,d20,d19 @ Maj(a,b,c) - veor d17,d26 @ Sigma0(a) + vbsl d30,d20,d19 @ Maj(a,b,c) + veor d17,d26 @ Sigma0(a) vadd.i64 d21,d27 vadd.i64 d30,d27 @ vadd.i64 d17,d30 vshr.u64 d24,d21,#14 @ 15 #if 15<16 - vld1.64 {d15},[r1]! @ handles unaligned + vld1.64 {d15},[r1]! @ handles unaligned #endif vshr.u64 d25,d21,#18 #if 15>0 - vadd.i64 d17,d30 @ h+=Maj from the past + vadd.i64 d17,d30 @ h+=Maj from the past #endif vshr.u64 d26,d21,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d21,#50 - vsli.64 d25,d21,#46 - vmov d29,d21 - vsli.64 d26,d21,#23 + vld1.64 {d28},[r3,:64]! @ K[i++] + vsli.64 d24,d21,#50 + vsli.64 d25,d21,#46 + vmov d29,d21 + vsli.64 d26,d21,#23 #if 15<16 && defined(__ARMEL__) vrev64.8 d15,d15 #endif - veor d25,d24 - vbsl d29,d22,d23 @ Ch(e,f,g) + veor d25,d24 + vbsl d29,d22,d23 @ Ch(e,f,g) vshr.u64 d24,d17,#28 - veor d26,d25 @ Sigma1(e) + veor d26,d25 @ Sigma1(e) vadd.i64 d27,d29,d16 vshr.u64 d25,d17,#34 - vsli.64 d24,d17,#36 + vsli.64 d24,d17,#36 vadd.i64 d27,d26 vshr.u64 d26,d17,#39 vadd.i64 d28,d15 - vsli.64 d25,d17,#30 - veor d30,d17,d18 - vsli.64 d26,d17,#25 - veor d16,d24,d25 + vsli.64 d25,d17,#30 + veor d30,d17,d18 + vsli.64 d26,d17,#25 + veor d16,d24,d25 vadd.i64 d27,d28 - vbsl d30,d19,d18 @ Maj(a,b,c) - veor d16,d26 @ Sigma0(a) + vbsl d30,d19,d18 @ Maj(a,b,c) + veor d16,d26 @ Sigma0(a) vadd.i64 d20,d27 vadd.i64 d30,d27 @ vadd.i64 d16,d30 - mov r12,#4 + mov r12,#4 .L16_79_neon: - subs r12,#1 + subs r12,#1 vshr.u64 q12,q7,#19 vshr.u64 q13,q7,#61 - vadd.i64 d16,d30 @ h+=Maj from the past + vadd.i64 d16,d30 @ h+=Maj from the past vshr.u64 q15,q7,#6 - vsli.64 q12,q7,#45 - vext.8 q14,q0,q1,#8 @ X[i+1] - vsli.64 q13,q7,#3 - veor q15,q12 + vsli.64 q12,q7,#45 + vext.8 q14,q0,q1,#8 @ X[i+1] + vsli.64 q13,q7,#3 + veor q15,q12 vshr.u64 q12,q14,#1 - veor q15,q13 @ sigma1(X[i+14]) + veor q15,q13 @ sigma1(X[i+14]) vshr.u64 q13,q14,#8 vadd.i64 q0,q15 vshr.u64 q15,q14,#7 - vsli.64 q12,q14,#63 - vsli.64 q13,q14,#56 - vext.8 q14,q4,q5,#8 @ X[i+9] - veor q15,q12 + vsli.64 q12,q14,#63 + vsli.64 q13,q14,#56 + vext.8 q14,q4,q5,#8 @ X[i+9] + veor q15,q12 vshr.u64 d24,d20,#14 @ from NEON_00_15 vadd.i64 q0,q14 vshr.u64 d25,d20,#18 @ from NEON_00_15 - veor q15,q13 @ sigma0(X[i+1]) + veor q15,q13 @ sigma0(X[i+1]) vshr.u64 d26,d20,#41 @ from NEON_00_15 vadd.i64 q0,q15 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d20,#50 - vsli.64 d25,d20,#46 - vmov d29,d20 - vsli.64 d26,d20,#23 + vld1.64 {d28},[r3,:64]! @ K[i++] + vsli.64 d24,d20,#50 + vsli.64 d25,d20,#46 + vmov d29,d20 + vsli.64 d26,d20,#23 #if 16<16 && defined(__ARMEL__) vrev64.8 , #endif - veor d25,d24 - vbsl d29,d21,d22 @ Ch(e,f,g) + veor d25,d24 + vbsl d29,d21,d22 @ Ch(e,f,g) vshr.u64 d24,d16,#28 - veor d26,d25 @ Sigma1(e) + veor d26,d25 @ Sigma1(e) vadd.i64 d27,d29,d23 vshr.u64 d25,d16,#34 - vsli.64 d24,d16,#36 + vsli.64 d24,d16,#36 vadd.i64 d27,d26 vshr.u64 d26,d16,#39 vadd.i64 d28,d0 - vsli.64 d25,d16,#30 - veor d30,d16,d17 - vsli.64 d26,d16,#25 - veor d23,d24,d25 + vsli.64 d25,d16,#30 + veor d30,d16,d17 + vsli.64 d26,d16,#25 + veor d23,d24,d25 vadd.i64 d27,d28 - vbsl d30,d18,d17 @ Maj(a,b,c) - veor d23,d26 @ Sigma0(a) + vbsl d30,d18,d17 @ Maj(a,b,c) + veor d23,d26 @ Sigma0(a) vadd.i64 d19,d27 vadd.i64 d30,d27 @ vadd.i64 d23,d30 vshr.u64 d24,d19,#14 @ 17 #if 17<16 - vld1.64 {d1},[r1]! @ handles unaligned + vld1.64 {d1},[r1]! @ handles unaligned #endif vshr.u64 d25,d19,#18 #if 17>0 - vadd.i64 d23,d30 @ h+=Maj from the past + vadd.i64 d23,d30 @ h+=Maj from the past #endif vshr.u64 d26,d19,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d19,#50 - vsli.64 d25,d19,#46 - vmov d29,d19 - vsli.64 d26,d19,#23 + vld1.64 {d28},[r3,:64]! @ K[i++] + vsli.64 d24,d19,#50 + vsli.64 d25,d19,#46 + vmov d29,d19 + vsli.64 d26,d19,#23 #if 17<16 && defined(__ARMEL__) vrev64.8 , #endif - veor d25,d24 - vbsl d29,d20,d21 @ Ch(e,f,g) + veor d25,d24 + vbsl d29,d20,d21 @ Ch(e,f,g) vshr.u64 d24,d23,#28 - veor d26,d25 @ Sigma1(e) + veor d26,d25 @ Sigma1(e) vadd.i64 d27,d29,d22 vshr.u64 d25,d23,#34 - vsli.64 d24,d23,#36 + vsli.64 d24,d23,#36 vadd.i64 d27,d26 vshr.u64 d26,d23,#39 vadd.i64 d28,d1 - vsli.64 d25,d23,#30 - veor d30,d23,d16 - vsli.64 d26,d23,#25 - veor d22,d24,d25 + vsli.64 d25,d23,#30 + veor d30,d23,d16 + vsli.64 d26,d23,#25 + veor d22,d24,d25 vadd.i64 d27,d28 - vbsl d30,d17,d16 @ Maj(a,b,c) - veor d22,d26 @ Sigma0(a) + vbsl d30,d17,d16 @ Maj(a,b,c) + veor d22,d26 @ Sigma0(a) vadd.i64 d18,d27 vadd.i64 d30,d27 @ vadd.i64 d22,d30 vshr.u64 q12,q0,#19 vshr.u64 q13,q0,#61 - vadd.i64 d22,d30 @ h+=Maj from the past + vadd.i64 d22,d30 @ h+=Maj from the past vshr.u64 q15,q0,#6 - vsli.64 q12,q0,#45 - vext.8 q14,q1,q2,#8 @ X[i+1] - vsli.64 q13,q0,#3 - veor q15,q12 + vsli.64 q12,q0,#45 + vext.8 q14,q1,q2,#8 @ X[i+1] + vsli.64 q13,q0,#3 + veor q15,q12 vshr.u64 q12,q14,#1 - veor q15,q13 @ sigma1(X[i+14]) + veor q15,q13 @ sigma1(X[i+14]) vshr.u64 q13,q14,#8 vadd.i64 q1,q15 vshr.u64 q15,q14,#7 - vsli.64 q12,q14,#63 - vsli.64 q13,q14,#56 - vext.8 q14,q5,q6,#8 @ X[i+9] - veor q15,q12 + vsli.64 q12,q14,#63 + vsli.64 q13,q14,#56 + vext.8 q14,q5,q6,#8 @ X[i+9] + veor q15,q12 vshr.u64 d24,d18,#14 @ from NEON_00_15 vadd.i64 q1,q14 vshr.u64 d25,d18,#18 @ from NEON_00_15 - veor q15,q13 @ sigma0(X[i+1]) + veor q15,q13 @ sigma0(X[i+1]) vshr.u64 d26,d18,#41 @ from NEON_00_15 vadd.i64 q1,q15 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d18,#50 - vsli.64 d25,d18,#46 - vmov d29,d18 - vsli.64 d26,d18,#23 + vld1.64 {d28},[r3,:64]! @ K[i++] + vsli.64 d24,d18,#50 + vsli.64 d25,d18,#46 + vmov d29,d18 + vsli.64 d26,d18,#23 #if 18<16 && defined(__ARMEL__) vrev64.8 , #endif - veor d25,d24 - vbsl d29,d19,d20 @ Ch(e,f,g) + veor d25,d24 + vbsl d29,d19,d20 @ Ch(e,f,g) vshr.u64 d24,d22,#28 - veor d26,d25 @ Sigma1(e) + veor d26,d25 @ Sigma1(e) vadd.i64 d27,d29,d21 vshr.u64 d25,d22,#34 - vsli.64 d24,d22,#36 + vsli.64 d24,d22,#36 vadd.i64 d27,d26 vshr.u64 d26,d22,#39 vadd.i64 d28,d2 - vsli.64 d25,d22,#30 - veor d30,d22,d23 - vsli.64 d26,d22,#25 - veor d21,d24,d25 + vsli.64 d25,d22,#30 + veor d30,d22,d23 + vsli.64 d26,d22,#25 + veor d21,d24,d25 vadd.i64 d27,d28 - vbsl d30,d16,d23 @ Maj(a,b,c) - veor d21,d26 @ Sigma0(a) + vbsl d30,d16,d23 @ Maj(a,b,c) + veor d21,d26 @ Sigma0(a) vadd.i64 d17,d27 vadd.i64 d30,d27 @ vadd.i64 d21,d30 vshr.u64 d24,d17,#14 @ 19 #if 19<16 - vld1.64 {d3},[r1]! @ handles unaligned + vld1.64 {d3},[r1]! @ handles unaligned #endif vshr.u64 d25,d17,#18 #if 19>0 - vadd.i64 d21,d30 @ h+=Maj from the past + vadd.i64 d21,d30 @ h+=Maj from the past #endif vshr.u64 d26,d17,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d17,#50 - vsli.64 d25,d17,#46 - vmov d29,d17 - vsli.64 d26,d17,#23 + vld1.64 {d28},[r3,:64]! @ K[i++] + vsli.64 d24,d17,#50 + vsli.64 d25,d17,#46 + vmov d29,d17 + vsli.64 d26,d17,#23 #if 19<16 && defined(__ARMEL__) vrev64.8 , #endif - veor d25,d24 - vbsl d29,d18,d19 @ Ch(e,f,g) + veor d25,d24 + vbsl d29,d18,d19 @ Ch(e,f,g) vshr.u64 d24,d21,#28 - veor d26,d25 @ Sigma1(e) + veor d26,d25 @ Sigma1(e) vadd.i64 d27,d29,d20 vshr.u64 d25,d21,#34 - vsli.64 d24,d21,#36 + vsli.64 d24,d21,#36 vadd.i64 d27,d26 vshr.u64 d26,d21,#39 vadd.i64 d28,d3 - vsli.64 d25,d21,#30 - veor d30,d21,d22 - vsli.64 d26,d21,#25 - veor d20,d24,d25 + vsli.64 d25,d21,#30 + veor d30,d21,d22 + vsli.64 d26,d21,#25 + veor d20,d24,d25 vadd.i64 d27,d28 - vbsl d30,d23,d22 @ Maj(a,b,c) - veor d20,d26 @ Sigma0(a) + vbsl d30,d23,d22 @ Maj(a,b,c) + veor d20,d26 @ Sigma0(a) vadd.i64 d16,d27 vadd.i64 d30,d27 @ vadd.i64 d20,d30 vshr.u64 q12,q1,#19 vshr.u64 q13,q1,#61 - vadd.i64 d20,d30 @ h+=Maj from the past + vadd.i64 d20,d30 @ h+=Maj from the past vshr.u64 q15,q1,#6 - vsli.64 q12,q1,#45 - vext.8 q14,q2,q3,#8 @ X[i+1] - vsli.64 q13,q1,#3 - veor q15,q12 + vsli.64 q12,q1,#45 + vext.8 q14,q2,q3,#8 @ X[i+1] + vsli.64 q13,q1,#3 + veor q15,q12 vshr.u64 q12,q14,#1 - veor q15,q13 @ sigma1(X[i+14]) + veor q15,q13 @ sigma1(X[i+14]) vshr.u64 q13,q14,#8 vadd.i64 q2,q15 vshr.u64 q15,q14,#7 - vsli.64 q12,q14,#63 - vsli.64 q13,q14,#56 - vext.8 q14,q6,q7,#8 @ X[i+9] - veor q15,q12 + vsli.64 q12,q14,#63 + vsli.64 q13,q14,#56 + vext.8 q14,q6,q7,#8 @ X[i+9] + veor q15,q12 vshr.u64 d24,d16,#14 @ from NEON_00_15 vadd.i64 q2,q14 vshr.u64 d25,d16,#18 @ from NEON_00_15 - veor q15,q13 @ sigma0(X[i+1]) + veor q15,q13 @ sigma0(X[i+1]) vshr.u64 d26,d16,#41 @ from NEON_00_15 vadd.i64 q2,q15 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d16,#50 - vsli.64 d25,d16,#46 - vmov d29,d16 - vsli.64 d26,d16,#23 + vld1.64 {d28},[r3,:64]! @ K[i++] + vsli.64 d24,d16,#50 + vsli.64 d25,d16,#46 + vmov d29,d16 + vsli.64 d26,d16,#23 #if 20<16 && defined(__ARMEL__) vrev64.8 , #endif - veor d25,d24 - vbsl d29,d17,d18 @ Ch(e,f,g) + veor d25,d24 + vbsl d29,d17,d18 @ Ch(e,f,g) vshr.u64 d24,d20,#28 - veor d26,d25 @ Sigma1(e) + veor d26,d25 @ Sigma1(e) vadd.i64 d27,d29,d19 vshr.u64 d25,d20,#34 - vsli.64 d24,d20,#36 + vsli.64 d24,d20,#36 vadd.i64 d27,d26 vshr.u64 d26,d20,#39 vadd.i64 d28,d4 - vsli.64 d25,d20,#30 - veor d30,d20,d21 - vsli.64 d26,d20,#25 - veor d19,d24,d25 + vsli.64 d25,d20,#30 + veor d30,d20,d21 + vsli.64 d26,d20,#25 + veor d19,d24,d25 vadd.i64 d27,d28 - vbsl d30,d22,d21 @ Maj(a,b,c) - veor d19,d26 @ Sigma0(a) + vbsl d30,d22,d21 @ Maj(a,b,c) + veor d19,d26 @ Sigma0(a) vadd.i64 d23,d27 vadd.i64 d30,d27 @ vadd.i64 d19,d30 vshr.u64 d24,d23,#14 @ 21 #if 21<16 - vld1.64 {d5},[r1]! @ handles unaligned + vld1.64 {d5},[r1]! @ handles unaligned #endif vshr.u64 d25,d23,#18 #if 21>0 - vadd.i64 d19,d30 @ h+=Maj from the past + vadd.i64 d19,d30 @ h+=Maj from the past #endif vshr.u64 d26,d23,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d23,#50 - vsli.64 d25,d23,#46 - vmov d29,d23 - vsli.64 d26,d23,#23 + vld1.64 {d28},[r3,:64]! @ K[i++] + vsli.64 d24,d23,#50 + vsli.64 d25,d23,#46 + vmov d29,d23 + vsli.64 d26,d23,#23 #if 21<16 && defined(__ARMEL__) vrev64.8 , #endif - veor d25,d24 - vbsl d29,d16,d17 @ Ch(e,f,g) + veor d25,d24 + vbsl d29,d16,d17 @ Ch(e,f,g) vshr.u64 d24,d19,#28 - veor d26,d25 @ Sigma1(e) + veor d26,d25 @ Sigma1(e) vadd.i64 d27,d29,d18 vshr.u64 d25,d19,#34 - vsli.64 d24,d19,#36 + vsli.64 d24,d19,#36 vadd.i64 d27,d26 vshr.u64 d26,d19,#39 vadd.i64 d28,d5 - vsli.64 d25,d19,#30 - veor d30,d19,d20 - vsli.64 d26,d19,#25 - veor d18,d24,d25 + vsli.64 d25,d19,#30 + veor d30,d19,d20 + vsli.64 d26,d19,#25 + veor d18,d24,d25 vadd.i64 d27,d28 - vbsl d30,d21,d20 @ Maj(a,b,c) - veor d18,d26 @ Sigma0(a) + vbsl d30,d21,d20 @ Maj(a,b,c) + veor d18,d26 @ Sigma0(a) vadd.i64 d22,d27 vadd.i64 d30,d27 @ vadd.i64 d18,d30 vshr.u64 q12,q2,#19 vshr.u64 q13,q2,#61 - vadd.i64 d18,d30 @ h+=Maj from the past + vadd.i64 d18,d30 @ h+=Maj from the past vshr.u64 q15,q2,#6 - vsli.64 q12,q2,#45 - vext.8 q14,q3,q4,#8 @ X[i+1] - vsli.64 q13,q2,#3 - veor q15,q12 + vsli.64 q12,q2,#45 + vext.8 q14,q3,q4,#8 @ X[i+1] + vsli.64 q13,q2,#3 + veor q15,q12 vshr.u64 q12,q14,#1 - veor q15,q13 @ sigma1(X[i+14]) + veor q15,q13 @ sigma1(X[i+14]) vshr.u64 q13,q14,#8 vadd.i64 q3,q15 vshr.u64 q15,q14,#7 - vsli.64 q12,q14,#63 - vsli.64 q13,q14,#56 - vext.8 q14,q7,q0,#8 @ X[i+9] - veor q15,q12 + vsli.64 q12,q14,#63 + vsli.64 q13,q14,#56 + vext.8 q14,q7,q0,#8 @ X[i+9] + veor q15,q12 vshr.u64 d24,d22,#14 @ from NEON_00_15 vadd.i64 q3,q14 vshr.u64 d25,d22,#18 @ from NEON_00_15 - veor q15,q13 @ sigma0(X[i+1]) + veor q15,q13 @ sigma0(X[i+1]) vshr.u64 d26,d22,#41 @ from NEON_00_15 vadd.i64 q3,q15 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d22,#50 - vsli.64 d25,d22,#46 - vmov d29,d22 - vsli.64 d26,d22,#23 + vld1.64 {d28},[r3,:64]! @ K[i++] + vsli.64 d24,d22,#50 + vsli.64 d25,d22,#46 + vmov d29,d22 + vsli.64 d26,d22,#23 #if 22<16 && defined(__ARMEL__) vrev64.8 , #endif - veor d25,d24 - vbsl d29,d23,d16 @ Ch(e,f,g) + veor d25,d24 + vbsl d29,d23,d16 @ Ch(e,f,g) vshr.u64 d24,d18,#28 - veor d26,d25 @ Sigma1(e) + veor d26,d25 @ Sigma1(e) vadd.i64 d27,d29,d17 vshr.u64 d25,d18,#34 - vsli.64 d24,d18,#36 + vsli.64 d24,d18,#36 vadd.i64 d27,d26 vshr.u64 d26,d18,#39 vadd.i64 d28,d6 - vsli.64 d25,d18,#30 - veor d30,d18,d19 - vsli.64 d26,d18,#25 - veor d17,d24,d25 + vsli.64 d25,d18,#30 + veor d30,d18,d19 + vsli.64 d26,d18,#25 + veor d17,d24,d25 vadd.i64 d27,d28 - vbsl d30,d20,d19 @ Maj(a,b,c) - veor d17,d26 @ Sigma0(a) + vbsl d30,d20,d19 @ Maj(a,b,c) + veor d17,d26 @ Sigma0(a) vadd.i64 d21,d27 vadd.i64 d30,d27 @ vadd.i64 d17,d30 vshr.u64 d24,d21,#14 @ 23 #if 23<16 - vld1.64 {d7},[r1]! @ handles unaligned + vld1.64 {d7},[r1]! @ handles unaligned #endif vshr.u64 d25,d21,#18 #if 23>0 - vadd.i64 d17,d30 @ h+=Maj from the past + vadd.i64 d17,d30 @ h+=Maj from the past #endif vshr.u64 d26,d21,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d21,#50 - vsli.64 d25,d21,#46 - vmov d29,d21 - vsli.64 d26,d21,#23 + vld1.64 {d28},[r3,:64]! @ K[i++] + vsli.64 d24,d21,#50 + vsli.64 d25,d21,#46 + vmov d29,d21 + vsli.64 d26,d21,#23 #if 23<16 && defined(__ARMEL__) vrev64.8 , #endif - veor d25,d24 - vbsl d29,d22,d23 @ Ch(e,f,g) + veor d25,d24 + vbsl d29,d22,d23 @ Ch(e,f,g) vshr.u64 d24,d17,#28 - veor d26,d25 @ Sigma1(e) + veor d26,d25 @ Sigma1(e) vadd.i64 d27,d29,d16 vshr.u64 d25,d17,#34 - vsli.64 d24,d17,#36 + vsli.64 d24,d17,#36 vadd.i64 d27,d26 vshr.u64 d26,d17,#39 vadd.i64 d28,d7 - vsli.64 d25,d17,#30 - veor d30,d17,d18 - vsli.64 d26,d17,#25 - veor d16,d24,d25 + vsli.64 d25,d17,#30 + veor d30,d17,d18 + vsli.64 d26,d17,#25 + veor d16,d24,d25 vadd.i64 d27,d28 - vbsl d30,d19,d18 @ Maj(a,b,c) - veor d16,d26 @ Sigma0(a) + vbsl d30,d19,d18 @ Maj(a,b,c) + veor d16,d26 @ Sigma0(a) vadd.i64 d20,d27 vadd.i64 d30,d27 @ vadd.i64 d16,d30 vshr.u64 q12,q3,#19 vshr.u64 q13,q3,#61 - vadd.i64 d16,d30 @ h+=Maj from the past + vadd.i64 d16,d30 @ h+=Maj from the past vshr.u64 q15,q3,#6 - vsli.64 q12,q3,#45 - vext.8 q14,q4,q5,#8 @ X[i+1] - vsli.64 q13,q3,#3 - veor q15,q12 + vsli.64 q12,q3,#45 + vext.8 q14,q4,q5,#8 @ X[i+1] + vsli.64 q13,q3,#3 + veor q15,q12 vshr.u64 q12,q14,#1 - veor q15,q13 @ sigma1(X[i+14]) + veor q15,q13 @ sigma1(X[i+14]) vshr.u64 q13,q14,#8 vadd.i64 q4,q15 vshr.u64 q15,q14,#7 - vsli.64 q12,q14,#63 - vsli.64 q13,q14,#56 - vext.8 q14,q0,q1,#8 @ X[i+9] - veor q15,q12 + vsli.64 q12,q14,#63 + vsli.64 q13,q14,#56 + vext.8 q14,q0,q1,#8 @ X[i+9] + veor q15,q12 vshr.u64 d24,d20,#14 @ from NEON_00_15 vadd.i64 q4,q14 vshr.u64 d25,d20,#18 @ from NEON_00_15 - veor q15,q13 @ sigma0(X[i+1]) + veor q15,q13 @ sigma0(X[i+1]) vshr.u64 d26,d20,#41 @ from NEON_00_15 vadd.i64 q4,q15 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d20,#50 - vsli.64 d25,d20,#46 - vmov d29,d20 - vsli.64 d26,d20,#23 + vld1.64 {d28},[r3,:64]! @ K[i++] + vsli.64 d24,d20,#50 + vsli.64 d25,d20,#46 + vmov d29,d20 + vsli.64 d26,d20,#23 #if 24<16 && defined(__ARMEL__) vrev64.8 , #endif - veor d25,d24 - vbsl d29,d21,d22 @ Ch(e,f,g) + veor d25,d24 + vbsl d29,d21,d22 @ Ch(e,f,g) vshr.u64 d24,d16,#28 - veor d26,d25 @ Sigma1(e) + veor d26,d25 @ Sigma1(e) vadd.i64 d27,d29,d23 vshr.u64 d25,d16,#34 - vsli.64 d24,d16,#36 + vsli.64 d24,d16,#36 vadd.i64 d27,d26 vshr.u64 d26,d16,#39 vadd.i64 d28,d8 - vsli.64 d25,d16,#30 - veor d30,d16,d17 - vsli.64 d26,d16,#25 - veor d23,d24,d25 + vsli.64 d25,d16,#30 + veor d30,d16,d17 + vsli.64 d26,d16,#25 + veor d23,d24,d25 vadd.i64 d27,d28 - vbsl d30,d18,d17 @ Maj(a,b,c) - veor d23,d26 @ Sigma0(a) + vbsl d30,d18,d17 @ Maj(a,b,c) + veor d23,d26 @ Sigma0(a) vadd.i64 d19,d27 vadd.i64 d30,d27 @ vadd.i64 d23,d30 vshr.u64 d24,d19,#14 @ 25 #if 25<16 - vld1.64 {d9},[r1]! @ handles unaligned + vld1.64 {d9},[r1]! @ handles unaligned #endif vshr.u64 d25,d19,#18 #if 25>0 - vadd.i64 d23,d30 @ h+=Maj from the past + vadd.i64 d23,d30 @ h+=Maj from the past #endif vshr.u64 d26,d19,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d19,#50 - vsli.64 d25,d19,#46 - vmov d29,d19 - vsli.64 d26,d19,#23 + vld1.64 {d28},[r3,:64]! @ K[i++] + vsli.64 d24,d19,#50 + vsli.64 d25,d19,#46 + vmov d29,d19 + vsli.64 d26,d19,#23 #if 25<16 && defined(__ARMEL__) vrev64.8 , #endif - veor d25,d24 - vbsl d29,d20,d21 @ Ch(e,f,g) + veor d25,d24 + vbsl d29,d20,d21 @ Ch(e,f,g) vshr.u64 d24,d23,#28 - veor d26,d25 @ Sigma1(e) + veor d26,d25 @ Sigma1(e) vadd.i64 d27,d29,d22 vshr.u64 d25,d23,#34 - vsli.64 d24,d23,#36 + vsli.64 d24,d23,#36 vadd.i64 d27,d26 vshr.u64 d26,d23,#39 vadd.i64 d28,d9 - vsli.64 d25,d23,#30 - veor d30,d23,d16 - vsli.64 d26,d23,#25 - veor d22,d24,d25 + vsli.64 d25,d23,#30 + veor d30,d23,d16 + vsli.64 d26,d23,#25 + veor d22,d24,d25 vadd.i64 d27,d28 - vbsl d30,d17,d16 @ Maj(a,b,c) - veor d22,d26 @ Sigma0(a) + vbsl d30,d17,d16 @ Maj(a,b,c) + veor d22,d26 @ Sigma0(a) vadd.i64 d18,d27 vadd.i64 d30,d27 @ vadd.i64 d22,d30 vshr.u64 q12,q4,#19 vshr.u64 q13,q4,#61 - vadd.i64 d22,d30 @ h+=Maj from the past + vadd.i64 d22,d30 @ h+=Maj from the past vshr.u64 q15,q4,#6 - vsli.64 q12,q4,#45 - vext.8 q14,q5,q6,#8 @ X[i+1] - vsli.64 q13,q4,#3 - veor q15,q12 + vsli.64 q12,q4,#45 + vext.8 q14,q5,q6,#8 @ X[i+1] + vsli.64 q13,q4,#3 + veor q15,q12 vshr.u64 q12,q14,#1 - veor q15,q13 @ sigma1(X[i+14]) + veor q15,q13 @ sigma1(X[i+14]) vshr.u64 q13,q14,#8 vadd.i64 q5,q15 vshr.u64 q15,q14,#7 - vsli.64 q12,q14,#63 - vsli.64 q13,q14,#56 - vext.8 q14,q1,q2,#8 @ X[i+9] - veor q15,q12 + vsli.64 q12,q14,#63 + vsli.64 q13,q14,#56 + vext.8 q14,q1,q2,#8 @ X[i+9] + veor q15,q12 vshr.u64 d24,d18,#14 @ from NEON_00_15 vadd.i64 q5,q14 vshr.u64 d25,d18,#18 @ from NEON_00_15 - veor q15,q13 @ sigma0(X[i+1]) + veor q15,q13 @ sigma0(X[i+1]) vshr.u64 d26,d18,#41 @ from NEON_00_15 vadd.i64 q5,q15 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d18,#50 - vsli.64 d25,d18,#46 - vmov d29,d18 - vsli.64 d26,d18,#23 + vld1.64 {d28},[r3,:64]! @ K[i++] + vsli.64 d24,d18,#50 + vsli.64 d25,d18,#46 + vmov d29,d18 + vsli.64 d26,d18,#23 #if 26<16 && defined(__ARMEL__) vrev64.8 , #endif - veor d25,d24 - vbsl d29,d19,d20 @ Ch(e,f,g) + veor d25,d24 + vbsl d29,d19,d20 @ Ch(e,f,g) vshr.u64 d24,d22,#28 - veor d26,d25 @ Sigma1(e) + veor d26,d25 @ Sigma1(e) vadd.i64 d27,d29,d21 vshr.u64 d25,d22,#34 - vsli.64 d24,d22,#36 + vsli.64 d24,d22,#36 vadd.i64 d27,d26 vshr.u64 d26,d22,#39 vadd.i64 d28,d10 - vsli.64 d25,d22,#30 - veor d30,d22,d23 - vsli.64 d26,d22,#25 - veor d21,d24,d25 + vsli.64 d25,d22,#30 + veor d30,d22,d23 + vsli.64 d26,d22,#25 + veor d21,d24,d25 vadd.i64 d27,d28 - vbsl d30,d16,d23 @ Maj(a,b,c) - veor d21,d26 @ Sigma0(a) + vbsl d30,d16,d23 @ Maj(a,b,c) + veor d21,d26 @ Sigma0(a) vadd.i64 d17,d27 vadd.i64 d30,d27 @ vadd.i64 d21,d30 vshr.u64 d24,d17,#14 @ 27 #if 27<16 - vld1.64 {d11},[r1]! @ handles unaligned + vld1.64 {d11},[r1]! @ handles unaligned #endif vshr.u64 d25,d17,#18 #if 27>0 - vadd.i64 d21,d30 @ h+=Maj from the past + vadd.i64 d21,d30 @ h+=Maj from the past #endif vshr.u64 d26,d17,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d17,#50 - vsli.64 d25,d17,#46 - vmov d29,d17 - vsli.64 d26,d17,#23 + vld1.64 {d28},[r3,:64]! @ K[i++] + vsli.64 d24,d17,#50 + vsli.64 d25,d17,#46 + vmov d29,d17 + vsli.64 d26,d17,#23 #if 27<16 && defined(__ARMEL__) vrev64.8 , #endif - veor d25,d24 - vbsl d29,d18,d19 @ Ch(e,f,g) + veor d25,d24 + vbsl d29,d18,d19 @ Ch(e,f,g) vshr.u64 d24,d21,#28 - veor d26,d25 @ Sigma1(e) + veor d26,d25 @ Sigma1(e) vadd.i64 d27,d29,d20 vshr.u64 d25,d21,#34 - vsli.64 d24,d21,#36 + vsli.64 d24,d21,#36 vadd.i64 d27,d26 vshr.u64 d26,d21,#39 vadd.i64 d28,d11 - vsli.64 d25,d21,#30 - veor d30,d21,d22 - vsli.64 d26,d21,#25 - veor d20,d24,d25 + vsli.64 d25,d21,#30 + veor d30,d21,d22 + vsli.64 d26,d21,#25 + veor d20,d24,d25 vadd.i64 d27,d28 - vbsl d30,d23,d22 @ Maj(a,b,c) - veor d20,d26 @ Sigma0(a) + vbsl d30,d23,d22 @ Maj(a,b,c) + veor d20,d26 @ Sigma0(a) vadd.i64 d16,d27 vadd.i64 d30,d27 @ vadd.i64 d20,d30 vshr.u64 q12,q5,#19 vshr.u64 q13,q5,#61 - vadd.i64 d20,d30 @ h+=Maj from the past + vadd.i64 d20,d30 @ h+=Maj from the past vshr.u64 q15,q5,#6 - vsli.64 q12,q5,#45 - vext.8 q14,q6,q7,#8 @ X[i+1] - vsli.64 q13,q5,#3 - veor q15,q12 + vsli.64 q12,q5,#45 + vext.8 q14,q6,q7,#8 @ X[i+1] + vsli.64 q13,q5,#3 + veor q15,q12 vshr.u64 q12,q14,#1 - veor q15,q13 @ sigma1(X[i+14]) + veor q15,q13 @ sigma1(X[i+14]) vshr.u64 q13,q14,#8 vadd.i64 q6,q15 vshr.u64 q15,q14,#7 - vsli.64 q12,q14,#63 - vsli.64 q13,q14,#56 - vext.8 q14,q2,q3,#8 @ X[i+9] - veor q15,q12 + vsli.64 q12,q14,#63 + vsli.64 q13,q14,#56 + vext.8 q14,q2,q3,#8 @ X[i+9] + veor q15,q12 vshr.u64 d24,d16,#14 @ from NEON_00_15 vadd.i64 q6,q14 vshr.u64 d25,d16,#18 @ from NEON_00_15 - veor q15,q13 @ sigma0(X[i+1]) + veor q15,q13 @ sigma0(X[i+1]) vshr.u64 d26,d16,#41 @ from NEON_00_15 vadd.i64 q6,q15 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d16,#50 - vsli.64 d25,d16,#46 - vmov d29,d16 - vsli.64 d26,d16,#23 + vld1.64 {d28},[r3,:64]! @ K[i++] + vsli.64 d24,d16,#50 + vsli.64 d25,d16,#46 + vmov d29,d16 + vsli.64 d26,d16,#23 #if 28<16 && defined(__ARMEL__) vrev64.8 , #endif - veor d25,d24 - vbsl d29,d17,d18 @ Ch(e,f,g) + veor d25,d24 + vbsl d29,d17,d18 @ Ch(e,f,g) vshr.u64 d24,d20,#28 - veor d26,d25 @ Sigma1(e) + veor d26,d25 @ Sigma1(e) vadd.i64 d27,d29,d19 vshr.u64 d25,d20,#34 - vsli.64 d24,d20,#36 + vsli.64 d24,d20,#36 vadd.i64 d27,d26 vshr.u64 d26,d20,#39 vadd.i64 d28,d12 - vsli.64 d25,d20,#30 - veor d30,d20,d21 - vsli.64 d26,d20,#25 - veor d19,d24,d25 + vsli.64 d25,d20,#30 + veor d30,d20,d21 + vsli.64 d26,d20,#25 + veor d19,d24,d25 vadd.i64 d27,d28 - vbsl d30,d22,d21 @ Maj(a,b,c) - veor d19,d26 @ Sigma0(a) + vbsl d30,d22,d21 @ Maj(a,b,c) + veor d19,d26 @ Sigma0(a) vadd.i64 d23,d27 vadd.i64 d30,d27 @ vadd.i64 d19,d30 vshr.u64 d24,d23,#14 @ 29 #if 29<16 - vld1.64 {d13},[r1]! @ handles unaligned + vld1.64 {d13},[r1]! @ handles unaligned #endif vshr.u64 d25,d23,#18 #if 29>0 - vadd.i64 d19,d30 @ h+=Maj from the past + vadd.i64 d19,d30 @ h+=Maj from the past #endif vshr.u64 d26,d23,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d23,#50 - vsli.64 d25,d23,#46 - vmov d29,d23 - vsli.64 d26,d23,#23 + vld1.64 {d28},[r3,:64]! @ K[i++] + vsli.64 d24,d23,#50 + vsli.64 d25,d23,#46 + vmov d29,d23 + vsli.64 d26,d23,#23 #if 29<16 && defined(__ARMEL__) vrev64.8 , #endif - veor d25,d24 - vbsl d29,d16,d17 @ Ch(e,f,g) + veor d25,d24 + vbsl d29,d16,d17 @ Ch(e,f,g) vshr.u64 d24,d19,#28 - veor d26,d25 @ Sigma1(e) + veor d26,d25 @ Sigma1(e) vadd.i64 d27,d29,d18 vshr.u64 d25,d19,#34 - vsli.64 d24,d19,#36 + vsli.64 d24,d19,#36 vadd.i64 d27,d26 vshr.u64 d26,d19,#39 vadd.i64 d28,d13 - vsli.64 d25,d19,#30 - veor d30,d19,d20 - vsli.64 d26,d19,#25 - veor d18,d24,d25 + vsli.64 d25,d19,#30 + veor d30,d19,d20 + vsli.64 d26,d19,#25 + veor d18,d24,d25 vadd.i64 d27,d28 - vbsl d30,d21,d20 @ Maj(a,b,c) - veor d18,d26 @ Sigma0(a) + vbsl d30,d21,d20 @ Maj(a,b,c) + veor d18,d26 @ Sigma0(a) vadd.i64 d22,d27 vadd.i64 d30,d27 @ vadd.i64 d18,d30 vshr.u64 q12,q6,#19 vshr.u64 q13,q6,#61 - vadd.i64 d18,d30 @ h+=Maj from the past + vadd.i64 d18,d30 @ h+=Maj from the past vshr.u64 q15,q6,#6 - vsli.64 q12,q6,#45 - vext.8 q14,q7,q0,#8 @ X[i+1] - vsli.64 q13,q6,#3 - veor q15,q12 + vsli.64 q12,q6,#45 + vext.8 q14,q7,q0,#8 @ X[i+1] + vsli.64 q13,q6,#3 + veor q15,q12 vshr.u64 q12,q14,#1 - veor q15,q13 @ sigma1(X[i+14]) + veor q15,q13 @ sigma1(X[i+14]) vshr.u64 q13,q14,#8 vadd.i64 q7,q15 vshr.u64 q15,q14,#7 - vsli.64 q12,q14,#63 - vsli.64 q13,q14,#56 - vext.8 q14,q3,q4,#8 @ X[i+9] - veor q15,q12 + vsli.64 q12,q14,#63 + vsli.64 q13,q14,#56 + vext.8 q14,q3,q4,#8 @ X[i+9] + veor q15,q12 vshr.u64 d24,d22,#14 @ from NEON_00_15 vadd.i64 q7,q14 vshr.u64 d25,d22,#18 @ from NEON_00_15 - veor q15,q13 @ sigma0(X[i+1]) + veor q15,q13 @ sigma0(X[i+1]) vshr.u64 d26,d22,#41 @ from NEON_00_15 vadd.i64 q7,q15 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d22,#50 - vsli.64 d25,d22,#46 - vmov d29,d22 - vsli.64 d26,d22,#23 + vld1.64 {d28},[r3,:64]! @ K[i++] + vsli.64 d24,d22,#50 + vsli.64 d25,d22,#46 + vmov d29,d22 + vsli.64 d26,d22,#23 #if 30<16 && defined(__ARMEL__) vrev64.8 , #endif - veor d25,d24 - vbsl d29,d23,d16 @ Ch(e,f,g) + veor d25,d24 + vbsl d29,d23,d16 @ Ch(e,f,g) vshr.u64 d24,d18,#28 - veor d26,d25 @ Sigma1(e) + veor d26,d25 @ Sigma1(e) vadd.i64 d27,d29,d17 vshr.u64 d25,d18,#34 - vsli.64 d24,d18,#36 + vsli.64 d24,d18,#36 vadd.i64 d27,d26 vshr.u64 d26,d18,#39 vadd.i64 d28,d14 - vsli.64 d25,d18,#30 - veor d30,d18,d19 - vsli.64 d26,d18,#25 - veor d17,d24,d25 + vsli.64 d25,d18,#30 + veor d30,d18,d19 + vsli.64 d26,d18,#25 + veor d17,d24,d25 vadd.i64 d27,d28 - vbsl d30,d20,d19 @ Maj(a,b,c) - veor d17,d26 @ Sigma0(a) + vbsl d30,d20,d19 @ Maj(a,b,c) + veor d17,d26 @ Sigma0(a) vadd.i64 d21,d27 vadd.i64 d30,d27 @ vadd.i64 d17,d30 vshr.u64 d24,d21,#14 @ 31 #if 31<16 - vld1.64 {d15},[r1]! @ handles unaligned + vld1.64 {d15},[r1]! @ handles unaligned #endif vshr.u64 d25,d21,#18 #if 31>0 - vadd.i64 d17,d30 @ h+=Maj from the past + vadd.i64 d17,d30 @ h+=Maj from the past #endif vshr.u64 d26,d21,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d21,#50 - vsli.64 d25,d21,#46 - vmov d29,d21 - vsli.64 d26,d21,#23 + vld1.64 {d28},[r3,:64]! @ K[i++] + vsli.64 d24,d21,#50 + vsli.64 d25,d21,#46 + vmov d29,d21 + vsli.64 d26,d21,#23 #if 31<16 && defined(__ARMEL__) vrev64.8 , #endif - veor d25,d24 - vbsl d29,d22,d23 @ Ch(e,f,g) + veor d25,d24 + vbsl d29,d22,d23 @ Ch(e,f,g) vshr.u64 d24,d17,#28 - veor d26,d25 @ Sigma1(e) + veor d26,d25 @ Sigma1(e) vadd.i64 d27,d29,d16 vshr.u64 d25,d17,#34 - vsli.64 d24,d17,#36 + vsli.64 d24,d17,#36 vadd.i64 d27,d26 vshr.u64 d26,d17,#39 vadd.i64 d28,d15 - vsli.64 d25,d17,#30 - veor d30,d17,d18 - vsli.64 d26,d17,#25 - veor d16,d24,d25 + vsli.64 d25,d17,#30 + veor d30,d17,d18 + vsli.64 d26,d17,#25 + veor d16,d24,d25 vadd.i64 d27,d28 - vbsl d30,d19,d18 @ Maj(a,b,c) - veor d16,d26 @ Sigma0(a) + vbsl d30,d19,d18 @ Maj(a,b,c) + veor d16,d26 @ Sigma0(a) vadd.i64 d20,d27 vadd.i64 d30,d27 @ vadd.i64 d16,d30 - bne .L16_79_neon + bne .L16_79_neon - vadd.i64 d16,d30 @ h+=Maj from the past - vldmia r0,{d24-d31} @ load context to temp + vadd.i64 d16,d30 @ h+=Maj from the past + vldmia r0,{d24,d25,d26,d27,d28,d29,d30,d31} @ load context to temp vadd.i64 q8,q12 @ vectorized accumulate vadd.i64 q9,q13 vadd.i64 q10,q14 vadd.i64 q11,q15 - vstmia r0,{d16-d23} @ save context - teq r1,r2 - sub r3,#640 @ rewind K512 - bne .Loop_neon + vstmia r0,{d16,d17,d18,d19,d20,d21,d22,d23} @ save context + teq r1,r2 + sub r3,#640 @ rewind K512 + bne .Loop_neon - vldmia sp!,{d8-d15} @ epilogue + VFP_ABI_POP bx lr @ .word 0xe12fff1e +.size sha512_block_data_order_neon,.-sha512_block_data_order_neon #endif -.size sha512_block_data_order,.-sha512_block_data_order -.asciz "SHA512 block transform for ARMv4/NEON, CRYPTOGAMS by " +.byte 83,72,65,53,49,50,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,65,82,77,118,52,47,78,69,79,78,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .align 2 -#if __ARM_MAX_ARCH__>=7 +.align 2 +#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) .comm OPENSSL_armcap_P,4,4 .hidden OPENSSL_armcap_P #endif diff --git a/linux-x86/crypto/aes/aesni-x86.S b/linux-x86/crypto/aes/aesni-x86.S index 5aee116..aec110d 100644 --- a/linux-x86/crypto/aes/aesni-x86.S +++ b/linux-x86/crypto/aes/aesni-x86.S @@ -23,7 +23,10 @@ aesni_encrypt: leal 16(%edx),%edx jnz .L000enc1_loop_1 .byte 102,15,56,221,209 + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 movups %xmm2,(%eax) + pxor %xmm2,%xmm2 ret .size aesni_encrypt,.-.L_aesni_encrypt_begin .globl aesni_decrypt @@ -48,7 +51,10 @@ aesni_decrypt: leal 16(%edx),%edx jnz .L001dec1_loop_2 .byte 102,15,56,223,209 + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 movups %xmm2,(%eax) + pxor %xmm2,%xmm2 ret .size aesni_decrypt,.-.L_aesni_decrypt_begin .hidden _aesni_encrypt2 @@ -269,17 +275,15 @@ _aesni_encrypt6: negl %ecx .byte 102,15,56,220,225 pxor %xmm0,%xmm7 + movups (%edx,%ecx,1),%xmm0 addl $16,%ecx -.byte 102,15,56,220,233 -.byte 102,15,56,220,241 -.byte 102,15,56,220,249 - movups -16(%edx,%ecx,1),%xmm0 - jmp .L_aesni_encrypt6_enter + jmp .L008_aesni_encrypt6_inner .align 16 -.L008enc6_loop: +.L009enc6_loop: .byte 102,15,56,220,209 .byte 102,15,56,220,217 .byte 102,15,56,220,225 +.L008_aesni_encrypt6_inner: .byte 102,15,56,220,233 .byte 102,15,56,220,241 .byte 102,15,56,220,249 @@ -293,7 +297,7 @@ _aesni_encrypt6: .byte 102,15,56,220,240 .byte 102,15,56,220,248 movups -16(%edx,%ecx,1),%xmm0 - jnz .L008enc6_loop + jnz .L009enc6_loop .byte 102,15,56,220,209 .byte 102,15,56,220,217 .byte 102,15,56,220,225 @@ -326,17 +330,15 @@ _aesni_decrypt6: negl %ecx .byte 102,15,56,222,225 pxor %xmm0,%xmm7 + movups (%edx,%ecx,1),%xmm0 addl $16,%ecx -.byte 102,15,56,222,233 -.byte 102,15,56,222,241 -.byte 102,15,56,222,249 - movups -16(%edx,%ecx,1),%xmm0 - jmp .L_aesni_decrypt6_enter + jmp .L010_aesni_decrypt6_inner .align 16 -.L009dec6_loop: +.L011dec6_loop: .byte 102,15,56,222,209 .byte 102,15,56,222,217 .byte 102,15,56,222,225 +.L010_aesni_decrypt6_inner: .byte 102,15,56,222,233 .byte 102,15,56,222,241 .byte 102,15,56,222,249 @@ -350,7 +352,7 @@ _aesni_decrypt6: .byte 102,15,56,222,240 .byte 102,15,56,222,248 movups -16(%edx,%ecx,1),%xmm0 - jnz .L009dec6_loop + jnz .L011dec6_loop .byte 102,15,56,222,209 .byte 102,15,56,222,217 .byte 102,15,56,222,225 @@ -381,14 +383,14 @@ aesni_ecb_encrypt: movl 32(%esp),%edx movl 36(%esp),%ebx andl $-16,%eax - jz .L010ecb_ret + jz .L012ecb_ret movl 240(%edx),%ecx testl %ebx,%ebx - jz .L011ecb_decrypt + jz .L013ecb_decrypt movl %edx,%ebp movl %ecx,%ebx cmpl $96,%eax - jb .L012ecb_enc_tail + jb .L014ecb_enc_tail movdqu (%esi),%xmm2 movdqu 16(%esi),%xmm3 movdqu 32(%esi),%xmm4 @@ -397,9 +399,9 @@ aesni_ecb_encrypt: movdqu 80(%esi),%xmm7 leal 96(%esi),%esi subl $96,%eax - jmp .L013ecb_enc_loop6_enter + jmp .L015ecb_enc_loop6_enter .align 16 -.L014ecb_enc_loop6: +.L016ecb_enc_loop6: movups %xmm2,(%edi) movdqu (%esi),%xmm2 movups %xmm3,16(%edi) @@ -414,12 +416,12 @@ aesni_ecb_encrypt: leal 96(%edi),%edi movdqu 80(%esi),%xmm7 leal 96(%esi),%esi -.L013ecb_enc_loop6_enter: +.L015ecb_enc_loop6_enter: call _aesni_encrypt6 movl %ebp,%edx movl %ebx,%ecx subl $96,%eax - jnc .L014ecb_enc_loop6 + jnc .L016ecb_enc_loop6 movups %xmm2,(%edi) movups %xmm3,16(%edi) movups %xmm4,32(%edi) @@ -428,18 +430,18 @@ aesni_ecb_encrypt: movups %xmm7,80(%edi) leal 96(%edi),%edi addl $96,%eax - jz .L010ecb_ret -.L012ecb_enc_tail: + jz .L012ecb_ret +.L014ecb_enc_tail: movups (%esi),%xmm2 cmpl $32,%eax - jb .L015ecb_enc_one + jb .L017ecb_enc_one movups 16(%esi),%xmm3 - je .L016ecb_enc_two + je .L018ecb_enc_two movups 32(%esi),%xmm4 cmpl $64,%eax - jb .L017ecb_enc_three + jb .L019ecb_enc_three movups 48(%esi),%xmm5 - je .L018ecb_enc_four + je .L020ecb_enc_four movups 64(%esi),%xmm6 xorps %xmm7,%xmm7 call _aesni_encrypt6 @@ -448,49 +450,49 @@ aesni_ecb_encrypt: movups %xmm4,32(%edi) movups %xmm5,48(%edi) movups %xmm6,64(%edi) - jmp .L010ecb_ret + jmp .L012ecb_ret .align 16 -.L015ecb_enc_one: +.L017ecb_enc_one: movups (%edx),%xmm0 movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -.L019enc1_loop_3: +.L021enc1_loop_3: .byte 102,15,56,220,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz .L019enc1_loop_3 + jnz .L021enc1_loop_3 .byte 102,15,56,221,209 movups %xmm2,(%edi) - jmp .L010ecb_ret + jmp .L012ecb_ret .align 16 -.L016ecb_enc_two: +.L018ecb_enc_two: call _aesni_encrypt2 movups %xmm2,(%edi) movups %xmm3,16(%edi) - jmp .L010ecb_ret + jmp .L012ecb_ret .align 16 -.L017ecb_enc_three: +.L019ecb_enc_three: call _aesni_encrypt3 movups %xmm2,(%edi) movups %xmm3,16(%edi) movups %xmm4,32(%edi) - jmp .L010ecb_ret + jmp .L012ecb_ret .align 16 -.L018ecb_enc_four: +.L020ecb_enc_four: call _aesni_encrypt4 movups %xmm2,(%edi) movups %xmm3,16(%edi) movups %xmm4,32(%edi) movups %xmm5,48(%edi) - jmp .L010ecb_ret + jmp .L012ecb_ret .align 16 -.L011ecb_decrypt: +.L013ecb_decrypt: movl %edx,%ebp movl %ecx,%ebx cmpl $96,%eax - jb .L020ecb_dec_tail + jb .L022ecb_dec_tail movdqu (%esi),%xmm2 movdqu 16(%esi),%xmm3 movdqu 32(%esi),%xmm4 @@ -499,9 +501,9 @@ aesni_ecb_encrypt: movdqu 80(%esi),%xmm7 leal 96(%esi),%esi subl $96,%eax - jmp .L021ecb_dec_loop6_enter + jmp .L023ecb_dec_loop6_enter .align 16 -.L022ecb_dec_loop6: +.L024ecb_dec_loop6: movups %xmm2,(%edi) movdqu (%esi),%xmm2 movups %xmm3,16(%edi) @@ -516,12 +518,12 @@ aesni_ecb_encrypt: leal 96(%edi),%edi movdqu 80(%esi),%xmm7 leal 96(%esi),%esi -.L021ecb_dec_loop6_enter: +.L023ecb_dec_loop6_enter: call _aesni_decrypt6 movl %ebp,%edx movl %ebx,%ecx subl $96,%eax - jnc .L022ecb_dec_loop6 + jnc .L024ecb_dec_loop6 movups %xmm2,(%edi) movups %xmm3,16(%edi) movups %xmm4,32(%edi) @@ -530,18 +532,18 @@ aesni_ecb_encrypt: movups %xmm7,80(%edi) leal 96(%edi),%edi addl $96,%eax - jz .L010ecb_ret -.L020ecb_dec_tail: + jz .L012ecb_ret +.L022ecb_dec_tail: movups (%esi),%xmm2 cmpl $32,%eax - jb .L023ecb_dec_one + jb .L025ecb_dec_one movups 16(%esi),%xmm3 - je .L024ecb_dec_two + je .L026ecb_dec_two movups 32(%esi),%xmm4 cmpl $64,%eax - jb .L025ecb_dec_three + jb .L027ecb_dec_three movups 48(%esi),%xmm5 - je .L026ecb_dec_four + je .L028ecb_dec_four movups 64(%esi),%xmm6 xorps %xmm7,%xmm7 call _aesni_decrypt6 @@ -550,43 +552,51 @@ aesni_ecb_encrypt: movups %xmm4,32(%edi) movups %xmm5,48(%edi) movups %xmm6,64(%edi) - jmp .L010ecb_ret + jmp .L012ecb_ret .align 16 -.L023ecb_dec_one: +.L025ecb_dec_one: movups (%edx),%xmm0 movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -.L027dec1_loop_4: +.L029dec1_loop_4: .byte 102,15,56,222,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz .L027dec1_loop_4 + jnz .L029dec1_loop_4 .byte 102,15,56,223,209 movups %xmm2,(%edi) - jmp .L010ecb_ret + jmp .L012ecb_ret .align 16 -.L024ecb_dec_two: +.L026ecb_dec_two: call _aesni_decrypt2 movups %xmm2,(%edi) movups %xmm3,16(%edi) - jmp .L010ecb_ret + jmp .L012ecb_ret .align 16 -.L025ecb_dec_three: +.L027ecb_dec_three: call _aesni_decrypt3 movups %xmm2,(%edi) movups %xmm3,16(%edi) movups %xmm4,32(%edi) - jmp .L010ecb_ret + jmp .L012ecb_ret .align 16 -.L026ecb_dec_four: +.L028ecb_dec_four: call _aesni_decrypt4 movups %xmm2,(%edi) movups %xmm3,16(%edi) movups %xmm4,32(%edi) movups %xmm5,48(%edi) -.L010ecb_ret: +.L012ecb_ret: + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 + pxor %xmm6,%xmm6 + pxor %xmm7,%xmm7 popl %edi popl %esi popl %ebx @@ -634,7 +644,7 @@ aesni_ccm64_encrypt_blocks: leal 32(%edx,%ecx,1),%edx subl %ecx,%ebx .byte 102,15,56,0,253 -.L028ccm64_enc_outer: +.L030ccm64_enc_outer: movups (%ebp),%xmm0 movl %ebx,%ecx movups (%esi),%xmm6 @@ -643,7 +653,7 @@ aesni_ccm64_encrypt_blocks: xorps %xmm6,%xmm0 xorps %xmm0,%xmm3 movups 32(%ebp),%xmm0 -.L029ccm64_enc2_loop: +.L031ccm64_enc2_loop: .byte 102,15,56,220,209 .byte 102,15,56,220,217 movups (%edx,%ecx,1),%xmm1 @@ -651,7 +661,7 @@ aesni_ccm64_encrypt_blocks: .byte 102,15,56,220,208 .byte 102,15,56,220,216 movups -16(%edx,%ecx,1),%xmm0 - jnz .L029ccm64_enc2_loop + jnz .L031ccm64_enc2_loop .byte 102,15,56,220,209 .byte 102,15,56,220,217 paddq 16(%esp),%xmm7 @@ -664,10 +674,18 @@ aesni_ccm64_encrypt_blocks: movups %xmm6,(%edi) .byte 102,15,56,0,213 leal 16(%edi),%edi - jnz .L028ccm64_enc_outer + jnz .L030ccm64_enc_outer movl 48(%esp),%esp movl 40(%esp),%edi movups %xmm3,(%edi) + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 + pxor %xmm6,%xmm6 + pxor %xmm7,%xmm7 popl %edi popl %esi popl %ebx @@ -716,12 +734,12 @@ aesni_ccm64_decrypt_blocks: movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -.L030enc1_loop_5: +.L032enc1_loop_5: .byte 102,15,56,220,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz .L030enc1_loop_5 + jnz .L032enc1_loop_5 .byte 102,15,56,221,209 shll $4,%ebx movl $16,%ecx @@ -731,16 +749,16 @@ aesni_ccm64_decrypt_blocks: subl %ebx,%ecx leal 32(%ebp,%ebx,1),%edx movl %ecx,%ebx - jmp .L031ccm64_dec_outer + jmp .L033ccm64_dec_outer .align 16 -.L031ccm64_dec_outer: +.L033ccm64_dec_outer: xorps %xmm2,%xmm6 movdqa %xmm7,%xmm2 movups %xmm6,(%edi) leal 16(%edi),%edi .byte 102,15,56,0,213 subl $1,%eax - jz .L032ccm64_dec_break + jz .L034ccm64_dec_break movups (%ebp),%xmm0 movl %ebx,%ecx movups 16(%ebp),%xmm1 @@ -748,7 +766,7 @@ aesni_ccm64_decrypt_blocks: xorps %xmm0,%xmm2 xorps %xmm6,%xmm3 movups 32(%ebp),%xmm0 -.L033ccm64_dec2_loop: +.L035ccm64_dec2_loop: .byte 102,15,56,220,209 .byte 102,15,56,220,217 movups (%edx,%ecx,1),%xmm1 @@ -756,7 +774,7 @@ aesni_ccm64_decrypt_blocks: .byte 102,15,56,220,208 .byte 102,15,56,220,216 movups -16(%edx,%ecx,1),%xmm0 - jnz .L033ccm64_dec2_loop + jnz .L035ccm64_dec2_loop movups (%esi),%xmm6 paddq 16(%esp),%xmm7 .byte 102,15,56,220,209 @@ -764,9 +782,9 @@ aesni_ccm64_decrypt_blocks: .byte 102,15,56,221,208 .byte 102,15,56,221,216 leal 16(%esi),%esi - jmp .L031ccm64_dec_outer + jmp .L033ccm64_dec_outer .align 16 -.L032ccm64_dec_break: +.L034ccm64_dec_break: movl 240(%ebp),%ecx movl %ebp,%edx movups (%edx),%xmm0 @@ -774,16 +792,24 @@ aesni_ccm64_decrypt_blocks: xorps %xmm0,%xmm6 leal 32(%edx),%edx xorps %xmm6,%xmm3 -.L034enc1_loop_6: +.L036enc1_loop_6: .byte 102,15,56,220,217 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz .L034enc1_loop_6 + jnz .L036enc1_loop_6 .byte 102,15,56,221,217 movl 48(%esp),%esp movl 40(%esp),%edi movups %xmm3,(%edi) + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 + pxor %xmm6,%xmm6 + pxor %xmm7,%xmm7 popl %edi popl %esi popl %ebx @@ -810,7 +836,7 @@ aesni_ctr32_encrypt_blocks: andl $-16,%esp movl %ebp,80(%esp) cmpl $1,%eax - je .L035ctr32_one_shortcut + je .L037ctr32_one_shortcut movdqu (%ebx),%xmm7 movl $202182159,(%esp) movl $134810123,4(%esp) @@ -848,7 +874,7 @@ aesni_ctr32_encrypt_blocks: pshufd $192,%xmm0,%xmm2 pshufd $128,%xmm0,%xmm3 cmpl $6,%eax - jb .L036ctr32_tail + jb .L038ctr32_tail pxor %xmm6,%xmm7 shll $4,%ecx movl $16,%ebx @@ -857,9 +883,9 @@ aesni_ctr32_encrypt_blocks: subl %ecx,%ebx leal 32(%edx,%ecx,1),%edx subl $6,%eax - jmp .L037ctr32_loop6 + jmp .L039ctr32_loop6 .align 16 -.L037ctr32_loop6: +.L039ctr32_loop6: pshufd $64,%xmm0,%xmm4 movdqa 32(%esp),%xmm0 pshufd $192,%xmm1,%xmm5 @@ -913,27 +939,27 @@ aesni_ctr32_encrypt_blocks: leal 96(%edi),%edi pshufd $128,%xmm0,%xmm3 subl $6,%eax - jnc .L037ctr32_loop6 + jnc .L039ctr32_loop6 addl $6,%eax - jz .L038ctr32_ret + jz .L040ctr32_ret movdqu (%ebp),%xmm7 movl %ebp,%edx pxor 32(%esp),%xmm7 movl 240(%ebp),%ecx -.L036ctr32_tail: +.L038ctr32_tail: por %xmm7,%xmm2 cmpl $2,%eax - jb .L039ctr32_one + jb .L041ctr32_one pshufd $64,%xmm0,%xmm4 por %xmm7,%xmm3 - je .L040ctr32_two + je .L042ctr32_two pshufd $192,%xmm1,%xmm5 por %xmm7,%xmm4 cmpl $4,%eax - jb .L041ctr32_three + jb .L043ctr32_three pshufd $128,%xmm1,%xmm6 por %xmm7,%xmm5 - je .L042ctr32_four + je .L044ctr32_four por %xmm7,%xmm6 call _aesni_encrypt6 movups (%esi),%xmm1 @@ -951,29 +977,29 @@ aesni_ctr32_encrypt_blocks: movups %xmm4,32(%edi) movups %xmm5,48(%edi) movups %xmm6,64(%edi) - jmp .L038ctr32_ret + jmp .L040ctr32_ret .align 16 -.L035ctr32_one_shortcut: +.L037ctr32_one_shortcut: movups (%ebx),%xmm2 movl 240(%edx),%ecx -.L039ctr32_one: +.L041ctr32_one: movups (%edx),%xmm0 movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -.L043enc1_loop_7: +.L045enc1_loop_7: .byte 102,15,56,220,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz .L043enc1_loop_7 + jnz .L045enc1_loop_7 .byte 102,15,56,221,209 movups (%esi),%xmm6 xorps %xmm2,%xmm6 movups %xmm6,(%edi) - jmp .L038ctr32_ret + jmp .L040ctr32_ret .align 16 -.L040ctr32_two: +.L042ctr32_two: call _aesni_encrypt2 movups (%esi),%xmm5 movups 16(%esi),%xmm6 @@ -981,9 +1007,9 @@ aesni_ctr32_encrypt_blocks: xorps %xmm6,%xmm3 movups %xmm2,(%edi) movups %xmm3,16(%edi) - jmp .L038ctr32_ret + jmp .L040ctr32_ret .align 16 -.L041ctr32_three: +.L043ctr32_three: call _aesni_encrypt3 movups (%esi),%xmm5 movups 16(%esi),%xmm6 @@ -994,9 +1020,9 @@ aesni_ctr32_encrypt_blocks: xorps %xmm7,%xmm4 movups %xmm3,16(%edi) movups %xmm4,32(%edi) - jmp .L038ctr32_ret + jmp .L040ctr32_ret .align 16 -.L042ctr32_four: +.L044ctr32_four: call _aesni_encrypt4 movups (%esi),%xmm6 movups 16(%esi),%xmm7 @@ -1010,7 +1036,18 @@ aesni_ctr32_encrypt_blocks: xorps %xmm0,%xmm5 movups %xmm4,32(%edi) movups %xmm5,48(%edi) -.L038ctr32_ret: +.L040ctr32_ret: + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + movdqa %xmm0,32(%esp) + pxor %xmm5,%xmm5 + movdqa %xmm0,48(%esp) + pxor %xmm6,%xmm6 + movdqa %xmm0,64(%esp) + pxor %xmm7,%xmm7 movl 80(%esp),%esp popl %edi popl %esi @@ -1036,12 +1073,12 @@ aesni_xts_encrypt: movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -.L044enc1_loop_8: +.L046enc1_loop_8: .byte 102,15,56,220,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz .L044enc1_loop_8 + jnz .L046enc1_loop_8 .byte 102,15,56,221,209 movl 20(%esp),%esi movl 24(%esp),%edi @@ -1065,14 +1102,14 @@ aesni_xts_encrypt: movl %edx,%ebp movl %ecx,%ebx subl $96,%eax - jc .L045xts_enc_short + jc .L047xts_enc_short shll $4,%ecx movl $16,%ebx subl %ecx,%ebx leal 32(%edx,%ecx,1),%edx - jmp .L046xts_enc_loop6 + jmp .L048xts_enc_loop6 .align 16 -.L046xts_enc_loop6: +.L048xts_enc_loop6: pshufd $19,%xmm0,%xmm2 pxor %xmm0,%xmm0 movdqa %xmm1,(%esp) @@ -1161,23 +1198,23 @@ aesni_xts_encrypt: pcmpgtd %xmm1,%xmm0 pxor %xmm2,%xmm1 subl $96,%eax - jnc .L046xts_enc_loop6 + jnc .L048xts_enc_loop6 movl 240(%ebp),%ecx movl %ebp,%edx movl %ecx,%ebx -.L045xts_enc_short: +.L047xts_enc_short: addl $96,%eax - jz .L047xts_enc_done6x + jz .L049xts_enc_done6x movdqa %xmm1,%xmm5 cmpl $32,%eax - jb .L048xts_enc_one + jb .L050xts_enc_one pshufd $19,%xmm0,%xmm2 pxor %xmm0,%xmm0 paddq %xmm1,%xmm1 pand %xmm3,%xmm2 pcmpgtd %xmm1,%xmm0 pxor %xmm2,%xmm1 - je .L049xts_enc_two + je .L051xts_enc_two pshufd $19,%xmm0,%xmm2 pxor %xmm0,%xmm0 movdqa %xmm1,%xmm6 @@ -1186,7 +1223,7 @@ aesni_xts_encrypt: pcmpgtd %xmm1,%xmm0 pxor %xmm2,%xmm1 cmpl $64,%eax - jb .L050xts_enc_three + jb .L052xts_enc_three pshufd $19,%xmm0,%xmm2 pxor %xmm0,%xmm0 movdqa %xmm1,%xmm7 @@ -1196,7 +1233,7 @@ aesni_xts_encrypt: pxor %xmm2,%xmm1 movdqa %xmm5,(%esp) movdqa %xmm6,16(%esp) - je .L051xts_enc_four + je .L053xts_enc_four movdqa %xmm7,32(%esp) pshufd $19,%xmm0,%xmm7 movdqa %xmm1,48(%esp) @@ -1228,9 +1265,9 @@ aesni_xts_encrypt: movups %xmm5,48(%edi) movups %xmm6,64(%edi) leal 80(%edi),%edi - jmp .L052xts_enc_done + jmp .L054xts_enc_done .align 16 -.L048xts_enc_one: +.L050xts_enc_one: movups (%esi),%xmm2 leal 16(%esi),%esi xorps %xmm5,%xmm2 @@ -1238,20 +1275,20 @@ aesni_xts_encrypt: movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -.L053enc1_loop_9: +.L055enc1_loop_9: .byte 102,15,56,220,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz .L053enc1_loop_9 + jnz .L055enc1_loop_9 .byte 102,15,56,221,209 xorps %xmm5,%xmm2 movups %xmm2,(%edi) leal 16(%edi),%edi movdqa %xmm5,%xmm1 - jmp .L052xts_enc_done + jmp .L054xts_enc_done .align 16 -.L049xts_enc_two: +.L051xts_enc_two: movaps %xmm1,%xmm6 movups (%esi),%xmm2 movups 16(%esi),%xmm3 @@ -1265,9 +1302,9 @@ aesni_xts_encrypt: movups %xmm3,16(%edi) leal 32(%edi),%edi movdqa %xmm6,%xmm1 - jmp .L052xts_enc_done + jmp .L054xts_enc_done .align 16 -.L050xts_enc_three: +.L052xts_enc_three: movaps %xmm1,%xmm7 movups (%esi),%xmm2 movups 16(%esi),%xmm3 @@ -1285,9 +1322,9 @@ aesni_xts_encrypt: movups %xmm4,32(%edi) leal 48(%edi),%edi movdqa %xmm7,%xmm1 - jmp .L052xts_enc_done + jmp .L054xts_enc_done .align 16 -.L051xts_enc_four: +.L053xts_enc_four: movaps %xmm1,%xmm6 movups (%esi),%xmm2 movups 16(%esi),%xmm3 @@ -1309,28 +1346,28 @@ aesni_xts_encrypt: movups %xmm5,48(%edi) leal 64(%edi),%edi movdqa %xmm6,%xmm1 - jmp .L052xts_enc_done + jmp .L054xts_enc_done .align 16 -.L047xts_enc_done6x: +.L049xts_enc_done6x: movl 112(%esp),%eax andl $15,%eax - jz .L054xts_enc_ret + jz .L056xts_enc_ret movdqa %xmm1,%xmm5 movl %eax,112(%esp) - jmp .L055xts_enc_steal + jmp .L057xts_enc_steal .align 16 -.L052xts_enc_done: +.L054xts_enc_done: movl 112(%esp),%eax pxor %xmm0,%xmm0 andl $15,%eax - jz .L054xts_enc_ret + jz .L056xts_enc_ret pcmpgtd %xmm1,%xmm0 movl %eax,112(%esp) pshufd $19,%xmm0,%xmm5 paddq %xmm1,%xmm1 pand 96(%esp),%xmm5 pxor %xmm1,%xmm5 -.L055xts_enc_steal: +.L057xts_enc_steal: movzbl (%esi),%ecx movzbl -16(%edi),%edx leal 1(%esi),%esi @@ -1338,7 +1375,7 @@ aesni_xts_encrypt: movb %dl,(%edi) leal 1(%edi),%edi subl $1,%eax - jnz .L055xts_enc_steal + jnz .L057xts_enc_steal subl 112(%esp),%edi movl %ebp,%edx movl %ebx,%ecx @@ -1348,16 +1385,30 @@ aesni_xts_encrypt: movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -.L056enc1_loop_10: +.L058enc1_loop_10: .byte 102,15,56,220,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz .L056enc1_loop_10 + jnz .L058enc1_loop_10 .byte 102,15,56,221,209 xorps %xmm5,%xmm2 movups %xmm2,-16(%edi) -.L054xts_enc_ret: +.L056xts_enc_ret: + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + movdqa %xmm0,(%esp) + pxor %xmm3,%xmm3 + movdqa %xmm0,16(%esp) + pxor %xmm4,%xmm4 + movdqa %xmm0,32(%esp) + pxor %xmm5,%xmm5 + movdqa %xmm0,48(%esp) + pxor %xmm6,%xmm6 + movdqa %xmm0,64(%esp) + pxor %xmm7,%xmm7 + movdqa %xmm0,80(%esp) movl 116(%esp),%esp popl %edi popl %esi @@ -1383,12 +1434,12 @@ aesni_xts_decrypt: movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -.L057enc1_loop_11: +.L059enc1_loop_11: .byte 102,15,56,220,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz .L057enc1_loop_11 + jnz .L059enc1_loop_11 .byte 102,15,56,221,209 movl 20(%esp),%esi movl 24(%esp),%edi @@ -1417,14 +1468,14 @@ aesni_xts_decrypt: pcmpgtd %xmm1,%xmm0 andl $-16,%eax subl $96,%eax - jc .L058xts_dec_short + jc .L060xts_dec_short shll $4,%ecx movl $16,%ebx subl %ecx,%ebx leal 32(%edx,%ecx,1),%edx - jmp .L059xts_dec_loop6 + jmp .L061xts_dec_loop6 .align 16 -.L059xts_dec_loop6: +.L061xts_dec_loop6: pshufd $19,%xmm0,%xmm2 pxor %xmm0,%xmm0 movdqa %xmm1,(%esp) @@ -1513,23 +1564,23 @@ aesni_xts_decrypt: pcmpgtd %xmm1,%xmm0 pxor %xmm2,%xmm1 subl $96,%eax - jnc .L059xts_dec_loop6 + jnc .L061xts_dec_loop6 movl 240(%ebp),%ecx movl %ebp,%edx movl %ecx,%ebx -.L058xts_dec_short: +.L060xts_dec_short: addl $96,%eax - jz .L060xts_dec_done6x + jz .L062xts_dec_done6x movdqa %xmm1,%xmm5 cmpl $32,%eax - jb .L061xts_dec_one + jb .L063xts_dec_one pshufd $19,%xmm0,%xmm2 pxor %xmm0,%xmm0 paddq %xmm1,%xmm1 pand %xmm3,%xmm2 pcmpgtd %xmm1,%xmm0 pxor %xmm2,%xmm1 - je .L062xts_dec_two + je .L064xts_dec_two pshufd $19,%xmm0,%xmm2 pxor %xmm0,%xmm0 movdqa %xmm1,%xmm6 @@ -1538,7 +1589,7 @@ aesni_xts_decrypt: pcmpgtd %xmm1,%xmm0 pxor %xmm2,%xmm1 cmpl $64,%eax - jb .L063xts_dec_three + jb .L065xts_dec_three pshufd $19,%xmm0,%xmm2 pxor %xmm0,%xmm0 movdqa %xmm1,%xmm7 @@ -1548,7 +1599,7 @@ aesni_xts_decrypt: pxor %xmm2,%xmm1 movdqa %xmm5,(%esp) movdqa %xmm6,16(%esp) - je .L064xts_dec_four + je .L066xts_dec_four movdqa %xmm7,32(%esp) pshufd $19,%xmm0,%xmm7 movdqa %xmm1,48(%esp) @@ -1580,9 +1631,9 @@ aesni_xts_decrypt: movups %xmm5,48(%edi) movups %xmm6,64(%edi) leal 80(%edi),%edi - jmp .L065xts_dec_done + jmp .L067xts_dec_done .align 16 -.L061xts_dec_one: +.L063xts_dec_one: movups (%esi),%xmm2 leal 16(%esi),%esi xorps %xmm5,%xmm2 @@ -1590,20 +1641,20 @@ aesni_xts_decrypt: movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -.L066dec1_loop_12: +.L068dec1_loop_12: .byte 102,15,56,222,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz .L066dec1_loop_12 + jnz .L068dec1_loop_12 .byte 102,15,56,223,209 xorps %xmm5,%xmm2 movups %xmm2,(%edi) leal 16(%edi),%edi movdqa %xmm5,%xmm1 - jmp .L065xts_dec_done + jmp .L067xts_dec_done .align 16 -.L062xts_dec_two: +.L064xts_dec_two: movaps %xmm1,%xmm6 movups (%esi),%xmm2 movups 16(%esi),%xmm3 @@ -1617,9 +1668,9 @@ aesni_xts_decrypt: movups %xmm3,16(%edi) leal 32(%edi),%edi movdqa %xmm6,%xmm1 - jmp .L065xts_dec_done + jmp .L067xts_dec_done .align 16 -.L063xts_dec_three: +.L065xts_dec_three: movaps %xmm1,%xmm7 movups (%esi),%xmm2 movups 16(%esi),%xmm3 @@ -1637,9 +1688,9 @@ aesni_xts_decrypt: movups %xmm4,32(%edi) leal 48(%edi),%edi movdqa %xmm7,%xmm1 - jmp .L065xts_dec_done + jmp .L067xts_dec_done .align 16 -.L064xts_dec_four: +.L066xts_dec_four: movaps %xmm1,%xmm6 movups (%esi),%xmm2 movups 16(%esi),%xmm3 @@ -1661,20 +1712,20 @@ aesni_xts_decrypt: movups %xmm5,48(%edi) leal 64(%edi),%edi movdqa %xmm6,%xmm1 - jmp .L065xts_dec_done + jmp .L067xts_dec_done .align 16 -.L060xts_dec_done6x: +.L062xts_dec_done6x: movl 112(%esp),%eax andl $15,%eax - jz .L067xts_dec_ret + jz .L069xts_dec_ret movl %eax,112(%esp) - jmp .L068xts_dec_only_one_more + jmp .L070xts_dec_only_one_more .align 16 -.L065xts_dec_done: +.L067xts_dec_done: movl 112(%esp),%eax pxor %xmm0,%xmm0 andl $15,%eax - jz .L067xts_dec_ret + jz .L069xts_dec_ret pcmpgtd %xmm1,%xmm0 movl %eax,112(%esp) pshufd $19,%xmm0,%xmm2 @@ -1684,7 +1735,7 @@ aesni_xts_decrypt: pand %xmm3,%xmm2 pcmpgtd %xmm1,%xmm0 pxor %xmm2,%xmm1 -.L068xts_dec_only_one_more: +.L070xts_dec_only_one_more: pshufd $19,%xmm0,%xmm5 movdqa %xmm1,%xmm6 paddq %xmm1,%xmm1 @@ -1698,16 +1749,16 @@ aesni_xts_decrypt: movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -.L069dec1_loop_13: +.L071dec1_loop_13: .byte 102,15,56,222,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz .L069dec1_loop_13 + jnz .L071dec1_loop_13 .byte 102,15,56,223,209 xorps %xmm5,%xmm2 movups %xmm2,(%edi) -.L070xts_dec_steal: +.L072xts_dec_steal: movzbl 16(%esi),%ecx movzbl (%edi),%edx leal 1(%esi),%esi @@ -1715,7 +1766,7 @@ aesni_xts_decrypt: movb %dl,16(%edi) leal 1(%edi),%edi subl $1,%eax - jnz .L070xts_dec_steal + jnz .L072xts_dec_steal subl 112(%esp),%edi movl %ebp,%edx movl %ebx,%ecx @@ -1725,16 +1776,30 @@ aesni_xts_decrypt: movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -.L071dec1_loop_14: +.L073dec1_loop_14: .byte 102,15,56,222,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz .L071dec1_loop_14 + jnz .L073dec1_loop_14 .byte 102,15,56,223,209 xorps %xmm6,%xmm2 movups %xmm2,(%edi) -.L067xts_dec_ret: +.L069xts_dec_ret: + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + movdqa %xmm0,(%esp) + pxor %xmm3,%xmm3 + movdqa %xmm0,16(%esp) + pxor %xmm4,%xmm4 + movdqa %xmm0,32(%esp) + pxor %xmm5,%xmm5 + movdqa %xmm0,48(%esp) + pxor %xmm6,%xmm6 + movdqa %xmm0,64(%esp) + pxor %xmm7,%xmm7 + movdqa %xmm0,80(%esp) movl 116(%esp),%esp popl %edi popl %esi @@ -1761,7 +1826,7 @@ aesni_cbc_encrypt: movl 32(%esp),%edx movl 36(%esp),%ebp testl %eax,%eax - jz .L072cbc_abort + jz .L074cbc_abort cmpl $0,40(%esp) xchgl %esp,%ebx movups (%ebp),%xmm7 @@ -1769,14 +1834,14 @@ aesni_cbc_encrypt: movl %edx,%ebp movl %ebx,16(%esp) movl %ecx,%ebx - je .L073cbc_decrypt + je .L075cbc_decrypt movaps %xmm7,%xmm2 cmpl $16,%eax - jb .L074cbc_enc_tail + jb .L076cbc_enc_tail subl $16,%eax - jmp .L075cbc_enc_loop + jmp .L077cbc_enc_loop .align 16 -.L075cbc_enc_loop: +.L077cbc_enc_loop: movups (%esi),%xmm7 leal 16(%esi),%esi movups (%edx),%xmm0 @@ -1784,24 +1849,25 @@ aesni_cbc_encrypt: xorps %xmm0,%xmm7 leal 32(%edx),%edx xorps %xmm7,%xmm2 -.L076enc1_loop_15: +.L078enc1_loop_15: .byte 102,15,56,220,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz .L076enc1_loop_15 + jnz .L078enc1_loop_15 .byte 102,15,56,221,209 movl %ebx,%ecx movl %ebp,%edx movups %xmm2,(%edi) leal 16(%edi),%edi subl $16,%eax - jnc .L075cbc_enc_loop + jnc .L077cbc_enc_loop addl $16,%eax - jnz .L074cbc_enc_tail + jnz .L076cbc_enc_tail movaps %xmm2,%xmm7 - jmp .L077cbc_ret -.L074cbc_enc_tail: + pxor %xmm2,%xmm2 + jmp .L079cbc_ret +.L076cbc_enc_tail: movl %eax,%ecx .long 2767451785 movl $16,%ecx @@ -1812,20 +1878,20 @@ aesni_cbc_encrypt: movl %ebx,%ecx movl %edi,%esi movl %ebp,%edx - jmp .L075cbc_enc_loop + jmp .L077cbc_enc_loop .align 16 -.L073cbc_decrypt: +.L075cbc_decrypt: cmpl $80,%eax - jbe .L078cbc_dec_tail + jbe .L080cbc_dec_tail movaps %xmm7,(%esp) subl $80,%eax - jmp .L079cbc_dec_loop6_enter + jmp .L081cbc_dec_loop6_enter .align 16 -.L080cbc_dec_loop6: +.L082cbc_dec_loop6: movaps %xmm0,(%esp) movups %xmm7,(%edi) leal 16(%edi),%edi -.L079cbc_dec_loop6_enter: +.L081cbc_dec_loop6_enter: movdqu (%esi),%xmm2 movdqu 16(%esi),%xmm3 movdqu 32(%esi),%xmm4 @@ -1855,28 +1921,28 @@ aesni_cbc_encrypt: movups %xmm6,64(%edi) leal 80(%edi),%edi subl $96,%eax - ja .L080cbc_dec_loop6 + ja .L082cbc_dec_loop6 movaps %xmm7,%xmm2 movaps %xmm0,%xmm7 addl $80,%eax - jle .L081cbc_dec_tail_collected + jle .L083cbc_dec_clear_tail_collected movups %xmm2,(%edi) leal 16(%edi),%edi -.L078cbc_dec_tail: +.L080cbc_dec_tail: movups (%esi),%xmm2 movaps %xmm2,%xmm6 cmpl $16,%eax - jbe .L082cbc_dec_one + jbe .L084cbc_dec_one movups 16(%esi),%xmm3 movaps %xmm3,%xmm5 cmpl $32,%eax - jbe .L083cbc_dec_two + jbe .L085cbc_dec_two movups 32(%esi),%xmm4 cmpl $48,%eax - jbe .L084cbc_dec_three + jbe .L086cbc_dec_three movups 48(%esi),%xmm5 cmpl $64,%eax - jbe .L085cbc_dec_four + jbe .L087cbc_dec_four movups 64(%esi),%xmm6 movaps %xmm7,(%esp) movups (%esi),%xmm2 @@ -1894,55 +1960,62 @@ aesni_cbc_encrypt: xorps %xmm0,%xmm6 movups %xmm2,(%edi) movups %xmm3,16(%edi) + pxor %xmm3,%xmm3 movups %xmm4,32(%edi) + pxor %xmm4,%xmm4 movups %xmm5,48(%edi) + pxor %xmm5,%xmm5 leal 64(%edi),%edi movaps %xmm6,%xmm2 + pxor %xmm6,%xmm6 subl $80,%eax - jmp .L081cbc_dec_tail_collected + jmp .L088cbc_dec_tail_collected .align 16 -.L082cbc_dec_one: +.L084cbc_dec_one: movups (%edx),%xmm0 movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -.L086dec1_loop_16: +.L089dec1_loop_16: .byte 102,15,56,222,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz .L086dec1_loop_16 + jnz .L089dec1_loop_16 .byte 102,15,56,223,209 xorps %xmm7,%xmm2 movaps %xmm6,%xmm7 subl $16,%eax - jmp .L081cbc_dec_tail_collected + jmp .L088cbc_dec_tail_collected .align 16 -.L083cbc_dec_two: +.L085cbc_dec_two: call _aesni_decrypt2 xorps %xmm7,%xmm2 xorps %xmm6,%xmm3 movups %xmm2,(%edi) movaps %xmm3,%xmm2 + pxor %xmm3,%xmm3 leal 16(%edi),%edi movaps %xmm5,%xmm7 subl $32,%eax - jmp .L081cbc_dec_tail_collected + jmp .L088cbc_dec_tail_collected .align 16 -.L084cbc_dec_three: +.L086cbc_dec_three: call _aesni_decrypt3 xorps %xmm7,%xmm2 xorps %xmm6,%xmm3 xorps %xmm5,%xmm4 movups %xmm2,(%edi) movaps %xmm4,%xmm2 + pxor %xmm4,%xmm4 movups %xmm3,16(%edi) + pxor %xmm3,%xmm3 leal 32(%edi),%edi movups 32(%esi),%xmm7 subl $48,%eax - jmp .L081cbc_dec_tail_collected + jmp .L088cbc_dec_tail_collected .align 16 -.L085cbc_dec_four: +.L087cbc_dec_four: call _aesni_decrypt4 movups 16(%esi),%xmm1 movups 32(%esi),%xmm0 @@ -1952,28 +2025,44 @@ aesni_cbc_encrypt: movups %xmm2,(%edi) xorps %xmm1,%xmm4 movups %xmm3,16(%edi) + pxor %xmm3,%xmm3 xorps %xmm0,%xmm5 movups %xmm4,32(%edi) + pxor %xmm4,%xmm4 leal 48(%edi),%edi movaps %xmm5,%xmm2 + pxor %xmm5,%xmm5 subl $64,%eax -.L081cbc_dec_tail_collected: + jmp .L088cbc_dec_tail_collected +.align 16 +.L083cbc_dec_clear_tail_collected: + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 + pxor %xmm6,%xmm6 +.L088cbc_dec_tail_collected: andl $15,%eax - jnz .L087cbc_dec_tail_partial + jnz .L090cbc_dec_tail_partial movups %xmm2,(%edi) - jmp .L077cbc_ret + pxor %xmm0,%xmm0 + jmp .L079cbc_ret .align 16 -.L087cbc_dec_tail_partial: +.L090cbc_dec_tail_partial: movaps %xmm2,(%esp) + pxor %xmm0,%xmm0 movl $16,%ecx movl %esp,%esi subl %eax,%ecx .long 2767451785 -.L077cbc_ret: + movdqa %xmm2,(%esp) +.L079cbc_ret: movl 16(%esp),%esp movl 36(%esp),%ebp + pxor %xmm2,%xmm2 + pxor %xmm1,%xmm1 movups %xmm7,(%ebp) -.L072cbc_abort: + pxor %xmm7,%xmm7 +.L074cbc_abort: popl %edi popl %esi popl %ebx @@ -1984,52 +2073,62 @@ aesni_cbc_encrypt: .type _aesni_set_encrypt_key,@function .align 16 _aesni_set_encrypt_key: + pushl %ebp + pushl %ebx testl %eax,%eax - jz .L088bad_pointer + jz .L091bad_pointer testl %edx,%edx - jz .L088bad_pointer + jz .L091bad_pointer + call .L092pic +.L092pic: + popl %ebx + leal .Lkey_const-.L092pic(%ebx),%ebx + leal OPENSSL_ia32cap_P-.Lkey_const(%ebx),%ebp movups (%eax),%xmm0 xorps %xmm4,%xmm4 + movl 4(%ebp),%ebp leal 16(%edx),%edx + andl $268437504,%ebp cmpl $256,%ecx - je .L08914rounds + je .L09314rounds cmpl $192,%ecx - je .L09012rounds + je .L09412rounds cmpl $128,%ecx - jne .L091bad_keybits + jne .L095bad_keybits .align 16 -.L09210rounds: +.L09610rounds: + cmpl $268435456,%ebp + je .L09710rounds_alt movl $9,%ecx movups %xmm0,-16(%edx) .byte 102,15,58,223,200,1 - call .L093key_128_cold + call .L098key_128_cold .byte 102,15,58,223,200,2 - call .L094key_128 + call .L099key_128 .byte 102,15,58,223,200,4 - call .L094key_128 + call .L099key_128 .byte 102,15,58,223,200,8 - call .L094key_128 + call .L099key_128 .byte 102,15,58,223,200,16 - call .L094key_128 + call .L099key_128 .byte 102,15,58,223,200,32 - call .L094key_128 + call .L099key_128 .byte 102,15,58,223,200,64 - call .L094key_128 + call .L099key_128 .byte 102,15,58,223,200,128 - call .L094key_128 + call .L099key_128 .byte 102,15,58,223,200,27 - call .L094key_128 + call .L099key_128 .byte 102,15,58,223,200,54 - call .L094key_128 + call .L099key_128 movups %xmm0,(%edx) movl %ecx,80(%edx) - xorl %eax,%eax - ret + jmp .L100good_key .align 16 -.L094key_128: +.L099key_128: movups %xmm0,(%edx) leal 16(%edx),%edx -.L093key_128_cold: +.L098key_128_cold: shufps $16,%xmm0,%xmm4 xorps %xmm4,%xmm0 shufps $140,%xmm0,%xmm4 @@ -2038,38 +2137,91 @@ _aesni_set_encrypt_key: xorps %xmm1,%xmm0 ret .align 16 -.L09012rounds: +.L09710rounds_alt: + movdqa (%ebx),%xmm5 + movl $8,%ecx + movdqa 32(%ebx),%xmm4 + movdqa %xmm0,%xmm2 + movdqu %xmm0,-16(%edx) +.L101loop_key128: +.byte 102,15,56,0,197 +.byte 102,15,56,221,196 + pslld $1,%xmm4 + leal 16(%edx),%edx + movdqa %xmm2,%xmm3 + pslldq $4,%xmm2 + pxor %xmm2,%xmm3 + pslldq $4,%xmm2 + pxor %xmm2,%xmm3 + pslldq $4,%xmm2 + pxor %xmm3,%xmm2 + pxor %xmm2,%xmm0 + movdqu %xmm0,-16(%edx) + movdqa %xmm0,%xmm2 + decl %ecx + jnz .L101loop_key128 + movdqa 48(%ebx),%xmm4 +.byte 102,15,56,0,197 +.byte 102,15,56,221,196 + pslld $1,%xmm4 + movdqa %xmm2,%xmm3 + pslldq $4,%xmm2 + pxor %xmm2,%xmm3 + pslldq $4,%xmm2 + pxor %xmm2,%xmm3 + pslldq $4,%xmm2 + pxor %xmm3,%xmm2 + pxor %xmm2,%xmm0 + movdqu %xmm0,(%edx) + movdqa %xmm0,%xmm2 +.byte 102,15,56,0,197 +.byte 102,15,56,221,196 + movdqa %xmm2,%xmm3 + pslldq $4,%xmm2 + pxor %xmm2,%xmm3 + pslldq $4,%xmm2 + pxor %xmm2,%xmm3 + pslldq $4,%xmm2 + pxor %xmm3,%xmm2 + pxor %xmm2,%xmm0 + movdqu %xmm0,16(%edx) + movl $9,%ecx + movl %ecx,96(%edx) + jmp .L100good_key +.align 16 +.L09412rounds: movq 16(%eax),%xmm2 + cmpl $268435456,%ebp + je .L10212rounds_alt movl $11,%ecx movups %xmm0,-16(%edx) .byte 102,15,58,223,202,1 - call .L095key_192a_cold + call .L103key_192a_cold .byte 102,15,58,223,202,2 - call .L096key_192b + call .L104key_192b .byte 102,15,58,223,202,4 - call .L097key_192a + call .L105key_192a .byte 102,15,58,223,202,8 - call .L096key_192b + call .L104key_192b .byte 102,15,58,223,202,16 - call .L097key_192a + call .L105key_192a .byte 102,15,58,223,202,32 - call .L096key_192b + call .L104key_192b .byte 102,15,58,223,202,64 - call .L097key_192a + call .L105key_192a .byte 102,15,58,223,202,128 - call .L096key_192b + call .L104key_192b movups %xmm0,(%edx) movl %ecx,48(%edx) - xorl %eax,%eax - ret + jmp .L100good_key .align 16 -.L097key_192a: +.L105key_192a: movups %xmm0,(%edx) leal 16(%edx),%edx .align 16 -.L095key_192a_cold: +.L103key_192a_cold: movaps %xmm2,%xmm5 -.L098key_192b_warm: +.L106key_192b_warm: shufps $16,%xmm0,%xmm4 movdqa %xmm2,%xmm3 xorps %xmm4,%xmm0 @@ -2083,56 +2235,90 @@ _aesni_set_encrypt_key: pxor %xmm3,%xmm2 ret .align 16 -.L096key_192b: +.L104key_192b: movaps %xmm0,%xmm3 shufps $68,%xmm0,%xmm5 movups %xmm5,(%edx) shufps $78,%xmm2,%xmm3 movups %xmm3,16(%edx) leal 32(%edx),%edx - jmp .L098key_192b_warm + jmp .L106key_192b_warm +.align 16 +.L10212rounds_alt: + movdqa 16(%ebx),%xmm5 + movdqa 32(%ebx),%xmm4 + movl $8,%ecx + movdqu %xmm0,-16(%edx) +.L107loop_key192: + movq %xmm2,(%edx) + movdqa %xmm2,%xmm1 +.byte 102,15,56,0,213 +.byte 102,15,56,221,212 + pslld $1,%xmm4 + leal 24(%edx),%edx + movdqa %xmm0,%xmm3 + pslldq $4,%xmm0 + pxor %xmm0,%xmm3 + pslldq $4,%xmm0 + pxor %xmm0,%xmm3 + pslldq $4,%xmm0 + pxor %xmm3,%xmm0 + pshufd $255,%xmm0,%xmm3 + pxor %xmm1,%xmm3 + pslldq $4,%xmm1 + pxor %xmm1,%xmm3 + pxor %xmm2,%xmm0 + pxor %xmm3,%xmm2 + movdqu %xmm0,-16(%edx) + decl %ecx + jnz .L107loop_key192 + movl $11,%ecx + movl %ecx,32(%edx) + jmp .L100good_key .align 16 -.L08914rounds: +.L09314rounds: movups 16(%eax),%xmm2 - movl $13,%ecx leal 16(%edx),%edx + cmpl $268435456,%ebp + je .L10814rounds_alt + movl $13,%ecx movups %xmm0,-32(%edx) movups %xmm2,-16(%edx) .byte 102,15,58,223,202,1 - call .L099key_256a_cold + call .L109key_256a_cold .byte 102,15,58,223,200,1 - call .L100key_256b + call .L110key_256b .byte 102,15,58,223,202,2 - call .L101key_256a + call .L111key_256a .byte 102,15,58,223,200,2 - call .L100key_256b + call .L110key_256b .byte 102,15,58,223,202,4 - call .L101key_256a + call .L111key_256a .byte 102,15,58,223,200,4 - call .L100key_256b + call .L110key_256b .byte 102,15,58,223,202,8 - call .L101key_256a + call .L111key_256a .byte 102,15,58,223,200,8 - call .L100key_256b + call .L110key_256b .byte 102,15,58,223,202,16 - call .L101key_256a + call .L111key_256a .byte 102,15,58,223,200,16 - call .L100key_256b + call .L110key_256b .byte 102,15,58,223,202,32 - call .L101key_256a + call .L111key_256a .byte 102,15,58,223,200,32 - call .L100key_256b + call .L110key_256b .byte 102,15,58,223,202,64 - call .L101key_256a + call .L111key_256a movups %xmm0,(%edx) movl %ecx,16(%edx) xorl %eax,%eax - ret + jmp .L100good_key .align 16 -.L101key_256a: +.L111key_256a: movups %xmm2,(%edx) leal 16(%edx),%edx -.L099key_256a_cold: +.L109key_256a_cold: shufps $16,%xmm0,%xmm4 xorps %xmm4,%xmm0 shufps $140,%xmm0,%xmm4 @@ -2141,7 +2327,7 @@ _aesni_set_encrypt_key: xorps %xmm1,%xmm0 ret .align 16 -.L100key_256b: +.L110key_256b: movups %xmm0,(%edx) leal 16(%edx),%edx shufps $16,%xmm2,%xmm4 @@ -2151,13 +2337,70 @@ _aesni_set_encrypt_key: shufps $170,%xmm1,%xmm1 xorps %xmm1,%xmm2 ret +.align 16 +.L10814rounds_alt: + movdqa (%ebx),%xmm5 + movdqa 32(%ebx),%xmm4 + movl $7,%ecx + movdqu %xmm0,-32(%edx) + movdqa %xmm2,%xmm1 + movdqu %xmm2,-16(%edx) +.L112loop_key256: +.byte 102,15,56,0,213 +.byte 102,15,56,221,212 + movdqa %xmm0,%xmm3 + pslldq $4,%xmm0 + pxor %xmm0,%xmm3 + pslldq $4,%xmm0 + pxor %xmm0,%xmm3 + pslldq $4,%xmm0 + pxor %xmm3,%xmm0 + pslld $1,%xmm4 + pxor %xmm2,%xmm0 + movdqu %xmm0,(%edx) + decl %ecx + jz .L113done_key256 + pshufd $255,%xmm0,%xmm2 + pxor %xmm3,%xmm3 +.byte 102,15,56,221,211 + movdqa %xmm1,%xmm3 + pslldq $4,%xmm1 + pxor %xmm1,%xmm3 + pslldq $4,%xmm1 + pxor %xmm1,%xmm3 + pslldq $4,%xmm1 + pxor %xmm3,%xmm1 + pxor %xmm1,%xmm2 + movdqu %xmm2,16(%edx) + leal 32(%edx),%edx + movdqa %xmm2,%xmm1 + jmp .L112loop_key256 +.L113done_key256: + movl $13,%ecx + movl %ecx,16(%edx) +.L100good_key: + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 + xorl %eax,%eax + popl %ebx + popl %ebp + ret .align 4 -.L088bad_pointer: +.L091bad_pointer: movl $-1,%eax + popl %ebx + popl %ebp ret .align 4 -.L091bad_keybits: +.L095bad_keybits: + pxor %xmm0,%xmm0 movl $-2,%eax + popl %ebx + popl %ebp ret .size _aesni_set_encrypt_key,.-_aesni_set_encrypt_key .globl aesni_set_encrypt_key @@ -2185,7 +2428,7 @@ aesni_set_decrypt_key: movl 12(%esp),%edx shll $4,%ecx testl %eax,%eax - jnz .L102dec_key_ret + jnz .L114dec_key_ret leal 16(%edx,%ecx,1),%eax movups (%edx),%xmm0 movups (%eax),%xmm1 @@ -2193,7 +2436,7 @@ aesni_set_decrypt_key: movups %xmm1,(%edx) leal 16(%edx),%edx leal -16(%eax),%eax -.L103dec_key_inverse: +.L115dec_key_inverse: movups (%edx),%xmm0 movups (%eax),%xmm1 .byte 102,15,56,219,192 @@ -2203,14 +2446,22 @@ aesni_set_decrypt_key: movups %xmm0,16(%eax) movups %xmm1,-16(%edx) cmpl %edx,%eax - ja .L103dec_key_inverse + ja .L115dec_key_inverse movups (%edx),%xmm0 .byte 102,15,56,219,192 movups %xmm0,(%edx) + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 xorl %eax,%eax -.L102dec_key_ret: +.L114dec_key_ret: ret .size aesni_set_decrypt_key,.-.L_aesni_set_decrypt_key_begin +.align 64 +.Lkey_const: +.long 202313229,202313229,202313229,202313229 +.long 67569157,67569157,67569157,67569157 +.long 1,1,1,1 +.long 27,27,27,27 .byte 65,69,83,32,102,111,114,32,73,110,116,101,108,32,65,69 .byte 83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83 .byte 32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115 diff --git a/linux-x86/crypto/bn/bn-586.S b/linux-x86/crypto/bn/bn-586.S index b953393..773beff 100644 --- a/linux-x86/crypto/bn/bn-586.S +++ b/linux-x86/crypto/bn/bn-586.S @@ -7,6 +7,102 @@ .align 16 bn_mul_add_words: .L_bn_mul_add_words_begin: + call .L000PIC_me_up +.L000PIC_me_up: + popl %eax + leal OPENSSL_ia32cap_P-.L000PIC_me_up(%eax),%eax + btl $26,(%eax) + jnc .L001maw_non_sse2 + movl 4(%esp),%eax + movl 8(%esp),%edx + movl 12(%esp),%ecx + movd 16(%esp),%mm0 + pxor %mm1,%mm1 + jmp .L002maw_sse2_entry +.align 16 +.L003maw_sse2_unrolled: + movd (%eax),%mm3 + paddq %mm3,%mm1 + movd (%edx),%mm2 + pmuludq %mm0,%mm2 + movd 4(%edx),%mm4 + pmuludq %mm0,%mm4 + movd 8(%edx),%mm6 + pmuludq %mm0,%mm6 + movd 12(%edx),%mm7 + pmuludq %mm0,%mm7 + paddq %mm2,%mm1 + movd 4(%eax),%mm3 + paddq %mm4,%mm3 + movd 8(%eax),%mm5 + paddq %mm6,%mm5 + movd 12(%eax),%mm4 + paddq %mm4,%mm7 + movd %mm1,(%eax) + movd 16(%edx),%mm2 + pmuludq %mm0,%mm2 + psrlq $32,%mm1 + movd 20(%edx),%mm4 + pmuludq %mm0,%mm4 + paddq %mm3,%mm1 + movd 24(%edx),%mm6 + pmuludq %mm0,%mm6 + movd %mm1,4(%eax) + psrlq $32,%mm1 + movd 28(%edx),%mm3 + addl $32,%edx + pmuludq %mm0,%mm3 + paddq %mm5,%mm1 + movd 16(%eax),%mm5 + paddq %mm5,%mm2 + movd %mm1,8(%eax) + psrlq $32,%mm1 + paddq %mm7,%mm1 + movd 20(%eax),%mm5 + paddq %mm5,%mm4 + movd %mm1,12(%eax) + psrlq $32,%mm1 + paddq %mm2,%mm1 + movd 24(%eax),%mm5 + paddq %mm5,%mm6 + movd %mm1,16(%eax) + psrlq $32,%mm1 + paddq %mm4,%mm1 + movd 28(%eax),%mm5 + paddq %mm5,%mm3 + movd %mm1,20(%eax) + psrlq $32,%mm1 + paddq %mm6,%mm1 + movd %mm1,24(%eax) + psrlq $32,%mm1 + paddq %mm3,%mm1 + movd %mm1,28(%eax) + leal 32(%eax),%eax + psrlq $32,%mm1 + subl $8,%ecx + jz .L004maw_sse2_exit +.L002maw_sse2_entry: + testl $4294967288,%ecx + jnz .L003maw_sse2_unrolled +.align 4 +.L005maw_sse2_loop: + movd (%edx),%mm2 + movd (%eax),%mm3 + pmuludq %mm0,%mm2 + leal 4(%edx),%edx + paddq %mm3,%mm1 + paddq %mm2,%mm1 + movd %mm1,(%eax) + subl $1,%ecx + psrlq $32,%mm1 + leal 4(%eax),%eax + jnz .L005maw_sse2_loop +.L004maw_sse2_exit: + movd %mm1,%eax + emms + ret +.align 16 +.L001maw_non_sse2: pushl %ebp pushl %ebx pushl %esi @@ -19,9 +115,9 @@ bn_mul_add_words: andl $4294967288,%ecx movl 32(%esp),%ebp pushl %ecx - jz .L000maw_finish + jz .L006maw_finish .align 16 -.L001maw_loop: +.L007maw_loop: movl (%ebx),%eax mull %ebp @@ -98,13 +194,13 @@ bn_mul_add_words: subl $8,%ecx leal 32(%ebx),%ebx leal 32(%edi),%edi - jnz .L001maw_loop -.L000maw_finish: + jnz .L007maw_loop +.L006maw_finish: movl 32(%esp),%ecx andl $7,%ecx - jnz .L002maw_finish2 - jmp .L003maw_end -.L002maw_finish2: + jnz .L008maw_finish2 + jmp .L009maw_end +.L008maw_finish2: movl (%ebx),%eax mull %ebp @@ -115,7 +211,7 @@ bn_mul_add_words: decl %ecx movl %eax,(%edi) movl %edx,%esi - jz .L003maw_end + jz .L009maw_end movl 4(%ebx),%eax mull %ebp @@ -126,7 +222,7 @@ bn_mul_add_words: decl %ecx movl %eax,4(%edi) movl %edx,%esi - jz .L003maw_end + jz .L009maw_end movl 8(%ebx),%eax mull %ebp @@ -137,7 +233,7 @@ bn_mul_add_words: decl %ecx movl %eax,8(%edi) movl %edx,%esi - jz .L003maw_end + jz .L009maw_end movl 12(%ebx),%eax mull %ebp @@ -148,7 +244,7 @@ bn_mul_add_words: decl %ecx movl %eax,12(%edi) movl %edx,%esi - jz .L003maw_end + jz .L009maw_end movl 16(%ebx),%eax mull %ebp @@ -159,7 +255,7 @@ bn_mul_add_words: decl %ecx movl %eax,16(%edi) movl %edx,%esi - jz .L003maw_end + jz .L009maw_end movl 20(%ebx),%eax mull %ebp @@ -170,7 +266,7 @@ bn_mul_add_words: decl %ecx movl %eax,20(%edi) movl %edx,%esi - jz .L003maw_end + jz .L009maw_end movl 24(%ebx),%eax mull %ebp @@ -180,7 +276,7 @@ bn_mul_add_words: adcl $0,%edx movl %eax,24(%edi) movl %edx,%esi -.L003maw_end: +.L009maw_end: movl %esi,%eax popl %ecx popl %edi @@ -195,6 +291,33 @@ bn_mul_add_words: .align 16 bn_mul_words: .L_bn_mul_words_begin: + call .L010PIC_me_up +.L010PIC_me_up: + popl %eax + leal OPENSSL_ia32cap_P-.L010PIC_me_up(%eax),%eax + btl $26,(%eax) + jnc .L011mw_non_sse2 + movl 4(%esp),%eax + movl 8(%esp),%edx + movl 12(%esp),%ecx + movd 16(%esp),%mm0 + pxor %mm1,%mm1 +.align 16 +.L012mw_sse2_loop: + movd (%edx),%mm2 + pmuludq %mm0,%mm2 + leal 4(%edx),%edx + paddq %mm2,%mm1 + movd %mm1,(%eax) + subl $1,%ecx + psrlq $32,%mm1 + leal 4(%eax),%eax + jnz .L012mw_sse2_loop + movd %mm1,%eax + emms + ret +.align 16 +.L011mw_non_sse2: pushl %ebp pushl %ebx pushl %esi @@ -206,8 +329,8 @@ bn_mul_words: movl 28(%esp),%ebp movl 32(%esp),%ecx andl $4294967288,%ebp - jz .L004mw_finish -.L005mw_loop: + jz .L013mw_finish +.L014mw_loop: movl (%ebx),%eax mull %ecx @@ -268,14 +391,14 @@ bn_mul_words: addl $32,%ebx addl $32,%edi subl $8,%ebp - jz .L004mw_finish - jmp .L005mw_loop -.L004mw_finish: + jz .L013mw_finish + jmp .L014mw_loop +.L013mw_finish: movl 28(%esp),%ebp andl $7,%ebp - jnz .L006mw_finish2 - jmp .L007mw_end -.L006mw_finish2: + jnz .L015mw_finish2 + jmp .L016mw_end +.L015mw_finish2: movl (%ebx),%eax mull %ecx @@ -284,7 +407,7 @@ bn_mul_words: movl %eax,(%edi) movl %edx,%esi decl %ebp - jz .L007mw_end + jz .L016mw_end movl 4(%ebx),%eax mull %ecx @@ -293,7 +416,7 @@ bn_mul_words: movl %eax,4(%edi) movl %edx,%esi decl %ebp - jz .L007mw_end + jz .L016mw_end movl 8(%ebx),%eax mull %ecx @@ -302,7 +425,7 @@ bn_mul_words: movl %eax,8(%edi) movl %edx,%esi decl %ebp - jz .L007mw_end + jz .L016mw_end movl 12(%ebx),%eax mull %ecx @@ -311,7 +434,7 @@ bn_mul_words: movl %eax,12(%edi) movl %edx,%esi decl %ebp - jz .L007mw_end + jz .L016mw_end movl 16(%ebx),%eax mull %ecx @@ -320,7 +443,7 @@ bn_mul_words: movl %eax,16(%edi) movl %edx,%esi decl %ebp - jz .L007mw_end + jz .L016mw_end movl 20(%ebx),%eax mull %ecx @@ -329,7 +452,7 @@ bn_mul_words: movl %eax,20(%edi) movl %edx,%esi decl %ebp - jz .L007mw_end + jz .L016mw_end movl 24(%ebx),%eax mull %ecx @@ -337,7 +460,7 @@ bn_mul_words: adcl $0,%edx movl %eax,24(%edi) movl %edx,%esi -.L007mw_end: +.L016mw_end: movl %esi,%eax popl %edi popl %esi @@ -351,6 +474,28 @@ bn_mul_words: .align 16 bn_sqr_words: .L_bn_sqr_words_begin: + call .L017PIC_me_up +.L017PIC_me_up: + popl %eax + leal OPENSSL_ia32cap_P-.L017PIC_me_up(%eax),%eax + btl $26,(%eax) + jnc .L018sqr_non_sse2 + movl 4(%esp),%eax + movl 8(%esp),%edx + movl 12(%esp),%ecx +.align 16 +.L019sqr_sse2_loop: + movd (%edx),%mm0 + pmuludq %mm0,%mm0 + leal 4(%edx),%edx + movq %mm0,(%eax) + subl $1,%ecx + leal 8(%eax),%eax + jnz .L019sqr_sse2_loop + emms + ret +.align 16 +.L018sqr_non_sse2: pushl %ebp pushl %ebx pushl %esi @@ -360,8 +505,8 @@ bn_sqr_words: movl 24(%esp),%edi movl 28(%esp),%ebx andl $4294967288,%ebx - jz .L008sw_finish -.L009sw_loop: + jz .L020sw_finish +.L021sw_loop: movl (%edi),%eax mull %eax @@ -406,59 +551,59 @@ bn_sqr_words: addl $32,%edi addl $64,%esi subl $8,%ebx - jnz .L009sw_loop -.L008sw_finish: + jnz .L021sw_loop +.L020sw_finish: movl 28(%esp),%ebx andl $7,%ebx - jz .L010sw_end + jz .L022sw_end movl (%edi),%eax mull %eax movl %eax,(%esi) decl %ebx movl %edx,4(%esi) - jz .L010sw_end + jz .L022sw_end movl 4(%edi),%eax mull %eax movl %eax,8(%esi) decl %ebx movl %edx,12(%esi) - jz .L010sw_end + jz .L022sw_end movl 8(%edi),%eax mull %eax movl %eax,16(%esi) decl %ebx movl %edx,20(%esi) - jz .L010sw_end + jz .L022sw_end movl 12(%edi),%eax mull %eax movl %eax,24(%esi) decl %ebx movl %edx,28(%esi) - jz .L010sw_end + jz .L022sw_end movl 16(%edi),%eax mull %eax movl %eax,32(%esi) decl %ebx movl %edx,36(%esi) - jz .L010sw_end + jz .L022sw_end movl 20(%edi),%eax mull %eax movl %eax,40(%esi) decl %ebx movl %edx,44(%esi) - jz .L010sw_end + jz .L022sw_end movl 24(%edi),%eax mull %eax movl %eax,48(%esi) movl %edx,52(%esi) -.L010sw_end: +.L022sw_end: popl %edi popl %esi popl %ebx @@ -494,8 +639,8 @@ bn_add_words: movl 32(%esp),%ebp xorl %eax,%eax andl $4294967288,%ebp - jz .L011aw_finish -.L012aw_loop: + jz .L023aw_finish +.L024aw_loop: movl (%esi),%ecx movl (%edi),%edx @@ -573,11 +718,11 @@ bn_add_words: addl $32,%edi addl $32,%ebx subl $8,%ebp - jnz .L012aw_loop -.L011aw_finish: + jnz .L024aw_loop +.L023aw_finish: movl 32(%esp),%ebp andl $7,%ebp - jz .L013aw_end + jz .L025aw_end movl (%esi),%ecx movl (%edi),%edx @@ -588,7 +733,7 @@ bn_add_words: adcl $0,%eax decl %ebp movl %ecx,(%ebx) - jz .L013aw_end + jz .L025aw_end movl 4(%esi),%ecx movl 4(%edi),%edx @@ -599,7 +744,7 @@ bn_add_words: adcl $0,%eax decl %ebp movl %ecx,4(%ebx) - jz .L013aw_end + jz .L025aw_end movl 8(%esi),%ecx movl 8(%edi),%edx @@ -610,7 +755,7 @@ bn_add_words: adcl $0,%eax decl %ebp movl %ecx,8(%ebx) - jz .L013aw_end + jz .L025aw_end movl 12(%esi),%ecx movl 12(%edi),%edx @@ -621,7 +766,7 @@ bn_add_words: adcl $0,%eax decl %ebp movl %ecx,12(%ebx) - jz .L013aw_end + jz .L025aw_end movl 16(%esi),%ecx movl 16(%edi),%edx @@ -632,7 +777,7 @@ bn_add_words: adcl $0,%eax decl %ebp movl %ecx,16(%ebx) - jz .L013aw_end + jz .L025aw_end movl 20(%esi),%ecx movl 20(%edi),%edx @@ -643,7 +788,7 @@ bn_add_words: adcl $0,%eax decl %ebp movl %ecx,20(%ebx) - jz .L013aw_end + jz .L025aw_end movl 24(%esi),%ecx movl 24(%edi),%edx @@ -653,7 +798,7 @@ bn_add_words: addl %edx,%ecx adcl $0,%eax movl %ecx,24(%ebx) -.L013aw_end: +.L025aw_end: popl %edi popl %esi popl %ebx @@ -677,8 +822,8 @@ bn_sub_words: movl 32(%esp),%ebp xorl %eax,%eax andl $4294967288,%ebp - jz .L014aw_finish -.L015aw_loop: + jz .L026aw_finish +.L027aw_loop: movl (%esi),%ecx movl (%edi),%edx @@ -756,11 +901,11 @@ bn_sub_words: addl $32,%edi addl $32,%ebx subl $8,%ebp - jnz .L015aw_loop -.L014aw_finish: + jnz .L027aw_loop +.L026aw_finish: movl 32(%esp),%ebp andl $7,%ebp - jz .L016aw_end + jz .L028aw_end movl (%esi),%ecx movl (%edi),%edx @@ -771,7 +916,7 @@ bn_sub_words: adcl $0,%eax decl %ebp movl %ecx,(%ebx) - jz .L016aw_end + jz .L028aw_end movl 4(%esi),%ecx movl 4(%edi),%edx @@ -782,7 +927,7 @@ bn_sub_words: adcl $0,%eax decl %ebp movl %ecx,4(%ebx) - jz .L016aw_end + jz .L028aw_end movl 8(%esi),%ecx movl 8(%edi),%edx @@ -793,7 +938,7 @@ bn_sub_words: adcl $0,%eax decl %ebp movl %ecx,8(%ebx) - jz .L016aw_end + jz .L028aw_end movl 12(%esi),%ecx movl 12(%edi),%edx @@ -804,7 +949,7 @@ bn_sub_words: adcl $0,%eax decl %ebp movl %ecx,12(%ebx) - jz .L016aw_end + jz .L028aw_end movl 16(%esi),%ecx movl 16(%edi),%edx @@ -815,7 +960,7 @@ bn_sub_words: adcl $0,%eax decl %ebp movl %ecx,16(%ebx) - jz .L016aw_end + jz .L028aw_end movl 20(%esi),%ecx movl 20(%edi),%edx @@ -826,7 +971,7 @@ bn_sub_words: adcl $0,%eax decl %ebp movl %ecx,20(%ebx) - jz .L016aw_end + jz .L028aw_end movl 24(%esi),%ecx movl 24(%edi),%edx @@ -836,7 +981,7 @@ bn_sub_words: subl %edx,%ecx adcl $0,%eax movl %ecx,24(%ebx) -.L016aw_end: +.L028aw_end: popl %edi popl %esi popl %ebx @@ -860,8 +1005,8 @@ bn_sub_part_words: movl 32(%esp),%ebp xorl %eax,%eax andl $4294967288,%ebp - jz .L017aw_finish -.L018aw_loop: + jz .L029aw_finish +.L030aw_loop: movl (%esi),%ecx movl (%edi),%edx @@ -939,11 +1084,11 @@ bn_sub_part_words: addl $32,%edi addl $32,%ebx subl $8,%ebp - jnz .L018aw_loop -.L017aw_finish: + jnz .L030aw_loop +.L029aw_finish: movl 32(%esp),%ebp andl $7,%ebp - jz .L019aw_end + jz .L031aw_end movl (%esi),%ecx movl (%edi),%edx @@ -957,7 +1102,7 @@ bn_sub_part_words: addl $4,%edi addl $4,%ebx decl %ebp - jz .L019aw_end + jz .L031aw_end movl (%esi),%ecx movl (%edi),%edx @@ -971,7 +1116,7 @@ bn_sub_part_words: addl $4,%edi addl $4,%ebx decl %ebp - jz .L019aw_end + jz .L031aw_end movl (%esi),%ecx movl (%edi),%edx @@ -985,7 +1130,7 @@ bn_sub_part_words: addl $4,%edi addl $4,%ebx decl %ebp - jz .L019aw_end + jz .L031aw_end movl (%esi),%ecx movl (%edi),%edx @@ -999,7 +1144,7 @@ bn_sub_part_words: addl $4,%edi addl $4,%ebx decl %ebp - jz .L019aw_end + jz .L031aw_end movl (%esi),%ecx movl (%edi),%edx @@ -1013,7 +1158,7 @@ bn_sub_part_words: addl $4,%edi addl $4,%ebx decl %ebp - jz .L019aw_end + jz .L031aw_end movl (%esi),%ecx movl (%edi),%edx @@ -1027,7 +1172,7 @@ bn_sub_part_words: addl $4,%edi addl $4,%ebx decl %ebp - jz .L019aw_end + jz .L031aw_end movl (%esi),%ecx movl (%edi),%edx @@ -1040,20 +1185,20 @@ bn_sub_part_words: addl $4,%esi addl $4,%edi addl $4,%ebx -.L019aw_end: +.L031aw_end: cmpl $0,36(%esp) - je .L020pw_end + je .L032pw_end movl 36(%esp),%ebp cmpl $0,%ebp - je .L020pw_end - jge .L021pw_pos + je .L032pw_end + jge .L033pw_pos movl $0,%edx subl %ebp,%edx movl %edx,%ebp andl $4294967288,%ebp - jz .L022pw_neg_finish -.L023pw_neg_loop: + jz .L034pw_neg_finish +.L035pw_neg_loop: movl $0,%ecx movl (%edi),%edx @@ -1130,13 +1275,13 @@ bn_sub_part_words: addl $32,%edi addl $32,%ebx subl $8,%ebp - jnz .L023pw_neg_loop -.L022pw_neg_finish: + jnz .L035pw_neg_loop +.L034pw_neg_finish: movl 36(%esp),%edx movl $0,%ebp subl %edx,%ebp andl $7,%ebp - jz .L020pw_end + jz .L032pw_end movl $0,%ecx movl (%edi),%edx @@ -1147,7 +1292,7 @@ bn_sub_part_words: adcl $0,%eax decl %ebp movl %ecx,(%ebx) - jz .L020pw_end + jz .L032pw_end movl $0,%ecx movl 4(%edi),%edx @@ -1158,7 +1303,7 @@ bn_sub_part_words: adcl $0,%eax decl %ebp movl %ecx,4(%ebx) - jz .L020pw_end + jz .L032pw_end movl $0,%ecx movl 8(%edi),%edx @@ -1169,7 +1314,7 @@ bn_sub_part_words: adcl $0,%eax decl %ebp movl %ecx,8(%ebx) - jz .L020pw_end + jz .L032pw_end movl $0,%ecx movl 12(%edi),%edx @@ -1180,7 +1325,7 @@ bn_sub_part_words: adcl $0,%eax decl %ebp movl %ecx,12(%ebx) - jz .L020pw_end + jz .L032pw_end movl $0,%ecx movl 16(%edi),%edx @@ -1191,7 +1336,7 @@ bn_sub_part_words: adcl $0,%eax decl %ebp movl %ecx,16(%ebx) - jz .L020pw_end + jz .L032pw_end movl $0,%ecx movl 20(%edi),%edx @@ -1202,7 +1347,7 @@ bn_sub_part_words: adcl $0,%eax decl %ebp movl %ecx,20(%ebx) - jz .L020pw_end + jz .L032pw_end movl $0,%ecx movl 24(%edi),%edx @@ -1212,178 +1357,178 @@ bn_sub_part_words: subl %edx,%ecx adcl $0,%eax movl %ecx,24(%ebx) - jmp .L020pw_end -.L021pw_pos: + jmp .L032pw_end +.L033pw_pos: andl $4294967288,%ebp - jz .L024pw_pos_finish -.L025pw_pos_loop: + jz .L036pw_pos_finish +.L037pw_pos_loop: movl (%esi),%ecx subl %eax,%ecx movl %ecx,(%ebx) - jnc .L026pw_nc0 + jnc .L038pw_nc0 movl 4(%esi),%ecx subl %eax,%ecx movl %ecx,4(%ebx) - jnc .L027pw_nc1 + jnc .L039pw_nc1 movl 8(%esi),%ecx subl %eax,%ecx movl %ecx,8(%ebx) - jnc .L028pw_nc2 + jnc .L040pw_nc2 movl 12(%esi),%ecx subl %eax,%ecx movl %ecx,12(%ebx) - jnc .L029pw_nc3 + jnc .L041pw_nc3 movl 16(%esi),%ecx subl %eax,%ecx movl %ecx,16(%ebx) - jnc .L030pw_nc4 + jnc .L042pw_nc4 movl 20(%esi),%ecx subl %eax,%ecx movl %ecx,20(%ebx) - jnc .L031pw_nc5 + jnc .L043pw_nc5 movl 24(%esi),%ecx subl %eax,%ecx movl %ecx,24(%ebx) - jnc .L032pw_nc6 + jnc .L044pw_nc6 movl 28(%esi),%ecx subl %eax,%ecx movl %ecx,28(%ebx) - jnc .L033pw_nc7 + jnc .L045pw_nc7 addl $32,%esi addl $32,%ebx subl $8,%ebp - jnz .L025pw_pos_loop -.L024pw_pos_finish: + jnz .L037pw_pos_loop +.L036pw_pos_finish: movl 36(%esp),%ebp andl $7,%ebp - jz .L020pw_end + jz .L032pw_end movl (%esi),%ecx subl %eax,%ecx movl %ecx,(%ebx) - jnc .L034pw_tail_nc0 + jnc .L046pw_tail_nc0 decl %ebp - jz .L020pw_end + jz .L032pw_end movl 4(%esi),%ecx subl %eax,%ecx movl %ecx,4(%ebx) - jnc .L035pw_tail_nc1 + jnc .L047pw_tail_nc1 decl %ebp - jz .L020pw_end + jz .L032pw_end movl 8(%esi),%ecx subl %eax,%ecx movl %ecx,8(%ebx) - jnc .L036pw_tail_nc2 + jnc .L048pw_tail_nc2 decl %ebp - jz .L020pw_end + jz .L032pw_end movl 12(%esi),%ecx subl %eax,%ecx movl %ecx,12(%ebx) - jnc .L037pw_tail_nc3 + jnc .L049pw_tail_nc3 decl %ebp - jz .L020pw_end + jz .L032pw_end movl 16(%esi),%ecx subl %eax,%ecx movl %ecx,16(%ebx) - jnc .L038pw_tail_nc4 + jnc .L050pw_tail_nc4 decl %ebp - jz .L020pw_end + jz .L032pw_end movl 20(%esi),%ecx subl %eax,%ecx movl %ecx,20(%ebx) - jnc .L039pw_tail_nc5 + jnc .L051pw_tail_nc5 decl %ebp - jz .L020pw_end + jz .L032pw_end movl 24(%esi),%ecx subl %eax,%ecx movl %ecx,24(%ebx) - jnc .L040pw_tail_nc6 + jnc .L052pw_tail_nc6 movl $1,%eax - jmp .L020pw_end -.L041pw_nc_loop: + jmp .L032pw_end +.L053pw_nc_loop: movl (%esi),%ecx movl %ecx,(%ebx) -.L026pw_nc0: +.L038pw_nc0: movl 4(%esi),%ecx movl %ecx,4(%ebx) -.L027pw_nc1: +.L039pw_nc1: movl 8(%esi),%ecx movl %ecx,8(%ebx) -.L028pw_nc2: +.L040pw_nc2: movl 12(%esi),%ecx movl %ecx,12(%ebx) -.L029pw_nc3: +.L041pw_nc3: movl 16(%esi),%ecx movl %ecx,16(%ebx) -.L030pw_nc4: +.L042pw_nc4: movl 20(%esi),%ecx movl %ecx,20(%ebx) -.L031pw_nc5: +.L043pw_nc5: movl 24(%esi),%ecx movl %ecx,24(%ebx) -.L032pw_nc6: +.L044pw_nc6: movl 28(%esi),%ecx movl %ecx,28(%ebx) -.L033pw_nc7: +.L045pw_nc7: addl $32,%esi addl $32,%ebx subl $8,%ebp - jnz .L041pw_nc_loop + jnz .L053pw_nc_loop movl 36(%esp),%ebp andl $7,%ebp - jz .L042pw_nc_end + jz .L054pw_nc_end movl (%esi),%ecx movl %ecx,(%ebx) -.L034pw_tail_nc0: +.L046pw_tail_nc0: decl %ebp - jz .L042pw_nc_end + jz .L054pw_nc_end movl 4(%esi),%ecx movl %ecx,4(%ebx) -.L035pw_tail_nc1: +.L047pw_tail_nc1: decl %ebp - jz .L042pw_nc_end + jz .L054pw_nc_end movl 8(%esi),%ecx movl %ecx,8(%ebx) -.L036pw_tail_nc2: +.L048pw_tail_nc2: decl %ebp - jz .L042pw_nc_end + jz .L054pw_nc_end movl 12(%esi),%ecx movl %ecx,12(%ebx) -.L037pw_tail_nc3: +.L049pw_tail_nc3: decl %ebp - jz .L042pw_nc_end + jz .L054pw_nc_end movl 16(%esi),%ecx movl %ecx,16(%ebx) -.L038pw_tail_nc4: +.L050pw_tail_nc4: decl %ebp - jz .L042pw_nc_end + jz .L054pw_nc_end movl 20(%esi),%ecx movl %ecx,20(%ebx) -.L039pw_tail_nc5: +.L051pw_tail_nc5: decl %ebp - jz .L042pw_nc_end + jz .L054pw_nc_end movl 24(%esi),%ecx movl %ecx,24(%ebx) -.L040pw_tail_nc6: -.L042pw_nc_end: +.L052pw_tail_nc6: +.L054pw_nc_end: movl $0,%eax -.L020pw_end: +.L032pw_end: popl %edi popl %esi popl %ebx diff --git a/linux-x86/crypto/bn/x86-mont.S b/linux-x86/crypto/bn/x86-mont.S index e2d23b3..1569b2c 100644 --- a/linux-x86/crypto/bn/x86-mont.S +++ b/linux-x86/crypto/bn/x86-mont.S @@ -44,6 +44,126 @@ bn_mul_mont: movl %esi,20(%esp) leal -3(%edi),%ebx movl %ebp,24(%esp) + call .L001PIC_me_up +.L001PIC_me_up: + popl %eax + leal OPENSSL_ia32cap_P-.L001PIC_me_up(%eax),%eax + btl $26,(%eax) + jnc .L002non_sse2 + movl $-1,%eax + movd %eax,%mm7 + movl 8(%esp),%esi + movl 12(%esp),%edi + movl 16(%esp),%ebp + xorl %edx,%edx + xorl %ecx,%ecx + movd (%edi),%mm4 + movd (%esi),%mm5 + movd (%ebp),%mm3 + pmuludq %mm4,%mm5 + movq %mm5,%mm2 + movq %mm5,%mm0 + pand %mm7,%mm0 + pmuludq 20(%esp),%mm5 + pmuludq %mm5,%mm3 + paddq %mm0,%mm3 + movd 4(%ebp),%mm1 + movd 4(%esi),%mm0 + psrlq $32,%mm2 + psrlq $32,%mm3 + incl %ecx +.align 16 +.L0031st: + pmuludq %mm4,%mm0 + pmuludq %mm5,%mm1 + paddq %mm0,%mm2 + paddq %mm1,%mm3 + movq %mm2,%mm0 + pand %mm7,%mm0 + movd 4(%ebp,%ecx,4),%mm1 + paddq %mm0,%mm3 + movd 4(%esi,%ecx,4),%mm0 + psrlq $32,%mm2 + movd %mm3,28(%esp,%ecx,4) + psrlq $32,%mm3 + leal 1(%ecx),%ecx + cmpl %ebx,%ecx + jl .L0031st + pmuludq %mm4,%mm0 + pmuludq %mm5,%mm1 + paddq %mm0,%mm2 + paddq %mm1,%mm3 + movq %mm2,%mm0 + pand %mm7,%mm0 + paddq %mm0,%mm3 + movd %mm3,28(%esp,%ecx,4) + psrlq $32,%mm2 + psrlq $32,%mm3 + paddq %mm2,%mm3 + movq %mm3,32(%esp,%ebx,4) + incl %edx +.L004outer: + xorl %ecx,%ecx + movd (%edi,%edx,4),%mm4 + movd (%esi),%mm5 + movd 32(%esp),%mm6 + movd (%ebp),%mm3 + pmuludq %mm4,%mm5 + paddq %mm6,%mm5 + movq %mm5,%mm0 + movq %mm5,%mm2 + pand %mm7,%mm0 + pmuludq 20(%esp),%mm5 + pmuludq %mm5,%mm3 + paddq %mm0,%mm3 + movd 36(%esp),%mm6 + movd 4(%ebp),%mm1 + movd 4(%esi),%mm0 + psrlq $32,%mm2 + psrlq $32,%mm3 + paddq %mm6,%mm2 + incl %ecx + decl %ebx +.L005inner: + pmuludq %mm4,%mm0 + pmuludq %mm5,%mm1 + paddq %mm0,%mm2 + paddq %mm1,%mm3 + movq %mm2,%mm0 + movd 36(%esp,%ecx,4),%mm6 + pand %mm7,%mm0 + movd 4(%ebp,%ecx,4),%mm1 + paddq %mm0,%mm3 + movd 4(%esi,%ecx,4),%mm0 + psrlq $32,%mm2 + movd %mm3,28(%esp,%ecx,4) + psrlq $32,%mm3 + paddq %mm6,%mm2 + decl %ebx + leal 1(%ecx),%ecx + jnz .L005inner + movl %ecx,%ebx + pmuludq %mm4,%mm0 + pmuludq %mm5,%mm1 + paddq %mm0,%mm2 + paddq %mm1,%mm3 + movq %mm2,%mm0 + pand %mm7,%mm0 + paddq %mm0,%mm3 + movd %mm3,28(%esp,%ecx,4) + psrlq $32,%mm2 + psrlq $32,%mm3 + movd 36(%esp,%ebx,4),%mm6 + paddq %mm2,%mm3 + paddq %mm6,%mm3 + movq %mm3,32(%esp,%ebx,4) + leal 1(%edx),%edx + cmpl %ebx,%edx + jle .L004outer + emms + jmp .L006common_tail +.align 16 +.L002non_sse2: movl 8(%esp),%esi leal 1(%ebx),%ebp movl 12(%esp),%edi @@ -54,12 +174,12 @@ bn_mul_mont: leal 4(%edi,%ebx,4),%eax orl %edx,%ebp movl (%edi),%edi - jz .L001bn_sqr_mont + jz .L007bn_sqr_mont movl %eax,28(%esp) movl (%esi),%eax xorl %edx,%edx .align 16 -.L002mull: +.L008mull: movl %edx,%ebp mull %edi addl %eax,%ebp @@ -68,7 +188,7 @@ bn_mul_mont: movl (%esi,%ecx,4),%eax cmpl %ebx,%ecx movl %ebp,28(%esp,%ecx,4) - jl .L002mull + jl .L008mull movl %edx,%ebp mull %edi movl 20(%esp),%edi @@ -86,9 +206,9 @@ bn_mul_mont: movl 4(%esi),%eax adcl $0,%edx incl %ecx - jmp .L0032ndmadd + jmp .L0092ndmadd .align 16 -.L0041stmadd: +.L0101stmadd: movl %edx,%ebp mull %edi addl 32(%esp,%ecx,4),%ebp @@ -99,7 +219,7 @@ bn_mul_mont: adcl $0,%edx cmpl %ebx,%ecx movl %ebp,28(%esp,%ecx,4) - jl .L0041stmadd + jl .L0101stmadd movl %edx,%ebp mull %edi addl 32(%esp,%ebx,4),%eax @@ -122,7 +242,7 @@ bn_mul_mont: adcl $0,%edx movl $1,%ecx .align 16 -.L0032ndmadd: +.L0092ndmadd: movl %edx,%ebp mull %edi addl 32(%esp,%ecx,4),%ebp @@ -133,7 +253,7 @@ bn_mul_mont: adcl $0,%edx cmpl %ebx,%ecx movl %ebp,24(%esp,%ecx,4) - jl .L0032ndmadd + jl .L0092ndmadd movl %edx,%ebp mull %edi addl 32(%esp,%ebx,4),%ebp @@ -149,16 +269,16 @@ bn_mul_mont: movl %edx,32(%esp,%ebx,4) cmpl 28(%esp),%ecx movl %eax,36(%esp,%ebx,4) - je .L005common_tail + je .L006common_tail movl (%ecx),%edi movl 8(%esp),%esi movl %ecx,12(%esp) xorl %ecx,%ecx xorl %edx,%edx movl (%esi),%eax - jmp .L0041stmadd + jmp .L0101stmadd .align 16 -.L001bn_sqr_mont: +.L007bn_sqr_mont: movl %ebx,(%esp) movl %ecx,12(%esp) movl %edi,%eax @@ -169,7 +289,7 @@ bn_mul_mont: andl $1,%ebx incl %ecx .align 16 -.L006sqr: +.L011sqr: movl (%esi,%ecx,4),%eax movl %edx,%ebp mull %edi @@ -181,7 +301,7 @@ bn_mul_mont: cmpl (%esp),%ecx movl %eax,%ebx movl %ebp,28(%esp,%ecx,4) - jl .L006sqr + jl .L011sqr movl (%esi,%ecx,4),%eax movl %edx,%ebp mull %edi @@ -205,7 +325,7 @@ bn_mul_mont: movl 4(%esi),%eax movl $1,%ecx .align 16 -.L0073rdmadd: +.L0123rdmadd: movl %edx,%ebp mull %edi addl 32(%esp,%ecx,4),%ebp @@ -224,7 +344,7 @@ bn_mul_mont: adcl $0,%edx cmpl %ebx,%ecx movl %ebp,24(%esp,%ecx,4) - jl .L0073rdmadd + jl .L0123rdmadd movl %edx,%ebp mull %edi addl 32(%esp,%ebx,4),%ebp @@ -240,7 +360,7 @@ bn_mul_mont: movl %edx,32(%esp,%ebx,4) cmpl %ebx,%ecx movl %eax,36(%esp,%ebx,4) - je .L005common_tail + je .L006common_tail movl 4(%esi,%ecx,4),%edi leal 1(%ecx),%ecx movl %edi,%eax @@ -252,12 +372,12 @@ bn_mul_mont: xorl %ebp,%ebp cmpl %ebx,%ecx leal 1(%ecx),%ecx - je .L008sqrlast + je .L013sqrlast movl %edx,%ebx shrl $1,%edx andl $1,%ebx .align 16 -.L009sqradd: +.L014sqradd: movl (%esi,%ecx,4),%eax movl %edx,%ebp mull %edi @@ -273,13 +393,13 @@ bn_mul_mont: cmpl (%esp),%ecx movl %ebp,28(%esp,%ecx,4) movl %eax,%ebx - jle .L009sqradd + jle .L014sqradd movl %edx,%ebp addl %edx,%edx shrl $31,%ebp addl %ebx,%edx adcl $0,%ebp -.L008sqrlast: +.L013sqrlast: movl 20(%esp),%edi movl 16(%esp),%esi imull 32(%esp),%edi @@ -294,9 +414,9 @@ bn_mul_mont: adcl $0,%edx movl $1,%ecx movl 4(%esi),%eax - jmp .L0073rdmadd + jmp .L0123rdmadd .align 16 -.L005common_tail: +.L006common_tail: movl 16(%esp),%ebp movl 4(%esp),%edi leal 32(%esp),%esi @@ -304,16 +424,16 @@ bn_mul_mont: movl %ebx,%ecx xorl %edx,%edx .align 16 -.L010sub: +.L015sub: sbbl (%ebp,%edx,4),%eax movl %eax,(%edi,%edx,4) decl %ecx movl 4(%esi,%edx,4),%eax leal 1(%edx),%edx - jge .L010sub + jge .L015sub sbbl $0,%eax .align 16 -.L011copy: +.L016copy: movl (%esi,%ebx,4),%edx movl (%edi,%ebx,4),%ebp xorl %ebp,%edx @@ -322,7 +442,7 @@ bn_mul_mont: movl %ecx,(%esi,%ebx,4) movl %edx,(%edi,%ebx,4) decl %ebx - jge .L011copy + jge .L016copy movl 24(%esp),%esp movl $1,%eax .L000just_leave: diff --git a/linux-x86/crypto/cpu-x86-asm.S b/linux-x86/crypto/cpu-x86-asm.S index b6f767b..24a8dd4 100644 --- a/linux-x86/crypto/cpu-x86-asm.S +++ b/linux-x86/crypto/cpu-x86-asm.S @@ -101,10 +101,6 @@ OPENSSL_ia32_cpuid: cmpl $0,%ebp jne .L005notintel orl $1073741824,%edx - andb $15,%ah - cmpb $15,%ah - jne .L005notintel - orl $1048576,%edx .L005notintel: btl $28,%edx jnc .L002generic @@ -241,6 +237,18 @@ OPENSSL_wipe_cpu: movl (%ecx),%ecx btl $1,(%ecx) jnc .L016no_x87 + andl $83886080,%ecx + cmpl $83886080,%ecx + jne .L017no_sse2 + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 + pxor %xmm6,%xmm6 + pxor %xmm7,%xmm7 +.L017no_sse2: .long 4007259865,4007259865,4007259865,4007259865,2430851995 .L016no_x87: leal 4(%esp),%eax @@ -257,11 +265,11 @@ OPENSSL_atomic_add: pushl %ebx nop movl (%edx),%eax -.L017spin: +.L018spin: leal (%eax,%ecx,1),%ebx nop .long 447811568 - jne .L017spin + jne .L018spin movl %ebx,%eax popl %ebx ret @@ -301,11 +309,11 @@ OPENSSL_indirect_call: OPENSSL_ia32_rdrand: .L_OPENSSL_ia32_rdrand_begin: movl $8,%ecx -.L018loop: +.L019loop: .byte 15,199,240 - jc .L019break - loop .L018loop -.L019break: + jc .L020break + loop .L019loop +.L020break: cmpl $0,%eax cmovel %ecx,%eax ret diff --git a/linux-x86/crypto/sha/sha1-586.S b/linux-x86/crypto/sha/sha1-586.S index 71ae5b3..808ccac 100644 --- a/linux-x86/crypto/sha/sha1-586.S +++ b/linux-x86/crypto/sha/sha1-586.S @@ -11,6 +11,23 @@ sha1_block_data_order: pushl %ebx pushl %esi pushl %edi + call .L000pic_point +.L000pic_point: + popl %ebp + leal OPENSSL_ia32cap_P-.L000pic_point(%ebp),%esi + leal .LK_XX_XX-.L000pic_point(%ebp),%ebp + movl (%esi),%eax + movl 4(%esi),%edx + testl $512,%edx + jz .L001x86 + movl 8(%esi),%ecx + testl $16777216,%eax + jz .L001x86 + testl $536870912,%ecx + jnz .Lshaext_shortcut + jmp .Lssse3_shortcut +.align 16 +.L001x86: movl 20(%esp),%ebp movl 24(%esp),%esi movl 28(%esp),%eax @@ -19,9 +36,9 @@ sha1_block_data_order: addl %esi,%eax movl %eax,104(%esp) movl 16(%ebp),%edi - jmp .L000loop + jmp .L002loop .align 16 -.L000loop: +.L002loop: movl (%esi),%eax movl 4(%esi),%ebx movl 8(%esi),%ecx @@ -1368,7 +1385,7 @@ sha1_block_data_order: movl %ebx,12(%ebp) movl %edx,%esi movl %ecx,16(%ebp) - jb .L000loop + jb .L002loop addl $76,%esp popl %edi popl %esi @@ -1376,6 +1393,1405 @@ sha1_block_data_order: popl %ebp ret .size sha1_block_data_order,.-.L_sha1_block_data_order_begin +.hidden _sha1_block_data_order_shaext +.type _sha1_block_data_order_shaext,@function +.align 16 +_sha1_block_data_order_shaext: + pushl %ebp + pushl %ebx + pushl %esi + pushl %edi + call .L003pic_point +.L003pic_point: + popl %ebp + leal .LK_XX_XX-.L003pic_point(%ebp),%ebp +.Lshaext_shortcut: + movl 20(%esp),%edi + movl %esp,%ebx + movl 24(%esp),%esi + movl 28(%esp),%ecx + subl $32,%esp + movdqu (%edi),%xmm0 + movd 16(%edi),%xmm1 + andl $-32,%esp + movdqa 80(%ebp),%xmm3 + movdqu (%esi),%xmm4 + pshufd $27,%xmm0,%xmm0 + movdqu 16(%esi),%xmm5 + pshufd $27,%xmm1,%xmm1 + movdqu 32(%esi),%xmm6 +.byte 102,15,56,0,227 + movdqu 48(%esi),%xmm7 +.byte 102,15,56,0,235 +.byte 102,15,56,0,243 +.byte 102,15,56,0,251 + jmp .L004loop_shaext +.align 16 +.L004loop_shaext: + decl %ecx + leal 64(%esi),%eax + movdqa %xmm1,(%esp) + paddd %xmm4,%xmm1 + cmovnel %eax,%esi + movdqa %xmm0,16(%esp) +.byte 15,56,201,229 + movdqa %xmm0,%xmm2 +.byte 15,58,204,193,0 +.byte 15,56,200,213 + pxor %xmm6,%xmm4 +.byte 15,56,201,238 +.byte 15,56,202,231 + movdqa %xmm0,%xmm1 +.byte 15,58,204,194,0 +.byte 15,56,200,206 + pxor %xmm7,%xmm5 +.byte 15,56,202,236 +.byte 15,56,201,247 + movdqa %xmm0,%xmm2 +.byte 15,58,204,193,0 +.byte 15,56,200,215 + pxor %xmm4,%xmm6 +.byte 15,56,201,252 +.byte 15,56,202,245 + movdqa %xmm0,%xmm1 +.byte 15,58,204,194,0 +.byte 15,56,200,204 + pxor %xmm5,%xmm7 +.byte 15,56,202,254 +.byte 15,56,201,229 + movdqa %xmm0,%xmm2 +.byte 15,58,204,193,0 +.byte 15,56,200,213 + pxor %xmm6,%xmm4 +.byte 15,56,201,238 +.byte 15,56,202,231 + movdqa %xmm0,%xmm1 +.byte 15,58,204,194,1 +.byte 15,56,200,206 + pxor %xmm7,%xmm5 +.byte 15,56,202,236 +.byte 15,56,201,247 + movdqa %xmm0,%xmm2 +.byte 15,58,204,193,1 +.byte 15,56,200,215 + pxor %xmm4,%xmm6 +.byte 15,56,201,252 +.byte 15,56,202,245 + movdqa %xmm0,%xmm1 +.byte 15,58,204,194,1 +.byte 15,56,200,204 + pxor %xmm5,%xmm7 +.byte 15,56,202,254 +.byte 15,56,201,229 + movdqa %xmm0,%xmm2 +.byte 15,58,204,193,1 +.byte 15,56,200,213 + pxor %xmm6,%xmm4 +.byte 15,56,201,238 +.byte 15,56,202,231 + movdqa %xmm0,%xmm1 +.byte 15,58,204,194,1 +.byte 15,56,200,206 + pxor %xmm7,%xmm5 +.byte 15,56,202,236 +.byte 15,56,201,247 + movdqa %xmm0,%xmm2 +.byte 15,58,204,193,2 +.byte 15,56,200,215 + pxor %xmm4,%xmm6 +.byte 15,56,201,252 +.byte 15,56,202,245 + movdqa %xmm0,%xmm1 +.byte 15,58,204,194,2 +.byte 15,56,200,204 + pxor %xmm5,%xmm7 +.byte 15,56,202,254 +.byte 15,56,201,229 + movdqa %xmm0,%xmm2 +.byte 15,58,204,193,2 +.byte 15,56,200,213 + pxor %xmm6,%xmm4 +.byte 15,56,201,238 +.byte 15,56,202,231 + movdqa %xmm0,%xmm1 +.byte 15,58,204,194,2 +.byte 15,56,200,206 + pxor %xmm7,%xmm5 +.byte 15,56,202,236 +.byte 15,56,201,247 + movdqa %xmm0,%xmm2 +.byte 15,58,204,193,2 +.byte 15,56,200,215 + pxor %xmm4,%xmm6 +.byte 15,56,201,252 +.byte 15,56,202,245 + movdqa %xmm0,%xmm1 +.byte 15,58,204,194,3 +.byte 15,56,200,204 + pxor %xmm5,%xmm7 +.byte 15,56,202,254 + movdqu (%esi),%xmm4 + movdqa %xmm0,%xmm2 +.byte 15,58,204,193,3 +.byte 15,56,200,213 + movdqu 16(%esi),%xmm5 +.byte 102,15,56,0,227 + movdqa %xmm0,%xmm1 +.byte 15,58,204,194,3 +.byte 15,56,200,206 + movdqu 32(%esi),%xmm6 +.byte 102,15,56,0,235 + movdqa %xmm0,%xmm2 +.byte 15,58,204,193,3 +.byte 15,56,200,215 + movdqu 48(%esi),%xmm7 +.byte 102,15,56,0,243 + movdqa %xmm0,%xmm1 +.byte 15,58,204,194,3 + movdqa (%esp),%xmm2 +.byte 102,15,56,0,251 +.byte 15,56,200,202 + paddd 16(%esp),%xmm0 + jnz .L004loop_shaext + pshufd $27,%xmm0,%xmm0 + pshufd $27,%xmm1,%xmm1 + movdqu %xmm0,(%edi) + movd %xmm1,16(%edi) + movl %ebx,%esp + popl %edi + popl %esi + popl %ebx + popl %ebp + ret +.size _sha1_block_data_order_shaext,.-_sha1_block_data_order_shaext +.hidden _sha1_block_data_order_ssse3 +.type _sha1_block_data_order_ssse3,@function +.align 16 +_sha1_block_data_order_ssse3: + pushl %ebp + pushl %ebx + pushl %esi + pushl %edi + call .L005pic_point +.L005pic_point: + popl %ebp + leal .LK_XX_XX-.L005pic_point(%ebp),%ebp +.Lssse3_shortcut: + movdqa (%ebp),%xmm7 + movdqa 16(%ebp),%xmm0 + movdqa 32(%ebp),%xmm1 + movdqa 48(%ebp),%xmm2 + movdqa 64(%ebp),%xmm6 + movl 20(%esp),%edi + movl 24(%esp),%ebp + movl 28(%esp),%edx + movl %esp,%esi + subl $208,%esp + andl $-64,%esp + movdqa %xmm0,112(%esp) + movdqa %xmm1,128(%esp) + movdqa %xmm2,144(%esp) + shll $6,%edx + movdqa %xmm7,160(%esp) + addl %ebp,%edx + movdqa %xmm6,176(%esp) + addl $64,%ebp + movl %edi,192(%esp) + movl %ebp,196(%esp) + movl %edx,200(%esp) + movl %esi,204(%esp) + movl (%edi),%eax + movl 4(%edi),%ebx + movl 8(%edi),%ecx + movl 12(%edi),%edx + movl 16(%edi),%edi + movl %ebx,%esi + movdqu -64(%ebp),%xmm0 + movdqu -48(%ebp),%xmm1 + movdqu -32(%ebp),%xmm2 + movdqu -16(%ebp),%xmm3 +.byte 102,15,56,0,198 +.byte 102,15,56,0,206 +.byte 102,15,56,0,214 + movdqa %xmm7,96(%esp) +.byte 102,15,56,0,222 + paddd %xmm7,%xmm0 + paddd %xmm7,%xmm1 + paddd %xmm7,%xmm2 + movdqa %xmm0,(%esp) + psubd %xmm7,%xmm0 + movdqa %xmm1,16(%esp) + psubd %xmm7,%xmm1 + movdqa %xmm2,32(%esp) + movl %ecx,%ebp + psubd %xmm7,%xmm2 + xorl %edx,%ebp + pshufd $238,%xmm0,%xmm4 + andl %ebp,%esi + jmp .L006loop +.align 16 +.L006loop: + rorl $2,%ebx + xorl %edx,%esi + movl %eax,%ebp + punpcklqdq %xmm1,%xmm4 + movdqa %xmm3,%xmm6 + addl (%esp),%edi + xorl %ecx,%ebx + paddd %xmm3,%xmm7 + movdqa %xmm0,64(%esp) + roll $5,%eax + addl %esi,%edi + psrldq $4,%xmm6 + andl %ebx,%ebp + xorl %ecx,%ebx + pxor %xmm0,%xmm4 + addl %eax,%edi + rorl $7,%eax + pxor %xmm2,%xmm6 + xorl %ecx,%ebp + movl %edi,%esi + addl 4(%esp),%edx + pxor %xmm6,%xmm4 + xorl %ebx,%eax + roll $5,%edi + movdqa %xmm7,48(%esp) + addl %ebp,%edx + andl %eax,%esi + movdqa %xmm4,%xmm0 + xorl %ebx,%eax + addl %edi,%edx + rorl $7,%edi + movdqa %xmm4,%xmm6 + xorl %ebx,%esi + pslldq $12,%xmm0 + paddd %xmm4,%xmm4 + movl %edx,%ebp + addl 8(%esp),%ecx + psrld $31,%xmm6 + xorl %eax,%edi + roll $5,%edx + movdqa %xmm0,%xmm7 + addl %esi,%ecx + andl %edi,%ebp + xorl %eax,%edi + psrld $30,%xmm0 + addl %edx,%ecx + rorl $7,%edx + por %xmm6,%xmm4 + xorl %eax,%ebp + movl %ecx,%esi + addl 12(%esp),%ebx + pslld $2,%xmm7 + xorl %edi,%edx + roll $5,%ecx + pxor %xmm0,%xmm4 + movdqa 96(%esp),%xmm0 + addl %ebp,%ebx + andl %edx,%esi + pxor %xmm7,%xmm4 + pshufd $238,%xmm1,%xmm5 + xorl %edi,%edx + addl %ecx,%ebx + rorl $7,%ecx + xorl %edi,%esi + movl %ebx,%ebp + punpcklqdq %xmm2,%xmm5 + movdqa %xmm4,%xmm7 + addl 16(%esp),%eax + xorl %edx,%ecx + paddd %xmm4,%xmm0 + movdqa %xmm1,80(%esp) + roll $5,%ebx + addl %esi,%eax + psrldq $4,%xmm7 + andl %ecx,%ebp + xorl %edx,%ecx + pxor %xmm1,%xmm5 + addl %ebx,%eax + rorl $7,%ebx + pxor %xmm3,%xmm7 + xorl %edx,%ebp + movl %eax,%esi + addl 20(%esp),%edi + pxor %xmm7,%xmm5 + xorl %ecx,%ebx + roll $5,%eax + movdqa %xmm0,(%esp) + addl %ebp,%edi + andl %ebx,%esi + movdqa %xmm5,%xmm1 + xorl %ecx,%ebx + addl %eax,%edi + rorl $7,%eax + movdqa %xmm5,%xmm7 + xorl %ecx,%esi + pslldq $12,%xmm1 + paddd %xmm5,%xmm5 + movl %edi,%ebp + addl 24(%esp),%edx + psrld $31,%xmm7 + xorl %ebx,%eax + roll $5,%edi + movdqa %xmm1,%xmm0 + addl %esi,%edx + andl %eax,%ebp + xorl %ebx,%eax + psrld $30,%xmm1 + addl %edi,%edx + rorl $7,%edi + por %xmm7,%xmm5 + xorl %ebx,%ebp + movl %edx,%esi + addl 28(%esp),%ecx + pslld $2,%xmm0 + xorl %eax,%edi + roll $5,%edx + pxor %xmm1,%xmm5 + movdqa 112(%esp),%xmm1 + addl %ebp,%ecx + andl %edi,%esi + pxor %xmm0,%xmm5 + pshufd $238,%xmm2,%xmm6 + xorl %eax,%edi + addl %edx,%ecx + rorl $7,%edx + xorl %eax,%esi + movl %ecx,%ebp + punpcklqdq %xmm3,%xmm6 + movdqa %xmm5,%xmm0 + addl 32(%esp),%ebx + xorl %edi,%edx + paddd %xmm5,%xmm1 + movdqa %xmm2,96(%esp) + roll $5,%ecx + addl %esi,%ebx + psrldq $4,%xmm0 + andl %edx,%ebp + xorl %edi,%edx + pxor %xmm2,%xmm6 + addl %ecx,%ebx + rorl $7,%ecx + pxor %xmm4,%xmm0 + xorl %edi,%ebp + movl %ebx,%esi + addl 36(%esp),%eax + pxor %xmm0,%xmm6 + xorl %edx,%ecx + roll $5,%ebx + movdqa %xmm1,16(%esp) + addl %ebp,%eax + andl %ecx,%esi + movdqa %xmm6,%xmm2 + xorl %edx,%ecx + addl %ebx,%eax + rorl $7,%ebx + movdqa %xmm6,%xmm0 + xorl %edx,%esi + pslldq $12,%xmm2 + paddd %xmm6,%xmm6 + movl %eax,%ebp + addl 40(%esp),%edi + psrld $31,%xmm0 + xorl %ecx,%ebx + roll $5,%eax + movdqa %xmm2,%xmm1 + addl %esi,%edi + andl %ebx,%ebp + xorl %ecx,%ebx + psrld $30,%xmm2 + addl %eax,%edi + rorl $7,%eax + por %xmm0,%xmm6 + xorl %ecx,%ebp + movdqa 64(%esp),%xmm0 + movl %edi,%esi + addl 44(%esp),%edx + pslld $2,%xmm1 + xorl %ebx,%eax + roll $5,%edi + pxor %xmm2,%xmm6 + movdqa 112(%esp),%xmm2 + addl %ebp,%edx + andl %eax,%esi + pxor %xmm1,%xmm6 + pshufd $238,%xmm3,%xmm7 + xorl %ebx,%eax + addl %edi,%edx + rorl $7,%edi + xorl %ebx,%esi + movl %edx,%ebp + punpcklqdq %xmm4,%xmm7 + movdqa %xmm6,%xmm1 + addl 48(%esp),%ecx + xorl %eax,%edi + paddd %xmm6,%xmm2 + movdqa %xmm3,64(%esp) + roll $5,%edx + addl %esi,%ecx + psrldq $4,%xmm1 + andl %edi,%ebp + xorl %eax,%edi + pxor %xmm3,%xmm7 + addl %edx,%ecx + rorl $7,%edx + pxor %xmm5,%xmm1 + xorl %eax,%ebp + movl %ecx,%esi + addl 52(%esp),%ebx + pxor %xmm1,%xmm7 + xorl %edi,%edx + roll $5,%ecx + movdqa %xmm2,32(%esp) + addl %ebp,%ebx + andl %edx,%esi + movdqa %xmm7,%xmm3 + xorl %edi,%edx + addl %ecx,%ebx + rorl $7,%ecx + movdqa %xmm7,%xmm1 + xorl %edi,%esi + pslldq $12,%xmm3 + paddd %xmm7,%xmm7 + movl %ebx,%ebp + addl 56(%esp),%eax + psrld $31,%xmm1 + xorl %edx,%ecx + roll $5,%ebx + movdqa %xmm3,%xmm2 + addl %esi,%eax + andl %ecx,%ebp + xorl %edx,%ecx + psrld $30,%xmm3 + addl %ebx,%eax + rorl $7,%ebx + por %xmm1,%xmm7 + xorl %edx,%ebp + movdqa 80(%esp),%xmm1 + movl %eax,%esi + addl 60(%esp),%edi + pslld $2,%xmm2 + xorl %ecx,%ebx + roll $5,%eax + pxor %xmm3,%xmm7 + movdqa 112(%esp),%xmm3 + addl %ebp,%edi + andl %ebx,%esi + pxor %xmm2,%xmm7 + pshufd $238,%xmm6,%xmm2 + xorl %ecx,%ebx + addl %eax,%edi + rorl $7,%eax + pxor %xmm4,%xmm0 + punpcklqdq %xmm7,%xmm2 + xorl %ecx,%esi + movl %edi,%ebp + addl (%esp),%edx + pxor %xmm1,%xmm0 + movdqa %xmm4,80(%esp) + xorl %ebx,%eax + roll $5,%edi + movdqa %xmm3,%xmm4 + addl %esi,%edx + paddd %xmm7,%xmm3 + andl %eax,%ebp + pxor %xmm2,%xmm0 + xorl %ebx,%eax + addl %edi,%edx + rorl $7,%edi + xorl %ebx,%ebp + movdqa %xmm0,%xmm2 + movdqa %xmm3,48(%esp) + movl %edx,%esi + addl 4(%esp),%ecx + xorl %eax,%edi + roll $5,%edx + pslld $2,%xmm0 + addl %ebp,%ecx + andl %edi,%esi + psrld $30,%xmm2 + xorl %eax,%edi + addl %edx,%ecx + rorl $7,%edx + xorl %eax,%esi + movl %ecx,%ebp + addl 8(%esp),%ebx + xorl %edi,%edx + roll $5,%ecx + por %xmm2,%xmm0 + addl %esi,%ebx + andl %edx,%ebp + movdqa 96(%esp),%xmm2 + xorl %edi,%edx + addl %ecx,%ebx + addl 12(%esp),%eax + xorl %edi,%ebp + movl %ebx,%esi + pshufd $238,%xmm7,%xmm3 + roll $5,%ebx + addl %ebp,%eax + xorl %edx,%esi + rorl $7,%ecx + addl %ebx,%eax + addl 16(%esp),%edi + pxor %xmm5,%xmm1 + punpcklqdq %xmm0,%xmm3 + xorl %ecx,%esi + movl %eax,%ebp + roll $5,%eax + pxor %xmm2,%xmm1 + movdqa %xmm5,96(%esp) + addl %esi,%edi + xorl %ecx,%ebp + movdqa %xmm4,%xmm5 + rorl $7,%ebx + paddd %xmm0,%xmm4 + addl %eax,%edi + pxor %xmm3,%xmm1 + addl 20(%esp),%edx + xorl %ebx,%ebp + movl %edi,%esi + roll $5,%edi + movdqa %xmm1,%xmm3 + movdqa %xmm4,(%esp) + addl %ebp,%edx + xorl %ebx,%esi + rorl $7,%eax + addl %edi,%edx + pslld $2,%xmm1 + addl 24(%esp),%ecx + xorl %eax,%esi + psrld $30,%xmm3 + movl %edx,%ebp + roll $5,%edx + addl %esi,%ecx + xorl %eax,%ebp + rorl $7,%edi + addl %edx,%ecx + por %xmm3,%xmm1 + addl 28(%esp),%ebx + xorl %edi,%ebp + movdqa 64(%esp),%xmm3 + movl %ecx,%esi + roll $5,%ecx + addl %ebp,%ebx + xorl %edi,%esi + rorl $7,%edx + pshufd $238,%xmm0,%xmm4 + addl %ecx,%ebx + addl 32(%esp),%eax + pxor %xmm6,%xmm2 + punpcklqdq %xmm1,%xmm4 + xorl %edx,%esi + movl %ebx,%ebp + roll $5,%ebx + pxor %xmm3,%xmm2 + movdqa %xmm6,64(%esp) + addl %esi,%eax + xorl %edx,%ebp + movdqa 128(%esp),%xmm6 + rorl $7,%ecx + paddd %xmm1,%xmm5 + addl %ebx,%eax + pxor %xmm4,%xmm2 + addl 36(%esp),%edi + xorl %ecx,%ebp + movl %eax,%esi + roll $5,%eax + movdqa %xmm2,%xmm4 + movdqa %xmm5,16(%esp) + addl %ebp,%edi + xorl %ecx,%esi + rorl $7,%ebx + addl %eax,%edi + pslld $2,%xmm2 + addl 40(%esp),%edx + xorl %ebx,%esi + psrld $30,%xmm4 + movl %edi,%ebp + roll $5,%edi + addl %esi,%edx + xorl %ebx,%ebp + rorl $7,%eax + addl %edi,%edx + por %xmm4,%xmm2 + addl 44(%esp),%ecx + xorl %eax,%ebp + movdqa 80(%esp),%xmm4 + movl %edx,%esi + roll $5,%edx + addl %ebp,%ecx + xorl %eax,%esi + rorl $7,%edi + pshufd $238,%xmm1,%xmm5 + addl %edx,%ecx + addl 48(%esp),%ebx + pxor %xmm7,%xmm3 + punpcklqdq %xmm2,%xmm5 + xorl %edi,%esi + movl %ecx,%ebp + roll $5,%ecx + pxor %xmm4,%xmm3 + movdqa %xmm7,80(%esp) + addl %esi,%ebx + xorl %edi,%ebp + movdqa %xmm6,%xmm7 + rorl $7,%edx + paddd %xmm2,%xmm6 + addl %ecx,%ebx + pxor %xmm5,%xmm3 + addl 52(%esp),%eax + xorl %edx,%ebp + movl %ebx,%esi + roll $5,%ebx + movdqa %xmm3,%xmm5 + movdqa %xmm6,32(%esp) + addl %ebp,%eax + xorl %edx,%esi + rorl $7,%ecx + addl %ebx,%eax + pslld $2,%xmm3 + addl 56(%esp),%edi + xorl %ecx,%esi + psrld $30,%xmm5 + movl %eax,%ebp + roll $5,%eax + addl %esi,%edi + xorl %ecx,%ebp + rorl $7,%ebx + addl %eax,%edi + por %xmm5,%xmm3 + addl 60(%esp),%edx + xorl %ebx,%ebp + movdqa 96(%esp),%xmm5 + movl %edi,%esi + roll $5,%edi + addl %ebp,%edx + xorl %ebx,%esi + rorl $7,%eax + pshufd $238,%xmm2,%xmm6 + addl %edi,%edx + addl (%esp),%ecx + pxor %xmm0,%xmm4 + punpcklqdq %xmm3,%xmm6 + xorl %eax,%esi + movl %edx,%ebp + roll $5,%edx + pxor %xmm5,%xmm4 + movdqa %xmm0,96(%esp) + addl %esi,%ecx + xorl %eax,%ebp + movdqa %xmm7,%xmm0 + rorl $7,%edi + paddd %xmm3,%xmm7 + addl %edx,%ecx + pxor %xmm6,%xmm4 + addl 4(%esp),%ebx + xorl %edi,%ebp + movl %ecx,%esi + roll $5,%ecx + movdqa %xmm4,%xmm6 + movdqa %xmm7,48(%esp) + addl %ebp,%ebx + xorl %edi,%esi + rorl $7,%edx + addl %ecx,%ebx + pslld $2,%xmm4 + addl 8(%esp),%eax + xorl %edx,%esi + psrld $30,%xmm6 + movl %ebx,%ebp + roll $5,%ebx + addl %esi,%eax + xorl %edx,%ebp + rorl $7,%ecx + addl %ebx,%eax + por %xmm6,%xmm4 + addl 12(%esp),%edi + xorl %ecx,%ebp + movdqa 64(%esp),%xmm6 + movl %eax,%esi + roll $5,%eax + addl %ebp,%edi + xorl %ecx,%esi + rorl $7,%ebx + pshufd $238,%xmm3,%xmm7 + addl %eax,%edi + addl 16(%esp),%edx + pxor %xmm1,%xmm5 + punpcklqdq %xmm4,%xmm7 + xorl %ebx,%esi + movl %edi,%ebp + roll $5,%edi + pxor %xmm6,%xmm5 + movdqa %xmm1,64(%esp) + addl %esi,%edx + xorl %ebx,%ebp + movdqa %xmm0,%xmm1 + rorl $7,%eax + paddd %xmm4,%xmm0 + addl %edi,%edx + pxor %xmm7,%xmm5 + addl 20(%esp),%ecx + xorl %eax,%ebp + movl %edx,%esi + roll $5,%edx + movdqa %xmm5,%xmm7 + movdqa %xmm0,(%esp) + addl %ebp,%ecx + xorl %eax,%esi + rorl $7,%edi + addl %edx,%ecx + pslld $2,%xmm5 + addl 24(%esp),%ebx + xorl %edi,%esi + psrld $30,%xmm7 + movl %ecx,%ebp + roll $5,%ecx + addl %esi,%ebx + xorl %edi,%ebp + rorl $7,%edx + addl %ecx,%ebx + por %xmm7,%xmm5 + addl 28(%esp),%eax + movdqa 80(%esp),%xmm7 + rorl $7,%ecx + movl %ebx,%esi + xorl %edx,%ebp + roll $5,%ebx + pshufd $238,%xmm4,%xmm0 + addl %ebp,%eax + xorl %ecx,%esi + xorl %edx,%ecx + addl %ebx,%eax + addl 32(%esp),%edi + pxor %xmm2,%xmm6 + punpcklqdq %xmm5,%xmm0 + andl %ecx,%esi + xorl %edx,%ecx + rorl $7,%ebx + pxor %xmm7,%xmm6 + movdqa %xmm2,80(%esp) + movl %eax,%ebp + xorl %ecx,%esi + roll $5,%eax + movdqa %xmm1,%xmm2 + addl %esi,%edi + paddd %xmm5,%xmm1 + xorl %ebx,%ebp + pxor %xmm0,%xmm6 + xorl %ecx,%ebx + addl %eax,%edi + addl 36(%esp),%edx + andl %ebx,%ebp + movdqa %xmm6,%xmm0 + movdqa %xmm1,16(%esp) + xorl %ecx,%ebx + rorl $7,%eax + movl %edi,%esi + xorl %ebx,%ebp + roll $5,%edi + pslld $2,%xmm6 + addl %ebp,%edx + xorl %eax,%esi + psrld $30,%xmm0 + xorl %ebx,%eax + addl %edi,%edx + addl 40(%esp),%ecx + andl %eax,%esi + xorl %ebx,%eax + rorl $7,%edi + por %xmm0,%xmm6 + movl %edx,%ebp + xorl %eax,%esi + movdqa 96(%esp),%xmm0 + roll $5,%edx + addl %esi,%ecx + xorl %edi,%ebp + xorl %eax,%edi + addl %edx,%ecx + pshufd $238,%xmm5,%xmm1 + addl 44(%esp),%ebx + andl %edi,%ebp + xorl %eax,%edi + rorl $7,%edx + movl %ecx,%esi + xorl %edi,%ebp + roll $5,%ecx + addl %ebp,%ebx + xorl %edx,%esi + xorl %edi,%edx + addl %ecx,%ebx + addl 48(%esp),%eax + pxor %xmm3,%xmm7 + punpcklqdq %xmm6,%xmm1 + andl %edx,%esi + xorl %edi,%edx + rorl $7,%ecx + pxor %xmm0,%xmm7 + movdqa %xmm3,96(%esp) + movl %ebx,%ebp + xorl %edx,%esi + roll $5,%ebx + movdqa 144(%esp),%xmm3 + addl %esi,%eax + paddd %xmm6,%xmm2 + xorl %ecx,%ebp + pxor %xmm1,%xmm7 + xorl %edx,%ecx + addl %ebx,%eax + addl 52(%esp),%edi + andl %ecx,%ebp + movdqa %xmm7,%xmm1 + movdqa %xmm2,32(%esp) + xorl %edx,%ecx + rorl $7,%ebx + movl %eax,%esi + xorl %ecx,%ebp + roll $5,%eax + pslld $2,%xmm7 + addl %ebp,%edi + xorl %ebx,%esi + psrld $30,%xmm1 + xorl %ecx,%ebx + addl %eax,%edi + addl 56(%esp),%edx + andl %ebx,%esi + xorl %ecx,%ebx + rorl $7,%eax + por %xmm1,%xmm7 + movl %edi,%ebp + xorl %ebx,%esi + movdqa 64(%esp),%xmm1 + roll $5,%edi + addl %esi,%edx + xorl %eax,%ebp + xorl %ebx,%eax + addl %edi,%edx + pshufd $238,%xmm6,%xmm2 + addl 60(%esp),%ecx + andl %eax,%ebp + xorl %ebx,%eax + rorl $7,%edi + movl %edx,%esi + xorl %eax,%ebp + roll $5,%edx + addl %ebp,%ecx + xorl %edi,%esi + xorl %eax,%edi + addl %edx,%ecx + addl (%esp),%ebx + pxor %xmm4,%xmm0 + punpcklqdq %xmm7,%xmm2 + andl %edi,%esi + xorl %eax,%edi + rorl $7,%edx + pxor %xmm1,%xmm0 + movdqa %xmm4,64(%esp) + movl %ecx,%ebp + xorl %edi,%esi + roll $5,%ecx + movdqa %xmm3,%xmm4 + addl %esi,%ebx + paddd %xmm7,%xmm3 + xorl %edx,%ebp + pxor %xmm2,%xmm0 + xorl %edi,%edx + addl %ecx,%ebx + addl 4(%esp),%eax + andl %edx,%ebp + movdqa %xmm0,%xmm2 + movdqa %xmm3,48(%esp) + xorl %edi,%edx + rorl $7,%ecx + movl %ebx,%esi + xorl %edx,%ebp + roll $5,%ebx + pslld $2,%xmm0 + addl %ebp,%eax + xorl %ecx,%esi + psrld $30,%xmm2 + xorl %edx,%ecx + addl %ebx,%eax + addl 8(%esp),%edi + andl %ecx,%esi + xorl %edx,%ecx + rorl $7,%ebx + por %xmm2,%xmm0 + movl %eax,%ebp + xorl %ecx,%esi + movdqa 80(%esp),%xmm2 + roll $5,%eax + addl %esi,%edi + xorl %ebx,%ebp + xorl %ecx,%ebx + addl %eax,%edi + pshufd $238,%xmm7,%xmm3 + addl 12(%esp),%edx + andl %ebx,%ebp + xorl %ecx,%ebx + rorl $7,%eax + movl %edi,%esi + xorl %ebx,%ebp + roll $5,%edi + addl %ebp,%edx + xorl %eax,%esi + xorl %ebx,%eax + addl %edi,%edx + addl 16(%esp),%ecx + pxor %xmm5,%xmm1 + punpcklqdq %xmm0,%xmm3 + andl %eax,%esi + xorl %ebx,%eax + rorl $7,%edi + pxor %xmm2,%xmm1 + movdqa %xmm5,80(%esp) + movl %edx,%ebp + xorl %eax,%esi + roll $5,%edx + movdqa %xmm4,%xmm5 + addl %esi,%ecx + paddd %xmm0,%xmm4 + xorl %edi,%ebp + pxor %xmm3,%xmm1 + xorl %eax,%edi + addl %edx,%ecx + addl 20(%esp),%ebx + andl %edi,%ebp + movdqa %xmm1,%xmm3 + movdqa %xmm4,(%esp) + xorl %eax,%edi + rorl $7,%edx + movl %ecx,%esi + xorl %edi,%ebp + roll $5,%ecx + pslld $2,%xmm1 + addl %ebp,%ebx + xorl %edx,%esi + psrld $30,%xmm3 + xorl %edi,%edx + addl %ecx,%ebx + addl 24(%esp),%eax + andl %edx,%esi + xorl %edi,%edx + rorl $7,%ecx + por %xmm3,%xmm1 + movl %ebx,%ebp + xorl %edx,%esi + movdqa 96(%esp),%xmm3 + roll $5,%ebx + addl %esi,%eax + xorl %ecx,%ebp + xorl %edx,%ecx + addl %ebx,%eax + pshufd $238,%xmm0,%xmm4 + addl 28(%esp),%edi + andl %ecx,%ebp + xorl %edx,%ecx + rorl $7,%ebx + movl %eax,%esi + xorl %ecx,%ebp + roll $5,%eax + addl %ebp,%edi + xorl %ebx,%esi + xorl %ecx,%ebx + addl %eax,%edi + addl 32(%esp),%edx + pxor %xmm6,%xmm2 + punpcklqdq %xmm1,%xmm4 + andl %ebx,%esi + xorl %ecx,%ebx + rorl $7,%eax + pxor %xmm3,%xmm2 + movdqa %xmm6,96(%esp) + movl %edi,%ebp + xorl %ebx,%esi + roll $5,%edi + movdqa %xmm5,%xmm6 + addl %esi,%edx + paddd %xmm1,%xmm5 + xorl %eax,%ebp + pxor %xmm4,%xmm2 + xorl %ebx,%eax + addl %edi,%edx + addl 36(%esp),%ecx + andl %eax,%ebp + movdqa %xmm2,%xmm4 + movdqa %xmm5,16(%esp) + xorl %ebx,%eax + rorl $7,%edi + movl %edx,%esi + xorl %eax,%ebp + roll $5,%edx + pslld $2,%xmm2 + addl %ebp,%ecx + xorl %edi,%esi + psrld $30,%xmm4 + xorl %eax,%edi + addl %edx,%ecx + addl 40(%esp),%ebx + andl %edi,%esi + xorl %eax,%edi + rorl $7,%edx + por %xmm4,%xmm2 + movl %ecx,%ebp + xorl %edi,%esi + movdqa 64(%esp),%xmm4 + roll $5,%ecx + addl %esi,%ebx + xorl %edx,%ebp + xorl %edi,%edx + addl %ecx,%ebx + pshufd $238,%xmm1,%xmm5 + addl 44(%esp),%eax + andl %edx,%ebp + xorl %edi,%edx + rorl $7,%ecx + movl %ebx,%esi + xorl %edx,%ebp + roll $5,%ebx + addl %ebp,%eax + xorl %edx,%esi + addl %ebx,%eax + addl 48(%esp),%edi + pxor %xmm7,%xmm3 + punpcklqdq %xmm2,%xmm5 + xorl %ecx,%esi + movl %eax,%ebp + roll $5,%eax + pxor %xmm4,%xmm3 + movdqa %xmm7,64(%esp) + addl %esi,%edi + xorl %ecx,%ebp + movdqa %xmm6,%xmm7 + rorl $7,%ebx + paddd %xmm2,%xmm6 + addl %eax,%edi + pxor %xmm5,%xmm3 + addl 52(%esp),%edx + xorl %ebx,%ebp + movl %edi,%esi + roll $5,%edi + movdqa %xmm3,%xmm5 + movdqa %xmm6,32(%esp) + addl %ebp,%edx + xorl %ebx,%esi + rorl $7,%eax + addl %edi,%edx + pslld $2,%xmm3 + addl 56(%esp),%ecx + xorl %eax,%esi + psrld $30,%xmm5 + movl %edx,%ebp + roll $5,%edx + addl %esi,%ecx + xorl %eax,%ebp + rorl $7,%edi + addl %edx,%ecx + por %xmm5,%xmm3 + addl 60(%esp),%ebx + xorl %edi,%ebp + movl %ecx,%esi + roll $5,%ecx + addl %ebp,%ebx + xorl %edi,%esi + rorl $7,%edx + addl %ecx,%ebx + addl (%esp),%eax + xorl %edx,%esi + movl %ebx,%ebp + roll $5,%ebx + addl %esi,%eax + xorl %edx,%ebp + rorl $7,%ecx + paddd %xmm3,%xmm7 + addl %ebx,%eax + addl 4(%esp),%edi + xorl %ecx,%ebp + movl %eax,%esi + movdqa %xmm7,48(%esp) + roll $5,%eax + addl %ebp,%edi + xorl %ecx,%esi + rorl $7,%ebx + addl %eax,%edi + addl 8(%esp),%edx + xorl %ebx,%esi + movl %edi,%ebp + roll $5,%edi + addl %esi,%edx + xorl %ebx,%ebp + rorl $7,%eax + addl %edi,%edx + addl 12(%esp),%ecx + xorl %eax,%ebp + movl %edx,%esi + roll $5,%edx + addl %ebp,%ecx + xorl %eax,%esi + rorl $7,%edi + addl %edx,%ecx + movl 196(%esp),%ebp + cmpl 200(%esp),%ebp + je .L007done + movdqa 160(%esp),%xmm7 + movdqa 176(%esp),%xmm6 + movdqu (%ebp),%xmm0 + movdqu 16(%ebp),%xmm1 + movdqu 32(%ebp),%xmm2 + movdqu 48(%ebp),%xmm3 + addl $64,%ebp +.byte 102,15,56,0,198 + movl %ebp,196(%esp) + movdqa %xmm7,96(%esp) + addl 16(%esp),%ebx + xorl %edi,%esi + movl %ecx,%ebp + roll $5,%ecx + addl %esi,%ebx + xorl %edi,%ebp + rorl $7,%edx +.byte 102,15,56,0,206 + addl %ecx,%ebx + addl 20(%esp),%eax + xorl %edx,%ebp + movl %ebx,%esi + paddd %xmm7,%xmm0 + roll $5,%ebx + addl %ebp,%eax + xorl %edx,%esi + rorl $7,%ecx + movdqa %xmm0,(%esp) + addl %ebx,%eax + addl 24(%esp),%edi + xorl %ecx,%esi + movl %eax,%ebp + psubd %xmm7,%xmm0 + roll $5,%eax + addl %esi,%edi + xorl %ecx,%ebp + rorl $7,%ebx + addl %eax,%edi + addl 28(%esp),%edx + xorl %ebx,%ebp + movl %edi,%esi + roll $5,%edi + addl %ebp,%edx + xorl %ebx,%esi + rorl $7,%eax + addl %edi,%edx + addl 32(%esp),%ecx + xorl %eax,%esi + movl %edx,%ebp + roll $5,%edx + addl %esi,%ecx + xorl %eax,%ebp + rorl $7,%edi +.byte 102,15,56,0,214 + addl %edx,%ecx + addl 36(%esp),%ebx + xorl %edi,%ebp + movl %ecx,%esi + paddd %xmm7,%xmm1 + roll $5,%ecx + addl %ebp,%ebx + xorl %edi,%esi + rorl $7,%edx + movdqa %xmm1,16(%esp) + addl %ecx,%ebx + addl 40(%esp),%eax + xorl %edx,%esi + movl %ebx,%ebp + psubd %xmm7,%xmm1 + roll $5,%ebx + addl %esi,%eax + xorl %edx,%ebp + rorl $7,%ecx + addl %ebx,%eax + addl 44(%esp),%edi + xorl %ecx,%ebp + movl %eax,%esi + roll $5,%eax + addl %ebp,%edi + xorl %ecx,%esi + rorl $7,%ebx + addl %eax,%edi + addl 48(%esp),%edx + xorl %ebx,%esi + movl %edi,%ebp + roll $5,%edi + addl %esi,%edx + xorl %ebx,%ebp + rorl $7,%eax +.byte 102,15,56,0,222 + addl %edi,%edx + addl 52(%esp),%ecx + xorl %eax,%ebp + movl %edx,%esi + paddd %xmm7,%xmm2 + roll $5,%edx + addl %ebp,%ecx + xorl %eax,%esi + rorl $7,%edi + movdqa %xmm2,32(%esp) + addl %edx,%ecx + addl 56(%esp),%ebx + xorl %edi,%esi + movl %ecx,%ebp + psubd %xmm7,%xmm2 + roll $5,%ecx + addl %esi,%ebx + xorl %edi,%ebp + rorl $7,%edx + addl %ecx,%ebx + addl 60(%esp),%eax + xorl %edx,%ebp + movl %ebx,%esi + roll $5,%ebx + addl %ebp,%eax + rorl $7,%ecx + addl %ebx,%eax + movl 192(%esp),%ebp + addl (%ebp),%eax + addl 4(%ebp),%esi + addl 8(%ebp),%ecx + movl %eax,(%ebp) + addl 12(%ebp),%edx + movl %esi,4(%ebp) + addl 16(%ebp),%edi + movl %ecx,8(%ebp) + movl %ecx,%ebx + movl %edx,12(%ebp) + xorl %edx,%ebx + movl %edi,16(%ebp) + movl %esi,%ebp + pshufd $238,%xmm0,%xmm4 + andl %ebx,%esi + movl %ebp,%ebx + jmp .L006loop +.align 16 +.L007done: + addl 16(%esp),%ebx + xorl %edi,%esi + movl %ecx,%ebp + roll $5,%ecx + addl %esi,%ebx + xorl %edi,%ebp + rorl $7,%edx + addl %ecx,%ebx + addl 20(%esp),%eax + xorl %edx,%ebp + movl %ebx,%esi + roll $5,%ebx + addl %ebp,%eax + xorl %edx,%esi + rorl $7,%ecx + addl %ebx,%eax + addl 24(%esp),%edi + xorl %ecx,%esi + movl %eax,%ebp + roll $5,%eax + addl %esi,%edi + xorl %ecx,%ebp + rorl $7,%ebx + addl %eax,%edi + addl 28(%esp),%edx + xorl %ebx,%ebp + movl %edi,%esi + roll $5,%edi + addl %ebp,%edx + xorl %ebx,%esi + rorl $7,%eax + addl %edi,%edx + addl 32(%esp),%ecx + xorl %eax,%esi + movl %edx,%ebp + roll $5,%edx + addl %esi,%ecx + xorl %eax,%ebp + rorl $7,%edi + addl %edx,%ecx + addl 36(%esp),%ebx + xorl %edi,%ebp + movl %ecx,%esi + roll $5,%ecx + addl %ebp,%ebx + xorl %edi,%esi + rorl $7,%edx + addl %ecx,%ebx + addl 40(%esp),%eax + xorl %edx,%esi + movl %ebx,%ebp + roll $5,%ebx + addl %esi,%eax + xorl %edx,%ebp + rorl $7,%ecx + addl %ebx,%eax + addl 44(%esp),%edi + xorl %ecx,%ebp + movl %eax,%esi + roll $5,%eax + addl %ebp,%edi + xorl %ecx,%esi + rorl $7,%ebx + addl %eax,%edi + addl 48(%esp),%edx + xorl %ebx,%esi + movl %edi,%ebp + roll $5,%edi + addl %esi,%edx + xorl %ebx,%ebp + rorl $7,%eax + addl %edi,%edx + addl 52(%esp),%ecx + xorl %eax,%ebp + movl %edx,%esi + roll $5,%edx + addl %ebp,%ecx + xorl %eax,%esi + rorl $7,%edi + addl %edx,%ecx + addl 56(%esp),%ebx + xorl %edi,%esi + movl %ecx,%ebp + roll $5,%ecx + addl %esi,%ebx + xorl %edi,%ebp + rorl $7,%edx + addl %ecx,%ebx + addl 60(%esp),%eax + xorl %edx,%ebp + movl %ebx,%esi + roll $5,%ebx + addl %ebp,%eax + rorl $7,%ecx + addl %ebx,%eax + movl 192(%esp),%ebp + addl (%ebp),%eax + movl 204(%esp),%esp + addl 4(%ebp),%esi + addl 8(%ebp),%ecx + movl %eax,(%ebp) + addl 12(%ebp),%edx + movl %esi,4(%ebp) + addl 16(%ebp),%edi + movl %ecx,8(%ebp) + movl %edx,12(%ebp) + movl %edi,16(%ebp) + popl %edi + popl %esi + popl %ebx + popl %ebp + ret +.size _sha1_block_data_order_ssse3,.-_sha1_block_data_order_ssse3 +.align 64 +.LK_XX_XX: +.long 1518500249,1518500249,1518500249,1518500249 +.long 1859775393,1859775393,1859775393,1859775393 +.long 2400959708,2400959708,2400959708,2400959708 +.long 3395469782,3395469782,3395469782,3395469782 +.long 66051,67438087,134810123,202182159 +.byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 .byte 83,72,65,49,32,98,108,111,99,107,32,116,114,97,110,115 .byte 102,111,114,109,32,102,111,114,32,120,56,54,44,32,67,82 .byte 89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112 diff --git a/linux-x86/crypto/sha/sha256-586.S b/linux-x86/crypto/sha/sha256-586.S index fe41afc..08d9484 100644 --- a/linux-x86/crypto/sha/sha256-586.S +++ b/linux-x86/crypto/sha/sha256-586.S @@ -27,6 +27,27 @@ sha256_block_data_order: movl %edi,4(%esp) movl %eax,8(%esp) movl %ebx,12(%esp) + leal OPENSSL_ia32cap_P-.L001K256(%ebp),%edx + movl (%edx),%ecx + movl 4(%edx),%ebx + testl $1048576,%ecx + jnz .L002loop + movl 8(%edx),%edx + testl $16777216,%ecx + jz .L003no_xmm + andl $1073741824,%ecx + andl $268435968,%ebx + testl $536870912,%edx + jnz .L004shaext + orl %ebx,%ecx + andl $1342177280,%ecx + cmpl $1342177280,%ecx + testl $512,%ebx + jnz .L005SSSE3 +.L003no_xmm: + subl %edi,%eax + cmpl $256,%eax + jae .L006unrolled jmp .L002loop .align 16 .L002loop: @@ -98,7 +119,7 @@ sha256_block_data_order: movl %ecx,28(%esp) movl %edi,32(%esp) .align 16 -.L00300_15: +.L00700_15: movl %edx,%ecx movl 24(%esp),%esi rorl $14,%ecx @@ -136,11 +157,11 @@ sha256_block_data_order: addl $4,%ebp addl %ebx,%eax cmpl $3248222580,%esi - jne .L00300_15 + jne .L00700_15 movl 156(%esp),%ecx - jmp .L00416_63 + jmp .L00816_63 .align 16 -.L00416_63: +.L00816_63: movl %ecx,%ebx movl 104(%esp),%esi rorl $11,%ecx @@ -195,7 +216,7 @@ sha256_block_data_order: addl $4,%ebp addl %ebx,%eax cmpl $3329325298,%esi - jne .L00416_63 + jne .L00816_63 movl 356(%esp),%esi movl 8(%esp),%ebx movl 16(%esp),%ecx @@ -229,207 +250,6 @@ sha256_block_data_order: popl %ebx popl %ebp ret -.align 32 -.L005loop_shrd: - movl (%edi),%eax - movl 4(%edi),%ebx - movl 8(%edi),%ecx - bswap %eax - movl 12(%edi),%edx - bswap %ebx - pushl %eax - bswap %ecx - pushl %ebx - bswap %edx - pushl %ecx - pushl %edx - movl 16(%edi),%eax - movl 20(%edi),%ebx - movl 24(%edi),%ecx - bswap %eax - movl 28(%edi),%edx - bswap %ebx - pushl %eax - bswap %ecx - pushl %ebx - bswap %edx - pushl %ecx - pushl %edx - movl 32(%edi),%eax - movl 36(%edi),%ebx - movl 40(%edi),%ecx - bswap %eax - movl 44(%edi),%edx - bswap %ebx - pushl %eax - bswap %ecx - pushl %ebx - bswap %edx - pushl %ecx - pushl %edx - movl 48(%edi),%eax - movl 52(%edi),%ebx - movl 56(%edi),%ecx - bswap %eax - movl 60(%edi),%edx - bswap %ebx - pushl %eax - bswap %ecx - pushl %ebx - bswap %edx - pushl %ecx - pushl %edx - addl $64,%edi - leal -36(%esp),%esp - movl %edi,104(%esp) - movl (%esi),%eax - movl 4(%esi),%ebx - movl 8(%esi),%ecx - movl 12(%esi),%edi - movl %ebx,8(%esp) - xorl %ecx,%ebx - movl %ecx,12(%esp) - movl %edi,16(%esp) - movl %ebx,(%esp) - movl 16(%esi),%edx - movl 20(%esi),%ebx - movl 24(%esi),%ecx - movl 28(%esi),%edi - movl %ebx,24(%esp) - movl %ecx,28(%esp) - movl %edi,32(%esp) -.align 16 -.L00600_15_shrd: - movl %edx,%ecx - movl 24(%esp),%esi - shrdl $14,%ecx,%ecx - movl 28(%esp),%edi - xorl %edx,%ecx - xorl %edi,%esi - movl 96(%esp),%ebx - shrdl $5,%ecx,%ecx - andl %edx,%esi - movl %edx,20(%esp) - xorl %ecx,%edx - addl 32(%esp),%ebx - xorl %edi,%esi - shrdl $6,%edx,%edx - movl %eax,%ecx - addl %esi,%ebx - shrdl $9,%ecx,%ecx - addl %edx,%ebx - movl 8(%esp),%edi - xorl %eax,%ecx - movl %eax,4(%esp) - leal -4(%esp),%esp - shrdl $11,%ecx,%ecx - movl (%ebp),%esi - xorl %eax,%ecx - movl 20(%esp),%edx - xorl %edi,%eax - shrdl $2,%ecx,%ecx - addl %esi,%ebx - movl %eax,(%esp) - addl %ebx,%edx - andl 4(%esp),%eax - addl %ecx,%ebx - xorl %edi,%eax - addl $4,%ebp - addl %ebx,%eax - cmpl $3248222580,%esi - jne .L00600_15_shrd - movl 156(%esp),%ecx - jmp .L00716_63_shrd -.align 16 -.L00716_63_shrd: - movl %ecx,%ebx - movl 104(%esp),%esi - shrdl $11,%ecx,%ecx - movl %esi,%edi - shrdl $2,%esi,%esi - xorl %ebx,%ecx - shrl $3,%ebx - shrdl $7,%ecx,%ecx - xorl %edi,%esi - xorl %ecx,%ebx - shrdl $17,%esi,%esi - addl 160(%esp),%ebx - shrl $10,%edi - addl 124(%esp),%ebx - movl %edx,%ecx - xorl %esi,%edi - movl 24(%esp),%esi - shrdl $14,%ecx,%ecx - addl %edi,%ebx - movl 28(%esp),%edi - xorl %edx,%ecx - xorl %edi,%esi - movl %ebx,96(%esp) - shrdl $5,%ecx,%ecx - andl %edx,%esi - movl %edx,20(%esp) - xorl %ecx,%edx - addl 32(%esp),%ebx - xorl %edi,%esi - shrdl $6,%edx,%edx - movl %eax,%ecx - addl %esi,%ebx - shrdl $9,%ecx,%ecx - addl %edx,%ebx - movl 8(%esp),%edi - xorl %eax,%ecx - movl %eax,4(%esp) - leal -4(%esp),%esp - shrdl $11,%ecx,%ecx - movl (%ebp),%esi - xorl %eax,%ecx - movl 20(%esp),%edx - xorl %edi,%eax - shrdl $2,%ecx,%ecx - addl %esi,%ebx - movl %eax,(%esp) - addl %ebx,%edx - andl 4(%esp),%eax - addl %ecx,%ebx - xorl %edi,%eax - movl 156(%esp),%ecx - addl $4,%ebp - addl %ebx,%eax - cmpl $3329325298,%esi - jne .L00716_63_shrd - movl 356(%esp),%esi - movl 8(%esp),%ebx - movl 16(%esp),%ecx - addl (%esi),%eax - addl 4(%esi),%ebx - addl 8(%esi),%edi - addl 12(%esi),%ecx - movl %eax,(%esi) - movl %ebx,4(%esi) - movl %edi,8(%esi) - movl %ecx,12(%esi) - movl 24(%esp),%eax - movl 28(%esp),%ebx - movl 32(%esp),%ecx - movl 360(%esp),%edi - addl 16(%esi),%edx - addl 20(%esi),%eax - addl 24(%esi),%ebx - addl 28(%esi),%ecx - movl %edx,16(%esi) - movl %eax,20(%esi) - movl %ebx,24(%esi) - movl %ecx,28(%esi) - leal 356(%esp),%esp - subl $256,%ebp - cmpl 8(%esp),%edi - jb .L005loop_shrd - movl 12(%esp),%esp - popl %edi - popl %esi - popl %ebx - popl %ebp - ret .align 64 .L001K256: .long 1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298 @@ -440,7 +260,7 @@ sha256_block_data_order: .byte 112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103 .byte 62,0 .align 16 -.L008unrolled: +.L006unrolled: leal -96(%esp),%esp movl (%esi),%eax movl 4(%esi),%ebp @@ -3346,5 +3166,1414 @@ sha256_block_data_order: popl %ebx popl %ebp ret +.align 32 +.L004shaext: + subl $32,%esp + movdqu (%esi),%xmm1 + leal 128(%ebp),%ebp + movdqu 16(%esi),%xmm2 + movdqa 128(%ebp),%xmm7 + pshufd $27,%xmm1,%xmm0 + pshufd $177,%xmm1,%xmm1 + pshufd $27,%xmm2,%xmm2 +.byte 102,15,58,15,202,8 + punpcklqdq %xmm0,%xmm2 + jmp .L010loop_shaext +.align 16 +.L010loop_shaext: + movdqu (%edi),%xmm3 + movdqu 16(%edi),%xmm4 + movdqu 32(%edi),%xmm5 +.byte 102,15,56,0,223 + movdqu 48(%edi),%xmm6 + movdqa %xmm2,16(%esp) + movdqa -128(%ebp),%xmm0 + paddd %xmm3,%xmm0 +.byte 102,15,56,0,231 +.byte 15,56,203,209 + pshufd $14,%xmm0,%xmm0 + nop + movdqa %xmm1,(%esp) +.byte 15,56,203,202 + movdqa -112(%ebp),%xmm0 + paddd %xmm4,%xmm0 +.byte 102,15,56,0,239 +.byte 15,56,203,209 + pshufd $14,%xmm0,%xmm0 + leal 64(%edi),%edi +.byte 15,56,204,220 +.byte 15,56,203,202 + movdqa -96(%ebp),%xmm0 + paddd %xmm5,%xmm0 +.byte 102,15,56,0,247 +.byte 15,56,203,209 + pshufd $14,%xmm0,%xmm0 + movdqa %xmm6,%xmm7 +.byte 102,15,58,15,253,4 + nop + paddd %xmm7,%xmm3 +.byte 15,56,204,229 +.byte 15,56,203,202 + movdqa -80(%ebp),%xmm0 + paddd %xmm6,%xmm0 +.byte 15,56,205,222 +.byte 15,56,203,209 + pshufd $14,%xmm0,%xmm0 + movdqa %xmm3,%xmm7 +.byte 102,15,58,15,254,4 + nop + paddd %xmm7,%xmm4 +.byte 15,56,204,238 +.byte 15,56,203,202 + movdqa -64(%ebp),%xmm0 + paddd %xmm3,%xmm0 +.byte 15,56,205,227 +.byte 15,56,203,209 + pshufd $14,%xmm0,%xmm0 + movdqa %xmm4,%xmm7 +.byte 102,15,58,15,251,4 + nop + paddd %xmm7,%xmm5 +.byte 15,56,204,243 +.byte 15,56,203,202 + movdqa -48(%ebp),%xmm0 + paddd %xmm4,%xmm0 +.byte 15,56,205,236 +.byte 15,56,203,209 + pshufd $14,%xmm0,%xmm0 + movdqa %xmm5,%xmm7 +.byte 102,15,58,15,252,4 + nop + paddd %xmm7,%xmm6 +.byte 15,56,204,220 +.byte 15,56,203,202 + movdqa -32(%ebp),%xmm0 + paddd %xmm5,%xmm0 +.byte 15,56,205,245 +.byte 15,56,203,209 + pshufd $14,%xmm0,%xmm0 + movdqa %xmm6,%xmm7 +.byte 102,15,58,15,253,4 + nop + paddd %xmm7,%xmm3 +.byte 15,56,204,229 +.byte 15,56,203,202 + movdqa -16(%ebp),%xmm0 + paddd %xmm6,%xmm0 +.byte 15,56,205,222 +.byte 15,56,203,209 + pshufd $14,%xmm0,%xmm0 + movdqa %xmm3,%xmm7 +.byte 102,15,58,15,254,4 + nop + paddd %xmm7,%xmm4 +.byte 15,56,204,238 +.byte 15,56,203,202 + movdqa (%ebp),%xmm0 + paddd %xmm3,%xmm0 +.byte 15,56,205,227 +.byte 15,56,203,209 + pshufd $14,%xmm0,%xmm0 + movdqa %xmm4,%xmm7 +.byte 102,15,58,15,251,4 + nop + paddd %xmm7,%xmm5 +.byte 15,56,204,243 +.byte 15,56,203,202 + movdqa 16(%ebp),%xmm0 + paddd %xmm4,%xmm0 +.byte 15,56,205,236 +.byte 15,56,203,209 + pshufd $14,%xmm0,%xmm0 + movdqa %xmm5,%xmm7 +.byte 102,15,58,15,252,4 + nop + paddd %xmm7,%xmm6 +.byte 15,56,204,220 +.byte 15,56,203,202 + movdqa 32(%ebp),%xmm0 + paddd %xmm5,%xmm0 +.byte 15,56,205,245 +.byte 15,56,203,209 + pshufd $14,%xmm0,%xmm0 + movdqa %xmm6,%xmm7 +.byte 102,15,58,15,253,4 + nop + paddd %xmm7,%xmm3 +.byte 15,56,204,229 +.byte 15,56,203,202 + movdqa 48(%ebp),%xmm0 + paddd %xmm6,%xmm0 +.byte 15,56,205,222 +.byte 15,56,203,209 + pshufd $14,%xmm0,%xmm0 + movdqa %xmm3,%xmm7 +.byte 102,15,58,15,254,4 + nop + paddd %xmm7,%xmm4 +.byte 15,56,204,238 +.byte 15,56,203,202 + movdqa 64(%ebp),%xmm0 + paddd %xmm3,%xmm0 +.byte 15,56,205,227 +.byte 15,56,203,209 + pshufd $14,%xmm0,%xmm0 + movdqa %xmm4,%xmm7 +.byte 102,15,58,15,251,4 + nop + paddd %xmm7,%xmm5 +.byte 15,56,204,243 +.byte 15,56,203,202 + movdqa 80(%ebp),%xmm0 + paddd %xmm4,%xmm0 +.byte 15,56,205,236 +.byte 15,56,203,209 + pshufd $14,%xmm0,%xmm0 + movdqa %xmm5,%xmm7 +.byte 102,15,58,15,252,4 +.byte 15,56,203,202 + paddd %xmm7,%xmm6 + movdqa 96(%ebp),%xmm0 + paddd %xmm5,%xmm0 +.byte 15,56,203,209 + pshufd $14,%xmm0,%xmm0 +.byte 15,56,205,245 + movdqa 128(%ebp),%xmm7 +.byte 15,56,203,202 + movdqa 112(%ebp),%xmm0 + paddd %xmm6,%xmm0 + nop +.byte 15,56,203,209 + pshufd $14,%xmm0,%xmm0 + cmpl %edi,%eax + nop +.byte 15,56,203,202 + paddd 16(%esp),%xmm2 + paddd (%esp),%xmm1 + jnz .L010loop_shaext + pshufd $177,%xmm2,%xmm2 + pshufd $27,%xmm1,%xmm7 + pshufd $177,%xmm1,%xmm1 + punpckhqdq %xmm2,%xmm1 +.byte 102,15,58,15,215,8 + movl 44(%esp),%esp + movdqu %xmm1,(%esi) + movdqu %xmm2,16(%esi) + popl %edi + popl %esi + popl %ebx + popl %ebp + ret +.align 32 +.L005SSSE3: + leal -96(%esp),%esp + movl (%esi),%eax + movl 4(%esi),%ebx + movl 8(%esi),%ecx + movl 12(%esi),%edi + movl %ebx,4(%esp) + xorl %ecx,%ebx + movl %ecx,8(%esp) + movl %edi,12(%esp) + movl 16(%esi),%edx + movl 20(%esi),%edi + movl 24(%esi),%ecx + movl 28(%esi),%esi + movl %edi,20(%esp) + movl 100(%esp),%edi + movl %ecx,24(%esp) + movl %esi,28(%esp) + movdqa 256(%ebp),%xmm7 + jmp .L011grand_ssse3 +.align 16 +.L011grand_ssse3: + movdqu (%edi),%xmm0 + movdqu 16(%edi),%xmm1 + movdqu 32(%edi),%xmm2 + movdqu 48(%edi),%xmm3 + addl $64,%edi +.byte 102,15,56,0,199 + movl %edi,100(%esp) +.byte 102,15,56,0,207 + movdqa (%ebp),%xmm4 +.byte 102,15,56,0,215 + movdqa 16(%ebp),%xmm5 + paddd %xmm0,%xmm4 +.byte 102,15,56,0,223 + movdqa 32(%ebp),%xmm6 + paddd %xmm1,%xmm5 + movdqa 48(%ebp),%xmm7 + movdqa %xmm4,32(%esp) + paddd %xmm2,%xmm6 + movdqa %xmm5,48(%esp) + paddd %xmm3,%xmm7 + movdqa %xmm6,64(%esp) + movdqa %xmm7,80(%esp) + jmp .L012ssse3_00_47 +.align 16 +.L012ssse3_00_47: + addl $64,%ebp + movl %edx,%ecx + movdqa %xmm1,%xmm4 + rorl $14,%edx + movl 20(%esp),%esi + movdqa %xmm3,%xmm7 + xorl %ecx,%edx + movl 24(%esp),%edi +.byte 102,15,58,15,224,4 + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi +.byte 102,15,58,15,250,4 + movl %ecx,16(%esp) + xorl %ecx,%edx + xorl %esi,%edi + movdqa %xmm4,%xmm5 + rorl $6,%edx + movl %eax,%ecx + movdqa %xmm4,%xmm6 + addl %edi,%edx + movl 4(%esp),%edi + psrld $3,%xmm4 + movl %eax,%esi + rorl $9,%ecx + paddd %xmm7,%xmm0 + movl %eax,(%esp) + xorl %eax,%ecx + psrld $7,%xmm6 + xorl %edi,%eax + addl 28(%esp),%edx + rorl $11,%ecx + andl %eax,%ebx + pshufd $250,%xmm3,%xmm7 + xorl %esi,%ecx + addl 32(%esp),%edx + pslld $14,%xmm5 + xorl %edi,%ebx + rorl $2,%ecx + pxor %xmm6,%xmm4 + addl %edx,%ebx + addl 12(%esp),%edx + psrld $11,%xmm6 + addl %ecx,%ebx + movl %edx,%ecx + rorl $14,%edx + pxor %xmm5,%xmm4 + movl 16(%esp),%esi + xorl %ecx,%edx + pslld $11,%xmm5 + movl 20(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + pxor %xmm6,%xmm4 + andl %ecx,%esi + movl %ecx,12(%esp) + movdqa %xmm7,%xmm6 + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + pxor %xmm5,%xmm4 + movl %ebx,%ecx + addl %edi,%edx + psrld $10,%xmm7 + movl (%esp),%edi + movl %ebx,%esi + rorl $9,%ecx + paddd %xmm4,%xmm0 + movl %ebx,28(%esp) + xorl %ebx,%ecx + psrlq $17,%xmm6 + xorl %edi,%ebx + addl 24(%esp),%edx + rorl $11,%ecx + pxor %xmm6,%xmm7 + andl %ebx,%eax + xorl %esi,%ecx + psrlq $2,%xmm6 + addl 36(%esp),%edx + xorl %edi,%eax + rorl $2,%ecx + pxor %xmm6,%xmm7 + addl %edx,%eax + addl 8(%esp),%edx + pshufd $128,%xmm7,%xmm7 + addl %ecx,%eax + movl %edx,%ecx + rorl $14,%edx + movl 12(%esp),%esi + xorl %ecx,%edx + movl 16(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + psrldq $8,%xmm7 + movl %ecx,8(%esp) + xorl %ecx,%edx + xorl %esi,%edi + paddd %xmm7,%xmm0 + rorl $6,%edx + movl %eax,%ecx + addl %edi,%edx + movl 28(%esp),%edi + movl %eax,%esi + rorl $9,%ecx + movl %eax,24(%esp) + pshufd $80,%xmm0,%xmm7 + xorl %eax,%ecx + xorl %edi,%eax + addl 20(%esp),%edx + movdqa %xmm7,%xmm6 + rorl $11,%ecx + psrld $10,%xmm7 + andl %eax,%ebx + psrlq $17,%xmm6 + xorl %esi,%ecx + addl 40(%esp),%edx + xorl %edi,%ebx + rorl $2,%ecx + pxor %xmm6,%xmm7 + addl %edx,%ebx + addl 4(%esp),%edx + psrlq $2,%xmm6 + addl %ecx,%ebx + movl %edx,%ecx + rorl $14,%edx + pxor %xmm6,%xmm7 + movl 8(%esp),%esi + xorl %ecx,%edx + movl 12(%esp),%edi + pshufd $8,%xmm7,%xmm7 + xorl %edi,%esi + rorl $5,%edx + movdqa (%ebp),%xmm6 + andl %ecx,%esi + movl %ecx,4(%esp) + pslldq $8,%xmm7 + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %ebx,%ecx + addl %edi,%edx + movl 24(%esp),%edi + movl %ebx,%esi + rorl $9,%ecx + paddd %xmm7,%xmm0 + movl %ebx,20(%esp) + xorl %ebx,%ecx + xorl %edi,%ebx + addl 16(%esp),%edx + paddd %xmm0,%xmm6 + rorl $11,%ecx + andl %ebx,%eax + xorl %esi,%ecx + addl 44(%esp),%edx + xorl %edi,%eax + rorl $2,%ecx + addl %edx,%eax + addl (%esp),%edx + addl %ecx,%eax + movdqa %xmm6,32(%esp) + movl %edx,%ecx + movdqa %xmm2,%xmm4 + rorl $14,%edx + movl 4(%esp),%esi + movdqa %xmm0,%xmm7 + xorl %ecx,%edx + movl 8(%esp),%edi +.byte 102,15,58,15,225,4 + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi +.byte 102,15,58,15,251,4 + movl %ecx,(%esp) + xorl %ecx,%edx + xorl %esi,%edi + movdqa %xmm4,%xmm5 + rorl $6,%edx + movl %eax,%ecx + movdqa %xmm4,%xmm6 + addl %edi,%edx + movl 20(%esp),%edi + psrld $3,%xmm4 + movl %eax,%esi + rorl $9,%ecx + paddd %xmm7,%xmm1 + movl %eax,16(%esp) + xorl %eax,%ecx + psrld $7,%xmm6 + xorl %edi,%eax + addl 12(%esp),%edx + rorl $11,%ecx + andl %eax,%ebx + pshufd $250,%xmm0,%xmm7 + xorl %esi,%ecx + addl 48(%esp),%edx + pslld $14,%xmm5 + xorl %edi,%ebx + rorl $2,%ecx + pxor %xmm6,%xmm4 + addl %edx,%ebx + addl 28(%esp),%edx + psrld $11,%xmm6 + addl %ecx,%ebx + movl %edx,%ecx + rorl $14,%edx + pxor %xmm5,%xmm4 + movl (%esp),%esi + xorl %ecx,%edx + pslld $11,%xmm5 + movl 4(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + pxor %xmm6,%xmm4 + andl %ecx,%esi + movl %ecx,28(%esp) + movdqa %xmm7,%xmm6 + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + pxor %xmm5,%xmm4 + movl %ebx,%ecx + addl %edi,%edx + psrld $10,%xmm7 + movl 16(%esp),%edi + movl %ebx,%esi + rorl $9,%ecx + paddd %xmm4,%xmm1 + movl %ebx,12(%esp) + xorl %ebx,%ecx + psrlq $17,%xmm6 + xorl %edi,%ebx + addl 8(%esp),%edx + rorl $11,%ecx + pxor %xmm6,%xmm7 + andl %ebx,%eax + xorl %esi,%ecx + psrlq $2,%xmm6 + addl 52(%esp),%edx + xorl %edi,%eax + rorl $2,%ecx + pxor %xmm6,%xmm7 + addl %edx,%eax + addl 24(%esp),%edx + pshufd $128,%xmm7,%xmm7 + addl %ecx,%eax + movl %edx,%ecx + rorl $14,%edx + movl 28(%esp),%esi + xorl %ecx,%edx + movl (%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + psrldq $8,%xmm7 + movl %ecx,24(%esp) + xorl %ecx,%edx + xorl %esi,%edi + paddd %xmm7,%xmm1 + rorl $6,%edx + movl %eax,%ecx + addl %edi,%edx + movl 12(%esp),%edi + movl %eax,%esi + rorl $9,%ecx + movl %eax,8(%esp) + pshufd $80,%xmm1,%xmm7 + xorl %eax,%ecx + xorl %edi,%eax + addl 4(%esp),%edx + movdqa %xmm7,%xmm6 + rorl $11,%ecx + psrld $10,%xmm7 + andl %eax,%ebx + psrlq $17,%xmm6 + xorl %esi,%ecx + addl 56(%esp),%edx + xorl %edi,%ebx + rorl $2,%ecx + pxor %xmm6,%xmm7 + addl %edx,%ebx + addl 20(%esp),%edx + psrlq $2,%xmm6 + addl %ecx,%ebx + movl %edx,%ecx + rorl $14,%edx + pxor %xmm6,%xmm7 + movl 24(%esp),%esi + xorl %ecx,%edx + movl 28(%esp),%edi + pshufd $8,%xmm7,%xmm7 + xorl %edi,%esi + rorl $5,%edx + movdqa 16(%ebp),%xmm6 + andl %ecx,%esi + movl %ecx,20(%esp) + pslldq $8,%xmm7 + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %ebx,%ecx + addl %edi,%edx + movl 8(%esp),%edi + movl %ebx,%esi + rorl $9,%ecx + paddd %xmm7,%xmm1 + movl %ebx,4(%esp) + xorl %ebx,%ecx + xorl %edi,%ebx + addl (%esp),%edx + paddd %xmm1,%xmm6 + rorl $11,%ecx + andl %ebx,%eax + xorl %esi,%ecx + addl 60(%esp),%edx + xorl %edi,%eax + rorl $2,%ecx + addl %edx,%eax + addl 16(%esp),%edx + addl %ecx,%eax + movdqa %xmm6,48(%esp) + movl %edx,%ecx + movdqa %xmm3,%xmm4 + rorl $14,%edx + movl 20(%esp),%esi + movdqa %xmm1,%xmm7 + xorl %ecx,%edx + movl 24(%esp),%edi +.byte 102,15,58,15,226,4 + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi +.byte 102,15,58,15,248,4 + movl %ecx,16(%esp) + xorl %ecx,%edx + xorl %esi,%edi + movdqa %xmm4,%xmm5 + rorl $6,%edx + movl %eax,%ecx + movdqa %xmm4,%xmm6 + addl %edi,%edx + movl 4(%esp),%edi + psrld $3,%xmm4 + movl %eax,%esi + rorl $9,%ecx + paddd %xmm7,%xmm2 + movl %eax,(%esp) + xorl %eax,%ecx + psrld $7,%xmm6 + xorl %edi,%eax + addl 28(%esp),%edx + rorl $11,%ecx + andl %eax,%ebx + pshufd $250,%xmm1,%xmm7 + xorl %esi,%ecx + addl 64(%esp),%edx + pslld $14,%xmm5 + xorl %edi,%ebx + rorl $2,%ecx + pxor %xmm6,%xmm4 + addl %edx,%ebx + addl 12(%esp),%edx + psrld $11,%xmm6 + addl %ecx,%ebx + movl %edx,%ecx + rorl $14,%edx + pxor %xmm5,%xmm4 + movl 16(%esp),%esi + xorl %ecx,%edx + pslld $11,%xmm5 + movl 20(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + pxor %xmm6,%xmm4 + andl %ecx,%esi + movl %ecx,12(%esp) + movdqa %xmm7,%xmm6 + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + pxor %xmm5,%xmm4 + movl %ebx,%ecx + addl %edi,%edx + psrld $10,%xmm7 + movl (%esp),%edi + movl %ebx,%esi + rorl $9,%ecx + paddd %xmm4,%xmm2 + movl %ebx,28(%esp) + xorl %ebx,%ecx + psrlq $17,%xmm6 + xorl %edi,%ebx + addl 24(%esp),%edx + rorl $11,%ecx + pxor %xmm6,%xmm7 + andl %ebx,%eax + xorl %esi,%ecx + psrlq $2,%xmm6 + addl 68(%esp),%edx + xorl %edi,%eax + rorl $2,%ecx + pxor %xmm6,%xmm7 + addl %edx,%eax + addl 8(%esp),%edx + pshufd $128,%xmm7,%xmm7 + addl %ecx,%eax + movl %edx,%ecx + rorl $14,%edx + movl 12(%esp),%esi + xorl %ecx,%edx + movl 16(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + psrldq $8,%xmm7 + movl %ecx,8(%esp) + xorl %ecx,%edx + xorl %esi,%edi + paddd %xmm7,%xmm2 + rorl $6,%edx + movl %eax,%ecx + addl %edi,%edx + movl 28(%esp),%edi + movl %eax,%esi + rorl $9,%ecx + movl %eax,24(%esp) + pshufd $80,%xmm2,%xmm7 + xorl %eax,%ecx + xorl %edi,%eax + addl 20(%esp),%edx + movdqa %xmm7,%xmm6 + rorl $11,%ecx + psrld $10,%xmm7 + andl %eax,%ebx + psrlq $17,%xmm6 + xorl %esi,%ecx + addl 72(%esp),%edx + xorl %edi,%ebx + rorl $2,%ecx + pxor %xmm6,%xmm7 + addl %edx,%ebx + addl 4(%esp),%edx + psrlq $2,%xmm6 + addl %ecx,%ebx + movl %edx,%ecx + rorl $14,%edx + pxor %xmm6,%xmm7 + movl 8(%esp),%esi + xorl %ecx,%edx + movl 12(%esp),%edi + pshufd $8,%xmm7,%xmm7 + xorl %edi,%esi + rorl $5,%edx + movdqa 32(%ebp),%xmm6 + andl %ecx,%esi + movl %ecx,4(%esp) + pslldq $8,%xmm7 + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %ebx,%ecx + addl %edi,%edx + movl 24(%esp),%edi + movl %ebx,%esi + rorl $9,%ecx + paddd %xmm7,%xmm2 + movl %ebx,20(%esp) + xorl %ebx,%ecx + xorl %edi,%ebx + addl 16(%esp),%edx + paddd %xmm2,%xmm6 + rorl $11,%ecx + andl %ebx,%eax + xorl %esi,%ecx + addl 76(%esp),%edx + xorl %edi,%eax + rorl $2,%ecx + addl %edx,%eax + addl (%esp),%edx + addl %ecx,%eax + movdqa %xmm6,64(%esp) + movl %edx,%ecx + movdqa %xmm0,%xmm4 + rorl $14,%edx + movl 4(%esp),%esi + movdqa %xmm2,%xmm7 + xorl %ecx,%edx + movl 8(%esp),%edi +.byte 102,15,58,15,227,4 + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi +.byte 102,15,58,15,249,4 + movl %ecx,(%esp) + xorl %ecx,%edx + xorl %esi,%edi + movdqa %xmm4,%xmm5 + rorl $6,%edx + movl %eax,%ecx + movdqa %xmm4,%xmm6 + addl %edi,%edx + movl 20(%esp),%edi + psrld $3,%xmm4 + movl %eax,%esi + rorl $9,%ecx + paddd %xmm7,%xmm3 + movl %eax,16(%esp) + xorl %eax,%ecx + psrld $7,%xmm6 + xorl %edi,%eax + addl 12(%esp),%edx + rorl $11,%ecx + andl %eax,%ebx + pshufd $250,%xmm2,%xmm7 + xorl %esi,%ecx + addl 80(%esp),%edx + pslld $14,%xmm5 + xorl %edi,%ebx + rorl $2,%ecx + pxor %xmm6,%xmm4 + addl %edx,%ebx + addl 28(%esp),%edx + psrld $11,%xmm6 + addl %ecx,%ebx + movl %edx,%ecx + rorl $14,%edx + pxor %xmm5,%xmm4 + movl (%esp),%esi + xorl %ecx,%edx + pslld $11,%xmm5 + movl 4(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + pxor %xmm6,%xmm4 + andl %ecx,%esi + movl %ecx,28(%esp) + movdqa %xmm7,%xmm6 + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + pxor %xmm5,%xmm4 + movl %ebx,%ecx + addl %edi,%edx + psrld $10,%xmm7 + movl 16(%esp),%edi + movl %ebx,%esi + rorl $9,%ecx + paddd %xmm4,%xmm3 + movl %ebx,12(%esp) + xorl %ebx,%ecx + psrlq $17,%xmm6 + xorl %edi,%ebx + addl 8(%esp),%edx + rorl $11,%ecx + pxor %xmm6,%xmm7 + andl %ebx,%eax + xorl %esi,%ecx + psrlq $2,%xmm6 + addl 84(%esp),%edx + xorl %edi,%eax + rorl $2,%ecx + pxor %xmm6,%xmm7 + addl %edx,%eax + addl 24(%esp),%edx + pshufd $128,%xmm7,%xmm7 + addl %ecx,%eax + movl %edx,%ecx + rorl $14,%edx + movl 28(%esp),%esi + xorl %ecx,%edx + movl (%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + psrldq $8,%xmm7 + movl %ecx,24(%esp) + xorl %ecx,%edx + xorl %esi,%edi + paddd %xmm7,%xmm3 + rorl $6,%edx + movl %eax,%ecx + addl %edi,%edx + movl 12(%esp),%edi + movl %eax,%esi + rorl $9,%ecx + movl %eax,8(%esp) + pshufd $80,%xmm3,%xmm7 + xorl %eax,%ecx + xorl %edi,%eax + addl 4(%esp),%edx + movdqa %xmm7,%xmm6 + rorl $11,%ecx + psrld $10,%xmm7 + andl %eax,%ebx + psrlq $17,%xmm6 + xorl %esi,%ecx + addl 88(%esp),%edx + xorl %edi,%ebx + rorl $2,%ecx + pxor %xmm6,%xmm7 + addl %edx,%ebx + addl 20(%esp),%edx + psrlq $2,%xmm6 + addl %ecx,%ebx + movl %edx,%ecx + rorl $14,%edx + pxor %xmm6,%xmm7 + movl 24(%esp),%esi + xorl %ecx,%edx + movl 28(%esp),%edi + pshufd $8,%xmm7,%xmm7 + xorl %edi,%esi + rorl $5,%edx + movdqa 48(%ebp),%xmm6 + andl %ecx,%esi + movl %ecx,20(%esp) + pslldq $8,%xmm7 + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %ebx,%ecx + addl %edi,%edx + movl 8(%esp),%edi + movl %ebx,%esi + rorl $9,%ecx + paddd %xmm7,%xmm3 + movl %ebx,4(%esp) + xorl %ebx,%ecx + xorl %edi,%ebx + addl (%esp),%edx + paddd %xmm3,%xmm6 + rorl $11,%ecx + andl %ebx,%eax + xorl %esi,%ecx + addl 92(%esp),%edx + xorl %edi,%eax + rorl $2,%ecx + addl %edx,%eax + addl 16(%esp),%edx + addl %ecx,%eax + movdqa %xmm6,80(%esp) + cmpl $66051,64(%ebp) + jne .L012ssse3_00_47 + movl %edx,%ecx + rorl $14,%edx + movl 20(%esp),%esi + xorl %ecx,%edx + movl 24(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + movl %ecx,16(%esp) + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %eax,%ecx + addl %edi,%edx + movl 4(%esp),%edi + movl %eax,%esi + rorl $9,%ecx + movl %eax,(%esp) + xorl %eax,%ecx + xorl %edi,%eax + addl 28(%esp),%edx + rorl $11,%ecx + andl %eax,%ebx + xorl %esi,%ecx + addl 32(%esp),%edx + xorl %edi,%ebx + rorl $2,%ecx + addl %edx,%ebx + addl 12(%esp),%edx + addl %ecx,%ebx + movl %edx,%ecx + rorl $14,%edx + movl 16(%esp),%esi + xorl %ecx,%edx + movl 20(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + movl %ecx,12(%esp) + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %ebx,%ecx + addl %edi,%edx + movl (%esp),%edi + movl %ebx,%esi + rorl $9,%ecx + movl %ebx,28(%esp) + xorl %ebx,%ecx + xorl %edi,%ebx + addl 24(%esp),%edx + rorl $11,%ecx + andl %ebx,%eax + xorl %esi,%ecx + addl 36(%esp),%edx + xorl %edi,%eax + rorl $2,%ecx + addl %edx,%eax + addl 8(%esp),%edx + addl %ecx,%eax + movl %edx,%ecx + rorl $14,%edx + movl 12(%esp),%esi + xorl %ecx,%edx + movl 16(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + movl %ecx,8(%esp) + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %eax,%ecx + addl %edi,%edx + movl 28(%esp),%edi + movl %eax,%esi + rorl $9,%ecx + movl %eax,24(%esp) + xorl %eax,%ecx + xorl %edi,%eax + addl 20(%esp),%edx + rorl $11,%ecx + andl %eax,%ebx + xorl %esi,%ecx + addl 40(%esp),%edx + xorl %edi,%ebx + rorl $2,%ecx + addl %edx,%ebx + addl 4(%esp),%edx + addl %ecx,%ebx + movl %edx,%ecx + rorl $14,%edx + movl 8(%esp),%esi + xorl %ecx,%edx + movl 12(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + movl %ecx,4(%esp) + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %ebx,%ecx + addl %edi,%edx + movl 24(%esp),%edi + movl %ebx,%esi + rorl $9,%ecx + movl %ebx,20(%esp) + xorl %ebx,%ecx + xorl %edi,%ebx + addl 16(%esp),%edx + rorl $11,%ecx + andl %ebx,%eax + xorl %esi,%ecx + addl 44(%esp),%edx + xorl %edi,%eax + rorl $2,%ecx + addl %edx,%eax + addl (%esp),%edx + addl %ecx,%eax + movl %edx,%ecx + rorl $14,%edx + movl 4(%esp),%esi + xorl %ecx,%edx + movl 8(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + movl %ecx,(%esp) + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %eax,%ecx + addl %edi,%edx + movl 20(%esp),%edi + movl %eax,%esi + rorl $9,%ecx + movl %eax,16(%esp) + xorl %eax,%ecx + xorl %edi,%eax + addl 12(%esp),%edx + rorl $11,%ecx + andl %eax,%ebx + xorl %esi,%ecx + addl 48(%esp),%edx + xorl %edi,%ebx + rorl $2,%ecx + addl %edx,%ebx + addl 28(%esp),%edx + addl %ecx,%ebx + movl %edx,%ecx + rorl $14,%edx + movl (%esp),%esi + xorl %ecx,%edx + movl 4(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + movl %ecx,28(%esp) + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %ebx,%ecx + addl %edi,%edx + movl 16(%esp),%edi + movl %ebx,%esi + rorl $9,%ecx + movl %ebx,12(%esp) + xorl %ebx,%ecx + xorl %edi,%ebx + addl 8(%esp),%edx + rorl $11,%ecx + andl %ebx,%eax + xorl %esi,%ecx + addl 52(%esp),%edx + xorl %edi,%eax + rorl $2,%ecx + addl %edx,%eax + addl 24(%esp),%edx + addl %ecx,%eax + movl %edx,%ecx + rorl $14,%edx + movl 28(%esp),%esi + xorl %ecx,%edx + movl (%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + movl %ecx,24(%esp) + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %eax,%ecx + addl %edi,%edx + movl 12(%esp),%edi + movl %eax,%esi + rorl $9,%ecx + movl %eax,8(%esp) + xorl %eax,%ecx + xorl %edi,%eax + addl 4(%esp),%edx + rorl $11,%ecx + andl %eax,%ebx + xorl %esi,%ecx + addl 56(%esp),%edx + xorl %edi,%ebx + rorl $2,%ecx + addl %edx,%ebx + addl 20(%esp),%edx + addl %ecx,%ebx + movl %edx,%ecx + rorl $14,%edx + movl 24(%esp),%esi + xorl %ecx,%edx + movl 28(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + movl %ecx,20(%esp) + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %ebx,%ecx + addl %edi,%edx + movl 8(%esp),%edi + movl %ebx,%esi + rorl $9,%ecx + movl %ebx,4(%esp) + xorl %ebx,%ecx + xorl %edi,%ebx + addl (%esp),%edx + rorl $11,%ecx + andl %ebx,%eax + xorl %esi,%ecx + addl 60(%esp),%edx + xorl %edi,%eax + rorl $2,%ecx + addl %edx,%eax + addl 16(%esp),%edx + addl %ecx,%eax + movl %edx,%ecx + rorl $14,%edx + movl 20(%esp),%esi + xorl %ecx,%edx + movl 24(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + movl %ecx,16(%esp) + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %eax,%ecx + addl %edi,%edx + movl 4(%esp),%edi + movl %eax,%esi + rorl $9,%ecx + movl %eax,(%esp) + xorl %eax,%ecx + xorl %edi,%eax + addl 28(%esp),%edx + rorl $11,%ecx + andl %eax,%ebx + xorl %esi,%ecx + addl 64(%esp),%edx + xorl %edi,%ebx + rorl $2,%ecx + addl %edx,%ebx + addl 12(%esp),%edx + addl %ecx,%ebx + movl %edx,%ecx + rorl $14,%edx + movl 16(%esp),%esi + xorl %ecx,%edx + movl 20(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + movl %ecx,12(%esp) + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %ebx,%ecx + addl %edi,%edx + movl (%esp),%edi + movl %ebx,%esi + rorl $9,%ecx + movl %ebx,28(%esp) + xorl %ebx,%ecx + xorl %edi,%ebx + addl 24(%esp),%edx + rorl $11,%ecx + andl %ebx,%eax + xorl %esi,%ecx + addl 68(%esp),%edx + xorl %edi,%eax + rorl $2,%ecx + addl %edx,%eax + addl 8(%esp),%edx + addl %ecx,%eax + movl %edx,%ecx + rorl $14,%edx + movl 12(%esp),%esi + xorl %ecx,%edx + movl 16(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + movl %ecx,8(%esp) + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %eax,%ecx + addl %edi,%edx + movl 28(%esp),%edi + movl %eax,%esi + rorl $9,%ecx + movl %eax,24(%esp) + xorl %eax,%ecx + xorl %edi,%eax + addl 20(%esp),%edx + rorl $11,%ecx + andl %eax,%ebx + xorl %esi,%ecx + addl 72(%esp),%edx + xorl %edi,%ebx + rorl $2,%ecx + addl %edx,%ebx + addl 4(%esp),%edx + addl %ecx,%ebx + movl %edx,%ecx + rorl $14,%edx + movl 8(%esp),%esi + xorl %ecx,%edx + movl 12(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + movl %ecx,4(%esp) + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %ebx,%ecx + addl %edi,%edx + movl 24(%esp),%edi + movl %ebx,%esi + rorl $9,%ecx + movl %ebx,20(%esp) + xorl %ebx,%ecx + xorl %edi,%ebx + addl 16(%esp),%edx + rorl $11,%ecx + andl %ebx,%eax + xorl %esi,%ecx + addl 76(%esp),%edx + xorl %edi,%eax + rorl $2,%ecx + addl %edx,%eax + addl (%esp),%edx + addl %ecx,%eax + movl %edx,%ecx + rorl $14,%edx + movl 4(%esp),%esi + xorl %ecx,%edx + movl 8(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + movl %ecx,(%esp) + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %eax,%ecx + addl %edi,%edx + movl 20(%esp),%edi + movl %eax,%esi + rorl $9,%ecx + movl %eax,16(%esp) + xorl %eax,%ecx + xorl %edi,%eax + addl 12(%esp),%edx + rorl $11,%ecx + andl %eax,%ebx + xorl %esi,%ecx + addl 80(%esp),%edx + xorl %edi,%ebx + rorl $2,%ecx + addl %edx,%ebx + addl 28(%esp),%edx + addl %ecx,%ebx + movl %edx,%ecx + rorl $14,%edx + movl (%esp),%esi + xorl %ecx,%edx + movl 4(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + movl %ecx,28(%esp) + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %ebx,%ecx + addl %edi,%edx + movl 16(%esp),%edi + movl %ebx,%esi + rorl $9,%ecx + movl %ebx,12(%esp) + xorl %ebx,%ecx + xorl %edi,%ebx + addl 8(%esp),%edx + rorl $11,%ecx + andl %ebx,%eax + xorl %esi,%ecx + addl 84(%esp),%edx + xorl %edi,%eax + rorl $2,%ecx + addl %edx,%eax + addl 24(%esp),%edx + addl %ecx,%eax + movl %edx,%ecx + rorl $14,%edx + movl 28(%esp),%esi + xorl %ecx,%edx + movl (%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + movl %ecx,24(%esp) + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %eax,%ecx + addl %edi,%edx + movl 12(%esp),%edi + movl %eax,%esi + rorl $9,%ecx + movl %eax,8(%esp) + xorl %eax,%ecx + xorl %edi,%eax + addl 4(%esp),%edx + rorl $11,%ecx + andl %eax,%ebx + xorl %esi,%ecx + addl 88(%esp),%edx + xorl %edi,%ebx + rorl $2,%ecx + addl %edx,%ebx + addl 20(%esp),%edx + addl %ecx,%ebx + movl %edx,%ecx + rorl $14,%edx + movl 24(%esp),%esi + xorl %ecx,%edx + movl 28(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + movl %ecx,20(%esp) + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %ebx,%ecx + addl %edi,%edx + movl 8(%esp),%edi + movl %ebx,%esi + rorl $9,%ecx + movl %ebx,4(%esp) + xorl %ebx,%ecx + xorl %edi,%ebx + addl (%esp),%edx + rorl $11,%ecx + andl %ebx,%eax + xorl %esi,%ecx + addl 92(%esp),%edx + xorl %edi,%eax + rorl $2,%ecx + addl %edx,%eax + addl 16(%esp),%edx + addl %ecx,%eax + movl 96(%esp),%esi + xorl %edi,%ebx + movl 12(%esp),%ecx + addl (%esi),%eax + addl 4(%esi),%ebx + addl 8(%esi),%edi + addl 12(%esi),%ecx + movl %eax,(%esi) + movl %ebx,4(%esi) + movl %edi,8(%esi) + movl %ecx,12(%esi) + movl %ebx,4(%esp) + xorl %edi,%ebx + movl %edi,8(%esp) + movl %ecx,12(%esp) + movl 20(%esp),%edi + movl 24(%esp),%ecx + addl 16(%esi),%edx + addl 20(%esi),%edi + addl 24(%esi),%ecx + movl %edx,16(%esi) + movl %edi,20(%esi) + movl %edi,20(%esp) + movl 28(%esp),%edi + movl %ecx,24(%esi) + addl 28(%esi),%edi + movl %ecx,24(%esp) + movl %edi,28(%esi) + movl %edi,28(%esp) + movl 100(%esp),%edi + movdqa 64(%ebp),%xmm7 + subl $192,%ebp + cmpl 104(%esp),%edi + jb .L011grand_ssse3 + movl 108(%esp),%esp + popl %edi + popl %esi + popl %ebx + popl %ebp + ret .size sha256_block_data_order,.-.L_sha256_block_data_order_begin #endif diff --git a/linux-x86/crypto/sha/sha512-586.S b/linux-x86/crypto/sha/sha512-586.S index 17f7945..a928400 100644 --- a/linux-x86/crypto/sha/sha512-586.S +++ b/linux-x86/crypto/sha/sha512-586.S @@ -27,6 +27,2269 @@ sha512_block_data_order: movl %edi,4(%esp) movl %eax,8(%esp) movl %ebx,12(%esp) + leal OPENSSL_ia32cap_P-.L001K512(%ebp),%edx + movl (%edx),%ecx + testl $67108864,%ecx + jz .L002loop_x86 + movl 4(%edx),%edx + movq (%esi),%mm0 + andl $16777216,%ecx + movq 8(%esi),%mm1 + andl $512,%edx + movq 16(%esi),%mm2 + orl %edx,%ecx + movq 24(%esi),%mm3 + movq 32(%esi),%mm4 + movq 40(%esi),%mm5 + movq 48(%esi),%mm6 + movq 56(%esi),%mm7 + cmpl $16777728,%ecx + je .L003SSSE3 + subl $80,%esp + jmp .L004loop_sse2 +.align 16 +.L004loop_sse2: + movq %mm1,8(%esp) + movq %mm2,16(%esp) + movq %mm3,24(%esp) + movq %mm5,40(%esp) + movq %mm6,48(%esp) + pxor %mm1,%mm2 + movq %mm7,56(%esp) + movq %mm0,%mm3 + movl (%edi),%eax + movl 4(%edi),%ebx + addl $8,%edi + movl $15,%edx + bswap %eax + bswap %ebx + jmp .L00500_14_sse2 +.align 16 +.L00500_14_sse2: + movd %eax,%mm1 + movl (%edi),%eax + movd %ebx,%mm7 + movl 4(%edi),%ebx + addl $8,%edi + bswap %eax + bswap %ebx + punpckldq %mm1,%mm7 + movq %mm4,%mm1 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,32(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + movq %mm3,%mm0 + movq %mm7,72(%esp) + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 56(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + paddq (%ebp),%mm7 + pxor %mm4,%mm3 + movq 24(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 8(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + subl $8,%esp + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq 40(%esp),%mm5 + paddq %mm2,%mm3 + movq %mm0,%mm2 + addl $8,%ebp + paddq %mm6,%mm3 + movq 48(%esp),%mm6 + decl %edx + jnz .L00500_14_sse2 + movd %eax,%mm1 + movd %ebx,%mm7 + punpckldq %mm1,%mm7 + movq %mm4,%mm1 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,32(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + movq %mm3,%mm0 + movq %mm7,72(%esp) + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 56(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + paddq (%ebp),%mm7 + pxor %mm4,%mm3 + movq 24(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 8(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + subl $8,%esp + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq 192(%esp),%mm7 + paddq %mm2,%mm3 + movq %mm0,%mm2 + addl $8,%ebp + paddq %mm6,%mm3 + pxor %mm0,%mm0 + movl $32,%edx + jmp .L00616_79_sse2 +.align 16 +.L00616_79_sse2: + movq 88(%esp),%mm5 + movq %mm7,%mm1 + psrlq $1,%mm7 + movq %mm5,%mm6 + psrlq $6,%mm5 + psllq $56,%mm1 + paddq %mm3,%mm0 + movq %mm7,%mm3 + psrlq $6,%mm7 + pxor %mm1,%mm3 + psllq $7,%mm1 + pxor %mm7,%mm3 + psrlq $1,%mm7 + pxor %mm1,%mm3 + movq %mm5,%mm1 + psrlq $13,%mm5 + pxor %mm3,%mm7 + psllq $3,%mm6 + pxor %mm5,%mm1 + paddq 200(%esp),%mm7 + pxor %mm6,%mm1 + psrlq $42,%mm5 + paddq 128(%esp),%mm7 + pxor %mm5,%mm1 + psllq $42,%mm6 + movq 40(%esp),%mm5 + pxor %mm6,%mm1 + movq 48(%esp),%mm6 + paddq %mm1,%mm7 + movq %mm4,%mm1 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,32(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + movq %mm7,72(%esp) + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 56(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + paddq (%ebp),%mm7 + pxor %mm4,%mm3 + movq 24(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 8(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + subl $8,%esp + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq 192(%esp),%mm7 + paddq %mm6,%mm2 + addl $8,%ebp + movq 88(%esp),%mm5 + movq %mm7,%mm1 + psrlq $1,%mm7 + movq %mm5,%mm6 + psrlq $6,%mm5 + psllq $56,%mm1 + paddq %mm3,%mm2 + movq %mm7,%mm3 + psrlq $6,%mm7 + pxor %mm1,%mm3 + psllq $7,%mm1 + pxor %mm7,%mm3 + psrlq $1,%mm7 + pxor %mm1,%mm3 + movq %mm5,%mm1 + psrlq $13,%mm5 + pxor %mm3,%mm7 + psllq $3,%mm6 + pxor %mm5,%mm1 + paddq 200(%esp),%mm7 + pxor %mm6,%mm1 + psrlq $42,%mm5 + paddq 128(%esp),%mm7 + pxor %mm5,%mm1 + psllq $42,%mm6 + movq 40(%esp),%mm5 + pxor %mm6,%mm1 + movq 48(%esp),%mm6 + paddq %mm1,%mm7 + movq %mm4,%mm1 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,32(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + movq %mm7,72(%esp) + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm2,(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 56(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + paddq (%ebp),%mm7 + pxor %mm4,%mm3 + movq 24(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm2,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm2,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 8(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + subl $8,%esp + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm2,%mm0 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + pxor %mm7,%mm6 + movq 192(%esp),%mm7 + paddq %mm6,%mm0 + addl $8,%ebp + decl %edx + jnz .L00616_79_sse2 + paddq %mm3,%mm0 + movq 8(%esp),%mm1 + movq 24(%esp),%mm3 + movq 40(%esp),%mm5 + movq 48(%esp),%mm6 + movq 56(%esp),%mm7 + pxor %mm1,%mm2 + paddq (%esi),%mm0 + paddq 8(%esi),%mm1 + paddq 16(%esi),%mm2 + paddq 24(%esi),%mm3 + paddq 32(%esi),%mm4 + paddq 40(%esi),%mm5 + paddq 48(%esi),%mm6 + paddq 56(%esi),%mm7 + movl $640,%eax + movq %mm0,(%esi) + movq %mm1,8(%esi) + movq %mm2,16(%esi) + movq %mm3,24(%esi) + movq %mm4,32(%esi) + movq %mm5,40(%esi) + movq %mm6,48(%esi) + movq %mm7,56(%esi) + leal (%esp,%eax,1),%esp + subl %eax,%ebp + cmpl 88(%esp),%edi + jb .L004loop_sse2 + movl 92(%esp),%esp + emms + popl %edi + popl %esi + popl %ebx + popl %ebp + ret +.align 32 +.L003SSSE3: + leal -64(%esp),%edx + subl $256,%esp + movdqa 640(%ebp),%xmm1 + movdqu (%edi),%xmm0 +.byte 102,15,56,0,193 + movdqa (%ebp),%xmm3 + movdqa %xmm1,%xmm2 + movdqu 16(%edi),%xmm1 + paddq %xmm0,%xmm3 +.byte 102,15,56,0,202 + movdqa %xmm3,-128(%edx) + movdqa 16(%ebp),%xmm4 + movdqa %xmm2,%xmm3 + movdqu 32(%edi),%xmm2 + paddq %xmm1,%xmm4 +.byte 102,15,56,0,211 + movdqa %xmm4,-112(%edx) + movdqa 32(%ebp),%xmm5 + movdqa %xmm3,%xmm4 + movdqu 48(%edi),%xmm3 + paddq %xmm2,%xmm5 +.byte 102,15,56,0,220 + movdqa %xmm5,-96(%edx) + movdqa 48(%ebp),%xmm6 + movdqa %xmm4,%xmm5 + movdqu 64(%edi),%xmm4 + paddq %xmm3,%xmm6 +.byte 102,15,56,0,229 + movdqa %xmm6,-80(%edx) + movdqa 64(%ebp),%xmm7 + movdqa %xmm5,%xmm6 + movdqu 80(%edi),%xmm5 + paddq %xmm4,%xmm7 +.byte 102,15,56,0,238 + movdqa %xmm7,-64(%edx) + movdqa %xmm0,(%edx) + movdqa 80(%ebp),%xmm0 + movdqa %xmm6,%xmm7 + movdqu 96(%edi),%xmm6 + paddq %xmm5,%xmm0 +.byte 102,15,56,0,247 + movdqa %xmm0,-48(%edx) + movdqa %xmm1,16(%edx) + movdqa 96(%ebp),%xmm1 + movdqa %xmm7,%xmm0 + movdqu 112(%edi),%xmm7 + paddq %xmm6,%xmm1 +.byte 102,15,56,0,248 + movdqa %xmm1,-32(%edx) + movdqa %xmm2,32(%edx) + movdqa 112(%ebp),%xmm2 + movdqa (%edx),%xmm0 + paddq %xmm7,%xmm2 + movdqa %xmm2,-16(%edx) + nop +.align 32 +.L007loop_ssse3: + movdqa 16(%edx),%xmm2 + movdqa %xmm3,48(%edx) + leal 128(%ebp),%ebp + movq %mm1,8(%esp) + movl %edi,%ebx + movq %mm2,16(%esp) + leal 128(%edi),%edi + movq %mm3,24(%esp) + cmpl %eax,%edi + movq %mm5,40(%esp) + cmovbl %edi,%ebx + movq %mm6,48(%esp) + movl $4,%ecx + pxor %mm1,%mm2 + movq %mm7,56(%esp) + pxor %mm3,%mm3 + jmp .L00800_47_ssse3 +.align 32 +.L00800_47_ssse3: + movdqa %xmm5,%xmm3 + movdqa %xmm2,%xmm1 +.byte 102,15,58,15,208,8 + movdqa %xmm4,(%edx) +.byte 102,15,58,15,220,8 + movdqa %xmm2,%xmm4 + psrlq $7,%xmm2 + paddq %xmm3,%xmm0 + movdqa %xmm4,%xmm3 + psrlq $1,%xmm4 + psllq $56,%xmm3 + pxor %xmm4,%xmm2 + psrlq $7,%xmm4 + pxor %xmm3,%xmm2 + psllq $7,%xmm3 + pxor %xmm4,%xmm2 + movdqa %xmm7,%xmm4 + pxor %xmm3,%xmm2 + movdqa %xmm7,%xmm3 + psrlq $6,%xmm4 + paddq %xmm2,%xmm0 + movdqa %xmm7,%xmm2 + psrlq $19,%xmm3 + psllq $3,%xmm2 + pxor %xmm3,%xmm4 + psrlq $42,%xmm3 + pxor %xmm2,%xmm4 + psllq $42,%xmm2 + pxor %xmm3,%xmm4 + movdqa 32(%edx),%xmm3 + pxor %xmm2,%xmm4 + movdqa (%ebp),%xmm2 + movq %mm4,%mm1 + paddq %xmm4,%xmm0 + movq -128(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,32(%esp) + paddq %xmm0,%xmm2 + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm0 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 56(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 24(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 8(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq 32(%esp),%mm5 + paddq %mm6,%mm2 + movq 40(%esp),%mm6 + movq %mm4,%mm1 + movq -120(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,24(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm2 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm2,56(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 48(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 16(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm2,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm2,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq (%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm2,%mm0 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + pxor %mm7,%mm6 + movq 24(%esp),%mm5 + paddq %mm6,%mm0 + movq 32(%esp),%mm6 + movdqa %xmm2,-128(%edx) + movdqa %xmm6,%xmm4 + movdqa %xmm3,%xmm2 +.byte 102,15,58,15,217,8 + movdqa %xmm5,16(%edx) +.byte 102,15,58,15,229,8 + movdqa %xmm3,%xmm5 + psrlq $7,%xmm3 + paddq %xmm4,%xmm1 + movdqa %xmm5,%xmm4 + psrlq $1,%xmm5 + psllq $56,%xmm4 + pxor %xmm5,%xmm3 + psrlq $7,%xmm5 + pxor %xmm4,%xmm3 + psllq $7,%xmm4 + pxor %xmm5,%xmm3 + movdqa %xmm0,%xmm5 + pxor %xmm4,%xmm3 + movdqa %xmm0,%xmm4 + psrlq $6,%xmm5 + paddq %xmm3,%xmm1 + movdqa %xmm0,%xmm3 + psrlq $19,%xmm4 + psllq $3,%xmm3 + pxor %xmm4,%xmm5 + psrlq $42,%xmm4 + pxor %xmm3,%xmm5 + psllq $42,%xmm3 + pxor %xmm4,%xmm5 + movdqa 48(%edx),%xmm4 + pxor %xmm3,%xmm5 + movdqa 16(%ebp),%xmm3 + movq %mm4,%mm1 + paddq %xmm5,%xmm1 + movq -112(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,16(%esp) + paddq %xmm1,%xmm3 + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm0 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,48(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 40(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 8(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 56(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq 16(%esp),%mm5 + paddq %mm6,%mm2 + movq 24(%esp),%mm6 + movq %mm4,%mm1 + movq -104(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,8(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm2 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm2,40(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 32(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq (%esp),%mm4 + paddq %mm7,%mm3 + movq %mm2,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm2,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 48(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm2,%mm0 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + pxor %mm7,%mm6 + movq 8(%esp),%mm5 + paddq %mm6,%mm0 + movq 16(%esp),%mm6 + movdqa %xmm3,-112(%edx) + movdqa %xmm7,%xmm5 + movdqa %xmm4,%xmm3 +.byte 102,15,58,15,226,8 + movdqa %xmm6,32(%edx) +.byte 102,15,58,15,238,8 + movdqa %xmm4,%xmm6 + psrlq $7,%xmm4 + paddq %xmm5,%xmm2 + movdqa %xmm6,%xmm5 + psrlq $1,%xmm6 + psllq $56,%xmm5 + pxor %xmm6,%xmm4 + psrlq $7,%xmm6 + pxor %xmm5,%xmm4 + psllq $7,%xmm5 + pxor %xmm6,%xmm4 + movdqa %xmm1,%xmm6 + pxor %xmm5,%xmm4 + movdqa %xmm1,%xmm5 + psrlq $6,%xmm6 + paddq %xmm4,%xmm2 + movdqa %xmm1,%xmm4 + psrlq $19,%xmm5 + psllq $3,%xmm4 + pxor %xmm5,%xmm6 + psrlq $42,%xmm5 + pxor %xmm4,%xmm6 + psllq $42,%xmm4 + pxor %xmm5,%xmm6 + movdqa (%edx),%xmm5 + pxor %xmm4,%xmm6 + movdqa 32(%ebp),%xmm4 + movq %mm4,%mm1 + paddq %xmm6,%xmm2 + movq -96(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,(%esp) + paddq %xmm2,%xmm4 + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm0 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,32(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 24(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 56(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 40(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq (%esp),%mm5 + paddq %mm6,%mm2 + movq 8(%esp),%mm6 + movq %mm4,%mm1 + movq -88(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,56(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm2 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm2,24(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 16(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 48(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm2,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm2,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 32(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm2,%mm0 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + pxor %mm7,%mm6 + movq 56(%esp),%mm5 + paddq %mm6,%mm0 + movq (%esp),%mm6 + movdqa %xmm4,-96(%edx) + movdqa %xmm0,%xmm6 + movdqa %xmm5,%xmm4 +.byte 102,15,58,15,235,8 + movdqa %xmm7,48(%edx) +.byte 102,15,58,15,247,8 + movdqa %xmm5,%xmm7 + psrlq $7,%xmm5 + paddq %xmm6,%xmm3 + movdqa %xmm7,%xmm6 + psrlq $1,%xmm7 + psllq $56,%xmm6 + pxor %xmm7,%xmm5 + psrlq $7,%xmm7 + pxor %xmm6,%xmm5 + psllq $7,%xmm6 + pxor %xmm7,%xmm5 + movdqa %xmm2,%xmm7 + pxor %xmm6,%xmm5 + movdqa %xmm2,%xmm6 + psrlq $6,%xmm7 + paddq %xmm5,%xmm3 + movdqa %xmm2,%xmm5 + psrlq $19,%xmm6 + psllq $3,%xmm5 + pxor %xmm6,%xmm7 + psrlq $42,%xmm6 + pxor %xmm5,%xmm7 + psllq $42,%xmm5 + pxor %xmm6,%xmm7 + movdqa 16(%edx),%xmm6 + pxor %xmm5,%xmm7 + movdqa 48(%ebp),%xmm5 + movq %mm4,%mm1 + paddq %xmm7,%xmm3 + movq -80(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,48(%esp) + paddq %xmm3,%xmm5 + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm0 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,16(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 8(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 40(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 24(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq 48(%esp),%mm5 + paddq %mm6,%mm2 + movq 56(%esp),%mm6 + movq %mm4,%mm1 + movq -72(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,40(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm2 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm2,8(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq (%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 32(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm2,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm2,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 16(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm2,%mm0 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + pxor %mm7,%mm6 + movq 40(%esp),%mm5 + paddq %mm6,%mm0 + movq 48(%esp),%mm6 + movdqa %xmm5,-80(%edx) + movdqa %xmm1,%xmm7 + movdqa %xmm6,%xmm5 +.byte 102,15,58,15,244,8 + movdqa %xmm0,(%edx) +.byte 102,15,58,15,248,8 + movdqa %xmm6,%xmm0 + psrlq $7,%xmm6 + paddq %xmm7,%xmm4 + movdqa %xmm0,%xmm7 + psrlq $1,%xmm0 + psllq $56,%xmm7 + pxor %xmm0,%xmm6 + psrlq $7,%xmm0 + pxor %xmm7,%xmm6 + psllq $7,%xmm7 + pxor %xmm0,%xmm6 + movdqa %xmm3,%xmm0 + pxor %xmm7,%xmm6 + movdqa %xmm3,%xmm7 + psrlq $6,%xmm0 + paddq %xmm6,%xmm4 + movdqa %xmm3,%xmm6 + psrlq $19,%xmm7 + psllq $3,%xmm6 + pxor %xmm7,%xmm0 + psrlq $42,%xmm7 + pxor %xmm6,%xmm0 + psllq $42,%xmm6 + pxor %xmm7,%xmm0 + movdqa 32(%edx),%xmm7 + pxor %xmm6,%xmm0 + movdqa 64(%ebp),%xmm6 + movq %mm4,%mm1 + paddq %xmm0,%xmm4 + movq -64(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,32(%esp) + paddq %xmm4,%xmm6 + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm0 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 56(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 24(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 8(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq 32(%esp),%mm5 + paddq %mm6,%mm2 + movq 40(%esp),%mm6 + movq %mm4,%mm1 + movq -56(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,24(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm2 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm2,56(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 48(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 16(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm2,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm2,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq (%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm2,%mm0 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + pxor %mm7,%mm6 + movq 24(%esp),%mm5 + paddq %mm6,%mm0 + movq 32(%esp),%mm6 + movdqa %xmm6,-64(%edx) + movdqa %xmm2,%xmm0 + movdqa %xmm7,%xmm6 +.byte 102,15,58,15,253,8 + movdqa %xmm1,16(%edx) +.byte 102,15,58,15,193,8 + movdqa %xmm7,%xmm1 + psrlq $7,%xmm7 + paddq %xmm0,%xmm5 + movdqa %xmm1,%xmm0 + psrlq $1,%xmm1 + psllq $56,%xmm0 + pxor %xmm1,%xmm7 + psrlq $7,%xmm1 + pxor %xmm0,%xmm7 + psllq $7,%xmm0 + pxor %xmm1,%xmm7 + movdqa %xmm4,%xmm1 + pxor %xmm0,%xmm7 + movdqa %xmm4,%xmm0 + psrlq $6,%xmm1 + paddq %xmm7,%xmm5 + movdqa %xmm4,%xmm7 + psrlq $19,%xmm0 + psllq $3,%xmm7 + pxor %xmm0,%xmm1 + psrlq $42,%xmm0 + pxor %xmm7,%xmm1 + psllq $42,%xmm7 + pxor %xmm0,%xmm1 + movdqa 48(%edx),%xmm0 + pxor %xmm7,%xmm1 + movdqa 80(%ebp),%xmm7 + movq %mm4,%mm1 + paddq %xmm1,%xmm5 + movq -48(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,16(%esp) + paddq %xmm5,%xmm7 + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm0 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,48(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 40(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 8(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 56(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq 16(%esp),%mm5 + paddq %mm6,%mm2 + movq 24(%esp),%mm6 + movq %mm4,%mm1 + movq -40(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,8(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm2 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm2,40(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 32(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq (%esp),%mm4 + paddq %mm7,%mm3 + movq %mm2,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm2,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 48(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm2,%mm0 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + pxor %mm7,%mm6 + movq 8(%esp),%mm5 + paddq %mm6,%mm0 + movq 16(%esp),%mm6 + movdqa %xmm7,-48(%edx) + movdqa %xmm3,%xmm1 + movdqa %xmm0,%xmm7 +.byte 102,15,58,15,198,8 + movdqa %xmm2,32(%edx) +.byte 102,15,58,15,202,8 + movdqa %xmm0,%xmm2 + psrlq $7,%xmm0 + paddq %xmm1,%xmm6 + movdqa %xmm2,%xmm1 + psrlq $1,%xmm2 + psllq $56,%xmm1 + pxor %xmm2,%xmm0 + psrlq $7,%xmm2 + pxor %xmm1,%xmm0 + psllq $7,%xmm1 + pxor %xmm2,%xmm0 + movdqa %xmm5,%xmm2 + pxor %xmm1,%xmm0 + movdqa %xmm5,%xmm1 + psrlq $6,%xmm2 + paddq %xmm0,%xmm6 + movdqa %xmm5,%xmm0 + psrlq $19,%xmm1 + psllq $3,%xmm0 + pxor %xmm1,%xmm2 + psrlq $42,%xmm1 + pxor %xmm0,%xmm2 + psllq $42,%xmm0 + pxor %xmm1,%xmm2 + movdqa (%edx),%xmm1 + pxor %xmm0,%xmm2 + movdqa 96(%ebp),%xmm0 + movq %mm4,%mm1 + paddq %xmm2,%xmm6 + movq -32(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,(%esp) + paddq %xmm6,%xmm0 + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm0 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,32(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 24(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 56(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 40(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq (%esp),%mm5 + paddq %mm6,%mm2 + movq 8(%esp),%mm6 + movq %mm4,%mm1 + movq -24(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,56(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm2 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm2,24(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 16(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 48(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm2,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm2,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 32(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm2,%mm0 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + pxor %mm7,%mm6 + movq 56(%esp),%mm5 + paddq %mm6,%mm0 + movq (%esp),%mm6 + movdqa %xmm0,-32(%edx) + movdqa %xmm4,%xmm2 + movdqa %xmm1,%xmm0 +.byte 102,15,58,15,207,8 + movdqa %xmm3,48(%edx) +.byte 102,15,58,15,211,8 + movdqa %xmm1,%xmm3 + psrlq $7,%xmm1 + paddq %xmm2,%xmm7 + movdqa %xmm3,%xmm2 + psrlq $1,%xmm3 + psllq $56,%xmm2 + pxor %xmm3,%xmm1 + psrlq $7,%xmm3 + pxor %xmm2,%xmm1 + psllq $7,%xmm2 + pxor %xmm3,%xmm1 + movdqa %xmm6,%xmm3 + pxor %xmm2,%xmm1 + movdqa %xmm6,%xmm2 + psrlq $6,%xmm3 + paddq %xmm1,%xmm7 + movdqa %xmm6,%xmm1 + psrlq $19,%xmm2 + psllq $3,%xmm1 + pxor %xmm2,%xmm3 + psrlq $42,%xmm2 + pxor %xmm1,%xmm3 + psllq $42,%xmm1 + pxor %xmm2,%xmm3 + movdqa 16(%edx),%xmm2 + pxor %xmm1,%xmm3 + movdqa 112(%ebp),%xmm1 + movq %mm4,%mm1 + paddq %xmm3,%xmm7 + movq -16(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,48(%esp) + paddq %xmm7,%xmm1 + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm0 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,16(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 8(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 40(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 24(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq 48(%esp),%mm5 + paddq %mm6,%mm2 + movq 56(%esp),%mm6 + movq %mm4,%mm1 + movq -8(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,40(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm2 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm2,8(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq (%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 32(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm2,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm2,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 16(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm2,%mm0 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + pxor %mm7,%mm6 + movq 40(%esp),%mm5 + paddq %mm6,%mm0 + movq 48(%esp),%mm6 + movdqa %xmm1,-16(%edx) + leal 128(%ebp),%ebp + decl %ecx + jnz .L00800_47_ssse3 + movdqa (%ebp),%xmm1 + leal -640(%ebp),%ebp + movdqu (%ebx),%xmm0 +.byte 102,15,56,0,193 + movdqa (%ebp),%xmm3 + movdqa %xmm1,%xmm2 + movdqu 16(%ebx),%xmm1 + paddq %xmm0,%xmm3 +.byte 102,15,56,0,202 + movq %mm4,%mm1 + movq -128(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,32(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm0 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 56(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 24(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 8(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq 32(%esp),%mm5 + paddq %mm6,%mm2 + movq 40(%esp),%mm6 + movq %mm4,%mm1 + movq -120(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,24(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm2 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm2,56(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 48(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 16(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm2,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm2,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq (%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm2,%mm0 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + pxor %mm7,%mm6 + movq 24(%esp),%mm5 + paddq %mm6,%mm0 + movq 32(%esp),%mm6 + movdqa %xmm3,-128(%edx) + movdqa 16(%ebp),%xmm4 + movdqa %xmm2,%xmm3 + movdqu 32(%ebx),%xmm2 + paddq %xmm1,%xmm4 +.byte 102,15,56,0,211 + movq %mm4,%mm1 + movq -112(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,16(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm0 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,48(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 40(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 8(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 56(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq 16(%esp),%mm5 + paddq %mm6,%mm2 + movq 24(%esp),%mm6 + movq %mm4,%mm1 + movq -104(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,8(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm2 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm2,40(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 32(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq (%esp),%mm4 + paddq %mm7,%mm3 + movq %mm2,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm2,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 48(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm2,%mm0 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + pxor %mm7,%mm6 + movq 8(%esp),%mm5 + paddq %mm6,%mm0 + movq 16(%esp),%mm6 + movdqa %xmm4,-112(%edx) + movdqa 32(%ebp),%xmm5 + movdqa %xmm3,%xmm4 + movdqu 48(%ebx),%xmm3 + paddq %xmm2,%xmm5 +.byte 102,15,56,0,220 + movq %mm4,%mm1 + movq -96(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm0 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,32(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 24(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 56(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 40(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq (%esp),%mm5 + paddq %mm6,%mm2 + movq 8(%esp),%mm6 + movq %mm4,%mm1 + movq -88(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,56(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm2 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm2,24(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 16(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 48(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm2,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm2,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 32(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm2,%mm0 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + pxor %mm7,%mm6 + movq 56(%esp),%mm5 + paddq %mm6,%mm0 + movq (%esp),%mm6 + movdqa %xmm5,-96(%edx) + movdqa 48(%ebp),%xmm6 + movdqa %xmm4,%xmm5 + movdqu 64(%ebx),%xmm4 + paddq %xmm3,%xmm6 +.byte 102,15,56,0,229 + movq %mm4,%mm1 + movq -80(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,48(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm0 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,16(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 8(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 40(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 24(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq 48(%esp),%mm5 + paddq %mm6,%mm2 + movq 56(%esp),%mm6 + movq %mm4,%mm1 + movq -72(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,40(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm2 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm2,8(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq (%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 32(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm2,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm2,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 16(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm2,%mm0 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + pxor %mm7,%mm6 + movq 40(%esp),%mm5 + paddq %mm6,%mm0 + movq 48(%esp),%mm6 + movdqa %xmm6,-80(%edx) + movdqa 64(%ebp),%xmm7 + movdqa %xmm5,%xmm6 + movdqu 80(%ebx),%xmm5 + paddq %xmm4,%xmm7 +.byte 102,15,56,0,238 + movq %mm4,%mm1 + movq -64(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,32(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm0 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 56(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 24(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 8(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq 32(%esp),%mm5 + paddq %mm6,%mm2 + movq 40(%esp),%mm6 + movq %mm4,%mm1 + movq -56(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,24(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm2 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm2,56(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 48(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 16(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm2,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm2,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq (%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm2,%mm0 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + pxor %mm7,%mm6 + movq 24(%esp),%mm5 + paddq %mm6,%mm0 + movq 32(%esp),%mm6 + movdqa %xmm7,-64(%edx) + movdqa %xmm0,(%edx) + movdqa 80(%ebp),%xmm0 + movdqa %xmm6,%xmm7 + movdqu 96(%ebx),%xmm6 + paddq %xmm5,%xmm0 +.byte 102,15,56,0,247 + movq %mm4,%mm1 + movq -48(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,16(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm0 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,48(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 40(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 8(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 56(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq 16(%esp),%mm5 + paddq %mm6,%mm2 + movq 24(%esp),%mm6 + movq %mm4,%mm1 + movq -40(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,8(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm2 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm2,40(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 32(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq (%esp),%mm4 + paddq %mm7,%mm3 + movq %mm2,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm2,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 48(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm2,%mm0 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + pxor %mm7,%mm6 + movq 8(%esp),%mm5 + paddq %mm6,%mm0 + movq 16(%esp),%mm6 + movdqa %xmm0,-48(%edx) + movdqa %xmm1,16(%edx) + movdqa 96(%ebp),%xmm1 + movdqa %xmm7,%xmm0 + movdqu 112(%ebx),%xmm7 + paddq %xmm6,%xmm1 +.byte 102,15,56,0,248 + movq %mm4,%mm1 + movq -32(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm0 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,32(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 24(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 56(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 40(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq (%esp),%mm5 + paddq %mm6,%mm2 + movq 8(%esp),%mm6 + movq %mm4,%mm1 + movq -24(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,56(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm2 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm2,24(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 16(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 48(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm2,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm2,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 32(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm2,%mm0 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + pxor %mm7,%mm6 + movq 56(%esp),%mm5 + paddq %mm6,%mm0 + movq (%esp),%mm6 + movdqa %xmm1,-32(%edx) + movdqa %xmm2,32(%edx) + movdqa 112(%ebp),%xmm2 + movdqa (%edx),%xmm0 + paddq %xmm7,%xmm2 + movq %mm4,%mm1 + movq -16(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,48(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm0 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,16(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 8(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 40(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 24(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq 48(%esp),%mm5 + paddq %mm6,%mm2 + movq 56(%esp),%mm6 + movq %mm4,%mm1 + movq -8(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,40(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm2 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm2,8(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq (%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 32(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm2,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm2,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 16(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm2,%mm0 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + pxor %mm7,%mm6 + movq 40(%esp),%mm5 + paddq %mm6,%mm0 + movq 48(%esp),%mm6 + movdqa %xmm2,-16(%edx) + movq 8(%esp),%mm1 + paddq %mm3,%mm0 + movq 24(%esp),%mm3 + movq 56(%esp),%mm7 + pxor %mm1,%mm2 + paddq (%esi),%mm0 + paddq 8(%esi),%mm1 + paddq 16(%esi),%mm2 + paddq 24(%esi),%mm3 + paddq 32(%esi),%mm4 + paddq 40(%esi),%mm5 + paddq 48(%esi),%mm6 + paddq 56(%esi),%mm7 + movq %mm0,(%esi) + movq %mm1,8(%esi) + movq %mm2,16(%esi) + movq %mm3,24(%esi) + movq %mm4,32(%esi) + movq %mm5,40(%esi) + movq %mm6,48(%esi) + movq %mm7,56(%esi) + cmpl %eax,%edi + jb .L007loop_ssse3 + movl 76(%edx),%esp + emms + popl %edi + popl %esi + popl %ebx + popl %ebp + ret .align 16 .L002loop_x86: movl (%edi),%eax @@ -132,7 +2395,7 @@ sha512_block_data_order: movl $16,%ecx .long 2784229001 .align 16 -.L00300_15_x86: +.L00900_15_x86: movl 40(%esp),%ecx movl 44(%esp),%edx movl %ecx,%esi @@ -239,9 +2502,9 @@ sha512_block_data_order: subl $8,%esp leal 8(%ebp),%ebp cmpb $148,%dl - jne .L00300_15_x86 + jne .L00900_15_x86 .align 16 -.L00416_79_x86: +.L01016_79_x86: movl 312(%esp),%ecx movl 316(%esp),%edx movl %ecx,%esi @@ -414,7 +2677,7 @@ sha512_block_data_order: subl $8,%esp leal 8(%ebp),%ebp cmpb $23,%dl - jne .L00416_79_x86 + jne .L01016_79_x86 movl 840(%esp),%esi movl 844(%esp),%edi movl (%esi),%eax diff --git a/linux-x86_64/crypto/aes/aesni-x86_64.S b/linux-x86_64/crypto/aes/aesni-x86_64.S index ecefbe5..1d51d5b 100644 --- a/linux-x86_64/crypto/aes/aesni-x86_64.S +++ b/linux-x86_64/crypto/aes/aesni-x86_64.S @@ -20,7 +20,10 @@ aesni_encrypt: leaq 16(%rdx),%rdx jnz .Loop_enc1_1 .byte 102,15,56,221,209 + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 movups %xmm2,(%rsi) + pxor %xmm2,%xmm2 .byte 0xf3,0xc3 .size aesni_encrypt,.-aesni_encrypt @@ -42,7 +45,10 @@ aesni_decrypt: leaq 16(%rdx),%rdx jnz .Loop_dec1_2 .byte 102,15,56,223,209 + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 movups %xmm2,(%rsi) + pxor %xmm2,%xmm2 .byte 0xf3,0xc3 .size aesni_decrypt, .-aesni_decrypt .type _aesni_encrypt2,@function @@ -268,21 +274,18 @@ _aesni_encrypt6: pxor %xmm0,%xmm6 .byte 102,15,56,220,225 pxor %xmm0,%xmm7 + movups (%rcx,%rax,1),%xmm0 addq $16,%rax -.byte 102,15,56,220,233 -.byte 102,15,56,220,241 -.byte 102,15,56,220,249 - movups -16(%rcx,%rax,1),%xmm0 jmp .Lenc_loop6_enter .align 16 .Lenc_loop6: .byte 102,15,56,220,209 .byte 102,15,56,220,217 .byte 102,15,56,220,225 +.Lenc_loop6_enter: .byte 102,15,56,220,233 .byte 102,15,56,220,241 .byte 102,15,56,220,249 -.Lenc_loop6_enter: movups (%rcx,%rax,1),%xmm1 addq $32,%rax .byte 102,15,56,220,208 @@ -325,21 +328,18 @@ _aesni_decrypt6: pxor %xmm0,%xmm6 .byte 102,15,56,222,225 pxor %xmm0,%xmm7 + movups (%rcx,%rax,1),%xmm0 addq $16,%rax -.byte 102,15,56,222,233 -.byte 102,15,56,222,241 -.byte 102,15,56,222,249 - movups -16(%rcx,%rax,1),%xmm0 jmp .Ldec_loop6_enter .align 16 .Ldec_loop6: .byte 102,15,56,222,209 .byte 102,15,56,222,217 .byte 102,15,56,222,225 +.Ldec_loop6_enter: .byte 102,15,56,222,233 .byte 102,15,56,222,241 .byte 102,15,56,222,249 -.Ldec_loop6_enter: movups (%rcx,%rax,1),%xmm1 addq $32,%rax .byte 102,15,56,222,208 @@ -379,23 +379,18 @@ _aesni_encrypt8: leaq 32(%rcx,%rax,1),%rcx negq %rax .byte 102,15,56,220,209 - addq $16,%rax pxor %xmm0,%xmm7 -.byte 102,15,56,220,217 pxor %xmm0,%xmm8 +.byte 102,15,56,220,217 pxor %xmm0,%xmm9 -.byte 102,15,56,220,225 -.byte 102,15,56,220,233 -.byte 102,15,56,220,241 -.byte 102,15,56,220,249 -.byte 102,68,15,56,220,193 -.byte 102,68,15,56,220,201 - movups -16(%rcx,%rax,1),%xmm0 - jmp .Lenc_loop8_enter + movups (%rcx,%rax,1),%xmm0 + addq $16,%rax + jmp .Lenc_loop8_inner .align 16 .Lenc_loop8: .byte 102,15,56,220,209 .byte 102,15,56,220,217 +.Lenc_loop8_inner: .byte 102,15,56,220,225 .byte 102,15,56,220,233 .byte 102,15,56,220,241 @@ -448,23 +443,18 @@ _aesni_decrypt8: leaq 32(%rcx,%rax,1),%rcx negq %rax .byte 102,15,56,222,209 - addq $16,%rax pxor %xmm0,%xmm7 -.byte 102,15,56,222,217 pxor %xmm0,%xmm8 +.byte 102,15,56,222,217 pxor %xmm0,%xmm9 -.byte 102,15,56,222,225 -.byte 102,15,56,222,233 -.byte 102,15,56,222,241 -.byte 102,15,56,222,249 -.byte 102,68,15,56,222,193 -.byte 102,68,15,56,222,201 - movups -16(%rcx,%rax,1),%xmm0 - jmp .Ldec_loop8_enter + movups (%rcx,%rax,1),%xmm0 + addq $16,%rax + jmp .Ldec_loop8_inner .align 16 .Ldec_loop8: .byte 102,15,56,222,209 .byte 102,15,56,222,217 +.Ldec_loop8_inner: .byte 102,15,56,222,225 .byte 102,15,56,222,233 .byte 102,15,56,222,241 @@ -592,6 +582,7 @@ aesni_ecb_encrypt: movups 80(%rdi),%xmm7 je .Lecb_enc_six movdqu 96(%rdi),%xmm8 + xorps %xmm9,%xmm9 call _aesni_encrypt8 movups %xmm2,(%rsi) movups %xmm3,16(%rsi) @@ -705,15 +696,23 @@ aesni_ecb_encrypt: jnc .Lecb_dec_loop8 movups %xmm2,(%rsi) + pxor %xmm2,%xmm2 movq %r11,%rcx movups %xmm3,16(%rsi) + pxor %xmm3,%xmm3 movl %r10d,%eax movups %xmm4,32(%rsi) + pxor %xmm4,%xmm4 movups %xmm5,48(%rsi) + pxor %xmm5,%xmm5 movups %xmm6,64(%rsi) + pxor %xmm6,%xmm6 movups %xmm7,80(%rsi) + pxor %xmm7,%xmm7 movups %xmm8,96(%rsi) + pxor %xmm8,%xmm8 movups %xmm9,112(%rsi) + pxor %xmm9,%xmm9 leaq 128(%rsi),%rsi addq $128,%rdx jz .Lecb_ret @@ -736,14 +735,23 @@ aesni_ecb_encrypt: je .Lecb_dec_six movups 96(%rdi),%xmm8 movups (%rcx),%xmm0 + xorps %xmm9,%xmm9 call _aesni_decrypt8 movups %xmm2,(%rsi) + pxor %xmm2,%xmm2 movups %xmm3,16(%rsi) + pxor %xmm3,%xmm3 movups %xmm4,32(%rsi) + pxor %xmm4,%xmm4 movups %xmm5,48(%rsi) + pxor %xmm5,%xmm5 movups %xmm6,64(%rsi) + pxor %xmm6,%xmm6 movups %xmm7,80(%rsi) + pxor %xmm7,%xmm7 movups %xmm8,96(%rsi) + pxor %xmm8,%xmm8 + pxor %xmm9,%xmm9 jmp .Lecb_ret .align 16 .Lecb_dec_one: @@ -759,49 +767,73 @@ aesni_ecb_encrypt: jnz .Loop_dec1_4 .byte 102,15,56,223,209 movups %xmm2,(%rsi) + pxor %xmm2,%xmm2 jmp .Lecb_ret .align 16 .Lecb_dec_two: call _aesni_decrypt2 movups %xmm2,(%rsi) + pxor %xmm2,%xmm2 movups %xmm3,16(%rsi) + pxor %xmm3,%xmm3 jmp .Lecb_ret .align 16 .Lecb_dec_three: call _aesni_decrypt3 movups %xmm2,(%rsi) + pxor %xmm2,%xmm2 movups %xmm3,16(%rsi) + pxor %xmm3,%xmm3 movups %xmm4,32(%rsi) + pxor %xmm4,%xmm4 jmp .Lecb_ret .align 16 .Lecb_dec_four: call _aesni_decrypt4 movups %xmm2,(%rsi) + pxor %xmm2,%xmm2 movups %xmm3,16(%rsi) + pxor %xmm3,%xmm3 movups %xmm4,32(%rsi) + pxor %xmm4,%xmm4 movups %xmm5,48(%rsi) + pxor %xmm5,%xmm5 jmp .Lecb_ret .align 16 .Lecb_dec_five: xorps %xmm7,%xmm7 call _aesni_decrypt6 movups %xmm2,(%rsi) + pxor %xmm2,%xmm2 movups %xmm3,16(%rsi) + pxor %xmm3,%xmm3 movups %xmm4,32(%rsi) + pxor %xmm4,%xmm4 movups %xmm5,48(%rsi) + pxor %xmm5,%xmm5 movups %xmm6,64(%rsi) + pxor %xmm6,%xmm6 + pxor %xmm7,%xmm7 jmp .Lecb_ret .align 16 .Lecb_dec_six: call _aesni_decrypt6 movups %xmm2,(%rsi) + pxor %xmm2,%xmm2 movups %xmm3,16(%rsi) + pxor %xmm3,%xmm3 movups %xmm4,32(%rsi) + pxor %xmm4,%xmm4 movups %xmm5,48(%rsi) + pxor %xmm5,%xmm5 movups %xmm6,64(%rsi) + pxor %xmm6,%xmm6 movups %xmm7,80(%rsi) + pxor %xmm7,%xmm7 .Lecb_ret: + xorps %xmm0,%xmm0 + pxor %xmm1,%xmm1 .byte 0xf3,0xc3 .size aesni_ecb_encrypt,.-aesni_ecb_encrypt .globl aesni_ccm64_encrypt_blocks @@ -859,7 +891,13 @@ aesni_ccm64_encrypt_blocks: leaq 16(%rsi),%rsi jnz .Lccm64_enc_outer + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 movups %xmm3,(%r9) + pxor %xmm3,%xmm3 + pxor %xmm8,%xmm8 + pxor %xmm6,%xmm6 .byte 0xf3,0xc3 .size aesni_ccm64_encrypt_blocks,.-aesni_ccm64_encrypt_blocks .globl aesni_ccm64_decrypt_blocks @@ -951,7 +989,13 @@ aesni_ccm64_decrypt_blocks: leaq 16(%r11),%r11 jnz .Loop_enc1_6 .byte 102,15,56,221,217 + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 movups %xmm3,(%r9) + pxor %xmm3,%xmm3 + pxor %xmm8,%xmm8 + pxor %xmm6,%xmm6 .byte 0xf3,0xc3 .size aesni_ccm64_decrypt_blocks,.-aesni_ccm64_decrypt_blocks .globl aesni_ctr32_encrypt_blocks @@ -959,14 +1003,43 @@ aesni_ccm64_decrypt_blocks: .type aesni_ctr32_encrypt_blocks,@function .align 16 aesni_ctr32_encrypt_blocks: + cmpq $1,%rdx + jne .Lctr32_bulk + + + + movups (%r8),%xmm2 + movups (%rdi),%xmm3 + movl 240(%rcx),%edx + movups (%rcx),%xmm0 + movups 16(%rcx),%xmm1 + leaq 32(%rcx),%rcx + xorps %xmm0,%xmm2 +.Loop_enc1_7: +.byte 102,15,56,220,209 + decl %edx + movups (%rcx),%xmm1 + leaq 16(%rcx),%rcx + jnz .Loop_enc1_7 +.byte 102,15,56,221,209 + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + xorps %xmm3,%xmm2 + pxor %xmm3,%xmm3 + movups %xmm2,(%rsi) + xorps %xmm2,%xmm2 + jmp .Lctr32_epilogue + +.align 16 +.Lctr32_bulk: leaq (%rsp),%rax pushq %rbp subq $128,%rsp andq $-16,%rsp leaq -8(%rax),%rbp - cmpq $1,%rdx - je .Lctr32_one_shortcut + + movdqu (%r8),%xmm2 movdqu (%rcx),%xmm0 @@ -1357,11 +1430,14 @@ aesni_ctr32_encrypt_blocks: leaq -128(%rcx),%rcx .Lctr32_tail: + + leaq 16(%rcx),%rcx cmpq $4,%rdx jb .Lctr32_loop3 je .Lctr32_loop4 + shll $4,%eax movdqa 96(%rsp),%xmm8 pxor %xmm9,%xmm9 @@ -1464,30 +1540,33 @@ aesni_ctr32_encrypt_blocks: movups 32(%rdi),%xmm12 xorps %xmm12,%xmm4 movups %xmm4,32(%rsi) - jmp .Lctr32_done -.align 16 -.Lctr32_one_shortcut: - movups (%r8),%xmm2 - movups (%rdi),%xmm10 - movl 240(%rcx),%eax - movups (%rcx),%xmm0 - movups 16(%rcx),%xmm1 - leaq 32(%rcx),%rcx - xorps %xmm0,%xmm2 -.Loop_enc1_7: -.byte 102,15,56,220,209 - decl %eax - movups (%rcx),%xmm1 - leaq 16(%rcx),%rcx - jnz .Loop_enc1_7 -.byte 102,15,56,221,209 - xorps %xmm10,%xmm2 - movups %xmm2,(%rsi) - jmp .Lctr32_done - -.align 16 .Lctr32_done: + xorps %xmm0,%xmm0 + xorl %r11d,%r11d + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 + pxor %xmm6,%xmm6 + pxor %xmm7,%xmm7 + movaps %xmm0,0(%rsp) + pxor %xmm8,%xmm8 + movaps %xmm0,16(%rsp) + pxor %xmm9,%xmm9 + movaps %xmm0,32(%rsp) + pxor %xmm10,%xmm10 + movaps %xmm0,48(%rsp) + pxor %xmm11,%xmm11 + movaps %xmm0,64(%rsp) + pxor %xmm12,%xmm12 + movaps %xmm0,80(%rsp) + pxor %xmm13,%xmm13 + movaps %xmm0,96(%rsp) + pxor %xmm14,%xmm14 + movaps %xmm0,112(%rsp) + pxor %xmm15,%xmm15 leaq (%rbp),%rsp popq %rbp .Lctr32_epilogue: @@ -1759,6 +1838,7 @@ aesni_xts_encrypt: shrl $4,%eax .Lxts_enc_short: + movl %eax,%r10d pxor %xmm0,%xmm10 addq $96,%rdx @@ -1787,6 +1867,7 @@ aesni_xts_encrypt: pxor %xmm12,%xmm4 pxor %xmm13,%xmm5 pxor %xmm14,%xmm6 + pxor %xmm7,%xmm7 call _aesni_encrypt6 @@ -1929,6 +2010,29 @@ aesni_xts_encrypt: movups %xmm2,-16(%rsi) .Lxts_enc_ret: + xorps %xmm0,%xmm0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 + pxor %xmm6,%xmm6 + pxor %xmm7,%xmm7 + movaps %xmm0,0(%rsp) + pxor %xmm8,%xmm8 + movaps %xmm0,16(%rsp) + pxor %xmm9,%xmm9 + movaps %xmm0,32(%rsp) + pxor %xmm10,%xmm10 + movaps %xmm0,48(%rsp) + pxor %xmm11,%xmm11 + movaps %xmm0,64(%rsp) + pxor %xmm12,%xmm12 + movaps %xmm0,80(%rsp) + pxor %xmm13,%xmm13 + movaps %xmm0,96(%rsp) + pxor %xmm14,%xmm14 + pxor %xmm15,%xmm15 leaq (%rbp),%rsp popq %rbp .Lxts_enc_epilogue: @@ -2206,6 +2310,7 @@ aesni_xts_decrypt: shrl $4,%eax .Lxts_dec_short: + movl %eax,%r10d pxor %xmm0,%xmm10 pxor %xmm0,%xmm11 @@ -2408,6 +2513,29 @@ aesni_xts_decrypt: movups %xmm2,(%rsi) .Lxts_dec_ret: + xorps %xmm0,%xmm0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 + pxor %xmm6,%xmm6 + pxor %xmm7,%xmm7 + movaps %xmm0,0(%rsp) + pxor %xmm8,%xmm8 + movaps %xmm0,16(%rsp) + pxor %xmm9,%xmm9 + movaps %xmm0,32(%rsp) + pxor %xmm10,%xmm10 + movaps %xmm0,48(%rsp) + pxor %xmm11,%xmm11 + movaps %xmm0,64(%rsp) + pxor %xmm12,%xmm12 + movaps %xmm0,80(%rsp) + pxor %xmm13,%xmm13 + movaps %xmm0,96(%rsp) + pxor %xmm14,%xmm14 + pxor %xmm15,%xmm15 leaq (%rbp),%rsp popq %rbp .Lxts_dec_epilogue: @@ -2457,7 +2585,11 @@ aesni_cbc_encrypt: jnc .Lcbc_enc_loop addq $16,%rdx jnz .Lcbc_enc_tail + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 movups %xmm2,(%r8) + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 jmp .Lcbc_ret .Lcbc_enc_tail: @@ -2477,6 +2609,35 @@ aesni_cbc_encrypt: .align 16 .Lcbc_decrypt: + cmpq $16,%rdx + jne .Lcbc_decrypt_bulk + + + + movdqu (%rdi),%xmm2 + movdqu (%r8),%xmm3 + movdqa %xmm2,%xmm4 + movups (%rcx),%xmm0 + movups 16(%rcx),%xmm1 + leaq 32(%rcx),%rcx + xorps %xmm0,%xmm2 +.Loop_dec1_16: +.byte 102,15,56,222,209 + decl %r10d + movups (%rcx),%xmm1 + leaq 16(%rcx),%rcx + jnz .Loop_dec1_16 +.byte 102,15,56,223,209 + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + movdqu %xmm4,(%r8) + xorps %xmm3,%xmm2 + pxor %xmm3,%xmm3 + movups %xmm2,(%rsi) + pxor %xmm2,%xmm2 + jmp .Lcbc_ret +.align 16 +.Lcbc_decrypt_bulk: leaq (%rsp),%rax pushq %rbp subq $16,%rsp @@ -2713,7 +2874,7 @@ aesni_cbc_encrypt: movaps %xmm9,%xmm2 leaq -112(%rcx),%rcx addq $112,%rdx - jle .Lcbc_dec_tail_collected + jle .Lcbc_dec_clear_tail_collected movups %xmm9,(%rsi) leaq 16(%rsi),%rsi cmpq $80,%rdx @@ -2732,14 +2893,19 @@ aesni_cbc_encrypt: movdqu %xmm2,(%rsi) pxor %xmm12,%xmm4 movdqu %xmm3,16(%rsi) + pxor %xmm3,%xmm3 pxor %xmm13,%xmm5 movdqu %xmm4,32(%rsi) + pxor %xmm4,%xmm4 pxor %xmm14,%xmm6 movdqu %xmm5,48(%rsi) + pxor %xmm5,%xmm5 pxor %xmm15,%xmm7 movdqu %xmm6,64(%rsi) + pxor %xmm6,%xmm6 leaq 80(%rsi),%rsi movdqa %xmm7,%xmm2 + pxor %xmm7,%xmm7 jmp .Lcbc_dec_tail_collected .align 16 @@ -2754,16 +2920,23 @@ aesni_cbc_encrypt: movdqu %xmm2,(%rsi) pxor %xmm12,%xmm4 movdqu %xmm3,16(%rsi) + pxor %xmm3,%xmm3 pxor %xmm13,%xmm5 movdqu %xmm4,32(%rsi) + pxor %xmm4,%xmm4 pxor %xmm14,%xmm6 movdqu %xmm5,48(%rsi) + pxor %xmm5,%xmm5 pxor %xmm15,%xmm7 movdqu %xmm6,64(%rsi) + pxor %xmm6,%xmm6 pxor %xmm9,%xmm8 movdqu %xmm7,80(%rsi) + pxor %xmm7,%xmm7 leaq 96(%rsi),%rsi movdqa %xmm8,%xmm2 + pxor %xmm8,%xmm8 + pxor %xmm9,%xmm9 jmp .Lcbc_dec_tail_collected .align 16 @@ -2807,7 +2980,7 @@ aesni_cbc_encrypt: movdqa %xmm7,%xmm2 addq $80,%rdx - jle .Lcbc_dec_tail_collected + jle .Lcbc_dec_clear_tail_collected movups %xmm7,(%rsi) leaq 16(%rsi),%rsi @@ -2842,12 +3015,17 @@ aesni_cbc_encrypt: movdqu %xmm2,(%rsi) pxor %xmm12,%xmm4 movdqu %xmm3,16(%rsi) + pxor %xmm3,%xmm3 pxor %xmm13,%xmm5 movdqu %xmm4,32(%rsi) + pxor %xmm4,%xmm4 pxor %xmm14,%xmm6 movdqu %xmm5,48(%rsi) + pxor %xmm5,%xmm5 leaq 64(%rsi),%rsi movdqa %xmm6,%xmm2 + pxor %xmm6,%xmm6 + pxor %xmm7,%xmm7 subq $16,%rdx jmp .Lcbc_dec_tail_collected @@ -2858,12 +3036,12 @@ aesni_cbc_encrypt: movups 16(%rcx),%xmm1 leaq 32(%rcx),%rcx xorps %xmm0,%xmm2 -.Loop_dec1_16: +.Loop_dec1_17: .byte 102,15,56,222,209 decl %eax movups (%rcx),%xmm1 leaq 16(%rcx),%rcx - jnz .Loop_dec1_16 + jnz .Loop_dec1_17 .byte 102,15,56,223,209 xorps %xmm10,%xmm2 movaps %xmm11,%xmm10 @@ -2877,6 +3055,7 @@ aesni_cbc_encrypt: pxor %xmm11,%xmm3 movdqu %xmm2,(%rsi) movdqa %xmm3,%xmm2 + pxor %xmm3,%xmm3 leaq 16(%rsi),%rsi jmp .Lcbc_dec_tail_collected .align 16 @@ -2889,7 +3068,9 @@ aesni_cbc_encrypt: movdqu %xmm2,(%rsi) pxor %xmm12,%xmm4 movdqu %xmm3,16(%rsi) + pxor %xmm3,%xmm3 movdqa %xmm4,%xmm2 + pxor %xmm4,%xmm4 leaq 32(%rsi),%rsi jmp .Lcbc_dec_tail_collected .align 16 @@ -2902,29 +3083,45 @@ aesni_cbc_encrypt: movdqu %xmm2,(%rsi) pxor %xmm12,%xmm4 movdqu %xmm3,16(%rsi) + pxor %xmm3,%xmm3 pxor %xmm13,%xmm5 movdqu %xmm4,32(%rsi) + pxor %xmm4,%xmm4 movdqa %xmm5,%xmm2 + pxor %xmm5,%xmm5 leaq 48(%rsi),%rsi jmp .Lcbc_dec_tail_collected .align 16 +.Lcbc_dec_clear_tail_collected: + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 + pxor %xmm6,%xmm6 + pxor %xmm7,%xmm7 + pxor %xmm8,%xmm8 + pxor %xmm9,%xmm9 .Lcbc_dec_tail_collected: movups %xmm10,(%r8) andq $15,%rdx jnz .Lcbc_dec_tail_partial movups %xmm2,(%rsi) + pxor %xmm2,%xmm2 jmp .Lcbc_dec_ret .align 16 .Lcbc_dec_tail_partial: movaps %xmm2,(%rsp) + pxor %xmm2,%xmm2 movq $16,%rcx movq %rsi,%rdi subq %rdx,%rcx leaq (%rsp),%rsi .long 0x9066A4F3 + movdqa %xmm2,(%rsp) .Lcbc_dec_ret: + xorps %xmm0,%xmm0 + pxor %xmm1,%xmm1 leaq (%rbp),%rsp popq %rbp .Lcbc_ret: @@ -2963,7 +3160,9 @@ aesni_set_decrypt_key: movups (%rdx),%xmm0 .byte 102,15,56,219,192 + pxor %xmm1,%xmm1 movups %xmm0,(%rdi) + pxor %xmm0,%xmm0 .Ldec_key_ret: addq $8,%rsp .byte 0xf3,0xc3 @@ -2982,8 +3181,10 @@ __aesni_set_encrypt_key: testq %rdx,%rdx jz .Lenc_key_ret + movl $268437504,%r10d movups (%rdi),%xmm0 xorps %xmm4,%xmm4 + andl OPENSSL_ia32cap_P+4(%rip),%r10d leaq 16(%rdx),%rax cmpl $256,%esi je .L14rounds @@ -2994,6 +3195,9 @@ __aesni_set_encrypt_key: .L10rounds: movl $9,%esi + cmpl $268435456,%r10d + je .L10rounds_alt + movups %xmm0,(%rdx) .byte 102,15,58,223,200,1 call .Lkey_expansion_128_cold @@ -3021,9 +3225,79 @@ __aesni_set_encrypt_key: jmp .Lenc_key_ret .align 16 +.L10rounds_alt: + movdqa .Lkey_rotate(%rip),%xmm5 + movl $8,%r10d + movdqa .Lkey_rcon1(%rip),%xmm4 + movdqa %xmm0,%xmm2 + movdqu %xmm0,(%rdx) + jmp .Loop_key128 + +.align 16 +.Loop_key128: +.byte 102,15,56,0,197 +.byte 102,15,56,221,196 + pslld $1,%xmm4 + leaq 16(%rax),%rax + + movdqa %xmm2,%xmm3 + pslldq $4,%xmm2 + pxor %xmm2,%xmm3 + pslldq $4,%xmm2 + pxor %xmm2,%xmm3 + pslldq $4,%xmm2 + pxor %xmm3,%xmm2 + + pxor %xmm2,%xmm0 + movdqu %xmm0,-16(%rax) + movdqa %xmm0,%xmm2 + + decl %r10d + jnz .Loop_key128 + + movdqa .Lkey_rcon1b(%rip),%xmm4 + +.byte 102,15,56,0,197 +.byte 102,15,56,221,196 + pslld $1,%xmm4 + + movdqa %xmm2,%xmm3 + pslldq $4,%xmm2 + pxor %xmm2,%xmm3 + pslldq $4,%xmm2 + pxor %xmm2,%xmm3 + pslldq $4,%xmm2 + pxor %xmm3,%xmm2 + + pxor %xmm2,%xmm0 + movdqu %xmm0,(%rax) + + movdqa %xmm0,%xmm2 +.byte 102,15,56,0,197 +.byte 102,15,56,221,196 + + movdqa %xmm2,%xmm3 + pslldq $4,%xmm2 + pxor %xmm2,%xmm3 + pslldq $4,%xmm2 + pxor %xmm2,%xmm3 + pslldq $4,%xmm2 + pxor %xmm3,%xmm2 + + pxor %xmm2,%xmm0 + movdqu %xmm0,16(%rax) + + movl %esi,96(%rax) + xorl %eax,%eax + jmp .Lenc_key_ret + +.align 16 .L12rounds: movq 16(%rdi),%xmm2 movl $11,%esi + cmpl $268435456,%r10d + je .L12rounds_alt + movups %xmm0,(%rdx) .byte 102,15,58,223,202,1 call .Lkey_expansion_192a_cold @@ -3047,10 +3321,54 @@ __aesni_set_encrypt_key: jmp .Lenc_key_ret .align 16 +.L12rounds_alt: + movdqa .Lkey_rotate192(%rip),%xmm5 + movdqa .Lkey_rcon1(%rip),%xmm4 + movl $8,%r10d + movdqu %xmm0,(%rdx) + jmp .Loop_key192 + +.align 16 +.Loop_key192: + movq %xmm2,0(%rax) + movdqa %xmm2,%xmm1 +.byte 102,15,56,0,213 +.byte 102,15,56,221,212 + pslld $1,%xmm4 + leaq 24(%rax),%rax + + movdqa %xmm0,%xmm3 + pslldq $4,%xmm0 + pxor %xmm0,%xmm3 + pslldq $4,%xmm0 + pxor %xmm0,%xmm3 + pslldq $4,%xmm0 + pxor %xmm3,%xmm0 + + pshufd $255,%xmm0,%xmm3 + pxor %xmm1,%xmm3 + pslldq $4,%xmm1 + pxor %xmm1,%xmm3 + + pxor %xmm2,%xmm0 + pxor %xmm3,%xmm2 + movdqu %xmm0,-16(%rax) + + decl %r10d + jnz .Loop_key192 + + movl %esi,32(%rax) + xorl %eax,%eax + jmp .Lenc_key_ret + +.align 16 .L14rounds: movups 16(%rdi),%xmm2 movl $13,%esi leaq 16(%rax),%rax + cmpl $268435456,%r10d + je .L14rounds_alt + movups %xmm0,(%rdx) movups %xmm2,16(%rdx) .byte 102,15,58,223,202,1 @@ -3085,9 +3403,69 @@ __aesni_set_encrypt_key: jmp .Lenc_key_ret .align 16 +.L14rounds_alt: + movdqa .Lkey_rotate(%rip),%xmm5 + movdqa .Lkey_rcon1(%rip),%xmm4 + movl $7,%r10d + movdqu %xmm0,0(%rdx) + movdqa %xmm2,%xmm1 + movdqu %xmm2,16(%rdx) + jmp .Loop_key256 + +.align 16 +.Loop_key256: +.byte 102,15,56,0,213 +.byte 102,15,56,221,212 + + movdqa %xmm0,%xmm3 + pslldq $4,%xmm0 + pxor %xmm0,%xmm3 + pslldq $4,%xmm0 + pxor %xmm0,%xmm3 + pslldq $4,%xmm0 + pxor %xmm3,%xmm0 + pslld $1,%xmm4 + + pxor %xmm2,%xmm0 + movdqu %xmm0,(%rax) + + decl %r10d + jz .Ldone_key256 + + pshufd $255,%xmm0,%xmm2 + pxor %xmm3,%xmm3 +.byte 102,15,56,221,211 + + movdqa %xmm1,%xmm3 + pslldq $4,%xmm1 + pxor %xmm1,%xmm3 + pslldq $4,%xmm1 + pxor %xmm1,%xmm3 + pslldq $4,%xmm1 + pxor %xmm3,%xmm1 + + pxor %xmm1,%xmm2 + movdqu %xmm2,16(%rax) + leaq 32(%rax),%rax + movdqa %xmm2,%xmm1 + + jmp .Loop_key256 + +.Ldone_key256: + movl %esi,16(%rax) + xorl %eax,%eax + jmp .Lenc_key_ret + +.align 16 .Lbad_keybits: movq $-2,%rax .Lenc_key_ret: + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 addq $8,%rsp .byte 0xf3,0xc3 .LSEH_end_set_encrypt_key: @@ -3173,6 +3551,14 @@ __aesni_set_encrypt_key: .long 0x87,0,1,0 .Lincrement1: .byte 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1 +.Lkey_rotate: +.long 0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d +.Lkey_rotate192: +.long 0x04070605,0x04070605,0x04070605,0x04070605 +.Lkey_rcon1: +.long 1,1,1,1 +.Lkey_rcon1b: +.long 0x1b,0x1b,0x1b,0x1b .byte 65,69,83,32,102,111,114,32,73,110,116,101,108,32,65,69,83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .align 64 diff --git a/linux-x86_64/crypto/cpu-x86_64-asm.S b/linux-x86_64/crypto/cpu-x86_64-asm.S index c664242..9eef154 100644 --- a/linux-x86_64/crypto/cpu-x86_64-asm.S +++ b/linux-x86_64/crypto/cpu-x86_64-asm.S @@ -104,10 +104,6 @@ OPENSSL_ia32_cpuid: cmpl $0,%r9d jne .Lnotintel orl $1073741824,%edx - andb $15,%ah - cmpb $15,%ah - jne .Lnotintel - orl $1048576,%edx .Lnotintel: btl $28,%edx jnc .Lgeneric diff --git a/linux-x86_64/crypto/rand/rdrand-x86_64.S b/linux-x86_64/crypto/rand/rdrand-x86_64.S new file mode 100644 index 0000000..622ae55 --- /dev/null +++ b/linux-x86_64/crypto/rand/rdrand-x86_64.S @@ -0,0 +1,11 @@ +#if defined(__x86_64__) +.text + +.globl CRYPTO_rdrand +.hidden CRYPTO_rdrand +.type CRYPTO_rdrand,@function +.align 16 +CRYPTO_rdrand: +.byte 0x48, 0x0f, 0xc7, 0xf0 + .byte 0xf3,0xc3 +#endif diff --git a/linux-x86_64/crypto/rc4/rc4-x86_64.S b/linux-x86_64/crypto/rc4/rc4-x86_64.S index b022808..c4d1002 100644 --- a/linux-x86_64/crypto/rc4/rc4-x86_64.S +++ b/linux-x86_64/crypto/rc4/rc4-x86_64.S @@ -593,31 +593,4 @@ asm_RC4_set_key: movl %eax,-4(%rdi) .byte 0xf3,0xc3 .size asm_RC4_set_key,.-asm_RC4_set_key - -.globl RC4_options -.hidden RC4_options -.type RC4_options,@function -.align 16 -RC4_options: - leaq .Lopts(%rip),%rax - movq OPENSSL_ia32cap_P(%rip),%rdx - movl (%rdx),%edx - btl $20,%edx - jc .L8xchar - btl $30,%edx - jnc .Ldone - addq $25,%rax - .byte 0xf3,0xc3 -.L8xchar: - addq $12,%rax -.Ldone: - .byte 0xf3,0xc3 -.align 64 -.Lopts: -.byte 114,99,52,40,56,120,44,105,110,116,41,0 -.byte 114,99,52,40,56,120,44,99,104,97,114,41,0 -.byte 114,99,52,40,49,54,120,44,105,110,116,41,0 -.byte 82,67,52,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 -.align 64 -.size RC4_options,.-RC4_options #endif diff --git a/mac-x86/crypto/aes/aesni-x86.S b/mac-x86/crypto/aes/aesni-x86.S index 9000478..07719ba 100644 --- a/mac-x86/crypto/aes/aesni-x86.S +++ b/mac-x86/crypto/aes/aesni-x86.S @@ -22,7 +22,10 @@ L000enc1_loop_1: leal 16(%edx),%edx jnz L000enc1_loop_1 .byte 102,15,56,221,209 + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 movups %xmm2,(%eax) + pxor %xmm2,%xmm2 ret .globl _aesni_decrypt .private_extern _aesni_decrypt @@ -45,7 +48,10 @@ L001dec1_loop_2: leal 16(%edx),%edx jnz L001dec1_loop_2 .byte 102,15,56,223,209 + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 movups %xmm2,(%eax) + pxor %xmm2,%xmm2 ret .private_extern __aesni_encrypt2 .align 4 @@ -252,17 +258,15 @@ __aesni_encrypt6: negl %ecx .byte 102,15,56,220,225 pxor %xmm0,%xmm7 + movups (%edx,%ecx,1),%xmm0 addl $16,%ecx -.byte 102,15,56,220,233 -.byte 102,15,56,220,241 -.byte 102,15,56,220,249 - movups -16(%edx,%ecx,1),%xmm0 - jmp L_aesni_encrypt6_enter + jmp L008_aesni_encrypt6_inner .align 4,0x90 -L008enc6_loop: +L009enc6_loop: .byte 102,15,56,220,209 .byte 102,15,56,220,217 .byte 102,15,56,220,225 +L008_aesni_encrypt6_inner: .byte 102,15,56,220,233 .byte 102,15,56,220,241 .byte 102,15,56,220,249 @@ -276,7 +280,7 @@ L_aesni_encrypt6_enter: .byte 102,15,56,220,240 .byte 102,15,56,220,248 movups -16(%edx,%ecx,1),%xmm0 - jnz L008enc6_loop + jnz L009enc6_loop .byte 102,15,56,220,209 .byte 102,15,56,220,217 .byte 102,15,56,220,225 @@ -307,17 +311,15 @@ __aesni_decrypt6: negl %ecx .byte 102,15,56,222,225 pxor %xmm0,%xmm7 + movups (%edx,%ecx,1),%xmm0 addl $16,%ecx -.byte 102,15,56,222,233 -.byte 102,15,56,222,241 -.byte 102,15,56,222,249 - movups -16(%edx,%ecx,1),%xmm0 - jmp L_aesni_decrypt6_enter + jmp L010_aesni_decrypt6_inner .align 4,0x90 -L009dec6_loop: +L011dec6_loop: .byte 102,15,56,222,209 .byte 102,15,56,222,217 .byte 102,15,56,222,225 +L010_aesni_decrypt6_inner: .byte 102,15,56,222,233 .byte 102,15,56,222,241 .byte 102,15,56,222,249 @@ -331,7 +333,7 @@ L_aesni_decrypt6_enter: .byte 102,15,56,222,240 .byte 102,15,56,222,248 movups -16(%edx,%ecx,1),%xmm0 - jnz L009dec6_loop + jnz L011dec6_loop .byte 102,15,56,222,209 .byte 102,15,56,222,217 .byte 102,15,56,222,225 @@ -360,14 +362,14 @@ L_aesni_ecb_encrypt_begin: movl 32(%esp),%edx movl 36(%esp),%ebx andl $-16,%eax - jz L010ecb_ret + jz L012ecb_ret movl 240(%edx),%ecx testl %ebx,%ebx - jz L011ecb_decrypt + jz L013ecb_decrypt movl %edx,%ebp movl %ecx,%ebx cmpl $96,%eax - jb L012ecb_enc_tail + jb L014ecb_enc_tail movdqu (%esi),%xmm2 movdqu 16(%esi),%xmm3 movdqu 32(%esi),%xmm4 @@ -376,9 +378,9 @@ L_aesni_ecb_encrypt_begin: movdqu 80(%esi),%xmm7 leal 96(%esi),%esi subl $96,%eax - jmp L013ecb_enc_loop6_enter + jmp L015ecb_enc_loop6_enter .align 4,0x90 -L014ecb_enc_loop6: +L016ecb_enc_loop6: movups %xmm2,(%edi) movdqu (%esi),%xmm2 movups %xmm3,16(%edi) @@ -393,12 +395,12 @@ L014ecb_enc_loop6: leal 96(%edi),%edi movdqu 80(%esi),%xmm7 leal 96(%esi),%esi -L013ecb_enc_loop6_enter: +L015ecb_enc_loop6_enter: call __aesni_encrypt6 movl %ebp,%edx movl %ebx,%ecx subl $96,%eax - jnc L014ecb_enc_loop6 + jnc L016ecb_enc_loop6 movups %xmm2,(%edi) movups %xmm3,16(%edi) movups %xmm4,32(%edi) @@ -407,18 +409,18 @@ L013ecb_enc_loop6_enter: movups %xmm7,80(%edi) leal 96(%edi),%edi addl $96,%eax - jz L010ecb_ret -L012ecb_enc_tail: + jz L012ecb_ret +L014ecb_enc_tail: movups (%esi),%xmm2 cmpl $32,%eax - jb L015ecb_enc_one + jb L017ecb_enc_one movups 16(%esi),%xmm3 - je L016ecb_enc_two + je L018ecb_enc_two movups 32(%esi),%xmm4 cmpl $64,%eax - jb L017ecb_enc_three + jb L019ecb_enc_three movups 48(%esi),%xmm5 - je L018ecb_enc_four + je L020ecb_enc_four movups 64(%esi),%xmm6 xorps %xmm7,%xmm7 call __aesni_encrypt6 @@ -427,49 +429,49 @@ L012ecb_enc_tail: movups %xmm4,32(%edi) movups %xmm5,48(%edi) movups %xmm6,64(%edi) - jmp L010ecb_ret + jmp L012ecb_ret .align 4,0x90 -L015ecb_enc_one: +L017ecb_enc_one: movups (%edx),%xmm0 movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -L019enc1_loop_3: +L021enc1_loop_3: .byte 102,15,56,220,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz L019enc1_loop_3 + jnz L021enc1_loop_3 .byte 102,15,56,221,209 movups %xmm2,(%edi) - jmp L010ecb_ret + jmp L012ecb_ret .align 4,0x90 -L016ecb_enc_two: +L018ecb_enc_two: call __aesni_encrypt2 movups %xmm2,(%edi) movups %xmm3,16(%edi) - jmp L010ecb_ret + jmp L012ecb_ret .align 4,0x90 -L017ecb_enc_three: +L019ecb_enc_three: call __aesni_encrypt3 movups %xmm2,(%edi) movups %xmm3,16(%edi) movups %xmm4,32(%edi) - jmp L010ecb_ret + jmp L012ecb_ret .align 4,0x90 -L018ecb_enc_four: +L020ecb_enc_four: call __aesni_encrypt4 movups %xmm2,(%edi) movups %xmm3,16(%edi) movups %xmm4,32(%edi) movups %xmm5,48(%edi) - jmp L010ecb_ret + jmp L012ecb_ret .align 4,0x90 -L011ecb_decrypt: +L013ecb_decrypt: movl %edx,%ebp movl %ecx,%ebx cmpl $96,%eax - jb L020ecb_dec_tail + jb L022ecb_dec_tail movdqu (%esi),%xmm2 movdqu 16(%esi),%xmm3 movdqu 32(%esi),%xmm4 @@ -478,9 +480,9 @@ L011ecb_decrypt: movdqu 80(%esi),%xmm7 leal 96(%esi),%esi subl $96,%eax - jmp L021ecb_dec_loop6_enter + jmp L023ecb_dec_loop6_enter .align 4,0x90 -L022ecb_dec_loop6: +L024ecb_dec_loop6: movups %xmm2,(%edi) movdqu (%esi),%xmm2 movups %xmm3,16(%edi) @@ -495,12 +497,12 @@ L022ecb_dec_loop6: leal 96(%edi),%edi movdqu 80(%esi),%xmm7 leal 96(%esi),%esi -L021ecb_dec_loop6_enter: +L023ecb_dec_loop6_enter: call __aesni_decrypt6 movl %ebp,%edx movl %ebx,%ecx subl $96,%eax - jnc L022ecb_dec_loop6 + jnc L024ecb_dec_loop6 movups %xmm2,(%edi) movups %xmm3,16(%edi) movups %xmm4,32(%edi) @@ -509,18 +511,18 @@ L021ecb_dec_loop6_enter: movups %xmm7,80(%edi) leal 96(%edi),%edi addl $96,%eax - jz L010ecb_ret -L020ecb_dec_tail: + jz L012ecb_ret +L022ecb_dec_tail: movups (%esi),%xmm2 cmpl $32,%eax - jb L023ecb_dec_one + jb L025ecb_dec_one movups 16(%esi),%xmm3 - je L024ecb_dec_two + je L026ecb_dec_two movups 32(%esi),%xmm4 cmpl $64,%eax - jb L025ecb_dec_three + jb L027ecb_dec_three movups 48(%esi),%xmm5 - je L026ecb_dec_four + je L028ecb_dec_four movups 64(%esi),%xmm6 xorps %xmm7,%xmm7 call __aesni_decrypt6 @@ -529,43 +531,51 @@ L020ecb_dec_tail: movups %xmm4,32(%edi) movups %xmm5,48(%edi) movups %xmm6,64(%edi) - jmp L010ecb_ret + jmp L012ecb_ret .align 4,0x90 -L023ecb_dec_one: +L025ecb_dec_one: movups (%edx),%xmm0 movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -L027dec1_loop_4: +L029dec1_loop_4: .byte 102,15,56,222,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz L027dec1_loop_4 + jnz L029dec1_loop_4 .byte 102,15,56,223,209 movups %xmm2,(%edi) - jmp L010ecb_ret + jmp L012ecb_ret .align 4,0x90 -L024ecb_dec_two: +L026ecb_dec_two: call __aesni_decrypt2 movups %xmm2,(%edi) movups %xmm3,16(%edi) - jmp L010ecb_ret + jmp L012ecb_ret .align 4,0x90 -L025ecb_dec_three: +L027ecb_dec_three: call __aesni_decrypt3 movups %xmm2,(%edi) movups %xmm3,16(%edi) movups %xmm4,32(%edi) - jmp L010ecb_ret + jmp L012ecb_ret .align 4,0x90 -L026ecb_dec_four: +L028ecb_dec_four: call __aesni_decrypt4 movups %xmm2,(%edi) movups %xmm3,16(%edi) movups %xmm4,32(%edi) movups %xmm5,48(%edi) -L010ecb_ret: +L012ecb_ret: + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 + pxor %xmm6,%xmm6 + pxor %xmm7,%xmm7 popl %edi popl %esi popl %ebx @@ -611,7 +621,7 @@ L_aesni_ccm64_encrypt_blocks_begin: leal 32(%edx,%ecx,1),%edx subl %ecx,%ebx .byte 102,15,56,0,253 -L028ccm64_enc_outer: +L030ccm64_enc_outer: movups (%ebp),%xmm0 movl %ebx,%ecx movups (%esi),%xmm6 @@ -620,7 +630,7 @@ L028ccm64_enc_outer: xorps %xmm6,%xmm0 xorps %xmm0,%xmm3 movups 32(%ebp),%xmm0 -L029ccm64_enc2_loop: +L031ccm64_enc2_loop: .byte 102,15,56,220,209 .byte 102,15,56,220,217 movups (%edx,%ecx,1),%xmm1 @@ -628,7 +638,7 @@ L029ccm64_enc2_loop: .byte 102,15,56,220,208 .byte 102,15,56,220,216 movups -16(%edx,%ecx,1),%xmm0 - jnz L029ccm64_enc2_loop + jnz L031ccm64_enc2_loop .byte 102,15,56,220,209 .byte 102,15,56,220,217 paddq 16(%esp),%xmm7 @@ -641,10 +651,18 @@ L029ccm64_enc2_loop: movups %xmm6,(%edi) .byte 102,15,56,0,213 leal 16(%edi),%edi - jnz L028ccm64_enc_outer + jnz L030ccm64_enc_outer movl 48(%esp),%esp movl 40(%esp),%edi movups %xmm3,(%edi) + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 + pxor %xmm6,%xmm6 + pxor %xmm7,%xmm7 popl %edi popl %esi popl %ebx @@ -691,12 +709,12 @@ L_aesni_ccm64_decrypt_blocks_begin: movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -L030enc1_loop_5: +L032enc1_loop_5: .byte 102,15,56,220,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz L030enc1_loop_5 + jnz L032enc1_loop_5 .byte 102,15,56,221,209 shll $4,%ebx movl $16,%ecx @@ -706,16 +724,16 @@ L030enc1_loop_5: subl %ebx,%ecx leal 32(%ebp,%ebx,1),%edx movl %ecx,%ebx - jmp L031ccm64_dec_outer + jmp L033ccm64_dec_outer .align 4,0x90 -L031ccm64_dec_outer: +L033ccm64_dec_outer: xorps %xmm2,%xmm6 movdqa %xmm7,%xmm2 movups %xmm6,(%edi) leal 16(%edi),%edi .byte 102,15,56,0,213 subl $1,%eax - jz L032ccm64_dec_break + jz L034ccm64_dec_break movups (%ebp),%xmm0 movl %ebx,%ecx movups 16(%ebp),%xmm1 @@ -723,7 +741,7 @@ L031ccm64_dec_outer: xorps %xmm0,%xmm2 xorps %xmm6,%xmm3 movups 32(%ebp),%xmm0 -L033ccm64_dec2_loop: +L035ccm64_dec2_loop: .byte 102,15,56,220,209 .byte 102,15,56,220,217 movups (%edx,%ecx,1),%xmm1 @@ -731,7 +749,7 @@ L033ccm64_dec2_loop: .byte 102,15,56,220,208 .byte 102,15,56,220,216 movups -16(%edx,%ecx,1),%xmm0 - jnz L033ccm64_dec2_loop + jnz L035ccm64_dec2_loop movups (%esi),%xmm6 paddq 16(%esp),%xmm7 .byte 102,15,56,220,209 @@ -739,9 +757,9 @@ L033ccm64_dec2_loop: .byte 102,15,56,221,208 .byte 102,15,56,221,216 leal 16(%esi),%esi - jmp L031ccm64_dec_outer + jmp L033ccm64_dec_outer .align 4,0x90 -L032ccm64_dec_break: +L034ccm64_dec_break: movl 240(%ebp),%ecx movl %ebp,%edx movups (%edx),%xmm0 @@ -749,16 +767,24 @@ L032ccm64_dec_break: xorps %xmm0,%xmm6 leal 32(%edx),%edx xorps %xmm6,%xmm3 -L034enc1_loop_6: +L036enc1_loop_6: .byte 102,15,56,220,217 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz L034enc1_loop_6 + jnz L036enc1_loop_6 .byte 102,15,56,221,217 movl 48(%esp),%esp movl 40(%esp),%edi movups %xmm3,(%edi) + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 + pxor %xmm6,%xmm6 + pxor %xmm7,%xmm7 popl %edi popl %esi popl %ebx @@ -783,7 +809,7 @@ L_aesni_ctr32_encrypt_blocks_begin: andl $-16,%esp movl %ebp,80(%esp) cmpl $1,%eax - je L035ctr32_one_shortcut + je L037ctr32_one_shortcut movdqu (%ebx),%xmm7 movl $202182159,(%esp) movl $134810123,4(%esp) @@ -821,7 +847,7 @@ L_aesni_ctr32_encrypt_blocks_begin: pshufd $192,%xmm0,%xmm2 pshufd $128,%xmm0,%xmm3 cmpl $6,%eax - jb L036ctr32_tail + jb L038ctr32_tail pxor %xmm6,%xmm7 shll $4,%ecx movl $16,%ebx @@ -830,9 +856,9 @@ L_aesni_ctr32_encrypt_blocks_begin: subl %ecx,%ebx leal 32(%edx,%ecx,1),%edx subl $6,%eax - jmp L037ctr32_loop6 + jmp L039ctr32_loop6 .align 4,0x90 -L037ctr32_loop6: +L039ctr32_loop6: pshufd $64,%xmm0,%xmm4 movdqa 32(%esp),%xmm0 pshufd $192,%xmm1,%xmm5 @@ -886,27 +912,27 @@ L037ctr32_loop6: leal 96(%edi),%edi pshufd $128,%xmm0,%xmm3 subl $6,%eax - jnc L037ctr32_loop6 + jnc L039ctr32_loop6 addl $6,%eax - jz L038ctr32_ret + jz L040ctr32_ret movdqu (%ebp),%xmm7 movl %ebp,%edx pxor 32(%esp),%xmm7 movl 240(%ebp),%ecx -L036ctr32_tail: +L038ctr32_tail: por %xmm7,%xmm2 cmpl $2,%eax - jb L039ctr32_one + jb L041ctr32_one pshufd $64,%xmm0,%xmm4 por %xmm7,%xmm3 - je L040ctr32_two + je L042ctr32_two pshufd $192,%xmm1,%xmm5 por %xmm7,%xmm4 cmpl $4,%eax - jb L041ctr32_three + jb L043ctr32_three pshufd $128,%xmm1,%xmm6 por %xmm7,%xmm5 - je L042ctr32_four + je L044ctr32_four por %xmm7,%xmm6 call __aesni_encrypt6 movups (%esi),%xmm1 @@ -924,29 +950,29 @@ L036ctr32_tail: movups %xmm4,32(%edi) movups %xmm5,48(%edi) movups %xmm6,64(%edi) - jmp L038ctr32_ret + jmp L040ctr32_ret .align 4,0x90 -L035ctr32_one_shortcut: +L037ctr32_one_shortcut: movups (%ebx),%xmm2 movl 240(%edx),%ecx -L039ctr32_one: +L041ctr32_one: movups (%edx),%xmm0 movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -L043enc1_loop_7: +L045enc1_loop_7: .byte 102,15,56,220,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz L043enc1_loop_7 + jnz L045enc1_loop_7 .byte 102,15,56,221,209 movups (%esi),%xmm6 xorps %xmm2,%xmm6 movups %xmm6,(%edi) - jmp L038ctr32_ret + jmp L040ctr32_ret .align 4,0x90 -L040ctr32_two: +L042ctr32_two: call __aesni_encrypt2 movups (%esi),%xmm5 movups 16(%esi),%xmm6 @@ -954,9 +980,9 @@ L040ctr32_two: xorps %xmm6,%xmm3 movups %xmm2,(%edi) movups %xmm3,16(%edi) - jmp L038ctr32_ret + jmp L040ctr32_ret .align 4,0x90 -L041ctr32_three: +L043ctr32_three: call __aesni_encrypt3 movups (%esi),%xmm5 movups 16(%esi),%xmm6 @@ -967,9 +993,9 @@ L041ctr32_three: xorps %xmm7,%xmm4 movups %xmm3,16(%edi) movups %xmm4,32(%edi) - jmp L038ctr32_ret + jmp L040ctr32_ret .align 4,0x90 -L042ctr32_four: +L044ctr32_four: call __aesni_encrypt4 movups (%esi),%xmm6 movups 16(%esi),%xmm7 @@ -983,7 +1009,18 @@ L042ctr32_four: xorps %xmm0,%xmm5 movups %xmm4,32(%edi) movups %xmm5,48(%edi) -L038ctr32_ret: +L040ctr32_ret: + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + movdqa %xmm0,32(%esp) + pxor %xmm5,%xmm5 + movdqa %xmm0,48(%esp) + pxor %xmm6,%xmm6 + movdqa %xmm0,64(%esp) + pxor %xmm7,%xmm7 movl 80(%esp),%esp popl %edi popl %esi @@ -1007,12 +1044,12 @@ L_aesni_xts_encrypt_begin: movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -L044enc1_loop_8: +L046enc1_loop_8: .byte 102,15,56,220,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz L044enc1_loop_8 + jnz L046enc1_loop_8 .byte 102,15,56,221,209 movl 20(%esp),%esi movl 24(%esp),%edi @@ -1036,14 +1073,14 @@ L044enc1_loop_8: movl %edx,%ebp movl %ecx,%ebx subl $96,%eax - jc L045xts_enc_short + jc L047xts_enc_short shll $4,%ecx movl $16,%ebx subl %ecx,%ebx leal 32(%edx,%ecx,1),%edx - jmp L046xts_enc_loop6 + jmp L048xts_enc_loop6 .align 4,0x90 -L046xts_enc_loop6: +L048xts_enc_loop6: pshufd $19,%xmm0,%xmm2 pxor %xmm0,%xmm0 movdqa %xmm1,(%esp) @@ -1132,23 +1169,23 @@ L046xts_enc_loop6: pcmpgtd %xmm1,%xmm0 pxor %xmm2,%xmm1 subl $96,%eax - jnc L046xts_enc_loop6 + jnc L048xts_enc_loop6 movl 240(%ebp),%ecx movl %ebp,%edx movl %ecx,%ebx -L045xts_enc_short: +L047xts_enc_short: addl $96,%eax - jz L047xts_enc_done6x + jz L049xts_enc_done6x movdqa %xmm1,%xmm5 cmpl $32,%eax - jb L048xts_enc_one + jb L050xts_enc_one pshufd $19,%xmm0,%xmm2 pxor %xmm0,%xmm0 paddq %xmm1,%xmm1 pand %xmm3,%xmm2 pcmpgtd %xmm1,%xmm0 pxor %xmm2,%xmm1 - je L049xts_enc_two + je L051xts_enc_two pshufd $19,%xmm0,%xmm2 pxor %xmm0,%xmm0 movdqa %xmm1,%xmm6 @@ -1157,7 +1194,7 @@ L045xts_enc_short: pcmpgtd %xmm1,%xmm0 pxor %xmm2,%xmm1 cmpl $64,%eax - jb L050xts_enc_three + jb L052xts_enc_three pshufd $19,%xmm0,%xmm2 pxor %xmm0,%xmm0 movdqa %xmm1,%xmm7 @@ -1167,7 +1204,7 @@ L045xts_enc_short: pxor %xmm2,%xmm1 movdqa %xmm5,(%esp) movdqa %xmm6,16(%esp) - je L051xts_enc_four + je L053xts_enc_four movdqa %xmm7,32(%esp) pshufd $19,%xmm0,%xmm7 movdqa %xmm1,48(%esp) @@ -1199,9 +1236,9 @@ L045xts_enc_short: movups %xmm5,48(%edi) movups %xmm6,64(%edi) leal 80(%edi),%edi - jmp L052xts_enc_done + jmp L054xts_enc_done .align 4,0x90 -L048xts_enc_one: +L050xts_enc_one: movups (%esi),%xmm2 leal 16(%esi),%esi xorps %xmm5,%xmm2 @@ -1209,20 +1246,20 @@ L048xts_enc_one: movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -L053enc1_loop_9: +L055enc1_loop_9: .byte 102,15,56,220,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz L053enc1_loop_9 + jnz L055enc1_loop_9 .byte 102,15,56,221,209 xorps %xmm5,%xmm2 movups %xmm2,(%edi) leal 16(%edi),%edi movdqa %xmm5,%xmm1 - jmp L052xts_enc_done + jmp L054xts_enc_done .align 4,0x90 -L049xts_enc_two: +L051xts_enc_two: movaps %xmm1,%xmm6 movups (%esi),%xmm2 movups 16(%esi),%xmm3 @@ -1236,9 +1273,9 @@ L049xts_enc_two: movups %xmm3,16(%edi) leal 32(%edi),%edi movdqa %xmm6,%xmm1 - jmp L052xts_enc_done + jmp L054xts_enc_done .align 4,0x90 -L050xts_enc_three: +L052xts_enc_three: movaps %xmm1,%xmm7 movups (%esi),%xmm2 movups 16(%esi),%xmm3 @@ -1256,9 +1293,9 @@ L050xts_enc_three: movups %xmm4,32(%edi) leal 48(%edi),%edi movdqa %xmm7,%xmm1 - jmp L052xts_enc_done + jmp L054xts_enc_done .align 4,0x90 -L051xts_enc_four: +L053xts_enc_four: movaps %xmm1,%xmm6 movups (%esi),%xmm2 movups 16(%esi),%xmm3 @@ -1280,28 +1317,28 @@ L051xts_enc_four: movups %xmm5,48(%edi) leal 64(%edi),%edi movdqa %xmm6,%xmm1 - jmp L052xts_enc_done + jmp L054xts_enc_done .align 4,0x90 -L047xts_enc_done6x: +L049xts_enc_done6x: movl 112(%esp),%eax andl $15,%eax - jz L054xts_enc_ret + jz L056xts_enc_ret movdqa %xmm1,%xmm5 movl %eax,112(%esp) - jmp L055xts_enc_steal + jmp L057xts_enc_steal .align 4,0x90 -L052xts_enc_done: +L054xts_enc_done: movl 112(%esp),%eax pxor %xmm0,%xmm0 andl $15,%eax - jz L054xts_enc_ret + jz L056xts_enc_ret pcmpgtd %xmm1,%xmm0 movl %eax,112(%esp) pshufd $19,%xmm0,%xmm5 paddq %xmm1,%xmm1 pand 96(%esp),%xmm5 pxor %xmm1,%xmm5 -L055xts_enc_steal: +L057xts_enc_steal: movzbl (%esi),%ecx movzbl -16(%edi),%edx leal 1(%esi),%esi @@ -1309,7 +1346,7 @@ L055xts_enc_steal: movb %dl,(%edi) leal 1(%edi),%edi subl $1,%eax - jnz L055xts_enc_steal + jnz L057xts_enc_steal subl 112(%esp),%edi movl %ebp,%edx movl %ebx,%ecx @@ -1319,16 +1356,30 @@ L055xts_enc_steal: movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -L056enc1_loop_10: +L058enc1_loop_10: .byte 102,15,56,220,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz L056enc1_loop_10 + jnz L058enc1_loop_10 .byte 102,15,56,221,209 xorps %xmm5,%xmm2 movups %xmm2,-16(%edi) -L054xts_enc_ret: +L056xts_enc_ret: + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + movdqa %xmm0,(%esp) + pxor %xmm3,%xmm3 + movdqa %xmm0,16(%esp) + pxor %xmm4,%xmm4 + movdqa %xmm0,32(%esp) + pxor %xmm5,%xmm5 + movdqa %xmm0,48(%esp) + pxor %xmm6,%xmm6 + movdqa %xmm0,64(%esp) + pxor %xmm7,%xmm7 + movdqa %xmm0,80(%esp) movl 116(%esp),%esp popl %edi popl %esi @@ -1352,12 +1403,12 @@ L_aesni_xts_decrypt_begin: movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -L057enc1_loop_11: +L059enc1_loop_11: .byte 102,15,56,220,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz L057enc1_loop_11 + jnz L059enc1_loop_11 .byte 102,15,56,221,209 movl 20(%esp),%esi movl 24(%esp),%edi @@ -1386,14 +1437,14 @@ L057enc1_loop_11: pcmpgtd %xmm1,%xmm0 andl $-16,%eax subl $96,%eax - jc L058xts_dec_short + jc L060xts_dec_short shll $4,%ecx movl $16,%ebx subl %ecx,%ebx leal 32(%edx,%ecx,1),%edx - jmp L059xts_dec_loop6 + jmp L061xts_dec_loop6 .align 4,0x90 -L059xts_dec_loop6: +L061xts_dec_loop6: pshufd $19,%xmm0,%xmm2 pxor %xmm0,%xmm0 movdqa %xmm1,(%esp) @@ -1482,23 +1533,23 @@ L059xts_dec_loop6: pcmpgtd %xmm1,%xmm0 pxor %xmm2,%xmm1 subl $96,%eax - jnc L059xts_dec_loop6 + jnc L061xts_dec_loop6 movl 240(%ebp),%ecx movl %ebp,%edx movl %ecx,%ebx -L058xts_dec_short: +L060xts_dec_short: addl $96,%eax - jz L060xts_dec_done6x + jz L062xts_dec_done6x movdqa %xmm1,%xmm5 cmpl $32,%eax - jb L061xts_dec_one + jb L063xts_dec_one pshufd $19,%xmm0,%xmm2 pxor %xmm0,%xmm0 paddq %xmm1,%xmm1 pand %xmm3,%xmm2 pcmpgtd %xmm1,%xmm0 pxor %xmm2,%xmm1 - je L062xts_dec_two + je L064xts_dec_two pshufd $19,%xmm0,%xmm2 pxor %xmm0,%xmm0 movdqa %xmm1,%xmm6 @@ -1507,7 +1558,7 @@ L058xts_dec_short: pcmpgtd %xmm1,%xmm0 pxor %xmm2,%xmm1 cmpl $64,%eax - jb L063xts_dec_three + jb L065xts_dec_three pshufd $19,%xmm0,%xmm2 pxor %xmm0,%xmm0 movdqa %xmm1,%xmm7 @@ -1517,7 +1568,7 @@ L058xts_dec_short: pxor %xmm2,%xmm1 movdqa %xmm5,(%esp) movdqa %xmm6,16(%esp) - je L064xts_dec_four + je L066xts_dec_four movdqa %xmm7,32(%esp) pshufd $19,%xmm0,%xmm7 movdqa %xmm1,48(%esp) @@ -1549,9 +1600,9 @@ L058xts_dec_short: movups %xmm5,48(%edi) movups %xmm6,64(%edi) leal 80(%edi),%edi - jmp L065xts_dec_done + jmp L067xts_dec_done .align 4,0x90 -L061xts_dec_one: +L063xts_dec_one: movups (%esi),%xmm2 leal 16(%esi),%esi xorps %xmm5,%xmm2 @@ -1559,20 +1610,20 @@ L061xts_dec_one: movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -L066dec1_loop_12: +L068dec1_loop_12: .byte 102,15,56,222,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz L066dec1_loop_12 + jnz L068dec1_loop_12 .byte 102,15,56,223,209 xorps %xmm5,%xmm2 movups %xmm2,(%edi) leal 16(%edi),%edi movdqa %xmm5,%xmm1 - jmp L065xts_dec_done + jmp L067xts_dec_done .align 4,0x90 -L062xts_dec_two: +L064xts_dec_two: movaps %xmm1,%xmm6 movups (%esi),%xmm2 movups 16(%esi),%xmm3 @@ -1586,9 +1637,9 @@ L062xts_dec_two: movups %xmm3,16(%edi) leal 32(%edi),%edi movdqa %xmm6,%xmm1 - jmp L065xts_dec_done + jmp L067xts_dec_done .align 4,0x90 -L063xts_dec_three: +L065xts_dec_three: movaps %xmm1,%xmm7 movups (%esi),%xmm2 movups 16(%esi),%xmm3 @@ -1606,9 +1657,9 @@ L063xts_dec_three: movups %xmm4,32(%edi) leal 48(%edi),%edi movdqa %xmm7,%xmm1 - jmp L065xts_dec_done + jmp L067xts_dec_done .align 4,0x90 -L064xts_dec_four: +L066xts_dec_four: movaps %xmm1,%xmm6 movups (%esi),%xmm2 movups 16(%esi),%xmm3 @@ -1630,20 +1681,20 @@ L064xts_dec_four: movups %xmm5,48(%edi) leal 64(%edi),%edi movdqa %xmm6,%xmm1 - jmp L065xts_dec_done + jmp L067xts_dec_done .align 4,0x90 -L060xts_dec_done6x: +L062xts_dec_done6x: movl 112(%esp),%eax andl $15,%eax - jz L067xts_dec_ret + jz L069xts_dec_ret movl %eax,112(%esp) - jmp L068xts_dec_only_one_more + jmp L070xts_dec_only_one_more .align 4,0x90 -L065xts_dec_done: +L067xts_dec_done: movl 112(%esp),%eax pxor %xmm0,%xmm0 andl $15,%eax - jz L067xts_dec_ret + jz L069xts_dec_ret pcmpgtd %xmm1,%xmm0 movl %eax,112(%esp) pshufd $19,%xmm0,%xmm2 @@ -1653,7 +1704,7 @@ L065xts_dec_done: pand %xmm3,%xmm2 pcmpgtd %xmm1,%xmm0 pxor %xmm2,%xmm1 -L068xts_dec_only_one_more: +L070xts_dec_only_one_more: pshufd $19,%xmm0,%xmm5 movdqa %xmm1,%xmm6 paddq %xmm1,%xmm1 @@ -1667,16 +1718,16 @@ L068xts_dec_only_one_more: movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -L069dec1_loop_13: +L071dec1_loop_13: .byte 102,15,56,222,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz L069dec1_loop_13 + jnz L071dec1_loop_13 .byte 102,15,56,223,209 xorps %xmm5,%xmm2 movups %xmm2,(%edi) -L070xts_dec_steal: +L072xts_dec_steal: movzbl 16(%esi),%ecx movzbl (%edi),%edx leal 1(%esi),%esi @@ -1684,7 +1735,7 @@ L070xts_dec_steal: movb %dl,16(%edi) leal 1(%edi),%edi subl $1,%eax - jnz L070xts_dec_steal + jnz L072xts_dec_steal subl 112(%esp),%edi movl %ebp,%edx movl %ebx,%ecx @@ -1694,16 +1745,30 @@ L070xts_dec_steal: movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -L071dec1_loop_14: +L073dec1_loop_14: .byte 102,15,56,222,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz L071dec1_loop_14 + jnz L073dec1_loop_14 .byte 102,15,56,223,209 xorps %xmm6,%xmm2 movups %xmm2,(%edi) -L067xts_dec_ret: +L069xts_dec_ret: + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + movdqa %xmm0,(%esp) + pxor %xmm3,%xmm3 + movdqa %xmm0,16(%esp) + pxor %xmm4,%xmm4 + movdqa %xmm0,32(%esp) + pxor %xmm5,%xmm5 + movdqa %xmm0,48(%esp) + pxor %xmm6,%xmm6 + movdqa %xmm0,64(%esp) + pxor %xmm7,%xmm7 + movdqa %xmm0,80(%esp) movl 116(%esp),%esp popl %edi popl %esi @@ -1728,7 +1793,7 @@ L_aesni_cbc_encrypt_begin: movl 32(%esp),%edx movl 36(%esp),%ebp testl %eax,%eax - jz L072cbc_abort + jz L074cbc_abort cmpl $0,40(%esp) xchgl %esp,%ebx movups (%ebp),%xmm7 @@ -1736,14 +1801,14 @@ L_aesni_cbc_encrypt_begin: movl %edx,%ebp movl %ebx,16(%esp) movl %ecx,%ebx - je L073cbc_decrypt + je L075cbc_decrypt movaps %xmm7,%xmm2 cmpl $16,%eax - jb L074cbc_enc_tail + jb L076cbc_enc_tail subl $16,%eax - jmp L075cbc_enc_loop + jmp L077cbc_enc_loop .align 4,0x90 -L075cbc_enc_loop: +L077cbc_enc_loop: movups (%esi),%xmm7 leal 16(%esi),%esi movups (%edx),%xmm0 @@ -1751,24 +1816,25 @@ L075cbc_enc_loop: xorps %xmm0,%xmm7 leal 32(%edx),%edx xorps %xmm7,%xmm2 -L076enc1_loop_15: +L078enc1_loop_15: .byte 102,15,56,220,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz L076enc1_loop_15 + jnz L078enc1_loop_15 .byte 102,15,56,221,209 movl %ebx,%ecx movl %ebp,%edx movups %xmm2,(%edi) leal 16(%edi),%edi subl $16,%eax - jnc L075cbc_enc_loop + jnc L077cbc_enc_loop addl $16,%eax - jnz L074cbc_enc_tail + jnz L076cbc_enc_tail movaps %xmm2,%xmm7 - jmp L077cbc_ret -L074cbc_enc_tail: + pxor %xmm2,%xmm2 + jmp L079cbc_ret +L076cbc_enc_tail: movl %eax,%ecx .long 2767451785 movl $16,%ecx @@ -1779,20 +1845,20 @@ L074cbc_enc_tail: movl %ebx,%ecx movl %edi,%esi movl %ebp,%edx - jmp L075cbc_enc_loop + jmp L077cbc_enc_loop .align 4,0x90 -L073cbc_decrypt: +L075cbc_decrypt: cmpl $80,%eax - jbe L078cbc_dec_tail + jbe L080cbc_dec_tail movaps %xmm7,(%esp) subl $80,%eax - jmp L079cbc_dec_loop6_enter + jmp L081cbc_dec_loop6_enter .align 4,0x90 -L080cbc_dec_loop6: +L082cbc_dec_loop6: movaps %xmm0,(%esp) movups %xmm7,(%edi) leal 16(%edi),%edi -L079cbc_dec_loop6_enter: +L081cbc_dec_loop6_enter: movdqu (%esi),%xmm2 movdqu 16(%esi),%xmm3 movdqu 32(%esi),%xmm4 @@ -1822,28 +1888,28 @@ L079cbc_dec_loop6_enter: movups %xmm6,64(%edi) leal 80(%edi),%edi subl $96,%eax - ja L080cbc_dec_loop6 + ja L082cbc_dec_loop6 movaps %xmm7,%xmm2 movaps %xmm0,%xmm7 addl $80,%eax - jle L081cbc_dec_tail_collected + jle L083cbc_dec_clear_tail_collected movups %xmm2,(%edi) leal 16(%edi),%edi -L078cbc_dec_tail: +L080cbc_dec_tail: movups (%esi),%xmm2 movaps %xmm2,%xmm6 cmpl $16,%eax - jbe L082cbc_dec_one + jbe L084cbc_dec_one movups 16(%esi),%xmm3 movaps %xmm3,%xmm5 cmpl $32,%eax - jbe L083cbc_dec_two + jbe L085cbc_dec_two movups 32(%esi),%xmm4 cmpl $48,%eax - jbe L084cbc_dec_three + jbe L086cbc_dec_three movups 48(%esi),%xmm5 cmpl $64,%eax - jbe L085cbc_dec_four + jbe L087cbc_dec_four movups 64(%esi),%xmm6 movaps %xmm7,(%esp) movups (%esi),%xmm2 @@ -1861,55 +1927,62 @@ L078cbc_dec_tail: xorps %xmm0,%xmm6 movups %xmm2,(%edi) movups %xmm3,16(%edi) + pxor %xmm3,%xmm3 movups %xmm4,32(%edi) + pxor %xmm4,%xmm4 movups %xmm5,48(%edi) + pxor %xmm5,%xmm5 leal 64(%edi),%edi movaps %xmm6,%xmm2 + pxor %xmm6,%xmm6 subl $80,%eax - jmp L081cbc_dec_tail_collected + jmp L088cbc_dec_tail_collected .align 4,0x90 -L082cbc_dec_one: +L084cbc_dec_one: movups (%edx),%xmm0 movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -L086dec1_loop_16: +L089dec1_loop_16: .byte 102,15,56,222,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz L086dec1_loop_16 + jnz L089dec1_loop_16 .byte 102,15,56,223,209 xorps %xmm7,%xmm2 movaps %xmm6,%xmm7 subl $16,%eax - jmp L081cbc_dec_tail_collected + jmp L088cbc_dec_tail_collected .align 4,0x90 -L083cbc_dec_two: +L085cbc_dec_two: call __aesni_decrypt2 xorps %xmm7,%xmm2 xorps %xmm6,%xmm3 movups %xmm2,(%edi) movaps %xmm3,%xmm2 + pxor %xmm3,%xmm3 leal 16(%edi),%edi movaps %xmm5,%xmm7 subl $32,%eax - jmp L081cbc_dec_tail_collected + jmp L088cbc_dec_tail_collected .align 4,0x90 -L084cbc_dec_three: +L086cbc_dec_three: call __aesni_decrypt3 xorps %xmm7,%xmm2 xorps %xmm6,%xmm3 xorps %xmm5,%xmm4 movups %xmm2,(%edi) movaps %xmm4,%xmm2 + pxor %xmm4,%xmm4 movups %xmm3,16(%edi) + pxor %xmm3,%xmm3 leal 32(%edi),%edi movups 32(%esi),%xmm7 subl $48,%eax - jmp L081cbc_dec_tail_collected + jmp L088cbc_dec_tail_collected .align 4,0x90 -L085cbc_dec_four: +L087cbc_dec_four: call __aesni_decrypt4 movups 16(%esi),%xmm1 movups 32(%esi),%xmm0 @@ -1919,28 +1992,44 @@ L085cbc_dec_four: movups %xmm2,(%edi) xorps %xmm1,%xmm4 movups %xmm3,16(%edi) + pxor %xmm3,%xmm3 xorps %xmm0,%xmm5 movups %xmm4,32(%edi) + pxor %xmm4,%xmm4 leal 48(%edi),%edi movaps %xmm5,%xmm2 + pxor %xmm5,%xmm5 subl $64,%eax -L081cbc_dec_tail_collected: + jmp L088cbc_dec_tail_collected +.align 4,0x90 +L083cbc_dec_clear_tail_collected: + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 + pxor %xmm6,%xmm6 +L088cbc_dec_tail_collected: andl $15,%eax - jnz L087cbc_dec_tail_partial + jnz L090cbc_dec_tail_partial movups %xmm2,(%edi) - jmp L077cbc_ret + pxor %xmm0,%xmm0 + jmp L079cbc_ret .align 4,0x90 -L087cbc_dec_tail_partial: +L090cbc_dec_tail_partial: movaps %xmm2,(%esp) + pxor %xmm0,%xmm0 movl $16,%ecx movl %esp,%esi subl %eax,%ecx .long 2767451785 -L077cbc_ret: + movdqa %xmm2,(%esp) +L079cbc_ret: movl 16(%esp),%esp movl 36(%esp),%ebp + pxor %xmm2,%xmm2 + pxor %xmm1,%xmm1 movups %xmm7,(%ebp) -L072cbc_abort: + pxor %xmm7,%xmm7 +L074cbc_abort: popl %edi popl %esi popl %ebx @@ -1949,52 +2038,62 @@ L072cbc_abort: .private_extern __aesni_set_encrypt_key .align 4 __aesni_set_encrypt_key: + pushl %ebp + pushl %ebx testl %eax,%eax - jz L088bad_pointer + jz L091bad_pointer testl %edx,%edx - jz L088bad_pointer + jz L091bad_pointer + call L092pic +L092pic: + popl %ebx + leal Lkey_const-L092pic(%ebx),%ebx + movl L_OPENSSL_ia32cap_P$non_lazy_ptr-Lkey_const(%ebx),%ebp movups (%eax),%xmm0 xorps %xmm4,%xmm4 + movl 4(%ebp),%ebp leal 16(%edx),%edx + andl $268437504,%ebp cmpl $256,%ecx - je L08914rounds + je L09314rounds cmpl $192,%ecx - je L09012rounds + je L09412rounds cmpl $128,%ecx - jne L091bad_keybits + jne L095bad_keybits .align 4,0x90 -L09210rounds: +L09610rounds: + cmpl $268435456,%ebp + je L09710rounds_alt movl $9,%ecx movups %xmm0,-16(%edx) .byte 102,15,58,223,200,1 - call L093key_128_cold + call L098key_128_cold .byte 102,15,58,223,200,2 - call L094key_128 + call L099key_128 .byte 102,15,58,223,200,4 - call L094key_128 + call L099key_128 .byte 102,15,58,223,200,8 - call L094key_128 + call L099key_128 .byte 102,15,58,223,200,16 - call L094key_128 + call L099key_128 .byte 102,15,58,223,200,32 - call L094key_128 + call L099key_128 .byte 102,15,58,223,200,64 - call L094key_128 + call L099key_128 .byte 102,15,58,223,200,128 - call L094key_128 + call L099key_128 .byte 102,15,58,223,200,27 - call L094key_128 + call L099key_128 .byte 102,15,58,223,200,54 - call L094key_128 + call L099key_128 movups %xmm0,(%edx) movl %ecx,80(%edx) - xorl %eax,%eax - ret + jmp L100good_key .align 4,0x90 -L094key_128: +L099key_128: movups %xmm0,(%edx) leal 16(%edx),%edx -L093key_128_cold: +L098key_128_cold: shufps $16,%xmm0,%xmm4 xorps %xmm4,%xmm0 shufps $140,%xmm0,%xmm4 @@ -2003,38 +2102,91 @@ L093key_128_cold: xorps %xmm1,%xmm0 ret .align 4,0x90 -L09012rounds: +L09710rounds_alt: + movdqa (%ebx),%xmm5 + movl $8,%ecx + movdqa 32(%ebx),%xmm4 + movdqa %xmm0,%xmm2 + movdqu %xmm0,-16(%edx) +L101loop_key128: +.byte 102,15,56,0,197 +.byte 102,15,56,221,196 + pslld $1,%xmm4 + leal 16(%edx),%edx + movdqa %xmm2,%xmm3 + pslldq $4,%xmm2 + pxor %xmm2,%xmm3 + pslldq $4,%xmm2 + pxor %xmm2,%xmm3 + pslldq $4,%xmm2 + pxor %xmm3,%xmm2 + pxor %xmm2,%xmm0 + movdqu %xmm0,-16(%edx) + movdqa %xmm0,%xmm2 + decl %ecx + jnz L101loop_key128 + movdqa 48(%ebx),%xmm4 +.byte 102,15,56,0,197 +.byte 102,15,56,221,196 + pslld $1,%xmm4 + movdqa %xmm2,%xmm3 + pslldq $4,%xmm2 + pxor %xmm2,%xmm3 + pslldq $4,%xmm2 + pxor %xmm2,%xmm3 + pslldq $4,%xmm2 + pxor %xmm3,%xmm2 + pxor %xmm2,%xmm0 + movdqu %xmm0,(%edx) + movdqa %xmm0,%xmm2 +.byte 102,15,56,0,197 +.byte 102,15,56,221,196 + movdqa %xmm2,%xmm3 + pslldq $4,%xmm2 + pxor %xmm2,%xmm3 + pslldq $4,%xmm2 + pxor %xmm2,%xmm3 + pslldq $4,%xmm2 + pxor %xmm3,%xmm2 + pxor %xmm2,%xmm0 + movdqu %xmm0,16(%edx) + movl $9,%ecx + movl %ecx,96(%edx) + jmp L100good_key +.align 4,0x90 +L09412rounds: movq 16(%eax),%xmm2 + cmpl $268435456,%ebp + je L10212rounds_alt movl $11,%ecx movups %xmm0,-16(%edx) .byte 102,15,58,223,202,1 - call L095key_192a_cold + call L103key_192a_cold .byte 102,15,58,223,202,2 - call L096key_192b + call L104key_192b .byte 102,15,58,223,202,4 - call L097key_192a + call L105key_192a .byte 102,15,58,223,202,8 - call L096key_192b + call L104key_192b .byte 102,15,58,223,202,16 - call L097key_192a + call L105key_192a .byte 102,15,58,223,202,32 - call L096key_192b + call L104key_192b .byte 102,15,58,223,202,64 - call L097key_192a + call L105key_192a .byte 102,15,58,223,202,128 - call L096key_192b + call L104key_192b movups %xmm0,(%edx) movl %ecx,48(%edx) - xorl %eax,%eax - ret + jmp L100good_key .align 4,0x90 -L097key_192a: +L105key_192a: movups %xmm0,(%edx) leal 16(%edx),%edx .align 4,0x90 -L095key_192a_cold: +L103key_192a_cold: movaps %xmm2,%xmm5 -L098key_192b_warm: +L106key_192b_warm: shufps $16,%xmm0,%xmm4 movdqa %xmm2,%xmm3 xorps %xmm4,%xmm0 @@ -2048,56 +2200,90 @@ L098key_192b_warm: pxor %xmm3,%xmm2 ret .align 4,0x90 -L096key_192b: +L104key_192b: movaps %xmm0,%xmm3 shufps $68,%xmm0,%xmm5 movups %xmm5,(%edx) shufps $78,%xmm2,%xmm3 movups %xmm3,16(%edx) leal 32(%edx),%edx - jmp L098key_192b_warm + jmp L106key_192b_warm .align 4,0x90 -L08914rounds: +L10212rounds_alt: + movdqa 16(%ebx),%xmm5 + movdqa 32(%ebx),%xmm4 + movl $8,%ecx + movdqu %xmm0,-16(%edx) +L107loop_key192: + movq %xmm2,(%edx) + movdqa %xmm2,%xmm1 +.byte 102,15,56,0,213 +.byte 102,15,56,221,212 + pslld $1,%xmm4 + leal 24(%edx),%edx + movdqa %xmm0,%xmm3 + pslldq $4,%xmm0 + pxor %xmm0,%xmm3 + pslldq $4,%xmm0 + pxor %xmm0,%xmm3 + pslldq $4,%xmm0 + pxor %xmm3,%xmm0 + pshufd $255,%xmm0,%xmm3 + pxor %xmm1,%xmm3 + pslldq $4,%xmm1 + pxor %xmm1,%xmm3 + pxor %xmm2,%xmm0 + pxor %xmm3,%xmm2 + movdqu %xmm0,-16(%edx) + decl %ecx + jnz L107loop_key192 + movl $11,%ecx + movl %ecx,32(%edx) + jmp L100good_key +.align 4,0x90 +L09314rounds: movups 16(%eax),%xmm2 - movl $13,%ecx leal 16(%edx),%edx + cmpl $268435456,%ebp + je L10814rounds_alt + movl $13,%ecx movups %xmm0,-32(%edx) movups %xmm2,-16(%edx) .byte 102,15,58,223,202,1 - call L099key_256a_cold + call L109key_256a_cold .byte 102,15,58,223,200,1 - call L100key_256b + call L110key_256b .byte 102,15,58,223,202,2 - call L101key_256a + call L111key_256a .byte 102,15,58,223,200,2 - call L100key_256b + call L110key_256b .byte 102,15,58,223,202,4 - call L101key_256a + call L111key_256a .byte 102,15,58,223,200,4 - call L100key_256b + call L110key_256b .byte 102,15,58,223,202,8 - call L101key_256a + call L111key_256a .byte 102,15,58,223,200,8 - call L100key_256b + call L110key_256b .byte 102,15,58,223,202,16 - call L101key_256a + call L111key_256a .byte 102,15,58,223,200,16 - call L100key_256b + call L110key_256b .byte 102,15,58,223,202,32 - call L101key_256a + call L111key_256a .byte 102,15,58,223,200,32 - call L100key_256b + call L110key_256b .byte 102,15,58,223,202,64 - call L101key_256a + call L111key_256a movups %xmm0,(%edx) movl %ecx,16(%edx) xorl %eax,%eax - ret + jmp L100good_key .align 4,0x90 -L101key_256a: +L111key_256a: movups %xmm2,(%edx) leal 16(%edx),%edx -L099key_256a_cold: +L109key_256a_cold: shufps $16,%xmm0,%xmm4 xorps %xmm4,%xmm0 shufps $140,%xmm0,%xmm4 @@ -2106,7 +2292,7 @@ L099key_256a_cold: xorps %xmm1,%xmm0 ret .align 4,0x90 -L100key_256b: +L110key_256b: movups %xmm0,(%edx) leal 16(%edx),%edx shufps $16,%xmm2,%xmm4 @@ -2116,13 +2302,70 @@ L100key_256b: shufps $170,%xmm1,%xmm1 xorps %xmm1,%xmm2 ret +.align 4,0x90 +L10814rounds_alt: + movdqa (%ebx),%xmm5 + movdqa 32(%ebx),%xmm4 + movl $7,%ecx + movdqu %xmm0,-32(%edx) + movdqa %xmm2,%xmm1 + movdqu %xmm2,-16(%edx) +L112loop_key256: +.byte 102,15,56,0,213 +.byte 102,15,56,221,212 + movdqa %xmm0,%xmm3 + pslldq $4,%xmm0 + pxor %xmm0,%xmm3 + pslldq $4,%xmm0 + pxor %xmm0,%xmm3 + pslldq $4,%xmm0 + pxor %xmm3,%xmm0 + pslld $1,%xmm4 + pxor %xmm2,%xmm0 + movdqu %xmm0,(%edx) + decl %ecx + jz L113done_key256 + pshufd $255,%xmm0,%xmm2 + pxor %xmm3,%xmm3 +.byte 102,15,56,221,211 + movdqa %xmm1,%xmm3 + pslldq $4,%xmm1 + pxor %xmm1,%xmm3 + pslldq $4,%xmm1 + pxor %xmm1,%xmm3 + pslldq $4,%xmm1 + pxor %xmm3,%xmm1 + pxor %xmm1,%xmm2 + movdqu %xmm2,16(%edx) + leal 32(%edx),%edx + movdqa %xmm2,%xmm1 + jmp L112loop_key256 +L113done_key256: + movl $13,%ecx + movl %ecx,16(%edx) +L100good_key: + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 + xorl %eax,%eax + popl %ebx + popl %ebp + ret .align 2,0x90 -L088bad_pointer: +L091bad_pointer: movl $-1,%eax + popl %ebx + popl %ebp ret .align 2,0x90 -L091bad_keybits: +L095bad_keybits: + pxor %xmm0,%xmm0 movl $-2,%eax + popl %ebx + popl %ebp ret .globl _aesni_set_encrypt_key .private_extern _aesni_set_encrypt_key @@ -2146,7 +2389,7 @@ L_aesni_set_decrypt_key_begin: movl 12(%esp),%edx shll $4,%ecx testl %eax,%eax - jnz L102dec_key_ret + jnz L114dec_key_ret leal 16(%edx,%ecx,1),%eax movups (%edx),%xmm0 movups (%eax),%xmm1 @@ -2154,7 +2397,7 @@ L_aesni_set_decrypt_key_begin: movups %xmm1,(%edx) leal 16(%edx),%edx leal -16(%eax),%eax -L103dec_key_inverse: +L115dec_key_inverse: movups (%edx),%xmm0 movups (%eax),%xmm1 .byte 102,15,56,219,192 @@ -2164,15 +2407,27 @@ L103dec_key_inverse: movups %xmm0,16(%eax) movups %xmm1,-16(%edx) cmpl %edx,%eax - ja L103dec_key_inverse + ja L115dec_key_inverse movups (%edx),%xmm0 .byte 102,15,56,219,192 movups %xmm0,(%edx) + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 xorl %eax,%eax -L102dec_key_ret: +L114dec_key_ret: ret +.align 6,0x90 +Lkey_const: +.long 202313229,202313229,202313229,202313229 +.long 67569157,67569157,67569157,67569157 +.long 1,1,1,1 +.long 27,27,27,27 .byte 65,69,83,32,102,111,114,32,73,110,116,101,108,32,65,69 .byte 83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83 .byte 32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115 .byte 115,108,46,111,114,103,62,0 +.section __IMPORT,__pointers,non_lazy_symbol_pointers +L_OPENSSL_ia32cap_P$non_lazy_ptr: +.indirect_symbol _OPENSSL_ia32cap_P +.long 0 #endif diff --git a/mac-x86/crypto/bn/bn-586.S b/mac-x86/crypto/bn/bn-586.S index 34cf56f..0f0a94e 100644 --- a/mac-x86/crypto/bn/bn-586.S +++ b/mac-x86/crypto/bn/bn-586.S @@ -6,6 +6,102 @@ .align 4 _bn_mul_add_words: L_bn_mul_add_words_begin: + call L000PIC_me_up +L000PIC_me_up: + popl %eax + movl L_OPENSSL_ia32cap_P$non_lazy_ptr-L000PIC_me_up(%eax),%eax + btl $26,(%eax) + jnc L001maw_non_sse2 + movl 4(%esp),%eax + movl 8(%esp),%edx + movl 12(%esp),%ecx + movd 16(%esp),%mm0 + pxor %mm1,%mm1 + jmp L002maw_sse2_entry +.align 4,0x90 +L003maw_sse2_unrolled: + movd (%eax),%mm3 + paddq %mm3,%mm1 + movd (%edx),%mm2 + pmuludq %mm0,%mm2 + movd 4(%edx),%mm4 + pmuludq %mm0,%mm4 + movd 8(%edx),%mm6 + pmuludq %mm0,%mm6 + movd 12(%edx),%mm7 + pmuludq %mm0,%mm7 + paddq %mm2,%mm1 + movd 4(%eax),%mm3 + paddq %mm4,%mm3 + movd 8(%eax),%mm5 + paddq %mm6,%mm5 + movd 12(%eax),%mm4 + paddq %mm4,%mm7 + movd %mm1,(%eax) + movd 16(%edx),%mm2 + pmuludq %mm0,%mm2 + psrlq $32,%mm1 + movd 20(%edx),%mm4 + pmuludq %mm0,%mm4 + paddq %mm3,%mm1 + movd 24(%edx),%mm6 + pmuludq %mm0,%mm6 + movd %mm1,4(%eax) + psrlq $32,%mm1 + movd 28(%edx),%mm3 + addl $32,%edx + pmuludq %mm0,%mm3 + paddq %mm5,%mm1 + movd 16(%eax),%mm5 + paddq %mm5,%mm2 + movd %mm1,8(%eax) + psrlq $32,%mm1 + paddq %mm7,%mm1 + movd 20(%eax),%mm5 + paddq %mm5,%mm4 + movd %mm1,12(%eax) + psrlq $32,%mm1 + paddq %mm2,%mm1 + movd 24(%eax),%mm5 + paddq %mm5,%mm6 + movd %mm1,16(%eax) + psrlq $32,%mm1 + paddq %mm4,%mm1 + movd 28(%eax),%mm5 + paddq %mm5,%mm3 + movd %mm1,20(%eax) + psrlq $32,%mm1 + paddq %mm6,%mm1 + movd %mm1,24(%eax) + psrlq $32,%mm1 + paddq %mm3,%mm1 + movd %mm1,28(%eax) + leal 32(%eax),%eax + psrlq $32,%mm1 + subl $8,%ecx + jz L004maw_sse2_exit +L002maw_sse2_entry: + testl $4294967288,%ecx + jnz L003maw_sse2_unrolled +.align 2,0x90 +L005maw_sse2_loop: + movd (%edx),%mm2 + movd (%eax),%mm3 + pmuludq %mm0,%mm2 + leal 4(%edx),%edx + paddq %mm3,%mm1 + paddq %mm2,%mm1 + movd %mm1,(%eax) + subl $1,%ecx + psrlq $32,%mm1 + leal 4(%eax),%eax + jnz L005maw_sse2_loop +L004maw_sse2_exit: + movd %mm1,%eax + emms + ret +.align 4,0x90 +L001maw_non_sse2: pushl %ebp pushl %ebx pushl %esi @@ -18,9 +114,9 @@ L_bn_mul_add_words_begin: andl $4294967288,%ecx movl 32(%esp),%ebp pushl %ecx - jz L000maw_finish + jz L006maw_finish .align 4,0x90 -L001maw_loop: +L007maw_loop: # Round 0 movl (%ebx),%eax mull %ebp @@ -97,13 +193,13 @@ L001maw_loop: subl $8,%ecx leal 32(%ebx),%ebx leal 32(%edi),%edi - jnz L001maw_loop -L000maw_finish: + jnz L007maw_loop +L006maw_finish: movl 32(%esp),%ecx andl $7,%ecx - jnz L002maw_finish2 - jmp L003maw_end -L002maw_finish2: + jnz L008maw_finish2 + jmp L009maw_end +L008maw_finish2: # Tail Round 0 movl (%ebx),%eax mull %ebp @@ -114,7 +210,7 @@ L002maw_finish2: decl %ecx movl %eax,(%edi) movl %edx,%esi - jz L003maw_end + jz L009maw_end # Tail Round 1 movl 4(%ebx),%eax mull %ebp @@ -125,7 +221,7 @@ L002maw_finish2: decl %ecx movl %eax,4(%edi) movl %edx,%esi - jz L003maw_end + jz L009maw_end # Tail Round 2 movl 8(%ebx),%eax mull %ebp @@ -136,7 +232,7 @@ L002maw_finish2: decl %ecx movl %eax,8(%edi) movl %edx,%esi - jz L003maw_end + jz L009maw_end # Tail Round 3 movl 12(%ebx),%eax mull %ebp @@ -147,7 +243,7 @@ L002maw_finish2: decl %ecx movl %eax,12(%edi) movl %edx,%esi - jz L003maw_end + jz L009maw_end # Tail Round 4 movl 16(%ebx),%eax mull %ebp @@ -158,7 +254,7 @@ L002maw_finish2: decl %ecx movl %eax,16(%edi) movl %edx,%esi - jz L003maw_end + jz L009maw_end # Tail Round 5 movl 20(%ebx),%eax mull %ebp @@ -169,7 +265,7 @@ L002maw_finish2: decl %ecx movl %eax,20(%edi) movl %edx,%esi - jz L003maw_end + jz L009maw_end # Tail Round 6 movl 24(%ebx),%eax mull %ebp @@ -179,7 +275,7 @@ L002maw_finish2: adcl $0,%edx movl %eax,24(%edi) movl %edx,%esi -L003maw_end: +L009maw_end: movl %esi,%eax popl %ecx popl %edi @@ -192,6 +288,33 @@ L003maw_end: .align 4 _bn_mul_words: L_bn_mul_words_begin: + call L010PIC_me_up +L010PIC_me_up: + popl %eax + movl L_OPENSSL_ia32cap_P$non_lazy_ptr-L010PIC_me_up(%eax),%eax + btl $26,(%eax) + jnc L011mw_non_sse2 + movl 4(%esp),%eax + movl 8(%esp),%edx + movl 12(%esp),%ecx + movd 16(%esp),%mm0 + pxor %mm1,%mm1 +.align 4,0x90 +L012mw_sse2_loop: + movd (%edx),%mm2 + pmuludq %mm0,%mm2 + leal 4(%edx),%edx + paddq %mm2,%mm1 + movd %mm1,(%eax) + subl $1,%ecx + psrlq $32,%mm1 + leal 4(%eax),%eax + jnz L012mw_sse2_loop + movd %mm1,%eax + emms + ret +.align 4,0x90 +L011mw_non_sse2: pushl %ebp pushl %ebx pushl %esi @@ -203,8 +326,8 @@ L_bn_mul_words_begin: movl 28(%esp),%ebp movl 32(%esp),%ecx andl $4294967288,%ebp - jz L004mw_finish -L005mw_loop: + jz L013mw_finish +L014mw_loop: # Round 0 movl (%ebx),%eax mull %ecx @@ -265,14 +388,14 @@ L005mw_loop: addl $32,%ebx addl $32,%edi subl $8,%ebp - jz L004mw_finish - jmp L005mw_loop -L004mw_finish: + jz L013mw_finish + jmp L014mw_loop +L013mw_finish: movl 28(%esp),%ebp andl $7,%ebp - jnz L006mw_finish2 - jmp L007mw_end -L006mw_finish2: + jnz L015mw_finish2 + jmp L016mw_end +L015mw_finish2: # Tail Round 0 movl (%ebx),%eax mull %ecx @@ -281,7 +404,7 @@ L006mw_finish2: movl %eax,(%edi) movl %edx,%esi decl %ebp - jz L007mw_end + jz L016mw_end # Tail Round 1 movl 4(%ebx),%eax mull %ecx @@ -290,7 +413,7 @@ L006mw_finish2: movl %eax,4(%edi) movl %edx,%esi decl %ebp - jz L007mw_end + jz L016mw_end # Tail Round 2 movl 8(%ebx),%eax mull %ecx @@ -299,7 +422,7 @@ L006mw_finish2: movl %eax,8(%edi) movl %edx,%esi decl %ebp - jz L007mw_end + jz L016mw_end # Tail Round 3 movl 12(%ebx),%eax mull %ecx @@ -308,7 +431,7 @@ L006mw_finish2: movl %eax,12(%edi) movl %edx,%esi decl %ebp - jz L007mw_end + jz L016mw_end # Tail Round 4 movl 16(%ebx),%eax mull %ecx @@ -317,7 +440,7 @@ L006mw_finish2: movl %eax,16(%edi) movl %edx,%esi decl %ebp - jz L007mw_end + jz L016mw_end # Tail Round 5 movl 20(%ebx),%eax mull %ecx @@ -326,7 +449,7 @@ L006mw_finish2: movl %eax,20(%edi) movl %edx,%esi decl %ebp - jz L007mw_end + jz L016mw_end # Tail Round 6 movl 24(%ebx),%eax mull %ecx @@ -334,7 +457,7 @@ L006mw_finish2: adcl $0,%edx movl %eax,24(%edi) movl %edx,%esi -L007mw_end: +L016mw_end: movl %esi,%eax popl %edi popl %esi @@ -346,6 +469,28 @@ L007mw_end: .align 4 _bn_sqr_words: L_bn_sqr_words_begin: + call L017PIC_me_up +L017PIC_me_up: + popl %eax + movl L_OPENSSL_ia32cap_P$non_lazy_ptr-L017PIC_me_up(%eax),%eax + btl $26,(%eax) + jnc L018sqr_non_sse2 + movl 4(%esp),%eax + movl 8(%esp),%edx + movl 12(%esp),%ecx +.align 4,0x90 +L019sqr_sse2_loop: + movd (%edx),%mm0 + pmuludq %mm0,%mm0 + leal 4(%edx),%edx + movq %mm0,(%eax) + subl $1,%ecx + leal 8(%eax),%eax + jnz L019sqr_sse2_loop + emms + ret +.align 4,0x90 +L018sqr_non_sse2: pushl %ebp pushl %ebx pushl %esi @@ -355,8 +500,8 @@ L_bn_sqr_words_begin: movl 24(%esp),%edi movl 28(%esp),%ebx andl $4294967288,%ebx - jz L008sw_finish -L009sw_loop: + jz L020sw_finish +L021sw_loop: # Round 0 movl (%edi),%eax mull %eax @@ -401,59 +546,59 @@ L009sw_loop: addl $32,%edi addl $64,%esi subl $8,%ebx - jnz L009sw_loop -L008sw_finish: + jnz L021sw_loop +L020sw_finish: movl 28(%esp),%ebx andl $7,%ebx - jz L010sw_end + jz L022sw_end # Tail Round 0 movl (%edi),%eax mull %eax movl %eax,(%esi) decl %ebx movl %edx,4(%esi) - jz L010sw_end + jz L022sw_end # Tail Round 1 movl 4(%edi),%eax mull %eax movl %eax,8(%esi) decl %ebx movl %edx,12(%esi) - jz L010sw_end + jz L022sw_end # Tail Round 2 movl 8(%edi),%eax mull %eax movl %eax,16(%esi) decl %ebx movl %edx,20(%esi) - jz L010sw_end + jz L022sw_end # Tail Round 3 movl 12(%edi),%eax mull %eax movl %eax,24(%esi) decl %ebx movl %edx,28(%esi) - jz L010sw_end + jz L022sw_end # Tail Round 4 movl 16(%edi),%eax mull %eax movl %eax,32(%esi) decl %ebx movl %edx,36(%esi) - jz L010sw_end + jz L022sw_end # Tail Round 5 movl 20(%edi),%eax mull %eax movl %eax,40(%esi) decl %ebx movl %edx,44(%esi) - jz L010sw_end + jz L022sw_end # Tail Round 6 movl 24(%edi),%eax mull %eax movl %eax,48(%esi) movl %edx,52(%esi) -L010sw_end: +L022sw_end: popl %edi popl %esi popl %ebx @@ -485,8 +630,8 @@ L_bn_add_words_begin: movl 32(%esp),%ebp xorl %eax,%eax andl $4294967288,%ebp - jz L011aw_finish -L012aw_loop: + jz L023aw_finish +L024aw_loop: # Round 0 movl (%esi),%ecx movl (%edi),%edx @@ -564,11 +709,11 @@ L012aw_loop: addl $32,%edi addl $32,%ebx subl $8,%ebp - jnz L012aw_loop -L011aw_finish: + jnz L024aw_loop +L023aw_finish: movl 32(%esp),%ebp andl $7,%ebp - jz L013aw_end + jz L025aw_end # Tail Round 0 movl (%esi),%ecx movl (%edi),%edx @@ -579,7 +724,7 @@ L011aw_finish: adcl $0,%eax decl %ebp movl %ecx,(%ebx) - jz L013aw_end + jz L025aw_end # Tail Round 1 movl 4(%esi),%ecx movl 4(%edi),%edx @@ -590,7 +735,7 @@ L011aw_finish: adcl $0,%eax decl %ebp movl %ecx,4(%ebx) - jz L013aw_end + jz L025aw_end # Tail Round 2 movl 8(%esi),%ecx movl 8(%edi),%edx @@ -601,7 +746,7 @@ L011aw_finish: adcl $0,%eax decl %ebp movl %ecx,8(%ebx) - jz L013aw_end + jz L025aw_end # Tail Round 3 movl 12(%esi),%ecx movl 12(%edi),%edx @@ -612,7 +757,7 @@ L011aw_finish: adcl $0,%eax decl %ebp movl %ecx,12(%ebx) - jz L013aw_end + jz L025aw_end # Tail Round 4 movl 16(%esi),%ecx movl 16(%edi),%edx @@ -623,7 +768,7 @@ L011aw_finish: adcl $0,%eax decl %ebp movl %ecx,16(%ebx) - jz L013aw_end + jz L025aw_end # Tail Round 5 movl 20(%esi),%ecx movl 20(%edi),%edx @@ -634,7 +779,7 @@ L011aw_finish: adcl $0,%eax decl %ebp movl %ecx,20(%ebx) - jz L013aw_end + jz L025aw_end # Tail Round 6 movl 24(%esi),%ecx movl 24(%edi),%edx @@ -644,7 +789,7 @@ L011aw_finish: addl %edx,%ecx adcl $0,%eax movl %ecx,24(%ebx) -L013aw_end: +L025aw_end: popl %edi popl %esi popl %ebx @@ -666,8 +811,8 @@ L_bn_sub_words_begin: movl 32(%esp),%ebp xorl %eax,%eax andl $4294967288,%ebp - jz L014aw_finish -L015aw_loop: + jz L026aw_finish +L027aw_loop: # Round 0 movl (%esi),%ecx movl (%edi),%edx @@ -745,11 +890,11 @@ L015aw_loop: addl $32,%edi addl $32,%ebx subl $8,%ebp - jnz L015aw_loop -L014aw_finish: + jnz L027aw_loop +L026aw_finish: movl 32(%esp),%ebp andl $7,%ebp - jz L016aw_end + jz L028aw_end # Tail Round 0 movl (%esi),%ecx movl (%edi),%edx @@ -760,7 +905,7 @@ L014aw_finish: adcl $0,%eax decl %ebp movl %ecx,(%ebx) - jz L016aw_end + jz L028aw_end # Tail Round 1 movl 4(%esi),%ecx movl 4(%edi),%edx @@ -771,7 +916,7 @@ L014aw_finish: adcl $0,%eax decl %ebp movl %ecx,4(%ebx) - jz L016aw_end + jz L028aw_end # Tail Round 2 movl 8(%esi),%ecx movl 8(%edi),%edx @@ -782,7 +927,7 @@ L014aw_finish: adcl $0,%eax decl %ebp movl %ecx,8(%ebx) - jz L016aw_end + jz L028aw_end # Tail Round 3 movl 12(%esi),%ecx movl 12(%edi),%edx @@ -793,7 +938,7 @@ L014aw_finish: adcl $0,%eax decl %ebp movl %ecx,12(%ebx) - jz L016aw_end + jz L028aw_end # Tail Round 4 movl 16(%esi),%ecx movl 16(%edi),%edx @@ -804,7 +949,7 @@ L014aw_finish: adcl $0,%eax decl %ebp movl %ecx,16(%ebx) - jz L016aw_end + jz L028aw_end # Tail Round 5 movl 20(%esi),%ecx movl 20(%edi),%edx @@ -815,7 +960,7 @@ L014aw_finish: adcl $0,%eax decl %ebp movl %ecx,20(%ebx) - jz L016aw_end + jz L028aw_end # Tail Round 6 movl 24(%esi),%ecx movl 24(%edi),%edx @@ -825,7 +970,7 @@ L014aw_finish: subl %edx,%ecx adcl $0,%eax movl %ecx,24(%ebx) -L016aw_end: +L028aw_end: popl %edi popl %esi popl %ebx @@ -847,8 +992,8 @@ L_bn_sub_part_words_begin: movl 32(%esp),%ebp xorl %eax,%eax andl $4294967288,%ebp - jz L017aw_finish -L018aw_loop: + jz L029aw_finish +L030aw_loop: # Round 0 movl (%esi),%ecx movl (%edi),%edx @@ -926,11 +1071,11 @@ L018aw_loop: addl $32,%edi addl $32,%ebx subl $8,%ebp - jnz L018aw_loop -L017aw_finish: + jnz L030aw_loop +L029aw_finish: movl 32(%esp),%ebp andl $7,%ebp - jz L019aw_end + jz L031aw_end # Tail Round 0 movl (%esi),%ecx movl (%edi),%edx @@ -944,7 +1089,7 @@ L017aw_finish: addl $4,%edi addl $4,%ebx decl %ebp - jz L019aw_end + jz L031aw_end # Tail Round 1 movl (%esi),%ecx movl (%edi),%edx @@ -958,7 +1103,7 @@ L017aw_finish: addl $4,%edi addl $4,%ebx decl %ebp - jz L019aw_end + jz L031aw_end # Tail Round 2 movl (%esi),%ecx movl (%edi),%edx @@ -972,7 +1117,7 @@ L017aw_finish: addl $4,%edi addl $4,%ebx decl %ebp - jz L019aw_end + jz L031aw_end # Tail Round 3 movl (%esi),%ecx movl (%edi),%edx @@ -986,7 +1131,7 @@ L017aw_finish: addl $4,%edi addl $4,%ebx decl %ebp - jz L019aw_end + jz L031aw_end # Tail Round 4 movl (%esi),%ecx movl (%edi),%edx @@ -1000,7 +1145,7 @@ L017aw_finish: addl $4,%edi addl $4,%ebx decl %ebp - jz L019aw_end + jz L031aw_end # Tail Round 5 movl (%esi),%ecx movl (%edi),%edx @@ -1014,7 +1159,7 @@ L017aw_finish: addl $4,%edi addl $4,%ebx decl %ebp - jz L019aw_end + jz L031aw_end # Tail Round 6 movl (%esi),%ecx movl (%edi),%edx @@ -1027,20 +1172,20 @@ L017aw_finish: addl $4,%esi addl $4,%edi addl $4,%ebx -L019aw_end: +L031aw_end: cmpl $0,36(%esp) - je L020pw_end + je L032pw_end movl 36(%esp),%ebp cmpl $0,%ebp - je L020pw_end - jge L021pw_pos + je L032pw_end + jge L033pw_pos # pw_neg movl $0,%edx subl %ebp,%edx movl %edx,%ebp andl $4294967288,%ebp - jz L022pw_neg_finish -L023pw_neg_loop: + jz L034pw_neg_finish +L035pw_neg_loop: # dl<0 Round 0 movl $0,%ecx movl (%edi),%edx @@ -1117,13 +1262,13 @@ L023pw_neg_loop: addl $32,%edi addl $32,%ebx subl $8,%ebp - jnz L023pw_neg_loop -L022pw_neg_finish: + jnz L035pw_neg_loop +L034pw_neg_finish: movl 36(%esp),%edx movl $0,%ebp subl %edx,%ebp andl $7,%ebp - jz L020pw_end + jz L032pw_end # dl<0 Tail Round 0 movl $0,%ecx movl (%edi),%edx @@ -1134,7 +1279,7 @@ L022pw_neg_finish: adcl $0,%eax decl %ebp movl %ecx,(%ebx) - jz L020pw_end + jz L032pw_end # dl<0 Tail Round 1 movl $0,%ecx movl 4(%edi),%edx @@ -1145,7 +1290,7 @@ L022pw_neg_finish: adcl $0,%eax decl %ebp movl %ecx,4(%ebx) - jz L020pw_end + jz L032pw_end # dl<0 Tail Round 2 movl $0,%ecx movl 8(%edi),%edx @@ -1156,7 +1301,7 @@ L022pw_neg_finish: adcl $0,%eax decl %ebp movl %ecx,8(%ebx) - jz L020pw_end + jz L032pw_end # dl<0 Tail Round 3 movl $0,%ecx movl 12(%edi),%edx @@ -1167,7 +1312,7 @@ L022pw_neg_finish: adcl $0,%eax decl %ebp movl %ecx,12(%ebx) - jz L020pw_end + jz L032pw_end # dl<0 Tail Round 4 movl $0,%ecx movl 16(%edi),%edx @@ -1178,7 +1323,7 @@ L022pw_neg_finish: adcl $0,%eax decl %ebp movl %ecx,16(%ebx) - jz L020pw_end + jz L032pw_end # dl<0 Tail Round 5 movl $0,%ecx movl 20(%edi),%edx @@ -1189,7 +1334,7 @@ L022pw_neg_finish: adcl $0,%eax decl %ebp movl %ecx,20(%ebx) - jz L020pw_end + jz L032pw_end # dl<0 Tail Round 6 movl $0,%ecx movl 24(%edi),%edx @@ -1199,181 +1344,185 @@ L022pw_neg_finish: subl %edx,%ecx adcl $0,%eax movl %ecx,24(%ebx) - jmp L020pw_end -L021pw_pos: + jmp L032pw_end +L033pw_pos: andl $4294967288,%ebp - jz L024pw_pos_finish -L025pw_pos_loop: + jz L036pw_pos_finish +L037pw_pos_loop: # dl>0 Round 0 movl (%esi),%ecx subl %eax,%ecx movl %ecx,(%ebx) - jnc L026pw_nc0 + jnc L038pw_nc0 # dl>0 Round 1 movl 4(%esi),%ecx subl %eax,%ecx movl %ecx,4(%ebx) - jnc L027pw_nc1 + jnc L039pw_nc1 # dl>0 Round 2 movl 8(%esi),%ecx subl %eax,%ecx movl %ecx,8(%ebx) - jnc L028pw_nc2 + jnc L040pw_nc2 # dl>0 Round 3 movl 12(%esi),%ecx subl %eax,%ecx movl %ecx,12(%ebx) - jnc L029pw_nc3 + jnc L041pw_nc3 # dl>0 Round 4 movl 16(%esi),%ecx subl %eax,%ecx movl %ecx,16(%ebx) - jnc L030pw_nc4 + jnc L042pw_nc4 # dl>0 Round 5 movl 20(%esi),%ecx subl %eax,%ecx movl %ecx,20(%ebx) - jnc L031pw_nc5 + jnc L043pw_nc5 # dl>0 Round 6 movl 24(%esi),%ecx subl %eax,%ecx movl %ecx,24(%ebx) - jnc L032pw_nc6 + jnc L044pw_nc6 # dl>0 Round 7 movl 28(%esi),%ecx subl %eax,%ecx movl %ecx,28(%ebx) - jnc L033pw_nc7 + jnc L045pw_nc7 addl $32,%esi addl $32,%ebx subl $8,%ebp - jnz L025pw_pos_loop -L024pw_pos_finish: + jnz L037pw_pos_loop +L036pw_pos_finish: movl 36(%esp),%ebp andl $7,%ebp - jz L020pw_end + jz L032pw_end # dl>0 Tail Round 0 movl (%esi),%ecx subl %eax,%ecx movl %ecx,(%ebx) - jnc L034pw_tail_nc0 + jnc L046pw_tail_nc0 decl %ebp - jz L020pw_end + jz L032pw_end # dl>0 Tail Round 1 movl 4(%esi),%ecx subl %eax,%ecx movl %ecx,4(%ebx) - jnc L035pw_tail_nc1 + jnc L047pw_tail_nc1 decl %ebp - jz L020pw_end + jz L032pw_end # dl>0 Tail Round 2 movl 8(%esi),%ecx subl %eax,%ecx movl %ecx,8(%ebx) - jnc L036pw_tail_nc2 + jnc L048pw_tail_nc2 decl %ebp - jz L020pw_end + jz L032pw_end # dl>0 Tail Round 3 movl 12(%esi),%ecx subl %eax,%ecx movl %ecx,12(%ebx) - jnc L037pw_tail_nc3 + jnc L049pw_tail_nc3 decl %ebp - jz L020pw_end + jz L032pw_end # dl>0 Tail Round 4 movl 16(%esi),%ecx subl %eax,%ecx movl %ecx,16(%ebx) - jnc L038pw_tail_nc4 + jnc L050pw_tail_nc4 decl %ebp - jz L020pw_end + jz L032pw_end # dl>0 Tail Round 5 movl 20(%esi),%ecx subl %eax,%ecx movl %ecx,20(%ebx) - jnc L039pw_tail_nc5 + jnc L051pw_tail_nc5 decl %ebp - jz L020pw_end + jz L032pw_end # dl>0 Tail Round 6 movl 24(%esi),%ecx subl %eax,%ecx movl %ecx,24(%ebx) - jnc L040pw_tail_nc6 + jnc L052pw_tail_nc6 movl $1,%eax - jmp L020pw_end -L041pw_nc_loop: + jmp L032pw_end +L053pw_nc_loop: movl (%esi),%ecx movl %ecx,(%ebx) -L026pw_nc0: +L038pw_nc0: movl 4(%esi),%ecx movl %ecx,4(%ebx) -L027pw_nc1: +L039pw_nc1: movl 8(%esi),%ecx movl %ecx,8(%ebx) -L028pw_nc2: +L040pw_nc2: movl 12(%esi),%ecx movl %ecx,12(%ebx) -L029pw_nc3: +L041pw_nc3: movl 16(%esi),%ecx movl %ecx,16(%ebx) -L030pw_nc4: +L042pw_nc4: movl 20(%esi),%ecx movl %ecx,20(%ebx) -L031pw_nc5: +L043pw_nc5: movl 24(%esi),%ecx movl %ecx,24(%ebx) -L032pw_nc6: +L044pw_nc6: movl 28(%esi),%ecx movl %ecx,28(%ebx) -L033pw_nc7: +L045pw_nc7: addl $32,%esi addl $32,%ebx subl $8,%ebp - jnz L041pw_nc_loop + jnz L053pw_nc_loop movl 36(%esp),%ebp andl $7,%ebp - jz L042pw_nc_end + jz L054pw_nc_end movl (%esi),%ecx movl %ecx,(%ebx) -L034pw_tail_nc0: +L046pw_tail_nc0: decl %ebp - jz L042pw_nc_end + jz L054pw_nc_end movl 4(%esi),%ecx movl %ecx,4(%ebx) -L035pw_tail_nc1: +L047pw_tail_nc1: decl %ebp - jz L042pw_nc_end + jz L054pw_nc_end movl 8(%esi),%ecx movl %ecx,8(%ebx) -L036pw_tail_nc2: +L048pw_tail_nc2: decl %ebp - jz L042pw_nc_end + jz L054pw_nc_end movl 12(%esi),%ecx movl %ecx,12(%ebx) -L037pw_tail_nc3: +L049pw_tail_nc3: decl %ebp - jz L042pw_nc_end + jz L054pw_nc_end movl 16(%esi),%ecx movl %ecx,16(%ebx) -L038pw_tail_nc4: +L050pw_tail_nc4: decl %ebp - jz L042pw_nc_end + jz L054pw_nc_end movl 20(%esi),%ecx movl %ecx,20(%ebx) -L039pw_tail_nc5: +L051pw_tail_nc5: decl %ebp - jz L042pw_nc_end + jz L054pw_nc_end movl 24(%esi),%ecx movl %ecx,24(%ebx) -L040pw_tail_nc6: -L042pw_nc_end: +L052pw_tail_nc6: +L054pw_nc_end: movl $0,%eax -L020pw_end: +L032pw_end: popl %edi popl %esi popl %ebx popl %ebp ret +.section __IMPORT,__pointers,non_lazy_symbol_pointers +L_OPENSSL_ia32cap_P$non_lazy_ptr: +.indirect_symbol _OPENSSL_ia32cap_P +.long 0 #endif diff --git a/mac-x86/crypto/bn/x86-mont.S b/mac-x86/crypto/bn/x86-mont.S index 1b79c5f..234034b 100644 --- a/mac-x86/crypto/bn/x86-mont.S +++ b/mac-x86/crypto/bn/x86-mont.S @@ -43,6 +43,126 @@ L_bn_mul_mont_begin: movl %esi,20(%esp) leal -3(%edi),%ebx movl %ebp,24(%esp) + call L001PIC_me_up +L001PIC_me_up: + popl %eax + movl L_OPENSSL_ia32cap_P$non_lazy_ptr-L001PIC_me_up(%eax),%eax + btl $26,(%eax) + jnc L002non_sse2 + movl $-1,%eax + movd %eax,%mm7 + movl 8(%esp),%esi + movl 12(%esp),%edi + movl 16(%esp),%ebp + xorl %edx,%edx + xorl %ecx,%ecx + movd (%edi),%mm4 + movd (%esi),%mm5 + movd (%ebp),%mm3 + pmuludq %mm4,%mm5 + movq %mm5,%mm2 + movq %mm5,%mm0 + pand %mm7,%mm0 + pmuludq 20(%esp),%mm5 + pmuludq %mm5,%mm3 + paddq %mm0,%mm3 + movd 4(%ebp),%mm1 + movd 4(%esi),%mm0 + psrlq $32,%mm2 + psrlq $32,%mm3 + incl %ecx +.align 4,0x90 +L0031st: + pmuludq %mm4,%mm0 + pmuludq %mm5,%mm1 + paddq %mm0,%mm2 + paddq %mm1,%mm3 + movq %mm2,%mm0 + pand %mm7,%mm0 + movd 4(%ebp,%ecx,4),%mm1 + paddq %mm0,%mm3 + movd 4(%esi,%ecx,4),%mm0 + psrlq $32,%mm2 + movd %mm3,28(%esp,%ecx,4) + psrlq $32,%mm3 + leal 1(%ecx),%ecx + cmpl %ebx,%ecx + jl L0031st + pmuludq %mm4,%mm0 + pmuludq %mm5,%mm1 + paddq %mm0,%mm2 + paddq %mm1,%mm3 + movq %mm2,%mm0 + pand %mm7,%mm0 + paddq %mm0,%mm3 + movd %mm3,28(%esp,%ecx,4) + psrlq $32,%mm2 + psrlq $32,%mm3 + paddq %mm2,%mm3 + movq %mm3,32(%esp,%ebx,4) + incl %edx +L004outer: + xorl %ecx,%ecx + movd (%edi,%edx,4),%mm4 + movd (%esi),%mm5 + movd 32(%esp),%mm6 + movd (%ebp),%mm3 + pmuludq %mm4,%mm5 + paddq %mm6,%mm5 + movq %mm5,%mm0 + movq %mm5,%mm2 + pand %mm7,%mm0 + pmuludq 20(%esp),%mm5 + pmuludq %mm5,%mm3 + paddq %mm0,%mm3 + movd 36(%esp),%mm6 + movd 4(%ebp),%mm1 + movd 4(%esi),%mm0 + psrlq $32,%mm2 + psrlq $32,%mm3 + paddq %mm6,%mm2 + incl %ecx + decl %ebx +L005inner: + pmuludq %mm4,%mm0 + pmuludq %mm5,%mm1 + paddq %mm0,%mm2 + paddq %mm1,%mm3 + movq %mm2,%mm0 + movd 36(%esp,%ecx,4),%mm6 + pand %mm7,%mm0 + movd 4(%ebp,%ecx,4),%mm1 + paddq %mm0,%mm3 + movd 4(%esi,%ecx,4),%mm0 + psrlq $32,%mm2 + movd %mm3,28(%esp,%ecx,4) + psrlq $32,%mm3 + paddq %mm6,%mm2 + decl %ebx + leal 1(%ecx),%ecx + jnz L005inner + movl %ecx,%ebx + pmuludq %mm4,%mm0 + pmuludq %mm5,%mm1 + paddq %mm0,%mm2 + paddq %mm1,%mm3 + movq %mm2,%mm0 + pand %mm7,%mm0 + paddq %mm0,%mm3 + movd %mm3,28(%esp,%ecx,4) + psrlq $32,%mm2 + psrlq $32,%mm3 + movd 36(%esp,%ebx,4),%mm6 + paddq %mm2,%mm3 + paddq %mm6,%mm3 + movq %mm3,32(%esp,%ebx,4) + leal 1(%edx),%edx + cmpl %ebx,%edx + jle L004outer + emms + jmp L006common_tail +.align 4,0x90 +L002non_sse2: movl 8(%esp),%esi leal 1(%ebx),%ebp movl 12(%esp),%edi @@ -53,12 +173,12 @@ L_bn_mul_mont_begin: leal 4(%edi,%ebx,4),%eax orl %edx,%ebp movl (%edi),%edi - jz L001bn_sqr_mont + jz L007bn_sqr_mont movl %eax,28(%esp) movl (%esi),%eax xorl %edx,%edx .align 4,0x90 -L002mull: +L008mull: movl %edx,%ebp mull %edi addl %eax,%ebp @@ -67,7 +187,7 @@ L002mull: movl (%esi,%ecx,4),%eax cmpl %ebx,%ecx movl %ebp,28(%esp,%ecx,4) - jl L002mull + jl L008mull movl %edx,%ebp mull %edi movl 20(%esp),%edi @@ -85,9 +205,9 @@ L002mull: movl 4(%esi),%eax adcl $0,%edx incl %ecx - jmp L0032ndmadd + jmp L0092ndmadd .align 4,0x90 -L0041stmadd: +L0101stmadd: movl %edx,%ebp mull %edi addl 32(%esp,%ecx,4),%ebp @@ -98,7 +218,7 @@ L0041stmadd: adcl $0,%edx cmpl %ebx,%ecx movl %ebp,28(%esp,%ecx,4) - jl L0041stmadd + jl L0101stmadd movl %edx,%ebp mull %edi addl 32(%esp,%ebx,4),%eax @@ -121,7 +241,7 @@ L0041stmadd: adcl $0,%edx movl $1,%ecx .align 4,0x90 -L0032ndmadd: +L0092ndmadd: movl %edx,%ebp mull %edi addl 32(%esp,%ecx,4),%ebp @@ -132,7 +252,7 @@ L0032ndmadd: adcl $0,%edx cmpl %ebx,%ecx movl %ebp,24(%esp,%ecx,4) - jl L0032ndmadd + jl L0092ndmadd movl %edx,%ebp mull %edi addl 32(%esp,%ebx,4),%ebp @@ -148,16 +268,16 @@ L0032ndmadd: movl %edx,32(%esp,%ebx,4) cmpl 28(%esp),%ecx movl %eax,36(%esp,%ebx,4) - je L005common_tail + je L006common_tail movl (%ecx),%edi movl 8(%esp),%esi movl %ecx,12(%esp) xorl %ecx,%ecx xorl %edx,%edx movl (%esi),%eax - jmp L0041stmadd + jmp L0101stmadd .align 4,0x90 -L001bn_sqr_mont: +L007bn_sqr_mont: movl %ebx,(%esp) movl %ecx,12(%esp) movl %edi,%eax @@ -168,7 +288,7 @@ L001bn_sqr_mont: andl $1,%ebx incl %ecx .align 4,0x90 -L006sqr: +L011sqr: movl (%esi,%ecx,4),%eax movl %edx,%ebp mull %edi @@ -180,7 +300,7 @@ L006sqr: cmpl (%esp),%ecx movl %eax,%ebx movl %ebp,28(%esp,%ecx,4) - jl L006sqr + jl L011sqr movl (%esi,%ecx,4),%eax movl %edx,%ebp mull %edi @@ -204,7 +324,7 @@ L006sqr: movl 4(%esi),%eax movl $1,%ecx .align 4,0x90 -L0073rdmadd: +L0123rdmadd: movl %edx,%ebp mull %edi addl 32(%esp,%ecx,4),%ebp @@ -223,7 +343,7 @@ L0073rdmadd: adcl $0,%edx cmpl %ebx,%ecx movl %ebp,24(%esp,%ecx,4) - jl L0073rdmadd + jl L0123rdmadd movl %edx,%ebp mull %edi addl 32(%esp,%ebx,4),%ebp @@ -239,7 +359,7 @@ L0073rdmadd: movl %edx,32(%esp,%ebx,4) cmpl %ebx,%ecx movl %eax,36(%esp,%ebx,4) - je L005common_tail + je L006common_tail movl 4(%esi,%ecx,4),%edi leal 1(%ecx),%ecx movl %edi,%eax @@ -251,12 +371,12 @@ L0073rdmadd: xorl %ebp,%ebp cmpl %ebx,%ecx leal 1(%ecx),%ecx - je L008sqrlast + je L013sqrlast movl %edx,%ebx shrl $1,%edx andl $1,%ebx .align 4,0x90 -L009sqradd: +L014sqradd: movl (%esi,%ecx,4),%eax movl %edx,%ebp mull %edi @@ -272,13 +392,13 @@ L009sqradd: cmpl (%esp),%ecx movl %ebp,28(%esp,%ecx,4) movl %eax,%ebx - jle L009sqradd + jle L014sqradd movl %edx,%ebp addl %edx,%edx shrl $31,%ebp addl %ebx,%edx adcl $0,%ebp -L008sqrlast: +L013sqrlast: movl 20(%esp),%edi movl 16(%esp),%esi imull 32(%esp),%edi @@ -293,9 +413,9 @@ L008sqrlast: adcl $0,%edx movl $1,%ecx movl 4(%esi),%eax - jmp L0073rdmadd + jmp L0123rdmadd .align 4,0x90 -L005common_tail: +L006common_tail: movl 16(%esp),%ebp movl 4(%esp),%edi leal 32(%esp),%esi @@ -303,16 +423,16 @@ L005common_tail: movl %ebx,%ecx xorl %edx,%edx .align 4,0x90 -L010sub: +L015sub: sbbl (%ebp,%edx,4),%eax movl %eax,(%edi,%edx,4) decl %ecx movl 4(%esi,%edx,4),%eax leal 1(%edx),%edx - jge L010sub + jge L015sub sbbl $0,%eax .align 4,0x90 -L011copy: +L016copy: movl (%esi,%ebx,4),%edx movl (%edi,%ebx,4),%ebp xorl %ebp,%edx @@ -321,7 +441,7 @@ L011copy: movl %ecx,(%esi,%ebx,4) movl %edx,(%edi,%ebx,4) decl %ebx - jge L011copy + jge L016copy movl 24(%esp),%esp movl $1,%eax L000just_leave: @@ -335,4 +455,8 @@ L000just_leave: .byte 54,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121 .byte 32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46 .byte 111,114,103,62,0 +.section __IMPORT,__pointers,non_lazy_symbol_pointers +L_OPENSSL_ia32cap_P$non_lazy_ptr: +.indirect_symbol _OPENSSL_ia32cap_P +.long 0 #endif diff --git a/mac-x86/crypto/cpu-x86-asm.S b/mac-x86/crypto/cpu-x86-asm.S index 7e8c83a..bfb292c 100644 --- a/mac-x86/crypto/cpu-x86-asm.S +++ b/mac-x86/crypto/cpu-x86-asm.S @@ -100,10 +100,6 @@ L004nocacheinfo: cmpl $0,%ebp jne L005notintel orl $1073741824,%edx - andb $15,%ah - cmpb $15,%ah - jne L005notintel - orl $1048576,%edx L005notintel: btl $28,%edx jnc L002generic @@ -232,6 +228,18 @@ L015PIC_me_up: movl (%ecx),%ecx btl $1,(%ecx) jnc L016no_x87 + andl $83886080,%ecx + cmpl $83886080,%ecx + jne L017no_sse2 + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 + pxor %xmm6,%xmm6 + pxor %xmm7,%xmm7 +L017no_sse2: .long 4007259865,4007259865,4007259865,4007259865,2430851995 L016no_x87: leal 4(%esp),%eax @@ -246,11 +254,11 @@ L_OPENSSL_atomic_add_begin: pushl %ebx nop movl (%edx),%eax -L017spin: +L018spin: leal (%eax,%ecx,1),%ebx nop .long 447811568 - jne L017spin + jne L018spin movl %ebx,%eax popl %ebx ret @@ -286,11 +294,11 @@ L_OPENSSL_indirect_call_begin: _OPENSSL_ia32_rdrand: L_OPENSSL_ia32_rdrand_begin: movl $8,%ecx -L018loop: +L019loop: .byte 15,199,240 - jc L019break - loop L018loop -L019break: + jc L020break + loop L019loop +L020break: cmpl $0,%eax cmovel %ecx,%eax ret diff --git a/mac-x86/crypto/sha/sha1-586.S b/mac-x86/crypto/sha/sha1-586.S index 4dd3fee..97aafbf 100644 --- a/mac-x86/crypto/sha/sha1-586.S +++ b/mac-x86/crypto/sha/sha1-586.S @@ -10,6 +10,23 @@ L_sha1_block_data_order_begin: pushl %ebx pushl %esi pushl %edi + call L000pic_point +L000pic_point: + popl %ebp + movl L_OPENSSL_ia32cap_P$non_lazy_ptr-L000pic_point(%ebp),%esi + leal LK_XX_XX-L000pic_point(%ebp),%ebp + movl (%esi),%eax + movl 4(%esi),%edx + testl $512,%edx + jz L001x86 + movl 8(%esi),%ecx + testl $16777216,%eax + jz L001x86 + testl $536870912,%ecx + jnz Lshaext_shortcut + jmp Lssse3_shortcut +.align 4,0x90 +L001x86: movl 20(%esp),%ebp movl 24(%esp),%esi movl 28(%esp),%eax @@ -18,9 +35,9 @@ L_sha1_block_data_order_begin: addl %esi,%eax movl %eax,104(%esp) movl 16(%ebp),%edi - jmp L000loop + jmp L002loop .align 4,0x90 -L000loop: +L002loop: movl (%esi),%eax movl 4(%esi),%ebx movl 8(%esi),%ecx @@ -1367,15 +1384,1414 @@ L000loop: movl %ebx,12(%ebp) movl %edx,%esi movl %ecx,16(%ebp) - jb L000loop + jb L002loop addl $76,%esp popl %edi popl %esi popl %ebx popl %ebp ret +.private_extern __sha1_block_data_order_shaext +.align 4 +__sha1_block_data_order_shaext: + pushl %ebp + pushl %ebx + pushl %esi + pushl %edi + call L003pic_point +L003pic_point: + popl %ebp + leal LK_XX_XX-L003pic_point(%ebp),%ebp +Lshaext_shortcut: + movl 20(%esp),%edi + movl %esp,%ebx + movl 24(%esp),%esi + movl 28(%esp),%ecx + subl $32,%esp + movdqu (%edi),%xmm0 + movd 16(%edi),%xmm1 + andl $-32,%esp + movdqa 80(%ebp),%xmm3 + movdqu (%esi),%xmm4 + pshufd $27,%xmm0,%xmm0 + movdqu 16(%esi),%xmm5 + pshufd $27,%xmm1,%xmm1 + movdqu 32(%esi),%xmm6 +.byte 102,15,56,0,227 + movdqu 48(%esi),%xmm7 +.byte 102,15,56,0,235 +.byte 102,15,56,0,243 +.byte 102,15,56,0,251 + jmp L004loop_shaext +.align 4,0x90 +L004loop_shaext: + decl %ecx + leal 64(%esi),%eax + movdqa %xmm1,(%esp) + paddd %xmm4,%xmm1 + cmovnel %eax,%esi + movdqa %xmm0,16(%esp) +.byte 15,56,201,229 + movdqa %xmm0,%xmm2 +.byte 15,58,204,193,0 +.byte 15,56,200,213 + pxor %xmm6,%xmm4 +.byte 15,56,201,238 +.byte 15,56,202,231 + movdqa %xmm0,%xmm1 +.byte 15,58,204,194,0 +.byte 15,56,200,206 + pxor %xmm7,%xmm5 +.byte 15,56,202,236 +.byte 15,56,201,247 + movdqa %xmm0,%xmm2 +.byte 15,58,204,193,0 +.byte 15,56,200,215 + pxor %xmm4,%xmm6 +.byte 15,56,201,252 +.byte 15,56,202,245 + movdqa %xmm0,%xmm1 +.byte 15,58,204,194,0 +.byte 15,56,200,204 + pxor %xmm5,%xmm7 +.byte 15,56,202,254 +.byte 15,56,201,229 + movdqa %xmm0,%xmm2 +.byte 15,58,204,193,0 +.byte 15,56,200,213 + pxor %xmm6,%xmm4 +.byte 15,56,201,238 +.byte 15,56,202,231 + movdqa %xmm0,%xmm1 +.byte 15,58,204,194,1 +.byte 15,56,200,206 + pxor %xmm7,%xmm5 +.byte 15,56,202,236 +.byte 15,56,201,247 + movdqa %xmm0,%xmm2 +.byte 15,58,204,193,1 +.byte 15,56,200,215 + pxor %xmm4,%xmm6 +.byte 15,56,201,252 +.byte 15,56,202,245 + movdqa %xmm0,%xmm1 +.byte 15,58,204,194,1 +.byte 15,56,200,204 + pxor %xmm5,%xmm7 +.byte 15,56,202,254 +.byte 15,56,201,229 + movdqa %xmm0,%xmm2 +.byte 15,58,204,193,1 +.byte 15,56,200,213 + pxor %xmm6,%xmm4 +.byte 15,56,201,238 +.byte 15,56,202,231 + movdqa %xmm0,%xmm1 +.byte 15,58,204,194,1 +.byte 15,56,200,206 + pxor %xmm7,%xmm5 +.byte 15,56,202,236 +.byte 15,56,201,247 + movdqa %xmm0,%xmm2 +.byte 15,58,204,193,2 +.byte 15,56,200,215 + pxor %xmm4,%xmm6 +.byte 15,56,201,252 +.byte 15,56,202,245 + movdqa %xmm0,%xmm1 +.byte 15,58,204,194,2 +.byte 15,56,200,204 + pxor %xmm5,%xmm7 +.byte 15,56,202,254 +.byte 15,56,201,229 + movdqa %xmm0,%xmm2 +.byte 15,58,204,193,2 +.byte 15,56,200,213 + pxor %xmm6,%xmm4 +.byte 15,56,201,238 +.byte 15,56,202,231 + movdqa %xmm0,%xmm1 +.byte 15,58,204,194,2 +.byte 15,56,200,206 + pxor %xmm7,%xmm5 +.byte 15,56,202,236 +.byte 15,56,201,247 + movdqa %xmm0,%xmm2 +.byte 15,58,204,193,2 +.byte 15,56,200,215 + pxor %xmm4,%xmm6 +.byte 15,56,201,252 +.byte 15,56,202,245 + movdqa %xmm0,%xmm1 +.byte 15,58,204,194,3 +.byte 15,56,200,204 + pxor %xmm5,%xmm7 +.byte 15,56,202,254 + movdqu (%esi),%xmm4 + movdqa %xmm0,%xmm2 +.byte 15,58,204,193,3 +.byte 15,56,200,213 + movdqu 16(%esi),%xmm5 +.byte 102,15,56,0,227 + movdqa %xmm0,%xmm1 +.byte 15,58,204,194,3 +.byte 15,56,200,206 + movdqu 32(%esi),%xmm6 +.byte 102,15,56,0,235 + movdqa %xmm0,%xmm2 +.byte 15,58,204,193,3 +.byte 15,56,200,215 + movdqu 48(%esi),%xmm7 +.byte 102,15,56,0,243 + movdqa %xmm0,%xmm1 +.byte 15,58,204,194,3 + movdqa (%esp),%xmm2 +.byte 102,15,56,0,251 +.byte 15,56,200,202 + paddd 16(%esp),%xmm0 + jnz L004loop_shaext + pshufd $27,%xmm0,%xmm0 + pshufd $27,%xmm1,%xmm1 + movdqu %xmm0,(%edi) + movd %xmm1,16(%edi) + movl %ebx,%esp + popl %edi + popl %esi + popl %ebx + popl %ebp + ret +.private_extern __sha1_block_data_order_ssse3 +.align 4 +__sha1_block_data_order_ssse3: + pushl %ebp + pushl %ebx + pushl %esi + pushl %edi + call L005pic_point +L005pic_point: + popl %ebp + leal LK_XX_XX-L005pic_point(%ebp),%ebp +Lssse3_shortcut: + movdqa (%ebp),%xmm7 + movdqa 16(%ebp),%xmm0 + movdqa 32(%ebp),%xmm1 + movdqa 48(%ebp),%xmm2 + movdqa 64(%ebp),%xmm6 + movl 20(%esp),%edi + movl 24(%esp),%ebp + movl 28(%esp),%edx + movl %esp,%esi + subl $208,%esp + andl $-64,%esp + movdqa %xmm0,112(%esp) + movdqa %xmm1,128(%esp) + movdqa %xmm2,144(%esp) + shll $6,%edx + movdqa %xmm7,160(%esp) + addl %ebp,%edx + movdqa %xmm6,176(%esp) + addl $64,%ebp + movl %edi,192(%esp) + movl %ebp,196(%esp) + movl %edx,200(%esp) + movl %esi,204(%esp) + movl (%edi),%eax + movl 4(%edi),%ebx + movl 8(%edi),%ecx + movl 12(%edi),%edx + movl 16(%edi),%edi + movl %ebx,%esi + movdqu -64(%ebp),%xmm0 + movdqu -48(%ebp),%xmm1 + movdqu -32(%ebp),%xmm2 + movdqu -16(%ebp),%xmm3 +.byte 102,15,56,0,198 +.byte 102,15,56,0,206 +.byte 102,15,56,0,214 + movdqa %xmm7,96(%esp) +.byte 102,15,56,0,222 + paddd %xmm7,%xmm0 + paddd %xmm7,%xmm1 + paddd %xmm7,%xmm2 + movdqa %xmm0,(%esp) + psubd %xmm7,%xmm0 + movdqa %xmm1,16(%esp) + psubd %xmm7,%xmm1 + movdqa %xmm2,32(%esp) + movl %ecx,%ebp + psubd %xmm7,%xmm2 + xorl %edx,%ebp + pshufd $238,%xmm0,%xmm4 + andl %ebp,%esi + jmp L006loop +.align 4,0x90 +L006loop: + rorl $2,%ebx + xorl %edx,%esi + movl %eax,%ebp + punpcklqdq %xmm1,%xmm4 + movdqa %xmm3,%xmm6 + addl (%esp),%edi + xorl %ecx,%ebx + paddd %xmm3,%xmm7 + movdqa %xmm0,64(%esp) + roll $5,%eax + addl %esi,%edi + psrldq $4,%xmm6 + andl %ebx,%ebp + xorl %ecx,%ebx + pxor %xmm0,%xmm4 + addl %eax,%edi + rorl $7,%eax + pxor %xmm2,%xmm6 + xorl %ecx,%ebp + movl %edi,%esi + addl 4(%esp),%edx + pxor %xmm6,%xmm4 + xorl %ebx,%eax + roll $5,%edi + movdqa %xmm7,48(%esp) + addl %ebp,%edx + andl %eax,%esi + movdqa %xmm4,%xmm0 + xorl %ebx,%eax + addl %edi,%edx + rorl $7,%edi + movdqa %xmm4,%xmm6 + xorl %ebx,%esi + pslldq $12,%xmm0 + paddd %xmm4,%xmm4 + movl %edx,%ebp + addl 8(%esp),%ecx + psrld $31,%xmm6 + xorl %eax,%edi + roll $5,%edx + movdqa %xmm0,%xmm7 + addl %esi,%ecx + andl %edi,%ebp + xorl %eax,%edi + psrld $30,%xmm0 + addl %edx,%ecx + rorl $7,%edx + por %xmm6,%xmm4 + xorl %eax,%ebp + movl %ecx,%esi + addl 12(%esp),%ebx + pslld $2,%xmm7 + xorl %edi,%edx + roll $5,%ecx + pxor %xmm0,%xmm4 + movdqa 96(%esp),%xmm0 + addl %ebp,%ebx + andl %edx,%esi + pxor %xmm7,%xmm4 + pshufd $238,%xmm1,%xmm5 + xorl %edi,%edx + addl %ecx,%ebx + rorl $7,%ecx + xorl %edi,%esi + movl %ebx,%ebp + punpcklqdq %xmm2,%xmm5 + movdqa %xmm4,%xmm7 + addl 16(%esp),%eax + xorl %edx,%ecx + paddd %xmm4,%xmm0 + movdqa %xmm1,80(%esp) + roll $5,%ebx + addl %esi,%eax + psrldq $4,%xmm7 + andl %ecx,%ebp + xorl %edx,%ecx + pxor %xmm1,%xmm5 + addl %ebx,%eax + rorl $7,%ebx + pxor %xmm3,%xmm7 + xorl %edx,%ebp + movl %eax,%esi + addl 20(%esp),%edi + pxor %xmm7,%xmm5 + xorl %ecx,%ebx + roll $5,%eax + movdqa %xmm0,(%esp) + addl %ebp,%edi + andl %ebx,%esi + movdqa %xmm5,%xmm1 + xorl %ecx,%ebx + addl %eax,%edi + rorl $7,%eax + movdqa %xmm5,%xmm7 + xorl %ecx,%esi + pslldq $12,%xmm1 + paddd %xmm5,%xmm5 + movl %edi,%ebp + addl 24(%esp),%edx + psrld $31,%xmm7 + xorl %ebx,%eax + roll $5,%edi + movdqa %xmm1,%xmm0 + addl %esi,%edx + andl %eax,%ebp + xorl %ebx,%eax + psrld $30,%xmm1 + addl %edi,%edx + rorl $7,%edi + por %xmm7,%xmm5 + xorl %ebx,%ebp + movl %edx,%esi + addl 28(%esp),%ecx + pslld $2,%xmm0 + xorl %eax,%edi + roll $5,%edx + pxor %xmm1,%xmm5 + movdqa 112(%esp),%xmm1 + addl %ebp,%ecx + andl %edi,%esi + pxor %xmm0,%xmm5 + pshufd $238,%xmm2,%xmm6 + xorl %eax,%edi + addl %edx,%ecx + rorl $7,%edx + xorl %eax,%esi + movl %ecx,%ebp + punpcklqdq %xmm3,%xmm6 + movdqa %xmm5,%xmm0 + addl 32(%esp),%ebx + xorl %edi,%edx + paddd %xmm5,%xmm1 + movdqa %xmm2,96(%esp) + roll $5,%ecx + addl %esi,%ebx + psrldq $4,%xmm0 + andl %edx,%ebp + xorl %edi,%edx + pxor %xmm2,%xmm6 + addl %ecx,%ebx + rorl $7,%ecx + pxor %xmm4,%xmm0 + xorl %edi,%ebp + movl %ebx,%esi + addl 36(%esp),%eax + pxor %xmm0,%xmm6 + xorl %edx,%ecx + roll $5,%ebx + movdqa %xmm1,16(%esp) + addl %ebp,%eax + andl %ecx,%esi + movdqa %xmm6,%xmm2 + xorl %edx,%ecx + addl %ebx,%eax + rorl $7,%ebx + movdqa %xmm6,%xmm0 + xorl %edx,%esi + pslldq $12,%xmm2 + paddd %xmm6,%xmm6 + movl %eax,%ebp + addl 40(%esp),%edi + psrld $31,%xmm0 + xorl %ecx,%ebx + roll $5,%eax + movdqa %xmm2,%xmm1 + addl %esi,%edi + andl %ebx,%ebp + xorl %ecx,%ebx + psrld $30,%xmm2 + addl %eax,%edi + rorl $7,%eax + por %xmm0,%xmm6 + xorl %ecx,%ebp + movdqa 64(%esp),%xmm0 + movl %edi,%esi + addl 44(%esp),%edx + pslld $2,%xmm1 + xorl %ebx,%eax + roll $5,%edi + pxor %xmm2,%xmm6 + movdqa 112(%esp),%xmm2 + addl %ebp,%edx + andl %eax,%esi + pxor %xmm1,%xmm6 + pshufd $238,%xmm3,%xmm7 + xorl %ebx,%eax + addl %edi,%edx + rorl $7,%edi + xorl %ebx,%esi + movl %edx,%ebp + punpcklqdq %xmm4,%xmm7 + movdqa %xmm6,%xmm1 + addl 48(%esp),%ecx + xorl %eax,%edi + paddd %xmm6,%xmm2 + movdqa %xmm3,64(%esp) + roll $5,%edx + addl %esi,%ecx + psrldq $4,%xmm1 + andl %edi,%ebp + xorl %eax,%edi + pxor %xmm3,%xmm7 + addl %edx,%ecx + rorl $7,%edx + pxor %xmm5,%xmm1 + xorl %eax,%ebp + movl %ecx,%esi + addl 52(%esp),%ebx + pxor %xmm1,%xmm7 + xorl %edi,%edx + roll $5,%ecx + movdqa %xmm2,32(%esp) + addl %ebp,%ebx + andl %edx,%esi + movdqa %xmm7,%xmm3 + xorl %edi,%edx + addl %ecx,%ebx + rorl $7,%ecx + movdqa %xmm7,%xmm1 + xorl %edi,%esi + pslldq $12,%xmm3 + paddd %xmm7,%xmm7 + movl %ebx,%ebp + addl 56(%esp),%eax + psrld $31,%xmm1 + xorl %edx,%ecx + roll $5,%ebx + movdqa %xmm3,%xmm2 + addl %esi,%eax + andl %ecx,%ebp + xorl %edx,%ecx + psrld $30,%xmm3 + addl %ebx,%eax + rorl $7,%ebx + por %xmm1,%xmm7 + xorl %edx,%ebp + movdqa 80(%esp),%xmm1 + movl %eax,%esi + addl 60(%esp),%edi + pslld $2,%xmm2 + xorl %ecx,%ebx + roll $5,%eax + pxor %xmm3,%xmm7 + movdqa 112(%esp),%xmm3 + addl %ebp,%edi + andl %ebx,%esi + pxor %xmm2,%xmm7 + pshufd $238,%xmm6,%xmm2 + xorl %ecx,%ebx + addl %eax,%edi + rorl $7,%eax + pxor %xmm4,%xmm0 + punpcklqdq %xmm7,%xmm2 + xorl %ecx,%esi + movl %edi,%ebp + addl (%esp),%edx + pxor %xmm1,%xmm0 + movdqa %xmm4,80(%esp) + xorl %ebx,%eax + roll $5,%edi + movdqa %xmm3,%xmm4 + addl %esi,%edx + paddd %xmm7,%xmm3 + andl %eax,%ebp + pxor %xmm2,%xmm0 + xorl %ebx,%eax + addl %edi,%edx + rorl $7,%edi + xorl %ebx,%ebp + movdqa %xmm0,%xmm2 + movdqa %xmm3,48(%esp) + movl %edx,%esi + addl 4(%esp),%ecx + xorl %eax,%edi + roll $5,%edx + pslld $2,%xmm0 + addl %ebp,%ecx + andl %edi,%esi + psrld $30,%xmm2 + xorl %eax,%edi + addl %edx,%ecx + rorl $7,%edx + xorl %eax,%esi + movl %ecx,%ebp + addl 8(%esp),%ebx + xorl %edi,%edx + roll $5,%ecx + por %xmm2,%xmm0 + addl %esi,%ebx + andl %edx,%ebp + movdqa 96(%esp),%xmm2 + xorl %edi,%edx + addl %ecx,%ebx + addl 12(%esp),%eax + xorl %edi,%ebp + movl %ebx,%esi + pshufd $238,%xmm7,%xmm3 + roll $5,%ebx + addl %ebp,%eax + xorl %edx,%esi + rorl $7,%ecx + addl %ebx,%eax + addl 16(%esp),%edi + pxor %xmm5,%xmm1 + punpcklqdq %xmm0,%xmm3 + xorl %ecx,%esi + movl %eax,%ebp + roll $5,%eax + pxor %xmm2,%xmm1 + movdqa %xmm5,96(%esp) + addl %esi,%edi + xorl %ecx,%ebp + movdqa %xmm4,%xmm5 + rorl $7,%ebx + paddd %xmm0,%xmm4 + addl %eax,%edi + pxor %xmm3,%xmm1 + addl 20(%esp),%edx + xorl %ebx,%ebp + movl %edi,%esi + roll $5,%edi + movdqa %xmm1,%xmm3 + movdqa %xmm4,(%esp) + addl %ebp,%edx + xorl %ebx,%esi + rorl $7,%eax + addl %edi,%edx + pslld $2,%xmm1 + addl 24(%esp),%ecx + xorl %eax,%esi + psrld $30,%xmm3 + movl %edx,%ebp + roll $5,%edx + addl %esi,%ecx + xorl %eax,%ebp + rorl $7,%edi + addl %edx,%ecx + por %xmm3,%xmm1 + addl 28(%esp),%ebx + xorl %edi,%ebp + movdqa 64(%esp),%xmm3 + movl %ecx,%esi + roll $5,%ecx + addl %ebp,%ebx + xorl %edi,%esi + rorl $7,%edx + pshufd $238,%xmm0,%xmm4 + addl %ecx,%ebx + addl 32(%esp),%eax + pxor %xmm6,%xmm2 + punpcklqdq %xmm1,%xmm4 + xorl %edx,%esi + movl %ebx,%ebp + roll $5,%ebx + pxor %xmm3,%xmm2 + movdqa %xmm6,64(%esp) + addl %esi,%eax + xorl %edx,%ebp + movdqa 128(%esp),%xmm6 + rorl $7,%ecx + paddd %xmm1,%xmm5 + addl %ebx,%eax + pxor %xmm4,%xmm2 + addl 36(%esp),%edi + xorl %ecx,%ebp + movl %eax,%esi + roll $5,%eax + movdqa %xmm2,%xmm4 + movdqa %xmm5,16(%esp) + addl %ebp,%edi + xorl %ecx,%esi + rorl $7,%ebx + addl %eax,%edi + pslld $2,%xmm2 + addl 40(%esp),%edx + xorl %ebx,%esi + psrld $30,%xmm4 + movl %edi,%ebp + roll $5,%edi + addl %esi,%edx + xorl %ebx,%ebp + rorl $7,%eax + addl %edi,%edx + por %xmm4,%xmm2 + addl 44(%esp),%ecx + xorl %eax,%ebp + movdqa 80(%esp),%xmm4 + movl %edx,%esi + roll $5,%edx + addl %ebp,%ecx + xorl %eax,%esi + rorl $7,%edi + pshufd $238,%xmm1,%xmm5 + addl %edx,%ecx + addl 48(%esp),%ebx + pxor %xmm7,%xmm3 + punpcklqdq %xmm2,%xmm5 + xorl %edi,%esi + movl %ecx,%ebp + roll $5,%ecx + pxor %xmm4,%xmm3 + movdqa %xmm7,80(%esp) + addl %esi,%ebx + xorl %edi,%ebp + movdqa %xmm6,%xmm7 + rorl $7,%edx + paddd %xmm2,%xmm6 + addl %ecx,%ebx + pxor %xmm5,%xmm3 + addl 52(%esp),%eax + xorl %edx,%ebp + movl %ebx,%esi + roll $5,%ebx + movdqa %xmm3,%xmm5 + movdqa %xmm6,32(%esp) + addl %ebp,%eax + xorl %edx,%esi + rorl $7,%ecx + addl %ebx,%eax + pslld $2,%xmm3 + addl 56(%esp),%edi + xorl %ecx,%esi + psrld $30,%xmm5 + movl %eax,%ebp + roll $5,%eax + addl %esi,%edi + xorl %ecx,%ebp + rorl $7,%ebx + addl %eax,%edi + por %xmm5,%xmm3 + addl 60(%esp),%edx + xorl %ebx,%ebp + movdqa 96(%esp),%xmm5 + movl %edi,%esi + roll $5,%edi + addl %ebp,%edx + xorl %ebx,%esi + rorl $7,%eax + pshufd $238,%xmm2,%xmm6 + addl %edi,%edx + addl (%esp),%ecx + pxor %xmm0,%xmm4 + punpcklqdq %xmm3,%xmm6 + xorl %eax,%esi + movl %edx,%ebp + roll $5,%edx + pxor %xmm5,%xmm4 + movdqa %xmm0,96(%esp) + addl %esi,%ecx + xorl %eax,%ebp + movdqa %xmm7,%xmm0 + rorl $7,%edi + paddd %xmm3,%xmm7 + addl %edx,%ecx + pxor %xmm6,%xmm4 + addl 4(%esp),%ebx + xorl %edi,%ebp + movl %ecx,%esi + roll $5,%ecx + movdqa %xmm4,%xmm6 + movdqa %xmm7,48(%esp) + addl %ebp,%ebx + xorl %edi,%esi + rorl $7,%edx + addl %ecx,%ebx + pslld $2,%xmm4 + addl 8(%esp),%eax + xorl %edx,%esi + psrld $30,%xmm6 + movl %ebx,%ebp + roll $5,%ebx + addl %esi,%eax + xorl %edx,%ebp + rorl $7,%ecx + addl %ebx,%eax + por %xmm6,%xmm4 + addl 12(%esp),%edi + xorl %ecx,%ebp + movdqa 64(%esp),%xmm6 + movl %eax,%esi + roll $5,%eax + addl %ebp,%edi + xorl %ecx,%esi + rorl $7,%ebx + pshufd $238,%xmm3,%xmm7 + addl %eax,%edi + addl 16(%esp),%edx + pxor %xmm1,%xmm5 + punpcklqdq %xmm4,%xmm7 + xorl %ebx,%esi + movl %edi,%ebp + roll $5,%edi + pxor %xmm6,%xmm5 + movdqa %xmm1,64(%esp) + addl %esi,%edx + xorl %ebx,%ebp + movdqa %xmm0,%xmm1 + rorl $7,%eax + paddd %xmm4,%xmm0 + addl %edi,%edx + pxor %xmm7,%xmm5 + addl 20(%esp),%ecx + xorl %eax,%ebp + movl %edx,%esi + roll $5,%edx + movdqa %xmm5,%xmm7 + movdqa %xmm0,(%esp) + addl %ebp,%ecx + xorl %eax,%esi + rorl $7,%edi + addl %edx,%ecx + pslld $2,%xmm5 + addl 24(%esp),%ebx + xorl %edi,%esi + psrld $30,%xmm7 + movl %ecx,%ebp + roll $5,%ecx + addl %esi,%ebx + xorl %edi,%ebp + rorl $7,%edx + addl %ecx,%ebx + por %xmm7,%xmm5 + addl 28(%esp),%eax + movdqa 80(%esp),%xmm7 + rorl $7,%ecx + movl %ebx,%esi + xorl %edx,%ebp + roll $5,%ebx + pshufd $238,%xmm4,%xmm0 + addl %ebp,%eax + xorl %ecx,%esi + xorl %edx,%ecx + addl %ebx,%eax + addl 32(%esp),%edi + pxor %xmm2,%xmm6 + punpcklqdq %xmm5,%xmm0 + andl %ecx,%esi + xorl %edx,%ecx + rorl $7,%ebx + pxor %xmm7,%xmm6 + movdqa %xmm2,80(%esp) + movl %eax,%ebp + xorl %ecx,%esi + roll $5,%eax + movdqa %xmm1,%xmm2 + addl %esi,%edi + paddd %xmm5,%xmm1 + xorl %ebx,%ebp + pxor %xmm0,%xmm6 + xorl %ecx,%ebx + addl %eax,%edi + addl 36(%esp),%edx + andl %ebx,%ebp + movdqa %xmm6,%xmm0 + movdqa %xmm1,16(%esp) + xorl %ecx,%ebx + rorl $7,%eax + movl %edi,%esi + xorl %ebx,%ebp + roll $5,%edi + pslld $2,%xmm6 + addl %ebp,%edx + xorl %eax,%esi + psrld $30,%xmm0 + xorl %ebx,%eax + addl %edi,%edx + addl 40(%esp),%ecx + andl %eax,%esi + xorl %ebx,%eax + rorl $7,%edi + por %xmm0,%xmm6 + movl %edx,%ebp + xorl %eax,%esi + movdqa 96(%esp),%xmm0 + roll $5,%edx + addl %esi,%ecx + xorl %edi,%ebp + xorl %eax,%edi + addl %edx,%ecx + pshufd $238,%xmm5,%xmm1 + addl 44(%esp),%ebx + andl %edi,%ebp + xorl %eax,%edi + rorl $7,%edx + movl %ecx,%esi + xorl %edi,%ebp + roll $5,%ecx + addl %ebp,%ebx + xorl %edx,%esi + xorl %edi,%edx + addl %ecx,%ebx + addl 48(%esp),%eax + pxor %xmm3,%xmm7 + punpcklqdq %xmm6,%xmm1 + andl %edx,%esi + xorl %edi,%edx + rorl $7,%ecx + pxor %xmm0,%xmm7 + movdqa %xmm3,96(%esp) + movl %ebx,%ebp + xorl %edx,%esi + roll $5,%ebx + movdqa 144(%esp),%xmm3 + addl %esi,%eax + paddd %xmm6,%xmm2 + xorl %ecx,%ebp + pxor %xmm1,%xmm7 + xorl %edx,%ecx + addl %ebx,%eax + addl 52(%esp),%edi + andl %ecx,%ebp + movdqa %xmm7,%xmm1 + movdqa %xmm2,32(%esp) + xorl %edx,%ecx + rorl $7,%ebx + movl %eax,%esi + xorl %ecx,%ebp + roll $5,%eax + pslld $2,%xmm7 + addl %ebp,%edi + xorl %ebx,%esi + psrld $30,%xmm1 + xorl %ecx,%ebx + addl %eax,%edi + addl 56(%esp),%edx + andl %ebx,%esi + xorl %ecx,%ebx + rorl $7,%eax + por %xmm1,%xmm7 + movl %edi,%ebp + xorl %ebx,%esi + movdqa 64(%esp),%xmm1 + roll $5,%edi + addl %esi,%edx + xorl %eax,%ebp + xorl %ebx,%eax + addl %edi,%edx + pshufd $238,%xmm6,%xmm2 + addl 60(%esp),%ecx + andl %eax,%ebp + xorl %ebx,%eax + rorl $7,%edi + movl %edx,%esi + xorl %eax,%ebp + roll $5,%edx + addl %ebp,%ecx + xorl %edi,%esi + xorl %eax,%edi + addl %edx,%ecx + addl (%esp),%ebx + pxor %xmm4,%xmm0 + punpcklqdq %xmm7,%xmm2 + andl %edi,%esi + xorl %eax,%edi + rorl $7,%edx + pxor %xmm1,%xmm0 + movdqa %xmm4,64(%esp) + movl %ecx,%ebp + xorl %edi,%esi + roll $5,%ecx + movdqa %xmm3,%xmm4 + addl %esi,%ebx + paddd %xmm7,%xmm3 + xorl %edx,%ebp + pxor %xmm2,%xmm0 + xorl %edi,%edx + addl %ecx,%ebx + addl 4(%esp),%eax + andl %edx,%ebp + movdqa %xmm0,%xmm2 + movdqa %xmm3,48(%esp) + xorl %edi,%edx + rorl $7,%ecx + movl %ebx,%esi + xorl %edx,%ebp + roll $5,%ebx + pslld $2,%xmm0 + addl %ebp,%eax + xorl %ecx,%esi + psrld $30,%xmm2 + xorl %edx,%ecx + addl %ebx,%eax + addl 8(%esp),%edi + andl %ecx,%esi + xorl %edx,%ecx + rorl $7,%ebx + por %xmm2,%xmm0 + movl %eax,%ebp + xorl %ecx,%esi + movdqa 80(%esp),%xmm2 + roll $5,%eax + addl %esi,%edi + xorl %ebx,%ebp + xorl %ecx,%ebx + addl %eax,%edi + pshufd $238,%xmm7,%xmm3 + addl 12(%esp),%edx + andl %ebx,%ebp + xorl %ecx,%ebx + rorl $7,%eax + movl %edi,%esi + xorl %ebx,%ebp + roll $5,%edi + addl %ebp,%edx + xorl %eax,%esi + xorl %ebx,%eax + addl %edi,%edx + addl 16(%esp),%ecx + pxor %xmm5,%xmm1 + punpcklqdq %xmm0,%xmm3 + andl %eax,%esi + xorl %ebx,%eax + rorl $7,%edi + pxor %xmm2,%xmm1 + movdqa %xmm5,80(%esp) + movl %edx,%ebp + xorl %eax,%esi + roll $5,%edx + movdqa %xmm4,%xmm5 + addl %esi,%ecx + paddd %xmm0,%xmm4 + xorl %edi,%ebp + pxor %xmm3,%xmm1 + xorl %eax,%edi + addl %edx,%ecx + addl 20(%esp),%ebx + andl %edi,%ebp + movdqa %xmm1,%xmm3 + movdqa %xmm4,(%esp) + xorl %eax,%edi + rorl $7,%edx + movl %ecx,%esi + xorl %edi,%ebp + roll $5,%ecx + pslld $2,%xmm1 + addl %ebp,%ebx + xorl %edx,%esi + psrld $30,%xmm3 + xorl %edi,%edx + addl %ecx,%ebx + addl 24(%esp),%eax + andl %edx,%esi + xorl %edi,%edx + rorl $7,%ecx + por %xmm3,%xmm1 + movl %ebx,%ebp + xorl %edx,%esi + movdqa 96(%esp),%xmm3 + roll $5,%ebx + addl %esi,%eax + xorl %ecx,%ebp + xorl %edx,%ecx + addl %ebx,%eax + pshufd $238,%xmm0,%xmm4 + addl 28(%esp),%edi + andl %ecx,%ebp + xorl %edx,%ecx + rorl $7,%ebx + movl %eax,%esi + xorl %ecx,%ebp + roll $5,%eax + addl %ebp,%edi + xorl %ebx,%esi + xorl %ecx,%ebx + addl %eax,%edi + addl 32(%esp),%edx + pxor %xmm6,%xmm2 + punpcklqdq %xmm1,%xmm4 + andl %ebx,%esi + xorl %ecx,%ebx + rorl $7,%eax + pxor %xmm3,%xmm2 + movdqa %xmm6,96(%esp) + movl %edi,%ebp + xorl %ebx,%esi + roll $5,%edi + movdqa %xmm5,%xmm6 + addl %esi,%edx + paddd %xmm1,%xmm5 + xorl %eax,%ebp + pxor %xmm4,%xmm2 + xorl %ebx,%eax + addl %edi,%edx + addl 36(%esp),%ecx + andl %eax,%ebp + movdqa %xmm2,%xmm4 + movdqa %xmm5,16(%esp) + xorl %ebx,%eax + rorl $7,%edi + movl %edx,%esi + xorl %eax,%ebp + roll $5,%edx + pslld $2,%xmm2 + addl %ebp,%ecx + xorl %edi,%esi + psrld $30,%xmm4 + xorl %eax,%edi + addl %edx,%ecx + addl 40(%esp),%ebx + andl %edi,%esi + xorl %eax,%edi + rorl $7,%edx + por %xmm4,%xmm2 + movl %ecx,%ebp + xorl %edi,%esi + movdqa 64(%esp),%xmm4 + roll $5,%ecx + addl %esi,%ebx + xorl %edx,%ebp + xorl %edi,%edx + addl %ecx,%ebx + pshufd $238,%xmm1,%xmm5 + addl 44(%esp),%eax + andl %edx,%ebp + xorl %edi,%edx + rorl $7,%ecx + movl %ebx,%esi + xorl %edx,%ebp + roll $5,%ebx + addl %ebp,%eax + xorl %edx,%esi + addl %ebx,%eax + addl 48(%esp),%edi + pxor %xmm7,%xmm3 + punpcklqdq %xmm2,%xmm5 + xorl %ecx,%esi + movl %eax,%ebp + roll $5,%eax + pxor %xmm4,%xmm3 + movdqa %xmm7,64(%esp) + addl %esi,%edi + xorl %ecx,%ebp + movdqa %xmm6,%xmm7 + rorl $7,%ebx + paddd %xmm2,%xmm6 + addl %eax,%edi + pxor %xmm5,%xmm3 + addl 52(%esp),%edx + xorl %ebx,%ebp + movl %edi,%esi + roll $5,%edi + movdqa %xmm3,%xmm5 + movdqa %xmm6,32(%esp) + addl %ebp,%edx + xorl %ebx,%esi + rorl $7,%eax + addl %edi,%edx + pslld $2,%xmm3 + addl 56(%esp),%ecx + xorl %eax,%esi + psrld $30,%xmm5 + movl %edx,%ebp + roll $5,%edx + addl %esi,%ecx + xorl %eax,%ebp + rorl $7,%edi + addl %edx,%ecx + por %xmm5,%xmm3 + addl 60(%esp),%ebx + xorl %edi,%ebp + movl %ecx,%esi + roll $5,%ecx + addl %ebp,%ebx + xorl %edi,%esi + rorl $7,%edx + addl %ecx,%ebx + addl (%esp),%eax + xorl %edx,%esi + movl %ebx,%ebp + roll $5,%ebx + addl %esi,%eax + xorl %edx,%ebp + rorl $7,%ecx + paddd %xmm3,%xmm7 + addl %ebx,%eax + addl 4(%esp),%edi + xorl %ecx,%ebp + movl %eax,%esi + movdqa %xmm7,48(%esp) + roll $5,%eax + addl %ebp,%edi + xorl %ecx,%esi + rorl $7,%ebx + addl %eax,%edi + addl 8(%esp),%edx + xorl %ebx,%esi + movl %edi,%ebp + roll $5,%edi + addl %esi,%edx + xorl %ebx,%ebp + rorl $7,%eax + addl %edi,%edx + addl 12(%esp),%ecx + xorl %eax,%ebp + movl %edx,%esi + roll $5,%edx + addl %ebp,%ecx + xorl %eax,%esi + rorl $7,%edi + addl %edx,%ecx + movl 196(%esp),%ebp + cmpl 200(%esp),%ebp + je L007done + movdqa 160(%esp),%xmm7 + movdqa 176(%esp),%xmm6 + movdqu (%ebp),%xmm0 + movdqu 16(%ebp),%xmm1 + movdqu 32(%ebp),%xmm2 + movdqu 48(%ebp),%xmm3 + addl $64,%ebp +.byte 102,15,56,0,198 + movl %ebp,196(%esp) + movdqa %xmm7,96(%esp) + addl 16(%esp),%ebx + xorl %edi,%esi + movl %ecx,%ebp + roll $5,%ecx + addl %esi,%ebx + xorl %edi,%ebp + rorl $7,%edx +.byte 102,15,56,0,206 + addl %ecx,%ebx + addl 20(%esp),%eax + xorl %edx,%ebp + movl %ebx,%esi + paddd %xmm7,%xmm0 + roll $5,%ebx + addl %ebp,%eax + xorl %edx,%esi + rorl $7,%ecx + movdqa %xmm0,(%esp) + addl %ebx,%eax + addl 24(%esp),%edi + xorl %ecx,%esi + movl %eax,%ebp + psubd %xmm7,%xmm0 + roll $5,%eax + addl %esi,%edi + xorl %ecx,%ebp + rorl $7,%ebx + addl %eax,%edi + addl 28(%esp),%edx + xorl %ebx,%ebp + movl %edi,%esi + roll $5,%edi + addl %ebp,%edx + xorl %ebx,%esi + rorl $7,%eax + addl %edi,%edx + addl 32(%esp),%ecx + xorl %eax,%esi + movl %edx,%ebp + roll $5,%edx + addl %esi,%ecx + xorl %eax,%ebp + rorl $7,%edi +.byte 102,15,56,0,214 + addl %edx,%ecx + addl 36(%esp),%ebx + xorl %edi,%ebp + movl %ecx,%esi + paddd %xmm7,%xmm1 + roll $5,%ecx + addl %ebp,%ebx + xorl %edi,%esi + rorl $7,%edx + movdqa %xmm1,16(%esp) + addl %ecx,%ebx + addl 40(%esp),%eax + xorl %edx,%esi + movl %ebx,%ebp + psubd %xmm7,%xmm1 + roll $5,%ebx + addl %esi,%eax + xorl %edx,%ebp + rorl $7,%ecx + addl %ebx,%eax + addl 44(%esp),%edi + xorl %ecx,%ebp + movl %eax,%esi + roll $5,%eax + addl %ebp,%edi + xorl %ecx,%esi + rorl $7,%ebx + addl %eax,%edi + addl 48(%esp),%edx + xorl %ebx,%esi + movl %edi,%ebp + roll $5,%edi + addl %esi,%edx + xorl %ebx,%ebp + rorl $7,%eax +.byte 102,15,56,0,222 + addl %edi,%edx + addl 52(%esp),%ecx + xorl %eax,%ebp + movl %edx,%esi + paddd %xmm7,%xmm2 + roll $5,%edx + addl %ebp,%ecx + xorl %eax,%esi + rorl $7,%edi + movdqa %xmm2,32(%esp) + addl %edx,%ecx + addl 56(%esp),%ebx + xorl %edi,%esi + movl %ecx,%ebp + psubd %xmm7,%xmm2 + roll $5,%ecx + addl %esi,%ebx + xorl %edi,%ebp + rorl $7,%edx + addl %ecx,%ebx + addl 60(%esp),%eax + xorl %edx,%ebp + movl %ebx,%esi + roll $5,%ebx + addl %ebp,%eax + rorl $7,%ecx + addl %ebx,%eax + movl 192(%esp),%ebp + addl (%ebp),%eax + addl 4(%ebp),%esi + addl 8(%ebp),%ecx + movl %eax,(%ebp) + addl 12(%ebp),%edx + movl %esi,4(%ebp) + addl 16(%ebp),%edi + movl %ecx,8(%ebp) + movl %ecx,%ebx + movl %edx,12(%ebp) + xorl %edx,%ebx + movl %edi,16(%ebp) + movl %esi,%ebp + pshufd $238,%xmm0,%xmm4 + andl %ebx,%esi + movl %ebp,%ebx + jmp L006loop +.align 4,0x90 +L007done: + addl 16(%esp),%ebx + xorl %edi,%esi + movl %ecx,%ebp + roll $5,%ecx + addl %esi,%ebx + xorl %edi,%ebp + rorl $7,%edx + addl %ecx,%ebx + addl 20(%esp),%eax + xorl %edx,%ebp + movl %ebx,%esi + roll $5,%ebx + addl %ebp,%eax + xorl %edx,%esi + rorl $7,%ecx + addl %ebx,%eax + addl 24(%esp),%edi + xorl %ecx,%esi + movl %eax,%ebp + roll $5,%eax + addl %esi,%edi + xorl %ecx,%ebp + rorl $7,%ebx + addl %eax,%edi + addl 28(%esp),%edx + xorl %ebx,%ebp + movl %edi,%esi + roll $5,%edi + addl %ebp,%edx + xorl %ebx,%esi + rorl $7,%eax + addl %edi,%edx + addl 32(%esp),%ecx + xorl %eax,%esi + movl %edx,%ebp + roll $5,%edx + addl %esi,%ecx + xorl %eax,%ebp + rorl $7,%edi + addl %edx,%ecx + addl 36(%esp),%ebx + xorl %edi,%ebp + movl %ecx,%esi + roll $5,%ecx + addl %ebp,%ebx + xorl %edi,%esi + rorl $7,%edx + addl %ecx,%ebx + addl 40(%esp),%eax + xorl %edx,%esi + movl %ebx,%ebp + roll $5,%ebx + addl %esi,%eax + xorl %edx,%ebp + rorl $7,%ecx + addl %ebx,%eax + addl 44(%esp),%edi + xorl %ecx,%ebp + movl %eax,%esi + roll $5,%eax + addl %ebp,%edi + xorl %ecx,%esi + rorl $7,%ebx + addl %eax,%edi + addl 48(%esp),%edx + xorl %ebx,%esi + movl %edi,%ebp + roll $5,%edi + addl %esi,%edx + xorl %ebx,%ebp + rorl $7,%eax + addl %edi,%edx + addl 52(%esp),%ecx + xorl %eax,%ebp + movl %edx,%esi + roll $5,%edx + addl %ebp,%ecx + xorl %eax,%esi + rorl $7,%edi + addl %edx,%ecx + addl 56(%esp),%ebx + xorl %edi,%esi + movl %ecx,%ebp + roll $5,%ecx + addl %esi,%ebx + xorl %edi,%ebp + rorl $7,%edx + addl %ecx,%ebx + addl 60(%esp),%eax + xorl %edx,%ebp + movl %ebx,%esi + roll $5,%ebx + addl %ebp,%eax + rorl $7,%ecx + addl %ebx,%eax + movl 192(%esp),%ebp + addl (%ebp),%eax + movl 204(%esp),%esp + addl 4(%ebp),%esi + addl 8(%ebp),%ecx + movl %eax,(%ebp) + addl 12(%ebp),%edx + movl %esi,4(%ebp) + addl 16(%ebp),%edi + movl %ecx,8(%ebp) + movl %edx,12(%ebp) + movl %edi,16(%ebp) + popl %edi + popl %esi + popl %ebx + popl %ebp + ret +.align 6,0x90 +LK_XX_XX: +.long 1518500249,1518500249,1518500249,1518500249 +.long 1859775393,1859775393,1859775393,1859775393 +.long 2400959708,2400959708,2400959708,2400959708 +.long 3395469782,3395469782,3395469782,3395469782 +.long 66051,67438087,134810123,202182159 +.byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 .byte 83,72,65,49,32,98,108,111,99,107,32,116,114,97,110,115 .byte 102,111,114,109,32,102,111,114,32,120,56,54,44,32,67,82 .byte 89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112 .byte 114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 +.section __IMPORT,__pointers,non_lazy_symbol_pointers +L_OPENSSL_ia32cap_P$non_lazy_ptr: +.indirect_symbol _OPENSSL_ia32cap_P +.long 0 #endif diff --git a/mac-x86/crypto/sha/sha256-586.S b/mac-x86/crypto/sha/sha256-586.S index d40db0d..f0ba612 100644 --- a/mac-x86/crypto/sha/sha256-586.S +++ b/mac-x86/crypto/sha/sha256-586.S @@ -26,6 +26,27 @@ L000pic_point: movl %edi,4(%esp) movl %eax,8(%esp) movl %ebx,12(%esp) + movl L_OPENSSL_ia32cap_P$non_lazy_ptr-L001K256(%ebp),%edx + movl (%edx),%ecx + movl 4(%edx),%ebx + testl $1048576,%ecx + jnz L002loop + movl 8(%edx),%edx + testl $16777216,%ecx + jz L003no_xmm + andl $1073741824,%ecx + andl $268435968,%ebx + testl $536870912,%edx + jnz L004shaext + orl %ebx,%ecx + andl $1342177280,%ecx + cmpl $1342177280,%ecx + testl $512,%ebx + jnz L005SSSE3 +L003no_xmm: + subl %edi,%eax + cmpl $256,%eax + jae L006unrolled jmp L002loop .align 4,0x90 L002loop: @@ -97,7 +118,7 @@ L002loop: movl %ecx,28(%esp) movl %edi,32(%esp) .align 4,0x90 -L00300_15: +L00700_15: movl %edx,%ecx movl 24(%esp),%esi rorl $14,%ecx @@ -135,11 +156,11 @@ L00300_15: addl $4,%ebp addl %ebx,%eax cmpl $3248222580,%esi - jne L00300_15 + jne L00700_15 movl 156(%esp),%ecx - jmp L00416_63 + jmp L00816_63 .align 4,0x90 -L00416_63: +L00816_63: movl %ecx,%ebx movl 104(%esp),%esi rorl $11,%ecx @@ -194,7 +215,7 @@ L00416_63: addl $4,%ebp addl %ebx,%eax cmpl $3329325298,%esi - jne L00416_63 + jne L00816_63 movl 356(%esp),%esi movl 8(%esp),%ebx movl 16(%esp),%ecx @@ -228,207 +249,6 @@ L00416_63: popl %ebx popl %ebp ret -.align 5,0x90 -L005loop_shrd: - movl (%edi),%eax - movl 4(%edi),%ebx - movl 8(%edi),%ecx - bswap %eax - movl 12(%edi),%edx - bswap %ebx - pushl %eax - bswap %ecx - pushl %ebx - bswap %edx - pushl %ecx - pushl %edx - movl 16(%edi),%eax - movl 20(%edi),%ebx - movl 24(%edi),%ecx - bswap %eax - movl 28(%edi),%edx - bswap %ebx - pushl %eax - bswap %ecx - pushl %ebx - bswap %edx - pushl %ecx - pushl %edx - movl 32(%edi),%eax - movl 36(%edi),%ebx - movl 40(%edi),%ecx - bswap %eax - movl 44(%edi),%edx - bswap %ebx - pushl %eax - bswap %ecx - pushl %ebx - bswap %edx - pushl %ecx - pushl %edx - movl 48(%edi),%eax - movl 52(%edi),%ebx - movl 56(%edi),%ecx - bswap %eax - movl 60(%edi),%edx - bswap %ebx - pushl %eax - bswap %ecx - pushl %ebx - bswap %edx - pushl %ecx - pushl %edx - addl $64,%edi - leal -36(%esp),%esp - movl %edi,104(%esp) - movl (%esi),%eax - movl 4(%esi),%ebx - movl 8(%esi),%ecx - movl 12(%esi),%edi - movl %ebx,8(%esp) - xorl %ecx,%ebx - movl %ecx,12(%esp) - movl %edi,16(%esp) - movl %ebx,(%esp) - movl 16(%esi),%edx - movl 20(%esi),%ebx - movl 24(%esi),%ecx - movl 28(%esi),%edi - movl %ebx,24(%esp) - movl %ecx,28(%esp) - movl %edi,32(%esp) -.align 4,0x90 -L00600_15_shrd: - movl %edx,%ecx - movl 24(%esp),%esi - shrdl $14,%ecx,%ecx - movl 28(%esp),%edi - xorl %edx,%ecx - xorl %edi,%esi - movl 96(%esp),%ebx - shrdl $5,%ecx,%ecx - andl %edx,%esi - movl %edx,20(%esp) - xorl %ecx,%edx - addl 32(%esp),%ebx - xorl %edi,%esi - shrdl $6,%edx,%edx - movl %eax,%ecx - addl %esi,%ebx - shrdl $9,%ecx,%ecx - addl %edx,%ebx - movl 8(%esp),%edi - xorl %eax,%ecx - movl %eax,4(%esp) - leal -4(%esp),%esp - shrdl $11,%ecx,%ecx - movl (%ebp),%esi - xorl %eax,%ecx - movl 20(%esp),%edx - xorl %edi,%eax - shrdl $2,%ecx,%ecx - addl %esi,%ebx - movl %eax,(%esp) - addl %ebx,%edx - andl 4(%esp),%eax - addl %ecx,%ebx - xorl %edi,%eax - addl $4,%ebp - addl %ebx,%eax - cmpl $3248222580,%esi - jne L00600_15_shrd - movl 156(%esp),%ecx - jmp L00716_63_shrd -.align 4,0x90 -L00716_63_shrd: - movl %ecx,%ebx - movl 104(%esp),%esi - shrdl $11,%ecx,%ecx - movl %esi,%edi - shrdl $2,%esi,%esi - xorl %ebx,%ecx - shrl $3,%ebx - shrdl $7,%ecx,%ecx - xorl %edi,%esi - xorl %ecx,%ebx - shrdl $17,%esi,%esi - addl 160(%esp),%ebx - shrl $10,%edi - addl 124(%esp),%ebx - movl %edx,%ecx - xorl %esi,%edi - movl 24(%esp),%esi - shrdl $14,%ecx,%ecx - addl %edi,%ebx - movl 28(%esp),%edi - xorl %edx,%ecx - xorl %edi,%esi - movl %ebx,96(%esp) - shrdl $5,%ecx,%ecx - andl %edx,%esi - movl %edx,20(%esp) - xorl %ecx,%edx - addl 32(%esp),%ebx - xorl %edi,%esi - shrdl $6,%edx,%edx - movl %eax,%ecx - addl %esi,%ebx - shrdl $9,%ecx,%ecx - addl %edx,%ebx - movl 8(%esp),%edi - xorl %eax,%ecx - movl %eax,4(%esp) - leal -4(%esp),%esp - shrdl $11,%ecx,%ecx - movl (%ebp),%esi - xorl %eax,%ecx - movl 20(%esp),%edx - xorl %edi,%eax - shrdl $2,%ecx,%ecx - addl %esi,%ebx - movl %eax,(%esp) - addl %ebx,%edx - andl 4(%esp),%eax - addl %ecx,%ebx - xorl %edi,%eax - movl 156(%esp),%ecx - addl $4,%ebp - addl %ebx,%eax - cmpl $3329325298,%esi - jne L00716_63_shrd - movl 356(%esp),%esi - movl 8(%esp),%ebx - movl 16(%esp),%ecx - addl (%esi),%eax - addl 4(%esi),%ebx - addl 8(%esi),%edi - addl 12(%esi),%ecx - movl %eax,(%esi) - movl %ebx,4(%esi) - movl %edi,8(%esi) - movl %ecx,12(%esi) - movl 24(%esp),%eax - movl 28(%esp),%ebx - movl 32(%esp),%ecx - movl 360(%esp),%edi - addl 16(%esi),%edx - addl 20(%esi),%eax - addl 24(%esi),%ebx - addl 28(%esi),%ecx - movl %edx,16(%esi) - movl %eax,20(%esi) - movl %ebx,24(%esi) - movl %ecx,28(%esi) - leal 356(%esp),%esp - subl $256,%ebp - cmpl 8(%esp),%edi - jb L005loop_shrd - movl 12(%esp),%esp - popl %edi - popl %esi - popl %ebx - popl %ebp - ret .align 6,0x90 L001K256: .long 1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298 @@ -439,7 +259,7 @@ L001K256: .byte 112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103 .byte 62,0 .align 4,0x90 -L008unrolled: +L006unrolled: leal -96(%esp),%esp movl (%esi),%eax movl 4(%esi),%ebp @@ -3345,4 +3165,1417 @@ L009grand_loop: popl %ebx popl %ebp ret +.align 5,0x90 +L004shaext: + subl $32,%esp + movdqu (%esi),%xmm1 + leal 128(%ebp),%ebp + movdqu 16(%esi),%xmm2 + movdqa 128(%ebp),%xmm7 + pshufd $27,%xmm1,%xmm0 + pshufd $177,%xmm1,%xmm1 + pshufd $27,%xmm2,%xmm2 +.byte 102,15,58,15,202,8 + punpcklqdq %xmm0,%xmm2 + jmp L010loop_shaext +.align 4,0x90 +L010loop_shaext: + movdqu (%edi),%xmm3 + movdqu 16(%edi),%xmm4 + movdqu 32(%edi),%xmm5 +.byte 102,15,56,0,223 + movdqu 48(%edi),%xmm6 + movdqa %xmm2,16(%esp) + movdqa -128(%ebp),%xmm0 + paddd %xmm3,%xmm0 +.byte 102,15,56,0,231 +.byte 15,56,203,209 + pshufd $14,%xmm0,%xmm0 + nop + movdqa %xmm1,(%esp) +.byte 15,56,203,202 + movdqa -112(%ebp),%xmm0 + paddd %xmm4,%xmm0 +.byte 102,15,56,0,239 +.byte 15,56,203,209 + pshufd $14,%xmm0,%xmm0 + leal 64(%edi),%edi +.byte 15,56,204,220 +.byte 15,56,203,202 + movdqa -96(%ebp),%xmm0 + paddd %xmm5,%xmm0 +.byte 102,15,56,0,247 +.byte 15,56,203,209 + pshufd $14,%xmm0,%xmm0 + movdqa %xmm6,%xmm7 +.byte 102,15,58,15,253,4 + nop + paddd %xmm7,%xmm3 +.byte 15,56,204,229 +.byte 15,56,203,202 + movdqa -80(%ebp),%xmm0 + paddd %xmm6,%xmm0 +.byte 15,56,205,222 +.byte 15,56,203,209 + pshufd $14,%xmm0,%xmm0 + movdqa %xmm3,%xmm7 +.byte 102,15,58,15,254,4 + nop + paddd %xmm7,%xmm4 +.byte 15,56,204,238 +.byte 15,56,203,202 + movdqa -64(%ebp),%xmm0 + paddd %xmm3,%xmm0 +.byte 15,56,205,227 +.byte 15,56,203,209 + pshufd $14,%xmm0,%xmm0 + movdqa %xmm4,%xmm7 +.byte 102,15,58,15,251,4 + nop + paddd %xmm7,%xmm5 +.byte 15,56,204,243 +.byte 15,56,203,202 + movdqa -48(%ebp),%xmm0 + paddd %xmm4,%xmm0 +.byte 15,56,205,236 +.byte 15,56,203,209 + pshufd $14,%xmm0,%xmm0 + movdqa %xmm5,%xmm7 +.byte 102,15,58,15,252,4 + nop + paddd %xmm7,%xmm6 +.byte 15,56,204,220 +.byte 15,56,203,202 + movdqa -32(%ebp),%xmm0 + paddd %xmm5,%xmm0 +.byte 15,56,205,245 +.byte 15,56,203,209 + pshufd $14,%xmm0,%xmm0 + movdqa %xmm6,%xmm7 +.byte 102,15,58,15,253,4 + nop + paddd %xmm7,%xmm3 +.byte 15,56,204,229 +.byte 15,56,203,202 + movdqa -16(%ebp),%xmm0 + paddd %xmm6,%xmm0 +.byte 15,56,205,222 +.byte 15,56,203,209 + pshufd $14,%xmm0,%xmm0 + movdqa %xmm3,%xmm7 +.byte 102,15,58,15,254,4 + nop + paddd %xmm7,%xmm4 +.byte 15,56,204,238 +.byte 15,56,203,202 + movdqa (%ebp),%xmm0 + paddd %xmm3,%xmm0 +.byte 15,56,205,227 +.byte 15,56,203,209 + pshufd $14,%xmm0,%xmm0 + movdqa %xmm4,%xmm7 +.byte 102,15,58,15,251,4 + nop + paddd %xmm7,%xmm5 +.byte 15,56,204,243 +.byte 15,56,203,202 + movdqa 16(%ebp),%xmm0 + paddd %xmm4,%xmm0 +.byte 15,56,205,236 +.byte 15,56,203,209 + pshufd $14,%xmm0,%xmm0 + movdqa %xmm5,%xmm7 +.byte 102,15,58,15,252,4 + nop + paddd %xmm7,%xmm6 +.byte 15,56,204,220 +.byte 15,56,203,202 + movdqa 32(%ebp),%xmm0 + paddd %xmm5,%xmm0 +.byte 15,56,205,245 +.byte 15,56,203,209 + pshufd $14,%xmm0,%xmm0 + movdqa %xmm6,%xmm7 +.byte 102,15,58,15,253,4 + nop + paddd %xmm7,%xmm3 +.byte 15,56,204,229 +.byte 15,56,203,202 + movdqa 48(%ebp),%xmm0 + paddd %xmm6,%xmm0 +.byte 15,56,205,222 +.byte 15,56,203,209 + pshufd $14,%xmm0,%xmm0 + movdqa %xmm3,%xmm7 +.byte 102,15,58,15,254,4 + nop + paddd %xmm7,%xmm4 +.byte 15,56,204,238 +.byte 15,56,203,202 + movdqa 64(%ebp),%xmm0 + paddd %xmm3,%xmm0 +.byte 15,56,205,227 +.byte 15,56,203,209 + pshufd $14,%xmm0,%xmm0 + movdqa %xmm4,%xmm7 +.byte 102,15,58,15,251,4 + nop + paddd %xmm7,%xmm5 +.byte 15,56,204,243 +.byte 15,56,203,202 + movdqa 80(%ebp),%xmm0 + paddd %xmm4,%xmm0 +.byte 15,56,205,236 +.byte 15,56,203,209 + pshufd $14,%xmm0,%xmm0 + movdqa %xmm5,%xmm7 +.byte 102,15,58,15,252,4 +.byte 15,56,203,202 + paddd %xmm7,%xmm6 + movdqa 96(%ebp),%xmm0 + paddd %xmm5,%xmm0 +.byte 15,56,203,209 + pshufd $14,%xmm0,%xmm0 +.byte 15,56,205,245 + movdqa 128(%ebp),%xmm7 +.byte 15,56,203,202 + movdqa 112(%ebp),%xmm0 + paddd %xmm6,%xmm0 + nop +.byte 15,56,203,209 + pshufd $14,%xmm0,%xmm0 + cmpl %edi,%eax + nop +.byte 15,56,203,202 + paddd 16(%esp),%xmm2 + paddd (%esp),%xmm1 + jnz L010loop_shaext + pshufd $177,%xmm2,%xmm2 + pshufd $27,%xmm1,%xmm7 + pshufd $177,%xmm1,%xmm1 + punpckhqdq %xmm2,%xmm1 +.byte 102,15,58,15,215,8 + movl 44(%esp),%esp + movdqu %xmm1,(%esi) + movdqu %xmm2,16(%esi) + popl %edi + popl %esi + popl %ebx + popl %ebp + ret +.align 5,0x90 +L005SSSE3: + leal -96(%esp),%esp + movl (%esi),%eax + movl 4(%esi),%ebx + movl 8(%esi),%ecx + movl 12(%esi),%edi + movl %ebx,4(%esp) + xorl %ecx,%ebx + movl %ecx,8(%esp) + movl %edi,12(%esp) + movl 16(%esi),%edx + movl 20(%esi),%edi + movl 24(%esi),%ecx + movl 28(%esi),%esi + movl %edi,20(%esp) + movl 100(%esp),%edi + movl %ecx,24(%esp) + movl %esi,28(%esp) + movdqa 256(%ebp),%xmm7 + jmp L011grand_ssse3 +.align 4,0x90 +L011grand_ssse3: + movdqu (%edi),%xmm0 + movdqu 16(%edi),%xmm1 + movdqu 32(%edi),%xmm2 + movdqu 48(%edi),%xmm3 + addl $64,%edi +.byte 102,15,56,0,199 + movl %edi,100(%esp) +.byte 102,15,56,0,207 + movdqa (%ebp),%xmm4 +.byte 102,15,56,0,215 + movdqa 16(%ebp),%xmm5 + paddd %xmm0,%xmm4 +.byte 102,15,56,0,223 + movdqa 32(%ebp),%xmm6 + paddd %xmm1,%xmm5 + movdqa 48(%ebp),%xmm7 + movdqa %xmm4,32(%esp) + paddd %xmm2,%xmm6 + movdqa %xmm5,48(%esp) + paddd %xmm3,%xmm7 + movdqa %xmm6,64(%esp) + movdqa %xmm7,80(%esp) + jmp L012ssse3_00_47 +.align 4,0x90 +L012ssse3_00_47: + addl $64,%ebp + movl %edx,%ecx + movdqa %xmm1,%xmm4 + rorl $14,%edx + movl 20(%esp),%esi + movdqa %xmm3,%xmm7 + xorl %ecx,%edx + movl 24(%esp),%edi +.byte 102,15,58,15,224,4 + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi +.byte 102,15,58,15,250,4 + movl %ecx,16(%esp) + xorl %ecx,%edx + xorl %esi,%edi + movdqa %xmm4,%xmm5 + rorl $6,%edx + movl %eax,%ecx + movdqa %xmm4,%xmm6 + addl %edi,%edx + movl 4(%esp),%edi + psrld $3,%xmm4 + movl %eax,%esi + rorl $9,%ecx + paddd %xmm7,%xmm0 + movl %eax,(%esp) + xorl %eax,%ecx + psrld $7,%xmm6 + xorl %edi,%eax + addl 28(%esp),%edx + rorl $11,%ecx + andl %eax,%ebx + pshufd $250,%xmm3,%xmm7 + xorl %esi,%ecx + addl 32(%esp),%edx + pslld $14,%xmm5 + xorl %edi,%ebx + rorl $2,%ecx + pxor %xmm6,%xmm4 + addl %edx,%ebx + addl 12(%esp),%edx + psrld $11,%xmm6 + addl %ecx,%ebx + movl %edx,%ecx + rorl $14,%edx + pxor %xmm5,%xmm4 + movl 16(%esp),%esi + xorl %ecx,%edx + pslld $11,%xmm5 + movl 20(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + pxor %xmm6,%xmm4 + andl %ecx,%esi + movl %ecx,12(%esp) + movdqa %xmm7,%xmm6 + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + pxor %xmm5,%xmm4 + movl %ebx,%ecx + addl %edi,%edx + psrld $10,%xmm7 + movl (%esp),%edi + movl %ebx,%esi + rorl $9,%ecx + paddd %xmm4,%xmm0 + movl %ebx,28(%esp) + xorl %ebx,%ecx + psrlq $17,%xmm6 + xorl %edi,%ebx + addl 24(%esp),%edx + rorl $11,%ecx + pxor %xmm6,%xmm7 + andl %ebx,%eax + xorl %esi,%ecx + psrlq $2,%xmm6 + addl 36(%esp),%edx + xorl %edi,%eax + rorl $2,%ecx + pxor %xmm6,%xmm7 + addl %edx,%eax + addl 8(%esp),%edx + pshufd $128,%xmm7,%xmm7 + addl %ecx,%eax + movl %edx,%ecx + rorl $14,%edx + movl 12(%esp),%esi + xorl %ecx,%edx + movl 16(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + psrldq $8,%xmm7 + movl %ecx,8(%esp) + xorl %ecx,%edx + xorl %esi,%edi + paddd %xmm7,%xmm0 + rorl $6,%edx + movl %eax,%ecx + addl %edi,%edx + movl 28(%esp),%edi + movl %eax,%esi + rorl $9,%ecx + movl %eax,24(%esp) + pshufd $80,%xmm0,%xmm7 + xorl %eax,%ecx + xorl %edi,%eax + addl 20(%esp),%edx + movdqa %xmm7,%xmm6 + rorl $11,%ecx + psrld $10,%xmm7 + andl %eax,%ebx + psrlq $17,%xmm6 + xorl %esi,%ecx + addl 40(%esp),%edx + xorl %edi,%ebx + rorl $2,%ecx + pxor %xmm6,%xmm7 + addl %edx,%ebx + addl 4(%esp),%edx + psrlq $2,%xmm6 + addl %ecx,%ebx + movl %edx,%ecx + rorl $14,%edx + pxor %xmm6,%xmm7 + movl 8(%esp),%esi + xorl %ecx,%edx + movl 12(%esp),%edi + pshufd $8,%xmm7,%xmm7 + xorl %edi,%esi + rorl $5,%edx + movdqa (%ebp),%xmm6 + andl %ecx,%esi + movl %ecx,4(%esp) + pslldq $8,%xmm7 + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %ebx,%ecx + addl %edi,%edx + movl 24(%esp),%edi + movl %ebx,%esi + rorl $9,%ecx + paddd %xmm7,%xmm0 + movl %ebx,20(%esp) + xorl %ebx,%ecx + xorl %edi,%ebx + addl 16(%esp),%edx + paddd %xmm0,%xmm6 + rorl $11,%ecx + andl %ebx,%eax + xorl %esi,%ecx + addl 44(%esp),%edx + xorl %edi,%eax + rorl $2,%ecx + addl %edx,%eax + addl (%esp),%edx + addl %ecx,%eax + movdqa %xmm6,32(%esp) + movl %edx,%ecx + movdqa %xmm2,%xmm4 + rorl $14,%edx + movl 4(%esp),%esi + movdqa %xmm0,%xmm7 + xorl %ecx,%edx + movl 8(%esp),%edi +.byte 102,15,58,15,225,4 + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi +.byte 102,15,58,15,251,4 + movl %ecx,(%esp) + xorl %ecx,%edx + xorl %esi,%edi + movdqa %xmm4,%xmm5 + rorl $6,%edx + movl %eax,%ecx + movdqa %xmm4,%xmm6 + addl %edi,%edx + movl 20(%esp),%edi + psrld $3,%xmm4 + movl %eax,%esi + rorl $9,%ecx + paddd %xmm7,%xmm1 + movl %eax,16(%esp) + xorl %eax,%ecx + psrld $7,%xmm6 + xorl %edi,%eax + addl 12(%esp),%edx + rorl $11,%ecx + andl %eax,%ebx + pshufd $250,%xmm0,%xmm7 + xorl %esi,%ecx + addl 48(%esp),%edx + pslld $14,%xmm5 + xorl %edi,%ebx + rorl $2,%ecx + pxor %xmm6,%xmm4 + addl %edx,%ebx + addl 28(%esp),%edx + psrld $11,%xmm6 + addl %ecx,%ebx + movl %edx,%ecx + rorl $14,%edx + pxor %xmm5,%xmm4 + movl (%esp),%esi + xorl %ecx,%edx + pslld $11,%xmm5 + movl 4(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + pxor %xmm6,%xmm4 + andl %ecx,%esi + movl %ecx,28(%esp) + movdqa %xmm7,%xmm6 + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + pxor %xmm5,%xmm4 + movl %ebx,%ecx + addl %edi,%edx + psrld $10,%xmm7 + movl 16(%esp),%edi + movl %ebx,%esi + rorl $9,%ecx + paddd %xmm4,%xmm1 + movl %ebx,12(%esp) + xorl %ebx,%ecx + psrlq $17,%xmm6 + xorl %edi,%ebx + addl 8(%esp),%edx + rorl $11,%ecx + pxor %xmm6,%xmm7 + andl %ebx,%eax + xorl %esi,%ecx + psrlq $2,%xmm6 + addl 52(%esp),%edx + xorl %edi,%eax + rorl $2,%ecx + pxor %xmm6,%xmm7 + addl %edx,%eax + addl 24(%esp),%edx + pshufd $128,%xmm7,%xmm7 + addl %ecx,%eax + movl %edx,%ecx + rorl $14,%edx + movl 28(%esp),%esi + xorl %ecx,%edx + movl (%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + psrldq $8,%xmm7 + movl %ecx,24(%esp) + xorl %ecx,%edx + xorl %esi,%edi + paddd %xmm7,%xmm1 + rorl $6,%edx + movl %eax,%ecx + addl %edi,%edx + movl 12(%esp),%edi + movl %eax,%esi + rorl $9,%ecx + movl %eax,8(%esp) + pshufd $80,%xmm1,%xmm7 + xorl %eax,%ecx + xorl %edi,%eax + addl 4(%esp),%edx + movdqa %xmm7,%xmm6 + rorl $11,%ecx + psrld $10,%xmm7 + andl %eax,%ebx + psrlq $17,%xmm6 + xorl %esi,%ecx + addl 56(%esp),%edx + xorl %edi,%ebx + rorl $2,%ecx + pxor %xmm6,%xmm7 + addl %edx,%ebx + addl 20(%esp),%edx + psrlq $2,%xmm6 + addl %ecx,%ebx + movl %edx,%ecx + rorl $14,%edx + pxor %xmm6,%xmm7 + movl 24(%esp),%esi + xorl %ecx,%edx + movl 28(%esp),%edi + pshufd $8,%xmm7,%xmm7 + xorl %edi,%esi + rorl $5,%edx + movdqa 16(%ebp),%xmm6 + andl %ecx,%esi + movl %ecx,20(%esp) + pslldq $8,%xmm7 + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %ebx,%ecx + addl %edi,%edx + movl 8(%esp),%edi + movl %ebx,%esi + rorl $9,%ecx + paddd %xmm7,%xmm1 + movl %ebx,4(%esp) + xorl %ebx,%ecx + xorl %edi,%ebx + addl (%esp),%edx + paddd %xmm1,%xmm6 + rorl $11,%ecx + andl %ebx,%eax + xorl %esi,%ecx + addl 60(%esp),%edx + xorl %edi,%eax + rorl $2,%ecx + addl %edx,%eax + addl 16(%esp),%edx + addl %ecx,%eax + movdqa %xmm6,48(%esp) + movl %edx,%ecx + movdqa %xmm3,%xmm4 + rorl $14,%edx + movl 20(%esp),%esi + movdqa %xmm1,%xmm7 + xorl %ecx,%edx + movl 24(%esp),%edi +.byte 102,15,58,15,226,4 + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi +.byte 102,15,58,15,248,4 + movl %ecx,16(%esp) + xorl %ecx,%edx + xorl %esi,%edi + movdqa %xmm4,%xmm5 + rorl $6,%edx + movl %eax,%ecx + movdqa %xmm4,%xmm6 + addl %edi,%edx + movl 4(%esp),%edi + psrld $3,%xmm4 + movl %eax,%esi + rorl $9,%ecx + paddd %xmm7,%xmm2 + movl %eax,(%esp) + xorl %eax,%ecx + psrld $7,%xmm6 + xorl %edi,%eax + addl 28(%esp),%edx + rorl $11,%ecx + andl %eax,%ebx + pshufd $250,%xmm1,%xmm7 + xorl %esi,%ecx + addl 64(%esp),%edx + pslld $14,%xmm5 + xorl %edi,%ebx + rorl $2,%ecx + pxor %xmm6,%xmm4 + addl %edx,%ebx + addl 12(%esp),%edx + psrld $11,%xmm6 + addl %ecx,%ebx + movl %edx,%ecx + rorl $14,%edx + pxor %xmm5,%xmm4 + movl 16(%esp),%esi + xorl %ecx,%edx + pslld $11,%xmm5 + movl 20(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + pxor %xmm6,%xmm4 + andl %ecx,%esi + movl %ecx,12(%esp) + movdqa %xmm7,%xmm6 + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + pxor %xmm5,%xmm4 + movl %ebx,%ecx + addl %edi,%edx + psrld $10,%xmm7 + movl (%esp),%edi + movl %ebx,%esi + rorl $9,%ecx + paddd %xmm4,%xmm2 + movl %ebx,28(%esp) + xorl %ebx,%ecx + psrlq $17,%xmm6 + xorl %edi,%ebx + addl 24(%esp),%edx + rorl $11,%ecx + pxor %xmm6,%xmm7 + andl %ebx,%eax + xorl %esi,%ecx + psrlq $2,%xmm6 + addl 68(%esp),%edx + xorl %edi,%eax + rorl $2,%ecx + pxor %xmm6,%xmm7 + addl %edx,%eax + addl 8(%esp),%edx + pshufd $128,%xmm7,%xmm7 + addl %ecx,%eax + movl %edx,%ecx + rorl $14,%edx + movl 12(%esp),%esi + xorl %ecx,%edx + movl 16(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + psrldq $8,%xmm7 + movl %ecx,8(%esp) + xorl %ecx,%edx + xorl %esi,%edi + paddd %xmm7,%xmm2 + rorl $6,%edx + movl %eax,%ecx + addl %edi,%edx + movl 28(%esp),%edi + movl %eax,%esi + rorl $9,%ecx + movl %eax,24(%esp) + pshufd $80,%xmm2,%xmm7 + xorl %eax,%ecx + xorl %edi,%eax + addl 20(%esp),%edx + movdqa %xmm7,%xmm6 + rorl $11,%ecx + psrld $10,%xmm7 + andl %eax,%ebx + psrlq $17,%xmm6 + xorl %esi,%ecx + addl 72(%esp),%edx + xorl %edi,%ebx + rorl $2,%ecx + pxor %xmm6,%xmm7 + addl %edx,%ebx + addl 4(%esp),%edx + psrlq $2,%xmm6 + addl %ecx,%ebx + movl %edx,%ecx + rorl $14,%edx + pxor %xmm6,%xmm7 + movl 8(%esp),%esi + xorl %ecx,%edx + movl 12(%esp),%edi + pshufd $8,%xmm7,%xmm7 + xorl %edi,%esi + rorl $5,%edx + movdqa 32(%ebp),%xmm6 + andl %ecx,%esi + movl %ecx,4(%esp) + pslldq $8,%xmm7 + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %ebx,%ecx + addl %edi,%edx + movl 24(%esp),%edi + movl %ebx,%esi + rorl $9,%ecx + paddd %xmm7,%xmm2 + movl %ebx,20(%esp) + xorl %ebx,%ecx + xorl %edi,%ebx + addl 16(%esp),%edx + paddd %xmm2,%xmm6 + rorl $11,%ecx + andl %ebx,%eax + xorl %esi,%ecx + addl 76(%esp),%edx + xorl %edi,%eax + rorl $2,%ecx + addl %edx,%eax + addl (%esp),%edx + addl %ecx,%eax + movdqa %xmm6,64(%esp) + movl %edx,%ecx + movdqa %xmm0,%xmm4 + rorl $14,%edx + movl 4(%esp),%esi + movdqa %xmm2,%xmm7 + xorl %ecx,%edx + movl 8(%esp),%edi +.byte 102,15,58,15,227,4 + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi +.byte 102,15,58,15,249,4 + movl %ecx,(%esp) + xorl %ecx,%edx + xorl %esi,%edi + movdqa %xmm4,%xmm5 + rorl $6,%edx + movl %eax,%ecx + movdqa %xmm4,%xmm6 + addl %edi,%edx + movl 20(%esp),%edi + psrld $3,%xmm4 + movl %eax,%esi + rorl $9,%ecx + paddd %xmm7,%xmm3 + movl %eax,16(%esp) + xorl %eax,%ecx + psrld $7,%xmm6 + xorl %edi,%eax + addl 12(%esp),%edx + rorl $11,%ecx + andl %eax,%ebx + pshufd $250,%xmm2,%xmm7 + xorl %esi,%ecx + addl 80(%esp),%edx + pslld $14,%xmm5 + xorl %edi,%ebx + rorl $2,%ecx + pxor %xmm6,%xmm4 + addl %edx,%ebx + addl 28(%esp),%edx + psrld $11,%xmm6 + addl %ecx,%ebx + movl %edx,%ecx + rorl $14,%edx + pxor %xmm5,%xmm4 + movl (%esp),%esi + xorl %ecx,%edx + pslld $11,%xmm5 + movl 4(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + pxor %xmm6,%xmm4 + andl %ecx,%esi + movl %ecx,28(%esp) + movdqa %xmm7,%xmm6 + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + pxor %xmm5,%xmm4 + movl %ebx,%ecx + addl %edi,%edx + psrld $10,%xmm7 + movl 16(%esp),%edi + movl %ebx,%esi + rorl $9,%ecx + paddd %xmm4,%xmm3 + movl %ebx,12(%esp) + xorl %ebx,%ecx + psrlq $17,%xmm6 + xorl %edi,%ebx + addl 8(%esp),%edx + rorl $11,%ecx + pxor %xmm6,%xmm7 + andl %ebx,%eax + xorl %esi,%ecx + psrlq $2,%xmm6 + addl 84(%esp),%edx + xorl %edi,%eax + rorl $2,%ecx + pxor %xmm6,%xmm7 + addl %edx,%eax + addl 24(%esp),%edx + pshufd $128,%xmm7,%xmm7 + addl %ecx,%eax + movl %edx,%ecx + rorl $14,%edx + movl 28(%esp),%esi + xorl %ecx,%edx + movl (%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + psrldq $8,%xmm7 + movl %ecx,24(%esp) + xorl %ecx,%edx + xorl %esi,%edi + paddd %xmm7,%xmm3 + rorl $6,%edx + movl %eax,%ecx + addl %edi,%edx + movl 12(%esp),%edi + movl %eax,%esi + rorl $9,%ecx + movl %eax,8(%esp) + pshufd $80,%xmm3,%xmm7 + xorl %eax,%ecx + xorl %edi,%eax + addl 4(%esp),%edx + movdqa %xmm7,%xmm6 + rorl $11,%ecx + psrld $10,%xmm7 + andl %eax,%ebx + psrlq $17,%xmm6 + xorl %esi,%ecx + addl 88(%esp),%edx + xorl %edi,%ebx + rorl $2,%ecx + pxor %xmm6,%xmm7 + addl %edx,%ebx + addl 20(%esp),%edx + psrlq $2,%xmm6 + addl %ecx,%ebx + movl %edx,%ecx + rorl $14,%edx + pxor %xmm6,%xmm7 + movl 24(%esp),%esi + xorl %ecx,%edx + movl 28(%esp),%edi + pshufd $8,%xmm7,%xmm7 + xorl %edi,%esi + rorl $5,%edx + movdqa 48(%ebp),%xmm6 + andl %ecx,%esi + movl %ecx,20(%esp) + pslldq $8,%xmm7 + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %ebx,%ecx + addl %edi,%edx + movl 8(%esp),%edi + movl %ebx,%esi + rorl $9,%ecx + paddd %xmm7,%xmm3 + movl %ebx,4(%esp) + xorl %ebx,%ecx + xorl %edi,%ebx + addl (%esp),%edx + paddd %xmm3,%xmm6 + rorl $11,%ecx + andl %ebx,%eax + xorl %esi,%ecx + addl 92(%esp),%edx + xorl %edi,%eax + rorl $2,%ecx + addl %edx,%eax + addl 16(%esp),%edx + addl %ecx,%eax + movdqa %xmm6,80(%esp) + cmpl $66051,64(%ebp) + jne L012ssse3_00_47 + movl %edx,%ecx + rorl $14,%edx + movl 20(%esp),%esi + xorl %ecx,%edx + movl 24(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + movl %ecx,16(%esp) + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %eax,%ecx + addl %edi,%edx + movl 4(%esp),%edi + movl %eax,%esi + rorl $9,%ecx + movl %eax,(%esp) + xorl %eax,%ecx + xorl %edi,%eax + addl 28(%esp),%edx + rorl $11,%ecx + andl %eax,%ebx + xorl %esi,%ecx + addl 32(%esp),%edx + xorl %edi,%ebx + rorl $2,%ecx + addl %edx,%ebx + addl 12(%esp),%edx + addl %ecx,%ebx + movl %edx,%ecx + rorl $14,%edx + movl 16(%esp),%esi + xorl %ecx,%edx + movl 20(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + movl %ecx,12(%esp) + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %ebx,%ecx + addl %edi,%edx + movl (%esp),%edi + movl %ebx,%esi + rorl $9,%ecx + movl %ebx,28(%esp) + xorl %ebx,%ecx + xorl %edi,%ebx + addl 24(%esp),%edx + rorl $11,%ecx + andl %ebx,%eax + xorl %esi,%ecx + addl 36(%esp),%edx + xorl %edi,%eax + rorl $2,%ecx + addl %edx,%eax + addl 8(%esp),%edx + addl %ecx,%eax + movl %edx,%ecx + rorl $14,%edx + movl 12(%esp),%esi + xorl %ecx,%edx + movl 16(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + movl %ecx,8(%esp) + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %eax,%ecx + addl %edi,%edx + movl 28(%esp),%edi + movl %eax,%esi + rorl $9,%ecx + movl %eax,24(%esp) + xorl %eax,%ecx + xorl %edi,%eax + addl 20(%esp),%edx + rorl $11,%ecx + andl %eax,%ebx + xorl %esi,%ecx + addl 40(%esp),%edx + xorl %edi,%ebx + rorl $2,%ecx + addl %edx,%ebx + addl 4(%esp),%edx + addl %ecx,%ebx + movl %edx,%ecx + rorl $14,%edx + movl 8(%esp),%esi + xorl %ecx,%edx + movl 12(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + movl %ecx,4(%esp) + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %ebx,%ecx + addl %edi,%edx + movl 24(%esp),%edi + movl %ebx,%esi + rorl $9,%ecx + movl %ebx,20(%esp) + xorl %ebx,%ecx + xorl %edi,%ebx + addl 16(%esp),%edx + rorl $11,%ecx + andl %ebx,%eax + xorl %esi,%ecx + addl 44(%esp),%edx + xorl %edi,%eax + rorl $2,%ecx + addl %edx,%eax + addl (%esp),%edx + addl %ecx,%eax + movl %edx,%ecx + rorl $14,%edx + movl 4(%esp),%esi + xorl %ecx,%edx + movl 8(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + movl %ecx,(%esp) + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %eax,%ecx + addl %edi,%edx + movl 20(%esp),%edi + movl %eax,%esi + rorl $9,%ecx + movl %eax,16(%esp) + xorl %eax,%ecx + xorl %edi,%eax + addl 12(%esp),%edx + rorl $11,%ecx + andl %eax,%ebx + xorl %esi,%ecx + addl 48(%esp),%edx + xorl %edi,%ebx + rorl $2,%ecx + addl %edx,%ebx + addl 28(%esp),%edx + addl %ecx,%ebx + movl %edx,%ecx + rorl $14,%edx + movl (%esp),%esi + xorl %ecx,%edx + movl 4(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + movl %ecx,28(%esp) + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %ebx,%ecx + addl %edi,%edx + movl 16(%esp),%edi + movl %ebx,%esi + rorl $9,%ecx + movl %ebx,12(%esp) + xorl %ebx,%ecx + xorl %edi,%ebx + addl 8(%esp),%edx + rorl $11,%ecx + andl %ebx,%eax + xorl %esi,%ecx + addl 52(%esp),%edx + xorl %edi,%eax + rorl $2,%ecx + addl %edx,%eax + addl 24(%esp),%edx + addl %ecx,%eax + movl %edx,%ecx + rorl $14,%edx + movl 28(%esp),%esi + xorl %ecx,%edx + movl (%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + movl %ecx,24(%esp) + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %eax,%ecx + addl %edi,%edx + movl 12(%esp),%edi + movl %eax,%esi + rorl $9,%ecx + movl %eax,8(%esp) + xorl %eax,%ecx + xorl %edi,%eax + addl 4(%esp),%edx + rorl $11,%ecx + andl %eax,%ebx + xorl %esi,%ecx + addl 56(%esp),%edx + xorl %edi,%ebx + rorl $2,%ecx + addl %edx,%ebx + addl 20(%esp),%edx + addl %ecx,%ebx + movl %edx,%ecx + rorl $14,%edx + movl 24(%esp),%esi + xorl %ecx,%edx + movl 28(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + movl %ecx,20(%esp) + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %ebx,%ecx + addl %edi,%edx + movl 8(%esp),%edi + movl %ebx,%esi + rorl $9,%ecx + movl %ebx,4(%esp) + xorl %ebx,%ecx + xorl %edi,%ebx + addl (%esp),%edx + rorl $11,%ecx + andl %ebx,%eax + xorl %esi,%ecx + addl 60(%esp),%edx + xorl %edi,%eax + rorl $2,%ecx + addl %edx,%eax + addl 16(%esp),%edx + addl %ecx,%eax + movl %edx,%ecx + rorl $14,%edx + movl 20(%esp),%esi + xorl %ecx,%edx + movl 24(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + movl %ecx,16(%esp) + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %eax,%ecx + addl %edi,%edx + movl 4(%esp),%edi + movl %eax,%esi + rorl $9,%ecx + movl %eax,(%esp) + xorl %eax,%ecx + xorl %edi,%eax + addl 28(%esp),%edx + rorl $11,%ecx + andl %eax,%ebx + xorl %esi,%ecx + addl 64(%esp),%edx + xorl %edi,%ebx + rorl $2,%ecx + addl %edx,%ebx + addl 12(%esp),%edx + addl %ecx,%ebx + movl %edx,%ecx + rorl $14,%edx + movl 16(%esp),%esi + xorl %ecx,%edx + movl 20(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + movl %ecx,12(%esp) + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %ebx,%ecx + addl %edi,%edx + movl (%esp),%edi + movl %ebx,%esi + rorl $9,%ecx + movl %ebx,28(%esp) + xorl %ebx,%ecx + xorl %edi,%ebx + addl 24(%esp),%edx + rorl $11,%ecx + andl %ebx,%eax + xorl %esi,%ecx + addl 68(%esp),%edx + xorl %edi,%eax + rorl $2,%ecx + addl %edx,%eax + addl 8(%esp),%edx + addl %ecx,%eax + movl %edx,%ecx + rorl $14,%edx + movl 12(%esp),%esi + xorl %ecx,%edx + movl 16(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + movl %ecx,8(%esp) + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %eax,%ecx + addl %edi,%edx + movl 28(%esp),%edi + movl %eax,%esi + rorl $9,%ecx + movl %eax,24(%esp) + xorl %eax,%ecx + xorl %edi,%eax + addl 20(%esp),%edx + rorl $11,%ecx + andl %eax,%ebx + xorl %esi,%ecx + addl 72(%esp),%edx + xorl %edi,%ebx + rorl $2,%ecx + addl %edx,%ebx + addl 4(%esp),%edx + addl %ecx,%ebx + movl %edx,%ecx + rorl $14,%edx + movl 8(%esp),%esi + xorl %ecx,%edx + movl 12(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + movl %ecx,4(%esp) + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %ebx,%ecx + addl %edi,%edx + movl 24(%esp),%edi + movl %ebx,%esi + rorl $9,%ecx + movl %ebx,20(%esp) + xorl %ebx,%ecx + xorl %edi,%ebx + addl 16(%esp),%edx + rorl $11,%ecx + andl %ebx,%eax + xorl %esi,%ecx + addl 76(%esp),%edx + xorl %edi,%eax + rorl $2,%ecx + addl %edx,%eax + addl (%esp),%edx + addl %ecx,%eax + movl %edx,%ecx + rorl $14,%edx + movl 4(%esp),%esi + xorl %ecx,%edx + movl 8(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + movl %ecx,(%esp) + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %eax,%ecx + addl %edi,%edx + movl 20(%esp),%edi + movl %eax,%esi + rorl $9,%ecx + movl %eax,16(%esp) + xorl %eax,%ecx + xorl %edi,%eax + addl 12(%esp),%edx + rorl $11,%ecx + andl %eax,%ebx + xorl %esi,%ecx + addl 80(%esp),%edx + xorl %edi,%ebx + rorl $2,%ecx + addl %edx,%ebx + addl 28(%esp),%edx + addl %ecx,%ebx + movl %edx,%ecx + rorl $14,%edx + movl (%esp),%esi + xorl %ecx,%edx + movl 4(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + movl %ecx,28(%esp) + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %ebx,%ecx + addl %edi,%edx + movl 16(%esp),%edi + movl %ebx,%esi + rorl $9,%ecx + movl %ebx,12(%esp) + xorl %ebx,%ecx + xorl %edi,%ebx + addl 8(%esp),%edx + rorl $11,%ecx + andl %ebx,%eax + xorl %esi,%ecx + addl 84(%esp),%edx + xorl %edi,%eax + rorl $2,%ecx + addl %edx,%eax + addl 24(%esp),%edx + addl %ecx,%eax + movl %edx,%ecx + rorl $14,%edx + movl 28(%esp),%esi + xorl %ecx,%edx + movl (%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + movl %ecx,24(%esp) + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %eax,%ecx + addl %edi,%edx + movl 12(%esp),%edi + movl %eax,%esi + rorl $9,%ecx + movl %eax,8(%esp) + xorl %eax,%ecx + xorl %edi,%eax + addl 4(%esp),%edx + rorl $11,%ecx + andl %eax,%ebx + xorl %esi,%ecx + addl 88(%esp),%edx + xorl %edi,%ebx + rorl $2,%ecx + addl %edx,%ebx + addl 20(%esp),%edx + addl %ecx,%ebx + movl %edx,%ecx + rorl $14,%edx + movl 24(%esp),%esi + xorl %ecx,%edx + movl 28(%esp),%edi + xorl %edi,%esi + rorl $5,%edx + andl %ecx,%esi + movl %ecx,20(%esp) + xorl %ecx,%edx + xorl %esi,%edi + rorl $6,%edx + movl %ebx,%ecx + addl %edi,%edx + movl 8(%esp),%edi + movl %ebx,%esi + rorl $9,%ecx + movl %ebx,4(%esp) + xorl %ebx,%ecx + xorl %edi,%ebx + addl (%esp),%edx + rorl $11,%ecx + andl %ebx,%eax + xorl %esi,%ecx + addl 92(%esp),%edx + xorl %edi,%eax + rorl $2,%ecx + addl %edx,%eax + addl 16(%esp),%edx + addl %ecx,%eax + movl 96(%esp),%esi + xorl %edi,%ebx + movl 12(%esp),%ecx + addl (%esi),%eax + addl 4(%esi),%ebx + addl 8(%esi),%edi + addl 12(%esi),%ecx + movl %eax,(%esi) + movl %ebx,4(%esi) + movl %edi,8(%esi) + movl %ecx,12(%esi) + movl %ebx,4(%esp) + xorl %edi,%ebx + movl %edi,8(%esp) + movl %ecx,12(%esp) + movl 20(%esp),%edi + movl 24(%esp),%ecx + addl 16(%esi),%edx + addl 20(%esi),%edi + addl 24(%esi),%ecx + movl %edx,16(%esi) + movl %edi,20(%esi) + movl %edi,20(%esp) + movl 28(%esp),%edi + movl %ecx,24(%esi) + addl 28(%esi),%edi + movl %ecx,24(%esp) + movl %edi,28(%esi) + movl %edi,28(%esp) + movl 100(%esp),%edi + movdqa 64(%ebp),%xmm7 + subl $192,%ebp + cmpl 104(%esp),%edi + jb L011grand_ssse3 + movl 108(%esp),%esp + popl %edi + popl %esi + popl %ebx + popl %ebp + ret +.section __IMPORT,__pointers,non_lazy_symbol_pointers +L_OPENSSL_ia32cap_P$non_lazy_ptr: +.indirect_symbol _OPENSSL_ia32cap_P +.long 0 #endif diff --git a/mac-x86/crypto/sha/sha512-586.S b/mac-x86/crypto/sha/sha512-586.S index 99dbc31..3066100 100644 --- a/mac-x86/crypto/sha/sha512-586.S +++ b/mac-x86/crypto/sha/sha512-586.S @@ -26,6 +26,2269 @@ L000pic_point: movl %edi,4(%esp) movl %eax,8(%esp) movl %ebx,12(%esp) + movl L_OPENSSL_ia32cap_P$non_lazy_ptr-L001K512(%ebp),%edx + movl (%edx),%ecx + testl $67108864,%ecx + jz L002loop_x86 + movl 4(%edx),%edx + movq (%esi),%mm0 + andl $16777216,%ecx + movq 8(%esi),%mm1 + andl $512,%edx + movq 16(%esi),%mm2 + orl %edx,%ecx + movq 24(%esi),%mm3 + movq 32(%esi),%mm4 + movq 40(%esi),%mm5 + movq 48(%esi),%mm6 + movq 56(%esi),%mm7 + cmpl $16777728,%ecx + je L003SSSE3 + subl $80,%esp + jmp L004loop_sse2 +.align 4,0x90 +L004loop_sse2: + movq %mm1,8(%esp) + movq %mm2,16(%esp) + movq %mm3,24(%esp) + movq %mm5,40(%esp) + movq %mm6,48(%esp) + pxor %mm1,%mm2 + movq %mm7,56(%esp) + movq %mm0,%mm3 + movl (%edi),%eax + movl 4(%edi),%ebx + addl $8,%edi + movl $15,%edx + bswap %eax + bswap %ebx + jmp L00500_14_sse2 +.align 4,0x90 +L00500_14_sse2: + movd %eax,%mm1 + movl (%edi),%eax + movd %ebx,%mm7 + movl 4(%edi),%ebx + addl $8,%edi + bswap %eax + bswap %ebx + punpckldq %mm1,%mm7 + movq %mm4,%mm1 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,32(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + movq %mm3,%mm0 + movq %mm7,72(%esp) + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 56(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + paddq (%ebp),%mm7 + pxor %mm4,%mm3 + movq 24(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 8(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + subl $8,%esp + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq 40(%esp),%mm5 + paddq %mm2,%mm3 + movq %mm0,%mm2 + addl $8,%ebp + paddq %mm6,%mm3 + movq 48(%esp),%mm6 + decl %edx + jnz L00500_14_sse2 + movd %eax,%mm1 + movd %ebx,%mm7 + punpckldq %mm1,%mm7 + movq %mm4,%mm1 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,32(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + movq %mm3,%mm0 + movq %mm7,72(%esp) + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 56(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + paddq (%ebp),%mm7 + pxor %mm4,%mm3 + movq 24(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 8(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + subl $8,%esp + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq 192(%esp),%mm7 + paddq %mm2,%mm3 + movq %mm0,%mm2 + addl $8,%ebp + paddq %mm6,%mm3 + pxor %mm0,%mm0 + movl $32,%edx + jmp L00616_79_sse2 +.align 4,0x90 +L00616_79_sse2: + movq 88(%esp),%mm5 + movq %mm7,%mm1 + psrlq $1,%mm7 + movq %mm5,%mm6 + psrlq $6,%mm5 + psllq $56,%mm1 + paddq %mm3,%mm0 + movq %mm7,%mm3 + psrlq $6,%mm7 + pxor %mm1,%mm3 + psllq $7,%mm1 + pxor %mm7,%mm3 + psrlq $1,%mm7 + pxor %mm1,%mm3 + movq %mm5,%mm1 + psrlq $13,%mm5 + pxor %mm3,%mm7 + psllq $3,%mm6 + pxor %mm5,%mm1 + paddq 200(%esp),%mm7 + pxor %mm6,%mm1 + psrlq $42,%mm5 + paddq 128(%esp),%mm7 + pxor %mm5,%mm1 + psllq $42,%mm6 + movq 40(%esp),%mm5 + pxor %mm6,%mm1 + movq 48(%esp),%mm6 + paddq %mm1,%mm7 + movq %mm4,%mm1 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,32(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + movq %mm7,72(%esp) + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 56(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + paddq (%ebp),%mm7 + pxor %mm4,%mm3 + movq 24(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 8(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + subl $8,%esp + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq 192(%esp),%mm7 + paddq %mm6,%mm2 + addl $8,%ebp + movq 88(%esp),%mm5 + movq %mm7,%mm1 + psrlq $1,%mm7 + movq %mm5,%mm6 + psrlq $6,%mm5 + psllq $56,%mm1 + paddq %mm3,%mm2 + movq %mm7,%mm3 + psrlq $6,%mm7 + pxor %mm1,%mm3 + psllq $7,%mm1 + pxor %mm7,%mm3 + psrlq $1,%mm7 + pxor %mm1,%mm3 + movq %mm5,%mm1 + psrlq $13,%mm5 + pxor %mm3,%mm7 + psllq $3,%mm6 + pxor %mm5,%mm1 + paddq 200(%esp),%mm7 + pxor %mm6,%mm1 + psrlq $42,%mm5 + paddq 128(%esp),%mm7 + pxor %mm5,%mm1 + psllq $42,%mm6 + movq 40(%esp),%mm5 + pxor %mm6,%mm1 + movq 48(%esp),%mm6 + paddq %mm1,%mm7 + movq %mm4,%mm1 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,32(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + movq %mm7,72(%esp) + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm2,(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 56(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + paddq (%ebp),%mm7 + pxor %mm4,%mm3 + movq 24(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm2,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm2,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 8(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + subl $8,%esp + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm2,%mm0 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + pxor %mm7,%mm6 + movq 192(%esp),%mm7 + paddq %mm6,%mm0 + addl $8,%ebp + decl %edx + jnz L00616_79_sse2 + paddq %mm3,%mm0 + movq 8(%esp),%mm1 + movq 24(%esp),%mm3 + movq 40(%esp),%mm5 + movq 48(%esp),%mm6 + movq 56(%esp),%mm7 + pxor %mm1,%mm2 + paddq (%esi),%mm0 + paddq 8(%esi),%mm1 + paddq 16(%esi),%mm2 + paddq 24(%esi),%mm3 + paddq 32(%esi),%mm4 + paddq 40(%esi),%mm5 + paddq 48(%esi),%mm6 + paddq 56(%esi),%mm7 + movl $640,%eax + movq %mm0,(%esi) + movq %mm1,8(%esi) + movq %mm2,16(%esi) + movq %mm3,24(%esi) + movq %mm4,32(%esi) + movq %mm5,40(%esi) + movq %mm6,48(%esi) + movq %mm7,56(%esi) + leal (%esp,%eax,1),%esp + subl %eax,%ebp + cmpl 88(%esp),%edi + jb L004loop_sse2 + movl 92(%esp),%esp + emms + popl %edi + popl %esi + popl %ebx + popl %ebp + ret +.align 5,0x90 +L003SSSE3: + leal -64(%esp),%edx + subl $256,%esp + movdqa 640(%ebp),%xmm1 + movdqu (%edi),%xmm0 +.byte 102,15,56,0,193 + movdqa (%ebp),%xmm3 + movdqa %xmm1,%xmm2 + movdqu 16(%edi),%xmm1 + paddq %xmm0,%xmm3 +.byte 102,15,56,0,202 + movdqa %xmm3,-128(%edx) + movdqa 16(%ebp),%xmm4 + movdqa %xmm2,%xmm3 + movdqu 32(%edi),%xmm2 + paddq %xmm1,%xmm4 +.byte 102,15,56,0,211 + movdqa %xmm4,-112(%edx) + movdqa 32(%ebp),%xmm5 + movdqa %xmm3,%xmm4 + movdqu 48(%edi),%xmm3 + paddq %xmm2,%xmm5 +.byte 102,15,56,0,220 + movdqa %xmm5,-96(%edx) + movdqa 48(%ebp),%xmm6 + movdqa %xmm4,%xmm5 + movdqu 64(%edi),%xmm4 + paddq %xmm3,%xmm6 +.byte 102,15,56,0,229 + movdqa %xmm6,-80(%edx) + movdqa 64(%ebp),%xmm7 + movdqa %xmm5,%xmm6 + movdqu 80(%edi),%xmm5 + paddq %xmm4,%xmm7 +.byte 102,15,56,0,238 + movdqa %xmm7,-64(%edx) + movdqa %xmm0,(%edx) + movdqa 80(%ebp),%xmm0 + movdqa %xmm6,%xmm7 + movdqu 96(%edi),%xmm6 + paddq %xmm5,%xmm0 +.byte 102,15,56,0,247 + movdqa %xmm0,-48(%edx) + movdqa %xmm1,16(%edx) + movdqa 96(%ebp),%xmm1 + movdqa %xmm7,%xmm0 + movdqu 112(%edi),%xmm7 + paddq %xmm6,%xmm1 +.byte 102,15,56,0,248 + movdqa %xmm1,-32(%edx) + movdqa %xmm2,32(%edx) + movdqa 112(%ebp),%xmm2 + movdqa (%edx),%xmm0 + paddq %xmm7,%xmm2 + movdqa %xmm2,-16(%edx) + nop +.align 5,0x90 +L007loop_ssse3: + movdqa 16(%edx),%xmm2 + movdqa %xmm3,48(%edx) + leal 128(%ebp),%ebp + movq %mm1,8(%esp) + movl %edi,%ebx + movq %mm2,16(%esp) + leal 128(%edi),%edi + movq %mm3,24(%esp) + cmpl %eax,%edi + movq %mm5,40(%esp) + cmovbl %edi,%ebx + movq %mm6,48(%esp) + movl $4,%ecx + pxor %mm1,%mm2 + movq %mm7,56(%esp) + pxor %mm3,%mm3 + jmp L00800_47_ssse3 +.align 5,0x90 +L00800_47_ssse3: + movdqa %xmm5,%xmm3 + movdqa %xmm2,%xmm1 +.byte 102,15,58,15,208,8 + movdqa %xmm4,(%edx) +.byte 102,15,58,15,220,8 + movdqa %xmm2,%xmm4 + psrlq $7,%xmm2 + paddq %xmm3,%xmm0 + movdqa %xmm4,%xmm3 + psrlq $1,%xmm4 + psllq $56,%xmm3 + pxor %xmm4,%xmm2 + psrlq $7,%xmm4 + pxor %xmm3,%xmm2 + psllq $7,%xmm3 + pxor %xmm4,%xmm2 + movdqa %xmm7,%xmm4 + pxor %xmm3,%xmm2 + movdqa %xmm7,%xmm3 + psrlq $6,%xmm4 + paddq %xmm2,%xmm0 + movdqa %xmm7,%xmm2 + psrlq $19,%xmm3 + psllq $3,%xmm2 + pxor %xmm3,%xmm4 + psrlq $42,%xmm3 + pxor %xmm2,%xmm4 + psllq $42,%xmm2 + pxor %xmm3,%xmm4 + movdqa 32(%edx),%xmm3 + pxor %xmm2,%xmm4 + movdqa (%ebp),%xmm2 + movq %mm4,%mm1 + paddq %xmm4,%xmm0 + movq -128(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,32(%esp) + paddq %xmm0,%xmm2 + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm0 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 56(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 24(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 8(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq 32(%esp),%mm5 + paddq %mm6,%mm2 + movq 40(%esp),%mm6 + movq %mm4,%mm1 + movq -120(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,24(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm2 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm2,56(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 48(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 16(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm2,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm2,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq (%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm2,%mm0 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + pxor %mm7,%mm6 + movq 24(%esp),%mm5 + paddq %mm6,%mm0 + movq 32(%esp),%mm6 + movdqa %xmm2,-128(%edx) + movdqa %xmm6,%xmm4 + movdqa %xmm3,%xmm2 +.byte 102,15,58,15,217,8 + movdqa %xmm5,16(%edx) +.byte 102,15,58,15,229,8 + movdqa %xmm3,%xmm5 + psrlq $7,%xmm3 + paddq %xmm4,%xmm1 + movdqa %xmm5,%xmm4 + psrlq $1,%xmm5 + psllq $56,%xmm4 + pxor %xmm5,%xmm3 + psrlq $7,%xmm5 + pxor %xmm4,%xmm3 + psllq $7,%xmm4 + pxor %xmm5,%xmm3 + movdqa %xmm0,%xmm5 + pxor %xmm4,%xmm3 + movdqa %xmm0,%xmm4 + psrlq $6,%xmm5 + paddq %xmm3,%xmm1 + movdqa %xmm0,%xmm3 + psrlq $19,%xmm4 + psllq $3,%xmm3 + pxor %xmm4,%xmm5 + psrlq $42,%xmm4 + pxor %xmm3,%xmm5 + psllq $42,%xmm3 + pxor %xmm4,%xmm5 + movdqa 48(%edx),%xmm4 + pxor %xmm3,%xmm5 + movdqa 16(%ebp),%xmm3 + movq %mm4,%mm1 + paddq %xmm5,%xmm1 + movq -112(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,16(%esp) + paddq %xmm1,%xmm3 + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm0 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,48(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 40(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 8(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 56(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq 16(%esp),%mm5 + paddq %mm6,%mm2 + movq 24(%esp),%mm6 + movq %mm4,%mm1 + movq -104(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,8(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm2 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm2,40(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 32(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq (%esp),%mm4 + paddq %mm7,%mm3 + movq %mm2,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm2,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 48(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm2,%mm0 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + pxor %mm7,%mm6 + movq 8(%esp),%mm5 + paddq %mm6,%mm0 + movq 16(%esp),%mm6 + movdqa %xmm3,-112(%edx) + movdqa %xmm7,%xmm5 + movdqa %xmm4,%xmm3 +.byte 102,15,58,15,226,8 + movdqa %xmm6,32(%edx) +.byte 102,15,58,15,238,8 + movdqa %xmm4,%xmm6 + psrlq $7,%xmm4 + paddq %xmm5,%xmm2 + movdqa %xmm6,%xmm5 + psrlq $1,%xmm6 + psllq $56,%xmm5 + pxor %xmm6,%xmm4 + psrlq $7,%xmm6 + pxor %xmm5,%xmm4 + psllq $7,%xmm5 + pxor %xmm6,%xmm4 + movdqa %xmm1,%xmm6 + pxor %xmm5,%xmm4 + movdqa %xmm1,%xmm5 + psrlq $6,%xmm6 + paddq %xmm4,%xmm2 + movdqa %xmm1,%xmm4 + psrlq $19,%xmm5 + psllq $3,%xmm4 + pxor %xmm5,%xmm6 + psrlq $42,%xmm5 + pxor %xmm4,%xmm6 + psllq $42,%xmm4 + pxor %xmm5,%xmm6 + movdqa (%edx),%xmm5 + pxor %xmm4,%xmm6 + movdqa 32(%ebp),%xmm4 + movq %mm4,%mm1 + paddq %xmm6,%xmm2 + movq -96(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,(%esp) + paddq %xmm2,%xmm4 + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm0 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,32(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 24(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 56(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 40(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq (%esp),%mm5 + paddq %mm6,%mm2 + movq 8(%esp),%mm6 + movq %mm4,%mm1 + movq -88(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,56(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm2 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm2,24(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 16(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 48(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm2,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm2,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 32(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm2,%mm0 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + pxor %mm7,%mm6 + movq 56(%esp),%mm5 + paddq %mm6,%mm0 + movq (%esp),%mm6 + movdqa %xmm4,-96(%edx) + movdqa %xmm0,%xmm6 + movdqa %xmm5,%xmm4 +.byte 102,15,58,15,235,8 + movdqa %xmm7,48(%edx) +.byte 102,15,58,15,247,8 + movdqa %xmm5,%xmm7 + psrlq $7,%xmm5 + paddq %xmm6,%xmm3 + movdqa %xmm7,%xmm6 + psrlq $1,%xmm7 + psllq $56,%xmm6 + pxor %xmm7,%xmm5 + psrlq $7,%xmm7 + pxor %xmm6,%xmm5 + psllq $7,%xmm6 + pxor %xmm7,%xmm5 + movdqa %xmm2,%xmm7 + pxor %xmm6,%xmm5 + movdqa %xmm2,%xmm6 + psrlq $6,%xmm7 + paddq %xmm5,%xmm3 + movdqa %xmm2,%xmm5 + psrlq $19,%xmm6 + psllq $3,%xmm5 + pxor %xmm6,%xmm7 + psrlq $42,%xmm6 + pxor %xmm5,%xmm7 + psllq $42,%xmm5 + pxor %xmm6,%xmm7 + movdqa 16(%edx),%xmm6 + pxor %xmm5,%xmm7 + movdqa 48(%ebp),%xmm5 + movq %mm4,%mm1 + paddq %xmm7,%xmm3 + movq -80(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,48(%esp) + paddq %xmm3,%xmm5 + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm0 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,16(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 8(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 40(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 24(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq 48(%esp),%mm5 + paddq %mm6,%mm2 + movq 56(%esp),%mm6 + movq %mm4,%mm1 + movq -72(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,40(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm2 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm2,8(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq (%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 32(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm2,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm2,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 16(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm2,%mm0 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + pxor %mm7,%mm6 + movq 40(%esp),%mm5 + paddq %mm6,%mm0 + movq 48(%esp),%mm6 + movdqa %xmm5,-80(%edx) + movdqa %xmm1,%xmm7 + movdqa %xmm6,%xmm5 +.byte 102,15,58,15,244,8 + movdqa %xmm0,(%edx) +.byte 102,15,58,15,248,8 + movdqa %xmm6,%xmm0 + psrlq $7,%xmm6 + paddq %xmm7,%xmm4 + movdqa %xmm0,%xmm7 + psrlq $1,%xmm0 + psllq $56,%xmm7 + pxor %xmm0,%xmm6 + psrlq $7,%xmm0 + pxor %xmm7,%xmm6 + psllq $7,%xmm7 + pxor %xmm0,%xmm6 + movdqa %xmm3,%xmm0 + pxor %xmm7,%xmm6 + movdqa %xmm3,%xmm7 + psrlq $6,%xmm0 + paddq %xmm6,%xmm4 + movdqa %xmm3,%xmm6 + psrlq $19,%xmm7 + psllq $3,%xmm6 + pxor %xmm7,%xmm0 + psrlq $42,%xmm7 + pxor %xmm6,%xmm0 + psllq $42,%xmm6 + pxor %xmm7,%xmm0 + movdqa 32(%edx),%xmm7 + pxor %xmm6,%xmm0 + movdqa 64(%ebp),%xmm6 + movq %mm4,%mm1 + paddq %xmm0,%xmm4 + movq -64(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,32(%esp) + paddq %xmm4,%xmm6 + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm0 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 56(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 24(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 8(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq 32(%esp),%mm5 + paddq %mm6,%mm2 + movq 40(%esp),%mm6 + movq %mm4,%mm1 + movq -56(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,24(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm2 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm2,56(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 48(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 16(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm2,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm2,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq (%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm2,%mm0 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + pxor %mm7,%mm6 + movq 24(%esp),%mm5 + paddq %mm6,%mm0 + movq 32(%esp),%mm6 + movdqa %xmm6,-64(%edx) + movdqa %xmm2,%xmm0 + movdqa %xmm7,%xmm6 +.byte 102,15,58,15,253,8 + movdqa %xmm1,16(%edx) +.byte 102,15,58,15,193,8 + movdqa %xmm7,%xmm1 + psrlq $7,%xmm7 + paddq %xmm0,%xmm5 + movdqa %xmm1,%xmm0 + psrlq $1,%xmm1 + psllq $56,%xmm0 + pxor %xmm1,%xmm7 + psrlq $7,%xmm1 + pxor %xmm0,%xmm7 + psllq $7,%xmm0 + pxor %xmm1,%xmm7 + movdqa %xmm4,%xmm1 + pxor %xmm0,%xmm7 + movdqa %xmm4,%xmm0 + psrlq $6,%xmm1 + paddq %xmm7,%xmm5 + movdqa %xmm4,%xmm7 + psrlq $19,%xmm0 + psllq $3,%xmm7 + pxor %xmm0,%xmm1 + psrlq $42,%xmm0 + pxor %xmm7,%xmm1 + psllq $42,%xmm7 + pxor %xmm0,%xmm1 + movdqa 48(%edx),%xmm0 + pxor %xmm7,%xmm1 + movdqa 80(%ebp),%xmm7 + movq %mm4,%mm1 + paddq %xmm1,%xmm5 + movq -48(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,16(%esp) + paddq %xmm5,%xmm7 + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm0 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,48(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 40(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 8(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 56(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq 16(%esp),%mm5 + paddq %mm6,%mm2 + movq 24(%esp),%mm6 + movq %mm4,%mm1 + movq -40(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,8(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm2 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm2,40(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 32(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq (%esp),%mm4 + paddq %mm7,%mm3 + movq %mm2,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm2,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 48(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm2,%mm0 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + pxor %mm7,%mm6 + movq 8(%esp),%mm5 + paddq %mm6,%mm0 + movq 16(%esp),%mm6 + movdqa %xmm7,-48(%edx) + movdqa %xmm3,%xmm1 + movdqa %xmm0,%xmm7 +.byte 102,15,58,15,198,8 + movdqa %xmm2,32(%edx) +.byte 102,15,58,15,202,8 + movdqa %xmm0,%xmm2 + psrlq $7,%xmm0 + paddq %xmm1,%xmm6 + movdqa %xmm2,%xmm1 + psrlq $1,%xmm2 + psllq $56,%xmm1 + pxor %xmm2,%xmm0 + psrlq $7,%xmm2 + pxor %xmm1,%xmm0 + psllq $7,%xmm1 + pxor %xmm2,%xmm0 + movdqa %xmm5,%xmm2 + pxor %xmm1,%xmm0 + movdqa %xmm5,%xmm1 + psrlq $6,%xmm2 + paddq %xmm0,%xmm6 + movdqa %xmm5,%xmm0 + psrlq $19,%xmm1 + psllq $3,%xmm0 + pxor %xmm1,%xmm2 + psrlq $42,%xmm1 + pxor %xmm0,%xmm2 + psllq $42,%xmm0 + pxor %xmm1,%xmm2 + movdqa (%edx),%xmm1 + pxor %xmm0,%xmm2 + movdqa 96(%ebp),%xmm0 + movq %mm4,%mm1 + paddq %xmm2,%xmm6 + movq -32(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,(%esp) + paddq %xmm6,%xmm0 + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm0 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,32(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 24(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 56(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 40(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq (%esp),%mm5 + paddq %mm6,%mm2 + movq 8(%esp),%mm6 + movq %mm4,%mm1 + movq -24(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,56(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm2 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm2,24(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 16(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 48(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm2,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm2,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 32(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm2,%mm0 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + pxor %mm7,%mm6 + movq 56(%esp),%mm5 + paddq %mm6,%mm0 + movq (%esp),%mm6 + movdqa %xmm0,-32(%edx) + movdqa %xmm4,%xmm2 + movdqa %xmm1,%xmm0 +.byte 102,15,58,15,207,8 + movdqa %xmm3,48(%edx) +.byte 102,15,58,15,211,8 + movdqa %xmm1,%xmm3 + psrlq $7,%xmm1 + paddq %xmm2,%xmm7 + movdqa %xmm3,%xmm2 + psrlq $1,%xmm3 + psllq $56,%xmm2 + pxor %xmm3,%xmm1 + psrlq $7,%xmm3 + pxor %xmm2,%xmm1 + psllq $7,%xmm2 + pxor %xmm3,%xmm1 + movdqa %xmm6,%xmm3 + pxor %xmm2,%xmm1 + movdqa %xmm6,%xmm2 + psrlq $6,%xmm3 + paddq %xmm1,%xmm7 + movdqa %xmm6,%xmm1 + psrlq $19,%xmm2 + psllq $3,%xmm1 + pxor %xmm2,%xmm3 + psrlq $42,%xmm2 + pxor %xmm1,%xmm3 + psllq $42,%xmm1 + pxor %xmm2,%xmm3 + movdqa 16(%edx),%xmm2 + pxor %xmm1,%xmm3 + movdqa 112(%ebp),%xmm1 + movq %mm4,%mm1 + paddq %xmm3,%xmm7 + movq -16(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,48(%esp) + paddq %xmm7,%xmm1 + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm0 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,16(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 8(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 40(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 24(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq 48(%esp),%mm5 + paddq %mm6,%mm2 + movq 56(%esp),%mm6 + movq %mm4,%mm1 + movq -8(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,40(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm2 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm2,8(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq (%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 32(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm2,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm2,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 16(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm2,%mm0 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + pxor %mm7,%mm6 + movq 40(%esp),%mm5 + paddq %mm6,%mm0 + movq 48(%esp),%mm6 + movdqa %xmm1,-16(%edx) + leal 128(%ebp),%ebp + decl %ecx + jnz L00800_47_ssse3 + movdqa (%ebp),%xmm1 + leal -640(%ebp),%ebp + movdqu (%ebx),%xmm0 +.byte 102,15,56,0,193 + movdqa (%ebp),%xmm3 + movdqa %xmm1,%xmm2 + movdqu 16(%ebx),%xmm1 + paddq %xmm0,%xmm3 +.byte 102,15,56,0,202 + movq %mm4,%mm1 + movq -128(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,32(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm0 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 56(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 24(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 8(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq 32(%esp),%mm5 + paddq %mm6,%mm2 + movq 40(%esp),%mm6 + movq %mm4,%mm1 + movq -120(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,24(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm2 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm2,56(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 48(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 16(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm2,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm2,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq (%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm2,%mm0 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + pxor %mm7,%mm6 + movq 24(%esp),%mm5 + paddq %mm6,%mm0 + movq 32(%esp),%mm6 + movdqa %xmm3,-128(%edx) + movdqa 16(%ebp),%xmm4 + movdqa %xmm2,%xmm3 + movdqu 32(%ebx),%xmm2 + paddq %xmm1,%xmm4 +.byte 102,15,56,0,211 + movq %mm4,%mm1 + movq -112(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,16(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm0 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,48(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 40(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 8(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 56(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq 16(%esp),%mm5 + paddq %mm6,%mm2 + movq 24(%esp),%mm6 + movq %mm4,%mm1 + movq -104(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,8(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm2 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm2,40(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 32(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq (%esp),%mm4 + paddq %mm7,%mm3 + movq %mm2,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm2,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 48(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm2,%mm0 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + pxor %mm7,%mm6 + movq 8(%esp),%mm5 + paddq %mm6,%mm0 + movq 16(%esp),%mm6 + movdqa %xmm4,-112(%edx) + movdqa 32(%ebp),%xmm5 + movdqa %xmm3,%xmm4 + movdqu 48(%ebx),%xmm3 + paddq %xmm2,%xmm5 +.byte 102,15,56,0,220 + movq %mm4,%mm1 + movq -96(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm0 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,32(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 24(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 56(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 40(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq (%esp),%mm5 + paddq %mm6,%mm2 + movq 8(%esp),%mm6 + movq %mm4,%mm1 + movq -88(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,56(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm2 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm2,24(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 16(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 48(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm2,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm2,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 32(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm2,%mm0 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + pxor %mm7,%mm6 + movq 56(%esp),%mm5 + paddq %mm6,%mm0 + movq (%esp),%mm6 + movdqa %xmm5,-96(%edx) + movdqa 48(%ebp),%xmm6 + movdqa %xmm4,%xmm5 + movdqu 64(%ebx),%xmm4 + paddq %xmm3,%xmm6 +.byte 102,15,56,0,229 + movq %mm4,%mm1 + movq -80(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,48(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm0 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,16(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 8(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 40(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 24(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq 48(%esp),%mm5 + paddq %mm6,%mm2 + movq 56(%esp),%mm6 + movq %mm4,%mm1 + movq -72(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,40(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm2 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm2,8(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq (%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 32(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm2,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm2,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 16(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm2,%mm0 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + pxor %mm7,%mm6 + movq 40(%esp),%mm5 + paddq %mm6,%mm0 + movq 48(%esp),%mm6 + movdqa %xmm6,-80(%edx) + movdqa 64(%ebp),%xmm7 + movdqa %xmm5,%xmm6 + movdqu 80(%ebx),%xmm5 + paddq %xmm4,%xmm7 +.byte 102,15,56,0,238 + movq %mm4,%mm1 + movq -64(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,32(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm0 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 56(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 24(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 8(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq 32(%esp),%mm5 + paddq %mm6,%mm2 + movq 40(%esp),%mm6 + movq %mm4,%mm1 + movq -56(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,24(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm2 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm2,56(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 48(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 16(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm2,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm2,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq (%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm2,%mm0 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + pxor %mm7,%mm6 + movq 24(%esp),%mm5 + paddq %mm6,%mm0 + movq 32(%esp),%mm6 + movdqa %xmm7,-64(%edx) + movdqa %xmm0,(%edx) + movdqa 80(%ebp),%xmm0 + movdqa %xmm6,%xmm7 + movdqu 96(%ebx),%xmm6 + paddq %xmm5,%xmm0 +.byte 102,15,56,0,247 + movq %mm4,%mm1 + movq -48(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,16(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm0 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,48(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 40(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 8(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 56(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq 16(%esp),%mm5 + paddq %mm6,%mm2 + movq 24(%esp),%mm6 + movq %mm4,%mm1 + movq -40(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,8(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm2 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm2,40(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 32(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq (%esp),%mm4 + paddq %mm7,%mm3 + movq %mm2,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm2,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 48(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm2,%mm0 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + pxor %mm7,%mm6 + movq 8(%esp),%mm5 + paddq %mm6,%mm0 + movq 16(%esp),%mm6 + movdqa %xmm0,-48(%edx) + movdqa %xmm1,16(%edx) + movdqa 96(%ebp),%xmm1 + movdqa %xmm7,%xmm0 + movdqu 112(%ebx),%xmm7 + paddq %xmm6,%xmm1 +.byte 102,15,56,0,248 + movq %mm4,%mm1 + movq -32(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm0 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,32(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 24(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 56(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 40(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq (%esp),%mm5 + paddq %mm6,%mm2 + movq 8(%esp),%mm6 + movq %mm4,%mm1 + movq -24(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,56(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm2 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm2,24(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 16(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 48(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm2,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm2,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 32(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm2,%mm0 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + pxor %mm7,%mm6 + movq 56(%esp),%mm5 + paddq %mm6,%mm0 + movq (%esp),%mm6 + movdqa %xmm1,-32(%edx) + movdqa %xmm2,32(%edx) + movdqa 112(%ebp),%xmm2 + movdqa (%edx),%xmm0 + paddq %xmm7,%xmm2 + movq %mm4,%mm1 + movq -16(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,48(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm0 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm0,16(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq 8(%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 40(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm0,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm0,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 24(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm0,%mm2 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + pxor %mm7,%mm6 + movq 48(%esp),%mm5 + paddq %mm6,%mm2 + movq 56(%esp),%mm6 + movq %mm4,%mm1 + movq -8(%edx),%mm7 + pxor %mm6,%mm5 + psrlq $14,%mm1 + movq %mm4,40(%esp) + pand %mm4,%mm5 + psllq $23,%mm4 + paddq %mm3,%mm2 + movq %mm1,%mm3 + psrlq $4,%mm1 + pxor %mm6,%mm5 + pxor %mm4,%mm3 + psllq $23,%mm4 + pxor %mm1,%mm3 + movq %mm2,8(%esp) + paddq %mm5,%mm7 + pxor %mm4,%mm3 + psrlq $23,%mm1 + paddq (%esp),%mm7 + pxor %mm1,%mm3 + psllq $4,%mm4 + pxor %mm4,%mm3 + movq 32(%esp),%mm4 + paddq %mm7,%mm3 + movq %mm2,%mm5 + psrlq $28,%mm5 + paddq %mm3,%mm4 + movq %mm2,%mm6 + movq %mm5,%mm7 + psllq $25,%mm6 + movq 16(%esp),%mm1 + psrlq $6,%mm5 + pxor %mm6,%mm7 + psllq $5,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm2 + psrlq $5,%mm5 + pxor %mm6,%mm7 + pand %mm2,%mm0 + psllq $6,%mm6 + pxor %mm5,%mm7 + pxor %mm1,%mm0 + pxor %mm7,%mm6 + movq 40(%esp),%mm5 + paddq %mm6,%mm0 + movq 48(%esp),%mm6 + movdqa %xmm2,-16(%edx) + movq 8(%esp),%mm1 + paddq %mm3,%mm0 + movq 24(%esp),%mm3 + movq 56(%esp),%mm7 + pxor %mm1,%mm2 + paddq (%esi),%mm0 + paddq 8(%esi),%mm1 + paddq 16(%esi),%mm2 + paddq 24(%esi),%mm3 + paddq 32(%esi),%mm4 + paddq 40(%esi),%mm5 + paddq 48(%esi),%mm6 + paddq 56(%esi),%mm7 + movq %mm0,(%esi) + movq %mm1,8(%esi) + movq %mm2,16(%esi) + movq %mm3,24(%esi) + movq %mm4,32(%esi) + movq %mm5,40(%esi) + movq %mm6,48(%esi) + movq %mm7,56(%esi) + cmpl %eax,%edi + jb L007loop_ssse3 + movl 76(%edx),%esp + emms + popl %edi + popl %esi + popl %ebx + popl %ebp + ret .align 4,0x90 L002loop_x86: movl (%edi),%eax @@ -131,7 +2394,7 @@ L002loop_x86: movl $16,%ecx .long 2784229001 .align 4,0x90 -L00300_15_x86: +L00900_15_x86: movl 40(%esp),%ecx movl 44(%esp),%edx movl %ecx,%esi @@ -238,9 +2501,9 @@ L00300_15_x86: subl $8,%esp leal 8(%ebp),%ebp cmpb $148,%dl - jne L00300_15_x86 + jne L00900_15_x86 .align 4,0x90 -L00416_79_x86: +L01016_79_x86: movl 312(%esp),%ecx movl 316(%esp),%edx movl %ecx,%esi @@ -413,7 +2676,7 @@ L00416_79_x86: subl $8,%esp leal 8(%ebp),%ebp cmpb $23,%dl - jne L00416_79_x86 + jne L01016_79_x86 movl 840(%esp),%esi movl 844(%esp),%edi movl (%esi),%eax @@ -563,4 +2826,8 @@ L001K512: .byte 67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97 .byte 112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103 .byte 62,0 +.section __IMPORT,__pointers,non_lazy_symbol_pointers +L_OPENSSL_ia32cap_P$non_lazy_ptr: +.indirect_symbol _OPENSSL_ia32cap_P +.long 0 #endif diff --git a/mac-x86_64/crypto/aes/aesni-x86_64.S b/mac-x86_64/crypto/aes/aesni-x86_64.S index 032c94d..69b22c2 100644 --- a/mac-x86_64/crypto/aes/aesni-x86_64.S +++ b/mac-x86_64/crypto/aes/aesni-x86_64.S @@ -19,7 +19,10 @@ L$oop_enc1_1: leaq 16(%rdx),%rdx jnz L$oop_enc1_1 .byte 102,15,56,221,209 + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 movups %xmm2,(%rsi) + pxor %xmm2,%xmm2 .byte 0xf3,0xc3 @@ -41,7 +44,10 @@ L$oop_dec1_2: leaq 16(%rdx),%rdx jnz L$oop_dec1_2 .byte 102,15,56,223,209 + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 movups %xmm2,(%rsi) + pxor %xmm2,%xmm2 .byte 0xf3,0xc3 @@ -267,21 +273,18 @@ _aesni_encrypt6: pxor %xmm0,%xmm6 .byte 102,15,56,220,225 pxor %xmm0,%xmm7 + movups (%rcx,%rax,1),%xmm0 addq $16,%rax -.byte 102,15,56,220,233 -.byte 102,15,56,220,241 -.byte 102,15,56,220,249 - movups -16(%rcx,%rax,1),%xmm0 jmp L$enc_loop6_enter .p2align 4 L$enc_loop6: .byte 102,15,56,220,209 .byte 102,15,56,220,217 .byte 102,15,56,220,225 +L$enc_loop6_enter: .byte 102,15,56,220,233 .byte 102,15,56,220,241 .byte 102,15,56,220,249 -L$enc_loop6_enter: movups (%rcx,%rax,1),%xmm1 addq $32,%rax .byte 102,15,56,220,208 @@ -324,21 +327,18 @@ _aesni_decrypt6: pxor %xmm0,%xmm6 .byte 102,15,56,222,225 pxor %xmm0,%xmm7 + movups (%rcx,%rax,1),%xmm0 addq $16,%rax -.byte 102,15,56,222,233 -.byte 102,15,56,222,241 -.byte 102,15,56,222,249 - movups -16(%rcx,%rax,1),%xmm0 jmp L$dec_loop6_enter .p2align 4 L$dec_loop6: .byte 102,15,56,222,209 .byte 102,15,56,222,217 .byte 102,15,56,222,225 +L$dec_loop6_enter: .byte 102,15,56,222,233 .byte 102,15,56,222,241 .byte 102,15,56,222,249 -L$dec_loop6_enter: movups (%rcx,%rax,1),%xmm1 addq $32,%rax .byte 102,15,56,222,208 @@ -378,23 +378,18 @@ _aesni_encrypt8: leaq 32(%rcx,%rax,1),%rcx negq %rax .byte 102,15,56,220,209 - addq $16,%rax pxor %xmm0,%xmm7 -.byte 102,15,56,220,217 pxor %xmm0,%xmm8 +.byte 102,15,56,220,217 pxor %xmm0,%xmm9 -.byte 102,15,56,220,225 -.byte 102,15,56,220,233 -.byte 102,15,56,220,241 -.byte 102,15,56,220,249 -.byte 102,68,15,56,220,193 -.byte 102,68,15,56,220,201 - movups -16(%rcx,%rax,1),%xmm0 - jmp L$enc_loop8_enter + movups (%rcx,%rax,1),%xmm0 + addq $16,%rax + jmp L$enc_loop8_inner .p2align 4 L$enc_loop8: .byte 102,15,56,220,209 .byte 102,15,56,220,217 +L$enc_loop8_inner: .byte 102,15,56,220,225 .byte 102,15,56,220,233 .byte 102,15,56,220,241 @@ -447,23 +442,18 @@ _aesni_decrypt8: leaq 32(%rcx,%rax,1),%rcx negq %rax .byte 102,15,56,222,209 - addq $16,%rax pxor %xmm0,%xmm7 -.byte 102,15,56,222,217 pxor %xmm0,%xmm8 +.byte 102,15,56,222,217 pxor %xmm0,%xmm9 -.byte 102,15,56,222,225 -.byte 102,15,56,222,233 -.byte 102,15,56,222,241 -.byte 102,15,56,222,249 -.byte 102,68,15,56,222,193 -.byte 102,68,15,56,222,201 - movups -16(%rcx,%rax,1),%xmm0 - jmp L$dec_loop8_enter + movups (%rcx,%rax,1),%xmm0 + addq $16,%rax + jmp L$dec_loop8_inner .p2align 4 L$dec_loop8: .byte 102,15,56,222,209 .byte 102,15,56,222,217 +L$dec_loop8_inner: .byte 102,15,56,222,225 .byte 102,15,56,222,233 .byte 102,15,56,222,241 @@ -591,6 +581,7 @@ L$ecb_enc_tail: movups 80(%rdi),%xmm7 je L$ecb_enc_six movdqu 96(%rdi),%xmm8 + xorps %xmm9,%xmm9 call _aesni_encrypt8 movups %xmm2,(%rsi) movups %xmm3,16(%rsi) @@ -704,15 +695,23 @@ L$ecb_dec_loop8_enter: jnc L$ecb_dec_loop8 movups %xmm2,(%rsi) + pxor %xmm2,%xmm2 movq %r11,%rcx movups %xmm3,16(%rsi) + pxor %xmm3,%xmm3 movl %r10d,%eax movups %xmm4,32(%rsi) + pxor %xmm4,%xmm4 movups %xmm5,48(%rsi) + pxor %xmm5,%xmm5 movups %xmm6,64(%rsi) + pxor %xmm6,%xmm6 movups %xmm7,80(%rsi) + pxor %xmm7,%xmm7 movups %xmm8,96(%rsi) + pxor %xmm8,%xmm8 movups %xmm9,112(%rsi) + pxor %xmm9,%xmm9 leaq 128(%rsi),%rsi addq $128,%rdx jz L$ecb_ret @@ -735,14 +734,23 @@ L$ecb_dec_tail: je L$ecb_dec_six movups 96(%rdi),%xmm8 movups (%rcx),%xmm0 + xorps %xmm9,%xmm9 call _aesni_decrypt8 movups %xmm2,(%rsi) + pxor %xmm2,%xmm2 movups %xmm3,16(%rsi) + pxor %xmm3,%xmm3 movups %xmm4,32(%rsi) + pxor %xmm4,%xmm4 movups %xmm5,48(%rsi) + pxor %xmm5,%xmm5 movups %xmm6,64(%rsi) + pxor %xmm6,%xmm6 movups %xmm7,80(%rsi) + pxor %xmm7,%xmm7 movups %xmm8,96(%rsi) + pxor %xmm8,%xmm8 + pxor %xmm9,%xmm9 jmp L$ecb_ret .p2align 4 L$ecb_dec_one: @@ -758,49 +766,73 @@ L$oop_dec1_4: jnz L$oop_dec1_4 .byte 102,15,56,223,209 movups %xmm2,(%rsi) + pxor %xmm2,%xmm2 jmp L$ecb_ret .p2align 4 L$ecb_dec_two: call _aesni_decrypt2 movups %xmm2,(%rsi) + pxor %xmm2,%xmm2 movups %xmm3,16(%rsi) + pxor %xmm3,%xmm3 jmp L$ecb_ret .p2align 4 L$ecb_dec_three: call _aesni_decrypt3 movups %xmm2,(%rsi) + pxor %xmm2,%xmm2 movups %xmm3,16(%rsi) + pxor %xmm3,%xmm3 movups %xmm4,32(%rsi) + pxor %xmm4,%xmm4 jmp L$ecb_ret .p2align 4 L$ecb_dec_four: call _aesni_decrypt4 movups %xmm2,(%rsi) + pxor %xmm2,%xmm2 movups %xmm3,16(%rsi) + pxor %xmm3,%xmm3 movups %xmm4,32(%rsi) + pxor %xmm4,%xmm4 movups %xmm5,48(%rsi) + pxor %xmm5,%xmm5 jmp L$ecb_ret .p2align 4 L$ecb_dec_five: xorps %xmm7,%xmm7 call _aesni_decrypt6 movups %xmm2,(%rsi) + pxor %xmm2,%xmm2 movups %xmm3,16(%rsi) + pxor %xmm3,%xmm3 movups %xmm4,32(%rsi) + pxor %xmm4,%xmm4 movups %xmm5,48(%rsi) + pxor %xmm5,%xmm5 movups %xmm6,64(%rsi) + pxor %xmm6,%xmm6 + pxor %xmm7,%xmm7 jmp L$ecb_ret .p2align 4 L$ecb_dec_six: call _aesni_decrypt6 movups %xmm2,(%rsi) + pxor %xmm2,%xmm2 movups %xmm3,16(%rsi) + pxor %xmm3,%xmm3 movups %xmm4,32(%rsi) + pxor %xmm4,%xmm4 movups %xmm5,48(%rsi) + pxor %xmm5,%xmm5 movups %xmm6,64(%rsi) + pxor %xmm6,%xmm6 movups %xmm7,80(%rsi) + pxor %xmm7,%xmm7 L$ecb_ret: + xorps %xmm0,%xmm0 + pxor %xmm1,%xmm1 .byte 0xf3,0xc3 .globl _aesni_ccm64_encrypt_blocks @@ -858,7 +890,13 @@ L$ccm64_enc2_loop: leaq 16(%rsi),%rsi jnz L$ccm64_enc_outer + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 movups %xmm3,(%r9) + pxor %xmm3,%xmm3 + pxor %xmm8,%xmm8 + pxor %xmm6,%xmm6 .byte 0xf3,0xc3 .globl _aesni_ccm64_decrypt_blocks @@ -950,7 +988,13 @@ L$oop_enc1_6: leaq 16(%r11),%r11 jnz L$oop_enc1_6 .byte 102,15,56,221,217 + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 movups %xmm3,(%r9) + pxor %xmm3,%xmm3 + pxor %xmm8,%xmm8 + pxor %xmm6,%xmm6 .byte 0xf3,0xc3 .globl _aesni_ctr32_encrypt_blocks @@ -958,14 +1002,43 @@ L$oop_enc1_6: .p2align 4 _aesni_ctr32_encrypt_blocks: + cmpq $1,%rdx + jne L$ctr32_bulk + + + + movups (%r8),%xmm2 + movups (%rdi),%xmm3 + movl 240(%rcx),%edx + movups (%rcx),%xmm0 + movups 16(%rcx),%xmm1 + leaq 32(%rcx),%rcx + xorps %xmm0,%xmm2 +L$oop_enc1_7: +.byte 102,15,56,220,209 + decl %edx + movups (%rcx),%xmm1 + leaq 16(%rcx),%rcx + jnz L$oop_enc1_7 +.byte 102,15,56,221,209 + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + xorps %xmm3,%xmm2 + pxor %xmm3,%xmm3 + movups %xmm2,(%rsi) + xorps %xmm2,%xmm2 + jmp L$ctr32_epilogue + +.p2align 4 +L$ctr32_bulk: leaq (%rsp),%rax pushq %rbp subq $128,%rsp andq $-16,%rsp leaq -8(%rax),%rbp - cmpq $1,%rdx - je L$ctr32_one_shortcut + + movdqu (%r8),%xmm2 movdqu (%rcx),%xmm0 @@ -1356,11 +1429,14 @@ L$ctr32_enc_done: leaq -128(%rcx),%rcx L$ctr32_tail: + + leaq 16(%rcx),%rcx cmpq $4,%rdx jb L$ctr32_loop3 je L$ctr32_loop4 + shll $4,%eax movdqa 96(%rsp),%xmm8 pxor %xmm9,%xmm9 @@ -1463,30 +1539,33 @@ L$ctr32_loop3: movups 32(%rdi),%xmm12 xorps %xmm12,%xmm4 movups %xmm4,32(%rsi) - jmp L$ctr32_done -.p2align 4 -L$ctr32_one_shortcut: - movups (%r8),%xmm2 - movups (%rdi),%xmm10 - movl 240(%rcx),%eax - movups (%rcx),%xmm0 - movups 16(%rcx),%xmm1 - leaq 32(%rcx),%rcx - xorps %xmm0,%xmm2 -L$oop_enc1_7: -.byte 102,15,56,220,209 - decl %eax - movups (%rcx),%xmm1 - leaq 16(%rcx),%rcx - jnz L$oop_enc1_7 -.byte 102,15,56,221,209 - xorps %xmm10,%xmm2 - movups %xmm2,(%rsi) - jmp L$ctr32_done - -.p2align 4 L$ctr32_done: + xorps %xmm0,%xmm0 + xorl %r11d,%r11d + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 + pxor %xmm6,%xmm6 + pxor %xmm7,%xmm7 + movaps %xmm0,0(%rsp) + pxor %xmm8,%xmm8 + movaps %xmm0,16(%rsp) + pxor %xmm9,%xmm9 + movaps %xmm0,32(%rsp) + pxor %xmm10,%xmm10 + movaps %xmm0,48(%rsp) + pxor %xmm11,%xmm11 + movaps %xmm0,64(%rsp) + pxor %xmm12,%xmm12 + movaps %xmm0,80(%rsp) + pxor %xmm13,%xmm13 + movaps %xmm0,96(%rsp) + pxor %xmm14,%xmm14 + movaps %xmm0,112(%rsp) + pxor %xmm15,%xmm15 leaq (%rbp),%rsp popq %rbp L$ctr32_epilogue: @@ -1758,6 +1837,7 @@ L$xts_enc_loop6: shrl $4,%eax L$xts_enc_short: + movl %eax,%r10d pxor %xmm0,%xmm10 addq $96,%rdx @@ -1786,6 +1866,7 @@ L$xts_enc_short: pxor %xmm12,%xmm4 pxor %xmm13,%xmm5 pxor %xmm14,%xmm6 + pxor %xmm7,%xmm7 call _aesni_encrypt6 @@ -1928,6 +2009,29 @@ L$oop_enc1_10: movups %xmm2,-16(%rsi) L$xts_enc_ret: + xorps %xmm0,%xmm0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 + pxor %xmm6,%xmm6 + pxor %xmm7,%xmm7 + movaps %xmm0,0(%rsp) + pxor %xmm8,%xmm8 + movaps %xmm0,16(%rsp) + pxor %xmm9,%xmm9 + movaps %xmm0,32(%rsp) + pxor %xmm10,%xmm10 + movaps %xmm0,48(%rsp) + pxor %xmm11,%xmm11 + movaps %xmm0,64(%rsp) + pxor %xmm12,%xmm12 + movaps %xmm0,80(%rsp) + pxor %xmm13,%xmm13 + movaps %xmm0,96(%rsp) + pxor %xmm14,%xmm14 + pxor %xmm15,%xmm15 leaq (%rbp),%rsp popq %rbp L$xts_enc_epilogue: @@ -2205,6 +2309,7 @@ L$xts_dec_loop6: shrl $4,%eax L$xts_dec_short: + movl %eax,%r10d pxor %xmm0,%xmm10 pxor %xmm0,%xmm11 @@ -2407,6 +2512,29 @@ L$oop_dec1_14: movups %xmm2,(%rsi) L$xts_dec_ret: + xorps %xmm0,%xmm0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 + pxor %xmm6,%xmm6 + pxor %xmm7,%xmm7 + movaps %xmm0,0(%rsp) + pxor %xmm8,%xmm8 + movaps %xmm0,16(%rsp) + pxor %xmm9,%xmm9 + movaps %xmm0,32(%rsp) + pxor %xmm10,%xmm10 + movaps %xmm0,48(%rsp) + pxor %xmm11,%xmm11 + movaps %xmm0,64(%rsp) + pxor %xmm12,%xmm12 + movaps %xmm0,80(%rsp) + pxor %xmm13,%xmm13 + movaps %xmm0,96(%rsp) + pxor %xmm14,%xmm14 + pxor %xmm15,%xmm15 leaq (%rbp),%rsp popq %rbp L$xts_dec_epilogue: @@ -2456,7 +2584,11 @@ L$oop_enc1_15: jnc L$cbc_enc_loop addq $16,%rdx jnz L$cbc_enc_tail + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 movups %xmm2,(%r8) + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 jmp L$cbc_ret L$cbc_enc_tail: @@ -2476,6 +2608,35 @@ L$cbc_enc_tail: .p2align 4 L$cbc_decrypt: + cmpq $16,%rdx + jne L$cbc_decrypt_bulk + + + + movdqu (%rdi),%xmm2 + movdqu (%r8),%xmm3 + movdqa %xmm2,%xmm4 + movups (%rcx),%xmm0 + movups 16(%rcx),%xmm1 + leaq 32(%rcx),%rcx + xorps %xmm0,%xmm2 +L$oop_dec1_16: +.byte 102,15,56,222,209 + decl %r10d + movups (%rcx),%xmm1 + leaq 16(%rcx),%rcx + jnz L$oop_dec1_16 +.byte 102,15,56,223,209 + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + movdqu %xmm4,(%r8) + xorps %xmm3,%xmm2 + pxor %xmm3,%xmm3 + movups %xmm2,(%rsi) + pxor %xmm2,%xmm2 + jmp L$cbc_ret +.p2align 4 +L$cbc_decrypt_bulk: leaq (%rsp),%rax pushq %rbp subq $16,%rsp @@ -2712,7 +2873,7 @@ L$cbc_dec_done: movaps %xmm9,%xmm2 leaq -112(%rcx),%rcx addq $112,%rdx - jle L$cbc_dec_tail_collected + jle L$cbc_dec_clear_tail_collected movups %xmm9,(%rsi) leaq 16(%rsi),%rsi cmpq $80,%rdx @@ -2731,14 +2892,19 @@ L$cbc_dec_six_or_seven: movdqu %xmm2,(%rsi) pxor %xmm12,%xmm4 movdqu %xmm3,16(%rsi) + pxor %xmm3,%xmm3 pxor %xmm13,%xmm5 movdqu %xmm4,32(%rsi) + pxor %xmm4,%xmm4 pxor %xmm14,%xmm6 movdqu %xmm5,48(%rsi) + pxor %xmm5,%xmm5 pxor %xmm15,%xmm7 movdqu %xmm6,64(%rsi) + pxor %xmm6,%xmm6 leaq 80(%rsi),%rsi movdqa %xmm7,%xmm2 + pxor %xmm7,%xmm7 jmp L$cbc_dec_tail_collected .p2align 4 @@ -2753,16 +2919,23 @@ L$cbc_dec_seven: movdqu %xmm2,(%rsi) pxor %xmm12,%xmm4 movdqu %xmm3,16(%rsi) + pxor %xmm3,%xmm3 pxor %xmm13,%xmm5 movdqu %xmm4,32(%rsi) + pxor %xmm4,%xmm4 pxor %xmm14,%xmm6 movdqu %xmm5,48(%rsi) + pxor %xmm5,%xmm5 pxor %xmm15,%xmm7 movdqu %xmm6,64(%rsi) + pxor %xmm6,%xmm6 pxor %xmm9,%xmm8 movdqu %xmm7,80(%rsi) + pxor %xmm7,%xmm7 leaq 96(%rsi),%rsi movdqa %xmm8,%xmm2 + pxor %xmm8,%xmm8 + pxor %xmm9,%xmm9 jmp L$cbc_dec_tail_collected .p2align 4 @@ -2806,7 +2979,7 @@ L$cbc_dec_loop6_enter: movdqa %xmm7,%xmm2 addq $80,%rdx - jle L$cbc_dec_tail_collected + jle L$cbc_dec_clear_tail_collected movups %xmm7,(%rsi) leaq 16(%rsi),%rsi @@ -2841,12 +3014,17 @@ L$cbc_dec_tail: movdqu %xmm2,(%rsi) pxor %xmm12,%xmm4 movdqu %xmm3,16(%rsi) + pxor %xmm3,%xmm3 pxor %xmm13,%xmm5 movdqu %xmm4,32(%rsi) + pxor %xmm4,%xmm4 pxor %xmm14,%xmm6 movdqu %xmm5,48(%rsi) + pxor %xmm5,%xmm5 leaq 64(%rsi),%rsi movdqa %xmm6,%xmm2 + pxor %xmm6,%xmm6 + pxor %xmm7,%xmm7 subq $16,%rdx jmp L$cbc_dec_tail_collected @@ -2857,12 +3035,12 @@ L$cbc_dec_one: movups 16(%rcx),%xmm1 leaq 32(%rcx),%rcx xorps %xmm0,%xmm2 -L$oop_dec1_16: +L$oop_dec1_17: .byte 102,15,56,222,209 decl %eax movups (%rcx),%xmm1 leaq 16(%rcx),%rcx - jnz L$oop_dec1_16 + jnz L$oop_dec1_17 .byte 102,15,56,223,209 xorps %xmm10,%xmm2 movaps %xmm11,%xmm10 @@ -2876,6 +3054,7 @@ L$cbc_dec_two: pxor %xmm11,%xmm3 movdqu %xmm2,(%rsi) movdqa %xmm3,%xmm2 + pxor %xmm3,%xmm3 leaq 16(%rsi),%rsi jmp L$cbc_dec_tail_collected .p2align 4 @@ -2888,7 +3067,9 @@ L$cbc_dec_three: movdqu %xmm2,(%rsi) pxor %xmm12,%xmm4 movdqu %xmm3,16(%rsi) + pxor %xmm3,%xmm3 movdqa %xmm4,%xmm2 + pxor %xmm4,%xmm4 leaq 32(%rsi),%rsi jmp L$cbc_dec_tail_collected .p2align 4 @@ -2901,29 +3082,45 @@ L$cbc_dec_four: movdqu %xmm2,(%rsi) pxor %xmm12,%xmm4 movdqu %xmm3,16(%rsi) + pxor %xmm3,%xmm3 pxor %xmm13,%xmm5 movdqu %xmm4,32(%rsi) + pxor %xmm4,%xmm4 movdqa %xmm5,%xmm2 + pxor %xmm5,%xmm5 leaq 48(%rsi),%rsi jmp L$cbc_dec_tail_collected .p2align 4 +L$cbc_dec_clear_tail_collected: + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 + pxor %xmm6,%xmm6 + pxor %xmm7,%xmm7 + pxor %xmm8,%xmm8 + pxor %xmm9,%xmm9 L$cbc_dec_tail_collected: movups %xmm10,(%r8) andq $15,%rdx jnz L$cbc_dec_tail_partial movups %xmm2,(%rsi) + pxor %xmm2,%xmm2 jmp L$cbc_dec_ret .p2align 4 L$cbc_dec_tail_partial: movaps %xmm2,(%rsp) + pxor %xmm2,%xmm2 movq $16,%rcx movq %rsi,%rdi subq %rdx,%rcx leaq (%rsp),%rsi .long 0x9066A4F3 + movdqa %xmm2,(%rsp) L$cbc_dec_ret: + xorps %xmm0,%xmm0 + pxor %xmm1,%xmm1 leaq (%rbp),%rsp popq %rbp L$cbc_ret: @@ -2962,7 +3159,9 @@ L$dec_key_inverse: movups (%rdx),%xmm0 .byte 102,15,56,219,192 + pxor %xmm1,%xmm1 movups %xmm0,(%rdi) + pxor %xmm0,%xmm0 L$dec_key_ret: addq $8,%rsp .byte 0xf3,0xc3 @@ -2981,8 +3180,10 @@ __aesni_set_encrypt_key: testq %rdx,%rdx jz L$enc_key_ret + movl $268437504,%r10d movups (%rdi),%xmm0 xorps %xmm4,%xmm4 + andl _OPENSSL_ia32cap_P+4(%rip),%r10d leaq 16(%rdx),%rax cmpl $256,%esi je L$14rounds @@ -2993,6 +3194,9 @@ __aesni_set_encrypt_key: L$10rounds: movl $9,%esi + cmpl $268435456,%r10d + je L$10rounds_alt + movups %xmm0,(%rdx) .byte 102,15,58,223,200,1 call L$key_expansion_128_cold @@ -3020,9 +3224,79 @@ L$10rounds: jmp L$enc_key_ret .p2align 4 +L$10rounds_alt: + movdqa L$key_rotate(%rip),%xmm5 + movl $8,%r10d + movdqa L$key_rcon1(%rip),%xmm4 + movdqa %xmm0,%xmm2 + movdqu %xmm0,(%rdx) + jmp L$oop_key128 + +.p2align 4 +L$oop_key128: +.byte 102,15,56,0,197 +.byte 102,15,56,221,196 + pslld $1,%xmm4 + leaq 16(%rax),%rax + + movdqa %xmm2,%xmm3 + pslldq $4,%xmm2 + pxor %xmm2,%xmm3 + pslldq $4,%xmm2 + pxor %xmm2,%xmm3 + pslldq $4,%xmm2 + pxor %xmm3,%xmm2 + + pxor %xmm2,%xmm0 + movdqu %xmm0,-16(%rax) + movdqa %xmm0,%xmm2 + + decl %r10d + jnz L$oop_key128 + + movdqa L$key_rcon1b(%rip),%xmm4 + +.byte 102,15,56,0,197 +.byte 102,15,56,221,196 + pslld $1,%xmm4 + + movdqa %xmm2,%xmm3 + pslldq $4,%xmm2 + pxor %xmm2,%xmm3 + pslldq $4,%xmm2 + pxor %xmm2,%xmm3 + pslldq $4,%xmm2 + pxor %xmm3,%xmm2 + + pxor %xmm2,%xmm0 + movdqu %xmm0,(%rax) + + movdqa %xmm0,%xmm2 +.byte 102,15,56,0,197 +.byte 102,15,56,221,196 + + movdqa %xmm2,%xmm3 + pslldq $4,%xmm2 + pxor %xmm2,%xmm3 + pslldq $4,%xmm2 + pxor %xmm2,%xmm3 + pslldq $4,%xmm2 + pxor %xmm3,%xmm2 + + pxor %xmm2,%xmm0 + movdqu %xmm0,16(%rax) + + movl %esi,96(%rax) + xorl %eax,%eax + jmp L$enc_key_ret + +.p2align 4 L$12rounds: movq 16(%rdi),%xmm2 movl $11,%esi + cmpl $268435456,%r10d + je L$12rounds_alt + movups %xmm0,(%rdx) .byte 102,15,58,223,202,1 call L$key_expansion_192a_cold @@ -3046,10 +3320,54 @@ L$12rounds: jmp L$enc_key_ret .p2align 4 +L$12rounds_alt: + movdqa L$key_rotate192(%rip),%xmm5 + movdqa L$key_rcon1(%rip),%xmm4 + movl $8,%r10d + movdqu %xmm0,(%rdx) + jmp L$oop_key192 + +.p2align 4 +L$oop_key192: + movq %xmm2,0(%rax) + movdqa %xmm2,%xmm1 +.byte 102,15,56,0,213 +.byte 102,15,56,221,212 + pslld $1,%xmm4 + leaq 24(%rax),%rax + + movdqa %xmm0,%xmm3 + pslldq $4,%xmm0 + pxor %xmm0,%xmm3 + pslldq $4,%xmm0 + pxor %xmm0,%xmm3 + pslldq $4,%xmm0 + pxor %xmm3,%xmm0 + + pshufd $255,%xmm0,%xmm3 + pxor %xmm1,%xmm3 + pslldq $4,%xmm1 + pxor %xmm1,%xmm3 + + pxor %xmm2,%xmm0 + pxor %xmm3,%xmm2 + movdqu %xmm0,-16(%rax) + + decl %r10d + jnz L$oop_key192 + + movl %esi,32(%rax) + xorl %eax,%eax + jmp L$enc_key_ret + +.p2align 4 L$14rounds: movups 16(%rdi),%xmm2 movl $13,%esi leaq 16(%rax),%rax + cmpl $268435456,%r10d + je L$14rounds_alt + movups %xmm0,(%rdx) movups %xmm2,16(%rdx) .byte 102,15,58,223,202,1 @@ -3084,9 +3402,69 @@ L$14rounds: jmp L$enc_key_ret .p2align 4 +L$14rounds_alt: + movdqa L$key_rotate(%rip),%xmm5 + movdqa L$key_rcon1(%rip),%xmm4 + movl $7,%r10d + movdqu %xmm0,0(%rdx) + movdqa %xmm2,%xmm1 + movdqu %xmm2,16(%rdx) + jmp L$oop_key256 + +.p2align 4 +L$oop_key256: +.byte 102,15,56,0,213 +.byte 102,15,56,221,212 + + movdqa %xmm0,%xmm3 + pslldq $4,%xmm0 + pxor %xmm0,%xmm3 + pslldq $4,%xmm0 + pxor %xmm0,%xmm3 + pslldq $4,%xmm0 + pxor %xmm3,%xmm0 + pslld $1,%xmm4 + + pxor %xmm2,%xmm0 + movdqu %xmm0,(%rax) + + decl %r10d + jz L$done_key256 + + pshufd $255,%xmm0,%xmm2 + pxor %xmm3,%xmm3 +.byte 102,15,56,221,211 + + movdqa %xmm1,%xmm3 + pslldq $4,%xmm1 + pxor %xmm1,%xmm3 + pslldq $4,%xmm1 + pxor %xmm1,%xmm3 + pslldq $4,%xmm1 + pxor %xmm3,%xmm1 + + pxor %xmm1,%xmm2 + movdqu %xmm2,16(%rax) + leaq 32(%rax),%rax + movdqa %xmm2,%xmm1 + + jmp L$oop_key256 + +L$done_key256: + movl %esi,16(%rax) + xorl %eax,%eax + jmp L$enc_key_ret + +.p2align 4 L$bad_keybits: movq $-2,%rax L$enc_key_ret: + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 addq $8,%rsp .byte 0xf3,0xc3 L$SEH_end_set_encrypt_key: @@ -3172,6 +3550,14 @@ L$xts_magic: .long 0x87,0,1,0 L$increment1: .byte 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1 +L$key_rotate: +.long 0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d +L$key_rotate192: +.long 0x04070605,0x04070605,0x04070605,0x04070605 +L$key_rcon1: +.long 1,1,1,1 +L$key_rcon1b: +.long 0x1b,0x1b,0x1b,0x1b .byte 65,69,83,32,102,111,114,32,73,110,116,101,108,32,65,69,83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .p2align 6 diff --git a/mac-x86_64/crypto/cpu-x86_64-asm.S b/mac-x86_64/crypto/cpu-x86_64-asm.S index faf4e2f..0dde04d 100644 --- a/mac-x86_64/crypto/cpu-x86_64-asm.S +++ b/mac-x86_64/crypto/cpu-x86_64-asm.S @@ -104,10 +104,6 @@ L$nocacheinfo: cmpl $0,%r9d jne L$notintel orl $1073741824,%edx - andb $15,%ah - cmpb $15,%ah - jne L$notintel - orl $1048576,%edx L$notintel: btl $28,%edx jnc L$generic diff --git a/mac-x86_64/crypto/rand/rdrand-x86_64.S b/mac-x86_64/crypto/rand/rdrand-x86_64.S new file mode 100644 index 0000000..1ba990f --- /dev/null +++ b/mac-x86_64/crypto/rand/rdrand-x86_64.S @@ -0,0 +1,11 @@ +#if defined(__x86_64__) +.text + +.globl _CRYPTO_rdrand +.private_extern _CRYPTO_rdrand + +.p2align 4 +_CRYPTO_rdrand: +.byte 0x48, 0x0f, 0xc7, 0xf0 + .byte 0xf3,0xc3 +#endif diff --git a/mac-x86_64/crypto/rc4/rc4-x86_64.S b/mac-x86_64/crypto/rc4/rc4-x86_64.S index 44147ff..7808184 100644 --- a/mac-x86_64/crypto/rc4/rc4-x86_64.S +++ b/mac-x86_64/crypto/rc4/rc4-x86_64.S @@ -592,31 +592,4 @@ L$exit_key: movl %eax,-4(%rdi) .byte 0xf3,0xc3 - -.globl _RC4_options -.private_extern _RC4_options - -.p2align 4 -_RC4_options: - leaq L$opts(%rip),%rax - movq _OPENSSL_ia32cap_P(%rip),%rdx - movl (%rdx),%edx - btl $20,%edx - jc L$8xchar - btl $30,%edx - jnc L$done - addq $25,%rax - .byte 0xf3,0xc3 -L$8xchar: - addq $12,%rax -L$done: - .byte 0xf3,0xc3 -.p2align 6 -L$opts: -.byte 114,99,52,40,56,120,44,105,110,116,41,0 -.byte 114,99,52,40,56,120,44,99,104,97,114,41,0 -.byte 114,99,52,40,49,54,120,44,105,110,116,41,0 -.byte 82,67,52,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 -.p2align 6 - #endif diff --git a/sources.mk b/sources.mk index d16a893..de6a956 100644 --- a/sources.mk +++ b/sources.mk @@ -1,8 +1,21 @@ -# This file is created by update_gypi_and_asm.py. Do not edit manually. +# Copyright (C) 2015 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. crypto_sources := \ android_compat_hacks.c\ android_compat_keywrap.c\ + err_data.c\ src/crypto/aes/aes.c\ src/crypto/aes/mode_wrappers.c\ src/crypto/asn1/a_bitstr.c\ @@ -23,7 +36,6 @@ crypto_sources := \ src/crypto/asn1/a_type.c\ src/crypto/asn1/a_utctm.c\ src/crypto/asn1/a_utf8.c\ - src/crypto/asn1/asn1_error.c\ src/crypto/asn1/asn1_lib.c\ src/crypto/asn1/asn1_par.c\ src/crypto/asn1/asn_pack.c\ @@ -45,7 +57,6 @@ crypto_sources := \ src/crypto/asn1/x_long.c\ src/crypto/base64/base64.c\ src/crypto/bio/bio.c\ - src/crypto/bio/bio_error.c\ src/crypto/bio/bio_mem.c\ src/crypto/bio/buffer.c\ src/crypto/bio/connect.c\ @@ -59,7 +70,6 @@ crypto_sources := \ src/crypto/bn/add.c\ src/crypto/bn/asm/x86_64-gcc.c\ src/crypto/bn/bn.c\ - src/crypto/bn/bn_error.c\ src/crypto/bn/cmp.c\ src/crypto/bn/convert.c\ src/crypto/bn/ctx.c\ @@ -76,7 +86,6 @@ crypto_sources := \ src/crypto/bn/shift.c\ src/crypto/bn/sqrt.c\ src/crypto/buf/buf.c\ - src/crypto/buf/buf_error.c\ src/crypto/bytestring/ber.c\ src/crypto/bytestring/cbb.c\ src/crypto/bytestring/cbs.c\ @@ -84,7 +93,6 @@ crypto_sources := \ src/crypto/chacha/chacha_vec.c\ src/crypto/cipher/aead.c\ src/crypto/cipher/cipher.c\ - src/crypto/cipher/cipher_error.c\ src/crypto/cipher/derive_key.c\ src/crypto/cipher/e_aes.c\ src/crypto/cipher/e_chacha20poly1305.c\ @@ -95,51 +103,44 @@ crypto_sources := \ src/crypto/cipher/e_ssl3.c\ src/crypto/cipher/e_tls.c\ src/crypto/cipher/tls_cbc.c\ + src/crypto/cmac/cmac.c\ src/crypto/conf/conf.c\ - src/crypto/conf/conf_error.c\ src/crypto/cpu-arm.c\ src/crypto/cpu-intel.c\ src/crypto/crypto.c\ - src/crypto/crypto_error.c\ src/crypto/des/des.c\ src/crypto/dh/check.c\ src/crypto/dh/dh.c\ src/crypto/dh/dh_asn1.c\ - src/crypto/dh/dh_error.c\ src/crypto/dh/dh_impl.c\ src/crypto/dh/params.c\ src/crypto/digest/digest.c\ - src/crypto/digest/digest_error.c\ src/crypto/digest/digests.c\ src/crypto/directory_posix.c\ src/crypto/directory_win.c\ src/crypto/dsa/dsa.c\ src/crypto/dsa/dsa_asn1.c\ - src/crypto/dsa/dsa_error.c\ src/crypto/dsa/dsa_impl.c\ src/crypto/ec/ec.c\ src/crypto/ec/ec_asn1.c\ - src/crypto/ec/ec_error.c\ src/crypto/ec/ec_key.c\ src/crypto/ec/ec_montgomery.c\ src/crypto/ec/oct.c\ + src/crypto/ec/p256-64.c\ src/crypto/ec/simple.c\ + src/crypto/ec/util-64.c\ src/crypto/ec/wnaf.c\ src/crypto/ecdh/ecdh.c\ - src/crypto/ecdh/ecdh_error.c\ src/crypto/ecdsa/ecdsa.c\ src/crypto/ecdsa/ecdsa_asn1.c\ - src/crypto/ecdsa/ecdsa_error.c\ src/crypto/engine/engine.c\ - src/crypto/engine/engine_error.c\ src/crypto/err/err.c\ - src/crypto/err/err_impl.c\ src/crypto/evp/algorithm.c\ src/crypto/evp/asn1.c\ src/crypto/evp/digestsign.c\ src/crypto/evp/evp.c\ src/crypto/evp/evp_ctx.c\ - src/crypto/evp/evp_error.c\ + src/crypto/evp/p_dsa_asn1.c\ src/crypto/evp/p_ec.c\ src/crypto/evp/p_ec_asn1.c\ src/crypto/evp/p_hmac.c\ @@ -149,9 +150,7 @@ crypto_sources := \ src/crypto/evp/pbkdf.c\ src/crypto/evp/sign.c\ src/crypto/ex_data.c\ - src/crypto/ex_data_impl.c\ src/crypto/hkdf/hkdf.c\ - src/crypto/hkdf/hkdf_error.c\ src/crypto/hmac/hmac.c\ src/crypto/lhash/lhash.c\ src/crypto/md4/md4.c\ @@ -163,10 +162,8 @@ crypto_sources := \ src/crypto/modes/gcm.c\ src/crypto/modes/ofb.c\ src/crypto/obj/obj.c\ - src/crypto/obj/obj_error.c\ src/crypto/obj/obj_xref.c\ src/crypto/pem/pem_all.c\ - src/crypto/pem/pem_error.c\ src/crypto/pem/pem_info.c\ src/crypto/pem/pem_lib.c\ src/crypto/pem/pem_oth.c\ @@ -178,10 +175,10 @@ crypto_sources := \ src/crypto/pkcs8/p5_pbev2.c\ src/crypto/pkcs8/p8_pkey.c\ src/crypto/pkcs8/pkcs8.c\ - src/crypto/pkcs8/pkcs8_error.c\ src/crypto/poly1305/poly1305.c\ src/crypto/poly1305/poly1305_arm.c\ src/crypto/poly1305/poly1305_vec.c\ + src/crypto/rand/hwrand.c\ src/crypto/rand/rand.c\ src/crypto/rand/urandom.c\ src/crypto/rand/windows.c\ @@ -190,13 +187,15 @@ crypto_sources := \ src/crypto/rsa/padding.c\ src/crypto/rsa/rsa.c\ src/crypto/rsa/rsa_asn1.c\ - src/crypto/rsa/rsa_error.c\ src/crypto/rsa/rsa_impl.c\ src/crypto/sha/sha1.c\ src/crypto/sha/sha256.c\ src/crypto/sha/sha512.c\ src/crypto/stack/stack.c\ src/crypto/thread.c\ + src/crypto/thread_none.c\ + src/crypto/thread_pthread.c\ + src/crypto/thread_win.c\ src/crypto/time_support.c\ src/crypto/x509/a_digest.c\ src/crypto/x509/a_sign.c\ @@ -215,7 +214,6 @@ crypto_sources := \ src/crypto/x509/x509_cmp.c\ src/crypto/x509/x509_d2.c\ src/crypto/x509/x509_def.c\ - src/crypto/x509/x509_error.c\ src/crypto/x509/x509_ext.c\ src/crypto/x509/x509_lu.c\ src/crypto/x509/x509_obj.c\ @@ -279,7 +277,6 @@ crypto_sources := \ src/crypto/x509v3/v3_skey.c\ src/crypto/x509v3/v3_sxnet.c\ src/crypto/x509v3/v3_utl.c\ - src/crypto/x509v3/x509v3_error.c\ ssl_sources := \ src/ssl/d1_both.c\ @@ -300,8 +297,7 @@ ssl_sources := \ src/ssl/ssl_algs.c\ src/ssl/ssl_asn1.c\ src/ssl/ssl_cert.c\ - src/ssl/ssl_ciph.c\ - src/ssl/ssl_error.c\ + src/ssl/ssl_cipher.c\ src/ssl/ssl_lib.c\ src/ssl/ssl_rsa.c\ src/ssl/ssl_sess.c\ @@ -317,6 +313,7 @@ tool_sources := \ src/tool/const.cc\ src/tool/digest.cc\ src/tool/pkcs12.cc\ + src/tool/rand.cc\ src/tool/server.cc\ src/tool/speed.cc\ src/tool/tool.cc\ @@ -340,6 +337,7 @@ linux_arm_sources := \ linux-arm/crypto/sha/sha256-armv4.S\ linux-arm/crypto/sha/sha512-armv4.S\ src/crypto/chacha/chacha_vec_arm.S\ + src/crypto/cpu-arm-asm.S\ src/crypto/poly1305/poly1305_arm_asm.S\ linux_x86_sources := \ @@ -370,6 +368,7 @@ linux_x86_64_sources := \ linux-x86_64/crypto/md5/md5-x86_64.S\ linux-x86_64/crypto/modes/aesni-gcm-x86_64.S\ linux-x86_64/crypto/modes/ghash-x86_64.S\ + linux-x86_64/crypto/rand/rdrand-x86_64.S\ linux-x86_64/crypto/rc4/rc4-md5-x86_64.S\ linux-x86_64/crypto/rc4/rc4-x86_64.S\ linux-x86_64/crypto/sha/sha1-x86_64.S\ @@ -404,12 +403,28 @@ mac_x86_64_sources := \ mac-x86_64/crypto/md5/md5-x86_64.S\ mac-x86_64/crypto/modes/aesni-gcm-x86_64.S\ mac-x86_64/crypto/modes/ghash-x86_64.S\ + mac-x86_64/crypto/rand/rdrand-x86_64.S\ mac-x86_64/crypto/rc4/rc4-md5-x86_64.S\ mac-x86_64/crypto/rc4/rc4-x86_64.S\ mac-x86_64/crypto/sha/sha1-x86_64.S\ mac-x86_64/crypto/sha/sha256-x86_64.S\ mac-x86_64/crypto/sha/sha512-x86_64.S\ +win_x86_sources := \ + win-x86/crypto/aes/aes-586.asm\ + win-x86/crypto/aes/aesni-x86.asm\ + win-x86/crypto/aes/vpaes-x86.asm\ + win-x86/crypto/bn/bn-586.asm\ + win-x86/crypto/bn/co-586.asm\ + win-x86/crypto/bn/x86-mont.asm\ + win-x86/crypto/cpu-x86-asm.asm\ + win-x86/crypto/md5/md5-586.asm\ + win-x86/crypto/modes/ghash-x86.asm\ + win-x86/crypto/rc4/rc4-586.asm\ + win-x86/crypto/sha/sha1-586.asm\ + win-x86/crypto/sha/sha256-586.asm\ + win-x86/crypto/sha/sha512-586.asm\ + win_x86_64_sources := \ win-x86_64/crypto/aes/aes-x86_64.asm\ win-x86_64/crypto/aes/aesni-x86_64.asm\ @@ -423,6 +438,7 @@ win_x86_64_sources := \ win-x86_64/crypto/md5/md5-x86_64.asm\ win-x86_64/crypto/modes/aesni-gcm-x86_64.asm\ win-x86_64/crypto/modes/ghash-x86_64.asm\ + win-x86_64/crypto/rand/rdrand-x86_64.asm\ win-x86_64/crypto/rc4/rc4-md5-x86_64.asm\ win-x86_64/crypto/rc4/rc4-x86_64.asm\ win-x86_64/crypto/sha/sha1-x86_64.asm\ diff --git a/src/BUILDING b/src/BUILDING index 18ddde1..d818f95 100644 --- a/src/BUILDING +++ b/src/BUILDING @@ -3,7 +3,8 @@ Build Prerequisites: * CMake[1] 2.8.8 or later is required. * Perl 5.6.1 or later is required. On Windows, Strawberry Perl and MSYS Perl - have both been reported to work. + have both been reported to work. If not found by CMake, it may be configured + explicitly by setting PERL_EXECUTABLE. * On Windows you currently must use Ninja[2] to build; on other platforms, it is not required, but recommended, because it makes builds faster. @@ -11,16 +12,15 @@ Build Prerequisites: * If you need to build Ninja from source, then a recent version of Python[3] is required (Python 2.7.5 works). - * On Windows only, Yasm[4] is required. + * On Windows only, Yasm[4] is required. If not found by CMake, it may be + configured explicitly by setting CMAKE_ASM_NASM_COMPILER. * A C compiler is required. On Windows, MSVC 12 (Visual Studio 2013) or later with Platform SDK 8.1 or later are supported. Recent versions of GCC and Clang should work on non-Windows platforms, and maybe on Windows too. - * Bash is required for running some tests, but not for building. - - * Go[5] is required for running some tests, but not for building. Note that - these tests do not work on Windows. + * Go[5] is required. If not found by CMake, the go executable may be + configured explicitly by setting GO_EXECUTABLE. Using Ninja (note the 'N' is capitalized in the cmake invocation): @@ -43,17 +43,37 @@ automatically. Note that the default build flags in the top-level CMakeLists.txt are for debugging - optimisation isn't enabled. -If you want to cross-compile then there are example toolchain files for 32-bit -Intel and ARM in util/. Wipe out the build directory, recreate it and run cmake +If you want to cross-compile then there is an example toolchain file for +32-bit Intel in util/. Wipe out the build directory, recreate it and run cmake like this: - cmake -DCMAKE_TOOLCHAIN_FILE=../util/arm-toolchain.cmake -GNinja .. + cmake -DCMAKE_TOOLCHAIN_FILE=../util/32-bit-toolchain.cmake -GNinja .. If you want to build as a shared library, pass -DBUILD_SHARED_LIBS=1. On Windows, where functions need to be tagged with "dllimport" when coming from a shared library, define BORINGSSL_SHARED_LIBRARY in any code which #includes the BoringSSL headers. + +Building for Android: + +It's possible to build BoringSSL with the Android NDK using CMake. This has +been tested with version 10d of the NDK. + +Unpack the Android NDK somewhere and export ANDROID_NDK to point to the +directory. Clone https://github.com/taka-no-me/android-cmake into util/. +Then make a build directory as above and run CMake *twice* like this: + + cmake -DANDROID_NATIVE_API_LEVEL=android-9 \ + -DANDROID_ABI=armeabi-v7a \ + -DCMAKE_TOOLCHAIN_FILE=../util/android-cmake/android.toolchain.cmake \ + -GNinja .. + +Once you've run that twice, ninja should produce Android-compatible binaries. +You can replace "armeabi-v7a" in the above with "arm64-v8a" to build aarch64 +binaries. + + Known Limitations on Windows: * Versions of cmake since 3.0.2 have a bug in its Ninja generator that causes @@ -65,8 +85,6 @@ Known Limitations on Windows: don't have steps for assembling the assembly language source files, so they currently cannot be used to build BoringSSL. - * The tests written in Go do not work. - [1] http://www.cmake.org/download/ [2] https://martine.github.io/ninja/ @@ -75,7 +93,4 @@ Known Limitations on Windows: [4] http://yasm.tortall.net/ - Either ensure yasm.exe is in %PATH% or configure CMAKE_ASM_NASM_COMPILER - appropriately. - [5] https://golang.org/dl/ diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 9a61495..6e41ee9 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -2,6 +2,20 @@ cmake_minimum_required (VERSION 2.8.10) project (BoringSSL) +if(ANDROID) + # Android-NDK CMake files reconfigure the path and so Go and Perl won't be + # found. However, ninja will still find them in $PATH if we just name them. + set(PERL_EXECUTABLE "perl") + set(GO_EXECUTABLE "go") +else() + find_package(Perl REQUIRED) + find_program(GO_EXECUTABLE go) +endif() + +if (NOT GO_EXECUTABLE) + message(FATAL_ERROR "Could not find Go") +endif() + if(CMAKE_COMPILER_IS_GNUCXX OR CMAKE_CXX_COMPILER_ID MATCHES "Clang") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Werror -ggdb -fvisibility=hidden") set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wall -Werror -ggdb -std=c++0x -fvisibility=hidden") @@ -11,12 +25,17 @@ elseif(MSVC) "C4127" # conditional expression is constant "C4200" # nonstandard extension used : zero-sized array in # struct/union. + "C4210" # nonstandard extension used : function given file scope "C4242" # 'function' : conversion from 'int' to 'uint8_t', # possible loss of data "C4244" # 'function' : conversion from 'int' to 'uint8_t', # possible loss of data "C4245" # 'initializing' : conversion from 'long' to # 'unsigned long', signed/unsigned mismatch + "C4267" # conversion from 'size_t' to 'int', possible loss of data + "C4371" # layout of class may have changed from a previous version of the + # compiler due to better packing of member '...' + "C4388" # signed/unsigned mismatch "C4296" # '>=' : expression is always true "C4350" # behavior change: 'std::_Wrap_alloc...' "C4365" # '=' : conversion from 'size_t' to 'int', @@ -29,7 +48,10 @@ elseif(MSVC) # side-effect" caused by FD_* macros. "C4610" # struct 'argument' can never be instantiated - user defined # constructor required. - "C4701" # potentially uninitialized local variable 'mdlen' used + "C4625" # copy constructor could not be generated because a base class + # copy constructor is inaccessible or deleted + "C4626" # assignment operator could not be generated because a base class + # assignment operator is inaccessible or deleted "C4706" # assignment within conditional expression "C4710" # 'function': function not inlined "C4711" # function 'function' selected for inline expansion @@ -45,9 +67,10 @@ elseif(MSVC) set(CMAKE_CXX_FLAGS "-Wall -WX ${MSVC_DISABLED_WARNINGS_STR}") add_definitions(-D_HAS_EXCEPTIONS=0) add_definitions(-DWIN32_LEAN_AND_MEAN) + add_definitions(-DNOMINMAX) endif() -if((CMAKE_COMPILER_IS_GNUCXX AND CMAKE_C_COMPILER_VERSION VERSION_GREATER "4.5.99") OR +if((CMAKE_COMPILER_IS_GNUCXX AND CMAKE_C_COMPILER_VERSION VERSION_GREATER "4.7.99") OR CMAKE_CXX_COMPILER_ID MATCHES "Clang") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshadow") set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wshadow") @@ -81,12 +104,21 @@ elseif (${CMAKE_SYSTEM_PROCESSOR} STREQUAL "i686") set(ARCH "x86") elseif (${CMAKE_SYSTEM_PROCESSOR} STREQUAL "arm") set(ARCH "arm") +elseif (${CMAKE_SYSTEM_PROCESSOR} STREQUAL "armv7-a") + set(ARCH "arm") elseif (${CMAKE_SYSTEM_PROCESSOR} STREQUAL "aarch64") set(ARCH "aarch64") else() message(FATAL_ERROR "Unknown processor:" ${CMAKE_SYSTEM_PROCESSOR}) endif() +if (ANDROID AND ${ARCH} STREQUAL "arm") + # The Android-NDK CMake files somehow fail to set the -march flag for + # assembly files. Without this flag, the compiler believes that it's + # building for ARMv5. + set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -march=armv7-a") +endif() + if (${ARCH} STREQUAL "x86" AND APPLE) # With CMake 2.8.x, ${CMAKE_SYSTEM_PROCESSOR} evalutes to i386 on OS X, # but clang defaults to 64-bit builds on OS X unless otherwise told. @@ -94,7 +126,13 @@ if (${ARCH} STREQUAL "x86" AND APPLE) set(ARCH "x86_64") endif() +if (OPENSSL_NO_ASM) + add_definitions(-DOPENSSL_NO_ASM) + set(ARCH "generic") +endif() + add_subdirectory(crypto) add_subdirectory(ssl) add_subdirectory(ssl/test) add_subdirectory(tool) +add_subdirectory(decrepit) diff --git a/src/STYLE b/src/STYLE new file mode 100644 index 0000000..578da68 --- /dev/null +++ b/src/STYLE @@ -0,0 +1,198 @@ +BoringSSL Style Guide. + +BoringSSL usually follows the Google C++ style guide, found below. The +rest of this document describes differences and clarifications on top +of the base guide. + +https://google-styleguide.googlecode.com/svn/trunk/cppguide.html + + +Legacy code. + +As a derivative of OpenSSL, BoringSSL contains a lot of legacy code +that does not follow this style guide. Particularly where public API +is concerned, balance consistency within a module with the benefits of +a given rule. Module-wide deviations on naming should be respected +while integer and return value conventions take precedence over +consistency. + +Some modules have seen few changes, so they still retain the original +indentation style for now. When editing these, try to retain the +original style. For Emacs, doc/c-indentation.el from OpenSSL may be +helpful in this. + + +Language. + +The majority of the project is in C, so C++-specific rules in the +Google style guide do not apply. Support for C99 features depends on +our target platforms. Typically, Chromium's target MSVC is the most +restrictive. + +Variable declarations in the middle of a function are allowed. + +Comments should be /* C-style */ for consistency. + +When declaration pointer types, * should be placed next to the variable +name, not the type. So + + uint8_t *ptr; + +not + + uint8_t* ptr; + +Rather than malloc() and free(), use the wrappers OPENSSL_malloc() and +OPENSSL_free(). Use the standard C assert() function freely. + +For new constants, prefer enums when the values are sequential and typed +constants for flags. If adding values to an existing set of #defines, continue +with #define. + + +Formatting. + +Single-statement blocks are not allowed. All conditions and loops must +use braces: + + if (foo) { + do_something(); + } + +not + + if (foo) + do_something(); + + +Integers. + +Prefer using explicitly-sized integers where appropriate rather than +generic C ones. For instance, to represent a byte, use uint8_t, not +unsigned char. Likewise, represent a two-byte field as uint16_t, not +unsigned short. + +Sizes are represented as size_t. + +Within a struct that is retained across the lifetime of an SSL +connection, if bounds of a size are known and it's easy, use a smaller +integer type like uint8_t. This is a "free" connection footprint +optimization for servers. Don't make code significantly more complex +for it, and do still check the bounds when passing in and out of the +struct. This narrowing should not propagate to local variables and +function parameters. + +When doing arithmetic, account for overflow conditions. + +Except with platform APIs, do not use ssize_t. MSVC lacks it, and +prefer out-of-band error signaling for size_t (see Return values). + + +Naming. + +Follow Google naming conventions in C++ files. In C files, use the +following naming conventions for consistency with existing OpenSSL and C +styles: + +Define structs with typedef named TYPE_NAME. The corresponding struct +should be named struct type_name_st. + +Name public functions as MODULE_function_name, unless the module +already uses a different naming scheme for legacy reasons. The module +name should be a type name if the function is a method of a particular +type. + +Some types are allocated within the library while others are +initialized into a struct allocated by the caller, often on the +stack. Name these functions TYPE_NAME_new/TYPE_NAME_free and +TYPE_NAME_init/TYPE_NAME_cleanup, respectively. All TYPE_NAME_free +functions must do nothing on NULL input. + +If a variable is the length of a pointer value, it has the suffix +_len. An output parameter is named out or has an out_ prefix. For +instance, For instance: + + uint8_t *out, + size_t *out_len, + const uint8_t *in, + size_t in_len, + +Name public headers like include/openssl/evp.h with header guards like +OPENSSL_HEADER_EVP_H. Name internal headers like crypto/ec/internal.h +with header guards like OPENSSL_HEADER_EC_INTERNAL_H. + +Name enums like unix_hacker_t. For instance: + +enum should_free_handshake_buffer_t { + free_handshake_buffer, + dont_free_handshake_buffer, +}; + + +Return values. + +As even malloc may fail in BoringSSL, the vast majority of functions +will have a failure case. Functions should return int with one on +success and zero on error. Do not overload the return value to both +signal success/failure and output an integer. For example: + + OPENSSL_EXPORT int CBS_get_u16(CBS *cbs, uint16_t *out); + +If a function needs more than a true/false result code, define an enum +rather than arbitrarily assigning meaning to int values. + +If a function outputs a pointer to an object on success and there are no +other outputs, return the pointer directly and NULL on error. + + +Parameters. + +Where not constrained by legacy code, parameter order should be: + +1. context parameters +2. output parameters +3. input parameters + +For example, + +/* CBB_add_asn sets |*out_contents| to a |CBB| into which the contents of an + * ASN.1 object can be written. The |tag| argument will be used as the tag for + * the object. It returns one on success or zero on error. */ +OPENSSL_EXPORT int CBB_add_asn1(CBB *cbb, CBB *out_contents, uint8_t tag); + + +Documentation. + +All public symbols must have a documentation comment in their header +file. The style is based on that of Go. The first sentence begins with +the symbol name, optionally prefixed with "A" or "An". Apart from the +initial mention of symbol, references to other symbols or parameter +names should be surrounded by |pipes|. + +Documentation should be concise but completely describe the exposed +behavior of the function. Pay special note to success/failure behaviors +and caller obligations on object lifetimes. If this sacrifices +conciseness, consider simplifying the function's behavior. + +/* EVP_DigestVerifyUpdate appends |len| bytes from |data| to the data which + * will be verified by |EVP_DigestVerifyFinal|. It returns one on success and + * zero otherwise. */ +OPENSSL_EXPORT int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, + size_t len); + +Explicitly mention any surprising edge cases or deviations from common +return value patterns in legacy functions. + +/* RSA_private_encrypt encrypts |flen| bytes from |from| with the private key in + * |rsa| and writes the encrypted data to |to|. The |to| buffer must have at + * least |RSA_size| bytes of space. It returns the number of bytes written, or + * -1 on error. The |padding| argument must be one of the |RSA_*_PADDING| + * values. If in doubt, |RSA_PKCS1_PADDING| is the most common. + * + * WARNING: this function is dangerous because it breaks the usual return value + * convention. Use |RSA_sign_raw| instead. */ +OPENSSL_EXPORT int RSA_private_encrypt(int flen, const uint8_t *from, + uint8_t *to, RSA *rsa, int padding); + +Document private functions in their internal.h header or, if static, +where defined. diff --git a/src/crypto/CMakeLists.txt b/src/crypto/CMakeLists.txt index cb8f63a..6433dc6 100644 --- a/src/crypto/CMakeLists.txt +++ b/src/crypto/CMakeLists.txt @@ -2,7 +2,7 @@ include_directories(. ../include) if(APPLE) if (${ARCH} STREQUAL "x86") - set(PERLASM_FLAGS "-fPIC") + set(PERLASM_FLAGS "-fPIC -DOPENSSL_IA32_SSE2") endif() set(PERLASM_STYLE macosx) set(ASM_EXT S) @@ -12,8 +12,10 @@ elseif(UNIX) # The "armx" Perl scripts look for "64" in the style argument # in order to decide whether to generate 32- or 64-bit asm. set(PERLASM_STYLE linux64) + elseif (${ARCH} STREQUAL "arm") + set(PERLASM_STYLE linux32) elseif (${ARCH} STREQUAL "x86") - set(PERLASM_FLAGS "-fPIC") + set(PERLASM_FLAGS "-fPIC -DOPENSSL_IA32_SSE2") set(PERLASM_STYLE elf) else() set(PERLASM_STYLE elf) @@ -27,6 +29,7 @@ else() else() message("Using win32n") set(PERLASM_STYLE win32n) + set(PERLASM_FLAGS "-DOPENSSL_IA32_SSE2") endif() # On Windows, we use the NASM output, specifically built with Yasm. @@ -37,9 +40,10 @@ endif() function(perlasm dest src) add_custom_command( OUTPUT ${dest} - COMMAND perl ${CMAKE_CURRENT_SOURCE_DIR}/${src} ${PERLASM_STYLE} ${PERLASM_FLAGS} ${ARGN} > ${dest} + COMMAND ${PERL_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/${src} ${PERLASM_STYLE} ${PERLASM_FLAGS} ${ARGN} > ${dest} DEPENDS ${src} + ${PROJECT_SOURCE_DIR}/crypto/perlasm/arm-xlate.pl ${PROJECT_SOURCE_DIR}/crypto/perlasm/x86_64-xlate.pl ${PROJECT_SOURCE_DIR}/crypto/perlasm/x86asm.pl ${PROJECT_SOURCE_DIR}/crypto/perlasm/x86gas.pl @@ -72,6 +76,7 @@ if (${ARCH} STREQUAL "arm") CRYPTO_ARCH_SOURCES cpu-arm.c + cpu-arm-asm.S ) endif() @@ -123,6 +128,7 @@ add_subdirectory(ecdsa) add_subdirectory(hmac) # Level 3 +add_subdirectory(cmac) add_subdirectory(evp) add_subdirectory(hkdf) add_subdirectory(pem) @@ -132,15 +138,19 @@ add_subdirectory(x509v3) # Level 4 add_subdirectory(pkcs8) +# Test support code +add_subdirectory(test) + add_library( crypto crypto.c - crypto_error.c mem.c thread.c + thread_none.c + thread_pthread.c + thread_win.c ex_data.c - ex_data_impl.c time_support.c directory_posix.c directory_win.c @@ -178,6 +188,7 @@ add_library( $ $ $ + $ $ $ $ @@ -186,6 +197,10 @@ add_library( $ ) +if(NOT MSVC AND NOT ANDROID) + target_link_libraries(crypto pthread) +endif() + add_executable( constant_time_test @@ -194,5 +209,13 @@ add_executable( target_link_libraries(constant_time_test crypto) +add_executable( + thread_test + + thread_test.c +) + +target_link_libraries(thread_test crypto) + perlasm(cpu-x86_64-asm.${ASM_EXT} cpu-x86_64-asm.pl) perlasm(cpu-x86-asm.${ASM_EXT} cpu-x86-asm.pl) diff --git a/src/crypto/aes/aes.c b/src/crypto/aes/aes.c index 97b4fbd..933aa07 100644 --- a/src/crypto/aes/aes.c +++ b/src/crypto/aes/aes.c @@ -1033,17 +1033,25 @@ void AES_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) { #endif /* ?FULL_UNROLL */ /* apply last round and * map cipher state to byte array block: */ - s0 = (Td4[(t0 >> 24)] << 24) ^ (Td4[(t3 >> 16) & 0xff] << 16) ^ - (Td4[(t2 >> 8) & 0xff] << 8) ^ (Td4[(t1) & 0xff]) ^ rk[0]; + s0 = ((uint32_t)Td4[(t0 >> 24)] << 24) ^ + ((uint32_t)Td4[(t3 >> 16) & 0xff] << 16) ^ + ((uint32_t)Td4[(t2 >> 8) & 0xff] << 8) ^ + ((uint32_t)Td4[(t1) & 0xff]) ^ rk[0]; PUTU32(out, s0); - s1 = (Td4[(t1 >> 24)] << 24) ^ (Td4[(t0 >> 16) & 0xff] << 16) ^ - (Td4[(t3 >> 8) & 0xff] << 8) ^ (Td4[(t2) & 0xff]) ^ rk[1]; + s1 = ((uint32_t)Td4[(t1 >> 24)] << 24) ^ + ((uint32_t)Td4[(t0 >> 16) & 0xff] << 16) ^ + ((uint32_t)Td4[(t3 >> 8) & 0xff] << 8) ^ + ((uint32_t)Td4[(t2) & 0xff]) ^ rk[1]; PUTU32(out + 4, s1); - s2 = (Td4[(t2 >> 24)] << 24) ^ (Td4[(t1 >> 16) & 0xff] << 16) ^ - (Td4[(t0 >> 8) & 0xff] << 8) ^ (Td4[(t3) & 0xff]) ^ rk[2]; + s2 = ((uint32_t)Td4[(t2 >> 24)] << 24) ^ + ((uint32_t)Td4[(t1 >> 16) & 0xff] << 16) ^ + ((uint32_t)Td4[(t0 >> 8) & 0xff] << 8) ^ + ((uint32_t)Td4[(t3) & 0xff]) ^ rk[2]; PUTU32(out + 8, s2); - s3 = (Td4[(t3 >> 24)] << 24) ^ (Td4[(t2 >> 16) & 0xff] << 16) ^ - (Td4[(t1 >> 8) & 0xff] << 8) ^ (Td4[(t0) & 0xff]) ^ rk[3]; + s3 = ((uint32_t)Td4[(t3 >> 24)] << 24) ^ + ((uint32_t)Td4[(t2 >> 16) & 0xff] << 16) ^ + ((uint32_t)Td4[(t1 >> 8) & 0xff] << 8) ^ + ((uint32_t)Td4[(t0) & 0xff]) ^ rk[3]; PUTU32(out + 12, s3); } diff --git a/src/crypto/aes/asm/aes-armv4.pl b/src/crypto/aes/asm/aes-armv4.pl index 3bd9a6d..36cd3b6 100644 --- a/src/crypto/aes/asm/aes-armv4.pl +++ b/src/crypto/aes/asm/aes-armv4.pl @@ -32,8 +32,20 @@ # Profiler-assisted and platform-specific optimization resulted in 16% # improvement on Cortex A8 core and ~21.5 cycles per byte. -while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} -open STDOUT,">$output"; +$flavour = shift; +if ($flavour=~/^\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; } +else { while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} } + +if ($flavour && $flavour ne "void") { + $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; + ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or + ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or + die "can't locate arm-xlate.pl"; + + open STDOUT,"| \"$^X\" $xlate $flavour $output"; +} else { + open STDOUT,">$output"; +} $s0="r0"; $s1="r1"; @@ -63,7 +75,7 @@ $code=<<___; .code 32 #else .syntax unified -# ifdef __thumb2__ +# if defined(__thumb2__) && !defined(__APPLE__) .thumb # else .code 32 @@ -189,9 +201,13 @@ asm_AES_encrypt: adr r3,asm_AES_encrypt #endif stmdb sp!,{r1,r4-r12,lr} +#ifdef __APPLE__ + adr $tbl,AES_Te +#else + sub $tbl,r3,#asm_AES_encrypt-AES_Te @ Te +#endif mov $rounds,r0 @ inp mov $key,r2 - sub $tbl,r3,#asm_AES_encrypt-AES_Te @ Te #if __ARM_ARCH__<7 ldrb $s0,[$rounds,#3] @ load input data in endian-neutral ldrb $t1,[$rounds,#2] @ manner... @@ -460,12 +476,16 @@ _armv4_AES_set_encrypt_key: bne .Labrt .Lok: stmdb sp!,{r4-r12,lr} - sub $tbl,r3,#_armv4_AES_set_encrypt_key-AES_Te-1024 @ Te4 - mov $rounds,r0 @ inp mov lr,r1 @ bits mov $key,r2 @ key +#ifdef __APPLE__ + adr $tbl,AES_Te+1024 @ Te4 +#else + sub $tbl,r3,#_armv4_AES_set_encrypt_key-AES_Te-1024 @ Te4 +#endif + #if __ARM_ARCH__<7 ldrb $s0,[$rounds,#3] @ load input data in endian-neutral ldrb $t1,[$rounds,#2] @ manner... @@ -718,8 +738,8 @@ _armv4_AES_set_encrypt_key: .Ldone: mov r0,#0 ldmia sp!,{r4-r12,lr} .Labrt: -#if defined(__thumb2__) && __ARM_ARCH__>=7 - .short 0x4770 @ bx lr in Thumb2 encoding +#if __ARM_ARCH__>=5 + ret @ bx lr #else tst lr,#1 moveq pc,lr @ be binary compatible with V4, yet @@ -961,9 +981,13 @@ asm_AES_decrypt: adr r3,asm_AES_decrypt #endif stmdb sp!,{r1,r4-r12,lr} +#ifdef __APPLE__ + adr $tbl,AES_Td +#else + sub $tbl,r3,#asm_AES_decrypt-AES_Td @ Td +#endif mov $rounds,r0 @ inp mov $key,r2 - sub $tbl,r3,#asm_AES_decrypt-AES_Td @ Td #if __ARM_ARCH__<7 ldrb $s0,[$rounds,#3] @ load input data in endian-neutral ldrb $t1,[$rounds,#2] @ manner... @@ -1211,6 +1235,7 @@ _armv4_AES_decrypt: ___ $code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm; # make it possible to compile with -march=armv4 +$code =~ s/\bret\b/bx\tlr/gm; open SELF,$0; while() { diff --git a/src/crypto/aes/asm/aesni-x86.pl b/src/crypto/aes/asm/aesni-x86.pl index 3deb86a..f67df8c 100644 --- a/src/crypto/aes/asm/aesni-x86.pl +++ b/src/crypto/aes/asm/aesni-x86.pl @@ -51,7 +51,7 @@ # Westmere 3.77/1.37 1.37 1.52 1.27 # * Bridge 5.07/0.98 0.99 1.09 0.91 # Haswell 4.44/0.80 0.97 1.03 0.72 -# Atom 5.77/3.56 3.67 4.03 3.46 +# Silvermont 5.77/3.56 3.67 4.03 3.46 # Bulldozer 5.80/0.98 1.05 1.24 0.93 $PREFIX="aesni"; # if $PREFIX is set to "AES", the script @@ -65,6 +65,9 @@ require "x86asm.pl"; &asm_init($ARGV[0],$0); +&external_label("OPENSSL_ia32cap_P"); +&static_label("key_const"); + if ($PREFIX eq "aesni") { $movekey=\&movups; } else { $movekey=\&movups; } @@ -181,7 +184,10 @@ sub aesni_generate1 # fully unrolled loop { &aesni_inline_generate1("enc"); } else { &call ("_aesni_encrypt1"); } + &pxor ($rndkey0,$rndkey0); # clear register bank + &pxor ($rndkey1,$rndkey1); &movups (&QWP(0,"eax"),$inout0); + &pxor ($inout0,$inout0); &ret (); &function_end_B("${PREFIX}_encrypt"); @@ -197,7 +203,10 @@ sub aesni_generate1 # fully unrolled loop { &aesni_inline_generate1("dec"); } else { &call ("_aesni_decrypt1"); } + &pxor ($rndkey0,$rndkey0); # clear register bank + &pxor ($rndkey1,$rndkey1); &movups (&QWP(0,"eax"),$inout0); + &pxor ($inout0,$inout0); &ret (); &function_end_B("${PREFIX}_decrypt"); @@ -349,17 +358,15 @@ sub aesni_generate6 &neg ($rounds); eval"&aes${p} ($inout2,$rndkey1)"; &pxor ($inout5,$rndkey0); + &$movekey ($rndkey0,&QWP(0,$key,$rounds)); &add ($rounds,16); - eval"&aes${p} ($inout3,$rndkey1)"; - eval"&aes${p} ($inout4,$rndkey1)"; - eval"&aes${p} ($inout5,$rndkey1)"; - &$movekey ($rndkey0,&QWP(-16,$key,$rounds)); - &jmp (&label("_aesni_${p}rypt6_enter")); + &jmp (&label("_aesni_${p}rypt6_inner")); &set_label("${p}6_loop",16); eval"&aes${p} ($inout0,$rndkey1)"; eval"&aes${p} ($inout1,$rndkey1)"; eval"&aes${p} ($inout2,$rndkey1)"; + &set_label("_aesni_${p}rypt6_inner"); eval"&aes${p} ($inout3,$rndkey1)"; eval"&aes${p} ($inout4,$rndkey1)"; eval"&aes${p} ($inout5,$rndkey1)"; @@ -615,6 +622,14 @@ if ($PREFIX eq "aesni") { &movups (&QWP(0x30,$out),$inout3); &set_label("ecb_ret"); + &pxor ("xmm0","xmm0"); # clear register bank + &pxor ("xmm1","xmm1"); + &pxor ("xmm2","xmm2"); + &pxor ("xmm3","xmm3"); + &pxor ("xmm4","xmm4"); + &pxor ("xmm5","xmm5"); + &pxor ("xmm6","xmm6"); + &pxor ("xmm7","xmm7"); &function_end("aesni_ecb_encrypt"); ###################################################################### @@ -704,6 +719,15 @@ if ($PREFIX eq "aesni") { &mov ("esp",&DWP(48,"esp")); &mov ($out,&wparam(5)); &movups (&QWP(0,$out),$cmac); + + &pxor ("xmm0","xmm0"); # clear register bank + &pxor ("xmm1","xmm1"); + &pxor ("xmm2","xmm2"); + &pxor ("xmm3","xmm3"); + &pxor ("xmm4","xmm4"); + &pxor ("xmm5","xmm5"); + &pxor ("xmm6","xmm6"); + &pxor ("xmm7","xmm7"); &function_end("aesni_ccm64_encrypt_blocks"); &function_begin("aesni_ccm64_decrypt_blocks"); @@ -804,6 +828,15 @@ if ($PREFIX eq "aesni") { &mov ("esp",&DWP(48,"esp")); &mov ($out,&wparam(5)); &movups (&QWP(0,$out),$cmac); + + &pxor ("xmm0","xmm0"); # clear register bank + &pxor ("xmm1","xmm1"); + &pxor ("xmm2","xmm2"); + &pxor ("xmm3","xmm3"); + &pxor ("xmm4","xmm4"); + &pxor ("xmm5","xmm5"); + &pxor ("xmm6","xmm6"); + &pxor ("xmm7","xmm7"); &function_end("aesni_ccm64_decrypt_blocks"); } @@ -1053,6 +1086,17 @@ if ($PREFIX eq "aesni") { &movups (&QWP(0x30,$out),$inout3); &set_label("ctr32_ret"); + &pxor ("xmm0","xmm0"); # clear register bank + &pxor ("xmm1","xmm1"); + &pxor ("xmm2","xmm2"); + &pxor ("xmm3","xmm3"); + &pxor ("xmm4","xmm4"); + &movdqa (&QWP(32,"esp"),"xmm0"); # clear stack + &pxor ("xmm5","xmm5"); + &movdqa (&QWP(48,"esp"),"xmm0"); + &pxor ("xmm6","xmm6"); + &movdqa (&QWP(64,"esp"),"xmm0"); + &pxor ("xmm7","xmm7"); &mov ("esp",&DWP(80,"esp")); &function_end("aesni_ctr32_encrypt_blocks"); @@ -1394,6 +1438,20 @@ if ($PREFIX eq "aesni") { &movups (&QWP(-16,$out),$inout0); # write output &set_label("xts_enc_ret"); + &pxor ("xmm0","xmm0"); # clear register bank + &pxor ("xmm1","xmm1"); + &pxor ("xmm2","xmm2"); + &movdqa (&QWP(16*0,"esp"),"xmm0"); # clear stack + &pxor ("xmm3","xmm3"); + &movdqa (&QWP(16*1,"esp"),"xmm0"); + &pxor ("xmm4","xmm4"); + &movdqa (&QWP(16*2,"esp"),"xmm0"); + &pxor ("xmm5","xmm5"); + &movdqa (&QWP(16*3,"esp"),"xmm0"); + &pxor ("xmm6","xmm6"); + &movdqa (&QWP(16*4,"esp"),"xmm0"); + &pxor ("xmm7","xmm7"); + &movdqa (&QWP(16*5,"esp"),"xmm0"); &mov ("esp",&DWP(16*7+4,"esp")); # restore %esp &function_end("aesni_xts_encrypt"); @@ -1756,6 +1814,20 @@ if ($PREFIX eq "aesni") { &movups (&QWP(0,$out),$inout0); # write output &set_label("xts_dec_ret"); + &pxor ("xmm0","xmm0"); # clear register bank + &pxor ("xmm1","xmm1"); + &pxor ("xmm2","xmm2"); + &movdqa (&QWP(16*0,"esp"),"xmm0"); # clear stack + &pxor ("xmm3","xmm3"); + &movdqa (&QWP(16*1,"esp"),"xmm0"); + &pxor ("xmm4","xmm4"); + &movdqa (&QWP(16*2,"esp"),"xmm0"); + &pxor ("xmm5","xmm5"); + &movdqa (&QWP(16*3,"esp"),"xmm0"); + &pxor ("xmm6","xmm6"); + &movdqa (&QWP(16*4,"esp"),"xmm0"); + &pxor ("xmm7","xmm7"); + &movdqa (&QWP(16*5,"esp"),"xmm0"); &mov ("esp",&DWP(16*7+4,"esp")); # restore %esp &function_end("aesni_xts_decrypt"); } @@ -1808,6 +1880,7 @@ if ($PREFIX eq "aesni") { &add ($len,16); &jnz (&label("cbc_enc_tail")); &movaps ($ivec,$inout0); + &pxor ($inout0,$inout0); &jmp (&label("cbc_ret")); &set_label("cbc_enc_tail"); @@ -1871,7 +1944,7 @@ if ($PREFIX eq "aesni") { &movaps ($inout0,$inout5); &movaps ($ivec,$rndkey0); &add ($len,0x50); - &jle (&label("cbc_dec_tail_collected")); + &jle (&label("cbc_dec_clear_tail_collected")); &movups (&QWP(0,$out),$inout0); &lea ($out,&DWP(0x10,$out)); &set_label("cbc_dec_tail"); @@ -1910,10 +1983,14 @@ if ($PREFIX eq "aesni") { &xorps ($inout4,$rndkey0); &movups (&QWP(0,$out),$inout0); &movups (&QWP(0x10,$out),$inout1); + &pxor ($inout1,$inout1); &movups (&QWP(0x20,$out),$inout2); + &pxor ($inout2,$inout2); &movups (&QWP(0x30,$out),$inout3); + &pxor ($inout3,$inout3); &lea ($out,&DWP(0x40,$out)); &movaps ($inout0,$inout4); + &pxor ($inout4,$inout4); &sub ($len,0x50); &jmp (&label("cbc_dec_tail_collected")); @@ -1933,6 +2010,7 @@ if ($PREFIX eq "aesni") { &xorps ($inout1,$in0); &movups (&QWP(0,$out),$inout0); &movaps ($inout0,$inout1); + &pxor ($inout1,$inout1); &lea ($out,&DWP(0x10,$out)); &movaps ($ivec,$in1); &sub ($len,0x20); @@ -1945,7 +2023,9 @@ if ($PREFIX eq "aesni") { &xorps ($inout2,$in1); &movups (&QWP(0,$out),$inout0); &movaps ($inout0,$inout2); + &pxor ($inout2,$inout2); &movups (&QWP(0x10,$out),$inout1); + &pxor ($inout1,$inout1); &lea ($out,&DWP(0x20,$out)); &movups ($ivec,&QWP(0x20,$inp)); &sub ($len,0x30); @@ -1961,29 +2041,44 @@ if ($PREFIX eq "aesni") { &movups (&QWP(0,$out),$inout0); &xorps ($inout2,$rndkey1); &movups (&QWP(0x10,$out),$inout1); + &pxor ($inout1,$inout1); &xorps ($inout3,$rndkey0); &movups (&QWP(0x20,$out),$inout2); + &pxor ($inout2,$inout2); &lea ($out,&DWP(0x30,$out)); &movaps ($inout0,$inout3); + &pxor ($inout3,$inout3); &sub ($len,0x40); + &jmp (&label("cbc_dec_tail_collected")); +&set_label("cbc_dec_clear_tail_collected",16); + &pxor ($inout1,$inout1); + &pxor ($inout2,$inout2); + &pxor ($inout3,$inout3); + &pxor ($inout4,$inout4); &set_label("cbc_dec_tail_collected"); &and ($len,15); &jnz (&label("cbc_dec_tail_partial")); &movups (&QWP(0,$out),$inout0); + &pxor ($rndkey0,$rndkey0); &jmp (&label("cbc_ret")); &set_label("cbc_dec_tail_partial",16); &movaps (&QWP(0,"esp"),$inout0); + &pxor ($rndkey0,$rndkey0); &mov ("ecx",16); &mov ($inp,"esp"); &sub ("ecx",$len); &data_word(0xA4F3F689); # rep movsb + &movdqa (&QWP(0,"esp"),$inout0); &set_label("cbc_ret"); &mov ("esp",&DWP(16,"esp")); # pull original %esp &mov ($key_,&wparam(4)); + &pxor ($inout0,$inout0); + &pxor ($rndkey1,$rndkey1); &movups (&QWP(0,$key_),$ivec); # output IV + &pxor ($ivec,$ivec); &set_label("cbc_abort"); &function_end("${PREFIX}_cbc_encrypt"); @@ -2000,14 +2095,24 @@ if ($PREFIX eq "aesni") { # $round rounds &function_begin_B("_aesni_set_encrypt_key"); + &push ("ebp"); + &push ("ebx"); &test ("eax","eax"); &jz (&label("bad_pointer")); &test ($key,$key); &jz (&label("bad_pointer")); + &call (&label("pic")); +&set_label("pic"); + &blindpop("ebx"); + &lea ("ebx",&DWP(&label("key_const")."-".&label("pic"),"ebx")); + + &picmeup("ebp","OPENSSL_ia32cap_P","ebx",&label("key_const")); &movups ("xmm0",&QWP(0,"eax")); # pull first 128 bits of *userKey &xorps ("xmm4","xmm4"); # low dword of xmm4 is assumed 0 + &mov ("ebp",&DWP(4,"ebp")); &lea ($key,&DWP(16,$key)); + &and ("ebp",1<<28|1<<11); # AVX and XOP bits &cmp ($rounds,256); &je (&label("14rounds")); &cmp ($rounds,192); @@ -2016,6 +2121,9 @@ if ($PREFIX eq "aesni") { &jne (&label("bad_keybits")); &set_label("10rounds",16); + &cmp ("ebp",1<<28); + &je (&label("10rounds_alt")); + &mov ($rounds,9); &$movekey (&QWP(-16,$key),"xmm0"); # round 0 &aeskeygenassist("xmm1","xmm0",0x01); # round 1 @@ -2040,8 +2148,8 @@ if ($PREFIX eq "aesni") { &call (&label("key_128")); &$movekey (&QWP(0,$key),"xmm0"); &mov (&DWP(80,$key),$rounds); - &xor ("eax","eax"); - &ret(); + + &jmp (&label("good_key")); &set_label("key_128",16); &$movekey (&QWP(0,$key),"xmm0"); @@ -2055,8 +2163,76 @@ if ($PREFIX eq "aesni") { &xorps ("xmm0","xmm1"); &ret(); +&set_label("10rounds_alt",16); + &movdqa ("xmm5",&QWP(0x00,"ebx")); + &mov ($rounds,8); + &movdqa ("xmm4",&QWP(0x20,"ebx")); + &movdqa ("xmm2","xmm0"); + &movdqu (&QWP(-16,$key),"xmm0"); + +&set_label("loop_key128"); + &pshufb ("xmm0","xmm5"); + &aesenclast ("xmm0","xmm4"); + &pslld ("xmm4",1); + &lea ($key,&DWP(16,$key)); + + &movdqa ("xmm3","xmm2"); + &pslldq ("xmm2",4); + &pxor ("xmm3","xmm2"); + &pslldq ("xmm2",4); + &pxor ("xmm3","xmm2"); + &pslldq ("xmm2",4); + &pxor ("xmm2","xmm3"); + + &pxor ("xmm0","xmm2"); + &movdqu (&QWP(-16,$key),"xmm0"); + &movdqa ("xmm2","xmm0"); + + &dec ($rounds); + &jnz (&label("loop_key128")); + + &movdqa ("xmm4",&QWP(0x30,"ebx")); + + &pshufb ("xmm0","xmm5"); + &aesenclast ("xmm0","xmm4"); + &pslld ("xmm4",1); + + &movdqa ("xmm3","xmm2"); + &pslldq ("xmm2",4); + &pxor ("xmm3","xmm2"); + &pslldq ("xmm2",4); + &pxor ("xmm3","xmm2"); + &pslldq ("xmm2",4); + &pxor ("xmm2","xmm3"); + + &pxor ("xmm0","xmm2"); + &movdqu (&QWP(0,$key),"xmm0"); + + &movdqa ("xmm2","xmm0"); + &pshufb ("xmm0","xmm5"); + &aesenclast ("xmm0","xmm4"); + + &movdqa ("xmm3","xmm2"); + &pslldq ("xmm2",4); + &pxor ("xmm3","xmm2"); + &pslldq ("xmm2",4); + &pxor ("xmm3","xmm2"); + &pslldq ("xmm2",4); + &pxor ("xmm2","xmm3"); + + &pxor ("xmm0","xmm2"); + &movdqu (&QWP(16,$key),"xmm0"); + + &mov ($rounds,9); + &mov (&DWP(96,$key),$rounds); + + &jmp (&label("good_key")); + &set_label("12rounds",16); &movq ("xmm2",&QWP(16,"eax")); # remaining 1/3 of *userKey + &cmp ("ebp",1<<28); + &je (&label("12rounds_alt")); + &mov ($rounds,11); &$movekey (&QWP(-16,$key),"xmm0"); # round 0 &aeskeygenassist("xmm1","xmm2",0x01); # round 1,2 @@ -2077,8 +2253,8 @@ if ($PREFIX eq "aesni") { &call (&label("key_192b")); &$movekey (&QWP(0,$key),"xmm0"); &mov (&DWP(48,$key),$rounds); - &xor ("eax","eax"); - &ret(); + + &jmp (&label("good_key")); &set_label("key_192a",16); &$movekey (&QWP(0,$key),"xmm0"); @@ -2108,10 +2284,52 @@ if ($PREFIX eq "aesni") { &lea ($key,&DWP(32,$key)); &jmp (&label("key_192b_warm")); +&set_label("12rounds_alt",16); + &movdqa ("xmm5",&QWP(0x10,"ebx")); + &movdqa ("xmm4",&QWP(0x20,"ebx")); + &mov ($rounds,8); + &movdqu (&QWP(-16,$key),"xmm0"); + +&set_label("loop_key192"); + &movq (&QWP(0,$key),"xmm2"); + &movdqa ("xmm1","xmm2"); + &pshufb ("xmm2","xmm5"); + &aesenclast ("xmm2","xmm4"); + &pslld ("xmm4",1); + &lea ($key,&DWP(24,$key)); + + &movdqa ("xmm3","xmm0"); + &pslldq ("xmm0",4); + &pxor ("xmm3","xmm0"); + &pslldq ("xmm0",4); + &pxor ("xmm3","xmm0"); + &pslldq ("xmm0",4); + &pxor ("xmm0","xmm3"); + + &pshufd ("xmm3","xmm0",0xff); + &pxor ("xmm3","xmm1"); + &pslldq ("xmm1",4); + &pxor ("xmm3","xmm1"); + + &pxor ("xmm0","xmm2"); + &pxor ("xmm2","xmm3"); + &movdqu (&QWP(-16,$key),"xmm0"); + + &dec ($rounds); + &jnz (&label("loop_key192")); + + &mov ($rounds,11); + &mov (&DWP(32,$key),$rounds); + + &jmp (&label("good_key")); + &set_label("14rounds",16); &movups ("xmm2",&QWP(16,"eax")); # remaining half of *userKey - &mov ($rounds,13); &lea ($key,&DWP(16,$key)); + &cmp ("ebp",1<<28); + &je (&label("14rounds_alt")); + + &mov ($rounds,13); &$movekey (&QWP(-32,$key),"xmm0"); # round 0 &$movekey (&QWP(-16,$key),"xmm2"); # round 1 &aeskeygenassist("xmm1","xmm2",0x01); # round 2 @@ -2143,7 +2361,8 @@ if ($PREFIX eq "aesni") { &$movekey (&QWP(0,$key),"xmm0"); &mov (&DWP(16,$key),$rounds); &xor ("eax","eax"); - &ret(); + + &jmp (&label("good_key")); &set_label("key_256a",16); &$movekey (&QWP(0,$key),"xmm2"); @@ -2169,11 +2388,77 @@ if ($PREFIX eq "aesni") { &xorps ("xmm2","xmm1"); &ret(); +&set_label("14rounds_alt",16); + &movdqa ("xmm5",&QWP(0x00,"ebx")); + &movdqa ("xmm4",&QWP(0x20,"ebx")); + &mov ($rounds,7); + &movdqu (&QWP(-32,$key),"xmm0"); + &movdqa ("xmm1","xmm2"); + &movdqu (&QWP(-16,$key),"xmm2"); + +&set_label("loop_key256"); + &pshufb ("xmm2","xmm5"); + &aesenclast ("xmm2","xmm4"); + + &movdqa ("xmm3","xmm0"); + &pslldq ("xmm0",4); + &pxor ("xmm3","xmm0"); + &pslldq ("xmm0",4); + &pxor ("xmm3","xmm0"); + &pslldq ("xmm0",4); + &pxor ("xmm0","xmm3"); + &pslld ("xmm4",1); + + &pxor ("xmm0","xmm2"); + &movdqu (&QWP(0,$key),"xmm0"); + + &dec ($rounds); + &jz (&label("done_key256")); + + &pshufd ("xmm2","xmm0",0xff); + &pxor ("xmm3","xmm3"); + &aesenclast ("xmm2","xmm3"); + + &movdqa ("xmm3","xmm1") + &pslldq ("xmm1",4); + &pxor ("xmm3","xmm1"); + &pslldq ("xmm1",4); + &pxor ("xmm3","xmm1"); + &pslldq ("xmm1",4); + &pxor ("xmm1","xmm3"); + + &pxor ("xmm2","xmm1"); + &movdqu (&QWP(16,$key),"xmm2"); + &lea ($key,&DWP(32,$key)); + &movdqa ("xmm1","xmm2"); + &jmp (&label("loop_key256")); + +&set_label("done_key256"); + &mov ($rounds,13); + &mov (&DWP(16,$key),$rounds); + +&set_label("good_key"); + &pxor ("xmm0","xmm0"); + &pxor ("xmm1","xmm1"); + &pxor ("xmm2","xmm2"); + &pxor ("xmm3","xmm3"); + &pxor ("xmm4","xmm4"); + &pxor ("xmm5","xmm5"); + &xor ("eax","eax"); + &pop ("ebx"); + &pop ("ebp"); + &ret (); + &set_label("bad_pointer",4); &mov ("eax",-1); + &pop ("ebx"); + &pop ("ebp"); &ret (); &set_label("bad_keybits",4); + &pxor ("xmm0","xmm0"); &mov ("eax",-2); + &pop ("ebx"); + &pop ("ebp"); &ret (); &function_end_B("_aesni_set_encrypt_key"); @@ -2223,10 +2508,18 @@ if ($PREFIX eq "aesni") { &aesimc ("xmm0","xmm0"); &$movekey (&QWP(0,$key),"xmm0"); + &pxor ("xmm0","xmm0"); + &pxor ("xmm1","xmm1"); &xor ("eax","eax"); # return success &set_label("dec_key_ret"); &ret (); &function_end_B("${PREFIX}_set_decrypt_key"); + +&set_label("key_const",64); +&data_word(0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d); +&data_word(0x04070605,0x04070605,0x04070605,0x04070605); +&data_word(1,1,1,1); +&data_word(0x1b,0x1b,0x1b,0x1b); &asciz("AES for Intel AES-NI, CRYPTOGAMS by "); &asm_finish(); diff --git a/src/crypto/aes/asm/aesni-x86_64.pl b/src/crypto/aes/asm/aesni-x86_64.pl index 5f61746..25ca574 100644 --- a/src/crypto/aes/asm/aesni-x86_64.pl +++ b/src/crypto/aes/asm/aesni-x86_64.pl @@ -165,11 +165,11 @@ # Westmere 3.77/1.25 1.25 1.25 1.26 # * Bridge 5.07/0.74 0.75 0.90 0.85 # Haswell 4.44/0.63 0.63 0.73 0.63 -# Atom 5.75/3.54 3.56 4.12 3.87(*) +# Silvermont 5.75/3.54 3.56 4.12 3.87(*) # Bulldozer 5.77/0.70 0.72 0.90 0.70 # -# (*) Atom ECB result is suboptimal because of penalties incurred -# by operations on %xmm8-15. As ECB is not considered +# (*) Atom Silvermont ECB result is suboptimal because of penalties +# incurred by operations on %xmm8-15. As ECB is not considered # critical, nothing was done to mitigate the problem. $PREFIX="aesni"; # if $PREFIX is set to "AES", the script @@ -263,7 +263,10 @@ ${PREFIX}_encrypt: ___ &aesni_generate1("enc",$key,$rounds); $code.=<<___; + pxor $rndkey0,$rndkey0 # clear register bank + pxor $rndkey1,$rndkey1 movups $inout0,($out) # output + pxor $inout0,$inout0 ret .size ${PREFIX}_encrypt,.-${PREFIX}_encrypt @@ -276,7 +279,10 @@ ${PREFIX}_decrypt: ___ &aesni_generate1("dec",$key,$rounds); $code.=<<___; + pxor $rndkey0,$rndkey0 # clear register bank + pxor $rndkey1,$rndkey1 movups $inout0,($out) # output + pxor $inout0,$inout0 ret .size ${PREFIX}_decrypt, .-${PREFIX}_decrypt ___ @@ -445,21 +451,18 @@ _aesni_${dir}rypt6: pxor $rndkey0,$inout4 aes${dir} $rndkey1,$inout2 pxor $rndkey0,$inout5 + $movkey ($key,%rax),$rndkey0 add \$16,%rax - aes${dir} $rndkey1,$inout3 - aes${dir} $rndkey1,$inout4 - aes${dir} $rndkey1,$inout5 - $movkey -16($key,%rax),$rndkey0 jmp .L${dir}_loop6_enter .align 16 .L${dir}_loop6: aes${dir} $rndkey1,$inout0 aes${dir} $rndkey1,$inout1 aes${dir} $rndkey1,$inout2 +.L${dir}_loop6_enter: aes${dir} $rndkey1,$inout3 aes${dir} $rndkey1,$inout4 aes${dir} $rndkey1,$inout5 -.L${dir}_loop6_enter: $movkey ($key,%rax),$rndkey1 add \$32,%rax aes${dir} $rndkey0,$inout0 @@ -506,23 +509,18 @@ _aesni_${dir}rypt8: lea 32($key,$rounds),$key neg %rax # $rounds aes${dir} $rndkey1,$inout0 - add \$16,%rax pxor $rndkey0,$inout5 - aes${dir} $rndkey1,$inout1 pxor $rndkey0,$inout6 + aes${dir} $rndkey1,$inout1 pxor $rndkey0,$inout7 - aes${dir} $rndkey1,$inout2 - aes${dir} $rndkey1,$inout3 - aes${dir} $rndkey1,$inout4 - aes${dir} $rndkey1,$inout5 - aes${dir} $rndkey1,$inout6 - aes${dir} $rndkey1,$inout7 - $movkey -16($key,%rax),$rndkey0 - jmp .L${dir}_loop8_enter + $movkey ($key,%rax),$rndkey0 + add \$16,%rax + jmp .L${dir}_loop8_inner .align 16 .L${dir}_loop8: aes${dir} $rndkey1,$inout0 aes${dir} $rndkey1,$inout1 +.L${dir}_loop8_inner: aes${dir} $rndkey1,$inout2 aes${dir} $rndkey1,$inout3 aes${dir} $rndkey1,$inout4 @@ -587,15 +585,15 @@ aesni_ecb_encrypt: ___ $code.=<<___ if ($win64); lea -0x58(%rsp),%rsp - movaps %xmm6,(%rsp) + movaps %xmm6,(%rsp) # offload $inout4..7 movaps %xmm7,0x10(%rsp) movaps %xmm8,0x20(%rsp) movaps %xmm9,0x30(%rsp) .Lecb_enc_body: ___ $code.=<<___; - and \$-16,$len - jz .Lecb_ret + and \$-16,$len # if ($len<16) + jz .Lecb_ret # return mov 240($key),$rounds # key->rounds $movkey ($key),$rndkey0 @@ -604,10 +602,10 @@ $code.=<<___; test %r8d,%r8d # 5th argument jz .Lecb_decrypt #--------------------------- ECB ENCRYPT ------------------------------# - cmp \$0x80,$len - jb .Lecb_enc_tail + cmp \$0x80,$len # if ($len<8*16) + jb .Lecb_enc_tail # short input - movdqu ($inp),$inout0 + movdqu ($inp),$inout0 # load 8 input blocks movdqu 0x10($inp),$inout1 movdqu 0x20($inp),$inout2 movdqu 0x30($inp),$inout3 @@ -615,14 +613,14 @@ $code.=<<___; movdqu 0x50($inp),$inout5 movdqu 0x60($inp),$inout6 movdqu 0x70($inp),$inout7 - lea 0x80($inp),$inp - sub \$0x80,$len + lea 0x80($inp),$inp # $inp+=8*16 + sub \$0x80,$len # $len-=8*16 (can be zero) jmp .Lecb_enc_loop8_enter .align 16 .Lecb_enc_loop8: - movups $inout0,($out) + movups $inout0,($out) # store 8 output blocks mov $key_,$key # restore $key - movdqu ($inp),$inout0 + movdqu ($inp),$inout0 # load 8 input blocks mov $rnds_,$rounds # restore $rounds movups $inout1,0x10($out) movdqu 0x10($inp),$inout1 @@ -637,17 +635,17 @@ $code.=<<___; movups $inout6,0x60($out) movdqu 0x60($inp),$inout6 movups $inout7,0x70($out) - lea 0x80($out),$out + lea 0x80($out),$out # $out+=8*16 movdqu 0x70($inp),$inout7 - lea 0x80($inp),$inp + lea 0x80($inp),$inp # $inp+=8*16 .Lecb_enc_loop8_enter: call _aesni_encrypt8 sub \$0x80,$len - jnc .Lecb_enc_loop8 + jnc .Lecb_enc_loop8 # loop if $len-=8*16 didn't borrow - movups $inout0,($out) + movups $inout0,($out) # store 8 output blocks mov $key_,$key # restore $key movups $inout1,0x10($out) mov $rnds_,$rounds # restore $rounds @@ -657,11 +655,11 @@ $code.=<<___; movups $inout5,0x50($out) movups $inout6,0x60($out) movups $inout7,0x70($out) - lea 0x80($out),$out - add \$0x80,$len - jz .Lecb_ret + lea 0x80($out),$out # $out+=8*16 + add \$0x80,$len # restore real remaining $len + jz .Lecb_ret # done if ($len==0) -.Lecb_enc_tail: +.Lecb_enc_tail: # $len is less than 8*16 movups ($inp),$inout0 cmp \$0x20,$len jb .Lecb_enc_one @@ -678,8 +676,9 @@ $code.=<<___; movups 0x50($inp),$inout5 je .Lecb_enc_six movdqu 0x60($inp),$inout6 + xorps $inout7,$inout7 call _aesni_encrypt8 - movups $inout0,($out) + movups $inout0,($out) # store 7 output blocks movups $inout1,0x10($out) movups $inout2,0x20($out) movups $inout3,0x30($out) @@ -692,25 +691,25 @@ $code.=<<___; ___ &aesni_generate1("enc",$key,$rounds); $code.=<<___; - movups $inout0,($out) + movups $inout0,($out) # store one output block jmp .Lecb_ret .align 16 .Lecb_enc_two: call _aesni_encrypt2 - movups $inout0,($out) + movups $inout0,($out) # store 2 output blocks movups $inout1,0x10($out) jmp .Lecb_ret .align 16 .Lecb_enc_three: call _aesni_encrypt3 - movups $inout0,($out) + movups $inout0,($out) # store 3 output blocks movups $inout1,0x10($out) movups $inout2,0x20($out) jmp .Lecb_ret .align 16 .Lecb_enc_four: call _aesni_encrypt4 - movups $inout0,($out) + movups $inout0,($out) # store 4 output blocks movups $inout1,0x10($out) movups $inout2,0x20($out) movups $inout3,0x30($out) @@ -719,7 +718,7 @@ $code.=<<___; .Lecb_enc_five: xorps $inout5,$inout5 call _aesni_encrypt6 - movups $inout0,($out) + movups $inout0,($out) # store 5 output blocks movups $inout1,0x10($out) movups $inout2,0x20($out) movups $inout3,0x30($out) @@ -728,7 +727,7 @@ $code.=<<___; .align 16 .Lecb_enc_six: call _aesni_encrypt6 - movups $inout0,($out) + movups $inout0,($out) # store 6 output blocks movups $inout1,0x10($out) movups $inout2,0x20($out) movups $inout3,0x30($out) @@ -738,10 +737,10 @@ $code.=<<___; #--------------------------- ECB DECRYPT ------------------------------# .align 16 .Lecb_decrypt: - cmp \$0x80,$len - jb .Lecb_dec_tail + cmp \$0x80,$len # if ($len<8*16) + jb .Lecb_dec_tail # short input - movdqu ($inp),$inout0 + movdqu ($inp),$inout0 # load 8 input blocks movdqu 0x10($inp),$inout1 movdqu 0x20($inp),$inout2 movdqu 0x30($inp),$inout3 @@ -749,14 +748,14 @@ $code.=<<___; movdqu 0x50($inp),$inout5 movdqu 0x60($inp),$inout6 movdqu 0x70($inp),$inout7 - lea 0x80($inp),$inp - sub \$0x80,$len + lea 0x80($inp),$inp # $inp+=8*16 + sub \$0x80,$len # $len-=8*16 (can be zero) jmp .Lecb_dec_loop8_enter .align 16 .Lecb_dec_loop8: - movups $inout0,($out) + movups $inout0,($out) # store 8 output blocks mov $key_,$key # restore $key - movdqu ($inp),$inout0 + movdqu ($inp),$inout0 # load 8 input blocks mov $rnds_,$rounds # restore $rounds movups $inout1,0x10($out) movdqu 0x10($inp),$inout1 @@ -771,30 +770,38 @@ $code.=<<___; movups $inout6,0x60($out) movdqu 0x60($inp),$inout6 movups $inout7,0x70($out) - lea 0x80($out),$out + lea 0x80($out),$out # $out+=8*16 movdqu 0x70($inp),$inout7 - lea 0x80($inp),$inp + lea 0x80($inp),$inp # $inp+=8*16 .Lecb_dec_loop8_enter: call _aesni_decrypt8 $movkey ($key_),$rndkey0 sub \$0x80,$len - jnc .Lecb_dec_loop8 + jnc .Lecb_dec_loop8 # loop if $len-=8*16 didn't borrow - movups $inout0,($out) + movups $inout0,($out) # store 8 output blocks + pxor $inout0,$inout0 # clear register bank mov $key_,$key # restore $key movups $inout1,0x10($out) + pxor $inout1,$inout1 mov $rnds_,$rounds # restore $rounds movups $inout2,0x20($out) + pxor $inout2,$inout2 movups $inout3,0x30($out) + pxor $inout3,$inout3 movups $inout4,0x40($out) + pxor $inout4,$inout4 movups $inout5,0x50($out) + pxor $inout5,$inout5 movups $inout6,0x60($out) + pxor $inout6,$inout6 movups $inout7,0x70($out) - lea 0x80($out),$out - add \$0x80,$len - jz .Lecb_ret + pxor $inout7,$inout7 + lea 0x80($out),$out # $out+=8*16 + add \$0x80,$len # restore real remaining $len + jz .Lecb_ret # done if ($len==0) .Lecb_dec_tail: movups ($inp),$inout0 @@ -814,70 +821,107 @@ $code.=<<___; je .Lecb_dec_six movups 0x60($inp),$inout6 $movkey ($key),$rndkey0 + xorps $inout7,$inout7 call _aesni_decrypt8 - movups $inout0,($out) + movups $inout0,($out) # store 7 output blocks + pxor $inout0,$inout0 # clear register bank movups $inout1,0x10($out) + pxor $inout1,$inout1 movups $inout2,0x20($out) + pxor $inout2,$inout2 movups $inout3,0x30($out) + pxor $inout3,$inout3 movups $inout4,0x40($out) + pxor $inout4,$inout4 movups $inout5,0x50($out) + pxor $inout5,$inout5 movups $inout6,0x60($out) + pxor $inout6,$inout6 + pxor $inout7,$inout7 jmp .Lecb_ret .align 16 .Lecb_dec_one: ___ &aesni_generate1("dec",$key,$rounds); $code.=<<___; - movups $inout0,($out) + movups $inout0,($out) # store one output block + pxor $inout0,$inout0 # clear register bank jmp .Lecb_ret .align 16 .Lecb_dec_two: call _aesni_decrypt2 - movups $inout0,($out) + movups $inout0,($out) # store 2 output blocks + pxor $inout0,$inout0 # clear register bank movups $inout1,0x10($out) + pxor $inout1,$inout1 jmp .Lecb_ret .align 16 .Lecb_dec_three: call _aesni_decrypt3 - movups $inout0,($out) + movups $inout0,($out) # store 3 output blocks + pxor $inout0,$inout0 # clear register bank movups $inout1,0x10($out) + pxor $inout1,$inout1 movups $inout2,0x20($out) + pxor $inout2,$inout2 jmp .Lecb_ret .align 16 .Lecb_dec_four: call _aesni_decrypt4 - movups $inout0,($out) + movups $inout0,($out) # store 4 output blocks + pxor $inout0,$inout0 # clear register bank movups $inout1,0x10($out) + pxor $inout1,$inout1 movups $inout2,0x20($out) + pxor $inout2,$inout2 movups $inout3,0x30($out) + pxor $inout3,$inout3 jmp .Lecb_ret .align 16 .Lecb_dec_five: xorps $inout5,$inout5 call _aesni_decrypt6 - movups $inout0,($out) + movups $inout0,($out) # store 5 output blocks + pxor $inout0,$inout0 # clear register bank movups $inout1,0x10($out) + pxor $inout1,$inout1 movups $inout2,0x20($out) + pxor $inout2,$inout2 movups $inout3,0x30($out) + pxor $inout3,$inout3 movups $inout4,0x40($out) + pxor $inout4,$inout4 + pxor $inout5,$inout5 jmp .Lecb_ret .align 16 .Lecb_dec_six: call _aesni_decrypt6 - movups $inout0,($out) + movups $inout0,($out) # store 6 output blocks + pxor $inout0,$inout0 # clear register bank movups $inout1,0x10($out) + pxor $inout1,$inout1 movups $inout2,0x20($out) + pxor $inout2,$inout2 movups $inout3,0x30($out) + pxor $inout3,$inout3 movups $inout4,0x40($out) + pxor $inout4,$inout4 movups $inout5,0x50($out) + pxor $inout5,$inout5 .Lecb_ret: + xorps $rndkey0,$rndkey0 # %xmm0 + pxor $rndkey1,$rndkey1 ___ $code.=<<___ if ($win64); movaps (%rsp),%xmm6 + movaps %xmm0,(%rsp) # clear stack movaps 0x10(%rsp),%xmm7 + movaps %xmm0,0x10(%rsp) movaps 0x20(%rsp),%xmm8 + movaps %xmm0,0x20(%rsp) movaps 0x30(%rsp),%xmm9 + movaps %xmm0,0x30(%rsp) lea 0x58(%rsp),%rsp .Lecb_enc_ret: ___ @@ -911,10 +955,10 @@ aesni_ccm64_encrypt_blocks: ___ $code.=<<___ if ($win64); lea -0x58(%rsp),%rsp - movaps %xmm6,(%rsp) - movaps %xmm7,0x10(%rsp) - movaps %xmm8,0x20(%rsp) - movaps %xmm9,0x30(%rsp) + movaps %xmm6,(%rsp) # $iv + movaps %xmm7,0x10(%rsp) # $bswap_mask + movaps %xmm8,0x20(%rsp) # $in0 + movaps %xmm9,0x30(%rsp) # $increment .Lccm64_enc_body: ___ $code.=<<___; @@ -956,7 +1000,7 @@ $code.=<<___; aesenc $rndkey1,$inout0 aesenc $rndkey1,$inout1 paddq $increment,$iv - dec $len + dec $len # $len-- ($len is in blocks) aesenclast $rndkey0,$inout0 aesenclast $rndkey0,$inout1 @@ -965,16 +1009,26 @@ $code.=<<___; movdqa $iv,$inout0 movups $in0,($out) # save output pshufb $bswap_mask,$inout0 - lea 16($out),$out - jnz .Lccm64_enc_outer + lea 16($out),$out # $out+=16 + jnz .Lccm64_enc_outer # loop if ($len!=0) - movups $inout1,($cmac) + pxor $rndkey0,$rndkey0 # clear register bank + pxor $rndkey1,$rndkey1 + pxor $inout0,$inout0 + movups $inout1,($cmac) # store resulting mac + pxor $inout1,$inout1 + pxor $in0,$in0 + pxor $iv,$iv ___ $code.=<<___ if ($win64); movaps (%rsp),%xmm6 + movaps %xmm0,(%rsp) # clear stack movaps 0x10(%rsp),%xmm7 + movaps %xmm0,0x10(%rsp) movaps 0x20(%rsp),%xmm8 + movaps %xmm0,0x20(%rsp) movaps 0x30(%rsp),%xmm9 + movaps %xmm0,0x30(%rsp) lea 0x58(%rsp),%rsp .Lccm64_enc_ret: ___ @@ -991,10 +1045,10 @@ aesni_ccm64_decrypt_blocks: ___ $code.=<<___ if ($win64); lea -0x58(%rsp),%rsp - movaps %xmm6,(%rsp) - movaps %xmm7,0x10(%rsp) - movaps %xmm8,0x20(%rsp) - movaps %xmm9,0x30(%rsp) + movaps %xmm6,(%rsp) # $iv + movaps %xmm7,0x10(%rsp) # $bswap_mask + movaps %xmm8,0x20(%rsp) # $in8 + movaps %xmm9,0x30(%rsp) # $increment .Lccm64_dec_body: ___ $code.=<<___; @@ -1015,7 +1069,7 @@ $code.=<<___; mov \$16,$rounds movups ($inp),$in0 # load inp paddq $increment,$iv - lea 16($inp),$inp + lea 16($inp),$inp # $inp+=16 sub %r10,%rax # twisted $rounds lea 32($key_,$rnds_),$key # end of key schedule mov %rax,%r10 @@ -1025,11 +1079,11 @@ $code.=<<___; xorps $inout0,$in0 # inp ^= E(iv) movdqa $iv,$inout0 movups $in0,($out) # save output - lea 16($out),$out + lea 16($out),$out # $out+=16 pshufb $bswap_mask,$inout0 - sub \$1,$len - jz .Lccm64_dec_break + sub \$1,$len # $len-- ($len is in blocks) + jz .Lccm64_dec_break # if ($len==0) break $movkey ($key_),$rndkey0 mov %r10,%rax @@ -1049,13 +1103,13 @@ $code.=<<___; aesenc $rndkey0,$inout1 $movkey -16($key,%rax),$rndkey0 jnz .Lccm64_dec2_loop - movups ($inp),$in0 # load inp + movups ($inp),$in0 # load input paddq $increment,$iv aesenc $rndkey1,$inout0 aesenc $rndkey1,$inout1 aesenclast $rndkey0,$inout0 aesenclast $rndkey0,$inout1 - lea 16($inp),$inp + lea 16($inp),$inp # $inp+=16 jmp .Lccm64_dec_outer .align 16 @@ -1065,13 +1119,23 @@ $code.=<<___; ___ &aesni_generate1("enc",$key_,$rounds,$inout1,$in0); $code.=<<___; - movups $inout1,($cmac) + pxor $rndkey0,$rndkey0 # clear register bank + pxor $rndkey1,$rndkey1 + pxor $inout0,$inout0 + movups $inout1,($cmac) # store resulting mac + pxor $inout1,$inout1 + pxor $in0,$in0 + pxor $iv,$iv ___ $code.=<<___ if ($win64); movaps (%rsp),%xmm6 + movaps %xmm0,(%rsp) # clear stack movaps 0x10(%rsp),%xmm7 + movaps %xmm0,0x10(%rsp) movaps 0x20(%rsp),%xmm8 + movaps %xmm0,0x20(%rsp) movaps 0x30(%rsp),%xmm9 + movaps %xmm0,0x30(%rsp) lea 0x58(%rsp),%rsp .Lccm64_dec_ret: ___ @@ -1102,13 +1166,34 @@ $code.=<<___; .type aesni_ctr32_encrypt_blocks,\@function,5 .align 16 aesni_ctr32_encrypt_blocks: + cmp \$1,$len + jne .Lctr32_bulk + + # handle single block without allocating stack frame, + # useful when handling edges + movups ($ivp),$inout0 + movups ($inp),$inout1 + mov 240($key),%edx # key->rounds +___ + &aesni_generate1("enc",$key,"%edx"); +$code.=<<___; + pxor $rndkey0,$rndkey0 # clear register bank + pxor $rndkey1,$rndkey1 + xorps $inout1,$inout0 + pxor $inout1,$inout1 + movups $inout0,($out) + xorps $inout0,$inout0 + jmp .Lctr32_epilogue + +.align 16 +.Lctr32_bulk: lea (%rsp),%rax push %rbp sub \$$frame_size,%rsp and \$-16,%rsp # Linux kernel stack can be incorrectly seeded ___ $code.=<<___ if ($win64); - movaps %xmm6,-0xa8(%rax) + movaps %xmm6,-0xa8(%rax) # offload everything movaps %xmm7,-0x98(%rax) movaps %xmm8,-0x88(%rax) movaps %xmm9,-0x78(%rax) @@ -1123,8 +1208,8 @@ ___ $code.=<<___; lea -8(%rax),%rbp - cmp \$1,$len - je .Lctr32_one_shortcut + # 8 16-byte words on top of stack are counter values + # xor-ed with zero-round key movdqu ($ivp),$inout0 movdqu ($key),$rndkey0 @@ -1139,7 +1224,7 @@ $code.=<<___; movdqa $inout0,0x40(%rsp) movdqa $inout0,0x50(%rsp) movdqa $inout0,0x60(%rsp) - mov %rdx,%r10 # borrow %rdx + mov %rdx,%r10 # about to borrow %rdx movdqa $inout0,0x70(%rsp) lea 1($ctr),%rax @@ -1183,15 +1268,15 @@ $code.=<<___; movdqa 0x40(%rsp),$inout4 movdqa 0x50(%rsp),$inout5 - cmp \$8,$len - jb .Lctr32_tail + cmp \$8,$len # $len is in blocks + jb .Lctr32_tail # short input if ($len<8) - sub \$6,$len + sub \$6,$len # $len is biased by -6 cmp \$`1<<22`,%r10d # check for MOVBE without XSAVE - je .Lctr32_6x + je .Lctr32_6x # [which denotes Atom Silvermont] lea 0x80($key),$key # size optimization - sub \$2,$len + sub \$2,$len # $len is biased by -8 jmp .Lctr32_loop8 .align 16 @@ -1205,13 +1290,13 @@ $code.=<<___; .align 16 .Lctr32_loop6: - add \$6,$ctr + add \$6,$ctr # next counter value $movkey -48($key,$rnds_),$rndkey0 aesenc $rndkey1,$inout0 mov $ctr,%eax xor $key0,%eax aesenc $rndkey1,$inout1 - movbe %eax,`0x00+12`(%rsp) + movbe %eax,`0x00+12`(%rsp) # store next counter value lea 1($ctr),%eax aesenc $rndkey1,$inout2 xor $key0,%eax @@ -1244,16 +1329,16 @@ $code.=<<___; call .Lenc_loop6 - movdqu ($inp),$inout6 + movdqu ($inp),$inout6 # load 6 input blocks movdqu 0x10($inp),$inout7 movdqu 0x20($inp),$in0 movdqu 0x30($inp),$in1 movdqu 0x40($inp),$in2 movdqu 0x50($inp),$in3 - lea 0x60($inp),$inp + lea 0x60($inp),$inp # $inp+=6*16 $movkey -64($key,$rnds_),$rndkey1 - pxor $inout0,$inout6 - movaps 0x00(%rsp),$inout0 + pxor $inout0,$inout6 # inp^=E(ctr) + movaps 0x00(%rsp),$inout0 # load next counter [xor-ed with 0 round] pxor $inout1,$inout7 movaps 0x10(%rsp),$inout1 pxor $inout2,$in0 @@ -1264,19 +1349,19 @@ $code.=<<___; movaps 0x40(%rsp),$inout4 pxor $inout5,$in3 movaps 0x50(%rsp),$inout5 - movdqu $inout6,($out) + movdqu $inout6,($out) # store 6 output blocks movdqu $inout7,0x10($out) movdqu $in0,0x20($out) movdqu $in1,0x30($out) movdqu $in2,0x40($out) movdqu $in3,0x50($out) - lea 0x60($out),$out - + lea 0x60($out),$out # $out+=6*16 + sub \$6,$len - jnc .Lctr32_loop6 + jnc .Lctr32_loop6 # loop if $len-=6 didn't borrow - add \$6,$len - jz .Lctr32_done + add \$6,$len # restore real remaining $len + jz .Lctr32_done # done if ($len==0) lea -48($rnds_),$rounds lea -80($key,$rnds_),$key # restore $key @@ -1286,7 +1371,7 @@ $code.=<<___; .align 32 .Lctr32_loop8: - add \$8,$ctr + add \$8,$ctr # next counter value movdqa 0x60(%rsp),$inout6 aesenc $rndkey1,$inout0 mov $ctr,%r9d @@ -1298,7 +1383,7 @@ $code.=<<___; xor $key0,%r9d nop aesenc $rndkey1,$inout3 - mov %r9d,0x00+12(%rsp) + mov %r9d,0x00+12(%rsp) # store next counter value lea 1($ctr),%r9 aesenc $rndkey1,$inout4 aesenc $rndkey1,$inout5 @@ -1331,7 +1416,7 @@ $code.=<<___; aesenc $rndkey0,$inout1 aesenc $rndkey0,$inout2 xor $key0,%r9d - movdqu 0x00($inp),$in0 + movdqu 0x00($inp),$in0 # start loading input aesenc $rndkey0,$inout3 mov %r9d,0x70+12(%rsp) cmp \$11,$rounds @@ -1388,7 +1473,7 @@ $code.=<<___; .align 16 .Lctr32_enc_done: movdqu 0x10($inp),$in1 - pxor $rndkey0,$in0 + pxor $rndkey0,$in0 # input^=round[last] movdqu 0x20($inp),$in2 pxor $rndkey0,$in1 movdqu 0x30($inp),$in3 @@ -1406,11 +1491,11 @@ $code.=<<___; aesenc $rndkey1,$inout5 aesenc $rndkey1,$inout6 aesenc $rndkey1,$inout7 - movdqu 0x60($inp),$rndkey1 - lea 0x80($inp),$inp + movdqu 0x60($inp),$rndkey1 # borrow $rndkey1 for inp[6] + lea 0x80($inp),$inp # $inp+=8*16 - aesenclast $in0,$inout0 - pxor $rndkey0,$rndkey1 + aesenclast $in0,$inout0 # $inN is inp[N]^round[last] + pxor $rndkey0,$rndkey1 # borrowed $rndkey movdqu 0x70-0x80($inp),$in0 aesenclast $in1,$inout1 pxor $rndkey0,$in0 @@ -1425,10 +1510,10 @@ $code.=<<___; movdqa 0x40(%rsp),$in5 aesenclast $rndkey1,$inout6 movdqa 0x50(%rsp),$rndkey0 - $movkey 0x10-0x80($key),$rndkey1 + $movkey 0x10-0x80($key),$rndkey1#real 1st-round key aesenclast $in0,$inout7 - movups $inout0,($out) # store output + movups $inout0,($out) # store 8 output blocks movdqa $in1,$inout0 movups $inout1,0x10($out) movdqa $in2,$inout1 @@ -1442,21 +1527,24 @@ $code.=<<___; movdqa $rndkey0,$inout5 movups $inout6,0x60($out) movups $inout7,0x70($out) - lea 0x80($out),$out - + lea 0x80($out),$out # $out+=8*16 + sub \$8,$len - jnc .Lctr32_loop8 + jnc .Lctr32_loop8 # loop if $len-=8 didn't borrow - add \$8,$len - jz .Lctr32_done + add \$8,$len # restore real remainig $len + jz .Lctr32_done # done if ($len==0) lea -0x80($key),$key .Lctr32_tail: + # note that at this point $inout0..5 are populated with + # counter values xor-ed with 0-round key lea 16($key),$key cmp \$4,$len jb .Lctr32_loop3 je .Lctr32_loop4 + # if ($len>4) compute 7 E(counter) shl \$4,$rounds movdqa 0x60(%rsp),$inout6 pxor $inout7,$inout7 @@ -1464,14 +1552,14 @@ $code.=<<___; $movkey 16($key),$rndkey0 aesenc $rndkey1,$inout0 aesenc $rndkey1,$inout1 - lea 32-16($key,$rounds),$key + lea 32-16($key,$rounds),$key# prepare for .Lenc_loop8_enter neg %rax aesenc $rndkey1,$inout2 - add \$16,%rax + add \$16,%rax # prepare for .Lenc_loop8_enter movups ($inp),$in0 aesenc $rndkey1,$inout3 aesenc $rndkey1,$inout4 - movups 0x10($inp),$in1 + movups 0x10($inp),$in1 # pre-load input movups 0x20($inp),$in2 aesenc $rndkey1,$inout5 aesenc $rndkey1,$inout6 @@ -1482,7 +1570,7 @@ $code.=<<___; pxor $in0,$inout0 movdqu 0x40($inp),$in0 pxor $in1,$inout1 - movdqu $inout0,($out) + movdqu $inout0,($out) # store output pxor $in2,$inout2 movdqu $inout1,0x10($out) pxor $in3,$inout3 @@ -1491,17 +1579,17 @@ $code.=<<___; movdqu $inout3,0x30($out) movdqu $inout4,0x40($out) cmp \$6,$len - jb .Lctr32_done + jb .Lctr32_done # $len was 5, stop store movups 0x50($inp),$in1 xorps $in1,$inout5 movups $inout5,0x50($out) - je .Lctr32_done + je .Lctr32_done # $len was 6, stop store movups 0x60($inp),$in2 xorps $in2,$inout6 movups $inout6,0x60($out) - jmp .Lctr32_done + jmp .Lctr32_done # $len was 7, stop store .align 32 .Lctr32_loop4: @@ -1515,7 +1603,7 @@ $code.=<<___; jnz .Lctr32_loop4 aesenclast $rndkey1,$inout0 aesenclast $rndkey1,$inout1 - movups ($inp),$in0 + movups ($inp),$in0 # load input movups 0x10($inp),$in1 aesenclast $rndkey1,$inout2 aesenclast $rndkey1,$inout3 @@ -1523,14 +1611,14 @@ $code.=<<___; movups 0x30($inp),$in3 xorps $in0,$inout0 - movups $inout0,($out) + movups $inout0,($out) # store output xorps $in1,$inout1 movups $inout1,0x10($out) pxor $in2,$inout2 movdqu $inout2,0x20($out) pxor $in3,$inout3 movdqu $inout3,0x30($out) - jmp .Lctr32_done + jmp .Lctr32_done # $len was 4, stop store .align 32 .Lctr32_loop3: @@ -1545,48 +1633,79 @@ $code.=<<___; aesenclast $rndkey1,$inout1 aesenclast $rndkey1,$inout2 - movups ($inp),$in0 + movups ($inp),$in0 # load input xorps $in0,$inout0 - movups $inout0,($out) + movups $inout0,($out) # store output cmp \$2,$len - jb .Lctr32_done + jb .Lctr32_done # $len was 1, stop store movups 0x10($inp),$in1 xorps $in1,$inout1 movups $inout1,0x10($out) - je .Lctr32_done + je .Lctr32_done # $len was 2, stop store movups 0x20($inp),$in2 xorps $in2,$inout2 - movups $inout2,0x20($out) - jmp .Lctr32_done - -.align 16 -.Lctr32_one_shortcut: - movups ($ivp),$inout0 - movups ($inp),$in0 - mov 240($key),$rounds # key->rounds -___ - &aesni_generate1("enc",$key,$rounds); -$code.=<<___; - xorps $in0,$inout0 - movups $inout0,($out) - jmp .Lctr32_done + movups $inout2,0x20($out) # $len was 3, stop store -.align 16 .Lctr32_done: + xorps %xmm0,%xmm0 # clear regiser bank + xor $key0,$key0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 +___ +$code.=<<___ if (!$win64); + pxor %xmm6,%xmm6 + pxor %xmm7,%xmm7 + movaps %xmm0,0x00(%rsp) # clear stack + pxor %xmm8,%xmm8 + movaps %xmm0,0x10(%rsp) + pxor %xmm9,%xmm9 + movaps %xmm0,0x20(%rsp) + pxor %xmm10,%xmm10 + movaps %xmm0,0x30(%rsp) + pxor %xmm11,%xmm11 + movaps %xmm0,0x40(%rsp) + pxor %xmm12,%xmm12 + movaps %xmm0,0x50(%rsp) + pxor %xmm13,%xmm13 + movaps %xmm0,0x60(%rsp) + pxor %xmm14,%xmm14 + movaps %xmm0,0x70(%rsp) + pxor %xmm15,%xmm15 ___ $code.=<<___ if ($win64); movaps -0xa0(%rbp),%xmm6 + movaps %xmm0,-0xa0(%rbp) # clear stack movaps -0x90(%rbp),%xmm7 + movaps %xmm0,-0x90(%rbp) movaps -0x80(%rbp),%xmm8 + movaps %xmm0,-0x80(%rbp) movaps -0x70(%rbp),%xmm9 + movaps %xmm0,-0x70(%rbp) movaps -0x60(%rbp),%xmm10 + movaps %xmm0,-0x60(%rbp) movaps -0x50(%rbp),%xmm11 + movaps %xmm0,-0x50(%rbp) movaps -0x40(%rbp),%xmm12 + movaps %xmm0,-0x40(%rbp) movaps -0x30(%rbp),%xmm13 + movaps %xmm0,-0x30(%rbp) movaps -0x20(%rbp),%xmm14 + movaps %xmm0,-0x20(%rbp) movaps -0x10(%rbp),%xmm15 + movaps %xmm0,-0x10(%rbp) + movaps %xmm0,0x00(%rsp) + movaps %xmm0,0x10(%rsp) + movaps %xmm0,0x20(%rsp) + movaps %xmm0,0x30(%rsp) + movaps %xmm0,0x40(%rsp) + movaps %xmm0,0x50(%rsp) + movaps %xmm0,0x60(%rsp) + movaps %xmm0,0x70(%rsp) ___ $code.=<<___; lea (%rbp),%rsp @@ -1619,7 +1738,7 @@ aesni_xts_encrypt: and \$-16,%rsp # Linux kernel stack can be incorrectly seeded ___ $code.=<<___ if ($win64); - movaps %xmm6,-0xa8(%rax) + movaps %xmm6,-0xa8(%rax) # offload everything movaps %xmm7,-0x98(%rax) movaps %xmm8,-0x88(%rax) movaps %xmm9,-0x78(%rax) @@ -1679,7 +1798,7 @@ $code.=<<___; movaps $rndkey1,0x60(%rsp) # save round[0]^round[last] sub \$16*6,$len - jc .Lxts_enc_short + jc .Lxts_enc_short # if $len-=6*16 borrowed mov \$16+96,$rounds lea 32($key_,$rnds_),$key # end of key schedule @@ -1694,7 +1813,7 @@ $code.=<<___; movdqu `16*0`($inp),$inout0 # load input movdqa $rndkey0,$twmask movdqu `16*1`($inp),$inout1 - pxor @tweak[0],$inout0 + pxor @tweak[0],$inout0 # input^=tweak^round[0] movdqu `16*2`($inp),$inout2 pxor @tweak[1],$inout1 aesenc $rndkey1,$inout0 @@ -1713,10 +1832,10 @@ $code.=<<___; lea `16*6`($inp),$inp pxor $twmask,$inout5 - pxor $twres,@tweak[0] + pxor $twres,@tweak[0] # calclulate tweaks^round[last] aesenc $rndkey1,$inout4 pxor $twres,@tweak[1] - movdqa @tweak[0],`16*0`(%rsp) # put aside tweaks^last round key + movdqa @tweak[0],`16*0`(%rsp) # put aside tweaks^round[last] aesenc $rndkey1,$inout5 $movkey 48($key_),$rndkey1 pxor $twres,@tweak[2] @@ -1757,7 +1876,7 @@ $code.=<<___; $movkey -80($key,%rax),$rndkey0 jnz .Lxts_enc_loop6 - movdqa (%r8),$twmask + movdqa (%r8),$twmask # start calculating next tweak movdqa $twres,$twtmp paddd $twres,$twres aesenc $rndkey1,$inout0 @@ -1851,15 +1970,15 @@ $code.=<<___; aesenclast `16*5`(%rsp),$inout5 pxor $twres,@tweak[5] - lea `16*6`($out),$out - movups $inout0,`-16*6`($out) # write output + lea `16*6`($out),$out # $out+=6*16 + movups $inout0,`-16*6`($out) # store 6 output blocks movups $inout1,`-16*5`($out) movups $inout2,`-16*4`($out) movups $inout3,`-16*3`($out) movups $inout4,`-16*2`($out) movups $inout5,`-16*1`($out) sub \$16*6,$len - jnc .Lxts_enc_grandloop + jnc .Lxts_enc_grandloop # loop if $len-=6*16 didn't borrow mov \$16+96,$rounds sub $rnds_,$rounds @@ -1867,34 +1986,36 @@ $code.=<<___; shr \$4,$rounds # restore original value .Lxts_enc_short: + # at the point @tweak[0..5] are populated with tweak values mov $rounds,$rnds_ # backup $rounds pxor $rndkey0,@tweak[0] - add \$16*6,$len - jz .Lxts_enc_done + add \$16*6,$len # restore real remaining $len + jz .Lxts_enc_done # done if ($len==0) pxor $rndkey0,@tweak[1] cmp \$0x20,$len - jb .Lxts_enc_one + jb .Lxts_enc_one # $len is 1*16 pxor $rndkey0,@tweak[2] - je .Lxts_enc_two + je .Lxts_enc_two # $len is 2*16 pxor $rndkey0,@tweak[3] cmp \$0x40,$len - jb .Lxts_enc_three + jb .Lxts_enc_three # $len is 3*16 pxor $rndkey0,@tweak[4] - je .Lxts_enc_four + je .Lxts_enc_four # $len is 4*16 - movdqu ($inp),$inout0 + movdqu ($inp),$inout0 # $len is 5*16 movdqu 16*1($inp),$inout1 movdqu 16*2($inp),$inout2 pxor @tweak[0],$inout0 movdqu 16*3($inp),$inout3 pxor @tweak[1],$inout1 movdqu 16*4($inp),$inout4 - lea 16*5($inp),$inp + lea 16*5($inp),$inp # $inp+=5*16 pxor @tweak[2],$inout2 pxor @tweak[3],$inout3 pxor @tweak[4],$inout4 + pxor $inout5,$inout5 call _aesni_encrypt6 @@ -1902,35 +2023,35 @@ $code.=<<___; movdqa @tweak[5],@tweak[0] xorps @tweak[1],$inout1 xorps @tweak[2],$inout2 - movdqu $inout0,($out) + movdqu $inout0,($out) # store 5 output blocks xorps @tweak[3],$inout3 movdqu $inout1,16*1($out) xorps @tweak[4],$inout4 movdqu $inout2,16*2($out) movdqu $inout3,16*3($out) movdqu $inout4,16*4($out) - lea 16*5($out),$out + lea 16*5($out),$out # $out+=5*16 jmp .Lxts_enc_done .align 16 .Lxts_enc_one: movups ($inp),$inout0 - lea 16*1($inp),$inp + lea 16*1($inp),$inp # inp+=1*16 xorps @tweak[0],$inout0 ___ &aesni_generate1("enc",$key,$rounds); $code.=<<___; xorps @tweak[0],$inout0 movdqa @tweak[1],@tweak[0] - movups $inout0,($out) - lea 16*1($out),$out + movups $inout0,($out) # store one output block + lea 16*1($out),$out # $out+=1*16 jmp .Lxts_enc_done .align 16 .Lxts_enc_two: movups ($inp),$inout0 movups 16($inp),$inout1 - lea 32($inp),$inp + lea 32($inp),$inp # $inp+=2*16 xorps @tweak[0],$inout0 xorps @tweak[1],$inout1 @@ -1939,9 +2060,9 @@ $code.=<<___; xorps @tweak[0],$inout0 movdqa @tweak[2],@tweak[0] xorps @tweak[1],$inout1 - movups $inout0,($out) + movups $inout0,($out) # store 2 output blocks movups $inout1,16*1($out) - lea 16*2($out),$out + lea 16*2($out),$out # $out+=2*16 jmp .Lxts_enc_done .align 16 @@ -1949,7 +2070,7 @@ $code.=<<___; movups ($inp),$inout0 movups 16*1($inp),$inout1 movups 16*2($inp),$inout2 - lea 16*3($inp),$inp + lea 16*3($inp),$inp # $inp+=3*16 xorps @tweak[0],$inout0 xorps @tweak[1],$inout1 xorps @tweak[2],$inout2 @@ -1960,10 +2081,10 @@ $code.=<<___; movdqa @tweak[3],@tweak[0] xorps @tweak[1],$inout1 xorps @tweak[2],$inout2 - movups $inout0,($out) + movups $inout0,($out) # store 3 output blocks movups $inout1,16*1($out) movups $inout2,16*2($out) - lea 16*3($out),$out + lea 16*3($out),$out # $out+=3*16 jmp .Lxts_enc_done .align 16 @@ -1973,7 +2094,7 @@ $code.=<<___; movups 16*2($inp),$inout2 xorps @tweak[0],$inout0 movups 16*3($inp),$inout3 - lea 16*4($inp),$inp + lea 16*4($inp),$inp # $inp+=4*16 xorps @tweak[1],$inout1 xorps @tweak[2],$inout2 xorps @tweak[3],$inout3 @@ -1984,17 +2105,17 @@ $code.=<<___; movdqa @tweak[4],@tweak[0] pxor @tweak[1],$inout1 pxor @tweak[2],$inout2 - movdqu $inout0,($out) + movdqu $inout0,($out) # store 4 output blocks pxor @tweak[3],$inout3 movdqu $inout1,16*1($out) movdqu $inout2,16*2($out) movdqu $inout3,16*3($out) - lea 16*4($out),$out + lea 16*4($out),$out # $out+=4*16 jmp .Lxts_enc_done .align 16 .Lxts_enc_done: - and \$15,$len_ + and \$15,$len_ # see if $len%16 is 0 jz .Lxts_enc_ret mov $len_,$len @@ -2021,18 +2142,60 @@ $code.=<<___; movups $inout0,-16($out) .Lxts_enc_ret: + xorps %xmm0,%xmm0 # clear register bank + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 +___ +$code.=<<___ if (!$win64); + pxor %xmm6,%xmm6 + pxor %xmm7,%xmm7 + movaps %xmm0,0x00(%rsp) # clear stack + pxor %xmm8,%xmm8 + movaps %xmm0,0x10(%rsp) + pxor %xmm9,%xmm9 + movaps %xmm0,0x20(%rsp) + pxor %xmm10,%xmm10 + movaps %xmm0,0x30(%rsp) + pxor %xmm11,%xmm11 + movaps %xmm0,0x40(%rsp) + pxor %xmm12,%xmm12 + movaps %xmm0,0x50(%rsp) + pxor %xmm13,%xmm13 + movaps %xmm0,0x60(%rsp) + pxor %xmm14,%xmm14 + pxor %xmm15,%xmm15 ___ $code.=<<___ if ($win64); movaps -0xa0(%rbp),%xmm6 + movaps %xmm0,-0xa0(%rbp) # clear stack movaps -0x90(%rbp),%xmm7 + movaps %xmm0,-0x90(%rbp) movaps -0x80(%rbp),%xmm8 + movaps %xmm0,-0x80(%rbp) movaps -0x70(%rbp),%xmm9 + movaps %xmm0,-0x70(%rbp) movaps -0x60(%rbp),%xmm10 + movaps %xmm0,-0x60(%rbp) movaps -0x50(%rbp),%xmm11 + movaps %xmm0,-0x50(%rbp) movaps -0x40(%rbp),%xmm12 + movaps %xmm0,-0x40(%rbp) movaps -0x30(%rbp),%xmm13 + movaps %xmm0,-0x30(%rbp) movaps -0x20(%rbp),%xmm14 + movaps %xmm0,-0x20(%rbp) movaps -0x10(%rbp),%xmm15 + movaps %xmm0,-0x10(%rbp) + movaps %xmm0,0x00(%rsp) + movaps %xmm0,0x10(%rsp) + movaps %xmm0,0x20(%rsp) + movaps %xmm0,0x30(%rsp) + movaps %xmm0,0x40(%rsp) + movaps %xmm0,0x50(%rsp) + movaps %xmm0,0x60(%rsp) ___ $code.=<<___; lea (%rbp),%rsp @@ -2053,7 +2216,7 @@ aesni_xts_decrypt: and \$-16,%rsp # Linux kernel stack can be incorrectly seeded ___ $code.=<<___ if ($win64); - movaps %xmm6,-0xa8(%rax) + movaps %xmm6,-0xa8(%rax) # offload everything movaps %xmm7,-0x98(%rax) movaps %xmm8,-0x88(%rax) movaps %xmm9,-0x78(%rax) @@ -2116,7 +2279,7 @@ $code.=<<___; movaps $rndkey1,0x60(%rsp) # save round[0]^round[last] sub \$16*6,$len - jc .Lxts_dec_short + jc .Lxts_dec_short # if $len-=6*16 borrowed mov \$16+96,$rounds lea 32($key_,$rnds_),$key # end of key schedule @@ -2131,7 +2294,7 @@ $code.=<<___; movdqu `16*0`($inp),$inout0 # load input movdqa $rndkey0,$twmask movdqu `16*1`($inp),$inout1 - pxor @tweak[0],$inout0 + pxor @tweak[0],$inout0 # intput^=tweak^round[0] movdqu `16*2`($inp),$inout2 pxor @tweak[1],$inout1 aesdec $rndkey1,$inout0 @@ -2150,7 +2313,7 @@ $code.=<<___; lea `16*6`($inp),$inp pxor $twmask,$inout5 - pxor $twres,@tweak[0] + pxor $twres,@tweak[0] # calclulate tweaks^round[last] aesdec $rndkey1,$inout4 pxor $twres,@tweak[1] movdqa @tweak[0],`16*0`(%rsp) # put aside tweaks^last round key @@ -2194,7 +2357,7 @@ $code.=<<___; $movkey -80($key,%rax),$rndkey0 jnz .Lxts_dec_loop6 - movdqa (%r8),$twmask + movdqa (%r8),$twmask # start calculating next tweak movdqa $twres,$twtmp paddd $twres,$twres aesdec $rndkey1,$inout0 @@ -2288,15 +2451,15 @@ $code.=<<___; aesdeclast `16*5`(%rsp),$inout5 pxor $twres,@tweak[5] - lea `16*6`($out),$out - movups $inout0,`-16*6`($out) # write output + lea `16*6`($out),$out # $out+=6*16 + movups $inout0,`-16*6`($out) # store 6 output blocks movups $inout1,`-16*5`($out) movups $inout2,`-16*4`($out) movups $inout3,`-16*3`($out) movups $inout4,`-16*2`($out) movups $inout5,`-16*1`($out) sub \$16*6,$len - jnc .Lxts_dec_grandloop + jnc .Lxts_dec_grandloop # loop if $len-=6*16 didn't borrow mov \$16+96,$rounds sub $rnds_,$rounds @@ -2304,31 +2467,32 @@ $code.=<<___; shr \$4,$rounds # restore original value .Lxts_dec_short: + # at the point @tweak[0..5] are populated with tweak values mov $rounds,$rnds_ # backup $rounds pxor $rndkey0,@tweak[0] pxor $rndkey0,@tweak[1] - add \$16*6,$len - jz .Lxts_dec_done + add \$16*6,$len # restore real remaining $len + jz .Lxts_dec_done # done if ($len==0) pxor $rndkey0,@tweak[2] cmp \$0x20,$len - jb .Lxts_dec_one + jb .Lxts_dec_one # $len is 1*16 pxor $rndkey0,@tweak[3] - je .Lxts_dec_two + je .Lxts_dec_two # $len is 2*16 pxor $rndkey0,@tweak[4] cmp \$0x40,$len - jb .Lxts_dec_three - je .Lxts_dec_four + jb .Lxts_dec_three # $len is 3*16 + je .Lxts_dec_four # $len is 4*16 - movdqu ($inp),$inout0 + movdqu ($inp),$inout0 # $len is 5*16 movdqu 16*1($inp),$inout1 movdqu 16*2($inp),$inout2 pxor @tweak[0],$inout0 movdqu 16*3($inp),$inout3 pxor @tweak[1],$inout1 movdqu 16*4($inp),$inout4 - lea 16*5($inp),$inp + lea 16*5($inp),$inp # $inp+=5*16 pxor @tweak[2],$inout2 pxor @tweak[3],$inout3 pxor @tweak[4],$inout4 @@ -2338,7 +2502,7 @@ $code.=<<___; xorps @tweak[0],$inout0 xorps @tweak[1],$inout1 xorps @tweak[2],$inout2 - movdqu $inout0,($out) + movdqu $inout0,($out) # store 5 output blocks xorps @tweak[3],$inout3 movdqu $inout1,16*1($out) xorps @tweak[4],$inout4 @@ -2347,7 +2511,7 @@ $code.=<<___; movdqu $inout3,16*3($out) pcmpgtd @tweak[5],$twtmp movdqu $inout4,16*4($out) - lea 16*5($out),$out + lea 16*5($out),$out # $out+=5*16 pshufd \$0x13,$twtmp,@tweak[1] # $twres and \$15,$len_ jz .Lxts_dec_ret @@ -2361,23 +2525,23 @@ $code.=<<___; .align 16 .Lxts_dec_one: movups ($inp),$inout0 - lea 16*1($inp),$inp + lea 16*1($inp),$inp # $inp+=1*16 xorps @tweak[0],$inout0 ___ &aesni_generate1("dec",$key,$rounds); $code.=<<___; xorps @tweak[0],$inout0 movdqa @tweak[1],@tweak[0] - movups $inout0,($out) + movups $inout0,($out) # store one output block movdqa @tweak[2],@tweak[1] - lea 16*1($out),$out + lea 16*1($out),$out # $out+=1*16 jmp .Lxts_dec_done .align 16 .Lxts_dec_two: movups ($inp),$inout0 movups 16($inp),$inout1 - lea 32($inp),$inp + lea 32($inp),$inp # $inp+=2*16 xorps @tweak[0],$inout0 xorps @tweak[1],$inout1 @@ -2387,9 +2551,9 @@ $code.=<<___; movdqa @tweak[2],@tweak[0] xorps @tweak[1],$inout1 movdqa @tweak[3],@tweak[1] - movups $inout0,($out) + movups $inout0,($out) # store 2 output blocks movups $inout1,16*1($out) - lea 16*2($out),$out + lea 16*2($out),$out # $out+=2*16 jmp .Lxts_dec_done .align 16 @@ -2397,7 +2561,7 @@ $code.=<<___; movups ($inp),$inout0 movups 16*1($inp),$inout1 movups 16*2($inp),$inout2 - lea 16*3($inp),$inp + lea 16*3($inp),$inp # $inp+=3*16 xorps @tweak[0],$inout0 xorps @tweak[1],$inout1 xorps @tweak[2],$inout2 @@ -2409,10 +2573,10 @@ $code.=<<___; xorps @tweak[1],$inout1 movdqa @tweak[4],@tweak[1] xorps @tweak[2],$inout2 - movups $inout0,($out) + movups $inout0,($out) # store 3 output blocks movups $inout1,16*1($out) movups $inout2,16*2($out) - lea 16*3($out),$out + lea 16*3($out),$out # $out+=3*16 jmp .Lxts_dec_done .align 16 @@ -2422,7 +2586,7 @@ $code.=<<___; movups 16*2($inp),$inout2 xorps @tweak[0],$inout0 movups 16*3($inp),$inout3 - lea 16*4($inp),$inp + lea 16*4($inp),$inp # $inp+=4*16 xorps @tweak[1],$inout1 xorps @tweak[2],$inout2 xorps @tweak[3],$inout3 @@ -2434,17 +2598,17 @@ $code.=<<___; pxor @tweak[1],$inout1 movdqa @tweak[5],@tweak[1] pxor @tweak[2],$inout2 - movdqu $inout0,($out) + movdqu $inout0,($out) # store 4 output blocks pxor @tweak[3],$inout3 movdqu $inout1,16*1($out) movdqu $inout2,16*2($out) movdqu $inout3,16*3($out) - lea 16*4($out),$out + lea 16*4($out),$out # $out+=4*16 jmp .Lxts_dec_done .align 16 .Lxts_dec_done: - and \$15,$len_ + and \$15,$len_ # see if $len%16 is 0 jz .Lxts_dec_ret .Lxts_dec_done2: mov $len_,$len @@ -2482,18 +2646,60 @@ $code.=<<___; movups $inout0,($out) .Lxts_dec_ret: + xorps %xmm0,%xmm0 # clear register bank + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 +___ +$code.=<<___ if (!$win64); + pxor %xmm6,%xmm6 + pxor %xmm7,%xmm7 + movaps %xmm0,0x00(%rsp) # clear stack + pxor %xmm8,%xmm8 + movaps %xmm0,0x10(%rsp) + pxor %xmm9,%xmm9 + movaps %xmm0,0x20(%rsp) + pxor %xmm10,%xmm10 + movaps %xmm0,0x30(%rsp) + pxor %xmm11,%xmm11 + movaps %xmm0,0x40(%rsp) + pxor %xmm12,%xmm12 + movaps %xmm0,0x50(%rsp) + pxor %xmm13,%xmm13 + movaps %xmm0,0x60(%rsp) + pxor %xmm14,%xmm14 + pxor %xmm15,%xmm15 ___ $code.=<<___ if ($win64); movaps -0xa0(%rbp),%xmm6 + movaps %xmm0,-0xa0(%rbp) # clear stack movaps -0x90(%rbp),%xmm7 + movaps %xmm0,-0x90(%rbp) movaps -0x80(%rbp),%xmm8 + movaps %xmm0,-0x80(%rbp) movaps -0x70(%rbp),%xmm9 + movaps %xmm0,-0x70(%rbp) movaps -0x60(%rbp),%xmm10 + movaps %xmm0,-0x60(%rbp) movaps -0x50(%rbp),%xmm11 + movaps %xmm0,-0x50(%rbp) movaps -0x40(%rbp),%xmm12 + movaps %xmm0,-0x40(%rbp) movaps -0x30(%rbp),%xmm13 + movaps %xmm0,-0x30(%rbp) movaps -0x20(%rbp),%xmm14 + movaps %xmm0,-0x20(%rbp) movaps -0x10(%rbp),%xmm15 + movaps %xmm0,-0x10(%rbp) + movaps %xmm0,0x00(%rsp) + movaps %xmm0,0x10(%rsp) + movaps %xmm0,0x20(%rsp) + movaps %xmm0,0x30(%rsp) + movaps %xmm0,0x40(%rsp) + movaps %xmm0,0x50(%rsp) + movaps %xmm0,0x60(%rsp) ___ $code.=<<___; lea (%rbp),%rsp @@ -2548,7 +2754,11 @@ $code.=<<___; jnc .Lcbc_enc_loop add \$16,$len jnz .Lcbc_enc_tail + pxor $rndkey0,$rndkey0 # clear register bank + pxor $rndkey1,$rndkey1 movups $inout0,($ivp) + pxor $inout0,$inout0 + pxor $inout1,$inout1 jmp .Lcbc_ret .Lcbc_enc_tail: @@ -2568,6 +2778,27 @@ $code.=<<___; #--------------------------- CBC DECRYPT ------------------------------# .align 16 .Lcbc_decrypt: + cmp \$16,$len + jne .Lcbc_decrypt_bulk + + # handle single block without allocating stack frame, + # useful in ciphertext stealing mode + movdqu ($inp),$inout0 # load input + movdqu ($ivp),$inout1 # load iv + movdqa $inout0,$inout2 # future iv +___ + &aesni_generate1("dec",$key,$rnds_); +$code.=<<___; + pxor $rndkey0,$rndkey0 # clear register bank + pxor $rndkey1,$rndkey1 + movdqu $inout2,($ivp) # store iv + xorps $inout1,$inout0 # ^=iv + pxor $inout1,$inout1 + movups $inout0,($out) # store output + pxor $inout0,$inout0 + jmp .Lcbc_ret +.align 16 +.Lcbc_decrypt_bulk: lea (%rsp),%rax push %rbp sub \$$frame_size,%rsp @@ -2609,11 +2840,11 @@ $code.=<<___; cmp \$0x70,$len jbe .Lcbc_dec_six_or_seven - and \$`1<<26|1<<22`,%r9d # isolate XSAVE+MOVBE - sub \$0x50,$len + and \$`1<<26|1<<22`,%r9d # isolate XSAVE+MOVBE + sub \$0x50,$len # $len is biased by -5*16 cmp \$`1<<22`,%r9d # check for MOVBE without XSAVE - je .Lcbc_dec_loop6_enter - sub \$0x20,$len + je .Lcbc_dec_loop6_enter # [which denotes Atom Silvermont] + sub \$0x20,$len # $len is biased by -7*16 lea 0x70($key),$key # size optimization jmp .Lcbc_dec_loop8_enter .align 16 @@ -2740,7 +2971,7 @@ $code.=<<___; movaps $inout7,$inout0 lea -0x70($key),$key add \$0x70,$len - jle .Lcbc_dec_tail_collected + jle .Lcbc_dec_clear_tail_collected movups $inout7,($out) lea 0x10($out),$out cmp \$0x50,$len @@ -2759,14 +2990,19 @@ $code.=<<___; movdqu $inout0,($out) pxor $in1,$inout2 movdqu $inout1,0x10($out) + pxor $inout1,$inout1 # clear register bank pxor $in2,$inout3 movdqu $inout2,0x20($out) + pxor $inout2,$inout2 pxor $in3,$inout4 movdqu $inout3,0x30($out) + pxor $inout3,$inout3 pxor $in4,$inout5 movdqu $inout4,0x40($out) + pxor $inout4,$inout4 lea 0x50($out),$out movdqa $inout5,$inout0 + pxor $inout5,$inout5 jmp .Lcbc_dec_tail_collected .align 16 @@ -2781,16 +3017,23 @@ $code.=<<___; movdqu $inout0,($out) pxor $in1,$inout2 movdqu $inout1,0x10($out) + pxor $inout1,$inout1 # clear register bank pxor $in2,$inout3 movdqu $inout2,0x20($out) + pxor $inout2,$inout2 pxor $in3,$inout4 movdqu $inout3,0x30($out) + pxor $inout3,$inout3 pxor $in4,$inout5 movdqu $inout4,0x40($out) + pxor $inout4,$inout4 pxor $inout7,$inout6 movdqu $inout5,0x50($out) + pxor $inout5,$inout5 lea 0x60($out),$out movdqa $inout6,$inout0 + pxor $inout6,$inout6 + pxor $inout7,$inout7 jmp .Lcbc_dec_tail_collected .align 16 @@ -2834,31 +3077,31 @@ $code.=<<___; movdqa $inout5,$inout0 add \$0x50,$len - jle .Lcbc_dec_tail_collected + jle .Lcbc_dec_clear_tail_collected movups $inout5,($out) lea 0x10($out),$out .Lcbc_dec_tail: movups ($inp),$inout0 sub \$0x10,$len - jbe .Lcbc_dec_one + jbe .Lcbc_dec_one # $len is 1*16 or less movups 0x10($inp),$inout1 movaps $inout0,$in0 sub \$0x10,$len - jbe .Lcbc_dec_two + jbe .Lcbc_dec_two # $len is 2*16 or less movups 0x20($inp),$inout2 movaps $inout1,$in1 sub \$0x10,$len - jbe .Lcbc_dec_three + jbe .Lcbc_dec_three # $len is 3*16 or less movups 0x30($inp),$inout3 movaps $inout2,$in2 sub \$0x10,$len - jbe .Lcbc_dec_four + jbe .Lcbc_dec_four # $len is 4*16 or less - movups 0x40($inp),$inout4 + movups 0x40($inp),$inout4 # $len is 5*16 or less movaps $inout3,$in3 movaps $inout4,$in4 xorps $inout5,$inout5 @@ -2869,12 +3112,17 @@ $code.=<<___; movdqu $inout0,($out) pxor $in1,$inout2 movdqu $inout1,0x10($out) + pxor $inout1,$inout1 # clear register bank pxor $in2,$inout3 movdqu $inout2,0x20($out) + pxor $inout2,$inout2 pxor $in3,$inout4 movdqu $inout3,0x30($out) + pxor $inout3,$inout3 lea 0x40($out),$out movdqa $inout4,$inout0 + pxor $inout4,$inout4 + pxor $inout5,$inout5 sub \$0x10,$len jmp .Lcbc_dec_tail_collected @@ -2896,6 +3144,7 @@ $code.=<<___; pxor $in0,$inout1 movdqu $inout0,($out) movdqa $inout1,$inout0 + pxor $inout1,$inout1 # clear register bank lea 0x10($out),$out jmp .Lcbc_dec_tail_collected .align 16 @@ -2908,7 +3157,9 @@ $code.=<<___; movdqu $inout0,($out) pxor $in1,$inout2 movdqu $inout1,0x10($out) + pxor $inout1,$inout1 # clear register bank movdqa $inout2,$inout0 + pxor $inout2,$inout2 lea 0x20($out),$out jmp .Lcbc_dec_tail_collected .align 16 @@ -2921,41 +3172,71 @@ $code.=<<___; movdqu $inout0,($out) pxor $in1,$inout2 movdqu $inout1,0x10($out) + pxor $inout1,$inout1 # clear register bank pxor $in2,$inout3 movdqu $inout2,0x20($out) + pxor $inout2,$inout2 movdqa $inout3,$inout0 + pxor $inout3,$inout3 lea 0x30($out),$out jmp .Lcbc_dec_tail_collected .align 16 +.Lcbc_dec_clear_tail_collected: + pxor $inout1,$inout1 # clear register bank + pxor $inout2,$inout2 + pxor $inout3,$inout3 +___ +$code.=<<___ if (!$win64); + pxor $inout4,$inout4 # %xmm6..9 + pxor $inout5,$inout5 + pxor $inout6,$inout6 + pxor $inout7,$inout7 +___ +$code.=<<___; .Lcbc_dec_tail_collected: movups $iv,($ivp) and \$15,$len jnz .Lcbc_dec_tail_partial movups $inout0,($out) + pxor $inout0,$inout0 jmp .Lcbc_dec_ret .align 16 .Lcbc_dec_tail_partial: movaps $inout0,(%rsp) + pxor $inout0,$inout0 mov \$16,%rcx mov $out,%rdi sub $len,%rcx lea (%rsp),%rsi - .long 0x9066A4F3 # rep movsb + .long 0x9066A4F3 # rep movsb + movdqa $inout0,(%rsp) .Lcbc_dec_ret: + xorps $rndkey0,$rndkey0 # %xmm0 + pxor $rndkey1,$rndkey1 ___ $code.=<<___ if ($win64); movaps 0x10(%rsp),%xmm6 + movaps %xmm0,0x10(%rsp) # clear stack movaps 0x20(%rsp),%xmm7 + movaps %xmm0,0x20(%rsp) movaps 0x30(%rsp),%xmm8 + movaps %xmm0,0x30(%rsp) movaps 0x40(%rsp),%xmm9 + movaps %xmm0,0x40(%rsp) movaps 0x50(%rsp),%xmm10 + movaps %xmm0,0x50(%rsp) movaps 0x60(%rsp),%xmm11 + movaps %xmm0,0x60(%rsp) movaps 0x70(%rsp),%xmm12 + movaps %xmm0,0x70(%rsp) movaps 0x80(%rsp),%xmm13 + movaps %xmm0,0x80(%rsp) movaps 0x90(%rsp),%xmm14 + movaps %xmm0,0x90(%rsp) movaps 0xa0(%rsp),%xmm15 + movaps %xmm0,0xa0(%rsp) ___ $code.=<<___; lea (%rbp),%rsp @@ -2965,8 +3246,15 @@ $code.=<<___; .size ${PREFIX}_cbc_encrypt,.-${PREFIX}_cbc_encrypt ___ } -# int $PREFIX_set_[en|de]crypt_key (const unsigned char *userKey, +# int ${PREFIX}_set_decrypt_key(const unsigned char *inp, # int bits, AES_KEY *key) +# +# input: $inp user-supplied key +# $bits $inp length in bits +# $key pointer to key schedule +# output: %eax 0 denoting success, -1 or -2 - failure (see C) +# *$key key schedule +# { my ($inp,$bits,$key) = @_4args; $bits =~ s/%r/%e/; @@ -3003,7 +3291,9 @@ ${PREFIX}_set_decrypt_key: $movkey ($key),%xmm0 # inverse middle aesimc %xmm0,%xmm0 + pxor %xmm1,%xmm1 $movkey %xmm0,($inp) + pxor %xmm0,%xmm0 .Ldec_key_ret: add \$8,%rsp ret @@ -3020,6 +3310,22 @@ ___ # Agressively optimized in respect to aeskeygenassist's critical path # and is contained in %xmm0-5 to meet Win64 ABI requirement. # +# int ${PREFIX}_set_encrypt_key(const unsigned char *inp, +# int bits, AES_KEY * const key); +# +# input: $inp user-supplied key +# $bits $inp length in bits +# $key pointer to key schedule +# output: %eax 0 denoting success, -1 or -2 - failure (see C) +# $bits rounds-1 (used in aesni_set_decrypt_key) +# *$key key schedule +# $key pointer to key schedule (used in +# aesni_set_decrypt_key) +# +# Subroutine is frame-less, which means that only volatile registers +# are used. Note that it's declared "abi-omnipotent", which means that +# amount of volatile registers is smaller on Windows. +# $code.=<<___; .globl ${PREFIX}_set_encrypt_key .type ${PREFIX}_set_encrypt_key,\@abi-omnipotent @@ -3033,9 +3339,11 @@ __aesni_set_encrypt_key: test $key,$key jz .Lenc_key_ret + mov \$`1<<28|1<<11`,%r10d # AVX and XOP bits movups ($inp),%xmm0 # pull first 128 bits of *userKey xorps %xmm4,%xmm4 # low dword of xmm4 is assumed 0 - lea 16($key),%rax + and OPENSSL_ia32cap_P+4(%rip),%r10d + lea 16($key),%rax # %rax is used as modifiable copy of $key cmp \$256,$bits je .L14rounds cmp \$192,$bits @@ -3045,6 +3353,9 @@ __aesni_set_encrypt_key: .L10rounds: mov \$9,$bits # 10 rounds for 128-bit key + cmp \$`1<<28`,%r10d # AVX, bit no XOP + je .L10rounds_alt + $movkey %xmm0,($key) # round 0 aeskeygenassist \$0x1,%xmm0,%xmm1 # round 1 call .Lkey_expansion_128_cold @@ -3072,9 +3383,79 @@ __aesni_set_encrypt_key: jmp .Lenc_key_ret .align 16 +.L10rounds_alt: + movdqa .Lkey_rotate(%rip),%xmm5 + mov \$8,%r10d + movdqa .Lkey_rcon1(%rip),%xmm4 + movdqa %xmm0,%xmm2 + movdqu %xmm0,($key) + jmp .Loop_key128 + +.align 16 +.Loop_key128: + pshufb %xmm5,%xmm0 + aesenclast %xmm4,%xmm0 + pslld \$1,%xmm4 + lea 16(%rax),%rax + + movdqa %xmm2,%xmm3 + pslldq \$4,%xmm2 + pxor %xmm2,%xmm3 + pslldq \$4,%xmm2 + pxor %xmm2,%xmm3 + pslldq \$4,%xmm2 + pxor %xmm3,%xmm2 + + pxor %xmm2,%xmm0 + movdqu %xmm0,-16(%rax) + movdqa %xmm0,%xmm2 + + dec %r10d + jnz .Loop_key128 + + movdqa .Lkey_rcon1b(%rip),%xmm4 + + pshufb %xmm5,%xmm0 + aesenclast %xmm4,%xmm0 + pslld \$1,%xmm4 + + movdqa %xmm2,%xmm3 + pslldq \$4,%xmm2 + pxor %xmm2,%xmm3 + pslldq \$4,%xmm2 + pxor %xmm2,%xmm3 + pslldq \$4,%xmm2 + pxor %xmm3,%xmm2 + + pxor %xmm2,%xmm0 + movdqu %xmm0,(%rax) + + movdqa %xmm0,%xmm2 + pshufb %xmm5,%xmm0 + aesenclast %xmm4,%xmm0 + + movdqa %xmm2,%xmm3 + pslldq \$4,%xmm2 + pxor %xmm2,%xmm3 + pslldq \$4,%xmm2 + pxor %xmm2,%xmm3 + pslldq \$4,%xmm2 + pxor %xmm3,%xmm2 + + pxor %xmm2,%xmm0 + movdqu %xmm0,16(%rax) + + mov $bits,96(%rax) # 240($key) + xor %eax,%eax + jmp .Lenc_key_ret + +.align 16 .L12rounds: movq 16($inp),%xmm2 # remaining 1/3 of *userKey mov \$11,$bits # 12 rounds for 192 + cmp \$`1<<28`,%r10d # AVX, but no XOP + je .L12rounds_alt + $movkey %xmm0,($key) # round 0 aeskeygenassist \$0x1,%xmm2,%xmm1 # round 1,2 call .Lkey_expansion_192a_cold @@ -3098,10 +3479,54 @@ __aesni_set_encrypt_key: jmp .Lenc_key_ret .align 16 +.L12rounds_alt: + movdqa .Lkey_rotate192(%rip),%xmm5 + movdqa .Lkey_rcon1(%rip),%xmm4 + mov \$8,%r10d + movdqu %xmm0,($key) + jmp .Loop_key192 + +.align 16 +.Loop_key192: + movq %xmm2,0(%rax) + movdqa %xmm2,%xmm1 + pshufb %xmm5,%xmm2 + aesenclast %xmm4,%xmm2 + pslld \$1, %xmm4 + lea 24(%rax),%rax + + movdqa %xmm0,%xmm3 + pslldq \$4,%xmm0 + pxor %xmm0,%xmm3 + pslldq \$4,%xmm0 + pxor %xmm0,%xmm3 + pslldq \$4,%xmm0 + pxor %xmm3,%xmm0 + + pshufd \$0xff,%xmm0,%xmm3 + pxor %xmm1,%xmm3 + pslldq \$4,%xmm1 + pxor %xmm1,%xmm3 + + pxor %xmm2,%xmm0 + pxor %xmm3,%xmm2 + movdqu %xmm0,-16(%rax) + + dec %r10d + jnz .Loop_key192 + + mov $bits,32(%rax) # 240($key) + xor %eax,%eax + jmp .Lenc_key_ret + +.align 16 .L14rounds: movups 16($inp),%xmm2 # remaning half of *userKey mov \$13,$bits # 14 rounds for 256 lea 16(%rax),%rax + cmp \$`1<<28`,%r10d # AVX, but no XOP + je .L14rounds_alt + $movkey %xmm0,($key) # round 0 $movkey %xmm2,16($key) # round 1 aeskeygenassist \$0x1,%xmm2,%xmm1 # round 2 @@ -3136,9 +3561,69 @@ __aesni_set_encrypt_key: jmp .Lenc_key_ret .align 16 +.L14rounds_alt: + movdqa .Lkey_rotate(%rip),%xmm5 + movdqa .Lkey_rcon1(%rip),%xmm4 + mov \$7,%r10d + movdqu %xmm0,0($key) + movdqa %xmm2,%xmm1 + movdqu %xmm2,16($key) + jmp .Loop_key256 + +.align 16 +.Loop_key256: + pshufb %xmm5,%xmm2 + aesenclast %xmm4,%xmm2 + + movdqa %xmm0,%xmm3 + pslldq \$4,%xmm0 + pxor %xmm0,%xmm3 + pslldq \$4,%xmm0 + pxor %xmm0,%xmm3 + pslldq \$4,%xmm0 + pxor %xmm3,%xmm0 + pslld \$1,%xmm4 + + pxor %xmm2,%xmm0 + movdqu %xmm0,(%rax) + + dec %r10d + jz .Ldone_key256 + + pshufd \$0xff,%xmm0,%xmm2 + pxor %xmm3,%xmm3 + aesenclast %xmm3,%xmm2 + + movdqa %xmm1,%xmm3 + pslldq \$4,%xmm1 + pxor %xmm1,%xmm3 + pslldq \$4,%xmm1 + pxor %xmm1,%xmm3 + pslldq \$4,%xmm1 + pxor %xmm3,%xmm1 + + pxor %xmm1,%xmm2 + movdqu %xmm2,16(%rax) + lea 32(%rax),%rax + movdqa %xmm2,%xmm1 + + jmp .Loop_key256 + +.Ldone_key256: + mov $bits,16(%rax) # 240($key) + xor %eax,%eax + jmp .Lenc_key_ret + +.align 16 .Lbad_keybits: mov \$-2,%rax .Lenc_key_ret: + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 add \$8,%rsp ret .LSEH_end_set_encrypt_key: @@ -3228,6 +3713,14 @@ $code.=<<___; .long 0x87,0,1,0 .Lincrement1: .byte 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1 +.Lkey_rotate: + .long 0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d +.Lkey_rotate192: + .long 0x04070605,0x04070605,0x04070605,0x04070605 +.Lkey_rcon1: + .long 1,1,1,1 +.Lkey_rcon1b: + .long 0x1b,0x1b,0x1b,0x1b .asciz "AES for Intel AES-NI, CRYPTOGAMS by " .align 64 @@ -3345,7 +3838,7 @@ cbc_se_handler: mov 152($context),%rax # pull context->Rsp mov 248($context),%rbx # pull context->Rip - lea .Lcbc_decrypt(%rip),%r10 + lea .Lcbc_decrypt_bulk(%rip),%r10 cmp %r10,%rbx # context->Rip<"prologue" label jb .Lcommon_seh_tail diff --git a/src/crypto/aes/asm/aesv8-armx.pl b/src/crypto/aes/asm/aesv8-armx.pl index 703da04..b0916f6 100644 --- a/src/crypto/aes/asm/aesv8-armx.pl +++ b/src/crypto/aes/asm/aesv8-armx.pl @@ -24,11 +24,23 @@ # # CBC enc CBC dec CTR # Apple A7 2.39 1.20 1.20 -# Cortex-A53 2.45 1.87 1.94 -# Cortex-A57 3.64 1.34 1.32 +# Cortex-A53 1.32 1.29 1.46 +# Cortex-A57(*) 1.95 0.85 0.93 +# Denver 1.96 0.86 0.80 +# +# (*) original 3.64/1.34/1.32 results were for r0p0 revision +# and are still same even for updated module; $flavour = shift; -open STDOUT,">".shift; +$output = shift; + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or +die "can't locate arm-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; $prefix="aes_v8"; @@ -38,10 +50,9 @@ $code=<<___; #if __ARM_MAX_ARCH__>=7 .text ___ - -$code.=<<___ if ($flavour =~ /64/); +$code.=<<___ if ($flavour =~ /64/); #if !defined(__clang__) -.arch armv8-a+crypto +.arch armv8-a+crypto #endif ___ $code.=".arch armv7-a\n.fpu neon\n.code 32\n" if ($flavour !~ /64/); @@ -61,7 +72,7 @@ my ($zero,$rcon,$mask,$in0,$in1,$tmp,$key)= $code.=<<___; .align 5 -rcon: +.Lrcon: .long 0x01,0x01,0x01,0x01 .long 0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d // rotate-n-splat .long 0x1b,0x1b,0x1b,0x1b @@ -90,7 +101,7 @@ $code.=<<___; tst $bits,#0x3f b.ne .Lenc_key_abort - adr $ptr,rcon + adr $ptr,.Lrcon cmp $bits,#192 veor $zero,$zero,$zero @@ -313,17 +324,17 @@ ${prefix}_${dir}crypt: .Loop_${dir}c: aes$e $inout,$rndkey0 - vld1.32 {$rndkey0},[$key],#16 aes$mc $inout,$inout + vld1.32 {$rndkey0},[$key],#16 subs $rounds,$rounds,#2 aes$e $inout,$rndkey1 - vld1.32 {$rndkey1},[$key],#16 aes$mc $inout,$inout + vld1.32 {$rndkey1},[$key],#16 b.gt .Loop_${dir}c aes$e $inout,$rndkey0 - vld1.32 {$rndkey0},[$key] aes$mc $inout,$inout + vld1.32 {$rndkey0},[$key] aes$e $inout,$rndkey1 veor $inout,$inout,$rndkey0 @@ -341,6 +352,7 @@ my ($rounds,$cnt,$key_,$step,$step1)=($enc,"w6","x7","x8","x12"); my ($dat0,$dat1,$in0,$in1,$tmp0,$tmp1,$ivec,$rndlast)=map("q$_",(0..7)); my ($dat,$tmp,$rndzero_n_last)=($dat0,$tmp0,$tmp1); +my ($key4,$key5,$key6,$key7)=("x6","x12","x14",$key); ### q8-q15 preloaded key schedule @@ -390,25 +402,50 @@ $code.=<<___; veor $rndzero_n_last,q8,$rndlast b.eq .Lcbc_enc128 + vld1.32 {$in0-$in1},[$key_] + add $key_,$key,#16 + add $key4,$key,#16*4 + add $key5,$key,#16*5 + aese $dat,q8 + aesmc $dat,$dat + add $key6,$key,#16*6 + add $key7,$key,#16*7 + b .Lenter_cbc_enc + +.align 4 .Loop_cbc_enc: aese $dat,q8 - vld1.32 {q8},[$key_],#16 aesmc $dat,$dat - subs $cnt,$cnt,#2 + vst1.8 {$ivec},[$out],#16 +.Lenter_cbc_enc: aese $dat,q9 - vld1.32 {q9},[$key_],#16 aesmc $dat,$dat - b.gt .Loop_cbc_enc + aese $dat,$in0 + aesmc $dat,$dat + vld1.32 {q8},[$key4] + cmp $rounds,#4 + aese $dat,$in1 + aesmc $dat,$dat + vld1.32 {q9},[$key5] + b.eq .Lcbc_enc192 aese $dat,q8 aesmc $dat,$dat + vld1.32 {q8},[$key6] + aese $dat,q9 + aesmc $dat,$dat + vld1.32 {q9},[$key7] + nop + +.Lcbc_enc192: + aese $dat,q8 + aesmc $dat,$dat subs $len,$len,#16 aese $dat,q9 aesmc $dat,$dat cclr $step,eq aese $dat,q10 aesmc $dat,$dat - add $key_,$key,#16 aese $dat,q11 aesmc $dat,$dat vld1.8 {q8},[$inp],$step @@ -417,16 +454,14 @@ $code.=<<___; veor q8,q8,$rndzero_n_last aese $dat,q13 aesmc $dat,$dat - vld1.32 {q9},[$key_],#16 // re-pre-load rndkey[1] + vld1.32 {q9},[$key_] // re-pre-load rndkey[1] aese $dat,q14 aesmc $dat,$dat aese $dat,q15 - - mov $cnt,$rounds veor $ivec,$dat,$rndlast - vst1.8 {$ivec},[$out],#16 b.hs .Loop_cbc_enc + vst1.8 {$ivec},[$out],#16 b .Lcbc_done .align 5 @@ -488,79 +523,78 @@ $code.=<<___; .Loop3x_cbc_dec: aesd $dat0,q8 - aesd $dat1,q8 - aesd $dat2,q8 - vld1.32 {q8},[$key_],#16 aesimc $dat0,$dat0 + aesd $dat1,q8 aesimc $dat1,$dat1 + aesd $dat2,q8 aesimc $dat2,$dat2 + vld1.32 {q8},[$key_],#16 subs $cnt,$cnt,#2 aesd $dat0,q9 - aesd $dat1,q9 - aesd $dat2,q9 - vld1.32 {q9},[$key_],#16 aesimc $dat0,$dat0 + aesd $dat1,q9 aesimc $dat1,$dat1 + aesd $dat2,q9 aesimc $dat2,$dat2 + vld1.32 {q9},[$key_],#16 b.gt .Loop3x_cbc_dec aesd $dat0,q8 - aesd $dat1,q8 - aesd $dat2,q8 - veor $tmp0,$ivec,$rndlast aesimc $dat0,$dat0 + aesd $dat1,q8 aesimc $dat1,$dat1 + aesd $dat2,q8 aesimc $dat2,$dat2 + veor $tmp0,$ivec,$rndlast + subs $len,$len,#0x30 veor $tmp1,$in0,$rndlast + mov.lo x6,$len // x6, $cnt, is zero at this point aesd $dat0,q9 - aesd $dat1,q9 - aesd $dat2,q9 - veor $tmp2,$in1,$rndlast - subs $len,$len,#0x30 aesimc $dat0,$dat0 + aesd $dat1,q9 aesimc $dat1,$dat1 + aesd $dat2,q9 aesimc $dat2,$dat2 - vorr $ivec,$in2,$in2 - mov.lo x6,$len // x6, $cnt, is zero at this point - aesd $dat0,q12 - aesd $dat1,q12 - aesd $dat2,q12 + veor $tmp2,$in1,$rndlast add $inp,$inp,x6 // $inp is adjusted in such way that // at exit from the loop $dat1-$dat2 // are loaded with last "words" + vorr $ivec,$in2,$in2 + mov $key_,$key + aesd $dat0,q12 aesimc $dat0,$dat0 + aesd $dat1,q12 aesimc $dat1,$dat1 + aesd $dat2,q12 aesimc $dat2,$dat2 - mov $key_,$key - aesd $dat0,q13 - aesd $dat1,q13 - aesd $dat2,q13 vld1.8 {$in0},[$inp],#16 + aesd $dat0,q13 aesimc $dat0,$dat0 + aesd $dat1,q13 aesimc $dat1,$dat1 + aesd $dat2,q13 aesimc $dat2,$dat2 vld1.8 {$in1},[$inp],#16 aesd $dat0,q14 - aesd $dat1,q14 - aesd $dat2,q14 - vld1.8 {$in2},[$inp],#16 aesimc $dat0,$dat0 + aesd $dat1,q14 aesimc $dat1,$dat1 + aesd $dat2,q14 aesimc $dat2,$dat2 - vld1.32 {q8},[$key_],#16 // re-pre-load rndkey[0] + vld1.8 {$in2},[$inp],#16 aesd $dat0,q15 aesd $dat1,q15 aesd $dat2,q15 - + vld1.32 {q8},[$key_],#16 // re-pre-load rndkey[0] add $cnt,$rounds,#2 veor $tmp0,$tmp0,$dat0 veor $tmp1,$tmp1,$dat1 veor $dat2,$dat2,$tmp2 vld1.32 {q9},[$key_],#16 // re-pre-load rndkey[1] - vorr $dat0,$in0,$in0 vst1.8 {$tmp0},[$out],#16 - vorr $dat1,$in1,$in1 + vorr $dat0,$in0,$in0 vst1.8 {$tmp1},[$out],#16 + vorr $dat1,$in1,$in1 vst1.8 {$dat2},[$out],#16 vorr $dat2,$in2,$in2 b.hs .Loop3x_cbc_dec @@ -571,39 +605,39 @@ $code.=<<___; .Lcbc_dec_tail: aesd $dat1,q8 - aesd $dat2,q8 - vld1.32 {q8},[$key_],#16 aesimc $dat1,$dat1 + aesd $dat2,q8 aesimc $dat2,$dat2 + vld1.32 {q8},[$key_],#16 subs $cnt,$cnt,#2 aesd $dat1,q9 - aesd $dat2,q9 - vld1.32 {q9},[$key_],#16 aesimc $dat1,$dat1 + aesd $dat2,q9 aesimc $dat2,$dat2 + vld1.32 {q9},[$key_],#16 b.gt .Lcbc_dec_tail aesd $dat1,q8 - aesd $dat2,q8 aesimc $dat1,$dat1 + aesd $dat2,q8 aesimc $dat2,$dat2 aesd $dat1,q9 - aesd $dat2,q9 aesimc $dat1,$dat1 + aesd $dat2,q9 aesimc $dat2,$dat2 aesd $dat1,q12 - aesd $dat2,q12 aesimc $dat1,$dat1 + aesd $dat2,q12 aesimc $dat2,$dat2 cmn $len,#0x20 aesd $dat1,q13 - aesd $dat2,q13 aesimc $dat1,$dat1 + aesd $dat2,q13 aesimc $dat2,$dat2 veor $tmp1,$ivec,$rndlast aesd $dat1,q14 - aesd $dat2,q14 aesimc $dat1,$dat1 + aesd $dat2,q14 aesimc $dat2,$dat2 veor $tmp2,$in1,$rndlast aesd $dat1,q15 @@ -704,70 +738,69 @@ $code.=<<___; .align 4 .Loop3x_ctr32: aese $dat0,q8 - aese $dat1,q8 - aese $dat2,q8 - vld1.32 {q8},[$key_],#16 aesmc $dat0,$dat0 + aese $dat1,q8 aesmc $dat1,$dat1 + aese $dat2,q8 aesmc $dat2,$dat2 + vld1.32 {q8},[$key_],#16 subs $cnt,$cnt,#2 aese $dat0,q9 - aese $dat1,q9 - aese $dat2,q9 - vld1.32 {q9},[$key_],#16 aesmc $dat0,$dat0 + aese $dat1,q9 aesmc $dat1,$dat1 + aese $dat2,q9 aesmc $dat2,$dat2 + vld1.32 {q9},[$key_],#16 b.gt .Loop3x_ctr32 aese $dat0,q8 - aese $dat1,q8 - aese $dat2,q8 - mov $key_,$key aesmc $tmp0,$dat0 - vld1.8 {$in0},[$inp],#16 + aese $dat1,q8 aesmc $tmp1,$dat1 - aesmc $dat2,$dat2 + vld1.8 {$in0},[$inp],#16 vorr $dat0,$ivec,$ivec - aese $tmp0,q9 + aese $dat2,q8 + aesmc $dat2,$dat2 vld1.8 {$in1},[$inp],#16 - aese $tmp1,q9 - aese $dat2,q9 vorr $dat1,$ivec,$ivec + aese $tmp0,q9 aesmc $tmp0,$tmp0 - vld1.8 {$in2},[$inp],#16 + aese $tmp1,q9 aesmc $tmp1,$tmp1 + vld1.8 {$in2},[$inp],#16 + mov $key_,$key + aese $dat2,q9 aesmc $tmp2,$dat2 vorr $dat2,$ivec,$ivec add $tctr0,$ctr,#1 aese $tmp0,q12 + aesmc $tmp0,$tmp0 aese $tmp1,q12 - aese $tmp2,q12 + aesmc $tmp1,$tmp1 veor $in0,$in0,$rndlast add $tctr1,$ctr,#2 - aesmc $tmp0,$tmp0 - aesmc $tmp1,$tmp1 + aese $tmp2,q12 aesmc $tmp2,$tmp2 veor $in1,$in1,$rndlast add $ctr,$ctr,#3 aese $tmp0,q13 + aesmc $tmp0,$tmp0 aese $tmp1,q13 - aese $tmp2,q13 + aesmc $tmp1,$tmp1 veor $in2,$in2,$rndlast rev $tctr0,$tctr0 - aesmc $tmp0,$tmp0 - vld1.32 {q8},[$key_],#16 // re-pre-load rndkey[0] - aesmc $tmp1,$tmp1 + aese $tmp2,q13 aesmc $tmp2,$tmp2 vmov.32 ${dat0}[3], $tctr0 rev $tctr1,$tctr1 aese $tmp0,q14 + aesmc $tmp0,$tmp0 aese $tmp1,q14 - aese $tmp2,q14 + aesmc $tmp1,$tmp1 vmov.32 ${dat1}[3], $tctr1 rev $tctr2,$ctr - aesmc $tmp0,$tmp0 - aesmc $tmp1,$tmp1 + aese $tmp2,q14 aesmc $tmp2,$tmp2 vmov.32 ${dat2}[3], $tctr2 subs $len,$len,#3 @@ -775,13 +808,14 @@ $code.=<<___; aese $tmp1,q15 aese $tmp2,q15 - mov $cnt,$rounds veor $in0,$in0,$tmp0 + vld1.32 {q8},[$key_],#16 // re-pre-load rndkey[0] + vst1.8 {$in0},[$out],#16 veor $in1,$in1,$tmp1 + mov $cnt,$rounds + vst1.8 {$in1},[$out],#16 veor $in2,$in2,$tmp2 vld1.32 {q9},[$key_],#16 // re-pre-load rndkey[1] - vst1.8 {$in0},[$out],#16 - vst1.8 {$in1},[$out],#16 vst1.8 {$in2},[$out],#16 b.hs .Loop3x_ctr32 @@ -793,40 +827,40 @@ $code.=<<___; .Lctr32_tail: aese $dat0,q8 - aese $dat1,q8 - vld1.32 {q8},[$key_],#16 aesmc $dat0,$dat0 + aese $dat1,q8 aesmc $dat1,$dat1 + vld1.32 {q8},[$key_],#16 subs $cnt,$cnt,#2 aese $dat0,q9 - aese $dat1,q9 - vld1.32 {q9},[$key_],#16 aesmc $dat0,$dat0 + aese $dat1,q9 aesmc $dat1,$dat1 + vld1.32 {q9},[$key_],#16 b.gt .Lctr32_tail aese $dat0,q8 - aese $dat1,q8 aesmc $dat0,$dat0 + aese $dat1,q8 aesmc $dat1,$dat1 aese $dat0,q9 - aese $dat1,q9 aesmc $dat0,$dat0 + aese $dat1,q9 aesmc $dat1,$dat1 vld1.8 {$in0},[$inp],$step aese $dat0,q12 - aese $dat1,q12 - vld1.8 {$in1},[$inp] aesmc $dat0,$dat0 + aese $dat1,q12 aesmc $dat1,$dat1 + vld1.8 {$in1},[$inp] aese $dat0,q13 - aese $dat1,q13 aesmc $dat0,$dat0 + aese $dat1,q13 aesmc $dat1,$dat1 - aese $dat0,q14 - aese $dat1,q14 veor $in0,$in0,$rndlast + aese $dat0,q14 aesmc $dat0,$dat0 + aese $dat1,q14 aesmc $dat1,$dat1 veor $in1,$in1,$rndlast aese $dat0,q15 diff --git a/src/crypto/aes/asm/bsaes-armv7.pl b/src/crypto/aes/asm/bsaes-armv7.pl index d70f3ea..a5e4a98 100644 --- a/src/crypto/aes/asm/bsaes-armv7.pl +++ b/src/crypto/aes/asm/bsaes-armv7.pl @@ -47,8 +47,20 @@ # # -while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} -open STDOUT,">$output"; +$flavour = shift; +if ($flavour=~/^\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; } +else { while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} } + +if ($flavour && $flavour ne "void") { + $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; + ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or + ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or + die "can't locate arm-xlate.pl"; + + open STDOUT,"| \"$^X\" $xlate $flavour $output"; +} else { + open STDOUT,">$output"; +} my ($inp,$out,$len,$key)=("r0","r1","r2","r3"); my @XMM=map("q$_",(0..15)); @@ -703,29 +715,35 @@ $code.=<<___; # define BSAES_ASM_EXTENDED_KEY # define XTS_CHAIN_TWEAK # define __ARM_ARCH__ __LINUX_ARM_ARCH__ +# define __ARM_MAX_ARCH__ 7 #endif #ifdef __thumb__ # define adrl adr #endif -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 +.arch armv7-a +.fpu neon + .text .syntax unified @ ARMv7-capable assembler is expected to handle this -#ifdef __thumb2__ +#if defined(__thumb2__) && !defined(__APPLE__) .thumb #else .code 32 #endif -.fpu neon - .type _bsaes_decrypt8,%function .align 4 _bsaes_decrypt8: adr $const,_bsaes_decrypt8 vldmia $key!, {@XMM[9]} @ round 0 key +#ifdef __APPLE__ + adr $const,.LM0ISR +#else add $const,$const,#.LM0ISR-_bsaes_decrypt8 +#endif vldmia $const!, {@XMM[8]} @ .LM0ISR veor @XMM[10], @XMM[0], @XMM[9] @ xor with round0 key @@ -820,7 +838,11 @@ _bsaes_const: _bsaes_encrypt8: adr $const,_bsaes_encrypt8 vldmia $key!, {@XMM[9]} @ round 0 key +#ifdef __APPLE__ + adr $const,.LM0SR +#else sub $const,$const,#_bsaes_encrypt8-.LM0SR +#endif vldmia $const!, {@XMM[8]} @ .LM0SR _bsaes_encrypt8_alt: @@ -924,7 +946,11 @@ $code.=<<___; _bsaes_key_convert: adr $const,_bsaes_key_convert vld1.8 {@XMM[7]}, [$inp]! @ load round 0 key +#ifdef __APPLE__ + adr $const,.LM0 +#else sub $const,$const,#_bsaes_key_convert-.LM0 +#endif vld1.8 {@XMM[15]}, [$inp]! @ load round 1 key vmov.i8 @XMM[8], #0x01 @ bit masks @@ -1397,7 +1423,12 @@ bsaes_ctr32_encrypt_blocks: vstmia r12, {@XMM[7]} @ save last round key vld1.8 {@XMM[0]}, [$ctr] @ load counter +#ifdef __APPLE__ + mov $ctr, #.LREVM0SR-.LM0 + add $ctr, $const, $ctr +#else add $ctr, $const, #.LREVM0SR-.LM0 @ borrow $ctr +#endif vldmia $keysched, {@XMM[4]} @ load round0 key #else ldr r12, [$key, #244] @@ -1454,7 +1485,12 @@ bsaes_ctr32_encrypt_blocks: vldmia $ctr, {@XMM[8]} @ .LREVM0SR mov r5, $rounds @ pass rounds vstmia $fp, {@XMM[10]} @ save next counter +#ifdef __APPLE__ + mov $const, #.LREVM0SR-.LSR + sub $const, $ctr, $const +#else sub $const, $ctr, #.LREVM0SR-.LSR @ pass constants +#endif bl _bsaes_encrypt8_alt @@ -1555,7 +1591,7 @@ bsaes_ctr32_encrypt_blocks: rev r8, r8 #endif sub sp, sp, #0x10 - vst1.8 {@XMM[1]}, [sp,:64] @ copy counter value + vst1.8 {@XMM[1]}, [sp] @ copy counter value sub sp, sp, #0x10 .Lctr_enc_short_loop: @@ -1566,7 +1602,7 @@ bsaes_ctr32_encrypt_blocks: bl AES_encrypt vld1.8 {@XMM[0]}, [r4]! @ load input - vld1.8 {@XMM[1]}, [sp,:64] @ load encrypted counter + vld1.8 {@XMM[1]}, [sp] @ load encrypted counter add r8, r8, #1 #ifdef __ARMEL__ rev r0, r8 @@ -2085,9 +2121,11 @@ bsaes_xts_decrypt: vld1.8 {@XMM[8]}, [r0] @ initial tweak adr $magic, .Lxts_magic +#ifndef XTS_CHAIN_TWEAK tst $len, #0xf @ if not multiple of 16 it ne @ Thumb2 thing, sanity check in ARM subne $len, #0x10 @ subtract another 16 bytes +#endif subs $len, #0x80 blo .Lxts_dec_short diff --git a/src/crypto/asn1/CMakeLists.txt b/src/crypto/asn1/CMakeLists.txt index 35e1bec..283636e 100644 --- a/src/crypto/asn1/CMakeLists.txt +++ b/src/crypto/asn1/CMakeLists.txt @@ -23,7 +23,6 @@ add_library( a_type.c a_utctm.c a_utf8.c - asn1_error.c asn1_lib.c asn1_par.c asn_pack.c diff --git a/src/crypto/asn1/a_d2i_fp.c b/src/crypto/asn1/a_d2i_fp.c index c28532b..6022c74 100644 --- a/src/crypto/asn1/a_d2i_fp.c +++ b/src/crypto/asn1/a_d2i_fp.c @@ -194,7 +194,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) len-off); if (c.inf & 0x80) { - unsigned long e; + uint32_t e; e=ERR_GET_REASON(ERR_peek_error()); if (e != ASN1_R_TOO_LONG) diff --git a/src/crypto/asn1/a_gentm.c b/src/crypto/asn1/a_gentm.c index 355feff..be093a4 100644 --- a/src/crypto/asn1/a_gentm.c +++ b/src/crypto/asn1/a_gentm.c @@ -57,6 +57,7 @@ #include #include +#include #include #include diff --git a/src/crypto/asn1/a_time.c b/src/crypto/asn1/a_time.c index f0badcc..e02e858 100644 --- a/src/crypto/asn1/a_time.c +++ b/src/crypto/asn1/a_time.c @@ -57,6 +57,7 @@ #include #include +#include #include #include diff --git a/src/crypto/asn1/a_type.c b/src/crypto/asn1/a_type.c index 75a17d5..fd3d5b1 100644 --- a/src/crypto/asn1/a_type.c +++ b/src/crypto/asn1/a_type.c @@ -125,6 +125,9 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b) case V_ASN1_NULL: result = 0; /* They do not have content. */ break; + case V_ASN1_BOOLEAN: + result = a->value.boolean - b->value.boolean; + break; case V_ASN1_INTEGER: case V_ASN1_NEG_INTEGER: case V_ASN1_ENUMERATED: diff --git a/src/crypto/asn1/a_utctm.c b/src/crypto/asn1/a_utctm.c index 7a3f5f6..52b010f 100644 --- a/src/crypto/asn1/a_utctm.c +++ b/src/crypto/asn1/a_utctm.c @@ -57,6 +57,7 @@ #include #include +#include #include #include @@ -287,7 +288,7 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t) if (!OPENSSL_gmtime(&t, &ttm)) return -2; - if (!OPENSSL_gmtime_diff(&day, &sec, &stm, &ttm)) + if (!OPENSSL_gmtime_diff(&day, &sec, &ttm, &stm)) return -2; if (day > 0) diff --git a/src/crypto/asn1/asn1_error.c b/src/crypto/asn1/asn1_error.c deleted file mode 100644 index 5e9fcaa..0000000 --- a/src/crypto/asn1/asn1_error.c +++ /dev/null @@ -1,203 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#include - -#include - -const ERR_STRING_DATA ASN1_error_string_data[] = { - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_BIT_STRING_set_bit, 0), "ASN1_BIT_STRING_set_bit"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ENUMERATED_set, 0), "ASN1_ENUMERATED_set"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ENUMERATED_to_BN, 0), "ASN1_ENUMERATED_to_BN"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GENERALIZEDTIME_adj, 0), "ASN1_GENERALIZEDTIME_adj"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_INTEGER_set, 0), "ASN1_INTEGER_set"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_INTEGER_to_BN, 0), "ASN1_INTEGER_to_BN"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_OBJECT_new, 0), "ASN1_OBJECT_new"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_PCTX_new, 0), "ASN1_PCTX_new"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_TABLE_add, 0), "ASN1_STRING_TABLE_add"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_set, 0), "ASN1_STRING_set"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_type_new, 0), "ASN1_STRING_type_new"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TIME_adj, 0), "ASN1_TIME_adj"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_UTCTIME_adj, 0), "ASN1_UTCTIME_adj"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_d2i_fp, 0), "ASN1_d2i_fp"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_dup, 0), "ASN1_dup"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_get_object, 0), "ASN1_get_object"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_i2d_bio, 0), "ASN1_i2d_bio"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_i2d_fp, 0), "ASN1_i2d_fp"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_item_d2i_fp, 0), "ASN1_item_d2i_fp"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_item_dup, 0), "ASN1_item_dup"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_item_ex_d2i, 0), "ASN1_item_ex_d2i"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_item_i2d_bio, 0), "ASN1_item_i2d_bio"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_item_i2d_fp, 0), "ASN1_item_i2d_fp"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_item_pack, 0), "ASN1_item_pack"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_item_unpack, 0), "ASN1_item_unpack"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_mbstring_ncopy, 0), "ASN1_mbstring_ncopy"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_pack_string, 0), "ASN1_pack_string"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_seq_pack, 0), "ASN1_seq_pack"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_seq_unpack, 0), "ASN1_seq_unpack"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_template_new, 0), "ASN1_template_new"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_unpack_string, 0), "ASN1_unpack_string"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_BIO_new_NDEF, 0), "BIO_new_NDEF"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_BN_to_ASN1_ENUMERATED, 0), "BN_to_ASN1_ENUMERATED"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_BN_to_ASN1_INTEGER, 0), "BN_to_ASN1_INTEGER"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_a2d_ASN1_OBJECT, 0), "a2d_ASN1_OBJECT"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_a2i_ASN1_ENUMERATED, 0), "a2i_ASN1_ENUMERATED"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_a2i_ASN1_INTEGER, 0), "a2i_ASN1_INTEGER"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_a2i_ASN1_STRING, 0), "a2i_ASN1_STRING"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_asn1_check_tlen, 0), "asn1_check_tlen"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_asn1_collate_primitive, 0), "asn1_collate_primitive"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_asn1_collect, 0), "asn1_collect"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_asn1_d2i_ex_primitive, 0), "asn1_d2i_ex_primitive"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_asn1_d2i_read_bio, 0), "asn1_d2i_read_bio"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_asn1_do_adb, 0), "asn1_do_adb"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_asn1_ex_c2i, 0), "asn1_ex_c2i"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_asn1_find_end, 0), "asn1_find_end"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_asn1_item_ex_combine_new, 0), "asn1_item_ex_combine_new"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_asn1_template_ex_d2i, 0), "asn1_template_ex_d2i"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_asn1_template_noexp_d2i, 0), "asn1_template_noexp_d2i"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_c2i_ASN1_BIT_STRING, 0), "c2i_ASN1_BIT_STRING"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_c2i_ASN1_INTEGER, 0), "c2i_ASN1_INTEGER"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_c2i_ASN1_OBJECT, 0), "c2i_ASN1_OBJECT"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_collect_data, 0), "collect_data"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_d2i_ASN1_BOOLEAN, 0), "d2i_ASN1_BOOLEAN"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_d2i_ASN1_OBJECT, 0), "d2i_ASN1_OBJECT"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_d2i_ASN1_UINTEGER, 0), "d2i_ASN1_UINTEGER"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_d2i_ASN1_UTCTIME, 0), "d2i_ASN1_UTCTIME"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_d2i_ASN1_bytes, 0), "d2i_ASN1_bytes"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_d2i_ASN1_type_bytes, 0), "d2i_ASN1_type_bytes"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_i2d_ASN1_TIME, 0), "i2d_ASN1_TIME"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_long_c2i, 0), "long_c2i"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ADDING_OBJECT), "ADDING_OBJECT"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ASN1_LENGTH_MISMATCH), "ASN1_LENGTH_MISMATCH"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ASN1_PARSE_ERROR), "ASN1_PARSE_ERROR"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ASN1_SIG_PARSE_ERROR), "ASN1_SIG_PARSE_ERROR"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_AUX_ERROR), "AUX_ERROR"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BAD_CLASS), "BAD_CLASS"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BAD_GET_ASN1_OBJECT_CALL), "BAD_GET_ASN1_OBJECT_CALL"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BAD_OBJECT_HEADER), "BAD_OBJECT_HEADER"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BAD_PASSWORD_READ), "BAD_PASSWORD_READ"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BAD_TAG), "BAD_TAG"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BMPSTRING_IS_WRONG_LENGTH), "BMPSTRING_IS_WRONG_LENGTH"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BN_LIB), "BN_LIB"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BOOLEAN_IS_WRONG_LENGTH), "BOOLEAN_IS_WRONG_LENGTH"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BUFFER_TOO_SMALL), "BUFFER_TOO_SMALL"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER), "CIPHER_HAS_NO_OBJECT_IDENTIFIER"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_CONTEXT_NOT_INITIALISED), "CONTEXT_NOT_INITIALISED"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DATA_IS_WRONG), "DATA_IS_WRONG"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DECODE_ERROR), "DECODE_ERROR"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DECODING_ERROR), "DECODING_ERROR"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DEPTH_EXCEEDED), "DEPTH_EXCEEDED"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ENCODE_ERROR), "ENCODE_ERROR"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ERROR_GETTING_TIME), "ERROR_GETTING_TIME"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ERROR_LOADING_SECTION), "ERROR_LOADING_SECTION"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ERROR_PARSING_SET_ELEMENT), "ERROR_PARSING_SET_ELEMENT"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ERROR_SETTING_CIPHER_PARAMS), "ERROR_SETTING_CIPHER_PARAMS"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPECTING_AN_ASN1_SEQUENCE), "EXPECTING_AN_ASN1_SEQUENCE"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPECTING_AN_INTEGER), "EXPECTING_AN_INTEGER"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPECTING_AN_OBJECT), "EXPECTING_AN_OBJECT"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPECTING_A_BOOLEAN), "EXPECTING_A_BOOLEAN"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPECTING_A_TIME), "EXPECTING_A_TIME"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPLICIT_LENGTH_MISMATCH), "EXPLICIT_LENGTH_MISMATCH"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED), "EXPLICIT_TAG_NOT_CONSTRUCTED"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_FIELD_MISSING), "FIELD_MISSING"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_FIRST_NUM_TOO_LARGE), "FIRST_NUM_TOO_LARGE"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_HEADER_TOO_LONG), "HEADER_TOO_LONG"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_BITSTRING_FORMAT), "ILLEGAL_BITSTRING_FORMAT"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_BOOLEAN), "ILLEGAL_BOOLEAN"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_CHARACTERS), "ILLEGAL_CHARACTERS"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_FORMAT), "ILLEGAL_FORMAT"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_HEX), "ILLEGAL_HEX"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_IMPLICIT_TAG), "ILLEGAL_IMPLICIT_TAG"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_INTEGER), "ILLEGAL_INTEGER"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_NESTED_TAGGING), "ILLEGAL_NESTED_TAGGING"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_NULL), "ILLEGAL_NULL"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_NULL_VALUE), "ILLEGAL_NULL_VALUE"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_OBJECT), "ILLEGAL_OBJECT"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_OPTIONAL_ANY), "ILLEGAL_OPTIONAL_ANY"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE), "ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_TAGGED_ANY), "ILLEGAL_TAGGED_ANY"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_TIME_VALUE), "ILLEGAL_TIME_VALUE"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INTEGER_NOT_ASCII_FORMAT), "INTEGER_NOT_ASCII_FORMAT"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG), "INTEGER_TOO_LARGE_FOR_LONG"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_BIT_STRING_BITS_LEFT), "INVALID_BIT_STRING_BITS_LEFT"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_BMPSTRING_LENGTH), "INVALID_BMPSTRING_LENGTH"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_DIGIT), "INVALID_DIGIT"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_MIME_TYPE), "INVALID_MIME_TYPE"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_MODIFIER), "INVALID_MODIFIER"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_NUMBER), "INVALID_NUMBER"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_OBJECT_ENCODING), "INVALID_OBJECT_ENCODING"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_SEPARATOR), "INVALID_SEPARATOR"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_TIME_FORMAT), "INVALID_TIME_FORMAT"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH), "INVALID_UNIVERSALSTRING_LENGTH"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_UTF8STRING), "INVALID_UTF8STRING"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_IV_TOO_LARGE), "IV_TOO_LARGE"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_LENGTH_ERROR), "LENGTH_ERROR"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_LIST_ERROR), "LIST_ERROR"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MALLOC_FAILURE), "MALLOC_FAILURE"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MIME_NO_CONTENT_TYPE), "MIME_NO_CONTENT_TYPE"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MIME_PARSE_ERROR), "MIME_PARSE_ERROR"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MIME_SIG_PARSE_ERROR), "MIME_SIG_PARSE_ERROR"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MISSING_ASN1_EOS), "MISSING_ASN1_EOS"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MISSING_EOC), "MISSING_EOC"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MISSING_SECOND_NUMBER), "MISSING_SECOND_NUMBER"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MISSING_VALUE), "MISSING_VALUE"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MSTRING_NOT_UNIVERSAL), "MSTRING_NOT_UNIVERSAL"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MSTRING_WRONG_TAG), "MSTRING_WRONG_TAG"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NESTED_ASN1_ERROR), "NESTED_ASN1_ERROR"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NESTED_ASN1_STRING), "NESTED_ASN1_STRING"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NON_HEX_CHARACTERS), "NON_HEX_CHARACTERS"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NOT_ASCII_FORMAT), "NOT_ASCII_FORMAT"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NOT_ENOUGH_DATA), "NOT_ENOUGH_DATA"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_CONTENT_TYPE), "NO_CONTENT_TYPE"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_DEFAULT_DIGEST), "NO_DEFAULT_DIGEST"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_MATCHING_CHOICE_TYPE), "NO_MATCHING_CHOICE_TYPE"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_MULTIPART_BODY_FAILURE), "NO_MULTIPART_BODY_FAILURE"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_MULTIPART_BOUNDARY), "NO_MULTIPART_BOUNDARY"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_SIG_CONTENT_TYPE), "NO_SIG_CONTENT_TYPE"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NULL_IS_WRONG_LENGTH), "NULL_IS_WRONG_LENGTH"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_OBJECT_NOT_ASCII_FORMAT), "OBJECT_NOT_ASCII_FORMAT"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ODD_NUMBER_OF_CHARS), "ODD_NUMBER_OF_CHARS"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_PRIVATE_KEY_HEADER_MISSING), "PRIVATE_KEY_HEADER_MISSING"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SECOND_NUMBER_TOO_LARGE), "SECOND_NUMBER_TOO_LARGE"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SEQUENCE_LENGTH_MISMATCH), "SEQUENCE_LENGTH_MISMATCH"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SEQUENCE_NOT_CONSTRUCTED), "SEQUENCE_NOT_CONSTRUCTED"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG), "SEQUENCE_OR_SET_NEEDS_CONFIG"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SHORT_LINE), "SHORT_LINE"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SIG_INVALID_MIME_TYPE), "SIG_INVALID_MIME_TYPE"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_STREAMING_NOT_SUPPORTED), "STREAMING_NOT_SUPPORTED"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_STRING_TOO_LONG), "STRING_TOO_LONG"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_STRING_TOO_SHORT), "STRING_TOO_SHORT"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TAG_VALUE_TOO_HIGH), "TAG_VALUE_TOO_HIGH"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD), "THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TIME_NOT_ASCII_FORMAT), "TIME_NOT_ASCII_FORMAT"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TOO_LONG), "TOO_LONG"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TYPE_NOT_CONSTRUCTED), "TYPE_NOT_CONSTRUCTED"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TYPE_NOT_PRIMITIVE), "TYPE_NOT_PRIMITIVE"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNABLE_TO_DECODE_RSA_KEY), "UNABLE_TO_DECODE_RSA_KEY"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY), "UNABLE_TO_DECODE_RSA_PRIVATE_KEY"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNEXPECTED_EOC), "UNEXPECTED_EOC"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH), "UNIVERSALSTRING_IS_WRONG_LENGTH"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_FORMAT), "UNKNOWN_FORMAT"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_OBJECT_TYPE), "UNKNOWN_OBJECT_TYPE"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE), "UNKNOWN_PUBLIC_KEY_TYPE"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_TAG), "UNKNOWN_TAG"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE), "UNSUPPORTED_ANY_DEFINED_BY_TYPE"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_CIPHER), "UNSUPPORTED_CIPHER"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM), "UNSUPPORTED_ENCRYPTION_ALGORITHM"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE), "UNSUPPORTED_PUBLIC_KEY_TYPE"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_TYPE), "UNSUPPORTED_TYPE"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_WRONG_TAG), "WRONG_TAG"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_WRONG_TYPE), "WRONG_TYPE"}, - {0, NULL}, -}; diff --git a/src/crypto/asn1/asn1_lib.c b/src/crypto/asn1/asn1_lib.c index 1fc2c06..9aa2678 100644 --- a/src/crypto/asn1/asn1_lib.c +++ b/src/crypto/asn1/asn1_lib.c @@ -63,8 +63,46 @@ #include #include + +/* Used in asn1_mac.h. + * TODO(davidben): Remove this once asn1_mac.h is gone or trimmed. */ OPENSSL_DECLARE_ERROR_REASON(ASN1, MALLOC_FAILURE); +/* Cross-module errors from crypto/x509/i2d_pr.c */ +OPENSSL_DECLARE_ERROR_FUNCTION(ASN1, i2d_PrivateKey); +OPENSSL_DECLARE_ERROR_REASON(ASN1, UNSUPPORTED_PUBLIC_KEY_TYPE); + +/* Cross-module errors from crypto/x509/asn1_gen.c. + * TODO(davidben): Remove these once asn1_gen.c is gone. */ +OPENSSL_DECLARE_ERROR_FUNCTION(ASN1, ASN1_generate_v3); +OPENSSL_DECLARE_ERROR_FUNCTION(ASN1, asn1_cb); +OPENSSL_DECLARE_ERROR_FUNCTION(ASN1, parse_tagging); +OPENSSL_DECLARE_ERROR_FUNCTION(ASN1, append_exp); +OPENSSL_DECLARE_ERROR_FUNCTION(ASN1, asn1_str2type); +OPENSSL_DECLARE_ERROR_FUNCTION(ASN1, bitstr_cb); +OPENSSL_DECLARE_ERROR_REASON(ASN1, DEPTH_EXCEEDED); +OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_BITSTRING_FORMAT); +OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_BOOLEAN); +OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_FORMAT); +OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_HEX); +OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_IMPLICIT_TAG); +OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_INTEGER); +OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_NESTED_TAGGING); +OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_NULL_VALUE); +OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_OBJECT); +OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_TIME_VALUE); +OPENSSL_DECLARE_ERROR_REASON(ASN1, INTEGER_NOT_ASCII_FORMAT); +OPENSSL_DECLARE_ERROR_REASON(ASN1, INVALID_MODIFIER); +OPENSSL_DECLARE_ERROR_REASON(ASN1, INVALID_NUMBER); +OPENSSL_DECLARE_ERROR_REASON(ASN1, LIST_ERROR); +OPENSSL_DECLARE_ERROR_REASON(ASN1, MISSING_VALUE); +OPENSSL_DECLARE_ERROR_REASON(ASN1, NOT_ASCII_FORMAT); +OPENSSL_DECLARE_ERROR_REASON(ASN1, OBJECT_NOT_ASCII_FORMAT); +OPENSSL_DECLARE_ERROR_REASON(ASN1, SEQUENCE_OR_SET_NEEDS_CONFIG); +OPENSSL_DECLARE_ERROR_REASON(ASN1, TIME_NOT_ASCII_FORMAT); +OPENSSL_DECLARE_ERROR_REASON(ASN1, UNKNOWN_FORMAT); +OPENSSL_DECLARE_ERROR_REASON(ASN1, UNKNOWN_TAG); +OPENSSL_DECLARE_ERROR_REASON(ASN1, UNSUPPORTED_TYPE); static int asn1_get_length(const unsigned char **pp,int *inf,long *rl,int max); static void asn1_put_length(unsigned char **pp, int length); @@ -466,15 +504,6 @@ int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b) return(i); } -void asn1_add_error(const unsigned char *address, int offset) - { - char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1]; - - BIO_snprintf(buf1,sizeof buf1,"%lu",(unsigned long)address); - BIO_snprintf(buf2,sizeof buf2,"%d",offset); - ERR_add_error_data(4,"address=",buf1," offset=",buf2); - } - int ASN1_STRING_length(const ASN1_STRING *x) { return M_ASN1_STRING_length(x); } diff --git a/src/crypto/asn1/asn1_par.c b/src/crypto/asn1/asn1_par.c index 53b11fe..aff3e2b 100644 --- a/src/crypto/asn1/asn1_par.c +++ b/src/crypto/asn1/asn1_par.c @@ -137,7 +137,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse #endif if (j & 0x80) { - if (BIO_write(bp,"Error in encoding\n",18) <= 0) + if (BIO_puts(bp, "Error in encoding\n") <= 0) goto end; ret=0; goto end; @@ -165,7 +165,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse if (j & V_ASN1_CONSTRUCTED) { ep=p+len; - if (BIO_write(bp,"\n",1) <= 0) goto end; + if (BIO_puts(bp, "\n") <= 0) goto end; if (len > length) { BIO_printf(bp, @@ -196,7 +196,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse else if (xclass != 0) { p+=len; - if (BIO_write(bp,"\n",1) <= 0) goto end; + if (BIO_puts(bp, "\n") <= 0) goto end; } else { @@ -210,7 +210,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse (tag == V_ASN1_UTCTIME) || (tag == V_ASN1_GENERALIZEDTIME)) { - if (BIO_write(bp,":",1) <= 0) goto end; + if (BIO_puts(bp, ":") <= 0) goto end; if ((len > 0) && BIO_write(bp,(const char *)p,(int)len) != (int)len) @@ -221,12 +221,12 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse opp=op; if (d2i_ASN1_OBJECT(&o,&opp,len+hl) != NULL) { - if (BIO_write(bp,":",1) <= 0) goto end; + if (BIO_puts(bp, ":") <= 0) goto end; i2a_ASN1_OBJECT(bp,o); } else { - if (BIO_write(bp,":BAD OBJECT",11) <= 0) + if (BIO_puts(bp, ":BAD OBJECT") <= 0) goto end; } } @@ -238,7 +238,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse ii=d2i_ASN1_BOOLEAN(NULL,&opp,len+hl); if (ii < 0) { - if (BIO_write(bp,"Bad boolean\n",12) <= 0) + if (BIO_puts(bp, "Bad boolean\n") <= 0) goto end; } BIO_printf(bp,":%d",ii); @@ -273,7 +273,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse if (printable) /* printable string */ { - if (BIO_write(bp,":",1) <= 0) + if (BIO_puts(bp, ":") <= 0) goto end; if (BIO_write(bp,(const char *)opp, os->length) <= 0) @@ -283,7 +283,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse /* not printable => print octet string * as hex dump */ { - if (BIO_write(bp,"[HEX DUMP]:",11) <= 0) + if (BIO_puts(bp, "[HEX DUMP]:") <= 0) goto end; for (i=0; ilength; i++) { @@ -297,7 +297,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse { if (!nl) { - if (BIO_write(bp,"\n",1) <= 0) + if (BIO_puts(bp, "\n") <= 0) goto end; } if (!BIO_hexdump(bp, opp, @@ -323,9 +323,9 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse bs=d2i_ASN1_INTEGER(NULL,&opp,len+hl); if (bs != NULL) { - if (BIO_write(bp,":",1) <= 0) goto end; + if (BIO_puts(bp, ":") <= 0) goto end; if (bs->type == V_ASN1_NEG_INTEGER) - if (BIO_write(bp,"-",1) <= 0) + if (BIO_puts(bp, "-") <= 0) goto end; for (i=0; ilength; i++) { @@ -335,13 +335,13 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse } if (bs->length == 0) { - if (BIO_write(bp,"00",2) <= 0) + if (BIO_puts(bp, "00") <= 0) goto end; } } else { - if (BIO_write(bp,"BAD INTEGER",11) <= 0) + if (BIO_puts(bp, "BAD INTEGER") <= 0) goto end; } M_ASN1_INTEGER_free(bs); @@ -355,9 +355,9 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse bs=d2i_ASN1_ENUMERATED(NULL,&opp,len+hl); if (bs != NULL) { - if (BIO_write(bp,":",1) <= 0) goto end; + if (BIO_puts(bp, ":") <= 0) goto end; if (bs->type == V_ASN1_NEG_ENUMERATED) - if (BIO_write(bp,"-",1) <= 0) + if (BIO_puts(bp, "-") <= 0) goto end; for (i=0; ilength; i++) { @@ -367,13 +367,13 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse } if (bs->length == 0) { - if (BIO_write(bp,"00",2) <= 0) + if (BIO_puts(bp, "00") <= 0) goto end; } } else { - if (BIO_write(bp,"BAD ENUMERATED",11) <= 0) + if (BIO_puts(bp, "BAD ENUMERATED") <= 0) goto end; } M_ASN1_ENUMERATED_free(bs); @@ -382,7 +382,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse { if (!nl) { - if (BIO_write(bp,"\n",1) <= 0) + if (BIO_puts(bp, "\n") <= 0) goto end; } if (!BIO_hexdump(bp,p, @@ -394,7 +394,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse if (!nl) { - if (BIO_write(bp,"\n",1) <= 0) goto end; + if (BIO_puts(bp, "\n") <= 0) goto end; } p+=len; if ((tag == V_ASN1_EOC) && (xclass == 0)) diff --git a/src/crypto/asn1/bio_ndef.c b/src/crypto/asn1/bio_ndef.c index c814814..2f7105d 100644 --- a/src/crypto/asn1/bio_ndef.c +++ b/src/crypto/asn1/bio_ndef.c @@ -170,6 +170,9 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg) derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); p = OPENSSL_malloc(derlen); + if (p == NULL) + return 0; + ndef_aux->derbuf = p; *pbuf = p; derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it); @@ -235,6 +238,9 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg) derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); p = OPENSSL_malloc(derlen); + if (p == NULL) + return 0; + ndef_aux->derbuf = p; *pbuf = p; derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it); diff --git a/src/crypto/asn1/tasn_dec.c b/src/crypto/asn1/tasn_dec.c index 4cece89..73d3bb3 100644 --- a/src/crypto/asn1/tasn_dec.c +++ b/src/crypto/asn1/tasn_dec.c @@ -63,6 +63,8 @@ #include #include +#include "../internal.h" + static int asn1_check_eoc(const unsigned char **in, long len); static int asn1_find_end(const unsigned char **in, long len, char inf); @@ -304,8 +306,19 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) goto auxerr; - /* Allocate structure */ - if (!*pval && !ASN1_item_ex_new(pval, it)) + if (*pval) + { + /* Free up and zero CHOICE value if initialised */ + i = asn1_get_choice_selector(pval, it); + if ((i >= 0) && (i < it->tcount)) + { + tt = it->templates + i; + pchptr = asn1_get_field_ptr(pval, tt); + ASN1_template_free(pchptr, tt); + asn1_set_choice_selector(pval, -1, it); + } + } + else if (!ASN1_item_ex_new(pval, it)) { OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_NESTED_ASN1_ERROR); goto err; @@ -394,6 +407,19 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) goto auxerr; + /* Free up and zero any ADB found */ + for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) + { + if (tt->flags & ASN1_TFLG_ADB_MASK) + { + const ASN1_TEMPLATE *seqtt; + ASN1_VALUE **pseqval; + seqtt = asn1_do_adb(pval, tt, 1); + pseqval = asn1_get_field_ptr(pval, seqtt); + ASN1_template_free(pseqval, seqtt); + } + } + /* Get each field entry */ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { @@ -738,6 +764,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, const unsigned char **in, long inlen, const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx) + OPENSSL_SUPPRESS_POTENTIALLY_UNINITIALIZED_WARNINGS { int ret = 0, utype; long plen; @@ -1193,7 +1220,7 @@ static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen) len = buf->length; if (!BUF_MEM_grow_clean(buf, len + plen)) { - OPENSSL_PUT_ERROR(ASN1, asn1_collect, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, collect_data, ERR_R_MALLOC_FAILURE); return 0; } memcpy(buf->data + len, *p, plen); diff --git a/src/crypto/asn1/tasn_new.c b/src/crypto/asn1/tasn_new.c index b68eed7..918aba7 100644 --- a/src/crypto/asn1/tasn_new.c +++ b/src/crypto/asn1/tasn_new.c @@ -100,8 +100,6 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, else asn1_cb = 0; - if (!combine) *pval = NULL; - #ifdef CRYPTO_MDEBUG if (it->sname) CRYPTO_push_info(it->sname); @@ -212,6 +210,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, memerr: OPENSSL_PUT_ERROR(ASN1, asn1_item_ex_combine_new, ERR_R_MALLOC_FAILURE); + ASN1_item_ex_free(pval, it); #ifdef CRYPTO_MDEBUG if (it->sname) CRYPTO_pop_info(); #endif @@ -328,14 +327,17 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) ASN1_STRING *str; int utype; - if (it && it->funcs) + if (!it) + return 0; + + if (it->funcs) { const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; if (pf->prim_new) return pf->prim_new(pval, it); } - if (!it || (it->itype == ASN1_ITYPE_MSTRING)) + if (it->itype == ASN1_ITYPE_MSTRING) utype = -1; else utype = it->utype; diff --git a/src/crypto/asn1/tasn_prn.c b/src/crypto/asn1/tasn_prn.c index 4eb522d..df19ff0 100644 --- a/src/crypto/asn1/tasn_prn.c +++ b/src/crypto/asn1/tasn_prn.c @@ -229,6 +229,7 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, if (!asn1_template_print_ctx(out, fld, indent, it->templates, pctx)) return 0; + break; } /* fall thru */ case ASN1_ITYPE_MSTRING: @@ -309,6 +310,8 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, { const ASN1_TEMPLATE *seqtt; seqtt = asn1_do_adb(fld, tt, 1); + if (!seqtt) + return 0; tmpfld = asn1_get_field_ptr(fld, seqtt); if (!asn1_template_print_ctx(out, tmpfld, indent + 2, seqtt, pctx)) diff --git a/src/crypto/asn1/tasn_typ.c b/src/crypto/asn1/tasn_typ.c index f2bbbc8..f004b0d 100644 --- a/src/crypto/asn1/tasn_typ.c +++ b/src/crypto/asn1/tasn_typ.c @@ -61,53 +61,38 @@ /* Declarations for string types */ -IMPLEMENT_ASN1_TYPE(ASN1_INTEGER); -IMPLEMENT_ASN1_FUNCTIONS(ASN1_INTEGER); - -IMPLEMENT_ASN1_TYPE(ASN1_ENUMERATED); -IMPLEMENT_ASN1_FUNCTIONS(ASN1_ENUMERATED); - -IMPLEMENT_ASN1_TYPE(ASN1_BIT_STRING); -IMPLEMENT_ASN1_FUNCTIONS(ASN1_BIT_STRING); - -IMPLEMENT_ASN1_TYPE(ASN1_OCTET_STRING); -IMPLEMENT_ASN1_FUNCTIONS(ASN1_OCTET_STRING); +#define IMPLEMENT_ASN1_STRING_FUNCTIONS(sname) \ + IMPLEMENT_ASN1_TYPE(sname) \ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(sname, sname, sname) \ + sname *sname##_new(void) \ + { \ + return ASN1_STRING_type_new(V_##sname); \ + } \ + void sname##_free(sname *x) \ + { \ + ASN1_STRING_free(x); \ + } + +IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_OCTET_STRING) +IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_INTEGER) +IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_ENUMERATED) +IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_BIT_STRING) +IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_UTF8STRING) +IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_PRINTABLESTRING) +IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_T61STRING) +IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_IA5STRING) +IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_GENERALSTRING) +IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_UTCTIME) +IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_GENERALIZEDTIME) +IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_VISIBLESTRING) +IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_UNIVERSALSTRING) +IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_BMPSTRING) IMPLEMENT_ASN1_TYPE(ASN1_NULL); IMPLEMENT_ASN1_FUNCTIONS(ASN1_NULL); IMPLEMENT_ASN1_TYPE(ASN1_OBJECT); -IMPLEMENT_ASN1_TYPE(ASN1_UTF8STRING); -IMPLEMENT_ASN1_FUNCTIONS(ASN1_UTF8STRING); - -IMPLEMENT_ASN1_TYPE(ASN1_PRINTABLESTRING); -IMPLEMENT_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING); - -IMPLEMENT_ASN1_TYPE(ASN1_T61STRING); -IMPLEMENT_ASN1_FUNCTIONS(ASN1_T61STRING); - -IMPLEMENT_ASN1_TYPE(ASN1_IA5STRING); -IMPLEMENT_ASN1_FUNCTIONS(ASN1_IA5STRING); - -IMPLEMENT_ASN1_TYPE(ASN1_GENERALSTRING); -IMPLEMENT_ASN1_FUNCTIONS(ASN1_GENERALSTRING); - -IMPLEMENT_ASN1_TYPE(ASN1_UTCTIME); -IMPLEMENT_ASN1_FUNCTIONS(ASN1_UTCTIME); - -IMPLEMENT_ASN1_TYPE(ASN1_GENERALIZEDTIME); -IMPLEMENT_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME); - -IMPLEMENT_ASN1_TYPE(ASN1_VISIBLESTRING); -IMPLEMENT_ASN1_FUNCTIONS(ASN1_VISIBLESTRING); - -IMPLEMENT_ASN1_TYPE(ASN1_UNIVERSALSTRING); -IMPLEMENT_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING); - -IMPLEMENT_ASN1_TYPE(ASN1_BMPSTRING); -IMPLEMENT_ASN1_FUNCTIONS(ASN1_BMPSTRING); - IMPLEMENT_ASN1_TYPE(ASN1_ANY); /* Just swallow an ASN1_SEQUENCE in an ASN1_STRING */; diff --git a/src/crypto/asn1/tasn_utl.c b/src/crypto/asn1/tasn_utl.c index f6045e4..1b9de94 100644 --- a/src/crypto/asn1/tasn_utl.c +++ b/src/crypto/asn1/tasn_utl.c @@ -62,6 +62,7 @@ #include #include #include +#include /* Utility functions for manipulating fields and offsets */ diff --git a/src/crypto/base64/CMakeLists.txt b/src/crypto/base64/CMakeLists.txt index 2b4f081..8bc531a 100644 --- a/src/crypto/base64/CMakeLists.txt +++ b/src/crypto/base64/CMakeLists.txt @@ -11,7 +11,7 @@ add_library( add_executable( base64_test - base64_test.c + base64_test.cc ) target_link_libraries(base64_test crypto) diff --git a/src/crypto/base64/base64.c b/src/crypto/base64/base64.c index 12a52cf..4822fb8 100644 --- a/src/crypto/base64/base64.c +++ b/src/crypto/base64/base64.c @@ -373,6 +373,10 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, uint8_t *out, int *out_len, rv = 0; goto end; } + if (eof > v) { + rv = -1; + goto end; + } ret += (v - eof); } else { eof = 1; diff --git a/src/crypto/base64/base64_test.c b/src/crypto/base64/base64_test.c deleted file mode 100644 index 411323f..0000000 --- a/src/crypto/base64/base64_test.c +++ /dev/null @@ -1,133 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#include -#include - -#include -#include -#include - - -typedef struct { - const char *decoded; - const char *encoded; -} TEST_VECTOR; - -/* Test vectors from RFC 4648. */ -static const TEST_VECTOR test_vectors[] = { - { "", "" }, - { "f" , "Zg==" }, - { "fo", "Zm8=" }, - { "foo", "Zm9v" }, - { "foob", "Zm9vYg==" }, - { "fooba", "Zm9vYmE=" }, - { "foobar", "Zm9vYmFy" }, -}; - -static const size_t kNumTests = sizeof(test_vectors) / sizeof(test_vectors[0]); - -static int test_encode(void) { - uint8_t out[9]; - size_t i, len; - - for (i = 0; i < kNumTests; i++) { - const TEST_VECTOR *t = &test_vectors[i]; - len = EVP_EncodeBlock(out, (const uint8_t*)t->decoded, strlen(t->decoded)); - if (len != strlen(t->encoded) || - memcmp(out, t->encoded, len) != 0) { - fprintf(stderr, "encode(\"%s\") = \"%.*s\", want \"%s\"\n", - t->decoded, (int)len, (const char*)out, t->encoded); - return 0; - } - } - return 1; -} - -static int test_decode(void) { - uint8_t out[6]; - size_t i, len; - int ret; - - for (i = 0; i < kNumTests; i++) { - /* Test the normal API. */ - const TEST_VECTOR *t = &test_vectors[i]; - size_t expected_len = strlen(t->decoded); - if (!EVP_DecodeBase64(out, &len, sizeof(out), - (const uint8_t*)t->encoded, strlen(t->encoded))) { - fprintf(stderr, "decode(\"%s\") failed\n", t->encoded); - return 0; - } - if (len != strlen(t->decoded) || - memcmp(out, t->decoded, len) != 0) { - fprintf(stderr, "decode(\"%s\") = \"%.*s\", want \"%s\"\n", - t->encoded, (int)len, (const char*)out, t->decoded); - return 0; - } - - /* Test that the padding behavior of the deprecated API is - * preserved. */ - ret = EVP_DecodeBlock(out, (const uint8_t*)t->encoded, strlen(t->encoded)); - if (ret < 0) { - fprintf(stderr, "decode(\"%s\") failed\n", t->encoded); - return 0; - } - if (ret % 3 != 0) { - fprintf(stderr, "EVP_DecodeBlock did not ignore padding\n"); - return 0; - } - if (expected_len % 3 != 0) { - ret -= 3 - (expected_len % 3); - } - if (ret != strlen(t->decoded) || - memcmp(out, t->decoded, ret) != 0) { - fprintf(stderr, "decode(\"%s\") = \"%.*s\", want \"%s\"\n", - t->encoded, ret, (const char*)out, t->decoded); - return 0; - } - } - - if (EVP_DecodeBase64(out, &len, sizeof(out), (const uint8_t*)"a!bc", 4)) { - fprintf(stderr, "Failed to reject invalid characters in the middle.\n"); - return 0; - } - - if (EVP_DecodeBase64(out, &len, sizeof(out), (const uint8_t*)"a=bc", 4)) { - fprintf(stderr, "Failed to reject invalid characters in the middle.\n"); - return 0; - } - - if (EVP_DecodeBase64(out, &len, sizeof(out), (const uint8_t*)"abc", 4)) { - fprintf(stderr, "Failed to reject invalid input length.\n"); - return 0; - } - - return 1; -} - -int main(void) { - CRYPTO_library_init(); - ERR_load_crypto_strings(); - - if (!test_encode()) { - return 1; - } - - if (!test_decode()) { - return 1; - } - - printf("PASS\n"); - return 0; -} diff --git a/src/crypto/base64/base64_test.cc b/src/crypto/base64/base64_test.cc new file mode 100644 index 0000000..fde0b46 --- /dev/null +++ b/src/crypto/base64/base64_test.cc @@ -0,0 +1,128 @@ +/* Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include +#include + +#include +#include +#include + + +struct TestVector { + const char *decoded; + const char *encoded; +}; + +// Test vectors from RFC 4648. +static const TestVector kTestVectors[] = { + { "", "" }, + { "f" , "Zg==" }, + { "fo", "Zm8=" }, + { "foo", "Zm9v" }, + { "foob", "Zm9vYg==" }, + { "fooba", "Zm9vYmE=" }, + { "foobar", "Zm9vYmFy" }, +}; + +static const size_t kNumTests = sizeof(kTestVectors) / sizeof(kTestVectors[0]); + +static bool TestEncode() { + for (size_t i = 0; i < kNumTests; i++) { + const TestVector *t = &kTestVectors[i]; + uint8_t out[9]; + size_t len = EVP_EncodeBlock(out, (const uint8_t*)t->decoded, + strlen(t->decoded)); + if (len != strlen(t->encoded) || + memcmp(out, t->encoded, len) != 0) { + fprintf(stderr, "encode(\"%s\") = \"%.*s\", want \"%s\"\n", + t->decoded, (int)len, (const char*)out, t->encoded); + return false; + } + } + return true; +} + +static bool TestDecode() { + uint8_t out[6]; + size_t len; + + for (size_t i = 0; i < kNumTests; i++) { + // Test the normal API. + const TestVector *t = &kTestVectors[i]; + size_t expected_len = strlen(t->decoded); + if (!EVP_DecodeBase64(out, &len, sizeof(out), + (const uint8_t*)t->encoded, strlen(t->encoded))) { + fprintf(stderr, "decode(\"%s\") failed\n", t->encoded); + return false; + } + if (len != strlen(t->decoded) || + memcmp(out, t->decoded, len) != 0) { + fprintf(stderr, "decode(\"%s\") = \"%.*s\", want \"%s\"\n", + t->encoded, (int)len, (const char*)out, t->decoded); + return false; + } + + // Test that the padding behavior of the deprecated API is preserved. + int ret = EVP_DecodeBlock(out, (const uint8_t*)t->encoded, + strlen(t->encoded)); + if (ret < 0) { + fprintf(stderr, "decode(\"%s\") failed\n", t->encoded); + return false; + } + if (ret % 3 != 0) { + fprintf(stderr, "EVP_DecodeBlock did not ignore padding\n"); + return false; + } + if (expected_len % 3 != 0) { + ret -= 3 - (expected_len % 3); + } + if (static_cast(ret) != strlen(t->decoded) || + memcmp(out, t->decoded, ret) != 0) { + fprintf(stderr, "decode(\"%s\") = \"%.*s\", want \"%s\"\n", + t->encoded, ret, (const char*)out, t->decoded); + return false; + } + } + + if (EVP_DecodeBase64(out, &len, sizeof(out), (const uint8_t*)"a!bc", 4)) { + fprintf(stderr, "Failed to reject invalid characters in the middle.\n"); + return false; + } + + if (EVP_DecodeBase64(out, &len, sizeof(out), (const uint8_t*)"a=bc", 4)) { + fprintf(stderr, "Failed to reject invalid characters in the middle.\n"); + return false; + } + + if (EVP_DecodeBase64(out, &len, sizeof(out), (const uint8_t*)"abc", 4)) { + fprintf(stderr, "Failed to reject invalid input length.\n"); + return false; + } + + return true; +} + +int main(void) { + CRYPTO_library_init(); + ERR_load_crypto_strings(); + + if (!TestEncode() || + !TestDecode()) { + return 1; + } + + printf("PASS\n"); + return 0; +} diff --git a/src/crypto/bio/CMakeLists.txt b/src/crypto/bio/CMakeLists.txt index 6211e85..f4122c4 100644 --- a/src/crypto/bio/CMakeLists.txt +++ b/src/crypto/bio/CMakeLists.txt @@ -6,7 +6,6 @@ add_library( OBJECT bio.c - bio_error.c bio_mem.c buffer.c connect.c @@ -22,7 +21,7 @@ add_library( add_executable( bio_test - bio_test.c + bio_test.cc ) target_link_libraries(bio_test crypto) diff --git a/src/crypto/bio/bio.c b/src/crypto/bio/bio.c index 4d947a6..48c1466 100644 --- a/src/crypto/bio/bio.c +++ b/src/crypto/bio/bio.c @@ -58,7 +58,6 @@ #include #include -#include #include #include @@ -78,17 +77,10 @@ static int bio_set(BIO *bio, const BIO_METHOD *method) { bio->shutdown = 1; bio->references = 1; - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data)) { + if (method->create != NULL && !method->create(bio)) { return 0; } - if (method->create != NULL) { - if (!method->create(bio)) { - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); - return 0; - } - } - return 1; } @@ -125,8 +117,6 @@ int BIO_free(BIO *bio) { next_bio = BIO_pop(bio); - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); - if (bio->method != NULL && bio->method->destroy != NULL) { bio->method->destroy(bio); } @@ -136,6 +126,11 @@ int BIO_free(BIO *bio) { return 1; } +BIO *BIO_up_ref(BIO *bio) { + CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO); + return bio; +} + void BIO_vfree(BIO *bio) { BIO_free(bio); } @@ -397,10 +392,6 @@ BIO *BIO_push(BIO *bio, BIO *appended_bio) { } last_bio->next_bio = appended_bio; - /* TODO(fork): this seems very suspect. If we got rid of BIO SSL, we could - * get rid of this. */ - BIO_ctrl(bio, BIO_CTRL_PUSH, 0, bio); - return bio; } @@ -411,7 +402,6 @@ BIO *BIO_pop(BIO *bio) { return NULL; } ret = bio->next_bio; - BIO_ctrl(bio, BIO_CTRL_POP, 0, bio); bio->next_bio = NULL; return ret; } @@ -462,12 +452,6 @@ int BIO_indent(BIO *bio, unsigned indent, unsigned max_indent) { return 1; } -void BIO_print_errors_fp(FILE *out) { - BIO *bio = BIO_new_fp(out, BIO_NOCLOSE); - BIO_print_errors(bio); - BIO_free(bio); -} - static int print_bio(const char *str, size_t len, void *bio) { return BIO_write((BIO *)bio, str, len); } diff --git a/src/crypto/bio/bio_error.c b/src/crypto/bio/bio_error.c deleted file mode 100644 index 09585e4..0000000 --- a/src/crypto/bio/bio_error.c +++ /dev/null @@ -1,59 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#include - -#include - -const ERR_STRING_DATA BIO_error_string_data[] = { - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_callback_ctrl, 0), "BIO_callback_ctrl"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_ctrl, 0), "BIO_ctrl"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_new, 0), "BIO_new"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_new_file, 0), "BIO_new_file"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_new_mem_buf, 0), "BIO_new_mem_buf"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_zero_copy_get_read_buf, 0), "BIO_zero_copy_get_read_buf"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_zero_copy_get_read_buf_done, 0), "BIO_zero_copy_get_read_buf_done"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_zero_copy_get_write_buf, 0), "BIO_zero_copy_get_write_buf"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_zero_copy_get_write_buf_done, 0), "BIO_zero_copy_get_write_buf_done"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_bio_ctrl, 0), "bio_ctrl"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_bio_io, 0), "bio_io"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_bio_ip_and_port_to_socket_and_addr, 0), "bio_ip_and_port_to_socket_and_addr"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_bio_make_pair, 0), "bio_make_pair"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_bio_write, 0), "bio_write"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_buffer_ctrl, 0), "buffer_ctrl"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_conn_ctrl, 0), "conn_ctrl"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_conn_state, 0), "conn_state"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_file_ctrl, 0), "file_ctrl"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_file_read, 0), "file_read"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_mem_write, 0), "mem_write"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_ASN1_OBJECT_TOO_LONG), "ASN1_OBJECT_TOO_LONG"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_BAD_FOPEN_MODE), "BAD_FOPEN_MODE"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_BROKEN_PIPE), "BROKEN_PIPE"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_CONNECT_ERROR), "CONNECT_ERROR"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_ERROR_SETTING_NBIO), "ERROR_SETTING_NBIO"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_INVALID_ARGUMENT), "INVALID_ARGUMENT"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_IN_USE), "IN_USE"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_KEEPALIVE), "KEEPALIVE"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NBIO_CONNECT_ERROR), "NBIO_CONNECT_ERROR"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_HOSTNAME_SPECIFIED), "NO_HOSTNAME_SPECIFIED"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_PORT_SPECIFIED), "NO_PORT_SPECIFIED"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_SUCH_FILE), "NO_SUCH_FILE"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NULL_PARAMETER), "NULL_PARAMETER"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_SYS_LIB), "SYS_LIB"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_CREATE_SOCKET), "UNABLE_TO_CREATE_SOCKET"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNINITIALIZED), "UNINITIALIZED"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNSUPPORTED_METHOD), "UNSUPPORTED_METHOD"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_WRITE_TO_READ_ONLY_BIO), "WRITE_TO_READ_ONLY_BIO"}, - {0, NULL}, -}; diff --git a/src/crypto/bio/bio_test.c b/src/crypto/bio/bio_test.c deleted file mode 100644 index ee11acc..0000000 --- a/src/crypto/bio/bio_test.c +++ /dev/null @@ -1,362 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#if !defined(_POSIX_C_SOURCE) -#define _POSIX_C_SOURCE 201410L -#endif - -#include - -#if !defined(OPENSSL_WINDOWS) -#include -#include -#include -#include -#include -#include -#else -#include -#pragma warning(push, 3) -#include -#include -#pragma warning(pop) -#endif - -#include -#include -#include - -#define MIN(a, b) ((a < b) ? a : b) - -#if !defined(OPENSSL_WINDOWS) -static int closesocket(int sock) { - return close(sock); -} - -static void print_socket_error(const char *func) { - perror(func); -} -#else -static void print_socket_error(const char *func) { - fprintf(stderr, "%s: %d\n", func, WSAGetLastError()); -} -#endif - -static int test_socket_connect(void) { - int listening_sock = socket(AF_INET, SOCK_STREAM, 0); - int sock; - struct sockaddr_in sin; - socklen_t sockaddr_len = sizeof(sin); - static const char kTestMessage[] = "test"; - char hostname[80], buf[5]; - BIO *bio; - - memset(&sin, 0, sizeof(sin)); - sin.sin_family = AF_INET; - if (!inet_pton(AF_INET, "127.0.0.1", &sin.sin_addr)) { - print_socket_error("inet_pton"); - return 0; - } - - if (bind(listening_sock, (struct sockaddr *)&sin, sizeof(sin)) != 0) { - print_socket_error("bind"); - return 0; - } - - if (listen(listening_sock, 1)) { - print_socket_error("listen"); - return 0; - } - - if (getsockname(listening_sock, (struct sockaddr *)&sin, &sockaddr_len) || - sockaddr_len != sizeof(sin)) { - print_socket_error("getsockname"); - return 0; - } - - BIO_snprintf(hostname, sizeof(hostname), "%s:%d", "127.0.0.1", - ntohs(sin.sin_port)); - bio = BIO_new_connect(hostname); - if (!bio) { - fprintf(stderr, "BIO_new_connect failed.\n"); - return 0; - } - - if (BIO_write(bio, kTestMessage, sizeof(kTestMessage)) != - sizeof(kTestMessage)) { - fprintf(stderr, "BIO_write failed.\n"); - BIO_print_errors_fp(stderr); - return 0; - } - - sock = accept(listening_sock, (struct sockaddr *) &sin, &sockaddr_len); - if (sock < 0) { - print_socket_error("accept"); - return 0; - } - - if (recv(sock, buf, sizeof(buf), 0) != sizeof(kTestMessage)) { - print_socket_error("read"); - return 0; - } - - if (memcmp(buf, kTestMessage, sizeof(kTestMessage))) { - return 0; - } - - closesocket(sock); - closesocket(listening_sock); - BIO_free(bio); - - return 1; -} - - -/* bio_read_zero_copy_wrapper is a wrapper around the zero-copy APIs to make - * testing easier. */ -static size_t bio_read_zero_copy_wrapper(BIO *bio, uint8_t *data, size_t len) { - uint8_t *read_buf; - size_t read_buf_offset; - size_t available_bytes; - size_t len_read = 0; - - do { - if (!BIO_zero_copy_get_read_buf(bio, &read_buf, &read_buf_offset, - &available_bytes)) { - return 0; - } - - available_bytes = MIN(available_bytes, len - len_read); - memmove(data + len_read, read_buf + read_buf_offset, available_bytes); - - BIO_zero_copy_get_read_buf_done(bio, available_bytes); - - len_read += available_bytes; - } while (len - len_read > 0 && available_bytes > 0); - - return len_read; -} - -/* bio_write_zero_copy_wrapper is a wrapper around the zero-copy APIs to make - * testing easier. */ -static size_t bio_write_zero_copy_wrapper(BIO *bio, const uint8_t *data, - size_t len) { - uint8_t *write_buf; - size_t write_buf_offset; - size_t available_bytes; - size_t len_written = 0; - - do { - if (!BIO_zero_copy_get_write_buf(bio, &write_buf, &write_buf_offset, - &available_bytes)) { - return 0; - } - - available_bytes = MIN(available_bytes, len - len_written); - memmove(write_buf + write_buf_offset, data + len_written, available_bytes); - - BIO_zero_copy_get_write_buf_done(bio, available_bytes); - - len_written += available_bytes; - } while (len - len_written > 0 && available_bytes > 0); - - return len_written; -} - -static int test_zero_copy_bio_pairs(void) { - /* Test read and write, especially triggering the ring buffer wrap-around.*/ - BIO* bio1; - BIO* bio2; - size_t i, j; - uint8_t bio1_application_send_buffer[1024]; - uint8_t bio2_application_recv_buffer[1024]; - size_t total_read = 0; - size_t total_write = 0; - uint8_t* write_buf; - size_t write_buf_offset; - size_t available_bytes; - size_t bytes_left; - - const size_t kLengths[] = {254, 255, 256, 257, 510, 511, 512, 513}; - - /* These trigger ring buffer wrap around. */ - const size_t kPartialLengths[] = {0, 1, 2, 3, 128, 255, 256, 257, 511, 512}; - - static const size_t kBufferSize = 512; - - srand(1); - for (i = 0; i < sizeof(bio1_application_send_buffer); i++) { - bio1_application_send_buffer[i] = rand() & 255; - } - - /* Transfer bytes from bio1_application_send_buffer to - * bio2_application_recv_buffer in various ways. */ - for (i = 0; i < sizeof(kLengths) / sizeof(kLengths[0]); i++) { - for (j = 0; j < sizeof(kPartialLengths) / sizeof(kPartialLengths[0]); j++) { - total_write = 0; - total_read = 0; - - BIO_new_bio_pair(&bio1, kBufferSize, &bio2, kBufferSize); - - total_write += bio_write_zero_copy_wrapper( - bio1, bio1_application_send_buffer, kLengths[i]); - - /* This tests interleaved read/write calls. Do a read between zero copy - * write calls. */ - if (!BIO_zero_copy_get_write_buf(bio1, &write_buf, &write_buf_offset, - &available_bytes)) { - return 0; - } - - /* Free kPartialLengths[j] bytes in the beginning of bio1 write buffer. - * This enables ring buffer wrap around for the next write. */ - total_read += BIO_read(bio2, bio2_application_recv_buffer + total_read, - kPartialLengths[j]); - - size_t interleaved_write_len = MIN(kPartialLengths[j], available_bytes); - - /* Write the data for the interleaved write call. If the buffer becomes - * empty after a read, the write offset is normally set to 0. Check that - * this does not happen for interleaved read/write and that - * |write_buf_offset| is still valid. */ - memcpy(write_buf + write_buf_offset, - bio1_application_send_buffer + total_write, interleaved_write_len); - if (BIO_zero_copy_get_write_buf_done(bio1, interleaved_write_len)) { - total_write += interleaved_write_len; - } - - /* Do another write in case |write_buf_offset| was wrapped */ - total_write += bio_write_zero_copy_wrapper( - bio1, bio1_application_send_buffer + total_write, - kPartialLengths[j] - interleaved_write_len); - - /* Drain the rest. */ - bytes_left = BIO_pending(bio2); - total_read += bio_read_zero_copy_wrapper( - bio2, bio2_application_recv_buffer + total_read, bytes_left); - - BIO_free(bio1); - BIO_free(bio2); - - if (total_read != total_write) { - fprintf(stderr, "Lengths not equal in round (%u, %u)\n", (unsigned)i, - (unsigned)j); - return 0; - } - if (total_read > kLengths[i] + kPartialLengths[j]) { - fprintf(stderr, "Bad lengths in round (%u, %u)\n", (unsigned)i, - (unsigned)j); - return 0; - } - if (memcmp(bio1_application_send_buffer, bio2_application_recv_buffer, - total_read) != 0) { - fprintf(stderr, "Buffers not equal in round (%u, %u)\n", (unsigned)i, - (unsigned)j); - return 0; - } - } - } - - return 1; -} - -static int test_printf(void) { - /* Test a short output, a very long one, and various sizes around - * 256 (the size of the buffer) to ensure edge cases are correct. */ - static const size_t kLengths[] = { 5, 250, 251, 252, 253, 254, 1023 }; - BIO *bio; - char string[1024]; - int ret; - const uint8_t *contents; - size_t i, len; - - bio = BIO_new(BIO_s_mem()); - if (!bio) { - fprintf(stderr, "BIO_new failed\n"); - return 0; - } - - for (i = 0; i < sizeof(kLengths) / sizeof(kLengths[0]); i++) { - if (kLengths[i] >= sizeof(string)) { - fprintf(stderr, "Bad test string length\n"); - return 0; - } - memset(string, 'a', sizeof(string)); - string[kLengths[i]] = '\0'; - - ret = BIO_printf(bio, "test %s", string); - if (ret != 5 + kLengths[i]) { - fprintf(stderr, "BIO_printf failed: %d\n", ret); - return 0; - } - if (!BIO_mem_contents(bio, &contents, &len)) { - fprintf(stderr, "BIO_mem_contents failed\n"); - return 0; - } - if (len != 5 + kLengths[i] || - strncmp((const char *)contents, "test ", 5) != 0 || - strncmp((const char *)contents + 5, string, kLengths[i]) != 0) { - fprintf(stderr, "Contents did not match: %.*s\n", (int)len, contents); - return 0; - } - - if (!BIO_reset(bio)) { - fprintf(stderr, "BIO_reset failed\n"); - return 0; - } - } - - BIO_free(bio); - return 1; -} - -int main(void) { -#if defined(OPENSSL_WINDOWS) - WSADATA wsa_data; - WORD wsa_version; - int wsa_err; -#endif - - CRYPTO_library_init(); - ERR_load_crypto_strings(); - -#if defined(OPENSSL_WINDOWS) - /* Initialize Winsock. */ - wsa_version = MAKEWORD(2, 2); - wsa_err = WSAStartup(wsa_version, &wsa_data); - if (wsa_err != 0) { - fprintf(stderr, "WSAStartup failed: %d\n", wsa_err); - return 1; - } - if (wsa_data.wVersion != wsa_version) { - fprintf(stderr, "Didn't get expected version: %x\n", wsa_data.wVersion); - return 1; - } -#endif - - if (!test_socket_connect()) { - return 1; - } - - if (!test_printf()) { - return 1; - } - - if (!test_zero_copy_bio_pairs()) { - return 1; - } - - printf("PASS\n"); - return 0; -} diff --git a/src/crypto/bio/bio_test.cc b/src/crypto/bio/bio_test.cc new file mode 100644 index 0000000..4c88df5 --- /dev/null +++ b/src/crypto/bio/bio_test.cc @@ -0,0 +1,359 @@ +/* Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#if !defined(_POSIX_C_SOURCE) +#define _POSIX_C_SOURCE 201410L +#endif + +#include + +#if !defined(OPENSSL_WINDOWS) +#include +#include +#include +#include +#include +#include +#else +#include +#pragma warning(push, 3) +#include +#include +#pragma warning(pop) +#endif + +#include +#include +#include +#include + +#include + +#include "../test/scoped_types.h" + + +#if !defined(OPENSSL_WINDOWS) +static int closesocket(int sock) { + return close(sock); +} + +static void PrintSocketError(const char *func) { + perror(func); +} +#else +static void PrintSocketError(const char *func) { + fprintf(stderr, "%s: %d\n", func, WSAGetLastError()); +} +#endif + +class ScopedSocket { + public: + ScopedSocket(int sock) : sock_(sock) {} + ~ScopedSocket() { + closesocket(sock_); + } + + private: + const int sock_; +}; + +static bool TestSocketConnect() { + static const char kTestMessage[] = "test"; + + int listening_sock = socket(AF_INET, SOCK_STREAM, 0); + if (listening_sock == -1) { + PrintSocketError("socket"); + return false; + } + ScopedSocket listening_sock_closer(listening_sock); + + struct sockaddr_in sin; + memset(&sin, 0, sizeof(sin)); + sin.sin_family = AF_INET; + if (!inet_pton(AF_INET, "127.0.0.1", &sin.sin_addr)) { + PrintSocketError("inet_pton"); + return false; + } + if (bind(listening_sock, (struct sockaddr *)&sin, sizeof(sin)) != 0) { + PrintSocketError("bind"); + return false; + } + if (listen(listening_sock, 1)) { + PrintSocketError("listen"); + return false; + } + socklen_t sockaddr_len = sizeof(sin); + if (getsockname(listening_sock, (struct sockaddr *)&sin, &sockaddr_len) || + sockaddr_len != sizeof(sin)) { + PrintSocketError("getsockname"); + return false; + } + + char hostname[80]; + BIO_snprintf(hostname, sizeof(hostname), "%s:%d", "127.0.0.1", + ntohs(sin.sin_port)); + ScopedBIO bio(BIO_new_connect(hostname)); + if (!bio) { + fprintf(stderr, "BIO_new_connect failed.\n"); + return false; + } + + if (BIO_write(bio.get(), kTestMessage, sizeof(kTestMessage)) != + sizeof(kTestMessage)) { + fprintf(stderr, "BIO_write failed.\n"); + ERR_print_errors_fp(stderr); + return false; + } + + int sock = accept(listening_sock, (struct sockaddr *) &sin, &sockaddr_len); + if (sock == -1) { + PrintSocketError("accept"); + return false; + } + ScopedSocket sock_closer(sock); + + char buf[5]; + if (recv(sock, buf, sizeof(buf), 0) != sizeof(kTestMessage)) { + PrintSocketError("read"); + return false; + } + if (memcmp(buf, kTestMessage, sizeof(kTestMessage))) { + return false; + } + + return true; +} + + +// BioReadZeroCopyWrapper is a wrapper around the zero-copy APIs to make +// testing easier. +static size_t BioReadZeroCopyWrapper(BIO *bio, uint8_t *data, size_t len) { + uint8_t *read_buf; + size_t read_buf_offset; + size_t available_bytes; + size_t len_read = 0; + + do { + if (!BIO_zero_copy_get_read_buf(bio, &read_buf, &read_buf_offset, + &available_bytes)) { + return 0; + } + + available_bytes = std::min(available_bytes, len - len_read); + memmove(data + len_read, read_buf + read_buf_offset, available_bytes); + + BIO_zero_copy_get_read_buf_done(bio, available_bytes); + + len_read += available_bytes; + } while (len - len_read > 0 && available_bytes > 0); + + return len_read; +} + +// BioWriteZeroCopyWrapper is a wrapper around the zero-copy APIs to make +// testing easier. +static size_t BioWriteZeroCopyWrapper(BIO *bio, const uint8_t *data, + size_t len) { + uint8_t *write_buf; + size_t write_buf_offset; + size_t available_bytes; + size_t len_written = 0; + + do { + if (!BIO_zero_copy_get_write_buf(bio, &write_buf, &write_buf_offset, + &available_bytes)) { + return 0; + } + + available_bytes = std::min(available_bytes, len - len_written); + memmove(write_buf + write_buf_offset, data + len_written, available_bytes); + + BIO_zero_copy_get_write_buf_done(bio, available_bytes); + + len_written += available_bytes; + } while (len - len_written > 0 && available_bytes > 0); + + return len_written; +} + +static bool TestZeroCopyBioPairs() { + // Test read and write, especially triggering the ring buffer wrap-around. + uint8_t bio1_application_send_buffer[1024]; + uint8_t bio2_application_recv_buffer[1024]; + + const size_t kLengths[] = {254, 255, 256, 257, 510, 511, 512, 513}; + + // These trigger ring buffer wrap around. + const size_t kPartialLengths[] = {0, 1, 2, 3, 128, 255, 256, 257, 511, 512}; + + static const size_t kBufferSize = 512; + + srand(1); + for (size_t i = 0; i < sizeof(bio1_application_send_buffer); i++) { + bio1_application_send_buffer[i] = rand() & 255; + } + + // Transfer bytes from bio1_application_send_buffer to + // bio2_application_recv_buffer in various ways. + for (size_t i = 0; i < sizeof(kLengths) / sizeof(kLengths[0]); i++) { + for (size_t j = 0; j < sizeof(kPartialLengths) / sizeof(kPartialLengths[0]); + j++) { + size_t total_write = 0; + size_t total_read = 0; + + BIO *bio1, *bio2; + if (!BIO_new_bio_pair(&bio1, kBufferSize, &bio2, kBufferSize)) { + return false; + } + ScopedBIO bio1_scoper(bio1); + ScopedBIO bio2_scoper(bio2); + + total_write += BioWriteZeroCopyWrapper( + bio1, bio1_application_send_buffer, kLengths[i]); + + // This tests interleaved read/write calls. Do a read between zero copy + // write calls. + uint8_t *write_buf; + size_t write_buf_offset; + size_t available_bytes; + if (!BIO_zero_copy_get_write_buf(bio1, &write_buf, &write_buf_offset, + &available_bytes)) { + return false; + } + + // Free kPartialLengths[j] bytes in the beginning of bio1 write buffer. + // This enables ring buffer wrap around for the next write. + total_read += BIO_read(bio2, bio2_application_recv_buffer + total_read, + kPartialLengths[j]); + + size_t interleaved_write_len = std::min(kPartialLengths[j], + available_bytes); + + // Write the data for the interleaved write call. If the buffer becomes + // empty after a read, the write offset is normally set to 0. Check that + // this does not happen for interleaved read/write and that + // |write_buf_offset| is still valid. + memcpy(write_buf + write_buf_offset, + bio1_application_send_buffer + total_write, interleaved_write_len); + if (BIO_zero_copy_get_write_buf_done(bio1, interleaved_write_len)) { + total_write += interleaved_write_len; + } + + // Do another write in case |write_buf_offset| was wrapped. + total_write += BioWriteZeroCopyWrapper( + bio1, bio1_application_send_buffer + total_write, + kPartialLengths[j] - interleaved_write_len); + + // Drain the rest. + size_t bytes_left = BIO_pending(bio2); + total_read += BioReadZeroCopyWrapper( + bio2, bio2_application_recv_buffer + total_read, bytes_left); + + if (total_read != total_write) { + fprintf(stderr, "Lengths not equal in round (%u, %u)\n", (unsigned)i, + (unsigned)j); + return false; + } + if (total_read > kLengths[i] + kPartialLengths[j]) { + fprintf(stderr, "Bad lengths in round (%u, %u)\n", (unsigned)i, + (unsigned)j); + return false; + } + if (memcmp(bio1_application_send_buffer, bio2_application_recv_buffer, + total_read) != 0) { + fprintf(stderr, "Buffers not equal in round (%u, %u)\n", (unsigned)i, + (unsigned)j); + return false; + } + } + } + + return true; +} + +static bool TestPrintf() { + // Test a short output, a very long one, and various sizes around + // 256 (the size of the buffer) to ensure edge cases are correct. + static const size_t kLengths[] = { 5, 250, 251, 252, 253, 254, 1023 }; + + ScopedBIO bio(BIO_new(BIO_s_mem())); + if (!bio) { + fprintf(stderr, "BIO_new failed\n"); + return false; + } + + for (size_t i = 0; i < sizeof(kLengths) / sizeof(kLengths[0]); i++) { + char string[1024]; + if (kLengths[i] >= sizeof(string)) { + fprintf(stderr, "Bad test string length\n"); + return false; + } + memset(string, 'a', sizeof(string)); + string[kLengths[i]] = '\0'; + + int ret = BIO_printf(bio.get(), "test %s", string); + if (ret < 0 || static_cast(ret) != 5 + kLengths[i]) { + fprintf(stderr, "BIO_printf failed: %d\n", ret); + return false; + } + const uint8_t *contents; + size_t len; + if (!BIO_mem_contents(bio.get(), &contents, &len)) { + fprintf(stderr, "BIO_mem_contents failed\n"); + return false; + } + if (len != 5 + kLengths[i] || + strncmp((const char *)contents, "test ", 5) != 0 || + strncmp((const char *)contents + 5, string, kLengths[i]) != 0) { + fprintf(stderr, "Contents did not match: %.*s\n", (int)len, contents); + return false; + } + + if (!BIO_reset(bio.get())) { + fprintf(stderr, "BIO_reset failed\n"); + return false; + } + } + + return true; +} + +int main(void) { + CRYPTO_library_init(); + ERR_load_crypto_strings(); + +#if defined(OPENSSL_WINDOWS) + // Initialize Winsock. + WORD wsa_version = MAKEWORD(2, 2); + WSADATA wsa_data; + int wsa_err = WSAStartup(wsa_version, &wsa_data); + if (wsa_err != 0) { + fprintf(stderr, "WSAStartup failed: %d\n", wsa_err); + return 1; + } + if (wsa_data.wVersion != wsa_version) { + fprintf(stderr, "Didn't get expected version: %x\n", wsa_data.wVersion); + return 1; + } +#endif + + if (!TestSocketConnect() || + !TestPrintf() || + !TestZeroCopyBioPairs()) { + return 1; + } + + printf("PASS\n"); + return 0; +} diff --git a/src/crypto/bio/buffer.c b/src/crypto/bio/buffer.c index 5e423a1..3fc0685 100644 --- a/src/crypto/bio/buffer.c +++ b/src/crypto/bio/buffer.c @@ -122,17 +122,13 @@ err1: static int buffer_free(BIO *bio) { BIO_F_BUFFER_CTX *ctx; - if (bio == NULL) { + if (bio == NULL || bio->ptr == NULL) { return 0; } ctx = (BIO_F_BUFFER_CTX *)bio->ptr; - if (ctx->ibuf != NULL) { - OPENSSL_free(ctx->ibuf); - } - if (ctx->obuf != NULL) { - OPENSSL_free(ctx->obuf); - } + OPENSSL_free(ctx->ibuf); + OPENSSL_free(ctx->obuf); OPENSSL_free(bio->ptr); bio->ptr = NULL; @@ -315,8 +311,9 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr) { case BIO_CTRL_WPENDING: ret = (long)ctx->obuf_len; if (ret == 0) { - if (b->next_bio == NULL) + if (b->next_bio == NULL) { return 0; + } ret = BIO_ctrl(b->next_bio, cmd, num, ptr); } break; diff --git a/src/crypto/bio/connect.c b/src/crypto/bio/connect.c index cbb1bb6..32361bf 100644 --- a/src/crypto/bio/connect.c +++ b/src/crypto/bio/connect.c @@ -161,9 +161,7 @@ static int conn_state(BIO *bio, BIO_CONNECT *c) { break; } } - if (c->param_port != NULL) { - OPENSSL_free(c->param_port); - } + OPENSSL_free(c->param_port); c->param_port = BUF_strdup(p); } } @@ -286,12 +284,8 @@ static void BIO_CONNECT_free(BIO_CONNECT *c) { return; } - if (c->param_hostname != NULL) { - OPENSSL_free(c->param_hostname); - } - if (c->param_port != NULL) { - OPENSSL_free(c->param_port); - } + OPENSSL_free(c->param_hostname); + OPENSSL_free(c->param_port); OPENSSL_free(c); } @@ -397,10 +391,11 @@ static long conn_ctrl(BIO *bio, int cmd, long num, void *ptr) { break; case BIO_C_DO_STATE_MACHINE: /* use this one to start the connection */ - if (data->state != BIO_CONN_S_OK) + if (data->state != BIO_CONN_S_OK) { ret = (long)conn_state(bio, data); - else + } else { ret = 1; + } break; case BIO_C_GET_CONNECT: /* TODO(fork): can this be removed? (Or maybe this whole file). */ @@ -425,15 +420,17 @@ static long conn_ctrl(BIO *bio, int cmd, long num, void *ptr) { if (ptr != NULL) { bio->init = 1; if (num == 0) { - if (data->param_hostname != NULL) { - OPENSSL_free(data->param_hostname); - } + OPENSSL_free(data->param_hostname); data->param_hostname = BUF_strdup(ptr); - } else if (num == 1) { - if (data->param_port != NULL) { - OPENSSL_free(data->param_port); + if (data->param_hostname == NULL) { + ret = 0; } + } else if (num == 1) { + OPENSSL_free(data->param_port); data->param_port = BUF_strdup(ptr); + if (data->param_port == NULL) { + ret = 0; + } } else { ret = 0; } diff --git a/src/crypto/bio/pair.c b/src/crypto/bio/pair.c index de2b4cb..cc55950 100644 --- a/src/crypto/bio/pair.c +++ b/src/crypto/bio/pair.c @@ -145,7 +145,7 @@ static int bio_free(BIO *bio) { bio_destroy_pair(bio); } - if (b->buf != NULL && !b->buf_externally_allocated) { + if (!b->buf_externally_allocated) { OPENSSL_free(b->buf); } @@ -793,14 +793,10 @@ int BIO_new_bio_pair_external_buf(BIO** bio1_p, size_t writebuf1_len, err: if (ret == 0) { - if (bio1) { - BIO_free(bio1); - bio1 = NULL; - } - if (bio2) { - BIO_free(bio2); - bio2 = NULL; - } + BIO_free(bio1); + bio1 = NULL; + BIO_free(bio2); + bio2 = NULL; } *bio1_p = bio1; diff --git a/src/crypto/bio/socket.c b/src/crypto/bio/socket.c index e86befe..98f32a6 100644 --- a/src/crypto/bio/socket.c +++ b/src/crypto/bio/socket.c @@ -66,6 +66,8 @@ #pragma warning(push, 3) #include #pragma warning(pop) + +#pragma comment(lib, "Ws2_32.lib") #endif #include "internal.h" @@ -150,11 +152,13 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr) { case BIO_C_GET_FD: if (b->init) { ip = (int *)ptr; - if (ip != NULL) + if (ip != NULL) { *ip = b->num; + } ret = b->num; - } else + } else { ret = -1; + } break; case BIO_CTRL_GET_CLOSE: ret = b->shutdown; diff --git a/src/crypto/bn/CMakeLists.txt b/src/crypto/bn/CMakeLists.txt index 600be4d..25663af 100644 --- a/src/crypto/bn/CMakeLists.txt +++ b/src/crypto/bn/CMakeLists.txt @@ -37,7 +37,6 @@ add_library( OBJECT - bn_error.c add.c bn.c cmp.c @@ -70,7 +69,7 @@ perlasm(armv4-mont.${ASM_EXT} asm/armv4-mont.pl) add_executable( bn_test - bn_test.c + bn_test.cc ) target_link_libraries(bn_test crypto) diff --git a/src/crypto/bn/asm/armv4-mont.pl b/src/crypto/bn/asm/armv4-mont.pl index 5cc1328..0f1b6a9 100644 --- a/src/crypto/bn/asm/armv4-mont.pl +++ b/src/crypto/bn/asm/armv4-mont.pl @@ -38,8 +38,20 @@ # for execution on all NEON-capable processors, because gain on # others outweighs the marginal loss on Cortex-A9. -while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} -open STDOUT,">$output"; +$flavour = shift; +if ($flavour=~/^\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; } +else { while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} } + +if ($flavour && $flavour ne "void") { + $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; + ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or + ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or + die "can't locate arm-xlate.pl"; + + open STDOUT,"| \"$^X\" $xlate $flavour $output"; +} else { + open STDOUT,">$output"; +} $num="r0"; # starts as num argument, but holds &tp[num-1] $ap="r1"; @@ -72,10 +84,10 @@ $code=<<___; .text .code 32 -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 .align 5 .LOPENSSL_armcap: -.word OPENSSL_armcap_P-bn_mul_mont +.word OPENSSL_armcap_P-.Lbn_mul_mont #endif .global bn_mul_mont @@ -84,14 +96,18 @@ $code=<<___; .align 5 bn_mul_mont: +.Lbn_mul_mont: ldr ip,[sp,#4] @ load num stmdb sp!,{r0,r2} @ sp points at argument block -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 tst ip,#7 bne .Lialu adr r0,bn_mul_mont ldr r2,.LOPENSSL_armcap ldr r0,[r0,r2] +#ifdef __APPLE__ + ldr r0,[r0] +#endif tst r0,#1 @ NEON available? ldmia sp, {r0,r2} beq .Lialu @@ -231,9 +247,14 @@ bn_mul_mont: ldmia sp!,{r4-r12,lr} @ restore registers add sp,sp,#2*4 @ skip over {r0,r2} mov r0,#1 -.Labrt: tst lr,#1 +.Labrt: +#if __ARM_ARCH__>=5 + ret @ bx lr +#else + tst lr,#1 moveq pc,lr @ be binary compatible with V4, yet bx lr @ interoperable with Thumb ISA:-) +#endif .size bn_mul_mont,.-bn_mul_mont ___ { @@ -252,7 +273,8 @@ my ($rptr,$aptr,$bptr,$nptr,$n0,$num)=map("r$_",(0..5)); my ($tinptr,$toutptr,$inner,$outer)=map("r$_",(6..9)); $code.=<<___; -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 +.arch armv7-a .fpu neon .type bn_mul8x_mont_neon,%function @@ -651,7 +673,7 @@ bn_mul8x_mont_neon: sub sp,ip,#96 vldmia sp!,{d8-d15} ldmia sp!,{r4-r11} - bx lr + ret @ bx lr .size bn_mul8x_mont_neon,.-bn_mul8x_mont_neon #endif ___ @@ -659,12 +681,14 @@ ___ $code.=<<___; .asciz "Montgomery multiplication for ARMv4/NEON, CRYPTOGAMS by " .align 2 -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 .comm OPENSSL_armcap_P,4,4 +.hidden OPENSSL_armcap_P #endif ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; $code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm; # make it possible to compile with -march=armv4 +$code =~ s/\bret\b/bx lr/gm; print $code; close STDOUT; diff --git a/src/crypto/bn/asm/x86_64-gcc.c b/src/crypto/bn/asm/x86_64-gcc.c index c05e433..ac63934 100644 --- a/src/crypto/bn/asm/x86_64-gcc.c +++ b/src/crypto/bn/asm/x86_64-gcc.c @@ -1,6 +1,6 @@ #include -#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && !defined(OPENSSL_WINDOWS) +#if defined(OPENSSL_X86_64) && !defined(OPENSSL_WINDOWS) #include "../internal.h" @@ -100,8 +100,9 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) { BN_ULONG c1 = 0; - if (num <= 0) + if (num <= 0) { return (c1); + } while (num & ~3) { mul_add(rp[0], ap[0], w, c1); @@ -114,23 +115,26 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, } if (num) { mul_add(rp[0], ap[0], w, c1); - if (--num == 0) + if (--num == 0) { return c1; + } mul_add(rp[1], ap[1], w, c1); - if (--num == 0) + if (--num == 0) { return c1; + } mul_add(rp[2], ap[2], w, c1); return c1; } - return (c1); + return c1; } BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) { BN_ULONG c1 = 0; - if (num <= 0) - return (c1); + if (num <= 0) { + return c1; + } while (num & ~3) { mul(rp[0], ap[0], w, c1); @@ -143,19 +147,22 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) { } if (num) { mul(rp[0], ap[0], w, c1); - if (--num == 0) + if (--num == 0) { return c1; + } mul(rp[1], ap[1], w, c1); - if (--num == 0) + if (--num == 0) { return c1; + } mul(rp[2], ap[2], w, c1); } - return (c1); + return c1; } void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) { - if (n <= 0) + if (n <= 0) { return; + } while (n & ~3) { sqr(r[0], r[1], a[0]); @@ -168,11 +175,13 @@ void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) { } if (n) { sqr(r[0], r[1], a[0]); - if (--n == 0) + if (--n == 0) { return; + } sqr(r[2], r[3], a[1]); - if (--n == 0) + if (--n == 0) { return; + } sqr(r[4], r[5], a[2]); } } @@ -190,8 +199,9 @@ BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, BN_ULONG ret; size_t i = 0; - if (n <= 0) + if (n <= 0) { return 0; + } asm volatile ( " subq %0,%0 \n" /* clear carry */ @@ -216,8 +226,9 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, BN_ULONG ret; size_t i = 0; - if (n <= 0) + if (n <= 0) { return 0; + } asm volatile ( " subq %0,%0 \n" /* clear borrow */ @@ -242,47 +253,56 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) { BN_ULONG t1, t2; int c = 0; - if (n <= 0) - return ((BN_ULONG)0); + if (n <= 0) { + return (BN_ULONG)0; + } for (;;) { t1 = a[0]; t2 = b[0]; r[0] = (t1 - t2 - c) & BN_MASK2; - if (t1 != t2) + if (t1 != t2) { c = (t1 < t2); - if (--n <= 0) + } + if (--n <= 0) { break; + } t1 = a[1]; t2 = b[1]; r[1] = (t1 - t2 - c) & BN_MASK2; - if (t1 != t2) + if (t1 != t2) { c = (t1 < t2); - if (--n <= 0) + } + if (--n <= 0) { break; + } t1 = a[2]; t2 = b[2]; r[2] = (t1 - t2 - c) & BN_MASK2; - if (t1 != t2) + if (t1 != t2) { c = (t1 < t2); - if (--n <= 0) + } + if (--n <= 0) { break; + } t1 = a[3]; t2 = b[3]; r[3] = (t1 - t2 - c) & BN_MASK2; - if (t1 != t2) + if (t1 != t2) { c = (t1 < t2); - if (--n <= 0) + } + if (--n <= 0) { break; + } a += 4; b += 4; r += 4; } - return (c); + return c; } #endif @@ -576,4 +596,4 @@ void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a) { r[7] = c2; } -#endif /* !NO_ASM && X86_64 && !WINDOWS */ +#endif /* defined(OPENSSL_X86_64) && !defined(OPENSSL_WINDOWS) */ diff --git a/src/crypto/bn/bn.c b/src/crypto/bn/bn.c index 368c4f1..f32d6b0 100644 --- a/src/crypto/bn/bn.c +++ b/src/crypto/bn/bn.c @@ -88,7 +88,7 @@ void BN_free(BIGNUM *bn) { return; } - if (bn->d != NULL && (bn->flags & BN_FLG_STATIC_DATA) == 0) { + if ((bn->flags & BN_FLG_STATIC_DATA) == 0) { OPENSSL_free(bn->d); } @@ -200,13 +200,15 @@ unsigned BN_num_bits_word(BN_ULONG l) { if (l & 0xffff000000000000L) { if (l & 0xff00000000000000L) { return (bits[(int)(l >> 56)] + 56); - } else + } else { return (bits[(int)(l >> 48)] + 48); + } } else { if (l & 0x0000ff0000000000L) { return (bits[(int)(l >> 40)] + 40); - } else + } else { return (bits[(int)(l >> 32)] + 32); + } } } else #endif @@ -302,9 +304,7 @@ BIGNUM *bn_wexpand(BIGNUM *bn, unsigned words) { memcpy(a, bn->d, sizeof(BN_ULONG) * bn->top); - if (bn->d) { - OPENSSL_free(bn->d); - } + OPENSSL_free(bn->d); bn->d = a; bn->dmax = words; diff --git a/src/crypto/bn/bn_error.c b/src/crypto/bn/bn_error.c deleted file mode 100644 index b522c2a..0000000 --- a/src/crypto/bn/bn_error.c +++ /dev/null @@ -1,63 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#include - -#include - -const ERR_STRING_DATA BN_error_string_data[] = { - {ERR_PACK(ERR_LIB_BN, BN_F_BN_CTX_get, 0), "BN_CTX_get"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_CTX_new, 0), "BN_CTX_new"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_CTX_start, 0), "BN_CTX_start"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_bn2dec, 0), "BN_bn2dec"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_bn2hex, 0), "BN_bn2hex"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_div, 0), "BN_div"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_div_recp, 0), "BN_div_recp"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_exp, 0), "BN_exp"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_generate_dsa_nonce, 0), "BN_generate_dsa_nonce"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_generate_prime_ex, 0), "BN_generate_prime_ex"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_mod_exp2_mont, 0), "BN_mod_exp2_mont"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_mod_exp_mont, 0), "BN_mod_exp_mont"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_mod_exp_mont_consttime, 0), "BN_mod_exp_mont_consttime"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_mod_exp_mont_word, 0), "BN_mod_exp_mont_word"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_mod_inverse, 0), "BN_mod_inverse"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_mod_inverse_no_branch, 0), "BN_mod_inverse_no_branch"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_mod_lshift_quick, 0), "BN_mod_lshift_quick"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_mod_sqrt, 0), "BN_mod_sqrt"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_new, 0), "BN_new"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_rand, 0), "BN_rand"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_rand_range, 0), "BN_rand_range"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_sqrt, 0), "BN_sqrt"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_usub, 0), "BN_usub"}, - {ERR_PACK(ERR_LIB_BN, BN_F_bn_wexpand, 0), "bn_wexpand"}, - {ERR_PACK(ERR_LIB_BN, BN_F_mod_exp_recp, 0), "mod_exp_recp"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_ARG2_LT_ARG3), "ARG2_LT_ARG3"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_BAD_RECIPROCAL), "BAD_RECIPROCAL"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_BIGNUM_TOO_LONG), "BIGNUM_TOO_LONG"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_BITS_TOO_SMALL), "BITS_TOO_SMALL"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_CALLED_WITH_EVEN_MODULUS), "CALLED_WITH_EVEN_MODULUS"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_DIV_BY_ZERO), "DIV_BY_ZERO"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA), "EXPAND_ON_STATIC_BIGNUM_DATA"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_INPUT_NOT_REDUCED), "INPUT_NOT_REDUCED"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_INVALID_RANGE), "INVALID_RANGE"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_NEGATIVE_NUMBER), "NEGATIVE_NUMBER"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_NOT_A_SQUARE), "NOT_A_SQUARE"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_NOT_INITIALIZED), "NOT_INITIALIZED"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_INVERSE), "NO_INVERSE"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_PRIVATE_KEY_TOO_LARGE), "PRIVATE_KEY_TOO_LARGE"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_P_IS_NOT_PRIME), "P_IS_NOT_PRIME"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_TOO_MANY_ITERATIONS), "TOO_MANY_ITERATIONS"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_TOO_MANY_TEMPORARY_VARIABLES), "TOO_MANY_TEMPORARY_VARIABLES"}, - {0, NULL}, -}; diff --git a/src/crypto/bn/bn_test.c b/src/crypto/bn/bn_test.c deleted file mode 100644 index e342ed8..0000000 --- a/src/crypto/bn/bn_test.c +++ /dev/null @@ -1,1471 +0,0 @@ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * Portions of the attached software ("Contribution") are developed by - * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. - * - * The Contribution is licensed pursuant to the Eric Young open source - * license provided above. - * - * The binary polynomial arithmetic software is originally written by - * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems - * Laboratories. */ - -#include -#include - -#include -#include -#include -#include -#include - -#include "internal.h" - - -static const int num0 = 100; /* number of tests */ -static const int num1 = 50; /* additional tests for some functions */ -static const int num2 = 5; /* number of tests for slow functions */ - -int test_add(BIO *bp); -int test_sub(BIO *bp); -int test_lshift1(BIO *bp); -int test_lshift(BIO *bp, BN_CTX *ctx, BIGNUM *a_); -int test_rshift1(BIO *bp); -int test_rshift(BIO *bp, BN_CTX *ctx); -int test_sqr(BIO *bp, BN_CTX *ctx); -int test_mul(BIO *bp); -int test_div(BIO *bp, BN_CTX *ctx); -int rand_neg(void); - -int test_div_word(BIO *bp); -int test_mont(BIO *bp, BN_CTX *ctx); -int test_mod(BIO *bp, BN_CTX *ctx); -int test_mod_mul(BIO *bp, BN_CTX *ctx); -int test_mod_exp(BIO *bp, BN_CTX *ctx); -int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx); -int test_exp(BIO *bp, BN_CTX *ctx); -int test_mod_sqrt(BIO *bp, BN_CTX *ctx); -static int test_exp_mod_zero(void); -int test_small_prime(BIO *bp,BN_CTX *ctx); -int test_mod_exp_mont5(BIO *bp, BN_CTX *ctx); -int test_sqrt(BIO *bp, BN_CTX *ctx); -int test_bn2bin_padded(BIO *bp, BN_CTX *ctx); -#if 0 -int test_gf2m_add(BIO *bp); -int test_gf2m_mod(BIO *bp); -int test_gf2m_mod_mul(BIO *bp, BN_CTX *ctx); -int test_gf2m_mod_sqr(BIO *bp, BN_CTX *ctx); -int test_gf2m_mod_inv(BIO *bp, BN_CTX *ctx); -int test_gf2m_mod_div(BIO *bp, BN_CTX *ctx); -int test_gf2m_mod_exp(BIO *bp, BN_CTX *ctx); -int test_gf2m_mod_sqrt(BIO *bp, BN_CTX *ctx); -int test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx); -#endif -static int results = 0; - -static unsigned char lst[] = - "\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9" - "\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0"; - -static void ERR_print_errors_fp(FILE *out) { -} - -static void message(BIO *out, char *m) { - BIO_puts(out, "print \"test "); - BIO_puts(out, m); - BIO_puts(out, "\\n\"\n"); -} - -int main(int argc, char *argv[]) { - BN_CTX *ctx; - BIO *out = NULL; - char *outfile = NULL; - - CRYPTO_library_init(); - - results = 0; - - argc--; - argv++; - while (argc >= 1) { - if (strcmp(*argv, "-results") == 0) - results = 1; - else if (strcmp(*argv, "-out") == 0) { - if (--argc < 1) - break; - outfile = *(++argv); - } - argc--; - argv++; - } - - - ctx = BN_CTX_new(); - if (ctx == NULL) - return 1; - - out = BIO_new(BIO_s_file()); - if (out == NULL) { - return 1; - } - - if (outfile == NULL) { - BIO_set_fp(out, stdout, BIO_NOCLOSE); - } else { - if (!BIO_write_filename(out, outfile)) { - perror(outfile); - return 1; - } - } - - if (!results) - BIO_puts(out, "obase=16\nibase=16\n"); - - message(out, "BN_add"); - if (!test_add(out)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_sub"); - if (!test_sub(out)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_lshift1"); - if (!test_lshift1(out)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_lshift (fixed)"); - if (!test_lshift(out, ctx, BN_bin2bn(lst, sizeof(lst) - 1, NULL))) - goto err; - (void)BIO_flush(out); - - message(out, "BN_lshift"); - if (!test_lshift(out, ctx, NULL)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_rshift1"); - if (!test_rshift1(out)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_rshift"); - if (!test_rshift(out, ctx)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_sqr"); - if (!test_sqr(out, ctx)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_mul"); - if (!test_mul(out)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_div"); - if (!test_div(out, ctx)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_div_word"); - if (!test_div_word(out)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_mod"); - if (!test_mod(out, ctx)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_mod_mul"); - if (!test_mod_mul(out, ctx)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_mont"); - if (!test_mont(out, ctx)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_mod_exp"); - if (!test_mod_exp(out, ctx)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_mod_exp_mont_consttime"); - if (!test_mod_exp_mont_consttime(out, ctx) || - !test_mod_exp_mont5(out, ctx)) { - goto err; - } - (void)BIO_flush(out); - - message(out, "BN_exp"); - if (!test_exp(out, ctx) || - !test_exp_mod_zero()) { - goto err; - } - (void)BIO_flush(out); - - message(out, "BN_mod_sqrt"); - if (!test_mod_sqrt(out, ctx)) - goto err; - (void)BIO_flush(out); - - message(out, "Small prime generation"); - if (!test_small_prime(out, ctx)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_sqrt"); - if (!test_sqrt(out, ctx)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_bn2bin_padded"); - if (!test_bn2bin_padded(out, ctx)) - goto err; - (void)BIO_flush(out); - - BN_CTX_free(ctx); - BIO_free(out); - - printf("PASS\n"); - return 0; - -err: - BIO_puts(out, "1\n"); /* make sure the Perl script fed by bc notices - * the failure, see test_bn in test/Makefile.ssl*/ - (void)BIO_flush(out); - - return 1; -} - -int test_add(BIO *bp) { - BIGNUM a, b, c; - int i; - - BN_init(&a); - BN_init(&b); - BN_init(&c); - - BN_rand(&a, 512, 0, 0); - for (i = 0; i < num0; i++) { - BN_rand(&b, 450 + i, 0, 0); - a.neg = rand_neg(); - b.neg = rand_neg(); - BN_add(&c, &a, &b); - if (bp != NULL) { - if (!results) { - BN_print(bp, &a); - BIO_puts(bp, " + "); - BN_print(bp, &b); - BIO_puts(bp, " - "); - } - BN_print(bp, &c); - BIO_puts(bp, "\n"); - } - a.neg = !a.neg; - b.neg = !b.neg; - BN_add(&c, &c, &b); - BN_add(&c, &c, &a); - if (!BN_is_zero(&c)) { - fprintf(stderr, "Add test failed!\n"); - return 0; - } - } - BN_free(&a); - BN_free(&b); - BN_free(&c); - return (1); -} - -int test_sub(BIO *bp) { - BIGNUM a, b, c; - int i; - - BN_init(&a); - BN_init(&b); - BN_init(&c); - - for (i = 0; i < num0 + num1; i++) { - if (i < num1) { - BN_rand(&a, 512, 0, 0); - BN_copy(&b, &a); - if (BN_set_bit(&a, i) == 0) - return (0); - BN_add_word(&b, i); - } else { - BN_rand(&b, 400 + i - num1, 0, 0); - a.neg = rand_neg(); - b.neg = rand_neg(); - } - BN_sub(&c, &a, &b); - if (bp != NULL) { - if (!results) { - BN_print(bp, &a); - BIO_puts(bp, " - "); - BN_print(bp, &b); - BIO_puts(bp, " - "); - } - BN_print(bp, &c); - BIO_puts(bp, "\n"); - } - BN_add(&c, &c, &b); - BN_sub(&c, &c, &a); - if (!BN_is_zero(&c)) { - fprintf(stderr, "Subtract test failed!\n"); - return 0; - } - } - BN_free(&a); - BN_free(&b); - BN_free(&c); - return (1); -} - -int test_div(BIO *bp, BN_CTX *ctx) { - BIGNUM a, b, c, d, e; - int i; - - BN_init(&a); - BN_init(&b); - BN_init(&c); - BN_init(&d); - BN_init(&e); - - for (i = 0; i < num0 + num1; i++) { - if (i < num1) { - BN_rand(&a, 400, 0, 0); - BN_copy(&b, &a); - BN_lshift(&a, &a, i); - BN_add_word(&a, i); - } else - BN_rand(&b, 50 + 3 * (i - num1), 0, 0); - a.neg = rand_neg(); - b.neg = rand_neg(); - BN_div(&d, &c, &a, &b, ctx); - if (bp != NULL) { - if (!results) { - BN_print(bp, &a); - BIO_puts(bp, " / "); - BN_print(bp, &b); - BIO_puts(bp, " - "); - } - BN_print(bp, &d); - BIO_puts(bp, "\n"); - - if (!results) { - BN_print(bp, &a); - BIO_puts(bp, " % "); - BN_print(bp, &b); - BIO_puts(bp, " - "); - } - BN_print(bp, &c); - BIO_puts(bp, "\n"); - } - BN_mul(&e, &d, &b, ctx); - BN_add(&d, &e, &c); - BN_sub(&d, &d, &a); - if (!BN_is_zero(&d)) { - fprintf(stderr, "Division test failed!\n"); - return 0; - } - } - BN_free(&a); - BN_free(&b); - BN_free(&c); - BN_free(&d); - BN_free(&e); - return (1); -} - -int test_lshift1(BIO *bp) { - BIGNUM *a, *b, *c; - int i; - - a = BN_new(); - b = BN_new(); - c = BN_new(); - - BN_rand(a, 200, 0, 0); /**/ - a->neg = rand_neg(); - for (i = 0; i < num0; i++) { - BN_lshift1(b, a); - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " * 2"); - BIO_puts(bp, " - "); - } - BN_print(bp, b); - BIO_puts(bp, "\n"); - } - BN_add(c, a, a); - BN_sub(a, b, c); - if (!BN_is_zero(a)) { - fprintf(stderr, "Left shift one test failed!\n"); - return 0; - } - - BN_copy(a, b); - } - BN_free(a); - BN_free(b); - BN_free(c); - return (1); -} - -int test_rshift(BIO *bp, BN_CTX *ctx) { - BIGNUM *a, *b, *c, *d, *e; - int i; - - a = BN_new(); - b = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); - BN_one(c); - - BN_rand(a, 200, 0, 0); /**/ - a->neg = rand_neg(); - for (i = 0; i < num0; i++) { - BN_rshift(b, a, i + 1); - BN_add(c, c, c); - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " / "); - BN_print(bp, c); - BIO_puts(bp, " - "); - } - BN_print(bp, b); - BIO_puts(bp, "\n"); - } - BN_div(d, e, a, c, ctx); - BN_sub(d, d, b); - if (!BN_is_zero(d)) { - fprintf(stderr, "Right shift test failed!\n"); - return 0; - } - } - BN_free(a); - BN_free(b); - BN_free(c); - BN_free(d); - BN_free(e); - return (1); -} - -int test_rshift1(BIO *bp) { - BIGNUM *a, *b, *c; - int i; - - a = BN_new(); - b = BN_new(); - c = BN_new(); - - BN_rand(a, 200, 0, 0); /**/ - a->neg = rand_neg(); - for (i = 0; i < num0; i++) { - BN_rshift1(b, a); - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " / 2"); - BIO_puts(bp, " - "); - } - BN_print(bp, b); - BIO_puts(bp, "\n"); - } - BN_sub(c, a, b); - BN_sub(c, c, b); - if (!BN_is_zero(c) && !BN_abs_is_word(c, 1)) { - fprintf(stderr, "Right shift one test failed!\n"); - return 0; - } - BN_copy(a, b); - } - BN_free(a); - BN_free(b); - BN_free(c); - return (1); -} - -int test_lshift(BIO *bp, BN_CTX *ctx, BIGNUM *a_) { - BIGNUM *a, *b, *c, *d; - int i; - - b = BN_new(); - c = BN_new(); - d = BN_new(); - BN_one(c); - - if (a_) - a = a_; - else { - a = BN_new(); - BN_rand(a, 200, 0, 0); /**/ - a->neg = rand_neg(); - } - for (i = 0; i < num0; i++) { - BN_lshift(b, a, i + 1); - BN_add(c, c, c); - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " * "); - BN_print(bp, c); - BIO_puts(bp, " - "); - } - BN_print(bp, b); - BIO_puts(bp, "\n"); - } - BN_mul(d, a, c, ctx); - BN_sub(d, d, b); - if (!BN_is_zero(d)) { - fprintf(stderr, "Left shift test failed!\n"); - fprintf(stderr, "a="); - BN_print_fp(stderr, a); - fprintf(stderr, "\nb="); - BN_print_fp(stderr, b); - fprintf(stderr, "\nc="); - BN_print_fp(stderr, c); - fprintf(stderr, "\nd="); - BN_print_fp(stderr, d); - fprintf(stderr, "\n"); - return 0; - } - } - BN_free(a); - BN_free(b); - BN_free(c); - BN_free(d); - return (1); -} - -int test_mul(BIO *bp) { - BIGNUM a, b, c, d, e; - int i; - BN_CTX *ctx; - - ctx = BN_CTX_new(); - if (ctx == NULL) - abort(); - - BN_init(&a); - BN_init(&b); - BN_init(&c); - BN_init(&d); - BN_init(&e); - - for (i = 0; i < num0 + num1; i++) { - if (i <= num1) { - BN_rand(&a, 100, 0, 0); - BN_rand(&b, 100, 0, 0); - } else - BN_rand(&b, i - num1, 0, 0); - a.neg = rand_neg(); - b.neg = rand_neg(); - BN_mul(&c, &a, &b, ctx); - if (bp != NULL) { - if (!results) { - BN_print(bp, &a); - BIO_puts(bp, " * "); - BN_print(bp, &b); - BIO_puts(bp, " - "); - } - BN_print(bp, &c); - BIO_puts(bp, "\n"); - } - BN_div(&d, &e, &c, &a, ctx); - BN_sub(&d, &d, &b); - if (!BN_is_zero(&d) || !BN_is_zero(&e)) { - fprintf(stderr, "Multiplication test failed!\n"); - return 0; - } - } - BN_free(&a); - BN_free(&b); - BN_free(&c); - BN_free(&d); - BN_free(&e); - BN_CTX_free(ctx); - return (1); -} - -int test_sqr(BIO *bp, BN_CTX *ctx) { - BIGNUM *a, *c, *d, *e; - int i, ret = 0; - - a = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); - if (a == NULL || c == NULL || d == NULL || e == NULL) { - goto err; - } - - for (i = 0; i < num0; i++) { - BN_rand(a, 40 + i * 10, 0, 0); - a->neg = rand_neg(); - BN_sqr(c, a, ctx); - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " * "); - BN_print(bp, a); - BIO_puts(bp, " - "); - } - BN_print(bp, c); - BIO_puts(bp, "\n"); - } - BN_div(d, e, c, a, ctx); - BN_sub(d, d, a); - if (!BN_is_zero(d) || !BN_is_zero(e)) { - fprintf(stderr, "Square test failed!\n"); - goto err; - } - } - - /* Regression test for a BN_sqr overflow bug. */ - BN_hex2bn(&a, - "80000000000000008000000000000001FFFFFFFFFFFFFFFE0000000000000000"); - BN_sqr(c, a, ctx); - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " * "); - BN_print(bp, a); - BIO_puts(bp, " - "); - } - BN_print(bp, c); - BIO_puts(bp, "\n"); - } - BN_mul(d, a, a, ctx); - if (BN_cmp(c, d)) { - fprintf(stderr, - "Square test failed: BN_sqr and BN_mul produce " - "different results!\n"); - goto err; - } - - /* Regression test for a BN_sqr overflow bug. */ - BN_hex2bn(&a, - "80000000000000000000000080000001FFFFFFFE000000000000000000000000"); - BN_sqr(c, a, ctx); - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " * "); - BN_print(bp, a); - BIO_puts(bp, " - "); - } - BN_print(bp, c); - BIO_puts(bp, "\n"); - } - BN_mul(d, a, a, ctx); - if (BN_cmp(c, d)) { - fprintf(stderr, - "Square test failed: BN_sqr and BN_mul produce " - "different results!\n"); - goto err; - } - ret = 1; - -err: - if (a != NULL) { - BN_free(a); - } - if (c != NULL) { - BN_free(c); - } - if (d != NULL) { - BN_free(d); - } - if (e != NULL) { - BN_free(e); - } - return ret; -} - - -int rand_neg(void) { - static unsigned int neg = 0; - static int sign[8] = {0, 0, 0, 1, 1, 0, 1, 1}; - - return (sign[(neg++) % 8]); -} - -static void print_word(BIO *bp, BN_ULONG w) { - BIO_printf(bp, BN_HEX_FMT1, w); -} - -int test_div_word(BIO *bp) { - BIGNUM a, b; - BN_ULONG r, s; - int i; - - BN_init(&a); - BN_init(&b); - - for (i = 0; i < num0; i++) { - do { - BN_rand(&a, 512, -1, 0); - BN_rand(&b, BN_BITS2, -1, 0); - s = b.d[0]; - } while (!s); - - BN_copy(&b, &a); - r = BN_div_word(&b, s); - - if (bp != NULL) { - if (!results) { - BN_print(bp, &a); - BIO_puts(bp, " / "); - print_word(bp, s); - BIO_puts(bp, " - "); - } - BN_print(bp, &b); - BIO_puts(bp, "\n"); - - if (!results) { - BN_print(bp, &a); - BIO_puts(bp, " % "); - print_word(bp, s); - BIO_puts(bp, " - "); - } - print_word(bp, r); - BIO_puts(bp, "\n"); - } - BN_mul_word(&b, s); - BN_add_word(&b, r); - BN_sub(&b, &a, &b); - if (!BN_is_zero(&b)) { - fprintf(stderr, "Division (word) test failed!\n"); - return 0; - } - } - BN_free(&a); - BN_free(&b); - return (1); -} - -int test_mont(BIO *bp, BN_CTX *ctx) { - BIGNUM a, b, c, d, A, B; - BIGNUM n; - int i; - BN_MONT_CTX *mont; - - BN_init(&a); - BN_init(&b); - BN_init(&c); - BN_init(&d); - BN_init(&A); - BN_init(&B); - BN_init(&n); - - mont = BN_MONT_CTX_new(); - if (mont == NULL) - return 0; - - BN_rand(&a, 100, 0, 0); /**/ - BN_rand(&b, 100, 0, 0); /**/ - for (i = 0; i < num2; i++) { - int bits = (200 * (i + 1)) / num2; - - if (bits == 0) - continue; - BN_rand(&n, bits, 0, 1); - BN_MONT_CTX_set(mont, &n, ctx); - - BN_nnmod(&a, &a, &n, ctx); - BN_nnmod(&b, &b, &n, ctx); - - BN_to_montgomery(&A, &a, mont, ctx); - BN_to_montgomery(&B, &b, mont, ctx); - - BN_mod_mul_montgomery(&c, &A, &B, mont, ctx); /**/ - BN_from_montgomery(&A, &c, mont, ctx); /**/ - if (bp != NULL) { - if (!results) { -#ifdef undef - fprintf(stderr, "%d * %d %% %d\n", BN_num_bits(&a), BN_num_bits(&b), - BN_num_bits(mont->N)); -#endif - BN_print(bp, &a); - BIO_puts(bp, " * "); - BN_print(bp, &b); - BIO_puts(bp, " % "); - BN_print(bp, &(mont->N)); - BIO_puts(bp, " - "); - } - BN_print(bp, &A); - BIO_puts(bp, "\n"); - } - BN_mod_mul(&d, &a, &b, &n, ctx); - BN_sub(&d, &d, &A); - if (!BN_is_zero(&d)) { - fprintf(stderr, "Montgomery multiplication test failed!\n"); - return 0; - } - } - BN_MONT_CTX_free(mont); - BN_free(&a); - BN_free(&b); - BN_free(&c); - BN_free(&d); - BN_free(&A); - BN_free(&B); - BN_free(&n); - return (1); -} - -int test_mod(BIO *bp, BN_CTX *ctx) { - BIGNUM *a, *b, *c, *d, *e; - int i; - - a = BN_new(); - b = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); - - BN_rand(a, 1024, 0, 0); /**/ - for (i = 0; i < num0; i++) { - BN_rand(b, 450 + i * 10, 0, 0); /**/ - a->neg = rand_neg(); - b->neg = rand_neg(); - BN_mod(c, a, b, ctx); /**/ - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " % "); - BN_print(bp, b); - BIO_puts(bp, " - "); - } - BN_print(bp, c); - BIO_puts(bp, "\n"); - } - BN_div(d, e, a, b, ctx); - BN_sub(e, e, c); - if (!BN_is_zero(e)) { - fprintf(stderr, "Modulo test failed!\n"); - return 0; - } - } - BN_free(a); - BN_free(b); - BN_free(c); - BN_free(d); - BN_free(e); - return (1); -} - -int test_mod_mul(BIO *bp, BN_CTX *ctx) { - BIGNUM *a, *b, *c, *d, *e; - int i, j; - - a = BN_new(); - b = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); - - for (j = 0; j < 3; j++) { - BN_rand(c, 1024, 0, 0); /**/ - for (i = 0; i < num0; i++) { - BN_rand(a, 475 + i * 10, 0, 0); /**/ - BN_rand(b, 425 + i * 11, 0, 0); /**/ - a->neg = rand_neg(); - b->neg = rand_neg(); - if (!BN_mod_mul(e, a, b, c, ctx)) { - unsigned long l; - - while ((l = ERR_get_error())) - fprintf(stderr, "ERROR:%s\n", ERR_error_string(l, NULL)); - abort(); - } - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " * "); - BN_print(bp, b); - BIO_puts(bp, " % "); - BN_print(bp, c); - if ((a->neg ^ b->neg) && !BN_is_zero(e)) { - /* If (a*b) % c is negative, c must be added - * in order to obtain the normalized remainder - * (new with OpenSSL 0.9.7, previous versions of - * BN_mod_mul could generate negative results) - */ - BIO_puts(bp, " + "); - BN_print(bp, c); - } - BIO_puts(bp, " - "); - } - BN_print(bp, e); - BIO_puts(bp, "\n"); - } - BN_mul(d, a, b, ctx); - BN_sub(d, d, e); - BN_div(a, b, d, c, ctx); - if (!BN_is_zero(b)) { - fprintf(stderr, "Modulo multiply test failed!\n"); - ERR_print_errors_fp(stderr); - return 0; - } - } - } - BN_free(a); - BN_free(b); - BN_free(c); - BN_free(d); - BN_free(e); - return (1); -} - -int test_mod_exp(BIO *bp, BN_CTX *ctx) { - BIGNUM *a, *b, *c, *d, *e; - int i; - - a = BN_new(); - b = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); - - BN_rand(c, 30, 0, 1); /* must be odd for montgomery */ - for (i = 0; i < num2; i++) { - BN_rand(a, 20 + i * 5, 0, 0); /**/ - BN_rand(b, 2 + i, 0, 0); /**/ - - if (!BN_mod_exp(d, a, b, c, ctx)) - return (0); - - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " ^ "); - BN_print(bp, b); - BIO_puts(bp, " % "); - BN_print(bp, c); - BIO_puts(bp, " - "); - } - BN_print(bp, d); - BIO_puts(bp, "\n"); - } - BN_exp(e, a, b, ctx); - BN_sub(e, e, d); - BN_div(a, b, e, c, ctx); - if (!BN_is_zero(b)) { - fprintf(stderr, "Modulo exponentiation test failed!\n"); - return 0; - } - } - BN_free(a); - BN_free(b); - BN_free(c); - BN_free(d); - BN_free(e); - return (1); -} - -int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx) { - BIGNUM *a, *b, *c, *d, *e; - int i; - - a = BN_new(); - b = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); - - BN_rand(c, 30, 0, 1); /* must be odd for montgomery */ - for (i = 0; i < num2; i++) { - BN_rand(a, 20 + i * 5, 0, 0); /**/ - BN_rand(b, 2 + i, 0, 0); /**/ - - if (!BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL)) - return (00); - - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " ^ "); - BN_print(bp, b); - BIO_puts(bp, " % "); - BN_print(bp, c); - BIO_puts(bp, " - "); - } - BN_print(bp, d); - BIO_puts(bp, "\n"); - } - BN_exp(e, a, b, ctx); - BN_sub(e, e, d); - BN_div(a, b, e, c, ctx); - if (!BN_is_zero(b)) { - fprintf(stderr, "Modulo exponentiation test failed!\n"); - return 0; - } - } - BN_free(a); - BN_free(b); - BN_free(c); - BN_free(d); - BN_free(e); - return (1); -} - -/* Test constant-time modular exponentiation with 1024-bit inputs, - * which on x86_64 cause a different code branch to be taken. */ -int test_mod_exp_mont5(BIO *bp, BN_CTX *ctx) { - BIGNUM *a, *p, *m, *d, *e; - - BN_MONT_CTX *mont; - - a = BN_new(); - p = BN_new(); - m = BN_new(); - d = BN_new(); - e = BN_new(); - - mont = BN_MONT_CTX_new(); - - BN_rand(m, 1024, 0, 1); /* must be odd for montgomery */ - /* Zero exponent */ - BN_rand(a, 1024, 0, 0); - BN_zero(p); - if (!BN_mod_exp_mont_consttime(d, a, p, m, ctx, NULL)) - return 0; - if (!BN_is_one(d)) { - fprintf(stderr, "Modular exponentiation test failed!\n"); - return 0; - } - /* Zero input */ - BN_rand(p, 1024, 0, 0); - BN_zero(a); - if (!BN_mod_exp_mont_consttime(d, a, p, m, ctx, NULL)) - return 0; - if (!BN_is_zero(d)) { - fprintf(stderr, "Modular exponentiation test failed!\n"); - return 0; - } - /* Craft an input whose Montgomery representation is 1, - * i.e., shorter than the modulus m, in order to test - * the const time precomputation scattering/gathering. - */ - BN_one(a); - BN_MONT_CTX_set(mont, m, ctx); - if (!BN_from_montgomery(e, a, mont, ctx) || - !BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL) || - !BN_mod_exp(a, e, p, m, ctx)) { - return 0; - } - if (BN_cmp(a, d) != 0) { - fprintf(stderr, "Modular exponentiation test failed!\n"); - return 0; - } - /* Finally, some regular test vectors. */ - BN_rand(e, 1024, 0, 0); - if (!BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL)) - return 0; - if (!BN_mod_exp(a, e, p, m, ctx)) - return 0; - if (BN_cmp(a, d) != 0) { - fprintf(stderr, "Modular exponentiation test failed!\n"); - return 0; - } - - BN_MONT_CTX_free(mont); - BN_free(a); - BN_free(p); - BN_free(m); - BN_free(d); - BN_free(e); - return (1); -} - -int test_exp(BIO *bp, BN_CTX *ctx) { - BIGNUM *a, *b, *d, *e, *one; - int i; - - a = BN_new(); - b = BN_new(); - d = BN_new(); - e = BN_new(); - one = BN_new(); - BN_one(one); - - for (i = 0; i < num2; i++) { - BN_rand(a, 20 + i * 5, 0, 0); /**/ - BN_rand(b, 2 + i, 0, 0); /**/ - - if (BN_exp(d, a, b, ctx) <= 0) - return (0); - - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " ^ "); - BN_print(bp, b); - BIO_puts(bp, " - "); - } - BN_print(bp, d); - BIO_puts(bp, "\n"); - } - BN_one(e); - for (; !BN_is_zero(b); BN_sub(b, b, one)) - BN_mul(e, e, a, ctx); - BN_sub(e, e, d); - if (!BN_is_zero(e)) { - fprintf(stderr, "Exponentiation test failed!\n"); - return 0; - } - } - BN_free(a); - BN_free(b); - BN_free(d); - BN_free(e); - BN_free(one); - return (1); -} - -/* test_exp_mod_zero tests that x**0 mod 1 == 0. */ -static int test_exp_mod_zero(void) { - BIGNUM a, p, m; - BIGNUM r; - BN_CTX *ctx = BN_CTX_new(); - int ret = 0; - - BN_init(&m); - BN_one(&m); - - BN_init(&a); - BN_one(&a); - - BN_init(&p); - BN_zero(&p); - - BN_init(&r); - BN_mod_exp(&r, &a, &p, &m, ctx); - BN_CTX_free(ctx); - - if (BN_is_zero(&r)) { - ret = 1; - } else { - printf("1**0 mod 1 = "); - BN_print_fp(stdout, &r); - printf(", should be 0\n"); - } - - BN_free(&r); - BN_free(&a); - BN_free(&p); - BN_free(&m); - - return ret; -} - -static int genprime_cb(int p, int n, BN_GENCB *arg) { - char c = '*'; - - if (p == 0) - c = '.'; - if (p == 1) - c = '+'; - if (p == 2) - c = '*'; - if (p == 3) - c = '\n'; - putc(c, stdout); - fflush(stdout); - return 1; -} - -int test_mod_sqrt(BIO *bp, BN_CTX *ctx) { - BN_GENCB cb; - BIGNUM *a, *p, *r; - int i, j; - int ret = 0; - - a = BN_new(); - p = BN_new(); - r = BN_new(); - if (a == NULL || p == NULL || r == NULL) - goto err; - - BN_GENCB_set(&cb, genprime_cb, NULL); - - for (i = 0; i < 16; i++) { - if (i < 8) { - unsigned primes[8] = {2, 3, 5, 7, 11, 13, 17, 19}; - - if (!BN_set_word(p, primes[i])) - goto err; - } else { - if (!BN_set_word(a, 32)) - goto err; - if (!BN_set_word(r, 2 * i + 1)) - goto err; - - if (!BN_generate_prime_ex(p, 256, 0, a, r, &cb)) - goto err; - putc('\n', stdout); - } - p->neg = rand_neg(); - - for (j = 0; j < num2; j++) { - /* construct 'a' such that it is a square modulo p, - * but in general not a proper square and not reduced modulo p */ - if (!BN_rand(r, 256, 0, 3)) - goto err; - if (!BN_nnmod(r, r, p, ctx)) - goto err; - if (!BN_mod_sqr(r, r, p, ctx)) - goto err; - if (!BN_rand(a, 256, 0, 3)) - goto err; - if (!BN_nnmod(a, a, p, ctx)) - goto err; - if (!BN_mod_sqr(a, a, p, ctx)) - goto err; - if (!BN_mul(a, a, r, ctx)) - goto err; - if (rand_neg()) - if (!BN_sub(a, a, p)) - goto err; - - if (!BN_mod_sqrt(r, a, p, ctx)) - goto err; - if (!BN_mod_sqr(r, r, p, ctx)) - goto err; - - if (!BN_nnmod(a, a, p, ctx)) - goto err; - - if (BN_cmp(a, r) != 0) { - fprintf(stderr, "BN_mod_sqrt failed: a = "); - BN_print_fp(stderr, a); - fprintf(stderr, ", r = "); - BN_print_fp(stderr, r); - fprintf(stderr, ", p = "); - BN_print_fp(stderr, p); - fprintf(stderr, "\n"); - goto err; - } - - putc('.', stdout); - fflush(stdout); - } - - putc('\n', stdout); - fflush(stderr); - } - ret = 1; -err: - if (a != NULL) - BN_free(a); - if (p != NULL) - BN_free(p); - if (r != NULL) - BN_free(r); - return ret; -} - -int test_small_prime(BIO *bp, BN_CTX *ctx) { - static const int bits = 10; - int ret = 0; - BIGNUM r; - - BN_init(&r); - if (!BN_generate_prime_ex(&r, bits, 0, NULL, NULL, NULL)) { - goto err; - } - if (BN_num_bits(&r) != bits) { - BIO_printf(bp, "Expected %d bit prime, got %d bit number\n", bits, - BN_num_bits(&r)); - goto err; - } - - ret = 1; - -err: - BN_free(&r); - return ret; -} - -int test_sqrt(BIO *bp, BN_CTX *ctx) { - BIGNUM *n = BN_new(), *nn = BN_new(), *sqrt = BN_new(); - unsigned i; - - /* Test some random squares. */ - for (i = 0; i < 100; i++) { - if (!BN_rand(n, 1024 /* bit length */, -1 /* no modification of top bits */, - 0 /* don't modify bottom bit */) || - !BN_mul(nn, n, n, ctx) || - !BN_sqrt(sqrt, nn, ctx)) { - BIO_print_errors_fp(stderr); - return 0; - } - if (BN_cmp(n, sqrt) != 0) { - fprintf(stderr, "Bad result from BN_sqrt.\n"); - return 0; - } - } - - /* Test some non-squares */ - for (i = 0; i < 100; i++) { - if (!BN_rand(n, 1024 /* bit length */, -1 /* no modification of top bits */, - 0 /* don't modify bottom bit */) || - !BN_mul(nn, n, n, ctx) || - !BN_add(nn, nn, BN_value_one())) { - BIO_print_errors_fp(stderr); - return 0; - } - - if (BN_sqrt(sqrt, nn, ctx)) { - char *nn_str = BN_bn2dec(nn); - fprintf(stderr, "BIO_sqrt didn't fail on a non-square: %s\n", nn_str); - OPENSSL_free(nn_str); - } - } - - BN_free(n); - BN_free(sqrt); - BN_free(nn); - - return 1; -} - -int test_bn2bin_padded(BIO *bp, BN_CTX *ctx) { - BIGNUM *n = BN_new(); - uint8_t zeros[256], out[256], reference[128]; - size_t bytes; - - memset(zeros, 0, sizeof(zeros)); - - /* Test edge case at 0. */ - if (!BN_bn2bin_padded(NULL, 0, n)) { - fprintf(stderr, - "BN_bn2bin_padded failed to encode 0 in an empty buffer.\n"); - return 0; - } - memset(out, -1, sizeof(out)); - if (!BN_bn2bin_padded(out, sizeof(out), n)) { - fprintf(stderr, - "BN_bn2bin_padded failed to encode 0 in a non-empty buffer.\n"); - return 0; - } - if (memcmp(zeros, out, sizeof(out))) { - fprintf(stderr, "BN_bn2bin_padded did not zero buffer.\n"); - return 0; - } - - /* Test a random numbers at various byte lengths. */ - for (bytes = 128 - 7; bytes <= 128; bytes++) { - if (!BN_rand(n, bytes * 8, 0 /* make sure top bit is 1 */, - 0 /* don't modify bottom bit */)) { - BIO_print_errors_fp(stderr); - return 0; - } - if (BN_num_bytes(n) != bytes || BN_bn2bin(n, reference) != bytes) { - fprintf(stderr, "Bad result from BN_rand; bytes.\n"); - return 0; - } - /* Empty buffer should fail. */ - if (BN_bn2bin_padded(NULL, 0, n)) { - fprintf(stderr, - "BN_bn2bin_padded incorrectly succeeded on empty buffer.\n"); - return 0; - } - /* One byte short should fail. */ - if (BN_bn2bin_padded(out, bytes - 1, n)) { - fprintf(stderr, "BN_bn2bin_padded incorrectly succeeded on short.\n"); - return 0; - } - /* Exactly right size should encode. */ - if (!BN_bn2bin_padded(out, bytes, n) || - memcmp(out, reference, bytes) != 0) { - fprintf(stderr, "BN_bn2bin_padded gave a bad result.\n"); - return 0; - } - /* Pad up one byte extra. */ - if (!BN_bn2bin_padded(out, bytes + 1, n) || - memcmp(out + 1, reference, bytes) || memcmp(out, zeros, 1)) { - fprintf(stderr, "BN_bn2bin_padded gave a bad result.\n"); - return 0; - } - /* Pad up to 256. */ - if (!BN_bn2bin_padded(out, sizeof(out), n) || - memcmp(out + sizeof(out) - bytes, reference, bytes) || - memcmp(out, zeros, sizeof(out) - bytes)) { - fprintf(stderr, "BN_bn2bin_padded gave a bad result.\n"); - return 0; - } - } - - BN_free(n); - - return 1; -} diff --git a/src/crypto/bn/bn_test.cc b/src/crypto/bn/bn_test.cc new file mode 100644 index 0000000..9aa2bf5 --- /dev/null +++ b/src/crypto/bn/bn_test.cc @@ -0,0 +1,1619 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the Eric Young open source + * license provided above. + * + * The binary polynomial arithmetic software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems + * Laboratories. */ + +/* For BIGNUM format macros. */ +#if !defined(__STDC_FORMAT_MACROS) +#define __STDC_FORMAT_MACROS +#endif + +#include +#include + +#include +#include +#include +#include + +#include "../crypto/test/scoped_types.h" + + +static const int num0 = 100; // number of tests +static const int num1 = 50; // additional tests for some functions +static const int num2 = 5; // number of tests for slow functions + +static bool test_add(FILE *fp); +static bool test_sub(FILE *fp); +static bool test_lshift1(FILE *fp); +static bool test_lshift(FILE *fp, BN_CTX *ctx, ScopedBIGNUM a); +static bool test_rshift1(FILE *fp); +static bool test_rshift(FILE *fp, BN_CTX *ctx); +static bool test_sqr(FILE *fp, BN_CTX *ctx); +static bool test_mul(FILE *fp); +static bool test_div(FILE *fp, BN_CTX *ctx); +static int rand_neg(); + +static bool test_div_word(FILE *fp); +static bool test_mont(FILE *fp, BN_CTX *ctx); +static bool test_mod(FILE *fp, BN_CTX *ctx); +static bool test_mod_mul(FILE *fp, BN_CTX *ctx); +static bool test_mod_exp(FILE *fp, BN_CTX *ctx); +static bool test_mod_exp_mont_consttime(FILE *fp, BN_CTX *ctx); +static bool test_exp(FILE *fp, BN_CTX *ctx); +static bool test_mod_sqrt(FILE *fp, BN_CTX *ctx); +static bool test_exp_mod_zero(void); +static bool test_small_prime(FILE *fp, BN_CTX *ctx); +static bool test_mod_exp_mont5(FILE *fp, BN_CTX *ctx); +static bool test_sqrt(FILE *fp, BN_CTX *ctx); +static bool test_bn2bin_padded(FILE *fp, BN_CTX *ctx); +static bool test_dec2bn(FILE *fp, BN_CTX *ctx); +static bool test_hex2bn(FILE *fp, BN_CTX *ctx); +static bool test_asc2bn(FILE *fp, BN_CTX *ctx); + +// g_results can be set to true to cause the result of each computation to be +// printed. +static bool g_results = false; + +static const uint8_t kSample[] = + "\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9" + "\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0"; + +// A wrapper around puts that takes its arguments in the same order as our *_fp +// functions. +static void puts_fp(FILE *out, const char *m) { + fputs(m, out); +} + +static void message(FILE *out, const char *m) { + puts_fp(out, "print \"test "); + puts_fp(out, m); + puts_fp(out, "\\n\"\n"); +} + +int main(int argc, char *argv[]) { + CRYPTO_library_init(); + + argc--; + argv++; + while (argc >= 1) { + if (strcmp(*argv, "-results") == 0) { + g_results = true; + } + argc--; + argv++; + } + + + ScopedBN_CTX ctx(BN_CTX_new()); + if (!ctx) { + return 1; + } + + if (!g_results) { + puts_fp(stdout, "obase=16\nibase=16\n"); + } + + message(stdout, "BN_add"); + if (!test_add(stdout)) { + return 1; + } + fflush(stdout); + + message(stdout, "BN_sub"); + if (!test_sub(stdout)) { + return 1; + } + fflush(stdout); + + message(stdout, "BN_lshift1"); + if (!test_lshift1(stdout)) { + return 1; + } + fflush(stdout); + + message(stdout, "BN_lshift (fixed)"); + ScopedBIGNUM sample(BN_bin2bn(kSample, sizeof(kSample) - 1, NULL)); + if (!sample) { + return 1; + } + if (!test_lshift(stdout, ctx.get(), bssl::move(sample))) { + return 1; + } + fflush(stdout); + + message(stdout, "BN_lshift"); + if (!test_lshift(stdout, ctx.get(), nullptr)) { + return 1; + } + fflush(stdout); + + message(stdout, "BN_rshift1"); + if (!test_rshift1(stdout)) { + return 1; + } + fflush(stdout); + + message(stdout, "BN_rshift"); + if (!test_rshift(stdout, ctx.get())) { + return 1; + } + fflush(stdout); + + message(stdout, "BN_sqr"); + if (!test_sqr(stdout, ctx.get())) { + return 1; + } + fflush(stdout); + + message(stdout, "BN_mul"); + if (!test_mul(stdout)) { + return 1; + } + fflush(stdout); + + message(stdout, "BN_div"); + if (!test_div(stdout, ctx.get())) { + return 1; + } + fflush(stdout); + + message(stdout, "BN_div_word"); + if (!test_div_word(stdout)) { + return 1; + } + fflush(stdout); + + message(stdout, "BN_mod"); + if (!test_mod(stdout, ctx.get())) { + return 1; + } + fflush(stdout); + + message(stdout, "BN_mod_mul"); + if (!test_mod_mul(stdout, ctx.get())) { + return 1; + } + fflush(stdout); + + message(stdout, "BN_mont"); + if (!test_mont(stdout, ctx.get())) { + return 1; + } + fflush(stdout); + + message(stdout, "BN_mod_exp"); + if (!test_mod_exp(stdout, ctx.get())) { + return 1; + } + fflush(stdout); + + message(stdout, "BN_mod_exp_mont_consttime"); + if (!test_mod_exp_mont_consttime(stdout, ctx.get()) || + !test_mod_exp_mont5(stdout, ctx.get())) { + return 1; + } + fflush(stdout); + + message(stdout, "BN_exp"); + if (!test_exp(stdout, ctx.get()) || + !test_exp_mod_zero()) { + return 1; + } + fflush(stdout); + + message(stdout, "BN_mod_sqrt"); + if (!test_mod_sqrt(stdout, ctx.get())) { + return 1; + } + fflush(stdout); + + message(stdout, "Small prime generation"); + if (!test_small_prime(stdout, ctx.get())) { + return 1; + } + fflush(stdout); + + message(stdout, "BN_sqrt"); + if (!test_sqrt(stdout, ctx.get())) { + return 1; + } + fflush(stdout); + + message(stdout, "BN_bn2bin_padded"); + if (!test_bn2bin_padded(stdout, ctx.get())) { + return 1; + } + fflush(stdout); + + message(stdout, "BN_dec2bn"); + if (!test_dec2bn(stdout, ctx.get())) { + return 1; + } + fflush(stdout); + + message(stdout, "BN_hex2bn"); + if (!test_hex2bn(stdout, ctx.get())) { + return 1; + } + fflush(stdout); + + message(stdout, "BN_asc2bn"); + if (!test_asc2bn(stdout, ctx.get())) { + return 1; + } + fflush(stdout); + + printf("PASS\n"); + return 0; +} + +static bool test_add(FILE *fp) { + ScopedBIGNUM a(BN_new()); + ScopedBIGNUM b(BN_new()); + ScopedBIGNUM c(BN_new()); + if (!a || !b || !c || !BN_rand(a.get(), 512, 0, 0)) { + return false; + } + + for (int i = 0; i < num0; i++) { + if (!BN_rand(b.get(), 450 + i, 0, 0)) { + return false; + } + a->neg = rand_neg(); + b->neg = rand_neg(); + if (!BN_add(c.get(), a.get(), b.get())) { + return false; + } + if (fp != NULL) { + if (!g_results) { + BN_print_fp(fp, a.get()); + puts_fp(fp, " + "); + BN_print_fp(fp, b.get()); + puts_fp(fp, " - "); + } + BN_print_fp(fp, c.get()); + puts_fp(fp, "\n"); + } + a->neg = !a->neg; + b->neg = !b->neg; + if (!BN_add(c.get(), c.get(), b.get()) || + !BN_add(c.get(), c.get(), a.get())) { + return false; + } + if (!BN_is_zero(c.get())) { + fprintf(stderr, "Add test failed!\n"); + return false; + } + } + return true; +} + +static bool test_sub(FILE *fp) { + ScopedBIGNUM a(BN_new()); + ScopedBIGNUM b(BN_new()); + ScopedBIGNUM c(BN_new()); + if (!a || !b || !c) { + return false; + } + + for (int i = 0; i < num0 + num1; i++) { + if (i < num1) { + if (!BN_rand(a.get(), 512, 0, 0) || + !BN_copy(b.get(), a.get()) || + !BN_set_bit(a.get(), i) || + !BN_add_word(b.get(), i)) { + return false; + } + } else { + if (!BN_rand(b.get(), 400 + i - num1, 0, 0)) { + return false; + } + a->neg = rand_neg(); + b->neg = rand_neg(); + } + if (!BN_sub(c.get(), a.get(), b.get())) { + return false; + } + if (fp != NULL) { + if (!g_results) { + BN_print_fp(fp, a.get()); + puts_fp(fp, " - "); + BN_print_fp(fp, b.get()); + puts_fp(fp, " - "); + } + BN_print_fp(fp, c.get()); + puts_fp(fp, "\n"); + } + if (!BN_add(c.get(), c.get(), b.get()) || + !BN_sub(c.get(), c.get(), a.get())) { + return false; + } + if (!BN_is_zero(c.get())) { + fprintf(stderr, "Subtract test failed!\n"); + return false; + } + } + return true; +} + +static bool test_div(FILE *fp, BN_CTX *ctx) { + ScopedBIGNUM a(BN_new()); + ScopedBIGNUM b(BN_new()); + ScopedBIGNUM c(BN_new()); + ScopedBIGNUM d(BN_new()); + ScopedBIGNUM e(BN_new()); + if (!a || !b || !c || !d || !e) { + return false; + } + + for (int i = 0; i < num0 + num1; i++) { + if (i < num1) { + if (!BN_rand(a.get(), 400, 0, 0) || + !BN_copy(b.get(), a.get()) || + !BN_lshift(a.get(), a.get(), i) || + !BN_add_word(a.get(), i)) { + return false; + } + } else if (!BN_rand(b.get(), 50 + 3 * (i - num1), 0, 0)) { + return false; + } + a->neg = rand_neg(); + b->neg = rand_neg(); + if (!BN_div(d.get(), c.get(), a.get(), b.get(), ctx)) { + return false; + } + if (fp != NULL) { + if (!g_results) { + BN_print_fp(fp, a.get()); + puts_fp(fp, " / "); + BN_print_fp(fp, b.get()); + puts_fp(fp, " - "); + } + BN_print_fp(fp, d.get()); + puts_fp(fp, "\n"); + + if (!g_results) { + BN_print_fp(fp, a.get()); + puts_fp(fp, " % "); + BN_print_fp(fp, b.get()); + puts_fp(fp, " - "); + } + BN_print_fp(fp, c.get()); + puts_fp(fp, "\n"); + } + if (!BN_mul(e.get(), d.get(), b.get(), ctx) || + !BN_add(d.get(), e.get(), c.get()) || + !BN_sub(d.get(), d.get(), a.get())) { + return false; + } + if (!BN_is_zero(d.get())) { + fprintf(stderr, "Division test failed!\n"); + return false; + } + } + + // Test that BN_div never gives negative zero in the quotient. + if (!BN_set_word(a.get(), 1) || + !BN_set_word(b.get(), 2)) { + return false; + } + BN_set_negative(a.get(), 1); + if (!BN_div(d.get(), c.get(), a.get(), b.get(), ctx)) { + return false; + } + if (!BN_is_zero(d.get()) || BN_is_negative(d.get())) { + fprintf(stderr, "Division test failed!\n"); + return false; + } + + // Test that BN_div never gives negative zero in the remainder. + if (!BN_set_word(b.get(), 1)) { + return false; + } + if (!BN_div(d.get(), c.get(), a.get(), b.get(), ctx)) { + return false; + } + if (!BN_is_zero(c.get()) || BN_is_negative(c.get())) { + fprintf(stderr, "Division test failed!\n"); + return false; + } + + return true; +} + +static bool test_lshift1(FILE *fp) { + ScopedBIGNUM a(BN_new()); + ScopedBIGNUM b(BN_new()); + ScopedBIGNUM c(BN_new()); + if (!a || !b || !c || !BN_rand(a.get(), 200, 0, 0)) { + return false; + } + a->neg = rand_neg(); + for (int i = 0; i < num0; i++) { + if (!BN_lshift1(b.get(), a.get())) { + return false; + } + if (fp != NULL) { + if (!g_results) { + BN_print_fp(fp, a.get()); + puts_fp(fp, " * 2"); + puts_fp(fp, " - "); + } + BN_print_fp(fp, b.get()); + puts_fp(fp, "\n"); + } + if (!BN_add(c.get(), a.get(), a.get()) || + !BN_sub(a.get(), b.get(), c.get())) { + return false; + } + if (!BN_is_zero(a.get())) { + fprintf(stderr, "Left shift one test failed!\n"); + return false; + } + + if (!BN_copy(a.get(), b.get())) { + return false; + } + } + return true; +} + +static bool test_rshift(FILE *fp, BN_CTX *ctx) { + ScopedBIGNUM a(BN_new()); + ScopedBIGNUM b(BN_new()); + ScopedBIGNUM c(BN_new()); + ScopedBIGNUM d(BN_new()); + ScopedBIGNUM e(BN_new()); + if (!a || !b || !c || !d || !e || !BN_one(c.get()) || + !BN_rand(a.get(), 200, 0, 0)) { + return false; + } + a->neg = rand_neg(); + for (int i = 0; i < num0; i++) { + if (!BN_rshift(b.get(), a.get(), i + 1) || + !BN_add(c.get(), c.get(), c.get())) { + return false; + } + if (fp != NULL) { + if (!g_results) { + BN_print_fp(fp, a.get()); + puts_fp(fp, " / "); + BN_print_fp(fp, c.get()); + puts_fp(fp, " - "); + } + BN_print_fp(fp, b.get()); + puts_fp(fp, "\n"); + } + if (!BN_div(d.get(), e.get(), a.get(), c.get(), ctx) || + !BN_sub(d.get(), d.get(), b.get())) { + return false; + } + if (!BN_is_zero(d.get())) { + fprintf(stderr, "Right shift test failed!\n"); + return false; + } + } + return true; +} + +static bool test_rshift1(FILE *fp) { + ScopedBIGNUM a(BN_new()); + ScopedBIGNUM b(BN_new()); + ScopedBIGNUM c(BN_new()); + if (!a || !b || !c || !BN_rand(a.get(), 200, 0, 0)) { + return false; + } + a->neg = rand_neg(); + + for (int i = 0; i < num0; i++) { + if (!BN_rshift1(b.get(), a.get())) { + return false; + } + if (fp != NULL) { + if (!g_results) { + BN_print_fp(fp, a.get()); + puts_fp(fp, " / 2"); + puts_fp(fp, " - "); + } + BN_print_fp(fp, b.get()); + puts_fp(fp, "\n"); + } + if (!BN_sub(c.get(), a.get(), b.get()) || + !BN_sub(c.get(), c.get(), b.get())) { + return false; + } + if (!BN_is_zero(c.get()) && !BN_abs_is_word(c.get(), 1)) { + fprintf(stderr, "Right shift one test failed!\n"); + return false; + } + if (!BN_copy(a.get(), b.get())) { + return false; + } + } + return true; +} + +static bool test_lshift(FILE *fp, BN_CTX *ctx, ScopedBIGNUM a) { + if (!a) { + a.reset(BN_new()); + if (!a || !BN_rand(a.get(), 200, 0, 0)) { + return false; + } + a->neg = rand_neg(); + } + + ScopedBIGNUM b(BN_new()); + ScopedBIGNUM c(BN_new()); + ScopedBIGNUM d(BN_new()); + if (!b || !c || !d || !BN_one(c.get())) { + return false; + } + + for (int i = 0; i < num0; i++) { + if (!BN_lshift(b.get(), a.get(), i + 1) || + !BN_add(c.get(), c.get(), c.get())) { + return false; + } + if (fp != NULL) { + if (!g_results) { + BN_print_fp(fp, a.get()); + puts_fp(fp, " * "); + BN_print_fp(fp, c.get()); + puts_fp(fp, " - "); + } + BN_print_fp(fp, b.get()); + puts_fp(fp, "\n"); + } + if (!BN_mul(d.get(), a.get(), c.get(), ctx) || + !BN_sub(d.get(), d.get(), b.get())) { + return false; + } + if (!BN_is_zero(d.get())) { + fprintf(stderr, "Left shift test failed!\n"); + fprintf(stderr, "a="); + BN_print_fp(stderr, a.get()); + fprintf(stderr, "\nb="); + BN_print_fp(stderr, b.get()); + fprintf(stderr, "\nc="); + BN_print_fp(stderr, c.get()); + fprintf(stderr, "\nd="); + BN_print_fp(stderr, d.get()); + fprintf(stderr, "\n"); + return false; + } + } + return true; +} + +static bool test_mul(FILE *fp) { + ScopedBN_CTX ctx(BN_CTX_new()); + ScopedBIGNUM a(BN_new()); + ScopedBIGNUM b(BN_new()); + ScopedBIGNUM c(BN_new()); + ScopedBIGNUM d(BN_new()); + ScopedBIGNUM e(BN_new()); + if (!ctx || !a || !b || !c || !d || !e) { + return false; + } + + for (int i = 0; i < num0 + num1; i++) { + if (i <= num1) { + if (!BN_rand(a.get(), 100, 0, 0) || + !BN_rand(b.get(), 100, 0, 0)) { + return false; + } + } else if (!BN_rand(b.get(), i - num1, 0, 0)) { + return false; + } + a->neg = rand_neg(); + b->neg = rand_neg(); + if (!BN_mul(c.get(), a.get(), b.get(), ctx.get())) { + return false; + } + if (fp != NULL) { + if (!g_results) { + BN_print_fp(fp, a.get()); + puts_fp(fp, " * "); + BN_print_fp(fp, b.get()); + puts_fp(fp, " - "); + } + BN_print_fp(fp, c.get()); + puts_fp(fp, "\n"); + } + if (!BN_div(d.get(), e.get(), c.get(), a.get(), ctx.get()) || + !BN_sub(d.get(), d.get(), b.get())) { + return false; + } + if (!BN_is_zero(d.get()) || !BN_is_zero(e.get())) { + fprintf(stderr, "Multiplication test failed!\n"); + return false; + } + } + + // Test that BN_mul never gives negative zero. + if (!BN_set_word(a.get(), 1)) { + return false; + } + BN_set_negative(a.get(), 1); + BN_zero(b.get()); + if (!BN_mul(c.get(), a.get(), b.get(), ctx.get())) { + return false; + } + if (!BN_is_zero(c.get()) || BN_is_negative(c.get())) { + fprintf(stderr, "Multiplication test failed!\n"); + return false; + } + + return true; +} + +static bool test_sqr(FILE *fp, BN_CTX *ctx) { + ScopedBIGNUM a(BN_new()); + ScopedBIGNUM c(BN_new()); + ScopedBIGNUM d(BN_new()); + ScopedBIGNUM e(BN_new()); + if (!a || !c || !d || !e) { + return false; + } + + for (int i = 0; i < num0; i++) { + if (!BN_rand(a.get(), 40 + i * 10, 0, 0)) { + return false; + } + a->neg = rand_neg(); + if (!BN_sqr(c.get(), a.get(), ctx)) { + return false; + } + if (fp != NULL) { + if (!g_results) { + BN_print_fp(fp, a.get()); + puts_fp(fp, " * "); + BN_print_fp(fp, a.get()); + puts_fp(fp, " - "); + } + BN_print_fp(fp, c.get()); + puts_fp(fp, "\n"); + } + if (!BN_div(d.get(), e.get(), c.get(), a.get(), ctx) || + !BN_sub(d.get(), d.get(), a.get())) { + return false; + } + if (!BN_is_zero(d.get()) || !BN_is_zero(e.get())) { + fprintf(stderr, "Square test failed!\n"); + return false; + } + } + + // Regression test for a BN_sqr overflow bug. + BIGNUM *a_raw = a.get(); + if (!BN_hex2bn( + &a_raw, + "80000000000000008000000000000001FFFFFFFFFFFFFFFE0000000000000000") || + !BN_sqr(c.get(), a.get(), ctx)) { + return false; + } + if (fp != NULL) { + if (!g_results) { + BN_print_fp(fp, a.get()); + puts_fp(fp, " * "); + BN_print_fp(fp, a.get()); + puts_fp(fp, " - "); + } + BN_print_fp(fp, c.get()); + puts_fp(fp, "\n"); + } + if (!BN_mul(d.get(), a.get(), a.get(), ctx)) { + return false; + } + if (BN_cmp(c.get(), d.get())) { + fprintf(stderr, + "Square test failed: BN_sqr and BN_mul produce " + "different results!\n"); + return false; + } + + // Regression test for a BN_sqr overflow bug. + a_raw = a.get(); + if (!BN_hex2bn( + &a_raw, + "80000000000000000000000080000001FFFFFFFE000000000000000000000000") || + !BN_sqr(c.get(), a.get(), ctx)) { + return false; + } + if (fp != NULL) { + if (!g_results) { + BN_print_fp(fp, a.get()); + puts_fp(fp, " * "); + BN_print_fp(fp, a.get()); + puts_fp(fp, " - "); + } + BN_print_fp(fp, c.get()); + puts_fp(fp, "\n"); + } + if (!BN_mul(d.get(), a.get(), a.get(), ctx)) { + return false; + } + if (BN_cmp(c.get(), d.get())) { + fprintf(stderr, + "Square test failed: BN_sqr and BN_mul produce " + "different results!\n"); + return false; + } + + return true; +} + + +static int rand_neg() { + static unsigned int neg = 0; + static const int sign[8] = {0, 0, 0, 1, 1, 0, 1, 1}; + + return sign[(neg++) % 8]; +} + +static void print_word(FILE *fp, BN_ULONG w) { + fprintf(fp, BN_HEX_FMT1, w); +} + +static bool test_div_word(FILE *fp) { + ScopedBIGNUM a(BN_new()); + ScopedBIGNUM b(BN_new()); + if (!a || !b) { + return false; + } + + for (int i = 0; i < num0; i++) { + BN_ULONG s; + do { + if (!BN_rand(a.get(), 512, -1, 0) || + !BN_rand(b.get(), BN_BITS2, -1, 0)) { + return false; + } + s = b->d[0]; + } while (!s); + + if (!BN_copy(b.get(), a.get())) { + return false; + } + BN_ULONG r = BN_div_word(b.get(), s); + if (r == (BN_ULONG)-1) { + return false; + } + + if (fp != NULL) { + if (!g_results) { + BN_print_fp(fp, a.get()); + puts_fp(fp, " / "); + print_word(fp, s); + puts_fp(fp, " - "); + } + BN_print_fp(fp, b.get()); + puts_fp(fp, "\n"); + + if (!g_results) { + BN_print_fp(fp, a.get()); + puts_fp(fp, " % "); + print_word(fp, s); + puts_fp(fp, " - "); + } + print_word(fp, r); + puts_fp(fp, "\n"); + } + if (!BN_mul_word(b.get(), s) || + !BN_add_word(b.get(), r) || + !BN_sub(b.get(), a.get(), b.get())) { + return false; + } + if (!BN_is_zero(b.get())) { + fprintf(stderr, "Division (word) test failed!\n"); + return false; + } + } + return true; +} + +static bool test_mont(FILE *fp, BN_CTX *ctx) { + ScopedBIGNUM a(BN_new()); + ScopedBIGNUM b(BN_new()); + ScopedBIGNUM c(BN_new()); + ScopedBIGNUM d(BN_new()); + ScopedBIGNUM A(BN_new()); + ScopedBIGNUM B(BN_new()); + ScopedBIGNUM n(BN_new()); + ScopedBN_MONT_CTX mont(BN_MONT_CTX_new()); + if (!a || !b || !c || !d || !A || !B || !n || !mont || + !BN_rand(a.get(), 100, 0, 0) || + !BN_rand(b.get(), 100, 0, 0)) { + return false; + } + + for (int i = 0; i < num2; i++) { + int bits = (200 * (i + 1)) / num2; + + if (bits == 0) { + continue; + } + if (!BN_rand(n.get(), bits, 0, 1) || + !BN_MONT_CTX_set(mont.get(), n.get(), ctx) || + !BN_nnmod(a.get(), a.get(), n.get(), ctx) || + !BN_nnmod(b.get(), b.get(), n.get(), ctx) || + !BN_to_montgomery(A.get(), a.get(), mont.get(), ctx) || + !BN_to_montgomery(B.get(), b.get(), mont.get(), ctx) || + !BN_mod_mul_montgomery(c.get(), A.get(), B.get(), mont.get(), ctx) || + !BN_from_montgomery(A.get(), c.get(), mont.get(), ctx)) { + return false; + } + if (fp != NULL) { + if (!g_results) { + BN_print_fp(fp, a.get()); + puts_fp(fp, " * "); + BN_print_fp(fp, b.get()); + puts_fp(fp, " % "); + BN_print_fp(fp, &mont->N); + puts_fp(fp, " - "); + } + BN_print_fp(fp, A.get()); + puts_fp(fp, "\n"); + } + if (!BN_mod_mul(d.get(), a.get(), b.get(), n.get(), ctx) || + !BN_sub(d.get(), d.get(), A.get())) { + return false; + } + if (!BN_is_zero(d.get())) { + fprintf(stderr, "Montgomery multiplication test failed!\n"); + return false; + } + } + return true; +} + +static bool test_mod(FILE *fp, BN_CTX *ctx) { + ScopedBIGNUM a(BN_new()); + ScopedBIGNUM b(BN_new()); + ScopedBIGNUM c(BN_new()); + ScopedBIGNUM d(BN_new()); + ScopedBIGNUM e(BN_new()); + if (!a || !b || !c || !d || !e || + !BN_rand(a.get(), 1024, 0, 0)) { + return false; + } + + for (int i = 0; i < num0; i++) { + if (!BN_rand(b.get(), 450 + i * 10, 0, 0)) { + return false; + } + a->neg = rand_neg(); + b->neg = rand_neg(); + if (!BN_mod(c.get(), a.get(), b.get(), ctx)) { + return false; + } + if (fp != NULL) { + if (!g_results) { + BN_print_fp(fp, a.get()); + puts_fp(fp, " % "); + BN_print_fp(fp, b.get()); + puts_fp(fp, " - "); + } + BN_print_fp(fp, c.get()); + puts_fp(fp, "\n"); + } + if (!BN_div(d.get(), e.get(), a.get(), b.get(), ctx) || + !BN_sub(e.get(), e.get(), c.get())) { + return false; + } + if (!BN_is_zero(e.get())) { + fprintf(stderr, "Modulo test failed!\n"); + return false; + } + } + return true; +} + +static bool test_mod_mul(FILE *fp, BN_CTX *ctx) { + ScopedBIGNUM a(BN_new()); + ScopedBIGNUM b(BN_new()); + ScopedBIGNUM c(BN_new()); + ScopedBIGNUM d(BN_new()); + ScopedBIGNUM e(BN_new()); + if (!a || !b || !c || !d || !e) { + return false; + } + + for (int j = 0; j < 3; j++) { + if (!BN_rand(c.get(), 1024, 0, 0)) { + return false; + } + for (int i = 0; i < num0; i++) { + if (!BN_rand(a.get(), 475 + i * 10, 0, 0) || + !BN_rand(b.get(), 425 + i * 11, 0, 0)) { + return false; + } + a->neg = rand_neg(); + b->neg = rand_neg(); + if (!BN_mod_mul(e.get(), a.get(), b.get(), c.get(), ctx)) { + ERR_print_errors_fp(stderr); + return false; + } + if (fp != NULL) { + if (!g_results) { + BN_print_fp(fp, a.get()); + puts_fp(fp, " * "); + BN_print_fp(fp, b.get()); + puts_fp(fp, " % "); + BN_print_fp(fp, c.get()); + if (a->neg != b->neg && !BN_is_zero(e.get())) { + // If (a*b) % c is negative, c must be added + // in order to obtain the normalized remainder + // (new with OpenSSL 0.9.7, previous versions of + // BN_mod_mul could generate negative results) + puts_fp(fp, " + "); + BN_print_fp(fp, c.get()); + } + puts_fp(fp, " - "); + } + BN_print_fp(fp, e.get()); + puts_fp(fp, "\n"); + } + if (!BN_mul(d.get(), a.get(), b.get(), ctx) || + !BN_sub(d.get(), d.get(), e.get()) || + !BN_div(a.get(), b.get(), d.get(), c.get(), ctx)) { + return false; + } + if (!BN_is_zero(b.get())) { + fprintf(stderr, "Modulo multiply test failed!\n"); + ERR_print_errors_fp(stderr); + return false; + } + } + } + return true; +} + +static bool test_mod_exp(FILE *fp, BN_CTX *ctx) { + ScopedBIGNUM a(BN_new()); + ScopedBIGNUM b(BN_new()); + ScopedBIGNUM c(BN_new()); + ScopedBIGNUM d(BN_new()); + ScopedBIGNUM e(BN_new()); + if (!a || !b || !c || !d || !e || + !BN_rand(c.get(), 30, 0, 1)) { // must be odd for montgomery + return false; + } + for (int i = 0; i < num2; i++) { + if (!BN_rand(a.get(), 20 + i * 5, 0, 0) || + !BN_rand(b.get(), 2 + i, 0, 0) || + !BN_mod_exp(d.get(), a.get(), b.get(), c.get(), ctx)) { + return false; + } + + if (fp != NULL) { + if (!g_results) { + BN_print_fp(fp, a.get()); + puts_fp(fp, " ^ "); + BN_print_fp(fp, b.get()); + puts_fp(fp, " % "); + BN_print_fp(fp, c.get()); + puts_fp(fp, " - "); + } + BN_print_fp(fp, d.get()); + puts_fp(fp, "\n"); + } + if (!BN_exp(e.get(), a.get(), b.get(), ctx) || + !BN_sub(e.get(), e.get(), d.get()) || + !BN_div(a.get(), b.get(), e.get(), c.get(), ctx)) { + return false; + } + if (!BN_is_zero(b.get())) { + fprintf(stderr, "Modulo exponentiation test failed!\n"); + return false; + } + } + return true; +} + +static bool test_mod_exp_mont_consttime(FILE *fp, BN_CTX *ctx) { + ScopedBIGNUM a(BN_new()); + ScopedBIGNUM b(BN_new()); + ScopedBIGNUM c(BN_new()); + ScopedBIGNUM d(BN_new()); + ScopedBIGNUM e(BN_new()); + if (!a || !b || !c || !d || !e || + !BN_rand(c.get(), 30, 0, 1)) { // must be odd for montgomery + return false; + } + for (int i = 0; i < num2; i++) { + if (!BN_rand(a.get(), 20 + i * 5, 0, 0) || + !BN_rand(b.get(), 2 + i, 0, 0) || + !BN_mod_exp_mont_consttime(d.get(), a.get(), b.get(), c.get(), ctx, + NULL)) { + return false; + } + + if (fp != NULL) { + if (!g_results) { + BN_print_fp(fp, a.get()); + puts_fp(fp, " ^ "); + BN_print_fp(fp, b.get()); + puts_fp(fp, " % "); + BN_print_fp(fp, c.get()); + puts_fp(fp, " - "); + } + BN_print_fp(fp, d.get()); + puts_fp(fp, "\n"); + } + if (!BN_exp(e.get(), a.get(), b.get(), ctx) || + !BN_sub(e.get(), e.get(), d.get()) || + !BN_div(a.get(), b.get(), e.get(), c.get(), ctx)) { + return false; + } + if (!BN_is_zero(b.get())) { + fprintf(stderr, "Modulo exponentiation test failed!\n"); + return false; + } + } + return true; +} + +// Test constant-time modular exponentiation with 1024-bit inputs, +// which on x86_64 cause a different code branch to be taken. +static bool test_mod_exp_mont5(FILE *fp, BN_CTX *ctx) { + ScopedBIGNUM a(BN_new()); + ScopedBIGNUM p(BN_new()); + ScopedBIGNUM m(BN_new()); + ScopedBIGNUM d(BN_new()); + ScopedBIGNUM e(BN_new()); + if (!a || !p || !m || !d || !e || + !BN_rand(m.get(), 1024, 0, 1) || // must be odd for montgomery + !BN_rand(a.get(), 1024, 0, 0)) { + return false; + } + // Zero exponent. + BN_zero(p.get()); + if (!BN_mod_exp_mont_consttime(d.get(), a.get(), p.get(), m.get(), ctx, + NULL)) { + return false; + } + if (!BN_is_one(d.get())) { + fprintf(stderr, "Modular exponentiation test failed!\n"); + return false; + } + if (!BN_rand(p.get(), 1024, 0, 0)) { + return false; + } + // Zero input. + BN_zero(a.get()); + if (!BN_mod_exp_mont_consttime(d.get(), a.get(), p.get(), m.get(), ctx, + NULL)) { + return false; + } + if (!BN_is_zero(d.get())) { + fprintf(stderr, "Modular exponentiation test failed!\n"); + return false; + } + // Craft an input whose Montgomery representation is 1, i.e., shorter than the + // modulus m, in order to test the const time precomputation + // scattering/gathering. + ScopedBN_MONT_CTX mont(BN_MONT_CTX_new()); + if (!mont || !BN_one(a.get()) || + !BN_MONT_CTX_set(mont.get(), m.get(), ctx) || + !BN_from_montgomery(e.get(), a.get(), mont.get(), ctx) || + !BN_mod_exp_mont_consttime(d.get(), e.get(), p.get(), m.get(), ctx, + NULL) || + !BN_mod_exp(a.get(), e.get(), p.get(), m.get(), ctx)) { + return false; + } + if (BN_cmp(a.get(), d.get()) != 0) { + fprintf(stderr, "Modular exponentiation test failed!\n"); + return false; + } + // Finally, some regular test vectors. + if (!BN_rand(e.get(), 1024, 0, 0) || + !BN_mod_exp_mont_consttime(d.get(), e.get(), p.get(), m.get(), ctx, + NULL) || + !BN_mod_exp(a.get(), e.get(), p.get(), m.get(), ctx)) { + return false; + } + if (BN_cmp(a.get(), d.get()) != 0) { + fprintf(stderr, "Modular exponentiation test failed!\n"); + return false; + } + + return true; +} + +static bool test_exp(FILE *fp, BN_CTX *ctx) { + ScopedBIGNUM a(BN_new()); + ScopedBIGNUM b(BN_new()); + ScopedBIGNUM d(BN_new()); + ScopedBIGNUM e(BN_new()); + if (!a || !b || !d || !e) { + return false; + } + + for (int i = 0; i < num2; i++) { + if (!BN_rand(a.get(), 20 + i * 5, 0, 0) || + !BN_rand(b.get(), 2 + i, 0, 0) || + !BN_exp(d.get(), a.get(), b.get(), ctx)) { + return false; + } + + if (fp != NULL) { + if (!g_results) { + BN_print_fp(fp, a.get()); + puts_fp(fp, " ^ "); + BN_print_fp(fp, b.get()); + puts_fp(fp, " - "); + } + BN_print_fp(fp, d.get()); + puts_fp(fp, "\n"); + } + if (!BN_one(e.get())) { + return false; + } + for (; !BN_is_zero(b.get()); BN_sub(b.get(), b.get(), BN_value_one())) { + if (!BN_mul(e.get(), e.get(), a.get(), ctx)) { + return false; + } + } + if (!BN_sub(e.get(), e.get(), d.get())) { + return false; + } + if (!BN_is_zero(e.get())) { + fprintf(stderr, "Exponentiation test failed!\n"); + return false; + } + } + return true; +} + +// test_exp_mod_zero tests that 1**0 mod 1 == 0. +static bool test_exp_mod_zero(void) { + ScopedBIGNUM zero(BN_new()); + if (!zero) { + return false; + } + BN_zero(zero.get()); + + ScopedBN_CTX ctx(BN_CTX_new()); + ScopedBIGNUM r(BN_new()); + if (!ctx || !r || + !BN_mod_exp(r.get(), BN_value_one(), zero.get(), BN_value_one(), ctx.get())) { + return false; + } + + if (!BN_is_zero(r.get())) { + printf("1**0 mod 1 = "); + BN_print_fp(stdout, r.get()); + printf(", should be 0\n"); + return false; + } + + return true; +} + +static int genprime_cb(int p, int n, BN_GENCB *arg) { + char c = '*'; + + if (p == 0) { + c = '.'; + } else if (p == 1) { + c = '+'; + } else if (p == 2) { + c = '*'; + } else if (p == 3) { + c = '\n'; + } + putc(c, stdout); + fflush(stdout); + return 1; +} + +static bool test_mod_sqrt(FILE *fp, BN_CTX *ctx) { + ScopedBIGNUM a(BN_new()); + ScopedBIGNUM p(BN_new()); + ScopedBIGNUM r(BN_new()); + if (!a || !p || !r) { + return false; + } + + BN_GENCB cb; + BN_GENCB_set(&cb, genprime_cb, NULL); + + for (int i = 0; i < 16; i++) { + if (i < 8) { + const unsigned kPrimes[8] = {2, 3, 5, 7, 11, 13, 17, 19}; + if (!BN_set_word(p.get(), kPrimes[i])) { + return false; + } + } else { + if (!BN_set_word(a.get(), 32) || + !BN_set_word(r.get(), 2 * i + 1) || + !BN_generate_prime_ex(p.get(), 256, 0, a.get(), r.get(), &cb)) { + return false; + } + putc('\n', stdout); + } + p->neg = rand_neg(); + + for (int j = 0; j < num2; j++) { + // construct 'a' such that it is a square modulo p, but in general not a + // proper square and not reduced modulo p + if (!BN_rand(r.get(), 256, 0, 3) || + !BN_nnmod(r.get(), r.get(), p.get(), ctx) || + !BN_mod_sqr(r.get(), r.get(), p.get(), ctx) || + !BN_rand(a.get(), 256, 0, 3) || + !BN_nnmod(a.get(), a.get(), p.get(), ctx) || + !BN_mod_sqr(a.get(), a.get(), p.get(), ctx) || + !BN_mul(a.get(), a.get(), r.get(), ctx)) { + return false; + } + if (rand_neg() && !BN_sub(a.get(), a.get(), p.get())) { + return false; + } + + if (!BN_mod_sqrt(r.get(), a.get(), p.get(), ctx) || + !BN_mod_sqr(r.get(), r.get(), p.get(), ctx) || + !BN_nnmod(a.get(), a.get(), p.get(), ctx)) { + return false; + } + + if (BN_cmp(a.get(), r.get()) != 0) { + fprintf(stderr, "BN_mod_sqrt failed: a = "); + BN_print_fp(stderr, a.get()); + fprintf(stderr, ", r = "); + BN_print_fp(stderr, r.get()); + fprintf(stderr, ", p = "); + BN_print_fp(stderr, p.get()); + fprintf(stderr, "\n"); + return false; + } + + putc('.', stdout); + fflush(stdout); + } + + putc('\n', stdout); + fflush(stderr); + } + return true; +} + +static bool test_small_prime(FILE *fp, BN_CTX *ctx) { + static const int kBits = 10; + + ScopedBIGNUM r(BN_new()); + if (!r || !BN_generate_prime_ex(r.get(), kBits, 0, NULL, NULL, NULL)) { + return false; + } + if (BN_num_bits(r.get()) != kBits) { + fprintf(fp, "Expected %d bit prime, got %d bit number\n", kBits, + BN_num_bits(r.get())); + return false; + } + + return true; +} + +static bool test_sqrt(FILE *fp, BN_CTX *ctx) { + ScopedBIGNUM n(BN_new()); + ScopedBIGNUM nn(BN_new()); + ScopedBIGNUM sqrt(BN_new()); + if (!n || !nn || !sqrt) { + return false; + } + + // Test some random squares. + for (int i = 0; i < 100; i++) { + if (!BN_rand(n.get(), 1024 /* bit length */, + -1 /* no modification of top bits */, + 0 /* don't modify bottom bit */) || + !BN_mul(nn.get(), n.get(), n.get(), ctx) || + !BN_sqrt(sqrt.get(), nn.get(), ctx)) { + ERR_print_errors_fp(stderr); + return false; + } + if (BN_cmp(n.get(), sqrt.get()) != 0) { + fprintf(stderr, "Bad result from BN_sqrt.\n"); + return false; + } + } + + // Test some non-squares. + for (int i = 0; i < 100; i++) { + if (!BN_rand(n.get(), 1024 /* bit length */, + -1 /* no modification of top bits */, + 0 /* don't modify bottom bit */) || + !BN_mul(nn.get(), n.get(), n.get(), ctx) || + !BN_add(nn.get(), nn.get(), BN_value_one())) { + ERR_print_errors_fp(stderr); + return false; + } + + if (BN_sqrt(sqrt.get(), nn.get(), ctx)) { + char *nn_str = BN_bn2dec(nn.get()); + fprintf(stderr, "BIO_sqrt didn't fail on a non-square: %s\n", nn_str); + OPENSSL_free(nn_str); + } + } + + return true; +} + +static bool test_bn2bin_padded(FILE *fp, BN_CTX *ctx) { + uint8_t zeros[256], out[256], reference[128]; + + memset(zeros, 0, sizeof(zeros)); + + // Test edge case at 0. + ScopedBIGNUM n(BN_new()); + if (!n || !BN_bn2bin_padded(NULL, 0, n.get())) { + fprintf(stderr, + "BN_bn2bin_padded failed to encode 0 in an empty buffer.\n"); + return false; + } + memset(out, -1, sizeof(out)); + if (!BN_bn2bin_padded(out, sizeof(out), n.get())) { + fprintf(stderr, + "BN_bn2bin_padded failed to encode 0 in a non-empty buffer.\n"); + return false; + } + if (memcmp(zeros, out, sizeof(out))) { + fprintf(stderr, "BN_bn2bin_padded did not zero buffer.\n"); + return false; + } + + // Test a random numbers at various byte lengths. + for (size_t bytes = 128 - 7; bytes <= 128; bytes++) { + if (!BN_rand(n.get(), bytes * 8, 0 /* make sure top bit is 1 */, + 0 /* don't modify bottom bit */)) { + ERR_print_errors_fp(stderr); + return false; + } + if (BN_num_bytes(n.get()) != bytes || + BN_bn2bin(n.get(), reference) != bytes) { + fprintf(stderr, "Bad result from BN_rand; bytes.\n"); + return false; + } + // Empty buffer should fail. + if (BN_bn2bin_padded(NULL, 0, n.get())) { + fprintf(stderr, + "BN_bn2bin_padded incorrectly succeeded on empty buffer.\n"); + return false; + } + // One byte short should fail. + if (BN_bn2bin_padded(out, bytes - 1, n.get())) { + fprintf(stderr, "BN_bn2bin_padded incorrectly succeeded on short.\n"); + return false; + } + // Exactly right size should encode. + if (!BN_bn2bin_padded(out, bytes, n.get()) || + memcmp(out, reference, bytes) != 0) { + fprintf(stderr, "BN_bn2bin_padded gave a bad result.\n"); + return false; + } + // Pad up one byte extra. + if (!BN_bn2bin_padded(out, bytes + 1, n.get()) || + memcmp(out + 1, reference, bytes) || memcmp(out, zeros, 1)) { + fprintf(stderr, "BN_bn2bin_padded gave a bad result.\n"); + return false; + } + // Pad up to 256. + if (!BN_bn2bin_padded(out, sizeof(out), n.get()) || + memcmp(out + sizeof(out) - bytes, reference, bytes) || + memcmp(out, zeros, sizeof(out) - bytes)) { + fprintf(stderr, "BN_bn2bin_padded gave a bad result.\n"); + return false; + } + } + + return true; +} + +static int DecimalToBIGNUM(ScopedBIGNUM *out, const char *in) { + BIGNUM *raw = NULL; + int ret = BN_dec2bn(&raw, in); + out->reset(raw); + return ret; +} + +static bool test_dec2bn(FILE *fp, BN_CTX *ctx) { + ScopedBIGNUM bn; + int ret = DecimalToBIGNUM(&bn, "0"); + if (ret != 1 || !BN_is_zero(bn.get()) || BN_is_negative(bn.get())) { + fprintf(stderr, "BN_dec2bn gave a bad result.\n"); + return false; + } + + ret = DecimalToBIGNUM(&bn, "256"); + if (ret != 3 || !BN_is_word(bn.get(), 256) || BN_is_negative(bn.get())) { + fprintf(stderr, "BN_dec2bn gave a bad result.\n"); + return false; + } + + ret = DecimalToBIGNUM(&bn, "-42"); + if (ret != 3 || !BN_abs_is_word(bn.get(), 42) || !BN_is_negative(bn.get())) { + fprintf(stderr, "BN_dec2bn gave a bad result.\n"); + return false; + } + + ret = DecimalToBIGNUM(&bn, "-0"); + if (ret != 2 || !BN_is_zero(bn.get()) || BN_is_negative(bn.get())) { + fprintf(stderr, "BN_dec2bn gave a bad result.\n"); + return false; + } + + ret = DecimalToBIGNUM(&bn, "42trailing garbage is ignored"); + if (ret != 2 || !BN_abs_is_word(bn.get(), 42) || BN_is_negative(bn.get())) { + fprintf(stderr, "BN_dec2bn gave a bad result.\n"); + return false; + } + + return true; +} + +static int HexToBIGNUM(ScopedBIGNUM *out, const char *in) { + BIGNUM *raw = NULL; + int ret = BN_hex2bn(&raw, in); + out->reset(raw); + return ret; +} + +static bool test_hex2bn(FILE *fp, BN_CTX *ctx) { + ScopedBIGNUM bn; + int ret = HexToBIGNUM(&bn, "0"); + if (ret != 1 || !BN_is_zero(bn.get()) || BN_is_negative(bn.get())) { + fprintf(stderr, "BN_hex2bn gave a bad result.\n"); + return false; + } + + ret = HexToBIGNUM(&bn, "256"); + if (ret != 3 || !BN_is_word(bn.get(), 0x256) || BN_is_negative(bn.get())) { + fprintf(stderr, "BN_hex2bn gave a bad result.\n"); + return false; + } + + ret = HexToBIGNUM(&bn, "-42"); + if (ret != 3 || !BN_abs_is_word(bn.get(), 0x42) || !BN_is_negative(bn.get())) { + fprintf(stderr, "BN_hex2bn gave a bad result.\n"); + return false; + } + + ret = HexToBIGNUM(&bn, "-0"); + if (ret != 2 || !BN_is_zero(bn.get()) || BN_is_negative(bn.get())) { + fprintf(stderr, "BN_hex2bn gave a bad result.\n"); + return false; + } + + ret = HexToBIGNUM(&bn, "abctrailing garbage is ignored"); + if (ret != 3 || !BN_is_word(bn.get(), 0xabc) || BN_is_negative(bn.get())) { + fprintf(stderr, "BN_hex2bn gave a bad result.\n"); + return false; + } + + return true; +} + +static ScopedBIGNUM ASCIIToBIGNUM(const char *in) { + BIGNUM *raw = NULL; + if (!BN_asc2bn(&raw, in)) { + return nullptr; + } + return ScopedBIGNUM(raw); +} + +static bool test_asc2bn(FILE *fp, BN_CTX *ctx) { + ScopedBIGNUM bn = ASCIIToBIGNUM("0"); + if (!bn || !BN_is_zero(bn.get()) || BN_is_negative(bn.get())) { + fprintf(stderr, "BN_asc2bn gave a bad result.\n"); + return false; + } + + bn = ASCIIToBIGNUM("256"); + if (!bn || !BN_is_word(bn.get(), 256) || BN_is_negative(bn.get())) { + fprintf(stderr, "BN_asc2bn gave a bad result.\n"); + return false; + } + + bn = ASCIIToBIGNUM("-42"); + if (!bn || !BN_abs_is_word(bn.get(), 42) || !BN_is_negative(bn.get())) { + fprintf(stderr, "BN_asc2bn gave a bad result.\n"); + return false; + } + + bn = ASCIIToBIGNUM("0x1234"); + if (!bn || !BN_is_word(bn.get(), 0x1234) || BN_is_negative(bn.get())) { + fprintf(stderr, "BN_asc2bn gave a bad result.\n"); + return false; + } + + bn = ASCIIToBIGNUM("0X1234"); + if (!bn || !BN_is_word(bn.get(), 0x1234) || BN_is_negative(bn.get())) { + fprintf(stderr, "BN_asc2bn gave a bad result.\n"); + return false; + } + + bn = ASCIIToBIGNUM("-0xabcd"); + if (!bn || !BN_abs_is_word(bn.get(), 0xabcd) || !BN_is_negative(bn.get())) { + fprintf(stderr, "BN_asc2bn gave a bad result.\n"); + return false; + } + + bn = ASCIIToBIGNUM("-0"); + if (!bn || !BN_is_zero(bn.get()) || BN_is_negative(bn.get())) { + fprintf(stderr, "BN_asc2bn gave a bad result.\n"); + return false; + } + + bn = ASCIIToBIGNUM("123trailing garbage is ignored"); + if (!bn || !BN_is_word(bn.get(), 123) || BN_is_negative(bn.get())) { + fprintf(stderr, "BN_asc2bn gave a bad result.\n"); + return false; + } + + return true; +} diff --git a/src/crypto/bn/convert.c b/src/crypto/bn/convert.c index 9c7b9be..531b661 100644 --- a/src/crypto/bn/convert.c +++ b/src/crypto/bn/convert.c @@ -407,13 +407,9 @@ char *BN_bn2dec(const BIGNUM *a) { ok = 1; err: - if (bn_data != NULL) { - OPENSSL_free(bn_data); - } - if (t != NULL) { - BN_free(t); - } - if (!ok && buf) { + OPENSSL_free(bn_data); + BN_free(t); + if (!ok) { OPENSSL_free(buf); buf = NULL; } diff --git a/src/crypto/bn/ctx.c b/src/crypto/bn/ctx.c index e54007b..0578376 100644 --- a/src/crypto/bn/ctx.c +++ b/src/crypto/bn/ctx.c @@ -205,14 +205,12 @@ static void BN_STACK_init(BN_STACK *st) { } static void BN_STACK_finish(BN_STACK *st) { - if (st->size) - OPENSSL_free(st->indexes); + OPENSSL_free(st->indexes); } static int BN_STACK_push(BN_STACK *st, unsigned int idx) { - if (st->depth == st->size) - /* Need to expand */ - { + if (st->depth == st->size) { + /* Need to expand */ unsigned int newsize = (st->size ? (st->size * 3 / 2) : BN_CTX_START_FRAMES); unsigned int *newitems = OPENSSL_malloc(newsize * sizeof(unsigned int)); @@ -222,9 +220,7 @@ static int BN_STACK_push(BN_STACK *st, unsigned int idx) { if (st->depth) { memcpy(newitems, st->indexes, st->depth * sizeof(unsigned int)); } - if (st->size) { - OPENSSL_free(st->indexes); - } + OPENSSL_free(st->indexes); st->indexes = newitems; st->size = newsize; } diff --git a/src/crypto/bn/div.c b/src/crypto/bn/div.c index d65957a..3588ea1 100644 --- a/src/crypto/bn/div.c +++ b/src/crypto/bn/div.c @@ -278,12 +278,14 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, t2 = (BN_ULLONG)d1 * q; for (;;) { - if (t2 <= ((((BN_ULLONG)rem) << BN_BITS2) | wnump[-2])) + if (t2 <= ((((BN_ULLONG)rem) << BN_BITS2) | wnump[-2])) { break; + } q--; rem += d0; - if (rem < d0) + if (rem < d0) { break; /* don't let rem overflow */ + } t2 -= d1; } #else /* !BN_LLONG */ @@ -316,14 +318,17 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, #endif for (;;) { - if ((t2h < rem) || ((t2h == rem) && (t2l <= wnump[-2]))) + if ((t2h < rem) || ((t2h == rem) && (t2l <= wnump[-2]))) { break; + } q--; rem += d0; - if (rem < d0) + if (rem < d0) { break; /* don't let rem overflow */ - if (t2l < d1) + } + if (t2l < d1) { t2h--; + } t2l -= d1; } #endif /* !BN_LLONG */ @@ -357,7 +362,9 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, * BN_rshift() will overwrite it. */ int neg = num->neg; - BN_rshift(rm, snum, norm_shift); + if (!BN_rshift(rm, snum, norm_shift)) { + goto err; + } if (!BN_is_zero(rm)) { rm->neg = neg; } @@ -485,9 +492,7 @@ int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m)); - if (abs_m) { - BN_free(abs_m); - } + BN_free(abs_m); return ret; } diff --git a/src/crypto/bn/exponentiation.c b/src/crypto/bn/exponentiation.c index 53f3e9c..d3063c9 100644 --- a/src/crypto/bn/exponentiation.c +++ b/src/crypto/bn/exponentiation.c @@ -172,12 +172,13 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) { } } } - ret = 1; -err: if (r != rr) { BN_copy(r, rr); } + ret = 1; + +err: BN_CTX_end(ctx); return ret; } @@ -685,12 +686,14 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, j = m->top; /* borrow j */ if (m->d[j - 1] & (((BN_ULONG)1) << (BN_BITS2 - 1))) { - if (bn_wexpand(r, j) == NULL) + if (bn_wexpand(r, j) == NULL) { goto err; + } /* 2^(top*BN_BITS2) - m */ r->d[0] = (0 - m->d[0]) & BN_MASK2; - for (i = 1; i < j; i++) + for (i = 1; i < j; i++) { r->d[i] = (~m->d[i]) & BN_MASK2; + } r->top = j; /* Upper words will be zero if the corresponding words of 'm' * were 0xfff[...], so decrement r->top accordingly. */ @@ -704,9 +707,8 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, int wend; /* The bottom bit of the window */ if (BN_is_bit_set(p, wstart) == 0) { - if (!start) { - if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) - goto err; + if (!start && !BN_mod_mul_montgomery(r, r, r, mont, ctx)) { + goto err; } if (wstart == 0) { break; @@ -761,7 +763,7 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, ret = 1; err: - if (in_mont == NULL && mont != NULL) { + if (in_mont == NULL) { BN_MONT_CTX_free(mont); } BN_CTX_end(ctx); @@ -876,15 +878,14 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, BN_CTX_start(ctx); /* Allocate a montgomery context if it was not supplied by the caller. - * If this is not done, things will break in the montgomery part. - */ - if (in_mont != NULL) + * If this is not done, things will break in the montgomery part. */ + if (in_mont != NULL) { mont = in_mont; - else { - if ((mont = BN_MONT_CTX_new()) == NULL) - goto err; - if (!BN_MONT_CTX_set(mont, m, ctx)) + } else { + mont = BN_MONT_CTX_new(); + if (mont == NULL || !BN_MONT_CTX_set(mont, m, ctx)) { goto err; + } } #ifdef RSAZ_ENABLED @@ -893,8 +894,9 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, * crypto/bn/rsaz_exp.c and accompanying assembly modules. */ if ((16 == a->top) && (16 == p->top) && (BN_num_bits(m) == 1024) && rsaz_avx2_eligible()) { - if (NULL == bn_wexpand(rr, 16)) + if (NULL == bn_wexpand(rr, 16)) { goto err; + } RSAZ_1024_mod_exp_avx2(rr->d, a->d, p->d, m->d, mont->RR.d, mont->n0[0]); rr->top = 16; rr->neg = 0; @@ -902,8 +904,9 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, ret = 1; goto err; } else if ((8 == a->top) && (8 == p->top) && (BN_num_bits(m) == 512)) { - if (NULL == bn_wexpand(rr, 8)) + if (NULL == bn_wexpand(rr, 8)) { goto err; + } RSAZ_512_mod_exp(rr->d, a->d, p->d, m->d, mont->n0[0], mont->RR.d); rr->top = 8; rr->neg = 0; @@ -918,8 +921,9 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, #if defined(OPENSSL_BN_ASM_MONT5) if (window >= 5) { window = 5; /* ~5% improvement for RSA2048 sign, and even for RSA4096 */ - if ((top & 7) == 0) + if ((top & 7) == 0) { powerbufLen += 2 * top * sizeof(m->d[0]); + } } #endif (void)0; @@ -932,20 +936,24 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, sizeof(m->d[0]) * (top * numPowers + ((2 * top) > numPowers ? (2 * top) : numPowers)); #ifdef alloca - if (powerbufLen < 3072) + if (powerbufLen < 3072) { powerbufFree = alloca(powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH); - else + } else #endif - if ((powerbufFree = (unsigned char *)OPENSSL_malloc( - powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) == NULL) - goto err; + { + if ((powerbufFree = (unsigned char *)OPENSSL_malloc( + powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) == NULL) { + goto err; + } + } powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree); memset(powerbuf, 0, powerbufLen); #ifdef alloca - if (powerbufLen < 3072) + if (powerbufLen < 3072) { powerbufFree = NULL; + } #endif /* lay down tmp and am right after powers table */ @@ -961,20 +969,23 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, if (m->d[top - 1] & (((BN_ULONG)1) << (BN_BITS2 - 1))) { /* 2^(top*BN_BITS2) - m */ tmp.d[0] = (0 - m->d[0]) & BN_MASK2; - for (i = 1; i < top; i++) + for (i = 1; i < top; i++) { tmp.d[i] = (~m->d[i]) & BN_MASK2; + } tmp.top = top; - } else if (!BN_to_montgomery(&tmp, BN_value_one(), mont, ctx)) + } else if (!BN_to_montgomery(&tmp, BN_value_one(), mont, ctx)) { goto err; + } /* prepare a^1 in Montgomery domain */ if (a->neg || BN_ucmp(a, m) >= 0) { - if (!BN_mod(&am, a, m, ctx)) - goto err; - if (!BN_to_montgomery(&am, &am, mont, ctx)) + if (!BN_mod(&am, a, m, ctx) || + !BN_to_montgomery(&am, &am, mont, ctx)) { goto err; - } else if (!BN_to_montgomery(&am, a, mont, ctx)) + } + } else if (!BN_to_montgomery(&am, a, mont, ctx)) { goto err; + } #if defined(OPENSSL_BN_ASM_MONT5) /* This optimization uses ideas from http://eprint.iacr.org/2011/239, @@ -1001,16 +1012,20 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, /* BN_to_montgomery can contaminate words above .top * [in BN_DEBUG[_DEBUG] build]... */ - for (i = am.top; i < top; i++) + for (i = am.top; i < top; i++) { am.d[i] = 0; - for (i = tmp.top; i < top; i++) + } + for (i = tmp.top; i < top; i++) { tmp.d[i] = 0; + } - if (top & 7) + if (top & 7) { np2 = np; - else - for (np2 = am.d + top, i = 0; i < top; i++) + } else { + for (np2 = am.d + top, i = 0; i < top; i++) { np2[2 * i] = np[i]; + } + } bn_scatter5(tmp.d, top, powerbuf, 0); bn_scatter5(am.d, am.top, powerbuf, 1); @@ -1043,8 +1058,9 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, } bits--; - for (wvalue = 0, i = bits % 5; i >= 0; i--, bits--) + for (wvalue = 0, i = bits % 5; i >= 0; i--, bits--) { wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); + } bn_gather5(tmp.d, top, powerbuf, wvalue); /* At this point |bits| is 4 mod 5 and at least -1. (|bits| is the first bit @@ -1056,8 +1072,9 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, */ if (top & 7) { while (bits >= 0) { - for (wvalue = 0, i = 0; i < 5; i++, bits--) + for (wvalue = 0, i = 0; i < 5; i++, bits--) { wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); + } bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); @@ -1101,17 +1118,18 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, tmp.top = top; bn_correct_top(&tmp); if (ret) { - if (!BN_copy(rr, &tmp)) + if (!BN_copy(rr, &tmp)) { ret = 0; + } goto err; /* non-zero ret means it's not error */ } } else #endif { - if (!copy_to_prebuf(&tmp, top, powerbuf, 0, numPowers)) - goto err; - if (!copy_to_prebuf(&am, top, powerbuf, 1, numPowers)) + if (!copy_to_prebuf(&tmp, top, powerbuf, 0, numPowers) || + !copy_to_prebuf(&am, top, powerbuf, 1, numPowers)) { goto err; + } /* If the window size is greater than 1, then calculate * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1) @@ -1119,24 +1137,26 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, * to use the slight performance advantage of sqr over mul). */ if (window > 1) { - if (!BN_mod_mul_montgomery(&tmp, &am, &am, mont, ctx)) - goto err; - if (!copy_to_prebuf(&tmp, top, powerbuf, 2, numPowers)) + if (!BN_mod_mul_montgomery(&tmp, &am, &am, mont, ctx) || + !copy_to_prebuf(&tmp, top, powerbuf, 2, numPowers)) { goto err; + } for (i = 3; i < numPowers; i++) { /* Calculate a^i = a^(i-1) * a */ - if (!BN_mod_mul_montgomery(&tmp, &am, &tmp, mont, ctx)) - goto err; - if (!copy_to_prebuf(&tmp, top, powerbuf, i, numPowers)) + if (!BN_mod_mul_montgomery(&tmp, &am, &tmp, mont, ctx) || + !copy_to_prebuf(&tmp, top, powerbuf, i, numPowers)) { goto err; + } } } bits--; - for (wvalue = 0, i = bits % window; i >= 0; i--, bits--) + for (wvalue = 0, i = bits % window; i >= 0; i--, bits--) { wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); - if (!copy_from_prebuf(&tmp, top, powerbuf, wvalue, numPowers)) + } + if (!copy_from_prebuf(&tmp, top, powerbuf, wvalue, numPowers)) { goto err; + } /* Scan the exponent one window at a time starting from the most * significant bits. @@ -1146,32 +1166,36 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, /* Scan the window, squaring the result as we go */ for (i = 0; i < window; i++, bits--) { - if (!BN_mod_mul_montgomery(&tmp, &tmp, &tmp, mont, ctx)) + if (!BN_mod_mul_montgomery(&tmp, &tmp, &tmp, mont, ctx)) { goto err; + } wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); } /* Fetch the appropriate pre-computed value from the pre-buf */ - if (!copy_from_prebuf(&am, top, powerbuf, wvalue, numPowers)) + if (!copy_from_prebuf(&am, top, powerbuf, wvalue, numPowers)) { goto err; + } /* Multiply the result into the intermediate result */ - if (!BN_mod_mul_montgomery(&tmp, &tmp, &am, mont, ctx)) + if (!BN_mod_mul_montgomery(&tmp, &tmp, &am, mont, ctx)) { goto err; + } } } /* Convert the final result from montgomery to standard format */ - if (!BN_from_montgomery(rr, &tmp, mont, ctx)) + if (!BN_from_montgomery(rr, &tmp, mont, ctx)) { goto err; + } ret = 1; err: - if ((in_mont == NULL) && (mont != NULL)) + if (in_mont == NULL) { BN_MONT_CTX_free(mont); + } if (powerbuf != NULL) { OPENSSL_cleanse(powerbuf, powerbufLen); - if (powerbufFree) - OPENSSL_free(powerbufFree); + OPENSSL_free(powerbufFree); } BN_CTX_end(ctx); return (ret); @@ -1238,13 +1262,11 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, goto err; } - if (in_mont != NULL) + if (in_mont != NULL) { mont = in_mont; - else { - if ((mont = BN_MONT_CTX_new()) == NULL) { - goto err; - } - if (!BN_MONT_CTX_set(mont, m, ctx)) { + } else { + mont = BN_MONT_CTX_new(); + if (mont == NULL || !BN_MONT_CTX_set(mont, m, ctx)) { goto err; } } @@ -1328,7 +1350,7 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, ret = 1; err: - if (in_mont == NULL && mont != NULL) { + if (in_mont == NULL) { BN_MONT_CTX_free(mont); } BN_CTX_end(ctx); @@ -1477,28 +1499,33 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, if (!wvalue1 && BN_is_bit_set(p1, b)) { /* consider bits b-window1+1 .. b for this window */ i = b - window1 + 1; - while (!BN_is_bit_set(p1, i)) /* works for i<0 */ + /* works for i<0 */ + while (!BN_is_bit_set(p1, i)) { i++; + } wpos1 = i; wvalue1 = 1; for (i = b - 1; i >= wpos1; i--) { wvalue1 <<= 1; - if (BN_is_bit_set(p1, i)) + if (BN_is_bit_set(p1, i)) { wvalue1++; + } } } if (!wvalue2 && BN_is_bit_set(p2, b)) { /* consider bits b-window2+1 .. b for this window */ i = b - window2 + 1; - while (!BN_is_bit_set(p2, i)) + while (!BN_is_bit_set(p2, i)) { i++; + } wpos2 = i; wvalue2 = 1; for (i = b - 1; i >= wpos2; i--) { wvalue2 <<= 1; - if (BN_is_bit_set(p2, i)) + if (BN_is_bit_set(p2, i)) { wvalue2++; + } } } @@ -1527,7 +1554,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, ret = 1; err: - if (in_mont == NULL && mont != NULL) { + if (in_mont == NULL) { BN_MONT_CTX_free(mont); } BN_CTX_end(ctx); diff --git a/src/crypto/bn/gcd.c b/src/crypto/bn/gcd.c index 2dce296..3132c29 100644 --- a/src/crypto/bn/gcd.c +++ b/src/crypto/bn/gcd.c @@ -258,12 +258,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *out, const BIGNUM *a, const BIGNUM *n, goto err; } - BN_one(X); BN_zero(Y); - if (BN_copy(B, a) == NULL) { - goto err; - } - if (BN_copy(A, n) == NULL) { + if (!BN_one(X) || BN_copy(B, a) == NULL || BN_copy(A, n) == NULL) { goto err; } A->neg = 0; @@ -570,12 +566,8 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *out, const BIGNUM *a, goto err; } - BN_one(X); BN_zero(Y); - if (BN_copy(B, a) == NULL) { - goto err; - } - if (BN_copy(A, n) == NULL) { + if (!BN_one(X) || BN_copy(B, a) == NULL || BN_copy(A, n) == NULL) { goto err; } A->neg = 0; @@ -586,8 +578,9 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *out, const BIGNUM *a, */ pB = &local_B; BN_with_flags(pB, B, BN_FLG_CONSTTIME); - if (!BN_nnmod(B, pB, A, ctx)) + if (!BN_nnmod(B, pB, A, ctx)) { goto err; + } } sign = -1; /* From B = a mod |n|, A = |n| it follows that diff --git a/src/crypto/bn/generic.c b/src/crypto/bn/generic.c index 224a47c..0e7d867 100644 --- a/src/crypto/bn/generic.c +++ b/src/crypto/bn/generic.c @@ -585,23 +585,27 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, t1 = a[0]; t2 = b[0]; r[0] = (t1 - t2 - c) & BN_MASK2; - if (t1 != t2) + if (t1 != t2) { c = (t1 < t2); + } t1 = a[1]; t2 = b[1]; r[1] = (t1 - t2 - c) & BN_MASK2; - if (t1 != t2) + if (t1 != t2) { c = (t1 < t2); + } t1 = a[2]; t2 = b[2]; r[2] = (t1 - t2 - c) & BN_MASK2; - if (t1 != t2) + if (t1 != t2) { c = (t1 < t2); + } t1 = a[3]; t2 = b[3]; r[3] = (t1 - t2 - c) & BN_MASK2; - if (t1 != t2) + if (t1 != t2) { c = (t1 < t2); + } a += 4; b += 4; r += 4; @@ -611,8 +615,9 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, t1 = a[0]; t2 = b[0]; r[0] = (t1 - t2 - c) & BN_MASK2; - if (t1 != t2) + if (t1 != t2) { c = (t1 < t2); + } a++; b++; r++; @@ -1050,11 +1055,13 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, #ifdef mul64 mh = HBITS(ml); ml = LBITS(ml); - for (j = 0; j < num; ++j) + for (j = 0; j < num; ++j) { mul(tp[j], ap[j], ml, mh, c0); + } #else - for (j = 0; j < num; ++j) + for (j = 0; j < num; ++j) { mul(tp[j], ap[j], ml, c0); + } #endif tp[num] = c0; @@ -1067,11 +1074,13 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, #ifdef mul64 mh = HBITS(ml); ml = LBITS(ml); - for (j = 0; j < num; ++j) + for (j = 0; j < num; ++j) { mul_add(tp[j], ap[j], ml, mh, c0); + } #else - for (j = 0; j < num; ++j) + for (j = 0; j < num; ++j) { mul_add(tp[j], ap[j], ml, c0); + } #endif c1 = (tp[num] + c0) & BN_MASK2; tp[num] = c1; @@ -1104,13 +1113,15 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, if (tp[num] != 0 || tp[num - 1] >= np[num - 1]) { c0 = bn_sub_words(rp, tp, np, num); if (tp[num] != 0 || c0 == 0) { - for (i = 0; i < num + 2; i++) + for (i = 0; i < num + 2; i++) { vp[i] = 0; + } return 1; } } - for (i = 0; i < num; i++) + for (i = 0; i < num; i++) { rp[i] = tp[i], vp[i] = 0; + } vp[num] = 0; vp[num + 1] = 0; return 1; diff --git a/src/crypto/bn/internal.h b/src/crypto/bn/internal.h index d421cf3..2674b3c 100644 --- a/src/crypto/bn/internal.h +++ b/src/crypto/bn/internal.h @@ -125,10 +125,10 @@ #include -#include - #if defined(OPENSSL_X86_64) && defined(_MSC_VER) && _MSC_VER >= 1400 +#pragma warning(push, 3) #include +#pragma warning(pop) #pragma intrinsic(__umulh, _umul128) #endif @@ -159,10 +159,7 @@ BIGNUM *bn_expand(BIGNUM *bn, unsigned bits); #define BN_MASK2h1 (0xffffffff80000000L) #define BN_TBIT (0x8000000000000000L) #define BN_DEC_CONV (10000000000000000000UL) -#define BN_DEC_FMT1 "%" PRIu64 -#define BN_DEC_FMT2 "%019" PRIu64 #define BN_DEC_NUM 19 -#define BN_HEX_FMT1 "%" PRIx64 #elif defined(OPENSSL_32_BIT) @@ -179,10 +176,7 @@ BIGNUM *bn_expand(BIGNUM *bn, unsigned bits); #define BN_MASK2h (0xffff0000L) #define BN_TBIT (0x80000000L) #define BN_DEC_CONV (1000000000L) -#define BN_DEC_FMT1 "%" PRIu32 -#define BN_DEC_FMT2 "%09" PRIu32 #define BN_DEC_NUM 9 -#define BN_HEX_FMT1 "%" PRIx32 #else #error "Must define either OPENSSL_32_BIT or OPENSSL_64_BIT" diff --git a/src/crypto/bn/montgomery.c b/src/crypto/bn/montgomery.c index 65e177c..152cf2d 100644 --- a/src/crypto/bn/montgomery.c +++ b/src/crypto/bn/montgomery.c @@ -114,6 +114,7 @@ #include #include "internal.h" +#include "../internal.h" #if !defined(OPENSSL_NO_ASM) && \ @@ -292,44 +293,36 @@ err: return ret; } -BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, - const BIGNUM *mod, BN_CTX *ctx) { - BN_MONT_CTX *ret; - - CRYPTO_r_lock(lock); - ret = *pmont; - CRYPTO_r_unlock(lock); - if (ret) { - return ret; - } - - /* We don't want to serialise globally while doing our lazy-init math in - * BN_MONT_CTX_set. That punishes threads that are doing independent - * things. Instead, punish the case where more than one thread tries to - * lazy-init the same 'pmont', by having each do the lazy-init math work - * independently and only use the one from the thread that wins the race - * (the losers throw away the work they've done). */ - ret = BN_MONT_CTX_new(); - if (!ret) { - return NULL; - } - if (!BN_MONT_CTX_set(ret, mod, ctx)) { - BN_MONT_CTX_free(ret); - return NULL; +BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_MUTEX *lock, + const BIGNUM *mod, BN_CTX *bn_ctx) { + CRYPTO_MUTEX_lock_read(lock); + BN_MONT_CTX *ctx = *pmont; + CRYPTO_MUTEX_unlock(lock); + + if (ctx) { + return ctx; } - /* The locked compare-and-set, after the local work is done. */ - CRYPTO_w_lock(lock); - if (*pmont) { - BN_MONT_CTX_free(ret); - ret = *pmont; - } else { - *pmont = ret; + CRYPTO_MUTEX_lock_write(lock); + ctx = *pmont; + if (ctx) { + goto out; } - CRYPTO_w_unlock(lock); + ctx = BN_MONT_CTX_new(); + if (ctx == NULL) { + goto out; + } + if (!BN_MONT_CTX_set(ctx, mod, bn_ctx)) { + BN_MONT_CTX_free(ctx); + ctx = NULL; + goto out; + } + *pmont = ctx; - return ret; +out: + CRYPTO_MUTEX_unlock(lock); + return ctx; } int BN_to_montgomery(BIGNUM *ret, const BIGNUM *a, const BN_MONT_CTX *mont, @@ -514,8 +507,9 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, const BN_MONT_CTX *mont, return 0; } - if (BN_copy(t, a)) + if (BN_copy(t, a)) { retn = BN_from_montgomery_word(ret, t, mont); + } BN_CTX_end(ctx); return retn; diff --git a/src/crypto/bn/mul.c b/src/crypto/bn/mul.c index 80c6288..a17d766 100644 --- a/src/crypto/bn/mul.c +++ b/src/crypto/bn/mul.c @@ -150,8 +150,9 @@ static BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, assert(cl >= 0); c = bn_sub_words(r, a, b, cl); - if (dl == 0) + if (dl == 0) { return c; + } r += cl; a += cl; @@ -330,8 +331,9 @@ static void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, /* Else do normal multiply */ if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL) { bn_mul_normal(r, a, n2 + dna, b, n2 + dnb); - if ((dna + dnb) < 0) + if ((dna + dnb) < 0) { memset(&r[2 * n2 + dna + dnb], 0, sizeof(BN_ULONG) * -(dna + dnb)); + } return; } diff --git a/src/crypto/bn/prime.c b/src/crypto/bn/prime.c index fc9a3d5..cf3afcf 100644 --- a/src/crypto/bn/prime.c +++ b/src/crypto/bn/prime.c @@ -659,7 +659,13 @@ again: /* If bits is so small that it fits into a single word then we * additionally don't want to exceed that many bits. */ if (is_single_word) { - BN_ULONG size_limit = (((BN_ULONG)1) << bits) - get_word(rnd) - 1; + BN_ULONG size_limit; + if (bits == BN_BITS2) { + /* Avoid undefined behavior. */ + size_limit = ~((BN_ULONG)0) - get_word(rnd); + } else { + size_limit = (((BN_ULONG)1) << bits) - get_word(rnd) - 1; + } if (size_limit < maxdelta) { maxdelta = size_limit; } @@ -682,8 +688,9 @@ loop: for (i = 1; i < NUMPRIMES && primes[i] < rnd_word; i++) { if ((mods[i] + delta) % primes[i] == 0) { delta += 2; - if (delta > maxdelta) + if (delta > maxdelta) { goto again; + } goto loop; } } @@ -693,8 +700,9 @@ loop: * that gcd(rnd-1,primes) == 1 (except for 2) */ if (((mods[i] + delta) % primes[i]) <= 1) { delta += 2; - if (delta > maxdelta) + if (delta > maxdelta) { goto again; + } goto loop; } } diff --git a/src/crypto/bn/random.c b/src/crypto/bn/random.c index 285bf26..3be7510 100644 --- a/src/crypto/bn/random.c +++ b/src/crypto/bn/random.c @@ -321,8 +321,6 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, const BIGNUM *priv, ret = 1; err: - if (k_bytes) { - OPENSSL_free(k_bytes); - } + OPENSSL_free(k_bytes); return ret; } diff --git a/src/crypto/bn/sqrt.c b/src/crypto/bn/sqrt.c index 07041f9..e71a818 100644 --- a/src/crypto/bn/sqrt.c +++ b/src/crypto/bn/sqrt.c @@ -420,7 +420,7 @@ vrfy: end: if (err) { - if (ret != NULL && ret != in) { + if (ret != in) { BN_clear_free(ret); } ret = NULL; diff --git a/src/crypto/buf/CMakeLists.txt b/src/crypto/buf/CMakeLists.txt index dabf8d1..19edf7d 100644 --- a/src/crypto/buf/CMakeLists.txt +++ b/src/crypto/buf/CMakeLists.txt @@ -6,5 +6,4 @@ add_library( OBJECT buf.c - buf_error.c ) diff --git a/src/crypto/buf/buf_error.c b/src/crypto/buf/buf_error.c deleted file mode 100644 index fac6011..0000000 --- a/src/crypto/buf/buf_error.c +++ /dev/null @@ -1,25 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#include - -#include - -const ERR_STRING_DATA BUF_error_string_data[] = { - {ERR_PACK(ERR_LIB_BUF, BUF_F_BUF_MEM_new, 0), "BUF_MEM_new"}, - {ERR_PACK(ERR_LIB_BUF, BUF_F_BUF_memdup, 0), "BUF_memdup"}, - {ERR_PACK(ERR_LIB_BUF, BUF_F_BUF_strndup, 0), "BUF_strndup"}, - {ERR_PACK(ERR_LIB_BUF, BUF_F_buf_mem_grow, 0), "buf_mem_grow"}, - {0, NULL}, -}; diff --git a/src/crypto/bytestring/CMakeLists.txt b/src/crypto/bytestring/CMakeLists.txt index 8d6be7b..d1f0441 100644 --- a/src/crypto/bytestring/CMakeLists.txt +++ b/src/crypto/bytestring/CMakeLists.txt @@ -13,7 +13,7 @@ add_library( add_executable( bytestring_test - bytestring_test.c + bytestring_test.cc ) target_link_libraries(bytestring_test crypto) diff --git a/src/crypto/bytestring/bytestring_test.c b/src/crypto/bytestring/bytestring_test.c deleted file mode 100644 index cd0155e..0000000 --- a/src/crypto/bytestring/bytestring_test.c +++ /dev/null @@ -1,655 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#include -#include -#include - -#include -#include - -#include "internal.h" -#include "../internal.h" - - -static int test_skip(void) { - static const uint8_t kData[] = {1, 2, 3}; - CBS data; - - CBS_init(&data, kData, sizeof(kData)); - return CBS_len(&data) == 3 && - CBS_skip(&data, 1) && - CBS_len(&data) == 2 && - CBS_skip(&data, 2) && - CBS_len(&data) == 0 && - !CBS_skip(&data, 1); -} - -static int test_get_u(void) { - static const uint8_t kData[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10}; - uint8_t u8; - uint16_t u16; - uint32_t u32; - CBS data; - - CBS_init(&data, kData, sizeof(kData)); - return CBS_get_u8(&data, &u8) && - u8 == 1 && - CBS_get_u16(&data, &u16) && - u16 == 0x203 && - CBS_get_u24(&data, &u32) && - u32 == 0x40506 && - CBS_get_u32(&data, &u32) && - u32 == 0x708090a && - !CBS_get_u8(&data, &u8); -} - -static int test_get_prefixed(void) { - static const uint8_t kData[] = {1, 2, 0, 2, 3, 4, 0, 0, 3, 3, 2, 1}; - uint8_t u8; - uint16_t u16; - uint32_t u32; - CBS data, prefixed; - - CBS_init(&data, kData, sizeof(kData)); - return CBS_get_u8_length_prefixed(&data, &prefixed) && - CBS_len(&prefixed) == 1 && - CBS_get_u8(&prefixed, &u8) && - u8 == 2 && - CBS_get_u16_length_prefixed(&data, &prefixed) && - CBS_len(&prefixed) == 2 && - CBS_get_u16(&prefixed, &u16) && - u16 == 0x304 && - CBS_get_u24_length_prefixed(&data, &prefixed) && - CBS_len(&prefixed) == 3 && - CBS_get_u24(&prefixed, &u32) && - u32 == 0x30201; -} - -static int test_get_prefixed_bad(void) { - static const uint8_t kData1[] = {2, 1}; - static const uint8_t kData2[] = {0, 2, 1}; - static const uint8_t kData3[] = {0, 0, 2, 1}; - CBS data, prefixed; - - CBS_init(&data, kData1, sizeof(kData1)); - if (CBS_get_u8_length_prefixed(&data, &prefixed)) { - return 0; - } - - CBS_init(&data, kData2, sizeof(kData2)); - if (CBS_get_u16_length_prefixed(&data, &prefixed)) { - return 0; - } - - CBS_init(&data, kData3, sizeof(kData3)); - if (CBS_get_u24_length_prefixed(&data, &prefixed)) { - return 0; - } - - return 1; -} - -static int test_get_asn1(void) { - static const uint8_t kData1[] = {0x30, 2, 1, 2}; - static const uint8_t kData2[] = {0x30, 3, 1, 2}; - static const uint8_t kData3[] = {0x30, 0x80}; - static const uint8_t kData4[] = {0x30, 0x81, 1, 1}; - static const uint8_t kData5[] = {0x30, 0x82, 0, 1, 1}; - static const uint8_t kData6[] = {0xa1, 3, 0x4, 1, 1}; - static const uint8_t kData7[] = {0xa1, 3, 0x4, 2, 1}; - static const uint8_t kData8[] = {0xa1, 3, 0x2, 1, 1}; - static const uint8_t kData9[] = {0xa1, 3, 0x2, 1, 0xff}; - - CBS data, contents; - int present; - uint64_t value; - - CBS_init(&data, kData1, sizeof(kData1)); - if (CBS_peek_asn1_tag(&data, 0x1) || - !CBS_peek_asn1_tag(&data, 0x30)) { - return 0; - } - if (!CBS_get_asn1(&data, &contents, 0x30) || - CBS_len(&contents) != 2 || - memcmp(CBS_data(&contents), "\x01\x02", 2) != 0) { - return 0; - } - - CBS_init(&data, kData2, sizeof(kData2)); - /* data is truncated */ - if (CBS_get_asn1(&data, &contents, 0x30)) { - return 0; - } - - CBS_init(&data, kData3, sizeof(kData3)); - /* zero byte length of length */ - if (CBS_get_asn1(&data, &contents, 0x30)) { - return 0; - } - - CBS_init(&data, kData4, sizeof(kData4)); - /* long form mistakenly used. */ - if (CBS_get_asn1(&data, &contents, 0x30)) { - return 0; - } - - CBS_init(&data, kData5, sizeof(kData5)); - /* length takes too many bytes. */ - if (CBS_get_asn1(&data, &contents, 0x30)) { - return 0; - } - - CBS_init(&data, kData1, sizeof(kData1)); - /* wrong tag. */ - if (CBS_get_asn1(&data, &contents, 0x31)) { - return 0; - } - - CBS_init(&data, NULL, 0); - /* peek at empty data. */ - if (CBS_peek_asn1_tag(&data, 0x30)) { - return 0; - } - - CBS_init(&data, NULL, 0); - /* optional elements at empty data. */ - if (!CBS_get_optional_asn1(&data, &contents, &present, 0xa0) || - present || - !CBS_get_optional_asn1_octet_string(&data, &contents, &present, 0xa0) || - present || - CBS_len(&contents) != 0 || - !CBS_get_optional_asn1_octet_string(&data, &contents, NULL, 0xa0) || - CBS_len(&contents) != 0 || - !CBS_get_optional_asn1_uint64(&data, &value, 0xa0, 42) || - value != 42) { - return 0; - } - - CBS_init(&data, kData6, sizeof(kData6)); - /* optional element. */ - if (!CBS_get_optional_asn1(&data, &contents, &present, 0xa0) || - present || - !CBS_get_optional_asn1(&data, &contents, &present, 0xa1) || - !present || - CBS_len(&contents) != 3 || - memcmp(CBS_data(&contents), "\x04\x01\x01", 3) != 0) { - return 0; - } - - CBS_init(&data, kData6, sizeof(kData6)); - /* optional octet string. */ - if (!CBS_get_optional_asn1_octet_string(&data, &contents, &present, 0xa0) || - present || - CBS_len(&contents) != 0 || - !CBS_get_optional_asn1_octet_string(&data, &contents, &present, 0xa1) || - !present || - CBS_len(&contents) != 1 || - CBS_data(&contents)[0] != 1) { - return 0; - } - - CBS_init(&data, kData7, sizeof(kData7)); - /* invalid optional octet string. */ - if (CBS_get_optional_asn1_octet_string(&data, &contents, &present, 0xa1)) { - return 0; - } - - CBS_init(&data, kData8, sizeof(kData8)); - /* optional octet string. */ - if (!CBS_get_optional_asn1_uint64(&data, &value, 0xa0, 42) || - value != 42 || - !CBS_get_optional_asn1_uint64(&data, &value, 0xa1, 42) || - value != 1) { - return 0; - } - - CBS_init(&data, kData9, sizeof(kData9)); - /* invalid optional integer. */ - if (CBS_get_optional_asn1_uint64(&data, &value, 0xa1, 42)) { - return 0; - } - - return 1; -} - -static int test_get_optional_asn1_bool(void) { - CBS data; - int val; - - static const uint8_t kTrue[] = {0x0a, 3, CBS_ASN1_BOOLEAN, 1, 0xff}; - static const uint8_t kFalse[] = {0x0a, 3, CBS_ASN1_BOOLEAN, 1, 0x00}; - static const uint8_t kInvalid[] = {0x0a, 3, CBS_ASN1_BOOLEAN, 1, 0x01}; - - CBS_init(&data, NULL, 0); - val = 2; - if (!CBS_get_optional_asn1_bool(&data, &val, 0x0a, 0) || - val != 0) { - return 0; - } - - CBS_init(&data, kTrue, sizeof(kTrue)); - val = 2; - if (!CBS_get_optional_asn1_bool(&data, &val, 0x0a, 0) || - val != 1) { - return 0; - } - - CBS_init(&data, kFalse, sizeof(kFalse)); - val = 2; - if (!CBS_get_optional_asn1_bool(&data, &val, 0x0a, 1) || - val != 0) { - return 0; - } - - CBS_init(&data, kInvalid, sizeof(kInvalid)); - if (CBS_get_optional_asn1_bool(&data, &val, 0x0a, 1)) { - return 0; - } - - return 1; -} - -static int test_cbb_basic(void) { - static const uint8_t kExpected[] = {1, 2, 3, 4, 5, 6, 7, 8}; - uint8_t *buf; - size_t buf_len; - int ok; - CBB cbb; - - if (!CBB_init(&cbb, 100)) { - return 0; - } - CBB_cleanup(&cbb); - - if (!CBB_init(&cbb, 0) || - !CBB_add_u8(&cbb, 1) || - !CBB_add_u16(&cbb, 0x203) || - !CBB_add_u24(&cbb, 0x40506) || - !CBB_add_bytes(&cbb, (const uint8_t*) "\x07\x08", 2) || - !CBB_finish(&cbb, &buf, &buf_len)) { - return 0; - } - - ok = buf_len == sizeof(kExpected) && memcmp(buf, kExpected, buf_len) == 0; - free(buf); - return ok; -} - -static int test_cbb_fixed(void) { - CBB cbb; - uint8_t buf[1]; - uint8_t *out_buf; - size_t out_size; - - if (!CBB_init_fixed(&cbb, NULL, 0) || - CBB_add_u8(&cbb, 1) || - !CBB_finish(&cbb, &out_buf, &out_size) || - out_buf != NULL || - out_size != 0) { - return 0; - } - - if (!CBB_init_fixed(&cbb, buf, 1) || - !CBB_add_u8(&cbb, 1) || - CBB_add_u8(&cbb, 2) || - !CBB_finish(&cbb, &out_buf, &out_size) || - out_buf != buf || - out_size != 1 || - buf[0] != 1) { - return 0; - } - - return 1; -} - -static int test_cbb_finish_child(void) { - CBB cbb, child; - uint8_t *out_buf; - size_t out_size; - - if (!CBB_init(&cbb, 16) || - !CBB_add_u8_length_prefixed(&cbb, &child) || - CBB_finish(&child, &out_buf, &out_size) || - !CBB_finish(&cbb, &out_buf, &out_size) || - out_size != 1 || - out_buf[0] != 0) { - return 0; - } - - free(out_buf); - return 1; -} - -static int test_cbb_prefixed(void) { - static const uint8_t kExpected[] = {0, 1, 1, 0, 2, 2, 3, 0, 0, 3, - 4, 5, 6, 5, 4, 1, 0, 1, 2}; - uint8_t *buf; - size_t buf_len; - CBB cbb, contents, inner_contents, inner_inner_contents; - int ok; - - if (!CBB_init(&cbb, 0) || - !CBB_add_u8_length_prefixed(&cbb, &contents) || - !CBB_add_u8_length_prefixed(&cbb, &contents) || - !CBB_add_u8(&contents, 1) || - !CBB_add_u16_length_prefixed(&cbb, &contents) || - !CBB_add_u16(&contents, 0x203) || - !CBB_add_u24_length_prefixed(&cbb, &contents) || - !CBB_add_u24(&contents, 0x40506) || - !CBB_add_u8_length_prefixed(&cbb, &contents) || - !CBB_add_u8_length_prefixed(&contents, &inner_contents) || - !CBB_add_u8(&inner_contents, 1) || - !CBB_add_u16_length_prefixed(&inner_contents, &inner_inner_contents) || - !CBB_add_u8(&inner_inner_contents, 2) || - !CBB_finish(&cbb, &buf, &buf_len)) { - return 0; - } - - ok = buf_len == sizeof(kExpected) && memcmp(buf, kExpected, buf_len) == 0; - free(buf); - return ok; -} - -static int test_cbb_misuse(void) { - CBB cbb, child, contents; - uint8_t *buf; - size_t buf_len; - - if (!CBB_init(&cbb, 0) || - !CBB_add_u8_length_prefixed(&cbb, &child) || - !CBB_add_u8(&child, 1) || - !CBB_add_u8(&cbb, 2)) { - return 0; - } - - /* Since we wrote to |cbb|, |child| is now invalid and attempts to write to - * it should fail. */ - if (CBB_add_u8(&child, 1) || - CBB_add_u16(&child, 1) || - CBB_add_u24(&child, 1) || - CBB_add_u8_length_prefixed(&child, &contents) || - CBB_add_u16_length_prefixed(&child, &contents) || - CBB_add_asn1(&child, &contents, 1) || - CBB_add_bytes(&child, (const uint8_t*) "a", 1)) { - fprintf(stderr, "CBB operation on invalid CBB did not fail.\n"); - return 0; - } - - if (!CBB_finish(&cbb, &buf, &buf_len) || - buf_len != 3 || - memcmp(buf, "\x01\x01\x02", 3) != 0) { - return 0; - } - - free(buf); - - return 1; -} - -static int test_cbb_asn1(void) { - static const uint8_t kExpected[] = {0x30, 3, 1, 2, 3}; - uint8_t *buf, *test_data; - size_t buf_len; - CBB cbb, contents, inner_contents; - - if (!CBB_init(&cbb, 0) || - !CBB_add_asn1(&cbb, &contents, 0x30) || - !CBB_add_bytes(&contents, (const uint8_t*) "\x01\x02\x03", 3) || - !CBB_finish(&cbb, &buf, &buf_len)) { - return 0; - } - - if (buf_len != sizeof(kExpected) || memcmp(buf, kExpected, buf_len) != 0) { - return 0; - } - free(buf); - - test_data = malloc(100000); - memset(test_data, 0x42, 100000); - - if (!CBB_init(&cbb, 0) || - !CBB_add_asn1(&cbb, &contents, 0x30) || - !CBB_add_bytes(&contents, test_data, 130) || - !CBB_finish(&cbb, &buf, &buf_len)) { - return 0; - } - - if (buf_len != 3 + 130 || - memcmp(buf, "\x30\x81\x82", 3) != 0 || - memcmp(buf + 3, test_data, 130) != 0) { - return 0; - } - free(buf); - - if (!CBB_init(&cbb, 0) || - !CBB_add_asn1(&cbb, &contents, 0x30) || - !CBB_add_bytes(&contents, test_data, 1000) || - !CBB_finish(&cbb, &buf, &buf_len)) { - return 0; - } - - if (buf_len != 4 + 1000 || - memcmp(buf, "\x30\x82\x03\xe8", 4) != 0 || - memcmp(buf + 4, test_data, 1000)) { - return 0; - } - free(buf); - - if (!CBB_init(&cbb, 0) || - !CBB_add_asn1(&cbb, &contents, 0x30) || - !CBB_add_asn1(&contents, &inner_contents, 0x30) || - !CBB_add_bytes(&inner_contents, test_data, 100000) || - !CBB_finish(&cbb, &buf, &buf_len)) { - return 0; - } - - if (buf_len != 5 + 5 + 100000 || - memcmp(buf, "\x30\x83\x01\x86\xa5\x30\x83\x01\x86\xa0", 10) != 0 || - memcmp(buf + 10, test_data, 100000)) { - return 0; - } - free(buf); - - free(test_data); - return 1; -} - -static int do_ber_convert(const char *name, - const uint8_t *der_expected, size_t der_len, - const uint8_t *ber, size_t ber_len) { - CBS in; - uint8_t *out; - size_t out_len; - - CBS_init(&in, ber, ber_len); - if (!CBS_asn1_ber_to_der(&in, &out, &out_len)) { - fprintf(stderr, "%s: CBS_asn1_ber_to_der failed.\n", name); - return 0; - } - - if (out == NULL) { - if (ber_len != der_len || - memcmp(der_expected, ber, ber_len) != 0) { - fprintf(stderr, "%s: incorrect unconverted result.\n", name); - return 0; - } - - return 1; - } - - if (out_len != der_len || - memcmp(out, der_expected, der_len) != 0) { - fprintf(stderr, "%s: incorrect converted result.\n", name); - return 0; - } - - free(out); - return 1; -} - -static int test_ber_convert(void) { - static const uint8_t kSimpleBER[] = {0x01, 0x01, 0x00}; - - /* kIndefBER contains a SEQUENCE with an indefinite length. */ - static const uint8_t kIndefBER[] = {0x30, 0x80, 0x01, 0x01, 0x02, 0x00, 0x00}; - static const uint8_t kIndefDER[] = {0x30, 0x03, 0x01, 0x01, 0x02}; - - /* kOctetStringBER contains an indefinite length OCTETSTRING with two parts. - * These parts need to be concatenated in DER form. */ - static const uint8_t kOctetStringBER[] = {0x24, 0x80, 0x04, 0x02, 0, 1, - 0x04, 0x02, 2, 3, 0x00, 0x00}; - static const uint8_t kOctetStringDER[] = {0x04, 0x04, 0, 1, 2, 3}; - - /* kNSSBER is part of a PKCS#12 message generated by NSS that uses indefinite - * length elements extensively. */ - static const uint8_t kNSSBER[] = { - 0x30, 0x80, 0x02, 0x01, 0x03, 0x30, 0x80, 0x06, 0x09, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x80, 0x24, 0x80, 0x04, 0x04, - 0x01, 0x02, 0x03, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x39, - 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, - 0x00, 0x04, 0x14, 0x84, 0x98, 0xfc, 0x66, 0x33, 0xee, 0xba, 0xe7, 0x90, - 0xc1, 0xb6, 0xe8, 0x8f, 0xfe, 0x1d, 0xc5, 0xa5, 0x97, 0x93, 0x3e, 0x04, - 0x10, 0x38, 0x62, 0xc6, 0x44, 0x12, 0xd5, 0x30, 0x00, 0xf8, 0xf2, 0x1b, - 0xf0, 0x6e, 0x10, 0x9b, 0xb8, 0x02, 0x02, 0x07, 0xd0, 0x00, 0x00, - }; - - static const uint8_t kNSSDER[] = { - 0x30, 0x53, 0x02, 0x01, 0x03, 0x30, 0x13, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x06, 0x04, 0x04, - 0x01, 0x02, 0x03, 0x04, 0x30, 0x39, 0x30, 0x21, 0x30, 0x09, 0x06, - 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, 0x84, - 0x98, 0xfc, 0x66, 0x33, 0xee, 0xba, 0xe7, 0x90, 0xc1, 0xb6, 0xe8, - 0x8f, 0xfe, 0x1d, 0xc5, 0xa5, 0x97, 0x93, 0x3e, 0x04, 0x10, 0x38, - 0x62, 0xc6, 0x44, 0x12, 0xd5, 0x30, 0x00, 0xf8, 0xf2, 0x1b, 0xf0, - 0x6e, 0x10, 0x9b, 0xb8, 0x02, 0x02, 0x07, 0xd0, - }; - - return do_ber_convert("kSimpleBER", kSimpleBER, sizeof(kSimpleBER), - kSimpleBER, sizeof(kSimpleBER)) && - do_ber_convert("kIndefBER", kIndefDER, sizeof(kIndefDER), kIndefBER, - sizeof(kIndefBER)) && - do_ber_convert("kOctetStringBER", kOctetStringDER, - sizeof(kOctetStringDER), kOctetStringBER, - sizeof(kOctetStringBER)) && - do_ber_convert("kNSSBER", kNSSDER, sizeof(kNSSDER), kNSSBER, - sizeof(kNSSBER)); -} - -typedef struct { - uint64_t value; - const char *encoding; - size_t encoding_len; -} ASN1_UINT64_TEST; - -static const ASN1_UINT64_TEST kAsn1Uint64Tests[] = { - {0, "\x02\x01\x00", 3}, - {1, "\x02\x01\x01", 3}, - {127, "\x02\x01\x7f", 3}, - {128, "\x02\x02\x00\x80", 4}, - {0xdeadbeef, "\x02\x05\x00\xde\xad\xbe\xef", 7}, - {OPENSSL_U64(0x0102030405060708), - "\x02\x08\x01\x02\x03\x04\x05\x06\x07\x08", 10}, - {OPENSSL_U64(0xffffffffffffffff), - "\x02\x09\x00\xff\xff\xff\xff\xff\xff\xff\xff", 11}, -}; - -typedef struct { - const char *encoding; - size_t encoding_len; -} ASN1_INVALID_UINT64_TEST; - -static const ASN1_INVALID_UINT64_TEST kAsn1InvalidUint64Tests[] = { - /* Bad tag. */ - {"\x03\x01\x00", 3}, - /* Empty contents. */ - {"\x02\x00", 2}, - /* Negative number. */ - {"\x02\x01\x80", 3}, - /* Overflow */ - {"\x02\x09\x01\x00\x00\x00\x00\x00\x00\x00\x00", 11}, -}; - -static int test_asn1_uint64(void) { - size_t i; - - for (i = 0; i < sizeof(kAsn1Uint64Tests) / sizeof(kAsn1Uint64Tests[0]); i++) { - const ASN1_UINT64_TEST *test = &kAsn1Uint64Tests[i]; - CBS cbs; - uint64_t value; - CBB cbb; - uint8_t *out; - size_t len; - - CBS_init(&cbs, (const uint8_t *)test->encoding, test->encoding_len); - if (!CBS_get_asn1_uint64(&cbs, &value) || - CBS_len(&cbs) != 0 || - value != test->value) { - return 0; - } - - if (!CBB_init(&cbb, 0)) { - return 0; - } - if (!CBB_add_asn1_uint64(&cbb, test->value) || - !CBB_finish(&cbb, &out, &len)) { - CBB_cleanup(&cbb); - return 0; - } - if (len != test->encoding_len || memcmp(out, test->encoding, len) != 0) { - free(out); - return 0; - } - free(out); - } - - for (i = 0; - i < sizeof(kAsn1InvalidUint64Tests) / sizeof(kAsn1InvalidUint64Tests[0]); - i++) { - const ASN1_INVALID_UINT64_TEST *test = &kAsn1InvalidUint64Tests[i]; - CBS cbs; - uint64_t value; - - CBS_init(&cbs, (const uint8_t *)test->encoding, test->encoding_len); - if (CBS_get_asn1_uint64(&cbs, &value)) { - return 0; - } - } - - return 1; -} - -int main(void) { - CRYPTO_library_init(); - - if (!test_skip() || - !test_get_u() || - !test_get_prefixed() || - !test_get_prefixed_bad() || - !test_get_asn1() || - !test_cbb_basic() || - !test_cbb_fixed() || - !test_cbb_finish_child() || - !test_cbb_misuse() || - !test_cbb_prefixed() || - !test_cbb_asn1() || - !test_ber_convert() || - !test_asn1_uint64() || - !test_get_optional_asn1_bool()) { - return 1; - } - - printf("PASS\n"); - return 0; -} diff --git a/src/crypto/bytestring/bytestring_test.cc b/src/crypto/bytestring/bytestring_test.cc new file mode 100644 index 0000000..66e9c1e --- /dev/null +++ b/src/crypto/bytestring/bytestring_test.cc @@ -0,0 +1,674 @@ +/* Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include +#include +#include + +#include + +#include +#include + +#include "internal.h" +#include "../internal.h" +#include "../test/scoped_types.h" + + +static bool TestSkip() { + static const uint8_t kData[] = {1, 2, 3}; + CBS data; + + CBS_init(&data, kData, sizeof(kData)); + return CBS_len(&data) == 3 && + CBS_skip(&data, 1) && + CBS_len(&data) == 2 && + CBS_skip(&data, 2) && + CBS_len(&data) == 0 && + !CBS_skip(&data, 1); +} + +static bool TestGetUint() { + static const uint8_t kData[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10}; + uint8_t u8; + uint16_t u16; + uint32_t u32; + CBS data; + + CBS_init(&data, kData, sizeof(kData)); + return CBS_get_u8(&data, &u8) && + u8 == 1 && + CBS_get_u16(&data, &u16) && + u16 == 0x203 && + CBS_get_u24(&data, &u32) && + u32 == 0x40506 && + CBS_get_u32(&data, &u32) && + u32 == 0x708090a && + !CBS_get_u8(&data, &u8); +} + +static bool TestGetPrefixed() { + static const uint8_t kData[] = {1, 2, 0, 2, 3, 4, 0, 0, 3, 3, 2, 1}; + uint8_t u8; + uint16_t u16; + uint32_t u32; + CBS data, prefixed; + + CBS_init(&data, kData, sizeof(kData)); + return CBS_get_u8_length_prefixed(&data, &prefixed) && + CBS_len(&prefixed) == 1 && + CBS_get_u8(&prefixed, &u8) && + u8 == 2 && + CBS_get_u16_length_prefixed(&data, &prefixed) && + CBS_len(&prefixed) == 2 && + CBS_get_u16(&prefixed, &u16) && + u16 == 0x304 && + CBS_get_u24_length_prefixed(&data, &prefixed) && + CBS_len(&prefixed) == 3 && + CBS_get_u24(&prefixed, &u32) && + u32 == 0x30201; +} + +static bool TestGetPrefixedBad() { + static const uint8_t kData1[] = {2, 1}; + static const uint8_t kData2[] = {0, 2, 1}; + static const uint8_t kData3[] = {0, 0, 2, 1}; + CBS data, prefixed; + + CBS_init(&data, kData1, sizeof(kData1)); + if (CBS_get_u8_length_prefixed(&data, &prefixed)) { + return false; + } + + CBS_init(&data, kData2, sizeof(kData2)); + if (CBS_get_u16_length_prefixed(&data, &prefixed)) { + return false; + } + + CBS_init(&data, kData3, sizeof(kData3)); + if (CBS_get_u24_length_prefixed(&data, &prefixed)) { + return false; + } + + return true; +} + +static bool TestGetASN1() { + static const uint8_t kData1[] = {0x30, 2, 1, 2}; + static const uint8_t kData2[] = {0x30, 3, 1, 2}; + static const uint8_t kData3[] = {0x30, 0x80}; + static const uint8_t kData4[] = {0x30, 0x81, 1, 1}; + static const uint8_t kData5[] = {0x30, 0x82, 0, 1, 1}; + static const uint8_t kData6[] = {0xa1, 3, 0x4, 1, 1}; + static const uint8_t kData7[] = {0xa1, 3, 0x4, 2, 1}; + static const uint8_t kData8[] = {0xa1, 3, 0x2, 1, 1}; + static const uint8_t kData9[] = {0xa1, 3, 0x2, 1, 0xff}; + + CBS data, contents; + int present; + uint64_t value; + + CBS_init(&data, kData1, sizeof(kData1)); + if (CBS_peek_asn1_tag(&data, 0x1) || + !CBS_peek_asn1_tag(&data, 0x30)) { + return false; + } + if (!CBS_get_asn1(&data, &contents, 0x30) || + CBS_len(&contents) != 2 || + memcmp(CBS_data(&contents), "\x01\x02", 2) != 0) { + return false; + } + + CBS_init(&data, kData2, sizeof(kData2)); + // data is truncated + if (CBS_get_asn1(&data, &contents, 0x30)) { + return false; + } + + CBS_init(&data, kData3, sizeof(kData3)); + // zero byte length of length + if (CBS_get_asn1(&data, &contents, 0x30)) { + return false; + } + + CBS_init(&data, kData4, sizeof(kData4)); + // long form mistakenly used. + if (CBS_get_asn1(&data, &contents, 0x30)) { + return false; + } + + CBS_init(&data, kData5, sizeof(kData5)); + // length takes too many bytes. + if (CBS_get_asn1(&data, &contents, 0x30)) { + return false; + } + + CBS_init(&data, kData1, sizeof(kData1)); + // wrong tag. + if (CBS_get_asn1(&data, &contents, 0x31)) { + return false; + } + + CBS_init(&data, NULL, 0); + // peek at empty data. + if (CBS_peek_asn1_tag(&data, 0x30)) { + return false; + } + + CBS_init(&data, NULL, 0); + // optional elements at empty data. + if (!CBS_get_optional_asn1(&data, &contents, &present, 0xa0) || + present || + !CBS_get_optional_asn1_octet_string(&data, &contents, &present, 0xa0) || + present || + CBS_len(&contents) != 0 || + !CBS_get_optional_asn1_octet_string(&data, &contents, NULL, 0xa0) || + CBS_len(&contents) != 0 || + !CBS_get_optional_asn1_uint64(&data, &value, 0xa0, 42) || + value != 42) { + return false; + } + + CBS_init(&data, kData6, sizeof(kData6)); + // optional element. + if (!CBS_get_optional_asn1(&data, &contents, &present, 0xa0) || + present || + !CBS_get_optional_asn1(&data, &contents, &present, 0xa1) || + !present || + CBS_len(&contents) != 3 || + memcmp(CBS_data(&contents), "\x04\x01\x01", 3) != 0) { + return false; + } + + CBS_init(&data, kData6, sizeof(kData6)); + // optional octet string. + if (!CBS_get_optional_asn1_octet_string(&data, &contents, &present, 0xa0) || + present || + CBS_len(&contents) != 0 || + !CBS_get_optional_asn1_octet_string(&data, &contents, &present, 0xa1) || + !present || + CBS_len(&contents) != 1 || + CBS_data(&contents)[0] != 1) { + return false; + } + + CBS_init(&data, kData7, sizeof(kData7)); + // invalid optional octet string. + if (CBS_get_optional_asn1_octet_string(&data, &contents, &present, 0xa1)) { + return false; + } + + CBS_init(&data, kData8, sizeof(kData8)); + // optional octet string. + if (!CBS_get_optional_asn1_uint64(&data, &value, 0xa0, 42) || + value != 42 || + !CBS_get_optional_asn1_uint64(&data, &value, 0xa1, 42) || + value != 1) { + return false; + } + + CBS_init(&data, kData9, sizeof(kData9)); + // invalid optional integer. + if (CBS_get_optional_asn1_uint64(&data, &value, 0xa1, 42)) { + return false; + } + + return true; +} + +static bool TestGetOptionalASN1Bool() { + static const uint8_t kTrue[] = {0x0a, 3, CBS_ASN1_BOOLEAN, 1, 0xff}; + static const uint8_t kFalse[] = {0x0a, 3, CBS_ASN1_BOOLEAN, 1, 0x00}; + static const uint8_t kInvalid[] = {0x0a, 3, CBS_ASN1_BOOLEAN, 1, 0x01}; + + CBS data; + CBS_init(&data, NULL, 0); + int val = 2; + if (!CBS_get_optional_asn1_bool(&data, &val, 0x0a, 0) || + val != 0) { + return false; + } + + CBS_init(&data, kTrue, sizeof(kTrue)); + val = 2; + if (!CBS_get_optional_asn1_bool(&data, &val, 0x0a, 0) || + val != 1) { + return false; + } + + CBS_init(&data, kFalse, sizeof(kFalse)); + val = 2; + if (!CBS_get_optional_asn1_bool(&data, &val, 0x0a, 1) || + val != 0) { + return false; + } + + CBS_init(&data, kInvalid, sizeof(kInvalid)); + if (CBS_get_optional_asn1_bool(&data, &val, 0x0a, 1)) { + return false; + } + + return true; +} + +static bool TestCBBBasic() { + static const uint8_t kExpected[] = {1, 2, 3, 4, 5, 6, 7, 8}; + uint8_t *buf; + size_t buf_len; + CBB cbb; + + if (!CBB_init(&cbb, 100)) { + return false; + } + CBB_cleanup(&cbb); + + if (!CBB_init(&cbb, 0)) { + return false; + } + if (!CBB_add_u8(&cbb, 1) || + !CBB_add_u16(&cbb, 0x203) || + !CBB_add_u24(&cbb, 0x40506) || + !CBB_add_bytes(&cbb, (const uint8_t*) "\x07\x08", 2) || + !CBB_finish(&cbb, &buf, &buf_len)) { + CBB_cleanup(&cbb); + return false; + } + + ScopedOpenSSLBytes scoper(buf); + return buf_len == sizeof(kExpected) && memcmp(buf, kExpected, buf_len) == 0; +} + +static bool TestCBBFixed() { + CBB cbb; + uint8_t buf[1]; + uint8_t *out_buf; + size_t out_size; + + if (!CBB_init_fixed(&cbb, NULL, 0) || + CBB_add_u8(&cbb, 1) || + !CBB_finish(&cbb, &out_buf, &out_size) || + out_buf != NULL || + out_size != 0) { + return false; + } + + if (!CBB_init_fixed(&cbb, buf, 1) || + !CBB_add_u8(&cbb, 1) || + CBB_add_u8(&cbb, 2) || + !CBB_finish(&cbb, &out_buf, &out_size) || + out_buf != buf || + out_size != 1 || + buf[0] != 1) { + return false; + } + + return true; +} + +static bool TestCBBFinishChild() { + CBB cbb, child; + uint8_t *out_buf; + size_t out_size; + + if (!CBB_init(&cbb, 16)) { + return false; + } + if (!CBB_add_u8_length_prefixed(&cbb, &child) || + CBB_finish(&child, &out_buf, &out_size) || + !CBB_finish(&cbb, &out_buf, &out_size)) { + CBB_cleanup(&cbb); + return false; + } + ScopedOpenSSLBytes scoper(out_buf); + return out_size == 1 && out_buf[0] == 0; +} + +static bool TestCBBPrefixed() { + static const uint8_t kExpected[] = {0, 1, 1, 0, 2, 2, 3, 0, 0, 3, + 4, 5, 6, 5, 4, 1, 0, 1, 2}; + uint8_t *buf; + size_t buf_len; + CBB cbb, contents, inner_contents, inner_inner_contents; + + if (!CBB_init(&cbb, 0)) { + return false; + } + if (!CBB_add_u8_length_prefixed(&cbb, &contents) || + !CBB_add_u8_length_prefixed(&cbb, &contents) || + !CBB_add_u8(&contents, 1) || + !CBB_add_u16_length_prefixed(&cbb, &contents) || + !CBB_add_u16(&contents, 0x203) || + !CBB_add_u24_length_prefixed(&cbb, &contents) || + !CBB_add_u24(&contents, 0x40506) || + !CBB_add_u8_length_prefixed(&cbb, &contents) || + !CBB_add_u8_length_prefixed(&contents, &inner_contents) || + !CBB_add_u8(&inner_contents, 1) || + !CBB_add_u16_length_prefixed(&inner_contents, &inner_inner_contents) || + !CBB_add_u8(&inner_inner_contents, 2) || + !CBB_finish(&cbb, &buf, &buf_len)) { + CBB_cleanup(&cbb); + return false; + } + + ScopedOpenSSLBytes scoper(buf); + return buf_len == sizeof(kExpected) && memcmp(buf, kExpected, buf_len) == 0; +} + +static bool TestCBBMisuse() { + CBB cbb, child, contents; + uint8_t *buf; + size_t buf_len; + + if (!CBB_init(&cbb, 0)) { + return false; + } + if (!CBB_add_u8_length_prefixed(&cbb, &child) || + !CBB_add_u8(&child, 1) || + !CBB_add_u8(&cbb, 2)) { + CBB_cleanup(&cbb); + return false; + } + + // Since we wrote to |cbb|, |child| is now invalid and attempts to write to + // it should fail. + if (CBB_add_u8(&child, 1) || + CBB_add_u16(&child, 1) || + CBB_add_u24(&child, 1) || + CBB_add_u8_length_prefixed(&child, &contents) || + CBB_add_u16_length_prefixed(&child, &contents) || + CBB_add_asn1(&child, &contents, 1) || + CBB_add_bytes(&child, (const uint8_t*) "a", 1)) { + fprintf(stderr, "CBB operation on invalid CBB did not fail.\n"); + CBB_cleanup(&cbb); + return false; + } + + if (!CBB_finish(&cbb, &buf, &buf_len)) { + CBB_cleanup(&cbb); + return false; + } + ScopedOpenSSLBytes scoper(buf); + + if (buf_len != 3 || + memcmp(buf, "\x01\x01\x02", 3) != 0) { + return false; + } + return true; +} + +static bool TestCBBASN1() { + static const uint8_t kExpected[] = {0x30, 3, 1, 2, 3}; + uint8_t *buf; + size_t buf_len; + CBB cbb, contents, inner_contents; + + if (!CBB_init(&cbb, 0)) { + return false; + } + if (!CBB_add_asn1(&cbb, &contents, 0x30) || + !CBB_add_bytes(&contents, (const uint8_t*) "\x01\x02\x03", 3) || + !CBB_finish(&cbb, &buf, &buf_len)) { + CBB_cleanup(&cbb); + return false; + } + ScopedOpenSSLBytes scoper(buf); + + if (buf_len != sizeof(kExpected) || memcmp(buf, kExpected, buf_len) != 0) { + return false; + } + + std::vector test_data(100000, 0x42); + + if (!CBB_init(&cbb, 0)) { + return false; + } + if (!CBB_add_asn1(&cbb, &contents, 0x30) || + !CBB_add_bytes(&contents, bssl::vector_data(&test_data), 130) || + !CBB_finish(&cbb, &buf, &buf_len)) { + CBB_cleanup(&cbb); + return false; + } + scoper.reset(buf); + + if (buf_len != 3 + 130 || + memcmp(buf, "\x30\x81\x82", 3) != 0 || + memcmp(buf + 3, bssl::vector_data(&test_data), 130) != 0) { + return false; + } + + if (!CBB_init(&cbb, 0)) { + return false; + } + if (!CBB_add_asn1(&cbb, &contents, 0x30) || + !CBB_add_bytes(&contents, bssl::vector_data(&test_data), 1000) || + !CBB_finish(&cbb, &buf, &buf_len)) { + CBB_cleanup(&cbb); + return false; + } + scoper.reset(buf); + + if (buf_len != 4 + 1000 || + memcmp(buf, "\x30\x82\x03\xe8", 4) != 0 || + memcmp(buf + 4, bssl::vector_data(&test_data), 1000)) { + return false; + } + + if (!CBB_init(&cbb, 0)) { + return false; + } + if (!CBB_add_asn1(&cbb, &contents, 0x30) || + !CBB_add_asn1(&contents, &inner_contents, 0x30) || + !CBB_add_bytes(&inner_contents, bssl::vector_data(&test_data), 100000) || + !CBB_finish(&cbb, &buf, &buf_len)) { + CBB_cleanup(&cbb); + return false; + } + scoper.reset(buf); + + if (buf_len != 5 + 5 + 100000 || + memcmp(buf, "\x30\x83\x01\x86\xa5\x30\x83\x01\x86\xa0", 10) != 0 || + memcmp(buf + 10, bssl::vector_data(&test_data), 100000)) { + return false; + } + + return true; +} + +static bool DoBerConvert(const char *name, + const uint8_t *der_expected, size_t der_len, + const uint8_t *ber, size_t ber_len) { + CBS in; + uint8_t *out; + size_t out_len; + + CBS_init(&in, ber, ber_len); + if (!CBS_asn1_ber_to_der(&in, &out, &out_len)) { + fprintf(stderr, "%s: CBS_asn1_ber_to_der failed.\n", name); + return false; + } + ScopedOpenSSLBytes scoper(out); + + if (out == NULL) { + if (ber_len != der_len || + memcmp(der_expected, ber, ber_len) != 0) { + fprintf(stderr, "%s: incorrect unconverted result.\n", name); + return false; + } + + return true; + } + + if (out_len != der_len || + memcmp(out, der_expected, der_len) != 0) { + fprintf(stderr, "%s: incorrect converted result.\n", name); + return false; + } + + return true; +} + +static bool TestBerConvert() { + static const uint8_t kSimpleBER[] = {0x01, 0x01, 0x00}; + + // kIndefBER contains a SEQUENCE with an indefinite length. + static const uint8_t kIndefBER[] = {0x30, 0x80, 0x01, 0x01, 0x02, 0x00, 0x00}; + static const uint8_t kIndefDER[] = {0x30, 0x03, 0x01, 0x01, 0x02}; + + // kOctetStringBER contains an indefinite length OCTETSTRING with two parts. + // These parts need to be concatenated in DER form. + static const uint8_t kOctetStringBER[] = {0x24, 0x80, 0x04, 0x02, 0, 1, + 0x04, 0x02, 2, 3, 0x00, 0x00}; + static const uint8_t kOctetStringDER[] = {0x04, 0x04, 0, 1, 2, 3}; + + // kNSSBER is part of a PKCS#12 message generated by NSS that uses indefinite + // length elements extensively. + static const uint8_t kNSSBER[] = { + 0x30, 0x80, 0x02, 0x01, 0x03, 0x30, 0x80, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x80, 0x24, 0x80, 0x04, 0x04, + 0x01, 0x02, 0x03, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x39, + 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, + 0x00, 0x04, 0x14, 0x84, 0x98, 0xfc, 0x66, 0x33, 0xee, 0xba, 0xe7, 0x90, + 0xc1, 0xb6, 0xe8, 0x8f, 0xfe, 0x1d, 0xc5, 0xa5, 0x97, 0x93, 0x3e, 0x04, + 0x10, 0x38, 0x62, 0xc6, 0x44, 0x12, 0xd5, 0x30, 0x00, 0xf8, 0xf2, 0x1b, + 0xf0, 0x6e, 0x10, 0x9b, 0xb8, 0x02, 0x02, 0x07, 0xd0, 0x00, 0x00, + }; + + static const uint8_t kNSSDER[] = { + 0x30, 0x53, 0x02, 0x01, 0x03, 0x30, 0x13, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x06, 0x04, 0x04, + 0x01, 0x02, 0x03, 0x04, 0x30, 0x39, 0x30, 0x21, 0x30, 0x09, 0x06, + 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, 0x84, + 0x98, 0xfc, 0x66, 0x33, 0xee, 0xba, 0xe7, 0x90, 0xc1, 0xb6, 0xe8, + 0x8f, 0xfe, 0x1d, 0xc5, 0xa5, 0x97, 0x93, 0x3e, 0x04, 0x10, 0x38, + 0x62, 0xc6, 0x44, 0x12, 0xd5, 0x30, 0x00, 0xf8, 0xf2, 0x1b, 0xf0, + 0x6e, 0x10, 0x9b, 0xb8, 0x02, 0x02, 0x07, 0xd0, + }; + + return DoBerConvert("kSimpleBER", kSimpleBER, sizeof(kSimpleBER), + kSimpleBER, sizeof(kSimpleBER)) && + DoBerConvert("kIndefBER", kIndefDER, sizeof(kIndefDER), kIndefBER, + sizeof(kIndefBER)) && + DoBerConvert("kOctetStringBER", kOctetStringDER, + sizeof(kOctetStringDER), kOctetStringBER, + sizeof(kOctetStringBER)) && + DoBerConvert("kNSSBER", kNSSDER, sizeof(kNSSDER), kNSSBER, + sizeof(kNSSBER)); +} + +struct ASN1Uint64Test { + uint64_t value; + const char *encoding; + size_t encoding_len; +}; + +static const ASN1Uint64Test kASN1Uint64Tests[] = { + {0, "\x02\x01\x00", 3}, + {1, "\x02\x01\x01", 3}, + {127, "\x02\x01\x7f", 3}, + {128, "\x02\x02\x00\x80", 4}, + {0xdeadbeef, "\x02\x05\x00\xde\xad\xbe\xef", 7}, + {OPENSSL_U64(0x0102030405060708), + "\x02\x08\x01\x02\x03\x04\x05\x06\x07\x08", 10}, + {OPENSSL_U64(0xffffffffffffffff), + "\x02\x09\x00\xff\xff\xff\xff\xff\xff\xff\xff", 11}, +}; + +struct ASN1InvalidUint64Test { + const char *encoding; + size_t encoding_len; +}; + +static const ASN1InvalidUint64Test kASN1InvalidUint64Tests[] = { + // Bad tag. + {"\x03\x01\x00", 3}, + // Empty contents. + {"\x02\x00", 2}, + // Negative number. + {"\x02\x01\x80", 3}, + // Overflow. + {"\x02\x09\x01\x00\x00\x00\x00\x00\x00\x00\x00", 11}, + // Leading zeros. + {"\x02\x02\x00\x01", 4}, +}; + +static bool TestASN1Uint64() { + for (size_t i = 0; i < sizeof(kASN1Uint64Tests) / sizeof(kASN1Uint64Tests[0]); + i++) { + const ASN1Uint64Test *test = &kASN1Uint64Tests[i]; + CBS cbs; + uint64_t value; + CBB cbb; + uint8_t *out; + size_t len; + + CBS_init(&cbs, (const uint8_t *)test->encoding, test->encoding_len); + if (!CBS_get_asn1_uint64(&cbs, &value) || + CBS_len(&cbs) != 0 || + value != test->value) { + return false; + } + + if (!CBB_init(&cbb, 0)) { + return false; + } + if (!CBB_add_asn1_uint64(&cbb, test->value) || + !CBB_finish(&cbb, &out, &len)) { + CBB_cleanup(&cbb); + return false; + } + ScopedOpenSSLBytes scoper(out); + if (len != test->encoding_len || memcmp(out, test->encoding, len) != 0) { + return false; + } + } + + for (size_t i = 0; + i < sizeof(kASN1InvalidUint64Tests) / sizeof(kASN1InvalidUint64Tests[0]); + i++) { + const ASN1InvalidUint64Test *test = &kASN1InvalidUint64Tests[i]; + CBS cbs; + uint64_t value; + + CBS_init(&cbs, (const uint8_t *)test->encoding, test->encoding_len); + if (CBS_get_asn1_uint64(&cbs, &value)) { + return false; + } + } + + return true; +} + +int main(void) { + CRYPTO_library_init(); + + if (!TestSkip() || + !TestGetUint() || + !TestGetPrefixed() || + !TestGetPrefixedBad() || + !TestGetASN1() || + !TestCBBBasic() || + !TestCBBFixed() || + !TestCBBFinishChild() || + !TestCBBMisuse() || + !TestCBBPrefixed() || + !TestCBBASN1() || + !TestBerConvert() || + !TestASN1Uint64() || + !TestGetOptionalASN1Bool()) { + return 1; + } + + printf("PASS\n"); + return 0; +} diff --git a/src/crypto/bytestring/cbb.c b/src/crypto/bytestring/cbb.c index 4428836..f1e09a2 100644 --- a/src/crypto/bytestring/cbb.c +++ b/src/crypto/bytestring/cbb.c @@ -25,7 +25,6 @@ static int cbb_init(CBB *cbb, uint8_t *buf, size_t cap) { base = OPENSSL_malloc(sizeof(struct cbb_buffer_st)); if (base == NULL) { - OPENSSL_free(buf); return 0; } @@ -48,7 +47,12 @@ int CBB_init(CBB *cbb, size_t initial_capacity) { return 0; } - return cbb_init(cbb, buf, initial_capacity); + if (!cbb_init(cbb, buf, initial_capacity)) { + OPENSSL_free(buf); + return 0; + } + + return 1; } int CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len) { @@ -62,7 +66,7 @@ int CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len) { void CBB_cleanup(CBB *cbb) { if (cbb->base) { - if (cbb->base->buf && cbb->base->can_resize) { + if (cbb->base->can_resize) { OPENSSL_free(cbb->base->buf); } OPENSSL_free(cbb->base); @@ -276,6 +280,11 @@ int CBB_add_u24_length_prefixed(CBB *cbb, CBB *out_contents) { } int CBB_add_asn1(CBB *cbb, CBB *out_contents, uint8_t tag) { + if ((tag & 0x1f) == 0x1f) { + /* Long form identifier octets are not supported. */ + return 0; + } + if (!CBB_flush(cbb) || !CBB_add_u8(cbb, tag)) { return 0; diff --git a/src/crypto/bytestring/cbs.c b/src/crypto/bytestring/cbs.c index b417716..10f1a99 100644 --- a/src/crypto/bytestring/cbs.c +++ b/src/crypto/bytestring/cbs.c @@ -52,10 +52,8 @@ size_t CBS_len(const CBS *cbs) { } int CBS_stow(const CBS *cbs, uint8_t **out_ptr, size_t *out_len) { - if (*out_ptr != NULL) { - OPENSSL_free(*out_ptr); - *out_ptr = NULL; - } + OPENSSL_free(*out_ptr); + *out_ptr = NULL; *out_len = 0; if (cbs->len == 0) { @@ -82,8 +80,9 @@ int CBS_contains_zero_byte(const CBS *cbs) { } int CBS_mem_equal(const CBS *cbs, const uint8_t *data, size_t len) { - if (len != cbs->len) + if (len != cbs->len) { return 0; + } return CRYPTO_memcmp(cbs->data, data, len) == 0; } @@ -290,7 +289,12 @@ int CBS_get_asn1_uint64(CBS *cbs, uint64_t *out) { } if ((data[0] & 0x80) != 0) { - /* negative number */ + /* Negative number. */ + return 0; + } + + if (data[0] == 0 && len > 1 && (data[1] & 0x80) == 0) { + /* Extra leading zeros. */ return 0; } diff --git a/src/crypto/chacha/chacha_vec.c b/src/crypto/chacha/chacha_vec.c index 88830bc..14b54a7 100644 --- a/src/crypto/chacha/chacha_vec.c +++ b/src/crypto/chacha/chacha_vec.c @@ -40,6 +40,7 @@ typedef unsigned vec __attribute__((vector_size(16))); * This implementation supports parallel processing of multiple blocks, * including potentially using general-purpose registers. */ #if __ARM_NEON__ +#include #include #define GPR_TOO 1 #define VBPI 2 @@ -158,33 +159,19 @@ void CRYPTO_chacha_20( { unsigned iters, i, *op=(unsigned *)out, *ip=(unsigned *)in, *kp; #if defined(__ARM_NEON__) - unsigned *np; + uint32_t np[2]; uint8_t alignment_buffer[16] __attribute__((aligned(16))); #endif vec s0, s1, s2, s3; -#if !defined(__ARM_NEON__) && !defined(__SSE2__) - __attribute__ ((aligned (16))) unsigned key[8], nonce[4]; -#endif __attribute__ ((aligned (16))) unsigned chacha_const[] = {0x61707865,0x3320646E,0x79622D32,0x6B206574}; -#if defined(__ARM_NEON__) || defined(__SSE2__) - kp = (unsigned *)key; -#else - ((vec *)key)[0] = REVV_BE(((vec *)key)[0]); - ((vec *)key)[1] = REVV_BE(((vec *)key)[1]); - nonce[0] = REVW_BE(((unsigned *)nonce)[0]); - nonce[1] = REVW_BE(((unsigned *)nonce)[1]); - nonce[2] = REVW_BE(((unsigned *)nonce)[2]); - nonce[3] = REVW_BE(((unsigned *)nonce)[3]); kp = (unsigned *)key; - np = (unsigned *)nonce; -#endif #if defined(__ARM_NEON__) - np = (unsigned*) nonce; + memcpy(np, nonce, 8); #endif s0 = LOAD_ALIGNED(chacha_const); - s1 = LOAD_ALIGNED(&((vec*)kp)[0]); - s2 = LOAD_ALIGNED(&((vec*)kp)[1]); + s1 = LOAD(&((vec*)kp)[0]); + s2 = LOAD(&((vec*)kp)[1]); s3 = (vec){ counter & 0xffffffff, #if __ARM_NEON__ || defined(OPENSSL_X86) diff --git a/src/crypto/chacha/chacha_vec_arm.S b/src/crypto/chacha/chacha_vec_arm.S index 15d4556..ddc374e 100644 --- a/src/crypto/chacha/chacha_vec_arm.S +++ b/src/crypto/chacha/chacha_vec_arm.S @@ -59,131 +59,147 @@ .thumb_func .type CRYPTO_chacha_20_neon, %function CRYPTO_chacha_20_neon: - @ args = 8, pretend = 0, frame = 128 + @ args = 8, pretend = 0, frame = 152 @ frame_needed = 1, uses_anonymous_args = 0 push {r4, r5, r6, r7, r8, r9, r10, fp, lr} - mov r4, r2 + mov r8, r3 vpush.64 {d8, d9, d10, d11, d12, d13, d14, d15} - movw r8, #43691 - movt r8, 43690 - mov ip, r3 - umull r8, r9, r4, r8 - sub sp, sp, #132 - add r7, sp, #0 - sub sp, sp, #112 + mov r9, r2 + ldr r4, .L91+16 mov fp, r0 mov r10, r1 + mov lr, r8 +.LPIC16: + add r4, pc + sub sp, sp, #156 + add r7, sp, #0 + sub sp, sp, #112 + add r6, r7, #144 + str r0, [r7, #88] + str r1, [r7, #12] str r2, [r7, #8] + ldmia r4, {r0, r1, r2, r3} add r4, sp, #15 - ldr r2, .L92+16 bic r4, r4, #15 - ldr r5, [r7, #232] - add lr, r4, #64 -.LPIC16: - add r2, pc - str r0, [r7, #60] - str r1, [r7, #12] - str r3, [r7, #44] - ldmia r2, {r0, r1, r2, r3} - ldr r6, [r5] - str r4, [r7, #72] - ldr r5, [r5, #4] - ldr r4, [r7, #236] - str r6, [r7, #120] - str r5, [r7, #124] - str r4, [r7, #112] - stmia lr, {r0, r1, r2, r3} - movs r3, #0 - ldr r0, [r7, #72] - str r3, [r7, #116] - lsrs r3, r9, #7 - vldr d22, [r7, #112] - vldr d23, [r7, #120] - vldr d24, [r0, #64] - vldr d25, [r0, #72] - vld1.64 {d26-d27}, [ip:64] - vldr d28, [ip, #16] - vldr d29, [ip, #24] + ldr ip, [r7, #256] + str r4, [r7, #84] + mov r5, r4 + adds r4, r4, #64 + adds r5, r5, #80 + str r8, [r7, #68] + stmia r4, {r0, r1, r2, r3} + movw r4, #43691 + ldr r0, [ip] @ unaligned + movt r4, 43690 + ldr r1, [ip, #4] @ unaligned + ldr r3, [r7, #84] + ldr r2, [r8, #8] @ unaligned + mov r8, #0 + stmia r6!, {r0, r1} + mov r6, r5 + ldr r1, [lr, #4] @ unaligned + ldr r0, [lr] @ unaligned + vldr d24, [r3, #64] + vldr d25, [r3, #72] + ldr r3, [lr, #12] @ unaligned + str r5, [r7, #80] + stmia r5!, {r0, r1, r2, r3} + ldr r0, [lr, #16]! @ unaligned + ldr r2, [r7, #84] + umull r4, r5, r9, r4 + vldr d26, [r2, #80] + vldr d27, [r2, #88] + ldr r1, [lr, #4] @ unaligned + ldr r2, [lr, #8] @ unaligned + ldr r3, [lr, #12] @ unaligned + ldr r4, [r7, #260] + stmia r6!, {r0, r1, r2, r3} + ldr r3, [ip] + ldr r1, [r7, #84] + ldr r2, [ip, #4] + str r3, [r7, #64] + vldr d28, [r1, #80] + vldr d29, [r1, #88] + str r3, [r7, #136] + lsrs r3, r5, #7 + str r4, [r7, #128] + str r2, [r7, #140] + str r8, [r7, #132] + str r2, [r7, #60] + vldr d22, [r7, #128] + vldr d23, [r7, #136] beq .L26 - ldr r1, [r0, #64] lsls r2, r3, #8 + ldr r5, [r1, #64] sub r3, r2, r3, lsl #6 + ldr r2, [r1, #68] + vldr d0, .L91 + vldr d1, .L91+8 + adds r4, r4, #2 + str r5, [r7, #56] + str r2, [r7, #52] + ldr r5, [r1, #72] + ldr r2, [r1, #76] str r3, [r7, #4] - ldr r2, [r0, #72] - str r1, [r7, #40] - mov r1, r3 - ldr r3, [r0, #68] - vldr d0, .L92 - vldr d1, .L92+8 - str r2, [r7, #32] - adds r2, r4, #2 - str r3, [r7, #36] - ldr r3, [r0, #76] - str r2, [r7, #48] - mov r2, r0 - mov r0, fp - str r10, [r7, #64] - str r3, [r7, #28] - adds r3, r0, r1 - mov r1, r6 + str r5, [r7, #48] + str r2, [r7, #44] + mov r2, fp + str r4, [r7, #72] + adds r3, r2, r3 + str r10, [r7, #76] str r3, [r7, #16] - add r3, r2, #80 - mov r2, r5 - str r3, [r7, #68] .L4: - ldr r0, [r7, #44] - add r8, r7, #28 - str r2, [r7, #108] + ldr r5, [r7, #68] + add r8, r7, #44 + ldr r4, [r7, #72] vadd.i32 q3, q11, q0 ldmia r8, {r8, r9, r10, fp} vmov q8, q14 @ v4si - ldr r3, [r0] + ldr r2, [r5, #4] vmov q1, q13 @ v4si + ldr r3, [r5] vmov q9, q12 @ v4si + ldr lr, [r5, #20] vmov q2, q11 @ v4si - str r3, [r7, #52] - mov r3, r0 - ldr r5, [r3, #8] + mov r0, r2 + ldr r2, [r5, #8] + str r3, [r7, #108] + mov r3, r5 + ldr ip, [r5, #16] vmov q15, q14 @ v4si - ldr lr, [r3, #20] + mov r1, r2 + ldr r2, [r5, #12] + ldr r5, [r5, #24] vmov q5, q13 @ v4si - ldr r6, [r3, #12] + ldr r6, [r3, #28] vmov q10, q12 @ v4si - str r5, [r7, #92] - mov r5, r3 - ldr r4, [r5, #28] + ldr r3, [r7, #64] + str r5, [r7, #116] movs r5, #10 - ldr ip, [r3, #16] - ldr r3, [r3, #24] - str r4, [r7, #104] - ldr r4, [r7, #48] - str r3, [r7, #100] - mov r3, r1 - str r6, [r7, #56] - str r4, [r7, #96] - str r8, [r7, #80] + str r6, [r7, #120] + str r4, [r7, #112] + ldr r6, [r7, #60] + str r8, [r7, #96] mov r8, r10 - ldr r0, [r0, #4] + ldr r4, [r7, #108] mov r10, r9 - ldr r1, [r7, #92] - ldr r2, [r7, #56] - ldr r9, [r7, #100] - ldr r4, [r7, #52] - str lr, [r7, #88] + ldr r9, [r7, #116] + str lr, [r7, #104] mov lr, r3 - str r5, [r7, #76] + str r5, [r7, #92] movs r5, #0 - str r5, [r7, #84] - b .L93 -.L94: + str r6, [r7, #124] + str r5, [r7, #100] + b .L92 +.L93: .align 3 -.L92: +.L91: .word 1 .word 0 .word 0 .word 0 .word .LANCHOR0-(.LPIC16+4) -.L93: +.L92: .L3: vadd.i32 q9, q9, q1 add r3, r8, r0 @@ -192,8 +208,8 @@ CRYPTO_chacha_20_neon: veor q3, q3, q9 mov r6, r3 veor q2, q2, q10 - ldr r3, [r7, #80] - str r5, [r7, #100] + ldr r3, [r7, #96] + str r5, [r7, #116] add r10, r10, r1 vrev32.16 q3, q3 eor lr, lr, r10 @@ -201,13 +217,13 @@ CRYPTO_chacha_20_neon: vrev32.16 q2, q2 vadd.i32 q15, q15, q2 mov fp, r3 - ldr r3, [r7, #96] + ldr r3, [r7, #112] veor q4, q8, q1 - str r6, [r7, #96] + str r6, [r7, #112] veor q6, q15, q5 eors r3, r3, r5 mov r5, r6 - ldr r6, [r7, #84] + ldr r6, [r7, #100] vshl.i32 q1, q4, #12 vshl.i32 q5, q6, #12 add fp, fp, r2 @@ -216,33 +232,33 @@ CRYPTO_chacha_20_neon: vsri.32 q1, q4, #20 ror lr, lr, #16 mov r5, r6 - ldr r6, [r7, #108] + ldr r6, [r7, #124] vsri.32 q5, q6, #20 - str r3, [r7, #108] + str r3, [r7, #124] eor r6, r6, fp ror r5, r5, #16 vadd.i32 q9, q9, q1 add r9, r9, lr ror r3, r6, #16 - ldr r6, [r7, #108] + ldr r6, [r7, #124] vadd.i32 q10, q10, q5 - str r3, [r7, #92] + str r3, [r7, #108] veor q4, q9, q3 add ip, ip, r6 - ldr r6, [r7, #88] + ldr r6, [r7, #104] veor q6, q10, q2 eor r4, ip, r4 eor r1, r9, r1 vshl.i32 q3, q4, #8 mov r8, r6 - ldr r6, [r7, #104] + ldr r6, [r7, #120] vshl.i32 q2, q6, #8 ror r4, r4, #20 add r6, r6, r3 vsri.32 q3, q4, #24 - str r6, [r7, #88] + str r6, [r7, #104] eors r2, r2, r6 - ldr r6, [r7, #100] + ldr r6, [r7, #116] vsri.32 q2, q6, #24 add r8, r8, r5 ror r2, r2, #20 @@ -251,42 +267,42 @@ CRYPTO_chacha_20_neon: eor r0, r8, r0 vadd.i32 q15, q15, q2 mov r3, r6 - ldr r6, [r7, #96] + ldr r6, [r7, #112] veor q6, q4, q1 ror r0, r0, #20 - str r3, [r7, #96] + str r3, [r7, #112] veor q5, q15, q5 adds r6, r0, r6 - str r6, [r7, #104] + str r6, [r7, #120] mov r6, r3 - ldr r3, [r7, #108] + ldr r3, [r7, #124] vshl.i32 q8, q6, #7 add fp, fp, r2 eors r3, r3, r6 - ldr r6, [r7, #104] + ldr r6, [r7, #120] vshl.i32 q1, q5, #7 ror r1, r1, #20 eors r5, r5, r6 vsri.32 q8, q6, #25 - ldr r6, [r7, #92] + ldr r6, [r7, #108] ror r3, r3, #24 ror r5, r5, #24 vsri.32 q1, q5, #25 - str r5, [r7, #100] + str r5, [r7, #116] eor r6, fp, r6 - ldr r5, [r7, #100] + ldr r5, [r7, #116] add r10, r10, r1 add ip, r3, ip vext.32 q8, q8, q8, #1 - str ip, [r7, #108] + str ip, [r7, #124] add ip, r5, r8 - ldr r5, [r7, #88] + ldr r5, [r7, #104] eor lr, r10, lr ror r6, r6, #24 vext.32 q1, q1, q1, #1 add r8, r6, r5 vadd.i32 q9, q9, q8 - ldr r5, [r7, #108] + ldr r5, [r7, #124] vext.32 q3, q3, q3, #3 vadd.i32 q10, q10, q1 ror lr, lr, #24 @@ -295,14 +311,14 @@ CRYPTO_chacha_20_neon: add r9, r9, lr eors r4, r4, r5 veor q3, q9, q3 - ldr r5, [r7, #96] + ldr r5, [r7, #112] eor r1, r9, r1 ror r0, r0, #25 veor q2, q10, q2 adds r5, r0, r5 vext.32 q4, q4, q4, #2 - str r5, [r7, #96] - ldr r5, [r7, #104] + str r5, [r7, #112] + ldr r5, [r7, #120] ror r1, r1, #25 vrev32.16 q3, q3 eor r2, r8, r2 @@ -311,10 +327,10 @@ CRYPTO_chacha_20_neon: vadd.i32 q4, q4, q3 ror r4, r4, #25 vrev32.16 q2, q2 - str r5, [r7, #84] + str r5, [r7, #100] vadd.i32 q15, q15, q2 eors r3, r3, r5 - ldr r5, [r7, #96] + ldr r5, [r7, #112] add fp, fp, r4 veor q8, q4, q8 ror r2, r2, #25 @@ -322,174 +338,182 @@ CRYPTO_chacha_20_neon: eor lr, fp, lr eors r6, r6, r5 ror r3, r3, #16 - ldr r5, [r7, #100] + ldr r5, [r7, #116] add r10, r10, r2 - str r3, [r7, #104] + str r3, [r7, #120] ror lr, lr, #16 - ldr r3, [r7, #104] + ldr r3, [r7, #120] eor r5, r10, r5 vshl.i32 q5, q8, #12 add ip, lr, ip vshl.i32 q6, q1, #12 - str ip, [r7, #88] + str ip, [r7, #104] add ip, r3, r8 - str ip, [r7, #100] - ldr r3, [r7, #108] + str ip, [r7, #116] + ldr r3, [r7, #124] ror r5, r5, #16 vsri.32 q5, q8, #20 ror r6, r6, #16 add ip, r5, r3 - ldr r3, [r7, #88] + ldr r3, [r7, #104] vsri.32 q6, q1, #20 add r9, r9, r6 eor r2, ip, r2 eors r4, r4, r3 - ldr r3, [r7, #100] + ldr r3, [r7, #116] eor r0, r9, r0 vadd.i32 q9, q9, q5 ror r4, r4, #20 eors r1, r1, r3 vadd.i32 q10, q10, q6 ror r3, r2, #20 - str r3, [r7, #92] - ldr r3, [r7, #96] + str r3, [r7, #108] + ldr r3, [r7, #112] veor q3, q9, q3 ror r0, r0, #20 add r8, r4, fp veor q2, q10, q2 add fp, r0, r3 - ldr r3, [r7, #84] + ldr r3, [r7, #100] ror r1, r1, #20 mov r2, r8 vshl.i32 q8, q3, #8 - str r8, [r7, #80] + str r8, [r7, #96] add r8, r1, r3 - ldr r3, [r7, #92] + ldr r3, [r7, #108] vmov q1, q6 @ v4si vshl.i32 q6, q2, #8 eor r6, fp, r6 add r10, r10, r3 - ldr r3, [r7, #104] + ldr r3, [r7, #120] vsri.32 q8, q3, #24 eor lr, r2, lr eor r3, r8, r3 ror r2, r6, #24 vsri.32 q6, q2, #24 eor r5, r10, r5 - str r2, [r7, #108] + str r2, [r7, #124] ror r2, r3, #24 - ldr r3, [r7, #88] + ldr r3, [r7, #104] vmov q3, q8 @ v4si vadd.i32 q15, q15, q6 ror lr, lr, #24 vadd.i32 q8, q4, q8 ror r6, r5, #24 add r5, lr, r3 - ldr r3, [r7, #108] + ldr r3, [r7, #124] veor q4, q8, q5 add ip, ip, r6 vmov q2, q6 @ v4si add r9, r9, r3 veor q6, q15, q1 - ldr r3, [r7, #100] + ldr r3, [r7, #116] vshl.i32 q1, q4, #7 - str r2, [r7, #96] + str r2, [r7, #112] add r3, r3, r2 - str r3, [r7, #104] + str r3, [r7, #120] vshl.i32 q5, q6, #7 eors r1, r1, r3 - ldr r3, [r7, #92] + ldr r3, [r7, #108] vsri.32 q1, q4, #25 eors r4, r4, r5 eor r0, r9, r0 eor r2, ip, r3 vsri.32 q5, q6, #25 - ldr r3, [r7, #76] + ldr r3, [r7, #92] ror r4, r4, #25 - str r6, [r7, #84] + str r6, [r7, #100] ror r0, r0, #25 subs r3, r3, #1 - str r5, [r7, #88] + str r5, [r7, #104] ror r1, r1, #25 ror r2, r2, #25 vext.32 q15, q15, q15, #2 - str r3, [r7, #76] + str r3, [r7, #92] vext.32 q2, q2, q2, #1 vext.32 q8, q8, q8, #2 vext.32 q3, q3, q3, #1 vext.32 q5, q5, q5, #3 vext.32 q1, q1, q1, #3 bne .L3 - ldr r3, [r7, #68] + ldr r3, [r7, #80] vadd.i32 q4, q12, q10 - str r9, [r7, #100] + str r9, [r7, #116] mov r9, r10 mov r10, r8 - ldr r8, [r7, #80] - str lr, [r7, #80] + ldr r8, [r7, #96] + str lr, [r7, #96] mov lr, r5 - ldr r5, [r7, #40] + ldr r5, [r7, #56] vadd.i32 q5, q13, q5 - ldr r6, [r7, #64] + ldr r6, [r7, #76] vadd.i32 q15, q14, q15 add fp, fp, r5 - ldr r5, [r7, #36] - str r4, [r7, #52] + ldr r5, [r7, #52] + str r4, [r7, #108] vadd.i32 q7, q14, q8 - ldr r4, [r7, #96] + ldr r4, [r7, #112] add r5, r10, r5 - str r3, [r7, #96] + str r3, [r7, #112] vadd.i32 q2, q11, q2 ldr r3, [r6, #12] @ unaligned vadd.i32 q6, q12, q9 - str r0, [r7, #76] + str r0, [r7, #92] vadd.i32 q1, q13, q1 ldr r0, [r6] @ unaligned vadd.i32 q11, q11, q0 - str r1, [r7, #92] - str r2, [r7, #56] + str r1, [r7, #40] + str r2, [r7, #36] vadd.i32 q3, q11, q3 ldr r1, [r6, #4] @ unaligned vadd.i32 q11, q11, q0 ldr r2, [r6, #8] @ unaligned - str r5, [r7, #88] + str r5, [r7, #104] vadd.i32 q11, q11, q0 - ldr r5, [r7, #96] - ldr r10, [r7, #68] + ldr r5, [r7, #112] + ldr r10, [r7, #80] stmia r5!, {r0, r1, r2, r3} mov r5, r10 - ldr r2, [r7, #72] - ldr r1, [r7, #32] - ldr r3, [r7, #48] - vldr d20, [r2, #80] - vldr d21, [r2, #88] - add r9, r9, r1 + ldr r0, [r7, #84] + ldr r2, [r7, #48] + ldr r3, [r7, #72] + vldr d20, [r0, #80] + vldr d21, [r0, #88] + add r9, r9, r2 veor q10, q10, q4 - ldr r1, [r7, #28] - add r0, r8, r1 - str r0, [r7, #24] - vstr d20, [r2, #80] - vstr d21, [r2, #88] - adds r0, r4, r3 - str r0, [r7, #20] + ldr r2, [r7, #44] + adds r1, r4, r3 + str r1, [r7, #28] + add r2, r8, r2 + str r2, [r7, #32] + vstr d20, [r0, #80] + vstr d21, [r0, #88] ldmia r5!, {r0, r1, r2, r3} - mov r5, r10 + ldr r4, [r7, #96] + ldr r5, [r7, #64] + add r4, r4, r5 + ldr r5, [r7, #124] + str r4, [r7, #96] ldr r4, [r7, #60] + add r5, r5, r4 + ldr r4, [r7, #88] + str r5, [r7, #24] + mov r5, r10 str r0, [r4] @ unaligned - mov r4, r10 - ldr r0, [r7, #60] - str r1, [r0, #4] @ unaligned + mov r0, r4 + str r1, [r4, #4] @ unaligned mov r8, r0 str r2, [r0, #8] @ unaligned + mov r4, r10 str r3, [r0, #12] @ unaligned ldr r0, [r6, #16]! @ unaligned ldr r1, [r6, #4] @ unaligned ldr r2, [r6, #8] @ unaligned ldr r3, [r6, #12] @ unaligned - ldr r6, [r7, #64] + ldr r6, [r7, #76] stmia r5!, {r0, r1, r2, r3} mov r5, r10 - ldr r3, [r7, #72] + ldr r3, [r7, #84] vldr d20, [r3, #80] vldr d21, [r3, #88] veor q10, q10, q5 @@ -501,21 +525,22 @@ CRYPTO_chacha_20_neon: str r1, [r8, #20] @ unaligned str r2, [r8, #24] @ unaligned str r3, [r8, #28] @ unaligned + mov r8, r4 ldr r0, [r6, #32]! @ unaligned + str r10, [r7, #124] ldr r1, [r6, #4] @ unaligned ldr r2, [r6, #8] @ unaligned ldr r3, [r6, #12] @ unaligned - ldr r6, [r7, #64] + ldr r6, [r7, #76] stmia r5!, {r0, r1, r2, r3} mov r5, r10 - ldr r0, [r7, #72] - vldr d16, [r0, #80] - vldr d17, [r0, #88] + ldr r2, [r7, #84] + vldr d16, [r2, #80] + vldr d17, [r2, #88] veor q15, q8, q15 - vstr d30, [r0, #80] - vstr d31, [r0, #88] + vstr d30, [r2, #80] + vstr d31, [r2, #88] ldmia r10!, {r0, r1, r2, r3} - mov r10, r5 str r0, [r4, #32] @ unaligned str r1, [r4, #36] @ unaligned str r2, [r4, #40] @ unaligned @@ -524,17 +549,18 @@ CRYPTO_chacha_20_neon: ldr r1, [r6, #4] @ unaligned ldr r2, [r6, #8] @ unaligned ldr r3, [r6, #12] @ unaligned - ldr r6, [r7, #64] + ldr r6, [r7, #76] stmia r5!, {r0, r1, r2, r3} - mov r5, r10 - ldr r2, [r7, #72] - vldr d18, [r2, #80] - vldr d19, [r2, #88] + ldr r1, [r7, #84] + vldr d18, [r1, #80] + vldr d19, [r1, #88] veor q9, q9, q2 - vstr d18, [r2, #80] - vstr d19, [r2, #88] + vstr d18, [r1, #80] + vstr d19, [r1, #88] + ldr r3, [r7, #112] + ldr r5, [r7, #80] + mov r10, r3 ldmia r10!, {r0, r1, r2, r3} - mov r10, r5 str r0, [r4, #48] @ unaligned str r1, [r4, #52] @ unaligned str r2, [r4, #56] @ unaligned @@ -543,34 +569,38 @@ CRYPTO_chacha_20_neon: ldr r1, [r6, #4] @ unaligned ldr r2, [r6, #8] @ unaligned ldr r3, [r6, #12] @ unaligned - ldr r6, [r7, #64] + ldr r6, [r7, #76] stmia r5!, {r0, r1, r2, r3} - mov r5, r10 - ldr r2, [r7, #72] - vldr d18, [r2, #80] - vldr d19, [r2, #88] + ldr r1, [r7, #84] + ldr r3, [r7, #112] + ldr r5, [r7, #80] + vldr d18, [r1, #80] + vldr d19, [r1, #88] veor q9, q9, q6 - vstr d18, [r2, #80] - vstr d19, [r2, #88] + mov r10, r3 + str r5, [r7, #20] + vstr d18, [r1, #80] + vstr d19, [r1, #88] ldmia r10!, {r0, r1, r2, r3} - mov r10, r5 - str r0, [r4, #64] @ unaligned str r1, [r4, #68] @ unaligned str r2, [r4, #72] @ unaligned str r3, [r4, #76] @ unaligned + str r0, [r4, #64] @ unaligned ldr r0, [r6, #80]! @ unaligned ldr r1, [r6, #4] @ unaligned ldr r2, [r6, #8] @ unaligned ldr r3, [r6, #12] @ unaligned - ldr r6, [r7, #64] + ldr r6, [r7, #76] stmia r5!, {r0, r1, r2, r3} - mov r5, r10 - ldr r2, [r7, #72] - vldr d18, [r2, #80] - vldr d19, [r2, #88] + ldr r1, [r7, #84] + ldr r3, [r7, #20] + ldr r5, [r7, #80] + vldr d18, [r1, #80] + vldr d19, [r1, #88] veor q1, q9, q1 - vstr d2, [r2, #80] - vstr d3, [r2, #88] + mov r10, r3 + vstr d2, [r1, #80] + vstr d3, [r1, #88] ldmia r10!, {r0, r1, r2, r3} mov r10, r5 str r0, [r4, #80] @ unaligned @@ -581,17 +611,16 @@ CRYPTO_chacha_20_neon: ldr r1, [r6, #4] @ unaligned ldr r2, [r6, #8] @ unaligned ldr r3, [r6, #12] @ unaligned - ldr r6, [r7, #64] + ldr r6, [r7, #76] stmia r5!, {r0, r1, r2, r3} mov r5, r10 - ldr r3, [r7, #72] + ldr r3, [r7, #84] vldr d16, [r3, #80] vldr d17, [r3, #88] veor q8, q8, q7 vstr d16, [r3, #80] vstr d17, [r3, #88] ldmia r10!, {r0, r1, r2, r3} - mov r10, r5 str r0, [r4, #96] @ unaligned str r1, [r4, #100] @ unaligned str r2, [r4, #104] @ unaligned @@ -600,140 +629,116 @@ CRYPTO_chacha_20_neon: ldr r1, [r6, #4] @ unaligned ldr r2, [r6, #8] @ unaligned ldr r3, [r6, #12] @ unaligned - stmia r5!, {r0, r1, r2, r3} - mov r5, r10 - ldr r0, [r7, #72] - ldr r6, [r7, #44] - vldr d16, [r0, #80] - vldr d17, [r0, #88] + mov r6, r5 + stmia r6!, {r0, r1, r2, r3} + ldr r3, [r7, #84] + vldr d16, [r3, #80] + vldr d17, [r3, #88] veor q8, q8, q3 - vstr d16, [r0, #80] - vstr d17, [r0, #88] + vstr d16, [r3, #80] + vstr d17, [r3, #88] ldmia r5!, {r0, r1, r2, r3} - mov r5, r4 - mov r8, r5 str r1, [r4, #116] @ unaligned - ldr r1, [r7, #64] + ldr r1, [r7, #76] str r0, [r4, #112] @ unaligned - mov r0, r5 str r2, [r4, #120] @ unaligned str r3, [r4, #124] @ unaligned ldr r3, [r1, #128] - ldr r2, [r7, #88] + ldr r2, [r7, #104] eor r3, fp, r3 str r3, [r4, #128] ldr r3, [r1, #132] - mov r4, r1 - mov r1, r5 eors r2, r2, r3 str r2, [r8, #132] - ldr r3, [r4, #136] - ldr r2, [r7, #24] + ldr r3, [r1, #136] + ldr r5, [r7, #68] + ldr r6, [r7, #32] eor r3, r9, r3 - str r3, [r5, #136] - ldr r3, [r4, #140] - eors r3, r3, r2 - str r3, [r5, #140] - mov r5, r4 - ldr r3, [r6] - ldr r2, [r4, #144] - ldr r4, [r7, #52] - add r4, r4, r3 - eors r2, r2, r4 - mov r4, r1 - str r2, [r1, #144] - ldr r1, [r7, #76] - ldr r2, [r6, #4] - ldr r3, [r5, #148] - mov r8, r1 - add r8, r8, r2 - mov r2, r8 - eors r3, r3, r2 - str r3, [r0, #148] - mov r0, r4 - ldr r2, [r6, #8] - ldr r1, [r7, #92] - ldr r3, [r5, #152] - mov r8, r1 - add r8, r8, r2 - ldr r1, [r7, #56] - mov r2, r8 - eors r3, r3, r2 + str r3, [r4, #136] + ldr r3, [r1, #140] + ldr r0, [r7, #92] + eors r3, r3, r6 + ldr r6, [r7, #108] + str r3, [r4, #140] + ldr r3, [r5] + ldr r2, [r1, #144] + add r6, r6, r3 + eors r2, r2, r6 + str r2, [r4, #144] + ldr r2, [r5, #4] + ldr r3, [r1, #148] + add r0, r0, r2 + ldr r6, [r7, #36] + eors r3, r3, r0 + ldr r0, [r7, #40] + str r3, [r4, #148] + ldr r2, [r5, #8] + ldr r3, [r1, #152] + add r0, r0, r2 + eors r3, r3, r0 str r3, [r4, #152] - mov r8, r6 - ldr r2, [r6, #12] - mov r4, r5 - ldr r3, [r5, #156] - add r1, r1, r2 - eors r3, r3, r1 - str r3, [r0, #156] - ldr r2, [r6, #16] + ldr r2, [r5, #12] + mov r0, r4 + ldr r3, [r1, #156] + mov r4, r1 + add r6, r6, r2 mov r1, r0 - ldr r3, [r5, #160] + eors r3, r3, r6 + str r3, [r0, #156] + ldr r2, [r5, #16] + ldr r3, [r4, #160] add ip, ip, r2 eor r3, ip, r3 - str r3, [r0, #160] - ldr r2, [r6, #20] - mov ip, r0 - ldr r3, [r5, #164] + str r3, [r1, #160] + ldr r2, [r5, #20] + ldr r3, [r4, #164] add lr, lr, r2 - ldr r2, [r7, #100] + ldr r2, [r7, #116] eor r3, lr, r3 str r3, [r1, #164] - ldr r6, [r6, #24] + ldr r6, [r5, #24] + mov lr, r4 ldr r3, [r4, #168] add r2, r2, r6 + mov r6, r4 eors r3, r3, r2 - ldr r2, [r7, #104] - str r3, [r0, #168] - ldr r5, [r8, #28] + str r3, [r1, #168] + ldr r5, [r5, #28] + mov r2, r1 ldr r3, [r4, #172] - add r2, r2, r5 - mov r5, r4 - eors r3, r3, r2 - mov r2, r0 - str r3, [r0, #172] - ldr r3, [r7, #48] + ldr r0, [r7, #120] + add r0, r0, r5 + ldr r5, [r7, #24] + eors r3, r3, r0 + str r3, [r1, #172] + ldr r3, [r7, #72] ldr r4, [r4, #176] - ldr r0, [r7, #20] + ldr r1, [r7, #28] + eors r4, r4, r1 adds r1, r3, #3 - ldr r3, [r7, #84] - eors r4, r4, r0 str r4, [r2, #176] - ldr r0, [r5, #180] - mov r4, r2 - str r1, [r7, #48] + ldr r3, [r7, #100] + ldr r0, [lr, #180] + str r1, [r7, #72] eors r3, r3, r0 mov r0, r3 - ldr r3, [r7, #232] + mov r3, r2 str r0, [r2, #180] - ldr r1, [r3] - ldr r3, [r5, #184] - ldr r2, [r7, #80] - add r2, r2, r1 - mov r1, r5 - eors r3, r3, r2 - str r3, [ip, #184] - ldr r3, [r7, #232] + adds r3, r3, #192 + ldr r1, [lr, #184] + ldr r2, [r7, #96] + eors r1, r1, r2 + str r1, [r3, #-8] + ldr r2, [lr, #188] + mov r1, r6 adds r1, r1, #192 - str r1, [r7, #64] - ldr r1, [r7, #108] - ldr r2, [r3, #4] - ldr r3, [r5, #188] - add r1, r1, r2 - mov r2, r1 - eors r2, r2, r3 - str r2, [ip, #188] - mov r3, r4 + str r1, [r7, #76] + eors r2, r2, r5 + str r2, [r3, #-4] ldr r2, [r7, #16] - adds r3, r3, #192 - str r3, [r7, #60] + str r3, [r7, #88] cmp r2, r3 - beq .L85 - ldr r3, [r7, #232] - ldmia r3, {r1, r2} - b .L4 -.L85: + bne .L4 ldr r3, [r7, #12] ldr r2, [r7, #4] add r3, r3, r2 @@ -749,16 +754,14 @@ CRYPTO_chacha_20_neon: rsb fp, fp, r1 lsrs fp, fp, #6 beq .L6 - ldr r6, [r7, #72] ldr r5, [r7, #12] ldr r4, [r7, #16] - mov r3, r6 - adds r3, r3, #80 - vldr d30, .L95 - vldr d31, .L95+8 - mov lr, r3 - str fp, [r7, #104] - str fp, [r7, #108] + ldr r6, [r7, #84] + ldr lr, [r7, #80] + vldr d30, .L94 + vldr d31, .L94+8 + str fp, [r7, #120] + str fp, [r7, #124] .L8: vmov q2, q11 @ v4si movs r3, #10 @@ -883,22 +886,22 @@ CRYPTO_chacha_20_neon: str r0, [r4, #-16] @ unaligned str r1, [r4, #-12] @ unaligned str r3, [r10, #12] @ unaligned - ldr r3, [r7, #108] + ldr r3, [r7, #124] str r2, [r10, #8] @ unaligned cmp r3, #1 - beq .L88 + beq .L87 movs r3, #1 - str r3, [r7, #108] + str r3, [r7, #124] b .L8 -.L96: - .align 3 .L95: + .align 3 +.L94: .word 1 .word 0 .word 0 .word 0 -.L88: - ldr fp, [r7, #104] +.L87: + ldr fp, [r7, #120] ldr r3, [r7, #12] lsl fp, fp, #6 add r3, r3, fp @@ -958,9 +961,9 @@ CRYPTO_chacha_20_neon: bne .L10 cmp r5, #15 mov r9, r5 - bhi .L89 + bhi .L88 vadd.i32 q12, q12, q10 - ldr r3, [r7, #72] + ldr r3, [r7, #84] vst1.64 {d24-d25}, [r3:128] .L14: ldr r3, [r7, #8] @@ -997,7 +1000,7 @@ CRYPTO_chacha_20_neon: movcs r1, ip cmp r1, #0 beq .L17 - ldr r5, [r7, #72] + ldr r5, [r7, #84] cmp r1, #1 ldrb r0, [r0] @ zero_extendqisi2 add r3, r2, #1 @@ -1132,7 +1135,7 @@ CRYPTO_chacha_20_neon: ldr r5, [r7, #16] cmp r6, #1 add r0, r1, r2 - ldr r1, [r7, #72] + ldr r1, [r7, #84] add r1, r1, r2 vld1.64 {d18-d19}, [r0:64] add r2, r2, r5 @@ -1170,7 +1173,7 @@ CRYPTO_chacha_20_neon: add r3, r3, lr beq .L1 .L19: - ldr r4, [r7, #72] + ldr r4, [r7, #84] adds r2, r3, #1 ldr r1, [r7, #12] cmp r2, r9 @@ -1285,7 +1288,7 @@ CRYPTO_chacha_20_neon: eor r1, r1, r0 strb r1, [r5, r2] bls .L1 - ldr r2, [r7, #72] + ldr r2, [r7, #84] ldrb r1, [r2, r3] @ zero_extendqisi2 ldr r2, [r7, #12] ldrb r2, [r2, r3] @ zero_extendqisi2 @@ -1293,26 +1296,23 @@ CRYPTO_chacha_20_neon: ldr r1, [r7, #16] strb r2, [r1, r3] .L1: - adds r7, r7, #132 + adds r7, r7, #156 mov sp, r7 @ sp needed vldm sp!, {d8-d15} pop {r4, r5, r6, r7, r8, r9, r10, fp, pc} -.L89: - ldr r4, [r7, #12] +.L88: + ldr r5, [r7, #12] vadd.i32 q12, q12, q10 - ldr r5, [r7, #72] + ldr r4, [r7, #80] cmp r9, #31 - ldr r0, [r4] @ unaligned - add r6, r5, #80 - ldr r1, [r4, #4] @ unaligned - ldr r2, [r4, #8] @ unaligned - mov r5, r6 - ldr r3, [r4, #12] @ unaligned - mov r4, r6 - str r6, [r7, #68] + ldr r0, [r5] @ unaligned + ldr r1, [r5, #4] @ unaligned + mov r6, r4 + ldr r2, [r5, #8] @ unaligned + ldr r3, [r5, #12] @ unaligned stmia r6!, {r0, r1, r2, r3} - ldr r2, [r7, #72] + ldr r2, [r7, #84] ldr r6, [r7, #16] vldr d18, [r2, #80] vldr d19, [r2, #88] @@ -1325,9 +1325,9 @@ CRYPTO_chacha_20_neon: str r0, [r6] @ unaligned str r2, [r6, #8] @ unaligned str r3, [r6, #12] @ unaligned - bhi .L90 + bhi .L89 vadd.i32 q13, q13, q15 - ldr r3, [r7, #72] + ldr r3, [r7, #84] vstr d26, [r3, #16] vstr d27, [r3, #24] b .L14 @@ -1336,7 +1336,7 @@ CRYPTO_chacha_20_neon: ldr r2, [r7, #12] add r2, r2, r9 mov r5, r2 - ldr r2, [r7, #72] + ldr r2, [r7, #84] add r2, r2, r3 mov r3, r2 .L24: @@ -1346,7 +1346,7 @@ CRYPTO_chacha_20_neon: eor r2, r2, r1 strb r2, [r4], #1 bne .L24 - adds r7, r7, #132 + adds r7, r7, #156 mov sp, r7 @ sp needed vldm sp!, {d8-d15} @@ -1354,20 +1354,20 @@ CRYPTO_chacha_20_neon: .L26: str fp, [r7, #16] b .L2 -.L90: - ldr r3, [r7, #12] +.L89: + mov r3, r5 + ldr r4, [r7, #80] + ldr r0, [r3, #16]! @ unaligned add lr, r1, #16 - mov r4, r5 - mov r6, r5 mov r5, r1 vadd.i32 q13, q13, q15 - ldr r0, [r3, #16]! @ unaligned + mov r6, r4 cmp r9, #47 ldr r1, [r3, #4] @ unaligned ldr r2, [r3, #8] @ unaligned ldr r3, [r3, #12] @ unaligned stmia r6!, {r0, r1, r2, r3} - ldr r2, [r7, #72] + ldr r2, [r7, #84] vldr d18, [r2, #80] vldr d19, [r2, #88] veor q13, q9, q13 @@ -1378,18 +1378,18 @@ CRYPTO_chacha_20_neon: str r1, [lr, #4] @ unaligned str r2, [lr, #8] @ unaligned str r3, [lr, #12] @ unaligned - bhi .L91 + bhi .L90 vadd.i32 q8, q14, q8 - ldr r3, [r7, #72] + ldr r3, [r7, #84] vstr d16, [r3, #32] vstr d17, [r3, #40] b .L14 -.L91: +.L90: ldr r3, [r7, #12] add lr, r5, #32 - ldr r4, [r7, #68] + ldr r4, [r7, #80] vadd.i32 q8, q14, q8 - ldr r5, [r7, #72] + ldr r5, [r7, #84] vadd.i32 q11, q11, q3 ldr r0, [r3, #32]! @ unaligned mov r6, r4 diff --git a/src/crypto/chacha/chacha_vec_arm_generate.go b/src/crypto/chacha/chacha_vec_arm_generate.go new file mode 100644 index 0000000..d681e8a --- /dev/null +++ b/src/crypto/chacha/chacha_vec_arm_generate.go @@ -0,0 +1,148 @@ +// Copyright (c) 2014, Google Inc. +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +// This package generates chacha_vec_arm.S from chacha_vec.c. +package main + +import ( + "bufio" + "bytes" + "os" + "os/exec" + "strings" +) + +const defaultCompiler = "/opt/gcc-linaro-4.9-2014.11-x86_64_arm-linux-gnueabihf/bin/arm-linux-gnueabihf-gcc" + +func main() { + compiler := defaultCompiler + if len(os.Args) > 1 { + compiler = os.Args[1] + } + + args := []string{ + "-O3", + "-mcpu=cortex-a8", + "-mfpu=neon", + "-fpic", + "-DASM_GEN", + "-I", "../../include", + "-S", "chacha_vec.c", + "-o", "-", + } + + output, err := os.OpenFile("chacha_vec_arm.S", os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0644) + if err != nil { + panic(err) + } + defer output.Close() + + output.WriteString(preamble) + output.WriteString(compiler) + output.WriteString(" ") + output.WriteString(strings.Join(args, " ")) + output.WriteString("\n\n#if !defined(OPENSSL_NO_ASM)\n\n") + + cmd := exec.Command(compiler, args...) + cmd.Stderr = os.Stderr + asm, err := cmd.StdoutPipe() + if err != nil { + panic(err) + } + if err := cmd.Start(); err != nil { + panic(err) + } + + attr28 := []byte(".eabi_attribute 28,") + globalDirective := []byte(".global\t") + newLine := []byte("\n") + attr28Handled := false + + scanner := bufio.NewScanner(asm) + for scanner.Scan() { + line := scanner.Bytes() + + if bytes.Contains(line, attr28) { + output.WriteString(attr28Block) + attr28Handled = true + continue + } + + output.Write(line) + output.Write(newLine) + + if i := bytes.Index(line, globalDirective); i >= 0 { + output.Write(line[:i]) + output.WriteString(".hidden\t") + output.Write(line[i+len(globalDirective):]) + output.Write(newLine) + } + } + + if err := scanner.Err(); err != nil { + panic(err) + } + + if !attr28Handled { + panic("EABI attribute 28 not seen in processing") + } + + if err := cmd.Wait(); err != nil { + panic(err) + } + + output.WriteString(trailer) +} + +const preamble = `# Copyright (c) 2014, Google Inc. +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +# OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +# CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +# This file contains a pre-compiled version of chacha_vec.c for ARM. This is +# needed to support switching on NEON code at runtime. If the whole of OpenSSL +# were to be compiled with the needed flags to build chacha_vec.c, then it +# wouldn't be possible to run on non-NEON systems. +# +# This file was generated by chacha_vec_arm_generate.go using the following +# compiler command: +# +# ` + +const attr28Block = ` +# EABI attribute 28 sets whether VFP register arguments were used to build this +# file. If object files are inconsistent on this point, the linker will refuse +# to link them. Thus we report whatever the compiler expects since we don't use +# VFP arguments. + +#if defined(__ARM_PCS_VFP) + .eabi_attribute 28, 1 +#else + .eabi_attribute 28, 0 +#endif + +` + +const trailer = ` +#endif /* !OPENSSL_NO_ASM */ +` diff --git a/src/crypto/cipher/CMakeLists.txt b/src/crypto/cipher/CMakeLists.txt index bb62b72..f428e25 100644 --- a/src/crypto/cipher/CMakeLists.txt +++ b/src/crypto/cipher/CMakeLists.txt @@ -6,7 +6,6 @@ add_library( OBJECT cipher.c - cipher_error.c derive_key.c aead.c @@ -31,7 +30,8 @@ add_executable( add_executable( aead_test - aead_test.c + aead_test.cc + $ ) target_link_libraries(cipher_test crypto) diff --git a/src/crypto/cipher/aead.c b/src/crypto/cipher/aead.c index 263e398..20d699d 100644 --- a/src/crypto/cipher/aead.c +++ b/src/crypto/cipher/aead.c @@ -33,12 +33,40 @@ size_t EVP_AEAD_max_tag_len(const EVP_AEAD *aead) { return aead->max_tag_len; } int EVP_AEAD_CTX_init(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead, const uint8_t *key, size_t key_len, size_t tag_len, ENGINE *impl) { - ctx->aead = aead; + if (!aead->init) { + OPENSSL_PUT_ERROR(CIPHER, EVP_AEAD_CTX_init, CIPHER_R_NO_DIRECTION_SET); + ctx->aead = NULL; + return 0; + } + return EVP_AEAD_CTX_init_with_direction(ctx, aead, key, key_len, tag_len, + evp_aead_open); +} + +int EVP_AEAD_CTX_init_with_direction(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead, + const uint8_t *key, size_t key_len, + size_t tag_len, + enum evp_aead_direction_t dir) { if (key_len != aead->key_len) { - OPENSSL_PUT_ERROR(CIPHER, EVP_AEAD_CTX_init, CIPHER_R_UNSUPPORTED_KEY_SIZE); + OPENSSL_PUT_ERROR(CIPHER, EVP_AEAD_CTX_init_with_direction, + CIPHER_R_UNSUPPORTED_KEY_SIZE); + ctx->aead = NULL; return 0; } - return aead->init(ctx, key, key_len, tag_len); + + ctx->aead = aead; + + int ok; + if (aead->init) { + ok = aead->init(ctx, key, key_len, tag_len); + } else { + ok = aead->init_with_direction(ctx, key, key_len, tag_len, dir); + } + + if (!ok) { + ctx->aead = NULL; + } + + return ok; } void EVP_AEAD_CTX_cleanup(EVP_AEAD_CTX *ctx) { @@ -117,3 +145,11 @@ error: *out_len = 0; return 0; } + +int EVP_AEAD_CTX_get_rc4_state(const EVP_AEAD_CTX *ctx, const RC4_KEY **out_key) { + if (ctx->aead->get_rc4_state == NULL) { + return 0; + } + + return ctx->aead->get_rc4_state(ctx, out_key); +} diff --git a/src/crypto/cipher/aead_test.c b/src/crypto/cipher/aead_test.c deleted file mode 100644 index 310c90c..0000000 --- a/src/crypto/cipher/aead_test.c +++ /dev/null @@ -1,387 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#include -#include -#include -#include - -#include -#include -#include -#include - -/* This program tests an AEAD against a series of test vectors from a file. The - * test vector file consists of key-value lines where the key and value are - * separated by a colon and optional whitespace. The keys are listed in - * |NAMES|, below. The values are hex-encoded data. - * - * After a number of key-value lines, a blank line or EOF indicates the end of - * the test case. - * - * For example, here's a valid test case: - * - * KEY: 5a19f3173586b4c42f8412f4d5a786531b3231753e9e00998aec12fda8df10e4 - * NONCE: 978105dfce667bf4 - * IN: 6a4583908d - * AD: b654574932 - * CT: 5294265a60 - * TAG: 1d45758621762e061368e68868e2f929 - */ - -#define BUF_MAX 512 - -/* These are the different types of line that are found in the input file. */ -enum { - KEY = 0, /* hex encoded key. */ - NONCE, /* hex encoded nonce. */ - IN, /* hex encoded plaintext. */ - AD, /* hex encoded additional data. */ - CT, /* hex encoded ciphertext (not including the authenticator, - which is next). */ - TAG, /* hex encoded authenticator. */ - NO_SEAL, /* non-zero length if seal(IN) is not expected to be CT+TAG, - however open(CT+TAG) should still be IN. */ - FAILS, /* non-zero length if open(CT+TAG) is expected to fail. */ - NUM_TYPES, -}; - -static const char NAMES[8][NUM_TYPES] = { - "KEY", "NONCE", "IN", "AD", "CT", "TAG", "NO_SEAL", "FAILS", -}; - -static unsigned char hex_digit(char h) { - if (h >= '0' && h <= '9') { - return h - '0'; - } else if (h >= 'a' && h <= 'f') { - return h - 'a' + 10; - } else if (h >= 'A' && h <= 'F') { - return h - 'A' + 10; - } else { - return 16; - } -} - -static int run_test_case(const EVP_AEAD *aead, - uint8_t bufs[NUM_TYPES][BUF_MAX], - const unsigned int lengths[NUM_TYPES], - unsigned int line_no) { - EVP_AEAD_CTX ctx; - size_t ciphertext_len, plaintext_len; - uint8_t out[BUF_MAX + EVP_AEAD_MAX_OVERHEAD + 1]; - /* Note: When calling |EVP_AEAD_CTX_open|, the "stateful" AEADs require - * |max_out| be at least |in_len| despite the final output always being - * smaller by at least tag length. */ - uint8_t out2[sizeof(out)]; - - if (!EVP_AEAD_CTX_init(&ctx, aead, bufs[KEY], lengths[KEY], lengths[TAG], - NULL)) { - fprintf(stderr, "Failed to init AEAD on line %u\n", line_no); - return 0; - } - - if (!lengths[NO_SEAL]) { - if (!EVP_AEAD_CTX_seal(&ctx, out, &ciphertext_len, sizeof(out), bufs[NONCE], - lengths[NONCE], bufs[IN], lengths[IN], bufs[AD], - lengths[AD])) { - fprintf(stderr, "Failed to run AEAD on line %u\n", line_no); - return 0; - } - - if (ciphertext_len != lengths[CT] + lengths[TAG]) { - fprintf(stderr, "Bad output length on line %u: %u vs %u\n", line_no, - (unsigned)ciphertext_len, (unsigned)(lengths[CT] + lengths[TAG])); - return 0; - } - - if (memcmp(out, bufs[CT], lengths[CT]) != 0) { - fprintf(stderr, "Bad output on line %u\n", line_no); - return 0; - } - - if (memcmp(out + lengths[CT], bufs[TAG], lengths[TAG]) != 0) { - fprintf(stderr, "Bad tag on line %u\n", line_no); - return 0; - } - } else { - memcpy(out, bufs[CT], lengths[CT]); - memcpy(out + lengths[CT], bufs[TAG], lengths[TAG]); - ciphertext_len = lengths[CT] + lengths[TAG]; - } - - /* The "stateful" AEADs for implementing pre-AEAD cipher suites need to be - * reset after each operation. */ - EVP_AEAD_CTX_cleanup(&ctx); - if (!EVP_AEAD_CTX_init(&ctx, aead, bufs[KEY], lengths[KEY], lengths[TAG], - NULL)) { - fprintf(stderr, "Failed to init AEAD on line %u\n", line_no); - return 0; - } - - int ret = EVP_AEAD_CTX_open(&ctx, out2, &plaintext_len, sizeof(out2), - bufs[NONCE], lengths[NONCE], out, ciphertext_len, - bufs[AD], lengths[AD]); - if (lengths[FAILS]) { - if (ret) { - fprintf(stderr, "Decrypted bad data on line %u\n", line_no); - return 0; - } - ERR_clear_error(); - } else { - if (!ret) { - fprintf(stderr, "Failed to decrypt on line %u\n", line_no); - return 0; - } - - if (plaintext_len != lengths[IN]) { - fprintf(stderr, "Bad decrypt on line %u: %u\n", line_no, - (unsigned)ciphertext_len); - return 0; - } - - /* The "stateful" AEADs for implementing pre-AEAD cipher suites need to be - * reset after each operation. */ - EVP_AEAD_CTX_cleanup(&ctx); - if (!EVP_AEAD_CTX_init(&ctx, aead, bufs[KEY], lengths[KEY], lengths[TAG], - NULL)) { - fprintf(stderr, "Failed to init AEAD on line %u\n", line_no); - return 0; - } - - /* Garbage at the end isn't ignored. */ - out[ciphertext_len] = 0; - if (EVP_AEAD_CTX_open(&ctx, out2, &plaintext_len, sizeof(out2), - bufs[NONCE], lengths[NONCE], out, ciphertext_len + 1, - bufs[AD], lengths[AD])) { - fprintf(stderr, "Decrypted bad data on line %u\n", line_no); - return 0; - } - ERR_clear_error(); - - /* The "stateful" AEADs for implementing pre-AEAD cipher suites need to be - * reset after each operation. */ - EVP_AEAD_CTX_cleanup(&ctx); - if (!EVP_AEAD_CTX_init(&ctx, aead, bufs[KEY], lengths[KEY], lengths[TAG], - NULL)) { - fprintf(stderr, "Failed to init AEAD on line %u\n", line_no); - return 0; - } - - /* Verify integrity is checked. */ - out[0] ^= 0x80; - if (EVP_AEAD_CTX_open(&ctx, out2, &plaintext_len, sizeof(out2), bufs[NONCE], - lengths[NONCE], out, ciphertext_len, bufs[AD], - lengths[AD])) { - fprintf(stderr, "Decrypted bad data on line %u\n", line_no); - return 0; - } - ERR_clear_error(); - } - - EVP_AEAD_CTX_cleanup(&ctx); - return 1; -} - -int main(int argc, char **argv) { - FILE *f; - const EVP_AEAD *aead = NULL; - unsigned int line_no = 0, num_tests = 0, j; - - unsigned char bufs[NUM_TYPES][BUF_MAX]; - unsigned int lengths[NUM_TYPES]; - - CRYPTO_library_init(); - ERR_load_crypto_strings(); - - if (argc != 3) { - fprintf(stderr, "%s \n", argv[0]); - return 1; - } - - if (strcmp(argv[1], "aes-128-gcm") == 0) { - aead = EVP_aead_aes_128_gcm(); - } else if (strcmp(argv[1], "aes-256-gcm") == 0) { - aead = EVP_aead_aes_256_gcm(); - } else if (strcmp(argv[1], "chacha20-poly1305") == 0) { - aead = EVP_aead_chacha20_poly1305(); - } else if (strcmp(argv[1], "rc4-md5-tls") == 0) { - aead = EVP_aead_rc4_md5_tls(); - } else if (strcmp(argv[1], "rc4-sha1-tls") == 0) { - aead = EVP_aead_rc4_sha1_tls(); - } else if (strcmp(argv[1], "aes-128-cbc-sha1-tls") == 0) { - aead = EVP_aead_aes_128_cbc_sha1_tls(); - } else if (strcmp(argv[1], "aes-128-cbc-sha1-tls-implicit-iv") == 0) { - aead = EVP_aead_aes_128_cbc_sha1_tls_implicit_iv(); - } else if (strcmp(argv[1], "aes-128-cbc-sha256-tls") == 0) { - aead = EVP_aead_aes_128_cbc_sha256_tls(); - } else if (strcmp(argv[1], "aes-256-cbc-sha1-tls") == 0) { - aead = EVP_aead_aes_256_cbc_sha1_tls(); - } else if (strcmp(argv[1], "aes-256-cbc-sha1-tls-implicit-iv") == 0) { - aead = EVP_aead_aes_256_cbc_sha1_tls_implicit_iv(); - } else if (strcmp(argv[1], "aes-256-cbc-sha256-tls") == 0) { - aead = EVP_aead_aes_256_cbc_sha256_tls(); - } else if (strcmp(argv[1], "aes-256-cbc-sha384-tls") == 0) { - aead = EVP_aead_aes_256_cbc_sha384_tls(); - } else if (strcmp(argv[1], "des-ede3-cbc-sha1-tls") == 0) { - aead = EVP_aead_des_ede3_cbc_sha1_tls(); - } else if (strcmp(argv[1], "des-ede3-cbc-sha1-tls-implicit-iv") == 0) { - aead = EVP_aead_des_ede3_cbc_sha1_tls_implicit_iv(); - } else if (strcmp(argv[1], "rc4-md5-ssl3") == 0) { - aead = EVP_aead_rc4_md5_ssl3(); - } else if (strcmp(argv[1], "rc4-sha1-ssl3") == 0) { - aead = EVP_aead_rc4_sha1_ssl3(); - } else if (strcmp(argv[1], "aes-128-cbc-sha1-ssl3") == 0) { - aead = EVP_aead_aes_128_cbc_sha1_ssl3(); - } else if (strcmp(argv[1], "aes-256-cbc-sha1-ssl3") == 0) { - aead = EVP_aead_aes_256_cbc_sha1_ssl3(); - } else if (strcmp(argv[1], "des-ede3-cbc-sha1-ssl3") == 0) { - aead = EVP_aead_des_ede3_cbc_sha1_ssl3(); - } else if (strcmp(argv[1], "aes-128-key-wrap") == 0) { - aead = EVP_aead_aes_128_key_wrap(); - } else if (strcmp(argv[1], "aes-256-key-wrap") == 0) { - aead = EVP_aead_aes_256_key_wrap(); - } else { - fprintf(stderr, "Unknown AEAD: %s\n", argv[1]); - return 2; - } - - f = fopen(argv[2], "r"); - if (f == NULL) { - perror("failed to open input"); - return 1; - } - - for (j = 0; j < NUM_TYPES; j++) { - lengths[j] = 0; - } - - for (;;) { - char line[4096]; - unsigned int i, type_len = 0; - - unsigned char *buf = NULL; - unsigned int *buf_len = NULL; - - if (!fgets(line, sizeof(line), f)) { - line[0] = 0; - } - - line_no++; - if (line[0] == '#') { - continue; - } - - if (line[0] == '\n' || line[0] == 0) { - /* Run a test, if possible. */ - char any_values_set = 0; - for (j = 0; j < NUM_TYPES; j++) { - if (lengths[j] != 0) { - any_values_set = 1; - break; - } - } - - if (any_values_set) { - if (!run_test_case(aead, bufs, lengths, line_no)) { - BIO_print_errors_fp(stderr); - return 4; - } - - for (j = 0; j < NUM_TYPES; j++) { - lengths[j] = 0; - } - - num_tests++; - } - - if (line[0] == 0) { - break; - } - continue; - } - - /* Each line looks like: - * TYPE: 0123abc - * Where "TYPE" is the type of the data on the line, - * e.g. "KEY". */ - for (i = 0; line[i] != 0 && line[i] != '\n'; i++) { - if (line[i] == ':') { - type_len = i; - break; - } - } - i++; - - if (type_len == 0) { - fprintf(stderr, "Parse error on line %u\n", line_no); - return 3; - } - - /* After the colon, there's optional whitespace. */ - for (; line[i] != 0 && line[i] != '\n'; i++) { - if (line[i] != ' ' && line[i] != '\t') { - break; - } - } - - line[type_len] = 0; - for (j = 0; j < NUM_TYPES; j++) { - if (strcmp(line, NAMES[j]) != 0) { - continue; - } - if (lengths[j] != 0) { - fprintf(stderr, "Duplicate value on line %u\n", line_no); - return 3; - } - buf = bufs[j]; - buf_len = &lengths[j]; - } - - if (buf == NULL) { - fprintf(stderr, "Unknown line type on line %u\n", line_no); - return 3; - } - - j = 0; - for (; line[i] != 0 && line[i] != '\n'; i++) { - unsigned char v, v2; - v = hex_digit(line[i++]); - if (line[i] == 0 || line[i] == '\n') { - fprintf(stderr, "Odd-length hex data on line %u\n", line_no); - return 3; - } - v2 = hex_digit(line[i]); - if (v > 15 || v2 > 15) { - fprintf(stderr, "Invalid hex char on line %u\n", line_no); - return 3; - } - v <<= 4; - v |= v2; - - if (j == BUF_MAX) { - fprintf(stderr, "Too much hex data on line %u (max is %u bytes)\n", - line_no, (unsigned)BUF_MAX); - return 3; - } - buf[j++] = v; - *buf_len = *buf_len + 1; - } - } - - printf("Completed %u test cases\n", num_tests); - printf("PASS\n"); - fclose(f); - - return 0; -} diff --git a/src/crypto/cipher/aead_test.cc b/src/crypto/cipher/aead_test.cc new file mode 100644 index 0000000..e4b75d6 --- /dev/null +++ b/src/crypto/cipher/aead_test.cc @@ -0,0 +1,276 @@ +/* Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include +#include + +#include + +#include +#include +#include + +#include "../test/file_test.h" +#include "../test/stl_compat.h" + + +// This program tests an AEAD against a series of test vectors from a file, +// using the FileTest format. As an example, here's a valid test case: +// +// KEY: 5a19f3173586b4c42f8412f4d5a786531b3231753e9e00998aec12fda8df10e4 +// NONCE: 978105dfce667bf4 +// IN: 6a4583908d +// AD: b654574932 +// CT: 5294265a60 +// TAG: 1d45758621762e061368e68868e2f929 + +// EVP_AEAD_CTX lacks a zero state, so it doesn't fit easily into +// ScopedOpenSSLContext. +class EVP_AEAD_CTXScoper { + public: + EVP_AEAD_CTXScoper(EVP_AEAD_CTX *ctx) : ctx_(ctx) {} + ~EVP_AEAD_CTXScoper() { + EVP_AEAD_CTX_cleanup(ctx_); + } + private: + EVP_AEAD_CTX *ctx_; +}; + +static bool TestAEAD(FileTest *t, void *arg) { + const EVP_AEAD *aead = reinterpret_cast(arg); + + std::vector key, nonce, in, ad, ct, tag; + if (!t->GetBytes(&key, "KEY") || + !t->GetBytes(&nonce, "NONCE") || + !t->GetBytes(&in, "IN") || + !t->GetBytes(&ad, "AD") || + !t->GetBytes(&ct, "CT") || + !t->GetBytes(&tag, "TAG")) { + return false; + } + + EVP_AEAD_CTX ctx; + if (!EVP_AEAD_CTX_init_with_direction(&ctx, aead, bssl::vector_data(&key), + key.size(), tag.size(), + evp_aead_seal)) { + t->PrintLine("Failed to init AEAD."); + return false; + } + EVP_AEAD_CTXScoper cleanup(&ctx); + + std::vector out(in.size() + EVP_AEAD_max_overhead(aead)); + if (!t->HasAttribute("NO_SEAL")) { + size_t out_len; + if (!EVP_AEAD_CTX_seal(&ctx, bssl::vector_data(&out), &out_len, out.size(), + bssl::vector_data(&nonce), nonce.size(), + bssl::vector_data(&in), in.size(), + bssl::vector_data(&ad), ad.size())) { + t->PrintLine("Failed to run AEAD."); + return false; + } + out.resize(out_len); + + if (out.size() != ct.size() + tag.size()) { + t->PrintLine("Bad output length: %u vs %u.", (unsigned)out_len, + (unsigned)(ct.size() + tag.size())); + return false; + } + if (!t->ExpectBytesEqual(bssl::vector_data(&ct), ct.size(), + bssl::vector_data(&out), ct.size()) || + !t->ExpectBytesEqual(bssl::vector_data(&tag), tag.size(), + bssl::vector_data(&out) + ct.size(), tag.size())) { + return false; + } + } else { + out.resize(ct.size() + tag.size()); + memcpy(bssl::vector_data(&out), bssl::vector_data(&ct), ct.size()); + memcpy(bssl::vector_data(&out) + ct.size(), bssl::vector_data(&tag), + tag.size()); + } + + // The "stateful" AEADs for implementing pre-AEAD cipher suites need to be + // reset after each operation. + EVP_AEAD_CTX_cleanup(&ctx); + if (!EVP_AEAD_CTX_init_with_direction(&ctx, aead, bssl::vector_data(&key), + key.size(), tag.size(), + evp_aead_open)) { + t->PrintLine("Failed to init AEAD."); + return false; + } + + std::vector out2(out.size()); + size_t out2_len; + int ret = EVP_AEAD_CTX_open(&ctx, + bssl::vector_data(&out2), &out2_len, out2.size(), + bssl::vector_data(&nonce), nonce.size(), + bssl::vector_data(&out), out.size(), + bssl::vector_data(&ad), ad.size()); + if (t->HasAttribute("FAILS")) { + if (ret) { + t->PrintLine("Decrypted bad data."); + return false; + } + ERR_clear_error(); + return true; + } + + if (!ret) { + t->PrintLine("Failed to decrypt."); + return false; + } + out2.resize(out2_len); + if (!t->ExpectBytesEqual(bssl::vector_data(&in), in.size(), + bssl::vector_data(&out2), out2.size())) { + return false; + } + + // The "stateful" AEADs for implementing pre-AEAD cipher suites need to be + // reset after each operation. + EVP_AEAD_CTX_cleanup(&ctx); + if (!EVP_AEAD_CTX_init_with_direction(&ctx, aead, bssl::vector_data(&key), + key.size(), tag.size(), + evp_aead_open)) { + t->PrintLine("Failed to init AEAD."); + return false; + } + + // Garbage at the end isn't ignored. + out.push_back(0); + out2.resize(out.size()); + if (EVP_AEAD_CTX_open(&ctx, bssl::vector_data(&out2), &out2_len, out2.size(), + bssl::vector_data(&nonce), nonce.size(), + bssl::vector_data(&out), out.size(), + bssl::vector_data(&ad), ad.size())) { + t->PrintLine("Decrypted bad data with trailing garbage."); + return false; + } + ERR_clear_error(); + + // The "stateful" AEADs for implementing pre-AEAD cipher suites need to be + // reset after each operation. + EVP_AEAD_CTX_cleanup(&ctx); + if (!EVP_AEAD_CTX_init_with_direction(&ctx, aead, bssl::vector_data(&key), + key.size(), tag.size(), + evp_aead_open)) { + t->PrintLine("Failed to init AEAD."); + return false; + } + + // Verify integrity is checked. + out[0] ^= 0x80; + out.resize(out.size() - 1); + out2.resize(out.size()); + if (EVP_AEAD_CTX_open(&ctx, bssl::vector_data(&out2), &out2_len, out2.size(), + bssl::vector_data(&nonce), nonce.size(), + bssl::vector_data(&out), out.size(), + bssl::vector_data(&ad), ad.size())) { + t->PrintLine("Decrypted bad data with corrupted byte."); + return false; + } + ERR_clear_error(); + + return true; +} + +static int TestCleanupAfterInitFailure(const EVP_AEAD *aead) { + EVP_AEAD_CTX ctx; + uint8_t key[128]; + + memset(key, 0, sizeof(key)); + const size_t key_len = EVP_AEAD_key_length(aead); + if (key_len > sizeof(key)) { + fprintf(stderr, "Key length of AEAD too long.\n"); + return 0; + } + + if (EVP_AEAD_CTX_init(&ctx, aead, key, key_len, + 9999 /* a silly tag length to trigger an error */, + NULL /* ENGINE */) != 0) { + fprintf(stderr, "A silly tag length didn't trigger an error!\n"); + return 0; + } + + /* Running a second, failed _init should not cause a memory leak. */ + if (EVP_AEAD_CTX_init(&ctx, aead, key, key_len, + 9999 /* a silly tag length to trigger an error */, + NULL /* ENGINE */) != 0) { + fprintf(stderr, "A silly tag length didn't trigger an error!\n"); + return 0; + } + + /* Calling _cleanup on an |EVP_AEAD_CTX| after a failed _init should be a + * no-op. */ + EVP_AEAD_CTX_cleanup(&ctx); + return 1; +} + +struct AEADName { + const char name[40]; + const EVP_AEAD *(*func)(void); +}; + +static const struct AEADName kAEADs[] = { + { "aes-128-gcm", EVP_aead_aes_128_gcm }, + { "aes-256-gcm", EVP_aead_aes_256_gcm }, + { "chacha20-poly1305", EVP_aead_chacha20_poly1305 }, + { "rc4-md5-tls", EVP_aead_rc4_md5_tls }, + { "rc4-sha1-tls", EVP_aead_rc4_sha1_tls }, + { "aes-128-cbc-sha1-tls", EVP_aead_aes_128_cbc_sha1_tls }, + { "aes-128-cbc-sha1-tls-implicit-iv", EVP_aead_aes_128_cbc_sha1_tls_implicit_iv }, + { "aes-128-cbc-sha256-tls", EVP_aead_aes_128_cbc_sha256_tls }, + { "aes-256-cbc-sha1-tls", EVP_aead_aes_256_cbc_sha1_tls }, + { "aes-256-cbc-sha1-tls-implicit-iv", EVP_aead_aes_256_cbc_sha1_tls_implicit_iv }, + { "aes-256-cbc-sha256-tls", EVP_aead_aes_256_cbc_sha256_tls }, + { "aes-256-cbc-sha384-tls", EVP_aead_aes_256_cbc_sha384_tls }, + { "des-ede3-cbc-sha1-tls", EVP_aead_des_ede3_cbc_sha1_tls }, + { "des-ede3-cbc-sha1-tls-implicit-iv", EVP_aead_des_ede3_cbc_sha1_tls_implicit_iv }, + { "rc4-md5-ssl3", EVP_aead_rc4_md5_ssl3 }, + { "rc4-sha1-ssl3", EVP_aead_rc4_sha1_ssl3 }, + { "aes-128-cbc-sha1-ssl3", EVP_aead_aes_128_cbc_sha1_ssl3 }, + { "aes-256-cbc-sha1-ssl3", EVP_aead_aes_256_cbc_sha1_ssl3 }, + { "des-ede3-cbc-sha1-ssl3", EVP_aead_des_ede3_cbc_sha1_ssl3 }, + { "aes-128-key-wrap", EVP_aead_aes_128_key_wrap }, + { "aes-256-key-wrap", EVP_aead_aes_256_key_wrap }, + { "aes-128-ctr-hmac-sha256", EVP_aead_aes_128_ctr_hmac_sha256 }, + { "aes-256-ctr-hmac-sha256", EVP_aead_aes_256_ctr_hmac_sha256 }, + { "", NULL }, +}; + +int main(int argc, char **argv) { + CRYPTO_library_init(); + + if (argc != 3) { + fprintf(stderr, "%s \n", argv[0]); + return 1; + } + + const EVP_AEAD *aead; + for (unsigned i = 0;; i++) { + const struct AEADName &aead_name = kAEADs[i]; + if (aead_name.func == NULL) { + fprintf(stderr, "Unknown AEAD: %s\n", argv[1]); + return 2; + } + if (strcmp(aead_name.name, argv[1]) == 0) { + aead = aead_name.func(); + break; + } + } + + if (!TestCleanupAfterInitFailure(aead)) { + return 1; + } + + return FileTestMain(TestAEAD, const_cast(aead), argv[2]); +} diff --git a/src/crypto/cipher/cipher.c b/src/crypto/cipher/cipher.c index 4bb4196..1dcfd06 100644 --- a/src/crypto/cipher/cipher.c +++ b/src/crypto/cipher/cipher.c @@ -94,8 +94,8 @@ EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) { } int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) { - if (c->cipher != NULL && c->cipher->cleanup && !c->cipher->cleanup(c)) { - return 0; + if (c->cipher != NULL && c->cipher->cleanup) { + c->cipher->cleanup(c); } if (c->cipher_data) { @@ -197,7 +197,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, break; case EVP_CIPH_CFB_MODE: - case EVP_CIPH_OFB_MODE: ctx->num = 0; /* fall-through */ @@ -210,6 +209,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, break; case EVP_CIPH_CTR_MODE: + case EVP_CIPH_OFB_MODE: ctx->num = 0; /* Don't reuse IV for CTR mode */ if (iv) { @@ -582,10 +582,6 @@ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, unsigned key_len) { int EVP_CIPHER_nid(const EVP_CIPHER *cipher) { return cipher->nid; } -const char *EVP_CIPHER_name(const EVP_CIPHER *cipher) { - return OBJ_nid2sn(cipher->nid); -} - unsigned EVP_CIPHER_block_size(const EVP_CIPHER *cipher) { return cipher->block_size; } diff --git a/src/crypto/cipher/cipher_error.c b/src/crypto/cipher/cipher_error.c deleted file mode 100644 index 95230f6..0000000 --- a/src/crypto/cipher/cipher_error.c +++ /dev/null @@ -1,78 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#include - -#include - -const ERR_STRING_DATA CIPHER_error_string_data[] = { - {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_EVP_AEAD_CTX_init, 0), "EVP_AEAD_CTX_init"}, - {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_EVP_AEAD_CTX_open, 0), "EVP_AEAD_CTX_open"}, - {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_EVP_AEAD_CTX_seal, 0), "EVP_AEAD_CTX_seal"}, - {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_EVP_CIPHER_CTX_copy, 0), "EVP_CIPHER_CTX_copy"}, - {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_EVP_CIPHER_CTX_ctrl, 0), "EVP_CIPHER_CTX_ctrl"}, - {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_EVP_CIPHER_CTX_set_key_length, 0), "EVP_CIPHER_CTX_set_key_length"}, - {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_EVP_CipherInit_ex, 0), "EVP_CipherInit_ex"}, - {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_EVP_DecryptFinal_ex, 0), "EVP_DecryptFinal_ex"}, - {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_EVP_EncryptFinal_ex, 0), "EVP_EncryptFinal_ex"}, - {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_aead_aes_gcm_init, 0), "aead_aes_gcm_init"}, - {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_aead_aes_gcm_open, 0), "aead_aes_gcm_open"}, - {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_aead_aes_gcm_seal, 0), "aead_aes_gcm_seal"}, - {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_aead_aes_key_wrap_init, 0), "aead_aes_key_wrap_init"}, - {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_aead_aes_key_wrap_open, 0), "aead_aes_key_wrap_open"}, - {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_aead_aes_key_wrap_seal, 0), "aead_aes_key_wrap_seal"}, - {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_aead_chacha20_poly1305_init, 0), "aead_chacha20_poly1305_init"}, - {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_aead_chacha20_poly1305_open, 0), "aead_chacha20_poly1305_open"}, - {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_aead_chacha20_poly1305_seal, 0), "aead_chacha20_poly1305_seal"}, - {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_aead_rc4_md5_tls_init, 0), "aead_rc4_md5_tls_init"}, - {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_aead_rc4_md5_tls_open, 0), "aead_rc4_md5_tls_open"}, - {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_aead_rc4_md5_tls_seal, 0), "aead_rc4_md5_tls_seal"}, - {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_aead_ssl3_ensure_cipher_init, 0), "aead_ssl3_ensure_cipher_init"}, - {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_aead_ssl3_init, 0), "aead_ssl3_init"}, - {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_aead_ssl3_open, 0), "aead_ssl3_open"}, - {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_aead_ssl3_seal, 0), "aead_ssl3_seal"}, - {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_aead_tls_ensure_cipher_init, 0), "aead_tls_ensure_cipher_init"}, - {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_aead_tls_init, 0), "aead_tls_init"}, - {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_aead_tls_open, 0), "aead_tls_open"}, - {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_aead_tls_seal, 0), "aead_tls_seal"}, - {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_aes_init_key, 0), "aes_init_key"}, - {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_aesni_init_key, 0), "aesni_init_key"}, - {ERR_PACK(ERR_LIB_CIPHER, 0, CIPHER_R_AES_KEY_SETUP_FAILED), "AES_KEY_SETUP_FAILED"}, - {ERR_PACK(ERR_LIB_CIPHER, 0, CIPHER_R_BAD_DECRYPT), "BAD_DECRYPT"}, - {ERR_PACK(ERR_LIB_CIPHER, 0, CIPHER_R_BAD_KEY_LENGTH), "BAD_KEY_LENGTH"}, - {ERR_PACK(ERR_LIB_CIPHER, 0, CIPHER_R_BUFFER_TOO_SMALL), "BUFFER_TOO_SMALL"}, - {ERR_PACK(ERR_LIB_CIPHER, 0, CIPHER_R_CTRL_NOT_IMPLEMENTED), "CTRL_NOT_IMPLEMENTED"}, - {ERR_PACK(ERR_LIB_CIPHER, 0, CIPHER_R_CTRL_OPERATION_NOT_IMPLEMENTED), "CTRL_OPERATION_NOT_IMPLEMENTED"}, - {ERR_PACK(ERR_LIB_CIPHER, 0, CIPHER_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH), "DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH"}, - {ERR_PACK(ERR_LIB_CIPHER, 0, CIPHER_R_INITIALIZATION_ERROR), "INITIALIZATION_ERROR"}, - {ERR_PACK(ERR_LIB_CIPHER, 0, CIPHER_R_INPUT_NOT_INITIALIZED), "INPUT_NOT_INITIALIZED"}, - {ERR_PACK(ERR_LIB_CIPHER, 0, CIPHER_R_INVALID_AD), "INVALID_AD"}, - {ERR_PACK(ERR_LIB_CIPHER, 0, CIPHER_R_INVALID_AD_SIZE), "INVALID_AD_SIZE"}, - {ERR_PACK(ERR_LIB_CIPHER, 0, CIPHER_R_INVALID_KEY_LENGTH), "INVALID_KEY_LENGTH"}, - {ERR_PACK(ERR_LIB_CIPHER, 0, CIPHER_R_INVALID_NONCE_SIZE), "INVALID_NONCE_SIZE"}, - {ERR_PACK(ERR_LIB_CIPHER, 0, CIPHER_R_INVALID_OPERATION), "INVALID_OPERATION"}, - {ERR_PACK(ERR_LIB_CIPHER, 0, CIPHER_R_IV_TOO_LARGE), "IV_TOO_LARGE"}, - {ERR_PACK(ERR_LIB_CIPHER, 0, CIPHER_R_NO_CIPHER_SET), "NO_CIPHER_SET"}, - {ERR_PACK(ERR_LIB_CIPHER, 0, CIPHER_R_OUTPUT_ALIASES_INPUT), "OUTPUT_ALIASES_INPUT"}, - {ERR_PACK(ERR_LIB_CIPHER, 0, CIPHER_R_TAG_TOO_LARGE), "TAG_TOO_LARGE"}, - {ERR_PACK(ERR_LIB_CIPHER, 0, CIPHER_R_TOO_LARGE), "TOO_LARGE"}, - {ERR_PACK(ERR_LIB_CIPHER, 0, CIPHER_R_UNSUPPORTED_AD_SIZE), "UNSUPPORTED_AD_SIZE"}, - {ERR_PACK(ERR_LIB_CIPHER, 0, CIPHER_R_UNSUPPORTED_INPUT_SIZE), "UNSUPPORTED_INPUT_SIZE"}, - {ERR_PACK(ERR_LIB_CIPHER, 0, CIPHER_R_UNSUPPORTED_KEY_SIZE), "UNSUPPORTED_KEY_SIZE"}, - {ERR_PACK(ERR_LIB_CIPHER, 0, CIPHER_R_UNSUPPORTED_NONCE_SIZE), "UNSUPPORTED_NONCE_SIZE"}, - {ERR_PACK(ERR_LIB_CIPHER, 0, CIPHER_R_UNSUPPORTED_TAG_SIZE), "UNSUPPORTED_TAG_SIZE"}, - {ERR_PACK(ERR_LIB_CIPHER, 0, CIPHER_R_WRAP_MODE_NOT_ALLOWED), "WRAP_MODE_NOT_ALLOWED"}, - {ERR_PACK(ERR_LIB_CIPHER, 0, CIPHER_R_WRONG_FINAL_BLOCK_LENGTH), "WRONG_FINAL_BLOCK_LENGTH"}, - {0, NULL}, -}; diff --git a/src/crypto/cipher/cipher_test.c b/src/crypto/cipher/cipher_test.c index 2b04ad5..390262f 100644 --- a/src/crypto/cipher/cipher_test.c +++ b/src/crypto/cipher/cipher_test.c @@ -54,10 +54,9 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#include +#include #include -#include #include #include #include @@ -68,8 +67,9 @@ static void hexdump(FILE *f, const char *title, const uint8_t *s, int l) { fprintf(f, "%s", title); for (; n < l; ++n) { - if ((n % 16) == 0) + if ((n % 16) == 0) { fprintf(f, "\n%04x", n); + } fprintf(f, " %02x", s[n]); } fprintf(f, "\n"); @@ -123,15 +123,16 @@ static uint8_t *ustrsep(char **p, const char *sep) { return (uint8_t *)sstrsep(p, sep); } -static void test1(const EVP_CIPHER *c, const uint8_t *key, int kn, - const uint8_t *iv, int in, const uint8_t *plaintext, int pn, - const uint8_t *ciphertext, int cn, const uint8_t *aad, int an, - const uint8_t *tag, int tn, int encdec) { +static void test1(const char* cipher_name, const EVP_CIPHER *c, + const uint8_t *key, int kn, const uint8_t *iv, int in, + const uint8_t *plaintext, int pn, const uint8_t *ciphertext, + int cn, const uint8_t *aad, int an, const uint8_t *tag, + int tn, int encdec) { EVP_CIPHER_CTX ctx; uint8_t out[4096]; int outl, outl2, mode; - printf("Testing cipher %s%s\n", EVP_CIPHER_name(c), + printf("Testing cipher %s%s\n", cipher_name, (encdec == 1 ? "(encrypt)" : (encdec == 0 ? "(decrypt)" : "(encrypt/decrypt)"))); hexdump(stdout, "Key", key, kn); @@ -157,39 +158,39 @@ static void test1(const EVP_CIPHER *c, const uint8_t *key, int kn, if (mode == EVP_CIPH_GCM_MODE) { if (!EVP_EncryptInit_ex(&ctx, c, NULL, NULL, NULL)) { fprintf(stderr, "EncryptInit failed\n"); - BIO_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); exit(10); } if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, in, NULL)) { fprintf(stderr, "IV length set failed\n"); - BIO_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); exit(11); } if (!EVP_EncryptInit_ex(&ctx, NULL, NULL, key, iv)) { fprintf(stderr, "Key/IV set failed\n"); - BIO_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); exit(12); } if (an && !EVP_EncryptUpdate(&ctx, NULL, &outl, aad, an)) { fprintf(stderr, "AAD set failed\n"); - BIO_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); exit(13); } } else if (!EVP_EncryptInit_ex(&ctx, c, NULL, key, iv)) { fprintf(stderr, "EncryptInit failed\n"); - BIO_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); exit(10); } EVP_CIPHER_CTX_set_padding(&ctx, 0); if (!EVP_EncryptUpdate(&ctx, out, &outl, plaintext, pn)) { fprintf(stderr, "Encrypt failed\n"); - BIO_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); exit(6); } if (!EVP_EncryptFinal_ex(&ctx, out + outl, &outl2)) { fprintf(stderr, "EncryptFinal failed\n"); - BIO_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); exit(7); } @@ -212,7 +213,7 @@ static void test1(const EVP_CIPHER *c, const uint8_t *key, int kn, */ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, tn, rtag)) { fprintf(stderr, "Get tag failed\n"); - BIO_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); exit(14); } if (memcmp(rtag, tag, tn)) { @@ -228,45 +229,45 @@ static void test1(const EVP_CIPHER *c, const uint8_t *key, int kn, if (mode == EVP_CIPH_GCM_MODE) { if (!EVP_DecryptInit_ex(&ctx, c, NULL, NULL, NULL)) { fprintf(stderr, "EncryptInit failed\n"); - BIO_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); exit(10); } if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, in, NULL)) { fprintf(stderr, "IV length set failed\n"); - BIO_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); exit(11); } if (!EVP_DecryptInit_ex(&ctx, NULL, NULL, key, iv)) { fprintf(stderr, "Key/IV set failed\n"); - BIO_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); exit(12); } if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, tn, (void *)tag)) { fprintf(stderr, "Set tag failed\n"); - BIO_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); exit(14); } if (an && !EVP_DecryptUpdate(&ctx, NULL, &outl, aad, an)) { fprintf(stderr, "AAD set failed\n"); - BIO_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); exit(13); } } else if (!EVP_DecryptInit_ex(&ctx, c, NULL, key, iv)) { fprintf(stderr, "DecryptInit failed\n"); - BIO_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); exit(11); } EVP_CIPHER_CTX_set_padding(&ctx, 0); if (!EVP_DecryptUpdate(&ctx, out, &outl, ciphertext, cn)) { fprintf(stderr, "Decrypt failed\n"); - BIO_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); exit(6); } outl2 = 0; if (!EVP_DecryptFinal_ex(&ctx, out + outl, &outl2)) { fprintf(stderr, "DecryptFinal failed\n"); - BIO_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); exit(7); } @@ -310,6 +311,12 @@ static int test_cipher(const char *cipher, const uint8_t *key, int kn, c = EVP_aes_128_cbc(); } else if (strcmp(cipher, "AES-128-GCM") == 0) { c = EVP_aes_128_gcm(); + } else if (strcmp(cipher, "AES-128-OFB") == 0) { + c = EVP_aes_128_ofb(); + } else if (strcmp(cipher, "AES-192-CBC") == 0) { + c = EVP_aes_192_cbc(); + } else if (strcmp(cipher, "AES-192-ECB") == 0) { + c = EVP_aes_192_ecb(); } else if (strcmp(cipher, "AES-256-CBC") == 0) { c = EVP_aes_256_cbc(); } else if (strcmp(cipher, "AES-128-CTR") == 0) { @@ -318,13 +325,15 @@ static int test_cipher(const char *cipher, const uint8_t *key, int kn, c = EVP_aes_256_ctr(); } else if (strcmp(cipher, "AES-256-GCM") == 0) { c = EVP_aes_256_gcm(); + } else if (strcmp(cipher, "AES-256-OFB") == 0) { + c = EVP_aes_256_ofb(); } else { fprintf(stderr, "Unknown cipher type %s\n", cipher); return 0; } - test1(c, key, kn, iv, in, plaintext, pn, ciphertext, cn, aad, an, tag, tn, - encdec); + test1(cipher, c, key, kn, iv, in, plaintext, pn, ciphertext, cn, aad, an, + tag, tn, encdec); return 1; } @@ -388,8 +397,9 @@ int main(int argc, char **argv) { if (p[-1] == '\n') { encdec = -1; p[-1] = '\0'; - } else + } else { encdec = atoi(sstrsep(&p, "\n")); + } } kn = convert(key); diff --git a/src/crypto/cipher/e_aes.c b/src/crypto/cipher/e_aes.c index a86e830..eacbd10 100644 --- a/src/crypto/cipher/e_aes.c +++ b/src/crypto/cipher/e_aes.c @@ -57,8 +57,10 @@ #include #include #include +#include #include "internal.h" +#include "../internal.h" #include "../modes/internal.h" #if defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64) @@ -281,7 +283,8 @@ void aesni_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out, size_t blocks, #endif static int aes_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, - const uint8_t *iv, int enc) { + const uint8_t *iv, int enc) + OPENSSL_SUPPRESS_UNREACHABLE_CODE_WARNINGS { int ret, mode; EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; @@ -342,8 +345,8 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, return 1; } -static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) { +static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, + size_t len) { EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; if (dat->stream.cbc) { @@ -357,8 +360,8 @@ static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 1; } -static int aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) { +static int aes_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, + size_t len) { size_t bl = ctx->cipher->block_size; size_t i; EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; @@ -374,8 +377,8 @@ static int aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 1; } -static int aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) { +static int aes_ctr_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, + size_t len) { unsigned int num = ctx->num; EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; @@ -390,28 +393,71 @@ static int aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 1; } -static ctr128_f aes_gcm_set_key(AES_KEY *aes_key, GCM128_CONTEXT *gcm_ctx, - const uint8_t *key, size_t key_len) { +static int aes_ofb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, + size_t len) { + EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; + + CRYPTO_ofb128_encrypt(in, out, len, &dat->ks, ctx->iv, &ctx->num, dat->block); + return 1; +} + +static char aesni_capable(void); + +static ctr128_f aes_ctr_set_key(AES_KEY *aes_key, GCM128_CONTEXT *gcm_ctx, + block128_f *out_block, const uint8_t *key, + size_t key_len) + OPENSSL_SUPPRESS_UNREACHABLE_CODE_WARNINGS { + if (aesni_capable()) { + aesni_set_encrypt_key(key, key_len * 8, aes_key); + if (gcm_ctx != NULL) { + CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)aesni_encrypt); + } + if (out_block) { + *out_block = (block128_f) aesni_encrypt; + } + return (ctr128_f)aesni_ctr32_encrypt_blocks; + } + if (hwaes_capable()) { aes_v8_set_encrypt_key(key, key_len * 8, aes_key); - CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)aes_v8_encrypt); + if (gcm_ctx != NULL) { + CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)aes_v8_encrypt); + } + if (out_block) { + *out_block = (block128_f) aes_v8_encrypt; + } return (ctr128_f)aes_v8_ctr32_encrypt_blocks; } if (bsaes_capable()) { AES_set_encrypt_key(key, key_len * 8, aes_key); - CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)AES_encrypt); + if (gcm_ctx != NULL) { + CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)AES_encrypt); + } + if (out_block) { + *out_block = (block128_f) AES_encrypt; + } return (ctr128_f)bsaes_ctr32_encrypt_blocks; } if (vpaes_capable()) { vpaes_set_encrypt_key(key, key_len * 8, aes_key); - CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)vpaes_encrypt); + if (out_block) { + *out_block = (block128_f) vpaes_encrypt; + } + if (gcm_ctx != NULL) { + CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)vpaes_encrypt); + } return NULL; } AES_set_encrypt_key(key, key_len * 8, aes_key); - CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)AES_encrypt); + if (gcm_ctx != NULL) { + CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)AES_encrypt); + } + if (out_block) { + *out_block = (block128_f) AES_encrypt; + } return NULL; } @@ -422,7 +468,8 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, return 1; } if (key) { - gctx->ctr = aes_gcm_set_key(&gctx->ks.ks, &gctx->gcm, key, ctx->key_len); + gctx->ctr = + aes_ctr_set_key(&gctx->ks.ks, &gctx->gcm, NULL, key, ctx->key_len); /* If we have an iv can set it directly, otherwise use saved IV. */ if (iv == NULL && gctx->iv_set) { iv = gctx->iv; @@ -445,13 +492,12 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, return 1; } -static int aes_gcm_cleanup(EVP_CIPHER_CTX *c) { +static void aes_gcm_cleanup(EVP_CIPHER_CTX *c) { EVP_AES_GCM_CTX *gctx = c->cipher_data; OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm)); if (gctx->iv != c->iv) { OPENSSL_free(gctx->iv); } - return 1; } /* increment counter (64-bit int) by 1 */ @@ -697,6 +743,12 @@ static const EVP_CIPHER aes_128_ecb = { NULL /* app_data */, aes_init_key, aes_ecb_cipher, NULL /* cleanup */, NULL /* ctrl */}; +static const EVP_CIPHER aes_128_ofb = { + NID_aes_128_ofb128, 1 /* block_size */, 16 /* key_size */, + 16 /* iv_len */, sizeof(EVP_AES_KEY), EVP_CIPH_OFB_MODE, + NULL /* app_data */, aes_init_key, aes_ofb_cipher, + NULL /* cleanup */, NULL /* ctrl */}; + static const EVP_CIPHER aes_128_gcm = { NID_aes_128_gcm, 1 /* block_size */, 16 /* key_size */, 12 /* iv_len */, sizeof(EVP_AES_GCM_CTX), @@ -736,25 +788,31 @@ static const EVP_CIPHER aes_192_gcm = { static const EVP_CIPHER aes_256_cbc = { - NID_aes_128_cbc, 16 /* block_size */, 32 /* key_size */, + NID_aes_256_cbc, 16 /* block_size */, 32 /* key_size */, 16 /* iv_len */, sizeof(EVP_AES_KEY), EVP_CIPH_CBC_MODE, NULL /* app_data */, aes_init_key, aes_cbc_cipher, NULL /* cleanup */, NULL /* ctrl */}; static const EVP_CIPHER aes_256_ctr = { - NID_aes_128_ctr, 1 /* block_size */, 32 /* key_size */, + NID_aes_256_ctr, 1 /* block_size */, 32 /* key_size */, 16 /* iv_len */, sizeof(EVP_AES_KEY), EVP_CIPH_CTR_MODE, NULL /* app_data */, aes_init_key, aes_ctr_cipher, NULL /* cleanup */, NULL /* ctrl */}; static const EVP_CIPHER aes_256_ecb = { - NID_aes_128_ecb, 16 /* block_size */, 32 /* key_size */, + NID_aes_256_ecb, 16 /* block_size */, 32 /* key_size */, 0 /* iv_len */, sizeof(EVP_AES_KEY), EVP_CIPH_ECB_MODE, NULL /* app_data */, aes_init_key, aes_ecb_cipher, NULL /* cleanup */, NULL /* ctrl */}; +static const EVP_CIPHER aes_256_ofb = { + NID_aes_256_ofb128, 1 /* block_size */, 32 /* key_size */, + 16 /* iv_len */, sizeof(EVP_AES_KEY), EVP_CIPH_OFB_MODE, + NULL /* app_data */, aes_init_key, aes_ofb_cipher, + NULL /* cleanup */, NULL /* ctrl */}; + static const EVP_CIPHER aes_256_gcm = { - NID_aes_128_gcm, 1 /* block_size */, 32 /* key_size */, 12 /* iv_len */, + NID_aes_256_gcm, 1 /* block_size */, 32 /* key_size */, 12 /* iv_len */, sizeof(EVP_AES_GCM_CTX), EVP_CIPH_GCM_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT | @@ -873,6 +931,12 @@ static const EVP_CIPHER aesni_128_ecb = { NULL /* app_data */, aesni_init_key, aesni_ecb_cipher, NULL /* cleanup */, NULL /* ctrl */}; +static const EVP_CIPHER aesni_128_ofb = { + NID_aes_128_ofb128, 1 /* block_size */, 16 /* key_size */, + 16 /* iv_len */, sizeof(EVP_AES_KEY), EVP_CIPH_OFB_MODE, + NULL /* app_data */, aesni_init_key, aes_ofb_cipher, + NULL /* cleanup */, NULL /* ctrl */}; + static const EVP_CIPHER aesni_128_gcm = { NID_aes_128_gcm, 1 /* block_size */, 16 /* key_size */, 12 /* iv_len */, sizeof(EVP_AES_GCM_CTX), @@ -912,23 +976,29 @@ static const EVP_CIPHER aesni_192_gcm = { static const EVP_CIPHER aesni_256_cbc = { - NID_aes_128_cbc, 16 /* block_size */, 32 /* key_size */, + NID_aes_256_cbc, 16 /* block_size */, 32 /* key_size */, 16 /* iv_len */, sizeof(EVP_AES_KEY), EVP_CIPH_CBC_MODE, NULL /* app_data */, aesni_init_key, aesni_cbc_cipher, NULL /* cleanup */, NULL /* ctrl */}; static const EVP_CIPHER aesni_256_ctr = { - NID_aes_128_ctr, 1 /* block_size */, 32 /* key_size */, + NID_aes_256_ctr, 1 /* block_size */, 32 /* key_size */, 16 /* iv_len */, sizeof(EVP_AES_KEY), EVP_CIPH_CTR_MODE, NULL /* app_data */, aesni_init_key, aes_ctr_cipher, NULL /* cleanup */, NULL /* ctrl */}; static const EVP_CIPHER aesni_256_ecb = { - NID_aes_128_ecb, 16 /* block_size */, 32 /* key_size */, + NID_aes_256_ecb, 16 /* block_size */, 32 /* key_size */, 0 /* iv_len */, sizeof(EVP_AES_KEY), EVP_CIPH_ECB_MODE, NULL /* app_data */, aesni_init_key, aesni_ecb_cipher, NULL /* cleanup */, NULL /* ctrl */}; +static const EVP_CIPHER aesni_256_ofb = { + NID_aes_256_ofb128, 1 /* block_size */, 32 /* key_size */, + 16 /* iv_len */, sizeof(EVP_AES_KEY), EVP_CIPH_OFB_MODE, + NULL /* app_data */, aesni_init_key, aes_ofb_cipher, + NULL /* cleanup */, NULL /* ctrl */}; + static const EVP_CIPHER aesni_256_gcm = { NID_aes_256_gcm, 1 /* block_size */, 32 /* key_size */, 12 /* iv_len */, sizeof(EVP_AES_GCM_CTX), @@ -963,6 +1033,7 @@ static char aesni_capable(void) { EVP_CIPHER_FUNCTION(128, cbc) EVP_CIPHER_FUNCTION(128, ctr) EVP_CIPHER_FUNCTION(128, ecb) +EVP_CIPHER_FUNCTION(128, ofb) EVP_CIPHER_FUNCTION(128, gcm) EVP_CIPHER_FUNCTION(192, cbc) @@ -973,6 +1044,7 @@ EVP_CIPHER_FUNCTION(192, gcm) EVP_CIPHER_FUNCTION(256, cbc) EVP_CIPHER_FUNCTION(256, ctr) EVP_CIPHER_FUNCTION(256, ecb) +EVP_CIPHER_FUNCTION(256, ofb) EVP_CIPHER_FUNCTION(256, gcm) @@ -1012,15 +1084,8 @@ static int aead_aes_gcm_init(EVP_AEAD_CTX *ctx, const uint8_t *key, return 0; } - if (aesni_capable()) { - aesni_set_encrypt_key(key, key_len * 8, &gcm_ctx->ks.ks); - CRYPTO_gcm128_init(&gcm_ctx->gcm, &gcm_ctx->ks.ks, - (block128_f)aesni_encrypt); - gcm_ctx->ctr = (ctr128_f)aesni_ctr32_encrypt_blocks; - } else { - gcm_ctx->ctr = - aes_gcm_set_key(&gcm_ctx->ks.ks, &gcm_ctx->gcm, key, key_len); - } + gcm_ctx->ctr = + aes_ctr_set_key(&gcm_ctx->ks.ks, &gcm_ctx->gcm, NULL, key, key_len); gcm_ctx->tag_len = tag_len; ctx->aead_state = gcm_ctx; @@ -1133,8 +1198,12 @@ static const EVP_AEAD aead_aes_128_gcm = { 12, /* nonce len */ EVP_AEAD_AES_GCM_TAG_LEN, /* overhead */ EVP_AEAD_AES_GCM_TAG_LEN, /* max tag length */ - aead_aes_gcm_init, aead_aes_gcm_cleanup, - aead_aes_gcm_seal, aead_aes_gcm_open, + aead_aes_gcm_init, + NULL, /* init_with_direction */ + aead_aes_gcm_cleanup, + aead_aes_gcm_seal, + aead_aes_gcm_open, + NULL, /* get_rc4_state */ }; static const EVP_AEAD aead_aes_256_gcm = { @@ -1142,8 +1211,12 @@ static const EVP_AEAD aead_aes_256_gcm = { 12, /* nonce len */ EVP_AEAD_AES_GCM_TAG_LEN, /* overhead */ EVP_AEAD_AES_GCM_TAG_LEN, /* max tag length */ - aead_aes_gcm_init, aead_aes_gcm_cleanup, - aead_aes_gcm_seal, aead_aes_gcm_open, + aead_aes_gcm_init, + NULL, /* init_with_direction */ + aead_aes_gcm_cleanup, + aead_aes_gcm_seal, + aead_aes_gcm_open, + NULL, /* get_rc4_state */ }; const EVP_AEAD *EVP_aead_aes_128_gcm(void) { return &aead_aes_128_gcm; } @@ -1347,7 +1420,7 @@ static int aead_aes_key_wrap_open(const EVP_AEAD_CTX *ctx, uint8_t *out, } if (in_len < 24) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_open, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, CIPHER_R_BAD_DECRYPT); return 0; } @@ -1384,7 +1457,7 @@ static int aead_aes_key_wrap_open(const EVP_AEAD_CTX *ctx, uint8_t *out, } if (CRYPTO_memcmp(A, nonce, 8) != 0) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_open, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, CIPHER_R_BAD_DECRYPT); return 0; } @@ -1397,8 +1470,12 @@ static const EVP_AEAD aead_aes_128_key_wrap = { 8, /* nonce len */ 8, /* overhead */ 8, /* max tag length */ - aead_aes_key_wrap_init, aead_aes_key_wrap_cleanup, - aead_aes_key_wrap_seal, aead_aes_key_wrap_open, + aead_aes_key_wrap_init, + NULL, /* init_with_direction */ + aead_aes_key_wrap_cleanup, + aead_aes_key_wrap_seal, + aead_aes_key_wrap_open, + NULL, /* get_rc4_state */ }; static const EVP_AEAD aead_aes_256_key_wrap = { @@ -1406,14 +1483,297 @@ static const EVP_AEAD aead_aes_256_key_wrap = { 8, /* nonce len */ 8, /* overhead */ 8, /* max tag length */ - aead_aes_key_wrap_init, aead_aes_key_wrap_cleanup, - aead_aes_key_wrap_seal, aead_aes_key_wrap_open, + aead_aes_key_wrap_init, + NULL, /* init_with_direction */ + aead_aes_key_wrap_cleanup, + aead_aes_key_wrap_seal, + aead_aes_key_wrap_open, + NULL, /* get_rc4_state */ }; const EVP_AEAD *EVP_aead_aes_128_key_wrap(void) { return &aead_aes_128_key_wrap; } const EVP_AEAD *EVP_aead_aes_256_key_wrap(void) { return &aead_aes_256_key_wrap; } + +#define EVP_AEAD_AES_CTR_HMAC_SHA256_TAG_LEN SHA256_DIGEST_LENGTH +#define EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN 12 + +struct aead_aes_ctr_hmac_sha256_ctx { + union { + double align; + AES_KEY ks; + } ks; + ctr128_f ctr; + block128_f block; + SHA256_CTX inner_init_state; + SHA256_CTX outer_init_state; + uint8_t tag_len; +}; + +static void hmac_init(SHA256_CTX *out_inner, SHA256_CTX *out_outer, + const uint8_t hmac_key[32]) { + static const size_t hmac_key_len = 32; + uint8_t block[SHA256_CBLOCK]; + memcpy(block, hmac_key, hmac_key_len); + memset(block + hmac_key_len, 0x36, sizeof(block) - hmac_key_len); + + unsigned i; + for (i = 0; i < hmac_key_len; i++) { + block[i] ^= 0x36; + } + + SHA256_Init(out_inner); + SHA256_Update(out_inner, block, sizeof(block)); + + memset(block + hmac_key_len, 0x5c, sizeof(block) - hmac_key_len); + for (i = 0; i < hmac_key_len; i++) { + block[i] ^= (0x36 ^ 0x5c); + } + + SHA256_Init(out_outer); + SHA256_Update(out_outer, block, sizeof(block)); +} + +static int aead_aes_ctr_hmac_sha256_init(EVP_AEAD_CTX *ctx, const uint8_t *key, + size_t key_len, size_t tag_len) { + struct aead_aes_ctr_hmac_sha256_ctx *aes_ctx; + static const size_t hmac_key_len = 32; + + if (key_len < hmac_key_len) { + OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_init, + CIPHER_R_BAD_KEY_LENGTH); + return 0; /* EVP_AEAD_CTX_init should catch this. */ + } + + const size_t aes_key_len = key_len - hmac_key_len; + if (aes_key_len != 16 && aes_key_len != 32) { + OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_init, + CIPHER_R_BAD_KEY_LENGTH); + return 0; /* EVP_AEAD_CTX_init should catch this. */ + } + + if (tag_len == EVP_AEAD_DEFAULT_TAG_LENGTH) { + tag_len = EVP_AEAD_AES_CTR_HMAC_SHA256_TAG_LEN; + } + + if (tag_len > EVP_AEAD_AES_CTR_HMAC_SHA256_TAG_LEN) { + OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_init, + CIPHER_R_TAG_TOO_LARGE); + return 0; + } + + aes_ctx = OPENSSL_malloc(sizeof(struct aead_aes_ctr_hmac_sha256_ctx)); + if (aes_ctx == NULL) { + OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_init, + ERR_R_MALLOC_FAILURE); + return 0; + } + + aes_ctx->ctr = + aes_ctr_set_key(&aes_ctx->ks.ks, NULL, &aes_ctx->block, key, aes_key_len); + aes_ctx->tag_len = tag_len; + hmac_init(&aes_ctx->inner_init_state, &aes_ctx->outer_init_state, + key + aes_key_len); + + ctx->aead_state = aes_ctx; + + return 1; +} + +static void aead_aes_ctr_hmac_sha256_cleanup(EVP_AEAD_CTX *ctx) { + struct aead_aes_ctr_hmac_sha256_ctx *aes_ctx = ctx->aead_state; + OPENSSL_cleanse(aes_ctx, sizeof(struct aead_aes_ctr_hmac_sha256_ctx)); + OPENSSL_free(aes_ctx); +} + +static void hmac_update_uint64(SHA256_CTX *sha256, uint64_t value) { + unsigned i; + uint8_t bytes[8]; + + for (i = 0; i < sizeof(bytes); i++) { + bytes[i] = value & 0xff; + value >>= 8; + } + SHA256_Update(sha256, bytes, sizeof(bytes)); +} + +static void hmac_calculate(uint8_t out[SHA256_DIGEST_LENGTH], + const SHA256_CTX *inner_init_state, + const SHA256_CTX *outer_init_state, + const uint8_t *ad, size_t ad_len, + const uint8_t *nonce, const uint8_t *ciphertext, + size_t ciphertext_len) { + SHA256_CTX sha256; + memcpy(&sha256, inner_init_state, sizeof(sha256)); + hmac_update_uint64(&sha256, ad_len); + hmac_update_uint64(&sha256, ciphertext_len); + SHA256_Update(&sha256, nonce, EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN); + SHA256_Update(&sha256, ad, ad_len); + + /* Pad with zeros to the end of the SHA-256 block. */ + const unsigned num_padding = + (SHA256_CBLOCK - ((sizeof(uint64_t)*2 + + EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN + ad_len) % + SHA256_CBLOCK)) % + SHA256_CBLOCK; + uint8_t padding[SHA256_CBLOCK]; + memset(padding, 0, num_padding); + SHA256_Update(&sha256, padding, num_padding); + + SHA256_Update(&sha256, ciphertext, ciphertext_len); + + uint8_t inner_digest[SHA256_DIGEST_LENGTH]; + SHA256_Final(inner_digest, &sha256); + + memcpy(&sha256, outer_init_state, sizeof(sha256)); + SHA256_Update(&sha256, inner_digest, sizeof(inner_digest)); + SHA256_Final(out, &sha256); +} + +static void aead_aes_ctr_hmac_sha256_crypt( + const struct aead_aes_ctr_hmac_sha256_ctx *aes_ctx, uint8_t *out, + const uint8_t *in, size_t len, const uint8_t *nonce) { + /* Since the AEAD operation is one-shot, keeping a buffer of unused keystream + * bytes is pointless. However, |CRYPTO_ctr128_encrypt| requires it. */ + uint8_t partial_block_buffer[AES_BLOCK_SIZE]; + unsigned partial_block_offset = 0; + memset(partial_block_buffer, 0, sizeof(partial_block_buffer)); + + uint8_t counter[AES_BLOCK_SIZE]; + memcpy(counter, nonce, EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN); + memset(counter + EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN, 0, 4); + + if (aes_ctx->ctr) { + CRYPTO_ctr128_encrypt_ctr32(in, out, len, &aes_ctx->ks.ks, counter, + partial_block_buffer, &partial_block_offset, + aes_ctx->ctr); + } else { + CRYPTO_ctr128_encrypt(in, out, len, &aes_ctx->ks.ks, counter, + partial_block_buffer, &partial_block_offset, + aes_ctx->block); + } +} + +static int aead_aes_ctr_hmac_sha256_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, + size_t *out_len, size_t max_out_len, + const uint8_t *nonce, size_t nonce_len, + const uint8_t *in, size_t in_len, + const uint8_t *ad, size_t ad_len) { + const struct aead_aes_ctr_hmac_sha256_ctx *aes_ctx = ctx->aead_state; + const uint64_t in_len_64 = in_len; + + if (in_len + aes_ctx->tag_len < in_len || + /* This input is so large it would overflow the 32-bit block counter. */ + in_len_64 >= (OPENSSL_U64(1) << 32) * AES_BLOCK_SIZE) { + OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_seal, + CIPHER_R_TOO_LARGE); + return 0; + } + + if (max_out_len < in_len + aes_ctx->tag_len) { + OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_seal, + CIPHER_R_BUFFER_TOO_SMALL); + return 0; + } + + if (nonce_len != EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN) { + OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_seal, + CIPHER_R_UNSUPPORTED_NONCE_SIZE); + return 0; + } + + aead_aes_ctr_hmac_sha256_crypt(aes_ctx, out, in, in_len, nonce); + + uint8_t hmac_result[SHA256_DIGEST_LENGTH]; + hmac_calculate(hmac_result, &aes_ctx->inner_init_state, + &aes_ctx->outer_init_state, ad, ad_len, nonce, out, in_len); + memcpy(out + in_len, hmac_result, aes_ctx->tag_len); + *out_len = in_len + aes_ctx->tag_len; + + return 1; +} + +static int aead_aes_ctr_hmac_sha256_open(const EVP_AEAD_CTX *ctx, uint8_t *out, + size_t *out_len, size_t max_out_len, + const uint8_t *nonce, size_t nonce_len, + const uint8_t *in, size_t in_len, + const uint8_t *ad, size_t ad_len) { + const struct aead_aes_ctr_hmac_sha256_ctx *aes_ctx = ctx->aead_state; + size_t plaintext_len; + + if (in_len < aes_ctx->tag_len) { + OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_open, + CIPHER_R_BAD_DECRYPT); + return 0; + } + + plaintext_len = in_len - aes_ctx->tag_len; + + if (max_out_len < plaintext_len) { + OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_open, + CIPHER_R_BUFFER_TOO_SMALL); + return 0; + } + + if (nonce_len != EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN) { + OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_open, + CIPHER_R_UNSUPPORTED_NONCE_SIZE); + return 0; + } + + uint8_t hmac_result[SHA256_DIGEST_LENGTH]; + hmac_calculate(hmac_result, &aes_ctx->inner_init_state, + &aes_ctx->outer_init_state, ad, ad_len, nonce, in, + plaintext_len); + if (CRYPTO_memcmp(hmac_result, in + plaintext_len, aes_ctx->tag_len) != 0) { + OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_open, + CIPHER_R_BAD_DECRYPT); + return 0; + } + + aead_aes_ctr_hmac_sha256_crypt(aes_ctx, out, in, plaintext_len, nonce); + + *out_len = plaintext_len; + return 1; +} + +static const EVP_AEAD aead_aes_128_ctr_hmac_sha256 = { + 16 /* AES key */ + 32 /* HMAC key */, + 12, /* nonce length */ + EVP_AEAD_AES_CTR_HMAC_SHA256_TAG_LEN, /* overhead */ + EVP_AEAD_AES_CTR_HMAC_SHA256_TAG_LEN, /* max tag length */ + + aead_aes_ctr_hmac_sha256_init, + NULL /* init_with_direction */, + aead_aes_ctr_hmac_sha256_cleanup, + aead_aes_ctr_hmac_sha256_seal, + aead_aes_ctr_hmac_sha256_open, + NULL /* get_rc4_state */, +}; + +static const EVP_AEAD aead_aes_256_ctr_hmac_sha256 = { + 32 /* AES key */ + 32 /* HMAC key */, + 12, /* nonce length */ + EVP_AEAD_AES_CTR_HMAC_SHA256_TAG_LEN, /* overhead */ + EVP_AEAD_AES_CTR_HMAC_SHA256_TAG_LEN, /* max tag length */ + + aead_aes_ctr_hmac_sha256_init, + NULL /* init_with_direction */, + aead_aes_ctr_hmac_sha256_cleanup, + aead_aes_ctr_hmac_sha256_seal, + aead_aes_ctr_hmac_sha256_open, + NULL /* get_rc4_state */, +}; + +const EVP_AEAD *EVP_aead_aes_128_ctr_hmac_sha256(void) { + return &aead_aes_128_ctr_hmac_sha256; +} + +const EVP_AEAD *EVP_aead_aes_256_ctr_hmac_sha256(void) { + return &aead_aes_256_ctr_hmac_sha256; +} + int EVP_has_aes_hardware(void) { #if defined(OPENSSL_X86) || defined(OPENSSL_X86_64) return aesni_capable() && crypto_gcm_clmul_enabled(); diff --git a/src/crypto/cipher/e_chacha20poly1305.c b/src/crypto/cipher/e_chacha20poly1305.c index 1cdcbca..ebf0088 100644 --- a/src/crypto/cipher/e_chacha20poly1305.c +++ b/src/crypto/cipher/e_chacha20poly1305.c @@ -209,8 +209,12 @@ static const EVP_AEAD aead_chacha20_poly1305 = { CHACHA20_NONCE_LEN, /* nonce len */ POLY1305_TAG_LEN, /* overhead */ POLY1305_TAG_LEN, /* max tag length */ - aead_chacha20_poly1305_init, aead_chacha20_poly1305_cleanup, - aead_chacha20_poly1305_seal, aead_chacha20_poly1305_open, + aead_chacha20_poly1305_init, + NULL, /* init_with_direction */ + aead_chacha20_poly1305_cleanup, + aead_chacha20_poly1305_seal, + aead_chacha20_poly1305_open, + NULL, /* get_rc4_state */ }; const EVP_AEAD *EVP_aead_chacha20_poly1305(void) { diff --git a/src/crypto/cipher/e_des.c b/src/crypto/cipher/e_des.c index d4b04f4..74e1fce 100644 --- a/src/crypto/cipher/e_des.c +++ b/src/crypto/cipher/e_des.c @@ -61,8 +61,6 @@ #include "internal.h" -#define EVP_MAXCHUNK (1<<30) - typedef struct { union { double align; @@ -83,18 +81,8 @@ static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, size_t in_len) { EVP_DES_KEY *dat = (EVP_DES_KEY *)ctx->cipher_data; - while (in_len >= EVP_MAXCHUNK) { - DES_ncbc_encrypt(in, out, EVP_MAXCHUNK, &dat->ks.ks, (DES_cblock *)ctx->iv, - ctx->encrypt); - in_len -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; - } - - if (in_len) { - DES_ncbc_encrypt(in, out, (long)in_len, &dat->ks.ks, - (DES_cblock *)ctx->iv, ctx->encrypt); - } + DES_ncbc_encrypt(in, out, in_len, &dat->ks.ks, (DES_cblock *)ctx->iv, + ctx->encrypt); return 1; } @@ -132,18 +120,8 @@ static int des_ede3_cbc_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, size_t in_len) { DES_EDE_KEY *dat = (DES_EDE_KEY*) ctx->cipher_data; - while (in_len >= EVP_MAXCHUNK) { - DES_ede3_cbc_encrypt(in, out, EVP_MAXCHUNK, &dat->ks.ks[0], &dat->ks.ks[1], - &dat->ks.ks[2], (DES_cblock *)ctx->iv, ctx->encrypt); - in_len -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; - } - - if (in_len) { - DES_ede3_cbc_encrypt(in, out, in_len, &dat->ks.ks[0], &dat->ks.ks[1], - &dat->ks.ks[2], (DES_cblock *)ctx->iv, ctx->encrypt); - } + DES_ede3_cbc_encrypt(in, out, in_len, &dat->ks.ks[0], &dat->ks.ks[1], + &dat->ks.ks[2], (DES_cblock *)ctx->iv, ctx->encrypt); return 1; } diff --git a/src/crypto/cipher/e_rc4.c b/src/crypto/cipher/e_rc4.c index 04ddcb6..80dea36 100644 --- a/src/crypto/cipher/e_rc4.c +++ b/src/crypto/cipher/e_rc4.c @@ -299,7 +299,9 @@ static int aead_rc4_md5_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out, return 0; } - if (max_out_len < plaintext_len) { + if (max_out_len < in_len) { + /* This requires that the caller provide space for the MAC, even though it + * will always be removed on return. */ OPENSSL_PUT_ERROR(CIPHER, aead_rc4_md5_tls_open, CIPHER_R_BUFFER_TOO_SMALL); return 0; } @@ -372,13 +374,24 @@ static int aead_rc4_md5_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out, return 1; } +static int aead_rc4_md5_tls_get_rc4_state(const EVP_AEAD_CTX *ctx, + const RC4_KEY **out_key) { + struct aead_rc4_md5_tls_ctx *rc4_ctx = ctx->aead_state; + *out_key = &rc4_ctx->rc4; + return 1; +} + static const EVP_AEAD aead_rc4_md5_tls = { 16 + MD5_DIGEST_LENGTH, /* key len (RC4 + MD5) */ 0, /* nonce len */ MD5_DIGEST_LENGTH, /* overhead */ MD5_DIGEST_LENGTH, /* max tag length */ - aead_rc4_md5_tls_init, aead_rc4_md5_tls_cleanup, - aead_rc4_md5_tls_seal, aead_rc4_md5_tls_open, + aead_rc4_md5_tls_init, + NULL, /* init_with_direction */ + aead_rc4_md5_tls_cleanup, + aead_rc4_md5_tls_seal, + aead_rc4_md5_tls_open, + aead_rc4_md5_tls_get_rc4_state, }; const EVP_AEAD *EVP_aead_rc4_md5_tls(void) { return &aead_rc4_md5_tls; } diff --git a/src/crypto/cipher/e_ssl3.c b/src/crypto/cipher/e_ssl3.c index d9dec68..1031d9b 100644 --- a/src/crypto/cipher/e_ssl3.c +++ b/src/crypto/cipher/e_ssl3.c @@ -30,17 +30,6 @@ typedef struct { EVP_CIPHER_CTX cipher_ctx; EVP_MD_CTX md_ctx; - /* enc_key is the portion of the key used for the stream or block cipher. It - * is retained separately to allow the EVP_CIPHER_CTX to be initialized once - * the direction is known. */ - uint8_t enc_key[EVP_MAX_KEY_LENGTH]; - uint8_t enc_key_len; - /* iv is the portion of the key used for the fixed IV. It is retained - * separately to allow the EVP_CIPHER_CTX to be initialized once the direction - * is known. */ - uint8_t iv[EVP_MAX_IV_LENGTH]; - uint8_t iv_len; - char initialized; } AEAD_SSL3_CTX; static int ssl3_mac(AEAD_SSL3_CTX *ssl3_ctx, uint8_t *out, unsigned *out_len, @@ -87,15 +76,13 @@ static void aead_ssl3_cleanup(EVP_AEAD_CTX *ctx) { AEAD_SSL3_CTX *ssl3_ctx = (AEAD_SSL3_CTX *)ctx->aead_state; EVP_CIPHER_CTX_cleanup(&ssl3_ctx->cipher_ctx); EVP_MD_CTX_cleanup(&ssl3_ctx->md_ctx); - OPENSSL_cleanse(&ssl3_ctx->enc_key, sizeof(ssl3_ctx->enc_key)); - OPENSSL_cleanse(&ssl3_ctx->iv, sizeof(ssl3_ctx->iv)); OPENSSL_free(ssl3_ctx); ctx->aead_state = NULL; } static int aead_ssl3_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, - size_t tag_len, const EVP_CIPHER *cipher, - const EVP_MD *md) { + size_t tag_len, enum evp_aead_direction_t dir, + const EVP_CIPHER *cipher, const EVP_MD *md) { if (tag_len != EVP_AEAD_DEFAULT_TAG_LENGTH && tag_len != EVP_MD_size(md)) { OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_init, CIPHER_R_UNSUPPORTED_TAG_SIZE); @@ -109,11 +96,7 @@ static int aead_ssl3_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, size_t mac_key_len = EVP_MD_size(md); size_t enc_key_len = EVP_CIPHER_key_length(cipher); - size_t iv_len = EVP_CIPHER_iv_length(cipher); - assert(mac_key_len + enc_key_len + iv_len == key_len); - assert(mac_key_len < 256); - assert(enc_key_len < 256); - assert(iv_len < 256); + assert(mac_key_len + enc_key_len + EVP_CIPHER_iv_length(cipher) == key_len); /* Although EVP_rc4() is a variable-length cipher, the default key size is * correct for SSL3. */ @@ -124,17 +107,15 @@ static int aead_ssl3_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, } EVP_CIPHER_CTX_init(&ssl3_ctx->cipher_ctx); EVP_MD_CTX_init(&ssl3_ctx->md_ctx); - memcpy(ssl3_ctx->enc_key, &key[mac_key_len], enc_key_len); - ssl3_ctx->enc_key_len = (uint8_t)enc_key_len; - memcpy(ssl3_ctx->iv, &key[mac_key_len + enc_key_len], iv_len); - ssl3_ctx->iv_len = (uint8_t)iv_len; - ssl3_ctx->initialized = 0; ctx->aead_state = ssl3_ctx; - if (!EVP_CipherInit_ex(&ssl3_ctx->cipher_ctx, cipher, NULL, NULL, NULL, 0) || + if (!EVP_CipherInit_ex(&ssl3_ctx->cipher_ctx, cipher, NULL, &key[mac_key_len], + &key[mac_key_len + enc_key_len], + dir == evp_aead_seal) || !EVP_DigestInit_ex(&ssl3_ctx->md_ctx, md, NULL) || !EVP_DigestUpdate(&ssl3_ctx->md_ctx, key, mac_key_len)) { aead_ssl3_cleanup(ctx); + ctx->aead_state = NULL; return 0; } EVP_CIPHER_CTX_set_padding(&ssl3_ctx->cipher_ctx, 0); @@ -142,31 +123,6 @@ static int aead_ssl3_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, return 1; } -/* aead_ssl3_ensure_cipher_init initializes |ssl3_ctx| for encryption (or - * decryption, if |encrypt| is zero). If it has already been initialized, it - * ensures the direction matches and fails otherwise. It returns one on success - * and zero on failure. - * - * Note that, unlike normal AEADs, legacy SSL3 AEADs may not be used concurrently - * due to this (and bulk-cipher-internal) statefulness. */ -static int aead_ssl3_ensure_cipher_init(AEAD_SSL3_CTX *ssl3_ctx, int encrypt) { - if (!ssl3_ctx->initialized) { - /* Finish initializing the EVP_CIPHER_CTX now that the direction is - * known. */ - if (!EVP_CipherInit_ex(&ssl3_ctx->cipher_ctx, NULL, NULL, ssl3_ctx->enc_key, - ssl3_ctx->iv, encrypt)) { - return 0; - } - ssl3_ctx->initialized = 1; - } else if (ssl3_ctx->cipher_ctx.encrypt != encrypt) { - /* Unlike a normal AEAD, using an SSL3 AEAD once freezes the direction. */ - OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_ensure_cipher_init, - CIPHER_R_INVALID_OPERATION); - return 0; - } - return 1; -} - static int aead_ssl3_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len, size_t max_out_len, const uint8_t *nonce, size_t nonce_len, @@ -175,6 +131,12 @@ static int aead_ssl3_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, AEAD_SSL3_CTX *ssl3_ctx = (AEAD_SSL3_CTX *)ctx->aead_state; size_t total = 0; + if (!ssl3_ctx->cipher_ctx.encrypt) { + /* Unlike a normal AEAD, an SSL3 AEAD may only be used in one direction. */ + OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_seal, CIPHER_R_INVALID_OPERATION); + return 0; + } + if (in_len + EVP_AEAD_max_overhead(ctx->aead) < in_len || in_len > INT_MAX) { /* EVP_CIPHER takes int as input. */ @@ -197,10 +159,6 @@ static int aead_ssl3_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, return 0; } - if (!aead_ssl3_ensure_cipher_init(ssl3_ctx, 1)) { - return 0; - } - /* Compute the MAC. This must be first in case the operation is being done * in-place. */ uint8_t mac[EVP_MAX_MD_SIZE]; @@ -257,6 +215,12 @@ static int aead_ssl3_open(const EVP_AEAD_CTX *ctx, uint8_t *out, const uint8_t *ad, size_t ad_len) { AEAD_SSL3_CTX *ssl3_ctx = (AEAD_SSL3_CTX *)ctx->aead_state; + if (ssl3_ctx->cipher_ctx.encrypt) { + /* Unlike a normal AEAD, an SSL3 AEAD may only be used in one direction. */ + OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_open, CIPHER_R_INVALID_OPERATION); + return 0; + } + size_t mac_len = EVP_MD_CTX_size(&ssl3_ctx->md_ctx); if (in_len < mac_len) { OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_open, CIPHER_R_BAD_DECRYPT); @@ -286,10 +250,6 @@ static int aead_ssl3_open(const EVP_AEAD_CTX *ctx, uint8_t *out, return 0; } - if (!aead_ssl3_ensure_cipher_init(ssl3_ctx, 0)) { - return 0; - } - /* Decrypt to get the plaintext + MAC + padding. */ size_t total = 0; int len; @@ -337,31 +297,46 @@ static int aead_ssl3_open(const EVP_AEAD_CTX *ctx, uint8_t *out, return 1; } +static int aead_ssl3_get_rc4_state(const EVP_AEAD_CTX *ctx, const RC4_KEY **out_key) { + AEAD_SSL3_CTX *ssl3_ctx = (AEAD_SSL3_CTX *)ctx->aead_state; + if (EVP_CIPHER_CTX_cipher(&ssl3_ctx->cipher_ctx) != EVP_rc4()) { + return 0; + } + + *out_key = (RC4_KEY*) ssl3_ctx->cipher_ctx.cipher_data; + return 1; +} + static int aead_rc4_md5_ssl3_init(EVP_AEAD_CTX *ctx, const uint8_t *key, - size_t key_len, size_t tag_len) { - return aead_ssl3_init(ctx, key, key_len, tag_len, EVP_rc4(), EVP_md5()); + size_t key_len, size_t tag_len, + enum evp_aead_direction_t dir) { + return aead_ssl3_init(ctx, key, key_len, tag_len, dir, EVP_rc4(), EVP_md5()); } static int aead_rc4_sha1_ssl3_init(EVP_AEAD_CTX *ctx, const uint8_t *key, - size_t key_len, size_t tag_len) { - return aead_ssl3_init(ctx, key, key_len, tag_len, EVP_rc4(), EVP_sha1()); + size_t key_len, size_t tag_len, + enum evp_aead_direction_t dir) { + return aead_ssl3_init(ctx, key, key_len, tag_len, dir, EVP_rc4(), EVP_sha1()); } static int aead_aes_128_cbc_sha1_ssl3_init(EVP_AEAD_CTX *ctx, const uint8_t *key, - size_t key_len, size_t tag_len) { - return aead_ssl3_init(ctx, key, key_len, tag_len, EVP_aes_128_cbc(), + size_t key_len, size_t tag_len, + enum evp_aead_direction_t dir) { + return aead_ssl3_init(ctx, key, key_len, tag_len, dir, EVP_aes_128_cbc(), EVP_sha1()); } static int aead_aes_256_cbc_sha1_ssl3_init(EVP_AEAD_CTX *ctx, const uint8_t *key, - size_t key_len, size_t tag_len) { - return aead_ssl3_init(ctx, key, key_len, tag_len, EVP_aes_256_cbc(), + size_t key_len, size_t tag_len, + enum evp_aead_direction_t dir) { + return aead_ssl3_init(ctx, key, key_len, tag_len, dir, EVP_aes_256_cbc(), EVP_sha1()); } static int aead_des_ede3_cbc_sha1_ssl3_init(EVP_AEAD_CTX *ctx, - const uint8_t *key, size_t key_len, - size_t tag_len) { - return aead_ssl3_init(ctx, key, key_len, tag_len, EVP_des_ede3_cbc(), + const uint8_t *key, size_t key_len, + size_t tag_len, + enum evp_aead_direction_t dir) { + return aead_ssl3_init(ctx, key, key_len, tag_len, dir, EVP_des_ede3_cbc(), EVP_sha1()); } @@ -370,10 +345,12 @@ static const EVP_AEAD aead_rc4_md5_ssl3 = { 0, /* nonce len */ MD5_DIGEST_LENGTH, /* overhead */ MD5_DIGEST_LENGTH, /* max tag length */ + NULL, /* init */ aead_rc4_md5_ssl3_init, aead_ssl3_cleanup, aead_ssl3_seal, aead_ssl3_open, + aead_ssl3_get_rc4_state, }; static const EVP_AEAD aead_rc4_sha1_ssl3 = { @@ -381,10 +358,12 @@ static const EVP_AEAD aead_rc4_sha1_ssl3 = { 0, /* nonce len */ SHA_DIGEST_LENGTH, /* overhead */ SHA_DIGEST_LENGTH, /* max tag length */ + NULL, /* init */ aead_rc4_sha1_ssl3_init, aead_ssl3_cleanup, aead_ssl3_seal, aead_ssl3_open, + aead_ssl3_get_rc4_state, }; static const EVP_AEAD aead_aes_128_cbc_sha1_ssl3 = { @@ -392,10 +371,12 @@ static const EVP_AEAD aead_aes_128_cbc_sha1_ssl3 = { 0, /* nonce len */ 16 + SHA_DIGEST_LENGTH, /* overhead (padding + SHA1) */ SHA_DIGEST_LENGTH, /* max tag length */ + NULL, /* init */ aead_aes_128_cbc_sha1_ssl3_init, aead_ssl3_cleanup, aead_ssl3_seal, aead_ssl3_open, + NULL, /* get_rc4_state */ }; static const EVP_AEAD aead_aes_256_cbc_sha1_ssl3 = { @@ -403,10 +384,12 @@ static const EVP_AEAD aead_aes_256_cbc_sha1_ssl3 = { 0, /* nonce len */ 16 + SHA_DIGEST_LENGTH, /* overhead (padding + SHA1) */ SHA_DIGEST_LENGTH, /* max tag length */ + NULL, /* init */ aead_aes_256_cbc_sha1_ssl3_init, aead_ssl3_cleanup, aead_ssl3_seal, aead_ssl3_open, + NULL, /* get_rc4_state */ }; static const EVP_AEAD aead_des_ede3_cbc_sha1_ssl3 = { @@ -414,10 +397,12 @@ static const EVP_AEAD aead_des_ede3_cbc_sha1_ssl3 = { 0, /* nonce len */ 8 + SHA_DIGEST_LENGTH, /* overhead (padding + SHA1) */ SHA_DIGEST_LENGTH, /* max tag length */ + NULL, /* init */ aead_des_ede3_cbc_sha1_ssl3_init, aead_ssl3_cleanup, aead_ssl3_seal, aead_ssl3_open, + NULL, /* get_rc4_state */ }; const EVP_AEAD *EVP_aead_rc4_md5_ssl3(void) { return &aead_rc4_md5_ssl3; } diff --git a/src/crypto/cipher/e_tls.c b/src/crypto/cipher/e_tls.c index 8ac1aae..bed02cb 100644 --- a/src/crypto/cipher/e_tls.c +++ b/src/crypto/cipher/e_tls.c @@ -22,6 +22,7 @@ #include #include #include +#include #include "../crypto/internal.h" #include "internal.h" @@ -34,37 +35,26 @@ typedef struct { * separately for the constant-time CBC code. */ uint8_t mac_key[EVP_MAX_MD_SIZE]; uint8_t mac_key_len; - /* enc_key is the portion of the key used for the stream or block - * cipher. It is retained separately to allow the EVP_CIPHER_CTX to be - * initialized once the direction is known. */ - uint8_t enc_key[EVP_MAX_KEY_LENGTH]; - uint8_t enc_key_len; - /* iv is the portion of the key used for the fixed IV. It is retained - * separately to allow the EVP_CIPHER_CTX to be initialized once the direction - * is known. */ - uint8_t iv[EVP_MAX_IV_LENGTH]; - uint8_t iv_len; /* implicit_iv is one iff this is a pre-TLS-1.1 CBC cipher without an explicit * IV. */ char implicit_iv; - char initialized; } AEAD_TLS_CTX; +OPENSSL_COMPILE_ASSERT(EVP_MAX_MD_SIZE < 256, mac_key_len_fits_in_uint8_t); static void aead_tls_cleanup(EVP_AEAD_CTX *ctx) { AEAD_TLS_CTX *tls_ctx = (AEAD_TLS_CTX *)ctx->aead_state; EVP_CIPHER_CTX_cleanup(&tls_ctx->cipher_ctx); HMAC_CTX_cleanup(&tls_ctx->hmac_ctx); OPENSSL_cleanse(&tls_ctx->mac_key, sizeof(tls_ctx->mac_key)); - OPENSSL_cleanse(&tls_ctx->enc_key, sizeof(tls_ctx->enc_key)); - OPENSSL_cleanse(&tls_ctx->iv, sizeof(tls_ctx->iv)); OPENSSL_free(tls_ctx); ctx->aead_state = NULL; } static int aead_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, - size_t tag_len, const EVP_CIPHER *cipher, - const EVP_MD *md, char implicit_iv) { + size_t tag_len, enum evp_aead_direction_t dir, + const EVP_CIPHER *cipher, const EVP_MD *md, + char implicit_iv) { if (tag_len != EVP_AEAD_DEFAULT_TAG_LENGTH && tag_len != EVP_MD_size(md)) { OPENSSL_PUT_ERROR(CIPHER, aead_tls_init, CIPHER_R_UNSUPPORTED_TAG_SIZE); @@ -78,11 +68,8 @@ static int aead_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, size_t mac_key_len = EVP_MD_size(md); size_t enc_key_len = EVP_CIPHER_key_length(cipher); - size_t iv_len = implicit_iv ? EVP_CIPHER_iv_length(cipher) : 0; - assert(mac_key_len + enc_key_len + iv_len == key_len); - assert(mac_key_len < 256); - assert(enc_key_len < 256); - assert(iv_len < 256); + assert(mac_key_len + enc_key_len + + (implicit_iv ? EVP_CIPHER_iv_length(cipher) : 0) == key_len); /* Although EVP_rc4() is a variable-length cipher, the default key size is * correct for TLS. */ @@ -93,19 +80,18 @@ static int aead_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, } EVP_CIPHER_CTX_init(&tls_ctx->cipher_ctx); HMAC_CTX_init(&tls_ctx->hmac_ctx); + assert(mac_key_len <= EVP_MAX_MD_SIZE); memcpy(tls_ctx->mac_key, key, mac_key_len); tls_ctx->mac_key_len = (uint8_t)mac_key_len; - memcpy(tls_ctx->enc_key, &key[mac_key_len], enc_key_len); - tls_ctx->enc_key_len = (uint8_t)enc_key_len; - memcpy(tls_ctx->iv, &key[mac_key_len + enc_key_len], iv_len); - tls_ctx->iv_len = (uint8_t)iv_len; tls_ctx->implicit_iv = implicit_iv; - tls_ctx->initialized = 0; ctx->aead_state = tls_ctx; - if (!EVP_CipherInit_ex(&tls_ctx->cipher_ctx, cipher, NULL, NULL, NULL, 0) || + if (!EVP_CipherInit_ex(&tls_ctx->cipher_ctx, cipher, NULL, &key[mac_key_len], + implicit_iv ? &key[mac_key_len + enc_key_len] : NULL, + dir == evp_aead_seal) || !HMAC_Init_ex(&tls_ctx->hmac_ctx, key, mac_key_len, md, NULL)) { aead_tls_cleanup(ctx); + ctx->aead_state = NULL; return 0; } EVP_CIPHER_CTX_set_padding(&tls_ctx->cipher_ctx, 0); @@ -113,32 +99,6 @@ static int aead_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, return 1; } -/* aead_tls_ensure_cipher_init initializes |tls_ctx| for encryption (or - * decryption, if |encrypt| is zero). If it has already been initialized, it - * ensures the direction matches and fails otherwise. It returns one on success - * and zero on failure. - * - * Note that, unlike normal AEADs, legacy TLS AEADs may not be used concurrently - * due to this (and bulk-cipher-internal) statefulness. */ -static int aead_tls_ensure_cipher_init(AEAD_TLS_CTX *tls_ctx, int encrypt) { - if (!tls_ctx->initialized) { - /* Finish initializing the EVP_CIPHER_CTX now that the direction is - * known. */ - if (!EVP_CipherInit_ex(&tls_ctx->cipher_ctx, NULL, NULL, tls_ctx->enc_key, - tls_ctx->implicit_iv ? tls_ctx->iv : NULL, - encrypt)) { - return 0; - } - tls_ctx->initialized = 1; - } else if (tls_ctx->cipher_ctx.encrypt != encrypt) { - /* Unlike a normal AEAD, using a TLS AEAD once freezes the direction. */ - OPENSSL_PUT_ERROR(CIPHER, aead_tls_ensure_cipher_init, - CIPHER_R_INVALID_OPERATION); - return 0; - } - return 1; -} - static int aead_tls_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len, size_t max_out_len, const uint8_t *nonce, size_t nonce_len, @@ -147,6 +107,13 @@ static int aead_tls_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, AEAD_TLS_CTX *tls_ctx = (AEAD_TLS_CTX *)ctx->aead_state; size_t total = 0; + if (!tls_ctx->cipher_ctx.encrypt) { + /* Unlike a normal AEAD, a TLS AEAD may only be used in one direction. */ + OPENSSL_PUT_ERROR(CIPHER, aead_tls_seal, CIPHER_R_INVALID_OPERATION); + return 0; + + } + if (in_len + EVP_AEAD_max_overhead(ctx->aead) < in_len || in_len > INT_MAX) { /* EVP_CIPHER takes int as input. */ @@ -169,10 +136,6 @@ static int aead_tls_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, return 0; } - if (!aead_tls_ensure_cipher_init(tls_ctx, 1)) { - return 0; - } - /* To allow for CBC mode which changes cipher length, |ad| doesn't include the * length for legacy ciphers. */ uint8_t ad_extra[2]; @@ -249,6 +212,13 @@ static int aead_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out, const uint8_t *ad, size_t ad_len) { AEAD_TLS_CTX *tls_ctx = (AEAD_TLS_CTX *)ctx->aead_state; + if (tls_ctx->cipher_ctx.encrypt) { + /* Unlike a normal AEAD, a TLS AEAD may only be used in one direction. */ + OPENSSL_PUT_ERROR(CIPHER, aead_tls_open, CIPHER_R_INVALID_OPERATION); + return 0; + + } + if (in_len < HMAC_size(&tls_ctx->hmac_ctx)) { OPENSSL_PUT_ERROR(CIPHER, aead_tls_open, CIPHER_R_BAD_DECRYPT); return 0; @@ -277,10 +247,6 @@ static int aead_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out, return 0; } - if (!aead_tls_ensure_cipher_init(tls_ctx, 0)) { - return 0; - } - /* Configure the explicit IV. */ if (EVP_CIPHER_CTX_mode(&tls_ctx->cipher_ctx) == EVP_CIPH_CBC_MODE && !tls_ctx->implicit_iv && @@ -394,83 +360,101 @@ static int aead_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out, } static int aead_rc4_sha1_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, - size_t key_len, size_t tag_len) { - return aead_tls_init(ctx, key, key_len, tag_len, EVP_rc4(), EVP_sha1(), 0); + size_t key_len, size_t tag_len, + enum evp_aead_direction_t dir) { + return aead_tls_init(ctx, key, key_len, tag_len, dir, EVP_rc4(), EVP_sha1(), + 0); } static int aead_aes_128_cbc_sha1_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, - size_t key_len, size_t tag_len) { - return aead_tls_init(ctx, key, key_len, tag_len, EVP_aes_128_cbc(), + size_t key_len, size_t tag_len, + enum evp_aead_direction_t dir) { + return aead_tls_init(ctx, key, key_len, tag_len, dir, EVP_aes_128_cbc(), EVP_sha1(), 0); } -static int aead_aes_128_cbc_sha1_tls_implicit_iv_init(EVP_AEAD_CTX *ctx, - const uint8_t *key, - size_t key_len, - size_t tag_len) { - return aead_tls_init(ctx, key, key_len, tag_len, EVP_aes_128_cbc(), +static int aead_aes_128_cbc_sha1_tls_implicit_iv_init( + EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, size_t tag_len, + enum evp_aead_direction_t dir) { + return aead_tls_init(ctx, key, key_len, tag_len, dir, EVP_aes_128_cbc(), EVP_sha1(), 1); } static int aead_aes_128_cbc_sha256_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, - size_t tag_len) { - return aead_tls_init(ctx, key, key_len, tag_len, EVP_aes_128_cbc(), + size_t tag_len, + enum evp_aead_direction_t dir) { + return aead_tls_init(ctx, key, key_len, tag_len, dir, EVP_aes_128_cbc(), EVP_sha256(), 0); } static int aead_aes_256_cbc_sha1_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, - size_t key_len, size_t tag_len) { - return aead_tls_init(ctx, key, key_len, tag_len, EVP_aes_256_cbc(), + size_t key_len, size_t tag_len, + enum evp_aead_direction_t dir) { + return aead_tls_init(ctx, key, key_len, tag_len, dir, EVP_aes_256_cbc(), EVP_sha1(), 0); } -static int aead_aes_256_cbc_sha1_tls_implicit_iv_init(EVP_AEAD_CTX *ctx, - const uint8_t *key, - size_t key_len, - size_t tag_len) { - return aead_tls_init(ctx, key, key_len, tag_len, EVP_aes_256_cbc(), +static int aead_aes_256_cbc_sha1_tls_implicit_iv_init( + EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, size_t tag_len, + enum evp_aead_direction_t dir) { + return aead_tls_init(ctx, key, key_len, tag_len, dir, EVP_aes_256_cbc(), EVP_sha1(), 1); } static int aead_aes_256_cbc_sha256_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, - size_t tag_len) { - return aead_tls_init(ctx, key, key_len, tag_len, EVP_aes_256_cbc(), + size_t tag_len, + enum evp_aead_direction_t dir) { + return aead_tls_init(ctx, key, key_len, tag_len, dir, EVP_aes_256_cbc(), EVP_sha256(), 0); } static int aead_aes_256_cbc_sha384_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, - size_t tag_len) { - return aead_tls_init(ctx, key, key_len, tag_len, EVP_aes_256_cbc(), + size_t tag_len, + enum evp_aead_direction_t dir) { + return aead_tls_init(ctx, key, key_len, tag_len, dir, EVP_aes_256_cbc(), EVP_sha384(), 0); } static int aead_des_ede3_cbc_sha1_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, - size_t tag_len) { - return aead_tls_init(ctx, key, key_len, tag_len, EVP_des_ede3_cbc(), + size_t tag_len, + enum evp_aead_direction_t dir) { + return aead_tls_init(ctx, key, key_len, tag_len, dir, EVP_des_ede3_cbc(), EVP_sha1(), 0); } -static int aead_des_ede3_cbc_sha1_tls_implicit_iv_init(EVP_AEAD_CTX *ctx, - const uint8_t *key, - size_t key_len, - size_t tag_len) { - return aead_tls_init(ctx, key, key_len, tag_len, EVP_des_ede3_cbc(), +static int aead_des_ede3_cbc_sha1_tls_implicit_iv_init( + EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, size_t tag_len, + enum evp_aead_direction_t dir) { + return aead_tls_init(ctx, key, key_len, tag_len, dir, EVP_des_ede3_cbc(), EVP_sha1(), 1); } +static int aead_rc4_sha1_tls_get_rc4_state(const EVP_AEAD_CTX *ctx, + const RC4_KEY **out_key) { + const AEAD_TLS_CTX *tls_ctx = (AEAD_TLS_CTX*) ctx->aead_state; + if (EVP_CIPHER_CTX_cipher(&tls_ctx->cipher_ctx) != EVP_rc4()) { + return 0; + } + + *out_key = (const RC4_KEY*) tls_ctx->cipher_ctx.cipher_data; + return 1; +} + static const EVP_AEAD aead_rc4_sha1_tls = { SHA_DIGEST_LENGTH + 16, /* key len (SHA1 + RC4) */ 0, /* nonce len */ SHA_DIGEST_LENGTH, /* overhead */ SHA_DIGEST_LENGTH, /* max tag length */ + NULL, /* init */ aead_rc4_sha1_tls_init, aead_tls_cleanup, aead_tls_seal, aead_tls_open, + aead_rc4_sha1_tls_get_rc4_state, /* get_rc4_state */ }; static const EVP_AEAD aead_aes_128_cbc_sha1_tls = { @@ -478,10 +462,12 @@ static const EVP_AEAD aead_aes_128_cbc_sha1_tls = { 16, /* nonce len (IV) */ 16 + SHA_DIGEST_LENGTH, /* overhead (padding + SHA1) */ SHA_DIGEST_LENGTH, /* max tag length */ + NULL, /* init */ aead_aes_128_cbc_sha1_tls_init, aead_tls_cleanup, aead_tls_seal, aead_tls_open, + NULL, /* get_rc4_state */ }; static const EVP_AEAD aead_aes_128_cbc_sha1_tls_implicit_iv = { @@ -489,10 +475,12 @@ static const EVP_AEAD aead_aes_128_cbc_sha1_tls_implicit_iv = { 0, /* nonce len */ 16 + SHA_DIGEST_LENGTH, /* overhead (padding + SHA1) */ SHA_DIGEST_LENGTH, /* max tag length */ + NULL, /* init */ aead_aes_128_cbc_sha1_tls_implicit_iv_init, aead_tls_cleanup, aead_tls_seal, aead_tls_open, + NULL, /* get_rc4_state */ }; static const EVP_AEAD aead_aes_128_cbc_sha256_tls = { @@ -500,10 +488,12 @@ static const EVP_AEAD aead_aes_128_cbc_sha256_tls = { 16, /* nonce len (IV) */ 16 + SHA256_DIGEST_LENGTH, /* overhead (padding + SHA256) */ SHA_DIGEST_LENGTH, /* max tag length */ + NULL, /* init */ aead_aes_128_cbc_sha256_tls_init, aead_tls_cleanup, aead_tls_seal, aead_tls_open, + NULL, /* get_rc4_state */ }; static const EVP_AEAD aead_aes_256_cbc_sha1_tls = { @@ -511,10 +501,12 @@ static const EVP_AEAD aead_aes_256_cbc_sha1_tls = { 16, /* nonce len (IV) */ 16 + SHA_DIGEST_LENGTH, /* overhead (padding + SHA1) */ SHA_DIGEST_LENGTH, /* max tag length */ + NULL, /* init */ aead_aes_256_cbc_sha1_tls_init, aead_tls_cleanup, aead_tls_seal, aead_tls_open, + NULL, /* get_rc4_state */ }; static const EVP_AEAD aead_aes_256_cbc_sha1_tls_implicit_iv = { @@ -522,10 +514,12 @@ static const EVP_AEAD aead_aes_256_cbc_sha1_tls_implicit_iv = { 0, /* nonce len */ 16 + SHA_DIGEST_LENGTH, /* overhead (padding + SHA1) */ SHA_DIGEST_LENGTH, /* max tag length */ + NULL, /* init */ aead_aes_256_cbc_sha1_tls_implicit_iv_init, aead_tls_cleanup, aead_tls_seal, aead_tls_open, + NULL, /* get_rc4_state */ }; static const EVP_AEAD aead_aes_256_cbc_sha256_tls = { @@ -533,10 +527,12 @@ static const EVP_AEAD aead_aes_256_cbc_sha256_tls = { 16, /* nonce len (IV) */ 16 + SHA256_DIGEST_LENGTH, /* overhead (padding + SHA256) */ SHA_DIGEST_LENGTH, /* max tag length */ + NULL, /* init */ aead_aes_256_cbc_sha256_tls_init, aead_tls_cleanup, aead_tls_seal, aead_tls_open, + NULL, /* get_rc4_state */ }; static const EVP_AEAD aead_aes_256_cbc_sha384_tls = { @@ -544,10 +540,12 @@ static const EVP_AEAD aead_aes_256_cbc_sha384_tls = { 16, /* nonce len (IV) */ 16 + SHA384_DIGEST_LENGTH, /* overhead (padding + SHA384) */ SHA_DIGEST_LENGTH, /* max tag length */ + NULL, /* init */ aead_aes_256_cbc_sha384_tls_init, aead_tls_cleanup, aead_tls_seal, aead_tls_open, + NULL, /* get_rc4_state */ }; static const EVP_AEAD aead_des_ede3_cbc_sha1_tls = { @@ -555,10 +553,12 @@ static const EVP_AEAD aead_des_ede3_cbc_sha1_tls = { 8, /* nonce len (IV) */ 8 + SHA_DIGEST_LENGTH, /* overhead (padding + SHA1) */ SHA_DIGEST_LENGTH, /* max tag length */ + NULL, /* init */ aead_des_ede3_cbc_sha1_tls_init, aead_tls_cleanup, aead_tls_seal, aead_tls_open, + NULL, /* get_rc4_state */ }; static const EVP_AEAD aead_des_ede3_cbc_sha1_tls_implicit_iv = { @@ -566,10 +566,12 @@ static const EVP_AEAD aead_des_ede3_cbc_sha1_tls_implicit_iv = { 0, /* nonce len */ 8 + SHA_DIGEST_LENGTH, /* overhead (padding + SHA1) */ SHA_DIGEST_LENGTH, /* max tag length */ + NULL, /* init */ aead_des_ede3_cbc_sha1_tls_implicit_iv_init, aead_tls_cleanup, aead_tls_seal, aead_tls_open, + NULL, /* get_rc4_state */ }; const EVP_AEAD *EVP_aead_rc4_sha1_tls(void) { return &aead_rc4_sha1_tls; } diff --git a/src/crypto/cipher/internal.h b/src/crypto/cipher/internal.h index bc1e2de..605b8cb 100644 --- a/src/crypto/cipher/internal.h +++ b/src/crypto/cipher/internal.h @@ -59,7 +59,7 @@ #include -#include +#include #if defined(__cplusplus) extern "C" { @@ -79,8 +79,13 @@ struct evp_aead_st { uint8_t overhead; uint8_t max_tag_len; + /* init initialises an |evp_aead_ctx_st|. If this call returns zero then + * |cleanup| will not be called for that context. */ int (*init)(struct evp_aead_ctx_st *, const uint8_t *key, size_t key_len, size_t tag_len); + int (*init_with_direction)(struct evp_aead_ctx_st *, const uint8_t *key, + size_t key_len, size_t tag_len, + enum evp_aead_direction_t dir); void (*cleanup)(struct evp_aead_ctx_st *); int (*seal)(const struct evp_aead_ctx_st *ctx, uint8_t *out, @@ -92,6 +97,9 @@ struct evp_aead_st { size_t *out_len, size_t max_out_len, const uint8_t *nonce, size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *ad, size_t ad_len); + + int (*get_rc4_state)(const struct evp_aead_ctx_st *ctx, + const RC4_KEY **out_key); }; diff --git a/src/crypto/cipher/test/aes_128_ctr_hmac_sha256.txt b/src/crypto/cipher/test/aes_128_ctr_hmac_sha256.txt new file mode 100644 index 0000000..d4803a0 --- /dev/null +++ b/src/crypto/cipher/test/aes_128_ctr_hmac_sha256.txt @@ -0,0 +1,336 @@ +KEY: 067b841a2540cb467b75f2188f5da4b5aeb7e0e44582a2b668b5b1ff39e21c4e65745470fb1be1aa909c62fabcf0e6ac +NONCE: 10e0ecb00da5345127407150 +IN: +AD: +CT: +TAG: a82a891565e466957ad5a499d45b579d31acaf582f54d518f8f9c128936dac4c + +KEY: c9d9ef2c808c3f8b22f659c12147104b08cec2390a84f0c4b887ca4c247c8c9dd45e72f48b30b67a8545750387232344 +NONCE: 58bddf96158a3a588bf3ec05 +IN: +AD: 5d +CT: +TAG: 3580c1601d1c9a5b1595d3dee35b0cd9e1b115d8b0abee557b2c207b8d0df5ee + +KEY: f755dc6786e21f39b595389a51d36673e1ffb94ffc066c03873eb31839be6fa319fd31c8bea29f03ff28831861e60b6e +NONCE: bd6c80797f1f4c563b06fd3b +IN: +AD: 78d88005136e312639572343a2d0daf7483d8235291ee3ac002469456b075243dc03380c387030d546c2b1 +CT: +TAG: dede80d810fc449a769c79a5ecd2c0d68e9e0fae567781e623ab2098c88d8a86 + +KEY: 43a0a28fef8b89b8fb0f76de01d802935ad561e27ca9c9fa629347be676a6af758501b6a652f369045da5fef751b56bb +NONCE: 0f6472f1e589c16ca5ad45b2 +IN: +AD: 78e4eafccfc87631f0314c442ba4c07bca36f996a5b3408f9e445d6009a87ded16b33a4af9537a4619cab70d +CT: +TAG: 11fa62dd8374aabe728ebf7e9aa1c02cf8f2dbc29f9aaf1940313f0b7c3e0301 + +KEY: acf8e5f1bd64e6289370650b5b3fd773320025c8b229fd335d9461768cd0a17b4bcc946919932efdc9fc84a7f50768bf +NONCE: 1aecfc90d28bcdcc5a8e3578 +IN: +AD: 6daedbdc69133b56f6a8f098f9f70cdb7e129e51115df385a6d86204a53412cd999cf2e69f45e168efed4742b6 +CT: +TAG: fbe0511ba0ec5709def9966a9b05facf171cddd81ee2cd56e7afc867af465f31 + +KEY: 2773c92e6cddc9a5e5dcaf3893080fd2153f009d807df0b175c76615645f2087539e299d8411b27badb749a9845c5e29 +NONCE: 6d04ed129299651aec0465f8 +IN: +AD: 44219577e361a7a4681172d120a2d653a53ec74bc487ccde4954835943bca413d55c65dc665310148654d8c1e2e6bc2f06ec344473120ad1f95739b993a57f9ec0b3299cc088f385894fff876fc2ce8ce6b77ca253f177ba615101e84e17ad0e60704cff195dcd50eb48c77de409797e0b1c8c4c5b9215a4a0399954a008267b +CT: +TAG: 6ab61ac4493e58e48d071d994a000f1c1f498d22f83c8d2af56b03c155afc57e + +KEY: 23189bf23bc4b734410d1c7ae321c42e144a25347a8029bb925e3d8ac1b92f4eb97227c1dece86ae9dea7d127eb33f9b +NONCE: 30681944cd5d78f46d36ed8a +IN: 59 +AD: +CT: 92 +TAG: 986aa8438da3cf4a98f478f90d24908c6a4e848f299873e649b256f5499d89d9 + +KEY: 463d1148325c5f57af670877068a78203571b8b19f40e9f0373156b7448ab315df86c77d7c85ba6e54b9bc329399f687 +NONCE: cc9d015a4b5a888b36b14d05 +IN: 28 +AD: 6a +CT: 05 +TAG: f66e8dc794b142944fa46d5c04a3e3fe00291668374846d763f2beeffd4ca4a0 + +KEY: 937eaab44e7c7d2cd5bbb053c12e6255e0aaa42cbe7d83025b7a2887eff8f098d019c80af849b0ed7da54a5ba5b39200 +NONCE: 2b160d24df579836e1572ea2 +IN: 9a +AD: 35841a33ba3a6ed3d89a1f76d06c61613d09834847e5a41f8616748e30c14335e5baa43d49fceaf85aeb22 +CT: 80 +TAG: 5e5799c147be0329dbcabf7ecdba6ac595ebc2d06b9d757426fbb31e8b39f62a + +KEY: 68a746f382fcc11c02af7b352b9d710c137a9f59bc5886dc374ca88cdc01b86fe5678fde16cfa846846539f67a429276 +NONCE: b94346c033ac1a3d709c4f09 +IN: ad +AD: ad61c9168debf9974e19759088944e888346aff99f3e2e4522549c8ae332a0f41922972fb7c1d5ff24e7ae4b +CT: 46 +TAG: 62ae92ff64710a9f260da2562e246356e9d749c3584fb9f40d9572307ccbbd31 + +KEY: 6622579d1d6350fd5dff432b69d172cc51f99bdaff50b0a1c0f4cda8d5904581ba8657ba61c6936407243d7fb64b00da +NONCE: a880caa7157a13540d2b724f +IN: 2a +AD: 95a23eafcff892deecaf093109d30290d819851ad5c91061510e54baa2b039b114c815da20f0e3ba2ba4875bdd +CT: ce +TAG: 33f09666f9fd1d92f137d9f3f7092b47b2bd71a7e3139dcd19a803a6b17f2a3a + +KEY: 91ce9dd87c7d11d2c4da41863b6851c40fba786a612e0fbf0d1956a71286dfc61fa10bf7d148cecd72b6ceeb82b68d3f +NONCE: a50dc3d8fd63d3076cc70ff6 +IN: da +AD: 9ce8e1a777c159ec775abbd67d85e84f3550c3296e848dec18b61bbd713a98a033805bfe6e2f2a011dd7fd754708e524168142aeee579cae19c7eab78fa7c42fa335f0c725baf556160beef9e4afd1050a2c8813be6bd14cc6982116d0229d53e9b4de923abf6ba99bdffe1d5f21748ae74caddb077d9f7488b394436222beca +CT: 2b +TAG: 1541cd745bc0259dd72a212474f5c7b8c121dd0289d674e5ba8d56a220d1f1d0 + +KEY: 1ad577d3b47e3fff8528e336a43a7ffef72f811e05b5c69ccfe777b10f29061e289178e394a1c87ba483c7f98ea5431d +NONCE: 1fcaa4757a9e48ed2cb3be62 +IN: 46d30dac550103006c292a9ac05d31 +AD: +CT: 37616eba30c55595fa0ad5d50f91ca +TAG: 5c3ac4010f75adf90f81e775b07ab939e7551a9b8e0486ba33766728ed498245 + +KEY: 6df310dc1847b42c68e50b03d154b73d7f3823354b32759c5369bce1a1b4cd63ccdb911c2dc792acf84b8b8f3fdfb89d +NONCE: 92e6759a31dd556ff9124d73 +IN: 6daba76658db642209e276ff7c8d46 +AD: 32 +CT: ce1814c03037078b6be3252460af48 +TAG: 46e61913f2a1ff6e77faade9a7cd37a82eff3ebec4276fbddff9266b9c9bd873 + +KEY: f848c2300995f5c98dcd0db24574d7c61459ca64c084421c6ad156e80e398904417ee745245ddae91be20fb07e66bdb6 +NONCE: 3b177e11063445717f417d14 +IN: bbf225131c821a6a60817cc65bf699 +AD: 4c5ab4fdbe0018344629349feed5d8c3ae0c5b64f2b093576a2aaa1225e7a50eca01a9962c9b4f8fc5c12a +CT: 1538957e78f3ab0fed77906153d715 +TAG: 2c7760d47407ad7b0d5b85fa4967eaa7b6c0bb6eb16619adde7a191abfdf3da3 + +KEY: d406cac07630ce2c071732a0ec95f55123486d2677465768dc7db13f90902cf172f92e19f57f5cf7c68cd7bde7ee4b4b +NONCE: 766aede0120b634a4be6fa12 +IN: 3804d40090a38d4c97a5fff631068c +AD: 7707b7d0f266284e84c2ecdd5a18832650c3e27d66697616c9e9bb2f8a09a3295de0119582ca3614b9608548 +CT: 91e96462a5dfbe8b7af201158a36dc +TAG: 56623e5813070a0e2f5184aed83b9863301ca02e3108f7afc478d48305e397f8 + +KEY: 42bb22a317ed9f9df8119746e9a1257217e5b0144051ca56f39587021d969bc0acc02795f3bd201031e8c05af08ad079 +NONCE: 0a9f6bace71a1ab21f4917df +IN: 013f7b8c75307158f4f300450e7a78 +AD: cd95a649ae215fe73442a6991e157232cbcabecff6042b87d41557e35b97606d606c3ded54f5d3db7aa2773f67 +CT: e588dbcecbdb7667dccf7fe34f8387 +TAG: b04461748109ed9068c7e9c0446528ef09b01613c3b3aa1ffeed6685ebb550f5 + +KEY: e1cfcbaba3a04b5108ce2a87099a6aae936ee38acd92b7e6b7df0e3bcb9ad18fc579b5d470ef3e04c23459f509852458 +NONCE: 112dd267174bcd81e6fbd924 +IN: 288a1e44b406aebec7b418674f81e7 +AD: 7809d8011c5a963df14fb8981e874119c60b7a9d897d13a05651759db5835deffdd991fbf98b9aa71c79e48bd701b228ba248b6bed874b02da7fcf28a04c38b81c0ff628846015258af30dbf28ea4f3283f664f888fca545f5fc57dccc4ad1dd476c52fba341182ecf783706c5c458bf0ee5ec83454afba78eb8b5ca17af88ec +CT: 80f4e1012d76f6180ca00fd32c8fec +TAG: 6de00bf2fd3c88ab34ca9390f7e559875e43e0f938303816a3a75a35729bc453 + +KEY: 84172547d8608bd9e788a7bb60df2982963716e45f8e63f0c5033327d85c920c5e3776e314246b1694b739c39abfa29f +NONCE: a3f1643bb504b7ce9e5b43c2 +IN: 7e76323eb13e64da9b240a57c95c855b +AD: +CT: 966487c18f025d67b42a04c30d3ff4c3 +TAG: 8bb03d893f0ce8ea4a6a47245bc7f20c72acf8caa466edd01365d0f74c929463 + +KEY: 02dee8f2e63b37fe3cbae9101fed0946e05e5090510bef3324a82e3f27456a45ab1b6cdeddb1fe515ad07aefeee6ccbc +NONCE: 64723d21365d62926d5c2262 +IN: 4f1f132c50a01ad48882ce88655b33f7 +AD: d8 +CT: b102082e14cd9ecc0895f7a6f08ab522 +TAG: 2c09651c1a51cb8a375746236fe258a36e725936ccedbc4dfafee6c3084a4716 + +KEY: 5db57cf6301bab815d38879b35c9db72fd40ac576d259ad5074d0828364050554e9fc08335b5f2bf066b09e50fbe6ba4 +NONCE: 36e5340d844de213c312177a +IN: 41a6e910b14388740ea351eb1df980c9 +AD: 8316a6b9b155b2de5e724f7593ecdcee442eaef7b9ad204eda4744a5e648c2dd84f48ee81397e485953465 +CT: ee21d4d47042415ca27d2ecb11b13d79 +TAG: 5015da5a3339389d39d0fcafb56ef4005b342e69ba47930e84408d33aadf5f2a + +KEY: a493dd6de6fd6584599096442dd9345f6f2d8fc2d426c78eee2b992b4071aba4ce463f3ca293c84b2faf3e8644b6ec25 +NONCE: 4f9be6f788ee960adc650d86 +IN: 4de6e244251091cf13762d20685e9085 +AD: d15da312b7522c18384acdbf6348b5e105557f1790a6a203a65acd73397524681666743f3145048775ad84e3 +CT: bb1296457daa39d889c8f986938d6a39 +TAG: b93548cea90c34d03d6f5683ae2cc78814531b803d42cfe57623fd4bdc8f084c + +KEY: 8cc59ebe2c7375a70915c48d2978a1f720bc0aa2775ce9189ae7b3d5dda9a81e56cde0e0a29939599409b71f0b65f346 +NONCE: b0ab041f37ea1e594f1eddb3 +IN: cd0aeaf6806cb99e6bc1c8c5d830de8c +AD: 8f4b5a9609df757826dbe7e51bb6a2c6f45f601263cf668836193513cf008ab6b36a7d5447039f1268821ec37e +CT: 5d5375b9d9cff6d0c1dbd14221509a0d +TAG: d8850bbc838e068b817c24d018f8f1e1cb8aac0a68392a700f48099f81b6c37c + +KEY: f3e9c507478d3f99dbf3e2421e45929b096ab3f3d4aa4ef9c338c5a1a2425c9936b7df602502d33cbafcf781350da77e +NONCE: d4872a30c9d1fa9001a25afe +IN: 25e05ea69a956b12a9be4ef03ae9d30c +AD: 8b346c20e7c64b805d9c8d325829201753069c60b3f221f31474f55cb20315373ccd7c2a8f215e9efc407ae91b05d8b6d693a3780fdd65d7715cdded86c3d6204055812f3fce897f829d1df9ffaaf48885291701ac1765090c383162dd13d6bac88baa0cb2d748363bbb79843a1594ec6d8778854a63b7c9ffeb6d1fb17e90f1 +CT: 61325c7e0d29e9ad50b9c0fec02d7ef4 +TAG: 4b2d0caece46ce2496445883c03234e900189c22b54390b399d78ee4ebfbb7d4 + +KEY: 3d9b651e65e9239c9e33aafb091b348161ab797901fd0468aedd014e4d5683c8f3f54f20ea6bb07bb25dd258df7bcd5e +NONCE: 32bcf856a14437114e7814cc +IN: 08a667c2923f87a7db6502478d32280bdc +AD: +CT: 5e8e02cc91c732356bb9f1fc599426a379 +TAG: 5449e878d558beff4bc7dfbb5f0195444705cfb259773b4faec524fbaca37ea0 + +KEY: 2124cedb5f3f2558f8b9a2304a29c0df6102333cb4aa10625aa82cd76ab645c73f3b7cbf7c96cacdcb9e0b738e40c042 +NONCE: 7ae419446a3a105beb2fbcc5 +IN: a305dc4a2e50cc8e7a65a4b10b73849636 +AD: 70 +CT: fcaea620f7e9ed1337214c4b432d9869d2 +TAG: bfc739c8504a4d9033ab1915f46c1bf65c5382fe9ed1c134026ba32c63ca131e + +KEY: b027feb1aced8fb3af27a9fd7f531c30991ec1abd9f230a3e5d6ee9fc6a77747013f8e14dcdbd07b0083d0ce23dfa711 +NONCE: a30a6520f933ff5265e6e305 +IN: a705f842d542cb6957fbce21854755c6dc +AD: 447bdaf34dfab9cc3dd7777ebaf80077f391093bac9817bf02ad98db9d3f271282ecaf0ff19652f92076d1 +CT: 3ddcb07c121b498f1abb73bedb527d4df4 +TAG: 55957a0e884dea22d6ace10e5936cdac891f5b54225349ede5c44715f1064b5e + +KEY: ffefb7770a7cf125395703985823f3e926f3722ca0764518fd2b8996577bec03648c8d542af1c6e36b51174b0ba88316 +NONCE: 4c31394b4b24f6251a839891 +IN: f026a1d352c37b204c6c1138abee9a9a75 +AD: 1e7c0f71a3aacd87ea785521ea31f93b1efd0bdf97952e0b84ecd50c706806deffc19caea312b5a9988454d2 +CT: 23c8bae37db93ed9f55f2903e04b7c6a8e +TAG: 89d0a7e7d921dea5bb54c28e79b612688e42506aa69b141de830c8d63bdefcee + +KEY: 453cf5e4f48ce5a961c94af0e1639c156965970f561ac17fe08d5b75975abe3db87412640972e463290800666be80441 +NONCE: b3e3f9708a86c7cdf139e496 +IN: 53f1b11de497cc6ecb411a777dc3d60197 +AD: afe29e074dcce850ac6640230e6b9f66a64587c5fbe8679144e065d3b1700c721833ba8f918e926c9142f5f362 +CT: 15d5f597be46a19566a72c5e843b77f70c +TAG: a561c3375c096a116a721e9404e555a2deaf3f677a8611694281663274708f58 + +KEY: 3d497f81d0652d475bcd85cf53bda13f79ef0afeaec09dd679a6e5ea58f87ba6576269f836096d5ac034594b17073331 +NONCE: 3fb1664830821e2b524890c8 +IN: bd75c313f5c8f6007a2185bc39d0af01bb +AD: 50744ed959e2b8ba5b5f4807e2997ea0b96ebfcdeaa1c6b33853219844592e82ad67abf6ccbb272cfdba6a3e45c07fec4d4a0ebe4235f11d916771a764d9a129d39f6b84f0b5fb4cdf789ca2f5ea306b25d047a9b1a1e2e90905b6fba472e70b2fa25c96602cfa0031f31c68954d7487507081b8e70f8aa1342cb8b4a98ce9c2 +CT: abe3869ac43fd8b429ee8b8539c970bc86 +TAG: 33fcd301c2bf624bccb92a986c2dd5f2ecafc32649ff550eb5312fc81cbce46e + +KEY: 353c3e9f87b40fc0281869c68d9d9bee5c95771dd79998c059bc5ceda71f139fe447cfdf340e9eac57f232b9d230e45d +NONCE: cc7a4b46b02f4e7f96fd34e3 +IN: 44bcb61332930f606276268ddbf3287bcaedb5b25704489cbee63ec839d7a69533dbfb6e95fe5b4694eb485beb1437f0777774868ecf45c8a5b3edafa1d62a +AD: +CT: d038d67b8b690519fafa7467c9fb94135f9bf0bcd8247cd2c30da62ddf37a6d9a3a9bdcf8ec081fb4469c0fc2798e2e30afede7cda384438fd01e5d672dcb8 +TAG: db2c685a59cdf304c1fb57b66966a5ca1cc3536fe21eb1113c25868428640c7d + +KEY: 3b3786e38e110ec0c8b05fbdb3d9b6d117d1ebcdc0e7d942249fea6baafa31fe5caac227979fc833b104641e8e9ed01e +NONCE: 53bf31912a3ededc01c91f84 +IN: 6de5890028382aafb186042864c5cca1a77ff80ba4f7f0942dcffa1579711093fb652c8d475dfca81a976be8ca77eb9c7a6b49dca1425610c945bf404ba65b +AD: a9 +CT: 886939354fa117139f5e077baa186825ee7e2955c3a74f88af3a86b260ee9f9959a90409e7d602e36cea31e606aeaa8b9229e28f7fa58ace6fd217e5cce1e7 +TAG: 91a769003ec900dbb40ea9c9b959882d822421b510ba85ca826bc4af3b5c42e0 + +KEY: 5a75c97f3583983bbc5eee4a882b766a6708d798a46f71e63b7509af69afd7cf86f9b42df04b626940914007078a8b9b +NONCE: 426e8bcbcffb6b425706dae0 +IN: c24fa29a66197cad518c5a1a76abd9446a8f24c2dd81e953bfc5c00544c119d67986781a1c754224af234b0ec5e44e78610a4420eb78c283e9a56637c35c24 +AD: 6376835513967e4ccaff9a0c56b4d27a2bd0d013cd54abf95fe9a162d036af285ebc9567a16ed5abfa69aa +CT: bc4daeef3ccdf9abdaa75591781685eee3fd7825bfe63132817a7e0f93817f22bfca30ed775a773f5bb290aac3a381a01085e861cab7b9fe4c5143138e17a5 +TAG: 79c779bfcb974ad9a8ac88dce5027df5691a3a1163a5d5893b4cdb1663b17aa1 + +KEY: d1b301c029fe3b81e4b97e08e84dbc03b138f422161c0e74ccbda3172c034b99610f09a9e611f0e9a3ca40af4fcb3c56 +NONCE: 4032c79eb3ee4b63e44fa932 +IN: 71bcf5a5198787b85a66221c22e7bdb9d038dd3e10000555ec9271e54bfefc460ef4e71729ff7ae52859015b49f45df89ddf183fe1e19de3acb032dbaa4d57 +AD: f1cd18ff1e5ad2b65de41e083b5175966625ebebb3031e1027761e407dae4e8e193ffe7dea52ff61147f1b4e +CT: 7c521a703b7d1cbd086bdc316d4f2ff0852c462eeaa1d7a586c561354be9ed412d9d9bd1f78cc85468750f1af09b7b17dc1ee84c926760d63504cd3a1dfa3a +TAG: 831f3552890d997f0a8f2d832b6e92e26f6e865424699f0364a82d86ab7734d0 + +KEY: fdd24bf37b36666a4f641115581ab4bd6b896dd3017006031b3675beed33f21a314363e3a07bbbf4359d9ac02eec847f +NONCE: 7767cff1a096a9f7d8a9b32c +IN: e62b7695dd41baf49d1b356e64c6d5504784380b75724b86f5f3185d1a530664aea0e5f9aeef347e1ea4754acaa7f3c233638db234c0e93db02e0bf988e7ab +AD: 2d650f3daed2564b0df86fa23ed0343634663adfae2c422f80f9d5674bbb63e824f01ad3994834f889133bbc0e +CT: a51f50a6ce77a22ec472bc18c37d08fb28e77efe55065b600e3edbd9ac97f0fd0eec93cd312ec7ef886cb04e1849526f0a38b14d862bcd578b99bf9a007c2e +TAG: 89d83264364c9c84ba705e5549abcd496abed3900f65e3daa012275fed18a7da + +KEY: 0f88e2d00d2c4bd682f1591ea5f4c1a1090180e1195809cb363b27c863360a85b27814e6a724effa44f298430d6c9628 +NONCE: 6e2e62ecb2aa47c7e5921d25 +IN: 91efc710a57adb57017725cfa26d17d3e2993c5ee66942ca42e770a83763e9df8a455bd408dc1e2661cf301f1dd669cd6d5b4d92a886be0f54527779bae8f9 +AD: d060cbe84271e85f25a3dcb6dbf299551f0dcd5783e3df80468636e491c0100f3ec8316f24240482a88bc430a398b0ecaee5c48a274ffb2d835e200bc39ec0aa86a1c90c9e2dcb4217595d48826a81de90eb949846a33fc26bf8886ca0554e1b8f12cbeee36e65e33cbbf610c2d24264619fa93c44c88e0e3d9d368fdece461b +CT: 10d99b98ed67d85a44fa57e706a8b028c61ef17f35f6713613d158cad90e826f90ef036a2190ba123f9b68b352ca94fbebf8ea947e569ad45f00e6a36975f8 +TAG: e345bebcc4a8ac01528bc5f317e5c378236b292c2baab6ae8654245da35d90d6 + +KEY: 1ccec52c77239bdf6ca50e5b702943b23015d08cb1d9bac592b3dec4c96be904110713e52e114a8bc294df26530a758a +NONCE: 38554b7c40027afe9721e14a +IN: dac91fcdb3768df8d5ae9ddba1fe5917c084a5d9e6b14eee9a609cab2da34ec9f95cf2d10fff77108477e694c76f362e29b9a9287d8b190a748ed0a929967ff8 +AD: +CT: e6bcb38b3bfd0b428a14bb3aca01a4a9e54b0853f10bd7750f5bb58d0e7dd18006f8929d7d862e5d6601ef63be8442334b4d51a99219cfedaa31f7ab19028459 +TAG: c4f05d9415840c2325dabbcd12dbeda31e47637437514c606dedfb8ce622edd0 + +KEY: c82ad4c6f248bc51d3a51b958ecc2460a3c64d669f6c485c2309d26abb3fa84644a0d8c28da8091f90184b53cd556413 +NONCE: 35a29938fb7a31225b08d0e4 +IN: bb0045cec5587e50b148b140b6969612425243ed1412e812aa9f4b471ed34ced6dfa9e0acf3e31455893e4ee7e66b4661c6e1f80b7d6f1159c11387ce579b80f +AD: 12 +CT: 5f1854fc2fb11fd721755445a1efa5a28607a725ad71cda9a3464860a6a0efe3f58727c0e0cd315f867611232abd72034dfc2b9deace8cf6cb507b1cd4032b59 +TAG: e40429ca19a88da73a7654d7ed8e0621ac2e504b0245615e262ac70bd05a3f47 + +KEY: b01bec74fe97e5af7db2a0b1432f8b4c069447d2b56dc2668371387f753b03465412213999d2394a4b79873db06c590a +NONCE: fec7de97d54dec8d36c9f253 +IN: 88ab078d03ffacd128edbceea7ace2e6465f4076097445a5db7f0e61ed817b6e24f22874489049bee0c58d0aa2b42b4db0bbef6ec88d032da9c82ebef57c424d +AD: cf0ceb3e80a76d1a75f6e070f5d3fee1cd1e2699434f96e7cb3adce12d4a3148dd433b08c68b9d66962f24 +CT: 8aa3c7478b0cd86fa30870957fb5307345f89346a869d508da9d3a4fe36fb3d6a9b0c3c1bc2d44c8ea31ec028012098d6032085af0b54603dc2fa65ff091fdd6 +TAG: acb670172ec3754064b366566bdccf5056eae132e2041f1a285c5883e7eff4f3 + +KEY: 699a94f6e6eb457b186af58c25118fcea81c8f0ad265e7c16bd6cdca15c9db64bb9a537580ca0474a4b4d54d47412d88 +NONCE: ac3fb6525f4357d831529407 +IN: a7300aa94f3d357cdb272f0a739979e08aad9551dd3bfcd0b5aca6a0972a71b502639e79e1b9e0d22db2f3220b982800d9cebbac3d10d9bf86ea25d3d417fc57 +AD: 19c3d34bb9d57d0f63f14bdd3da06a43a5afe6a8c505f038cb403515876a2765c2d61aa7e4c84e11c999b81d +CT: 8b472f1069ace78172611369b03073f751e5206dcd2ce3b45c431095f303e70c59bfad3af8006e66e4a68f8fa2ffa534bd76bdef089d07dd38988cbf723393c6 +TAG: 8e7c3c2c41b1117928ca1cd0cd48c25c319c18e009804c007d1aab0967c0d0d4 + +KEY: f3a7b8c2a39531d5fb3c97bc9224168aa835973f48243d6f046d00937ed428e5d672e22af26e734f0c24f989fe62621a +NONCE: 65c61af60769672f0eeda005 +IN: 59667fceb2594e002c844a47d2b3935d2c99570b1639f0887fb082499e1d36f9699ff9ef53be3b4236136aa9e441abdc63dfe536e6fc9fa8f332baa1dad577ad +AD: f79036742501f1ac19dbb2984e09cf5000bc4bc0424082376c307b8f1e5bf74dd29c802139d7ea93d55d336464 +CT: 9375a81f016c2dc59a8e99dc33fc0db7ef99ab2f9ade4b0ba000a614ff2bd13bfbee2d4a2338109c98c1147edca6023cea43570adc503da98379326ace89d796 +TAG: f563869420699dfa0aa84751526bd75af1473bd88311001e49230b09b8ef2797 + +KEY: 27611a8f11cb57d08648ec816b5f3c45882dae394200cdfc803d1a52bb03f225206574ea63b63423da6972bf5a994332 +NONCE: a7f617fe7a52dd76ee443dff +IN: d6ccb950515a4a2de7c3cf5a73b568f32fe30567bb22b3b46feb7ef07205d3215a3d689b96d4b9dbaac5a5bd6ecac6ba50314b19b37179fff2557c869950e162 +AD: 777282a98b2f262ed9456fed3610a2028bcc4433eb8f028597d3bfa220bdb0c04882de03a276d0191cd1a125270ce1630c1b94e2ec0021ce5c494d2e0bdb8745e6e94a387cbb31a0898965174bcff8bba105f94dbf080059b49dee71c3194fefe679ef6c00065154ea809293b088c0c3f2ed7824aac72319a4c4ad85ea990844 +CT: 41eacc31aa3c3a282ae7638d48fc7541d2f129e4cb3455df7e60259be9a814c8e1642ea826ac1ec7ed1fcc216a6624e79845521e7a8b16702566f27f7a7f3317 +TAG: b959992feb7005410f9ea6963525e3d9244f038731ffab8da8c4ebc72489f17a + +KEY: 0d9322713cd132c339c38ec7a75862860de304c70486b89b0f587095c66bfd1abe56f0b34f9ca0dac577fd4262616600 +NONCE: 3298d02dd4eb85a98cb935e3 +IN: 5dfedb1d168fe262d35f78d797560b2634f71d40f438c21cdcb8e73cf9884c11570554f55a6abd23d0e7775a9ab385ae6c9bbd67f08d1aec57347a8fad5a4b8c7b042b03c25facbffc76f0b1ce2e6c07d427eaebe71255d661ac8e8bfe8867e2d947d496ce2318a601d0beed02426311ca678d036deb3b4c65b1f89bd644a410 +AD: +CT: ff09fe27f12a87d5208bf246378ee0740e848262442b8b9c7670c8a73fe6732192cde43c1a1246743ed49e15ec63c87dc06eb3e0c92c1f286108b2c7e0754dcf1b9c3fc87efe3683289daabf2db71d8742061f93098788c3c6f26328b86e358507a03af296d2c29009562cad3763399e0e2b89ed440f756c16214c8ab7ddfb84 +TAG: 5076c80fc76c67d6e4f9b9d470cc184db62ea7da49cae44cb3ce9e46c2f2ca9e + +KEY: 2695671fe86f1658d8b01ec856fb4c9d09a0c51a1b994fc87a3f72bec12052537b7429f11f7eb4aef0b128302ec8f336 +NONCE: 9739e577595418c47b9c10b7 +IN: c723c39be334a0761db795076e81e3dd85e37a57258c7e0e10fe0f48dc31bd5e683430aa70531b7c8e3a904e49bec838e760d07afa9f86b2cf78ae90f612c4560632acb7ea2d89fb1fd5396d0337111c429cdba99c6a52e863e8603aac24a83302ebf86ae69a212cb938e12085cbf73a28f75e4422995a5ec8705b12d4aa8b6d +AD: 31 +CT: 1569b20732ee6395e605217e1cb419ce57496ba6f6e889bdfa3c93575e969eb7a0410c7930b7ea146e88577376d84f0e824b62890eb84bfe768a1513a12c2958ad1835bc1eabe602cf40f7812c7dd7da955567242cd7512090fca685fdd7306bd98a908b09464961114abbdcd610c153637400a1f81825cfdf06505947fe54ee +TAG: d07e14a62a32ef1933abc2127cc5bfc1e43bbca663e460409c6faa3a4ccf99f3 + +KEY: 1785ef6e7016733dd1952b3268639f231e7afa973c0a3db8780b81084c67a1783200149a1ed849ca8b5c14c7b1798b4b +NONCE: cdf48b73c3c8d8625e52fe11 +IN: 14002f17e056d7f5524537cee6c2061e2741c01a6f9a82e2cb1747887875860d51bebf8d9b63950a051f6b228ad7567227f8a45b9fa7c4ab47eab410125303defa7e3141bd9bc5bf4ed56550801ff3bfc2dfaaf499c192b1e18879b2f59e1230778132818df8f6ad8a3dce9a1d11c98075b8b4e560edd9b5ea180f0424ab3706 +AD: a35e86e22e9a3df65e4c08e5175b4216fa9895a1be6252de911cf98349841494617eefaa007759dad7f337 +CT: 99eae989435578cb57715a7457da31b807b8078a59c2332a0a866eee9da5188baed3f517b6808095f0067e9b4b91cc1424a464f0a09fc946adbe4135a17b0e8e545d2046f81cdfdb233aa3520797319c0884ccbade8235c32d195e7b802017f88ddd86fb630de19eb97f4bf91029c001fc8f1cd2189a8ee6c120e9f1682a8703 +TAG: 1848f0b163e7b0d270e2a0ced288ea6525697170aae15038f3dcbb4ea49ef843 + +KEY: ba9aed2bfa90eaed9b27a697bb44c715c0209cae6b2c4ddffc684bcf07ab51b0e096dbcfa26c18fc24b63408317da567 +NONCE: 4b850d6bfa64520f1aa1e79e +IN: 5bcc2ea4d729c84340c5ceb827f239578971c595e915f0bd9d49ed51d723f8d0e8362e69fd11466230bda0dad57ad724307edcc621ebde1e57fa91fee206d81d2bb6ead94b4a804f74b6cae979f66bdfa4ad93d107ccf114c59cd3d261aa6e2fc0dfbd0df5f7c18e80d0699cc1712abbefab5029e35549d2919d0f937d444051 +AD: f80c759062e9ed0ee597406aedbcda9a14261d66a9546f1c939d20cb1d0d0974fe7a9b33d8c93287a6a8d60a +CT: dae4fc873d302c51e55910e67482bb80ac68e9bc6ef77cb3e57a31d85fe75f9071d0b64026ba16d0b68fa9c0b7e958cf7682bcd329c4174ea0e3f3f9d2e65d82aae1350a53ea7cdcf9ab848b85cd731751f0e2917628e5066f5b1ddebc7dbda5d2d37e46a7a7ee62bb49c4431af730f9cd3da4c1d0e5f8593d8c99803f781bee +TAG: 58b42e9117fc8cc2ba5cff74b0d92e8b381a444fa837018b15e9514fc4319fb4 + +KEY: 37235623acb0d650f905f106dc3bfe6fd83192e53056de8795ed8d20c6e58e5efd84584007ecb17de9e76b392e12fcd7 +NONCE: dc441f1c743a92c4b975c6b6 +IN: 960ceb8d80774bd88b7c5f17042ad2e4baac71b4021c548458cffcd9a049291cb0df93076c115b54f9af878745acebc6e8f04666d053b1ed980728043c4fe7f67b2bcb0341d8a4973ed126342f9add14279f8402cbbffcecfc847379dca8a68ba4f2f26141acfca7f3ef558dbaf04629f0f46e43246b19d875be452f14e7bf56 +AD: 32579218062560f15ff966932838460f99099782e79f1f8c41cd9f6eb59b4c2c3d2dae9cd199fe66d74c7a9940 +CT: 49ad8e24a31e90ab1f8dc37dc51dff0f93f1420e79eb108f90f800274a5aa573f64e274cd52f1dbfdee363e4f86e1457bfb8f87ce57aefd34c3a5a3a93db4ebde3f73a3b4c202c993903ab378ae71042ad238e94f400c7ac1891a9890b19d445eb1db60773a3ea165f7c4b2bb2071faaf588daebac7ce09ebfc88f4d9232d9ca +TAG: 82f908b837a5768598982f860ecea16aee84427371c4de1f1314749b70ffc173 + +KEY: e7fc36c9fe87a38f9bb4ca67723267e80e16bf39740eb1090234a473d68aed9c96fe2f96e539795eb042276aec5d7505 +NONCE: 83d768746d40dcd695e49ff4 +IN: e61f0e02a70249b62ec9a8fdbaf6622c9c6316599daff421f1b19815707b67587d196b7e1452c7d7609f108ea946675ac5d97ed215b92a451aa6a11717ab7819f84848151007f37e2cdc8aa99969c3d5652aeeb65fc21b621865f47f44eb2c528ee1142d11f513761a6bb2d169126503db5b263a410cadd2773ff931a032a885 +AD: 59114e9f21b380ae6068609ac36688e6aa7c2533cbfe07013ad1b6663bfa42e39f20e62b45c0faa256c1d33caa9f59b1e30d8502bb7148d051451b3d0265cb9fd0d82e4f4e0489ac606956762d8e7b70abd7eca413ddb708f119c342b3d0d5df673769d8df281656d909b68b6f6438edd60339fd84ff69918b6036ad12a0a588 +CT: 4f12807736c9ab32a2be2e00c9a0236394a8bcfcec6037e7582af462a73bf10aa73bd90e2bc24b97f7001ccf653574aea294bc7b30b77540f475e0e846ab78ffcfa1fef28058e540fea43d9017d4efa05c837611b2eacf0034f26cb7903eff7874973c6da7843892bfc676170a75f839e297dc7f04c74b40f4bda20a45b2a352 +TAG: 9b05aab44ba4d1451f14e087be626232ed11c4ed04081f0d4d47ab593fc619b1 + diff --git a/src/crypto/cipher/test/aes_256_ctr_hmac_sha256.txt b/src/crypto/cipher/test/aes_256_ctr_hmac_sha256.txt new file mode 100644 index 0000000..2a72e1c --- /dev/null +++ b/src/crypto/cipher/test/aes_256_ctr_hmac_sha256.txt @@ -0,0 +1,336 @@ +KEY: a5060fecb0a738d8ff6dd50009a757c6e58db73228534d03f32c26baa1c209f402c3e03a6947c1d9421d63ce43f6df26d30ce783f5ed0d6b88edd389d9f92d8d +NONCE: b52227e92203630a79ec7f5c +IN: +AD: +CT: +TAG: e61a28f5df7061b4236834d2034d2b62cb63c660b7de696c26b345e66b34d222 + +KEY: d676047046bd5be9263ae39caaa0f688abb1bc67c083658894da6aeeff80b6d58ffc7ca1a1c88f49e629bf5544b2cc7669367202b158fce83fc4a4826dd90a7c +NONCE: eabef87a00fd99ebb6ed6d25 +IN: +AD: 83 +CT: +TAG: 473cf728899cd5fdd54f18d6f934c3901f7ca118fc5ab2cbb837feefa7852a67 + +KEY: 5eaef3b8e068fbb652bd37df4dfad6490095642cd49761a35476dffc2b5b5f75236d0351d96a9028660788893323a777ea8a2ac88bb5e500b334af02b1c2a648 +NONCE: 34d049342b9db5ffa039eac0 +IN: +AD: 7578949699d44dec9188a7f7e14b0a23637cddb9107dbb1f8e2a968aad0443356d7eeceff4316ba7b2e8fe +CT: +TAG: 4d2612c21357638bada9290d2a272f10fb5f070337bf87bae396a1e7253633ae + +KEY: eb7b3d7eeb5f26010915a36837dc83da2bad07eba714566584bf1ce62fa9b61210b0ead7182bc28c8f0427699bf04786583fa32f3c3a8a6582cdc254930043bc +NONCE: 3bee5ebcdfc72f4ab0023211 +IN: +AD: efecb57e79a326c6b2ce0ae74d7656992a005fbb8da5a55b9595fc5348a5489ee2e69541ec0e8a727a560625 +CT: +TAG: f457db1e274adabe5fc898fb1eb7c4a5a8e9a2b66f964d0958aa058c1f9e15ba + +KEY: 1c1abffa8a2667a8c1ab347860528162d316d58e3966050dc140fd360e6ff7c557520a8982aae97c5db5495d8951eaa485e1cac4cd8f448a13d071d759885474 +NONCE: 4fdce4e59bfdf5d9b57c78e9 +IN: +AD: 55125cefc919379b3b4b2a24ee1794f44ac66fd99b8b68f98d4abd45ba50a5b76e5375d08abe3b8b8d3c576bc8 +CT: +TAG: c021d2c73737e54ac6e7f61f9bb44818e5bdbf8d81d43842fd25a535790fafba + +KEY: 366cf53bc185473acf62610b74231e53aace84e9c5d6fbf71fc24db4f42956065d3eec01ecc72a6c89266565ff530075f4532c860e3192e866b41aee98c5c42a +NONCE: 9ff54bd7b10f4fdfd8db76c7 +IN: +AD: 853ef59ae873bf0bfe1465e9dd8c2cddfcf123d213ba4f599d984e4ea69d3c85a23508ec7941ca740a9157ca2a788e9b519291240b307d6c5a8c6860a96b4be698659d19e31ab0ac7ae6ba31dcd609c1db67ad580fe4422e42d368c3e93a56f2a087b0d587188462310c2ebe58ecfcf7178412223808eeb2eda76446168730fe +CT: +TAG: 12d869dc4bd4ac4ce9ed643cccda9e11a1ade65c76f7c1535fa4ec2bcc5eb4c3 + +KEY: 147b41369bed390f0a9561586fd975474e3b3bbf7f7ebb7a35e5cc43b516c044dce93e154ac790a109709ac5299bb17b709a913d33fd57ebfef2b48ed66393b3 +NONCE: 85b81732d2863b41d2551763 +IN: 73 +AD: +CT: bc +TAG: 47fd81f6eed8d3c66afe06d788ffe40717847785f4b4c617d75a11171690a60c + +KEY: 9bf35c1194659c1da634eab6707c55b853c8f61d087187162e926adbae02f8bd4d15bae5b05865d0e2236d64715fc39f32e4e3679a0309396c37eab13d1c637b +NONCE: 8da14a98ee741a5fce0de732 +IN: 10 +AD: 8e +CT: 17 +TAG: b76af41002a946af4947f98f42a873b7da0871f482990a70bda8f005274ca179 + +KEY: 0befac10caec674c9f23676d121f065dbcc8c91852dd5eb4e80c41076995a2138077592fec665954d21fd6787234d32d3d54bf9c220cf2bf018b374bde29926e +NONCE: a96bfb49f3a136840a0e32ff +IN: 59 +AD: 236adab55e1bb8a8db384c01bb2afd30ff35da71f955fb217b8305a45ee075e7f8d863d4c0e5dbe36e297c +CT: ac +TAG: 7bb634357e0835b02a0642352a834ff6598c2ded1af8e8ab60b9ef0641fe863d + +KEY: acc672aecf6f10119ee77070abbc2b4fade7e910efd1f93a5716161f88606469a49df05b40332b390d3ac289abfdf6bf7c37c033b1671082922d939139de0d42 +NONCE: af0f57b55f1a73794b3ce5cc +IN: ee +AD: f385a50ef027e532635878a4df0deb23369774be47c42f17cbd44925b668f628338ea5f8256c5ad8219c13cf +CT: 71 +TAG: 13a5296075ef23216c2f2e83b940d24e8e1e6a01967af96599360f11499ac0a6 + +KEY: 6195ef5ce3ee01188c48b04ce7a28b3ddd04b78711a6d1233121fc8ec3db3a7a0e496d1b6a416675b1e666b9a3df167efb8ade29e4f22fc77111f32ba8bd1ec2 +NONCE: 092070b2f8b65fcfe646f6bc +IN: 26 +AD: 98526dba4437d88f657c0b7ce2a2be44ef4951711a40747a7d14b195e4c0eae97247256bba7dbd93d6a8f738c1 +CT: 83 +TAG: b6aad3f91a26a38245031d6a7eb97be0d386939d4536b2a27c90a2ddb891de73 + +KEY: 40335487f9958dfc00b76ff06dfec162ae5c6be4e26918bd12e3f21760cb0bd364521a11f5bfae11dee989627525ab5295ee404bce476c280d13d238dea1bd40 +NONCE: ecf77c7c827a34efd8cdf79d +IN: 34 +AD: f6e661254bf235c7d5b8ee330cb754087480dec5fe4c31dee65d1ab4479642101404bb563522937fb2e41d3aa8a4d269a222e6e0bcfd07ec4b29c1185f99fff7cb5bd2ca8c5b38742270e586c8db19138b446833f2ee07a11dae5b6a1a4c28657f3380e84bffe1bafeccad57d9cfea3da7f728119ec5bb18b79e002954f4379c +CT: 5c +TAG: f3420d4cecae2c1ad79d977abbe408045bd87525c0da2b93e0af3e6c53ba7d74 + +KEY: bf32ef44c7ca9851f397e70df736d7e0e6243cfd875ebb81d76ad7612dbcfd084cab6b0d67c6a6e8b567c93fd0c3abb78ae121fdb3051a62ccfa045692d3453c +NONCE: 46e0cc64d6e431c1efc2bd2d +IN: 959348a8ad6912d7d6c8eae52f19b1 +AD: +CT: 55e8cb6fd958f18b3c19451c5c79a7 +TAG: af09194071cb0ed4488d27e79700f938ce77386e5d772f9853b17b719f2b1ebc + +KEY: a6b5b8b051edf5cea0353ead88ea887fab048ef32f8303275e93d8f926da0d4b0e34b9447cf44fa70c24c9ab964380065398336bbb20be167fc6cd5e591ef50e +NONCE: 371363612c4675a2e59ebd39 +IN: 443d16621b0cf9a12552216f9558ca +AD: 32 +CT: b7f432eeda8e4b8a25f0445f17ca7c +TAG: 649934922826febab4d59dfb52a7558e6d30d56e273602b98f3c55fd8e24f4da + +KEY: 075b75434269a3fcc57922ee8cc55b5bbe1b90516a3b71838ade73d41ed1d1f33ae1e0e86f88f6ed7e091cae3ccb05144b3ef239831554d6e79ff97c4d8f150e +NONCE: 754d5c4ccbfb291133859de3 +IN: 62a151add825077c59459fbf82b708 +AD: c8db27487de71124a95eb6359270a8363908159200333b46ee74e2709b308878779686bd43c24e9ecabfc3 +CT: 2ffb9a9f65c9fe3daad13768ab56bf +TAG: 4430a90fed7d4b5b2adf5a60d6854956be4feef497781ac7d864a04259e99516 + +KEY: e787fdeca1095f2f2760a1c5e0f302e07d6b08de39ce31fe6a0db2f76e4626eb0968768ae04d37082c114573c307699707630b8c7ceef60abe3b7831d2adcd6e +NONCE: 9dc9bcfe8b4e2ea059e349bb +IN: 3ad57105144e544f95b82d485f80bb +AD: 96bce5dcaf4a90f6638a7e30cfd840a1e8dbc60cb70ab9592803f8799f909cafe71a83c2d884e1e289cc61e7 +CT: e504109cdbf57b0e8a87080379e00d +TAG: 1798a64b5261761ecd88f36eaf7f86ed3db62100aed20dc6e337bc93c459487e + +KEY: b43ab650bdd201cf05e0436afe89ac54867383f04c5ed2faea5db8e6784c720d905234f1f5443c550ca14edd8d697fa2d9e288aa58c9a337b30e6d41cfa56545 +NONCE: 4e3dd3efe527902b9de45a5f +IN: e386663e249b241fb8249cfec33ac2 +AD: 3cf7a396e1bd034ea77a54ffca789f206f94263d90d98bf3e69cb42205fc5c95cfbd0481b0ec490ea447299159 +CT: 94aacf00092723e778d25ba78e9d27 +TAG: bd5fcf90b9532e7abfa858aed90d5170f08edcdd28ff2c673e0ab45b8c0a0f39 + +KEY: b22a7c5bb38715025cd59cc0feed9ad8e51101200000168052b294fb1ead545a517dee636a7acd22b8283afb33d30adbe02c1c8557715eea7147f3d98a97cbb9 +NONCE: 3b4244c9ad9fedd3f10fdf7a +IN: da79e1ed131856cec3250fde7bda4b +AD: 4b77472ade3f06500169405b86a793d63cfa58f57bde0dd706f369b391142c2fa8a3e6345ccf0a9c29b2182f578e22f55c576f155a05be5e81997fbe06410034ecddd871e5ed94b5eeffc6dbd90a8e66449da01f8ef47d28a4a4bd253ffc427f868867c73b5c709b01732bd8035b1a23ff0a903def1eb136fc90d8b3c8279769 +CT: 5d8ad7abc047bfdf9d9cd0b0aaa53e +TAG: 41d050d518d0e51ce16bc2920aa6c76eb8eabd4ed76373c59618c6354885f47a + +KEY: 04b3fd8126d65f851f47b3dea22cd6e32506f21effaa3e29820ac7825e01b51c5a2816f0298154f2d8addefa2fdc34c0635d4d6b80ad23eb320c4d4f2aa1de1c +NONCE: fae1b1da40471dbdcec64d4e +IN: 509f116ef7435b0640cf141d5b958aaf +AD: +CT: ecf553eba80e6dd1fae2eab24d772a89 +TAG: 11473566e80cff5d7421f65949c34301f34de378e91ad50928cf2caeadc466d4 + +KEY: 413d154dadc7d8869e9e0f24b3320019a04b7a37620dd9e7aa40b5c08d70dea03c12ccf7faad7009e972680e81544b647650c6ff033f56e5bcdac9a35bd7f804 +NONCE: 6a4404adae3f4a7bd2bef95c +IN: 3539fe02b75981fad4f8762772b3c11f +AD: eb +CT: 3f8a96905609a4ef1a95fdb87337503d +TAG: 8ee076fd624d90e1f6336a92165e80408ca6f0e165b201547d351177c95e8d51 + +KEY: ddc10df673e720c00f28fdfb69f1b8fba99696f23b6f29704a0114444cc0c8a6c8606e8d37fa95aabfd65b29c655678fcec50966c8758a3fb15332a1854a8eac +NONCE: 06331613842b4af86c13f8a2 +IN: 55d74bcfc3d1cfc716c6e6b7153c6369 +AD: acc264344ae79959f9dd5130664273ba6f345c3fc7bc33c6c1ce33312bfbd5f181a3c7a24f15e7acf72ccf +CT: 20650d9e846eb42854692d438b21d5e8 +TAG: 973857523e7ff600cf9bcfcc98403b34ab38d939a6d76716beac42678ca5f5bd + +KEY: be0c884db54cf761fc24ff3dd572362910dedacece5e1d93a916df277f923f78e7dcd908e60beb0043503c5b4877a9d962a7de37cacc7387a7553949b52894ec +NONCE: 3f027a93e2716668c7634195 +IN: 1ba8f3a87ac6738167aac1491b602ddd +AD: d06dd1b9360a68afa3de5d239b6d91d212c5c555567545a4f133bf5a3b0f26addb9379e1cc1cd690cd427c57 +CT: 3596cc50ae72db932dd83bbc8661641d +TAG: 44a1834b1587d0f88e34137dcebbca059dfb8f65ddab18f338a8a30152167be0 + +KEY: 2ee848726730c64332877a4f88ad7fb241a73b71fbee8eeb4d9d6485855ea32b487e03968e1a7b9e8ac8ab7fbd84257efbce0aa207aeefa67302d5847e0d9c05 +NONCE: 526b0a79b6359d133ad51011 +IN: a0c0477e8a9ebfd275b674ed33230d42 +AD: ded2f0f3f28aea28b17aa58d4b906c6a9b3078f97ffe95b7e161b0c3dbf66879bea7603a046da4945c802ac8b3 +CT: b1691c8275f12f7d9af85e71dde9dd5d +TAG: 65a5742dcbc49295c4805387e0a15f986ae47e51add9389dfabb6468a6e83013 + +KEY: f4a7c0e29ff510c034778e47bb30a468a92140a707936d381b1554d421af107c578e74c53ea08c7f7d93cf67612061359ae458408a9c79250f776ca4192016c0 +NONCE: 025bc10dc99346c4d0766a7d +IN: d449a2e812429beb5c466d344f5b5eec +AD: 304dbf9a59bfd33b777d8dec9dddce4c365e72aed851210eb964c1da18119bd13248266a67408e88ac2eadfc54def0fb57f23743d376b11293377565d253d2bffe0309f2946cb78d4e9536dde4691fe1eef9ce2dc916a773d06b42fe2b014e7974d4aeffce25a0902c9b44265e5d6d26809b5f24875e80cc13f1f8872b04a237 +CT: f366e7b66683f52586e1c363c15b7fb1 +TAG: e0e1bb733471f150ddce1b83f3fc2d88589d286ca052574b7f0735bb598362d2 + +KEY: eb78ea626b219e12937057155884547cb7578718f569dc8f2b370c0fea80e7f0d0f5cb590f0b7341d20c775bcd6a3c818e23b6cea949cf99eb94a23a81cd2249 +NONCE: 75a10f16d429b809cf12b9ef +IN: 6b0203316e8108ff01b12df91ba6644382 +AD: +CT: 7ee07054f76471115be159259340c24391 +TAG: ab970669d1603767d588a93cf215673ad307244f9179f46fca56e97f64a5fbac + +KEY: 3221167926be262b7bd0591f56be6bf030365d45ab84a93a94ea41a5e07735b17245ad43787e8791e7ceaa0472b562ed17e3b609c66c868c9b08304c8bb328b1 +NONCE: a94d8417d2bb0323bcfd354d +IN: cec81bac7b85c441b6261163d67921eb49 +AD: dd +CT: ddd8860fa9e2e8087db30c9da1ec9f9487 +TAG: 26a3b9bc4d4cd802cc22e7647a19fc2a5092293c9f5b1c84bdab7245a6d8f4ab + +KEY: 4b16e2d62294f76cd2a6c8e0928279d9de40f0b169ef9465738cbfa064c520128ee89cf657da27e4e532d8c4709d992970bfc9daab2f31b3a67e53200d3d6710 +NONCE: e746d498b9031007332447f7 +IN: 16841e3fc1f53990d33f7ba525dab121a0 +AD: a785917bc9f3aaadfd170abe83bb30c0c5d595fc8b491d983131aeab1a7b8d8771f1a963c251976152dd63 +CT: 6bcf5eac15ef74cb8a706856f62eb5e8c7 +TAG: 9dc84b06e8ec8921be4bc7762e8cebb61a95ac5660022520f9438e8f77b45796 + +KEY: ff2f5944111226df1d9a300533d3e871694fe15a418b2090265cd8c0111b249dfb7ee86bd9228f7ea5d89d8afcf10bf69942ee4c29bfa8409b63c00c2213629e +NONCE: 477060f0c61555873bbeb225 +IN: f091891c43e2374c2755a88a11b04beb4a +AD: f1323fd1ac4de9719dc5966dae45dd7b8ddbee3f8da4f4f4d5f25d06bdb8ebf57328dde76d0bdb9bdc5f6b12 +CT: e0d96f6f3ed0493a289d4c3b79238b9ed6 +TAG: 71276c05b52bab0063108dbf4e8ff57cf3e15079055a309d725f14bb86671ce1 + +KEY: 1ce841bcf2ad8accc458a2d94774c3aa53a99e7dbec587376212101303ca2b42272a23fe28514be190b82e503e7772a3713800f4360fdb767e85ea5e1f7b8eca +NONCE: a2f8afc5ceb5382882907630 +IN: 620fece1e843d1d0b5c5a541a6f615a81d +AD: ded910647464d0fbb0a5d93ffb9839de3360c675179c5991ad3470285d79071436025111153628c563ad1b595e +CT: 34431c3422e009373c50f3ee6c5b3fcc2d +TAG: 6e4e8a3967307f47e233a36ce05a4826a698fada2ac19543bab7c9ac4f79451b + +KEY: 6bafd28a32690851fda667eb2d3c5993f13df52b2e97630527f26c498fd5019f26177a78f27c0c41616d2a4a73757fcaf9cd92a7da8498f90315d41e7479d90a +NONCE: 75166c506c8e1d10da4da8b9 +IN: 697bea4d6eed5e6ed243cf01cc79bfd3a5 +AD: c0fa663961c3f7e09a8c7bc73e252a232977dd6c9483f02067b34fe695f341d05338ea2002952439ce08295ee5c12f38dafffeb5716908d3f1d4bfbf9eb0e4077bf8e534f19568ed04fca3bbff95da9088cb939f7a20cc97cc0994f9308e184219bf12c8af0d66df436c296ad39832d661b88c98cbb168c751719ac1383c9124 +CT: 8f37885b9602725385fd9a244ab2a156ea +TAG: 7fa5cedd330887900f4a44d098e04d5eca16cf94e21f897fa54b0fc116b711b6 + +KEY: 815786c7744d15afe1d6ab452cb6696fead8b88269ba3eb35c458f6248bad77b404acc744ebb74612c4f97deaccb99a7bcc6ad41917d61057c05b30c581dc4a0 +NONCE: 12342e4704f02336ebfc91df +IN: 7f15e696b49ae5104ced5bebbf58a9d8ddcfaf46ddce9df88fe0d58a2f8546feeb83b975c66e4dafddb7fd9d17e80127e70af06b3b8b13c3390f1f50a227e7 +AD: +CT: 22e7c5d54a7b622c47a9edb77cfe7c094e500b0ef9595bc346de736e0088e5934dc07160aea34f24d3ab21440878213d28059551cbfdaa418af40d344674f7 +TAG: 8c271ea5c15aa771c900388267efb2f435f001c2e83f4ec297e77c608de2d579 + +KEY: 66d87d2b18e46257476456a1f87123424477decf196b88b09acfd3ca74bdebef4c98f1b93803098a141e0acc3ce8eede065417a0c1eda9b4614558d2383762b6 +NONCE: 1ec0ca1d3b09ef186ac4bb1a +IN: cbb59e14098c2a8ab7e84ace913515c74e056e0fb272c7b88d0dddfb62e395afb695647d97d1071eb09cc1e1776b609fceaf4e30e92640379bb8f0e762ca9c +AD: ec +CT: 832804b8003b0ca1b4eff1dc4da6f6a9649e5a582854bb72cd74357476bf38d81ea3bc8ac0463f21fe37683bcbe07360d0ec2d7ab90b588adf669099303ac1 +TAG: 9fecafc768fca71ffe7d640dbb7a052d97d6c8e2fc86001d71feaf284ab609f0 + +KEY: fbff97085351f4500e73190ac139dd3ac91e268042b5926b57e0394c750b10348b47641d195d5fb5b0846256ab229f102538b81e209db5d93b4d55f30c453d9c +NONCE: d4868c918de2af7d3e3f57d3 +IN: 4f14aa5a680d66ae15ce0ce4739888f64d827def862572f9a6cd620badbe4ee9d75f4f9bc1f73d409f519a657f53a50d50e68e22f33a8ef5aa08b1212889e5 +AD: c41253e96696a948ce500030af27086842aacb79c04cc02a42b858a65c630065a5292bb9b2e69ea5fe5a7a +CT: 08596ac0550574e352edc13d7e390d8fd0a57406dd61e1543066b4aa0ea06670f356e26ada0d6c61c1e41de1b4fd7a251c961fae44b23523ce227eec99a338 +TAG: 72f58de3e6697c8419ef518748fe0bb3cb930907c71b6d682c5e61068206d991 + +KEY: c78c550aba82b571d39ce21d6ecf5e5f7c2a7bf921c6162c64ec1fdff4d0b8c41bfcea0e2486cc86b9ed9e9ceb73c4ec228a2ecbcfa0379174e76475cc21ae31 +NONCE: b5adf4de19980a71cb8ae8e6 +IN: 3d5e43ce95ff9d7f797f27b904c07291a35678fe76a9c57f0c0cba724f38acbb22c6c185db864a2a17b7ef2d67a04810ee5a45fd5a4e28a15a1ae16971451d +AD: b5eeb9a18d436ada7bd5601944784f50fb0a989397b5c781a2cdf29337315dc7664f3c1cbf17f37fd0cc8b30 +CT: f91f1f20d06ad4480ff233480228994cfa052f9bf3038d06d997d31eb68bffa4960341b93eb5ed2260341e6816519c47bf231db2a41ad8a9719f4de6a33de5 +TAG: 6e5eabda421961e26dc17a7e1f750425235df4eaf9a97934c1e1b4439fc22791 + +KEY: 17b90dec44546d9dbc489e55a01f2cc64452a9b0e50506a8ad7c81bc6fb21328285cafed901a7204048866ff3bd543003fdcbeb3e9e2f3d580f9062362879633 +NONCE: f0c0cb247d210031f9b233bc +IN: 75b9b524cbfd1287259da116f536aff56112a406f069aa08f545b5372d45b66d7a5d05e02728c4bc2c779609dfe251386f78c5f48b9dad90b363d324826cd6 +AD: 8a604a9b06ad595ce0b9ad1644a596c7d3cde81490abc80840c764c40d6df08fc71d1e8196eae0802f8c8dfc24 +CT: 23ad62a668f942e613c3b5a7828142048f1f6a67f7f0e0cc8bf3fffb2d1dd967da472d080353dc9c23b900a566f20afb850e4a47688ee507faa6178fef2afd +TAG: e9e82d3221f964d9e6c09d761afa3f05d1316d39c82618a82dafa23607bb40a3 + +KEY: d5c09fe24201fcc3ad4c9a9c4b759345f643e930301c3714f62c8dd4974bb15a026b217ac637b4f0e8d6ef40f36be967c50aaea83b2e72df18eeb9576865f1d8 +NONCE: 9cfa0df1fe0910b33ee9849d +IN: bfeb3d86ce3f4c5ccd0c3945e1da0e75dd057aa5b4e1f070593394f4a0227abedac0b77478e04d498506245b162e909cb711d8b875d33f9c4578e80a0e2113 +AD: b874a8523799554436a1174ab124677dc2ae2042a436c85065c50d5b5e7519623379ffed9a9c2b84b9626214b13c1806b65a432ba79066ff28ed94d17628f5ff84618593954389181e997ebd245d31f520539e250b31c86b99992983820f79e74aeaacb3a95e690e2841aba5a384d0333ebaa5d1fde06b4b8e3e1cabc6639459 +CT: afa649ea47db94936f89612ece681bb175664a97aa6faae5745f49ac9fcbfd4287b73cb58e8d8aa12eccf309182f075098f339db697fc60540481dad0cd82e +TAG: 9909335130df0326650823de5a4f5b6f45e6941a6a72ceaf80ef32fe67363944 + +KEY: a13c4654606f532a8df47c367dab1b214166e4f7188c20560831ac30ba5e58d316d29764e4c716ec0126657c926ba2e4541da062447228ae61340a951101b4a0 +NONCE: a2df3417ebb86bbb2f954939 +IN: f1954e59a319547d32e81f846e0c79db41c681166b43eb9c10458948606ced50a44df26fad5654a7c25d3fb52539cf25fcc1c11707c4b5aca7910a76e2374740 +AD: +CT: 374726a4691f178a4c0a6f96108ba30c4ca8a30242c14e84380969473879d4a5de580fab4cf6ef6e465560a15028ba78a1a88f9e62322cb698b15ccce6ba83a8 +TAG: 683e5a3e61d9d9c8b170f1d4eaa4f74dcbecb1a4cb1551dc364bbb336d4e4109 + +KEY: 0c1751677a9b7373e0c2ceab2c8e4dab50af22e2230be3187c21ed46069168d173c28a7474d8f7c3cab39401663405aebdcc474ce136e1fff9cfc520bfe17ca6 +NONCE: 38bc2efcd97998de1528b064 +IN: 8a3c6212240bdcb86da98f0e3ab3e9e78f7f61f0627ea088ab283e739a0bed5c360eeed26cea43ec09b4f3556049a1d7f8ef86abfd1118f9c0e34cc6eea4544a +AD: 20 +CT: a1a9f7f4750be3d89fc4f25917f8ffa7dd462ce712ddf61792a01b1840bc8e428000372252f1b41055416a961db3be8fbe774f0a0a71a82e79e74927522703a0 +TAG: ae24708df0d5893a902765f6c6c2eebae0c11312936cd415bf4a74bb8498a367 + +KEY: 154c21eb43d8d556e5f782ddd64d577ac8066fa172c2936fc2b2e875aa437f941819d9ecfaefa2e388fdeea81a0ece8dcb7647f2c68da48884aeb1315b577c09 +NONCE: e14d1bd8681373d41702a762 +IN: a2c880fcda87d9d4681a735a6790d93a1c9c68e55b87d5f7b3146665a6b2051398eb9895e1f5d522841668b9915633aa8cb40048c619baf6d63ca2da486cdeb8 +AD: b0b725cf634349ce1d3ac49d48313a09697efd9996cc5afd06b1d0817181d0374db05825dc2f08207bfb3b +CT: 1cc0db5980863df7a40c78e323a78be6c6d556d4e3b5f930d8d0f2c6a10c6477e31c000d3f0563b46e1a4aa566a4ef4b433e17e94c43338b51a7a3f862739b6e +TAG: fe005424112de2a5ca6e68ada40984df1ae5ac666cf5fee19e9a0f203dd69f52 + +KEY: c34482341724ee431b5272ee2964b245d7657778f7927cad4b5a1bc30a176b1eb88a83ac9faf58215a72855edf94f8e86fade58c5b5907994bb8381c9f21b753 +NONCE: 4934d9afc32fc7e2d8851594 +IN: aa3d32adc47b0b84d1b038ddcaeb007a7d5c96cc06a943eba5da6d0d367625330556e67da099c84086b3f46bb4b72986e076eb426913e415cd20bee34e434bd0 +AD: 076a7bc587b306f3da3ba88e66a55cb8125bbf8aa000dda266e950f381e35ac938ac86f8a15a83022a25f28b +CT: cf017d87da8927e42c1f10fd3d73cf483bae43f4e110363159a9fbb7cba363930a0364cd42a5de2c70171edc4caf15bfc7238f7087bf1402b32c7bdb1f493393 +TAG: 3961efea656aab1b83082522b801fafdae346f7d4be70db1981283f323e5b5dd + +KEY: 363e10d8b3fe349014d6222761bba7af86545dcd1812fe2e5ada564c5008f8ea1850f374208e87362afa135f20f9e79dd0ad32f86448263416086d3afc5d37c0 +NONCE: cc545928edd3b21c0e8bc0f1 +IN: b68e3a54d17dab6eb41b03de2df14e792201d78a9c1cbf341da421da82b026ff471d4305ede5c6baae162a098c73da5cab93f30d6d540b4eaa0ee772448dade8 +AD: e21498edf4e25ada2dd6a382eceaf737623e501db34f5c5bd5c963f45818b146a6e45aa92db2a2069e55d46a4c +CT: e4920c1fddb5dfed2268781fbb17e9ad2ea88bf2a0f116fbb7b309b25a5b9f989e1abc334999ab175b65f87e874d8ba80792044b458dc27d2b24c989d24385e1 +TAG: f0dcfa064cdf042e0b9a0443d634c38695dd09b99dadc647195fc2ad53dde547 + +KEY: ae93f58aefa94e4e0622f2e962529fd2efdab840fd0bce62e163ca0fb004ec3b22e246073614203d9b63fe2842ef5903ed08b3e52abf7ea18acbe16fa8f66368 +NONCE: c9ac237c87270f2d88b91b64 +IN: a75f49778a6c03b0f8915f5d09efe99c5f4e9cd928713882e6b9b78bab3541812db41792b893c7e2259debc6c660ce708851912a5b9eaf91416d86b5de114ce1 +AD: a4b198a329e9c5bb6d9f31a6415811eb33c79422b0db130b78d788c38c0b9a5122688cbc50fea811afa20789465f9ee4362336cc3701ece701179af96eb7c86d5a00ed8582f24364393287d5dbc3e83a82b7a585cee5b152b5da40aa45ccd46dc841004778998c7efe9eb43c9762d1c8581eee64e18c5a961bda5aafdd5cfec8 +CT: 453fad9395106a703ccbfe811bf775f1827ea960c71d79242d2ea0e3e31b14baa76eb6d107dfc6e484f4e5146f8cad5b389e4c0fa18260c96a193edbc8091a36 +TAG: b67082c21557b31392a9821fbce4b93706f96856d2581c92e7fb65dd2166624f + +KEY: a145adafac46280e1cee8696903c5f3866540f27f17a519637373d95dca4ac5ac0bfd85ca6e1f8df8ae3fcfc9158421581669db52c20a3e19c5d251952f63218 +NONCE: 90bd43611f235ff225b23208 +IN: cbe5f3a5b7a94b8665cac1a4d173a225679e1a3926d8596b5adc0ef4fd00f7d93a432ff141cc04f877be60b6a17fff40ac845a91bcee3b483862f67d9a76ef498ce5e49c361bfc018e401aff47b397e96b2982d4fdcd043ca09905be9634e83dc22a667c955bc992ec96ca1b76f73631767f64fc7151284d5aa81c1aa42eb3aa +AD: +CT: 604f718dbce17dfca1fc5e0f400151cb65bea9d7d8f26d56687a76a23f89201aab01ef928006d15493f5b1501bb99c517cf123acd956ab575e687298488a88d5739c266e67ca6a20a5dbe5f5f27ac778816f04e7b1764cb716477f3aa01482cb6b25fe034ab5d942013164aa124608cacf13d6cc9487446cfba54315fc6bfc42 +TAG: 8e3e1a01945bfd9e1aa4eff1cdd0a6da6d8fdd5446e6d732a673effe8e44d76a + +KEY: 63ac8e2561341587bc066c87cd23f7f33e6023bdc1521a91d6ce63d3ab213825d95d674928b56da1741aad8e85a8b703239ad74e0304ad555eeadebf4ae30aa6 +NONCE: 4f3073c3b780ebb146e136c7 +IN: 7f9a05b1aead29b4d5361c2606e5db8a48122858842679cd46f8386ef9359f998cd2c6c266791429624ff634a160d08faf1523b650c30b2fcd71517da5f377000251ef23cfd2510a0630215ad45fa6d2313f9add040a07df8259b82d3f29cf1ab8477cd114c9ee579d3e2ce60c5da2f3375b68b4d6e0913d39dac9399c00bd32 +AD: 22 +CT: d4ed811c8db932348e0c311e9278ef22f22cec8af88b3ac0cef77f13bbd9b8cca037c1ea87590a0ce3f3e7b3ffe1dcc4c7cd9e721baa5f126a3e0afb26dcfa02bf44428846c0f1e07ba0e026c23a39877de1e69e16a2766ff4fa3d4e8d3a97ba28f407f459ae3520dd840e8f9e149ea582048dc6e3d0227bd86a9c26ddd59895 +TAG: 0abc9111229bcb725953d139a2dcb1aa0cb9d3d6c01ef4733482dc5edcc88958 + +KEY: 355454fbe12f125edbc13550a7494f37efbe12b843058d29f892e1524289c2868ef0050a75a232d3083c381289e4950e352d68d64bf05f0608d694763c36641c +NONCE: 0a344bb3da1c4260f2daf256 +IN: 362e97f8ef09f30e5db2f21d40568d347d9bc42d4c94a563484b12eb109886ccfd2c61c40dfe93eb836bb6aa4f828e77c137485da2df494cbeb6a9a0192c3777b4d7a927fba11a8eaf604b85a81ac4719ce8b595a74656286fd0b80d1ad3f3393e6038b258af97af9a77f6760d486d9caf5a451ba26dee51bda0f76d75bfc26e +AD: c7c2e8196f37185b44515480d5d9451d79d07df4c1256bff6382f942727ce9b3a4f81ae964d8af2cd9f638 +CT: 32a67922947fd6b1c1bfaf3e1d41397173b97095e55307cae1c574daca275778d4aa4313fb1fe5b3997ff18800903ce044c7d0976abbb03b6cc1f7498d8b56d00672bd74f7cb152b677c632ef7a6f6fc13e95e82b6e35d663eb47f27c229c81174fd7c62c94c414e47216af2580fe822643e54907af77ae18e903fe856a02173 +TAG: 72d0fe5baee8090c5f8e79890b77f6d72a4213a7d1a81e0d1f1c9e6731e44d54 + +KEY: 664478c9d30d2cbc39351ec3b3494f3edb81e32e48bd4ef05969da07e770e4181a9ada3b2f83b46f40fc2d9ad35fd8ee6864ff3d70436d6cca3f8e0563cc3b06 +NONCE: 7313df9679181ffad2972a6b +IN: 142f073f2ce443c68822f120b5009e39bea3453017dc04c1b091adfddcb2a7e361c2b79eab1bf0818bc86e9d7964834d3775698b56a11ee07a0c9c03cb7bb895bf1a1dde3975c3662d233052824f1539f58cd6ad5cadb58fecaf2b34935ff711c45a639d642fb8fc3a52929b1296683bb13e67f2cc8ed9090126cdf28a4395c6 +AD: d0d78b94505793af546912f3780699dd72e288c775bfc75da6e306defcd868f6d40c6d6ce34fab9c11574ef5 +CT: cb913e40ea5dfe76beae612e9732d23ce352789987134822b2324db585179bf90d0ee20bee102e93a49a55fc978d19e99ba316cf8d9a10d2f2bcb75da4b135d1fcb8057edc33a180586015d8829a128f8fdc87b72497016c280f54f4d974c2c7e9d32ae137eaa1bcb670be237269fa73c3a0f273da9e70d89600ae7c231fc9d4 +TAG: dcc158c254ff7e131ad854a2158d51c643c281dfd7df342d5481384ab236a685 + +KEY: 409d1b4e1c187c8b1c053e999f2af648583e1045d56d553cce9270d08c5643ef365eb35e3bdeaedcd164b0122ad185e71c75146a9807104d9b65b56d9bc1dc55 +NONCE: 1cce3f08a5aa5824d063a6f2 +IN: a255239e4065f3effe6aa5e88814d516236d016c51cd8eb35af7cee86418966559802f8ff7ac39c6a45acc1f1b18cc28d7cc32ae66dff43289fe44c3a2a72fbadf3a7249d76c1ba9671dfc420ddf513539f2da5f31030f2b6775c57432c2c3486621d841e80dd4894229debc12ef47d74716838f2d807e208f0fdaf733bce76e +AD: 8f34f8b676e71844841c6a7b63fef1ad3061f2449c1044e1a281595da2d9e9fd141aea7350bd8cf9774d375e67 +CT: 969fc2c64261db415e51eee8cc5e0cf5185b8e3325dea516a70e32115a5b72233a44458c40f2daff3594d71e42ca2e3fc1c444ce171d22ef40009d798456613fa4b76beaa6d469e235997a302ac468c8bcfb8ef5de5cda58d7e554a9eab6cb568945dc37f28b0dbd674c083dfbd2e42fda1b42d0c1966e9652a21b32af71e2d5 +TAG: fa0789a83c255412501944a67bdceaff3f01d9a23b0c749be38abc956e2acae6 + +KEY: e6fd8144cdb305bf9e62a2c901764c62902f354409d8c5b9c8cbfc0ba8ac7d0859ff8994e573e46784395d89c355a91a313f601b56e86ed3fd10ba428a5481ce +NONCE: bae080718d3e5c5998542f15 +IN: 2258ffcd6fcf91b1723f8db0047525d61cc8ffc440acf3290690685d16384292493807312b7dfc23ac9d9c3ee1405baab21a3770a05875cfe325268b65fc877463e3208c842ea4a32cf144cc46d57afd91f6b6b5d85fb2dedb0702f0c4e7f742cf4c9b4aec02f07267ec1f7b96a5a3ef25f6c1b4c27bd829e86583e239cd854b +AD: 51ae57749b7757718aef9b9c47da5794659516e7f98bc80e6c18c89253f8617963331f54d4f009f087d1d2bd69a083f3a4b98f2a51ce24ffc6079774f7c7b01638b6131bfccebe21fea67bc839c259a50fcc0a16a69ada3c5adee4097d9e053a03266cb9b4b39ee2a465ec1aa058e61a0b9888b93bfcfd103f91ca3a7b274a10 +CT: 5b2fe8eea3313cc04d5ec75d75d05b3242b6e3b65c6fa1761716780c9529ff8ca523096dd037c5bda27984aa93c702ce9c01c63569a90657cc6373ad5d4473028b7eef69dd79c44c38d0063e8a8b7f1aa2bf6b646711ecd4eea3fa27408e089d9c4c4aceedff29a25baa6a9069eb7eac83a53212c0b387d700547c46cdc525e3 +TAG: 60319de093aec5c0bb8d5f17e950b0f4df0dfd20ad96490f6f12db461b2a4a84 + diff --git a/src/crypto/cipher/test/cipher_test.txt b/src/crypto/cipher/test/cipher_test.txt index b250df3..f3c6d35 100644 --- a/src/crypto/cipher/test/cipher_test.txt +++ b/src/crypto/cipher/test/cipher_test.txt @@ -76,6 +76,43 @@ AES-128-GCM:00000000000000000000000000000000:000000000000000000000000:0000000000 AES-128-GCM:00000000000000000000000000000000:000000000000000000000000:0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0c94da219118e297d7b7ebcbcc9c388f28ade7d85a8ee35616f7124a9d527029195b84d1b96c690ff2f2de30bf2ec89e00253786e126504f0dab90c48a30321de3345e6b0461e7c9e6c6b7afedde83f40::cac45f60e31efd3b5a43b98a22ce1aa1 # 192 bytes plaintext, iv is chosen so that initial counter LSB is 0xFF AES-128-GCM:00000000000000000000000000000000:ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:56b3373ca9ef6e4a2b64fe1e9a17b61425f10d47a75a5fce13efc6bc784af24f4141bdd48cf7c770887afd573cca5418a9aeffcd7c5ceddfc6a78397b9a85b499da558257267caab2ad0b23ca476a53cb17fb41c4b8b475cb4f3f7165094c229c9e8c4dc0a2a5ff1903e501511221376a1cdb8364c5061a20cae74bc4acd76ceb0abc9fd3217ef9f8c90be402ddf6d8697f4f880dff15bfb7a6b28241ec8fe183c2d59e3f9dfff653c7126f0acb9e64211f42bae12af462b1070bef1ab5e3606::566f8ef683078bfdeeffa869d751a017 +# 288 bytes plaintext, iv is chosen so that initial counter LSB is 0xFF +AES-128-GCM:00000000000000000000000000000000:ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:56b3373ca9ef6e4a2b64fe1e9a17b61425f10d47a75a5fce13efc6bc784af24f4141bdd48cf7c770887afd573cca5418a9aeffcd7c5ceddfc6a78397b9a85b499da558257267caab2ad0b23ca476a53cb17fb41c4b8b475cb4f3f7165094c229c9e8c4dc0a2a5ff1903e501511221376a1cdb8364c5061a20cae74bc4acd76ceb0abc9fd3217ef9f8c90be402ddf6d8697f4f880dff15bfb7a6b28241ec8fe183c2d59e3f9dfff653c7126f0acb9e64211f42bae12af462b1070bef1ab5e3606872ca10dee15b3249b1a1b958f23134c4bccb7d03200bce420a2f8eb66dcf3644d1423c1b5699003c13ecef4bf38a3b60eedc34033bac1902783dc6d89e2e774188a439c7ebcc0672dbda4ddcfb2794613b0be41315ef778708a70ee7d75165c::8b307f6b33286d0ab026a9ed3fe1e85f # 80 bytes plaintext, submitted by Intel AES-128-GCM:843ffcf5d2b72694d19ed01d01249412:dbcca32ebf9b804617c3aa9e:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f:6268c6fa2a80b2d137467f092f657ac04d89be2beaa623d61b5a868c8f03ff95d3dcee23ad2f1ab3a6c80eaf4b140eb05de3457f0fbc111a6b43d0763aa422a3013cf1dc37fe417d1fbfc449b75d4cc5:00000000000000000000000000000000101112131415161718191a1b1c1d1e1f:3b629ccfbc1119b7319e1dce2cd6fd6d +# OFB tests from OpenSSL upstream. +AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1 +AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:1 +AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:1 +AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:1 +# OFB-AES128.Decrypt +AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0 +AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:0 +AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:0 +AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:0 +# OFB-AES256.Encrypt +AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1 +AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:1 +AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:1 +AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:1 +# OFB-AES256.Decrypt +AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0 +AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:0 +AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:0 +AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:0 + +# AES-192 CBC-mode test from upstream OpenSSL. +AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:4F021DB243BC633D7178183A9FA071E8 +AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:4F021DB243BC633D7178183A9FA071E8:AE2D8A571E03AC9C9EB76FAC45AF8E51:B4D9ADA9AD7DEDF4E5E738763F69145A +AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:B4D9ADA9AD7DEDF4E5E738763F69145A:30C81C46A35CE411E5FBC1191A0A52EF:571B242012FB7AE07FA9BAAC3DF102E0 +AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:571B242012FB7AE07FA9BAAC3DF102E0:F69F2445DF4F9B17AD2B417BE66C3710:08B0E27988598881D920A9E64F5615CD + +# AES-192-ECB tests from FIPS-197 +AES-192-ECB:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:DDA97CA4864CDFE06EAF70A0EC0D7191:1 + +# AES-192-ECB tests from NIST document SP800-38A +AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::6BC1BEE22E409F96E93D7E117393172A:BD334F1D6E45F25FF712A214571FA5CC:1 +AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::AE2D8A571E03AC9C9EB76FAC45AF8E51:974104846D0AD3AD7734ECB3ECEE4EEF:1 +AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::30C81C46A35CE411E5FBC1191A0A52EF:EF7AFD2270E2E60ADCE0BA2FACE6444E:1 +AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::F69F2445DF4F9B17AD2B417BE66C3710:9A4B41BA738D6C72FB16691603C18E0E:1 diff --git a/src/crypto/cmac/CMakeLists.txt b/src/crypto/cmac/CMakeLists.txt new file mode 100644 index 0000000..8ebd80c --- /dev/null +++ b/src/crypto/cmac/CMakeLists.txt @@ -0,0 +1,17 @@ +include_directories(. .. ../../include) + +add_library( + cmac + + OBJECT + + cmac.c +) + +add_executable( + cmac_test + + cmac_test.cc +) + +target_link_libraries(cmac_test crypto) diff --git a/src/crypto/cmac/cmac.c b/src/crypto/cmac/cmac.c new file mode 100644 index 0000000..fa4c3c4 --- /dev/null +++ b/src/crypto/cmac/cmac.c @@ -0,0 +1,239 @@ +/* ==================================================================== + * Copyright (c) 2010 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== */ + +#include + +#include +#include + +#include +#include +#include + + +struct cmac_ctx_st { + EVP_CIPHER_CTX cipher_ctx; + /* k1 and k2 are the CMAC subkeys. See + * https://tools.ietf.org/html/rfc4493#section-2.3 */ + uint8_t k1[AES_BLOCK_SIZE]; + uint8_t k2[AES_BLOCK_SIZE]; + /* Last (possibly partial) scratch */ + uint8_t block[AES_BLOCK_SIZE]; + /* block_used contains the number of valid bytes in |block|. */ + unsigned block_used; +}; + +static void CMAC_CTX_init(CMAC_CTX *ctx) { + EVP_CIPHER_CTX_init(&ctx->cipher_ctx); +} + +static void CMAC_CTX_cleanup(CMAC_CTX *ctx) { + EVP_CIPHER_CTX_cleanup(&ctx->cipher_ctx); + OPENSSL_cleanse(ctx->k1, sizeof(ctx->k1)); + OPENSSL_cleanse(ctx->k2, sizeof(ctx->k2)); + OPENSSL_cleanse(ctx->block, sizeof(ctx->block)); +} + +int AES_CMAC(uint8_t out[16], const uint8_t *key, size_t key_len, + const uint8_t *in, size_t in_len) { + const EVP_CIPHER *cipher; + switch (key_len) { + case 16: + cipher = EVP_aes_128_cbc(); + break; + case 32: + cipher = EVP_aes_256_cbc(); + break; + default: + return 0; + } + + size_t scratch_out_len; + CMAC_CTX ctx; + CMAC_CTX_init(&ctx); + + const int ok = CMAC_Init(&ctx, key, key_len, cipher, NULL /* engine */) && + CMAC_Update(&ctx, in, in_len) && + CMAC_Final(&ctx, out, &scratch_out_len); + + CMAC_CTX_cleanup(&ctx); + return ok; +} + +CMAC_CTX *CMAC_CTX_new(void) { + CMAC_CTX *ctx = OPENSSL_malloc(sizeof(*ctx)); + if (ctx != NULL) { + CMAC_CTX_init(ctx); + } + return ctx; +} + +void CMAC_CTX_free(CMAC_CTX *ctx) { + if (ctx == NULL) { + return; + } + + CMAC_CTX_cleanup(ctx); + OPENSSL_free(ctx); +} + +/* binary_field_mul_x treats the 128 bits at |in| as an element of GF(2¹²â¸) + * with a hard-coded reduction polynomial and sets |out| as x times the + * input. + * + * See https://tools.ietf.org/html/rfc4493#section-2.3 */ +static void binary_field_mul_x(uint8_t out[16], const uint8_t in[16]) { + unsigned i; + + /* Shift |in| to left, including carry. */ + for (i = 0; i < 15; i++) { + out[i] = (in[i] << 1) | (in[i+1] >> 7); + } + + /* If MSB set fixup with R. */ + const uint8_t carry = in[0] >> 7; + out[i] = (in[i] << 1) ^ ((0 - carry) & 0x87); +} + +static const uint8_t kZeroIV[AES_BLOCK_SIZE] = {0}; + +int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t key_len, + const EVP_CIPHER *cipher, ENGINE *engine) { + uint8_t scratch[AES_BLOCK_SIZE]; + + if (EVP_CIPHER_block_size(cipher) != AES_BLOCK_SIZE || + EVP_CIPHER_key_length(cipher) != key_len || + !EVP_EncryptInit_ex(&ctx->cipher_ctx, cipher, NULL, key, kZeroIV) || + !EVP_Cipher(&ctx->cipher_ctx, scratch, kZeroIV, AES_BLOCK_SIZE) || + /* Reset context again ready for first data. */ + !EVP_EncryptInit_ex(&ctx->cipher_ctx, NULL, NULL, NULL, kZeroIV)) { + return 0; + } + + binary_field_mul_x(ctx->k1, scratch); + binary_field_mul_x(ctx->k2, ctx->k1); + ctx->block_used = 0; + + return 1; +} + +int CMAC_Reset(CMAC_CTX *ctx) { + ctx->block_used = 0; + return EVP_EncryptInit_ex(&ctx->cipher_ctx, NULL, NULL, NULL, kZeroIV); +} + +int CMAC_Update(CMAC_CTX *ctx, const uint8_t *in, size_t in_len) { + uint8_t scratch[AES_BLOCK_SIZE]; + + if (ctx->block_used > 0) { + size_t todo = AES_BLOCK_SIZE - ctx->block_used; + if (in_len < todo) { + todo = in_len; + } + + memcpy(ctx->block + ctx->block_used, in, todo); + in += todo; + in_len -= todo; + ctx->block_used += todo; + + /* If |in_len| is zero then either |ctx->block_used| is less than + * |AES_BLOCK_SIZE|, in which case we can stop here, or |ctx->block_used| + * is exactly |AES_BLOCK_SIZE| but there's no more data to process. In the + * latter case we don't want to process this block now because it might be + * the last block and that block is treated specially. */ + if (in_len == 0) { + return 1; + } + + assert(ctx->block_used == AES_BLOCK_SIZE); + + if (!EVP_Cipher(&ctx->cipher_ctx, scratch, ctx->block, AES_BLOCK_SIZE)) { + return 0; + } + } + + /* Encrypt all but one of the remaining blocks. */ + while (in_len > AES_BLOCK_SIZE) { + if (!EVP_Cipher(&ctx->cipher_ctx, scratch, in, AES_BLOCK_SIZE)) { + return 0; + } + in += AES_BLOCK_SIZE; + in_len -= AES_BLOCK_SIZE; + } + + memcpy(ctx->block, in, in_len); + ctx->block_used = in_len; + + return 1; +} + +int CMAC_Final(CMAC_CTX *ctx, uint8_t *out, size_t *out_len) { + *out_len = AES_BLOCK_SIZE; + if (out == NULL) { + return 1; + } + + const uint8_t *mask = ctx->k1; + + if (ctx->block_used != AES_BLOCK_SIZE) { + /* If the last block is incomplete, terminate it with a single 'one' bit + * followed by zeros. */ + ctx->block[ctx->block_used] = 0x80; + memset(ctx->block + ctx->block_used + 1, 0, + AES_BLOCK_SIZE - (ctx->block_used + 1)); + + mask = ctx->k2; + } + + unsigned i; + for (i = 0; i < AES_BLOCK_SIZE; i++) { + out[i] = ctx->block[i] ^ mask[i]; + } + + return EVP_Cipher(&ctx->cipher_ctx, out, out, AES_BLOCK_SIZE); +} diff --git a/src/crypto/cmac/cmac_test.cc b/src/crypto/cmac/cmac_test.cc new file mode 100644 index 0000000..0f06860 --- /dev/null +++ b/src/crypto/cmac/cmac_test.cc @@ -0,0 +1,154 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include + +#include + +#include + +#include "../test/scoped_types.h" + + +static void dump(const uint8_t *got, const uint8_t *expected, size_t len) { + ScopedBIO bio(BIO_new_fp(stderr, 0 /* don't close */)); + + BIO_puts(bio.get(), "\nGot:\n"); + BIO_hexdump(bio.get(), got, len, 2 /* indent */); + BIO_puts(bio.get(), "Expected:\n"); + BIO_hexdump(bio.get(), expected, len, 2 /* indent */); + BIO_flush(bio.get()); +} + +static int test(const char *name, const uint8_t *key, size_t key_len, + const uint8_t *msg, size_t msg_len, const uint8_t *expected) { + uint8_t out[16]; + + if (!AES_CMAC(out, key, key_len, msg, msg_len)) { + fprintf(stderr, "%s: AES_CMAC failed\n", name); + return 0; + } + + if (CRYPTO_memcmp(out, expected, sizeof(out)) != 0) { + fprintf(stderr, "%s: CMAC result differs:\n", name); + dump(out, expected, sizeof(out)); + return 0; + } + + ScopedCMAC_CTX ctx(CMAC_CTX_new()); + if (!CMAC_Init(ctx.get(), key, key_len, EVP_aes_128_cbc(), NULL)) { + fprintf(stderr, "%s: CMAC_Init failed.\n", name); + return 0; + } + + for (unsigned chunk_size = 1; chunk_size <= msg_len; chunk_size++) { + if (!CMAC_Reset(ctx.get())) { + fprintf(stderr, "%s/%u: CMAC_Reset failed.\n", name, chunk_size); + return 0; + } + + size_t done = 0; + while (done < msg_len) { + size_t todo = std::min(msg_len - done, static_cast(chunk_size)); + if (!CMAC_Update(ctx.get(), msg + done, todo)) { + fprintf(stderr, "%s/%u: CMAC_Update failed.\n", name, chunk_size); + return 0; + } + + done += todo; + } + + size_t out_len; + if (!CMAC_Final(ctx.get(), out, &out_len)) { + fprintf(stderr, "%s/%u: CMAC_Final failed.\n", name, chunk_size); + return 0; + } + + if (out_len != sizeof(out)) { + fprintf(stderr, "%s/%u: incorrect out_len: %u.\n", name, chunk_size, + static_cast(out_len)); + return 0; + } + + if (CRYPTO_memcmp(out, expected, sizeof(out)) != 0) { + fprintf(stderr, "%s/%u: CMAC result differs:\n", name, chunk_size); + dump(out, expected, sizeof(out)); + return 0; + } + } + + return 1; +} + +static int rfc_4493_test_vectors(void) { + static const uint8_t kKey[16] = { + 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, + 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c, + }; + static const uint8_t kOut1[16] = { + 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, + 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46, + }; + static const uint8_t kMsg2[] = { + 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, + 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, + }; + static const uint8_t kOut2[16] = { + 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, + 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c, + }; + static const uint8_t kMsg3[] = { + 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, + 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, + 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, + 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, + 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, + }; + static const uint8_t kOut3[16] = { + 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30, + 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27, + }; + static const uint8_t kMsg4[] = { + 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, + 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, + 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, + 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, + 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, + 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, + 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, + 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10, + }; + static const uint8_t kOut4[16] = { + 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, + 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe, + }; + + if (!test("RFC 4493 #1", kKey, sizeof(kKey), NULL, 0, kOut1) || + !test("RFC 4493 #2", kKey, sizeof(kKey), kMsg2, sizeof(kMsg2), kOut2) || + !test("RFC 4493 #3", kKey, sizeof(kKey), kMsg3, sizeof(kMsg3), kOut3) || + !test("RFC 4493 #4", kKey, sizeof(kKey), kMsg4, sizeof(kMsg4), kOut4)) { + return 0; + } + + return 1; +} + +int main(int argc, char **argv) { + if (!rfc_4493_test_vectors()) { + return 1; + } + + printf("PASS\n"); + return 0; +} diff --git a/src/crypto/conf/CMakeLists.txt b/src/crypto/conf/CMakeLists.txt index f54d904..8046bb8 100644 --- a/src/crypto/conf/CMakeLists.txt +++ b/src/crypto/conf/CMakeLists.txt @@ -6,5 +6,4 @@ add_library( OBJECT conf.c - conf_error.c ) diff --git a/src/crypto/conf/conf.c b/src/crypto/conf/conf.c index b8dab95..213efc5 100644 --- a/src/crypto/conf/conf.c +++ b/src/crypto/conf/conf.c @@ -90,9 +90,13 @@ static int conf_value_cmp(const CONF_VALUE *a, const CONF_VALUE *b) { } } -CONF *NCONF_new(void) { +CONF *NCONF_new(void *method) { CONF *conf; + if (method != NULL) { + return NULL; + } + conf = OPENSSL_malloc(sizeof(CONF)); if (conf == NULL) { return NULL; @@ -530,20 +534,22 @@ static int def_load_bio(CONF *conf, BIO *in, long *out_error_line) { BIO_gets(in, p, CONFBUFSIZE - 1); p[CONFBUFSIZE - 1] = '\0'; ii = i = strlen(p); - if (i == 0 && !again) + if (i == 0 && !again) { break; + } again = 0; while (i > 0) { - if ((p[i - 1] != '\r') && (p[i - 1] != '\n')) + if ((p[i - 1] != '\r') && (p[i - 1] != '\n')) { break; - else + } else { i--; + } } /* we removed some trailing stuff so there is a new * line on the end. */ - if (ii && i == ii) + if (ii && i == ii) { again = 1; /* long line */ - else { + } else { p[i] = '\0'; eline++; /* another input line */ } @@ -564,15 +570,17 @@ static int def_load_bio(CONF *conf, BIO *in, long *out_error_line) { again = 1; } } - if (again) + if (again) { continue; + } bufnum = 0; buf = buff->data; clear_comments(conf, buf); s = eat_ws(conf, buf); - if (IS_EOF(conf, *s)) + if (IS_EOF(conf, *s)) { continue; /* blank line */ + } if (*s == '[') { char *ss; @@ -591,10 +599,12 @@ static int def_load_bio(CONF *conf, BIO *in, long *out_error_line) { goto err; } *end = '\0'; - if (!str_copy(conf, NULL, §ion, start)) + if (!str_copy(conf, NULL, §ion, start)) { goto err; - if ((sv = get_section(conf, section)) == NULL) + } + if ((sv = get_section(conf, section)) == NULL) { sv = NCONF_new_section(conf, section); + } if (sv == NULL) { OPENSSL_PUT_ERROR(CONF, def_load_bio, CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; @@ -619,11 +629,13 @@ static int def_load_bio(CONF *conf, BIO *in, long *out_error_line) { *end = '\0'; p++; start = eat_ws(conf, p); - while (!IS_EOF(conf, *p)) + while (!IS_EOF(conf, *p)) { p++; + } p--; - while ((p != start) && (IS_WS(conf, *p))) + while ((p != start) && (IS_WS(conf, *p))) { p--; + } p++; *p = '\0'; @@ -631,8 +643,9 @@ static int def_load_bio(CONF *conf, BIO *in, long *out_error_line) { OPENSSL_PUT_ERROR(CONF, def_load_bio, ERR_R_MALLOC_FAILURE); goto err; } - if (psection == NULL) + if (psection == NULL) { psection = section; + } v->name = (char *)OPENSSL_malloc(strlen(pname) + 1); v->value = NULL; if (v->name == NULL) { @@ -640,18 +653,21 @@ static int def_load_bio(CONF *conf, BIO *in, long *out_error_line) { goto err; } BUF_strlcpy(v->name, pname, strlen(pname) + 1); - if (!str_copy(conf, psection, &(v->value), start)) + if (!str_copy(conf, psection, &(v->value), start)) { goto err; + } if (strcmp(psection, section) != 0) { - if ((tv = get_section(conf, psection)) == NULL) + if ((tv = get_section(conf, psection)) == NULL) { tv = NCONF_new_section(conf, psection); + } if (tv == NULL) { OPENSSL_PUT_ERROR(CONF, def_load_bio, CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; } - } else + } else { tv = sv; + } if (add_string(conf, tv, v) == 0) { OPENSSL_PUT_ERROR(CONF, def_load_bio, ERR_R_MALLOC_FAILURE); goto err; @@ -659,29 +675,37 @@ static int def_load_bio(CONF *conf, BIO *in, long *out_error_line) { v = NULL; } } - if (buff != NULL) + if (buff != NULL) { BUF_MEM_free(buff); - if (section != NULL) + } + if (section != NULL) { OPENSSL_free(section); + } return 1; err: - if (buff != NULL) + if (buff != NULL) { BUF_MEM_free(buff); - if (section != NULL) + } + if (section != NULL) { OPENSSL_free(section); - if (out_error_line != NULL) + } + if (out_error_line != NULL) { *out_error_line = eline; + } BIO_snprintf(btmp, sizeof btmp, "%ld", eline); ERR_add_error_data(2, "line ", btmp); if (v != NULL) { - if (v->name != NULL) + if (v->name != NULL) { OPENSSL_free(v->name); - if (v->value != NULL) + } + if (v->value != NULL) { OPENSSL_free(v->value); - if (v != NULL) + } + if (v != NULL) { OPENSSL_free(v); + } } return 0; } @@ -701,6 +725,10 @@ int NCONF_load(CONF *conf, const char *filename, long *out_error_line) { return ret; } +int NCONF_load_bio(CONF *conf, BIO *bio, long *out_error_line) { + return def_load_bio(conf, bio, out_error_line); +} + int CONF_parse_list(const char *list, char sep, int remove_whitespace, int (*list_cb)(const char *elem, int len, void *usr), void *arg) { diff --git a/src/crypto/conf/conf_error.c b/src/crypto/conf/conf_error.c deleted file mode 100644 index b5dd001..0000000 --- a/src/crypto/conf/conf_error.c +++ /dev/null @@ -1,31 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#include - -#include - -const ERR_STRING_DATA CONF_error_string_data[] = { - {ERR_PACK(ERR_LIB_CONF, CONF_F_CONF_parse_list, 0), "CONF_parse_list"}, - {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_load, 0), "NCONF_load"}, - {ERR_PACK(ERR_LIB_CONF, CONF_F_def_load_bio, 0), "def_load_bio"}, - {ERR_PACK(ERR_LIB_CONF, CONF_F_str_copy, 0), "str_copy"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_LIST_CANNOT_BE_NULL), "LIST_CANNOT_BE_NULL"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MISSING_CLOSE_SQUARE_BRACKET), "MISSING_CLOSE_SQUARE_BRACKET"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MISSING_EQUAL_SIGN), "MISSING_EQUAL_SIGN"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_CLOSE_BRACE), "NO_CLOSE_BRACE"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_UNABLE_TO_CREATE_NEW_SECTION), "UNABLE_TO_CREATE_NEW_SECTION"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_VARIABLE_HAS_NO_VALUE), "VARIABLE_HAS_NO_VALUE"}, - {0, NULL}, -}; diff --git a/src/crypto/cpu-arm-asm.S b/src/crypto/cpu-arm-asm.S new file mode 100644 index 0000000..faf3ad8 --- /dev/null +++ b/src/crypto/cpu-arm-asm.S @@ -0,0 +1,32 @@ +# Copyright (c) 2014, Google Inc. +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +# OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +# CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +#if !defined(OPENSSL_NO_ASM) && defined(__arm__) + +.syntax unified +.cpu cortex-a8 +.fpu neon +.text +.thumb +.align 2 +.global CRYPTO_arm_neon_probe +.hidden CRYPTO_arm_neon_probe +.type CRYPTO_arm_neon_probe, %function +.thumb_func +CRYPTO_arm_neon_probe: + vorr q1, q1, q1 + bx lr +.section .note.GNU-stack,"",%progbits + +#endif /* !OPENSSL_NO_ASM && __arm__ */ diff --git a/src/crypto/cpu-arm.c b/src/crypto/cpu-arm.c index 96392d8..74e937b 100644 --- a/src/crypto/cpu-arm.c +++ b/src/crypto/cpu-arm.c @@ -17,7 +17,12 @@ #if defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64) #include -#include +#include + +#if !defined(OPENSSL_TRUSTY) +#include +#include +#endif #include "arm_arch.h" @@ -28,14 +33,15 @@ unsigned long getauxval(unsigned long type) __attribute__((weak)); -static const unsigned long AT_HWCAP = 16; -static const unsigned long AT_HWCAP2 = 26; - char CRYPTO_is_NEON_capable(void) { return (OPENSSL_armcap_P & ARMV7_NEON) != 0; } +static char g_set_neon_called = 0; + void CRYPTO_set_NEON_capable(char neon_capable) { + g_set_neon_called = 1; + if (neon_capable) { OPENSSL_armcap_P |= ARMV7_NEON; } else { @@ -56,11 +62,81 @@ void CRYPTO_set_NEON_functional(char neon_functional) { } } +#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_ARM) && !defined(OPENSSL_TRUSTY) + +static sigjmp_buf sigill_jmp; + +static void sigill_handler(int signal) { + siglongjmp(sigill_jmp, signal); +} + +void CRYPTO_arm_neon_probe(); + +// probe_for_NEON returns 1 if a NEON instruction runs successfully. Because +// getauxval doesn't exist on Android until Jelly Bean, supporting NEON on +// older devices requires this. +static int probe_for_NEON() { + int supported = 0; + + sigset_t sigmask; + sigfillset(&sigmask); + sigdelset(&sigmask, SIGILL); + sigdelset(&sigmask, SIGTRAP); + sigdelset(&sigmask, SIGFPE); + sigdelset(&sigmask, SIGBUS); + sigdelset(&sigmask, SIGSEGV); + + struct sigaction sigill_original_action, sigill_action; + memset(&sigill_action, 0, sizeof(sigill_action)); + sigill_action.sa_handler = sigill_handler; + sigill_action.sa_mask = sigmask; + + sigset_t original_sigmask; + sigprocmask(SIG_SETMASK, &sigmask, &original_sigmask); + + if (sigsetjmp(sigill_jmp, 1 /* save signals */) == 0) { + sigaction(SIGILL, &sigill_action, &sigill_original_action); + + // This function cannot be inline asm because GCC will refuse to compile + // inline NEON instructions unless building with -mfpu=neon, which would + // defeat the point of probing for support at runtime. + CRYPTO_arm_neon_probe(); + supported = 1; + } + // Note that Android up to and including Lollipop doesn't restore the signal + // mask correctly after returning from a sigsetjmp. So that would need to be + // set again here if more probes were added. + // See https://android-review.googlesource.com/#/c/127624/ + + sigaction(SIGILL, &sigill_original_action, NULL); + sigprocmask(SIG_SETMASK, &original_sigmask, NULL); + + return supported; +} + +#else + +static int probe_for_NEON(void) { + return 0; +} + +#endif /* !OPENSSL_NO_ASM && OPENSSL_ARM && !OPENSSL_TRUSTY */ + void OPENSSL_cpuid_setup(void) { if (getauxval == NULL) { + // On ARM, but not AArch64, try a NEON instruction and see whether it works + // in order to probe for NEON support. + // + // Note that |CRYPTO_is_NEON_capable| can be true even if + // |CRYPTO_set_NEON_capable| has never been called if the code was compiled + // with NEON support enabled (e.g. -mfpu=neon). + if (!g_set_neon_called && !CRYPTO_is_NEON_capable() && probe_for_NEON()) { + OPENSSL_armcap_P |= ARMV7_NEON; + } return; } + static const unsigned long AT_HWCAP = 16; unsigned long hwcap = getauxval(AT_HWCAP); #if defined(OPENSSL_ARM) @@ -71,6 +147,7 @@ void OPENSSL_cpuid_setup(void) { /* In 32-bit mode, the ARMv8 feature bits are in a different aux vector * value. */ + static const unsigned long AT_HWCAP2 = 26; hwcap = getauxval(AT_HWCAP2); /* See /usr/include/asm/hwcap.h on an ARM installation for the source of @@ -93,7 +170,7 @@ void OPENSSL_cpuid_setup(void) { } #endif - OPENSSL_armcap_P |= ARMV7_NEON | ARMV7_NEON_FUNCTIONAL; + OPENSSL_armcap_P |= ARMV7_NEON; if (hwcap & kAES) { OPENSSL_armcap_P |= ARMV8_AES; diff --git a/src/crypto/cpu-intel.c b/src/crypto/cpu-intel.c index 69f4570..df0e127 100644 --- a/src/crypto/cpu-intel.c +++ b/src/crypto/cpu-intel.c @@ -64,6 +64,7 @@ #if !defined(OPENSSL_NO_ASM) && (defined(OPENSSL_X86) || defined(OPENSSL_X86_64)) #include +#include #include #include diff --git a/src/crypto/cpu-x86-asm.pl b/src/crypto/cpu-x86-asm.pl index 1ac7d84..319c436 100644 --- a/src/crypto/cpu-x86-asm.pl +++ b/src/crypto/cpu-x86-asm.pl @@ -110,10 +110,6 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } &cmp ("ebp",0); &jne (&label("notintel")); &or ("edx",1<<30); # set reserved bit#30 on Intel CPUs - &and (&HB("eax"),15); # familiy ID - &cmp (&HB("eax"),15); # P4? - &jne (&label("notintel")); - &or ("edx",1<<20); # set reserved bit#20 to engage RC4_CHAR &set_label("notintel"); &bt ("edx",28); # test hyper-threading bit &jnc (&label("generic")); diff --git a/src/crypto/cpu-x86_64-asm.pl b/src/crypto/cpu-x86_64-asm.pl index 59cfd18..89d7a6c 100644 --- a/src/crypto/cpu-x86_64-asm.pl +++ b/src/crypto/cpu-x86_64-asm.pl @@ -122,10 +122,6 @@ OPENSSL_ia32_cpuid: cmp \$0,%r9d jne .Lnotintel or \$0x40000000,%edx # set reserved bit#30 on Intel CPUs - and \$15,%ah - cmp \$15,%ah # examine Family ID - jne .Lnotintel - or \$0x00100000,%edx # set reserved bit#20 to engage RC4_CHAR .Lnotintel: bt \$28,%edx # test hyper-threading bit jnc .Lgeneric diff --git a/src/crypto/crypto_error.c b/src/crypto/crypto_error.c deleted file mode 100644 index 3e63dca..0000000 --- a/src/crypto/crypto_error.c +++ /dev/null @@ -1,25 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#include - -#include - -const ERR_STRING_DATA CRYPTO_error_string_data[] = { - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_set_ex_data, 0), "CRYPTO_set_ex_data"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_get_class, 0), "get_class"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_get_func_pointers, 0), "get_func_pointers"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_get_new_index, 0), "get_new_index"}, - {0, NULL}, -}; diff --git a/src/crypto/crypto_error.h b/src/crypto/crypto_error.h deleted file mode 100644 index c0cb2bd..0000000 --- a/src/crypto/crypto_error.h +++ /dev/null @@ -1,18 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#define CRYPTO_F_CRYPTO_set_ex_data 100 -#define CRYPTO_F_get_class 101 -#define CRYPTO_F_get_new_index 102 -#define CRYPTO_F_get_func_pointers 103 diff --git a/src/crypto/des/des.c b/src/crypto/des/des.c index 6d00011..56a2996 100644 --- a/src/crypto/des/des.c +++ b/src/crypto/des/des.c @@ -56,6 +56,8 @@ #include +#include + #include "internal.h" @@ -349,6 +351,35 @@ void DES_set_key(const DES_cblock *key, DES_key_schedule *schedule) { } } +static const uint8_t kOddParity[256] = { + 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, + 14, 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, + 31, 31, 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, + 44, 47, 47, 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, + 61, 61, 62, 62, 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, + 74, 76, 76, 79, 79, 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, + 91, 91, 93, 93, 94, 94, 97, 97, 98, 98, 100, 100, 103, 103, 104, + 104, 107, 107, 109, 109, 110, 110, 112, 112, 115, 115, 117, 117, 118, 118, + 121, 121, 122, 122, 124, 124, 127, 127, 128, 128, 131, 131, 133, 133, 134, + 134, 137, 137, 138, 138, 140, 140, 143, 143, 145, 145, 146, 146, 148, 148, + 151, 151, 152, 152, 155, 155, 157, 157, 158, 158, 161, 161, 162, 162, 164, + 164, 167, 167, 168, 168, 171, 171, 173, 173, 174, 174, 176, 176, 179, 179, + 181, 181, 182, 182, 185, 185, 186, 186, 188, 188, 191, 191, 193, 193, 194, + 194, 196, 196, 199, 199, 200, 200, 203, 203, 205, 205, 206, 206, 208, 208, + 211, 211, 213, 213, 214, 214, 217, 217, 218, 218, 220, 220, 223, 223, 224, + 224, 227, 227, 229, 229, 230, 230, 233, 233, 234, 234, 236, 236, 239, 239, + 241, 241, 242, 242, 244, 244, 247, 247, 248, 248, 251, 251, 253, 253, 254, + 254 +}; + +void DES_set_odd_parity(DES_cblock *key) { + unsigned i; + + for (i = 0; i < DES_KEY_SZ; i++) { + key->bytes[i] = kOddParity[key->bytes[i]]; + } +} + static void DES_encrypt1(uint32_t *data, const DES_key_schedule *ks, int enc) { uint32_t l, r, t, u; const uint32_t *s; @@ -609,6 +640,29 @@ void DES_ncbc_encrypt(const uint8_t *in, uint8_t *out, size_t len, tin[0] = tin[1] = 0; } +void DES_ecb3_encrypt(const DES_cblock *input, DES_cblock *output, + const DES_key_schedule *ks1, const DES_key_schedule *ks2, + const DES_key_schedule *ks3, int enc) { + uint32_t l0, l1; + uint32_t ll[2]; + const uint8_t *in = input->bytes; + uint8_t *out = output->bytes; + + c2l(in, l0); + c2l(in, l1); + ll[0] = l0; + ll[1] = l1; + if (enc) { + DES_encrypt3(ll, ks1, ks2, ks3); + } else { + DES_decrypt3(ll, ks1, ks2, ks3); + } + l0 = ll[0]; + l1 = ll[1]; + l2c(l0, out); + l2c(l1, out); +} + void DES_ede3_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len, const DES_key_schedule *ks1, const DES_key_schedule *ks2, diff --git a/src/crypto/dh/CMakeLists.txt b/src/crypto/dh/CMakeLists.txt index 4e31206..9e487d5 100644 --- a/src/crypto/dh/CMakeLists.txt +++ b/src/crypto/dh/CMakeLists.txt @@ -10,13 +10,12 @@ add_library( params.c check.c dh_asn1.c - dh_error.c ) add_executable( dh_test - dh_test.c + dh_test.cc ) target_link_libraries(dh_test crypto) diff --git a/src/crypto/dh/dh.c b/src/crypto/dh/dh.c index 7a50da7..ab7ed8b 100644 --- a/src/crypto/dh/dh.c +++ b/src/crypto/dh/dh.c @@ -66,10 +66,13 @@ #include #include "internal.h" +#include "../internal.h" extern const DH_METHOD DH_default_method; +static CRYPTO_EX_DATA_CLASS g_ex_data_class = CRYPTO_EX_DATA_CLASS_INIT; + DH *DH_new(void) { return DH_new_method(NULL); } DH *DH_new_method(const ENGINE *engine) { @@ -90,14 +93,16 @@ DH *DH_new_method(const ENGINE *engine) { } METHOD_ref(dh->meth); + CRYPTO_MUTEX_init(&dh->method_mont_p_lock); + dh->references = 1; - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, dh, &dh->ex_data)) { + if (!CRYPTO_new_ex_data(&g_ex_data_class, dh, &dh->ex_data)) { OPENSSL_free(dh); return NULL; } if (dh->meth->init && !dh->meth->init(dh)) { - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, dh, &dh->ex_data); + CRYPTO_free_ex_data(&g_ex_data_class, dh, &dh->ex_data); METHOD_unref(dh->meth); OPENSSL_free(dh); return NULL; @@ -120,7 +125,7 @@ void DH_free(DH *dh) { } METHOD_unref(dh->meth); - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, dh, &dh->ex_data); + CRYPTO_free_ex_data(&g_ex_data_class, dh, &dh->ex_data); if (dh->method_mont_p) BN_MONT_CTX_free(dh->method_mont_p); if (dh->p != NULL) BN_clear_free(dh->p); @@ -131,6 +136,7 @@ void DH_free(DH *dh) { if (dh->counter != NULL) BN_clear_free(dh->counter); if (dh->pub_key != NULL) BN_clear_free(dh->pub_key); if (dh->priv_key != NULL) BN_clear_free(dh->priv_key); + CRYPTO_MUTEX_cleanup(&dh->method_mont_p_lock); OPENSSL_free(dh); } @@ -173,9 +179,7 @@ static int int_dh_bn_cpy(BIGNUM **dst, const BIGNUM *src) { } } - if (*dst) { - BN_free(*dst); - } + BN_free(*dst); *dst = a; return 1; } @@ -198,11 +202,10 @@ static int int_dh_param_copy(DH *to, const DH *from, int is_x942) { return 0; } - if (to->seed) { - OPENSSL_free(to->seed); - to->seed = NULL; - to->seedlen = 0; - } + OPENSSL_free(to->seed); + to->seed = NULL; + to->seedlen = 0; + if (from->seed) { to->seed = BUF_memdup(from->seed, from->seedlen); if (!to->seed) { @@ -230,8 +233,12 @@ DH *DHparams_dup(const DH *dh) { int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp, new_func, - dup_func, free_func); + int index; + if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp, new_func, + dup_func, free_func)) { + return -1; + } + return index; } int DH_set_ex_data(DH *d, int idx, void *arg) { diff --git a/src/crypto/dh/dh_error.c b/src/crypto/dh/dh_error.c deleted file mode 100644 index 5ecc5d1..0000000 --- a/src/crypto/dh/dh_error.c +++ /dev/null @@ -1,29 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#include - -#include - -const ERR_STRING_DATA DH_error_string_data[] = { - {ERR_PACK(ERR_LIB_DH, DH_F_DH_new_method, 0), "DH_new_method"}, - {ERR_PACK(ERR_LIB_DH, DH_F_compute_key, 0), "compute_key"}, - {ERR_PACK(ERR_LIB_DH, DH_F_generate_key, 0), "generate_key"}, - {ERR_PACK(ERR_LIB_DH, DH_F_generate_parameters, 0), "generate_parameters"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_BAD_GENERATOR), "BAD_GENERATOR"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_PUBKEY), "INVALID_PUBKEY"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_MODULUS_TOO_LARGE), "MODULUS_TOO_LARGE"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PRIVATE_VALUE), "NO_PRIVATE_VALUE"}, - {0, NULL}, -}; diff --git a/src/crypto/dh/dh_impl.c b/src/crypto/dh/dh_impl.c index 9f416b7..f269412 100644 --- a/src/crypto/dh/dh_impl.c +++ b/src/crypto/dh/dh_impl.c @@ -58,9 +58,11 @@ #include #include +#include #include "internal.h" + #define OPENSSL_DH_MAX_MODULUS_BITS 10000 static int generate_parameters(DH *ret, int prime_bits, int generator, BN_GENCB *cb) { @@ -206,8 +208,8 @@ static int generate_key(DH *dh) { pub_key = dh->pub_key; } - mont = - BN_MONT_CTX_set_locked(&dh->method_mont_p, CRYPTO_LOCK_DH, dh->p, ctx); + mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, &dh->method_mont_p_lock, + dh->p, ctx); if (!mont) { goto err; } @@ -243,10 +245,10 @@ err: OPENSSL_PUT_ERROR(DH, generate_key, ERR_R_BN_LIB); } - if (pub_key != NULL && dh->pub_key == NULL) { + if (dh->pub_key == NULL) { BN_free(pub_key); } - if (priv_key != NULL && dh->priv_key == NULL) { + if (dh->priv_key == NULL) { BN_free(priv_key); } BN_CTX_free(ctx); @@ -281,8 +283,8 @@ static int compute_key(DH *dh, unsigned char *out, const BIGNUM *pub_key) { goto err; } - mont = - BN_MONT_CTX_set_locked(&dh->method_mont_p, CRYPTO_LOCK_DH, dh->p, ctx); + mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, &dh->method_mont_p_lock, + dh->p, ctx); if (!mont) { goto err; } diff --git a/src/crypto/dh/dh_test.c b/src/crypto/dh/dh_test.c deleted file mode 100644 index 3575f34..0000000 --- a/src/crypto/dh/dh_test.c +++ /dev/null @@ -1,502 +0,0 @@ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] */ - -#include - -#include -#include - -#include -#include -#include -#include - -#include "internal.h" - - -static int cb(int p, int n, BN_GENCB *arg) { - char c = '*'; - - if (p == 0) - c = '.'; - if (p == 1) - c = '+'; - if (p == 2) - c = '*'; - if (p == 3) - c = '\n'; - BIO_write(arg->arg, &c, 1); - (void)BIO_flush(arg->arg); - - return 1; -} - -static int run_rfc5114_tests(void); - -int main(int argc, char *argv[]) { - BN_GENCB _cb; - DH *a; - DH *b = NULL; - char buf[12]; - unsigned char *abuf = NULL, *bbuf = NULL; - int i, alen, blen, aout, bout, ret = 1; - BIO *out; - - CRYPTO_library_init(); - - out = BIO_new(BIO_s_file()); - if (out == NULL) { - return 1; - } - BIO_set_fp(out, stdout, BIO_NOCLOSE); - - BN_GENCB_set(&_cb, &cb, out); - if (((a = DH_new()) == NULL) || - !DH_generate_parameters_ex(a, 64, DH_GENERATOR_5, &_cb)) { - goto err; - } - - if (!DH_check(a, &i)) - goto err; - if (i & DH_CHECK_P_NOT_PRIME) - BIO_puts(out, "p value is not prime\n"); - if (i & DH_CHECK_P_NOT_SAFE_PRIME) - BIO_puts(out, "p value is not a safe prime\n"); - if (i & DH_CHECK_UNABLE_TO_CHECK_GENERATOR) - BIO_puts(out, "unable to check the generator value\n"); - if (i & DH_CHECK_NOT_SUITABLE_GENERATOR) - BIO_puts(out, "the g value is not a generator\n"); - - BIO_puts(out, "\np ="); - BN_print(out, a->p); - BIO_puts(out, "\ng ="); - BN_print(out, a->g); - BIO_puts(out, "\n"); - - b = DH_new(); - if (b == NULL) { - goto err; - } - - b->p = BN_dup(a->p); - b->g = BN_dup(a->g); - if (b->p == NULL || b->g == NULL) { - goto err; - } - - if (!DH_generate_key(a)) - goto err; - BIO_puts(out, "pri 1="); - BN_print(out, a->priv_key); - BIO_puts(out, "\npub 1="); - BN_print(out, a->pub_key); - BIO_puts(out, "\n"); - - if (!DH_generate_key(b)) - goto err; - BIO_puts(out, "pri 2="); - BN_print(out, b->priv_key); - BIO_puts(out, "\npub 2="); - BN_print(out, b->pub_key); - BIO_puts(out, "\n"); - - alen = DH_size(a); - abuf = (unsigned char *)OPENSSL_malloc(alen); - aout = DH_compute_key(abuf, b->pub_key, a); - - BIO_puts(out, "key1 ="); - for (i = 0; i < aout; i++) { - sprintf(buf, "%02X", abuf[i]); - BIO_puts(out, buf); - } - BIO_puts(out, "\n"); - - blen = DH_size(b); - bbuf = (unsigned char *)OPENSSL_malloc(blen); - bout = DH_compute_key(bbuf, a->pub_key, b); - - BIO_puts(out, "key2 ="); - for (i = 0; i < bout; i++) { - sprintf(buf, "%02X", bbuf[i]); - BIO_puts(out, buf); - } - BIO_puts(out, "\n"); - if ((aout < 4) || (bout != aout) || (memcmp(abuf, bbuf, aout) != 0)) { - fprintf(stderr, "Error in DH routines\n"); - ret = 1; - } else - ret = 0; - - if (!run_rfc5114_tests()) - ret = 1; - -err: - BIO_print_errors_fp(stderr); - - if (abuf != NULL) - OPENSSL_free(abuf); - if (bbuf != NULL) - OPENSSL_free(bbuf); - if (b != NULL) - DH_free(b); - if (a != NULL) - DH_free(a); - BIO_free(out); - return ret; -} - -/* Test data from RFC 5114 */ - -static const unsigned char dhtest_1024_160_xA[] = { - 0xB9, 0xA3, 0xB3, 0xAE, 0x8F, 0xEF, 0xC1, 0xA2, 0x93, 0x04, - 0x96, 0x50, 0x70, 0x86, 0xF8, 0x45, 0x5D, 0x48, 0x94, 0x3E}; -static const unsigned char dhtest_1024_160_yA[] = { - 0x2A, 0x85, 0x3B, 0x3D, 0x92, 0x19, 0x75, 0x01, 0xB9, 0x01, 0x5B, 0x2D, - 0xEB, 0x3E, 0xD8, 0x4F, 0x5E, 0x02, 0x1D, 0xCC, 0x3E, 0x52, 0xF1, 0x09, - 0xD3, 0x27, 0x3D, 0x2B, 0x75, 0x21, 0x28, 0x1C, 0xBA, 0xBE, 0x0E, 0x76, - 0xFF, 0x57, 0x27, 0xFA, 0x8A, 0xCC, 0xE2, 0x69, 0x56, 0xBA, 0x9A, 0x1F, - 0xCA, 0x26, 0xF2, 0x02, 0x28, 0xD8, 0x69, 0x3F, 0xEB, 0x10, 0x84, 0x1D, - 0x84, 0xA7, 0x36, 0x00, 0x54, 0xEC, 0xE5, 0xA7, 0xF5, 0xB7, 0xA6, 0x1A, - 0xD3, 0xDF, 0xB3, 0xC6, 0x0D, 0x2E, 0x43, 0x10, 0x6D, 0x87, 0x27, 0xDA, - 0x37, 0xDF, 0x9C, 0xCE, 0x95, 0xB4, 0x78, 0x75, 0x5D, 0x06, 0xBC, 0xEA, - 0x8F, 0x9D, 0x45, 0x96, 0x5F, 0x75, 0xA5, 0xF3, 0xD1, 0xDF, 0x37, 0x01, - 0x16, 0x5F, 0xC9, 0xE5, 0x0C, 0x42, 0x79, 0xCE, 0xB0, 0x7F, 0x98, 0x95, - 0x40, 0xAE, 0x96, 0xD5, 0xD8, 0x8E, 0xD7, 0x76}; -static const unsigned char dhtest_1024_160_xB[] = { - 0x93, 0x92, 0xC9, 0xF9, 0xEB, 0x6A, 0x7A, 0x6A, 0x90, 0x22, - 0xF7, 0xD8, 0x3E, 0x72, 0x23, 0xC6, 0x83, 0x5B, 0xBD, 0xDA}; -static const unsigned char dhtest_1024_160_yB[] = { - 0x71, 0x7A, 0x6C, 0xB0, 0x53, 0x37, 0x1F, 0xF4, 0xA3, 0xB9, 0x32, 0x94, - 0x1C, 0x1E, 0x56, 0x63, 0xF8, 0x61, 0xA1, 0xD6, 0xAD, 0x34, 0xAE, 0x66, - 0x57, 0x6D, 0xFB, 0x98, 0xF6, 0xC6, 0xCB, 0xF9, 0xDD, 0xD5, 0xA5, 0x6C, - 0x78, 0x33, 0xF6, 0xBC, 0xFD, 0xFF, 0x09, 0x55, 0x82, 0xAD, 0x86, 0x8E, - 0x44, 0x0E, 0x8D, 0x09, 0xFD, 0x76, 0x9E, 0x3C, 0xEC, 0xCD, 0xC3, 0xD3, - 0xB1, 0xE4, 0xCF, 0xA0, 0x57, 0x77, 0x6C, 0xAA, 0xF9, 0x73, 0x9B, 0x6A, - 0x9F, 0xEE, 0x8E, 0x74, 0x11, 0xF8, 0xD6, 0xDA, 0xC0, 0x9D, 0x6A, 0x4E, - 0xDB, 0x46, 0xCC, 0x2B, 0x5D, 0x52, 0x03, 0x09, 0x0E, 0xAE, 0x61, 0x26, - 0x31, 0x1E, 0x53, 0xFD, 0x2C, 0x14, 0xB5, 0x74, 0xE6, 0xA3, 0x10, 0x9A, - 0x3D, 0xA1, 0xBE, 0x41, 0xBD, 0xCE, 0xAA, 0x18, 0x6F, 0x5C, 0xE0, 0x67, - 0x16, 0xA2, 0xB6, 0xA0, 0x7B, 0x3C, 0x33, 0xFE}; -static const unsigned char dhtest_1024_160_Z[] = { - 0x5C, 0x80, 0x4F, 0x45, 0x4D, 0x30, 0xD9, 0xC4, 0xDF, 0x85, 0x27, 0x1F, - 0x93, 0x52, 0x8C, 0x91, 0xDF, 0x6B, 0x48, 0xAB, 0x5F, 0x80, 0xB3, 0xB5, - 0x9C, 0xAA, 0xC1, 0xB2, 0x8F, 0x8A, 0xCB, 0xA9, 0xCD, 0x3E, 0x39, 0xF3, - 0xCB, 0x61, 0x45, 0x25, 0xD9, 0x52, 0x1D, 0x2E, 0x64, 0x4C, 0x53, 0xB8, - 0x07, 0xB8, 0x10, 0xF3, 0x40, 0x06, 0x2F, 0x25, 0x7D, 0x7D, 0x6F, 0xBF, - 0xE8, 0xD5, 0xE8, 0xF0, 0x72, 0xE9, 0xB6, 0xE9, 0xAF, 0xDA, 0x94, 0x13, - 0xEA, 0xFB, 0x2E, 0x8B, 0x06, 0x99, 0xB1, 0xFB, 0x5A, 0x0C, 0xAC, 0xED, - 0xDE, 0xAE, 0xAD, 0x7E, 0x9C, 0xFB, 0xB3, 0x6A, 0xE2, 0xB4, 0x20, 0x83, - 0x5B, 0xD8, 0x3A, 0x19, 0xFB, 0x0B, 0x5E, 0x96, 0xBF, 0x8F, 0xA4, 0xD0, - 0x9E, 0x34, 0x55, 0x25, 0x16, 0x7E, 0xCD, 0x91, 0x55, 0x41, 0x6F, 0x46, - 0xF4, 0x08, 0xED, 0x31, 0xB6, 0x3C, 0x6E, 0x6D}; -static const unsigned char dhtest_2048_224_xA[] = { - 0x22, 0xE6, 0x26, 0x01, 0xDB, 0xFF, 0xD0, 0x67, 0x08, 0xA6, - 0x80, 0xF7, 0x47, 0xF3, 0x61, 0xF7, 0x6D, 0x8F, 0x4F, 0x72, - 0x1A, 0x05, 0x48, 0xE4, 0x83, 0x29, 0x4B, 0x0C}; -static const unsigned char dhtest_2048_224_yA[] = { - 0x1B, 0x3A, 0x63, 0x45, 0x1B, 0xD8, 0x86, 0xE6, 0x99, 0xE6, 0x7B, 0x49, - 0x4E, 0x28, 0x8B, 0xD7, 0xF8, 0xE0, 0xD3, 0x70, 0xBA, 0xDD, 0xA7, 0xA0, - 0xEF, 0xD2, 0xFD, 0xE7, 0xD8, 0xF6, 0x61, 0x45, 0xCC, 0x9F, 0x28, 0x04, - 0x19, 0x97, 0x5E, 0xB8, 0x08, 0x87, 0x7C, 0x8A, 0x4C, 0x0C, 0x8E, 0x0B, - 0xD4, 0x8D, 0x4A, 0x54, 0x01, 0xEB, 0x1E, 0x87, 0x76, 0xBF, 0xEE, 0xE1, - 0x34, 0xC0, 0x38, 0x31, 0xAC, 0x27, 0x3C, 0xD9, 0xD6, 0x35, 0xAB, 0x0C, - 0xE0, 0x06, 0xA4, 0x2A, 0x88, 0x7E, 0x3F, 0x52, 0xFB, 0x87, 0x66, 0xB6, - 0x50, 0xF3, 0x80, 0x78, 0xBC, 0x8E, 0xE8, 0x58, 0x0C, 0xEF, 0xE2, 0x43, - 0x96, 0x8C, 0xFC, 0x4F, 0x8D, 0xC3, 0xDB, 0x08, 0x45, 0x54, 0x17, 0x1D, - 0x41, 0xBF, 0x2E, 0x86, 0x1B, 0x7B, 0xB4, 0xD6, 0x9D, 0xD0, 0xE0, 0x1E, - 0xA3, 0x87, 0xCB, 0xAA, 0x5C, 0xA6, 0x72, 0xAF, 0xCB, 0xE8, 0xBD, 0xB9, - 0xD6, 0x2D, 0x4C, 0xE1, 0x5F, 0x17, 0xDD, 0x36, 0xF9, 0x1E, 0xD1, 0xEE, - 0xDD, 0x65, 0xCA, 0x4A, 0x06, 0x45, 0x5C, 0xB9, 0x4C, 0xD4, 0x0A, 0x52, - 0xEC, 0x36, 0x0E, 0x84, 0xB3, 0xC9, 0x26, 0xE2, 0x2C, 0x43, 0x80, 0xA3, - 0xBF, 0x30, 0x9D, 0x56, 0x84, 0x97, 0x68, 0xB7, 0xF5, 0x2C, 0xFD, 0xF6, - 0x55, 0xFD, 0x05, 0x3A, 0x7E, 0xF7, 0x06, 0x97, 0x9E, 0x7E, 0x58, 0x06, - 0xB1, 0x7D, 0xFA, 0xE5, 0x3A, 0xD2, 0xA5, 0xBC, 0x56, 0x8E, 0xBB, 0x52, - 0x9A, 0x7A, 0x61, 0xD6, 0x8D, 0x25, 0x6F, 0x8F, 0xC9, 0x7C, 0x07, 0x4A, - 0x86, 0x1D, 0x82, 0x7E, 0x2E, 0xBC, 0x8C, 0x61, 0x34, 0x55, 0x31, 0x15, - 0xB7, 0x0E, 0x71, 0x03, 0x92, 0x0A, 0xA1, 0x6D, 0x85, 0xE5, 0x2B, 0xCB, - 0xAB, 0x8D, 0x78, 0x6A, 0x68, 0x17, 0x8F, 0xA8, 0xFF, 0x7C, 0x2F, 0x5C, - 0x71, 0x64, 0x8D, 0x6F}; -static const unsigned char dhtest_2048_224_xB[] = { - 0x4F, 0xF3, 0xBC, 0x96, 0xC7, 0xFC, 0x6A, 0x6D, 0x71, 0xD3, - 0xB3, 0x63, 0x80, 0x0A, 0x7C, 0xDF, 0xEF, 0x6F, 0xC4, 0x1B, - 0x44, 0x17, 0xEA, 0x15, 0x35, 0x3B, 0x75, 0x90}; -static const unsigned char dhtest_2048_224_yB[] = { - 0x4D, 0xCE, 0xE9, 0x92, 0xA9, 0x76, 0x2A, 0x13, 0xF2, 0xF8, 0x38, 0x44, - 0xAD, 0x3D, 0x77, 0xEE, 0x0E, 0x31, 0xC9, 0x71, 0x8B, 0x3D, 0xB6, 0xC2, - 0x03, 0x5D, 0x39, 0x61, 0x18, 0x2C, 0x3E, 0x0B, 0xA2, 0x47, 0xEC, 0x41, - 0x82, 0xD7, 0x60, 0xCD, 0x48, 0xD9, 0x95, 0x99, 0x97, 0x06, 0x22, 0xA1, - 0x88, 0x1B, 0xBA, 0x2D, 0xC8, 0x22, 0x93, 0x9C, 0x78, 0xC3, 0x91, 0x2C, - 0x66, 0x61, 0xFA, 0x54, 0x38, 0xB2, 0x07, 0x66, 0x22, 0x2B, 0x75, 0xE2, - 0x4C, 0x2E, 0x3A, 0xD0, 0xC7, 0x28, 0x72, 0x36, 0x12, 0x95, 0x25, 0xEE, - 0x15, 0xB5, 0xDD, 0x79, 0x98, 0xAA, 0x04, 0xC4, 0xA9, 0x69, 0x6C, 0xAC, - 0xD7, 0x17, 0x20, 0x83, 0xA9, 0x7A, 0x81, 0x66, 0x4E, 0xAD, 0x2C, 0x47, - 0x9E, 0x44, 0x4E, 0x4C, 0x06, 0x54, 0xCC, 0x19, 0xE2, 0x8D, 0x77, 0x03, - 0xCE, 0xE8, 0xDA, 0xCD, 0x61, 0x26, 0xF5, 0xD6, 0x65, 0xEC, 0x52, 0xC6, - 0x72, 0x55, 0xDB, 0x92, 0x01, 0x4B, 0x03, 0x7E, 0xB6, 0x21, 0xA2, 0xAC, - 0x8E, 0x36, 0x5D, 0xE0, 0x71, 0xFF, 0xC1, 0x40, 0x0A, 0xCF, 0x07, 0x7A, - 0x12, 0x91, 0x3D, 0xD8, 0xDE, 0x89, 0x47, 0x34, 0x37, 0xAB, 0x7B, 0xA3, - 0x46, 0x74, 0x3C, 0x1B, 0x21, 0x5D, 0xD9, 0xC1, 0x21, 0x64, 0xA7, 0xE4, - 0x05, 0x31, 0x18, 0xD1, 0x99, 0xBE, 0xC8, 0xEF, 0x6F, 0xC5, 0x61, 0x17, - 0x0C, 0x84, 0xC8, 0x7D, 0x10, 0xEE, 0x9A, 0x67, 0x4A, 0x1F, 0xA8, 0xFF, - 0xE1, 0x3B, 0xDF, 0xBA, 0x1D, 0x44, 0xDE, 0x48, 0x94, 0x6D, 0x68, 0xDC, - 0x0C, 0xDD, 0x77, 0x76, 0x35, 0xA7, 0xAB, 0x5B, 0xFB, 0x1E, 0x4B, 0xB7, - 0xB8, 0x56, 0xF9, 0x68, 0x27, 0x73, 0x4C, 0x18, 0x41, 0x38, 0xE9, 0x15, - 0xD9, 0xC3, 0x00, 0x2E, 0xBC, 0xE5, 0x31, 0x20, 0x54, 0x6A, 0x7E, 0x20, - 0x02, 0x14, 0x2B, 0x6C}; -static const unsigned char dhtest_2048_224_Z[] = { - 0x34, 0xD9, 0xBD, 0xDC, 0x1B, 0x42, 0x17, 0x6C, 0x31, 0x3F, 0xEA, 0x03, - 0x4C, 0x21, 0x03, 0x4D, 0x07, 0x4A, 0x63, 0x13, 0xBB, 0x4E, 0xCD, 0xB3, - 0x70, 0x3F, 0xFF, 0x42, 0x45, 0x67, 0xA4, 0x6B, 0xDF, 0x75, 0x53, 0x0E, - 0xDE, 0x0A, 0x9D, 0xA5, 0x22, 0x9D, 0xE7, 0xD7, 0x67, 0x32, 0x28, 0x6C, - 0xBC, 0x0F, 0x91, 0xDA, 0x4C, 0x3C, 0x85, 0x2F, 0xC0, 0x99, 0xC6, 0x79, - 0x53, 0x1D, 0x94, 0xC7, 0x8A, 0xB0, 0x3D, 0x9D, 0xEC, 0xB0, 0xA4, 0xE4, - 0xCA, 0x8B, 0x2B, 0xB4, 0x59, 0x1C, 0x40, 0x21, 0xCF, 0x8C, 0xE3, 0xA2, - 0x0A, 0x54, 0x1D, 0x33, 0x99, 0x40, 0x17, 0xD0, 0x20, 0x0A, 0xE2, 0xC9, - 0x51, 0x6E, 0x2F, 0xF5, 0x14, 0x57, 0x79, 0x26, 0x9E, 0x86, 0x2B, 0x0F, - 0xB4, 0x74, 0xA2, 0xD5, 0x6D, 0xC3, 0x1E, 0xD5, 0x69, 0xA7, 0x70, 0x0B, - 0x4C, 0x4A, 0xB1, 0x6B, 0x22, 0xA4, 0x55, 0x13, 0x53, 0x1E, 0xF5, 0x23, - 0xD7, 0x12, 0x12, 0x07, 0x7B, 0x5A, 0x16, 0x9B, 0xDE, 0xFF, 0xAD, 0x7A, - 0xD9, 0x60, 0x82, 0x84, 0xC7, 0x79, 0x5B, 0x6D, 0x5A, 0x51, 0x83, 0xB8, - 0x70, 0x66, 0xDE, 0x17, 0xD8, 0xD6, 0x71, 0xC9, 0xEB, 0xD8, 0xEC, 0x89, - 0x54, 0x4D, 0x45, 0xEC, 0x06, 0x15, 0x93, 0xD4, 0x42, 0xC6, 0x2A, 0xB9, - 0xCE, 0x3B, 0x1C, 0xB9, 0x94, 0x3A, 0x1D, 0x23, 0xA5, 0xEA, 0x3B, 0xCF, - 0x21, 0xA0, 0x14, 0x71, 0xE6, 0x7E, 0x00, 0x3E, 0x7F, 0x8A, 0x69, 0xC7, - 0x28, 0xBE, 0x49, 0x0B, 0x2F, 0xC8, 0x8C, 0xFE, 0xB9, 0x2D, 0xB6, 0xA2, - 0x15, 0xE5, 0xD0, 0x3C, 0x17, 0xC4, 0x64, 0xC9, 0xAC, 0x1A, 0x46, 0xE2, - 0x03, 0xE1, 0x3F, 0x95, 0x29, 0x95, 0xFB, 0x03, 0xC6, 0x9D, 0x3C, 0xC4, - 0x7F, 0xCB, 0x51, 0x0B, 0x69, 0x98, 0xFF, 0xD3, 0xAA, 0x6D, 0xE7, 0x3C, - 0xF9, 0xF6, 0x38, 0x69}; -static const unsigned char dhtest_2048_256_xA[] = { - 0x08, 0x81, 0x38, 0x2C, 0xDB, 0x87, 0x66, 0x0C, 0x6D, 0xC1, 0x3E, - 0x61, 0x49, 0x38, 0xD5, 0xB9, 0xC8, 0xB2, 0xF2, 0x48, 0x58, 0x1C, - 0xC5, 0xE3, 0x1B, 0x35, 0x45, 0x43, 0x97, 0xFC, 0xE5, 0x0E}; -static const unsigned char dhtest_2048_256_yA[] = { - 0x2E, 0x93, 0x80, 0xC8, 0x32, 0x3A, 0xF9, 0x75, 0x45, 0xBC, 0x49, 0x41, - 0xDE, 0xB0, 0xEC, 0x37, 0x42, 0xC6, 0x2F, 0xE0, 0xEC, 0xE8, 0x24, 0xA6, - 0xAB, 0xDB, 0xE6, 0x6C, 0x59, 0xBE, 0xE0, 0x24, 0x29, 0x11, 0xBF, 0xB9, - 0x67, 0x23, 0x5C, 0xEB, 0xA3, 0x5A, 0xE1, 0x3E, 0x4E, 0xC7, 0x52, 0xBE, - 0x63, 0x0B, 0x92, 0xDC, 0x4B, 0xDE, 0x28, 0x47, 0xA9, 0xC6, 0x2C, 0xB8, - 0x15, 0x27, 0x45, 0x42, 0x1F, 0xB7, 0xEB, 0x60, 0xA6, 0x3C, 0x0F, 0xE9, - 0x15, 0x9F, 0xCC, 0xE7, 0x26, 0xCE, 0x7C, 0xD8, 0x52, 0x3D, 0x74, 0x50, - 0x66, 0x7E, 0xF8, 0x40, 0xE4, 0x91, 0x91, 0x21, 0xEB, 0x5F, 0x01, 0xC8, - 0xC9, 0xB0, 0xD3, 0xD6, 0x48, 0xA9, 0x3B, 0xFB, 0x75, 0x68, 0x9E, 0x82, - 0x44, 0xAC, 0x13, 0x4A, 0xF5, 0x44, 0x71, 0x1C, 0xE7, 0x9A, 0x02, 0xDC, - 0xC3, 0x42, 0x26, 0x68, 0x47, 0x80, 0xDD, 0xDC, 0xB4, 0x98, 0x59, 0x41, - 0x06, 0xC3, 0x7F, 0x5B, 0xC7, 0x98, 0x56, 0x48, 0x7A, 0xF5, 0xAB, 0x02, - 0x2A, 0x2E, 0x5E, 0x42, 0xF0, 0x98, 0x97, 0xC1, 0xA8, 0x5A, 0x11, 0xEA, - 0x02, 0x12, 0xAF, 0x04, 0xD9, 0xB4, 0xCE, 0xBC, 0x93, 0x7C, 0x3C, 0x1A, - 0x3E, 0x15, 0xA8, 0xA0, 0x34, 0x2E, 0x33, 0x76, 0x15, 0xC8, 0x4E, 0x7F, - 0xE3, 0xB8, 0xB9, 0xB8, 0x7F, 0xB1, 0xE7, 0x3A, 0x15, 0xAF, 0x12, 0xA3, - 0x0D, 0x74, 0x6E, 0x06, 0xDF, 0xC3, 0x4F, 0x29, 0x0D, 0x79, 0x7C, 0xE5, - 0x1A, 0xA1, 0x3A, 0xA7, 0x85, 0xBF, 0x66, 0x58, 0xAF, 0xF5, 0xE4, 0xB0, - 0x93, 0x00, 0x3C, 0xBE, 0xAF, 0x66, 0x5B, 0x3C, 0x2E, 0x11, 0x3A, 0x3A, - 0x4E, 0x90, 0x52, 0x69, 0x34, 0x1D, 0xC0, 0x71, 0x14, 0x26, 0x68, 0x5F, - 0x4E, 0xF3, 0x7E, 0x86, 0x8A, 0x81, 0x26, 0xFF, 0x3F, 0x22, 0x79, 0xB5, - 0x7C, 0xA6, 0x7E, 0x29}; -static const unsigned char dhtest_2048_256_xB[] = { - 0x7D, 0x62, 0xA7, 0xE3, 0xEF, 0x36, 0xDE, 0x61, 0x7B, 0x13, 0xD1, - 0xAF, 0xB8, 0x2C, 0x78, 0x0D, 0x83, 0xA2, 0x3B, 0xD4, 0xEE, 0x67, - 0x05, 0x64, 0x51, 0x21, 0xF3, 0x71, 0xF5, 0x46, 0xA5, 0x3D}; -static const unsigned char dhtest_2048_256_yB[] = { - 0x57, 0x5F, 0x03, 0x51, 0xBD, 0x2B, 0x1B, 0x81, 0x74, 0x48, 0xBD, 0xF8, - 0x7A, 0x6C, 0x36, 0x2C, 0x1E, 0x28, 0x9D, 0x39, 0x03, 0xA3, 0x0B, 0x98, - 0x32, 0xC5, 0x74, 0x1F, 0xA2, 0x50, 0x36, 0x3E, 0x7A, 0xCB, 0xC7, 0xF7, - 0x7F, 0x3D, 0xAC, 0xBC, 0x1F, 0x13, 0x1A, 0xDD, 0x8E, 0x03, 0x36, 0x7E, - 0xFF, 0x8F, 0xBB, 0xB3, 0xE1, 0xC5, 0x78, 0x44, 0x24, 0x80, 0x9B, 0x25, - 0xAF, 0xE4, 0xD2, 0x26, 0x2A, 0x1A, 0x6F, 0xD2, 0xFA, 0xB6, 0x41, 0x05, - 0xCA, 0x30, 0xA6, 0x74, 0xE0, 0x7F, 0x78, 0x09, 0x85, 0x20, 0x88, 0x63, - 0x2F, 0xC0, 0x49, 0x23, 0x37, 0x91, 0xAD, 0x4E, 0xDD, 0x08, 0x3A, 0x97, - 0x8B, 0x88, 0x3E, 0xE6, 0x18, 0xBC, 0x5E, 0x0D, 0xD0, 0x47, 0x41, 0x5F, - 0x2D, 0x95, 0xE6, 0x83, 0xCF, 0x14, 0x82, 0x6B, 0x5F, 0xBE, 0x10, 0xD3, - 0xCE, 0x41, 0xC6, 0xC1, 0x20, 0xC7, 0x8A, 0xB2, 0x00, 0x08, 0xC6, 0x98, - 0xBF, 0x7F, 0x0B, 0xCA, 0xB9, 0xD7, 0xF4, 0x07, 0xBE, 0xD0, 0xF4, 0x3A, - 0xFB, 0x29, 0x70, 0xF5, 0x7F, 0x8D, 0x12, 0x04, 0x39, 0x63, 0xE6, 0x6D, - 0xDD, 0x32, 0x0D, 0x59, 0x9A, 0xD9, 0x93, 0x6C, 0x8F, 0x44, 0x13, 0x7C, - 0x08, 0xB1, 0x80, 0xEC, 0x5E, 0x98, 0x5C, 0xEB, 0xE1, 0x86, 0xF3, 0xD5, - 0x49, 0x67, 0x7E, 0x80, 0x60, 0x73, 0x31, 0xEE, 0x17, 0xAF, 0x33, 0x80, - 0xA7, 0x25, 0xB0, 0x78, 0x23, 0x17, 0xD7, 0xDD, 0x43, 0xF5, 0x9D, 0x7A, - 0xF9, 0x56, 0x8A, 0x9B, 0xB6, 0x3A, 0x84, 0xD3, 0x65, 0xF9, 0x22, 0x44, - 0xED, 0x12, 0x09, 0x88, 0x21, 0x93, 0x02, 0xF4, 0x29, 0x24, 0xC7, 0xCA, - 0x90, 0xB8, 0x9D, 0x24, 0xF7, 0x1B, 0x0A, 0xB6, 0x97, 0x82, 0x3D, 0x7D, - 0xEB, 0x1A, 0xFF, 0x5B, 0x0E, 0x8E, 0x4A, 0x45, 0xD4, 0x9F, 0x7F, 0x53, - 0x75, 0x7E, 0x19, 0x13}; -static const unsigned char dhtest_2048_256_Z[] = { - 0x86, 0xC7, 0x0B, 0xF8, 0xD0, 0xBB, 0x81, 0xBB, 0x01, 0x07, 0x8A, 0x17, - 0x21, 0x9C, 0xB7, 0xD2, 0x72, 0x03, 0xDB, 0x2A, 0x19, 0xC8, 0x77, 0xF1, - 0xD1, 0xF1, 0x9F, 0xD7, 0xD7, 0x7E, 0xF2, 0x25, 0x46, 0xA6, 0x8F, 0x00, - 0x5A, 0xD5, 0x2D, 0xC8, 0x45, 0x53, 0xB7, 0x8F, 0xC6, 0x03, 0x30, 0xBE, - 0x51, 0xEA, 0x7C, 0x06, 0x72, 0xCA, 0xC1, 0x51, 0x5E, 0x4B, 0x35, 0xC0, - 0x47, 0xB9, 0xA5, 0x51, 0xB8, 0x8F, 0x39, 0xDC, 0x26, 0xDA, 0x14, 0xA0, - 0x9E, 0xF7, 0x47, 0x74, 0xD4, 0x7C, 0x76, 0x2D, 0xD1, 0x77, 0xF9, 0xED, - 0x5B, 0xC2, 0xF1, 0x1E, 0x52, 0xC8, 0x79, 0xBD, 0x95, 0x09, 0x85, 0x04, - 0xCD, 0x9E, 0xEC, 0xD8, 0xA8, 0xF9, 0xB3, 0xEF, 0xBD, 0x1F, 0x00, 0x8A, - 0xC5, 0x85, 0x30, 0x97, 0xD9, 0xD1, 0x83, 0x7F, 0x2B, 0x18, 0xF7, 0x7C, - 0xD7, 0xBE, 0x01, 0xAF, 0x80, 0xA7, 0xC7, 0xB5, 0xEA, 0x3C, 0xA5, 0x4C, - 0xC0, 0x2D, 0x0C, 0x11, 0x6F, 0xEE, 0x3F, 0x95, 0xBB, 0x87, 0x39, 0x93, - 0x85, 0x87, 0x5D, 0x7E, 0x86, 0x74, 0x7E, 0x67, 0x6E, 0x72, 0x89, 0x38, - 0xAC, 0xBF, 0xF7, 0x09, 0x8E, 0x05, 0xBE, 0x4D, 0xCF, 0xB2, 0x40, 0x52, - 0xB8, 0x3A, 0xEF, 0xFB, 0x14, 0x78, 0x3F, 0x02, 0x9A, 0xDB, 0xDE, 0x7F, - 0x53, 0xFA, 0xE9, 0x20, 0x84, 0x22, 0x40, 0x90, 0xE0, 0x07, 0xCE, 0xE9, - 0x4D, 0x4B, 0xF2, 0xBA, 0xCE, 0x9F, 0xFD, 0x4B, 0x57, 0xD2, 0xAF, 0x7C, - 0x72, 0x4D, 0x0C, 0xAA, 0x19, 0xBF, 0x05, 0x01, 0xF6, 0xF1, 0x7B, 0x4A, - 0xA1, 0x0F, 0x42, 0x5E, 0x3E, 0xA7, 0x60, 0x80, 0xB4, 0xB9, 0xD6, 0xB3, - 0xCE, 0xFE, 0xA1, 0x15, 0xB2, 0xCE, 0xB8, 0x78, 0x9B, 0xB8, 0xA3, 0xB0, - 0xEA, 0x87, 0xFE, 0xBE, 0x63, 0xB6, 0xC8, 0xF8, 0x46, 0xEC, 0x6D, 0xB0, - 0xC2, 0x6C, 0x5D, 0x7C}; - -typedef struct { - DH *(*get_param)(const ENGINE *engine); - const unsigned char *xA; - size_t xA_len; - const unsigned char *yA; - size_t yA_len; - const unsigned char *xB; - size_t xB_len; - const unsigned char *yB; - size_t yB_len; - const unsigned char *Z; - size_t Z_len; -} rfc5114_td; - -#define make_rfc5114_td(pre) \ - { \ - DH_get_##pre, dhtest_##pre##_xA, sizeof(dhtest_##pre##_xA), \ - dhtest_##pre##_yA, sizeof(dhtest_##pre##_yA), dhtest_##pre##_xB, \ - sizeof(dhtest_##pre##_xB), dhtest_##pre##_yB, \ - sizeof(dhtest_##pre##_yB), dhtest_##pre##_Z, sizeof(dhtest_##pre##_Z) \ - } - -static const rfc5114_td rfctd[] = {make_rfc5114_td(1024_160), - make_rfc5114_td(2048_224), - make_rfc5114_td(2048_256)}; - -static int run_rfc5114_tests(void) { - int i; - DH *dhA = NULL, *dhB = NULL; - unsigned char *Z1 = NULL, *Z2 = NULL; - - for (i = 0; i < (int)(sizeof(rfctd) / sizeof(rfc5114_td)); i++) { - const rfc5114_td *td = rfctd + i; - /* Set up DH structures setting key components */ - dhA = td->get_param(NULL); - dhB = td->get_param(NULL); - if (!dhA || !dhB) - goto bad_err; - - dhA->priv_key = BN_bin2bn(td->xA, td->xA_len, NULL); - dhA->pub_key = BN_bin2bn(td->yA, td->yA_len, NULL); - - dhB->priv_key = BN_bin2bn(td->xB, td->xB_len, NULL); - dhB->pub_key = BN_bin2bn(td->yB, td->yB_len, NULL); - - if (!dhA->priv_key || !dhA->pub_key || !dhB->priv_key || !dhB->pub_key) - goto bad_err; - - if ((td->Z_len != (size_t)DH_size(dhA)) || - (td->Z_len != (size_t)DH_size(dhB))) - goto err; - - Z1 = OPENSSL_malloc(DH_size(dhA)); - Z2 = OPENSSL_malloc(DH_size(dhB)); - /* Work out shared secrets using both sides and compare - * with expected values. - */ - if (!DH_compute_key(Z1, dhB->pub_key, dhA)) - goto bad_err; - if (!DH_compute_key(Z2, dhA->pub_key, dhB)) - goto bad_err; - - if (memcmp(Z1, td->Z, td->Z_len)) - goto err; - if (memcmp(Z2, td->Z, td->Z_len)) - goto err; - - printf("RFC5114 parameter test %d OK\n", i + 1); - - DH_free(dhA); - dhA = NULL; - DH_free(dhB); - dhB = NULL; - OPENSSL_free(Z1); - Z1 = NULL; - OPENSSL_free(Z2); - Z2 = NULL; - } - - printf("PASS\n"); - return 1; - -bad_err: - fprintf(stderr, "Initalisation error RFC5114 set %d\n", i + 1); - BIO_print_errors_fp(stderr); - -err: - if (Z1 != NULL) { - OPENSSL_free(Z1); - } - if (Z2 != NULL) { - OPENSSL_free(Z2); - } - if (dhA != NULL) { - DH_free(dhA); - } - if (dhB != NULL) { - DH_free(dhB); - } - - fprintf(stderr, "Test failed RFC5114 set %d\n", i + 1); - return 0; -} diff --git a/src/crypto/dh/dh_test.cc b/src/crypto/dh/dh_test.cc new file mode 100644 index 0000000..16a5ae0 --- /dev/null +++ b/src/crypto/dh/dh_test.cc @@ -0,0 +1,480 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] */ + +#include + +#include +#include + +#include + +#include +#include +#include +#include + +#include "internal.h" +#include "../test/scoped_types.h" +#include "../test/stl_compat.h" + + +static bool RunBasicTests(); +static bool RunRFC5114Tests(); + +int main(int argc, char *argv[]) { + CRYPTO_library_init(); + + if (!RunBasicTests() || + !RunRFC5114Tests()) { + ERR_print_errors_fp(stderr); + return 1; + } + + printf("PASS\n"); + return 0; +} + +static int GenerateCallback(int p, int n, BN_GENCB *arg) { + char c = '*'; + + if (p == 0) { + c = '.'; + } else if (p == 1) { + c = '+'; + } else if (p == 2) { + c = '*'; + } else if (p == 3) { + c = '\n'; + } + FILE *out = reinterpret_cast(arg->arg); + fputc(c, out); + fflush(out); + + return 1; +} + +static bool RunBasicTests() { + BN_GENCB cb; + BN_GENCB_set(&cb, &GenerateCallback, stdout); + ScopedDH a(DH_new()); + if (!a || !DH_generate_parameters_ex(a.get(), 64, DH_GENERATOR_5, &cb)) { + return false; + } + + int check_result; + if (!DH_check(a.get(), &check_result)) { + return false; + } + if (check_result & DH_CHECK_P_NOT_PRIME) { + printf("p value is not prime\n"); + } + if (check_result & DH_CHECK_P_NOT_SAFE_PRIME) { + printf("p value is not a safe prime\n"); + } + if (check_result & DH_CHECK_UNABLE_TO_CHECK_GENERATOR) { + printf("unable to check the generator value\n"); + } + if (check_result & DH_CHECK_NOT_SUITABLE_GENERATOR) { + printf("the g value is not a generator\n"); + } + + printf("\np = "); + BN_print_fp(stdout, a->p); + printf("\ng = "); + BN_print_fp(stdout, a->g); + printf("\n"); + + ScopedDH b(DH_new()); + if (!b) { + return false; + } + + b->p = BN_dup(a->p); + b->g = BN_dup(a->g); + if (b->p == nullptr || b->g == nullptr) { + return false; + } + + if (!DH_generate_key(a.get())) { + return false; + } + printf("pri1 = "); + BN_print_fp(stdout, a->priv_key); + printf("\npub1 = "); + BN_print_fp(stdout, a->pub_key); + printf("\n"); + + if (!DH_generate_key(b.get())) { + return false; + } + printf("pri2 = "); + BN_print_fp(stdout, b->priv_key); + printf("\npub2 = "); + BN_print_fp(stdout, b->pub_key); + printf("\n"); + + std::vector key1(DH_size(a.get())); + int ret = DH_compute_key(bssl::vector_data(&key1), b->pub_key, a.get()); + if (ret < 0) { + return false; + } + key1.resize(ret); + + printf("key1 = "); + for (size_t i = 0; i < key1.size(); i++) { + printf("%02x", key1[i]); + } + printf("\n"); + + std::vector key2(DH_size(b.get())); + ret = DH_compute_key(bssl::vector_data(&key2), a->pub_key, b.get()); + if (ret < 0) { + return false; + } + key2.resize(ret); + + printf("key2 = "); + for (size_t i = 0; i < key2.size(); i++) { + printf("%02x", key2[i]); + } + printf("\n"); + + if (key1.size() < 4 || key1 != key2) { + fprintf(stderr, "Error in DH routines\n"); + return false; + } + + return true; +} + +/* Test data from RFC 5114 */ + +static const uint8_t kDHTest1024_160_xA[] = { + 0xB9, 0xA3, 0xB3, 0xAE, 0x8F, 0xEF, 0xC1, 0xA2, 0x93, 0x04, + 0x96, 0x50, 0x70, 0x86, 0xF8, 0x45, 0x5D, 0x48, 0x94, 0x3E}; +static const uint8_t kDHTest1024_160_yA[] = { + 0x2A, 0x85, 0x3B, 0x3D, 0x92, 0x19, 0x75, 0x01, 0xB9, 0x01, 0x5B, 0x2D, + 0xEB, 0x3E, 0xD8, 0x4F, 0x5E, 0x02, 0x1D, 0xCC, 0x3E, 0x52, 0xF1, 0x09, + 0xD3, 0x27, 0x3D, 0x2B, 0x75, 0x21, 0x28, 0x1C, 0xBA, 0xBE, 0x0E, 0x76, + 0xFF, 0x57, 0x27, 0xFA, 0x8A, 0xCC, 0xE2, 0x69, 0x56, 0xBA, 0x9A, 0x1F, + 0xCA, 0x26, 0xF2, 0x02, 0x28, 0xD8, 0x69, 0x3F, 0xEB, 0x10, 0x84, 0x1D, + 0x84, 0xA7, 0x36, 0x00, 0x54, 0xEC, 0xE5, 0xA7, 0xF5, 0xB7, 0xA6, 0x1A, + 0xD3, 0xDF, 0xB3, 0xC6, 0x0D, 0x2E, 0x43, 0x10, 0x6D, 0x87, 0x27, 0xDA, + 0x37, 0xDF, 0x9C, 0xCE, 0x95, 0xB4, 0x78, 0x75, 0x5D, 0x06, 0xBC, 0xEA, + 0x8F, 0x9D, 0x45, 0x96, 0x5F, 0x75, 0xA5, 0xF3, 0xD1, 0xDF, 0x37, 0x01, + 0x16, 0x5F, 0xC9, 0xE5, 0x0C, 0x42, 0x79, 0xCE, 0xB0, 0x7F, 0x98, 0x95, + 0x40, 0xAE, 0x96, 0xD5, 0xD8, 0x8E, 0xD7, 0x76}; +static const uint8_t kDHTest1024_160_xB[] = { + 0x93, 0x92, 0xC9, 0xF9, 0xEB, 0x6A, 0x7A, 0x6A, 0x90, 0x22, + 0xF7, 0xD8, 0x3E, 0x72, 0x23, 0xC6, 0x83, 0x5B, 0xBD, 0xDA}; +static const uint8_t kDHTest1024_160_yB[] = { + 0x71, 0x7A, 0x6C, 0xB0, 0x53, 0x37, 0x1F, 0xF4, 0xA3, 0xB9, 0x32, 0x94, + 0x1C, 0x1E, 0x56, 0x63, 0xF8, 0x61, 0xA1, 0xD6, 0xAD, 0x34, 0xAE, 0x66, + 0x57, 0x6D, 0xFB, 0x98, 0xF6, 0xC6, 0xCB, 0xF9, 0xDD, 0xD5, 0xA5, 0x6C, + 0x78, 0x33, 0xF6, 0xBC, 0xFD, 0xFF, 0x09, 0x55, 0x82, 0xAD, 0x86, 0x8E, + 0x44, 0x0E, 0x8D, 0x09, 0xFD, 0x76, 0x9E, 0x3C, 0xEC, 0xCD, 0xC3, 0xD3, + 0xB1, 0xE4, 0xCF, 0xA0, 0x57, 0x77, 0x6C, 0xAA, 0xF9, 0x73, 0x9B, 0x6A, + 0x9F, 0xEE, 0x8E, 0x74, 0x11, 0xF8, 0xD6, 0xDA, 0xC0, 0x9D, 0x6A, 0x4E, + 0xDB, 0x46, 0xCC, 0x2B, 0x5D, 0x52, 0x03, 0x09, 0x0E, 0xAE, 0x61, 0x26, + 0x31, 0x1E, 0x53, 0xFD, 0x2C, 0x14, 0xB5, 0x74, 0xE6, 0xA3, 0x10, 0x9A, + 0x3D, 0xA1, 0xBE, 0x41, 0xBD, 0xCE, 0xAA, 0x18, 0x6F, 0x5C, 0xE0, 0x67, + 0x16, 0xA2, 0xB6, 0xA0, 0x7B, 0x3C, 0x33, 0xFE}; +static const uint8_t kDHTest1024_160_Z[] = { + 0x5C, 0x80, 0x4F, 0x45, 0x4D, 0x30, 0xD9, 0xC4, 0xDF, 0x85, 0x27, 0x1F, + 0x93, 0x52, 0x8C, 0x91, 0xDF, 0x6B, 0x48, 0xAB, 0x5F, 0x80, 0xB3, 0xB5, + 0x9C, 0xAA, 0xC1, 0xB2, 0x8F, 0x8A, 0xCB, 0xA9, 0xCD, 0x3E, 0x39, 0xF3, + 0xCB, 0x61, 0x45, 0x25, 0xD9, 0x52, 0x1D, 0x2E, 0x64, 0x4C, 0x53, 0xB8, + 0x07, 0xB8, 0x10, 0xF3, 0x40, 0x06, 0x2F, 0x25, 0x7D, 0x7D, 0x6F, 0xBF, + 0xE8, 0xD5, 0xE8, 0xF0, 0x72, 0xE9, 0xB6, 0xE9, 0xAF, 0xDA, 0x94, 0x13, + 0xEA, 0xFB, 0x2E, 0x8B, 0x06, 0x99, 0xB1, 0xFB, 0x5A, 0x0C, 0xAC, 0xED, + 0xDE, 0xAE, 0xAD, 0x7E, 0x9C, 0xFB, 0xB3, 0x6A, 0xE2, 0xB4, 0x20, 0x83, + 0x5B, 0xD8, 0x3A, 0x19, 0xFB, 0x0B, 0x5E, 0x96, 0xBF, 0x8F, 0xA4, 0xD0, + 0x9E, 0x34, 0x55, 0x25, 0x16, 0x7E, 0xCD, 0x91, 0x55, 0x41, 0x6F, 0x46, + 0xF4, 0x08, 0xED, 0x31, 0xB6, 0x3C, 0x6E, 0x6D}; +static const uint8_t kDHTest2048_224_xA[] = { + 0x22, 0xE6, 0x26, 0x01, 0xDB, 0xFF, 0xD0, 0x67, 0x08, 0xA6, + 0x80, 0xF7, 0x47, 0xF3, 0x61, 0xF7, 0x6D, 0x8F, 0x4F, 0x72, + 0x1A, 0x05, 0x48, 0xE4, 0x83, 0x29, 0x4B, 0x0C}; +static const uint8_t kDHTest2048_224_yA[] = { + 0x1B, 0x3A, 0x63, 0x45, 0x1B, 0xD8, 0x86, 0xE6, 0x99, 0xE6, 0x7B, 0x49, + 0x4E, 0x28, 0x8B, 0xD7, 0xF8, 0xE0, 0xD3, 0x70, 0xBA, 0xDD, 0xA7, 0xA0, + 0xEF, 0xD2, 0xFD, 0xE7, 0xD8, 0xF6, 0x61, 0x45, 0xCC, 0x9F, 0x28, 0x04, + 0x19, 0x97, 0x5E, 0xB8, 0x08, 0x87, 0x7C, 0x8A, 0x4C, 0x0C, 0x8E, 0x0B, + 0xD4, 0x8D, 0x4A, 0x54, 0x01, 0xEB, 0x1E, 0x87, 0x76, 0xBF, 0xEE, 0xE1, + 0x34, 0xC0, 0x38, 0x31, 0xAC, 0x27, 0x3C, 0xD9, 0xD6, 0x35, 0xAB, 0x0C, + 0xE0, 0x06, 0xA4, 0x2A, 0x88, 0x7E, 0x3F, 0x52, 0xFB, 0x87, 0x66, 0xB6, + 0x50, 0xF3, 0x80, 0x78, 0xBC, 0x8E, 0xE8, 0x58, 0x0C, 0xEF, 0xE2, 0x43, + 0x96, 0x8C, 0xFC, 0x4F, 0x8D, 0xC3, 0xDB, 0x08, 0x45, 0x54, 0x17, 0x1D, + 0x41, 0xBF, 0x2E, 0x86, 0x1B, 0x7B, 0xB4, 0xD6, 0x9D, 0xD0, 0xE0, 0x1E, + 0xA3, 0x87, 0xCB, 0xAA, 0x5C, 0xA6, 0x72, 0xAF, 0xCB, 0xE8, 0xBD, 0xB9, + 0xD6, 0x2D, 0x4C, 0xE1, 0x5F, 0x17, 0xDD, 0x36, 0xF9, 0x1E, 0xD1, 0xEE, + 0xDD, 0x65, 0xCA, 0x4A, 0x06, 0x45, 0x5C, 0xB9, 0x4C, 0xD4, 0x0A, 0x52, + 0xEC, 0x36, 0x0E, 0x84, 0xB3, 0xC9, 0x26, 0xE2, 0x2C, 0x43, 0x80, 0xA3, + 0xBF, 0x30, 0x9D, 0x56, 0x84, 0x97, 0x68, 0xB7, 0xF5, 0x2C, 0xFD, 0xF6, + 0x55, 0xFD, 0x05, 0x3A, 0x7E, 0xF7, 0x06, 0x97, 0x9E, 0x7E, 0x58, 0x06, + 0xB1, 0x7D, 0xFA, 0xE5, 0x3A, 0xD2, 0xA5, 0xBC, 0x56, 0x8E, 0xBB, 0x52, + 0x9A, 0x7A, 0x61, 0xD6, 0x8D, 0x25, 0x6F, 0x8F, 0xC9, 0x7C, 0x07, 0x4A, + 0x86, 0x1D, 0x82, 0x7E, 0x2E, 0xBC, 0x8C, 0x61, 0x34, 0x55, 0x31, 0x15, + 0xB7, 0x0E, 0x71, 0x03, 0x92, 0x0A, 0xA1, 0x6D, 0x85, 0xE5, 0x2B, 0xCB, + 0xAB, 0x8D, 0x78, 0x6A, 0x68, 0x17, 0x8F, 0xA8, 0xFF, 0x7C, 0x2F, 0x5C, + 0x71, 0x64, 0x8D, 0x6F}; +static const uint8_t kDHTest2048_224_xB[] = { + 0x4F, 0xF3, 0xBC, 0x96, 0xC7, 0xFC, 0x6A, 0x6D, 0x71, 0xD3, + 0xB3, 0x63, 0x80, 0x0A, 0x7C, 0xDF, 0xEF, 0x6F, 0xC4, 0x1B, + 0x44, 0x17, 0xEA, 0x15, 0x35, 0x3B, 0x75, 0x90}; +static const uint8_t kDHTest2048_224_yB[] = { + 0x4D, 0xCE, 0xE9, 0x92, 0xA9, 0x76, 0x2A, 0x13, 0xF2, 0xF8, 0x38, 0x44, + 0xAD, 0x3D, 0x77, 0xEE, 0x0E, 0x31, 0xC9, 0x71, 0x8B, 0x3D, 0xB6, 0xC2, + 0x03, 0x5D, 0x39, 0x61, 0x18, 0x2C, 0x3E, 0x0B, 0xA2, 0x47, 0xEC, 0x41, + 0x82, 0xD7, 0x60, 0xCD, 0x48, 0xD9, 0x95, 0x99, 0x97, 0x06, 0x22, 0xA1, + 0x88, 0x1B, 0xBA, 0x2D, 0xC8, 0x22, 0x93, 0x9C, 0x78, 0xC3, 0x91, 0x2C, + 0x66, 0x61, 0xFA, 0x54, 0x38, 0xB2, 0x07, 0x66, 0x22, 0x2B, 0x75, 0xE2, + 0x4C, 0x2E, 0x3A, 0xD0, 0xC7, 0x28, 0x72, 0x36, 0x12, 0x95, 0x25, 0xEE, + 0x15, 0xB5, 0xDD, 0x79, 0x98, 0xAA, 0x04, 0xC4, 0xA9, 0x69, 0x6C, 0xAC, + 0xD7, 0x17, 0x20, 0x83, 0xA9, 0x7A, 0x81, 0x66, 0x4E, 0xAD, 0x2C, 0x47, + 0x9E, 0x44, 0x4E, 0x4C, 0x06, 0x54, 0xCC, 0x19, 0xE2, 0x8D, 0x77, 0x03, + 0xCE, 0xE8, 0xDA, 0xCD, 0x61, 0x26, 0xF5, 0xD6, 0x65, 0xEC, 0x52, 0xC6, + 0x72, 0x55, 0xDB, 0x92, 0x01, 0x4B, 0x03, 0x7E, 0xB6, 0x21, 0xA2, 0xAC, + 0x8E, 0x36, 0x5D, 0xE0, 0x71, 0xFF, 0xC1, 0x40, 0x0A, 0xCF, 0x07, 0x7A, + 0x12, 0x91, 0x3D, 0xD8, 0xDE, 0x89, 0x47, 0x34, 0x37, 0xAB, 0x7B, 0xA3, + 0x46, 0x74, 0x3C, 0x1B, 0x21, 0x5D, 0xD9, 0xC1, 0x21, 0x64, 0xA7, 0xE4, + 0x05, 0x31, 0x18, 0xD1, 0x99, 0xBE, 0xC8, 0xEF, 0x6F, 0xC5, 0x61, 0x17, + 0x0C, 0x84, 0xC8, 0x7D, 0x10, 0xEE, 0x9A, 0x67, 0x4A, 0x1F, 0xA8, 0xFF, + 0xE1, 0x3B, 0xDF, 0xBA, 0x1D, 0x44, 0xDE, 0x48, 0x94, 0x6D, 0x68, 0xDC, + 0x0C, 0xDD, 0x77, 0x76, 0x35, 0xA7, 0xAB, 0x5B, 0xFB, 0x1E, 0x4B, 0xB7, + 0xB8, 0x56, 0xF9, 0x68, 0x27, 0x73, 0x4C, 0x18, 0x41, 0x38, 0xE9, 0x15, + 0xD9, 0xC3, 0x00, 0x2E, 0xBC, 0xE5, 0x31, 0x20, 0x54, 0x6A, 0x7E, 0x20, + 0x02, 0x14, 0x2B, 0x6C}; +static const uint8_t kDHTest2048_224_Z[] = { + 0x34, 0xD9, 0xBD, 0xDC, 0x1B, 0x42, 0x17, 0x6C, 0x31, 0x3F, 0xEA, 0x03, + 0x4C, 0x21, 0x03, 0x4D, 0x07, 0x4A, 0x63, 0x13, 0xBB, 0x4E, 0xCD, 0xB3, + 0x70, 0x3F, 0xFF, 0x42, 0x45, 0x67, 0xA4, 0x6B, 0xDF, 0x75, 0x53, 0x0E, + 0xDE, 0x0A, 0x9D, 0xA5, 0x22, 0x9D, 0xE7, 0xD7, 0x67, 0x32, 0x28, 0x6C, + 0xBC, 0x0F, 0x91, 0xDA, 0x4C, 0x3C, 0x85, 0x2F, 0xC0, 0x99, 0xC6, 0x79, + 0x53, 0x1D, 0x94, 0xC7, 0x8A, 0xB0, 0x3D, 0x9D, 0xEC, 0xB0, 0xA4, 0xE4, + 0xCA, 0x8B, 0x2B, 0xB4, 0x59, 0x1C, 0x40, 0x21, 0xCF, 0x8C, 0xE3, 0xA2, + 0x0A, 0x54, 0x1D, 0x33, 0x99, 0x40, 0x17, 0xD0, 0x20, 0x0A, 0xE2, 0xC9, + 0x51, 0x6E, 0x2F, 0xF5, 0x14, 0x57, 0x79, 0x26, 0x9E, 0x86, 0x2B, 0x0F, + 0xB4, 0x74, 0xA2, 0xD5, 0x6D, 0xC3, 0x1E, 0xD5, 0x69, 0xA7, 0x70, 0x0B, + 0x4C, 0x4A, 0xB1, 0x6B, 0x22, 0xA4, 0x55, 0x13, 0x53, 0x1E, 0xF5, 0x23, + 0xD7, 0x12, 0x12, 0x07, 0x7B, 0x5A, 0x16, 0x9B, 0xDE, 0xFF, 0xAD, 0x7A, + 0xD9, 0x60, 0x82, 0x84, 0xC7, 0x79, 0x5B, 0x6D, 0x5A, 0x51, 0x83, 0xB8, + 0x70, 0x66, 0xDE, 0x17, 0xD8, 0xD6, 0x71, 0xC9, 0xEB, 0xD8, 0xEC, 0x89, + 0x54, 0x4D, 0x45, 0xEC, 0x06, 0x15, 0x93, 0xD4, 0x42, 0xC6, 0x2A, 0xB9, + 0xCE, 0x3B, 0x1C, 0xB9, 0x94, 0x3A, 0x1D, 0x23, 0xA5, 0xEA, 0x3B, 0xCF, + 0x21, 0xA0, 0x14, 0x71, 0xE6, 0x7E, 0x00, 0x3E, 0x7F, 0x8A, 0x69, 0xC7, + 0x28, 0xBE, 0x49, 0x0B, 0x2F, 0xC8, 0x8C, 0xFE, 0xB9, 0x2D, 0xB6, 0xA2, + 0x15, 0xE5, 0xD0, 0x3C, 0x17, 0xC4, 0x64, 0xC9, 0xAC, 0x1A, 0x46, 0xE2, + 0x03, 0xE1, 0x3F, 0x95, 0x29, 0x95, 0xFB, 0x03, 0xC6, 0x9D, 0x3C, 0xC4, + 0x7F, 0xCB, 0x51, 0x0B, 0x69, 0x98, 0xFF, 0xD3, 0xAA, 0x6D, 0xE7, 0x3C, + 0xF9, 0xF6, 0x38, 0x69}; +static const uint8_t kDHTest2048_256_xA[] = { + 0x08, 0x81, 0x38, 0x2C, 0xDB, 0x87, 0x66, 0x0C, 0x6D, 0xC1, 0x3E, + 0x61, 0x49, 0x38, 0xD5, 0xB9, 0xC8, 0xB2, 0xF2, 0x48, 0x58, 0x1C, + 0xC5, 0xE3, 0x1B, 0x35, 0x45, 0x43, 0x97, 0xFC, 0xE5, 0x0E}; +static const uint8_t kDHTest2048_256_yA[] = { + 0x2E, 0x93, 0x80, 0xC8, 0x32, 0x3A, 0xF9, 0x75, 0x45, 0xBC, 0x49, 0x41, + 0xDE, 0xB0, 0xEC, 0x37, 0x42, 0xC6, 0x2F, 0xE0, 0xEC, 0xE8, 0x24, 0xA6, + 0xAB, 0xDB, 0xE6, 0x6C, 0x59, 0xBE, 0xE0, 0x24, 0x29, 0x11, 0xBF, 0xB9, + 0x67, 0x23, 0x5C, 0xEB, 0xA3, 0x5A, 0xE1, 0x3E, 0x4E, 0xC7, 0x52, 0xBE, + 0x63, 0x0B, 0x92, 0xDC, 0x4B, 0xDE, 0x28, 0x47, 0xA9, 0xC6, 0x2C, 0xB8, + 0x15, 0x27, 0x45, 0x42, 0x1F, 0xB7, 0xEB, 0x60, 0xA6, 0x3C, 0x0F, 0xE9, + 0x15, 0x9F, 0xCC, 0xE7, 0x26, 0xCE, 0x7C, 0xD8, 0x52, 0x3D, 0x74, 0x50, + 0x66, 0x7E, 0xF8, 0x40, 0xE4, 0x91, 0x91, 0x21, 0xEB, 0x5F, 0x01, 0xC8, + 0xC9, 0xB0, 0xD3, 0xD6, 0x48, 0xA9, 0x3B, 0xFB, 0x75, 0x68, 0x9E, 0x82, + 0x44, 0xAC, 0x13, 0x4A, 0xF5, 0x44, 0x71, 0x1C, 0xE7, 0x9A, 0x02, 0xDC, + 0xC3, 0x42, 0x26, 0x68, 0x47, 0x80, 0xDD, 0xDC, 0xB4, 0x98, 0x59, 0x41, + 0x06, 0xC3, 0x7F, 0x5B, 0xC7, 0x98, 0x56, 0x48, 0x7A, 0xF5, 0xAB, 0x02, + 0x2A, 0x2E, 0x5E, 0x42, 0xF0, 0x98, 0x97, 0xC1, 0xA8, 0x5A, 0x11, 0xEA, + 0x02, 0x12, 0xAF, 0x04, 0xD9, 0xB4, 0xCE, 0xBC, 0x93, 0x7C, 0x3C, 0x1A, + 0x3E, 0x15, 0xA8, 0xA0, 0x34, 0x2E, 0x33, 0x76, 0x15, 0xC8, 0x4E, 0x7F, + 0xE3, 0xB8, 0xB9, 0xB8, 0x7F, 0xB1, 0xE7, 0x3A, 0x15, 0xAF, 0x12, 0xA3, + 0x0D, 0x74, 0x6E, 0x06, 0xDF, 0xC3, 0x4F, 0x29, 0x0D, 0x79, 0x7C, 0xE5, + 0x1A, 0xA1, 0x3A, 0xA7, 0x85, 0xBF, 0x66, 0x58, 0xAF, 0xF5, 0xE4, 0xB0, + 0x93, 0x00, 0x3C, 0xBE, 0xAF, 0x66, 0x5B, 0x3C, 0x2E, 0x11, 0x3A, 0x3A, + 0x4E, 0x90, 0x52, 0x69, 0x34, 0x1D, 0xC0, 0x71, 0x14, 0x26, 0x68, 0x5F, + 0x4E, 0xF3, 0x7E, 0x86, 0x8A, 0x81, 0x26, 0xFF, 0x3F, 0x22, 0x79, 0xB5, + 0x7C, 0xA6, 0x7E, 0x29}; +static const uint8_t kDHTest2048_256_xB[] = { + 0x7D, 0x62, 0xA7, 0xE3, 0xEF, 0x36, 0xDE, 0x61, 0x7B, 0x13, 0xD1, + 0xAF, 0xB8, 0x2C, 0x78, 0x0D, 0x83, 0xA2, 0x3B, 0xD4, 0xEE, 0x67, + 0x05, 0x64, 0x51, 0x21, 0xF3, 0x71, 0xF5, 0x46, 0xA5, 0x3D}; +static const uint8_t kDHTest2048_256_yB[] = { + 0x57, 0x5F, 0x03, 0x51, 0xBD, 0x2B, 0x1B, 0x81, 0x74, 0x48, 0xBD, 0xF8, + 0x7A, 0x6C, 0x36, 0x2C, 0x1E, 0x28, 0x9D, 0x39, 0x03, 0xA3, 0x0B, 0x98, + 0x32, 0xC5, 0x74, 0x1F, 0xA2, 0x50, 0x36, 0x3E, 0x7A, 0xCB, 0xC7, 0xF7, + 0x7F, 0x3D, 0xAC, 0xBC, 0x1F, 0x13, 0x1A, 0xDD, 0x8E, 0x03, 0x36, 0x7E, + 0xFF, 0x8F, 0xBB, 0xB3, 0xE1, 0xC5, 0x78, 0x44, 0x24, 0x80, 0x9B, 0x25, + 0xAF, 0xE4, 0xD2, 0x26, 0x2A, 0x1A, 0x6F, 0xD2, 0xFA, 0xB6, 0x41, 0x05, + 0xCA, 0x30, 0xA6, 0x74, 0xE0, 0x7F, 0x78, 0x09, 0x85, 0x20, 0x88, 0x63, + 0x2F, 0xC0, 0x49, 0x23, 0x37, 0x91, 0xAD, 0x4E, 0xDD, 0x08, 0x3A, 0x97, + 0x8B, 0x88, 0x3E, 0xE6, 0x18, 0xBC, 0x5E, 0x0D, 0xD0, 0x47, 0x41, 0x5F, + 0x2D, 0x95, 0xE6, 0x83, 0xCF, 0x14, 0x82, 0x6B, 0x5F, 0xBE, 0x10, 0xD3, + 0xCE, 0x41, 0xC6, 0xC1, 0x20, 0xC7, 0x8A, 0xB2, 0x00, 0x08, 0xC6, 0x98, + 0xBF, 0x7F, 0x0B, 0xCA, 0xB9, 0xD7, 0xF4, 0x07, 0xBE, 0xD0, 0xF4, 0x3A, + 0xFB, 0x29, 0x70, 0xF5, 0x7F, 0x8D, 0x12, 0x04, 0x39, 0x63, 0xE6, 0x6D, + 0xDD, 0x32, 0x0D, 0x59, 0x9A, 0xD9, 0x93, 0x6C, 0x8F, 0x44, 0x13, 0x7C, + 0x08, 0xB1, 0x80, 0xEC, 0x5E, 0x98, 0x5C, 0xEB, 0xE1, 0x86, 0xF3, 0xD5, + 0x49, 0x67, 0x7E, 0x80, 0x60, 0x73, 0x31, 0xEE, 0x17, 0xAF, 0x33, 0x80, + 0xA7, 0x25, 0xB0, 0x78, 0x23, 0x17, 0xD7, 0xDD, 0x43, 0xF5, 0x9D, 0x7A, + 0xF9, 0x56, 0x8A, 0x9B, 0xB6, 0x3A, 0x84, 0xD3, 0x65, 0xF9, 0x22, 0x44, + 0xED, 0x12, 0x09, 0x88, 0x21, 0x93, 0x02, 0xF4, 0x29, 0x24, 0xC7, 0xCA, + 0x90, 0xB8, 0x9D, 0x24, 0xF7, 0x1B, 0x0A, 0xB6, 0x97, 0x82, 0x3D, 0x7D, + 0xEB, 0x1A, 0xFF, 0x5B, 0x0E, 0x8E, 0x4A, 0x45, 0xD4, 0x9F, 0x7F, 0x53, + 0x75, 0x7E, 0x19, 0x13}; +static const uint8_t kDHTest2048_256_Z[] = { + 0x86, 0xC7, 0x0B, 0xF8, 0xD0, 0xBB, 0x81, 0xBB, 0x01, 0x07, 0x8A, 0x17, + 0x21, 0x9C, 0xB7, 0xD2, 0x72, 0x03, 0xDB, 0x2A, 0x19, 0xC8, 0x77, 0xF1, + 0xD1, 0xF1, 0x9F, 0xD7, 0xD7, 0x7E, 0xF2, 0x25, 0x46, 0xA6, 0x8F, 0x00, + 0x5A, 0xD5, 0x2D, 0xC8, 0x45, 0x53, 0xB7, 0x8F, 0xC6, 0x03, 0x30, 0xBE, + 0x51, 0xEA, 0x7C, 0x06, 0x72, 0xCA, 0xC1, 0x51, 0x5E, 0x4B, 0x35, 0xC0, + 0x47, 0xB9, 0xA5, 0x51, 0xB8, 0x8F, 0x39, 0xDC, 0x26, 0xDA, 0x14, 0xA0, + 0x9E, 0xF7, 0x47, 0x74, 0xD4, 0x7C, 0x76, 0x2D, 0xD1, 0x77, 0xF9, 0xED, + 0x5B, 0xC2, 0xF1, 0x1E, 0x52, 0xC8, 0x79, 0xBD, 0x95, 0x09, 0x85, 0x04, + 0xCD, 0x9E, 0xEC, 0xD8, 0xA8, 0xF9, 0xB3, 0xEF, 0xBD, 0x1F, 0x00, 0x8A, + 0xC5, 0x85, 0x30, 0x97, 0xD9, 0xD1, 0x83, 0x7F, 0x2B, 0x18, 0xF7, 0x7C, + 0xD7, 0xBE, 0x01, 0xAF, 0x80, 0xA7, 0xC7, 0xB5, 0xEA, 0x3C, 0xA5, 0x4C, + 0xC0, 0x2D, 0x0C, 0x11, 0x6F, 0xEE, 0x3F, 0x95, 0xBB, 0x87, 0x39, 0x93, + 0x85, 0x87, 0x5D, 0x7E, 0x86, 0x74, 0x7E, 0x67, 0x6E, 0x72, 0x89, 0x38, + 0xAC, 0xBF, 0xF7, 0x09, 0x8E, 0x05, 0xBE, 0x4D, 0xCF, 0xB2, 0x40, 0x52, + 0xB8, 0x3A, 0xEF, 0xFB, 0x14, 0x78, 0x3F, 0x02, 0x9A, 0xDB, 0xDE, 0x7F, + 0x53, 0xFA, 0xE9, 0x20, 0x84, 0x22, 0x40, 0x90, 0xE0, 0x07, 0xCE, 0xE9, + 0x4D, 0x4B, 0xF2, 0xBA, 0xCE, 0x9F, 0xFD, 0x4B, 0x57, 0xD2, 0xAF, 0x7C, + 0x72, 0x4D, 0x0C, 0xAA, 0x19, 0xBF, 0x05, 0x01, 0xF6, 0xF1, 0x7B, 0x4A, + 0xA1, 0x0F, 0x42, 0x5E, 0x3E, 0xA7, 0x60, 0x80, 0xB4, 0xB9, 0xD6, 0xB3, + 0xCE, 0xFE, 0xA1, 0x15, 0xB2, 0xCE, 0xB8, 0x78, 0x9B, 0xB8, 0xA3, 0xB0, + 0xEA, 0x87, 0xFE, 0xBE, 0x63, 0xB6, 0xC8, 0xF8, 0x46, 0xEC, 0x6D, 0xB0, + 0xC2, 0x6C, 0x5D, 0x7C}; + +struct RFC5114TestData { + DH *(*get_param)(const ENGINE *engine); + const uint8_t *xA; + size_t xA_len; + const uint8_t *yA; + size_t yA_len; + const uint8_t *xB; + size_t xB_len; + const uint8_t *yB; + size_t yB_len; + const uint8_t *Z; + size_t Z_len; +}; + +#define MAKE_RFC5114_TEST_DATA(pre) \ + { \ + DH_get_##pre, kDHTest##pre##_xA, sizeof(kDHTest##pre##_xA), \ + kDHTest##pre##_yA, sizeof(kDHTest##pre##_yA), kDHTest##pre##_xB, \ + sizeof(kDHTest##pre##_xB), kDHTest##pre##_yB, \ + sizeof(kDHTest##pre##_yB), kDHTest##pre##_Z, sizeof(kDHTest##pre##_Z) \ + } + +static const RFC5114TestData kRFCTestData[] = { + MAKE_RFC5114_TEST_DATA(1024_160), + MAKE_RFC5114_TEST_DATA(2048_224), + MAKE_RFC5114_TEST_DATA(2048_256), + }; + +static bool RunRFC5114Tests() { + for (unsigned i = 0; i < sizeof(kRFCTestData) / sizeof(RFC5114TestData); i++) { + const RFC5114TestData *td = kRFCTestData + i; + /* Set up DH structures setting key components */ + ScopedDH dhA(td->get_param(nullptr)); + ScopedDH dhB(td->get_param(nullptr)); + if (!dhA || !dhB) { + fprintf(stderr, "Initialisation error RFC5114 set %u\n", i + 1); + return false; + } + + dhA->priv_key = BN_bin2bn(td->xA, td->xA_len, nullptr); + dhA->pub_key = BN_bin2bn(td->yA, td->yA_len, nullptr); + + dhB->priv_key = BN_bin2bn(td->xB, td->xB_len, nullptr); + dhB->pub_key = BN_bin2bn(td->yB, td->yB_len, nullptr); + + if (!dhA->priv_key || !dhA->pub_key || !dhB->priv_key || !dhB->pub_key) { + fprintf(stderr, "BN_bin2bn error RFC5114 set %u\n", i + 1); + return false; + } + + if ((td->Z_len != (size_t)DH_size(dhA.get())) || + (td->Z_len != (size_t)DH_size(dhB.get()))) { + return false; + } + + std::vector Z1(DH_size(dhA.get())); + std::vector Z2(DH_size(dhB.get())); + /* Work out shared secrets using both sides and compare + * with expected values. */ + int ret1 = DH_compute_key(bssl::vector_data(&Z1), dhB->pub_key, dhA.get()); + int ret2 = DH_compute_key(bssl::vector_data(&Z2), dhA->pub_key, dhB.get()); + if (ret1 < 0 || ret2 < 0) { + fprintf(stderr, "DH_compute_key error RFC5114 set %u\n", i + 1); + return false; + } + + if (static_cast(ret1) != td->Z_len || + memcmp(bssl::vector_data(&Z1), td->Z, td->Z_len) != 0 || + static_cast(ret2) != td->Z_len || + memcmp(bssl::vector_data(&Z2), td->Z, td->Z_len) != 0) { + fprintf(stderr, "Test failed RFC5114 set %u\n", i + 1); + return false; + } + + printf("RFC5114 parameter test %u OK\n", i + 1); + } + + return 1; +} diff --git a/src/crypto/digest/CMakeLists.txt b/src/crypto/digest/CMakeLists.txt index 6426399..8cab46a 100644 --- a/src/crypto/digest/CMakeLists.txt +++ b/src/crypto/digest/CMakeLists.txt @@ -7,13 +7,12 @@ add_library( digest.c digests.c - digest_error.c ) add_executable( digest_test - digest_test.c + digest_test.cc ) target_link_libraries(digest_test crypto) diff --git a/src/crypto/digest/digest.c b/src/crypto/digest/digest.c index 3897c60..e32eafd 100644 --- a/src/crypto/digest/digest.c +++ b/src/crypto/digest/digest.c @@ -68,8 +68,6 @@ int EVP_MD_type(const EVP_MD *md) { return md->type; } -const char *EVP_MD_name(const EVP_MD *md) { return OBJ_nid2sn(md->type); } - uint32_t EVP_MD_flags(const EVP_MD *md) { return md->flags; } size_t EVP_MD_size(const EVP_MD *md) { return md->md_size; } diff --git a/src/crypto/digest/digest_error.c b/src/crypto/digest/digest_error.c deleted file mode 100644 index 0cc6702..0000000 --- a/src/crypto/digest/digest_error.c +++ /dev/null @@ -1,24 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#include - -#include - -const ERR_STRING_DATA DIGEST_error_string_data[] = { - {ERR_PACK(ERR_LIB_DIGEST, DIGEST_F_EVP_DigestInit_ex, 0), "EVP_DigestInit_ex"}, - {ERR_PACK(ERR_LIB_DIGEST, DIGEST_F_EVP_MD_CTX_copy_ex, 0), "EVP_MD_CTX_copy_ex"}, - {ERR_PACK(ERR_LIB_DIGEST, 0, DIGEST_R_INPUT_NOT_INITIALIZED), "INPUT_NOT_INITIALIZED"}, - {0, NULL}, -}; diff --git a/src/crypto/digest/digest_test.c b/src/crypto/digest/digest_test.c deleted file mode 100644 index 6c73e95..0000000 --- a/src/crypto/digest/digest_test.c +++ /dev/null @@ -1,244 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#include -#include -#include - -#include -#include -#include -#include -#include -#include - - -typedef struct { - /* md_func is the digest to test. */ - const EVP_MD *(*md_func)(void); - /* one_shot_func is the convenience one-shot version of the - * digest. */ - uint8_t *(*one_shot_func)(const uint8_t *, size_t, uint8_t *); - /* input is a NUL-terminated string to hash. */ - const char *input; - /* repeat is the number of times to repeat input. */ - size_t repeat; - /* expected_hex is the expected digest in hexadecimal. */ - const char *expected_hex; -} TEST_VECTOR; - -static const TEST_VECTOR kTestVectors[] = { - /* MD4 tests, from RFC 1320. (crypto/md4 does not provide a - * one-shot MD4 function.) */ - { &EVP_md4, NULL, "", 1, "31d6cfe0d16ae931b73c59d7e0c089c0" }, - { &EVP_md4, NULL, "a", 1, "bde52cb31de33e46245e05fbdbd6fb24" }, - { &EVP_md4, NULL, "abc", 1, "a448017aaf21d8525fc10ae87aa6729d" }, - { &EVP_md4, NULL, "message digest", 1, - "d9130a8164549fe818874806e1c7014b" }, - { &EVP_md4, NULL, "abcdefghijklmnopqrstuvwxyz", 1, - "d79e1c308aa5bbcdeea8ed63df412da9" }, - { &EVP_md4, NULL, - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", 1, - "043f8582f241db351ce627e153e7f0e4" }, - { &EVP_md4, NULL, "1234567890", 8, "e33b4ddc9c38f2199c3e7b164fcc0536" }, - - /* MD5 tests, from RFC 1321. */ - { &EVP_md5, &MD5, "", 1, "d41d8cd98f00b204e9800998ecf8427e" }, - { &EVP_md5, &MD5, "a", 1, "0cc175b9c0f1b6a831c399e269772661" }, - { &EVP_md5, &MD5, "abc", 1, "900150983cd24fb0d6963f7d28e17f72" }, - { &EVP_md5, &MD5, "message digest", 1, "f96b697d7cb7938d525a2f31aaf161d0" }, - { &EVP_md5, &MD5, "abcdefghijklmnopqrstuvwxyz", 1, - "c3fcd3d76192e4007dfb496cca67e13b" }, - { &EVP_md5, &MD5, - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", 1, - "d174ab98d277d9f5a5611c2c9f419d9f" }, - { &EVP_md5, &MD5, "1234567890", 8, "57edf4a22be3c955ac49da2e2107b67a" }, - - /* SHA-1 tests, from RFC 3174. */ - { &EVP_sha1, &SHA1, "abc", 1, "a9993e364706816aba3e25717850c26c9cd0d89d" }, - { &EVP_sha1, &SHA1, - "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1, - "84983e441c3bd26ebaae4aa1f95129e5e54670f1" }, - { &EVP_sha1, &SHA1, "a", 1000000, - "34aa973cd4c4daa4f61eeb2bdbad27316534016f" }, - { &EVP_sha1, &SHA1, - "0123456701234567012345670123456701234567012345670123456701234567", 10, - "dea356a2cddd90c7a7ecedc5ebb563934f460452" }, - - /* SHA-224 tests, from RFC 3874. */ - { &EVP_sha224, &SHA224, "abc", 1, - "23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7" }, - { &EVP_sha224, &SHA224, - "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1, - "75388b16512776cc5dba5da1fd890150b0c6455cb4f58b1952522525" }, - { &EVP_sha224, &SHA224, - "a", 1000000, - "20794655980c91d8bbb4c1ea97618a4bf03f42581948b2ee4ee7ad67" }, - - /* SHA-256 tests, from NIST. */ - { &EVP_sha256, &SHA256, "abc", 1, - "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad" }, - { &EVP_sha256, &SHA256, - "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1, - "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1" }, - - /* SHA-384 tests, from NIST. */ - { &EVP_sha384, &SHA384, "abc", 1, - "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed" - "8086072ba1e7cc2358baeca134c825a7" }, - { &EVP_sha384, &SHA384, - "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn" - "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", 1, - "09330c33f71147e83d192fc782cd1b4753111b173b3b05d22fa08086e3b0f712" - "fcc7c71a557e2db966c3e9fa91746039" }, - - /* SHA-512 tests, from NIST. */ - { &EVP_sha512, &SHA512, "abc", 1, - "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a" - "2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f" }, - { &EVP_sha512, &SHA512, - "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn" - "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", 1, - "8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018" - "501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909" }, - - /* MD5-SHA1 tests. */ - { &EVP_md5_sha1, NULL, "abc", 1, - "900150983cd24fb0d6963f7d28e17f72a9993e364706816aba3e25717850c26c9cd0d89d" }, -}; - -static int compare_digest(const TEST_VECTOR *test, - const uint8_t *digest, - size_t digest_len) { - static const char kHexTable[] = "0123456789abcdef"; - size_t i; - char digest_hex[2*EVP_MAX_MD_SIZE + 1]; - - for (i = 0; i < digest_len; i++) { - digest_hex[2*i] = kHexTable[digest[i] >> 4]; - digest_hex[2*i + 1] = kHexTable[digest[i] & 0xf]; - } - digest_hex[2*digest_len] = '\0'; - - if (strcmp(digest_hex, test->expected_hex) != 0) { - fprintf(stderr, "%s(\"%s\" * %d) = %s; want %s\n", - EVP_MD_name(test->md_func()), test->input, (int)test->repeat, - digest_hex, test->expected_hex); - return 0; - } - - return 1; -} - -static int test_digest(const TEST_VECTOR *test) { - int ret = 0; - EVP_MD_CTX ctx; - size_t i; - uint8_t digest[EVP_MAX_MD_SIZE]; - unsigned digest_len; - - EVP_MD_CTX_init(&ctx); - - /* Test the input provided. */ - if (!EVP_DigestInit_ex(&ctx, test->md_func(), NULL)) { - fprintf(stderr, "EVP_DigestInit_ex failed\n"); - goto done; - } - for (i = 0; i < test->repeat; i++) { - if (!EVP_DigestUpdate(&ctx, test->input, strlen(test->input))) { - fprintf(stderr, "EVP_DigestUpdate failed\n"); - goto done; - } - } - if (!EVP_DigestFinal_ex(&ctx, digest, &digest_len)) { - fprintf(stderr, "EVP_DigestFinal_ex failed\n"); - goto done; - } - if (!compare_digest(test, digest, digest_len)) { - goto done; - } - - /* Test the input one character at a time. */ - if (!EVP_DigestInit_ex(&ctx, test->md_func(), NULL)) { - fprintf(stderr, "EVP_DigestInit_ex failed\n"); - goto done; - } - if (!EVP_DigestUpdate(&ctx, NULL, 0)) { - fprintf(stderr, "EVP_DigestUpdate failed\n"); - goto done; - } - for (i = 0; i < test->repeat; i++) { - const char *p; - for (p = test->input; *p; p++) { - if (!EVP_DigestUpdate(&ctx, p, 1)) { - fprintf(stderr, "EVP_DigestUpdate failed\n"); - goto done; - } - } - } - if (!EVP_DigestFinal_ex(&ctx, digest, &digest_len)) { - fprintf(stderr, "EVP_DigestFinal_ex failed\n"); - goto done; - } - if (digest_len != EVP_MD_size(test->md_func())) { - fprintf(stderr, "EVP_MD_size output incorrect\n"); - goto done; - } - if (!compare_digest(test, digest, digest_len)) { - goto done; - } - - /* Test the one-shot function. */ - if (test->one_shot_func && test->repeat == 1) { - uint8_t *out = test->one_shot_func((const uint8_t *)test->input, - strlen(test->input), digest); - if (out != digest) { - fprintf(stderr, "one_shot_func gave incorrect return\n"); - goto done; - } - if (!compare_digest(test, digest, EVP_MD_size(test->md_func()))) { - goto done; - } - - /* Test the deprecated static buffer variant, until it's removed. */ - out = test->one_shot_func((const uint8_t *)test->input, strlen(test->input), - NULL); - if (!compare_digest(test, out, EVP_MD_size(test->md_func()))) { - goto done; - } - } - - ret = 1; - -done: - EVP_MD_CTX_cleanup(&ctx); - return ret; -} - -int main(void) { - size_t i; - - CRYPTO_library_init(); - ERR_load_crypto_strings(); - - for (i = 0; i < sizeof(kTestVectors) / sizeof(kTestVectors[0]); i++) { - if (!test_digest(&kTestVectors[i])) { - fprintf(stderr, "Test %d failed\n", (int)i); - return 1; - } - } - - printf("PASS\n"); - return 0; -} diff --git a/src/crypto/digest/digest_test.cc b/src/crypto/digest/digest_test.cc new file mode 100644 index 0000000..dcb569c --- /dev/null +++ b/src/crypto/digest/digest_test.cc @@ -0,0 +1,249 @@ +/* Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include +#include +#include + +#include +#include +#include +#include +#include +#include + +#include "../test/scoped_types.h" + + +struct MD { + // name is the name of the digest. + const char* name; + // md_func is the digest to test. + const EVP_MD *(*func)(void); + // one_shot_func is the convenience one-shot version of the + // digest. + uint8_t *(*one_shot_func)(const uint8_t *, size_t, uint8_t *); +}; + +static const MD md4 = { "MD4", &EVP_md4, nullptr }; +static const MD md5 = { "MD5", &EVP_md5, &MD5 }; +static const MD sha1 = { "SHA1", &EVP_sha1, &SHA1 }; +static const MD sha224 = { "SHA224", &EVP_sha224, &SHA224 }; +static const MD sha256 = { "SHA256", &EVP_sha256, &SHA256 }; +static const MD sha384 = { "SHA384", &EVP_sha384, &SHA384 }; +static const MD sha512 = { "SHA512", &EVP_sha512, &SHA512 }; +static const MD md5_sha1 = { "MD5-SHA1", &EVP_md5_sha1, nullptr }; + +struct TestVector { + // md is the digest to test. + const MD &md; + // input is a NUL-terminated string to hash. + const char *input; + // repeat is the number of times to repeat input. + size_t repeat; + // expected_hex is the expected digest in hexadecimal. + const char *expected_hex; +}; + +static const TestVector kTestVectors[] = { + // MD4 tests, from RFC 1320. (crypto/md4 does not provide a + // one-shot MD4 function.) + { md4, "", 1, "31d6cfe0d16ae931b73c59d7e0c089c0" }, + { md4, "a", 1, "bde52cb31de33e46245e05fbdbd6fb24" }, + { md4, "abc", 1, "a448017aaf21d8525fc10ae87aa6729d" }, + { md4, "message digest", 1, "d9130a8164549fe818874806e1c7014b" }, + { md4, "abcdefghijklmnopqrstuvwxyz", 1, + "d79e1c308aa5bbcdeea8ed63df412da9" }, + { md4, + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", 1, + "043f8582f241db351ce627e153e7f0e4" }, + { md4, "1234567890", 8, "e33b4ddc9c38f2199c3e7b164fcc0536" }, + + // MD5 tests, from RFC 1321. + { md5, "", 1, "d41d8cd98f00b204e9800998ecf8427e" }, + { md5, "a", 1, "0cc175b9c0f1b6a831c399e269772661" }, + { md5, "abc", 1, "900150983cd24fb0d6963f7d28e17f72" }, + { md5, "message digest", 1, "f96b697d7cb7938d525a2f31aaf161d0" }, + { md5, "abcdefghijklmnopqrstuvwxyz", 1, + "c3fcd3d76192e4007dfb496cca67e13b" }, + { md5, + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", 1, + "d174ab98d277d9f5a5611c2c9f419d9f" }, + { md5, "1234567890", 8, "57edf4a22be3c955ac49da2e2107b67a" }, + + // SHA-1 tests, from RFC 3174. + { sha1, "abc", 1, "a9993e364706816aba3e25717850c26c9cd0d89d" }, + { sha1, + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1, + "84983e441c3bd26ebaae4aa1f95129e5e54670f1" }, + { sha1, "a", 1000000, "34aa973cd4c4daa4f61eeb2bdbad27316534016f" }, + { sha1, + "0123456701234567012345670123456701234567012345670123456701234567", 10, + "dea356a2cddd90c7a7ecedc5ebb563934f460452" }, + + // SHA-224 tests, from RFC 3874. + { sha224, "abc", 1, + "23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7" }, + { sha224, + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1, + "75388b16512776cc5dba5da1fd890150b0c6455cb4f58b1952522525" }, + { sha224, + "a", 1000000, + "20794655980c91d8bbb4c1ea97618a4bf03f42581948b2ee4ee7ad67" }, + + // SHA-256 tests, from NIST. + { sha256, "abc", 1, + "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad" }, + { sha256, + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1, + "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1" }, + + // SHA-384 tests, from NIST. + { sha384, "abc", 1, + "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed" + "8086072ba1e7cc2358baeca134c825a7" }, + { sha384, + "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn" + "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", 1, + "09330c33f71147e83d192fc782cd1b4753111b173b3b05d22fa08086e3b0f712" + "fcc7c71a557e2db966c3e9fa91746039" }, + + // SHA-512 tests, from NIST. + { sha512, "abc", 1, + "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a" + "2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f" }, + { sha512, + "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn" + "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", 1, + "8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018" + "501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909" }, + + // MD5-SHA1 tests. + { md5_sha1, "abc", 1, + "900150983cd24fb0d6963f7d28e17f72a9993e364706816aba3e25717850c26c9cd0d89d" }, +}; + +static bool CompareDigest(const TestVector *test, + const uint8_t *digest, + size_t digest_len) { + static const char kHexTable[] = "0123456789abcdef"; + size_t i; + char digest_hex[2*EVP_MAX_MD_SIZE + 1]; + + for (i = 0; i < digest_len; i++) { + digest_hex[2*i] = kHexTable[digest[i] >> 4]; + digest_hex[2*i + 1] = kHexTable[digest[i] & 0xf]; + } + digest_hex[2*digest_len] = '\0'; + + if (strcmp(digest_hex, test->expected_hex) != 0) { + fprintf(stderr, "%s(\"%s\" * %d) = %s; want %s\n", + test->md.name, test->input, (int)test->repeat, + digest_hex, test->expected_hex); + return false; + } + + return true; +} + +static int TestDigest(const TestVector *test) { + ScopedEVP_MD_CTX ctx; + + // Test the input provided. + if (!EVP_DigestInit_ex(ctx.get(), test->md.func(), NULL)) { + fprintf(stderr, "EVP_DigestInit_ex failed\n"); + return false; + } + for (size_t i = 0; i < test->repeat; i++) { + if (!EVP_DigestUpdate(ctx.get(), test->input, strlen(test->input))) { + fprintf(stderr, "EVP_DigestUpdate failed\n"); + return false; + } + } + uint8_t digest[EVP_MAX_MD_SIZE]; + unsigned digest_len; + if (!EVP_DigestFinal_ex(ctx.get(), digest, &digest_len)) { + fprintf(stderr, "EVP_DigestFinal_ex failed\n"); + return false; + } + if (!CompareDigest(test, digest, digest_len)) { + return false; + } + + // Test the input one character at a time. + if (!EVP_DigestInit_ex(ctx.get(), test->md.func(), NULL)) { + fprintf(stderr, "EVP_DigestInit_ex failed\n"); + return false; + } + if (!EVP_DigestUpdate(ctx.get(), NULL, 0)) { + fprintf(stderr, "EVP_DigestUpdate failed\n"); + return false; + } + for (size_t i = 0; i < test->repeat; i++) { + for (const char *p = test->input; *p; p++) { + if (!EVP_DigestUpdate(ctx.get(), p, 1)) { + fprintf(stderr, "EVP_DigestUpdate failed\n"); + return false; + } + } + } + if (!EVP_DigestFinal_ex(ctx.get(), digest, &digest_len)) { + fprintf(stderr, "EVP_DigestFinal_ex failed\n"); + return false; + } + if (digest_len != EVP_MD_size(test->md.func())) { + fprintf(stderr, "EVP_MD_size output incorrect\n"); + return false; + } + if (!CompareDigest(test, digest, digest_len)) { + return false; + } + + // Test the one-shot function. + if (test->md.one_shot_func && test->repeat == 1) { + uint8_t *out = test->md.one_shot_func((const uint8_t *)test->input, + strlen(test->input), digest); + if (out != digest) { + fprintf(stderr, "one_shot_func gave incorrect return\n"); + return false; + } + if (!CompareDigest(test, digest, EVP_MD_size(test->md.func()))) { + return false; + } + + // Test the deprecated static buffer variant, until it's removed. + out = test->md.one_shot_func((const uint8_t *)test->input, + strlen(test->input), NULL); + if (!CompareDigest(test, out, EVP_MD_size(test->md.func()))) { + return false; + } + } + + return true; +} + +int main(void) { + CRYPTO_library_init(); + ERR_load_crypto_strings(); + + for (size_t i = 0; i < sizeof(kTestVectors) / sizeof(kTestVectors[0]); i++) { + if (!TestDigest(&kTestVectors[i])) { + fprintf(stderr, "Test %d failed\n", (int)i); + return 1; + } + } + + printf("PASS\n"); + return 0; +} diff --git a/src/crypto/digest/md32_common.h b/src/crypto/digest/md32_common.h index a4ce355..d7caba2 100644 --- a/src/crypto/digest/md32_common.h +++ b/src/crypto/digest/md32_common.h @@ -51,8 +51,6 @@ #include -#include - #if defined(__cplusplus) extern "C" { @@ -74,8 +72,7 @@ extern "C" { * HASH_CBLOCK * size of a unit chunk HASH_BLOCK operates on. * HASH_LONG - * has to be at lest 32 bit wide, if it's wider, then - * HASH_LONG_LOG2 *has to* be defined along + * has to be at least 32 bit wide. * HASH_CTX * context structure that at least contains following * members: @@ -103,19 +100,6 @@ extern "C" { * HASH_MAKE_STRING * macro convering context variables to an ASCII hash string. * - * MD5 example: - * - * #define DATA_ORDER_IS_LITTLE_ENDIAN - * - * #define HASH_LONG MD5_LONG - * #define HASH_LONG_LOG2 MD5_LONG_LOG2 - * #define HASH_CTX MD5_CTX - * #define HASH_CBLOCK MD5_CBLOCK - * #define HASH_UPDATE MD5_Update - * #define HASH_TRANSFORM MD5_Transform - * #define HASH_FINAL MD5_Final - * #define HASH_BLOCK_DATA_ORDER md5_block_data_order - * * */ diff --git a/src/crypto/directory_posix.c b/src/crypto/directory_posix.c index c16701d..b944b69 100644 --- a/src/crypto/directory_posix.c +++ b/src/crypto/directory_posix.c @@ -35,6 +35,7 @@ #include #include +#include #include #if defined(OPENSSL_PNACL) diff --git a/src/crypto/directory_win.c b/src/crypto/directory_win.c index 2e4600f..4ebacf2 100644 --- a/src/crypto/directory_win.c +++ b/src/crypto/directory_win.c @@ -41,6 +41,9 @@ #define NAME_MAX 255 #endif +#include + + struct OPENSSL_dir_context_st { WIN32_FIND_DATA ctx; HANDLE handle; diff --git a/src/crypto/dsa/CMakeLists.txt b/src/crypto/dsa/CMakeLists.txt index fbc053e..dab2c4c 100644 --- a/src/crypto/dsa/CMakeLists.txt +++ b/src/crypto/dsa/CMakeLists.txt @@ -8,7 +8,6 @@ add_library( dsa.c dsa_impl.c dsa_asn1.c - dsa_error.c ) add_executable( diff --git a/src/crypto/dsa/dsa.c b/src/crypto/dsa/dsa.c index 8816b63..e8e3d73 100644 --- a/src/crypto/dsa/dsa.c +++ b/src/crypto/dsa/dsa.c @@ -67,12 +67,16 @@ #include #include #include +#include #include "internal.h" +#include "../internal.h" extern const DSA_METHOD DSA_default_method; +static CRYPTO_EX_DATA_CLASS g_ex_data_class = CRYPTO_EX_DATA_CLASS_INIT; + DSA *DSA_new(void) { return DSA_new_method(NULL); } DSA *DSA_new_method(const ENGINE *engine) { @@ -96,14 +100,16 @@ DSA *DSA_new_method(const ENGINE *engine) { dsa->write_params = 1; dsa->references = 1; - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, dsa, &dsa->ex_data)) { + CRYPTO_MUTEX_init(&dsa->method_mont_p_lock); + + if (!CRYPTO_new_ex_data(&g_ex_data_class, dsa, &dsa->ex_data)) { METHOD_unref(dsa->meth); OPENSSL_free(dsa); return NULL; } if (dsa->meth->init && !dsa->meth->init(dsa)) { - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, dsa, &dsa->ex_data); + CRYPTO_free_ex_data(&g_ex_data_class, dsa, &dsa->ex_data); METHOD_unref(dsa->meth); OPENSSL_free(dsa); return NULL; @@ -126,22 +132,16 @@ void DSA_free(DSA *dsa) { } METHOD_unref(dsa->meth); - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, dsa, &dsa->ex_data); - - if (dsa->p != NULL) - BN_clear_free(dsa->p); - if (dsa->q != NULL) - BN_clear_free(dsa->q); - if (dsa->g != NULL) - BN_clear_free(dsa->g); - if (dsa->pub_key != NULL) - BN_clear_free(dsa->pub_key); - if (dsa->priv_key != NULL) - BN_clear_free(dsa->priv_key); - if (dsa->kinv != NULL) - BN_clear_free(dsa->kinv); - if (dsa->r != NULL) - BN_clear_free(dsa->r); + CRYPTO_free_ex_data(&g_ex_data_class, dsa, &dsa->ex_data); + + BN_clear_free(dsa->p); + BN_clear_free(dsa->q); + BN_clear_free(dsa->g); + BN_clear_free(dsa->pub_key); + BN_clear_free(dsa->priv_key); + BN_clear_free(dsa->kinv); + BN_clear_free(dsa->r); + CRYPTO_MUTEX_cleanup(&dsa->method_mont_p_lock); OPENSSL_free(dsa); } @@ -184,12 +184,8 @@ void DSA_SIG_free(DSA_SIG *sig) { return; } - if (sig->r) { - BN_free(sig->r); - } - if (sig->s) { - BN_free(sig->s); - } + BN_free(sig->r); + BN_free(sig->s); OPENSSL_free(sig); } @@ -268,12 +264,8 @@ int DSA_check_signature(int *out_valid, const uint8_t *digest, ret = DSA_do_check_signature(out_valid, digest, digest_len, s, dsa); err: - if (der != NULL) { - OPENSSL_free(der); - } - if (s) { - DSA_SIG_free(s); - } + OPENSSL_free(der); + DSA_SIG_free(s); return ret; } @@ -309,8 +301,12 @@ int DSA_sign_setup(const DSA *dsa, BN_CTX *ctx, BIGNUM **out_kinv, int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp, new_func, - dup_func, free_func); + int index; + if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp, new_func, + dup_func, free_func)) { + return -1; + } + return index; } int DSA_set_ex_data(DSA *d, int idx, void *arg) { @@ -347,8 +343,6 @@ DH *DSA_dup_DH(const DSA *r) { return ret; err: - if (ret != NULL) { - DH_free(ret); - } + DH_free(ret); return NULL; } diff --git a/src/crypto/dsa/dsa_error.c b/src/crypto/dsa/dsa_error.c deleted file mode 100644 index 5a83908..0000000 --- a/src/crypto/dsa/dsa_error.c +++ /dev/null @@ -1,30 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#include - -#include - -const ERR_STRING_DATA DSA_error_string_data[] = { - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_new_method, 0), "DSA_new_method"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_dsa_sig_cb, 0), "dsa_sig_cb"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_sign, 0), "sign"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_sign_setup, 0), "sign_setup"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_verify, 0), "verify"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BAD_Q_VALUE), "BAD_Q_VALUE"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PARAMETERS), "MISSING_PARAMETERS"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MODULUS_TOO_LARGE), "MODULUS_TOO_LARGE"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NEED_NEW_SETUP_VALUES), "NEED_NEW_SETUP_VALUES"}, - {0, NULL}, -}; diff --git a/src/crypto/dsa/dsa_impl.c b/src/crypto/dsa/dsa_impl.c index 6719758..b7e1fd8 100644 --- a/src/crypto/dsa/dsa_impl.c +++ b/src/crypto/dsa/dsa_impl.c @@ -66,6 +66,7 @@ #include #include #include +#include #include "internal.h" @@ -122,14 +123,16 @@ static int sign_setup(const DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BN_set_flags(&k, BN_FLG_CONSTTIME); - if (!BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p, - CRYPTO_LOCK_DSA, dsa->p, ctx)) { + if (BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p, + (CRYPTO_MUTEX *)&dsa->method_mont_p_lock, dsa->p, + ctx) == NULL) { goto err; } /* Compute r = (g^k mod p) mod q */ - if (!BN_copy(&kq, &k)) + if (!BN_copy(&kq, &k)) { goto err; + } /* We do not want timing information to leak the length of k, * so we compute g^k using an equivalent exponent of fixed length. @@ -137,11 +140,11 @@ static int sign_setup(const DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, * (This is a kludge that we need because the BN_mod_exp_mont() * does not let us specify the desired timing behaviour.) */ - if (!BN_add(&kq, &kq, dsa->q)) + if (!BN_add(&kq, &kq, dsa->q)) { + goto err; + } + if (BN_num_bits(&kq) <= BN_num_bits(dsa->q) && !BN_add(&kq, &kq, dsa->q)) { goto err; - if (BN_num_bits(&kq) <= BN_num_bits(dsa->q)) { - if (!BN_add(&kq, &kq, dsa->q)) - goto err; } K = &kq; @@ -159,14 +162,10 @@ static int sign_setup(const DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, goto err; } - if (*kinvp != NULL) { - BN_clear_free(*kinvp); - } + BN_clear_free(*kinvp); *kinvp = kinv; kinv = NULL; - if (*rp != NULL) { - BN_clear_free(*rp); - } + BN_clear_free(*rp); *rp = r; ret = 1; @@ -274,15 +273,10 @@ err: BN_free(r); BN_free(s); } - if (ctx != NULL) { - BN_CTX_free(ctx); - } + BN_CTX_free(ctx); BN_clear_free(&m); BN_clear_free(&xr); - if (kinv != NULL) { - /* dsa->kinv is NULL now if we used it */ - BN_clear_free(kinv); - } + BN_clear_free(kinv); return ret; } @@ -363,12 +357,14 @@ static int verify(int *out_valid, const uint8_t *dgst, size_t digest_len, } mont = BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p, - CRYPTO_LOCK_DSA, dsa->p, ctx); + (CRYPTO_MUTEX *)&dsa->method_mont_p_lock, + dsa->p, ctx); if (!mont) { goto err; } - if (!BN_mod_exp2_mont(&t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, mont)) { + if (!BN_mod_exp2_mont(&t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, + mont)) { goto err; } @@ -387,9 +383,7 @@ err: if (ret != 1) { OPENSSL_PUT_ERROR(DSA, verify, ERR_R_BN_LIB); } - if (ctx != NULL) { - BN_CTX_free(ctx); - } + BN_CTX_free(ctx); BN_free(&u1); BN_free(&u2); BN_free(&t1); @@ -442,15 +436,13 @@ static int keygen(DSA *dsa) { ok = 1; err: - if (pub_key != NULL && dsa->pub_key == NULL) { + if (dsa->pub_key == NULL) { BN_free(pub_key); } - if (priv_key != NULL && dsa->priv_key == NULL) { + if (dsa->priv_key == NULL) { BN_free(priv_key); } - if (ctx != NULL) { - BN_CTX_free(ctx); - } + BN_CTX_free(ctx); return ok; } @@ -701,15 +693,9 @@ end: err: if (ok) { - if (ret->p) { - BN_free(ret->p); - } - if (ret->q) { - BN_free(ret->q); - } - if (ret->g) { - BN_free(ret->g); - } + BN_free(ret->p); + BN_free(ret->q); + BN_free(ret->g); ret->p = BN_dup(p); ret->q = BN_dup(q); ret->g = BN_dup(g); @@ -730,9 +716,7 @@ err: BN_CTX_free(ctx); } - if (mont != NULL) { - BN_MONT_CTX_free(mont); - } + BN_MONT_CTX_free(mont); return ok; } diff --git a/src/crypto/dsa/dsa_test.c b/src/crypto/dsa/dsa_test.c index 1273638..9b70dbe 100644 --- a/src/crypto/dsa/dsa_test.c +++ b/src/crypto/dsa/dsa_test.c @@ -61,7 +61,6 @@ #include -#include #include #include #include @@ -166,9 +165,6 @@ static const uint8_t fips_sig_bad_r[] = { 0xdc, 0xd8, 0xc8, }; -static BIO *bio_err = NULL; -static BIO *bio_out = NULL; - static DSA *get_fips_dsa(void) { DSA *dsa = DSA_new(); if (!dsa) { @@ -187,7 +183,7 @@ static DSA *get_fips_dsa(void) { return dsa; } -static int test_generate(void) { +static int test_generate(FILE *out) { BN_GENCB cb; DSA *dsa = NULL; int counter, ok = 0, i, j; @@ -196,49 +192,49 @@ static int test_generate(void) { uint8_t sig[256]; unsigned int siglen; - BIO_printf(bio_out, "test generation of DSA parameters\n"); + fprintf(out, "test generation of DSA parameters\n"); - BN_GENCB_set(&cb, dsa_cb, bio_out); + BN_GENCB_set(&cb, dsa_cb, out); dsa = DSA_new(); if (dsa == NULL || !DSA_generate_parameters_ex(dsa, 512, seed, 20, &counter, &h, &cb)) { goto end; } - BIO_printf(bio_out, "seed\n"); + fprintf(out, "seed\n"); for (i = 0; i < 20; i += 4) { - BIO_printf(bio_out, "%02X%02X%02X%02X ", seed[i], seed[i + 1], seed[i + 2], - seed[i + 3]); + fprintf(out, "%02X%02X%02X%02X ", seed[i], seed[i + 1], seed[i + 2], + seed[i + 3]); } - BIO_printf(bio_out, "\ncounter=%d h=%ld\n", counter, h); + fprintf(out, "\ncounter=%d h=%ld\n", counter, h); if (counter != 105) { - BIO_printf(bio_err, "counter should be 105\n"); + fprintf(stderr, "counter should be 105\n"); goto end; } if (h != 2) { - BIO_printf(bio_err, "h should be 2\n"); + fprintf(stderr, "h should be 2\n"); goto end; } i = BN_bn2bin(dsa->q, buf); j = sizeof(fips_q); if (i != j || memcmp(buf, fips_q, i) != 0) { - BIO_printf(bio_err, "q value is wrong\n"); + fprintf(stderr, "q value is wrong\n"); goto end; } i = BN_bn2bin(dsa->p, buf); j = sizeof(fips_p); if (i != j || memcmp(buf, fips_p, i) != 0) { - BIO_printf(bio_err, "p value is wrong\n"); + fprintf(stderr, "p value is wrong\n"); goto end; } i = BN_bn2bin(dsa->g, buf); j = sizeof(fips_g); if (i != j || memcmp(buf, fips_g, i) != 0) { - BIO_printf(bio_err, "g value is wrong\n"); + fprintf(stderr, "g value is wrong\n"); goto end; } @@ -247,13 +243,11 @@ static int test_generate(void) { if (DSA_verify(0, fips_digest, sizeof(fips_digest), sig, siglen, dsa) == 1) { ok = 1; } else { - BIO_printf(bio_err, "verification failure\n"); + fprintf(stderr, "verification failure\n"); } end: - if (dsa != NULL) { - DSA_free(dsa); - } + DSA_free(dsa); return ok; } @@ -267,7 +261,7 @@ static int test_verify(const uint8_t *sig, size_t sig_len, int expect) { int ret = DSA_verify(0, fips_digest, sizeof(fips_digest), sig, sig_len, dsa); if (ret != expect) { - BIO_printf(bio_err, "DSA_verify returned %d, want %d\n", ret, expect); + fprintf(stderr, "DSA_verify returned %d, want %d\n", ret, expect); goto end; } ok = 1; @@ -275,9 +269,7 @@ static int test_verify(const uint8_t *sig, size_t sig_len, int expect) { ERR_clear_error(); end: - if (dsa != NULL) { - DSA_free(dsa); - } + DSA_free(dsa); return ok; } @@ -285,23 +277,16 @@ end: int main(int argc, char **argv) { CRYPTO_library_init(); - bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); - bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); - - if (!test_generate() || + if (!test_generate(stdout) || !test_verify(fips_sig, sizeof(fips_sig), 1) || !test_verify(fips_sig_negative, sizeof(fips_sig_negative), -1) || !test_verify(fips_sig_extra, sizeof(fips_sig_extra), -1) || !test_verify(fips_sig_bad_length, sizeof(fips_sig_bad_length), -1) || !test_verify(fips_sig_bad_r, sizeof(fips_sig_bad_r), 0)) { - BIO_print_errors(bio_err); - BIO_free(bio_err); - BIO_free(bio_out); + ERR_print_errors_fp(stderr); return 1; } - BIO_free(bio_err); - BIO_free(bio_out); printf("PASS\n"); return 0; } @@ -326,11 +311,11 @@ static int dsa_cb(int p, int n, BN_GENCB *arg) { c = '\n'; } - BIO_write(arg->arg, &c, 1); - (void)BIO_flush(arg->arg); + fputc(c, arg->arg); + fflush(arg->arg); if (!ok && p == 0 && num > 1) { - BIO_printf((BIO *)arg, "error in dsatest\n"); + fprintf(stderr, "error in dsatest\n"); return 0; } diff --git a/src/crypto/ec/CMakeLists.txt b/src/crypto/ec/CMakeLists.txt index 11266c6..a218c0d 100644 --- a/src/crypto/ec/CMakeLists.txt +++ b/src/crypto/ec/CMakeLists.txt @@ -6,13 +6,14 @@ add_library( OBJECT ec.c + ec_asn1.c + ec_key.c + ec_montgomery.c oct.c + p256-64.c + util-64.c simple.c - ec_montgomery.c wnaf.c - ec_key.c - ec_asn1.c - ec_error.c ) add_executable( @@ -24,7 +25,7 @@ add_executable( add_executable( ec_test - ec_test.c + ec_test.cc ) target_link_libraries(example_mul crypto) diff --git a/src/crypto/ec/ec.c b/src/crypto/ec/ec.c index 6e676c9..5426b8f 100644 --- a/src/crypto/ec/ec.c +++ b/src/crypto/ec/ec.c @@ -219,11 +219,18 @@ static const struct curve_data P521 = { 0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09}}; const struct built_in_curve OPENSSL_built_in_curves[] = { - {NID_secp224r1, &P224, 0}, - {NID_X9_62_prime256v1, &P256, 0}, - {NID_secp384r1, &P384, 0}, - {NID_secp521r1, &P521, 0}, - {NID_undef, 0, 0}, + {NID_secp224r1, &P224, 0}, + { + NID_X9_62_prime256v1, &P256, +#if defined(OPENSSL_64_BIT) && !defined(OPENSSL_WINDOWS) + EC_GFp_nistp256_method, +#else + 0, +#endif + }, + {NID_secp384r1, &P384, 0}, + {NID_secp521r1, &P521, 0}, + {NID_undef, 0, 0}, }; EC_GROUP *ec_group_new(const EC_METHOD *meth) { @@ -357,22 +364,14 @@ err: EC_GROUP_free(group); group = NULL; } - if (P) - EC_POINT_free(P); - if (ctx) - BN_CTX_free(ctx); - if (p) - BN_free(p); - if (a) - BN_free(a); - if (b) - BN_free(b); - if (order) - BN_free(order); - if (x) - BN_free(x); - if (y) - BN_free(y); + EC_POINT_free(P); + BN_CTX_free(ctx); + BN_free(p); + BN_free(a); + BN_free(b); + BN_free(order); + BN_free(x); + BN_free(y); return group; } @@ -409,16 +408,14 @@ void EC_GROUP_free(EC_GROUP *group) { ec_pre_comp_free(group->pre_comp); - if (group->generator != NULL) { - EC_POINT_free(group->generator); - } + EC_POINT_free(group->generator); BN_free(&group->order); BN_free(&group->cofactor); OPENSSL_free(group); } -int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) { +int ec_group_copy(EC_GROUP *dest, const EC_GROUP *src) { if (dest->meth->group_copy == 0) { OPENSSL_PUT_ERROR(EC, EC_GROUP_copy, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; @@ -474,7 +471,7 @@ EC_GROUP *EC_GROUP_dup(const EC_GROUP *a) { if (t == NULL) { return NULL; } - if (!EC_GROUP_copy(t, a)) { + if (!ec_group_copy(t, a)) { goto err; } @@ -482,9 +479,7 @@ EC_GROUP *EC_GROUP_dup(const EC_GROUP *a) { err: if (!ok) { - if (t) { - EC_GROUP_free(t); - } + EC_GROUP_free(t); return NULL; } else { return t; diff --git a/src/crypto/ec/ec_asn1.c b/src/crypto/ec/ec_asn1.c index ce9b3f4..ff3dca6 100644 --- a/src/crypto/ec/ec_asn1.c +++ b/src/crypto/ec/ec_asn1.c @@ -172,9 +172,7 @@ ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *group, return NULL; } } else { - if (ret->value.named_curve) { - ASN1_OBJECT_free(ret->value.named_curve); - } + ASN1_OBJECT_free(ret->value.named_curve); } /* use the ASN.1 OID to describe the the elliptic curve parameters. */ @@ -257,10 +255,8 @@ static EC_GROUP *d2i_ECPKParameters(EC_GROUP **groupp, const uint8_t **inp, return NULL; } - if (groupp && *groupp) { - EC_GROUP_free(*groupp); - } if (groupp) { + EC_GROUP_free(*groupp); *groupp = group; } @@ -290,16 +286,9 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const uint8_t **in, long len) { EC_KEY *ret = NULL; EC_PRIVATEKEY *priv_key = NULL; - priv_key = EC_PRIVATEKEY_new(); - if (priv_key == NULL) { - OPENSSL_PUT_ERROR(EC, d2i_ECPrivateKey, ERR_R_MALLOC_FAILURE); - return NULL; - } - - priv_key = d2i_EC_PRIVATEKEY(&priv_key, in, len); + priv_key = d2i_EC_PRIVATEKEY(NULL, in, len); if (priv_key == NULL) { OPENSSL_PUT_ERROR(EC, d2i_ECPrivateKey, ERR_R_EC_LIB); - EC_PRIVATEKEY_free(priv_key); return NULL; } @@ -309,17 +298,12 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const uint8_t **in, long len) { OPENSSL_PUT_ERROR(EC, d2i_ECPrivateKey, ERR_R_MALLOC_FAILURE); goto err; } - if (a) { - *a = ret; - } } else { ret = *a; } if (priv_key->parameters) { - if (ret->group) { - EC_GROUP_free(ret->group); - } + EC_GROUP_free(ret->group); ret->group = ec_asn1_pkparameters2group(priv_key->parameters); } @@ -343,9 +327,7 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const uint8_t **in, long len) { goto err; } - if (ret->pub_key) { - EC_POINT_free(ret->pub_key); - } + EC_POINT_free(ret->pub_key); ret->pub_key = EC_POINT_new(ret->group); if (ret->pub_key == NULL) { OPENSSL_PUT_ERROR(EC, d2i_ECPrivateKey, ERR_R_EC_LIB); @@ -380,22 +362,20 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const uint8_t **in, long len) { ret->enc_flag |= EC_PKEY_NO_PUBKEY; } + if (a) { + *a = ret; + } ok = 1; err: if (!ok) { - if (ret) { + if (a == NULL || *a != ret) { EC_KEY_free(ret); } ret = NULL; - if (a) { - *a = ret; - } } - if (priv_key) { - EC_PRIVATEKEY_free(priv_key); - } + EC_PRIVATEKEY_free(priv_key); return ret; } @@ -419,14 +399,14 @@ int i2d_ECPrivateKey(const EC_KEY *key, uint8_t **outp) { priv_key->version = key->version; - buf_len = BN_num_bytes(key->priv_key); + buf_len = BN_num_bytes(&key->group->order); buffer = OPENSSL_malloc(buf_len); if (buffer == NULL) { OPENSSL_PUT_ERROR(EC, i2d_ECPrivateKey, ERR_R_MALLOC_FAILURE); goto err; } - if (!BN_bn2bin(key->priv_key, buffer)) { + if (!BN_bn2bin_padded(buffer, buf_len, key->priv_key)) { OPENSSL_PUT_ERROR(EC, i2d_ECPrivateKey, ERR_R_BN_LIB); goto err; } @@ -488,12 +468,8 @@ int i2d_ECPrivateKey(const EC_KEY *key, uint8_t **outp) { ok = 1; err: - if (buffer) { - OPENSSL_free(buffer); - } - if (priv_key) { - EC_PRIVATEKEY_free(priv_key); - } + OPENSSL_free(buffer); + EC_PRIVATEKEY_free(priv_key); return (ok ? ret : 0); } @@ -519,18 +495,21 @@ EC_KEY *d2i_ECParameters(EC_KEY **key, const uint8_t **inp, long len) { OPENSSL_PUT_ERROR(EC, d2i_ECParameters, ERR_R_MALLOC_FAILURE); return NULL; } - if (key) { - *key = ret; - } } else { ret = *key; } if (!d2i_ECPKParameters(&ret->group, inp, len)) { OPENSSL_PUT_ERROR(EC, d2i_ECParameters, ERR_R_EC_LIB); + if (key == NULL || *key == NULL) { + EC_KEY_free(ret); + } return NULL; } + if (key) { + *key = ret; + } return ret; } diff --git a/src/crypto/ec/ec_error.c b/src/crypto/ec/ec_error.c deleted file mode 100644 index 73807c7..0000000 --- a/src/crypto/ec/ec_error.c +++ /dev/null @@ -1,107 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#include - -#include - -const ERR_STRING_DATA EC_error_string_data[] = { - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_copy, 0), "EC_GROUP_copy"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_get_curve_GFp, 0), "EC_GROUP_get_curve_GFp"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_get_degree, 0), "EC_GROUP_get_degree"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_new_by_curve_name, 0), "EC_GROUP_new_by_curve_name"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_check_key, 0), "EC_KEY_check_key"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_copy, 0), "EC_KEY_copy"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_generate_key, 0), "EC_KEY_generate_key"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_new_method, 0), "EC_KEY_new_method"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_set_public_key_affine_coordinates, 0), "EC_KEY_set_public_key_affine_coordinates"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_add, 0), "EC_POINT_add"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_cmp, 0), "EC_POINT_cmp"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_copy, 0), "EC_POINT_copy"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_dbl, 0), "EC_POINT_dbl"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_dup, 0), "EC_POINT_dup"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_get_affine_coordinates_GFp, 0), "EC_POINT_get_affine_coordinates_GFp"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_invert, 0), "EC_POINT_invert"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_is_at_infinity, 0), "EC_POINT_is_at_infinity"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_is_on_curve, 0), "EC_POINT_is_on_curve"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_make_affine, 0), "EC_POINT_make_affine"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_new, 0), "EC_POINT_new"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_oct2point, 0), "EC_POINT_oct2point"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_point2oct, 0), "EC_POINT_point2oct"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_set_affine_coordinates_GFp, 0), "EC_POINT_set_affine_coordinates_GFp"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_set_compressed_coordinates_GFp, 0), "EC_POINT_set_compressed_coordinates_GFp"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_set_to_infinity, 0), "EC_POINT_set_to_infinity"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINTs_make_affine, 0), "EC_POINTs_make_affine"}, - {ERR_PACK(ERR_LIB_EC, EC_F_compute_wNAF, 0), "compute_wNAF"}, - {ERR_PACK(ERR_LIB_EC, EC_F_d2i_ECPKParameters, 0), "d2i_ECPKParameters"}, - {ERR_PACK(ERR_LIB_EC, EC_F_d2i_ECParameters, 0), "d2i_ECParameters"}, - {ERR_PACK(ERR_LIB_EC, EC_F_d2i_ECPrivateKey, 0), "d2i_ECPrivateKey"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ec_GFp_mont_field_decode, 0), "ec_GFp_mont_field_decode"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ec_GFp_mont_field_encode, 0), "ec_GFp_mont_field_encode"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ec_GFp_mont_field_mul, 0), "ec_GFp_mont_field_mul"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ec_GFp_mont_field_set_to_one, 0), "ec_GFp_mont_field_set_to_one"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ec_GFp_mont_field_sqr, 0), "ec_GFp_mont_field_sqr"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ec_GFp_mont_group_set_curve, 0), "ec_GFp_mont_group_set_curve"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ec_GFp_simple_group_check_discriminant, 0), "ec_GFp_simple_group_check_discriminant"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ec_GFp_simple_group_set_curve, 0), "ec_GFp_simple_group_set_curve"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ec_GFp_simple_make_affine, 0), "ec_GFp_simple_make_affine"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ec_GFp_simple_oct2point, 0), "ec_GFp_simple_oct2point"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ec_GFp_simple_point2oct, 0), "ec_GFp_simple_point2oct"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ec_GFp_simple_point_get_affine_coordinates, 0), "ec_GFp_simple_point_get_affine_coordinates"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ec_GFp_simple_point_set_affine_coordinates, 0), "ec_GFp_simple_point_set_affine_coordinates"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ec_GFp_simple_points_make_affine, 0), "ec_GFp_simple_points_make_affine"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ec_GFp_simple_set_compressed_coordinates, 0), "ec_GFp_simple_set_compressed_coordinates"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ec_asn1_group2pkparameters, 0), "ec_asn1_group2pkparameters"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ec_asn1_pkparameters2group, 0), "ec_asn1_pkparameters2group"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ec_group_new, 0), "ec_group_new"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ec_group_new_curve_GFp, 0), "ec_group_new_curve_GFp"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ec_group_new_from_data, 0), "ec_group_new_from_data"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ec_point_set_Jprojective_coordinates_GFp, 0), "ec_point_set_Jprojective_coordinates_GFp"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ec_pre_comp_new, 0), "ec_pre_comp_new"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ec_wNAF_mul, 0), "ec_wNAF_mul"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ec_wNAF_precompute_mult, 0), "ec_wNAF_precompute_mult"}, - {ERR_PACK(ERR_LIB_EC, EC_F_i2d_ECPKParameters, 0), "i2d_ECPKParameters"}, - {ERR_PACK(ERR_LIB_EC, EC_F_i2d_ECParameters, 0), "i2d_ECParameters"}, - {ERR_PACK(ERR_LIB_EC, EC_F_i2d_ECPrivateKey, 0), "i2d_ECPrivateKey"}, - {ERR_PACK(ERR_LIB_EC, EC_F_i2o_ECPublicKey, 0), "i2o_ECPublicKey"}, - {ERR_PACK(ERR_LIB_EC, EC_F_o2i_ECPublicKey, 0), "o2i_ECPublicKey"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_BUFFER_TOO_SMALL), "BUFFER_TOO_SMALL"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_COORDINATES_OUT_OF_RANGE), "COORDINATES_OUT_OF_RANGE"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_D2I_ECPKPARAMETERS_FAILURE), "D2I_ECPKPARAMETERS_FAILURE"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_EC_GROUP_NEW_BY_NAME_FAILURE), "EC_GROUP_NEW_BY_NAME_FAILURE"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_GF2M_NOT_SUPPORTED), "GF2M_NOT_SUPPORTED"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_GROUP2PKPARAMETERS_FAILURE), "GROUP2PKPARAMETERS_FAILURE"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_I2D_ECPKPARAMETERS_FAILURE), "I2D_ECPKPARAMETERS_FAILURE"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INCOMPATIBLE_OBJECTS), "INCOMPATIBLE_OBJECTS"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_COMPRESSED_POINT), "INVALID_COMPRESSED_POINT"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_COMPRESSION_BIT), "INVALID_COMPRESSION_BIT"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_ENCODING), "INVALID_ENCODING"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_FIELD), "INVALID_FIELD"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_FORM), "INVALID_FORM"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_GROUP_ORDER), "INVALID_GROUP_ORDER"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_PRIVATE_KEY), "INVALID_PRIVATE_KEY"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_PARAMETERS), "MISSING_PARAMETERS"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_PRIVATE_KEY), "MISSING_PRIVATE_KEY"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_NON_NAMED_CURVE), "NON_NAMED_CURVE"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_NOT_INITIALIZED), "NOT_INITIALIZED"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_PKPARAMETERS2GROUP_FAILURE), "PKPARAMETERS2GROUP_FAILURE"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_AT_INFINITY), "POINT_AT_INFINITY"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_IS_NOT_ON_CURVE), "POINT_IS_NOT_ON_CURVE"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_SLOT_FULL), "SLOT_FULL"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNDEFINED_GENERATOR), "UNDEFINED_GENERATOR"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNKNOWN_GROUP), "UNKNOWN_GROUP"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNKNOWN_ORDER), "UNKNOWN_ORDER"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_WRONG_ORDER), "WRONG_ORDER"}, - {0, NULL}, -}; diff --git a/src/crypto/ec/ec_key.c b/src/crypto/ec/ec_key.c index 471ea9c..3652ba5 100644 --- a/src/crypto/ec/ec_key.c +++ b/src/crypto/ec/ec_key.c @@ -74,10 +74,14 @@ #include #include #include +#include #include "internal.h" +#include "../internal.h" +static CRYPTO_EX_DATA_CLASS g_ex_data_class = CRYPTO_EX_DATA_CLASS_INIT; + EC_KEY *EC_KEY_new(void) { return EC_KEY_new_method(NULL); } EC_KEY *EC_KEY_new_method(const ENGINE *engine) { @@ -100,7 +104,7 @@ EC_KEY *EC_KEY_new_method(const ENGINE *engine) { ret->conv_form = POINT_CONVERSION_UNCOMPRESSED; ret->references = 1; - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data)) { + if (!CRYPTO_new_ex_data(&g_ex_data_class, ret, &ret->ex_data)) { goto err1; } @@ -111,7 +115,7 @@ EC_KEY *EC_KEY_new_method(const ENGINE *engine) { return ret; err2: - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data); + CRYPTO_free_ex_data(&g_ex_data_class, ret, &ret->ex_data); err1: if (ret->ecdsa_meth) { METHOD_unref(ret->ecdsa_meth); @@ -123,6 +127,7 @@ err1: EC_KEY *EC_KEY_new_by_curve_name(int nid) { EC_KEY *ret = EC_KEY_new(); if (ret == NULL) { + OPENSSL_PUT_ERROR(EC, EC_KEY_new_by_curve_name, ERR_R_MALLOC_FAILURE); return NULL; } ret->group = EC_GROUP_new_by_curve_name(nid); @@ -149,17 +154,11 @@ void EC_KEY_free(EC_KEY *r) { METHOD_unref(r->ecdsa_meth); } - if (r->group != NULL) { - EC_GROUP_free(r->group); - } - if (r->pub_key != NULL) { - EC_POINT_free(r->pub_key); - } - if (r->priv_key != NULL) { - BN_clear_free(r->priv_key); - } + EC_GROUP_free(r->group); + EC_POINT_free(r->pub_key); + BN_clear_free(r->priv_key); - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, r, &r->ex_data); + CRYPTO_free_ex_data(&g_ex_data_class, r, &r->ex_data); OPENSSL_cleanse((void *)r, sizeof(EC_KEY)); OPENSSL_free(r); @@ -170,35 +169,23 @@ EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src) { OPENSSL_PUT_ERROR(EC, EC_KEY_copy, ERR_R_PASSED_NULL_PARAMETER); return NULL; } - /* copy the parameters */ + /* Copy the parameters. */ if (src->group) { /* TODO(fork): duplicating the group seems wasteful. */ - const EC_METHOD *meth = src->group->meth; - /* clear the old group */ - if (dest->group) { - EC_GROUP_free(dest->group); - } - dest->group = ec_group_new(meth); + EC_GROUP_free(dest->group); + dest->group = EC_GROUP_dup(src->group); if (dest->group == NULL) { return NULL; } - if (!EC_GROUP_copy(dest->group, src->group)) { - return NULL; - } } - /* copy the public key */ + /* Copy the public key. */ if (src->pub_key && src->group) { - if (dest->pub_key) { - EC_POINT_free(dest->pub_key); - } - dest->pub_key = EC_POINT_new(src->group); + EC_POINT_free(dest->pub_key); + dest->pub_key = EC_POINT_dup(src->pub_key, src->group); if (dest->pub_key == NULL) { return NULL; } - if (!EC_POINT_copy(dest->pub_key, src->pub_key)) { - return NULL; - } } /* copy the private key */ @@ -214,8 +201,8 @@ EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src) { } } /* copy method/extra data */ - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, dest, &dest->ex_data); - if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_EC_KEY, &dest->ex_data, + CRYPTO_free_ex_data(&g_ex_data_class, dest, &dest->ex_data); + if (!CRYPTO_dup_ex_data(&g_ex_data_class, &dest->ex_data, &src->ex_data)) { return NULL; } @@ -252,9 +239,7 @@ int EC_KEY_is_opaque(const EC_KEY *key) { const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key) { return key->group; } int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group) { - if (key->group != NULL) { - EC_GROUP_free(key->group); - } + EC_GROUP_free(key->group); /* TODO(fork): duplicating the group seems wasteful but see * |EC_KEY_set_conv_form|. */ key->group = EC_GROUP_dup(group); @@ -266,9 +251,7 @@ const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key) { } int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key) { - if (key->priv_key) { - BN_clear_free(key->priv_key); - } + BN_clear_free(key->priv_key); key->priv_key = BN_dup(priv_key); return (key->priv_key == NULL) ? 0 : 1; } @@ -278,9 +261,7 @@ const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key) { } int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub_key) { - if (key->pub_key != NULL) { - EC_POINT_free(key->pub_key); - } + EC_POINT_free(key->pub_key); key->pub_key = EC_POINT_dup(pub_key, key->group); return (key->pub_key == NULL) ? 0 : 1; } @@ -371,10 +352,8 @@ int EC_KEY_check_key(const EC_KEY *eckey) { ok = 1; err: - if (ctx != NULL) - BN_CTX_free(ctx); - if (point != NULL) - EC_POINT_free(point); + BN_CTX_free(ctx); + EC_POINT_free(point); return ok; } @@ -425,10 +404,8 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, ok = 1; err: - if (ctx) - BN_CTX_free(ctx); - if (point) - EC_POINT_free(point); + BN_CTX_free(ctx); + EC_POINT_free(point); return ok; } @@ -489,22 +466,26 @@ int EC_KEY_generate_key(EC_KEY *eckey) { ok = 1; err: - if (order) - BN_free(order); - if (pub_key != NULL && eckey->pub_key == NULL) + BN_free(order); + if (eckey->pub_key == NULL) { EC_POINT_free(pub_key); - if (priv_key != NULL && eckey->priv_key == NULL) + } + if (eckey->priv_key == NULL) { BN_free(priv_key); - if (ctx != NULL) - BN_CTX_free(ctx); + } + BN_CTX_free(ctx); return ok; } int EC_KEY_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EC_KEY, argl, argp, new_func, - dup_func, free_func); + int index; + if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp, new_func, + dup_func, free_func)) { + return -1; + } + return index; } int EC_KEY_set_ex_data(EC_KEY *d, int idx, void *arg) { diff --git a/src/crypto/ec/ec_montgomery.c b/src/crypto/ec/ec_montgomery.c index ab04556..74dbc6c 100644 --- a/src/crypto/ec/ec_montgomery.c +++ b/src/crypto/ec/ec_montgomery.c @@ -121,68 +121,58 @@ int ec_GFp_mont_group_init(EC_GROUP *group) { int ok; ok = ec_GFp_simple_group_init(group); - group->field_data1 = NULL; - group->field_data2 = NULL; + group->mont = NULL; + group->one = NULL; return ok; } void ec_GFp_mont_group_finish(EC_GROUP *group) { - if (group->field_data1 != NULL) { - BN_MONT_CTX_free(group->field_data1); - group->field_data1 = NULL; - } - if (group->field_data2 != NULL) { - BN_free(group->field_data2); - group->field_data2 = NULL; - } + BN_MONT_CTX_free(group->mont); + group->mont = NULL; + BN_free(group->one); + group->one = NULL; ec_GFp_simple_group_finish(group); } void ec_GFp_mont_group_clear_finish(EC_GROUP *group) { - if (group->field_data1 != NULL) { - BN_MONT_CTX_free(group->field_data1); - group->field_data1 = NULL; - } - if (group->field_data2 != NULL) { - BN_clear_free(group->field_data2); - group->field_data2 = NULL; - } + BN_MONT_CTX_free(group->mont); + group->mont = NULL; + BN_clear_free(group->one); + group->one = NULL; ec_GFp_simple_group_clear_finish(group); } int ec_GFp_mont_group_copy(EC_GROUP *dest, const EC_GROUP *src) { - if (dest->field_data1 != NULL) { - BN_MONT_CTX_free(dest->field_data1); - dest->field_data1 = NULL; - } - if (dest->field_data2 != NULL) { - BN_clear_free(dest->field_data2); - dest->field_data2 = NULL; - } + BN_MONT_CTX_free(dest->mont); + dest->mont = NULL; + BN_clear_free(dest->one); + dest->one = NULL; - if (!ec_GFp_simple_group_copy(dest, src)) + if (!ec_GFp_simple_group_copy(dest, src)) { return 0; + } - if (src->field_data1 != NULL) { - dest->field_data1 = BN_MONT_CTX_new(); - if (dest->field_data1 == NULL) + if (src->mont != NULL) { + dest->mont = BN_MONT_CTX_new(); + if (dest->mont == NULL) { return 0; - if (!BN_MONT_CTX_copy(dest->field_data1, src->field_data1)) + } + if (!BN_MONT_CTX_copy(dest->mont, src->mont)) { goto err; + } } - if (src->field_data2 != NULL) { - dest->field_data2 = BN_dup(src->field_data2); - if (dest->field_data2 == NULL) + if (src->one != NULL) { + dest->one = BN_dup(src->one); + if (dest->one == NULL) { goto err; + } } return 1; err: - if (dest->field_data1 != NULL) { - BN_MONT_CTX_free(dest->field_data1); - dest->field_data1 = NULL; - } + BN_MONT_CTX_free(dest->mont); + dest->mont = NULL; return 0; } @@ -193,104 +183,101 @@ int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, BIGNUM *one = NULL; int ret = 0; - if (group->field_data1 != NULL) { - BN_MONT_CTX_free(group->field_data1); - group->field_data1 = NULL; - } - if (group->field_data2 != NULL) { - BN_free(group->field_data2); - group->field_data2 = NULL; - } + BN_MONT_CTX_free(group->mont); + group->mont = NULL; + BN_free(group->one); + group->one = NULL; if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) + if (ctx == NULL) { return 0; + } } mont = BN_MONT_CTX_new(); - if (mont == NULL) + if (mont == NULL) { goto err; + } if (!BN_MONT_CTX_set(mont, p, ctx)) { OPENSSL_PUT_ERROR(EC, ec_GFp_mont_group_set_curve, ERR_R_BN_LIB); goto err; } one = BN_new(); - if (one == NULL) - goto err; - if (!BN_to_montgomery(one, BN_value_one(), mont, ctx)) + if (one == NULL || !BN_to_montgomery(one, BN_value_one(), mont, ctx)) { goto err; + } - group->field_data1 = mont; + group->mont = mont; mont = NULL; - group->field_data2 = one; + group->one = one; one = NULL; ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx); if (!ret) { - BN_MONT_CTX_free(group->field_data1); - group->field_data1 = NULL; - BN_free(group->field_data2); - group->field_data2 = NULL; + BN_MONT_CTX_free(group->mont); + group->mont = NULL; + BN_free(group->one); + group->one = NULL; } err: - if (new_ctx != NULL) - BN_CTX_free(new_ctx); - if (mont != NULL) - BN_MONT_CTX_free(mont); + BN_CTX_free(new_ctx); + BN_MONT_CTX_free(mont); + BN_free(one); return ret; } int ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { - if (group->field_data1 == NULL) { + if (group->mont == NULL) { OPENSSL_PUT_ERROR(EC, ec_GFp_mont_field_mul, EC_R_NOT_INITIALIZED); return 0; } - return BN_mod_mul_montgomery(r, a, b, group->field_data1, ctx); + return BN_mod_mul_montgomery(r, a, b, group->mont, ctx); } int ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) { - if (group->field_data1 == NULL) { + if (group->mont == NULL) { OPENSSL_PUT_ERROR(EC, ec_GFp_mont_field_sqr, EC_R_NOT_INITIALIZED); return 0; } - return BN_mod_mul_montgomery(r, a, a, group->field_data1, ctx); + return BN_mod_mul_montgomery(r, a, a, group->mont, ctx); } int ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) { - if (group->field_data1 == NULL) { + if (group->mont == NULL) { OPENSSL_PUT_ERROR(EC, ec_GFp_mont_field_encode, EC_R_NOT_INITIALIZED); return 0; } - return BN_to_montgomery(r, a, (BN_MONT_CTX *)group->field_data1, ctx); + return BN_to_montgomery(r, a, group->mont, ctx); } int ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) { - if (group->field_data1 == NULL) { + if (group->mont == NULL) { OPENSSL_PUT_ERROR(EC, ec_GFp_mont_field_decode, EC_R_NOT_INITIALIZED); return 0; } - return BN_from_montgomery(r, a, group->field_data1, ctx); + return BN_from_montgomery(r, a, group->mont, ctx); } int ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r, BN_CTX *ctx) { - if (group->field_data2 == NULL) { + if (group->one == NULL) { OPENSSL_PUT_ERROR(EC, ec_GFp_mont_field_set_to_one, EC_R_NOT_INITIALIZED); return 0; } - if (!BN_copy(r, group->field_data2)) + if (!BN_copy(r, group->one)) { return 0; + } return 1; } diff --git a/src/crypto/ec/ec_test.c b/src/crypto/ec/ec_test.c deleted file mode 100644 index 8d53f87..0000000 --- a/src/crypto/ec/ec_test.c +++ /dev/null @@ -1,124 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#include -#include - -#include -#include -#include -#include - -#include "internal.h" - - -static const uint8_t kECKeyWithoutPublic[] = { - 0x30, 0x31, 0x02, 0x01, 0x01, 0x04, 0x20, 0xc6, 0xc1, 0xaa, 0xda, 0x15, 0xb0, - 0x76, 0x61, 0xf8, 0x14, 0x2c, 0x6c, 0xaf, 0x0f, 0xdb, 0x24, 0x1a, 0xff, 0x2e, - 0xfe, 0x46, 0xc0, 0x93, 0x8b, 0x74, 0xf2, 0xbc, 0xc5, 0x30, 0x52, 0xb0, 0x77, - 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, -}; - -int test_d2i_ECPrivateKey(void) { - int len, ret = 0; - uint8_t *out = NULL, *outp; - const uint8_t *inp; - EC_KEY *key = NULL; - BIGNUM *x = NULL, *y = NULL; - const EC_POINT *public; - char *x_hex = NULL, *y_hex = NULL; - - inp = kECKeyWithoutPublic; - key = d2i_ECPrivateKey(NULL, &inp, sizeof(kECKeyWithoutPublic)); - - if (key == NULL || inp != kECKeyWithoutPublic + sizeof(kECKeyWithoutPublic)) { - fprintf(stderr, "Failed to parse private key.\n"); - BIO_print_errors_fp(stderr); - goto out; - } - - len = i2d_ECPrivateKey(key, NULL); - out = malloc(len); - outp = out; - if (len != i2d_ECPrivateKey(key, &outp)) { - fprintf(stderr, "Failed to serialize private key.\n"); - BIO_print_errors_fp(stderr); - goto out; - } - - if (0 != memcmp(out, kECKeyWithoutPublic, len)) { - fprintf(stderr, "Serialisation of key doesn't match original.\n"); - goto out; - } - - public = EC_KEY_get0_public_key(key); - if (public == NULL) { - fprintf(stderr, "Public key missing.\n"); - goto out; - } - - x = BN_new(); - y = BN_new(); - if (x == NULL || y == NULL) { - goto out; - } - if (!EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(key), public, x, y, - NULL)) { - fprintf(stderr, "Failed to get public key in affine coordinates.\n"); - goto out; - } - x_hex = BN_bn2hex(x); - y_hex = BN_bn2hex(y); - if (0 != strcmp(x_hex, "c81561ecf2e54edefe6617db1c7a34a70744ddb261f269b83dacfcd2ade5a681") || - 0 != strcmp(y_hex, "e0e2afa3f9b6abe4c698ef6495f1be49a3196c5056acb3763fe4507eec596e88")) { - fprintf(stderr, "Incorrect public key: %s %s\n", x_hex, y_hex); - goto out; - } - - ret = 1; - -out: - if (key != NULL) { - EC_KEY_free(key); - } - if (out != NULL) { - free(out); - } - if (x != NULL) { - BN_free(x); - } - if (y != NULL) { - BN_free(y); - } - if (x_hex != NULL) { - OPENSSL_free(x_hex); - } - if (y_hex != NULL) { - OPENSSL_free(y_hex); - } - return ret; -} - -int main(void) { - CRYPTO_library_init(); - ERR_load_crypto_strings(); - - if (!test_d2i_ECPrivateKey()) { - fprintf(stderr, "failed\n"); - return 1; - } - - printf("PASS\n"); - return 0; -} diff --git a/src/crypto/ec/ec_test.cc b/src/crypto/ec/ec_test.cc new file mode 100644 index 0000000..74685eb --- /dev/null +++ b/src/crypto/ec/ec_test.cc @@ -0,0 +1,185 @@ +/* Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include +#include + +#include + +#include +#include +#include +#include + +#include "../test/scoped_types.h" +#include "../test/stl_compat.h" + + +// kECKeyWithoutPublic is an ECPrivateKey with the optional publicKey field +// omitted. +static const uint8_t kECKeyWithoutPublic[] = { + 0x30, 0x31, 0x02, 0x01, 0x01, 0x04, 0x20, 0xc6, 0xc1, 0xaa, 0xda, 0x15, 0xb0, + 0x76, 0x61, 0xf8, 0x14, 0x2c, 0x6c, 0xaf, 0x0f, 0xdb, 0x24, 0x1a, 0xff, 0x2e, + 0xfe, 0x46, 0xc0, 0x93, 0x8b, 0x74, 0xf2, 0xbc, 0xc5, 0x30, 0x52, 0xb0, 0x77, + 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, +}; + +// kECKeyMissingZeros is an ECPrivateKey containing a degenerate P-256 key where +// the private key is one. The private key is incorrectly encoded without zero +// padding. +static const uint8_t kECKeyMissingZeros[] = { + 0x30, 0x58, 0x02, 0x01, 0x01, 0x04, 0x01, 0x01, 0xa0, 0x0a, 0x06, 0x08, 0x2a, + 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, + 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc, 0xe6, 0xe5, 0x63, + 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0, 0xf4, 0xa1, + 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96, 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, + 0x9b, 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, + 0x6b, 0x31, 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5, +}; + +// kECKeyMissingZeros is an ECPrivateKey containing a degenerate P-256 key where +// the private key is one. The private key is encoded with the required zero +// padding. +static const uint8_t kECKeyWithZeros[] = { + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0xa1, + 0x44, 0x03, 0x42, 0x00, 0x04, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, + 0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d, + 0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96, 0x4f, 0xe3, + 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, + 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, + 0x37, 0xbf, 0x51, 0xf5, +}; + +// DecodeECPrivateKey decodes |in| as an ECPrivateKey structure and returns the +// result or nullptr on error. +static ScopedEC_KEY DecodeECPrivateKey(const uint8_t *in, size_t in_len) { + const uint8_t *inp = in; + ScopedEC_KEY ret(d2i_ECPrivateKey(NULL, &inp, in_len)); + if (!ret || inp != in + in_len) { + return nullptr; + } + return ret; +} + +// EncodeECPrivateKey encodes |key| as an ECPrivateKey structure into |*out|. It +// returns true on success or false on error. +static bool EncodeECPrivateKey(std::vector *out, EC_KEY *key) { + int len = i2d_ECPrivateKey(key, NULL); + out->resize(len); + uint8_t *outp = bssl::vector_data(out); + return i2d_ECPrivateKey(key, &outp) == len; +} + +bool Testd2i_ECPrivateKey() { + ScopedEC_KEY key = DecodeECPrivateKey(kECKeyWithoutPublic, + sizeof(kECKeyWithoutPublic)); + if (!key) { + fprintf(stderr, "Failed to parse private key.\n"); + ERR_print_errors_fp(stderr); + return false; + } + + std::vector out; + if (!EncodeECPrivateKey(&out, key.get())) { + fprintf(stderr, "Failed to serialize private key.\n"); + ERR_print_errors_fp(stderr); + return false; + } + + if (std::vector(kECKeyWithoutPublic, + kECKeyWithoutPublic + sizeof(kECKeyWithoutPublic)) != + out) { + fprintf(stderr, "Serialisation of key doesn't match original.\n"); + return false; + } + + const EC_POINT *pub_key = EC_KEY_get0_public_key(key.get()); + if (pub_key == NULL) { + fprintf(stderr, "Public key missing.\n"); + return false; + } + + ScopedBIGNUM x(BN_new()); + ScopedBIGNUM y(BN_new()); + if (!x || !y) { + return false; + } + if (!EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(key.get()), + pub_key, x.get(), y.get(), NULL)) { + fprintf(stderr, "Failed to get public key in affine coordinates.\n"); + return false; + } + ScopedOpenSSLString x_hex(BN_bn2hex(x.get())); + ScopedOpenSSLString y_hex(BN_bn2hex(y.get())); + if (0 != strcmp( + x_hex.get(), + "c81561ecf2e54edefe6617db1c7a34a70744ddb261f269b83dacfcd2ade5a681") || + 0 != strcmp( + y_hex.get(), + "e0e2afa3f9b6abe4c698ef6495f1be49a3196c5056acb3763fe4507eec596e88")) { + fprintf(stderr, "Incorrect public key: %s %s\n", x_hex.get(), y_hex.get()); + return false; + } + + return true; +} + +static bool TestZeroPadding() { + // Check that the correct encoding round-trips. + ScopedEC_KEY key = DecodeECPrivateKey(kECKeyWithZeros, + sizeof(kECKeyWithZeros)); + std::vector out; + if (!key || !EncodeECPrivateKey(&out, key.get())) { + ERR_print_errors_fp(stderr); + return false; + } + + if (std::vector(kECKeyWithZeros, + kECKeyWithZeros + sizeof(kECKeyWithZeros)) != out) { + fprintf(stderr, "Serialisation of key was incorrect.\n"); + return false; + } + + // Keys without leading zeros also parse, but they encode correctly. + key = DecodeECPrivateKey(kECKeyMissingZeros, sizeof(kECKeyMissingZeros)); + if (!key || !EncodeECPrivateKey(&out, key.get())) { + ERR_print_errors_fp(stderr); + return false; + } + + if (std::vector(kECKeyWithZeros, + kECKeyWithZeros + sizeof(kECKeyWithZeros)) != out) { + fprintf(stderr, "Serialisation of key was incorrect.\n"); + return false; + } + + return true; +} + +int main(void) { + CRYPTO_library_init(); + ERR_load_crypto_strings(); + + if (!Testd2i_ECPrivateKey() || + !TestZeroPadding()) { + fprintf(stderr, "failed\n"); + return 1; + } + + printf("PASS\n"); + return 0; +} diff --git a/src/crypto/ec/internal.h b/src/crypto/ec/internal.h index da116c4..0a8bf24 100644 --- a/src/crypto/ec/internal.h +++ b/src/crypto/ec/internal.h @@ -81,8 +81,6 @@ extern "C" { /* Use default functions for poin2oct, oct2point and compressed coordinates */ #define EC_FLAGS_DEFAULT_OCT 0x1 -typedef struct ec_method_st EC_METHOD; - struct ec_method_st { /* Various method flags */ int flags; @@ -205,35 +203,14 @@ struct ec_group_st { /* The following members are handled by the method functions, * even if they appear generic */ - BIGNUM field; /* Field specification. - * For curves over GF(p), this is the modulus; - * for curves over GF(2^m), this is the - * irreducible polynomial defining the field. */ - - int poly[6]; /* Field specification for curves over GF(2^m). - * The irreducible f(t) is then of the form: - * t^poly[0] + t^poly[1] + ... + t^poly[k] - * where m = poly[0] > poly[1] > ... > poly[k] = 0. - * The array is terminated with poly[k+1]=-1. - * All elliptic curve irreducibles have at most 5 - * non-zero terms. */ - - BIGNUM a, b; /* Curve coefficients. - * (Here the assumption is that BIGNUMs can be used - * or abused for all kinds of fields, not just GF(p).) - * For characteristic > 3, the curve is defined - * by a Weierstrass equation of the form - * y^2 = x^3 + a*x + b. - * For characteristic 2, the curve is defined by - * an equation of the form - * y^2 + x*y = x^3 + a*x^2 + b. */ + BIGNUM field; /* For curves over GF(p), this is the modulus. */ + + BIGNUM a, b; /* Curve coefficients. */ int a_is_minus3; /* enable optimized point arithmetics for special case */ - void *field_data1; /* method-specific (e.g., Montgomery structure) */ - void *field_data2; /* method-specific */ - int (*field_mod_func)(BIGNUM *, const BIGNUM *, const BIGNUM *, - BN_CTX *); /* method-specific */ + BN_MONT_CTX *mont; /* Montgomery structure. */ + BIGNUM *one; /* The value one */ } /* EC_GROUP */; struct ec_point_st { @@ -250,6 +227,7 @@ struct ec_point_st { } /* EC_POINT */; EC_GROUP *ec_group_new(const EC_METHOD *meth); +int ec_group_copy(EC_GROUP *dest, const EC_GROUP *src); int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], @@ -329,6 +307,19 @@ int ec_point_set_Jprojective_coordinates_GFp(const EC_GROUP *group, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx); +void ec_GFp_nistp_points_make_affine_internal( + size_t num, void *point_array, size_t felem_size, void *tmp_felems, + void (*felem_one)(void *out), int (*felem_is_zero)(const void *in), + void (*felem_assign)(void *out, const void *in), + void (*felem_square)(void *out, const void *in), + void (*felem_mul)(void *out, const void *in1, const void *in2), + void (*felem_inv)(void *out, const void *in), + void (*felem_contract)(void *out, const void *in)); + +void ec_GFp_nistp_recode_scalar_bits(uint8_t *sign, uint8_t *digit, uint8_t in); + +const EC_METHOD *EC_GFp_nistp256_method(void); + struct ec_key_st { int version; diff --git a/src/crypto/ec/oct.c b/src/crypto/ec/oct.c index c4729ef..816a42f 100644 --- a/src/crypto/ec/oct.c +++ b/src/crypto/ec/oct.c @@ -164,18 +164,14 @@ static size_t ec_GFp_simple_point2oct(const EC_GROUP *group, if (used_ctx) { BN_CTX_end(ctx); } - if (new_ctx != NULL) { - BN_CTX_free(new_ctx); - } + BN_CTX_free(new_ctx); return ret; err: if (used_ctx) { BN_CTX_end(ctx); } - if (new_ctx != NULL) { - BN_CTX_free(new_ctx); - } + BN_CTX_free(new_ctx); return 0; } @@ -227,40 +223,46 @@ static int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) + if (ctx == NULL) { return 0; + } } BN_CTX_start(ctx); x = BN_CTX_get(ctx); y = BN_CTX_get(ctx); - if (y == NULL) + if (y == NULL) { goto err; + } - if (!BN_bin2bn(buf + 1, field_len, x)) + if (!BN_bin2bn(buf + 1, field_len, x)) { goto err; + } if (BN_ucmp(x, &group->field) >= 0) { OPENSSL_PUT_ERROR(EC, ec_GFp_simple_oct2point, EC_R_INVALID_ENCODING); goto err; } if (form == POINT_CONVERSION_COMPRESSED) { - if (!EC_POINT_set_compressed_coordinates_GFp(group, point, x, y_bit, ctx)) + if (!EC_POINT_set_compressed_coordinates_GFp(group, point, x, y_bit, ctx)) { goto err; + } } else { - if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) + if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) { goto err; + } if (BN_ucmp(y, &group->field) >= 0) { OPENSSL_PUT_ERROR(EC, ec_GFp_simple_oct2point, EC_R_INVALID_ENCODING); goto err; } - if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) + if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) { goto err; + } } - if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */ - { + /* test required by X9.62 */ + if (!EC_POINT_is_on_curve(group, point, ctx)) { OPENSSL_PUT_ERROR(EC, ec_GFp_simple_oct2point, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } @@ -269,8 +271,7 @@ static int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, err: BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; } @@ -441,15 +442,15 @@ int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, goto err; } - if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) + if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) { goto err; + } ret = 1; err: BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; } diff --git a/src/crypto/ec/p256-64.c b/src/crypto/ec/p256-64.c new file mode 100644 index 0000000..8f824de --- /dev/null +++ b/src/crypto/ec/p256-64.c @@ -0,0 +1,1936 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +/* A 64-bit implementation of the NIST P-256 elliptic curve point + * multiplication + * + * OpenSSL integration was taken from Emilia Kasper's work in ecp_nistp224.c. + * Otherwise based on Emilia's P224 work, which was inspired by my curve25519 + * work which got its smarts from Daniel J. Bernstein's work on the same. */ + +#include + +#if defined(OPENSSL_64_BIT) && !defined(OPENSSL_WINDOWS) + +#include +#include +#include +#include +#include + +#include + +#include "internal.h" + + +typedef uint8_t u8; +typedef uint64_t u64; +typedef int64_t s64; +typedef __uint128_t uint128_t; +typedef __int128_t int128_t; + +/* The underlying field. P256 operates over GF(2^256-2^224+2^192+2^96-1). We + * can serialise an element of this field into 32 bytes. We call this an + * felem_bytearray. */ +typedef u8 felem_bytearray[32]; + +/* These are the parameters of P256, taken from FIPS 186-3, page 86. These + * values are big-endian. */ +static const felem_bytearray nistp256_curve_params[5] = { + {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, /* a = -3 */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xfc}, /* b */ + {0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7, 0xb3, 0xeb, 0xbd, 0x55, + 0x76, 0x98, 0x86, 0xbc, 0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6, + 0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b}, + {0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, /* x */ + 0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, + 0x2d, 0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96}, + {0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, /* y */ + 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, + 0x6b, 0x31, 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5}}; + +/* The representation of field elements. + * ------------------------------------ + * + * We represent field elements with either four 128-bit values, eight 128-bit + * values, or four 64-bit values. The field element represented is: + * v[0]*2^0 + v[1]*2^64 + v[2]*2^128 + v[3]*2^192 (mod p) + * or: + * v[0]*2^0 + v[1]*2^64 + v[2]*2^128 + ... + v[8]*2^512 (mod p) + * + * 128-bit values are called 'limbs'. Since the limbs are spaced only 64 bits + * apart, but are 128-bits wide, the most significant bits of each limb overlap + * with the least significant bits of the next. + * + * A field element with four limbs is an 'felem'. One with eight limbs is a + * 'longfelem' + * + * A field element with four, 64-bit values is called a 'smallfelem'. Small + * values are used as intermediate values before multiplication. */ + +#define NLIMBS 4 + +typedef uint128_t limb; +typedef limb felem[NLIMBS]; +typedef limb longfelem[NLIMBS * 2]; +typedef u64 smallfelem[NLIMBS]; + +/* This is the value of the prime as four 64-bit words, little-endian. */ +static const u64 kPrime[4] = {0xfffffffffffffffful, 0xffffffff, 0, + 0xffffffff00000001ul}; +static const u64 bottom63bits = 0x7ffffffffffffffful; + +/* bin32_to_felem takes a little-endian byte array and converts it into felem + * form. This assumes that the CPU is little-endian. */ +static void bin32_to_felem(felem out, const u8 in[32]) { + out[0] = *((u64 *)&in[0]); + out[1] = *((u64 *)&in[8]); + out[2] = *((u64 *)&in[16]); + out[3] = *((u64 *)&in[24]); +} + +/* smallfelem_to_bin32 takes a smallfelem and serialises into a little endian, + * 32 byte array. This assumes that the CPU is little-endian. */ +static void smallfelem_to_bin32(u8 out[32], const smallfelem in) { + *((u64 *)&out[0]) = in[0]; + *((u64 *)&out[8]) = in[1]; + *((u64 *)&out[16]) = in[2]; + *((u64 *)&out[24]) = in[3]; +} + +/* To preserve endianness when using BN_bn2bin and BN_bin2bn. */ +static void flip_endian(u8 *out, const u8 *in, unsigned len) { + unsigned i; + for (i = 0; i < len; ++i) { + out[i] = in[len - 1 - i]; + } +} + +/* BN_to_felem converts an OpenSSL BIGNUM into an felem. */ +static int BN_to_felem(felem out, const BIGNUM *bn) { + if (BN_is_negative(bn)) { + OPENSSL_PUT_ERROR(EC, BN_to_felem, EC_R_BIGNUM_OUT_OF_RANGE); + return 0; + } + + felem_bytearray b_out; + /* BN_bn2bin eats leading zeroes */ + memset(b_out, 0, sizeof(b_out)); + unsigned num_bytes = BN_num_bytes(bn); + if (num_bytes > sizeof(b_out)) { + OPENSSL_PUT_ERROR(EC, BN_to_felem, EC_R_BIGNUM_OUT_OF_RANGE); + return 0; + } + + felem_bytearray b_in; + num_bytes = BN_bn2bin(bn, b_in); + flip_endian(b_out, b_in, num_bytes); + bin32_to_felem(out, b_out); + return 1; +} + +/* felem_to_BN converts an felem into an OpenSSL BIGNUM. */ +static BIGNUM *smallfelem_to_BN(BIGNUM *out, const smallfelem in) { + felem_bytearray b_in, b_out; + smallfelem_to_bin32(b_in, in); + flip_endian(b_out, b_in, sizeof(b_out)); + return BN_bin2bn(b_out, sizeof(b_out), out); +} + +/* Field operations. */ + +static void smallfelem_one(smallfelem out) { + out[0] = 1; + out[1] = 0; + out[2] = 0; + out[3] = 0; +} + +static void smallfelem_assign(smallfelem out, const smallfelem in) { + out[0] = in[0]; + out[1] = in[1]; + out[2] = in[2]; + out[3] = in[3]; +} + +static void felem_assign(felem out, const felem in) { + out[0] = in[0]; + out[1] = in[1]; + out[2] = in[2]; + out[3] = in[3]; +} + +/* felem_sum sets out = out + in. */ +static void felem_sum(felem out, const felem in) { + out[0] += in[0]; + out[1] += in[1]; + out[2] += in[2]; + out[3] += in[3]; +} + +/* felem_small_sum sets out = out + in. */ +static void felem_small_sum(felem out, const smallfelem in) { + out[0] += in[0]; + out[1] += in[1]; + out[2] += in[2]; + out[3] += in[3]; +} + +/* felem_scalar sets out = out * scalar */ +static void felem_scalar(felem out, const u64 scalar) { + out[0] *= scalar; + out[1] *= scalar; + out[2] *= scalar; + out[3] *= scalar; +} + +/* longfelem_scalar sets out = out * scalar */ +static void longfelem_scalar(longfelem out, const u64 scalar) { + out[0] *= scalar; + out[1] *= scalar; + out[2] *= scalar; + out[3] *= scalar; + out[4] *= scalar; + out[5] *= scalar; + out[6] *= scalar; + out[7] *= scalar; +} + +#define two105m41m9 (((limb)1) << 105) - (((limb)1) << 41) - (((limb)1) << 9) +#define two105 (((limb)1) << 105) +#define two105m41p9 (((limb)1) << 105) - (((limb)1) << 41) + (((limb)1) << 9) + +/* zero105 is 0 mod p */ +static const felem zero105 = {two105m41m9, two105, two105m41p9, two105m41p9}; + +/* smallfelem_neg sets |out| to |-small| + * On exit: + * out[i] < out[i] + 2^105 */ +static void smallfelem_neg(felem out, const smallfelem small) { + /* In order to prevent underflow, we subtract from 0 mod p. */ + out[0] = zero105[0] - small[0]; + out[1] = zero105[1] - small[1]; + out[2] = zero105[2] - small[2]; + out[3] = zero105[3] - small[3]; +} + +/* felem_diff subtracts |in| from |out| + * On entry: + * in[i] < 2^104 + * On exit: + * out[i] < out[i] + 2^105. */ +static void felem_diff(felem out, const felem in) { + /* In order to prevent underflow, we add 0 mod p before subtracting. */ + out[0] += zero105[0]; + out[1] += zero105[1]; + out[2] += zero105[2]; + out[3] += zero105[3]; + + out[0] -= in[0]; + out[1] -= in[1]; + out[2] -= in[2]; + out[3] -= in[3]; +} + +#define two107m43m11 (((limb)1) << 107) - (((limb)1) << 43) - (((limb)1) << 11) +#define two107 (((limb)1) << 107) +#define two107m43p11 (((limb)1) << 107) - (((limb)1) << 43) + (((limb)1) << 11) + +/* zero107 is 0 mod p */ +static const felem zero107 = {two107m43m11, two107, two107m43p11, two107m43p11}; + +/* An alternative felem_diff for larger inputs |in| + * felem_diff_zero107 subtracts |in| from |out| + * On entry: + * in[i] < 2^106 + * On exit: + * out[i] < out[i] + 2^107. */ +static void felem_diff_zero107(felem out, const felem in) { + /* In order to prevent underflow, we add 0 mod p before subtracting. */ + out[0] += zero107[0]; + out[1] += zero107[1]; + out[2] += zero107[2]; + out[3] += zero107[3]; + + out[0] -= in[0]; + out[1] -= in[1]; + out[2] -= in[2]; + out[3] -= in[3]; +} + +/* longfelem_diff subtracts |in| from |out| + * On entry: + * in[i] < 7*2^67 + * On exit: + * out[i] < out[i] + 2^70 + 2^40. */ +static void longfelem_diff(longfelem out, const longfelem in) { + static const limb two70m8p6 = + (((limb)1) << 70) - (((limb)1) << 8) + (((limb)1) << 6); + static const limb two70p40 = (((limb)1) << 70) + (((limb)1) << 40); + static const limb two70 = (((limb)1) << 70); + static const limb two70m40m38p6 = (((limb)1) << 70) - (((limb)1) << 40) - + (((limb)1) << 38) + (((limb)1) << 6); + static const limb two70m6 = (((limb)1) << 70) - (((limb)1) << 6); + + /* add 0 mod p to avoid underflow */ + out[0] += two70m8p6; + out[1] += two70p40; + out[2] += two70; + out[3] += two70m40m38p6; + out[4] += two70m6; + out[5] += two70m6; + out[6] += two70m6; + out[7] += two70m6; + + /* in[i] < 7*2^67 < 2^70 - 2^40 - 2^38 + 2^6 */ + out[0] -= in[0]; + out[1] -= in[1]; + out[2] -= in[2]; + out[3] -= in[3]; + out[4] -= in[4]; + out[5] -= in[5]; + out[6] -= in[6]; + out[7] -= in[7]; +} + +#define two64m0 (((limb)1) << 64) - 1 +#define two110p32m0 (((limb)1) << 110) + (((limb)1) << 32) - 1 +#define two64m46 (((limb)1) << 64) - (((limb)1) << 46) +#define two64m32 (((limb)1) << 64) - (((limb)1) << 32) + +/* zero110 is 0 mod p. */ +static const felem zero110 = {two64m0, two110p32m0, two64m46, two64m32}; + +/* felem_shrink converts an felem into a smallfelem. The result isn't quite + * minimal as the value may be greater than p. + * + * On entry: + * in[i] < 2^109 + * On exit: + * out[i] < 2^64. */ +static void felem_shrink(smallfelem out, const felem in) { + felem tmp; + u64 a, b, mask; + s64 high, low; + static const u64 kPrime3Test = 0x7fffffff00000001ul; /* 2^63 - 2^32 + 1 */ + + /* Carry 2->3 */ + tmp[3] = zero110[3] + in[3] + ((u64)(in[2] >> 64)); + /* tmp[3] < 2^110 */ + + tmp[2] = zero110[2] + (u64)in[2]; + tmp[0] = zero110[0] + in[0]; + tmp[1] = zero110[1] + in[1]; + /* tmp[0] < 2**110, tmp[1] < 2^111, tmp[2] < 2**65 */ + + /* We perform two partial reductions where we eliminate the high-word of + * tmp[3]. We don't update the other words till the end. */ + a = tmp[3] >> 64; /* a < 2^46 */ + tmp[3] = (u64)tmp[3]; + tmp[3] -= a; + tmp[3] += ((limb)a) << 32; + /* tmp[3] < 2^79 */ + + b = a; + a = tmp[3] >> 64; /* a < 2^15 */ + b += a; /* b < 2^46 + 2^15 < 2^47 */ + tmp[3] = (u64)tmp[3]; + tmp[3] -= a; + tmp[3] += ((limb)a) << 32; + /* tmp[3] < 2^64 + 2^47 */ + + /* This adjusts the other two words to complete the two partial + * reductions. */ + tmp[0] += b; + tmp[1] -= (((limb)b) << 32); + + /* In order to make space in tmp[3] for the carry from 2 -> 3, we + * conditionally subtract kPrime if tmp[3] is large enough. */ + high = tmp[3] >> 64; + /* As tmp[3] < 2^65, high is either 1 or 0 */ + high <<= 63; + high >>= 63; + /* high is: + * all ones if the high word of tmp[3] is 1 + * all zeros if the high word of tmp[3] if 0 */ + low = tmp[3]; + mask = low >> 63; + /* mask is: + * all ones if the MSB of low is 1 + * all zeros if the MSB of low if 0 */ + low &= bottom63bits; + low -= kPrime3Test; + /* if low was greater than kPrime3Test then the MSB is zero */ + low = ~low; + low >>= 63; + /* low is: + * all ones if low was > kPrime3Test + * all zeros if low was <= kPrime3Test */ + mask = (mask & low) | high; + tmp[0] -= mask & kPrime[0]; + tmp[1] -= mask & kPrime[1]; + /* kPrime[2] is zero, so omitted */ + tmp[3] -= mask & kPrime[3]; + /* tmp[3] < 2**64 - 2**32 + 1 */ + + tmp[1] += ((u64)(tmp[0] >> 64)); + tmp[0] = (u64)tmp[0]; + tmp[2] += ((u64)(tmp[1] >> 64)); + tmp[1] = (u64)tmp[1]; + tmp[3] += ((u64)(tmp[2] >> 64)); + tmp[2] = (u64)tmp[2]; + /* tmp[i] < 2^64 */ + + out[0] = tmp[0]; + out[1] = tmp[1]; + out[2] = tmp[2]; + out[3] = tmp[3]; +} + +/* smallfelem_expand converts a smallfelem to an felem */ +static void smallfelem_expand(felem out, const smallfelem in) { + out[0] = in[0]; + out[1] = in[1]; + out[2] = in[2]; + out[3] = in[3]; +} + +/* smallfelem_square sets |out| = |small|^2 + * On entry: + * small[i] < 2^64 + * On exit: + * out[i] < 7 * 2^64 < 2^67 */ +static void smallfelem_square(longfelem out, const smallfelem small) { + limb a; + u64 high, low; + + a = ((uint128_t)small[0]) * small[0]; + low = a; + high = a >> 64; + out[0] = low; + out[1] = high; + + a = ((uint128_t)small[0]) * small[1]; + low = a; + high = a >> 64; + out[1] += low; + out[1] += low; + out[2] = high; + + a = ((uint128_t)small[0]) * small[2]; + low = a; + high = a >> 64; + out[2] += low; + out[2] *= 2; + out[3] = high; + + a = ((uint128_t)small[0]) * small[3]; + low = a; + high = a >> 64; + out[3] += low; + out[4] = high; + + a = ((uint128_t)small[1]) * small[2]; + low = a; + high = a >> 64; + out[3] += low; + out[3] *= 2; + out[4] += high; + + a = ((uint128_t)small[1]) * small[1]; + low = a; + high = a >> 64; + out[2] += low; + out[3] += high; + + a = ((uint128_t)small[1]) * small[3]; + low = a; + high = a >> 64; + out[4] += low; + out[4] *= 2; + out[5] = high; + + a = ((uint128_t)small[2]) * small[3]; + low = a; + high = a >> 64; + out[5] += low; + out[5] *= 2; + out[6] = high; + out[6] += high; + + a = ((uint128_t)small[2]) * small[2]; + low = a; + high = a >> 64; + out[4] += low; + out[5] += high; + + a = ((uint128_t)small[3]) * small[3]; + low = a; + high = a >> 64; + out[6] += low; + out[7] = high; +} + +/*felem_square sets |out| = |in|^2 + * On entry: + * in[i] < 2^109 + * On exit: + * out[i] < 7 * 2^64 < 2^67. */ +static void felem_square(longfelem out, const felem in) { + u64 small[4]; + felem_shrink(small, in); + smallfelem_square(out, small); +} + +/* smallfelem_mul sets |out| = |small1| * |small2| + * On entry: + * small1[i] < 2^64 + * small2[i] < 2^64 + * On exit: + * out[i] < 7 * 2^64 < 2^67. */ +static void smallfelem_mul(longfelem out, const smallfelem small1, + const smallfelem small2) { + limb a; + u64 high, low; + + a = ((uint128_t)small1[0]) * small2[0]; + low = a; + high = a >> 64; + out[0] = low; + out[1] = high; + + a = ((uint128_t)small1[0]) * small2[1]; + low = a; + high = a >> 64; + out[1] += low; + out[2] = high; + + a = ((uint128_t)small1[1]) * small2[0]; + low = a; + high = a >> 64; + out[1] += low; + out[2] += high; + + a = ((uint128_t)small1[0]) * small2[2]; + low = a; + high = a >> 64; + out[2] += low; + out[3] = high; + + a = ((uint128_t)small1[1]) * small2[1]; + low = a; + high = a >> 64; + out[2] += low; + out[3] += high; + + a = ((uint128_t)small1[2]) * small2[0]; + low = a; + high = a >> 64; + out[2] += low; + out[3] += high; + + a = ((uint128_t)small1[0]) * small2[3]; + low = a; + high = a >> 64; + out[3] += low; + out[4] = high; + + a = ((uint128_t)small1[1]) * small2[2]; + low = a; + high = a >> 64; + out[3] += low; + out[4] += high; + + a = ((uint128_t)small1[2]) * small2[1]; + low = a; + high = a >> 64; + out[3] += low; + out[4] += high; + + a = ((uint128_t)small1[3]) * small2[0]; + low = a; + high = a >> 64; + out[3] += low; + out[4] += high; + + a = ((uint128_t)small1[1]) * small2[3]; + low = a; + high = a >> 64; + out[4] += low; + out[5] = high; + + a = ((uint128_t)small1[2]) * small2[2]; + low = a; + high = a >> 64; + out[4] += low; + out[5] += high; + + a = ((uint128_t)small1[3]) * small2[1]; + low = a; + high = a >> 64; + out[4] += low; + out[5] += high; + + a = ((uint128_t)small1[2]) * small2[3]; + low = a; + high = a >> 64; + out[5] += low; + out[6] = high; + + a = ((uint128_t)small1[3]) * small2[2]; + low = a; + high = a >> 64; + out[5] += low; + out[6] += high; + + a = ((uint128_t)small1[3]) * small2[3]; + low = a; + high = a >> 64; + out[6] += low; + out[7] = high; +} + +/* felem_mul sets |out| = |in1| * |in2| + * On entry: + * in1[i] < 2^109 + * in2[i] < 2^109 + * On exit: + * out[i] < 7 * 2^64 < 2^67 */ +static void felem_mul(longfelem out, const felem in1, const felem in2) { + smallfelem small1, small2; + felem_shrink(small1, in1); + felem_shrink(small2, in2); + smallfelem_mul(out, small1, small2); +} + +/* felem_small_mul sets |out| = |small1| * |in2| + * On entry: + * small1[i] < 2^64 + * in2[i] < 2^109 + * On exit: + * out[i] < 7 * 2^64 < 2^67 */ +static void felem_small_mul(longfelem out, const smallfelem small1, + const felem in2) { + smallfelem small2; + felem_shrink(small2, in2); + smallfelem_mul(out, small1, small2); +} + +#define two100m36m4 (((limb)1) << 100) - (((limb)1) << 36) - (((limb)1) << 4) +#define two100 (((limb)1) << 100) +#define two100m36p4 (((limb)1) << 100) - (((limb)1) << 36) + (((limb)1) << 4) + +/* zero100 is 0 mod p */ +static const felem zero100 = {two100m36m4, two100, two100m36p4, two100m36p4}; + +/* Internal function for the different flavours of felem_reduce. + * felem_reduce_ reduces the higher coefficients in[4]-in[7]. + * On entry: + * out[0] >= in[6] + 2^32*in[6] + in[7] + 2^32*in[7] + * out[1] >= in[7] + 2^32*in[4] + * out[2] >= in[5] + 2^32*in[5] + * out[3] >= in[4] + 2^32*in[5] + 2^32*in[6] + * On exit: + * out[0] <= out[0] + in[4] + 2^32*in[5] + * out[1] <= out[1] + in[5] + 2^33*in[6] + * out[2] <= out[2] + in[7] + 2*in[6] + 2^33*in[7] + * out[3] <= out[3] + 2^32*in[4] + 3*in[7] */ +static void felem_reduce_(felem out, const longfelem in) { + int128_t c; + /* combine common terms from below */ + c = in[4] + (in[5] << 32); + out[0] += c; + out[3] -= c; + + c = in[5] - in[7]; + out[1] += c; + out[2] -= c; + + /* the remaining terms */ + /* 256: [(0,1),(96,-1),(192,-1),(224,1)] */ + out[1] -= (in[4] << 32); + out[3] += (in[4] << 32); + + /* 320: [(32,1),(64,1),(128,-1),(160,-1),(224,-1)] */ + out[2] -= (in[5] << 32); + + /* 384: [(0,-1),(32,-1),(96,2),(128,2),(224,-1)] */ + out[0] -= in[6]; + out[0] -= (in[6] << 32); + out[1] += (in[6] << 33); + out[2] += (in[6] * 2); + out[3] -= (in[6] << 32); + + /* 448: [(0,-1),(32,-1),(64,-1),(128,1),(160,2),(192,3)] */ + out[0] -= in[7]; + out[0] -= (in[7] << 32); + out[2] += (in[7] << 33); + out[3] += (in[7] * 3); +} + +/* felem_reduce converts a longfelem into an felem. + * To be called directly after felem_square or felem_mul. + * On entry: + * in[0] < 2^64, in[1] < 3*2^64, in[2] < 5*2^64, in[3] < 7*2^64 + * in[4] < 7*2^64, in[5] < 5*2^64, in[6] < 3*2^64, in[7] < 2*64 + * On exit: + * out[i] < 2^101 */ +static void felem_reduce(felem out, const longfelem in) { + out[0] = zero100[0] + in[0]; + out[1] = zero100[1] + in[1]; + out[2] = zero100[2] + in[2]; + out[3] = zero100[3] + in[3]; + + felem_reduce_(out, in); + + /* out[0] > 2^100 - 2^36 - 2^4 - 3*2^64 - 3*2^96 - 2^64 - 2^96 > 0 + * out[1] > 2^100 - 2^64 - 7*2^96 > 0 + * out[2] > 2^100 - 2^36 + 2^4 - 5*2^64 - 5*2^96 > 0 + * out[3] > 2^100 - 2^36 + 2^4 - 7*2^64 - 5*2^96 - 3*2^96 > 0 + * + * out[0] < 2^100 + 2^64 + 7*2^64 + 5*2^96 < 2^101 + * out[1] < 2^100 + 3*2^64 + 5*2^64 + 3*2^97 < 2^101 + * out[2] < 2^100 + 5*2^64 + 2^64 + 3*2^65 + 2^97 < 2^101 + * out[3] < 2^100 + 7*2^64 + 7*2^96 + 3*2^64 < 2^101 */ +} + +/* felem_reduce_zero105 converts a larger longfelem into an felem. + * On entry: + * in[0] < 2^71 + * On exit: + * out[i] < 2^106 */ +static void felem_reduce_zero105(felem out, const longfelem in) { + out[0] = zero105[0] + in[0]; + out[1] = zero105[1] + in[1]; + out[2] = zero105[2] + in[2]; + out[3] = zero105[3] + in[3]; + + felem_reduce_(out, in); + + /* out[0] > 2^105 - 2^41 - 2^9 - 2^71 - 2^103 - 2^71 - 2^103 > 0 + * out[1] > 2^105 - 2^71 - 2^103 > 0 + * out[2] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 > 0 + * out[3] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 - 2^103 > 0 + * + * out[0] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106 + * out[1] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106 + * out[2] < 2^105 + 2^71 + 2^71 + 2^71 + 2^103 < 2^106 + * out[3] < 2^105 + 2^71 + 2^103 + 2^71 < 2^106 */ +} + +/* subtract_u64 sets *result = *result - v and *carry to one if the + * subtraction underflowed. */ +static void subtract_u64(u64 *result, u64 *carry, u64 v) { + uint128_t r = *result; + r -= v; + *carry = (r >> 64) & 1; + *result = (u64)r; +} + +/* felem_contract converts |in| to its unique, minimal representation. On + * entry: in[i] < 2^109. */ +static void felem_contract(smallfelem out, const felem in) { + u64 all_equal_so_far = 0, result = 0; + + felem_shrink(out, in); + /* small is minimal except that the value might be > p */ + + all_equal_so_far--; + /* We are doing a constant time test if out >= kPrime. We need to compare + * each u64, from most-significant to least significant. For each one, if + * all words so far have been equal (m is all ones) then a non-equal + * result is the answer. Otherwise we continue. */ + unsigned i; + for (i = 3; i < 4; i--) { + u64 equal; + uint128_t a = ((uint128_t)kPrime[i]) - out[i]; + /* if out[i] > kPrime[i] then a will underflow and the high 64-bits + * will all be set. */ + result |= all_equal_so_far & ((u64)(a >> 64)); + + /* if kPrime[i] == out[i] then |equal| will be all zeros and the + * decrement will make it all ones. */ + equal = kPrime[i] ^ out[i]; + equal--; + equal &= equal << 32; + equal &= equal << 16; + equal &= equal << 8; + equal &= equal << 4; + equal &= equal << 2; + equal &= equal << 1; + equal = ((s64)equal) >> 63; + + all_equal_so_far &= equal; + } + + /* if all_equal_so_far is still all ones then the two values are equal + * and so out >= kPrime is true. */ + result |= all_equal_so_far; + + /* if out >= kPrime then we subtract kPrime. */ + u64 carry; + subtract_u64(&out[0], &carry, result & kPrime[0]); + subtract_u64(&out[1], &carry, carry); + subtract_u64(&out[2], &carry, carry); + subtract_u64(&out[3], &carry, carry); + + subtract_u64(&out[1], &carry, result & kPrime[1]); + subtract_u64(&out[2], &carry, carry); + subtract_u64(&out[3], &carry, carry); + + subtract_u64(&out[2], &carry, result & kPrime[2]); + subtract_u64(&out[3], &carry, carry); + + subtract_u64(&out[3], &carry, result & kPrime[3]); +} + +static void smallfelem_square_contract(smallfelem out, const smallfelem in) { + longfelem longtmp; + felem tmp; + + smallfelem_square(longtmp, in); + felem_reduce(tmp, longtmp); + felem_contract(out, tmp); +} + +static void smallfelem_mul_contract(smallfelem out, const smallfelem in1, + const smallfelem in2) { + longfelem longtmp; + felem tmp; + + smallfelem_mul(longtmp, in1, in2); + felem_reduce(tmp, longtmp); + felem_contract(out, tmp); +} + +/* felem_is_zero returns a limb with all bits set if |in| == 0 (mod p) and 0 + * otherwise. + * On entry: + * small[i] < 2^64 */ +static limb smallfelem_is_zero(const smallfelem small) { + limb result; + u64 is_p; + + u64 is_zero = small[0] | small[1] | small[2] | small[3]; + is_zero--; + is_zero &= is_zero << 32; + is_zero &= is_zero << 16; + is_zero &= is_zero << 8; + is_zero &= is_zero << 4; + is_zero &= is_zero << 2; + is_zero &= is_zero << 1; + is_zero = ((s64)is_zero) >> 63; + + is_p = (small[0] ^ kPrime[0]) | (small[1] ^ kPrime[1]) | + (small[2] ^ kPrime[2]) | (small[3] ^ kPrime[3]); + is_p--; + is_p &= is_p << 32; + is_p &= is_p << 16; + is_p &= is_p << 8; + is_p &= is_p << 4; + is_p &= is_p << 2; + is_p &= is_p << 1; + is_p = ((s64)is_p) >> 63; + + is_zero |= is_p; + + result = is_zero; + result |= ((limb)is_zero) << 64; + return result; +} + +static int smallfelem_is_zero_int(const smallfelem small) { + return (int)(smallfelem_is_zero(small) & ((limb)1)); +} + +/* felem_inv calculates |out| = |in|^{-1} + * + * Based on Fermat's Little Theorem: + * a^p = a (mod p) + * a^{p-1} = 1 (mod p) + * a^{p-2} = a^{-1} (mod p) */ +static void felem_inv(felem out, const felem in) { + felem ftmp, ftmp2; + /* each e_I will hold |in|^{2^I - 1} */ + felem e2, e4, e8, e16, e32, e64; + longfelem tmp; + unsigned i; + + felem_square(tmp, in); + felem_reduce(ftmp, tmp); /* 2^1 */ + felem_mul(tmp, in, ftmp); + felem_reduce(ftmp, tmp); /* 2^2 - 2^0 */ + felem_assign(e2, ftmp); + felem_square(tmp, ftmp); + felem_reduce(ftmp, tmp); /* 2^3 - 2^1 */ + felem_square(tmp, ftmp); + felem_reduce(ftmp, tmp); /* 2^4 - 2^2 */ + felem_mul(tmp, ftmp, e2); + felem_reduce(ftmp, tmp); /* 2^4 - 2^0 */ + felem_assign(e4, ftmp); + felem_square(tmp, ftmp); + felem_reduce(ftmp, tmp); /* 2^5 - 2^1 */ + felem_square(tmp, ftmp); + felem_reduce(ftmp, tmp); /* 2^6 - 2^2 */ + felem_square(tmp, ftmp); + felem_reduce(ftmp, tmp); /* 2^7 - 2^3 */ + felem_square(tmp, ftmp); + felem_reduce(ftmp, tmp); /* 2^8 - 2^4 */ + felem_mul(tmp, ftmp, e4); + felem_reduce(ftmp, tmp); /* 2^8 - 2^0 */ + felem_assign(e8, ftmp); + for (i = 0; i < 8; i++) { + felem_square(tmp, ftmp); + felem_reduce(ftmp, tmp); + } /* 2^16 - 2^8 */ + felem_mul(tmp, ftmp, e8); + felem_reduce(ftmp, tmp); /* 2^16 - 2^0 */ + felem_assign(e16, ftmp); + for (i = 0; i < 16; i++) { + felem_square(tmp, ftmp); + felem_reduce(ftmp, tmp); + } /* 2^32 - 2^16 */ + felem_mul(tmp, ftmp, e16); + felem_reduce(ftmp, tmp); /* 2^32 - 2^0 */ + felem_assign(e32, ftmp); + for (i = 0; i < 32; i++) { + felem_square(tmp, ftmp); + felem_reduce(ftmp, tmp); + } /* 2^64 - 2^32 */ + felem_assign(e64, ftmp); + felem_mul(tmp, ftmp, in); + felem_reduce(ftmp, tmp); /* 2^64 - 2^32 + 2^0 */ + for (i = 0; i < 192; i++) { + felem_square(tmp, ftmp); + felem_reduce(ftmp, tmp); + } /* 2^256 - 2^224 + 2^192 */ + + felem_mul(tmp, e64, e32); + felem_reduce(ftmp2, tmp); /* 2^64 - 2^0 */ + for (i = 0; i < 16; i++) { + felem_square(tmp, ftmp2); + felem_reduce(ftmp2, tmp); + } /* 2^80 - 2^16 */ + felem_mul(tmp, ftmp2, e16); + felem_reduce(ftmp2, tmp); /* 2^80 - 2^0 */ + for (i = 0; i < 8; i++) { + felem_square(tmp, ftmp2); + felem_reduce(ftmp2, tmp); + } /* 2^88 - 2^8 */ + felem_mul(tmp, ftmp2, e8); + felem_reduce(ftmp2, tmp); /* 2^88 - 2^0 */ + for (i = 0; i < 4; i++) { + felem_square(tmp, ftmp2); + felem_reduce(ftmp2, tmp); + } /* 2^92 - 2^4 */ + felem_mul(tmp, ftmp2, e4); + felem_reduce(ftmp2, tmp); /* 2^92 - 2^0 */ + felem_square(tmp, ftmp2); + felem_reduce(ftmp2, tmp); /* 2^93 - 2^1 */ + felem_square(tmp, ftmp2); + felem_reduce(ftmp2, tmp); /* 2^94 - 2^2 */ + felem_mul(tmp, ftmp2, e2); + felem_reduce(ftmp2, tmp); /* 2^94 - 2^0 */ + felem_square(tmp, ftmp2); + felem_reduce(ftmp2, tmp); /* 2^95 - 2^1 */ + felem_square(tmp, ftmp2); + felem_reduce(ftmp2, tmp); /* 2^96 - 2^2 */ + felem_mul(tmp, ftmp2, in); + felem_reduce(ftmp2, tmp); /* 2^96 - 3 */ + + felem_mul(tmp, ftmp2, ftmp); + felem_reduce(out, tmp); /* 2^256 - 2^224 + 2^192 + 2^96 - 3 */ +} + +static void smallfelem_inv_contract(smallfelem out, const smallfelem in) { + felem tmp; + + smallfelem_expand(tmp, in); + felem_inv(tmp, tmp); + felem_contract(out, tmp); +} + +/* Group operations + * ---------------- + * + * Building on top of the field operations we have the operations on the + * elliptic curve group itself. Points on the curve are represented in Jacobian + * coordinates. */ + +/* point_double calculates 2*(x_in, y_in, z_in) + * + * The method is taken from: + * http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b + * + * Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed. + * while x_out == y_in is not (maybe this works, but it's not tested). */ +static void point_double(felem x_out, felem y_out, felem z_out, + const felem x_in, const felem y_in, const felem z_in) { + longfelem tmp, tmp2; + felem delta, gamma, beta, alpha, ftmp, ftmp2; + smallfelem small1, small2; + + felem_assign(ftmp, x_in); + /* ftmp[i] < 2^106 */ + felem_assign(ftmp2, x_in); + /* ftmp2[i] < 2^106 */ + + /* delta = z^2 */ + felem_square(tmp, z_in); + felem_reduce(delta, tmp); + /* delta[i] < 2^101 */ + + /* gamma = y^2 */ + felem_square(tmp, y_in); + felem_reduce(gamma, tmp); + /* gamma[i] < 2^101 */ + felem_shrink(small1, gamma); + + /* beta = x*gamma */ + felem_small_mul(tmp, small1, x_in); + felem_reduce(beta, tmp); + /* beta[i] < 2^101 */ + + /* alpha = 3*(x-delta)*(x+delta) */ + felem_diff(ftmp, delta); + /* ftmp[i] < 2^105 + 2^106 < 2^107 */ + felem_sum(ftmp2, delta); + /* ftmp2[i] < 2^105 + 2^106 < 2^107 */ + felem_scalar(ftmp2, 3); + /* ftmp2[i] < 3 * 2^107 < 2^109 */ + felem_mul(tmp, ftmp, ftmp2); + felem_reduce(alpha, tmp); + /* alpha[i] < 2^101 */ + felem_shrink(small2, alpha); + + /* x' = alpha^2 - 8*beta */ + smallfelem_square(tmp, small2); + felem_reduce(x_out, tmp); + felem_assign(ftmp, beta); + felem_scalar(ftmp, 8); + /* ftmp[i] < 8 * 2^101 = 2^104 */ + felem_diff(x_out, ftmp); + /* x_out[i] < 2^105 + 2^101 < 2^106 */ + + /* z' = (y + z)^2 - gamma - delta */ + felem_sum(delta, gamma); + /* delta[i] < 2^101 + 2^101 = 2^102 */ + felem_assign(ftmp, y_in); + felem_sum(ftmp, z_in); + /* ftmp[i] < 2^106 + 2^106 = 2^107 */ + felem_square(tmp, ftmp); + felem_reduce(z_out, tmp); + felem_diff(z_out, delta); + /* z_out[i] < 2^105 + 2^101 < 2^106 */ + + /* y' = alpha*(4*beta - x') - 8*gamma^2 */ + felem_scalar(beta, 4); + /* beta[i] < 4 * 2^101 = 2^103 */ + felem_diff_zero107(beta, x_out); + /* beta[i] < 2^107 + 2^103 < 2^108 */ + felem_small_mul(tmp, small2, beta); + /* tmp[i] < 7 * 2^64 < 2^67 */ + smallfelem_square(tmp2, small1); + /* tmp2[i] < 7 * 2^64 */ + longfelem_scalar(tmp2, 8); + /* tmp2[i] < 8 * 7 * 2^64 = 7 * 2^67 */ + longfelem_diff(tmp, tmp2); + /* tmp[i] < 2^67 + 2^70 + 2^40 < 2^71 */ + felem_reduce_zero105(y_out, tmp); + /* y_out[i] < 2^106 */ +} + +/* point_double_small is the same as point_double, except that it operates on + * smallfelems. */ +static void point_double_small(smallfelem x_out, smallfelem y_out, + smallfelem z_out, const smallfelem x_in, + const smallfelem y_in, const smallfelem z_in) { + felem felem_x_out, felem_y_out, felem_z_out; + felem felem_x_in, felem_y_in, felem_z_in; + + smallfelem_expand(felem_x_in, x_in); + smallfelem_expand(felem_y_in, y_in); + smallfelem_expand(felem_z_in, z_in); + point_double(felem_x_out, felem_y_out, felem_z_out, felem_x_in, felem_y_in, + felem_z_in); + felem_shrink(x_out, felem_x_out); + felem_shrink(y_out, felem_y_out); + felem_shrink(z_out, felem_z_out); +} + +/* copy_conditional copies in to out iff mask is all ones. */ +static void copy_conditional(felem out, const felem in, limb mask) { + unsigned i; + for (i = 0; i < NLIMBS; ++i) { + const limb tmp = mask & (in[i] ^ out[i]); + out[i] ^= tmp; + } +} + +/* copy_small_conditional copies in to out iff mask is all ones. */ +static void copy_small_conditional(felem out, const smallfelem in, limb mask) { + unsigned i; + const u64 mask64 = mask; + for (i = 0; i < NLIMBS; ++i) { + out[i] = ((limb)(in[i] & mask64)) | (out[i] & ~mask); + } +} + +/* point_add calcuates (x1, y1, z1) + (x2, y2, z2) + * + * The method is taken from: + * http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-2007-bl, + * adapted for mixed addition (z2 = 1, or z2 = 0 for the point at infinity). + * + * This function includes a branch for checking whether the two input points + * are equal, (while not equal to the point at infinity). This case never + * happens during single point multiplication, so there is no timing leak for + * ECDH or ECDSA signing. */ +static void point_add(felem x3, felem y3, felem z3, const felem x1, + const felem y1, const felem z1, const int mixed, + const smallfelem x2, const smallfelem y2, + const smallfelem z2) { + felem ftmp, ftmp2, ftmp3, ftmp4, ftmp5, ftmp6, x_out, y_out, z_out; + longfelem tmp, tmp2; + smallfelem small1, small2, small3, small4, small5; + limb x_equal, y_equal, z1_is_zero, z2_is_zero; + + felem_shrink(small3, z1); + + z1_is_zero = smallfelem_is_zero(small3); + z2_is_zero = smallfelem_is_zero(z2); + + /* ftmp = z1z1 = z1**2 */ + smallfelem_square(tmp, small3); + felem_reduce(ftmp, tmp); + /* ftmp[i] < 2^101 */ + felem_shrink(small1, ftmp); + + if (!mixed) { + /* ftmp2 = z2z2 = z2**2 */ + smallfelem_square(tmp, z2); + felem_reduce(ftmp2, tmp); + /* ftmp2[i] < 2^101 */ + felem_shrink(small2, ftmp2); + + felem_shrink(small5, x1); + + /* u1 = ftmp3 = x1*z2z2 */ + smallfelem_mul(tmp, small5, small2); + felem_reduce(ftmp3, tmp); + /* ftmp3[i] < 2^101 */ + + /* ftmp5 = z1 + z2 */ + felem_assign(ftmp5, z1); + felem_small_sum(ftmp5, z2); + /* ftmp5[i] < 2^107 */ + + /* ftmp5 = (z1 + z2)**2 - (z1z1 + z2z2) = 2z1z2 */ + felem_square(tmp, ftmp5); + felem_reduce(ftmp5, tmp); + /* ftmp2 = z2z2 + z1z1 */ + felem_sum(ftmp2, ftmp); + /* ftmp2[i] < 2^101 + 2^101 = 2^102 */ + felem_diff(ftmp5, ftmp2); + /* ftmp5[i] < 2^105 + 2^101 < 2^106 */ + + /* ftmp2 = z2 * z2z2 */ + smallfelem_mul(tmp, small2, z2); + felem_reduce(ftmp2, tmp); + + /* s1 = ftmp2 = y1 * z2**3 */ + felem_mul(tmp, y1, ftmp2); + felem_reduce(ftmp6, tmp); + /* ftmp6[i] < 2^101 */ + } else { + /* We'll assume z2 = 1 (special case z2 = 0 is handled later). */ + + /* u1 = ftmp3 = x1*z2z2 */ + felem_assign(ftmp3, x1); + /* ftmp3[i] < 2^106 */ + + /* ftmp5 = 2z1z2 */ + felem_assign(ftmp5, z1); + felem_scalar(ftmp5, 2); + /* ftmp5[i] < 2*2^106 = 2^107 */ + + /* s1 = ftmp2 = y1 * z2**3 */ + felem_assign(ftmp6, y1); + /* ftmp6[i] < 2^106 */ + } + + /* u2 = x2*z1z1 */ + smallfelem_mul(tmp, x2, small1); + felem_reduce(ftmp4, tmp); + + /* h = ftmp4 = u2 - u1 */ + felem_diff_zero107(ftmp4, ftmp3); + /* ftmp4[i] < 2^107 + 2^101 < 2^108 */ + felem_shrink(small4, ftmp4); + + x_equal = smallfelem_is_zero(small4); + + /* z_out = ftmp5 * h */ + felem_small_mul(tmp, small4, ftmp5); + felem_reduce(z_out, tmp); + /* z_out[i] < 2^101 */ + + /* ftmp = z1 * z1z1 */ + smallfelem_mul(tmp, small1, small3); + felem_reduce(ftmp, tmp); + + /* s2 = tmp = y2 * z1**3 */ + felem_small_mul(tmp, y2, ftmp); + felem_reduce(ftmp5, tmp); + + /* r = ftmp5 = (s2 - s1)*2 */ + felem_diff_zero107(ftmp5, ftmp6); + /* ftmp5[i] < 2^107 + 2^107 = 2^108 */ + felem_scalar(ftmp5, 2); + /* ftmp5[i] < 2^109 */ + felem_shrink(small1, ftmp5); + y_equal = smallfelem_is_zero(small1); + + if (x_equal && y_equal && !z1_is_zero && !z2_is_zero) { + point_double(x3, y3, z3, x1, y1, z1); + return; + } + + /* I = ftmp = (2h)**2 */ + felem_assign(ftmp, ftmp4); + felem_scalar(ftmp, 2); + /* ftmp[i] < 2*2^108 = 2^109 */ + felem_square(tmp, ftmp); + felem_reduce(ftmp, tmp); + + /* J = ftmp2 = h * I */ + felem_mul(tmp, ftmp4, ftmp); + felem_reduce(ftmp2, tmp); + + /* V = ftmp4 = U1 * I */ + felem_mul(tmp, ftmp3, ftmp); + felem_reduce(ftmp4, tmp); + + /* x_out = r**2 - J - 2V */ + smallfelem_square(tmp, small1); + felem_reduce(x_out, tmp); + felem_assign(ftmp3, ftmp4); + felem_scalar(ftmp4, 2); + felem_sum(ftmp4, ftmp2); + /* ftmp4[i] < 2*2^101 + 2^101 < 2^103 */ + felem_diff(x_out, ftmp4); + /* x_out[i] < 2^105 + 2^101 */ + + /* y_out = r(V-x_out) - 2 * s1 * J */ + felem_diff_zero107(ftmp3, x_out); + /* ftmp3[i] < 2^107 + 2^101 < 2^108 */ + felem_small_mul(tmp, small1, ftmp3); + felem_mul(tmp2, ftmp6, ftmp2); + longfelem_scalar(tmp2, 2); + /* tmp2[i] < 2*2^67 = 2^68 */ + longfelem_diff(tmp, tmp2); + /* tmp[i] < 2^67 + 2^70 + 2^40 < 2^71 */ + felem_reduce_zero105(y_out, tmp); + /* y_out[i] < 2^106 */ + + copy_small_conditional(x_out, x2, z1_is_zero); + copy_conditional(x_out, x1, z2_is_zero); + copy_small_conditional(y_out, y2, z1_is_zero); + copy_conditional(y_out, y1, z2_is_zero); + copy_small_conditional(z_out, z2, z1_is_zero); + copy_conditional(z_out, z1, z2_is_zero); + felem_assign(x3, x_out); + felem_assign(y3, y_out); + felem_assign(z3, z_out); +} + +/* point_add_small is the same as point_add, except that it operates on + * smallfelems. */ +static void point_add_small(smallfelem x3, smallfelem y3, smallfelem z3, + smallfelem x1, smallfelem y1, smallfelem z1, + smallfelem x2, smallfelem y2, smallfelem z2) { + felem felem_x3, felem_y3, felem_z3; + felem felem_x1, felem_y1, felem_z1; + smallfelem_expand(felem_x1, x1); + smallfelem_expand(felem_y1, y1); + smallfelem_expand(felem_z1, z1); + point_add(felem_x3, felem_y3, felem_z3, felem_x1, felem_y1, felem_z1, 0, x2, + y2, z2); + felem_shrink(x3, felem_x3); + felem_shrink(y3, felem_y3); + felem_shrink(z3, felem_z3); +} + +/* Base point pre computation + * -------------------------- + * + * Two different sorts of precomputed tables are used in the following code. + * Each contain various points on the curve, where each point is three field + * elements (x, y, z). + * + * For the base point table, z is usually 1 (0 for the point at infinity). + * This table has 2 * 16 elements, starting with the following: + * index | bits | point + * ------+---------+------------------------------ + * 0 | 0 0 0 0 | 0G + * 1 | 0 0 0 1 | 1G + * 2 | 0 0 1 0 | 2^64G + * 3 | 0 0 1 1 | (2^64 + 1)G + * 4 | 0 1 0 0 | 2^128G + * 5 | 0 1 0 1 | (2^128 + 1)G + * 6 | 0 1 1 0 | (2^128 + 2^64)G + * 7 | 0 1 1 1 | (2^128 + 2^64 + 1)G + * 8 | 1 0 0 0 | 2^192G + * 9 | 1 0 0 1 | (2^192 + 1)G + * 10 | 1 0 1 0 | (2^192 + 2^64)G + * 11 | 1 0 1 1 | (2^192 + 2^64 + 1)G + * 12 | 1 1 0 0 | (2^192 + 2^128)G + * 13 | 1 1 0 1 | (2^192 + 2^128 + 1)G + * 14 | 1 1 1 0 | (2^192 + 2^128 + 2^64)G + * 15 | 1 1 1 1 | (2^192 + 2^128 + 2^64 + 1)G + * followed by a copy of this with each element multiplied by 2^32. + * + * The reason for this is so that we can clock bits into four different + * locations when doing simple scalar multiplies against the base point, + * and then another four locations using the second 16 elements. + * + * Tables for other points have table[i] = iG for i in 0 .. 16. */ + +/* gmul is the table of precomputed base points */ +static const smallfelem gmul[2][16][3] = { + {{{0, 0, 0, 0}, {0, 0, 0, 0}, {0, 0, 0, 0}}, + {{0xf4a13945d898c296, 0x77037d812deb33a0, 0xf8bce6e563a440f2, + 0x6b17d1f2e12c4247}, + {0xcbb6406837bf51f5, 0x2bce33576b315ece, 0x8ee7eb4a7c0f9e16, + 0x4fe342e2fe1a7f9b}, + {1, 0, 0, 0}}, + {{0x90e75cb48e14db63, 0x29493baaad651f7e, 0x8492592e326e25de, + 0x0fa822bc2811aaa5}, + {0xe41124545f462ee7, 0x34b1a65050fe82f5, 0x6f4ad4bcb3df188b, + 0xbff44ae8f5dba80d}, + {1, 0, 0, 0}}, + {{0x93391ce2097992af, 0xe96c98fd0d35f1fa, 0xb257c0de95e02789, + 0x300a4bbc89d6726f}, + {0xaa54a291c08127a0, 0x5bb1eeada9d806a5, 0x7f1ddb25ff1e3c6f, + 0x72aac7e0d09b4644}, + {1, 0, 0, 0}}, + {{0x57c84fc9d789bd85, 0xfc35ff7dc297eac3, 0xfb982fd588c6766e, + 0x447d739beedb5e67}, + {0x0c7e33c972e25b32, 0x3d349b95a7fae500, 0xe12e9d953a4aaff7, + 0x2d4825ab834131ee}, + {1, 0, 0, 0}}, + {{0x13949c932a1d367f, 0xef7fbd2b1a0a11b7, 0xddc6068bb91dfc60, + 0xef9519328a9c72ff}, + {0x196035a77376d8a8, 0x23183b0895ca1740, 0xc1ee9807022c219c, + 0x611e9fc37dbb2c9b}, + {1, 0, 0, 0}}, + {{0xcae2b1920b57f4bc, 0x2936df5ec6c9bc36, 0x7dea6482e11238bf, + 0x550663797b51f5d8}, + {0x44ffe216348a964c, 0x9fb3d576dbdefbe1, 0x0afa40018d9d50e5, + 0x157164848aecb851}, + {1, 0, 0, 0}}, + {{0xe48ecafffc5cde01, 0x7ccd84e70d715f26, 0xa2e8f483f43e4391, + 0xeb5d7745b21141ea}, + {0xcac917e2731a3479, 0x85f22cfe2844b645, 0x0990e6a158006cee, + 0xeafd72ebdbecc17b}, + {1, 0, 0, 0}}, + {{0x6cf20ffb313728be, 0x96439591a3c6b94a, 0x2736ff8344315fc5, + 0xa6d39677a7849276}, + {0xf2bab833c357f5f4, 0x824a920c2284059b, 0x66b8babd2d27ecdf, + 0x674f84749b0b8816}, + {1, 0, 0, 0}}, + {{0x2df48c04677c8a3e, 0x74e02f080203a56b, 0x31855f7db8c7fedb, + 0x4e769e7672c9ddad}, + {0xa4c36165b824bbb0, 0xfb9ae16f3b9122a5, 0x1ec0057206947281, + 0x42b99082de830663}, + {1, 0, 0, 0}}, + {{0x6ef95150dda868b9, 0xd1f89e799c0ce131, 0x7fdc1ca008a1c478, + 0x78878ef61c6ce04d}, + {0x9c62b9121fe0d976, 0x6ace570ebde08d4f, 0xde53142c12309def, + 0xb6cb3f5d7b72c321}, + {1, 0, 0, 0}}, + {{0x7f991ed2c31a3573, 0x5b82dd5bd54fb496, 0x595c5220812ffcae, + 0x0c88bc4d716b1287}, + {0x3a57bf635f48aca8, 0x7c8181f4df2564f3, 0x18d1b5b39c04e6aa, + 0xdd5ddea3f3901dc6}, + {1, 0, 0, 0}}, + {{0xe96a79fb3e72ad0c, 0x43a0a28c42ba792f, 0xefe0a423083e49f3, + 0x68f344af6b317466}, + {0xcdfe17db3fb24d4a, 0x668bfc2271f5c626, 0x604ed93c24d67ff3, + 0x31b9c405f8540a20}, + {1, 0, 0, 0}}, + {{0xd36b4789a2582e7f, 0x0d1a10144ec39c28, 0x663c62c3edbad7a0, + 0x4052bf4b6f461db9}, + {0x235a27c3188d25eb, 0xe724f33999bfcc5b, 0x862be6bd71d70cc8, + 0xfecf4d5190b0fc61}, + {1, 0, 0, 0}}, + {{0x74346c10a1d4cfac, 0xafdf5cc08526a7a4, 0x123202a8f62bff7a, + 0x1eddbae2c802e41a}, + {0x8fa0af2dd603f844, 0x36e06b7e4c701917, 0x0c45f45273db33a0, + 0x43104d86560ebcfc}, + {1, 0, 0, 0}}, + {{0x9615b5110d1d78e5, 0x66b0de3225c4744b, 0x0a4a46fb6aaf363a, + 0xb48e26b484f7a21c}, + {0x06ebb0f621a01b2d, 0xc004e4048b7b0f98, 0x64131bcdfed6f668, + 0xfac015404d4d3dab}, + {1, 0, 0, 0}}}, + {{{0, 0, 0, 0}, {0, 0, 0, 0}, {0, 0, 0, 0}}, + {{0x3a5a9e22185a5943, 0x1ab919365c65dfb6, 0x21656b32262c71da, + 0x7fe36b40af22af89}, + {0xd50d152c699ca101, 0x74b3d5867b8af212, 0x9f09f40407dca6f1, + 0xe697d45825b63624}, + {1, 0, 0, 0}}, + {{0xa84aa9397512218e, 0xe9a521b074ca0141, 0x57880b3a18a2e902, + 0x4a5b506612a677a6}, + {0x0beada7a4c4f3840, 0x626db15419e26d9d, 0xc42604fbe1627d40, + 0xeb13461ceac089f1}, + {1, 0, 0, 0}}, + {{0xf9faed0927a43281, 0x5e52c4144103ecbc, 0xc342967aa815c857, + 0x0781b8291c6a220a}, + {0x5a8343ceeac55f80, 0x88f80eeee54a05e3, 0x97b2a14f12916434, + 0x690cde8df0151593}, + {1, 0, 0, 0}}, + {{0xaee9c75df7f82f2a, 0x9e4c35874afdf43a, 0xf5622df437371326, + 0x8a535f566ec73617}, + {0xc5f9a0ac223094b7, 0xcde533864c8c7669, 0x37e02819085a92bf, + 0x0455c08468b08bd7}, + {1, 0, 0, 0}}, + {{0x0c0a6e2c9477b5d9, 0xf9a4bf62876dc444, 0x5050a949b6cdc279, + 0x06bada7ab77f8276}, + {0xc8b4aed1ea48dac9, 0xdebd8a4b7ea1070f, 0x427d49101366eb70, + 0x5b476dfd0e6cb18a}, + {1, 0, 0, 0}}, + {{0x7c5c3e44278c340a, 0x4d54606812d66f3b, 0x29a751b1ae23c5d8, + 0x3e29864e8a2ec908}, + {0x142d2a6626dbb850, 0xad1744c4765bd780, 0x1f150e68e322d1ed, + 0x239b90ea3dc31e7e}, + {1, 0, 0, 0}}, + {{0x78c416527a53322a, 0x305dde6709776f8e, 0xdbcab759f8862ed4, + 0x820f4dd949f72ff7}, + {0x6cc544a62b5debd4, 0x75be5d937b4e8cc4, 0x1b481b1b215c14d3, + 0x140406ec783a05ec}, + {1, 0, 0, 0}}, + {{0x6a703f10e895df07, 0xfd75f3fa01876bd8, 0xeb5b06e70ce08ffe, + 0x68f6b8542783dfee}, + {0x90c76f8a78712655, 0xcf5293d2f310bf7f, 0xfbc8044dfda45028, + 0xcbe1feba92e40ce6}, + {1, 0, 0, 0}}, + {{0xe998ceea4396e4c1, 0xfc82ef0b6acea274, 0x230f729f2250e927, + 0xd0b2f94d2f420109}, + {0x4305adddb38d4966, 0x10b838f8624c3b45, 0x7db2636658954e7a, + 0x971459828b0719e5}, + {1, 0, 0, 0}}, + {{0x4bd6b72623369fc9, 0x57f2929e53d0b876, 0xc2d5cba4f2340687, + 0x961610004a866aba}, + {0x49997bcd2e407a5e, 0x69ab197d92ddcb24, 0x2cf1f2438fe5131c, + 0x7acb9fadcee75e44}, + {1, 0, 0, 0}}, + {{0x254e839423d2d4c0, 0xf57f0c917aea685b, 0xa60d880f6f75aaea, + 0x24eb9acca333bf5b}, + {0xe3de4ccb1cda5dea, 0xfeef9341c51a6b4f, 0x743125f88bac4c4d, + 0x69f891c5acd079cc}, + {1, 0, 0, 0}}, + {{0xeee44b35702476b5, 0x7ed031a0e45c2258, 0xb422d1e7bd6f8514, + 0xe51f547c5972a107}, + {0xa25bcd6fc9cf343d, 0x8ca922ee097c184e, 0xa62f98b3a9fe9a06, + 0x1c309a2b25bb1387}, + {1, 0, 0, 0}}, + {{0x9295dbeb1967c459, 0xb00148833472c98e, 0xc504977708011828, + 0x20b87b8aa2c4e503}, + {0x3063175de057c277, 0x1bd539338fe582dd, 0x0d11adef5f69a044, + 0xf5c6fa49919776be}, + {1, 0, 0, 0}}, + {{0x8c944e760fd59e11, 0x3876cba1102fad5f, 0xa454c3fad83faa56, + 0x1ed7d1b9332010b9}, + {0xa1011a270024b889, 0x05e4d0dcac0cd344, 0x52b520f0eb6a2a24, + 0x3a2b03f03217257a}, + {1, 0, 0, 0}}, + {{0xf20fc2afdf1d043d, 0xf330240db58d5a62, 0xfc7d229ca0058c3b, + 0x15fee545c78dd9f6}, + {0x501e82885bc98cda, 0x41ef80e5d046ac04, 0x557d9f49461210fb, + 0x4ab5b6b2b8753f81}, + {1, 0, 0, 0}}}}; + +/* select_point selects the |idx|th point from a precomputation table and + * copies it to out. */ +static void select_point(const u64 idx, unsigned int size, + const smallfelem pre_comp[16][3], smallfelem out[3]) { + unsigned i, j; + u64 *outlimbs = &out[0][0]; + memset(outlimbs, 0, 3 * sizeof(smallfelem)); + + for (i = 0; i < size; i++) { + const u64 *inlimbs = (u64 *)&pre_comp[i][0][0]; + u64 mask = i ^ idx; + mask |= mask >> 4; + mask |= mask >> 2; + mask |= mask >> 1; + mask &= 1; + mask--; + for (j = 0; j < NLIMBS * 3; j++) { + outlimbs[j] |= inlimbs[j] & mask; + } + } +} + +/* get_bit returns the |i|th bit in |in| */ +static char get_bit(const felem_bytearray in, int i) { + if (i < 0 || i >= 256) { + return 0; + } + return (in[i >> 3] >> (i & 7)) & 1; +} + +/* Interleaved point multiplication using precomputed point multiples: The + * small point multiples 0*P, 1*P, ..., 17*P are in pre_comp[], the scalars + * in scalars[]. If g_scalar is non-NULL, we also add this multiple of the + * generator, using certain (large) precomputed multiples in g_pre_comp. + * Output point (X, Y, Z) is stored in x_out, y_out, z_out. */ +static void batch_mul(felem x_out, felem y_out, felem z_out, + const felem_bytearray scalars[], + const unsigned num_points, const u8 *g_scalar, + const int mixed, const smallfelem pre_comp[][17][3], + const smallfelem g_pre_comp[2][16][3]) { + int i, skip; + unsigned num, gen_mul = (g_scalar != NULL); + felem nq[3], ftmp; + smallfelem tmp[3]; + u64 bits; + u8 sign, digit; + + /* set nq to the point at infinity */ + memset(nq, 0, 3 * sizeof(felem)); + + /* Loop over all scalars msb-to-lsb, interleaving additions of multiples + * of the generator (two in each of the last 32 rounds) and additions of + * other points multiples (every 5th round). */ + + skip = 1; /* save two point operations in the first + * round */ + for (i = (num_points ? 255 : 31); i >= 0; --i) { + /* double */ + if (!skip) { + point_double(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2]); + } + + /* add multiples of the generator */ + if (gen_mul && i <= 31) { + /* first, look 32 bits upwards */ + bits = get_bit(g_scalar, i + 224) << 3; + bits |= get_bit(g_scalar, i + 160) << 2; + bits |= get_bit(g_scalar, i + 96) << 1; + bits |= get_bit(g_scalar, i + 32); + /* select the point to add, in constant time */ + select_point(bits, 16, g_pre_comp[1], tmp); + + if (!skip) { + /* Arg 1 below is for "mixed" */ + point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], 1, tmp[0], tmp[1], + tmp[2]); + } else { + smallfelem_expand(nq[0], tmp[0]); + smallfelem_expand(nq[1], tmp[1]); + smallfelem_expand(nq[2], tmp[2]); + skip = 0; + } + + /* second, look at the current position */ + bits = get_bit(g_scalar, i + 192) << 3; + bits |= get_bit(g_scalar, i + 128) << 2; + bits |= get_bit(g_scalar, i + 64) << 1; + bits |= get_bit(g_scalar, i); + /* select the point to add, in constant time */ + select_point(bits, 16, g_pre_comp[0], tmp); + /* Arg 1 below is for "mixed" */ + point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], 1, tmp[0], tmp[1], + tmp[2]); + } + + /* do other additions every 5 doublings */ + if (num_points && (i % 5 == 0)) { + /* loop over all scalars */ + for (num = 0; num < num_points; ++num) { + bits = get_bit(scalars[num], i + 4) << 5; + bits |= get_bit(scalars[num], i + 3) << 4; + bits |= get_bit(scalars[num], i + 2) << 3; + bits |= get_bit(scalars[num], i + 1) << 2; + bits |= get_bit(scalars[num], i) << 1; + bits |= get_bit(scalars[num], i - 1); + ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits); + + /* select the point to add or subtract, in constant time. */ + select_point(digit, 17, pre_comp[num], tmp); + smallfelem_neg(ftmp, tmp[1]); /* (X, -Y, Z) is the negative + * point */ + copy_small_conditional(ftmp, tmp[1], (((limb)sign) - 1)); + felem_contract(tmp[1], ftmp); + + if (!skip) { + point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], mixed, tmp[0], + tmp[1], tmp[2]); + } else { + smallfelem_expand(nq[0], tmp[0]); + smallfelem_expand(nq[1], tmp[1]); + smallfelem_expand(nq[2], tmp[2]); + skip = 0; + } + } + } + } + felem_assign(x_out, nq[0]); + felem_assign(y_out, nq[1]); + felem_assign(z_out, nq[2]); +} + +/* Precomputation for the group generator. */ +typedef struct { + smallfelem g_pre_comp[2][16][3]; + int references; +} NISTP256_PRE_COMP; + +/******************************************************************************/ +/* + * OPENSSL EC_METHOD FUNCTIONS + */ + +int ec_GFp_nistp256_group_init(EC_GROUP *group) { + int ret = ec_GFp_simple_group_init(group); + group->a_is_minus3 = 1; + return ret; +} + +int ec_GFp_nistp256_group_set_curve(EC_GROUP *group, const BIGNUM *p, + const BIGNUM *a, const BIGNUM *b, + BN_CTX *ctx) { + int ret = 0; + BN_CTX *new_ctx = NULL; + BIGNUM *curve_p, *curve_a, *curve_b; + + if (ctx == NULL) { + if ((ctx = new_ctx = BN_CTX_new()) == NULL) { + return 0; + } + } + BN_CTX_start(ctx); + if (((curve_p = BN_CTX_get(ctx)) == NULL) || + ((curve_a = BN_CTX_get(ctx)) == NULL) || + ((curve_b = BN_CTX_get(ctx)) == NULL)) { + goto err; + } + BN_bin2bn(nistp256_curve_params[0], sizeof(felem_bytearray), curve_p); + BN_bin2bn(nistp256_curve_params[1], sizeof(felem_bytearray), curve_a); + BN_bin2bn(nistp256_curve_params[2], sizeof(felem_bytearray), curve_b); + if (BN_cmp(curve_p, p) || + BN_cmp(curve_a, a) || + BN_cmp(curve_b, b)) { + OPENSSL_PUT_ERROR(EC, ec_GFp_nistp256_group_set_curve, + EC_R_WRONG_CURVE_PARAMETERS); + goto err; + } + ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx); + +err: + BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + return ret; +} + +/* Takes the Jacobian coordinates (X, Y, Z) of a point and returns (X', Y') = + * (X/Z^2, Y/Z^3). */ +int ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group, + const EC_POINT *point, + BIGNUM *x, BIGNUM *y, + BN_CTX *ctx) { + felem z1, z2, x_in, y_in; + smallfelem x_out, y_out; + longfelem tmp; + + if (EC_POINT_is_at_infinity(group, point)) { + OPENSSL_PUT_ERROR(EC, ec_GFp_nistp256_point_get_affine_coordinates, + EC_R_POINT_AT_INFINITY); + return 0; + } + if (!BN_to_felem(x_in, &point->X) || + !BN_to_felem(y_in, &point->Y) || + !BN_to_felem(z1, &point->Z)) { + return 0; + } + felem_inv(z2, z1); + felem_square(tmp, z2); + felem_reduce(z1, tmp); + felem_mul(tmp, x_in, z1); + felem_reduce(x_in, tmp); + felem_contract(x_out, x_in); + if (x != NULL && !smallfelem_to_BN(x, x_out)) { + OPENSSL_PUT_ERROR(EC, ec_GFp_nistp256_point_get_affine_coordinates, + ERR_R_BN_LIB); + return 0; + } + felem_mul(tmp, z1, z2); + felem_reduce(z1, tmp); + felem_mul(tmp, y_in, z1); + felem_reduce(y_in, tmp); + felem_contract(y_out, y_in); + if (y != NULL && !smallfelem_to_BN(y, y_out)) { + OPENSSL_PUT_ERROR(EC, ec_GFp_nistp256_point_get_affine_coordinates, + ERR_R_BN_LIB); + return 0; + } + return 1; +} + +/* points below is of size |num|, and tmp_smallfelems is of size |num+1| */ +static void make_points_affine(size_t num, smallfelem points[][3], + smallfelem tmp_smallfelems[]) { + /* Runs in constant time, unless an input is the point at infinity (which + * normally shouldn't happen). */ + ec_GFp_nistp_points_make_affine_internal( + num, points, sizeof(smallfelem), tmp_smallfelems, + (void (*)(void *))smallfelem_one, + (int (*)(const void *))smallfelem_is_zero_int, + (void (*)(void *, const void *))smallfelem_assign, + (void (*)(void *, const void *))smallfelem_square_contract, + (void (*)(void *, const void *, const void *))smallfelem_mul_contract, + (void (*)(void *, const void *))smallfelem_inv_contract, + /* nothing to contract */ + (void (*)(void *, const void *))smallfelem_assign); +} + +/* Computes scalar*generator + \sum scalars[i]*points[i], ignoring NULL + * values Result is stored in r (r can equal one of the inputs). */ +int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, + const BIGNUM *scalar, size_t num, + const EC_POINT *points[], + const BIGNUM *scalars[], BN_CTX *ctx) { + int ret = 0; + int j; + int mixed = 0; + BN_CTX *new_ctx = NULL; + BIGNUM *x, *y, *z, *tmp_scalar; + felem_bytearray g_secret; + felem_bytearray *secrets = NULL; + smallfelem(*pre_comp)[17][3] = NULL; + smallfelem *tmp_smallfelems = NULL; + felem_bytearray tmp; + unsigned i, num_bytes; + int have_pre_comp = 0; + size_t num_points = num; + smallfelem x_in, y_in, z_in; + felem x_out, y_out, z_out; + const smallfelem(*g_pre_comp)[16][3] = NULL; + EC_POINT *generator = NULL; + const EC_POINT *p = NULL; + const BIGNUM *p_scalar = NULL; + + if (ctx == NULL) { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) { + return 0; + } + } + + BN_CTX_start(ctx); + if ((x = BN_CTX_get(ctx)) == NULL || + (y = BN_CTX_get(ctx)) == NULL || + (z = BN_CTX_get(ctx)) == NULL || + (tmp_scalar = BN_CTX_get(ctx)) == NULL) { + goto err; + } + + if (scalar != NULL) { + /* try to use the standard precomputation */ + g_pre_comp = &gmul[0]; + generator = EC_POINT_new(group); + if (generator == NULL) { + goto err; + } + /* get the generator from precomputation */ + if (!smallfelem_to_BN(x, g_pre_comp[0][1][0]) || + !smallfelem_to_BN(y, g_pre_comp[0][1][1]) || + !smallfelem_to_BN(z, g_pre_comp[0][1][2])) { + OPENSSL_PUT_ERROR(EC, ec_GFp_nistp256_points_mul, ERR_R_BN_LIB); + goto err; + } + if (!ec_point_set_Jprojective_coordinates_GFp(group, generator, x, y, z, + ctx)) { + goto err; + } + if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) { + /* precomputation matches generator */ + have_pre_comp = 1; + } else { + /* we don't have valid precomputation: treat the generator as a + * random point. */ + num_points++; + } + } + + if (num_points > 0) { + if (num_points >= 3) { + /* unless we precompute multiples for just one or two points, + * converting those into affine form is time well spent */ + mixed = 1; + } + secrets = OPENSSL_malloc(num_points * sizeof(felem_bytearray)); + pre_comp = OPENSSL_malloc(num_points * 17 * 3 * sizeof(smallfelem)); + if (mixed) { + tmp_smallfelems = + OPENSSL_malloc((num_points * 17 + 1) * sizeof(smallfelem)); + } + if (secrets == NULL || pre_comp == NULL || + (mixed && tmp_smallfelems == NULL)) { + OPENSSL_PUT_ERROR(EC, ec_GFp_nistp256_points_mul, ERR_R_MALLOC_FAILURE); + goto err; + } + + /* we treat NULL scalars as 0, and NULL points as points at infinity, + * i.e., they contribute nothing to the linear combination. */ + memset(secrets, 0, num_points * sizeof(felem_bytearray)); + memset(pre_comp, 0, num_points * 17 * 3 * sizeof(smallfelem)); + for (i = 0; i < num_points; ++i) { + if (i == num) { + /* we didn't have a valid precomputation, so we pick the generator. */ + p = EC_GROUP_get0_generator(group); + p_scalar = scalar; + } else { + /* the i^th point */ + p = points[i]; + p_scalar = scalars[i]; + } + if (p_scalar != NULL && p != NULL) { + /* reduce scalar to 0 <= scalar < 2^256 */ + if (BN_num_bits(p_scalar) > 256 || BN_is_negative(p_scalar)) { + /* this is an unusual input, and we don't guarantee + * constant-timeness. */ + if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) { + OPENSSL_PUT_ERROR(EC, ec_GFp_nistp256_points_mul, ERR_R_BN_LIB); + goto err; + } + num_bytes = BN_bn2bin(tmp_scalar, tmp); + } else { + num_bytes = BN_bn2bin(p_scalar, tmp); + } + flip_endian(secrets[i], tmp, num_bytes); + /* precompute multiples */ + if (!BN_to_felem(x_out, &p->X) || + !BN_to_felem(y_out, &p->Y) || + !BN_to_felem(z_out, &p->Z)) { + goto err; + } + felem_shrink(pre_comp[i][1][0], x_out); + felem_shrink(pre_comp[i][1][1], y_out); + felem_shrink(pre_comp[i][1][2], z_out); + for (j = 2; j <= 16; ++j) { + if (j & 1) { + point_add_small(pre_comp[i][j][0], pre_comp[i][j][1], + pre_comp[i][j][2], pre_comp[i][1][0], + pre_comp[i][1][1], pre_comp[i][1][2], + pre_comp[i][j - 1][0], pre_comp[i][j - 1][1], + pre_comp[i][j - 1][2]); + } else { + point_double_small(pre_comp[i][j][0], pre_comp[i][j][1], + pre_comp[i][j][2], pre_comp[i][j / 2][0], + pre_comp[i][j / 2][1], pre_comp[i][j / 2][2]); + } + } + } + } + if (mixed) { + make_points_affine(num_points * 17, pre_comp[0], tmp_smallfelems); + } + } + + /* the scalar for the generator */ + if (scalar != NULL && have_pre_comp) { + memset(g_secret, 0, sizeof(g_secret)); + /* reduce scalar to 0 <= scalar < 2^256 */ + if (BN_num_bits(scalar) > 256 || BN_is_negative(scalar)) { + /* this is an unusual input, and we don't guarantee + * constant-timeness. */ + if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) { + OPENSSL_PUT_ERROR(EC, ec_GFp_nistp256_points_mul, ERR_R_BN_LIB); + goto err; + } + num_bytes = BN_bn2bin(tmp_scalar, tmp); + } else { + num_bytes = BN_bn2bin(scalar, tmp); + } + flip_endian(g_secret, tmp, num_bytes); + /* do the multiplication with generator precomputation */ + batch_mul(x_out, y_out, z_out, (const felem_bytearray(*))secrets, + num_points, g_secret, mixed, (const smallfelem(*)[17][3])pre_comp, + g_pre_comp); + } else { + /* do the multiplication without generator precomputation */ + batch_mul(x_out, y_out, z_out, (const felem_bytearray(*))secrets, + num_points, NULL, mixed, (const smallfelem(*)[17][3])pre_comp, + NULL); + } + + /* reduce the output to its unique minimal representation */ + felem_contract(x_in, x_out); + felem_contract(y_in, y_out); + felem_contract(z_in, z_out); + if (!smallfelem_to_BN(x, x_in) || + !smallfelem_to_BN(y, y_in) || + !smallfelem_to_BN(z, z_in)) { + OPENSSL_PUT_ERROR(EC, ec_GFp_nistp256_points_mul, ERR_R_BN_LIB); + goto err; + } + ret = ec_point_set_Jprojective_coordinates_GFp(group, r, x, y, z, ctx); + +err: + BN_CTX_end(ctx); + EC_POINT_free(generator); + BN_CTX_free(new_ctx); + OPENSSL_free(secrets); + OPENSSL_free(pre_comp); + OPENSSL_free(tmp_smallfelems); + return ret; +} + +const EC_METHOD *EC_GFp_nistp256_method(void) { + static const EC_METHOD ret = { + EC_FLAGS_DEFAULT_OCT, + ec_GFp_nistp256_group_init, + ec_GFp_simple_group_finish, + ec_GFp_simple_group_clear_finish, + ec_GFp_simple_group_copy, ec_GFp_nistp256_group_set_curve, + ec_GFp_simple_group_get_curve, ec_GFp_simple_group_get_degree, + ec_GFp_simple_group_check_discriminant, ec_GFp_simple_point_init, + ec_GFp_simple_point_finish, ec_GFp_simple_point_clear_finish, + ec_GFp_simple_point_copy, ec_GFp_simple_point_set_to_infinity, + ec_GFp_simple_set_Jprojective_coordinates_GFp, + ec_GFp_simple_get_Jprojective_coordinates_GFp, + ec_GFp_simple_point_set_affine_coordinates, + ec_GFp_nistp256_point_get_affine_coordinates, + 0 /* point_set_compressed_coordinates */, 0 /* point2oct */, + 0 /* oct2point */, ec_GFp_simple_add, ec_GFp_simple_dbl, + ec_GFp_simple_invert, ec_GFp_simple_is_at_infinity, + ec_GFp_simple_is_on_curve, ec_GFp_simple_cmp, ec_GFp_simple_make_affine, + ec_GFp_simple_points_make_affine, ec_GFp_nistp256_points_mul, + 0 /* precompute_mult */, 0 /* have_precompute_mult */, + ec_GFp_simple_field_mul, ec_GFp_simple_field_sqr, 0 /* field_div */, + 0 /* field_encode */, 0 /* field_decode */, 0 /* field_set_to_one */ + }; + + return &ret; +} + +#endif /* 64_BIT && !WINDOWS */ diff --git a/src/crypto/ec/simple.c b/src/crypto/ec/simple.c index b3f96fa..69fd2e4 100644 --- a/src/crypto/ec/simple.c +++ b/src/crypto/ec/simple.c @@ -178,47 +178,55 @@ int ec_GFp_simple_group_set_curve(EC_GROUP *group, const BIGNUM *p, if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) + if (ctx == NULL) { return 0; + } } BN_CTX_start(ctx); tmp_a = BN_CTX_get(ctx); - if (tmp_a == NULL) + if (tmp_a == NULL) { goto err; + } /* group->field */ - if (!BN_copy(&group->field, p)) + if (!BN_copy(&group->field, p)) { goto err; + } BN_set_negative(&group->field, 0); /* group->a */ - if (!BN_nnmod(tmp_a, a, p, ctx)) + if (!BN_nnmod(tmp_a, a, p, ctx)) { goto err; + } if (group->meth->field_encode) { - if (!group->meth->field_encode(group, &group->a, tmp_a, ctx)) + if (!group->meth->field_encode(group, &group->a, tmp_a, ctx)) { goto err; - } else if (!BN_copy(&group->a, tmp_a)) + } + } else if (!BN_copy(&group->a, tmp_a)) { goto err; + } /* group->b */ - if (!BN_nnmod(&group->b, b, p, ctx)) + if (!BN_nnmod(&group->b, b, p, ctx)) { goto err; - if (group->meth->field_encode) - if (!group->meth->field_encode(group, &group->b, &group->b, ctx)) - goto err; + } + if (group->meth->field_encode && + !group->meth->field_encode(group, &group->b, &group->b, ctx)) { + goto err; + } /* group->a_is_minus3 */ - if (!BN_add_word(tmp_a, 3)) + if (!BN_add_word(tmp_a, 3)) { goto err; + } group->a_is_minus3 = (0 == BN_cmp(tmp_a, &group->field)); ret = 1; err: BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; } @@ -227,34 +235,30 @@ int ec_GFp_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, int ret = 0; BN_CTX *new_ctx = NULL; - if (p != NULL) { - if (!BN_copy(p, &group->field)) - return 0; + if (p != NULL && !BN_copy(p, &group->field)) { + return 0; } if (a != NULL || b != NULL) { if (group->meth->field_decode) { if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) + if (ctx == NULL) { return 0; + } } - if (a != NULL) { - if (!group->meth->field_decode(group, a, &group->a, ctx)) - goto err; + if (a != NULL && !group->meth->field_decode(group, a, &group->a, ctx)) { + goto err; } - if (b != NULL) { - if (!group->meth->field_decode(group, b, &group->b, ctx)) - goto err; + if (b != NULL && !group->meth->field_decode(group, b, &group->b, ctx)) { + goto err; } } else { - if (a != NULL) { - if (!BN_copy(a, &group->a)) - goto err; + if (a != NULL && !BN_copy(a, &group->a)) { + goto err; } - if (b != NULL) { - if (!BN_copy(b, &group->b)) - goto err; + if (b != NULL && !BN_copy(b, &group->b)) { + goto err; } } } @@ -262,8 +266,7 @@ int ec_GFp_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, ret = 1; err: - if (new_ctx) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; } @@ -291,54 +294,54 @@ int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) { tmp_1 = BN_CTX_get(ctx); tmp_2 = BN_CTX_get(ctx); order = BN_CTX_get(ctx); - if (order == NULL) + if (order == NULL) { goto err; + } if (group->meth->field_decode) { - if (!group->meth->field_decode(group, a, &group->a, ctx)) - goto err; - if (!group->meth->field_decode(group, b, &group->b, ctx)) + if (!group->meth->field_decode(group, a, &group->a, ctx) || + !group->meth->field_decode(group, b, &group->b, ctx)) { goto err; + } } else { - if (!BN_copy(a, &group->a)) - goto err; - if (!BN_copy(b, &group->b)) + if (!BN_copy(a, &group->a) || !BN_copy(b, &group->b)) { goto err; + } } /* check the discriminant: * y^2 = x^3 + a*x + b is an elliptic curve <=> 4*a^3 + 27*b^2 != 0 (mod p) * 0 =< a, b < p */ if (BN_is_zero(a)) { - if (BN_is_zero(b)) + if (BN_is_zero(b)) { goto err; + } } else if (!BN_is_zero(b)) { - if (!BN_mod_sqr(tmp_1, a, p, ctx)) - goto err; - if (!BN_mod_mul(tmp_2, tmp_1, a, p, ctx)) - goto err; - if (!BN_lshift(tmp_1, tmp_2, 2)) + if (!BN_mod_sqr(tmp_1, a, p, ctx) || + !BN_mod_mul(tmp_2, tmp_1, a, p, ctx) || + !BN_lshift(tmp_1, tmp_2, 2)) { goto err; + } /* tmp_1 = 4*a^3 */ - if (!BN_mod_sqr(tmp_2, b, p, ctx)) - goto err; - if (!BN_mul_word(tmp_2, 27)) + if (!BN_mod_sqr(tmp_2, b, p, ctx) || + !BN_mul_word(tmp_2, 27)) { goto err; + } /* tmp_2 = 27*b^2 */ - if (!BN_mod_add(a, tmp_1, tmp_2, p, ctx)) - goto err; - if (BN_is_zero(a)) + if (!BN_mod_add(a, tmp_1, tmp_2, p, ctx) || + BN_is_zero(a)) { goto err; + } } ret = 1; err: - if (ctx != NULL) + if (ctx != NULL) { BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + } + BN_CTX_free(new_ctx); return ret; } @@ -365,12 +368,11 @@ void ec_GFp_simple_point_clear_finish(EC_POINT *point) { } int ec_GFp_simple_point_copy(EC_POINT *dest, const EC_POINT *src) { - if (!BN_copy(&dest->X, &src->X)) - return 0; - if (!BN_copy(&dest->Y, &src->Y)) - return 0; - if (!BN_copy(&dest->Z, &src->Z)) + if (!BN_copy(&dest->X, &src->X) || + !BN_copy(&dest->Y, &src->Y) || + !BN_copy(&dest->Z, &src->Z)) { return 0; + } dest->Z_is_one = src->Z_is_one; return 1; @@ -391,41 +393,45 @@ int ec_GFp_simple_set_Jprojective_coordinates_GFp( if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) + if (ctx == NULL) { return 0; + } } if (x != NULL) { - if (!BN_nnmod(&point->X, x, &group->field, ctx)) + if (!BN_nnmod(&point->X, x, &group->field, ctx)) { + goto err; + } + if (group->meth->field_encode && + !group->meth->field_encode(group, &point->X, &point->X, ctx)) { goto err; - if (group->meth->field_encode) { - if (!group->meth->field_encode(group, &point->X, &point->X, ctx)) - goto err; } } if (y != NULL) { - if (!BN_nnmod(&point->Y, y, &group->field, ctx)) + if (!BN_nnmod(&point->Y, y, &group->field, ctx)) { + goto err; + } + if (group->meth->field_encode && + !group->meth->field_encode(group, &point->Y, &point->Y, ctx)) { goto err; - if (group->meth->field_encode) { - if (!group->meth->field_encode(group, &point->Y, &point->Y, ctx)) - goto err; } } if (z != NULL) { int Z_is_one; - if (!BN_nnmod(&point->Z, z, &group->field, ctx)) + if (!BN_nnmod(&point->Z, z, &group->field, ctx)) { goto err; + } Z_is_one = BN_is_one(&point->Z); if (group->meth->field_encode) { if (Z_is_one && (group->meth->field_set_to_one != 0)) { - if (!group->meth->field_set_to_one(group, &point->Z, ctx)) - goto err; - } else { - if (!group->meth->field_encode(group, &point->Z, &point->Z, ctx)) + if (!group->meth->field_set_to_one(group, &point->Z, ctx)) { goto err; + } + } else if (!group->meth->field_encode(group, &point->Z, &point->Z, ctx)) { + goto err; } } point->Z_is_one = Z_is_one; @@ -434,8 +440,7 @@ int ec_GFp_simple_set_Jprojective_coordinates_GFp( ret = 1; err: - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; } @@ -449,42 +454,36 @@ int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *group, if (group->meth->field_decode != 0) { if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) + if (ctx == NULL) { return 0; + } } - if (x != NULL) { - if (!group->meth->field_decode(group, x, &point->X, ctx)) - goto err; + if (x != NULL && !group->meth->field_decode(group, x, &point->X, ctx)) { + goto err; } - if (y != NULL) { - if (!group->meth->field_decode(group, y, &point->Y, ctx)) - goto err; + if (y != NULL && !group->meth->field_decode(group, y, &point->Y, ctx)) { + goto err; } - if (z != NULL) { - if (!group->meth->field_decode(group, z, &point->Z, ctx)) - goto err; + if (z != NULL && !group->meth->field_decode(group, z, &point->Z, ctx)) { + goto err; } } else { - if (x != NULL) { - if (!BN_copy(x, &point->X)) - goto err; + if (x != NULL && !BN_copy(x, &point->X)) { + goto err; } - if (y != NULL) { - if (!BN_copy(y, &point->Y)) - goto err; + if (y != NULL && !BN_copy(y, &point->Y)) { + goto err; } - if (z != NULL) { - if (!BN_copy(z, &point->Z)) - goto err; + if (z != NULL && !BN_copy(z, &point->Z)) { + goto err; } } ret = 1; err: - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; } @@ -518,8 +517,9 @@ int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) + if (ctx == NULL) { return 0; + } } BN_CTX_start(ctx); @@ -527,14 +527,16 @@ int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, Z_1 = BN_CTX_get(ctx); Z_2 = BN_CTX_get(ctx); Z_3 = BN_CTX_get(ctx); - if (Z_3 == NULL) + if (Z_3 == NULL) { goto err; + } /* transform (X, Y, Z) into (x, y) := (X/Z^2, Y/Z^3) */ if (group->meth->field_decode) { - if (!group->meth->field_decode(group, Z, &point->Z, ctx)) + if (!group->meth->field_decode(group, Z, &point->Z, ctx)) { goto err; + } Z_ = Z; } else { Z_ = &point->Z; @@ -542,22 +544,18 @@ int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, if (BN_is_one(Z_)) { if (group->meth->field_decode) { - if (x != NULL) { - if (!group->meth->field_decode(group, x, &point->X, ctx)) - goto err; + if (x != NULL && !group->meth->field_decode(group, x, &point->X, ctx)) { + goto err; } - if (y != NULL) { - if (!group->meth->field_decode(group, y, &point->Y, ctx)) - goto err; + if (y != NULL && !group->meth->field_decode(group, y, &point->Y, ctx)) { + goto err; } } else { - if (x != NULL) { - if (!BN_copy(x, &point->X)) - goto err; + if (x != NULL && !BN_copy(x, &point->X)) { + goto err; } - if (y != NULL) { - if (!BN_copy(y, &point->Y)) - goto err; + if (y != NULL && !BN_copy(y, &point->Y)) { + goto err; } } } else { @@ -569,34 +567,34 @@ int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, if (group->meth->field_encode == 0) { /* field_sqr works on standard representation */ - if (!group->meth->field_sqr(group, Z_2, Z_1, ctx)) - goto err; - } else { - if (!BN_mod_sqr(Z_2, Z_1, &group->field, ctx)) + if (!group->meth->field_sqr(group, Z_2, Z_1, ctx)) { goto err; + } + } else if (!BN_mod_sqr(Z_2, Z_1, &group->field, ctx)) { + goto err; } - if (x != NULL) { - /* in the Montgomery case, field_mul will cancel out Montgomery factor in - * X: */ - if (!group->meth->field_mul(group, x, &point->X, Z_2, ctx)) - goto err; + /* in the Montgomery case, field_mul will cancel out Montgomery factor in + * X: */ + if (x != NULL && !group->meth->field_mul(group, x, &point->X, Z_2, ctx)) { + goto err; } if (y != NULL) { if (group->meth->field_encode == 0) { /* field_mul works on standard representation */ - if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx)) - goto err; - } else { - if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->field, ctx)) + if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx)) { goto err; + } + } else if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->field, ctx)) { + goto err; } /* in the Montgomery case, field_mul will cancel out Montgomery factor in * Y: */ - if (!group->meth->field_mul(group, y, &point->Y, Z_3, ctx)) + if (!group->meth->field_mul(group, y, &point->Y, Z_3, ctx)) { goto err; + } } } @@ -604,8 +602,7 @@ int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, err: BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; } @@ -619,12 +616,15 @@ int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6; int ret = 0; - if (a == b) + if (a == b) { return EC_POINT_dbl(group, r, a, ctx); - if (EC_POINT_is_at_infinity(group, a)) + } + if (EC_POINT_is_at_infinity(group, a)) { return EC_POINT_copy(r, b); - if (EC_POINT_is_at_infinity(group, b)) + } + if (EC_POINT_is_at_infinity(group, b)) { return EC_POINT_copy(r, a); + } field_mul = group->meth->field_mul; field_sqr = group->meth->field_sqr; @@ -632,8 +632,9 @@ int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) + if (ctx == NULL) { return 0; + } } BN_CTX_start(ctx); @@ -644,8 +645,9 @@ int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, n4 = BN_CTX_get(ctx); n5 = BN_CTX_get(ctx); n6 = BN_CTX_get(ctx); - if (n6 == NULL) + if (n6 == NULL) { goto end; + } /* Note that in this function we must not read components of 'a' or 'b' * once we have written the corresponding components of 'r'. @@ -654,53 +656,51 @@ int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, /* n1, n2 */ if (b->Z_is_one) { - if (!BN_copy(n1, &a->X)) - goto end; - if (!BN_copy(n2, &a->Y)) + if (!BN_copy(n1, &a->X) || !BN_copy(n2, &a->Y)) { goto end; + } /* n1 = X_a */ /* n2 = Y_a */ } else { - if (!field_sqr(group, n0, &b->Z, ctx)) - goto end; - if (!field_mul(group, n1, &a->X, n0, ctx)) + if (!field_sqr(group, n0, &b->Z, ctx) || + !field_mul(group, n1, &a->X, n0, ctx)) { goto end; + } /* n1 = X_a * Z_b^2 */ - if (!field_mul(group, n0, n0, &b->Z, ctx)) - goto end; - if (!field_mul(group, n2, &a->Y, n0, ctx)) + if (!field_mul(group, n0, n0, &b->Z, ctx) || + !field_mul(group, n2, &a->Y, n0, ctx)) { goto end; + } /* n2 = Y_a * Z_b^3 */ } /* n3, n4 */ if (a->Z_is_one) { - if (!BN_copy(n3, &b->X)) - goto end; - if (!BN_copy(n4, &b->Y)) + if (!BN_copy(n3, &b->X) || !BN_copy(n4, &b->Y)) { goto end; + } /* n3 = X_b */ /* n4 = Y_b */ } else { - if (!field_sqr(group, n0, &a->Z, ctx)) - goto end; - if (!field_mul(group, n3, &b->X, n0, ctx)) + if (!field_sqr(group, n0, &a->Z, ctx) || + !field_mul(group, n3, &b->X, n0, ctx)) { goto end; + } /* n3 = X_b * Z_a^2 */ - if (!field_mul(group, n0, n0, &a->Z, ctx)) - goto end; - if (!field_mul(group, n4, &b->Y, n0, ctx)) + if (!field_mul(group, n0, n0, &a->Z, ctx) || + !field_mul(group, n4, &b->Y, n0, ctx)) { goto end; + } /* n4 = Y_b * Z_a^3 */ } /* n5, n6 */ - if (!BN_mod_sub_quick(n5, n1, n3, p)) - goto end; - if (!BN_mod_sub_quick(n6, n2, n4, p)) + if (!BN_mod_sub_quick(n5, n1, n3, p) || + !BN_mod_sub_quick(n6, n2, n4, p)) { goto end; + } /* n5 = n1 - n3 */ /* n6 = n2 - n4 */ @@ -721,76 +721,79 @@ int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, } /* 'n7', 'n8' */ - if (!BN_mod_add_quick(n1, n1, n3, p)) - goto end; - if (!BN_mod_add_quick(n2, n2, n4, p)) + if (!BN_mod_add_quick(n1, n1, n3, p) || + !BN_mod_add_quick(n2, n2, n4, p)) { goto end; + } /* 'n7' = n1 + n3 */ /* 'n8' = n2 + n4 */ /* Z_r */ if (a->Z_is_one && b->Z_is_one) { - if (!BN_copy(&r->Z, n5)) + if (!BN_copy(&r->Z, n5)) { goto end; + } } else { if (a->Z_is_one) { - if (!BN_copy(n0, &b->Z)) + if (!BN_copy(n0, &b->Z)) { goto end; + } } else if (b->Z_is_one) { - if (!BN_copy(n0, &a->Z)) - goto end; - } else { - if (!field_mul(group, n0, &a->Z, &b->Z, ctx)) + if (!BN_copy(n0, &a->Z)) { goto end; + } + } else if (!field_mul(group, n0, &a->Z, &b->Z, ctx)) { + goto end; } - if (!field_mul(group, &r->Z, n0, n5, ctx)) + if (!field_mul(group, &r->Z, n0, n5, ctx)) { goto end; + } } r->Z_is_one = 0; /* Z_r = Z_a * Z_b * n5 */ /* X_r */ - if (!field_sqr(group, n0, n6, ctx)) - goto end; - if (!field_sqr(group, n4, n5, ctx)) - goto end; - if (!field_mul(group, n3, n1, n4, ctx)) - goto end; - if (!BN_mod_sub_quick(&r->X, n0, n3, p)) + if (!field_sqr(group, n0, n6, ctx) || + !field_sqr(group, n4, n5, ctx) || + !field_mul(group, n3, n1, n4, ctx) || + !BN_mod_sub_quick(&r->X, n0, n3, p)) { goto end; + } /* X_r = n6^2 - n5^2 * 'n7' */ /* 'n9' */ - if (!BN_mod_lshift1_quick(n0, &r->X, p)) - goto end; - if (!BN_mod_sub_quick(n0, n3, n0, p)) + if (!BN_mod_lshift1_quick(n0, &r->X, p) || + !BN_mod_sub_quick(n0, n3, n0, p)) { goto end; + } /* n9 = n5^2 * 'n7' - 2 * X_r */ /* Y_r */ - if (!field_mul(group, n0, n0, n6, ctx)) - goto end; - if (!field_mul(group, n5, n4, n5, ctx)) + if (!field_mul(group, n0, n0, n6, ctx) || + !field_mul(group, n5, n4, n5, ctx)) { goto end; /* now n5 is n5^3 */ - if (!field_mul(group, n1, n2, n5, ctx)) + } + if (!field_mul(group, n1, n2, n5, ctx) || + !BN_mod_sub_quick(n0, n0, n1, p)) { goto end; - if (!BN_mod_sub_quick(n0, n0, n1, p)) + } + if (BN_is_odd(n0) && !BN_add(n0, n0, p)) { goto end; - if (BN_is_odd(n0)) - if (!BN_add(n0, n0, p)) - goto end; + } /* now 0 <= n0 < 2*p, and n0 is even */ - if (!BN_rshift1(&r->Y, n0)) + if (!BN_rshift1(&r->Y, n0)) { goto end; + } /* Y_r = (n6 * 'n9' - 'n8' * 'n5^3') / 2 */ ret = 1; end: - if (ctx) /* otherwise we already called BN_CTX_end */ + if (ctx) { + /* otherwise we already called BN_CTX_end */ BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + } + BN_CTX_free(new_ctx); return ret; } @@ -816,8 +819,9 @@ int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) + if (ctx == NULL) { return 0; + } } BN_CTX_start(ctx); @@ -825,8 +829,9 @@ int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, n1 = BN_CTX_get(ctx); n2 = BN_CTX_get(ctx); n3 = BN_CTX_get(ctx); - if (n3 == NULL) + if (n3 == NULL) { goto err; + } /* Note that in this function we must not read components of 'a' * once we have written the corresponding components of 'r'. @@ -835,108 +840,95 @@ int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, /* n1 */ if (a->Z_is_one) { - if (!field_sqr(group, n0, &a->X, ctx)) - goto err; - if (!BN_mod_lshift1_quick(n1, n0, p)) - goto err; - if (!BN_mod_add_quick(n0, n0, n1, p)) - goto err; - if (!BN_mod_add_quick(n1, n0, &group->a, p)) + if (!field_sqr(group, n0, &a->X, ctx) || + !BN_mod_lshift1_quick(n1, n0, p) || + !BN_mod_add_quick(n0, n0, n1, p) || + !BN_mod_add_quick(n1, n0, &group->a, p)) { goto err; + } /* n1 = 3 * X_a^2 + a_curve */ } else if (group->a_is_minus3) { - if (!field_sqr(group, n1, &a->Z, ctx)) - goto err; - if (!BN_mod_add_quick(n0, &a->X, n1, p)) - goto err; - if (!BN_mod_sub_quick(n2, &a->X, n1, p)) - goto err; - if (!field_mul(group, n1, n0, n2, ctx)) - goto err; - if (!BN_mod_lshift1_quick(n0, n1, p)) - goto err; - if (!BN_mod_add_quick(n1, n0, n1, p)) + if (!field_sqr(group, n1, &a->Z, ctx) || + !BN_mod_add_quick(n0, &a->X, n1, p) || + !BN_mod_sub_quick(n2, &a->X, n1, p) || + !field_mul(group, n1, n0, n2, ctx) || + !BN_mod_lshift1_quick(n0, n1, p) || + !BN_mod_add_quick(n1, n0, n1, p)) { goto err; + } /* n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2) * = 3 * X_a^2 - 3 * Z_a^4 */ } else { - if (!field_sqr(group, n0, &a->X, ctx)) - goto err; - if (!BN_mod_lshift1_quick(n1, n0, p)) - goto err; - if (!BN_mod_add_quick(n0, n0, n1, p)) - goto err; - if (!field_sqr(group, n1, &a->Z, ctx)) - goto err; - if (!field_sqr(group, n1, n1, ctx)) - goto err; - if (!field_mul(group, n1, n1, &group->a, ctx)) - goto err; - if (!BN_mod_add_quick(n1, n1, n0, p)) + if (!field_sqr(group, n0, &a->X, ctx) || + !BN_mod_lshift1_quick(n1, n0, p) || + !BN_mod_add_quick(n0, n0, n1, p) || + !field_sqr(group, n1, &a->Z, ctx) || + !field_sqr(group, n1, n1, ctx) || + !field_mul(group, n1, n1, &group->a, ctx) || + !BN_mod_add_quick(n1, n1, n0, p)) { goto err; + } /* n1 = 3 * X_a^2 + a_curve * Z_a^4 */ } /* Z_r */ if (a->Z_is_one) { - if (!BN_copy(n0, &a->Y)) - goto err; - } else { - if (!field_mul(group, n0, &a->Y, &a->Z, ctx)) + if (!BN_copy(n0, &a->Y)) { goto err; + } + } else if (!field_mul(group, n0, &a->Y, &a->Z, ctx)) { + goto err; } - if (!BN_mod_lshift1_quick(&r->Z, n0, p)) + if (!BN_mod_lshift1_quick(&r->Z, n0, p)) { goto err; + } r->Z_is_one = 0; /* Z_r = 2 * Y_a * Z_a */ /* n2 */ - if (!field_sqr(group, n3, &a->Y, ctx)) - goto err; - if (!field_mul(group, n2, &a->X, n3, ctx)) - goto err; - if (!BN_mod_lshift_quick(n2, n2, 2, p)) + if (!field_sqr(group, n3, &a->Y, ctx) || + !field_mul(group, n2, &a->X, n3, ctx) || + !BN_mod_lshift_quick(n2, n2, 2, p)) { goto err; + } /* n2 = 4 * X_a * Y_a^2 */ /* X_r */ - if (!BN_mod_lshift1_quick(n0, n2, p)) - goto err; - if (!field_sqr(group, &r->X, n1, ctx)) - goto err; - if (!BN_mod_sub_quick(&r->X, &r->X, n0, p)) + if (!BN_mod_lshift1_quick(n0, n2, p) || + !field_sqr(group, &r->X, n1, ctx) || + !BN_mod_sub_quick(&r->X, &r->X, n0, p)) { goto err; + } /* X_r = n1^2 - 2 * n2 */ /* n3 */ - if (!field_sqr(group, n0, n3, ctx)) - goto err; - if (!BN_mod_lshift_quick(n3, n0, 3, p)) + if (!field_sqr(group, n0, n3, ctx) || + !BN_mod_lshift_quick(n3, n0, 3, p)) { goto err; + } /* n3 = 8 * Y_a^4 */ /* Y_r */ - if (!BN_mod_sub_quick(n0, n2, &r->X, p)) - goto err; - if (!field_mul(group, n0, n1, n0, ctx)) - goto err; - if (!BN_mod_sub_quick(&r->Y, n0, n3, p)) + if (!BN_mod_sub_quick(n0, n2, &r->X, p) || + !field_mul(group, n0, n1, n0, ctx) || + !BN_mod_sub_quick(&r->Y, n0, n3, p)) { goto err; + } /* Y_r = n1 * (n2 - X_r) - n3 */ ret = 1; err: BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; } int ec_GFp_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) { - if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y)) + if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y)) { /* point is its own inverse */ return 1; + } return BN_usub(&point->Y, &group->field, &point->Y); } @@ -955,8 +947,9 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BIGNUM *rh, *tmp, *Z4, *Z6; int ret = -1; - if (EC_POINT_is_at_infinity(group, point)) + if (EC_POINT_is_at_infinity(group, point)) { return 1; + } field_mul = group->meth->field_mul; field_sqr = group->meth->field_sqr; @@ -964,8 +957,9 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) + if (ctx == NULL) { return -1; + } } BN_CTX_start(ctx); @@ -973,8 +967,9 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, tmp = BN_CTX_get(ctx); Z4 = BN_CTX_get(ctx); Z6 = BN_CTX_get(ctx); - if (Z6 == NULL) + if (Z6 == NULL) { goto err; + } /* We have a curve defined by a Weierstrass equation * y^2 = x^3 + a*x + b. @@ -987,64 +982,62 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, */ /* rh := X^2 */ - if (!field_sqr(group, rh, &point->X, ctx)) + if (!field_sqr(group, rh, &point->X, ctx)) { goto err; + } if (!point->Z_is_one) { - if (!field_sqr(group, tmp, &point->Z, ctx)) - goto err; - if (!field_sqr(group, Z4, tmp, ctx)) - goto err; - if (!field_mul(group, Z6, Z4, tmp, ctx)) + if (!field_sqr(group, tmp, &point->Z, ctx) || + !field_sqr(group, Z4, tmp, ctx) || + !field_mul(group, Z6, Z4, tmp, ctx)) { goto err; + } /* rh := (rh + a*Z^4)*X */ if (group->a_is_minus3) { - if (!BN_mod_lshift1_quick(tmp, Z4, p)) - goto err; - if (!BN_mod_add_quick(tmp, tmp, Z4, p)) - goto err; - if (!BN_mod_sub_quick(rh, rh, tmp, p)) - goto err; - if (!field_mul(group, rh, rh, &point->X, ctx)) + if (!BN_mod_lshift1_quick(tmp, Z4, p) || + !BN_mod_add_quick(tmp, tmp, Z4, p) || + !BN_mod_sub_quick(rh, rh, tmp, p) || + !field_mul(group, rh, rh, &point->X, ctx)) { goto err; + } } else { - if (!field_mul(group, tmp, Z4, &group->a, ctx)) - goto err; - if (!BN_mod_add_quick(rh, rh, tmp, p)) - goto err; - if (!field_mul(group, rh, rh, &point->X, ctx)) + if (!field_mul(group, tmp, Z4, &group->a, ctx) || + !BN_mod_add_quick(rh, rh, tmp, p) || + !field_mul(group, rh, rh, &point->X, ctx)) { goto err; + } } /* rh := rh + b*Z^6 */ - if (!field_mul(group, tmp, &group->b, Z6, ctx)) - goto err; - if (!BN_mod_add_quick(rh, rh, tmp, p)) + if (!field_mul(group, tmp, &group->b, Z6, ctx) || + !BN_mod_add_quick(rh, rh, tmp, p)) { goto err; + } } else { /* point->Z_is_one */ /* rh := (rh + a)*X */ - if (!BN_mod_add_quick(rh, rh, &group->a, p)) - goto err; - if (!field_mul(group, rh, rh, &point->X, ctx)) + if (!BN_mod_add_quick(rh, rh, &group->a, p) || + !field_mul(group, rh, rh, &point->X, ctx)) { goto err; + } /* rh := rh + b */ - if (!BN_mod_add_quick(rh, rh, &group->b, p)) + if (!BN_mod_add_quick(rh, rh, &group->b, p)) { goto err; + } } /* 'lh' := Y^2 */ - if (!field_sqr(group, tmp, &point->Y, ctx)) + if (!field_sqr(group, tmp, &point->Y, ctx)) { goto err; + } ret = (0 == BN_ucmp(tmp, rh)); err: BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; } @@ -1068,8 +1061,9 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, return EC_POINT_is_at_infinity(group, b) ? 0 : 1; } - if (EC_POINT_is_at_infinity(group, b)) + if (EC_POINT_is_at_infinity(group, b)) { return 1; + } if (a->Z_is_one && b->Z_is_one) { return ((BN_cmp(&a->X, &b->X) == 0) && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1; @@ -1080,8 +1074,9 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) + if (ctx == NULL) { return -1; + } } BN_CTX_start(ctx); @@ -1089,8 +1084,9 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, tmp2 = BN_CTX_get(ctx); Za23 = BN_CTX_get(ctx); Zb23 = BN_CTX_get(ctx); - if (Zb23 == NULL) + if (Zb23 == NULL) { goto end; + } /* We have to decide whether * (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3), @@ -1099,21 +1095,23 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, */ if (!b->Z_is_one) { - if (!field_sqr(group, Zb23, &b->Z, ctx)) - goto end; - if (!field_mul(group, tmp1, &a->X, Zb23, ctx)) + if (!field_sqr(group, Zb23, &b->Z, ctx) || + !field_mul(group, tmp1, &a->X, Zb23, ctx)) { goto end; + } tmp1_ = tmp1; - } else + } else { tmp1_ = &a->X; + } if (!a->Z_is_one) { - if (!field_sqr(group, Za23, &a->Z, ctx)) - goto end; - if (!field_mul(group, tmp2, &b->X, Za23, ctx)) + if (!field_sqr(group, Za23, &a->Z, ctx) || + !field_mul(group, tmp2, &b->X, Za23, ctx)) { goto end; + } tmp2_ = tmp2; - } else + } else { tmp2_ = &b->X; + } /* compare X_a*Z_b^2 with X_b*Z_a^2 */ if (BN_cmp(tmp1_, tmp2_) != 0) { @@ -1123,21 +1121,23 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, if (!b->Z_is_one) { - if (!field_mul(group, Zb23, Zb23, &b->Z, ctx)) - goto end; - if (!field_mul(group, tmp1, &a->Y, Zb23, ctx)) + if (!field_mul(group, Zb23, Zb23, &b->Z, ctx) || + !field_mul(group, tmp1, &a->Y, Zb23, ctx)) { goto end; + } /* tmp1_ = tmp1 */ - } else + } else { tmp1_ = &a->Y; + } if (!a->Z_is_one) { - if (!field_mul(group, Za23, Za23, &a->Z, ctx)) - goto end; - if (!field_mul(group, tmp2, &b->Y, Za23, ctx)) + if (!field_mul(group, Za23, Za23, &a->Z, ctx) || + !field_mul(group, tmp2, &b->Y, Za23, ctx)) { goto end; + } /* tmp2_ = tmp2 */ - } else + } else { tmp2_ = &b->Y; + } /* compare Y_a*Z_b^3 with Y_b*Z_a^3 */ if (BN_cmp(tmp1_, tmp2_) != 0) { @@ -1150,8 +1150,7 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, end: BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; } @@ -1161,25 +1160,28 @@ int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BIGNUM *x, *y; int ret = 0; - if (point->Z_is_one || EC_POINT_is_at_infinity(group, point)) + if (point->Z_is_one || EC_POINT_is_at_infinity(group, point)) { return 1; + } if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) + if (ctx == NULL) { return 0; + } } BN_CTX_start(ctx); x = BN_CTX_get(ctx); y = BN_CTX_get(ctx); - if (y == NULL) + if (y == NULL) { goto err; + } - if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) - goto err; - if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) + if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx) || + !EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) { goto err; + } if (!point->Z_is_one) { OPENSSL_PUT_ERROR(EC, ec_GFp_simple_make_affine, ERR_R_INTERNAL_ERROR); goto err; @@ -1189,8 +1191,7 @@ int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point, err: BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; } @@ -1335,9 +1336,7 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, err: BN_CTX_end(ctx); - if (new_ctx != NULL) { - BN_CTX_free(new_ctx); - } + BN_CTX_free(new_ctx); if (prod_Z != NULL) { for (i = 0; i < num; i++) { if (prod_Z[i] == NULL) { diff --git a/src/crypto/ec/util-64.c b/src/crypto/ec/util-64.c new file mode 100644 index 0000000..171b063 --- /dev/null +++ b/src/crypto/ec/util-64.c @@ -0,0 +1,183 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include + + +#if defined(OPENSSL_64_BIT) && !defined(OPENSSL_WINDOWS) + +#include + +#include "internal.h" + +/* Convert an array of points into affine coordinates. (If the point at + * infinity is found (Z = 0), it remains unchanged.) This function is + * essentially an equivalent to EC_POINTs_make_affine(), but works with the + * internal representation of points as used by ecp_nistp###.c rather than + * with (BIGNUM-based) EC_POINT data structures. point_array is the + * input/output buffer ('num' points in projective form, i.e. three + * coordinates each), based on an internal representation of field elements + * of size 'felem_size'. tmp_felems needs to point to a temporary array of + * 'num'+1 field elements for storage of intermediate values. */ +void ec_GFp_nistp_points_make_affine_internal( + size_t num, void *point_array, size_t felem_size, void *tmp_felems, + void (*felem_one)(void *out), int (*felem_is_zero)(const void *in), + void (*felem_assign)(void *out, const void *in), + void (*felem_square)(void *out, const void *in), + void (*felem_mul)(void *out, const void *in1, const void *in2), + void (*felem_inv)(void *out, const void *in), + void (*felem_contract)(void *out, const void *in)) { + int i = 0; + +#define tmp_felem(I) (&((char *)tmp_felems)[(I)*felem_size]) +#define X(I) (&((char *)point_array)[3 * (I)*felem_size]) +#define Y(I) (&((char *)point_array)[(3 * (I) + 1) * felem_size]) +#define Z(I) (&((char *)point_array)[(3 * (I) + 2) * felem_size]) + + if (!felem_is_zero(Z(0))) { + felem_assign(tmp_felem(0), Z(0)); + } else { + felem_one(tmp_felem(0)); + } + + for (i = 1; i < (int)num; i++) { + if (!felem_is_zero(Z(i))) { + felem_mul(tmp_felem(i), tmp_felem(i - 1), Z(i)); + } else { + felem_assign(tmp_felem(i), tmp_felem(i - 1)); + } + } + /* Now each tmp_felem(i) is the product of Z(0) .. Z(i), skipping any + * zero-valued factors: if Z(i) = 0, we essentially pretend that Z(i) = 1. */ + + felem_inv(tmp_felem(num - 1), tmp_felem(num - 1)); + for (i = num - 1; i >= 0; i--) { + if (i > 0) { + /* tmp_felem(i-1) is the product of Z(0) .. Z(i-1), tmp_felem(i) + * is the inverse of the product of Z(0) .. Z(i). */ + /* 1/Z(i) */ + felem_mul(tmp_felem(num), tmp_felem(i - 1), tmp_felem(i)); + } else { + felem_assign(tmp_felem(num), tmp_felem(0)); /* 1/Z(0) */ + } + + if (!felem_is_zero(Z(i))) { + if (i > 0) { + /* For next iteration, replace tmp_felem(i-1) by its inverse. */ + felem_mul(tmp_felem(i - 1), tmp_felem(i), Z(i)); + } + + /* Convert point (X, Y, Z) into affine form (X/(Z^2), Y/(Z^3), 1). */ + felem_square(Z(i), tmp_felem(num)); /* 1/(Z^2) */ + felem_mul(X(i), X(i), Z(i)); /* X/(Z^2) */ + felem_mul(Z(i), Z(i), tmp_felem(num)); /* 1/(Z^3) */ + felem_mul(Y(i), Y(i), Z(i)); /* Y/(Z^3) */ + felem_contract(X(i), X(i)); + felem_contract(Y(i), Y(i)); + felem_one(Z(i)); + } else { + if (i > 0) { + /* For next iteration, replace tmp_felem(i-1) by its inverse. */ + felem_assign(tmp_felem(i - 1), tmp_felem(i)); + } + } + } +} + +/* This function looks at 5+1 scalar bits (5 current, 1 adjacent less + * significant bit), and recodes them into a signed digit for use in fast point + * multiplication: the use of signed rather than unsigned digits means that + * fewer points need to be precomputed, given that point inversion is easy (a + * precomputed point dP makes -dP available as well). + * + * BACKGROUND: + * + * Signed digits for multiplication were introduced by Booth ("A signed binary + * multiplication technique", Quart. Journ. Mech. and Applied Math., vol. IV, + * pt. 2 (1951), pp. 236-240), in that case for multiplication of integers. + * Booth's original encoding did not generally improve the density of nonzero + * digits over the binary representation, and was merely meant to simplify the + * handling of signed factors given in two's complement; but it has since been + * shown to be the basis of various signed-digit representations that do have + * further advantages, including the wNAF, using the following general + * approach: + * + * (1) Given a binary representation + * + * b_k ... b_2 b_1 b_0, + * + * of a nonnegative integer (b_k in {0, 1}), rewrite it in digits 0, 1, -1 + * by using bit-wise subtraction as follows: + * + * b_k b_(k-1) ... b_2 b_1 b_0 + * - b_k ... b_3 b_2 b_1 b_0 + * ------------------------------------- + * s_k b_(k-1) ... s_3 s_2 s_1 s_0 + * + * A left-shift followed by subtraction of the original value yields a new + * representation of the same value, using signed bits s_i = b_(i+1) - b_i. + * This representation from Booth's paper has since appeared in the + * literature under a variety of different names including "reversed binary + * form", "alternating greedy expansion", "mutual opposite form", and + * "sign-alternating {+-1}-representation". + * + * An interesting property is that among the nonzero bits, values 1 and -1 + * strictly alternate. + * + * (2) Various window schemes can be applied to the Booth representation of + * integers: for example, right-to-left sliding windows yield the wNAF + * (a signed-digit encoding independently discovered by various researchers + * in the 1990s), and left-to-right sliding windows yield a left-to-right + * equivalent of the wNAF (independently discovered by various researchers + * around 2004). + * + * To prevent leaking information through side channels in point multiplication, + * we need to recode the given integer into a regular pattern: sliding windows + * as in wNAFs won't do, we need their fixed-window equivalent -- which is a few + * decades older: we'll be using the so-called "modified Booth encoding" due to + * MacSorley ("High-speed arithmetic in binary computers", Proc. IRE, vol. 49 + * (1961), pp. 67-91), in a radix-2^5 setting. That is, we always combine five + * signed bits into a signed digit: + * + * s_(4j + 4) s_(4j + 3) s_(4j + 2) s_(4j + 1) s_(4j) + * + * The sign-alternating property implies that the resulting digit values are + * integers from -16 to 16. + * + * Of course, we don't actually need to compute the signed digits s_i as an + * intermediate step (that's just a nice way to see how this scheme relates + * to the wNAF): a direct computation obtains the recoded digit from the + * six bits b_(4j + 4) ... b_(4j - 1). + * + * This function takes those five bits as an integer (0 .. 63), writing the + * recoded digit to *sign (0 for positive, 1 for negative) and *digit (absolute + * value, in the range 0 .. 8). Note that this integer essentially provides the + * input bits "shifted to the left" by one position: for example, the input to + * compute the least significant recoded digit, given that there's no bit b_-1, + * has to be b_4 b_3 b_2 b_1 b_0 0. */ +void ec_GFp_nistp_recode_scalar_bits(uint8_t *sign, uint8_t *digit, + uint8_t in) { + uint8_t s, d; + + s = ~((in >> 5) - 1); /* sets all bits to MSB(in), 'in' seen as + * 6-bit value */ + d = (1 << 6) - in - 1; + d = (d & s) | (in & ~s); + d = (d >> 1) + (d & 1); + + *sign = s & 1; + *digit = d; +} + +#endif /* 64_BIT && !WINDOWS */ diff --git a/src/crypto/ec/wnaf.c b/src/crypto/ec/wnaf.c index 9016328..d87a7d9 100644 --- a/src/crypto/ec/wnaf.c +++ b/src/crypto/ec/wnaf.c @@ -72,6 +72,7 @@ #include #include #include +#include #include "internal.h" @@ -84,7 +85,6 @@ /* structure for precomputed multiples of the generator */ typedef struct ec_pre_comp_st { - const EC_GROUP *group; /* parent EC_GROUP object */ size_t blocksize; /* block size for wNAF splitting */ size_t numblocks; /* max. number of blocks for which we have precomputation */ size_t w; /* window size */ @@ -94,18 +94,14 @@ typedef struct ec_pre_comp_st { int references; } EC_PRE_COMP; -static EC_PRE_COMP *ec_pre_comp_new(const EC_GROUP *group) { +static EC_PRE_COMP *ec_pre_comp_new(void) { EC_PRE_COMP *ret = NULL; - if (!group) - return NULL; - ret = (EC_PRE_COMP *)OPENSSL_malloc(sizeof(EC_PRE_COMP)); if (!ret) { OPENSSL_PUT_ERROR(EC, ec_pre_comp_new, ERR_R_MALLOC_FAILURE); return ret; } - ret->group = group; ret->blocksize = 8; /* default */ ret->numblocks = 0; ret->w = 4; /* default */ @@ -125,14 +121,8 @@ void *ec_pre_comp_dup(EC_PRE_COMP *pre_comp) { } void ec_pre_comp_free(EC_PRE_COMP *pre_comp) { - int i; - - if (!pre_comp) { - return; - } - - i = CRYPTO_add(&pre_comp->references, -1, CRYPTO_LOCK_EC_PRE_COMP); - if (i > 0) { + if (pre_comp == NULL || + CRYPTO_add(&pre_comp->references, -1, CRYPTO_LOCK_EC_PRE_COMP) > 0) { return; } @@ -272,8 +262,9 @@ err: OPENSSL_free(r); r = NULL; } - if (ok) + if (ok) { *ret_len = len; + } return r; } @@ -341,8 +332,9 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) + if (ctx == NULL) { goto err; + } } if (scalar != NULL) { @@ -365,8 +357,9 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, numblocks = (BN_num_bits(scalar) / blocksize) + 1; /* we cannot use more blocks than we have precomputation for */ - if (numblocks > pre_comp->numblocks) + if (numblocks > pre_comp->numblocks) { numblocks = pre_comp->numblocks; + } pre_points_per_block = (size_t)1 << (pre_comp->w - 1); @@ -413,10 +406,12 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, wNAF[i + 1] = NULL; /* make sure we always have a pivot */ wNAF[i] = compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], &wNAF_len[i]); - if (wNAF[i] == NULL) + if (wNAF[i] == NULL) { goto err; - if (wNAF_len[i] > max_len) + } + if (wNAF_len[i] > max_len) { max_len = wNAF_len[i]; + } } if (numblocks) { @@ -440,8 +435,9 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, /* use the window size for which we have precomputation */ wsize[num] = pre_comp->w; tmp_wNAF = compute_wNAF(scalar, wsize[num], &tmp_len); - if (!tmp_wNAF) + if (!tmp_wNAF) { goto err; + } if (tmp_len <= max_len) { /* One of the other wNAFs is at least as long @@ -484,10 +480,11 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, goto err; } tmp_len -= blocksize; - } else + } else { /* last block gets whatever is left * (this could be more or less than 'blocksize'!) */ wNAF_len[i] = tmp_len; + } wNAF[i + 1] = NULL; wNAF[i] = OPENSSL_malloc(wNAF_len[i]); @@ -497,8 +494,9 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, goto err; } memcpy(wNAF[i], pp, wNAF_len[i]); - if (wNAF_len[i] > max_len) + if (wNAF_len[i] > max_len) { max_len = wNAF_len[i]; + } if (*tmp_points == NULL) { OPENSSL_PUT_ERROR(EC, ec_wNAF_mul, ERR_R_INTERNAL_ERROR); @@ -531,8 +529,9 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, val_sub[i] = v; for (j = 0; j < ((size_t)1 << (wsize[i] - 1)); j++) { *v = EC_POINT_new(group); - if (*v == NULL) + if (*v == NULL) { goto err; + } v++; } } @@ -541,8 +540,9 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, goto err; } - if (!(tmp = EC_POINT_new(group))) + if (!(tmp = EC_POINT_new(group))) { goto err; + } /* prepare precomputed values: * val_sub[i][0] := points[i] @@ -552,34 +552,36 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, */ for (i = 0; i < num + num_scalar; i++) { if (i < num) { - if (!EC_POINT_copy(val_sub[i][0], points[i])) - goto err; - } else { - if (!EC_POINT_copy(val_sub[i][0], generator)) + if (!EC_POINT_copy(val_sub[i][0], points[i])) { goto err; + } + } else if (!EC_POINT_copy(val_sub[i][0], generator)) { + goto err; } if (wsize[i] > 1) { - if (!EC_POINT_dbl(group, tmp, val_sub[i][0], ctx)) + if (!EC_POINT_dbl(group, tmp, val_sub[i][0], ctx)) { goto err; + } for (j = 1; j < ((size_t)1 << (wsize[i] - 1)); j++) { - if (!EC_POINT_add(group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) + if (!EC_POINT_add(group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) { goto err; + } } } } #if 1 /* optional; EC_window_bits_for_scalar_size assumes we do this step */ - if (!EC_POINTs_make_affine(group, num_val, val, ctx)) + if (!EC_POINTs_make_affine(group, num_val, val, ctx)) { goto err; + } #endif r_is_at_infinity = 1; for (k = max_len - 1; k >= 0; k--) { - if (!r_is_at_infinity) { - if (!EC_POINT_dbl(group, r, r, ctx)) - goto err; + if (!r_is_at_infinity && !EC_POINT_dbl(group, r, r, ctx)) { + goto err; } for (i = 0; i < totalnum; i++) { @@ -590,13 +592,13 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, if (digit) { is_neg = digit < 0; - if (is_neg) + if (is_neg) { digit = -digit; + } if (is_neg != r_is_inverted) { - if (!r_is_at_infinity) { - if (!EC_POINT_invert(group, r, ctx)) - goto err; + if (!r_is_at_infinity && !EC_POINT_invert(group, r, ctx)) { + goto err; } r_is_inverted = !r_is_inverted; } @@ -604,12 +606,14 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, /* digit > 0 */ if (r_is_at_infinity) { - if (!EC_POINT_copy(r, val_sub[i][digit >> 1])) + if (!EC_POINT_copy(r, val_sub[i][digit >> 1])) { goto err; + } r_is_at_infinity = 0; } else { - if (!EC_POINT_add(group, r, r, val_sub[i][digit >> 1], ctx)) + if (!EC_POINT_add(group, r, r, val_sub[i][digit >> 1], ctx)) { goto err; + } } } } @@ -617,42 +621,37 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, } if (r_is_at_infinity) { - if (!EC_POINT_set_to_infinity(group, r)) + if (!EC_POINT_set_to_infinity(group, r)) { goto err; - } else { - if (r_is_inverted) - if (!EC_POINT_invert(group, r, ctx)) - goto err; + } + } else if (r_is_inverted && !EC_POINT_invert(group, r, ctx)) { + goto err; } ret = 1; err: - if (new_ctx != NULL) - BN_CTX_free(new_ctx); - if (tmp != NULL) - EC_POINT_free(tmp); - if (wsize != NULL) - OPENSSL_free(wsize); - if (wNAF_len != NULL) - OPENSSL_free(wNAF_len); + BN_CTX_free(new_ctx); + EC_POINT_free(tmp); + OPENSSL_free(wsize); + OPENSSL_free(wNAF_len); if (wNAF != NULL) { signed char **w; - for (w = wNAF; *w != NULL; w++) + for (w = wNAF; *w != NULL; w++) { OPENSSL_free(*w); + } OPENSSL_free(wNAF); } if (val != NULL) { - for (v = val; *v != NULL; v++) + for (v = val; *v != NULL; v++) { EC_POINT_clear_free(*v); + } OPENSSL_free(val); } - if (val_sub != NULL) { - OPENSSL_free(val_sub); - } + OPENSSL_free(val_sub); return ret; } @@ -690,33 +689,36 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) { int ret = 0; /* if there is an old EC_PRE_COMP object, throw it away */ - if (group->pre_comp) { - ec_pre_comp_free(group->pre_comp); - group->pre_comp = NULL; - } - - if ((pre_comp = ec_pre_comp_new(group)) == NULL) - return 0; + ec_pre_comp_free(group->pre_comp); + group->pre_comp = NULL; generator = EC_GROUP_get0_generator(group); if (generator == NULL) { OPENSSL_PUT_ERROR(EC, ec_wNAF_precompute_mult, EC_R_UNDEFINED_GENERATOR); - goto err; + return 0; + } + + pre_comp = ec_pre_comp_new(); + if (pre_comp == NULL) { + return 0; } if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) + if (ctx == NULL) { goto err; + } } BN_CTX_start(ctx); order = BN_CTX_get(ctx); - if (order == NULL) + if (order == NULL) { goto err; + } - if (!EC_GROUP_get_order(group, order, ctx)) + if (!EC_GROUP_get_order(group, order, ctx)) { goto err; + } if (BN_is_zero(order)) { OPENSSL_PUT_ERROR(EC, ec_wNAF_precompute_mult, EC_R_UNKNOWN_ORDER); goto err; @@ -764,23 +766,27 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) { goto err; } - if (!EC_POINT_copy(base, generator)) + if (!EC_POINT_copy(base, generator)) { goto err; + } /* do the precomputation */ for (i = 0; i < numblocks; i++) { size_t j; - if (!EC_POINT_dbl(group, tmp_point, base, ctx)) + if (!EC_POINT_dbl(group, tmp_point, base, ctx)) { goto err; + } - if (!EC_POINT_copy(*var++, base)) + if (!EC_POINT_copy(*var++, base)) { goto err; + } for (j = 1; j < pre_points_per_block; j++, var++) { /* calculate odd multiples of the current base point */ - if (!EC_POINT_add(group, *var, tmp_point, *(var - 1), ctx)) + if (!EC_POINT_add(group, *var, tmp_point, *(var - 1), ctx)) { goto err; + } } if (i < numblocks - 1) { @@ -792,19 +798,21 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) { goto err; } - if (!EC_POINT_dbl(group, base, tmp_point, ctx)) + if (!EC_POINT_dbl(group, base, tmp_point, ctx)) { goto err; + } for (k = 2; k < blocksize; k++) { - if (!EC_POINT_dbl(group, base, base, ctx)) + if (!EC_POINT_dbl(group, base, base, ctx)) { goto err; + } } } } - if (!EC_POINTs_make_affine(group, num, points, ctx)) + if (!EC_POINTs_make_affine(group, num, points, ctx)) { goto err; + } - pre_comp->group = group; pre_comp->blocksize = blocksize; pre_comp->numblocks = numblocks; pre_comp->w = w; @@ -818,23 +826,21 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) { ret = 1; err: - if (ctx != NULL) + if (ctx != NULL) { BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); - if (pre_comp) - ec_pre_comp_free(pre_comp); + } + BN_CTX_free(new_ctx); + ec_pre_comp_free(pre_comp); if (points) { EC_POINT **p; - for (p = points; *p != NULL; p++) + for (p = points; *p != NULL; p++) { EC_POINT_free(*p); + } OPENSSL_free(points); } - if (tmp_point) - EC_POINT_free(tmp_point); - if (base) - EC_POINT_free(base); + EC_POINT_free(tmp_point); + EC_POINT_free(base); return ret; } diff --git a/src/crypto/ecdh/CMakeLists.txt b/src/crypto/ecdh/CMakeLists.txt index b312148..346e72d 100644 --- a/src/crypto/ecdh/CMakeLists.txt +++ b/src/crypto/ecdh/CMakeLists.txt @@ -6,5 +6,4 @@ add_library( OBJECT ecdh.c - ecdh_error.c ) diff --git a/src/crypto/ecdh/ecdh.c b/src/crypto/ecdh/ecdh.c index d4497f1..a011bab 100644 --- a/src/crypto/ecdh/ecdh.c +++ b/src/crypto/ecdh/ecdh.c @@ -145,13 +145,17 @@ int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, } err: - if (tmp) + if (tmp) { EC_POINT_free(tmp); - if (ctx) + } + if (ctx) { BN_CTX_end(ctx); - if (ctx) + } + if (ctx) { BN_CTX_free(ctx); - if (buf) + } + if (buf) { OPENSSL_free(buf); + } return ret; } diff --git a/src/crypto/ecdh/ecdh_error.c b/src/crypto/ecdh/ecdh_error.c deleted file mode 100644 index 8ba1854..0000000 --- a/src/crypto/ecdh/ecdh_error.c +++ /dev/null @@ -1,25 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#include - -#include - -const ERR_STRING_DATA ECDH_error_string_data[] = { - {ERR_PACK(ERR_LIB_ECDH, ECDH_F_ECDH_compute_key, 0), "ECDH_compute_key"}, - {ERR_PACK(ERR_LIB_ECDH, 0, ECDH_R_KDF_FAILED), "KDF_FAILED"}, - {ERR_PACK(ERR_LIB_ECDH, 0, ECDH_R_NO_PRIVATE_VALUE), "NO_PRIVATE_VALUE"}, - {ERR_PACK(ERR_LIB_ECDH, 0, ECDH_R_POINT_ARITHMETIC_FAILURE), "POINT_ARITHMETIC_FAILURE"}, - {0, NULL}, -}; diff --git a/src/crypto/ecdsa/CMakeLists.txt b/src/crypto/ecdsa/CMakeLists.txt index 4bddd27..c8645d1 100644 --- a/src/crypto/ecdsa/CMakeLists.txt +++ b/src/crypto/ecdsa/CMakeLists.txt @@ -7,14 +7,13 @@ add_library( ecdsa.c ecdsa_asn1.c - ecdsa_error.c ) add_executable( ecdsa_test - ecdsa_test.c + ecdsa_test.cc ) target_link_libraries(ecdsa_test crypto) diff --git a/src/crypto/ecdsa/ecdsa.c b/src/crypto/ecdsa/ecdsa.c index d389799..b71799e 100644 --- a/src/crypto/ecdsa/ecdsa.c +++ b/src/crypto/ecdsa/ecdsa.c @@ -57,7 +57,6 @@ #include #include #include -#include #include "../ec/internal.h" @@ -98,12 +97,8 @@ int ECDSA_verify(int type, const uint8_t *digest, size_t digest_len, ret = ECDSA_do_verify(digest, digest_len, s, eckey); err: - if (der != NULL) { - OPENSSL_free(der); - } - if (s != NULL) { - ECDSA_SIG_free(s); - } + OPENSSL_free(der); + ECDSA_SIG_free(s); return ret; } @@ -232,9 +227,7 @@ int ECDSA_do_verify(const uint8_t *digest, size_t digest_len, err: BN_CTX_end(ctx); BN_CTX_free(ctx); - if (point) { - EC_POINT_free(point); - } + EC_POINT_free(point); return ret; } @@ -334,12 +327,8 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, goto err; } /* clear old values if necessary */ - if (*rp != NULL) { - BN_clear_free(*rp); - } - if (*kinvp != NULL) { - BN_clear_free(*kinvp); - } + BN_clear_free(*rp); + BN_clear_free(*kinvp); /* save the pre-computed values */ *rp = r; @@ -348,21 +337,15 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, err: if (!ret) { - if (k != NULL) { - BN_clear_free(k); - } - if (r != NULL) { - BN_clear_free(r); - } + BN_clear_free(k); + BN_clear_free(r); } - if (ctx_in == NULL) + if (ctx_in == NULL) { BN_CTX_free(ctx); - if (order != NULL) - BN_free(order); - if (tmp_point != NULL) - EC_POINT_free(tmp_point); - if (X) - BN_clear_free(X); + } + BN_free(order); + EC_POINT_free(tmp_point); + BN_clear_free(X); return ret; } @@ -461,16 +444,11 @@ err: ECDSA_SIG_free(ret); ret = NULL; } - if (ctx) - BN_CTX_free(ctx); - if (m) - BN_clear_free(m); - if (tmp) - BN_clear_free(tmp); - if (order) - BN_free(order); - if (kinv) - BN_clear_free(kinv); + BN_CTX_free(ctx); + BN_clear_free(m); + BN_clear_free(tmp); + BN_free(order); + BN_clear_free(kinv); return ret; } diff --git a/src/crypto/ecdsa/ecdsa_asn1.c b/src/crypto/ecdsa/ecdsa_asn1.c index b3c6a87..f557ca7 100644 --- a/src/crypto/ecdsa/ecdsa_asn1.c +++ b/src/crypto/ecdsa/ecdsa_asn1.c @@ -55,6 +55,7 @@ #include #include #include +#include #include "../ec/internal.h" @@ -67,7 +68,7 @@ ASN1_SEQUENCE(ECDSA_SIG) = { ASN1_SIMPLE(ECDSA_SIG, s, CBIGNUM), } ASN1_SEQUENCE_END(ECDSA_SIG); -IMPLEMENT_ASN1_FUNCTIONS_const(ECDSA_SIG); +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ECDSA_SIG, ECDSA_SIG, ECDSA_SIG); size_t ECDSA_size(const EC_KEY *key) { size_t ret, i, group_order_size; @@ -114,3 +115,27 @@ size_t ECDSA_size(const EC_KEY *key) { BN_clear_free(order); return ret; } + +ECDSA_SIG *ECDSA_SIG_new(void) { + ECDSA_SIG *sig = OPENSSL_malloc(sizeof(ECDSA_SIG)); + if (sig == NULL) { + return NULL; + } + sig->r = BN_new(); + sig->s = BN_new(); + if (sig->r == NULL || sig->s == NULL) { + ECDSA_SIG_free(sig); + return NULL; + } + return sig; +} + +void ECDSA_SIG_free(ECDSA_SIG *sig) { + if (sig == NULL) { + return; + } + + BN_free(sig->r); + BN_free(sig->s); + OPENSSL_free(sig); +} diff --git a/src/crypto/ecdsa/ecdsa_error.c b/src/crypto/ecdsa/ecdsa_error.c deleted file mode 100644 index cbd69ce..0000000 --- a/src/crypto/ecdsa/ecdsa_error.c +++ /dev/null @@ -1,32 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#include - -#include - -const ERR_STRING_DATA ECDSA_error_string_data[] = { - {ERR_PACK(ERR_LIB_ECDSA, ECDSA_F_ECDSA_do_sign_ex, 0), "ECDSA_do_sign_ex"}, - {ERR_PACK(ERR_LIB_ECDSA, ECDSA_F_ECDSA_do_verify, 0), "ECDSA_do_verify"}, - {ERR_PACK(ERR_LIB_ECDSA, ECDSA_F_ECDSA_sign_ex, 0), "ECDSA_sign_ex"}, - {ERR_PACK(ERR_LIB_ECDSA, ECDSA_F_ECDSA_sign_setup, 0), "ECDSA_sign_setup"}, - {ERR_PACK(ERR_LIB_ECDSA, ECDSA_F_digest_to_bn, 0), "digest_to_bn"}, - {ERR_PACK(ERR_LIB_ECDSA, ECDSA_F_ecdsa_sign_setup, 0), "ecdsa_sign_setup"}, - {ERR_PACK(ERR_LIB_ECDSA, 0, ECDSA_R_BAD_SIGNATURE), "BAD_SIGNATURE"}, - {ERR_PACK(ERR_LIB_ECDSA, 0, ECDSA_R_MISSING_PARAMETERS), "MISSING_PARAMETERS"}, - {ERR_PACK(ERR_LIB_ECDSA, 0, ECDSA_R_NEED_NEW_SETUP_VALUES), "NEED_NEW_SETUP_VALUES"}, - {ERR_PACK(ERR_LIB_ECDSA, 0, ECDSA_R_NOT_IMPLEMENTED), "NOT_IMPLEMENTED"}, - {ERR_PACK(ERR_LIB_ECDSA, 0, ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED), "RANDOM_NUMBER_GENERATION_FAILED"}, - {0, NULL}, -}; diff --git a/src/crypto/ecdsa/ecdsa_test.c b/src/crypto/ecdsa/ecdsa_test.c deleted file mode 100644 index d48f9c3..0000000 --- a/src/crypto/ecdsa/ecdsa_test.c +++ /dev/null @@ -1,328 +0,0 @@ -/* ==================================================================== - * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). */ - -#include - -#include -#include -#include -#include -#include -#include -#include -#include - - -int test_builtin(BIO *out) { - size_t n = 0; - EC_KEY *eckey = NULL, *wrong_eckey = NULL; - EC_GROUP *group; - BIGNUM *order = NULL; - ECDSA_SIG *ecdsa_sig = NULL; - unsigned char digest[20], wrong_digest[20]; - unsigned char *signature = NULL; - const unsigned char *sig_ptr; - unsigned char *sig_ptr2; - unsigned char *raw_buf = NULL; - unsigned int sig_len, r_len, s_len, bn_len, buf_len; - int nid, ret = 0; - - /* fill digest values with some random data */ - if (!RAND_bytes(digest, 20) || !RAND_bytes(wrong_digest, 20)) { - BIO_printf(out, "ERROR: unable to get random data\n"); - goto builtin_err; - } - - order = BN_new(); - if (order == NULL) { - goto builtin_err; - } - - /* create and verify a ecdsa signature with every availble curve - * (with ) */ - BIO_printf(out, - "\ntesting ECDSA_sign() and ECDSA_verify() " - "with some internal curves:\n"); - - static const int kCurveNIDs[] = {NID_secp224r1, NID_X9_62_prime256v1, - NID_secp384r1, NID_secp521r1, NID_undef}; - - /* now create and verify a signature for every curve */ - for (n = 0; kCurveNIDs[n] != NID_undef; n++) { - unsigned char dirt, offset; - - nid = kCurveNIDs[n]; - /* create new ecdsa key (== EC_KEY) */ - eckey = EC_KEY_new(); - if (eckey == NULL) { - goto builtin_err; - } - group = EC_GROUP_new_by_curve_name(nid); - if (group == NULL) { - goto builtin_err; - } - if (!EC_KEY_set_group(eckey, group)) { - goto builtin_err; - } - EC_GROUP_free(group); - if (!EC_GROUP_get_order(EC_KEY_get0_group(eckey), order, NULL)) { - goto builtin_err; - } - if (BN_num_bits(order) < 160) { - /* Too small to test. */ - EC_KEY_free(eckey); - eckey = NULL; - continue; - } - - BIO_printf(out, "%s: ", OBJ_nid2sn(nid)); - /* create key */ - if (!EC_KEY_generate_key(eckey)) { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - /* create second key */ - wrong_eckey = EC_KEY_new(); - if (wrong_eckey == NULL) { - goto builtin_err; - } - group = EC_GROUP_new_by_curve_name(nid); - if (group == NULL) { - goto builtin_err; - } - if (EC_KEY_set_group(wrong_eckey, group) == 0) { - goto builtin_err; - } - EC_GROUP_free(group); - if (!EC_KEY_generate_key(wrong_eckey)) { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - - BIO_printf(out, "."); - (void)BIO_flush(out); - /* check key */ - if (!EC_KEY_check_key(eckey)) { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - BIO_printf(out, "."); - (void)BIO_flush(out); - /* create signature */ - sig_len = ECDSA_size(eckey); - signature = OPENSSL_malloc(sig_len); - if (signature == NULL) { - goto builtin_err; - } - if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey)) { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - BIO_printf(out, "."); - (void)BIO_flush(out); - /* verify signature */ - if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - BIO_printf(out, "."); - (void)BIO_flush(out); - /* verify signature with the wrong key */ - if (ECDSA_verify(0, digest, 20, signature, sig_len, wrong_eckey) == 1) { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - BIO_printf(out, "."); - (void)BIO_flush(out); - /* wrong digest */ - if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len, eckey) == 1) { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - BIO_printf(out, "."); - (void)BIO_flush(out); - /* wrong length */ - if (ECDSA_verify(0, digest, 20, signature, sig_len - 1, eckey) == 1) { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - BIO_printf(out, "."); - (void)BIO_flush(out); - - /* Modify a single byte of the signature: to ensure we don't - * garble the ASN1 structure, we read the raw signature and - * modify a byte in one of the bignums directly. */ - sig_ptr = signature; - ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len); - if (ecdsa_sig == NULL) { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - - /* Store the two BIGNUMs in raw_buf. */ - r_len = BN_num_bytes(ecdsa_sig->r); - s_len = BN_num_bytes(ecdsa_sig->s); - bn_len = BN_num_bytes(order); - if (r_len > bn_len || s_len > bn_len) { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - buf_len = 2 * bn_len; - raw_buf = OPENSSL_malloc(2 * bn_len); - if (raw_buf == NULL) { - goto builtin_err; - } - /* Pad the bignums with leading zeroes. */ - if (!BN_bn2bin_padded(raw_buf, bn_len, ecdsa_sig->r) || - !BN_bn2bin_padded(raw_buf + bn_len, bn_len, ecdsa_sig->s)) { - goto builtin_err; - } - - /* Modify a single byte in the buffer. */ - offset = raw_buf[10] % buf_len; - dirt = raw_buf[11] ? raw_buf[11] : 1; - raw_buf[offset] ^= dirt; - /* Now read the BIGNUMs back in from raw_buf. */ - if (BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL || - BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL) { - goto builtin_err; - } - - sig_ptr2 = signature; - sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2); - if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1) { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - /* Sanity check: undo the modification and verify signature. */ - raw_buf[offset] ^= dirt; - if (BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL || - BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL) { - goto builtin_err; - } - - sig_ptr2 = signature; - sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2); - if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - BIO_printf(out, "."); - (void)BIO_flush(out); - - BIO_printf(out, " ok\n"); - /* cleanup */ - /* clean bogus errors */ - ERR_clear_error(); - OPENSSL_free(signature); - signature = NULL; - EC_KEY_free(eckey); - eckey = NULL; - EC_KEY_free(wrong_eckey); - wrong_eckey = NULL; - ECDSA_SIG_free(ecdsa_sig); - ecdsa_sig = NULL; - OPENSSL_free(raw_buf); - raw_buf = NULL; - } - - ret = 1; -builtin_err: - if (eckey) { - EC_KEY_free(eckey); - } - if (order) { - BN_free(order); - } - if (wrong_eckey) { - EC_KEY_free(wrong_eckey); - } - if (ecdsa_sig) { - ECDSA_SIG_free(ecdsa_sig); - } - if (signature) { - OPENSSL_free(signature); - } - if (raw_buf) { - OPENSSL_free(raw_buf); - } - - return ret; -} - -int main(void) { - int ret = 1; - BIO *out; - - CRYPTO_library_init(); - ERR_load_crypto_strings(); - - out = BIO_new_fp(stdout, BIO_NOCLOSE); - - if (!test_builtin(out)) - goto err; - - ret = 0; - -err: - if (ret) - BIO_printf(out, "\nECDSA test failed\n"); - else - BIO_printf(out, "\nPASS\n"); - if (ret) - BIO_print_errors(out); - - if (out != NULL) - BIO_free(out); - - return ret; -} diff --git a/src/crypto/ecdsa/ecdsa_test.cc b/src/crypto/ecdsa/ecdsa_test.cc new file mode 100644 index 0000000..a6bd7a1 --- /dev/null +++ b/src/crypto/ecdsa/ecdsa_test.cc @@ -0,0 +1,340 @@ +/* ==================================================================== + * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). */ + +#include + +#include + +#include +#include +#include +#include +#include +#include +#include + +#include "../test/scoped_types.h" +#include "../test/stl_compat.h" + +enum Api { + kEncodedApi, + kRawApi, +}; + +// VerifyECDSASig returns true on success, false on failure. +static bool VerifyECDSASig(Api api, const uint8_t *digest, + size_t digest_len, const ECDSA_SIG *ecdsa_sig, + EC_KEY *eckey, int expected_result) { + int actual_result; + + switch (api) { + case kEncodedApi: { + int sig_len = i2d_ECDSA_SIG(ecdsa_sig, NULL); + if (sig_len <= 0) { + return false; + } + std::vector signature(static_cast(sig_len)); + uint8_t *sig_ptr = bssl::vector_data(&signature); + sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr); + if (sig_len <= 0) { + return false; + } + actual_result = ECDSA_verify(0, digest, digest_len, bssl::vector_data(&signature), + signature.size(), eckey); + break; + } + + case kRawApi: + actual_result = ECDSA_do_verify(digest, digest_len, ecdsa_sig, eckey); + break; + + default: + return false; + } + return expected_result == actual_result; +} + +// TestTamperedSig verifies that signature verification fails when a valid +// signature is tampered with. |ecdsa_sig| must be a valid signature, which will +// be modified. TestTamperedSig returns true on success, false on failure. +static bool TestTamperedSig(FILE *out, Api api, const uint8_t *digest, + size_t digest_len, ECDSA_SIG *ecdsa_sig, + EC_KEY *eckey, const BIGNUM *order) { + // Modify a single byte of the signature: to ensure we don't + // garble the ASN1 structure, we read the raw signature and + // modify a byte in one of the bignums directly. + + // Store the two BIGNUMs in raw_buf. + size_t r_len = BN_num_bytes(ecdsa_sig->r); + size_t s_len = BN_num_bytes(ecdsa_sig->s); + size_t bn_len = BN_num_bytes(order); + if (r_len > bn_len || s_len > bn_len) { + return false; + } + size_t buf_len = 2 * bn_len; + std::vector raw_buf(buf_len); + // Pad the bignums with leading zeroes. + if (!BN_bn2bin_padded(bssl::vector_data(&raw_buf), bn_len, ecdsa_sig->r) || + !BN_bn2bin_padded(bssl::vector_data(&raw_buf) + bn_len, bn_len, + ecdsa_sig->s)) { + return false; + } + + // Modify a single byte in the buffer. + size_t offset = raw_buf[10] % buf_len; + uint8_t dirt = raw_buf[11] ? raw_buf[11] : 1; + raw_buf[offset] ^= dirt; + // Now read the BIGNUMs back in from raw_buf. + if (BN_bin2bn(bssl::vector_data(&raw_buf), bn_len, ecdsa_sig->r) == NULL || + BN_bin2bn(bssl::vector_data(&raw_buf) + bn_len, bn_len, + ecdsa_sig->s) == NULL || + !VerifyECDSASig(api, digest, digest_len, ecdsa_sig, eckey, 0)) { + return false; + } + + // Sanity check: Undo the modification and verify signature. + raw_buf[offset] ^= dirt; + if (BN_bin2bn(bssl::vector_data(&raw_buf), bn_len, ecdsa_sig->r) == NULL || + BN_bin2bn(bssl::vector_data(&raw_buf) + bn_len, bn_len, + ecdsa_sig->s) == NULL || + !VerifyECDSASig(api, digest, digest_len, ecdsa_sig, eckey, 1)) { + return false; + } + + return true; +} + +static bool TestBuiltin(FILE *out) { + // Fill digest values with some random data. + uint8_t digest[20], wrong_digest[20]; + if (!RAND_bytes(digest, 20) || !RAND_bytes(wrong_digest, 20)) { + fprintf(out, "ERROR: unable to get random data\n"); + return false; + } + + static const struct { + int nid; + const char *name; + } kCurves[] = { + { NID_secp224r1, "secp224r1" }, + { NID_X9_62_prime256v1, "secp256r1" }, + { NID_secp384r1, "secp384r1" }, + { NID_secp521r1, "secp521r1" }, + { NID_undef, NULL } + }; + + // Create and verify ECDSA signatures with every available curve. + fputs("\ntesting ECDSA_sign(), ECDSA_verify(), ECDSA_do_sign(), and " + "ECDSA_do_verify() with some internal curves:\n", out); + + for (size_t n = 0; kCurves[n].nid != NID_undef; n++) { + fprintf(out, "%s: ", kCurves[n].name); + + int nid = kCurves[n].nid; + ScopedEC_GROUP group(EC_GROUP_new_by_curve_name(nid)); + if (!group) { + fprintf(out, " failed\n"); + return false; + } + ScopedBIGNUM order(BN_new()); + if (!order || !EC_GROUP_get_order(group.get(), order.get(), NULL)) { + fprintf(out, " failed\n"); + return false; + } + if (BN_num_bits(order.get()) < 160) { + // Too small to test. + fprintf(out, " skipped\n"); + continue; + } + + // Create a new ECDSA key. + ScopedEC_KEY eckey(EC_KEY_new()); + if (!eckey || !EC_KEY_set_group(eckey.get(), group.get()) || + !EC_KEY_generate_key(eckey.get())) { + fprintf(out, " failed\n"); + return false; + } + // Create a second key. + ScopedEC_KEY wrong_eckey(EC_KEY_new()); + if (!wrong_eckey || !EC_KEY_set_group(wrong_eckey.get(), group.get()) || + !EC_KEY_generate_key(wrong_eckey.get())) { + fprintf(out, " failed\n"); + return false; + } + + fprintf(out, "."); + fflush(out); + + // Check the key. + if (!EC_KEY_check_key(eckey.get())) { + fprintf(out, " failed\n"); + return false; + } + fprintf(out, "."); + fflush(out); + + // Test ASN.1-encoded signatures. + // Create a signature. + unsigned sig_len = ECDSA_size(eckey.get()); + std::vector signature(sig_len); + if (!ECDSA_sign(0, digest, 20, bssl::vector_data(&signature), &sig_len, + eckey.get())) { + fprintf(out, " failed\n"); + return false; + } + signature.resize(sig_len); + fprintf(out, "."); + fflush(out); + // Verify the signature. + if (!ECDSA_verify(0, digest, 20, bssl::vector_data(&signature), + signature.size(), eckey.get())) { + fprintf(out, " failed\n"); + return false; + } + fprintf(out, "."); + fflush(out); + // Verify the signature with the wrong key. + if (ECDSA_verify(0, digest, 20, bssl::vector_data(&signature), + signature.size(), wrong_eckey.get())) { + fprintf(out, " failed\n"); + return false; + } + fprintf(out, "."); + fflush(out); + // Verify the signature using the wrong digest. + if (ECDSA_verify(0, wrong_digest, 20, bssl::vector_data(&signature), + signature.size(), eckey.get())) { + fprintf(out, " failed\n"); + return false; + } + fprintf(out, "."); + fflush(out); + // Verify a truncated signature. + if (ECDSA_verify(0, digest, 20, bssl::vector_data(&signature), + signature.size() - 1, eckey.get())) { + fprintf(out, " failed\n"); + return false; + } + fprintf(out, "."); + fflush(out); + // Verify a tampered signature. + const uint8_t *sig_ptr = bssl::vector_data(&signature); + ScopedECDSA_SIG ecdsa_sig(d2i_ECDSA_SIG(NULL, &sig_ptr, signature.size())); + if (!ecdsa_sig || + !TestTamperedSig(out, kEncodedApi, digest, 20, ecdsa_sig.get(), + eckey.get(), order.get())) { + fprintf(out, " failed\n"); + return false; + } + fprintf(out, "."); + fflush(out); + + // Test ECDSA_SIG signing and verification. + // Create a signature. + ecdsa_sig.reset(ECDSA_do_sign(digest, 20, eckey.get())); + if (!ecdsa_sig) { + fprintf(out, " failed\n"); + return false; + } + fprintf(out, "."); + fflush(out); + // Verify the signature using the correct key. + if (!ECDSA_do_verify(digest, 20, ecdsa_sig.get(), eckey.get())) { + fprintf(out, " failed\n"); + return false; + } + fprintf(out, "."); + fflush(out); + // Verify the signature with the wrong key. + if (ECDSA_do_verify(digest, 20, ecdsa_sig.get(), wrong_eckey.get())) { + fprintf(out, " failed\n"); + return false; + } + fprintf(out, "."); + fflush(out); + // Verify the signature using the wrong digest. + if (ECDSA_do_verify(wrong_digest, 20, ecdsa_sig.get(), eckey.get())) { + fprintf(out, " failed\n"); + return false; + } + fprintf(out, "."); + fflush(out); + // Verify a tampered signature. + if (!TestTamperedSig(out, kRawApi, digest, 20, ecdsa_sig.get(), eckey.get(), + order.get())) { + fprintf(out, " failed\n"); + return false; + } + fprintf(out, "."); + fflush(out); + + fprintf(out, " ok\n"); + // Clear bogus errors. + ERR_clear_error(); + } + + return true; +} + +int main(void) { + CRYPTO_library_init(); + ERR_load_crypto_strings(); + + if (!TestBuiltin(stdout)) { + printf("\nECDSA test failed\n"); + ERR_print_errors_fp(stdout); + return 1; + } + + printf("\nPASS\n"); + return 0; +} diff --git a/src/crypto/engine/CMakeLists.txt b/src/crypto/engine/CMakeLists.txt index cea6566..e03650e 100644 --- a/src/crypto/engine/CMakeLists.txt +++ b/src/crypto/engine/CMakeLists.txt @@ -6,5 +6,4 @@ add_library( OBJECT engine.c - engine_error.c ) diff --git a/src/crypto/engine/engine.c b/src/crypto/engine/engine.c index 5b8cf1c..6c3300d 100644 --- a/src/crypto/engine/engine.c +++ b/src/crypto/engine/engine.c @@ -15,6 +15,7 @@ #include #include +#include #include #include @@ -43,33 +44,23 @@ ENGINE *ENGINE_new(void) { } void ENGINE_free(ENGINE *engine) { - if (engine->dh_method != NULL) { - METHOD_unref(engine->dh_method); - } - + /* Methods are currently required to be static so are not unref'ed. */ OPENSSL_free(engine); } /* set_method takes a pointer to a method and its given size and sets - * |*out_member| to point to a copy of it. The copy is |compiled_size| bytes - * long and has zero padding if needed. */ + * |*out_member| to point to it. This function might want to be extended in the + * future to support making a copy of the method so that a stable ABI for + * ENGINEs can be supported. But, for the moment, all *_METHODS must be + * static. */ static int set_method(void **out_member, const void *method, size_t method_size, size_t compiled_size) { - void *copy = OPENSSL_malloc(compiled_size); - if (copy == NULL) { + const struct openssl_method_common_st *common = method; + if (method_size != compiled_size || !common->is_static) { return 0; } - memset(copy, 0, compiled_size); - - if (method_size > compiled_size) { - method_size = compiled_size; - } - memcpy(copy, method, method_size); - - METHOD_unref(*out_member); - *out_member = copy; - + *out_member = (void*) method; return 1; } @@ -114,25 +105,16 @@ ECDSA_METHOD *ENGINE_get_ECDSA_method(const ENGINE *engine) { } void METHOD_ref(void *method_in) { - struct openssl_method_common_st *method = method_in; - - if (method->is_static) { - return; - } - - CRYPTO_add(&method->references, 1, CRYPTO_LOCK_ENGINE); + assert(((struct openssl_method_common_st*) method_in)->is_static); } void METHOD_unref(void *method_in) { struct openssl_method_common_st *method = method_in; - if (method == NULL || method->is_static) { + if (method == NULL) { return; } - - if (CRYPTO_add(&method->references, -1, CRYPTO_LOCK_ENGINE) == 0) { - OPENSSL_free(method); - } + assert(method->is_static); } OPENSSL_DECLARE_ERROR_REASON(ENGINE, OPERATION_NOT_SUPPORTED); diff --git a/src/crypto/engine/engine_error.c b/src/crypto/engine/engine_error.c deleted file mode 100644 index 9f65f70..0000000 --- a/src/crypto/engine/engine_error.c +++ /dev/null @@ -1,22 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#include - -#include - -const ERR_STRING_DATA ENGINE_error_string_data[] = { - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_OPERATION_NOT_SUPPORTED), "OPERATION_NOT_SUPPORTED"}, - {0, NULL}, -}; diff --git a/src/crypto/err/CMakeLists.txt b/src/crypto/err/CMakeLists.txt index 53dccea..89f96bd 100644 --- a/src/crypto/err/CMakeLists.txt +++ b/src/crypto/err/CMakeLists.txt @@ -1,18 +1,49 @@ include_directories(. .. ../../include) +add_custom_command( + OUTPUT err_data.c + COMMAND ${GO_EXECUTABLE} run err_data_generate.go > ${CMAKE_CURRENT_BINARY_DIR}/err_data.c + DEPENDS + err_data_generate.go + asn1.errordata + bio.errordata + bn.errordata + buf.errordata + cipher.errordata + conf.errordata + crypto.errordata + dh.errordata + digest.errordata + dsa.errordata + ecdh.errordata + ecdsa.errordata + ec.errordata + engine.errordata + evp.errordata + hkdf.errordata + obj.errordata + pem.errordata + pkcs8.errordata + rsa.errordata + ssl.errordata + x509.errordata + x509v3.errordata + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} +) + add_library( err OBJECT err.c - err_impl.c + err_data.c ) add_executable( err_test - err_test.c + err_test.cc ) target_link_libraries(err_test crypto) diff --git a/src/crypto/err/asn1.errordata b/src/crypto/err/asn1.errordata new file mode 100644 index 0000000..44b9c73 --- /dev/null +++ b/src/crypto/err/asn1.errordata @@ -0,0 +1,152 @@ +ASN1,function,100,ASN1_BIT_STRING_set_bit +ASN1,function,101,ASN1_ENUMERATED_set +ASN1,function,102,ASN1_ENUMERATED_to_BN +ASN1,function,103,ASN1_GENERALIZEDTIME_adj +ASN1,function,104,ASN1_INTEGER_set +ASN1,function,105,ASN1_INTEGER_to_BN +ASN1,function,106,ASN1_OBJECT_new +ASN1,function,107,ASN1_PCTX_new +ASN1,function,108,ASN1_STRING_TABLE_add +ASN1,function,109,ASN1_STRING_set +ASN1,function,110,ASN1_STRING_type_new +ASN1,function,111,ASN1_TIME_adj +ASN1,function,112,ASN1_UTCTIME_adj +ASN1,function,113,ASN1_d2i_fp +ASN1,function,114,ASN1_dup +ASN1,function,115,ASN1_generate_v3 +ASN1,function,116,ASN1_get_object +ASN1,function,117,ASN1_i2d_bio +ASN1,function,118,ASN1_i2d_fp +ASN1,function,119,ASN1_item_d2i_fp +ASN1,function,120,ASN1_item_dup +ASN1,function,121,ASN1_item_ex_d2i +ASN1,function,122,ASN1_item_i2d_bio +ASN1,function,123,ASN1_item_i2d_fp +ASN1,function,124,ASN1_item_pack +ASN1,function,125,ASN1_item_unpack +ASN1,function,126,ASN1_mbstring_ncopy +ASN1,function,127,ASN1_template_new +ASN1,function,128,BIO_new_NDEF +ASN1,function,129,BN_to_ASN1_ENUMERATED +ASN1,function,130,BN_to_ASN1_INTEGER +ASN1,function,131,a2d_ASN1_OBJECT +ASN1,function,132,a2i_ASN1_ENUMERATED +ASN1,function,133,a2i_ASN1_INTEGER +ASN1,function,134,a2i_ASN1_STRING +ASN1,function,135,append_exp +ASN1,function,136,asn1_cb +ASN1,function,137,asn1_check_tlen +ASN1,function,138,asn1_collate_primitive +ASN1,function,139,asn1_collect +ASN1,function,140,asn1_d2i_ex_primitive +ASN1,function,141,asn1_d2i_read_bio +ASN1,function,142,asn1_do_adb +ASN1,function,143,asn1_ex_c2i +ASN1,function,144,asn1_find_end +ASN1,function,145,asn1_item_ex_combine_new +ASN1,function,146,asn1_str2type +ASN1,function,147,asn1_template_ex_d2i +ASN1,function,148,asn1_template_noexp_d2i +ASN1,function,149,bitstr_cb +ASN1,function,150,c2i_ASN1_BIT_STRING +ASN1,function,151,c2i_ASN1_INTEGER +ASN1,function,152,c2i_ASN1_OBJECT +ASN1,function,153,collect_data +ASN1,function,154,d2i_ASN1_BOOLEAN +ASN1,function,155,d2i_ASN1_OBJECT +ASN1,function,156,d2i_ASN1_UINTEGER +ASN1,function,157,d2i_ASN1_UTCTIME +ASN1,function,158,d2i_ASN1_bytes +ASN1,function,159,d2i_ASN1_type_bytes +ASN1,function,160,i2d_ASN1_TIME +ASN1,function,161,i2d_PrivateKey +ASN1,function,162,long_c2i +ASN1,function,163,parse_tagging +ASN1,reason,100,ASN1_LENGTH_MISMATCH +ASN1,reason,101,AUX_ERROR +ASN1,reason,102,BAD_GET_ASN1_OBJECT_CALL +ASN1,reason,103,BAD_OBJECT_HEADER +ASN1,reason,104,BMPSTRING_IS_WRONG_LENGTH +ASN1,reason,105,BN_LIB +ASN1,reason,106,BOOLEAN_IS_WRONG_LENGTH +ASN1,reason,107,BUFFER_TOO_SMALL +ASN1,reason,108,DECODE_ERROR +ASN1,reason,109,DEPTH_EXCEEDED +ASN1,reason,110,ENCODE_ERROR +ASN1,reason,111,ERROR_GETTING_TIME +ASN1,reason,112,EXPECTING_AN_ASN1_SEQUENCE +ASN1,reason,113,EXPECTING_AN_INTEGER +ASN1,reason,114,EXPECTING_AN_OBJECT +ASN1,reason,115,EXPECTING_A_BOOLEAN +ASN1,reason,116,EXPECTING_A_TIME +ASN1,reason,117,EXPLICIT_LENGTH_MISMATCH +ASN1,reason,118,EXPLICIT_TAG_NOT_CONSTRUCTED +ASN1,reason,119,FIELD_MISSING +ASN1,reason,120,FIRST_NUM_TOO_LARGE +ASN1,reason,121,HEADER_TOO_LONG +ASN1,reason,122,ILLEGAL_BITSTRING_FORMAT +ASN1,reason,123,ILLEGAL_BOOLEAN +ASN1,reason,124,ILLEGAL_CHARACTERS +ASN1,reason,125,ILLEGAL_FORMAT +ASN1,reason,126,ILLEGAL_HEX +ASN1,reason,127,ILLEGAL_IMPLICIT_TAG +ASN1,reason,128,ILLEGAL_INTEGER +ASN1,reason,129,ILLEGAL_NESTED_TAGGING +ASN1,reason,130,ILLEGAL_NULL +ASN1,reason,131,ILLEGAL_NULL_VALUE +ASN1,reason,132,ILLEGAL_OBJECT +ASN1,reason,133,ILLEGAL_OPTIONAL_ANY +ASN1,reason,134,ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE +ASN1,reason,135,ILLEGAL_TAGGED_ANY +ASN1,reason,136,ILLEGAL_TIME_VALUE +ASN1,reason,137,INTEGER_NOT_ASCII_FORMAT +ASN1,reason,138,INTEGER_TOO_LARGE_FOR_LONG +ASN1,reason,139,INVALID_BIT_STRING_BITS_LEFT +ASN1,reason,140,INVALID_BMPSTRING_LENGTH +ASN1,reason,141,INVALID_DIGIT +ASN1,reason,142,INVALID_MODIFIER +ASN1,reason,143,INVALID_NUMBER +ASN1,reason,144,INVALID_OBJECT_ENCODING +ASN1,reason,145,INVALID_SEPARATOR +ASN1,reason,146,INVALID_TIME_FORMAT +ASN1,reason,147,INVALID_UNIVERSALSTRING_LENGTH +ASN1,reason,148,INVALID_UTF8STRING +ASN1,reason,149,LIST_ERROR +ASN1,reason,150,MALLOC_FAILURE +ASN1,reason,151,MISSING_ASN1_EOS +ASN1,reason,152,MISSING_EOC +ASN1,reason,153,MISSING_SECOND_NUMBER +ASN1,reason,154,MISSING_VALUE +ASN1,reason,155,MSTRING_NOT_UNIVERSAL +ASN1,reason,156,MSTRING_WRONG_TAG +ASN1,reason,157,NESTED_ASN1_ERROR +ASN1,reason,158,NESTED_ASN1_STRING +ASN1,reason,159,NON_HEX_CHARACTERS +ASN1,reason,160,NOT_ASCII_FORMAT +ASN1,reason,161,NOT_ENOUGH_DATA +ASN1,reason,162,NO_MATCHING_CHOICE_TYPE +ASN1,reason,163,NULL_IS_WRONG_LENGTH +ASN1,reason,164,OBJECT_NOT_ASCII_FORMAT +ASN1,reason,165,ODD_NUMBER_OF_CHARS +ASN1,reason,166,SECOND_NUMBER_TOO_LARGE +ASN1,reason,167,SEQUENCE_LENGTH_MISMATCH +ASN1,reason,168,SEQUENCE_NOT_CONSTRUCTED +ASN1,reason,169,SEQUENCE_OR_SET_NEEDS_CONFIG +ASN1,reason,170,SHORT_LINE +ASN1,reason,171,STREAMING_NOT_SUPPORTED +ASN1,reason,172,STRING_TOO_LONG +ASN1,reason,173,STRING_TOO_SHORT +ASN1,reason,174,TAG_VALUE_TOO_HIGH +ASN1,reason,175,TIME_NOT_ASCII_FORMAT +ASN1,reason,176,TOO_LONG +ASN1,reason,177,TYPE_NOT_CONSTRUCTED +ASN1,reason,178,TYPE_NOT_PRIMITIVE +ASN1,reason,179,UNEXPECTED_EOC +ASN1,reason,180,UNIVERSALSTRING_IS_WRONG_LENGTH +ASN1,reason,181,UNKNOWN_FORMAT +ASN1,reason,182,UNKNOWN_TAG +ASN1,reason,183,UNSUPPORTED_ANY_DEFINED_BY_TYPE +ASN1,reason,184,UNSUPPORTED_PUBLIC_KEY_TYPE +ASN1,reason,185,UNSUPPORTED_TYPE +ASN1,reason,186,WRONG_TAG +ASN1,reason,187,WRONG_TYPE diff --git a/src/crypto/err/bio.errordata b/src/crypto/err/bio.errordata new file mode 100644 index 0000000..cd7286a --- /dev/null +++ b/src/crypto/err/bio.errordata @@ -0,0 +1,35 @@ +BIO,function,100,BIO_callback_ctrl +BIO,function,101,BIO_ctrl +BIO,function,102,BIO_new +BIO,function,103,BIO_new_file +BIO,function,104,BIO_new_mem_buf +BIO,function,105,BIO_zero_copy_get_read_buf +BIO,function,106,BIO_zero_copy_get_read_buf_done +BIO,function,107,BIO_zero_copy_get_write_buf +BIO,function,108,BIO_zero_copy_get_write_buf_done +BIO,function,109,bio_io +BIO,function,110,bio_make_pair +BIO,function,111,bio_write +BIO,function,112,buffer_ctrl +BIO,function,113,conn_ctrl +BIO,function,114,conn_state +BIO,function,115,file_ctrl +BIO,function,116,file_read +BIO,function,117,mem_write +BIO,reason,100,BAD_FOPEN_MODE +BIO,reason,101,BROKEN_PIPE +BIO,reason,102,CONNECT_ERROR +BIO,reason,103,ERROR_SETTING_NBIO +BIO,reason,104,INVALID_ARGUMENT +BIO,reason,105,IN_USE +BIO,reason,106,KEEPALIVE +BIO,reason,107,NBIO_CONNECT_ERROR +BIO,reason,108,NO_HOSTNAME_SPECIFIED +BIO,reason,109,NO_PORT_SPECIFIED +BIO,reason,110,NO_SUCH_FILE +BIO,reason,111,NULL_PARAMETER +BIO,reason,112,SYS_LIB +BIO,reason,113,UNABLE_TO_CREATE_SOCKET +BIO,reason,114,UNINITIALIZED +BIO,reason,115,UNSUPPORTED_METHOD +BIO,reason,116,WRITE_TO_READ_ONLY_BIO diff --git a/src/crypto/err/bn.errordata b/src/crypto/err/bn.errordata new file mode 100644 index 0000000..ab74073 --- /dev/null +++ b/src/crypto/err/bn.errordata @@ -0,0 +1,42 @@ +BN,function,100,BN_CTX_get +BN,function,101,BN_CTX_new +BN,function,102,BN_CTX_start +BN,function,103,BN_bn2dec +BN,function,104,BN_bn2hex +BN,function,105,BN_div +BN,function,106,BN_div_recp +BN,function,107,BN_exp +BN,function,108,BN_generate_dsa_nonce +BN,function,109,BN_generate_prime_ex +BN,function,110,BN_mod_exp2_mont +BN,function,111,BN_mod_exp_mont +BN,function,112,BN_mod_exp_mont_consttime +BN,function,113,BN_mod_exp_mont_word +BN,function,114,BN_mod_inverse +BN,function,115,BN_mod_inverse_no_branch +BN,function,116,BN_mod_lshift_quick +BN,function,117,BN_mod_sqrt +BN,function,118,BN_new +BN,function,119,BN_rand +BN,function,120,BN_rand_range +BN,function,121,BN_sqrt +BN,function,122,BN_usub +BN,function,123,bn_wexpand +BN,function,124,mod_exp_recp +BN,reason,100,ARG2_LT_ARG3 +BN,reason,101,BAD_RECIPROCAL +BN,reason,102,BIGNUM_TOO_LONG +BN,reason,103,BITS_TOO_SMALL +BN,reason,104,CALLED_WITH_EVEN_MODULUS +BN,reason,105,DIV_BY_ZERO +BN,reason,106,EXPAND_ON_STATIC_BIGNUM_DATA +BN,reason,107,INPUT_NOT_REDUCED +BN,reason,108,INVALID_RANGE +BN,reason,109,NEGATIVE_NUMBER +BN,reason,110,NOT_A_SQUARE +BN,reason,111,NOT_INITIALIZED +BN,reason,112,NO_INVERSE +BN,reason,113,PRIVATE_KEY_TOO_LARGE +BN,reason,114,P_IS_NOT_PRIME +BN,reason,115,TOO_MANY_ITERATIONS +BN,reason,116,TOO_MANY_TEMPORARY_VARIABLES diff --git a/src/crypto/err/buf.errordata b/src/crypto/err/buf.errordata new file mode 100644 index 0000000..01b6c9a --- /dev/null +++ b/src/crypto/err/buf.errordata @@ -0,0 +1,4 @@ +BUF,function,100,BUF_MEM_new +BUF,function,101,BUF_memdup +BUF,function,102,BUF_strndup +BUF,function,103,buf_mem_grow diff --git a/src/crypto/err/cipher.errordata b/src/crypto/err/cipher.errordata new file mode 100644 index 0000000..ce8459b --- /dev/null +++ b/src/crypto/err/cipher.errordata @@ -0,0 +1,60 @@ +CIPHER,function,100,EVP_AEAD_CTX_init +CIPHER,function,131,EVP_AEAD_CTX_init_with_direction +CIPHER,function,101,EVP_AEAD_CTX_open +CIPHER,function,102,EVP_AEAD_CTX_seal +CIPHER,function,103,EVP_CIPHER_CTX_copy +CIPHER,function,104,EVP_CIPHER_CTX_ctrl +CIPHER,function,105,EVP_CIPHER_CTX_set_key_length +CIPHER,function,106,EVP_CipherInit_ex +CIPHER,function,107,EVP_DecryptFinal_ex +CIPHER,function,108,EVP_EncryptFinal_ex +CIPHER,function,132,aead_aes_ctr_hmac_sha256_init +CIPHER,function,133,aead_aes_ctr_hmac_sha256_open +CIPHER,function,134,aead_aes_ctr_hmac_sha256_seal +CIPHER,function,109,aead_aes_gcm_init +CIPHER,function,110,aead_aes_gcm_open +CIPHER,function,111,aead_aes_gcm_seal +CIPHER,function,112,aead_aes_key_wrap_init +CIPHER,function,113,aead_aes_key_wrap_open +CIPHER,function,114,aead_aes_key_wrap_seal +CIPHER,function,115,aead_chacha20_poly1305_init +CIPHER,function,116,aead_chacha20_poly1305_open +CIPHER,function,117,aead_chacha20_poly1305_seal +CIPHER,function,118,aead_rc4_md5_tls_init +CIPHER,function,119,aead_rc4_md5_tls_open +CIPHER,function,120,aead_rc4_md5_tls_seal +CIPHER,function,121,aead_ssl3_ensure_cipher_init +CIPHER,function,122,aead_ssl3_init +CIPHER,function,123,aead_ssl3_open +CIPHER,function,124,aead_ssl3_seal +CIPHER,function,125,aead_tls_ensure_cipher_init +CIPHER,function,126,aead_tls_init +CIPHER,function,127,aead_tls_open +CIPHER,function,128,aead_tls_seal +CIPHER,function,129,aes_init_key +CIPHER,function,130,aesni_init_key +CIPHER,reason,100,AES_KEY_SETUP_FAILED +CIPHER,reason,101,BAD_DECRYPT +CIPHER,reason,102,BAD_KEY_LENGTH +CIPHER,reason,103,BUFFER_TOO_SMALL +CIPHER,reason,104,CTRL_NOT_IMPLEMENTED +CIPHER,reason,105,CTRL_OPERATION_NOT_IMPLEMENTED +CIPHER,reason,106,DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH +CIPHER,reason,107,INITIALIZATION_ERROR +CIPHER,reason,108,INPUT_NOT_INITIALIZED +CIPHER,reason,109,INVALID_AD_SIZE +CIPHER,reason,110,INVALID_KEY_LENGTH +CIPHER,reason,111,INVALID_NONCE_SIZE +CIPHER,reason,112,INVALID_OPERATION +CIPHER,reason,113,IV_TOO_LARGE +CIPHER,reason,114,NO_CIPHER_SET +CIPHER,reason,124,NO_DIRECTION_SET +CIPHER,reason,115,OUTPUT_ALIASES_INPUT +CIPHER,reason,116,TAG_TOO_LARGE +CIPHER,reason,117,TOO_LARGE +CIPHER,reason,118,UNSUPPORTED_AD_SIZE +CIPHER,reason,119,UNSUPPORTED_INPUT_SIZE +CIPHER,reason,120,UNSUPPORTED_KEY_SIZE +CIPHER,reason,121,UNSUPPORTED_NONCE_SIZE +CIPHER,reason,122,UNSUPPORTED_TAG_SIZE +CIPHER,reason,123,WRONG_FINAL_BLOCK_LENGTH diff --git a/src/crypto/err/conf.errordata b/src/crypto/err/conf.errordata new file mode 100644 index 0000000..0b96a32 --- /dev/null +++ b/src/crypto/err/conf.errordata @@ -0,0 +1,10 @@ +CONF,function,100,CONF_parse_list +CONF,function,101,NCONF_load +CONF,function,102,def_load_bio +CONF,function,103,str_copy +CONF,reason,100,LIST_CANNOT_BE_NULL +CONF,reason,101,MISSING_CLOSE_SQUARE_BRACKET +CONF,reason,102,MISSING_EQUAL_SIGN +CONF,reason,103,NO_CLOSE_BRACE +CONF,reason,104,UNABLE_TO_CREATE_NEW_SECTION +CONF,reason,105,VARIABLE_HAS_NO_VALUE diff --git a/src/crypto/err/crypto.errordata b/src/crypto/err/crypto.errordata new file mode 100644 index 0000000..1e0e9d5 --- /dev/null +++ b/src/crypto/err/crypto.errordata @@ -0,0 +1,4 @@ +CRYPTO,function,100,CRYPTO_get_ex_new_index +CRYPTO,function,101,CRYPTO_set_ex_data +CRYPTO,function,102,get_class +CRYPTO,function,103,get_func_pointers diff --git a/src/crypto/err/dh.errordata b/src/crypto/err/dh.errordata new file mode 100644 index 0000000..1fd675b --- /dev/null +++ b/src/crypto/err/dh.errordata @@ -0,0 +1,8 @@ +DH,function,100,DH_new_method +DH,function,101,compute_key +DH,function,102,generate_key +DH,function,103,generate_parameters +DH,reason,100,BAD_GENERATOR +DH,reason,101,INVALID_PUBKEY +DH,reason,102,MODULUS_TOO_LARGE +DH,reason,103,NO_PRIVATE_VALUE diff --git a/src/crypto/err/digest.errordata b/src/crypto/err/digest.errordata new file mode 100644 index 0000000..95a3622 --- /dev/null +++ b/src/crypto/err/digest.errordata @@ -0,0 +1,3 @@ +DIGEST,function,100,EVP_DigestInit_ex +DIGEST,function,101,EVP_MD_CTX_copy_ex +DIGEST,reason,100,INPUT_NOT_INITIALIZED diff --git a/src/crypto/err/dsa.errordata b/src/crypto/err/dsa.errordata new file mode 100644 index 0000000..c2dff23 --- /dev/null +++ b/src/crypto/err/dsa.errordata @@ -0,0 +1,9 @@ +DSA,function,100,DSA_new_method +DSA,function,101,dsa_sig_cb +DSA,function,102,sign +DSA,function,103,sign_setup +DSA,function,104,verify +DSA,reason,100,BAD_Q_VALUE +DSA,reason,101,MISSING_PARAMETERS +DSA,reason,102,MODULUS_TOO_LARGE +DSA,reason,103,NEED_NEW_SETUP_VALUES diff --git a/src/crypto/err/ec.errordata b/src/crypto/err/ec.errordata new file mode 100644 index 0000000..3b815c8 --- /dev/null +++ b/src/crypto/err/ec.errordata @@ -0,0 +1,93 @@ +EC,function,159,BN_to_felem +EC,function,100,EC_GROUP_copy +EC,function,101,EC_GROUP_get_curve_GFp +EC,function,102,EC_GROUP_get_degree +EC,function,103,EC_GROUP_new_by_curve_name +EC,function,104,EC_KEY_check_key +EC,function,105,EC_KEY_copy +EC,function,106,EC_KEY_generate_key +EC,function,107,EC_KEY_new_method +EC,function,108,EC_KEY_set_public_key_affine_coordinates +EC,function,109,EC_POINT_add +EC,function,110,EC_POINT_cmp +EC,function,111,EC_POINT_copy +EC,function,112,EC_POINT_dbl +EC,function,113,EC_POINT_dup +EC,function,114,EC_POINT_get_affine_coordinates_GFp +EC,function,115,EC_POINT_invert +EC,function,116,EC_POINT_is_at_infinity +EC,function,117,EC_POINT_is_on_curve +EC,function,118,EC_POINT_make_affine +EC,function,119,EC_POINT_new +EC,function,120,EC_POINT_oct2point +EC,function,121,EC_POINT_point2oct +EC,function,122,EC_POINT_set_affine_coordinates_GFp +EC,function,123,EC_POINT_set_compressed_coordinates_GFp +EC,function,124,EC_POINT_set_to_infinity +EC,function,125,EC_POINTs_make_affine +EC,function,126,compute_wNAF +EC,function,127,d2i_ECPKParameters +EC,function,128,d2i_ECParameters +EC,function,129,d2i_ECPrivateKey +EC,function,130,ec_GFp_mont_field_decode +EC,function,131,ec_GFp_mont_field_encode +EC,function,132,ec_GFp_mont_field_mul +EC,function,133,ec_GFp_mont_field_set_to_one +EC,function,134,ec_GFp_mont_field_sqr +EC,function,135,ec_GFp_mont_group_set_curve +EC,function,160,ec_GFp_nistp256_group_set_curve +EC,function,161,ec_GFp_nistp256_point_get_affine_coordinates +EC,function,162,ec_GFp_nistp256_points_mul +EC,function,136,ec_GFp_simple_group_check_discriminant +EC,function,137,ec_GFp_simple_group_set_curve +EC,function,138,ec_GFp_simple_make_affine +EC,function,139,ec_GFp_simple_oct2point +EC,function,140,ec_GFp_simple_point2oct +EC,function,141,ec_GFp_simple_point_get_affine_coordinates +EC,function,142,ec_GFp_simple_point_set_affine_coordinates +EC,function,143,ec_GFp_simple_points_make_affine +EC,function,144,ec_GFp_simple_set_compressed_coordinates +EC,function,145,ec_asn1_group2pkparameters +EC,function,146,ec_asn1_pkparameters2group +EC,function,163,ec_group_copy +EC,function,147,ec_group_new +EC,function,148,ec_group_new_curve_GFp +EC,function,149,ec_group_new_from_data +EC,function,150,ec_point_set_Jprojective_coordinates_GFp +EC,function,151,ec_pre_comp_new +EC,function,152,ec_wNAF_mul +EC,function,153,ec_wNAF_precompute_mult +EC,function,154,i2d_ECPKParameters +EC,function,155,i2d_ECParameters +EC,function,156,i2d_ECPrivateKey +EC,function,157,i2o_ECPublicKey +EC,function,164,nistp256_pre_comp_new +EC,function,158,o2i_ECPublicKey +EC,reason,126,BIGNUM_OUT_OF_RANGE +EC,reason,100,BUFFER_TOO_SMALL +EC,reason,101,COORDINATES_OUT_OF_RANGE +EC,reason,102,D2I_ECPKPARAMETERS_FAILURE +EC,reason,103,EC_GROUP_NEW_BY_NAME_FAILURE +EC,reason,104,GROUP2PKPARAMETERS_FAILURE +EC,reason,105,I2D_ECPKPARAMETERS_FAILURE +EC,reason,106,INCOMPATIBLE_OBJECTS +EC,reason,107,INVALID_COMPRESSED_POINT +EC,reason,108,INVALID_COMPRESSION_BIT +EC,reason,109,INVALID_ENCODING +EC,reason,110,INVALID_FIELD +EC,reason,111,INVALID_FORM +EC,reason,112,INVALID_GROUP_ORDER +EC,reason,113,INVALID_PRIVATE_KEY +EC,reason,114,MISSING_PARAMETERS +EC,reason,115,MISSING_PRIVATE_KEY +EC,reason,116,NON_NAMED_CURVE +EC,reason,117,NOT_INITIALIZED +EC,reason,118,PKPARAMETERS2GROUP_FAILURE +EC,reason,119,POINT_AT_INFINITY +EC,reason,120,POINT_IS_NOT_ON_CURVE +EC,reason,121,SLOT_FULL +EC,reason,122,UNDEFINED_GENERATOR +EC,reason,123,UNKNOWN_GROUP +EC,reason,124,UNKNOWN_ORDER +EC,reason,127,WRONG_CURVE_PARAMETERS +EC,reason,125,WRONG_ORDER diff --git a/src/crypto/err/ecdh.errordata b/src/crypto/err/ecdh.errordata new file mode 100644 index 0000000..0f1215e --- /dev/null +++ b/src/crypto/err/ecdh.errordata @@ -0,0 +1,4 @@ +ECDH,function,100,ECDH_compute_key +ECDH,reason,100,KDF_FAILED +ECDH,reason,101,NO_PRIVATE_VALUE +ECDH,reason,102,POINT_ARITHMETIC_FAILURE diff --git a/src/crypto/err/ecdsa.errordata b/src/crypto/err/ecdsa.errordata new file mode 100644 index 0000000..97c213e --- /dev/null +++ b/src/crypto/err/ecdsa.errordata @@ -0,0 +1,10 @@ +ECDSA,function,100,ECDSA_do_sign_ex +ECDSA,function,101,ECDSA_do_verify +ECDSA,function,102,ECDSA_sign_ex +ECDSA,function,103,digest_to_bn +ECDSA,function,104,ecdsa_sign_setup +ECDSA,reason,100,BAD_SIGNATURE +ECDSA,reason,101,MISSING_PARAMETERS +ECDSA,reason,102,NEED_NEW_SETUP_VALUES +ECDSA,reason,103,NOT_IMPLEMENTED +ECDSA,reason,104,RANDOM_NUMBER_GENERATION_FAILED diff --git a/src/crypto/err/engine.errordata b/src/crypto/err/engine.errordata new file mode 100644 index 0000000..1185e88 --- /dev/null +++ b/src/crypto/err/engine.errordata @@ -0,0 +1 @@ +ENGINE,reason,100,OPERATION_NOT_SUPPORTED diff --git a/src/crypto/err/err.c b/src/crypto/err/err.c index 55b1363..b879a22 100644 --- a/src/crypto/err/err.c +++ b/src/crypto/err/err.c @@ -111,8 +111,6 @@ #include #include #include -#include -#include #include #if defined(OPENSSL_WINDOWS) @@ -121,37 +119,23 @@ #pragma warning(pop) #endif -#include #include #include +#include "../internal.h" -/* err_fns contains a pointer to the current error implementation. */ -static const struct ERR_FNS_st *err_fns = NULL; -extern const struct ERR_FNS_st openssl_err_default_impl; -#define ERRFN(a) err_fns->a +extern const uint32_t kOpenSSLFunctionValues[]; +extern const size_t kOpenSSLFunctionValuesLen; +extern const char kOpenSSLFunctionStringData[]; -/* err_fns_check is an internal function that checks whether "err_fns" is set - * and if not, sets it to the default. */ -static void err_fns_check(void) { - /* In practice, this is not a race problem because loading the error strings - * at init time will cause this pointer to be set before the process goes - * multithreaded. */ - if (err_fns) { - return; - } - - CRYPTO_w_lock(CRYPTO_LOCK_ERR); - if (!err_fns) { - err_fns = &openssl_err_default_impl; - } - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); -} +extern const uint32_t kOpenSSLReasonValues[]; +extern const size_t kOpenSSLReasonValuesLen; +extern const char kOpenSSLReasonStringData[]; /* err_clear_data frees the optional |data| member of the given error. */ static void err_clear_data(struct err_error_st *error) { - if (error->data != NULL && (error->flags & ERR_FLAG_MALLOCED) != 0) { + if ((error->flags & ERR_FLAG_MALLOCED) != 0) { OPENSSL_free(error->data); } error->data = NULL; @@ -164,10 +148,45 @@ static void err_clear(struct err_error_st *error) { memset(error, 0, sizeof(struct err_error_st)); } +/* global_next_library contains the next custom library value to return. */ +static int global_next_library = ERR_NUM_LIBS; + +/* global_next_library_mutex protects |global_next_library| from concurrent + * updates. */ +static struct CRYPTO_STATIC_MUTEX global_next_library_mutex = + CRYPTO_STATIC_MUTEX_INIT; + +static void err_state_free(void *statep) { + ERR_STATE *state = statep; + + if (state == NULL) { + return; + } + + unsigned i; + for (i = 0; i < ERR_NUM_ERRORS; i++) { + err_clear(&state->errors[i]); + } + OPENSSL_free(state->to_free); + OPENSSL_free(state); +} + /* err_get_state gets the ERR_STATE object for the current thread. */ static ERR_STATE *err_get_state(void) { - err_fns_check(); - return ERRFN(get_state)(); + ERR_STATE *state = CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_ERR); + if (state == NULL) { + state = OPENSSL_malloc(sizeof(ERR_STATE)); + if (state == NULL) { + return NULL; + } + memset(state, 0, sizeof(ERR_STATE)); + if (!CRYPTO_set_thread_local(OPENSSL_THREAD_LOCAL_ERR, state, + err_state_free)) { + return NULL; + } + } + + return state; } static uint32_t get_error_values(int inc, int top, const char **file, int *line, @@ -221,9 +240,7 @@ static uint32_t get_error_values(int inc, int top, const char **file, int *line, * error queue. */ if (inc) { if (error->flags & ERR_FLAG_MALLOCED) { - if (state->to_free) { - OPENSSL_free(state->to_free); - } + OPENSSL_free(state->to_free); state->to_free = error->data; } error->data = NULL; @@ -291,47 +308,29 @@ void ERR_clear_error(void) { for (i = 0; i < ERR_NUM_ERRORS; i++) { err_clear(&state->errors[i]); } - if (state->to_free) { - OPENSSL_free(state->to_free); - state->to_free = NULL; - } + OPENSSL_free(state->to_free); + state->to_free = NULL; state->top = state->bottom = 0; } -static void err_state_free(ERR_STATE *state) { - unsigned i; - - for (i = 0; i < ERR_NUM_ERRORS; i++) { - err_clear(&state->errors[i]); - } - if (state->to_free) { - OPENSSL_free(state->to_free); - } - OPENSSL_free(state); -} - void ERR_remove_thread_state(const CRYPTO_THREADID *tid) { - CRYPTO_THREADID current; - ERR_STATE *state; - - if (tid == NULL) { - CRYPTO_THREADID_current(¤t); - tid = ¤t; - } - - err_fns_check(); - state = ERRFN(release_state)(tid); - if (state == NULL) { + if (tid != NULL) { + assert(0); return; } - err_state_free(state); + ERR_clear_error(); } int ERR_get_next_error_library(void) { - err_fns_check(); - return ERRFN(get_next_library)(); + int ret; + + CRYPTO_STATIC_MUTEX_lock_write(&global_next_library_mutex); + ret = global_next_library++; + CRYPTO_STATIC_MUTEX_unlock(&global_next_library_mutex); + + return ret; } void ERR_clear_system_error(void) { @@ -423,53 +422,177 @@ void ERR_error_string_n(uint32_t packed_error, char *buf, size_t len) { } } -/* err_component_error_string returns the error string associated with - * |packed_error|, which must be of a special form matching the keys inserted - * into the error hash table. */ -static const char *err_component_error_string(uint32_t packed_error) { - ERR_STRING_DATA *p; +// err_string_cmp is a compare function for searching error values with +// |bsearch| in |err_string_lookup|. +static int err_string_cmp(const void *a, const void *b) { + const uint32_t a_key = *((const uint32_t*) a) >> 15; + const uint32_t b_key = *((const uint32_t*) b) >> 15; - err_fns_check(); - p = ERRFN(get_item)(packed_error); + if (a_key < b_key) { + return -1; + } else if (a_key > b_key) { + return 1; + } else { + return 0; + } +} - if (p == NULL) { +/* err_string_lookup looks up the string associated with |lib| and |key| in + * |values| and |string_data|. It returns the string or NULL if not found. */ +static const char *err_string_lookup(uint32_t lib, uint32_t key, + const uint32_t *values, + size_t num_values, + const char *string_data) { + /* |values| points to data in err_data.h, which is generated by + * err_data_generate.go. It's an array of uint32_t values. Each value has the + * following structure: + * | lib | key | offset | + * |6 bits| 11 bits | 15 bits | + * + * The |lib| value is a library identifier: one of the |ERR_LIB_*| values. + * The |key| is either a function or a reason code, depending on the context. + * The |offset| is the number of bytes from the start of |string_data| where + * the (NUL terminated) string for this value can be found. + * + * Values are sorted based on treating the |lib| and |key| part as an + * unsigned integer. */ + if (lib >= (1 << 6) || key >= (1 << 11)) { return NULL; } - return p->string; + uint32_t search_key = lib << 26 | key << 15; + const uint32_t *result = bsearch(&search_key, values, num_values, + sizeof(uint32_t), err_string_cmp); + if (result == NULL) { + return NULL; + } + + return &string_data[(*result) & 0x7fff]; } +static const char *const kLibraryNames[ERR_NUM_LIBS] = { + "invalid library (0)", + "unknown library", /* ERR_LIB_NONE */ + "system library", /* ERR_LIB_SYS */ + "bignum routines", /* ERR_LIB_BN */ + "RSA routines", /* ERR_LIB_RSA */ + "Diffie-Hellman routines", /* ERR_LIB_DH */ + "public key routines", /* ERR_LIB_EVP */ + "memory buffer routines", /* ERR_LIB_BUF */ + "object identifier routines", /* ERR_LIB_OBJ */ + "PEM routines", /* ERR_LIB_PEM */ + "DSA routines", /* ERR_LIB_DSA */ + "X.509 certificate routines", /* ERR_LIB_X509 */ + "ASN.1 encoding routines", /* ERR_LIB_ASN1 */ + "configuration file routines", /* ERR_LIB_CONF */ + "common libcrypto routines", /* ERR_LIB_CRYPTO */ + "elliptic curve routines", /* ERR_LIB_EC */ + "SSL routines", /* ERR_LIB_SSL */ + "BIO routines", /* ERR_LIB_BIO */ + "PKCS7 routines", /* ERR_LIB_PKCS7 */ + "PKCS8 routines", /* ERR_LIB_PKCS8 */ + "X509 V3 routines", /* ERR_LIB_X509V3 */ + "random number generator", /* ERR_LIB_RAND */ + "ENGINE routines", /* ERR_LIB_ENGINE */ + "OCSP routines", /* ERR_LIB_OCSP */ + "UI routines", /* ERR_LIB_UI */ + "COMP routines", /* ERR_LIB_COMP */ + "ECDSA routines", /* ERR_LIB_ECDSA */ + "ECDH routines", /* ERR_LIB_ECDH */ + "HMAC routines", /* ERR_LIB_HMAC */ + "Digest functions", /* ERR_LIB_DIGEST */ + "Cipher functions", /* ERR_LIB_CIPHER */ + "User defined functions", /* ERR_LIB_USER */ + "HKDF functions", /* ERR_LIB_HKDF */ +}; + const char *ERR_lib_error_string(uint32_t packed_error) { - return err_component_error_string(ERR_PACK(ERR_GET_LIB(packed_error), 0, 0)); + const uint32_t lib = ERR_GET_LIB(packed_error); + + if (lib >= ERR_NUM_LIBS) { + return NULL; + } + return kLibraryNames[lib]; } const char *ERR_func_error_string(uint32_t packed_error) { - return err_component_error_string( - ERR_PACK(ERR_GET_LIB(packed_error), ERR_GET_FUNC(packed_error), 0)); + const uint32_t lib = ERR_GET_LIB(packed_error); + const uint32_t func = ERR_GET_FUNC(packed_error); + + if (lib == ERR_LIB_SYS) { + switch (func) { + case SYS_F_fopen: + return "fopen"; + case SYS_F_fclose: + return "fclose"; + case SYS_F_fread: + return "fread"; + case SYS_F_fwrite: + return "fwrite"; + case SYS_F_socket: + return "socket"; + case SYS_F_setsockopt: + return "setsockopt"; + case SYS_F_connect: + return "connect"; + case SYS_F_getaddrinfo: + return "getaddrinfo"; + default: + return NULL; + } + } + + return err_string_lookup(ERR_GET_LIB(packed_error), + ERR_GET_FUNC(packed_error), kOpenSSLFunctionValues, + kOpenSSLFunctionValuesLen, + kOpenSSLFunctionStringData); } const char *ERR_reason_error_string(uint32_t packed_error) { - const char *reason_str = err_component_error_string( - ERR_PACK(ERR_GET_LIB(packed_error), 0, ERR_GET_REASON(packed_error))); + const uint32_t lib = ERR_GET_LIB(packed_error); + const uint32_t reason = ERR_GET_REASON(packed_error); - if (reason_str != NULL) { - return reason_str; + if (lib == ERR_LIB_SYS) { + if (reason < 127) { + return strerror(reason); + } + return NULL; } - return err_component_error_string( - ERR_PACK(0, 0, ERR_GET_REASON(packed_error))); + if (reason < ERR_NUM_LIBS) { + return kLibraryNames[reason]; + } + + if (reason < 100) { + switch (reason) { + case ERR_R_MALLOC_FAILURE: + return "malloc failure"; + case ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED: + return "function should not have been called"; + case ERR_R_PASSED_NULL_PARAMETER: + return "passed a null parameter"; + case ERR_R_INTERNAL_ERROR: + return "internal error"; + case ERR_R_OVERFLOW: + return "overflow"; + default: + return NULL; + } + } + + return err_string_lookup(lib, reason, kOpenSSLReasonValues, + kOpenSSLReasonValuesLen, kOpenSSLReasonStringData); } void ERR_print_errors_cb(ERR_print_errors_callback_t callback, void *ctx) { - CRYPTO_THREADID current_thread; char buf[ERR_ERROR_STRING_BUF_LEN]; char buf2[1024]; - unsigned long thread_hash; const char *file, *data; int line, flags; uint32_t packed_error; - CRYPTO_THREADID_current(¤t_thread); - thread_hash = CRYPTO_THREADID_hash(¤t_thread); + /* thread_hash is the least-significant bits of the |ERR_STATE| pointer value + * for this thread. */ + const unsigned long thread_hash = (uintptr_t) err_get_state(); for (;;) { packed_error = ERR_get_error_line_data(&file, &line, &data, &flags); @@ -486,6 +609,17 @@ void ERR_print_errors_cb(ERR_print_errors_callback_t callback, void *ctx) { } } +static int print_errors_to_file(const char* msg, size_t msg_len, void* ctx) { + assert(msg[msg_len] == '\0'); + FILE* fp = ctx; + int res = fputs(msg, fp); + return res < 0 ? 0 : 1; +} + +void ERR_print_errors_fp(FILE *file) { + ERR_print_errors_cb(print_errors_to_file, file); +} + /* err_set_error_data sets the data on the most recent error. The |flags| * argument is a combination of the |ERR_FLAG_*| values. */ static void err_set_error_data(char *data, int flags) { @@ -648,162 +782,10 @@ int ERR_pop_to_mark(void) { return 0; } -static const char *const kLibraryNames[ERR_NUM_LIBS] = { - "invalid library (0)", - "unknown library", /* ERR_LIB_NONE */ - "system library", /* ERR_LIB_SYS */ - "bignum routines", /* ERR_LIB_BN */ - "RSA routines", /* ERR_LIB_RSA */ - "Diffie-Hellman routines", /* ERR_LIB_DH */ - "public key routines", /* ERR_LIB_EVP */ - "memory buffer routines", /* ERR_LIB_BUF */ - "object identifier routines", /* ERR_LIB_OBJ */ - "PEM routines", /* ERR_LIB_PEM */ - "DSA routines", /* ERR_LIB_DSA */ - "X.509 certificate routines", /* ERR_LIB_X509 */ - "ASN.1 encoding routines", /* ERR_LIB_ASN1 */ - "configuration file routines", /* ERR_LIB_CONF */ - "common libcrypto routines", /* ERR_LIB_CRYPTO */ - "elliptic curve routines", /* ERR_LIB_EC */ - "SSL routines", /* ERR_LIB_SSL */ - "BIO routines", /* ERR_LIB_BIO */ - "PKCS7 routines", /* ERR_LIB_PKCS7 */ - "PKCS8 routines", /* ERR_LIB_PKCS8 */ - "X509 V3 routines", /* ERR_LIB_X509V3 */ - "random number generator", /* ERR_LIB_RAND */ - "ENGINE routines", /* ERR_LIB_ENGINE */ - "OCSP routines", /* ERR_LIB_OCSP */ - "UI routines", /* ERR_LIB_UI */ - "COMP routines", /* ERR_LIB_COMP */ - "ECDSA routines", /* ERR_LIB_ECDSA */ - "ECDH routines", /* ERR_LIB_ECDH */ - "HMAC routines", /* ERR_LIB_HMAC */ - "Digest functions", /* ERR_LIB_DIGEST */ - "Cipher functions", /* ERR_LIB_CIPHER */ - "User defined functions", /* ERR_LIB_USER */ - "HKDF functions", /* ERR_LIB_HKDF */ -}; - -#define NUM_SYS_ERRNOS 127 - -/* kStaticErrors provides storage for ERR_STRING_DATA values that are created - * at init time because we assume that ERR_STRING_DATA structures aren't - * allocated on the heap. */ -static ERR_STRING_DATA kStaticErrors[ERR_NUM_LIBS * 2 + NUM_SYS_ERRNOS]; - -static const ERR_STRING_DATA kGlobalErrors[] = { - {ERR_R_MALLOC_FAILURE, "malloc failure"}, - {ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, "function should not be called"}, - {ERR_R_PASSED_NULL_PARAMETER, "passed a null parameter"}, - {ERR_R_INTERNAL_ERROR, "internal error"}, - {ERR_R_OVERFLOW, "overflow"}, - - {ERR_PACK(ERR_LIB_SYS, SYS_F_fopen, 0), "fopen"}, - {ERR_PACK(ERR_LIB_SYS, SYS_F_fclose, 0), "fclose"}, - {ERR_PACK(ERR_LIB_SYS, SYS_F_fread, 0), "fread"}, - {ERR_PACK(ERR_LIB_SYS, SYS_F_fwrite, 0), "fwrite"}, - {ERR_PACK(ERR_LIB_SYS, SYS_F_socket, 0), "socket"}, - {ERR_PACK(ERR_LIB_SYS, SYS_F_setsockopt, 0), "setsockopt"}, - {ERR_PACK(ERR_LIB_SYS, SYS_F_connect, 0), "connect"}, - {ERR_PACK(ERR_LIB_SYS, SYS_F_getaddrinfo, 0), "getaddrinfo"}, - - {0, NULL}, -}; - +void ERR_load_crypto_strings(void) {} -extern const ERR_STRING_DATA ASN1_error_string_data[]; -extern const ERR_STRING_DATA BIO_error_string_data[]; -extern const ERR_STRING_DATA BN_error_string_data[]; -extern const ERR_STRING_DATA BUF_error_string_data[]; -extern const ERR_STRING_DATA CIPHER_error_string_data[]; -extern const ERR_STRING_DATA CONF_error_string_data[]; -extern const ERR_STRING_DATA CRYPTO_error_string_data[]; -extern const ERR_STRING_DATA DH_error_string_data[]; -extern const ERR_STRING_DATA DIGEST_error_string_data[]; -extern const ERR_STRING_DATA DSA_error_string_data[]; -extern const ERR_STRING_DATA ECDH_error_string_data[]; -extern const ERR_STRING_DATA ECDSA_error_string_data[]; -extern const ERR_STRING_DATA EC_error_string_data[]; -extern const ERR_STRING_DATA ENGINE_error_string_data[]; -extern const ERR_STRING_DATA EVP_error_string_data[]; -extern const ERR_STRING_DATA HKDF_error_string_data[]; -extern const ERR_STRING_DATA OBJ_error_string_data[]; -extern const ERR_STRING_DATA PEM_error_string_data[]; -extern const ERR_STRING_DATA PKCS8_error_string_data[]; -extern const ERR_STRING_DATA RSA_error_string_data[]; -extern const ERR_STRING_DATA X509V3_error_string_data[]; -extern const ERR_STRING_DATA X509_error_string_data[]; - -static void err_load_strings(void) { - unsigned i, j = 0; - - err_fns_check(); - - /* This loop loads strings for the libraries for the ERR_R_*_LIB - * reasons. */ - for (i = ERR_LIB_NONE; i < ERR_NUM_LIBS; i++) { - ERR_STRING_DATA *data = &kStaticErrors[j++]; - data->string = kLibraryNames[i]; - data->error = ERR_PACK(i, 0, 0); - ERRFN(set_item)(data); - - data = &kStaticErrors[j++]; - data->string = kLibraryNames[i]; - data->error = ERR_PACK(0, 0, i); - ERRFN(set_item)(data); - } - - for (i = 1; i < 1 + NUM_SYS_ERRNOS; i++) { - /* The "SYS" library sets errno values as the reason for its errors. - * Thus we load the first |NUM_SYS_ERRNOS| errno strings as the - * reason strings for that library. */ - - ERR_STRING_DATA *data = &kStaticErrors[j++]; - data->string = strerror(i); - data->error = ERR_PACK(ERR_LIB_SYS, 0, i); - ERRFN(set_item)(data); - } - - ERR_load_strings(kGlobalErrors); - - ERR_load_strings(ASN1_error_string_data); - ERR_load_strings(BIO_error_string_data); - ERR_load_strings(BN_error_string_data); - ERR_load_strings(BUF_error_string_data); - ERR_load_strings(CIPHER_error_string_data); - ERR_load_strings(CONF_error_string_data); - ERR_load_strings(CRYPTO_error_string_data); - ERR_load_strings(DH_error_string_data); - ERR_load_strings(DIGEST_error_string_data); - ERR_load_strings(DSA_error_string_data); - ERR_load_strings(ECDH_error_string_data); - ERR_load_strings(ECDSA_error_string_data); - ERR_load_strings(EC_error_string_data); - ERR_load_strings(ENGINE_error_string_data); - ERR_load_strings(EVP_error_string_data); - ERR_load_strings(HKDF_error_string_data); - ERR_load_strings(OBJ_error_string_data); - ERR_load_strings(PEM_error_string_data); - ERR_load_strings(PKCS8_error_string_data); - ERR_load_strings(RSA_error_string_data); - ERR_load_strings(X509V3_error_string_data); - ERR_load_strings(X509_error_string_data); -} - -void ERR_load_strings(const ERR_STRING_DATA *str) { - err_fns_check(); - - while (str->error) { - ERRFN(set_item)(str); - str++; - } -} - -void ERR_load_crypto_strings(void) { err_load_strings(); } - -void ERR_free_strings(void) { - err_fns_check(); - ERRFN(shutdown)(err_state_free); -} +void ERR_free_strings(void) {} void ERR_load_BIO_strings(void) {} + +void ERR_load_ERR_strings(void) {} diff --git a/src/crypto/err/err_data_generate.go b/src/crypto/err/err_data_generate.go new file mode 100644 index 0000000..a5b4cb5 --- /dev/null +++ b/src/crypto/err/err_data_generate.go @@ -0,0 +1,287 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +package main + +import ( + "bufio" + "bytes" + "errors" + "fmt" + "io" + "os" + "sort" + "strconv" + "strings" +) + +// libraryNames must be kept in sync with the enum in err.h. The generated code +// will contain static assertions to enforce this. +var libraryNames = []string{ + "NONE", + "SYS", + "BN", + "RSA", + "DH", + "EVP", + "BUF", + "OBJ", + "PEM", + "DSA", + "X509", + "ASN1", + "CONF", + "CRYPTO", + "EC", + "SSL", + "BIO", + "PKCS7", + "PKCS8", + "X509V3", + "RAND", + "ENGINE", + "OCSP", + "UI", + "COMP", + "ECDSA", + "ECDH", + "HMAC", + "DIGEST", + "CIPHER", + "USER", + "HKDF", +} + +// stringList is a map from uint32 -> string which can output data for a sorted +// list as C literals. +type stringList struct { + // entries is an array of keys and offsets into |stringData|. The + // offsets are in the bottom 15 bits of each uint32 and the key is the + // top 17 bits. + entries []uint32 + // internedStrings contains the same strings as are in |stringData|, + // but allows for easy deduplication. It maps a string to its offset in + // |stringData|. + internedStrings map[string]uint32 + stringData []byte +} + +func newStringList() *stringList { + return &stringList{ + internedStrings: make(map[string]uint32), + } +} + +// offsetMask is the bottom 15 bits. It's a mask that selects the offset from a +// uint32 in entries. +const offsetMask = 0x7fff + +func (st *stringList) Add(key uint32, value string) error { + if key&offsetMask != 0 { + return errors.New("need bottom 15 bits of the key for the offset") + } + offset, ok := st.internedStrings[value] + if !ok { + offset = uint32(len(st.stringData)) + if offset&offsetMask != offset { + return errors.New("stringList overflow") + } + st.stringData = append(st.stringData, []byte(value)...) + st.stringData = append(st.stringData, 0) + st.internedStrings[value] = offset + } + + for _, existing := range st.entries { + if existing>>15 == key>>15 { + panic("duplicate entry") + } + } + st.entries = append(st.entries, key|offset) + return nil +} + +// keySlice is a type that implements sorting of entries values. +type keySlice []uint32 + +func (ks keySlice) Len() int { + return len(ks) +} + +func (ks keySlice) Less(i, j int) bool { + return (ks[i] >> 15) < (ks[j] >> 15) +} + +func (ks keySlice) Swap(i, j int) { + ks[i], ks[j] = ks[j], ks[i] +} + +func (st *stringList) buildList() []uint32 { + sort.Sort(keySlice(st.entries)) + return st.entries +} + +type stringWriter interface { + io.Writer + WriteString(string) (int, error) +} + +func (st *stringList) WriteTo(out stringWriter, name string) { + list := st.buildList() + fmt.Fprintf(os.Stderr, "%s: %d bytes of list and %d bytes of string data.\n", name, 4*len(list), len(st.stringData)) + + values := "kOpenSSL" + name + "Values" + out.WriteString("const uint32_t " + values + "[] = {\n") + for _, v := range list { + fmt.Fprintf(out, " 0x%x,\n", v) + } + out.WriteString("};\n\n") + out.WriteString("const size_t " + values + "Len = sizeof(" + values + ") / sizeof(" + values + "[0]);\n\n"); + + stringData := "kOpenSSL" + name + "StringData" + out.WriteString("const char " + stringData + "[] =\n \"") + for i, c := range st.stringData { + if c == 0 { + out.WriteString("\\0\"\n \"") + continue + } + out.Write(st.stringData[i : i+1]) + } + out.WriteString("\";\n\n") +} + +type errorData struct { + functions, reasons *stringList + libraryMap map[string]uint32 +} + +func (e *errorData) readErrorDataFile(filename string) error { + inFile, err := os.Open(filename) + if err != nil { + return err + } + defer inFile.Close() + + scanner := bufio.NewScanner(inFile) + comma := []byte(",") + + lineNo := 0 + for scanner.Scan() { + lineNo++ + + line := scanner.Bytes() + if len(line) == 0 { + continue + } + parts := bytes.Split(line, comma) + if len(parts) != 4 { + return fmt.Errorf("bad line %d in %s: found %d values but want 4", lineNo, filename, len(parts)) + } + libNum, ok := e.libraryMap[string(parts[0])] + if !ok { + return fmt.Errorf("bad line %d in %s: unknown library", lineNo, filename) + } + if libNum >= 64 { + return fmt.Errorf("bad line %d in %s: library value too large", lineNo, filename) + } + key, err := strconv.ParseUint(string(parts[2]), 10 /* base */, 32 /* bit size */) + if err != nil { + return fmt.Errorf("bad line %d in %s: %s", lineNo, filename, err) + } + if key >= 2048 { + return fmt.Errorf("bad line %d in %s: key too large", lineNo, filename) + } + value := string(parts[3]) + + listKey := libNum<<26 | uint32(key)<<15 + + switch string(parts[1]) { + case "function": + err = e.functions.Add(listKey, value) + case "reason": + err = e.reasons.Add(listKey, value) + default: + return fmt.Errorf("bad line %d in %s: bad value type", lineNo, filename) + } + + if err != nil { + return err + } + } + + return scanner.Err() +} + +func main() { + e := &errorData{ + functions: newStringList(), + reasons: newStringList(), + libraryMap: make(map[string]uint32), + } + for i, name := range libraryNames { + e.libraryMap[name] = uint32(i) + 1 + } + + cwd, err := os.Open(".") + if err != nil { + panic(err) + } + names, err := cwd.Readdirnames(-1) + if err != nil { + panic(err) + } + + sort.Strings(names) + for _, name := range names { + if !strings.HasSuffix(name, ".errordata") { + continue + } + if err := e.readErrorDataFile(name); err != nil { + panic(err) + } + } + + out := os.Stdout + + out.WriteString(`/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + + /* This file was generated by err_data_generate.go. */ + +#include +#include +#include + + +`) + + for i, name := range libraryNames { + fmt.Fprintf(out, "OPENSSL_COMPILE_ASSERT(ERR_LIB_%s == %d, library_values_changed_%d);\n", name, i+1, i+1) + } + fmt.Fprintf(out, "OPENSSL_COMPILE_ASSERT(ERR_NUM_LIBS == %d, library_values_changed_num);\n", len(libraryNames) + 1) + out.WriteString("\n") + + e.functions.WriteTo(out, "Function") + e.reasons.WriteTo(out, "Reason") +} diff --git a/src/crypto/err/err_impl.c b/src/crypto/err/err_impl.c deleted file mode 100644 index 32cff35..0000000 --- a/src/crypto/err/err_impl.c +++ /dev/null @@ -1,323 +0,0 @@ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). */ - -#include - -#include -#include - -#include -#include - - -DEFINE_LHASH_OF(ERR_STATE); -DEFINE_LHASH_OF(ERR_STRING_DATA); - -/* state_hash is a map from thread ID to ERR_STATE. It works like thread-local - * storage. */ -static LHASH_OF(ERR_STATE) *state_hash = NULL; - -/* error_hash maps from a packed error to the string for that library / - * function / reason. */ -static LHASH_OF(ERR_STRING_DATA) *error_hash = NULL; - -/* global_next_library contains the next custom library value to return. */ -static int global_next_library = ERR_NUM_LIBS; - -/* err_string_data_hash is an lhash hash function for ERR_STRING_DATA. */ -static uint32_t err_string_data_hash(const ERR_STRING_DATA *a) { - return OPENSSL_hash32(&a->error, sizeof(a->error)); -} - -/* err_string_data_cmp is an lhash compare function for ERR_STRING_DATA. */ -static int err_string_data_cmp(const ERR_STRING_DATA *a, - const ERR_STRING_DATA *b) { - return ((int)a->error) - ((int)b->error); -} - -/* error_hash_get_write_locked returns the hash that maps from packed error to - * error string and creates it if need be. The caller must hold a write lock on - * LOCK_ERR. */ -static LHASH_OF(ERR_STRING_DATA) * error_hash_get_write_locked(void) { - if (!error_hash) { - error_hash = lh_ERR_STRING_DATA_new(err_string_data_hash, err_string_data_cmp); - } - - return error_hash; -} - -/* err_get_item returns an ERR_STRING_DATA with an |error| member that - * equals |packed_error|, or NULL if none can be found. */ -static ERR_STRING_DATA *err_get_item(uint32_t packed_error) { - ERR_STRING_DATA *ret = NULL, pattern; - - pattern.error = packed_error; - - CRYPTO_r_lock(CRYPTO_LOCK_ERR); - if (error_hash) { - ret = lh_ERR_STRING_DATA_retrieve(error_hash, &pattern); - } - CRYPTO_r_unlock(CRYPTO_LOCK_ERR); - - return ret; -} - -/* err_set_item adds an ERR_STRING_DATA to the global hash of error strings and - * returns the previous entry with the same |err->error| value, if any. */ -static ERR_STRING_DATA *err_set_item(const ERR_STRING_DATA *err) { - ERR_STRING_DATA *old_item = NULL; - LHASH_OF(ERR_STRING_DATA) *hash; - - CRYPTO_w_lock(CRYPTO_LOCK_ERR); - hash = error_hash_get_write_locked(); - if (hash) { - lh_ERR_STRING_DATA_insert(hash, &old_item, (ERR_STRING_DATA*) err); - } - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - - return old_item; -} - -/* err_set_item removes an item from the global hash of error strings for - * |packed_error| and returns the removed entry, if any. */ -static ERR_STRING_DATA *err_del_item(uint32_t packed_error) { - ERR_STRING_DATA *old_item = NULL, pattern; - - pattern.error = packed_error; - - CRYPTO_w_lock(CRYPTO_LOCK_ERR); - if (error_hash) { - old_item = lh_ERR_STRING_DATA_delete(error_hash, &pattern); - } - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - - return old_item; -} - - -/* err_state_hash is an lhash hash function for ERR_STATE. */ -static uint32_t err_state_hash(const ERR_STATE *a) { - return CRYPTO_THREADID_hash(&a->tid); -} - -/* err_state_cmp is an lhash compare function for ERR_STATE. */ -static int err_state_cmp(const ERR_STATE *a, const ERR_STATE *b) { - return CRYPTO_THREADID_cmp(&a->tid, &b->tid); -} - - -static ERR_STATE *err_get_state(void) { - CRYPTO_THREADID tid; - ERR_STATE pattern, *state, *race_state; - int insert_result; - static ERR_STATE fallback; - - CRYPTO_THREADID_current(&tid); - memset(&pattern, 0, sizeof(pattern)); - CRYPTO_THREADID_cpy(&pattern.tid, &tid); - - CRYPTO_r_lock(CRYPTO_LOCK_ERR); - if (state_hash == NULL) { - CRYPTO_r_unlock(CRYPTO_LOCK_ERR); - CRYPTO_w_lock(CRYPTO_LOCK_ERR); - if (state_hash == NULL) { - state_hash = lh_ERR_STATE_new(err_state_hash, err_state_cmp); - } - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - CRYPTO_r_lock(CRYPTO_LOCK_ERR); - } - - if (state_hash == NULL) { - CRYPTO_r_unlock(CRYPTO_LOCK_ERR); - return NULL; - } - - state = lh_ERR_STATE_retrieve(state_hash, &pattern); - CRYPTO_r_unlock(CRYPTO_LOCK_ERR); - if (state != NULL) { - return state; - } - - state = OPENSSL_malloc(sizeof(ERR_STATE)); - if (state == NULL) { - CRYPTO_r_unlock(CRYPTO_LOCK_ERR); - /* The other error functions don't cope with a failure to get the error - * state, so we return a dummy value. */ - return &fallback; - } - - memset(state, 0, sizeof(ERR_STATE)); - CRYPTO_THREADID_cpy(&state->tid, &tid); - - CRYPTO_w_lock(CRYPTO_LOCK_ERR); - insert_result = lh_ERR_STATE_insert(state_hash, &race_state, state); - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - - if (!insert_result) { - /* Insertion failed because of malloc failure. */ - OPENSSL_free(state); - return &fallback; - } - - /* We cannot have raced with another thread to insert an ERR_STATE because no - * other thread should be inserting values for this thread. */ - assert(race_state == NULL); - - return state; -} - -static ERR_STATE *err_release_state(const CRYPTO_THREADID *tid) { - ERR_STATE pattern, *state; - - CRYPTO_THREADID_cpy(&pattern.tid, tid); - - CRYPTO_r_lock(CRYPTO_LOCK_ERR); - if (state_hash == NULL) { - CRYPTO_r_unlock(CRYPTO_LOCK_ERR); - return NULL; - } - - state = lh_ERR_STATE_delete(state_hash, &pattern); - CRYPTO_r_unlock(CRYPTO_LOCK_ERR); - - return state; -} - -static void err_shutdown(void (*err_state_free_cb)(ERR_STATE*)) { - CRYPTO_w_lock(CRYPTO_LOCK_ERR); - if (error_hash) { - lh_ERR_STRING_DATA_free(error_hash); - error_hash = NULL; - } - if (state_hash) { - lh_ERR_STATE_doall(state_hash, err_state_free_cb); - lh_ERR_STATE_free(state_hash); - state_hash = NULL; - } - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); -} - -static int err_get_next_library(void) { - int ret; - - CRYPTO_w_lock(CRYPTO_LOCK_ERR); - ret = global_next_library++; - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - - return ret; -} - -const struct ERR_FNS_st openssl_err_default_impl = { - err_shutdown, - err_get_item, - err_set_item, - err_del_item, - err_get_state, - err_release_state, - err_get_next_library, -}; diff --git a/src/crypto/err/err_test.c b/src/crypto/err/err_test.c deleted file mode 100644 index bf36201..0000000 --- a/src/crypto/err/err_test.c +++ /dev/null @@ -1,140 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#include -#include - -#include -#include -#include - - -static int test_overflow(void) { - unsigned i; - - for (i = 0; i < ERR_NUM_ERRORS*2; i++) { - ERR_put_error(1, 2, i+1, "test", 1); - } - - for (i = 0; i < ERR_NUM_ERRORS - 1; i++) { - uint32_t err = ERR_get_error(); - /* Errors are returned in order they were pushed, with the least recent ones - * removed, up to |ERR_NUM_ERRORS - 1| errors. So the errors returned are - * |ERR_NUM_ERRORS + 2| through |ERR_NUM_ERRORS * 2|, inclusive. */ - if (err == 0 || ERR_GET_REASON(err) != i + ERR_NUM_ERRORS + 2) { - fprintf(stderr, "ERR_get_error failed at %u\n", i); - return 0; - } - } - - if (ERR_get_error() != 0) { - fprintf(stderr, "ERR_get_error more than the expected number of values.\n"); - return 0; - } - - return 1; -} - -static int test_put_error(void) { - uint32_t peeked_packed_error, packed_error; - int peeked_line, line, peeked_flags, flags; - const char *peeked_file, *file, *peeked_data, *data; - - if (ERR_get_error() != 0) { - fprintf(stderr, "ERR_get_error returned value before an error was added.\n"); - return 0; - } - - ERR_put_error(1, 2, 3, "test", 4); - ERR_add_error_data(1, "testing"); - - peeked_packed_error = ERR_peek_error_line_data(&peeked_file, &peeked_line, - &peeked_data, &peeked_flags); - packed_error = ERR_get_error_line_data(&file, &line, &data, &flags); - - if (peeked_packed_error != packed_error || - peeked_file != file || - peeked_data != data || - peeked_flags != flags) { - fprintf(stderr, "Bad peeked error data returned.\n"); - return 0; - } - - if (strcmp(file, "test") != 0 || - line != 4 || - (flags & ERR_FLAG_STRING) == 0 || - ERR_GET_LIB(packed_error) != 1 || - ERR_GET_FUNC(packed_error) != 2 || - ERR_GET_REASON(packed_error) != 3 || - strcmp(data, "testing") != 0) { - fprintf(stderr, "Bad error data returned.\n"); - return 0; - } - - return 1; -} - -static int test_clear_error(void) { - if (ERR_get_error() != 0) { - fprintf(stderr, "ERR_get_error returned value before an error was added.\n"); - return 0; - } - - ERR_put_error(1, 2, 3, "test", 4); - ERR_clear_error(); - - if (ERR_get_error() != 0) { - fprintf(stderr, "Error remained after clearing.\n"); - return 0; - } - - return 1; -} - -static int test_print(void) { - size_t i; - char buf[256]; - uint32_t packed_error; - - ERR_put_error(1, 2, 3, "test", 4); - ERR_add_error_data(1, "testing"); - packed_error = ERR_get_error(); - - for (i = 0; i <= sizeof(buf); i++) { - ERR_error_string_n(packed_error, buf, i); - } - - return 1; -} - -static int test_release(void) { - ERR_put_error(1, 2, 3, "test", 4); - ERR_remove_thread_state(NULL); - return 1; -} - -int main(void) { - CRYPTO_library_init(); - - if (!test_overflow() || - !test_put_error() || - !test_clear_error() || - !test_print() || - !test_release()) { - return 1; - } - - printf("PASS\n"); - return 0; -} diff --git a/src/crypto/err/err_test.cc b/src/crypto/err/err_test.cc new file mode 100644 index 0000000..98dfb85 --- /dev/null +++ b/src/crypto/err/err_test.cc @@ -0,0 +1,134 @@ +/* Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include +#include + +#include +#include +#include + + +static bool TestOverflow() { + for (unsigned i = 0; i < ERR_NUM_ERRORS*2; i++) { + ERR_put_error(1, 2, i+1, "test", 1); + } + + for (unsigned i = 0; i < ERR_NUM_ERRORS - 1; i++) { + uint32_t err = ERR_get_error(); + /* Errors are returned in order they were pushed, with the least recent ones + * removed, up to |ERR_NUM_ERRORS - 1| errors. So the errors returned are + * |ERR_NUM_ERRORS + 2| through |ERR_NUM_ERRORS * 2|, inclusive. */ + if (err == 0 || ERR_GET_REASON(err) != i + ERR_NUM_ERRORS + 2) { + fprintf(stderr, "ERR_get_error failed at %u\n", i); + return false; + } + } + + if (ERR_get_error() != 0) { + fprintf(stderr, "ERR_get_error more than the expected number of values.\n"); + return false; + } + + return true; +} + +static bool TestPutError() { + if (ERR_get_error() != 0) { + fprintf(stderr, "ERR_get_error returned value before an error was added.\n"); + return false; + } + + ERR_put_error(1, 2, 3, "test", 4); + ERR_add_error_data(1, "testing"); + + int peeked_line, line, peeked_flags, flags; + const char *peeked_file, *file, *peeked_data, *data; + uint32_t peeked_packed_error = + ERR_peek_error_line_data(&peeked_file, &peeked_line, &peeked_data, + &peeked_flags); + uint32_t packed_error = ERR_get_error_line_data(&file, &line, &data, &flags); + + if (peeked_packed_error != packed_error || + peeked_file != file || + peeked_data != data || + peeked_flags != flags) { + fprintf(stderr, "Bad peeked error data returned.\n"); + return false; + } + + if (strcmp(file, "test") != 0 || + line != 4 || + (flags & ERR_FLAG_STRING) == 0 || + ERR_GET_LIB(packed_error) != 1 || + ERR_GET_FUNC(packed_error) != 2 || + ERR_GET_REASON(packed_error) != 3 || + strcmp(data, "testing") != 0) { + fprintf(stderr, "Bad error data returned.\n"); + return false; + } + + return true; +} + +static bool TestClearError() { + if (ERR_get_error() != 0) { + fprintf(stderr, "ERR_get_error returned value before an error was added.\n"); + return false; + } + + ERR_put_error(1, 2, 3, "test", 4); + ERR_clear_error(); + + if (ERR_get_error() != 0) { + fprintf(stderr, "Error remained after clearing.\n"); + return false; + } + + return true; +} + +static bool TestPrint() { + ERR_put_error(1, 2, 3, "test", 4); + ERR_add_error_data(1, "testing"); + uint32_t packed_error = ERR_get_error(); + + char buf[256]; + for (size_t i = 0; i <= sizeof(buf); i++) { + ERR_error_string_n(packed_error, buf, i); + } + + return true; +} + +static bool TestRelease() { + ERR_put_error(1, 2, 3, "test", 4); + ERR_remove_thread_state(NULL); + return true; +} + +int main() { + CRYPTO_library_init(); + + if (!TestOverflow() || + !TestPutError() || + !TestClearError() || + !TestPrint() || + !TestRelease()) { + return 1; + } + + printf("PASS\n"); + return 0; +} diff --git a/src/crypto/err/evp.errordata b/src/crypto/err/evp.errordata new file mode 100644 index 0000000..14dd27b --- /dev/null +++ b/src/crypto/err/evp.errordata @@ -0,0 +1,114 @@ +EVP,function,160,EVP_DigestSignAlgorithm +EVP,function,161,EVP_DigestVerifyInitFromAlgorithm +EVP,function,162,EVP_PKEY_CTX_ctrl +EVP,function,163,EVP_PKEY_CTX_dup +EVP,function,159,EVP_PKEY_CTX_get0_rsa_oaep_label +EVP,function,164,EVP_PKEY_copy_parameters +EVP,function,165,EVP_PKEY_decrypt +EVP,function,166,EVP_PKEY_decrypt_init +EVP,function,167,EVP_PKEY_derive +EVP,function,108,EVP_PKEY_derive_init +EVP,function,168,EVP_PKEY_derive_set_peer +EVP,function,110,EVP_PKEY_encrypt +EVP,function,111,EVP_PKEY_encrypt_init +EVP,function,112,EVP_PKEY_get1_DH +EVP,function,169,EVP_PKEY_get1_DSA +EVP,function,114,EVP_PKEY_get1_EC_KEY +EVP,function,115,EVP_PKEY_get1_RSA +EVP,function,116,EVP_PKEY_keygen +EVP,function,170,EVP_PKEY_keygen_init +EVP,function,171,EVP_PKEY_new +EVP,function,172,EVP_PKEY_set_type +EVP,function,120,EVP_PKEY_sign +EVP,function,121,EVP_PKEY_sign_init +EVP,function,122,EVP_PKEY_verify +EVP,function,123,EVP_PKEY_verify_init +EVP,function,173,check_padding_md +EVP,function,125,d2i_AutoPrivateKey +EVP,function,126,d2i_PrivateKey +EVP,function,127,do_EC_KEY_print +EVP,function,174,do_dsa_print +EVP,function,175,do_rsa_print +EVP,function,129,do_sigver_init +EVP,function,176,dsa_param_decode +EVP,function,177,dsa_priv_decode +EVP,function,178,dsa_priv_encode +EVP,function,179,dsa_pub_decode +EVP,function,180,dsa_pub_encode +EVP,function,181,dsa_sig_print +EVP,function,130,eckey_param2type +EVP,function,131,eckey_param_decode +EVP,function,132,eckey_priv_decode +EVP,function,133,eckey_priv_encode +EVP,function,134,eckey_pub_decode +EVP,function,135,eckey_pub_encode +EVP,function,136,eckey_type2param +EVP,function,137,evp_pkey_ctx_new +EVP,function,138,hmac_signctx +EVP,function,139,i2d_PublicKey +EVP,function,182,old_dsa_priv_decode +EVP,function,140,old_ec_priv_decode +EVP,function,141,old_rsa_priv_decode +EVP,function,142,pkey_ec_ctrl +EVP,function,143,pkey_ec_derive +EVP,function,144,pkey_ec_keygen +EVP,function,145,pkey_ec_paramgen +EVP,function,146,pkey_ec_sign +EVP,function,158,pkey_hmac_ctrl +EVP,function,147,pkey_rsa_ctrl +EVP,function,148,pkey_rsa_decrypt +EVP,function,149,pkey_rsa_encrypt +EVP,function,150,pkey_rsa_sign +EVP,function,151,rsa_algor_to_md +EVP,function,152,rsa_digest_verify_init_from_algorithm +EVP,function,153,rsa_mgf1_to_md +EVP,function,154,rsa_priv_decode +EVP,function,155,rsa_priv_encode +EVP,function,156,rsa_pss_to_ctx +EVP,function,157,rsa_pub_decode +EVP,reason,151,BN_DECODE_ERROR +EVP,reason,100,BUFFER_TOO_SMALL +EVP,reason,101,COMMAND_NOT_SUPPORTED +EVP,reason,146,CONTEXT_NOT_INITIALISED +EVP,reason,143,DECODE_ERROR +EVP,reason,104,DIFFERENT_KEY_TYPES +EVP,reason,105,DIFFERENT_PARAMETERS +EVP,reason,147,DIGEST_AND_KEY_TYPE_NOT_SUPPORTED +EVP,reason,107,EXPECTING_AN_EC_KEY_KEY +EVP,reason,141,EXPECTING_AN_RSA_KEY +EVP,reason,109,EXPECTING_A_DH_KEY +EVP,reason,110,EXPECTING_A_DSA_KEY +EVP,reason,111,ILLEGAL_OR_UNSUPPORTED_PADDING_MODE +EVP,reason,112,INVALID_CURVE +EVP,reason,113,INVALID_DIGEST_LENGTH +EVP,reason,114,INVALID_DIGEST_TYPE +EVP,reason,115,INVALID_KEYBITS +EVP,reason,116,INVALID_MGF1_MD +EVP,reason,142,INVALID_OPERATION +EVP,reason,118,INVALID_PADDING_MODE +EVP,reason,119,INVALID_PSS_PARAMETERS +EVP,reason,144,INVALID_PSS_SALTLEN +EVP,reason,121,INVALID_SALT_LENGTH +EVP,reason,122,INVALID_TRAILER +EVP,reason,123,KEYS_NOT_SET +EVP,reason,124,MISSING_PARAMETERS +EVP,reason,125,NO_DEFAULT_DIGEST +EVP,reason,126,NO_KEY_SET +EVP,reason,127,NO_MDC2_SUPPORT +EVP,reason,128,NO_NID_FOR_CURVE +EVP,reason,129,NO_OPERATION_SET +EVP,reason,130,NO_PARAMETERS_SET +EVP,reason,131,OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE +EVP,reason,132,OPERATON_NOT_INITIALIZED +EVP,reason,152,PARAMETER_ENCODING_ERROR +EVP,reason,133,UNKNOWN_DIGEST +EVP,reason,134,UNKNOWN_MASK_DIGEST +EVP,reason,150,UNKNOWN_MESSAGE_DIGEST_ALGORITHM +EVP,reason,145,UNKNOWN_PUBLIC_KEY_TYPE +EVP,reason,149,UNKNOWN_SIGNATURE_ALGORITHM +EVP,reason,138,UNSUPPORTED_ALGORITHM +EVP,reason,139,UNSUPPORTED_MASK_ALGORITHM +EVP,reason,140,UNSUPPORTED_MASK_PARAMETER +EVP,reason,153,UNSUPPORTED_PUBLIC_KEY_TYPE +EVP,reason,154,UNSUPPORTED_SIGNATURE_TYPE +EVP,reason,148,WRONG_PUBLIC_KEY_TYPE diff --git a/src/crypto/err/hkdf.errordata b/src/crypto/err/hkdf.errordata new file mode 100644 index 0000000..878a802 --- /dev/null +++ b/src/crypto/err/hkdf.errordata @@ -0,0 +1,2 @@ +HKDF,function,100,HKDF +HKDF,reason,100,OUTPUT_TOO_LARGE diff --git a/src/crypto/err/obj.errordata b/src/crypto/err/obj.errordata new file mode 100644 index 0000000..74e4629 --- /dev/null +++ b/src/crypto/err/obj.errordata @@ -0,0 +1,5 @@ +OBJ,function,100,OBJ_create +OBJ,function,101,OBJ_dup +OBJ,function,102,OBJ_nid2obj +OBJ,function,103,OBJ_txt2obj +OBJ,reason,100,UNKNOWN_NID diff --git a/src/crypto/err/pem.errordata b/src/crypto/err/pem.errordata new file mode 100644 index 0000000..42216a7 --- /dev/null +++ b/src/crypto/err/pem.errordata @@ -0,0 +1,39 @@ +PEM,function,100,PEM_ASN1_read +PEM,function,101,PEM_ASN1_read_bio +PEM,function,102,PEM_ASN1_write +PEM,function,103,PEM_ASN1_write_bio +PEM,function,104,PEM_X509_INFO_read +PEM,function,105,PEM_X509_INFO_read_bio +PEM,function,106,PEM_X509_INFO_write_bio +PEM,function,107,PEM_do_header +PEM,function,108,PEM_get_EVP_CIPHER_INFO +PEM,function,109,PEM_read +PEM,function,110,PEM_read_DHparams +PEM,function,111,PEM_read_PrivateKey +PEM,function,112,PEM_read_bio +PEM,function,113,PEM_read_bio_DHparams +PEM,function,114,PEM_read_bio_Parameters +PEM,function,115,PEM_read_bio_PrivateKey +PEM,function,116,PEM_write +PEM,function,117,PEM_write_PrivateKey +PEM,function,118,PEM_write_bio +PEM,function,119,d2i_PKCS8PrivateKey_bio +PEM,function,120,d2i_PKCS8PrivateKey_fp +PEM,function,121,do_pk8pkey +PEM,function,122,do_pk8pkey_fp +PEM,function,123,load_iv +PEM,reason,100,BAD_BASE64_DECODE +PEM,reason,101,BAD_DECRYPT +PEM,reason,102,BAD_END_LINE +PEM,reason,103,BAD_IV_CHARS +PEM,reason,104,BAD_PASSWORD_READ +PEM,reason,105,CIPHER_IS_NULL +PEM,reason,106,ERROR_CONVERTING_PRIVATE_KEY +PEM,reason,107,NOT_DEK_INFO +PEM,reason,108,NOT_ENCRYPTED +PEM,reason,109,NOT_PROC_TYPE +PEM,reason,110,NO_START_LINE +PEM,reason,111,READ_KEY +PEM,reason,112,SHORT_HEADER +PEM,reason,113,UNSUPPORTED_CIPHER +PEM,reason,114,UNSUPPORTED_ENCRYPTION diff --git a/src/crypto/err/pkcs8.errordata b/src/crypto/err/pkcs8.errordata new file mode 100644 index 0000000..936f3c5 --- /dev/null +++ b/src/crypto/err/pkcs8.errordata @@ -0,0 +1,43 @@ +PKCS8,function,100,EVP_PKCS82PKEY +PKCS8,function,101,EVP_PKEY2PKCS8 +PKCS8,function,102,PKCS12_get_key_and_certs +PKCS8,function,103,PKCS12_handle_content_info +PKCS8,function,104,PKCS12_handle_content_infos +PKCS8,function,105,PKCS5_pbe2_set_iv +PKCS8,function,106,PKCS5_pbe_set +PKCS8,function,107,PKCS5_pbe_set0_algor +PKCS8,function,108,PKCS5_pbkdf2_set +PKCS8,function,109,PKCS8_decrypt +PKCS8,function,110,PKCS8_encrypt +PKCS8,function,111,PKCS8_encrypt_pbe +PKCS8,function,112,pbe_cipher_init +PKCS8,function,113,pbe_crypt +PKCS8,function,114,pkcs12_item_decrypt_d2i +PKCS8,function,115,pkcs12_item_i2d_encrypt +PKCS8,function,116,pkcs12_key_gen_raw +PKCS8,function,117,pkcs12_pbe_keyivgen +PKCS8,reason,100,BAD_PKCS12_DATA +PKCS8,reason,101,BAD_PKCS12_VERSION +PKCS8,reason,102,CIPHER_HAS_NO_OBJECT_IDENTIFIER +PKCS8,reason,103,CRYPT_ERROR +PKCS8,reason,104,DECODE_ERROR +PKCS8,reason,105,ENCODE_ERROR +PKCS8,reason,106,ENCRYPT_ERROR +PKCS8,reason,107,ERROR_SETTING_CIPHER_PARAMS +PKCS8,reason,108,INCORRECT_PASSWORD +PKCS8,reason,109,KEYGEN_FAILURE +PKCS8,reason,110,KEY_GEN_ERROR +PKCS8,reason,111,METHOD_NOT_SUPPORTED +PKCS8,reason,112,MISSING_MAC +PKCS8,reason,113,MULTIPLE_PRIVATE_KEYS_IN_PKCS12 +PKCS8,reason,114,PKCS12_PUBLIC_KEY_INTEGRITY_NOT_SUPPORTED +PKCS8,reason,115,PKCS12_TOO_DEEPLY_NESTED +PKCS8,reason,116,PRIVATE_KEY_DECODE_ERROR +PKCS8,reason,117,PRIVATE_KEY_ENCODE_ERROR +PKCS8,reason,118,TOO_LONG +PKCS8,reason,119,UNKNOWN_ALGORITHM +PKCS8,reason,120,UNKNOWN_CIPHER +PKCS8,reason,121,UNKNOWN_CIPHER_ALGORITHM +PKCS8,reason,122,UNKNOWN_DIGEST +PKCS8,reason,123,UNKNOWN_HASH +PKCS8,reason,124,UNSUPPORTED_PRIVATE_KEY_ALGORITHM diff --git a/src/crypto/err/rsa.errordata b/src/crypto/err/rsa.errordata new file mode 100644 index 0000000..64b390d --- /dev/null +++ b/src/crypto/err/rsa.errordata @@ -0,0 +1,69 @@ +RSA,function,100,BN_BLINDING_convert_ex +RSA,function,101,BN_BLINDING_create_param +RSA,function,102,BN_BLINDING_invert_ex +RSA,function,103,BN_BLINDING_new +RSA,function,104,BN_BLINDING_update +RSA,function,105,RSA_check_key +RSA,function,106,RSA_new_method +RSA,function,107,RSA_padding_add_PKCS1_OAEP_mgf1 +RSA,function,108,RSA_padding_add_PKCS1_PSS_mgf1 +RSA,function,109,RSA_padding_add_PKCS1_type_1 +RSA,function,110,RSA_padding_add_PKCS1_type_2 +RSA,function,111,RSA_padding_add_none +RSA,function,112,RSA_padding_check_PKCS1_OAEP_mgf1 +RSA,function,113,RSA_padding_check_PKCS1_type_1 +RSA,function,114,RSA_padding_check_PKCS1_type_2 +RSA,function,115,RSA_padding_check_none +RSA,function,116,RSA_recover_crt_params +RSA,function,117,RSA_sign +RSA,function,118,RSA_verify +RSA,function,119,RSA_verify_PKCS1_PSS_mgf1 +RSA,function,120,decrypt +RSA,function,121,encrypt +RSA,function,122,keygen +RSA,function,123,pkcs1_prefixed_msg +RSA,function,124,private_transform +RSA,function,125,rsa_setup_blinding +RSA,function,126,sign_raw +RSA,function,127,verify_raw +RSA,reason,100,BAD_E_VALUE +RSA,reason,101,BAD_FIXED_HEADER_DECRYPT +RSA,reason,102,BAD_PAD_BYTE_COUNT +RSA,reason,103,BAD_RSA_PARAMETERS +RSA,reason,104,BAD_SIGNATURE +RSA,reason,105,BLOCK_TYPE_IS_NOT_01 +RSA,reason,106,BN_NOT_INITIALIZED +RSA,reason,107,CRT_PARAMS_ALREADY_GIVEN +RSA,reason,108,CRT_VALUES_INCORRECT +RSA,reason,109,DATA_LEN_NOT_EQUAL_TO_MOD_LEN +RSA,reason,110,DATA_TOO_LARGE +RSA,reason,111,DATA_TOO_LARGE_FOR_KEY_SIZE +RSA,reason,112,DATA_TOO_LARGE_FOR_MODULUS +RSA,reason,113,DATA_TOO_SMALL +RSA,reason,114,DATA_TOO_SMALL_FOR_KEY_SIZE +RSA,reason,115,DIGEST_TOO_BIG_FOR_RSA_KEY +RSA,reason,116,D_E_NOT_CONGRUENT_TO_1 +RSA,reason,117,EMPTY_PUBLIC_KEY +RSA,reason,118,FIRST_OCTET_INVALID +RSA,reason,119,INCONSISTENT_SET_OF_CRT_VALUES +RSA,reason,120,INTERNAL_ERROR +RSA,reason,121,INVALID_MESSAGE_LENGTH +RSA,reason,122,KEY_SIZE_TOO_SMALL +RSA,reason,123,LAST_OCTET_INVALID +RSA,reason,124,MODULUS_TOO_LARGE +RSA,reason,125,NO_PUBLIC_EXPONENT +RSA,reason,126,NULL_BEFORE_BLOCK_MISSING +RSA,reason,127,N_NOT_EQUAL_P_Q +RSA,reason,128,OAEP_DECODING_ERROR +RSA,reason,129,ONLY_ONE_OF_P_Q_GIVEN +RSA,reason,130,OUTPUT_BUFFER_TOO_SMALL +RSA,reason,131,PADDING_CHECK_FAILED +RSA,reason,132,PKCS_DECODING_ERROR +RSA,reason,133,SLEN_CHECK_FAILED +RSA,reason,134,SLEN_RECOVERY_FAILED +RSA,reason,135,TOO_LONG +RSA,reason,136,TOO_MANY_ITERATIONS +RSA,reason,137,UNKNOWN_ALGORITHM_TYPE +RSA,reason,138,UNKNOWN_PADDING_TYPE +RSA,reason,139,VALUE_MISSING +RSA,reason,140,WRONG_SIGNATURE_LENGTH diff --git a/src/crypto/err/ssl.errordata b/src/crypto/err/ssl.errordata new file mode 100644 index 0000000..afeaaeb --- /dev/null +++ b/src/crypto/err/ssl.errordata @@ -0,0 +1,376 @@ +SSL,function,100,SSL_CTX_check_private_key +SSL,function,101,SSL_CTX_new +SSL,function,272,SSL_CTX_set1_tls_channel_id +SSL,function,102,SSL_CTX_set_cipher_list +SSL,function,103,SSL_CTX_set_cipher_list_tls11 +SSL,function,104,SSL_CTX_set_session_id_context +SSL,function,268,SSL_CTX_set_tmp_dh +SSL,function,269,SSL_CTX_set_tmp_ecdh +SSL,function,105,SSL_CTX_use_PrivateKey +SSL,function,106,SSL_CTX_use_PrivateKey_ASN1 +SSL,function,107,SSL_CTX_use_PrivateKey_file +SSL,function,108,SSL_CTX_use_RSAPrivateKey +SSL,function,109,SSL_CTX_use_RSAPrivateKey_ASN1 +SSL,function,110,SSL_CTX_use_RSAPrivateKey_file +SSL,function,111,SSL_CTX_use_certificate +SSL,function,112,SSL_CTX_use_certificate_ASN1 +SSL,function,113,SSL_CTX_use_certificate_chain_file +SSL,function,114,SSL_CTX_use_certificate_file +SSL,function,115,SSL_CTX_use_psk_identity_hint +SSL,function,116,SSL_SESSION_new +SSL,function,117,SSL_SESSION_print_fp +SSL,function,118,SSL_SESSION_set1_id_context +SSL,function,119,SSL_SESSION_to_bytes_full +SSL,function,120,SSL_accept +SSL,function,121,SSL_add_dir_cert_subjects_to_stack +SSL,function,122,SSL_add_file_cert_subjects_to_stack +SSL,function,123,SSL_check_private_key +SSL,function,124,SSL_clear +SSL,function,125,SSL_connect +SSL,function,126,SSL_do_handshake +SSL,function,127,SSL_load_client_CA_file +SSL,function,128,SSL_new +SSL,function,129,SSL_peek +SSL,function,130,SSL_read +SSL,function,131,SSL_renegotiate +SSL,function,273,SSL_set1_tls_channel_id +SSL,function,132,SSL_set_cipher_list +SSL,function,133,SSL_set_fd +SSL,function,134,SSL_set_rfd +SSL,function,135,SSL_set_session_id_context +SSL,function,274,SSL_set_tlsext_host_name +SSL,function,270,SSL_set_tmp_dh +SSL,function,271,SSL_set_tmp_ecdh +SSL,function,136,SSL_set_wfd +SSL,function,137,SSL_shutdown +SSL,function,138,SSL_use_PrivateKey +SSL,function,139,SSL_use_PrivateKey_ASN1 +SSL,function,140,SSL_use_PrivateKey_file +SSL,function,141,SSL_use_RSAPrivateKey +SSL,function,142,SSL_use_RSAPrivateKey_ASN1 +SSL,function,143,SSL_use_RSAPrivateKey_file +SSL,function,144,SSL_use_certificate +SSL,function,145,SSL_use_certificate_ASN1 +SSL,function,146,SSL_use_certificate_file +SSL,function,147,SSL_use_psk_identity_hint +SSL,function,148,SSL_write +SSL,function,149,d2i_SSL_SESSION +SSL,function,150,d2i_SSL_SESSION_get_octet_string +SSL,function,151,d2i_SSL_SESSION_get_string +SSL,function,152,do_ssl3_write +SSL,function,153,dtls1_accept +SSL,function,154,dtls1_buffer_record +SSL,function,155,dtls1_check_timeout_num +SSL,function,156,dtls1_connect +SSL,function,157,dtls1_do_write +SSL,function,263,dtls1_get_buffered_message +SSL,function,158,dtls1_get_hello_verify +SSL,function,159,dtls1_get_message +SSL,function,160,dtls1_get_message_fragment +SSL,function,265,dtls1_hm_fragment_new +SSL,function,161,dtls1_preprocess_fragment +SSL,function,264,dtls1_process_fragment +SSL,function,162,dtls1_process_record +SSL,function,163,dtls1_read_bytes +SSL,function,164,dtls1_send_hello_verify_request +SSL,function,165,dtls1_write_app_data_bytes +SSL,function,166,i2d_SSL_SESSION +SSL,function,167,ssl3_accept +SSL,function,169,ssl3_cert_verify_hash +SSL,function,170,ssl3_check_cert_and_algorithm +SSL,function,171,ssl3_connect +SSL,function,172,ssl3_ctrl +SSL,function,173,ssl3_ctx_ctrl +SSL,function,174,ssl3_digest_cached_records +SSL,function,175,ssl3_do_change_cipher_spec +SSL,function,176,ssl3_expect_change_cipher_spec +SSL,function,177,ssl3_get_cert_status +SSL,function,178,ssl3_get_cert_verify +SSL,function,179,ssl3_get_certificate_request +SSL,function,180,ssl3_get_channel_id +SSL,function,181,ssl3_get_client_certificate +SSL,function,182,ssl3_get_client_hello +SSL,function,183,ssl3_get_client_key_exchange +SSL,function,184,ssl3_get_finished +SSL,function,185,ssl3_get_initial_bytes +SSL,function,186,ssl3_get_message +SSL,function,187,ssl3_get_new_session_ticket +SSL,function,188,ssl3_get_next_proto +SSL,function,189,ssl3_get_record +SSL,function,190,ssl3_get_server_certificate +SSL,function,191,ssl3_get_server_done +SSL,function,192,ssl3_get_server_hello +SSL,function,193,ssl3_get_server_key_exchange +SSL,function,194,ssl3_get_v2_client_hello +SSL,function,195,ssl3_handshake_mac +SSL,function,275,ssl3_output_cert_chain +SSL,function,196,ssl3_prf +SSL,function,197,ssl3_read_bytes +SSL,function,198,ssl3_read_n +SSL,function,267,ssl3_record_sequence_update +SSL,function,266,ssl3_seal_record +SSL,function,199,ssl3_send_cert_verify +SSL,function,200,ssl3_send_certificate_request +SSL,function,201,ssl3_send_channel_id +SSL,function,202,ssl3_send_client_certificate +SSL,function,203,ssl3_send_client_hello +SSL,function,204,ssl3_send_client_key_exchange +SSL,function,205,ssl3_send_server_certificate +SSL,function,206,ssl3_send_server_hello +SSL,function,207,ssl3_send_server_key_exchange +SSL,function,208,ssl3_setup_read_buffer +SSL,function,209,ssl3_setup_write_buffer +SSL,function,210,ssl3_write_bytes +SSL,function,211,ssl3_write_pending +SSL,function,212,ssl_add_cert_chain +SSL,function,213,ssl_add_cert_to_buf +SSL,function,214,ssl_add_clienthello_renegotiate_ext +SSL,function,215,ssl_add_clienthello_tlsext +SSL,function,216,ssl_add_clienthello_use_srtp_ext +SSL,function,217,ssl_add_serverhello_renegotiate_ext +SSL,function,218,ssl_add_serverhello_tlsext +SSL,function,219,ssl_add_serverhello_use_srtp_ext +SSL,function,220,ssl_build_cert_chain +SSL,function,221,ssl_bytes_to_cipher_list +SSL,function,222,ssl_cert_dup +SSL,function,223,ssl_cert_inst +SSL,function,224,ssl_cert_new +SSL,function,225,ssl_check_serverhello_tlsext +SSL,function,226,ssl_check_srvr_ecc_cert_and_alg +SSL,function,227,ssl_cipher_process_rulestr +SSL,function,228,ssl_cipher_strength_sort +SSL,function,229,ssl_create_cipher_list +SSL,function,230,ssl_ctx_log_master_secret +SSL,function,231,ssl_ctx_log_rsa_client_key_exchange +SSL,function,232,ssl_ctx_make_profiles +SSL,function,233,ssl_get_new_session +SSL,function,234,ssl_get_prev_session +SSL,function,235,ssl_get_server_cert_index +SSL,function,236,ssl_get_sign_pkey +SSL,function,237,ssl_init_wbio_buffer +SSL,function,238,ssl_parse_clienthello_renegotiate_ext +SSL,function,239,ssl_parse_clienthello_tlsext +SSL,function,240,ssl_parse_clienthello_use_srtp_ext +SSL,function,241,ssl_parse_serverhello_renegotiate_ext +SSL,function,242,ssl_parse_serverhello_tlsext +SSL,function,243,ssl_parse_serverhello_use_srtp_ext +SSL,function,244,ssl_scan_clienthello_tlsext +SSL,function,245,ssl_scan_serverhello_tlsext +SSL,function,246,ssl_sess_cert_new +SSL,function,247,ssl_set_cert +SSL,function,248,ssl_set_pkey +SSL,function,252,ssl_verify_cert_chain +SSL,function,253,tls12_check_peer_sigalg +SSL,function,254,tls1_aead_ctx_init +SSL,function,255,tls1_cert_verify_mac +SSL,function,256,tls1_change_cipher_state +SSL,function,257,tls1_change_cipher_state_aead +SSL,function,258,tls1_check_duplicate_extensions +SSL,function,259,tls1_enc +SSL,function,260,tls1_export_keying_material +SSL,function,261,tls1_prf +SSL,function,262,tls1_setup_key_block +SSL,reason,100,APP_DATA_IN_HANDSHAKE +SSL,reason,101,ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT +SSL,reason,102,BAD_ALERT +SSL,reason,103,BAD_CHANGE_CIPHER_SPEC +SSL,reason,104,BAD_DATA_RETURNED_BY_CALLBACK +SSL,reason,105,BAD_DH_P_LENGTH +SSL,reason,106,BAD_DIGEST_LENGTH +SSL,reason,107,BAD_ECC_CERT +SSL,reason,108,BAD_ECPOINT +SSL,reason,109,BAD_HANDSHAKE_LENGTH +SSL,reason,110,BAD_HANDSHAKE_RECORD +SSL,reason,111,BAD_HELLO_REQUEST +SSL,reason,112,BAD_LENGTH +SSL,reason,113,BAD_PACKET_LENGTH +SSL,reason,114,BAD_RSA_ENCRYPT +SSL,reason,115,BAD_SIGNATURE +SSL,reason,116,BAD_SRTP_MKI_VALUE +SSL,reason,117,BAD_SRTP_PROTECTION_PROFILE_LIST +SSL,reason,118,BAD_SSL_FILETYPE +SSL,reason,119,BAD_WRITE_RETRY +SSL,reason,120,BIO_NOT_SET +SSL,reason,121,BN_LIB +SSL,reason,272,BUFFER_TOO_SMALL +SSL,reason,122,CANNOT_SERIALIZE_PUBLIC_KEY +SSL,reason,123,CA_DN_LENGTH_MISMATCH +SSL,reason,124,CA_DN_TOO_LONG +SSL,reason,125,CCS_RECEIVED_EARLY +SSL,reason,126,CERTIFICATE_VERIFY_FAILED +SSL,reason,127,CERT_CB_ERROR +SSL,reason,128,CERT_LENGTH_MISMATCH +SSL,reason,129,CHANNEL_ID_NOT_P256 +SSL,reason,130,CHANNEL_ID_SIGNATURE_INVALID +SSL,reason,131,CIPHER_CODE_WRONG_LENGTH +SSL,reason,132,CIPHER_OR_HASH_UNAVAILABLE +SSL,reason,133,CLIENTHELLO_PARSE_FAILED +SSL,reason,134,CLIENTHELLO_TLSEXT +SSL,reason,135,CONNECTION_REJECTED +SSL,reason,136,CONNECTION_TYPE_NOT_SET +SSL,reason,137,COOKIE_MISMATCH +SSL,reason,138,D2I_ECDSA_SIG +SSL,reason,139,DATA_BETWEEN_CCS_AND_FINISHED +SSL,reason,140,DATA_LENGTH_TOO_LONG +SSL,reason,141,DECODE_ERROR +SSL,reason,142,DECRYPTION_FAILED +SSL,reason,143,DECRYPTION_FAILED_OR_BAD_RECORD_MAC +SSL,reason,144,DH_PUBLIC_VALUE_LENGTH_IS_WRONG +SSL,reason,145,DIGEST_CHECK_FAILED +SSL,reason,146,DTLS_MESSAGE_TOO_BIG +SSL,reason,147,ECC_CERT_NOT_FOR_SIGNING +SSL,reason,148,EMPTY_SRTP_PROTECTION_PROFILE_LIST +SSL,reason,149,ENCRYPTED_LENGTH_TOO_LONG +SSL,reason,150,ERROR_IN_RECEIVED_CIPHER_LIST +SSL,reason,151,EVP_DIGESTSIGNFINAL_FAILED +SSL,reason,152,EVP_DIGESTSIGNINIT_FAILED +SSL,reason,153,EXCESSIVE_MESSAGE_SIZE +SSL,reason,154,EXTRA_DATA_IN_MESSAGE +SSL,reason,271,FRAGMENT_MISMATCH +SSL,reason,155,GOT_A_FIN_BEFORE_A_CCS +SSL,reason,156,GOT_CHANNEL_ID_BEFORE_A_CCS +SSL,reason,157,GOT_NEXT_PROTO_BEFORE_A_CCS +SSL,reason,158,GOT_NEXT_PROTO_WITHOUT_EXTENSION +SSL,reason,159,HANDSHAKE_FAILURE_ON_CLIENT_HELLO +SSL,reason,160,HANDSHAKE_RECORD_BEFORE_CCS +SSL,reason,161,HTTPS_PROXY_REQUEST +SSL,reason,162,HTTP_REQUEST +SSL,reason,163,INAPPROPRIATE_FALLBACK +SSL,reason,164,INVALID_COMMAND +SSL,reason,165,INVALID_MESSAGE +SSL,reason,166,INVALID_SSL_SESSION +SSL,reason,167,INVALID_TICKET_KEYS_LENGTH +SSL,reason,168,LENGTH_MISMATCH +SSL,reason,169,LIBRARY_HAS_NO_CIPHERS +SSL,reason,170,MISSING_DH_KEY +SSL,reason,171,MISSING_ECDSA_SIGNING_CERT +SSL,reason,172,MISSING_RSA_CERTIFICATE +SSL,reason,173,MISSING_RSA_ENCRYPTING_CERT +SSL,reason,174,MISSING_RSA_SIGNING_CERT +SSL,reason,175,MISSING_TMP_DH_KEY +SSL,reason,176,MISSING_TMP_ECDH_KEY +SSL,reason,177,MIXED_SPECIAL_OPERATOR_WITH_GROUPS +SSL,reason,178,MTU_TOO_SMALL +SSL,reason,179,NESTED_GROUP +SSL,reason,180,NO_CERTIFICATES_RETURNED +SSL,reason,181,NO_CERTIFICATE_ASSIGNED +SSL,reason,182,NO_CERTIFICATE_SET +SSL,reason,183,NO_CIPHERS_AVAILABLE +SSL,reason,184,NO_CIPHERS_PASSED +SSL,reason,185,NO_CIPHERS_SPECIFIED +SSL,reason,186,NO_CIPHER_MATCH +SSL,reason,187,NO_COMPRESSION_SPECIFIED +SSL,reason,188,NO_METHOD_SPECIFIED +SSL,reason,189,NO_P256_SUPPORT +SSL,reason,190,NO_PRIVATE_KEY_ASSIGNED +SSL,reason,191,NO_RENEGOTIATION +SSL,reason,192,NO_REQUIRED_DIGEST +SSL,reason,193,NO_SHARED_CIPHER +SSL,reason,194,NO_SHARED_SIGATURE_ALGORITHMS +SSL,reason,195,NO_SRTP_PROFILES +SSL,reason,196,NULL_SSL_CTX +SSL,reason,197,NULL_SSL_METHOD_PASSED +SSL,reason,198,OLD_SESSION_CIPHER_NOT_RETURNED +SSL,reason,273,OLD_SESSION_VERSION_NOT_RETURNED +SSL,reason,199,PACKET_LENGTH_TOO_LONG +SSL,reason,200,PARSE_TLSEXT +SSL,reason,201,PATH_TOO_LONG +SSL,reason,202,PEER_DID_NOT_RETURN_A_CERTIFICATE +SSL,reason,203,PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE +SSL,reason,204,PROTOCOL_IS_SHUTDOWN +SSL,reason,205,PSK_IDENTITY_NOT_FOUND +SSL,reason,206,PSK_NO_CLIENT_CB +SSL,reason,207,PSK_NO_SERVER_CB +SSL,reason,208,READ_BIO_NOT_SET +SSL,reason,209,READ_TIMEOUT_EXPIRED +SSL,reason,210,RECORD_LENGTH_MISMATCH +SSL,reason,211,RECORD_TOO_LARGE +SSL,reason,212,RENEGOTIATE_EXT_TOO_LONG +SSL,reason,213,RENEGOTIATION_ENCODING_ERR +SSL,reason,214,RENEGOTIATION_MISMATCH +SSL,reason,215,REQUIRED_CIPHER_MISSING +SSL,reason,216,SCSV_RECEIVED_WHEN_RENEGOTIATING +SSL,reason,217,SERVERHELLO_TLSEXT +SSL,reason,218,SESSION_ID_CONTEXT_UNINITIALIZED +SSL,reason,219,SESSION_MAY_NOT_BE_CREATED +SSL,reason,220,SIGNATURE_ALGORITHMS_ERROR +SSL,reason,221,SRTP_COULD_NOT_ALLOCATE_PROFILES +SSL,reason,222,SRTP_PROTECTION_PROFILE_LIST_TOO_LONG +SSL,reason,223,SRTP_UNKNOWN_PROTECTION_PROFILE +SSL,reason,224,SSL3_EXT_INVALID_SERVERNAME +SSL,reason,225,SSL3_EXT_INVALID_SERVERNAME_TYPE +SSL,reason,1042,SSLV3_ALERT_BAD_CERTIFICATE +SSL,reason,1020,SSLV3_ALERT_BAD_RECORD_MAC +SSL,reason,1045,SSLV3_ALERT_CERTIFICATE_EXPIRED +SSL,reason,1044,SSLV3_ALERT_CERTIFICATE_REVOKED +SSL,reason,1046,SSLV3_ALERT_CERTIFICATE_UNKNOWN +SSL,reason,1000,SSLV3_ALERT_CLOSE_NOTIFY +SSL,reason,1030,SSLV3_ALERT_DECOMPRESSION_FAILURE +SSL,reason,1040,SSLV3_ALERT_HANDSHAKE_FAILURE +SSL,reason,1047,SSLV3_ALERT_ILLEGAL_PARAMETER +SSL,reason,1041,SSLV3_ALERT_NO_CERTIFICATE +SSL,reason,1010,SSLV3_ALERT_UNEXPECTED_MESSAGE +SSL,reason,1043,SSLV3_ALERT_UNSUPPORTED_CERTIFICATE +SSL,reason,226,SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION +SSL,reason,227,SSL_HANDSHAKE_FAILURE +SSL,reason,228,SSL_SESSION_ID_CALLBACK_FAILED +SSL,reason,229,SSL_SESSION_ID_CONFLICT +SSL,reason,230,SSL_SESSION_ID_CONTEXT_TOO_LONG +SSL,reason,231,SSL_SESSION_ID_HAS_BAD_LENGTH +SSL,reason,1049,TLSV1_ALERT_ACCESS_DENIED +SSL,reason,1050,TLSV1_ALERT_DECODE_ERROR +SSL,reason,1021,TLSV1_ALERT_DECRYPTION_FAILED +SSL,reason,1051,TLSV1_ALERT_DECRYPT_ERROR +SSL,reason,1060,TLSV1_ALERT_EXPORT_RESTRICTION +SSL,reason,1086,TLSV1_ALERT_INAPPROPRIATE_FALLBACK +SSL,reason,1071,TLSV1_ALERT_INSUFFICIENT_SECURITY +SSL,reason,1080,TLSV1_ALERT_INTERNAL_ERROR +SSL,reason,1100,TLSV1_ALERT_NO_RENEGOTIATION +SSL,reason,1070,TLSV1_ALERT_PROTOCOL_VERSION +SSL,reason,1022,TLSV1_ALERT_RECORD_OVERFLOW +SSL,reason,1048,TLSV1_ALERT_UNKNOWN_CA +SSL,reason,1090,TLSV1_ALERT_USER_CANCELLED +SSL,reason,1114,TLSV1_BAD_CERTIFICATE_HASH_VALUE +SSL,reason,1113,TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE +SSL,reason,1111,TLSV1_CERTIFICATE_UNOBTAINABLE +SSL,reason,1112,TLSV1_UNRECOGNIZED_NAME +SSL,reason,1110,TLSV1_UNSUPPORTED_EXTENSION +SSL,reason,232,TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER +SSL,reason,233,TLS_ILLEGAL_EXPORTER_LABEL +SSL,reason,234,TLS_INVALID_ECPOINTFORMAT_LIST +SSL,reason,235,TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST +SSL,reason,236,TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG +SSL,reason,237,TOO_MANY_EMPTY_FRAGMENTS +SSL,reason,238,UNABLE_TO_FIND_ECDH_PARAMETERS +SSL,reason,239,UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS +SSL,reason,240,UNEXPECTED_GROUP_CLOSE +SSL,reason,241,UNEXPECTED_MESSAGE +SSL,reason,242,UNEXPECTED_OPERATOR_IN_GROUP +SSL,reason,243,UNEXPECTED_RECORD +SSL,reason,244,UNINITIALIZED +SSL,reason,245,UNKNOWN_ALERT_TYPE +SSL,reason,246,UNKNOWN_CERTIFICATE_TYPE +SSL,reason,247,UNKNOWN_CIPHER_RETURNED +SSL,reason,248,UNKNOWN_CIPHER_TYPE +SSL,reason,249,UNKNOWN_DIGEST +SSL,reason,250,UNKNOWN_KEY_EXCHANGE_TYPE +SSL,reason,251,UNKNOWN_PROTOCOL +SSL,reason,252,UNKNOWN_SSL_VERSION +SSL,reason,253,UNKNOWN_STATE +SSL,reason,254,UNPROCESSED_HANDSHAKE_DATA +SSL,reason,255,UNSAFE_LEGACY_RENEGOTIATION_DISABLED +SSL,reason,256,UNSUPPORTED_CIPHER +SSL,reason,257,UNSUPPORTED_COMPRESSION_ALGORITHM +SSL,reason,258,UNSUPPORTED_ELLIPTIC_CURVE +SSL,reason,259,UNSUPPORTED_PROTOCOL +SSL,reason,260,UNSUPPORTED_SSL_VERSION +SSL,reason,261,USE_SRTP_NOT_NEGOTIATED +SSL,reason,262,WRONG_CERTIFICATE_TYPE +SSL,reason,263,WRONG_CIPHER_RETURNED +SSL,reason,264,WRONG_CURVE +SSL,reason,265,WRONG_MESSAGE_TYPE +SSL,reason,266,WRONG_SIGNATURE_TYPE +SSL,reason,267,WRONG_SSL_VERSION +SSL,reason,268,WRONG_VERSION_NUMBER +SSL,reason,269,X509_LIB +SSL,reason,270,X509_VERIFICATION_SETUP_PROBLEMS diff --git a/src/crypto/err/x509.errordata b/src/crypto/err/x509.errordata new file mode 100644 index 0000000..1b50e36 --- /dev/null +++ b/src/crypto/err/x509.errordata @@ -0,0 +1,96 @@ +X509,function,100,ASN1_digest +X509,function,101,ASN1_item_sign_ctx +X509,function,102,ASN1_item_verify +X509,function,103,NETSCAPE_SPKI_b64_decode +X509,function,104,NETSCAPE_SPKI_b64_encode +X509,function,158,PKCS7_get_CRLs +X509,function,105,PKCS7_get_certificates +X509,function,106,X509_ATTRIBUTE_create_by_NID +X509,function,107,X509_ATTRIBUTE_create_by_OBJ +X509,function,108,X509_ATTRIBUTE_create_by_txt +X509,function,109,X509_ATTRIBUTE_get0_data +X509,function,110,X509_ATTRIBUTE_set1_data +X509,function,111,X509_CRL_add0_revoked +X509,function,112,X509_CRL_diff +X509,function,113,X509_CRL_print_fp +X509,function,114,X509_EXTENSION_create_by_NID +X509,function,115,X509_EXTENSION_create_by_OBJ +X509,function,116,X509_INFO_new +X509,function,117,X509_NAME_ENTRY_create_by_NID +X509,function,118,X509_NAME_ENTRY_create_by_txt +X509,function,119,X509_NAME_ENTRY_set_object +X509,function,120,X509_NAME_add_entry +X509,function,121,X509_NAME_oneline +X509,function,122,X509_NAME_print +X509,function,123,X509_PKEY_new +X509,function,124,X509_PUBKEY_get +X509,function,125,X509_PUBKEY_set +X509,function,126,X509_REQ_check_private_key +X509,function,127,X509_REQ_to_X509 +X509,function,128,X509_STORE_CTX_get1_issuer +X509,function,129,X509_STORE_CTX_init +X509,function,130,X509_STORE_CTX_new +X509,function,131,X509_STORE_CTX_purpose_inherit +X509,function,132,X509_STORE_add_cert +X509,function,133,X509_STORE_add_crl +X509,function,134,X509_TRUST_add +X509,function,135,X509_TRUST_set +X509,function,136,X509_check_private_key +X509,function,137,X509_get_pubkey_parameters +X509,function,138,X509_load_cert_crl_file +X509,function,139,X509_load_cert_file +X509,function,140,X509_load_crl_file +X509,function,141,X509_print_ex_fp +X509,function,142,X509_to_X509_REQ +X509,function,143,X509_verify_cert +X509,function,144,X509at_add1_attr +X509,function,145,X509v3_add_ext +X509,function,146,add_cert_dir +X509,function,147,by_file_ctrl +X509,function,148,check_policy +X509,function,149,dir_ctrl +X509,function,150,get_cert_by_subject +X509,function,151,i2d_DSA_PUBKEY +X509,function,152,i2d_EC_PUBKEY +X509,function,153,i2d_RSA_PUBKEY +X509,function,157,pkcs7_parse_header +X509,function,154,x509_name_encode +X509,function,155,x509_name_ex_d2i +X509,function,156,x509_name_ex_new +X509,reason,100,AKID_MISMATCH +X509,reason,101,BAD_PKCS7_VERSION +X509,reason,102,BAD_X509_FILETYPE +X509,reason,103,BASE64_DECODE_ERROR +X509,reason,104,CANT_CHECK_DH_KEY +X509,reason,105,CERT_ALREADY_IN_HASH_TABLE +X509,reason,106,CRL_ALREADY_DELTA +X509,reason,107,CRL_VERIFY_FAILURE +X509,reason,108,IDP_MISMATCH +X509,reason,109,INVALID_BIT_STRING_BITS_LEFT +X509,reason,110,INVALID_DIRECTORY +X509,reason,111,INVALID_FIELD_NAME +X509,reason,112,INVALID_TRUST +X509,reason,113,ISSUER_MISMATCH +X509,reason,114,KEY_TYPE_MISMATCH +X509,reason,115,KEY_VALUES_MISMATCH +X509,reason,116,LOADING_CERT_DIR +X509,reason,117,LOADING_DEFAULTS +X509,reason,118,METHOD_NOT_SUPPORTED +X509,reason,119,NEWER_CRL_NOT_NEWER +X509,reason,120,NOT_PKCS7_SIGNED_DATA +X509,reason,121,NO_CERTIFICATES_INCLUDED +X509,reason,122,NO_CERT_SET_FOR_US_TO_VERIFY +X509,reason,136,NO_CRLS_INCLUDED +X509,reason,123,NO_CRL_NUMBER +X509,reason,124,PUBLIC_KEY_DECODE_ERROR +X509,reason,125,PUBLIC_KEY_ENCODE_ERROR +X509,reason,126,SHOULD_RETRY +X509,reason,127,UNABLE_TO_FIND_PARAMETERS_IN_CHAIN +X509,reason,128,UNABLE_TO_GET_CERTS_PUBLIC_KEY +X509,reason,129,UNKNOWN_KEY_TYPE +X509,reason,130,UNKNOWN_NID +X509,reason,131,UNKNOWN_PURPOSE_ID +X509,reason,132,UNKNOWN_TRUST_ID +X509,reason,133,UNSUPPORTED_ALGORITHM +X509,reason,134,WRONG_LOOKUP_TYPE +X509,reason,135,WRONG_TYPE diff --git a/src/crypto/err/x509v3.errordata b/src/crypto/err/x509v3.errordata new file mode 100644 index 0000000..059e677 --- /dev/null +++ b/src/crypto/err/x509v3.errordata @@ -0,0 +1,120 @@ +X509V3,function,100,SXNET_add_id_INTEGER +X509V3,function,101,SXNET_add_id_asc +X509V3,function,102,SXNET_add_id_ulong +X509V3,function,103,SXNET_get_id_asc +X509V3,function,104,SXNET_get_id_ulong +X509V3,function,105,X509V3_EXT_add +X509V3,function,106,X509V3_EXT_add_alias +X509V3,function,107,X509V3_EXT_free +X509V3,function,108,X509V3_EXT_i2d +X509V3,function,109,X509V3_EXT_nconf +X509V3,function,110,X509V3_add1_i2d +X509V3,function,111,X509V3_add_value +X509V3,function,112,X509V3_get_section +X509V3,function,113,X509V3_get_string +X509V3,function,114,X509V3_get_value_bool +X509V3,function,115,X509V3_parse_list +X509V3,function,116,X509_PURPOSE_add +X509V3,function,117,X509_PURPOSE_set +X509V3,function,118,a2i_GENERAL_NAME +X509V3,function,119,copy_email +X509V3,function,120,copy_issuer +X509V3,function,121,do_dirname +X509V3,function,122,do_ext_i2d +X509V3,function,123,do_ext_nconf +X509V3,function,124,gnames_from_sectname +X509V3,function,125,hex_to_string +X509V3,function,126,i2s_ASN1_ENUMERATED +X509V3,function,127,i2s_ASN1_IA5STRING +X509V3,function,128,i2s_ASN1_INTEGER +X509V3,function,129,i2v_AUTHORITY_INFO_ACCESS +X509V3,function,130,notice_section +X509V3,function,131,nref_nos +X509V3,function,132,policy_section +X509V3,function,133,process_pci_value +X509V3,function,134,r2i_certpol +X509V3,function,135,r2i_pci +X509V3,function,136,s2i_ASN1_IA5STRING +X509V3,function,137,s2i_ASN1_INTEGER +X509V3,function,138,s2i_ASN1_OCTET_STRING +X509V3,function,139,s2i_skey_id +X509V3,function,140,set_dist_point_name +X509V3,function,141,string_to_hex +X509V3,function,142,v2i_ASN1_BIT_STRING +X509V3,function,143,v2i_AUTHORITY_INFO_ACCESS +X509V3,function,144,v2i_AUTHORITY_KEYID +X509V3,function,145,v2i_BASIC_CONSTRAINTS +X509V3,function,146,v2i_EXTENDED_KEY_USAGE +X509V3,function,147,v2i_GENERAL_NAMES +X509V3,function,148,v2i_GENERAL_NAME_ex +X509V3,function,149,v2i_NAME_CONSTRAINTS +X509V3,function,150,v2i_POLICY_CONSTRAINTS +X509V3,function,151,v2i_POLICY_MAPPINGS +X509V3,function,152,v2i_crld +X509V3,function,153,v2i_idp +X509V3,function,154,v2i_issuer_alt +X509V3,function,155,v2i_subject_alt +X509V3,function,156,v3_generic_extension +X509V3,reason,100,BAD_IP_ADDRESS +X509V3,reason,101,BAD_OBJECT +X509V3,reason,102,BN_DEC2BN_ERROR +X509V3,reason,103,BN_TO_ASN1_INTEGER_ERROR +X509V3,reason,104,CANNOT_FIND_FREE_FUNCTION +X509V3,reason,105,DIRNAME_ERROR +X509V3,reason,106,DISTPOINT_ALREADY_SET +X509V3,reason,107,DUPLICATE_ZONE_ID +X509V3,reason,108,ERROR_CONVERTING_ZONE +X509V3,reason,109,ERROR_CREATING_EXTENSION +X509V3,reason,110,ERROR_IN_EXTENSION +X509V3,reason,111,EXPECTED_A_SECTION_NAME +X509V3,reason,112,EXTENSION_EXISTS +X509V3,reason,113,EXTENSION_NAME_ERROR +X509V3,reason,114,EXTENSION_NOT_FOUND +X509V3,reason,115,EXTENSION_SETTING_NOT_SUPPORTED +X509V3,reason,116,EXTENSION_VALUE_ERROR +X509V3,reason,117,ILLEGAL_EMPTY_EXTENSION +X509V3,reason,118,ILLEGAL_HEX_DIGIT +X509V3,reason,119,INCORRECT_POLICY_SYNTAX_TAG +X509V3,reason,120,INVALID_BOOLEAN_STRING +X509V3,reason,121,INVALID_EXTENSION_STRING +X509V3,reason,122,INVALID_MULTIPLE_RDNS +X509V3,reason,123,INVALID_NAME +X509V3,reason,124,INVALID_NULL_ARGUMENT +X509V3,reason,125,INVALID_NULL_NAME +X509V3,reason,126,INVALID_NULL_VALUE +X509V3,reason,127,INVALID_NUMBER +X509V3,reason,128,INVALID_NUMBERS +X509V3,reason,129,INVALID_OBJECT_IDENTIFIER +X509V3,reason,130,INVALID_OPTION +X509V3,reason,131,INVALID_POLICY_IDENTIFIER +X509V3,reason,132,INVALID_PROXY_POLICY_SETTING +X509V3,reason,133,INVALID_PURPOSE +X509V3,reason,134,INVALID_SECTION +X509V3,reason,135,INVALID_SYNTAX +X509V3,reason,136,ISSUER_DECODE_ERROR +X509V3,reason,137,MISSING_VALUE +X509V3,reason,138,NEED_ORGANIZATION_AND_NUMBERS +X509V3,reason,139,NO_CONFIG_DATABASE +X509V3,reason,140,NO_ISSUER_CERTIFICATE +X509V3,reason,141,NO_ISSUER_DETAILS +X509V3,reason,142,NO_POLICY_IDENTIFIER +X509V3,reason,143,NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED +X509V3,reason,144,NO_PUBLIC_KEY +X509V3,reason,145,NO_SUBJECT_DETAILS +X509V3,reason,146,ODD_NUMBER_OF_DIGITS +X509V3,reason,147,OPERATION_NOT_DEFINED +X509V3,reason,148,OTHERNAME_ERROR +X509V3,reason,149,POLICY_LANGUAGE_ALREADY_DEFINED +X509V3,reason,150,POLICY_PATH_LENGTH +X509V3,reason,151,POLICY_PATH_LENGTH_ALREADY_DEFINED +X509V3,reason,152,POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY +X509V3,reason,153,SECTION_NOT_FOUND +X509V3,reason,154,UNABLE_TO_GET_ISSUER_DETAILS +X509V3,reason,155,UNABLE_TO_GET_ISSUER_KEYID +X509V3,reason,156,UNKNOWN_BIT_STRING_ARGUMENT +X509V3,reason,157,UNKNOWN_EXTENSION +X509V3,reason,158,UNKNOWN_EXTENSION_NAME +X509V3,reason,159,UNKNOWN_OPTION +X509V3,reason,160,UNSUPPORTED_OPTION +X509V3,reason,161,UNSUPPORTED_TYPE +X509V3,reason,162,USER_TOO_LONG diff --git a/src/crypto/evp/CMakeLists.txt b/src/crypto/evp/CMakeLists.txt index 9854a18..6db9752 100644 --- a/src/crypto/evp/CMakeLists.txt +++ b/src/crypto/evp/CMakeLists.txt @@ -10,7 +10,7 @@ add_library( digestsign.c evp.c evp_ctx.c - evp_error.c + p_dsa_asn1.c p_ec.c p_ec_asn1.c p_hmac.c @@ -23,16 +23,24 @@ add_library( add_executable( + evp_extra_test + + evp_extra_test.cc +) + +add_executable( evp_test - evp_test.c + evp_test.cc + $ ) add_executable( pbkdf_test - pbkdf_test.c + pbkdf_test.cc ) +target_link_libraries(evp_extra_test crypto) target_link_libraries(evp_test crypto) target_link_libraries(pbkdf_test crypto) diff --git a/src/crypto/evp/asn1.c b/src/crypto/evp/asn1.c index 27ae017..3df9f52 100644 --- a/src/crypto/evp/asn1.c +++ b/src/crypto/evp/asn1.c @@ -105,7 +105,7 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **out, const uint8_t **inp, return ret; err: - if (ret != NULL && (out == NULL || *out != ret)) { + if (out == NULL || *out != ret) { EVP_PKEY_free(ret); } return NULL; diff --git a/src/crypto/evp/digestsign.c b/src/crypto/evp/digestsign.c index c86b805..c163d40 100644 --- a/src/crypto/evp/digestsign.c +++ b/src/crypto/evp/digestsign.c @@ -65,9 +65,8 @@ /* md_begin_digset is a callback from the |EVP_MD_CTX| code that is called when * a new digest is begun. */ static int md_begin_digest(EVP_MD_CTX *ctx) { - int r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG, - EVP_PKEY_CTRL_DIGESTINIT, 0, ctx); - return r > 0 || r == -2; + return EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG, + EVP_PKEY_CTRL_DIGESTINIT, 0, ctx); } static const struct evp_md_pctx_ops md_pctx_ops = { @@ -98,24 +97,24 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, if (is_verify) { if (ctx->pctx->pmeth->verifyctx_init) { - if (ctx->pctx->pmeth->verifyctx_init(ctx->pctx, ctx) <= 0) { + if (!ctx->pctx->pmeth->verifyctx_init(ctx->pctx, ctx)) { return 0; } ctx->pctx->operation = EVP_PKEY_OP_VERIFYCTX; - } else if (EVP_PKEY_verify_init(ctx->pctx) <= 0) { + } else if (!EVP_PKEY_verify_init(ctx->pctx)) { return 0; } } else { if (ctx->pctx->pmeth->signctx_init) { - if (ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx) <= 0) { + if (!ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx)) { return 0; } ctx->pctx->operation = EVP_PKEY_OP_SIGNCTX; - } else if (EVP_PKEY_sign_init(ctx->pctx) <= 0) { + } else if (!EVP_PKEY_sign_init(ctx->pctx)) { return 0; } } - if (EVP_PKEY_CTX_set_signature_md(ctx->pctx, type) <= 0) { + if (!EVP_PKEY_CTX_set_signature_md(ctx->pctx, type)) { return 0; } if (pctx) { @@ -163,12 +162,12 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, uint8_t *out_sig, r = tmp_ctx.pctx->pmeth->signctx(tmp_ctx.pctx, out_sig, out_sig_len, &tmp_ctx); } else { r = EVP_DigestFinal_ex(&tmp_ctx, md, &mdlen); + if (r) { + r = EVP_PKEY_sign(ctx->pctx, out_sig, out_sig_len, md, mdlen); + } } EVP_MD_CTX_cleanup(&tmp_ctx); - if (has_signctx || !r) { - return r; - } - return EVP_PKEY_sign(ctx->pctx, out_sig, out_sig_len, md, mdlen); + return r; } else { if (has_signctx) { return ctx->pctx->pmeth->signctx(ctx->pctx, out_sig, out_sig_len, ctx); @@ -185,21 +184,21 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const uint8_t *sig, uint8_t md[EVP_MAX_MD_SIZE]; int r; unsigned int mdlen; - const int has_verifyctx = ctx->pctx->pmeth->verifyctx != NULL; EVP_MD_CTX_init(&tmp_ctx); if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) { return 0; } - if (has_verifyctx) { + if (ctx->pctx->pmeth->verifyctx) { r = tmp_ctx.pctx->pmeth->verifyctx(tmp_ctx.pctx, sig, sig_len, &tmp_ctx); } else { r = EVP_DigestFinal_ex(&tmp_ctx, md, &mdlen); + if (r) { + r = EVP_PKEY_verify(ctx->pctx, sig, sig_len, md, mdlen); + } } EVP_MD_CTX_cleanup(&tmp_ctx); - if (has_verifyctx || !r) { - return r; - } - return EVP_PKEY_verify(ctx->pctx, sig, sig_len, md, mdlen); + + return r; } diff --git a/src/crypto/evp/evp.c b/src/crypto/evp/evp.c index 8a1d513..58fd9a9 100644 --- a/src/crypto/evp/evp.c +++ b/src/crypto/evp/evp.c @@ -67,10 +67,12 @@ #include #include #include +#include #include "internal.h" +extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meth; extern const EVP_PKEY_ASN1_METHOD ec_asn1_meth; extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth; extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meth; @@ -109,15 +111,14 @@ void EVP_PKEY_free(EVP_PKEY *pkey) { } free_it(pkey); - if (pkey->attributes) { - /* TODO(fork): layering: X509_ATTRIBUTE_free is an X.509 function. In - * practice this path isn't called but should be removed in the future. */ - /*sk_X509_ATTRIBUTE_pop_free(pkey->attributes, X509_ATTRIBUTE_free);*/ - assert(0); - } OPENSSL_free(pkey); } +EVP_PKEY *EVP_PKEY_up_ref(EVP_PKEY *pkey) { + CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); + return pkey; +} + int EVP_PKEY_is_opaque(const EVP_PKEY *pkey) { if (pkey->ameth && pkey->ameth->pkey_opaque) { return pkey->ameth->pkey_opaque(pkey); @@ -142,8 +143,9 @@ int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) { /* Compare parameters if the algorithm has them */ if (a->ameth->param_cmp) { ret = a->ameth->param_cmp(a, b); - if (ret <= 0) + if (ret <= 0) { return ret; + } } if (a->ameth->pub_cmp) { @@ -154,11 +156,6 @@ int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) { return -2; } -EVP_PKEY *EVP_PKEY_dup(EVP_PKEY *pkey) { - CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); - return pkey; -} - int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) { if (to->type != from->type) { OPENSSL_PUT_ERROR(EVP, EVP_PKEY_copy_parameters, EVP_R_DIFFERENT_KEY_TYPES); @@ -213,6 +210,8 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pengine, int nid) { return &hmac_asn1_meth; case EVP_PKEY_EC: return &ec_asn1_meth; + case EVP_PKEY_DSA: + return &dsa_asn1_meth; default: return NULL; } @@ -236,18 +235,19 @@ EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const uint8_t *mac_key, return NULL; } - if (EVP_PKEY_keygen_init(mac_ctx) <= 0 || - EVP_PKEY_CTX_ctrl(mac_ctx, -1, EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_SET_MAC_KEY, mac_key_len, - (uint8_t *)mac_key) <= 0 || - EVP_PKEY_keygen(mac_ctx, &ret) <= 0) { + if (!EVP_PKEY_keygen_init(mac_ctx) || + !EVP_PKEY_CTX_ctrl(mac_ctx, -1, EVP_PKEY_OP_KEYGEN, + EVP_PKEY_CTRL_SET_MAC_KEY, mac_key_len, + (uint8_t *)mac_key) || + !EVP_PKEY_keygen(mac_ctx, &ret)) { ret = NULL; goto merr; } merr: - if (mac_ctx) + if (mac_ctx) { EVP_PKEY_CTX_free(mac_ctx); + } return ret; } @@ -323,7 +323,7 @@ int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) { } int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key) { - return EVP_PKEY_assign(pkey, EVP_PKEY_EC, key); + return EVP_PKEY_assign(pkey, EVP_PKEY_DH, key); } DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey) { @@ -435,6 +435,10 @@ int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **out_md) { 0, (void *)out_md); } +EVP_PKEY *EVP_PKEY_dup(EVP_PKEY *pkey) { + return EVP_PKEY_up_ref(pkey); +} + void OpenSSL_add_all_algorithms(void) {} void EVP_cleanup(void) {} diff --git a/src/crypto/evp/evp_ctx.c b/src/crypto/evp/evp_ctx.c index a383725..9f42274 100644 --- a/src/crypto/evp/evp_ctx.c +++ b/src/crypto/evp/evp_ctx.c @@ -120,14 +120,12 @@ static EVP_PKEY_CTX *evp_pkey_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) { ret->operation = EVP_PKEY_OP_UNDEFINED; if (pkey) { - ret->pkey = EVP_PKEY_dup(pkey); + ret->pkey = EVP_PKEY_up_ref(pkey); } if (pmeth->init) { if (pmeth->init(ret) <= 0) { - if (pkey) { - EVP_PKEY_free(ret->pkey); - } + EVP_PKEY_free(ret->pkey); OPENSSL_free(ret); return NULL; } @@ -151,12 +149,8 @@ void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx) { if (ctx->pmeth && ctx->pmeth->cleanup) { ctx->pmeth->cleanup(ctx); } - if (ctx->pkey) { - EVP_PKEY_free(ctx->pkey); - } - if (ctx->peerkey) { - EVP_PKEY_free(ctx->peerkey); - } + EVP_PKEY_free(ctx->pkey); + EVP_PKEY_free(ctx->peerkey); OPENSSL_free(ctx); } @@ -179,14 +173,14 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) { rctx->operation = pctx->operation; if (pctx->pkey) { - rctx->pkey = EVP_PKEY_dup(pctx->pkey); + rctx->pkey = EVP_PKEY_up_ref(pctx->pkey); if (rctx->pkey == NULL) { goto err; } } if (pctx->peerkey) { - rctx->peerkey = EVP_PKEY_dup(pctx->peerkey); + rctx->peerkey = EVP_PKEY_up_ref(pctx->peerkey); if (rctx->peerkey == NULL) { goto err; } @@ -212,32 +206,25 @@ void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx) { return ctx->app_data; } int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd, int p1, void *p2) { - int ret; if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl) { OPENSSL_PUT_ERROR(EVP, EVP_PKEY_CTX_ctrl, EVP_R_COMMAND_NOT_SUPPORTED); - return -2; + return 0; } if (keytype != -1 && ctx->pmeth->pkey_id != keytype) { - return -1; + return 0; } if (ctx->operation == EVP_PKEY_OP_UNDEFINED) { OPENSSL_PUT_ERROR(EVP, EVP_PKEY_CTX_ctrl, EVP_R_NO_OPERATION_SET); - return -1; + return 0; } if (optype != -1 && !(ctx->operation & optype)) { OPENSSL_PUT_ERROR(EVP, EVP_PKEY_CTX_ctrl, EVP_R_INVALID_OPERATION); - return -1; - } - - ret = ctx->pmeth->ctrl(ctx, cmd, p1, p2); - - if (ret == -2) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_CTX_ctrl, EVP_R_COMMAND_NOT_SUPPORTED); + return 0; } - return ret; + return ctx->pmeth->ctrl(ctx, cmd, p1, p2); } int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx) { @@ -434,9 +421,7 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) { return 0; } - if (ctx->peerkey) { - EVP_PKEY_free(ctx->peerkey); - } + EVP_PKEY_free(ctx->peerkey); ctx->peerkey = peer; ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer); @@ -446,7 +431,7 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) { return 0; } - EVP_PKEY_dup(peer); + EVP_PKEY_up_ref(peer); return 1; } diff --git a/src/crypto/evp/evp_error.c b/src/crypto/evp/evp_error.c deleted file mode 100644 index b0d311e..0000000 --- a/src/crypto/evp/evp_error.c +++ /dev/null @@ -1,131 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#include - -#include - -const ERR_STRING_DATA EVP_error_string_data[] = { - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DigestSignAlgorithm, 0), "EVP_DigestSignAlgorithm"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DigestVerifyInitFromAlgorithm, 0), "EVP_DigestVerifyInitFromAlgorithm"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CTX_ctrl, 0), "EVP_PKEY_CTX_ctrl"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CTX_dup, 0), "EVP_PKEY_CTX_dup"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_copy_parameters, 0), "EVP_PKEY_copy_parameters"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_decrypt, 0), "EVP_PKEY_decrypt"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_decrypt_init, 0), "EVP_PKEY_decrypt_init"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_derive, 0), "EVP_PKEY_derive"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_derive_init, 0), "EVP_PKEY_derive_init"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_derive_set_peer, 0), "EVP_PKEY_derive_set_peer"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_encrypt, 0), "EVP_PKEY_encrypt"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_encrypt_init, 0), "EVP_PKEY_encrypt_init"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_get1_DH, 0), "EVP_PKEY_get1_DH"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_get1_DSA, 0), "EVP_PKEY_get1_DSA"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_get1_EC_KEY, 0), "EVP_PKEY_get1_EC_KEY"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_get1_RSA, 0), "EVP_PKEY_get1_RSA"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_keygen, 0), "EVP_PKEY_keygen"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_keygen_init, 0), "EVP_PKEY_keygen_init"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_new, 0), "EVP_PKEY_new"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_set_type, 0), "EVP_PKEY_set_type"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_sign, 0), "EVP_PKEY_sign"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_sign_init, 0), "EVP_PKEY_sign_init"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_verify, 0), "EVP_PKEY_verify"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_verify_init, 0), "EVP_PKEY_verify_init"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_check_padding_md, 0), "check_padding_md"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_d2i_AutoPrivateKey, 0), "d2i_AutoPrivateKey"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_d2i_PrivateKey, 0), "d2i_PrivateKey"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_do_EC_KEY_print, 0), "do_EC_KEY_print"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_do_rsa_print, 0), "do_rsa_print"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_do_sigver_init, 0), "do_sigver_init"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_eckey_param2type, 0), "eckey_param2type"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_eckey_param_decode, 0), "eckey_param_decode"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_eckey_priv_decode, 0), "eckey_priv_decode"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_eckey_priv_encode, 0), "eckey_priv_encode"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_eckey_pub_decode, 0), "eckey_pub_decode"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_eckey_pub_encode, 0), "eckey_pub_encode"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_eckey_type2param, 0), "eckey_type2param"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_evp_pkey_ctx_new, 0), "evp_pkey_ctx_new"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_hmac_signctx, 0), "hmac_signctx"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_i2d_PublicKey, 0), "i2d_PublicKey"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_old_ec_priv_decode, 0), "old_ec_priv_decode"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_old_rsa_priv_decode, 0), "old_rsa_priv_decode"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_pkey_ec_ctrl, 0), "pkey_ec_ctrl"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_pkey_ec_derive, 0), "pkey_ec_derive"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_pkey_ec_keygen, 0), "pkey_ec_keygen"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_pkey_ec_paramgen, 0), "pkey_ec_paramgen"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_pkey_ec_sign, 0), "pkey_ec_sign"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_pkey_rsa_ctrl, 0), "pkey_rsa_ctrl"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_pkey_rsa_decrypt, 0), "pkey_rsa_decrypt"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_pkey_rsa_encrypt, 0), "pkey_rsa_encrypt"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_pkey_rsa_sign, 0), "pkey_rsa_sign"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_rsa_algor_to_md, 0), "rsa_algor_to_md"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_rsa_digest_verify_init_from_algorithm, 0), "rsa_digest_verify_init_from_algorithm"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_rsa_item_verify, 0), "rsa_item_verify"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_rsa_mgf1_to_md, 0), "rsa_mgf1_to_md"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_rsa_priv_decode, 0), "rsa_priv_decode"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_rsa_priv_encode, 0), "rsa_priv_encode"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_rsa_pss_to_ctx, 0), "rsa_pss_to_ctx"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_rsa_pub_decode, 0), "rsa_pub_decode"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BUFFER_TOO_SMALL), "BUFFER_TOO_SMALL"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_COMMAND_NOT_SUPPORTED), "COMMAND_NOT_SUPPORTED"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CONTEXT_NOT_INITIALISED), "CONTEXT_NOT_INITIALISED"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DECODE_ERROR), "DECODE_ERROR"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIFFERENT_KEY_TYPES), "DIFFERENT_KEY_TYPES"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIFFERENT_PARAMETERS), "DIFFERENT_PARAMETERS"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED), "DIGEST_AND_KEY_TYPE_NOT_SUPPORTED"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIGEST_DOES_NOT_MATCH), "DIGEST_DOES_NOT_MATCH"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_AN_DSA_KEY), "EXPECTING_AN_DSA_KEY"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_AN_EC_KEY_KEY), "EXPECTING_AN_EC_KEY_KEY"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_AN_RSA_KEY), "EXPECTING_AN_RSA_KEY"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_DH_KEY), "EXPECTING_A_DH_KEY"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_DSA_KEY), "EXPECTING_A_DSA_KEY"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPLICIT_EC_PARAMETERS_NOT_SUPPORTED), "EXPLICIT_EC_PARAMETERS_NOT_SUPPORTED"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE), "ILLEGAL_OR_UNSUPPORTED_PADDING_MODE"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_CURVE), "INVALID_CURVE"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_DIGEST_LENGTH), "INVALID_DIGEST_LENGTH"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_DIGEST_TYPE), "INVALID_DIGEST_TYPE"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEYBITS), "INVALID_KEYBITS"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_MGF1_MD), "INVALID_MGF1_MD"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_OPERATION), "INVALID_OPERATION"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_PADDING_MODE), "INVALID_PADDING_MODE"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_PSS_PARAMETERS), "INVALID_PSS_PARAMETERS"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_PSS_SALTLEN), "INVALID_PSS_SALTLEN"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_SALT_LENGTH), "INVALID_SALT_LENGTH"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_TRAILER), "INVALID_TRAILER"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_KDF_PARAMETER_ERROR), "KDF_PARAMETER_ERROR"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_KEYS_NOT_SET), "KEYS_NOT_SET"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_MISSING_PARAMETERS), "MISSING_PARAMETERS"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_DEFAULT_DIGEST), "NO_DEFAULT_DIGEST"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_KEY_SET), "NO_KEY_SET"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_MDC2_SUPPORT), "NO_MDC2_SUPPORT"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_NID_FOR_CURVE), "NO_NID_FOR_CURVE"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_OPERATION_SET), "NO_OPERATION_SET"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_PARAMETERS_SET), "NO_PARAMETERS_SET"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), "OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED), "OPERATON_NOT_INITIALIZED"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PEER_KEY_ERROR), "PEER_KEY_ERROR"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_SHARED_INFO_ERROR), "SHARED_INFO_ERROR"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_DIGEST), "UNKNOWN_DIGEST"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_MASK_DIGEST), "UNKNOWN_MASK_DIGEST"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM), "UNKNOWN_MESSAGE_DIGEST_ALGORITHM"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_PUBLIC_KEY_TYPE), "UNKNOWN_PUBLIC_KEY_TYPE"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_SIGNATURE_ALGORITHM), "UNKNOWN_SIGNATURE_ALGORITHM"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_ALGORITHM), "UNSUPPORTED_ALGORITHM"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_MASK_ALGORITHM), "UNSUPPORTED_MASK_ALGORITHM"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_MASK_PARAMETER), "UNSUPPORTED_MASK_PARAMETER"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_PUBLIC_KEY_TYPE), "UNSUPPORTED_PUBLIC_KEY_TYPE"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_SIGNATURE_TYPE), "UNSUPPORTED_SIGNATURE_TYPE"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRONG_PUBLIC_KEY_TYPE), "WRONG_PUBLIC_KEY_TYPE"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_X931_UNSUPPORTED), "X931_UNSUPPORTED"}, - {0, NULL}, -}; diff --git a/src/crypto/evp/evp_extra_test.cc b/src/crypto/evp/evp_extra_test.cc new file mode 100644 index 0000000..674547d --- /dev/null +++ b/src/crypto/evp/evp_extra_test.cc @@ -0,0 +1,601 @@ +/* Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include +#include +#include + +#include + +#include +#include +#include +#include +#include +#include +#include + +#include "../test/scoped_types.h" + + +// kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you +// should never use this key anywhere but in an example. +static const uint8_t kExampleRSAKeyDER[] = { + 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8, + 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59, + 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37, + 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71, + 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a, + 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4, + 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec, + 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76, + 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8, + 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7, + 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c, + 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01, + 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7, + 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85, + 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee, + 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85, + 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a, + 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15, + 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83, + 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b, + 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73, + 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99, + 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02, + 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41, + 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59, + 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9, + 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef, + 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87, + 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf, + 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5, + 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5, + 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62, + 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64, + 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8, + 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba, + 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe, + 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7, + 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe, + 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb, + 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34, + 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27, + 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0, + 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba, + 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06, + 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c, + 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e, + 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf, + 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a, + 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17, + 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1, + 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, +}; + +static const uint8_t kExampleDSAKeyDER[] = { + 0x30, 0x82, 0x03, 0x56, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, + 0x9e, 0x12, 0xfa, 0xb3, 0xde, 0x12, 0x21, 0x35, 0x01, 0xdd, 0x82, 0xaa, + 0x10, 0xca, 0x2d, 0x10, 0x1d, 0x2d, 0x4e, 0xbf, 0xef, 0x4d, 0x2a, 0x3f, + 0x8d, 0xaa, 0x0f, 0xe0, 0xce, 0xda, 0xd8, 0xd6, 0xaf, 0x85, 0x61, 0x6a, + 0xa2, 0xf3, 0x25, 0x2c, 0x0a, 0x2b, 0x5a, 0x6d, 0xb0, 0x9e, 0x6f, 0x14, + 0x90, 0x0e, 0x0d, 0xdb, 0x83, 0x11, 0x87, 0x6d, 0xd8, 0xf9, 0x66, 0x95, + 0x25, 0xf9, 0x9e, 0xd6, 0x59, 0x49, 0xe1, 0x84, 0xd5, 0x06, 0x47, 0x93, + 0x27, 0x11, 0x69, 0xa2, 0x28, 0x68, 0x0b, 0x95, 0xec, 0x12, 0xf5, 0x9a, + 0x8e, 0x20, 0xb2, 0x1f, 0x2b, 0x58, 0xeb, 0x2a, 0x20, 0x12, 0xd3, 0x5b, + 0xde, 0x2e, 0xe3, 0x51, 0x82, 0x2f, 0xe8, 0xf3, 0x2d, 0x0a, 0x33, 0x05, + 0x65, 0xdc, 0xce, 0x5c, 0x67, 0x2b, 0x72, 0x59, 0xc1, 0x4b, 0x24, 0x33, + 0xd0, 0xb5, 0xb2, 0xca, 0x2b, 0x2d, 0xb0, 0xab, 0x62, 0x6e, 0x8f, 0x13, + 0xf4, 0x7f, 0xe0, 0x34, 0x5d, 0x90, 0x4e, 0x72, 0x94, 0xbb, 0x03, 0x8e, + 0x9c, 0xe2, 0x1a, 0x9e, 0x58, 0x0b, 0x83, 0x35, 0x62, 0x78, 0x70, 0x6c, + 0xfe, 0x76, 0x84, 0x36, 0xc6, 0x9d, 0xe1, 0x49, 0xcc, 0xff, 0x98, 0xb4, + 0xaa, 0xb8, 0xcb, 0x4f, 0x63, 0x85, 0xc9, 0xf1, 0x02, 0xce, 0x59, 0x34, + 0x6e, 0xae, 0xef, 0x27, 0xe0, 0xad, 0x22, 0x2d, 0x53, 0xd6, 0xe8, 0x9c, + 0xc8, 0xcd, 0xe5, 0x77, 0x6d, 0xd0, 0x00, 0x57, 0xb0, 0x3f, 0x2d, 0x88, + 0xab, 0x3c, 0xed, 0xba, 0xfd, 0x7b, 0x58, 0x5f, 0x0b, 0x7f, 0x78, 0x35, + 0xe1, 0x7a, 0x37, 0x28, 0xbb, 0xf2, 0x5e, 0xa6, 0x25, 0x72, 0xf2, 0x45, + 0xdc, 0x11, 0x1f, 0x3c, 0xe3, 0x9c, 0xb6, 0xff, 0xac, 0xc3, 0x1b, 0x0a, + 0x27, 0x90, 0xe7, 0xbd, 0xe9, 0x02, 0x24, 0xea, 0x9b, 0x09, 0x31, 0x53, + 0x62, 0xaf, 0x3d, 0x2b, 0x02, 0x21, 0x00, 0xf3, 0x81, 0xdc, 0xf5, 0x3e, + 0xbf, 0x72, 0x4f, 0x8b, 0x2e, 0x5c, 0xa8, 0x2c, 0x01, 0x0f, 0xb4, 0xb5, + 0xed, 0xa9, 0x35, 0x8d, 0x0f, 0xd8, 0x8e, 0xd2, 0x78, 0x58, 0x94, 0x88, + 0xb5, 0x4f, 0xc3, 0x02, 0x82, 0x01, 0x00, 0x0c, 0x40, 0x2a, 0x72, 0x5d, + 0xcc, 0x3a, 0x62, 0xe0, 0x2b, 0xf4, 0xcf, 0x43, 0xcd, 0x17, 0xf4, 0xa4, + 0x93, 0x59, 0x12, 0x20, 0x22, 0x36, 0x69, 0xcf, 0x41, 0x93, 0xed, 0xab, + 0x42, 0x3a, 0xd0, 0x8d, 0xfb, 0x55, 0x2e, 0x30, 0x8a, 0x6a, 0x57, 0xa5, + 0xff, 0xbc, 0x7c, 0xd0, 0xfb, 0x20, 0x87, 0xf8, 0x1f, 0x8d, 0xf0, 0xcb, + 0x08, 0xab, 0x21, 0x33, 0x28, 0x7d, 0x2b, 0x69, 0x68, 0x71, 0x4a, 0x94, + 0xf6, 0x33, 0xc9, 0x40, 0x84, 0x5a, 0x48, 0xa3, 0xe1, 0x67, 0x08, 0xdd, + 0xe7, 0x61, 0xcc, 0x6a, 0x8e, 0xab, 0x2d, 0x84, 0xdb, 0x21, 0xb6, 0xea, + 0x5b, 0x07, 0x68, 0x14, 0x93, 0xcc, 0x9c, 0x31, 0xfb, 0xc3, 0x68, 0xb2, + 0x43, 0xf6, 0xdd, 0xf8, 0xc9, 0x32, 0xa8, 0xb4, 0x03, 0x8f, 0x44, 0xe7, + 0xb1, 0x5c, 0xa8, 0x76, 0x34, 0x4a, 0x14, 0x78, 0x59, 0xf2, 0xb4, 0x3b, + 0x39, 0x45, 0x86, 0x68, 0xad, 0x5e, 0x0a, 0x1a, 0x9a, 0x66, 0x95, 0x46, + 0xdd, 0x28, 0x12, 0xe3, 0xb3, 0x61, 0x7a, 0x0a, 0xef, 0x99, 0xd5, 0x8e, + 0x3b, 0xb4, 0xcc, 0x87, 0xfd, 0x94, 0x22, 0x5e, 0x01, 0xd2, 0xdc, 0xc4, + 0x69, 0xa7, 0x72, 0x68, 0x14, 0x6c, 0x51, 0x91, 0x8f, 0x18, 0xe8, 0xb4, + 0xd7, 0x0a, 0xa1, 0xf0, 0xc7, 0x62, 0x3b, 0xcc, 0x52, 0xcf, 0x37, 0x31, + 0xd3, 0x86, 0x41, 0xb2, 0xd2, 0x83, 0x0b, 0x7e, 0xec, 0xb2, 0xf0, 0x95, + 0x52, 0xff, 0x13, 0x7d, 0x04, 0x6e, 0x49, 0x4e, 0x7f, 0x33, 0xc3, 0x59, + 0x00, 0x02, 0xb1, 0x6d, 0x1b, 0x97, 0xd9, 0x36, 0xfd, 0xa2, 0x8f, 0x90, + 0xc3, 0xed, 0x3c, 0xa3, 0x53, 0x38, 0x16, 0x8a, 0xc1, 0x6f, 0x77, 0xc3, + 0xc5, 0x7a, 0xdc, 0x2e, 0x8f, 0x7c, 0x6c, 0x22, 0x56, 0xe4, 0x1a, 0x5f, + 0x65, 0x45, 0x05, 0x90, 0xdb, 0xb5, 0xbc, 0xf0, 0x6d, 0x66, 0x61, 0x02, + 0x82, 0x01, 0x00, 0x31, 0x97, 0x31, 0xa1, 0x4e, 0x38, 0x56, 0x88, 0xdb, + 0x94, 0x1d, 0xbf, 0x65, 0x5c, 0xda, 0x4b, 0xc2, 0x10, 0xde, 0x74, 0x20, + 0x03, 0xce, 0x13, 0x60, 0xf2, 0x25, 0x1d, 0x55, 0x7c, 0x5d, 0x94, 0x82, + 0x54, 0x08, 0x53, 0xdb, 0x85, 0x95, 0xbf, 0xdd, 0x5e, 0x50, 0xd5, 0x96, + 0xe0, 0x79, 0x51, 0x1b, 0xbf, 0x4d, 0x4e, 0xb9, 0x3a, 0xc5, 0xee, 0xc4, + 0x5e, 0x98, 0x75, 0x7b, 0xbe, 0xff, 0x30, 0xe6, 0xd0, 0x7b, 0xa6, 0xf1, + 0xbc, 0x29, 0xea, 0xdf, 0xec, 0xf3, 0x8b, 0xfa, 0x83, 0x11, 0x9f, 0x3f, + 0xf0, 0x5d, 0x06, 0x51, 0x32, 0xaa, 0x21, 0xfc, 0x26, 0x17, 0xe7, 0x50, + 0xc2, 0x16, 0xba, 0xfa, 0x54, 0xb7, 0x7e, 0x1d, 0x2c, 0xa6, 0xa3, 0x41, + 0x66, 0x33, 0x94, 0x83, 0xb9, 0xbf, 0xa0, 0x4f, 0xbd, 0xa6, 0xfd, 0x2c, + 0x81, 0x58, 0x35, 0x33, 0x39, 0xc0, 0x6d, 0x33, 0x40, 0x56, 0x64, 0x12, + 0x5a, 0xcd, 0x35, 0x53, 0x21, 0x78, 0x8f, 0x27, 0x24, 0x37, 0x66, 0x8a, + 0xdf, 0x5e, 0x5f, 0x63, 0xfc, 0x8b, 0x2d, 0xef, 0x57, 0xdb, 0x40, 0x25, + 0xd5, 0x17, 0x53, 0x0b, 0xe4, 0xa5, 0xae, 0x54, 0xbf, 0x46, 0x4f, 0xa6, + 0x79, 0xc3, 0x74, 0xfa, 0x1f, 0x85, 0x34, 0x64, 0x6d, 0xc5, 0x03, 0xeb, + 0x72, 0x98, 0x80, 0x7b, 0xc0, 0x8f, 0x35, 0x11, 0xa7, 0x09, 0xeb, 0x51, + 0xe0, 0xb0, 0xac, 0x92, 0x14, 0xf2, 0xad, 0x37, 0x95, 0x5a, 0xba, 0x8c, + 0xc4, 0xdb, 0xed, 0xc4, 0x4e, 0x8b, 0x8f, 0x84, 0x33, 0x64, 0xf8, 0x57, + 0x12, 0xd7, 0x08, 0x7e, 0x90, 0x66, 0xdf, 0x91, 0x50, 0x23, 0xf2, 0x73, + 0xc0, 0x6b, 0xb1, 0x15, 0xdd, 0x64, 0xd7, 0xc9, 0x75, 0x17, 0x73, 0x72, + 0xda, 0x33, 0xc4, 0x6f, 0xa5, 0x47, 0xa1, 0xcc, 0xd1, 0xc6, 0x62, 0xe5, + 0xca, 0xab, 0x5f, 0x2a, 0x8f, 0x6b, 0xcc, 0x02, 0x21, 0x00, 0xb0, 0xc7, + 0x68, 0x70, 0x27, 0x43, 0xbc, 0x51, 0x24, 0x29, 0x93, 0xa9, 0x71, 0xa5, + 0x28, 0x89, 0x79, 0x54, 0x44, 0xf7, 0xc6, 0x45, 0x22, 0x03, 0xd0, 0xce, + 0x84, 0xfe, 0x61, 0x17, 0xd4, 0x6e, +}; + +static const uint8_t kMsg[] = {1, 2, 3, 4}; + +static const uint8_t kSignature[] = { + 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d, + 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e, + 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04, + 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09, + 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67, + 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a, + 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda, + 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48, + 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04, + 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7, + 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42, +}; + +// kExamplePSSCert is an example self-signed certificate, signed with +// kExampleRSAKeyDER using RSA-PSS with default hash functions. +static const uint8_t kExamplePSSCert[] = { + 0x30, 0x82, 0x02, 0x62, 0x30, 0x82, 0x01, 0xc6, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x09, 0x00, 0x8d, 0xea, 0x53, 0x24, 0xfa, 0x48, 0x87, 0xf3, + 0x30, 0x12, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x0a, 0x30, 0x05, 0xa2, 0x03, 0x02, 0x01, 0x6a, 0x30, 0x45, 0x31, 0x0b, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, + 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x53, 0x6f, + 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x31, 0x21, 0x30, 0x1f, + 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x18, 0x49, 0x6e, 0x74, 0x65, 0x72, + 0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, + 0x50, 0x74, 0x79, 0x20, 0x4c, 0x74, 0x64, 0x30, 0x1e, 0x17, 0x0d, 0x31, + 0x34, 0x31, 0x30, 0x30, 0x39, 0x31, 0x39, 0x30, 0x39, 0x35, 0x35, 0x5a, + 0x17, 0x0d, 0x31, 0x35, 0x31, 0x30, 0x30, 0x39, 0x31, 0x39, 0x30, 0x39, + 0x35, 0x35, 0x5a, 0x30, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, + 0x61, 0x74, 0x65, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0a, + 0x0c, 0x18, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, + 0x69, 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, 0x4c, + 0x74, 0x64, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, + 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, + 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, + 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, + 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, + 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, + 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, + 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, + 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, + 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, + 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, + 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, + 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x50, 0x30, 0x4e, + 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xd0, + 0x41, 0xfb, 0x89, 0x41, 0x1e, 0xa7, 0xad, 0x5a, 0xec, 0x34, 0x5d, 0x49, + 0x11, 0xf9, 0x55, 0x81, 0x78, 0x1f, 0x13, 0x30, 0x1f, 0x06, 0x03, 0x55, + 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xd0, 0x41, 0xfb, 0x89, + 0x41, 0x1e, 0xa7, 0xad, 0x5a, 0xec, 0x34, 0x5d, 0x49, 0x11, 0xf9, 0x55, + 0x81, 0x78, 0x1f, 0x13, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, + 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x12, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0a, 0x30, 0x05, 0xa2, 0x03, 0x02, + 0x01, 0x6a, 0x03, 0x81, 0x81, 0x00, 0x49, 0x4c, 0xb6, 0x45, 0x97, 0x20, + 0x35, 0xb3, 0x50, 0x64, 0x0d, 0x3f, 0xec, 0x5f, 0x95, 0xd5, 0x84, 0xcb, + 0x11, 0x7c, 0x03, 0xd7, 0xa6, 0xe6, 0xfa, 0x24, 0x95, 0x9f, 0x31, 0xb0, + 0xb5, 0xec, 0x66, 0x41, 0x51, 0x18, 0x21, 0x91, 0xbb, 0xe0, 0xaf, 0xf0, + 0xc5, 0xb7, 0x59, 0x41, 0xd4, 0xdb, 0xa4, 0xd2, 0x64, 0xa7, 0x54, 0x0f, + 0x8c, 0xf7, 0xe1, 0xd3, 0x3b, 0x1a, 0xb7, 0x0e, 0x9d, 0x9a, 0xde, 0x50, + 0xa1, 0x9f, 0x0a, 0xf0, 0xda, 0x34, 0x0e, 0x34, 0x7d, 0x76, 0x07, 0xfe, + 0x5a, 0xfb, 0xf9, 0x58, 0x9b, 0xc9, 0x50, 0x84, 0x01, 0xa0, 0x05, 0x4d, + 0x67, 0x42, 0x0b, 0xf8, 0xe4, 0x05, 0xcf, 0xaf, 0x8b, 0x71, 0x31, 0xf1, + 0x0f, 0x6e, 0xc9, 0x24, 0x27, 0x9b, 0xac, 0x04, 0xd7, 0x64, 0x0d, 0x30, + 0x4e, 0x11, 0x93, 0x40, 0x39, 0xbb, 0x72, 0xb2, 0xfe, 0x6b, 0xe4, 0xae, + 0x8c, 0x16, +}; + +// kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8 +// PrivateKeyInfo. +static const uint8_t kExampleRSAKeyPKCS8[] = { + 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, + 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, + 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, + 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, + 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, + 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, + 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, + 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, + 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, + 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, + 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, + 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, + 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, + 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, + 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, + 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, + 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, + 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, + 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, + 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, + 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, + 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, + 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, + 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, + 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, + 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, + 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, + 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, + 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, + 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, + 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, + 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, + 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, + 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, + 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, + 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, + 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, + 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, + 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, + 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, + 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, + 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, + 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, + 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, + 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, + 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, + 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, + 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, + 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, + 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, + 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, + 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, +}; + +// kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey +// structure. +static const uint8_t kExampleECKeyDER[] = { + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a, + 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08, + 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a, + 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, + 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69, + 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c, + 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9, + 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18, + 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16, + 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22, + 0xc1, +}; + +// kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey +// structure. The private key is equal to the order and will fail to import. +static const uint8_t kExampleBadECKeyDER[] = { + 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, + 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, + 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF, + 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3, + 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00, + 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, + 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 +}; + +static ScopedEVP_PKEY LoadExampleRSAKey() { + const uint8_t *derp = kExampleRSAKeyDER; + ScopedRSA rsa(d2i_RSAPrivateKey(nullptr, &derp, sizeof(kExampleRSAKeyDER))); + if (!rsa) { + return nullptr; + } + ScopedEVP_PKEY pkey(EVP_PKEY_new()); + if (!pkey || !EVP_PKEY_set1_RSA(pkey.get(), rsa.get())) { + return nullptr; + } + return pkey; +} + +static bool TestEVP_DigestSignInit(void) { + ScopedEVP_PKEY pkey = LoadExampleRSAKey(); + ScopedEVP_MD_CTX md_ctx; + if (!pkey || + !EVP_DigestSignInit(md_ctx.get(), NULL, EVP_sha256(), NULL, pkey.get()) || + !EVP_DigestSignUpdate(md_ctx.get(), kMsg, sizeof(kMsg))) { + return false; + } + // Determine the size of the signature. + size_t sig_len = 0; + if (!EVP_DigestSignFinal(md_ctx.get(), NULL, &sig_len)) { + return false; + } + // Sanity check for testing. + if (sig_len != (size_t)EVP_PKEY_size(pkey.get())) { + fprintf(stderr, "sig_len mismatch\n"); + return false; + } + + std::vector sig; + sig.resize(sig_len); + if (!EVP_DigestSignFinal(md_ctx.get(), bssl::vector_data(&sig), &sig_len)) { + return false; + } + sig.resize(sig_len); + + // Ensure that the signature round-trips. + md_ctx.Reset(); + if (!EVP_DigestVerifyInit(md_ctx.get(), NULL, EVP_sha256(), NULL, pkey.get()) || + !EVP_DigestVerifyUpdate(md_ctx.get(), kMsg, sizeof(kMsg)) || + !EVP_DigestVerifyFinal(md_ctx.get(), bssl::vector_data(&sig), sig_len)) { + return false; + } + + return true; +} + +static bool TestEVP_DigestVerifyInit(void) { + ScopedEVP_PKEY pkey = LoadExampleRSAKey(); + ScopedEVP_MD_CTX md_ctx; + if (!pkey || + !EVP_DigestVerifyInit(md_ctx.get(), NULL, EVP_sha256(), NULL, + pkey.get()) || + !EVP_DigestVerifyUpdate(md_ctx.get(), kMsg, sizeof(kMsg)) || + !EVP_DigestVerifyFinal(md_ctx.get(), kSignature, sizeof(kSignature))) { + return false; + } + return true; +} + +// TestAlgorithmRoundtrip signs a message using an already-initialized +// |md_ctx|, sampling the AlgorithmIdentifier. It then uses |pkey| and the +// AlgorithmIdentifier to verify the signature. +static bool TestAlgorithmRoundtrip(EVP_MD_CTX *md_ctx, EVP_PKEY *pkey) { + if (!EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))) { + return false; + } + + // Save the algorithm. + ScopedX509_ALGOR algor(X509_ALGOR_new()); + if (!algor || !EVP_DigestSignAlgorithm(md_ctx, algor.get())) { + return false; + } + + // Determine the size of the signature. + size_t sig_len = 0; + if (!EVP_DigestSignFinal(md_ctx, NULL, &sig_len)) { + return false; + } + // Sanity check for testing. + if (sig_len != (size_t)EVP_PKEY_size(pkey)) { + fprintf(stderr, "sig_len mismatch\n"); + return false; + } + + std::vector sig; + sig.resize(sig_len); + if (!EVP_DigestSignFinal(md_ctx, bssl::vector_data(&sig), &sig_len)) { + return false; + } + sig.resize(sig_len); + + // Ensure that the signature round-trips. + ScopedEVP_MD_CTX md_ctx_verify; + if (!EVP_DigestVerifyInitFromAlgorithm(md_ctx_verify.get(), algor.get(), + pkey) || + !EVP_DigestVerifyUpdate(md_ctx_verify.get(), kMsg, sizeof(kMsg)) || + !EVP_DigestVerifyFinal(md_ctx_verify.get(), bssl::vector_data(&sig), + sig_len)) { + return false; + } + + return true; +} + +static bool TestEVP_DigestSignAlgorithm(void) { + ScopedEVP_PKEY pkey = LoadExampleRSAKey(); + + // Test a simple AlgorithmIdentifier. + ScopedEVP_MD_CTX md_ctx; + if (!pkey || + !EVP_DigestSignInit(md_ctx.get(), NULL, EVP_sha256(), NULL, pkey.get()) || + !TestAlgorithmRoundtrip(md_ctx.get(), pkey.get())) { + fprintf(stderr, "RSA with SHA-256 failed\n"); + return false; + } + + // Test RSA-PSS with custom parameters. + md_ctx.Reset(); + EVP_PKEY_CTX *pkey_ctx; + if (!EVP_DigestSignInit(md_ctx.get(), &pkey_ctx, EVP_sha256(), NULL, + pkey.get()) || + !EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) || + !EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, EVP_sha512()) || + !TestAlgorithmRoundtrip(md_ctx.get(), pkey.get())) { + fprintf(stderr, "RSA-PSS failed\n"); + return false; + } + + return true; +} + +static bool TestEVP_DigestVerifyInitFromAlgorithm(void) { + CBS cert, cert_body, tbs_cert, algorithm, signature; + CBS_init(&cert, kExamplePSSCert, sizeof(kExamplePSSCert)); + if (!CBS_get_asn1(&cert, &cert_body, CBS_ASN1_SEQUENCE) || + CBS_len(&cert) != 0 || + !CBS_get_any_asn1_element(&cert_body, &tbs_cert, NULL, NULL) || + !CBS_get_asn1_element(&cert_body, &algorithm, CBS_ASN1_SEQUENCE) || + !CBS_get_asn1(&cert_body, &signature, CBS_ASN1_BITSTRING) || + CBS_len(&cert_body) != 0) { + fprintf(stderr, "Failed to parse certificate\n"); + return false; + } + + // Signatures are BIT STRINGs, but they have are multiple of 8 bytes, so the + // leading phase byte is just a zero. + uint8_t padding; + if (!CBS_get_u8(&signature, &padding) || padding != 0) { + fprintf(stderr, "Invalid signature padding\n"); + return false; + } + + const uint8_t *derp = CBS_data(&algorithm); + ScopedX509_ALGOR algor(d2i_X509_ALGOR(NULL, &derp, CBS_len(&algorithm))); + if (!algor || derp != CBS_data(&algorithm) + CBS_len(&algorithm)) { + fprintf(stderr, "Failed to parse algorithm\n"); + return false; + } + + ScopedEVP_PKEY pkey = LoadExampleRSAKey(); + ScopedEVP_MD_CTX md_ctx; + if (!pkey || + !EVP_DigestVerifyInitFromAlgorithm(md_ctx.get(), algor.get(), + pkey.get()) || + !EVP_DigestVerifyUpdate(md_ctx.get(), CBS_data(&tbs_cert), + CBS_len(&tbs_cert)) || + !EVP_DigestVerifyFinal(md_ctx.get(), CBS_data(&signature), + CBS_len(&signature))) { + return false; + } + return true; +} + +static bool Testd2i_AutoPrivateKey(const uint8_t *input, size_t input_len, + int expected_id) { + const uint8_t *p = input; + ScopedEVP_PKEY pkey(d2i_AutoPrivateKey(NULL, &p, input_len)); + if (!pkey || p != input + input_len) { + fprintf(stderr, "d2i_AutoPrivateKey failed\n"); + return false; + } + + if (EVP_PKEY_id(pkey.get()) != expected_id) { + fprintf(stderr, "Did not decode expected type\n"); + return false; + } + + return true; +} + +// TestEVP_PKCS82PKEY tests loading a bad key in PKCS8 format. +static bool TestEVP_PKCS82PKEY(void) { + const uint8_t *derp = kExampleBadECKeyDER; + ScopedPKCS8_PRIV_KEY_INFO p8inf( + d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp, sizeof(kExampleBadECKeyDER))); + if (!p8inf || derp != kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)) { + fprintf(stderr, "Failed to parse key\n"); + return false; + } + + ScopedEVP_PKEY pkey(EVP_PKCS82PKEY(p8inf.get())); + if (pkey) { + fprintf(stderr, "Imported invalid EC key\n"); + return false; + } + + return true; +} + +int main(void) { + CRYPTO_library_init(); + ERR_load_crypto_strings(); + + if (!TestEVP_DigestSignInit()) { + fprintf(stderr, "EVP_DigestSignInit failed\n"); + ERR_print_errors_fp(stderr); + return 1; + } + + if (!TestEVP_DigestVerifyInit()) { + fprintf(stderr, "EVP_DigestVerifyInit failed\n"); + ERR_print_errors_fp(stderr); + return 1; + } + + if (!TestEVP_DigestSignAlgorithm()) { + fprintf(stderr, "EVP_DigestSignInit failed\n"); + ERR_print_errors_fp(stderr); + return 1; + } + + if (!TestEVP_DigestVerifyInitFromAlgorithm()) { + fprintf(stderr, "EVP_DigestVerifyInitFromAlgorithm failed\n"); + ERR_print_errors_fp(stderr); + return 1; + } + + if (!Testd2i_AutoPrivateKey(kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), + EVP_PKEY_RSA)) { + fprintf(stderr, "d2i_AutoPrivateKey(kExampleRSAKeyDER) failed\n"); + ERR_print_errors_fp(stderr); + return 1; + } + + if (!Testd2i_AutoPrivateKey(kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), + EVP_PKEY_RSA)) { + fprintf(stderr, "d2i_AutoPrivateKey(kExampleRSAKeyPKCS8) failed\n"); + ERR_print_errors_fp(stderr); + return 1; + } + + if (!Testd2i_AutoPrivateKey(kExampleECKeyDER, sizeof(kExampleECKeyDER), + EVP_PKEY_EC)) { + fprintf(stderr, "d2i_AutoPrivateKey(kExampleECKeyDER) failed\n"); + ERR_print_errors_fp(stderr); + return 1; + } + + if (!Testd2i_AutoPrivateKey(kExampleDSAKeyDER, sizeof(kExampleDSAKeyDER), + EVP_PKEY_DSA)) { + fprintf(stderr, "d2i_AutoPrivateKey(kExampleDSAKeyDER) failed\n"); + ERR_print_errors_fp(stderr); + return 1; + } + + if (!TestEVP_PKCS82PKEY()) { + fprintf(stderr, "TestEVP_PKCS82PKEY failed\n"); + ERR_print_errors_fp(stderr); + return 1; + } + + printf("PASS\n"); + return 0; +} diff --git a/src/crypto/evp/evp_test.c b/src/crypto/evp/evp_test.c deleted file mode 100644 index 3e74cd5..0000000 --- a/src/crypto/evp/evp_test.c +++ /dev/null @@ -1,639 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include - - -/* kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you - * should never use this key anywhere but in an example. */ -static const uint8_t kExampleRSAKeyDER[] = { - 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8, - 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59, - 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37, - 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71, - 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a, - 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4, - 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec, - 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76, - 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8, - 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7, - 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c, - 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01, - 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7, - 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85, - 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee, - 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85, - 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a, - 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15, - 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83, - 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b, - 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73, - 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99, - 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02, - 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41, - 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59, - 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9, - 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef, - 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87, - 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf, - 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5, - 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5, - 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62, - 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64, - 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8, - 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba, - 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe, - 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7, - 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe, - 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb, - 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34, - 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27, - 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0, - 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba, - 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06, - 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c, - 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e, - 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf, - 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a, - 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17, - 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1, - 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, -}; - -static const uint8_t kMsg[] = {1, 2, 3, 4}; - -static const uint8_t kSignature[] = { - 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d, - 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e, - 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04, - 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09, - 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67, - 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a, - 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda, - 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48, - 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04, - 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7, - 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42, -}; - -/* kExamplePSSCert is an example self-signed certificate, signed with - * kExampleRSAKeyDER using RSA-PSS with default hash functions. */ -static const uint8_t kExamplePSSCert[] = { - 0x30, 0x82, 0x02, 0x62, 0x30, 0x82, 0x01, 0xc6, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x09, 0x00, 0x8d, 0xea, 0x53, 0x24, 0xfa, 0x48, 0x87, 0xf3, - 0x30, 0x12, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x0a, 0x30, 0x05, 0xa2, 0x03, 0x02, 0x01, 0x6a, 0x30, 0x45, 0x31, 0x0b, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, - 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x53, 0x6f, - 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x31, 0x21, 0x30, 0x1f, - 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x18, 0x49, 0x6e, 0x74, 0x65, 0x72, - 0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, - 0x50, 0x74, 0x79, 0x20, 0x4c, 0x74, 0x64, 0x30, 0x1e, 0x17, 0x0d, 0x31, - 0x34, 0x31, 0x30, 0x30, 0x39, 0x31, 0x39, 0x30, 0x39, 0x35, 0x35, 0x5a, - 0x17, 0x0d, 0x31, 0x35, 0x31, 0x30, 0x30, 0x39, 0x31, 0x39, 0x30, 0x39, - 0x35, 0x35, 0x5a, 0x30, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, - 0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, - 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, - 0x61, 0x74, 0x65, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0a, - 0x0c, 0x18, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, - 0x69, 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, 0x4c, - 0x74, 0x64, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, - 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, - 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, - 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, - 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, - 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, - 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, - 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, - 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, - 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, - 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, - 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x50, 0x30, 0x4e, - 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xd0, - 0x41, 0xfb, 0x89, 0x41, 0x1e, 0xa7, 0xad, 0x5a, 0xec, 0x34, 0x5d, 0x49, - 0x11, 0xf9, 0x55, 0x81, 0x78, 0x1f, 0x13, 0x30, 0x1f, 0x06, 0x03, 0x55, - 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xd0, 0x41, 0xfb, 0x89, - 0x41, 0x1e, 0xa7, 0xad, 0x5a, 0xec, 0x34, 0x5d, 0x49, 0x11, 0xf9, 0x55, - 0x81, 0x78, 0x1f, 0x13, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, - 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x12, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0a, 0x30, 0x05, 0xa2, 0x03, 0x02, - 0x01, 0x6a, 0x03, 0x81, 0x81, 0x00, 0x49, 0x4c, 0xb6, 0x45, 0x97, 0x20, - 0x35, 0xb3, 0x50, 0x64, 0x0d, 0x3f, 0xec, 0x5f, 0x95, 0xd5, 0x84, 0xcb, - 0x11, 0x7c, 0x03, 0xd7, 0xa6, 0xe6, 0xfa, 0x24, 0x95, 0x9f, 0x31, 0xb0, - 0xb5, 0xec, 0x66, 0x41, 0x51, 0x18, 0x21, 0x91, 0xbb, 0xe0, 0xaf, 0xf0, - 0xc5, 0xb7, 0x59, 0x41, 0xd4, 0xdb, 0xa4, 0xd2, 0x64, 0xa7, 0x54, 0x0f, - 0x8c, 0xf7, 0xe1, 0xd3, 0x3b, 0x1a, 0xb7, 0x0e, 0x9d, 0x9a, 0xde, 0x50, - 0xa1, 0x9f, 0x0a, 0xf0, 0xda, 0x34, 0x0e, 0x34, 0x7d, 0x76, 0x07, 0xfe, - 0x5a, 0xfb, 0xf9, 0x58, 0x9b, 0xc9, 0x50, 0x84, 0x01, 0xa0, 0x05, 0x4d, - 0x67, 0x42, 0x0b, 0xf8, 0xe4, 0x05, 0xcf, 0xaf, 0x8b, 0x71, 0x31, 0xf1, - 0x0f, 0x6e, 0xc9, 0x24, 0x27, 0x9b, 0xac, 0x04, 0xd7, 0x64, 0x0d, 0x30, - 0x4e, 0x11, 0x93, 0x40, 0x39, 0xbb, 0x72, 0xb2, 0xfe, 0x6b, 0xe4, 0xae, - 0x8c, 0x16, -}; - -/* kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8 - * PrivateKeyInfo. */ -static const uint8_t kExampleRSAKeyPKCS8[] = { - 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, - 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, - 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, - 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, - 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, - 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, - 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, - 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, - 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, - 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, - 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, - 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, - 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, - 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, - 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, - 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, - 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, - 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, - 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, - 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, - 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, - 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, - 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, - 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, - 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, - 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, - 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, - 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, - 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, - 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, - 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, - 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, - 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, - 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, - 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, - 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, - 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, - 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, - 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, - 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, - 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, - 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, - 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, - 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, - 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, - 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, - 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, - 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, - 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, - 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, - 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, - 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, -}; - -/* kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey - * structure. */ -static const uint8_t kExampleECKeyDER[] = { - 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a, - 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08, - 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a, - 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, - 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69, - 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c, - 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9, - 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18, - 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16, - 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22, - 0xc1, -}; - -/* kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey - * structure. The private key is equal to the order and will fail to import */ -static const uint8_t kExampleBadECKeyDER[] = { - 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, - 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, - 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF, - 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3, - 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00, - 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, - 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 -}; - -static EVP_PKEY *load_example_rsa_key(void) { - EVP_PKEY *ret = NULL; - const uint8_t *derp = kExampleRSAKeyDER; - EVP_PKEY *pkey = NULL; - RSA *rsa = NULL; - - if (!d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))) { - return NULL; - } - - pkey = EVP_PKEY_new(); - if (pkey == NULL || !EVP_PKEY_set1_RSA(pkey, rsa)) { - goto out; - } - - ret = pkey; - pkey = NULL; - -out: - if (pkey) { - EVP_PKEY_free(pkey); - } - if (rsa) { - RSA_free(rsa); - } - - return ret; -} - -static int test_EVP_DigestSignInit(void) { - int ret = 0; - EVP_PKEY *pkey = NULL; - uint8_t *sig = NULL; - size_t sig_len = 0; - EVP_MD_CTX md_ctx, md_ctx_verify; - - EVP_MD_CTX_init(&md_ctx); - EVP_MD_CTX_init(&md_ctx_verify); - - pkey = load_example_rsa_key(); - if (pkey == NULL || - !EVP_DigestSignInit(&md_ctx, NULL, EVP_sha256(), NULL, pkey) || - !EVP_DigestSignUpdate(&md_ctx, kMsg, sizeof(kMsg))) { - goto out; - } - /* Determine the size of the signature. */ - if (!EVP_DigestSignFinal(&md_ctx, NULL, &sig_len)) { - goto out; - } - /* Sanity check for testing. */ - if (sig_len != EVP_PKEY_size(pkey)) { - fprintf(stderr, "sig_len mismatch\n"); - goto out; - } - - sig = malloc(sig_len); - if (sig == NULL || !EVP_DigestSignFinal(&md_ctx, sig, &sig_len)) { - goto out; - } - - /* Ensure that the signature round-trips. */ - if (!EVP_DigestVerifyInit(&md_ctx_verify, NULL, EVP_sha256(), NULL, pkey) || - !EVP_DigestVerifyUpdate(&md_ctx_verify, kMsg, sizeof(kMsg)) || - !EVP_DigestVerifyFinal(&md_ctx_verify, sig, sig_len)) { - goto out; - } - - ret = 1; - -out: - if (!ret) { - BIO_print_errors_fp(stderr); - } - - EVP_MD_CTX_cleanup(&md_ctx); - EVP_MD_CTX_cleanup(&md_ctx_verify); - if (pkey) { - EVP_PKEY_free(pkey); - } - if (sig) { - free(sig); - } - - return ret; -} - -static int test_EVP_DigestVerifyInit(void) { - int ret = 0; - EVP_PKEY *pkey = NULL; - EVP_MD_CTX md_ctx; - - EVP_MD_CTX_init(&md_ctx); - - pkey = load_example_rsa_key(); - if (pkey == NULL || - !EVP_DigestVerifyInit(&md_ctx, NULL, EVP_sha256(), NULL, pkey) || - !EVP_DigestVerifyUpdate(&md_ctx, kMsg, sizeof(kMsg)) || - !EVP_DigestVerifyFinal(&md_ctx, kSignature, sizeof(kSignature))) { - goto out; - } - ret = 1; - -out: - if (!ret) { - BIO_print_errors_fp(stderr); - } - - EVP_MD_CTX_cleanup(&md_ctx); - if (pkey) { - EVP_PKEY_free(pkey); - } - - return ret; -} - -/* test_algorithm_roundtrip signs a message using an already-initialized - * |md_ctx|, sampling the AlgorithmIdentifier. It then uses |pkey| and the - * AlgorithmIdentifier to verify the signature. */ -static int test_algorithm_roundtrip(EVP_MD_CTX *md_ctx, EVP_PKEY *pkey) { - int ret = 0; - uint8_t *sig = NULL; - size_t sig_len = 0; - EVP_MD_CTX md_ctx_verify; - X509_ALGOR *algor = NULL; - - EVP_MD_CTX_init(&md_ctx_verify); - - if (!EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))) { - goto out; - } - - /* Save the algorithm. */ - algor = X509_ALGOR_new(); - if (algor == NULL || !EVP_DigestSignAlgorithm(md_ctx, algor)) { - goto out; - } - - /* Determine the size of the signature. */ - if (!EVP_DigestSignFinal(md_ctx, NULL, &sig_len)) { - goto out; - } - /* Sanity check for testing. */ - if (sig_len != EVP_PKEY_size(pkey)) { - fprintf(stderr, "sig_len mismatch\n"); - goto out; - } - - sig = malloc(sig_len); - if (sig == NULL || !EVP_DigestSignFinal(md_ctx, sig, &sig_len)) { - goto out; - } - - /* Ensure that the signature round-trips. */ - if (!EVP_DigestVerifyInitFromAlgorithm(&md_ctx_verify, algor, pkey) || - !EVP_DigestVerifyUpdate(&md_ctx_verify, kMsg, sizeof(kMsg)) || - !EVP_DigestVerifyFinal(&md_ctx_verify, sig, sig_len)) { - goto out; - } - - ret = 1; - -out: - EVP_MD_CTX_cleanup(&md_ctx_verify); - if (sig) { - free(sig); - } - if (algor) { - X509_ALGOR_free(algor); - } - - return ret; -} - -static int test_EVP_DigestSignAlgorithm(void) { - int ret = 0; - EVP_PKEY *pkey = NULL; - EVP_MD_CTX md_ctx; - EVP_PKEY_CTX *pkey_ctx; - - EVP_MD_CTX_init(&md_ctx); - - pkey = load_example_rsa_key(); - if (pkey == NULL) { - goto out; - } - - /* Test a simple AlgorithmIdentifier. */ - if (!EVP_DigestSignInit(&md_ctx, &pkey_ctx, EVP_sha256(), NULL, pkey) || - !test_algorithm_roundtrip(&md_ctx, pkey)) { - fprintf(stderr, "RSA with SHA-256 failed\n"); - goto out; - } - - EVP_MD_CTX_cleanup(&md_ctx); - EVP_MD_CTX_init(&md_ctx); - - /* Test RSA-PSS with custom parameters. */ - if (!EVP_DigestSignInit(&md_ctx, &pkey_ctx, EVP_sha256(), NULL, pkey) || - EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) != 1 || - EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, EVP_sha512()) != 1 || - !test_algorithm_roundtrip(&md_ctx, pkey)) { - fprintf(stderr, "RSA-PSS failed\n"); - goto out; - } - - ret = 1; - -out: - if (!ret) { - BIO_print_errors_fp(stderr); - } - - EVP_MD_CTX_cleanup(&md_ctx); - if (pkey) { - EVP_PKEY_free(pkey); - } - - return ret; -} - -static int test_EVP_DigestVerifyInitFromAlgorithm(void) { - int ret = 0; - CBS cert, cert_body, tbs_cert, algorithm, signature; - uint8_t padding; - X509_ALGOR *algor = NULL; - const uint8_t *derp; - EVP_PKEY *pkey = NULL; - EVP_MD_CTX md_ctx; - - EVP_MD_CTX_init(&md_ctx); - - CBS_init(&cert, kExamplePSSCert, sizeof(kExamplePSSCert)); - if (!CBS_get_asn1(&cert, &cert_body, CBS_ASN1_SEQUENCE) || - CBS_len(&cert) != 0 || - !CBS_get_any_asn1_element(&cert_body, &tbs_cert, NULL, NULL) || - !CBS_get_asn1_element(&cert_body, &algorithm, CBS_ASN1_SEQUENCE) || - !CBS_get_asn1(&cert_body, &signature, CBS_ASN1_BITSTRING) || - CBS_len(&cert_body) != 0) { - fprintf(stderr, "Failed to parse certificate\n"); - goto out; - } - - /* Signatures are BIT STRINGs, but they have are multiple of 8 bytes, so the - leading phase byte is just a zero. */ - if (!CBS_get_u8(&signature, &padding) || padding != 0) { - fprintf(stderr, "Invalid signature padding\n"); - goto out; - } - - derp = CBS_data(&algorithm); - if (!d2i_X509_ALGOR(&algor, &derp, CBS_len(&algorithm)) || - derp != CBS_data(&algorithm) + CBS_len(&algorithm)) { - fprintf(stderr, "Failed to parse algorithm\n"); - } - - pkey = load_example_rsa_key(); - if (pkey == NULL || - !EVP_DigestVerifyInitFromAlgorithm(&md_ctx, algor, pkey) || - !EVP_DigestVerifyUpdate(&md_ctx, CBS_data(&tbs_cert), - CBS_len(&tbs_cert)) || - !EVP_DigestVerifyFinal(&md_ctx, CBS_data(&signature), - CBS_len(&signature))) { - goto out; - } - ret = 1; - -out: - if (!ret) { - BIO_print_errors_fp(stderr); - } - - EVP_MD_CTX_cleanup(&md_ctx); - if (pkey) { - EVP_PKEY_free(pkey); - } - - return ret; -} - -static int test_d2i_AutoPrivateKey(const uint8_t *input, size_t input_len, - int expected_id) { - int ret = 0; - const uint8_t *p; - EVP_PKEY *pkey = NULL; - - p = input; - pkey = d2i_AutoPrivateKey(NULL, &p, input_len); - if (pkey == NULL || p != input + input_len) { - fprintf(stderr, "d2i_AutoPrivateKey failed\n"); - goto done; - } - - if (EVP_PKEY_id(pkey) != expected_id) { - fprintf(stderr, "Did not decode expected type\n"); - goto done; - } - - ret = 1; - -done: - if (!ret) { - BIO_print_errors_fp(stderr); - } - - if (pkey != NULL) { - EVP_PKEY_free(pkey); - } - return ret; -} - -/* Tests loading a bad key in PKCS8 format */ -static int test_EVP_PKCS82PKEY(void) { - int ret = 0; - const uint8_t *derp = kExampleBadECKeyDER; - PKCS8_PRIV_KEY_INFO *p8inf = NULL; - EVP_PKEY *pkey = NULL; - - p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp, sizeof(kExampleBadECKeyDER)); - - if (!p8inf || derp != kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)) { - fprintf(stderr, "Failed to parse key\n"); - goto done; - } - - pkey = EVP_PKCS82PKEY(p8inf); - if (pkey) { - fprintf(stderr, "Imported invalid EC key\n"); - goto done; - } - - ret = 1; - -done: - if (p8inf != NULL) { - PKCS8_PRIV_KEY_INFO_free(p8inf); - } - - if (pkey != NULL) { - EVP_PKEY_free(pkey); - } - - return ret; -} - -int main(void) { - CRYPTO_library_init(); - ERR_load_crypto_strings(); - - if (!test_EVP_DigestSignInit()) { - fprintf(stderr, "EVP_DigestSignInit failed\n"); - return 1; - } - - if (!test_EVP_DigestVerifyInit()) { - fprintf(stderr, "EVP_DigestVerifyInit failed\n"); - return 1; - } - - if (!test_EVP_DigestSignAlgorithm()) { - fprintf(stderr, "EVP_DigestSignInit failed\n"); - return 1; - } - - if (!test_EVP_DigestVerifyInitFromAlgorithm()) { - fprintf(stderr, "EVP_DigestVerifyInitFromAlgorithm failed\n"); - return 1; - } - - if (!test_d2i_AutoPrivateKey(kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), - EVP_PKEY_RSA)) { - fprintf(stderr, "d2i_AutoPrivateKey(kExampleRSAKeyDER) failed\n"); - return 1; - } - - if (!test_d2i_AutoPrivateKey(kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), - EVP_PKEY_RSA)) { - fprintf(stderr, "d2i_AutoPrivateKey(kExampleRSAKeyPKCS8) failed\n"); - return 1; - } - - if (!test_d2i_AutoPrivateKey(kExampleECKeyDER, sizeof(kExampleECKeyDER), - EVP_PKEY_EC)) { - fprintf(stderr, "d2i_AutoPrivateKey(kExampleECKeyDER) failed\n"); - return 1; - } - - if (!test_EVP_PKCS82PKEY()) { - fprintf(stderr, "test_EVP_PKCS82PKEY failed\n"); - return 1; - } - - printf("PASS\n"); - return 0; -} diff --git a/src/crypto/evp/evp_test.cc b/src/crypto/evp/evp_test.cc new file mode 100644 index 0000000..239f868 --- /dev/null +++ b/src/crypto/evp/evp_test.cc @@ -0,0 +1,262 @@ +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include +#include +#include +#include + +#include +#include +#include + +#include +#include +#include +#include +#include +#include + +#include "../test/file_test.h" +#include "../test/scoped_types.h" +#include "../test/stl_compat.h" + + +// evp_test dispatches between multiple test types. HMAC tests test the legacy +// EVP_PKEY_HMAC API. PrivateKey tests take a key name parameter and single +// block, decode it as a PEM private key, and save it under that key name. +// Decrypt, Sign, and Verify tests take a previously imported key name as +// parameter and test their respective operations. + +static const EVP_MD *GetDigest(FileTest *t, const std::string &name) { + if (name == "MD5") { + return EVP_md5(); + } else if (name == "SHA1") { + return EVP_sha1(); + } else if (name == "SHA224") { + return EVP_sha224(); + } else if (name == "SHA256") { + return EVP_sha256(); + } else if (name == "SHA384") { + return EVP_sha384(); + } else if (name == "SHA512") { + return EVP_sha512(); + } + t->PrintLine("Unknown digest: '%s'", name.c_str()); + return nullptr; +} + +using KeyMap = std::map; + +// ImportPrivateKey evaluates a PrivateKey test in |t| and writes the resulting +// private key to |key_map|. +static bool ImportPrivateKey(FileTest *t, KeyMap *key_map) { + const std::string &key_name = t->GetParameter(); + if (key_map->count(key_name) > 0) { + t->PrintLine("Duplicate key '%s'.", key_name.c_str()); + return false; + } + const std::string &block = t->GetBlock(); + ScopedBIO bio(BIO_new_mem_buf(const_cast(block.data()), block.size())); + if (!bio) { + return false; + } + ScopedEVP_PKEY pkey(PEM_read_bio_PrivateKey(bio.get(), nullptr, 0, nullptr)); + if (!pkey) { + t->PrintLine("Error reading private key."); + return false; + } + (*key_map)[key_name] = pkey.release(); + return true; +} + +static bool TestHMAC(FileTest *t) { + std::string digest_str; + if (!t->GetAttribute(&digest_str, "HMAC")) { + return false; + } + const EVP_MD *digest = GetDigest(t, digest_str); + if (digest == nullptr) { + return false; + } + + std::vector key, input, output; + if (!t->GetBytes(&key, "Key") || + !t->GetBytes(&input, "Input") || + !t->GetBytes(&output, "Output")) { + return false; + } + + ScopedEVP_PKEY pkey(EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, nullptr, + bssl::vector_data(&key), + key.size())); + ScopedEVP_MD_CTX mctx; + if (!pkey || + !EVP_DigestSignInit(mctx.get(), nullptr, digest, nullptr, pkey.get()) || + !EVP_DigestSignUpdate(mctx.get(), bssl::vector_data(&input), + input.size())) { + return false; + } + + size_t len; + std::vector actual; + if (!EVP_DigestSignFinal(mctx.get(), nullptr, &len)) { + return false; + } + actual.resize(len); + if (!EVP_DigestSignFinal(mctx.get(), bssl::vector_data(&actual), &len)) { + return false; + } + actual.resize(len); + return t->ExpectBytesEqual(bssl::vector_data(&output), output.size(), + bssl::vector_data(&actual), actual.size()); +} + +static bool TestEVP(FileTest *t, void *arg) { + KeyMap *key_map = reinterpret_cast(arg); + if (t->GetType() == "PrivateKey") { + return ImportPrivateKey(t, key_map); + } else if (t->GetType() == "HMAC") { + return TestHMAC(t); + } + + int (*key_op_init)(EVP_PKEY_CTX *ctx); + int (*key_op)(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *out_len, + const uint8_t *in, size_t in_len); + if (t->GetType() == "Decrypt") { + key_op_init = EVP_PKEY_decrypt_init; + key_op = EVP_PKEY_decrypt; + } else if (t->GetType() == "Sign") { + key_op_init = EVP_PKEY_sign_init; + key_op = EVP_PKEY_sign; + } else if (t->GetType() == "Verify") { + key_op_init = EVP_PKEY_verify_init; + key_op = nullptr; // EVP_PKEY_verify is handled differently. + } else { + t->PrintLine("Unknown test '%s'", t->GetType().c_str()); + return false; + } + + // Load the key. + const std::string &key_name = t->GetParameter(); + if (key_map->count(key_name) == 0) { + t->PrintLine("Could not find key '%s'.", key_name.c_str()); + return false; + } + EVP_PKEY *key = (*key_map)[key_name]; + + std::vector input, output; + if (!t->GetBytes(&input, "Input") || + !t->GetBytes(&output, "Output")) { + return false; + } + + // Set up the EVP_PKEY_CTX. + ScopedEVP_PKEY_CTX ctx(EVP_PKEY_CTX_new(key, nullptr)); + if (!ctx || !key_op_init(ctx.get())) { + return false; + } + if (t->HasAttribute("Digest")) { + const EVP_MD *digest = GetDigest(t, t->GetAttributeOrDie("Digest")); + if (digest == nullptr || + !EVP_PKEY_CTX_set_signature_md(ctx.get(), digest)) { + return false; + } + } + + if (t->GetType() == "Verify") { + if (!EVP_PKEY_verify(ctx.get(), bssl::vector_data(&output), output.size(), + bssl::vector_data(&input), input.size())) { + // ECDSA sometimes doesn't push an error code. Push one on the error queue + // so it's distinguishable from other errors. + ERR_put_error(ERR_LIB_USER, 0, ERR_R_EVP_LIB, __FILE__, __LINE__); + return false; + } + return true; + } + + size_t len; + std::vector actual; + if (!key_op(ctx.get(), nullptr, &len, bssl::vector_data(&input), + input.size())) { + return false; + } + actual.resize(len); + if (!key_op(ctx.get(), bssl::vector_data(&actual), &len, + bssl::vector_data(&input), input.size())) { + return false; + } + actual.resize(len); + if (!t->ExpectBytesEqual(bssl::vector_data(&output), output.size(), + bssl::vector_data(&actual), len)) { + return false; + } + return true; +} + +int main(int argc, char **argv) { + CRYPTO_library_init(); + if (argc != 2) { + fprintf(stderr, "%s \n", argv[0]); + return 1; + } + + KeyMap map; + int ret = FileTestMain(TestEVP, &map, argv[1]); + // TODO(davidben): When we can rely on a move-aware std::map, make KeyMap a + // map of ScopedEVP_PKEY instead. + for (const auto &pair : map) { + EVP_PKEY_free(pair.second); + } + return ret; +} diff --git a/src/crypto/evp/evp_tests.txt b/src/crypto/evp/evp_tests.txt new file mode 100644 index 0000000..cccfa4f --- /dev/null +++ b/src/crypto/evp/evp_tests.txt @@ -0,0 +1,174 @@ +# Public key algorithm tests + +# Private keys used for PKEY operations. + +# RSA 2048 bit key. + +PrivateKey = RSA-2048 +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDNAIHqeyrh6gbV +n3xz2f+5SglhXC5Lp8Y2zvCN01M+wxhVJbAVx2m5mnfWclv5w1Mqm25fZifV+4UW +B2jT3anL01l0URcX3D0wnS/EfuQfl+Mq23+d2GShxHZ6Zm7NcbwarPXnUX9LOFlP +6psF5C1a2pkSAIAT5FMWpNm7jtCGuI0odYusr5ItRqhotIXSOcm66w4rZFknEPQr +LR6gpLSALAvsqzKPimiwBzvbVG/uqYCdKEmRKzkMFTK8finHZY+BdfrkbzQzL/h7 +yrPkBkm5hXeGnaDqcYNT8HInVIhpE2SHYNEivmduD8SD3SD/wxvalqMZZsmqLnWt +A95H4cRPAgMBAAECggEAYCl6x5kbFnoG1rJHWLjL4gi+ubLZ7Jc4vYD5Ci41AF3X +ziktnim6iFvTFv7x8gkTvArJDWsICLJBTYIQREHYYkozzgIzyPeApIs3Wv8C12cS +IopwJITbP56+zM+77hcJ26GCgA2Unp5CFuC/81WDiPi9kNo3Oh2CdD7D+90UJ/0W +glplejFpEuhpU2URfKL4RckJQF/KxV+JX8FdIDhsJu54yemQdQKaF4psHkzwwgDo +qc+yfp0Vb4bmwq3CKxqEoc1cpbJ5CHXXlAfISzUjlcuBzD/tW7BDtp7eDAcgRVAC +XO6MX0QBcLYSC7SOD3R7zY9SIRCFDfBDxCjf0YcFMQKBgQD2+WG0fLwDXTrt68fe +hQqVa2Xs25z2B2QGPxWqSFU8WNly/mZ1BW413f3De/O58vYi7icTNyVoScm+8hdv +6PfD+LuRujdN1TuvPeyBTSvewQwf3IjN0Wh28mse36PwlBl+301C/x+ylxEDuJjK +hZxCcocIaoQqtBC7ac8tNa9r4wKBgQDUfnJKf/QQSLJwwlJKQQGHi3MVm7c9PbwY +eyIOY1s1NPluJDoYTZP4YLa/u2txwe2aHh9FhYMCPDAelqaSwaCLU9DsnKkQEA2A +RR47fcagG6xK7O+N95iEa8I1oIy7os9MBoBMwRIZ6VYIxxTj8UMNSR+tu6MqV1Gg +T5d0WDTJpQKBgCHyRSu5uV39AoyRS/eZ8cp36JqV1Q08FtOE+EVfi9evnrPfo9WR +2YQt7yNfdjCo5IwIj/ZkLhAXlFNakz4el2+oUJ/HKLLaDEoaCNf883q6rh/zABrK +HcG7sF2d/7qhoJ9/se7zgjfZ68zHIrkzhDbd5xGREnmMJoCcGo3sQyBhAoGAH3UQ +qmLC2N5KPFMoJ4H0HgLQ6LQCrnhDLkScSBEBYaEUA/AtAYgKjcyTgVLXlyGkcRpg +esRHHr+WSBD5W+R6ReYEmeKfTJdzyDdzQE9gZjdyjC0DUbsDwybIu3OnIef6VEDq +IXK7oUZfzDDcsNn4mTDoFaoff5cpqFfgDgM43VkCgYBNHw11b+d+AQmaZS9QqIt7 +aF3FvwCYHV0jdv0Mb+Kc1bY4c0R5MFpzrTwVmdOerjuuA1+9b+0Hwo3nBZM4eaBu +SOamA2hu2OJWCl9q8fLCT69KqWDjghhvFe7c6aJJGucwaA3Uz3eLcPqoaCarMiNH +fMkTd7GabVourqIZdgvu1Q== +-----END PRIVATE KEY----- + +# EC P-256 key + +PrivateKey = P-256 +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgiocvtiiTxNH/xbnw ++RdYBp+DUuCPoFpJ+NuSbLVyhyWhRANCAAQsFQ9CnOcPIWwlLPXgYs4fY5zV0WXH ++JQkBywnGX14szuSDpXNtmTpkNzwz+oNlOKo5q+dDlgFbmUxBJJbn+bJ +-----END PRIVATE KEY----- + +# RSA tests + +Sign = RSA-2048 +Digest = SHA1 +Input = "0123456789ABCDEF1234" +Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad + +Verify = RSA-2048 +Digest = SHA1 +Input = "0123456789ABCDEF1234" +Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad + +# Digest too long +Sign = RSA-2048 +Digest = SHA1 +Input = "0123456789ABCDEF12345" +Output = +Error = INVALID_DIGEST_LENGTH + +# Digest too short +Sign = RSA-2048 +Digest = SHA1 +Input = "0123456789ABCDEF12345" +Output = +Error = INVALID_DIGEST_LENGTH + +# Mismatched digest +Verify = RSA-2048 +Digest = SHA1 +Input = "0123456789ABCDEF1233" +Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad +Error = BAD_SIGNATURE + +# Corrupted signature +Verify = RSA-2048 +Digest = SHA1 +Input = "0123456789ABCDEF1233" +Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ae +Error = BLOCK_TYPE_IS_NOT_01 + +# parameter missing (NOTE: this differs from upstream) +Verify = RSA-2048 +Digest = SHA1 +Input = "0123456789ABCDEF1234" +Output = 3ec3fc29eb6e122bd7aa361cd09fe1bcbe85311096a7b9e4799cedfb2351ce0ab7fe4e75b4f6b37f67edd9c60c800f9ab941c0c157d7d880ca9de40c951d60fd293ae220d4bc510b1572d6e85a1bbbd8605b52e05f1c64fafdae59a1c2fbed214b7844d0134619de62851d5a0522e32e556e5950f3f97b8150e3f0dffee612c924201c27cd9bc8b423a71533380c276d3d59fcba35a2e80a1a192ec266a6c2255012cd86a349fe90a542b355fa3355b04da6cdf1df77f0e7bd44a90e880e1760266d233e465226f5db1c68857847d82072861ee266ddfc2e596845b77e1803274a579835ab5e4975d81d20b7df9cec7795489e4a2bdb8c1cf6a6b359945ac92c +Error = BAD_SIGNATURE + +# embedded digest too long +Verify = RSA-2048 +Digest = SHA1 +Input = "0123456789ABCDEF1234" +Output = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d +Error = BAD_SIGNATURE + +# embedded digest too short +Verify = RSA-2048 +Digest = SHA1 +Input = "0123456789ABCDEF1234" +Output = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d +Error = BAD_SIGNATURE + +# Garbage after DigestInfo +Verify = RSA-2048 +Digest = SHA1 +Input = "0123456789ABCDEF1234" +Output = 9ee34872d4271a7d8808af0a4052a145a6d6a8437d00da3ed14428c7f087cd39f4d43334c41af63e7fa1ba363fee7bcef401d9d36a662abbab55ce89a696e1be0dfa19a5d09ca617dd488787b6048baaefeb29bc8688b2fe3882de2b77c905b5a8b56cf9616041e5ec934ba6de863efe93acc4eef783fe7f72a00fa65d6093ed32bf98ce527e62ccb1d56317f4be18b7e0f55d7c36617d2d0678a306e3350956b662ac15df45215dd8f6b314babb9788e6c272fa461e4c9b512a11a4b92bc77c3a4c95c903fccb238794eca5c750477bf56ea6ee6a167367d881b485ae3889e7c489af8fdf38e0c0f2aed780831182e34abedd43c39281b290774bf35cc25274 +Error = BAD_SIGNATURE + +# invalid tag for parameter +Verify = RSA-2048 +Digest = SHA1 +Input = "0123456789ABCDEF1234" +Output = 49525db4d44c755e560cba980b1d85ea604b0e077fcadd4ba44072a3487bbddb835016200a7d8739cce2dc3223d9c20cbdd25059ab02277f1f21318efd18e21038ec89aa9d40680987129e8b41ba33bceb86518bdf47268b921cce2037acabca6575d832499538d6f40cdba0d40bd7f4d8ea6ca6e2eec87f294efc971407857f5d7db09f6a7b31e301f571c6d82a5e3d08d2bb3a36e673d28b910f5bec57f0fcc4d968fd7c94d0b9226dec17f5192ad8b42bcab6f26e1bea1fdc3b958199acb00f14ebcb2a352f3afcedd4c09000128a603bbeb9696dea13040445253972d46237a25c7845e3b464e6984c2348ea1f1210a9ff0b00d2d72b50db00c009bb39f9 +Error = BAD_SIGNATURE + +# EC tests + +Verify = P-256 +Digest = SHA1 +Input = "0123456789ABCDEF1234" +Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8 + +# Digest too long +Verify = P-256 +Digest = SHA1 +Input = "0123456789ABCDEF12345" +Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8 +# This operation fails without an error code, so ERR_R_EVP_LIB is surfaced. +Error = public key routines + +# Digest too short +Verify = P-256 +Digest = SHA1 +Input = "0123456789ABCDEF123" +Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8 +# This operation fails without an error code, so ERR_R_EVP_LIB is surfaced. +Error = public key routines + +# Digest invalid +Verify = P-256 +Digest = SHA1 +Input = "0123456789ABCDEF1235" +Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8 +# This operation fails without an error code, so ERR_R_EVP_LIB is surfaced. +Error = public key routines + +# Invalid signature +Verify = P-256 +Digest = SHA1 +Input = "0123456789ABCDEF1234" +Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec7 +# This operation fails without an error code, so ERR_R_EVP_LIB is surfaced. +Error = public key routines + +# Garbage after signature +Verify = P-256 +Digest = SHA1 +Input = "0123456789ABCDEF1234" +Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec800 +# This operation fails without an error code, so ERR_R_EVP_LIB is surfaced. +Error = public key routines + +# BER signature +Verify = P-256 +Digest = SHA1 +Input = "0123456789ABCDEF1234" +Output = 3080022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec80000 +# This operation fails without an error code, so ERR_R_EVP_LIB is surfaced. +Error = public key routines diff --git a/src/crypto/evp/internal.h b/src/crypto/evp/internal.h index 2b0f608..08a7bfb 100644 --- a/src/crypto/evp/internal.h +++ b/src/crypto/evp/internal.h @@ -170,8 +170,49 @@ typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); #define EVP_PKEY_OP_TYPE_GEN (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN) +/* EVP_PKEY_CTX_ctrl performs |cmd| on |ctx|. The |keytype| and |optype| + * arguments can be -1 to specify that any type and operation are acceptable, + * otherwise |keytype| must match the type of |ctx| and the bits of |optype| + * must intersect the operation flags set on |ctx|. + * + * The |p1| and |p2| arguments depend on the value of |cmd|. + * + * It returns one on success and zero on error. */ +OPENSSL_EXPORT int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, + int cmd, int p1, void *p2); + +/* EVP_PKEY_CTRL_DIGESTINIT is an internal value. It's called by + * EVP_DigestInit_ex to signal the |EVP_PKEY| that a digest operation is + * starting. + * + * TODO(davidben): This is only needed to support the deprecated HMAC |EVP_PKEY| + * types. */ +#define EVP_PKEY_CTRL_DIGESTINIT 3 + +/* EVP_PKEY_CTRL_PEER_KEY is called with different values of |p1|: + * 0: Is called from |EVP_PKEY_derive_set_peer| and |p2| contains a peer key. + * If the return value is <= 0, the key is rejected. + * 1: Is called at the end of |EVP_PKEY_derive_set_peer| and |p2| contains a + * peer key. If the return value is <= 0, the key is rejected. + * 2: Is called with |p2| == NULL to test whether the peer's key was used. + * (EC)DH always return one in this case. + * 3: Is called with |p2| == NULL to set whether the peer's key was used. + * (EC)DH always return one in this case. This was only used for GOST. */ +#define EVP_PKEY_CTRL_PEER_KEY 4 + +/* EVP_PKEY_CTRL_SET_MAC_KEY sets a MAC key. For example, this can be done an + * |EVP_PKEY_CTX| prior to calling |EVP_PKEY_keygen| in order to generate an + * HMAC |EVP_PKEY| with the given key. It returns one on success and zero on + * error. */ +#define EVP_PKEY_CTRL_SET_MAC_KEY 5 + +/* EVP_PKEY_ALG_CTRL is the base value from which key-type specific ctrl + * commands are numbered. */ +#define EVP_PKEY_ALG_CTRL 0x1000 + #define EVP_PKEY_CTRL_MD 1 #define EVP_PKEY_CTRL_GET_MD 2 + #define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1) #define EVP_PKEY_CTRL_GET_RSA_PADDING (EVP_PKEY_ALG_CTRL + 2) #define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 3) @@ -185,6 +226,8 @@ typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); #define EVP_PKEY_CTRL_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 11) #define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12) +#define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 1) + struct evp_pkey_ctx_st { /* Method associated with this operation */ const EVP_PKEY_METHOD *pmeth; diff --git a/src/crypto/evp/p_dsa_asn1.c b/src/crypto/evp/p_dsa_asn1.c new file mode 100644 index 0000000..0ac7da7 --- /dev/null +++ b/src/crypto/evp/p_dsa_asn1.c @@ -0,0 +1,569 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). */ + +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "../dsa/internal.h" +#include "internal.h" + + +static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) { + const uint8_t *p, *pm; + int pklen, pmlen; + int ptype; + void *pval; + ASN1_STRING *pstr; + X509_ALGOR *palg; + ASN1_INTEGER *public_key = NULL; + + DSA *dsa = NULL; + + if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) { + return 0; + } + X509_ALGOR_get0(NULL, &ptype, &pval, palg); + + if (ptype == V_ASN1_SEQUENCE) { + pstr = pval; + pm = pstr->data; + pmlen = pstr->length; + + dsa = d2i_DSAparams(NULL, &pm, pmlen); + if (dsa == NULL) { + OPENSSL_PUT_ERROR(EVP, dsa_pub_decode, EVP_R_DECODE_ERROR); + goto err; + } + } else if (ptype == V_ASN1_NULL || ptype == V_ASN1_UNDEF) { + dsa = DSA_new(); + if (dsa == NULL) { + OPENSSL_PUT_ERROR(EVP, dsa_pub_decode, ERR_R_MALLOC_FAILURE); + goto err; + } + } else { + OPENSSL_PUT_ERROR(EVP, dsa_pub_decode, EVP_R_PARAMETER_ENCODING_ERROR); + goto err; + } + + public_key = d2i_ASN1_INTEGER(NULL, &p, pklen); + if (public_key == NULL) { + OPENSSL_PUT_ERROR(EVP, dsa_pub_decode, EVP_R_DECODE_ERROR); + goto err; + } + + dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL); + if (dsa->pub_key == NULL) { + OPENSSL_PUT_ERROR(EVP, dsa_pub_decode, EVP_R_BN_DECODE_ERROR); + goto err; + } + + ASN1_INTEGER_free(public_key); + EVP_PKEY_assign_DSA(pkey, dsa); + return 1; + +err: + ASN1_INTEGER_free(public_key); + DSA_free(dsa); + return 0; +} + +static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) { + DSA *dsa; + void *pval = NULL; + uint8_t *penc = NULL; + int penclen; + + dsa = pkey->pkey.dsa; + dsa->write_params = 0; + + penclen = i2d_DSAPublicKey(dsa, &penc); + + if (penclen <= 0) { + OPENSSL_PUT_ERROR(EVP, dsa_pub_encode, ERR_R_MALLOC_FAILURE); + goto err; + } + + if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA), V_ASN1_UNDEF, pval, + penc, penclen)) { + return 1; + } + +err: + OPENSSL_free(penc); + ASN1_STRING_free(pval); + + return 0; +} + +static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) { + const uint8_t *p, *pm; + int pklen, pmlen; + int ptype; + void *pval; + ASN1_STRING *pstr; + X509_ALGOR *palg; + ASN1_INTEGER *privkey = NULL; + BN_CTX *ctx = NULL; + + /* In PKCS#8 DSA: you just get a private key integer and parameters in the + * AlgorithmIdentifier the pubkey must be recalculated. */ + + STACK_OF(ASN1_TYPE) *ndsa = NULL; + DSA *dsa = NULL; + + if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) { + return 0; + } + X509_ALGOR_get0(NULL, &ptype, &pval, palg); + + /* Check for broken DSA PKCS#8, UGH! */ + if (*p == (V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)) { + ASN1_TYPE *t1, *t2; + ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen); + if (ndsa == NULL) { + goto decerr; + } + if (sk_ASN1_TYPE_num(ndsa) != 2) { + goto decerr; + } + + /* Handle Two broken types: + * SEQUENCE {parameters, priv_key} + * SEQUENCE {pub_key, priv_key}. */ + + t1 = sk_ASN1_TYPE_value(ndsa, 0); + t2 = sk_ASN1_TYPE_value(ndsa, 1); + if (t1->type == V_ASN1_SEQUENCE) { + p8->broken = PKCS8_EMBEDDED_PARAM; + pval = t1->value.ptr; + } else if (ptype == V_ASN1_SEQUENCE) { + p8->broken = PKCS8_NS_DB; + } else { + goto decerr; + } + + if (t2->type != V_ASN1_INTEGER) { + goto decerr; + } + + privkey = t2->value.integer; + } else { + const uint8_t *q = p; + privkey = d2i_ASN1_INTEGER(NULL, &p, pklen); + if (privkey == NULL) { + goto decerr; + } + if (privkey->type == V_ASN1_NEG_INTEGER) { + p8->broken = PKCS8_NEG_PRIVKEY; + ASN1_INTEGER_free(privkey); + privkey = d2i_ASN1_UINTEGER(NULL, &q, pklen); + if (privkey == NULL) { + goto decerr; + } + } + if (ptype != V_ASN1_SEQUENCE) { + goto decerr; + } + } + + pstr = pval; + pm = pstr->data; + pmlen = pstr->length; + dsa = d2i_DSAparams(NULL, &pm, pmlen); + if (dsa == NULL) { + goto decerr; + } + /* We have parameters. Now set private key */ + dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL); + if (dsa->priv_key == NULL) { + OPENSSL_PUT_ERROR(EVP, dsa_priv_decode, ERR_LIB_BN); + goto dsaerr; + } + /* Calculate public key. */ + dsa->pub_key = BN_new(); + if (dsa->pub_key == NULL) { + OPENSSL_PUT_ERROR(EVP, dsa_priv_decode, ERR_R_MALLOC_FAILURE); + goto dsaerr; + } + ctx = BN_CTX_new(); + if (ctx == NULL) { + OPENSSL_PUT_ERROR(EVP, dsa_priv_decode, ERR_R_MALLOC_FAILURE); + goto dsaerr; + } + + if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) { + OPENSSL_PUT_ERROR(EVP, dsa_priv_decode, ERR_LIB_BN); + goto dsaerr; + } + + EVP_PKEY_assign_DSA(pkey, dsa); + BN_CTX_free(ctx); + sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); + ASN1_INTEGER_free(privkey); + + return 1; + +decerr: + OPENSSL_PUT_ERROR(EVP, dsa_priv_decode, EVP_R_DECODE_ERROR); + +dsaerr: + BN_CTX_free(ctx); + ASN1_INTEGER_free(privkey); + sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); + DSA_free(dsa); + return 0; +} + +static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) { + ASN1_STRING *params = NULL; + ASN1_INTEGER *prkey = NULL; + uint8_t *dp = NULL; + int dplen; + + if (!pkey->pkey.dsa || !pkey->pkey.dsa->priv_key) { + OPENSSL_PUT_ERROR(EVP, dsa_priv_encode, EVP_R_MISSING_PARAMETERS); + goto err; + } + + params = ASN1_STRING_new(); + if (!params) { + OPENSSL_PUT_ERROR(EVP, dsa_priv_encode, ERR_R_MALLOC_FAILURE); + goto err; + } + + params->length = i2d_DSAparams(pkey->pkey.dsa, ¶ms->data); + if (params->length <= 0) { + OPENSSL_PUT_ERROR(EVP, dsa_priv_encode, ERR_R_MALLOC_FAILURE); + goto err; + } + params->type = V_ASN1_SEQUENCE; + + /* Get private key into integer. */ + prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL); + + if (!prkey) { + OPENSSL_PUT_ERROR(EVP, dsa_priv_encode, ERR_LIB_BN); + goto err; + } + + dplen = i2d_ASN1_INTEGER(prkey, &dp); + + ASN1_INTEGER_free(prkey); + + if (!PKCS8_pkey_set0(p8, (ASN1_OBJECT *)OBJ_nid2obj(NID_dsa), 0, + V_ASN1_SEQUENCE, params, dp, dplen)) { + goto err; + } + + return 1; + +err: + OPENSSL_free(dp); + ASN1_STRING_free(params); + ASN1_INTEGER_free(prkey); + return 0; +} + +static int int_dsa_size(const EVP_PKEY *pkey) { + return DSA_size(pkey->pkey.dsa); +} + +static int dsa_bits(const EVP_PKEY *pkey) { + return BN_num_bits(pkey->pkey.dsa->p); +} + +static int dsa_missing_parameters(const EVP_PKEY *pkey) { + DSA *dsa; + dsa = pkey->pkey.dsa; + if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) { + return 1; + } + return 0; +} + +static int dup_bn_into(BIGNUM **out, BIGNUM *src) { + BIGNUM *a; + + a = BN_dup(src); + if (a == NULL) { + return 0; + } + BN_free(*out); + *out = a; + + return 1; +} + +static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) { + if (!dup_bn_into(&to->pkey.dsa->p, from->pkey.dsa->p) || + !dup_bn_into(&to->pkey.dsa->q, from->pkey.dsa->q) || + !dup_bn_into(&to->pkey.dsa->g, from->pkey.dsa->g)) { + return 0; + } + + return 1; +} + +static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) { + return BN_cmp(a->pkey.dsa->p, b->pkey.dsa->p) == 0 && + BN_cmp(a->pkey.dsa->q, b->pkey.dsa->q) == 0 && + BN_cmp(a->pkey.dsa->g, b->pkey.dsa->g) == 0; +} + +static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) { + return BN_cmp(b->pkey.dsa->pub_key, a->pkey.dsa->pub_key) == 0; +} + +static void int_dsa_free(EVP_PKEY *pkey) { DSA_free(pkey->pkey.dsa); } + +static void update_buflen(const BIGNUM *b, size_t *pbuflen) { + size_t i; + + if (!b) { + return; + } + i = BN_num_bytes(b); + if (*pbuflen < i) { + *pbuflen = i; + } +} + +static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype) { + uint8_t *m = NULL; + int ret = 0; + size_t buf_len = 0; + const char *ktype = NULL; + + const BIGNUM *priv_key, *pub_key; + + priv_key = NULL; + if (ptype == 2) { + priv_key = x->priv_key; + } + + pub_key = NULL; + if (ptype > 0) { + pub_key = x->pub_key; + } + + ktype = "DSA-Parameters"; + if (ptype == 2) { + ktype = "Private-Key"; + } else if (ptype == 1) { + ktype = "Public-Key"; + } + + update_buflen(x->p, &buf_len); + update_buflen(x->q, &buf_len); + update_buflen(x->g, &buf_len); + update_buflen(priv_key, &buf_len); + update_buflen(pub_key, &buf_len); + + m = (uint8_t *)OPENSSL_malloc(buf_len + 10); + if (m == NULL) { + OPENSSL_PUT_ERROR(EVP, do_dsa_print, ERR_R_MALLOC_FAILURE); + goto err; + } + + if (priv_key) { + if (!BIO_indent(bp, off, 128) || + BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0) { + goto err; + } + } + + if (!ASN1_bn_print(bp, "priv:", priv_key, m, off) || + !ASN1_bn_print(bp, "pub: ", pub_key, m, off) || + !ASN1_bn_print(bp, "P: ", x->p, m, off) || + !ASN1_bn_print(bp, "Q: ", x->q, m, off) || + !ASN1_bn_print(bp, "G: ", x->g, m, off)) { + goto err; + } + ret = 1; + +err: + OPENSSL_free(m); + return ret; +} + +static int dsa_param_decode(EVP_PKEY *pkey, const uint8_t **pder, int derlen) { + DSA *dsa; + dsa = d2i_DSAparams(NULL, pder, derlen); + if (dsa == NULL) { + OPENSSL_PUT_ERROR(EVP, dsa_param_decode, ERR_R_DSA_LIB); + return 0; + } + EVP_PKEY_assign_DSA(pkey, dsa); + return 1; +} + +static int dsa_param_encode(const EVP_PKEY *pkey, uint8_t **pder) { + return i2d_DSAparams(pkey->pkey.dsa, pder); +} + +static int dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) { + return do_dsa_print(bp, pkey->pkey.dsa, indent, 0); +} + +static int dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) { + return do_dsa_print(bp, pkey->pkey.dsa, indent, 1); +} + +static int dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) { + return do_dsa_print(bp, pkey->pkey.dsa, indent, 2); +} + +static int old_dsa_priv_decode(EVP_PKEY *pkey, const uint8_t **pder, + int derlen) { + DSA *dsa; + dsa = d2i_DSAPrivateKey(NULL, pder, derlen); + if (dsa == NULL) { + OPENSSL_PUT_ERROR(EVP, old_dsa_priv_decode, ERR_R_DSA_LIB); + return 0; + } + EVP_PKEY_assign_DSA(pkey, dsa); + return 1; +} + +static int old_dsa_priv_encode(const EVP_PKEY *pkey, uint8_t **pder) { + return i2d_DSAPrivateKey(pkey->pkey.dsa, pder); +} + +static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, + const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx) { + DSA_SIG *dsa_sig; + const uint8_t *p; + + if (!sig) { + return BIO_puts(bp, "\n") > 0; + } + + p = sig->data; + dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length); + if (dsa_sig == NULL) { + return X509_signature_dump(bp, sig, indent); + } + + int rv = 0; + size_t buf_len = 0; + uint8_t *m = NULL; + + update_buflen(dsa_sig->r, &buf_len); + update_buflen(dsa_sig->s, &buf_len); + m = OPENSSL_malloc(buf_len + 10); + if (m == NULL) { + OPENSSL_PUT_ERROR(EVP, dsa_sig_print, ERR_R_MALLOC_FAILURE); + goto err; + } + + if (BIO_write(bp, "\n", 1) != 1 || + !ASN1_bn_print(bp, "r: ", dsa_sig->r, m, indent) || + !ASN1_bn_print(bp, "s: ", dsa_sig->s, m, indent)) { + goto err; + } + rv = 1; + +err: + OPENSSL_free(m); + DSA_SIG_free(dsa_sig); + return rv; +} + +const EVP_PKEY_ASN1_METHOD dsa_asn1_meth = { + EVP_PKEY_DSA, + EVP_PKEY_DSA, + 0, + + "DSA", + "OpenSSL DSA method", + + dsa_pub_decode, + dsa_pub_encode, + dsa_pub_cmp, + dsa_pub_print, + + dsa_priv_decode, + dsa_priv_encode, + dsa_priv_print, + + NULL /* pkey_opaque */, + NULL /* pkey_supports_digest */, + + int_dsa_size, + dsa_bits, + + dsa_param_decode, + dsa_param_encode, + dsa_missing_parameters, + dsa_copy_parameters, + dsa_cmp_parameters, + dsa_param_print, + dsa_sig_print, + + int_dsa_free, + old_dsa_priv_decode, + old_dsa_priv_encode, +}; diff --git a/src/crypto/evp/p_ec.c b/src/crypto/evp/p_ec.c index c274131..73c00d8 100644 --- a/src/crypto/evp/p_ec.c +++ b/src/crypto/evp/p_ec.c @@ -119,9 +119,7 @@ static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx) { return; } - if (dctx->gen_group) { - EC_GROUP_free(dctx->gen_group); - } + EC_GROUP_free(dctx->gen_group); OPENSSL_free(dctx); } @@ -212,8 +210,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { OPENSSL_PUT_ERROR(EVP, pkey_ec_ctrl, EVP_R_INVALID_CURVE); return 0; } - if (dctx->gen_group) - EC_GROUP_free(dctx->gen_group); + EC_GROUP_free(dctx->gen_group); dctx->gen_group = group; return 1; @@ -240,7 +237,8 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { return 1; default: - return -2; + OPENSSL_PUT_ERROR(EVP, pkey_ec_ctrl, EVP_R_COMMAND_NOT_SUPPORTED); + return 0; } } diff --git a/src/crypto/evp/p_ec_asn1.c b/src/crypto/evp/p_ec_asn1.c index 914cc2f..fbbf4e7 100644 --- a/src/crypto/evp/p_ec_asn1.c +++ b/src/crypto/evp/p_ec_asn1.c @@ -142,23 +142,13 @@ static EC_KEY *eckey_type2param(int ptype, void *pval) { } } else if (ptype == V_ASN1_OBJECT) { ASN1_OBJECT *poid = pval; - EC_GROUP *group; /* type == V_ASN1_OBJECT => the parameters are given * by an asn1 OID */ - eckey = EC_KEY_new(); + eckey = EC_KEY_new_by_curve_name(OBJ_obj2nid(poid)); if (eckey == NULL) { - OPENSSL_PUT_ERROR(EVP, eckey_type2param, ERR_R_MALLOC_FAILURE); goto err; } - group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(poid)); - if (group == NULL) { - goto err; - } - if (EC_KEY_set_group(eckey, group) == 0) { - goto err; - } - EC_GROUP_free(group); } else { OPENSSL_PUT_ERROR(EVP, eckey_type2param, EVP_R_DECODE_ERROR); goto err; @@ -201,8 +191,9 @@ static int eckey_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) { return 1; err: - if (eckey) + if (eckey) { EC_KEY_free(eckey); + } return 0; } @@ -235,8 +226,9 @@ static int eckey_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) { eckey = eckey_type2param(ptype, pval); - if (!eckey) + if (!eckey) { goto ecliberr; + } /* We have parameters now set private key */ if (!d2i_ECPrivateKey(&eckey, &p, pklen)) { @@ -282,8 +274,9 @@ static int eckey_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) { ecliberr: OPENSSL_PUT_ERROR(EVP, eckey_priv_decode, ERR_R_EC_LIB); ecerr: - if (eckey) + if (eckey) { EC_KEY_free(eckey); + } return 0; } @@ -439,10 +432,12 @@ static int do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, int ktype) { if (ktype == 2) { priv_key = EC_KEY_get0_private_key(x); - if (priv_key && (i = (size_t)BN_num_bytes(priv_key)) > buf_len) + if (priv_key && (i = (size_t)BN_num_bytes(priv_key)) > buf_len) { buf_len = i; - } else + } + } else { priv_key = NULL; + } if (ktype > 0) { buf_len += 10; @@ -451,24 +446,27 @@ static int do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, int ktype) { goto err; } } - if (ktype == 2) + if (ktype == 2) { ecstr = "Private-Key"; - else if (ktype == 1) + } else if (ktype == 1) { ecstr = "Public-Key"; - else + } else { ecstr = "ECDSA-Parameters"; + } - if (!BIO_indent(bp, off, 128)) - goto err; - if ((order = BN_new()) == NULL) - goto err; - if (!EC_GROUP_get_order(group, order, NULL)) + if (!BIO_indent(bp, off, 128)) { goto err; - if (BIO_printf(bp, "%s: (%d bit)\n", ecstr, BN_num_bits(order)) <= 0) + } + order = BN_new(); + if (order == NULL || !EC_GROUP_get_order(group, order, NULL) || + BIO_printf(bp, "%s: (%d bit)\n", ecstr, BN_num_bits(order)) <= 0) { goto err; + } - if ((priv_key != NULL) && !ASN1_bn_print(bp, "priv:", priv_key, buffer, off)) + if ((priv_key != NULL) && + !ASN1_bn_print(bp, "priv:", priv_key, buffer, off)) { goto err; + } if (pub_key_bytes != NULL) { BIO_hexdump(bp, pub_key_bytes, pub_key_bytes_len, off); } @@ -479,16 +477,13 @@ static int do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, int ktype) { ret = 1; err: - if (!ret) + if (!ret) { OPENSSL_PUT_ERROR(EVP, do_EC_KEY_print, reason); - if (pub_key_bytes) - OPENSSL_free(pub_key_bytes); - if (order) - BN_free(order); - if (ctx) - BN_CTX_free(ctx); - if (buffer != NULL) - OPENSSL_free(buffer); + } + OPENSSL_free(pub_key_bytes); + BN_free(order); + BN_CTX_free(ctx); + OPENSSL_free(buffer); return ret; } diff --git a/src/crypto/evp/p_hmac.c b/src/crypto/evp/p_hmac.c index 6d9a909..21703ed 100644 --- a/src/crypto/evp/p_hmac.c +++ b/src/crypto/evp/p_hmac.c @@ -204,7 +204,8 @@ static int pkey_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { break; default: - return -2; + OPENSSL_PUT_ERROR(EVP, pkey_hmac_ctrl, EVP_R_COMMAND_NOT_SUPPORTED); + return 0; } return 1; } diff --git a/src/crypto/evp/p_rsa.c b/src/crypto/evp/p_rsa.c index 31f5aaa..5abc075 100644 --- a/src/crypto/evp/p_rsa.c +++ b/src/crypto/evp/p_rsa.c @@ -55,10 +55,12 @@ #include +#include #include #include #include +#include #include #include #include @@ -125,9 +127,7 @@ static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) { dctx->md = sctx->md; dctx->mgf1md = sctx->mgf1md; if (sctx->oaep_label) { - if (dctx->oaep_label) { - OPENSSL_free(dctx->oaep_label); - } + OPENSSL_free(dctx->oaep_label); dctx->oaep_label = BUF_memdup(sctx->oaep_label, sctx->oaep_labellen); if (!dctx->oaep_label) { return 0; @@ -145,15 +145,9 @@ static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx) { return; } - if (rctx->pub_exp) { - BN_free(rctx->pub_exp); - } - if (rctx->tbuf) { - OPENSSL_free(rctx->tbuf); - } - if (rctx->oaep_label) { - OPENSSL_free(rctx->oaep_label); - } + BN_free(rctx->pub_exp); + OPENSSL_free(rctx->tbuf); + OPENSSL_free(rctx->oaep_label); OPENSSL_free(rctx); } @@ -369,7 +363,7 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { 0 == (ctx->operation & EVP_PKEY_OP_TYPE_CRYPT))) { OPENSSL_PUT_ERROR(EVP, pkey_rsa_ctrl, EVP_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); - return -2; + return 0; } if ((p1 == RSA_PKCS1_PSS_PADDING || p1 == RSA_PKCS1_OAEP_PADDING) && rctx->md == NULL) { @@ -386,13 +380,13 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN: if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) { OPENSSL_PUT_ERROR(EVP, pkey_rsa_ctrl, EVP_R_INVALID_PSS_SALTLEN); - return -2; + return 0; } if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN) { *(int *)p2 = rctx->saltlen; } else { if (p1 < -2) { - return -2; + return 0; } rctx->saltlen = p1; } @@ -401,14 +395,14 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { case EVP_PKEY_CTRL_RSA_KEYGEN_BITS: if (p1 < 256) { OPENSSL_PUT_ERROR(EVP, pkey_rsa_ctrl, EVP_R_INVALID_KEYBITS); - return -2; + return 0; } rctx->nbits = p1; return 1; case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP: if (!p2) { - return -2; + return 0; } BN_free(rctx->pub_exp); rctx->pub_exp = p2; @@ -418,7 +412,7 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { case EVP_PKEY_CTRL_GET_RSA_OAEP_MD: if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) { OPENSSL_PUT_ERROR(EVP, pkey_rsa_ctrl, EVP_R_INVALID_PADDING_MODE); - return -2; + return 0; } if (type == EVP_PKEY_CTRL_GET_RSA_OAEP_MD) { *(const EVP_MD **)p2 = rctx->md; @@ -443,7 +437,7 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING && rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) { OPENSSL_PUT_ERROR(EVP, pkey_rsa_ctrl, EVP_R_INVALID_MGF1_MD); - return -2; + return 0; } if (type == EVP_PKEY_CTRL_GET_RSA_MGF1_MD) { if (rctx->mgf1md) { @@ -459,11 +453,9 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { case EVP_PKEY_CTRL_RSA_OAEP_LABEL: if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) { OPENSSL_PUT_ERROR(EVP, pkey_rsa_ctrl, EVP_R_INVALID_PADDING_MODE); - return -2; - } - if (rctx->oaep_label) { - OPENSSL_free(rctx->oaep_label); + return 0; } + OPENSSL_free(rctx->oaep_label); if (p2 && p1 > 0) { /* TODO(fork): this seems wrong. Shouldn't it take a copy of the * buffer? */ @@ -478,16 +470,17 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { case EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL: if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) { OPENSSL_PUT_ERROR(EVP, pkey_rsa_ctrl, EVP_R_INVALID_PADDING_MODE); - return -2; + return 0; } - *(uint8_t **)p2 = rctx->oaep_label; - return rctx->oaep_labellen; + CBS_init((CBS *)p2, rctx->oaep_label, rctx->oaep_labellen); + return 1; case EVP_PKEY_CTRL_DIGESTINIT: return 1; default: - return -2; + OPENSSL_PUT_ERROR(EVP, pkey_rsa_ctrl, EVP_R_COMMAND_NOT_SUPPORTED); + return 0; } } @@ -497,8 +490,9 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { if (!rctx->pub_exp) { rctx->pub_exp = BN_new(); - if (!rctx->pub_exp || !BN_set_word(rctx->pub_exp, RSA_F4)) + if (!rctx->pub_exp || !BN_set_word(rctx->pub_exp, RSA_F4)) { return 0; + } } rsa = RSA_new(); if (!rsa) { @@ -583,7 +577,7 @@ int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, const uint8_t *label, size_t label_len) { int label_len_int = label_len; if (((size_t) label_len_int) != label_len) { - return -2; + return 0; } return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, @@ -593,6 +587,15 @@ int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, const uint8_t *label, int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, const uint8_t **out_label) { - return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, - EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, 0, (void *) out_label); + CBS label; + if (!EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, + EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, 0, &label)) { + return -1; + } + if (CBS_len(&label) > INT_MAX) { + OPENSSL_PUT_ERROR(EVP, EVP_PKEY_CTX_get0_rsa_oaep_label, ERR_R_OVERFLOW); + return -1; + } + *out_label = CBS_data(&label); + return (int)CBS_len(&label); } diff --git a/src/crypto/evp/p_rsa_asn1.c b/src/crypto/evp/p_rsa_asn1.c index f478d50..1e2d3f6 100644 --- a/src/crypto/evp/p_rsa_asn1.c +++ b/src/crypto/evp/p_rsa_asn1.c @@ -245,9 +245,7 @@ static int do_rsa_print(BIO *out, const RSA *rsa, int off, ret = 1; err: - if (m != NULL) { - OPENSSL_free(m); - } + OPENSSL_free(m); return ret; } @@ -394,12 +392,8 @@ static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, pss = rsa_pss_decode(sigalg, &maskHash); rv = rsa_pss_param_print(bp, pss, maskHash, indent); - if (pss) { - RSA_PSS_PARAMS_free(pss); - } - if (maskHash) { - X509_ALGOR_free(maskHash); - } + RSA_PSS_PARAMS_free(pss); + X509_ALGOR_free(maskHash); if (!rv) { return 0; } @@ -463,12 +457,11 @@ static int rsa_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md) { stmp = NULL; err: - if (stmp) - ASN1_STRING_free(stmp); - if (algtmp) - X509_ALGOR_free(algtmp); - if (*palg) + ASN1_STRING_free(stmp); + X509_ALGOR_free(algtmp); + if (*palg) { return 1; + } return 0; } @@ -518,8 +511,8 @@ static ASN1_STRING *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx) { EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx); int saltlen, rv = 0; - if (EVP_PKEY_CTX_get_signature_md(pkctx, &sigmd) <= 0 || - EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0 || + if (!EVP_PKEY_CTX_get_signature_md(pkctx, &sigmd) || + !EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) || !EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen)) { goto err; } @@ -560,12 +553,15 @@ static ASN1_STRING *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx) { rv = 1; err: - if (pss) + if (pss) { RSA_PSS_PARAMS_free(pss); - if (rv) + } + if (rv) { return os; - if (os) + } + if (os) { ASN1_STRING_free(os); + } return NULL; } @@ -619,9 +615,9 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, X509_ALGOR *sigalg, EVP_PKEY *pkey) { } if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey) || - EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0 || - EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0 || - EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0) { + !EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) || + !EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) || + !EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md)) { goto err; } @@ -653,7 +649,7 @@ static evp_digest_sign_algorithm_result_t rsa_digest_sign_algorithm( EVP_MD_CTX *ctx, X509_ALGOR *sigalg) { int pad_mode; EVP_PKEY_CTX *pkctx = ctx->pctx; - if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) { + if (!EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode)) { return EVP_DIGEST_SIGN_ALGORITHM_ERROR; } if (pad_mode == RSA_PKCS1_PSS_PADDING) { diff --git a/src/crypto/evp/pbkdf_test.cc b/src/crypto/evp/pbkdf_test.cc new file mode 100644 index 0000000..ae2f405 --- /dev/null +++ b/src/crypto/evp/pbkdf_test.cc @@ -0,0 +1,179 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include +#include + +#include +#include +#include +#include +#include + + +// Prints out the data buffer as a sequence of hex bytes. +static void PrintDataHex(const void *data, size_t len) { + for (size_t i = 0; i < len; ++i) { + fprintf(stderr, "%02x", (int)((const uint8_t *)data)[i]); + } +} + +// Helper for testing that PBKDF2 derives the expected key from the given +// inputs. Returns 1 on success, 0 otherwise. +static bool TestPBKDF2(const void *password, size_t password_len, + const void *salt, size_t salt_len, unsigned iterations, + const EVP_MD *digest, size_t key_len, + const uint8_t *expected_key) { + uint8_t key[64]; + + if (key_len > sizeof(key)) { + fprintf(stderr, "Output buffer is not large enough.\n"); + return false; + } + + if (!PKCS5_PBKDF2_HMAC((const char *)password, password_len, + (const uint8_t *)salt, salt_len, iterations, digest, + key_len, key)) { + fprintf(stderr, "Call to PKCS5_PBKDF2_HMAC failed\n"); + ERR_print_errors_fp(stderr); + return false; + } + + if (memcmp(key, expected_key, key_len) != 0) { + fprintf(stderr, "Resulting key material does not match expectation\n"); + fprintf(stderr, "Expected:\n "); + PrintDataHex(expected_key, key_len); + fprintf(stderr, "\nActual:\n "); + PrintDataHex(key, key_len); + fprintf(stderr, "\n"); + return false; + } + + return true; +} + +// Tests deriving a key using an empty password (specified both as NULL and as +// non-NULL). Note that NULL has special meaning to HMAC initialization. +static bool TestEmptyPassword() { + const uint8_t kKey[] = {0xa3, 0x3d, 0xdd, 0xc3, 0x04, 0x78, 0x18, + 0x55, 0x15, 0x31, 0x1f, 0x87, 0x52, 0x89, + 0x5d, 0x36, 0xea, 0x43, 0x63, 0xa2}; + + if (!TestPBKDF2(NULL, 0, "salt", 4, 1, EVP_sha1(), sizeof(kKey), kKey) || + !TestPBKDF2("", 0, "salt", 4, 1, EVP_sha1(), sizeof(kKey), kKey)) { + return false; + } + + return true; +} + +// Tests deriving a key using an empty salt. Note that the expectation was +// generated using OpenSSL itself, and hence is not verified. +static bool TestEmptySalt() { + const uint8_t kKey[] = {0x8b, 0xc2, 0xf9, 0x16, 0x7a, 0x81, 0xcd, 0xcf, + 0xad, 0x12, 0x35, 0xcd, 0x90, 0x47, 0xf1, 0x13, + 0x62, 0x71, 0xc1, 0xf9, 0x78, 0xfc, 0xfc, 0xb3, + 0x5e, 0x22, 0xdb, 0xea, 0xfa, 0x46, 0x34, 0xf6}; + + if (!TestPBKDF2("password", 8, NULL, 0, 2, EVP_sha256(), sizeof(kKey), + kKey) || + !TestPBKDF2("password", 8, "", 0, 2, EVP_sha256(), sizeof(kKey), kKey)) { + return false; + } + + return true; +} + +// Exercises test vectors taken from https://tools.ietf.org/html/rfc6070. +// Note that each of these test vectors uses SHA-1 as the digest. +static bool TestRFC6070Vectors() { + const uint8_t kKey1[] = {0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, + 0x71, 0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, + 0x12, 0x06, 0x2f, 0xe0, 0x37, 0xa6}; + const uint8_t kKey2[] = {0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, + 0x8c, 0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, + 0x41, 0xf0, 0xd8, 0xde, 0x89, 0x57}; + const uint8_t kKey3[] = {0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d, + 0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3}; + + if (!TestPBKDF2("password", 8, "salt", 4, 1, EVP_sha1(), sizeof(kKey1), + kKey1) || + !TestPBKDF2("password", 8, "salt", 4, 2, EVP_sha1(), sizeof(kKey2), + kKey2) || + !TestPBKDF2("pass\0word", 9, "sa\0lt", 5, 4096, EVP_sha1(), + sizeof(kKey3), kKey3)) { + return false; + } + + return true; +} + +// Tests key derivation using SHA-2 digests. +static bool TestSHA2() { + // This test was taken from: + // http://stackoverflow.com/questions/5130513/pbkdf2-hmac-sha2-test-vectors. + const uint8_t kKey1[] = {0xae, 0x4d, 0x0c, 0x95, 0xaf, 0x6b, 0x46, 0xd3, + 0x2d, 0x0a, 0xdf, 0xf9, 0x28, 0xf0, 0x6d, 0xd0, + 0x2a, 0x30, 0x3f, 0x8e, 0xf3, 0xc2, 0x51, 0xdf, + 0xd6, 0xe2, 0xd8, 0x5a, 0x95, 0x47, 0x4c, 0x43}; + + // This test was taken from: + // http://stackoverflow.com/questions/15593184/pbkdf2-hmac-sha-512-test-vectors. + const uint8_t kKey2[] = { + 0x8c, 0x05, 0x11, 0xf4, 0xc6, 0xe5, 0x97, 0xc6, 0xac, 0x63, 0x15, + 0xd8, 0xf0, 0x36, 0x2e, 0x22, 0x5f, 0x3c, 0x50, 0x14, 0x95, 0xba, + 0x23, 0xb8, 0x68, 0xc0, 0x05, 0x17, 0x4d, 0xc4, 0xee, 0x71, 0x11, + 0x5b, 0x59, 0xf9, 0xe6, 0x0c, 0xd9, 0x53, 0x2f, 0xa3, 0x3e, 0x0f, + 0x75, 0xae, 0xfe, 0x30, 0x22, 0x5c, 0x58, 0x3a, 0x18, 0x6c, 0xd8, + 0x2b, 0xd4, 0xda, 0xea, 0x97, 0x24, 0xa3, 0xd3, 0xb8}; + + if (!TestPBKDF2("password", 8, "salt", 4, 2, EVP_sha256(), sizeof(kKey1), + kKey1) || + !TestPBKDF2("passwordPASSWORDpassword", 24, + "saltSALTsaltSALTsaltSALTsaltSALTsalt", 36, 4096, + EVP_sha512(), sizeof(kKey2), kKey2)) { + return false; + } + + return true; +} + +int main(void) { + CRYPTO_library_init(); + ERR_load_crypto_strings(); + + if (!TestEmptyPassword()) { + fprintf(stderr, "TestEmptyPassword failed\n"); + return 1; + } + + if (!TestEmptySalt()) { + fprintf(stderr, "TestEmptySalt failed\n"); + return 1; + } + + if (!TestRFC6070Vectors()) { + fprintf(stderr, "TestRFC6070Vectors failed\n"); + return 1; + } + + if (!TestSHA2()) { + fprintf(stderr, "TestSHA2 failed\n"); + return 1; + } + + printf("PASS\n"); + ERR_free_strings(); + return 0; +} diff --git a/src/crypto/evp/sign.c b/src/crypto/evp/sign.c index 1faf7c6..ced86bd 100644 --- a/src/crypto/evp/sign.c +++ b/src/crypto/evp/sign.c @@ -92,9 +92,9 @@ int EVP_SignFinal(const EVP_MD_CTX *ctx, uint8_t *sig, EVP_MD_CTX_cleanup(&tmp_ctx); pkctx = EVP_PKEY_CTX_new(pkey, NULL); - if (!pkctx || EVP_PKEY_sign_init(pkctx) <= 0 || - EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0 || - EVP_PKEY_sign(pkctx, sig, &sig_len, m, m_len) <= 0) { + if (!pkctx || !EVP_PKEY_sign_init(pkctx) || + !EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) || + !EVP_PKEY_sign(pkctx, sig, &sig_len, m, m_len)) { goto out; } *out_sig_len = sig_len; @@ -138,8 +138,8 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const uint8_t *sig, size_t sig_len, pkctx = EVP_PKEY_CTX_new(pkey, NULL); if (!pkctx || - EVP_PKEY_verify_init(pkctx) <= 0 || - EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) { + !EVP_PKEY_verify_init(pkctx) || + !EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest)) { goto out; } ret = EVP_PKEY_verify(pkctx, sig, sig_len, m, m_len); diff --git a/src/crypto/ex_data.c b/src/crypto/ex_data.c index 0c2503e..10fefc8 100644 --- a/src/crypto/ex_data.c +++ b/src/crypto/ex_data.c @@ -108,47 +108,65 @@ #include +#include +#include + +#include #include +#include +#include +#include #include -#include "crypto_error.h" #include "internal.h" -/* global_impl is the implementation that we use at runtime. */ -static const CRYPTO_EX_DATA_IMPL *global_impl = NULL; +struct crypto_ex_data_func_st { + long argl; /* Arbitary long */ + void *argp; /* Arbitary void pointer */ + CRYPTO_EX_new *new_func; + CRYPTO_EX_free *free_func; + CRYPTO_EX_dup *dup_func; +}; + +int CRYPTO_get_ex_new_index(CRYPTO_EX_DATA_CLASS *ex_data_class, int *out_index, + long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func) { + CRYPTO_EX_DATA_FUNCS *funcs; + int ret = 0; -/* ex_data_default_impl is a the default implementation, defined in - * ex_data_impl.c. */ -extern const CRYPTO_EX_DATA_IMPL ex_data_default_impl; + funcs = OPENSSL_malloc(sizeof(CRYPTO_EX_DATA_FUNCS)); + if (funcs == NULL) { + OPENSSL_PUT_ERROR(CRYPTO, CRYPTO_get_ex_new_index, ERR_R_MALLOC_FAILURE); + return 0; + } -/* get_impl returns the current ex_data implementatation. */ -static const CRYPTO_EX_DATA_IMPL *get_impl(void) { - const CRYPTO_EX_DATA_IMPL *impl; + funcs->argl = argl; + funcs->argp = argp; + funcs->new_func = new_func; + funcs->dup_func = dup_func; + funcs->free_func = free_func; - CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); - impl = global_impl; - CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA); + CRYPTO_STATIC_MUTEX_lock_write(&ex_data_class->lock); - if (impl != NULL) { - return impl; + if (ex_data_class->meth == NULL) { + ex_data_class->meth = sk_CRYPTO_EX_DATA_FUNCS_new_null(); } - CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); - if (global_impl == NULL) { - global_impl = &ex_data_default_impl; + if (ex_data_class->meth == NULL || + !sk_CRYPTO_EX_DATA_FUNCS_push(ex_data_class->meth, funcs)) { + OPENSSL_PUT_ERROR(CRYPTO, CRYPTO_get_ex_new_index, ERR_R_MALLOC_FAILURE); + OPENSSL_free(funcs); + goto err; } - impl = global_impl; - CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); - return impl; -} -int CRYPTO_get_ex_new_index(int class_value, long argl, void *argp, - CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func) { - const CRYPTO_EX_DATA_IMPL *const impl = get_impl(); - return impl->get_new_index(class_value, argl, argp, new_func, dup_func, - free_func); + *out_index = sk_CRYPTO_EX_DATA_FUNCS_num(ex_data_class->meth) - 1; + ret = 1; + +err: + CRYPTO_STATIC_MUTEX_unlock(&ex_data_class->lock); + return ret; } int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int index, void *val) { @@ -183,45 +201,113 @@ void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx) { return sk_void_value(ad->sk, idx); } -int CRYPTO_ex_data_new_class(void) { - const CRYPTO_EX_DATA_IMPL *const impl = get_impl(); - return impl->new_class(); +/* get_func_pointers takes a copy of the CRYPTO_EX_DATA_FUNCS pointers, if any, + * for the given class. If there are some pointers, it sets |*out| to point to + * a fresh stack of them. Otherwise it sets |*out| to NULL. It returns one on + * success or zero on error. */ +static int get_func_pointers(STACK_OF(CRYPTO_EX_DATA_FUNCS) **out, + CRYPTO_EX_DATA_CLASS *ex_data_class) { + size_t n; + + *out = NULL; + + /* CRYPTO_EX_DATA_FUNCS structures are static once set, so we can take a + * shallow copy of the list under lock and then use the structures without + * the lock held. */ + CRYPTO_STATIC_MUTEX_lock_read(&ex_data_class->lock); + n = sk_CRYPTO_EX_DATA_FUNCS_num(ex_data_class->meth); + if (n > 0) { + *out = sk_CRYPTO_EX_DATA_FUNCS_dup(ex_data_class->meth); + } + CRYPTO_STATIC_MUTEX_unlock(&ex_data_class->lock); + + if (n > 0 && *out == NULL) { + OPENSSL_PUT_ERROR(CRYPTO, get_func_pointers, ERR_R_MALLOC_FAILURE); + return 0; + } + + return 1; } -int CRYPTO_new_ex_data(int class_value, void *obj, CRYPTO_EX_DATA *ad) { - const CRYPTO_EX_DATA_IMPL *const impl = get_impl(); - return impl->new_ex_data(class_value, obj, ad); +int CRYPTO_new_ex_data(CRYPTO_EX_DATA_CLASS *ex_data_class, void *obj, + CRYPTO_EX_DATA *ad) { + STACK_OF(CRYPTO_EX_DATA_FUNCS) *func_pointers; + size_t i; + + ad->sk = NULL; + + if (!get_func_pointers(&func_pointers, ex_data_class)) { + return 0; + } + + for (i = 0; i < sk_CRYPTO_EX_DATA_FUNCS_num(func_pointers); i++) { + CRYPTO_EX_DATA_FUNCS *func_pointer = + sk_CRYPTO_EX_DATA_FUNCS_value(func_pointers, i); + if (func_pointer->new_func) { + func_pointer->new_func(obj, NULL, ad, i, func_pointer->argl, + func_pointer->argp); + } + } + + sk_CRYPTO_EX_DATA_FUNCS_free(func_pointers); + + return 1; } -int CRYPTO_dup_ex_data(int class_value, CRYPTO_EX_DATA *to, +int CRYPTO_dup_ex_data(CRYPTO_EX_DATA_CLASS *ex_data_class, CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from) { - const CRYPTO_EX_DATA_IMPL *const impl = get_impl(); - return impl->dup_ex_data(class_value, to, from); -} + STACK_OF(CRYPTO_EX_DATA_FUNCS) *func_pointers; + size_t i; -void CRYPTO_free_ex_data(int class_value, void *obj, CRYPTO_EX_DATA *ad) { - const CRYPTO_EX_DATA_IMPL *const impl = get_impl(); - impl->free_ex_data(class_value, obj, ad); -} + if (!from->sk) { + /* In this case, |from| is blank, which is also the initial state of |to|, + * so there's nothing to do. */ + return 1; + } + + if (!get_func_pointers(&func_pointers, ex_data_class)) { + return 0; + } -const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void) { - return get_impl(); + for (i = 0; i < sk_CRYPTO_EX_DATA_FUNCS_num(func_pointers); i++) { + CRYPTO_EX_DATA_FUNCS *func_pointer = + sk_CRYPTO_EX_DATA_FUNCS_value(func_pointers, i); + void *ptr = CRYPTO_get_ex_data(from, i); + if (func_pointer->dup_func) { + func_pointer->dup_func(to, from, &ptr, i, func_pointer->argl, + func_pointer->argp); + } + CRYPTO_set_ex_data(to, i, ptr); + } + + sk_CRYPTO_EX_DATA_FUNCS_free(func_pointers); + + return 1; } -int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *impl) { - int ret = 0; +void CRYPTO_free_ex_data(CRYPTO_EX_DATA_CLASS *ex_data_class, void *obj, + CRYPTO_EX_DATA *ad) { + STACK_OF(CRYPTO_EX_DATA_FUNCS) *func_pointers; + size_t i; - CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); - if (global_impl == NULL) { - ret = 1; - global_impl = impl; + if (!get_func_pointers(&func_pointers, ex_data_class)) { + return; } - CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); - return ret; -} + for (i = 0; i < sk_CRYPTO_EX_DATA_FUNCS_num(func_pointers); i++) { + CRYPTO_EX_DATA_FUNCS *func_pointer = + sk_CRYPTO_EX_DATA_FUNCS_value(func_pointers, i); + if (func_pointer->free_func) { + void *ptr = CRYPTO_get_ex_data(ad, i); + func_pointer->free_func(obj, ptr, ad, i, func_pointer->argl, + func_pointer->argp); + } + } -void CRYPTO_cleanup_all_ex_data(void) { - const CRYPTO_EX_DATA_IMPL *const impl = get_impl(); - impl->cleanup(); + sk_CRYPTO_EX_DATA_FUNCS_free(func_pointers); + + sk_void_free(ad->sk); + ad->sk = NULL; } + +void CRYPTO_cleanup_all_ex_data(void) {} diff --git a/src/crypto/ex_data_impl.c b/src/crypto/ex_data_impl.c deleted file mode 100644 index f55b369..0000000 --- a/src/crypto/ex_data_impl.c +++ /dev/null @@ -1,401 +0,0 @@ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). */ - -#include - -#include - -#include -#include -#include -#include -#include - -#include "crypto_error.h" -#include "internal.h" - -typedef struct crypto_ex_data_func_st { - long argl; /* Arbitary long */ - void *argp; /* Arbitary void pointer */ - CRYPTO_EX_new *new_func; - CRYPTO_EX_free *free_func; - CRYPTO_EX_dup *dup_func; -} CRYPTO_EX_DATA_FUNCS; - -typedef struct st_ex_class_item { - STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth; - int class_value; -} EX_CLASS_ITEM; - -static LHASH_OF(EX_CLASS_ITEM) *global_classes = NULL; - -static int global_next_class = 100; - -static int new_class(void) { - int ret; - CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); - ret = global_next_class++; - CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); - - return ret; -} - -/* class_hash is a hash function used by an LHASH of |EX_CLASS_ITEM| - * structures. */ -static uint32_t class_hash(const EX_CLASS_ITEM *a) { - return a->class_value; -} - -/* class_cmp is a comparison function for an LHASH of |EX_CLASS_ITEM| - * structures. */ -static int class_cmp(const EX_CLASS_ITEM *a, const EX_CLASS_ITEM *b) { - return a->class_value - b->class_value; -} - -/* data_funcs_free is a callback function from |sk_pop_free| that frees a - * |CRYPTO_EX_DATA_FUNCS|. */ -static void data_funcs_free(CRYPTO_EX_DATA_FUNCS *funcs) { - OPENSSL_free(funcs); -} - -/* class_free is a callback function from lh_doall to free the EX_CLASS_ITEM - * structures. */ -static void class_free(EX_CLASS_ITEM *item) { - sk_CRYPTO_EX_DATA_FUNCS_pop_free(item->meth, data_funcs_free); - OPENSSL_free(item); -} - -static LHASH_OF(EX_CLASS_ITEM) *get_classes(void) { - LHASH_OF(EX_CLASS_ITEM) *ret; - - CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); - ret = global_classes; - CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA); - - if (ret != NULL) { - return ret; - } - - CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); - if (global_classes == NULL) { - global_classes = lh_EX_CLASS_ITEM_new(class_hash, class_cmp); - } - ret = global_classes; - CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); - - return ret; -} - -static void cleanup(void) { - LHASH_OF(EX_CLASS_ITEM) *classes = get_classes(); - - if (classes != NULL) { - lh_EX_CLASS_ITEM_doall(classes, class_free); - lh_EX_CLASS_ITEM_free(classes); - } - - global_classes = NULL; -} - -static EX_CLASS_ITEM *get_class(int class_value) { - LHASH_OF(EX_CLASS_ITEM) *const classes = get_classes(); - EX_CLASS_ITEM template, *class_item; - int ok = 0; - - if (classes == NULL) { - return NULL; - } - - CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); - template.class_value = class_value; - class_item = lh_EX_CLASS_ITEM_retrieve(classes, &template); - if (class_item != NULL) { - ok = 1; - } else { - class_item = OPENSSL_malloc(sizeof(EX_CLASS_ITEM)); - if (class_item) { - class_item->class_value = class_value; - class_item->meth = sk_CRYPTO_EX_DATA_FUNCS_new_null(); - if (class_item->meth != NULL) { - EX_CLASS_ITEM *old_data; - ok = lh_EX_CLASS_ITEM_insert(classes, &old_data, class_item); - assert(old_data == NULL); - } - } - } - CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); - - if (!ok) { - if (class_item) { - if (class_item->meth) { - sk_CRYPTO_EX_DATA_FUNCS_free(class_item->meth); - } - OPENSSL_free(class_item); - class_item = NULL; - } - - OPENSSL_PUT_ERROR(CRYPTO, get_class, ERR_R_MALLOC_FAILURE); - } - - return class_item; -} - -static int get_new_index(int class_value, long argl, void *argp, - CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func) { - EX_CLASS_ITEM *const item = get_class(class_value); - CRYPTO_EX_DATA_FUNCS *funcs; - int ret = -1; - - if (!item) { - return -1; - } - - funcs = OPENSSL_malloc(sizeof(CRYPTO_EX_DATA_FUNCS)); - if (funcs == NULL) { - OPENSSL_PUT_ERROR(CRYPTO, get_new_index, ERR_R_MALLOC_FAILURE); - return -1; - } - - funcs->argl = argl; - funcs->argp = argp; - funcs->new_func = new_func; - funcs->dup_func = dup_func; - funcs->free_func = free_func; - - CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); - - if (!sk_CRYPTO_EX_DATA_FUNCS_push(item->meth, funcs)) { - OPENSSL_PUT_ERROR(CRYPTO, get_new_index, ERR_R_MALLOC_FAILURE); - OPENSSL_free(funcs); - goto err; - } - - ret = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth) - 1; - -err: - CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); - return ret; -} - -/* get_func_pointers takes a copy of the CRYPTO_EX_DATA_FUNCS pointers, if any, - * for the given class. If there are some pointers, it sets |*out| to point to - * a fresh stack of them. Otherwise it sets |*out| to NULL. It returns one on - * success or zero on error. */ -static int get_func_pointers(STACK_OF(CRYPTO_EX_DATA_FUNCS) **out, - int class_value) { - EX_CLASS_ITEM *const item = get_class(class_value); - size_t n; - - if (!item) { - return 0; - } - - *out = NULL; - - /* CRYPTO_EX_DATA_FUNCS structures are static once set, so we can take a - * shallow copy of the list under lock and then use the structures without - * the lock held. */ - CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); - n = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth); - if (n > 0) { - *out = sk_CRYPTO_EX_DATA_FUNCS_dup(item->meth); - } - CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA); - - if (n > 0 && *out == NULL) { - OPENSSL_PUT_ERROR(CRYPTO, get_func_pointers, ERR_R_MALLOC_FAILURE); - return 0; - } - - return 1; -} - -static int new_ex_data(int class_value, void *obj, CRYPTO_EX_DATA *ad) { - STACK_OF(CRYPTO_EX_DATA_FUNCS) *func_pointers; - size_t i; - - ad->sk = NULL; - - if (!get_func_pointers(&func_pointers, class_value)) { - return 0; - } - - for (i = 0; i < sk_CRYPTO_EX_DATA_FUNCS_num(func_pointers); i++) { - CRYPTO_EX_DATA_FUNCS *func_pointer = - sk_CRYPTO_EX_DATA_FUNCS_value(func_pointers, i); - if (func_pointer->new_func) { - func_pointer->new_func(obj, NULL, ad, i, func_pointer->argl, - func_pointer->argp); - } - } - - sk_CRYPTO_EX_DATA_FUNCS_free(func_pointers); - - return 1; -} - -static int dup_ex_data(int class_value, CRYPTO_EX_DATA *to, - const CRYPTO_EX_DATA *from) { - STACK_OF(CRYPTO_EX_DATA_FUNCS) *func_pointers; - size_t i; - - if (!from->sk) { - /* In this case, |from| is blank, which is also the initial state of |to|, - * so there's nothing to do. */ - return 1; - } - - if (!get_func_pointers(&func_pointers, class_value)) { - return 0; - } - - for (i = 0; i < sk_CRYPTO_EX_DATA_FUNCS_num(func_pointers); i++) { - CRYPTO_EX_DATA_FUNCS *func_pointer = - sk_CRYPTO_EX_DATA_FUNCS_value(func_pointers, i); - void *ptr = CRYPTO_get_ex_data(from, i); - if (func_pointer->dup_func) { - func_pointer->dup_func(to, from, &ptr, i, func_pointer->argl, - func_pointer->argp); - } - CRYPTO_set_ex_data(to, i, ptr); - } - - sk_CRYPTO_EX_DATA_FUNCS_free(func_pointers); - - return 1; -} - -static void free_ex_data(int class_value, void *obj, CRYPTO_EX_DATA *ad) { - STACK_OF(CRYPTO_EX_DATA_FUNCS) *func_pointers; - size_t i; - - if (!get_func_pointers(&func_pointers, class_value)) { - return; - } - - for (i = 0; i < sk_CRYPTO_EX_DATA_FUNCS_num(func_pointers); i++) { - CRYPTO_EX_DATA_FUNCS *func_pointer = - sk_CRYPTO_EX_DATA_FUNCS_value(func_pointers, i); - if (func_pointer->free_func) { - void *ptr = CRYPTO_get_ex_data(ad, i); - func_pointer->free_func(obj, ptr, ad, i, func_pointer->argl, - func_pointer->argp); - } - } - - sk_CRYPTO_EX_DATA_FUNCS_free(func_pointers); - - if (ad->sk) { - sk_void_free(ad->sk); - ad->sk = NULL; - } -} - -const CRYPTO_EX_DATA_IMPL ex_data_default_impl = { - new_class, cleanup, get_new_index, new_ex_data, dup_ex_data, free_ex_data}; diff --git a/src/crypto/hkdf/CMakeLists.txt b/src/crypto/hkdf/CMakeLists.txt index 9666172..f8dd748 100644 --- a/src/crypto/hkdf/CMakeLists.txt +++ b/src/crypto/hkdf/CMakeLists.txt @@ -6,7 +6,6 @@ add_library( OBJECT hkdf.c - hkdf_error.c ) add_executable( diff --git a/src/crypto/hkdf/hkdf_error.c b/src/crypto/hkdf/hkdf_error.c deleted file mode 100644 index e1928d6..0000000 --- a/src/crypto/hkdf/hkdf_error.c +++ /dev/null @@ -1,23 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#include - -#include - -const ERR_STRING_DATA HKDF_error_string_data[] = { - {ERR_PACK(ERR_LIB_HKDF, HKDF_F_HKDF, 0), "HKDF"}, - {ERR_PACK(ERR_LIB_HKDF, 0, HKDF_R_OUTPUT_TOO_LARGE), "OUTPUT_TOO_LARGE"}, - {0, NULL}, -}; diff --git a/src/crypto/hkdf/hkdf_test.c b/src/crypto/hkdf/hkdf_test.c index 7467fe0..63070dc 100644 --- a/src/crypto/hkdf/hkdf_test.c +++ b/src/crypto/hkdf/hkdf_test.c @@ -15,7 +15,6 @@ #include #include -#include #include #include #include @@ -224,7 +223,7 @@ int main(void) { if (!HKDF(buf, test->out_len, test->md_func(), test->ikm, test->ikm_len, test->salt, test->salt_len, test->info, test->info_len)) { fprintf(stderr, "Call to HKDF failed\n"); - BIO_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); return 1; } if (memcmp(buf, test->out, test->out_len) != 0) { diff --git a/src/crypto/hmac/CMakeLists.txt b/src/crypto/hmac/CMakeLists.txt index e15c956..1a08c55 100644 --- a/src/crypto/hmac/CMakeLists.txt +++ b/src/crypto/hmac/CMakeLists.txt @@ -12,7 +12,8 @@ add_library( add_executable( hmac_test - hmac_test.c + hmac_test.cc + $ ) target_link_libraries(hmac_test crypto) diff --git a/src/crypto/hmac/hmac.c b/src/crypto/hmac/hmac.c index f179fed..b1b2623 100644 --- a/src/crypto/hmac/hmac.c +++ b/src/crypto/hmac/hmac.c @@ -76,7 +76,7 @@ uint8_t *HMAC(const EVP_MD *evp_md, const void *key, size_t key_len, } HMAC_CTX_init(&ctx); - if (!HMAC_Init(&ctx, key, key_len, evp_md) || + if (!HMAC_Init_ex(&ctx, key, key_len, evp_md, NULL) || !HMAC_Update(&ctx, data, data_len) || !HMAC_Final(&ctx, out, out_len)) { out = NULL; @@ -88,7 +88,6 @@ uint8_t *HMAC(const EVP_MD *evp_md, const void *key, size_t key_len, void HMAC_CTX_init(HMAC_CTX *ctx) { ctx->md = NULL; - ctx->key_length = 0; EVP_MD_CTX_init(&ctx->i_ctx); EVP_MD_CTX_init(&ctx->o_ctx); EVP_MD_CTX_init(&ctx->md_ctx); @@ -103,71 +102,66 @@ void HMAC_CTX_cleanup(HMAC_CTX *ctx) { int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, size_t key_len, const EVP_MD *md, ENGINE *impl) { - unsigned i, reset = 0; - uint8_t pad[HMAC_MAX_MD_CBLOCK]; - - if (md != NULL) { - if (ctx->md == NULL && key == NULL && ctx->key_length == 0) { - /* TODO(eroman): Change the API instead of this hack. - * If a key hasn't yet been assigned to the context, then default to using - * an all-zero key. This is to work around callers of - * HMAC_Init_ex(key=NULL, key_len=0) intending to set a zero-length key. - * Rather than resulting in uninitialized memory reads, it will - * predictably use a zero key. */ - memset(ctx->key, 0, sizeof(ctx->key)); - } - reset = 1; - ctx->md = md; - } else { + if (md == NULL) { md = ctx->md; } - if (key != NULL) { + /* If either |key| is non-NULL or |md| has changed, initialize with a new key + * rather than rewinding the previous one. + * + * TODO(davidben,eroman): Passing the previous |md| with a NULL |key| is + * ambiguous between using the empty key and reusing the previous key. There + * exist callers which intend the latter, but the former is an awkward edge + * case. Fix to API to avoid this. */ + if (md != ctx->md || key != NULL) { + size_t i; + uint8_t pad[HMAC_MAX_MD_CBLOCK]; + uint8_t key_block[HMAC_MAX_MD_CBLOCK]; + unsigned key_block_len; + size_t block_size = EVP_MD_block_size(md); - reset = 1; - assert(block_size <= sizeof(ctx->key)); + assert(block_size <= sizeof(key_block)); if (block_size < key_len) { + /* Long keys are hashed. */ if (!EVP_DigestInit_ex(&ctx->md_ctx, md, impl) || !EVP_DigestUpdate(&ctx->md_ctx, key, key_len) || - !EVP_DigestFinal_ex(&(ctx->md_ctx), ctx->key, &ctx->key_length)) { - goto err; + !EVP_DigestFinal_ex(&ctx->md_ctx, key_block, &key_block_len)) { + return 0; } } else { - assert(key_len >= 0 && key_len <= sizeof(ctx->key)); - memcpy(ctx->key, key, key_len); - ctx->key_length = key_len; + assert(key_len >= 0 && key_len <= sizeof(key_block)); + memcpy(key_block, key, key_len); + key_block_len = (unsigned)key_len; } - if (ctx->key_length != HMAC_MAX_MD_CBLOCK) { - memset(&ctx->key[ctx->key_length], 0, sizeof(ctx->key) - ctx->key_length); + /* Keys are then padded with zeros. */ + if (key_block_len != HMAC_MAX_MD_CBLOCK) { + memset(&key_block[key_block_len], 0, sizeof(key_block) - key_block_len); } - } - if (reset) { for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++) { - pad[i] = 0x36 ^ ctx->key[i]; + pad[i] = 0x36 ^ key_block[i]; } if (!EVP_DigestInit_ex(&ctx->i_ctx, md, impl) || !EVP_DigestUpdate(&ctx->i_ctx, pad, EVP_MD_block_size(md))) { - goto err; + return 0; } for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++) { - pad[i] = 0x5c ^ ctx->key[i]; + pad[i] = 0x5c ^ key_block[i]; } if (!EVP_DigestInit_ex(&ctx->o_ctx, md, impl) || !EVP_DigestUpdate(&ctx->o_ctx, pad, EVP_MD_block_size(md))) { - goto err; + return 0; } + + ctx->md = md; } if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->i_ctx)) { - goto err; + return 0; } return 1; - -err: - return 0; } int HMAC_Update(HMAC_CTX *ctx, const uint8_t *data, size_t data_len) { @@ -200,8 +194,6 @@ int HMAC_CTX_copy_ex(HMAC_CTX *dest, const HMAC_CTX *src) { return 0; } - memcpy(dest->key, src->key, HMAC_MAX_MD_CBLOCK); - dest->key_length = src->key_length; dest->md = src->md; return 1; } diff --git a/src/crypto/hmac/hmac_test.c b/src/crypto/hmac/hmac_test.c deleted file mode 100644 index ecc418a..0000000 --- a/src/crypto/hmac/hmac_test.c +++ /dev/null @@ -1,223 +0,0 @@ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] */ - -#include -#include -#include - -#include -#include -#include - - -struct test_st { - uint8_t key[16]; - size_t key_len; - uint8_t data[64]; - size_t data_len; - const char *hex_digest; -}; - -#define NUM_TESTS 4 - -static const struct test_st kTests[NUM_TESTS] = { - { - "", 0, "More text test vectors to stuff up EBCDIC machines :-)", 54, - "e9139d1e6ee064ef8cf514fc7dc83e86", - }, - { - { - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, - }, - 16, - "Hi There", - 8, - "9294727a3638bb1c13f48ef8158bfc9d", - }, - { - "Jefe", 4, "what do ya want for nothing?", 28, - "750c783e6ab0b503eaa86e310a5db738", - }, - { - { - 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, - 0xaa, 0xaa, 0xaa, 0xaa, - }, - 16, - { - 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, - 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, - 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, - 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, - 0xdd, 0xdd, - }, - 50, - "56be34521d144c88dbb8c733f0e8b3f6", - }, -}; - -static char *to_hex(const uint8_t *md, size_t md_len) { - size_t i; - static char buf[80]; - - for (i = 0; i < md_len; i++) { - sprintf(&(buf[i * 2]), "%02x", md[i]); - } - return buf; -} - -int main(int argc, char *argv[]) { - unsigned i; - char *p; - int err = 0; - uint8_t out[EVP_MAX_MD_SIZE]; - unsigned out_len; - - CRYPTO_library_init(); - - for (i = 0; i < NUM_TESTS; i++) { - const struct test_st *test = &kTests[i]; - - /* Test using the one-shot API. */ - if (NULL == HMAC(EVP_md5(), test->key, test->key_len, test->data, - test->data_len, out, &out_len)) { - fprintf(stderr, "%u: HMAC failed.\n", i); - err++; - continue; - } - p = to_hex(out, out_len); - if (strcmp(p, test->hex_digest) != 0) { - fprintf(stderr, "%u: got %s instead of %s\n", i, p, test->hex_digest); - err++; - } - - /* Test using HMAC_CTX. */ - HMAC_CTX ctx; - HMAC_CTX_init(&ctx); - if (!HMAC_Init_ex(&ctx, test->key, test->key_len, EVP_md5(), NULL) || - !HMAC_Update(&ctx, test->data, test->data_len) || - !HMAC_Final(&ctx, out, &out_len)) { - fprintf(stderr, "%u: HMAC failed.\n", i); - err++; - HMAC_CTX_cleanup(&ctx); - continue; - } - p = to_hex(out, out_len); - if (strcmp(p, test->hex_digest) != 0) { - fprintf(stderr, "%u: got %s instead of %s\n", i, p, test->hex_digest); - err++; - } - - /* Test that an HMAC_CTX may be reset with the same key. */ - if (!HMAC_Init_ex(&ctx, NULL, 0, EVP_md5(), NULL) || - !HMAC_Update(&ctx, test->data, test->data_len) || - !HMAC_Final(&ctx, out, &out_len)) { - fprintf(stderr, "%u: HMAC failed.\n", i); - err++; - HMAC_CTX_cleanup(&ctx); - continue; - } - p = to_hex(out, out_len); - if (strcmp(p, test->hex_digest) != 0) { - fprintf(stderr, "%u: got %s instead of %s\n", i, p, test->hex_digest); - err++; - } - - HMAC_CTX_cleanup(&ctx); - } - - /* Test that HMAC() uses the empty key when called with key = NULL. */ - const struct test_st *test = &kTests[0]; - assert(test->key_len == 0); - if (NULL == HMAC(EVP_md5(), NULL, 0, test->data, test->data_len, out, - &out_len)) { - fprintf(stderr, "HMAC failed.\n"); - err++; - } else { - p = to_hex(out, out_len); - if (strcmp(p, test->hex_digest) != 0) { - fprintf(stderr, "got %s instead of %s\n", p, test->hex_digest); - err++; - } - } - - /* Test that HMAC_Init, etc., uses the empty key when called initially with - * key = NULL. */ - assert(test->key_len == 0); - HMAC_CTX ctx; - HMAC_CTX_init(&ctx); - if (!HMAC_Init_ex(&ctx, NULL, 0, EVP_md5(), NULL) || - !HMAC_Update(&ctx, test->data, test->data_len) || - !HMAC_Final(&ctx, out, &out_len)) { - fprintf(stderr, "HMAC failed.\n"); - err++; - } else { - p = to_hex(out, out_len); - if (strcmp(p, test->hex_digest) != 0) { - fprintf(stderr, "got %s instead of %s\n", p, test->hex_digest); - err++; - } - } - HMAC_CTX_cleanup(&ctx); - - if (err) { - return 1; - } - - printf("PASS\n"); - return 0; -} diff --git a/src/crypto/hmac/hmac_test.cc b/src/crypto/hmac/hmac_test.cc new file mode 100644 index 0000000..d438b70 --- /dev/null +++ b/src/crypto/hmac/hmac_test.cc @@ -0,0 +1,171 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] */ + +#include +#include + +#include +#include + +#include +#include +#include + +#include "../test/file_test.h" +#include "../test/scoped_types.h" +#include "../test/stl_compat.h" + + +static const EVP_MD *GetDigest(const std::string &name) { + if (name == "MD5") { + return EVP_md5(); + } else if (name == "SHA1") { + return EVP_sha1(); + } else if (name == "SHA224") { + return EVP_sha224(); + } else if (name == "SHA256") { + return EVP_sha256(); + } else if (name == "SHA384") { + return EVP_sha384(); + } else if (name == "SHA512") { + return EVP_sha512(); + } + return nullptr; +} + +static bool TestHMAC(FileTest *t, void *arg) { + std::string digest_str; + if (!t->GetAttribute(&digest_str, "HMAC")) { + return false; + } + const EVP_MD *digest = GetDigest(digest_str); + if (digest == nullptr) { + t->PrintLine("Unknown digest '%s'", digest_str.c_str()); + return false; + } + + std::vector key, input, output; + if (!t->GetBytes(&key, "Key") || + !t->GetBytes(&input, "Input") || + !t->GetBytes(&output, "Output")) { + return false; + } + + // Test using the one-shot API. + uint8_t mac[EVP_MAX_MD_SIZE]; + unsigned mac_len; + if (nullptr == HMAC(digest, bssl::vector_data(&key), key.size(), + bssl::vector_data(&input), input.size(), mac, + &mac_len) || + !t->ExpectBytesEqual(bssl::vector_data(&output), output.size(), mac, + mac_len)) { + t->PrintLine("One-shot API failed."); + return false; + } + + // Test using HMAC_CTX. + ScopedHMAC_CTX ctx; + if (!HMAC_Init_ex(ctx.get(), bssl::vector_data(&key), key.size(), digest, + nullptr) || + !HMAC_Update(ctx.get(), bssl::vector_data(&input), input.size()) || + !HMAC_Final(ctx.get(), mac, &mac_len) || + !t->ExpectBytesEqual(bssl::vector_data(&output), output.size(), mac, + mac_len)) { + t->PrintLine("HMAC_CTX failed."); + return false; + } + + // Test that an HMAC_CTX may be reset with the same key. + if (!HMAC_Init_ex(ctx.get(), nullptr, 0, digest, nullptr) || + !HMAC_Update(ctx.get(), bssl::vector_data(&input), input.size()) || + !HMAC_Final(ctx.get(), mac, &mac_len) || + !t->ExpectBytesEqual(bssl::vector_data(&output), output.size(), mac, + mac_len)) { + t->PrintLine("HMAC_CTX with reset failed."); + return false; + } + + // Test feeding the input in byte by byte. + if (!HMAC_Init_ex(ctx.get(), nullptr, 0, nullptr, nullptr)) { + t->PrintLine("HMAC_CTX streaming failed."); + return false; + } + for (size_t i = 0; i < input.size(); i++) { + if (!HMAC_Update(ctx.get(), &input[i], 1)) { + t->PrintLine("HMAC_CTX streaming failed."); + return false; + } + } + if (!HMAC_Final(ctx.get(), mac, &mac_len) || + !t->ExpectBytesEqual(bssl::vector_data(&output), output.size(), mac, + mac_len)) { + t->PrintLine("HMAC_CTX streaming failed."); + return false; + } + + return true; +} + +int main(int argc, char *argv[]) { + CRYPTO_library_init(); + + if (argc != 2) { + fprintf(stderr, "%s \n", argv[0]); + return 1; + } + + return FileTestMain(TestHMAC, nullptr, argv[1]); +} diff --git a/src/crypto/hmac/hmac_tests.txt b/src/crypto/hmac/hmac_tests.txt new file mode 100644 index 0000000..9caa3c9 --- /dev/null +++ b/src/crypto/hmac/hmac_tests.txt @@ -0,0 +1,102 @@ +# This test file is shared between evp_test and hmac_test, to test the legacy +# EVP_PKEY_HMAC API. + +HMAC = MD5 +# Note: The empty key results in passing NULL to HMAC_Init_ex, so this tests +# that HMAC_CTX and HMAC treat NULL as the empty key initially. +Key = +Input = "More text test vectors to stuff up EBCDIC machines :-)" +Output = e9139d1e6ee064ef8cf514fc7dc83e86 + +# HMAC tests from RFC2104 +HMAC = MD5 +Key = 0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b +Input = "Hi There" +Output = 9294727a3638bb1c13f48ef8158bfc9d + +HMAC = MD5 +Key = "Jefe" +Input = "what do ya want for nothing?" +Output = 750c783e6ab0b503eaa86e310a5db738 + +HMAC = MD5 +Key = AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +Input = DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD +Output = 56be34521d144c88dbb8c733f0e8b3f6 + +# HMAC tests from NIST test data + +HMAC = SHA1 +Input = "Sample message for keylen=blocklen" +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F +Output = 5FD596EE78D5553C8FF4E72D266DFD192366DA29 + +HMAC = SHA1 +Input = "Sample message for keylen +#include + +#if defined(OPENSSL_NO_THREADS) +#elif defined(OPENSSL_WINDOWS) +#pragma warning(push, 3) +#include +#pragma warning(pop) +#else +#include +#endif #if defined(__cplusplus) extern "C" { #endif -/* st_CRYPTO_EX_DATA_IMPL contains an ex_data implementation. See the comments - * in ex_data.h for details of the behaviour of each of the functions. */ -struct st_CRYPTO_EX_DATA_IMPL { - int (*new_class)(void); - void (*cleanup)(void); +/* MSVC's C4701 warning about the use of *potentially*--as opposed to + * *definitely*--uninitialized values sometimes has false positives. Usually + * the false positives can and should be worked around by simplifying the + * control flow. When that is not practical, annotate the function containing + * the code that triggers the warning with + * OPENSSL_SUPPRESS_POTENTIALLY_UNINITIALIZED_WARNINGS after its parameters: + * + * void f() OPENSSL_SUPPRESS_POTENTIALLY_UNINITIALIZED_WARNINGS { + * ... + * } + * + * Note that MSVC's control flow analysis seems to operate on a whole-function + * basis, so the annotation must be placed on the entire function, not just a + * block within the function. */ +#if defined(_MSC_VER) +#define OPENSSL_SUPPRESS_POTENTIALLY_UNINITIALIZED_WARNINGS \ + __pragma(warning(suppress:4701)) +#else +#define OPENSSL_SUPPRESS_POTENTIALLY_UNINITIALIZED_WARNINGS +#endif - int (*get_new_index)(int class_value, long argl, void *argp, - CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); - int (*new_ex_data)(int class_value, void *obj, CRYPTO_EX_DATA *ad); - int (*dup_ex_data)(int class_value, CRYPTO_EX_DATA *to, - const CRYPTO_EX_DATA *from); - void (*free_ex_data)(int class_value, void *obj, CRYPTO_EX_DATA *ad); -}; +/* MSVC will sometimes correctly detect unreachable code and issue a warning, + * which breaks the build since we treat errors as warnings, in some rare cases + * where we want to allow the dead code to continue to exist. In these + * situations, annotate the function containing the unreachable code with + * OPENSSL_SUPPRESS_UNREACHABLE_CODE_WARNINGS after its parameters: + * + * void f() OPENSSL_SUPPRESS_UNREACHABLE_CODE_WARNINGS { + * ... + * } + * + * Note that MSVC's reachability analysis seems to operate on a whole-function + * basis, so the annotation must be placed on the entire function, not just a + * block within the function. */ +#if defined(_MSC_VER) +#define OPENSSL_SUPPRESS_UNREACHABLE_CODE_WARNINGS \ + __pragma(warning(suppress:4702)) +#else +#define OPENSSL_SUPPRESS_UNREACHABLE_CODE_WARNINGS +#endif #if defined(_MSC_VER) @@ -295,6 +331,185 @@ static inline int constant_time_select_int(unsigned int mask, int a, int b) { } +/* Thread-safe initialisation. */ + +#if defined(OPENSSL_NO_THREADS) +typedef uint32_t CRYPTO_once_t; +#define CRYPTO_ONCE_INIT 0 +#elif defined(OPENSSL_WINDOWS) +typedef LONG CRYPTO_once_t; +#define CRYPTO_ONCE_INIT 0 +#else +typedef pthread_once_t CRYPTO_once_t; +#define CRYPTO_ONCE_INIT PTHREAD_ONCE_INIT +#endif + +/* CRYPTO_once calls |init| exactly once per process. This is thread-safe: if + * concurrent threads call |CRYPTO_once| with the same |CRYPTO_once_t| argument + * then they will block until |init| completes, but |init| will have only been + * called once. + * + * The |once| argument must be a |CRYPTO_once_t| that has been initialised with + * the value |CRYPTO_ONCE_INIT|. */ +OPENSSL_EXPORT void CRYPTO_once(CRYPTO_once_t *once, void (*init)(void)); + + +/* Locks. + * + * Two types of locks are defined: |CRYPTO_MUTEX|, which can be used in + * structures as normal, and |struct CRYPTO_STATIC_MUTEX|, which can be used as + * a global lock. A global lock must be initialised to the value + * |CRYPTO_STATIC_MUTEX_INIT|. + * + * |CRYPTO_MUTEX| can appear in public structures and so is defined in + * thread.h. + * + * The global lock is a different type because there's no static initialiser + * value on Windows for locks, so global locks have to be coupled with a + * |CRYPTO_once_t| to ensure that the lock is setup before use. This is done + * automatically by |CRYPTO_STATIC_MUTEX_lock_*|. */ + +#if defined(OPENSSL_NO_THREADS) +struct CRYPTO_STATIC_MUTEX {}; +#define CRYPTO_STATIC_MUTEX_INIT {} +#elif defined(OPENSSL_WINDOWS) +struct CRYPTO_STATIC_MUTEX { + CRYPTO_once_t once; + CRITICAL_SECTION lock; +}; +#define CRYPTO_STATIC_MUTEX_INIT { CRYPTO_ONCE_INIT, { 0 } } +#else +struct CRYPTO_STATIC_MUTEX { + pthread_rwlock_t lock; +}; +#define CRYPTO_STATIC_MUTEX_INIT { PTHREAD_RWLOCK_INITIALIZER } +#endif + +/* CRYPTO_MUTEX_init initialises |lock|. If |lock| is a static variable, use a + * |CRYPTO_STATIC_MUTEX|. */ +void CRYPTO_MUTEX_init(CRYPTO_MUTEX *lock); + +/* CRYPTO_MUTEX_lock_read locks |lock| such that other threads may also have a + * read lock, but none may have a write lock. (On Windows, read locks are + * actually fully exclusive.) */ +void CRYPTO_MUTEX_lock_read(CRYPTO_MUTEX *lock); + +/* CRYPTO_MUTEX_lock_write locks |lock| such that no other thread has any type + * of lock on it. */ +void CRYPTO_MUTEX_lock_write(CRYPTO_MUTEX *lock); + +/* CRYPTO_MUTEX_unlock unlocks |lock|. */ +void CRYPTO_MUTEX_unlock(CRYPTO_MUTEX *lock); + +/* CRYPTO_MUTEX_cleanup releases all resources held by |lock|. */ +void CRYPTO_MUTEX_cleanup(CRYPTO_MUTEX *lock); + +/* CRYPTO_STATIC_MUTEX_lock_read locks |lock| such that other threads may also + * have a read lock, but none may have a write lock. The |lock| variable does + * not need to be initialised by any function, but must have been statically + * initialised with |CRYPTO_STATIC_MUTEX_INIT|. */ +void CRYPTO_STATIC_MUTEX_lock_read(struct CRYPTO_STATIC_MUTEX *lock); + +/* CRYPTO_STATIC_MUTEX_lock_write locks |lock| such that no other thread has + * any type of lock on it. The |lock| variable does not need to be initialised + * by any function, but must have been statically initialised with + * |CRYPTO_STATIC_MUTEX_INIT|. */ +void CRYPTO_STATIC_MUTEX_lock_write(struct CRYPTO_STATIC_MUTEX *lock); + +/* CRYPTO_STATIC_MUTEX_unlock unlocks |lock|. */ +void CRYPTO_STATIC_MUTEX_unlock(struct CRYPTO_STATIC_MUTEX *lock); + + +/* Thread local storage. */ + +/* thread_local_data_t enumerates the types of thread-local data that can be + * stored. */ +typedef enum { + OPENSSL_THREAD_LOCAL_ERR = 0, + OPENSSL_THREAD_LOCAL_RAND, + OPENSSL_THREAD_LOCAL_TEST, + NUM_OPENSSL_THREAD_LOCALS, +} thread_local_data_t; + +/* thread_local_destructor_t is the type of a destructor function that will be + * called when a thread exits and its thread-local storage needs to be freed. */ +typedef void (*thread_local_destructor_t)(void *); + +/* CRYPTO_get_thread_local gets the pointer value that is stored for the + * current thread for the given index, or NULL if none has been set. */ +OPENSSL_EXPORT void *CRYPTO_get_thread_local(thread_local_data_t value); + +/* CRYPTO_set_thread_local sets a pointer value for the current thread at the + * given index. This function should only be called once per thread for a given + * |index|: rather than update the pointer value itself, update the data that + * is pointed to. + * + * The destructor function will be called when a thread exits to free this + * thread-local data. All calls to |CRYPTO_set_thread_local| with the same + * |index| should have the same |destructor| argument. The destructor may be + * called with a NULL argument if a thread that never set a thread-local + * pointer for |index|, exits. The destructor may be called concurrently with + * different arguments. + * + * This function returns one on success or zero on error. If it returns zero + * then |destructor| has been called with |value| already. */ +OPENSSL_EXPORT int CRYPTO_set_thread_local( + thread_local_data_t index, void *value, + thread_local_destructor_t destructor); + + +/* ex_data */ + +typedef struct crypto_ex_data_func_st CRYPTO_EX_DATA_FUNCS; + +/* CRYPTO_EX_DATA_CLASS tracks the ex_indices registered for a type which + * supports ex_data. It should defined as a static global within the module + * which defines that type. */ +typedef struct { + struct CRYPTO_STATIC_MUTEX lock; + STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth; +} CRYPTO_EX_DATA_CLASS; + +#define CRYPTO_EX_DATA_CLASS_INIT {CRYPTO_STATIC_MUTEX_INIT, NULL} + +/* CRYPTO_get_ex_new_index allocates a new index for |ex_data_class| and writes + * it to |*out_index|. Each class of object should provide a wrapper function + * that uses the correct |CRYPTO_EX_DATA_CLASS|. It returns one on success and + * zero otherwise. */ +OPENSSL_EXPORT int CRYPTO_get_ex_new_index(CRYPTO_EX_DATA_CLASS *ex_data_class, + int *out_index, long argl, + void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); + +/* CRYPTO_set_ex_data sets an extra data pointer on a given object. Each class + * of object should provide a wrapper function. */ +OPENSSL_EXPORT int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int index, void *val); + +/* CRYPTO_get_ex_data returns an extra data pointer for a given object, or NULL + * if no such index exists. Each class of object should provide a wrapper + * function. */ +OPENSSL_EXPORT void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int index); + +/* CRYPTO_new_ex_data initialises a newly allocated |CRYPTO_EX_DATA| which is + * embedded inside of |obj| which is of class |ex_data_class|. Returns one on + * success and zero otherwise. */ +OPENSSL_EXPORT int CRYPTO_new_ex_data(CRYPTO_EX_DATA_CLASS *ex_data_class, + void *obj, CRYPTO_EX_DATA *ad); + +/* CRYPTO_dup_ex_data duplicates |from| into a freshly allocated + * |CRYPTO_EX_DATA|, |to|. Both of which are inside objects of the given + * class. It returns one on success and zero otherwise. */ +OPENSSL_EXPORT int CRYPTO_dup_ex_data(CRYPTO_EX_DATA_CLASS *ex_data_class, + CRYPTO_EX_DATA *to, + const CRYPTO_EX_DATA *from); + +/* CRYPTO_free_ex_data frees |ad|, which is embedded inside |obj|, which is an + * object of the given class. */ +OPENSSL_EXPORT void CRYPTO_free_ex_data(CRYPTO_EX_DATA_CLASS *ex_data_class, + void *obj, CRYPTO_EX_DATA *ad); + + #if defined(__cplusplus) } /* extern C */ #endif diff --git a/src/crypto/lhash/make_macros.sh b/src/crypto/lhash/make_macros.sh index 79d1e57..8a876af 100644 --- a/src/crypto/lhash/make_macros.sh +++ b/src/crypto/lhash/make_macros.sh @@ -1,6 +1,9 @@ #!/bin/sh -cat > lhash_macros.h << EOF +include_dir=../../include/openssl +out=${include_dir}/lhash_macros.h + +cat > $out << EOF /* Copyright (c) 2014, Google Inc. * * Permission to use, copy, modify, and/or distribute this software for any @@ -24,7 +27,7 @@ EOF output_lhash () { type=$1 - cat >> lhash_macros.h << EOF + cat >> $out << EOF /* ${type} */ #define lh_${type}_new(hash, comp)\\ ((LHASH_OF(${type})*) lh_new(CHECKED_CAST(lhash_hash_func, uint32_t (*) (const ${type} *), hash), CHECKED_CAST(lhash_cmp_func, int (*) (const ${type} *a, const ${type} *b), comp))) @@ -54,11 +57,11 @@ output_lhash () { EOF } -lhash_types=$(cat lhash.h | grep '^ \* LHASH_OF:' | sed -e 's/.*LHASH_OF://' -e 's/ .*//') +lhash_types=$(cat ${include_dir}/lhash.h | grep '^ \* LHASH_OF:' | sed -e 's/.*LHASH_OF://' -e 's/ .*//') for type in $lhash_types; do echo Hash of ${type} output_lhash "${type}" done -clang-format -i lhash_macros.h +clang-format -i $out diff --git a/src/crypto/md4/md4.c b/src/crypto/md4/md4.c index 8fb357b..6150b96 100644 --- a/src/crypto/md4/md4.c +++ b/src/crypto/md4/md4.c @@ -56,6 +56,7 @@ #include +#include #include diff --git a/src/crypto/modes/asm/ghash-armv4.pl b/src/crypto/modes/asm/ghash-armv4.pl index b324641..25a4e27 100644 --- a/src/crypto/modes/asm/ghash-armv4.pl +++ b/src/crypto/modes/asm/ghash-armv4.pl @@ -42,8 +42,8 @@ # below and combine it with reduction algorithm from x86 module. # Performance improvement over previous version varies from 65% on # Snapdragon S4 to 110% on Cortex A9. In absolute terms Cortex A8 -# processes one byte in 8.45 cycles, A9 - in 10.2, Snapdragon S4 - -# in 9.33. +# processes one byte in 8.45 cycles, A9 - in 10.2, A15 - in 7.63, +# Snapdragon S4 - in 9.33. # # Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software # Polynomial Multiplication on ARM Processors using the NEON Engine. @@ -71,8 +71,20 @@ # *native* byte order on current platform. See gcm128.c for working # example... -while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} -open STDOUT,">$output"; +$flavour = shift; +if ($flavour=~/^\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; } +else { while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} } + +if ($flavour && $flavour ne "void") { + $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; + ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or + ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or + die "can't locate arm-xlate.pl"; + + open STDOUT,"| \"$^X\" $xlate $flavour $output"; +} else { + open STDOUT,">$output"; +} $Xi="r0"; # argument block $Htbl="r1"; @@ -129,6 +141,11 @@ $code=<<___; .text .code 32 +#ifdef __APPLE__ +#define ldrplb ldrbpl +#define ldrneb ldrbne +#endif + .type rem_4bit,%object .align 5 rem_4bit: @@ -370,7 +387,8 @@ ___ } $code.=<<___; -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 +.arch armv7-a .fpu neon .global gcm_init_neon @@ -378,9 +396,9 @@ $code.=<<___; .type gcm_init_neon,%function .align 4 gcm_init_neon: - vld1.64 $IN#hi,[r1,:64]! @ load H + vld1.64 $IN#hi,[r1]! @ load H vmov.i8 $t0,#0xe1 - vld1.64 $IN#lo,[r1,:64] + vld1.64 $IN#lo,[r1] vshl.i64 $t0#hi,#57 vshr.u64 $t0#lo,#63 @ t0=0xc2....01 vdup.8 $t1,$IN#hi[7] @@ -392,7 +410,7 @@ gcm_init_neon: veor $IN,$IN,$t0 @ twisted H vstmia r0,{$IN} - bx lr + ret @ bx lr .size gcm_init_neon,.-gcm_init_neon .global gcm_gmult_neon @@ -400,8 +418,8 @@ gcm_init_neon: .type gcm_gmult_neon,%function .align 4 gcm_gmult_neon: - vld1.64 $IN#hi,[$Xi,:64]! @ load Xi - vld1.64 $IN#lo,[$Xi,:64]! + vld1.64 $IN#hi,[$Xi]! @ load Xi + vld1.64 $IN#lo,[$Xi]! vmov.i64 $k48,#0x0000ffffffffffff vldmia $Htbl,{$Hlo-$Hhi} @ load twisted H vmov.i64 $k32,#0x00000000ffffffff @@ -419,8 +437,8 @@ gcm_gmult_neon: .type gcm_ghash_neon,%function .align 4 gcm_ghash_neon: - vld1.64 $Xl#hi,[$Xi,:64]! @ load Xi - vld1.64 $Xl#lo,[$Xi,:64]! + vld1.64 $Xl#hi,[$Xi]! @ load Xi + vld1.64 $Xl#lo,[$Xi]! vmov.i64 $k48,#0x0000ffffffffffff vldmia $Htbl,{$Hlo-$Hhi} @ load twisted H vmov.i64 $k32,#0x00000000ffffffff @@ -475,10 +493,10 @@ $code.=<<___; vrev64.8 $Xl,$Xl #endif sub $Xi,#16 - vst1.64 $Xl#hi,[$Xi,:64]! @ write out Xi - vst1.64 $Xl#lo,[$Xi,:64] + vst1.64 $Xl#hi,[$Xi]! @ write out Xi + vst1.64 $Xl#lo,[$Xi] - bx lr + ret @ bx lr .size gcm_ghash_neon,.-gcm_ghash_neon #endif ___ @@ -494,6 +512,7 @@ foreach (split("\n",$code)) { s/\`([^\`]*)\`/eval $1/geo; s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo or + s/\bret\b/bx lr/go or s/\bbx\s+lr\b/.word\t0xe12fff1e/go; # make it possible to compile with -march=armv4 print $_,"\n"; diff --git a/src/crypto/modes/asm/ghash-x86.pl b/src/crypto/modes/asm/ghash-x86.pl index eb6d55e..23a5527 100644 --- a/src/crypto/modes/asm/ghash-x86.pl +++ b/src/crypto/modes/asm/ghash-x86.pl @@ -131,8 +131,8 @@ require "x86asm.pl"; &asm_init($ARGV[0],"ghash-x86.pl",$x86only = $ARGV[$#ARGV] eq "386"); -$sse2=1; -#for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } +$sse2=0; +for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } ($Zhh,$Zhl,$Zlh,$Zll) = ("ebp","edx","ecx","ebx"); $inp = "edi"; diff --git a/src/crypto/modes/asm/ghashv8-armx.pl b/src/crypto/modes/asm/ghashv8-armx.pl index 08c8775..686951f 100644 --- a/src/crypto/modes/asm/ghashv8-armx.pl +++ b/src/crypto/modes/asm/ghashv8-armx.pl @@ -16,17 +16,31 @@ # other assembly modules. Just like aesv8-armx.pl this module # supports both AArch32 and AArch64 execution modes. # +# July 2014 +# +# Implement 2x aggregated reduction [see ghash-x86.pl for background +# information]. +# # Current performance in cycles per processed byte: # # PMULL[2] 32-bit NEON(*) -# Apple A7 1.76 5.62 -# Cortex-A53 1.45 8.39 -# Cortex-A57 2.22 7.61 +# Apple A7 0.92 5.62 +# Cortex-A53 1.01 8.39 +# Cortex-A57 1.17 7.61 +# Denver 0.71 6.02 # # (*) presented for reference/comparison purposes; $flavour = shift; -open STDOUT,">".shift; +$output = shift; + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or +die "can't locate arm-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; $Xi="x0"; # argument block $Htbl="x1"; @@ -37,128 +51,291 @@ $inc="x12"; { my ($Xl,$Xm,$Xh,$IN)=map("q$_",(0..3)); -my ($t0,$t1,$t2,$t3,$H,$Hhl)=map("q$_",(8..14)); +my ($t0,$t1,$t2,$xC2,$H,$Hhl,$H2)=map("q$_",(8..14)); $code=<<___; #include "arm_arch.h" .text ___ -$code.=<<___ if ($flavour =~ /64/); +$code.=<<___ if ($flavour =~ /64/); #if !defined(__clang__) -.arch armv8-a+crypto +.arch armv8-a+crypto #endif ___ $code.=".fpu neon\n.code 32\n" if ($flavour !~ /64/); +################################################################################ +# void gcm_init_v8(u128 Htable[16],const u64 H[2]); +# +# input: 128-bit H - secret parameter E(K,0^128) +# output: precomputed table filled with degrees of twisted H; +# H is twisted to handle reverse bitness of GHASH; +# only few of 16 slots of Htable[16] are used; +# data is opaque to outside world (which allows to +# optimize the code independently); +# $code.=<<___; .global gcm_init_v8 .type gcm_init_v8,%function .align 4 gcm_init_v8: - vld1.64 {$t1},[x1] @ load H - vmov.i8 $t0,#0xe1 + vld1.64 {$t1},[x1] @ load input H + vmov.i8 $xC2,#0xe1 + vshl.i64 $xC2,$xC2,#57 @ 0xc2.0 vext.8 $IN,$t1,$t1,#8 - vshl.i64 $t0,$t0,#57 - vshr.u64 $t2,$t0,#63 - vext.8 $t0,$t2,$t0,#8 @ t0=0xc2....01 + vshr.u64 $t2,$xC2,#63 vdup.32 $t1,${t1}[1] - vshr.u64 $t3,$IN,#63 + vext.8 $t0,$t2,$xC2,#8 @ t0=0xc2....01 + vshr.u64 $t2,$IN,#63 vshr.s32 $t1,$t1,#31 @ broadcast carry bit - vand $t3,$t3,$t0 + vand $t2,$t2,$t0 vshl.i64 $IN,$IN,#1 - vext.8 $t3,$t3,$t3,#8 + vext.8 $t2,$t2,$t2,#8 vand $t0,$t0,$t1 - vorr $IN,$IN,$t3 @ H<<<=1 - veor $IN,$IN,$t0 @ twisted H - vst1.64 {$IN},[x0] + vorr $IN,$IN,$t2 @ H<<<=1 + veor $H,$IN,$t0 @ twisted H + vst1.64 {$H},[x0],#16 @ store Htable[0] + + @ calculate H^2 + vext.8 $t0,$H,$H,#8 @ Karatsuba pre-processing + vpmull.p64 $Xl,$H,$H + veor $t0,$t0,$H + vpmull2.p64 $Xh,$H,$H + vpmull.p64 $Xm,$t0,$t0 + + vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing + veor $t2,$Xl,$Xh + veor $Xm,$Xm,$t1 + veor $Xm,$Xm,$t2 + vpmull.p64 $t2,$Xl,$xC2 @ 1st phase + + vmov $Xh#lo,$Xm#hi @ Xh|Xm - 256-bit result + vmov $Xm#hi,$Xl#lo @ Xm is rotated Xl + veor $Xl,$Xm,$t2 + + vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase + vpmull.p64 $Xl,$Xl,$xC2 + veor $t2,$t2,$Xh + veor $H2,$Xl,$t2 + + vext.8 $t1,$H2,$H2,#8 @ Karatsuba pre-processing + veor $t1,$t1,$H2 + vext.8 $Hhl,$t0,$t1,#8 @ pack Karatsuba pre-processed + vst1.64 {$Hhl-$H2},[x0] @ store Htable[1..2] ret .size gcm_init_v8,.-gcm_init_v8 - +___ +################################################################################ +# void gcm_gmult_v8(u64 Xi[2],const u128 Htable[16]); +# +# input: Xi - current hash value; +# Htable - table precomputed in gcm_init_v8; +# output: Xi - next hash value Xi; +# +$code.=<<___; .global gcm_gmult_v8 .type gcm_gmult_v8,%function .align 4 gcm_gmult_v8: vld1.64 {$t1},[$Xi] @ load Xi - vmov.i8 $t3,#0xe1 - vld1.64 {$H},[$Htbl] @ load twisted H - vshl.u64 $t3,$t3,#57 + vmov.i8 $xC2,#0xe1 + vld1.64 {$H-$Hhl},[$Htbl] @ load twisted H, ... + vshl.u64 $xC2,$xC2,#57 #ifndef __ARMEB__ vrev64.8 $t1,$t1 #endif - vext.8 $Hhl,$H,$H,#8 - mov $len,#0 vext.8 $IN,$t1,$t1,#8 - mov $inc,#0 - veor $Hhl,$Hhl,$H @ Karatsuba pre-processing - mov $inp,$Xi - b .Lgmult_v8 -.size gcm_gmult_v8,.-gcm_gmult_v8 + vpmull.p64 $Xl,$H,$IN @ H.lo·Xi.lo + veor $t1,$t1,$IN @ Karatsuba pre-processing + vpmull2.p64 $Xh,$H,$IN @ H.hi·Xi.hi + vpmull.p64 $Xm,$Hhl,$t1 @ (H.lo+H.hi)·(Xi.lo+Xi.hi) + + vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing + veor $t2,$Xl,$Xh + veor $Xm,$Xm,$t1 + veor $Xm,$Xm,$t2 + vpmull.p64 $t2,$Xl,$xC2 @ 1st phase of reduction + + vmov $Xh#lo,$Xm#hi @ Xh|Xm - 256-bit result + vmov $Xm#hi,$Xl#lo @ Xm is rotated Xl + veor $Xl,$Xm,$t2 + + vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase of reduction + vpmull.p64 $Xl,$Xl,$xC2 + veor $t2,$t2,$Xh + veor $Xl,$Xl,$t2 + +#ifndef __ARMEB__ + vrev64.8 $Xl,$Xl +#endif + vext.8 $Xl,$Xl,$Xl,#8 + vst1.64 {$Xl},[$Xi] @ write out Xi + + ret +.size gcm_gmult_v8,.-gcm_gmult_v8 +___ +################################################################################ +# void gcm_ghash_v8(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len); +# +# input: table precomputed in gcm_init_v8; +# current hash value Xi; +# pointer to input data; +# length of input data in bytes, but divisible by block size; +# output: next hash value Xi; +# +$code.=<<___; .global gcm_ghash_v8 .type gcm_ghash_v8,%function .align 4 gcm_ghash_v8: +___ +$code.=<<___ if ($flavour !~ /64/); + vstmdb sp!,{d8-d15} @ 32-bit ABI says so +___ +$code.=<<___; vld1.64 {$Xl},[$Xi] @ load [rotated] Xi - subs $len,$len,#16 - vmov.i8 $t3,#0xe1 - mov $inc,#16 - vld1.64 {$H},[$Htbl] @ load twisted H - cclr $inc,eq - vext.8 $Xl,$Xl,$Xl,#8 - vshl.u64 $t3,$t3,#57 - vld1.64 {$t1},[$inp],$inc @ load [rotated] inp - vext.8 $Hhl,$H,$H,#8 + @ "[rotated]" means that + @ loaded value would have + @ to be rotated in order to + @ make it appear as in + @ alorithm specification + subs $len,$len,#32 @ see if $len is 32 or larger + mov $inc,#16 @ $inc is used as post- + @ increment for input pointer; + @ as loop is modulo-scheduled + @ $inc is zeroed just in time + @ to preclude oversteping + @ inp[len], which means that + @ last block[s] are actually + @ loaded twice, but last + @ copy is not processed + vld1.64 {$H-$Hhl},[$Htbl],#32 @ load twisted H, ..., H^2 + vmov.i8 $xC2,#0xe1 + vld1.64 {$H2},[$Htbl] + cclr $inc,eq @ is it time to zero $inc? + vext.8 $Xl,$Xl,$Xl,#8 @ rotate Xi + vld1.64 {$t0},[$inp],#16 @ load [rotated] I[0] + vshl.u64 $xC2,$xC2,#57 @ compose 0xc2.0 constant #ifndef __ARMEB__ + vrev64.8 $t0,$t0 vrev64.8 $Xl,$Xl +#endif + vext.8 $IN,$t0,$t0,#8 @ rotate I[0] + b.lo .Lodd_tail_v8 @ $len was less than 32 +___ +{ my ($Xln,$Xmn,$Xhn,$In) = map("q$_",(4..7)); + ####### + # Xi+2 =[H*(Ii+1 + Xi+1)] mod P = + # [(H*Ii+1) + (H*Xi+1)] mod P = + # [(H*Ii+1) + H^2*(Ii+Xi)] mod P + # +$code.=<<___; + vld1.64 {$t1},[$inp],$inc @ load [rotated] I[1] +#ifndef __ARMEB__ vrev64.8 $t1,$t1 #endif - veor $Hhl,$Hhl,$H @ Karatsuba pre-processing - vext.8 $IN,$t1,$t1,#8 - b .Loop_v8 + vext.8 $In,$t1,$t1,#8 + veor $IN,$IN,$Xl @ I[i]^=Xi + vpmull.p64 $Xln,$H,$In @ H·Ii+1 + veor $t1,$t1,$In @ Karatsuba pre-processing + vpmull2.p64 $Xhn,$H,$In + b .Loop_mod2x_v8 .align 4 -.Loop_v8: +.Loop_mod2x_v8: + vext.8 $t2,$IN,$IN,#8 + subs $len,$len,#32 @ is there more data? + vpmull.p64 $Xl,$H2,$IN @ H^2.lo·Xi.lo + cclr $inc,lo @ is it time to zero $inc? + + vpmull.p64 $Xmn,$Hhl,$t1 + veor $t2,$t2,$IN @ Karatsuba pre-processing + vpmull2.p64 $Xh,$H2,$IN @ H^2.hi·Xi.hi + veor $Xl,$Xl,$Xln @ accumulate + vpmull2.p64 $Xm,$Hhl,$t2 @ (H^2.lo+H^2.hi)·(Xi.lo+Xi.hi) + vld1.64 {$t0},[$inp],$inc @ load [rotated] I[i+2] + + veor $Xh,$Xh,$Xhn + cclr $inc,eq @ is it time to zero $inc? + veor $Xm,$Xm,$Xmn + + vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing + veor $t2,$Xl,$Xh + veor $Xm,$Xm,$t1 + vld1.64 {$t1},[$inp],$inc @ load [rotated] I[i+3] +#ifndef __ARMEB__ + vrev64.8 $t0,$t0 +#endif + veor $Xm,$Xm,$t2 + vpmull.p64 $t2,$Xl,$xC2 @ 1st phase of reduction + +#ifndef __ARMEB__ + vrev64.8 $t1,$t1 +#endif + vmov $Xh#lo,$Xm#hi @ Xh|Xm - 256-bit result + vmov $Xm#hi,$Xl#lo @ Xm is rotated Xl + vext.8 $In,$t1,$t1,#8 + vext.8 $IN,$t0,$t0,#8 + veor $Xl,$Xm,$t2 + vpmull.p64 $Xln,$H,$In @ H·Ii+1 + veor $IN,$IN,$Xh @ accumulate $IN early + + vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase of reduction + vpmull.p64 $Xl,$Xl,$xC2 + veor $IN,$IN,$t2 + veor $t1,$t1,$In @ Karatsuba pre-processing + veor $IN,$IN,$Xl + vpmull2.p64 $Xhn,$H,$In + b.hs .Loop_mod2x_v8 @ there was at least 32 more bytes + + veor $Xh,$Xh,$t2 + vext.8 $IN,$t0,$t0,#8 @ re-construct $IN + adds $len,$len,#32 @ re-construct $len + veor $Xl,$Xl,$Xh @ re-construct $Xl + b.eq .Ldone_v8 @ is $len zero? +___ +} +$code.=<<___; +.Lodd_tail_v8: vext.8 $t2,$Xl,$Xl,#8 veor $IN,$IN,$Xl @ inp^=Xi - veor $t1,$t1,$t2 @ $t1 is rotated inp^Xi + veor $t1,$t0,$t2 @ $t1 is rotated inp^Xi -.Lgmult_v8: vpmull.p64 $Xl,$H,$IN @ H.lo·Xi.lo veor $t1,$t1,$IN @ Karatsuba pre-processing vpmull2.p64 $Xh,$H,$IN @ H.hi·Xi.hi - subs $len,$len,#16 vpmull.p64 $Xm,$Hhl,$t1 @ (H.lo+H.hi)·(Xi.lo+Xi.hi) - cclr $inc,eq vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing veor $t2,$Xl,$Xh veor $Xm,$Xm,$t1 - vld1.64 {$t1},[$inp],$inc @ load [rotated] inp veor $Xm,$Xm,$t2 - vpmull.p64 $t2,$Xl,$t3 @ 1st phase + vpmull.p64 $t2,$Xl,$xC2 @ 1st phase of reduction vmov $Xh#lo,$Xm#hi @ Xh|Xm - 256-bit result vmov $Xm#hi,$Xl#lo @ Xm is rotated Xl -#ifndef __ARMEB__ - vrev64.8 $t1,$t1 -#endif veor $Xl,$Xm,$t2 - vext.8 $IN,$t1,$t1,#8 - vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase - vpmull.p64 $Xl,$Xl,$t3 + vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase of reduction + vpmull.p64 $Xl,$Xl,$xC2 veor $t2,$t2,$Xh veor $Xl,$Xl,$t2 - b.hs .Loop_v8 +.Ldone_v8: #ifndef __ARMEB__ vrev64.8 $Xl,$Xl #endif vext.8 $Xl,$Xl,$Xl,#8 vst1.64 {$Xl},[$Xi] @ write out Xi +___ +$code.=<<___ if ($flavour !~ /64/); + vldmia sp!,{d8-d15} @ 32-bit ABI says so +___ +$code.=<<___; ret .size gcm_ghash_v8,.-gcm_ghash_v8 ___ @@ -226,7 +403,7 @@ if ($flavour =~ /64/) { ######## 64-bit code foreach(split("\n",$code)) { s/\b[wx]([0-9]+)\b/r$1/go; # new->old registers s/\bv([0-9])\.[12468]+[bsd]\b/q$1/go; # new->old registers - s/\/\/\s?/@ /o; # new->old style commentary + s/\/\/\s?/@ /o; # new->old style commentary # fix up remainig new-style suffixes s/\],#[0-9]+/]!/o; @@ -238,7 +415,7 @@ if ($flavour =~ /64/) { ######## 64-bit code s/^(\s+)b\./$1b/o or s/^(\s+)ret/$1bx\tlr/o; - print $_,"\n"; + print $_,"\n"; } } diff --git a/src/crypto/modes/cbc.c b/src/crypto/modes/cbc.c index a2ad26c..ba4805b 100644 --- a/src/crypto/modes/cbc.c +++ b/src/crypto/modes/cbc.c @@ -128,8 +128,9 @@ void CRYPTO_cbc128_decrypt(const uint8_t *in, uint8_t *out, size_t len, ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) { while (len >= 16) { (*block)(in, out, key); - for (n = 0; n < 16; ++n) + for (n = 0; n < 16; ++n) { out[n] ^= iv[n]; + } iv = in; len -= 16; in += 16; @@ -140,8 +141,9 @@ void CRYPTO_cbc128_decrypt(const uint8_t *in, uint8_t *out, size_t len, size_t *out_t = (size_t *)out, *iv_t = (size_t *)iv; (*block)(in, out, key); - for (n = 0; n < 16 / sizeof(size_t); n++) + for (n = 0; n < 16 / sizeof(size_t); n++) { out_t[n] ^= iv_t[n]; + } iv = in; len -= 16; in += 16; diff --git a/src/crypto/modes/ctr.c b/src/crypto/modes/ctr.c index 61832ba..306b6f7 100644 --- a/src/crypto/modes/ctr.c +++ b/src/crypto/modes/ctr.c @@ -121,8 +121,9 @@ void CRYPTO_ctr128_encrypt(const uint8_t *in, uint8_t *out, size_t len, while (len >= 16) { (*block)(ivec, ecount_buf, key); ctr128_inc(ivec); - for (; n < 16; n += sizeof(size_t)) + for (; n < 16; n += sizeof(size_t)) { *(size_t *)(out + n) = *(size_t *)(in + n) ^ *(size_t *)(ecount_buf + n); + } len -= 16; out += 16; in += 16; @@ -162,7 +163,8 @@ void CRYPTO_ctr128_encrypt_ctr32(const uint8_t *in, uint8_t *out, unsigned int *num, ctr128_f func) { unsigned int n, ctr32; - assert(in && out && key && ecount_buf && num); + assert(key && ecount_buf && num); + assert(len == 0 || (in && out)); assert(*num < 16); n = *num; @@ -179,8 +181,9 @@ void CRYPTO_ctr128_encrypt_ctr32(const uint8_t *in, uint8_t *out, /* 1<<28 is just a not-so-small yet not-so-large number... * Below condition is practically never met, but it has to * be checked for code correctness. */ - if (sizeof(size_t) > sizeof(unsigned int) && blocks > (1U << 28)) + if (sizeof(size_t) > sizeof(unsigned int) && blocks > (1U << 28)) { blocks = (1U << 28); + } /* As (*func) operates on 32-bit counter, caller * has to handle overflow. 'if' below detects the * overflow, which is then handled by limiting the @@ -194,8 +197,9 @@ void CRYPTO_ctr128_encrypt_ctr32(const uint8_t *in, uint8_t *out, /* (*func) does not update ivec, caller does: */ PUTU32(ivec + 12, ctr32); /* ... overflow was detected, propogate carry. */ - if (ctr32 == 0) + if (ctr32 == 0) { ctr96_inc(ivec); + } blocks *= 16; len -= blocks; out += blocks; diff --git a/src/crypto/modes/gcm.c b/src/crypto/modes/gcm.c index eeaeeff..b1c10b3 100644 --- a/src/crypto/modes/gcm.c +++ b/src/crypto/modes/gcm.c @@ -620,8 +620,9 @@ int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const uint8_t *aad, size_t len) { #endif if (len) { n = (unsigned int)len; - for (i = 0; i < len; ++i) + for (i = 0; i < len; ++i) { ctx->Xi.c[i] ^= aad[i]; + } } ctx->ares = n; @@ -1123,10 +1124,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, const uint8_t *in, GHASH(ctx, in, GHASH_CHUNK); (*stream)(in, out, GHASH_CHUNK / 16, key, ctx->Yi.c); ctr += GHASH_CHUNK / 16; - if (is_endian.little) + if (is_endian.little) { PUTU32(ctx->Yi.c + 12, ctr); - else + } else { ctx->Yi.d[3] = ctr; + } out += GHASH_CHUNK; in += GHASH_CHUNK; len -= GHASH_CHUNK; @@ -1140,8 +1142,9 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, const uint8_t *in, #else while (j--) { size_t k; - for (k = 0; k < 16; ++k) + for (k = 0; k < 16; ++k) { ctx->Xi.c[k] ^= in[k]; + } GCM_MUL(ctx, Xi); in += 16; } @@ -1150,10 +1153,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, const uint8_t *in, #endif (*stream)(in, out, j, key, ctx->Yi.c); ctr += (unsigned int)j; - if (is_endian.little) + if (is_endian.little) { PUTU32(ctx->Yi.c + 12, ctr); - else + } else { ctx->Yi.d[3] = ctr; + } out += i; in += i; len -= i; @@ -1161,10 +1165,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, const uint8_t *in, if (len) { (*ctx->block)(ctx->Yi.c, ctx->EKi.c, key); ++ctr; - if (is_endian.little) + if (is_endian.little) { PUTU32(ctx->Yi.c + 12, ctr); - else + } else { ctx->Yi.d[3] = ctr; + } while (len--) { uint8_t c = in[n]; ctx->Xi.c[n] ^= c; diff --git a/src/crypto/modes/gcm_test.c b/src/crypto/modes/gcm_test.c index 29f9d95..3548c81 100644 --- a/src/crypto/modes/gcm_test.c +++ b/src/crypto/modes/gcm_test.c @@ -294,9 +294,7 @@ static int decode_hex(uint8_t **out, size_t *out_len, const char *in, return 1; err: - if (buf) { - OPENSSL_free(buf); - } + OPENSSL_free(buf); return 0; } @@ -391,27 +389,13 @@ static int run_test_case(unsigned test_num, const struct test_case *test) { ret = 1; out: - if (key) { - OPENSSL_free(key); - } - if (plaintext) { - OPENSSL_free(plaintext); - } - if (additional_data) { - OPENSSL_free(additional_data); - } - if (nonce) { - OPENSSL_free(nonce); - } - if (ciphertext) { - OPENSSL_free(ciphertext); - } - if (tag) { - OPENSSL_free(tag); - } - if (out) { - OPENSSL_free(out); - } + OPENSSL_free(key); + OPENSSL_free(plaintext); + OPENSSL_free(additional_data); + OPENSSL_free(nonce); + OPENSSL_free(ciphertext); + OPENSSL_free(tag); + OPENSSL_free(out); return ret; } diff --git a/src/crypto/modes/internal.h b/src/crypto/modes/internal.h index 9662e0d..d12405e 100644 --- a/src/crypto/modes/internal.h +++ b/src/crypto/modes/internal.h @@ -121,6 +121,9 @@ extern "C" { #endif #elif defined(_MSC_VER) #if _MSC_VER >= 1300 +#pragma warning(push, 3) +#include +#pragma warning(pop) #pragma intrinsic(_byteswap_uint64, _byteswap_ulong) #define BSWAP8(x) _byteswap_uint64((uint64_t)(x)) #define BSWAP4(x) _byteswap_ulong((uint32_t)(x)) diff --git a/src/crypto/obj/CMakeLists.txt b/src/crypto/obj/CMakeLists.txt index ade603d..a27e504 100644 --- a/src/crypto/obj/CMakeLists.txt +++ b/src/crypto/obj/CMakeLists.txt @@ -7,5 +7,4 @@ add_library( obj.c obj_xref.c - obj_error.c ) diff --git a/src/crypto/obj/obj.c b/src/crypto/obj/obj.c index b04321b..511aba3 100644 --- a/src/crypto/obj/obj.c +++ b/src/crypto/obj/obj.c @@ -68,21 +68,26 @@ #include #include "obj_dat.h" +#include "../internal.h" -/* These globals are protected by CRYPTO_LOCK_OBJ. */ + +static struct CRYPTO_STATIC_MUTEX global_added_lock = CRYPTO_STATIC_MUTEX_INIT; +/* These globals are protected by |global_added_lock|. */ static LHASH_OF(ASN1_OBJECT) *global_added_by_data = NULL; static LHASH_OF(ASN1_OBJECT) *global_added_by_nid = NULL; static LHASH_OF(ASN1_OBJECT) *global_added_by_short_name = NULL; static LHASH_OF(ASN1_OBJECT) *global_added_by_long_name = NULL; +static struct CRYPTO_STATIC_MUTEX global_next_nid_lock = + CRYPTO_STATIC_MUTEX_INIT; static unsigned global_next_nid = NUM_NID; static int obj_next_nid(void) { int ret; - CRYPTO_w_lock(CRYPTO_LOCK_OBJ); + CRYPTO_STATIC_MUTEX_lock_write(&global_next_nid_lock); ret = global_next_nid++; - CRYPTO_w_unlock(CRYPTO_LOCK_OBJ); + CRYPTO_STATIC_MUTEX_unlock(&global_next_nid_lock); return ret; } @@ -130,7 +135,7 @@ ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o) { if (o->sn != NULL) { sn = OPENSSL_strdup(o->sn); - if (sn) { + if (sn == NULL) { goto err; } } @@ -145,15 +150,9 @@ ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o) { err: OPENSSL_PUT_ERROR(OBJ, OBJ_dup, ERR_R_MALLOC_FAILURE); - if (ln != NULL) { - OPENSSL_free(ln); - } - if (sn != NULL) { - OPENSSL_free(sn); - } - if (data != NULL) { - OPENSSL_free(data); - } + OPENSSL_free(ln); + OPENSSL_free(sn); + OPENSSL_free(data); OPENSSL_free(r); return NULL; } @@ -195,17 +194,17 @@ int OBJ_obj2nid(const ASN1_OBJECT *obj) { return obj->nid; } - CRYPTO_r_lock(CRYPTO_LOCK_OBJ); + CRYPTO_STATIC_MUTEX_lock_read(&global_added_lock); if (global_added_by_data != NULL) { ASN1_OBJECT *match; match = lh_ASN1_OBJECT_retrieve(global_added_by_data, obj); if (match != NULL) { - CRYPTO_r_unlock(CRYPTO_LOCK_OBJ); + CRYPTO_STATIC_MUTEX_unlock(&global_added_lock); return match->nid; } } - CRYPTO_r_unlock(CRYPTO_LOCK_OBJ); + CRYPTO_STATIC_MUTEX_unlock(&global_added_lock); nid_ptr = bsearch(obj, kNIDsInOIDOrder, NUM_OBJ, sizeof(unsigned), obj_cmp); if (nid_ptr == NULL) { @@ -237,18 +236,18 @@ static int short_name_cmp(const void *key, const void *element) { int OBJ_sn2nid(const char *short_name) { const unsigned int *nid_ptr; - CRYPTO_r_lock(CRYPTO_LOCK_OBJ); + CRYPTO_STATIC_MUTEX_lock_read(&global_added_lock); if (global_added_by_short_name != NULL) { ASN1_OBJECT *match, template; template.sn = short_name; match = lh_ASN1_OBJECT_retrieve(global_added_by_short_name, &template); if (match != NULL) { - CRYPTO_r_unlock(CRYPTO_LOCK_OBJ); + CRYPTO_STATIC_MUTEX_unlock(&global_added_lock); return match->nid; } } - CRYPTO_r_unlock(CRYPTO_LOCK_OBJ); + CRYPTO_STATIC_MUTEX_unlock(&global_added_lock); nid_ptr = bsearch(short_name, kNIDsInShortNameOrder, NUM_SN, sizeof(unsigned), short_name_cmp); if (nid_ptr == NULL) { @@ -271,18 +270,18 @@ static int long_name_cmp(const void *key, const void *element) { int OBJ_ln2nid(const char *long_name) { const unsigned int *nid_ptr; - CRYPTO_r_lock(CRYPTO_LOCK_OBJ); + CRYPTO_STATIC_MUTEX_lock_read(&global_added_lock); if (global_added_by_long_name != NULL) { ASN1_OBJECT *match, template; template.ln = long_name; match = lh_ASN1_OBJECT_retrieve(global_added_by_long_name, &template); if (match != NULL) { - CRYPTO_r_unlock(CRYPTO_LOCK_OBJ); + CRYPTO_STATIC_MUTEX_unlock(&global_added_lock); return match->nid; } } - CRYPTO_r_unlock(CRYPTO_LOCK_OBJ); + CRYPTO_STATIC_MUTEX_unlock(&global_added_lock); nid_ptr = bsearch(long_name, kNIDsInLongNameOrder, NUM_LN, sizeof(unsigned), long_name_cmp); if (nid_ptr == NULL) { @@ -324,18 +323,18 @@ const ASN1_OBJECT *OBJ_nid2obj(int nid) { return &kObjects[nid]; } - CRYPTO_r_lock(CRYPTO_LOCK_OBJ); + CRYPTO_STATIC_MUTEX_lock_read(&global_added_lock); if (global_added_by_nid != NULL) { ASN1_OBJECT *match, template; template.nid = nid; match = lh_ASN1_OBJECT_retrieve(global_added_by_nid, &template); if (match != NULL) { - CRYPTO_r_unlock(CRYPTO_LOCK_OBJ); + CRYPTO_STATIC_MUTEX_unlock(&global_added_lock); return match; } } - CRYPTO_r_unlock(CRYPTO_LOCK_OBJ); + CRYPTO_STATIC_MUTEX_unlock(&global_added_lock); err: OPENSSL_PUT_ERROR(OBJ, OBJ_nid2obj, OBJ_R_UNKNOWN_NID); @@ -543,15 +542,11 @@ int OBJ_obj2txt(char *out, int out_len, const ASN1_OBJECT *obj, int dont_return_ } } - if (bl) { - BN_free(bl); - } + BN_free(bl); return n; err: - if (bl) { - BN_free(bl); - } + BN_free(bl); return -1; } @@ -600,7 +595,7 @@ static int obj_add_object(ASN1_OBJECT *obj) { obj->flags &= ~(ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | ASN1_OBJECT_FLAG_DYNAMIC_DATA); - CRYPTO_w_lock(CRYPTO_LOCK_OBJ); + CRYPTO_STATIC_MUTEX_lock_write(&global_added_lock); if (global_added_by_nid == NULL) { global_added_by_nid = lh_ASN1_OBJECT_new(hash_nid, cmp_nid); global_added_by_data = lh_ASN1_OBJECT_new(hash_data, cmp_data); @@ -623,7 +618,7 @@ static int obj_add_object(ASN1_OBJECT *obj) { if (obj->ln != NULL) { ok &= lh_ASN1_OBJECT_insert(global_added_by_long_name, &old_object, obj); } - CRYPTO_w_unlock(CRYPTO_LOCK_OBJ); + CRYPTO_STATIC_MUTEX_unlock(&global_added_lock); return ok; } @@ -662,12 +657,8 @@ int OBJ_create(const char *oid, const char *short_name, const char *long_name) { op = NULL; err: - if (op != NULL) { - ASN1_OBJECT_free(op); - } - if (buf != NULL) { - OPENSSL_free(buf); - } + ASN1_OBJECT_free(op); + OPENSSL_free(buf); return ret; } diff --git a/src/crypto/obj/obj_error.c b/src/crypto/obj/obj_error.c deleted file mode 100644 index 1ec9771..0000000 --- a/src/crypto/obj/obj_error.c +++ /dev/null @@ -1,26 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#include - -#include - -const ERR_STRING_DATA OBJ_error_string_data[] = { - {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_create, 0), "OBJ_create"}, - {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_dup, 0), "OBJ_dup"}, - {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_nid2obj, 0), "OBJ_nid2obj"}, - {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_txt2obj, 0), "OBJ_txt2obj"}, - {ERR_PACK(ERR_LIB_OBJ, 0, OBJ_R_UNKNOWN_NID), "UNKNOWN_NID"}, - {0, NULL}, -}; diff --git a/src/crypto/pem/CMakeLists.txt b/src/crypto/pem/CMakeLists.txt index 3275b15..720ba2f 100644 --- a/src/crypto/pem/CMakeLists.txt +++ b/src/crypto/pem/CMakeLists.txt @@ -6,7 +6,6 @@ add_library( OBJECT pem_all.c - pem_error.c pem_info.c pem_lib.c pem_oth.c diff --git a/src/crypto/pem/pem_error.c b/src/crypto/pem/pem_error.c deleted file mode 100644 index 2745f4c..0000000 --- a/src/crypto/pem/pem_error.c +++ /dev/null @@ -1,73 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#include - -#include - -const ERR_STRING_DATA PEM_error_string_data[] = { - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_ASN1_read, 0), "PEM_ASN1_read"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_ASN1_read_bio, 0), "PEM_ASN1_read_bio"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_ASN1_write, 0), "PEM_ASN1_write"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_ASN1_write_bio, 0), "PEM_ASN1_write_bio"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_X509_INFO_read, 0), "PEM_X509_INFO_read"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_X509_INFO_read_bio, 0), "PEM_X509_INFO_read_bio"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_X509_INFO_write_bio, 0), "PEM_X509_INFO_write_bio"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_do_header, 0), "PEM_do_header"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_get_EVP_CIPHER_INFO, 0), "PEM_get_EVP_CIPHER_INFO"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_read, 0), "PEM_read"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_read_DHparams, 0), "PEM_read_DHparams"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_read_PrivateKey, 0), "PEM_read_PrivateKey"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_read_bio, 0), "PEM_read_bio"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_read_bio_DHparams, 0), "PEM_read_bio_DHparams"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_read_bio_Parameters, 0), "PEM_read_bio_Parameters"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_read_bio_PrivateKey, 0), "PEM_read_bio_PrivateKey"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_write, 0), "PEM_write"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_write_PrivateKey, 0), "PEM_write_PrivateKey"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_write_bio, 0), "PEM_write_bio"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_d2i_PKCS8PrivateKey_bio, 0), "d2i_PKCS8PrivateKey_bio"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_d2i_PKCS8PrivateKey_fp, 0), "d2i_PKCS8PrivateKey_fp"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_do_pk8pkey, 0), "do_pk8pkey"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_do_pk8pkey_fp, 0), "do_pk8pkey_fp"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_load_iv, 0), "load_iv"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_BASE64_DECODE), "BAD_BASE64_DECODE"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_DECRYPT), "BAD_DECRYPT"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_END_LINE), "BAD_END_LINE"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_IV_CHARS), "BAD_IV_CHARS"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_MAGIC_NUMBER), "BAD_MAGIC_NUMBER"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_PASSWORD_READ), "BAD_PASSWORD_READ"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_VERSION_NUMBER), "BAD_VERSION_NUMBER"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BIO_WRITE_FAILURE), "BIO_WRITE_FAILURE"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_CIPHER_IS_NULL), "CIPHER_IS_NULL"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_ERROR_CONVERTING_PRIVATE_KEY), "ERROR_CONVERTING_PRIVATE_KEY"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_EXPECTING_PRIVATE_KEY_BLOB), "EXPECTING_PRIVATE_KEY_BLOB"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_EXPECTING_PUBLIC_KEY_BLOB), "EXPECTING_PUBLIC_KEY_BLOB"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_INCONSISTENT_HEADER), "INCONSISTENT_HEADER"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_KEYBLOB_HEADER_PARSE_ERROR), "KEYBLOB_HEADER_PARSE_ERROR"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_KEYBLOB_TOO_SHORT), "KEYBLOB_TOO_SHORT"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NOT_DEK_INFO), "NOT_DEK_INFO"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NOT_ENCRYPTED), "NOT_ENCRYPTED"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NOT_PROC_TYPE), "NOT_PROC_TYPE"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NO_START_LINE), "NO_START_LINE"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_PROBLEMS_GETTING_PASSWORD), "PROBLEMS_GETTING_PASSWORD"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_PUBLIC_KEY_NO_RSA), "PUBLIC_KEY_NO_RSA"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_PVK_DATA_TOO_SHORT), "PVK_DATA_TOO_SHORT"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_PVK_TOO_SHORT), "PVK_TOO_SHORT"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_READ_KEY), "READ_KEY"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_SHORT_HEADER), "SHORT_HEADER"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_CIPHER), "UNSUPPORTED_CIPHER"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_ENCRYPTION), "UNSUPPORTED_ENCRYPTION"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_KEY_COMPONENTS), "UNSUPPORTED_KEY_COMPONENTS"}, - {0, NULL}, -}; diff --git a/src/crypto/pem/pem_lib.c b/src/crypto/pem/pem_lib.c index ff72c44..48e3297 100644 --- a/src/crypto/pem/pem_lib.c +++ b/src/crypto/pem/pem_lib.c @@ -363,10 +363,11 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, || !EVP_EncryptUpdate(&ctx,data,&j,data,i) || !EVP_EncryptFinal_ex(&ctx,&(data[j]),&i)) ret = 0; + else + i += j; EVP_CIPHER_CTX_cleanup(&ctx); if (ret == 0) goto err; - i+=j; } else { diff --git a/src/crypto/pem/pem_pk8.c b/src/crypto/pem/pem_pk8.c index 18cfb92..383a524 100644 --- a/src/crypto/pem/pem_pk8.c +++ b/src/crypto/pem/pem_pk8.c @@ -59,6 +59,7 @@ #include #include #include +#include #include #include #include diff --git a/src/crypto/perlasm/arm-xlate.pl b/src/crypto/perlasm/arm-xlate.pl new file mode 100755 index 0000000..81ceb31 --- /dev/null +++ b/src/crypto/perlasm/arm-xlate.pl @@ -0,0 +1,165 @@ +#!/usr/bin/env perl + +# ARM assembler distiller by . + +my $flavour = shift; +my $output = shift; +open STDOUT,">$output" || die "can't open $output: $!"; + +$flavour = "linux32" if (!$flavour or $flavour eq "void"); + +my %GLOBALS; +my $dotinlocallabels=($flavour=~/linux/)?1:0; + +################################################################ +# directives which need special treatment on different platforms +################################################################ +my $arch = sub { + if ($flavour =~ /linux/) { ".arch\t".join(',',@_); } + else { ""; } +}; +my $fpu = sub { + if ($flavour =~ /linux/) { ".fpu\t".join(',',@_); } + else { ""; } +}; +my $hidden = sub { + if ($flavour =~ /ios/) { ".private_extern\t".join(',',@_); } + else { ".hidden\t".join(',',@_); } +}; +my $comm = sub { + my @args = split(/,\s*/,shift); + my $name = @args[0]; + my $global = \$GLOBALS{$name}; + my $ret; + + if ($flavour =~ /ios32/) { + $ret = ".comm\t_$name,@args[1]\n"; + $ret .= ".non_lazy_symbol_pointer\n"; + $ret .= "$name:\n"; + $ret .= ".indirect_symbol\t_$name\n"; + $ret .= ".long\t0"; + $name = "_$name"; + } else { $ret = ".comm\t".join(',',@args); } + + $$global = $name; + $ret; +}; +my $globl = sub { + my $name = shift; + my $global = \$GLOBALS{$name}; + my $ret; + + SWITCH: for ($flavour) { + /ios/ && do { $name = "_$name"; + last; + }; + } + + $ret = ".globl $name" if (!$ret); + $$global = $name; + $ret; +}; +my $global = $globl; +my $extern = sub { + &$globl(@_); + return; # return nothing +}; +my $type = sub { + if ($flavour =~ /linux/) { ".type\t".join(',',@_); } + else { ""; } +}; +my $size = sub { + if ($flavour =~ /linux/) { ".size\t".join(',',@_); } + else { ""; } +}; +my $inst = sub { + if ($flavour =~ /linux/) { ".inst\t".join(',',@_); } + else { ".long\t".join(',',@_); } +}; +my $asciz = sub { + my $line = join(",",@_); + if ($line =~ /^"(.*)"$/) + { ".byte " . join(",",unpack("C*",$1),0) . "\n.align 2"; } + else + { ""; } +}; + +sub range { + my ($r,$sfx,$start,$end) = @_; + + join(",",map("$r$_$sfx",($start..$end))); +} + +sub expand_line { + my $line = shift; + my @ret = (); + + pos($line)=0; + + while ($line =~ m/\G[^@\/\{\"]*/g) { + if ($line =~ m/\G(@|\/\/|$)/gc) { + last; + } + elsif ($line =~ m/\G\{/gc) { + my $saved_pos = pos($line); + $line =~ s/\G([rdqv])([0-9]+)([^\-]*)\-\1([0-9]+)\3/range($1,$3,$2,$4)/e; + pos($line) = $saved_pos; + $line =~ m/\G[^\}]*\}/g; + } + elsif ($line =~ m/\G\"/gc) { + $line =~ m/\G[^\"]*\"/g; + } + } + + $line =~ s/\b(\w+)/$GLOBALS{$1} or $1/ge; + + return $line; +} + +while($line=<>) { + + if ($line =~ m/^\s*(#|@|\/\/)/) { print $line; next; } + + $line =~ s|/\*.*\*/||; # get rid of C-style comments... + $line =~ s|^\s+||; # ... and skip white spaces in beginning... + $line =~ s|\s+$||; # ... and at the end + + { + $line =~ s|[\b\.]L(\w{2,})|L$1|g; # common denominator for Locallabel + $line =~ s|\bL(\w{2,})|\.L$1|g if ($dotinlocallabels); + } + + { + $line =~ s|(^[\.\w]+)\:\s*||; + my $label = $1; + if ($label) { + printf "%s:",($GLOBALS{$label} or $label); + } + } + + if ($line !~ m/^[#@]/) { + $line =~ s|^\s*(\.?)(\S+)\s*||; + my $c = $1; $c = "\t" if ($c eq ""); + my $mnemonic = $2; + my $opcode; + if ($mnemonic =~ m/([^\.]+)\.([^\.]+)/) { + $opcode = eval("\$$1_$2"); + } else { + $opcode = eval("\$$mnemonic"); + } + + my $arg=expand_line($line); + + if (ref($opcode) eq 'CODE') { + $line = &$opcode($arg); + } elsif ($mnemonic) { + $line = $c.$mnemonic; + $line.= "\t$arg" if ($arg ne ""); + } + } + + print $line if ($line); + print "\n"; +} + +close STDOUT; diff --git a/src/crypto/perlasm/ppc-xlate.pl b/src/crypto/perlasm/ppc-xlate.pl deleted file mode 100755 index 3c1caac..0000000 --- a/src/crypto/perlasm/ppc-xlate.pl +++ /dev/null @@ -1,167 +0,0 @@ -#!/usr/bin/env perl - -# PowerPC assembler distiller by . - -my $flavour = shift; -my $output = shift; -open STDOUT,">$output" || die "can't open $output: $!"; - -my %GLOBALS; -my $dotinlocallabels=($flavour=~/linux/)?1:0; - -################################################################ -# directives which need special treatment on different platforms -################################################################ -my $globl = sub { - my $junk = shift; - my $name = shift; - my $global = \$GLOBALS{$name}; - my $ret; - - $name =~ s|^[\.\_]||; - - SWITCH: for ($flavour) { - /aix/ && do { $name = ".$name"; - last; - }; - /osx/ && do { $name = "_$name"; - last; - }; - /linux.*(32|64le)/ - && do { $ret .= ".globl $name\n"; - $ret .= ".type $name,\@function"; - last; - }; - /linux.*64/ && do { $ret .= ".globl $name\n"; - $ret .= ".type $name,\@function\n"; - $ret .= ".section \".opd\",\"aw\"\n"; - $ret .= ".align 3\n"; - $ret .= "$name:\n"; - $ret .= ".quad .$name,.TOC.\@tocbase,0\n"; - $ret .= ".previous\n"; - - $name = ".$name"; - last; - }; - } - - $ret = ".globl $name" if (!$ret); - $$global = $name; - $ret; -}; -my $text = sub { - my $ret = ($flavour =~ /aix/) ? ".csect" : ".text"; - $ret = ".abiversion 2\n".$ret if ($flavour =~ /linux.*64le/); - $ret; -}; -my $machine = sub { - my $junk = shift; - my $arch = shift; - if ($flavour =~ /osx/) - { $arch =~ s/\"//g; - $arch = ($flavour=~/64/) ? "ppc970-64" : "ppc970" if ($arch eq "any"); - } - ".machine $arch"; -}; -my $size = sub { - if ($flavour =~ /linux/) - { shift; - my $name = shift; $name =~ s|^[\.\_]||; - my $ret = ".size $name,.-".($flavour=~/64$/?".":"").$name; - $ret .= "\n.size .$name,.-.$name" if ($flavour=~/64$/); - $ret; - } - else - { ""; } -}; -my $asciz = sub { - shift; - my $line = join(",",@_); - if ($line =~ /^"(.*)"$/) - { ".byte " . join(",",unpack("C*",$1),0) . "\n.align 2"; } - else - { ""; } -}; - -################################################################ -# simplified mnemonics not handled by at least one assembler -################################################################ -my $cmplw = sub { - my $f = shift; - my $cr = 0; $cr = shift if ($#_>1); - # Some out-of-date 32-bit GNU assembler just can't handle cmplw... - ($flavour =~ /linux.*32/) ? - " .long ".sprintf "0x%x",31<<26|$cr<<23|$_[0]<<16|$_[1]<<11|64 : - " cmplw ".join(',',$cr,@_); -}; -my $bdnz = sub { - my $f = shift; - my $bo = $f=~/[\+\-]/ ? 16+9 : 16; # optional "to be taken" hint - " bc $bo,0,".shift; -} if ($flavour!~/linux/); -my $bltlr = sub { - my $f = shift; - my $bo = $f=~/\-/ ? 12+2 : 12; # optional "not to be taken" hint - ($flavour =~ /linux/) ? # GNU as doesn't allow most recent hints - " .long ".sprintf "0x%x",19<<26|$bo<<21|16<<1 : - " bclr $bo,0"; -}; -my $bnelr = sub { - my $f = shift; - my $bo = $f=~/\-/ ? 4+2 : 4; # optional "not to be taken" hint - ($flavour =~ /linux/) ? # GNU as doesn't allow most recent hints - " .long ".sprintf "0x%x",19<<26|$bo<<21|2<<16|16<<1 : - " bclr $bo,2"; -}; -my $beqlr = sub { - my $f = shift; - my $bo = $f=~/-/ ? 12+2 : 12; # optional "not to be taken" hint - ($flavour =~ /linux/) ? # GNU as doesn't allow most recent hints - " .long ".sprintf "0x%X",19<<26|$bo<<21|2<<16|16<<1 : - " bclr $bo,2"; -}; -# GNU assembler can't handle extrdi rA,rS,16,48, or when sum of last two -# arguments is 64, with "operand out of range" error. -my $extrdi = sub { - my ($f,$ra,$rs,$n,$b) = @_; - $b = ($b+$n)&63; $n = 64-$n; - " rldicl $ra,$rs,$b,$n"; -}; - -while($line=<>) { - - $line =~ s|[#!;].*$||; # get rid of asm-style comments... - $line =~ s|/\*.*\*/||; # ... and C-style comments... - $line =~ s|^\s+||; # ... and skip white spaces in beginning... - $line =~ s|\s+$||; # ... and at the end - - { - $line =~ s|\b\.L(\w+)|L$1|g; # common denominator for Locallabel - $line =~ s|\bL(\w+)|\.L$1|g if ($dotinlocallabels); - } - - { - $line =~ s|(^[\.\w]+)\:\s*||; - my $label = $1; - if ($label) { - printf "%s:",($GLOBALS{$label} or $label); - printf "\n.localentry\t$GLOBALS{$label},0" if ($GLOBALS{$label} && $flavour =~ /linux.*64le/); - } - } - - { - $line =~ s|^\s*(\.?)(\w+)([\.\+\-]?)\s*||; - my $c = $1; $c = "\t" if ($c eq ""); - my $mnemonic = $2; - my $f = $3; - my $opcode = eval("\$$mnemonic"); - $line =~ s|\bc?[rf]([0-9]+)\b|$1|g if ($c ne "." and $flavour !~ /osx/); - if (ref($opcode) eq 'CODE') { $line = &$opcode($f,split(',',$line)); } - elsif ($mnemonic) { $line = $c.$mnemonic.$f."\t".$line; } - } - - print $line if ($line); - print "\n"; -} - -close STDOUT; diff --git a/src/crypto/perlasm/sparcv9_modes.pl b/src/crypto/perlasm/sparcv9_modes.pl deleted file mode 100644 index 6b47bb1..0000000 --- a/src/crypto/perlasm/sparcv9_modes.pl +++ /dev/null @@ -1,1680 +0,0 @@ -#!/usr/bin/env perl - -# Specific modes implementations for SPARC Architecture 2011. There -# is T4 dependency though, an ASI value that is not specified in the -# Architecture Manual. But as SPARC universe is rather monocultural, -# we imply that processor capable of executing crypto instructions -# can handle the ASI in question as well. This means that we ought to -# keep eyes open when new processors emerge... -# -# As for above mentioned ASI. It's so called "block initializing -# store" which cancels "read" in "read-update-write" on cache lines. -# This is "cooperative" optimization, as it reduces overall pressure -# on memory interface. Benefits can't be observed/quantified with -# usual benchmarks, on the contrary you can notice that single-thread -# performance for parallelizable modes is ~1.5% worse for largest -# block sizes [though few percent better for not so long ones]. All -# this based on suggestions from David Miller. - -sub asm_init { # to be called with @ARGV as argument - for (@_) { $::abibits=64 if (/\-m64/ || /\-xarch\=v9/); } - if ($::abibits==64) { $::bias=2047; $::frame=192; $::size_t_cc="%xcc"; } - else { $::bias=0; $::frame=112; $::size_t_cc="%icc"; } -} - -# unified interface -my ($inp,$out,$len,$key,$ivec)=map("%i$_",(0..5)); -# local variables -my ($ileft,$iright,$ooff,$omask,$ivoff,$blk_init)=map("%l$_",(0..7)); - -sub alg_cbc_encrypt_implement { -my ($alg,$bits) = @_; - -$::code.=<<___; -.globl ${alg}${bits}_t4_cbc_encrypt -.align 32 -${alg}${bits}_t4_cbc_encrypt: - save %sp, -$::frame, %sp - sub $inp, $out, $blk_init ! $inp!=$out -___ -$::code.=<<___ if (!$::evp); - andcc $ivec, 7, $ivoff - alignaddr $ivec, %g0, $ivec - - ldd [$ivec + 0], %f0 ! load ivec - bz,pt %icc, 1f - ldd [$ivec + 8], %f2 - ldd [$ivec + 16], %f4 - faligndata %f0, %f2, %f0 - faligndata %f2, %f4, %f2 -1: -___ -$::code.=<<___ if ($::evp); - ld [$ivec + 0], %f0 - ld [$ivec + 4], %f1 - ld [$ivec + 8], %f2 - ld [$ivec + 12], %f3 -___ -$::code.=<<___; - prefetch [$inp], 20 - prefetch [$inp + 63], 20 - call _${alg}${bits}_load_enckey - and $inp, 7, $ileft - andn $inp, 7, $inp - sll $ileft, 3, $ileft - mov 64, $iright - mov 0xff, $omask - sub $iright, $ileft, $iright - and $out, 7, $ooff - cmp $len, 127 - movrnz $ooff, 0, $blk_init ! if ( $out&7 || - movleu $::size_t_cc, 0, $blk_init ! $len<128 || - brnz,pn $blk_init, .L${bits}cbc_enc_blk ! $inp==$out) - srl $omask, $ooff, $omask - - alignaddrl $out, %g0, $out - srlx $len, 4, $len - prefetch [$out], 22 - -.L${bits}_cbc_enc_loop: - ldx [$inp + 0], %o0 - brz,pt $ileft, 4f - ldx [$inp + 8], %o1 - - ldx [$inp + 16], %o2 - sllx %o0, $ileft, %o0 - srlx %o1, $iright, %g1 - sllx %o1, $ileft, %o1 - or %g1, %o0, %o0 - srlx %o2, $iright, %o2 - or %o2, %o1, %o1 -4: - xor %g4, %o0, %o0 ! ^= rk[0] - xor %g5, %o1, %o1 - movxtod %o0, %f12 - movxtod %o1, %f14 - - fxor %f12, %f0, %f0 ! ^= ivec - fxor %f14, %f2, %f2 - prefetch [$out + 63], 22 - prefetch [$inp + 16+63], 20 - call _${alg}${bits}_encrypt_1x - add $inp, 16, $inp - - brnz,pn $ooff, 2f - sub $len, 1, $len - - std %f0, [$out + 0] - std %f2, [$out + 8] - brnz,pt $len, .L${bits}_cbc_enc_loop - add $out, 16, $out -___ -$::code.=<<___ if ($::evp); - st %f0, [$ivec + 0] - st %f1, [$ivec + 4] - st %f2, [$ivec + 8] - st %f3, [$ivec + 12] -___ -$::code.=<<___ if (!$::evp); - brnz,pn $ivoff, 3f - nop - - std %f0, [$ivec + 0] ! write out ivec - std %f2, [$ivec + 8] -___ -$::code.=<<___; - ret - restore - -.align 16 -2: ldxa [$inp]0x82, %o0 ! avoid read-after-write hazard - ! and ~3x deterioration - ! in inp==out case - faligndata %f0, %f0, %f4 ! handle unaligned output - faligndata %f0, %f2, %f6 - faligndata %f2, %f2, %f8 - - stda %f4, [$out + $omask]0xc0 ! partial store - std %f6, [$out + 8] - add $out, 16, $out - orn %g0, $omask, $omask - stda %f8, [$out + $omask]0xc0 ! partial store - - brnz,pt $len, .L${bits}_cbc_enc_loop+4 - orn %g0, $omask, $omask -___ -$::code.=<<___ if ($::evp); - st %f0, [$ivec + 0] - st %f1, [$ivec + 4] - st %f2, [$ivec + 8] - st %f3, [$ivec + 12] -___ -$::code.=<<___ if (!$::evp); - brnz,pn $ivoff, 3f - nop - - std %f0, [$ivec + 0] ! write out ivec - std %f2, [$ivec + 8] - ret - restore - -.align 16 -3: alignaddrl $ivec, $ivoff, %g0 ! handle unaligned ivec - mov 0xff, $omask - srl $omask, $ivoff, $omask - faligndata %f0, %f0, %f4 - faligndata %f0, %f2, %f6 - faligndata %f2, %f2, %f8 - stda %f4, [$ivec + $omask]0xc0 - std %f6, [$ivec + 8] - add $ivec, 16, $ivec - orn %g0, $omask, $omask - stda %f8, [$ivec + $omask]0xc0 -___ -$::code.=<<___; - ret - restore - -!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -.align 32 -.L${bits}cbc_enc_blk: - add $out, $len, $blk_init - and $blk_init, 63, $blk_init ! tail - sub $len, $blk_init, $len - add $blk_init, 15, $blk_init ! round up to 16n - srlx $len, 4, $len - srl $blk_init, 4, $blk_init - -.L${bits}_cbc_enc_blk_loop: - ldx [$inp + 0], %o0 - brz,pt $ileft, 5f - ldx [$inp + 8], %o1 - - ldx [$inp + 16], %o2 - sllx %o0, $ileft, %o0 - srlx %o1, $iright, %g1 - sllx %o1, $ileft, %o1 - or %g1, %o0, %o0 - srlx %o2, $iright, %o2 - or %o2, %o1, %o1 -5: - xor %g4, %o0, %o0 ! ^= rk[0] - xor %g5, %o1, %o1 - movxtod %o0, %f12 - movxtod %o1, %f14 - - fxor %f12, %f0, %f0 ! ^= ivec - fxor %f14, %f2, %f2 - prefetch [$inp + 16+63], 20 - call _${alg}${bits}_encrypt_1x - add $inp, 16, $inp - sub $len, 1, $len - - stda %f0, [$out]0xe2 ! ASI_BLK_INIT, T4-specific - add $out, 8, $out - stda %f2, [$out]0xe2 ! ASI_BLK_INIT, T4-specific - brnz,pt $len, .L${bits}_cbc_enc_blk_loop - add $out, 8, $out - - membar #StoreLoad|#StoreStore - brnz,pt $blk_init, .L${bits}_cbc_enc_loop - mov $blk_init, $len -___ -$::code.=<<___ if ($::evp); - st %f0, [$ivec + 0] - st %f1, [$ivec + 4] - st %f2, [$ivec + 8] - st %f3, [$ivec + 12] -___ -$::code.=<<___ if (!$::evp); - brnz,pn $ivoff, 3b - nop - - std %f0, [$ivec + 0] ! write out ivec - std %f2, [$ivec + 8] -___ -$::code.=<<___; - ret - restore -.type ${alg}${bits}_t4_cbc_encrypt,#function -.size ${alg}${bits}_t4_cbc_encrypt,.-${alg}${bits}_t4_cbc_encrypt -___ -} - -sub alg_cbc_decrypt_implement { -my ($alg,$bits) = @_; - -$::code.=<<___; -.globl ${alg}${bits}_t4_cbc_decrypt -.align 32 -${alg}${bits}_t4_cbc_decrypt: - save %sp, -$::frame, %sp - sub $inp, $out, $blk_init ! $inp!=$out -___ -$::code.=<<___ if (!$::evp); - andcc $ivec, 7, $ivoff - alignaddr $ivec, %g0, $ivec - - ldd [$ivec + 0], %f12 ! load ivec - bz,pt %icc, 1f - ldd [$ivec + 8], %f14 - ldd [$ivec + 16], %f0 - faligndata %f12, %f14, %f12 - faligndata %f14, %f0, %f14 -1: -___ -$::code.=<<___ if ($::evp); - ld [$ivec + 0], %f12 ! load ivec - ld [$ivec + 4], %f13 - ld [$ivec + 8], %f14 - ld [$ivec + 12], %f15 -___ -$::code.=<<___; - prefetch [$inp], 20 - prefetch [$inp + 63], 20 - call _${alg}${bits}_load_deckey - and $inp, 7, $ileft - andn $inp, 7, $inp - sll $ileft, 3, $ileft - mov 64, $iright - mov 0xff, $omask - sub $iright, $ileft, $iright - and $out, 7, $ooff - cmp $len, 255 - movrnz $ooff, 0, $blk_init ! if ( $out&7 || - movleu $::size_t_cc, 0, $blk_init ! $len<256 || - brnz,pn $blk_init, .L${bits}cbc_dec_blk ! $inp==$out) - srl $omask, $ooff, $omask - - andcc $len, 16, %g0 ! is number of blocks even? - srlx $len, 4, $len - alignaddrl $out, %g0, $out - bz %icc, .L${bits}_cbc_dec_loop2x - prefetch [$out], 22 -.L${bits}_cbc_dec_loop: - ldx [$inp + 0], %o0 - brz,pt $ileft, 4f - ldx [$inp + 8], %o1 - - ldx [$inp + 16], %o2 - sllx %o0, $ileft, %o0 - srlx %o1, $iright, %g1 - sllx %o1, $ileft, %o1 - or %g1, %o0, %o0 - srlx %o2, $iright, %o2 - or %o2, %o1, %o1 -4: - xor %g4, %o0, %o2 ! ^= rk[0] - xor %g5, %o1, %o3 - movxtod %o2, %f0 - movxtod %o3, %f2 - - prefetch [$out + 63], 22 - prefetch [$inp + 16+63], 20 - call _${alg}${bits}_decrypt_1x - add $inp, 16, $inp - - fxor %f12, %f0, %f0 ! ^= ivec - fxor %f14, %f2, %f2 - movxtod %o0, %f12 - movxtod %o1, %f14 - - brnz,pn $ooff, 2f - sub $len, 1, $len - - std %f0, [$out + 0] - std %f2, [$out + 8] - brnz,pt $len, .L${bits}_cbc_dec_loop2x - add $out, 16, $out -___ -$::code.=<<___ if ($::evp); - st %f12, [$ivec + 0] - st %f13, [$ivec + 4] - st %f14, [$ivec + 8] - st %f15, [$ivec + 12] -___ -$::code.=<<___ if (!$::evp); - brnz,pn $ivoff, .L${bits}_cbc_dec_unaligned_ivec - nop - - std %f12, [$ivec + 0] ! write out ivec - std %f14, [$ivec + 8] -___ -$::code.=<<___; - ret - restore - -.align 16 -2: ldxa [$inp]0x82, %o0 ! avoid read-after-write hazard - ! and ~3x deterioration - ! in inp==out case - faligndata %f0, %f0, %f4 ! handle unaligned output - faligndata %f0, %f2, %f6 - faligndata %f2, %f2, %f8 - - stda %f4, [$out + $omask]0xc0 ! partial store - std %f6, [$out + 8] - add $out, 16, $out - orn %g0, $omask, $omask - stda %f8, [$out + $omask]0xc0 ! partial store - - brnz,pt $len, .L${bits}_cbc_dec_loop2x+4 - orn %g0, $omask, $omask -___ -$::code.=<<___ if ($::evp); - st %f12, [$ivec + 0] - st %f13, [$ivec + 4] - st %f14, [$ivec + 8] - st %f15, [$ivec + 12] -___ -$::code.=<<___ if (!$::evp); - brnz,pn $ivoff, .L${bits}_cbc_dec_unaligned_ivec - nop - - std %f12, [$ivec + 0] ! write out ivec - std %f14, [$ivec + 8] -___ -$::code.=<<___; - ret - restore - -!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -.align 32 -.L${bits}_cbc_dec_loop2x: - ldx [$inp + 0], %o0 - ldx [$inp + 8], %o1 - ldx [$inp + 16], %o2 - brz,pt $ileft, 4f - ldx [$inp + 24], %o3 - - ldx [$inp + 32], %o4 - sllx %o0, $ileft, %o0 - srlx %o1, $iright, %g1 - or %g1, %o0, %o0 - sllx %o1, $ileft, %o1 - srlx %o2, $iright, %g1 - or %g1, %o1, %o1 - sllx %o2, $ileft, %o2 - srlx %o3, $iright, %g1 - or %g1, %o2, %o2 - sllx %o3, $ileft, %o3 - srlx %o4, $iright, %o4 - or %o4, %o3, %o3 -4: - xor %g4, %o0, %o4 ! ^= rk[0] - xor %g5, %o1, %o5 - movxtod %o4, %f0 - movxtod %o5, %f2 - xor %g4, %o2, %o4 - xor %g5, %o3, %o5 - movxtod %o4, %f4 - movxtod %o5, %f6 - - prefetch [$out + 63], 22 - prefetch [$inp + 32+63], 20 - call _${alg}${bits}_decrypt_2x - add $inp, 32, $inp - - movxtod %o0, %f8 - movxtod %o1, %f10 - fxor %f12, %f0, %f0 ! ^= ivec - fxor %f14, %f2, %f2 - movxtod %o2, %f12 - movxtod %o3, %f14 - fxor %f8, %f4, %f4 - fxor %f10, %f6, %f6 - - brnz,pn $ooff, 2f - sub $len, 2, $len - - std %f0, [$out + 0] - std %f2, [$out + 8] - std %f4, [$out + 16] - std %f6, [$out + 24] - brnz,pt $len, .L${bits}_cbc_dec_loop2x - add $out, 32, $out -___ -$::code.=<<___ if ($::evp); - st %f12, [$ivec + 0] - st %f13, [$ivec + 4] - st %f14, [$ivec + 8] - st %f15, [$ivec + 12] -___ -$::code.=<<___ if (!$::evp); - brnz,pn $ivoff, .L${bits}_cbc_dec_unaligned_ivec - nop - - std %f12, [$ivec + 0] ! write out ivec - std %f14, [$ivec + 8] -___ -$::code.=<<___; - ret - restore - -.align 16 -2: ldxa [$inp]0x82, %o0 ! avoid read-after-write hazard - ! and ~3x deterioration - ! in inp==out case - faligndata %f0, %f0, %f8 ! handle unaligned output - faligndata %f0, %f2, %f0 - faligndata %f2, %f4, %f2 - faligndata %f4, %f6, %f4 - faligndata %f6, %f6, %f6 - stda %f8, [$out + $omask]0xc0 ! partial store - std %f0, [$out + 8] - std %f2, [$out + 16] - std %f4, [$out + 24] - add $out, 32, $out - orn %g0, $omask, $omask - stda %f6, [$out + $omask]0xc0 ! partial store - - brnz,pt $len, .L${bits}_cbc_dec_loop2x+4 - orn %g0, $omask, $omask -___ -$::code.=<<___ if ($::evp); - st %f12, [$ivec + 0] - st %f13, [$ivec + 4] - st %f14, [$ivec + 8] - st %f15, [$ivec + 12] -___ -$::code.=<<___ if (!$::evp); - brnz,pn $ivoff, .L${bits}_cbc_dec_unaligned_ivec - nop - - std %f12, [$ivec + 0] ! write out ivec - std %f14, [$ivec + 8] - ret - restore - -.align 16 -.L${bits}_cbc_dec_unaligned_ivec: - alignaddrl $ivec, $ivoff, %g0 ! handle unaligned ivec - mov 0xff, $omask - srl $omask, $ivoff, $omask - faligndata %f12, %f12, %f0 - faligndata %f12, %f14, %f2 - faligndata %f14, %f14, %f4 - stda %f0, [$ivec + $omask]0xc0 - std %f2, [$ivec + 8] - add $ivec, 16, $ivec - orn %g0, $omask, $omask - stda %f4, [$ivec + $omask]0xc0 -___ -$::code.=<<___; - ret - restore - -!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -.align 32 -.L${bits}cbc_dec_blk: - add $out, $len, $blk_init - and $blk_init, 63, $blk_init ! tail - sub $len, $blk_init, $len - add $blk_init, 15, $blk_init ! round up to 16n - srlx $len, 4, $len - srl $blk_init, 4, $blk_init - sub $len, 1, $len - add $blk_init, 1, $blk_init - -.L${bits}_cbc_dec_blk_loop2x: - ldx [$inp + 0], %o0 - ldx [$inp + 8], %o1 - ldx [$inp + 16], %o2 - brz,pt $ileft, 5f - ldx [$inp + 24], %o3 - - ldx [$inp + 32], %o4 - sllx %o0, $ileft, %o0 - srlx %o1, $iright, %g1 - or %g1, %o0, %o0 - sllx %o1, $ileft, %o1 - srlx %o2, $iright, %g1 - or %g1, %o1, %o1 - sllx %o2, $ileft, %o2 - srlx %o3, $iright, %g1 - or %g1, %o2, %o2 - sllx %o3, $ileft, %o3 - srlx %o4, $iright, %o4 - or %o4, %o3, %o3 -5: - xor %g4, %o0, %o4 ! ^= rk[0] - xor %g5, %o1, %o5 - movxtod %o4, %f0 - movxtod %o5, %f2 - xor %g4, %o2, %o4 - xor %g5, %o3, %o5 - movxtod %o4, %f4 - movxtod %o5, %f6 - - prefetch [$inp + 32+63], 20 - call _${alg}${bits}_decrypt_2x - add $inp, 32, $inp - subcc $len, 2, $len - - movxtod %o0, %f8 - movxtod %o1, %f10 - fxor %f12, %f0, %f0 ! ^= ivec - fxor %f14, %f2, %f2 - movxtod %o2, %f12 - movxtod %o3, %f14 - fxor %f8, %f4, %f4 - fxor %f10, %f6, %f6 - - stda %f0, [$out]0xe2 ! ASI_BLK_INIT, T4-specific - add $out, 8, $out - stda %f2, [$out]0xe2 ! ASI_BLK_INIT, T4-specific - add $out, 8, $out - stda %f4, [$out]0xe2 ! ASI_BLK_INIT, T4-specific - add $out, 8, $out - stda %f6, [$out]0xe2 ! ASI_BLK_INIT, T4-specific - bgu,pt $::size_t_cc, .L${bits}_cbc_dec_blk_loop2x - add $out, 8, $out - - add $blk_init, $len, $len - andcc $len, 1, %g0 ! is number of blocks even? - membar #StoreLoad|#StoreStore - bnz,pt %icc, .L${bits}_cbc_dec_loop - srl $len, 0, $len - brnz,pn $len, .L${bits}_cbc_dec_loop2x - nop -___ -$::code.=<<___ if ($::evp); - st %f12, [$ivec + 0] ! write out ivec - st %f13, [$ivec + 4] - st %f14, [$ivec + 8] - st %f15, [$ivec + 12] -___ -$::code.=<<___ if (!$::evp); - brnz,pn $ivoff, 3b - nop - - std %f12, [$ivec + 0] ! write out ivec - std %f14, [$ivec + 8] -___ -$::code.=<<___; - ret - restore -.type ${alg}${bits}_t4_cbc_decrypt,#function -.size ${alg}${bits}_t4_cbc_decrypt,.-${alg}${bits}_t4_cbc_decrypt -___ -} - -sub alg_ctr32_implement { -my ($alg,$bits) = @_; - -$::code.=<<___; -.globl ${alg}${bits}_t4_ctr32_encrypt -.align 32 -${alg}${bits}_t4_ctr32_encrypt: - save %sp, -$::frame, %sp - - prefetch [$inp], 20 - prefetch [$inp + 63], 20 - call _${alg}${bits}_load_enckey - sllx $len, 4, $len - - ld [$ivec + 0], %l4 ! counter - ld [$ivec + 4], %l5 - ld [$ivec + 8], %l6 - ld [$ivec + 12], %l7 - - sllx %l4, 32, %o5 - or %l5, %o5, %o5 - sllx %l6, 32, %g1 - xor %o5, %g4, %g4 ! ^= rk[0] - xor %g1, %g5, %g5 - movxtod %g4, %f14 ! most significant 64 bits - - sub $inp, $out, $blk_init ! $inp!=$out - and $inp, 7, $ileft - andn $inp, 7, $inp - sll $ileft, 3, $ileft - mov 64, $iright - mov 0xff, $omask - sub $iright, $ileft, $iright - and $out, 7, $ooff - cmp $len, 255 - movrnz $ooff, 0, $blk_init ! if ( $out&7 || - movleu $::size_t_cc, 0, $blk_init ! $len<256 || - brnz,pn $blk_init, .L${bits}_ctr32_blk ! $inp==$out) - srl $omask, $ooff, $omask - - andcc $len, 16, %g0 ! is number of blocks even? - alignaddrl $out, %g0, $out - bz %icc, .L${bits}_ctr32_loop2x - srlx $len, 4, $len -.L${bits}_ctr32_loop: - ldx [$inp + 0], %o0 - brz,pt $ileft, 4f - ldx [$inp + 8], %o1 - - ldx [$inp + 16], %o2 - sllx %o0, $ileft, %o0 - srlx %o1, $iright, %g1 - sllx %o1, $ileft, %o1 - or %g1, %o0, %o0 - srlx %o2, $iright, %o2 - or %o2, %o1, %o1 -4: - xor %g5, %l7, %g1 ! ^= rk[0] - add %l7, 1, %l7 - movxtod %g1, %f2 - srl %l7, 0, %l7 ! clruw - prefetch [$out + 63], 22 - prefetch [$inp + 16+63], 20 -___ -$::code.=<<___ if ($alg eq "aes"); - aes_eround01 %f16, %f14, %f2, %f4 - aes_eround23 %f18, %f14, %f2, %f2 -___ -$::code.=<<___ if ($alg eq "cmll"); - camellia_f %f16, %f2, %f14, %f2 - camellia_f %f18, %f14, %f2, %f0 -___ -$::code.=<<___; - call _${alg}${bits}_encrypt_1x+8 - add $inp, 16, $inp - - movxtod %o0, %f10 - movxtod %o1, %f12 - fxor %f10, %f0, %f0 ! ^= inp - fxor %f12, %f2, %f2 - - brnz,pn $ooff, 2f - sub $len, 1, $len - - std %f0, [$out + 0] - std %f2, [$out + 8] - brnz,pt $len, .L${bits}_ctr32_loop2x - add $out, 16, $out - - ret - restore - -.align 16 -2: ldxa [$inp]0x82, %o0 ! avoid read-after-write hazard - ! and ~3x deterioration - ! in inp==out case - faligndata %f0, %f0, %f4 ! handle unaligned output - faligndata %f0, %f2, %f6 - faligndata %f2, %f2, %f8 - stda %f4, [$out + $omask]0xc0 ! partial store - std %f6, [$out + 8] - add $out, 16, $out - orn %g0, $omask, $omask - stda %f8, [$out + $omask]0xc0 ! partial store - - brnz,pt $len, .L${bits}_ctr32_loop2x+4 - orn %g0, $omask, $omask - - ret - restore - -!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -.align 32 -.L${bits}_ctr32_loop2x: - ldx [$inp + 0], %o0 - ldx [$inp + 8], %o1 - ldx [$inp + 16], %o2 - brz,pt $ileft, 4f - ldx [$inp + 24], %o3 - - ldx [$inp + 32], %o4 - sllx %o0, $ileft, %o0 - srlx %o1, $iright, %g1 - or %g1, %o0, %o0 - sllx %o1, $ileft, %o1 - srlx %o2, $iright, %g1 - or %g1, %o1, %o1 - sllx %o2, $ileft, %o2 - srlx %o3, $iright, %g1 - or %g1, %o2, %o2 - sllx %o3, $ileft, %o3 - srlx %o4, $iright, %o4 - or %o4, %o3, %o3 -4: - xor %g5, %l7, %g1 ! ^= rk[0] - add %l7, 1, %l7 - movxtod %g1, %f2 - srl %l7, 0, %l7 ! clruw - xor %g5, %l7, %g1 - add %l7, 1, %l7 - movxtod %g1, %f6 - srl %l7, 0, %l7 ! clruw - prefetch [$out + 63], 22 - prefetch [$inp + 32+63], 20 -___ -$::code.=<<___ if ($alg eq "aes"); - aes_eround01 %f16, %f14, %f2, %f8 - aes_eround23 %f18, %f14, %f2, %f2 - aes_eround01 %f16, %f14, %f6, %f10 - aes_eround23 %f18, %f14, %f6, %f6 -___ -$::code.=<<___ if ($alg eq "cmll"); - camellia_f %f16, %f2, %f14, %f2 - camellia_f %f16, %f6, %f14, %f6 - camellia_f %f18, %f14, %f2, %f0 - camellia_f %f18, %f14, %f6, %f4 -___ -$::code.=<<___; - call _${alg}${bits}_encrypt_2x+16 - add $inp, 32, $inp - - movxtod %o0, %f8 - movxtod %o1, %f10 - movxtod %o2, %f12 - fxor %f8, %f0, %f0 ! ^= inp - movxtod %o3, %f8 - fxor %f10, %f2, %f2 - fxor %f12, %f4, %f4 - fxor %f8, %f6, %f6 - - brnz,pn $ooff, 2f - sub $len, 2, $len - - std %f0, [$out + 0] - std %f2, [$out + 8] - std %f4, [$out + 16] - std %f6, [$out + 24] - brnz,pt $len, .L${bits}_ctr32_loop2x - add $out, 32, $out - - ret - restore - -.align 16 -2: ldxa [$inp]0x82, %o0 ! avoid read-after-write hazard - ! and ~3x deterioration - ! in inp==out case - faligndata %f0, %f0, %f8 ! handle unaligned output - faligndata %f0, %f2, %f0 - faligndata %f2, %f4, %f2 - faligndata %f4, %f6, %f4 - faligndata %f6, %f6, %f6 - - stda %f8, [$out + $omask]0xc0 ! partial store - std %f0, [$out + 8] - std %f2, [$out + 16] - std %f4, [$out + 24] - add $out, 32, $out - orn %g0, $omask, $omask - stda %f6, [$out + $omask]0xc0 ! partial store - - brnz,pt $len, .L${bits}_ctr32_loop2x+4 - orn %g0, $omask, $omask - - ret - restore - -!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -.align 32 -.L${bits}_ctr32_blk: - add $out, $len, $blk_init - and $blk_init, 63, $blk_init ! tail - sub $len, $blk_init, $len - add $blk_init, 15, $blk_init ! round up to 16n - srlx $len, 4, $len - srl $blk_init, 4, $blk_init - sub $len, 1, $len - add $blk_init, 1, $blk_init - -.L${bits}_ctr32_blk_loop2x: - ldx [$inp + 0], %o0 - ldx [$inp + 8], %o1 - ldx [$inp + 16], %o2 - brz,pt $ileft, 5f - ldx [$inp + 24], %o3 - - ldx [$inp + 32], %o4 - sllx %o0, $ileft, %o0 - srlx %o1, $iright, %g1 - or %g1, %o0, %o0 - sllx %o1, $ileft, %o1 - srlx %o2, $iright, %g1 - or %g1, %o1, %o1 - sllx %o2, $ileft, %o2 - srlx %o3, $iright, %g1 - or %g1, %o2, %o2 - sllx %o3, $ileft, %o3 - srlx %o4, $iright, %o4 - or %o4, %o3, %o3 -5: - xor %g5, %l7, %g1 ! ^= rk[0] - add %l7, 1, %l7 - movxtod %g1, %f2 - srl %l7, 0, %l7 ! clruw - xor %g5, %l7, %g1 - add %l7, 1, %l7 - movxtod %g1, %f6 - srl %l7, 0, %l7 ! clruw - prefetch [$inp + 32+63], 20 -___ -$::code.=<<___ if ($alg eq "aes"); - aes_eround01 %f16, %f14, %f2, %f8 - aes_eround23 %f18, %f14, %f2, %f2 - aes_eround01 %f16, %f14, %f6, %f10 - aes_eround23 %f18, %f14, %f6, %f6 -___ -$::code.=<<___ if ($alg eq "cmll"); - camellia_f %f16, %f2, %f14, %f2 - camellia_f %f16, %f6, %f14, %f6 - camellia_f %f18, %f14, %f2, %f0 - camellia_f %f18, %f14, %f6, %f4 -___ -$::code.=<<___; - call _${alg}${bits}_encrypt_2x+16 - add $inp, 32, $inp - subcc $len, 2, $len - - movxtod %o0, %f8 - movxtod %o1, %f10 - movxtod %o2, %f12 - fxor %f8, %f0, %f0 ! ^= inp - movxtod %o3, %f8 - fxor %f10, %f2, %f2 - fxor %f12, %f4, %f4 - fxor %f8, %f6, %f6 - - stda %f0, [$out]0xe2 ! ASI_BLK_INIT, T4-specific - add $out, 8, $out - stda %f2, [$out]0xe2 ! ASI_BLK_INIT, T4-specific - add $out, 8, $out - stda %f4, [$out]0xe2 ! ASI_BLK_INIT, T4-specific - add $out, 8, $out - stda %f6, [$out]0xe2 ! ASI_BLK_INIT, T4-specific - bgu,pt $::size_t_cc, .L${bits}_ctr32_blk_loop2x - add $out, 8, $out - - add $blk_init, $len, $len - andcc $len, 1, %g0 ! is number of blocks even? - membar #StoreLoad|#StoreStore - bnz,pt %icc, .L${bits}_ctr32_loop - srl $len, 0, $len - brnz,pn $len, .L${bits}_ctr32_loop2x - nop - - ret - restore -.type ${alg}${bits}_t4_ctr32_encrypt,#function -.size ${alg}${bits}_t4_ctr32_encrypt,.-${alg}${bits}_t4_ctr32_encrypt -___ -} - -sub alg_xts_implement { -my ($alg,$bits,$dir) = @_; -my ($inp,$out,$len,$key1,$key2,$ivec)=map("%i$_",(0..5)); -my $rem=$ivec; - -$::code.=<<___; -.globl ${alg}${bits}_t4_xts_${dir}crypt -.align 32 -${alg}${bits}_t4_xts_${dir}crypt: - save %sp, -$::frame-16, %sp - - mov $ivec, %o0 - add %fp, $::bias-16, %o1 - call ${alg}_t4_encrypt - mov $key2, %o2 - - add %fp, $::bias-16, %l7 - ldxa [%l7]0x88, %g2 - add %fp, $::bias-8, %l7 - ldxa [%l7]0x88, %g3 ! %g3:%g2 is tweak - - sethi %hi(0x76543210), %l7 - or %l7, %lo(0x76543210), %l7 - bmask %l7, %g0, %g0 ! byte swap mask - - prefetch [$inp], 20 - prefetch [$inp + 63], 20 - call _${alg}${bits}_load_${dir}ckey - and $len, 15, $rem - and $len, -16, $len -___ -$code.=<<___ if ($dir eq "de"); - mov 0, %l7 - movrnz $rem, 16, %l7 - sub $len, %l7, $len -___ -$code.=<<___; - - sub $inp, $out, $blk_init ! $inp!=$out - and $inp, 7, $ileft - andn $inp, 7, $inp - sll $ileft, 3, $ileft - mov 64, $iright - mov 0xff, $omask - sub $iright, $ileft, $iright - and $out, 7, $ooff - cmp $len, 255 - movrnz $ooff, 0, $blk_init ! if ( $out&7 || - movleu $::size_t_cc, 0, $blk_init ! $len<256 || - brnz,pn $blk_init, .L${bits}_xts_${dir}blk ! $inp==$out) - srl $omask, $ooff, $omask - - andcc $len, 16, %g0 ! is number of blocks even? -___ -$code.=<<___ if ($dir eq "de"); - brz,pn $len, .L${bits}_xts_${dir}steal -___ -$code.=<<___; - alignaddrl $out, %g0, $out - bz %icc, .L${bits}_xts_${dir}loop2x - srlx $len, 4, $len -.L${bits}_xts_${dir}loop: - ldx [$inp + 0], %o0 - brz,pt $ileft, 4f - ldx [$inp + 8], %o1 - - ldx [$inp + 16], %o2 - sllx %o0, $ileft, %o0 - srlx %o1, $iright, %g1 - sllx %o1, $ileft, %o1 - or %g1, %o0, %o0 - srlx %o2, $iright, %o2 - or %o2, %o1, %o1 -4: - movxtod %g2, %f12 - movxtod %g3, %f14 - bshuffle %f12, %f12, %f12 - bshuffle %f14, %f14, %f14 - - xor %g4, %o0, %o0 ! ^= rk[0] - xor %g5, %o1, %o1 - movxtod %o0, %f0 - movxtod %o1, %f2 - - fxor %f12, %f0, %f0 ! ^= tweak[0] - fxor %f14, %f2, %f2 - - prefetch [$out + 63], 22 - prefetch [$inp + 16+63], 20 - call _${alg}${bits}_${dir}crypt_1x - add $inp, 16, $inp - - fxor %f12, %f0, %f0 ! ^= tweak[0] - fxor %f14, %f2, %f2 - - srax %g3, 63, %l7 ! next tweak value - addcc %g2, %g2, %g2 - and %l7, 0x87, %l7 - addxc %g3, %g3, %g3 - xor %l7, %g2, %g2 - - brnz,pn $ooff, 2f - sub $len, 1, $len - - std %f0, [$out + 0] - std %f2, [$out + 8] - brnz,pt $len, .L${bits}_xts_${dir}loop2x - add $out, 16, $out - - brnz,pn $rem, .L${bits}_xts_${dir}steal - nop - - ret - restore - -.align 16 -2: ldxa [$inp]0x82, %o0 ! avoid read-after-write hazard - ! and ~3x deterioration - ! in inp==out case - faligndata %f0, %f0, %f4 ! handle unaligned output - faligndata %f0, %f2, %f6 - faligndata %f2, %f2, %f8 - stda %f4, [$out + $omask]0xc0 ! partial store - std %f6, [$out + 8] - add $out, 16, $out - orn %g0, $omask, $omask - stda %f8, [$out + $omask]0xc0 ! partial store - - brnz,pt $len, .L${bits}_xts_${dir}loop2x+4 - orn %g0, $omask, $omask - - brnz,pn $rem, .L${bits}_xts_${dir}steal - nop - - ret - restore - -!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -.align 32 -.L${bits}_xts_${dir}loop2x: - ldx [$inp + 0], %o0 - ldx [$inp + 8], %o1 - ldx [$inp + 16], %o2 - brz,pt $ileft, 4f - ldx [$inp + 24], %o3 - - ldx [$inp + 32], %o4 - sllx %o0, $ileft, %o0 - srlx %o1, $iright, %g1 - or %g1, %o0, %o0 - sllx %o1, $ileft, %o1 - srlx %o2, $iright, %g1 - or %g1, %o1, %o1 - sllx %o2, $ileft, %o2 - srlx %o3, $iright, %g1 - or %g1, %o2, %o2 - sllx %o3, $ileft, %o3 - srlx %o4, $iright, %o4 - or %o4, %o3, %o3 -4: - movxtod %g2, %f12 - movxtod %g3, %f14 - bshuffle %f12, %f12, %f12 - bshuffle %f14, %f14, %f14 - - srax %g3, 63, %l7 ! next tweak value - addcc %g2, %g2, %g2 - and %l7, 0x87, %l7 - addxc %g3, %g3, %g3 - xor %l7, %g2, %g2 - - movxtod %g2, %f8 - movxtod %g3, %f10 - bshuffle %f8, %f8, %f8 - bshuffle %f10, %f10, %f10 - - xor %g4, %o0, %o0 ! ^= rk[0] - xor %g5, %o1, %o1 - xor %g4, %o2, %o2 ! ^= rk[0] - xor %g5, %o3, %o3 - movxtod %o0, %f0 - movxtod %o1, %f2 - movxtod %o2, %f4 - movxtod %o3, %f6 - - fxor %f12, %f0, %f0 ! ^= tweak[0] - fxor %f14, %f2, %f2 - fxor %f8, %f4, %f4 ! ^= tweak[0] - fxor %f10, %f6, %f6 - - prefetch [$out + 63], 22 - prefetch [$inp + 32+63], 20 - call _${alg}${bits}_${dir}crypt_2x - add $inp, 32, $inp - - movxtod %g2, %f8 - movxtod %g3, %f10 - - srax %g3, 63, %l7 ! next tweak value - addcc %g2, %g2, %g2 - and %l7, 0x87, %l7 - addxc %g3, %g3, %g3 - xor %l7, %g2, %g2 - - bshuffle %f8, %f8, %f8 - bshuffle %f10, %f10, %f10 - - fxor %f12, %f0, %f0 ! ^= tweak[0] - fxor %f14, %f2, %f2 - fxor %f8, %f4, %f4 - fxor %f10, %f6, %f6 - - brnz,pn $ooff, 2f - sub $len, 2, $len - - std %f0, [$out + 0] - std %f2, [$out + 8] - std %f4, [$out + 16] - std %f6, [$out + 24] - brnz,pt $len, .L${bits}_xts_${dir}loop2x - add $out, 32, $out - - fsrc2 %f4, %f0 - fsrc2 %f6, %f2 - brnz,pn $rem, .L${bits}_xts_${dir}steal - nop - - ret - restore - -.align 16 -2: ldxa [$inp]0x82, %o0 ! avoid read-after-write hazard - ! and ~3x deterioration - ! in inp==out case - faligndata %f0, %f0, %f8 ! handle unaligned output - faligndata %f0, %f2, %f10 - faligndata %f2, %f4, %f12 - faligndata %f4, %f6, %f14 - faligndata %f6, %f6, %f0 - - stda %f8, [$out + $omask]0xc0 ! partial store - std %f10, [$out + 8] - std %f12, [$out + 16] - std %f14, [$out + 24] - add $out, 32, $out - orn %g0, $omask, $omask - stda %f0, [$out + $omask]0xc0 ! partial store - - brnz,pt $len, .L${bits}_xts_${dir}loop2x+4 - orn %g0, $omask, $omask - - fsrc2 %f4, %f0 - fsrc2 %f6, %f2 - brnz,pn $rem, .L${bits}_xts_${dir}steal - nop - - ret - restore - -!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -.align 32 -.L${bits}_xts_${dir}blk: - add $out, $len, $blk_init - and $blk_init, 63, $blk_init ! tail - sub $len, $blk_init, $len - add $blk_init, 15, $blk_init ! round up to 16n - srlx $len, 4, $len - srl $blk_init, 4, $blk_init - sub $len, 1, $len - add $blk_init, 1, $blk_init - -.L${bits}_xts_${dir}blk2x: - ldx [$inp + 0], %o0 - ldx [$inp + 8], %o1 - ldx [$inp + 16], %o2 - brz,pt $ileft, 5f - ldx [$inp + 24], %o3 - - ldx [$inp + 32], %o4 - sllx %o0, $ileft, %o0 - srlx %o1, $iright, %g1 - or %g1, %o0, %o0 - sllx %o1, $ileft, %o1 - srlx %o2, $iright, %g1 - or %g1, %o1, %o1 - sllx %o2, $ileft, %o2 - srlx %o3, $iright, %g1 - or %g1, %o2, %o2 - sllx %o3, $ileft, %o3 - srlx %o4, $iright, %o4 - or %o4, %o3, %o3 -5: - movxtod %g2, %f12 - movxtod %g3, %f14 - bshuffle %f12, %f12, %f12 - bshuffle %f14, %f14, %f14 - - srax %g3, 63, %l7 ! next tweak value - addcc %g2, %g2, %g2 - and %l7, 0x87, %l7 - addxc %g3, %g3, %g3 - xor %l7, %g2, %g2 - - movxtod %g2, %f8 - movxtod %g3, %f10 - bshuffle %f8, %f8, %f8 - bshuffle %f10, %f10, %f10 - - xor %g4, %o0, %o0 ! ^= rk[0] - xor %g5, %o1, %o1 - xor %g4, %o2, %o2 ! ^= rk[0] - xor %g5, %o3, %o3 - movxtod %o0, %f0 - movxtod %o1, %f2 - movxtod %o2, %f4 - movxtod %o3, %f6 - - fxor %f12, %f0, %f0 ! ^= tweak[0] - fxor %f14, %f2, %f2 - fxor %f8, %f4, %f4 ! ^= tweak[0] - fxor %f10, %f6, %f6 - - prefetch [$inp + 32+63], 20 - call _${alg}${bits}_${dir}crypt_2x - add $inp, 32, $inp - - movxtod %g2, %f8 - movxtod %g3, %f10 - - srax %g3, 63, %l7 ! next tweak value - addcc %g2, %g2, %g2 - and %l7, 0x87, %l7 - addxc %g3, %g3, %g3 - xor %l7, %g2, %g2 - - bshuffle %f8, %f8, %f8 - bshuffle %f10, %f10, %f10 - - fxor %f12, %f0, %f0 ! ^= tweak[0] - fxor %f14, %f2, %f2 - fxor %f8, %f4, %f4 - fxor %f10, %f6, %f6 - - stda %f0, [$out]0xe2 ! ASI_BLK_INIT, T4-specific - add $out, 8, $out - stda %f2, [$out]0xe2 ! ASI_BLK_INIT, T4-specific - add $out, 8, $out - stda %f4, [$out]0xe2 ! ASI_BLK_INIT, T4-specific - add $out, 8, $out - stda %f6, [$out]0xe2 ! ASI_BLK_INIT, T4-specific - bgu,pt $::size_t_cc, .L${bits}_xts_${dir}blk2x - add $out, 8, $out - - add $blk_init, $len, $len - andcc $len, 1, %g0 ! is number of blocks even? - membar #StoreLoad|#StoreStore - bnz,pt %icc, .L${bits}_xts_${dir}loop - srl $len, 0, $len - brnz,pn $len, .L${bits}_xts_${dir}loop2x - nop - - fsrc2 %f4, %f0 - fsrc2 %f6, %f2 - brnz,pn $rem, .L${bits}_xts_${dir}steal - nop - - ret - restore -!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -___ -$code.=<<___ if ($dir eq "en"); -.align 32 -.L${bits}_xts_${dir}steal: - std %f0, [%fp + $::bias-16] ! copy of output - std %f2, [%fp + $::bias-8] - - srl $ileft, 3, $ileft - add %fp, $::bias-16, %l7 - add $inp, $ileft, $inp ! original $inp+$len&-15 - add $out, $ooff, $out ! original $out+$len&-15 - mov 0, $ileft - nop ! align - -.L${bits}_xts_${dir}stealing: - ldub [$inp + $ileft], %o0 - ldub [%l7 + $ileft], %o1 - dec $rem - stb %o0, [%l7 + $ileft] - stb %o1, [$out + $ileft] - brnz $rem, .L${bits}_xts_${dir}stealing - inc $ileft - - mov %l7, $inp - sub $out, 16, $out - mov 0, $ileft - sub $out, $ooff, $out - ba .L${bits}_xts_${dir}loop ! one more time - mov 1, $len ! $rem is 0 -___ -$code.=<<___ if ($dir eq "de"); -.align 32 -.L${bits}_xts_${dir}steal: - ldx [$inp + 0], %o0 - brz,pt $ileft, 8f - ldx [$inp + 8], %o1 - - ldx [$inp + 16], %o2 - sllx %o0, $ileft, %o0 - srlx %o1, $iright, %g1 - sllx %o1, $ileft, %o1 - or %g1, %o0, %o0 - srlx %o2, $iright, %o2 - or %o2, %o1, %o1 -8: - srax %g3, 63, %l7 ! next tweak value - addcc %g2, %g2, %o2 - and %l7, 0x87, %l7 - addxc %g3, %g3, %o3 - xor %l7, %o2, %o2 - - movxtod %o2, %f12 - movxtod %o3, %f14 - bshuffle %f12, %f12, %f12 - bshuffle %f14, %f14, %f14 - - xor %g4, %o0, %o0 ! ^= rk[0] - xor %g5, %o1, %o1 - movxtod %o0, %f0 - movxtod %o1, %f2 - - fxor %f12, %f0, %f0 ! ^= tweak[0] - fxor %f14, %f2, %f2 - - call _${alg}${bits}_${dir}crypt_1x - add $inp, 16, $inp - - fxor %f12, %f0, %f0 ! ^= tweak[0] - fxor %f14, %f2, %f2 - - std %f0, [%fp + $::bias-16] - std %f2, [%fp + $::bias-8] - - srl $ileft, 3, $ileft - add %fp, $::bias-16, %l7 - add $inp, $ileft, $inp ! original $inp+$len&-15 - add $out, $ooff, $out ! original $out+$len&-15 - mov 0, $ileft - add $out, 16, $out - nop ! align - -.L${bits}_xts_${dir}stealing: - ldub [$inp + $ileft], %o0 - ldub [%l7 + $ileft], %o1 - dec $rem - stb %o0, [%l7 + $ileft] - stb %o1, [$out + $ileft] - brnz $rem, .L${bits}_xts_${dir}stealing - inc $ileft - - mov %l7, $inp - sub $out, 16, $out - mov 0, $ileft - sub $out, $ooff, $out - ba .L${bits}_xts_${dir}loop ! one more time - mov 1, $len ! $rem is 0 -___ -$code.=<<___; - ret - restore -.type ${alg}${bits}_t4_xts_${dir}crypt,#function -.size ${alg}${bits}_t4_xts_${dir}crypt,.-${alg}${bits}_t4_xts_${dir}crypt -___ -} - -# Purpose of these subroutines is to explicitly encode VIS instructions, -# so that one can compile the module without having to specify VIS -# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a. -# Idea is to reserve for option to produce "universal" binary and let -# programmer detect if current CPU is VIS capable at run-time. -sub unvis { -my ($mnemonic,$rs1,$rs2,$rd)=@_; -my ($ref,$opf); -my %visopf = ( "faligndata" => 0x048, - "bshuffle" => 0x04c, - "fnot2" => 0x066, - "fxor" => 0x06c, - "fsrc2" => 0x078 ); - - $ref = "$mnemonic\t$rs1,$rs2,$rd"; - - if ($opf=$visopf{$mnemonic}) { - foreach ($rs1,$rs2,$rd) { - return $ref if (!/%f([0-9]{1,2})/); - $_=$1; - if ($1>=32) { - return $ref if ($1&1); - # re-encode for upper double register addressing - $_=($1|$1>>5)&31; - } - } - - return sprintf ".word\t0x%08x !%s", - 0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2, - $ref; - } else { - return $ref; - } -} - -sub unvis3 { -my ($mnemonic,$rs1,$rs2,$rd)=@_; -my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 ); -my ($ref,$opf); -my %visopf = ( "addxc" => 0x011, - "addxccc" => 0x013, - "umulxhi" => 0x016, - "alignaddr" => 0x018, - "bmask" => 0x019, - "alignaddrl" => 0x01a ); - - $ref = "$mnemonic\t$rs1,$rs2,$rd"; - - if ($opf=$visopf{$mnemonic}) { - foreach ($rs1,$rs2,$rd) { - return $ref if (!/%([goli])([0-9])/); - $_=$bias{$1}+$2; - } - - return sprintf ".word\t0x%08x !%s", - 0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2, - $ref; - } else { - return $ref; - } -} - -sub unaes_round { # 4-argument instructions -my ($mnemonic,$rs1,$rs2,$rs3,$rd)=@_; -my ($ref,$opf); -my %aesopf = ( "aes_eround01" => 0, - "aes_eround23" => 1, - "aes_dround01" => 2, - "aes_dround23" => 3, - "aes_eround01_l"=> 4, - "aes_eround23_l"=> 5, - "aes_dround01_l"=> 6, - "aes_dround23_l"=> 7, - "aes_kexpand1" => 8 ); - - $ref = "$mnemonic\t$rs1,$rs2,$rs3,$rd"; - - if (defined($opf=$aesopf{$mnemonic})) { - $rs3 = ($rs3 =~ /%f([0-6]*[02468])/) ? (($1|$1>>5)&31) : $rs3; - foreach ($rs1,$rs2,$rd) { - return $ref if (!/%f([0-9]{1,2})/); - $_=$1; - if ($1>=32) { - return $ref if ($1&1); - # re-encode for upper double register addressing - $_=($1|$1>>5)&31; - } - } - - return sprintf ".word\t0x%08x !%s", - 2<<30|$rd<<25|0x19<<19|$rs1<<14|$rs3<<9|$opf<<5|$rs2, - $ref; - } else { - return $ref; - } -} - -sub unaes_kexpand { # 3-argument instructions -my ($mnemonic,$rs1,$rs2,$rd)=@_; -my ($ref,$opf); -my %aesopf = ( "aes_kexpand0" => 0x130, - "aes_kexpand2" => 0x131 ); - - $ref = "$mnemonic\t$rs1,$rs2,$rd"; - - if (defined($opf=$aesopf{$mnemonic})) { - foreach ($rs1,$rs2,$rd) { - return $ref if (!/%f([0-9]{1,2})/); - $_=$1; - if ($1>=32) { - return $ref if ($1&1); - # re-encode for upper double register addressing - $_=($1|$1>>5)&31; - } - } - - return sprintf ".word\t0x%08x !%s", - 2<<30|$rd<<25|0x36<<19|$rs1<<14|$opf<<5|$rs2, - $ref; - } else { - return $ref; - } -} - -sub uncamellia_f { # 4-argument instructions -my ($mnemonic,$rs1,$rs2,$rs3,$rd)=@_; -my ($ref,$opf); - - $ref = "$mnemonic\t$rs1,$rs2,$rs3,$rd"; - - if (1) { - $rs3 = ($rs3 =~ /%f([0-6]*[02468])/) ? (($1|$1>>5)&31) : $rs3; - foreach ($rs1,$rs2,$rd) { - return $ref if (!/%f([0-9]{1,2})/); - $_=$1; - if ($1>=32) { - return $ref if ($1&1); - # re-encode for upper double register addressing - $_=($1|$1>>5)&31; - } - } - - return sprintf ".word\t0x%08x !%s", - 2<<30|$rd<<25|0x19<<19|$rs1<<14|$rs3<<9|0xc<<5|$rs2, - $ref; - } else { - return $ref; - } -} - -sub uncamellia3 { # 3-argument instructions -my ($mnemonic,$rs1,$rs2,$rd)=@_; -my ($ref,$opf); -my %cmllopf = ( "camellia_fl" => 0x13c, - "camellia_fli" => 0x13d ); - - $ref = "$mnemonic\t$rs1,$rs2,$rd"; - - if (defined($opf=$cmllopf{$mnemonic})) { - foreach ($rs1,$rs2,$rd) { - return $ref if (!/%f([0-9]{1,2})/); - $_=$1; - if ($1>=32) { - return $ref if ($1&1); - # re-encode for upper double register addressing - $_=($1|$1>>5)&31; - } - } - - return sprintf ".word\t0x%08x !%s", - 2<<30|$rd<<25|0x36<<19|$rs1<<14|$opf<<5|$rs2, - $ref; - } else { - return $ref; - } -} - -sub unmovxtox { # 2-argument instructions -my ($mnemonic,$rs,$rd)=@_; -my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24, "f" => 0 ); -my ($ref,$opf); -my %movxopf = ( "movdtox" => 0x110, - "movstouw" => 0x111, - "movstosw" => 0x113, - "movxtod" => 0x118, - "movwtos" => 0x119 ); - - $ref = "$mnemonic\t$rs,$rd"; - - if (defined($opf=$movxopf{$mnemonic})) { - foreach ($rs,$rd) { - return $ref if (!/%([fgoli])([0-9]{1,2})/); - $_=$bias{$1}+$2; - if ($2>=32) { - return $ref if ($2&1); - # re-encode for upper double register addressing - $_=($2|$2>>5)&31; - } - } - - return sprintf ".word\t0x%08x !%s", - 2<<30|$rd<<25|0x36<<19|$opf<<5|$rs, - $ref; - } else { - return $ref; - } -} - -sub undes { -my ($mnemonic)=shift; -my @args=@_; -my ($ref,$opf); -my %desopf = ( "des_round" => 0b1001, - "des_ip" => 0b100110100, - "des_iip" => 0b100110101, - "des_kexpand" => 0b100110110 ); - - $ref = "$mnemonic\t".join(",",@_); - - if (defined($opf=$desopf{$mnemonic})) { # 4-arg - if ($mnemonic eq "des_round") { - foreach (@args[0..3]) { - return $ref if (!/%f([0-9]{1,2})/); - $_=$1; - if ($1>=32) { - return $ref if ($1&1); - # re-encode for upper double register addressing - $_=($1|$1>>5)&31; - } - } - return sprintf ".word\t0x%08x !%s", - 2<<30|0b011001<<19|$opf<<5|$args[0]<<14|$args[1]|$args[2]<<9|$args[3]<<25, - $ref; - } elsif ($mnemonic eq "des_kexpand") { # 3-arg - foreach (@args[0..2]) { - return $ref if (!/(%f)?([0-9]{1,2})/); - $_=$2; - if ($2>=32) { - return $ref if ($2&1); - # re-encode for upper double register addressing - $_=($2|$2>>5)&31; - } - } - return sprintf ".word\t0x%08x !%s", - 2<<30|0b110110<<19|$opf<<5|$args[0]<<14|$args[1]|$args[2]<<25, - $ref; - } else { # 2-arg - foreach (@args[0..1]) { - return $ref if (!/%f([0-9]{1,2})/); - $_=$1; - if ($1>=32) { - return $ref if ($2&1); - # re-encode for upper double register addressing - $_=($1|$1>>5)&31; - } - } - return sprintf ".word\t0x%08x !%s", - 2<<30|0b110110<<19|$opf<<5|$args[0]<<14|$args[1]<<25, - $ref; - } - } else { - return $ref; - } -} - -sub emit_assembler { - foreach (split("\n",$::code)) { - s/\`([^\`]*)\`/eval $1/ge; - - s/\b(f[a-z]+2[sd]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})\s*$/$1\t%f0,$2,$3/go; - - s/\b(aes_[edk][^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*([%fx0-9]+),\s*(%f[0-9]{1,2})/ - &unaes_round($1,$2,$3,$4,$5) - /geo or - s/\b(aes_kexpand[02])\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/ - &unaes_kexpand($1,$2,$3,$4) - /geo or - s/\b(camellia_f)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*([%fx0-9]+),\s*(%f[0-9]{1,2})/ - &uncamellia_f($1,$2,$3,$4,$5) - /geo or - s/\b(camellia_[^s]+)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/ - &uncamellia3($1,$2,$3,$4) - /geo or - s/\b(des_\w+)\s+(%f[0-9]{1,2}),\s*([%fx0-9]+)(?:,\s*(%f[0-9]{1,2})(?:,\s*(%f[0-9]{1,2}))?)?/ - &undes($1,$2,$3,$4,$5) - /geo or - s/\b(mov[ds]to\w+)\s+(%f[0-9]{1,2}),\s*(%[goli][0-7])/ - &unmovxtox($1,$2,$3) - /geo or - s/\b(mov[xw]to[ds])\s+(%[goli][0-7]),\s*(%f[0-9]{1,2})/ - &unmovxtox($1,$2,$3) - /geo or - s/\b([fb][^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/ - &unvis($1,$2,$3,$4) - /geo or - s/\b(umulxhi|bmask|addxc[c]{0,2}|alignaddr[l]*)\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/ - &unvis3($1,$2,$3,$4) - /geo; - - print $_,"\n"; - } -} - -1; diff --git a/src/crypto/perlasm/x86masm.pl b/src/crypto/perlasm/x86masm.pl index a491529..b7f49d1 100644 --- a/src/crypto/perlasm/x86masm.pl +++ b/src/crypto/perlasm/x86masm.pl @@ -18,10 +18,10 @@ sub ::generic if ($opcode =~ /lea/ && @arg[1] =~ s/.*PTR\s+(\(.*\))$/OFFSET $1/) # no [] { $opcode="mov"; } - elsif ($opcode !~ /movq/) + elsif ($opcode !~ /mov[dq]$/) { # fix xmm references - $arg[0] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if ($arg[1]=~/\bxmm[0-7]\b/i); - $arg[1] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if ($arg[0]=~/\bxmm[0-7]\b/i); + $arg[0] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if ($arg[-1]=~/\bxmm[0-7]\b/i); + $arg[-1] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if ($arg[0]=~/\bxmm[0-7]\b/i); } &::emit($opcode,@arg); @@ -160,16 +160,13 @@ sub ::public_label { push(@out,"PUBLIC\t".&::LABEL($_[0],$nmdecor.$_[0])."\n"); } sub ::data_byte -{ push(@out,("DB\t").join(',',@_)."\n"); } +{ push(@out,("DB\t").join(',',splice(@_,0,16))."\n") while(@_); } sub ::data_short -{ push(@out,("DW\t").join(',',@_)."\n"); } +{ push(@out,("DW\t").join(',',splice(@_,0,8))."\n") while(@_); } sub ::data_word -{ # MASM can't handle long lines, so emit one word at a time. - foreach(@_) - { push(@out,"DD\t$_\n"); } -} +{ push(@out,("DD\t").join(',',splice(@_,0,4))."\n") while(@_); } sub ::align { push(@out,"ALIGN\t$_[0]\n"); } diff --git a/src/crypto/pkcs8/CMakeLists.txt b/src/crypto/pkcs8/CMakeLists.txt index 1886fce..c0f2746 100644 --- a/src/crypto/pkcs8/CMakeLists.txt +++ b/src/crypto/pkcs8/CMakeLists.txt @@ -9,13 +9,12 @@ add_library( p8_pkey.c p5_pbe.c p5_pbev2.c - pkcs8_error.c ) add_executable( pkcs12_test - pkcs12_test.c + pkcs12_test.cc ) target_link_libraries(pkcs12_test crypto) diff --git a/src/crypto/pkcs8/pkcs12_test.c b/src/crypto/pkcs8/pkcs12_test.c deleted file mode 100644 index 2292b77..0000000 --- a/src/crypto/pkcs8/pkcs12_test.c +++ /dev/null @@ -1,763 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include - - -/* kPKCS12DER contains sample PKCS#12 data generated by OpenSSL with: - * openssl pkcs12 -export -inkey key.pem -in cacert.pem */ -static const uint8_t kOpenSSL[] = { - 0x30, 0x82, 0x09, 0xa1, 0x02, 0x01, 0x03, 0x30, 0x82, 0x09, 0x67, 0x06, - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x82, - 0x09, 0x58, 0x04, 0x82, 0x09, 0x54, 0x30, 0x82, 0x09, 0x50, 0x30, 0x82, - 0x04, 0x07, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, - 0x06, 0xa0, 0x82, 0x03, 0xf8, 0x30, 0x82, 0x03, 0xf4, 0x02, 0x01, 0x00, - 0x30, 0x82, 0x03, 0xed, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x07, 0x01, 0x30, 0x1c, 0x06, 0x0a, 0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x0c, 0x01, 0x06, 0x30, 0x0e, 0x04, 0x08, 0x31, 0x24, 0xca, - 0x7d, 0xc3, 0x25, 0x3e, 0xdc, 0x02, 0x02, 0x08, 0x00, 0x80, 0x82, 0x03, - 0xc0, 0x55, 0xe7, 0x7f, 0x9c, 0xd6, 0x0c, 0xd2, 0x69, 0x1d, 0x6e, 0x8b, - 0xb8, 0x07, 0xec, 0x4a, 0xe7, 0x06, 0x67, 0xd1, 0x24, 0x1b, 0xd5, 0x68, - 0x13, 0x3d, 0xd7, 0x56, 0x5e, 0x15, 0x40, 0xdb, 0xda, 0x88, 0x36, 0xc9, - 0x02, 0x96, 0xb5, 0xb5, 0xf7, 0x81, 0xef, 0x88, 0x1d, 0x66, 0x62, 0xa8, - 0x83, 0xf7, 0x91, 0xb1, 0x26, 0x1f, 0x9b, 0x25, 0x78, 0x0a, 0x04, 0xb1, - 0xc0, 0x93, 0x48, 0xa2, 0xf0, 0x51, 0x4f, 0x2b, 0xf8, 0x03, 0x67, 0x61, - 0x1b, 0xed, 0x29, 0xfe, 0x3f, 0xdd, 0x83, 0xa3, 0x93, 0x75, 0xa7, 0xd9, - 0x37, 0x5b, 0xa7, 0xc9, 0xf4, 0x52, 0x86, 0xd2, 0x3f, 0xca, 0x61, 0x5c, - 0x1e, 0xf9, 0x07, 0x7d, 0xbd, 0xda, 0x76, 0x8a, 0x03, 0x8e, 0x12, 0x4e, - 0x8f, 0x68, 0x6e, 0x72, 0x6e, 0xf0, 0xbe, 0x22, 0xc7, 0x9d, 0x97, 0x7c, - 0x45, 0xc0, 0xaa, 0x31, 0xe1, 0x55, 0x81, 0xb3, 0xec, 0x98, 0x94, 0xac, - 0xf7, 0x15, 0x9b, 0x42, 0x49, 0x8c, 0x2a, 0x29, 0x7a, 0x25, 0x92, 0x64, - 0x92, 0xbd, 0x4e, 0x5c, 0xec, 0xff, 0x61, 0xbb, 0x8e, 0x5c, 0xc8, 0xdb, - 0xba, 0x97, 0x30, 0xf4, 0x55, 0x9e, 0x1b, 0xfa, 0xbe, 0x2a, 0x90, 0xcf, - 0xe8, 0xc0, 0x9d, 0xb0, 0x0e, 0x24, 0x61, 0xe7, 0x3a, 0xb7, 0x7f, 0xda, - 0x63, 0xaa, 0x2a, 0x4a, 0xa6, 0x91, 0x52, 0xa6, 0x76, 0xc9, 0xbe, 0x9f, - 0x1b, 0x1d, 0xa4, 0x09, 0x5b, 0x0f, 0xd1, 0x64, 0x4e, 0xdf, 0x0c, 0x44, - 0x59, 0x3a, 0xef, 0x9a, 0xd8, 0x22, 0xa2, 0x5f, 0x80, 0xb5, 0x4f, 0xbe, - 0x84, 0x23, 0xe3, 0x74, 0x77, 0x3c, 0x9e, 0x27, 0x64, 0xac, 0x65, 0xf4, - 0xbb, 0x34, 0xb7, 0xa4, 0xfe, 0x02, 0x1a, 0x88, 0x05, 0x3b, 0x4b, 0xb8, - 0xd8, 0xb9, 0x26, 0x69, 0x22, 0x97, 0x3d, 0x93, 0x9b, 0xe8, 0x72, 0xaa, - 0x4d, 0x8f, 0x76, 0x51, 0x12, 0x59, 0x58, 0xf1, 0x1a, 0xa3, 0xdb, 0x5d, - 0xbc, 0xea, 0x84, 0x19, 0x55, 0x4f, 0x00, 0xfb, 0xe2, 0x57, 0x47, 0xca, - 0xea, 0xbe, 0x8f, 0x85, 0x8b, 0x1c, 0x27, 0x8d, 0x81, 0x70, 0x7f, 0xf1, - 0x56, 0x58, 0xe1, 0x26, 0x94, 0xd8, 0x2f, 0xde, 0xac, 0xc8, 0xac, 0xbf, - 0xc3, 0xc6, 0x67, 0xa6, 0xf4, 0x6c, 0xec, 0x20, 0x3c, 0xbc, 0x9d, 0xd9, - 0xd0, 0xa1, 0x4e, 0x8c, 0x11, 0x19, 0x2b, 0xb3, 0xa1, 0xdf, 0x6a, 0x8f, - 0xa2, 0xc3, 0xcc, 0xf6, 0xbd, 0x09, 0x7a, 0x96, 0x61, 0x20, 0xd4, 0x06, - 0x99, 0x4c, 0x6f, 0x23, 0x9b, 0x4c, 0xcc, 0x73, 0x8b, 0x42, 0x48, 0x99, - 0x45, 0x8f, 0xcb, 0xc8, 0x46, 0x1a, 0xfb, 0x51, 0x03, 0x6a, 0xf2, 0x22, - 0x85, 0x88, 0x9d, 0x61, 0x8b, 0x16, 0x33, 0xf4, 0xf7, 0x9b, 0xc8, 0x21, - 0x4f, 0xb1, 0xcd, 0x30, 0xfc, 0x29, 0x88, 0x12, 0xdc, 0xd4, 0x30, 0x4c, - 0xb9, 0xad, 0x34, 0xde, 0x01, 0xf8, 0xc1, 0x12, 0xa7, 0x4d, 0xc7, 0x31, - 0x99, 0x2b, 0x45, 0x88, 0x06, 0x34, 0x69, 0x6e, 0x6d, 0x34, 0xd8, 0xdd, - 0x0a, 0x3d, 0x59, 0x74, 0x36, 0x31, 0x6a, 0xed, 0x91, 0x3b, 0x5b, 0x88, - 0x43, 0x46, 0x3f, 0x67, 0x66, 0xe4, 0xde, 0x52, 0xb4, 0xbf, 0x7b, 0x3d, - 0x54, 0x79, 0xaf, 0x8d, 0xf5, 0x0a, 0x80, 0xfd, 0xeb, 0x31, 0x24, 0xbc, - 0x24, 0xd7, 0x21, 0x9f, 0x87, 0xab, 0xbd, 0x75, 0x2c, 0x13, 0x13, 0x96, - 0xab, 0x76, 0xfb, 0xb2, 0x44, 0xd0, 0xd2, 0x19, 0xf1, 0x95, 0x9a, 0x91, - 0xbf, 0x7a, 0x7b, 0x76, 0x95, 0x72, 0xa9, 0x16, 0xfc, 0x3e, 0xa9, 0x4e, - 0x01, 0x15, 0x3d, 0x43, 0x73, 0xa3, 0x8b, 0xef, 0x48, 0xad, 0x11, 0xbd, - 0x53, 0xd3, 0x0c, 0x15, 0x15, 0x1a, 0xb4, 0x3a, 0xe0, 0x7f, 0x9a, 0xa1, - 0x36, 0x47, 0x72, 0x92, 0xf0, 0xdf, 0xb0, 0xe2, 0xbc, 0x35, 0xd4, 0x32, - 0x6b, 0x37, 0x69, 0x4f, 0x47, 0x9a, 0xe2, 0x35, 0x8a, 0x31, 0x60, 0xed, - 0x80, 0x57, 0xe2, 0x9d, 0x58, 0x9c, 0x7f, 0x46, 0xd2, 0x54, 0x0e, 0x28, - 0x53, 0x8b, 0x1f, 0x46, 0x34, 0x22, 0xac, 0x71, 0xc7, 0xca, 0x0f, 0xb4, - 0xb7, 0x7a, 0xfc, 0x34, 0x57, 0xa5, 0x86, 0x8d, 0x66, 0x5c, 0xc7, 0x3a, - 0xdb, 0xf8, 0x79, 0x3a, 0x8a, 0xf6, 0xa2, 0x1e, 0x09, 0xc9, 0x10, 0xe9, - 0x93, 0x3a, 0xc5, 0xed, 0xb2, 0xca, 0xbb, 0x66, 0xf1, 0x9d, 0xc9, 0x9c, - 0x42, 0x75, 0x64, 0x3e, 0xe4, 0x12, 0x2b, 0x67, 0xf8, 0xbf, 0x2b, 0x98, - 0x5d, 0xb6, 0xa0, 0xba, 0x79, 0x98, 0xe0, 0x47, 0x5c, 0x77, 0x85, 0x4e, - 0x26, 0x71, 0xfe, 0xab, 0x5c, 0xa8, 0x32, 0x93, 0xec, 0xd0, 0x26, 0x90, - 0xe4, 0xda, 0x2f, 0x34, 0x8a, 0x50, 0xb8, 0x3b, 0x7b, 0x4c, 0x5f, 0xa9, - 0x3e, 0x8a, 0xa8, 0xf3, 0xc0, 0xb7, 0x50, 0x0b, 0x77, 0x4e, 0x8c, 0xa0, - 0xaf, 0xdb, 0x59, 0xe7, 0xac, 0xd1, 0x34, 0x4e, 0x62, 0x47, 0x2e, 0x1e, - 0x5e, 0xb4, 0xc9, 0x64, 0xf8, 0x0f, 0xf4, 0xf8, 0xb6, 0x9a, 0xe3, 0x7e, - 0xcf, 0xb7, 0xee, 0x11, 0x14, 0x52, 0x89, 0x3b, 0x27, 0x98, 0xfc, 0x95, - 0xa7, 0xad, 0xbf, 0x61, 0x34, 0xad, 0x1a, 0x24, 0x2a, 0x48, 0x66, 0x65, - 0x75, 0x9c, 0x59, 0xc0, 0x4f, 0x5f, 0x3d, 0x5a, 0x8c, 0xee, 0xd0, 0xb1, - 0x17, 0x6d, 0x34, 0x46, 0x37, 0xa0, 0xba, 0x71, 0xac, 0x77, 0x73, 0x29, - 0xa3, 0x37, 0x4f, 0x02, 0xd3, 0x7f, 0x0e, 0xe8, 0xce, 0xff, 0x80, 0x11, - 0x45, 0x42, 0x03, 0x5a, 0x87, 0xaa, 0xff, 0x25, 0x12, 0x1f, 0x43, 0x19, - 0x3e, 0xa9, 0x62, 0x96, 0x0c, 0x6f, 0x33, 0x88, 0x5c, 0xaa, 0xf9, 0xe2, - 0xb4, 0xb9, 0xf7, 0x55, 0xae, 0xb5, 0x76, 0x57, 0x47, 0x83, 0xe3, 0xfa, - 0x05, 0xda, 0x86, 0x02, 0x97, 0xb4, 0x60, 0xae, 0x59, 0xd5, 0x6c, 0xc1, - 0x33, 0xe1, 0x36, 0x36, 0x94, 0x79, 0x9e, 0xad, 0xa3, 0x2d, 0xbc, 0xb5, - 0xa2, 0xeb, 0xdd, 0xcd, 0xcb, 0x48, 0x42, 0x15, 0xb8, 0xe6, 0x0e, 0x76, - 0x5b, 0x57, 0x74, 0x24, 0xe6, 0x89, 0xc4, 0xe8, 0x08, 0xa9, 0xfe, 0xb3, - 0x23, 0xa6, 0xca, 0x72, 0xe2, 0xe4, 0xcb, 0xc1, 0x4a, 0xd1, 0x1d, 0xb9, - 0x5e, 0x36, 0x97, 0x19, 0x7c, 0x15, 0x48, 0xf1, 0x2d, 0xeb, 0xec, 0xad, - 0x52, 0x6f, 0x2f, 0xe1, 0x19, 0xcf, 0xcf, 0x98, 0x13, 0x0d, 0xcc, 0xb2, - 0xa6, 0x8a, 0xda, 0x93, 0x24, 0x3d, 0x5d, 0x83, 0xfe, 0x8d, 0x9e, 0x47, - 0xd8, 0x6e, 0x8d, 0x06, 0x52, 0x7d, 0x46, 0x84, 0x04, 0x69, 0x34, 0x61, - 0x04, 0x50, 0x1f, 0x86, 0x92, 0x94, 0xe9, 0x0b, 0x13, 0x5b, 0xf6, 0x16, - 0x81, 0xeb, 0xfa, 0xf1, 0xbb, 0x04, 0x68, 0x17, 0xca, 0x35, 0x6f, 0xba, - 0x4e, 0x4c, 0x33, 0xce, 0xf4, 0x26, 0xb7, 0x74, 0xab, 0xa5, 0xd0, 0xaa, - 0x0d, 0x85, 0x11, 0x30, 0x58, 0x62, 0xdf, 0x48, 0xc7, 0xdf, 0xc9, 0x38, - 0x9e, 0x6f, 0x96, 0x23, 0x2f, 0xc1, 0xd4, 0x8d, 0x65, 0x9b, 0x46, 0x5f, - 0x9c, 0xea, 0x26, 0x60, 0xb5, 0x95, 0x85, 0x71, 0x18, 0xc3, 0xf4, 0x54, - 0x61, 0xca, 0xfe, 0x55, 0x3b, 0xbe, 0x81, 0xaf, 0xd9, 0x3a, 0x27, 0xe9, - 0x1c, 0x30, 0x82, 0x05, 0x41, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x82, 0x05, 0x32, 0x04, 0x82, 0x05, 0x2e, - 0x30, 0x82, 0x05, 0x2a, 0x30, 0x82, 0x05, 0x26, 0x06, 0x0b, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x02, 0xa0, 0x82, 0x04, - 0xee, 0x30, 0x82, 0x04, 0xea, 0x30, 0x1c, 0x06, 0x0a, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x03, 0x30, 0x0e, 0x04, 0x08, 0xd9, - 0x68, 0xcb, 0x08, 0x16, 0xc8, 0x93, 0x57, 0x02, 0x02, 0x08, 0x00, 0x04, - 0x82, 0x04, 0xc8, 0x7c, 0xdb, 0xa6, 0x1e, 0x33, 0xa4, 0xc6, 0x4e, 0x13, - 0x22, 0x7a, 0x1f, 0xc6, 0x82, 0xab, 0x93, 0x5f, 0xf0, 0xa4, 0xe4, 0x40, - 0xac, 0xdf, 0x16, 0xec, 0x8d, 0x1f, 0xd9, 0xe4, 0x03, 0xd6, 0xc9, 0xc4, - 0x1d, 0xfd, 0xa3, 0xe3, 0xba, 0xfc, 0xcb, 0xd0, 0x47, 0x65, 0x0c, 0x6e, - 0x5d, 0xfc, 0xd2, 0xd4, 0x63, 0xa7, 0x93, 0xf6, 0x8a, 0x44, 0x8c, 0xfe, - 0x84, 0xd8, 0x0d, 0xa6, 0x16, 0x22, 0xe1, 0x65, 0x10, 0x5e, 0x18, 0x44, - 0x58, 0x2f, 0xc7, 0x64, 0x74, 0x5f, 0xcf, 0x73, 0x34, 0xe1, 0x4b, 0xe4, - 0xb3, 0x5b, 0xdb, 0x81, 0x4b, 0x1c, 0x38, 0x72, 0xa6, 0xc5, 0xeb, 0x56, - 0x9b, 0xc7, 0xe3, 0x3d, 0x54, 0x6e, 0x05, 0x2c, 0xd3, 0x57, 0xc9, 0x4f, - 0x80, 0x1e, 0xd7, 0xd8, 0x26, 0x6a, 0xcb, 0x79, 0x46, 0x70, 0xfc, 0x45, - 0xa7, 0x79, 0xab, 0x01, 0x03, 0xb6, 0xb1, 0x44, 0x41, 0xd9, 0x73, 0x37, - 0xaa, 0xd7, 0xf9, 0x44, 0x93, 0xaf, 0xbb, 0xb5, 0x77, 0xeb, 0x2b, 0x20, - 0x2e, 0xbd, 0xea, 0x2f, 0xde, 0xa6, 0x2f, 0xd6, 0xac, 0x74, 0xa5, 0x34, - 0xfb, 0xdf, 0xf7, 0x02, 0xa2, 0x20, 0x15, 0xc8, 0x61, 0x72, 0xbb, 0x7f, - 0x04, 0xf6, 0x0f, 0xf8, 0x7e, 0xc3, 0xe6, 0xab, 0x2a, 0xe6, 0xd8, 0xe1, - 0x0d, 0x5a, 0x3c, 0xc0, 0x58, 0xae, 0xf8, 0x1b, 0x15, 0x3c, 0x7b, 0x7f, - 0xf5, 0x9f, 0xec, 0xf7, 0x3f, 0x30, 0x4f, 0x3d, 0x6c, 0x44, 0xdd, 0x0e, - 0x4c, 0x2c, 0x93, 0x68, 0x43, 0x31, 0xa8, 0x97, 0x4b, 0xf6, 0x66, 0x71, - 0x2a, 0x52, 0x3e, 0x3a, 0xe6, 0x72, 0x8a, 0xe6, 0xe3, 0xc8, 0xff, 0x65, - 0x68, 0x1a, 0x46, 0x21, 0xb3, 0xf0, 0x46, 0x7c, 0x0c, 0x65, 0xd1, 0x8e, - 0xa4, 0x91, 0x11, 0x5c, 0x93, 0xeb, 0xeb, 0xae, 0x46, 0xf4, 0xbb, 0xf8, - 0xf3, 0x7e, 0x20, 0x30, 0xf8, 0xcd, 0x19, 0xcd, 0x54, 0x0a, 0x7f, 0x4f, - 0xe8, 0xac, 0xa9, 0xac, 0x72, 0x96, 0x80, 0x45, 0x2a, 0x4a, 0x63, 0x90, - 0x01, 0x19, 0xd0, 0x7e, 0x26, 0x53, 0x2d, 0xc4, 0x20, 0xa5, 0x1f, 0x89, - 0x67, 0x0f, 0xd9, 0x75, 0x51, 0x0a, 0xf1, 0xd4, 0xfd, 0x2e, 0xbe, 0xe6, - 0x94, 0x3b, 0x6c, 0x8c, 0xe3, 0x0f, 0x5f, 0xce, 0x58, 0x48, 0xde, 0x8d, - 0xeb, 0xd3, 0xe1, 0x0a, 0xcd, 0xdf, 0x34, 0x4d, 0xd1, 0x5b, 0xab, 0x41, - 0x41, 0x6b, 0xeb, 0xa1, 0x2f, 0x01, 0x4a, 0x72, 0x2e, 0xf4, 0x5e, 0x44, - 0x76, 0xc7, 0xe6, 0x16, 0xb9, 0xfb, 0x10, 0x37, 0x00, 0x2d, 0xc6, 0x3b, - 0x17, 0x72, 0x21, 0xdb, 0xac, 0x86, 0x7b, 0xf5, 0x70, 0x3f, 0x73, 0xa3, - 0xce, 0x0e, 0x20, 0xbb, 0x59, 0x4c, 0x23, 0xc2, 0xe8, 0x22, 0x22, 0xe0, - 0x02, 0x0d, 0xe4, 0xa2, 0x3f, 0x55, 0x9d, 0xc0, 0xeb, 0x9a, 0xc4, 0xf3, - 0xaa, 0xb8, 0xf1, 0x73, 0xec, 0x47, 0xe8, 0x2d, 0x6b, 0xa1, 0x40, 0x94, - 0xf6, 0x07, 0xb9, 0x6f, 0x03, 0x5a, 0x78, 0xe5, 0x59, 0x41, 0x1a, 0xc7, - 0xcd, 0x43, 0x10, 0x20, 0x28, 0x95, 0xe0, 0x2a, 0x6f, 0xf2, 0xf8, 0x12, - 0xd6, 0x13, 0x7f, 0x37, 0x3d, 0x38, 0xa7, 0x22, 0x91, 0xc6, 0xe3, 0x52, - 0xde, 0xd8, 0xbf, 0x78, 0x9a, 0xa4, 0xf7, 0xc0, 0x8c, 0xbf, 0x81, 0x28, - 0x20, 0xb8, 0x01, 0xde, 0xb5, 0x6b, 0x0a, 0x56, 0x12, 0x5c, 0x62, 0x1d, - 0xaf, 0xb7, 0xf2, 0x74, 0x66, 0x0a, 0x7a, 0xc4, 0x9f, 0x1e, 0xc2, 0xa8, - 0x4c, 0xd6, 0x76, 0x6d, 0x74, 0x35, 0x37, 0x12, 0x5c, 0x95, 0xee, 0x98, - 0x1d, 0xe2, 0x91, 0xde, 0x13, 0x08, 0xd0, 0x59, 0x4d, 0x62, 0x92, 0x69, - 0x1b, 0xf7, 0x21, 0x45, 0xaf, 0x83, 0xf8, 0x64, 0xf0, 0xfb, 0x92, 0x9d, - 0xa1, 0xd9, 0x61, 0x5e, 0x00, 0xc8, 0x1a, 0x6e, 0x6a, 0x2d, 0xad, 0xa8, - 0x1b, 0x0e, 0xaf, 0xea, 0xb2, 0xae, 0x1c, 0x89, 0xc7, 0x4d, 0x2c, 0x0f, - 0x4d, 0x8d, 0x78, 0x8d, 0x15, 0x9d, 0x4c, 0x90, 0x52, 0xa1, 0xa9, 0xd8, - 0xb2, 0x66, 0xb9, 0xb1, 0x46, 0x0a, 0x69, 0x86, 0x2b, 0x0f, 0xb2, 0x41, - 0xce, 0xe8, 0x8e, 0x49, 0x97, 0x08, 0x0b, 0x70, 0x97, 0xcb, 0xa4, 0x33, - 0x3f, 0x83, 0x6b, 0x6c, 0x17, 0xce, 0xd8, 0xd5, 0x9b, 0xd4, 0x55, 0x9b, - 0x99, 0xe1, 0xba, 0x61, 0x31, 0x36, 0x79, 0x31, 0x5f, 0xa1, 0x8c, 0xa9, - 0x77, 0x42, 0xaa, 0x8c, 0x45, 0x6e, 0xb6, 0x90, 0x08, 0xe8, 0x2e, 0xc4, - 0x72, 0x69, 0x42, 0xca, 0xa2, 0xd4, 0x8a, 0x2c, 0x37, 0xe1, 0xde, 0xb8, - 0x98, 0x36, 0xeb, 0xcc, 0x58, 0x0c, 0x24, 0xad, 0xab, 0x62, 0x44, 0x6d, - 0x80, 0xd5, 0xce, 0x2e, 0x4a, 0x3e, 0xa5, 0xc5, 0x34, 0xf8, 0x32, 0x26, - 0x2a, 0x56, 0xa4, 0xdd, 0xe9, 0x92, 0x06, 0xad, 0xe8, 0x85, 0x77, 0x6b, - 0xf1, 0x1b, 0xeb, 0xac, 0x77, 0x19, 0x1c, 0x6a, 0xb7, 0xef, 0x28, 0x70, - 0x87, 0x92, 0x33, 0xdd, 0xaa, 0x30, 0xc1, 0xa0, 0x93, 0x64, 0x18, 0xa2, - 0x91, 0x7f, 0xf7, 0xc4, 0xa5, 0x16, 0x93, 0xb3, 0x5b, 0xd8, 0x53, 0x28, - 0xc5, 0x5e, 0xb1, 0xce, 0x97, 0xbc, 0xb6, 0x65, 0xa8, 0x53, 0xcd, 0xf4, - 0x4d, 0x6b, 0xea, 0x6f, 0x6f, 0xa5, 0x1c, 0xf1, 0x0f, 0xcb, 0x04, 0x25, - 0x4a, 0xfe, 0x7d, 0xfc, 0xa3, 0xbd, 0x41, 0xd3, 0x96, 0x6a, 0x8b, 0xad, - 0xd4, 0xaa, 0x0a, 0x76, 0xea, 0x3b, 0xab, 0x39, 0x55, 0xa3, 0x89, 0x9f, - 0xf6, 0xf5, 0x9b, 0x9c, 0x83, 0xf8, 0x28, 0x50, 0xdf, 0x31, 0x74, 0x83, - 0xdb, 0xf1, 0x0f, 0x4c, 0x35, 0x6a, 0xe5, 0x64, 0x2e, 0xb9, 0x77, 0x3d, - 0xdd, 0xff, 0xa3, 0xa7, 0x90, 0x79, 0xc6, 0x5b, 0x01, 0x16, 0x38, 0xa8, - 0x22, 0xa3, 0x14, 0x13, 0xed, 0xd0, 0x89, 0x0d, 0x1f, 0x3a, 0x41, 0x4c, - 0x57, 0x79, 0xfc, 0x1d, 0xdf, 0xad, 0x1a, 0x11, 0x15, 0x31, 0x7e, 0xdb, - 0x99, 0x3a, 0x6c, 0xde, 0x94, 0x9a, 0x45, 0x4c, 0xfb, 0xa5, 0xa5, 0x31, - 0xee, 0xe3, 0x09, 0x13, 0x6d, 0xfd, 0x19, 0x37, 0x3f, 0xf6, 0xed, 0x8f, - 0x0c, 0xce, 0x4b, 0xd1, 0xe1, 0x3d, 0xfb, 0x85, 0x00, 0x84, 0x19, 0xeb, - 0xa2, 0x63, 0x1d, 0x2b, 0x2d, 0x21, 0xee, 0x08, 0x5a, 0x6d, 0xb0, 0xb1, - 0xd6, 0x81, 0x00, 0xb6, 0xd0, 0x09, 0x90, 0xb4, 0x84, 0x17, 0xd9, 0x2a, - 0x3c, 0x1d, 0x53, 0xc6, 0xc1, 0x8b, 0xda, 0xae, 0x0c, 0x0a, 0x3e, 0x1c, - 0x8a, 0xc4, 0xd6, 0x97, 0x5d, 0x48, 0xe7, 0x79, 0x80, 0x78, 0xaa, 0xde, - 0x17, 0x60, 0x5d, 0x28, 0x15, 0x3a, 0x42, 0xb7, 0x85, 0xc8, 0x60, 0x93, - 0x28, 0xb0, 0x4e, 0xc9, 0xf7, 0x46, 0xe7, 0xfc, 0x4e, 0x9f, 0x9f, 0x12, - 0xdf, 0xcb, 0x6e, 0x0c, 0xaf, 0x71, 0xda, 0xb7, 0xec, 0x3d, 0x46, 0xf3, - 0x35, 0x41, 0x42, 0xd8, 0x27, 0x92, 0x99, 0x1c, 0x4d, 0xc9, 0x3c, 0xe9, - 0x0e, 0xcb, 0x3f, 0x57, 0x65, 0x77, 0x0d, 0xdd, 0xff, 0xea, 0x70, 0x35, - 0xcc, 0xf5, 0x38, 0x1b, 0x57, 0xdf, 0x6d, 0xcb, 0xfd, 0x13, 0x39, 0xd6, - 0x04, 0xe2, 0xf1, 0xc2, 0xd9, 0xea, 0x8c, 0x9f, 0xfb, 0xb5, 0xfc, 0xe6, - 0xa9, 0xaa, 0x0f, 0x43, 0xc9, 0x9c, 0x91, 0xe4, 0x21, 0xaf, 0x37, 0x14, - 0x78, 0x46, 0xe1, 0x29, 0x41, 0x0c, 0x4e, 0xf5, 0x93, 0x1d, 0xf8, 0x33, - 0x47, 0x6f, 0x9d, 0x8b, 0xf3, 0x27, 0xd4, 0xbb, 0xf6, 0xae, 0xfa, 0xa5, - 0x8b, 0x41, 0x8f, 0xb4, 0xd7, 0x2f, 0xc1, 0x27, 0xea, 0x70, 0x55, 0x1d, - 0xe2, 0xd8, 0x0c, 0x4a, 0x5e, 0x7c, 0x87, 0xa4, 0x0e, 0x84, 0x07, 0xd3, - 0x38, 0x67, 0x2c, 0x55, 0x11, 0xfd, 0x1e, 0xda, 0x4d, 0x66, 0x01, 0x12, - 0x0c, 0x1b, 0x7c, 0x7c, 0x5c, 0x82, 0x21, 0x35, 0x65, 0x5c, 0x7a, 0xd2, - 0x66, 0xc2, 0x2b, 0x5e, 0xb8, 0xb1, 0xcb, 0xdf, 0x59, 0xc9, 0x31, 0xb7, - 0x17, 0x26, 0x96, 0x5e, 0x6f, 0x1c, 0x62, 0x3d, 0x8d, 0x88, 0xf1, 0xd1, - 0x01, 0x3e, 0xf9, 0x6f, 0xb9, 0x77, 0xdc, 0xee, 0xee, 0x78, 0x59, 0xef, - 0xcf, 0x3a, 0x87, 0x88, 0xa2, 0xea, 0xfd, 0x0a, 0xa9, 0xa9, 0x3e, 0x0c, - 0xf8, 0x7f, 0x97, 0x32, 0x17, 0xc2, 0x97, 0xcb, 0xa4, 0x9b, 0xae, 0x5d, - 0xe7, 0x39, 0x2b, 0x2b, 0xa8, 0xe6, 0x7b, 0x51, 0x75, 0x1f, 0x53, 0x54, - 0x37, 0xf4, 0x00, 0xa4, 0xb0, 0xa0, 0x93, 0xb4, 0x33, 0xe7, 0xae, 0x28, - 0xc0, 0x2d, 0x3a, 0xb3, 0xaa, 0xd7, 0x3c, 0x76, 0x44, 0x4b, 0xbb, 0x6a, - 0x67, 0x98, 0xce, 0xf8, 0x15, 0x13, 0x67, 0x79, 0x3c, 0x15, 0x09, 0xb7, - 0x22, 0xc0, 0xec, 0x07, 0x8a, 0xfd, 0x44, 0xcb, 0x99, 0xbd, 0xdc, 0xd5, - 0x53, 0x4c, 0x97, 0x1b, 0x46, 0xaf, 0xc0, 0x6c, 0x06, 0x01, 0x93, 0x8a, - 0x50, 0x51, 0x6a, 0xe4, 0x5c, 0x0a, 0x52, 0x81, 0x3b, 0x75, 0xed, 0xa2, - 0x97, 0xa6, 0x5c, 0x55, 0x63, 0xee, 0xfb, 0x33, 0x82, 0x10, 0xa8, 0x21, - 0x1a, 0x8d, 0xc8, 0xe1, 0x52, 0x68, 0x38, 0x88, 0x2f, 0xae, 0x2b, 0x22, - 0x7a, 0x9b, 0x0c, 0x19, 0x73, 0x6f, 0x91, 0xc7, 0xfa, 0x95, 0x61, 0x28, - 0x74, 0x73, 0x70, 0x31, 0x25, 0x30, 0x23, 0x06, 0x09, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x15, 0x31, 0x16, 0x04, 0x14, 0x14, 0x74, - 0x2d, 0x52, 0x8e, 0x0d, 0x0c, 0x06, 0x6c, 0x32, 0x64, 0xd3, 0x7e, 0x33, - 0x31, 0x68, 0x8b, 0x28, 0x1a, 0x75, 0x30, 0x31, 0x30, 0x21, 0x30, 0x09, - 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, 0x22, - 0x8e, 0xff, 0x5a, 0x78, 0xec, 0x2c, 0x21, 0xa2, 0x48, 0xb7, 0x63, 0x88, - 0x10, 0x47, 0x1c, 0xc0, 0xd3, 0xec, 0x5a, 0x04, 0x08, 0xb3, 0x2e, 0x21, - 0xfd, 0x82, 0x14, 0xd8, 0x5c, 0x02, 0x02, 0x08, 0x00, -}; - -/* kNSS is the result of importing the OpenSSL example PKCS#12 into Chrome and - * then exporting it again. */ -static const uint8_t kNSS[] = { - 0x30, 0x80, 0x02, 0x01, 0x03, 0x30, 0x80, 0x06, 0x09, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x80, 0x24, 0x80, 0x04, 0x82, - 0x09, 0xef, 0x30, 0x80, 0x30, 0x80, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x80, 0x24, 0x80, 0x04, 0x82, 0x05, - 0x77, 0x30, 0x82, 0x05, 0x73, 0x30, 0x82, 0x05, 0x6f, 0x06, 0x0b, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x02, 0xa0, 0x82, - 0x04, 0xf6, 0x30, 0x82, 0x04, 0xf2, 0x30, 0x24, 0x06, 0x0a, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x03, 0x30, 0x16, 0x04, 0x10, - 0xac, 0x71, 0x8a, 0x7c, 0x89, 0xcf, 0xa8, 0xb0, 0xd6, 0xd1, 0x07, 0xf0, - 0x83, 0x4f, 0x7a, 0xd0, 0x02, 0x02, 0x07, 0xd0, 0x04, 0x82, 0x04, 0xc8, - 0xea, 0x51, 0x2c, 0x61, 0xaa, 0x9d, 0xf3, 0x90, 0xe1, 0x38, 0x45, 0xb0, - 0x5f, 0xfd, 0xe2, 0x04, 0x65, 0xe6, 0xff, 0x87, 0xb6, 0x78, 0x69, 0xb0, - 0xcb, 0x14, 0xe9, 0x99, 0x39, 0xe3, 0xe5, 0x70, 0x84, 0x57, 0x68, 0xf7, - 0x28, 0xb9, 0x75, 0xa6, 0xfb, 0x16, 0x72, 0xe1, 0x34, 0xb8, 0x3b, 0x61, - 0x51, 0x89, 0x18, 0x94, 0x40, 0xef, 0x73, 0xda, 0xdb, 0xd7, 0xb7, 0x44, - 0x73, 0x8f, 0x16, 0x84, 0xa2, 0x99, 0xa6, 0x05, 0x5e, 0x74, 0xae, 0xe2, - 0xcf, 0x3e, 0x99, 0xca, 0xcd, 0x76, 0x36, 0x77, 0x59, 0xec, 0x25, 0x59, - 0x3d, 0x4b, 0x45, 0xa5, 0x4e, 0x7b, 0x7a, 0xc9, 0x8b, 0xde, 0x4f, 0x70, - 0x6d, 0xb1, 0xa8, 0xf3, 0xb6, 0xb5, 0xe7, 0x67, 0x3f, 0xe9, 0x64, 0xb8, - 0x49, 0xf4, 0x11, 0x94, 0x9d, 0x1c, 0xb0, 0xa5, 0xfb, 0xb3, 0x61, 0xd4, - 0xf3, 0xa7, 0x68, 0x66, 0xd7, 0xa4, 0xf0, 0xcd, 0xc8, 0x40, 0x4f, 0x3e, - 0xa7, 0x26, 0x40, 0x76, 0x64, 0xa1, 0x4e, 0xf1, 0x91, 0xc2, 0xa3, 0xef, - 0xbc, 0xcd, 0x42, 0xe5, 0xd2, 0x6f, 0xff, 0xfe, 0x4d, 0x33, 0x01, 0xb4, - 0x99, 0x63, 0x1b, 0xd3, 0x01, 0x55, 0x00, 0xa6, 0x23, 0x9b, 0xa9, 0x17, - 0x09, 0x38, 0x32, 0x18, 0x36, 0xbc, 0x20, 0x02, 0xfe, 0x7b, 0xec, 0xd3, - 0x4c, 0x7d, 0xc9, 0xc9, 0xce, 0x66, 0x3b, 0x34, 0x6e, 0xea, 0xf9, 0xb1, - 0x1a, 0x83, 0xa3, 0x3c, 0x8d, 0xc7, 0x79, 0xc9, 0xff, 0x6b, 0x1d, 0x35, - 0xf6, 0x2a, 0x3d, 0x3b, 0x83, 0x16, 0x64, 0xcf, 0x9f, 0x7c, 0x31, 0x02, - 0xda, 0x37, 0x1a, 0x16, 0x49, 0xdc, 0xd9, 0x70, 0xae, 0x99, 0x2c, 0xc7, - 0x01, 0xba, 0x42, 0xab, 0xe9, 0x4d, 0xa4, 0x78, 0x2c, 0xbd, 0xa0, 0xf1, - 0xb7, 0xcf, 0xdd, 0xc1, 0xdb, 0x8f, 0x04, 0x87, 0x0b, 0x47, 0x4f, 0xd5, - 0xd5, 0xe7, 0xfc, 0x6e, 0x42, 0xd5, 0x91, 0x4d, 0x7b, 0x1b, 0x5c, 0x3c, - 0x02, 0x70, 0xdb, 0x05, 0x91, 0xaf, 0x35, 0x43, 0x05, 0xc2, 0x6d, 0xcf, - 0x59, 0x23, 0xfc, 0xc4, 0xf6, 0x67, 0xf1, 0x84, 0x61, 0x4a, 0xb6, 0x4c, - 0x15, 0x15, 0xa3, 0xea, 0x8f, 0x13, 0x15, 0xe3, 0xd2, 0xb5, 0x50, 0xc8, - 0xae, 0xc8, 0x5c, 0x03, 0xb5, 0x63, 0x93, 0xaa, 0x10, 0xd7, 0x56, 0x0d, - 0x6e, 0x13, 0x45, 0x8f, 0xec, 0x17, 0x5c, 0x5c, 0x73, 0x91, 0x5f, 0x6c, - 0xaf, 0x11, 0x13, 0x32, 0x5e, 0x14, 0xf9, 0xaf, 0xaf, 0x43, 0x04, 0x60, - 0x93, 0x42, 0x30, 0xa6, 0x75, 0xc0, 0x83, 0xd2, 0x4c, 0xa5, 0x0a, 0x16, - 0x39, 0xef, 0x3f, 0xf7, 0x9d, 0x23, 0x19, 0xb9, 0xcd, 0xd8, 0x7c, 0x6e, - 0xee, 0x6d, 0x2e, 0xff, 0x5a, 0xf3, 0xb9, 0xab, 0xe5, 0x64, 0xdc, 0xc2, - 0x67, 0x30, 0x73, 0x19, 0x2d, 0xea, 0xd2, 0x19, 0x1f, 0x1f, 0xe0, 0xd9, - 0xac, 0xc9, 0xdb, 0x38, 0x74, 0x5e, 0x31, 0x47, 0x2e, 0x9e, 0x2b, 0xcc, - 0xb9, 0xe4, 0x29, 0xf8, 0xb2, 0xbf, 0x1b, 0xbc, 0x68, 0x96, 0x79, 0xcf, - 0xaf, 0xf2, 0x1f, 0x57, 0x3f, 0x74, 0xc4, 0x71, 0x63, 0xb4, 0xe8, 0xbe, - 0x58, 0xdb, 0x28, 0x62, 0xb5, 0x79, 0x8b, 0xe4, 0xd0, 0x96, 0xd0, 0xda, - 0x0f, 0xd2, 0x70, 0x93, 0x2f, 0x71, 0xe0, 0x9f, 0x28, 0xb7, 0x52, 0x38, - 0x9c, 0xcb, 0x8b, 0x2a, 0x8e, 0xbf, 0x0e, 0x3d, 0x60, 0x05, 0x0a, 0x91, - 0x5b, 0xb5, 0x78, 0x10, 0x31, 0x00, 0x80, 0x31, 0x2d, 0xd7, 0xb0, 0x88, - 0xc7, 0xd9, 0x58, 0xc6, 0xfc, 0x3b, 0xf4, 0xee, 0xec, 0xba, 0x05, 0xae, - 0xae, 0xff, 0xcf, 0xd0, 0x71, 0xc6, 0xe7, 0xf3, 0x8b, 0x64, 0x50, 0x7a, - 0x09, 0x93, 0x0f, 0x34, 0x59, 0x2d, 0xde, 0x4b, 0x1d, 0x86, 0x49, 0xff, - 0x63, 0x76, 0x28, 0x6b, 0x52, 0x1b, 0x46, 0x06, 0x18, 0x90, 0x1c, 0x2d, - 0xc5, 0x03, 0xcc, 0x00, 0x4d, 0xb7, 0xb2, 0x12, 0xc5, 0xf9, 0xb4, 0xa4, - 0x6a, 0x36, 0x62, 0x46, 0x34, 0x2a, 0xf0, 0x11, 0xa3, 0xd6, 0x80, 0x21, - 0xbf, 0x3b, 0xfd, 0xc5, 0x25, 0xa0, 0x4d, 0xc0, 0x2e, 0xc0, 0xf1, 0x7b, - 0x96, 0x11, 0x64, 0x8e, 0xb9, 0xdb, 0x89, 0x4e, 0x33, 0x89, 0xf5, 0xc6, - 0xfc, 0x2b, 0x99, 0xf5, 0xc2, 0x04, 0x83, 0x15, 0x47, 0xa8, 0xa5, 0xc1, - 0x4a, 0xe4, 0x76, 0xab, 0x3e, 0xf0, 0x9b, 0xb7, 0x8d, 0x46, 0xd3, 0x52, - 0x9b, 0xbd, 0xfd, 0x2b, 0xba, 0x73, 0x5d, 0x23, 0x67, 0x68, 0xe1, 0x76, - 0x6f, 0x56, 0x2b, 0x17, 0xe4, 0x7e, 0x9a, 0xfd, 0x05, 0x48, 0x39, 0xc9, - 0xcf, 0xa5, 0x83, 0xf7, 0x90, 0x9c, 0xa4, 0x28, 0x57, 0x40, 0xe9, 0xd4, - 0x4b, 0x1a, 0x4b, 0x6f, 0x65, 0x14, 0xca, 0x43, 0xc1, 0x3f, 0x7c, 0xec, - 0x82, 0x47, 0x0e, 0x64, 0x8b, 0x6f, 0x8c, 0xb2, 0xf0, 0x6d, 0xeb, 0x6f, - 0x71, 0x8f, 0xcc, 0x2d, 0x60, 0x2b, 0xc3, 0x9f, 0x13, 0x94, 0xc7, 0x23, - 0x02, 0xf5, 0xe6, 0xdf, 0x2d, 0xa9, 0xdb, 0xa9, 0xf3, 0xee, 0xe9, 0x3f, - 0x2a, 0x69, 0x24, 0x6b, 0x78, 0xff, 0x6a, 0xd7, 0xe4, 0x69, 0x8c, 0x17, - 0xd5, 0xc1, 0x36, 0x1a, 0xca, 0x77, 0xb0, 0xb5, 0x6b, 0x96, 0x4a, 0xb5, - 0x0e, 0x4d, 0x0b, 0xd6, 0xd9, 0x78, 0xc5, 0xbf, 0xe3, 0x59, 0xfe, 0x63, - 0xe3, 0xd3, 0x3c, 0x9a, 0xfa, 0xd7, 0x69, 0x5b, 0xef, 0xd3, 0xa4, 0xa3, - 0xb9, 0x1f, 0x5c, 0x40, 0x20, 0x95, 0x38, 0x2d, 0xf5, 0x04, 0x0c, 0x2c, - 0x79, 0x77, 0xc1, 0xb6, 0xcc, 0x74, 0x3c, 0x66, 0xf1, 0xc6, 0x65, 0xab, - 0x4d, 0x68, 0x41, 0x16, 0x71, 0x51, 0xb9, 0x1b, 0xcb, 0xa7, 0x6d, 0xe0, - 0x70, 0xa9, 0xfa, 0x65, 0x6b, 0x7b, 0x1e, 0xc5, 0xdf, 0xe2, 0x4c, 0x96, - 0x44, 0x6b, 0x24, 0xa1, 0x15, 0x8e, 0xe7, 0x9b, 0x1f, 0x51, 0xef, 0xd7, - 0x65, 0x5f, 0xcd, 0x74, 0x7f, 0x2d, 0x5c, 0xba, 0xba, 0x20, 0x32, 0x8d, - 0x1c, 0xf1, 0x5a, 0xed, 0x21, 0xad, 0x78, 0x7b, 0x59, 0x58, 0xe4, 0xf6, - 0xa7, 0x10, 0x35, 0xca, 0x5d, 0x86, 0x1a, 0x68, 0xba, 0x1c, 0x3c, 0x1c, - 0x23, 0x79, 0x8b, 0x9f, 0xda, 0x5c, 0xd1, 0x5a, 0xa9, 0xc8, 0xf6, 0xc9, - 0xdf, 0x21, 0x5a, 0x98, 0xdc, 0xf4, 0xb9, 0x02, 0x97, 0x2c, 0x10, 0x60, - 0xc9, 0xb5, 0xea, 0x75, 0x0b, 0xd9, 0x8a, 0xa4, 0x86, 0x92, 0xbe, 0xf5, - 0xd8, 0xc7, 0x6b, 0x13, 0x8b, 0xbb, 0xca, 0x5f, 0xe4, 0x8b, 0xce, 0xb5, - 0x27, 0xae, 0x53, 0xed, 0xef, 0x37, 0xa6, 0x81, 0x8f, 0x70, 0x25, 0x18, - 0x93, 0x06, 0x8c, 0x18, 0xcd, 0x7a, 0x1a, 0x8d, 0xfc, 0xde, 0x6f, 0x30, - 0xdb, 0x41, 0xb6, 0x42, 0x14, 0x54, 0xf8, 0xcd, 0xc6, 0xf8, 0x0f, 0x82, - 0x17, 0xfa, 0x8d, 0xba, 0x80, 0x81, 0x6a, 0xf7, 0x02, 0x97, 0x00, 0x78, - 0xd6, 0x5b, 0xc9, 0xba, 0xd1, 0x99, 0xef, 0x8e, 0x48, 0x6c, 0x35, 0x10, - 0x5b, 0xf1, 0x9b, 0x93, 0x4f, 0xbd, 0x7d, 0x27, 0x9e, 0xc7, 0x86, 0xb2, - 0x8f, 0x6a, 0x91, 0x59, 0x2d, 0x14, 0xab, 0x1b, 0x34, 0x6e, 0xfa, 0x25, - 0x5e, 0x14, 0xc7, 0xef, 0x3d, 0x0f, 0x13, 0xf9, 0x45, 0x4b, 0x90, 0xbc, - 0xd8, 0x51, 0x42, 0x95, 0x25, 0x9b, 0x1b, 0x7c, 0xaf, 0x3b, 0x60, 0x21, - 0x4c, 0x5f, 0x7c, 0x63, 0x4b, 0x45, 0xa6, 0xdc, 0xfd, 0x32, 0xf3, 0x06, - 0x61, 0x11, 0x2d, 0x27, 0xde, 0x19, 0x38, 0x63, 0xf9, 0x70, 0xd1, 0x82, - 0x8e, 0xc7, 0x99, 0xe1, 0x96, 0x9b, 0x54, 0x93, 0x64, 0x5f, 0xd1, 0x62, - 0x9c, 0x37, 0x10, 0x1a, 0x8a, 0x82, 0x8d, 0x2a, 0x93, 0x95, 0x22, 0xc9, - 0x21, 0xf5, 0xce, 0x21, 0xbb, 0x7c, 0x17, 0xee, 0x20, 0xa0, 0x73, 0xaa, - 0x69, 0x78, 0x4e, 0x0d, 0x2c, 0x2c, 0x96, 0x23, 0xdc, 0x07, 0x16, 0xbd, - 0xe7, 0xd5, 0x49, 0xcc, 0x44, 0xd1, 0x9d, 0xd7, 0xa3, 0x01, 0x60, 0xa0, - 0xe0, 0x41, 0x63, 0x28, 0x8a, 0x43, 0xdb, 0x4f, 0x25, 0x5b, 0x27, 0x52, - 0x4a, 0xee, 0x42, 0x43, 0x9a, 0xef, 0x33, 0x43, 0x70, 0xda, 0x64, 0x57, - 0x49, 0x0c, 0x7f, 0xfd, 0xc7, 0x88, 0x26, 0x94, 0x10, 0xcc, 0x05, 0x1d, - 0x54, 0x95, 0xea, 0x4e, 0x65, 0x28, 0x03, 0xbc, 0xa2, 0x62, 0xd2, 0xce, - 0x60, 0x34, 0xf9, 0xdb, 0x26, 0xb5, 0xe6, 0x9b, 0x55, 0x2c, 0x8f, 0x30, - 0x3a, 0x94, 0x9a, 0x15, 0x79, 0x22, 0x75, 0x4d, 0x1b, 0x91, 0xe0, 0x5b, - 0xdb, 0xd1, 0x15, 0x7f, 0xcc, 0xc6, 0x88, 0xb5, 0x00, 0x3f, 0x5d, 0x84, - 0x2e, 0x68, 0xde, 0x6f, 0x41, 0x5b, 0x4e, 0xe7, 0xdf, 0xe6, 0x3b, 0x7e, - 0xf2, 0xdd, 0xfc, 0x01, 0xf2, 0x1b, 0x52, 0xba, 0xc4, 0x51, 0xae, 0x8f, - 0xa0, 0x55, 0x12, 0x81, 0x57, 0xe0, 0x58, 0x5e, 0xea, 0xd7, 0x85, 0xfb, - 0x19, 0x8b, 0xb7, 0x24, 0x29, 0x94, 0xa7, 0xfc, 0xed, 0x17, 0xaa, 0x32, - 0x50, 0x11, 0xb3, 0x7a, 0x43, 0x3a, 0xc0, 0x2b, 0x82, 0x9c, 0x85, 0xd9, - 0xd0, 0xdb, 0x21, 0x71, 0x83, 0xb4, 0x30, 0x14, 0xec, 0xfc, 0x8d, 0x32, - 0xd6, 0xa2, 0x36, 0x5e, 0x3b, 0xe9, 0x12, 0x0c, 0x95, 0xd6, 0x0c, 0x0c, - 0x31, 0x66, 0x30, 0x3f, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x09, 0x14, 0x31, 0x32, 0x1e, 0x30, 0x00, 0x49, 0x00, 0x6e, 0x00, - 0x74, 0x00, 0x65, 0x00, 0x72, 0x00, 0x6e, 0x00, 0x65, 0x00, 0x74, 0x00, - 0x20, 0x00, 0x57, 0x00, 0x69, 0x00, 0x64, 0x00, 0x67, 0x00, 0x69, 0x00, - 0x74, 0x00, 0x73, 0x00, 0x20, 0x00, 0x50, 0x00, 0x74, 0x00, 0x79, 0x00, - 0x20, 0x00, 0x4c, 0x00, 0x74, 0x00, 0x64, 0x30, 0x23, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x15, 0x31, 0x16, 0x04, 0x14, - 0x14, 0x74, 0x2d, 0x52, 0x8e, 0x0d, 0x0c, 0x06, 0x6c, 0x32, 0x64, 0xd3, - 0x7e, 0x33, 0x31, 0x68, 0x8b, 0x28, 0x1a, 0x75, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x30, 0x80, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x07, 0x06, 0xa0, 0x80, 0x30, 0x80, 0x02, 0x01, 0x00, 0x30, 0x80, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0x30, - 0x24, 0x06, 0x0a, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, - 0x06, 0x30, 0x16, 0x04, 0x10, 0x9d, 0x1b, 0x68, 0x8e, 0x11, 0xc2, 0xb2, - 0xd6, 0xd0, 0xe9, 0x5a, 0x9e, 0x96, 0xc1, 0x8c, 0xa6, 0x02, 0x02, 0x07, - 0xd0, 0xa0, 0x80, 0x04, 0x82, 0x03, 0xf8, 0x1d, 0xce, 0x13, 0x70, 0x7a, - 0x6b, 0x0a, 0x12, 0x2d, 0x01, 0x84, 0x63, 0x5c, 0x07, 0x82, 0x23, 0xf8, - 0x8a, 0x5e, 0x53, 0x8f, 0xc8, 0xb4, 0x87, 0x1a, 0xa2, 0x98, 0xdb, 0xc6, - 0x26, 0xca, 0xbb, 0x20, 0x24, 0xad, 0xac, 0xdf, 0xbe, 0x73, 0x6d, 0x97, - 0x4b, 0x6e, 0x5b, 0x45, 0xd2, 0x84, 0xd4, 0xa4, 0x82, 0xd0, 0xce, 0x40, - 0x13, 0x4c, 0x6d, 0x4d, 0x2e, 0xc1, 0x96, 0x95, 0x01, 0x64, 0xf3, 0xf0, - 0x5f, 0x06, 0x06, 0xea, 0xf7, 0x84, 0x8f, 0xb3, 0xb0, 0x6e, 0x7c, 0x9b, - 0x71, 0x73, 0xb9, 0xcd, 0xac, 0x72, 0xf6, 0xa0, 0x23, 0xda, 0x9b, 0x9f, - 0xec, 0x16, 0xef, 0x33, 0xd4, 0xd0, 0x4d, 0x20, 0xf0, 0x75, 0xa9, 0x73, - 0xf4, 0x31, 0xc7, 0x57, 0xb8, 0x0d, 0x9d, 0x85, 0x7c, 0xee, 0x3a, 0x24, - 0x7b, 0x74, 0xa0, 0x5c, 0xad, 0xde, 0x5e, 0x05, 0x1e, 0xeb, 0x02, 0x78, - 0x12, 0xb4, 0xb9, 0xc6, 0xe5, 0xc5, 0x99, 0xbc, 0x05, 0x62, 0x5b, 0x10, - 0x52, 0x08, 0x00, 0x9e, 0x73, 0xac, 0xe4, 0x1d, 0xdb, 0xb8, 0xbf, 0x48, - 0x03, 0x28, 0x05, 0x3c, 0x61, 0x1a, 0x8b, 0x4c, 0xd7, 0x5f, 0x8c, 0xb4, - 0xcd, 0x91, 0x1c, 0x0b, 0xf4, 0x55, 0xd4, 0x1c, 0x42, 0x4a, 0xd4, 0xf5, - 0x15, 0x38, 0xd9, 0x06, 0xfc, 0x49, 0xf6, 0xe5, 0xa7, 0x09, 0x5d, 0x01, - 0xbd, 0xc3, 0xd1, 0x09, 0x9f, 0x5d, 0x0c, 0x19, 0x43, 0xd0, 0xfa, 0x25, - 0x17, 0xad, 0x2a, 0xbf, 0x89, 0x63, 0x06, 0xa8, 0x02, 0x03, 0xe4, 0xfe, - 0x19, 0x08, 0x70, 0xa1, 0x74, 0x74, 0xb6, 0xb6, 0x0f, 0x19, 0x4d, 0x54, - 0xa5, 0xb2, 0xd7, 0x37, 0x3b, 0x17, 0xc0, 0x5d, 0xc2, 0x8a, 0xf1, 0xcc, - 0xed, 0xef, 0x65, 0xc8, 0xca, 0xbe, 0x02, 0xd4, 0x9b, 0x1e, 0xef, 0xc9, - 0xe0, 0x91, 0x82, 0xb0, 0xe0, 0x50, 0xc7, 0xa0, 0xcc, 0x01, 0x6d, 0x55, - 0xe5, 0x67, 0x99, 0x65, 0x13, 0xe4, 0xd2, 0x90, 0x91, 0xf3, 0x76, 0x0b, - 0x6a, 0x2d, 0x19, 0xaf, 0x61, 0xb3, 0x7f, 0x4c, 0x04, 0xfe, 0x68, 0xf6, - 0xb3, 0x56, 0xd8, 0xf3, 0x34, 0xd7, 0x04, 0x0a, 0x31, 0xc8, 0x37, 0xdf, - 0xac, 0xd8, 0x91, 0x80, 0x8a, 0x30, 0x12, 0x22, 0x80, 0xd7, 0x24, 0xcf, - 0x70, 0xaf, 0x56, 0xaf, 0x81, 0xfe, 0x63, 0xf1, 0xea, 0x57, 0x4c, 0xf2, - 0xdb, 0x30, 0x50, 0x92, 0xc1, 0xeb, 0x04, 0x9a, 0xdf, 0xf5, 0x74, 0x57, - 0x5b, 0x58, 0xc2, 0x4e, 0x6b, 0x11, 0xf3, 0xe1, 0xb3, 0x0f, 0x56, 0x35, - 0x04, 0xf8, 0x50, 0x1d, 0x7e, 0xe6, 0x99, 0xa2, 0x48, 0xdb, 0xea, 0x62, - 0x4f, 0x98, 0xc2, 0xef, 0xbf, 0x7f, 0x94, 0xc0, 0x36, 0xc0, 0xf3, 0x27, - 0xfe, 0xe2, 0x17, 0x1e, 0x91, 0x7d, 0x96, 0xa9, 0x2b, 0x71, 0x51, 0xc3, - 0x59, 0x2d, 0x11, 0x50, 0x1e, 0xcb, 0xce, 0xff, 0x04, 0x4d, 0x16, 0xf5, - 0xc2, 0xd4, 0x1f, 0xdd, 0x7f, 0x5a, 0xfd, 0x1d, 0xe9, 0x63, 0x52, 0x44, - 0x76, 0x5f, 0x91, 0xfd, 0xe8, 0xdf, 0x0a, 0x69, 0x0d, 0xd3, 0x64, 0x91, - 0xea, 0xdd, 0x03, 0x4f, 0x42, 0xa5, 0xe9, 0xa1, 0x70, 0x05, 0xf3, 0x22, - 0x8e, 0xad, 0x70, 0x1a, 0x3e, 0x94, 0x42, 0x06, 0xe7, 0x47, 0x37, 0x3d, - 0xf5, 0xda, 0x3e, 0x2a, 0x3a, 0xc0, 0x23, 0xd9, 0x4a, 0x26, 0x69, 0x13, - 0xa6, 0x93, 0x7c, 0xf2, 0xaf, 0x04, 0x5e, 0x9b, 0x88, 0xc7, 0x77, 0xd0, - 0x93, 0xab, 0x1b, 0xbd, 0x3d, 0x69, 0x90, 0xab, 0x41, 0xa9, 0xbc, 0x84, - 0x18, 0x4d, 0x29, 0x02, 0xc1, 0xf8, 0xff, 0x63, 0x18, 0x24, 0x74, 0x8f, - 0x7e, 0x44, 0x33, 0xaf, 0x88, 0x8b, 0x93, 0x5b, 0x9a, 0xae, 0x6b, 0x08, - 0xa2, 0x82, 0x5d, 0xf3, 0xbe, 0x61, 0xc3, 0xf0, 0x2d, 0x31, 0x4c, 0xb5, - 0xb5, 0x91, 0x0f, 0xfa, 0x81, 0x61, 0xad, 0xfc, 0xba, 0x91, 0xeb, 0x3b, - 0x9d, 0x22, 0x41, 0x45, 0x0e, 0x8e, 0x24, 0xc7, 0x1c, 0x81, 0x95, 0xa8, - 0x7b, 0x64, 0xed, 0xa5, 0xec, 0x5a, 0x68, 0x3c, 0x85, 0x8d, 0x92, 0xb7, - 0x24, 0x0f, 0xed, 0xf5, 0xc6, 0x31, 0x61, 0xdc, 0xef, 0xa7, 0xcb, 0x8f, - 0xda, 0x43, 0x05, 0x42, 0xf6, 0x9e, 0xbc, 0x1b, 0x9a, 0xa1, 0xe8, 0x1d, - 0x8d, 0x42, 0xdb, 0x80, 0x83, 0x55, 0x52, 0x2b, 0x95, 0x00, 0x05, 0x82, - 0x84, 0xc3, 0x54, 0x23, 0x8e, 0x1d, 0x00, 0xa2, 0x16, 0x3e, 0xce, 0x3d, - 0xcc, 0x9e, 0xb8, 0x4c, 0x59, 0xb2, 0x12, 0xa2, 0x23, 0xc1, 0x46, 0x50, - 0x86, 0xae, 0x75, 0x7e, 0x49, 0x38, 0x77, 0x94, 0xf0, 0x27, 0xd8, 0x17, - 0x38, 0x8c, 0xe0, 0x73, 0x00, 0xfb, 0xaf, 0xbf, 0xe8, 0xed, 0x85, 0x58, - 0x3e, 0xb4, 0x88, 0x04, 0xc8, 0x22, 0x1b, 0xb4, 0x75, 0xa2, 0xc4, 0xdd, - 0x06, 0xd2, 0x83, 0x42, 0x21, 0x57, 0xfc, 0xd8, 0xae, 0x9c, 0x0e, 0xd8, - 0x6a, 0x70, 0xd1, 0xeb, 0x44, 0x9c, 0xb7, 0x37, 0x04, 0x05, 0xf5, 0x17, - 0xbe, 0xf3, 0x56, 0x1b, 0x06, 0x36, 0x1c, 0x59, 0x7b, 0x65, 0x8d, 0xbb, - 0xbe, 0x22, 0x9a, 0x70, 0xa3, 0xe9, 0x60, 0x1a, 0xc9, 0xdd, 0x81, 0x3c, - 0x2d, 0x4e, 0xc0, 0x8a, 0xe5, 0x91, 0xa7, 0xc1, 0x80, 0x07, 0x47, 0x7a, - 0x74, 0x4f, 0x3e, 0x4a, 0xdc, 0xb2, 0xcc, 0xff, 0x37, 0x66, 0x05, 0xcb, - 0xd6, 0xe9, 0x90, 0xf5, 0xef, 0x2b, 0x7e, 0xa7, 0x66, 0x51, 0xcb, 0x48, - 0xb3, 0x8a, 0x6f, 0x06, 0xba, 0x8b, 0x3d, 0x35, 0x36, 0xdf, 0x0e, 0x40, - 0xe5, 0xa1, 0xe3, 0xdd, 0x89, 0xab, 0x64, 0x9c, 0x01, 0x15, 0x9e, 0x93, - 0xea, 0xf9, 0x4f, 0x9e, 0xf5, 0x8b, 0xf2, 0xc2, 0xbb, 0xe5, 0xc3, 0xa3, - 0xe3, 0x13, 0x63, 0x4f, 0x7d, 0x20, 0xe4, 0x66, 0x96, 0x84, 0x8d, 0xd4, - 0xca, 0x72, 0x52, 0xdc, 0xb8, 0x93, 0xd4, 0xa5, 0x3e, 0x6e, 0x42, 0x56, - 0x80, 0x46, 0x77, 0x86, 0x49, 0xfe, 0xf3, 0xb4, 0x5b, 0x37, 0xfc, 0xb8, - 0x0c, 0xd7, 0x63, 0xac, 0x3c, 0x6f, 0xf0, 0xbe, 0xbe, 0xb4, 0x13, 0xe7, - 0x34, 0xe5, 0x06, 0xbf, 0x17, 0x48, 0x6e, 0xc0, 0x26, 0x94, 0xdd, 0xed, - 0xf4, 0xda, 0x97, 0x25, 0xab, 0xd6, 0x9b, 0xc3, 0x8c, 0xeb, 0x17, 0x09, - 0xfc, 0x03, 0x5a, 0x2f, 0x19, 0x85, 0x50, 0xc4, 0xe6, 0x35, 0x71, 0x94, - 0xad, 0xc5, 0xcf, 0x08, 0xcf, 0x69, 0x3b, 0xc3, 0x31, 0xec, 0xf1, 0xfa, - 0x80, 0x66, 0x8f, 0x14, 0xde, 0x56, 0x21, 0x12, 0x9b, 0x0c, 0xdf, 0x92, - 0x48, 0x06, 0xce, 0xdb, 0xeb, 0x28, 0x54, 0x27, 0x8b, 0xa9, 0xef, 0x0c, - 0xf4, 0xa0, 0xcc, 0x84, 0x59, 0x60, 0xed, 0x18, 0x65, 0xca, 0x67, 0x0c, - 0xd1, 0x1f, 0xcf, 0x59, 0x4b, 0xce, 0x07, 0x27, 0x08, 0x6a, 0xea, 0x53, - 0xdc, 0x47, 0xb3, 0x4e, 0xe4, 0x0b, 0xff, 0x9a, 0x7d, 0x6b, 0x0d, 0x2f, - 0x2d, 0x60, 0xd7, 0x8b, 0x22, 0xf5, 0x30, 0x43, 0x09, 0xe6, 0xdf, 0x01, - 0x03, 0x27, 0x2d, 0xb5, 0x74, 0x52, 0x5d, 0x08, 0xc7, 0x5a, 0x44, 0x25, - 0x0f, 0x2c, 0x14, 0x8f, 0x48, 0xea, 0x18, 0x99, 0xd1, 0xcc, 0xc5, 0xdc, - 0x65, 0xa5, 0x3d, 0x25, 0x94, 0xa9, 0xc7, 0xad, 0x3e, 0xa4, 0xf6, 0xe6, - 0xbd, 0xa7, 0x70, 0xd4, 0xdc, 0x9b, 0x26, 0xcb, 0x31, 0x70, 0xaf, 0x3e, - 0xa4, 0xb6, 0x8d, 0x21, 0x31, 0x67, 0x35, 0x35, 0x86, 0x67, 0xd1, 0x02, - 0x6c, 0x36, 0x76, 0xc9, 0x20, 0xf6, 0x0f, 0x30, 0x41, 0x83, 0x19, 0xf5, - 0xe1, 0x33, 0x90, 0xbc, 0x7b, 0x8c, 0x9b, 0x8a, 0x68, 0x30, 0x9e, 0xed, - 0xf4, 0x88, 0xc9, 0x04, 0x08, 0x2b, 0xb0, 0x0f, 0xae, 0xc7, 0xe0, 0x6e, - 0x52, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x39, 0x30, 0x21, 0x30, - 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, - 0xe0, 0xf7, 0xa1, 0x1b, 0xf6, 0x3f, 0x05, 0xad, 0x55, 0x6a, 0x20, 0x4c, - 0x71, 0xca, 0x62, 0x47, 0x13, 0x28, 0xd5, 0x05, 0x04, 0x10, 0x3e, 0x87, - 0x2d, 0x96, 0xea, 0x80, 0x4b, 0xab, 0x3a, 0xb9, 0xee, 0x09, 0x65, 0x28, - 0xbc, 0x8d, 0x02, 0x02, 0x07, 0xd0, 0x00, 0x00, -}; - -/* kWindows is a dummy key and certificate exported from the certificate - * manager on Windows 7. */ -static const uint8_t kWindows[] = { - 0x30, 0x82, 0x0a, 0x02, 0x02, 0x01, 0x03, 0x30, 0x82, 0x09, 0xbe, 0x06, - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x82, - 0x09, 0xaf, 0x04, 0x82, 0x09, 0xab, 0x30, 0x82, 0x09, 0xa7, 0x30, 0x82, - 0x06, 0x08, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, - 0x01, 0xa0, 0x82, 0x05, 0xf9, 0x04, 0x82, 0x05, 0xf5, 0x30, 0x82, 0x05, - 0xf1, 0x30, 0x82, 0x05, 0xed, 0x06, 0x0b, 0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x02, 0xa0, 0x82, 0x04, 0xfe, 0x30, 0x82, - 0x04, 0xfa, 0x30, 0x1c, 0x06, 0x0a, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x0c, 0x01, 0x03, 0x30, 0x0e, 0x04, 0x08, 0xb7, 0x20, 0x55, 0x5a, - 0x4d, 0x3f, 0x0e, 0x89, 0x02, 0x02, 0x07, 0xd0, 0x04, 0x82, 0x04, 0xd8, - 0x3a, 0xcc, 0xd6, 0xcb, 0x4d, 0x54, 0xc0, 0x04, 0x56, 0x10, 0xcc, 0x49, - 0xe4, 0xe0, 0x10, 0x73, 0xfb, 0x1a, 0xdd, 0x1d, 0x4f, 0x6e, 0x55, 0xe3, - 0xa4, 0xab, 0xf9, 0x26, 0xaa, 0x42, 0x54, 0xa0, 0xd1, 0xf0, 0x8d, 0xbf, - 0x71, 0x7d, 0x18, 0x00, 0x17, 0xb3, 0xb7, 0x63, 0x50, 0x8d, 0x2c, 0xeb, - 0x2f, 0xe3, 0xc3, 0xbf, 0x93, 0xc8, 0x46, 0x48, 0x99, 0x47, 0xe2, 0x3b, - 0x8d, 0x71, 0x01, 0x5f, 0x59, 0x5b, 0x61, 0x7e, 0x1f, 0x0c, 0x6e, 0x3e, - 0xc4, 0x74, 0x99, 0x98, 0x30, 0xff, 0x37, 0x7b, 0x30, 0x19, 0xb5, 0xfc, - 0x69, 0x94, 0x5f, 0x79, 0x69, 0x34, 0xda, 0xb5, 0x21, 0xcf, 0xfe, 0x72, - 0x87, 0xe8, 0x7d, 0x29, 0x7e, 0x27, 0x25, 0x90, 0x80, 0x98, 0xdd, 0x8d, - 0xbf, 0x42, 0xb0, 0x10, 0xd8, 0x7d, 0x6d, 0xfe, 0x6f, 0x0d, 0x61, 0x09, - 0xfd, 0xb2, 0x9b, 0xeb, 0xbf, 0x1c, 0xca, 0x33, 0xbc, 0x4e, 0x19, 0x52, - 0x55, 0x53, 0xb4, 0xa5, 0x98, 0x6c, 0xa3, 0x3b, 0xf8, 0xa4, 0x8d, 0x79, - 0xcf, 0x40, 0xf2, 0x89, 0x09, 0x3c, 0x38, 0xab, 0xae, 0xf4, 0x09, 0x3b, - 0xb6, 0xcb, 0xdd, 0xd7, 0xad, 0xe0, 0x5a, 0x71, 0x64, 0xc9, 0x0f, 0x18, - 0xac, 0x3c, 0x12, 0xd4, 0x22, 0x54, 0x24, 0x1a, 0xa5, 0x35, 0x78, 0x99, - 0x09, 0x4a, 0x18, 0x95, 0x23, 0xb9, 0xf7, 0x89, 0x3f, 0x13, 0x43, 0x1f, - 0x8d, 0x76, 0x6b, 0x04, 0xdb, 0x64, 0xf4, 0x8e, 0xf5, 0x50, 0xa0, 0xae, - 0x1c, 0x8c, 0xc8, 0xf3, 0xde, 0xf3, 0x11, 0x2d, 0xfe, 0x76, 0xf0, 0xac, - 0x46, 0x54, 0x23, 0x03, 0x49, 0xfa, 0x73, 0xcd, 0xe0, 0xa1, 0x6c, 0x66, - 0x4d, 0x1b, 0x99, 0x57, 0x3d, 0x61, 0x61, 0xeb, 0x61, 0x40, 0xc7, 0xd6, - 0x41, 0xbe, 0x63, 0x21, 0x1e, 0x7e, 0xb5, 0x0e, 0x94, 0x93, 0x37, 0x41, - 0xe8, 0x91, 0x06, 0xd7, 0xa3, 0x33, 0x78, 0x17, 0x17, 0x59, 0x78, 0x8f, - 0xaf, 0xed, 0xf9, 0x90, 0xfb, 0xb6, 0xc8, 0xa9, 0x0b, 0x10, 0x1a, 0xf1, - 0xab, 0x10, 0x11, 0xbc, 0x7f, 0xa5, 0x2d, 0x34, 0x7d, 0x7b, 0xaf, 0xc8, - 0xb2, 0x00, 0x6b, 0xd4, 0xbb, 0x25, 0x9b, 0xc7, 0x14, 0x8b, 0x50, 0x0a, - 0xd5, 0x2c, 0x1f, 0xa0, 0x5f, 0x07, 0x1d, 0x5e, 0x1a, 0xa4, 0x4b, 0x85, - 0xb2, 0xa6, 0xe2, 0xdd, 0xb7, 0xda, 0x11, 0x25, 0x51, 0xbf, 0x72, 0x50, - 0x53, 0xa1, 0x3d, 0xfa, 0x1d, 0x34, 0x75, 0xdd, 0x7a, 0xe0, 0x90, 0x56, - 0x14, 0xc3, 0xe8, 0x0b, 0xea, 0x32, 0x5f, 0x92, 0xfc, 0x2e, 0x4d, 0x0e, - 0xfe, 0xba, 0x1a, 0x00, 0x6d, 0x8f, 0x75, 0xac, 0x49, 0x4c, 0x79, 0x03, - 0x2e, 0xf2, 0xcc, 0x8e, 0x96, 0x27, 0x3c, 0x59, 0x28, 0x7f, 0x52, 0x8d, - 0xc3, 0x3b, 0x24, 0x68, 0xff, 0xbb, 0xd0, 0x4e, 0xdf, 0xc4, 0x91, 0x32, - 0x14, 0x5e, 0x43, 0x73, 0xd8, 0x56, 0x65, 0xe1, 0x48, 0x89, 0xe4, 0x33, - 0xef, 0x4b, 0x51, 0x50, 0xf2, 0x53, 0xe7, 0xae, 0x7d, 0xb6, 0x8c, 0x80, - 0xee, 0x8d, 0x9e, 0x24, 0x1a, 0xdd, 0x95, 0x7d, 0x22, 0x58, 0x76, 0xf8, - 0xbb, 0x63, 0x36, 0x17, 0xdc, 0xc6, 0x3e, 0xb8, 0xe9, 0x1f, 0xd8, 0xe0, - 0x06, 0x18, 0x1b, 0x3c, 0x45, 0xcb, 0xe1, 0x5a, 0x41, 0xe5, 0x32, 0xa3, - 0x85, 0x1b, 0xff, 0xe0, 0x5e, 0x28, 0xee, 0xe9, 0x05, 0xc7, 0xc8, 0x47, - 0x85, 0xe8, 0x13, 0x7f, 0x1b, 0xda, 0xd7, 0x3e, 0x8e, 0xb8, 0xa3, 0x96, - 0x34, 0x19, 0x3b, 0x0c, 0x88, 0x26, 0x38, 0xe7, 0x65, 0xf6, 0x03, 0x4f, - 0xc8, 0x37, 0x6e, 0x2f, 0x5e, 0x5d, 0xcd, 0xa3, 0x29, 0x37, 0xe8, 0x86, - 0x84, 0x66, 0x37, 0x84, 0xa0, 0x49, 0x4e, 0x8f, 0x3b, 0x1a, 0x42, 0x9f, - 0x62, 0x1f, 0x2b, 0x97, 0xc9, 0x18, 0x21, 0xd2, 0xa5, 0xcd, 0x8f, 0xa4, - 0x03, 0xf8, 0x82, 0x1e, 0xb8, 0x3e, 0x6b, 0x54, 0x29, 0x75, 0x5f, 0x80, - 0xe6, 0x8f, 0x2f, 0x65, 0xb0, 0x6b, 0xbb, 0x18, 0x6e, 0x0d, 0x32, 0x62, - 0x8c, 0x97, 0x48, 0xd3, 0xaa, 0xf2, 0x5e, 0xb8, 0x25, 0xbc, 0xb5, 0x22, - 0x4a, 0xac, 0xcf, 0xdc, 0x8b, 0x48, 0xfc, 0x95, 0xf2, 0x17, 0x21, 0x1e, - 0xda, 0x13, 0xd3, 0x1b, 0xe2, 0x37, 0xd5, 0xbf, 0x92, 0xe4, 0x81, 0xf5, - 0x98, 0x57, 0x51, 0x14, 0xda, 0x80, 0x7d, 0x4a, 0x6a, 0xce, 0x17, 0xaf, - 0xdb, 0xc3, 0x2e, 0x84, 0x3b, 0x1e, 0x02, 0x51, 0x4a, 0xc1, 0x25, 0x8c, - 0x5a, 0x20, 0x56, 0xee, 0xec, 0x59, 0xcf, 0xd7, 0x3e, 0x5f, 0x39, 0x9f, - 0xbf, 0x4d, 0x4e, 0x94, 0xb1, 0x1d, 0x83, 0x70, 0xc0, 0xab, 0xff, 0xfa, - 0x7c, 0x2e, 0x5b, 0xfb, 0x57, 0x3f, 0x60, 0xb8, 0xf3, 0x36, 0x5f, 0xbf, - 0x6a, 0x8c, 0x6f, 0xe0, 0x34, 0xe8, 0x75, 0x26, 0xc2, 0x1e, 0x22, 0x64, - 0x0e, 0x43, 0xc1, 0x93, 0xe6, 0x8a, 0x2e, 0xe9, 0xd9, 0xe0, 0x9f, 0x56, - 0x50, 0x8a, 0xbd, 0x68, 0xf6, 0x57, 0x63, 0x55, 0xbb, 0xe7, 0xfe, 0x22, - 0xca, 0xdc, 0x85, 0x38, 0x39, 0xc8, 0x66, 0x02, 0x28, 0x0f, 0xe0, 0x1c, - 0xd6, 0x0f, 0x5d, 0x6a, 0x0b, 0xd8, 0xe5, 0x6a, 0xeb, 0x54, 0xb2, 0xe0, - 0x02, 0x6f, 0xe2, 0x42, 0x89, 0x66, 0xc2, 0xd5, 0xc6, 0xe2, 0xb2, 0x04, - 0x6d, 0x8a, 0x2b, 0x48, 0xc2, 0x51, 0x07, 0x8e, 0xf3, 0x91, 0x0b, 0xb7, - 0x55, 0x6e, 0xbb, 0xbf, 0x11, 0x5a, 0xcb, 0x2c, 0xb3, 0x1e, 0x61, 0xd3, - 0xdb, 0x90, 0xad, 0xba, 0x10, 0x96, 0xe2, 0x16, 0xf4, 0x0c, 0x47, 0xbd, - 0x64, 0x66, 0x7a, 0x17, 0x63, 0xb9, 0x02, 0xcb, 0x53, 0x7a, 0x35, 0x92, - 0x74, 0xc3, 0x2a, 0x7d, 0xc5, 0x11, 0x18, 0x2f, 0xa3, 0x62, 0x2c, 0xc0, - 0x87, 0xd3, 0xd3, 0xba, 0xcb, 0xe0, 0x86, 0x9b, 0x4b, 0xc5, 0x59, 0x98, - 0x7e, 0x32, 0x96, 0x55, 0xc1, 0x3d, 0x5a, 0xcd, 0x90, 0x2d, 0xf8, 0xb7, - 0xa8, 0xba, 0xce, 0x89, 0x64, 0xa6, 0xf3, 0x1b, 0x11, 0x2e, 0x12, 0x99, - 0x4d, 0x34, 0x45, 0x13, 0x66, 0xb7, 0x69, 0x7b, 0xc5, 0x79, 0xf5, 0x6b, - 0xc2, 0x1d, 0xc8, 0x3f, 0x09, 0x18, 0x0a, 0xfc, 0xf7, 0xaf, 0x98, 0xc2, - 0xc7, 0xcc, 0x85, 0x29, 0xc6, 0x22, 0x7a, 0x77, 0xab, 0xb5, 0xac, 0xf7, - 0x9e, 0x70, 0x8e, 0x7f, 0x3c, 0xf1, 0xbd, 0xd9, 0x7a, 0x92, 0x84, 0xc5, - 0xb8, 0x56, 0xc3, 0xcb, 0xf7, 0x25, 0xad, 0xda, 0x0e, 0x1c, 0xe4, 0x68, - 0x66, 0x83, 0x91, 0x78, 0xf1, 0xe7, 0x8c, 0xaa, 0x45, 0xb6, 0x85, 0x74, - 0x9b, 0x08, 0xff, 0xac, 0x38, 0x55, 0xa5, 0x6a, 0xea, 0x2e, 0x75, 0x71, - 0xd3, 0xa2, 0xdc, 0x1c, 0xc0, 0xc7, 0x0b, 0xa9, 0xd5, 0x7e, 0xf9, 0x63, - 0x82, 0x87, 0xb7, 0x81, 0x01, 0xb9, 0x31, 0xdf, 0x41, 0x35, 0x0e, 0xe2, - 0x1f, 0x48, 0xbf, 0x60, 0xce, 0xb0, 0xb4, 0x38, 0xa5, 0xb4, 0x76, 0xa3, - 0x80, 0x1f, 0x93, 0x57, 0xf2, 0x05, 0x81, 0x42, 0xd1, 0xae, 0x56, 0x6d, - 0xc5, 0x4c, 0xab, 0xa6, 0x24, 0x2a, 0x02, 0x3b, 0xb1, 0xc4, 0x75, 0xcf, - 0x15, 0x90, 0xb5, 0xf2, 0xe7, 0x10, 0x69, 0xa0, 0xe3, 0xc4, 0xe6, 0x52, - 0x63, 0x14, 0xb4, 0x15, 0x91, 0x8e, 0xba, 0x7a, 0xad, 0x2d, 0x9b, 0x24, - 0x74, 0x36, 0x31, 0xca, 0xcb, 0x4b, 0x5a, 0xbf, 0xd3, 0x4e, 0xb4, 0xc1, - 0x48, 0x44, 0x74, 0x2f, 0x83, 0xe4, 0x39, 0x3d, 0x90, 0x2d, 0x32, 0x12, - 0xf7, 0xfa, 0xd3, 0xe3, 0xdb, 0x4f, 0xe6, 0xe7, 0x20, 0x2c, 0x57, 0xc0, - 0xf9, 0x80, 0xe1, 0xdc, 0x1c, 0xf2, 0x05, 0x54, 0x35, 0xf6, 0xbd, 0xfb, - 0xbd, 0xc5, 0xb2, 0x82, 0x32, 0x63, 0x32, 0xca, 0xf4, 0xf7, 0x14, 0x92, - 0x87, 0x8a, 0x45, 0x37, 0x56, 0x93, 0xda, 0x4f, 0x04, 0x59, 0x03, 0x24, - 0x93, 0x1a, 0x0b, 0x4e, 0xdb, 0x58, 0xbf, 0xda, 0x2a, 0x0e, 0x7e, 0x98, - 0x6c, 0x0c, 0xeb, 0x21, 0xf9, 0xbf, 0x9b, 0x1f, 0xc0, 0xef, 0xd3, 0xea, - 0xcb, 0x99, 0x5e, 0x14, 0x3e, 0x10, 0xfa, 0xad, 0x38, 0xf7, 0x68, 0x9f, - 0xa3, 0xcc, 0xdf, 0xe5, 0x31, 0x91, 0x98, 0xde, 0x74, 0x5f, 0x7b, 0xce, - 0xe4, 0x54, 0xd9, 0x51, 0xec, 0xf5, 0x4b, 0x17, 0x5f, 0x99, 0x4c, 0xf8, - 0x00, 0xe0, 0x10, 0x09, 0x07, 0x64, 0xae, 0x61, 0x3b, 0x60, 0xa3, 0x89, - 0x38, 0xc4, 0x80, 0xf2, 0x1e, 0x11, 0x26, 0x78, 0x72, 0x05, 0x97, 0x27, - 0xba, 0x83, 0x33, 0x1b, 0x14, 0x4b, 0xc0, 0xc8, 0xb0, 0xcc, 0x0a, 0x9b, - 0x3e, 0x4c, 0xde, 0x12, 0x07, 0x11, 0xd5, 0xf0, 0xc0, 0xdd, 0x70, 0x3d, - 0xd8, 0x7a, 0xf7, 0xa2, 0xf2, 0x70, 0xad, 0x54, 0xce, 0x67, 0x41, 0x12, - 0x29, 0x1f, 0xe1, 0x49, 0x5f, 0x4c, 0x77, 0x41, 0x7c, 0x74, 0x25, 0x9c, - 0x91, 0xd1, 0x0d, 0xa5, 0x9a, 0xb8, 0x56, 0x4c, 0x01, 0xc0, 0x77, 0x51, - 0x14, 0xc8, 0x92, 0x40, 0x9a, 0xbd, 0x7f, 0x3b, 0x9b, 0x17, 0xbb, 0x80, - 0x6e, 0x50, 0x64, 0x31, 0xed, 0xe2, 0x22, 0x9f, 0x96, 0x8e, 0xe2, 0x4e, - 0x54, 0x6e, 0x36, 0x35, 0xfc, 0xf2, 0xed, 0xfc, 0x56, 0x63, 0xdb, 0x89, - 0x19, 0x99, 0xf8, 0x47, 0xff, 0xce, 0x35, 0xd2, 0x86, 0x63, 0xbc, 0xe4, - 0x8c, 0x5d, 0x12, 0x94, 0x31, 0x81, 0xdb, 0x30, 0x13, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x15, 0x31, 0x06, 0x04, 0x04, - 0x01, 0x00, 0x00, 0x00, 0x30, 0x57, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x09, 0x14, 0x31, 0x4a, 0x1e, 0x48, 0x00, 0x65, 0x00, - 0x65, 0x00, 0x36, 0x00, 0x64, 0x00, 0x38, 0x00, 0x38, 0x00, 0x30, 0x00, - 0x35, 0x00, 0x2d, 0x00, 0x30, 0x00, 0x36, 0x00, 0x64, 0x00, 0x39, 0x00, - 0x2d, 0x00, 0x34, 0x00, 0x32, 0x00, 0x65, 0x00, 0x32, 0x00, 0x2d, 0x00, - 0x38, 0x00, 0x62, 0x00, 0x36, 0x00, 0x38, 0x00, 0x2d, 0x00, 0x66, 0x00, - 0x65, 0x00, 0x61, 0x00, 0x62, 0x00, 0x35, 0x00, 0x65, 0x00, 0x66, 0x00, - 0x32, 0x00, 0x38, 0x00, 0x32, 0x00, 0x37, 0x00, 0x30, 0x30, 0x6b, 0x06, - 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x11, 0x01, 0x31, 0x5e, - 0x1e, 0x5c, 0x00, 0x4d, 0x00, 0x69, 0x00, 0x63, 0x00, 0x72, 0x00, 0x6f, - 0x00, 0x73, 0x00, 0x6f, 0x00, 0x66, 0x00, 0x74, 0x00, 0x20, 0x00, 0x45, - 0x00, 0x6e, 0x00, 0x68, 0x00, 0x61, 0x00, 0x6e, 0x00, 0x63, 0x00, 0x65, - 0x00, 0x64, 0x00, 0x20, 0x00, 0x43, 0x00, 0x72, 0x00, 0x79, 0x00, 0x70, - 0x00, 0x74, 0x00, 0x6f, 0x00, 0x67, 0x00, 0x72, 0x00, 0x61, 0x00, 0x70, - 0x00, 0x68, 0x00, 0x69, 0x00, 0x63, 0x00, 0x20, 0x00, 0x50, 0x00, 0x72, - 0x00, 0x6f, 0x00, 0x76, 0x00, 0x69, 0x00, 0x64, 0x00, 0x65, 0x00, 0x72, - 0x00, 0x20, 0x00, 0x76, 0x00, 0x31, 0x00, 0x2e, 0x00, 0x30, 0x30, 0x82, - 0x03, 0x97, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, - 0x06, 0xa0, 0x82, 0x03, 0x88, 0x30, 0x82, 0x03, 0x84, 0x02, 0x01, 0x00, - 0x30, 0x82, 0x03, 0x7d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x07, 0x01, 0x30, 0x1c, 0x06, 0x0a, 0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x0c, 0x01, 0x06, 0x30, 0x0e, 0x04, 0x08, 0x92, 0x16, 0x6d, - 0x6d, 0x68, 0xd3, 0xb0, 0xc1, 0x02, 0x02, 0x07, 0xd0, 0x80, 0x82, 0x03, - 0x50, 0xee, 0x76, 0xe8, 0x60, 0xbf, 0xca, 0x3c, 0x2d, 0xe5, 0x29, 0x22, - 0xf6, 0x33, 0xc3, 0x50, 0x6a, 0xdb, 0xf3, 0x58, 0x3c, 0xd9, 0x7c, 0xd8, - 0xf9, 0x83, 0x89, 0x17, 0xa8, 0x1b, 0x6b, 0x09, 0xc1, 0x99, 0x49, 0xb0, - 0x43, 0x06, 0xc6, 0x42, 0x4b, 0x7c, 0x85, 0x4b, 0xe6, 0x69, 0x38, 0x91, - 0xce, 0x3d, 0x3c, 0x97, 0xd5, 0x14, 0x4f, 0x15, 0x5a, 0x81, 0x4d, 0x77, - 0x40, 0xe0, 0xe1, 0x1c, 0x69, 0x3f, 0x1d, 0x65, 0x68, 0xb3, 0x98, 0x95, - 0x30, 0x6c, 0xb0, 0x70, 0x93, 0x0c, 0xce, 0xec, 0xaf, 0x57, 0xc6, 0x9c, - 0x34, 0xb4, 0x2b, 0xaf, 0xc3, 0x5e, 0x70, 0x87, 0x17, 0xe8, 0xc9, 0x54, - 0x06, 0xb5, 0xb7, 0x83, 0xff, 0x46, 0x2b, 0xb6, 0x6a, 0x66, 0x2f, 0x6d, - 0x0f, 0x96, 0x53, 0x66, 0x65, 0xb8, 0x7b, 0x48, 0x55, 0x83, 0xd3, 0xc4, - 0x16, 0x93, 0xde, 0x72, 0x59, 0xf1, 0x9a, 0xab, 0xd5, 0xd5, 0xcb, 0x24, - 0xa6, 0x4a, 0x4e, 0x57, 0xf3, 0x6e, 0xca, 0xb1, 0xeb, 0x7d, 0xdb, 0x02, - 0xd2, 0x79, 0x89, 0xef, 0xa2, 0x8b, 0xee, 0x6f, 0xdc, 0x5e, 0x65, 0xa5, - 0x09, 0x33, 0x51, 0xb5, 0x21, 0xc8, 0xc6, 0xab, 0xed, 0xd5, 0x50, 0x93, - 0x39, 0x71, 0x97, 0xd3, 0x2c, 0xdd, 0xaf, 0xb1, 0xc6, 0x9b, 0x4b, 0x69, - 0x98, 0xae, 0xaf, 0x21, 0xa0, 0x8a, 0x90, 0x25, 0xe0, 0xf4, 0x8c, 0xf2, - 0xc3, 0x4f, 0x64, 0xb6, 0xc6, 0x64, 0x90, 0xff, 0x95, 0x0a, 0xcc, 0x8c, - 0xf4, 0x86, 0x80, 0x53, 0x8d, 0x51, 0x0b, 0xcd, 0x45, 0x4f, 0xcf, 0x7c, - 0xc6, 0xdf, 0x08, 0x5e, 0xa7, 0xdf, 0x4f, 0xcf, 0x84, 0xde, 0xb8, 0x4d, - 0x73, 0x40, 0x06, 0xbe, 0x33, 0x82, 0xe8, 0x41, 0x1b, 0x9a, 0xc3, 0x5b, - 0xb6, 0xf3, 0xfc, 0x32, 0x98, 0xcc, 0xcc, 0x5e, 0xd5, 0xb7, 0x86, 0x0f, - 0xc8, 0x59, 0x72, 0xcb, 0x9a, 0xc5, 0x3c, 0x50, 0xb8, 0x25, 0xb8, 0x87, - 0x3e, 0x49, 0xd4, 0x2d, 0x2f, 0x50, 0x35, 0xeb, 0xb8, 0x10, 0xa7, 0xea, - 0xb1, 0xe2, 0x0c, 0x6a, 0x84, 0x2c, 0xe2, 0x7a, 0x26, 0xef, 0x7e, 0x6b, - 0x1e, 0x47, 0x6e, 0x98, 0xc0, 0x3f, 0x92, 0x24, 0xe7, 0x88, 0xf9, 0x18, - 0x78, 0x37, 0x8a, 0x54, 0xa6, 0x2b, 0x5b, 0xf0, 0xc7, 0xe2, 0x98, 0xa4, - 0xa6, 0x2e, 0xc3, 0x6a, 0x75, 0x66, 0x51, 0xe8, 0x0d, 0x90, 0xfd, 0xa7, - 0xec, 0x22, 0xb3, 0x7d, 0x9d, 0x0c, 0xfe, 0x72, 0x7f, 0x98, 0xf6, 0x86, - 0x30, 0xd3, 0x7c, 0xee, 0xa5, 0xc5, 0x20, 0x89, 0x79, 0x04, 0x8e, 0xa8, - 0xb6, 0x94, 0x70, 0x4e, 0x75, 0xe5, 0xa0, 0xae, 0x8c, 0x7f, 0x72, 0x4c, - 0xd5, 0x9f, 0xd2, 0x56, 0x0d, 0xb2, 0x28, 0x45, 0x99, 0xf8, 0x40, 0xd4, - 0x3f, 0x42, 0x4a, 0x0c, 0x92, 0x23, 0xe1, 0x17, 0xaf, 0x68, 0xa6, 0x0f, - 0x1d, 0x32, 0x0d, 0xf8, 0x08, 0x8e, 0xdc, 0x79, 0x68, 0xf0, 0xfe, 0x0b, - 0xda, 0x94, 0x2d, 0xa6, 0xa7, 0x76, 0x7e, 0xd6, 0xca, 0xec, 0x7c, 0x37, - 0x52, 0x4f, 0x77, 0xcf, 0xa3, 0xcf, 0x8a, 0xfe, 0x89, 0xd9, 0x3e, 0xbc, - 0xb5, 0x06, 0xa0, 0x21, 0x91, 0x89, 0x77, 0x84, 0x85, 0x43, 0x2a, 0x65, - 0xec, 0x75, 0x4d, 0x0d, 0x1c, 0x79, 0x0f, 0x61, 0xca, 0x3e, 0x62, 0xbb, - 0x41, 0xf9, 0x4c, 0x5c, 0x3b, 0xde, 0x33, 0x8e, 0xdf, 0x51, 0x72, 0x93, - 0xca, 0xa6, 0xc7, 0x16, 0xe5, 0xb3, 0x22, 0xb6, 0x2e, 0xbf, 0xae, 0x1d, - 0x91, 0x1d, 0x49, 0x96, 0xa3, 0x25, 0xd4, 0xce, 0x6f, 0xf0, 0xfb, 0xb7, - 0xf5, 0x4a, 0x24, 0x03, 0x54, 0x4b, 0x7f, 0x0b, 0xb4, 0x31, 0xb4, 0x33, - 0xb7, 0x40, 0xf0, 0xd5, 0x4c, 0xee, 0xe3, 0x4b, 0x12, 0x8c, 0xc9, 0xa7, - 0x06, 0xb1, 0x02, 0x5a, 0x14, 0x6f, 0xe2, 0x3b, 0x68, 0x9b, 0x3d, 0xfc, - 0x83, 0x4a, 0xcc, 0xb5, 0x77, 0xe7, 0xf0, 0x1b, 0x52, 0xce, 0x60, 0x89, - 0xe2, 0x45, 0x76, 0xaa, 0x76, 0x70, 0xc2, 0xfd, 0x21, 0x8f, 0x1d, 0x67, - 0x1a, 0x4c, 0xe8, 0x81, 0x2b, 0x2e, 0xa9, 0x56, 0x0a, 0x27, 0x0f, 0x81, - 0xba, 0x5c, 0x4f, 0xfa, 0x6e, 0x7e, 0x33, 0x7d, 0x78, 0xed, 0xd2, 0xe3, - 0x24, 0xae, 0x24, 0xb2, 0x1b, 0x62, 0x71, 0x0e, 0x73, 0xfe, 0x8a, 0x3b, - 0x98, 0x0d, 0x82, 0x8e, 0x8d, 0x0f, 0xb3, 0xe2, 0x65, 0x87, 0xeb, 0x36, - 0x91, 0x4d, 0x8a, 0xfb, 0x22, 0x7a, 0x23, 0x2c, 0xe1, 0xb6, 0x94, 0xb6, - 0x90, 0x94, 0xcc, 0x0c, 0x7d, 0x02, 0x36, 0x56, 0xda, 0x45, 0x20, 0x90, - 0x48, 0xdb, 0xa4, 0xf5, 0x27, 0xac, 0x22, 0x49, 0x25, 0xaa, 0xd8, 0xa7, - 0x79, 0x38, 0x80, 0xc0, 0x95, 0xc7, 0xd1, 0x5c, 0x17, 0x7c, 0xa7, 0xec, - 0xd2, 0x63, 0xc6, 0xc6, 0x55, 0xfe, 0x78, 0x99, 0x06, 0x2c, 0x6e, 0x4f, - 0xfe, 0xd1, 0x5b, 0x8c, 0x2f, 0xa1, 0x42, 0x03, 0x26, 0x5a, 0x5e, 0xda, - 0xef, 0x43, 0xd2, 0x0e, 0xf9, 0x5f, 0xdb, 0x1d, 0x9c, 0xd1, 0xcb, 0x65, - 0x84, 0x26, 0xed, 0x91, 0x8f, 0x16, 0xb4, 0x1c, 0xc0, 0xb3, 0x8d, 0x79, - 0xae, 0x9b, 0xcb, 0x36, 0x6d, 0xcd, 0x67, 0x1f, 0x87, 0x11, 0x2a, 0x7c, - 0xb1, 0x8c, 0xfb, 0x06, 0xab, 0xd2, 0xd6, 0x2a, 0xe3, 0x45, 0x6c, 0xa5, - 0xc0, 0x19, 0x6b, 0xfc, 0xc3, 0xb7, 0x54, 0x35, 0xda, 0xdf, 0x12, 0x97, - 0x5c, 0xac, 0x59, 0xb4, 0x42, 0x25, 0xef, 0x04, 0xf7, 0x4c, 0xdb, 0x74, - 0xb9, 0x68, 0x8f, 0xee, 0x37, 0x0a, 0xc6, 0x21, 0x86, 0x0f, 0x6f, 0x8e, - 0xab, 0xd5, 0x7b, 0x38, 0x5e, 0x5f, 0x7d, 0xb9, 0x5a, 0xcb, 0xce, 0xa0, - 0x56, 0x37, 0x13, 0x71, 0x4b, 0xba, 0x43, 0x7c, 0xc0, 0xb7, 0x7f, 0x32, - 0xd7, 0x46, 0x27, 0x58, 0xfc, 0xdb, 0xb5, 0x64, 0x20, 0x3b, 0x20, 0x85, - 0x79, 0xa8, 0x9a, 0x22, 0xaf, 0x29, 0x86, 0xc5, 0x9d, 0x23, 0x96, 0x52, - 0xca, 0xc7, 0x9d, 0x92, 0x26, 0xe5, 0x3a, 0x60, 0xd6, 0xad, 0x8d, 0x5a, - 0xd9, 0x29, 0xbe, 0xd5, 0x5c, 0x3a, 0x77, 0xda, 0x34, 0xe2, 0x76, 0xcb, - 0x98, 0xa4, 0xf3, 0x33, 0xf1, 0x68, 0x20, 0x83, 0x95, 0x0b, 0x8d, 0x93, - 0x59, 0x02, 0x0c, 0x8f, 0xe4, 0xc4, 0xb0, 0xe7, 0x61, 0x0d, 0xf9, 0x80, - 0x20, 0x58, 0x40, 0xea, 0xb7, 0x0b, 0x1b, 0xad, 0xe3, 0x30, 0x3b, 0x30, - 0x1f, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, - 0x2d, 0x77, 0x79, 0x79, 0x90, 0x41, 0x75, 0xf4, 0x4a, 0x7f, 0xf7, 0x15, - 0x94, 0x28, 0x62, 0xf7, 0x69, 0xd4, 0x44, 0x27, 0x04, 0x14, 0x2b, 0x2f, - 0xd9, 0x24, 0xc3, 0x8a, 0x34, 0xbb, 0x52, 0x52, 0x7b, 0xf6, 0x0e, 0x7b, - 0xfe, 0x3a, 0x66, 0x47, 0x40, 0x49, 0x02, 0x02, 0x07, 0xd0, -}; - -static int test(const char *name, const uint8_t *der, size_t der_len) { - CBS pkcs12; - EVP_PKEY *key; - STACK_OF(X509) *certs; - - certs = sk_X509_new_null(); - - CBS_init(&pkcs12, der, der_len); - if (!PKCS12_get_key_and_certs(&key, certs, &pkcs12, "foo")) { - fprintf(stderr, "PKCS12 failed on %s data.\n", name); - BIO_print_errors_fp(stderr); - return 0; - } - - if (sk_X509_num(certs) != 1 || key == NULL) { - fprintf(stderr, "Bad result from %s data.\n", name); - return 0; - } - - sk_X509_pop_free(certs, X509_free); - EVP_PKEY_free(key); - - return 1; -} - -static int test_compat(const uint8_t *der, size_t der_len) { - PKCS12 *p12; - X509 *cert = NULL; - STACK_OF(X509) *ca_certs = NULL; - EVP_PKEY *key; - BIO *bio; - - bio = BIO_new_mem_buf((void*) der, der_len); - - p12 = d2i_PKCS12_bio(bio, NULL); - if (p12 == NULL) { - fprintf(stderr, "PKCS12_parse failed.\n"); - BIO_print_errors_fp(stderr); - return 0; - } - BIO_free(bio); - - if (!PKCS12_parse(p12, "foo", &key, &cert, &ca_certs)) { - fprintf(stderr, "PKCS12_parse failed.\n"); - BIO_print_errors_fp(stderr); - return 0; - } - - if (key == NULL || cert == NULL) { - fprintf(stderr, "Bad result from PKCS12_parse.\n"); - return 0; - } - - EVP_PKEY_free(key); - X509_free(cert); - - if (sk_X509_num(ca_certs) != 0) { - fprintf(stderr, "Bad result from PKCS12_parse.\n"); - return 0; - } - sk_X509_free(ca_certs); - - PKCS12_free(p12); - - return 1; -} - -int main(int argc, char **argv) { - CRYPTO_library_init(); - ERR_load_crypto_strings(); - - if (!test("OpenSSL", kOpenSSL, sizeof(kOpenSSL)) || - !test("NSS", kNSS, sizeof(kNSS)) || - !test("Windows", kWindows, sizeof(kWindows)) || - !test_compat(kWindows, sizeof(kWindows))) { - return 1; - } - - printf("PASS\n"); - return 0; -} diff --git a/src/crypto/pkcs8/pkcs12_test.cc b/src/crypto/pkcs8/pkcs12_test.cc new file mode 100644 index 0000000..8b265cd --- /dev/null +++ b/src/crypto/pkcs8/pkcs12_test.cc @@ -0,0 +1,759 @@ +/* Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "../test/scoped_types.h" + + +/* kPKCS12DER contains sample PKCS#12 data generated by OpenSSL with: + * openssl pkcs12 -export -inkey key.pem -in cacert.pem */ +static const uint8_t kOpenSSL[] = { + 0x30, 0x82, 0x09, 0xa1, 0x02, 0x01, 0x03, 0x30, 0x82, 0x09, 0x67, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x82, + 0x09, 0x58, 0x04, 0x82, 0x09, 0x54, 0x30, 0x82, 0x09, 0x50, 0x30, 0x82, + 0x04, 0x07, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, + 0x06, 0xa0, 0x82, 0x03, 0xf8, 0x30, 0x82, 0x03, 0xf4, 0x02, 0x01, 0x00, + 0x30, 0x82, 0x03, 0xed, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x07, 0x01, 0x30, 0x1c, 0x06, 0x0a, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x0c, 0x01, 0x06, 0x30, 0x0e, 0x04, 0x08, 0x31, 0x24, 0xca, + 0x7d, 0xc3, 0x25, 0x3e, 0xdc, 0x02, 0x02, 0x08, 0x00, 0x80, 0x82, 0x03, + 0xc0, 0x55, 0xe7, 0x7f, 0x9c, 0xd6, 0x0c, 0xd2, 0x69, 0x1d, 0x6e, 0x8b, + 0xb8, 0x07, 0xec, 0x4a, 0xe7, 0x06, 0x67, 0xd1, 0x24, 0x1b, 0xd5, 0x68, + 0x13, 0x3d, 0xd7, 0x56, 0x5e, 0x15, 0x40, 0xdb, 0xda, 0x88, 0x36, 0xc9, + 0x02, 0x96, 0xb5, 0xb5, 0xf7, 0x81, 0xef, 0x88, 0x1d, 0x66, 0x62, 0xa8, + 0x83, 0xf7, 0x91, 0xb1, 0x26, 0x1f, 0x9b, 0x25, 0x78, 0x0a, 0x04, 0xb1, + 0xc0, 0x93, 0x48, 0xa2, 0xf0, 0x51, 0x4f, 0x2b, 0xf8, 0x03, 0x67, 0x61, + 0x1b, 0xed, 0x29, 0xfe, 0x3f, 0xdd, 0x83, 0xa3, 0x93, 0x75, 0xa7, 0xd9, + 0x37, 0x5b, 0xa7, 0xc9, 0xf4, 0x52, 0x86, 0xd2, 0x3f, 0xca, 0x61, 0x5c, + 0x1e, 0xf9, 0x07, 0x7d, 0xbd, 0xda, 0x76, 0x8a, 0x03, 0x8e, 0x12, 0x4e, + 0x8f, 0x68, 0x6e, 0x72, 0x6e, 0xf0, 0xbe, 0x22, 0xc7, 0x9d, 0x97, 0x7c, + 0x45, 0xc0, 0xaa, 0x31, 0xe1, 0x55, 0x81, 0xb3, 0xec, 0x98, 0x94, 0xac, + 0xf7, 0x15, 0x9b, 0x42, 0x49, 0x8c, 0x2a, 0x29, 0x7a, 0x25, 0x92, 0x64, + 0x92, 0xbd, 0x4e, 0x5c, 0xec, 0xff, 0x61, 0xbb, 0x8e, 0x5c, 0xc8, 0xdb, + 0xba, 0x97, 0x30, 0xf4, 0x55, 0x9e, 0x1b, 0xfa, 0xbe, 0x2a, 0x90, 0xcf, + 0xe8, 0xc0, 0x9d, 0xb0, 0x0e, 0x24, 0x61, 0xe7, 0x3a, 0xb7, 0x7f, 0xda, + 0x63, 0xaa, 0x2a, 0x4a, 0xa6, 0x91, 0x52, 0xa6, 0x76, 0xc9, 0xbe, 0x9f, + 0x1b, 0x1d, 0xa4, 0x09, 0x5b, 0x0f, 0xd1, 0x64, 0x4e, 0xdf, 0x0c, 0x44, + 0x59, 0x3a, 0xef, 0x9a, 0xd8, 0x22, 0xa2, 0x5f, 0x80, 0xb5, 0x4f, 0xbe, + 0x84, 0x23, 0xe3, 0x74, 0x77, 0x3c, 0x9e, 0x27, 0x64, 0xac, 0x65, 0xf4, + 0xbb, 0x34, 0xb7, 0xa4, 0xfe, 0x02, 0x1a, 0x88, 0x05, 0x3b, 0x4b, 0xb8, + 0xd8, 0xb9, 0x26, 0x69, 0x22, 0x97, 0x3d, 0x93, 0x9b, 0xe8, 0x72, 0xaa, + 0x4d, 0x8f, 0x76, 0x51, 0x12, 0x59, 0x58, 0xf1, 0x1a, 0xa3, 0xdb, 0x5d, + 0xbc, 0xea, 0x84, 0x19, 0x55, 0x4f, 0x00, 0xfb, 0xe2, 0x57, 0x47, 0xca, + 0xea, 0xbe, 0x8f, 0x85, 0x8b, 0x1c, 0x27, 0x8d, 0x81, 0x70, 0x7f, 0xf1, + 0x56, 0x58, 0xe1, 0x26, 0x94, 0xd8, 0x2f, 0xde, 0xac, 0xc8, 0xac, 0xbf, + 0xc3, 0xc6, 0x67, 0xa6, 0xf4, 0x6c, 0xec, 0x20, 0x3c, 0xbc, 0x9d, 0xd9, + 0xd0, 0xa1, 0x4e, 0x8c, 0x11, 0x19, 0x2b, 0xb3, 0xa1, 0xdf, 0x6a, 0x8f, + 0xa2, 0xc3, 0xcc, 0xf6, 0xbd, 0x09, 0x7a, 0x96, 0x61, 0x20, 0xd4, 0x06, + 0x99, 0x4c, 0x6f, 0x23, 0x9b, 0x4c, 0xcc, 0x73, 0x8b, 0x42, 0x48, 0x99, + 0x45, 0x8f, 0xcb, 0xc8, 0x46, 0x1a, 0xfb, 0x51, 0x03, 0x6a, 0xf2, 0x22, + 0x85, 0x88, 0x9d, 0x61, 0x8b, 0x16, 0x33, 0xf4, 0xf7, 0x9b, 0xc8, 0x21, + 0x4f, 0xb1, 0xcd, 0x30, 0xfc, 0x29, 0x88, 0x12, 0xdc, 0xd4, 0x30, 0x4c, + 0xb9, 0xad, 0x34, 0xde, 0x01, 0xf8, 0xc1, 0x12, 0xa7, 0x4d, 0xc7, 0x31, + 0x99, 0x2b, 0x45, 0x88, 0x06, 0x34, 0x69, 0x6e, 0x6d, 0x34, 0xd8, 0xdd, + 0x0a, 0x3d, 0x59, 0x74, 0x36, 0x31, 0x6a, 0xed, 0x91, 0x3b, 0x5b, 0x88, + 0x43, 0x46, 0x3f, 0x67, 0x66, 0xe4, 0xde, 0x52, 0xb4, 0xbf, 0x7b, 0x3d, + 0x54, 0x79, 0xaf, 0x8d, 0xf5, 0x0a, 0x80, 0xfd, 0xeb, 0x31, 0x24, 0xbc, + 0x24, 0xd7, 0x21, 0x9f, 0x87, 0xab, 0xbd, 0x75, 0x2c, 0x13, 0x13, 0x96, + 0xab, 0x76, 0xfb, 0xb2, 0x44, 0xd0, 0xd2, 0x19, 0xf1, 0x95, 0x9a, 0x91, + 0xbf, 0x7a, 0x7b, 0x76, 0x95, 0x72, 0xa9, 0x16, 0xfc, 0x3e, 0xa9, 0x4e, + 0x01, 0x15, 0x3d, 0x43, 0x73, 0xa3, 0x8b, 0xef, 0x48, 0xad, 0x11, 0xbd, + 0x53, 0xd3, 0x0c, 0x15, 0x15, 0x1a, 0xb4, 0x3a, 0xe0, 0x7f, 0x9a, 0xa1, + 0x36, 0x47, 0x72, 0x92, 0xf0, 0xdf, 0xb0, 0xe2, 0xbc, 0x35, 0xd4, 0x32, + 0x6b, 0x37, 0x69, 0x4f, 0x47, 0x9a, 0xe2, 0x35, 0x8a, 0x31, 0x60, 0xed, + 0x80, 0x57, 0xe2, 0x9d, 0x58, 0x9c, 0x7f, 0x46, 0xd2, 0x54, 0x0e, 0x28, + 0x53, 0x8b, 0x1f, 0x46, 0x34, 0x22, 0xac, 0x71, 0xc7, 0xca, 0x0f, 0xb4, + 0xb7, 0x7a, 0xfc, 0x34, 0x57, 0xa5, 0x86, 0x8d, 0x66, 0x5c, 0xc7, 0x3a, + 0xdb, 0xf8, 0x79, 0x3a, 0x8a, 0xf6, 0xa2, 0x1e, 0x09, 0xc9, 0x10, 0xe9, + 0x93, 0x3a, 0xc5, 0xed, 0xb2, 0xca, 0xbb, 0x66, 0xf1, 0x9d, 0xc9, 0x9c, + 0x42, 0x75, 0x64, 0x3e, 0xe4, 0x12, 0x2b, 0x67, 0xf8, 0xbf, 0x2b, 0x98, + 0x5d, 0xb6, 0xa0, 0xba, 0x79, 0x98, 0xe0, 0x47, 0x5c, 0x77, 0x85, 0x4e, + 0x26, 0x71, 0xfe, 0xab, 0x5c, 0xa8, 0x32, 0x93, 0xec, 0xd0, 0x26, 0x90, + 0xe4, 0xda, 0x2f, 0x34, 0x8a, 0x50, 0xb8, 0x3b, 0x7b, 0x4c, 0x5f, 0xa9, + 0x3e, 0x8a, 0xa8, 0xf3, 0xc0, 0xb7, 0x50, 0x0b, 0x77, 0x4e, 0x8c, 0xa0, + 0xaf, 0xdb, 0x59, 0xe7, 0xac, 0xd1, 0x34, 0x4e, 0x62, 0x47, 0x2e, 0x1e, + 0x5e, 0xb4, 0xc9, 0x64, 0xf8, 0x0f, 0xf4, 0xf8, 0xb6, 0x9a, 0xe3, 0x7e, + 0xcf, 0xb7, 0xee, 0x11, 0x14, 0x52, 0x89, 0x3b, 0x27, 0x98, 0xfc, 0x95, + 0xa7, 0xad, 0xbf, 0x61, 0x34, 0xad, 0x1a, 0x24, 0x2a, 0x48, 0x66, 0x65, + 0x75, 0x9c, 0x59, 0xc0, 0x4f, 0x5f, 0x3d, 0x5a, 0x8c, 0xee, 0xd0, 0xb1, + 0x17, 0x6d, 0x34, 0x46, 0x37, 0xa0, 0xba, 0x71, 0xac, 0x77, 0x73, 0x29, + 0xa3, 0x37, 0x4f, 0x02, 0xd3, 0x7f, 0x0e, 0xe8, 0xce, 0xff, 0x80, 0x11, + 0x45, 0x42, 0x03, 0x5a, 0x87, 0xaa, 0xff, 0x25, 0x12, 0x1f, 0x43, 0x19, + 0x3e, 0xa9, 0x62, 0x96, 0x0c, 0x6f, 0x33, 0x88, 0x5c, 0xaa, 0xf9, 0xe2, + 0xb4, 0xb9, 0xf7, 0x55, 0xae, 0xb5, 0x76, 0x57, 0x47, 0x83, 0xe3, 0xfa, + 0x05, 0xda, 0x86, 0x02, 0x97, 0xb4, 0x60, 0xae, 0x59, 0xd5, 0x6c, 0xc1, + 0x33, 0xe1, 0x36, 0x36, 0x94, 0x79, 0x9e, 0xad, 0xa3, 0x2d, 0xbc, 0xb5, + 0xa2, 0xeb, 0xdd, 0xcd, 0xcb, 0x48, 0x42, 0x15, 0xb8, 0xe6, 0x0e, 0x76, + 0x5b, 0x57, 0x74, 0x24, 0xe6, 0x89, 0xc4, 0xe8, 0x08, 0xa9, 0xfe, 0xb3, + 0x23, 0xa6, 0xca, 0x72, 0xe2, 0xe4, 0xcb, 0xc1, 0x4a, 0xd1, 0x1d, 0xb9, + 0x5e, 0x36, 0x97, 0x19, 0x7c, 0x15, 0x48, 0xf1, 0x2d, 0xeb, 0xec, 0xad, + 0x52, 0x6f, 0x2f, 0xe1, 0x19, 0xcf, 0xcf, 0x98, 0x13, 0x0d, 0xcc, 0xb2, + 0xa6, 0x8a, 0xda, 0x93, 0x24, 0x3d, 0x5d, 0x83, 0xfe, 0x8d, 0x9e, 0x47, + 0xd8, 0x6e, 0x8d, 0x06, 0x52, 0x7d, 0x46, 0x84, 0x04, 0x69, 0x34, 0x61, + 0x04, 0x50, 0x1f, 0x86, 0x92, 0x94, 0xe9, 0x0b, 0x13, 0x5b, 0xf6, 0x16, + 0x81, 0xeb, 0xfa, 0xf1, 0xbb, 0x04, 0x68, 0x17, 0xca, 0x35, 0x6f, 0xba, + 0x4e, 0x4c, 0x33, 0xce, 0xf4, 0x26, 0xb7, 0x74, 0xab, 0xa5, 0xd0, 0xaa, + 0x0d, 0x85, 0x11, 0x30, 0x58, 0x62, 0xdf, 0x48, 0xc7, 0xdf, 0xc9, 0x38, + 0x9e, 0x6f, 0x96, 0x23, 0x2f, 0xc1, 0xd4, 0x8d, 0x65, 0x9b, 0x46, 0x5f, + 0x9c, 0xea, 0x26, 0x60, 0xb5, 0x95, 0x85, 0x71, 0x18, 0xc3, 0xf4, 0x54, + 0x61, 0xca, 0xfe, 0x55, 0x3b, 0xbe, 0x81, 0xaf, 0xd9, 0x3a, 0x27, 0xe9, + 0x1c, 0x30, 0x82, 0x05, 0x41, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x82, 0x05, 0x32, 0x04, 0x82, 0x05, 0x2e, + 0x30, 0x82, 0x05, 0x2a, 0x30, 0x82, 0x05, 0x26, 0x06, 0x0b, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x02, 0xa0, 0x82, 0x04, + 0xee, 0x30, 0x82, 0x04, 0xea, 0x30, 0x1c, 0x06, 0x0a, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x03, 0x30, 0x0e, 0x04, 0x08, 0xd9, + 0x68, 0xcb, 0x08, 0x16, 0xc8, 0x93, 0x57, 0x02, 0x02, 0x08, 0x00, 0x04, + 0x82, 0x04, 0xc8, 0x7c, 0xdb, 0xa6, 0x1e, 0x33, 0xa4, 0xc6, 0x4e, 0x13, + 0x22, 0x7a, 0x1f, 0xc6, 0x82, 0xab, 0x93, 0x5f, 0xf0, 0xa4, 0xe4, 0x40, + 0xac, 0xdf, 0x16, 0xec, 0x8d, 0x1f, 0xd9, 0xe4, 0x03, 0xd6, 0xc9, 0xc4, + 0x1d, 0xfd, 0xa3, 0xe3, 0xba, 0xfc, 0xcb, 0xd0, 0x47, 0x65, 0x0c, 0x6e, + 0x5d, 0xfc, 0xd2, 0xd4, 0x63, 0xa7, 0x93, 0xf6, 0x8a, 0x44, 0x8c, 0xfe, + 0x84, 0xd8, 0x0d, 0xa6, 0x16, 0x22, 0xe1, 0x65, 0x10, 0x5e, 0x18, 0x44, + 0x58, 0x2f, 0xc7, 0x64, 0x74, 0x5f, 0xcf, 0x73, 0x34, 0xe1, 0x4b, 0xe4, + 0xb3, 0x5b, 0xdb, 0x81, 0x4b, 0x1c, 0x38, 0x72, 0xa6, 0xc5, 0xeb, 0x56, + 0x9b, 0xc7, 0xe3, 0x3d, 0x54, 0x6e, 0x05, 0x2c, 0xd3, 0x57, 0xc9, 0x4f, + 0x80, 0x1e, 0xd7, 0xd8, 0x26, 0x6a, 0xcb, 0x79, 0x46, 0x70, 0xfc, 0x45, + 0xa7, 0x79, 0xab, 0x01, 0x03, 0xb6, 0xb1, 0x44, 0x41, 0xd9, 0x73, 0x37, + 0xaa, 0xd7, 0xf9, 0x44, 0x93, 0xaf, 0xbb, 0xb5, 0x77, 0xeb, 0x2b, 0x20, + 0x2e, 0xbd, 0xea, 0x2f, 0xde, 0xa6, 0x2f, 0xd6, 0xac, 0x74, 0xa5, 0x34, + 0xfb, 0xdf, 0xf7, 0x02, 0xa2, 0x20, 0x15, 0xc8, 0x61, 0x72, 0xbb, 0x7f, + 0x04, 0xf6, 0x0f, 0xf8, 0x7e, 0xc3, 0xe6, 0xab, 0x2a, 0xe6, 0xd8, 0xe1, + 0x0d, 0x5a, 0x3c, 0xc0, 0x58, 0xae, 0xf8, 0x1b, 0x15, 0x3c, 0x7b, 0x7f, + 0xf5, 0x9f, 0xec, 0xf7, 0x3f, 0x30, 0x4f, 0x3d, 0x6c, 0x44, 0xdd, 0x0e, + 0x4c, 0x2c, 0x93, 0x68, 0x43, 0x31, 0xa8, 0x97, 0x4b, 0xf6, 0x66, 0x71, + 0x2a, 0x52, 0x3e, 0x3a, 0xe6, 0x72, 0x8a, 0xe6, 0xe3, 0xc8, 0xff, 0x65, + 0x68, 0x1a, 0x46, 0x21, 0xb3, 0xf0, 0x46, 0x7c, 0x0c, 0x65, 0xd1, 0x8e, + 0xa4, 0x91, 0x11, 0x5c, 0x93, 0xeb, 0xeb, 0xae, 0x46, 0xf4, 0xbb, 0xf8, + 0xf3, 0x7e, 0x20, 0x30, 0xf8, 0xcd, 0x19, 0xcd, 0x54, 0x0a, 0x7f, 0x4f, + 0xe8, 0xac, 0xa9, 0xac, 0x72, 0x96, 0x80, 0x45, 0x2a, 0x4a, 0x63, 0x90, + 0x01, 0x19, 0xd0, 0x7e, 0x26, 0x53, 0x2d, 0xc4, 0x20, 0xa5, 0x1f, 0x89, + 0x67, 0x0f, 0xd9, 0x75, 0x51, 0x0a, 0xf1, 0xd4, 0xfd, 0x2e, 0xbe, 0xe6, + 0x94, 0x3b, 0x6c, 0x8c, 0xe3, 0x0f, 0x5f, 0xce, 0x58, 0x48, 0xde, 0x8d, + 0xeb, 0xd3, 0xe1, 0x0a, 0xcd, 0xdf, 0x34, 0x4d, 0xd1, 0x5b, 0xab, 0x41, + 0x41, 0x6b, 0xeb, 0xa1, 0x2f, 0x01, 0x4a, 0x72, 0x2e, 0xf4, 0x5e, 0x44, + 0x76, 0xc7, 0xe6, 0x16, 0xb9, 0xfb, 0x10, 0x37, 0x00, 0x2d, 0xc6, 0x3b, + 0x17, 0x72, 0x21, 0xdb, 0xac, 0x86, 0x7b, 0xf5, 0x70, 0x3f, 0x73, 0xa3, + 0xce, 0x0e, 0x20, 0xbb, 0x59, 0x4c, 0x23, 0xc2, 0xe8, 0x22, 0x22, 0xe0, + 0x02, 0x0d, 0xe4, 0xa2, 0x3f, 0x55, 0x9d, 0xc0, 0xeb, 0x9a, 0xc4, 0xf3, + 0xaa, 0xb8, 0xf1, 0x73, 0xec, 0x47, 0xe8, 0x2d, 0x6b, 0xa1, 0x40, 0x94, + 0xf6, 0x07, 0xb9, 0x6f, 0x03, 0x5a, 0x78, 0xe5, 0x59, 0x41, 0x1a, 0xc7, + 0xcd, 0x43, 0x10, 0x20, 0x28, 0x95, 0xe0, 0x2a, 0x6f, 0xf2, 0xf8, 0x12, + 0xd6, 0x13, 0x7f, 0x37, 0x3d, 0x38, 0xa7, 0x22, 0x91, 0xc6, 0xe3, 0x52, + 0xde, 0xd8, 0xbf, 0x78, 0x9a, 0xa4, 0xf7, 0xc0, 0x8c, 0xbf, 0x81, 0x28, + 0x20, 0xb8, 0x01, 0xde, 0xb5, 0x6b, 0x0a, 0x56, 0x12, 0x5c, 0x62, 0x1d, + 0xaf, 0xb7, 0xf2, 0x74, 0x66, 0x0a, 0x7a, 0xc4, 0x9f, 0x1e, 0xc2, 0xa8, + 0x4c, 0xd6, 0x76, 0x6d, 0x74, 0x35, 0x37, 0x12, 0x5c, 0x95, 0xee, 0x98, + 0x1d, 0xe2, 0x91, 0xde, 0x13, 0x08, 0xd0, 0x59, 0x4d, 0x62, 0x92, 0x69, + 0x1b, 0xf7, 0x21, 0x45, 0xaf, 0x83, 0xf8, 0x64, 0xf0, 0xfb, 0x92, 0x9d, + 0xa1, 0xd9, 0x61, 0x5e, 0x00, 0xc8, 0x1a, 0x6e, 0x6a, 0x2d, 0xad, 0xa8, + 0x1b, 0x0e, 0xaf, 0xea, 0xb2, 0xae, 0x1c, 0x89, 0xc7, 0x4d, 0x2c, 0x0f, + 0x4d, 0x8d, 0x78, 0x8d, 0x15, 0x9d, 0x4c, 0x90, 0x52, 0xa1, 0xa9, 0xd8, + 0xb2, 0x66, 0xb9, 0xb1, 0x46, 0x0a, 0x69, 0x86, 0x2b, 0x0f, 0xb2, 0x41, + 0xce, 0xe8, 0x8e, 0x49, 0x97, 0x08, 0x0b, 0x70, 0x97, 0xcb, 0xa4, 0x33, + 0x3f, 0x83, 0x6b, 0x6c, 0x17, 0xce, 0xd8, 0xd5, 0x9b, 0xd4, 0x55, 0x9b, + 0x99, 0xe1, 0xba, 0x61, 0x31, 0x36, 0x79, 0x31, 0x5f, 0xa1, 0x8c, 0xa9, + 0x77, 0x42, 0xaa, 0x8c, 0x45, 0x6e, 0xb6, 0x90, 0x08, 0xe8, 0x2e, 0xc4, + 0x72, 0x69, 0x42, 0xca, 0xa2, 0xd4, 0x8a, 0x2c, 0x37, 0xe1, 0xde, 0xb8, + 0x98, 0x36, 0xeb, 0xcc, 0x58, 0x0c, 0x24, 0xad, 0xab, 0x62, 0x44, 0x6d, + 0x80, 0xd5, 0xce, 0x2e, 0x4a, 0x3e, 0xa5, 0xc5, 0x34, 0xf8, 0x32, 0x26, + 0x2a, 0x56, 0xa4, 0xdd, 0xe9, 0x92, 0x06, 0xad, 0xe8, 0x85, 0x77, 0x6b, + 0xf1, 0x1b, 0xeb, 0xac, 0x77, 0x19, 0x1c, 0x6a, 0xb7, 0xef, 0x28, 0x70, + 0x87, 0x92, 0x33, 0xdd, 0xaa, 0x30, 0xc1, 0xa0, 0x93, 0x64, 0x18, 0xa2, + 0x91, 0x7f, 0xf7, 0xc4, 0xa5, 0x16, 0x93, 0xb3, 0x5b, 0xd8, 0x53, 0x28, + 0xc5, 0x5e, 0xb1, 0xce, 0x97, 0xbc, 0xb6, 0x65, 0xa8, 0x53, 0xcd, 0xf4, + 0x4d, 0x6b, 0xea, 0x6f, 0x6f, 0xa5, 0x1c, 0xf1, 0x0f, 0xcb, 0x04, 0x25, + 0x4a, 0xfe, 0x7d, 0xfc, 0xa3, 0xbd, 0x41, 0xd3, 0x96, 0x6a, 0x8b, 0xad, + 0xd4, 0xaa, 0x0a, 0x76, 0xea, 0x3b, 0xab, 0x39, 0x55, 0xa3, 0x89, 0x9f, + 0xf6, 0xf5, 0x9b, 0x9c, 0x83, 0xf8, 0x28, 0x50, 0xdf, 0x31, 0x74, 0x83, + 0xdb, 0xf1, 0x0f, 0x4c, 0x35, 0x6a, 0xe5, 0x64, 0x2e, 0xb9, 0x77, 0x3d, + 0xdd, 0xff, 0xa3, 0xa7, 0x90, 0x79, 0xc6, 0x5b, 0x01, 0x16, 0x38, 0xa8, + 0x22, 0xa3, 0x14, 0x13, 0xed, 0xd0, 0x89, 0x0d, 0x1f, 0x3a, 0x41, 0x4c, + 0x57, 0x79, 0xfc, 0x1d, 0xdf, 0xad, 0x1a, 0x11, 0x15, 0x31, 0x7e, 0xdb, + 0x99, 0x3a, 0x6c, 0xde, 0x94, 0x9a, 0x45, 0x4c, 0xfb, 0xa5, 0xa5, 0x31, + 0xee, 0xe3, 0x09, 0x13, 0x6d, 0xfd, 0x19, 0x37, 0x3f, 0xf6, 0xed, 0x8f, + 0x0c, 0xce, 0x4b, 0xd1, 0xe1, 0x3d, 0xfb, 0x85, 0x00, 0x84, 0x19, 0xeb, + 0xa2, 0x63, 0x1d, 0x2b, 0x2d, 0x21, 0xee, 0x08, 0x5a, 0x6d, 0xb0, 0xb1, + 0xd6, 0x81, 0x00, 0xb6, 0xd0, 0x09, 0x90, 0xb4, 0x84, 0x17, 0xd9, 0x2a, + 0x3c, 0x1d, 0x53, 0xc6, 0xc1, 0x8b, 0xda, 0xae, 0x0c, 0x0a, 0x3e, 0x1c, + 0x8a, 0xc4, 0xd6, 0x97, 0x5d, 0x48, 0xe7, 0x79, 0x80, 0x78, 0xaa, 0xde, + 0x17, 0x60, 0x5d, 0x28, 0x15, 0x3a, 0x42, 0xb7, 0x85, 0xc8, 0x60, 0x93, + 0x28, 0xb0, 0x4e, 0xc9, 0xf7, 0x46, 0xe7, 0xfc, 0x4e, 0x9f, 0x9f, 0x12, + 0xdf, 0xcb, 0x6e, 0x0c, 0xaf, 0x71, 0xda, 0xb7, 0xec, 0x3d, 0x46, 0xf3, + 0x35, 0x41, 0x42, 0xd8, 0x27, 0x92, 0x99, 0x1c, 0x4d, 0xc9, 0x3c, 0xe9, + 0x0e, 0xcb, 0x3f, 0x57, 0x65, 0x77, 0x0d, 0xdd, 0xff, 0xea, 0x70, 0x35, + 0xcc, 0xf5, 0x38, 0x1b, 0x57, 0xdf, 0x6d, 0xcb, 0xfd, 0x13, 0x39, 0xd6, + 0x04, 0xe2, 0xf1, 0xc2, 0xd9, 0xea, 0x8c, 0x9f, 0xfb, 0xb5, 0xfc, 0xe6, + 0xa9, 0xaa, 0x0f, 0x43, 0xc9, 0x9c, 0x91, 0xe4, 0x21, 0xaf, 0x37, 0x14, + 0x78, 0x46, 0xe1, 0x29, 0x41, 0x0c, 0x4e, 0xf5, 0x93, 0x1d, 0xf8, 0x33, + 0x47, 0x6f, 0x9d, 0x8b, 0xf3, 0x27, 0xd4, 0xbb, 0xf6, 0xae, 0xfa, 0xa5, + 0x8b, 0x41, 0x8f, 0xb4, 0xd7, 0x2f, 0xc1, 0x27, 0xea, 0x70, 0x55, 0x1d, + 0xe2, 0xd8, 0x0c, 0x4a, 0x5e, 0x7c, 0x87, 0xa4, 0x0e, 0x84, 0x07, 0xd3, + 0x38, 0x67, 0x2c, 0x55, 0x11, 0xfd, 0x1e, 0xda, 0x4d, 0x66, 0x01, 0x12, + 0x0c, 0x1b, 0x7c, 0x7c, 0x5c, 0x82, 0x21, 0x35, 0x65, 0x5c, 0x7a, 0xd2, + 0x66, 0xc2, 0x2b, 0x5e, 0xb8, 0xb1, 0xcb, 0xdf, 0x59, 0xc9, 0x31, 0xb7, + 0x17, 0x26, 0x96, 0x5e, 0x6f, 0x1c, 0x62, 0x3d, 0x8d, 0x88, 0xf1, 0xd1, + 0x01, 0x3e, 0xf9, 0x6f, 0xb9, 0x77, 0xdc, 0xee, 0xee, 0x78, 0x59, 0xef, + 0xcf, 0x3a, 0x87, 0x88, 0xa2, 0xea, 0xfd, 0x0a, 0xa9, 0xa9, 0x3e, 0x0c, + 0xf8, 0x7f, 0x97, 0x32, 0x17, 0xc2, 0x97, 0xcb, 0xa4, 0x9b, 0xae, 0x5d, + 0xe7, 0x39, 0x2b, 0x2b, 0xa8, 0xe6, 0x7b, 0x51, 0x75, 0x1f, 0x53, 0x54, + 0x37, 0xf4, 0x00, 0xa4, 0xb0, 0xa0, 0x93, 0xb4, 0x33, 0xe7, 0xae, 0x28, + 0xc0, 0x2d, 0x3a, 0xb3, 0xaa, 0xd7, 0x3c, 0x76, 0x44, 0x4b, 0xbb, 0x6a, + 0x67, 0x98, 0xce, 0xf8, 0x15, 0x13, 0x67, 0x79, 0x3c, 0x15, 0x09, 0xb7, + 0x22, 0xc0, 0xec, 0x07, 0x8a, 0xfd, 0x44, 0xcb, 0x99, 0xbd, 0xdc, 0xd5, + 0x53, 0x4c, 0x97, 0x1b, 0x46, 0xaf, 0xc0, 0x6c, 0x06, 0x01, 0x93, 0x8a, + 0x50, 0x51, 0x6a, 0xe4, 0x5c, 0x0a, 0x52, 0x81, 0x3b, 0x75, 0xed, 0xa2, + 0x97, 0xa6, 0x5c, 0x55, 0x63, 0xee, 0xfb, 0x33, 0x82, 0x10, 0xa8, 0x21, + 0x1a, 0x8d, 0xc8, 0xe1, 0x52, 0x68, 0x38, 0x88, 0x2f, 0xae, 0x2b, 0x22, + 0x7a, 0x9b, 0x0c, 0x19, 0x73, 0x6f, 0x91, 0xc7, 0xfa, 0x95, 0x61, 0x28, + 0x74, 0x73, 0x70, 0x31, 0x25, 0x30, 0x23, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x15, 0x31, 0x16, 0x04, 0x14, 0x14, 0x74, + 0x2d, 0x52, 0x8e, 0x0d, 0x0c, 0x06, 0x6c, 0x32, 0x64, 0xd3, 0x7e, 0x33, + 0x31, 0x68, 0x8b, 0x28, 0x1a, 0x75, 0x30, 0x31, 0x30, 0x21, 0x30, 0x09, + 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, 0x22, + 0x8e, 0xff, 0x5a, 0x78, 0xec, 0x2c, 0x21, 0xa2, 0x48, 0xb7, 0x63, 0x88, + 0x10, 0x47, 0x1c, 0xc0, 0xd3, 0xec, 0x5a, 0x04, 0x08, 0xb3, 0x2e, 0x21, + 0xfd, 0x82, 0x14, 0xd8, 0x5c, 0x02, 0x02, 0x08, 0x00, +}; + +/* kNSS is the result of importing the OpenSSL example PKCS#12 into Chrome and + * then exporting it again. */ +static const uint8_t kNSS[] = { + 0x30, 0x80, 0x02, 0x01, 0x03, 0x30, 0x80, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x80, 0x24, 0x80, 0x04, 0x82, + 0x09, 0xef, 0x30, 0x80, 0x30, 0x80, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x80, 0x24, 0x80, 0x04, 0x82, 0x05, + 0x77, 0x30, 0x82, 0x05, 0x73, 0x30, 0x82, 0x05, 0x6f, 0x06, 0x0b, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x02, 0xa0, 0x82, + 0x04, 0xf6, 0x30, 0x82, 0x04, 0xf2, 0x30, 0x24, 0x06, 0x0a, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x03, 0x30, 0x16, 0x04, 0x10, + 0xac, 0x71, 0x8a, 0x7c, 0x89, 0xcf, 0xa8, 0xb0, 0xd6, 0xd1, 0x07, 0xf0, + 0x83, 0x4f, 0x7a, 0xd0, 0x02, 0x02, 0x07, 0xd0, 0x04, 0x82, 0x04, 0xc8, + 0xea, 0x51, 0x2c, 0x61, 0xaa, 0x9d, 0xf3, 0x90, 0xe1, 0x38, 0x45, 0xb0, + 0x5f, 0xfd, 0xe2, 0x04, 0x65, 0xe6, 0xff, 0x87, 0xb6, 0x78, 0x69, 0xb0, + 0xcb, 0x14, 0xe9, 0x99, 0x39, 0xe3, 0xe5, 0x70, 0x84, 0x57, 0x68, 0xf7, + 0x28, 0xb9, 0x75, 0xa6, 0xfb, 0x16, 0x72, 0xe1, 0x34, 0xb8, 0x3b, 0x61, + 0x51, 0x89, 0x18, 0x94, 0x40, 0xef, 0x73, 0xda, 0xdb, 0xd7, 0xb7, 0x44, + 0x73, 0x8f, 0x16, 0x84, 0xa2, 0x99, 0xa6, 0x05, 0x5e, 0x74, 0xae, 0xe2, + 0xcf, 0x3e, 0x99, 0xca, 0xcd, 0x76, 0x36, 0x77, 0x59, 0xec, 0x25, 0x59, + 0x3d, 0x4b, 0x45, 0xa5, 0x4e, 0x7b, 0x7a, 0xc9, 0x8b, 0xde, 0x4f, 0x70, + 0x6d, 0xb1, 0xa8, 0xf3, 0xb6, 0xb5, 0xe7, 0x67, 0x3f, 0xe9, 0x64, 0xb8, + 0x49, 0xf4, 0x11, 0x94, 0x9d, 0x1c, 0xb0, 0xa5, 0xfb, 0xb3, 0x61, 0xd4, + 0xf3, 0xa7, 0x68, 0x66, 0xd7, 0xa4, 0xf0, 0xcd, 0xc8, 0x40, 0x4f, 0x3e, + 0xa7, 0x26, 0x40, 0x76, 0x64, 0xa1, 0x4e, 0xf1, 0x91, 0xc2, 0xa3, 0xef, + 0xbc, 0xcd, 0x42, 0xe5, 0xd2, 0x6f, 0xff, 0xfe, 0x4d, 0x33, 0x01, 0xb4, + 0x99, 0x63, 0x1b, 0xd3, 0x01, 0x55, 0x00, 0xa6, 0x23, 0x9b, 0xa9, 0x17, + 0x09, 0x38, 0x32, 0x18, 0x36, 0xbc, 0x20, 0x02, 0xfe, 0x7b, 0xec, 0xd3, + 0x4c, 0x7d, 0xc9, 0xc9, 0xce, 0x66, 0x3b, 0x34, 0x6e, 0xea, 0xf9, 0xb1, + 0x1a, 0x83, 0xa3, 0x3c, 0x8d, 0xc7, 0x79, 0xc9, 0xff, 0x6b, 0x1d, 0x35, + 0xf6, 0x2a, 0x3d, 0x3b, 0x83, 0x16, 0x64, 0xcf, 0x9f, 0x7c, 0x31, 0x02, + 0xda, 0x37, 0x1a, 0x16, 0x49, 0xdc, 0xd9, 0x70, 0xae, 0x99, 0x2c, 0xc7, + 0x01, 0xba, 0x42, 0xab, 0xe9, 0x4d, 0xa4, 0x78, 0x2c, 0xbd, 0xa0, 0xf1, + 0xb7, 0xcf, 0xdd, 0xc1, 0xdb, 0x8f, 0x04, 0x87, 0x0b, 0x47, 0x4f, 0xd5, + 0xd5, 0xe7, 0xfc, 0x6e, 0x42, 0xd5, 0x91, 0x4d, 0x7b, 0x1b, 0x5c, 0x3c, + 0x02, 0x70, 0xdb, 0x05, 0x91, 0xaf, 0x35, 0x43, 0x05, 0xc2, 0x6d, 0xcf, + 0x59, 0x23, 0xfc, 0xc4, 0xf6, 0x67, 0xf1, 0x84, 0x61, 0x4a, 0xb6, 0x4c, + 0x15, 0x15, 0xa3, 0xea, 0x8f, 0x13, 0x15, 0xe3, 0xd2, 0xb5, 0x50, 0xc8, + 0xae, 0xc8, 0x5c, 0x03, 0xb5, 0x63, 0x93, 0xaa, 0x10, 0xd7, 0x56, 0x0d, + 0x6e, 0x13, 0x45, 0x8f, 0xec, 0x17, 0x5c, 0x5c, 0x73, 0x91, 0x5f, 0x6c, + 0xaf, 0x11, 0x13, 0x32, 0x5e, 0x14, 0xf9, 0xaf, 0xaf, 0x43, 0x04, 0x60, + 0x93, 0x42, 0x30, 0xa6, 0x75, 0xc0, 0x83, 0xd2, 0x4c, 0xa5, 0x0a, 0x16, + 0x39, 0xef, 0x3f, 0xf7, 0x9d, 0x23, 0x19, 0xb9, 0xcd, 0xd8, 0x7c, 0x6e, + 0xee, 0x6d, 0x2e, 0xff, 0x5a, 0xf3, 0xb9, 0xab, 0xe5, 0x64, 0xdc, 0xc2, + 0x67, 0x30, 0x73, 0x19, 0x2d, 0xea, 0xd2, 0x19, 0x1f, 0x1f, 0xe0, 0xd9, + 0xac, 0xc9, 0xdb, 0x38, 0x74, 0x5e, 0x31, 0x47, 0x2e, 0x9e, 0x2b, 0xcc, + 0xb9, 0xe4, 0x29, 0xf8, 0xb2, 0xbf, 0x1b, 0xbc, 0x68, 0x96, 0x79, 0xcf, + 0xaf, 0xf2, 0x1f, 0x57, 0x3f, 0x74, 0xc4, 0x71, 0x63, 0xb4, 0xe8, 0xbe, + 0x58, 0xdb, 0x28, 0x62, 0xb5, 0x79, 0x8b, 0xe4, 0xd0, 0x96, 0xd0, 0xda, + 0x0f, 0xd2, 0x70, 0x93, 0x2f, 0x71, 0xe0, 0x9f, 0x28, 0xb7, 0x52, 0x38, + 0x9c, 0xcb, 0x8b, 0x2a, 0x8e, 0xbf, 0x0e, 0x3d, 0x60, 0x05, 0x0a, 0x91, + 0x5b, 0xb5, 0x78, 0x10, 0x31, 0x00, 0x80, 0x31, 0x2d, 0xd7, 0xb0, 0x88, + 0xc7, 0xd9, 0x58, 0xc6, 0xfc, 0x3b, 0xf4, 0xee, 0xec, 0xba, 0x05, 0xae, + 0xae, 0xff, 0xcf, 0xd0, 0x71, 0xc6, 0xe7, 0xf3, 0x8b, 0x64, 0x50, 0x7a, + 0x09, 0x93, 0x0f, 0x34, 0x59, 0x2d, 0xde, 0x4b, 0x1d, 0x86, 0x49, 0xff, + 0x63, 0x76, 0x28, 0x6b, 0x52, 0x1b, 0x46, 0x06, 0x18, 0x90, 0x1c, 0x2d, + 0xc5, 0x03, 0xcc, 0x00, 0x4d, 0xb7, 0xb2, 0x12, 0xc5, 0xf9, 0xb4, 0xa4, + 0x6a, 0x36, 0x62, 0x46, 0x34, 0x2a, 0xf0, 0x11, 0xa3, 0xd6, 0x80, 0x21, + 0xbf, 0x3b, 0xfd, 0xc5, 0x25, 0xa0, 0x4d, 0xc0, 0x2e, 0xc0, 0xf1, 0x7b, + 0x96, 0x11, 0x64, 0x8e, 0xb9, 0xdb, 0x89, 0x4e, 0x33, 0x89, 0xf5, 0xc6, + 0xfc, 0x2b, 0x99, 0xf5, 0xc2, 0x04, 0x83, 0x15, 0x47, 0xa8, 0xa5, 0xc1, + 0x4a, 0xe4, 0x76, 0xab, 0x3e, 0xf0, 0x9b, 0xb7, 0x8d, 0x46, 0xd3, 0x52, + 0x9b, 0xbd, 0xfd, 0x2b, 0xba, 0x73, 0x5d, 0x23, 0x67, 0x68, 0xe1, 0x76, + 0x6f, 0x56, 0x2b, 0x17, 0xe4, 0x7e, 0x9a, 0xfd, 0x05, 0x48, 0x39, 0xc9, + 0xcf, 0xa5, 0x83, 0xf7, 0x90, 0x9c, 0xa4, 0x28, 0x57, 0x40, 0xe9, 0xd4, + 0x4b, 0x1a, 0x4b, 0x6f, 0x65, 0x14, 0xca, 0x43, 0xc1, 0x3f, 0x7c, 0xec, + 0x82, 0x47, 0x0e, 0x64, 0x8b, 0x6f, 0x8c, 0xb2, 0xf0, 0x6d, 0xeb, 0x6f, + 0x71, 0x8f, 0xcc, 0x2d, 0x60, 0x2b, 0xc3, 0x9f, 0x13, 0x94, 0xc7, 0x23, + 0x02, 0xf5, 0xe6, 0xdf, 0x2d, 0xa9, 0xdb, 0xa9, 0xf3, 0xee, 0xe9, 0x3f, + 0x2a, 0x69, 0x24, 0x6b, 0x78, 0xff, 0x6a, 0xd7, 0xe4, 0x69, 0x8c, 0x17, + 0xd5, 0xc1, 0x36, 0x1a, 0xca, 0x77, 0xb0, 0xb5, 0x6b, 0x96, 0x4a, 0xb5, + 0x0e, 0x4d, 0x0b, 0xd6, 0xd9, 0x78, 0xc5, 0xbf, 0xe3, 0x59, 0xfe, 0x63, + 0xe3, 0xd3, 0x3c, 0x9a, 0xfa, 0xd7, 0x69, 0x5b, 0xef, 0xd3, 0xa4, 0xa3, + 0xb9, 0x1f, 0x5c, 0x40, 0x20, 0x95, 0x38, 0x2d, 0xf5, 0x04, 0x0c, 0x2c, + 0x79, 0x77, 0xc1, 0xb6, 0xcc, 0x74, 0x3c, 0x66, 0xf1, 0xc6, 0x65, 0xab, + 0x4d, 0x68, 0x41, 0x16, 0x71, 0x51, 0xb9, 0x1b, 0xcb, 0xa7, 0x6d, 0xe0, + 0x70, 0xa9, 0xfa, 0x65, 0x6b, 0x7b, 0x1e, 0xc5, 0xdf, 0xe2, 0x4c, 0x96, + 0x44, 0x6b, 0x24, 0xa1, 0x15, 0x8e, 0xe7, 0x9b, 0x1f, 0x51, 0xef, 0xd7, + 0x65, 0x5f, 0xcd, 0x74, 0x7f, 0x2d, 0x5c, 0xba, 0xba, 0x20, 0x32, 0x8d, + 0x1c, 0xf1, 0x5a, 0xed, 0x21, 0xad, 0x78, 0x7b, 0x59, 0x58, 0xe4, 0xf6, + 0xa7, 0x10, 0x35, 0xca, 0x5d, 0x86, 0x1a, 0x68, 0xba, 0x1c, 0x3c, 0x1c, + 0x23, 0x79, 0x8b, 0x9f, 0xda, 0x5c, 0xd1, 0x5a, 0xa9, 0xc8, 0xf6, 0xc9, + 0xdf, 0x21, 0x5a, 0x98, 0xdc, 0xf4, 0xb9, 0x02, 0x97, 0x2c, 0x10, 0x60, + 0xc9, 0xb5, 0xea, 0x75, 0x0b, 0xd9, 0x8a, 0xa4, 0x86, 0x92, 0xbe, 0xf5, + 0xd8, 0xc7, 0x6b, 0x13, 0x8b, 0xbb, 0xca, 0x5f, 0xe4, 0x8b, 0xce, 0xb5, + 0x27, 0xae, 0x53, 0xed, 0xef, 0x37, 0xa6, 0x81, 0x8f, 0x70, 0x25, 0x18, + 0x93, 0x06, 0x8c, 0x18, 0xcd, 0x7a, 0x1a, 0x8d, 0xfc, 0xde, 0x6f, 0x30, + 0xdb, 0x41, 0xb6, 0x42, 0x14, 0x54, 0xf8, 0xcd, 0xc6, 0xf8, 0x0f, 0x82, + 0x17, 0xfa, 0x8d, 0xba, 0x80, 0x81, 0x6a, 0xf7, 0x02, 0x97, 0x00, 0x78, + 0xd6, 0x5b, 0xc9, 0xba, 0xd1, 0x99, 0xef, 0x8e, 0x48, 0x6c, 0x35, 0x10, + 0x5b, 0xf1, 0x9b, 0x93, 0x4f, 0xbd, 0x7d, 0x27, 0x9e, 0xc7, 0x86, 0xb2, + 0x8f, 0x6a, 0x91, 0x59, 0x2d, 0x14, 0xab, 0x1b, 0x34, 0x6e, 0xfa, 0x25, + 0x5e, 0x14, 0xc7, 0xef, 0x3d, 0x0f, 0x13, 0xf9, 0x45, 0x4b, 0x90, 0xbc, + 0xd8, 0x51, 0x42, 0x95, 0x25, 0x9b, 0x1b, 0x7c, 0xaf, 0x3b, 0x60, 0x21, + 0x4c, 0x5f, 0x7c, 0x63, 0x4b, 0x45, 0xa6, 0xdc, 0xfd, 0x32, 0xf3, 0x06, + 0x61, 0x11, 0x2d, 0x27, 0xde, 0x19, 0x38, 0x63, 0xf9, 0x70, 0xd1, 0x82, + 0x8e, 0xc7, 0x99, 0xe1, 0x96, 0x9b, 0x54, 0x93, 0x64, 0x5f, 0xd1, 0x62, + 0x9c, 0x37, 0x10, 0x1a, 0x8a, 0x82, 0x8d, 0x2a, 0x93, 0x95, 0x22, 0xc9, + 0x21, 0xf5, 0xce, 0x21, 0xbb, 0x7c, 0x17, 0xee, 0x20, 0xa0, 0x73, 0xaa, + 0x69, 0x78, 0x4e, 0x0d, 0x2c, 0x2c, 0x96, 0x23, 0xdc, 0x07, 0x16, 0xbd, + 0xe7, 0xd5, 0x49, 0xcc, 0x44, 0xd1, 0x9d, 0xd7, 0xa3, 0x01, 0x60, 0xa0, + 0xe0, 0x41, 0x63, 0x28, 0x8a, 0x43, 0xdb, 0x4f, 0x25, 0x5b, 0x27, 0x52, + 0x4a, 0xee, 0x42, 0x43, 0x9a, 0xef, 0x33, 0x43, 0x70, 0xda, 0x64, 0x57, + 0x49, 0x0c, 0x7f, 0xfd, 0xc7, 0x88, 0x26, 0x94, 0x10, 0xcc, 0x05, 0x1d, + 0x54, 0x95, 0xea, 0x4e, 0x65, 0x28, 0x03, 0xbc, 0xa2, 0x62, 0xd2, 0xce, + 0x60, 0x34, 0xf9, 0xdb, 0x26, 0xb5, 0xe6, 0x9b, 0x55, 0x2c, 0x8f, 0x30, + 0x3a, 0x94, 0x9a, 0x15, 0x79, 0x22, 0x75, 0x4d, 0x1b, 0x91, 0xe0, 0x5b, + 0xdb, 0xd1, 0x15, 0x7f, 0xcc, 0xc6, 0x88, 0xb5, 0x00, 0x3f, 0x5d, 0x84, + 0x2e, 0x68, 0xde, 0x6f, 0x41, 0x5b, 0x4e, 0xe7, 0xdf, 0xe6, 0x3b, 0x7e, + 0xf2, 0xdd, 0xfc, 0x01, 0xf2, 0x1b, 0x52, 0xba, 0xc4, 0x51, 0xae, 0x8f, + 0xa0, 0x55, 0x12, 0x81, 0x57, 0xe0, 0x58, 0x5e, 0xea, 0xd7, 0x85, 0xfb, + 0x19, 0x8b, 0xb7, 0x24, 0x29, 0x94, 0xa7, 0xfc, 0xed, 0x17, 0xaa, 0x32, + 0x50, 0x11, 0xb3, 0x7a, 0x43, 0x3a, 0xc0, 0x2b, 0x82, 0x9c, 0x85, 0xd9, + 0xd0, 0xdb, 0x21, 0x71, 0x83, 0xb4, 0x30, 0x14, 0xec, 0xfc, 0x8d, 0x32, + 0xd6, 0xa2, 0x36, 0x5e, 0x3b, 0xe9, 0x12, 0x0c, 0x95, 0xd6, 0x0c, 0x0c, + 0x31, 0x66, 0x30, 0x3f, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x09, 0x14, 0x31, 0x32, 0x1e, 0x30, 0x00, 0x49, 0x00, 0x6e, 0x00, + 0x74, 0x00, 0x65, 0x00, 0x72, 0x00, 0x6e, 0x00, 0x65, 0x00, 0x74, 0x00, + 0x20, 0x00, 0x57, 0x00, 0x69, 0x00, 0x64, 0x00, 0x67, 0x00, 0x69, 0x00, + 0x74, 0x00, 0x73, 0x00, 0x20, 0x00, 0x50, 0x00, 0x74, 0x00, 0x79, 0x00, + 0x20, 0x00, 0x4c, 0x00, 0x74, 0x00, 0x64, 0x30, 0x23, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x15, 0x31, 0x16, 0x04, 0x14, + 0x14, 0x74, 0x2d, 0x52, 0x8e, 0x0d, 0x0c, 0x06, 0x6c, 0x32, 0x64, 0xd3, + 0x7e, 0x33, 0x31, 0x68, 0x8b, 0x28, 0x1a, 0x75, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x30, 0x80, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x07, 0x06, 0xa0, 0x80, 0x30, 0x80, 0x02, 0x01, 0x00, 0x30, 0x80, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0x30, + 0x24, 0x06, 0x0a, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, + 0x06, 0x30, 0x16, 0x04, 0x10, 0x9d, 0x1b, 0x68, 0x8e, 0x11, 0xc2, 0xb2, + 0xd6, 0xd0, 0xe9, 0x5a, 0x9e, 0x96, 0xc1, 0x8c, 0xa6, 0x02, 0x02, 0x07, + 0xd0, 0xa0, 0x80, 0x04, 0x82, 0x03, 0xf8, 0x1d, 0xce, 0x13, 0x70, 0x7a, + 0x6b, 0x0a, 0x12, 0x2d, 0x01, 0x84, 0x63, 0x5c, 0x07, 0x82, 0x23, 0xf8, + 0x8a, 0x5e, 0x53, 0x8f, 0xc8, 0xb4, 0x87, 0x1a, 0xa2, 0x98, 0xdb, 0xc6, + 0x26, 0xca, 0xbb, 0x20, 0x24, 0xad, 0xac, 0xdf, 0xbe, 0x73, 0x6d, 0x97, + 0x4b, 0x6e, 0x5b, 0x45, 0xd2, 0x84, 0xd4, 0xa4, 0x82, 0xd0, 0xce, 0x40, + 0x13, 0x4c, 0x6d, 0x4d, 0x2e, 0xc1, 0x96, 0x95, 0x01, 0x64, 0xf3, 0xf0, + 0x5f, 0x06, 0x06, 0xea, 0xf7, 0x84, 0x8f, 0xb3, 0xb0, 0x6e, 0x7c, 0x9b, + 0x71, 0x73, 0xb9, 0xcd, 0xac, 0x72, 0xf6, 0xa0, 0x23, 0xda, 0x9b, 0x9f, + 0xec, 0x16, 0xef, 0x33, 0xd4, 0xd0, 0x4d, 0x20, 0xf0, 0x75, 0xa9, 0x73, + 0xf4, 0x31, 0xc7, 0x57, 0xb8, 0x0d, 0x9d, 0x85, 0x7c, 0xee, 0x3a, 0x24, + 0x7b, 0x74, 0xa0, 0x5c, 0xad, 0xde, 0x5e, 0x05, 0x1e, 0xeb, 0x02, 0x78, + 0x12, 0xb4, 0xb9, 0xc6, 0xe5, 0xc5, 0x99, 0xbc, 0x05, 0x62, 0x5b, 0x10, + 0x52, 0x08, 0x00, 0x9e, 0x73, 0xac, 0xe4, 0x1d, 0xdb, 0xb8, 0xbf, 0x48, + 0x03, 0x28, 0x05, 0x3c, 0x61, 0x1a, 0x8b, 0x4c, 0xd7, 0x5f, 0x8c, 0xb4, + 0xcd, 0x91, 0x1c, 0x0b, 0xf4, 0x55, 0xd4, 0x1c, 0x42, 0x4a, 0xd4, 0xf5, + 0x15, 0x38, 0xd9, 0x06, 0xfc, 0x49, 0xf6, 0xe5, 0xa7, 0x09, 0x5d, 0x01, + 0xbd, 0xc3, 0xd1, 0x09, 0x9f, 0x5d, 0x0c, 0x19, 0x43, 0xd0, 0xfa, 0x25, + 0x17, 0xad, 0x2a, 0xbf, 0x89, 0x63, 0x06, 0xa8, 0x02, 0x03, 0xe4, 0xfe, + 0x19, 0x08, 0x70, 0xa1, 0x74, 0x74, 0xb6, 0xb6, 0x0f, 0x19, 0x4d, 0x54, + 0xa5, 0xb2, 0xd7, 0x37, 0x3b, 0x17, 0xc0, 0x5d, 0xc2, 0x8a, 0xf1, 0xcc, + 0xed, 0xef, 0x65, 0xc8, 0xca, 0xbe, 0x02, 0xd4, 0x9b, 0x1e, 0xef, 0xc9, + 0xe0, 0x91, 0x82, 0xb0, 0xe0, 0x50, 0xc7, 0xa0, 0xcc, 0x01, 0x6d, 0x55, + 0xe5, 0x67, 0x99, 0x65, 0x13, 0xe4, 0xd2, 0x90, 0x91, 0xf3, 0x76, 0x0b, + 0x6a, 0x2d, 0x19, 0xaf, 0x61, 0xb3, 0x7f, 0x4c, 0x04, 0xfe, 0x68, 0xf6, + 0xb3, 0x56, 0xd8, 0xf3, 0x34, 0xd7, 0x04, 0x0a, 0x31, 0xc8, 0x37, 0xdf, + 0xac, 0xd8, 0x91, 0x80, 0x8a, 0x30, 0x12, 0x22, 0x80, 0xd7, 0x24, 0xcf, + 0x70, 0xaf, 0x56, 0xaf, 0x81, 0xfe, 0x63, 0xf1, 0xea, 0x57, 0x4c, 0xf2, + 0xdb, 0x30, 0x50, 0x92, 0xc1, 0xeb, 0x04, 0x9a, 0xdf, 0xf5, 0x74, 0x57, + 0x5b, 0x58, 0xc2, 0x4e, 0x6b, 0x11, 0xf3, 0xe1, 0xb3, 0x0f, 0x56, 0x35, + 0x04, 0xf8, 0x50, 0x1d, 0x7e, 0xe6, 0x99, 0xa2, 0x48, 0xdb, 0xea, 0x62, + 0x4f, 0x98, 0xc2, 0xef, 0xbf, 0x7f, 0x94, 0xc0, 0x36, 0xc0, 0xf3, 0x27, + 0xfe, 0xe2, 0x17, 0x1e, 0x91, 0x7d, 0x96, 0xa9, 0x2b, 0x71, 0x51, 0xc3, + 0x59, 0x2d, 0x11, 0x50, 0x1e, 0xcb, 0xce, 0xff, 0x04, 0x4d, 0x16, 0xf5, + 0xc2, 0xd4, 0x1f, 0xdd, 0x7f, 0x5a, 0xfd, 0x1d, 0xe9, 0x63, 0x52, 0x44, + 0x76, 0x5f, 0x91, 0xfd, 0xe8, 0xdf, 0x0a, 0x69, 0x0d, 0xd3, 0x64, 0x91, + 0xea, 0xdd, 0x03, 0x4f, 0x42, 0xa5, 0xe9, 0xa1, 0x70, 0x05, 0xf3, 0x22, + 0x8e, 0xad, 0x70, 0x1a, 0x3e, 0x94, 0x42, 0x06, 0xe7, 0x47, 0x37, 0x3d, + 0xf5, 0xda, 0x3e, 0x2a, 0x3a, 0xc0, 0x23, 0xd9, 0x4a, 0x26, 0x69, 0x13, + 0xa6, 0x93, 0x7c, 0xf2, 0xaf, 0x04, 0x5e, 0x9b, 0x88, 0xc7, 0x77, 0xd0, + 0x93, 0xab, 0x1b, 0xbd, 0x3d, 0x69, 0x90, 0xab, 0x41, 0xa9, 0xbc, 0x84, + 0x18, 0x4d, 0x29, 0x02, 0xc1, 0xf8, 0xff, 0x63, 0x18, 0x24, 0x74, 0x8f, + 0x7e, 0x44, 0x33, 0xaf, 0x88, 0x8b, 0x93, 0x5b, 0x9a, 0xae, 0x6b, 0x08, + 0xa2, 0x82, 0x5d, 0xf3, 0xbe, 0x61, 0xc3, 0xf0, 0x2d, 0x31, 0x4c, 0xb5, + 0xb5, 0x91, 0x0f, 0xfa, 0x81, 0x61, 0xad, 0xfc, 0xba, 0x91, 0xeb, 0x3b, + 0x9d, 0x22, 0x41, 0x45, 0x0e, 0x8e, 0x24, 0xc7, 0x1c, 0x81, 0x95, 0xa8, + 0x7b, 0x64, 0xed, 0xa5, 0xec, 0x5a, 0x68, 0x3c, 0x85, 0x8d, 0x92, 0xb7, + 0x24, 0x0f, 0xed, 0xf5, 0xc6, 0x31, 0x61, 0xdc, 0xef, 0xa7, 0xcb, 0x8f, + 0xda, 0x43, 0x05, 0x42, 0xf6, 0x9e, 0xbc, 0x1b, 0x9a, 0xa1, 0xe8, 0x1d, + 0x8d, 0x42, 0xdb, 0x80, 0x83, 0x55, 0x52, 0x2b, 0x95, 0x00, 0x05, 0x82, + 0x84, 0xc3, 0x54, 0x23, 0x8e, 0x1d, 0x00, 0xa2, 0x16, 0x3e, 0xce, 0x3d, + 0xcc, 0x9e, 0xb8, 0x4c, 0x59, 0xb2, 0x12, 0xa2, 0x23, 0xc1, 0x46, 0x50, + 0x86, 0xae, 0x75, 0x7e, 0x49, 0x38, 0x77, 0x94, 0xf0, 0x27, 0xd8, 0x17, + 0x38, 0x8c, 0xe0, 0x73, 0x00, 0xfb, 0xaf, 0xbf, 0xe8, 0xed, 0x85, 0x58, + 0x3e, 0xb4, 0x88, 0x04, 0xc8, 0x22, 0x1b, 0xb4, 0x75, 0xa2, 0xc4, 0xdd, + 0x06, 0xd2, 0x83, 0x42, 0x21, 0x57, 0xfc, 0xd8, 0xae, 0x9c, 0x0e, 0xd8, + 0x6a, 0x70, 0xd1, 0xeb, 0x44, 0x9c, 0xb7, 0x37, 0x04, 0x05, 0xf5, 0x17, + 0xbe, 0xf3, 0x56, 0x1b, 0x06, 0x36, 0x1c, 0x59, 0x7b, 0x65, 0x8d, 0xbb, + 0xbe, 0x22, 0x9a, 0x70, 0xa3, 0xe9, 0x60, 0x1a, 0xc9, 0xdd, 0x81, 0x3c, + 0x2d, 0x4e, 0xc0, 0x8a, 0xe5, 0x91, 0xa7, 0xc1, 0x80, 0x07, 0x47, 0x7a, + 0x74, 0x4f, 0x3e, 0x4a, 0xdc, 0xb2, 0xcc, 0xff, 0x37, 0x66, 0x05, 0xcb, + 0xd6, 0xe9, 0x90, 0xf5, 0xef, 0x2b, 0x7e, 0xa7, 0x66, 0x51, 0xcb, 0x48, + 0xb3, 0x8a, 0x6f, 0x06, 0xba, 0x8b, 0x3d, 0x35, 0x36, 0xdf, 0x0e, 0x40, + 0xe5, 0xa1, 0xe3, 0xdd, 0x89, 0xab, 0x64, 0x9c, 0x01, 0x15, 0x9e, 0x93, + 0xea, 0xf9, 0x4f, 0x9e, 0xf5, 0x8b, 0xf2, 0xc2, 0xbb, 0xe5, 0xc3, 0xa3, + 0xe3, 0x13, 0x63, 0x4f, 0x7d, 0x20, 0xe4, 0x66, 0x96, 0x84, 0x8d, 0xd4, + 0xca, 0x72, 0x52, 0xdc, 0xb8, 0x93, 0xd4, 0xa5, 0x3e, 0x6e, 0x42, 0x56, + 0x80, 0x46, 0x77, 0x86, 0x49, 0xfe, 0xf3, 0xb4, 0x5b, 0x37, 0xfc, 0xb8, + 0x0c, 0xd7, 0x63, 0xac, 0x3c, 0x6f, 0xf0, 0xbe, 0xbe, 0xb4, 0x13, 0xe7, + 0x34, 0xe5, 0x06, 0xbf, 0x17, 0x48, 0x6e, 0xc0, 0x26, 0x94, 0xdd, 0xed, + 0xf4, 0xda, 0x97, 0x25, 0xab, 0xd6, 0x9b, 0xc3, 0x8c, 0xeb, 0x17, 0x09, + 0xfc, 0x03, 0x5a, 0x2f, 0x19, 0x85, 0x50, 0xc4, 0xe6, 0x35, 0x71, 0x94, + 0xad, 0xc5, 0xcf, 0x08, 0xcf, 0x69, 0x3b, 0xc3, 0x31, 0xec, 0xf1, 0xfa, + 0x80, 0x66, 0x8f, 0x14, 0xde, 0x56, 0x21, 0x12, 0x9b, 0x0c, 0xdf, 0x92, + 0x48, 0x06, 0xce, 0xdb, 0xeb, 0x28, 0x54, 0x27, 0x8b, 0xa9, 0xef, 0x0c, + 0xf4, 0xa0, 0xcc, 0x84, 0x59, 0x60, 0xed, 0x18, 0x65, 0xca, 0x67, 0x0c, + 0xd1, 0x1f, 0xcf, 0x59, 0x4b, 0xce, 0x07, 0x27, 0x08, 0x6a, 0xea, 0x53, + 0xdc, 0x47, 0xb3, 0x4e, 0xe4, 0x0b, 0xff, 0x9a, 0x7d, 0x6b, 0x0d, 0x2f, + 0x2d, 0x60, 0xd7, 0x8b, 0x22, 0xf5, 0x30, 0x43, 0x09, 0xe6, 0xdf, 0x01, + 0x03, 0x27, 0x2d, 0xb5, 0x74, 0x52, 0x5d, 0x08, 0xc7, 0x5a, 0x44, 0x25, + 0x0f, 0x2c, 0x14, 0x8f, 0x48, 0xea, 0x18, 0x99, 0xd1, 0xcc, 0xc5, 0xdc, + 0x65, 0xa5, 0x3d, 0x25, 0x94, 0xa9, 0xc7, 0xad, 0x3e, 0xa4, 0xf6, 0xe6, + 0xbd, 0xa7, 0x70, 0xd4, 0xdc, 0x9b, 0x26, 0xcb, 0x31, 0x70, 0xaf, 0x3e, + 0xa4, 0xb6, 0x8d, 0x21, 0x31, 0x67, 0x35, 0x35, 0x86, 0x67, 0xd1, 0x02, + 0x6c, 0x36, 0x76, 0xc9, 0x20, 0xf6, 0x0f, 0x30, 0x41, 0x83, 0x19, 0xf5, + 0xe1, 0x33, 0x90, 0xbc, 0x7b, 0x8c, 0x9b, 0x8a, 0x68, 0x30, 0x9e, 0xed, + 0xf4, 0x88, 0xc9, 0x04, 0x08, 0x2b, 0xb0, 0x0f, 0xae, 0xc7, 0xe0, 0x6e, + 0x52, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x39, 0x30, 0x21, 0x30, + 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, + 0xe0, 0xf7, 0xa1, 0x1b, 0xf6, 0x3f, 0x05, 0xad, 0x55, 0x6a, 0x20, 0x4c, + 0x71, 0xca, 0x62, 0x47, 0x13, 0x28, 0xd5, 0x05, 0x04, 0x10, 0x3e, 0x87, + 0x2d, 0x96, 0xea, 0x80, 0x4b, 0xab, 0x3a, 0xb9, 0xee, 0x09, 0x65, 0x28, + 0xbc, 0x8d, 0x02, 0x02, 0x07, 0xd0, 0x00, 0x00, +}; + +/* kWindows is a dummy key and certificate exported from the certificate + * manager on Windows 7. */ +static const uint8_t kWindows[] = { + 0x30, 0x82, 0x0a, 0x02, 0x02, 0x01, 0x03, 0x30, 0x82, 0x09, 0xbe, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x82, + 0x09, 0xaf, 0x04, 0x82, 0x09, 0xab, 0x30, 0x82, 0x09, 0xa7, 0x30, 0x82, + 0x06, 0x08, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, + 0x01, 0xa0, 0x82, 0x05, 0xf9, 0x04, 0x82, 0x05, 0xf5, 0x30, 0x82, 0x05, + 0xf1, 0x30, 0x82, 0x05, 0xed, 0x06, 0x0b, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x02, 0xa0, 0x82, 0x04, 0xfe, 0x30, 0x82, + 0x04, 0xfa, 0x30, 0x1c, 0x06, 0x0a, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x0c, 0x01, 0x03, 0x30, 0x0e, 0x04, 0x08, 0xb7, 0x20, 0x55, 0x5a, + 0x4d, 0x3f, 0x0e, 0x89, 0x02, 0x02, 0x07, 0xd0, 0x04, 0x82, 0x04, 0xd8, + 0x3a, 0xcc, 0xd6, 0xcb, 0x4d, 0x54, 0xc0, 0x04, 0x56, 0x10, 0xcc, 0x49, + 0xe4, 0xe0, 0x10, 0x73, 0xfb, 0x1a, 0xdd, 0x1d, 0x4f, 0x6e, 0x55, 0xe3, + 0xa4, 0xab, 0xf9, 0x26, 0xaa, 0x42, 0x54, 0xa0, 0xd1, 0xf0, 0x8d, 0xbf, + 0x71, 0x7d, 0x18, 0x00, 0x17, 0xb3, 0xb7, 0x63, 0x50, 0x8d, 0x2c, 0xeb, + 0x2f, 0xe3, 0xc3, 0xbf, 0x93, 0xc8, 0x46, 0x48, 0x99, 0x47, 0xe2, 0x3b, + 0x8d, 0x71, 0x01, 0x5f, 0x59, 0x5b, 0x61, 0x7e, 0x1f, 0x0c, 0x6e, 0x3e, + 0xc4, 0x74, 0x99, 0x98, 0x30, 0xff, 0x37, 0x7b, 0x30, 0x19, 0xb5, 0xfc, + 0x69, 0x94, 0x5f, 0x79, 0x69, 0x34, 0xda, 0xb5, 0x21, 0xcf, 0xfe, 0x72, + 0x87, 0xe8, 0x7d, 0x29, 0x7e, 0x27, 0x25, 0x90, 0x80, 0x98, 0xdd, 0x8d, + 0xbf, 0x42, 0xb0, 0x10, 0xd8, 0x7d, 0x6d, 0xfe, 0x6f, 0x0d, 0x61, 0x09, + 0xfd, 0xb2, 0x9b, 0xeb, 0xbf, 0x1c, 0xca, 0x33, 0xbc, 0x4e, 0x19, 0x52, + 0x55, 0x53, 0xb4, 0xa5, 0x98, 0x6c, 0xa3, 0x3b, 0xf8, 0xa4, 0x8d, 0x79, + 0xcf, 0x40, 0xf2, 0x89, 0x09, 0x3c, 0x38, 0xab, 0xae, 0xf4, 0x09, 0x3b, + 0xb6, 0xcb, 0xdd, 0xd7, 0xad, 0xe0, 0x5a, 0x71, 0x64, 0xc9, 0x0f, 0x18, + 0xac, 0x3c, 0x12, 0xd4, 0x22, 0x54, 0x24, 0x1a, 0xa5, 0x35, 0x78, 0x99, + 0x09, 0x4a, 0x18, 0x95, 0x23, 0xb9, 0xf7, 0x89, 0x3f, 0x13, 0x43, 0x1f, + 0x8d, 0x76, 0x6b, 0x04, 0xdb, 0x64, 0xf4, 0x8e, 0xf5, 0x50, 0xa0, 0xae, + 0x1c, 0x8c, 0xc8, 0xf3, 0xde, 0xf3, 0x11, 0x2d, 0xfe, 0x76, 0xf0, 0xac, + 0x46, 0x54, 0x23, 0x03, 0x49, 0xfa, 0x73, 0xcd, 0xe0, 0xa1, 0x6c, 0x66, + 0x4d, 0x1b, 0x99, 0x57, 0x3d, 0x61, 0x61, 0xeb, 0x61, 0x40, 0xc7, 0xd6, + 0x41, 0xbe, 0x63, 0x21, 0x1e, 0x7e, 0xb5, 0x0e, 0x94, 0x93, 0x37, 0x41, + 0xe8, 0x91, 0x06, 0xd7, 0xa3, 0x33, 0x78, 0x17, 0x17, 0x59, 0x78, 0x8f, + 0xaf, 0xed, 0xf9, 0x90, 0xfb, 0xb6, 0xc8, 0xa9, 0x0b, 0x10, 0x1a, 0xf1, + 0xab, 0x10, 0x11, 0xbc, 0x7f, 0xa5, 0x2d, 0x34, 0x7d, 0x7b, 0xaf, 0xc8, + 0xb2, 0x00, 0x6b, 0xd4, 0xbb, 0x25, 0x9b, 0xc7, 0x14, 0x8b, 0x50, 0x0a, + 0xd5, 0x2c, 0x1f, 0xa0, 0x5f, 0x07, 0x1d, 0x5e, 0x1a, 0xa4, 0x4b, 0x85, + 0xb2, 0xa6, 0xe2, 0xdd, 0xb7, 0xda, 0x11, 0x25, 0x51, 0xbf, 0x72, 0x50, + 0x53, 0xa1, 0x3d, 0xfa, 0x1d, 0x34, 0x75, 0xdd, 0x7a, 0xe0, 0x90, 0x56, + 0x14, 0xc3, 0xe8, 0x0b, 0xea, 0x32, 0x5f, 0x92, 0xfc, 0x2e, 0x4d, 0x0e, + 0xfe, 0xba, 0x1a, 0x00, 0x6d, 0x8f, 0x75, 0xac, 0x49, 0x4c, 0x79, 0x03, + 0x2e, 0xf2, 0xcc, 0x8e, 0x96, 0x27, 0x3c, 0x59, 0x28, 0x7f, 0x52, 0x8d, + 0xc3, 0x3b, 0x24, 0x68, 0xff, 0xbb, 0xd0, 0x4e, 0xdf, 0xc4, 0x91, 0x32, + 0x14, 0x5e, 0x43, 0x73, 0xd8, 0x56, 0x65, 0xe1, 0x48, 0x89, 0xe4, 0x33, + 0xef, 0x4b, 0x51, 0x50, 0xf2, 0x53, 0xe7, 0xae, 0x7d, 0xb6, 0x8c, 0x80, + 0xee, 0x8d, 0x9e, 0x24, 0x1a, 0xdd, 0x95, 0x7d, 0x22, 0x58, 0x76, 0xf8, + 0xbb, 0x63, 0x36, 0x17, 0xdc, 0xc6, 0x3e, 0xb8, 0xe9, 0x1f, 0xd8, 0xe0, + 0x06, 0x18, 0x1b, 0x3c, 0x45, 0xcb, 0xe1, 0x5a, 0x41, 0xe5, 0x32, 0xa3, + 0x85, 0x1b, 0xff, 0xe0, 0x5e, 0x28, 0xee, 0xe9, 0x05, 0xc7, 0xc8, 0x47, + 0x85, 0xe8, 0x13, 0x7f, 0x1b, 0xda, 0xd7, 0x3e, 0x8e, 0xb8, 0xa3, 0x96, + 0x34, 0x19, 0x3b, 0x0c, 0x88, 0x26, 0x38, 0xe7, 0x65, 0xf6, 0x03, 0x4f, + 0xc8, 0x37, 0x6e, 0x2f, 0x5e, 0x5d, 0xcd, 0xa3, 0x29, 0x37, 0xe8, 0x86, + 0x84, 0x66, 0x37, 0x84, 0xa0, 0x49, 0x4e, 0x8f, 0x3b, 0x1a, 0x42, 0x9f, + 0x62, 0x1f, 0x2b, 0x97, 0xc9, 0x18, 0x21, 0xd2, 0xa5, 0xcd, 0x8f, 0xa4, + 0x03, 0xf8, 0x82, 0x1e, 0xb8, 0x3e, 0x6b, 0x54, 0x29, 0x75, 0x5f, 0x80, + 0xe6, 0x8f, 0x2f, 0x65, 0xb0, 0x6b, 0xbb, 0x18, 0x6e, 0x0d, 0x32, 0x62, + 0x8c, 0x97, 0x48, 0xd3, 0xaa, 0xf2, 0x5e, 0xb8, 0x25, 0xbc, 0xb5, 0x22, + 0x4a, 0xac, 0xcf, 0xdc, 0x8b, 0x48, 0xfc, 0x95, 0xf2, 0x17, 0x21, 0x1e, + 0xda, 0x13, 0xd3, 0x1b, 0xe2, 0x37, 0xd5, 0xbf, 0x92, 0xe4, 0x81, 0xf5, + 0x98, 0x57, 0x51, 0x14, 0xda, 0x80, 0x7d, 0x4a, 0x6a, 0xce, 0x17, 0xaf, + 0xdb, 0xc3, 0x2e, 0x84, 0x3b, 0x1e, 0x02, 0x51, 0x4a, 0xc1, 0x25, 0x8c, + 0x5a, 0x20, 0x56, 0xee, 0xec, 0x59, 0xcf, 0xd7, 0x3e, 0x5f, 0x39, 0x9f, + 0xbf, 0x4d, 0x4e, 0x94, 0xb1, 0x1d, 0x83, 0x70, 0xc0, 0xab, 0xff, 0xfa, + 0x7c, 0x2e, 0x5b, 0xfb, 0x57, 0x3f, 0x60, 0xb8, 0xf3, 0x36, 0x5f, 0xbf, + 0x6a, 0x8c, 0x6f, 0xe0, 0x34, 0xe8, 0x75, 0x26, 0xc2, 0x1e, 0x22, 0x64, + 0x0e, 0x43, 0xc1, 0x93, 0xe6, 0x8a, 0x2e, 0xe9, 0xd9, 0xe0, 0x9f, 0x56, + 0x50, 0x8a, 0xbd, 0x68, 0xf6, 0x57, 0x63, 0x55, 0xbb, 0xe7, 0xfe, 0x22, + 0xca, 0xdc, 0x85, 0x38, 0x39, 0xc8, 0x66, 0x02, 0x28, 0x0f, 0xe0, 0x1c, + 0xd6, 0x0f, 0x5d, 0x6a, 0x0b, 0xd8, 0xe5, 0x6a, 0xeb, 0x54, 0xb2, 0xe0, + 0x02, 0x6f, 0xe2, 0x42, 0x89, 0x66, 0xc2, 0xd5, 0xc6, 0xe2, 0xb2, 0x04, + 0x6d, 0x8a, 0x2b, 0x48, 0xc2, 0x51, 0x07, 0x8e, 0xf3, 0x91, 0x0b, 0xb7, + 0x55, 0x6e, 0xbb, 0xbf, 0x11, 0x5a, 0xcb, 0x2c, 0xb3, 0x1e, 0x61, 0xd3, + 0xdb, 0x90, 0xad, 0xba, 0x10, 0x96, 0xe2, 0x16, 0xf4, 0x0c, 0x47, 0xbd, + 0x64, 0x66, 0x7a, 0x17, 0x63, 0xb9, 0x02, 0xcb, 0x53, 0x7a, 0x35, 0x92, + 0x74, 0xc3, 0x2a, 0x7d, 0xc5, 0x11, 0x18, 0x2f, 0xa3, 0x62, 0x2c, 0xc0, + 0x87, 0xd3, 0xd3, 0xba, 0xcb, 0xe0, 0x86, 0x9b, 0x4b, 0xc5, 0x59, 0x98, + 0x7e, 0x32, 0x96, 0x55, 0xc1, 0x3d, 0x5a, 0xcd, 0x90, 0x2d, 0xf8, 0xb7, + 0xa8, 0xba, 0xce, 0x89, 0x64, 0xa6, 0xf3, 0x1b, 0x11, 0x2e, 0x12, 0x99, + 0x4d, 0x34, 0x45, 0x13, 0x66, 0xb7, 0x69, 0x7b, 0xc5, 0x79, 0xf5, 0x6b, + 0xc2, 0x1d, 0xc8, 0x3f, 0x09, 0x18, 0x0a, 0xfc, 0xf7, 0xaf, 0x98, 0xc2, + 0xc7, 0xcc, 0x85, 0x29, 0xc6, 0x22, 0x7a, 0x77, 0xab, 0xb5, 0xac, 0xf7, + 0x9e, 0x70, 0x8e, 0x7f, 0x3c, 0xf1, 0xbd, 0xd9, 0x7a, 0x92, 0x84, 0xc5, + 0xb8, 0x56, 0xc3, 0xcb, 0xf7, 0x25, 0xad, 0xda, 0x0e, 0x1c, 0xe4, 0x68, + 0x66, 0x83, 0x91, 0x78, 0xf1, 0xe7, 0x8c, 0xaa, 0x45, 0xb6, 0x85, 0x74, + 0x9b, 0x08, 0xff, 0xac, 0x38, 0x55, 0xa5, 0x6a, 0xea, 0x2e, 0x75, 0x71, + 0xd3, 0xa2, 0xdc, 0x1c, 0xc0, 0xc7, 0x0b, 0xa9, 0xd5, 0x7e, 0xf9, 0x63, + 0x82, 0x87, 0xb7, 0x81, 0x01, 0xb9, 0x31, 0xdf, 0x41, 0x35, 0x0e, 0xe2, + 0x1f, 0x48, 0xbf, 0x60, 0xce, 0xb0, 0xb4, 0x38, 0xa5, 0xb4, 0x76, 0xa3, + 0x80, 0x1f, 0x93, 0x57, 0xf2, 0x05, 0x81, 0x42, 0xd1, 0xae, 0x56, 0x6d, + 0xc5, 0x4c, 0xab, 0xa6, 0x24, 0x2a, 0x02, 0x3b, 0xb1, 0xc4, 0x75, 0xcf, + 0x15, 0x90, 0xb5, 0xf2, 0xe7, 0x10, 0x69, 0xa0, 0xe3, 0xc4, 0xe6, 0x52, + 0x63, 0x14, 0xb4, 0x15, 0x91, 0x8e, 0xba, 0x7a, 0xad, 0x2d, 0x9b, 0x24, + 0x74, 0x36, 0x31, 0xca, 0xcb, 0x4b, 0x5a, 0xbf, 0xd3, 0x4e, 0xb4, 0xc1, + 0x48, 0x44, 0x74, 0x2f, 0x83, 0xe4, 0x39, 0x3d, 0x90, 0x2d, 0x32, 0x12, + 0xf7, 0xfa, 0xd3, 0xe3, 0xdb, 0x4f, 0xe6, 0xe7, 0x20, 0x2c, 0x57, 0xc0, + 0xf9, 0x80, 0xe1, 0xdc, 0x1c, 0xf2, 0x05, 0x54, 0x35, 0xf6, 0xbd, 0xfb, + 0xbd, 0xc5, 0xb2, 0x82, 0x32, 0x63, 0x32, 0xca, 0xf4, 0xf7, 0x14, 0x92, + 0x87, 0x8a, 0x45, 0x37, 0x56, 0x93, 0xda, 0x4f, 0x04, 0x59, 0x03, 0x24, + 0x93, 0x1a, 0x0b, 0x4e, 0xdb, 0x58, 0xbf, 0xda, 0x2a, 0x0e, 0x7e, 0x98, + 0x6c, 0x0c, 0xeb, 0x21, 0xf9, 0xbf, 0x9b, 0x1f, 0xc0, 0xef, 0xd3, 0xea, + 0xcb, 0x99, 0x5e, 0x14, 0x3e, 0x10, 0xfa, 0xad, 0x38, 0xf7, 0x68, 0x9f, + 0xa3, 0xcc, 0xdf, 0xe5, 0x31, 0x91, 0x98, 0xde, 0x74, 0x5f, 0x7b, 0xce, + 0xe4, 0x54, 0xd9, 0x51, 0xec, 0xf5, 0x4b, 0x17, 0x5f, 0x99, 0x4c, 0xf8, + 0x00, 0xe0, 0x10, 0x09, 0x07, 0x64, 0xae, 0x61, 0x3b, 0x60, 0xa3, 0x89, + 0x38, 0xc4, 0x80, 0xf2, 0x1e, 0x11, 0x26, 0x78, 0x72, 0x05, 0x97, 0x27, + 0xba, 0x83, 0x33, 0x1b, 0x14, 0x4b, 0xc0, 0xc8, 0xb0, 0xcc, 0x0a, 0x9b, + 0x3e, 0x4c, 0xde, 0x12, 0x07, 0x11, 0xd5, 0xf0, 0xc0, 0xdd, 0x70, 0x3d, + 0xd8, 0x7a, 0xf7, 0xa2, 0xf2, 0x70, 0xad, 0x54, 0xce, 0x67, 0x41, 0x12, + 0x29, 0x1f, 0xe1, 0x49, 0x5f, 0x4c, 0x77, 0x41, 0x7c, 0x74, 0x25, 0x9c, + 0x91, 0xd1, 0x0d, 0xa5, 0x9a, 0xb8, 0x56, 0x4c, 0x01, 0xc0, 0x77, 0x51, + 0x14, 0xc8, 0x92, 0x40, 0x9a, 0xbd, 0x7f, 0x3b, 0x9b, 0x17, 0xbb, 0x80, + 0x6e, 0x50, 0x64, 0x31, 0xed, 0xe2, 0x22, 0x9f, 0x96, 0x8e, 0xe2, 0x4e, + 0x54, 0x6e, 0x36, 0x35, 0xfc, 0xf2, 0xed, 0xfc, 0x56, 0x63, 0xdb, 0x89, + 0x19, 0x99, 0xf8, 0x47, 0xff, 0xce, 0x35, 0xd2, 0x86, 0x63, 0xbc, 0xe4, + 0x8c, 0x5d, 0x12, 0x94, 0x31, 0x81, 0xdb, 0x30, 0x13, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x15, 0x31, 0x06, 0x04, 0x04, + 0x01, 0x00, 0x00, 0x00, 0x30, 0x57, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x09, 0x14, 0x31, 0x4a, 0x1e, 0x48, 0x00, 0x65, 0x00, + 0x65, 0x00, 0x36, 0x00, 0x64, 0x00, 0x38, 0x00, 0x38, 0x00, 0x30, 0x00, + 0x35, 0x00, 0x2d, 0x00, 0x30, 0x00, 0x36, 0x00, 0x64, 0x00, 0x39, 0x00, + 0x2d, 0x00, 0x34, 0x00, 0x32, 0x00, 0x65, 0x00, 0x32, 0x00, 0x2d, 0x00, + 0x38, 0x00, 0x62, 0x00, 0x36, 0x00, 0x38, 0x00, 0x2d, 0x00, 0x66, 0x00, + 0x65, 0x00, 0x61, 0x00, 0x62, 0x00, 0x35, 0x00, 0x65, 0x00, 0x66, 0x00, + 0x32, 0x00, 0x38, 0x00, 0x32, 0x00, 0x37, 0x00, 0x30, 0x30, 0x6b, 0x06, + 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x11, 0x01, 0x31, 0x5e, + 0x1e, 0x5c, 0x00, 0x4d, 0x00, 0x69, 0x00, 0x63, 0x00, 0x72, 0x00, 0x6f, + 0x00, 0x73, 0x00, 0x6f, 0x00, 0x66, 0x00, 0x74, 0x00, 0x20, 0x00, 0x45, + 0x00, 0x6e, 0x00, 0x68, 0x00, 0x61, 0x00, 0x6e, 0x00, 0x63, 0x00, 0x65, + 0x00, 0x64, 0x00, 0x20, 0x00, 0x43, 0x00, 0x72, 0x00, 0x79, 0x00, 0x70, + 0x00, 0x74, 0x00, 0x6f, 0x00, 0x67, 0x00, 0x72, 0x00, 0x61, 0x00, 0x70, + 0x00, 0x68, 0x00, 0x69, 0x00, 0x63, 0x00, 0x20, 0x00, 0x50, 0x00, 0x72, + 0x00, 0x6f, 0x00, 0x76, 0x00, 0x69, 0x00, 0x64, 0x00, 0x65, 0x00, 0x72, + 0x00, 0x20, 0x00, 0x76, 0x00, 0x31, 0x00, 0x2e, 0x00, 0x30, 0x30, 0x82, + 0x03, 0x97, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, + 0x06, 0xa0, 0x82, 0x03, 0x88, 0x30, 0x82, 0x03, 0x84, 0x02, 0x01, 0x00, + 0x30, 0x82, 0x03, 0x7d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x07, 0x01, 0x30, 0x1c, 0x06, 0x0a, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x0c, 0x01, 0x06, 0x30, 0x0e, 0x04, 0x08, 0x92, 0x16, 0x6d, + 0x6d, 0x68, 0xd3, 0xb0, 0xc1, 0x02, 0x02, 0x07, 0xd0, 0x80, 0x82, 0x03, + 0x50, 0xee, 0x76, 0xe8, 0x60, 0xbf, 0xca, 0x3c, 0x2d, 0xe5, 0x29, 0x22, + 0xf6, 0x33, 0xc3, 0x50, 0x6a, 0xdb, 0xf3, 0x58, 0x3c, 0xd9, 0x7c, 0xd8, + 0xf9, 0x83, 0x89, 0x17, 0xa8, 0x1b, 0x6b, 0x09, 0xc1, 0x99, 0x49, 0xb0, + 0x43, 0x06, 0xc6, 0x42, 0x4b, 0x7c, 0x85, 0x4b, 0xe6, 0x69, 0x38, 0x91, + 0xce, 0x3d, 0x3c, 0x97, 0xd5, 0x14, 0x4f, 0x15, 0x5a, 0x81, 0x4d, 0x77, + 0x40, 0xe0, 0xe1, 0x1c, 0x69, 0x3f, 0x1d, 0x65, 0x68, 0xb3, 0x98, 0x95, + 0x30, 0x6c, 0xb0, 0x70, 0x93, 0x0c, 0xce, 0xec, 0xaf, 0x57, 0xc6, 0x9c, + 0x34, 0xb4, 0x2b, 0xaf, 0xc3, 0x5e, 0x70, 0x87, 0x17, 0xe8, 0xc9, 0x54, + 0x06, 0xb5, 0xb7, 0x83, 0xff, 0x46, 0x2b, 0xb6, 0x6a, 0x66, 0x2f, 0x6d, + 0x0f, 0x96, 0x53, 0x66, 0x65, 0xb8, 0x7b, 0x48, 0x55, 0x83, 0xd3, 0xc4, + 0x16, 0x93, 0xde, 0x72, 0x59, 0xf1, 0x9a, 0xab, 0xd5, 0xd5, 0xcb, 0x24, + 0xa6, 0x4a, 0x4e, 0x57, 0xf3, 0x6e, 0xca, 0xb1, 0xeb, 0x7d, 0xdb, 0x02, + 0xd2, 0x79, 0x89, 0xef, 0xa2, 0x8b, 0xee, 0x6f, 0xdc, 0x5e, 0x65, 0xa5, + 0x09, 0x33, 0x51, 0xb5, 0x21, 0xc8, 0xc6, 0xab, 0xed, 0xd5, 0x50, 0x93, + 0x39, 0x71, 0x97, 0xd3, 0x2c, 0xdd, 0xaf, 0xb1, 0xc6, 0x9b, 0x4b, 0x69, + 0x98, 0xae, 0xaf, 0x21, 0xa0, 0x8a, 0x90, 0x25, 0xe0, 0xf4, 0x8c, 0xf2, + 0xc3, 0x4f, 0x64, 0xb6, 0xc6, 0x64, 0x90, 0xff, 0x95, 0x0a, 0xcc, 0x8c, + 0xf4, 0x86, 0x80, 0x53, 0x8d, 0x51, 0x0b, 0xcd, 0x45, 0x4f, 0xcf, 0x7c, + 0xc6, 0xdf, 0x08, 0x5e, 0xa7, 0xdf, 0x4f, 0xcf, 0x84, 0xde, 0xb8, 0x4d, + 0x73, 0x40, 0x06, 0xbe, 0x33, 0x82, 0xe8, 0x41, 0x1b, 0x9a, 0xc3, 0x5b, + 0xb6, 0xf3, 0xfc, 0x32, 0x98, 0xcc, 0xcc, 0x5e, 0xd5, 0xb7, 0x86, 0x0f, + 0xc8, 0x59, 0x72, 0xcb, 0x9a, 0xc5, 0x3c, 0x50, 0xb8, 0x25, 0xb8, 0x87, + 0x3e, 0x49, 0xd4, 0x2d, 0x2f, 0x50, 0x35, 0xeb, 0xb8, 0x10, 0xa7, 0xea, + 0xb1, 0xe2, 0x0c, 0x6a, 0x84, 0x2c, 0xe2, 0x7a, 0x26, 0xef, 0x7e, 0x6b, + 0x1e, 0x47, 0x6e, 0x98, 0xc0, 0x3f, 0x92, 0x24, 0xe7, 0x88, 0xf9, 0x18, + 0x78, 0x37, 0x8a, 0x54, 0xa6, 0x2b, 0x5b, 0xf0, 0xc7, 0xe2, 0x98, 0xa4, + 0xa6, 0x2e, 0xc3, 0x6a, 0x75, 0x66, 0x51, 0xe8, 0x0d, 0x90, 0xfd, 0xa7, + 0xec, 0x22, 0xb3, 0x7d, 0x9d, 0x0c, 0xfe, 0x72, 0x7f, 0x98, 0xf6, 0x86, + 0x30, 0xd3, 0x7c, 0xee, 0xa5, 0xc5, 0x20, 0x89, 0x79, 0x04, 0x8e, 0xa8, + 0xb6, 0x94, 0x70, 0x4e, 0x75, 0xe5, 0xa0, 0xae, 0x8c, 0x7f, 0x72, 0x4c, + 0xd5, 0x9f, 0xd2, 0x56, 0x0d, 0xb2, 0x28, 0x45, 0x99, 0xf8, 0x40, 0xd4, + 0x3f, 0x42, 0x4a, 0x0c, 0x92, 0x23, 0xe1, 0x17, 0xaf, 0x68, 0xa6, 0x0f, + 0x1d, 0x32, 0x0d, 0xf8, 0x08, 0x8e, 0xdc, 0x79, 0x68, 0xf0, 0xfe, 0x0b, + 0xda, 0x94, 0x2d, 0xa6, 0xa7, 0x76, 0x7e, 0xd6, 0xca, 0xec, 0x7c, 0x37, + 0x52, 0x4f, 0x77, 0xcf, 0xa3, 0xcf, 0x8a, 0xfe, 0x89, 0xd9, 0x3e, 0xbc, + 0xb5, 0x06, 0xa0, 0x21, 0x91, 0x89, 0x77, 0x84, 0x85, 0x43, 0x2a, 0x65, + 0xec, 0x75, 0x4d, 0x0d, 0x1c, 0x79, 0x0f, 0x61, 0xca, 0x3e, 0x62, 0xbb, + 0x41, 0xf9, 0x4c, 0x5c, 0x3b, 0xde, 0x33, 0x8e, 0xdf, 0x51, 0x72, 0x93, + 0xca, 0xa6, 0xc7, 0x16, 0xe5, 0xb3, 0x22, 0xb6, 0x2e, 0xbf, 0xae, 0x1d, + 0x91, 0x1d, 0x49, 0x96, 0xa3, 0x25, 0xd4, 0xce, 0x6f, 0xf0, 0xfb, 0xb7, + 0xf5, 0x4a, 0x24, 0x03, 0x54, 0x4b, 0x7f, 0x0b, 0xb4, 0x31, 0xb4, 0x33, + 0xb7, 0x40, 0xf0, 0xd5, 0x4c, 0xee, 0xe3, 0x4b, 0x12, 0x8c, 0xc9, 0xa7, + 0x06, 0xb1, 0x02, 0x5a, 0x14, 0x6f, 0xe2, 0x3b, 0x68, 0x9b, 0x3d, 0xfc, + 0x83, 0x4a, 0xcc, 0xb5, 0x77, 0xe7, 0xf0, 0x1b, 0x52, 0xce, 0x60, 0x89, + 0xe2, 0x45, 0x76, 0xaa, 0x76, 0x70, 0xc2, 0xfd, 0x21, 0x8f, 0x1d, 0x67, + 0x1a, 0x4c, 0xe8, 0x81, 0x2b, 0x2e, 0xa9, 0x56, 0x0a, 0x27, 0x0f, 0x81, + 0xba, 0x5c, 0x4f, 0xfa, 0x6e, 0x7e, 0x33, 0x7d, 0x78, 0xed, 0xd2, 0xe3, + 0x24, 0xae, 0x24, 0xb2, 0x1b, 0x62, 0x71, 0x0e, 0x73, 0xfe, 0x8a, 0x3b, + 0x98, 0x0d, 0x82, 0x8e, 0x8d, 0x0f, 0xb3, 0xe2, 0x65, 0x87, 0xeb, 0x36, + 0x91, 0x4d, 0x8a, 0xfb, 0x22, 0x7a, 0x23, 0x2c, 0xe1, 0xb6, 0x94, 0xb6, + 0x90, 0x94, 0xcc, 0x0c, 0x7d, 0x02, 0x36, 0x56, 0xda, 0x45, 0x20, 0x90, + 0x48, 0xdb, 0xa4, 0xf5, 0x27, 0xac, 0x22, 0x49, 0x25, 0xaa, 0xd8, 0xa7, + 0x79, 0x38, 0x80, 0xc0, 0x95, 0xc7, 0xd1, 0x5c, 0x17, 0x7c, 0xa7, 0xec, + 0xd2, 0x63, 0xc6, 0xc6, 0x55, 0xfe, 0x78, 0x99, 0x06, 0x2c, 0x6e, 0x4f, + 0xfe, 0xd1, 0x5b, 0x8c, 0x2f, 0xa1, 0x42, 0x03, 0x26, 0x5a, 0x5e, 0xda, + 0xef, 0x43, 0xd2, 0x0e, 0xf9, 0x5f, 0xdb, 0x1d, 0x9c, 0xd1, 0xcb, 0x65, + 0x84, 0x26, 0xed, 0x91, 0x8f, 0x16, 0xb4, 0x1c, 0xc0, 0xb3, 0x8d, 0x79, + 0xae, 0x9b, 0xcb, 0x36, 0x6d, 0xcd, 0x67, 0x1f, 0x87, 0x11, 0x2a, 0x7c, + 0xb1, 0x8c, 0xfb, 0x06, 0xab, 0xd2, 0xd6, 0x2a, 0xe3, 0x45, 0x6c, 0xa5, + 0xc0, 0x19, 0x6b, 0xfc, 0xc3, 0xb7, 0x54, 0x35, 0xda, 0xdf, 0x12, 0x97, + 0x5c, 0xac, 0x59, 0xb4, 0x42, 0x25, 0xef, 0x04, 0xf7, 0x4c, 0xdb, 0x74, + 0xb9, 0x68, 0x8f, 0xee, 0x37, 0x0a, 0xc6, 0x21, 0x86, 0x0f, 0x6f, 0x8e, + 0xab, 0xd5, 0x7b, 0x38, 0x5e, 0x5f, 0x7d, 0xb9, 0x5a, 0xcb, 0xce, 0xa0, + 0x56, 0x37, 0x13, 0x71, 0x4b, 0xba, 0x43, 0x7c, 0xc0, 0xb7, 0x7f, 0x32, + 0xd7, 0x46, 0x27, 0x58, 0xfc, 0xdb, 0xb5, 0x64, 0x20, 0x3b, 0x20, 0x85, + 0x79, 0xa8, 0x9a, 0x22, 0xaf, 0x29, 0x86, 0xc5, 0x9d, 0x23, 0x96, 0x52, + 0xca, 0xc7, 0x9d, 0x92, 0x26, 0xe5, 0x3a, 0x60, 0xd6, 0xad, 0x8d, 0x5a, + 0xd9, 0x29, 0xbe, 0xd5, 0x5c, 0x3a, 0x77, 0xda, 0x34, 0xe2, 0x76, 0xcb, + 0x98, 0xa4, 0xf3, 0x33, 0xf1, 0x68, 0x20, 0x83, 0x95, 0x0b, 0x8d, 0x93, + 0x59, 0x02, 0x0c, 0x8f, 0xe4, 0xc4, 0xb0, 0xe7, 0x61, 0x0d, 0xf9, 0x80, + 0x20, 0x58, 0x40, 0xea, 0xb7, 0x0b, 0x1b, 0xad, 0xe3, 0x30, 0x3b, 0x30, + 0x1f, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, + 0x2d, 0x77, 0x79, 0x79, 0x90, 0x41, 0x75, 0xf4, 0x4a, 0x7f, 0xf7, 0x15, + 0x94, 0x28, 0x62, 0xf7, 0x69, 0xd4, 0x44, 0x27, 0x04, 0x14, 0x2b, 0x2f, + 0xd9, 0x24, 0xc3, 0x8a, 0x34, 0xbb, 0x52, 0x52, 0x7b, 0xf6, 0x0e, 0x7b, + 0xfe, 0x3a, 0x66, 0x47, 0x40, 0x49, 0x02, 0x02, 0x07, 0xd0, +}; + +static bool Test(const char *name, const uint8_t *der, size_t der_len) { + ScopedX509Stack certs(sk_X509_new_null()); + if (!certs) { + return false; + } + + CBS pkcs12; + EVP_PKEY *key = nullptr; + CBS_init(&pkcs12, der, der_len); + if (!PKCS12_get_key_and_certs(&key, certs.get(), &pkcs12, "foo")) { + fprintf(stderr, "PKCS12 failed on %s data.\n", name); + ERR_print_errors_fp(stderr); + return false; + } + ScopedEVP_PKEY delete_key(key); + + if (sk_X509_num(certs.get()) != 1 || key == nullptr) { + fprintf(stderr, "Bad result from %s data.\n", name); + return false; + } + + return true; +} + +static bool TestCompat(const uint8_t *der, size_t der_len) { + ScopedBIO bio(BIO_new_mem_buf((void*) der, der_len)); + if (!bio) { + return false; + } + + ScopedPKCS12 p12(d2i_PKCS12_bio(bio.get(), nullptr)); + if (!p12) { + fprintf(stderr, "PKCS12_parse failed.\n"); + ERR_print_errors_fp(stderr); + return false; + } + + EVP_PKEY *key = nullptr; + X509 *cert = nullptr; + STACK_OF(X509) *ca_certs = nullptr; + if (!PKCS12_parse(p12.get(), "foo", &key, &cert, &ca_certs)) { + fprintf(stderr, "PKCS12_parse failed.\n"); + ERR_print_errors_fp(stderr); + return false; + } + ScopedEVP_PKEY delete_key(key); + ScopedX509 delete_cert(cert); + ScopedX509Stack delete_ca_certs(ca_certs); + + if (key == nullptr || cert == nullptr) { + fprintf(stderr, "Bad result from PKCS12_parse.\n"); + return false; + } + + if (sk_X509_num(ca_certs) != 0) { + fprintf(stderr, "Bad result from PKCS12_parse.\n"); + return false; + } + + return true; +} + +int main(int argc, char **argv) { + CRYPTO_library_init(); + ERR_load_crypto_strings(); + + if (!Test("OpenSSL", kOpenSSL, sizeof(kOpenSSL)) || + !Test("NSS", kNSS, sizeof(kNSS)) || + !Test("Windows", kWindows, sizeof(kWindows)) || + !TestCompat(kWindows, sizeof(kWindows))) { + return 1; + } + + printf("PASS\n"); + return 0; +} diff --git a/src/crypto/pkcs8/pkcs8.c b/src/crypto/pkcs8/pkcs8.c index 0b1dfba..843c74d 100644 --- a/src/crypto/pkcs8/pkcs8.c +++ b/src/crypto/pkcs8/pkcs8.c @@ -123,23 +123,28 @@ static int pkcs12_key_gen_raw(const uint8_t *pass_raw, size_t pass_raw_len, Ai = OPENSSL_malloc(u); B = OPENSSL_malloc(v + 1); Slen = v * ((salt_len + v - 1) / v); - if (pass_raw_len) + if (pass_raw_len) { Plen = v * ((pass_raw_len + v - 1) / v); - else + } else { Plen = 0; + } Ilen = Slen + Plen; I = OPENSSL_malloc(Ilen); Ij = BN_new(); Bpl1 = BN_new(); - if (!D || !Ai || !B || !I || !Ij || !Bpl1) + if (!D || !Ai || !B || !I || !Ij || !Bpl1) { goto err; - for (i = 0; i < v; i++) + } + for (i = 0; i < v; i++) { D[i] = id; + } p = I; - for (i = 0; i < Slen; i++) + for (i = 0; i < Slen; i++) { *p++ = salt[i % salt_len]; - for (i = 0; i < Plen; i++) + } + for (i = 0; i < Plen; i++) { *p++ = pass_raw[i % pass_raw_len]; + } for (;;) { if (!EVP_DigestInit_ex(&ctx, md_type, NULL) || !EVP_DigestUpdate(&ctx, D, v) || @@ -161,31 +166,33 @@ static int pkcs12_key_gen_raw(const uint8_t *pass_raw, size_t pass_raw_len, } out_len -= u; out += u; - for (j = 0; j < v; j++) + for (j = 0; j < v; j++) { B[j] = Ai[j % u]; + } /* Work out B + 1 first then can use B as tmp space */ - if (!BN_bin2bn(B, v, Bpl1)) - goto err; - if (!BN_add_word(Bpl1, 1)) + if (!BN_bin2bn(B, v, Bpl1) || + !BN_add_word(Bpl1, 1)) { goto err; + } for (j = 0; j < Ilen; j += v) { - if (!BN_bin2bn(I + j, v, Ij)) - goto err; - if (!BN_add(Ij, Ij, Bpl1)) - goto err; - if (!BN_bn2bin(Ij, B)) + if (!BN_bin2bn(I + j, v, Ij) || + !BN_add(Ij, Ij, Bpl1) || + !BN_bn2bin(Ij, B)) { goto err; + } Ijlen = BN_num_bytes(Ij); /* If more than 2^(v*8) - 1 cut off MSB */ if (Ijlen > v) { - if (!BN_bn2bin(Ij, B)) + if (!BN_bn2bin(Ij, B)) { goto err; + } memcpy(I + j, B + 1, v); /* If less than v bytes pad with zeroes */ } else if (Ijlen < v) { memset(I + j, 0, v - Ijlen); - if (!BN_bn2bin(Ij, I + j + v - Ijlen)) + if (!BN_bn2bin(Ij, I + j + v - Ijlen)) { goto err; + } } else if (!BN_bn2bin(Ij, I + j)) { goto err; } @@ -427,7 +434,7 @@ PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *pkcs8, const char *pass, pass_len = strlen(pass); } if (!ascii_to_ucs2(pass, pass_len, &pass_raw, &pass_raw_len)) { - OPENSSL_PUT_ERROR(PKCS8, pkcs12_key_gen_asc, PKCS8_R_DECODE_ERROR); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_decrypt, PKCS8_R_DECODE_ERROR); return NULL; } } @@ -491,7 +498,7 @@ X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, const char *pass, pass_len = strlen(pass); } if (!ascii_to_ucs2(pass, pass_len, &pass_raw, &pass_raw_len)) { - OPENSSL_PUT_ERROR(PKCS8, pkcs12_key_gen_asc, PKCS8_R_DECODE_ERROR); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_encrypt, PKCS8_R_DECODE_ERROR); return NULL; } } @@ -547,8 +554,9 @@ EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8) { ASN1_OBJECT *algoid; char obj_tmp[80]; - if (!PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8)) + if (!PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8)) { return NULL; + } pkey = EVP_PKEY_new(); if (pkey == NULL) { @@ -683,9 +691,7 @@ static int PKCS12_handle_content_infos(CBS *content_infos, ret = 1; err: - if (der_bytes != NULL) { - OPENSSL_free(der_bytes); - } + OPENSSL_free(der_bytes); return ret; } @@ -699,7 +705,8 @@ static int PKCS12_handle_content_info(CBS *content_info, unsigned depth, if (!CBS_get_asn1(content_info, &content_type, CBS_ASN1_OBJECT) || !CBS_get_asn1(content_info, &wrapped_contents, CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0)) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_parse, PKCS8_R_BAD_PKCS12_DATA); + OPENSSL_PUT_ERROR(PKCS8, PKCS12_handle_content_info, + PKCS8_R_BAD_PKCS12_DATA); goto err; } @@ -884,27 +891,28 @@ int PKCS12_get_key_and_certs(EVP_PKEY **out_key, STACK_OF(X509) *out_certs, if (!CBS_get_asn1(&in, &pfx, CBS_ASN1_SEQUENCE) || CBS_len(&in) != 0 || !CBS_get_asn1_uint64(&pfx, &version)) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_parse, PKCS8_R_BAD_PKCS12_DATA); + OPENSSL_PUT_ERROR(PKCS8, PKCS12_get_key_and_certs, PKCS8_R_BAD_PKCS12_DATA); goto err; } if (version < 3) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_parse, PKCS8_R_BAD_PKCS12_VERSION); + OPENSSL_PUT_ERROR(PKCS8, PKCS12_get_key_and_certs, + PKCS8_R_BAD_PKCS12_VERSION); goto err; } if (!CBS_get_asn1(&pfx, &authsafe, CBS_ASN1_SEQUENCE)) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_parse, PKCS8_R_BAD_PKCS12_DATA); + OPENSSL_PUT_ERROR(PKCS8, PKCS12_get_key_and_certs, PKCS8_R_BAD_PKCS12_DATA); goto err; } if (CBS_len(&pfx) == 0) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_parse, PKCS8_R_MISSING_MAC); + OPENSSL_PUT_ERROR(PKCS8, PKCS12_get_key_and_certs, PKCS8_R_MISSING_MAC); goto err; } if (!CBS_get_asn1(&pfx, &mac_data, CBS_ASN1_SEQUENCE)) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_parse, PKCS8_R_BAD_PKCS12_DATA); + OPENSSL_PUT_ERROR(PKCS8, PKCS12_get_key_and_certs, PKCS8_R_BAD_PKCS12_DATA); goto err; } @@ -913,7 +921,7 @@ int PKCS12_get_key_and_certs(EVP_PKEY **out_key, STACK_OF(X509) *out_certs, if (!CBS_get_asn1(&authsafe, &content_type, CBS_ASN1_OBJECT) || !CBS_get_asn1(&authsafe, &wrapped_authsafes, CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0)) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_parse, PKCS8_R_BAD_PKCS12_DATA); + OPENSSL_PUT_ERROR(PKCS8, PKCS12_get_key_and_certs, PKCS8_R_BAD_PKCS12_DATA); goto err; } @@ -921,13 +929,13 @@ int PKCS12_get_key_and_certs(EVP_PKEY **out_key, STACK_OF(X509) *out_certs, * latter indicates that it's signed by a public key, which isn't * supported. */ if (OBJ_cbs2nid(&content_type) != NID_pkcs7_data) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_parse, + OPENSSL_PUT_ERROR(PKCS8, PKCS12_get_key_and_certs, PKCS8_R_PKCS12_PUBLIC_KEY_INTEGRITY_NOT_SUPPORTED); goto err; } if (!CBS_get_asn1(&wrapped_authsafes, &authsafes, CBS_ASN1_OCTETSTRING)) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_parse, PKCS8_R_BAD_PKCS12_DATA); + OPENSSL_PUT_ERROR(PKCS8, PKCS12_get_key_and_certs, PKCS8_R_BAD_PKCS12_DATA); goto err; } @@ -935,7 +943,7 @@ int PKCS12_get_key_and_certs(EVP_PKEY **out_key, STACK_OF(X509) *out_certs, ctx.out_certs = out_certs; if (!ascii_to_ucs2(password, strlen(password), &ctx.password, &ctx.password_len)) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_parse, PKCS8_R_DECODE_ERROR); + OPENSSL_PUT_ERROR(PKCS8, PKCS12_get_key_and_certs, PKCS8_R_DECODE_ERROR); goto err; } @@ -954,7 +962,7 @@ int PKCS12_get_key_and_certs(EVP_PKEY **out_key, STACK_OF(X509) *out_certs, !CBS_get_asn1(&hash_type_seq, &hash_oid, CBS_ASN1_OBJECT) || !CBS_get_asn1(&mac, &expected_mac, CBS_ASN1_OCTETSTRING) || !CBS_get_asn1(&mac_data, &salt, CBS_ASN1_OCTETSTRING)) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_parse, PKCS8_R_BAD_PKCS12_DATA); + OPENSSL_PUT_ERROR(PKCS8, PKCS12_get_key_and_certs, PKCS8_R_BAD_PKCS12_DATA); goto err; } @@ -963,7 +971,8 @@ int PKCS12_get_key_and_certs(EVP_PKEY **out_key, STACK_OF(X509) *out_certs, if (CBS_len(&mac_data) > 0) { if (!CBS_get_asn1_uint64(&mac_data, &iterations) || iterations > INT_MAX) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_parse, PKCS8_R_BAD_PKCS12_DATA); + OPENSSL_PUT_ERROR(PKCS8, PKCS12_get_key_and_certs, + PKCS8_R_BAD_PKCS12_DATA); goto err; } } @@ -971,7 +980,7 @@ int PKCS12_get_key_and_certs(EVP_PKEY **out_key, STACK_OF(X509) *out_certs, hash_nid = OBJ_cbs2nid(&hash_oid); if (hash_nid == NID_undef || (md = EVP_get_digestbynid(hash_nid)) == NULL) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_parse, PKCS8_R_UNKNOWN_HASH); + OPENSSL_PUT_ERROR(PKCS8, PKCS12_get_key_and_certs, PKCS8_R_UNKNOWN_HASH); goto err; } @@ -987,7 +996,8 @@ int PKCS12_get_key_and_certs(EVP_PKEY **out_key, STACK_OF(X509) *out_certs, } if (!CBS_mem_equal(&expected_mac, hmac, hmac_len)) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_parse, PKCS8_R_INCORRECT_PASSWORD); + OPENSSL_PUT_ERROR(PKCS8, PKCS12_get_key_and_certs, + PKCS8_R_INCORRECT_PASSWORD); goto err; } } @@ -1000,17 +1010,11 @@ int PKCS12_get_key_and_certs(EVP_PKEY **out_key, STACK_OF(X509) *out_certs, ret = 1; err: - if (ctx.password) { - OPENSSL_free(ctx.password); - } - if (der_bytes) { - OPENSSL_free(der_bytes); - } + OPENSSL_free(ctx.password); + OPENSSL_free(der_bytes); if (!ret) { - if (*out_key) { - EVP_PKEY_free(*out_key); - *out_key = NULL; - } + EVP_PKEY_free(*out_key); + *out_key = NULL; while (sk_X509_num(out_certs) > original_out_certs_len) { X509 *x509 = sk_X509_pop(out_certs); X509_free(x509); diff --git a/src/crypto/pkcs8/pkcs8_error.c b/src/crypto/pkcs8/pkcs8_error.c deleted file mode 100644 index 3041658..0000000 --- a/src/crypto/pkcs8/pkcs8_error.c +++ /dev/null @@ -1,68 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#include - -#include - -const ERR_STRING_DATA PKCS8_error_string_data[] = { - {ERR_PACK(ERR_LIB_PKCS8, PKCS8_F_EVP_PKCS82PKEY, 0), "EVP_PKCS82PKEY"}, - {ERR_PACK(ERR_LIB_PKCS8, PKCS8_F_EVP_PKEY2PKCS8, 0), "EVP_PKEY2PKCS8"}, - {ERR_PACK(ERR_LIB_PKCS8, PKCS8_F_PKCS12_get_key_and_certs, 0), "PKCS12_get_key_and_certs"}, - {ERR_PACK(ERR_LIB_PKCS8, PKCS8_F_PKCS12_handle_content_info, 0), "PKCS12_handle_content_info"}, - {ERR_PACK(ERR_LIB_PKCS8, PKCS8_F_PKCS12_handle_content_infos, 0), "PKCS12_handle_content_infos"}, - {ERR_PACK(ERR_LIB_PKCS8, PKCS8_F_PKCS12_parse, 0), "PKCS12_parse"}, - {ERR_PACK(ERR_LIB_PKCS8, PKCS8_F_PKCS5_pbe2_set_iv, 0), "PKCS5_pbe2_set_iv"}, - {ERR_PACK(ERR_LIB_PKCS8, PKCS8_F_PKCS5_pbe_set, 0), "PKCS5_pbe_set"}, - {ERR_PACK(ERR_LIB_PKCS8, PKCS8_F_PKCS5_pbe_set0_algor, 0), "PKCS5_pbe_set0_algor"}, - {ERR_PACK(ERR_LIB_PKCS8, PKCS8_F_PKCS5_pbkdf2_set, 0), "PKCS5_pbkdf2_set"}, - {ERR_PACK(ERR_LIB_PKCS8, PKCS8_F_PKCS8_decrypt, 0), "PKCS8_decrypt"}, - {ERR_PACK(ERR_LIB_PKCS8, PKCS8_F_PKCS8_encrypt, 0), "PKCS8_encrypt"}, - {ERR_PACK(ERR_LIB_PKCS8, PKCS8_F_PKCS8_encrypt_pbe, 0), "PKCS8_encrypt_pbe"}, - {ERR_PACK(ERR_LIB_PKCS8, PKCS8_F_pbe_cipher_init, 0), "pbe_cipher_init"}, - {ERR_PACK(ERR_LIB_PKCS8, PKCS8_F_pbe_crypt, 0), "pbe_crypt"}, - {ERR_PACK(ERR_LIB_PKCS8, PKCS8_F_pkcs12_item_decrypt_d2i, 0), "pkcs12_item_decrypt_d2i"}, - {ERR_PACK(ERR_LIB_PKCS8, PKCS8_F_pkcs12_item_i2d_encrypt, 0), "pkcs12_item_i2d_encrypt"}, - {ERR_PACK(ERR_LIB_PKCS8, PKCS8_F_pkcs12_key_gen_asc, 0), "pkcs12_key_gen_asc"}, - {ERR_PACK(ERR_LIB_PKCS8, PKCS8_F_pkcs12_key_gen_raw, 0), "pkcs12_key_gen_raw"}, - {ERR_PACK(ERR_LIB_PKCS8, PKCS8_F_pkcs12_key_gen_uni, 0), "pkcs12_key_gen_uni"}, - {ERR_PACK(ERR_LIB_PKCS8, PKCS8_F_pkcs12_pbe_keyivgen, 0), "pkcs12_pbe_keyivgen"}, - {ERR_PACK(ERR_LIB_PKCS8, 0, PKCS8_R_BAD_MAC), "BAD_MAC"}, - {ERR_PACK(ERR_LIB_PKCS8, 0, PKCS8_R_BAD_PKCS12_DATA), "BAD_PKCS12_DATA"}, - {ERR_PACK(ERR_LIB_PKCS8, 0, PKCS8_R_BAD_PKCS12_VERSION), "BAD_PKCS12_VERSION"}, - {ERR_PACK(ERR_LIB_PKCS8, 0, PKCS8_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER), "CIPHER_HAS_NO_OBJECT_IDENTIFIER"}, - {ERR_PACK(ERR_LIB_PKCS8, 0, PKCS8_R_CRYPT_ERROR), "CRYPT_ERROR"}, - {ERR_PACK(ERR_LIB_PKCS8, 0, PKCS8_R_DECODE_ERROR), "DECODE_ERROR"}, - {ERR_PACK(ERR_LIB_PKCS8, 0, PKCS8_R_ENCODE_ERROR), "ENCODE_ERROR"}, - {ERR_PACK(ERR_LIB_PKCS8, 0, PKCS8_R_ENCRYPT_ERROR), "ENCRYPT_ERROR"}, - {ERR_PACK(ERR_LIB_PKCS8, 0, PKCS8_R_ERROR_SETTING_CIPHER_PARAMS), "ERROR_SETTING_CIPHER_PARAMS"}, - {ERR_PACK(ERR_LIB_PKCS8, 0, PKCS8_R_INCORRECT_PASSWORD), "INCORRECT_PASSWORD"}, - {ERR_PACK(ERR_LIB_PKCS8, 0, PKCS8_R_KEYGEN_FAILURE), "KEYGEN_FAILURE"}, - {ERR_PACK(ERR_LIB_PKCS8, 0, PKCS8_R_KEY_GEN_ERROR), "KEY_GEN_ERROR"}, - {ERR_PACK(ERR_LIB_PKCS8, 0, PKCS8_R_METHOD_NOT_SUPPORTED), "METHOD_NOT_SUPPORTED"}, - {ERR_PACK(ERR_LIB_PKCS8, 0, PKCS8_R_MISSING_MAC), "MISSING_MAC"}, - {ERR_PACK(ERR_LIB_PKCS8, 0, PKCS8_R_MULTIPLE_PRIVATE_KEYS_IN_PKCS12), "MULTIPLE_PRIVATE_KEYS_IN_PKCS12"}, - {ERR_PACK(ERR_LIB_PKCS8, 0, PKCS8_R_PKCS12_PUBLIC_KEY_INTEGRITY_NOT_SUPPORTED), "PKCS12_PUBLIC_KEY_INTEGRITY_NOT_SUPPORTED"}, - {ERR_PACK(ERR_LIB_PKCS8, 0, PKCS8_R_PKCS12_TOO_DEEPLY_NESTED), "PKCS12_TOO_DEEPLY_NESTED"}, - {ERR_PACK(ERR_LIB_PKCS8, 0, PKCS8_R_PRIVATE_KEY_DECODE_ERROR), "PRIVATE_KEY_DECODE_ERROR"}, - {ERR_PACK(ERR_LIB_PKCS8, 0, PKCS8_R_PRIVATE_KEY_ENCODE_ERROR), "PRIVATE_KEY_ENCODE_ERROR"}, - {ERR_PACK(ERR_LIB_PKCS8, 0, PKCS8_R_TOO_LONG), "TOO_LONG"}, - {ERR_PACK(ERR_LIB_PKCS8, 0, PKCS8_R_UNKNOWN_ALGORITHM), "UNKNOWN_ALGORITHM"}, - {ERR_PACK(ERR_LIB_PKCS8, 0, PKCS8_R_UNKNOWN_CIPHER), "UNKNOWN_CIPHER"}, - {ERR_PACK(ERR_LIB_PKCS8, 0, PKCS8_R_UNKNOWN_CIPHER_ALGORITHM), "UNKNOWN_CIPHER_ALGORITHM"}, - {ERR_PACK(ERR_LIB_PKCS8, 0, PKCS8_R_UNKNOWN_DIGEST), "UNKNOWN_DIGEST"}, - {ERR_PACK(ERR_LIB_PKCS8, 0, PKCS8_R_UNKNOWN_HASH), "UNKNOWN_HASH"}, - {ERR_PACK(ERR_LIB_PKCS8, 0, PKCS8_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM), "UNSUPPORTED_PRIVATE_KEY_ALGORITHM"}, - {0, NULL}, -}; diff --git a/src/crypto/poly1305/poly1305.c b/src/crypto/poly1305/poly1305.c index bf5cd5e..5a49e2d 100644 --- a/src/crypto/poly1305/poly1305.c +++ b/src/crypto/poly1305/poly1305.c @@ -132,19 +132,23 @@ poly1305_donna_mul: b = (uint32_t)(t[4] >> 26); state->h0 += b * 5; - if (len >= 16) + if (len >= 16) { goto poly1305_donna_16bytes; + } /* final bytes */ poly1305_donna_atmost15bytes: - if (!len) + if (!len) { return; + } - for (j = 0; j < len; j++) + for (j = 0; j < len; j++) { mp[j] = in[j]; + } mp[j++] = 1; - for (; j < 16; j++) + for (; j < 16; j++) { mp[j] = 0; + } len = 0; t0 = U8TO32_LE(mp + 0); @@ -221,10 +225,12 @@ void CRYPTO_poly1305_update(poly1305_state *statep, const uint8_t *in, if (state->buf_used) { unsigned int todo = 16 - state->buf_used; - if (todo > in_len) + if (todo > in_len) { todo = in_len; - for (i = 0; i < todo; i++) + } + for (i = 0; i < todo; i++) { state->buf[state->buf_used + i] = in[i]; + } state->buf_used += todo; in_len -= todo; in += todo; @@ -243,8 +249,9 @@ void CRYPTO_poly1305_update(poly1305_state *statep, const uint8_t *in, } if (in_len) { - for (i = 0; i < in_len; i++) + for (i = 0; i < in_len; i++) { state->buf[i] = in[i]; + } state->buf_used = in_len; } } @@ -262,8 +269,9 @@ void CRYPTO_poly1305_finish(poly1305_state *statep, uint8_t mac[16]) { } #endif - if (state->buf_used) + if (state->buf_used) { poly1305_update(state, state->buf, state->buf_used); + } b = state->h0 >> 26; state->h0 = state->h0 & 0x3ffffff; diff --git a/src/crypto/poly1305/poly1305_arm.c b/src/crypto/poly1305/poly1305_arm.c index 61ebec5..c06eded 100644 --- a/src/crypto/poly1305/poly1305_arm.c +++ b/src/crypto/poly1305/poly1305_arm.c @@ -135,13 +135,15 @@ static void fe1305x2_frombytearray(fe1305x2 *r, const uint8_t *x, int i; uint8_t t[17]; - for (i = 0; (i < 16) && (i < xlen); i++) + for (i = 0; (i < 16) && (i < xlen); i++) { t[i] = x[i]; + } xlen -= i; x += i; t[i++] = 1; - for (; i < 17; i++) + for (; i < 17; i++) { t[i] = 0; + } r->v[0] = 0x3ffffff & load32(t); r->v[2] = 0x3ffffff & (load32(t + 3) >> 2); @@ -150,19 +152,22 @@ static void fe1305x2_frombytearray(fe1305x2 *r, const uint8_t *x, r->v[8] = load32(t + 13); if (xlen) { - for (i = 0; (i < 16) && (i < xlen); i++) + for (i = 0; (i < 16) && (i < xlen); i++) { t[i] = x[i]; + } t[i++] = 1; - for (; i < 17; i++) + for (; i < 17; i++) { t[i] = 0; + } r->v[1] = 0x3ffffff & load32(t); r->v[3] = 0x3ffffff & (load32(t + 3) >> 2); r->v[5] = 0x3ffffff & (load32(t + 6) >> 4); r->v[7] = 0x3ffffff & (load32(t + 9) >> 6); r->v[9] = load32(t + 13); - } else + } else { r->v[1] = r->v[3] = r->v[5] = r->v[7] = r->v[9] = 0; + } } static const fe1305x2 zero __attribute__((aligned(16))); @@ -188,8 +193,9 @@ void CRYPTO_poly1305_init_neon(poly1305_state *state, const uint8_t key[32]) { r->v[7] = r->v[6] = 0x3f03fff & ((*(uint32_t *)(key + 9)) >> 6); r->v[9] = r->v[8] = 0x00fffff & ((*(uint32_t *)(key + 12)) >> 8); - for (j = 0; j < 10; j++) + for (j = 0; j < 10; j++) { h->v[j] = 0; /* XXX: should fast-forward a bit */ + } addmulmod(precomp, r, r, &zero); /* precompute r^2 */ addmulmod(precomp + 1, precomp, precomp, &zero); /* precompute r^4 */ @@ -209,10 +215,12 @@ void CRYPTO_poly1305_update_neon(poly1305_state *state, const uint8_t *in, if (st->buf_used) { unsigned int todo = 32 - st->buf_used; - if (todo > in_len) + if (todo > in_len) { todo = in_len; - for (i = 0; i < todo; i++) + } + for (i = 0; i < todo; i++) { st->buf[st->buf_used + i] = in[i]; + } st->buf_used += todo; in_len -= todo; in += todo; @@ -220,24 +228,27 @@ void CRYPTO_poly1305_update_neon(poly1305_state *state, const uint8_t *in, if (st->buf_used == sizeof(st->buf) && in_len) { addmulmod(h, h, precomp, &zero); fe1305x2_frombytearray(c, st->buf, sizeof(st->buf)); - for (i = 0; i < 10; i++) + for (i = 0; i < 10; i++) { h->v[i] += c->v[i]; + } st->buf_used = 0; } } while (in_len > 32) { unsigned int tlen = 1048576; - if (in_len < tlen) + if (in_len < tlen) { tlen = in_len; + } tlen -= blocks(h, precomp, in, tlen); in_len -= tlen; in += tlen; } if (in_len) { - for (i = 0; i < in_len; i++) + for (i = 0; i < in_len; i++) { st->buf[i] = in[i]; + } st->buf_used = in_len; } } diff --git a/src/crypto/poly1305/poly1305_vec.c b/src/crypto/poly1305/poly1305_vec.c index 89fcacb..07578d0 100644 --- a/src/crypto/poly1305/poly1305_vec.c +++ b/src/crypto/poly1305/poly1305_vec.c @@ -727,8 +727,9 @@ void CRYPTO_poly1305_update(poly1305_state *state, const uint8_t *m, bytes -= want; m += want; st->leftover += want; - if ((st->leftover < 32) || (bytes == 0)) + if ((st->leftover < 32) || (bytes == 0)) { return; + } poly1305_first_block(st, st->buffer); st->leftover = 0; } @@ -742,8 +743,9 @@ void CRYPTO_poly1305_update(poly1305_state *state, const uint8_t *m, bytes -= want; m += want; st->leftover += want; - if (st->leftover < 64) + if (st->leftover < 64) { return; + } poly1305_blocks(st, st->buffer, 64); st->leftover = 0; } @@ -791,8 +793,9 @@ void CRYPTO_poly1305_finish(poly1305_state *state, uint8_t mac[16]) { s1 = r1 * (5 << 2); s2 = r2 * (5 << 2); - if (leftover < 16) + if (leftover < 16) { goto poly1305_donna_atmost15bytes; + } poly1305_donna_atleast16bytes: t0 = U8TO64_LE(m + 0); @@ -821,13 +824,15 @@ poly1305_donna_mul: m += 16; leftover -= 16; - if (leftover >= 16) + if (leftover >= 16) { goto poly1305_donna_atleast16bytes; + } /* final bytes */ poly1305_donna_atmost15bytes: - if (!leftover) + if (!leftover) { goto poly1305_donna_finish; + } m[leftover++] = 1; poly1305_block_zero(m + leftover, 16 - leftover); diff --git a/src/crypto/rand/CMakeLists.txt b/src/crypto/rand/CMakeLists.txt index 23c1b24..374d8f1 100644 --- a/src/crypto/rand/CMakeLists.txt +++ b/src/crypto/rand/CMakeLists.txt @@ -1,5 +1,13 @@ include_directories(. .. ../../include) +if (${ARCH} STREQUAL "x86_64") + set( + RAND_ARCH_SOURCES + + rdrand-x86_64.${ASM_EXT} + ) +endif() + add_library( rand @@ -8,4 +16,9 @@ add_library( rand.c urandom.c windows.c + hwrand.c + + ${RAND_ARCH_SOURCES} ) + +perlasm(rdrand-x86_64.${ASM_EXT} asm/rdrand-x86_64.pl) diff --git a/src/crypto/rand/asm/rdrand-x86_64.pl b/src/crypto/rand/asm/rdrand-x86_64.pl new file mode 100644 index 0000000..a917611 --- /dev/null +++ b/src/crypto/rand/asm/rdrand-x86_64.pl @@ -0,0 +1,25 @@ +#!/usr/bin/env perl + +$flavour = shift; +$output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or +die "can't locate x86_64-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +print<<___; +.text + +.globl CRYPTO_rdrand +.type CRYPTO_rdrand,\@function,1 +.align 16 +CRYPTO_rdrand: + .byte 0x48, 0x0f, 0xc7, 0xf0 + retq +___ + +close STDOUT; # flush diff --git a/src/crypto/rand/hwrand.c b/src/crypto/rand/hwrand.c new file mode 100644 index 0000000..73d3de7 --- /dev/null +++ b/src/crypto/rand/hwrand.c @@ -0,0 +1,56 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include + +#include +#include + +#include + + +#if defined(OPENSSL_X86_64) && !defined(OPENSSL_NO_ASM) + +int CRYPTO_have_hwrand(void) { + return (OPENSSL_ia32cap_P[1] & (1u << 30)) != 0; +} + +/* CRYPTO_rdrand is defined in asm/rdrand-x86_64.pl */ +extern uint64_t CRYPTO_rdrand(void); + +void CRYPTO_hwrand(uint8_t *buf, size_t len) { + while (len >= 8) { + uint64_t rand = CRYPTO_rdrand(); + memcpy(buf, &rand, sizeof(rand)); + len -= sizeof(rand); + buf += sizeof(rand); + } + + if (len > 0) { + uint64_t rand = CRYPTO_rdrand(); + memcpy(buf, &rand, len); + } +} + +#else + +int CRYPTO_have_hwrand(void) { + return 0; +} + +void CRYPTO_hwrand(uint8_t *buf, size_t len) { + abort(); +} + +#endif diff --git a/src/crypto/rand/internal.h b/src/crypto/rand/internal.h new file mode 100644 index 0000000..1cca7f3 --- /dev/null +++ b/src/crypto/rand/internal.h @@ -0,0 +1,40 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#ifndef OPENSSL_HEADER_CRYPTO_RAND_INTERNAL_H +#define OPENSSL_HEADER_CRYPTO_RAND_INTERNAL_H + +#if defined(__cplusplus) +extern "C" { +#endif + + +/* CRYPTO_sysrand fills |len| bytes at |buf| with entropy from the operating + * system. */ +void CRYPTO_sysrand(uint8_t *buf, size_t len); + +/* CRYPTO_have_hwrand returns one iff |CRYPTO_hwrand| can be called to generate + * hardware entropy. */ +int CRYPTO_have_hwrand(void); + +/* CRYPTO_hwrand fills |len| bytes at |buf| with entropy from the hardware. + * This function can only be called if |CRYPTO_have_hwrand| returns one. */ +void CRYPTO_hwrand(uint8_t *buf, size_t len); + + +#if defined(__cplusplus) +} /* extern C */ +#endif + +#endif /* OPENSSL_HEADER_CRYPTO_RAND_INTERNAL_H */ diff --git a/src/crypto/rand/rand.c b/src/crypto/rand/rand.c index efd6c0a..ae30edb 100644 --- a/src/crypto/rand/rand.c +++ b/src/crypto/rand/rand.c @@ -14,6 +14,134 @@ #include +#include + +#include + +#include "internal.h" +#include "../internal.h" + + +/* It's assumed that the operating system always has an unfailing source of + * entropy which is accessed via |CRYPTO_sysrand|. (If the operating system + * entropy source fails, it's up to |CRYPTO_sysrand| to abort the process—we + * don't try to handle it.) + * + * In addition, the hardware may provide a low-latency RNG. Intel's rdrand + * instruction is the canonical example of this. When a hardware RNG is + * available we don't need to worry about an RNG failure arising from fork()ing + * the process or moving a VM, so we can keep thread-local RNG state and XOR + * the hardware entropy in. + * + * (We assume that the OS entropy is safe from fork()ing and VM duplication. + * This might be a bit of a leap of faith, esp on Windows, but there's nothing + * that we can do about it.) */ + +/* rand_thread_state contains the per-thread state for the RNG. This is only + * used if the system has support for a hardware RNG. */ +struct rand_thread_state { + uint8_t key[32]; + uint64_t calls_used; + size_t bytes_used; + uint8_t partial_block[64]; + unsigned partial_block_used; +}; + +/* kMaxCallsPerRefresh is the maximum number of |RAND_bytes| calls that we'll + * serve before reading a new key from the operating system. This only applies + * if we have a hardware RNG. */ +static const unsigned kMaxCallsPerRefresh = 1024; + +/* kMaxBytesPerRefresh is the maximum number of bytes that we'll return from + * |RAND_bytes| before reading a new key from the operating system. This only + * applies if we have a hardware RNG. */ +static const uint64_t kMaxBytesPerRefresh = 1024 * 1024; + +/* rand_thread_state_free frees a |rand_thread_state|. This is called when a + * thread exits. */ +static void rand_thread_state_free(void *state) { + if (state == NULL) { + return; + } + + OPENSSL_cleanse(state, sizeof(struct rand_thread_state)); + OPENSSL_free(state); +} + +extern void CRYPTO_chacha_20(uint8_t *out, const uint8_t *in, size_t in_len, + const uint8_t key[32], const uint8_t nonce[8], + size_t counter); + +int RAND_bytes(uint8_t *buf, size_t len) { + if (len == 0) { + return 1; + } + + if (!CRYPTO_have_hwrand()) { + /* Without a hardware RNG to save us from address-space duplication, the OS + * entropy is used directly. */ + CRYPTO_sysrand(buf, len); + return 1; + } + + struct rand_thread_state *state = + CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_RAND); + if (state == NULL) { + state = OPENSSL_malloc(sizeof(struct rand_thread_state)); + if (state == NULL || + !CRYPTO_set_thread_local(OPENSSL_THREAD_LOCAL_RAND, state, + rand_thread_state_free)) { + CRYPTO_sysrand(buf, len); + return 1; + } + + state->calls_used = kMaxCallsPerRefresh; + } + + if (state->calls_used >= kMaxCallsPerRefresh || + state->bytes_used >= kMaxBytesPerRefresh) { + CRYPTO_sysrand(state->key, sizeof(state->key)); + state->calls_used = 0; + state->bytes_used = 0; + state->partial_block_used = sizeof(state->partial_block); + } + + CRYPTO_hwrand(buf, len); + + if (len >= sizeof(state->partial_block)) { + size_t remaining = len; + while (remaining > 0) { + // kMaxBytesPerCall is only 2GB, while ChaCha can handle 256GB. But this + // is sufficient and easier on 32-bit. + static const size_t kMaxBytesPerCall = 0x80000000; + size_t todo = remaining; + if (todo > kMaxBytesPerCall) { + todo = kMaxBytesPerCall; + } + CRYPTO_chacha_20(buf, buf, todo, state->key, + (uint8_t *)&state->calls_used, 0); + buf += todo; + remaining -= todo; + state->calls_used++; + } + } else { + if (sizeof(state->partial_block) - state->partial_block_used < len) { + CRYPTO_chacha_20(state->partial_block, state->partial_block, + sizeof(state->partial_block), state->key, + (uint8_t *)&state->calls_used, 0); + state->partial_block_used = 0; + } + + unsigned i; + for (i = 0; i < len; i++) { + buf[i] ^= state->partial_block[state->partial_block_used++]; + } + state->calls_used++; + } + state->bytes_used += len; + + return 1; +} int RAND_pseudo_bytes(uint8_t *buf, size_t len) { return RAND_bytes(buf, len); diff --git a/src/crypto/rand/urandom.c b/src/crypto/rand/urandom.c index 2ad4af0..788a979 100644 --- a/src/crypto/rand/urandom.c +++ b/src/crypto/rand/urandom.c @@ -19,13 +19,15 @@ #include #include #include -#include #include #include #include #include +#include "internal.h" +#include "../internal.h" + /* This file implements a PRNG by reading from /dev/urandom, optionally with a * fork-safe buffer. @@ -73,23 +75,26 @@ struct rand_buffer { /* rand_bytes_per_buf is the number of actual entropy bytes in a buffer. */ static const size_t rand_bytes_per_buf = BUF_SIZE - sizeof(struct rand_buffer); +static struct CRYPTO_STATIC_MUTEX global_lock = CRYPTO_STATIC_MUTEX_INIT; + /* list_head is the start of a global, linked-list of rand_buffer objects. It's - * protected by CRYPTO_LOCK_RAND. */ + * protected by |global_lock|. */ static struct rand_buffer *list_head; /* urandom_fd is a file descriptor to /dev/urandom. It's protected by - * CRYPTO_LOCK_RAND. */ + * |global_lock|. */ static int urandom_fd = -2; /* urandom_buffering controls whether buffering is enabled (1) or not (0). This - * is protected by CRYPTO_LOCK_RAND. */ + * is protected by |global_lock|. */ static int urandom_buffering = 0; /* urandom_get_fd_locked returns a file descriptor to /dev/urandom. The caller - * of this function must hold CRYPTO_LOCK_RAND. */ + * of this function must hold |global_lock|. */ static int urandom_get_fd_locked(void) { - if (urandom_fd != -2) + if (urandom_fd != -2) { return urandom_fd; + } urandom_fd = open("/dev/urandom", O_RDONLY); return urandom_fd; @@ -100,7 +105,7 @@ static int urandom_get_fd_locked(void) { void RAND_cleanup(void) { struct rand_buffer *cur; - CRYPTO_w_lock(CRYPTO_LOCK_RAND); + CRYPTO_STATIC_MUTEX_lock_write(&global_lock); while ((cur = list_head)) { list_head = cur->next; OPENSSL_free(cur); @@ -110,7 +115,7 @@ void RAND_cleanup(void) { } urandom_fd = -2; list_head = NULL; - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + CRYPTO_STATIC_MUTEX_unlock(&global_lock); } /* read_full reads exactly |len| bytes from |fd| into |out| and returns 1. In @@ -133,36 +138,34 @@ static char read_full(int fd, uint8_t *out, size_t len) { return 1; } -/* urandom_rand_pseudo_bytes puts |num| random bytes into |out|. It returns - * one on success and zero otherwise. */ -int RAND_bytes(uint8_t *out, size_t requested) { +/* CRYPTO_sysrand puts |num| random bytes into |out|. */ +void CRYPTO_sysrand(uint8_t *out, size_t requested) { int fd; struct rand_buffer *buf; size_t todo; pid_t pid, ppid; if (requested == 0) { - return 1; + return; } - CRYPTO_w_lock(CRYPTO_LOCK_RAND); + CRYPTO_STATIC_MUTEX_lock_write(&global_lock); fd = urandom_get_fd_locked(); if (fd < 0) { - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + CRYPTO_STATIC_MUTEX_unlock(&global_lock); abort(); - return 0; + return; } /* If buffering is not enabled, or if the request is large, then the * result comes directly from urandom. */ if (!urandom_buffering || requested > BUF_SIZE / 2) { - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + CRYPTO_STATIC_MUTEX_unlock(&global_lock); if (!read_full(fd, out, requested)) { abort(); - return 0; } - return 1; + return; } pid = getpid(); @@ -174,8 +177,8 @@ int RAND_bytes(uint8_t *out, size_t requested) { rand_bytes_per_buf - buf->used >= requested) { memcpy(out, &buf->rand[buf->used], requested); buf->used += requested; - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); - return 1; + CRYPTO_STATIC_MUTEX_unlock(&global_lock); + return; } /* If we don't immediately have enough entropy with the correct @@ -184,10 +187,14 @@ int RAND_bytes(uint8_t *out, size_t requested) { if (buf) { list_head = buf->next; } - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + CRYPTO_STATIC_MUTEX_unlock(&global_lock); if (!buf) { buf = (struct rand_buffer *)OPENSSL_malloc(BUF_SIZE); + if (!buf) { + abort(); + return; + } /* The buffer doesn't contain any random bytes yet * so we mark it as fully used so that it will be * filled below. */ @@ -204,7 +211,7 @@ int RAND_bytes(uint8_t *out, size_t requested) { /* We have forked and so cannot use these bytes as they * may have been used in another process. */ OPENSSL_free(buf); - CRYPTO_w_lock(CRYPTO_LOCK_RAND); + CRYPTO_STATIC_MUTEX_lock_write(&global_lock); } while (requested > 0) { @@ -224,18 +231,17 @@ int RAND_bytes(uint8_t *out, size_t requested) { if (!read_full(fd, buf->rand, rand_bytes_per_buf)) { OPENSSL_free(buf); abort(); - return 0; + return; } buf->used = 0; } - CRYPTO_w_lock(CRYPTO_LOCK_RAND); + CRYPTO_STATIC_MUTEX_lock_write(&global_lock); assert(list_head != buf); buf->next = list_head; list_head = buf; - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); - return 1; + CRYPTO_STATIC_MUTEX_unlock(&global_lock); } #endif /* !OPENSSL_WINDOWS */ diff --git a/src/crypto/rand/windows.c b/src/crypto/rand/windows.c index e8b2d78..7bfcb1d 100644 --- a/src/crypto/rand/windows.c +++ b/src/crypto/rand/windows.c @@ -27,16 +27,18 @@ * "Community Additions" comment on MSDN here: * http://msdn.microsoft.com/en-us/library/windows/desktop/aa387694.aspx */ #define SystemFunction036 NTAPI SystemFunction036 -#include +#include #undef SystemFunction036 #pragma warning(pop) +#include "internal.h" + void RAND_cleanup(void) { } -int RAND_bytes(uint8_t *out, size_t requested) { +void CRYPTO_sysrand(uint8_t *out, size_t requested) { while (requested > 0) { ULONG output_bytes_this_pass = ULONG_MAX; if (requested < output_bytes_this_pass) { @@ -48,7 +50,7 @@ int RAND_bytes(uint8_t *out, size_t requested) { requested -= output_bytes_this_pass; out += output_bytes_this_pass; } - return 1; + return; } #endif /* OPENSSL_WINDOWS */ diff --git a/src/crypto/rc4/asm/rc4-x86_64.pl b/src/crypto/rc4/asm/rc4-x86_64.pl index 2c52ac0..db46242 100644 --- a/src/crypto/rc4/asm/rc4-x86_64.pl +++ b/src/crypto/rc4/asm/rc4-x86_64.pl @@ -502,32 +502,6 @@ asm_RC4_set_key: mov %eax,-4($dat) ret .size asm_RC4_set_key,.-asm_RC4_set_key - -.globl RC4_options -.type RC4_options,\@abi-omnipotent -.align 16 -RC4_options: - lea .Lopts(%rip),%rax - mov OPENSSL_ia32cap_P(%rip),%rdx - mov (%rdx),%edx - bt \$20,%edx - jc .L8xchar - bt \$30,%edx - jnc .Ldone - add \$25,%rax - ret -.L8xchar: - add \$12,%rax -.Ldone: - ret -.align 64 -.Lopts: -.asciz "rc4(8x,int)" -.asciz "rc4(8x,char)" -.asciz "rc4(16x,int)" -.asciz "RC4 for x86_64, CRYPTOGAMS by " -.align 64 -.size RC4_options,.-RC4_options ___ # EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, diff --git a/src/crypto/rc4/rc4.c b/src/crypto/rc4/rc4.c index 00b59c8..2a98fd0 100644 --- a/src/crypto/rc4/rc4.c +++ b/src/crypto/rc4/rc4.c @@ -67,8 +67,6 @@ #error "Unknown word size" #endif -#define RC4_INT uint32_t - /* RC4 as implemented from a posting from * Newsgroups: sci.crypt @@ -78,44 +76,14 @@ * Date: Wed, 14 Sep 1994 06:35:31 GMT */ void RC4(RC4_KEY *key, size_t len, const uint8_t *in, uint8_t *out) { - register RC4_INT *d; - register RC4_INT x, y, tx, ty; + uint32_t *d; + uint32_t x, y, tx, ty; size_t i; x = key->x; y = key->y; d = key->data; -#if defined(RC4_CHUNK) -/* The original reason for implementing this(*) was the fact that - * pre-21164a Alpha CPUs don't have byte load/store instructions - * and e.g. a byte store has to be done with 64-bit load, shift, - * and, or and finally 64-bit store. Peaking data and operating - * at natural word size made it possible to reduce amount of - * instructions as well as to perform early read-ahead without - * suffering from RAW (read-after-write) hazard. This resulted - * in ~40%(**) performance improvement on 21064 box with gcc. - * But it's not only Alpha users who win here:-) Thanks to the - * early-n-wide read-ahead this implementation also exhibits - * >40% speed-up on SPARC and 20-30% on 64-bit MIPS (depending - * on sizeof(RC4_INT)). - * - * (*) "this" means code which recognizes the case when input - * and output pointers appear to be aligned at natural CPU - * word boundary - * (**) i.e. according to 'apps/openssl speed rc4' benchmark, - * crypto/rc4/rc4speed.c exhibits almost 70% speed-up... - * - * Cavets. - * - * - RC4_CHUNK="unsigned long long" should be a #1 choice for - * UltraSPARC. Unfortunately gcc generates very slow code - * (2.5-3 times slower than one generated by Sun's WorkShop - * C) and therefore gcc (at least 2.95 and earlier) should - * always be told that RC4_CHUNK="unsigned long". - * - * */ - #define RC4_STEP \ (x = (x + 1) & 0xff, tx = d[x], y = (tx + y) & 0xff, ty = d[y], d[y] = tx, \ d[x] = ty, (RC4_CHUNK)d[(tx + ty) & 0xff]) @@ -255,7 +223,6 @@ void RC4(RC4_KEY *key, size_t len, const uint8_t *in, uint8_t *out) { return; } } -#endif #define LOOP(in, out) \ x = ((x + 1) & 0xff); \ tx = d[x]; \ @@ -285,34 +252,42 @@ void RC4(RC4_KEY *key, size_t len, const uint8_t *in, uint8_t *out) { in += 8; out += 8; #endif - if (--i == 0) + if (--i == 0) { break; + } } } i = len & 0x07; if (i) { for (;;) { RC4_LOOP(in, out, 0); - if (--i == 0) + if (--i == 0) { break; + } RC4_LOOP(in, out, 1); - if (--i == 0) + if (--i == 0) { break; + } RC4_LOOP(in, out, 2); - if (--i == 0) + if (--i == 0) { break; + } RC4_LOOP(in, out, 3); - if (--i == 0) + if (--i == 0) { break; + } RC4_LOOP(in, out, 4); - if (--i == 0) + if (--i == 0) { break; + } RC4_LOOP(in, out, 5); - if (--i == 0) + if (--i == 0) { break; + } RC4_LOOP(in, out, 6); - if (--i == 0) + if (--i == 0) { break; + } } } key->x = x; @@ -320,9 +295,9 @@ void RC4(RC4_KEY *key, size_t len, const uint8_t *in, uint8_t *out) { } void RC4_set_key(RC4_KEY *rc4key, unsigned len, const uint8_t *key) { - register RC4_INT tmp; - register int id1, id2; - register RC4_INT *d; + uint32_t tmp; + int id1, id2; + uint32_t *d; unsigned int i; d = &rc4key->data[0]; diff --git a/src/crypto/rsa/CMakeLists.txt b/src/crypto/rsa/CMakeLists.txt index b3d8fa4..c438e1d 100644 --- a/src/crypto/rsa/CMakeLists.txt +++ b/src/crypto/rsa/CMakeLists.txt @@ -10,7 +10,6 @@ add_library( blinding.c padding.c rsa_asn1.c - rsa_error.c ) add_executable( diff --git a/src/crypto/rsa/blinding.c b/src/crypto/rsa/blinding.c index 06f87a7..245142b 100644 --- a/src/crypto/rsa/blinding.c +++ b/src/crypto/rsa/blinding.c @@ -113,6 +113,7 @@ #include #include #include +#include #include "internal.h" @@ -124,7 +125,6 @@ struct bn_blinding_st { BIGNUM *Ai; BIGNUM *e; BIGNUM *mod; /* just a reference */ - CRYPTO_THREADID tid; int counter; unsigned long flags; BN_MONT_CTX *m_ctx; @@ -167,13 +167,10 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) { * to indicate that this is never-used fresh blinding * that does not need updating before first use. */ ret->counter = -1; - CRYPTO_THREADID_current(&ret->tid); return ret; err: - if (ret != NULL) { - BN_BLINDING_free(ret); - } + BN_BLINDING_free(ret); return NULL; } @@ -182,14 +179,10 @@ void BN_BLINDING_free(BN_BLINDING *r) { return; } - if (r->A != NULL) - BN_free(r->A); - if (r->Ai != NULL) - BN_free(r->Ai); - if (r->e != NULL) - BN_free(r->e); - if (r->mod != NULL) - BN_free(r->mod); + BN_free(r->A); + BN_free(r->Ai); + BN_free(r->e); + BN_free(r->mod); OPENSSL_free(r); } @@ -282,8 +275,6 @@ int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, return ret; } -CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *b) { return &b->tid; } - unsigned long BN_BLINDING_get_flags(const BN_BLINDING *b) { return b->flags; } void BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags) { @@ -316,9 +307,7 @@ BN_BLINDING *BN_BLINDING_create_param( } if (e != NULL) { - if (ret->e != NULL) { - BN_free(ret->e); - } + BN_free(ret->e); ret->e = BN_dup(e); } if (ret->e == NULL) { @@ -367,7 +356,7 @@ BN_BLINDING *BN_BLINDING_create_param( return ret; err: - if (b == NULL && ret != NULL) { + if (b == NULL) { BN_BLINDING_free(ret); ret = NULL; } @@ -413,6 +402,7 @@ BN_BLINDING *rsa_setup_blinding(RSA *rsa, BN_CTX *in_ctx) { BIGNUM *e, *n; BN_CTX *ctx; BN_BLINDING *ret = NULL; + BN_MONT_CTX *mont_ctx = NULL; if (in_ctx == NULL) { ctx = BN_CTX_new(); @@ -444,19 +434,19 @@ BN_BLINDING *rsa_setup_blinding(RSA *rsa, BN_CTX *in_ctx) { BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME); if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) { - if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, - ctx)) { + mont_ctx = + BN_MONT_CTX_set_locked(&rsa->_method_mod_n, &rsa->lock, rsa->n, ctx); + if (mont_ctx == NULL) { goto err; } } ret = BN_BLINDING_create_param(NULL, e, n, ctx, rsa->meth->bn_mod_exp, - rsa->_method_mod_n); + mont_ctx); if (ret == NULL) { OPENSSL_PUT_ERROR(RSA, rsa_setup_blinding, ERR_R_BN_LIB); goto err; } - CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret)); err: BN_CTX_end(ctx); diff --git a/src/crypto/rsa/internal.h b/src/crypto/rsa/internal.h index 3dd4f04..d15f2a5 100644 --- a/src/crypto/rsa/internal.h +++ b/src/crypto/rsa/internal.h @@ -60,7 +60,7 @@ #include #include -#include + #if defined(__cplusplus) extern "C" { @@ -81,7 +81,6 @@ int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *); int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *); -CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *); unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); BN_BLINDING *BN_BLINDING_create_param( diff --git a/src/crypto/rsa/padding.c b/src/crypto/rsa/padding.c index 66fdf13..0a725f1 100644 --- a/src/crypto/rsa/padding.c +++ b/src/crypto/rsa/padding.c @@ -443,9 +443,7 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(uint8_t *to, unsigned tlen, ret = 1; out: - if (dbmask != NULL) { - OPENSSL_free(dbmask); - } + OPENSSL_free(dbmask); return ret; } @@ -544,9 +542,7 @@ decoding_err: OPENSSL_PUT_ERROR(RSA, RSA_padding_check_PKCS1_OAEP_mgf1, RSA_R_OAEP_DECODING_ERROR); err: - if (db != NULL) { - OPENSSL_free(db); - } + OPENSSL_free(db); return -1; } @@ -620,8 +616,9 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const uint8_t *mHash, if (MSBits) { DB[0] &= 0xFF >> (8 - MSBits); } - for (i = 0; DB[i] == 0 && i < (maskedDBLen - 1); i++) + for (i = 0; DB[i] == 0 && i < (maskedDBLen - 1); i++) { ; + } if (DB[i++] != 0x1) { OPENSSL_PUT_ERROR(RSA, RSA_verify_PKCS1_PSS_mgf1, RSA_R_SLEN_RECOVERY_FAILED); @@ -652,9 +649,7 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const uint8_t *mHash, } err: - if (DB) { - OPENSSL_free(DB); - } + OPENSSL_free(DB); EVP_MD_CTX_cleanup(&ctx); return ret; @@ -771,9 +766,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, ret = 1; err: - if (salt) { - OPENSSL_free(salt); - } + OPENSSL_free(salt); return ret; } diff --git a/src/crypto/rsa/rsa.c b/src/crypto/rsa/rsa.c index 66002cc..5cc48ed 100644 --- a/src/crypto/rsa/rsa.c +++ b/src/crypto/rsa/rsa.c @@ -64,12 +64,16 @@ #include #include #include +#include #include "internal.h" +#include "../internal.h" extern const RSA_METHOD RSA_default_method; +static CRYPTO_EX_DATA_CLASS g_ex_data_class = CRYPTO_EX_DATA_CLASS_INIT; + RSA *RSA_new(void) { return RSA_new_method(NULL); } RSA *RSA_new_method(const ENGINE *engine) { @@ -92,15 +96,16 @@ RSA *RSA_new_method(const ENGINE *engine) { rsa->references = 1; rsa->flags = rsa->meth->flags; + CRYPTO_MUTEX_init(&rsa->lock); - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, rsa, &rsa->ex_data)) { + if (!CRYPTO_new_ex_data(&g_ex_data_class, rsa, &rsa->ex_data)) { METHOD_unref(rsa->meth); OPENSSL_free(rsa); return NULL; } if (rsa->meth->init && !rsa->meth->init(rsa)) { - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, rsa, &rsa->ex_data); + CRYPTO_free_ex_data(&g_ex_data_class, rsa, &rsa->ex_data); METHOD_unref(rsa->meth); OPENSSL_free(rsa); return NULL; @@ -125,31 +130,22 @@ void RSA_free(RSA *rsa) { } METHOD_unref(rsa->meth); - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, rsa, &rsa->ex_data); - - if (rsa->n != NULL) - BN_clear_free(rsa->n); - if (rsa->e != NULL) - BN_clear_free(rsa->e); - if (rsa->d != NULL) - BN_clear_free(rsa->d); - if (rsa->p != NULL) - BN_clear_free(rsa->p); - if (rsa->q != NULL) - BN_clear_free(rsa->q); - if (rsa->dmp1 != NULL) - BN_clear_free(rsa->dmp1); - if (rsa->dmq1 != NULL) - BN_clear_free(rsa->dmq1); - if (rsa->iqmp != NULL) - BN_clear_free(rsa->iqmp); + CRYPTO_free_ex_data(&g_ex_data_class, rsa, &rsa->ex_data); + + BN_clear_free(rsa->n); + BN_clear_free(rsa->e); + BN_clear_free(rsa->d); + BN_clear_free(rsa->p); + BN_clear_free(rsa->q); + BN_clear_free(rsa->dmp1); + BN_clear_free(rsa->dmq1); + BN_clear_free(rsa->iqmp); for (u = 0; u < rsa->num_blindings; u++) { BN_BLINDING_free(rsa->blindings[u]); } - if (rsa->blindings != NULL) - OPENSSL_free(rsa->blindings); - if (rsa->blindings_inuse != NULL) - OPENSSL_free(rsa->blindings_inuse); + OPENSSL_free(rsa->blindings); + OPENSSL_free(rsa->blindings_inuse); + CRYPTO_MUTEX_cleanup(&rsa->lock); OPENSSL_free(rsa); } @@ -271,8 +267,12 @@ int RSA_supports_digest(const RSA *rsa, const EVP_MD *md) { int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp, new_func, - dup_func, free_func); + int index; + if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp, new_func, + dup_func, free_func)) { + return -1; + } + return index; } int RSA_set_ex_data(RSA *d, int idx, void *arg) { @@ -338,12 +338,6 @@ static const struct pkcs1_sig_prefix kPKCS1SigPrefixes[] = { 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40}, }, { - NID_ripemd160, - 14, - {0x30, 0x20, 0x30, 0x08, 0x06, 0x06, 0x28, 0xcf, 0x06, 0x03, 0x00, 0x31, - 0x04, 0x14}, - }, - { NID_undef, 0, {0}, }, }; @@ -357,15 +351,11 @@ static int pkcs1_prefixed_msg(uint8_t **out_msg, size_t *out_msg_len, int *is_alloced, int hash_nid, const uint8_t *msg, size_t msg_len) { unsigned i; - const uint8_t* prefix = NULL; - unsigned prefix_len; - uint8_t *signed_msg; - unsigned signed_msg_len; if (hash_nid == NID_md5_sha1) { /* Special case: SSL signature, just check the length. */ if (msg_len != SSL_SIG_LENGTH) { - OPENSSL_PUT_ERROR(RSA, RSA_sign, RSA_R_INVALID_MESSAGE_LENGTH); + OPENSSL_PUT_ERROR(RSA, pkcs1_prefixed_msg, RSA_R_INVALID_MESSAGE_LENGTH); return 0; } @@ -377,38 +367,39 @@ static int pkcs1_prefixed_msg(uint8_t **out_msg, size_t *out_msg_len, for (i = 0; kPKCS1SigPrefixes[i].nid != NID_undef; i++) { const struct pkcs1_sig_prefix *sig_prefix = &kPKCS1SigPrefixes[i]; - if (sig_prefix->nid == hash_nid) { - prefix = sig_prefix->bytes; - prefix_len = sig_prefix->len; - break; + if (sig_prefix->nid != hash_nid) { + continue; } - } - if (prefix == NULL) { - OPENSSL_PUT_ERROR(RSA, RSA_sign, RSA_R_UNKNOWN_ALGORITHM_TYPE); - return 0; - } + const uint8_t* prefix = sig_prefix->bytes; + unsigned prefix_len = sig_prefix->len; + unsigned signed_msg_len; + uint8_t *signed_msg; - signed_msg_len = prefix_len + msg_len; - if (signed_msg_len < prefix_len) { - OPENSSL_PUT_ERROR(RSA, RSA_sign, RSA_R_TOO_LONG); - return 0; - } + signed_msg_len = prefix_len + msg_len; + if (signed_msg_len < prefix_len) { + OPENSSL_PUT_ERROR(RSA, pkcs1_prefixed_msg, RSA_R_TOO_LONG); + return 0; + } - signed_msg = OPENSSL_malloc(signed_msg_len); - if (!signed_msg) { - OPENSSL_PUT_ERROR(RSA, RSA_sign, ERR_R_MALLOC_FAILURE); - return 0; - } + signed_msg = OPENSSL_malloc(signed_msg_len); + if (!signed_msg) { + OPENSSL_PUT_ERROR(RSA, pkcs1_prefixed_msg, ERR_R_MALLOC_FAILURE); + return 0; + } - memcpy(signed_msg, prefix, prefix_len); - memcpy(signed_msg + prefix_len, msg, msg_len); + memcpy(signed_msg, prefix, prefix_len); + memcpy(signed_msg + prefix_len, msg, msg_len); - *out_msg = signed_msg; - *out_msg_len = signed_msg_len; - *is_alloced = 1; + *out_msg = signed_msg; + *out_msg_len = signed_msg_len; + *is_alloced = 1; - return 1; + return 1; + } + + OPENSSL_PUT_ERROR(RSA, pkcs1_prefixed_msg, RSA_R_UNKNOWN_ALGORITHM_TYPE); + return 0; } int RSA_sign(int hash_nid, const uint8_t *in, unsigned in_len, uint8_t *out, @@ -495,9 +486,7 @@ int RSA_verify(int hash_nid, const uint8_t *msg, size_t msg_len, ret = 1; out: - if (buf != NULL) { - OPENSSL_free(buf); - } + OPENSSL_free(buf); if (signed_msg_is_alloced) { OPENSSL_free(signed_msg); } @@ -505,10 +494,6 @@ out: } static void bn_free_and_null(BIGNUM **bn) { - if (*bn == NULL) { - return; - } - BN_free(*bn); *bn = NULL; } diff --git a/src/crypto/rsa/rsa_error.c b/src/crypto/rsa/rsa_error.c deleted file mode 100644 index 3c8ebe4..0000000 --- a/src/crypto/rsa/rsa_error.c +++ /dev/null @@ -1,95 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#include - -#include - -const ERR_STRING_DATA RSA_error_string_data[] = { - {ERR_PACK(ERR_LIB_RSA, RSA_F_BN_BLINDING_convert_ex, 0), "BN_BLINDING_convert_ex"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_BN_BLINDING_create_param, 0), "BN_BLINDING_create_param"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_BN_BLINDING_invert_ex, 0), "BN_BLINDING_invert_ex"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_BN_BLINDING_new, 0), "BN_BLINDING_new"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_BN_BLINDING_update, 0), "BN_BLINDING_update"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_check_key, 0), "RSA_check_key"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_new_method, 0), "RSA_new_method"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_padding_add_PKCS1_OAEP_mgf1, 0), "RSA_padding_add_PKCS1_OAEP_mgf1"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_padding_add_PKCS1_PSS_mgf1, 0), "RSA_padding_add_PKCS1_PSS_mgf1"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_padding_add_PKCS1_type_1, 0), "RSA_padding_add_PKCS1_type_1"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_padding_add_PKCS1_type_2, 0), "RSA_padding_add_PKCS1_type_2"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_padding_add_SSLv23, 0), "RSA_padding_add_SSLv23"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_padding_add_none, 0), "RSA_padding_add_none"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_padding_check_PKCS1_OAEP_mgf1, 0), "RSA_padding_check_PKCS1_OAEP_mgf1"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_padding_check_PKCS1_type_1, 0), "RSA_padding_check_PKCS1_type_1"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_padding_check_PKCS1_type_2, 0), "RSA_padding_check_PKCS1_type_2"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_padding_check_SSLv23, 0), "RSA_padding_check_SSLv23"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_padding_check_none, 0), "RSA_padding_check_none"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_recover_crt_params, 0), "RSA_recover_crt_params"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_sign, 0), "RSA_sign"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_verify, 0), "RSA_verify"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_verify_PKCS1_PSS_mgf1, 0), "RSA_verify_PKCS1_PSS_mgf1"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_decrypt, 0), "decrypt"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_encrypt, 0), "encrypt"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_keygen, 0), "keygen"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_pkcs1_prefixed_msg, 0), "pkcs1_prefixed_msg"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_private_transform, 0), "private_transform"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_rsa_setup_blinding, 0), "rsa_setup_blinding"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_sign_raw, 0), "sign_raw"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_verify_raw, 0), "verify_raw"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_E_VALUE), "BAD_E_VALUE"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_FIXED_HEADER_DECRYPT), "BAD_FIXED_HEADER_DECRYPT"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_PAD_BYTE_COUNT), "BAD_PAD_BYTE_COUNT"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_RSA_PARAMETERS), "BAD_RSA_PARAMETERS"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_SIGNATURE), "BAD_SIGNATURE"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BLOCK_TYPE_IS_NOT_01), "BLOCK_TYPE_IS_NOT_01"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BLOCK_TYPE_IS_NOT_02), "BLOCK_TYPE_IS_NOT_02"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BN_NOT_INITIALIZED), "BN_NOT_INITIALIZED"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_CRT_PARAMS_ALREADY_GIVEN), "CRT_PARAMS_ALREADY_GIVEN"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_CRT_VALUES_INCORRECT), "CRT_VALUES_INCORRECT"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_LEN_NOT_EQUAL_TO_MOD_LEN), "DATA_LEN_NOT_EQUAL_TO_MOD_LEN"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_LARGE), "DATA_TOO_LARGE"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE), "DATA_TOO_LARGE_FOR_KEY_SIZE"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_LARGE_FOR_MODULUS), "DATA_TOO_LARGE_FOR_MODULUS"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_SMALL), "DATA_TOO_SMALL"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE), "DATA_TOO_SMALL_FOR_KEY_SIZE"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY), "DIGEST_TOO_BIG_FOR_RSA_KEY"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_D_E_NOT_CONGRUENT_TO_1), "D_E_NOT_CONGRUENT_TO_1"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_EMPTY_PUBLIC_KEY), "EMPTY_PUBLIC_KEY"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_FIRST_OCTET_INVALID), "FIRST_OCTET_INVALID"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INCONSISTENT_SET_OF_CRT_VALUES), "INCONSISTENT_SET_OF_CRT_VALUES"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INTERNAL_ERROR), "INTERNAL_ERROR"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_MESSAGE_LENGTH), "INVALID_MESSAGE_LENGTH"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_KEY_SIZE_TOO_SMALL), "KEY_SIZE_TOO_SMALL"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_LAST_OCTET_INVALID), "LAST_OCTET_INVALID"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MODULUS_TOO_LARGE), "MODULUS_TOO_LARGE"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NO_PUBLIC_EXPONENT), "NO_PUBLIC_EXPONENT"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NULL_BEFORE_BLOCK_MISSING), "NULL_BEFORE_BLOCK_MISSING"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_N_NOT_EQUAL_P_Q), "N_NOT_EQUAL_P_Q"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OAEP_DECODING_ERROR), "OAEP_DECODING_ERROR"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_ONLY_ONE_OF_P_Q_GIVEN), "ONLY_ONE_OF_P_Q_GIVEN"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OUTPUT_BUFFER_TOO_SMALL), "OUTPUT_BUFFER_TOO_SMALL"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PADDING_CHECK_FAILED), "PADDING_CHECK_FAILED"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PKCS_DECODING_ERROR), "PKCS_DECODING_ERROR"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_SLEN_CHECK_FAILED), "SLEN_CHECK_FAILED"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_SLEN_RECOVERY_FAILED), "SLEN_RECOVERY_FAILED"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_SSLV3_ROLLBACK_ATTACK), "SSLV3_ROLLBACK_ATTACK"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD), "THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_TOO_LONG), "TOO_LONG"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_TOO_MANY_ITERATIONS), "TOO_MANY_ITERATIONS"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNKNOWN_ALGORITHM_TYPE), "UNKNOWN_ALGORITHM_TYPE"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNKNOWN_PADDING_TYPE), "UNKNOWN_PADDING_TYPE"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_VALUE_MISSING), "VALUE_MISSING"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_WRONG_SIGNATURE_LENGTH), "WRONG_SIGNATURE_LENGTH"}, - {0, NULL}, -}; diff --git a/src/crypto/rsa/rsa_impl.c b/src/crypto/rsa/rsa_impl.c index d950d50..e14f0f5 100644 --- a/src/crypto/rsa/rsa_impl.c +++ b/src/crypto/rsa/rsa_impl.c @@ -61,8 +61,10 @@ #include #include #include +#include #include "internal.h" +#include "../internal.h" #define OPENSSL_RSA_MAX_MODULUS_BITS 16384 @@ -72,15 +74,9 @@ static int finish(RSA *rsa) { - if (rsa->_method_mod_n != NULL) { - BN_MONT_CTX_free(rsa->_method_mod_n); - } - if (rsa->_method_mod_p != NULL) { - BN_MONT_CTX_free(rsa->_method_mod_p); - } - if (rsa->_method_mod_q != NULL) { - BN_MONT_CTX_free(rsa->_method_mod_q); - } + BN_MONT_CTX_free(rsa->_method_mod_n); + BN_MONT_CTX_free(rsa->_method_mod_p); + BN_MONT_CTX_free(rsa->_method_mod_q); return 1; } @@ -165,13 +161,14 @@ static int encrypt(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, } if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) { - if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, - ctx)) { + if (BN_MONT_CTX_set_locked(&rsa->_method_mod_n, &rsa->lock, rsa->n, ctx) == + NULL) { goto err; } } - if (!rsa->meth->bn_mod_exp(result, f, rsa->e, rsa->n, ctx, rsa->_method_mod_n)) { + if (!rsa->meth->bn_mod_exp(result, f, rsa->e, rsa->n, ctx, + rsa->_method_mod_n)) { goto err; } @@ -217,37 +214,20 @@ static BN_BLINDING *rsa_blinding_get(RSA *rsa, unsigned *index_used, uint8_t *new_blindings_inuse; char overflow = 0; - CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING); - if (rsa->num_blindings > 0) { - unsigned i, starting_index; - CRYPTO_THREADID threadid; - - /* We start searching the array at a value based on the - * threadid in order to try avoid bouncing the BN_BLINDING - * values around different threads. It's harmless if - * threadid.val is always set to zero. */ - CRYPTO_THREADID_current(&threadid); - starting_index = threadid.val % rsa->num_blindings; - - for (i = starting_index;;) { - if (rsa->blindings_inuse[i] == 0) { - rsa->blindings_inuse[i] = 1; - ret = rsa->blindings[i]; - *index_used = i; - break; - } - i++; - if (i == rsa->num_blindings) { - i = 0; - } - if (i == starting_index) { - break; - } + CRYPTO_MUTEX_lock_write(&rsa->lock); + + unsigned i; + for (i = 0; i < rsa->num_blindings; i++) { + if (rsa->blindings_inuse[i] == 0) { + rsa->blindings_inuse[i] = 1; + ret = rsa->blindings[i]; + *index_used = i; + break; } } if (ret != NULL) { - CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING); + CRYPTO_MUTEX_unlock(&rsa->lock); return ret; } @@ -256,7 +236,7 @@ static BN_BLINDING *rsa_blinding_get(RSA *rsa, unsigned *index_used, /* We didn't find a free BN_BLINDING to use so increase the length of * the arrays by one and use the newly created element. */ - CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING); + CRYPTO_MUTEX_unlock(&rsa->lock); ret = rsa_setup_blinding(rsa, ctx); if (ret == NULL) { return NULL; @@ -269,7 +249,7 @@ static BN_BLINDING *rsa_blinding_get(RSA *rsa, unsigned *index_used, return ret; } - CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING); + CRYPTO_MUTEX_lock_write(&rsa->lock); new_blindings = OPENSSL_malloc(sizeof(BN_BLINDING *) * (rsa->num_blindings + 1)); @@ -288,24 +268,20 @@ static BN_BLINDING *rsa_blinding_get(RSA *rsa, unsigned *index_used, new_blindings_inuse[rsa->num_blindings] = 1; *index_used = rsa->num_blindings; - if (rsa->blindings != NULL) { - OPENSSL_free(rsa->blindings); - } + OPENSSL_free(rsa->blindings); rsa->blindings = new_blindings; - if (rsa->blindings_inuse != NULL) { - OPENSSL_free(rsa->blindings_inuse); - } + OPENSSL_free(rsa->blindings_inuse); rsa->blindings_inuse = new_blindings_inuse; rsa->num_blindings++; - CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING); + CRYPTO_MUTEX_unlock(&rsa->lock); return ret; err2: OPENSSL_free(new_blindings); err1: - CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING); + CRYPTO_MUTEX_unlock(&rsa->lock); BN_BLINDING_free(ret); return NULL; } @@ -320,9 +296,9 @@ static void rsa_blinding_release(RSA *rsa, BN_BLINDING *blinding, return; } - CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING); + CRYPTO_MUTEX_lock_write(&rsa->lock); rsa->blindings_inuse[blinding_index] = 0; - CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING); + CRYPTO_MUTEX_unlock(&rsa->lock); } /* signing */ @@ -360,8 +336,7 @@ static int sign_raw(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, } if (!RSA_private_transform(rsa, out, buf, rsa_size)) { - OPENSSL_PUT_ERROR(RSA, sign_raw, ERR_R_INTERNAL_ERROR); - goto err; + goto err; } *out_len = rsa_size; @@ -400,7 +375,6 @@ static int decrypt(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, } if (!RSA_private_transform(rsa, buf, in, rsa_size)) { - OPENSSL_PUT_ERROR(RSA, decrypt, ERR_R_INTERNAL_ERROR); goto err; } @@ -497,8 +471,8 @@ static int verify_raw(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, } if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) { - if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, - ctx)) { + if (BN_MONT_CTX_set_locked(&rsa->_method_mod_n, &rsa->lock, rsa->n, ctx) == + NULL) { goto err; } } @@ -601,8 +575,8 @@ static int private_transform(RSA *rsa, uint8_t *out, const uint8_t *in, BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) { - if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, - ctx)) { + if (BN_MONT_CTX_set_locked(&rsa->_method_mod_n, &rsa->lock, rsa->n, + ctx) == NULL) { goto err; } } @@ -663,18 +637,20 @@ static int mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME); if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) { - if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx)) { + if (BN_MONT_CTX_set_locked(&rsa->_method_mod_p, &rsa->lock, p, ctx) == + NULL) { goto err; } - if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx)) { + if (BN_MONT_CTX_set_locked(&rsa->_method_mod_q, &rsa->lock, q, ctx) == + NULL) { goto err; } } } if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) { - if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, - ctx)) { + if (BN_MONT_CTX_set_locked(&rsa->_method_mod_n, &rsa->lock, rsa->n, ctx) == + NULL) { goto err; } } @@ -814,65 +790,79 @@ static int keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) { bitsq = bits - bitsp; /* We need the RSA components non-NULL */ - if (!rsa->n && ((rsa->n = BN_new()) == NULL)) + if (!rsa->n && ((rsa->n = BN_new()) == NULL)) { goto err; - if (!rsa->d && ((rsa->d = BN_new()) == NULL)) + } + if (!rsa->d && ((rsa->d = BN_new()) == NULL)) { goto err; - if (!rsa->e && ((rsa->e = BN_new()) == NULL)) + } + if (!rsa->e && ((rsa->e = BN_new()) == NULL)) { goto err; - if (!rsa->p && ((rsa->p = BN_new()) == NULL)) + } + if (!rsa->p && ((rsa->p = BN_new()) == NULL)) { goto err; - if (!rsa->q && ((rsa->q = BN_new()) == NULL)) + } + if (!rsa->q && ((rsa->q = BN_new()) == NULL)) { goto err; - if (!rsa->dmp1 && ((rsa->dmp1 = BN_new()) == NULL)) + } + if (!rsa->dmp1 && ((rsa->dmp1 = BN_new()) == NULL)) { goto err; - if (!rsa->dmq1 && ((rsa->dmq1 = BN_new()) == NULL)) + } + if (!rsa->dmq1 && ((rsa->dmq1 = BN_new()) == NULL)) { goto err; - if (!rsa->iqmp && ((rsa->iqmp = BN_new()) == NULL)) + } + if (!rsa->iqmp && ((rsa->iqmp = BN_new()) == NULL)) { goto err; + } BN_copy(rsa->e, e_value); /* generate p and q */ for (;;) { - if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb)) - goto err; - if (!BN_sub(r2, rsa->p, BN_value_one())) - goto err; - if (!BN_gcd(r1, r2, rsa->e, ctx)) + if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb) || + !BN_sub(r2, rsa->p, BN_value_one()) || + !BN_gcd(r1, r2, rsa->e, ctx)) { goto err; - if (BN_is_one(r1)) + } + if (BN_is_one(r1)) { break; - if (!BN_GENCB_call(cb, 2, n++)) + } + if (!BN_GENCB_call(cb, 2, n++)) { goto err; + } } - if (!BN_GENCB_call(cb, 3, 0)) + if (!BN_GENCB_call(cb, 3, 0)) { goto err; + } for (;;) { /* When generating ridiculously small keys, we can get stuck * continually regenerating the same prime values. Check for * this and bail if it happens 3 times. */ unsigned int degenerate = 0; do { - if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb)) + if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb)) { goto err; + } } while ((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3)); if (degenerate == 3) { ok = 0; /* we set our own err */ OPENSSL_PUT_ERROR(RSA, keygen, RSA_R_KEY_SIZE_TOO_SMALL); goto err; } - if (!BN_sub(r2, rsa->q, BN_value_one())) - goto err; - if (!BN_gcd(r1, r2, rsa->e, ctx)) + if (!BN_sub(r2, rsa->q, BN_value_one()) || + !BN_gcd(r1, r2, rsa->e, ctx)) { goto err; - if (BN_is_one(r1)) + } + if (BN_is_one(r1)) { break; - if (!BN_GENCB_call(cb, 2, n++)) + } + if (!BN_GENCB_call(cb, 2, n++)) { goto err; + } } - if (!BN_GENCB_call(cb, 3, 1)) + if (!BN_GENCB_call(cb, 3, 1)) { goto err; + } if (BN_cmp(rsa->p, rsa->q) < 0) { tmp = rsa->p; rsa->p = rsa->q; @@ -880,39 +870,47 @@ static int keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) { } /* calculate n */ - if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx)) + if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx)) { goto err; + } /* calculate d */ - if (!BN_sub(r1, rsa->p, BN_value_one())) + if (!BN_sub(r1, rsa->p, BN_value_one())) { goto err; /* p-1 */ - if (!BN_sub(r2, rsa->q, BN_value_one())) + } + if (!BN_sub(r2, rsa->q, BN_value_one())) { goto err; /* q-1 */ - if (!BN_mul(r0, r1, r2, ctx)) + } + if (!BN_mul(r0, r1, r2, ctx)) { goto err; /* (p-1)(q-1) */ + } pr0 = &local_r0; BN_with_flags(pr0, r0, BN_FLG_CONSTTIME); - if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx)) + if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx)) { goto err; /* d */ + } /* set up d for correct BN_FLG_CONSTTIME flag */ d = &local_d; BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); /* calculate d mod (p-1) */ - if (!BN_mod(rsa->dmp1, d, r1, ctx)) + if (!BN_mod(rsa->dmp1, d, r1, ctx)) { goto err; + } /* calculate d mod (q-1) */ - if (!BN_mod(rsa->dmq1, d, r2, ctx)) + if (!BN_mod(rsa->dmq1, d, r2, ctx)) { goto err; + } /* calculate inverse of q mod p */ p = &local_p; BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); - if (!BN_mod_inverse(rsa->iqmp, rsa->q, p, ctx)) + if (!BN_mod_inverse(rsa->iqmp, rsa->q, p, ctx)) { goto err; + } ok = 1; diff --git a/src/crypto/rsa/rsa_test.c b/src/crypto/rsa/rsa_test.c index 75489e0..318cf3f 100644 --- a/src/crypto/rsa/rsa_test.c +++ b/src/crypto/rsa/rsa_test.c @@ -56,9 +56,9 @@ #include +#include #include -#include #include #include #include @@ -249,13 +249,13 @@ static int test_bad_key(void) { if (!RSA_generate_key_ex(key, 512, &e, NULL)) { fprintf(stderr, "RSA_generate_key_ex failed.\n"); - BIO_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); return 0; } if (!BN_add(key->p, key->p, BN_value_one())) { fprintf(stderr, "BN error.\n"); - BIO_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); return 0; } @@ -292,19 +292,21 @@ static int test_only_d_given(void) { if (!RSA_check_key(key)) { fprintf(stderr, "RSA_check_key failed with only d given.\n"); - BIO_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); goto err; } - if (!RSA_sign(NID_md5, kDummyHash, sizeof(kDummyHash), buf, &buf_len, key)) { + if (!RSA_sign(NID_sha256, kDummyHash, sizeof(kDummyHash), buf, &buf_len, + key)) { fprintf(stderr, "RSA_sign failed with only d given.\n"); - BIO_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); goto err; } - if (!RSA_verify(NID_md5, kDummyHash, sizeof(kDummyHash), buf, buf_len, key)) { + if (!RSA_verify(NID_sha256, kDummyHash, sizeof(kDummyHash), buf, buf_len, + key)) { fprintf(stderr, "RSA_verify failed with only d given.\n"); - BIO_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); goto err; } @@ -331,13 +333,13 @@ static int test_recover_crt_params(void) { key1 = RSA_new(); if (!RSA_generate_key_ex(key1, 512, e, NULL)) { fprintf(stderr, "RSA_generate_key_ex failed.\n"); - BIO_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); return 0; } if (!RSA_check_key(key1)) { fprintf(stderr, "RSA_check_key failed with original key.\n"); - BIO_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); return 0; } @@ -349,7 +351,7 @@ static int test_recover_crt_params(void) { if (!RSA_recover_crt_params(key2)) { fprintf(stderr, "RSA_recover_crt_params failed.\n"); - BIO_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); return 0; } @@ -359,21 +361,21 @@ static int test_recover_crt_params(void) { if (!RSA_check_key(key2)) { fprintf(stderr, "RSA_check_key failed with recovered key.\n"); - BIO_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); return 0; } - if (!RSA_sign(NID_md5, kDummyHash, sizeof(kDummyHash), buf, &buf_len, + if (!RSA_sign(NID_sha256, kDummyHash, sizeof(kDummyHash), buf, &buf_len, key2)) { fprintf(stderr, "RSA_sign failed with recovered key.\n"); - BIO_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); return 0; } - if (!RSA_verify(NID_md5, kDummyHash, sizeof(kDummyHash), buf, buf_len, + if (!RSA_verify(NID_sha256, kDummyHash, sizeof(kDummyHash), buf, buf_len, key2)) { fprintf(stderr, "RSA_verify failed with recovered key.\n"); - BIO_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); return 0; } @@ -478,8 +480,9 @@ int main(int argc, char *argv[]) { int b; unsigned char saved = ctext[n]; for (b = 0; b < 256; ++b) { - if (b == saved) + if (b == saved) { continue; + } ctext[n] = b; num = RSA_private_decrypt(num, ctext, ptext, key, RSA_PKCS1_OAEP_PADDING); diff --git a/src/crypto/sha/asm/sha1-586.pl b/src/crypto/sha/asm/sha1-586.pl index 8377299..4895eb3 100644 --- a/src/crypto/sha/asm/sha1-586.pl +++ b/src/crypto/sha/asm/sha1-586.pl @@ -450,7 +450,7 @@ sub sha1msg2 { sha1op38(0xca,@_); } &sub ("esp",32); &movdqu ($ABCD,&QWP(0,$ctx)); - &movd ($E,&QWP(16,$ctx)); + &movd ($E,&DWP(16,$ctx)); &and ("esp",-32); &movdqa ($BSWAP,&QWP(0x50,$tmp1)); # byte-n-word swap diff --git a/src/crypto/sha/asm/sha1-armv4-large.pl b/src/crypto/sha/asm/sha1-armv4-large.pl index 1ffa041..a20d336 100644 --- a/src/crypto/sha/asm/sha1-armv4-large.pl +++ b/src/crypto/sha/asm/sha1-armv4-large.pl @@ -60,14 +60,28 @@ # is ~2.5x larger and there are some redundant instructions executed # when processing last block, improvement is not as big for smallest # blocks, only ~30%. Snapdragon S4 is a tad faster, 6.4 cycles per -# byte, which is also >80% faster than integer-only code. +# byte, which is also >80% faster than integer-only code. Cortex-A15 +# is even faster spending 5.6 cycles per byte outperforming integer- +# only code by factor of 2. # May 2014. # # Add ARMv8 code path performing at 2.35 cpb on Apple A7. -while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} -open STDOUT,">$output"; +$flavour = shift; +if ($flavour=~/^\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; } +else { while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} } + +if ($flavour && $flavour ne "void") { + $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; + ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or + ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or + die "can't locate arm-xlate.pl"; + + open STDOUT,"| \"$^X\" $xlate $flavour $output"; +} else { + open STDOUT,">$output"; +} $ctx="r0"; $inp="r1"; @@ -178,6 +192,9 @@ sha1_block_data_order: sub r3,pc,#8 @ sha1_block_data_order ldr r12,.LOPENSSL_armcap ldr r12,[r3,r12] @ OPENSSL_armcap_P +#ifdef __APPLE__ + ldr r12,[r12] +#endif tst r12,#ARMV8_SHA1 bne .LARMv8 tst r12,#ARMV7_NEON diff --git a/src/crypto/sha/asm/sha1-armv8.pl b/src/crypto/sha/asm/sha1-armv8.pl index deb1238..a8c08c2 100644 --- a/src/crypto/sha/asm/sha1-armv8.pl +++ b/src/crypto/sha/asm/sha1-armv8.pl @@ -14,13 +14,25 @@ # # hardware-assisted software(*) # Apple A7 2.31 4.13 (+14%) -# Cortex-A53 2.19 8.73 (+108%) +# Cortex-A53 2.24 8.03 (+97%) # Cortex-A57 2.35 7.88 (+74%) +# Denver 2.13 3.97 (+0%)(**) +# X-Gene 8.80 (+200%) # # (*) Software results are presented mostly for reference purposes. +# (**) Keep in mind that Denver relies on binary translation, which +# optimizes compiler output at run-time. $flavour = shift; -open STDOUT,">".shift; +$output = shift; + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or +die "can't locate arm-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; ($ctx,$inp,$num)=("x0","x1","x2"); @Xw=map("w$_",(3..17,19)); @@ -154,6 +166,7 @@ $code.=<<___; .text +.extern OPENSSL_armcap_P .globl sha1_block_data_order .type sha1_block_data_order,%function .align 6 diff --git a/src/crypto/sha/asm/sha256-armv4.pl b/src/crypto/sha/asm/sha256-armv4.pl index 398376e..778c3d9 100644 --- a/src/crypto/sha/asm/sha256-armv4.pl +++ b/src/crypto/sha/asm/sha256-armv4.pl @@ -5,6 +5,8 @@ # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. +# +# Permission to use under GPL terms is granted. # ==================================================================== # SHA256 block procedure for ARMv4. May 2007. @@ -35,8 +37,20 @@ # # Add ARMv8 code path performing at 2.0 cpb on Apple A7. -while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} -open STDOUT,">$output"; +$flavour = shift; +if ($flavour=~/^\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; } +else { while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} } + +if ($flavour && $flavour ne "void") { + $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; + ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or + ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or + die "can't locate arm-xlate.pl"; + + open STDOUT,"| \"$^X\" $xlate $flavour $output"; +} else { + open STDOUT,">$output"; +} $ctx="r0"; $t0="r0"; $inp="r1"; $t4="r1"; @@ -71,7 +85,9 @@ $code.=<<___ if ($i<16); eor $t0,$e,$e,ror#`$Sigma1[1]-$Sigma1[0]` add $a,$a,$t2 @ h+=Maj(a,b,c) from the past eor $t0,$t0,$e,ror#`$Sigma1[2]-$Sigma1[0]` @ Sigma1(e) +# ifndef __ARMEB__ rev $t1,$t1 +# endif #else @ ldrb $t1,[$inp,#3] @ $i add $a,$a,$t2 @ h+=Maj(a,b,c) from the past @@ -151,10 +167,25 @@ ___ } $code=<<___; -#include "arm_arch.h" +#ifndef __KERNEL__ +# include "arm_arch.h" +#else +# define __ARM_ARCH__ __LINUX_ARM_ARCH__ +# define __ARM_MAX_ARCH__ 7 +#endif .text +#if __ARM_ARCH__<7 .code 32 +#else +.syntax unified +# if defined(__thumb2__) && !defined(__APPLE__) +# define adrl adr +.thumb +# else +.code 32 +# endif +#endif .type K256,%object .align 5 @@ -177,25 +208,33 @@ K256: .word 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 .size K256,.-K256 .word 0 @ terminator -#if __ARM_MAX_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) .LOPENSSL_armcap: -.word OPENSSL_armcap_P-sha256_block_data_order +.word OPENSSL_armcap_P-.Lsha256_block_data_order #endif .align 5 .global sha256_block_data_order .type sha256_block_data_order,%function sha256_block_data_order: +.Lsha256_block_data_order: +#if __ARM_ARCH__<7 sub r3,pc,#8 @ sha256_block_data_order - add $len,$inp,$len,lsl#6 @ len to point at the end of inp -#if __ARM_MAX_ARCH__>=7 +#else + adr r3,sha256_block_data_order +#endif +#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) ldr r12,.LOPENSSL_armcap ldr r12,[r3,r12] @ OPENSSL_armcap_P +#ifdef __APPLE__ + ldr r12,[r12] +#endif tst r12,#ARMV8_SHA256 bne .LARMv8 tst r12,#ARMV7_NEON bne .LNEON #endif + add $len,$inp,$len,lsl#6 @ len to point at the end of inp stmdb sp!,{$ctx,$inp,$len,r4-r11,lr} ldmia $ctx,{$A,$B,$C,$D,$E,$F,$G,$H} sub $Ktbl,r3,#256+32 @ K256 @@ -213,6 +252,9 @@ for($i=0;$i<16;$i++) { &BODY_00_15($i,@V); unshift(@V,pop(@V)); } $code.=".Lrounds_16_xx:\n"; for (;$i<32;$i++) { &BODY_16_XX($i,@V); unshift(@V,pop(@V)); } $code.=<<___; +#if __ARM_ARCH__>=7 + ite eq @ Thumb2 thing, sanity check in ARM +#endif ldreq $t3,[sp,#16*4] @ pull ctx bne .Lrounds_16_xx @@ -429,16 +471,19 @@ $code.=<<___; .arch armv7-a .fpu neon +.global sha256_block_data_order_neon .type sha256_block_data_order_neon,%function .align 4 sha256_block_data_order_neon: .LNEON: stmdb sp!,{r4-r12,lr} + sub $H,sp,#16*4+16 + adr $Ktbl,K256 + bic $H,$H,#15 @ align for 128-bit stores mov $t2,sp - sub sp,sp,#16*4+16 @ alloca - sub $Ktbl,r3,#256+32 @ K256 - bic sp,sp,#15 @ align for 128-bit stores + mov sp,$H @ alloca + add $len,$inp,$len,lsl#6 @ len to point at the end of inp vld1.8 {@X[0]},[$inp]! vld1.8 {@X[1]},[$inp]! @@ -490,11 +535,13 @@ $code.=<<___; ldr $t0,[sp,#72] sub $Ktbl,$Ktbl,#256 @ rewind $Ktbl teq $inp,$t0 + it eq subeq $inp,$inp,#64 @ avoid SEGV vld1.8 {@X[0]},[$inp]! @ load next input block vld1.8 {@X[1]},[$inp]! vld1.8 {@X[2]},[$inp]! vld1.8 {@X[3]},[$inp]! + it ne strne $inp,[sp,#68] mov $Xfer,sp ___ @@ -526,10 +573,12 @@ $code.=<<___; str $D,[$t1],#4 stmia $t1,{$E-$H} + ittte ne movne $Xfer,sp ldrne $t1,[sp,#0] eorne $t2,$t2,$t2 ldreq sp,[sp,#76] @ restore original sp + itt ne eorne $t3,$B,$C bne .L_00_48 @@ -548,13 +597,28 @@ my ($W0,$W1,$ABCD_SAVE,$EFGH_SAVE)=map("q$_",(12..15)); my $Ktbl="r3"; $code.=<<___; -#if __ARM_MAX_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) + +# if defined(__thumb2__) && !defined(__APPLE__) +# define INST(a,b,c,d) .byte c,d|0xc,a,b +# else +# define INST(a,b,c,d) .byte a,b,c,d +# endif + .type sha256_block_data_order_armv8,%function .align 5 sha256_block_data_order_armv8: .LARMv8: vld1.32 {$ABCD,$EFGH},[$ctx] - sub $Ktbl,r3,#sha256_block_data_order-K256 +# ifdef __APPLE__ + sub $Ktbl,$Ktbl,#256+32 +# elif defined(__thumb2__) + adr $Ktbl,.LARMv8 + sub $Ktbl,$Ktbl,#.LARMv8-K256 +# else + adrl $Ktbl,K256 +# endif + add $len,$inp,$len,lsl#6 @ len to point at the end of inp .Loop_v8: vld1.8 {@MSG[0]-@MSG[1]},[$inp]! @@ -607,6 +671,7 @@ $code.=<<___; vadd.i32 $ABCD,$ABCD,$ABCD_SAVE vadd.i32 $EFGH,$EFGH,$EFGH_SAVE + it ne bne .Loop_v8 vst1.32 {$ABCD,$EFGH},[$ctx] @@ -619,12 +684,20 @@ ___ $code.=<<___; .asciz "SHA256 block transform for ARMv4/NEON/ARMv8, CRYPTOGAMS by " .align 2 -#if __ARM_MAX_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) .comm OPENSSL_armcap_P,4,4 .hidden OPENSSL_armcap_P #endif ___ +open SELF,$0; +while() { + next if (/^#!/); + last if (!s/^#/@/ and !/^$/); + print; +} +close SELF; + { my %opcode = ( "sha256h" => 0xf3000c40, "sha256h2" => 0xf3100c40, "sha256su0" => 0xf3ba03c0, "sha256su1" => 0xf3200c40 ); @@ -639,7 +712,7 @@ ___ # since ARMv7 instructions are always encoded little-endian. # correct solution is to use .inst directive, but older # assemblers don't implement it:-( - sprintf ".byte\t0x%02x,0x%02x,0x%02x,0x%02x\t@ %s %s", + sprintf "INST(0x%02x,0x%02x,0x%02x,0x%02x)\t@ %s %s", $word&0xff,($word>>8)&0xff, ($word>>16)&0xff,($word>>24)&0xff, $mnemonic,$arg; diff --git a/src/crypto/sha/asm/sha512-armv4.pl b/src/crypto/sha/asm/sha512-armv4.pl index bfe28c4..2964a39 100644 --- a/src/crypto/sha/asm/sha512-armv4.pl +++ b/src/crypto/sha/asm/sha512-armv4.pl @@ -5,6 +5,8 @@ # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. +# +# Permission to use under GPL terms is granted. # ==================================================================== # SHA512 block procedure for ARMv4. September 2007. @@ -34,16 +36,9 @@ # terms it's 22.6 cycles per byte, which is disappointing result. # Technical writers asserted that 3-way S4 pipeline can sustain # multiple NEON instructions per cycle, but dual NEON issue could -# not be observed, and for NEON-only sequences IPC(*) was found to -# be limited by 1:-( 0.33 and 0.66 were measured for sequences with -# ILPs(*) of 1 and 2 respectively. This in turn means that you can -# even find yourself striving, as I did here, for achieving IPC -# adequate to one delivered by Cortex A8 [for reference, it's -# 0.5 for ILP of 1, and 1 for higher ILPs]. -# -# (*) ILP, instruction-level parallelism, how many instructions -# *can* execute at the same time. IPC, instructions per cycle, -# indicates how many instructions actually execute. +# not be observed, see http://www.openssl.org/~appro/Snapdragon-S4.html +# for further details. On side note Cortex-A15 processes one byte in +# 16 cycles. # Byte order [in]dependence. ========================================= # @@ -55,8 +50,20 @@ $hi="HI"; $lo="LO"; # ==================================================================== -while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} -open STDOUT,">$output"; +$flavour = shift; +if ($flavour=~/^\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; } +else { while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} } + +if ($flavour && $flavour ne "void") { + $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; + ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or + ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or + die "can't locate arm-xlate.pl"; + + open STDOUT,"| \"$^X\" $xlate $flavour $output"; +} else { + open STDOUT,">$output"; +} $ctx="r0"; # parameter block $inp="r1"; @@ -143,6 +150,9 @@ $code.=<<___; teq $t0,#$magic ldr $t3,[sp,#$Coff+0] @ c.lo +#if __ARM_ARCH__>=7 + it eq @ Thumb2 thing, sanity check in ARM +#endif orreq $Ktbl,$Ktbl,#1 @ Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) @ LO lo>>28^hi<<4 ^ hi>>2^lo<<30 ^ hi>>7^lo<<25 @@ -180,7 +190,17 @@ $code.=<<___; ___ } $code=<<___; -#include "arm_arch.h" +#ifndef __KERNEL__ +# include "arm_arch.h" +# define VFP_ABI_PUSH vstmdb sp!,{d8-d15} +# define VFP_ABI_POP vldmia sp!,{d8-d15} +#else +# define __ARM_ARCH__ __LINUX_ARM_ARCH__ +# define __ARM_MAX_ARCH__ 7 +# define VFP_ABI_PUSH +# define VFP_ABI_POP +#endif + #ifdef __ARMEL__ # define LO 0 # define HI 4 @@ -192,7 +212,18 @@ $code=<<___; #endif .text +#if __ARM_ARCH__<7 || defined(__APPLE__) .code 32 +#else +.syntax unified +# ifdef __thumb2__ +# define adrl adr +.thumb +# else +.code 32 +# endif +#endif + .type K512,%object .align 5 K512: @@ -237,9 +268,9 @@ WORD64(0x3c9ebe0a,0x15c9bebc, 0x431d67c4,0x9c100d4c) WORD64(0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a) WORD64(0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817) .size K512,.-K512 -#if __ARM_MAX_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) .LOPENSSL_armcap: -.word OPENSSL_armcap_P-sha512_block_data_order +.word OPENSSL_armcap_P-.Lsha512_block_data_order .skip 32-4 #else .skip 32 @@ -248,14 +279,22 @@ WORD64(0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817) .global sha512_block_data_order .type sha512_block_data_order,%function sha512_block_data_order: +.Lsha512_block_data_order: +#if __ARM_ARCH__<7 sub r3,pc,#8 @ sha512_block_data_order - add $len,$inp,$len,lsl#7 @ len to point at the end of inp -#if __ARM_MAX_ARCH__>=7 +#else + adr r3,sha512_block_data_order +#endif +#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) ldr r12,.LOPENSSL_armcap ldr r12,[r3,r12] @ OPENSSL_armcap_P +#ifdef __APPLE__ + ldr r12,[r12] +#endif tst r12,#1 bne .LNEON #endif + add $len,$inp,$len,lsl#7 @ len to point at the end of inp stmdb sp!,{r4-r12,lr} sub $Ktbl,r3,#672 @ K512 sub sp,sp,#9*8 @@ -369,6 +408,9 @@ $code.=<<___; ___ &BODY_00_15(0x17); $code.=<<___; +#if __ARM_ARCH__>=7 + ittt eq @ Thumb2 thing, sanity check in ARM +#endif ldreq $t0,[sp,#`$Xoff+8*(16-1)`+0] ldreq $t1,[sp,#`$Xoff+8*(16-1)`+4] beq .L16_79 @@ -453,6 +495,7 @@ $code.=<<___; moveq pc,lr @ be binary compatible with V4, yet bx lr @ interoperable with Thumb ISA:-) #endif +.size sha512_block_data_order,.-sha512_block_data_order ___ { @@ -559,11 +602,15 @@ $code.=<<___; .arch armv7-a .fpu neon +.global sha512_block_data_order_neon +.type sha512_block_data_order_neon,%function .align 4 +sha512_block_data_order_neon: .LNEON: dmb @ errata #451034 on early Cortex A8 - vstmdb sp!,{d8-d15} @ ABI specification says so - sub $Ktbl,r3,#672 @ K512 + add $len,$inp,$len,lsl#7 @ len to point at the end of inp + adr $Ktbl,K512 + VFP_ABI_PUSH vldmia $ctx,{$A-$H} @ load context .Loop_neon: ___ @@ -588,16 +635,16 @@ $code.=<<___; sub $Ktbl,#640 @ rewind K512 bne .Loop_neon - vldmia sp!,{d8-d15} @ epilogue + VFP_ABI_POP ret @ bx lr +.size sha512_block_data_order_neon,.-sha512_block_data_order_neon #endif ___ } $code.=<<___; -.size sha512_block_data_order,.-sha512_block_data_order .asciz "SHA512 block transform for ARMv4/NEON, CRYPTOGAMS by " .align 2 -#if __ARM_MAX_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) .comm OPENSSL_armcap_P,4,4 .hidden OPENSSL_armcap_P #endif @@ -606,5 +653,14 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; $code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm; # make it possible to compile with -march=armv4 $code =~ s/\bret\b/bx lr/gm; + +open SELF,$0; +while() { + next if (/^#!/); + last if (!s/^#/@/ and !/^$/); + print; +} +close SELF; + print $code; close STDOUT; # enforce flush diff --git a/src/crypto/sha/asm/sha512-armv8.pl b/src/crypto/sha/asm/sha512-armv8.pl index 5a9c812..43e7293 100644 --- a/src/crypto/sha/asm/sha512-armv8.pl +++ b/src/crypto/sha/asm/sha512-armv8.pl @@ -14,8 +14,10 @@ # # SHA256-hw SHA256(*) SHA512 # Apple A7 1.97 10.5 (+33%) 6.73 (-1%(**)) -# Cortex-A53 2.38 15.6 (+110%) 10.1 (+190%(***)) +# Cortex-A53 2.38 15.5 (+115%) 10.0 (+150%(***)) # Cortex-A57 2.31 11.6 (+86%) 7.51 (+260%(***)) +# Denver 2.01 10.5 (+26%) 6.70 (+8%) +# X-Gene 20.0 (+100%) 12.8 (+300%(***)) # # (*) Software SHA256 results are of lesser relevance, presented # mostly for informational purposes. @@ -25,12 +27,24 @@ # (***) Super-impressive coefficients over gcc-generated code are # indication of some compiler "pathology", most notably code # generated with -mgeneral-regs-only is significanty faster -# and lags behind assembly only by 50-90%. +# and the gap is only 40-90%. $flavour=shift; +# Unlike most perlasm files, sha512-armv8.pl takes an additional argument to +# determine which hash function to emit. This differs from upstream OpenSSL so +# that the script may continue to output to stdout. +$variant=shift; $output=shift; -if ($output =~ /512/) { +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or +die "can't locate arm-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +if ($variant eq "sha512") { $BITS=512; $SZ=8; @Sigma0=(28,34,39); @@ -39,7 +53,7 @@ if ($output =~ /512/) { @sigma1=(19,61, 6); $rounds=80; $reg_t="x"; -} else { +} elsif ($variant eq "sha256") { $BITS=256; $SZ=4; @Sigma0=( 2,13,22); @@ -48,6 +62,8 @@ if ($output =~ /512/) { @sigma1=(17,19,10); $rounds=64; $reg_t="w"; +} else { + die "Unknown variant: $variant"; } $func="sha${BITS}_block_data_order"; @@ -152,6 +168,7 @@ $code.=<<___; .text +.extern OPENSSL_armcap_P .globl $func .type $func,%function .align 6 @@ -181,7 +198,7 @@ $code.=<<___; ldp $E,$F,[$ctx,#4*$SZ] add $num,$inp,$num,lsl#`log(16*$SZ)/log(2)` // end of input ldp $G,$H,[$ctx,#6*$SZ] - adr $Ktbl,K$BITS + adr $Ktbl,.LK$BITS stp $ctx,$num,[x29,#96] .Loop: @@ -231,8 +248,8 @@ $code.=<<___; .size $func,.-$func .align 6 -.type K$BITS,%object -K$BITS: +.type .LK$BITS,%object +.LK$BITS: ___ $code.=<<___ if ($SZ==8); .quad 0x428a2f98d728ae22,0x7137449123ef65cd @@ -297,7 +314,7 @@ $code.=<<___ if ($SZ==4); .long 0 //terminator ___ $code.=<<___; -.size K$BITS,.-K$BITS +.size .LK$BITS,.-.LK$BITS .align 3 .LOPENSSL_armcap_P: .quad OPENSSL_armcap_P-. @@ -322,7 +339,7 @@ sha256_block_armv8: add x29,sp,#0 ld1.32 {$ABCD,$EFGH},[$ctx] - adr $Ktbl,K256 + adr $Ktbl,.LK256 .Loop_hw: ld1 {@MSG[0]-@MSG[3]},[$inp],#64 diff --git a/src/crypto/sha/sha1.c b/src/crypto/sha/sha1.c index 7595bc8..60d09f6 100644 --- a/src/crypto/sha/sha1.c +++ b/src/crypto/sha/sha1.c @@ -367,8 +367,9 @@ static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num) { c->h3 = (c->h3 + B) & 0xffffffffL; c->h4 = (c->h4 + C) & 0xffffffffL; - if (--num == 0) + if (--num == 0) { break; + } A = c->h0; B = c->h1; diff --git a/src/crypto/sha/sha512.c b/src/crypto/sha/sha512.c index 59be8c1..2acefb1 100644 --- a/src/crypto/sha/sha512.c +++ b/src/crypto/sha/sha512.c @@ -189,8 +189,9 @@ int SHA512_Update(SHA512_CTX *c, const void *in_data, size_t len) { uint8_t *p = c->u.p; const uint8_t *data = (const uint8_t *)in_data; - if (len == 0) + if (len == 0) { return 1; + } l = (c->Nl + (((uint64_t)len) << 3)) & OPENSSL_U64(0xffffffffffffffff); if (l < c->Nl) { @@ -218,14 +219,21 @@ int SHA512_Update(SHA512_CTX *c, const void *in_data, size_t len) { if (len >= sizeof(c->u)) { #ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA - if ((size_t)data % sizeof(c->u.d[0]) != 0) - while (len >= sizeof(c->u)) - memcpy(p, data, sizeof(c->u)), sha512_block_data_order(c, p, 1), - len -= sizeof(c->u), data += sizeof(c->u); - else + if ((size_t)data % sizeof(c->u.d[0]) != 0) { + while (len >= sizeof(c->u)) { + memcpy(p, data, sizeof(c->u)); + sha512_block_data_order(c, p, 1); + len -= sizeof(c->u); + data += sizeof(c->u); + } + } else #endif - sha512_block_data_order(c, data, len / sizeof(c->u)), data += len, - len %= sizeof(c->u), data -= len; + { + sha512_block_data_order(c, data, len / sizeof(c->u)); + data += len; + len %= sizeof(c->u); + data -= len; + } } if (len != 0) { diff --git a/src/crypto/stack/make_macros.sh b/src/crypto/stack/make_macros.sh index f72aa33..4837e44 100644 --- a/src/crypto/stack/make_macros.sh +++ b/src/crypto/stack/make_macros.sh @@ -86,6 +86,9 @@ output_stack () { #define sk_${type}_set_cmp_func(sk, comp)\\ ((int (*) (const ${type} **a, const ${type} **b)) sk_set_cmp_func(CHECKED_CAST(_STACK*, STACK_OF(${type})*, sk), CHECKED_CAST(stack_cmp_func, int (*) (const ${type} **a, const ${type} **b), comp))) +#define sk_${type}_deep_copy(sk, copy_func, free_func)\\ +((STACK_OF(${type})*) sk_deep_copy(CHECKED_CAST(const _STACK*, const STACK_OF(${type})*, sk), CHECKED_CAST(void* (*) (void*), ${ptrtype} (*) (${ptrtype}), copy_func), CHECKED_CAST(void (*) (void*), void (*) (${ptrtype}), free_func))) + EOF } diff --git a/src/crypto/stack/stack.c b/src/crypto/stack/stack.c index 0b336ba..c584515 100644 --- a/src/crypto/stack/stack.c +++ b/src/crypto/stack/stack.c @@ -86,9 +86,7 @@ _STACK *sk_new(stack_cmp_func comp) { return ret; err: - if (ret) { - OPENSSL_free(ret); - } + OPENSSL_free(ret); return NULL; } @@ -232,7 +230,7 @@ int sk_find(_STACK *sk, size_t *out_index, void *p) { int (*comp_func)(const void *,const void *); if (sk == NULL) { - return -1; + return 0; } if (sk->comp == NULL) { @@ -324,9 +322,7 @@ _STACK *sk_dup(const _STACK *sk) { return ret; err: - if (ret) { - sk_free(ret); - } + sk_free(ret); return NULL; } @@ -360,3 +356,31 @@ stack_cmp_func sk_set_cmp_func(_STACK *sk, stack_cmp_func comp) { return old; } + +_STACK *sk_deep_copy(const _STACK *sk, void *(*copy_func)(void *), + void (*free_func)(void *)) { + _STACK *ret = sk_dup(sk); + if (ret == NULL) { + return NULL; + } + + size_t i; + for (i = 0; i < ret->num; i++) { + if (ret->data[i] == NULL) { + continue; + } + ret->data[i] = copy_func(ret->data[i]); + if (ret->data[i] == NULL) { + size_t j; + for (j = 0; j < i; j++) { + if (ret->data[j] != NULL) { + free_func(ret->data[j]); + } + } + sk_free(ret); + return NULL; + } + } + + return ret; +} diff --git a/src/crypto/test/CMakeLists.txt b/src/crypto/test/CMakeLists.txt new file mode 100644 index 0000000..0d5ca81 --- /dev/null +++ b/src/crypto/test/CMakeLists.txt @@ -0,0 +1,7 @@ +add_library( + test_support + + OBJECT + + file_test.cc +) diff --git a/src/crypto/test/file_test.cc b/src/crypto/test/file_test.cc new file mode 100644 index 0000000..12405f2 --- /dev/null +++ b/src/crypto/test/file_test.cc @@ -0,0 +1,326 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include "file_test.h" + +#include +#include +#include +#include + +#include + +#include "stl_compat.h" + + +FileTest::FileTest(const char *path) { + file_ = fopen(path, "r"); + if (file_ == nullptr) { + fprintf(stderr, "Could not open file %s: %s.\n", path, strerror(errno)); + } +} + +FileTest::~FileTest() { + if (file_ != nullptr) { + fclose(file_); + } +} + +// FindDelimiter returns a pointer to the first '=' or ':' in |str| or nullptr +// if there is none. +static const char *FindDelimiter(const char *str) { + while (*str) { + if (*str == ':' || *str == '=') { + return str; + } + str++; + } + return nullptr; +} + +// StripSpace returns a string containing up to |len| characters from |str| with +// leading and trailing whitespace removed. +static std::string StripSpace(const char *str, size_t len) { + // Remove leading space. + while (len > 0 && isspace(*str)) { + str++; + len--; + } + while (len > 0 && isspace(str[len-1])) { + len--; + } + return std::string(str, len); +} + +FileTest::ReadResult FileTest::ReadNext() { + // If the previous test had unused attributes or block, it is an error. + if (!unused_attributes_.empty()) { + for (const std::string &key : unused_attributes_) { + PrintLine("Unused attribute: %s", key.c_str()); + } + return kReadError; + } + if (!block_.empty() && !used_block_) { + PrintLine("Unused block"); + return kReadError; + } + + ClearTest(); + + bool in_block = false; + while (true) { + // Read the next line. + char buf[4096]; + if (fgets(buf, sizeof(buf), file_) == nullptr) { + if (feof(file_)) { + if (in_block) { + fprintf(stderr, "Unterminated block.\n"); + return kReadError; + } + // EOF is a valid terminator for a test. + return start_line_ > 0 ? kReadSuccess : kReadEOF; + } + fprintf(stderr, "Error reading from input.\n"); + return kReadError; + } + + line_++; + size_t len = strlen(buf); + // Check for truncation. + if (len > 0 && buf[len - 1] != '\n' && !feof(file_)) { + fprintf(stderr, "Line %u too long.\n", line_); + return kReadError; + } + + bool is_delimiter = strncmp(buf, "---", 3) == 0; + if (in_block) { + block_ += buf; + if (is_delimiter) { + // Ending the block completes the test. + return kReadSuccess; + } + } else if (is_delimiter) { + if (start_line_ == 0) { + fprintf(stderr, "Line %u: Unexpected block.\n", line_); + return kReadError; + } + in_block = true; + block_ += buf; + } else if (buf[0] == '\n' || buf[0] == '\0') { + // Empty lines delimit tests. + if (start_line_ > 0) { + return kReadSuccess; + } + } else if (buf[0] != '#') { // Comment lines are ignored. + // Parse the line as an attribute. + const char *delimiter = FindDelimiter(buf); + if (delimiter == nullptr) { + fprintf(stderr, "Line %u: Could not parse attribute.\n", line_); + } + std::string key = StripSpace(buf, delimiter - buf); + std::string value = StripSpace(delimiter + 1, + buf + len - delimiter - 1); + + unused_attributes_.insert(key); + attributes_[key] = value; + if (start_line_ == 0) { + // This is the start of a test. + type_ = key; + parameter_ = value; + start_line_ = line_; + } + } + } +} + +void FileTest::PrintLine(const char *format, ...) { + va_list args; + va_start(args, format); + + fprintf(stderr, "Line %u: ", start_line_); + vfprintf(stderr, format, args); + fprintf(stderr, "\n"); + + va_end(args); +} + +const std::string &FileTest::GetType() { + OnKeyUsed(type_); + return type_; +} + +const std::string &FileTest::GetParameter() { + OnKeyUsed(type_); + return parameter_; +} + +const std::string &FileTest::GetBlock() { + used_block_ = true; + return block_; +} + +bool FileTest::HasAttribute(const std::string &key) { + OnKeyUsed(key); + return attributes_.count(key) > 0; +} + +bool FileTest::GetAttribute(std::string *out_value, const std::string &key) { + OnKeyUsed(key); + auto iter = attributes_.find(key); + if (iter == attributes_.end()) { + PrintLine("Missing attribute '%s'.", key.c_str()); + return false; + } + *out_value = iter->second; + return true; +} + +const std::string &FileTest::GetAttributeOrDie(const std::string &key) { + if (!HasAttribute(key)) { + abort(); + } + return attributes_[key]; +} + +static bool FromHexDigit(uint8_t *out, char c) { + if ('0' <= c && c <= '9') { + *out = c - '0'; + return true; + } + if ('a' <= c && c <= 'f') { + *out = c - 'a' + 10; + return true; + } + if ('A' <= c && c <= 'F') { + *out = c - 'A' + 10; + return true; + } + return false; +} + +bool FileTest::GetBytes(std::vector *out, const std::string &key) { + std::string value; + if (!GetAttribute(&value, key)) { + return false; + } + + if (value.size() >= 2 && value[0] == '"' && value[value.size() - 1] == '"') { + out->assign(value.begin() + 1, value.end() - 1); + return true; + } + + if (value.size() % 2 != 0) { + PrintLine("Error decoding value: %s", value.c_str()); + return false; + } + out->reserve(value.size() / 2); + for (size_t i = 0; i < value.size(); i += 2) { + uint8_t hi, lo; + if (!FromHexDigit(&hi, value[i]) || !FromHexDigit(&lo, value[i+1])) { + PrintLine("Error decoding value: %s", value.c_str()); + return false; + } + out->push_back((hi << 4) | lo); + } + return true; +} + +static std::string EncodeHex(const uint8_t *in, size_t in_len) { + static const char kHexDigits[] = "0123456789abcdef"; + std::string ret; + ret.reserve(in_len * 2); + for (size_t i = 0; i < in_len; i++) { + ret += kHexDigits[in[i] >> 4]; + ret += kHexDigits[in[i] & 0xf]; + } + return ret; +} + +bool FileTest::ExpectBytesEqual(const uint8_t *expected, size_t expected_len, + const uint8_t *actual, size_t actual_len) { + if (expected_len == actual_len && + memcmp(expected, actual, expected_len) == 0) { + return true; + } + + std::string expected_hex = EncodeHex(expected, expected_len); + std::string actual_hex = EncodeHex(actual, actual_len); + PrintLine("Expected: %s", expected_hex.c_str()); + PrintLine("Actual: %s", actual_hex.c_str()); + return false; +} + +void FileTest::ClearTest() { + start_line_ = 0; + type_.clear(); + parameter_.clear(); + attributes_.clear(); + block_.clear(); + unused_attributes_.clear(); + used_block_ = false; +} + +void FileTest::OnKeyUsed(const std::string &key) { + unused_attributes_.erase(key); +} + +int FileTestMain(bool (*run_test)(FileTest *t, void *arg), void *arg, + const char *path) { + FileTest t(path); + if (!t.is_open()) { + return 1; + } + + bool failed = false; + while (true) { + FileTest::ReadResult ret = t.ReadNext(); + if (ret == FileTest::kReadError) { + return 1; + } else if (ret == FileTest::kReadEOF) { + break; + } + + bool result = run_test(&t, arg); + if (t.HasAttribute("Error")) { + if (result) { + t.PrintLine("Operation unexpectedly succeeded."); + failed = true; + continue; + } + uint32_t err = ERR_peek_error(); + if (ERR_reason_error_string(err) != t.GetAttributeOrDie("Error")) { + t.PrintLine("Unexpected error; wanted '%s', got '%s'.", + t.GetAttributeOrDie("Error").c_str(), + ERR_reason_error_string(err)); + failed = true; + continue; + } + ERR_clear_error(); + } else if (!result) { + // In case the test itself doesn't print output, print something so the + // line number is reported. + t.PrintLine("Test failed"); + ERR_print_errors_fp(stderr); + failed = true; + continue; + } + } + + if (failed) { + return 1; + } + + printf("PASS\n"); + return 0; +} diff --git a/src/crypto/test/file_test.h b/src/crypto/test/file_test.h new file mode 100644 index 0000000..7303d8a --- /dev/null +++ b/src/crypto/test/file_test.h @@ -0,0 +1,166 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#ifndef OPENSSL_HEADER_CRYPTO_TEST_FILE_TEST_H +#define OPENSSL_HEADER_CRYPTO_TEST_FILE_TEST_H + +#include +#include + +#include +#include +#include +#include + + +// File-based test framework. +// +// This module provides a file-based test framework. The file format is based on +// that of OpenSSL upstream's evp_test and BoringSSL's aead_test. Each input +// file is a sequence of attributes, blocks, and blank lines. +// +// Each attribute has the form: +// +// Name = Value +// +// Either '=' or ':' may be used to delimit the name from the value. Both the +// name and value have leading and trailing spaces stripped. +// +// Blocks are delimited by lines beginning with three hyphens, "---". One such +// line begins a block and another ends it. Blocks are intended as a convenient +// way to embed PEM data and include their delimiters. +// +// Outside a block, lines beginning with # are ignored. +// +// A test is a sequence of one or more attributes followed by a block or blank +// line. Blank lines are otherwise ignored. For tests that process multiple +// kinds of test cases, the first attribute is parsed out as the test's type and +// parameter. Otherwise, attributes are unordered. The first attribute is also +// included in the set of attributes, so tests which do not dispatch may ignore +// this mechanism. +// +// Functions in this module freely output to |stderr| on failure. Tests should +// also do so, and it is recommended they include the corresponding test's line +// number in any output. |PrintLine| does this automatically. +// +// Each attribute in a test must be consumed. When a test completes, if any +// attributes haven't been processed, the framework reports an error. + + +class FileTest { + public: + explicit FileTest(const char *path); + ~FileTest(); + + // is_open returns true if the file was successfully opened. + bool is_open() const { return file_ != nullptr; } + + enum ReadResult { + kReadSuccess, + kReadEOF, + kReadError, + }; + + // ReadNext reads the next test from the file. It returns |kReadSuccess| if + // successfully reading a test and |kReadEOF| at the end of the file. On + // error or if the previous test had unconsumed attributes, it returns + // |kReadError|. + ReadResult ReadNext(); + + // PrintLine is a variant of printf which prepends the line number and appends + // a trailing newline. + void PrintLine(const char *format, ...) +#ifdef __GNUC__ + __attribute__((__format__(__printf__, 2, 3))) +#endif + ; + + unsigned start_line() const { return start_line_; } + + // GetType returns the name of the first attribute of the current test. + const std::string &GetType(); + // GetParameter returns the value of the first attribute of the current test. + const std::string &GetParameter(); + // GetBlock returns the optional block of the current test, or the empty + // if there was no block. + const std::string &GetBlock(); + + // HasAttribute returns true if the current test has an attribute named |key|. + bool HasAttribute(const std::string &key); + + // GetAttribute looks up the attribute with key |key|. It sets |*out_value| to + // the value and returns true if it exists and returns false with an error to + // |stderr| otherwise. + bool GetAttribute(std::string *out_value, const std::string &key); + + // GetAttributeOrDie looks up the attribute with key |key| and aborts if it is + // missing. It only be used after a |HasAttribute| call. + const std::string &GetAttributeOrDie(const std::string &key); + + // GetBytes looks up the attribute with key |key| and decodes it as a byte + // string. On success, it writes the result to |*out| and returns + // true. Otherwise it returns false with an error to |stderr|. The value may + // be either a hexadecimal string or a quoted ASCII string. It returns true on + // success and returns false with an error to |stderr| on failure. + bool GetBytes(std::vector *out, const std::string &key); + + // ExpectBytesEqual returns true if |expected| and |actual| are equal. + // Otherwise, it returns false and prints a message to |stderr|. + bool ExpectBytesEqual(const uint8_t *expected, size_t expected_len, + const uint8_t *actual, size_t actual_len); + + private: + void ClearTest(); + void OnKeyUsed(const std::string &key); + + FILE *file_ = nullptr; + // line_ is the number of lines read. + unsigned line_ = 0; + + // start_line_ is the line number of the first attribute of the test. + unsigned start_line_ = 0; + // type_ is the name of the first attribute of the test. + std::string type_; + // parameter_ is the value of the first attribute. + std::string parameter_; + // attributes_ contains all attributes in the test, including the first. + std::map attributes_; + // block_, if non-empty, is the test's optional trailing block. + std::string block_; + + // unused_attributes_ is the set of attributes that have been queried. + std::set unused_attributes_; + // used_block_ is true if the block has been queried. + bool used_block_ = false; + + FileTest(const FileTest&) = delete; + FileTest &operator=(const FileTest&) = delete; +}; + +// FileTestMain runs a file-based test out of |path| and returns an exit code +// suitable to return out of |main|. |run_test| should return true on pass and +// false on failure. FileTestMain also implements common handling of the 'Error' +// attribute. A test with that attribute is expected to fail. The value of the +// attribute is the reason string of the expected OpenSSL error code. +// +// Tests are guaranteed to run serially and may affect global state if need be. +// It is legal to use "tests" which, for example, import a private key into a +// list of keys. This may be used to initialize a shared set of keys for many +// tests. However, if one test fails, the framework will continue to run +// subsequent tests. +int FileTestMain(bool (*run_test)(FileTest *t, void *arg), void *arg, + const char *path); + + +#endif /* OPENSSL_HEADER_CRYPTO_TEST_FILE_TEST_H */ diff --git a/src/crypto/test/scoped_types.h b/src/crypto/test/scoped_types.h new file mode 100644 index 0000000..eb04c18 --- /dev/null +++ b/src/crypto/test/scoped_types.h @@ -0,0 +1,120 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#ifndef OPENSSL_HEADER_CRYPTO_TEST_SCOPED_TYPES_H +#define OPENSSL_HEADER_CRYPTO_TEST_SCOPED_TYPES_H + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "stl_compat.h" + + +template +struct OpenSSLDeleter { + void operator()(T *obj) { + func(obj); + } +}; + +template +struct OpenSSLStackDeleter { + void operator()(StackType *obj) { + sk_pop_free(reinterpret_cast<_STACK*>(obj), + reinterpret_cast(func)); + } +}; + +template +struct OpenSSLFree { + void operator()(T *buf) { + OPENSSL_free(buf); + } +}; + +template +using ScopedOpenSSLType = bssl::unique_ptr>; + +template +using ScopedOpenSSLStack = + bssl::unique_ptr>; + +template +class ScopedOpenSSLContext { + public: + ScopedOpenSSLContext() { + init_func(&ctx_); + } + ~ScopedOpenSSLContext() { + cleanup_func(&ctx_); + } + + T *get() { return &ctx_; } + const T *get() const { return &ctx_; } + + void Reset() { + cleanup_func(&ctx_); + init_func(&ctx_); + } + + private: + T ctx_; +}; + +using ScopedBIO = ScopedOpenSSLType; +using ScopedBIGNUM = ScopedOpenSSLType; +using ScopedBN_CTX = ScopedOpenSSLType; +using ScopedBN_MONT_CTX = ScopedOpenSSLType; +using ScopedCMAC_CTX = ScopedOpenSSLType; +using ScopedDH = ScopedOpenSSLType; +using ScopedECDSA_SIG = ScopedOpenSSLType; +using ScopedEC_GROUP = ScopedOpenSSLType; +using ScopedEC_KEY = ScopedOpenSSLType; +using ScopedEC_POINT = ScopedOpenSSLType; +using ScopedEVP_PKEY = ScopedOpenSSLType; +using ScopedEVP_PKEY_CTX = ScopedOpenSSLType; +using ScopedPKCS8_PRIV_KEY_INFO = ScopedOpenSSLType; +using ScopedPKCS12 = ScopedOpenSSLType; +using ScopedRSA = ScopedOpenSSLType; +using ScopedX509 = ScopedOpenSSLType; +using ScopedX509_ALGOR = ScopedOpenSSLType; + +using ScopedX509Stack = ScopedOpenSSLStack; + +using ScopedEVP_MD_CTX = ScopedOpenSSLContext; +using ScopedHMAC_CTX = ScopedOpenSSLContext; + +using ScopedOpenSSLBytes = bssl::unique_ptr>; +using ScopedOpenSSLString = bssl::unique_ptr>; + + +#endif // OPENSSL_HEADER_CRYPTO_TEST_SCOPED_TYPES_H diff --git a/src/crypto/test/stl_compat.h b/src/crypto/test/stl_compat.h new file mode 100644 index 0000000..1997a45 --- /dev/null +++ b/src/crypto/test/stl_compat.h @@ -0,0 +1,144 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#ifndef OPENSSL_HEADER_CRYPTO_TEST_STL_COMPAT_H +#define OPENSSL_HEADER_CRYPTO_TEST_STL_COMPAT_H + +#include + +#include + + +// This header contains re-implementations of library functions from C++11. They +// will be replaced with their standard counterparts once Chromium has C++11 +// library support in its toolchain. + +namespace bssl { + +// vector_data is a reimplementation of |std::vector::data| from C++11. +template +static T *vector_data(std::vector *out) { + return out->empty() ? nullptr : &(*out)[0]; +} + +template +static const T *vector_data(const std::vector *out) { + return out->empty() ? nullptr : &(*out)[0]; +} + +// remove_reference is a reimplementation of |std::remove_reference| from C++11. +template +struct remove_reference { + using type = T; +}; + +template +struct remove_reference { + using type = T; +}; + +template +struct remove_reference { + using type = T; +}; + +// move is a reimplementation of |std::move| from C++11. +template +typename remove_reference::type &&move(T &&t) { + return static_cast::type&&>(t); +} + +// default_delete is a partial reimplementation of |std::default_delete| from +// C++11. +template +struct default_delete { + void operator()(T *t) const { + enum { type_must_be_complete = sizeof(T) }; + delete t; + } +}; + +// nullptr_t is |std::nullptr_t| from C++11. +using nullptr_t = decltype(nullptr); + +// unique_ptr is a partial reimplementation of |std::unique_ptr| from C++11. It +// intentionally does not support stateful deleters to avoid having to bother +// with the empty member optimization. +template > +class unique_ptr { + public: + unique_ptr() : ptr_(nullptr) {} + unique_ptr(nullptr_t) : ptr_(nullptr) {} + unique_ptr(T *ptr) : ptr_(ptr) {} + unique_ptr(const unique_ptr &u) = delete; + + unique_ptr(unique_ptr &&u) : ptr_(nullptr) { + reset(u.release()); + } + + ~unique_ptr() { + reset(); + } + + unique_ptr &operator=(nullptr_t) { + reset(); + return *this; + } + + unique_ptr &operator=(unique_ptr &&u) { + reset(u.release()); + return *this; + } + + unique_ptr& operator=(const unique_ptr &u) = delete; + + explicit operator bool() const { + return ptr_ != nullptr; + } + + T &operator*() const { + assert(ptr_ != nullptr); + return *ptr_; + } + + T *operator->() const { + assert(ptr_ != nullptr); + return ptr_; + } + + T *get() const { + return ptr_; + } + + T *release() { + T *ptr = ptr_; + ptr_ = nullptr; + return ptr; + } + + void reset(T *ptr = nullptr) { + if (ptr_ != nullptr) { + Deleter()(ptr_); + } + ptr_ = ptr; + } + + private: + T *ptr_; +}; + +} // namespace bssl + + +#endif // OPENSSL_HEADER_CRYPTO_TEST_STL_COMPAT_H diff --git a/src/crypto/thread.c b/src/crypto/thread.c index 024993e..abc8b6f 100644 --- a/src/crypto/thread.c +++ b/src/crypto/thread.c @@ -56,44 +56,34 @@ #include -#include #include -#if defined(OPENSSL_WINDOWS) +#if !defined(OPENSSL_WINDOWS) +#include +#else #pragma warning(push, 3) #include #pragma warning(pop) #endif #include -#include +#define CRYPTO_LOCK_ITEM(x) #x + /* lock_names contains the names of all the locks defined in thread.h. */ static const char *const lock_names[] = { - "<>", "err", "ex_data", "x509", - "x509_info", "x509_pkey", "x509_crl", "x509_req", - "dsa", "rsa", "evp_pkey", "x509_store", - "ssl_ctx", "ssl_cert", "ssl_session", "ssl_sess_cert", - "ssl", "ssl_method", "rand", "rand2", - "debug_malloc", "BIO", "gethostbyname", "getservbyname", - "readdir", "RSA_blinding", "dh", "debug_malloc2", - "dso", "dynlock", "engine", "ui", - "ecdsa", "ec", "ecdh", "bn", - "ec_pre_comp", "store", "comp", "fips", - "fips2", "obj", + CRYPTO_LOCK_LIST }; -OPENSSL_COMPILE_ASSERT(CRYPTO_NUM_LOCKS == - sizeof(lock_names) / sizeof(lock_names[0]), - CRYPTO_NUM_LOCKS_inconsistent); +#undef CRYPTO_LOCK_ITEM + +#define CRYPTO_NUM_LOCKS (sizeof(lock_names) / sizeof(lock_names[0])) static void (*locking_callback)(int mode, int lock_num, const char *file, int line) = 0; static int (*add_lock_callback)(int *pointer, int amount, int lock_num, const char *file, int line) = 0; -static void (*threadid_callback)(CRYPTO_THREADID *) = 0; - int CRYPTO_num_locks(void) { return CRYPTO_NUM_LOCKS; } @@ -115,23 +105,13 @@ const char *CRYPTO_get_lock_name(int lock_num) { } } -int CRYPTO_THREADID_set_callback(void (*func)(CRYPTO_THREADID *)) { - if (threadid_callback) { - return 0; - } - threadid_callback = func; - return 1; -} +int CRYPTO_THREADID_set_callback(void (*func)(CRYPTO_THREADID *)) { return 1; } -void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val) { - memset(id, 0, sizeof(*id)); - id->val = val; -} +void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val) {} -void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr) { - memset(id, 0, sizeof(*id)); - id->ptr = ptr; -} +void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr) {} + +void CRYPTO_THREADID_current(CRYPTO_THREADID *id) {} void (*CRYPTO_get_locking_callback(void))(int mode, int lock_num, const char *file, int line) { @@ -165,32 +145,6 @@ int CRYPTO_add_lock(int *pointer, int amount, int lock_num, const char *file, return ret; } -void CRYPTO_THREADID_current(CRYPTO_THREADID *id) { - if (threadid_callback) { - threadid_callback(id); - return; - } - -#if defined(OPENSSL_WINDOWS) - CRYPTO_THREADID_set_numeric(id, (unsigned long)GetCurrentThreadId()); -#else - /* For everything else, default to using the address of 'errno' */ - CRYPTO_THREADID_set_pointer(id, (void *)&errno); -#endif -} - -int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b) { - return memcmp(a, b, sizeof(*a)); -} - -void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src) { - memcpy(dest, src, sizeof(*src)); -} - -uint32_t CRYPTO_THREADID_hash(const CRYPTO_THREADID *id) { - return OPENSSL_hash32(id, sizeof(CRYPTO_THREADID)); -} - void CRYPTO_set_id_callback(unsigned long (*func)(void)) {} void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *( diff --git a/src/crypto/thread_none.c b/src/crypto/thread_none.c new file mode 100644 index 0000000..cf4e85a --- /dev/null +++ b/src/crypto/thread_none.c @@ -0,0 +1,55 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include "internal.h" + +#if defined(OPENSSL_NO_THREADS) + +void CRYPTO_MUTEX_init(CRYPTO_MUTEX *lock) {} + +void CRYPTO_MUTEX_lock_read(CRYPTO_MUTEX *lock) {} + +void CRYPTO_MUTEX_lock_write(CRYPTO_MUTEX *lock) {} + +void CRYPTO_MUTEX_unlock(CRYPTO_MUTEX *lock) {} + +void CRYPTO_MUTEX_cleanup(CRYPTO_MUTEX *lock) {} + +void CRYPTO_STATIC_MUTEX_lock_read(struct CRYPTO_STATIC_MUTEX *lock) {} + +void CRYPTO_STATIC_MUTEX_lock_write(struct CRYPTO_STATIC_MUTEX *lock) {} + +void CRYPTO_STATIC_MUTEX_unlock(struct CRYPTO_STATIC_MUTEX *lock) {} + +void CRYPTO_once(CRYPTO_once_t *once, void (*init)(void)) { + if (*once) { + return; + } + *once = 1; + init(); +} + +static void *g_thread_locals[NUM_OPENSSL_THREAD_LOCALS]; + +void *CRYPTO_get_thread_local(thread_local_data_t index) { + return g_thread_locals[index]; +} + +int CRYPTO_set_thread_local(thread_local_data_t index, void *value, + thread_local_destructor_t destructor) { + g_thread_locals[index] = value; + return 1; +} + +#endif /* OPENSSL_NO_THREADS */ diff --git a/src/crypto/thread_pthread.c b/src/crypto/thread_pthread.c new file mode 100644 index 0000000..59c4b8d --- /dev/null +++ b/src/crypto/thread_pthread.c @@ -0,0 +1,162 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include "internal.h" + +#if !defined(OPENSSL_WINDOWS) && !defined(OPENSSL_NO_THREADS) + +#include +#include +#include + +#include +#include + + +OPENSSL_COMPILE_ASSERT(sizeof(CRYPTO_MUTEX) >= sizeof(pthread_rwlock_t), + CRYPTO_MUTEX_too_small); + +void CRYPTO_MUTEX_init(CRYPTO_MUTEX *lock) { + if (pthread_rwlock_init((pthread_rwlock_t *) lock, NULL) != 0) { + abort(); + } +} + +void CRYPTO_MUTEX_lock_read(CRYPTO_MUTEX *lock) { + if (pthread_rwlock_rdlock((pthread_rwlock_t *) lock) != 0) { + abort(); + } +} + +void CRYPTO_MUTEX_lock_write(CRYPTO_MUTEX *lock) { + if (pthread_rwlock_wrlock((pthread_rwlock_t *) lock) != 0) { + abort(); + } +} + +void CRYPTO_MUTEX_unlock(CRYPTO_MUTEX *lock) { + if (pthread_rwlock_unlock((pthread_rwlock_t *) lock) != 0) { + abort(); + } +} + +void CRYPTO_MUTEX_cleanup(CRYPTO_MUTEX *lock) { + pthread_rwlock_destroy((pthread_rwlock_t *) lock); +} + +void CRYPTO_STATIC_MUTEX_lock_read(struct CRYPTO_STATIC_MUTEX *lock) { + if (pthread_rwlock_rdlock(&lock->lock) != 0) { + abort(); + } +} + +void CRYPTO_STATIC_MUTEX_lock_write(struct CRYPTO_STATIC_MUTEX *lock) { + if (pthread_rwlock_wrlock(&lock->lock) != 0) { + abort(); + } +} + +void CRYPTO_STATIC_MUTEX_unlock(struct CRYPTO_STATIC_MUTEX *lock) { + if (pthread_rwlock_unlock(&lock->lock) != 0) { + abort(); + } +} + +void CRYPTO_once(CRYPTO_once_t *once, void (*init)(void)) { + pthread_once(once, init); +} + +static pthread_mutex_t g_destructors_lock = PTHREAD_MUTEX_INITIALIZER; +static thread_local_destructor_t g_destructors[NUM_OPENSSL_THREAD_LOCALS]; + +static void thread_local_destructor(void *arg) { + if (arg == NULL) { + return; + } + + thread_local_destructor_t destructors[NUM_OPENSSL_THREAD_LOCALS]; + if (pthread_mutex_lock(&g_destructors_lock) != 0) { + return; + } + memcpy(destructors, g_destructors, sizeof(destructors)); + pthread_mutex_unlock(&g_destructors_lock); + + unsigned i; + void **pointers = arg; + for (i = 0; i < NUM_OPENSSL_THREAD_LOCALS; i++) { + if (destructors[i] != NULL) { + destructors[i](pointers[i]); + } + } + + OPENSSL_free(pointers); +} + +static pthread_once_t g_thread_local_init_once = PTHREAD_ONCE_INIT; +static pthread_key_t g_thread_local_key; +static int g_thread_local_failed = 0; + +static void thread_local_init(void) { + g_thread_local_failed = + pthread_key_create(&g_thread_local_key, thread_local_destructor) != 0; +} + +void *CRYPTO_get_thread_local(thread_local_data_t index) { + CRYPTO_once(&g_thread_local_init_once, thread_local_init); + if (g_thread_local_failed) { + return NULL; + } + + void **pointers = pthread_getspecific(g_thread_local_key); + if (pointers == NULL) { + return NULL; + } + return pointers[index]; +} + +int CRYPTO_set_thread_local(thread_local_data_t index, void *value, + thread_local_destructor_t destructor) { + CRYPTO_once(&g_thread_local_init_once, thread_local_init); + if (g_thread_local_failed) { + destructor(value); + return 0; + } + + void **pointers = pthread_getspecific(g_thread_local_key); + if (pointers == NULL) { + pointers = OPENSSL_malloc(sizeof(void *) * NUM_OPENSSL_THREAD_LOCALS); + if (pointers == NULL) { + destructor(value); + return 0; + } + memset(pointers, 0, sizeof(void *) * NUM_OPENSSL_THREAD_LOCALS); + if (pthread_setspecific(g_thread_local_key, pointers) != 0) { + OPENSSL_free(pointers); + destructor(value); + return 0; + } + } + + if (pthread_mutex_lock(&g_destructors_lock) != 0) { + destructor(value); + return 0; + } + g_destructors[index] = destructor; + pthread_mutex_unlock(&g_destructors_lock); + + pointers[index] = value; + return 1; +} + +#endif /* !OPENSSL_WINDOWS && !OPENSSL_NO_THREADS */ diff --git a/src/crypto/thread_test.c b/src/crypto/thread_test.c new file mode 100644 index 0000000..cecda88 --- /dev/null +++ b/src/crypto/thread_test.c @@ -0,0 +1,202 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include "internal.h" + +#include + + +#if !defined(OPENSSL_NO_THREADS) + +#if defined(OPENSSL_WINDOWS) + +#pragma warning(push, 3) +#include +#pragma warning(pop) + +typedef HANDLE thread_t; + +static DWORD WINAPI thread_run(LPVOID arg) { + void (*thread_func)(void); + /* VC really doesn't like casting between data and function pointers. */ + memcpy(&thread_func, &arg, sizeof(thread_func)); + thread_func(); + return 0; +} + +static int run_thread(thread_t *out_thread, void (*thread_func)(void)) { + void *arg; + /* VC really doesn't like casting between data and function pointers. */ + memcpy(&arg, &thread_func, sizeof(arg)); + + *out_thread = CreateThread(NULL /* security attributes */, + 0 /* default stack size */, thread_run, arg, + 0 /* run immediately */, NULL /* ignore id */); + return *out_thread != NULL; +} + +static int wait_for_thread(thread_t thread) { + return WaitForSingleObject(thread, INFINITE) == 0; +} + +#else + +#include + +typedef pthread_t thread_t; + +static void *thread_run(void *arg) { + void (*thread_func)(void) = arg; + thread_func(); + return NULL; +} + +static int run_thread(thread_t *out_thread, void (*thread_func)(void)) { + return pthread_create(out_thread, NULL /* default attributes */, thread_run, + thread_func) == 0; +} + +static int wait_for_thread(thread_t thread) { + return pthread_join(thread, NULL) == 0; +} + +#endif /* OPENSSL_WINDOWS */ + +static unsigned g_once_init_called = 0; + +static void once_init(void) { + g_once_init_called++; +} + +static CRYPTO_once_t g_test_once = CRYPTO_ONCE_INIT; + +static void call_once_thread(void) { + CRYPTO_once(&g_test_once, once_init); +} + +static int test_once(void) { + if (g_once_init_called != 0) { + fprintf(stderr, "g_once_init_called was non-zero at start.\n"); + return 0; + } + + thread_t thread; + if (!run_thread(&thread, call_once_thread) || + !wait_for_thread(thread)) { + fprintf(stderr, "thread failed.\n"); + return 0; + } + + CRYPTO_once(&g_test_once, once_init); + + if (g_once_init_called != 1) { + fprintf(stderr, "Expected init function to be called once, but found %u.\n", + g_once_init_called); + return 0; + } + + return 1; +} + + +static int g_test_thread_ok = 0; +static unsigned g_destructor_called_count = 0; + +static void thread_local_destructor(void *arg) { + if (arg == NULL) { + return; + } + + unsigned *count = arg; + (*count)++; +} + +static void thread_local_test_thread(void) { + void *ptr = CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_TEST); + if (ptr != NULL) { + return; + } + + if (!CRYPTO_set_thread_local(OPENSSL_THREAD_LOCAL_TEST, + &g_destructor_called_count, + thread_local_destructor)) { + return; + } + + if (CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_TEST) != + &g_destructor_called_count) { + return; + } + + g_test_thread_ok = 1; +} + +static void thread_local_test2_thread(void) {} + +static int test_thread_local(void) { + void *ptr = CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_TEST); + if (ptr != NULL) { + fprintf(stderr, "Thread-local data was non-NULL at start.\n"); + } + + thread_t thread; + if (!run_thread(&thread, thread_local_test_thread) || + !wait_for_thread(thread)) { + fprintf(stderr, "thread failed.\n"); + return 0; + } + + if (!g_test_thread_ok) { + fprintf(stderr, "Thread-local data didn't work in thread.\n"); + return 0; + } + + if (g_destructor_called_count != 1) { + fprintf(stderr, + "Destructor should have been called once, but actually called %u " + "times.\n", + g_destructor_called_count); + return 0; + } + + /* thread_local_test2_thread doesn't do anything, but it tests that the + * thread destructor function works even if thread-local storage wasn't used + * for a thread. */ + if (!run_thread(&thread, thread_local_test2_thread) || + !wait_for_thread(thread)) { + fprintf(stderr, "thread failed.\n"); + return 0; + } + + return 1; +} + +int main(int argc, char **argv) { + if (!test_once() || + !test_thread_local()) { + return 1; + } + + printf("PASS\n"); + return 0; +} + +#else /* OPENSSL_NO_THREADS */ + +int main(int argc, char **argv) { + printf("PASS\n"); + return 0; +} + +#endif diff --git a/src/crypto/thread_win.c b/src/crypto/thread_win.c new file mode 100644 index 0000000..5efd8be --- /dev/null +++ b/src/crypto/thread_win.c @@ -0,0 +1,282 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include "internal.h" + +#if defined(OPENSSL_WINDOWS) && !defined(OPENSSL_NO_THREADS) + +#pragma warning(push, 3) +#include +#pragma warning(pop) + +#include +#include +#include + +#include +#include + + +OPENSSL_COMPILE_ASSERT(sizeof(CRYPTO_MUTEX) >= sizeof(CRITICAL_SECTION), + CRYPTO_MUTEX_too_small); + +static void run_once(CRYPTO_once_t *in_once, void (*init)(void *), void *arg) { + volatile LONG *once = in_once; + + /* Values must be aligned. */ + assert((((uintptr_t) once) & 3) == 0); + + /* This assumes that reading *once has acquire semantics. This should be true + * on x86 and x86-64, where we expect Windows to run. */ +#if !defined(OPENSSL_X86) && !defined(OPENSSL_X86_64) +#error "Windows once code may not work on other platforms." \ + "You can use InitOnceBeginInitialize on >=Vista" +#endif + if (*once == 1) { + return; + } + + for (;;) { + switch (InterlockedCompareExchange(once, 2, 0)) { + case 0: + /* The value was zero so we are the first thread to call |CRYPTO_once| + * on it. */ + init(arg); + /* Write one to indicate that initialisation is complete. */ + InterlockedExchange(once, 1); + return; + + case 1: + /* Another thread completed initialisation between our fast-path check + * and |InterlockedCompareExchange|. */ + return; + + case 2: + /* Another thread is running the initialisation. Switch to it then try + * again. */ + SwitchToThread(); + break; + + default: + abort(); + } + } +} + +static void call_once_init(void *arg) { + void (*init_func)(void); + /* MSVC does not like casting between data and function pointers. */ + memcpy(&init_func, &arg, sizeof(void *)); + init_func(); +} + +void CRYPTO_once(CRYPTO_once_t *in_once, void (*init)(void)) { + void *arg; + /* MSVC does not like casting between data and function pointers. */ + memcpy(&arg, &init, sizeof(void *)); + run_once(in_once, call_once_init, arg); +} + +void CRYPTO_MUTEX_init(CRYPTO_MUTEX *lock) { + if (!InitializeCriticalSectionAndSpinCount((CRITICAL_SECTION *) lock, 0x400)) { + abort(); + } +} + +void CRYPTO_MUTEX_lock_read(CRYPTO_MUTEX *lock) { + /* Since we have to support Windows XP, read locks are actually exclusive. */ + EnterCriticalSection((CRITICAL_SECTION *) lock); +} + +void CRYPTO_MUTEX_lock_write(CRYPTO_MUTEX *lock) { + EnterCriticalSection((CRITICAL_SECTION *) lock); +} + +void CRYPTO_MUTEX_unlock(CRYPTO_MUTEX *lock) { + LeaveCriticalSection((CRITICAL_SECTION *) lock); +} + +void CRYPTO_MUTEX_cleanup(CRYPTO_MUTEX *lock) { + DeleteCriticalSection((CRITICAL_SECTION *) lock); +} + +static void static_lock_init(void *arg) { + struct CRYPTO_STATIC_MUTEX *lock = arg; + if (!InitializeCriticalSectionAndSpinCount(&lock->lock, 0x400)) { + abort(); + } +} + +void CRYPTO_STATIC_MUTEX_lock_read(struct CRYPTO_STATIC_MUTEX *lock) { + /* Since we have to support Windows XP, read locks are actually exclusive. */ + run_once(&lock->once, static_lock_init, lock); + EnterCriticalSection(&lock->lock); +} + +void CRYPTO_STATIC_MUTEX_lock_write(struct CRYPTO_STATIC_MUTEX *lock) { + CRYPTO_STATIC_MUTEX_lock_read(lock); +} + +void CRYPTO_STATIC_MUTEX_unlock(struct CRYPTO_STATIC_MUTEX *lock) { + LeaveCriticalSection(&lock->lock); +} + +static CRITICAL_SECTION g_destructors_lock; +static thread_local_destructor_t g_destructors[NUM_OPENSSL_THREAD_LOCALS]; + +static CRYPTO_once_t g_thread_local_init_once = CRYPTO_ONCE_INIT; +static DWORD g_thread_local_key; +static int g_thread_local_failed; + +static void thread_local_init(void) { + if (!InitializeCriticalSectionAndSpinCount(&g_destructors_lock, 0x400)) { + g_thread_local_failed = 1; + return; + } + g_thread_local_key = TlsAlloc(); + g_thread_local_failed = (g_thread_local_key == TLS_OUT_OF_INDEXES); +} + +static void NTAPI thread_local_destructor(PVOID module, + DWORD reason, PVOID reserved) { + if (DLL_THREAD_DETACH != reason && DLL_PROCESS_DETACH != reason) { + return; + } + + CRYPTO_once(&g_thread_local_init_once, thread_local_init); + if (g_thread_local_failed) { + return; + } + + void **pointers = (void**) TlsGetValue(g_thread_local_key); + if (pointers == NULL) { + return; + } + + thread_local_destructor_t destructors[NUM_OPENSSL_THREAD_LOCALS]; + + EnterCriticalSection(&g_destructors_lock); + memcpy(destructors, g_destructors, sizeof(destructors)); + LeaveCriticalSection(&g_destructors_lock); + + unsigned i; + for (i = 0; i < NUM_OPENSSL_THREAD_LOCALS; i++) { + if (destructors[i] != NULL) { + destructors[i](pointers[i]); + } + } + + OPENSSL_free(pointers); +} + +/* Thread Termination Callbacks. + * + * Windows doesn't support a per-thread destructor with its TLS primitives. + * So, we build it manually by inserting a function to be called on each + * thread's exit. This magic is from http://www.codeproject.com/threads/tls.asp + * and it works for VC++ 7.0 and later. + * + * Force a reference to _tls_used to make the linker create the TLS directory + * if it's not already there. (E.g. if __declspec(thread) is not used). Force + * a reference to p_thread_callback_boringssl to prevent whole program + * optimization from discarding the variable. */ +#ifdef _WIN64 +#pragma comment(linker, "/INCLUDE:_tls_used") +#pragma comment(linker, "/INCLUDE:p_thread_callback_boringssl") +#else +#pragma comment(linker, "/INCLUDE:__tls_used") +#pragma comment(linker, "/INCLUDE:_p_thread_callback_boringssl") +#endif + +/* .CRT$XLA to .CRT$XLZ is an array of PIMAGE_TLS_CALLBACK pointers that are + * called automatically by the OS loader code (not the CRT) when the module is + * loaded and on thread creation. They are NOT called if the module has been + * loaded by a LoadLibrary() call. It must have implicitly been loaded at + * process startup. + * + * By implicitly loaded, I mean that it is directly referenced by the main EXE + * or by one of its dependent DLLs. Delay-loaded DLL doesn't count as being + * implicitly loaded. + * + * See VC\crt\src\tlssup.c for reference. */ + +/* The linker must not discard p_thread_callback_boringssl. (We force a reference + * to this variable with a linker /INCLUDE:symbol pragma to ensure that.) If + * this variable is discarded, the OnThreadExit function will never be + * called. */ +#ifdef _WIN64 + +/* .CRT section is merged with .rdata on x64 so it must be constant data. */ +#pragma const_seg(".CRT$XLC") +/* When defining a const variable, it must have external linkage to be sure the + * linker doesn't discard it. */ +extern const PIMAGE_TLS_CALLBACK p_thread_callback_boringssl; +const PIMAGE_TLS_CALLBACK p_thread_callback_boringssl = thread_local_destructor; +/* Reset the default section. */ +#pragma const_seg() + +#else + +#pragma data_seg(".CRT$XLC") +PIMAGE_TLS_CALLBACK p_thread_callback_boringssl = thread_local_destructor; +/* Reset the default section. */ +#pragma data_seg() + +#endif /* _WIN64 */ + +void *CRYPTO_get_thread_local(thread_local_data_t index) { + CRYPTO_once(&g_thread_local_init_once, thread_local_init); + if (g_thread_local_failed) { + return NULL; + } + + void **pointers = TlsGetValue(g_thread_local_key); + if (pointers == NULL) { + return NULL; + } + return pointers[index]; +} + +int CRYPTO_set_thread_local(thread_local_data_t index, void *value, + thread_local_destructor_t destructor) { + CRYPTO_once(&g_thread_local_init_once, thread_local_init); + if (g_thread_local_failed) { + destructor(value); + return 0; + } + + void **pointers = TlsGetValue(g_thread_local_key); + if (pointers == NULL) { + pointers = OPENSSL_malloc(sizeof(void *) * NUM_OPENSSL_THREAD_LOCALS); + if (pointers == NULL) { + destructor(value); + return 0; + } + memset(pointers, 0, sizeof(void *) * NUM_OPENSSL_THREAD_LOCALS); + if (TlsSetValue(g_thread_local_key, pointers) == 0) { + OPENSSL_free(pointers); + destructor(value); + return 0; + } + } + + EnterCriticalSection(&g_destructors_lock); + g_destructors[index] = destructor; + LeaveCriticalSection(&g_destructors_lock); + + pointers[index] = value; + return 1; +} + +#endif /* OPENSSL_WINDOWS && !OPENSSL_NO_THREADS */ diff --git a/src/crypto/time_support.c b/src/crypto/time_support.c index 9302ebf..bf9daed 100644 --- a/src/crypto/time_support.c +++ b/src/crypto/time_support.c @@ -67,6 +67,9 @@ #include +#include + + #define SECS_PER_DAY (24 * 60 * 60) struct tm *OPENSSL_gmtime(const time_t *time, struct tm *result) { @@ -135,8 +138,9 @@ static int julian_adj(const struct tm *tm, int off_day, long offset_sec, /* Work out Julian day of new date */ time_jd += offset_day; - if (time_jd < 0) + if (time_jd < 0) { return 0; + } *pday = time_jd; *psec = offset_hms; @@ -148,15 +152,17 @@ int OPENSSL_gmtime_adj(struct tm *tm, int off_day, long offset_sec) { long time_jd; /* Convert time and offset into julian day and seconds */ - if (!julian_adj(tm, off_day, offset_sec, &time_jd, &time_sec)) + if (!julian_adj(tm, off_day, offset_sec, &time_jd, &time_sec)) { return 0; + } /* Convert Julian day back to date */ julian_to_date(time_jd, &time_year, &time_month, &time_day); - if (time_year < 1900 || time_year > 9999) + if (time_year < 1900 || time_year > 9999) { return 0; + } /* Update tm structure */ diff --git a/src/crypto/x509/CMakeLists.txt b/src/crypto/x509/CMakeLists.txt index f00e28a..96cf35c 100644 --- a/src/crypto/x509/CMakeLists.txt +++ b/src/crypto/x509/CMakeLists.txt @@ -22,7 +22,6 @@ add_library( x509_cmp.c x509_d2.c x509_def.c - x509_error.c x509_ext.c x509_lu.c x509_obj.c diff --git a/src/crypto/x509/asn1_gen.c b/src/crypto/x509/asn1_gen.c index 750701e..d4d1ee6 100644 --- a/src/crypto/x509/asn1_gen.c +++ b/src/crypto/x509/asn1_gen.c @@ -64,6 +64,11 @@ #include #include +#include "../internal.h" + + +/* Although this file is in crypto/x509 for layering purposes, it emits errors + * from the ASN.1 module for OpenSSL compatibility. */ #define ASN1_GEN_FLAG 0x10000 #define ASN1_GEN_FLAG_IMP (ASN1_GEN_FLAG|1) @@ -138,6 +143,7 @@ ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf) } ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf) + OPENSSL_SUPPRESS_POTENTIALLY_UNINITIALIZED_WARNINGS { ASN1_TYPE *ret; tag_exp_arg asn1_tags; @@ -165,7 +171,7 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf) { if (!cnf) { - OPENSSL_PUT_ERROR(X509, ASN1_generate_v3, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG); + OPENSSL_PUT_ERROR(ASN1, ASN1_generate_v3, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG); return NULL; } ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf); @@ -308,7 +314,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr) if (utype == -1) { - OPENSSL_PUT_ERROR(X509, asn1_cb, ASN1_R_UNKNOWN_TAG); + OPENSSL_PUT_ERROR(ASN1, asn1_cb, ASN1_R_UNKNOWN_TAG); ERR_add_error_data(2, "tag=", elem); return -1; } @@ -321,7 +327,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr) /* If no value and not end of string, error */ if (!vstart && elem[len]) { - OPENSSL_PUT_ERROR(X509, asn1_cb, ASN1_R_MISSING_VALUE); + OPENSSL_PUT_ERROR(ASN1, asn1_cb, ASN1_R_MISSING_VALUE); return -1; } return 0; @@ -334,7 +340,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr) /* Check for illegal multiple IMPLICIT tagging */ if (arg->imp_tag != -1) { - OPENSSL_PUT_ERROR(X509, asn1_cb, ASN1_R_ILLEGAL_NESTED_TAGGING); + OPENSSL_PUT_ERROR(ASN1, asn1_cb, ASN1_R_ILLEGAL_NESTED_TAGGING); return -1; } if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class)) @@ -370,17 +376,22 @@ static int asn1_cb(const char *elem, int len, void *bitstr) break; case ASN1_GEN_FLAG_FORMAT: + if (!vstart) + { + OPENSSL_PUT_ERROR(ASN1, asn1_cb, ASN1_R_UNKNOWN_FORMAT); + return -1; + } if (!strncmp(vstart, "ASCII", 5)) arg->format = ASN1_GEN_FORMAT_ASCII; else if (!strncmp(vstart, "UTF8", 4)) arg->format = ASN1_GEN_FORMAT_UTF8; else if (!strncmp(vstart, "HEX", 3)) arg->format = ASN1_GEN_FORMAT_HEX; - else if (!strncmp(vstart, "BITLIST", 3)) + else if (!strncmp(vstart, "BITLIST", 7)) arg->format = ASN1_GEN_FORMAT_BITLIST; else { - OPENSSL_PUT_ERROR(X509, asn1_cb, ASN1_R_UNKNOWN_FORMAT); + OPENSSL_PUT_ERROR(ASN1, asn1_cb, ASN1_R_UNKNOWN_FORMAT); return -1; } break; @@ -404,7 +415,7 @@ static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass) return 0; if (tag_num < 0) { - OPENSSL_PUT_ERROR(X509, parse_tagging, ASN1_R_INVALID_NUMBER); + OPENSSL_PUT_ERROR(ASN1, parse_tagging, ASN1_R_INVALID_NUMBER); return 0; } *ptag = tag_num; @@ -437,7 +448,7 @@ static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass) default: erch[0] = *eptr; erch[1] = 0; - OPENSSL_PUT_ERROR(X509, parse_tagging, ASN1_R_INVALID_MODIFIER); + OPENSSL_PUT_ERROR(ASN1, parse_tagging, ASN1_R_INVALID_MODIFIER); ERR_add_error_data(2, "Char=", erch); return 0; break; @@ -523,13 +534,13 @@ static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_cons /* Can only have IMPLICIT if permitted */ if ((arg->imp_tag != -1) && !imp_ok) { - OPENSSL_PUT_ERROR(X509, append_exp, ASN1_R_ILLEGAL_IMPLICIT_TAG); + OPENSSL_PUT_ERROR(ASN1, append_exp, ASN1_R_ILLEGAL_IMPLICIT_TAG); return 0; } if (arg->exp_count == ASN1_FLAG_EXP_MAX) { - OPENSSL_PUT_ERROR(X509, append_exp, ASN1_R_DEPTH_EXCEEDED); + OPENSSL_PUT_ERROR(ASN1, append_exp, ASN1_R_DEPTH_EXCEEDED); return 0; } @@ -647,7 +658,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) if (!(atmp = ASN1_TYPE_new())) { - OPENSSL_PUT_ERROR(X509, asn1_str2type, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ERR_R_MALLOC_FAILURE); return NULL; } @@ -660,7 +671,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) case V_ASN1_NULL: if (str && *str) { - OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_ILLEGAL_NULL_VALUE); + OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_NULL_VALUE); goto bad_form; } break; @@ -668,7 +679,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) case V_ASN1_BOOLEAN: if (format != ASN1_GEN_FORMAT_ASCII) { - OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_NOT_ASCII_FORMAT); + OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_NOT_ASCII_FORMAT); goto bad_form; } vtmp.name = NULL; @@ -676,7 +687,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) vtmp.value = (char *)str; if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean)) { - OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_ILLEGAL_BOOLEAN); + OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_BOOLEAN); goto bad_str; } break; @@ -685,12 +696,12 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) case V_ASN1_ENUMERATED: if (format != ASN1_GEN_FORMAT_ASCII) { - OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_INTEGER_NOT_ASCII_FORMAT); + OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_INTEGER_NOT_ASCII_FORMAT); goto bad_form; } if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str))) { - OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_ILLEGAL_INTEGER); + OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_INTEGER); goto bad_str; } break; @@ -698,12 +709,12 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) case V_ASN1_OBJECT: if (format != ASN1_GEN_FORMAT_ASCII) { - OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_OBJECT_NOT_ASCII_FORMAT); + OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_OBJECT_NOT_ASCII_FORMAT); goto bad_form; } if (!(atmp->value.object = OBJ_txt2obj(str, 0))) { - OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_ILLEGAL_OBJECT); + OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_OBJECT); goto bad_str; } break; @@ -712,23 +723,23 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) case V_ASN1_GENERALIZEDTIME: if (format != ASN1_GEN_FORMAT_ASCII) { - OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_TIME_NOT_ASCII_FORMAT); + OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_TIME_NOT_ASCII_FORMAT); goto bad_form; } if (!(atmp->value.asn1_string = ASN1_STRING_new())) { - OPENSSL_PUT_ERROR(X509, asn1_str2type, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ERR_R_MALLOC_FAILURE); goto bad_str; } if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) { - OPENSSL_PUT_ERROR(X509, asn1_str2type, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ERR_R_MALLOC_FAILURE); goto bad_str; } atmp->value.asn1_string->type = utype; if (!ASN1_TIME_check(atmp->value.asn1_string)) { - OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_ILLEGAL_TIME_VALUE); + OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_TIME_VALUE); goto bad_str; } @@ -750,7 +761,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) format = MBSTRING_UTF8; else { - OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_ILLEGAL_FORMAT); + OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_FORMAT); goto bad_form; } @@ -758,7 +769,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str, -1, format, ASN1_tag2bit(utype)) <= 0) { - OPENSSL_PUT_ERROR(X509, asn1_str2type, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ERR_R_MALLOC_FAILURE); goto bad_str; } @@ -771,7 +782,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) if (!(atmp->value.asn1_string = ASN1_STRING_new())) { - OPENSSL_PUT_ERROR(X509, asn1_str2type, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ERR_R_MALLOC_FAILURE); goto bad_form; } @@ -780,7 +791,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) if (!(rdata = string_to_hex((char *)str, &rdlen))) { - OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_ILLEGAL_HEX); + OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_HEX); goto bad_str; } @@ -795,7 +806,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) { if (!CONF_parse_list(str, ',', 1, bitstr_cb, atmp->value.bit_string)) { - OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_LIST_ERROR); + OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_LIST_ERROR); goto bad_str; } no_unused = 0; @@ -803,7 +814,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) } else { - OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_ILLEGAL_BITSTRING_FORMAT); + OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_BITSTRING_FORMAT); goto bad_form; } @@ -819,7 +830,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) break; default: - OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_UNSUPPORTED_TYPE); + OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_UNSUPPORTED_TYPE); goto bad_str; break; } @@ -849,12 +860,12 @@ static int bitstr_cb(const char *elem, int len, void *bitstr) return 0; if (bitnum < 0) { - OPENSSL_PUT_ERROR(X509, bitstr_cb, ASN1_R_INVALID_NUMBER); + OPENSSL_PUT_ERROR(ASN1, bitstr_cb, ASN1_R_INVALID_NUMBER); return 0; } if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1)) { - OPENSSL_PUT_ERROR(X509, bitstr_cb, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, bitstr_cb, ERR_R_MALLOC_FAILURE); return 0; } return 1; diff --git a/src/crypto/x509/by_dir.c b/src/crypto/x509/by_dir.c index 5a77b81..098c1bd 100644 --- a/src/crypto/x509/by_dir.c +++ b/src/crypto/x509/by_dir.c @@ -63,6 +63,7 @@ #include #include #include +#include #include @@ -442,6 +443,12 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, if (!hent) { hent = OPENSSL_malloc(sizeof(BY_DIR_HASH)); + if (hent == NULL) + { + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + ok = 0; + goto finish; + } hent->hash = h; hent->suffix = k; if (!sk_BY_DIR_HASH_push(ent->hashes, hent)) diff --git a/src/crypto/x509/by_file.c b/src/crypto/x509/by_file.c index 2649631..2fdbce4 100644 --- a/src/crypto/x509/by_file.c +++ b/src/crypto/x509/by_file.c @@ -55,11 +55,14 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +#include + #include #include #include #include -#include +#include + #ifndef OPENSSL_NO_STDIO diff --git a/src/crypto/x509/i2d_pr.c b/src/crypto/x509/i2d_pr.c index 8896565..443ca53 100644 --- a/src/crypto/x509/i2d_pr.c +++ b/src/crypto/x509/i2d_pr.c @@ -57,8 +57,7 @@ #include -#include - +#include #include #include @@ -77,7 +76,9 @@ int i2d_PrivateKey(const EVP_PKEY *a, unsigned char **pp) PKCS8_PRIV_KEY_INFO_free(p8); return ret; } - OPENSSL_PUT_ERROR(X509, i2d_PrivateKey, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); + /* Although this file is in crypto/x509 for layering reasons, it emits + * an error code from ASN1 for OpenSSL compatibility. */ + OPENSSL_PUT_ERROR(ASN1, i2d_PrivateKey, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); return -1; } diff --git a/src/crypto/x509/pkcs7.c b/src/crypto/x509/pkcs7.c index bb86077..99ee3da 100644 --- a/src/crypto/x509/pkcs7.c +++ b/src/crypto/x509/pkcs7.c @@ -18,6 +18,7 @@ #include #include +#include #include #include #include diff --git a/src/crypto/x509/pkcs7_test.c b/src/crypto/x509/pkcs7_test.c index bac9fb2..38beb3e 100644 --- a/src/crypto/x509/pkcs7_test.c +++ b/src/crypto/x509/pkcs7_test.c @@ -18,6 +18,7 @@ #include #include +#include #include #include diff --git a/src/crypto/x509/vpm_int.h b/src/crypto/x509/vpm_int.h index d18a4d4..9edbd5a 100644 --- a/src/crypto/x509/vpm_int.h +++ b/src/crypto/x509/vpm_int.h @@ -60,10 +60,10 @@ struct X509_VERIFY_PARAM_ID_st { - unsigned char *host; /* If not NULL hostname to match */ - size_t hostlen; + STACK_OF(OPENSSL_STRING) *hosts; /* Set of acceptable names */ unsigned int hostflags; /* Flags to control matching features */ - unsigned char *email; /* If not NULL email address to match */ + char *peername; /* Matching hostname in peer certificate */ + char *email; /* If not NULL email address to match */ size_t emaillen; unsigned char *ip; /* If not NULL IP address to match */ size_t iplen; /* Length of IP address */ diff --git a/src/crypto/x509/x509_att.c b/src/crypto/x509/x509_att.c index 3613c35..90e7810 100644 --- a/src/crypto/x509/x509_att.c +++ b/src/crypto/x509/x509_att.c @@ -273,7 +273,7 @@ int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj) return(0); ASN1_OBJECT_free(attr->object); attr->object=OBJ_dup(obj); - return(1); + return attr->object != NULL; } int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len) diff --git a/src/crypto/x509/x509_error.c b/src/crypto/x509/x509_error.c deleted file mode 100644 index 6669a7a..0000000 --- a/src/crypto/x509/x509_error.c +++ /dev/null @@ -1,128 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#include - -#include - -const ERR_STRING_DATA X509_error_string_data[] = { - {ERR_PACK(ERR_LIB_X509, X509_F_ASN1_digest, 0), "ASN1_digest"}, - {ERR_PACK(ERR_LIB_X509, X509_F_ASN1_generate_v3, 0), "ASN1_generate_v3"}, - {ERR_PACK(ERR_LIB_X509, X509_F_ASN1_item_sign_ctx, 0), "ASN1_item_sign_ctx"}, - {ERR_PACK(ERR_LIB_X509, X509_F_ASN1_item_verify, 0), "ASN1_item_verify"}, - {ERR_PACK(ERR_LIB_X509, X509_F_ASN1_sign, 0), "ASN1_sign"}, - {ERR_PACK(ERR_LIB_X509, X509_F_NETSCAPE_SPKI_b64_decode, 0), "NETSCAPE_SPKI_b64_decode"}, - {ERR_PACK(ERR_LIB_X509, X509_F_NETSCAPE_SPKI_b64_encode, 0), "NETSCAPE_SPKI_b64_encode"}, - {ERR_PACK(ERR_LIB_X509, X509_F_PKCS7_get_CRLs, 0), "PKCS7_get_CRLs"}, - {ERR_PACK(ERR_LIB_X509, X509_F_PKCS7_get_certificates, 0), "PKCS7_get_certificates"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_create_by_NID, 0), "X509_ATTRIBUTE_create_by_NID"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_create_by_OBJ, 0), "X509_ATTRIBUTE_create_by_OBJ"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_create_by_txt, 0), "X509_ATTRIBUTE_create_by_txt"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_get0_data, 0), "X509_ATTRIBUTE_get0_data"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_set1_data, 0), "X509_ATTRIBUTE_set1_data"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_CRL_add0_revoked, 0), "X509_CRL_add0_revoked"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_CRL_diff, 0), "X509_CRL_diff"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_CRL_print_fp, 0), "X509_CRL_print_fp"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_EXTENSION_create_by_NID, 0), "X509_EXTENSION_create_by_NID"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_EXTENSION_create_by_OBJ, 0), "X509_EXTENSION_create_by_OBJ"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_INFO_new, 0), "X509_INFO_new"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ENTRY_create_by_NID, 0), "X509_NAME_ENTRY_create_by_NID"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ENTRY_create_by_txt, 0), "X509_NAME_ENTRY_create_by_txt"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ENTRY_set_object, 0), "X509_NAME_ENTRY_set_object"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_add_entry, 0), "X509_NAME_add_entry"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_oneline, 0), "X509_NAME_oneline"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_print, 0), "X509_NAME_print"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_PKEY_new, 0), "X509_PKEY_new"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_get, 0), "X509_PUBKEY_get"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_set, 0), "X509_PUBKEY_set"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_check_private_key, 0), "X509_REQ_check_private_key"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_to_X509, 0), "X509_REQ_to_X509"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_get1_issuer, 0), "X509_STORE_CTX_get1_issuer"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_init, 0), "X509_STORE_CTX_init"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_new, 0), "X509_STORE_CTX_new"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_purpose_inherit, 0), "X509_STORE_CTX_purpose_inherit"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_add_cert, 0), "X509_STORE_add_cert"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_add_crl, 0), "X509_STORE_add_crl"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_TRUST_add, 0), "X509_TRUST_add"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_TRUST_set, 0), "X509_TRUST_set"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_check_private_key, 0), "X509_check_private_key"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_get_pubkey_parameters, 0), "X509_get_pubkey_parameters"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_load_cert_crl_file, 0), "X509_load_cert_crl_file"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_load_cert_file, 0), "X509_load_cert_file"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_load_crl_file, 0), "X509_load_crl_file"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_print_ex_fp, 0), "X509_print_ex_fp"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_to_X509_REQ, 0), "X509_to_X509_REQ"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_verify_cert, 0), "X509_verify_cert"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509at_add1_attr, 0), "X509at_add1_attr"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509v3_add_ext, 0), "X509v3_add_ext"}, - {ERR_PACK(ERR_LIB_X509, X509_F_add_cert_dir, 0), "add_cert_dir"}, - {ERR_PACK(ERR_LIB_X509, X509_F_append_exp, 0), "append_exp"}, - {ERR_PACK(ERR_LIB_X509, X509_F_asn1_cb, 0), "asn1_cb"}, - {ERR_PACK(ERR_LIB_X509, X509_F_asn1_str2type, 0), "asn1_str2type"}, - {ERR_PACK(ERR_LIB_X509, X509_F_bitstr_cb, 0), "bitstr_cb"}, - {ERR_PACK(ERR_LIB_X509, X509_F_by_file_ctrl, 0), "by_file_ctrl"}, - {ERR_PACK(ERR_LIB_X509, X509_F_check_policy, 0), "check_policy"}, - {ERR_PACK(ERR_LIB_X509, X509_F_d2i_X509_PKEY, 0), "d2i_X509_PKEY"}, - {ERR_PACK(ERR_LIB_X509, X509_F_dir_ctrl, 0), "dir_ctrl"}, - {ERR_PACK(ERR_LIB_X509, X509_F_get_cert_by_subject, 0), "get_cert_by_subject"}, - {ERR_PACK(ERR_LIB_X509, X509_F_i2d_DSA_PUBKEY, 0), "i2d_DSA_PUBKEY"}, - {ERR_PACK(ERR_LIB_X509, X509_F_i2d_EC_PUBKEY, 0), "i2d_EC_PUBKEY"}, - {ERR_PACK(ERR_LIB_X509, X509_F_i2d_PrivateKey, 0), "i2d_PrivateKey"}, - {ERR_PACK(ERR_LIB_X509, X509_F_i2d_RSA_PUBKEY, 0), "i2d_RSA_PUBKEY"}, - {ERR_PACK(ERR_LIB_X509, X509_F_parse_tagging, 0), "parse_tagging"}, - {ERR_PACK(ERR_LIB_X509, X509_F_pkcs7_parse_header, 0), "pkcs7_parse_header"}, - {ERR_PACK(ERR_LIB_X509, X509_F_x509_name_encode, 0), "x509_name_encode"}, - {ERR_PACK(ERR_LIB_X509, X509_F_x509_name_ex_d2i, 0), "x509_name_ex_d2i"}, - {ERR_PACK(ERR_LIB_X509, X509_F_x509_name_ex_new, 0), "x509_name_ex_new"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_AKID_MISMATCH), "AKID_MISMATCH"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_BAD_PKCS7_VERSION), "BAD_PKCS7_VERSION"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_BAD_X509_FILETYPE), "BAD_X509_FILETYPE"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_BASE64_DECODE_ERROR), "BASE64_DECODE_ERROR"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_CANT_CHECK_DH_KEY), "CANT_CHECK_DH_KEY"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_CERT_ALREADY_IN_HASH_TABLE), "CERT_ALREADY_IN_HASH_TABLE"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_CONTEXT_NOT_INITIALISED), "CONTEXT_NOT_INITIALISED"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_CRL_ALREADY_DELTA), "CRL_ALREADY_DELTA"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_CRL_VERIFY_FAILURE), "CRL_VERIFY_FAILURE"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_ERR_ASN1_LIB), "ERR_ASN1_LIB"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_IDP_MISMATCH), "IDP_MISMATCH"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_BIT_STRING_BITS_LEFT), "INVALID_BIT_STRING_BITS_LEFT"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_DIRECTORY), "INVALID_DIRECTORY"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_FIELD_NAME), "INVALID_FIELD_NAME"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_TRUST), "INVALID_TRUST"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_ISSUER_MISMATCH), "ISSUER_MISMATCH"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_KEY_TYPE_MISMATCH), "KEY_TYPE_MISMATCH"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_KEY_VALUES_MISMATCH), "KEY_VALUES_MISMATCH"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_LOADING_CERT_DIR), "LOADING_CERT_DIR"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_LOADING_DEFAULTS), "LOADING_DEFAULTS"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_METHOD_NOT_SUPPORTED), "METHOD_NOT_SUPPORTED"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_NEWER_CRL_NOT_NEWER), "NEWER_CRL_NOT_NEWER"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_NOT_PKCS7_SIGNED_DATA), "NOT_PKCS7_SIGNED_DATA"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CERTIFICATES_INCLUDED), "NO_CERTIFICATES_INCLUDED"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY), "NO_CERT_SET_FOR_US_TO_VERIFY"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CRLS_INCLUDED), "NO_CRLS_INCLUDED"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CRL_NUMBER), "NO_CRL_NUMBER"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_PUBLIC_KEY_DECODE_ERROR), "PUBLIC_KEY_DECODE_ERROR"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_PUBLIC_KEY_ENCODE_ERROR), "PUBLIC_KEY_ENCODE_ERROR"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_SHOULD_RETRY), "SHOULD_RETRY"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN), "UNABLE_TO_FIND_PARAMETERS_IN_CHAIN"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY), "UNABLE_TO_GET_CERTS_PUBLIC_KEY"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_KEY_TYPE), "UNKNOWN_KEY_TYPE"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_NID), "UNKNOWN_NID"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_PURPOSE_ID), "UNKNOWN_PURPOSE_ID"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_TRUST_ID), "UNKNOWN_TRUST_ID"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNSUPPORTED_ALGORITHM), "UNSUPPORTED_ALGORITHM"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_WRONG_LOOKUP_TYPE), "WRONG_LOOKUP_TYPE"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_WRONG_TYPE), "WRONG_TYPE"}, - {0, NULL}, -}; diff --git a/src/crypto/x509/x509_lu.c b/src/crypto/x509/x509_lu.c index 090d341..34ef26e 100644 --- a/src/crypto/x509/x509_lu.c +++ b/src/crypto/x509/x509_lu.c @@ -60,6 +60,7 @@ #include #include #include +#include #include #include @@ -191,9 +192,6 @@ X509_STORE *X509_STORE_new(void) if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) goto err; - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) - goto err; - ret->references = 1; return ret; err: @@ -261,7 +259,6 @@ void X509_STORE_free(X509_STORE *vfy) sk_X509_LOOKUP_free(sk); sk_X509_OBJECT_pop_free(vfy->objs, cleanup); - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data); if (vfy->param) X509_VERIFY_PARAM_free(vfy->param); OPENSSL_free(vfy); diff --git a/src/crypto/x509/x509_req.c b/src/crypto/x509/x509_req.c index daaedb6..2732d6e 100644 --- a/src/crypto/x509/x509_req.c +++ b/src/crypto/x509/x509_req.c @@ -92,6 +92,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) goto err; pktmp = X509_get_pubkey(x); + if (pktmp == NULL) + goto err; i=X509_REQ_set_pubkey(ret,pktmp); EVP_PKEY_free(pktmp); if (!i) goto err; diff --git a/src/crypto/x509/x509_v3.c b/src/crypto/x509/x509_v3.c index 95fe729..0fc9a9a 100644 --- a/src/crypto/x509/x509_v3.c +++ b/src/crypto/x509/x509_v3.c @@ -231,7 +231,7 @@ int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj) return(0); ASN1_OBJECT_free(ex->object); ex->object=OBJ_dup(obj); - return(1); + return ex->object != NULL; } int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit) diff --git a/src/crypto/x509/x509_vfy.c b/src/crypto/x509/x509_vfy.c index 285bcaf..a0cd9fc 100644 --- a/src/crypto/x509/x509_vfy.c +++ b/src/crypto/x509/x509_vfy.c @@ -64,10 +64,15 @@ #include #include #include +#include #include #include #include "vpm_int.h" +#include "../internal.h" + + +static CRYPTO_EX_DATA_CLASS g_ex_data_class = CRYPTO_EX_DATA_CLASS_INIT; /* CRL score values */ @@ -410,9 +415,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx) if (!ok) goto end; - /* We may as well copy down any DSA parameters that are required */ - X509_get_pubkey_parameters(NULL,ctx->chain); - /* Check revocation status: we do this after copying parameters * because they may be needed for CRL signature verification. */ @@ -441,12 +443,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx) /* If we get this far evaluate policies */ if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)) ok = ctx->check_policy(ctx); - if(!ok) goto end; - if (0) - { + end: - X509_get_pubkey_parameters(NULL,ctx->chain); - } if (sktmp != NULL) sk_X509_free(sktmp); if (chain_ss != NULL) X509_free(chain_ss); return ok; @@ -704,23 +702,38 @@ static int check_id_error(X509_STORE_CTX *ctx, int errcode) return ctx->verify_cb(0, ctx); } +static int check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id) + { + size_t i; + size_t n = sk_OPENSSL_STRING_num(id->hosts); + char *name; + + for (i = 0; i < n; ++i) + { + name = sk_OPENSSL_STRING_value(id->hosts, i); + if (X509_check_host(x, name, strlen(name), id->hostflags, + &id->peername) > 0) + return 1; + } + return n == 0; + } + static int check_id(X509_STORE_CTX *ctx) { X509_VERIFY_PARAM *vpm = ctx->param; X509_VERIFY_PARAM_ID *id = vpm->id; X509 *x = ctx->cert; - if (id->host && !X509_check_host(x, id->host, id->hostlen, - id->hostflags)) + if (id->hosts && check_hosts(x, id) <= 0) { if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH)) return 0; } - if (id->email && !X509_check_email(x, id->email, id->emaillen, 0)) + if (id->email && X509_check_email(x, id->email, id->emaillen, 0) <= 0) { if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH)) return 0; } - if (id->ip && !X509_check_ip(x, id->ip, id->iplen, 0)) + if (id->ip && X509_check_ip(x, id->ip, id->iplen, 0) <= 0) { if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH)) return 0; @@ -805,6 +818,7 @@ static int check_revocation(X509_STORE_CTX *ctx) } static int check_cert(X509_STORE_CTX *ctx) + OPENSSL_SUPPRESS_POTENTIALLY_UNINITIALIZED_WARNINGS { X509_CRL *crl = NULL, *dcrl = NULL; X509 *x; @@ -1917,48 +1931,6 @@ ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s, return ASN1_TIME_adj(s, t, offset_day, offset_sec); } -int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) - { - EVP_PKEY *ktmp=NULL,*ktmp2; - size_t i,j; - - if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return 1; - - for (i=0; icert=x509; ctx->untrusted=chain; - if(!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, + if(!CRYPTO_new_ex_data(&g_ex_data_class, ctx, &ctx->ex_data)) { goto err; @@ -2346,7 +2323,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, err: if (ex_data_allocated) { - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &ctx->ex_data); + CRYPTO_free_ex_data(&g_ex_data_class, ctx, &ctx->ex_data); } if (ctx->param != NULL) { @@ -2387,7 +2364,7 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) sk_X509_pop_free(ctx->chain,X509_free); ctx->chain=NULL; } - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data)); + CRYPTO_free_ex_data(&g_ex_data_class, ctx, &(ctx->ex_data)); memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA)); } diff --git a/src/crypto/x509/x509_vpm.c b/src/crypto/x509/x509_vpm.c index 3daaf61..8c8f98e 100644 --- a/src/crypto/x509/x509_vpm.c +++ b/src/crypto/x509/x509_vpm.c @@ -58,6 +58,7 @@ #include #include #include +#include #include #include @@ -66,6 +67,59 @@ /* X509_VERIFY_PARAM functions */ +#define SET_HOST 0 +#define ADD_HOST 1 + +static char *str_copy(char *s) { return OPENSSL_strdup(s); } +static void str_free(char *s) { OPENSSL_free(s); } + +#define string_stack_free(sk) sk_OPENSSL_STRING_pop_free(sk, str_free) + +static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode, + const char *name, size_t namelen) + { + char *copy; + + /* + * Refuse names with embedded NUL bytes. + * XXX: Do we need to push an error onto the error stack? + */ + if (name && memchr(name, '\0', namelen)) + return 0; + + if (mode == SET_HOST && id->hosts) + { + string_stack_free(id->hosts); + id->hosts = NULL; + } + if (name == NULL || namelen == 0) + return 1; + + copy = BUF_strndup(name, namelen); + if (copy == NULL) + return 0; + + if (id->hosts == NULL && + (id->hosts = sk_OPENSSL_STRING_new_null()) == NULL) + { + OPENSSL_free(copy); + return 0; + } + + if (!sk_OPENSSL_STRING_push(id->hosts, copy)) + { + OPENSSL_free(copy); + if (sk_OPENSSL_STRING_num(id->hosts) == 0) + { + sk_OPENSSL_STRING_free(id->hosts); + id->hosts = NULL; + } + return 0; + } + + return 1; + } + static void x509_verify_param_zero(X509_VERIFY_PARAM *param) { X509_VERIFY_PARAM_ID *paramid; @@ -84,11 +138,15 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param) param->policies = NULL; } paramid = param->id; - if (paramid->host) + if (paramid->hosts) { - OPENSSL_free(paramid->host); - paramid->host = NULL; - paramid->hostlen = 0; + string_stack_free(paramid->hosts); + paramid->hosts = NULL; + } + if (paramid->peername) + { + OPENSSL_free(paramid->peername); + paramid->peername = NULL; } if (paramid->email) { @@ -127,6 +185,8 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) { + if (param == NULL) + return; x509_verify_param_zero(param); OPENSSL_free(param->id); OPENSSL_free(param); @@ -232,11 +292,23 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, return 0; } - if (test_x509_verify_param_copy_id(host, NULL)) + /* Copy the host flags if and only if we're copying the host list */ + if (test_x509_verify_param_copy_id(hosts, NULL)) { - if (!X509_VERIFY_PARAM_set1_host(dest, id->host, id->hostlen)) - return 0; - dest->id->hostflags = id->hostflags; + if (dest->id->hosts) + { + string_stack_free(dest->id->hosts); + dest->id->hosts = NULL; + } + if (id->hosts) + { + dest->id->hosts = + sk_OPENSSL_STRING_deep_copy(id->hosts, + str_copy, str_free); + if (dest->id->hosts == NULL) + return 0; + dest->id->hostflags = id->hostflags; + } } if (test_x509_verify_param_copy_id(email, NULL)) @@ -265,16 +337,16 @@ int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, return ret; } -static int int_x509_param_set1(unsigned char **pdest, size_t *pdestlen, - const unsigned char *src, size_t srclen) +static int int_x509_param_set1(char **pdest, size_t *pdestlen, + const char *src, size_t srclen) { void *tmp; if (src) { if (srclen == 0) { - tmp = BUF_strdup((char *)src); - srclen = strlen((char *)src); + tmp = BUF_strdup(src); + srclen = strlen(src); } else tmp = BUF_memdup(src, srclen); @@ -394,10 +466,15 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, } int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, - const unsigned char *name, size_t namelen) + const char *name, size_t namelen) + { + return int_x509_param_set_hosts(param->id, SET_HOST, name, namelen); + } + +int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, + const char *name, size_t namelen) { - return int_x509_param_set1(¶m->id->host, ¶m->id->hostlen, - name, namelen); + return int_x509_param_set_hosts(param->id, ADD_HOST, name, namelen); } void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, @@ -406,8 +483,13 @@ void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, param->id->hostflags = flags; } +char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param) + { + return param->id->peername; + } + int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, - const unsigned char *email, size_t emaillen) + const char *email, size_t emaillen) { return int_x509_param_set1(¶m->id->email, ¶m->id->emaillen, email, emaillen); @@ -418,17 +500,19 @@ int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, { if (iplen != 0 && iplen != 4 && iplen != 16) return 0; - return int_x509_param_set1(¶m->id->ip, ¶m->id->iplen, ip, iplen); + return int_x509_param_set1((char **)¶m->id->ip, ¶m->id->iplen, + (char *)ip, iplen); } int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc) { unsigned char ipout[16]; - int iplen; - iplen = a2i_ipadd(ipout, ipasc); + size_t iplen; + + iplen = (size_t) a2i_ipadd(ipout, ipasc); if (iplen == 0) return 0; - return X509_VERIFY_PARAM_set1_ip(param, ipout, (size_t)iplen); + return X509_VERIFY_PARAM_set1_ip(param, ipout, iplen); } int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param) @@ -441,7 +525,7 @@ const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param) return param->name; } -static const X509_VERIFY_PARAM_ID _empty_id = {NULL, 0, 0U, NULL, 0, NULL, 0}; +static const X509_VERIFY_PARAM_ID _empty_id = {NULL, 0U, NULL, NULL, 0, NULL, 0}; #define vpm_empty_id (X509_VERIFY_PARAM_ID *)&_empty_id diff --git a/src/crypto/x509/x_crl.c b/src/crypto/x509/x_crl.c index bb23b57..aa92fa9 100644 --- a/src/crypto/x509/x_crl.c +++ b/src/crypto/x509/x_crl.c @@ -61,6 +61,7 @@ #include #include #include +#include #include #include diff --git a/src/crypto/x509/x_info.c b/src/crypto/x509/x_info.c index 8047c71..6807b24 100644 --- a/src/crypto/x509/x_info.c +++ b/src/crypto/x509/x_info.c @@ -59,6 +59,7 @@ #include #include #include +#include X509_INFO *X509_INFO_new(void) diff --git a/src/crypto/x509/x_name.c b/src/crypto/x509/x_name.c index 211f68f..5cfb3ae 100644 --- a/src/crypto/x509/x_name.c +++ b/src/crypto/x509/x_name.c @@ -175,6 +175,16 @@ static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) *pval = NULL; } +static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne) +{ + sk_X509_NAME_ENTRY_free(ne); +} + +static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne) +{ + sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free); +} + static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx) @@ -197,9 +207,14 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, if(ret <= 0) return ret; if(*val) x509_name_ex_free(val, NULL); - if(!x509_name_ex_new(&nm.a, NULL)) goto err; /* We've decoded it: now cache encoding */ - if(!BUF_MEM_grow(nm.x->bytes, p - q)) goto err; + if (!x509_name_ex_new(&nm.a, NULL) || + !BUF_MEM_grow(nm.x->bytes, p - q)) + { + sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, + local_sk_X509_NAME_ENTRY_pop_free); + goto err; + } memcpy(nm.x->bytes->data, q, p - q); /* Convert internal representation to X509_NAME structure */ @@ -248,16 +263,6 @@ static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_IT return ret; } -static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne) - { - sk_X509_NAME_ENTRY_free(ne); - } - -static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne) - { - sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free); - } - static int x509_name_encode(X509_NAME *a) { union { STACK_OF(STACK_OF_X509_NAME_ENTRY) *s; diff --git a/src/crypto/x509/x_pkey.c b/src/crypto/x509/x_pkey.c index 550078b..5acbe5b 100644 --- a/src/crypto/x509/x_pkey.c +++ b/src/crypto/x509/x_pkey.c @@ -59,8 +59,9 @@ #include #include -#include #include +#include +#include X509_PKEY *X509_PKEY_new(void) diff --git a/src/crypto/x509/x_pubkey.c b/src/crypto/x509/x_pubkey.c index c285aa6..d6512ae 100644 --- a/src/crypto/x509/x_pubkey.c +++ b/src/crypto/x509/x_pubkey.c @@ -60,6 +60,7 @@ #include #include #include +#include #include #include "../evp/internal.h" @@ -133,7 +134,7 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) if (key->pkey != NULL) { - return EVP_PKEY_dup(key->pkey); + return EVP_PKEY_up_ref(key->pkey); } if (key->public_key == NULL) goto error; @@ -178,7 +179,7 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); } - return EVP_PKEY_dup(ret); + return EVP_PKEY_up_ref(ret); error: if (ret != NULL) diff --git a/src/crypto/x509/x_x509.c b/src/crypto/x509/x_x509.c index 5cda3c7..234494d 100644 --- a/src/crypto/x509/x_x509.c +++ b/src/crypto/x509/x_x509.c @@ -65,6 +65,10 @@ #include #include +#include "../internal.h" + + +static CRYPTO_EX_DATA_CLASS g_ex_data_class = CRYPTO_EX_DATA_CLASS_INIT; ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = { ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0), @@ -100,7 +104,7 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, ret->akid = NULL; ret->aux = NULL; ret->crldp = NULL; - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); + CRYPTO_new_ex_data(&g_ex_data_class, ret, &ret->ex_data); break; case ASN1_OP_D2I_POST: @@ -109,7 +113,7 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, break; case ASN1_OP_FREE_POST: - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); + CRYPTO_free_ex_data(&g_ex_data_class, ret, &ret->ex_data); X509_CERT_AUX_free(ret->aux); ASN1_OCTET_STRING_free(ret->skid); AUTHORITY_KEYID_free(ret->akid); @@ -145,8 +149,13 @@ X509 *X509_up_ref(X509 *x) int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp, - new_func, dup_func, free_func); + int index; + if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp, + new_func, dup_func, free_func)) + { + return -1; + } + return index; } int X509_set_ex_data(X509 *r, int idx, void *arg) @@ -171,8 +180,13 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) { const unsigned char *q; X509 *ret; + int freeret = 0; + /* Save start position */ q = *pp; + + if (!a || *a == NULL) + freeret = 1; ret = d2i_X509(a, pp, length); /* If certificate unreadable then forget it */ if(!ret) return NULL; @@ -182,7 +196,12 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) if(!d2i_X509_CERT_AUX(&ret->aux, pp, length)) goto err; return ret; err: - X509_free(ret); + if (freeret) + { + X509_free(ret); + if (a) + *a = NULL; + } return NULL; } diff --git a/src/crypto/x509v3/CMakeLists.txt b/src/crypto/x509v3/CMakeLists.txt index 26de0ed..ffa5a4a 100644 --- a/src/crypto/x509v3/CMakeLists.txt +++ b/src/crypto/x509v3/CMakeLists.txt @@ -41,7 +41,6 @@ add_library( v3_skey.c v3_sxnet.c v3_utl.c - x509v3_error.c ) add_executable( @@ -50,11 +49,12 @@ add_executable( v3nametest.c ) +target_link_libraries(v3name_test crypto) + add_executable( tab_test tabtest.c ) -target_link_libraries(v3name_test crypto) target_link_libraries(tab_test crypto) diff --git a/src/crypto/x509v3/tabtest.c b/src/crypto/x509v3/tabtest.c index 26ecc6c..6b97e91 100644 --- a/src/crypto/x509v3/tabtest.c +++ b/src/crypto/x509v3/tabtest.c @@ -62,13 +62,17 @@ #include +#include #include #include +#if !defined(BORINGSSL_SHARED_LIBRARY) #include "ext_dat.h" +#endif int main(void) { +#if !defined(BORINGSSL_SHARED_LIBRARY) int i, prev = -1, bad = 0; const X509V3_EXT_METHOD *const *tmp; CRYPTO_library_init(); @@ -91,4 +95,9 @@ int main(void) printf("PASS\n"); return 0; } +#else + /* TODO(davidben): Fix this test in the shared library build. */ + printf("PASS\n"); + return 0; +#endif } diff --git a/src/crypto/x509v3/v3_alt.c b/src/crypto/x509v3/v3_alt.c index 113cf45..f547316 100644 --- a/src/crypto/x509v3/v3_alt.c +++ b/src/crypto/x509v3/v3_alt.c @@ -583,6 +583,8 @@ static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) return 0; objlen = p - value; objtmp = OPENSSL_malloc(objlen + 1); + if (objtmp == NULL) + return 0; strncpy(objtmp, value, objlen); objtmp[objlen] = 0; gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0); diff --git a/src/crypto/x509v3/v3_conf.c b/src/crypto/x509v3/v3_conf.c index 7606ac1..cb6569f 100644 --- a/src/crypto/x509v3/v3_conf.c +++ b/src/crypto/x509v3/v3_conf.c @@ -67,6 +67,8 @@ #include #include +#include "../internal.h" + static int v3_check_critical(char **value); static int v3_check_generic(char **value); @@ -260,6 +262,7 @@ static int v3_check_generic(char **value) static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int gen_type, X509V3_CTX *ctx) + OPENSSL_SUPPRESS_POTENTIALLY_UNINITIALIZED_WARNINGS { unsigned char *ext_der=NULL; long ext_len; @@ -454,76 +457,3 @@ void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req, ctx->flags = flags; } -/* TODO(fork): remove */ -#if 0 -/* Old conf compatibility functions */ - -X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - char *name, char *value) - { - CONF ctmp; - CONF_set_nconf(&ctmp, conf); - return X509V3_EXT_nconf(&ctmp, ctx, name, value); - } - -/* LHASH *conf: Config file */ -/* char *value: Value */ -X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - int ext_nid, char *value) - { - CONF ctmp; - CONF_set_nconf(&ctmp, conf); - return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value); - } - -static char *conf_lhash_get_string(void *db, char *section, char *value) - { - return CONF_get_string(db, section, value); - } - -static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section) - { - return CONF_get_section(db, section); - } - -static const X509V3_CONF_METHOD conf_lhash_method = { -conf_lhash_get_string, -conf_lhash_get_section, -NULL, -NULL -}; - -void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash) - { - ctx->db_meth = &conf_lhash_method; - ctx->db = lhash; - } - -int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - char *section, X509 *cert) - { - CONF ctmp; - CONF_set_nconf(&ctmp, conf); - return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert); - } - -/* Same as above but for a CRL */ - -int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - char *section, X509_CRL *crl) - { - CONF ctmp; - CONF_set_nconf(&ctmp, conf); - return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl); - } - -/* Add extensions to certificate request */ - -int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - char *section, X509_REQ *req) - { - CONF ctmp; - CONF_set_nconf(&ctmp, conf); - return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req); - } -#endif diff --git a/src/crypto/x509v3/v3_cpols.c b/src/crypto/x509v3/v3_cpols.c index d5a8c3c..cbe596b 100644 --- a/src/crypto/x509v3/v3_cpols.c +++ b/src/crypto/x509v3/v3_cpols.c @@ -228,7 +228,14 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, goto merr; /* TODO(fork): const correctness */ qual->pqualid = (ASN1_OBJECT*) OBJ_nid2obj(NID_id_qt_cps); + if (qual->pqualid == NULL) { + OPENSSL_PUT_ERROR(X509V3, policy_section, ERR_R_INTERNAL_ERROR); + goto err; + } qual->d.cpsuri = M_ASN1_IA5STRING_new(); + if (qual->d.cpsuri == NULL) { + goto err; + } if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value, strlen(cnf->value))) goto merr; } else if(!name_cmp(cnf->name, "userNotice")) { @@ -287,12 +294,19 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, if(!(qual = POLICYQUALINFO_new())) goto merr; /* TODO(fork): const correctness */ qual->pqualid = (ASN1_OBJECT *) OBJ_nid2obj(NID_id_qt_unotice); + if (qual->pqualid == NULL) + { + OPENSSL_PUT_ERROR(X509V3, notice_section, ERR_R_INTERNAL_ERROR); + goto err; + } if(!(not = USERNOTICE_new())) goto merr; qual->d.usernotice = not; for(i = 0; i < sk_CONF_VALUE_num(unot); i++) { cnf = sk_CONF_VALUE_value(unot, i); if(!strcmp(cnf->name, "explicitText")) { not->exptext = M_ASN1_VISIBLESTRING_new(); + if (not->exptext == NULL) + goto merr; if(!ASN1_STRING_set(not->exptext, cnf->value, strlen(cnf->value))) goto merr; } else if(!strcmp(cnf->name, "organization")) { diff --git a/src/crypto/x509v3/v3_purp.c b/src/crypto/x509v3/v3_purp.c index 6daf632..3f175c9 100644 --- a/src/crypto/x509v3/v3_purp.c +++ b/src/crypto/x509v3/v3_purp.c @@ -63,6 +63,7 @@ #include #include #include +#include #include #include @@ -200,7 +201,7 @@ int X509_PURPOSE_add(int id, int trust, int flags, name_dup = BUF_strdup(name); sname_dup = BUF_strdup(sname); if (name_dup == NULL || sname_dup == NULL) { - OPENSSL_PUT_ERROR(X509, X509_TRUST_add, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, X509_PURPOSE_add, ERR_R_MALLOC_FAILURE); if (name_dup != NULL) OPENSSL_free(name_dup); if (sname_dup != NULL) diff --git a/src/crypto/x509v3/v3_utl.c b/src/crypto/x509v3/v3_utl.c index d081c1c..27a91ff 100644 --- a/src/crypto/x509v3/v3_utl.c +++ b/src/crypto/x509v3/v3_utl.c @@ -262,6 +262,8 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) int state; /* We are going to modify the line so copy it first */ linebuf = BUF_strdup(line); + if (linebuf == NULL) + goto err; state = HDR_NAME; ntmp = NULL; /* Go through all characters */ @@ -850,9 +852,11 @@ static int equal_wildcard(const unsigned char *pattern, size_t pattern_len, */ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal, - unsigned int flags, - const unsigned char *b, size_t blen) + unsigned int flags, const char *b, size_t blen, + char **peername) { + int rv = 0; + if (!a->data || !a->length) return 0; if (cmp_type > 0) @@ -860,27 +864,31 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal, if (cmp_type != a->type) return 0; if (cmp_type == V_ASN1_IA5STRING) - return equal(a->data, a->length, b, blen, flags); - if (a->length == (int)blen && !memcmp(a->data, b, blen)) - return 1; - else - return 0; + rv = equal(a->data, a->length, + (unsigned char *)b, blen, flags); + else if (a->length == (int)blen && !memcmp(a->data, b, blen)) + rv = 1; + if (rv > 0 && peername) + *peername = BUF_strndup((char *)a->data, a->length); } else { - int astrlen, rv; + int astrlen; unsigned char *astr; astrlen = ASN1_STRING_to_UTF8(&astr, a); if (astrlen < 0) return -1; - rv = equal(astr, astrlen, b, blen, flags); + rv = equal(astr, astrlen, (unsigned char *)b, blen, flags); OPENSSL_free(astr); - return rv; + if (rv > 0 && peername) + *peername = BUF_strndup((char *)astr, astrlen); } + return rv; } -static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen, - unsigned int flags, int check_type) +static int do_x509_check(X509 *x, const char *chk, size_t chklen, + unsigned int flags, int check_type, + char **peername) { GENERAL_NAMES *gens = NULL; X509_NAME *name = NULL; @@ -889,6 +897,7 @@ static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen, int cnid; int alt_type; int san_present = 0; + int rv = 0; equal_fn equal; /* See below, this flag is internal-only */ @@ -918,13 +927,9 @@ static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen, equal = equal_case; } - if (chklen == 0) - chklen = strlen((const char *)chk); - gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); if (gens) { - int rv = 0; for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { GENERAL_NAME *gen; @@ -939,16 +944,14 @@ static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen, cstr = gen->d.dNSName; else cstr = gen->d.iPAddress; - if (do_check_string(cstr, alt_type, equal, flags, - chk, chklen)) - { - rv = 1; + /* Positive on success, negative on error! */ + if ((rv = do_check_string(cstr, alt_type, equal, flags, + chk, chklen, peername)) != 0) break; - } } GENERAL_NAMES_free(gens); - if (rv) - return 1; + if (rv != 0) + return rv; if (!cnid || (san_present && !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT))) @@ -962,38 +965,53 @@ static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen, ASN1_STRING *str; ne = X509_NAME_get_entry(name, j); str = X509_NAME_ENTRY_get_data(ne); - if (do_check_string(str, -1, equal, flags, chk, chklen)) - return 1; + /* Positive on success, negative on error! */ + if ((rv = do_check_string(str, -1, equal, flags, + chk, chklen, peername)) != 0) + return rv; } return 0; } -int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen, - unsigned int flags) +int X509_check_host(X509 *x, const char *chk, size_t chklen, + unsigned int flags, char **peername) { - return do_x509_check(x, chk, chklen, flags, GEN_DNS); + if (chk == NULL) + return -2; + if (memchr(chk, '\0', chklen)) + return -2; + return do_x509_check(x, chk, chklen, flags, GEN_DNS, peername); } -int X509_check_email(X509 *x, const unsigned char *chk, size_t chklen, - unsigned int flags) +int X509_check_email(X509 *x, const char *chk, size_t chklen, + unsigned int flags) { - return do_x509_check(x, chk, chklen, flags, GEN_EMAIL); + if (chk == NULL) + return -2; + if (memchr(chk, '\0', chklen)) + return -2; + return do_x509_check(x, chk, chklen, flags, GEN_EMAIL, NULL); } int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen, unsigned int flags) { - return do_x509_check(x, chk, chklen, flags, GEN_IPADD); + if (chk == NULL) + return -2; + return do_x509_check(x, (char *)chk, chklen, flags, GEN_IPADD, NULL); } int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags) { unsigned char ipout[16]; - int iplen; - iplen = a2i_ipadd(ipout, ipasc); + size_t iplen; + + if (ipasc == NULL) + return -2; + iplen = (size_t) a2i_ipadd(ipout, ipasc); if (iplen == 0) return -2; - return do_x509_check(x, ipout, (size_t)iplen, flags, GEN_IPADD); + return do_x509_check(x, (char *)ipout, iplen, flags, GEN_IPADD, NULL); } /* Convert IP addresses both IPv4 and IPv6 into an diff --git a/src/crypto/x509v3/v3nametest.c b/src/crypto/x509v3/v3nametest.c index b2e9c09..a3197e6 100644 --- a/src/crypto/x509v3/v3nametest.c +++ b/src/crypto/x509v3/v3nametest.c @@ -52,6 +52,7 @@ * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). */ +#include #include #include @@ -332,8 +333,7 @@ static void run_cert(X509 *crt, const char *nameincert, int match, ret; memcpy(name, *pname, namelen); - ret = X509_check_host(crt, (const unsigned char *)name, - namelen, 0); + ret = X509_check_host(crt, name, namelen, 0, NULL); match = -1; if (ret < 0) { @@ -351,8 +351,8 @@ static void run_cert(X509 *crt, const char *nameincert, match = 1; check_message(fn, "host", nameincert, match, *pname); - ret = X509_check_host(crt, (const unsigned char *)name, - namelen, X509_CHECK_FLAG_NO_WILDCARDS); + ret = X509_check_host(crt, name, namelen, + X509_CHECK_FLAG_NO_WILDCARDS, NULL); match = -1; if (ret < 0) { @@ -371,8 +371,7 @@ static void run_cert(X509 *crt, const char *nameincert, check_message(fn, "host-no-wildcards", nameincert, match, *pname); - ret = X509_check_email(crt, (const unsigned char *)name, - namelen, 0); + ret = X509_check_email(crt, name, namelen, 0); match = -1; if (fn->email) { diff --git a/src/crypto/x509v3/x509v3_error.c b/src/crypto/x509v3/x509v3_error.c deleted file mode 100644 index 9fbca5f..0000000 --- a/src/crypto/x509v3/x509v3_error.c +++ /dev/null @@ -1,147 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#include - -#include - -const ERR_STRING_DATA X509V3_error_string_data[] = { - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SXNET_add_id_INTEGER, 0), "SXNET_add_id_INTEGER"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SXNET_add_id_asc, 0), "SXNET_add_id_asc"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SXNET_add_id_ulong, 0), "SXNET_add_id_ulong"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SXNET_get_id_asc, 0), "SXNET_get_id_asc"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SXNET_get_id_ulong, 0), "SXNET_get_id_ulong"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_add, 0), "X509V3_EXT_add"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_add_alias, 0), "X509V3_EXT_add_alias"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_free, 0), "X509V3_EXT_free"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_i2d, 0), "X509V3_EXT_i2d"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_nconf, 0), "X509V3_EXT_nconf"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_add1_i2d, 0), "X509V3_add1_i2d"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_add_value, 0), "X509V3_add_value"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_get_section, 0), "X509V3_get_section"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_get_string, 0), "X509V3_get_string"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_get_value_bool, 0), "X509V3_get_value_bool"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_parse_list, 0), "X509V3_parse_list"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509_PURPOSE_add, 0), "X509_PURPOSE_add"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509_PURPOSE_set, 0), "X509_PURPOSE_set"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_a2i_GENERAL_NAME, 0), "a2i_GENERAL_NAME"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_copy_email, 0), "copy_email"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_copy_issuer, 0), "copy_issuer"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_do_dirname, 0), "do_dirname"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_do_ext_i2d, 0), "do_ext_i2d"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_do_ext_nconf, 0), "do_ext_nconf"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_gnames_from_sectname, 0), "gnames_from_sectname"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_hex_to_string, 0), "hex_to_string"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_i2s_ASN1_ENUMERATED, 0), "i2s_ASN1_ENUMERATED"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_i2s_ASN1_IA5STRING, 0), "i2s_ASN1_IA5STRING"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_i2s_ASN1_INTEGER, 0), "i2s_ASN1_INTEGER"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_i2v_AUTHORITY_INFO_ACCESS, 0), "i2v_AUTHORITY_INFO_ACCESS"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_notice_section, 0), "notice_section"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_nref_nos, 0), "nref_nos"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_policy_section, 0), "policy_section"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_process_pci_value, 0), "process_pci_value"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_r2i_certpol, 0), "r2i_certpol"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_r2i_pci, 0), "r2i_pci"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_s2i_ASN1_IA5STRING, 0), "s2i_ASN1_IA5STRING"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_s2i_ASN1_INTEGER, 0), "s2i_ASN1_INTEGER"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_s2i_ASN1_OCTET_STRING, 0), "s2i_ASN1_OCTET_STRING"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_s2i_skey_id, 0), "s2i_skey_id"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_set_dist_point_name, 0), "set_dist_point_name"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_string_to_hex, 0), "string_to_hex"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_v2i_ASN1_BIT_STRING, 0), "v2i_ASN1_BIT_STRING"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_v2i_AUTHORITY_INFO_ACCESS, 0), "v2i_AUTHORITY_INFO_ACCESS"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_v2i_AUTHORITY_KEYID, 0), "v2i_AUTHORITY_KEYID"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_v2i_BASIC_CONSTRAINTS, 0), "v2i_BASIC_CONSTRAINTS"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_v2i_EXTENDED_KEY_USAGE, 0), "v2i_EXTENDED_KEY_USAGE"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_v2i_GENERAL_NAMES, 0), "v2i_GENERAL_NAMES"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_v2i_GENERAL_NAME_ex, 0), "v2i_GENERAL_NAME_ex"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_v2i_NAME_CONSTRAINTS, 0), "v2i_NAME_CONSTRAINTS"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_v2i_POLICY_CONSTRAINTS, 0), "v2i_POLICY_CONSTRAINTS"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_v2i_POLICY_MAPPINGS, 0), "v2i_POLICY_MAPPINGS"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_v2i_crld, 0), "v2i_crld"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_v2i_idp, 0), "v2i_idp"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_v2i_issuer_alt, 0), "v2i_issuer_alt"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_v2i_subject_alt, 0), "v2i_subject_alt"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_v3_generic_extension, 0), "v3_generic_extension"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BAD_IP_ADDRESS), "BAD_IP_ADDRESS"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BAD_OBJECT), "BAD_OBJECT"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BN_DEC2BN_ERROR), "BN_DEC2BN_ERROR"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BN_TO_ASN1_INTEGER_ERROR), "BN_TO_ASN1_INTEGER_ERROR"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_CANNOT_FIND_FREE_FUNCTION), "CANNOT_FIND_FREE_FUNCTION"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_DIRNAME_ERROR), "DIRNAME_ERROR"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_DISTPOINT_ALREADY_SET), "DISTPOINT_ALREADY_SET"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_DUPLICATE_ZONE_ID), "DUPLICATE_ZONE_ID"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ERROR_CONVERTING_ZONE), "ERROR_CONVERTING_ZONE"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ERROR_CREATING_EXTENSION), "ERROR_CREATING_EXTENSION"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ERROR_IN_EXTENSION), "ERROR_IN_EXTENSION"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXPECTED_A_SECTION_NAME), "EXPECTED_A_SECTION_NAME"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_EXISTS), "EXTENSION_EXISTS"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_NAME_ERROR), "EXTENSION_NAME_ERROR"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_NOT_FOUND), "EXTENSION_NOT_FOUND"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED), "EXTENSION_SETTING_NOT_SUPPORTED"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_VALUE_ERROR), "EXTENSION_VALUE_ERROR"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ILLEGAL_EMPTY_EXTENSION), "ILLEGAL_EMPTY_EXTENSION"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ILLEGAL_HEX_DIGIT), "ILLEGAL_HEX_DIGIT"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INCORRECT_POLICY_SYNTAX_TAG), "INCORRECT_POLICY_SYNTAX_TAG"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_ASNUMBER), "INVALID_ASNUMBER"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_ASRANGE), "INVALID_ASRANGE"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_BOOLEAN_STRING), "INVALID_BOOLEAN_STRING"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_EXTENSION_STRING), "INVALID_EXTENSION_STRING"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_INHERITANCE), "INVALID_INHERITANCE"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_IPADDRESS), "INVALID_IPADDRESS"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_MULTIPLE_RDNS), "INVALID_MULTIPLE_RDNS"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NAME), "INVALID_NAME"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NULL_ARGUMENT), "INVALID_NULL_ARGUMENT"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NULL_NAME), "INVALID_NULL_NAME"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NULL_VALUE), "INVALID_NULL_VALUE"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NUMBER), "INVALID_NUMBER"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NUMBERS), "INVALID_NUMBERS"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_OBJECT_IDENTIFIER), "INVALID_OBJECT_IDENTIFIER"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_OPTION), "INVALID_OPTION"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_POLICY_IDENTIFIER), "INVALID_POLICY_IDENTIFIER"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_PROXY_POLICY_SETTING), "INVALID_PROXY_POLICY_SETTING"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_PURPOSE), "INVALID_PURPOSE"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_SAFI), "INVALID_SAFI"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_SECTION), "INVALID_SECTION"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_SYNTAX), "INVALID_SYNTAX"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ISSUER_DECODE_ERROR), "ISSUER_DECODE_ERROR"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_MISSING_VALUE), "MISSING_VALUE"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NEED_ORGANIZATION_AND_NUMBERS), "NEED_ORGANIZATION_AND_NUMBERS"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_CONFIG_DATABASE), "NO_CONFIG_DATABASE"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_ISSUER_CERTIFICATE), "NO_ISSUER_CERTIFICATE"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_ISSUER_DETAILS), "NO_ISSUER_DETAILS"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_POLICY_IDENTIFIER), "NO_POLICY_IDENTIFIER"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED), "NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_PUBLIC_KEY), "NO_PUBLIC_KEY"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_SUBJECT_DETAILS), "NO_SUBJECT_DETAILS"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ODD_NUMBER_OF_DIGITS), "ODD_NUMBER_OF_DIGITS"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_OPERATION_NOT_DEFINED), "OPERATION_NOT_DEFINED"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_OTHERNAME_ERROR), "OTHERNAME_ERROR"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED), "POLICY_LANGUAGE_ALREADY_DEFINED"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_PATH_LENGTH), "POLICY_PATH_LENGTH"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED), "POLICY_PATH_LENGTH_ALREADY_DEFINED"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED), "POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY), "POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_SECTION_NOT_FOUND), "SECTION_NOT_FOUND"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS), "UNABLE_TO_GET_ISSUER_DETAILS"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNABLE_TO_GET_ISSUER_KEYID), "UNABLE_TO_GET_ISSUER_KEYID"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT), "UNKNOWN_BIT_STRING_ARGUMENT"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNKNOWN_EXTENSION), "UNKNOWN_EXTENSION"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNKNOWN_EXTENSION_NAME), "UNKNOWN_EXTENSION_NAME"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNKNOWN_OPTION), "UNKNOWN_OPTION"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNSUPPORTED_OPTION), "UNSUPPORTED_OPTION"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNSUPPORTED_TYPE), "UNSUPPORTED_TYPE"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_USER_TOO_LONG), "USER_TOO_LONG"}, - {0, NULL}, -}; diff --git a/src/decrepit/CMakeLists.txt b/src/decrepit/CMakeLists.txt new file mode 100644 index 0000000..b43fea7 --- /dev/null +++ b/src/decrepit/CMakeLists.txt @@ -0,0 +1,9 @@ +add_subdirectory(cast) +add_subdirectory(blowfish) + +add_library( + decrepit + + $ + $ +) diff --git a/src/decrepit/blowfish/CMakeLists.txt b/src/decrepit/blowfish/CMakeLists.txt new file mode 100644 index 0000000..afaf641 --- /dev/null +++ b/src/decrepit/blowfish/CMakeLists.txt @@ -0,0 +1,9 @@ +include_directories(. ../../include) + +add_library( + blowfish + + OBJECT + + blowfish.c +) diff --git a/src/decrepit/blowfish/blowfish.c b/src/decrepit/blowfish/blowfish.c new file mode 100644 index 0000000..e277f34 --- /dev/null +++ b/src/decrepit/blowfish/blowfish.c @@ -0,0 +1,493 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] */ + +#include + +#include + +#include "../macros.h" + + +#define BF_ENC(LL, R, S, P) \ + (LL ^= P, \ + LL ^= \ + (((S[((int)(R >> 24) & 0xff)] + S[0x0100 + ((int)(R >> 16) & 0xff)]) ^ \ + S[0x0200 + ((int)(R >> 8) & 0xff)]) + \ + S[0x0300 + ((int)(R)&0xff)]) & \ + 0xffffffffL) + +void BF_encrypt(uint32_t *data, const BF_KEY *key) { + uint32_t l, r; + const uint32_t *p, *s; + + p = key->P; + s = &(key->S[0]); + l = data[0]; + r = data[1]; + + l ^= p[0]; + BF_ENC(r, l, s, p[1]); + BF_ENC(l, r, s, p[2]); + BF_ENC(r, l, s, p[3]); + BF_ENC(l, r, s, p[4]); + BF_ENC(r, l, s, p[5]); + BF_ENC(l, r, s, p[6]); + BF_ENC(r, l, s, p[7]); + BF_ENC(l, r, s, p[8]); + BF_ENC(r, l, s, p[9]); + BF_ENC(l, r, s, p[10]); + BF_ENC(r, l, s, p[11]); + BF_ENC(l, r, s, p[12]); + BF_ENC(r, l, s, p[13]); + BF_ENC(l, r, s, p[14]); + BF_ENC(r, l, s, p[15]); + BF_ENC(l, r, s, p[16]); + r ^= p[BF_ROUNDS + 1]; + + data[1] = l & 0xffffffffL; + data[0] = r & 0xffffffffL; +} + +void BF_decrypt(uint32_t *data, const BF_KEY *key) { + uint32_t l, r; + const uint32_t *p, *s; + + p = key->P; + s = &(key->S[0]); + l = data[0]; + r = data[1]; + + l ^= p[BF_ROUNDS + 1]; + BF_ENC(r, l, s, p[16]); + BF_ENC(l, r, s, p[15]); + BF_ENC(r, l, s, p[14]); + BF_ENC(l, r, s, p[13]); + BF_ENC(r, l, s, p[12]); + BF_ENC(l, r, s, p[11]); + BF_ENC(r, l, s, p[10]); + BF_ENC(l, r, s, p[9]); + BF_ENC(r, l, s, p[8]); + BF_ENC(l, r, s, p[7]); + BF_ENC(r, l, s, p[6]); + BF_ENC(l, r, s, p[5]); + BF_ENC(r, l, s, p[4]); + BF_ENC(l, r, s, p[3]); + BF_ENC(r, l, s, p[2]); + BF_ENC(l, r, s, p[1]); + r ^= p[0]; + + data[1] = l & 0xffffffffL; + data[0] = r & 0xffffffffL; +} + +void BF_ecb_encrypt(const uint8_t *in, uint8_t *out, + const BF_KEY *key, int encrypt) { + uint32_t d[2]; + + n2l(in, d[0]); + n2l(in, d[1]); + if (encrypt) { + BF_encrypt(d, key); + } else { + BF_decrypt(d, key); + } + l2n(d[0], out); + l2n(d[1], out); +} + +void BF_cbc_encrypt(const uint8_t *in, uint8_t *out, long length, + const BF_KEY *schedule, uint8_t *ivec, int encrypt) { + uint32_t tin0, tin1; + uint32_t tout0, tout1, xor0, xor1; + long l = length; + uint32_t tin[2]; + + if (encrypt) { + n2l(ivec, tout0); + n2l(ivec, tout1); + ivec -= 8; + for (l -= 8; l >= 0; l -= 8) { + n2l(in, tin0); + n2l(in, tin1); + tin0 ^= tout0; + tin1 ^= tout1; + tin[0] = tin0; + tin[1] = tin1; + BF_encrypt(tin, schedule); + tout0 = tin[0]; + tout1 = tin[1]; + l2n(tout0, out); + l2n(tout1, out); + } + if (l != -8) { + n2ln(in, tin0, tin1, l + 8); + tin0 ^= tout0; + tin1 ^= tout1; + tin[0] = tin0; + tin[1] = tin1; + BF_encrypt(tin, schedule); + tout0 = tin[0]; + tout1 = tin[1]; + l2n(tout0, out); + l2n(tout1, out); + } + l2n(tout0, ivec); + l2n(tout1, ivec); + } else { + n2l(ivec, xor0); + n2l(ivec, xor1); + ivec -= 8; + for (l -= 8; l >= 0; l -= 8) { + n2l(in, tin0); + n2l(in, tin1); + tin[0] = tin0; + tin[1] = tin1; + BF_decrypt(tin, schedule); + tout0 = tin[0] ^ xor0; + tout1 = tin[1] ^ xor1; + l2n(tout0, out); + l2n(tout1, out); + xor0 = tin0; + xor1 = tin1; + } + if (l != -8) { + n2l(in, tin0); + n2l(in, tin1); + tin[0] = tin0; + tin[1] = tin1; + BF_decrypt(tin, schedule); + tout0 = tin[0] ^ xor0; + tout1 = tin[1] ^ xor1; + l2nn(tout0, tout1, out, l + 8); + xor0 = tin0; + xor1 = tin1; + } + l2n(xor0, ivec); + l2n(xor1, ivec); + } + tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; + tin[0] = tin[1] = 0; +} + +static const BF_KEY bf_init = { + {0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L, 0xa4093822L, + 0x299f31d0L, 0x082efa98L, 0xec4e6c89L, 0x452821e6L, 0x38d01377L, + 0xbe5466cfL, 0x34e90c6cL, 0xc0ac29b7L, 0xc97c50ddL, 0x3f84d5b5L, + 0xb5470917L, 0x9216d5d9L, 0x8979fb1b}, + { + 0xd1310ba6L, 0x98dfb5acL, 0x2ffd72dbL, 0xd01adfb7L, 0xb8e1afedL, + 0x6a267e96L, 0xba7c9045L, 0xf12c7f99L, 0x24a19947L, 0xb3916cf7L, + 0x0801f2e2L, 0x858efc16L, 0x636920d8L, 0x71574e69L, 0xa458fea3L, + 0xf4933d7eL, 0x0d95748fL, 0x728eb658L, 0x718bcd58L, 0x82154aeeL, + 0x7b54a41dL, 0xc25a59b5L, 0x9c30d539L, 0x2af26013L, 0xc5d1b023L, + 0x286085f0L, 0xca417918L, 0xb8db38efL, 0x8e79dcb0L, 0x603a180eL, + 0x6c9e0e8bL, 0xb01e8a3eL, 0xd71577c1L, 0xbd314b27L, 0x78af2fdaL, + 0x55605c60L, 0xe65525f3L, 0xaa55ab94L, 0x57489862L, 0x63e81440L, + 0x55ca396aL, 0x2aab10b6L, 0xb4cc5c34L, 0x1141e8ceL, 0xa15486afL, + 0x7c72e993L, 0xb3ee1411L, 0x636fbc2aL, 0x2ba9c55dL, 0x741831f6L, + 0xce5c3e16L, 0x9b87931eL, 0xafd6ba33L, 0x6c24cf5cL, 0x7a325381L, + 0x28958677L, 0x3b8f4898L, 0x6b4bb9afL, 0xc4bfe81bL, 0x66282193L, + 0x61d809ccL, 0xfb21a991L, 0x487cac60L, 0x5dec8032L, 0xef845d5dL, + 0xe98575b1L, 0xdc262302L, 0xeb651b88L, 0x23893e81L, 0xd396acc5L, + 0x0f6d6ff3L, 0x83f44239L, 0x2e0b4482L, 0xa4842004L, 0x69c8f04aL, + 0x9e1f9b5eL, 0x21c66842L, 0xf6e96c9aL, 0x670c9c61L, 0xabd388f0L, + 0x6a51a0d2L, 0xd8542f68L, 0x960fa728L, 0xab5133a3L, 0x6eef0b6cL, + 0x137a3be4L, 0xba3bf050L, 0x7efb2a98L, 0xa1f1651dL, 0x39af0176L, + 0x66ca593eL, 0x82430e88L, 0x8cee8619L, 0x456f9fb4L, 0x7d84a5c3L, + 0x3b8b5ebeL, 0xe06f75d8L, 0x85c12073L, 0x401a449fL, 0x56c16aa6L, + 0x4ed3aa62L, 0x363f7706L, 0x1bfedf72L, 0x429b023dL, 0x37d0d724L, + 0xd00a1248L, 0xdb0fead3L, 0x49f1c09bL, 0x075372c9L, 0x80991b7bL, + 0x25d479d8L, 0xf6e8def7L, 0xe3fe501aL, 0xb6794c3bL, 0x976ce0bdL, + 0x04c006baL, 0xc1a94fb6L, 0x409f60c4L, 0x5e5c9ec2L, 0x196a2463L, + 0x68fb6fafL, 0x3e6c53b5L, 0x1339b2ebL, 0x3b52ec6fL, 0x6dfc511fL, + 0x9b30952cL, 0xcc814544L, 0xaf5ebd09L, 0xbee3d004L, 0xde334afdL, + 0x660f2807L, 0x192e4bb3L, 0xc0cba857L, 0x45c8740fL, 0xd20b5f39L, + 0xb9d3fbdbL, 0x5579c0bdL, 0x1a60320aL, 0xd6a100c6L, 0x402c7279L, + 0x679f25feL, 0xfb1fa3ccL, 0x8ea5e9f8L, 0xdb3222f8L, 0x3c7516dfL, + 0xfd616b15L, 0x2f501ec8L, 0xad0552abL, 0x323db5faL, 0xfd238760L, + 0x53317b48L, 0x3e00df82L, 0x9e5c57bbL, 0xca6f8ca0L, 0x1a87562eL, + 0xdf1769dbL, 0xd542a8f6L, 0x287effc3L, 0xac6732c6L, 0x8c4f5573L, + 0x695b27b0L, 0xbbca58c8L, 0xe1ffa35dL, 0xb8f011a0L, 0x10fa3d98L, + 0xfd2183b8L, 0x4afcb56cL, 0x2dd1d35bL, 0x9a53e479L, 0xb6f84565L, + 0xd28e49bcL, 0x4bfb9790L, 0xe1ddf2daL, 0xa4cb7e33L, 0x62fb1341L, + 0xcee4c6e8L, 0xef20cadaL, 0x36774c01L, 0xd07e9efeL, 0x2bf11fb4L, + 0x95dbda4dL, 0xae909198L, 0xeaad8e71L, 0x6b93d5a0L, 0xd08ed1d0L, + 0xafc725e0L, 0x8e3c5b2fL, 0x8e7594b7L, 0x8ff6e2fbL, 0xf2122b64L, + 0x8888b812L, 0x900df01cL, 0x4fad5ea0L, 0x688fc31cL, 0xd1cff191L, + 0xb3a8c1adL, 0x2f2f2218L, 0xbe0e1777L, 0xea752dfeL, 0x8b021fa1L, + 0xe5a0cc0fL, 0xb56f74e8L, 0x18acf3d6L, 0xce89e299L, 0xb4a84fe0L, + 0xfd13e0b7L, 0x7cc43b81L, 0xd2ada8d9L, 0x165fa266L, 0x80957705L, + 0x93cc7314L, 0x211a1477L, 0xe6ad2065L, 0x77b5fa86L, 0xc75442f5L, + 0xfb9d35cfL, 0xebcdaf0cL, 0x7b3e89a0L, 0xd6411bd3L, 0xae1e7e49L, + 0x00250e2dL, 0x2071b35eL, 0x226800bbL, 0x57b8e0afL, 0x2464369bL, + 0xf009b91eL, 0x5563911dL, 0x59dfa6aaL, 0x78c14389L, 0xd95a537fL, + 0x207d5ba2L, 0x02e5b9c5L, 0x83260376L, 0x6295cfa9L, 0x11c81968L, + 0x4e734a41L, 0xb3472dcaL, 0x7b14a94aL, 0x1b510052L, 0x9a532915L, + 0xd60f573fL, 0xbc9bc6e4L, 0x2b60a476L, 0x81e67400L, 0x08ba6fb5L, + 0x571be91fL, 0xf296ec6bL, 0x2a0dd915L, 0xb6636521L, 0xe7b9f9b6L, + 0xff34052eL, 0xc5855664L, 0x53b02d5dL, 0xa99f8fa1L, 0x08ba4799L, + 0x6e85076aL, 0x4b7a70e9L, 0xb5b32944L, 0xdb75092eL, 0xc4192623L, + 0xad6ea6b0L, 0x49a7df7dL, 0x9cee60b8L, 0x8fedb266L, 0xecaa8c71L, + 0x699a17ffL, 0x5664526cL, 0xc2b19ee1L, 0x193602a5L, 0x75094c29L, + 0xa0591340L, 0xe4183a3eL, 0x3f54989aL, 0x5b429d65L, 0x6b8fe4d6L, + 0x99f73fd6L, 0xa1d29c07L, 0xefe830f5L, 0x4d2d38e6L, 0xf0255dc1L, + 0x4cdd2086L, 0x8470eb26L, 0x6382e9c6L, 0x021ecc5eL, 0x09686b3fL, + 0x3ebaefc9L, 0x3c971814L, 0x6b6a70a1L, 0x687f3584L, 0x52a0e286L, + 0xb79c5305L, 0xaa500737L, 0x3e07841cL, 0x7fdeae5cL, 0x8e7d44ecL, + 0x5716f2b8L, 0xb03ada37L, 0xf0500c0dL, 0xf01c1f04L, 0x0200b3ffL, + 0xae0cf51aL, 0x3cb574b2L, 0x25837a58L, 0xdc0921bdL, 0xd19113f9L, + 0x7ca92ff6L, 0x94324773L, 0x22f54701L, 0x3ae5e581L, 0x37c2dadcL, + 0xc8b57634L, 0x9af3dda7L, 0xa9446146L, 0x0fd0030eL, 0xecc8c73eL, + 0xa4751e41L, 0xe238cd99L, 0x3bea0e2fL, 0x3280bba1L, 0x183eb331L, + 0x4e548b38L, 0x4f6db908L, 0x6f420d03L, 0xf60a04bfL, 0x2cb81290L, + 0x24977c79L, 0x5679b072L, 0xbcaf89afL, 0xde9a771fL, 0xd9930810L, + 0xb38bae12L, 0xdccf3f2eL, 0x5512721fL, 0x2e6b7124L, 0x501adde6L, + 0x9f84cd87L, 0x7a584718L, 0x7408da17L, 0xbc9f9abcL, 0xe94b7d8cL, + 0xec7aec3aL, 0xdb851dfaL, 0x63094366L, 0xc464c3d2L, 0xef1c1847L, + 0x3215d908L, 0xdd433b37L, 0x24c2ba16L, 0x12a14d43L, 0x2a65c451L, + 0x50940002L, 0x133ae4ddL, 0x71dff89eL, 0x10314e55L, 0x81ac77d6L, + 0x5f11199bL, 0x043556f1L, 0xd7a3c76bL, 0x3c11183bL, 0x5924a509L, + 0xf28fe6edL, 0x97f1fbfaL, 0x9ebabf2cL, 0x1e153c6eL, 0x86e34570L, + 0xeae96fb1L, 0x860e5e0aL, 0x5a3e2ab3L, 0x771fe71cL, 0x4e3d06faL, + 0x2965dcb9L, 0x99e71d0fL, 0x803e89d6L, 0x5266c825L, 0x2e4cc978L, + 0x9c10b36aL, 0xc6150ebaL, 0x94e2ea78L, 0xa5fc3c53L, 0x1e0a2df4L, + 0xf2f74ea7L, 0x361d2b3dL, 0x1939260fL, 0x19c27960L, 0x5223a708L, + 0xf71312b6L, 0xebadfe6eL, 0xeac31f66L, 0xe3bc4595L, 0xa67bc883L, + 0xb17f37d1L, 0x018cff28L, 0xc332ddefL, 0xbe6c5aa5L, 0x65582185L, + 0x68ab9802L, 0xeecea50fL, 0xdb2f953bL, 0x2aef7dadL, 0x5b6e2f84L, + 0x1521b628L, 0x29076170L, 0xecdd4775L, 0x619f1510L, 0x13cca830L, + 0xeb61bd96L, 0x0334fe1eL, 0xaa0363cfL, 0xb5735c90L, 0x4c70a239L, + 0xd59e9e0bL, 0xcbaade14L, 0xeecc86bcL, 0x60622ca7L, 0x9cab5cabL, + 0xb2f3846eL, 0x648b1eafL, 0x19bdf0caL, 0xa02369b9L, 0x655abb50L, + 0x40685a32L, 0x3c2ab4b3L, 0x319ee9d5L, 0xc021b8f7L, 0x9b540b19L, + 0x875fa099L, 0x95f7997eL, 0x623d7da8L, 0xf837889aL, 0x97e32d77L, + 0x11ed935fL, 0x16681281L, 0x0e358829L, 0xc7e61fd6L, 0x96dedfa1L, + 0x7858ba99L, 0x57f584a5L, 0x1b227263L, 0x9b83c3ffL, 0x1ac24696L, + 0xcdb30aebL, 0x532e3054L, 0x8fd948e4L, 0x6dbc3128L, 0x58ebf2efL, + 0x34c6ffeaL, 0xfe28ed61L, 0xee7c3c73L, 0x5d4a14d9L, 0xe864b7e3L, + 0x42105d14L, 0x203e13e0L, 0x45eee2b6L, 0xa3aaabeaL, 0xdb6c4f15L, + 0xfacb4fd0L, 0xc742f442L, 0xef6abbb5L, 0x654f3b1dL, 0x41cd2105L, + 0xd81e799eL, 0x86854dc7L, 0xe44b476aL, 0x3d816250L, 0xcf62a1f2L, + 0x5b8d2646L, 0xfc8883a0L, 0xc1c7b6a3L, 0x7f1524c3L, 0x69cb7492L, + 0x47848a0bL, 0x5692b285L, 0x095bbf00L, 0xad19489dL, 0x1462b174L, + 0x23820e00L, 0x58428d2aL, 0x0c55f5eaL, 0x1dadf43eL, 0x233f7061L, + 0x3372f092L, 0x8d937e41L, 0xd65fecf1L, 0x6c223bdbL, 0x7cde3759L, + 0xcbee7460L, 0x4085f2a7L, 0xce77326eL, 0xa6078084L, 0x19f8509eL, + 0xe8efd855L, 0x61d99735L, 0xa969a7aaL, 0xc50c06c2L, 0x5a04abfcL, + 0x800bcadcL, 0x9e447a2eL, 0xc3453484L, 0xfdd56705L, 0x0e1e9ec9L, + 0xdb73dbd3L, 0x105588cdL, 0x675fda79L, 0xe3674340L, 0xc5c43465L, + 0x713e38d8L, 0x3d28f89eL, 0xf16dff20L, 0x153e21e7L, 0x8fb03d4aL, + 0xe6e39f2bL, 0xdb83adf7L, 0xe93d5a68L, 0x948140f7L, 0xf64c261cL, + 0x94692934L, 0x411520f7L, 0x7602d4f7L, 0xbcf46b2eL, 0xd4a20068L, + 0xd4082471L, 0x3320f46aL, 0x43b7d4b7L, 0x500061afL, 0x1e39f62eL, + 0x97244546L, 0x14214f74L, 0xbf8b8840L, 0x4d95fc1dL, 0x96b591afL, + 0x70f4ddd3L, 0x66a02f45L, 0xbfbc09ecL, 0x03bd9785L, 0x7fac6dd0L, + 0x31cb8504L, 0x96eb27b3L, 0x55fd3941L, 0xda2547e6L, 0xabca0a9aL, + 0x28507825L, 0x530429f4L, 0x0a2c86daL, 0xe9b66dfbL, 0x68dc1462L, + 0xd7486900L, 0x680ec0a4L, 0x27a18deeL, 0x4f3ffea2L, 0xe887ad8cL, + 0xb58ce006L, 0x7af4d6b6L, 0xaace1e7cL, 0xd3375fecL, 0xce78a399L, + 0x406b2a42L, 0x20fe9e35L, 0xd9f385b9L, 0xee39d7abL, 0x3b124e8bL, + 0x1dc9faf7L, 0x4b6d1856L, 0x26a36631L, 0xeae397b2L, 0x3a6efa74L, + 0xdd5b4332L, 0x6841e7f7L, 0xca7820fbL, 0xfb0af54eL, 0xd8feb397L, + 0x454056acL, 0xba489527L, 0x55533a3aL, 0x20838d87L, 0xfe6ba9b7L, + 0xd096954bL, 0x55a867bcL, 0xa1159a58L, 0xcca92963L, 0x99e1db33L, + 0xa62a4a56L, 0x3f3125f9L, 0x5ef47e1cL, 0x9029317cL, 0xfdf8e802L, + 0x04272f70L, 0x80bb155cL, 0x05282ce3L, 0x95c11548L, 0xe4c66d22L, + 0x48c1133fL, 0xc70f86dcL, 0x07f9c9eeL, 0x41041f0fL, 0x404779a4L, + 0x5d886e17L, 0x325f51ebL, 0xd59bc0d1L, 0xf2bcc18fL, 0x41113564L, + 0x257b7834L, 0x602a9c60L, 0xdff8e8a3L, 0x1f636c1bL, 0x0e12b4c2L, + 0x02e1329eL, 0xaf664fd1L, 0xcad18115L, 0x6b2395e0L, 0x333e92e1L, + 0x3b240b62L, 0xeebeb922L, 0x85b2a20eL, 0xe6ba0d99L, 0xde720c8cL, + 0x2da2f728L, 0xd0127845L, 0x95b794fdL, 0x647d0862L, 0xe7ccf5f0L, + 0x5449a36fL, 0x877d48faL, 0xc39dfd27L, 0xf33e8d1eL, 0x0a476341L, + 0x992eff74L, 0x3a6f6eabL, 0xf4f8fd37L, 0xa812dc60L, 0xa1ebddf8L, + 0x991be14cL, 0xdb6e6b0dL, 0xc67b5510L, 0x6d672c37L, 0x2765d43bL, + 0xdcd0e804L, 0xf1290dc7L, 0xcc00ffa3L, 0xb5390f92L, 0x690fed0bL, + 0x667b9ffbL, 0xcedb7d9cL, 0xa091cf0bL, 0xd9155ea3L, 0xbb132f88L, + 0x515bad24L, 0x7b9479bfL, 0x763bd6ebL, 0x37392eb3L, 0xcc115979L, + 0x8026e297L, 0xf42e312dL, 0x6842ada7L, 0xc66a2b3bL, 0x12754cccL, + 0x782ef11cL, 0x6a124237L, 0xb79251e7L, 0x06a1bbe6L, 0x4bfb6350L, + 0x1a6b1018L, 0x11caedfaL, 0x3d25bdd8L, 0xe2e1c3c9L, 0x44421659L, + 0x0a121386L, 0xd90cec6eL, 0xd5abea2aL, 0x64af674eL, 0xda86a85fL, + 0xbebfe988L, 0x64e4c3feL, 0x9dbc8057L, 0xf0f7c086L, 0x60787bf8L, + 0x6003604dL, 0xd1fd8346L, 0xf6381fb0L, 0x7745ae04L, 0xd736fcccL, + 0x83426b33L, 0xf01eab71L, 0xb0804187L, 0x3c005e5fL, 0x77a057beL, + 0xbde8ae24L, 0x55464299L, 0xbf582e61L, 0x4e58f48fL, 0xf2ddfda2L, + 0xf474ef38L, 0x8789bdc2L, 0x5366f9c3L, 0xc8b38e74L, 0xb475f255L, + 0x46fcd9b9L, 0x7aeb2661L, 0x8b1ddf84L, 0x846a0e79L, 0x915f95e2L, + 0x466e598eL, 0x20b45770L, 0x8cd55591L, 0xc902de4cL, 0xb90bace1L, + 0xbb8205d0L, 0x11a86248L, 0x7574a99eL, 0xb77f19b6L, 0xe0a9dc09L, + 0x662d09a1L, 0xc4324633L, 0xe85a1f02L, 0x09f0be8cL, 0x4a99a025L, + 0x1d6efe10L, 0x1ab93d1dL, 0x0ba5a4dfL, 0xa186f20fL, 0x2868f169L, + 0xdcb7da83L, 0x573906feL, 0xa1e2ce9bL, 0x4fcd7f52L, 0x50115e01L, + 0xa70683faL, 0xa002b5c4L, 0x0de6d027L, 0x9af88c27L, 0x773f8641L, + 0xc3604c06L, 0x61a806b5L, 0xf0177a28L, 0xc0f586e0L, 0x006058aaL, + 0x30dc7d62L, 0x11e69ed7L, 0x2338ea63L, 0x53c2dd94L, 0xc2c21634L, + 0xbbcbee56L, 0x90bcb6deL, 0xebfc7da1L, 0xce591d76L, 0x6f05e409L, + 0x4b7c0188L, 0x39720a3dL, 0x7c927c24L, 0x86e3725fL, 0x724d9db9L, + 0x1ac15bb4L, 0xd39eb8fcL, 0xed545578L, 0x08fca5b5L, 0xd83d7cd3L, + 0x4dad0fc4L, 0x1e50ef5eL, 0xb161e6f8L, 0xa28514d9L, 0x6c51133cL, + 0x6fd5c7e7L, 0x56e14ec4L, 0x362abfceL, 0xddc6c837L, 0xd79a3234L, + 0x92638212L, 0x670efa8eL, 0x406000e0L, 0x3a39ce37L, 0xd3faf5cfL, + 0xabc27737L, 0x5ac52d1bL, 0x5cb0679eL, 0x4fa33742L, 0xd3822740L, + 0x99bc9bbeL, 0xd5118e9dL, 0xbf0f7315L, 0xd62d1c7eL, 0xc700c47bL, + 0xb78c1b6bL, 0x21a19045L, 0xb26eb1beL, 0x6a366eb4L, 0x5748ab2fL, + 0xbc946e79L, 0xc6a376d2L, 0x6549c2c8L, 0x530ff8eeL, 0x468dde7dL, + 0xd5730a1dL, 0x4cd04dc6L, 0x2939bbdbL, 0xa9ba4650L, 0xac9526e8L, + 0xbe5ee304L, 0xa1fad5f0L, 0x6a2d519aL, 0x63ef8ce2L, 0x9a86ee22L, + 0xc089c2b8L, 0x43242ef6L, 0xa51e03aaL, 0x9cf2d0a4L, 0x83c061baL, + 0x9be96a4dL, 0x8fe51550L, 0xba645bd6L, 0x2826a2f9L, 0xa73a3ae1L, + 0x4ba99586L, 0xef5562e9L, 0xc72fefd3L, 0xf752f7daL, 0x3f046f69L, + 0x77fa0a59L, 0x80e4a915L, 0x87b08601L, 0x9b09e6adL, 0x3b3ee593L, + 0xe990fd5aL, 0x9e34d797L, 0x2cf0b7d9L, 0x022b8b51L, 0x96d5ac3aL, + 0x017da67dL, 0xd1cf3ed6L, 0x7c7d2d28L, 0x1f9f25cfL, 0xadf2b89bL, + 0x5ad6b472L, 0x5a88f54cL, 0xe029ac71L, 0xe019a5e6L, 0x47b0acfdL, + 0xed93fa9bL, 0xe8d3c48dL, 0x283b57ccL, 0xf8d56629L, 0x79132e28L, + 0x785f0191L, 0xed756055L, 0xf7960e44L, 0xe3d35e8cL, 0x15056dd4L, + 0x88f46dbaL, 0x03a16125L, 0x0564f0bdL, 0xc3eb9e15L, 0x3c9057a2L, + 0x97271aecL, 0xa93a072aL, 0x1b3f6d9bL, 0x1e6321f5L, 0xf59c66fbL, + 0x26dcf319L, 0x7533d928L, 0xb155fdf5L, 0x03563482L, 0x8aba3cbbL, + 0x28517711L, 0xc20ad9f8L, 0xabcc5167L, 0xccad925fL, 0x4de81751L, + 0x3830dc8eL, 0x379d5862L, 0x9320f991L, 0xea7a90c2L, 0xfb3e7bceL, + 0x5121ce64L, 0x774fbe32L, 0xa8b6e37eL, 0xc3293d46L, 0x48de5369L, + 0x6413e680L, 0xa2ae0810L, 0xdd6db224L, 0x69852dfdL, 0x09072166L, + 0xb39a460aL, 0x6445c0ddL, 0x586cdecfL, 0x1c20c8aeL, 0x5bbef7ddL, + 0x1b588d40L, 0xccd2017fL, 0x6bb4e3bbL, 0xdda26a7eL, 0x3a59ff45L, + 0x3e350a44L, 0xbcb4cdd5L, 0x72eacea8L, 0xfa6484bbL, 0x8d6612aeL, + 0xbf3c6f47L, 0xd29be463L, 0x542f5d9eL, 0xaec2771bL, 0xf64e6370L, + 0x740e0d8dL, 0xe75b1357L, 0xf8721671L, 0xaf537d5dL, 0x4040cb08L, + 0x4eb4e2ccL, 0x34d2466aL, 0x0115af84L, 0xe1b00428L, 0x95983a1dL, + 0x06b89fb4L, 0xce6ea048L, 0x6f3f3b82L, 0x3520ab82L, 0x011a1d4bL, + 0x277227f8L, 0x611560b1L, 0xe7933fdcL, 0xbb3a792bL, 0x344525bdL, + 0xa08839e1L, 0x51ce794bL, 0x2f32c9b7L, 0xa01fbac9L, 0xe01cc87eL, + 0xbcc7d1f6L, 0xcf0111c3L, 0xa1e8aac7L, 0x1a908749L, 0xd44fbd9aL, + 0xd0dadecbL, 0xd50ada38L, 0x0339c32aL, 0xc6913667L, 0x8df9317cL, + 0xe0b12b4fL, 0xf79e59b7L, 0x43f5bb3aL, 0xf2d519ffL, 0x27d9459cL, + 0xbf97222cL, 0x15e6fc2aL, 0x0f91fc71L, 0x9b941525L, 0xfae59361L, + 0xceb69cebL, 0xc2a86459L, 0x12baa8d1L, 0xb6c1075eL, 0xe3056a0cL, + 0x10d25065L, 0xcb03a442L, 0xe0ec6e0eL, 0x1698db3bL, 0x4c98a0beL, + 0x3278e964L, 0x9f1f9532L, 0xe0d392dfL, 0xd3a0342bL, 0x8971f21eL, + 0x1b0a7441L, 0x4ba3348cL, 0xc5be7120L, 0xc37632d8L, 0xdf359f8dL, + 0x9b992f2eL, 0xe60b6f47L, 0x0fe3f11dL, 0xe54cda54L, 0x1edad891L, + 0xce6279cfL, 0xcd3e7e6fL, 0x1618b166L, 0xfd2c1d05L, 0x848fd2c5L, + 0xf6fb2299L, 0xf523f357L, 0xa6327623L, 0x93a83531L, 0x56cccd02L, + 0xacf08162L, 0x5a75ebb5L, 0x6e163697L, 0x88d273ccL, 0xde966292L, + 0x81b949d0L, 0x4c50901bL, 0x71c65614L, 0xe6c6c7bdL, 0x327a140aL, + 0x45e1d006L, 0xc3f27b9aL, 0xc9aa53fdL, 0x62a80f00L, 0xbb25bfe2L, + 0x35bdd2f6L, 0x71126905L, 0xb2040222L, 0xb6cbcf7cL, 0xcd769c2bL, + 0x53113ec0L, 0x1640e3d3L, 0x38abbd60L, 0x2547adf0L, 0xba38209cL, + 0xf746ce76L, 0x77afa1c5L, 0x20756060L, 0x85cbfe4eL, 0x8ae88dd8L, + 0x7aaaf9b0L, 0x4cf9aa7eL, 0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L, + 0xd6ebe1f9L, 0x90d4f869L, 0xa65cdea0L, 0x3f09252dL, 0xc208e69fL, + 0xb74e6132L, 0xce77e25bL, 0x578fdfe3L, 0x3ac372e6L, + }, +}; + +void BF_set_key(BF_KEY *key, size_t len, const uint8_t *data) { + int i; + uint32_t *p, ri, in[2]; + const uint8_t *d, *end; + + memcpy(key, &bf_init, sizeof(BF_KEY)); + p = key->P; + + if (len > ((BF_ROUNDS + 2) * 4)) + len = (BF_ROUNDS + 2) * 4; + + d = data; + end = &data[len]; + for (i = 0; i < BF_ROUNDS + 2; i++) { + ri = *(d++); + if (d >= end) { + d = data; + } + + ri <<= 8; + ri |= *(d++); + if (d >= end) { + d = data; + } + + ri <<= 8; + ri |= *(d++); + if (d >= end) { + d = data; + } + + ri <<= 8; + ri |= *(d++); + if (d >= end) { + d = data; + } + + p[i] ^= ri; + } + + in[0] = 0L; + in[1] = 0L; + for (i = 0; i < BF_ROUNDS + 2; i += 2) { + BF_encrypt(in, key); + p[i] = in[0]; + p[i + 1] = in[1]; + } + + p = key->S; + for (i = 0; i < 4 * 256; i += 2) { + BF_encrypt(in, key); + p[i] = in[0]; + p[i + 1] = in[1]; + } +} diff --git a/src/decrepit/cast/CMakeLists.txt b/src/decrepit/cast/CMakeLists.txt new file mode 100644 index 0000000..ada99e4 --- /dev/null +++ b/src/decrepit/cast/CMakeLists.txt @@ -0,0 +1,10 @@ +include_directories(. ../../include) + +add_library( + cast + + OBJECT + + cast.c + cast_tables.c +) diff --git a/src/decrepit/cast/cast.c b/src/decrepit/cast/cast.c new file mode 100644 index 0000000..68bcbe3 --- /dev/null +++ b/src/decrepit/cast/cast.c @@ -0,0 +1,416 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.]. */ + +#include + +#if defined(OPENSSL_WINDOWS) +#pragma warning(push, 3) +#include +#pragma warning(pop) +#endif + +#include "../macros.h" + + +void CAST_ecb_encrypt(const uint8_t *in, uint8_t *out, const CAST_KEY *ks, + int enc) { + uint32_t d[2]; + + n2l(in, d[0]); + n2l(in, d[1]); + if (enc) { + CAST_encrypt(d, ks); + } else { + CAST_decrypt(d, ks); + } + l2n(d[0], out); + l2n(d[1], out); +} + +extern const uint32_t CAST_S_table0[256]; +extern const uint32_t CAST_S_table1[256]; +extern const uint32_t CAST_S_table2[256]; +extern const uint32_t CAST_S_table3[256]; +extern const uint32_t CAST_S_table4[256]; +extern const uint32_t CAST_S_table5[256]; +extern const uint32_t CAST_S_table6[256]; +extern const uint32_t CAST_S_table7[256]; + +#if defined(OPENSSL_WINDOWS) && defined(_MSC_VER) +#define ROTL(a, n) (_lrotl(a, n)) +#else +#define ROTL(a, n) ((((a) << (n)) | ((a) >> ((-(n))&31))) & 0xffffffffL) +#endif + +#define E_CAST(n, key, L, R, OP1, OP2, OP3) \ + { \ + uint32_t a, b, c, d; \ + t = (key[n * 2] OP1 R) & 0xffffffff; \ + t = ROTL(t, (key[n * 2 + 1])); \ + a = CAST_S_table0[(t >> 8) & 0xff]; \ + b = CAST_S_table1[(t)&0xff]; \ + c = CAST_S_table2[(t >> 24) & 0xff]; \ + d = CAST_S_table3[(t >> 16) & 0xff]; \ + L ^= (((((a OP2 b)&0xffffffffL)OP3 c) & 0xffffffffL)OP1 d) & 0xffffffffL; \ + } + +void CAST_encrypt(uint32_t *data, const CAST_KEY *key) { + uint32_t l, r, t; + const uint32_t *k; + + k = &key->data[0]; + l = data[0]; + r = data[1]; + + E_CAST(0, k, l, r, +, ^, -); + E_CAST(1, k, r, l, ^, -, +); + E_CAST(2, k, l, r, -, +, ^); + E_CAST(3, k, r, l, +, ^, -); + E_CAST(4, k, l, r, ^, -, +); + E_CAST(5, k, r, l, -, +, ^); + E_CAST(6, k, l, r, +, ^, -); + E_CAST(7, k, r, l, ^, -, +); + E_CAST(8, k, l, r, -, +, ^); + E_CAST(9, k, r, l, +, ^, -); + E_CAST(10, k, l, r, ^, -, +); + E_CAST(11, k, r, l, -, +, ^); + + if (!key->short_key) { + E_CAST(12, k, l, r, +, ^, -); + E_CAST(13, k, r, l, ^, -, +); + E_CAST(14, k, l, r, -, +, ^); + E_CAST(15, k, r, l, +, ^, -); + } + + data[1] = l & 0xffffffffL; + data[0] = r & 0xffffffffL; +} + +void CAST_decrypt(uint32_t *data, const CAST_KEY *key) { + uint32_t l, r, t; + const uint32_t *k; + + k = &key->data[0]; + l = data[0]; + r = data[1]; + + if (!key->short_key) { + E_CAST(15, k, l, r, +, ^, -); + E_CAST(14, k, r, l, -, +, ^); + E_CAST(13, k, l, r, ^, -, +); + E_CAST(12, k, r, l, +, ^, -); + } + + E_CAST(11, k, l, r, -, +, ^); + E_CAST(10, k, r, l, ^, -, +); + E_CAST(9, k, l, r, +, ^, -); + E_CAST(8, k, r, l, -, +, ^); + E_CAST(7, k, l, r, ^, -, +); + E_CAST(6, k, r, l, +, ^, -); + E_CAST(5, k, l, r, -, +, ^); + E_CAST(4, k, r, l, ^, -, +); + E_CAST(3, k, l, r, +, ^, -); + E_CAST(2, k, r, l, -, +, ^); + E_CAST(1, k, l, r, ^, -, +); + E_CAST(0, k, r, l, +, ^, -); + + data[1] = l & 0xffffffffL; + data[0] = r & 0xffffffffL; +} + +void CAST_cbc_encrypt(const uint8_t *in, uint8_t *out, long length, + const CAST_KEY *ks, uint8_t *iv, int enc) { + uint32_t tin0, tin1; + uint32_t tout0, tout1, xor0, xor1; + long l = length; + uint32_t tin[2]; + + if (enc) { + n2l(iv, tout0); + n2l(iv, tout1); + iv -= 8; + for (l -= 8; l >= 0; l -= 8) { + n2l(in, tin0); + n2l(in, tin1); + tin0 ^= tout0; + tin1 ^= tout1; + tin[0] = tin0; + tin[1] = tin1; + CAST_encrypt(tin, ks); + tout0 = tin[0]; + tout1 = tin[1]; + l2n(tout0, out); + l2n(tout1, out); + } + if (l != -8) { + n2ln(in, tin0, tin1, l + 8); + tin0 ^= tout0; + tin1 ^= tout1; + tin[0] = tin0; + tin[1] = tin1; + CAST_encrypt(tin, ks); + tout0 = tin[0]; + tout1 = tin[1]; + l2n(tout0, out); + l2n(tout1, out); + } + l2n(tout0, iv); + l2n(tout1, iv); + } else { + n2l(iv, xor0); + n2l(iv, xor1); + iv -= 8; + for (l -= 8; l >= 0; l -= 8) { + n2l(in, tin0); + n2l(in, tin1); + tin[0] = tin0; + tin[1] = tin1; + CAST_decrypt(tin, ks); + tout0 = tin[0] ^ xor0; + tout1 = tin[1] ^ xor1; + l2n(tout0, out); + l2n(tout1, out); + xor0 = tin0; + xor1 = tin1; + } + if (l != -8) { + n2l(in, tin0); + n2l(in, tin1); + tin[0] = tin0; + tin[1] = tin1; + CAST_decrypt(tin, ks); + tout0 = tin[0] ^ xor0; + tout1 = tin[1] ^ xor1; + l2nn(tout0, tout1, out, l + 8); + xor0 = tin0; + xor1 = tin1; + } + l2n(xor0, iv); + l2n(xor1, iv); + } + tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; + tin[0] = tin[1] = 0; +} + +#define CAST_exp(l, A, a, n) \ + A[n / 4] = l; \ + a[n + 3] = (l)&0xff; \ + a[n + 2] = (l >> 8) & 0xff; \ + a[n + 1] = (l >> 16) & 0xff; \ + a[n + 0] = (l >> 24) & 0xff; +#define S4 CAST_S_table4 +#define S5 CAST_S_table5 +#define S6 CAST_S_table6 +#define S7 CAST_S_table7 + +void CAST_set_key(CAST_KEY *key, size_t len, const uint8_t *data) { + uint32_t x[16]; + uint32_t z[16]; + uint32_t k[32]; + uint32_t X[4], Z[4]; + uint32_t l, *K; + size_t i; + + for (i = 0; i < 16; i++) { + x[i] = 0; + } + + if (len > 16) { + len = 16; + } + + for (i = 0; i < len; i++) { + x[i] = data[i]; + } + + if (len <= 10) { + key->short_key = 1; + } else { + key->short_key = 0; + } + + K = &k[0]; + X[0] = ((x[0] << 24) | (x[1] << 16) | (x[2] << 8) | x[3]) & 0xffffffffL; + X[1] = ((x[4] << 24) | (x[5] << 16) | (x[6] << 8) | x[7]) & 0xffffffffL; + X[2] = ((x[8] << 24) | (x[9] << 16) | (x[10] << 8) | x[11]) & 0xffffffffL; + X[3] = ((x[12] << 24) | (x[13] << 16) | (x[14] << 8) | x[15]) & 0xffffffffL; + + for (;;) { + l = X[0] ^ S4[x[13]] ^ S5[x[15]] ^ S6[x[12]] ^ S7[x[14]] ^ S6[x[8]]; + CAST_exp(l, Z, z, 0); + l = X[2] ^ S4[z[0]] ^ S5[z[2]] ^ S6[z[1]] ^ S7[z[3]] ^ S7[x[10]]; + CAST_exp(l, Z, z, 4); + l = X[3] ^ S4[z[7]] ^ S5[z[6]] ^ S6[z[5]] ^ S7[z[4]] ^ S4[x[9]]; + CAST_exp(l, Z, z, 8); + l = X[1] ^ S4[z[10]] ^ S5[z[9]] ^ S6[z[11]] ^ S7[z[8]] ^ S5[x[11]]; + CAST_exp(l, Z, z, 12); + + K[0] = S4[z[8]] ^ S5[z[9]] ^ S6[z[7]] ^ S7[z[6]] ^ S4[z[2]]; + K[1] = S4[z[10]] ^ S5[z[11]] ^ S6[z[5]] ^ S7[z[4]] ^ S5[z[6]]; + K[2] = S4[z[12]] ^ S5[z[13]] ^ S6[z[3]] ^ S7[z[2]] ^ S6[z[9]]; + K[3] = S4[z[14]] ^ S5[z[15]] ^ S6[z[1]] ^ S7[z[0]] ^ S7[z[12]]; + + l = Z[2] ^ S4[z[5]] ^ S5[z[7]] ^ S6[z[4]] ^ S7[z[6]] ^ S6[z[0]]; + CAST_exp(l, X, x, 0); + l = Z[0] ^ S4[x[0]] ^ S5[x[2]] ^ S6[x[1]] ^ S7[x[3]] ^ S7[z[2]]; + CAST_exp(l, X, x, 4); + l = Z[1] ^ S4[x[7]] ^ S5[x[6]] ^ S6[x[5]] ^ S7[x[4]] ^ S4[z[1]]; + CAST_exp(l, X, x, 8); + l = Z[3] ^ S4[x[10]] ^ S5[x[9]] ^ S6[x[11]] ^ S7[x[8]] ^ S5[z[3]]; + CAST_exp(l, X, x, 12); + + K[4] = S4[x[3]] ^ S5[x[2]] ^ S6[x[12]] ^ S7[x[13]] ^ S4[x[8]]; + K[5] = S4[x[1]] ^ S5[x[0]] ^ S6[x[14]] ^ S7[x[15]] ^ S5[x[13]]; + K[6] = S4[x[7]] ^ S5[x[6]] ^ S6[x[8]] ^ S7[x[9]] ^ S6[x[3]]; + K[7] = S4[x[5]] ^ S5[x[4]] ^ S6[x[10]] ^ S7[x[11]] ^ S7[x[7]]; + + l = X[0] ^ S4[x[13]] ^ S5[x[15]] ^ S6[x[12]] ^ S7[x[14]] ^ S6[x[8]]; + CAST_exp(l, Z, z, 0); + l = X[2] ^ S4[z[0]] ^ S5[z[2]] ^ S6[z[1]] ^ S7[z[3]] ^ S7[x[10]]; + CAST_exp(l, Z, z, 4); + l = X[3] ^ S4[z[7]] ^ S5[z[6]] ^ S6[z[5]] ^ S7[z[4]] ^ S4[x[9]]; + CAST_exp(l, Z, z, 8); + l = X[1] ^ S4[z[10]] ^ S5[z[9]] ^ S6[z[11]] ^ S7[z[8]] ^ S5[x[11]]; + CAST_exp(l, Z, z, 12); + + K[8] = S4[z[3]] ^ S5[z[2]] ^ S6[z[12]] ^ S7[z[13]] ^ S4[z[9]]; + K[9] = S4[z[1]] ^ S5[z[0]] ^ S6[z[14]] ^ S7[z[15]] ^ S5[z[12]]; + K[10] = S4[z[7]] ^ S5[z[6]] ^ S6[z[8]] ^ S7[z[9]] ^ S6[z[2]]; + K[11] = S4[z[5]] ^ S5[z[4]] ^ S6[z[10]] ^ S7[z[11]] ^ S7[z[6]]; + + l = Z[2] ^ S4[z[5]] ^ S5[z[7]] ^ S6[z[4]] ^ S7[z[6]] ^ S6[z[0]]; + CAST_exp(l, X, x, 0); + l = Z[0] ^ S4[x[0]] ^ S5[x[2]] ^ S6[x[1]] ^ S7[x[3]] ^ S7[z[2]]; + CAST_exp(l, X, x, 4); + l = Z[1] ^ S4[x[7]] ^ S5[x[6]] ^ S6[x[5]] ^ S7[x[4]] ^ S4[z[1]]; + CAST_exp(l, X, x, 8); + l = Z[3] ^ S4[x[10]] ^ S5[x[9]] ^ S6[x[11]] ^ S7[x[8]] ^ S5[z[3]]; + CAST_exp(l, X, x, 12); + + K[12] = S4[x[8]] ^ S5[x[9]] ^ S6[x[7]] ^ S7[x[6]] ^ S4[x[3]]; + K[13] = S4[x[10]] ^ S5[x[11]] ^ S6[x[5]] ^ S7[x[4]] ^ S5[x[7]]; + K[14] = S4[x[12]] ^ S5[x[13]] ^ S6[x[3]] ^ S7[x[2]] ^ S6[x[8]]; + K[15] = S4[x[14]] ^ S5[x[15]] ^ S6[x[1]] ^ S7[x[0]] ^ S7[x[13]]; + if (K != k) { + break; + } + K += 16; + } + + for (i = 0; i < 16; i++) { + key->data[i * 2] = k[i]; + key->data[i * 2 + 1] = ((k[i + 16]) + 16) & 0x1f; + } +} + +/* The input and output encrypted as though 64bit cfb mode is being used. The + * extra state information to record how much of the 64bit block we have used + * is contained in *num. */ +void CAST_cfb64_encrypt(const uint8_t *in, uint8_t *out, long length, + const CAST_KEY *schedule, uint8_t *ivec, int *num, + int enc) { + uint32_t v0, v1, t; + int n = *num; + long l = length; + uint32_t ti[2]; + uint8_t *iv, c, cc; + + iv = ivec; + if (enc) { + while (l--) { + if (n == 0) { + n2l(iv, v0); + ti[0] = v0; + n2l(iv, v1); + ti[1] = v1; + CAST_encrypt((uint32_t *)ti, schedule); + iv = ivec; + t = ti[0]; + l2n(t, iv); + t = ti[1]; + l2n(t, iv); + iv = ivec; + } + c = *(in++) ^ iv[n]; + *(out++) = c; + iv[n] = c; + n = (n + 1) & 0x07; + } + } else { + while (l--) { + if (n == 0) { + n2l(iv, v0); + ti[0] = v0; + n2l(iv, v1); + ti[1] = v1; + CAST_encrypt((uint32_t *)ti, schedule); + iv = ivec; + t = ti[0]; + l2n(t, iv); + t = ti[1]; + l2n(t, iv); + iv = ivec; + } + cc = *(in++); + c = iv[n]; + iv[n] = cc; + *(out++) = c ^ cc; + n = (n + 1) & 0x07; + } + } + v0 = v1 = ti[0] = ti[1] = t = c = cc = 0; + *num = n; +} diff --git a/src/decrepit/cast/cast_tables.c b/src/decrepit/cast/cast_tables.c new file mode 100644 index 0000000..a00acd8 --- /dev/null +++ b/src/decrepit/cast/cast_tables.c @@ -0,0 +1,425 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] */ + +#include + +const uint32_t CAST_S_table0[256] = { + 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, + 0x6003e540, 0xcf9fc949, 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, + 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e, 0x28683b6f, 0xc07fd059, + 0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d, + 0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, + 0x22568e3a, 0xa2d341d0, 0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, + 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7, 0xb82cbaef, 0xd751d159, + 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935, + 0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, + 0xb48ee411, 0x4bff345d, 0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, + 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50, 0x882240f2, 0x0c6e4f38, + 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe, + 0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, + 0xe63d37e0, 0x2a54f6b3, 0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, + 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167, 0x38901091, 0xc6b505eb, + 0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291, + 0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, + 0xa0bebc3c, 0x54623779, 0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, + 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2, 0x81383f05, 0x6963c5c8, + 0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511, + 0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, + 0xaa573b04, 0x4a805d8d, 0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, + 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5, 0x6b54bfab, 0x2b0b1426, + 0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324, + 0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, + 0xe31231b2, 0x2ad5ad6c, 0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, + 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc, 0x7b5a41f0, 0xd37cfbad, + 0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d, + 0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, + 0x5ad328d8, 0xb347cc96, 0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, + 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a, 0x3f04442f, 0x6188b153, + 0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d, + 0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, + 0xdd24cb9e, 0x7e1c54bd, 0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, + 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6, 0x580304f0, 0xca042cf1, + 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9, + 0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, + 0xd5ea50f1, 0x85a92872, 0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, + 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c, 0x474d6ad7, 0x7c0c5e5c, + 0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e, + 0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, + 0xb141ab08, 0x7cca89b9, 0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, + 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf, +}; + +const uint32_t CAST_S_table1[256] = { + 0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, + 0x55889c94, 0x72fc0651, 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, + 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3, 0xa0b52f7b, 0x59e83605, + 0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb, + 0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, + 0x25a1ff41, 0xe180f806, 0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, + 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b, 0xe113c85b, 0xacc40083, + 0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359, + 0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, + 0x361e3084, 0xe4eb573b, 0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, + 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c, 0x10843094, 0x2537a95e, + 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34, + 0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, + 0x721d9bfd, 0xa58684bb, 0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, + 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd, 0xc5d655dd, 0xeb667064, + 0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860, + 0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, + 0x83ca6b94, 0x2d6ed23b, 0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, + 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304, 0x81ed6f61, 0x20e74364, + 0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b, + 0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, + 0xa4b09f6b, 0x1ca815cf, 0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, + 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c, 0xee41e729, 0x6e1d2d7c, + 0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13, + 0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, + 0x7cbad9a2, 0x2180036f, 0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, + 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6, 0xcdf0b680, 0x17844d3b, + 0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6, + 0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, + 0xef8579cc, 0xd152de58, 0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, + 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906, 0xb8da230c, 0x80823028, + 0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d, + 0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, + 0x273be979, 0xb0ffeaa6, 0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, + 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4, 0xdc8637a0, 0x16a7d3b1, + 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6, + 0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, + 0x145892f5, 0x91584f7f, 0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, + 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249, 0xb284600c, 0xd835731d, + 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa, + 0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, + 0x5c038323, 0x3e5d3bb9, 0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, + 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1, +}; + +const uint32_t CAST_S_table2[256] = { + 0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, + 0x8c1fc644, 0xaececa90, 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, + 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5, 0x11107d9f, 0x07647db9, + 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e, + 0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, + 0x9255c5ed, 0x1257a240, 0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, + 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5, 0xa8c01db7, 0x579fc264, + 0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b, + 0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, + 0xc5884a28, 0xccc36f71, 0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, + 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04, 0xa747d2d0, 0x1651192e, + 0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82, + 0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, + 0x796fb449, 0x8252dc15, 0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, + 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2, 0x23efe941, 0xa903f12e, + 0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176, + 0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, + 0x96bbb682, 0x93b4b148, 0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, + 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc, 0x8b907cee, 0xb51fd240, + 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341, + 0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, + 0x127dadaa, 0x438a074e, 0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, + 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51, 0x68cc7bfb, 0xd90f2788, + 0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f, + 0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, + 0x27627545, 0x825cf47a, 0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, + 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b, 0x285ba1c8, 0x3c62f44f, + 0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b, + 0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, + 0x12deca4d, 0x2c3f8cc5, 0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, + 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45, 0x3a609437, 0xec00c9a9, + 0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536, + 0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, + 0xa2e53f55, 0xb9e6d4bc, 0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, + 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0, 0x947b0001, 0x570075d2, + 0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69, + 0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, + 0xf1ac2571, 0xcc8239c2, 0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, + 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49, 0x5727c148, 0x2be98a1d, + 0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d, + 0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, + 0x52bce688, 0x1b03588a, 0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, + 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783, +}; + +const uint32_t CAST_S_table3[256] = { + 0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, + 0x85510443, 0xfa020ed1, 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, + 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf, 0x28147f5f, 0x4fa2b8cd, + 0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15, + 0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, + 0x081b08ca, 0x05170121, 0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, + 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25, 0xce84ffdf, 0xf5718801, + 0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5, + 0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, + 0x72500e03, 0xf80eb2bb, 0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, + 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5, 0x4d351805, 0x7f3d5ce3, + 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d, + 0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, + 0x18f8931e, 0x281658e6, 0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, + 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23, 0x69dead38, 0x1574ca16, + 0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003, + 0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, + 0x0ce5c2ec, 0x4db4bba6, 0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, + 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119, 0x6e85cb75, 0xbe07c002, + 0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24, + 0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, + 0x041afa32, 0x1d16625a, 0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, + 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79, 0x026a4ceb, 0x52437eff, + 0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df, + 0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, + 0x213d42f6, 0x2c1c7c26, 0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, + 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab, 0x63315c21, 0x5e0a72ec, + 0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7, + 0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, + 0xcfcbd12f, 0xc1de8417, 0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, + 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2, 0x6f7de532, 0x58fd7eb6, + 0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2, + 0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, + 0xaf9eb3db, 0x29c9ed2a, 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, + 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919, 0x77079103, 0xdea03af6, + 0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef, + 0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, + 0xf3e0eb5b, 0xd6cc9876, 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, + 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab, 0xb5676e69, 0x9bd3ddda, + 0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04, + 0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, + 0xb657c34d, 0x4edfd282, 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, + 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2, +}; + +const uint32_t CAST_S_table4[256] = { + 0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff, 0x1dd358f5, + 0x44dd9d44, 0x1731167f, 0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, + 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a, 0xe6a2e77f, 0xf0c720cd, + 0xc4494816, 0xccf5c180, 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff, + 0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d, 0x248eb6fb, + 0x8dba1cfe, 0x41a99b02, 0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, + 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a, 0xf2f3f763, 0x68af8040, + 0xed0c9e56, 0x11b4958b, 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7, + 0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a, 0x578535f2, + 0x2261be02, 0xd642a0c9, 0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, + 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981, 0x5c1ff900, 0xfe38d399, + 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774, + 0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f, 0x0ec50966, + 0xdfdd55bc, 0x29de0655, 0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, + 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2, 0xbcf3f0aa, 0x87ac36e9, + 0xe53a7426, 0x01b3d82b, 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910, + 0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6, 0x50f5b616, + 0xf24766e3, 0x8eca36c1, 0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, + 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da, 0x26e46695, 0xb7566419, + 0xf654efc5, 0xd08d58b7, 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049, + 0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd, 0x9e0885f9, + 0x68cb3e47, 0x086c010f, 0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, + 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba, 0x0ab378d5, 0xd951fb0c, + 0xded7da56, 0x4124bbe4, 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be, + 0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280, 0x05687715, + 0x646c6bd7, 0x44904db3, 0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, + 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840, 0x76f0ae02, 0x083be84d, + 0x28421c9a, 0x44489406, 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4, + 0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717, 0x7d161bba, + 0x9cad9010, 0xaf462ba2, 0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, + 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7, 0x445f7382, 0x175683f4, + 0xcdc66a97, 0x70be0288, 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5, + 0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572, 0xf6721b2c, + 0x1ad2fff3, 0x8c25404e, 0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, + 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e, 0x44094f85, 0x3f481d87, + 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801, + 0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874, 0x95055110, + 0x1b5ad7a8, 0xf61ed5ad, 0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, + 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0, 0x5ce96c28, 0xe176eda3, + 0x6bac307f, 0x376829d2, 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20, + 0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a, 0xeeb9491d, + 0x34010718, 0xbb30cab8, 0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, + 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4, +}; + +const uint32_t CAST_S_table5[256] = { + 0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7, 0x016843b4, + 0xeced5cbc, 0x325553ac, 0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, + 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138, 0x33f14961, 0xc01937bd, + 0xf506c6da, 0xe4625e7e, 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367, + 0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d, 0x09a8486f, + 0xa888614a, 0x2900af98, 0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, + 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072, 0xfd41197e, 0x9305a6b0, + 0xe86be3da, 0x74bed3cd, 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3, + 0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01, 0x64bdb941, + 0x2c0e636a, 0xba7dd9cd, 0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, + 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8, 0x284caf89, 0xaa928223, + 0x9334be53, 0x3b3a21bf, 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9, + 0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc, 0x221db3a6, + 0x9a69a02f, 0x68818a54, 0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, + 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387, 0x53bddb65, 0xe76ffbe7, + 0xe967fd78, 0x0ba93563, 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc, + 0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f, 0x9528cd89, + 0xfd339fed, 0xb87834bf, 0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, + 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf, 0x4ec75b95, 0x24f2c3c0, + 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f, + 0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af, 0x692573e4, + 0xe9a9d848, 0xf3160289, 0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, + 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950, 0x36f73523, 0x4cfb6e87, + 0x7da4cec0, 0x6c152daa, 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f, + 0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d, 0x48b9d585, + 0xdc049441, 0xc8098f9b, 0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, + 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be, 0xbf32679d, 0xd45b5b75, + 0xb353fd00, 0xcbb0e358, 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13, + 0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a, 0xb6c85283, + 0x3cc2acfb, 0x3fc06976, 0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, + 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0, 0x3007cd3e, 0x74719eef, + 0xdc872681, 0x073340d4, 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891, + 0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98, 0xb173ecc0, + 0xbc60b42a, 0x953498da, 0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, + 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc, 0xe8816f4a, 0x3814f200, + 0xa3f94043, 0x9c7a54c2, 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084, + 0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5, 0xb6f6deaf, + 0x3a479c3a, 0x5302da25, 0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, + 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121, 0xb81a928a, 0x60ed5869, + 0x97c55b96, 0xeaec991b, 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5, + 0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1, 0xf544edeb, + 0xb0e93524, 0xbebb8fbd, 0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, + 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f, +}; + +const uint32_t CAST_S_table6[256] = { + 0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f, 0xab9bc912, + 0xde6008a1, 0x2028da1f, 0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, + 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de, 0xa05fbcf6, 0xcd4181e9, + 0xe150210c, 0xe24ef1bd, 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43, + 0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be, 0xbaeeadf4, + 0x1286becf, 0xb6eacb19, 0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, + 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2, 0x107789be, 0xb3b2e9ce, + 0x0502aa8f, 0x0bc0351e, 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516, + 0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce, 0x8c9341b7, + 0xd0d854c0, 0xcb3a6c88, 0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, + 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816, 0x0a961288, 0xe1a5c06e, + 0x13749e67, 0x72fc081a, 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756, + 0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511, 0x38bc46e9, + 0xc6e6fa14, 0xbae8584a, 0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, + 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264, 0x92544a8b, 0x009b4fc3, + 0xaba68ced, 0x9ac96f78, 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688, + 0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85, 0x61fe033c, + 0x16746233, 0x3c034c28, 0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, + 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3, 0x0c4fb99a, 0xbb325778, + 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7, + 0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32, 0xebd4e7be, + 0xbe8b9d2d, 0x7979fb06, 0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, + 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033, 0xf28ebfb0, 0xf5b9c310, + 0xa0eac280, 0x08b9767a, 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a, + 0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef, 0x4eeb8476, + 0x488dcf25, 0x36c9d566, 0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, + 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509, 0xf22b017d, 0xa4173f70, + 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962, + 0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22, 0xe32dbf9a, + 0x058745b9, 0x3453dc1e, 0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, + 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c, 0x66626c1c, 0x7154c24c, + 0xea082b2a, 0x93eb2939, 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c, + 0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108, 0xa1e7160e, + 0xe4f2dfa6, 0x693ed285, 0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, + 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301, 0xc79f022f, 0x3c997e7e, + 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be, + 0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d, 0xb5229301, + 0xcfd2a87f, 0x60aeb767, 0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, + 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647, 0x97fd61a9, 0xea7759f4, + 0x2d57539d, 0x569a58cf, 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914, + 0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc, 0x3d40f021, + 0xc3c0bdae, 0x4958c24c, 0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, + 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3, +}; + +const uint32_t CAST_S_table7[256] = { + 0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7, 0xe6c1121b, + 0x0e241600, 0x052ce8b5, 0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, + 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc, 0xde9adeb1, 0x0a0cc32c, + 0xbe197029, 0x84a00940, 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd, + 0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831, 0x3f8f95e7, + 0x72df191b, 0x7580330d, 0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, + 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2, 0x12a8ddec, 0xfdaa335d, + 0x176f43e8, 0x71fb46d4, 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862, + 0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f, 0xc28ec4b8, + 0x57e8726e, 0x647a78fc, 0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, + 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c, 0xbbd35049, 0x2998df04, + 0x980cf42a, 0x9b6df491, 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e, + 0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2, 0x19b47a38, + 0x424f7618, 0x35856039, 0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, + 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8, 0x7170c608, 0x2d5e3354, + 0xd4de495a, 0x64c6d006, 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42, + 0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e, 0x3e378160, + 0x7895cda5, 0x859c15a5, 0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, + 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472, 0x835ffcb8, 0x6df4c1f2, + 0x96f5b195, 0xfd0af0fc, 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225, + 0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187, 0xea7a6e98, + 0x7cd16efc, 0x1436876c, 0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, + 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb, 0xa842eedf, 0xfdba60b4, + 0xf1907b75, 0x20e3030f, 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054, + 0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d, 0x844a1be5, + 0xbae7dfdc, 0x42cbda70, 0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, + 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc, 0x77853b53, 0x37effcb5, + 0xc5068778, 0xe580b3e6, 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c, + 0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2, 0x37df932b, + 0xc4248289, 0xacf3ebc3, 0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, + 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4, 0xe87b40e4, 0xe98ea084, + 0x5889e9e1, 0xefd390fc, 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101, + 0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282, 0x7523d24a, + 0xe0779695, 0xf9c17a8f, 0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, + 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e, 0x11403092, 0x00da6d77, + 0x4a0cdd61, 0xad1f4603, 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a, + 0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca, 0x8951570f, + 0xdf09822b, 0xbd691a6c, 0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, + 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384, 0x5938fa0f, 0x42399ef3, + 0x36997b07, 0x0e84093d, 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c, + 0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82, 0x0d2059d1, + 0xa466bb1e, 0xf8da0a82, 0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, + 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e, +}; diff --git a/src/decrepit/macros.h b/src/decrepit/macros.h new file mode 100644 index 0000000..228183a --- /dev/null +++ b/src/decrepit/macros.h @@ -0,0 +1,123 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] */ + +#ifndef OPENSSL_HEADER_DECREPIT_MACROS_H +#define OPENSSL_HEADER_DECREPIT_MACROS_H + + +/* NOTE - c is not incremented as per n2l */ +#define n2ln(c, l1, l2, n) \ + { \ + c += n; \ + l1 = l2 = 0; \ + switch (n) { \ + case 8: \ + l2 = ((unsigned long)(*(--(c)))); \ + case 7: \ + l2 |= ((unsigned long)(*(--(c)))) << 8; \ + case 6: \ + l2 |= ((unsigned long)(*(--(c)))) << 16; \ + case 5: \ + l2 |= ((unsigned long)(*(--(c)))) << 24; \ + case 4: \ + l1 = ((unsigned long)(*(--(c)))); \ + case 3: \ + l1 |= ((unsigned long)(*(--(c)))) << 8; \ + case 2: \ + l1 |= ((unsigned long)(*(--(c)))) << 16; \ + case 1: \ + l1 |= ((unsigned long)(*(--(c)))) << 24; \ + } \ + } + +/* NOTE - c is not incremented as per l2n */ +#define l2nn(l1, l2, c, n) \ + { \ + c += n; \ + switch (n) { \ + case 8: \ + *(--(c)) = (unsigned char)(((l2)) & 0xff); \ + case 7: \ + *(--(c)) = (unsigned char)(((l2) >> 8) & 0xff); \ + case 6: \ + *(--(c)) = (unsigned char)(((l2) >> 16) & 0xff); \ + case 5: \ + *(--(c)) = (unsigned char)(((l2) >> 24) & 0xff); \ + case 4: \ + *(--(c)) = (unsigned char)(((l1)) & 0xff); \ + case 3: \ + *(--(c)) = (unsigned char)(((l1) >> 8) & 0xff); \ + case 2: \ + *(--(c)) = (unsigned char)(((l1) >> 16) & 0xff); \ + case 1: \ + *(--(c)) = (unsigned char)(((l1) >> 24) & 0xff); \ + } \ + } + +#define l2n(l, c) \ + (*((c)++) = (unsigned char)(((l) >> 24L) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 16L) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 8L) & 0xff), \ + *((c)++) = (unsigned char)(((l)) & 0xff)) + +#define n2l(c, l) \ + (l = ((unsigned long)(*((c)++))) << 24L, \ + l |= ((unsigned long)(*((c)++))) << 16L, \ + l |= ((unsigned long)(*((c)++))) << 8L, \ + l |= ((unsigned long)(*((c)++)))) + + +#endif /* OPENSSL_HEADER_DECREPIT_MACROS_H */ diff --git a/src/include/openssl/aead.h b/src/include/openssl/aead.h index 61cf3cd..dc453e3 100644 --- a/src/include/openssl/aead.h +++ b/src/include/openssl/aead.h @@ -115,18 +115,28 @@ OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_key_wrap(void); * See |EVP_aead_aes_128_key_wrap| for details. */ OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_key_wrap(void); +/* EVP_aead_aes_128_ctr_hmac_sha256 is AES-128 in CTR mode with HMAC-SHA256 for + * authentication. The nonce is 12 bytes; the bottom 32-bits are used as the + * block counter, thus the maximum plaintext size is 64GB. */ +OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_ctr_hmac_sha256(void); + +/* EVP_aead_aes_128_ctr_hmac_sha256 is AES-256 in CTR mode with HMAC-SHA256 for + * authentication. See |EVP_aead_aes_128_ctr_hmac_sha256| for details. */ +OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_ctr_hmac_sha256(void); + /* EVP_has_aes_hardware returns one if we enable hardware support for fast and * constant-time AES-GCM. */ OPENSSL_EXPORT int EVP_has_aes_hardware(void); -/* TLS specific AEAD algorithms. +/* TLS-specific AEAD algorithms. * * These AEAD primitives do not meet the definition of generic AEADs. They are - * all specific to TLS in some fashion and should not be used outside of that - * context. They require an additional data of length 11 (the standard TLS one - * with the length omitted). They are also stateful, so a given |EVP_AEAD_CTX| - * may only be used for one of seal or open, but not both. */ + * all specific to TLS and should not be used outside of that context. They must + * be initialized with |EVP_AEAD_CTX_init_with_direction|, are stateful, and may + * not be used concurrently. Any nonces are used as IVs, so they must be + * unpredictable. They only accept an |ad| parameter of length 11 (the standard + * TLS one with length omitted). */ OPENSSL_EXPORT const EVP_AEAD *EVP_aead_rc4_md5_tls(void); OPENSSL_EXPORT const EVP_AEAD *EVP_aead_rc4_sha1_tls(void); @@ -144,11 +154,13 @@ OPENSSL_EXPORT const EVP_AEAD *EVP_aead_des_ede3_cbc_sha1_tls(void); OPENSSL_EXPORT const EVP_AEAD *EVP_aead_des_ede3_cbc_sha1_tls_implicit_iv(void); -/* SSLv3 specific AEAD algorithms. +/* SSLv3-specific AEAD algorithms. * * These AEAD primitives do not meet the definition of generic AEADs. They are - * all specific to SSLv3 in some fashion and should not be used outside of that - * context. */ + * all specific to SSLv3 and should not be used outside of that context. They + * must be initialized with |EVP_AEAD_CTX_init_with_direction|, are stateful, + * and may not be used concurrently. They only accept an |ad| parameter of + * length 9 (the standard TLS one with length and version omitted). */ OPENSSL_EXPORT const EVP_AEAD *EVP_aead_rc4_md5_ssl3(void); OPENSSL_EXPORT const EVP_AEAD *EVP_aead_rc4_sha1_ssl3(void); @@ -205,17 +217,35 @@ typedef struct evp_aead_ctx_st { * be used. */ #define EVP_AEAD_DEFAULT_TAG_LENGTH 0 -/* EVP_AEAD_init initializes |ctx| for the given AEAD algorithm from |impl|. +/* evp_aead_direction_t denotes the direction of an AEAD operation. */ +enum evp_aead_direction_t { + evp_aead_open, + evp_aead_seal, +}; + +/* EVP_AEAD_CTX_init initializes |ctx| for the given AEAD algorithm from |impl|. * The |impl| argument may be NULL to choose the default implementation. * Authentication tags may be truncated by passing a size as |tag_len|. A * |tag_len| of zero indicates the default tag length and this is defined as * EVP_AEAD_DEFAULT_TAG_LENGTH for readability. - * Returns 1 on success. Otherwise returns 0 and pushes to the error stack. */ + * + * Returns 1 on success. Otherwise returns 0 and pushes to the error stack. In + * the error case, you do not need to call |EVP_AEAD_CTX_cleanup|, but it's + * harmless to do so. */ OPENSSL_EXPORT int EVP_AEAD_CTX_init(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead, const uint8_t *key, size_t key_len, size_t tag_len, ENGINE *impl); -/* EVP_AEAD_CTX_cleanup frees any data allocated by |ctx|. */ +/* EVP_AEAD_CTX_init_with_direction calls |EVP_AEAD_CTX_init| for normal + * AEADs. For TLS-specific and SSL3-specific AEADs, it initializes |ctx| for a + * given direction. */ +OPENSSL_EXPORT int EVP_AEAD_CTX_init_with_direction( + EVP_AEAD_CTX *ctx, const EVP_AEAD *aead, const uint8_t *key, size_t key_len, + size_t tag_len, enum evp_aead_direction_t dir); + +/* EVP_AEAD_CTX_cleanup frees any data allocated by |ctx|. It is a no-op to + * call |EVP_AEAD_CTX_cleanup| on a |EVP_AEAD_CTX| that has been |memset| to + * all zeros. */ OPENSSL_EXPORT void EVP_AEAD_CTX_cleanup(EVP_AEAD_CTX *ctx); /* EVP_AEAD_CTX_seal encrypts and authenticates |in_len| bytes from |in| and @@ -270,6 +300,14 @@ OPENSSL_EXPORT int EVP_AEAD_CTX_open(const EVP_AEAD_CTX *ctx, uint8_t *out, const uint8_t *ad, size_t ad_len); +/* Obscure functions. */ + +/* EVP_AEAD_CTX_get_rc4_state sets |*out_key| to point to an RC4 key structure. + * It returns one on success or zero if |ctx| doesn't have an RC4 key. */ +OPENSSL_EXPORT int EVP_AEAD_CTX_get_rc4_state(const EVP_AEAD_CTX *ctx, + const RC4_KEY **out_key); + + #if defined(__cplusplus) } /* extern C */ #endif diff --git a/src/include/openssl/asn1.h b/src/include/openssl/asn1.h index 941b156..4baf81c 100644 --- a/src/include/openssl/asn1.h +++ b/src/include/openssl/asn1.h @@ -517,7 +517,7 @@ struct X509_algor_st } /* X509_ALGOR */; DEFINE_STACK_OF(X509_ALGOR); -DECLARE_ASN1_FUNCTIONS(X509_ALGOR); +DECLARE_ASN1_FUNCTIONS(X509_ALGOR) typedef struct NETSCAPE_X509_st { @@ -1078,187 +1078,157 @@ OPENSSL_EXPORT int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix, asn1_ps_f } #endif -#define ASN1_F_asn1_template_ex_d2i 100 -#define ASN1_F_ASN1_dup 101 -#define ASN1_F_a2i_ASN1_STRING 102 -#define ASN1_F_ASN1_d2i_fp 103 -#define ASN1_F_d2i_ASN1_OBJECT 104 -#define ASN1_F_asn1_item_ex_combine_new 105 -#define ASN1_F_ASN1_template_new 106 -#define ASN1_F_asn1_do_adb 107 -#define ASN1_F_asn1_d2i_read_bio 108 -#define ASN1_F_asn1_ex_c2i 109 -#define ASN1_F_c2i_ASN1_INTEGER 110 -#define ASN1_F_ASN1_PCTX_new 111 -#define ASN1_F_ASN1_item_unpack 112 -#define ASN1_F_d2i_ASN1_type_bytes 113 -#define ASN1_F_a2i_ASN1_INTEGER 114 -#define ASN1_F_asn1_collect 115 -#define ASN1_F_ASN1_item_dup 116 -#define ASN1_F_ASN1_ENUMERATED_set 117 -#define ASN1_F_c2i_ASN1_OBJECT 118 -#define ASN1_F_ASN1_unpack_string 119 -#define ASN1_F_d2i_ASN1_UINTEGER 120 -#define ASN1_F_long_c2i 121 -#define ASN1_F_ASN1_seq_pack 122 -#define ASN1_F_a2d_ASN1_OBJECT 123 -#define ASN1_F_ASN1_STRING_type_new 124 -#define ASN1_F_ASN1_INTEGER_set 125 -#define ASN1_F_BN_to_ASN1_INTEGER 126 -#define ASN1_F_BIO_new_NDEF 127 -#define ASN1_F_ASN1_ENUMERATED_to_BN 128 -#define ASN1_F_ASN1_item_ex_d2i 129 -#define ASN1_F_ASN1_INTEGER_to_BN 130 -#define ASN1_F_i2d_ASN1_TIME 131 -#define ASN1_F_ASN1_TIME_adj 132 -#define ASN1_F_ASN1_BIT_STRING_set_bit 133 -#define ASN1_F_ASN1_seq_unpack 134 -#define ASN1_F_ASN1_item_pack 135 -#define ASN1_F_ASN1_STRING_set 136 -#define ASN1_F_ASN1_UTCTIME_adj 137 -#define ASN1_F_ASN1_mbstring_ncopy 138 -#define ASN1_F_d2i_ASN1_BOOLEAN 139 -#define ASN1_F_ASN1_OBJECT_new 140 -#define ASN1_F_asn1_template_noexp_d2i 141 -#define ASN1_F_c2i_ASN1_BIT_STRING 142 -#define ASN1_F_BN_to_ASN1_ENUMERATED 143 -#define ASN1_F_asn1_d2i_ex_primitive 144 -#define ASN1_F_ASN1_i2d_bio 145 -#define ASN1_F_ASN1_item_i2d_bio 146 -#define ASN1_F_d2i_ASN1_UTCTIME 147 -#define ASN1_F_ASN1_STRING_TABLE_add 148 -#define ASN1_F_asn1_find_end 149 -#define ASN1_F_ASN1_item_d2i_fp 150 -#define ASN1_F_collect_data 151 -#define ASN1_F_asn1_check_tlen 152 -#define ASN1_F_ASN1_i2d_fp 153 -#define ASN1_F_ASN1_item_i2d_fp 154 -#define ASN1_F_ASN1_GENERALIZEDTIME_adj 155 -#define ASN1_F_asn1_collate_primitive 156 -#define ASN1_F_ASN1_pack_string 157 -#define ASN1_F_ASN1_get_object 158 -#define ASN1_F_d2i_ASN1_bytes 159 -#define ASN1_F_a2i_ASN1_ENUMERATED 160 -#define ASN1_R_ASN1_SIG_PARSE_ERROR 100 -#define ASN1_R_ADDING_OBJECT 101 -#define ASN1_R_MIME_NO_CONTENT_TYPE 102 -#define ASN1_R_UNKNOWN_OBJECT_TYPE 103 -#define ASN1_R_ILLEGAL_FORMAT 104 -#define ASN1_R_HEADER_TOO_LONG 105 -#define ASN1_R_INVALID_UTF8STRING 106 -#define ASN1_R_EXPLICIT_LENGTH_MISMATCH 107 -#define ASN1_R_ILLEGAL_TAGGED_ANY 108 -#define ASN1_R_DATA_IS_WRONG 109 -#define ASN1_R_NOT_ASCII_FORMAT 110 -#define ASN1_R_NOT_ENOUGH_DATA 111 -#define ASN1_R_MSTRING_NOT_UNIVERSAL 112 -#define ASN1_R_UNKNOWN_FORMAT 113 -#define ASN1_R_BAD_PASSWORD_READ 115 -#define ASN1_R_BAD_OBJECT_HEADER 116 -#define ASN1_R_ILLEGAL_CHARACTERS 117 -#define ASN1_R_CONTEXT_NOT_INITIALISED 118 -#define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 119 -#define ASN1_R_BN_LIB 120 -#define ASN1_R_NO_MATCHING_CHOICE_TYPE 121 -#define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 122 -#define ASN1_R_ASN1_PARSE_ERROR 123 -#define ASN1_R_NO_MULTIPART_BOUNDARY 124 -#define ASN1_R_INVALID_SEPARATOR 125 -#define ASN1_R_MALLOC_FAILURE 126 -#define ASN1_R_ILLEGAL_NULL 127 -#define ASN1_R_INVALID_MIME_TYPE 128 -#define ASN1_R_INVALID_NUMBER 129 -#define ASN1_R_STRING_TOO_LONG 130 -#define ASN1_R_BAD_GET_ASN1_OBJECT_CALL 131 -#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 132 -#define ASN1_R_EXPECTING_A_TIME 133 -#define ASN1_R_TAG_VALUE_TOO_HIGH 134 -#define ASN1_R_NESTED_ASN1_STRING 135 -#define ASN1_R_ILLEGAL_BITSTRING_FORMAT 136 -#define ASN1_R_MISSING_SECOND_NUMBER 137 -#define ASN1_R_TIME_NOT_ASCII_FORMAT 138 -#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 139 -#define ASN1_R_WRONG_TYPE 140 -#define ASN1_R_EXPECTING_AN_INTEGER 141 -#define ASN1_R_DEPTH_EXCEEDED 142 -#define ASN1_R_ILLEGAL_OBJECT 143 -#define ASN1_R_UNKNOWN_TAG 144 -#define ASN1_R_ILLEGAL_IMPLICIT_TAG 145 -#define ASN1_R_AUX_ERROR 146 -#define ASN1_R_SEQUENCE_LENGTH_MISMATCH 147 -#define ASN1_R_FIELD_MISSING 148 -#define ASN1_R_TYPE_NOT_CONSTRUCTED 149 -#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 150 -#define ASN1_R_FIRST_NUM_TOO_LARGE 151 -#define ASN1_R_INVALID_DIGIT 152 -#define ASN1_R_MSTRING_WRONG_TAG 153 -#define ASN1_R_OBJECT_NOT_ASCII_FORMAT 154 -#define ASN1_R_UNSUPPORTED_TYPE 155 -#define ASN1_R_ERROR_LOADING_SECTION 156 -#define ASN1_R_ODD_NUMBER_OF_CHARS 157 -#define ASN1_R_ASN1_LENGTH_MISMATCH 158 -#define ASN1_R_MISSING_EOC 159 -#define ASN1_R_ILLEGAL_INTEGER 160 -#define ASN1_R_ILLEGAL_HEX 161 -#define ASN1_R_NESTED_ASN1_ERROR 162 -#define ASN1_R_TOO_LONG 163 -#define ASN1_R_LENGTH_ERROR 164 -#define ASN1_R_DECODING_ERROR 165 -#define ASN1_R_MIME_SIG_PARSE_ERROR 166 -#define ASN1_R_ILLEGAL_NULL_VALUE 167 -#define ASN1_R_EXPECTING_A_BOOLEAN 168 -#define ASN1_R_STREAMING_NOT_SUPPORTED 169 -#define ASN1_R_INVALID_BMPSTRING_LENGTH 170 -#define ASN1_R_INTEGER_NOT_ASCII_FORMAT 171 -#define ASN1_R_INVALID_MODIFIER 172 -#define ASN1_R_UNEXPECTED_EOC 173 -#define ASN1_R_ILLEGAL_NESTED_TAGGING 174 -#define ASN1_R_IV_TOO_LARGE 175 -#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 176 -#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 177 -#define ASN1_R_BUFFER_TOO_SMALL 178 -#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 179 -#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 181 -#define ASN1_R_MIME_PARSE_ERROR 182 -#define ASN1_R_INVALID_OBJECT_ENCODING 183 -#define ASN1_R_PRIVATE_KEY_HEADER_MISSING 184 -#define ASN1_R_UNSUPPORTED_CIPHER 185 -#define ASN1_R_NO_MULTIPART_BODY_FAILURE 186 -#define ASN1_R_NO_CONTENT_TYPE 187 -#define ASN1_R_SECOND_NUMBER_TOO_LARGE 188 -#define ASN1_R_INVALID_TIME_FORMAT 189 -#define ASN1_R_NO_DEFAULT_DIGEST 190 -#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 191 -#define ASN1_R_EXPECTING_AN_OBJECT 192 -#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 193 -#define ASN1_R_ERROR_GETTING_TIME 194 -#define ASN1_R_MISSING_VALUE 195 -#define ASN1_R_LIST_ERROR 196 -#define ASN1_R_DECODE_ERROR 197 -#define ASN1_R_NON_HEX_CHARACTERS 198 -#define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 199 -#define ASN1_R_EXPECTING_AN_ASN1_SEQUENCE 201 -#define ASN1_R_STRING_TOO_SHORT 203 -#define ASN1_R_ILLEGAL_OPTIONAL_ANY 204 -#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 205 -#define ASN1_R_NO_SIG_CONTENT_TYPE 206 -#define ASN1_R_ENCODE_ERROR 207 -#define ASN1_R_SHORT_LINE 208 -#define ASN1_R_ILLEGAL_TIME_VALUE 209 -#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 210 -#define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 211 -#define ASN1_R_BAD_CLASS 212 -#define ASN1_R_BAD_TAG 213 -#define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 214 -#define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 215 -#define ASN1_R_ILLEGAL_BOOLEAN 216 -#define ASN1_R_SIG_INVALID_MIME_TYPE 217 -#define ASN1_R_NULL_IS_WRONG_LENGTH 218 -#define ASN1_R_MISSING_ASN1_EOS 219 -#define ASN1_R_ERROR_PARSING_SET_ELEMENT 220 -#define ASN1_R_WRONG_TAG 221 -#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 222 -#define ASN1_R_TYPE_NOT_PRIMITIVE 223 -#define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 224 +#define ASN1_F_ASN1_BIT_STRING_set_bit 100 +#define ASN1_F_ASN1_ENUMERATED_set 101 +#define ASN1_F_ASN1_ENUMERATED_to_BN 102 +#define ASN1_F_ASN1_GENERALIZEDTIME_adj 103 +#define ASN1_F_ASN1_INTEGER_set 104 +#define ASN1_F_ASN1_INTEGER_to_BN 105 +#define ASN1_F_ASN1_OBJECT_new 106 +#define ASN1_F_ASN1_PCTX_new 107 +#define ASN1_F_ASN1_STRING_TABLE_add 108 +#define ASN1_F_ASN1_STRING_set 109 +#define ASN1_F_ASN1_STRING_type_new 110 +#define ASN1_F_ASN1_TIME_adj 111 +#define ASN1_F_ASN1_UTCTIME_adj 112 +#define ASN1_F_ASN1_d2i_fp 113 +#define ASN1_F_ASN1_dup 114 +#define ASN1_F_ASN1_generate_v3 115 +#define ASN1_F_ASN1_get_object 116 +#define ASN1_F_ASN1_i2d_bio 117 +#define ASN1_F_ASN1_i2d_fp 118 +#define ASN1_F_ASN1_item_d2i_fp 119 +#define ASN1_F_ASN1_item_dup 120 +#define ASN1_F_ASN1_item_ex_d2i 121 +#define ASN1_F_ASN1_item_i2d_bio 122 +#define ASN1_F_ASN1_item_i2d_fp 123 +#define ASN1_F_ASN1_item_pack 124 +#define ASN1_F_ASN1_item_unpack 125 +#define ASN1_F_ASN1_mbstring_ncopy 126 +#define ASN1_F_ASN1_template_new 127 +#define ASN1_F_BIO_new_NDEF 128 +#define ASN1_F_BN_to_ASN1_ENUMERATED 129 +#define ASN1_F_BN_to_ASN1_INTEGER 130 +#define ASN1_F_a2d_ASN1_OBJECT 131 +#define ASN1_F_a2i_ASN1_ENUMERATED 132 +#define ASN1_F_a2i_ASN1_INTEGER 133 +#define ASN1_F_a2i_ASN1_STRING 134 +#define ASN1_F_append_exp 135 +#define ASN1_F_asn1_cb 136 +#define ASN1_F_asn1_check_tlen 137 +#define ASN1_F_asn1_collate_primitive 138 +#define ASN1_F_asn1_collect 139 +#define ASN1_F_asn1_d2i_ex_primitive 140 +#define ASN1_F_asn1_d2i_read_bio 141 +#define ASN1_F_asn1_do_adb 142 +#define ASN1_F_asn1_ex_c2i 143 +#define ASN1_F_asn1_find_end 144 +#define ASN1_F_asn1_item_ex_combine_new 145 +#define ASN1_F_asn1_str2type 146 +#define ASN1_F_asn1_template_ex_d2i 147 +#define ASN1_F_asn1_template_noexp_d2i 148 +#define ASN1_F_bitstr_cb 149 +#define ASN1_F_c2i_ASN1_BIT_STRING 150 +#define ASN1_F_c2i_ASN1_INTEGER 151 +#define ASN1_F_c2i_ASN1_OBJECT 152 +#define ASN1_F_collect_data 153 +#define ASN1_F_d2i_ASN1_BOOLEAN 154 +#define ASN1_F_d2i_ASN1_OBJECT 155 +#define ASN1_F_d2i_ASN1_UINTEGER 156 +#define ASN1_F_d2i_ASN1_UTCTIME 157 +#define ASN1_F_d2i_ASN1_bytes 158 +#define ASN1_F_d2i_ASN1_type_bytes 159 +#define ASN1_F_i2d_ASN1_TIME 160 +#define ASN1_F_i2d_PrivateKey 161 +#define ASN1_F_long_c2i 162 +#define ASN1_F_parse_tagging 163 +#define ASN1_R_ASN1_LENGTH_MISMATCH 100 +#define ASN1_R_AUX_ERROR 101 +#define ASN1_R_BAD_GET_ASN1_OBJECT_CALL 102 +#define ASN1_R_BAD_OBJECT_HEADER 103 +#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 104 +#define ASN1_R_BN_LIB 105 +#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 +#define ASN1_R_BUFFER_TOO_SMALL 107 +#define ASN1_R_DECODE_ERROR 108 +#define ASN1_R_DEPTH_EXCEEDED 109 +#define ASN1_R_ENCODE_ERROR 110 +#define ASN1_R_ERROR_GETTING_TIME 111 +#define ASN1_R_EXPECTING_AN_ASN1_SEQUENCE 112 +#define ASN1_R_EXPECTING_AN_INTEGER 113 +#define ASN1_R_EXPECTING_AN_OBJECT 114 +#define ASN1_R_EXPECTING_A_BOOLEAN 115 +#define ASN1_R_EXPECTING_A_TIME 116 +#define ASN1_R_EXPLICIT_LENGTH_MISMATCH 117 +#define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 118 +#define ASN1_R_FIELD_MISSING 119 +#define ASN1_R_FIRST_NUM_TOO_LARGE 120 +#define ASN1_R_HEADER_TOO_LONG 121 +#define ASN1_R_ILLEGAL_BITSTRING_FORMAT 122 +#define ASN1_R_ILLEGAL_BOOLEAN 123 +#define ASN1_R_ILLEGAL_CHARACTERS 124 +#define ASN1_R_ILLEGAL_FORMAT 125 +#define ASN1_R_ILLEGAL_HEX 126 +#define ASN1_R_ILLEGAL_IMPLICIT_TAG 127 +#define ASN1_R_ILLEGAL_INTEGER 128 +#define ASN1_R_ILLEGAL_NESTED_TAGGING 129 +#define ASN1_R_ILLEGAL_NULL 130 +#define ASN1_R_ILLEGAL_NULL_VALUE 131 +#define ASN1_R_ILLEGAL_OBJECT 132 +#define ASN1_R_ILLEGAL_OPTIONAL_ANY 133 +#define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 134 +#define ASN1_R_ILLEGAL_TAGGED_ANY 135 +#define ASN1_R_ILLEGAL_TIME_VALUE 136 +#define ASN1_R_INTEGER_NOT_ASCII_FORMAT 137 +#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 138 +#define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 139 +#define ASN1_R_INVALID_BMPSTRING_LENGTH 140 +#define ASN1_R_INVALID_DIGIT 141 +#define ASN1_R_INVALID_MODIFIER 142 +#define ASN1_R_INVALID_NUMBER 143 +#define ASN1_R_INVALID_OBJECT_ENCODING 144 +#define ASN1_R_INVALID_SEPARATOR 145 +#define ASN1_R_INVALID_TIME_FORMAT 146 +#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 147 +#define ASN1_R_INVALID_UTF8STRING 148 +#define ASN1_R_LIST_ERROR 149 +#define ASN1_R_MALLOC_FAILURE 150 +#define ASN1_R_MISSING_ASN1_EOS 151 +#define ASN1_R_MISSING_EOC 152 +#define ASN1_R_MISSING_SECOND_NUMBER 153 +#define ASN1_R_MISSING_VALUE 154 +#define ASN1_R_MSTRING_NOT_UNIVERSAL 155 +#define ASN1_R_MSTRING_WRONG_TAG 156 +#define ASN1_R_NESTED_ASN1_ERROR 157 +#define ASN1_R_NESTED_ASN1_STRING 158 +#define ASN1_R_NON_HEX_CHARACTERS 159 +#define ASN1_R_NOT_ASCII_FORMAT 160 +#define ASN1_R_NOT_ENOUGH_DATA 161 +#define ASN1_R_NO_MATCHING_CHOICE_TYPE 162 +#define ASN1_R_NULL_IS_WRONG_LENGTH 163 +#define ASN1_R_OBJECT_NOT_ASCII_FORMAT 164 +#define ASN1_R_ODD_NUMBER_OF_CHARS 165 +#define ASN1_R_SECOND_NUMBER_TOO_LARGE 166 +#define ASN1_R_SEQUENCE_LENGTH_MISMATCH 167 +#define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 168 +#define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 169 +#define ASN1_R_SHORT_LINE 170 +#define ASN1_R_STREAMING_NOT_SUPPORTED 171 +#define ASN1_R_STRING_TOO_LONG 172 +#define ASN1_R_STRING_TOO_SHORT 173 +#define ASN1_R_TAG_VALUE_TOO_HIGH 174 +#define ASN1_R_TIME_NOT_ASCII_FORMAT 175 +#define ASN1_R_TOO_LONG 176 +#define ASN1_R_TYPE_NOT_CONSTRUCTED 177 +#define ASN1_R_TYPE_NOT_PRIMITIVE 178 +#define ASN1_R_UNEXPECTED_EOC 179 +#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 180 +#define ASN1_R_UNKNOWN_FORMAT 181 +#define ASN1_R_UNKNOWN_TAG 182 +#define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 183 +#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 184 +#define ASN1_R_UNSUPPORTED_TYPE 185 +#define ASN1_R_WRONG_TAG 186 +#define ASN1_R_WRONG_TYPE 187 #endif diff --git a/src/include/openssl/asn1_mac.h b/src/include/openssl/asn1_mac.h index 3e8eebb..49b2a28 100644 --- a/src/include/openssl/asn1_mac.h +++ b/src/include/openssl/asn1_mac.h @@ -65,512 +65,10 @@ extern "C" { #endif -#ifndef ASN1_MAC_ERR_LIB -#define ASN1_MAC_ERR_LIB ERR_LIB_ASN1 -#endif - -#define ASN1_MAC_H_err(f,r,line) \ - ERR_put_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line)) - -#define M_ASN1_D2I_vars(a,type,func) \ - ASN1_const_CTX c; \ - type ret=NULL; \ - \ - c.pp=(const unsigned char **)pp; \ - c.q= *(const unsigned char **)pp; \ - c.error=ASN1_R_NESTED_ASN1_ERROR; \ - if ((a == NULL) || ((*a) == NULL)) \ - { if ((ret=(type)func()) == NULL) \ - { c.line=__LINE__; goto err; } } \ - else ret=(*a); - -#define M_ASN1_D2I_Init() \ - c.p= *(const unsigned char **)pp; \ - c.max=(length == 0)?0:(c.p+length); - -#define M_ASN1_D2I_Finish_2(a) \ - if (!asn1_const_Finish(&c)) \ - { c.line=__LINE__; goto err; } \ - *(const unsigned char **)pp=c.p; \ - if (a != NULL) (*a)=ret; \ - return(ret); - -#define M_ASN1_D2I_Finish(a,func,e) \ - M_ASN1_D2I_Finish_2(a); \ -err:\ - ASN1_MAC_H_err((e),c.error,c.line); \ - asn1_add_error(*(const unsigned char **)pp,(int)(c.q- *pp)); \ - if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \ - return(NULL) - -#define M_ASN1_D2I_start_sequence() \ - if (!asn1_GetSequence(&c,&length)) \ - { c.line=__LINE__; goto err; } -/* Begin reading ASN1 without a surrounding sequence */ -#define M_ASN1_D2I_begin() \ - c.slen = length; - -/* End reading ASN1 with no check on length */ -#define M_ASN1_D2I_Finish_nolen(a, func, e) \ - *pp=c.p; \ - if (a != NULL) (*a)=ret; \ - return(ret); \ -err:\ - ASN1_MAC_H_err((e),c.error,c.line); \ - asn1_add_error(*pp,(int)(c.q- *pp)); \ - if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \ - return(NULL) - -#define M_ASN1_D2I_end_sequence() \ - (((c.inf&1) == 0)?(c.slen <= 0): \ - (c.eos=ASN1_const_check_infinite_end(&c.p,c.slen))) - -/* Don't use this with d2i_ASN1_BOOLEAN() */ -#define M_ASN1_D2I_get(b, func) \ - c.q=c.p; \ - if (func(&(b),&c.p,c.slen) == NULL) \ - {c.line=__LINE__; goto err; } \ - c.slen-=(c.p-c.q); - -/* Don't use this with d2i_ASN1_BOOLEAN() */ -#define M_ASN1_D2I_get_x(type,b,func) \ - c.q=c.p; \ - if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \ - {c.line=__LINE__; goto err; } \ - c.slen-=(c.p-c.q); - -/* use this instead () */ -#define M_ASN1_D2I_get_int(b,func) \ - c.q=c.p; \ - if (func(&(b),&c.p,c.slen) < 0) \ - {c.line=__LINE__; goto err; } \ - c.slen-=(c.p-c.q); - -#define M_ASN1_D2I_get_opt(b,func,type) \ - if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \ - == (V_ASN1_UNIVERSAL|(type)))) \ - { \ - M_ASN1_D2I_get(b,func); \ - } - -#define M_ASN1_D2I_get_int_opt(b,func,type) \ - if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \ - == (V_ASN1_UNIVERSAL|(type)))) \ - { \ - M_ASN1_D2I_get_int(b,func); \ - } - -#define M_ASN1_D2I_get_imp(b,func, type) \ - M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \ - c.q=c.p; \ - if (func(&(b),&c.p,c.slen) == NULL) \ - {c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \ - c.slen-=(c.p-c.q);\ - M_ASN1_next_prev=_tmp; - -#define M_ASN1_D2I_get_IMP_opt(b,func,tag,type) \ - if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == \ - (V_ASN1_CONTEXT_SPECIFIC|(tag)))) \ - { \ - unsigned char _tmp = M_ASN1_next; \ - M_ASN1_D2I_get_imp(b,func, type);\ - } - -#define M_ASN1_D2I_get_set(r,func,free_func) \ - M_ASN1_D2I_get_imp_set(r,func,free_func, \ - V_ASN1_SET,V_ASN1_UNIVERSAL); - -#define M_ASN1_D2I_get_set_type(type,r,func,free_func) \ - M_ASN1_D2I_get_imp_set_type(type,r,func,free_func, \ - V_ASN1_SET,V_ASN1_UNIVERSAL); - -#define M_ASN1_D2I_get_set_opt(r,func,free_func) \ - if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ - V_ASN1_CONSTRUCTED|V_ASN1_SET)))\ - { M_ASN1_D2I_get_set(r,func,free_func); } - -#define M_ASN1_D2I_get_set_opt_type(type,r,func,free_func) \ - if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ - V_ASN1_CONSTRUCTED|V_ASN1_SET)))\ - { M_ASN1_D2I_get_set_type(type,r,func,free_func); } - -#define M_ASN1_I2D_len_SET_opt(a,f) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - M_ASN1_I2D_len_SET(a,f); - -#define M_ASN1_I2D_put_SET_opt(a,f) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - M_ASN1_I2D_put_SET(a,f); - -#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - M_ASN1_I2D_put_SEQUENCE(a,f); - -#define M_ASN1_I2D_put_SEQUENCE_opt_type(type,a,f) \ - if ((a != NULL) && (sk_##type##_num(a) != 0)) \ - M_ASN1_I2D_put_SEQUENCE_type(type,a,f); - -#define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \ - if ((c.slen != 0) && \ - (M_ASN1_next == \ - (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\ - { \ - M_ASN1_D2I_get_imp_set(b,func,free_func,\ - tag,V_ASN1_CONTEXT_SPECIFIC); \ - } - -#define M_ASN1_D2I_get_IMP_set_opt_type(type,b,func,free_func,tag) \ - if ((c.slen != 0) && \ - (M_ASN1_next == \ - (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\ - { \ - M_ASN1_D2I_get_imp_set_type(type,b,func,free_func,\ - tag,V_ASN1_CONTEXT_SPECIFIC); \ - } - -#define M_ASN1_D2I_get_seq(r,func,free_func) \ - M_ASN1_D2I_get_imp_set(r,func,free_func,\ - V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); - -#define M_ASN1_D2I_get_seq_type(type,r,func,free_func) \ - M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\ - V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL) - -#define M_ASN1_D2I_get_seq_opt(r,func,free_func) \ - if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ - V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\ - { M_ASN1_D2I_get_seq(r,func,free_func); } - -#define M_ASN1_D2I_get_seq_opt_type(type,r,func,free_func) \ - if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ - V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\ - { M_ASN1_D2I_get_seq_type(type,r,func,free_func); } - -#define M_ASN1_D2I_get_IMP_set(r,func,free_func,x) \ - M_ASN1_D2I_get_imp_set(r,func,free_func,\ - x,V_ASN1_CONTEXT_SPECIFIC); - -#define M_ASN1_D2I_get_IMP_set_type(type,r,func,free_func,x) \ - M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\ - x,V_ASN1_CONTEXT_SPECIFIC); - -#define M_ASN1_D2I_get_imp_set(r,func,free_func,a,b) \ - c.q=c.p; \ - if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\ - (void (*)())free_func,a,b) == NULL) \ - { c.line=__LINE__; goto err; } \ - c.slen-=(c.p-c.q); - -#define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \ - c.q=c.p; \ - if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\ - free_func,a,b) == NULL) \ - { c.line=__LINE__; goto err; } \ - c.slen-=(c.p-c.q); - -#define M_ASN1_D2I_get_set_strings(r,func,a,b) \ - c.q=c.p; \ - if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \ - { c.line=__LINE__; goto err; } \ - c.slen-=(c.p-c.q); - -#define M_ASN1_D2I_get_EXP_opt(r,func,tag) \ - if ((c.slen != 0L) && (M_ASN1_next == \ - (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ - { \ - int Tinf,Ttag,Tclass; \ - long Tlen; \ - \ - c.q=c.p; \ - Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ - if (Tinf & 0x80) \ - { c.error=ASN1_R_BAD_OBJECT_HEADER; \ - c.line=__LINE__; goto err; } \ - if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ - Tlen = c.slen - (c.p - c.q) - 2; \ - if (func(&(r),&c.p,Tlen) == NULL) \ - { c.line=__LINE__; goto err; } \ - if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ - Tlen = c.slen - (c.p - c.q); \ - if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \ - { c.error=ASN1_R_MISSING_ASN1_EOS; \ - c.line=__LINE__; goto err; } \ - }\ - c.slen-=(c.p-c.q); \ - } - -#define M_ASN1_D2I_get_EXP_set_opt(r,func,free_func,tag,b) \ - if ((c.slen != 0) && (M_ASN1_next == \ - (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ - { \ - int Tinf,Ttag,Tclass; \ - long Tlen; \ - \ - c.q=c.p; \ - Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ - if (Tinf & 0x80) \ - { c.error=ASN1_R_BAD_OBJECT_HEADER; \ - c.line=__LINE__; goto err; } \ - if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ - Tlen = c.slen - (c.p - c.q) - 2; \ - if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \ - (void (*)())free_func, \ - b,V_ASN1_UNIVERSAL) == NULL) \ - { c.line=__LINE__; goto err; } \ - if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ - Tlen = c.slen - (c.p - c.q); \ - if(!ASN1_check_infinite_end(&c.p, Tlen)) \ - { c.error=ASN1_R_MISSING_ASN1_EOS; \ - c.line=__LINE__; goto err; } \ - }\ - c.slen-=(c.p-c.q); \ - } - -#define M_ASN1_D2I_get_EXP_set_opt_type(type,r,func,free_func,tag,b) \ - if ((c.slen != 0) && (M_ASN1_next == \ - (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ - { \ - int Tinf,Ttag,Tclass; \ - long Tlen; \ - \ - c.q=c.p; \ - Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ - if (Tinf & 0x80) \ - { c.error=ASN1_R_BAD_OBJECT_HEADER; \ - c.line=__LINE__; goto err; } \ - if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ - Tlen = c.slen - (c.p - c.q) - 2; \ - if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \ - free_func,b,V_ASN1_UNIVERSAL) == NULL) \ - { c.line=__LINE__; goto err; } \ - if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ - Tlen = c.slen - (c.p - c.q); \ - if(!ASN1_check_infinite_end(&c.p, Tlen)) \ - { c.error=ASN1_R_MISSING_ASN1_EOS; \ - c.line=__LINE__; goto err; } \ - }\ - c.slen-=(c.p-c.q); \ - } - -/* New macros */ -#define M_ASN1_New_Malloc(ret,type) \ - if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \ - { c.line=__LINE__; goto err2; } - -#define M_ASN1_New(arg,func) \ - if (((arg)=func()) == NULL) return(NULL) - -#define M_ASN1_New_Error(a) \ -/* err: ASN1_MAC_H_err((a),ASN1_R_NESTED_ASN1_ERROR,c.line); \ - return(NULL);*/ \ - err2: ASN1_MAC_H_err((a),ASN1_R_MALLOC_FAILURE,c.line); \ - return(NULL) +OPENSSL_EXPORT int asn1_GetSequence(ASN1_const_CTX *c, long *length); -/* BIG UGLY WARNING! This is so damn ugly I wanna puke. Unfortunately, - some macros that use ASN1_const_CTX still insist on writing in the input - stream. ARGH! ARGH! ARGH! Let's get rid of this macro package. - Please? -- Richard Levitte */ -#define M_ASN1_next (*((unsigned char *)(c.p))) -#define M_ASN1_next_prev (*((unsigned char *)(c.q))) - -/*************************************************/ - -#define M_ASN1_I2D_vars(a) int r=0,ret=0; \ - unsigned char *p; \ - if (a == NULL) return(0) - -/* Length Macros */ -#define M_ASN1_I2D_len(a,f) ret+=f(a,NULL) -#define M_ASN1_I2D_len_IMP_opt(a,f) if (a != NULL) M_ASN1_I2D_len(a,f) - -#define M_ASN1_I2D_len_SET(a,f) \ - ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET); - -#define M_ASN1_I2D_len_SET_type(type,a,f) \ - ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SET, \ - V_ASN1_UNIVERSAL,IS_SET); - -#define M_ASN1_I2D_len_SEQUENCE(a,f) \ - ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \ - IS_SEQUENCE); - -#define M_ASN1_I2D_len_SEQUENCE_type(type,a,f) \ - ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SEQUENCE, \ - V_ASN1_UNIVERSAL,IS_SEQUENCE) - -#define M_ASN1_I2D_len_SEQUENCE_opt(a,f) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - M_ASN1_I2D_len_SEQUENCE(a,f); - -#define M_ASN1_I2D_len_SEQUENCE_opt_type(type,a,f) \ - if ((a != NULL) && (sk_##type##_num(a) != 0)) \ - M_ASN1_I2D_len_SEQUENCE_type(type,a,f); - -#define M_ASN1_I2D_len_IMP_SET(a,f,x) \ - ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET); - -#define M_ASN1_I2D_len_IMP_SET_type(type,a,f,x) \ - ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ - V_ASN1_CONTEXT_SPECIFIC,IS_SET); - -#define M_ASN1_I2D_len_IMP_SET_opt(a,f,x) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ - IS_SET); - -#define M_ASN1_I2D_len_IMP_SET_opt_type(type,a,f,x) \ - if ((a != NULL) && (sk_##type##_num(a) != 0)) \ - ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ - V_ASN1_CONTEXT_SPECIFIC,IS_SET); - -#define M_ASN1_I2D_len_IMP_SEQUENCE(a,f,x) \ - ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ - IS_SEQUENCE); - -#define M_ASN1_I2D_len_IMP_SEQUENCE_opt(a,f,x) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ - IS_SEQUENCE); - -#define M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(type,a,f,x) \ - if ((a != NULL) && (sk_##type##_num(a) != 0)) \ - ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ - V_ASN1_CONTEXT_SPECIFIC, \ - IS_SEQUENCE); - -#define M_ASN1_I2D_len_EXP_opt(a,f,mtag,v) \ - if (a != NULL)\ - { \ - v=f(a,NULL); \ - ret+=ASN1_object_size(1,v,mtag); \ - } - -#define M_ASN1_I2D_len_EXP_SET_opt(a,f,mtag,tag,v) \ - if ((a != NULL) && (sk_num(a) != 0))\ - { \ - v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL,IS_SET); \ - ret+=ASN1_object_size(1,v,mtag); \ - } - -#define M_ASN1_I2D_len_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \ - if ((a != NULL) && (sk_num(a) != 0))\ - { \ - v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL, \ - IS_SEQUENCE); \ - ret+=ASN1_object_size(1,v,mtag); \ - } - -#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \ - if ((a != NULL) && (sk_##type##_num(a) != 0))\ - { \ - v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \ - V_ASN1_UNIVERSAL, \ - IS_SEQUENCE); \ - ret+=ASN1_object_size(1,v,mtag); \ - } - -/* Put Macros */ -#define M_ASN1_I2D_put(a,f) f(a,&p) - -#define M_ASN1_I2D_put_IMP_opt(a,f,t) \ - if (a != NULL) \ - { \ - unsigned char *q=p; \ - f(a,&p); \ - *q=(V_ASN1_CONTEXT_SPECIFIC|t|(*q&V_ASN1_CONSTRUCTED));\ - } - -#define M_ASN1_I2D_put_SET(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SET,\ - V_ASN1_UNIVERSAL,IS_SET) -#define M_ASN1_I2D_put_SET_type(type,a,f) \ - i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET) -#define M_ASN1_I2D_put_IMP_SET(a,f,x) i2d_ASN1_SET(a,&p,f,x,\ - V_ASN1_CONTEXT_SPECIFIC,IS_SET) -#define M_ASN1_I2D_put_IMP_SET_type(type,a,f,x) \ - i2d_ASN1_SET_OF_##type(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET) -#define M_ASN1_I2D_put_IMP_SEQUENCE(a,f,x) i2d_ASN1_SET(a,&p,f,x,\ - V_ASN1_CONTEXT_SPECIFIC,IS_SEQUENCE) - -#define M_ASN1_I2D_put_SEQUENCE(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SEQUENCE,\ - V_ASN1_UNIVERSAL,IS_SEQUENCE) - -#define M_ASN1_I2D_put_SEQUENCE_type(type,a,f) \ - i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \ - IS_SEQUENCE) - -#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - M_ASN1_I2D_put_SEQUENCE(a,f); - -#define M_ASN1_I2D_put_IMP_SET_opt(a,f,x) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \ - IS_SET); } - -#define M_ASN1_I2D_put_IMP_SET_opt_type(type,a,f,x) \ - if ((a != NULL) && (sk_##type##_num(a) != 0)) \ - { i2d_ASN1_SET_OF_##type(a,&p,f,x, \ - V_ASN1_CONTEXT_SPECIFIC, \ - IS_SET); } - -#define M_ASN1_I2D_put_IMP_SEQUENCE_opt(a,f,x) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \ - IS_SEQUENCE); } - -#define M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(type,a,f,x) \ - if ((a != NULL) && (sk_##type##_num(a) != 0)) \ - { i2d_ASN1_SET_OF_##type(a,&p,f,x, \ - V_ASN1_CONTEXT_SPECIFIC, \ - IS_SEQUENCE); } - -#define M_ASN1_I2D_put_EXP_opt(a,f,tag,v) \ - if (a != NULL) \ - { \ - ASN1_put_object(&p,1,v,tag,V_ASN1_CONTEXT_SPECIFIC); \ - f(a,&p); \ - } - -#define M_ASN1_I2D_put_EXP_SET_opt(a,f,mtag,tag,v) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - { \ - ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ - i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SET); \ - } - -#define M_ASN1_I2D_put_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - { \ - ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ - i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SEQUENCE); \ - } - -#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \ - if ((a != NULL) && (sk_##type##_num(a) != 0)) \ - { \ - ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ - i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \ - IS_SEQUENCE); \ - } - -#define M_ASN1_I2D_seq_total() \ - r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \ - if (pp == NULL) return(r); \ - p= *pp; \ - ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL) - -#define M_ASN1_I2D_INF_seq_start(tag,ctx) \ - *(p++)=(V_ASN1_CONSTRUCTED|(tag)|(ctx)); \ - *(p++)=0x80 - -#define M_ASN1_I2D_INF_seq_end() *(p++)=0x00; *(p++)=0x00 - -#define M_ASN1_I2D_finish() *pp=p; \ - return(r); -OPENSSL_EXPORT int asn1_GetSequence(ASN1_const_CTX *c, long *length); -OPENSSL_EXPORT void asn1_add_error(const unsigned char *address, int offset); #ifdef __cplusplus } #endif diff --git a/src/include/openssl/asn1t.h b/src/include/openssl/asn1t.h index 72eb2cb..6c91134 100644 --- a/src/include/openssl/asn1t.h +++ b/src/include/openssl/asn1t.h @@ -58,7 +58,7 @@ #ifndef HEADER_ASN1T_H #define HEADER_ASN1T_H -#include +#include #include #ifdef OPENSSL_BUILD_SHLIBCRYPTO diff --git a/src/include/openssl/base.h b/src/include/openssl/base.h index d73f269..b769ad5 100644 --- a/src/include/openssl/base.h +++ b/src/include/openssl/base.h @@ -56,8 +56,8 @@ /* This file should be the first included by all BoringSSL headers. */ +#include #include -#include #include #include @@ -103,6 +103,11 @@ extern "C" { #define OPENSSL_WINDOWS #endif +#if defined(TRUSTY) +#define OPENSSL_TRUSTY +#define OPENSSL_NO_THREADS +#endif + #define OPENSSL_IS_BORINGSSL #define OPENSSL_VERSION_NUMBER 0x10002000 @@ -132,6 +137,9 @@ extern "C" { #endif /* defined(BORINGSSL_SHARED_LIBRARY) */ +/* CRYPTO_THREADID is a dummy value. */ +typedef int CRYPTO_THREADID; + typedef int ASN1_BOOLEAN; typedef int ASN1_NULL; typedef struct ASN1_ITEM_st ASN1_ITEM; @@ -174,7 +182,9 @@ typedef struct bn_mont_ctx_st BN_MONT_CTX; typedef struct buf_mem_st BUF_MEM; typedef struct cbb_st CBB; typedef struct cbs_st CBS; +typedef struct cmac_ctx_st CMAC_CTX; typedef struct conf_st CONF; +typedef struct conf_value_st CONF_VALUE; typedef struct dh_method DH_METHOD; typedef struct dh_st DH; typedef struct dsa_method DSA_METHOD; @@ -198,6 +208,7 @@ typedef struct md5_state_st MD5_CTX; typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO; typedef struct pkcs12_st PKCS12; typedef struct rand_meth_st RAND_METHOD; +typedef struct rc4_key_st RC4_KEY; typedef struct rsa_meth_st RSA_METHOD; typedef struct rsa_st RSA; typedef struct sha256_state_st SHA256_CTX; diff --git a/src/include/openssl/bio.h b/src/include/openssl/bio.h index 4d89d11..b70b42f 100644 --- a/src/include/openssl/bio.h +++ b/src/include/openssl/bio.h @@ -59,9 +59,9 @@ #include -#include #include /* For FILE */ +#include /* for ERR_print_errors_fp */ #include #include @@ -96,6 +96,9 @@ OPENSSL_EXPORT int BIO_free(BIO *bio); * TODO(fork): remove. */ OPENSSL_EXPORT void BIO_vfree(BIO *bio); +/* BIO_up_ref increments the reference count of |bio| and returns it. */ +OPENSSL_EXPORT BIO *BIO_up_ref(BIO *bio); + /* Basic I/O. */ @@ -331,10 +334,6 @@ OPENSSL_EXPORT int BIO_indent(BIO *bio, unsigned indent, unsigned max_indent); OPENSSL_EXPORT int BIO_hexdump(BIO *bio, const uint8_t *data, size_t len, unsigned indent); -/* BIO_print_errors_fp prints the current contents of the error stack to |out| - * using human readable strings where possible. */ -OPENSSL_EXPORT void BIO_print_errors_fp(FILE *out); - /* BIO_print_errors prints the current contents of the error stack to |bio| * using human readable strings where possible. */ OPENSSL_EXPORT void BIO_print_errors(BIO *bio); @@ -652,7 +651,7 @@ OPENSSL_EXPORT int BIO_zero_copy_get_read_buf_done(BIO* bio, size_t bytes_read); * stack. * * The zero copy write operation is completed by calling - * |BIO_zero_copy_write_buf_don|e. Neither |BIO_zero_copy_get_write_buf_done| + * |BIO_zero_copy_write_buf_done|. Neither |BIO_zero_copy_get_write_buf| * nor any other I/O write operation may be called while a zero copy write * operation is active. */ OPENSSL_EXPORT int BIO_zero_copy_get_write_buf(BIO* bio, @@ -693,8 +692,6 @@ OPENSSL_EXPORT int BIO_zero_copy_get_write_buf_done(BIO* bio, #define BIO_CTRL_INFO 3 /* opt - extra tit-bits */ #define BIO_CTRL_SET 4 /* man - set the 'IO' type */ #define BIO_CTRL_GET 5 /* man - get the 'IO' type */ -#define BIO_CTRL_PUSH 6 /* opt - internal, used to signify change */ -#define BIO_CTRL_POP 7 /* opt - internal, used to signify change */ #define BIO_CTRL_GET_CLOSE 8 /* man - set the 'close' on free */ #define BIO_CTRL_SET_CLOSE 9 /* man - set the 'close' on free */ #define BIO_CTRL_PENDING 10 /* opt - is their more data buffered */ @@ -706,6 +703,14 @@ OPENSSL_EXPORT int BIO_zero_copy_get_write_buf_done(BIO* bio, #define BIO_CTRL_SET_FILENAME 30 /* BIO_s_file special */ +/* Android compatibility section. + * + * A previous version of BoringSSL used in Android renamed ERR_print_errors_fp + * to BIO_print_errors_fp. It has subsequently been renamed back to + * ERR_print_errors_fp. */ +#define BIO_print_errors_fp ERR_print_errors_fp + + /* Private functions */ #define BIO_FLAGS_READ 0x01 @@ -779,17 +784,12 @@ struct bio_st { /* num is a BIO-specific value. For example, in fd BIOs it's used to store a * file descriptor. */ int num; - /* TODO(fork): reference counting is only used by the SSL BIO code. If we can - * dump that then we can remove this. We could also drop - * BIO_CTRL_PUSH/BIO_CTRL_POP. */ int references; void *ptr; /* next_bio points to the next |BIO| in a chain. This |BIO| owns a reference * to |next_bio|. */ struct bio_st *next_bio; /* used by filter BIOs */ size_t num_read, num_write; - - CRYPTO_EX_DATA ex_data; }; #define BIO_C_SET_CONNECT 100 @@ -854,43 +854,40 @@ struct bio_st { } /* extern C */ #endif -#define BIO_F_bio_make_pair 100 -#define BIO_F_bio_ctrl 101 -#define BIO_F_buffer_ctrl 102 +#define BIO_F_BIO_callback_ctrl 100 +#define BIO_F_BIO_ctrl 101 +#define BIO_F_BIO_new 102 #define BIO_F_BIO_new_file 103 -#define BIO_F_file_read 104 -#define BIO_F_BIO_new 105 -#define BIO_F_bio_io 106 -#define BIO_F_BIO_new_mem_buf 107 -#define BIO_F_mem_write 108 -#define BIO_F_conn_state 109 -#define BIO_F_conn_ctrl 110 -#define BIO_F_file_ctrl 111 -#define BIO_F_BIO_callback_ctrl 112 -#define BIO_F_bio_ip_and_port_to_socket_and_addr 113 -#define BIO_F_bio_write 114 -#define BIO_F_BIO_ctrl 115 -#define BIO_F_BIO_zero_copy_get_write_buf 116 -#define BIO_F_BIO_zero_copy_get_write_buf_done 117 -#define BIO_F_BIO_zero_copy_get_read_buf 118 -#define BIO_F_BIO_zero_copy_get_read_buf_done 119 -#define BIO_R_UNSUPPORTED_METHOD 100 -#define BIO_R_NO_PORT_SPECIFIED 101 -#define BIO_R_NO_HOSTNAME_SPECIFIED 102 -#define BIO_R_IN_USE 103 -#define BIO_R_UNINITIALIZED 104 -#define BIO_R_CONNECT_ERROR 105 +#define BIO_F_BIO_new_mem_buf 104 +#define BIO_F_BIO_zero_copy_get_read_buf 105 +#define BIO_F_BIO_zero_copy_get_read_buf_done 106 +#define BIO_F_BIO_zero_copy_get_write_buf 107 +#define BIO_F_BIO_zero_copy_get_write_buf_done 108 +#define BIO_F_bio_io 109 +#define BIO_F_bio_make_pair 110 +#define BIO_F_bio_write 111 +#define BIO_F_buffer_ctrl 112 +#define BIO_F_conn_ctrl 113 +#define BIO_F_conn_state 114 +#define BIO_F_file_ctrl 115 +#define BIO_F_file_read 116 +#define BIO_F_mem_write 117 +#define BIO_R_BAD_FOPEN_MODE 100 +#define BIO_R_BROKEN_PIPE 101 +#define BIO_R_CONNECT_ERROR 102 +#define BIO_R_ERROR_SETTING_NBIO 103 +#define BIO_R_INVALID_ARGUMENT 104 +#define BIO_R_IN_USE 105 #define BIO_R_KEEPALIVE 106 -#define BIO_R_BROKEN_PIPE 107 -#define BIO_R_NBIO_CONNECT_ERROR 108 -#define BIO_R_BAD_FOPEN_MODE 109 -#define BIO_R_ASN1_OBJECT_TOO_LONG 110 -#define BIO_R_INVALID_ARGUMENT 111 -#define BIO_R_WRITE_TO_READ_ONLY_BIO 112 -#define BIO_R_ERROR_SETTING_NBIO 113 -#define BIO_R_SYS_LIB 114 -#define BIO_R_NO_SUCH_FILE 115 -#define BIO_R_NULL_PARAMETER 116 -#define BIO_R_UNABLE_TO_CREATE_SOCKET 117 +#define BIO_R_NBIO_CONNECT_ERROR 107 +#define BIO_R_NO_HOSTNAME_SPECIFIED 108 +#define BIO_R_NO_PORT_SPECIFIED 109 +#define BIO_R_NO_SUCH_FILE 110 +#define BIO_R_NULL_PARAMETER 111 +#define BIO_R_SYS_LIB 112 +#define BIO_R_UNABLE_TO_CREATE_SOCKET 113 +#define BIO_R_UNINITIALIZED 114 +#define BIO_R_UNSUPPORTED_METHOD 115 +#define BIO_R_WRITE_TO_READ_ONLY_BIO 116 #endif /* OPENSSL_HEADER_BIO_H */ diff --git a/src/include/openssl/blowfish.h b/src/include/openssl/blowfish.h new file mode 100644 index 0000000..fa60d53 --- /dev/null +++ b/src/include/openssl/blowfish.h @@ -0,0 +1,93 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] */ + +#ifndef OPENSSL_HEADER_BLOWFISH_H +#define OPENSSL_HEADER_BLOWFISH_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + + +#define BF_ENCRYPT 1 +#define BF_DECRYPT 0 + +#define BF_ROUNDS 16 +#define BF_BLOCK 8 + +typedef struct bf_key_st { + uint32_t P[BF_ROUNDS + 2]; + uint32_t S[4 * 256]; +} BF_KEY; + +OPENSSL_EXPORT void BF_set_key(BF_KEY *key, size_t len, const uint8_t *data); +OPENSSL_EXPORT void BF_encrypt(uint32_t *data, const BF_KEY *key); +OPENSSL_EXPORT void BF_decrypt(uint32_t *data, const BF_KEY *key); + +OPENSSL_EXPORT void BF_ecb_encrypt(const uint8_t *in, uint8_t *out, + const BF_KEY *key, int enc); +OPENSSL_EXPORT void BF_cbc_encrypt(const uint8_t *in, uint8_t *out, long length, + const BF_KEY *schedule, uint8_t *ivec, + int enc); + + +#ifdef __cplusplus +} +#endif + +#endif /* OPENSSL_HEADER_BLOWFISH_H */ diff --git a/src/include/openssl/bn.h b/src/include/openssl/bn.h index 0631b8c..2cd0224 100644 --- a/src/include/openssl/bn.h +++ b/src/include/openssl/bn.h @@ -124,7 +124,9 @@ #define OPENSSL_HEADER_BN_H #include +#include +#include /* for PRIu64 and friends */ #include /* for FILE* */ #if defined(__cplusplus) @@ -137,13 +139,24 @@ extern "C" { * will allow you to work with numbers until you run out of memory. */ -/* BN_ULONG is the native word size when working with big integers. */ +/* BN_ULONG is the native word size when working with big integers. + * + * Note: on some platforms, inttypes.h does not define print format macros in + * C++ unless |__STDC_FORMAT_MACROS| defined. As this is a public header, bn.h + * does not define |__STDC_FORMAT_MACROS| itself. C++ source files which use the + * FMT macros must define it externally. */ #if defined(OPENSSL_64_BIT) #define BN_ULONG uint64_t #define BN_BITS2 64 +#define BN_DEC_FMT1 "%" PRIu64 +#define BN_DEC_FMT2 "%019" PRIu64 +#define BN_HEX_FMT1 "%" PRIx64 #elif defined(OPENSSL_32_BIT) #define BN_ULONG uint32_t #define BN_BITS2 32 +#define BN_DEC_FMT1 "%" PRIu32 +#define BN_DEC_FMT2 "%09" PRIu32 +#define BN_HEX_FMT1 "%" PRIx32 #else #error "Must define either OPENSSL_32_BIT or OPENSSL_64_BIT" #endif @@ -473,7 +486,8 @@ OPENSSL_EXPORT BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); BN_div(NULL, (rem), (numerator), (divisor), (ctx)) /* BN_nnmod is a non-negative modulo function. It acts like |BN_mod|, but 0 <= - * |rem| < |divisor| is always true. */ + * |rem| < |divisor| is always true. It returns one on success and zero on + * error. */ OPENSSL_EXPORT int BN_nnmod(BIGNUM *rem, const BIGNUM *numerator, const BIGNUM *divisor, BN_CTX *ctx); @@ -710,15 +724,13 @@ OPENSSL_EXPORT BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, OPENSSL_EXPORT int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx); -/* BN_MONT_CTX_set_locked takes the lock indicated by |lock| and checks whether - * |*pmont| is NULL. If so, it creates a new |BN_MONT_CTX| and sets the modulus - * for it to |mod|. It then stores it as |*pmont| and returns it, or NULL on - * error. +/* BN_MONT_CTX_set_locked takes |lock| and checks whether |*pmont| is NULL. If + * so, it creates a new |BN_MONT_CTX| and sets the modulus for it to |mod|. It + * then stores it as |*pmont| and returns it, or NULL on error. * * If |*pmont| is already non-NULL then the existing value is returned. */ -OPENSSL_EXPORT BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, - int lock, const BIGNUM *mod, - BN_CTX *ctx); +BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_MUTEX *lock, + const BIGNUM *mod, BN_CTX *bn_ctx); /* BN_to_montgomery sets |ret| equal to |a| in the Montgomery domain. It * returns one on success and zero on error. */ @@ -815,47 +827,47 @@ OPENSSL_EXPORT BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn); } /* extern C */ #endif -#define BN_F_BN_bn2hex 100 -#define BN_F_BN_new 101 -#define BN_F_BN_exp 102 -#define BN_F_mod_exp_recp 103 -#define BN_F_BN_mod_sqrt 104 -#define BN_F_BN_rand 105 -#define BN_F_BN_rand_range 106 -#define BN_F_bn_wexpand 107 -#define BN_F_BN_mod_exp_mont 108 -#define BN_F_BN_mod_exp2_mont 109 -#define BN_F_BN_CTX_get 110 -#define BN_F_BN_mod_inverse 111 -#define BN_F_BN_bn2dec 112 -#define BN_F_BN_div 113 -#define BN_F_BN_div_recp 114 -#define BN_F_BN_mod_exp_mont_consttime 115 -#define BN_F_BN_mod_exp_mont_word 116 -#define BN_F_BN_CTX_start 117 -#define BN_F_BN_usub 118 -#define BN_F_BN_mod_lshift_quick 119 -#define BN_F_BN_CTX_new 120 -#define BN_F_BN_mod_inverse_no_branch 121 -#define BN_F_BN_generate_dsa_nonce 122 -#define BN_F_BN_generate_prime_ex 123 -#define BN_F_BN_sqrt 124 -#define BN_R_NOT_A_SQUARE 100 -#define BN_R_TOO_MANY_ITERATIONS 101 -#define BN_R_INPUT_NOT_REDUCED 102 -#define BN_R_TOO_MANY_TEMPORARY_VARIABLES 103 -#define BN_R_NO_INVERSE 104 -#define BN_R_NOT_INITIALIZED 105 -#define BN_R_DIV_BY_ZERO 106 -#define BN_R_CALLED_WITH_EVEN_MODULUS 107 -#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 108 -#define BN_R_BAD_RECIPROCAL 109 -#define BN_R_P_IS_NOT_PRIME 110 -#define BN_R_INVALID_RANGE 111 -#define BN_R_ARG2_LT_ARG3 112 -#define BN_R_BIGNUM_TOO_LONG 113 -#define BN_R_PRIVATE_KEY_TOO_LARGE 114 -#define BN_R_BITS_TOO_SMALL 115 -#define BN_R_NEGATIVE_NUMBER 116 +#define BN_F_BN_CTX_get 100 +#define BN_F_BN_CTX_new 101 +#define BN_F_BN_CTX_start 102 +#define BN_F_BN_bn2dec 103 +#define BN_F_BN_bn2hex 104 +#define BN_F_BN_div 105 +#define BN_F_BN_div_recp 106 +#define BN_F_BN_exp 107 +#define BN_F_BN_generate_dsa_nonce 108 +#define BN_F_BN_generate_prime_ex 109 +#define BN_F_BN_mod_exp2_mont 110 +#define BN_F_BN_mod_exp_mont 111 +#define BN_F_BN_mod_exp_mont_consttime 112 +#define BN_F_BN_mod_exp_mont_word 113 +#define BN_F_BN_mod_inverse 114 +#define BN_F_BN_mod_inverse_no_branch 115 +#define BN_F_BN_mod_lshift_quick 116 +#define BN_F_BN_mod_sqrt 117 +#define BN_F_BN_new 118 +#define BN_F_BN_rand 119 +#define BN_F_BN_rand_range 120 +#define BN_F_BN_sqrt 121 +#define BN_F_BN_usub 122 +#define BN_F_bn_wexpand 123 +#define BN_F_mod_exp_recp 124 +#define BN_R_ARG2_LT_ARG3 100 +#define BN_R_BAD_RECIPROCAL 101 +#define BN_R_BIGNUM_TOO_LONG 102 +#define BN_R_BITS_TOO_SMALL 103 +#define BN_R_CALLED_WITH_EVEN_MODULUS 104 +#define BN_R_DIV_BY_ZERO 105 +#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 106 +#define BN_R_INPUT_NOT_REDUCED 107 +#define BN_R_INVALID_RANGE 108 +#define BN_R_NEGATIVE_NUMBER 109 +#define BN_R_NOT_A_SQUARE 110 +#define BN_R_NOT_INITIALIZED 111 +#define BN_R_NO_INVERSE 112 +#define BN_R_PRIVATE_KEY_TOO_LARGE 113 +#define BN_R_P_IS_NOT_PRIME 114 +#define BN_R_TOO_MANY_ITERATIONS 115 +#define BN_R_TOO_MANY_TEMPORARY_VARIABLES 116 #endif /* OPENSSL_HEADER_BN_H */ diff --git a/src/include/openssl/buf.h b/src/include/openssl/buf.h index 0a0a9b8..2b36ce4 100644 --- a/src/include/openssl/buf.h +++ b/src/include/openssl/buf.h @@ -116,8 +116,8 @@ OPENSSL_EXPORT size_t BUF_strlcat(char *dst, const char *src, size_t size); #endif #define BUF_F_BUF_MEM_new 100 -#define BUF_F_buf_mem_grow 101 +#define BUF_F_BUF_memdup 101 #define BUF_F_BUF_strndup 102 -#define BUF_F_BUF_memdup 103 +#define BUF_F_buf_mem_grow 103 #endif /* OPENSSL_HEADER_BUFFER_H */ diff --git a/src/include/openssl/bytestring.h b/src/include/openssl/bytestring.h index 2bff3f5..e10621a 100644 --- a/src/include/openssl/bytestring.h +++ b/src/include/openssl/bytestring.h @@ -47,7 +47,7 @@ OPENSSL_EXPORT void CBS_init(CBS *cbs, const uint8_t *data, size_t len); * otherwise. */ OPENSSL_EXPORT int CBS_skip(CBS *cbs, size_t len); -/* CBS_data returns a pointer to the contains of |cbs|. */ +/* CBS_data returns a pointer to the contents of |cbs|. */ OPENSSL_EXPORT const uint8_t *CBS_data(const CBS *cbs); /* CBS_len returns the number of bytes remaining in |cbs|. */ @@ -134,7 +134,7 @@ OPENSSL_EXPORT int CBS_get_u24_length_prefixed(CBS *cbs, CBS *out); * element must match |tag_value|. It returns one on success and zero * on error. * - * Tag numbers greater than 31 are not supported. */ + * Tag numbers greater than 30 are not supported (i.e. short form only). */ OPENSSL_EXPORT int CBS_get_asn1(CBS *cbs, CBS *out, unsigned tag_value); /* CBS_get_asn1_element acts like |CBS_get_asn1| but |out| will include the @@ -155,7 +155,7 @@ OPENSSL_EXPORT int CBS_peek_asn1_tag(const CBS *cbs, unsigned tag_value); * header. Each of |out|, |out_tag|, and |out_header_len| may be NULL to ignore * the value. * - * Tag numbers greater than 31 are not supported. */ + * Tag numbers greater than 30 are not supported (i.e. short form only). */ OPENSSL_EXPORT int CBS_get_any_asn1_element(CBS *cbs, CBS *out, unsigned *out_tag, size_t *out_header_len); @@ -287,7 +287,9 @@ OPENSSL_EXPORT int CBB_add_u24_length_prefixed(CBB *cbb, CBB *out_contents); /* CBB_add_asn sets |*out_contents| to a |CBB| into which the contents of an * ASN.1 object can be written. The |tag| argument will be used as the tag for - * the object. It returns one on success or zero on error. */ + * the object. Passing in |tag| number 31 will return in an error since only + * single octet identifiers are supported. It returns one on success or zero + * on error. */ OPENSSL_EXPORT int CBB_add_asn1(CBB *cbb, CBB *out_contents, uint8_t tag); /* CBB_add_bytes appends |len| bytes from |data| to |cbb|. It returns one on diff --git a/src/include/openssl/cast.h b/src/include/openssl/cast.h new file mode 100644 index 0000000..8021723 --- /dev/null +++ b/src/include/openssl/cast.h @@ -0,0 +1,96 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] */ + +#ifndef OPENSSL_HEADER_CAST_H +#define OPENSSL_HEADER_CAST_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + + +#define CAST_ENCRYPT 1 +#define CAST_DECRYPT 0 + +#define CAST_BLOCK 8 +#define CAST_KEY_LENGTH 16 + +typedef struct cast_key_st { + uint32_t data[32]; + int short_key; /* Use reduced rounds for short key */ +} CAST_KEY; + +OPENSSL_EXPORT void CAST_set_key(CAST_KEY *key, size_t len, + const uint8_t *data); +OPENSSL_EXPORT void CAST_ecb_encrypt(const uint8_t *in, uint8_t *out, + const CAST_KEY *key, int enc); +OPENSSL_EXPORT void CAST_encrypt(uint32_t *data, const CAST_KEY *key); +OPENSSL_EXPORT void CAST_decrypt(uint32_t *data, const CAST_KEY *key); +OPENSSL_EXPORT void CAST_cbc_encrypt(const uint8_t *in, uint8_t *out, + long length, const CAST_KEY *ks, + uint8_t *iv, int enc); + +OPENSSL_EXPORT void CAST_cfb64_encrypt(const uint8_t *in, uint8_t *out, + long length, const CAST_KEY *schedule, + uint8_t *ivec, int *num, int enc); + +#ifdef __cplusplus +} +#endif + +#endif /* OPENSSL_HEADER_CAST_H */ diff --git a/src/include/openssl/cipher.h b/src/include/openssl/cipher.h index adca5a9..f1469a0 100644 --- a/src/include/openssl/cipher.h +++ b/src/include/openssl/cipher.h @@ -80,10 +80,12 @@ OPENSSL_EXPORT const EVP_CIPHER *EVP_des_ede3_cbc(void); OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_ecb(void); OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_cbc(void); OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_ctr(void); +OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_ofb(void); OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_ecb(void); OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_cbc(void); OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_ctr(void); +OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_ofb(void); /* Deprecated AES-GCM implementations that set |EVP_CIPH_FLAG_CUSTOM_CIPHER|. * Use |EVP_aead_aes_128_gcm| and |EVP_aead_aes_256_gcm| instead. */ @@ -91,9 +93,9 @@ OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_gcm(void); OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_gcm(void); /* Deprecated 192-bit version of AES. */ +OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_ecb(void); OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_cbc(void); OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_ctr(void); -OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_ecb(void); OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_gcm(void); /* EVP_enc_null returns a 'cipher' that passes plaintext through as @@ -123,8 +125,8 @@ OPENSSL_EXPORT void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx); * |EVP_CIPHER_CTX_init| and returns it, or NULL on allocation failure. */ OPENSSL_EXPORT EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); -/* EVP_CIPHER_CTX_cleanup frees any memory referenced by |ctx|. It returns one - * on success and zero otherwise. */ +/* EVP_CIPHER_CTX_cleanup frees any memory referenced by |ctx|. It returns + * one. */ OPENSSL_EXPORT int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *ctx); /* EVP_CIPHER_CTX_free calls |EVP_CIPHER_CTX_cleanup| on |ctx| and then frees @@ -236,7 +238,8 @@ OPENSSL_EXPORT const EVP_CIPHER *EVP_CIPHER_CTX_cipher( const EVP_CIPHER_CTX *ctx); /* EVP_CIPHER_CTX_nid returns a NID identifying the |EVP_CIPHER| underlying - * |ctx| (e.g. |NID_rc4|). It will crash if no cipher has been configured. */ + * |ctx| (e.g. |NID_aes_128_gcm|). It will crash if no cipher has been + * configured. */ OPENSSL_EXPORT int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); /* EVP_CIPHER_CTX_block_size returns the block size, in bytes, of the cipher @@ -289,13 +292,9 @@ OPENSSL_EXPORT int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *ctx, unsigned k /* Cipher accessors. */ /* EVP_CIPHER_nid returns a NID identifing |cipher|. (For example, - * |NID_rc4|.) */ + * |NID_aes_128_gcm|.) */ OPENSSL_EXPORT int EVP_CIPHER_nid(const EVP_CIPHER *cipher); -/* EVP_CIPHER_name returns the short name for |cipher| or NULL if no name is - * known. */ -OPENSSL_EXPORT const char *EVP_CIPHER_name(const EVP_CIPHER *cipher); - /* EVP_CIPHER_block_size returns the block size, in bytes, for |cipher|, or one * if |cipher| is a stream cipher. */ OPENSSL_EXPORT unsigned EVP_CIPHER_block_size(const EVP_CIPHER *cipher); @@ -491,7 +490,7 @@ typedef struct evp_cipher_info_st { } EVP_CIPHER_INFO; struct evp_cipher_st { - /* type contains a NID identifing the cipher. (For example, NID_rc4.) */ + /* type contains a NID identifing the cipher. (e.g. NID_aes_128_gcm.) */ int nid; /* block_size contains the block size, in bytes, of the cipher, or 1 for a @@ -521,7 +520,7 @@ struct evp_cipher_st { int (*cipher)(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, size_t inl); - int (*cleanup)(EVP_CIPHER_CTX *); + void (*cleanup)(EVP_CIPHER_CTX *); int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); }; @@ -531,62 +530,65 @@ struct evp_cipher_st { } /* extern C */ #endif -#define CIPHER_F_EVP_CipherInit_ex 100 -#define CIPHER_F_EVP_EncryptFinal_ex 101 -#define CIPHER_F_EVP_DecryptFinal_ex 102 -#define CIPHER_F_EVP_CIPHER_CTX_ctrl 103 -#define CIPHER_F_aes_init_key 104 -#define CIPHER_F_aesni_init_key 105 -#define CIPHER_F_EVP_CIPHER_CTX_copy 106 -#define CIPHER_F_EVP_AEAD_CTX_open 107 -#define CIPHER_F_EVP_AEAD_CTX_init 108 -#define CIPHER_F_EVP_AEAD_CTX_seal 109 -#define CIPHER_F_aead_aes_gcm_seal 110 -#define CIPHER_F_aead_aes_gcm_open 111 -#define CIPHER_F_aead_aes_gcm_init 112 -#define CIPHER_F_aead_chacha20_poly1305_init 113 -#define CIPHER_F_aead_chacha20_poly1305_open 114 -#define CIPHER_F_aead_chacha20_poly1305_seal 115 -#define CIPHER_F_aead_rc4_md5_tls_init 116 -#define CIPHER_F_aead_rc4_md5_tls_seal 117 -#define CIPHER_F_aead_rc4_md5_tls_open 118 -#define CIPHER_F_aead_aes_key_wrap_seal 119 -#define CIPHER_F_aead_aes_key_wrap_init 120 -#define CIPHER_F_aead_aes_key_wrap_open 121 -#define CIPHER_F_EVP_CIPHER_CTX_set_key_length 122 -#define CIPHER_F_aead_tls_init 123 -#define CIPHER_F_aead_tls_open 124 -#define CIPHER_F_aead_tls_seal 125 -#define CIPHER_F_aead_tls_ensure_cipher_init 126 -#define CIPHER_F_aead_ssl3_open 127 -#define CIPHER_F_aead_ssl3_seal 128 -#define CIPHER_F_aead_ssl3_init 129 -#define CIPHER_F_aead_ssl3_ensure_cipher_init 130 -#define CIPHER_R_WRAP_MODE_NOT_ALLOWED 100 -#define CIPHER_R_AES_KEY_SETUP_FAILED 101 -#define CIPHER_R_INPUT_NOT_INITIALIZED 102 -#define CIPHER_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 103 -#define CIPHER_R_INITIALIZATION_ERROR 104 -#define CIPHER_R_CTRL_NOT_IMPLEMENTED 105 -#define CIPHER_R_NO_CIPHER_SET 106 -#define CIPHER_R_BAD_DECRYPT 107 -#define CIPHER_R_WRONG_FINAL_BLOCK_LENGTH 108 -#define CIPHER_R_CTRL_OPERATION_NOT_IMPLEMENTED 109 -#define CIPHER_R_TAG_TOO_LARGE 110 -#define CIPHER_R_BAD_KEY_LENGTH 111 -#define CIPHER_R_BUFFER_TOO_SMALL 112 -#define CIPHER_R_OUTPUT_ALIASES_INPUT 113 -#define CIPHER_R_UNSUPPORTED_KEY_SIZE 114 -#define CIPHER_R_TOO_LARGE 115 -#define CIPHER_R_IV_TOO_LARGE 116 -#define CIPHER_R_INVALID_AD_SIZE 117 -#define CIPHER_R_INVALID_AD 118 -#define CIPHER_R_UNSUPPORTED_TAG_SIZE 119 -#define CIPHER_R_UNSUPPORTED_INPUT_SIZE 120 -#define CIPHER_R_UNSUPPORTED_AD_SIZE 121 -#define CIPHER_R_UNSUPPORTED_NONCE_SIZE 122 -#define CIPHER_R_INVALID_KEY_LENGTH 123 -#define CIPHER_R_INVALID_OPERATION 124 -#define CIPHER_R_INVALID_NONCE_SIZE 125 +#define CIPHER_F_EVP_AEAD_CTX_init 100 +#define CIPHER_F_EVP_AEAD_CTX_open 101 +#define CIPHER_F_EVP_AEAD_CTX_seal 102 +#define CIPHER_F_EVP_CIPHER_CTX_copy 103 +#define CIPHER_F_EVP_CIPHER_CTX_ctrl 104 +#define CIPHER_F_EVP_CIPHER_CTX_set_key_length 105 +#define CIPHER_F_EVP_CipherInit_ex 106 +#define CIPHER_F_EVP_DecryptFinal_ex 107 +#define CIPHER_F_EVP_EncryptFinal_ex 108 +#define CIPHER_F_aead_aes_gcm_init 109 +#define CIPHER_F_aead_aes_gcm_open 110 +#define CIPHER_F_aead_aes_gcm_seal 111 +#define CIPHER_F_aead_aes_key_wrap_init 112 +#define CIPHER_F_aead_aes_key_wrap_open 113 +#define CIPHER_F_aead_aes_key_wrap_seal 114 +#define CIPHER_F_aead_chacha20_poly1305_init 115 +#define CIPHER_F_aead_chacha20_poly1305_open 116 +#define CIPHER_F_aead_chacha20_poly1305_seal 117 +#define CIPHER_F_aead_rc4_md5_tls_init 118 +#define CIPHER_F_aead_rc4_md5_tls_open 119 +#define CIPHER_F_aead_rc4_md5_tls_seal 120 +#define CIPHER_F_aead_ssl3_ensure_cipher_init 121 +#define CIPHER_F_aead_ssl3_init 122 +#define CIPHER_F_aead_ssl3_open 123 +#define CIPHER_F_aead_ssl3_seal 124 +#define CIPHER_F_aead_tls_ensure_cipher_init 125 +#define CIPHER_F_aead_tls_init 126 +#define CIPHER_F_aead_tls_open 127 +#define CIPHER_F_aead_tls_seal 128 +#define CIPHER_F_aes_init_key 129 +#define CIPHER_F_aesni_init_key 130 +#define CIPHER_F_EVP_AEAD_CTX_init_with_direction 131 +#define CIPHER_F_aead_aes_ctr_hmac_sha256_init 132 +#define CIPHER_F_aead_aes_ctr_hmac_sha256_open 133 +#define CIPHER_F_aead_aes_ctr_hmac_sha256_seal 134 +#define CIPHER_R_AES_KEY_SETUP_FAILED 100 +#define CIPHER_R_BAD_DECRYPT 101 +#define CIPHER_R_BAD_KEY_LENGTH 102 +#define CIPHER_R_BUFFER_TOO_SMALL 103 +#define CIPHER_R_CTRL_NOT_IMPLEMENTED 104 +#define CIPHER_R_CTRL_OPERATION_NOT_IMPLEMENTED 105 +#define CIPHER_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 106 +#define CIPHER_R_INITIALIZATION_ERROR 107 +#define CIPHER_R_INPUT_NOT_INITIALIZED 108 +#define CIPHER_R_INVALID_AD_SIZE 109 +#define CIPHER_R_INVALID_KEY_LENGTH 110 +#define CIPHER_R_INVALID_NONCE_SIZE 111 +#define CIPHER_R_INVALID_OPERATION 112 +#define CIPHER_R_IV_TOO_LARGE 113 +#define CIPHER_R_NO_CIPHER_SET 114 +#define CIPHER_R_OUTPUT_ALIASES_INPUT 115 +#define CIPHER_R_TAG_TOO_LARGE 116 +#define CIPHER_R_TOO_LARGE 117 +#define CIPHER_R_UNSUPPORTED_AD_SIZE 118 +#define CIPHER_R_UNSUPPORTED_INPUT_SIZE 119 +#define CIPHER_R_UNSUPPORTED_KEY_SIZE 120 +#define CIPHER_R_UNSUPPORTED_NONCE_SIZE 121 +#define CIPHER_R_UNSUPPORTED_TAG_SIZE 122 +#define CIPHER_R_WRONG_FINAL_BLOCK_LENGTH 123 +#define CIPHER_R_NO_DIRECTION_SET 124 #endif /* OPENSSL_HEADER_CIPHER_H */ diff --git a/src/include/openssl/cmac.h b/src/include/openssl/cmac.h new file mode 100644 index 0000000..183f41b --- /dev/null +++ b/src/include/openssl/cmac.h @@ -0,0 +1,76 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#ifndef OPENSSL_HEADER_CMAC_H +#define OPENSSL_HEADER_CMAC_H + +#include + +#if defined(__cplusplus) +extern "C" { +#endif + + +/* CMAC. + * + * CMAC is a MAC based on AES-CBC and defined in + * https://tools.ietf.org/html/rfc4493#section-2.3. */ + + +/* One-shot functions. */ + +/* AES_CMAC calculates the 16-byte, CMAC authenticator of |in_len| bytes of + * |in| and writes it to |out|. The |key_len| may be 16 or 32 bytes to select + * between AES-128 and AES-256. It returns one on success or zero on error. */ +OPENSSL_EXPORT int AES_CMAC(uint8_t out[16], const uint8_t *key, size_t key_len, + const uint8_t *in, size_t in_len); + + +/* Incremental interface. */ + +/* CMAC_CTX_new allocates a fresh |CMAC_CTX| and returns it, or NULL on + * error. */ +OPENSSL_EXPORT CMAC_CTX *CMAC_CTX_new(void); + +/* CMAC_CTX_free frees a |CMAC_CTX|. */ +OPENSSL_EXPORT void CMAC_CTX_free(CMAC_CTX *ctx); + +/* CMAC_Init configures |ctx| to use the given |key| and |cipher|. The CMAC RFC + * only specifies the use of AES-128 thus |key_len| should be 16 and |cipher| + * should be |EVP_aes_128_cbc()|. However, this implementation also supports + * AES-256 by setting |key_len| to 32 and |cipher| to |EVP_aes_256_cbc()|. The + * |engine| argument is ignored. + * + * It returns one on success or zero on error. */ +OPENSSL_EXPORT int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t key_len, + const EVP_CIPHER *cipher, ENGINE *engine); + + +/* CMAC_Reset resets |ctx| so that a fresh message can be authenticated. */ +OPENSSL_EXPORT int CMAC_Reset(CMAC_CTX *ctx); + +/* CMAC_Update processes |in_len| bytes of message from |in|. It returns one on + * success or zero on error. */ +OPENSSL_EXPORT int CMAC_Update(CMAC_CTX *ctx, const uint8_t *in, size_t in_len); + +/* CMAC_Final sets |*out_len| to 16 and, if |out| is not NULL, writes 16 bytes + * of authenticator to it. It returns one on success or zero on error. */ +OPENSSL_EXPORT int CMAC_Final(CMAC_CTX *ctx, uint8_t *out, size_t *out_len); + + +#if defined(__cplusplus) +} /* extern C */ +#endif + +#endif /* OPENSSL_HEADER_CBC_H */ diff --git a/src/include/openssl/conf.h b/src/include/openssl/conf.h index 0918c0c..84fc94f 100644 --- a/src/include/openssl/conf.h +++ b/src/include/openssl/conf.h @@ -79,19 +79,20 @@ extern "C" { * * Config files are representated by a |CONF|. */ -typedef struct { +struct conf_value_st { char *section; char *name; char *value; -} CONF_VALUE; +}; struct conf_st { LHASH_OF(CONF_VALUE) *data; }; -/* NCONF_new returns a fresh, empty |CONF|, or NULL on error. */ -CONF *NCONF_new(void); +/* NCONF_new returns a fresh, empty |CONF|, or NULL on error. The |method| + * argument must be NULL. */ +CONF *NCONF_new(void *method); /* NCONF_free frees all the data owned by |conf| and then |conf| itself. */ void NCONF_free(CONF *conf); @@ -102,6 +103,10 @@ void NCONF_free(CONF *conf); * number of the line that contained the error. */ int NCONF_load(CONF *conf, const char *filename, long *out_error_line); +/* NCONF_load_bio acts like |NCONF_load| but reads from |bio| rather than from + * a named file. */ +int NCONF_load_bio(CONF *conf, BIO *bio, long *out_error_line); + /* NCONF_get_section returns a stack of values for a given section in |conf|. * If |section| is NULL, the default section is returned. It returns NULL on * error. */ @@ -131,14 +136,14 @@ int CONF_parse_list(const char *list, char sep, int remove_whitespace, #endif #define CONF_F_CONF_parse_list 100 -#define CONF_F_str_copy 101 +#define CONF_F_NCONF_load 101 #define CONF_F_def_load_bio 102 -#define CONF_F_NCONF_load 103 -#define CONF_R_MISSING_EQUAL_SIGN 100 -#define CONF_R_LIST_CANNOT_BE_NULL 101 -#define CONF_R_NO_CLOSE_BRACE 102 -#define CONF_R_VARIABLE_HAS_NO_VALUE 103 +#define CONF_F_str_copy 103 +#define CONF_R_LIST_CANNOT_BE_NULL 100 +#define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 101 +#define CONF_R_MISSING_EQUAL_SIGN 102 +#define CONF_R_NO_CLOSE_BRACE 103 #define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 104 -#define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 105 +#define CONF_R_VARIABLE_HAS_NO_VALUE 105 #endif /* OPENSSL_HEADER_THREAD_H */ diff --git a/src/include/openssl/cpu.h b/src/include/openssl/cpu.h index 79441ae..83ec473 100644 --- a/src/include/openssl/cpu.h +++ b/src/include/openssl/cpu.h @@ -78,7 +78,6 @@ extern "C" { * Index 0: * EDX for CPUID where EAX = 1 * Bit 30 is used to indicate an Intel CPU - * Bit 20 is used to indicate RC4_CHAR * Index 1: * ECX for CPUID where EAX = 1 * Index 2: diff --git a/src/include/openssl/crypto.h b/src/include/openssl/crypto.h index e58d5f0..5c974f8 100644 --- a/src/include/openssl/crypto.h +++ b/src/include/openssl/crypto.h @@ -17,8 +17,11 @@ #include +/* Upstream OpenSSL defines |OPENSSL_malloc|, etc., in crypto.h rather than + * mem.h. */ #include + #if defined(__cplusplus) extern "C" { #endif @@ -32,6 +35,9 @@ extern "C" { * nothing and a static initializer is used instead. */ OPENSSL_EXPORT void CRYPTO_library_init(void); + +/* Deprecated functions. */ + #define OPENSSL_VERSION_TEXT "BoringSSL" #define SSLEAY_VERSION 0 @@ -48,9 +54,9 @@ OPENSSL_EXPORT const char *SSLeay(void); } /* extern C */ #endif -#define CRYPTO_F_CRYPTO_set_ex_data 100 -#define CRYPTO_F_get_class 101 -#define CRYPTO_F_get_new_index 102 +#define CRYPTO_F_CRYPTO_get_ex_new_index 100 +#define CRYPTO_F_CRYPTO_set_ex_data 101 +#define CRYPTO_F_get_class 102 #define CRYPTO_F_get_func_pointers 103 #endif /* OPENSSL_HEADER_CRYPTO_H */ diff --git a/src/include/openssl/des.h b/src/include/openssl/des.h index 1f0dbad..f3804c3 100644 --- a/src/include/openssl/des.h +++ b/src/include/openssl/des.h @@ -94,6 +94,10 @@ typedef struct DES_ks { OPENSSL_EXPORT void DES_set_key(const DES_cblock *key, DES_key_schedule *schedule); +/* DES_set_odd_parity sets the parity bits (the least-significant bits in each + * byte) of |key| given the other bits in each byte. */ +OPENSSL_EXPORT void DES_set_odd_parity(DES_cblock *key); + /* DES_ecb_encrypt encrypts (or decrypts, if |is_encrypt| is |DES_DECRYPT|) a * single DES block (8 bytes) from in to out, using the key configured in * |schedule|. */ @@ -108,6 +112,15 @@ OPENSSL_EXPORT void DES_ncbc_encrypt(const uint8_t *in, uint8_t *out, const DES_key_schedule *schedule, DES_cblock *ivec, int enc); +/* DES_ecb3_encrypt encrypts (or decrypts, if |enc| is |DES_DECRYPT|) a single + * block (8 bytes) of data from |input| to |output| using 3DES. */ +OPENSSL_EXPORT void DES_ecb3_encrypt(const DES_cblock *input, + DES_cblock *output, + const DES_key_schedule *ks1, + const DES_key_schedule *ks2, + const DES_key_schedule *ks3, + int enc); + /* DES_ede3_cbc_encrypt encrypts (or decrypts, if |enc| is |DES_DECRYPT|) |len| * bytes from |in| to |out| with 3DES in CBC mode. 3DES uses three keys, thus * the function takes three different |DES_key_schedule|s. */ diff --git a/src/include/openssl/dh.h b/src/include/openssl/dh.h index 9d8bda2..60a030d 100644 --- a/src/include/openssl/dh.h +++ b/src/include/openssl/dh.h @@ -61,6 +61,7 @@ #include #include +#include #if defined(__cplusplus) extern "C" { @@ -144,6 +145,10 @@ OPENSSL_EXPORT int DH_size(const DH *dh); #define DH_CHECK_INVALID_Q_VALUE 0x20 #define DH_CHECK_INVALID_J_VALUE 0x40 +/* These are compatibility defines. */ +#define DH_NOT_SUITABLE_GENERATOR DH_CHECK_NOT_SUITABLE_GENERATOR +#define DH_UNABLE_TO_CHECK_GENERATOR DH_CHECK_UNABLE_TO_CHECK_GENERATOR + /* DH_check checks the suitability of |dh| as a Diffie-Hellman group. and sets * |DH_CHECK_*| flags in |*out_flags| if it finds any errors. It returns one if * |*out_flags| was successfully set and zero on error. @@ -185,7 +190,7 @@ OPENSSL_EXPORT int i2d_DHparams(const DH *in, unsigned char **outp); /* ex_data functions. * - * These functions are wrappers. See |ex_data.h| for details. */ + * See |ex_data.h| for details. */ OPENSSL_EXPORT int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, @@ -232,6 +237,8 @@ struct dh_st { /* priv_length contains the length, in bits, of the private value. If zero, * the private value will be the same length as |p|. */ unsigned priv_length; + + CRYPTO_MUTEX method_mont_p_lock; BN_MONT_CTX *method_mont_p; /* Place holders if we want to do X9.42 DH */ @@ -251,12 +258,12 @@ struct dh_st { } /* extern C */ #endif -#define DH_F_generate_parameters 100 -#define DH_F_generate_key 101 -#define DH_F_compute_key 102 -#define DH_F_DH_new_method 103 -#define DH_R_INVALID_PUBKEY 100 -#define DH_R_BAD_GENERATOR 101 +#define DH_F_DH_new_method 100 +#define DH_F_compute_key 101 +#define DH_F_generate_key 102 +#define DH_F_generate_parameters 103 +#define DH_R_BAD_GENERATOR 100 +#define DH_R_INVALID_PUBKEY 101 #define DH_R_MODULUS_TOO_LARGE 102 #define DH_R_NO_PRIVATE_VALUE 103 diff --git a/src/include/openssl/digest.h b/src/include/openssl/digest.h index 95a35e7..8285dce 100644 --- a/src/include/openssl/digest.h +++ b/src/include/openssl/digest.h @@ -171,12 +171,9 @@ OPENSSL_EXPORT int EVP_Digest(const void *data, size_t len, uint8_t *md_out, * These functions allow code to learn details about an abstract hash * function. */ -/* EVP_MD_type returns a NID identifing |md|. (For example, |NID_md5|.) */ +/* EVP_MD_type returns a NID identifing |md|. (For example, |NID_sha256|.) */ OPENSSL_EXPORT int EVP_MD_type(const EVP_MD *md); -/* EVP_MD_name returns the short name for |md| or NULL if no name is known. */ -OPENSSL_EXPORT const char *EVP_MD_name(const EVP_MD *md); - /* EVP_MD_flags returns the flags for |md|, which is a set of |EVP_MD_FLAG_*| * values, ORed together. */ OPENSSL_EXPORT uint32_t EVP_MD_flags(const EVP_MD *md); @@ -224,7 +221,7 @@ OPENSSL_EXPORT unsigned EVP_MD_CTX_size(const EVP_MD_CTX *ctx); OPENSSL_EXPORT unsigned EVP_MD_CTX_block_size(const EVP_MD_CTX *ctx); /* EVP_MD_CTX_type returns a NID describing the digest function used by |ctx|. - * (For example, |NID_md5|.) It will crash if a digest hasn't been set on + * (For example, |NID_sha256|.) It will crash if a digest hasn't been set on * |ctx|. */ OPENSSL_EXPORT int EVP_MD_CTX_type(const EVP_MD_CTX *ctx); diff --git a/src/include/openssl/dsa.h b/src/include/openssl/dsa.h index 8a182c2..2271915 100644 --- a/src/include/openssl/dsa.h +++ b/src/include/openssl/dsa.h @@ -64,6 +64,7 @@ #include #include +#include #if defined(__cplusplus) extern "C" { @@ -301,7 +302,7 @@ OPENSSL_EXPORT DH *DSA_dup_DH(const DSA *dsa); /* ex_data functions. * - * These functions are wrappers. See |ex_data.h| for details. */ + * See |ex_data.h| for details. */ OPENSSL_EXPORT int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, @@ -351,6 +352,7 @@ struct dsa_st { int flags; /* Normally used to cache montgomery values */ + CRYPTO_MUTEX method_mont_p_lock; BN_MONT_CTX *method_mont_p; int references; CRYPTO_EX_DATA ex_data; @@ -364,14 +366,14 @@ struct dsa_st { } /* extern C */ #endif -#define DSA_F_sign 100 -#define DSA_F_verify 101 -#define DSA_F_dsa_sig_cb 102 -#define DSA_F_DSA_new_method 103 -#define DSA_F_sign_setup 104 -#define DSA_R_NEED_NEW_SETUP_VALUES 100 -#define DSA_R_BAD_Q_VALUE 101 +#define DSA_F_DSA_new_method 100 +#define DSA_F_dsa_sig_cb 101 +#define DSA_F_sign 102 +#define DSA_F_sign_setup 103 +#define DSA_F_verify 104 +#define DSA_R_BAD_Q_VALUE 100 +#define DSA_R_MISSING_PARAMETERS 101 #define DSA_R_MODULUS_TOO_LARGE 102 -#define DSA_R_MISSING_PARAMETERS 103 +#define DSA_R_NEED_NEW_SETUP_VALUES 103 #endif /* OPENSSL_HEADER_DSA_H */ diff --git a/src/include/openssl/dtls1.h b/src/include/openssl/dtls1.h index 0fc3ae6..38ca801 100644 --- a/src/include/openssl/dtls1.h +++ b/src/include/openssl/dtls1.h @@ -1,255 +1,16 @@ -/* ssl/dtls1.h */ -/* - * DTLS implementation written by Nagendra Modadugu - * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. - */ -/* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). */ - -#ifndef HEADER_DTLS1_H -#define HEADER_DTLS1_H - -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - - -#define DTLS1_VERSION 0xFEFF -#define DTLS1_2_VERSION 0xFEFD - -/* lengths of messages */ -#define DTLS1_COOKIE_LENGTH 256 - -#define DTLS1_RT_HEADER_LENGTH 13 - -#define DTLS1_HM_HEADER_LENGTH 12 - -#define DTLS1_HM_BAD_FRAGMENT -2 -#define DTLS1_HM_FRAGMENT_RETRY -3 - -#define DTLS1_CCS_HEADER_LENGTH 1 - -#define DTLS1_AL_HEADER_LENGTH 2 - -#ifndef OPENSSL_NO_SSL_INTERN - - -#if defined(OPENSSL_WINDOWS) -/* Because of Windows header issues, we can't get the normal declaration of - * timeval. */ -typedef struct OPENSSL_timeval_st { - long tv_sec; - long tv_usec; -} OPENSSL_timeval; -#else -#include -typedef struct timeval OPENSSL_timeval; -#endif - -typedef struct dtls1_bitmap_st - { - /* map is a bit mask of the last 64 sequence numbers. Bit - * |1< + #include -#include -#include #if defined(__cplusplus) extern "C" { @@ -142,16 +142,18 @@ extern "C" { /* Startup and shutdown. */ -/* ERR_load_crypto_strings initialises the error string hash with builtin - * values. If this is not called then the string forms of errors produced by - * the functions below will contain numeric identifiers rather than - * human-readable strings. */ +/* ERR_load_BIO_strings does nothing. + * + * TODO(fork): remove. libjingle calls this. */ +OPENSSL_EXPORT void ERR_load_BIO_strings(void); + +/* ERR_load_ERR_strings does nothing. */ +OPENSSL_EXPORT void ERR_load_ERR_strings(void); + +/* ERR_load_crypto_strings does nothing. */ OPENSSL_EXPORT void ERR_load_crypto_strings(void); -/* ERR_free_strings frees any memory retained by the error system, expect for - * per-thread structures which are assumed to have already been freed with - * |ERR_remove_thread_state|. This should only be called at process - * shutdown. */ +/* ERR_free_strings does nothing. */ OPENSSL_EXPORT void ERR_free_strings(void); @@ -257,13 +259,21 @@ OPENSSL_EXPORT void ERR_print_errors_cb(ERR_print_errors_callback_t callback, void *ctx); +/* ERR_print_errors_fp prints the current contents of the error stack to |file| + * using human readable strings where possible. */ +OPENSSL_EXPORT void ERR_print_errors_fp(FILE *file); + /* Clearing errors. */ /* ERR_clear_error clears the error queue for the current thread. */ OPENSSL_EXPORT void ERR_clear_error(void); -/* ERR_remove_thread_state deletes the error queue for the given thread. If - * |tid| is NULL then the error queue for the current thread is deleted. */ +/* ERR_remove_thread_state clears the error queue for the current thread if + * |tid| is NULL. Otherwise it does nothing because it's no longer possible to + * delete the error queue for other threads. + * + * Error queues are thread-local data and are deleted automatically. You do not + * need to call this function. See |ERR_clear_error|. */ OPENSSL_EXPORT void ERR_remove_thread_state(const CRYPTO_THREADID *tid); @@ -357,9 +367,6 @@ struct err_error_st { /* ERR_STATE contains the per-thread, error queue. */ typedef struct err_state_st { - /* tid is the identifier of the thread that owns this queue. */ - CRYPTO_THREADID tid; - /* errors contains the ERR_NUM_ERRORS most recent errors, organised as a ring * buffer. */ struct err_error_st errors[ERR_NUM_ERRORS]; @@ -474,40 +481,6 @@ enum { #define ERR_GET_FUNC(packed_error) ((int)(((packed_error) >> 12) & 0xfff)) #define ERR_GET_REASON(packed_error) ((int)((packed_error) & 0xfff)) -/* ERR_STRING_DATA is the type of an lhash node that contains a mapping from a - * library, function or reason code to a string representation of it. */ -typedef struct err_string_data_st { - uint32_t error; - const char *string; -} ERR_STRING_DATA; - -/* ERR_load_strings loads an array of ERR_STRING_DATA into the hash table. The - * array must be terminated by an entry with a NULL string. */ -OPENSSL_EXPORT void ERR_load_strings(const ERR_STRING_DATA *str); - -/* ERR_FNS_st is a structure of function pointers that contains the actual - * implementation of the error queue handling functions. */ -struct ERR_FNS_st { - void (*shutdown)(void (*err_state_free_cb)(ERR_STATE*)); - ERR_STRING_DATA *(*get_item)(uint32_t packed_error); - ERR_STRING_DATA *(*set_item)(const ERR_STRING_DATA *); - ERR_STRING_DATA *(*del_item)(uint32_t packed_error); - - /* get_state returns the ERR_STATE for the current thread. This function - * never returns NULL. */ - ERR_STATE *(*get_state)(void); - - /* release_state returns the |ERR_STATE| for the given thread, or NULL if - * none exists. It the return value is not NULL, it also returns ownership of - * the |ERR_STATE| and deletes it from its data structures. */ - ERR_STATE *(*release_state)(const CRYPTO_THREADID *tid); - - /* get_next_library returns a unique value suitable for passing as the - * |library| to error calls. It will be distinct from all built-in library - * values. */ - int (*get_next_library)(void); -}; - /* OPENSSL_DECLARE_ERROR_REASON is used by util/make_errors.h (which generates * the error defines) to recognise that an additional reason value is needed. * This is needed when the reason value is used outside of an @@ -522,11 +495,6 @@ struct ERR_FNS_st { * ${lib}_F_${reason}. */ #define OPENSSL_DECLARE_ERROR_FUNCTION(lib, function_name) -/* ERR_load_BIO_strings does nothing. - * - * TODO(fork): remove. libjingle calls this. */ -OPENSSL_EXPORT void ERR_load_BIO_strings(void); - /* Android compatibility section. * diff --git a/src/include/openssl/evp.h b/src/include/openssl/evp.h index 39da689..54ad4be 100644 --- a/src/include/openssl/evp.h +++ b/src/include/openssl/evp.h @@ -58,7 +58,6 @@ #define OPENSSL_HEADER_EVP_H #include -#include /* OpenSSL included digest and cipher functions in this header so we include * them for users that still expect that. @@ -67,9 +66,7 @@ #include #include #include -#include #include -#include #if defined(__cplusplus) extern "C" { @@ -89,6 +86,9 @@ OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_new(void); * itself. */ OPENSSL_EXPORT void EVP_PKEY_free(EVP_PKEY *pkey); +/* EVP_PKEY_up_ref increments the reference count of |pkey| and returns it. */ +OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_up_ref(EVP_PKEY *pkey); + /* EVP_PKEY_is_opaque returns one if |pkey| is opaque. Opaque keys are backed by * custom implementations which do not expose key material and parameters. It is * an error to attempt to duplicate, export, or compare an opaque key. */ @@ -107,10 +107,6 @@ OPENSSL_EXPORT int EVP_PKEY_supports_digest(const EVP_PKEY *pkey, * function. */ OPENSSL_EXPORT int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); -/* EVP_PKEY_dup adds one to the reference count of |pkey| and returns - * |pkey|. */ -OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_dup(EVP_PKEY *pkey); - /* EVP_PKEY_copy_parameters sets the parameters of |to| to equal the parameters * of |from|. It returns one on success and zero on error. */ OPENSSL_EXPORT int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); @@ -119,12 +115,15 @@ OPENSSL_EXPORT int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); * parameters or zero if not, or if the algorithm doesn't take parameters. */ OPENSSL_EXPORT int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); -/* EVP_PKEY_size returns the "size", in bytes, of |pkey|. For example, for an - * RSA key this returns the number of bytes needed to represent the modulus. */ +/* EVP_PKEY_size returns the maximum size, in bytes, of a signature signed by + * |pkey|. For an RSA key, this returns the number of bytes needed to represent + * the modulus. For an EC key, this returns the maximum size of a DER-encoded + * ECDSA signature. */ OPENSSL_EXPORT int EVP_PKEY_size(const EVP_PKEY *pkey); -/* EVP_PKEY_bits returns the "size", in bits, of |pkey|. For example, for an - * RSA key, this returns the bit length of the modulus. */ +/* EVP_PKEY_bits returns the "size", in bits, of |pkey|. For an RSA key, this + * returns the bit length of the modulus. For an EC key, this returns the bit + * length of the group order. */ OPENSSL_EXPORT int EVP_PKEY_bits(EVP_PKEY *pkey); /* EVP_PKEY_id returns the type of |pkey|, which is one of the |EVP_PKEY_*| @@ -444,18 +443,6 @@ OPENSSL_EXPORT void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); * set. */ OPENSSL_EXPORT void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); -/* EVP_PKEY_CTX_ctrl performs |cmd| on |ctx|. The |keytype| and |optype| - * arguments can be -1 to specify that any type and operation are acceptable, - * otherwise |keytype| must match the type of |ctx| and the bits of |optype| - * must intersect the operation flags set on |ctx|. - * - * The |p1| and |p2| arguments depend on the value of |cmd|. - * - * It returns -2 if |cmd| is not recognised, -1 on error or a |cmd| specific - * value otherwise. */ -OPENSSL_EXPORT int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, - int cmd, int p1, void *p2); - /* EVP_PKEY_sign_init initialises an |EVP_PKEY_CTX| for a signing operation. It * should be called before |EVP_PKEY_sign|. * @@ -569,64 +556,28 @@ OPENSSL_EXPORT int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); OPENSSL_EXPORT int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); -/* EVP_PKEY_CTX_ctrl operations. - * - * These values are passed as the |cmd| argument to - * EVP_PKEY_CTX_ctrl */ - -/* Generic. */ +/* Generic control functions. */ /* EVP_PKEY_CTX_set_signature_md sets |md| as the digest to be used in a - * signature operation. It returns one on success or otherwise on error. See - * the return values of |EVP_PKEY_CTX_ctrl| for details. */ + * signature operation. It returns one on success or zero on error. */ OPENSSL_EXPORT int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); /* EVP_PKEY_CTX_get_signature_md sets |*out_md| to the digest to be used in a - * signature operation. It returns one on success or otherwise on error. See - * the return values of |EVP_PKEY_CTX_ctrl| for details. */ + * signature operation. It returns one on success or zero on error. */ OPENSSL_EXPORT int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **out_md); -/* EVP_PKEY_CTRL_DIGESTINIT is an internal value. It's called by - * EVP_DigestInit_ex to signal the |EVP_PKEY| that a digest operation is - * starting. */ -#define EVP_PKEY_CTRL_DIGESTINIT 3 - -/* EVP_PKEY_CTRL_PEER_KEY is called with different values of |p1|: - * 0: Is called from |EVP_PKEY_derive_set_peer| and |p2| contains a peer key. - * If the return value is <= 0, the key is rejected. - * 1: Is called at the end of |EVP_PKEY_derive_set_peer| and |p2| contains a - * peer key. If the return value is <= 0, the key is rejected. - * 2: Is called with |p2| == NULL to test whether the peer's key was used. - * (EC)DH always return one in this case. - * 3: Is called with |p2| == NULL to set whether the peer's key was used. - * (EC)DH always return one in this case. This was only used for GOST. */ -#define EVP_PKEY_CTRL_PEER_KEY 4 - -/* EVP_PKEY_CTRL_SET_MAC_KEY sets a MAC key. For example, this can be done an - * |EVP_PKEY_CTX| prior to calling |EVP_PKEY_keygen| in order to generate an - * HMAC |EVP_PKEY| with the given key. It returns one on success and zero on - * error. */ -#define EVP_PKEY_CTRL_SET_MAC_KEY 5 - -/* EVP_PKEY_ALG_CTRL is the base value from which key-type specific ctrl - * commands are numbered. */ -#define EVP_PKEY_ALG_CTRL 0x1000 - /* RSA specific control functions. */ /* EVP_PKEY_CTX_set_rsa_padding sets the padding type to use. It should be one - * of the |RSA_*_PADDING| values. Returns one on success or another value on - * error. See |EVP_PKEY_CTX_ctrl| for the other return values, which are - * non-standard. */ + * of the |RSA_*_PADDING| values. Returns one on success or zero on error. */ OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int padding); /* EVP_PKEY_CTX_get_rsa_padding sets |*out_padding| to the current padding * value, which is one of the |RSA_*_PADDING| values. Returns one on success or - * another value on error. See |EVP_PKEY_CTX_ctrl| for the other return values, - * which are non-standard. */ + * zero on error. */ OPENSSL_EXPORT int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *out_padding); @@ -635,8 +586,7 @@ OPENSSL_EXPORT int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, * in the signature. A value of -2 causes the salt to be the maximum length * that will fit. Otherwise the value gives the size of the salt in bytes. * - * Returns one on success or another value on error. See |EVP_PKEY_CTX_ctrl| - * for the other return values, which are non-standard. */ + * Returns one on success or zero on error. */ OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int salt_len); @@ -645,68 +595,68 @@ OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, * |EVP_PKEY_CTX_set_rsa_pss_saltlen| for details of the special values that it * can take. * - * Returns one on success or another value on error. See |EVP_PKEY_CTX_ctrl| - * for the other return values, which are non-standard. */ + * Returns one on success or zero on error. */ OPENSSL_EXPORT int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *out_salt_len); /* EVP_PKEY_CTX_set_rsa_keygen_bits sets the size of the desired RSA modulus, - * in bits, for key generation. Returns one on success or another value on - * error. See |EVP_PKEY_CTX_ctrl| for the other return values, which are - * non-standard. */ + * in bits, for key generation. Returns one on success or zero on + * error. */ OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int bits); /* EVP_PKEY_CTX_set_rsa_keygen_pubexp sets |e| as the public exponent for key - * generation. Returns one on success or another value on error. See - * |EVP_PKEY_CTX_ctrl| for the other return values, which are non-standard. */ + * generation. Returns one on success or zero on error. */ OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *e); /* EVP_PKEY_CTX_set_rsa_oaep_md sets |md| as the digest used in OAEP padding. - * Returns one on success or another value on error. See |EVP_PKEY_CTX_ctrl| - * for the other return values, which are non-standard. */ + * Returns one on success or zero on error. */ OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); /* EVP_PKEY_CTX_get_rsa_oaep_md sets |*out_md| to the digest function used in - * OAEP padding. Returns one on success or another value on error. See - * |EVP_PKEY_CTX_ctrl| for the other return values, which are non-standard. */ + * OAEP padding. Returns one on success or zero on error. */ OPENSSL_EXPORT int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **out_md); /* EVP_PKEY_CTX_set_rsa_mgf1_md sets |md| as the digest used in MGF1. Returns - * one on success or another value on error. See |EVP_PKEY_CTX_ctrl| for the - * other return values, which are non-standard. */ + * one on success or zero on error. */ OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); /* EVP_PKEY_CTX_get_rsa_mgf1_md sets |*out_md| to the digest function used in - * MGF1. Returns one on success or another value on error. See - * |EVP_PKEY_CTX_ctrl| for the other return values, which are non-standard. */ + * MGF1. Returns one on success or zero on error. */ OPENSSL_EXPORT int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **out_md); /* EVP_PKEY_CTX_set0_rsa_oaep_label sets |label_len| bytes from |label| as the - * label used in OAEP. DANGER: this call takes ownership of |label| and will - * call |free| on it when |ctx| is destroyed. + * label used in OAEP. DANGER: On success, this call takes ownership of |label| + * and will call |OPENSSL_free| on it when |ctx| is destroyed. * - * Returns one on success or another value on error. See |EVP_PKEY_CTX_ctrl| - * for the other return values, which are non-standard. */ + * Returns one on success or zero on error. */ OPENSSL_EXPORT int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, const uint8_t *label, size_t label_len); /* EVP_PKEY_CTX_get0_rsa_oaep_label sets |*out_label| to point to the internal * buffer containing the OAEP label (which may be NULL) and returns the length - * of the label or a negative value on error. */ + * of the label or a negative value on error. + * + * WARNING: the return value differs from the usual return value convention. */ OPENSSL_EXPORT int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, const uint8_t **out_label); -/* EC specific */ +/* Deprecated functions. */ -#define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 1) +/* EVP_PKEY_dup adds one to the reference count of |pkey| and returns + * |pkey|. + * + * WARNING: this is a |_dup| function that doesn't actually duplicate! Use + * |EVP_PKEY_up_ref| if you want to increment the reference count without + * confusion. */ +OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_dup(EVP_PKEY *pkey); /* Private functions */ @@ -734,9 +684,6 @@ struct evp_pkey_st { * which element (if any) of the |pkey| union is valid. */ int type; - /* TODO(fork): document */ - int save_type; - union { char *ptr; struct rsa_st *rsa; /* RSA */ @@ -745,16 +692,9 @@ struct evp_pkey_st { struct ec_key_st *ec; /* ECC */ } pkey; - ENGINE *engine; - - /* TODO(fork): document */ - int save_parameters; /* ameth contains a pointer to a method table that contains many ASN.1 * methods for the key type. */ const EVP_PKEY_ASN1_METHOD *ameth; - - /* TODO(fork): document; */ - STACK_OF(X509_ATTRIBUTE) * attributes; /* [ 0 ] */ } /* EVP_PKEY */; @@ -762,105 +702,105 @@ struct evp_pkey_st { } /* extern C */ #endif -#define EVP_F_rsa_item_verify 100 -#define EVP_F_do_sigver_init 101 -#define EVP_F_eckey_priv_decode 102 -#define EVP_F_pkey_ec_sign 103 -#define EVP_F_EVP_PKEY_sign_init 104 -#define EVP_F_d2i_PrivateKey 105 -#define EVP_F_rsa_priv_encode 106 -#define EVP_F_rsa_mgf1_to_md 107 -#define EVP_F_EVP_PKEY_get1_DH 108 -#define EVP_F_EVP_PKEY_sign 109 -#define EVP_F_old_ec_priv_decode 110 -#define EVP_F_EVP_PKEY_get1_RSA 111 -#define EVP_F_pkey_ec_ctrl 112 -#define EVP_F_evp_pkey_ctx_new 113 -#define EVP_F_EVP_PKEY_verify 114 -#define EVP_F_EVP_PKEY_encrypt 115 +#define EVP_F_EVP_PKEY_derive_init 108 +#define EVP_F_EVP_PKEY_encrypt 110 +#define EVP_F_EVP_PKEY_encrypt_init 111 +#define EVP_F_EVP_PKEY_get1_DH 112 +#define EVP_F_EVP_PKEY_get1_EC_KEY 114 +#define EVP_F_EVP_PKEY_get1_RSA 115 #define EVP_F_EVP_PKEY_keygen 116 -#define EVP_F_eckey_type2param 117 -#define EVP_F_eckey_priv_encode 118 -#define EVP_F_do_EC_KEY_print 119 -#define EVP_F_pkey_ec_keygen 120 -#define EVP_F_EVP_PKEY_encrypt_init 121 -#define EVP_F_pkey_rsa_ctrl 122 -#define EVP_F_rsa_priv_decode 123 -#define EVP_F_rsa_pss_to_ctx 124 -#define EVP_F_EVP_PKEY_get1_EC_KEY 125 -#define EVP_F_EVP_PKEY_verify_init 126 -#define EVP_F_EVP_PKEY_derive_init 127 -#define EVP_F_eckey_param2type 128 -#define EVP_F_eckey_pub_decode 129 -#define EVP_F_d2i_AutoPrivateKey 130 +#define EVP_F_EVP_PKEY_sign 120 +#define EVP_F_EVP_PKEY_sign_init 121 +#define EVP_F_EVP_PKEY_verify 122 +#define EVP_F_EVP_PKEY_verify_init 123 +#define EVP_F_d2i_AutoPrivateKey 125 +#define EVP_F_d2i_PrivateKey 126 +#define EVP_F_do_EC_KEY_print 127 +#define EVP_F_do_sigver_init 129 +#define EVP_F_eckey_param2type 130 #define EVP_F_eckey_param_decode 131 -#define EVP_F_EVP_PKEY_new 132 -#define EVP_F_pkey_ec_derive 133 -#define EVP_F_pkey_ec_paramgen 134 -#define EVP_F_EVP_PKEY_CTX_ctrl 135 -#define EVP_F_EVP_PKEY_decrypt_init 136 -#define EVP_F_EVP_PKEY_decrypt 137 -#define EVP_F_EVP_PKEY_copy_parameters 138 -#define EVP_F_EVP_PKEY_set_type 139 -#define EVP_F_EVP_PKEY_derive 140 -#define EVP_F_EVP_PKEY_keygen_init 141 -#define EVP_F_do_rsa_print 142 -#define EVP_F_old_rsa_priv_decode 143 -#define EVP_F_rsa_algor_to_md 144 -#define EVP_F_eckey_pub_encode 145 -#define EVP_F_EVP_PKEY_derive_set_peer 146 -#define EVP_F_pkey_rsa_sign 147 -#define EVP_F_check_padding_md 148 -#define EVP_F_i2d_PublicKey 149 -#define EVP_F_rsa_pub_decode 150 -#define EVP_F_EVP_PKEY_get1_DSA 151 -#define EVP_F_pkey_rsa_encrypt 152 -#define EVP_F_pkey_rsa_decrypt 153 -#define EVP_F_hmac_signctx 154 -#define EVP_F_EVP_DigestVerifyInitFromAlgorithm 155 -#define EVP_F_EVP_DigestSignAlgorithm 156 -#define EVP_F_rsa_digest_verify_init_from_algorithm 157 -#define EVP_F_EVP_PKEY_CTX_dup 158 -#define EVP_R_UNSUPPORTED_PUBLIC_KEY_TYPE 100 -#define EVP_R_UNSUPPORTED_SIGNATURE_TYPE 101 -#define EVP_R_INVALID_DIGEST_TYPE 102 -#define EVP_R_EXPECTING_A_DH_KEY 103 -#define EVP_R_OPERATON_NOT_INITIALIZED 104 -#define EVP_R_MISSING_PARAMETERS 105 -#define EVP_R_NO_DEFAULT_DIGEST 106 -#define EVP_R_UNKNOWN_DIGEST 107 -#define EVP_R_KEYS_NOT_SET 108 -#define EVP_R_X931_UNSUPPORTED 109 -#define EVP_R_DIGEST_DOES_NOT_MATCH 110 -#define EVP_R_DIFFERENT_PARAMETERS 111 -#define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 112 -#define EVP_R_DIFFERENT_KEY_TYPES 113 -#define EVP_R_NO_PARAMETERS_SET 114 -#define EVP_R_NO_NID_FOR_CURVE 115 -#define EVP_R_NO_OPERATION_SET 116 -#define EVP_R_UNSUPPORTED_ALGORITHM 117 -#define EVP_R_EXPECTING_AN_DSA_KEY 118 -#define EVP_R_UNKNOWN_MASK_DIGEST 119 -#define EVP_R_INVALID_SALT_LENGTH 120 -#define EVP_R_BUFFER_TOO_SMALL 121 -#define EVP_R_INVALID_PADDING_MODE 122 -#define EVP_R_INVALID_MGF1_MD 123 -#define EVP_R_SHARED_INFO_ERROR 124 -#define EVP_R_INVALID_KEYBITS 125 -#define EVP_R_PEER_KEY_ERROR 126 -#define EVP_R_EXPECTING_A_DSA_KEY 127 -#define EVP_R_UNSUPPORTED_MASK_ALGORITHM 128 -#define EVP_R_EXPECTING_AN_EC_KEY_KEY 129 -#define EVP_R_INVALID_TRAILER 130 -#define EVP_R_INVALID_DIGEST_LENGTH 131 -#define EVP_R_COMMAND_NOT_SUPPORTED 132 -#define EVP_R_EXPLICIT_EC_PARAMETERS_NOT_SUPPORTED 133 -#define EVP_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 134 -#define EVP_R_NO_MDC2_SUPPORT 135 -#define EVP_R_INVALID_CURVE 136 -#define EVP_R_NO_KEY_SET 137 -#define EVP_R_INVALID_PSS_PARAMETERS 138 -#define EVP_R_KDF_PARAMETER_ERROR 139 +#define EVP_F_eckey_priv_decode 132 +#define EVP_F_eckey_priv_encode 133 +#define EVP_F_eckey_pub_decode 134 +#define EVP_F_eckey_pub_encode 135 +#define EVP_F_eckey_type2param 136 +#define EVP_F_evp_pkey_ctx_new 137 +#define EVP_F_hmac_signctx 138 +#define EVP_F_i2d_PublicKey 139 +#define EVP_F_old_ec_priv_decode 140 +#define EVP_F_old_rsa_priv_decode 141 +#define EVP_F_pkey_ec_ctrl 142 +#define EVP_F_pkey_ec_derive 143 +#define EVP_F_pkey_ec_keygen 144 +#define EVP_F_pkey_ec_paramgen 145 +#define EVP_F_pkey_ec_sign 146 +#define EVP_F_pkey_rsa_ctrl 147 +#define EVP_F_pkey_rsa_decrypt 148 +#define EVP_F_pkey_rsa_encrypt 149 +#define EVP_F_pkey_rsa_sign 150 +#define EVP_F_rsa_algor_to_md 151 +#define EVP_F_rsa_digest_verify_init_from_algorithm 152 +#define EVP_F_rsa_mgf1_to_md 153 +#define EVP_F_rsa_priv_decode 154 +#define EVP_F_rsa_priv_encode 155 +#define EVP_F_rsa_pss_to_ctx 156 +#define EVP_F_rsa_pub_decode 157 +#define EVP_F_pkey_hmac_ctrl 158 +#define EVP_F_EVP_PKEY_CTX_get0_rsa_oaep_label 159 +#define EVP_F_EVP_DigestSignAlgorithm 160 +#define EVP_F_EVP_DigestVerifyInitFromAlgorithm 161 +#define EVP_F_EVP_PKEY_CTX_ctrl 162 +#define EVP_F_EVP_PKEY_CTX_dup 163 +#define EVP_F_EVP_PKEY_copy_parameters 164 +#define EVP_F_EVP_PKEY_decrypt 165 +#define EVP_F_EVP_PKEY_decrypt_init 166 +#define EVP_F_EVP_PKEY_derive 167 +#define EVP_F_EVP_PKEY_derive_set_peer 168 +#define EVP_F_EVP_PKEY_get1_DSA 169 +#define EVP_F_EVP_PKEY_keygen_init 170 +#define EVP_F_EVP_PKEY_new 171 +#define EVP_F_EVP_PKEY_set_type 172 +#define EVP_F_check_padding_md 173 +#define EVP_F_do_dsa_print 174 +#define EVP_F_do_rsa_print 175 +#define EVP_F_dsa_param_decode 176 +#define EVP_F_dsa_priv_decode 177 +#define EVP_F_dsa_priv_encode 178 +#define EVP_F_dsa_pub_decode 179 +#define EVP_F_dsa_pub_encode 180 +#define EVP_F_dsa_sig_print 181 +#define EVP_F_old_dsa_priv_decode 182 +#define EVP_R_BUFFER_TOO_SMALL 100 +#define EVP_R_COMMAND_NOT_SUPPORTED 101 +#define EVP_R_DIFFERENT_KEY_TYPES 104 +#define EVP_R_DIFFERENT_PARAMETERS 105 +#define EVP_R_EXPECTING_AN_EC_KEY_KEY 107 +#define EVP_R_EXPECTING_A_DH_KEY 109 +#define EVP_R_EXPECTING_A_DSA_KEY 110 +#define EVP_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 111 +#define EVP_R_INVALID_CURVE 112 +#define EVP_R_INVALID_DIGEST_LENGTH 113 +#define EVP_R_INVALID_DIGEST_TYPE 114 +#define EVP_R_INVALID_KEYBITS 115 +#define EVP_R_INVALID_MGF1_MD 116 +#define EVP_R_INVALID_PADDING_MODE 118 +#define EVP_R_INVALID_PSS_PARAMETERS 119 +#define EVP_R_INVALID_SALT_LENGTH 121 +#define EVP_R_INVALID_TRAILER 122 +#define EVP_R_KEYS_NOT_SET 123 +#define EVP_R_MISSING_PARAMETERS 124 +#define EVP_R_NO_DEFAULT_DIGEST 125 +#define EVP_R_NO_KEY_SET 126 +#define EVP_R_NO_MDC2_SUPPORT 127 +#define EVP_R_NO_NID_FOR_CURVE 128 +#define EVP_R_NO_OPERATION_SET 129 +#define EVP_R_NO_PARAMETERS_SET 130 +#define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 131 +#define EVP_R_OPERATON_NOT_INITIALIZED 132 +#define EVP_R_UNKNOWN_DIGEST 133 +#define EVP_R_UNKNOWN_MASK_DIGEST 134 +#define EVP_R_UNSUPPORTED_ALGORITHM 138 +#define EVP_R_UNSUPPORTED_MASK_ALGORITHM 139 #define EVP_R_UNSUPPORTED_MASK_PARAMETER 140 #define EVP_R_EXPECTING_AN_RSA_KEY 141 #define EVP_R_INVALID_OPERATION 142 @@ -872,5 +812,9 @@ struct evp_pkey_st { #define EVP_R_WRONG_PUBLIC_KEY_TYPE 148 #define EVP_R_UNKNOWN_SIGNATURE_ALGORITHM 149 #define EVP_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 150 +#define EVP_R_BN_DECODE_ERROR 151 +#define EVP_R_PARAMETER_ENCODING_ERROR 152 +#define EVP_R_UNSUPPORTED_PUBLIC_KEY_TYPE 153 +#define EVP_R_UNSUPPORTED_SIGNATURE_TYPE 154 #endif /* OPENSSL_HEADER_EVP_H */ diff --git a/src/include/openssl/ex_data.h b/src/include/openssl/ex_data.h index f61501a..2303eb4 100644 --- a/src/include/openssl/ex_data.h +++ b/src/include/openssl/ex_data.h @@ -119,21 +119,51 @@ extern "C" { /* ex_data is a mechanism for associating arbitrary extra data with objects. - * The different types of objects which can have data associated with them are - * called "classes" and there are predefined classes for all the OpenSSL - * objects that support ex_data. - * - * Within a given class, different users can be assigned indexes in which to - * store their data. Each index has callback functions that are called when a - * new object of that type is created, freed and duplicated. */ + * For each type of object that supports ex_data, different users can be + * assigned indexes in which to store their data. Each index has callback + * functions that are called when a new object of that type is created, freed + * and duplicated. */ typedef struct crypto_ex_data_st CRYPTO_EX_DATA; + +/* Type-specific functions. + * + * Each type that supports ex_data provides three functions: */ + +#if 0 /* Sample */ + +/* |TYPE_get_ex_new_index| allocates a new index for |TYPE|. See the + * descriptions of the callback typedefs for details of when they are + * called. Any of the callback arguments may be NULL. The |argl| and |argp| + * arguments are opaque values that are passed to the callbacks. It returns the + * new index or a negative number on error. + * + * TODO(fork): this should follow the standard calling convention. */ +OPENSSL_EXPORT int TYPE_get_ex_new_index(long argl, void *argp, + CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); + +/* |TYPE_set_ex_data| sets an extra data pointer on |t|. The |index| argument + * should have been returned from a previous call to |TYPE_get_ex_new_index|. */ +OPENSSL_EXPORT int TYPE_set_ex_data(TYPE *t, int index, void *arg); + +/* |TYPE_get_ex_data| returns an extra data pointer for |t|, or NULL if no such + * pointer exists. The |index| argument should have been returned from a + * previous call to |TYPE_get_ex_new_index|. */ +OPENSSL_EXPORT void *TYPE_get_ex_data(const TYPE *t, int index); + +#endif /* Sample */ + + +/* Callback types. */ + /* CRYPTO_EX_new is the type of a callback function that is called whenever a * new object of a given class is created. For example, if this callback has - * been passed to |CRYPTO_get_ex_new_index| with a |class| of - * |CRYPTO_EX_INDEX_SSL| then it'll be called each time an SSL* is created. + * been passed to |SSL_get_ex_new_index| then it'll be called each time an SSL* + * is created. * * The callback is passed the new object (i.e. the SSL*) in |parent|. The * arguments |argl| and |argp| contain opaque values that were given to @@ -166,126 +196,10 @@ typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, void **from_d, int index, long argl, void *argp); -/* CRYPTO_get_ex_new_index allocates a new index for ex_data linked with - * objects of the given |class|. This should not be called directly, rather - * each class of object should provide a wrapper function that sets - * |class_value| correctly. - * - * The |class_value| argument should be one of |CRYPTO_EX_INDEX_*| or a - * user-defined class value returned from |CRYPTO_ex_data_new_class|. - * - * See the descriptions of the callback typedefs for details of when they are - * called. Any of the callback arguments may be NULL. The |argl| and |argp| - * arguments are opaque values that are passed to the callbacks. - * - * It returns the new index, or a negative number on error. - * - * TODO(fork): this should follow the standard calling convention. - * - * TODO(fork): replace the class_value with a pointer to EX_CLASS_ITEM. Saves - * having that hash table and some of the lock-bouncing. Maybe have every - * module have a private global EX_CLASS_ITEM somewhere and any direct callers - * of CRYPTO_{get,set}_ex_data{,_index} would have to always call the - * wrappers. */ -OPENSSL_EXPORT int CRYPTO_get_ex_new_index(int class_value, long argl, - void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); - -/* CRYPTO_set_ex_data sets an extra data pointer on a given object. This should - * not be called directly, rather each class of object should provide a wrapper - * function. - * - * The |index| argument should have been returned from a previous call to - * |CRYPTO_get_ex_new_index|. */ -OPENSSL_EXPORT int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int index, void *val); - -/* CRYPTO_set_ex_data return an extra data pointer for a given object, or NULL - * if no such index exists. This should not be called directly, rather each - * class of object should provide a wrapper function. - * - * The |index| argument should have been returned from a previous call to - * |CRYPTO_get_ex_new_index|. */ -OPENSSL_EXPORT void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int index); - -/* CRYPTO_EX_INDEX_* are the built-in classes of objects. - * - * User defined classes start at 100. - * - * TODO(fork): WARNING: these are called "INDEX", but they aren't! */ -#define CRYPTO_EX_INDEX_BIO 0 -#define CRYPTO_EX_INDEX_SSL 1 -#define CRYPTO_EX_INDEX_SSL_CTX 2 -#define CRYPTO_EX_INDEX_SSL_SESSION 3 -#define CRYPTO_EX_INDEX_X509_STORE 4 -#define CRYPTO_EX_INDEX_X509_STORE_CTX 5 -#define CRYPTO_EX_INDEX_RSA 6 -#define CRYPTO_EX_INDEX_DSA 7 -#define CRYPTO_EX_INDEX_DH 8 -#define CRYPTO_EX_INDEX_ENGINE 9 -#define CRYPTO_EX_INDEX_X509 10 -#define CRYPTO_EX_INDEX_UI 11 -#define CRYPTO_EX_INDEX_EC_KEY 12 -#define CRYPTO_EX_INDEX_EC_GROUP 13 -#define CRYPTO_EX_INDEX_COMP 14 -#define CRYPTO_EX_INDEX_STORE 15 - - -/* User-defined classes of objects. - * - * Core OpenSSL code has predefined class values given above (the - * |CRYPTO_EX_INDEX_*| values). It's possible to get dynamic class values - * assigned for user-defined objects. */ - -/* CRYPTO_ex_data_new_class returns a fresh class value for a user-defined type - * that wishes to use ex_data. - * - * TODO(fork): hopefully remove this. */ -OPENSSL_EXPORT int CRYPTO_ex_data_new_class(void); - - -/* Embedding, allocating and freeing |CRYPTO_EX_DATA| structures for objects - * that embed them. */ - -/* CRYPTO_new_ex_data initialises a newly allocated |CRYPTO_EX_DATA| which is - * embedded inside of |obj| which is of class |class_value|. Returns one on - * success and zero otherwise. */ -OPENSSL_EXPORT int CRYPTO_new_ex_data(int class_value, void *obj, - CRYPTO_EX_DATA *ad); - -/* CRYPTO_dup_ex_data duplicates |from| into a freshly allocated - * |CRYPTO_EX_DATA|, |to|. Both of which are inside objects of the given - * class. It returns one on success and zero otherwise. */ -OPENSSL_EXPORT int CRYPTO_dup_ex_data(int class_value, CRYPTO_EX_DATA *to, - const CRYPTO_EX_DATA *from); - -/* CRYPTO_free_ex_data frees |ad|, which is embedded inside |obj|, which is an - * object of the given class. */ -OPENSSL_EXPORT void CRYPTO_free_ex_data(int class_value, void *obj, - CRYPTO_EX_DATA *ad); - - -/* Handling different ex_data implementations. */ - -/* CRYPTO_EX_DATA_IMPL is the opaque type of an implementation of ex_data. */ -typedef struct st_CRYPTO_EX_DATA_IMPL CRYPTO_EX_DATA_IMPL; - -/* CRYPTO_get_ex_data_implementation returns the current implementation of - * ex_data. */ -OPENSSL_EXPORT const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation( - void); - -/* CRYPTO_set_ex_data_implementation sets the implementation of ex_data to use, - * unless ex_data has already been used and the default implementation - * installed. It returns one on success and zero otherwise. */ -OPENSSL_EXPORT int CRYPTO_set_ex_data_implementation( - const CRYPTO_EX_DATA_IMPL *impl); - -/* Private functions. */ +/* Deprecated functions. */ -/* CRYPTO_cleanup_all_ex_data cleans up all ex_data state. It assumes that no - * other threads are executing code that might call ex_data functions. */ +/* CRYPTO_cleanup_all_ex_data does nothing. */ OPENSSL_EXPORT void CRYPTO_cleanup_all_ex_data(void); struct crypto_ex_data_st { diff --git a/src/include/openssl/hmac.h b/src/include/openssl/hmac.h index 6c34cdc..89cdf8f 100644 --- a/src/include/openssl/hmac.h +++ b/src/include/openssl/hmac.h @@ -94,9 +94,14 @@ OPENSSL_EXPORT void HMAC_CTX_init(HMAC_CTX *ctx); OPENSSL_EXPORT void HMAC_CTX_cleanup(HMAC_CTX *ctx); /* HMAC_Init_ex sets up an initialised |HMAC_CTX| to use |md| as the hash - * function and |key| as the key. Any of |md| or |key| can be NULL, in which - * case the previous value will be used. It returns one on success or zero - * otherwise. */ + * function and |key| as the key. For a non-initial call, |md| may be NULL, in + * which case the previous hash function will be used. If the hash function has + * not changed and |key| is NULL, |ctx| reuses the previous key. It returns one + * on success or zero otherwise. + * + * WARNING: NULL and empty keys are ambiguous on non-initial calls. Passing NULL + * |key| but repeating the previous |md| reuses the previous key rather than the + * empty key. */ OPENSSL_EXPORT int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, size_t key_len, const EVP_MD *md, ENGINE *impl); @@ -152,8 +157,6 @@ struct hmac_ctx_st { EVP_MD_CTX md_ctx; EVP_MD_CTX i_ctx; EVP_MD_CTX o_ctx; - unsigned int key_length; - unsigned char key[HMAC_MAX_MD_CBLOCK]; } /* HMAC_CTX */; diff --git a/src/include/openssl/lhash.h b/src/include/openssl/lhash.h index c8628d1..d2ee982 100644 --- a/src/include/openssl/lhash.h +++ b/src/include/openssl/lhash.h @@ -96,9 +96,6 @@ extern "C" { * * LHASH_OF:ASN1_OBJECT * LHASH_OF:CONF_VALUE - * LHASH_OF:ERR_STATE - * LHASH_OF:ERR_STRING_DATA - * LHASH_OF:EX_CLASS_ITEM * LHASH_OF:SSL_SESSION */ #define IN_LHASH_H diff --git a/src/include/openssl/lhash_macros.h b/src/include/openssl/lhash_macros.h index f84b5ed..1d98107 100644 --- a/src/include/openssl/lhash_macros.h +++ b/src/include/openssl/lhash_macros.h @@ -92,122 +92,6 @@ void (*)(CONF_VALUE *, void *), func), \ arg); -/* ERR_STATE */ -#define lh_ERR_STATE_new(hash, comp) \ - ((LHASH_OF(ERR_STATE) *)lh_new( \ - CHECKED_CAST(lhash_hash_func, uint32_t (*)(const ERR_STATE *), hash), \ - CHECKED_CAST(lhash_cmp_func, \ - int (*)(const ERR_STATE *a, const ERR_STATE *b), comp))) - -#define lh_ERR_STATE_free(lh) \ - lh_free(CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STATE) *, lh)); - -#define lh_ERR_STATE_num_items(lh) \ - lh_num_items(CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STATE) *, lh)) - -#define lh_ERR_STATE_retrieve(lh, data) \ - ((ERR_STATE *)lh_retrieve(CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STATE) *, lh), \ - CHECKED_CAST(void *, ERR_STATE *, data))) - -#define lh_ERR_STATE_insert(lh, old_data, data) \ - lh_insert(CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STATE) *, lh), \ - CHECKED_CAST(void **, ERR_STATE **, old_data), \ - CHECKED_CAST(void *, ERR_STATE *, data)) - -#define lh_ERR_STATE_delete(lh, data) \ - ((ERR_STATE *)lh_delete(CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STATE) *, lh), \ - CHECKED_CAST(void *, ERR_STATE *, data))) - -#define lh_ERR_STATE_doall(lh, func) \ - lh_doall(CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STATE) *, lh), \ - CHECKED_CAST(void (*)(void *), void (*)(ERR_STATE *), func)); - -#define lh_ERR_STATE_doall_arg(lh, func, arg) \ - lh_doall_arg(CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STATE) *, lh), \ - CHECKED_CAST(void (*)(void *, void *), \ - void (*)(ERR_STATE *, void *), func), \ - arg); - -/* ERR_STRING_DATA */ -#define lh_ERR_STRING_DATA_new(hash, comp) \ - ((LHASH_OF(ERR_STRING_DATA) *)lh_new( \ - CHECKED_CAST(lhash_hash_func, uint32_t (*)(const ERR_STRING_DATA *), \ - hash), \ - CHECKED_CAST( \ - lhash_cmp_func, \ - int (*)(const ERR_STRING_DATA *a, const ERR_STRING_DATA *b), comp))) - -#define lh_ERR_STRING_DATA_free(lh) \ - lh_free(CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STRING_DATA) *, lh)); - -#define lh_ERR_STRING_DATA_num_items(lh) \ - lh_num_items(CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STRING_DATA) *, lh)) - -#define lh_ERR_STRING_DATA_retrieve(lh, data) \ - ((ERR_STRING_DATA *)lh_retrieve( \ - CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STRING_DATA) *, lh), \ - CHECKED_CAST(void *, ERR_STRING_DATA *, data))) - -#define lh_ERR_STRING_DATA_insert(lh, old_data, data) \ - lh_insert(CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STRING_DATA) *, lh), \ - CHECKED_CAST(void **, ERR_STRING_DATA **, old_data), \ - CHECKED_CAST(void *, ERR_STRING_DATA *, data)) - -#define lh_ERR_STRING_DATA_delete(lh, data) \ - ((ERR_STRING_DATA *)lh_delete( \ - CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STRING_DATA) *, lh), \ - CHECKED_CAST(void *, ERR_STRING_DATA *, data))) - -#define lh_ERR_STRING_DATA_doall(lh, func) \ - lh_doall(CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STRING_DATA) *, lh), \ - CHECKED_CAST(void (*)(void *), void (*)(ERR_STRING_DATA *), func)); - -#define lh_ERR_STRING_DATA_doall_arg(lh, func, arg) \ - lh_doall_arg(CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STRING_DATA) *, lh), \ - CHECKED_CAST(void (*)(void *, void *), \ - void (*)(ERR_STRING_DATA *, void *), func), \ - arg); - -/* EX_CLASS_ITEM */ -#define lh_EX_CLASS_ITEM_new(hash, comp) \ - ((LHASH_OF(EX_CLASS_ITEM) *)lh_new( \ - CHECKED_CAST(lhash_hash_func, uint32_t (*)(const EX_CLASS_ITEM *), \ - hash), \ - CHECKED_CAST(lhash_cmp_func, \ - int (*)(const EX_CLASS_ITEM *a, const EX_CLASS_ITEM *b), \ - comp))) - -#define lh_EX_CLASS_ITEM_free(lh) \ - lh_free(CHECKED_CAST(_LHASH *, LHASH_OF(EX_CLASS_ITEM) *, lh)); - -#define lh_EX_CLASS_ITEM_num_items(lh) \ - lh_num_items(CHECKED_CAST(_LHASH *, LHASH_OF(EX_CLASS_ITEM) *, lh)) - -#define lh_EX_CLASS_ITEM_retrieve(lh, data) \ - ((EX_CLASS_ITEM *)lh_retrieve( \ - CHECKED_CAST(_LHASH *, LHASH_OF(EX_CLASS_ITEM) *, lh), \ - CHECKED_CAST(void *, EX_CLASS_ITEM *, data))) - -#define lh_EX_CLASS_ITEM_insert(lh, old_data, data) \ - lh_insert(CHECKED_CAST(_LHASH *, LHASH_OF(EX_CLASS_ITEM) *, lh), \ - CHECKED_CAST(void **, EX_CLASS_ITEM **, old_data), \ - CHECKED_CAST(void *, EX_CLASS_ITEM *, data)) - -#define lh_EX_CLASS_ITEM_delete(lh, data) \ - ((EX_CLASS_ITEM *)lh_delete( \ - CHECKED_CAST(_LHASH *, LHASH_OF(EX_CLASS_ITEM) *, lh), \ - CHECKED_CAST(void *, EX_CLASS_ITEM *, data))) - -#define lh_EX_CLASS_ITEM_doall(lh, func) \ - lh_doall(CHECKED_CAST(_LHASH *, LHASH_OF(EX_CLASS_ITEM) *, lh), \ - CHECKED_CAST(void (*)(void *), void (*)(EX_CLASS_ITEM *), func)); - -#define lh_EX_CLASS_ITEM_doall_arg(lh, func, arg) \ - lh_doall_arg(CHECKED_CAST(_LHASH *, LHASH_OF(EX_CLASS_ITEM) *, lh), \ - CHECKED_CAST(void (*)(void *, void *), \ - void (*)(EX_CLASS_ITEM *, void *), func), \ - arg); - /* SSL_SESSION */ #define lh_SSL_SESSION_new(hash, comp) \ ((LHASH_OF(SSL_SESSION) *)lh_new( \ diff --git a/src/include/openssl/mem.h b/src/include/openssl/mem.h index 3bd01c0..42ec46a 100644 --- a/src/include/openssl/mem.h +++ b/src/include/openssl/mem.h @@ -58,6 +58,7 @@ #include +#include #include #if defined(__cplusplus) diff --git a/src/include/openssl/obj.h b/src/include/openssl/obj.h index 5dd8886..f476617 100644 --- a/src/include/openssl/obj.h +++ b/src/include/openssl/obj.h @@ -193,10 +193,10 @@ OPENSSL_EXPORT int OBJ_find_sigid_by_algs(int *out_sign_nid, int digest_nid, } /* extern C */ #endif -#define OBJ_F_OBJ_txt2obj 100 -#define OBJ_F_OBJ_create 101 -#define OBJ_F_OBJ_dup 102 -#define OBJ_F_OBJ_nid2obj 103 +#define OBJ_F_OBJ_create 100 +#define OBJ_F_OBJ_dup 101 +#define OBJ_F_OBJ_nid2obj 102 +#define OBJ_F_OBJ_txt2obj 103 #define OBJ_R_UNKNOWN_NID 100 #endif /* OPENSSL_HEADER_OBJECTS_H */ diff --git a/src/include/openssl/opensslfeatures.h b/src/include/openssl/opensslfeatures.h index 4f5cb31..c3f97d5 100644 --- a/src/include/openssl/opensslfeatures.h +++ b/src/include/openssl/opensslfeatures.h @@ -22,12 +22,15 @@ #define OPENSSL_NO_BF #define OPENSSL_NO_BUF_FREELISTS #define OPENSSL_NO_CAMELLIA +#define OPENSSL_NO_CAPIENG #define OPENSSL_NO_CAST #define OPENSSL_NO_CMS #define OPENSSL_NO_COMP #define OPENSSL_NO_DANE #define OPENSSL_NO_DEPRECATED #define OPENSSL_NO_DYNAMIC_ENGINE +#define OPENSSL_NO_EC_NISTP_64_GCC_128 +#define OPENSSL_NO_EC2M #define OPENSSL_NO_ENGINE #define OPENSSL_NO_GMP #define OPENSSL_NO_GOST @@ -38,11 +41,13 @@ #define OPENSSL_NO_KRB5 #define OPENSSL_NO_MD2 #define OPENSSL_NO_MDC2 +#define OPENSSL_NO_OCB #define OPENSSL_NO_OCSP #define OPENSSL_NO_RC2 #define OPENSSL_NO_RC5 #define OPENSSL_NO_RFC3779 #define OPENSSL_NO_RIPEMD +#define OPENSSL_NO_RMD160 #define OPENSSL_NO_SCTP #define OPENSSL_NO_SEED #define OPENSSL_NO_SRP diff --git a/src/include/openssl/opensslv.h b/src/include/openssl/opensslv.h index a3555d4..22f7e25 100644 --- a/src/include/openssl/opensslv.h +++ b/src/include/openssl/opensslv.h @@ -15,4 +15,4 @@ /* This header is provided in order to make compiling against code that expects OpenSSL easier. */ -#include "crypto.h" +#include "ssl.h" diff --git a/src/include/openssl/pem.h b/src/include/openssl/pem.h index 5f61cab..adc8d86 100644 --- a/src/include/openssl/pem.h +++ b/src/include/openssl/pem.h @@ -502,57 +502,44 @@ void ERR_load_PEM_strings(void); } #endif -#define PEM_F_PEM_read_bio_DHparams 100 -#define PEM_F_load_iv 101 -#define PEM_F_PEM_write 102 -#define PEM_F_do_pk8pkey_fp 103 -#define PEM_F_PEM_read_PrivateKey 104 -#define PEM_F_PEM_read_DHparams 105 -#define PEM_F_PEM_ASN1_read_bio 106 -#define PEM_F_PEM_ASN1_read 107 +#define PEM_F_PEM_ASN1_read 100 +#define PEM_F_PEM_ASN1_read_bio 101 +#define PEM_F_PEM_ASN1_write 102 +#define PEM_F_PEM_ASN1_write_bio 103 +#define PEM_F_PEM_X509_INFO_read 104 +#define PEM_F_PEM_X509_INFO_read_bio 105 +#define PEM_F_PEM_X509_INFO_write_bio 106 +#define PEM_F_PEM_do_header 107 #define PEM_F_PEM_get_EVP_CIPHER_INFO 108 -#define PEM_F_PEM_X509_INFO_read 109 -#define PEM_F_PEM_read_bio_Parameters 110 -#define PEM_F_PEM_read 111 -#define PEM_F_PEM_X509_INFO_read_bio 112 -#define PEM_F_PEM_X509_INFO_write_bio 113 -#define PEM_F_PEM_ASN1_write 114 -#define PEM_F_d2i_PKCS8PrivateKey_bio 115 -#define PEM_F_d2i_PKCS8PrivateKey_fp 116 -#define PEM_F_PEM_read_bio_PrivateKey 117 -#define PEM_F_PEM_write_PrivateKey 118 -#define PEM_F_PEM_ASN1_write_bio 119 -#define PEM_F_PEM_do_header 120 -#define PEM_F_PEM_write_bio 121 -#define PEM_F_do_pk8pkey 122 -#define PEM_F_PEM_read_bio 123 -#define PEM_R_NO_START_LINE 100 -#define PEM_R_NOT_PROC_TYPE 101 -#define PEM_R_SHORT_HEADER 102 +#define PEM_F_PEM_read 109 +#define PEM_F_PEM_read_DHparams 110 +#define PEM_F_PEM_read_PrivateKey 111 +#define PEM_F_PEM_read_bio 112 +#define PEM_F_PEM_read_bio_DHparams 113 +#define PEM_F_PEM_read_bio_Parameters 114 +#define PEM_F_PEM_read_bio_PrivateKey 115 +#define PEM_F_PEM_write 116 +#define PEM_F_PEM_write_PrivateKey 117 +#define PEM_F_PEM_write_bio 118 +#define PEM_F_d2i_PKCS8PrivateKey_bio 119 +#define PEM_F_d2i_PKCS8PrivateKey_fp 120 +#define PEM_F_do_pk8pkey 121 +#define PEM_F_do_pk8pkey_fp 122 +#define PEM_F_load_iv 123 +#define PEM_R_BAD_BASE64_DECODE 100 +#define PEM_R_BAD_DECRYPT 101 +#define PEM_R_BAD_END_LINE 102 #define PEM_R_BAD_IV_CHARS 103 -#define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 104 -#define PEM_R_BAD_END_LINE 105 -#define PEM_R_CIPHER_IS_NULL 106 -#define PEM_R_BAD_MAGIC_NUMBER 107 -#define PEM_R_BAD_DECRYPT 108 -#define PEM_R_UNSUPPORTED_ENCRYPTION 109 -#define PEM_R_PVK_DATA_TOO_SHORT 110 -#define PEM_R_PROBLEMS_GETTING_PASSWORD 111 -#define PEM_R_KEYBLOB_HEADER_PARSE_ERROR 112 -#define PEM_R_BIO_WRITE_FAILURE 113 -#define PEM_R_INCONSISTENT_HEADER 114 -#define PEM_R_PUBLIC_KEY_NO_RSA 115 -#define PEM_R_EXPECTING_PUBLIC_KEY_BLOB 116 -#define PEM_R_KEYBLOB_TOO_SHORT 117 -#define PEM_R_BAD_BASE64_DECODE 118 -#define PEM_R_READ_KEY 119 -#define PEM_R_BAD_PASSWORD_READ 120 -#define PEM_R_UNSUPPORTED_KEY_COMPONENTS 121 -#define PEM_R_UNSUPPORTED_CIPHER 122 -#define PEM_R_NOT_ENCRYPTED 123 -#define PEM_R_NOT_DEK_INFO 124 -#define PEM_R_BAD_VERSION_NUMBER 125 -#define PEM_R_EXPECTING_PRIVATE_KEY_BLOB 126 -#define PEM_R_PVK_TOO_SHORT 127 +#define PEM_R_BAD_PASSWORD_READ 104 +#define PEM_R_CIPHER_IS_NULL 105 +#define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 106 +#define PEM_R_NOT_DEK_INFO 107 +#define PEM_R_NOT_ENCRYPTED 108 +#define PEM_R_NOT_PROC_TYPE 109 +#define PEM_R_NO_START_LINE 110 +#define PEM_R_READ_KEY 111 +#define PEM_R_SHORT_HEADER 112 +#define PEM_R_UNSUPPORTED_CIPHER 113 +#define PEM_R_UNSUPPORTED_ENCRYPTION 114 #endif /* OPENSSL_HEADER_PEM_H */ diff --git a/src/include/openssl/pkcs8.h b/src/include/openssl/pkcs8.h index 826ac7f..8dc7731 100644 --- a/src/include/openssl/pkcs8.h +++ b/src/include/openssl/pkcs8.h @@ -58,11 +58,9 @@ #define OPENSSL_HEADER_PKCS8_H #include - -#include - #include + #if defined(__cplusplus) extern "C" { #endif @@ -172,52 +170,48 @@ OPENSSL_EXPORT void PKCS12_free(PKCS12 *p12); } /* extern C */ #endif -#define PKCS8_F_PKCS8_encrypt 100 +#define PKCS8_F_EVP_PKCS82PKEY 100 #define PKCS8_F_EVP_PKEY2PKCS8 101 -#define PKCS8_F_EVP_PKCS82PKEY 102 -#define PKCS8_F_PKCS5_pbe_set0_algor 103 -#define PKCS8_F_pbe_crypt 104 -#define PKCS8_F_pkcs12_item_decrypt_d2i 105 +#define PKCS8_F_PKCS12_get_key_and_certs 102 +#define PKCS8_F_PKCS12_handle_content_info 103 +#define PKCS8_F_PKCS12_handle_content_infos 104 +#define PKCS8_F_PKCS5_pbe2_set_iv 105 #define PKCS8_F_PKCS5_pbe_set 106 -#define PKCS8_F_pkcs12_key_gen_uni 107 -#define PKCS8_F_pkcs12_key_gen_asc 108 -#define PKCS8_F_pkcs12_pbe_keyivgen 109 -#define PKCS8_F_pbe_cipher_init 110 -#define PKCS8_F_pkcs12_item_i2d_encrypt 111 -#define PKCS8_F_PKCS5_pbe2_set_iv 112 -#define PKCS8_F_PKCS5_pbkdf2_set 113 -#define PKCS8_F_pkcs12_key_gen_raw 114 -#define PKCS8_F_PKCS8_decrypt 115 -#define PKCS8_F_PKCS8_encrypt_pbe 116 -#define PKCS8_F_PKCS12_parse 117 -#define PKCS8_F_PKCS12_handle_content_info 118 -#define PKCS8_F_PKCS12_handle_content_infos 119 -#define PKCS8_F_PKCS12_get_key_and_certs 120 -#define PKCS8_R_ERROR_SETTING_CIPHER_PARAMS 100 -#define PKCS8_R_PRIVATE_KEY_ENCODE_ERROR 101 -#define PKCS8_R_UNKNOWN_ALGORITHM 102 -#define PKCS8_R_UNKNOWN_CIPHER 103 -#define PKCS8_R_UNKNOWN_DIGEST 104 +#define PKCS8_F_PKCS5_pbe_set0_algor 107 +#define PKCS8_F_PKCS5_pbkdf2_set 108 +#define PKCS8_F_PKCS8_decrypt 109 +#define PKCS8_F_PKCS8_encrypt 110 +#define PKCS8_F_PKCS8_encrypt_pbe 111 +#define PKCS8_F_pbe_cipher_init 112 +#define PKCS8_F_pbe_crypt 113 +#define PKCS8_F_pkcs12_item_decrypt_d2i 114 +#define PKCS8_F_pkcs12_item_i2d_encrypt 115 +#define PKCS8_F_pkcs12_key_gen_raw 116 +#define PKCS8_F_pkcs12_pbe_keyivgen 117 +#define PKCS8_R_BAD_PKCS12_DATA 100 +#define PKCS8_R_BAD_PKCS12_VERSION 101 +#define PKCS8_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 102 +#define PKCS8_R_CRYPT_ERROR 103 +#define PKCS8_R_DECODE_ERROR 104 #define PKCS8_R_ENCODE_ERROR 105 -#define PKCS8_R_DECODE_ERROR 106 -#define PKCS8_R_ENCRYPT_ERROR 107 -#define PKCS8_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 108 -#define PKCS8_R_PRIVATE_KEY_DECODE_ERROR 109 -#define PKCS8_R_UNKNOWN_CIPHER_ALGORITHM 110 -#define PKCS8_R_KEYGEN_FAILURE 111 -#define PKCS8_R_TOO_LONG 112 -#define PKCS8_R_CRYPT_ERROR 113 -#define PKCS8_R_METHOD_NOT_SUPPORTED 114 -#define PKCS8_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 115 -#define PKCS8_R_KEY_GEN_ERROR 116 -#define PKCS8_R_BAD_PKCS12_DATA 117 -#define PKCS8_R_PKCS12_PUBLIC_KEY_INTEGRITY_NOT_SUPPORTED 118 -#define PKCS8_R_BAD_PKCS12_VERSION 119 -#define PKCS8_R_PKCS12_TOO_DEEPLY_NESTED 120 -#define PKCS8_R_MULTIPLE_PRIVATE_KEYS_IN_PKCS12 121 -#define PKCS8_R_UNKNOWN_HASH 122 -#define PKCS8_R_BAD_MAC 123 -#define PKCS8_R_MISSING_MAC 124 -#define PKCS8_R_INCORRECT_PASSWORD 125 +#define PKCS8_R_ENCRYPT_ERROR 106 +#define PKCS8_R_ERROR_SETTING_CIPHER_PARAMS 107 +#define PKCS8_R_INCORRECT_PASSWORD 108 +#define PKCS8_R_KEYGEN_FAILURE 109 +#define PKCS8_R_KEY_GEN_ERROR 110 +#define PKCS8_R_METHOD_NOT_SUPPORTED 111 +#define PKCS8_R_MISSING_MAC 112 +#define PKCS8_R_MULTIPLE_PRIVATE_KEYS_IN_PKCS12 113 +#define PKCS8_R_PKCS12_PUBLIC_KEY_INTEGRITY_NOT_SUPPORTED 114 +#define PKCS8_R_PKCS12_TOO_DEEPLY_NESTED 115 +#define PKCS8_R_PRIVATE_KEY_DECODE_ERROR 116 +#define PKCS8_R_PRIVATE_KEY_ENCODE_ERROR 117 +#define PKCS8_R_TOO_LONG 118 +#define PKCS8_R_UNKNOWN_ALGORITHM 119 +#define PKCS8_R_UNKNOWN_CIPHER 120 +#define PKCS8_R_UNKNOWN_CIPHER_ALGORITHM 121 +#define PKCS8_R_UNKNOWN_DIGEST 122 +#define PKCS8_R_UNKNOWN_HASH 123 +#define PKCS8_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 124 #endif /* OPENSSL_HEADER_PKCS8_H */ diff --git a/src/include/openssl/rand.h b/src/include/openssl/rand.h index 6186044..01ef4f8 100644 --- a/src/include/openssl/rand.h +++ b/src/include/openssl/rand.h @@ -22,8 +22,10 @@ extern "C" { #endif -/* RAND_bytes writes |len| bytes of random data to |buf|. It returns one on - * success and zero on otherwise. */ +/* Random number generation. */ + + +/* RAND_bytes writes |len| bytes of random data to |buf| and returns one. */ OPENSSL_EXPORT int RAND_bytes(uint8_t *buf, size_t len); /* RAND_cleanup frees any resources used by the RNG. This is not safe if other diff --git a/src/include/openssl/rc4.h b/src/include/openssl/rc4.h index 727b474..0619cac 100644 --- a/src/include/openssl/rc4.h +++ b/src/include/openssl/rc4.h @@ -67,13 +67,10 @@ extern "C" { /* RC4. */ -typedef struct rc4_key_st { +struct rc4_key_st { uint32_t x, y; - /* data is sometimes used as an array of 32-bit values and sometimes as 8-bit - * values, depending on the platform. */ uint32_t data[256]; -} RC4_KEY; - +} /* RC4_KEY */; /* RC4_set_key performs an RC4 key schedule and initialises |rc4key| with |len| * bytes of key material from |key|. */ diff --git a/src/include/openssl/rsa.h b/src/include/openssl/rsa.h index a4596c7..2e24231 100644 --- a/src/include/openssl/rsa.h +++ b/src/include/openssl/rsa.h @@ -61,6 +61,7 @@ #include #include +#include #if defined(__cplusplus) extern "C" { @@ -190,7 +191,7 @@ OPENSSL_EXPORT int RSA_sign(int hash_nid, const uint8_t *in, unsigned int *out_len, RSA *rsa); /* RSA_sign_raw signs |in_len| bytes from |in| with the public key from |rsa| - * and writes, at most, |max_out| bytes of encrypted data to |out|. The + * and writes, at most, |max_out| bytes of signature data to |out|. The * |max_out| argument must be, at least, |RSA_size| in order to ensure success. * * It returns 1 on success or zero on error. @@ -254,7 +255,7 @@ OPENSSL_EXPORT int RSA_public_decrypt(int flen, const uint8_t *from, /* Utility functions. */ /* RSA_size returns the number of bytes in the modulus, which is also the size - * of a signature of encrypted value using |rsa|. */ + * of a signature or encrypted value using |rsa|. */ OPENSSL_EXPORT unsigned RSA_size(const RSA *rsa); /* RSA_is_opaque returns one if |rsa| is opaque and doesn't expose its key @@ -286,11 +287,12 @@ OPENSSL_EXPORT int RSA_check_key(const RSA *rsa); OPENSSL_EXPORT int RSA_recover_crt_params(RSA *rsa); /* RSA_verify_PKCS1_PSS_mgf1 verifies that |EM| is a correct PSS padding of - * |mHash|, where |mHash| is a digest produced by |Hash|. The |mgf1Hash| - * argument specifies the hash function for generating the mask. If NULL, - * |Hash| is used. The |sLen| argument specifies the expected salt length in - * bytes. If |sLen| is -1 then the salt length is the same as the hash length. - * If -2, then the salt length is maximal and is taken from the size of |EM|. + * |mHash|, where |mHash| is a digest produced by |Hash|. |EM| must point to + * exactly |RSA_size(rsa)| bytes of data. The |mgf1Hash| argument specifies the + * hash function for generating the mask. If NULL, |Hash| is used. The |sLen| + * argument specifies the expected salt length in bytes. If |sLen| is -1 then + * the salt length is the same as the hash length. If -2, then the salt length + * is maximal and is taken from the size of |EM|. * * It returns one on success or zero on error. */ OPENSSL_EXPORT int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const uint8_t *mHash, @@ -299,12 +301,12 @@ OPENSSL_EXPORT int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const uint8_t *mHash, const uint8_t *EM, int sLen); /* RSA_padding_add_PKCS1_PSS_mgf1 writes a PSS padding of |mHash| to |EM|, - * where |mHash| is a digest produced by |Hash|. There must be at least - * |RSA_size(rsa)| bytes of space in |EM|. The |mgf1Hash| argument specifies - * the hash function for generating the mask. If NULL, |Hash| is used. The - * |sLen| argument specifies the expected salt length in bytes. If |sLen| is -1 - * then the salt length is the same as the hash length. If -2, then the salt - * length is maximal given the space in |EM|. + * where |mHash| is a digest produced by |Hash|. |RSA_size(rsa)| bytes of + * output will be written to |EM|. The |mgf1Hash| argument specifies the hash + * function for generating the mask. If NULL, |Hash| is used. The |sLen| + * argument specifies the expected salt length in bytes. If |sLen| is -1 then + * the salt length is the same as the hash length. If -2, then the salt length + * is maximal given the space in |EM|. * * It returns one on success or zero on error. */ OPENSSL_EXPORT int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, uint8_t *EM, @@ -314,7 +316,6 @@ OPENSSL_EXPORT int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, uint8_t *EM, int sLen); - /* ASN.1 functions. */ /* d2i_RSAPublicKey parses an ASN.1, DER-encoded, RSA public key from |len| @@ -348,7 +349,7 @@ OPENSSL_EXPORT int i2d_RSAPrivateKey(const RSA *in, uint8_t **outp); /* ex_data functions. * - * These functions are wrappers. See |ex_data.h| for details. */ + * See |ex_data.h| for details. */ OPENSSL_EXPORT int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, @@ -477,18 +478,21 @@ struct rsa_st { int references; int flags; - /* Used to cache montgomery values */ + CRYPTO_MUTEX lock; + + /* Used to cache montgomery values. The creation of these values is protected + * by |lock|. */ BN_MONT_CTX *_method_mod_n; BN_MONT_CTX *_method_mod_p; BN_MONT_CTX *_method_mod_q; /* num_blindings contains the size of the |blindings| and |blindings_inuse| * arrays. This member and the |blindings_inuse| array are protected by - * CRYPTO_LOCK_RSA_BLINDING. */ + * |lock|. */ unsigned num_blindings; /* blindings is an array of BN_BLINDING structures that can be reserved by a - * thread by locking CRYPTO_LOCK_RSA_BLINDING and changing the corresponding - * element in |blindings_inuse| from 0 to 1. */ + * thread by locking |lock| and changing the corresponding element in + * |blindings_inuse| from 0 to 1. */ BN_BLINDING **blindings; unsigned char *blindings_inuse; }; @@ -498,79 +502,74 @@ struct rsa_st { } /* extern C */ #endif -#define RSA_F_RSA_padding_check_none 100 -#define RSA_F_RSA_padding_add_none 101 -#define RSA_F_RSA_padding_check_PKCS1_OAEP_mgf1 102 -#define RSA_F_RSA_verify_PKCS1_PSS_mgf1 103 -#define RSA_F_RSA_padding_add_PKCS1_PSS_mgf1 104 -#define RSA_F_RSA_verify 105 -#define RSA_F_rsa_setup_blinding 106 -#define RSA_F_verify_raw 107 -#define RSA_F_RSA_padding_add_PKCS1_type_1 108 -#define RSA_F_keygen 109 -#define RSA_F_RSA_padding_add_PKCS1_OAEP_mgf1 110 -#define RSA_F_pkcs1_prefixed_msg 111 -#define RSA_F_BN_BLINDING_update 112 -#define RSA_F_RSA_padding_check_SSLv23 113 -#define RSA_F_RSA_padding_add_SSLv23 114 -#define RSA_F_BN_BLINDING_new 115 -#define RSA_F_RSA_padding_add_PKCS1_type_2 116 -#define RSA_F_BN_BLINDING_convert_ex 117 -#define RSA_F_BN_BLINDING_invert_ex 118 -#define RSA_F_encrypt 119 -#define RSA_F_sign_raw 120 -#define RSA_F_RSA_new_method 121 -#define RSA_F_RSA_padding_check_PKCS1_type_1 122 -#define RSA_F_RSA_sign 123 -#define RSA_F_BN_BLINDING_create_param 124 -#define RSA_F_decrypt 125 -#define RSA_F_RSA_padding_check_PKCS1_type_2 126 -#define RSA_F_RSA_recover_crt_params 127 -#define RSA_F_RSA_check_key 128 -#define RSA_F_private_transform 129 -#define RSA_R_INVALID_MESSAGE_LENGTH 100 -#define RSA_R_NO_PUBLIC_EXPONENT 102 -#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 103 -#define RSA_R_BLOCK_TYPE_IS_NOT_01 104 -#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 105 -#define RSA_R_UNKNOWN_PADDING_TYPE 106 -#define RSA_R_TOO_MANY_ITERATIONS 107 -#define RSA_R_SLEN_RECOVERY_FAILED 108 -#define RSA_R_WRONG_SIGNATURE_LENGTH 109 -#define RSA_R_MODULUS_TOO_LARGE 110 -#define RSA_R_NULL_BEFORE_BLOCK_MISSING 111 -#define RSA_R_DATA_TOO_LARGE 112 -#define RSA_R_OUTPUT_BUFFER_TOO_SMALL 113 -#define RSA_R_SLEN_CHECK_FAILED 114 -#define RSA_R_FIRST_OCTET_INVALID 115 -#define RSA_R_BAD_E_VALUE 116 -#define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 117 -#define RSA_R_EMPTY_PUBLIC_KEY 118 -#define RSA_R_BAD_PAD_BYTE_COUNT 119 -#define RSA_R_OAEP_DECODING_ERROR 120 -#define RSA_R_TOO_LONG 121 -#define RSA_R_BAD_FIXED_HEADER_DECRYPT 122 -#define RSA_R_DATA_TOO_SMALL 123 -#define RSA_R_UNKNOWN_ALGORITHM_TYPE 124 -#define RSA_R_PADDING_CHECK_FAILED 125 -#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 126 -#define RSA_R_BLOCK_TYPE_IS_NOT_02 127 -#define RSA_R_LAST_OCTET_INVALID 128 -#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 129 -#define RSA_R_SSLV3_ROLLBACK_ATTACK 130 -#define RSA_R_KEY_SIZE_TOO_SMALL 131 -#define RSA_R_BAD_SIGNATURE 132 -#define RSA_R_BN_NOT_INITIALIZED 133 -#define RSA_R_PKCS_DECODING_ERROR 134 -#define RSA_R_BAD_RSA_PARAMETERS 135 -#define RSA_R_INTERNAL_ERROR 136 -#define RSA_R_CRT_PARAMS_ALREADY_GIVEN 137 -#define RSA_R_D_E_NOT_CONGRUENT_TO_1 138 +#define RSA_F_BN_BLINDING_convert_ex 100 +#define RSA_F_BN_BLINDING_create_param 101 +#define RSA_F_BN_BLINDING_invert_ex 102 +#define RSA_F_BN_BLINDING_new 103 +#define RSA_F_BN_BLINDING_update 104 +#define RSA_F_RSA_check_key 105 +#define RSA_F_RSA_new_method 106 +#define RSA_F_RSA_padding_add_PKCS1_OAEP_mgf1 107 +#define RSA_F_RSA_padding_add_PKCS1_PSS_mgf1 108 +#define RSA_F_RSA_padding_add_PKCS1_type_1 109 +#define RSA_F_RSA_padding_add_PKCS1_type_2 110 +#define RSA_F_RSA_padding_add_none 111 +#define RSA_F_RSA_padding_check_PKCS1_OAEP_mgf1 112 +#define RSA_F_RSA_padding_check_PKCS1_type_1 113 +#define RSA_F_RSA_padding_check_PKCS1_type_2 114 +#define RSA_F_RSA_padding_check_none 115 +#define RSA_F_RSA_recover_crt_params 116 +#define RSA_F_RSA_sign 117 +#define RSA_F_RSA_verify 118 +#define RSA_F_RSA_verify_PKCS1_PSS_mgf1 119 +#define RSA_F_decrypt 120 +#define RSA_F_encrypt 121 +#define RSA_F_keygen 122 +#define RSA_F_pkcs1_prefixed_msg 123 +#define RSA_F_private_transform 124 +#define RSA_F_rsa_setup_blinding 125 +#define RSA_F_sign_raw 126 +#define RSA_F_verify_raw 127 +#define RSA_R_BAD_E_VALUE 100 +#define RSA_R_BAD_FIXED_HEADER_DECRYPT 101 +#define RSA_R_BAD_PAD_BYTE_COUNT 102 +#define RSA_R_BAD_RSA_PARAMETERS 103 +#define RSA_R_BAD_SIGNATURE 104 +#define RSA_R_BLOCK_TYPE_IS_NOT_01 105 +#define RSA_R_BN_NOT_INITIALIZED 106 +#define RSA_R_CRT_PARAMS_ALREADY_GIVEN 107 +#define RSA_R_CRT_VALUES_INCORRECT 108 +#define RSA_R_DATA_LEN_NOT_EQUAL_TO_MOD_LEN 109 +#define RSA_R_DATA_TOO_LARGE 110 +#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 111 +#define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 112 +#define RSA_R_DATA_TOO_SMALL 113 +#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 114 +#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 115 +#define RSA_R_D_E_NOT_CONGRUENT_TO_1 116 +#define RSA_R_EMPTY_PUBLIC_KEY 117 +#define RSA_R_FIRST_OCTET_INVALID 118 +#define RSA_R_INCONSISTENT_SET_OF_CRT_VALUES 119 +#define RSA_R_INTERNAL_ERROR 120 +#define RSA_R_INVALID_MESSAGE_LENGTH 121 +#define RSA_R_KEY_SIZE_TOO_SMALL 122 +#define RSA_R_LAST_OCTET_INVALID 123 +#define RSA_R_MODULUS_TOO_LARGE 124 +#define RSA_R_NO_PUBLIC_EXPONENT 125 +#define RSA_R_NULL_BEFORE_BLOCK_MISSING 126 +#define RSA_R_N_NOT_EQUAL_P_Q 127 +#define RSA_R_OAEP_DECODING_ERROR 128 +#define RSA_R_ONLY_ONE_OF_P_Q_GIVEN 129 +#define RSA_R_OUTPUT_BUFFER_TOO_SMALL 130 +#define RSA_R_PADDING_CHECK_FAILED 131 +#define RSA_R_PKCS_DECODING_ERROR 132 +#define RSA_R_SLEN_CHECK_FAILED 133 +#define RSA_R_SLEN_RECOVERY_FAILED 134 +#define RSA_R_TOO_LONG 135 +#define RSA_R_TOO_MANY_ITERATIONS 136 +#define RSA_R_UNKNOWN_ALGORITHM_TYPE 137 +#define RSA_R_UNKNOWN_PADDING_TYPE 138 #define RSA_R_VALUE_MISSING 139 -#define RSA_R_N_NOT_EQUAL_P_Q 140 -#define RSA_R_CRT_VALUES_INCORRECT 141 -#define RSA_R_INCONSISTENT_SET_OF_CRT_VALUES 142 -#define RSA_R_ONLY_ONE_OF_P_Q_GIVEN 143 -#define RSA_R_DATA_LEN_NOT_EQUAL_TO_MOD_LEN 144 +#define RSA_R_WRONG_SIGNATURE_LENGTH 140 #endif /* OPENSSL_HEADER_RSA_H */ diff --git a/src/include/openssl/safe_stack.h b/src/include/openssl/safe_stack.h deleted file mode 100644 index 6e5e433..0000000 --- a/src/include/openssl/safe_stack.h +++ /dev/null @@ -1,16 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -/* This header is provided in order to make compiling against code that expects - OpenSSL easier. */ diff --git a/src/include/openssl/safestack.h b/src/include/openssl/safestack.h new file mode 100644 index 0000000..6e5e433 --- /dev/null +++ b/src/include/openssl/safestack.h @@ -0,0 +1,16 @@ +/* Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +/* This header is provided in order to make compiling against code that expects + OpenSSL easier. */ diff --git a/src/include/openssl/ssl.h b/src/include/openssl/ssl.h index ef73c8d..b746007 100644 --- a/src/include/openssl/ssl.h +++ b/src/include/openssl/ssl.h @@ -140,8 +140,8 @@ * OTHERWISE. */ -#ifndef HEADER_SSL_H -#define HEADER_SSL_H +#ifndef OPENSSL_HEADER_SSL_H +#define OPENSSL_HEADER_SSL_H #include @@ -152,17 +152,132 @@ #include #include +#if !defined(OPENSSL_WINDOWS) +#include +#endif + /* Some code expected to get the threading functions by including ssl.h. */ #include /* wpa_supplicant expects to get the version functions from ssl.h */ #include -#ifdef __cplusplus +/* Forward-declare struct timeval. On Windows, it is defined in winsock2.h and + * Windows headers define too many macros to be included in public headers. + * However, only a forward declaration is needed. */ +struct timeval; + +#if defined(__cplusplus) extern "C" { #endif +/* SSL implementation. */ + + +/* Initialization. */ + +/* SSL_library_init initializes the crypto and SSL libraries and returns one. */ +OPENSSL_EXPORT int SSL_library_init(void); + + +/* Protocol version constants */ + +#define SSL3_VERSION 0x0300 +#define SSL3_VERSION_MAJOR 0x03 +#define SSL3_VERSION_MINOR 0x00 + +#define TLS1_2_VERSION 0x0303 +#define TLS1_2_VERSION_MAJOR 0x03 +#define TLS1_2_VERSION_MINOR 0x03 + +#define TLS1_1_VERSION 0x0302 +#define TLS1_1_VERSION_MAJOR 0x03 +#define TLS1_1_VERSION_MINOR 0x02 + +#define TLS1_VERSION 0x0301 +#define TLS1_VERSION_MAJOR 0x03 +#define TLS1_VERSION_MINOR 0x01 + +#define DTLS1_VERSION 0xFEFF +#define DTLS1_2_VERSION 0xFEFD + + +/* Cipher suites. */ + +/* An SSL_CIPHER represents a cipher suite. */ +typedef struct ssl_cipher_st { + /* name is the OpenSSL name for the cipher. */ + const char *name; + /* id is the cipher suite value bitwise OR-d with 0x03000000. */ + uint32_t id; + + /* The following are internal fields. See ssl/internal.h for their values. */ + + uint32_t algorithm_mkey; + uint32_t algorithm_auth; + uint32_t algorithm_enc; + uint32_t algorithm_mac; + uint32_t algorithm_ssl; + uint32_t algo_strength; + + /* algorithm2 contains extra flags. See ssl/internal.h. */ + uint32_t algorithm2; + + /* strength_bits is the strength of the cipher in bits. */ + int strength_bits; + /* alg_bits is the number of bits of key material used by the algorithm. */ + int alg_bits; +} SSL_CIPHER; + +DECLARE_STACK_OF(SSL_CIPHER) + +/* SSL_get_cipher_by_value returns the structure representing a TLS cipher + * suite based on its assigned number, or NULL if unknown. See + * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4. */ +OPENSSL_EXPORT const SSL_CIPHER *SSL_get_cipher_by_value(uint16_t value); + +/* SSL_CIPHER_get_id returns |cipher|'s id. It may be cast to a |uint16_t| to + * get the cipher suite value. */ +OPENSSL_EXPORT uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *cipher); + +/* SSL_CIPHER_is_AES returns one if |cipher| uses AES (either GCM or CBC + * mode). */ +OPENSSL_EXPORT int SSL_CIPHER_is_AES(const SSL_CIPHER *cipher); + +/* SSL_CIPHER_has_MD5_HMAC returns one if |cipher| uses HMAC-MD5. */ +OPENSSL_EXPORT int SSL_CIPHER_has_MD5_HMAC(const SSL_CIPHER *cipher); + +/* SSL_CIPHER_is_AESGCM returns one if |cipher| uses AES-GCM. */ +OPENSSL_EXPORT int SSL_CIPHER_is_AESGCM(const SSL_CIPHER *cipher); + +/* SSL_CIPHER_is_CHACHA20POLY1305 returns one if |cipher| uses + * CHACHA20_POLY1305. */ +OPENSSL_EXPORT int SSL_CIPHER_is_CHACHA20POLY1305(const SSL_CIPHER *cipher); + +/* SSL_CIPHER_get_name returns the OpenSSL name of |cipher|. */ +OPENSSL_EXPORT const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher); + +/* SSL_CIPHER_get_kx_name returns a string that describes the key-exchange + * method used by |cipher|. For example, "ECDHE_ECDSA". */ +OPENSSL_EXPORT const char *SSL_CIPHER_get_kx_name(const SSL_CIPHER *cipher); + +/* SSL_CIPHER_get_rfc_name returns a newly-allocated string with the standard + * name for |cipher|. For example, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256". The + * caller is responsible for calling |OPENSSL_free| on the result. */ +OPENSSL_EXPORT char *SSL_CIPHER_get_rfc_name(const SSL_CIPHER *cipher); + +/* SSL_CIPHER_get_bits returns the strength, in bits, of |cipher|. If + * |out_alg_bits| is not NULL, it writes the number of bits consumed by the + * symmetric algorithm to |*out_alg_bits|. */ +OPENSSL_EXPORT int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, + int *out_alg_bits); + + +/* Underdocumented functions. + * + * Functions below here haven't been touched up and may be underdocumented. */ + /* SSLeay version number for ASN.1 encoding of the session information */ /* Version 0 - initial version * Version 1 - added the optional peer certificate. */ @@ -178,11 +293,11 @@ extern "C" { #define SSL_TXT_HIGH "HIGH" #define SSL_TXT_FIPS "FIPS" -#define SSL_TXT_aNULL "aNULL" - #define SSL_TXT_kRSA "kRSA" -#define SSL_TXT_kEDH "kEDH" -#define SSL_TXT_kEECDH "kEECDH" +#define SSL_TXT_kDHE "kDHE" +#define SSL_TXT_kEDH "kEDH" /* same as "kDHE" */ +#define SSL_TXT_kECDHE "kECDHE" +#define SSL_TXT_kEECDH "kEECDH" /* same as "kECDHE" */ #define SSL_TXT_kPSK "kPSK" #define SSL_TXT_aRSA "aRSA" @@ -190,12 +305,12 @@ extern "C" { #define SSL_TXT_aPSK "aPSK" #define SSL_TXT_DH "DH" -#define SSL_TXT_EDH "EDH" /* same as "kEDH:-ADH" */ -#define SSL_TXT_ADH "ADH" +#define SSL_TXT_DHE "DHE" /* same as "kDHE" */ +#define SSL_TXT_EDH "EDH" /* same as "DHE" */ #define SSL_TXT_RSA "RSA" #define SSL_TXT_ECDH "ECDH" -#define SSL_TXT_EECDH "EECDH" /* same as "kEECDH:-AECDH" */ -#define SSL_TXT_AECDH "AECDH" +#define SSL_TXT_ECDHE "ECDHE" /* same as "kECDHE" */ +#define SSL_TXT_EECDH "EECDH" /* same as "ECDHE" */ #define SSL_TXT_ECDSA "ECDSA" #define SSL_TXT_PSK "PSK" @@ -237,7 +352,7 @@ extern "C" { /* The following cipher list is used by default. It also is substituted when an * application-defined cipher list string starts with 'DEFAULT'. */ -#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2" +#define SSL_DEFAULT_CIPHER_LIST "ALL" /* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always * starts with a reasonable order, and all we have to do for DEFAULT is @@ -253,14 +368,11 @@ extern "C" { typedef struct ssl_method_st SSL_METHOD; typedef struct ssl_protocol_method_st SSL_PROTOCOL_METHOD; -typedef struct ssl_cipher_st SSL_CIPHER; typedef struct ssl_session_st SSL_SESSION; typedef struct tls_sigalgs_st TLS_SIGALGS; typedef struct ssl_conf_ctx_st SSL_CONF_CTX; typedef struct ssl3_enc_method SSL3_ENC_METHOD; -DECLARE_STACK_OF(SSL_CIPHER) - /* SRTP protection profiles for use with the use_srtp extension (RFC 5764). */ typedef struct srtp_protection_profile_st { const char *name; @@ -269,28 +381,6 @@ typedef struct srtp_protection_profile_st { DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE) -/* used to hold info on the particular ciphers used */ -struct ssl_cipher_st { - int valid; - const char *name; /* text name */ - unsigned long id; /* id, 4 bytes, first is version */ - - /* changed in 0.9.9: these four used to be portions of a single value - * 'algorithms' */ - unsigned long algorithm_mkey; /* key exchange algorithm */ - unsigned long algorithm_auth; /* server authentication */ - unsigned long algorithm_enc; /* symmetric encryption */ - unsigned long algorithm_mac; /* symmetric authentication */ - unsigned long algorithm_ssl; /* (major) protocol version */ - - unsigned long algo_strength; /* strength and export flags */ - unsigned long algorithm2; /* Extra flags. See SSL2_CF_* in ssl2.h - and algorithm2 section in - ssl_locl.h */ - int strength_bits; /* Number of bits really used */ - int alg_bits; /* Number of bits for algorithm */ -}; - /* An SSL_SESSION represents an SSL session that may be resumed in an * abbreviated handshake. */ struct ssl_session_st { @@ -382,8 +472,6 @@ struct ssl_session_st { /* DTLS options */ #define SSL_OP_NO_QUERY_MTU 0x00001000L -/* Turn on Cookie Exchange (on relevant for servers) */ -#define SSL_OP_COOKIE_EXCHANGE 0x00002000L /* Don't use RFC4507 ticket extension */ #define SSL_OP_NO_TICKET 0x00004000L @@ -393,9 +481,9 @@ struct ssl_session_st { #define SSL_OP_NO_COMPRESSION 0x00020000L /* Permit unsafe legacy renegotiation */ #define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L -/* If set, always create a new key when using tmp_ecdh parameters */ +/* SSL_OP_SINGLE_ECDH_USE does nothing. */ #define SSL_OP_SINGLE_ECDH_USE 0x00080000L -/* If set, always create a new key when using tmp_dh parameters */ +/* SSL_OP_SINGLE_DH_USE does nothing. */ #define SSL_OP_SINGLE_DH_USE 0x00100000L /* Set on servers to choose the cipher according to the server's preferences */ #define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L @@ -435,14 +523,11 @@ struct ssl_session_st { #define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L /* Don't attempt to automatically build certificate chain */ #define SSL_MODE_NO_AUTO_CHAIN 0x00000008L -/* Save RAM by releasing read and write buffers when they're empty. (SSL3 and - * TLS only.) "Released" buffers are put onto a free-list in the context or - * just freed (depending on the context's setting for freelist_max_len). */ -#define SSL_MODE_RELEASE_BUFFERS 0x00000010L /* The following flags do nothing and are included only to make it easier to * compile code with BoringSSL. */ #define SSL_MODE_AUTO_RETRY 0 +#define SSL_MODE_RELEASE_BUFFERS 0 /* Send the current time in the Random fields of the ClientHello and * ServerHello records for compatibility with hypothetical implementations that @@ -467,9 +552,14 @@ struct ssl_session_st { /* Clear verification errors from queue */ #define SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR 0x10 -/* When set, clients may send application data before receipt of CCS and - * Finished. This mode enables full-handshakes to 'complete' in one RTT. */ -#define SSL_MODE_HANDSHAKE_CUTTHROUGH 0x00000080L +/* SSL_MODE_ENABLE_FALSE_START allows clients to send application data before + * receipt of CCS and Finished. This mode enables full-handshakes to 'complete' + * in one RTT. See draft-bmoeller-tls-falsestart-01. */ +#define SSL_MODE_ENABLE_FALSE_START 0x00000080L + +/* Deprecated: SSL_MODE_HANDSHAKE_CUTTHROUGH is the same as + * SSL_MODE_ENABLE_FALSE_START. */ +#define SSL_MODE_HANDSHAKE_CUTTHROUGH SSL_MODE_ENABLE_FALSE_START /* When set, TLS 1.0 and SSLv3, multi-byte, CBC records will be split in two: * the first record will contain a single byte and the second will contain the @@ -482,7 +572,7 @@ struct ssl_session_st { * session resumption is used for a given SSL*. */ #define SSL_MODE_NO_SESSION_CREATION 0x00000200L -/* SSL_MODE_SEND_SERVERHELLO_TIME sends TLS_FALLBACK_SCSV in the ClientHello. +/* SSL_MODE_SEND_FALLBACK_SCSV sends TLS_FALLBACK_SCSV in the ClientHello. * To be set only by applications that reconnect with a downgraded protocol * version; see https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-05 * for details. @@ -492,38 +582,69 @@ struct ssl_session_st { * draft-ietf-tls-downgrade-scsv-05. */ #define SSL_MODE_SEND_FALLBACK_SCSV 0x00000400L -/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they - * cannot be used to clear bits. */ - -#define SSL_CTX_set_options(ctx, op) \ - SSL_CTX_ctrl((ctx), SSL_CTRL_OPTIONS, (op), NULL) -#define SSL_CTX_clear_options(ctx, op) \ - SSL_CTX_ctrl((ctx), SSL_CTRL_CLEAR_OPTIONS, (op), NULL) -#define SSL_CTX_get_options(ctx) SSL_CTX_ctrl((ctx), SSL_CTRL_OPTIONS, 0, NULL) -#define SSL_set_options(ssl, op) SSL_ctrl((ssl), SSL_CTRL_OPTIONS, (op), NULL) -#define SSL_clear_options(ssl, op) \ - SSL_ctrl((ssl), SSL_CTRL_CLEAR_OPTIONS, (op), NULL) -#define SSL_get_options(ssl) SSL_ctrl((ssl), SSL_CTRL_OPTIONS, 0, NULL) - -#define SSL_CTX_set_mode(ctx, op) SSL_CTX_ctrl((ctx), SSL_CTRL_MODE, (op), NULL) -#define SSL_CTX_clear_mode(ctx, op) \ - SSL_CTX_ctrl((ctx), SSL_CTRL_CLEAR_MODE, (op), NULL) -#define SSL_CTX_get_mode(ctx) SSL_CTX_ctrl((ctx), SSL_CTRL_MODE, 0, NULL) -#define SSL_clear_mode(ssl, op) SSL_ctrl((ssl), SSL_CTRL_CLEAR_MODE, (op), NULL) -#define SSL_set_mode(ssl, op) SSL_ctrl((ssl), SSL_CTRL_MODE, (op), NULL) -#define SSL_get_mode(ssl) SSL_ctrl((ssl), SSL_CTRL_MODE, 0, NULL) -#define SSL_set_mtu(ssl, mtu) SSL_ctrl((ssl), SSL_CTRL_SET_MTU, (mtu), NULL) - -#define SSL_get_secure_renegotiation_support(ssl) \ - SSL_ctrl((SSL *)(ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) - -#define SSL_CTX_set_cert_flags(ctx, op) \ - SSL_CTX_ctrl((ctx), SSL_CTRL_CERT_FLAGS, (op), NULL) -#define SSL_set_cert_flags(s, op) SSL_ctrl((s), SSL_CTRL_CERT_FLAGS, (op), NULL) -#define SSL_CTX_clear_cert_flags(ctx, op) \ - SSL_CTX_ctrl((ctx), SSL_CTRL_CLEAR_CERT_FLAGS, (op), NULL) -#define SSL_clear_cert_flags(s, op) \ - SSL_ctrl((s), SSL_CTRL_CLEAR_CERT_FLAGS, (op), NULL) +/* SSL_CTX_set_options enables all options set in |options| (which should be one + * or more of the |SSL_OP_*| values, ORed together) in |ctx|. It returns a + * bitmask representing the resulting enabled options. */ +OPENSSL_EXPORT uint32_t SSL_CTX_set_options(SSL_CTX *ctx, uint32_t options); + +/* SSL_CTX_clear_options disables all options set in |options| (which should be + * one or more of the |SSL_OP_*| values, ORed together) in |ctx|. It returns a + * bitmask representing the resulting enabled options. */ +OPENSSL_EXPORT uint32_t SSL_CTX_clear_options(SSL_CTX *ctx, uint32_t options); + +/* SSL_CTX_get_options returns a bitmask of |SSL_OP_*| values that represent all + * the options enabled for |ctx|. */ +OPENSSL_EXPORT uint32_t SSL_CTX_get_options(const SSL_CTX *ctx); + +/* SSL_set_options enables all options set in |options| (which should be one or + * more of the |SSL_OP_*| values, ORed together) in |ssl|. It returns a bitmask + * representing the resulting enabled options. */ +OPENSSL_EXPORT uint32_t SSL_set_options(SSL *ssl, uint32_t options); + +/* SSL_clear_options disables all options set in |options| (which should be one + * or more of the |SSL_OP_*| values, ORed together) in |ssl|. It returns a + * bitmask representing the resulting enabled options. */ +OPENSSL_EXPORT uint32_t SSL_clear_options(SSL *ssl, uint32_t options); + +/* SSL_get_options returns a bitmask of |SSL_OP_*| values that represent all the + * options enabled for |ssl|. */ +OPENSSL_EXPORT uint32_t SSL_get_options(const SSL *ssl); + +/* SSL_CTX_set_mode enables all modes set in |mode| (which should be one or more + * of the |SSL_MODE_*| values, ORed together) in |ctx|. It returns a bitmask + * representing the resulting enabled modes. */ +OPENSSL_EXPORT uint32_t SSL_CTX_set_mode(SSL_CTX *ctx, uint32_t mode); + +/* SSL_CTX_clear_mode disables all modes set in |mode| (which should be one or + * more of the |SSL_MODE_*| values, ORed together) in |ctx|. It returns a + * bitmask representing the resulting enabled modes. */ +OPENSSL_EXPORT uint32_t SSL_CTX_clear_mode(SSL_CTX *ctx, uint32_t mode); + +/* SSL_CTX_get_mode returns a bitmask of |SSL_MODE_*| values that represent all + * the modes enabled for |ssl|. */ +OPENSSL_EXPORT uint32_t SSL_CTX_get_mode(const SSL_CTX *ctx); + +/* SSL_set_mode enables all modes set in |mode| (which should be one or more of + * the |SSL_MODE_*| values, ORed together) in |ssl|. It returns a bitmask + * representing the resulting enabled modes. */ +OPENSSL_EXPORT uint32_t SSL_set_mode(SSL *ssl, uint32_t mode); + +/* SSL_clear_mode disables all modes set in |mode| (which should be one or more + * of the |SSL_MODE_*| values, ORed together) in |ssl|. It returns a bitmask + * representing the resulting enabled modes. */ +OPENSSL_EXPORT uint32_t SSL_clear_mode(SSL *ssl, uint32_t mode); + +/* SSL_get_mode returns a bitmask of |SSL_MODE_*| values that represent all the + * modes enabled for |ssl|. */ +OPENSSL_EXPORT uint32_t SSL_get_mode(const SSL *ssl); + +/* SSL_set_mtu sets the |ssl|'s MTU in DTLS to |mtu|. It returns one on success + * and zero on failure. */ +OPENSSL_EXPORT int SSL_set_mtu(SSL *ssl, unsigned mtu); + +/* SSL_get_secure_renegotiation_support returns one if the peer supports secure + * renegotiation (RFC 5746) and zero otherwise. */ +OPENSSL_EXPORT int SSL_get_secure_renegotiation_support(const SSL *ssl); /* SSL_CTX_set_min_version sets the minimum protocol version for |ctx| to * |version|. */ @@ -541,16 +662,36 @@ OPENSSL_EXPORT void SSL_set_min_version(SSL *ssl, uint16_t version); * |version|. */ OPENSSL_EXPORT void SSL_set_max_version(SSL *ssl, uint16_t version); +/* SSL_CTX_set_msg_callback installs |cb| as the message callback for |ctx|. + * This callback will be called when sending or receiving low-level record + * headers, complete handshake messages, ChangeCipherSpec, and alerts. + * |write_p| is one for outgoing messages and zero for incoming messages. + * + * For each record header, |cb| is called with |version| = 0 and |content_type| + * = |SSL3_RT_HEADER|. The |len| bytes from |buf| contain the header. Note that + * this does not include the record body. If the record is sealed, the length + * in the header is the length of the ciphertext. + * + * For each handshake message, ChangeCipherSpec, and alert, |version| is the + * protocol version and |content_type| is the corresponding record type. The + * |len| bytes from |buf| contain the handshake message, one-byte + * ChangeCipherSpec body, and two-byte alert, respectively. */ OPENSSL_EXPORT void SSL_CTX_set_msg_callback( SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); + +/* SSL_CTX_set_msg_callback_arg sets the |arg| parameter of the message + * callback. */ +OPENSSL_EXPORT void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg); + +/* SSL_set_msg_callback installs |cb| as the message callback of |ssl|. See + * |SSL_CTX_set_msg_callback| for when this callback is called. */ OPENSSL_EXPORT void SSL_set_msg_callback( SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); -#define SSL_CTX_set_msg_callback_arg(ctx, arg) \ - SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) -#define SSL_set_msg_callback_arg(ssl, arg) \ - SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) + +/* set_msg_callback_arg sets the |arg| parameter of the message callback. */ +OPENSSL_EXPORT void SSL_set_msg_callback_arg(SSL *ssl, void *arg); /* SSL_CTX_set_keylog_bio sets configures all SSL objects attached to |ctx| to * log session material to |keylog_bio|. This is intended for debugging use @@ -686,6 +827,10 @@ struct ssl_ctx_st { struct ssl_session_st *session_cache_head; struct ssl_session_st *session_cache_tail; + /* handshakes_since_cache_flush is the number of successful handshakes since + * the last cache flush. */ + int handshakes_since_cache_flush; + /* This can have one of 2 values, ored together, * SSL_SESS_CACHE_CLIENT, * SSL_SESS_CACHE_SERVER, @@ -709,26 +854,6 @@ struct ssl_ctx_st { SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, uint8_t *data, int len, int *copy); - /* TODO(agl): remove the stats stuff. */ - struct { - int sess_connect; /* SSL new conn - started */ - int sess_connect_renegotiate; /* SSL reneg - requested */ - int sess_connect_good; /* SSL new conne/reneg - finished */ - int sess_accept; /* SSL new accept - started */ - int sess_accept_renegotiate; /* SSL reneg - requested */ - int sess_accept_good; /* SSL accept/reneg - finished */ - int sess_miss; /* session lookup misses */ - int sess_timeout; /* reuse attempt on timeouted session */ - int sess_cache_full; /* session removed due to full cache */ - int sess_hit; /* session reuse actually done */ - int sess_cb_hit; /* session-id that was not - * in the cache was - * passed back via the callback. This - * indicates that the application is - * supplying session-id's from other - * processes - spooky :-) */ - } stats; - int references; /* if defined, these override the X509_verify_cert() calls */ @@ -749,13 +874,6 @@ struct ssl_ctx_st { /* get channel id callback */ void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey); - /* cookie generate callback */ - int (*app_gen_cookie_cb)(SSL *ssl, uint8_t *cookie, size_t *cookie_len); - - /* verify cookie callback */ - int (*app_verify_cookie_cb)(SSL *ssl, const uint8_t *cookie, - size_t cookie_len); - CRYPTO_EX_DATA ex_data; STACK_OF(X509) *extra_certs; @@ -773,9 +891,9 @@ struct ssl_ctx_st { /* Default values to use in SSL structures follow (these are copied by * SSL_new) */ - unsigned long options; - unsigned long mode; - long max_cert_list; + uint32_t options; + uint32_t mode; + uint32_t max_cert_list; struct cert_st /* CERT */ *cert; int read_ahead; @@ -800,16 +918,22 @@ struct ssl_ctx_st { * before the decision whether to resume a session is made. It may return one * to continue the handshake or zero to cause the handshake loop to return * with an error and cause SSL_get_error to return - * SSL_ERROR_PENDING_CERTIFICATE. */ + * SSL_ERROR_PENDING_CERTIFICATE. Note: when the handshake loop is resumed, it + * will not call the callback a second time. */ int (*select_certificate_cb)(const struct ssl_early_callback_ctx *); + /* dos_protection_cb is called once the resumption decision for a ClientHello + * has been made. It returns one to continue the handshake or zero to + * abort. */ + int (*dos_protection_cb) (const struct ssl_early_callback_ctx *); + /* quiet_shutdown is true if the connection should not send a close_notify on * shutdown. */ int quiet_shutdown; /* Maximum amount of data to send in one fragment. actual record size can be * more than this due to padding and MAC overheads. */ - unsigned int max_send_fragment; + uint16_t max_send_fragment; /* TLS extensions servername callback */ int (*tlsext_servername_callback)(SSL *, int *, void *); @@ -822,11 +946,6 @@ struct ssl_ctx_st { int (*tlsext_ticket_key_cb)(SSL *ssl, uint8_t *name, uint8_t *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc); - /* certificate status request info */ - /* Callback for status request */ - int (*tlsext_status_cb)(SSL *ssl, void *arg); - void *tlsext_status_arg; - /* Server-only: psk_identity_hint is the default identity hint to send in * PSK-based key exchanges. */ char *psk_identity_hint; @@ -906,47 +1025,17 @@ struct ssl_ctx_st { /* If not NULL, session key material will be logged to this BIO for debugging * purposes. The format matches NSS's and is readable by Wireshark. */ BIO *keylog_bio; -}; -#define SSL_SESS_CACHE_OFF 0x0000 -#define SSL_SESS_CACHE_CLIENT 0x0001 -#define SSL_SESS_CACHE_SERVER 0x0002 -#define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_SERVER) -#define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 -/* See SSL_CTX_set_session_cache_mode(3) */ -#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 -#define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 -#define SSL_SESS_CACHE_NO_INTERNAL \ - (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP | SSL_SESS_CACHE_NO_INTERNAL_STORE) + /* current_time_cb, if not NULL, is the function to use to get the current + * time. It sets |*out_clock| to the current time. */ + void (*current_time_cb)(const SSL *ssl, struct timeval *out_clock); +}; OPENSSL_EXPORT LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx); -#define SSL_CTX_sess_number(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_NUMBER, 0, NULL) -#define SSL_CTX_sess_connect(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_CONNECT, 0, NULL) -#define SSL_CTX_sess_connect_good(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_CONNECT_GOOD, 0, NULL) -#define SSL_CTX_sess_connect_renegotiate(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_CONNECT_RENEGOTIATE, 0, NULL) -#define SSL_CTX_sess_accept(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_ACCEPT, 0, NULL) -#define SSL_CTX_sess_accept_renegotiate(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_ACCEPT_RENEGOTIATE, 0, NULL) -#define SSL_CTX_sess_accept_good(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_ACCEPT_GOOD, 0, NULL) -#define SSL_CTX_sess_hits(ctx) SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_HIT, 0, NULL) -#define SSL_CTX_sess_cb_hits(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_CB_HIT, 0, NULL) -#define SSL_CTX_sess_misses(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_MISSES, 0, NULL) -#define SSL_CTX_sess_timeouts(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_TIMEOUTS, 0, NULL) -#define SSL_CTX_sess_cache_full(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_CACHE_FULL, 0, NULL) -/* SSL_CTX_enable_tls_channel_id configures a TLS server to accept TLS client - * IDs from clients. Returns 1 on success. */ -#define SSL_CTX_enable_tls_channel_id(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_CHANNEL_ID, 0, NULL) + +/* SSL_CTX_sess_number returns the number of sessions in |ctx|'s internal + * session cache. */ +OPENSSL_EXPORT size_t SSL_CTX_sess_number(const SSL_CTX *ctx); OPENSSL_EXPORT void SSL_CTX_sess_set_new_cb( SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess)); @@ -984,13 +1073,6 @@ OPENSSL_EXPORT void SSL_CTX_set_channel_id_cb( SSL_CTX *ctx, void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey)); OPENSSL_EXPORT void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL *ssl, EVP_PKEY **pkey); -OPENSSL_EXPORT void SSL_CTX_set_cookie_generate_cb( - SSL_CTX *ctx, - int (*app_gen_cookie_cb)(SSL *ssl, uint8_t *cookie, size_t *cookie_len)); -OPENSSL_EXPORT void SSL_CTX_set_cookie_verify_cb( - SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, const uint8_t *cookie, - size_t cookie_len)); - /* SSL_enable_signed_cert_timestamps causes |ssl| (which must be the client end * of a connection) to request SCTs from the server. See @@ -1051,10 +1133,24 @@ OPENSSL_EXPORT int SSL_select_next_proto(uint8_t **out, uint8_t *outlen, #define OPENSSL_NPN_NEGOTIATED 1 #define OPENSSL_NPN_NO_OVERLAP 2 +/* SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|. + * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit + * length-prefixed strings). It returns zero on success and one on failure. + * + * WARNING: this function is dangerous because it breaks the usual return value + * convention. */ OPENSSL_EXPORT int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const uint8_t *protos, unsigned protos_len); + +/* SSL_set_alpn_protos sets the ALPN protocol list on |ssl| to |protos|. + * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit + * length-prefixed strings). It returns zero on success and one on failure. + * + * WARNING: this function is dangerous because it breaks the usual return value + * convention. */ OPENSSL_EXPORT int SSL_set_alpn_protos(SSL *ssl, const uint8_t *protos, unsigned protos_len); + OPENSSL_EXPORT void SSL_CTX_set_alpn_select_cb( SSL_CTX *ctx, int (*cb)(SSL *ssl, const uint8_t **out, uint8_t *outlen, const uint8_t *in, unsigned int inlen, void *arg), @@ -1067,6 +1163,11 @@ OPENSSL_EXPORT void SSL_get0_alpn_selected(const SSL *ssl, const uint8_t **data, * causes 3G radios to switch to DCH mode (high data rate). */ OPENSSL_EXPORT void SSL_enable_fastradio_padding(SSL *ssl, char on_off); +/* SSL_set_reject_peer_renegotiations controls whether renegotiation attempts by + * the peer are rejected. It may be set at any point in a connection's lifetime + * to disallow future renegotiations programmatically. */ +OPENSSL_EXPORT void SSL_set_reject_peer_renegotiations(SSL *ssl, int reject); + /* the maximum length of the buffer given to callbacks containing the resulting * identity/psk */ #define PSK_MAX_IDENTITY_LEN 128 @@ -1259,17 +1360,12 @@ struct ssl_st { /* for server side, keep the list of CA_dn we can use */ STACK_OF(X509_NAME) *client_CA; - int references; - unsigned long options; /* protocol behaviour */ - unsigned long mode; /* API behaviour */ - long max_cert_list; + uint32_t options; /* protocol behaviour */ + uint32_t mode; /* API behaviour */ + uint32_t max_cert_list; int client_version; /* what was passed, used for * SSLv3/TLS rollback check */ - unsigned int max_send_fragment; - /* TLS extension debug callback */ - void (*tlsext_debug_cb)(SSL *s, int client_server, int type, uint8_t *data, - int len, void *arg); - void *tlsext_debug_arg; + uint16_t max_send_fragment; char *tlsext_hostname; /* should_ack_sni is true if the SNI extension should be acked. This is * only used by a server. */ @@ -1328,6 +1424,10 @@ struct ssl_st { * data rate) state in 3G networks. */ char fastradio_padding; + /* reject_peer_renegotiations, if one, causes causes renegotiation attempts + * from the peer to be rejected with a fatal error. */ + char reject_peer_renegotiations; + /* These fields are always NULL and exist only to keep wpa_supplicant happy * about the change to EVP_AEAD. They are only needed for EAP-FAST, which we * don't support. */ @@ -1335,21 +1435,6 @@ struct ssl_st { EVP_MD_CTX *read_hash; }; -#ifdef __cplusplus -} -#endif - -#include -#include -#include /* This is mostly sslv3 with a few tweaks */ -#include /* Datagram TLS */ -#include -#include /* Support for the use_srtp extension */ - -#ifdef __cplusplus -extern "C" { -#endif - /* compatibility */ #define SSL_set_app_data(s, arg) (SSL_set_ex_data(s, 0, (char *)arg)) #define SSL_get_app_data(s) (SSL_get_ex_data(s, 0)) @@ -1391,12 +1476,15 @@ extern "C" { /* Is the SSL_connection established? */ #define SSL_get_state(a) SSL_state(a) #define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK) -#define SSL_in_init(a) \ - ((SSL_state(a) & SSL_ST_INIT) && !SSL_cutthrough_complete(a)) +#define SSL_in_init(a) (SSL_state(a) & SSL_ST_INIT) #define SSL_in_before(a) (SSL_state(a) & SSL_ST_BEFORE) #define SSL_in_connect_init(a) (SSL_state(a) & SSL_ST_CONNECT) #define SSL_in_accept_init(a) (SSL_state(a) & SSL_ST_ACCEPT) -OPENSSL_EXPORT int SSL_cutthrough_complete(const SSL *s); + +/* SSL_in_false_start returns one if |s| has a pending unfinished handshake that + * is in False Start. |SSL_write| may be called at this point without waiting + * for the peer, but |SSL_read| will require the handshake to be completed. */ +OPENSSL_EXPORT int SSL_in_false_start(const SSL *s); /* The following 2 states are kept in ssl->rstate when reads fail, * you should not need these */ @@ -1493,84 +1581,17 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_ERROR_PENDING_SESSION 11 #define SSL_ERROR_PENDING_CERTIFICATE 12 -#define SSL_CTRL_NEED_TMP_RSA 1 -#define SSL_CTRL_SET_TMP_RSA 2 -#define SSL_CTRL_SET_TMP_DH 3 -#define SSL_CTRL_SET_TMP_ECDH 4 -#define SSL_CTRL_SET_TMP_RSA_CB 5 -#define SSL_CTRL_SET_TMP_DH_CB 6 -#define SSL_CTRL_SET_TMP_ECDH_CB 7 - -#define SSL_CTRL_GET_SESSION_REUSED 8 -#define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 -#define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 -#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 -#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 -#define SSL_CTRL_GET_FLAGS 13 #define SSL_CTRL_EXTRA_CHAIN_CERT 14 -#define SSL_CTRL_SET_MSG_CALLBACK 15 -#define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 - -/* only applies to datagram connections */ -#define SSL_CTRL_SET_MTU 17 -/* Stats */ -#define SSL_CTRL_SESS_NUMBER 20 -#define SSL_CTRL_SESS_CONNECT 21 -#define SSL_CTRL_SESS_CONNECT_GOOD 22 -#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23 -#define SSL_CTRL_SESS_ACCEPT 24 -#define SSL_CTRL_SESS_ACCEPT_GOOD 25 -#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26 -#define SSL_CTRL_SESS_HIT 27 -#define SSL_CTRL_SESS_CB_HIT 28 -#define SSL_CTRL_SESS_MISSES 29 -#define SSL_CTRL_SESS_TIMEOUTS 30 -#define SSL_CTRL_SESS_CACHE_FULL 31 -#define SSL_CTRL_OPTIONS 32 -#define SSL_CTRL_MODE 33 - -#define SSL_CTRL_GET_READ_AHEAD 40 -#define SSL_CTRL_SET_READ_AHEAD 41 -#define SSL_CTRL_SET_SESS_CACHE_SIZE 42 -#define SSL_CTRL_GET_SESS_CACHE_SIZE 43 -#define SSL_CTRL_SET_SESS_CACHE_MODE 44 -#define SSL_CTRL_GET_SESS_CACHE_MODE 45 - -#define SSL_CTRL_GET_MAX_CERT_LIST 50 -#define SSL_CTRL_SET_MAX_CERT_LIST 51 - -#define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 - /* see tls1.h for macros based on these */ -#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 -#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 -#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 -#define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 -#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 #define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 #define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 -#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 -#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 - -#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 - -#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 -#define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 -#define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 #define SSL_CTRL_SET_SRP_ARG 78 #define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 #define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 #define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 -#define DTLS_CTRL_GET_TIMEOUT 73 -#define DTLS_CTRL_HANDLE_TIMEOUT 74 - -#define SSL_CTRL_GET_RI_SUPPORT 76 -#define SSL_CTRL_CLEAR_OPTIONS 77 -#define SSL_CTRL_CLEAR_MODE 78 - #define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 #define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 @@ -1580,11 +1601,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTRL_GET_CURVES 90 #define SSL_CTRL_SET_CURVES 91 #define SSL_CTRL_SET_CURVES_LIST 92 -#define SSL_CTRL_SET_ECDH_AUTO 94 #define SSL_CTRL_SET_SIGALGS 97 #define SSL_CTRL_SET_SIGALGS_LIST 98 -#define SSL_CTRL_CERT_FLAGS 99 -#define SSL_CTRL_CLEAR_CERT_FLAGS 100 #define SSL_CTRL_SET_CLIENT_SIGALGS 101 #define SSL_CTRL_SET_CLIENT_SIGALGS_LIST 102 #define SSL_CTRL_GET_CLIENT_CERT_TYPES 103 @@ -1593,70 +1611,97 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTRL_SET_VERIFY_CERT_STORE 106 #define SSL_CTRL_SET_CHAIN_CERT_STORE 107 #define SSL_CTRL_GET_SERVER_TMP_KEY 109 -#define SSL_CTRL_GET_RAW_CIPHERLIST 110 #define SSL_CTRL_GET_EC_POINT_FORMATS 111 #define SSL_CTRL_GET_CHAIN_CERTS 115 #define SSL_CTRL_SELECT_CURRENT_CERT 116 -#define SSL_CTRL_CHANNEL_ID 117 -#define SSL_CTRL_GET_CHANNEL_ID 118 -#define SSL_CTRL_SET_CHANNEL_ID 119 - /* DTLSv1_get_timeout queries the next DTLS handshake timeout. If there is a - * timeout in progress, it sets |*((OPENSSL_timeval*)arg)| to the time remaining - * and returns one. Otherwise, it returns zero. */ -#define DTLSv1_get_timeout(ssl, arg) \ - SSL_ctrl(ssl, DTLS_CTRL_GET_TIMEOUT, 0, (void *)arg) -#define DTLSv1_handle_timeout(ssl) \ - SSL_ctrl(ssl, DTLS_CTRL_HANDLE_TIMEOUT, 0, NULL) - -#define SSL_session_reused(ssl) \ - SSL_ctrl((ssl), SSL_CTRL_GET_SESSION_REUSED, 0, NULL) -#define SSL_num_renegotiations(ssl) \ - SSL_ctrl((ssl), SSL_CTRL_GET_NUM_RENEGOTIATIONS, 0, NULL) -#define SSL_clear_num_renegotiations(ssl) \ - SSL_ctrl((ssl), SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS, 0, NULL) -#define SSL_total_renegotiations(ssl) \ - SSL_ctrl((ssl), SSL_CTRL_GET_TOTAL_RENEGOTIATIONS, 0, NULL) - -#define SSL_CTX_need_tmp_RSA(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_NEED_TMP_RSA, 0, NULL) -#define SSL_CTX_set_tmp_rsa(ctx, rsa) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_RSA, 0, (char *)rsa) -#define SSL_CTX_set_tmp_dh(ctx, dh) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_DH, 0, (char *)dh) -#define SSL_CTX_set_tmp_ecdh(ctx, ecdh) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH, 0, (char *)ecdh) - -#define SSL_need_tmp_RSA(ssl) SSL_ctrl(ssl, SSL_CTRL_NEED_TMP_RSA, 0, NULL) -#define SSL_set_tmp_rsa(ssl, rsa) \ - SSL_ctrl(ssl, SSL_CTRL_SET_TMP_RSA, 0, (char *)rsa) -#define SSL_set_tmp_dh(ssl, dh) \ - SSL_ctrl(ssl, SSL_CTRL_SET_TMP_DH, 0, (char *)dh) -#define SSL_set_tmp_ecdh(ssl, ecdh) \ - SSL_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH, 0, (char *)ecdh) + * timeout in progress, it sets |*out| to the time remaining and returns one. + * Otherwise, it returns zero. + * + * When the timeout expires, call |DTLSv1_handle_timeout| to handle the + * retransmit behavior. + * + * NOTE: This function must be queried again whenever the handshake state + * machine changes, including when |DTLSv1_handle_timeout| is called. */ +OPENSSL_EXPORT int DTLSv1_get_timeout(const SSL *ssl, struct timeval *out); + +/* DTLSv1_handle_timeout is called when a DTLS handshake timeout expires. If no + * timeout had expired, it returns 0. Otherwise, it retransmits the previous + * flight of handshake messages and returns 1. If too many timeouts had expired + * without progress or an error occurs, it returns -1. + * + * NOTE: The caller's external timer should be compatible with the one |ssl| + * queries within some fudge factor. Otherwise, the call will be a no-op, but + * |DTLSv1_get_timeout| will return an updated timeout. + * + * WARNING: This function breaks the usual return value convention. */ +OPENSSL_EXPORT int DTLSv1_handle_timeout(SSL *ssl); + +/* SSL_session_reused returns one if |ssl| performed an abbreviated handshake + * and zero otherwise. + * + * TODO(davidben): Hammer down the semantics of this API while a handshake, + * initial or renego, is in progress. */ +OPENSSL_EXPORT int SSL_session_reused(const SSL *ssl); + +/* SSL_total_renegotiations returns the total number of renegotiation handshakes + * peformed by |ssl|. This includes the pending renegotiation, if any. */ +OPENSSL_EXPORT int SSL_total_renegotiations(const SSL *ssl); + +/* SSL_CTX_set_tmp_dh configures |ctx| to use the group from |dh| as the group + * for DHE. Only the group is used, so |dh| needn't have a keypair. It returns + * one on success and zero on error. */ +OPENSSL_EXPORT int SSL_CTX_set_tmp_dh(SSL_CTX *ctx, const DH *dh); + +/* SSL_set_tmp_dh configures |ssl| to use the group from |dh| as the group for + * DHE. Only the group is used, so |dh| needn't have a keypair. It returns one + * on success and zero on error. */ +OPENSSL_EXPORT int SSL_set_tmp_dh(SSL *ssl, const DH *dh); + +/* SSL_CTX_set_tmp_ecdh configures |ctx| to use the curve from |ecdh| as the + * curve for ephemeral ECDH keys. For historical reasons, this API expects an + * |EC_KEY|, but only the curve is used. It returns one on success and zero on + * error. If unset, an appropriate curve will be chosen automatically. (This is + * recommended.) */ +OPENSSL_EXPORT int SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, const EC_KEY *ec_key); + +/* SSL_set_tmp_ecdh configures |ssl| to use the curve from |ecdh| as the curve + * for ephemeral ECDH keys. For historical reasons, this API expects an + * |EC_KEY|, but only the curve is used. It returns one on success and zero on + * error. If unset, an appropriate curve will be chosen automatically. (This is + * recommended.) */ +OPENSSL_EXPORT int SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ec_key); + +/* SSL_CTX_enable_tls_channel_id either configures a TLS server to accept TLS + * client IDs from clients, or configures a client to send TLS client IDs to + * a server. It returns one. */ +OPENSSL_EXPORT int SSL_CTX_enable_tls_channel_id(SSL_CTX *ctx); /* SSL_enable_tls_channel_id either configures a TLS server to accept TLS * client IDs from clients, or configure a client to send TLS client IDs to - * server. Returns 1 on success. */ -#define SSL_enable_tls_channel_id(s) SSL_ctrl(s, SSL_CTRL_CHANNEL_ID, 0, NULL) + * server. It returns one. */ +OPENSSL_EXPORT int SSL_enable_tls_channel_id(SSL *ssl); + +/* SSL_CTX_set1_tls_channel_id configures a TLS client to send a TLS Channel ID + * to compatible servers. |private_key| must be a P-256 EC key. It returns one + * on success and zero on error. */ +OPENSSL_EXPORT int SSL_CTX_set1_tls_channel_id(SSL_CTX *ctx, + EVP_PKEY *private_key); /* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to - * compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on - * success. */ -#define SSL_set1_tls_channel_id(s, private_key) \ - SSL_ctrl(s, SSL_CTRL_SET_CHANNEL_ID, 0, (void *)private_key) -#define SSL_CTX_set1_tls_channel_id(ctx, private_key) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_CHANNEL_ID, 0, (void *)private_key) + * compatible servers. |private_key| must be a P-256 EC key. It returns one on + * success and zero on error. */ +OPENSSL_EXPORT int SSL_set1_tls_channel_id(SSL *ssl, EVP_PKEY *private_key); /* SSL_get_tls_channel_id gets the client's TLS Channel ID from a server SSL* - * and copies up to the first |channel_id_len| bytes into |channel_id|. The - * Channel ID consists of the client's P-256 public key as an (x,y) pair where - * each is a 32-byte, big-endian field element. Returns 0 if the client didn't - * offer a Channel ID and the length of the complete Channel ID otherwise. */ -#define SSL_get_tls_channel_id(ctx, channel_id, channel_id_len) \ - SSL_ctrl(ctx, SSL_CTRL_GET_CHANNEL_ID, channel_id_len, (void *)channel_id) + * and copies up to the first |max_out| bytes into |out|. The Channel ID + * consists of the client's P-256 public key as an (x,y) pair where each is a + * 32-byte, big-endian field element. It returns 0 if the client didn't offer a + * Channel ID and the length of the complete Channel ID otherwise. */ +OPENSSL_EXPORT size_t SSL_get_tls_channel_id(SSL *ssl, uint8_t *out, + size_t max_out); #define SSL_CTX_add_extra_chain_cert(ctx, x509) \ SSL_CTX_ctrl(ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, (char *)x509) @@ -1724,10 +1769,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_ctrl(ctx, SSL_CTRL_SET_CURVES, clistlen, (char *)clist) #define SSL_set1_curves_list(ctx, s) \ SSL_ctrl(ctx, SSL_CTRL_SET_CURVES_LIST, 0, (char *)s) -#define SSL_CTX_set_ecdh_auto(ctx, onoff) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_ECDH_AUTO, onoff, NULL) -#define SSL_set_ecdh_auto(s, onoff) \ - SSL_ctrl(s, SSL_CTRL_SET_ECDH_AUTO, onoff, NULL) #define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SIGALGS, slistlen, (int *)slist) @@ -1758,9 +1799,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_get_server_tmp_key(s, pk) \ SSL_ctrl(s, SSL_CTRL_GET_SERVER_TMP_KEY, 0, pk) -#define SSL_get0_raw_cipherlist(s, plst) \ - SSL_ctrl(s, SSL_CTRL_GET_RAW_CIPHERLIST, 0, (char *)plst) - #define SSL_get0_ec_point_formats(s, plst) \ SSL_ctrl(s, SSL_CTRL_GET_EC_POINT_FORMATS, 0, (char *)plst) @@ -1778,13 +1816,6 @@ OPENSSL_EXPORT int SSL_clear(SSL *s); OPENSSL_EXPORT void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); OPENSSL_EXPORT const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); -OPENSSL_EXPORT int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); -OPENSSL_EXPORT const char *SSL_CIPHER_get_version(const SSL_CIPHER *c); -OPENSSL_EXPORT const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); -/* SSL_CIPHER_get_kx_name returns a string that describes the key-exchange - * method used by |c|. For example, "ECDHE-ECDSA". */ -OPENSSL_EXPORT const char *SSL_CIPHER_get_kx_name(const SSL_CIPHER *cipher); -OPENSSL_EXPORT unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c); OPENSSL_EXPORT int SSL_get_fd(const SSL *s); OPENSSL_EXPORT int SSL_get_rfd(const SSL *s); @@ -1862,7 +1893,15 @@ OPENSSL_EXPORT const uint8_t *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len); OPENSSL_EXPORT int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); OPENSSL_EXPORT int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); -OPENSSL_EXPORT void SSL_SESSION_free(SSL_SESSION *ses); + +/* SSL_SESSION_up_ref, if |session| is not NULL, increments the reference count + * of |session|. It then returns |session|. */ +OPENSSL_EXPORT SSL_SESSION *SSL_SESSION_up_ref(SSL_SESSION *session); + +/* SSL_SESSION_free decrements the reference count of |session|. If it reaches + * zero, all data referenced by |session| and |session| itself are released. */ +OPENSSL_EXPORT void SSL_SESSION_free(SSL_SESSION *session); + OPENSSL_EXPORT int SSL_set_session(SSL *to, SSL_SESSION *session); OPENSSL_EXPORT int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); OPENSSL_EXPORT int SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c); @@ -1968,9 +2007,7 @@ OPENSSL_EXPORT int SSL_read(SSL *ssl, void *buf, int num); OPENSSL_EXPORT int SSL_peek(SSL *ssl, void *buf, int num); OPENSSL_EXPORT int SSL_write(SSL *ssl, const void *buf, int num); OPENSSL_EXPORT long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); -OPENSSL_EXPORT long SSL_callback_ctrl(SSL *, int, void (*)(void)); OPENSSL_EXPORT long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); -OPENSSL_EXPORT long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); OPENSSL_EXPORT int SSL_get_error(const SSL *s, int ret_code); /* SSL_get_version returns a string describing the TLS version used by |s|. For @@ -1980,58 +2017,16 @@ OPENSSL_EXPORT const char *SSL_get_version(const SSL *s); * |sess|. For example, "TLSv1.2" or "SSLv3". */ OPENSSL_EXPORT const char *SSL_SESSION_get_version(const SSL_SESSION *sess); -OPENSSL_EXPORT int SSL_CIPHER_is_AES(const SSL_CIPHER *c); -OPENSSL_EXPORT int SSL_CIPHER_has_MD5_HMAC(const SSL_CIPHER *c); -OPENSSL_EXPORT int SSL_CIPHER_is_AESGCM(const SSL_CIPHER *c); -OPENSSL_EXPORT int SSL_CIPHER_is_CHACHA20POLY1305(const SSL_CIPHER *c); - /* TLS_method is the SSL_METHOD used for TLS (and SSLv3) connections. */ OPENSSL_EXPORT const SSL_METHOD *TLS_method(void); /* DTLS_method is the SSL_METHOD used for DTLS connections. */ OPENSSL_EXPORT const SSL_METHOD *DTLS_method(void); - -/* Deprecated methods. */ - -/* SSLv23_method calls TLS_method. */ -OPENSSL_EXPORT const SSL_METHOD *SSLv23_method(void); - -/* Version-specific methods behave exactly like TLS_method and DTLS_method - * except they also call SSL_CTX_set_min_version and SSL_CTX_set_max_version to - * lock connections to that protocol version. */ -OPENSSL_EXPORT const SSL_METHOD *SSLv3_method(void); -OPENSSL_EXPORT const SSL_METHOD *TLSv1_method(void); -OPENSSL_EXPORT const SSL_METHOD *TLSv1_1_method(void); -OPENSSL_EXPORT const SSL_METHOD *TLSv1_2_method(void); -OPENSSL_EXPORT const SSL_METHOD *DTLSv1_method(void); -OPENSSL_EXPORT const SSL_METHOD *DTLSv1_2_method(void); - -/* Client- and server-specific methods call their corresponding generic - * methods. */ -OPENSSL_EXPORT const SSL_METHOD *SSLv23_server_method(void); -OPENSSL_EXPORT const SSL_METHOD *SSLv23_client_method(void); -OPENSSL_EXPORT const SSL_METHOD *SSLv3_server_method(void); -OPENSSL_EXPORT const SSL_METHOD *SSLv3_client_method(void); -OPENSSL_EXPORT const SSL_METHOD *TLSv1_server_method(void); -OPENSSL_EXPORT const SSL_METHOD *TLSv1_client_method(void); -OPENSSL_EXPORT const SSL_METHOD *TLSv1_1_server_method(void); -OPENSSL_EXPORT const SSL_METHOD *TLSv1_1_client_method(void); -OPENSSL_EXPORT const SSL_METHOD *TLSv1_2_server_method(void); -OPENSSL_EXPORT const SSL_METHOD *TLSv1_2_client_method(void); -OPENSSL_EXPORT const SSL_METHOD *DTLS_server_method(void); -OPENSSL_EXPORT const SSL_METHOD *DTLS_client_method(void); -OPENSSL_EXPORT const SSL_METHOD *DTLSv1_server_method(void); -OPENSSL_EXPORT const SSL_METHOD *DTLSv1_client_method(void); -OPENSSL_EXPORT const SSL_METHOD *DTLSv1_2_server_method(void); -OPENSSL_EXPORT const SSL_METHOD *DTLSv1_2_client_method(void); - - OPENSSL_EXPORT STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); OPENSSL_EXPORT int SSL_do_handshake(SSL *s); OPENSSL_EXPORT int SSL_renegotiate(SSL *s); -OPENSSL_EXPORT int SSL_renegotiate_abbreviated(SSL *s); OPENSSL_EXPORT int SSL_renegotiate_pending(SSL *s); OPENSSL_EXPORT int SSL_shutdown(SSL *s); @@ -2055,12 +2050,6 @@ OPENSSL_EXPORT void SSL_set_accept_state(SSL *s); OPENSSL_EXPORT long SSL_get_default_timeout(const SSL *s); -/* SSL_library_init initializes the crypto and SSL libraries, loads their error - * strings, and returns one. */ -OPENSSL_EXPORT int SSL_library_init(void); - -OPENSSL_EXPORT const char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, - int size); OPENSSL_EXPORT STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); OPENSSL_EXPORT X509 *SSL_get_certificate(const SSL *ssl); @@ -2122,61 +2111,132 @@ OPENSSL_EXPORT int SSL_CTX_get_ex_new_index(long argl, void *argp, OPENSSL_EXPORT int SSL_get_ex_data_X509_STORE_CTX_idx(void); -#define SSL_CTX_sess_set_cache_size(ctx, t) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SESS_CACHE_SIZE, t, NULL) -#define SSL_CTX_sess_get_cache_size(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_GET_SESS_CACHE_SIZE, 0, NULL) -#define SSL_CTX_set_session_cache_mode(ctx, m) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SESS_CACHE_MODE, m, NULL) -#define SSL_CTX_get_session_cache_mode(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_GET_SESS_CACHE_MODE, 0, NULL) - -#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx) -#define SSL_CTX_set_default_read_ahead(ctx, m) SSL_CTX_set_read_ahead(ctx, m) -#define SSL_CTX_get_read_ahead(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_GET_READ_AHEAD, 0, NULL) -#define SSL_CTX_set_read_ahead(ctx, m) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_READ_AHEAD, m, NULL) -#define SSL_CTX_get_max_cert_list(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_CERT_LIST, 0, NULL) -#define SSL_CTX_set_max_cert_list(ctx, m) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_CERT_LIST, m, NULL) -#define SSL_get_max_cert_list(ssl) \ - SSL_ctrl(ssl, SSL_CTRL_GET_MAX_CERT_LIST, 0, NULL) -#define SSL_set_max_cert_list(ssl, m) \ - SSL_ctrl(ssl, SSL_CTRL_SET_MAX_CERT_LIST, m, NULL) - -#define SSL_CTX_set_max_send_fragment(ctx, m) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_SEND_FRAGMENT, m, NULL) -#define SSL_set_max_send_fragment(ssl, m) \ - SSL_ctrl(ssl, SSL_CTRL_SET_MAX_SEND_FRAGMENT, m, NULL) - -/* NB: the keylength is only applicable when is_export is true */ -OPENSSL_EXPORT void SSL_CTX_set_tmp_rsa_callback( - SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int is_export, int keylength)); +/* SSL_CTX_sess_set_cache_size sets the maximum size of |ctx|'s session cache to + * |size|. It returns the previous value. */ +OPENSSL_EXPORT unsigned long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, + unsigned long size); -OPENSSL_EXPORT void SSL_set_tmp_rsa_callback(SSL *ssl, - RSA *(*cb)(SSL *ssl, int is_export, - int keylength)); +/* SSL_CTX_sess_set_cache_size returns the maximum size of |ctx|'s session + * cache. */ +OPENSSL_EXPORT unsigned long SSL_CTX_sess_get_cache_size(const SSL_CTX *ctx); + +/* SSL_SESS_CACHE_* are the possible session cache mode bits. + * TODO(davidben): Document. */ +#define SSL_SESS_CACHE_OFF 0x0000 +#define SSL_SESS_CACHE_CLIENT 0x0001 +#define SSL_SESS_CACHE_SERVER 0x0002 +#define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_SERVER) +#define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 +#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 +#define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 +#define SSL_SESS_CACHE_NO_INTERNAL \ + (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP | SSL_SESS_CACHE_NO_INTERNAL_STORE) + +/* SSL_CTX_set_session_cache_mode sets the session cache mode bits for |ctx| to + * |mode|. It returns the previous value. */ +OPENSSL_EXPORT int SSL_CTX_set_session_cache_mode(SSL_CTX *ctx, int mode); + +/* SSL_CTX_get_session_cache_mode returns the session cache mode bits for + * |ctx| */ +OPENSSL_EXPORT int SSL_CTX_get_session_cache_mode(const SSL_CTX *ctx); + +/* TODO(davidben): Deprecate read_ahead functions after https://crbug.com/447431 + * is resolved. */ +OPENSSL_EXPORT int SSL_CTX_get_read_ahead(const SSL_CTX *ctx); +OPENSSL_EXPORT void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes); + +/* SSL_CTX_get_max_cert_list returns the maximum length, in bytes, of a peer + * certificate chain accepted by |ctx|. */ +OPENSSL_EXPORT size_t SSL_CTX_get_max_cert_list(const SSL_CTX *ctx); + +/* SSL_CTX_set_max_cert_list sets the maximum length, in bytes, of a peer + * certificate chain to |max_cert_list|. This affects how much memory may be + * consumed during the handshake. */ +OPENSSL_EXPORT void SSL_CTX_set_max_cert_list(SSL_CTX *ctx, + size_t max_cert_list); + +/* SSL_get_max_cert_list returns the maximum length, in bytes, of a peer + * certificate chain accepted by |ssl|. */ +OPENSSL_EXPORT size_t SSL_get_max_cert_list(const SSL *ssl); + +/* SSL_set_max_cert_list sets the maximum length, in bytes, of a peer + * certificate chain to |max_cert_list|. This affects how much memory may be + * consumed during the handshake. */ +OPENSSL_EXPORT void SSL_set_max_cert_list(SSL *ssl, size_t max_cert_list); + +/* SSL_CTX_set_max_send_fragment sets the maximum length, in bytes, of records + * sent by |ctx|. Beyond this length, handshake messages and application data + * will be split into multiple records. */ +OPENSSL_EXPORT void SSL_CTX_set_max_send_fragment(SSL_CTX *ctx, + size_t max_send_fragment); + +/* SSL_set_max_send_fragment sets the maximum length, in bytes, of records + * sent by |ssl|. Beyond this length, handshake messages and application data + * will be split into multiple records. */ +OPENSSL_EXPORT void SSL_set_max_send_fragment(SSL *ssl, + size_t max_send_fragment); + +/* SSL_CTX_set_tmp_dh_callback configures |ctx| to use |callback| to determine + * the group for DHE ciphers. |callback| should ignore |is_export| and + * |keylength| and return a |DH| of the selected group or NULL on error. Only + * the parameters are used, so the |DH| needn't have a generated keypair. + * + * WARNING: The caller does not take ownership of the resulting |DH|, so + * |callback| must save and release the object elsewhere. */ OPENSSL_EXPORT void SSL_CTX_set_tmp_dh_callback( - SSL_CTX *ctx, DH *(*dh)(SSL *ssl, int is_export, int keylength)); + SSL_CTX *ctx, DH *(*callback)(SSL *ssl, int is_export, int keylength)); + +/* SSL_set_tmp_dh_callback configures |ssl| to use |callback| to determine the + * group for DHE ciphers. |callback| should ignore |is_export| and |keylength| + * and return a |DH| of the selected group or NULL on error. Only the + * parameters are used, so the |DH| needn't have a generated keypair. + * + * WARNING: The caller does not take ownership of the resulting |DH|, so + * |callback| must save and release the object elsewhere. */ OPENSSL_EXPORT void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl, int is_export, int keylength)); + +/* SSL_CTX_set_tmp_ecdh_callback configures |ctx| to use |callback| to determine + * the curve for ephemeral ECDH keys. |callback| should ignore |is_export| and + * |keylength| and return an |EC_KEY| of the selected curve or NULL on + * error. Only the curve is used, so the |EC_KEY| needn't have a generated + * keypair. + * + * If the callback is unset, an appropriate curve will be chosen automatically. + * (This is recommended.) + * + * WARNING: The caller does not take ownership of the resulting |EC_KEY|, so + * |callback| must save and release the object elsewhere. */ OPENSSL_EXPORT void SSL_CTX_set_tmp_ecdh_callback( - SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength)); + SSL_CTX *ctx, EC_KEY *(*callback)(SSL *ssl, int is_export, int keylength)); + +/* SSL_set_tmp_ecdh_callback configures |ssl| to use |callback| to determine the + * curve for ephemeral ECDH keys. |callback| should ignore |is_export| and + * |keylength| and return an |EC_KEY| of the selected curve or NULL on + * error. Only the curve is used, so the |EC_KEY| needn't have a generated + * keypair. + * + * If the callback is unset, an appropriate curve will be chosen automatically. + * (This is recommended.) + * + * WARNING: The caller does not take ownership of the resulting |EC_KEY|, so + * |callback| must save and release the object elsewhere. */ OPENSSL_EXPORT void SSL_set_tmp_ecdh_callback( - SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength)); + SSL *ssl, EC_KEY *(*callback)(SSL *ssl, int is_export, int keylength)); OPENSSL_EXPORT const void *SSL_get_current_compression(SSL *s); OPENSSL_EXPORT const void *SSL_get_current_expansion(SSL *s); -OPENSSL_EXPORT const char *SSL_COMP_get_name(const void *comp); -OPENSSL_EXPORT void *SSL_COMP_get_compression_methods(void); -OPENSSL_EXPORT int SSL_COMP_add_compression_method(int id, void *cm); OPENSSL_EXPORT int SSL_cache_hit(SSL *s); OPENSSL_EXPORT int SSL_is_server(SSL *s); +/* SSL_CTX_set_dos_protection_cb sets a callback that is called once the + * resumption decision for a ClientHello has been made. It can return 1 to + * allow the handshake to continue or zero to cause the handshake to abort. */ +OPENSSL_EXPORT void SSL_CTX_set_dos_protection_cb( + SSL_CTX *ctx, int (*cb)(const struct ssl_early_callback_ctx *)); + /* SSL_get_structure_sizes returns the sizes of the SSL, SSL_CTX and * SSL_SESSION structures so that a test can ensure that outside code agrees on * these values. */ @@ -2186,6 +2246,130 @@ OPENSSL_EXPORT void SSL_get_structure_sizes(size_t *ssl_size, OPENSSL_EXPORT void ERR_load_SSL_strings(void); +/* SSL_get_rc4_state sets |*read_key| and |*write_key| to the RC4 states for + * the read and write directions. It returns one on success or zero if |ssl| + * isn't using an RC4-based cipher suite. */ +OPENSSL_EXPORT int SSL_get_rc4_state(const SSL *ssl, const RC4_KEY **read_key, + const RC4_KEY **write_key); + + +/* Deprecated functions. */ + +/* SSL_CIPHER_description writes a description of |cipher| into |buf| and + * returns |buf|. If |buf| is NULL, it returns a newly allocated string, to be + * freed with |OPENSSL_free|, or NULL on error. + * + * The description includes a trailing newline and has the form: + * AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 + * + * Consider |SSL_CIPHER_get_name| or |SSL_CIPHER_get_rfc_name| instead. */ +OPENSSL_EXPORT const char *SSL_CIPHER_description(const SSL_CIPHER *cipher, + char *buf, int len); + +/* SSL_CIPHER_get_version returns the string "TLSv1/SSLv3". */ +OPENSSL_EXPORT const char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher); + +/* SSL_COMP_get_compression_methods returns NULL. */ +OPENSSL_EXPORT void *SSL_COMP_get_compression_methods(void); + +/* SSL_COMP_add_compression_method returns one. */ +OPENSSL_EXPORT int SSL_COMP_add_compression_method(int id, void *cm); + +/* SSL_COMP_get_name returns NULL. */ +OPENSSL_EXPORT const char *SSL_COMP_get_name(const void *comp); + +/* SSLv23_method calls |TLS_method|. */ +OPENSSL_EXPORT const SSL_METHOD *SSLv23_method(void); + +/* Version-specific methods behave exactly like |TLS_method| and |DTLS_method| + * except they also call |SSL_CTX_set_min_version| and |SSL_CTX_set_max_version| + * to lock connections to that protocol version. */ +OPENSSL_EXPORT const SSL_METHOD *SSLv3_method(void); +OPENSSL_EXPORT const SSL_METHOD *TLSv1_method(void); +OPENSSL_EXPORT const SSL_METHOD *TLSv1_1_method(void); +OPENSSL_EXPORT const SSL_METHOD *TLSv1_2_method(void); +OPENSSL_EXPORT const SSL_METHOD *DTLSv1_method(void); +OPENSSL_EXPORT const SSL_METHOD *DTLSv1_2_method(void); + +/* Client- and server-specific methods call their corresponding generic + * methods. */ +OPENSSL_EXPORT const SSL_METHOD *SSLv23_server_method(void); +OPENSSL_EXPORT const SSL_METHOD *SSLv23_client_method(void); +OPENSSL_EXPORT const SSL_METHOD *SSLv3_server_method(void); +OPENSSL_EXPORT const SSL_METHOD *SSLv3_client_method(void); +OPENSSL_EXPORT const SSL_METHOD *TLSv1_server_method(void); +OPENSSL_EXPORT const SSL_METHOD *TLSv1_client_method(void); +OPENSSL_EXPORT const SSL_METHOD *TLSv1_1_server_method(void); +OPENSSL_EXPORT const SSL_METHOD *TLSv1_1_client_method(void); +OPENSSL_EXPORT const SSL_METHOD *TLSv1_2_server_method(void); +OPENSSL_EXPORT const SSL_METHOD *TLSv1_2_client_method(void); +OPENSSL_EXPORT const SSL_METHOD *DTLS_server_method(void); +OPENSSL_EXPORT const SSL_METHOD *DTLS_client_method(void); +OPENSSL_EXPORT const SSL_METHOD *DTLSv1_server_method(void); +OPENSSL_EXPORT const SSL_METHOD *DTLSv1_client_method(void); +OPENSSL_EXPORT const SSL_METHOD *DTLSv1_2_server_method(void); +OPENSSL_EXPORT const SSL_METHOD *DTLSv1_2_client_method(void); + +/* SSL_CTX_set_tmp_rsa_callback does nothing. */ +OPENSSL_EXPORT void SSL_CTX_set_tmp_rsa_callback( + SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int is_export, int keylength)); + +/* SSL_set_tmp_rsa_callback does nothing. */ +OPENSSL_EXPORT void SSL_set_tmp_rsa_callback(SSL *ssl, + RSA *(*cb)(SSL *ssl, int is_export, + int keylength)); + +/* SSL_CTX_sess_connect returns zero. */ +OPENSSL_EXPORT int SSL_CTX_sess_connect(const SSL_CTX *ctx); + +/* SSL_CTX_sess_connect_good returns zero. */ +OPENSSL_EXPORT int SSL_CTX_sess_connect_good(const SSL_CTX *ctx); + +/* SSL_CTX_sess_connect_renegotiate returns zero. */ +OPENSSL_EXPORT int SSL_CTX_sess_connect_renegotiate(const SSL_CTX *ctx); + +/* SSL_CTX_sess_accept returns zero. */ +OPENSSL_EXPORT int SSL_CTX_sess_accept(const SSL_CTX *ctx); + +/* SSL_CTX_sess_accept_renegotiate returns zero. */ +OPENSSL_EXPORT int SSL_CTX_sess_accept_renegotiate(const SSL_CTX *ctx); + +/* SSL_CTX_sess_accept_good returns zero. */ +OPENSSL_EXPORT int SSL_CTX_sess_accept_good(const SSL_CTX *ctx); + +/* SSL_CTX_sess_hits returns zero. */ +OPENSSL_EXPORT int SSL_CTX_sess_hits(const SSL_CTX *ctx); + +/* SSL_CTX_sess_cb_hits returns zero. */ +OPENSSL_EXPORT int SSL_CTX_sess_cb_hits(const SSL_CTX *ctx); + +/* SSL_CTX_sess_misses returns zero. */ +OPENSSL_EXPORT int SSL_CTX_sess_misses(const SSL_CTX *ctx); + +/* SSL_CTX_sess_timeouts returns zero. */ +OPENSSL_EXPORT int SSL_CTX_sess_timeouts(const SSL_CTX *ctx); + +/* SSL_CTX_sess_cache_full returns zero. */ +OPENSSL_EXPORT int SSL_CTX_sess_cache_full(const SSL_CTX *ctx); + +/* SSL_cutthrough_complete calls |SSL_in_false_start|. */ +OPENSSL_EXPORT int SSL_cutthrough_complete(const SSL *s); + +/* SSL_num_renegotiations calls |SSL_total_renegotiations|. */ +OPENSSL_EXPORT int SSL_num_renegotiations(const SSL *ssl); + +/* SSL_CTX_need_tmp_RSA returns zero. */ +OPENSSL_EXPORT int SSL_CTX_need_tmp_RSA(const SSL_CTX *ctx); + +/* SSL_need_tmp_RSA returns zero. */ +OPENSSL_EXPORT int SSL_need_tmp_RSA(const SSL *ssl); + +/* SSL_CTX_set_tmp_rsa returns one. */ +OPENSSL_EXPORT int SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, const RSA *rsa); + +/* SSL_set_tmp_rsa returns one. */ +OPENSSL_EXPORT int SSL_set_tmp_rsa(SSL *ssl, const RSA *rsa); + /* Android compatibility section. * @@ -2201,530 +2385,483 @@ OPENSSL_EXPORT int SSL_set_session_secret_cb(SSL *s, void *cb, void *arg); OPENSSL_EXPORT int SSL_set_session_ticket_ext_cb(SSL *s, void *cb, void *arg); OPENSSL_EXPORT int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); +#define OPENSSL_VERSION_TEXT "BoringSSL" + +#define SSLEAY_VERSION 0 + +/* SSLeay_version is a compatibility function that returns the string + * "BoringSSL". */ +OPENSSL_EXPORT const char *SSLeay_version(int unused); -#ifdef __cplusplus -} + +/* Preprocessor compatibility section. + * + * Historically, a number of APIs were implemented in OpenSSL as macros and + * constants to 'ctrl' functions. To avoid breaking #ifdefs in consumers, this + * section defines a number of legacy macros. */ + +#define SSL_CTRL_NEED_TMP_RSA doesnt_exist +#define SSL_CTRL_SET_TMP_RSA doesnt_exist +#define SSL_CTRL_SET_TMP_DH doesnt_exist +#define SSL_CTRL_SET_TMP_ECDH doesnt_exist +#define SSL_CTRL_SET_TMP_RSA_CB doesnt_exist +#define SSL_CTRL_SET_TMP_DH_CB doesnt_exist +#define SSL_CTRL_SET_TMP_ECDH_CB doesnt_exist +#define SSL_CTRL_GET_SESSION_REUSED doesnt_exist +#define SSL_CTRL_GET_NUM_RENEGOTIATIONS doesnt_exist +#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS doesnt_exist +#define SSL_CTRL_SET_MSG_CALLBACK doesnt_exist +#define SSL_CTRL_SET_MSG_CALLBACK_ARG doesnt_exist +#define SSL_CTRL_SET_MTU doesnt_exist +#define SSL_CTRL_SESS_NUMBER doesnt_exist +#define SSL_CTRL_OPTIONS doesnt_exist +#define SSL_CTRL_MODE doesnt_exist +#define SSL_CTRL_GET_READ_AHEAD doesnt_exist +#define SSL_CTRL_SET_READ_AHEAD doesnt_exist +#define SSL_CTRL_SET_SESS_CACHE_SIZE doesnt_exist +#define SSL_CTRL_GET_SESS_CACHE_SIZE doesnt_exist +#define SSL_CTRL_SET_SESS_CACHE_MODE doesnt_exist +#define SSL_CTRL_GET_SESS_CACHE_MODE doesnt_exist +#define SSL_CTRL_GET_MAX_CERT_LIST doesnt_exist +#define SSL_CTRL_SET_MAX_CERT_LIST doesnt_exist +#define SSL_CTRL_SET_MAX_SEND_FRAGMENT doesnt_exist +#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB doesnt_exist +#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG doesnt_exist +#define SSL_CTRL_SET_TLSEXT_HOSTNAME doesnt_exist +#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB doesnt_exist +#define DTLS_CTRL_GET_TIMEOUT doesnt_exist +#define DTLS_CTRL_HANDLE_TIMEOUT doesnt_exist +#define SSL_CTRL_GET_RI_SUPPORT doesnt_exist +#define SSL_CTRL_CLEAR_OPTIONS doesnt_exist +#define SSL_CTRL_CLEAR_MODE doesnt_exist +#define SSL_CTRL_CHANNEL_ID doesnt_exist +#define SSL_CTRL_GET_CHANNEL_ID doesnt_exist +#define SSL_CTRL_SET_CHANNEL_ID doesnt_exist + +#define SSL_CTX_need_tmp_RSA SSL_CTX_need_tmp_RSA +#define SSL_need_tmp_RSA SSL_need_tmp_RSA +#define SSL_CTX_set_tmp_rsa SSL_CTX_set_tmp_rsa +#define SSL_set_tmp_rsa SSL_set_tmp_rsa +#define SSL_CTX_set_tmp_dh SSL_CTX_set_tmp_dh +#define SSL_set_tmp_dh SSL_set_tmp_dh +#define SSL_CTX_set_tmp_ecdh SSL_CTX_set_tmp_ecdh +#define SSL_set_tmp_ecdh SSL_set_tmp_ecdh +#define SSL_session_reused SSL_session_reused +#define SSL_num_renegotiations SSL_num_renegotiations +#define SSL_total_renegotiations SSL_total_renegotiations +#define SSL_CTX_set_msg_callback_arg SSL_CTX_set_msg_callback_arg +#define SSL_set_msg_callback_arg SSL_set_msg_callback_arg +#define SSL_set_mtu SSL_set_mtu +#define SSL_CTX_sess_number SSL_CTX_sess_number +#define SSL_CTX_get_options SSL_CTX_get_options +#define SSL_CTX_set_options SSL_CTX_set_options +#define SSL_get_options SSL_get_options +#define SSL_set_options SSL_set_options +#define SSL_CTX_get_mode SSL_CTX_get_mode +#define SSL_CTX_set_mode SSL_CTX_set_mode +#define SSL_get_mode SSL_get_mode +#define SSL_set_mode SSL_set_mode +#define SSL_CTX_get_read_ahead SSL_CTX_get_read_ahead +#define SSL_CTX_set_read_ahead SSL_CTX_set_read_ahead +#define SSL_CTX_sess_set_cache_size SSL_CTX_sess_set_cache_size +#define SSL_CTX_sess_get_cache_size SSL_CTX_sess_get_cache_size +#define SSL_CTX_set_session_cache_mode SSL_CTX_set_session_cache_mode +#define SSL_CTX_get_session_cache_mode SSL_CTX_get_session_cache_mode +#define SSL_CTX_get_max_cert_list SSL_CTX_get_max_cert_list +#define SSL_get_max_cert_list SSL_get_max_cert_list +#define SSL_CTX_set_max_cert_list SSL_CTX_set_max_cert_list +#define SSL_set_max_cert_list SSL_set_max_cert_list +#define SSL_CTX_set_max_send_fragment SSL_CTX_set_max_send_fragment +#define SSL_set_max_send_fragment SSL_set_max_send_fragment +#define SSL_CTX_set_tlsext_servername_callback \ + SSL_CTX_set_tlsext_servername_callback +#define SSL_CTX_set_tlsext_servername_arg SSL_CTX_set_tlsext_servername_arg +#define SSL_set_tlsext_host_name SSL_set_tlsext_host_name +#define SSL_CTX_set_tlsext_ticket_key_cb SSL_CTX_set_tlsext_ticket_key_cb +#define DTLSv1_get_timeout DTLSv1_get_timeout +#define DTLSv1_handle_timeout DTLSv1_handle_timeout +#define SSL_get_secure_renegotiation_support \ + SSL_get_secure_renegotiation_support +#define SSL_CTX_clear_options SSL_CTX_clear_options +#define SSL_clear_options SSL_clear_options +#define SSL_CTX_clear_mode SSL_CTX_clear_mode +#define SSL_clear_mode SSL_clear_mode +#define SSL_CTX_enable_tls_channel_id SSL_CTX_enable_tls_channel_id +#define SSL_enable_tls_channel_id SSL_enable_tls_channel_id +#define SSL_set1_tls_channel_id SSL_set1_tls_channel_id +#define SSL_CTX_set1_tls_channel_id SSL_CTX_set1_tls_channel_id +#define SSL_get_tls_channel_id SSL_get_tls_channel_id + + +#if defined(__cplusplus) +} /* extern C */ #endif + +/* Library consumers assume these headers are included by ssl.h, but they depend + * on ssl.h, so include them after all declarations. + * + * TODO(davidben): The separation between ssl.h and these version-specific + * headers introduces circular dependencies and is inconsistent. The function + * declarations should move to ssl.h. Many of the constants can probably be + * pruned or unexported. */ +#include +#include +#include /* This is mostly sslv3 with a few tweaks */ +#include +#include /* Support for the use_srtp extension */ + + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script make_errors.go. Any * changes made after this point may be overwritten when the script is next run. */ -#define SSL_F_SSL_use_PrivateKey_file 100 -#define SSL_F_dtls1_write_app_data_bytes 101 -#define SSL_F_ssl_cipher_process_rulestr 102 -#define SSL_F_SSL_set_session_id_context 103 -#define SSL_F_SSL_read 104 -#define SSL_F_ssl_cert_new 105 -#define SSL_F_dtls1_heartbeat 106 -#define SSL_F_ssl3_digest_cached_records 107 -#define SSL_F_SSL_set_wfd 108 -#define SSL_F_ssl_set_pkey 110 +#define SSL_F_SSL_CTX_check_private_key 100 +#define SSL_F_SSL_CTX_new 101 +#define SSL_F_SSL_CTX_set_cipher_list 102 +#define SSL_F_SSL_CTX_set_cipher_list_tls11 103 +#define SSL_F_SSL_CTX_set_session_id_context 104 +#define SSL_F_SSL_CTX_use_PrivateKey 105 +#define SSL_F_SSL_CTX_use_PrivateKey_ASN1 106 +#define SSL_F_SSL_CTX_use_PrivateKey_file 107 +#define SSL_F_SSL_CTX_use_RSAPrivateKey 108 +#define SSL_F_SSL_CTX_use_RSAPrivateKey_ASN1 109 +#define SSL_F_SSL_CTX_use_RSAPrivateKey_file 110 #define SSL_F_SSL_CTX_use_certificate 111 -#define SSL_F_dtls1_read_bytes 112 -#define SSL_F_ssl23_write 113 -#define SSL_F_ssl3_check_client_hello 114 -#define SSL_F_SSL_use_certificate_ASN1 115 -#define SSL_F_ssl_verify_cert_chain 116 -#define SSL_F_ssl_parse_serverhello_renegotiate_ext 117 -#define SSL_F_ssl_undefined_const_function 118 -#define SSL_F_ssl3_get_server_certificate 119 -#define SSL_F_tls1_get_server_supplemental_data 120 -#define SSL_F_dtls1_buffer_record 121 -#define SSL_F_ssl_prepare_clienthello_tlsext 122 -#define SSL_F_ssl3_get_server_hello 123 -#define SSL_F_ssl3_send_client_key_exchange 124 -#define SSL_F_ssl3_write_bytes 125 -#define SSL_F_SSL_use_RSAPrivateKey_file 126 -#define SSL_F_ssl_bad_method 127 -#define SSL_F_ssl3_connect 128 -#define SSL_F_dtls1_connect 129 -#define SSL_F_SSL_use_RSAPrivateKey 130 -#define SSL_F_tls1_prf 131 -#define SSL_F_ssl_bytes_to_cipher_list 132 -#define SSL_F_ssl3_do_change_cipher_spec 133 -#define SSL_F_SSL_SESSION_set1_id_context 134 -#define SSL_F_ssl_add_serverhello_tlsext 135 -#define SSL_F_read_authz 136 -#define SSL_F_ssl3_get_client_hello 137 -#define SSL_F_ssl3_get_certificate_request 138 -#define SSL_F_authz_find_data 139 -#define SSL_F_ssl_add_cert_to_buf 140 -#define SSL_F_ssl_add_serverhello_renegotiate_ext 141 -#define SSL_F_ssl3_get_message 142 -#define SSL_F_ssl_check_srvr_ecc_cert_and_alg 143 -#define SSL_F_ssl_parse_clienthello_tlsext 144 -#define SSL_F_SSL_add_file_cert_subjects_to_stack 145 -#define SSL_F_ssl3_ctx_ctrl 146 -#define SSL_F_ssl3_get_record 147 -#define SSL_F_SSL_CTX_use_RSAPrivateKey 148 -#define SSL_F_SSL_use_certificate_file 149 -#define SSL_F_SSL_load_client_CA_file 151 -#define SSL_F_dtls1_preprocess_fragment 152 -#define SSL_F_SSL_CTX_check_private_key 153 -#define SSL_F_ssl3_get_cert_status 154 -#define SSL_F_printf 155 -#define SSL_F_SSL_CTX_new 156 -#define SSL_F_ssl23_accept 157 -#define SSL_F_SSL_use_authz 158 -#define SSL_F_ssl_undefined_function 159 -#define SSL_F_dtls1_send_hello_verify_request 160 -#define SSL_F_ssl_build_cert_chain 161 -#define SSL_F_SSL_SESSION_print_fp 162 -#define SSL_F_tls1_change_cipher_state 163 -#define SSL_F_tls12_check_peer_sigalg 164 -#define SSL_F_ssl_sess_cert_new 165 -#define SSL_F_ssl3_read_bytes 166 -#define SSL_F_dtls1_get_hello_verify 167 -#define SSL_F_tls1_cert_verify_mac 168 -#define SSL_F_ssl23_client_hello 169 -#define SSL_F_SSL_shutdown 170 -#define SSL_F_ssl_init_wbio_buffer 171 -#define SSL_F_SSL_use_certificate 172 -#define SSL_F_SSL_CTX_use_RSAPrivateKey_ASN1 173 -#define SSL_F_ssl_set_authz 174 -#define SSL_F_ssl23_peek 175 -#define SSL_F_SSL_use_psk_identity_hint 176 -#define SSL_F_ssl3_get_cert_verify 177 -#define SSL_F_ssl_ctx_make_profiles 178 -#define SSL_F_ssl_add_clienthello_use_srtp_ext 179 -#define SSL_F_ssl3_get_client_key_exchange 180 -#define SSL_F_do_ssl3_write 181 -#define SSL_F_ssl3_handshake_mac 182 -#define SSL_F_tls1_setup_key_block 183 -#define SSL_F_SSL_set_fd 184 -#define SSL_F_SSL_check_private_key 185 -#define SSL_F_ssl3_send_cert_verify 186 -#define SSL_F_ssl3_write_pending 187 -#define SSL_F_ssl_cert_inst 188 -#define SSL_F_ssl3_change_cipher_state 189 -#define SSL_F_ssl23_get_server_hello 190 -#define SSL_F_SSL_write 191 -#define SSL_F_ssl_get_sign_pkey 192 -#define SSL_F_ssl_set_cert 193 -#define SSL_F_SSL_CTX_use_RSAPrivateKey_file 194 -#define SSL_F_SSL_CTX_use_authz 195 -#define SSL_F_ssl_get_new_session 196 -#define SSL_F_SSL_set_session_ticket_ext 197 -#define SSL_F_ssl_add_clienthello_renegotiate_ext 198 -#define SSL_F_ssl3_send_server_key_exchange 199 -#define SSL_F_fprintf 200 -#define SSL_F_ssl3_get_new_session_ticket 201 -#define SSL_F_SSL_CTX_use_certificate_ASN1 202 -#define SSL_F_ssl_add_cert_chain 203 -#define SSL_F_ssl_create_cipher_list 204 -#define SSL_F_ssl3_callback_ctrl 205 -#define SSL_F_SSL_CTX_set_cipher_list 206 -#define SSL_F_ssl3_send_certificate_request 207 -#define SSL_F_SSL_use_PrivateKey_ASN1 208 -#define SSL_F_SSL_CTX_use_certificate_chain_file 209 -#define SSL_F_SSL_SESSION_new 210 -#define SSL_F_check_suiteb_cipher_list 211 -#define SSL_F_ssl_scan_clienthello_tlsext 212 -#define SSL_F_ssl3_send_client_hello 213 -#define SSL_F_SSL_use_RSAPrivateKey_ASN1 214 -#define SSL_F_ssl3_ctrl 215 -#define SSL_F_ssl3_setup_write_buffer 216 -#define SSL_F_ssl_parse_serverhello_use_srtp_ext 217 -#define SSL_F_ssl3_get_server_key_exchange 218 -#define SSL_F_ssl3_send_server_hello 219 -#define SSL_F_SSL_add_dir_cert_subjects_to_stack 220 -#define SSL_F_ssl_check_serverhello_tlsext 221 -#define SSL_F_ssl3_get_server_done 222 -#define SSL_F_ssl3_check_cert_and_algorithm 223 -#define SSL_F_do_dtls1_write 224 -#define SSL_F_dtls1_check_timeout_num 225 -#define SSL_F_tls1_export_keying_material 226 -#define SSL_F_SSL_CTX_set_session_id_context 227 -#define SSL_F_SSL_set_rfd 228 -#define SSL_F_ssl3_send_client_certificate 229 -#define SSL_F_ssl_cert_dup 230 -#define SSL_F_dtls1_process_record 231 -#define SSL_F_ssl_new 232 -#define SSL_F_ssl_get_server_cert_index 233 -#define SSL_F_tls1_send_server_supplemental_data 234 -#define SSL_F_D2I_SSL_SESSION 235 -#define SSL_F_ssl_cipher_strength_sort 236 -#define SSL_F_dtls1_get_message 237 -#define SSL_F_ssl23_connect 238 -#define SSL_F_tls1_heartbeat 239 -#define SSL_F_ssl3_read_n 240 -#define SSL_F_ssl_get_prev_session 241 -#define SSL_F_ssl_parse_clienthello_renegotiate_ext 242 -#define SSL_F_ssl3_setup_read_buffer 243 -#define SSL_F_SSL_CTX_set_ssl_version 244 -#define SSL_F_SSL_peek 245 -#define SSL_F_ssl3_send_server_certificate 246 -#define SSL_F_SSL_do_handshake 247 -#define SSL_F_ssl_undefined_void_function 248 -#define SSL_F_ssl_add_serverhello_use_srtp_ext 249 -#define SSL_F_fclose 250 -#define SSL_F_SSL_use_PrivateKey 251 -#define SSL_F_SSL_CTX_use_certificate_file 252 -#define SSL_F_SSL_CTX_use_PrivateKey 253 -#define SSL_F_SSL_set_session 254 -#define SSL_F_SSL_CTX_use_psk_identity_hint 255 -#define SSL_F_ssl_scan_serverhello_tlsext 256 -#define SSL_F_ssl23_read 257 -#define SSL_F_ssl_parse_clienthello_use_srtp_ext 258 -#define SSL_F_ssl3_accept 259 -#define SSL_F_ssl3_get_client_certificate 260 -#define SSL_F_SSL_CTX_use_PrivateKey_ASN1 261 -#define SSL_F_dtls1_get_message_fragment 262 -#define SSL_F_SSL_clear 263 -#define SSL_F_dtls1_accept 264 -#define SSL_F_ssl3_get_next_proto 265 -#define SSL_F_SSL_set_cipher_list 266 -#define SSL_F_ssl_add_clienthello_tlsext 267 -#define SSL_F_ssl23_get_client_hello 268 -#define SSL_F_SSL_CTX_use_PrivateKey_file 269 -#define SSL_F_ssl3_get_finished 270 -#define SSL_F_ssl3_generate_key_block 271 -#define SSL_F_ssl3_setup_key_block 272 -#define SSL_F_SSL_new 273 -#define SSL_F_ssl_parse_serverhello_tlsext 274 -#define SSL_F_ssl3_get_channel_id 275 -#define SSL_F_ssl3_send_channel_id 276 -#define SSL_F_SSL_CTX_set_cipher_list_tls11 277 -#define SSL_F_tls1_change_cipher_state_cipher 278 -#define SSL_F_tls1_change_cipher_state_aead 279 -#define SSL_F_tls1_aead_ctx_init 280 -#define SSL_F_tls1_check_duplicate_extensions 281 -#define SSL_F_ssl3_expect_change_cipher_spec 282 -#define SSL_F_ssl23_get_v2_client_hello 283 -#define SSL_F_ssl3_cert_verify_hash 284 -#define SSL_F_ssl_ctx_log_rsa_client_key_exchange 285 -#define SSL_F_ssl_ctx_log_master_secret 286 -#define SSL_F_d2i_SSL_SESSION 287 -#define SSL_F_i2d_SSL_SESSION 288 -#define SSL_F_d2i_SSL_SESSION_get_octet_string 289 -#define SSL_F_d2i_SSL_SESSION_get_string 290 -#define SSL_F_ssl3_send_new_session_ticket 291 -#define SSL_F_SSL_SESSION_to_bytes_full 292 -#define SSL_F_SSL_accept 293 -#define SSL_F_SSL_connect 294 -#define SSL_F_ssl3_get_v2_client_hello 295 -#define SSL_F_ssl3_get_initial_bytes 296 -#define SSL_F_tls1_enc 297 -#define SSL_F_ssl3_prf 298 -#define SSL_F_dtls1_do_write 299 -#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 100 -#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 101 -#define SSL_R_INVALID_NULL_CMD_NAME 102 -#define SSL_R_BAD_RSA_DECRYPT 103 -#define SSL_R_NO_SHARED_CIPHER 104 -#define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH 105 -#define SSL_R_SSL_HANDSHAKE_FAILURE 106 -#define SSL_R_INVALID_TICKET_KEYS_LENGTH 107 -#define SSL_R_PEER_ERROR 108 -#define SSL_R_ECC_CERT_NOT_FOR_SIGNING 109 -#define SSL_R_INCONSISTENT_COMPRESSION 110 +#define SSL_F_SSL_CTX_use_certificate_ASN1 112 +#define SSL_F_SSL_CTX_use_certificate_chain_file 113 +#define SSL_F_SSL_CTX_use_certificate_file 114 +#define SSL_F_SSL_CTX_use_psk_identity_hint 115 +#define SSL_F_SSL_SESSION_new 116 +#define SSL_F_SSL_SESSION_print_fp 117 +#define SSL_F_SSL_SESSION_set1_id_context 118 +#define SSL_F_SSL_SESSION_to_bytes_full 119 +#define SSL_F_SSL_accept 120 +#define SSL_F_SSL_add_dir_cert_subjects_to_stack 121 +#define SSL_F_SSL_add_file_cert_subjects_to_stack 122 +#define SSL_F_SSL_check_private_key 123 +#define SSL_F_SSL_clear 124 +#define SSL_F_SSL_connect 125 +#define SSL_F_SSL_do_handshake 126 +#define SSL_F_SSL_load_client_CA_file 127 +#define SSL_F_SSL_new 128 +#define SSL_F_SSL_peek 129 +#define SSL_F_SSL_read 130 +#define SSL_F_SSL_renegotiate 131 +#define SSL_F_SSL_set_cipher_list 132 +#define SSL_F_SSL_set_fd 133 +#define SSL_F_SSL_set_rfd 134 +#define SSL_F_SSL_set_session_id_context 135 +#define SSL_F_SSL_set_wfd 136 +#define SSL_F_SSL_shutdown 137 +#define SSL_F_SSL_use_PrivateKey 138 +#define SSL_F_SSL_use_PrivateKey_ASN1 139 +#define SSL_F_SSL_use_PrivateKey_file 140 +#define SSL_F_SSL_use_RSAPrivateKey 141 +#define SSL_F_SSL_use_RSAPrivateKey_ASN1 142 +#define SSL_F_SSL_use_RSAPrivateKey_file 143 +#define SSL_F_SSL_use_certificate 144 +#define SSL_F_SSL_use_certificate_ASN1 145 +#define SSL_F_SSL_use_certificate_file 146 +#define SSL_F_SSL_use_psk_identity_hint 147 +#define SSL_F_SSL_write 148 +#define SSL_F_d2i_SSL_SESSION 149 +#define SSL_F_d2i_SSL_SESSION_get_octet_string 150 +#define SSL_F_d2i_SSL_SESSION_get_string 151 +#define SSL_F_do_ssl3_write 152 +#define SSL_F_dtls1_accept 153 +#define SSL_F_dtls1_buffer_record 154 +#define SSL_F_dtls1_check_timeout_num 155 +#define SSL_F_dtls1_connect 156 +#define SSL_F_dtls1_do_write 157 +#define SSL_F_dtls1_get_hello_verify 158 +#define SSL_F_dtls1_get_message 159 +#define SSL_F_dtls1_get_message_fragment 160 +#define SSL_F_dtls1_preprocess_fragment 161 +#define SSL_F_dtls1_process_record 162 +#define SSL_F_dtls1_read_bytes 163 +#define SSL_F_dtls1_send_hello_verify_request 164 +#define SSL_F_dtls1_write_app_data_bytes 165 +#define SSL_F_i2d_SSL_SESSION 166 +#define SSL_F_ssl3_accept 167 +#define SSL_F_ssl3_cert_verify_hash 169 +#define SSL_F_ssl3_check_cert_and_algorithm 170 +#define SSL_F_ssl3_connect 171 +#define SSL_F_ssl3_ctrl 172 +#define SSL_F_ssl3_ctx_ctrl 173 +#define SSL_F_ssl3_digest_cached_records 174 +#define SSL_F_ssl3_do_change_cipher_spec 175 +#define SSL_F_ssl3_expect_change_cipher_spec 176 +#define SSL_F_ssl3_get_cert_status 177 +#define SSL_F_ssl3_get_cert_verify 178 +#define SSL_F_ssl3_get_certificate_request 179 +#define SSL_F_ssl3_get_channel_id 180 +#define SSL_F_ssl3_get_client_certificate 181 +#define SSL_F_ssl3_get_client_hello 182 +#define SSL_F_ssl3_get_client_key_exchange 183 +#define SSL_F_ssl3_get_finished 184 +#define SSL_F_ssl3_get_initial_bytes 185 +#define SSL_F_ssl3_get_message 186 +#define SSL_F_ssl3_get_new_session_ticket 187 +#define SSL_F_ssl3_get_next_proto 188 +#define SSL_F_ssl3_get_record 189 +#define SSL_F_ssl3_get_server_certificate 190 +#define SSL_F_ssl3_get_server_done 191 +#define SSL_F_ssl3_get_server_hello 192 +#define SSL_F_ssl3_get_server_key_exchange 193 +#define SSL_F_ssl3_get_v2_client_hello 194 +#define SSL_F_ssl3_handshake_mac 195 +#define SSL_F_ssl3_prf 196 +#define SSL_F_ssl3_read_bytes 197 +#define SSL_F_ssl3_read_n 198 +#define SSL_F_ssl3_send_cert_verify 199 +#define SSL_F_ssl3_send_certificate_request 200 +#define SSL_F_ssl3_send_channel_id 201 +#define SSL_F_ssl3_send_client_certificate 202 +#define SSL_F_ssl3_send_client_hello 203 +#define SSL_F_ssl3_send_client_key_exchange 204 +#define SSL_F_ssl3_send_server_certificate 205 +#define SSL_F_ssl3_send_server_hello 206 +#define SSL_F_ssl3_send_server_key_exchange 207 +#define SSL_F_ssl3_setup_read_buffer 208 +#define SSL_F_ssl3_setup_write_buffer 209 +#define SSL_F_ssl3_write_bytes 210 +#define SSL_F_ssl3_write_pending 211 +#define SSL_F_ssl_add_cert_chain 212 +#define SSL_F_ssl_add_cert_to_buf 213 +#define SSL_F_ssl_add_clienthello_renegotiate_ext 214 +#define SSL_F_ssl_add_clienthello_tlsext 215 +#define SSL_F_ssl_add_clienthello_use_srtp_ext 216 +#define SSL_F_ssl_add_serverhello_renegotiate_ext 217 +#define SSL_F_ssl_add_serverhello_tlsext 218 +#define SSL_F_ssl_add_serverhello_use_srtp_ext 219 +#define SSL_F_ssl_build_cert_chain 220 +#define SSL_F_ssl_bytes_to_cipher_list 221 +#define SSL_F_ssl_cert_dup 222 +#define SSL_F_ssl_cert_inst 223 +#define SSL_F_ssl_cert_new 224 +#define SSL_F_ssl_check_serverhello_tlsext 225 +#define SSL_F_ssl_check_srvr_ecc_cert_and_alg 226 +#define SSL_F_ssl_cipher_process_rulestr 227 +#define SSL_F_ssl_cipher_strength_sort 228 +#define SSL_F_ssl_create_cipher_list 229 +#define SSL_F_ssl_ctx_log_master_secret 230 +#define SSL_F_ssl_ctx_log_rsa_client_key_exchange 231 +#define SSL_F_ssl_ctx_make_profiles 232 +#define SSL_F_ssl_get_new_session 233 +#define SSL_F_ssl_get_prev_session 234 +#define SSL_F_ssl_get_server_cert_index 235 +#define SSL_F_ssl_get_sign_pkey 236 +#define SSL_F_ssl_init_wbio_buffer 237 +#define SSL_F_ssl_parse_clienthello_renegotiate_ext 238 +#define SSL_F_ssl_parse_clienthello_tlsext 239 +#define SSL_F_ssl_parse_clienthello_use_srtp_ext 240 +#define SSL_F_ssl_parse_serverhello_renegotiate_ext 241 +#define SSL_F_ssl_parse_serverhello_tlsext 242 +#define SSL_F_ssl_parse_serverhello_use_srtp_ext 243 +#define SSL_F_ssl_scan_clienthello_tlsext 244 +#define SSL_F_ssl_scan_serverhello_tlsext 245 +#define SSL_F_ssl_sess_cert_new 246 +#define SSL_F_ssl_set_cert 247 +#define SSL_F_ssl_set_pkey 248 +#define SSL_F_ssl_verify_cert_chain 252 +#define SSL_F_tls12_check_peer_sigalg 253 +#define SSL_F_tls1_aead_ctx_init 254 +#define SSL_F_tls1_cert_verify_mac 255 +#define SSL_F_tls1_change_cipher_state 256 +#define SSL_F_tls1_change_cipher_state_aead 257 +#define SSL_F_tls1_check_duplicate_extensions 258 +#define SSL_F_tls1_enc 259 +#define SSL_F_tls1_export_keying_material 260 +#define SSL_F_tls1_prf 261 +#define SSL_F_tls1_setup_key_block 262 +#define SSL_F_dtls1_get_buffered_message 263 +#define SSL_F_dtls1_process_fragment 264 +#define SSL_F_dtls1_hm_fragment_new 265 +#define SSL_F_ssl3_seal_record 266 +#define SSL_F_ssl3_record_sequence_update 267 +#define SSL_F_SSL_CTX_set_tmp_dh 268 +#define SSL_F_SSL_CTX_set_tmp_ecdh 269 +#define SSL_F_SSL_set_tmp_dh 270 +#define SSL_F_SSL_set_tmp_ecdh 271 +#define SSL_F_SSL_CTX_set1_tls_channel_id 272 +#define SSL_F_SSL_set1_tls_channel_id 273 +#define SSL_F_SSL_set_tlsext_host_name 274 +#define SSL_F_ssl3_output_cert_chain 275 +#define SSL_R_APP_DATA_IN_HANDSHAKE 100 +#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 101 +#define SSL_R_BAD_ALERT 102 +#define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 +#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 104 +#define SSL_R_BAD_DH_P_LENGTH 105 +#define SSL_R_BAD_DIGEST_LENGTH 106 +#define SSL_R_BAD_ECC_CERT 107 +#define SSL_R_BAD_ECPOINT 108 +#define SSL_R_BAD_HANDSHAKE_LENGTH 109 +#define SSL_R_BAD_HANDSHAKE_RECORD 110 #define SSL_R_BAD_HELLO_REQUEST 111 -#define SSL_R_NULL_SSL_METHOD_PASSED 112 -#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 113 -#define SSL_R_BAD_ECDSA_SIGNATURE 114 -#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 115 -#define SSL_R_BAD_DH_PUB_KEY_LENGTH 116 -#define SSL_R_COMPRESSED_LENGTH_TOO_LONG 117 -#define SSL_R_APP_DATA_IN_HANDSHAKE 118 -#define SSL_R_NO_PEM_EXTENSIONS 119 -#define SSL_R_BAD_SRP_B_LENGTH 120 -#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 121 -#define SSL_R_UNABLE_TO_DECODE_DH_CERTS 122 -#define SSL_R_MISSING_SRP_PARAM 123 -#define SSL_R_MISSING_RSA_SIGNING_CERT 124 -#define SSL_R_MISSING_DSA_SIGNING_CERT 125 -#define SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE 126 -#define SSL_R_UNEXPECTED_RECORD 127 -#define SSL_R_BAD_DIGEST_LENGTH 128 -#define SSL_R_READ_TIMEOUT_EXPIRED 129 -#define SSL_R_KRB5_C_GET_CRED 130 -#define SSL_R_NULL_SSL_CTX 131 -#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 134 -#define SSL_R_SSL3_SESSION_ID_TOO_LONG 135 -#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 136 -#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 137 -#define SSL_R_COOKIE_MISMATCH 139 -#define SSL_R_UNINITIALIZED 140 -#define SSL_R_BAD_CHANGE_CIPHER_SPEC 141 -#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 142 -#define SSL_R_BAD_SRP_G_LENGTH 143 -#define SSL_R_NO_CERTIFICATE_ASSIGNED 144 -#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 145 -#define SSL_R_PEM_NAME_TOO_SHORT 146 -#define SSL_R_PROTOCOL_IS_SHUTDOWN 148 -#define SSL_R_UNABLE_TO_FIND_SSL_METHOD 149 -#define SSL_R_WRONG_MESSAGE_TYPE 150 -#define SSL_R_BAD_RSA_MODULUS_LENGTH 151 -#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 152 -#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 153 -#define SSL_R_NO_CLIENT_CERT_RECEIVED 154 -#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 155 -#define SSL_R_CERT_LENGTH_MISMATCH 156 -#define SSL_R_MISSING_EXPORT_TMP_DH_KEY 157 -#define SSL_R_DUPLICATE_COMPRESSION_ID 158 -#define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT 159 -#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 160 -#define SSL_R_DATA_LENGTH_TOO_LONG 161 -#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 162 -#define SSL_R_WRONG_SIGNATURE_LENGTH 163 -#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 164 -#define SSL_R_WRONG_VERSION_NUMBER 165 -#define SSL_R_RECORD_TOO_LARGE 166 -#define SSL_R_BIO_NOT_SET 167 -#define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 168 -#define SSL_R_UNKNOWN_PKEY_TYPE 170 -#define SSL_R_CIPHER_CODE_WRONG_LENGTH 171 -#define SSL_R_SSL_SESSION_ID_CONFLICT 172 -#define SSL_R_INVALID_COMMAND 173 -#define SSL_R_NO_PROTOCOLS_AVAILABLE 174 -#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 175 -#define SSL_R_LIBRARY_BUG 176 -#define SSL_R_UNSUPPORTED_CIPHER 177 -#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 178 -#define SSL_R_WRONG_SIGNATURE_TYPE 179 -#define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 180 -#define SSL_R_PSK_NO_SERVER_CB 181 -#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 182 -#define SSL_R_INVALID_TRUST 183 -#define SSL_R_PARSE_TLSEXT 184 -#define SSL_R_NO_SRTP_PROFILES 185 -#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 186 -#define SSL_R_UNKNOWN_STATE 187 -#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 188 -#define SSL_R_WRONG_CIPHER_RETURNED 189 -#define SSL_R_BAD_DH_G_LENGTH 190 -#define SSL_R_BAD_ALERT_RECORD 191 -#define SSL_R_CIPHER_TABLE_SRC_ERROR 192 -#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 194 -#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 195 -#define SSL_R_MESSAGE_TOO_LONG 196 -#define SSL_R_BAD_RSA_SIGNATURE 197 -#define SSL_R_X509_LIB 198 -#define SSL_R_BAD_SRP_N_LENGTH 199 -#define SSL_R_BAD_SSL_SESSION_ID_LENGTH 200 -#define SSL_R_UNKNOWN_CIPHER_TYPE 201 -#define SSL_R_BAD_DH_P_LENGTH 202 -#define SSL_R_MISSING_DH_RSA_CERT 203 -#define SSL_R_NO_METHOD_SPECIFIED 204 -#define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 205 -#define SSL_R_MULTIPLE_SGC_RESTARTS 206 -#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 207 -#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 208 -#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 209 -#define SSL_R_BAD_SRP_S_LENGTH 210 -#define SSL_R_MISSING_TMP_RSA_KEY 211 -#define SSL_R_PSK_NO_CLIENT_CB 212 -#define SSL_R_PEM_NAME_BAD_PREFIX 213 -#define SSL_R_BAD_CHECKSUM 214 -#define SSL_R_NO_CIPHER_MATCH 216 -#define SSL_R_MISSING_TMP_DH_KEY 217 -#define SSL_R_UNSUPPORTED_STATUS_TYPE 218 -#define SSL_R_UNKNOWN_AUTHZ_DATA_TYPE 219 -#define SSL_R_CONNECTION_TYPE_NOT_SET 220 -#define SSL_R_MISSING_DH_KEY 221 -#define SSL_R_CHANNEL_ID_NOT_P256 222 -#define SSL_R_UNKNOWN_SUPPLEMENTAL_DATA_TYPE 223 -#define SSL_R_UNKNOWN_PROTOCOL 224 -#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 225 -#define SSL_R_KRB5_S_TKT_SKEW 226 -#define SSL_R_PUBLIC_KEY_NOT_RSA 227 -#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 228 -#define SSL_R_GOST_NOT_SUPPORTED 229 -#define SSL_R_KRB5_C_CC_PRINC 230 -#define SSL_R_INVALID_PURPOSE 234 -#define SSL_R_KRB5_C_MK_REQ 235 -#define SSL_R_BAD_SRTP_MKI_VALUE 237 -#define SSL_R_EVP_DIGESTSIGNINIT_FAILED 238 -#define SSL_R_DIGEST_CHECK_FAILED 239 -#define SSL_R_BAD_SRP_A_LENGTH 240 -#define SSL_R_SERVERHELLO_TLSEXT 241 -#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 242 -#define SSL_R_NO_CIPHERS_AVAILABLE 243 -#define SSL_R_COMPRESSION_FAILURE 244 -#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 245 -#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 246 -#define SSL_R_BAD_RSA_ENCRYPT 247 -#define SSL_R_EXCESSIVE_MESSAGE_SIZE 248 -#define SSL_R_INVALID_COMPRESSION_ALGORITHM 249 -#define SSL_R_SHORT_READ 250 -#define SSL_R_CA_DN_LENGTH_MISMATCH 252 -#define SSL_R_BAD_ECC_CERT 253 -#define SSL_R_NON_SSLV2_INITIAL_PACKET 254 -#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 255 -#define SSL_R_MISSING_TMP_RSA_PKEY 256 -#define SSL_R_BN_LIB 257 -#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 258 -#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 259 -#define SSL_R_NO_RENEGOTIATION 260 -#define SSL_R_NO_COMPRESSION_SPECIFIED 261 +#define SSL_R_BAD_LENGTH 112 +#define SSL_R_BAD_PACKET_LENGTH 113 +#define SSL_R_BAD_RSA_ENCRYPT 114 +#define SSL_R_BAD_SIGNATURE 115 +#define SSL_R_BAD_SRTP_MKI_VALUE 116 +#define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 117 +#define SSL_R_BAD_SSL_FILETYPE 118 +#define SSL_R_BAD_WRITE_RETRY 119 +#define SSL_R_BIO_NOT_SET 120 +#define SSL_R_BN_LIB 121 +#define SSL_R_CANNOT_SERIALIZE_PUBLIC_KEY 122 +#define SSL_R_CA_DN_LENGTH_MISMATCH 123 +#define SSL_R_CA_DN_TOO_LONG 124 +#define SSL_R_CCS_RECEIVED_EARLY 125 +#define SSL_R_CERTIFICATE_VERIFY_FAILED 126 +#define SSL_R_CERT_CB_ERROR 127 +#define SSL_R_CERT_LENGTH_MISMATCH 128 +#define SSL_R_CHANNEL_ID_NOT_P256 129 +#define SSL_R_CHANNEL_ID_SIGNATURE_INVALID 130 +#define SSL_R_CIPHER_CODE_WRONG_LENGTH 131 +#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 132 +#define SSL_R_CLIENTHELLO_PARSE_FAILED 133 +#define SSL_R_CLIENTHELLO_TLSEXT 134 +#define SSL_R_CONNECTION_REJECTED 135 +#define SSL_R_CONNECTION_TYPE_NOT_SET 136 +#define SSL_R_COOKIE_MISMATCH 137 +#define SSL_R_D2I_ECDSA_SIG 138 +#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 139 +#define SSL_R_DATA_LENGTH_TOO_LONG 140 +#define SSL_R_DECODE_ERROR 141 +#define SSL_R_DECRYPTION_FAILED 142 +#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 143 +#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 144 +#define SSL_R_DIGEST_CHECK_FAILED 145 +#define SSL_R_DTLS_MESSAGE_TOO_BIG 146 +#define SSL_R_ECC_CERT_NOT_FOR_SIGNING 147 +#define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 148 +#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 149 +#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 150 +#define SSL_R_EVP_DIGESTSIGNFINAL_FAILED 151 +#define SSL_R_EVP_DIGESTSIGNINIT_FAILED 152 +#define SSL_R_EXCESSIVE_MESSAGE_SIZE 153 +#define SSL_R_EXTRA_DATA_IN_MESSAGE 154 +#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 155 +#define SSL_R_GOT_CHANNEL_ID_BEFORE_A_CCS 156 +#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 157 +#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 158 +#define SSL_R_HANDSHAKE_FAILURE_ON_CLIENT_HELLO 159 +#define SSL_R_HANDSHAKE_RECORD_BEFORE_CCS 160 +#define SSL_R_HTTPS_PROXY_REQUEST 161 +#define SSL_R_HTTP_REQUEST 162 +#define SSL_R_INAPPROPRIATE_FALLBACK 163 +#define SSL_R_INVALID_COMMAND 164 +#define SSL_R_INVALID_MESSAGE 165 +#define SSL_R_INVALID_SSL_SESSION 166 +#define SSL_R_INVALID_TICKET_KEYS_LENGTH 167 +#define SSL_R_LENGTH_MISMATCH 168 +#define SSL_R_LIBRARY_HAS_NO_CIPHERS 169 +#define SSL_R_MISSING_DH_KEY 170 +#define SSL_R_MISSING_ECDSA_SIGNING_CERT 171 +#define SSL_R_MISSING_RSA_CERTIFICATE 172 +#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 173 +#define SSL_R_MISSING_RSA_SIGNING_CERT 174 +#define SSL_R_MISSING_TMP_DH_KEY 175 +#define SSL_R_MISSING_TMP_ECDH_KEY 176 +#define SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS 177 +#define SSL_R_MTU_TOO_SMALL 178 +#define SSL_R_NESTED_GROUP 179 +#define SSL_R_NO_CERTIFICATES_RETURNED 180 +#define SSL_R_NO_CERTIFICATE_ASSIGNED 181 +#define SSL_R_NO_CERTIFICATE_SET 182 +#define SSL_R_NO_CIPHERS_AVAILABLE 183 +#define SSL_R_NO_CIPHERS_PASSED 184 +#define SSL_R_NO_CIPHERS_SPECIFIED 185 +#define SSL_R_NO_CIPHER_MATCH 186 +#define SSL_R_NO_COMPRESSION_SPECIFIED 187 +#define SSL_R_NO_METHOD_SPECIFIED 188 +#define SSL_R_NO_P256_SUPPORT 189 +#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 +#define SSL_R_NO_RENEGOTIATION 191 +#define SSL_R_NO_REQUIRED_DIGEST 192 +#define SSL_R_NO_SHARED_CIPHER 193 +#define SSL_R_NO_SHARED_SIGATURE_ALGORITHMS 194 +#define SSL_R_NO_SRTP_PROFILES 195 +#define SSL_R_NULL_SSL_CTX 196 +#define SSL_R_NULL_SSL_METHOD_PASSED 197 +#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 198 +#define SSL_R_PACKET_LENGTH_TOO_LONG 199 +#define SSL_R_PARSE_TLSEXT 200 +#define SSL_R_PATH_TOO_LONG 201 +#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 202 +#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 203 +#define SSL_R_PROTOCOL_IS_SHUTDOWN 204 +#define SSL_R_PSK_IDENTITY_NOT_FOUND 205 +#define SSL_R_PSK_NO_CLIENT_CB 206 +#define SSL_R_PSK_NO_SERVER_CB 207 +#define SSL_R_READ_BIO_NOT_SET 208 +#define SSL_R_READ_TIMEOUT_EXPIRED 209 +#define SSL_R_RECORD_LENGTH_MISMATCH 210 +#define SSL_R_RECORD_TOO_LARGE 211 +#define SSL_R_RENEGOTIATE_EXT_TOO_LONG 212 +#define SSL_R_RENEGOTIATION_ENCODING_ERR 213 +#define SSL_R_RENEGOTIATION_MISMATCH 214 +#define SSL_R_REQUIRED_CIPHER_MISSING 215 +#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 216 +#define SSL_R_SERVERHELLO_TLSEXT 217 +#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 218 +#define SSL_R_SESSION_MAY_NOT_BE_CREATED 219 +#define SSL_R_SIGNATURE_ALGORITHMS_ERROR 220 +#define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 221 +#define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 222 +#define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 223 +#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 224 +#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 225 +#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 226 +#define SSL_R_SSL_HANDSHAKE_FAILURE 227 +#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 228 +#define SSL_R_SSL_SESSION_ID_CONFLICT 229 +#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 230 +#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 231 +#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 +#define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 233 +#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 234 +#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 235 +#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 236 +#define SSL_R_TOO_MANY_EMPTY_FRAGMENTS 237 +#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 238 +#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 +#define SSL_R_UNEXPECTED_GROUP_CLOSE 240 +#define SSL_R_UNEXPECTED_MESSAGE 241 +#define SSL_R_UNEXPECTED_OPERATOR_IN_GROUP 242 +#define SSL_R_UNEXPECTED_RECORD 243 +#define SSL_R_UNINITIALIZED 244 +#define SSL_R_UNKNOWN_ALERT_TYPE 245 +#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 246 +#define SSL_R_UNKNOWN_CIPHER_RETURNED 247 +#define SSL_R_UNKNOWN_CIPHER_TYPE 248 +#define SSL_R_UNKNOWN_DIGEST 249 +#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 +#define SSL_R_UNKNOWN_PROTOCOL 251 +#define SSL_R_UNKNOWN_SSL_VERSION 252 +#define SSL_R_UNKNOWN_STATE 253 +#define SSL_R_UNPROCESSED_HANDSHAKE_DATA 254 +#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 255 +#define SSL_R_UNSUPPORTED_CIPHER 256 +#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 +#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 258 +#define SSL_R_UNSUPPORTED_PROTOCOL 259 +#define SSL_R_UNSUPPORTED_SSL_VERSION 260 +#define SSL_R_USE_SRTP_NOT_NEGOTIATED 261 #define SSL_R_WRONG_CERTIFICATE_TYPE 262 -#define SSL_R_CHANNEL_ID_SIGNATURE_INVALID 264 -#define SSL_R_READ_BIO_NOT_SET 265 -#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 266 -#define SSL_R_RENEGOTIATE_EXT_TOO_LONG 267 -#define SSL_R_INVALID_CHALLENGE_LENGTH 268 -#define SSL_R_LIBRARY_HAS_NO_CIPHERS 270 -#define SSL_R_WRONG_CURVE 271 -#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 272 -#define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT 275 -#define SSL_R_MISSING_RSA_CERTIFICATE 276 -#define SSL_R_NO_P256_SUPPORT 277 -#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 278 -#define SSL_R_INVALID_SERVERINFO_DATA 279 -#define SSL_R_GOT_CHANNEL_ID_BEFORE_A_CCS 280 -#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 281 -#define SSL_R_KRB5_S_BAD_TICKET 282 -#define SSL_R_EVP_DIGESTSIGNFINAL_FAILED 283 -#define SSL_R_PACKET_LENGTH_TOO_LONG 284 -#define SSL_R_BAD_STATE 285 -#define SSL_R_USE_SRTP_NOT_NEGOTIATED 286 -#define SSL_R_BAD_RSA_E_LENGTH 287 -#define SSL_R_ILLEGAL_PADDING 288 -#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 289 -#define SSL_R_BAD_VALUE 290 -#define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 291 -#define SSL_R_COMPRESSION_DISABLED 292 -#define SSL_R_BAD_DECOMPRESSION 293 -#define SSL_R_CHALLENGE_IS_DIFFERENT 294 -#define SSL_R_NO_CLIENT_CERT_METHOD 295 -#define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 296 -#define SSL_R_INVALID_MESSAGE 297 -#define SSL_R_HTTPS_PROXY_REQUEST 298 -#define SSL_R_AUTHZ_DATA_TOO_LARGE 299 -#define SSL_R_KRB5_S_TKT_EXPIRED 300 -#define SSL_R_NO_CERTIFICATE_SPECIFIED 301 -#define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 302 -#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 303 -#define SSL_R_INVALID_STATUS_RESPONSE 304 -#define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 305 -#define SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE 306 -#define SSL_R_MISSING_TMP_ECDH_KEY 307 -#define SSL_R_CERTIFICATE_VERIFY_FAILED 308 -#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 309 -#define SSL_R_RENEGOTIATION_ENCODING_ERR 310 -#define SSL_R_NO_PRIVATEKEY 311 -#define SSL_R_READ_WRONG_PACKET_TYPE 313 -#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 314 -#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 315 -#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 316 -#define SSL_R_HTTP_REQUEST 317 -#define SSL_R_KRB5_S_INIT 318 -#define SSL_R_RECORD_LENGTH_MISMATCH 320 -#define SSL_R_BAD_LENGTH 321 -#define SSL_R_NO_REQUIRED_DIGEST 322 -#define SSL_R_KRB5 323 -#define SSL_R_CCS_RECEIVED_EARLY 325 -#define SSL_R_MISSING_ECDSA_SIGNING_CERT 326 -#define SSL_R_D2I_ECDSA_SIG 327 -#define SSL_R_PATH_TOO_LONG 328 -#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 329 -#define SSL_R_UNSUPPORTED_DIGEST_TYPE 330 -#define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 331 -#define SSL_R_PEER_ERROR_CERTIFICATE 332 -#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 333 -#define SSL_R_NO_CERTIFICATE_SET 334 -#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 335 -#define SSL_R_NO_CERTIFICATES_RETURNED 337 -#define SSL_R_BAD_WRITE_RETRY 338 -#define SSL_R_BAD_SSL_FILETYPE 339 -#define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 340 -#define SSL_R_NO_CIPHERS_SPECIFIED 341 -#define SSL_R_LENGTH_MISMATCH 342 -#define SSL_R_NO_CIPHERS_PASSED 343 -#define SSL_R_NO_VERIFY_CALLBACK 344 -#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 345 -#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 347 -#define SSL_R_UNEXPECTED_MESSAGE 348 -#define SSL_R_MISSING_DH_DSA_CERT 349 -#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 350 -#define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG 351 -#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 352 -#define SSL_R_ILLEGAL_SUITEB_DIGEST 353 -#define SSL_R_NO_SHARED_SIGATURE_ALGORITHMS 354 -#define SSL_R_CLIENTHELLO_TLSEXT 355 -#define SSL_R_INVALID_AUTHZ_DATA 356 -#define SSL_R_BAD_RESPONSE_ARGUMENT 357 -#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 358 -#define SSL_R_REQUIRED_CIPHER_MISSING 359 -#define SSL_R_INVALID_AUDIT_PROOF 360 -#define SSL_R_PSK_IDENTITY_NOT_FOUND 361 -#define SSL_R_UNKNOWN_ALERT_TYPE 362 -#define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 363 -#define SSL_R_BAD_AUTHENTICATION_TYPE 365 -#define SSL_R_DECRYPTION_FAILED 366 -#define SSL_R_WRONG_SSL_VERSION 367 -#define SSL_R_NO_CERTIFICATE_RETURNED 368 -#define SSL_R_CA_DN_TOO_LONG 370 -#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 371 -#define SSL_R_COMPRESSION_LIBRARY_ERROR 372 -#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 374 -#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 375 -#define SSL_R_BAD_ECPOINT 376 -#define SSL_R_BAD_HANDSHAKE_LENGTH 377 -#define SSL_R_KRB5_S_RD_REQ 380 -#define SSL_R_PEER_ERROR_NO_CERTIFICATE 381 -#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 382 -#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 383 -#define SSL_R_UNKNOWN_DIGEST 384 -#define SSL_R_WRONG_SIGNATURE_SIZE 385 -#define SSL_R_SIGNATURE_ALGORITHMS_ERROR 386 -#define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING 387 -#define SSL_R_BAD_SIGNATURE 388 -#define SSL_R_BAD_PACKET_LENGTH 389 -#define SSL_R_CANNOT_SERIALIZE_PUBLIC_KEY 390 -#define SSL_R_RENEGOTIATION_MISMATCH 391 -#define SSL_R_BAD_MAC_LENGTH 392 -#define SSL_R_NO_PUBLICKEY 393 -#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 394 -#define SSL_R_BAD_MAC_DECODE 395 -#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 396 -#define SSL_R_EXTRA_DATA_IN_MESSAGE 397 -#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 398 -#define SSL_R_CONNECTION_ID_IS_DIFFERENT 399 -#define SSL_R_MISSING_VERIFY_MESSAGE 402 -#define SSL_R_BAD_DSA_SIGNATURE 403 -#define SSL_R_UNKNOWN_SSL_VERSION 404 -#define SSL_R_KEY_ARG_TOO_LONG 405 -#define SSL_R_KRB5_C_INIT 406 -#define SSL_R_NO_CIPHER_LIST 407 -#define SSL_R_PEER_ERROR_NO_CIPHER 408 -#define SSL_R_UNKNOWN_CMD_NAME 409 -#define SSL_R_UNKNOWN_CIPHER_RETURNED 410 -#define SSL_R_RECORD_TOO_SMALL 411 -#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 412 -#define SSL_R_UNSUPPORTED_SSL_VERSION 413 -#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 415 -#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 416 -#define SSL_R_BAD_DATA 417 -#define SSL_R_KRB5_S_TKT_NYV 418 -#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 420 -#define SSL_R_BAD_MESSAGE_TYPE 421 -#define SSL_R_MISSING_ECDH_CERT 422 -#define SSL_R_UNSUPPORTED_PROTOCOL 423 -#define SSL_R_SRP_A_CALC 424 -#define SSL_R_WRITE_BIO_NOT_SET 425 -#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 426 -#define SSL_R_LENGTH_TOO_SHORT 427 -#define SSL_R_CERT_CB_ERROR 428 -#define SSL_R_DTLS_MESSAGE_TOO_BIG 429 -#define SSL_R_INVALID_SRP_USERNAME 430 -#define SSL_R_TOO_MANY_EMPTY_FRAGMENTS 431 -#define SSL_R_NESTED_GROUP 432 -#define SSL_R_UNEXPECTED_GROUP_CLOSE 433 -#define SSL_R_UNEXPECTED_OPERATOR_IN_GROUP 434 -#define SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS 435 -#define SSL_R_INAPPROPRIATE_FALLBACK 436 -#define SSL_R_CLIENTHELLO_PARSE_FAILED 437 -#define SSL_R_CONNECTION_REJECTED 438 -#define SSL_R_DECODE_ERROR 439 -#define SSL_R_UNPROCESSED_HANDSHAKE_DATA 440 -#define SSL_R_HANDSHAKE_RECORD_BEFORE_CCS 441 -#define SSL_R_SESSION_MAY_NOT_BE_CREATED 442 -#define SSL_R_INVALID_SSL_SESSION 443 -#define SSL_R_BAD_ALERT 444 -#define SSL_R_HANDSHAKE_FAILURE_ON_CLIENT_HELLO 445 -#define SSL_R_MTU_TOO_SMALL 446 +#define SSL_R_WRONG_CIPHER_RETURNED 263 +#define SSL_R_WRONG_CURVE 264 +#define SSL_R_WRONG_MESSAGE_TYPE 265 +#define SSL_R_WRONG_SIGNATURE_TYPE 266 +#define SSL_R_WRONG_SSL_VERSION 267 +#define SSL_R_WRONG_VERSION_NUMBER 268 +#define SSL_R_X509_LIB 269 +#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 270 +#define SSL_R_FRAGMENT_MISMATCH 271 +#define SSL_R_BUFFER_TOO_SMALL 272 +#define SSL_R_OLD_SESSION_VERSION_NOT_RETURNED 273 #define SSL_R_SSLV3_ALERT_CLOSE_NOTIFY 1000 #define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 @@ -2756,4 +2893,4 @@ OPENSSL_EXPORT int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); #define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 #define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 -#endif +#endif /* OPENSSL_HEADER_SSL_H */ diff --git a/src/include/openssl/ssl2.h b/src/include/openssl/ssl2.h index eb25dcb..b8401fa 100644 --- a/src/include/openssl/ssl2.h +++ b/src/include/openssl/ssl2.h @@ -151,10 +151,6 @@ extern "C" { #define SSL2_MIN_CERT_CHALLENGE_LENGTH 16 #define SSL2_MAX_KEY_MATERIAL_LENGTH 24 -#ifndef HEADER_SSL_LOCL_H -#define CERT char -#endif - #ifndef OPENSSL_NO_SSL_INTERN typedef struct ssl2_state_st diff --git a/src/include/openssl/ssl3.h b/src/include/openssl/ssl3.h index 8745281..96f00cf 100644 --- a/src/include/openssl/ssl3.h +++ b/src/include/openssl/ssl3.h @@ -117,9 +117,11 @@ #ifndef HEADER_SSL3_H #define HEADER_SSL3_H +#include #include #include #include +#include #ifdef __cplusplus extern "C" { @@ -237,19 +239,28 @@ extern "C" { /* The standards give a maximum encryption overhead of 1024 bytes. In practice * the value is lower than this. The overhead is the maximum number of padding - * bytes (256) plus the mac size. */ + * bytes (256) plus the mac size. + * + * TODO(davidben): This derivation doesn't take AEADs into account, or TLS 1.1 + * explicit nonces. It happens to work because |SSL3_RT_MAX_MD_SIZE| is larger + * than necessary and no true AEAD has variable overhead in TLS 1.2. */ #define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE) -/* OpenSSL currently only uses a padding length of at most one block so the - * send overhead is smaller. */ - +/* SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD is the maximum overhead in encrypting a + * record. This does not include the record header. Some ciphers use explicit + * nonces, so it includes both the AEAD overhead as well as the nonce. */ #define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \ - (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE) + (EVP_AEAD_MAX_OVERHEAD + EVP_AEAD_MAX_NONCE_LENGTH) + +OPENSSL_COMPILE_ASSERT( + SSL3_RT_MAX_ENCRYPTED_OVERHEAD >= SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD, + max_overheads_are_consistent); -/* If compression isn't used don't include the compression overhead */ +/* SSL3_RT_MAX_COMPRESSED_LENGTH is an alias for + * |SSL3_RT_MAX_PLAIN_LENGTH|. Compression is gone, so don't include the + * compression overhead. */ +#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH -#define SSL3_RT_MAX_COMPRESSED_LENGTH \ - (SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_COMPRESSED_OVERHEAD) #define SSL3_RT_MAX_ENCRYPTED_LENGTH \ (SSL3_RT_MAX_ENCRYPTED_OVERHEAD + SSL3_RT_MAX_COMPRESSED_LENGTH) #define SSL3_RT_MAX_PACKET_SIZE \ @@ -347,7 +358,6 @@ typedef struct ssl3_state_st { /* flags for countermeasure against known-IV weakness */ int need_record_splitting; - int record_split_done; /* The value of 'extra' when the buffers were initialized */ int init_extra; @@ -399,9 +409,6 @@ typedef struct ssl3_state_st { * no more data in the read or write buffers */ int renegotiate; int total_renegotiations; - int num_renegotiations; - - int in_read_app_data; /* State pertaining to the pending handshake. * @@ -486,6 +493,10 @@ typedef struct ssl3_state_st { /* new_mac_secret_size is unused and exists only until wpa_supplicant can * be updated. It is only needed for EAP-FAST, which we don't support. */ uint8_t new_mac_secret_size; + + /* Client-only: in_false_start is one if there is a pending handshake in + * False Start. The client may write data at this point. */ + char in_false_start; } tmp; /* Connection binding to prevent renegotiation attacks */ @@ -528,7 +539,7 @@ typedef struct ssl3_state_st { /* client */ /* extra state */ #define SSL3_ST_CW_FLUSH (0x100 | SSL_ST_CONNECT) -#define SSL3_ST_CUTTHROUGH_COMPLETE (0x101 | SSL_ST_CONNECT) +#define SSL3_ST_FALSE_START (0x101 | SSL_ST_CONNECT) /* write to server */ #define SSL3_ST_CW_CLNT_HELLO_A (0x110 | SSL_ST_CONNECT) #define SSL3_ST_CW_CLNT_HELLO_B (0x111 | SSL_ST_CONNECT) @@ -583,8 +594,6 @@ typedef struct ssl3_state_st { #define SSL3_ST_SR_CLNT_HELLO_C (0x112 | SSL_ST_ACCEPT) #define SSL3_ST_SR_CLNT_HELLO_D (0x115 | SSL_ST_ACCEPT) /* write to client */ -#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113 | SSL_ST_ACCEPT) -#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114 | SSL_ST_ACCEPT) #define SSL3_ST_SW_HELLO_REQ_A (0x120 | SSL_ST_ACCEPT) #define SSL3_ST_SW_HELLO_REQ_B (0x121 | SSL_ST_ACCEPT) #define SSL3_ST_SW_HELLO_REQ_C (0x122 | SSL_ST_ACCEPT) diff --git a/src/include/openssl/stack.h b/src/include/openssl/stack.h index 0eeda7f..350fa14 100644 --- a/src/include/openssl/stack.h +++ b/src/include/openssl/stack.h @@ -114,7 +114,7 @@ typedef struct stack_st { #define DEFINE_STACK_OF(type) \ STACK_OF(type) {\ _STACK stack; \ -}; +} #define DECLARE_STACK_OF(type) STACK_OF(type); @@ -286,6 +286,13 @@ OPENSSL_EXPORT int sk_is_sorted(const _STACK *sk); * the previous one. */ OPENSSL_EXPORT stack_cmp_func sk_set_cmp_func(_STACK *sk, stack_cmp_func comp); +/* sk_deep_copy performs a copy of |sk| and of each of the non-NULL elements in + * |sk| by using |copy_func|. If an error occurs, |free_func| is used to free + * any copies already made and NULL is returned. */ +OPENSSL_EXPORT _STACK *sk_deep_copy(const _STACK *sk, + void *(*copy_func)(void *), + void (*free_func)(void *)); + #if defined(__cplusplus) } /* extern C */ diff --git a/src/include/openssl/stack_macros.h b/src/include/openssl/stack_macros.h index a62fce3..dadcf6b 100644 --- a/src/include/openssl/stack_macros.h +++ b/src/include/openssl/stack_macros.h @@ -88,14 +88,21 @@ #define sk_ACCESS_DESCRIPTION_is_sorted(sk) \ sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(ACCESS_DESCRIPTION) *, sk)) -#define sk_ACCESS_DESCRIPTION_set_cmp_func(sk, comp) \ - ((int (*)(const ACCESS_DESCRIPTION **a, const ACCESS_DESCRIPTION **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(ACCESS_DESCRIPTION) *, sk), \ - CHECKED_CAST(stack_cmp_func, int (*)(const ACCESS_DESCRIPTION **a, \ - const ACCESS_DESCRIPTION **b), \ - comp))) - +#define sk_ACCESS_DESCRIPTION_set_cmp_func(sk, comp) \ + ((int (*)(const ACCESS_DESCRIPTION **a, const ACCESS_DESCRIPTION **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(ACCESS_DESCRIPTION) *, sk), \ + CHECKED_CAST(stack_cmp_func, int (*)(const ACCESS_DESCRIPTION **a, \ + const ACCESS_DESCRIPTION **b), \ + comp))) + +#define sk_ACCESS_DESCRIPTION_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(ACCESS_DESCRIPTION) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(ACCESS_DESCRIPTION) *, sk), \ + CHECKED_CAST(void *(*)(void *), \ + ACCESS_DESCRIPTION *(*)(ACCESS_DESCRIPTION *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(ACCESS_DESCRIPTION *), \ + free_func))) /* ASN1_ADB_TABLE */ #define sk_ASN1_ADB_TABLE_new(comp) \ @@ -167,14 +174,20 @@ #define sk_ASN1_ADB_TABLE_is_sorted(sk) \ sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(ASN1_ADB_TABLE) *, sk)) -#define sk_ASN1_ADB_TABLE_set_cmp_func(sk, comp) \ - ((int (*)(const ASN1_ADB_TABLE **a, const ASN1_ADB_TABLE **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(ASN1_ADB_TABLE) *, sk), \ - CHECKED_CAST(stack_cmp_func, int (*)(const ASN1_ADB_TABLE **a, \ - const ASN1_ADB_TABLE **b), \ - comp))) - +#define sk_ASN1_ADB_TABLE_set_cmp_func(sk, comp) \ + ((int (*)(const ASN1_ADB_TABLE **a, const ASN1_ADB_TABLE **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(ASN1_ADB_TABLE) *, sk), \ + CHECKED_CAST(stack_cmp_func, int (*)(const ASN1_ADB_TABLE **a, \ + const ASN1_ADB_TABLE **b), \ + comp))) + +#define sk_ASN1_ADB_TABLE_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(ASN1_ADB_TABLE) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(ASN1_ADB_TABLE) *, sk), \ + CHECKED_CAST(void *(*)(void *), ASN1_ADB_TABLE *(*)(ASN1_ADB_TABLE *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(ASN1_ADB_TABLE *), free_func))) /* ASN1_GENERALSTRING */ #define sk_ASN1_GENERALSTRING_new(comp) \ @@ -248,14 +261,21 @@ #define sk_ASN1_GENERALSTRING_is_sorted(sk) \ sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(ASN1_GENERALSTRING) *, sk)) -#define sk_ASN1_GENERALSTRING_set_cmp_func(sk, comp) \ - ((int (*)(const ASN1_GENERALSTRING **a, const ASN1_GENERALSTRING **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(ASN1_GENERALSTRING) *, sk), \ - CHECKED_CAST(stack_cmp_func, int (*)(const ASN1_GENERALSTRING **a, \ - const ASN1_GENERALSTRING **b), \ - comp))) - +#define sk_ASN1_GENERALSTRING_set_cmp_func(sk, comp) \ + ((int (*)(const ASN1_GENERALSTRING **a, const ASN1_GENERALSTRING **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(ASN1_GENERALSTRING) *, sk), \ + CHECKED_CAST(stack_cmp_func, int (*)(const ASN1_GENERALSTRING **a, \ + const ASN1_GENERALSTRING **b), \ + comp))) + +#define sk_ASN1_GENERALSTRING_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(ASN1_GENERALSTRING) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(ASN1_GENERALSTRING) *, sk), \ + CHECKED_CAST(void *(*)(void *), \ + ASN1_GENERALSTRING *(*)(ASN1_GENERALSTRING *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(ASN1_GENERALSTRING *), \ + free_func))) /* ASN1_INTEGER */ #define sk_ASN1_INTEGER_new(comp) \ @@ -333,6 +353,12 @@ int (*)(const ASN1_INTEGER **a, const ASN1_INTEGER **b), \ comp))) +#define sk_ASN1_INTEGER_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(ASN1_INTEGER) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(ASN1_INTEGER) *, sk), \ + CHECKED_CAST(void *(*)(void *), ASN1_INTEGER *(*)(ASN1_INTEGER *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(ASN1_INTEGER *), free_func))) /* ASN1_OBJECT */ #define sk_ASN1_OBJECT_new(comp) \ @@ -408,6 +434,12 @@ int (*)(const ASN1_OBJECT **a, const ASN1_OBJECT **b), \ comp))) +#define sk_ASN1_OBJECT_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(ASN1_OBJECT) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(ASN1_OBJECT) *, sk), \ + CHECKED_CAST(void *(*)(void *), ASN1_OBJECT *(*)(ASN1_OBJECT *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(ASN1_OBJECT *), free_func))) /* ASN1_STRING_TABLE */ #define sk_ASN1_STRING_TABLE_new(comp) \ @@ -481,14 +513,21 @@ #define sk_ASN1_STRING_TABLE_is_sorted(sk) \ sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(ASN1_STRING_TABLE) *, sk)) -#define sk_ASN1_STRING_TABLE_set_cmp_func(sk, comp) \ - ((int (*)(const ASN1_STRING_TABLE **a, const ASN1_STRING_TABLE **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(ASN1_STRING_TABLE) *, sk), \ - CHECKED_CAST(stack_cmp_func, int (*)(const ASN1_STRING_TABLE **a, \ - const ASN1_STRING_TABLE **b), \ - comp))) - +#define sk_ASN1_STRING_TABLE_set_cmp_func(sk, comp) \ + ((int (*)(const ASN1_STRING_TABLE **a, const ASN1_STRING_TABLE **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(ASN1_STRING_TABLE) *, sk), \ + CHECKED_CAST(stack_cmp_func, int (*)(const ASN1_STRING_TABLE **a, \ + const ASN1_STRING_TABLE **b), \ + comp))) + +#define sk_ASN1_STRING_TABLE_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(ASN1_STRING_TABLE) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(ASN1_STRING_TABLE) *, sk), \ + CHECKED_CAST(void *(*)(void *), \ + ASN1_STRING_TABLE *(*)(ASN1_STRING_TABLE *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(ASN1_STRING_TABLE *), \ + free_func))) /* ASN1_TYPE */ #define sk_ASN1_TYPE_new(comp) \ @@ -563,6 +602,11 @@ CHECKED_CAST(stack_cmp_func, \ int (*)(const ASN1_TYPE **a, const ASN1_TYPE **b), comp))) +#define sk_ASN1_TYPE_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(ASN1_TYPE) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(ASN1_TYPE) *, sk), \ + CHECKED_CAST(void *(*)(void *), ASN1_TYPE *(*)(ASN1_TYPE *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(ASN1_TYPE *), free_func))) /* ASN1_VALUE */ #define sk_ASN1_VALUE_new(comp) \ @@ -638,6 +682,12 @@ int (*)(const ASN1_VALUE **a, const ASN1_VALUE **b), \ comp))) +#define sk_ASN1_VALUE_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(ASN1_VALUE) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(ASN1_VALUE) *, sk), \ + CHECKED_CAST(void *(*)(void *), ASN1_VALUE *(*)(ASN1_VALUE *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(ASN1_VALUE *), free_func))) /* BIO */ #define sk_BIO_new(comp) \ @@ -702,6 +752,11 @@ CHECKED_CAST(stack_cmp_func, int (*)(const BIO **a, const BIO **b), \ comp))) +#define sk_BIO_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(BIO) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(BIO) *, sk), \ + CHECKED_CAST(void *(*)(void *), BIO *(*)(BIO *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(BIO *), free_func))) /* BY_DIR_ENTRY */ #define sk_BY_DIR_ENTRY_new(comp) \ @@ -779,6 +834,12 @@ int (*)(const BY_DIR_ENTRY **a, const BY_DIR_ENTRY **b), \ comp))) +#define sk_BY_DIR_ENTRY_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(BY_DIR_ENTRY) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(BY_DIR_ENTRY) *, sk), \ + CHECKED_CAST(void *(*)(void *), BY_DIR_ENTRY *(*)(BY_DIR_ENTRY *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(BY_DIR_ENTRY *), free_func))) /* BY_DIR_HASH */ #define sk_BY_DIR_HASH_new(comp) \ @@ -854,6 +915,12 @@ int (*)(const BY_DIR_HASH **a, const BY_DIR_HASH **b), \ comp))) +#define sk_BY_DIR_HASH_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(BY_DIR_HASH) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(BY_DIR_HASH) *, sk), \ + CHECKED_CAST(void *(*)(void *), BY_DIR_HASH *(*)(BY_DIR_HASH *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(BY_DIR_HASH *), free_func))) /* CONF_VALUE */ #define sk_CONF_VALUE_new(comp) \ @@ -929,6 +996,12 @@ int (*)(const CONF_VALUE **a, const CONF_VALUE **b), \ comp))) +#define sk_CONF_VALUE_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(CONF_VALUE) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(CONF_VALUE) *, sk), \ + CHECKED_CAST(void *(*)(void *), CONF_VALUE *(*)(CONF_VALUE *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(CONF_VALUE *), free_func))) /* CRYPTO_EX_DATA_FUNCS */ #define sk_CRYPTO_EX_DATA_FUNCS_new(comp) \ @@ -1006,12 +1079,22 @@ #define sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func(sk, comp) \ ((int (*)(const CRYPTO_EX_DATA_FUNCS **a, const CRYPTO_EX_DATA_FUNCS **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(CRYPTO_EX_DATA_FUNCS) *, sk), \ - CHECKED_CAST(stack_cmp_func, int (*)(const CRYPTO_EX_DATA_FUNCS **a, \ - const CRYPTO_EX_DATA_FUNCS **b), \ - comp))) - + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(CRYPTO_EX_DATA_FUNCS) *, sk), \ + CHECKED_CAST(stack_cmp_func, \ + int (*)(const CRYPTO_EX_DATA_FUNCS **a, \ + const CRYPTO_EX_DATA_FUNCS **b), \ + comp))) + +#define sk_CRYPTO_EX_DATA_FUNCS_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(CRYPTO_EX_DATA_FUNCS) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(CRYPTO_EX_DATA_FUNCS) *, \ + sk), \ + CHECKED_CAST(void *(*)(void *), \ + CRYPTO_EX_DATA_FUNCS *(*)(CRYPTO_EX_DATA_FUNCS *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(CRYPTO_EX_DATA_FUNCS *), \ + free_func))) /* DIST_POINT */ #define sk_DIST_POINT_new(comp) \ @@ -1087,6 +1170,12 @@ int (*)(const DIST_POINT **a, const DIST_POINT **b), \ comp))) +#define sk_DIST_POINT_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(DIST_POINT) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(DIST_POINT) *, sk), \ + CHECKED_CAST(void *(*)(void *), DIST_POINT *(*)(DIST_POINT *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(DIST_POINT *), free_func))) /* GENERAL_NAME */ #define sk_GENERAL_NAME_new(comp) \ @@ -1164,6 +1253,12 @@ int (*)(const GENERAL_NAME **a, const GENERAL_NAME **b), \ comp))) +#define sk_GENERAL_NAME_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(GENERAL_NAME) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(GENERAL_NAME) *, sk), \ + CHECKED_CAST(void *(*)(void *), GENERAL_NAME *(*)(GENERAL_NAME *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(GENERAL_NAME *), free_func))) /* GENERAL_NAMES */ #define sk_GENERAL_NAMES_new(comp) \ @@ -1242,6 +1337,12 @@ int (*)(const GENERAL_NAMES **a, const GENERAL_NAMES **b), \ comp))) +#define sk_GENERAL_NAMES_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(GENERAL_NAMES) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(GENERAL_NAMES) *, sk), \ + CHECKED_CAST(void *(*)(void *), GENERAL_NAMES *(*)(GENERAL_NAMES *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(GENERAL_NAMES *), free_func))) /* GENERAL_SUBTREE */ #define sk_GENERAL_SUBTREE_new(comp) \ @@ -1314,14 +1415,20 @@ #define sk_GENERAL_SUBTREE_is_sorted(sk) \ sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(GENERAL_SUBTREE) *, sk)) -#define sk_GENERAL_SUBTREE_set_cmp_func(sk, comp) \ - ((int (*)(const GENERAL_SUBTREE **a, const GENERAL_SUBTREE **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(GENERAL_SUBTREE) *, sk), \ - CHECKED_CAST(stack_cmp_func, int (*)(const GENERAL_SUBTREE **a, \ - const GENERAL_SUBTREE **b), \ - comp))) - +#define sk_GENERAL_SUBTREE_set_cmp_func(sk, comp) \ + ((int (*)(const GENERAL_SUBTREE **a, const GENERAL_SUBTREE **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(GENERAL_SUBTREE) *, sk), \ + CHECKED_CAST(stack_cmp_func, int (*)(const GENERAL_SUBTREE **a, \ + const GENERAL_SUBTREE **b), \ + comp))) + +#define sk_GENERAL_SUBTREE_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(GENERAL_SUBTREE) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(GENERAL_SUBTREE) *, sk), \ + CHECKED_CAST(void *(*)(void *), GENERAL_SUBTREE *(*)(GENERAL_SUBTREE *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(GENERAL_SUBTREE *), free_func))) /* MIME_HEADER */ #define sk_MIME_HEADER_new(comp) \ @@ -1397,6 +1504,12 @@ int (*)(const MIME_HEADER **a, const MIME_HEADER **b), \ comp))) +#define sk_MIME_HEADER_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(MIME_HEADER) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(MIME_HEADER) *, sk), \ + CHECKED_CAST(void *(*)(void *), MIME_HEADER *(*)(MIME_HEADER *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(MIME_HEADER *), free_func))) /* PKCS7_SIGNER_INFO */ #define sk_PKCS7_SIGNER_INFO_new(comp) \ @@ -1470,14 +1583,21 @@ #define sk_PKCS7_SIGNER_INFO_is_sorted(sk) \ sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(PKCS7_SIGNER_INFO) *, sk)) -#define sk_PKCS7_SIGNER_INFO_set_cmp_func(sk, comp) \ - ((int (*)(const PKCS7_SIGNER_INFO **a, const PKCS7_SIGNER_INFO **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(PKCS7_SIGNER_INFO) *, sk), \ - CHECKED_CAST(stack_cmp_func, int (*)(const PKCS7_SIGNER_INFO **a, \ - const PKCS7_SIGNER_INFO **b), \ - comp))) - +#define sk_PKCS7_SIGNER_INFO_set_cmp_func(sk, comp) \ + ((int (*)(const PKCS7_SIGNER_INFO **a, const PKCS7_SIGNER_INFO **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(PKCS7_SIGNER_INFO) *, sk), \ + CHECKED_CAST(stack_cmp_func, int (*)(const PKCS7_SIGNER_INFO **a, \ + const PKCS7_SIGNER_INFO **b), \ + comp))) + +#define sk_PKCS7_SIGNER_INFO_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(PKCS7_SIGNER_INFO) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(PKCS7_SIGNER_INFO) *, sk), \ + CHECKED_CAST(void *(*)(void *), \ + PKCS7_SIGNER_INFO *(*)(PKCS7_SIGNER_INFO *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(PKCS7_SIGNER_INFO *), \ + free_func))) /* PKCS7_RECIP_INFO */ #define sk_PKCS7_RECIP_INFO_new(comp) \ @@ -1550,14 +1670,21 @@ #define sk_PKCS7_RECIP_INFO_is_sorted(sk) \ sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(PKCS7_RECIP_INFO) *, sk)) -#define sk_PKCS7_RECIP_INFO_set_cmp_func(sk, comp) \ - ((int (*)(const PKCS7_RECIP_INFO **a, const PKCS7_RECIP_INFO **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(PKCS7_RECIP_INFO) *, sk), \ - CHECKED_CAST(stack_cmp_func, int (*)(const PKCS7_RECIP_INFO **a, \ - const PKCS7_RECIP_INFO **b), \ - comp))) - +#define sk_PKCS7_RECIP_INFO_set_cmp_func(sk, comp) \ + ((int (*)(const PKCS7_RECIP_INFO **a, const PKCS7_RECIP_INFO **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(PKCS7_RECIP_INFO) *, sk), \ + CHECKED_CAST(stack_cmp_func, int (*)(const PKCS7_RECIP_INFO **a, \ + const PKCS7_RECIP_INFO **b), \ + comp))) + +#define sk_PKCS7_RECIP_INFO_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(PKCS7_RECIP_INFO) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(PKCS7_RECIP_INFO) *, sk), \ + CHECKED_CAST(void *(*)(void *), \ + PKCS7_RECIP_INFO *(*)(PKCS7_RECIP_INFO *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(PKCS7_RECIP_INFO *), \ + free_func))) /* POLICYINFO */ #define sk_POLICYINFO_new(comp) \ @@ -1633,6 +1760,12 @@ int (*)(const POLICYINFO **a, const POLICYINFO **b), \ comp))) +#define sk_POLICYINFO_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(POLICYINFO) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(POLICYINFO) *, sk), \ + CHECKED_CAST(void *(*)(void *), POLICYINFO *(*)(POLICYINFO *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(POLICYINFO *), free_func))) /* POLICYQUALINFO */ #define sk_POLICYQUALINFO_new(comp) \ @@ -1704,14 +1837,20 @@ #define sk_POLICYQUALINFO_is_sorted(sk) \ sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(POLICYQUALINFO) *, sk)) -#define sk_POLICYQUALINFO_set_cmp_func(sk, comp) \ - ((int (*)(const POLICYQUALINFO **a, const POLICYQUALINFO **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(POLICYQUALINFO) *, sk), \ - CHECKED_CAST(stack_cmp_func, int (*)(const POLICYQUALINFO **a, \ - const POLICYQUALINFO **b), \ - comp))) - +#define sk_POLICYQUALINFO_set_cmp_func(sk, comp) \ + ((int (*)(const POLICYQUALINFO **a, const POLICYQUALINFO **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(POLICYQUALINFO) *, sk), \ + CHECKED_CAST(stack_cmp_func, int (*)(const POLICYQUALINFO **a, \ + const POLICYQUALINFO **b), \ + comp))) + +#define sk_POLICYQUALINFO_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(POLICYQUALINFO) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(POLICYQUALINFO) *, sk), \ + CHECKED_CAST(void *(*)(void *), POLICYQUALINFO *(*)(POLICYQUALINFO *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(POLICYQUALINFO *), free_func))) /* POLICY_MAPPING */ #define sk_POLICY_MAPPING_new(comp) \ @@ -1783,14 +1922,20 @@ #define sk_POLICY_MAPPING_is_sorted(sk) \ sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(POLICY_MAPPING) *, sk)) -#define sk_POLICY_MAPPING_set_cmp_func(sk, comp) \ - ((int (*)(const POLICY_MAPPING **a, const POLICY_MAPPING **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(POLICY_MAPPING) *, sk), \ - CHECKED_CAST(stack_cmp_func, int (*)(const POLICY_MAPPING **a, \ - const POLICY_MAPPING **b), \ - comp))) - +#define sk_POLICY_MAPPING_set_cmp_func(sk, comp) \ + ((int (*)(const POLICY_MAPPING **a, const POLICY_MAPPING **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(POLICY_MAPPING) *, sk), \ + CHECKED_CAST(stack_cmp_func, int (*)(const POLICY_MAPPING **a, \ + const POLICY_MAPPING **b), \ + comp))) + +#define sk_POLICY_MAPPING_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(POLICY_MAPPING) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(POLICY_MAPPING) *, sk), \ + CHECKED_CAST(void *(*)(void *), POLICY_MAPPING *(*)(POLICY_MAPPING *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(POLICY_MAPPING *), free_func))) /* SSL_COMP */ #define sk_SSL_COMP_new(comp) \ @@ -1862,6 +2007,11 @@ CHECKED_CAST(stack_cmp_func, \ int (*)(const SSL_COMP **a, const SSL_COMP **b), comp))) +#define sk_SSL_COMP_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(SSL_COMP) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(SSL_COMP) *, sk), \ + CHECKED_CAST(void *(*)(void *), SSL_COMP *(*)(SSL_COMP *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(SSL_COMP *), free_func))) /* STACK_OF_X509_NAME_ENTRY */ #define sk_STACK_OF_X509_NAME_ENTRY_new(comp) \ @@ -1939,16 +2089,25 @@ sk_is_sorted( \ CHECKED_CAST(_STACK *, const STACK_OF(STACK_OF_X509_NAME_ENTRY) *, sk)) -#define sk_STACK_OF_X509_NAME_ENTRY_set_cmp_func(sk, comp) \ - ((int (*)(const STACK_OF_X509_NAME_ENTRY **a, \ - const STACK_OF_X509_NAME_ENTRY **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(STACK_OF_X509_NAME_ENTRY) *, sk), \ - CHECKED_CAST(stack_cmp_func, \ - int (*)(const STACK_OF_X509_NAME_ENTRY **a, \ - const STACK_OF_X509_NAME_ENTRY **b), \ - comp))) - +#define sk_STACK_OF_X509_NAME_ENTRY_set_cmp_func(sk, comp) \ + ((int (*)(const STACK_OF_X509_NAME_ENTRY **a, \ + const STACK_OF_X509_NAME_ENTRY **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(STACK_OF_X509_NAME_ENTRY) *, sk), \ + CHECKED_CAST(stack_cmp_func, \ + int (*)(const STACK_OF_X509_NAME_ENTRY **a, \ + const STACK_OF_X509_NAME_ENTRY **b), \ + comp))) + +#define sk_STACK_OF_X509_NAME_ENTRY_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(STACK_OF_X509_NAME_ENTRY) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(STACK_OF_X509_NAME_ENTRY) *, \ + sk), \ + CHECKED_CAST(void *(*)(void *), \ + STACK_OF_X509_NAME_ENTRY *(*)(STACK_OF_X509_NAME_ENTRY *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(STACK_OF_X509_NAME_ENTRY *), \ + free_func))) /* SXNETID */ #define sk_SXNETID_new(comp) \ @@ -2020,6 +2179,11 @@ CHECKED_CAST(stack_cmp_func, \ int (*)(const SXNETID **a, const SXNETID **b), comp))) +#define sk_SXNETID_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(SXNETID) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(SXNETID) *, sk), \ + CHECKED_CAST(void *(*)(void *), SXNETID *(*)(SXNETID *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(SXNETID *), free_func))) /* X509 */ #define sk_X509_new(comp) \ @@ -2084,6 +2248,11 @@ CHECKED_CAST(stack_cmp_func, int (*)(const X509 **a, const X509 **b), \ comp))) +#define sk_X509_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(X509) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(X509) *, sk), \ + CHECKED_CAST(void *(*)(void *), X509 *(*)(X509 *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(X509 *), free_func))) /* X509V3_EXT_METHOD */ #define sk_X509V3_EXT_METHOD_new(comp) \ @@ -2157,14 +2326,21 @@ #define sk_X509V3_EXT_METHOD_is_sorted(sk) \ sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(X509V3_EXT_METHOD) *, sk)) -#define sk_X509V3_EXT_METHOD_set_cmp_func(sk, comp) \ - ((int (*)(const X509V3_EXT_METHOD **a, const X509V3_EXT_METHOD **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(X509V3_EXT_METHOD) *, sk), \ - CHECKED_CAST(stack_cmp_func, int (*)(const X509V3_EXT_METHOD **a, \ - const X509V3_EXT_METHOD **b), \ - comp))) - +#define sk_X509V3_EXT_METHOD_set_cmp_func(sk, comp) \ + ((int (*)(const X509V3_EXT_METHOD **a, const X509V3_EXT_METHOD **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(X509V3_EXT_METHOD) *, sk), \ + CHECKED_CAST(stack_cmp_func, int (*)(const X509V3_EXT_METHOD **a, \ + const X509V3_EXT_METHOD **b), \ + comp))) + +#define sk_X509V3_EXT_METHOD_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(X509V3_EXT_METHOD) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(X509V3_EXT_METHOD) *, sk), \ + CHECKED_CAST(void *(*)(void *), \ + X509V3_EXT_METHOD *(*)(X509V3_EXT_METHOD *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(X509V3_EXT_METHOD *), \ + free_func))) /* X509_ALGOR */ #define sk_X509_ALGOR_new(comp) \ @@ -2240,6 +2416,12 @@ int (*)(const X509_ALGOR **a, const X509_ALGOR **b), \ comp))) +#define sk_X509_ALGOR_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(X509_ALGOR) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(X509_ALGOR) *, sk), \ + CHECKED_CAST(void *(*)(void *), X509_ALGOR *(*)(X509_ALGOR *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(X509_ALGOR *), free_func))) /* X509_ATTRIBUTE */ #define sk_X509_ATTRIBUTE_new(comp) \ @@ -2311,14 +2493,20 @@ #define sk_X509_ATTRIBUTE_is_sorted(sk) \ sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(X509_ATTRIBUTE) *, sk)) -#define sk_X509_ATTRIBUTE_set_cmp_func(sk, comp) \ - ((int (*)(const X509_ATTRIBUTE **a, const X509_ATTRIBUTE **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(X509_ATTRIBUTE) *, sk), \ - CHECKED_CAST(stack_cmp_func, int (*)(const X509_ATTRIBUTE **a, \ - const X509_ATTRIBUTE **b), \ - comp))) - +#define sk_X509_ATTRIBUTE_set_cmp_func(sk, comp) \ + ((int (*)(const X509_ATTRIBUTE **a, const X509_ATTRIBUTE **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(X509_ATTRIBUTE) *, sk), \ + CHECKED_CAST(stack_cmp_func, int (*)(const X509_ATTRIBUTE **a, \ + const X509_ATTRIBUTE **b), \ + comp))) + +#define sk_X509_ATTRIBUTE_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(X509_ATTRIBUTE) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(X509_ATTRIBUTE) *, sk), \ + CHECKED_CAST(void *(*)(void *), X509_ATTRIBUTE *(*)(X509_ATTRIBUTE *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(X509_ATTRIBUTE *), free_func))) /* X509_CRL */ #define sk_X509_CRL_new(comp) \ @@ -2390,6 +2578,11 @@ CHECKED_CAST(stack_cmp_func, \ int (*)(const X509_CRL **a, const X509_CRL **b), comp))) +#define sk_X509_CRL_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(X509_CRL) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(X509_CRL) *, sk), \ + CHECKED_CAST(void *(*)(void *), X509_CRL *(*)(X509_CRL *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(X509_CRL *), free_func))) /* X509_EXTENSION */ #define sk_X509_EXTENSION_new(comp) \ @@ -2461,14 +2654,20 @@ #define sk_X509_EXTENSION_is_sorted(sk) \ sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(X509_EXTENSION) *, sk)) -#define sk_X509_EXTENSION_set_cmp_func(sk, comp) \ - ((int (*)(const X509_EXTENSION **a, const X509_EXTENSION **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(X509_EXTENSION) *, sk), \ - CHECKED_CAST(stack_cmp_func, int (*)(const X509_EXTENSION **a, \ - const X509_EXTENSION **b), \ - comp))) - +#define sk_X509_EXTENSION_set_cmp_func(sk, comp) \ + ((int (*)(const X509_EXTENSION **a, const X509_EXTENSION **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(X509_EXTENSION) *, sk), \ + CHECKED_CAST(stack_cmp_func, int (*)(const X509_EXTENSION **a, \ + const X509_EXTENSION **b), \ + comp))) + +#define sk_X509_EXTENSION_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(X509_EXTENSION) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(X509_EXTENSION) *, sk), \ + CHECKED_CAST(void *(*)(void *), X509_EXTENSION *(*)(X509_EXTENSION *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(X509_EXTENSION *), free_func))) /* X509_INFO */ #define sk_X509_INFO_new(comp) \ @@ -2543,6 +2742,11 @@ CHECKED_CAST(stack_cmp_func, \ int (*)(const X509_INFO **a, const X509_INFO **b), comp))) +#define sk_X509_INFO_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(X509_INFO) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(X509_INFO) *, sk), \ + CHECKED_CAST(void *(*)(void *), X509_INFO *(*)(X509_INFO *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(X509_INFO *), free_func))) /* X509_LOOKUP */ #define sk_X509_LOOKUP_new(comp) \ @@ -2618,6 +2822,12 @@ int (*)(const X509_LOOKUP **a, const X509_LOOKUP **b), \ comp))) +#define sk_X509_LOOKUP_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(X509_LOOKUP) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(X509_LOOKUP) *, sk), \ + CHECKED_CAST(void *(*)(void *), X509_LOOKUP *(*)(X509_LOOKUP *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(X509_LOOKUP *), free_func))) /* X509_NAME */ #define sk_X509_NAME_new(comp) \ @@ -2692,6 +2902,11 @@ CHECKED_CAST(stack_cmp_func, \ int (*)(const X509_NAME **a, const X509_NAME **b), comp))) +#define sk_X509_NAME_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(X509_NAME) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(X509_NAME) *, sk), \ + CHECKED_CAST(void *(*)(void *), X509_NAME *(*)(X509_NAME *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(X509_NAME *), free_func))) /* X509_NAME_ENTRY */ #define sk_X509_NAME_ENTRY_new(comp) \ @@ -2764,14 +2979,20 @@ #define sk_X509_NAME_ENTRY_is_sorted(sk) \ sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(X509_NAME_ENTRY) *, sk)) -#define sk_X509_NAME_ENTRY_set_cmp_func(sk, comp) \ - ((int (*)(const X509_NAME_ENTRY **a, const X509_NAME_ENTRY **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(X509_NAME_ENTRY) *, sk), \ - CHECKED_CAST(stack_cmp_func, int (*)(const X509_NAME_ENTRY **a, \ - const X509_NAME_ENTRY **b), \ - comp))) - +#define sk_X509_NAME_ENTRY_set_cmp_func(sk, comp) \ + ((int (*)(const X509_NAME_ENTRY **a, const X509_NAME_ENTRY **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(X509_NAME_ENTRY) *, sk), \ + CHECKED_CAST(stack_cmp_func, int (*)(const X509_NAME_ENTRY **a, \ + const X509_NAME_ENTRY **b), \ + comp))) + +#define sk_X509_NAME_ENTRY_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(X509_NAME_ENTRY) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(X509_NAME_ENTRY) *, sk), \ + CHECKED_CAST(void *(*)(void *), X509_NAME_ENTRY *(*)(X509_NAME_ENTRY *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(X509_NAME_ENTRY *), free_func))) /* X509_OBJECT */ #define sk_X509_OBJECT_new(comp) \ @@ -2847,6 +3068,12 @@ int (*)(const X509_OBJECT **a, const X509_OBJECT **b), \ comp))) +#define sk_X509_OBJECT_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(X509_OBJECT) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(X509_OBJECT) *, sk), \ + CHECKED_CAST(void *(*)(void *), X509_OBJECT *(*)(X509_OBJECT *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(X509_OBJECT *), free_func))) /* X509_POLICY_DATA */ #define sk_X509_POLICY_DATA_new(comp) \ @@ -2919,14 +3146,21 @@ #define sk_X509_POLICY_DATA_is_sorted(sk) \ sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(X509_POLICY_DATA) *, sk)) -#define sk_X509_POLICY_DATA_set_cmp_func(sk, comp) \ - ((int (*)(const X509_POLICY_DATA **a, const X509_POLICY_DATA **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(X509_POLICY_DATA) *, sk), \ - CHECKED_CAST(stack_cmp_func, int (*)(const X509_POLICY_DATA **a, \ - const X509_POLICY_DATA **b), \ - comp))) - +#define sk_X509_POLICY_DATA_set_cmp_func(sk, comp) \ + ((int (*)(const X509_POLICY_DATA **a, const X509_POLICY_DATA **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(X509_POLICY_DATA) *, sk), \ + CHECKED_CAST(stack_cmp_func, int (*)(const X509_POLICY_DATA **a, \ + const X509_POLICY_DATA **b), \ + comp))) + +#define sk_X509_POLICY_DATA_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(X509_POLICY_DATA) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(X509_POLICY_DATA) *, sk), \ + CHECKED_CAST(void *(*)(void *), \ + X509_POLICY_DATA *(*)(X509_POLICY_DATA *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(X509_POLICY_DATA *), \ + free_func))) /* X509_POLICY_NODE */ #define sk_X509_POLICY_NODE_new(comp) \ @@ -2999,14 +3233,21 @@ #define sk_X509_POLICY_NODE_is_sorted(sk) \ sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(X509_POLICY_NODE) *, sk)) -#define sk_X509_POLICY_NODE_set_cmp_func(sk, comp) \ - ((int (*)(const X509_POLICY_NODE **a, const X509_POLICY_NODE **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(X509_POLICY_NODE) *, sk), \ - CHECKED_CAST(stack_cmp_func, int (*)(const X509_POLICY_NODE **a, \ - const X509_POLICY_NODE **b), \ - comp))) - +#define sk_X509_POLICY_NODE_set_cmp_func(sk, comp) \ + ((int (*)(const X509_POLICY_NODE **a, const X509_POLICY_NODE **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(X509_POLICY_NODE) *, sk), \ + CHECKED_CAST(stack_cmp_func, int (*)(const X509_POLICY_NODE **a, \ + const X509_POLICY_NODE **b), \ + comp))) + +#define sk_X509_POLICY_NODE_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(X509_POLICY_NODE) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(X509_POLICY_NODE) *, sk), \ + CHECKED_CAST(void *(*)(void *), \ + X509_POLICY_NODE *(*)(X509_POLICY_NODE *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(X509_POLICY_NODE *), \ + free_func))) /* X509_PURPOSE */ #define sk_X509_PURPOSE_new(comp) \ @@ -3084,6 +3325,12 @@ int (*)(const X509_PURPOSE **a, const X509_PURPOSE **b), \ comp))) +#define sk_X509_PURPOSE_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(X509_PURPOSE) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(X509_PURPOSE) *, sk), \ + CHECKED_CAST(void *(*)(void *), X509_PURPOSE *(*)(X509_PURPOSE *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(X509_PURPOSE *), free_func))) /* X509_REVOKED */ #define sk_X509_REVOKED_new(comp) \ @@ -3161,6 +3408,12 @@ int (*)(const X509_REVOKED **a, const X509_REVOKED **b), \ comp))) +#define sk_X509_REVOKED_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(X509_REVOKED) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(X509_REVOKED) *, sk), \ + CHECKED_CAST(void *(*)(void *), X509_REVOKED *(*)(X509_REVOKED *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(X509_REVOKED *), free_func))) /* X509_TRUST */ #define sk_X509_TRUST_new(comp) \ @@ -3236,6 +3489,12 @@ int (*)(const X509_TRUST **a, const X509_TRUST **b), \ comp))) +#define sk_X509_TRUST_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(X509_TRUST) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(X509_TRUST) *, sk), \ + CHECKED_CAST(void *(*)(void *), X509_TRUST *(*)(X509_TRUST *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(X509_TRUST *), free_func))) /* X509_VERIFY_PARAM */ #define sk_X509_VERIFY_PARAM_new(comp) \ @@ -3309,14 +3568,21 @@ #define sk_X509_VERIFY_PARAM_is_sorted(sk) \ sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(X509_VERIFY_PARAM) *, sk)) -#define sk_X509_VERIFY_PARAM_set_cmp_func(sk, comp) \ - ((int (*)(const X509_VERIFY_PARAM **a, const X509_VERIFY_PARAM **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(X509_VERIFY_PARAM) *, sk), \ - CHECKED_CAST(stack_cmp_func, int (*)(const X509_VERIFY_PARAM **a, \ - const X509_VERIFY_PARAM **b), \ - comp))) - +#define sk_X509_VERIFY_PARAM_set_cmp_func(sk, comp) \ + ((int (*)(const X509_VERIFY_PARAM **a, const X509_VERIFY_PARAM **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(X509_VERIFY_PARAM) *, sk), \ + CHECKED_CAST(stack_cmp_func, int (*)(const X509_VERIFY_PARAM **a, \ + const X509_VERIFY_PARAM **b), \ + comp))) + +#define sk_X509_VERIFY_PARAM_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(X509_VERIFY_PARAM) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(X509_VERIFY_PARAM) *, sk), \ + CHECKED_CAST(void *(*)(void *), \ + X509_VERIFY_PARAM *(*)(X509_VERIFY_PARAM *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(X509_VERIFY_PARAM *), \ + free_func))) /* void */ #define sk_void_new(comp) \ @@ -3381,6 +3647,11 @@ CHECKED_CAST(stack_cmp_func, int (*)(const void **a, const void **b), \ comp))) +#define sk_void_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(void)*)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(void)*, sk), \ + CHECKED_CAST(void *(*)(void *), void *(*)(void *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(void *), free_func))) /* SRTP_PROTECTION_PROFILE */ #define sk_SRTP_PROTECTION_PROFILE_new(comp) \ @@ -3459,16 +3730,25 @@ sk_is_sorted( \ CHECKED_CAST(_STACK *, const STACK_OF(SRTP_PROTECTION_PROFILE) *, sk)) -#define sk_SRTP_PROTECTION_PROFILE_set_cmp_func(sk, comp) \ - ((int (*)(const SRTP_PROTECTION_PROFILE **a, \ - const SRTP_PROTECTION_PROFILE **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(SRTP_PROTECTION_PROFILE) *, sk), \ - CHECKED_CAST(stack_cmp_func, \ - int (*)(const SRTP_PROTECTION_PROFILE **a, \ - const SRTP_PROTECTION_PROFILE **b), \ - comp))) - +#define sk_SRTP_PROTECTION_PROFILE_set_cmp_func(sk, comp) \ + ((int (*)(const SRTP_PROTECTION_PROFILE **a, \ + const SRTP_PROTECTION_PROFILE **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(SRTP_PROTECTION_PROFILE) *, sk), \ + CHECKED_CAST(stack_cmp_func, \ + int (*)(const SRTP_PROTECTION_PROFILE **a, \ + const SRTP_PROTECTION_PROFILE **b), \ + comp))) + +#define sk_SRTP_PROTECTION_PROFILE_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(SRTP_PROTECTION_PROFILE) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(SRTP_PROTECTION_PROFILE) *, \ + sk), \ + CHECKED_CAST(void *(*)(void *), const SRTP_PROTECTION_PROFILE *(*)( \ + const SRTP_PROTECTION_PROFILE *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), \ + void (*)(const SRTP_PROTECTION_PROFILE *), free_func))) /* SSL_CIPHER */ #define sk_SSL_CIPHER_new(comp) \ @@ -3547,6 +3827,13 @@ int (*)(const SSL_CIPHER **a, const SSL_CIPHER **b), \ comp))) +#define sk_SSL_CIPHER_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(SSL_CIPHER) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(SSL_CIPHER) *, sk), \ + CHECKED_CAST(void *(*)(void *), \ + const SSL_CIPHER *(*)(const SSL_CIPHER *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(const SSL_CIPHER *), \ + free_func))) /* OPENSSL_STRING */ #define sk_OPENSSL_STRING_new(comp) \ @@ -3618,14 +3905,20 @@ #define sk_OPENSSL_STRING_is_sorted(sk) \ sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(OPENSSL_STRING) *, sk)) -#define sk_OPENSSL_STRING_set_cmp_func(sk, comp) \ - ((int (*)(const OPENSSL_STRING **a, const OPENSSL_STRING **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(OPENSSL_STRING) *, sk), \ - CHECKED_CAST(stack_cmp_func, int (*)(const OPENSSL_STRING **a, \ - const OPENSSL_STRING **b), \ - comp))) - +#define sk_OPENSSL_STRING_set_cmp_func(sk, comp) \ + ((int (*)(const OPENSSL_STRING **a, const OPENSSL_STRING **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(OPENSSL_STRING) *, sk), \ + CHECKED_CAST(stack_cmp_func, int (*)(const OPENSSL_STRING **a, \ + const OPENSSL_STRING **b), \ + comp))) + +#define sk_OPENSSL_STRING_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(OPENSSL_STRING) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(OPENSSL_STRING) *, sk), \ + CHECKED_CAST(void *(*)(void *), OPENSSL_STRING (*)(OPENSSL_STRING), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(OPENSSL_STRING), free_func))) /* OPENSSL_BLOCK */ #define sk_OPENSSL_BLOCK_new(comp) \ @@ -3702,3 +3995,10 @@ CHECKED_CAST(stack_cmp_func, \ int (*)(const OPENSSL_BLOCK **a, const OPENSSL_BLOCK **b), \ comp))) + +#define sk_OPENSSL_BLOCK_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(OPENSSL_BLOCK) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(OPENSSL_BLOCK) *, sk), \ + CHECKED_CAST(void *(*)(void *), OPENSSL_BLOCK (*)(OPENSSL_BLOCK), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(OPENSSL_BLOCK), free_func))) diff --git a/src/include/openssl/thread.h b/src/include/openssl/thread.h index ea65405..f6e7529 100644 --- a/src/include/openssl/thread.h +++ b/src/include/openssl/thread.h @@ -57,6 +57,8 @@ #ifndef OPENSSL_HEADER_THREAD_H #define OPENSSL_HEADER_THREAD_H +#include + #include #if defined(__cplusplus) @@ -64,21 +66,40 @@ extern "C" { #endif +#if defined(OPENSSL_NO_THREADS) +typedef struct crypto_mutex_st {} CRYPTO_MUTEX; +#elif defined(OPENSSL_WINDOWS) +/* CRYPTO_MUTEX can appear in public header files so we really don't want to + * pull in windows.h. It's statically asserted that this structure is large + * enough to contain a Windows CRITICAL_SECTION by thread_win.c. */ +typedef union crypto_mutex_st { + double alignment; + uint8_t padding[4*sizeof(void*) + 2*sizeof(int)]; +} CRYPTO_MUTEX; +#elif defined(__MACH__) && defined(__APPLE__) +typedef pthread_rwlock_t CRYPTO_MUTEX; +#else +/* It is reasonable to include pthread.h on non-Windows systems, however the + * |pthread_rwlock_t| that we need is hidden under feature flags, and we can't + * ensure that we'll be able to get it. It's statically asserted that this + * structure is large enough to contain a |pthread_rwlock_t| by + * thread_pthread.c. */ +typedef union crypto_mutex_st { + double alignment; + uint8_t padding[3*sizeof(int) + 5*sizeof(unsigned) + 16 + 8]; +} CRYPTO_MUTEX; +#endif + + /* Functions to support multithreading. * * OpenSSL can safely be used in multi-threaded applications provided that at - * least two callback functions are set with |CRYPTO_set_locking_callback| and - * |CRYPTO_THREADID_set_callback|. + * least |CRYPTO_set_locking_callback| is set. * * The locking callback performs mutual exclusion. Rather than using a single * lock for all, shared data-structures, OpenSSL requires that the locking * callback support a fixed (at run-time) number of different locks, given by - * |CRYPTO_num_locks|. - * - * The thread ID callback is called to record the currently executing thread's - * identifier in a |CRYPTO_THREADID| structure. If this callback is not - * provided then the address of |errno| is used as the thread identifier. This - * is sufficient only if the system has a thread-local |errno| value. */ + * |CRYPTO_num_locks|. */ /* CRYPTO_num_locks returns the number of static locks that the callback @@ -116,27 +137,22 @@ OPENSSL_EXPORT void CRYPTO_set_add_lock_callback(int (*func)( OPENSSL_EXPORT const char *CRYPTO_get_lock_name(int lock_num); -/* CRYPTO_THREADID identifies a thread in a multithreaded program. This - * structure should not be used directly. Rather applications should use - * |CRYPTO_THREADID_set_numeric| and |CRYPTO_THREADID_set_pointer|. */ -typedef struct crypto_threadid_st { - void *ptr; - unsigned long val; -} CRYPTO_THREADID; - -/* CRYPTO_THREADID_set_callback sets a callback function that stores an - * identifier of the currently executing thread into |threadid|. The - * CRYPTO_THREADID structure should not be accessed directly. Rather one of - * |CRYPTO_THREADID_set_numeric| or |CRYPTO_THREADID_set_pointer| should be - * used depending on whether thread IDs are numbers or pointers on the host - * system. */ +/* Deprecated functions */ + +/* CRYPTO_THREADID_set_callback does nothing. */ OPENSSL_EXPORT int CRYPTO_THREADID_set_callback( void (*threadid_func)(CRYPTO_THREADID *threadid)); +/* CRYPTO_THREADID_set_numeric does nothing. */ OPENSSL_EXPORT void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val); + +/* CRYPTO_THREADID_set_pointer does nothing. */ OPENSSL_EXPORT void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr); +/* CRYPTO_THREADID_current does nothing. */ +OPENSSL_EXPORT void CRYPTO_THREADID_current(CRYPTO_THREADID *id); + /* Private functions: */ @@ -158,70 +174,43 @@ OPENSSL_EXPORT void CRYPTO_lock(int mode, int lock_num, const char *file, /* CRYPTO_add_lock adds |amount| to |*pointer|, protected by the lock specified * by |lock_num|. It returns the new value of |*pointer|. Don't call this - * function directly, rather use the |CRYPTO_add_lock| macro. - * - * TODO(fork): rename to CRYPTO_add_locked. */ + * function directly, rather use the |CRYPTO_add| macro. */ OPENSSL_EXPORT int CRYPTO_add_lock(int *pointer, int amount, int lock_num, const char *file, int line); - -/* CRYPTO_THREADID_current stores the current thread identifier in |id|. */ -OPENSSL_EXPORT void CRYPTO_THREADID_current(CRYPTO_THREADID *id); - -/* CRYPTO_THREADID_cmp returns < 0, 0 or > 0 if |a| is less than, equal to or - * greater than |b|, respectively. */ -int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b); - -/* CRYPTO_THREADID_cpy sets |*dest| equal to |*src|. */ -void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src); - -/* CRYPTO_THREADID_hash returns a hash of the numeric value of |id|. */ -uint32_t CRYPTO_THREADID_hash(const CRYPTO_THREADID *id); - -/* These are the locks used by OpenSSL. These values should match up with the - * table in thread.c. */ -#define CRYPTO_LOCK_ERR 1 -#define CRYPTO_LOCK_EX_DATA 2 -#define CRYPTO_LOCK_X509 3 -#define CRYPTO_LOCK_X509_INFO 4 -#define CRYPTO_LOCK_X509_PKEY 5 -#define CRYPTO_LOCK_X509_CRL 6 -#define CRYPTO_LOCK_X509_REQ 7 -#define CRYPTO_LOCK_DSA 8 -#define CRYPTO_LOCK_RSA 9 -#define CRYPTO_LOCK_EVP_PKEY 10 -#define CRYPTO_LOCK_X509_STORE 11 -#define CRYPTO_LOCK_SSL_CTX 12 -#define CRYPTO_LOCK_SSL_CERT 13 -#define CRYPTO_LOCK_SSL_SESSION 14 -#define CRYPTO_LOCK_SSL_SESS_CERT 15 -#define CRYPTO_LOCK_SSL 16 -#define CRYPTO_LOCK_SSL_METHOD 17 -#define CRYPTO_LOCK_RAND 18 -#define CRYPTO_LOCK_RAND2 19 -#define CRYPTO_LOCK_MALLOC 20 -#define CRYPTO_LOCK_BIO 21 -#define CRYPTO_LOCK_GETHOSTBYNAME 22 -#define CRYPTO_LOCK_GETSERVBYNAME 23 -#define CRYPTO_LOCK_READDIR 24 -#define CRYPTO_LOCK_RSA_BLINDING 25 -#define CRYPTO_LOCK_DH 26 -#define CRYPTO_LOCK_MALLOC2 27 -#define CRYPTO_LOCK_DSO 28 -#define CRYPTO_LOCK_DYNLOCK 29 -#define CRYPTO_LOCK_ENGINE 30 -#define CRYPTO_LOCK_UI 31 -#define CRYPTO_LOCK_ECDSA 32 -#define CRYPTO_LOCK_EC 33 -#define CRYPTO_LOCK_ECDH 34 -#define CRYPTO_LOCK_BN 35 -#define CRYPTO_LOCK_EC_PRE_COMP 36 -#define CRYPTO_LOCK_STORE 37 -#define CRYPTO_LOCK_COMP 38 -#define CRYPTO_LOCK_FIPS 39 -#define CRYPTO_LOCK_FIPS2 40 -#define CRYPTO_LOCK_OBJ 40 -#define CRYPTO_NUM_LOCKS 42 +/* Lock IDs start from 1. CRYPTO_LOCK_INVALID_LOCK is an unused placeholder + * used to ensure no lock has ID 0. */ +#define CRYPTO_LOCK_LIST \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_INVALID_LOCK), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_BIO), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_DH), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_DSA), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_EC), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_EC_PRE_COMP), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_ERR), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_EVP_PKEY), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_EX_DATA), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_OBJ), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_RAND), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_READDIR), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_RSA), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_RSA_BLINDING), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_SSL_CTX), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_SSL_SESSION), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_X509), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_X509_INFO), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_X509_PKEY), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_X509_CRL), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_X509_REQ), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_X509_STORE), \ + +#define CRYPTO_LOCK_ITEM(x) x + +enum { + CRYPTO_LOCK_LIST +}; + +#undef CRYPTO_LOCK_ITEM #define CRYPTO_LOCK 1 #define CRYPTO_UNLOCK 2 diff --git a/src/include/openssl/time_support.h b/src/include/openssl/time_support.h index d03a99d..912e672 100644 --- a/src/include/openssl/time_support.h +++ b/src/include/openssl/time_support.h @@ -60,7 +60,6 @@ #include -#include #if defined(__cplusplus) extern "C" { diff --git a/src/include/openssl/tls1.h b/src/include/openssl/tls1.h index 95731ff..e085e15 100644 --- a/src/include/openssl/tls1.h +++ b/src/include/openssl/tls1.h @@ -161,24 +161,6 @@ extern "C" { #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 -#define TLS1_2_VERSION 0x0303 -#define TLS1_2_VERSION_MAJOR 0x03 -#define TLS1_2_VERSION_MINOR 0x03 - -#define TLS1_1_VERSION 0x0302 -#define TLS1_1_VERSION_MAJOR 0x03 -#define TLS1_1_VERSION_MINOR 0x02 - -#define TLS1_VERSION 0x0301 -#define TLS1_VERSION_MAJOR 0x03 -#define TLS1_VERSION_MINOR 0x01 - -#define TLS1_get_version(s) \ - ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0) - -#define TLS1_get_client_version(s) \ - ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0) - #define TLS1_AD_DECRYPTION_FAILED 21 #define TLS1_AD_RECORD_OVERFLOW 22 #define TLS1_AD_UNKNOWN_CA 48 /* fatal */ @@ -298,16 +280,16 @@ extern "C" { OPENSSL_EXPORT const char *SSL_get_servername(const SSL *s, const int type); OPENSSL_EXPORT int SSL_get_servername_type(const SSL *s); -/* SSL_export_keying_material exports a value derived from the master secret, - * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and + +/* SSL_export_keying_material exports a value derived from the master secret, as + * specified in RFC 5705. It writes |out_len| bytes to |out| given a label and * optional context. (Since a zero length context is allowed, the |use_context| * flag controls whether a context is included.) * - * It returns 1 on success and zero otherwise. */ -OPENSSL_EXPORT int SSL_export_keying_material(SSL *s, uint8_t *out, size_t olen, - const char *label, size_t llen, - const uint8_t *p, size_t plen, - int use_context); + * It returns one on success and zero otherwise. */ +OPENSSL_EXPORT int SSL_export_keying_material( + SSL *s, uint8_t *out, size_t out_len, const char *label, size_t label_len, + const uint8_t *context, size_t context_len, int use_context); OPENSSL_EXPORT int SSL_get_sigalgs(SSL *s, int idx, int *psign, int *phash, int *psignandhash, uint8_t *rsig, @@ -317,44 +299,61 @@ OPENSSL_EXPORT int SSL_get_shared_sigalgs(SSL *s, int idx, int *psign, int *phash, int *psignandhash, uint8_t *rsig, uint8_t *rhash); -#define SSL_set_tlsext_host_name(s, name) \ - SSL_ctrl(s, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, \ - (char *)name) - -#define SSL_set_tlsext_debug_callback(ssl, cb) \ - SSL_callback_ctrl(ssl, SSL_CTRL_SET_TLSEXT_DEBUG_CB, (void (*)(void))cb) - -#define SSL_set_tlsext_debug_arg(ssl, arg) \ - SSL_ctrl(ssl, SSL_CTRL_SET_TLSEXT_DEBUG_ARG, 0, (void *)arg) +/* SSL_set_tlsext_host_name, for a client, configures |ssl| to advertise |name| + * in the server_name extension. It returns one on success and zero on error. */ +OPENSSL_EXPORT int SSL_set_tlsext_host_name(SSL *ssl, const char *name); -#define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ - SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TLSEXT_SERVERNAME_CB, \ - (void (*)(void))cb) +/* SSL_CTX_set_tlsext_servername_callback configures |callback| to be called on + * the server after ClientHello extensions have been parsed and returns one. + * |callback| may use |SSL_get_servername| to examine the server_name extension + * and return a |SSL_TLSEXT_ERR_*| value. If it returns |SSL_TLSEXT_ERR_NOACK|, + * the server_name extension is not acknowledged in the ServerHello. If the + * return value signals an alert, |callback| should set |*out_alert| to the + * alert to send. */ +OPENSSL_EXPORT int SSL_CTX_set_tlsext_servername_callback( + SSL_CTX *ctx, int (*callback)(SSL *ssl, int *out_alert, void *arg)); #define SSL_TLSEXT_ERR_OK 0 #define SSL_TLSEXT_ERR_ALERT_WARNING 1 #define SSL_TLSEXT_ERR_ALERT_FATAL 2 #define SSL_TLSEXT_ERR_NOACK 3 -#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG, 0, (void *)arg) +/* SSL_CTX_set_tlsext_servername_arg sets the argument to the servername + * callback and returns one. See |SSL_CTX_set_tlsext_servername_callback|. */ +OPENSSL_EXPORT int SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg); #define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ SSL_CTX_ctrl((ctx), SSL_CTRL_GET_TLSEXT_TICKET_KEYS, (keylen), (keys)) #define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ SSL_CTX_ctrl((ctx), SSL_CTRL_SET_TLSEXT_TICKET_KEYS, (keylen), (keys)) -#define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ - SSL_CTX_callback_ctrl(ssl, SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB, \ - (void (*)(void))cb) - -#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ - SSL_CTX_ctrl(ssl, SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG, 0, (void *)arg) - -#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ - SSL_CTX_callback_ctrl(ssl, SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB, \ - (void (*)(void))cb) - +/* SSL_CTX_set_tlsext_ticket_key_cb sets the ticket callback to |callback| and + * returns one. |callback| will be called when encrypting a new ticket and when + * decrypting a ticket from the client. + * + * In both modes, |ctx| and |hmac_ctx| will already have been initialized with + * |EVP_CIPHER_CTX_init| and |HMAC_CTX_init|, respectively. |callback| + * configures |hmac_ctx| with an HMAC digest and key, and configures |ctx| + * for encryption or decryption, based on the mode. + * + * When encrypting a new ticket, |encrypt| will be one. It writes a public + * 16-byte key name to |key_name| and a fresh IV to |iv|. The output IV length + * must match |EVP_CIPHER_CTX_iv_length| of the cipher selected. In this mode, + * |callback| returns 1 on success and -1 on error. + * + * When decrypting a ticket, |encrypt| will be zero. |key_name| will point to a + * 16-byte key name and |iv| points to an IV. The length of the IV consumed must + * match |EVP_CIPHER_CTX_iv_length| of the cipher selected. In this mode, + * |callback| returns -1 to abort the handshake, 0 if decrypting the ticket + * failed, and 1 or 2 on success. If it returns 2, the ticket will be renewed. + * This may be used to re-key the ticket. + * + * WARNING: |callback| wildly breaks the usual return value convention and is + * called in two different modes. */ +OPENSSL_EXPORT int SSL_CTX_set_tlsext_ticket_key_cb( + SSL_CTX *ctx, int (*callback)(SSL *ssl, uint8_t *key_name, uint8_t *iv, + EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx, + int encrypt)); /* PSK ciphersuites from 4279 */ #define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A @@ -689,8 +688,6 @@ OPENSSL_EXPORT int SSL_get_shared_sigalgs(SSL *s, int idx, int *psign, #define TLS_CT_RSA_FIXED_ECDH 65 #define TLS_CT_ECDSA_FIXED_ECDH 66 -#define TLS1_FINISH_MAC_LENGTH 12 - #define TLS_MD_MAX_CONST_SIZE 20 #define TLS_MD_CLIENT_FINISH_CONST "client finished" #define TLS_MD_CLIENT_FINISH_CONST_SIZE 15 diff --git a/src/include/openssl/x509.h b/src/include/openssl/x509.h index 2a79887..ef1d7fb 100644 --- a/src/include/openssl/x509.h +++ b/src/include/openssl/x509.h @@ -748,8 +748,6 @@ DECLARE_ASN1_FUNCTIONS(X509_PUBKEY) OPENSSL_EXPORT int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); OPENSSL_EXPORT EVP_PKEY * X509_PUBKEY_get(X509_PUBKEY *key); -OPENSSL_EXPORT int X509_get_pubkey_parameters(EVP_PKEY *pkey, - STACK_OF(X509) *chain); OPENSSL_EXPORT int i2d_PUBKEY(const EVP_PKEY *a,unsigned char **pp); OPENSSL_EXPORT EVP_PKEY * d2i_PUBKEY(EVP_PKEY **a,const unsigned char **pp, long length); @@ -1221,112 +1219,101 @@ OPENSSL_EXPORT int PKCS7_get_PEM_CRLs(STACK_OF(X509_CRL) *out_crls, } #endif -#define X509_F_x509_name_ex_new 100 -#define X509_F_X509_EXTENSION_create_by_NID 101 -#define X509_F_X509_load_crl_file 102 -#define X509_F_X509_TRUST_set 103 -#define X509_F_X509_EXTENSION_create_by_OBJ 104 -#define X509_F_by_file_ctrl 105 -#define X509_F_X509_load_cert_crl_file 106 -#define X509_F_X509_CRL_add0_revoked 107 -#define X509_F_bitstr_cb 108 -#define X509_F_X509_STORE_CTX_new 109 -#define X509_F_X509_REQ_to_X509 110 -#define X509_F_X509v3_add_ext 111 -#define X509_F_ASN1_sign 112 -#define X509_F_asn1_str2type 113 -#define X509_F_i2d_RSA_PUBKEY 114 -#define X509_F_ASN1_item_sign_ctx 115 -#define X509_F_x509_name_encode 116 -#define X509_F_d2i_X509_PKEY 117 -#define X509_F_ASN1_generate_v3 118 -#define X509_F_dir_ctrl 119 -#define X509_F_X509_print_ex_fp 120 -#define X509_F_X509_ATTRIBUTE_get0_data 121 -#define X509_F_X509_NAME_oneline 122 -#define X509_F_X509_CRL_print_fp 123 -#define X509_F_X509_STORE_CTX_get1_issuer 124 -#define X509_F_add_cert_dir 125 -#define X509_F_PKCS7_get_certificates 126 -#define X509_F_X509_ATTRIBUTE_create_by_NID 127 -#define X509_F_X509_ATTRIBUTE_set1_data 128 +#define X509_F_ASN1_digest 100 +#define X509_F_ASN1_item_sign_ctx 101 +#define X509_F_ASN1_item_verify 102 +#define X509_F_NETSCAPE_SPKI_b64_decode 103 +#define X509_F_NETSCAPE_SPKI_b64_encode 104 +#define X509_F_PKCS7_get_certificates 105 +#define X509_F_X509_ATTRIBUTE_create_by_NID 106 +#define X509_F_X509_ATTRIBUTE_create_by_OBJ 107 +#define X509_F_X509_ATTRIBUTE_create_by_txt 108 +#define X509_F_X509_ATTRIBUTE_get0_data 109 +#define X509_F_X509_ATTRIBUTE_set1_data 110 +#define X509_F_X509_CRL_add0_revoked 111 +#define X509_F_X509_CRL_diff 112 +#define X509_F_X509_CRL_print_fp 113 +#define X509_F_X509_EXTENSION_create_by_NID 114 +#define X509_F_X509_EXTENSION_create_by_OBJ 115 +#define X509_F_X509_INFO_new 116 +#define X509_F_X509_NAME_ENTRY_create_by_NID 117 +#define X509_F_X509_NAME_ENTRY_create_by_txt 118 +#define X509_F_X509_NAME_ENTRY_set_object 119 +#define X509_F_X509_NAME_add_entry 120 +#define X509_F_X509_NAME_oneline 121 +#define X509_F_X509_NAME_print 122 +#define X509_F_X509_PKEY_new 123 +#define X509_F_X509_PUBKEY_get 124 +#define X509_F_X509_PUBKEY_set 125 +#define X509_F_X509_REQ_check_private_key 126 +#define X509_F_X509_REQ_to_X509 127 +#define X509_F_X509_STORE_CTX_get1_issuer 128 #define X509_F_X509_STORE_CTX_init 129 -#define X509_F_NETSCAPE_SPKI_b64_decode 130 -#define X509_F_X509_NAME_print 131 -#define X509_F_x509_name_ex_d2i 132 -#define X509_F_X509_PKEY_new 133 -#define X509_F_X509_STORE_add_cert 134 -#define X509_F_parse_tagging 135 -#define X509_F_check_policy 136 -#define X509_F_ASN1_digest 137 -#define X509_F_X509_load_cert_file 138 -#define X509_F_X509_ATTRIBUTE_create_by_txt 139 -#define X509_F_X509_PUBKEY_set 140 -#define X509_F_X509_PUBKEY_get 141 -#define X509_F_get_cert_by_subject 142 -#define X509_F_X509_NAME_add_entry 143 +#define X509_F_X509_STORE_CTX_new 130 +#define X509_F_X509_STORE_CTX_purpose_inherit 131 +#define X509_F_X509_STORE_add_cert 132 +#define X509_F_X509_STORE_add_crl 133 +#define X509_F_X509_TRUST_add 134 +#define X509_F_X509_TRUST_set 135 +#define X509_F_X509_check_private_key 136 +#define X509_F_X509_get_pubkey_parameters 137 +#define X509_F_X509_load_cert_crl_file 138 +#define X509_F_X509_load_cert_file 139 +#define X509_F_X509_load_crl_file 140 +#define X509_F_X509_print_ex_fp 141 +#define X509_F_X509_to_X509_REQ 142 +#define X509_F_X509_verify_cert 143 #define X509_F_X509at_add1_attr 144 -#define X509_F_X509_check_private_key 145 -#define X509_F_append_exp 146 -#define X509_F_i2d_EC_PUBKEY 147 -#define X509_F_X509_INFO_new 148 -#define X509_F_X509_STORE_CTX_purpose_inherit 149 -#define X509_F_NETSCAPE_SPKI_b64_encode 150 -#define X509_F_X509_to_X509_REQ 151 -#define X509_F_X509_NAME_ENTRY_create_by_txt 152 -#define X509_F_X509_NAME_ENTRY_set_object 153 -#define X509_F_asn1_cb 154 -#define X509_F_X509_verify_cert 155 -#define X509_F_X509_CRL_diff 156 -#define X509_F_i2d_PrivateKey 157 -#define X509_F_X509_REQ_check_private_key 158 -#define X509_F_X509_STORE_add_crl 159 -#define X509_F_X509_get_pubkey_parameters 160 -#define X509_F_ASN1_item_verify 161 -#define X509_F_X509_ATTRIBUTE_create_by_OBJ 162 -#define X509_F_i2d_DSA_PUBKEY 163 -#define X509_F_X509_TRUST_add 164 -#define X509_F_X509_NAME_ENTRY_create_by_NID 165 -#define X509_F_PKCS7_get_CRLs 166 -#define X509_F_pkcs7_parse_header 167 -#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 100 -#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 101 -#define X509_R_METHOD_NOT_SUPPORTED 102 -#define X509_R_UNSUPPORTED_ALGORITHM 103 -#define X509_R_CRL_VERIFY_FAILURE 104 -#define X509_R_BASE64_DECODE_ERROR 105 -#define X509_R_INVALID_TRUST 106 -#define X509_R_UNKNOWN_NID 107 -#define X509_R_INVALID_DIRECTORY 108 -#define X509_R_KEY_VALUES_MISMATCH 109 -#define X509_R_CERT_ALREADY_IN_HASH_TABLE 110 -#define X509_R_PUBLIC_KEY_DECODE_ERROR 111 -#define X509_R_NOT_PKCS7_SIGNED_DATA 112 -#define X509_R_PUBLIC_KEY_ENCODE_ERROR 113 -#define X509_R_LOADING_CERT_DIR 114 -#define X509_R_WRONG_TYPE 115 -#define X509_R_UNKNOWN_PURPOSE_ID 116 -#define X509_R_NEWER_CRL_NOT_NEWER 117 -#define X509_R_UNKNOWN_TRUST_ID 118 -#define X509_R_KEY_TYPE_MISMATCH 120 -#define X509_R_UNKNOWN_KEY_TYPE 121 -#define X509_R_BAD_X509_FILETYPE 122 -#define X509_R_ISSUER_MISMATCH 123 -#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 124 -#define X509_R_WRONG_LOOKUP_TYPE 125 -#define X509_R_CONTEXT_NOT_INITIALISED 126 -#define X509_R_CANT_CHECK_DH_KEY 127 -#define X509_R_NO_CERTIFICATES_INCLUDED 128 -#define X509_R_INVALID_FIELD_NAME 129 -#define X509_R_SHOULD_RETRY 130 -#define X509_R_NO_CRL_NUMBER 131 -#define X509_R_IDP_MISMATCH 132 -#define X509_R_LOADING_DEFAULTS 133 -#define X509_R_BAD_PKCS7_VERSION 134 -#define X509_R_CRL_ALREADY_DELTA 135 -#define X509_R_ERR_ASN1_LIB 136 -#define X509_R_AKID_MISMATCH 137 -#define X509_R_INVALID_BIT_STRING_BITS_LEFT 138 -#define X509_R_NO_CRLS_INCLUDED 139 +#define X509_F_X509v3_add_ext 145 +#define X509_F_add_cert_dir 146 +#define X509_F_by_file_ctrl 147 +#define X509_F_check_policy 148 +#define X509_F_dir_ctrl 149 +#define X509_F_get_cert_by_subject 150 +#define X509_F_i2d_DSA_PUBKEY 151 +#define X509_F_i2d_EC_PUBKEY 152 +#define X509_F_i2d_RSA_PUBKEY 153 +#define X509_F_x509_name_encode 154 +#define X509_F_x509_name_ex_d2i 155 +#define X509_F_x509_name_ex_new 156 +#define X509_F_pkcs7_parse_header 157 +#define X509_F_PKCS7_get_CRLs 158 +#define X509_R_AKID_MISMATCH 100 +#define X509_R_BAD_PKCS7_VERSION 101 +#define X509_R_BAD_X509_FILETYPE 102 +#define X509_R_BASE64_DECODE_ERROR 103 +#define X509_R_CANT_CHECK_DH_KEY 104 +#define X509_R_CERT_ALREADY_IN_HASH_TABLE 105 +#define X509_R_CRL_ALREADY_DELTA 106 +#define X509_R_CRL_VERIFY_FAILURE 107 +#define X509_R_IDP_MISMATCH 108 +#define X509_R_INVALID_BIT_STRING_BITS_LEFT 109 +#define X509_R_INVALID_DIRECTORY 110 +#define X509_R_INVALID_FIELD_NAME 111 +#define X509_R_INVALID_TRUST 112 +#define X509_R_ISSUER_MISMATCH 113 +#define X509_R_KEY_TYPE_MISMATCH 114 +#define X509_R_KEY_VALUES_MISMATCH 115 +#define X509_R_LOADING_CERT_DIR 116 +#define X509_R_LOADING_DEFAULTS 117 +#define X509_R_METHOD_NOT_SUPPORTED 118 +#define X509_R_NEWER_CRL_NOT_NEWER 119 +#define X509_R_NOT_PKCS7_SIGNED_DATA 120 +#define X509_R_NO_CERTIFICATES_INCLUDED 121 +#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 122 +#define X509_R_NO_CRL_NUMBER 123 +#define X509_R_PUBLIC_KEY_DECODE_ERROR 124 +#define X509_R_PUBLIC_KEY_ENCODE_ERROR 125 +#define X509_R_SHOULD_RETRY 126 +#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 127 +#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 128 +#define X509_R_UNKNOWN_KEY_TYPE 129 +#define X509_R_UNKNOWN_NID 130 +#define X509_R_UNKNOWN_PURPOSE_ID 131 +#define X509_R_UNKNOWN_TRUST_ID 132 +#define X509_R_UNSUPPORTED_ALGORITHM 133 +#define X509_R_WRONG_LOOKUP_TYPE 134 +#define X509_R_WRONG_TYPE 135 +#define X509_R_NO_CRLS_INCLUDED 136 #endif diff --git a/src/include/openssl/x509_vfy.h b/src/include/openssl/x509_vfy.h index c65bfde..299cad7 100644 --- a/src/include/openssl/x509_vfy.h +++ b/src/include/openssl/x509_vfy.h @@ -202,7 +202,6 @@ struct x509_store_st STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm); int (*cleanup)(X509_STORE_CTX *ctx); - CRYPTO_EX_DATA ex_data; int references; } /* X509_STORE */; @@ -554,11 +553,15 @@ OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, STACK_OF(ASN1_OBJECT) *policies); OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, - const unsigned char *name, size_t namelen); + const char *name, size_t namelen); +OPENSSL_EXPORT int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, + const char *name, + size_t namelen); OPENSSL_EXPORT void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, unsigned int flags); +OPENSSL_EXPORT char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *); OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, - const unsigned char *email, size_t emaillen); + const char *email, size_t emaillen); OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, const unsigned char *ip, size_t iplen); OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc); diff --git a/src/include/openssl/x509v3.h b/src/include/openssl/x509v3.h index c891022..5caa5c1 100644 --- a/src/include/openssl/x509v3.h +++ b/src/include/openssl/x509v3.h @@ -607,14 +607,6 @@ OPENSSL_EXPORT int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *secti OPENSSL_EXPORT int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req); OPENSSL_EXPORT int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl); -OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - int ext_nid, char *value); -OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - char *name, char *value); -OPENSSL_EXPORT int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - char *section, X509 *cert); -OPENSSL_EXPORT int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - char *section, X509_REQ *req); OPENSSL_EXPORT int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl); @@ -623,7 +615,6 @@ OPENSSL_EXPORT int X509V3_add_value_bool_nf(char *name, int asn1_bool, OPENSSL_EXPORT int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool); OPENSSL_EXPORT int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint); OPENSSL_EXPORT void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf); -OPENSSL_EXPORT void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash); OPENSSL_EXPORT char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section); OPENSSL_EXPORT STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section); @@ -713,9 +704,9 @@ OPENSSL_EXPORT STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x); */ #define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000 -OPENSSL_EXPORT int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen, - unsigned int flags); -OPENSSL_EXPORT int X509_check_email(X509 *x, const unsigned char *chk, size_t chklen, +OPENSSL_EXPORT int X509_check_host(X509 *x, const char *chk, size_t chklen, + unsigned int flags, char **peername); +OPENSSL_EXPORT int X509_check_email(X509 *x, const char *chk, size_t chklen, unsigned int flags); OPENSSL_EXPORT int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen, unsigned int flags); @@ -740,131 +731,125 @@ void ERR_load_X509V3_strings(void); #ifdef __cplusplus } #endif -#define X509V3_F_do_ext_i2d 100 -#define X509V3_F_v2i_AUTHORITY_KEYID 101 -#define X509V3_F_X509V3_parse_list 102 -#define X509V3_F_SXNET_add_id_asc 103 +#define X509V3_F_SXNET_add_id_INTEGER 100 +#define X509V3_F_SXNET_add_id_asc 101 +#define X509V3_F_SXNET_add_id_ulong 102 +#define X509V3_F_SXNET_get_id_asc 103 #define X509V3_F_SXNET_get_id_ulong 104 -#define X509V3_F_v2i_AUTHORITY_INFO_ACCESS 105 -#define X509V3_F_X509V3_EXT_add 106 -#define X509V3_F_i2s_ASN1_INTEGER 107 -#define X509V3_F_s2i_ASN1_OCTET_STRING 108 -#define X509V3_F_copy_issuer 109 -#define X509V3_F_v2i_subject_alt 110 -#define X509V3_F_copy_email 111 -#define X509V3_F_X509V3_EXT_i2d 112 -#define X509V3_F_v2i_crld 113 -#define X509V3_F_policy_section 114 -#define X509V3_F_a2i_GENERAL_NAME 115 -#define X509V3_F_hex_to_string 116 -#define X509V3_F_i2s_ASN1_IA5STRING 117 -#define X509V3_F_string_to_hex 118 -#define X509V3_F_v3_generic_extension 119 -#define X509V3_F_X509V3_get_section 120 -#define X509V3_F_s2i_skey_id 121 -#define X509V3_F_nref_nos 122 -#define X509V3_F_X509V3_get_value_bool 123 -#define X509V3_F_v2i_NAME_CONSTRAINTS 124 -#define X509V3_F_v2i_POLICY_MAPPINGS 125 -#define X509V3_F_v2i_GENERAL_NAMES 126 -#define X509V3_F_do_dirname 127 -#define X509V3_F_v2i_ASN1_BIT_STRING 128 -#define X509V3_F_SXNET_add_id_ulong 129 -#define X509V3_F_X509V3_EXT_add_alias 130 -#define X509V3_F_X509V3_add1_i2d 131 -#define X509V3_F_r2i_pci 132 -#define X509V3_F_X509V3_get_string 133 -#define X509V3_F_gnames_from_sectname 134 -#define X509V3_F_r2i_certpol 135 -#define X509V3_F_X509V3_add_value 136 +#define X509V3_F_X509V3_EXT_add 105 +#define X509V3_F_X509V3_EXT_add_alias 106 +#define X509V3_F_X509V3_EXT_free 107 +#define X509V3_F_X509V3_EXT_i2d 108 +#define X509V3_F_X509V3_EXT_nconf 109 +#define X509V3_F_X509V3_add1_i2d 110 +#define X509V3_F_X509V3_add_value 111 +#define X509V3_F_X509V3_get_section 112 +#define X509V3_F_X509V3_get_string 113 +#define X509V3_F_X509V3_get_value_bool 114 +#define X509V3_F_X509V3_parse_list 115 +#define X509V3_F_X509_PURPOSE_add 116 +#define X509V3_F_X509_PURPOSE_set 117 +#define X509V3_F_a2i_GENERAL_NAME 118 +#define X509V3_F_copy_email 119 +#define X509V3_F_copy_issuer 120 +#define X509V3_F_do_dirname 121 +#define X509V3_F_do_ext_i2d 122 +#define X509V3_F_do_ext_nconf 123 +#define X509V3_F_gnames_from_sectname 124 +#define X509V3_F_hex_to_string 125 +#define X509V3_F_i2s_ASN1_ENUMERATED 126 +#define X509V3_F_i2s_ASN1_IA5STRING 127 +#define X509V3_F_i2s_ASN1_INTEGER 128 +#define X509V3_F_i2v_AUTHORITY_INFO_ACCESS 129 +#define X509V3_F_notice_section 130 +#define X509V3_F_nref_nos 131 +#define X509V3_F_policy_section 132 +#define X509V3_F_process_pci_value 133 +#define X509V3_F_r2i_certpol 134 +#define X509V3_F_r2i_pci 135 +#define X509V3_F_s2i_ASN1_IA5STRING 136 #define X509V3_F_s2i_ASN1_INTEGER 137 -#define X509V3_F_v2i_issuer_alt 138 -#define X509V3_F_v2i_GENERAL_NAME_ex 139 -#define X509V3_F_X509V3_EXT_nconf 140 -#define X509V3_F_v2i_BASIC_CONSTRAINTS 141 -#define X509V3_F_process_pci_value 142 -#define X509V3_F_notice_section 143 -#define X509V3_F_X509_PURPOSE_set 144 -#define X509V3_F_do_ext_nconf 145 -#define X509V3_F_i2s_ASN1_ENUMERATED 146 -#define X509V3_F_s2i_ASN1_IA5STRING 147 -#define X509V3_F_v2i_POLICY_CONSTRAINTS 148 -#define X509V3_F_v2i_EXTENDED_KEY_USAGE 149 -#define X509V3_F_SXNET_get_id_asc 150 -#define X509V3_F_set_dist_point_name 151 -#define X509V3_F_v2i_idp 152 -#define X509V3_F_X509_PURPOSE_add 153 -#define X509V3_F_SXNET_add_id_INTEGER 154 -#define X509V3_F_i2v_AUTHORITY_INFO_ACCESS 155 -#define X509V3_F_X509V3_EXT_free 156 -#define X509V3_R_INVALID_BOOLEAN_STRING 100 -#define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED 101 -#define X509V3_R_INVALID_NAME 102 -#define X509V3_R_OPERATION_NOT_DEFINED 103 -#define X509V3_R_POLICY_PATH_LENGTH 104 -#define X509V3_R_INVALID_PROXY_POLICY_SETTING 105 -#define X509V3_R_INVALID_ASRANGE 106 -#define X509V3_R_ERROR_CREATING_EXTENSION 107 -#define X509V3_R_ISSUER_DECODE_ERROR 108 -#define X509V3_R_OTHERNAME_ERROR 109 -#define X509V3_R_ILLEGAL_HEX_DIGIT 110 -#define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 111 -#define X509V3_R_USER_TOO_LONG 112 -#define X509V3_R_INVALID_INHERITANCE 113 -#define X509V3_R_INVALID_SAFI 114 -#define X509V3_R_INVALID_NULL_VALUE 115 -#define X509V3_R_NO_SUBJECT_DETAILS 116 -#define X509V3_R_BAD_OBJECT 117 -#define X509V3_R_DIRNAME_ERROR 118 -#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 119 -#define X509V3_R_INVALID_EXTENSION_STRING 120 -#define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 121 -#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 122 -#define X509V3_R_INVALID_OPTION 123 -#define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 124 -#define X509V3_R_INVALID_POLICY_IDENTIFIER 125 -#define X509V3_R_INVALID_PURPOSE 126 -#define X509V3_R_UNKNOWN_EXTENSION 127 -#define X509V3_R_NO_ISSUER_CERTIFICATE 128 -#define X509V3_R_BN_DEC2BN_ERROR 129 -#define X509V3_R_EXPECTED_A_SECTION_NAME 130 -#define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED 131 -#define X509V3_R_MISSING_VALUE 132 -#define X509V3_R_SECTION_NOT_FOUND 133 -#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 134 -#define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED 135 -#define X509V3_R_ILLEGAL_EMPTY_EXTENSION 136 -#define X509V3_R_NO_POLICY_IDENTIFIER 137 -#define X509V3_R_NO_ISSUER_DETAILS 138 +#define X509V3_F_s2i_ASN1_OCTET_STRING 138 +#define X509V3_F_s2i_skey_id 139 +#define X509V3_F_set_dist_point_name 140 +#define X509V3_F_string_to_hex 141 +#define X509V3_F_v2i_ASN1_BIT_STRING 142 +#define X509V3_F_v2i_AUTHORITY_INFO_ACCESS 143 +#define X509V3_F_v2i_AUTHORITY_KEYID 144 +#define X509V3_F_v2i_BASIC_CONSTRAINTS 145 +#define X509V3_F_v2i_EXTENDED_KEY_USAGE 146 +#define X509V3_F_v2i_GENERAL_NAMES 147 +#define X509V3_F_v2i_GENERAL_NAME_ex 148 +#define X509V3_F_v2i_NAME_CONSTRAINTS 149 +#define X509V3_F_v2i_POLICY_CONSTRAINTS 150 +#define X509V3_F_v2i_POLICY_MAPPINGS 151 +#define X509V3_F_v2i_crld 152 +#define X509V3_F_v2i_idp 153 +#define X509V3_F_v2i_issuer_alt 154 +#define X509V3_F_v2i_subject_alt 155 +#define X509V3_F_v3_generic_extension 156 +#define X509V3_R_BAD_IP_ADDRESS 100 +#define X509V3_R_BAD_OBJECT 101 +#define X509V3_R_BN_DEC2BN_ERROR 102 +#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 103 +#define X509V3_R_CANNOT_FIND_FREE_FUNCTION 104 +#define X509V3_R_DIRNAME_ERROR 105 +#define X509V3_R_DISTPOINT_ALREADY_SET 106 +#define X509V3_R_DUPLICATE_ZONE_ID 107 +#define X509V3_R_ERROR_CONVERTING_ZONE 108 +#define X509V3_R_ERROR_CREATING_EXTENSION 109 +#define X509V3_R_ERROR_IN_EXTENSION 110 +#define X509V3_R_EXPECTED_A_SECTION_NAME 111 +#define X509V3_R_EXTENSION_EXISTS 112 +#define X509V3_R_EXTENSION_NAME_ERROR 113 +#define X509V3_R_EXTENSION_NOT_FOUND 114 +#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 115 +#define X509V3_R_EXTENSION_VALUE_ERROR 116 +#define X509V3_R_ILLEGAL_EMPTY_EXTENSION 117 +#define X509V3_R_ILLEGAL_HEX_DIGIT 118 +#define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 119 +#define X509V3_R_INVALID_BOOLEAN_STRING 120 +#define X509V3_R_INVALID_EXTENSION_STRING 121 +#define X509V3_R_INVALID_MULTIPLE_RDNS 122 +#define X509V3_R_INVALID_NAME 123 +#define X509V3_R_INVALID_NULL_ARGUMENT 124 +#define X509V3_R_INVALID_NULL_NAME 125 +#define X509V3_R_INVALID_NULL_VALUE 126 +#define X509V3_R_INVALID_NUMBER 127 +#define X509V3_R_INVALID_NUMBERS 128 +#define X509V3_R_INVALID_OBJECT_IDENTIFIER 129 +#define X509V3_R_INVALID_OPTION 130 +#define X509V3_R_INVALID_POLICY_IDENTIFIER 131 +#define X509V3_R_INVALID_PROXY_POLICY_SETTING 132 +#define X509V3_R_INVALID_PURPOSE 133 +#define X509V3_R_INVALID_SECTION 134 +#define X509V3_R_INVALID_SYNTAX 135 +#define X509V3_R_ISSUER_DECODE_ERROR 136 +#define X509V3_R_MISSING_VALUE 137 +#define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 138 #define X509V3_R_NO_CONFIG_DATABASE 139 -#define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 140 -#define X509V3_R_INVALID_SECTION 141 -#define X509V3_R_INVALID_IPADDRESS 142 -#define X509V3_R_EXTENSION_VALUE_ERROR 143 -#define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 144 -#define X509V3_R_INVALID_NULL_ARGUMENT 145 -#define X509V3_R_ERROR_IN_EXTENSION 146 -#define X509V3_R_INVALID_NULL_NAME 147 -#define X509V3_R_BAD_IP_ADDRESS 148 -#define X509V3_R_UNSUPPORTED_OPTION 149 -#define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 150 -#define X509V3_R_EXTENSION_EXISTS 151 -#define X509V3_R_UNKNOWN_OPTION 152 -#define X509V3_R_ERROR_CONVERTING_ZONE 153 -#define X509V3_R_NO_PUBLIC_KEY 154 -#define X509V3_R_INVALID_MULTIPLE_RDNS 155 -#define X509V3_R_INVALID_SYNTAX 156 -#define X509V3_R_UNKNOWN_EXTENSION_NAME 157 -#define X509V3_R_ODD_NUMBER_OF_DIGITS 158 -#define X509V3_R_DISTPOINT_ALREADY_SET 159 -#define X509V3_R_UNSUPPORTED_TYPE 160 -#define X509V3_R_EXTENSION_NAME_ERROR 161 -#define X509V3_R_INVALID_NUMBERS 162 -#define X509V3_R_INVALID_NUMBER 163 -#define X509V3_R_INVALID_OBJECT_IDENTIFIER 164 -#define X509V3_R_DUPLICATE_ZONE_ID 165 -#define X509V3_R_EXTENSION_NOT_FOUND 166 -#define X509V3_R_INVALID_ASNUMBER 167 -#define X509V3_R_CANNOT_FIND_FREE_FUNCTION 168 +#define X509V3_R_NO_ISSUER_CERTIFICATE 140 +#define X509V3_R_NO_ISSUER_DETAILS 141 +#define X509V3_R_NO_POLICY_IDENTIFIER 142 +#define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 143 +#define X509V3_R_NO_PUBLIC_KEY 144 +#define X509V3_R_NO_SUBJECT_DETAILS 145 +#define X509V3_R_ODD_NUMBER_OF_DIGITS 146 +#define X509V3_R_OPERATION_NOT_DEFINED 147 +#define X509V3_R_OTHERNAME_ERROR 148 +#define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED 149 +#define X509V3_R_POLICY_PATH_LENGTH 150 +#define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED 151 +#define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 152 +#define X509V3_R_SECTION_NOT_FOUND 153 +#define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 154 +#define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 155 +#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 156 +#define X509V3_R_UNKNOWN_EXTENSION 157 +#define X509V3_R_UNKNOWN_EXTENSION_NAME 158 +#define X509V3_R_UNKNOWN_OPTION 159 +#define X509V3_R_UNSUPPORTED_OPTION 160 +#define X509V3_R_UNSUPPORTED_TYPE 161 +#define X509V3_R_USER_TOO_LONG 162 #endif diff --git a/src/ssl/CMakeLists.txt b/src/ssl/CMakeLists.txt index 91bd5ea..9cc6de4 100644 --- a/src/ssl/CMakeLists.txt +++ b/src/ssl/CMakeLists.txt @@ -22,8 +22,7 @@ add_library( ssl_algs.c ssl_asn1.c ssl_cert.c - ssl_ciph.c - ssl_error.c + ssl_cipher.c ssl_lib.c ssl_rsa.c ssl_sess.c @@ -39,7 +38,7 @@ add_library( add_executable( ssl_test - ssl_test.c + ssl_test.cc ) target_link_libraries(ssl_test ssl crypto) diff --git a/src/ssl/d1_both.c b/src/ssl/d1_both.c index 5edc93f..662f518 100644 --- a/src/ssl/d1_both.c +++ b/src/ssl/d1_both.c @@ -124,44 +124,8 @@ #include #include -#include "ssl_locl.h" - -#define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8) - -#define RSMBLY_BITMASK_MARK(bitmask, start, end) \ - { \ - if ((end) - (start) <= 8) { \ - long ii; \ - for (ii = (start); ii < (end); ii++) \ - bitmask[((ii) >> 3)] |= (1 << ((ii)&7)); \ - } else { \ - long ii; \ - bitmask[((start) >> 3)] |= bitmask_start_values[((start)&7)]; \ - for (ii = (((start) >> 3) + 1); ii < ((((end)-1)) >> 3); ii++) \ - bitmask[ii] = 0xff; \ - bitmask[(((end)-1) >> 3)] |= bitmask_end_values[((end)&7)]; \ - } \ - } - -#define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) \ - { \ - long ii; \ - assert((msg_len) > 0); \ - is_complete = 1; \ - if (bitmask[(((msg_len)-1) >> 3)] != bitmask_end_values[((msg_len)&7)]) \ - is_complete = 0; \ - if (is_complete) \ - for (ii = (((msg_len)-1) >> 3) - 1; ii >= 0; ii--) \ - if (bitmask[ii] != 0xff) { \ - is_complete = 0; \ - break; \ - } \ - } +#include "internal.h" -static const uint8_t bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, - 0xf0, 0xe0, 0xc0, 0x80}; -static const uint8_t bitmask_end_values[] = {0xff, 0x01, 0x03, 0x07, - 0x0f, 0x1f, 0x3f, 0x7f}; /* TODO(davidben): 28 comes from the size of IP + UDP header. Is this reasonable * for these values? Notably, why is kMinMTU a function of the transport @@ -175,25 +139,30 @@ static const unsigned int kMinMTU = 256 - 28; * the underlying BIO supplies one. */ static const unsigned int kDefaultMTU = 1500 - 28; +/* kMaxHandshakeBuffer is the maximum number of handshake messages ahead of the + * current one to buffer. */ +static const unsigned int kHandshakeBufferSize = 10; + static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len); static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p); -static long dtls1_get_message_fragment(SSL *s, int stn, long max, int *ok); static hm_fragment *dtls1_hm_fragment_new(unsigned long frag_len, int reassembly) { hm_fragment *frag = NULL; - unsigned char *buf = NULL; - unsigned char *bitmask = NULL; + uint8_t *buf = NULL; + uint8_t *bitmask = NULL; frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment)); if (frag == NULL) { + OPENSSL_PUT_ERROR(SSL, dtls1_hm_fragment_new, ERR_R_MALLOC_FAILURE); return NULL; } if (frag_len) { - buf = (unsigned char *)OPENSSL_malloc(frag_len); + buf = (uint8_t *)OPENSSL_malloc(frag_len); if (buf == NULL) { + OPENSSL_PUT_ERROR(SSL, dtls1_hm_fragment_new, ERR_R_MALLOC_FAILURE); OPENSSL_free(frag); return NULL; } @@ -203,16 +172,22 @@ static hm_fragment *dtls1_hm_fragment_new(unsigned long frag_len, frag->fragment = buf; /* Initialize reassembly bitmask if necessary */ - if (reassembly) { - bitmask = (unsigned char *)OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len)); + if (reassembly && frag_len > 0) { + if (frag_len + 7 < frag_len) { + OPENSSL_PUT_ERROR(SSL, dtls1_hm_fragment_new, ERR_R_OVERFLOW); + return NULL; + } + size_t bitmask_len = (frag_len + 7) / 8; + bitmask = (uint8_t *)OPENSSL_malloc(bitmask_len); if (bitmask == NULL) { + OPENSSL_PUT_ERROR(SSL, dtls1_hm_fragment_new, ERR_R_MALLOC_FAILURE); if (buf != NULL) { OPENSSL_free(buf); } OPENSSL_free(frag); return NULL; } - memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len)); + memset(bitmask, 0, bitmask_len); } frag->reassembly = bitmask; @@ -221,23 +196,65 @@ static hm_fragment *dtls1_hm_fragment_new(unsigned long frag_len, } void dtls1_hm_fragment_free(hm_fragment *frag) { - if (frag->msg_header.is_ccs) { - /* TODO(davidben): Simplify aead_write_ctx ownership, probably by just - * forbidding DTLS renego. */ - SSL_AEAD_CTX *aead_write_ctx = - frag->msg_header.saved_retransmit_state.aead_write_ctx; - if (aead_write_ctx) { - EVP_AEAD_CTX_cleanup(&aead_write_ctx->ctx); - OPENSSL_free(aead_write_ctx); + if (frag == NULL) { + return; + } + OPENSSL_free(frag->fragment); + OPENSSL_free(frag->reassembly); + OPENSSL_free(frag); +} + +#if !defined(inline) +#define inline __inline +#endif + +/* bit_range returns a |uint8_t| with bits |start|, inclusive, to |end|, + * exclusive, set. */ +static inline uint8_t bit_range(size_t start, size_t end) { + return (uint8_t)(~((1u << start) - 1) & ((1u << end) - 1)); +} + +/* dtls1_hm_fragment_mark marks bytes |start|, inclusive, to |end|, exclusive, + * as received in |frag|. If |frag| becomes complete, it clears + * |frag->reassembly|. The range must be within the bounds of |frag|'s message + * and |frag->reassembly| must not be NULL. */ +static void dtls1_hm_fragment_mark(hm_fragment *frag, size_t start, + size_t end) { + size_t i; + size_t msg_len = frag->msg_header.msg_len; + + if (frag->reassembly == NULL || start > end || end > msg_len) { + assert(0); + return; + } + /* A zero-length message will never have a pending reassembly. */ + assert(msg_len > 0); + + if ((start >> 3) == (end >> 3)) { + frag->reassembly[start >> 3] |= bit_range(start & 7, end & 7); + } else { + frag->reassembly[start >> 3] |= bit_range(start & 7, 8); + for (i = (start >> 3) + 1; i < (end >> 3); i++) { + frag->reassembly[i] = 0xff; + } + if ((end & 7) != 0) { + frag->reassembly[end >> 3] |= bit_range(0, end & 7); } } - if (frag->fragment) { - OPENSSL_free(frag->fragment); + + /* Check if the fragment is complete. */ + for (i = 0; i < (msg_len >> 3); i++) { + if (frag->reassembly[i] != 0xff) { + return; + } } - if (frag->reassembly) { - OPENSSL_free(frag->reassembly); + if ((msg_len & 7) != 0 && + frag->reassembly[msg_len >> 3] != bit_range(0, msg_len & 7)) { + return; } - OPENSSL_free(frag); + + OPENSSL_free(frag->reassembly); + frag->reassembly = NULL; } /* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or @@ -368,514 +385,279 @@ int dtls1_do_write(SSL *s, int type) { return 0; } - -/* Obtain handshake message of message type 'mt' (any if mt == -1), maximum - * acceptable body length 'max'. Read an entire handshake message. Handshake - * messages arrive in fragments. */ -long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, - int hash_message, int *ok) { - int i, al; - struct hm_header_st *msg_hdr; - uint8_t *p; - unsigned long msg_len; - - /* s3->tmp is used to store messages that are unexpected, caused - * by the absence of an optional handshake message */ - if (s->s3->tmp.reuse_message) { - /* A SSL_GET_MESSAGE_DONT_HASH_MESSAGE call cannot be combined - * with reuse_message; the SSL_GET_MESSAGE_DONT_HASH_MESSAGE - * would have to have been applied to the previous call. */ - assert(hash_message != SSL_GET_MESSAGE_DONT_HASH_MESSAGE); - s->s3->tmp.reuse_message = 0; - if (mt >= 0 && s->s3->tmp.message_type != mt) { - al = SSL_AD_UNEXPECTED_MESSAGE; - OPENSSL_PUT_ERROR(SSL, dtls1_get_message, SSL_R_UNEXPECTED_MESSAGE); - goto f_err; - } - *ok = 1; - s->init_msg = (uint8_t *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; - s->init_num = (int)s->s3->tmp.message_size; - return s->init_num; - } - - msg_hdr = &s->d1->r_msg_hdr; - memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); - -again: - i = dtls1_get_message_fragment(s, stn, max, ok); - if (i == DTLS1_HM_BAD_FRAGMENT || - i == DTLS1_HM_FRAGMENT_RETRY) { - /* bad fragment received */ - goto again; - } else if (i <= 0 && !*ok) { - return i; - } - - p = (uint8_t *)s->init_buf->data; - msg_len = msg_hdr->msg_len; - - /* reconstruct message header */ - *(p++) = msg_hdr->type; - l2n3(msg_len, p); - s2n(msg_hdr->seq, p); - l2n3(0, p); - l2n3(msg_len, p); - p -= DTLS1_HM_HEADER_LENGTH; - msg_len += DTLS1_HM_HEADER_LENGTH; - - s->init_msg = (uint8_t *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; - - if (hash_message != SSL_GET_MESSAGE_DONT_HASH_MESSAGE) { - ssl3_hash_current_message(s); - } - if (s->msg_callback) { - s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, msg_len, s, - s->msg_callback_arg); +/* dtls1_is_next_message_complete returns one if the next handshake message is + * complete and zero otherwise. */ +static int dtls1_is_next_message_complete(SSL *s) { + pitem *item = pqueue_peek(s->d1->buffered_messages); + if (item == NULL) { + return 0; } - memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); - - s->d1->handshake_read_seq++; + hm_fragment *frag = (hm_fragment *)item->data; + assert(s->d1->handshake_read_seq <= frag->msg_header.seq); - return s->init_num; - -f_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - *ok = 0; - return -1; + return s->d1->handshake_read_seq == frag->msg_header.seq && + frag->reassembly == NULL; } -static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, - int max) { - size_t frag_off, frag_len, msg_len; - - msg_len = msg_hdr->msg_len; - frag_off = msg_hdr->frag_off; - frag_len = msg_hdr->frag_len; - - /* sanity checking */ - if ((frag_off + frag_len) > msg_len) { - OPENSSL_PUT_ERROR(SSL, dtls1_preprocess_fragment, - SSL_R_EXCESSIVE_MESSAGE_SIZE); - return SSL_AD_ILLEGAL_PARAMETER; - } - - if ((frag_off + frag_len) > (unsigned long)max) { - OPENSSL_PUT_ERROR(SSL, dtls1_preprocess_fragment, - SSL_R_EXCESSIVE_MESSAGE_SIZE); - return SSL_AD_ILLEGAL_PARAMETER; - } - - if (s->d1->r_msg_hdr.frag_off == 0) { - /* first fragment */ - /* msg_len is limited to 2^24, but is effectively checked - * against max above */ - if (!BUF_MEM_grow_clean(s->init_buf, msg_len + DTLS1_HM_HEADER_LENGTH)) { - OPENSSL_PUT_ERROR(SSL, dtls1_preprocess_fragment, ERR_R_BUF_LIB); - return SSL_AD_INTERNAL_ERROR; +/* dtls1_discard_fragment_body discards a handshake fragment body of length + * |frag_len|. It returns one on success and zero on error. + * + * TODO(davidben): This function will go away when ssl_read_bytes is gone from + * the DTLS side. */ +static int dtls1_discard_fragment_body(SSL *s, size_t frag_len) { + uint8_t discard[256]; + while (frag_len > 0) { + size_t chunk = frag_len < sizeof(discard) ? frag_len : sizeof(discard); + int ret = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, discard, chunk, + 0); + if (ret != chunk) { + return 0; } - - s->s3->tmp.message_size = msg_len; - s->d1->r_msg_hdr.msg_len = msg_len; - s->s3->tmp.message_type = msg_hdr->type; - s->d1->r_msg_hdr.type = msg_hdr->type; - s->d1->r_msg_hdr.seq = msg_hdr->seq; - } else if (msg_len != s->d1->r_msg_hdr.msg_len) { - /* They must be playing with us! BTW, failure to enforce - * upper limit would open possibility for buffer overrun. */ - OPENSSL_PUT_ERROR(SSL, dtls1_preprocess_fragment, - SSL_R_EXCESSIVE_MESSAGE_SIZE); - return SSL_AD_ILLEGAL_PARAMETER; + frag_len -= chunk; } - - return 0; /* no error */ + return 1; } +/* dtls1_get_buffered_message returns the buffered message corresponding to + * |msg_hdr|. If none exists, it creates a new one and inserts it in the + * queue. Otherwise, it checks |msg_hdr| is consistent with the existing one. It + * returns NULL on failure. The caller does not take ownership of the result. */ +static hm_fragment *dtls1_get_buffered_message( + SSL *s, const struct hm_header_st *msg_hdr) { + uint8_t seq64be[8]; + memset(seq64be, 0, sizeof(seq64be)); + seq64be[6] = (uint8_t)(msg_hdr->seq >> 8); + seq64be[7] = (uint8_t)msg_hdr->seq; + pitem *item = pqueue_find(s->d1->buffered_messages, seq64be); -static int dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) { - /* (0) check whether the desired fragment is available - * if so: - * (1) copy over the fragment to s->init_buf->data[] - * (2) update s->init_num */ - pitem *item; hm_fragment *frag; - int al; - unsigned long frag_len; - - *ok = 0; - item = pqueue_peek(s->d1->buffered_messages); if (item == NULL) { - return 0; - } - - frag = (hm_fragment *)item->data; - - /* Don't return if reassembly still in progress */ - if (frag->reassembly != NULL) { - return 0; - } - - if (s->d1->handshake_read_seq != frag->msg_header.seq) { - return 0; - } - - frag_len = frag->msg_header.frag_len; - pqueue_pop(s->d1->buffered_messages); - - al = dtls1_preprocess_fragment(s, &frag->msg_header, max); - - if (al == 0) { - /* no alert */ - uint8_t *p = (uint8_t *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; - memcpy(&p[frag->msg_header.frag_off], frag->fragment, - frag->msg_header.frag_len); - } - - dtls1_hm_fragment_free(frag); - pitem_free(item); - - if (al == 0) { - *ok = 1; - return frag_len; + /* This is the first fragment from this message. */ + frag = dtls1_hm_fragment_new(msg_hdr->msg_len, + 1 /* reassembly buffer needed */); + if (frag == NULL) { + return NULL; + } + memcpy(&frag->msg_header, msg_hdr, sizeof(*msg_hdr)); + item = pitem_new(seq64be, frag); + if (item == NULL) { + dtls1_hm_fragment_free(frag); + return NULL; + } + item = pqueue_insert(s->d1->buffered_messages, item); + /* |pqueue_insert| fails iff a duplicate item is inserted, but |item| cannot + * be a duplicate. */ + assert(item != NULL); + } else { + frag = item->data; + assert(frag->msg_header.seq == msg_hdr->seq); + if (frag->msg_header.type != msg_hdr->type || + frag->msg_header.msg_len != msg_hdr->msg_len) { + /* The new fragment must be compatible with the previous fragments from + * this message. */ + OPENSSL_PUT_ERROR(SSL, dtls1_get_buffered_message, + SSL_R_FRAGMENT_MISMATCH); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); + return NULL; + } } - - ssl3_send_alert(s, SSL3_AL_FATAL, al); - s->init_num = 0; - *ok = 0; - return -1; + return frag; } /* dtls1_max_handshake_message_len returns the maximum number of bytes * permitted in a DTLS handshake message for |s|. The minimum is 16KB, but may * be greater if the maximum certificate list size requires it. */ -static unsigned long dtls1_max_handshake_message_len(const SSL *s) { - unsigned long max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; - if (max_len < (unsigned long)s->max_cert_list) { +static size_t dtls1_max_handshake_message_len(const SSL *s) { + size_t max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; + if (max_len < s->max_cert_list) { return s->max_cert_list; } return max_len; } -static int dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr, - int *ok) { - hm_fragment *frag = NULL; - pitem *item = NULL; - int i = -1, is_complete; - uint8_t seq64be[8]; - unsigned long frag_len = msg_hdr->frag_len; - - if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len || - msg_hdr->msg_len > dtls1_max_handshake_message_len(s)) { - goto err; +/* dtls1_process_fragment reads a handshake fragment and processes it. It + * returns one if a fragment was successfully processed and 0 or -1 on error. */ +static int dtls1_process_fragment(SSL *s) { + /* Read handshake message header. + * + * TODO(davidben): ssl_read_bytes allows splitting the fragment header and + * body across two records. Change this interface to consume the fragment in + * one pass. */ + uint8_t header[DTLS1_HM_HEADER_LENGTH]; + int ret = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, header, + DTLS1_HM_HEADER_LENGTH, 0); + if (ret <= 0) { + return ret; + } + if (ret != DTLS1_HM_HEADER_LENGTH) { + OPENSSL_PUT_ERROR(SSL, dtls1_process_fragment, SSL_R_UNEXPECTED_MESSAGE); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); + return -1; + } + + /* Parse the message fragment header. */ + struct hm_header_st msg_hdr; + dtls1_get_message_header(header, &msg_hdr); + + const size_t frag_off = msg_hdr.frag_off; + const size_t frag_len = msg_hdr.frag_len; + const size_t msg_len = msg_hdr.msg_len; + if (frag_off > msg_len || frag_off + frag_len < frag_off || + frag_off + frag_len > msg_len || + msg_len > dtls1_max_handshake_message_len(s)) { + OPENSSL_PUT_ERROR(SSL, dtls1_process_fragment, + SSL_R_EXCESSIVE_MESSAGE_SIZE); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); + return -1; } - if (frag_len == 0) { - return DTLS1_HM_FRAGMENT_RETRY; + if (msg_hdr.seq < s->d1->handshake_read_seq || + msg_hdr.seq > (unsigned)s->d1->handshake_read_seq + + kHandshakeBufferSize) { + /* Ignore fragments from the past, or ones too far in the future. */ + if (!dtls1_discard_fragment_body(s, frag_len)) { + return -1; + } + return 1; } - /* Try to find item in queue */ - memset(seq64be, 0, sizeof(seq64be)); - seq64be[6] = (uint8_t)(msg_hdr->seq >> 8); - seq64be[7] = (uint8_t)msg_hdr->seq; - item = pqueue_find(s->d1->buffered_messages, seq64be); - - if (item == NULL) { - frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1); - if (frag == NULL) { - goto err; - } - memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); - frag->msg_header.frag_len = frag->msg_header.msg_len; - frag->msg_header.frag_off = 0; - } else { - frag = (hm_fragment *)item->data; - if (frag->msg_header.msg_len != msg_hdr->msg_len) { - item = NULL; - frag = NULL; - goto err; - } + hm_fragment *frag = dtls1_get_buffered_message(s, &msg_hdr); + if (frag == NULL) { + return -1; } + assert(frag->msg_header.msg_len == msg_len); - /* If message is already reassembled, this must be a - * retransmit and can be dropped. In this case item != NULL and so frag - * does not need to be freed. */ if (frag->reassembly == NULL) { - uint8_t devnull[256]; - - assert(item != NULL); - while (frag_len) { - i = s->method->ssl_read_bytes( - s, SSL3_RT_HANDSHAKE, devnull, - frag_len > sizeof(devnull) ? sizeof(devnull) : frag_len, 0); - if (i <= 0) { - goto err; - } - frag_len -= i; + /* The message is already assembled. */ + if (!dtls1_discard_fragment_body(s, frag_len)) { + return -1; } - return DTLS1_HM_FRAGMENT_RETRY; + return 1; } + assert(msg_len > 0); - /* read the body of the fragment (header has already been read */ - i = s->method->ssl_read_bytes( - s, SSL3_RT_HANDSHAKE, frag->fragment + msg_hdr->frag_off, frag_len, 0); - if ((unsigned long)i != frag_len) { - i = -1; - } - if (i <= 0) { - goto err; + /* Read the body of the fragment. */ + ret = s->method->ssl_read_bytes( + s, SSL3_RT_HANDSHAKE, frag->fragment + frag_off, frag_len, 0); + if (ret != frag_len) { + OPENSSL_PUT_ERROR(SSL, dtls1_process_fragment, SSL_R_UNEXPECTED_MESSAGE); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); + return -1; } + dtls1_hm_fragment_mark(frag, frag_off, frag_off + frag_len); - RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off, - (long)(msg_hdr->frag_off + frag_len)); - - RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len, - is_complete); + return 1; +} - if (is_complete) { - OPENSSL_free(frag->reassembly); - frag->reassembly = NULL; - } +/* dtls1_get_message reads a handshake message of message type |msg_type| (any + * if |msg_type| == -1), maximum acceptable body length |max|. Read an entire + * handshake message. Handshake messages arrive in fragments. */ +long dtls1_get_message(SSL *s, int st1, int stn, int msg_type, long max, + enum ssl_hash_message_t hash_message, int *ok) { + pitem *item = NULL; + hm_fragment *frag = NULL; + int al; - if (item == NULL) { - item = pitem_new(seq64be, frag); - if (item == NULL) { - i = -1; - goto err; + /* s3->tmp is used to store messages that are unexpected, caused + * by the absence of an optional handshake message */ + if (s->s3->tmp.reuse_message) { + /* A ssl_dont_hash_message call cannot be combined with reuse_message; the + * ssl_dont_hash_message would have to have been applied to the previous + * call. */ + assert(hash_message == ssl_hash_message); + s->s3->tmp.reuse_message = 0; + if (msg_type >= 0 && s->s3->tmp.message_type != msg_type) { + al = SSL_AD_UNEXPECTED_MESSAGE; + OPENSSL_PUT_ERROR(SSL, dtls1_get_message, SSL_R_UNEXPECTED_MESSAGE); + goto f_err; } - - item = pqueue_insert(s->d1->buffered_messages, item); - /* pqueue_insert fails iff a duplicate item is inserted. - * However, |item| cannot be a duplicate. If it were, - * |pqueue_find|, above, would have returned it and control - * would never have reached this branch. */ - assert(item != NULL); + *ok = 1; + s->init_msg = (uint8_t *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; + s->init_num = (int)s->s3->tmp.message_size; + return s->init_num; } - return DTLS1_HM_FRAGMENT_RETRY; - -err: - if (frag != NULL && item == NULL) { - dtls1_hm_fragment_free(frag); + /* Process fragments until one is found. */ + while (!dtls1_is_next_message_complete(s)) { + int ret = dtls1_process_fragment(s); + if (ret <= 0) { + *ok = 0; + return ret; + } } - *ok = 0; - return i; -} -static int dtls1_process_out_of_seq_message(SSL *s, - const struct hm_header_st *msg_hdr, - int *ok) { - int i = -1; - hm_fragment *frag = NULL; - pitem *item = NULL; - uint8_t seq64be[8]; - unsigned long frag_len = msg_hdr->frag_len; + /* Read out the next complete handshake message. */ + item = pqueue_pop(s->d1->buffered_messages); + assert(item != NULL); + frag = (hm_fragment *)item->data; + assert(s->d1->handshake_read_seq == frag->msg_header.seq); + assert(frag->reassembly == NULL); - if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len) { + if (frag->msg_header.msg_len > (size_t)max) { + OPENSSL_PUT_ERROR(SSL, dtls1_get_message, SSL_R_EXCESSIVE_MESSAGE_SIZE); goto err; } - /* Try to find item in queue, to prevent duplicate entries */ - memset(seq64be, 0, sizeof(seq64be)); - seq64be[6] = (uint8_t)(msg_hdr->seq >> 8); - seq64be[7] = (uint8_t)msg_hdr->seq; - item = pqueue_find(s->d1->buffered_messages, seq64be); - - /* If we already have an entry and this one is a fragment, - * don't discard it and rather try to reassemble it. */ - if (item != NULL && frag_len != msg_hdr->msg_len) { - item = NULL; - } - - /* Discard the message if sequence number was already there, is - * too far in the future, already in the queue or if we received - * a FINISHED before the SERVER_HELLO, which then must be a stale - * retransmit. */ - if (msg_hdr->seq <= s->d1->handshake_read_seq || - msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL || - (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) { - uint8_t devnull[256]; - - while (frag_len) { - i = s->method->ssl_read_bytes( - s, SSL3_RT_HANDSHAKE, devnull, - frag_len > sizeof(devnull) ? sizeof(devnull) : frag_len, 0); - if (i <= 0) { - goto err; - } - frag_len -= i; - } - } else { - if (frag_len != msg_hdr->msg_len) { - return dtls1_reassemble_fragment(s, msg_hdr, ok); - } - - if (frag_len > dtls1_max_handshake_message_len(s)) { - goto err; - } - - frag = dtls1_hm_fragment_new(frag_len, 0); - if (frag == NULL) { - goto err; - } - - memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); - - if (frag_len) { - /* read the body of the fragment (header has already been read */ - i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, frag->fragment, - frag_len, 0); - if ((unsigned long)i != frag_len) { - i = -1; - } - if (i <= 0) { - goto err; - } - } - - item = pitem_new(seq64be, frag); - if (item == NULL) { - goto err; - } - - item = pqueue_insert(s->d1->buffered_messages, item); - /* pqueue_insert fails iff a duplicate item is inserted. - * However, |item| cannot be a duplicate. If it were, - * |pqueue_find|, above, would have returned it. Then, either - * |frag_len| != |msg_hdr->msg_len| in which case |item| is set - * to NULL and it will have been processed with - * |dtls1_reassemble_fragment|, above, or the record will have - * been discarded. */ - assert(item != NULL); + CBB cbb; + if (!BUF_MEM_grow(s->init_buf, + (size_t)frag->msg_header.msg_len + + DTLS1_HM_HEADER_LENGTH) || + !CBB_init_fixed(&cbb, (uint8_t *)s->init_buf->data, s->init_buf->max)) { + OPENSSL_PUT_ERROR(SSL, dtls1_get_message, ERR_R_MALLOC_FAILURE); + goto err; } - return DTLS1_HM_FRAGMENT_RETRY; - -err: - if (frag != NULL && item == NULL) { - dtls1_hm_fragment_free(frag); + /* Reconstruct the assembled message. */ + size_t len; + if (!CBB_add_u8(&cbb, frag->msg_header.type) || + !CBB_add_u24(&cbb, frag->msg_header.msg_len) || + !CBB_add_u16(&cbb, frag->msg_header.seq) || + !CBB_add_u24(&cbb, 0 /* frag_off */) || + !CBB_add_u24(&cbb, frag->msg_header.msg_len) || + !CBB_add_bytes(&cbb, frag->fragment, frag->msg_header.msg_len) || + !CBB_finish(&cbb, NULL, &len)) { + CBB_cleanup(&cbb); + OPENSSL_PUT_ERROR(SSL, dtls1_get_message, ERR_R_INTERNAL_ERROR); + goto err; } - *ok = 0; - return i; -} - + assert(len == (size_t)frag->msg_header.msg_len + DTLS1_HM_HEADER_LENGTH); -static long dtls1_get_message_fragment(SSL *s, int stn, long max, int *ok) { - uint8_t wire[DTLS1_HM_HEADER_LENGTH]; - unsigned long len, frag_off, frag_len; - int i, al; - struct hm_header_st msg_hdr; - -redo: - /* see if we have the required fragment already */ - if ((frag_len = dtls1_retrieve_buffered_fragment(s, max, ok)) || *ok) { - if (*ok) { - s->init_num = frag_len; - } - return frag_len; - } + s->d1->handshake_read_seq++; - /* read handshake message header */ - i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, wire, - DTLS1_HM_HEADER_LENGTH, 0); - if (i <= 0) { - /* nbio, or an error */ - s->rwstate = SSL_READING; - *ok = 0; - return i; - } + /* TODO(davidben): This function has a lot of implicit outputs. Simplify the + * |ssl_get_message| API. */ + s->s3->tmp.message_type = frag->msg_header.type; + s->s3->tmp.message_size = frag->msg_header.msg_len; + s->init_msg = (uint8_t *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; + s->init_num = frag->msg_header.msg_len; - /* Handshake fails if message header is incomplete */ - if (i != DTLS1_HM_HEADER_LENGTH) { + if (msg_type >= 0 && s->s3->tmp.message_type != msg_type) { al = SSL_AD_UNEXPECTED_MESSAGE; - OPENSSL_PUT_ERROR(SSL, dtls1_get_message_fragment, - SSL_R_UNEXPECTED_MESSAGE); + OPENSSL_PUT_ERROR(SSL, dtls1_get_message, SSL_R_UNEXPECTED_MESSAGE); goto f_err; } - - /* parse the message fragment header */ - dtls1_get_message_header(wire, &msg_hdr); - - /* if this is a future (or stale) message it gets buffered - * (or dropped)--no further processing at this time. */ - if (msg_hdr.seq != s->d1->handshake_read_seq) { - return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); - } - - len = msg_hdr.msg_len; - frag_off = msg_hdr.frag_off; - frag_len = msg_hdr.frag_len; - - if (frag_len && frag_len < len) { - return dtls1_reassemble_fragment(s, &msg_hdr, ok); + if (hash_message == ssl_hash_message && !ssl3_hash_current_message(s)) { + goto err; } - - if (!s->server && s->d1->r_msg_hdr.frag_off == 0 && - wire[0] == SSL3_MT_HELLO_REQUEST) { - /* The server may always send 'Hello Request' messages -- - * we are doing a handshake anyway now, so ignore them - * if their format is correct. Does not count for - * 'Finished' MAC. */ - if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) { - if (s->msg_callback) { - s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, wire, - DTLS1_HM_HEADER_LENGTH, s, s->msg_callback_arg); - } - - s->init_num = 0; - goto redo; - } else { - /* Incorrectly formated Hello request */ - al = SSL_AD_UNEXPECTED_MESSAGE; - OPENSSL_PUT_ERROR(SSL, dtls1_get_message_fragment, - SSL_R_UNEXPECTED_MESSAGE); - goto f_err; - } + if (s->msg_callback) { + s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, + s->init_num + DTLS1_HM_HEADER_LENGTH, s, + s->msg_callback_arg); } - if ((al = dtls1_preprocess_fragment(s, &msg_hdr, max))) { - goto f_err; - } + pitem_free(item); + dtls1_hm_fragment_free(frag); - /* XDTLS: ressurect this when restart is in place */ s->state = stn; - - if (frag_len > 0) { - uint8_t *p = (uint8_t *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; - - i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &p[frag_off], frag_len, - 0); - /* XDTLS: fix this--message fragments cannot span multiple packets */ - if (i <= 0) { - s->rwstate = SSL_READING; - *ok = 0; - return i; - } - } else { - i = 0; - } - - /* XDTLS: an incorrectly formatted fragment should cause the - * handshake to fail */ - if (i != (int)frag_len) { - al = SSL3_AD_ILLEGAL_PARAMETER; - OPENSSL_PUT_ERROR(SSL, dtls1_get_message_fragment, - SSL3_AD_ILLEGAL_PARAMETER); - goto f_err; - } - *ok = 1; - - /* Note that s->init_num is *not* used as current offset in - * s->init_buf->data, but as a counter summing up fragments' - * lengths: as soon as they sum up to handshake packet - * length, we assume we have got all the fragments. */ - s->init_num = frag_len; - return frag_len; + return s->init_num; f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); - s->init_num = 0; - +err: + pitem_free(item); + dtls1_hm_fragment_free(frag); *ok = 0; return -1; } @@ -913,7 +695,7 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b) { int dtls1_read_failed(SSL *s, int code) { if (code > 0) { - fprintf(stderr, "invalid state reached %s:%d", __FILE__, __LINE__); + assert(0); return 1; } @@ -929,7 +711,7 @@ int dtls1_read_failed(SSL *s, int code) { return code; } - return dtls1_handle_timeout(s); + return DTLSv1_handle_timeout(s); } int dtls1_get_queue_priority(unsigned short seq, int is_ccs) { @@ -944,23 +726,82 @@ int dtls1_get_queue_priority(unsigned short seq, int is_ccs) { return seq * 2 - is_ccs; } +static int dtls1_retransmit_message(SSL *s, hm_fragment *frag) { + int ret; + /* XDTLS: for now assuming that read/writes are blocking */ + unsigned long header_length; + uint8_t save_write_sequence[8]; + + /* assert(s->init_num == 0); + assert(s->init_off == 0); */ + + if (frag->msg_header.is_ccs) { + header_length = DTLS1_CCS_HEADER_LENGTH; + } else { + header_length = DTLS1_HM_HEADER_LENGTH; + } + + memcpy(s->init_buf->data, frag->fragment, + frag->msg_header.msg_len + header_length); + s->init_num = frag->msg_header.msg_len + header_length; + + dtls1_set_message_header(s, frag->msg_header.type, + frag->msg_header.msg_len, frag->msg_header.seq, + 0, frag->msg_header.frag_len); + + /* Save current state. */ + SSL_AEAD_CTX *aead_write_ctx = s->aead_write_ctx; + uint16_t epoch = s->d1->w_epoch; + + /* DTLS renegotiation is unsupported, so only epochs 0 (NULL cipher) and 1 + * (negotiated cipher) exist. */ + assert(epoch == 0 || epoch == 1); + assert(frag->msg_header.epoch <= epoch); + const int fragment_from_previous_epoch = (epoch == 1 && + frag->msg_header.epoch == 0); + if (fragment_from_previous_epoch) { + /* Rewind to the previous epoch. + * + * TODO(davidben): Instead of swapping out connection-global state, this + * logic should pass a "use previous epoch" parameter down to lower-level + * functions. */ + s->d1->w_epoch = frag->msg_header.epoch; + s->aead_write_ctx = NULL; + memcpy(save_write_sequence, s->s3->write_sequence, + sizeof(s->s3->write_sequence)); + memcpy(s->s3->write_sequence, s->d1->last_write_sequence, + sizeof(s->s3->write_sequence)); + } else { + /* Otherwise the messages must be from the same epoch. */ + assert(frag->msg_header.epoch == epoch); + } + + ret = dtls1_do_write(s, frag->msg_header.is_ccs ? SSL3_RT_CHANGE_CIPHER_SPEC + : SSL3_RT_HANDSHAKE); + + if (fragment_from_previous_epoch) { + /* Restore the current epoch. */ + s->aead_write_ctx = aead_write_ctx; + s->d1->w_epoch = epoch; + memcpy(s->d1->last_write_sequence, s->s3->write_sequence, + sizeof(s->s3->write_sequence)); + memcpy(s->s3->write_sequence, save_write_sequence, + sizeof(s->s3->write_sequence)); + } + + (void)BIO_flush(SSL_get_wbio(s)); + return ret; +} + + int dtls1_retransmit_buffered_messages(SSL *s) { pqueue sent = s->d1->sent_messages; - piterator iter; + piterator iter = pqueue_iterator(sent); pitem *item; - hm_fragment *frag; - int found = 0; - - iter = pqueue_iterator(sent); for (item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter)) { - frag = (hm_fragment *)item->data; - if (dtls1_retransmit_message( - s, (unsigned short)dtls1_get_queue_priority( - frag->msg_header.seq, frag->msg_header.is_ccs), - 0, &found) <= 0 && - found) { - fprintf(stderr, "dtls1_retransmit_message() failed\n"); + hm_fragment *frag = (hm_fragment *)item->data; + if (dtls1_retransmit_message(s, frag) <= 0) { return -1; } } @@ -998,11 +839,7 @@ int dtls1_buffer_message(SSL *s, int is_ccs) { frag->msg_header.frag_off = 0; frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len; frag->msg_header.is_ccs = is_ccs; - - /* save current state*/ - frag->msg_header.saved_retransmit_state.aead_write_ctx = s->aead_write_ctx; - frag->msg_header.saved_retransmit_state.session = s->session; - frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch; + frag->msg_header.epoch = s->d1->w_epoch; memset(seq64be, 0, sizeof(seq64be)); seq64be[6] = (uint8_t)( @@ -1021,85 +858,6 @@ int dtls1_buffer_message(SSL *s, int is_ccs) { return 1; } -int dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, - int *found) { - int ret; - /* XDTLS: for now assuming that read/writes are blocking */ - pitem *item; - hm_fragment *frag; - unsigned long header_length; - uint8_t seq64be[8]; - struct dtls1_retransmit_state saved_state; - uint8_t save_write_sequence[8]; - - /* assert(s->init_num == 0); - assert(s->init_off == 0); */ - - /* XDTLS: the requested message ought to be found, otherwise error */ - memset(seq64be, 0, sizeof(seq64be)); - seq64be[6] = (uint8_t)(seq >> 8); - seq64be[7] = (uint8_t)seq; - - item = pqueue_find(s->d1->sent_messages, seq64be); - if (item == NULL) { - fprintf(stderr, "retransmit: message %d non-existant\n", seq); - *found = 0; - return 0; - } - - *found = 1; - frag = (hm_fragment *)item->data; - - if (frag->msg_header.is_ccs) { - header_length = DTLS1_CCS_HEADER_LENGTH; - } else { - header_length = DTLS1_HM_HEADER_LENGTH; - } - - memcpy(s->init_buf->data, frag->fragment, - frag->msg_header.msg_len + header_length); - s->init_num = frag->msg_header.msg_len + header_length; - - dtls1_set_message_header(s, frag->msg_header.type, - frag->msg_header.msg_len, frag->msg_header.seq, - 0, frag->msg_header.frag_len); - - /* save current state */ - saved_state.aead_write_ctx = s->aead_write_ctx; - saved_state.session = s->session; - saved_state.epoch = s->d1->w_epoch; - - /* restore state in which the message was originally sent */ - s->aead_write_ctx = frag->msg_header.saved_retransmit_state.aead_write_ctx; - s->session = frag->msg_header.saved_retransmit_state.session; - s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch; - - if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) { - memcpy(save_write_sequence, s->s3->write_sequence, - sizeof(s->s3->write_sequence)); - memcpy(s->s3->write_sequence, s->d1->last_write_sequence, - sizeof(s->s3->write_sequence)); - } - - ret = dtls1_do_write(s, frag->msg_header.is_ccs ? SSL3_RT_CHANGE_CIPHER_SPEC - : SSL3_RT_HANDSHAKE); - - /* restore current state */ - s->aead_write_ctx = saved_state.aead_write_ctx; - s->session = saved_state.session; - s->d1->w_epoch = saved_state.epoch; - - if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) { - memcpy(s->d1->last_write_sequence, s->s3->write_sequence, - sizeof(s->s3->write_sequence)); - memcpy(s->s3->write_sequence, save_write_sequence, - sizeof(s->s3->write_sequence)); - } - - (void)BIO_flush(SSL_get_wbio(s)); - return ret; -} - /* call this function when the buffered messages are no longer needed */ void dtls1_clear_record_buffer(SSL *s) { pitem *item; @@ -1160,12 +918,6 @@ void dtls1_get_message_header(uint8_t *data, n2l3(data, msg_hdr->frag_len); } -void dtls1_get_ccs_header(uint8_t *data, struct ccs_header_st *ccs_hdr) { - memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st)); - - ccs_hdr->type = *(data++); -} - int dtls1_shutdown(SSL *s) { int ret; ret = ssl3_shutdown(s); diff --git a/src/ssl/d1_clnt.c b/src/ssl/d1_clnt.c index 3f9e814..1827a67 100644 --- a/src/ssl/d1_clnt.c +++ b/src/ssl/d1_clnt.c @@ -114,17 +114,19 @@ #include #include +#include #include #include #include #include +#include #include #include #include #include -#include "ssl_locl.h" +#include "internal.h" static int dtls1_get_hello_verify(SSL *s); @@ -156,7 +158,6 @@ int dtls1_connect(SSL *s) { case SSL_ST_RENEGOTIATE: s->renegotiate = 1; s->state = SSL_ST_CONNECT; - s->ctx->stats.sess_connect_renegotiate++; /* break */ case SSL_ST_CONNECT: case SSL_ST_BEFORE | SSL_ST_CONNECT: @@ -175,8 +176,7 @@ int dtls1_connect(SSL *s) { buf = NULL; } - if (!ssl3_setup_buffers(s) || - !ssl_init_wbio_buffer(s, 0)) { + if (!ssl_init_wbio_buffer(s, 0)) { ret = -1; goto end; } @@ -184,7 +184,6 @@ int dtls1_connect(SSL *s) { /* don't push the buffering BIO quite yet */ s->state = SSL3_ST_CW_CLNT_HELLO_A; - s->ctx->stats.sess_connect++; s->init_num = 0; s->d1->send_cookie = 0; s->hit = 0; @@ -458,12 +457,6 @@ int dtls1_connect(SSL *s) { case SSL3_ST_CW_FLUSH: s->rwstate = SSL_WRITING; if (BIO_flush(s->wbio) <= 0) { - /* If the write error was fatal, stop trying */ - if (!BIO_should_retry(s->wbio)) { - s->rwstate = SSL_NOTHING; - s->state = s->s3->tmp.next_state; - } - ret = -1; goto end; } @@ -483,15 +476,12 @@ int dtls1_connect(SSL *s) { s->new_session = 0; ssl_update_cache(s, SSL_SESS_CACHE_CLIENT); - if (s->hit) { - s->ctx->stats.sess_hit++; - } ret = 1; - s->ctx->stats.sess_connect_good++; - if (cb != NULL) + if (cb != NULL) { cb(s, SSL_CB_HANDSHAKE_DONE, 1); + } /* done with handshaking */ s->d1->handshake_read_seq = 0; @@ -519,9 +509,7 @@ int dtls1_connect(SSL *s) { end: s->in_handshake--; - if (buf != NULL) { - BUF_MEM_free(buf); - } + BUF_MEM_free(buf); if (cb != NULL) { cb(s, SSL_CB_CONNECT_EXIT, ret); } @@ -538,7 +526,7 @@ static int dtls1_get_hello_verify(SSL *s) { s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, /* Use the same maximum size as ssl3_get_server_hello. */ - 20000, SSL_GET_MESSAGE_HASH_MESSAGE, &ok); + 20000, ssl_hash_message, &ok); if (!ok) { return n; @@ -556,7 +544,7 @@ static int dtls1_get_hello_verify(SSL *s) { !CBS_get_u8_length_prefixed(&hello_verify_request, &cookie) || CBS_len(&hello_verify_request) != 0) { al = SSL_AD_DECODE_ERROR; - OPENSSL_PUT_ERROR(SSL, ssl3_get_cert_status, SSL_R_DECODE_ERROR); + OPENSSL_PUT_ERROR(SSL, dtls1_get_hello_verify, SSL_R_DECODE_ERROR); goto f_err; } diff --git a/src/ssl/d1_lib.c b/src/ssl/d1_lib.c index 8244cb9..e53156f 100644 --- a/src/ssl/d1_lib.c +++ b/src/ssl/d1_lib.c @@ -58,6 +58,7 @@ #include #include +#include #if defined(OPENSSL_WINDOWS) #include @@ -70,51 +71,17 @@ #include #include -#include "ssl_locl.h" - -static void get_current_time(OPENSSL_timeval *t); -static OPENSSL_timeval *dtls1_get_timeout(SSL *s, OPENSSL_timeval *timeleft); -static void dtls1_set_handshake_header(SSL *s, int type, unsigned long len); -static int dtls1_handshake_write(SSL *s); - -const SSL3_ENC_METHOD DTLSv1_enc_data = { - tls1_enc, - tls1_prf, - tls1_setup_key_block, - tls1_generate_master_secret, - tls1_change_cipher_state, - tls1_final_finish_mac, - TLS1_FINISH_MAC_LENGTH, - tls1_cert_verify_mac, - TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE, - TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE, - tls1_alert_code, - tls1_export_keying_material, - SSL_ENC_FLAG_DTLS|SSL_ENC_FLAG_EXPLICIT_IV, - DTLS1_HM_HEADER_LENGTH, - dtls1_set_handshake_header, - dtls1_handshake_write, -}; - -const SSL3_ENC_METHOD DTLSv1_2_enc_data = { - tls1_enc, - tls1_prf, - tls1_setup_key_block, - tls1_generate_master_secret, - tls1_change_cipher_state, - tls1_final_finish_mac, - TLS1_FINISH_MAC_LENGTH, - tls1_cert_verify_mac, - TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE, - TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE, - tls1_alert_code, - tls1_export_keying_material, - SSL_ENC_FLAG_DTLS | SSL_ENC_FLAG_EXPLICIT_IV | SSL_ENC_FLAG_SIGALGS | - SSL_ENC_FLAG_SHA256_PRF | SSL_ENC_FLAG_TLS1_2_CIPHERS, - DTLS1_HM_HEADER_LENGTH, - dtls1_set_handshake_header, - dtls1_handshake_write, -}; +#include "internal.h" + +/* DTLS1_MTU_TIMEOUTS is the maximum number of timeouts to expire + * before starting to decrease the MTU. */ +#define DTLS1_MTU_TIMEOUTS 2 + +/* DTLS1_MAX_TIMEOUTS is the maximum number of timeouts to expire + * before failing the DTLS handshake. */ +#define DTLS1_MAX_TIMEOUTS 12 + +static void get_current_time(const SSL *ssl, struct timeval *out_clock); int dtls1_new(SSL *s) { DTLS1_STATE *d1; @@ -129,30 +96,12 @@ int dtls1_new(SSL *s) { } memset(d1, 0, sizeof *d1); - d1->unprocessed_rcds.q = pqueue_new(); - d1->processed_rcds.q = pqueue_new(); d1->buffered_messages = pqueue_new(); d1->sent_messages = pqueue_new(); - d1->buffered_app_data.q = pqueue_new(); - if (!d1->unprocessed_rcds.q || !d1->processed_rcds.q || - !d1->buffered_messages || !d1->sent_messages || - !d1->buffered_app_data.q) { - if (d1->unprocessed_rcds.q) { - pqueue_free(d1->unprocessed_rcds.q); - } - if (d1->processed_rcds.q) { - pqueue_free(d1->processed_rcds.q); - } - if (d1->buffered_messages) { - pqueue_free(d1->buffered_messages); - } - if (d1->sent_messages) { - pqueue_free(d1->sent_messages); - } - if (d1->buffered_app_data.q) { - pqueue_free(d1->buffered_app_data.q); - } + if (!d1->buffered_messages || !d1->sent_messages) { + pqueue_free(d1->buffered_messages); + pqueue_free(d1->sent_messages); OPENSSL_free(d1); ssl3_free(s); return 0; @@ -172,25 +121,6 @@ int dtls1_new(SSL *s) { static void dtls1_clear_queues(SSL *s) { pitem *item = NULL; hm_fragment *frag = NULL; - DTLS1_RECORD_DATA *rdata; - - while ((item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) { - rdata = (DTLS1_RECORD_DATA *)item->data; - if (rdata->rbuf.buf) { - OPENSSL_free(rdata->rbuf.buf); - } - OPENSSL_free(item->data); - pitem_free(item); - } - - while ((item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) { - rdata = (DTLS1_RECORD_DATA *)item->data; - if (rdata->rbuf.buf) { - OPENSSL_free(rdata->rbuf.buf); - } - OPENSSL_free(item->data); - pitem_free(item); - } while ((item = pqueue_pop(s->d1->buffered_messages)) != NULL) { frag = (hm_fragment *)item->data; @@ -203,15 +133,6 @@ static void dtls1_clear_queues(SSL *s) { dtls1_hm_fragment_free(frag); pitem_free(item); } - - while ((item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) { - rdata = (DTLS1_RECORD_DATA *)item->data; - if (rdata->rbuf.buf) { - OPENSSL_free(rdata->rbuf.buf); - } - OPENSSL_free(item->data); - pitem_free(item); - } } void dtls1_free(SSL *s) { @@ -223,40 +144,15 @@ void dtls1_free(SSL *s) { dtls1_clear_queues(s); - pqueue_free(s->d1->unprocessed_rcds.q); - pqueue_free(s->d1->processed_rcds.q); pqueue_free(s->d1->buffered_messages); pqueue_free(s->d1->sent_messages); - pqueue_free(s->d1->buffered_app_data.q); OPENSSL_free(s->d1); s->d1 = NULL; } -long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) { - int ret = 0; - - switch (cmd) { - case DTLS_CTRL_GET_TIMEOUT: - if (dtls1_get_timeout(s, (OPENSSL_timeval *)parg) != NULL) { - ret = 1; - } - break; - - case DTLS_CTRL_HANDLE_TIMEOUT: - ret = dtls1_handle_timeout(s); - break; - - default: - ret = ssl3_ctrl(s, cmd, larg, parg); - break; - } - - return ret; -} - -const SSL_CIPHER *dtls1_get_cipher(unsigned int u) { - const SSL_CIPHER *ciph = ssl3_get_cipher(u); +const SSL_CIPHER *dtls1_get_cipher(size_t i) { + const SSL_CIPHER *ciph = ssl3_get_cipher(i); /* DTLS does not support stream ciphers. */ if (ciph == NULL || ciph->algorithm_enc == SSL_RC4) { return NULL; @@ -272,7 +168,7 @@ void dtls1_start_timer(SSL *s) { } /* Set timeout to current time */ - get_current_time(&s->d1->next_timeout); + get_current_time(s, &s->d1->next_timeout); /* Add duration to current time */ s->d1->next_timeout.tv_sec += s->d1->timeout_duration; @@ -280,48 +176,51 @@ void dtls1_start_timer(SSL *s) { &s->d1->next_timeout); } -static OPENSSL_timeval *dtls1_get_timeout(SSL *s, OPENSSL_timeval *timeleft) { - OPENSSL_timeval timenow; +int DTLSv1_get_timeout(const SSL *ssl, struct timeval *out) { + if (!SSL_IS_DTLS(ssl)) { + return 0; + } /* If no timeout is set, just return NULL */ - if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) { - return NULL; + if (ssl->d1->next_timeout.tv_sec == 0 && ssl->d1->next_timeout.tv_usec == 0) { + return 0; } /* Get current time */ - get_current_time(&timenow); + struct timeval timenow; + get_current_time(ssl, &timenow); /* If timer already expired, set remaining time to 0 */ - if (s->d1->next_timeout.tv_sec < timenow.tv_sec || - (s->d1->next_timeout.tv_sec == timenow.tv_sec && - s->d1->next_timeout.tv_usec <= timenow.tv_usec)) { - memset(timeleft, 0, sizeof(OPENSSL_timeval)); - return timeleft; + if (ssl->d1->next_timeout.tv_sec < timenow.tv_sec || + (ssl->d1->next_timeout.tv_sec == timenow.tv_sec && + ssl->d1->next_timeout.tv_usec <= timenow.tv_usec)) { + memset(out, 0, sizeof(struct timeval)); + return 1; } /* Calculate time left until timer expires */ - memcpy(timeleft, &s->d1->next_timeout, sizeof(OPENSSL_timeval)); - timeleft->tv_sec -= timenow.tv_sec; - timeleft->tv_usec -= timenow.tv_usec; - if (timeleft->tv_usec < 0) { - timeleft->tv_sec--; - timeleft->tv_usec += 1000000; + memcpy(out, &ssl->d1->next_timeout, sizeof(struct timeval)); + out->tv_sec -= timenow.tv_sec; + out->tv_usec -= timenow.tv_usec; + if (out->tv_usec < 0) { + out->tv_sec--; + out->tv_usec += 1000000; } /* If remaining time is less than 15 ms, set it to 0 to prevent issues * because of small devergences with socket timeouts. */ - if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) { - memset(timeleft, 0, sizeof(OPENSSL_timeval)); + if (out->tv_sec == 0 && out->tv_usec < 15000) { + memset(out, 0, sizeof(struct timeval)); } - return timeleft; + return 1; } int dtls1_is_timer_expired(SSL *s) { - OPENSSL_timeval timeleft; + struct timeval timeleft; /* Get time left until timeout, return false if no timer running */ - if (dtls1_get_timeout(s, &timeleft) == NULL) { + if (!DTLSv1_get_timeout(s, &timeleft)) { return 0; } @@ -344,8 +243,8 @@ void dtls1_double_timeout(SSL *s) { void dtls1_stop_timer(SSL *s) { /* Reset everything */ - memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st)); - memset(&s->d1->next_timeout, 0, sizeof(OPENSSL_timeval)); + s->d1->num_timeouts = 0; + memset(&s->d1->next_timeout, 0, sizeof(struct timeval)); s->d1->timeout_duration = 1; BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &s->d1->next_timeout); @@ -354,10 +253,10 @@ void dtls1_stop_timer(SSL *s) { } int dtls1_check_timeout_num(SSL *s) { - s->d1->timeout.num_alerts++; + s->d1->num_timeouts++; /* Reduce MTU after 2 unsuccessful retransmissions */ - if (s->d1->timeout.num_alerts > 2 && + if (s->d1->num_timeouts > DTLS1_MTU_TIMEOUTS && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) { long mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL); @@ -366,7 +265,7 @@ int dtls1_check_timeout_num(SSL *s) { } } - if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) { + if (s->d1->num_timeouts > DTLS1_MAX_TIMEOUTS) { /* fail the connection, enough alerts have been sent */ OPENSSL_PUT_ERROR(SSL, dtls1_check_timeout_num, SSL_R_READ_TIMEOUT_EXPIRED); return -1; @@ -375,39 +274,43 @@ int dtls1_check_timeout_num(SSL *s) { return 0; } -int dtls1_handle_timeout(SSL *s) { +int DTLSv1_handle_timeout(SSL *ssl) { + if (!SSL_IS_DTLS(ssl)) { + return -1; + } + /* if no timer is expired, don't do anything */ - if (!dtls1_is_timer_expired(s)) { + if (!dtls1_is_timer_expired(ssl)) { return 0; } - dtls1_double_timeout(s); + dtls1_double_timeout(ssl); - if (dtls1_check_timeout_num(s) < 0) { + if (dtls1_check_timeout_num(ssl) < 0) { return -1; } - s->d1->timeout.read_timeouts++; - if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) { - s->d1->timeout.read_timeouts = 1; - } - - dtls1_start_timer(s); - return dtls1_retransmit_buffered_messages(s); + dtls1_start_timer(ssl); + return dtls1_retransmit_buffered_messages(ssl); } -static void get_current_time(OPENSSL_timeval *t) { +static void get_current_time(const SSL *ssl, struct timeval *out_clock) { + if (ssl->ctx->current_time_cb != NULL) { + ssl->ctx->current_time_cb(ssl, out_clock); + return; + } + #if defined(OPENSSL_WINDOWS) struct _timeb time; _ftime(&time); - t->tv_sec = time.time; - t->tv_usec = time.millitm * 1000; + out_clock->tv_sec = time.time; + out_clock->tv_usec = time.millitm * 1000; #else - gettimeofday(t, NULL); + gettimeofday(out_clock, NULL); #endif } -static void dtls1_set_handshake_header(SSL *s, int htype, unsigned long len) { +int dtls1_set_handshake_header(SSL *s, int htype, unsigned long len) { uint8_t *message = (uint8_t *)s->init_buf->data; const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; uint8_t serialised_header[DTLS1_HM_HEADER_LENGTH]; @@ -430,10 +333,10 @@ static void dtls1_set_handshake_header(SSL *s, int htype, unsigned long len) { s2n(msg_hdr->seq, p); l2n3(0, p); l2n3(msg_hdr->msg_len, p); - ssl3_finish_mac(s, serialised_header, sizeof(serialised_header)); - ssl3_finish_mac(s, message + DTLS1_HM_HEADER_LENGTH, len); + return ssl3_finish_mac(s, serialised_header, sizeof(serialised_header)) && + ssl3_finish_mac(s, message + DTLS1_HM_HEADER_LENGTH, len); } -static int dtls1_handshake_write(SSL *s) { +int dtls1_handshake_write(SSL *s) { return dtls1_do_write(s, SSL3_RT_HANDSHAKE); } diff --git a/src/ssl/d1_meth.c b/src/ssl/d1_meth.c index a894222..a11fbdd 100644 --- a/src/ssl/d1_meth.c +++ b/src/ssl/d1_meth.c @@ -55,32 +55,33 @@ * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). */ -#include "ssl_locl.h" +#include "internal.h" static const SSL_PROTOCOL_METHOD DTLS_protocol_method = { - dtls1_new, - dtls1_free, - dtls1_accept, - dtls1_connect, - ssl3_read, - ssl3_peek, - ssl3_write, - dtls1_shutdown, - ssl3_renegotiate, - ssl3_renegotiate_check, - dtls1_get_message, - dtls1_read_bytes, - dtls1_write_app_data_bytes, - dtls1_dispatch_alert, - dtls1_ctrl, - ssl3_ctx_ctrl, - ssl3_pending, - ssl3_num_ciphers, - dtls1_get_cipher, - ssl_undefined_void_function, - ssl3_callback_ctrl, - ssl3_ctx_callback_ctrl, + 1 /* is_dtls */, + dtls1_new, + dtls1_free, + dtls1_accept, + dtls1_connect, + ssl3_read, + ssl3_peek, + ssl3_write, + dtls1_shutdown, + ssl3_renegotiate, + ssl3_renegotiate_check, + dtls1_get_message, + dtls1_read_bytes, + dtls1_write_app_data_bytes, + dtls1_dispatch_alert, + ssl3_ctrl, + ssl3_ctx_ctrl, + ssl3_pending, + ssl3_num_ciphers, + dtls1_get_cipher, + DTLS1_HM_HEADER_LENGTH, + dtls1_set_handshake_header, + dtls1_handshake_write, }; const SSL_METHOD *DTLS_method(void) { diff --git a/src/ssl/d1_pkt.c b/src/ssl/d1_pkt.c index a77ad4e..9e056ac 100644 --- a/src/ssl/d1_pkt.c +++ b/src/ssl/d1_pkt.c @@ -109,9 +109,9 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#include -#include #include +#include +#include #include #include @@ -119,7 +119,7 @@ #include #include -#include "ssl_locl.h" +#include "internal.h" /* mod 128 saturating subtract of two 64-bit values in big-endian order */ @@ -181,152 +181,12 @@ static int satsub64be(const uint8_t *v1, const uint8_t *v2) { } } -static int have_handshake_fragment(SSL *s, int type, uint8_t *buf, int len, - int peek); static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap); static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap); -static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, - unsigned int *is_next_epoch); -static int dtls1_buffer_record(SSL *s, record_pqueue *q, - uint8_t *priority); static int dtls1_process_record(SSL *s); static int do_dtls1_write(SSL *s, int type, const uint8_t *buf, unsigned int len); -/* copy buffered record into SSL structure */ -static int dtls1_copy_record(SSL *s, pitem *item) { - DTLS1_RECORD_DATA *rdata; - - rdata = (DTLS1_RECORD_DATA *)item->data; - - if (s->s3->rbuf.buf != NULL) { - OPENSSL_free(s->s3->rbuf.buf); - } - - s->packet = rdata->packet; - s->packet_length = rdata->packet_length; - memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER)); - memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD)); - - /* Set proper sequence number for mac calculation */ - memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6); - - return 1; -} - -static int dtls1_buffer_record(SSL *s, record_pqueue *queue, - uint8_t *priority) { - DTLS1_RECORD_DATA *rdata; - pitem *item; - - /* Limit the size of the queue to prevent DOS attacks */ - if (pqueue_size(queue->q) >= 100) { - return 0; - } - - rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA)); - item = pitem_new(priority, rdata); - if (rdata == NULL || item == NULL) { - if (rdata != NULL) { - OPENSSL_free(rdata); - } - if (item != NULL) { - pitem_free(item); - } - - OPENSSL_PUT_ERROR(SSL, dtls1_buffer_record, ERR_R_INTERNAL_ERROR); - return -1; - } - - rdata->packet = s->packet; - rdata->packet_length = s->packet_length; - memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER)); - memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD)); - - item->data = rdata; - - s->packet = NULL; - s->packet_length = 0; - memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER)); - memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD)); - - if (!ssl3_setup_buffers(s)) { - goto internal_error; - } - - /* insert should not fail, since duplicates are dropped */ - if (pqueue_insert(queue->q, item) == NULL) { - goto internal_error; - } - - return 1; - -internal_error: - OPENSSL_PUT_ERROR(SSL, dtls1_buffer_record, ERR_R_INTERNAL_ERROR); - if (rdata->rbuf.buf != NULL) { - OPENSSL_free(rdata->rbuf.buf); - } - OPENSSL_free(rdata); - pitem_free(item); - return -1; -} - -static int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue) { - pitem *item; - - item = pqueue_pop(queue->q); - if (item) { - dtls1_copy_record(s, item); - - OPENSSL_free(item->data); - pitem_free(item); - - return 1; - } - - return 0; -} - -/* retrieve a buffered record that belongs to the new epoch, i.e., not - * processed yet */ -#define dtls1_get_unprocessed_record(s) \ - dtls1_retrieve_buffered_record((s), &((s)->d1->unprocessed_rcds)) - -/* retrieve a buffered record that belongs to the current epoch, i.e., - * processed */ -#define dtls1_get_processed_record(s) \ - dtls1_retrieve_buffered_record((s), &((s)->d1->processed_rcds)) - -static int dtls1_process_buffered_records(SSL *s) { - pitem *item; - - item = pqueue_peek(s->d1->unprocessed_rcds.q); - if (item) { - /* Check if epoch is current. */ - if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch) { - return 1; /* Nothing to do. */ - } - - /* Process all the records. */ - while (pqueue_peek(s->d1->unprocessed_rcds.q)) { - dtls1_get_unprocessed_record(s); - if (!dtls1_process_record(s)) { - return 0; - } - if (dtls1_buffer_record(s, &(s->d1->processed_rcds), - s->s3->rrec.seq_num) < 0) { - return -1; - } - } - } - - /* sync epoch numbers once all the unprocessed records have been processed */ - s->d1->processed_rcds.epoch = s->d1->r_epoch; - s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1; - - return 1; -} - static int dtls1_process_record(SSL *s) { int al; SSL3_RECORD *rr; @@ -405,28 +265,15 @@ int dtls1_get_record(SSL *s) { SSL3_RECORD *rr; unsigned char *p = NULL; unsigned short version; - DTLS1_BITMAP *bitmap; - unsigned int is_next_epoch; rr = &(s->s3->rrec); - /* The epoch may have changed. If so, process all the pending records. This - * is a non-blocking operation. */ - if (dtls1_process_buffered_records(s) < 0) { - return -1; - } - - /* If we're renegotiating, then there may be buffered records. */ - if (dtls1_get_processed_record(s)) { - return 1; - } - /* get something from the wire */ again: /* check if we have the header */ if ((s->rstate != SSL_ST_READ_BODY) || (s->packet_length < DTLS1_RT_HEADER_LENGTH)) { - n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0); + n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, 0); /* read timeout is handled by dtls1_read_bytes */ if (n <= 0) { return n; /* error or non-blocking */ @@ -498,7 +345,7 @@ again: if (rr->length > s->packet_length - DTLS1_RT_HEADER_LENGTH) { /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */ i = rr->length; - n = ssl3_read_n(s, i, i, 1); + n = ssl3_read_n(s, i, 1); if (n <= 0) { return n; /* error or non-blocking io */ } @@ -515,16 +362,17 @@ again: } s->rstate = SSL_ST_READ_HEADER; /* set state for later operations */ - /* match epochs. NULL means the packet is dropped on the floor */ - bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch); - if (bitmap == NULL) { + if (rr->epoch != s->d1->r_epoch) { + /* This record is from the wrong epoch. If it is the next epoch, it could be + * buffered. For simplicity, drop it and expect retransmit to handle it + * later; DTLS is supposed to handle packet loss. */ rr->length = 0; - s->packet_length = 0; /* dump this record */ - goto again; /* get another record */ + s->packet_length = 0; + goto again; } /* Check whether this is a repeat, or aged record. */ - if (!dtls1_record_replay_check(s, bitmap)) { + if (!dtls1_record_replay_check(s, &s->d1->bitmap)) { rr->length = 0; s->packet_length = 0; /* dump this record */ goto again; /* get another record */ @@ -535,28 +383,12 @@ again: goto again; } - /* If this record is from the next epoch (either HM or ALERT), - * and a handshake is currently in progress, buffer it since it - * cannot be processed at this time. - */ - if (is_next_epoch) { - if (SSL_in_init(s) || s->in_handshake) { - if (dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num) < 0) { - return -1; - } - dtls1_record_bitmap_update(s, bitmap); /* Mark receipt of record. */ - } - rr->length = 0; - s->packet_length = 0; - goto again; - } - if (!dtls1_process_record(s)) { rr->length = 0; s->packet_length = 0; /* dump this record */ goto again; /* get another record */ } - dtls1_record_bitmap_update(s, bitmap); /* Mark receipt of record. */ + dtls1_record_bitmap_update(s, &s->d1->bitmap); /* Mark receipt of record. */ return 1; } @@ -589,15 +421,11 @@ again: * none of our business */ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) { - int al, i, j, ret; + int al, i, ret; unsigned int n; SSL3_RECORD *rr; void (*cb)(const SSL *ssl, int type2, int val) = NULL; - if (s->s3->rbuf.buf == NULL && !ssl3_setup_buffers(s)) { - return -1; - } - /* XXX: check what the second '&& type' is about */ if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) || @@ -606,14 +434,6 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) { return -1; } - /* check whether there's a handshake message (client hello?) waiting */ - ret = have_handshake_fragment(s, type, buf, len, peek); - if (ret) { - return ret; - } - - /* Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */ - if (!s->in_handshake && SSL_in_init(s)) { /* type == SSL3_RT_APPLICATION_DATA */ i = s->handshake_func(s); @@ -635,23 +455,8 @@ start: * s->s3->rrec.length - number of bytes. */ rr = &s->s3->rrec; - /* We are not handshaking and have no data yet, - * so process data buffered during the last handshake - * in advance, if any. - */ - if (s->state == SSL_ST_OK && rr->length == 0) { - pitem *item; - item = pqueue_pop(s->d1->buffered_app_data.q); - if (item) { - dtls1_copy_record(s, item); - - OPENSSL_free(item->data); - pitem_free(item); - } - } - /* Check for timeout */ - if (dtls1_handle_timeout(s) > 0) { + if (DTLSv1_handle_timeout(s) > 0) { goto start; } @@ -673,14 +478,11 @@ start: /* |change_cipher_spec is set when we receive a ChangeCipherSpec and reset by * ssl3_get_finished. */ - if (s->s3->change_cipher_spec && rr->type != SSL3_RT_HANDSHAKE) { - /* We now have application data between CCS and Finished. Most likely the - * packets were reordered on their way, so buffer the application data for - * later processing rather than dropping the connection. */ - if (dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num) < 0) { - OPENSSL_PUT_ERROR(SSL, dtls1_read_bytes, ERR_R_INTERNAL_ERROR); - return -1; - } + if (s->s3->change_cipher_spec && rr->type != SSL3_RT_HANDSHAKE && + rr->type != SSL3_RT_ALERT) { + /* We now have an unexpected record between CCS and Finished. Most likely + * the packets were reordered on their way. DTLS is unreliable, so drop the + * packet and expect the peer to retransmit. */ rr->length = 0; goto start; } @@ -729,118 +531,25 @@ start: return n; } - /* If we get here, then type != rr->type; if we have a handshake message, - * then it was unexpected (Hello Request or Client Hello). */ - - /* In case of record types for which we have 'fragment' storage, fill that so - * that we can process the data at a fixed place. */ - { - unsigned int k, dest_maxlen = 0; - uint8_t *dest = NULL; - unsigned int *dest_len = NULL; - - if (rr->type == SSL3_RT_HANDSHAKE) { - dest_maxlen = sizeof s->d1->handshake_fragment; - dest = s->d1->handshake_fragment; - dest_len = &s->d1->handshake_fragment_len; - } else if (rr->type == SSL3_RT_ALERT) { - dest_maxlen = sizeof(s->d1->alert_fragment); - dest = s->d1->alert_fragment; - dest_len = &s->d1->alert_fragment_len; - } - /* else it's a CCS message, or application data or wrong */ - else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) { - /* Application data while renegotiating is allowed. Try again reading. */ - if (rr->type == SSL3_RT_APPLICATION_DATA) { - BIO *bio; - s->s3->in_read_app_data = 2; - bio = SSL_get_rbio(s); - s->rwstate = SSL_READING; - BIO_clear_retry_flags(bio); - BIO_set_retry_read(bio); - return -1; - } - - /* Not certain if this is the right error handling */ - al = SSL_AD_UNEXPECTED_MESSAGE; - OPENSSL_PUT_ERROR(SSL, dtls1_read_bytes, SSL_R_UNEXPECTED_RECORD); - goto f_err; - } - - if (dest_maxlen > 0) { - /* XDTLS: In a pathalogical case, the Client Hello - * may be fragmented--don't always expect dest_maxlen bytes */ - if (rr->length < dest_maxlen) { - s->rstate = SSL_ST_READ_HEADER; - rr->length = 0; - goto start; - } - - /* now move 'n' bytes: */ - for (k = 0; k < dest_maxlen; k++) { - dest[k] = rr->data[rr->off++]; - rr->length--; - } - *dest_len = dest_maxlen; - } - } - - /* s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE; - * s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT. - * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */ - - /* If we are a client, check for an incoming 'Hello Request': */ - if (!s->server && s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH && - s->d1->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST && - s->session != NULL && s->session->cipher != NULL) { - s->d1->handshake_fragment_len = 0; + /* If we get here, then type != rr->type. */ - if ((s->d1->handshake_fragment[1] != 0) || - (s->d1->handshake_fragment[2] != 0) || - (s->d1->handshake_fragment[3] != 0)) { + /* If an alert record, process one alert out of the record. Note that we allow + * a single record to contain multiple alerts. */ + if (rr->type == SSL3_RT_ALERT) { + /* Alerts may not be fragmented. */ + if (rr->length < 2) { al = SSL_AD_DECODE_ERROR; - OPENSSL_PUT_ERROR(SSL, dtls1_read_bytes, SSL_R_BAD_HELLO_REQUEST); + OPENSSL_PUT_ERROR(SSL, dtls1_read_bytes, SSL_R_BAD_ALERT); goto f_err; } - /* no need to check sequence number on HELLO REQUEST messages */ - - if (s->msg_callback) { - s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, - s->d1->handshake_fragment, 4, s, s->msg_callback_arg); - } - - if (SSL_is_init_finished(s) && !s->s3->renegotiate) { - s->d1->handshake_read_seq++; - s->new_session = 1; - ssl3_renegotiate(s); - if (ssl3_renegotiate_check(s)) { - i = s->handshake_func(s); - if (i < 0) { - return i; - } - if (i == 0) { - OPENSSL_PUT_ERROR(SSL, dtls1_read_bytes, SSL_R_SSL_HANDSHAKE_FAILURE); - return -1; - } - } - } - - /* we either finished a handshake or ignored the request, now try again to - * obtain the (application) data we were asked for */ - goto start; - } - - if (s->d1->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH) { - int alert_level = s->d1->alert_fragment[0]; - int alert_descr = s->d1->alert_fragment[1]; - - s->d1->alert_fragment_len = 0; - if (s->msg_callback) { - s->msg_callback(0, s->version, SSL3_RT_ALERT, s->d1->alert_fragment, 2, s, + s->msg_callback(0, s->version, SSL3_RT_ALERT, &rr->data[rr->off], 2, s, s->msg_callback_arg); } + const uint8_t alert_level = rr->data[rr->off++]; + const uint8_t alert_descr = rr->data[rr->off++]; + rr->length -= 2; if (s->info_callback != NULL) { cb = s->info_callback; @@ -849,17 +558,17 @@ start: } if (cb != NULL) { - j = (alert_level << 8) | alert_descr; - cb(s, SSL_CB_READ_ALERT, j); + uint16_t alert = (alert_level << 8) | alert_descr; + cb(s, SSL_CB_READ_ALERT, alert); } - if (alert_level == 1) { /* warning */ + if (alert_level == SSL3_AL_WARNING) { s->s3->warn_alert = alert_descr; if (alert_descr == SSL_AD_CLOSE_NOTIFY) { s->shutdown |= SSL_RECEIVED_SHUTDOWN; return 0; } - } else if (alert_level == 2) { /* fatal */ + } else if (alert_level == SSL3_AL_FATAL) { char tmp[16]; s->rwstate = SSL_NOTHING; @@ -888,16 +597,9 @@ start: } if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) { - struct ccs_header_st ccs_hdr; - unsigned int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH; - - dtls1_get_ccs_header(rr->data, &ccs_hdr); - - /* 'Change Cipher Spec' is just a single byte, so we know - * exactly what the record payload has to look like */ - /* XDTLS: check that epoch is consistent */ - if ((rr->length != ccs_hdr_len) || (rr->off != 0) || - (rr->data[0] != SSL3_MT_CCS)) { + /* 'Change Cipher Spec' is just a single byte, so we know exactly what the + * record payload has to look like */ + if (rr->length != 1 || rr->off != 0 || rr->data[0] != SSL3_MT_CCS) { al = SSL_AD_ILLEGAL_PARAMETER; OPENSSL_PUT_ERROR(SSL, dtls1_read_bytes, SSL_R_BAD_CHANGE_CIPHER_SPEC); goto f_err; @@ -930,91 +632,41 @@ start: goto start; } - /* Unexpected handshake message (Client Hello, or protocol violation) */ - if ((s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) && - !s->in_handshake) { - struct hm_header_st msg_hdr; - - /* this may just be a stale retransmit */ - dtls1_get_message_header(rr->data, &msg_hdr); - if (rr->epoch != s->d1->r_epoch) { - rr->length = 0; - goto start; + /* Unexpected handshake message. It may be a retransmitted Finished (the only + * post-CCS message). Otherwise, it's a pre-CCS handshake message from an + * unsupported renegotiation attempt. */ + if (rr->type == SSL3_RT_HANDSHAKE && !s->in_handshake) { + if (rr->length < DTLS1_HM_HEADER_LENGTH) { + al = SSL_AD_DECODE_ERROR; + OPENSSL_PUT_ERROR(SSL, dtls1_read_bytes, SSL_R_BAD_HANDSHAKE_RECORD); + goto f_err; } + struct hm_header_st msg_hdr; + dtls1_get_message_header(&rr->data[rr->off], &msg_hdr); - /* If we are server, we may have a repeated FINISHED of the client here, - * then retransmit our CCS and FINISHED. */ + /* Ignore a stray Finished from the previous handshake. */ if (msg_hdr.type == SSL3_MT_FINISHED) { - if (dtls1_check_timeout_num(s) < 0) { - return -1; + if (msg_hdr.frag_off == 0) { + /* Retransmit our last flight of messages. If the peer sends the second + * Finished, they may not have received ours. Only do this for the + * first fragment, in case the Finished was fragmented. */ + if (dtls1_check_timeout_num(s) < 0) { + return -1; + } + + dtls1_retransmit_buffered_messages(s); } - dtls1_retransmit_buffered_messages(s); rr->length = 0; goto start; } - - if ((s->state & SSL_ST_MASK) == SSL_ST_OK) { - s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; - s->renegotiate = 1; - s->new_session = 1; - } - i = s->handshake_func(s); - if (i < 0) { - return i; - } - if (i == 0) { - OPENSSL_PUT_ERROR(SSL, dtls1_read_bytes, SSL_R_SSL_HANDSHAKE_FAILURE); - return -1; - } - - goto start; } - switch (rr->type) { - default: - /* TLS just ignores unknown message types */ - if (s->version == TLS1_VERSION) { - rr->length = 0; - goto start; - } - al = SSL_AD_UNEXPECTED_MESSAGE; - OPENSSL_PUT_ERROR(SSL, dtls1_read_bytes, SSL_R_UNEXPECTED_RECORD); - goto f_err; - - case SSL3_RT_CHANGE_CIPHER_SPEC: - case SSL3_RT_ALERT: - case SSL3_RT_HANDSHAKE: - /* we already handled all of these, with the possible exception of - * SSL3_RT_HANDSHAKE when s->in_handshake is set, but that should not - * happen when type != rr->type */ - al = SSL_AD_UNEXPECTED_MESSAGE; - OPENSSL_PUT_ERROR(SSL, dtls1_read_bytes, ERR_R_INTERNAL_ERROR); - goto f_err; - - case SSL3_RT_APPLICATION_DATA: - /* At this point, we were expecting handshake data, but have application - * data. If the library was running inside ssl3_read() (i.e. - * in_read_app_data is set) and it makes sense to read application data - * at this point (session renegotiation not yet started), we will indulge - * it. */ - if (s->s3->in_read_app_data && (s->s3->total_renegotiations != 0) && - (((s->state & SSL_ST_CONNECT) && - (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && - (s->state <= SSL3_ST_CR_SRVR_HELLO_A)) || - ((s->state & SSL_ST_ACCEPT) && - (s->state <= SSL3_ST_SW_HELLO_REQ_A) && - (s->state >= SSL3_ST_SR_CLNT_HELLO_A)))) { - s->s3->in_read_app_data = 2; - return -1; - } else { - al = SSL_AD_UNEXPECTED_MESSAGE; - OPENSSL_PUT_ERROR(SSL, dtls1_read_bytes, SSL_R_UNEXPECTED_RECORD); - goto f_err; - } - } + /* We already handled these. */ + assert(rr->type != SSL3_RT_CHANGE_CIPHER_SPEC && rr->type != SSL3_RT_ALERT); - /* not reached */ + al = SSL_AD_UNEXPECTED_MESSAGE; + OPENSSL_PUT_ERROR(SSL, dtls1_read_bytes, SSL_R_UNEXPECTED_RECORD); f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); @@ -1047,35 +699,6 @@ int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len) { return i; } - -/* this only happens when a client hello is received and a handshake is - * started. */ -static int have_handshake_fragment(SSL *s, int type, uint8_t *buf, - int len, int peek) { - if (type == SSL3_RT_HANDSHAKE && s->d1->handshake_fragment_len > 0) { - /* (partially) satisfy request from storage */ - uint8_t *src = s->d1->handshake_fragment; - uint8_t *dst = buf; - unsigned int k, n; - - /* peek == 0 */ - n = 0; - while (len > 0 && s->d1->handshake_fragment_len > 0) { - *dst++ = *src++; - len--; - s->d1->handshake_fragment_len--; - n++; - } - /* move any remaining fragment bytes: */ - for (k = 0; k < s->d1->handshake_fragment_len; k++) { - s->d1->handshake_fragment[k] = *src++; - } - return n; - } - - return 0; -} - /* Call this to write data in records of type 'type' It will return <= 0 if not * all data has been sent or non-blocking IO. */ int dtls1_write_bytes(SSL *s, int type, const void *buf, int len) { @@ -1096,12 +719,9 @@ static int do_dtls1_write(SSL *s, int type, const uint8_t *buf, SSL3_RECORD *wr; SSL3_BUFFER *wb; - /* first check if there is a SSL3_BUFFER still being written - * out. This will happen with non blocking IO */ - if (s->s3->wbuf.left != 0) { - assert(0); /* XDTLS: want to see if we ever get here */ - return ssl3_write_pending(s, type, buf, len); - } + /* ssl3_write_pending drops the write if |BIO_write| fails in DTLS, so there + * is never pending data. */ + assert(s->s3->wbuf.left == 0); /* If we have an alert to send, lets send it */ if (s->s3->alert_dispatch) { @@ -1119,6 +739,9 @@ static int do_dtls1_write(SSL *s, int type, const uint8_t *buf, wr = &(s->s3->wrec); wb = &(s->s3->wbuf); + if (wb->buf == NULL && !ssl3_setup_write_buffer(s)) { + return -1; + } p = wb->buf + prefix_len; /* write the header */ @@ -1147,19 +770,14 @@ static int do_dtls1_write(SSL *s, int type, const uint8_t *buf, eivlen = s->aead_write_ctx->variable_nonce_len; } - /* lets setup the record stuff. */ - wr->data = p + eivlen; /* make room for IV in case of CBC */ - wr->length = (int)len; - wr->input = (unsigned char *)buf; - - /* we now 'read' from wr->input, wr->length bytes into wr->data */ - memcpy(wr->data, wr->input, wr->length); - wr->input = wr->data; - - /* this is true regardless of mac size */ + /* Assemble the input for |s->enc_method->enc|. The input is the plaintext + * with |eivlen| bytes of space prepended for the explicit nonce. */ wr->input = p; + wr->length = eivlen + len; + memcpy(p + eivlen, buf, len); + + /* Encrypt in-place, so the output also goes into |p|. */ wr->data = p; - wr->length += eivlen; if (!s->enc_method->enc(s, 1)) { goto err; @@ -1182,7 +800,9 @@ static int do_dtls1_write(SSL *s, int type, const uint8_t *buf, wr->type = type; /* not needed but helps for debugging */ wr->length += DTLS1_RT_HEADER_LENGTH; - ssl3_record_sequence_update(&(s->s3->write_sequence[0])); + if (!ssl3_record_sequence_update(&s->s3->write_sequence[2], 6)) { + goto err; + } /* now let's set up wb */ wb->left = prefix_len + wr->length; @@ -1285,23 +905,6 @@ int dtls1_dispatch_alert(SSL *s) { return i; } -static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, - unsigned int *is_next_epoch) { - *is_next_epoch = 0; - - /* In current epoch, accept HM, CCS, DATA, & ALERT */ - if (rr->epoch == s->d1->r_epoch) { - return &s->d1->bitmap; - } else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) && - (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) { - /* Only HM and ALERT messages can be from the next epoch */ - *is_next_epoch = 1; - return &s->d1->next_bitmap; - } - - return NULL; -} - void dtls1_reset_seq_numbers(SSL *s, int rw) { uint8_t *seq; unsigned int seq_bytes = sizeof(s->s3->read_sequence); @@ -1309,8 +912,7 @@ void dtls1_reset_seq_numbers(SSL *s, int rw) { if (rw & SSL3_CC_READ) { seq = s->s3->read_sequence; s->d1->r_epoch++; - memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP)); - memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP)); + memset(&s->d1->bitmap, 0, sizeof(DTLS1_BITMAP)); } else { seq = s->s3->write_sequence; memcpy(s->d1->last_write_sequence, seq, sizeof(s->s3->write_sequence)); diff --git a/src/ssl/d1_srtp.c b/src/ssl/d1_srtp.c index b85ff9b..5928fc8 100644 --- a/src/ssl/d1_srtp.c +++ b/src/ssl/d1_srtp.c @@ -115,12 +115,13 @@ */ #include +#include #include -#include #include +#include -#include "ssl_locl.h" +#include "internal.h" #include @@ -169,7 +170,7 @@ static int find_profile_by_num(unsigned profile_num, } static int ssl_ctx_make_profiles(const char *profiles_string, - STACK_OF(SRTP_PROTECTION_PROFILE) * *out) { + STACK_OF(SRTP_PROTECTION_PROFILE) **out) { STACK_OF(SRTP_PROTECTION_PROFILE) *profiles; const char *col; diff --git a/src/ssl/d1_srvr.c b/src/ssl/d1_srvr.c index 5bce98e..e314910 100644 --- a/src/ssl/d1_srvr.c +++ b/src/ssl/d1_srvr.c @@ -118,21 +118,20 @@ #include #include #include +#include #include #include #include #include #include -#include "ssl_locl.h" +#include "internal.h" -static int dtls1_send_hello_verify_request(SSL *s); - int dtls1_accept(SSL *s) { BUF_MEM *buf = NULL; void (*cb)(const SSL *ssl, int type, int val) = NULL; - unsigned long alg_a; + uint32_t alg_a; int ret = -1; int new_state, state, skip = 0; @@ -180,11 +179,6 @@ int dtls1_accept(SSL *s) { buf = NULL; } - if (!ssl3_setup_buffers(s)) { - ret = -1; - goto end; - } - s->init_num = 0; if (s->state != SSL_ST_RENEGOTIATE) { @@ -200,11 +194,9 @@ int dtls1_accept(SSL *s) { } s->state = SSL3_ST_SR_CLNT_HELLO_A; - s->ctx->stats.sess_accept++; } else { /* s->state == SSL_ST_RENEGOTIATE, * we will just send a * HelloRequest */ - s->ctx->stats.sess_accept_renegotiate++; s->state = SSL3_ST_SW_HELLO_REQ_A; } @@ -244,33 +236,10 @@ int dtls1_accept(SSL *s) { goto end; } dtls1_stop_timer(s); - - if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)) { - s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A; - } else { - s->state = SSL3_ST_SW_SRVR_HELLO_A; - } - + s->state = SSL3_ST_SW_SRVR_HELLO_A; s->init_num = 0; break; - case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: - case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: - ret = dtls1_send_hello_verify_request(s); - if (ret <= 0) { - goto end; - } - s->state = SSL3_ST_SW_FLUSH; - s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A; - - /* HelloVerifyRequest resets Finished MAC */ - if (!ssl3_init_finished_mac(s)) { - OPENSSL_PUT_ERROR(SSL, dtls1_accept, ERR_R_INTERNAL_ERROR); - ret = -1; - goto end; - } - break; - case SSL3_ST_SW_SRVR_HELLO_A: case SSL3_ST_SW_SRVR_HELLO_B: s->renegotiate = 2; @@ -347,13 +316,6 @@ int dtls1_accept(SSL *s) { * don't request cert during re-negotiation: */ ((s->session->peer != NULL) && (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || - /* never request cert in anonymous ciphersuites - * (see section "Certificate request" in SSL 3 drafts - * and in RFC 2246): */ - ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && - /* ... except when the application insists on verification - * (against the specs, but s3_clnt.c accepts this for SSL 3) */ - !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) || /* With normal PSK Certificates and * Certificate Requests are omitted */ (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { @@ -368,12 +330,7 @@ int dtls1_accept(SSL *s) { if (ret <= 0) { goto end; } -#ifndef NETSCAPE_HANG_BUG s->state = SSL3_ST_SW_SRVR_DONE_A; -#else - s->state = SSL3_ST_SW_FLUSH; - s->s3->tmp.next_state = SSL3_ST_SR_CERT_A; -#endif s->init_num = 0; } break; @@ -393,12 +350,6 @@ int dtls1_accept(SSL *s) { case SSL3_ST_SW_FLUSH: s->rwstate = SSL_WRITING; if (BIO_flush(s->wbio) <= 0) { - /* If the write error was fatal, stop trying */ - if (!BIO_should_retry(s->wbio)) { - s->rwstate = SSL_NOTHING; - s->state = s->s3->tmp.next_state; - } - ret = -1; goto end; } @@ -527,8 +478,6 @@ int dtls1_accept(SSL *s) { ssl_update_cache(s, SSL_SESS_CACHE_SERVER); - s->ctx->stats.sess_accept_good++; - if (cb != NULL) { cb(s, SSL_CB_HANDSHAKE_DONE, 1); } @@ -562,44 +511,9 @@ int dtls1_accept(SSL *s) { end: s->in_handshake--; - if (buf != NULL) { - BUF_MEM_free(buf); - } + BUF_MEM_free(buf); if (cb != NULL) { cb(s, SSL_CB_ACCEPT_EXIT, ret); } return ret; } - -int dtls1_send_hello_verify_request(SSL *s) { - uint8_t *msg, *p; - - if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) { - msg = p = ssl_handshake_start(s); - /* Always use DTLS 1.0 version: see RFC 6347 */ - *(p++) = DTLS1_VERSION >> 8; - *(p++) = DTLS1_VERSION & 0xFF; - - /* Inform the callback how much space is in the - * cookie's buffer. */ - s->d1->cookie_len = sizeof(s->d1->cookie); - - if (s->ctx->app_gen_cookie_cb == NULL || - s->ctx->app_gen_cookie_cb(s, s->d1->cookie, &(s->d1->cookie_len)) == - 0) { - OPENSSL_PUT_ERROR(SSL, dtls1_send_hello_verify_request, - ERR_R_INTERNAL_ERROR); - return 0; - } - - *(p++) = (uint8_t)s->d1->cookie_len; - memcpy(p, s->d1->cookie, s->d1->cookie_len); - p += s->d1->cookie_len; - - ssl_set_handshake_header(s, DTLS1_MT_HELLO_VERIFY_REQUEST, p - msg); - s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B; - } - - /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */ - return ssl_do_write(s); -} diff --git a/src/ssl/internal.h b/src/ssl/internal.h new file mode 100644 index 0000000..3bd749d --- /dev/null +++ b/src/ssl/internal.h @@ -0,0 +1,1134 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECC cipher suite support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ +/* ==================================================================== + * Copyright 2005 Nokia. All rights reserved. + * + * The portions of the attached software ("Contribution") is developed by + * Nokia Corporation and is licensed pursuant to the OpenSSL open source + * license. + * + * The Contribution, originally written by Mika Kousa and Pasi Eronen of + * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites + * support (see RFC 4279) to OpenSSL. + * + * No patent licenses or other rights except those expressly stated in + * the OpenSSL open source license shall be deemed granted or received + * expressly, by implication, estoppel, or otherwise. + * + * No assurances are provided by Nokia that the Contribution does not + * infringe the patent or other intellectual property rights of any third + * party or that the license provides you with all the necessary rights + * to make use of the Contribution. + * + * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN + * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA + * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY + * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR + * OTHERWISE. + */ + +#ifndef OPENSSL_HEADER_SSL_INTERNAL_H +#define OPENSSL_HEADER_SSL_INTERNAL_H + +#include + +#include +#include +#include +#include + +#if defined(OPENSSL_WINDOWS) +/* Windows defines struct timeval in winsock2.h. */ +#pragma warning(push, 3) +#include +#pragma warning(pop) +#else +#include +#endif + + +/* Cipher suites. */ + +/* Bits for |algorithm_mkey| (key exchange algorithm). */ +#define SSL_kRSA 0x00000001L +#define SSL_kDHE 0x00000002L +#define SSL_kECDHE 0x00000004L +/* SSL_kPSK is only set for plain PSK, not ECDHE_PSK. */ +#define SSL_kPSK 0x00000008L + +/* Bits for |algorithm_auth| (server authentication). */ +#define SSL_aRSA 0x00000001L +#define SSL_aECDSA 0x00000002L +/* SSL_aPSK is set for both PSK and ECDHE_PSK. */ +#define SSL_aPSK 0x00000004L + +/* Bits for |algorithm_enc| (symmetric encryption). */ +#define SSL_3DES 0x00000001L +#define SSL_RC4 0x00000002L +#define SSL_AES128 0x00000004L +#define SSL_AES256 0x00000008L +#define SSL_AES128GCM 0x00000010L +#define SSL_AES256GCM 0x00000020L +#define SSL_CHACHA20POLY1305 0x00000040L + +#define SSL_AES (SSL_AES128 | SSL_AES256 | SSL_AES128GCM | SSL_AES256GCM) + +/* Bits for |algorithm_mac| (symmetric authentication). */ +#define SSL_MD5 0x00000001L +#define SSL_SHA1 0x00000002L +#define SSL_SHA256 0x00000004L +#define SSL_SHA384 0x00000008L +/* SSL_AEAD is set for all AEADs. */ +#define SSL_AEAD 0x00000010L + +/* Bits for |algorithm_ssl| (protocol version). These denote the first protocol + * version which introduced the cipher. + * + * TODO(davidben): These are extremely confusing, both in code and in + * cipher rules. Try to remove them. */ +#define SSL_SSLV3 0x00000002L +#define SSL_TLSV1 SSL_SSLV3 +#define SSL_TLSV1_2 0x00000004L + +/* Bits for |algorithm2| (handshake digests and other extra flags). */ + +#define SSL_HANDSHAKE_MAC_MD5 0x10 +#define SSL_HANDSHAKE_MAC_SHA 0x20 +#define SSL_HANDSHAKE_MAC_SHA256 0x40 +#define SSL_HANDSHAKE_MAC_SHA384 0x80 +#define SSL_HANDSHAKE_MAC_DEFAULT \ + (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA) + +/* SSL_MAX_DIGEST is the number of digest types which exist. When adding a new + * one, update the table in ssl_cipher.c. */ +#define SSL_MAX_DIGEST 4 + +#define TLS1_PRF_DGST_MASK (0xff << TLS1_PRF_DGST_SHIFT) + +#define TLS1_PRF_DGST_SHIFT 10 +#define TLS1_PRF_MD5 (SSL_HANDSHAKE_MAC_MD5 << TLS1_PRF_DGST_SHIFT) +#define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT) +#define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT) +#define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT) +#define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1) + +/* SSL_CIPHER_ALGORITHM2_AEAD is a flag in SSL_CIPHER.algorithm2 which + * indicates that the cipher is implemented via an EVP_AEAD. */ +#define SSL_CIPHER_ALGORITHM2_AEAD (1 << 23) + +/* SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD is a flag in + * SSL_CIPHER.algorithm2 which indicates that the variable part of the nonce is + * included as a prefix of the record. (AES-GCM, for example, does with with an + * 8-byte variable nonce.) */ +#define SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD (1<<22) + +/* Bits for |algo_strength|, cipher strength information. */ +#define SSL_MEDIUM 0x00000001L +#define SSL_HIGH 0x00000002L +#define SSL_FIPS 0x00000004L + +/* ssl_cipher_get_evp_aead sets |*out_aead| to point to the correct EVP_AEAD + * object for |cipher| protocol version |version|. It sets |*out_mac_secret_len| + * and |*out_fixed_iv_len| to the MAC key length and fixed IV length, + * respectively. The MAC key length is zero except for legacy block and stream + * ciphers. It returns 1 on success and 0 on error. */ +int ssl_cipher_get_evp_aead(const EVP_AEAD **out_aead, + size_t *out_mac_secret_len, + size_t *out_fixed_iv_len, + const SSL_CIPHER *cipher, uint16_t version); + +/* ssl_get_handshake_digest looks up the |i|th handshake digest type and sets + * |*out_mask| to the |SSL_HANDSHAKE_MAC_*| mask and |*out_md| to the + * |EVP_MD|. It returns one on successs and zero if |i| >= |SSL_MAX_DIGEST|. */ +int ssl_get_handshake_digest(uint32_t *out_mask, const EVP_MD **out_md, + size_t i); + +/* ssl_create_cipher_list evaluates |rule_str| according to the ciphers in + * |ssl_method|. It sets |*out_cipher_list| to a newly-allocated + * |ssl_cipher_preference_list_st| containing the result. + * |*out_cipher_list_by_id| is set to a list of selected ciphers sorted by + * id. It returns |(*out_cipher_list)->ciphers| on success and NULL on + * failure. */ +STACK_OF(SSL_CIPHER) * +ssl_create_cipher_list(const SSL_PROTOCOL_METHOD *ssl_method, + struct ssl_cipher_preference_list_st **out_cipher_list, + STACK_OF(SSL_CIPHER) **out_cipher_list_by_id, + const char *rule_str); + +/* SSL_PKEY_* denote certificate types. */ +#define SSL_PKEY_RSA_ENC 0 +#define SSL_PKEY_RSA_SIGN 1 +#define SSL_PKEY_ECC 2 +#define SSL_PKEY_NUM 3 + +/* ssl_cipher_get_cert_index returns the |SSL_PKEY_*| value corresponding to the + * certificate type of |cipher| or -1 if there is none. */ +int ssl_cipher_get_cert_index(const SSL_CIPHER *cipher); + +/* ssl_cipher_has_server_public_key returns 1 if |cipher| involves a server + * public key in the key exchange, sent in a server Certificate message. + * Otherwise it returns 0. */ +int ssl_cipher_has_server_public_key(const SSL_CIPHER *cipher); + +/* ssl_cipher_requires_server_key_exchange returns 1 if |cipher| requires a + * ServerKeyExchange message. Otherwise it returns 0. + * + * Unlike ssl_cipher_has_server_public_key, some ciphers take optional + * ServerKeyExchanges. PSK and RSA_PSK only use the ServerKeyExchange to + * communicate a psk_identity_hint, so it is optional. */ +int ssl_cipher_requires_server_key_exchange(const SSL_CIPHER *cipher); + + +/* Underdocumented functions. + * + * Functions below here haven't been touched up and may be underdocumented. */ + +#define c2l(c, l) \ + (l = ((unsigned long)(*((c)++))), l |= (((unsigned long)(*((c)++))) << 8), \ + l |= (((unsigned long)(*((c)++))) << 16), \ + l |= (((unsigned long)(*((c)++))) << 24)) + +/* NOTE - c is not incremented as per c2l */ +#define c2ln(c, l1, l2, n) \ + { \ + c += n; \ + l1 = l2 = 0; \ + switch (n) { \ + case 8: \ + l2 = ((unsigned long)(*(--(c)))) << 24; \ + case 7: \ + l2 |= ((unsigned long)(*(--(c)))) << 16; \ + case 6: \ + l2 |= ((unsigned long)(*(--(c)))) << 8; \ + case 5: \ + l2 |= ((unsigned long)(*(--(c)))); \ + case 4: \ + l1 = ((unsigned long)(*(--(c)))) << 24; \ + case 3: \ + l1 |= ((unsigned long)(*(--(c)))) << 16; \ + case 2: \ + l1 |= ((unsigned long)(*(--(c)))) << 8; \ + case 1: \ + l1 |= ((unsigned long)(*(--(c)))); \ + } \ + } + +#define l2c(l, c) \ + (*((c)++) = (uint8_t)(((l)) & 0xff), \ + *((c)++) = (uint8_t)(((l) >> 8) & 0xff), \ + *((c)++) = (uint8_t)(((l) >> 16) & 0xff), \ + *((c)++) = (uint8_t)(((l) >> 24) & 0xff)) + +#define n2l(c, l) \ + (l = ((unsigned long)(*((c)++))) << 24, \ + l |= ((unsigned long)(*((c)++))) << 16, \ + l |= ((unsigned long)(*((c)++))) << 8, l |= ((unsigned long)(*((c)++)))) + +#define l2n(l, c) \ + (*((c)++) = (uint8_t)(((l) >> 24) & 0xff), \ + *((c)++) = (uint8_t)(((l) >> 16) & 0xff), \ + *((c)++) = (uint8_t)(((l) >> 8) & 0xff), \ + *((c)++) = (uint8_t)(((l)) & 0xff)) + +#define l2n8(l, c) \ + (*((c)++) = (uint8_t)(((l) >> 56) & 0xff), \ + *((c)++) = (uint8_t)(((l) >> 48) & 0xff), \ + *((c)++) = (uint8_t)(((l) >> 40) & 0xff), \ + *((c)++) = (uint8_t)(((l) >> 32) & 0xff), \ + *((c)++) = (uint8_t)(((l) >> 24) & 0xff), \ + *((c)++) = (uint8_t)(((l) >> 16) & 0xff), \ + *((c)++) = (uint8_t)(((l) >> 8) & 0xff), \ + *((c)++) = (uint8_t)(((l)) & 0xff)) + +/* NOTE - c is not incremented as per l2c */ +#define l2cn(l1, l2, c, n) \ + { \ + c += n; \ + switch (n) { \ + case 8: \ + *(--(c)) = (uint8_t)(((l2) >> 24) & 0xff); \ + case 7: \ + *(--(c)) = (uint8_t)(((l2) >> 16) & 0xff); \ + case 6: \ + *(--(c)) = (uint8_t)(((l2) >> 8) & 0xff); \ + case 5: \ + *(--(c)) = (uint8_t)(((l2)) & 0xff); \ + case 4: \ + *(--(c)) = (uint8_t)(((l1) >> 24) & 0xff); \ + case 3: \ + *(--(c)) = (uint8_t)(((l1) >> 16) & 0xff); \ + case 2: \ + *(--(c)) = (uint8_t)(((l1) >> 8) & 0xff); \ + case 1: \ + *(--(c)) = (uint8_t)(((l1)) & 0xff); \ + } \ + } + +#define n2s(c, s) \ + ((s = (((unsigned int)(c[0])) << 8) | (((unsigned int)(c[1])))), c += 2) + +#define s2n(s, c) \ + ((c[0] = (uint8_t)(((s) >> 8) & 0xff), \ + c[1] = (uint8_t)(((s)) & 0xff)), \ + c += 2) + +#define n2l3(c, l) \ + ((l = (((unsigned long)(c[0])) << 16) | (((unsigned long)(c[1])) << 8) | \ + (((unsigned long)(c[2])))), \ + c += 3) + +#define l2n3(l, c) \ + ((c[0] = (uint8_t)(((l) >> 16) & 0xff), \ + c[1] = (uint8_t)(((l) >> 8) & 0xff), \ + c[2] = (uint8_t)(((l)) & 0xff)), \ + c += 3) + +/* LOCAL STUFF */ + +#define TLSEXT_CHANNEL_ID_SIZE 128 + +/* Check if an SSL structure is using DTLS */ +#define SSL_IS_DTLS(s) (s->method->is_dtls) +/* See if we need explicit IV */ +#define SSL_USE_EXPLICIT_IV(s) \ + (s->enc_method->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV) +/* See if we use signature algorithms extension and signature algorithm before + * signatures. */ +#define SSL_USE_SIGALGS(s) (s->enc_method->enc_flags & SSL_ENC_FLAG_SIGALGS) +/* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2: may + * apply to others in future. */ +#define SSL_USE_TLS1_2_CIPHERS(s) \ + (s->enc_method->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS) +/* Determine if a client can use TLS 1.2 ciphersuites: can't rely on method + * flags because it may not be set to correct version yet. */ +#define SSL_CLIENT_USE_TLS1_2_CIPHERS(s) \ + ((SSL_IS_DTLS(s) && s->client_version <= DTLS1_2_VERSION) || \ + (!SSL_IS_DTLS(s) && s->client_version >= TLS1_2_VERSION)) + +/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | + * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) + * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN) + * SSL_kDHE <- RSA_ENC | RSA_SIGN | DSA_SIGN + * SSL_aRSA <- RSA_ENC | RSA_SIGN + * SSL_aDSS <- DSA_SIGN */ + +#define PENDING_SESSION -10000 + +/* From RFC4492, used in encoding the curve type in ECParameters */ +#define EXPLICIT_PRIME_CURVE_TYPE 1 +#define EXPLICIT_CHAR2_CURVE_TYPE 2 +#define NAMED_CURVE_TYPE 3 + +enum ssl_hash_message_t { + ssl_dont_hash_message, + ssl_hash_message, +}; + +typedef struct cert_pkey_st { + X509 *x509; + EVP_PKEY *privatekey; + /* Chain for this certificate */ + STACK_OF(X509) *chain; +} CERT_PKEY; + +typedef struct cert_st { + /* Current active set */ + CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array + * Probably it would make more sense to store + * an index, not a pointer. */ + + /* For clients the following masks are of *disabled* key and auth algorithms + * based on the current session. + * + * TODO(davidben): Remove these. They get checked twice: when sending the + * ClientHello and when processing the ServerHello. However, mask_ssl is a + * different value both times. mask_k and mask_a are not, but is a + * round-about way of checking the server's cipher was one of the advertised + * ones. (Currently it checks the masks and then the list of ciphers prior to + * applying the masks in ClientHello.) */ + uint32_t mask_k; + uint32_t mask_a; + uint32_t mask_ssl; + + DH *dh_tmp; + DH *(*dh_tmp_cb)(SSL *ssl, int is_export, int keysize); + + /* ecdh_nid, if not |NID_undef|, is the NID of the curve to use for ephemeral + * ECDH keys. If unset, |ecdh_tmp_cb| is consulted. */ + int ecdh_nid; + /* ecdh_tmp_cb is a callback for selecting the curve to use for ephemeral ECDH + * keys. If NULL, a curve is selected automatically. See + * |SSL_CTX_set_tmp_ecdh_callback|. */ + EC_KEY *(*ecdh_tmp_cb)(SSL *ssl, int is_export, int keysize); + CERT_PKEY pkeys[SSL_PKEY_NUM]; + + /* Server-only: client_certificate_types is list of certificate types to + * include in the CertificateRequest message. + */ + uint8_t *client_certificate_types; + size_t num_client_certificate_types; + + /* signature algorithms peer reports: e.g. supported signature + * algorithms extension for server or as part of a certificate + * request for client. */ + uint8_t *peer_sigalgs; + /* Size of above array */ + size_t peer_sigalgslen; + /* suppported signature algorithms. + * When set on a client this is sent in the client hello as the + * supported signature algorithms extension. For servers + * it represents the signature algorithms we are willing to use. */ + uint8_t *conf_sigalgs; + /* Size of above array */ + size_t conf_sigalgslen; + /* Client authentication signature algorithms, if not set then + * uses conf_sigalgs. On servers these will be the signature + * algorithms sent to the client in a cerificate request for TLS 1.2. + * On a client this represents the signature algortithms we are + * willing to use for client authentication. */ + uint8_t *client_sigalgs; + /* Size of above array */ + size_t client_sigalgslen; + /* Signature algorithms shared by client and server: cached + * because these are used most often. */ + TLS_SIGALGS *shared_sigalgs; + size_t shared_sigalgslen; + + /* Certificate setup callback: if set is called whenever a + * certificate may be required (client or server). the callback + * can then examine any appropriate parameters and setup any + * certificates required. This allows advanced applications + * to select certificates on the fly: for example based on + * supported signature algorithms or curves. */ + int (*cert_cb)(SSL *ssl, void *arg); + void *cert_cb_arg; + + /* Optional X509_STORE for chain building or certificate validation + * If NULL the parent SSL_CTX store is used instead. */ + X509_STORE *chain_store; + X509_STORE *verify_store; +} CERT; + +typedef struct sess_cert_st { + STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */ + + /* The 'peer_...' members are used only by clients. */ + int peer_cert_type; + + CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */ + CERT_PKEY peer_pkeys[SSL_PKEY_NUM]; + /* Obviously we don't have the private keys of these, + * so maybe we shouldn't even use the CERT_PKEY type here. */ + + DH *peer_dh_tmp; + EC_KEY *peer_ecdh_tmp; +} SESS_CERT; + +/* Structure containing decoded values of signature algorithms extension */ +struct tls_sigalgs_st { + /* NID of hash algorithm */ + int hash_nid; + /* NID of signature algorithm */ + int sign_nid; + /* Combined hash and signature NID */ + int signandhash_nid; + /* Raw values used in extension */ + uint8_t rsign; + uint8_t rhash; +}; + +/* SSL_METHOD is a compatibility structure to support the legacy version-locked + * methods. */ +struct ssl_method_st { + /* version, if non-zero, is the only protocol version acceptable to an + * SSL_CTX initialized from this method. */ + uint16_t version; + /* method is the underlying SSL_PROTOCOL_METHOD that initializes the + * SSL_CTX. */ + const SSL_PROTOCOL_METHOD *method; +}; + +/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ +struct ssl_protocol_method_st { + /* is_dtls is one if the protocol is DTLS and zero otherwise. */ + char is_dtls; + int (*ssl_new)(SSL *s); + void (*ssl_free)(SSL *s); + int (*ssl_accept)(SSL *s); + int (*ssl_connect)(SSL *s); + int (*ssl_read)(SSL *s, void *buf, int len); + int (*ssl_peek)(SSL *s, void *buf, int len); + int (*ssl_write)(SSL *s, const void *buf, int len); + int (*ssl_shutdown)(SSL *s); + int (*ssl_renegotiate)(SSL *s); + int (*ssl_renegotiate_check)(SSL *s); + long (*ssl_get_message)(SSL *s, int header_state, int body_state, + int msg_type, long max, + enum ssl_hash_message_t hash_message, int *ok); + int (*ssl_read_bytes)(SSL *s, int type, uint8_t *buf, int len, int peek); + int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len); + int (*ssl_dispatch_alert)(SSL *s); + long (*ssl_ctrl)(SSL *s, int cmd, long larg, void *parg); + long (*ssl_ctx_ctrl)(SSL_CTX *ctx, int cmd, long larg, void *parg); + int (*ssl_pending)(const SSL *s); + size_t (*num_ciphers)(void); + const SSL_CIPHER *(*get_cipher)(size_t i); + /* Handshake header length */ + unsigned int hhlen; + /* Set the handshake header */ + int (*set_handshake_header)(SSL *s, int type, unsigned long len); + /* Write out handshake message */ + int (*do_write)(SSL *s); +}; + +/* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff It is a bit + * of a mess of functions, but hell, think of it as an opaque structure. */ +struct ssl3_enc_method { + int (*enc)(SSL *, int); + int (*prf)(SSL *, uint8_t *, size_t, const uint8_t *, size_t, const char *, + size_t, const uint8_t *, size_t, const uint8_t *, size_t); + int (*setup_key_block)(SSL *); + int (*generate_master_secret)(SSL *, uint8_t *, const uint8_t *, size_t); + int (*change_cipher_state)(SSL *, int); + int (*final_finish_mac)(SSL *, const char *, int, uint8_t *); + int (*cert_verify_mac)(SSL *, int, uint8_t *); + const char *client_finished_label; + int client_finished_label_len; + const char *server_finished_label; + int server_finished_label_len; + int (*alert_value)(int); + int (*export_keying_material)(SSL *, uint8_t *, size_t, const char *, size_t, + const uint8_t *, size_t, int use_context); + /* Various flags indicating protocol version requirements */ + unsigned int enc_flags; +}; + +#define SSL_HM_HEADER_LENGTH(s) s->method->hhlen +#define ssl_handshake_start(s) \ + (((uint8_t *)s->init_buf->data) + s->method->hhlen) +#define ssl_set_handshake_header(s, htype, len) \ + s->method->set_handshake_header(s, htype, len) +#define ssl_do_write(s) s->method->do_write(s) + +/* Values for enc_flags */ + +/* Uses explicit IV for CBC mode */ +#define SSL_ENC_FLAG_EXPLICIT_IV 0x1 +/* Uses signature algorithms extension */ +#define SSL_ENC_FLAG_SIGALGS 0x2 +/* Uses SHA256 default PRF */ +#define SSL_ENC_FLAG_SHA256_PRF 0x4 +/* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2: + * may apply to others in future. */ +#define SSL_ENC_FLAG_TLS1_2_CIPHERS 0x8 + +/* ssl_aead_ctx_st contains information about an AEAD that is being used to + * encrypt an SSL connection. */ +struct ssl_aead_ctx_st { + EVP_AEAD_CTX ctx; + /* fixed_nonce contains any bytes of the nonce that are fixed for all + * records. */ + uint8_t fixed_nonce[8]; + uint8_t fixed_nonce_len, variable_nonce_len, tag_len; + /* variable_nonce_included_in_record is non-zero if the variable nonce + * for a record is included as a prefix before the ciphertext. */ + char variable_nonce_included_in_record; + /* random_variable_nonce is non-zero if the variable nonce is + * randomly generated, rather than derived from the sequence + * number. */ + char random_variable_nonce; + /* omit_length_in_ad is non-zero if the length should be omitted in the + * AEAD's ad parameter. */ + char omit_length_in_ad; + /* omit_version_in_ad is non-zero if the version should be omitted + * in the AEAD's ad parameter. */ + char omit_version_in_ad; +}; + +/* lengths of messages */ +#define DTLS1_COOKIE_LENGTH 256 + +#define DTLS1_RT_HEADER_LENGTH 13 + +#define DTLS1_HM_HEADER_LENGTH 12 + +#define DTLS1_CCS_HEADER_LENGTH 1 + +#define DTLS1_AL_HEADER_LENGTH 2 + +typedef struct dtls1_bitmap_st { + /* map is a bit mask of the last 64 sequence numbers. Bit + * |1< +#include #include #include @@ -104,6 +105,8 @@ void pqueue_free(pqueue_s *pq) { return; } + /* The queue must be empty. */ + assert(pq->items == NULL); OPENSSL_free(pq); } diff --git a/src/ssl/pqueue/pqueue_test.c b/src/ssl/pqueue/pqueue_test.c index c4b4b9d..cb688f7 100644 --- a/src/ssl/pqueue/pqueue_test.c +++ b/src/ssl/pqueue/pqueue_test.c @@ -19,6 +19,17 @@ #include +static void clear_and_free_queue(pqueue q) { + for (;;) { + pitem *item = pqueue_pop(q); + if (item == NULL) { + break; + } + pitem_free(item); + } + pqueue_free(q); +} + static int trivial(void) { pqueue q = pqueue_new(); if (q == NULL) { @@ -37,7 +48,7 @@ static int trivial(void) { return 0; } pitem_free(item); - pqueue_free(q); + clear_and_free_queue(q); return 1; } @@ -101,7 +112,7 @@ static int fixed_random(void) { } curr = next; } - pqueue_free(q); + clear_and_free_queue(q); return 1; } diff --git a/src/ssl/s3_both.c b/src/ssl/s3_both.c index a34d221..b78f6d3 100644 --- a/src/ssl/s3_both.c +++ b/src/ssl/s3_both.c @@ -116,6 +116,7 @@ #include #include +#include #include #include #include @@ -124,7 +125,7 @@ #include #include -#include "ssl_locl.h" +#include "internal.h" /* ssl3_do_write sends |s->init_buf| in records of type 'type' @@ -173,8 +174,7 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) { return 0; } - /* Copy the finished so we can use it for - * renegotiation checks */ + /* Copy the finished so we can use it for renegotiation checks */ if (s->server) { assert(n <= EVP_MAX_MD_SIZE); memcpy(s->s3->previous_server_finished, s->s3->tmp.finish_md, n); @@ -185,7 +185,9 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) { s->s3->previous_client_finished_len = n; } - ssl_set_handshake_header(s, SSL3_MT_FINISHED, n); + if (!ssl_set_handshake_header(s, SSL3_MT_FINISHED, n)) { + return 0; + } s->state = b; } @@ -224,7 +226,7 @@ int ssl3_get_finished(SSL *s, int a, int b) { message_len = s->method->ssl_get_message(s, a, b, SSL3_MT_FINISHED, EVP_MAX_MD_SIZE, - SSL_GET_MESSAGE_DONT_HASH_MESSAGE, &ok); + ssl_dont_hash_message, &ok); if (!ok) { return message_len; @@ -232,7 +234,9 @@ int ssl3_get_finished(SSL *s, int a, int b) { /* Snapshot the finished hash before incorporating the new message. */ ssl3_take_mac(s); - ssl3_hash_current_message(s); + if (!ssl3_hash_current_message(s)) { + goto err; + } /* If this occurs, we have missed a message. * TODO(davidben): Is this check now redundant with SSL3_FLAGS_EXPECT_CCS? */ @@ -273,6 +277,7 @@ int ssl3_get_finished(SSL *s, int a, int b) { f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); +err: return 0; } @@ -296,11 +301,17 @@ int ssl3_send_change_cipher_spec(SSL *s, int a, int b) { return ssl3_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC); } -unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk) { +int ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk) { uint8_t *p; unsigned long l = 3 + SSL_HM_HEADER_LENGTH(s); - if (!ssl_add_cert_chain(s, cpk, &l)) { + if (cpk == NULL) { + /* TLSv1 sends a chain with nothing in it, instead of an alert. */ + if (!BUF_MEM_grow_clean(s->init_buf, l)) { + OPENSSL_PUT_ERROR(SSL, ssl3_output_cert_chain, ERR_R_BUF_LIB); + return 0; + } + } else if (!ssl_add_cert_chain(s, cpk, &l)) { return 0; } @@ -308,25 +319,24 @@ unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk) { p = ssl_handshake_start(s); l2n3(l, p); l += 3; - ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE, l); - return l + SSL_HM_HEADER_LENGTH(s); + return ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE, l); } /* Obtain handshake message of message type |msg_type| (any if |msg_type| == -1), * maximum acceptable body length |max|. The first four bytes (msg_type and * length) are read in state |header_state|, the body is read in state |body_state|. */ long ssl3_get_message(SSL *s, int header_state, int body_state, int msg_type, - long max, int hash_message, int *ok) { + long max, enum ssl_hash_message_t hash_message, int *ok) { uint8_t *p; unsigned long l; long n; int al; if (s->s3->tmp.reuse_message) { - /* A SSL_GET_MESSAGE_DONT_HASH_MESSAGE call cannot be combined with - * reuse_message; the SSL_GET_MESSAGE_DONT_HASH_MESSAGE would have to have - * been applied to the previous call. */ - assert(hash_message != SSL_GET_MESSAGE_DONT_HASH_MESSAGE); + /* A ssl_dont_hash_message call cannot be combined with reuse_message; the + * ssl_dont_hash_message would have to have been applied to the previous + * call. */ + assert(hash_message == ssl_hash_message); s->s3->tmp.reuse_message = 0; if (msg_type >= 0 && s->s3->tmp.message_type != msg_type) { al = SSL_AD_UNEXPECTED_MESSAGE; @@ -350,7 +360,6 @@ long ssl3_get_message(SSL *s, int header_state, int body_state, int msg_type, int bytes_read = s->method->ssl_read_bytes( s, SSL3_RT_HANDSHAKE, &p[s->init_num], 4 - s->init_num, 0); if (bytes_read <= 0) { - s->rwstate = SSL_READING; *ok = 0; return bytes_read; } @@ -416,8 +425,8 @@ long ssl3_get_message(SSL *s, int header_state, int body_state, int msg_type, } /* Feed this message into MAC computation. */ - if (hash_message != SSL_GET_MESSAGE_DONT_HASH_MESSAGE) { - ssl3_hash_current_message(s); + if (hash_message == ssl_hash_message && !ssl3_hash_current_message(s)) { + goto err; } if (s->msg_callback) { s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, @@ -434,11 +443,12 @@ err: return -1; } -void ssl3_hash_current_message(SSL *s) { +int ssl3_hash_current_message(SSL *s) { /* The handshake header (different size between DTLS and TLS) is included in * the hash. */ size_t header_len = s->init_msg - (uint8_t *)s->init_buf->data; - ssl3_finish_mac(s, (uint8_t *)s->init_buf->data, s->init_num + header_len); + return ssl3_finish_mac(s, (uint8_t *)s->init_buf->data, + s->init_num + header_len); } /* ssl3_cert_verify_hash is documented as needing EVP_MAX_MD_SIZE because that @@ -586,8 +596,7 @@ int ssl3_setup_read_buffer(SSL *s) { #endif if (s->s3->rbuf.buf == NULL) { - len = SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_ENCRYPTED_OVERHEAD + - headerlen + align; + len = SSL3_RT_MAX_ENCRYPTED_LENGTH + headerlen + align; if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) { s->s3->init_extra = 1; len += SSL3_RT_MAX_EXTRA; @@ -645,28 +654,16 @@ err: return 0; } - -int ssl3_setup_buffers(SSL *s) { - if (!ssl3_setup_read_buffer(s) || - !ssl3_setup_write_buffer(s)) { - return 0; - } - return 1; -} - int ssl3_release_write_buffer(SSL *s) { - if (s->s3->wbuf.buf != NULL) { - OPENSSL_free(s->s3->wbuf.buf); - s->s3->wbuf.buf = NULL; - } + OPENSSL_free(s->s3->wbuf.buf); + s->s3->wbuf.buf = NULL; return 1; } int ssl3_release_read_buffer(SSL *s) { - if (s->s3->rbuf.buf != NULL) { - OPENSSL_free(s->s3->rbuf.buf); - s->s3->rbuf.buf = NULL; - } + OPENSSL_free(s->s3->rbuf.buf); + s->s3->rbuf.buf = NULL; + s->packet = NULL; return 1; } diff --git a/src/ssl/s3_clnt.c b/src/ssl/s3_clnt.c index 231cc65..d01acae 100644 --- a/src/ssl/s3_clnt.c +++ b/src/ssl/s3_clnt.c @@ -150,20 +150,21 @@ #include #include +#include #include #include #include #include +#include #include #include #include #include #include -#include #include -#include "ssl_locl.h" +#include "internal.h" #include "../crypto/dh/internal.h" @@ -195,12 +196,21 @@ int ssl3_connect(SSL *s) { case SSL_ST_RENEGOTIATE: s->renegotiate = 1; s->state = SSL_ST_CONNECT; - s->ctx->stats.sess_connect_renegotiate++; /* fallthrough */ case SSL_ST_CONNECT: case SSL_ST_BEFORE | SSL_ST_CONNECT: - if (cb != NULL) + if (cb != NULL) { cb(s, SSL_CB_HANDSHAKE_START, 1); + } + + if ((s->version >> 8) != 3) { + /* TODO(davidben): Some consumers clear |s->version| to break the + * handshake in a callback. Remove this when they're using proper + * APIs. */ + OPENSSL_PUT_ERROR(SSL, ssl3_connect, ERR_R_INTERNAL_ERROR); + ret = -1; + goto end; + } if (s->init_buf == NULL) { buf = BUF_MEM_new(); @@ -214,8 +224,7 @@ int ssl3_connect(SSL *s) { buf = NULL; } - if (!ssl3_setup_buffers(s) || - !ssl_init_wbio_buffer(s, 0)) { + if (!ssl_init_wbio_buffer(s, 0)) { ret = -1; goto end; } @@ -229,7 +238,6 @@ int ssl3_connect(SSL *s) { } s->state = SSL3_ST_CW_CLNT_HELLO_A; - s->ctx->stats.sess_connect++; s->init_num = 0; break; @@ -389,12 +397,8 @@ int ssl3_connect(SSL *s) { s->init_num = 0; s->session->cipher = s->s3->tmp.new_cipher; - if (!s->enc_method->setup_key_block(s)) { - ret = -1; - goto end; - } - - if (!s->enc_method->change_cipher_state( + if (!s->enc_method->setup_key_block(s) || + !s->enc_method->change_cipher_state( s, SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { ret = -1; goto end; @@ -445,15 +449,16 @@ int ssl3_connect(SSL *s) { * hashes. */ if (s->s3->tlsext_channel_id_new) { ret = tls1_record_handshake_hashes_for_channel_id(s); - if (ret <= 0) + if (ret <= 0) { goto end; + } } - if ((SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) && - ssl3_can_cutthrough(s) && - /* no cutthrough on renegotiation (would complicate the state - * machine) */ + if ((SSL_get_mode(s) & SSL_MODE_ENABLE_FALSE_START) && + ssl3_can_false_start(s) && + /* No False Start on renegotiation (would complicate the state + * machine). */ s->s3->previous_server_finished_len == 0) { - s->s3->tmp.next_state = SSL3_ST_CUTTHROUGH_COMPLETE; + s->s3->tmp.next_state = SSL3_ST_FALSE_START; } else { /* Allow NewSessionTicket if ticket expected */ if (s->tlsext_ticket_expected) { @@ -522,13 +527,14 @@ int ssl3_connect(SSL *s) { s->state = s->s3->tmp.next_state; break; - case SSL3_ST_CUTTHROUGH_COMPLETE: + case SSL3_ST_FALSE_START: /* Allow NewSessionTicket if ticket expected */ if (s->tlsext_ticket_expected) { s->state = SSL3_ST_CR_SESSION_TICKET_A; } else { s->state = SSL3_ST_CR_CHANGE; } + s->s3->tmp.in_false_start = 1; ssl_free_wbio_buffer(s); ret = 1; @@ -538,10 +544,8 @@ int ssl3_connect(SSL *s) { /* clean a few things up */ ssl3_cleanup_key_block(s); - if (s->init_buf != NULL) { - BUF_MEM_free(s->init_buf); - s->init_buf = NULL; - } + BUF_MEM_free(s->init_buf); + s->init_buf = NULL; /* Remove write buffering now. */ ssl_free_wbio_buffer(s); @@ -549,15 +553,12 @@ int ssl3_connect(SSL *s) { s->init_num = 0; s->renegotiate = 0; s->new_session = 0; + s->s3->tmp.in_false_start = 0; ssl_update_cache(s, SSL_SESS_CACHE_CLIENT); - if (s->hit) { - s->ctx->stats.sess_hit++; - } ret = 1; /* s->server=0; */ - s->ctx->stats.sess_connect_good++; if (cb != NULL) { cb(s, SSL_CB_HANDSHAKE_DONE, 1); @@ -584,9 +585,7 @@ int ssl3_connect(SSL *s) { end: s->in_handshake--; - if (buf != NULL) { - BUF_MEM_free(buf); - } + BUF_MEM_free(buf); if (cb != NULL) { cb(s, SSL_CB_CONNECT_EXIT, ret); } @@ -625,8 +624,9 @@ int ssl3_send_client_hello(SSL *s) { /* If resending the ClientHello in DTLS after a HelloVerifyRequest, don't * renegerate the client_random. The random must be reused. */ - if (!SSL_IS_DTLS(s) || !s->d1->send_cookie) { - ssl_fill_hello_random(s, 0, p, sizeof(s->s3->client_random)); + if ((!SSL_IS_DTLS(s) || !s->d1->send_cookie) && + !ssl_fill_hello_random(s, 0, p, sizeof(s->s3->client_random))) { + goto err; } /* Do the message type and length last. Note: the final argument to @@ -720,7 +720,9 @@ int ssl3_send_client_hello(SSL *s) { } l = p - d; - ssl_set_handshake_header(s, SSL3_MT_CLIENT_HELLO, l); + if (!ssl_set_handshake_header(s, SSL3_MT_CLIENT_HELLO, l)) { + goto err; + } s->state = SSL3_ST_CW_CLNT_HELLO_B; } @@ -732,7 +734,7 @@ err: } int ssl3_get_server_hello(SSL *s) { - STACK_OF(SSL_CIPHER) * sk; + STACK_OF(SSL_CIPHER) *sk; const SSL_CIPHER *c; CERT *ct = s->cert; int al = SSL_AD_INTERNAL_ERROR, ok; @@ -740,12 +742,12 @@ int ssl3_get_server_hello(SSL *s) { CBS server_hello, server_random, session_id; uint16_t server_version, cipher_suite; uint8_t compression_method; - unsigned long mask_ssl; + uint32_t mask_ssl; n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A, SSL3_ST_CR_SRVR_HELLO_B, SSL3_MT_SERVER_HELLO, 20000, /* ?? */ - SSL_GET_MESSAGE_HASH_MESSAGE, &ok); + ssl_hash_message, &ok); if (!ok) { uint32_t err = ERR_peek_error(); @@ -858,24 +860,22 @@ int ssl3_get_server_hello(SSL *s) { goto f_err; } - if (s->hit && s->session->cipher != c) { - al = SSL_AD_ILLEGAL_PARAMETER; - OPENSSL_PUT_ERROR(SSL, ssl3_get_server_hello, - SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); - goto f_err; + if (s->hit) { + if (s->session->cipher != c) { + al = SSL_AD_ILLEGAL_PARAMETER; + OPENSSL_PUT_ERROR(SSL, ssl3_get_server_hello, + SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); + goto f_err; + } + if (s->session->ssl_version != s->version) { + al = SSL_AD_ILLEGAL_PARAMETER; + OPENSSL_PUT_ERROR(SSL, ssl3_get_server_hello, + SSL_R_OLD_SESSION_VERSION_NOT_RETURNED); + goto f_err; + } } s->s3->tmp.new_cipher = c; - /* Most clients also require that the negotiated version match the session's - * version if resuming. However OpenSSL has historically not had the - * corresponding logic on the server, so this may not be compatible, - * depending on other factors. (Whether the ClientHello version is clamped to - * the session's version and whether the session cache is keyed on IP - * address.) - * - * TODO(davidben): See if we can still enforce this? Perhaps for the future - * TLS 1.3 and forward if this is fixed upstream. */ - /* Don't digest cached records if no sigalgs: we may need them for client * authentication. */ if (!SSL_USE_SIGALGS(s) && @@ -924,8 +924,8 @@ int ssl3_get_server_certificate(SSL *s) { const uint8_t *data; n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A, SSL3_ST_CR_CERT_B, - SSL3_MT_CERTIFICATE, s->max_cert_list, - SSL_GET_MESSAGE_HASH_MESSAGE, &ok); + SSL3_MT_CERTIFICATE, (long)s->max_cert_list, + ssl_hash_message, &ok); if (!ok) { return n; @@ -988,9 +988,7 @@ int ssl3_get_server_certificate(SSL *s) { goto err; } - if (s->session->sess_cert) { - ssl_sess_cert_free(s->session->sess_cert); - } + ssl_sess_cert_free(s->session->sess_cert); s->session->sess_cert = sc; sc->cert_chain = sk; @@ -1028,17 +1026,11 @@ int ssl3_get_server_certificate(SSL *s) { goto f_err; } sc->peer_cert_type = i; - /* Why would the following ever happen? We just created sc a couple of lines - * ago. */ - if (sc->peer_pkeys[i].x509 != NULL) { - X509_free(sc->peer_pkeys[i].x509); - } + X509_free(sc->peer_pkeys[i].x509); sc->peer_pkeys[i].x509 = X509_up_ref(x); sc->peer_key = &(sc->peer_pkeys[i]); - if (s->session->peer != NULL) { - X509_free(s->session->peer); - } + X509_free(s->session->peer); s->session->peer = X509_up_ref(x); s->session->verify_result = s->verify_result; @@ -1075,7 +1067,7 @@ int ssl3_get_server_key_exchange(SSL *s) { * ServerKeyExchange message may be skipped */ n = s->method->ssl_get_message(s, SSL3_ST_CR_KEY_EXCH_A, SSL3_ST_CR_KEY_EXCH_B, -1, s->max_cert_list, - SSL_GET_MESSAGE_HASH_MESSAGE, &ok); + ssl_hash_message, &ok); if (!ok) { return n; } @@ -1096,14 +1088,15 @@ int ssl3_get_server_key_exchange(SSL *s) { * initialized |sess_cert|. */ if (s->session->sess_cert == NULL) { s->session->sess_cert = ssl_sess_cert_new(); + if (s->session->sess_cert == NULL) { + return -1; + } } /* TODO(davidben): This should be reset in one place with the rest of the * handshake state. */ - if (s->s3->tmp.peer_psk_identity_hint) { - OPENSSL_free(s->s3->tmp.peer_psk_identity_hint); - s->s3->tmp.peer_psk_identity_hint = NULL; - } + OPENSSL_free(s->s3->tmp.peer_psk_identity_hint); + s->s3->tmp.peer_psk_identity_hint = NULL; } s->s3->tmp.reuse_message = 1; return 1; @@ -1114,16 +1107,15 @@ int ssl3_get_server_key_exchange(SSL *s) { server_key_exchange_orig = server_key_exchange; if (s->session->sess_cert != NULL) { - if (s->session->sess_cert->peer_dh_tmp) { - DH_free(s->session->sess_cert->peer_dh_tmp); - s->session->sess_cert->peer_dh_tmp = NULL; - } - if (s->session->sess_cert->peer_ecdh_tmp) { - EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp); - s->session->sess_cert->peer_ecdh_tmp = NULL; - } + DH_free(s->session->sess_cert->peer_dh_tmp); + s->session->sess_cert->peer_dh_tmp = NULL; + EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp); + s->session->sess_cert->peer_ecdh_tmp = NULL; } else { s->session->sess_cert = ssl_sess_cert_new(); + if (s->session->sess_cert == NULL) { + return -1; + } } alg_k = s->s3->tmp.new_cipher->algorithm_mkey; @@ -1165,7 +1157,7 @@ int ssl3_get_server_key_exchange(SSL *s) { } } - if (alg_k & SSL_kEDH) { + if (alg_k & SSL_kDHE) { CBS dh_p, dh_g, dh_Ys; if (!CBS_get_u16_length_prefixed(&server_key_exchange, &dh_p) || @@ -1207,10 +1199,9 @@ int ssl3_get_server_key_exchange(SSL *s) { s->session->sess_cert->peer_dh_tmp = dh; dh = NULL; - } else if (alg_k & SSL_kEECDH) { + } else if (alg_k & SSL_kECDHE) { uint16_t curve_id; int curve_nid = 0; - EC_GROUP *ngroup; const EC_GROUP *group; CBS point; @@ -1231,20 +1222,12 @@ int ssl3_get_server_key_exchange(SSL *s) { goto f_err; } - ecdh = EC_KEY_new(); + ecdh = EC_KEY_new_by_curve_name(curve_nid); if (ecdh == NULL) { OPENSSL_PUT_ERROR(SSL, ssl3_get_server_key_exchange, - ERR_R_MALLOC_FAILURE); - goto err; - } - - ngroup = EC_GROUP_new_by_curve_name(curve_nid); - if (ngroup == NULL || - EC_KEY_set_group(ecdh, ngroup) == 0) { - OPENSSL_PUT_ERROR(SSL, ssl3_get_server_key_exchange, ERR_R_EC_LIB); + ERR_R_EC_LIB); goto err; } - EC_GROUP_free(ngroup); group = EC_KEY_get0_group(ecdh); @@ -1362,17 +1345,11 @@ f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); err: EVP_PKEY_free(pkey); - if (rsa != NULL) { - RSA_free(rsa); - } - if (dh != NULL) { - DH_free(dh); - } + RSA_free(rsa); + DH_free(dh); BN_CTX_free(bn_ctx); EC_POINT_free(srvr_ecpoint); - if (ecdh != NULL) { - EC_KEY_free(ecdh); - } + EC_KEY_free(ecdh); EVP_MD_CTX_cleanup(&md_ctx); return -1; } @@ -1393,7 +1370,7 @@ int ssl3_get_certificate_request(SSL *s) { n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_REQ_A, SSL3_ST_CR_CERT_REQ_B, -1, s->max_cert_list, - SSL_GET_MESSAGE_HASH_MESSAGE, &ok); + ssl_hash_message, &ok); if (!ok) { return n; @@ -1419,15 +1396,6 @@ int ssl3_get_certificate_request(SSL *s) { goto err; } - /* TLS does not like anon-DH with client cert */ - if (s->version > SSL3_VERSION && - (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); - OPENSSL_PUT_ERROR(SSL, ssl3_get_certificate_request, - SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER); - goto err; - } - CBS_init(&cbs, s->init_msg, n); ca_sk = sk_X509_NAME_new(ca_dn_cmp); @@ -1493,7 +1461,7 @@ int ssl3_get_certificate_request(SSL *s) { if (!CBS_skip(&distinguished_name, data - CBS_data(&distinguished_name))) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - OPENSSL_PUT_ERROR(SSL, ssl3_get_server_certificate, ERR_R_INTERNAL_ERROR); + OPENSSL_PUT_ERROR(SSL, ssl3_get_certificate_request, ERR_R_INTERNAL_ERROR); goto err; } @@ -1513,29 +1481,25 @@ int ssl3_get_certificate_request(SSL *s) { /* we should setup a certificate to return.... */ s->s3->tmp.cert_req = 1; - if (s->s3->tmp.ca_names != NULL) { - sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); - } + sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); s->s3->tmp.ca_names = ca_sk; ca_sk = NULL; ret = 1; err: - if (ca_sk != NULL) { - sk_X509_NAME_pop_free(ca_sk, X509_NAME_free); - } + sk_X509_NAME_pop_free(ca_sk, X509_NAME_free); return ret; } int ssl3_get_new_session_ticket(SSL *s) { - int ok, al, ret = 0; + int ok, al; long n; CBS new_session_ticket, ticket; n = s->method->ssl_get_message( s, SSL3_ST_CR_SESSION_TICKET_A, SSL3_ST_CR_SESSION_TICKET_B, - SSL3_MT_NEWSESSION_TICKET, 16384, SSL_GET_MESSAGE_HASH_MESSAGE, &ok); + SSL3_MT_NEWSESSION_TICKET, 16384, ssl_hash_message, &ok); if (!ok) { return n; @@ -1558,21 +1522,15 @@ int ssl3_get_new_session_ticket(SSL *s) { goto err; } - /* There are two ways to detect a resumed ticket sesion. One is to set an - * appropriate session ID and then the server must return a match in - * ServerHello. This allows the normal client session ID matching to work and - * we know much earlier that the ticket has been accepted. - * - * The other way is to set zero length session ID when the ticket is - * presented and rely on the handshake to determine session resumption. - * - * We choose the former approach because this fits in with assumptions - * elsewhere in OpenSSL. The session ID is set to the SHA256 (or SHA1 is - * SHA256 is disabled) hash of the ticket. */ - EVP_Digest(CBS_data(&ticket), CBS_len(&ticket), s->session->session_id, - &s->session->session_id_length, EVP_sha256(), NULL); - ret = 1; - return ret; + /* Generate a session ID for this session based on the session ticket. We use + * the session ID mechanism for detecting ticket resumption. This also fits in + * with assumptions elsewhere in OpenSSL.*/ + if (!EVP_Digest(CBS_data(&ticket), CBS_len(&ticket), s->session->session_id, + &s->session->session_id_length, EVP_sha256(), NULL)) { + goto err; + } + + return 1; f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); @@ -1588,12 +1546,19 @@ int ssl3_get_cert_status(SSL *s) { n = s->method->ssl_get_message( s, SSL3_ST_CR_CERT_STATUS_A, SSL3_ST_CR_CERT_STATUS_B, - SSL3_MT_CERTIFICATE_STATUS, 16384, SSL_GET_MESSAGE_HASH_MESSAGE, &ok); + -1, 16384, ssl_hash_message, &ok); if (!ok) { return n; } + if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_STATUS) { + /* A server may send status_request in ServerHello and then change + * its mind about sending CertificateStatus. */ + s->s3->tmp.reuse_message = 1; + return 1; + } + CBS_init(&certificate_status, s->init_msg, n); if (!CBS_get_u8(&certificate_status, &status_type) || status_type != TLSEXT_STATUSTYPE_ocsp || @@ -1625,7 +1590,7 @@ int ssl3_get_server_done(SSL *s) { n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_DONE_A, SSL3_ST_CR_SRVR_DONE_B, SSL3_MT_SERVER_DONE, 30, /* should be very small, like 0 :-) */ - SSL_GET_MESSAGE_HASH_MESSAGE, &ok); + ssl_hash_message, &ok); if (!ok) { return n; @@ -1645,8 +1610,8 @@ int ssl3_get_server_done(SSL *s) { int ssl3_send_client_key_exchange(SSL *s) { uint8_t *p; int n = 0; - unsigned long alg_k; - unsigned long alg_a; + uint32_t alg_k; + uint32_t alg_a; uint8_t *q; EVP_PKEY *pkey = NULL; EC_KEY *clnt_ecdh = NULL; @@ -1699,10 +1664,7 @@ int ssl3_send_client_key_exchange(SSL *s) { goto err; } - if (s->session->psk_identity != NULL) { - OPENSSL_free(s->session->psk_identity); - } - + OPENSSL_free(s->session->psk_identity); s->session->psk_identity = BUF_strdup(identity); if (s->session->psk_identity == NULL) { OPENSSL_PUT_ERROR(SSL, ssl3_send_client_key_exchange, @@ -1744,9 +1706,7 @@ int ssl3_send_client_key_exchange(SSL *s) { pkey->pkey.rsa == NULL) { OPENSSL_PUT_ERROR(SSL, ssl3_send_client_key_exchange, ERR_R_INTERNAL_ERROR); - if (pkey != NULL) { - EVP_PKEY_free(pkey); - } + EVP_PKEY_free(pkey); goto err; } @@ -1785,7 +1745,7 @@ int ssl3_send_client_key_exchange(SSL *s) { if (s->version > SSL3_VERSION) { s2n(enc_pms_len, q); } - } else if (alg_k & SSL_kEDH) { + } else if (alg_k & SSL_kDHE) { DH *dh_srvr, *dh_clnt; SESS_CERT *scert = s->session->sess_cert; int dh_len; @@ -1841,7 +1801,7 @@ int ssl3_send_client_key_exchange(SSL *s) { n += 2 + pub_len; DH_free(dh_clnt); - } else if (alg_k & SSL_kEECDH) { + } else if (alg_k & SSL_kECDHE) { const EC_GROUP *srvr_group = NULL; EC_KEY *tkey; int field_size = 0, ecdh_len; @@ -1993,7 +1953,9 @@ int ssl3_send_client_key_exchange(SSL *s) { /* The message must be added to the finished hash before calculating the * master secret. */ - ssl_set_handshake_header(s, SSL3_MT_CLIENT_KEY_EXCHANGE, n); + if (!ssl_set_handshake_header(s, SSL3_MT_CLIENT_KEY_EXCHANGE, n)) { + goto err; + } s->state = SSL3_ST_CW_KEY_EXCH_B; s->session->master_key_length = s->enc_method->generate_master_secret( @@ -2007,16 +1969,12 @@ int ssl3_send_client_key_exchange(SSL *s) { } /* SSL3_ST_CW_KEY_EXCH_B */ - return s->enc_method->do_write(s); + return s->method->do_write(s); err: BN_CTX_free(bn_ctx); - if (encodedPoint != NULL) { - OPENSSL_free(encodedPoint); - } - if (clnt_ecdh != NULL) { - EC_KEY_free(clnt_ecdh); - } + OPENSSL_free(encodedPoint); + EC_KEY_free(clnt_ecdh); EVP_PKEY_free(srvr_pub_pkey); if (pms) { OPENSSL_cleanse(pms, pms_len); @@ -2089,7 +2047,9 @@ int ssl3_send_cert_verify(SSL *s) { s2n(signature_length, p); n += signature_length + 2; - ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_VERIFY, n); + if (!ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_VERIFY, n)) { + goto err; + } s->state = SSL3_ST_CW_CERT_VRFY_B; } @@ -2156,12 +2116,8 @@ int ssl3_send_client_certificate(SSL *s) { SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); } - if (x509 != NULL) { - X509_free(x509); - } - if (pkey != NULL) { - EVP_PKEY_free(pkey); - } + X509_free(x509); + EVP_PKEY_free(pkey); if (i && !ssl3_has_client_certificate(s)) { i = 0; } @@ -2180,8 +2136,10 @@ int ssl3_send_client_certificate(SSL *s) { } if (s->state == SSL3_ST_CW_CERT_C) { - s->state = SSL3_ST_CW_CERT_D; - ssl3_output_cert_chain(s, (s->s3->tmp.cert_req == 2) ? NULL : s->cert->key); + CERT_PKEY *cert_pkey = (s->s3->tmp.cert_req == 2) ? NULL : s->cert->key; + if (!ssl3_output_cert_chain(s, cert_pkey)) { + return -1; + } } /* SSL3_ST_CW_CERT_D */ @@ -2246,7 +2204,7 @@ int ssl3_check_cert_and_algorithm(SSL *s) { goto f_err; } - if ((alg_k & SSL_kEDH) && + if ((alg_k & SSL_kDHE) && !(has_bits(i, EVP_PK_DH | EVP_PKT_EXCH) || dh != NULL)) { OPENSSL_PUT_ERROR(SSL, ssl3_check_cert_and_algorithm, SSL_R_MISSING_DH_KEY); goto f_err; @@ -2276,7 +2234,9 @@ int ssl3_send_next_proto(SSL *s) { memset(p, 0, padding_len); p += padding_len; - ssl_set_handshake_header(s, SSL3_MT_NEXT_PROTO, p - d); + if (!ssl_set_handshake_header(s, SSL3_MT_NEXT_PROTO, p - d)) { + return -1; + } s->state = SSL3_ST_CW_NEXT_PROTO_B; } @@ -2387,23 +2347,19 @@ int ssl3_send_channel_id(SSL *s) { goto err; } - ssl_set_handshake_header(s, SSL3_MT_ENCRYPTED_EXTENSIONS, - 2 + 2 + TLSEXT_CHANNEL_ID_SIZE); + if (!ssl_set_handshake_header(s, SSL3_MT_ENCRYPTED_EXTENSIONS, + 2 + 2 + TLSEXT_CHANNEL_ID_SIZE)) { + goto err; + } s->state = SSL3_ST_CW_CHANNEL_ID_B; ret = ssl_do_write(s); err: EVP_MD_CTX_cleanup(&md_ctx); - if (public_key) { - OPENSSL_free(public_key); - } - if (der_sig) { - OPENSSL_free(der_sig); - } - if (sig) { - ECDSA_SIG_free(sig); - } + OPENSSL_free(public_key); + OPENSSL_free(der_sig); + ECDSA_SIG_free(sig); return ret; } diff --git a/src/ssl/s3_enc.c b/src/ssl/s3_enc.c index 562cb84..fbe68da 100644 --- a/src/ssl/s3_enc.c +++ b/src/ssl/s3_enc.c @@ -133,8 +133,9 @@ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR * OTHERWISE. */ -#include #include +#include +#include #include #include @@ -142,7 +143,7 @@ #include #include -#include "ssl_locl.h" +#include "internal.h" static const uint8_t ssl3_pad_1[48] = { @@ -235,12 +236,8 @@ void ssl3_cleanup_key_block(SSL *s) { } int ssl3_init_finished_mac(SSL *s) { - if (s->s3->handshake_buffer) { - BIO_free(s->s3->handshake_buffer); - } - if (s->s3->handshake_dgst) { - ssl3_free_digest_list(s); - } + BIO_free(s->s3->handshake_buffer); + ssl3_free_digest_list(s); s->s3->handshake_buffer = BIO_new(BIO_s_mem()); if (s->s3->handshake_buffer == NULL) { return 0; @@ -264,12 +261,11 @@ void ssl3_free_digest_list(SSL *s) { s->s3->handshake_dgst = NULL; } -void ssl3_finish_mac(SSL *s, const uint8_t *buf, int len) { +int ssl3_finish_mac(SSL *s, const uint8_t *buf, int len) { int i; if (s->s3->handshake_buffer) { - BIO_write(s->s3->handshake_buffer, (void *)buf, len); - return; + return BIO_write(s->s3->handshake_buffer, (void *)buf, len) >= 0; } for (i = 0; i < SSL_MAX_DIGEST; i++) { @@ -277,12 +273,13 @@ void ssl3_finish_mac(SSL *s, const uint8_t *buf, int len) { EVP_DigestUpdate(s->s3->handshake_dgst[i], buf, len); } } + return 1; } int ssl3_digest_cached_records( SSL *s, enum should_free_handshake_buffer_t should_free_handshake_buffer) { int i; - long mask; + uint32_t mask; const EVP_MD *md; const uint8_t *hdata; size_t hdatalen; @@ -303,7 +300,7 @@ int ssl3_digest_cached_records( } /* Loop through bits of algorithm2 field and create MD_CTX-es */ - for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++) { + for (i = 0; ssl_get_handshake_digest(&mask, &md, i); i++) { if ((mask & ssl_get_algorithm2(s)) && md) { s->s3->handshake_dgst[i] = EVP_MD_CTX_create(); if (s->s3->handshake_dgst[i] == NULL) { @@ -383,7 +380,7 @@ static int ssl3_handshake_mac(SSL *s, int md_nid, const char *sender, int len, EVP_MD_CTX_init(&ctx); if (!EVP_MD_CTX_copy_ex(&ctx, d)) { EVP_MD_CTX_cleanup(&ctx); - OPENSSL_PUT_ERROR(SSL, ssl3_generate_key_block, ERR_LIB_EVP); + OPENSSL_PUT_ERROR(SSL, ssl3_handshake_mac, ERR_LIB_EVP); return 0; } @@ -402,7 +399,7 @@ static int ssl3_handshake_mac(SSL *s, int md_nid, const char *sender, int len, if (!EVP_DigestInit_ex(&ctx, EVP_MD_CTX_md(&ctx), NULL)) { EVP_MD_CTX_cleanup(&ctx); - OPENSSL_PUT_ERROR(SSL, ssl3_generate_key_block, ERR_LIB_EVP); + OPENSSL_PUT_ERROR(SSL, ssl3_handshake_mac, ERR_LIB_EVP); return 0; } EVP_DigestUpdate(&ctx, s->session->master_key, s->session->master_key_length); @@ -415,15 +412,16 @@ static int ssl3_handshake_mac(SSL *s, int md_nid, const char *sender, int len, return ret; } -void ssl3_record_sequence_update(uint8_t *seq) { - int i; - - for (i = 7; i >= 0; i--) { +int ssl3_record_sequence_update(uint8_t *seq, size_t seq_len) { + size_t i; + for (i = seq_len - 1; i < seq_len; i--) { ++seq[i]; if (seq[i] != 0) { - break; + return 1; } } + OPENSSL_PUT_ERROR(SSL, ssl3_record_sequence_update, ERR_R_OVERFLOW); + return 0; } int ssl3_alert_code(int code) { diff --git a/src/ssl/s3_lib.c b/src/ssl/s3_lib.c index e0ccedc..674277f 100644 --- a/src/ssl/s3_lib.c +++ b/src/ssl/s3_lib.c @@ -148,14 +148,16 @@ #include #include +#include #include #include +#include #include #include #include -#include "ssl_locl.h" +#include "internal.h" #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER)) @@ -165,77 +167,53 @@ const SSL_CIPHER ssl3_ciphers[] = { /* The RSA ciphers */ /* Cipher 04 */ { - 1, SSL3_TXT_RSA_RC4_128_MD5, SSL3_CK_RSA_RC4_128_MD5, SSL_kRSA, SSL_aRSA, + SSL3_TXT_RSA_RC4_128_MD5, SSL3_CK_RSA_RC4_128_MD5, SSL_kRSA, SSL_aRSA, SSL_RC4, SSL_MD5, SSL_SSLV3, SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, /* Cipher 05 */ { - 1, SSL3_TXT_RSA_RC4_128_SHA, SSL3_CK_RSA_RC4_128_SHA, SSL_kRSA, SSL_aRSA, + SSL3_TXT_RSA_RC4_128_SHA, SSL3_CK_RSA_RC4_128_SHA, SSL_kRSA, SSL_aRSA, SSL_RC4, SSL_SHA1, SSL_SSLV3, SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, /* Cipher 0A */ { - 1, SSL3_TXT_RSA_DES_192_CBC3_SHA, SSL3_CK_RSA_DES_192_CBC3_SHA, SSL_kRSA, + SSL3_TXT_RSA_DES_192_CBC3_SHA, SSL3_CK_RSA_DES_192_CBC3_SHA, SSL_kRSA, SSL_aRSA, SSL_3DES, SSL_SHA1, SSL_SSLV3, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, }, - /* The Ephemeral DH ciphers */ - - /* Cipher 18 */ - { - 1, SSL3_TXT_ADH_RC4_128_MD5, SSL3_CK_ADH_RC4_128_MD5, SSL_kEDH, SSL_aNULL, - SSL_RC4, SSL_MD5, SSL_SSLV3, SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, - }, - - /* New AES ciphersuites */ /* Cipher 2F */ { - 1, TLS1_TXT_RSA_WITH_AES_128_SHA, TLS1_CK_RSA_WITH_AES_128_SHA, SSL_kRSA, + TLS1_TXT_RSA_WITH_AES_128_SHA, TLS1_CK_RSA_WITH_AES_128_SHA, SSL_kRSA, SSL_aRSA, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, /* Cipher 33 */ { - 1, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, TLS1_CK_DHE_RSA_WITH_AES_128_SHA, - SSL_kEDH, SSL_aRSA, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, - }, - - /* Cipher 34 */ - { - 1, TLS1_TXT_ADH_WITH_AES_128_SHA, TLS1_CK_ADH_WITH_AES_128_SHA, SSL_kEDH, - SSL_aNULL, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, + TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, TLS1_CK_DHE_RSA_WITH_AES_128_SHA, + SSL_kDHE, SSL_aRSA, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, /* Cipher 35 */ { - 1, TLS1_TXT_RSA_WITH_AES_256_SHA, TLS1_CK_RSA_WITH_AES_256_SHA, SSL_kRSA, + TLS1_TXT_RSA_WITH_AES_256_SHA, TLS1_CK_RSA_WITH_AES_256_SHA, SSL_kRSA, SSL_aRSA, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, }, /* Cipher 39 */ { - 1, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, TLS1_CK_DHE_RSA_WITH_AES_256_SHA, - SSL_kEDH, SSL_aRSA, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, - }, - - /* Cipher 3A */ - { - 1, TLS1_TXT_ADH_WITH_AES_256_SHA, TLS1_CK_ADH_WITH_AES_256_SHA, SSL_kEDH, - SSL_aNULL, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, + TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, TLS1_CK_DHE_RSA_WITH_AES_256_SHA, + SSL_kDHE, SSL_aRSA, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, }, @@ -244,65 +222,51 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher 3C */ { - 1, TLS1_TXT_RSA_WITH_AES_128_SHA256, TLS1_CK_RSA_WITH_AES_128_SHA256, + TLS1_TXT_RSA_WITH_AES_128_SHA256, TLS1_CK_RSA_WITH_AES_128_SHA256, SSL_kRSA, SSL_aRSA, SSL_AES128, SSL_SHA256, SSL_TLSV1_2, - SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, /* Cipher 3D */ { - 1, TLS1_TXT_RSA_WITH_AES_256_SHA256, TLS1_CK_RSA_WITH_AES_256_SHA256, + TLS1_TXT_RSA_WITH_AES_256_SHA256, TLS1_CK_RSA_WITH_AES_256_SHA256, SSL_kRSA, SSL_aRSA, SSL_AES256, SSL_SHA256, SSL_TLSV1_2, - SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, }, /* Cipher 67 */ { - 1, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, - TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, SSL_kEDH, SSL_aRSA, SSL_AES128, + TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, + TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES128, SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, /* Cipher 6B */ { - 1, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, - TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, SSL_kEDH, SSL_aRSA, SSL_AES256, + TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, + TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES256, SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, - }, - - /* Cipher 6C */ - { - 1, TLS1_TXT_ADH_WITH_AES_128_SHA256, TLS1_CK_ADH_WITH_AES_128_SHA256, - SSL_kEDH, SSL_aNULL, SSL_AES128, SSL_SHA256, SSL_TLSV1_2, - SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, - }, - - /* Cipher 6D */ - { - 1, TLS1_TXT_ADH_WITH_AES_256_SHA256, TLS1_CK_ADH_WITH_AES_256_SHA256, - SSL_kEDH, SSL_aNULL, SSL_AES256, SSL_SHA256, SSL_TLSV1_2, - SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, }, /* Cipher 8A */ { - 1, TLS1_TXT_PSK_WITH_RC4_128_SHA, TLS1_CK_PSK_WITH_RC4_128_SHA, SSL_kPSK, + TLS1_TXT_PSK_WITH_RC4_128_SHA, TLS1_CK_PSK_WITH_RC4_128_SHA, SSL_kPSK, SSL_aPSK, SSL_RC4, SSL_SHA1, SSL_TLSV1, SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, /* Cipher 8C */ { - 1, TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, TLS1_CK_PSK_WITH_AES_128_CBC_SHA, + TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, TLS1_CK_PSK_WITH_AES_128_CBC_SHA, SSL_kPSK, SSL_aPSK, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, /* Cipher 8D */ { - 1, TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, TLS1_CK_PSK_WITH_AES_256_CBC_SHA, + TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, TLS1_CK_PSK_WITH_AES_256_CBC_SHA, SSL_kPSK, SSL_aPSK, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, }, @@ -312,7 +276,7 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher 9C */ { - 1, TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, + TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, SSL_kRSA, SSL_aRSA, SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD | @@ -322,7 +286,7 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher 9D */ { - 1, TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, + TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, SSL_kRSA, SSL_aRSA, SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 | SSL_CIPHER_ALGORITHM2_AEAD | @@ -332,8 +296,8 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher 9E */ { - 1, TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_kEDH, SSL_aRSA, SSL_AES128GCM, + TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, + TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD | SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, @@ -342,28 +306,8 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher 9F */ { - 1, TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_kEDH, SSL_aRSA, SSL_AES256GCM, - SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 | SSL_CIPHER_ALGORITHM2_AEAD | - SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, - 256, 256, - }, - - /* Cipher A6 */ - { - 1, TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, - TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, SSL_kEDH, SSL_aNULL, SSL_AES128GCM, - SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD | - SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, - 128, 128, - }, - - /* Cipher A7 */ - { - 1, TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, - TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, SSL_kEDH, SSL_aNULL, SSL_AES256GCM, + TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, + TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_kDHE, SSL_aRSA, SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 | SSL_CIPHER_ALGORITHM2_AEAD | SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, @@ -372,70 +316,47 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher C007 */ { - 1, TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_kEECDH, SSL_aECDSA, SSL_RC4, + TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, + TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_kECDHE, SSL_aECDSA, SSL_RC4, SSL_SHA1, SSL_TLSV1, SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, /* Cipher C009 */ { - 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_kEECDH, SSL_aECDSA, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_kECDHE, SSL_aECDSA, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, /* Cipher C00A */ { - 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_kEECDH, SSL_aECDSA, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_kECDHE, SSL_aECDSA, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, }, /* Cipher C011 */ { - 1, TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, - SSL_kEECDH, SSL_aRSA, SSL_RC4, SSL_SHA1, SSL_TLSV1, SSL_MEDIUM, + TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, + SSL_kECDHE, SSL_aRSA, SSL_RC4, SSL_SHA1, SSL_TLSV1, SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, /* Cipher C013 */ { - 1, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_kEECDH, SSL_aRSA, SSL_AES128, + TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_kECDHE, SSL_aRSA, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, /* Cipher C014 */ { - 1, TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_kEECDH, SSL_aRSA, SSL_AES256, - SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, - }, - - /* Cipher C016 */ - { - 1, TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, - SSL_kEECDH, SSL_aNULL, SSL_RC4, SSL_SHA1, SSL_TLSV1, SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, - }, - - /* Cipher C018 */ - { - 1, TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, SSL_kEECDH, SSL_aNULL, SSL_AES128, - SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, - }, - - /* Cipher C019 */ - { - 1, TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, SSL_kEECDH, SSL_aNULL, SSL_AES256, + TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_kECDHE, SSL_aRSA, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, }, @@ -445,32 +366,32 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher C023 */ { - 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, SSL_kEECDH, SSL_aECDSA, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, SSL_kECDHE, SSL_aECDSA, SSL_AES128, SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, /* Cipher C024 */ { - 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, SSL_kEECDH, SSL_aECDSA, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, SSL_kECDHE, SSL_aECDSA, SSL_AES256, SSL_SHA384, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, }, /* Cipher C027 */ { - 1, TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, - TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, SSL_kEECDH, SSL_aRSA, SSL_AES128, + TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, + TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, SSL_kECDHE, SSL_aRSA, SSL_AES128, SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, /* Cipher C028 */ { - 1, TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, - TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, SSL_kEECDH, SSL_aRSA, SSL_AES256, + TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, + TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, SSL_kECDHE, SSL_aRSA, SSL_AES256, SSL_SHA384, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, }, @@ -480,8 +401,8 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher C02B */ { - 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_kEECDH, SSL_aECDSA, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aECDSA, SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD | SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, @@ -490,8 +411,8 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher C02C */ { - 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_kEECDH, SSL_aECDSA, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_kECDHE, SSL_aECDSA, SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 | SSL_CIPHER_ALGORITHM2_AEAD | SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, @@ -500,8 +421,8 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher C02F */ { - 1, TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_kEECDH, SSL_aRSA, + TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aRSA, SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD | SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, @@ -510,8 +431,8 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher C030 */ { - 1, TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_kEECDH, SSL_aRSA, + TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_kECDHE, SSL_aRSA, SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 | SSL_CIPHER_ALGORITHM2_AEAD | SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, @@ -523,8 +444,8 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher CAFE */ { - 1, TLS1_TXT_ECDHE_PSK_WITH_AES_128_GCM_SHA256, - TLS1_CK_ECDHE_PSK_WITH_AES_128_GCM_SHA256, SSL_kEECDH, SSL_aPSK, + TLS1_TXT_ECDHE_PSK_WITH_AES_128_GCM_SHA256, + TLS1_CK_ECDHE_PSK_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aPSK, SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD | SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, @@ -532,24 +453,24 @@ const SSL_CIPHER ssl3_ciphers[] = { }, { - 1, TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, - TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, SSL_kEECDH, SSL_aRSA, + TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, + TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, SSL_kECDHE, SSL_aRSA, SSL_CHACHA20POLY1305, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD, 256, 0, }, { - 1, TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, - TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, SSL_kEECDH, SSL_aECDSA, + TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, SSL_kECDHE, SSL_aECDSA, SSL_CHACHA20POLY1305, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD, 256, 0, }, { - 1, TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, - TLS1_CK_DHE_RSA_CHACHA20_POLY1305, SSL_kEDH, SSL_aRSA, + TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, + TLS1_CK_DHE_RSA_CHACHA20_POLY1305, SSL_kDHE, SSL_aRSA, SSL_CHACHA20POLY1305, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD, 256, 0, @@ -563,27 +484,22 @@ const SSL3_ENC_METHOD SSLv3_enc_data = { tls1_generate_master_secret, tls1_change_cipher_state, ssl3_final_finish_mac, - MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, ssl3_cert_verify_mac, SSL3_MD_CLIENT_FINISHED_CONST, 4, SSL3_MD_SERVER_FINISHED_CONST, 4, ssl3_alert_code, - (int (*)(SSL *, uint8_t *, size_t, const char *, size_t, const uint8_t *, - size_t, int use_context)) ssl_undefined_function, + tls1_export_keying_material, 0, - SSL3_HM_HEADER_LENGTH, - ssl3_set_handshake_header, - ssl3_handshake_write, }; -int ssl3_num_ciphers(void) { return SSL3_NUM_CIPHERS; } +size_t ssl3_num_ciphers(void) { return SSL3_NUM_CIPHERS; } -const SSL_CIPHER *ssl3_get_cipher(unsigned int u) { - if (u >= SSL3_NUM_CIPHERS) { +const SSL_CIPHER *ssl3_get_cipher(size_t i) { + if (i >= SSL3_NUM_CIPHERS) { return NULL; } - return &ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]; + return &ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - i]; } int ssl3_pending(const SSL *s) { @@ -595,7 +511,7 @@ int ssl3_pending(const SSL *s) { : 0; } -void ssl3_set_handshake_header(SSL *s, int htype, unsigned long len) { +int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len) { uint8_t *p = (uint8_t *)s->init_buf->data; *(p++) = htype; l2n3(len, p); @@ -603,7 +519,7 @@ void ssl3_set_handshake_header(SSL *s, int htype, unsigned long len) { s->init_off = 0; /* Add the message to the handshake hash. */ - ssl3_finish_mac(s, (uint8_t *)s->init_buf->data, s->init_num); + return ssl3_finish_mac(s, (uint8_t *)s->init_buf->data, s->init_num); } int ssl3_handshake_write(SSL *s) { return ssl3_do_write(s, SSL3_RT_HANDSHAKE); } @@ -637,47 +553,21 @@ void ssl3_free(SSL *s) { return; } - if (s->s3->sniff_buffer != NULL) { - BUF_MEM_free(s->s3->sniff_buffer); - } + BUF_MEM_free(s->s3->sniff_buffer); ssl3_cleanup_key_block(s); - if (s->s3->rbuf.buf != NULL) { - ssl3_release_read_buffer(s); - } - if (s->s3->wbuf.buf != NULL) { - ssl3_release_write_buffer(s); - } - if (s->s3->tmp.dh != NULL) { - DH_free(s->s3->tmp.dh); - } - if (s->s3->tmp.ecdh != NULL) { - EC_KEY_free(s->s3->tmp.ecdh); - } - - if (s->s3->tmp.ca_names != NULL) { - sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); - } - if (s->s3->tmp.certificate_types != NULL) { - OPENSSL_free(s->s3->tmp.certificate_types); - } - if (s->s3->tmp.peer_ecpointformatlist) { - OPENSSL_free(s->s3->tmp.peer_ecpointformatlist); - } - if (s->s3->tmp.peer_ellipticcurvelist) { - OPENSSL_free(s->s3->tmp.peer_ellipticcurvelist); - } - if (s->s3->tmp.peer_psk_identity_hint) { - OPENSSL_free(s->s3->tmp.peer_psk_identity_hint); - } - if (s->s3->handshake_buffer) { - BIO_free(s->s3->handshake_buffer); - } - if (s->s3->handshake_dgst) { - ssl3_free_digest_list(s); - } - if (s->s3->alpn_selected) { - OPENSSL_free(s->s3->alpn_selected); - } + ssl3_release_read_buffer(s); + ssl3_release_write_buffer(s); + DH_free(s->s3->tmp.dh); + EC_KEY_free(s->s3->tmp.ecdh); + + sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); + OPENSSL_free(s->s3->tmp.certificate_types); + OPENSSL_free(s->s3->tmp.peer_ecpointformatlist); + OPENSSL_free(s->s3->tmp.peer_ellipticcurvelist); + OPENSSL_free(s->s3->tmp.peer_psk_identity_hint); + BIO_free(s->s3->handshake_buffer); + ssl3_free_digest_list(s); + OPENSSL_free(s->s3->alpn_selected); OPENSSL_cleanse(s->s3, sizeof *s->s3); OPENSSL_free(s->s3); @@ -686,145 +576,139 @@ void ssl3_free(SSL *s) { static int ssl3_set_req_cert_type(CERT *c, const uint8_t *p, size_t len); -long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) { - int ret = 0; +int SSL_session_reused(const SSL *ssl) { + return ssl->hit; +} - if (cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB || - cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) { - if (!ssl_cert_inst(&s->cert)) { - OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_MALLOC_FAILURE); - return 0; - } - } +int SSL_total_renegotiations(const SSL *ssl) { + return ssl->s3->total_renegotiations; +} - switch (cmd) { - case SSL_CTRL_GET_SESSION_REUSED: - ret = s->hit; - break; +int SSL_num_renegotiations(const SSL *ssl) { + return SSL_total_renegotiations(ssl); +} - case SSL_CTRL_GET_CLIENT_CERT_REQUEST: - break; +int SSL_CTX_need_tmp_RSA(const SSL_CTX *ctx) { + return 0; +} - case SSL_CTRL_GET_NUM_RENEGOTIATIONS: - ret = s->s3->num_renegotiations; - break; +int SSL_need_rsa(const SSL *ssl) { + return 0; +} - case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS: - ret = s->s3->num_renegotiations; - s->s3->num_renegotiations = 0; - break; +int SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, const RSA *rsa) { + return 1; +} - case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: - ret = s->s3->total_renegotiations; - break; +int SSL_set_tmp_rsa(SSL *ssl, const RSA *rsa) { + return 1; +} - case SSL_CTRL_GET_FLAGS: - ret = (int)(s->s3->flags); - break; +int SSL_CTX_set_tmp_dh(SSL_CTX *ctx, const DH *dh) { + DH_free(ctx->cert->dh_tmp); + ctx->cert->dh_tmp = DHparams_dup(dh); + if (ctx->cert->dh_tmp == NULL) { + OPENSSL_PUT_ERROR(SSL, SSL_CTX_set_tmp_dh, ERR_R_DH_LIB); + return 0; + } + return 1; +} - case SSL_CTRL_NEED_TMP_RSA: - /* Temporary RSA keys are never used. */ - ret = 0; - break; +int SSL_set_tmp_dh(SSL *ssl, const DH *dh) { + DH_free(ssl->cert->dh_tmp); + ssl->cert->dh_tmp = DHparams_dup(dh); + if (ssl->cert->dh_tmp == NULL) { + OPENSSL_PUT_ERROR(SSL, SSL_set_tmp_dh, ERR_R_DH_LIB); + return 0; + } + return 1; +} - case SSL_CTRL_SET_TMP_RSA: - /* Temporary RSA keys are never used. */ - OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - break; +int SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, const EC_KEY *ec_key) { + if (ec_key == NULL || EC_KEY_get0_group(ec_key) == NULL) { + OPENSSL_PUT_ERROR(SSL, SSL_CTX_set_tmp_ecdh, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + ctx->cert->ecdh_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key)); + return 1; +} - case SSL_CTRL_SET_TMP_RSA_CB: - OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return ret; +int SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ec_key) { + if (ec_key == NULL || EC_KEY_get0_group(ec_key) == NULL) { + OPENSSL_PUT_ERROR(SSL, SSL_set_tmp_ecdh, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + ssl->cert->ecdh_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key)); + return 1; +} - case SSL_CTRL_SET_TMP_DH: { - DH *dh = (DH *)parg; - if (dh == NULL) { - OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_PASSED_NULL_PARAMETER); - return ret; - } - dh = DHparams_dup(dh); - if (dh == NULL) { - OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_DH_LIB); - return ret; - } - if (!(s->options & SSL_OP_SINGLE_DH_USE) && !DH_generate_key(dh)) { - DH_free(dh); - OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_DH_LIB); - return ret; - } - if (s->cert->dh_tmp != NULL) { - DH_free(s->cert->dh_tmp); - } - s->cert->dh_tmp = dh; - ret = 1; - break; - } +int SSL_CTX_enable_tls_channel_id(SSL_CTX *ctx) { + ctx->tlsext_channel_id_enabled = 1; + return 1; +} - case SSL_CTRL_SET_TMP_DH_CB: - OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return ret; +int SSL_enable_tls_channel_id(SSL *ssl) { + ssl->tlsext_channel_id_enabled = 1; + return 1; +} - case SSL_CTRL_SET_TMP_ECDH: { - EC_KEY *ecdh = NULL; +int SSL_CTX_set1_tls_channel_id(SSL_CTX *ctx, EVP_PKEY *private_key) { + ctx->tlsext_channel_id_enabled = 1; + if (EVP_PKEY_id(private_key) != EVP_PKEY_EC || + EVP_PKEY_bits(private_key) != 256) { + OPENSSL_PUT_ERROR(SSL, SSL_CTX_set1_tls_channel_id, + SSL_R_CHANNEL_ID_NOT_P256); + return 0; + } + EVP_PKEY_free(ctx->tlsext_channel_id_private); + ctx->tlsext_channel_id_private = EVP_PKEY_up_ref(private_key); + return 1; +} - if (parg == NULL) { - OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_PASSED_NULL_PARAMETER); - return ret; - } - if (!EC_KEY_up_ref((EC_KEY *)parg)) { - OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_ECDH_LIB); - return ret; - } - ecdh = (EC_KEY *)parg; - if (!(s->options & SSL_OP_SINGLE_ECDH_USE) && !EC_KEY_generate_key(ecdh)) { - EC_KEY_free(ecdh); - OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_ECDH_LIB); - return ret; - } - if (s->cert->ecdh_tmp != NULL) { - EC_KEY_free(s->cert->ecdh_tmp); - } - s->cert->ecdh_tmp = ecdh; - ret = 1; - break; - } +int SSL_set1_tls_channel_id(SSL *ssl, EVP_PKEY *private_key) { + ssl->tlsext_channel_id_enabled = 1; + if (EVP_PKEY_id(private_key) != EVP_PKEY_EC || + EVP_PKEY_bits(private_key) != 256) { + OPENSSL_PUT_ERROR(SSL, SSL_set1_tls_channel_id, SSL_R_CHANNEL_ID_NOT_P256); + return 0; + } + EVP_PKEY_free(ssl->tlsext_channel_id_private); + ssl->tlsext_channel_id_private = EVP_PKEY_up_ref(private_key); + return 1; +} - case SSL_CTRL_SET_TMP_ECDH_CB: - OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return ret; +size_t SSL_get_tls_channel_id(SSL *ssl, uint8_t *out, size_t max_out) { + if (!ssl->s3->tlsext_channel_id_valid) { + return 0; + } + memcpy(out, ssl->s3->tlsext_channel_id, (max_out < 64) ? max_out : 64); + return 64; +} - case SSL_CTRL_SET_TLSEXT_HOSTNAME: - if (larg == TLSEXT_NAMETYPE_host_name) { - if (s->tlsext_hostname != NULL) { - OPENSSL_free(s->tlsext_hostname); - } - s->tlsext_hostname = NULL; +int SSL_set_tlsext_host_name(SSL *ssl, const char *name) { + OPENSSL_free(ssl->tlsext_hostname); + ssl->tlsext_hostname = NULL; - ret = 1; - if (parg == NULL) { - break; - } - if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) { - OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, SSL_R_SSL3_EXT_INVALID_SERVERNAME); - return 0; - } - s->tlsext_hostname = BUF_strdup((char *) parg); - if (s->tlsext_hostname == NULL) { - OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_INTERNAL_ERROR); - return 0; - } - } else { - OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, - SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); - return 0; - } - break; + if (name == NULL) { + return 1; + } + if (strlen(name) > TLSEXT_MAXLEN_host_name) { + OPENSSL_PUT_ERROR(SSL, SSL_set_tlsext_host_name, + SSL_R_SSL3_EXT_INVALID_SERVERNAME); + return 0; + } + ssl->tlsext_hostname = BUF_strdup(name); + if (ssl->tlsext_hostname == NULL) { + OPENSSL_PUT_ERROR(SSL, SSL_set_tlsext_host_name, ERR_R_MALLOC_FAILURE); + return 0; + } + return 1; +} - case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: - s->tlsext_debug_arg = parg; - ret = 1; - break; +long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) { + int ret = 0; + switch (cmd) { case SSL_CTRL_CHAIN: if (larg) { return ssl_cert_set1_chain(s->cert, (STACK_OF(X509) *)parg); @@ -870,10 +754,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) { return tls1_set_curves(&s->tlsext_ellipticcurvelist, &s->tlsext_ellipticcurvelist_length, parg, larg); - case SSL_CTRL_SET_ECDH_AUTO: - s->cert->ecdh_tmp_auto = larg; - return 1; - case SSL_CTRL_SET_SIGALGS: return tls1_set_sigalgs(s->cert, parg, larg, 0); @@ -943,65 +823,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) { return (int)s->s3->tmp.peer_ecpointformatlist_length; } - case SSL_CTRL_CHANNEL_ID: - s->tlsext_channel_id_enabled = 1; - ret = 1; - break; - - case SSL_CTRL_SET_CHANNEL_ID: - s->tlsext_channel_id_enabled = 1; - if (EVP_PKEY_bits(parg) != 256) { - OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, SSL_R_CHANNEL_ID_NOT_P256); - break; - } - if (s->tlsext_channel_id_private) { - EVP_PKEY_free(s->tlsext_channel_id_private); - } - s->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY *)parg); - ret = 1; - break; - - case SSL_CTRL_GET_CHANNEL_ID: - if (!s->s3->tlsext_channel_id_valid) { - break; - } - memcpy(parg, s->s3->tlsext_channel_id, larg < 64 ? larg : 64); - return 64; - - default: - break; - } - - return ret; -} - -long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) { - int ret = 0; - - if ((cmd == SSL_CTRL_SET_TMP_RSA_CB || cmd == SSL_CTRL_SET_TMP_DH_CB) && - !ssl_cert_inst(&s->cert)) { - OPENSSL_PUT_ERROR(SSL, ssl3_callback_ctrl, ERR_R_MALLOC_FAILURE); - return 0; - } - - switch (cmd) { - case SSL_CTRL_SET_TMP_RSA_CB: - /* Ignore the callback; temporary RSA keys are never used. */ - break; - - case SSL_CTRL_SET_TMP_DH_CB: - s->cert->dh_tmp_cb = (DH * (*)(SSL *, int, int))fp; - break; - - case SSL_CTRL_SET_TMP_ECDH_CB: - s->cert->ecdh_tmp_cb = (EC_KEY * (*)(SSL *, int, int))fp; - break; - - case SSL_CTRL_SET_TLSEXT_DEBUG_CB: - s->tlsext_debug_cb = - (void (*)(SSL *, int, int, uint8_t *, int, void *))fp; - break; - default: break; } @@ -1010,82 +831,7 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) { } long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { - CERT *cert; - - cert = ctx->cert; - switch (cmd) { - case SSL_CTRL_NEED_TMP_RSA: - /* Temporary RSA keys are never used. */ - return 0; - - case SSL_CTRL_SET_TMP_RSA: - OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - - case SSL_CTRL_SET_TMP_RSA_CB: - OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - - case SSL_CTRL_SET_TMP_DH: { - DH *new = NULL, *dh; - - dh = (DH *)parg; - new = DHparams_dup(dh); - if (new == NULL) { - OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_DH_LIB); - return 0; - } - if (!(ctx->options & SSL_OP_SINGLE_DH_USE) && !DH_generate_key(new)) { - OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_DH_LIB); - DH_free(new); - return 0; - } - if (cert->dh_tmp != NULL) { - DH_free(cert->dh_tmp); - } - cert->dh_tmp = new; - return 1; - } - - case SSL_CTRL_SET_TMP_DH_CB: - OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - - case SSL_CTRL_SET_TMP_ECDH: { - EC_KEY *ecdh = NULL; - - if (parg == NULL) { - OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_ECDH_LIB); - return 0; - } - ecdh = EC_KEY_dup((EC_KEY *)parg); - if (ecdh == NULL) { - OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_EC_LIB); - return 0; - } - if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE) && - !EC_KEY_generate_key(ecdh)) { - EC_KEY_free(ecdh); - OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_ECDH_LIB); - return 0; - } - - if (cert->ecdh_tmp != NULL) { - EC_KEY_free(cert->ecdh_tmp); - } - cert->ecdh_tmp = ecdh; - return 1; - } - - case SSL_CTRL_SET_TMP_ECDH_CB: - OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - - case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: - ctx->tlsext_servername_arg = parg; - break; - case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: { uint8_t *keys = parg; @@ -1108,19 +854,10 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { return 1; } - case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: - ctx->tlsext_status_arg = parg; - return 1; - break; - case SSL_CTRL_SET_CURVES: return tls1_set_curves(&ctx->tlsext_ellipticcurvelist, &ctx->tlsext_ellipticcurvelist_length, parg, larg); - case SSL_CTRL_SET_ECDH_AUTO: - ctx->cert->ecdh_tmp_auto = larg; - return 1; - case SSL_CTRL_SET_SIGALGS: return tls1_set_sigalgs(ctx->cert, parg, larg, 0); @@ -1158,10 +895,8 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { break; case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS: - if (ctx->extra_certs) { - sk_X509_pop_free(ctx->extra_certs, X509_free); - ctx->extra_certs = NULL; - } + sk_X509_pop_free(ctx->extra_certs, X509_free); + ctx->extra_certs = NULL; break; case SSL_CTRL_CHAIN: @@ -1185,22 +920,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { case SSL_CTRL_SELECT_CURRENT_CERT: return ssl_cert_select_current(ctx->cert, (X509 *)parg); - case SSL_CTRL_CHANNEL_ID: - ctx->tlsext_channel_id_enabled = 1; - return 1; - - case SSL_CTRL_SET_CHANNEL_ID: - ctx->tlsext_channel_id_enabled = 1; - if (EVP_PKEY_bits(parg) != 256) { - OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, SSL_R_CHANNEL_ID_NOT_P256); - break; - } - if (ctx->tlsext_channel_id_private) { - EVP_PKEY_free(ctx->tlsext_channel_id_private); - } - ctx->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY *)parg); - break; - default: return 0; } @@ -1208,41 +927,22 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { return 1; } -long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) { - CERT *cert; - - cert = ctx->cert; - - switch (cmd) { - case SSL_CTRL_SET_TMP_RSA_CB: - /* Ignore the callback; temporary RSA keys are never used. */ - break; - - case SSL_CTRL_SET_TMP_DH_CB: - cert->dh_tmp_cb = (DH * (*)(SSL *, int, int))fp; - break; - - case SSL_CTRL_SET_TMP_ECDH_CB: - cert->ecdh_tmp_cb = (EC_KEY * (*)(SSL *, int, int))fp; - break; - - case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: - ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp; - break; - - case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: - ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp; - break; - - case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: - ctx->tlsext_ticket_key_cb = (int ( - *)(SSL *, uint8_t *, uint8_t *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp; - break; +int SSL_CTX_set_tlsext_servername_callback( + SSL_CTX *ctx, int (*callback)(SSL *ssl, int *out_alert, void *arg)) { + ctx->tlsext_servername_callback = callback; + return 1; +} - default: - return 0; - } +int SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg) { + ctx->tlsext_servername_arg = arg; + return 1; +} +int SSL_CTX_set_tlsext_ticket_key_cb( + SSL_CTX *ctx, int (*callback)(SSL *ssl, uint8_t *key_name, uint8_t *iv, + EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx, + int encrypt)) { + ctx->tlsext_ticket_key_cb = callback; return 1; } @@ -1261,7 +961,7 @@ const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value) { /* ssl3_get_cipher_by_value returns the cipher value of |c|. */ uint16_t ssl3_get_cipher_value(const SSL_CIPHER *c) { - unsigned long id = c->id; + uint32_t id = c->id; /* All ciphers are SSLv3 now. */ assert((id & 0xff000000) == 0x03000000); return id & 0xffff; @@ -1285,14 +985,14 @@ struct ssl_cipher_preference_list_st *ssl_get_cipher_preferences(SSL *s) { } const SSL_CIPHER *ssl3_choose_cipher( - SSL *s, STACK_OF(SSL_CIPHER) * clnt, + SSL *s, STACK_OF(SSL_CIPHER) *clnt, struct ssl_cipher_preference_list_st *server_pref) { const SSL_CIPHER *c, *ret = NULL; STACK_OF(SSL_CIPHER) *srvr = server_pref->ciphers, *prio, *allow; size_t i; int ok; size_t cipher_index; - unsigned long alg_k, alg_a, mask_k, mask_a; + uint32_t alg_k, alg_a, mask_k, mask_a; /* in_group_flags will either be NULL, or will point to an array of bytes * which indicate equal-preference groups in the |prio| stack. See the * comment about |in_group_flags| in the |ssl_cipher_preference_list_st| @@ -1389,7 +1089,7 @@ int ssl3_get_req_cert_type(SSL *s, uint8_t *p) { } /* ECDSA certs can be used with RSA cipher suites as well so we don't need to - * check for SSL_kECDH or SSL_kEECDH. */ + * check for SSL_kECDH or SSL_kECDHE. */ if (s->version >= TLS1_VERSION && have_ecdsa_sign) { p[ret++] = TLS_CT_ECDSA_SIGN; } @@ -1398,12 +1098,10 @@ int ssl3_get_req_cert_type(SSL *s, uint8_t *p) { } static int ssl3_set_req_cert_type(CERT *c, const uint8_t *p, size_t len) { - if (c->client_certificate_types) { - OPENSSL_free(c->client_certificate_types); - c->client_certificate_types = NULL; - } - + OPENSSL_free(c->client_certificate_types); + c->client_certificate_types = NULL; c->num_client_certificate_types = 0; + if (!p || !len) { return 1; } @@ -1474,29 +1172,12 @@ int ssl3_write(SSL *s, const void *buf, int len) { } static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) { - int ret; - ERR_clear_system_error(); if (s->s3->renegotiate) { ssl3_renegotiate_check(s); } - s->s3->in_read_app_data = 1; - ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, peek); - if (ret == -1 && s->s3->in_read_app_data == 2) { - /* ssl3_read_bytes decided to call s->handshake_func, which called - * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes - * actually found application data and thinks that application data makes - * sense here; so disable handshake processing and try to read application - * data again. */ - s->in_handshake++; - ret = - s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, peek); - s->in_handshake--; - } else { - s->s3->in_read_app_data = 0; - } - return ret; + return s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, peek); } int ssl3_read(SSL *s, void *buf, int len) { @@ -1523,7 +1204,6 @@ int ssl3_renegotiate_check(SSL *s) { * need to go to SSL_ST_ACCEPT. */ s->state = SSL_ST_RENEGOTIATE; s->s3->renegotiate = 0; - s->s3->num_renegotiations++; s->s3->total_renegotiations++; return 1; } @@ -1533,9 +1213,9 @@ int ssl3_renegotiate_check(SSL *s) { /* If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and * handshake macs if required. */ -long ssl_get_algorithm2(SSL *s) { - static const unsigned long kMask = SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF; - long alg2 = s->s3->tmp.new_cipher->algorithm2; +uint32_t ssl_get_algorithm2(SSL *s) { + static const uint32_t kMask = SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF; + uint32_t alg2 = s->s3->tmp.new_cipher->algorithm2; if (s->enc_method->enc_flags & SSL_ENC_FLAG_SHA256_PRF && (alg2 & kMask) == kMask) { return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; diff --git a/src/ssl/s3_meth.c b/src/ssl/s3_meth.c index 5a25d7b..28b9051 100644 --- a/src/ssl/s3_meth.c +++ b/src/ssl/s3_meth.c @@ -54,10 +54,11 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#include "ssl_locl.h" +#include "internal.h" static const SSL_PROTOCOL_METHOD TLS_protocol_method = { + 0 /* is_dtls */, ssl3_new, ssl3_free, ssl3_accept, @@ -77,9 +78,9 @@ static const SSL_PROTOCOL_METHOD TLS_protocol_method = { ssl3_pending, ssl3_num_ciphers, ssl3_get_cipher, - ssl_undefined_void_function, - ssl3_callback_ctrl, - ssl3_ctx_callback_ctrl, + SSL3_HM_HEADER_LENGTH, + ssl3_set_handshake_header, + ssl3_handshake_write, }; const SSL_METHOD *TLS_method(void) { diff --git a/src/ssl/s3_pkt.c b/src/ssl/s3_pkt.c index 3a42c3a..c42d000 100644 --- a/src/ssl/s3_pkt.c +++ b/src/ssl/s3_pkt.c @@ -107,9 +107,9 @@ * Hudson (tjh@cryptsoft.com). */ #include -#include #include #include +#include #include #include @@ -117,23 +117,23 @@ #include #include -#include "ssl_locl.h" +#include "internal.h" static int do_ssl3_write(SSL *s, int type, const uint8_t *buf, unsigned int len, - char fragment, char is_fragment); + char fragment); static int ssl3_get_record(SSL *s); -int ssl3_read_n(SSL *s, int n, int max, int extend) { +int ssl3_read_n(SSL *s, int n, int extend) { /* If |extend| is 0, obtain new n-byte packet; * if |extend| is 1, increase packet by another n bytes. * * The packet will be in the sub-array of |s->s3->rbuf.buf| specified by - * |s->packet| and |s->packet_length|. (If |s->read_ahead| is set, |max| - * bytes may be stored in |rbuf| (plus |s->packet_length| bytes if |extend| - * is one.) */ + * |s->packet| and |s->packet_length|. (If |s->read_ahead| is set and |extend| + * is 0, additional bytes may be read into |rbuf|, up to the size of the + * buffer.) */ int i, len, left; - long align = 0; + uintptr_t align = 0; uint8_t *pkt; SSL3_BUFFER *rb; @@ -148,8 +148,8 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) { left = rb->left; - align = (long)rb->buf + SSL3_RT_HEADER_LENGTH; - align = (-align) & (SSL3_ALIGN_PAYLOAD - 1); + align = (uintptr_t)rb->buf + SSL3_RT_HEADER_LENGTH; + align = (0 - align) & (SSL3_ALIGN_PAYLOAD - 1); if (!extend) { /* start with empty packet ... */ @@ -201,22 +201,14 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) { rb->offset = len + align; } - assert(n <= (int)(rb->len - rb->offset)); if (n > (int)(rb->len - rb->offset)) { OPENSSL_PUT_ERROR(SSL, ssl3_read_n, ERR_R_INTERNAL_ERROR); return -1; } - if (!s->read_ahead) { - /* ignore max parameter */ - max = n; - } else { - if (max < n) { - max = n; - } - if (max > (int)(rb->len - rb->offset)) { - max = rb->len - rb->offset; - } + int max = n; + if (s->read_ahead && !extend) { + max = rb->len - rb->offset; } while (left < n) { @@ -233,8 +225,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) { if (i <= 0) { rb->left = left; - if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s) && - len + left == 0) { + if (len + left == 0) { ssl3_release_read_buffer(s); } return i; @@ -281,29 +272,21 @@ static int ssl3_get_record(SSL *s) { rr = &s->s3->rrec; - if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) { - extra = SSL3_RT_MAX_EXTRA; - } else { - extra = 0; - } - - if (extra && !s->s3->init_extra) { - /* An application error: SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER set after - * ssl3_setup_buffers() was done */ - OPENSSL_PUT_ERROR(SSL, ssl3_get_record, ERR_R_INTERNAL_ERROR); - return -1; - } - again: /* check if we have the header */ if (s->rstate != SSL_ST_READ_BODY || s->packet_length < SSL3_RT_HEADER_LENGTH) { - n = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0); + n = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, 0); if (n <= 0) { return n; /* error or non-blocking */ } s->rstate = SSL_ST_READ_BODY; + /* Some bytes were read, so the read buffer must be existant and + * |s->s3->init_extra| is defined. */ + assert(s->s3->rbuf.buf != NULL); + extra = s->s3->init_extra ? SSL3_RT_MAX_EXTRA : 0; + p = s->packet; if (s->msg_callback) { s->msg_callback(0, 0, SSL3_RT_HEADER, p, 5, s, s->msg_callback_arg); @@ -318,10 +301,6 @@ again: if (s->s3->have_version && version != s->version) { OPENSSL_PUT_ERROR(SSL, ssl3_get_record, SSL_R_WRONG_VERSION_NUMBER); - if ((s->version & 0xFF00) == (version & 0xFF00)) { - /* Send back error using their minor version number. */ - s->version = (unsigned short)version; - } al = SSL_AD_PROTOCOL_VERSION; goto f_err; } @@ -331,13 +310,18 @@ again: goto err; } - if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) { + if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH + extra) { al = SSL_AD_RECORD_OVERFLOW; - OPENSSL_PUT_ERROR(SSL, ssl3_get_record, SSL_R_PACKET_LENGTH_TOO_LONG); + OPENSSL_PUT_ERROR(SSL, ssl3_get_record, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); goto f_err; } /* now s->rstate == SSL_ST_READ_BODY */ + } else { + /* |packet_length| is non-zero and |s->rstate| is |SSL_ST_READ_BODY|. The + * read buffer must be existant and |s->s3->init_extra| is defined. */ + assert(s->s3->rbuf.buf != NULL); + extra = s->s3->init_extra ? SSL3_RT_MAX_EXTRA : 0; } /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ @@ -345,7 +329,7 @@ again: if (rr->length > s->packet_length - SSL3_RT_HEADER_LENGTH) { /* now s->packet_length == SSL3_RT_HEADER_LENGTH */ i = rr->length; - n = ssl3_read_n(s, i, i, 1); + n = ssl3_read_n(s, i, 1); if (n <= 0) { /* Error or non-blocking IO. Now |n| == |rr->length|, and * |s->packet_length| == |SSL3_RT_HEADER_LENGTH| + |rr->length|. */ @@ -367,13 +351,6 @@ again: /* We now have - encrypted [ MAC [ compressed [ plain ] ] ] * rr->length bytes of encrypted compressed stuff. */ - /* check is not needed I believe */ - if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH + extra) { - al = SSL_AD_RECORD_OVERFLOW; - OPENSSL_PUT_ERROR(SSL, ssl3_get_record, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); - goto f_err; - } - /* decrypt in place in 'rr->input' */ rr->data = rr->input; @@ -431,7 +408,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) { tot = s->s3->wnum; s->s3->wnum = 0; - if (SSL_in_init(s) && !s->in_handshake) { + if (!s->in_handshake && SSL_in_init(s) && !SSL_in_false_start(s)) { i = s->handshake_func(s); if (i < 0) { return i; @@ -454,6 +431,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) { return -1; } + int record_split_done = 0; n = (len - tot); for (;;) { /* max contains the maximum number of bytes that we can put into a @@ -462,34 +440,27 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) { /* fragment is true if do_ssl3_write should send the first byte in its own * record in order to randomise a CBC IV. */ int fragment = 0; - - if (n > 1 && s->s3->need_record_splitting && - type == SSL3_RT_APPLICATION_DATA && !s->s3->record_split_done) { + if (!record_split_done && s->s3->need_record_splitting && + type == SSL3_RT_APPLICATION_DATA) { + /* Only the the first record per write call needs to be split. The + * remaining plaintext was determined before the IV was randomized. */ fragment = 1; - /* record_split_done records that the splitting has been done in case we - * hit an SSL_WANT_WRITE condition. In that case, we don't need to do the - * split again. */ - s->s3->record_split_done = 1; + record_split_done = 1; } - if (n > max) { nw = max; } else { nw = n; } - i = do_ssl3_write(s, type, &(buf[tot]), nw, fragment, 0); + i = do_ssl3_write(s, type, &buf[tot], nw, fragment); if (i <= 0) { s->s3->wnum = tot; - s->s3->record_split_done = 0; return i; } if (i == (int)n || (type == SSL3_RT_APPLICATION_DATA && (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) { - /* next chunk of data should get another prepended, one-byte fragment in - * ciphersuites with known-IV weakness. */ - s->s3->record_split_done = 0; return tot + i; } @@ -498,20 +469,92 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) { } } +/* ssl3_seal_record seals a new record of type |type| and plaintext |in| and + * writes it to |out|. At most |max_out| bytes will be written. It returns one + * on success and zero on error. On success, |s->s3->wrec| is updated to include + * the new record. */ +static int ssl3_seal_record(SSL *s, uint8_t *out, size_t *out_len, + size_t max_out, uint8_t type, const uint8_t *in, + size_t in_len) { + if (max_out < SSL3_RT_HEADER_LENGTH) { + OPENSSL_PUT_ERROR(SSL, ssl3_seal_record, SSL_R_BUFFER_TOO_SMALL); + return 0; + } + + out[0] = type; + + /* Some servers hang if initial ClientHello is larger than 256 bytes and + * record version number > TLS 1.0. */ + if (!s->s3->have_version && s->version > SSL3_VERSION) { + out[1] = TLS1_VERSION >> 8; + out[2] = TLS1_VERSION & 0xff; + } else { + out[1] = s->version >> 8; + out[2] = s->version & 0xff; + } + + size_t explicit_nonce_len = 0; + if (s->aead_write_ctx != NULL && + s->aead_write_ctx->variable_nonce_included_in_record) { + explicit_nonce_len = s->aead_write_ctx->variable_nonce_len; + } + size_t max_overhead = 0; + if (s->aead_write_ctx != NULL) { + max_overhead = s->aead_write_ctx->tag_len; + } + + /* Assemble the input for |s->enc_method->enc|. The input is the plaintext + * with |explicit_nonce_len| bytes of space prepended for the explicit + * nonce. The input is copied into |out| and then encrypted in-place to take + * advantage of alignment. + * + * TODO(davidben): |tls1_enc| should accept its inputs and outputs directly + * rather than looking up in |wrec| and friends. The |max_overhead| bounds + * check would also be unnecessary if |max_out| were passed down. */ + SSL3_RECORD *wr = &s->s3->wrec; + size_t plaintext_len = in_len + explicit_nonce_len; + if (plaintext_len < in_len || plaintext_len > INT_MAX || + plaintext_len + max_overhead < plaintext_len) { + OPENSSL_PUT_ERROR(SSL, ssl3_seal_record, ERR_R_OVERFLOW); + return 0; + } + if (max_out - SSL3_RT_HEADER_LENGTH < plaintext_len + max_overhead) { + OPENSSL_PUT_ERROR(SSL, ssl3_seal_record, SSL_R_BUFFER_TOO_SMALL); + return 0; + } + wr->type = type; + wr->input = out + SSL3_RT_HEADER_LENGTH; + wr->data = wr->input; + wr->length = plaintext_len; + memcpy(wr->input + explicit_nonce_len, in, in_len); + + if (!s->enc_method->enc(s, 1)) { + return 0; + } + + /* |wr->length| has now been set to the ciphertext length. */ + if (wr->length >= 1 << 16) { + OPENSSL_PUT_ERROR(SSL, ssl3_seal_record, ERR_R_OVERFLOW); + return 0; + } + out[3] = wr->length >> 8; + out[4] = wr->length & 0xff; + *out_len = SSL3_RT_HEADER_LENGTH + (size_t)wr->length; + + if (s->msg_callback) { + s->msg_callback(1 /* write */, 0, SSL3_RT_HEADER, out, SSL3_RT_HEADER_LENGTH, + s, s->msg_callback_arg); + } + + return 1; +} + /* do_ssl3_write writes an SSL record of the given type. If |fragment| is 1 * then it splits the record into a one byte record and a record with the rest - * of the data in order to randomise a CBC IV. If |is_fragment| is true then - * this call resulted from do_ssl3_write calling itself in order to create that - * one byte fragment. */ + * of the data in order to randomise a CBC IV. */ static int do_ssl3_write(SSL *s, int type, const uint8_t *buf, unsigned int len, - char fragment, char is_fragment) { - uint8_t *p, *plen; - int i; - int prefix_len = 0; - int eivlen = 0; - long align = 0; - SSL3_RECORD *wr; - SSL3_BUFFER *wb = &(s->s3->wbuf); + char fragment) { + SSL3_BUFFER *wb = &s->s3->wbuf; /* first check if there is a SSL3_BUFFER still being written out. This will * happen with non blocking IO */ @@ -521,9 +564,9 @@ static int do_ssl3_write(SSL *s, int type, const uint8_t *buf, unsigned int len, /* If we have an alert to send, lets send it */ if (s->s3->alert_dispatch) { - i = s->method->ssl_dispatch_alert(s); - if (i <= 0) { - return i; + int ret = s->method->ssl_dispatch_alert(s); + if (ret <= 0) { + return ret; } /* if it went, fall through and send more stuff */ } @@ -535,122 +578,62 @@ static int do_ssl3_write(SSL *s, int type, const uint8_t *buf, unsigned int len, if (len == 0) { return 0; } - - wr = &s->s3->wrec; - - if (fragment) { - /* countermeasure against known-IV weakness in CBC ciphersuites (see - * http://www.openssl.org/~bodo/tls-cbc.txt) */ - prefix_len = do_ssl3_write(s, type, buf, 1 /* length */, 0 /* fragment */, - 1 /* is_fragment */); - if (prefix_len <= 0) { - goto err; - } - - if (prefix_len > - (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) { - /* insufficient space */ - OPENSSL_PUT_ERROR(SSL, do_ssl3_write, ERR_R_INTERNAL_ERROR); - goto err; - } - } - - if (is_fragment) { - /* The extra fragment would be couple of cipher blocks, and that will be a - * multiple of SSL3_ALIGN_PAYLOAD. So, if we want to align the real - * payload, we can just pretend that we have two headers and a byte. */ - align = (long)wb->buf + 2 * SSL3_RT_HEADER_LENGTH + 1; - align = (-align) & (SSL3_ALIGN_PAYLOAD - 1); - p = wb->buf + align; - wb->offset = align; - } else if (prefix_len) { - p = wb->buf + wb->offset + prefix_len; - } else { - align = (long)wb->buf + SSL3_RT_HEADER_LENGTH; - align = (-align) & (SSL3_ALIGN_PAYLOAD - 1); - p = wb->buf + align; - wb->offset = align; + if (len == 1) { + /* No sense in fragmenting a one-byte record. */ + fragment = 0; } - /* write the header */ - - *(p++) = type & 0xff; - wr->type = type; - - /* Some servers hang if initial ClientHello is larger than 256 bytes and - * record version number > TLS 1.0. */ - if (!s->s3->have_version && s->version > SSL3_VERSION) { - *(p++) = TLS1_VERSION >> 8; - *(p++) = TLS1_VERSION & 0xff; + /* Align the output so the ciphertext is aligned to |SSL3_ALIGN_PAYLOAD|. */ + uintptr_t align; + if (fragment) { + /* Only CBC-mode ciphers require fragmenting. CBC-mode ciphertext is a + * multiple of the block size which we may assume is aligned. Thus we only + * need to account for a second copy of the record header. */ + align = (uintptr_t)wb->buf + 2 * SSL3_RT_HEADER_LENGTH; } else { - *(p++) = s->version >> 8; - *(p++) = s->version & 0xff; + align = (uintptr_t)wb->buf + SSL3_RT_HEADER_LENGTH; } - - /* field where we are to write out packet length */ - plen = p; - p += 2; - - /* Leave room for the variable nonce for AEADs which specify it explicitly. */ - if (s->aead_write_ctx != NULL && - s->aead_write_ctx->variable_nonce_included_in_record) { - eivlen = s->aead_write_ctx->variable_nonce_len; - } - - /* lets setup the record stuff. */ - wr->data = p + eivlen; - wr->length = (int)(len - (fragment != 0)); - wr->input = (uint8_t *)buf + (fragment != 0); - - /* we now 'read' from wr->input, wr->length bytes into wr->data */ - - memcpy(wr->data, wr->input, wr->length); - wr->input = wr->data; - - /* we should still have the output to wr->data and the input from wr->input. - * Length should be wr->length. wr->data still points in the wb->buf */ - - wr->input = p; - wr->data = p; - wr->length += eivlen; - - if (!s->enc_method->enc(s, 1)) { - goto err; - } - - /* record length after mac and block padding */ - s2n(wr->length, plen); - - if (s->msg_callback) { - s->msg_callback(1, 0, SSL3_RT_HEADER, plen - 5, 5, s, s->msg_callback_arg); + align = (0 - align) & (SSL3_ALIGN_PAYLOAD - 1); + uint8_t *out = wb->buf + align; + wb->offset = align; + size_t max_out = wb->len - wb->offset; + + const uint8_t *orig_buf = buf; + unsigned int orig_len = len; + size_t fragment_len = 0; + if (fragment) { + /* Write the first byte in its own record as a countermeasure against + * known-IV weaknesses in CBC ciphersuites. (See + * http://www.openssl.org/~bodo/tls-cbc.txt.) */ + if (!ssl3_seal_record(s, out, &fragment_len, max_out, type, buf, 1)) { + return -1; + } + out += fragment_len; + max_out -= fragment_len; + buf++; + len--; } - /* we should now have wr->data pointing to the encrypted data, which is - * wr->length long. */ - wr->type = type; /* not needed but helps for debugging */ - wr->length += SSL3_RT_HEADER_LENGTH; - - if (is_fragment) { - /* we are in a recursive call; just return the length, don't write out - * anything. */ - return wr->length; + assert((((uintptr_t)out + SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1)) + == 0); + size_t ciphertext_len; + if (!ssl3_seal_record(s, out, &ciphertext_len, max_out, type, buf, len)) { + return -1; } + ciphertext_len += fragment_len; /* now let's set up wb */ - wb->left = prefix_len + wr->length; + wb->left = ciphertext_len; /* memorize arguments so that ssl3_write_pending can detect bad write retries * later */ - s->s3->wpend_tot = len; - s->s3->wpend_buf = buf; + s->s3->wpend_tot = orig_len; + s->s3->wpend_buf = orig_buf; s->s3->wpend_type = type; - s->s3->wpend_ret = len; + s->s3->wpend_ret = orig_len; /* we now just need to write the buffer */ - return ssl3_write_pending(s, type, buf, len); - -err: - return -1; + return ssl3_write_pending(s, type, orig_buf, orig_len); } /* if s->s3->wbuf.left != 0, we need to call this */ @@ -679,19 +662,19 @@ int ssl3_write_pending(SSL *s, int type, const uint8_t *buf, unsigned int len) { if (i == wb->left) { wb->left = 0; wb->offset += i; - if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s)) { - ssl3_release_write_buffer(s); - } + ssl3_release_write_buffer(s); s->rwstate = SSL_NOTHING; return s->s3->wpend_ret; } else if (i <= 0) { if (SSL_IS_DTLS(s)) { - /* For DTLS, just drop it. That's kind of the whole - point in using a datagram service */ + /* For DTLS, just drop it. That's kind of the whole point in + * using a datagram service */ wb->left = 0; } return i; } + /* TODO(davidben): This codepath is used in DTLS, but the write + * payload may not split across packets. */ wb->offset += i; wb->left -= i; } @@ -741,15 +724,10 @@ int ssl3_expect_change_cipher_spec(SSL *s) { * none of our business */ int ssl3_read_bytes(SSL *s, int type, uint8_t *buf, int len, int peek) { - int al, i, j, ret; + int al, i, ret; unsigned int n; SSL3_RECORD *rr; void (*cb)(const SSL *ssl, int type2, int val) = NULL; - uint8_t alert_buffer[2]; - - if (s->s3->rbuf.buf == NULL && !ssl3_setup_read_buffer(s)) { - return -1; - } if ((type && type != SSL3_RT_APPLICATION_DATA && type != SSL3_RT_HANDSHAKE) || (peek && type != SSL3_RT_APPLICATION_DATA)) { @@ -780,8 +758,13 @@ int ssl3_read_bytes(SSL *s, int type, uint8_t *buf, int len, int peek) { /* Now s->s3->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */ - if (!s->in_handshake && SSL_in_init(s)) { - /* type == SSL3_RT_APPLICATION_DATA */ + /* This may require multiple iterations. False Start will cause + * |s->handshake_func| to signal success one step early, but the handshake + * must be completely finished before other modes are accepted. + * + * TODO(davidben): Move this check up to a higher level. */ + while (!s->in_handshake && SSL_in_init(s)) { + assert(type == SSL3_RT_APPLICATION_DATA); i = s->handshake_func(s); if (i < 0) { return i; @@ -811,9 +794,10 @@ start: /* we now have a packet which can be read and processed */ - if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, - * reset by ssl3_get_finished */ - && rr->type != SSL3_RT_HANDSHAKE) { + /* |change_cipher_spec is set when we receive a ChangeCipherSpec and reset by + * ssl3_get_finished. */ + if (s->s3->change_cipher_spec && rr->type != SSL3_RT_HANDSHAKE && + rr->type != SSL3_RT_ALERT) { al = SSL_AD_UNEXPECTED_MESSAGE; OPENSSL_PUT_ERROR(SSL, ssl3_read_bytes, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); @@ -866,7 +850,7 @@ start: if (rr->length == 0) { s->rstate = SSL_ST_READ_HEADER; rr->off = 0; - if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0) { + if (s->s3->rbuf.left == 0) { ssl3_release_read_buffer(s); } } @@ -883,6 +867,14 @@ start: * that we can process the data at a fixed place. */ if (rr->type == SSL3_RT_HANDSHAKE) { + /* If peer renegotiations are disabled, all out-of-order handshake records + * are fatal. */ + if (s->reject_peer_renegotiations) { + al = SSL_AD_NO_RENEGOTIATION; + OPENSSL_PUT_ERROR(SSL, ssl3_read_bytes, SSL_R_NO_RENEGOTIATION); + goto f_err; + } + const size_t size = sizeof(s->s3->handshake_fragment); const size_t avail = size - s->s3->handshake_fragment_len; const size_t todo = (rr->length < avail) ? rr->length : avail; @@ -894,17 +886,6 @@ start: if (s->s3->handshake_fragment_len < size) { goto start; /* fragment was too small */ } - } else if (rr->type == SSL3_RT_ALERT) { - /* Note that this will still allow multiple alerts to be processed in the - * same record */ - if (rr->length < sizeof(alert_buffer)) { - al = SSL_AD_DECODE_ERROR; - OPENSSL_PUT_ERROR(SSL, ssl3_read_bytes, SSL_R_BAD_ALERT); - goto f_err; - } - memcpy(alert_buffer, &rr->data[rr->off], sizeof(alert_buffer)); - rr->off += sizeof(alert_buffer); - rr->length -= sizeof(alert_buffer); } /* s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE; @@ -947,14 +928,23 @@ start: goto start; } + /* If an alert record, process one alert out of the record. Note that we allow + * a single record to contain multiple alerts. */ if (rr->type == SSL3_RT_ALERT) { - const uint8_t alert_level = alert_buffer[0]; - const uint8_t alert_descr = alert_buffer[1]; + /* Alerts may not be fragmented. */ + if (rr->length < 2) { + al = SSL_AD_DECODE_ERROR; + OPENSSL_PUT_ERROR(SSL, ssl3_read_bytes, SSL_R_BAD_ALERT); + goto f_err; + } if (s->msg_callback) { - s->msg_callback(0, s->version, SSL3_RT_ALERT, alert_buffer, 2, s, + s->msg_callback(0, s->version, SSL3_RT_ALERT, &rr->data[rr->off], 2, s, s->msg_callback_arg); } + const uint8_t alert_level = rr->data[rr->off++]; + const uint8_t alert_descr = rr->data[rr->off++]; + rr->length -= 2; if (s->info_callback != NULL) { cb = s->info_callback; @@ -963,12 +953,11 @@ start: } if (cb != NULL) { - j = (alert_level << 8) | alert_descr; - cb(s, SSL_CB_READ_ALERT, j); + uint16_t alert = (alert_level << 8) | alert_descr; + cb(s, SSL_CB_READ_ALERT, alert); } - if (alert_level == 1) { - /* warning */ + if (alert_level == SSL3_AL_WARNING) { s->s3->warn_alert = alert_descr; if (alert_descr == SSL_AD_CLOSE_NOTIFY) { s->shutdown |= SSL_RECEIVED_SHUTDOWN; @@ -987,8 +976,7 @@ start: OPENSSL_PUT_ERROR(SSL, ssl3_read_bytes, SSL_R_NO_RENEGOTIATION); goto f_err; } - } else if (alert_level == 2) { - /* fatal */ + } else if (alert_level == SSL3_AL_FATAL) { char tmp[16]; s->rwstate = SSL_NOTHING; @@ -1074,50 +1062,12 @@ start: goto start; } - switch (rr->type) { - default: - /* TLS up to v1.1 just ignores unknown message types. TLS v1.2 gives an - * unexpected message alert. */ - if (s->version >= TLS1_VERSION && s->version <= TLS1_1_VERSION) { - rr->length = 0; - goto start; - } - al = SSL_AD_UNEXPECTED_MESSAGE; - OPENSSL_PUT_ERROR(SSL, ssl3_read_bytes, SSL_R_UNEXPECTED_RECORD); - goto f_err; - - case SSL3_RT_CHANGE_CIPHER_SPEC: - case SSL3_RT_ALERT: - case SSL3_RT_HANDSHAKE: - /* we already handled all of these, with the possible exception of - * SSL3_RT_HANDSHAKE when s->in_handshake is set, but that should not - * happen when type != rr->type */ - al = SSL_AD_UNEXPECTED_MESSAGE; - OPENSSL_PUT_ERROR(SSL, ssl3_read_bytes, ERR_R_INTERNAL_ERROR); - goto f_err; + /* We already handled these. */ + assert(rr->type != SSL3_RT_CHANGE_CIPHER_SPEC && rr->type != SSL3_RT_ALERT && + rr->type != SSL3_RT_HANDSHAKE); - case SSL3_RT_APPLICATION_DATA: - /* At this point we were expecting handshake data but have application - * data. If the library was running inside ssl3_read() (i.e. - * |in_read_app_data| is set) and it makes sense to read application data - * at this point (session renegotiation not yet started), we will indulge - * it. */ - if (s->s3->in_read_app_data && s->s3->total_renegotiations != 0 && - (((s->state & SSL_ST_CONNECT) && - s->state >= SSL3_ST_CW_CLNT_HELLO_A && - s->state <= SSL3_ST_CR_SRVR_HELLO_A) || - ((s->state & SSL_ST_ACCEPT) && - s->state <= SSL3_ST_SW_HELLO_REQ_A && - s->state >= SSL3_ST_SR_CLNT_HELLO_A))) { - s->s3->in_read_app_data = 2; - return -1; - } else { - al = SSL_AD_UNEXPECTED_MESSAGE; - OPENSSL_PUT_ERROR(SSL, ssl3_read_bytes, SSL_R_UNEXPECTED_RECORD); - goto f_err; - } - } - /* not reached */ + al = SSL_AD_UNEXPECTED_MESSAGE; + OPENSSL_PUT_ERROR(SSL, ssl3_read_bytes, SSL_R_UNEXPECTED_RECORD); f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); @@ -1189,7 +1139,7 @@ int ssl3_dispatch_alert(SSL *s) { void (*cb)(const SSL *ssl, int type, int val) = NULL; s->s3->alert_dispatch = 0; - i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0, 0); + i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0); if (i <= 0) { s->s3->alert_dispatch = 1; } else { diff --git a/src/ssl/s3_srvr.c b/src/ssl/s3_srvr.c index b346d14..3cc3032 100644 --- a/src/ssl/s3_srvr.c +++ b/src/ssl/s3_srvr.c @@ -146,8 +146,6 @@ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR * OTHERWISE. */ -#define NETSCAPE_HANG_BUG - #include #include #include @@ -159,6 +157,7 @@ #include #include #include +#include #include #include #include @@ -168,7 +167,7 @@ #include #include -#include "ssl_locl.h" +#include "internal.h" #include "../crypto/internal.h" #include "../crypto/dh/internal.h" @@ -179,7 +178,7 @@ int ssl3_accept(SSL *s) { BUF_MEM *buf = NULL; - unsigned long alg_a; + uint32_t alg_a; void (*cb)(const SSL *ssl, int type, int val) = NULL; int ret = -1; int new_state, state, skip = 0; @@ -228,11 +227,6 @@ int ssl3_accept(SSL *s) { } s->init_num = 0; - if (!ssl3_setup_buffers(s)) { - ret = -1; - goto end; - } - if (!s->s3->send_connection_binding && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) { /* Server attempting to renegotiate with client that doesn't support @@ -244,7 +238,6 @@ int ssl3_accept(SSL *s) { goto end; } - s->ctx->stats.sess_accept_renegotiate++; s->state = SSL3_ST_SW_HELLO_REQ_A; break; @@ -278,6 +271,15 @@ int ssl3_accept(SSL *s) { cb(s, SSL_CB_HANDSHAKE_START, 1); } + if ((s->version >> 8) != 3) { + /* TODO(davidben): Some consumers clear |s->version| to break the + * handshake in a callback. Remove this when they're using proper + * APIs. */ + OPENSSL_PUT_ERROR(SSL, ssl3_accept, ERR_R_INTERNAL_ERROR); + ret = -1; + goto end; + } + if (s->init_buf == NULL) { buf = BUF_MEM_new(); if (!buf || !BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { @@ -289,6 +291,13 @@ int ssl3_accept(SSL *s) { } s->init_num = 0; + /* Enable a write buffer. This groups handshake messages within a flight + * into a single write. */ + if (!ssl_init_wbio_buffer(s, 1)) { + ret = -1; + goto end; + } + if (!ssl3_init_finished_mac(s)) { OPENSSL_PUT_ERROR(SSL, ssl3_accept, ERR_R_INTERNAL_ERROR); ret = -1; @@ -296,22 +305,10 @@ int ssl3_accept(SSL *s) { } if (!s->s3->have_version) { - /* This is the initial handshake. The record layer has not been - * initialized yet. Sniff for a V2ClientHello before reading a - * ClientHello normally. */ - assert(s->s3->rbuf.buf == NULL); - assert(s->s3->wbuf.buf == NULL); s->state = SSL3_ST_SR_INITIAL_BYTES; } else { - /* Enable a write buffer. This groups handshake messages within a - * flight into a single write. */ - if (!ssl3_setup_buffers(s) || !ssl_init_wbio_buffer(s, 1)) { - ret = -1; - goto end; - } s->state = SSL3_ST_SR_CLNT_HELLO_A; } - s->ctx->stats.sess_accept++; break; case SSL3_ST_SR_INITIAL_BYTES: @@ -337,14 +334,6 @@ int ssl3_accept(SSL *s) { case SSL3_ST_SR_CLNT_HELLO_D: s->shutdown = 0; ret = ssl3_get_client_hello(s); - if (ret == PENDING_SESSION) { - s->rwstate = SSL_PENDING_SESSION; - goto end; - } - if (ret == CERTIFICATE_SELECTION_PENDING) { - s->rwstate = SSL_CERTIFICATE_SELECTION_PENDING; - goto end; - } if (ret <= 0) { goto end; } @@ -404,8 +393,9 @@ int ssl3_accept(SSL *s) { if (ssl_cipher_requires_server_key_exchange(s->s3->tmp.new_cipher) || ((alg_a & SSL_aPSK) && s->psk_identity_hint)) { ret = ssl3_send_server_key_exchange(s); - if (ret <= 0) + if (ret <= 0) { goto end; + } } else { skip = 1; } @@ -425,13 +415,6 @@ int ssl3_accept(SSL *s) { * don't request cert during re-negotiation: */ ((s->session->peer != NULL) && (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || - /* never request cert in anonymous ciphersuites - * (see section "Certificate request" in SSL 3 drafts - * and in RFC 2246): */ - ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && - /* ... except when the application insists on verification - * (against the specs, but s3_clnt.c accepts this for SSL 3) */ - !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) || /* With normal PSK Certificates and * Certificate Requests are omitted */ (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { @@ -449,14 +432,7 @@ int ssl3_accept(SSL *s) { if (ret <= 0) { goto end; } -#ifndef NETSCAPE_HANG_BUG s->state = SSL3_ST_SW_SRVR_DONE_A; -#else - /* ServerHelloDone was already sent in the - * previous record. */ - s->state = SSL3_ST_SW_FLUSH; - s->s3->tmp.next_state = SSL3_ST_SR_CERT_A; -#endif s->init_num = 0; } break; @@ -659,7 +635,7 @@ int ssl3_accept(SSL *s) { /* If we aren't retaining peer certificates then we can discard it * now. */ - if (s->session->peer && s->ctx->retain_only_sha256_of_client_certs) { + if (s->ctx->retain_only_sha256_of_client_certs) { X509_free(s->session->peer); s->session->peer = NULL; } @@ -671,8 +647,6 @@ int ssl3_accept(SSL *s) { ssl_update_cache(s, SSL_SESS_CACHE_SERVER); - s->ctx->stats.sess_accept_good++; - if (cb != NULL) { cb(s, SSL_CB_HANDSHAKE_DONE, 1); } @@ -698,9 +672,7 @@ int ssl3_accept(SSL *s) { end: s->in_handshake--; - if (buf != NULL) { - BUF_MEM_free(buf); - } + BUF_MEM_free(buf); if (cb != NULL) { cb(s, SSL_CB_ACCEPT_EXIT, ret); } @@ -770,10 +742,12 @@ int ssl3_get_initial_bytes(SSL *s) { p[5] == SSL3_MT_CLIENT_HELLO) { /* This is a ClientHello. Initialize the record layer with the already * consumed data and continue the handshake. */ - if (!ssl3_setup_buffers(s) || !ssl_init_wbio_buffer(s, 1)) { + if (!ssl3_setup_read_buffer(s)) { return -1; } assert(s->rstate == SSL_ST_READ_HEADER); + /* There cannot have already been data in the record layer. */ + assert(s->s3->rbuf.left == 0); memcpy(s->s3->rbuf.buf, p, s->s3->sniff_buffer_len); s->s3->rbuf.offset = 0; s->s3->rbuf.left = s->s3->sniff_buffer_len; @@ -829,7 +803,10 @@ int ssl3_get_v2_client_hello(SSL *s) { /* The V2ClientHello without the length is incorporated into the Finished * hash. */ - ssl3_finish_mac(s, CBS_data(&v2_client_hello), CBS_len(&v2_client_hello)); + if (!ssl3_finish_mac(s, CBS_data(&v2_client_hello), + CBS_len(&v2_client_hello))) { + return -1; + } if (s->msg_callback) { s->msg_callback(0, SSL2_VERSION, 0, CBS_data(&v2_client_hello), CBS_len(&v2_client_hello), s, s->msg_callback_arg); @@ -913,11 +890,6 @@ int ssl3_get_v2_client_hello(SSL *s) { /* The handshake message header is 4 bytes. */ s->s3->tmp.message_size = len - 4; - /* Initialize the record layer. */ - if (!ssl3_setup_buffers(s) || !ssl_init_wbio_buffer(s, 1)) { - return -1; - } - /* Drop the sniff buffer. */ BUF_MEM_free(s->s3->sniff_buffer); s->s3->sniff_buffer = NULL; @@ -928,7 +900,9 @@ int ssl3_get_v2_client_hello(SSL *s) { int ssl3_send_hello_request(SSL *s) { if (s->state == SSL3_ST_SW_HELLO_REQ_A) { - ssl_set_handshake_header(s, SSL3_MT_HELLO_REQUEST, 0); + if (!ssl_set_handshake_header(s, SSL3_MT_HELLO_REQUEST, 0)) { + return -1; + } s->state = SSL3_ST_SW_HELLO_REQ_B; } @@ -956,31 +930,12 @@ int ssl3_get_client_hello(SSL *s) { n = s->method->ssl_get_message( s, SSL3_ST_SR_CLNT_HELLO_A, SSL3_ST_SR_CLNT_HELLO_B, SSL3_MT_CLIENT_HELLO, SSL3_RT_MAX_PLAIN_LENGTH, - SSL_GET_MESSAGE_HASH_MESSAGE, &ok); + ssl_hash_message, &ok); if (!ok) { return n; } - /* If we require cookies and this ClientHello doesn't contain one, just - * return since we do not want to allocate any memory yet. So check - * cookie length... */ - if (SSL_IS_DTLS(s) && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)) { - uint8_t cookie_length; - - CBS_init(&client_hello, s->init_msg, n); - if (!CBS_skip(&client_hello, 2 + SSL3_RANDOM_SIZE) || - !CBS_get_u8_length_prefixed(&client_hello, &session_id) || - !CBS_get_u8(&client_hello, &cookie_length)) { - al = SSL_AD_DECODE_ERROR; - OPENSSL_PUT_ERROR(SSL, ssl3_get_client_hello, SSL_R_DECODE_ERROR); - goto f_err; - } - - if (cookie_length == 0) { - return 1; - } - } s->state = SSL3_ST_SR_CLNT_HELLO_C; /* fallthrough */ case SSL3_ST_SR_CLNT_HELLO_C: @@ -1006,7 +961,8 @@ int ssl3_get_client_hello(SSL *s) { s->state = SSL3_ST_SR_CLNT_HELLO_D; switch (s->ctx->select_certificate_cb(&early_ctx)) { case 0: - return CERTIFICATE_SELECTION_PENDING; + s->rwstate = SSL_CERTIFICATE_SELECTION_PENDING; + goto err; case -1: /* Connection rejected. */ @@ -1053,27 +1009,6 @@ int ssl3_get_client_hello(SSL *s) { OPENSSL_PUT_ERROR(SSL, ssl3_get_client_hello, SSL_R_DECODE_ERROR); goto f_err; } - - /* Verify the cookie if appropriate option is set. */ - if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) && CBS_len(&cookie) > 0) { - if (s->ctx->app_verify_cookie_cb != NULL) { - if (s->ctx->app_verify_cookie_cb(s, CBS_data(&cookie), - CBS_len(&cookie)) == 0) { - al = SSL_AD_HANDSHAKE_FAILURE; - OPENSSL_PUT_ERROR(SSL, ssl3_get_client_hello, SSL_R_COOKIE_MISMATCH); - goto f_err; - } - /* else cookie verification succeeded */ - } else if (!CBS_mem_equal(&cookie, s->d1->cookie, s->d1->cookie_len)) { - /* default verification */ - al = SSL_AD_HANDSHAKE_FAILURE; - OPENSSL_PUT_ERROR(SSL, ssl3_get_client_hello, SSL_R_COOKIE_MISMATCH); - goto f_err; - } - /* Set to -2 so if successful we return 2 and don't send - * HelloVerifyRequest. */ - ret = -2; - } } if (!s->s3->have_version) { @@ -1118,7 +1053,7 @@ int ssl3_get_client_hello(SSL *s) { } else { i = ssl_get_prev_session(s, &early_ctx); if (i == PENDING_SESSION) { - ret = PENDING_SESSION; + s->rwstate = SSL_PENDING_SESSION; goto err; } else if (i == -1) { goto err; @@ -1136,7 +1071,16 @@ int ssl3_get_client_hello(SSL *s) { } } + if (s->ctx->dos_protection_cb != NULL && s->ctx->dos_protection_cb(&early_ctx) == 0) { + /* Connection rejected for DOS reasons. */ + al = SSL_AD_ACCESS_DENIED; + OPENSSL_PUT_ERROR(SSL, ssl3_get_client_hello, SSL_R_CONNECTION_REJECTED); + goto f_err; + } + if (!CBS_get_u16_length_prefixed(&client_hello, &cipher_suites) || + CBS_len(&cipher_suites) == 0 || + CBS_len(&cipher_suites) % 2 != 0 || !CBS_get_u8_length_prefixed(&client_hello, &compression_methods) || CBS_len(&compression_methods) == 0) { al = SSL_AD_DECODE_ERROR; @@ -1144,28 +1088,16 @@ int ssl3_get_client_hello(SSL *s) { goto f_err; } - /* TODO(davidben): Per spec, cipher_suites can never be empty (specified at - * the ClientHello structure level). This logic allows it to be empty if - * resuming a session. Can we always require non-empty? If a client sends - * empty cipher_suites because it's resuming a session, it could always fail - * to resume a session, so it's unlikely to actually work. */ - if (CBS_len(&cipher_suites) == 0 && CBS_len(&session_id) != 0) { - /* We need a cipher if we are not resuming a session. */ - al = SSL_AD_ILLEGAL_PARAMETER; - OPENSSL_PUT_ERROR(SSL, ssl3_get_client_hello, SSL_R_NO_CIPHERS_SPECIFIED); - goto f_err; - } - ciphers = ssl_bytes_to_cipher_list(s, &cipher_suites); if (ciphers == NULL) { goto err; } /* If it is a hit, check that the cipher is in the list. */ - if (s->hit && CBS_len(&cipher_suites) > 0) { + if (s->hit) { size_t j; int found_cipher = 0; - unsigned long id = s->session->cipher->id; + uint32_t id = s->session->cipher->id; for (j = 0; j < sk_SSL_CIPHER_num(ciphers); j++) { c = sk_SSL_CIPHER_value(ciphers, j); @@ -1269,9 +1201,7 @@ int ssl3_get_client_hello(SSL *s) { } err: - if (ciphers != NULL) { - sk_SSL_CIPHER_free(ciphers); - } + sk_SSL_CIPHER_free(ciphers); return ret; } @@ -1285,7 +1215,7 @@ int ssl3_send_server_hello(SSL *s) { /* We only accept ChannelIDs on connections with ECDHE in order to avoid a * known attack while we fix ChannelID itself. */ if (s->s3->tlsext_channel_id_valid && - (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kEECDH) == 0) { + (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kECDHE) == 0) { s->s3->tlsext_channel_id_valid = 0; } @@ -1354,7 +1284,9 @@ int ssl3_send_server_hello(SSL *s) { /* do the header */ l = (p - d); - ssl_set_handshake_header(s, SSL3_MT_SERVER_HELLO, l); + if (!ssl_set_handshake_header(s, SSL3_MT_SERVER_HELLO, l)) { + return -1; + } s->state = SSL3_ST_SW_SRVR_HELLO_B; } @@ -1364,7 +1296,9 @@ int ssl3_send_server_hello(SSL *s) { int ssl3_send_server_done(SSL *s) { if (s->state == SSL3_ST_SW_SRVR_DONE_A) { - ssl_set_handshake_header(s, SSL3_MT_SERVER_DONE, 0); + if (!ssl_set_handshake_header(s, SSL3_MT_SERVER_DONE, 0)) { + return -1; + } s->state = SSL3_ST_SW_SRVR_DONE_B; } @@ -1374,7 +1308,7 @@ int ssl3_send_server_done(SSL *s) { int ssl3_send_server_key_exchange(SSL *s) { DH *dh = NULL, *dhp; - EC_KEY *ecdh = NULL, *ecdhp; + EC_KEY *ecdh = NULL; uint8_t *encodedPoint = NULL; int encodedlen = 0; uint16_t curve_id = 0; @@ -1384,8 +1318,8 @@ int ssl3_send_server_key_exchange(SSL *s) { EVP_PKEY *pkey; uint8_t *p, *d; int al, i; - unsigned long alg_k; - unsigned long alg_a; + uint32_t alg_k; + uint32_t alg_a; int n; CERT *cert; BIGNUM *r[4]; @@ -1414,7 +1348,7 @@ int ssl3_send_server_key_exchange(SSL *s) { n += 2 + psk_identity_hint_len; } - if (alg_k & SSL_kEDH) { + if (alg_k & SSL_kDHE) { dhp = cert->dh_tmp; if (dhp == NULL && s->cert->dh_tmp_cb != NULL) { dhp = s->cert->dh_tmp_cb(s, 0, 1024); @@ -1431,46 +1365,37 @@ int ssl3_send_server_key_exchange(SSL *s) { ERR_R_INTERNAL_ERROR); goto err; } - dh = DHparams_dup(dhp); if (dh == NULL) { OPENSSL_PUT_ERROR(SSL, ssl3_send_server_key_exchange, ERR_R_DH_LIB); goto err; } - s->s3->tmp.dh = dh; - if (dhp->pub_key == NULL || dhp->priv_key == NULL || - (s->options & SSL_OP_SINGLE_DH_USE)) { - if (!DH_generate_key(dh)) { - OPENSSL_PUT_ERROR(SSL, ssl3_send_server_key_exchange, ERR_R_DH_LIB); - goto err; - } - } else { - dh->pub_key = BN_dup(dhp->pub_key); - dh->priv_key = BN_dup(dhp->priv_key); - if (dh->pub_key == NULL || dh->priv_key == NULL) { - OPENSSL_PUT_ERROR(SSL, ssl3_send_server_key_exchange, ERR_R_DH_LIB); - goto err; - } + + if (!DH_generate_key(dh)) { + OPENSSL_PUT_ERROR(SSL, ssl3_send_server_key_exchange, ERR_R_DH_LIB); + goto err; } r[0] = dh->p; r[1] = dh->g; r[2] = dh->pub_key; - } else if (alg_k & SSL_kEECDH) { - const EC_GROUP *group; - - ecdhp = cert->ecdh_tmp; - if (s->cert->ecdh_tmp_auto) { - /* Get NID of appropriate shared curve */ - int nid = tls1_get_shared_curve(s); - if (nid != NID_undef) { - ecdhp = EC_KEY_new_by_curve_name(nid); + } else if (alg_k & SSL_kECDHE) { + /* Determine the curve to use. */ + int nid = NID_undef; + if (cert->ecdh_nid != NID_undef) { + nid = cert->ecdh_nid; + } else if (cert->ecdh_tmp_cb != NULL) { + /* Note: |ecdh_tmp_cb| does NOT pass ownership of the result + * to the caller. */ + EC_KEY *template = s->cert->ecdh_tmp_cb(s, 0, 1024); + if (template != NULL && EC_KEY_get0_group(template) != NULL) { + nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(template)); } - } else if (ecdhp == NULL && s->cert->ecdh_tmp_cb) { - ecdhp = s->cert->ecdh_tmp_cb(s, 0, 1024); + } else { + nid = tls1_get_shared_curve(s); } - if (ecdhp == NULL) { + if (nid == NID_undef) { al = SSL_AD_HANDSHAKE_FAILURE; OPENSSL_PUT_ERROR(SSL, ssl3_send_server_key_exchange, SSL_R_MISSING_TMP_ECDH_KEY); @@ -1482,42 +1407,19 @@ int ssl3_send_server_key_exchange(SSL *s) { ERR_R_INTERNAL_ERROR); goto err; } - - /* Duplicate the ECDH structure. */ - if (ecdhp == NULL) { - OPENSSL_PUT_ERROR(SSL, ssl3_send_server_key_exchange, ERR_R_ECDH_LIB); + ecdh = EC_KEY_new_by_curve_name(nid); + if (ecdh == NULL) { goto err; } - - if (s->cert->ecdh_tmp_auto) { - ecdh = ecdhp; - } else { - ecdh = EC_KEY_dup(ecdhp); - if (ecdh == NULL) { - OPENSSL_PUT_ERROR(SSL, ssl3_send_server_key_exchange, ERR_R_ECDH_LIB); - goto err; - } - } - s->s3->tmp.ecdh = ecdh; - if (EC_KEY_get0_public_key(ecdh) == NULL || - EC_KEY_get0_private_key(ecdh) == NULL || - (s->options & SSL_OP_SINGLE_ECDH_USE)) { - if (!EC_KEY_generate_key(ecdh)) { - OPENSSL_PUT_ERROR(SSL, ssl3_send_server_key_exchange, ERR_R_ECDH_LIB); - goto err; - } - } - group = EC_KEY_get0_group(ecdh); - if (group == NULL || - EC_KEY_get0_public_key(ecdh) == NULL || - EC_KEY_get0_private_key(ecdh) == NULL) { + if (!EC_KEY_generate_key(ecdh)) { OPENSSL_PUT_ERROR(SSL, ssl3_send_server_key_exchange, ERR_R_ECDH_LIB); goto err; } /* We only support ephemeral ECDH keys over named (not generic) curves. */ + const EC_GROUP *group = EC_KEY_get0_group(ecdh); if (!tls1_ec_nid2curve_id(&curve_id, EC_GROUP_get_curve_name(group))) { OPENSSL_PUT_ERROR(SSL, ssl3_send_server_key_exchange, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); @@ -1597,7 +1499,7 @@ int ssl3_send_server_key_exchange(SSL *s) { p += nr[i]; } - /* Note: ECDHE PSK ciphersuites use SSL_kEECDH and SSL_aPSK. When one of + /* Note: ECDHE PSK ciphersuites use SSL_kECDHE and SSL_aPSK. When one of * them is used, the server key exchange record needs to have both the * psk_identity_hint and the ServerECDHParams. */ if (alg_a & SSL_aPSK) { @@ -1609,7 +1511,7 @@ int ssl3_send_server_key_exchange(SSL *s) { } } - if (alg_k & SSL_kEECDH) { + if (alg_k & SSL_kECDHE) { /* We only support named (not generic) curves. In this situation, the * serverKeyExchange message has: * [1 byte CurveType], [2 byte CurveName] @@ -1667,7 +1569,9 @@ int ssl3_send_server_key_exchange(SSL *s) { } } - ssl_set_handshake_header(s, SSL3_MT_SERVER_KEY_EXCHANGE, n); + if (!ssl_set_handshake_header(s, SSL3_MT_SERVER_KEY_EXCHANGE, n)) { + goto err; + } } s->state = SSL3_ST_SW_KEY_EXCH_B; @@ -1677,9 +1581,7 @@ int ssl3_send_server_key_exchange(SSL *s) { f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); err: - if (encodedPoint != NULL) { - OPENSSL_free(encodedPoint); - } + OPENSSL_free(encodedPoint); BN_CTX_free(bn_ctx); EVP_MD_CTX_cleanup(&md_ctx); return -1; @@ -1740,27 +1642,9 @@ int ssl3_send_certificate_request(SSL *s) { p = ssl_handshake_start(s) + off; s2n(nl, p); - ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_REQUEST, n); - -#ifdef NETSCAPE_HANG_BUG - if (!SSL_IS_DTLS(s)) { - /* Prepare a ServerHelloDone in the same record. This is to workaround a - * hang in Netscape. */ - if (!BUF_MEM_grow_clean(buf, s->init_num + 4)) { - OPENSSL_PUT_ERROR(SSL, ssl3_send_certificate_request, ERR_R_BUF_LIB); - goto err; - } - p = (uint8_t *)s->init_buf->data + s->init_num; - /* do the header */ - *(p++) = SSL3_MT_SERVER_DONE; - *(p++) = 0; - *(p++) = 0; - *(p++) = 0; - s->init_num += 4; - ssl3_finish_mac(s, p - 4, 4); + if (!ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_REQUEST, n)) { + goto err; } -#endif - s->state = SSL3_ST_SW_CERT_REQ_B; } @@ -1775,8 +1659,8 @@ int ssl3_get_client_key_exchange(SSL *s) { int al, ok; long n; CBS client_key_exchange; - unsigned long alg_k; - unsigned long alg_a; + uint32_t alg_k; + uint32_t alg_a; uint8_t *premaster_secret = NULL; size_t premaster_secret_len = 0; RSA *rsa = NULL; @@ -1795,7 +1679,7 @@ int ssl3_get_client_key_exchange(SSL *s) { n = s->method->ssl_get_message(s, SSL3_ST_SR_KEY_EXCH_A, SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048, /* ??? */ - SSL_GET_MESSAGE_HASH_MESSAGE, &ok); + ssl_hash_message, &ok); if (!ok) { return n; @@ -1983,7 +1867,7 @@ int ssl3_get_client_key_exchange(SSL *s) { } premaster_secret_len = sizeof(rand_premaster_secret); - } else if (alg_k & SSL_kEDH) { + } else if (alg_k & SSL_kDHE) { CBS dh_Yc; int dh_len; @@ -2014,6 +1898,7 @@ int ssl3_get_client_key_exchange(SSL *s) { if (premaster_secret == NULL) { OPENSSL_PUT_ERROR(SSL, ssl3_get_client_key_exchange, ERR_R_MALLOC_FAILURE); + BN_clear_free(pub); goto err; } @@ -2030,7 +1915,7 @@ int ssl3_get_client_key_exchange(SSL *s) { pub = NULL; premaster_secret_len = dh_len; - } else if (alg_k & SSL_kEECDH) { + } else if (alg_k & SSL_kECDHE) { int field_size = 0, ecdh_len; const EC_KEY *tkey; const EC_GROUP *group; @@ -2191,14 +2076,10 @@ err: } OPENSSL_free(premaster_secret); } - if (decrypt_buf) { - OPENSSL_free(decrypt_buf); - } + OPENSSL_free(decrypt_buf); EVP_PKEY_free(clnt_pub_pkey); EC_POINT_free(clnt_ecpoint); - if (srvr_ecdh != NULL) { - EC_KEY_free(srvr_ecdh); - } + EC_KEY_free(srvr_ecdh); BN_CTX_free(bn_ctx); return -1; @@ -2229,7 +2110,7 @@ int ssl3_get_cert_verify(SSL *s) { n = s->method->ssl_get_message( s, SSL3_ST_SR_CERT_VRFY_A, SSL3_ST_SR_CERT_VRFY_B, SSL3_MT_CERTIFICATE_VERIFY, SSL3_RT_MAX_PLAIN_LENGTH, - SSL_GET_MESSAGE_DONT_HASH_MESSAGE, &ok); + ssl_dont_hash_message, &ok); if (!ok) { return n; @@ -2237,6 +2118,9 @@ int ssl3_get_cert_verify(SSL *s) { /* Filter out unsupported certificate types. */ pkey = X509_get_pubkey(peer); + if (pkey == NULL) { + goto err; + } if (!(X509_certificate_type(peer, pkey) & EVP_PKT_SIGN) || (pkey->type != EVP_PKEY_RSA && pkey->type != EVP_PKEY_EC)) { al = SSL_AD_UNSUPPORTED_CERTIFICATE; @@ -2264,7 +2148,9 @@ int ssl3_get_cert_verify(SSL *s) { !ssl3_digest_cached_records(s, free_handshake_buffer)) { goto err; } - ssl3_hash_current_message(s); + if (!ssl3_hash_current_message(s)) { + goto err; + } /* Parse and verify the signature. */ if (!CBS_get_u16_length_prefixed(&certificate_verify, &signature) || @@ -2311,8 +2197,7 @@ int ssl3_get_client_certificate(SSL *s) { int is_first_certificate = 1; n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B, -1, - s->max_cert_list, SSL_GET_MESSAGE_HASH_MESSAGE, - &ok); + (long)s->max_cert_list, ssl_hash_message, &ok); if (!ok) { return n; @@ -2433,11 +2318,7 @@ int ssl3_get_client_certificate(SSL *s) { } } - if (s->session->peer != NULL) { - /* This should not be needed */ - X509_free(s->session->peer); - } - + X509_free(s->session->peer); s->session->peer = sk_X509_shift(sk); s->session->verify_result = s->verify_result; @@ -2450,9 +2331,7 @@ int ssl3_get_client_certificate(SSL *s) { goto err; } } - if (s->session->sess_cert->cert_chain != NULL) { - sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free); - } + sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free); s->session->sess_cert->cert_chain = sk; /* Inconsistency alert: cert_chain does *not* include the peer's own * certificate, while we do include it in s3_clnt.c */ @@ -2467,12 +2346,8 @@ int ssl3_get_client_certificate(SSL *s) { } err: - if (x != NULL) { - X509_free(x); - } - if (sk != NULL) { - sk_X509_pop_free(sk, X509_free); - } + X509_free(x); + sk_X509_pop_free(sk, X509_free); return ret; } @@ -2487,7 +2362,9 @@ int ssl3_send_server_certificate(SSL *s) { return 0; } - ssl3_output_cert_chain(s, cpk); + if (!ssl3_output_cert_chain(s, cpk)) { + return 0; + } s->state = SSL3_ST_SW_CERT_B; } @@ -2497,14 +2374,19 @@ int ssl3_send_server_certificate(SSL *s) { /* send a new session ticket (not necessarily for a new session) */ int ssl3_send_new_session_ticket(SSL *s) { + int ret = -1; + uint8_t *session = NULL; + size_t session_len; + EVP_CIPHER_CTX ctx; + HMAC_CTX hctx; + + EVP_CIPHER_CTX_init(&ctx); + HMAC_CTX_init(&hctx); + if (s->state == SSL3_ST_SW_SESSION_TICKET_A) { - uint8_t *session; - size_t session_len; uint8_t *p, *macstart; int len; unsigned int hlen; - EVP_CIPHER_CTX ctx; - HMAC_CTX hctx; SSL_CTX *tctx = s->initial_ctx; uint8_t iv[EVP_MAX_IV_LENGTH]; uint8_t key_name[16]; @@ -2515,7 +2397,7 @@ int ssl3_send_new_session_ticket(SSL *s) { /* Serialize the SSL_SESSION to be encoded into the ticket. */ if (!SSL_SESSION_to_bytes_for_ticket(s->session, &session, &session_len)) { - return -1; + goto err; } /* If the session is too long, emit a dummy value rather than abort the @@ -2525,6 +2407,7 @@ int ssl3_send_new_session_ticket(SSL *s) { const size_t placeholder_len = strlen(kTicketPlaceholder); OPENSSL_free(session); + session = NULL; p = ssl_handshake_start(s); /* Emit ticket_lifetime_hint. */ @@ -2535,7 +2418,9 @@ int ssl3_send_new_session_ticket(SSL *s) { p += placeholder_len; len = p - ssl_handshake_start(s); - ssl_set_handshake_header(s, SSL3_MT_NEWSESSION_TICKET, len); + if (!ssl_set_handshake_header(s, SSL3_MT_NEWSESSION_TICKET, len)) { + goto err; + } s->state = SSL3_ST_SW_SESSION_TICKET_B; return ssl_do_write(s); } @@ -2545,20 +2430,15 @@ int ssl3_send_new_session_ticket(SSL *s) { * max_ticket_overhead + * session_length */ if (!BUF_MEM_grow(s->init_buf, SSL_HM_HEADER_LENGTH(s) + 6 + max_ticket_overhead + session_len)) { - OPENSSL_free(session); - return -1; + goto err; } p = ssl_handshake_start(s); - EVP_CIPHER_CTX_init(&ctx); - HMAC_CTX_init(&hctx); /* Initialize HMAC and cipher contexts. If callback present it does all the * work otherwise use generated values from parent ctx. */ if (tctx->tlsext_ticket_key_cb) { - if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, &hctx, 1) < 0) { - OPENSSL_free(session); - EVP_CIPHER_CTX_cleanup(&ctx); - HMAC_CTX_cleanup(&hctx); - return -1; + if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, &hctx, + 1 /* encrypt */) < 0) { + goto err; } } else { if (!RAND_bytes(iv, 16) || @@ -2566,10 +2446,7 @@ int ssl3_send_new_session_ticket(SSL *s) { tctx->tlsext_tick_aes_key, iv) || !HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, tlsext_tick_md(), NULL)) { - OPENSSL_free(session); - EVP_CIPHER_CTX_cleanup(&ctx); - HMAC_CTX_cleanup(&hctx); - return -1; + goto err; } memcpy(key_name, tctx->tlsext_tick_key_name, 16); } @@ -2589,15 +2466,19 @@ int ssl3_send_new_session_ticket(SSL *s) { memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx)); p += EVP_CIPHER_CTX_iv_length(&ctx); /* Encrypt session data */ - EVP_EncryptUpdate(&ctx, p, &len, session, session_len); + if (!EVP_EncryptUpdate(&ctx, p, &len, session, session_len)) { + goto err; + } p += len; - EVP_EncryptFinal_ex(&ctx, p, &len); + if (!EVP_EncryptFinal_ex(&ctx, p, &len)) { + goto err; + } p += len; - EVP_CIPHER_CTX_cleanup(&ctx); - HMAC_Update(&hctx, macstart, p - macstart); - HMAC_Final(&hctx, p, &hlen); - HMAC_CTX_cleanup(&hctx); + if (!HMAC_Update(&hctx, macstart, p - macstart) || + !HMAC_Final(&hctx, p, &hlen)) { + goto err; + } p += hlen; /* Now write out lengths: p points to end of data written */ @@ -2606,13 +2487,20 @@ int ssl3_send_new_session_ticket(SSL *s) { /* Skip ticket lifetime hint */ p = ssl_handshake_start(s) + 4; s2n(len - 6, p); - ssl_set_handshake_header(s, SSL3_MT_NEWSESSION_TICKET, len); + if (!ssl_set_handshake_header(s, SSL3_MT_NEWSESSION_TICKET, len)) { + goto err; + } s->state = SSL3_ST_SW_SESSION_TICKET_B; - OPENSSL_free(session); } /* SSL3_ST_SW_SESSION_TICKET_B */ - return ssl_do_write(s); + ret = ssl_do_write(s); + +err: + OPENSSL_free(session); + EVP_CIPHER_CTX_cleanup(&ctx); + HMAC_CTX_cleanup(&hctx); + return ret; } /* ssl3_get_next_proto reads a Next Protocol Negotiation handshake message. It @@ -2633,7 +2521,7 @@ int ssl3_get_next_proto(SSL *s) { n = s->method->ssl_get_message(s, SSL3_ST_SR_NEXT_PROTO_A, SSL3_ST_SR_NEXT_PROTO_B, SSL3_MT_NEXT_PROTO, 514, /* See the payload format below */ - SSL_GET_MESSAGE_HASH_MESSAGE, &ok); + ssl_hash_message, &ok); if (!ok) { return n; @@ -2688,7 +2576,7 @@ int ssl3_get_channel_id(SSL *s) { n = s->method->ssl_get_message( s, SSL3_ST_SR_CHANNEL_ID_A, SSL3_ST_SR_CHANNEL_ID_B, SSL3_MT_ENCRYPTED_EXTENSIONS, 2 + 2 + TLSEXT_CHANNEL_ID_SIZE, - SSL_GET_MESSAGE_DONT_HASH_MESSAGE, &ok); + ssl_dont_hash_message, &ok); if (!ok) { return n; @@ -2707,7 +2595,9 @@ int ssl3_get_channel_id(SSL *s) { EVP_MD_CTX_cleanup(&md_ctx); assert(channel_id_hash_len == SHA256_DIGEST_LENGTH); - ssl3_hash_current_message(s); + if (!ssl3_hash_current_message(s)) { + return -1; + } /* s->state doesn't reflect whether ChangeCipherSpec has been received in * this handshake, but s->s3->change_cipher_spec does (will be reset by @@ -2757,6 +2647,9 @@ int ssl3_get_channel_id(SSL *s) { BN_init(&y); sig.r = BN_new(); sig.s = BN_new(); + if (sig.r == NULL || sig.s == NULL) { + goto err; + } p = CBS_data(&extension); if (BN_bin2bn(p + 0, 32, &x) == NULL || @@ -2794,14 +2687,8 @@ err: BN_free(&y); BN_free(sig.r); BN_free(sig.s); - if (key) { - EC_KEY_free(key); - } - if (point) { - EC_POINT_free(point); - } - if (p256) { - EC_GROUP_free(p256); - } + EC_KEY_free(key); + EC_POINT_free(point); + EC_GROUP_free(p256); return ret; } diff --git a/src/ssl/ssl_algs.c b/src/ssl/ssl_algs.c index 6ec88bf..fda39a5 100644 --- a/src/ssl/ssl_algs.c +++ b/src/ssl/ssl_algs.c @@ -54,18 +54,13 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#include "ssl_locl.h" +#include "internal.h" #include -extern const ERR_STRING_DATA SSL_error_string_data[]; - int SSL_library_init(void) { CRYPTO_library_init(); - ERR_load_crypto_strings(); - ERR_load_strings(SSL_error_string_data); return 1; } -void SSL_load_error_strings(void) { -} +void SSL_load_error_strings(void) {} diff --git a/src/ssl/ssl_asn1.c b/src/ssl/ssl_asn1.c index d39da87..eb0c725 100644 --- a/src/ssl/ssl_asn1.c +++ b/src/ssl/ssl_asn1.c @@ -85,9 +85,10 @@ #include #include +#include #include -#include "ssl_locl.h" +#include "internal.h" /* An SSL_SESSION is serialized as the following ASN.1 structure: @@ -177,14 +178,14 @@ static int SSL_SESSION_to_bytes_full(SSL_SESSION *in, uint8_t **out_data, for_ticket ? 0 : in->session_id_length) || !CBB_add_asn1(&session, &child, CBS_ASN1_OCTETSTRING) || !CBB_add_bytes(&child, in->master_key, in->master_key_length)) { - OPENSSL_PUT_ERROR(SSL, i2d_SSL_SESSION, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(SSL, SSL_SESSION_to_bytes_full, ERR_R_MALLOC_FAILURE); goto err; } if (in->time != 0) { if (!CBB_add_asn1(&session, &child, kTimeTag) || !CBB_add_asn1_uint64(&child, in->time)) { - OPENSSL_PUT_ERROR(SSL, i2d_SSL_SESSION, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(SSL, SSL_SESSION_to_bytes_full, ERR_R_MALLOC_FAILURE); goto err; } } @@ -192,7 +193,7 @@ static int SSL_SESSION_to_bytes_full(SSL_SESSION *in, uint8_t **out_data, if (in->timeout != 0) { if (!CBB_add_asn1(&session, &child, kTimeoutTag) || !CBB_add_asn1_uint64(&child, in->timeout)) { - OPENSSL_PUT_ERROR(SSL, i2d_SSL_SESSION, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(SSL, SSL_SESSION_to_bytes_full, ERR_R_MALLOC_FAILURE); goto err; } } @@ -207,7 +208,7 @@ static int SSL_SESSION_to_bytes_full(SSL_SESSION *in, uint8_t **out_data, } if (!CBB_add_asn1(&session, &child, kPeerTag) || !CBB_add_space(&child, &buf, len)) { - OPENSSL_PUT_ERROR(SSL, i2d_SSL_SESSION, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(SSL, SSL_SESSION_to_bytes_full, ERR_R_MALLOC_FAILURE); goto err; } if (buf != NULL && i2d_X509(in->peer, &buf) < 0) { @@ -220,14 +221,14 @@ static int SSL_SESSION_to_bytes_full(SSL_SESSION *in, uint8_t **out_data, if (!CBB_add_asn1(&session, &child, kSessionIDContextTag) || !CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) || !CBB_add_bytes(&child2, in->sid_ctx, in->sid_ctx_length)) { - OPENSSL_PUT_ERROR(SSL, i2d_SSL_SESSION, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(SSL, SSL_SESSION_to_bytes_full, ERR_R_MALLOC_FAILURE); goto err; } if (in->verify_result != X509_V_OK) { if (!CBB_add_asn1(&session, &child, kVerifyResultTag) || !CBB_add_asn1_uint64(&child, in->verify_result)) { - OPENSSL_PUT_ERROR(SSL, i2d_SSL_SESSION, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(SSL, SSL_SESSION_to_bytes_full, ERR_R_MALLOC_FAILURE); goto err; } } @@ -237,7 +238,7 @@ static int SSL_SESSION_to_bytes_full(SSL_SESSION *in, uint8_t **out_data, !CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) || !CBB_add_bytes(&child2, (const uint8_t *)in->tlsext_hostname, strlen(in->tlsext_hostname))) { - OPENSSL_PUT_ERROR(SSL, i2d_SSL_SESSION, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(SSL, SSL_SESSION_to_bytes_full, ERR_R_MALLOC_FAILURE); goto err; } } @@ -247,7 +248,7 @@ static int SSL_SESSION_to_bytes_full(SSL_SESSION *in, uint8_t **out_data, !CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) || !CBB_add_bytes(&child2, (const uint8_t *)in->psk_identity, strlen(in->psk_identity))) { - OPENSSL_PUT_ERROR(SSL, i2d_SSL_SESSION, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(SSL, SSL_SESSION_to_bytes_full, ERR_R_MALLOC_FAILURE); goto err; } } @@ -255,7 +256,7 @@ static int SSL_SESSION_to_bytes_full(SSL_SESSION *in, uint8_t **out_data, if (in->tlsext_tick_lifetime_hint > 0) { if (!CBB_add_asn1(&session, &child, kTicketLifetimeHintTag) || !CBB_add_asn1_uint64(&child, in->tlsext_tick_lifetime_hint)) { - OPENSSL_PUT_ERROR(SSL, i2d_SSL_SESSION, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(SSL, SSL_SESSION_to_bytes_full, ERR_R_MALLOC_FAILURE); goto err; } } @@ -264,7 +265,7 @@ static int SSL_SESSION_to_bytes_full(SSL_SESSION *in, uint8_t **out_data, if (!CBB_add_asn1(&session, &child, kTicketTag) || !CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) || !CBB_add_bytes(&child2, in->tlsext_tick, in->tlsext_ticklen)) { - OPENSSL_PUT_ERROR(SSL, i2d_SSL_SESSION, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(SSL, SSL_SESSION_to_bytes_full, ERR_R_MALLOC_FAILURE); goto err; } } @@ -273,7 +274,7 @@ static int SSL_SESSION_to_bytes_full(SSL_SESSION *in, uint8_t **out_data, if (!CBB_add_asn1(&session, &child, kPeerSHA256Tag) || !CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) || !CBB_add_bytes(&child2, in->peer_sha256, sizeof(in->peer_sha256))) { - OPENSSL_PUT_ERROR(SSL, i2d_SSL_SESSION, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(SSL, SSL_SESSION_to_bytes_full, ERR_R_MALLOC_FAILURE); goto err; } } @@ -283,7 +284,7 @@ static int SSL_SESSION_to_bytes_full(SSL_SESSION *in, uint8_t **out_data, !CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) || !CBB_add_bytes(&child2, in->original_handshake_hash, in->original_handshake_hash_len)) { - OPENSSL_PUT_ERROR(SSL, i2d_SSL_SESSION, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(SSL, SSL_SESSION_to_bytes_full, ERR_R_MALLOC_FAILURE); goto err; } } @@ -293,7 +294,7 @@ static int SSL_SESSION_to_bytes_full(SSL_SESSION *in, uint8_t **out_data, !CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) || !CBB_add_bytes(&child2, in->tlsext_signed_cert_timestamp_list, in->tlsext_signed_cert_timestamp_list_length)) { - OPENSSL_PUT_ERROR(SSL, i2d_SSL_SESSION, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(SSL, SSL_SESSION_to_bytes_full, ERR_R_MALLOC_FAILURE); goto err; } } @@ -302,7 +303,7 @@ static int SSL_SESSION_to_bytes_full(SSL_SESSION *in, uint8_t **out_data, if (!CBB_add_asn1(&session, &child, kOCSPResponseTag) || !CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) || !CBB_add_bytes(&child2, in->ocsp_response, in->ocsp_response_length)) { - OPENSSL_PUT_ERROR(SSL, i2d_SSL_SESSION, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(SSL, SSL_SESSION_to_bytes_full, ERR_R_MALLOC_FAILURE); goto err; } } @@ -311,13 +312,13 @@ static int SSL_SESSION_to_bytes_full(SSL_SESSION *in, uint8_t **out_data, if (!CBB_add_asn1(&session, &child, kExtendedMasterSecretTag) || !CBB_add_asn1(&child, &child2, CBS_ASN1_BOOLEAN) || !CBB_add_u8(&child2, 0xff)) { - OPENSSL_PUT_ERROR(SSL, i2d_SSL_SESSION, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(SSL, SSL_SESSION_to_bytes_full, ERR_R_MALLOC_FAILURE); goto err; } } if (!CBB_finish(&cbb, out_data, out_len)) { - OPENSSL_PUT_ERROR(SSL, i2d_SSL_SESSION, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(SSL, SSL_SESSION_to_bytes_full, ERR_R_MALLOC_FAILURE); goto err; } return 1; @@ -381,7 +382,7 @@ static int d2i_SSL_SESSION_get_string(CBS *cbs, char **out, unsigned tag) { OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, ERR_R_MALLOC_FAILURE); return 0; } - } else if (*out) { + } else { OPENSSL_free(*out); *out = NULL; } @@ -409,7 +410,7 @@ static int d2i_SSL_SESSION_get_octet_string(CBS *cbs, uint8_t **out_ptr, } SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const uint8_t **pp, long length) { - SSL_SESSION *ret = NULL; + SSL_SESSION *ret, *allocated = NULL; CBS cbs, session, cipher, session_id, master_key; CBS peer, sid_ctx, peer_sha256, original_handshake_hash; int has_peer, has_peer_sha256, extended_master_secret; @@ -419,8 +420,8 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const uint8_t **pp, long length) { if (a && *a) { ret = *a; } else { - ret = SSL_SESSION_new(); - if (ret == NULL) { + ret = allocated = SSL_SESSION_new(); + if (allocated == NULL) { goto err; } } @@ -525,10 +526,8 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const uint8_t **pp, long length) { ret->time = session_time; ret->timeout = timeout; - if (ret->peer != NULL) { - X509_free(ret->peer); - ret->peer = NULL; - } + X509_free(ret->peer); + ret->peer = NULL; if (has_peer) { const uint8_t *ptr; ptr = CBS_data(&peer); @@ -584,8 +583,6 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const uint8_t **pp, long length) { return ret; err: - if (a && *a != ret) { - SSL_SESSION_free(ret); - } + SSL_SESSION_free(allocated); return NULL; } diff --git a/src/ssl/ssl_cert.c b/src/ssl/ssl_cert.c index 624c41a..770912b 100644 --- a/src/ssl/ssl_cert.c +++ b/src/ssl/ssl_cert.c @@ -112,7 +112,9 @@ * ECC cipher suite support in OpenSSL originally developed by * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. */ +#include #include +#include #include #include @@ -126,7 +128,7 @@ #include "../crypto/dh/internal.h" #include "../crypto/directory.h" -#include "ssl_locl.h" +#include "internal.h" int SSL_get_ex_data_X509_STORE_CTX_idx(void) { @@ -178,7 +180,6 @@ CERT *ssl_cert_dup(CERT *cert) { OPENSSL_PUT_ERROR(SSL, ssl_cert_dup, ERR_R_MALLOC_FAILURE); return NULL; } - memset(ret, 0, sizeof(CERT)); ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]]; @@ -213,15 +214,8 @@ CERT *ssl_cert_dup(CERT *cert) { } ret->dh_tmp_cb = cert->dh_tmp_cb; - if (cert->ecdh_tmp) { - ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp); - if (ret->ecdh_tmp == NULL) { - OPENSSL_PUT_ERROR(SSL, ssl_cert_dup, ERR_R_EC_LIB); - goto err; - } - } + ret->ecdh_nid = cert->ecdh_nid; ret->ecdh_tmp_cb = cert->ecdh_tmp_cb; - ret->ecdh_tmp_auto = cert->ecdh_tmp_auto; for (i = 0; i < SSL_PKEY_NUM; i++) { CERT_PKEY *cpk = cert->pkeys + i; @@ -231,7 +225,7 @@ CERT *ssl_cert_dup(CERT *cert) { } if (cpk->privatekey != NULL) { - rpk->privatekey = EVP_PKEY_dup(cpk->privatekey); + rpk->privatekey = EVP_PKEY_up_ref(cpk->privatekey); } if (cpk->chain) { @@ -243,34 +237,24 @@ CERT *ssl_cert_dup(CERT *cert) { } } - /* Peer sigalgs set to NULL as we get these from handshake too */ - ret->peer_sigalgs = NULL; - ret->peer_sigalgslen = 0; - /* Configured sigalgs however we copy across */ - + /* Copy over signature algorithm configuration. */ if (cert->conf_sigalgs) { - ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen); + ret->conf_sigalgs = BUF_memdup(cert->conf_sigalgs, cert->conf_sigalgslen); if (!ret->conf_sigalgs) { goto err; } - memcpy(ret->conf_sigalgs, cert->conf_sigalgs, cert->conf_sigalgslen); ret->conf_sigalgslen = cert->conf_sigalgslen; - } else { - ret->conf_sigalgs = NULL; } if (cert->client_sigalgs) { - ret->client_sigalgs = OPENSSL_malloc(cert->client_sigalgslen); + ret->client_sigalgs = BUF_memdup(cert->client_sigalgs, + cert->client_sigalgslen); if (!ret->client_sigalgs) { goto err; } - memcpy(ret->client_sigalgs, cert->client_sigalgs, cert->client_sigalgslen); ret->client_sigalgslen = cert->client_sigalgslen; - } else { - ret->client_sigalgs = NULL; } - /* Shared sigalgs also NULL */ - ret->shared_sigalgs = NULL; + /* Copy any custom client certificate types */ if (cert->client_certificate_types) { ret->client_certificate_types = BUF_memdup( @@ -281,8 +265,6 @@ CERT *ssl_cert_dup(CERT *cert) { ret->num_client_certificate_types = cert->num_client_certificate_types; } - ret->cert_flags = cert->cert_flags; - ret->cert_cb = cert->cert_cb; ret->cert_cb_arg = cert->cert_cb_arg; @@ -296,8 +278,6 @@ CERT *ssl_cert_dup(CERT *cert) { ret->chain_store = cert->chain_store; } - ret->ciphers_raw = NULL; - return ret; err: @@ -334,79 +314,32 @@ void ssl_cert_free(CERT *c) { return; } - if (c->dh_tmp) { - DH_free(c->dh_tmp); - } - if (c->ecdh_tmp) { - EC_KEY_free(c->ecdh_tmp); - } + DH_free(c->dh_tmp); ssl_cert_clear_certs(c); - if (c->peer_sigalgs) { - OPENSSL_free(c->peer_sigalgs); - } - if (c->conf_sigalgs) { - OPENSSL_free(c->conf_sigalgs); - } - if (c->client_sigalgs) { - OPENSSL_free(c->client_sigalgs); - } - if (c->shared_sigalgs) { - OPENSSL_free(c->shared_sigalgs); - } - if (c->client_certificate_types) { - OPENSSL_free(c->client_certificate_types); - } - if (c->verify_store) { - X509_STORE_free(c->verify_store); - } - if (c->chain_store) { - X509_STORE_free(c->chain_store); - } - if (c->ciphers_raw) { - OPENSSL_free(c->ciphers_raw); - } + OPENSSL_free(c->peer_sigalgs); + OPENSSL_free(c->conf_sigalgs); + OPENSSL_free(c->client_sigalgs); + OPENSSL_free(c->shared_sigalgs); + OPENSSL_free(c->client_certificate_types); + X509_STORE_free(c->verify_store); + X509_STORE_free(c->chain_store); OPENSSL_free(c); } -int ssl_cert_inst(CERT **o) { - /* Create a CERT if there isn't already one (which cannot really happen, as - * it is initially created in SSL_CTX_new; but the earlier code usually - * allows for that one being non-existant, so we follow that behaviour, as it - * might turn out that there actually is a reason for it -- but I'm not sure - * that *all* of the existing code could cope with s->cert being NULL, - * otherwise we could do without the initialization in SSL_CTX_new). */ - - if (o == NULL) { - OPENSSL_PUT_ERROR(SSL, ssl_cert_inst, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (*o == NULL) { - *o = ssl_cert_new(); - if (*o == NULL) { - OPENSSL_PUT_ERROR(SSL, ssl_cert_new, ERR_R_MALLOC_FAILURE); - return 0; - } - } - - return 1; -} - -int ssl_cert_set0_chain(CERT *c, STACK_OF(X509) * chain) { +int ssl_cert_set0_chain(CERT *c, STACK_OF(X509) *chain) { CERT_PKEY *cpk = c->key; if (!cpk) { return 0; } - if (cpk->chain) { - sk_X509_pop_free(cpk->chain, X509_free); - } + sk_X509_pop_free(cpk->chain, X509_free); cpk->chain = chain; return 1; } -int ssl_cert_set1_chain(CERT *c, STACK_OF(X509) * chain) { - STACK_OF(X509) * dchain; +int ssl_cert_set1_chain(CERT *c, STACK_OF(X509) *chain) { + STACK_OF(X509) *dchain; if (!chain) { return ssl_cert_set0_chain(c, NULL); } @@ -499,22 +432,14 @@ void ssl_sess_cert_free(SESS_CERT *sc) { return; } - if (sc->cert_chain != NULL) { - sk_X509_pop_free(sc->cert_chain, X509_free); - } + sk_X509_pop_free(sc->cert_chain, X509_free); for (i = 0; i < SSL_PKEY_NUM; i++) { - if (sc->peer_pkeys[i].x509 != NULL) { - X509_free(sc->peer_pkeys[i].x509); - } + X509_free(sc->peer_pkeys[i].x509); } - if (sc->peer_dh_tmp != NULL) { - DH_free(sc->peer_dh_tmp); - } - if (sc->peer_ecdh_tmp != NULL) { - EC_KEY_free(sc->peer_ecdh_tmp); - } + DH_free(sc->peer_dh_tmp); + EC_KEY_free(sc->peer_ecdh_tmp); OPENSSL_free(sc); } @@ -524,7 +449,7 @@ int ssl_set_peer_cert_type(SESS_CERT *sc, int type) { return 1; } -int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) * sk) { +int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) { X509 *x; int i; X509_STORE *verify_store; @@ -571,18 +496,15 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) * sk) { return i; } -static void set_client_CA_list(STACK_OF(X509_NAME) * *ca_list, - STACK_OF(X509_NAME) * name_list) { - if (*ca_list != NULL) { - sk_X509_NAME_pop_free(*ca_list, X509_NAME_free); - } - +static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list, + STACK_OF(X509_NAME) *name_list) { + sk_X509_NAME_pop_free(*ca_list, X509_NAME_free); *ca_list = name_list; } -STACK_OF(X509_NAME) * SSL_dup_CA_list(STACK_OF(X509_NAME) * sk) { +STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk) { size_t i; - STACK_OF(X509_NAME) * ret; + STACK_OF(X509_NAME) *ret; X509_NAME *name; ret = sk_X509_NAME_new_null(); @@ -597,19 +519,19 @@ STACK_OF(X509_NAME) * SSL_dup_CA_list(STACK_OF(X509_NAME) * sk) { return ret; } -void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) * name_list) { +void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list) { set_client_CA_list(&(s->client_CA), name_list); } -void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) * name_list) { +void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list) { set_client_CA_list(&(ctx->client_CA), name_list); } -STACK_OF(X509_NAME) * SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) { +STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) { return ctx->client_CA; } -STACK_OF(X509_NAME) * SSL_get_client_CA_list(const SSL *s) { +STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s) { if (s->server) { if (s->client_CA != NULL) { return s->client_CA; @@ -625,7 +547,7 @@ STACK_OF(X509_NAME) * SSL_get_client_CA_list(const SSL *s) { } } -static int add_client_CA(STACK_OF(X509_NAME) * *sk, X509 *x) { +static int add_client_CA(STACK_OF(X509_NAME) **sk, X509 *x) { X509_NAME *name; if (x == NULL) { @@ -670,7 +592,7 @@ static int xname_cmp(const X509_NAME **a, const X509_NAME **b) { * * \param file the file containing one or more certs. * \return a ::STACK containing the certs. */ -STACK_OF(X509_NAME) * SSL_load_client_CA_file(const char *file) { +STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) { BIO *in; X509 *x = NULL; X509_NAME *xn = NULL; @@ -719,21 +641,13 @@ STACK_OF(X509_NAME) * SSL_load_client_CA_file(const char *file) { if (0) { err: - if (ret != NULL) { - sk_X509_NAME_pop_free(ret, X509_NAME_free); - } + sk_X509_NAME_pop_free(ret, X509_NAME_free); ret = NULL; } - if (sk != NULL) { - sk_X509_NAME_free(sk); - } - if (in != NULL) { - BIO_free(in); - } - if (x != NULL) { - X509_free(x); - } + sk_X509_NAME_free(sk); + BIO_free(in); + X509_free(x); if (ret != NULL) { ERR_clear_error(); } @@ -747,7 +661,7 @@ STACK_OF(X509_NAME) * SSL_load_client_CA_file(const char *file) { * already in the stack will be added. * \return 1 for success, 0 for failure. Note that in the case of failure some * certs may have been added to \c stack. */ -int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) * stack, +int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, const char *file) { BIO *in; X509 *x = NULL; @@ -794,12 +708,8 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) * stack, ret = 0; } - if (in != NULL) { - BIO_free(in); - } - if (x != NULL) { - X509_free(x); - } + BIO_free(in); + X509_free(x); (void) sk_X509_NAME_set_cmp_func(stack, oldcmp); @@ -815,7 +725,7 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) * stack, * be included. * \return 1 for success, 0 for failure. Note that in the case of failure some * certs may have been added to \c stack. */ -int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) * stack, +int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, const char *dir) { OPENSSL_DIR_CTX *d = NULL; const char *filename; @@ -842,7 +752,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) * stack, } if (errno) { - OPENSSL_PUT_ERROR(SSL, SSL_add_file_cert_subjects_to_stack, ERR_R_SYS_LIB); + OPENSSL_PUT_ERROR(SSL, SSL_add_dir_cert_subjects_to_stack, ERR_R_SYS_LIB); ERR_add_error_data(3, "OPENSSL_DIR_read(&ctx, '", dir, "')"); goto err; } @@ -881,12 +791,13 @@ int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l) { int no_chain = 0; size_t i; - X509 *x = NULL; - STACK_OF(X509) * extra_certs; + X509 *x = cpk->x509; + STACK_OF(X509) *extra_certs; X509_STORE *chain_store; - if (cpk) { - x = cpk->x509; + if (x == NULL) { + OPENSSL_PUT_ERROR(SSL, ssl_add_cert_chain, SSL_R_NO_CERTIFICATE_SET); + return 0; } if (s->cert->chain_store) { @@ -906,44 +817,36 @@ int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l) { no_chain = 1; } - /* TLSv1 sends a chain with nothing in it, instead of an alert. */ - if (!BUF_MEM_grow_clean(buf, 10)) { - OPENSSL_PUT_ERROR(SSL, ssl_add_cert_chain, ERR_R_BUF_LIB); - return 0; - } + if (no_chain) { + if (!ssl_add_cert_to_buf(buf, l, x)) { + return 0; + } - if (x != NULL) { - if (no_chain) { + for (i = 0; i < sk_X509_num(extra_certs); i++) { + x = sk_X509_value(extra_certs, i); if (!ssl_add_cert_to_buf(buf, l, x)) { return 0; } - } else { - X509_STORE_CTX xs_ctx; - - if (!X509_STORE_CTX_init(&xs_ctx, chain_store, x, NULL)) { - OPENSSL_PUT_ERROR(SSL, ssl_add_cert_chain, ERR_R_X509_LIB); - return 0; - } - X509_verify_cert(&xs_ctx); - /* Don't leave errors in the queue */ - ERR_clear_error(); - for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) { - x = sk_X509_value(xs_ctx.chain, i); - - if (!ssl_add_cert_to_buf(buf, l, x)) { - X509_STORE_CTX_cleanup(&xs_ctx); - return 0; - } - } - X509_STORE_CTX_cleanup(&xs_ctx); } - } + } else { + X509_STORE_CTX xs_ctx; - for (i = 0; i < sk_X509_num(extra_certs); i++) { - x = sk_X509_value(extra_certs, i); - if (!ssl_add_cert_to_buf(buf, l, x)) { + if (!X509_STORE_CTX_init(&xs_ctx, chain_store, x, NULL)) { + OPENSSL_PUT_ERROR(SSL, ssl_add_cert_chain, ERR_R_X509_LIB); return 0; } + X509_verify_cert(&xs_ctx); + /* Don't leave errors in the queue */ + ERR_clear_error(); + for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) { + x = sk_X509_value(xs_ctx.chain, i); + + if (!ssl_add_cert_to_buf(buf, l, x)) { + X509_STORE_CTX_cleanup(&xs_ctx); + return 0; + } + } + X509_STORE_CTX_cleanup(&xs_ctx); } return 1; @@ -956,7 +859,7 @@ int ssl_build_cert_chain(CERT *c, X509_STORE *chain_store, int flags) { STACK_OF(X509) *chain = NULL, *untrusted = NULL; X509 *x; int i, rv = 0; - unsigned long error; + uint32_t error; if (!cpk->x509) { OPENSSL_PUT_ERROR(SSL, ssl_build_cert_chain, SSL_R_NO_CERTIFICATE_SET); @@ -1050,8 +953,9 @@ int ssl_build_cert_chain(CERT *c, X509_STORE *chain_store, int flags) { } cpk->chain = chain; - if (rv == 0) + if (rv == 0) { rv = 1; + } err: if (flags & SSL_BUILD_CHAIN_FLAG_CHECK) { @@ -1069,9 +973,7 @@ int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref) { pstore = &c->verify_store; } - if (*pstore) { - X509_STORE_free(*pstore); - } + X509_STORE_free(*pstore); *pstore = store; if (ref && store) { diff --git a/src/ssl/ssl_ciph.c b/src/ssl/ssl_ciph.c deleted file mode 100644 index 60b9747..0000000 --- a/src/ssl/ssl_ciph.c +++ /dev/null @@ -1,1421 +0,0 @@ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECC cipher suite support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. */ - -#include -#include - -#include -#include -#include -#include -#include - -#include "ssl_locl.h" - - -struct handshake_digest { - long mask; - const EVP_MD *(*md_func)(void); -}; - -static const struct handshake_digest ssl_handshake_digests[SSL_MAX_DIGEST] = { - {SSL_HANDSHAKE_MAC_MD5, EVP_md5}, - {SSL_HANDSHAKE_MAC_SHA, EVP_sha1}, - {SSL_HANDSHAKE_MAC_SHA256, EVP_sha256}, - {SSL_HANDSHAKE_MAC_SHA384, EVP_sha384}, -}; - -#define CIPHER_ADD 1 -#define CIPHER_KILL 2 -#define CIPHER_DEL 3 -#define CIPHER_ORD 4 -#define CIPHER_SPECIAL 5 - -typedef struct cipher_order_st { - const SSL_CIPHER *cipher; - int active; - int dead; - int in_group; - struct cipher_order_st *next, *prev; -} CIPHER_ORDER; - -static const SSL_CIPHER cipher_aliases[] = - { - {0, SSL_TXT_ALL, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, - - /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in - ALL!) */ - {0, SSL_TXT_CMPDEF, 0, SSL_kEDH | SSL_kEECDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, - 0}, - - /* key exchange aliases - * (some of those using only a single bit here combine - * multiple key exchange algs according to the RFCs, - * e.g. kEDH combines DHE_DSS and DHE_RSA) */ - {0, SSL_TXT_kRSA, 0, SSL_kRSA, 0, 0, 0, 0, 0, 0, 0, 0}, - - {0, SSL_TXT_kEDH, 0, SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_DH, 0, SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0}, - - {0, SSL_TXT_kEECDH, 0, SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_ECDH, 0, SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0}, - - {0, SSL_TXT_kPSK, 0, SSL_kPSK, 0, 0, 0, 0, 0, 0, 0, 0}, - - /* server authentication aliases */ - {0, SSL_TXT_aRSA, 0, 0, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_aNULL, 0, 0, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_aPSK, 0, 0, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0}, - - /* aliases combining key exchange and server authentication */ - {0, SSL_TXT_EDH, 0, SSL_kEDH, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_EECDH, 0, SSL_kEECDH, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_ADH, 0, SSL_kEDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_AECDH, 0, SSL_kEECDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_PSK, 0, SSL_kPSK, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0}, - - /* symmetric encryption aliases */ - {0, SSL_TXT_3DES, 0, 0, 0, SSL_3DES, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_RC4, 0, 0, 0, SSL_RC4, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_AES128, 0, 0, 0, SSL_AES128 | SSL_AES128GCM, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_AES256, 0, 0, 0, SSL_AES256 | SSL_AES256GCM, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_AES, 0, 0, 0, SSL_AES, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM, 0, 0, 0, 0, 0, - 0}, - {0, SSL_TXT_CHACHA20, 0, 0, 0, SSL_CHACHA20POLY1305, 0, 0, 0, 0, 0, 0}, - - /* MAC aliases */ - {0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5, 0, 0, 0, 0, 0}, - {0, SSL_TXT_SHA1, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0}, - {0, SSL_TXT_SHA, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0}, - {0, SSL_TXT_SHA256, 0, 0, 0, 0, SSL_SHA256, 0, 0, 0, 0, 0}, - {0, SSL_TXT_SHA384, 0, 0, 0, 0, SSL_SHA384, 0, 0, 0, 0, 0}, - - /* protocol version aliases */ - {0, SSL_TXT_SSLV3, 0, 0, 0, 0, 0, SSL_SSLV3, 0, 0, 0, 0}, - {0, SSL_TXT_TLSV1, 0, 0, 0, 0, 0, SSL_TLSV1, 0, 0, 0, 0}, - {0, SSL_TXT_TLSV1_2, 0, 0, 0, 0, 0, SSL_TLSV1_2, 0, 0, 0, 0}, - - /* strength classes */ - {0, SSL_TXT_MEDIUM, 0, 0, 0, 0, 0, 0, SSL_MEDIUM, 0, 0, 0}, - {0, SSL_TXT_HIGH, 0, 0, 0, 0, 0, 0, SSL_HIGH, 0, 0, 0}, - /* FIPS 140-2 approved ciphersuite */ - {0, SSL_TXT_FIPS, 0, 0, 0, 0, 0, 0, SSL_FIPS, 0, 0, 0}, -}; - -int ssl_cipher_get_evp_aead(const EVP_AEAD **out_aead, - size_t *out_mac_secret_len, - size_t *out_fixed_iv_len, - const SSL_CIPHER *cipher, uint16_t version) { - *out_aead = NULL; - *out_mac_secret_len = 0; - *out_fixed_iv_len = 0; - - switch (cipher->algorithm_enc) { - case SSL_AES128GCM: - *out_aead = EVP_aead_aes_128_gcm(); - *out_fixed_iv_len = 4; - return 1; - - case SSL_AES256GCM: - *out_aead = EVP_aead_aes_256_gcm(); - *out_fixed_iv_len = 4; - return 1; - - case SSL_CHACHA20POLY1305: - *out_aead = EVP_aead_chacha20_poly1305(); - *out_fixed_iv_len = 0; - return 1; - - case SSL_RC4: - switch (cipher->algorithm_mac) { - case SSL_MD5: - if (version == SSL3_VERSION) { - *out_aead = EVP_aead_rc4_md5_ssl3(); - } else { - *out_aead = EVP_aead_rc4_md5_tls(); - } - *out_mac_secret_len = MD5_DIGEST_LENGTH; - return 1; - case SSL_SHA1: - if (version == SSL3_VERSION) { - *out_aead = EVP_aead_rc4_sha1_ssl3(); - } else { - *out_aead = EVP_aead_rc4_sha1_tls(); - } - *out_mac_secret_len = SHA_DIGEST_LENGTH; - return 1; - default: - return 0; - } - - case SSL_AES128: - switch (cipher->algorithm_mac) { - case SSL_SHA1: - if (version == SSL3_VERSION) { - *out_aead = EVP_aead_aes_128_cbc_sha1_ssl3(); - *out_fixed_iv_len = 16; - } else if (version == TLS1_VERSION) { - *out_aead = EVP_aead_aes_128_cbc_sha1_tls_implicit_iv(); - *out_fixed_iv_len = 16; - } else { - *out_aead = EVP_aead_aes_128_cbc_sha1_tls(); - } - *out_mac_secret_len = SHA_DIGEST_LENGTH; - return 1; - case SSL_SHA256: - *out_aead = EVP_aead_aes_128_cbc_sha256_tls(); - *out_mac_secret_len = SHA256_DIGEST_LENGTH; - return 1; - default: - return 0; - } - - case SSL_AES256: - switch (cipher->algorithm_mac) { - case SSL_SHA1: - if (version == SSL3_VERSION) { - *out_aead = EVP_aead_aes_256_cbc_sha1_ssl3(); - *out_fixed_iv_len = 16; - } else if (version == TLS1_VERSION) { - *out_aead = EVP_aead_aes_256_cbc_sha1_tls_implicit_iv(); - *out_fixed_iv_len = 16; - } else { - *out_aead = EVP_aead_aes_256_cbc_sha1_tls(); - } - *out_mac_secret_len = SHA_DIGEST_LENGTH; - return 1; - case SSL_SHA256: - *out_aead = EVP_aead_aes_256_cbc_sha256_tls(); - *out_mac_secret_len = SHA256_DIGEST_LENGTH; - return 1; - case SSL_SHA384: - *out_aead = EVP_aead_aes_256_cbc_sha384_tls(); - *out_mac_secret_len = SHA384_DIGEST_LENGTH; - return 1; - default: - return 0; - } - - case SSL_3DES: - switch (cipher->algorithm_mac) { - case SSL_SHA1: - if (version == SSL3_VERSION) { - *out_aead = EVP_aead_des_ede3_cbc_sha1_ssl3(); - *out_fixed_iv_len = 8; - } else if (version == TLS1_VERSION) { - *out_aead = EVP_aead_des_ede3_cbc_sha1_tls_implicit_iv(); - *out_fixed_iv_len = 8; - } else { - *out_aead = EVP_aead_des_ede3_cbc_sha1_tls(); - } - *out_mac_secret_len = SHA_DIGEST_LENGTH; - return 1; - default: - return 0; - } - - default: - return 0; - } -} - -int ssl_get_handshake_digest(size_t idx, long *mask, const EVP_MD **md) { - if (idx >= SSL_MAX_DIGEST) { - return 0; - } - *mask = ssl_handshake_digests[idx].mask; - *md = ssl_handshake_digests[idx].md_func(); - return 1; -} - -#define ITEM_SEP(a) \ - (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) - -static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr, - CIPHER_ORDER **tail) { - if (curr == *tail) { - return; - } - if (curr == *head) { - *head = curr->next; - } - if (curr->prev != NULL) { - curr->prev->next = curr->next; - } - if (curr->next != NULL) { - curr->next->prev = curr->prev; - } - (*tail)->next = curr; - curr->prev = *tail; - curr->next = NULL; - *tail = curr; -} - -static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr, - CIPHER_ORDER **tail) { - if (curr == *head) { - return; - } - if (curr == *tail) { - *tail = curr->prev; - } - if (curr->next != NULL) { - curr->next->prev = curr->prev; - } - if (curr->prev != NULL) { - curr->prev->next = curr->next; - } - (*head)->prev = curr; - curr->next = *head; - curr->prev = NULL; - *head = curr; -} - -static void ssl_cipher_collect_ciphers(const SSL_PROTOCOL_METHOD *ssl_method, - int num_of_ciphers, - CIPHER_ORDER *co_list, - CIPHER_ORDER **head_p, - CIPHER_ORDER **tail_p) { - int i, co_list_num; - const SSL_CIPHER *c; - - /* We have num_of_ciphers descriptions compiled in, depending on the method - * selected (SSLv2 and/or SSLv3, TLSv1 etc). These will later be sorted in a - * linked list with at most num entries. */ - - /* Get the initial list of ciphers */ - co_list_num = 0; /* actual count of ciphers */ - for (i = 0; i < num_of_ciphers; i++) { - c = ssl_method->get_cipher(i); - /* drop those that use any of that is not available */ - if (c != NULL && c->valid) { - co_list[co_list_num].cipher = c; - co_list[co_list_num].next = NULL; - co_list[co_list_num].prev = NULL; - co_list[co_list_num].active = 0; - co_list[co_list_num].in_group = 0; - co_list_num++; - } - } - - /* Prepare linked list from list entries. */ - if (co_list_num > 0) { - co_list[0].prev = NULL; - - if (co_list_num > 1) { - co_list[0].next = &co_list[1]; - - for (i = 1; i < co_list_num - 1; i++) { - co_list[i].prev = &co_list[i - 1]; - co_list[i].next = &co_list[i + 1]; - } - - co_list[co_list_num - 1].prev = &co_list[co_list_num - 2]; - } - - co_list[co_list_num - 1].next = NULL; - - *head_p = &co_list[0]; - *tail_p = &co_list[co_list_num - 1]; - } -} - -static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, - int num_of_group_aliases, - CIPHER_ORDER *head) { - CIPHER_ORDER *ciph_curr; - const SSL_CIPHER **ca_curr; - int i; - - /* First, add the real ciphers as already collected. */ - ciph_curr = head; - ca_curr = ca_list; - while (ciph_curr != NULL) { - *ca_curr = ciph_curr->cipher; - ca_curr++; - ciph_curr = ciph_curr->next; - } - - /* Now we add the available ones from the cipher_aliases[] table. They - * represent either one or more algorithms, some of which in any affected - * category must be supported (set in enabled_mask), or represent a cipher - * strength value (will be added in any case because algorithms=0). */ - for (i = 0; i < num_of_group_aliases; i++) { - *ca_curr = cipher_aliases + i; - ca_curr++; - } - - *ca_curr = NULL; /* end of list */ -} - -static void ssl_cipher_apply_rule( - unsigned long cipher_id, unsigned long alg_mkey, unsigned long alg_auth, - unsigned long alg_enc, unsigned long alg_mac, unsigned long alg_ssl, - unsigned long algo_strength, int rule, int strength_bits, int in_group, - CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) { - CIPHER_ORDER *head, *tail, *curr, *next, *last; - const SSL_CIPHER *cp; - int reverse = 0; - - if (rule == CIPHER_DEL) { - /* needed to maintain sorting between currently deleted ciphers */ - reverse = 1; - } - - head = *head_p; - tail = *tail_p; - - if (reverse) { - next = tail; - last = head; - } else { - next = head; - last = tail; - } - - curr = NULL; - for (;;) { - if (curr == last) { - break; - } - - curr = next; - if (curr == NULL) { - break; - } - - next = reverse ? curr->prev : curr->next; - cp = curr->cipher; - - /* Selection criteria is either the value of strength_bits - * or the algorithms used. */ - if (strength_bits >= 0) { - if (strength_bits != cp->strength_bits) { - continue; - } - } else { - if ((alg_mkey && !(alg_mkey & cp->algorithm_mkey)) || - (alg_auth && !(alg_auth & cp->algorithm_auth)) || - (alg_enc && !(alg_enc & cp->algorithm_enc)) || - (alg_mac && !(alg_mac & cp->algorithm_mac)) || - (alg_ssl && !(alg_ssl & cp->algorithm_ssl)) || - (algo_strength && !(algo_strength & cp->algo_strength))) { - continue; - } - } - - /* add the cipher if it has not been added yet. */ - if (rule == CIPHER_ADD) { - /* reverse == 0 */ - if (!curr->active) { - ll_append_tail(&head, curr, &tail); - curr->active = 1; - curr->in_group = in_group; - } - } - - /* Move the added cipher to this location */ - else if (rule == CIPHER_ORD) { - /* reverse == 0 */ - if (curr->active) { - ll_append_tail(&head, curr, &tail); - curr->in_group = 0; - } - } else if (rule == CIPHER_DEL) { - /* reverse == 1 */ - if (curr->active) { - /* most recently deleted ciphersuites get best positions - * for any future CIPHER_ADD (note that the CIPHER_DEL loop - * works in reverse to maintain the order) */ - ll_append_head(&head, curr, &tail); - curr->active = 0; - curr->in_group = 0; - } - } else if (rule == CIPHER_KILL) { - /* reverse == 0 */ - if (head == curr) { - head = curr->next; - } else { - curr->prev->next = curr->next; - } - - if (tail == curr) { - tail = curr->prev; - } - curr->active = 0; - if (curr->next != NULL) { - curr->next->prev = curr->prev; - } - if (curr->prev != NULL) { - curr->prev->next = curr->next; - } - curr->next = NULL; - curr->prev = NULL; - } - } - - *head_p = head; - *tail_p = tail; -} - -static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, - CIPHER_ORDER **tail_p) { - int max_strength_bits, i, *number_uses; - CIPHER_ORDER *curr; - - /* This routine sorts the ciphers with descending strength. The sorting must - * keep the pre-sorted sequence, so we apply the normal sorting routine as - * '+' movement to the end of the list. */ - max_strength_bits = 0; - curr = *head_p; - while (curr != NULL) { - if (curr->active && curr->cipher->strength_bits > max_strength_bits) { - max_strength_bits = curr->cipher->strength_bits; - } - curr = curr->next; - } - - number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int)); - if (!number_uses) { - OPENSSL_PUT_ERROR(SSL, ssl_cipher_strength_sort, ERR_R_MALLOC_FAILURE); - return 0; - } - memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int)); - - /* Now find the strength_bits values actually used. */ - curr = *head_p; - while (curr != NULL) { - if (curr->active) { - number_uses[curr->cipher->strength_bits]++; - } - curr = curr->next; - } - - /* Go through the list of used strength_bits values in descending order. */ - for (i = max_strength_bits; i >= 0; i--) { - if (number_uses[i] > 0) { - ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, 0, head_p, - tail_p); - } - } - - OPENSSL_free(number_uses); - return 1; -} - -static int ssl_cipher_process_rulestr(const char *rule_str, - CIPHER_ORDER **head_p, - CIPHER_ORDER **tail_p, - const SSL_CIPHER **ca_list) { - unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength; - const char *l, *buf; - int j, multi, found, rule, retval, ok, buflen, in_group = 0, has_group = 0; - unsigned long cipher_id = 0; - char ch; - - retval = 1; - l = rule_str; - for (;;) { - ch = *l; - - if (ch == '\0') { - break; /* done */ - } - - if (in_group) { - if (ch == ']') { - if (!in_group) { - OPENSSL_PUT_ERROR(SSL, ssl_cipher_process_rulestr, - SSL_R_UNEXPECTED_GROUP_CLOSE); - retval = found = in_group = 0; - break; - } - if (*tail_p) { - (*tail_p)->in_group = 0; - } - in_group = 0; - l++; - continue; - } - - if (ch == '|') { - rule = CIPHER_ADD; - l++; - continue; - } else if (!(ch >= 'a' && ch <= 'z') && !(ch >= 'A' && ch <= 'Z') && - !(ch >= '0' && ch <= '9')) { - OPENSSL_PUT_ERROR(SSL, ssl_cipher_process_rulestr, - SSL_R_UNEXPECTED_OPERATOR_IN_GROUP); - retval = found = in_group = 0; - break; - } else { - rule = CIPHER_ADD; - } - } else if (ch == '-') { - rule = CIPHER_DEL; - l++; - } else if (ch == '+') { - rule = CIPHER_ORD; - l++; - } else if (ch == '!') { - rule = CIPHER_KILL; - l++; - } else if (ch == '@') { - rule = CIPHER_SPECIAL; - l++; - } else if (ch == '[') { - if (in_group) { - OPENSSL_PUT_ERROR(SSL, ssl_cipher_process_rulestr, SSL_R_NESTED_GROUP); - retval = found = in_group = 0; - break; - } - in_group = 1; - has_group = 1; - l++; - continue; - } else { - rule = CIPHER_ADD; - } - - /* If preference groups are enabled, the only legal operator is +. - * Otherwise the in_group bits will get mixed up. */ - if (has_group && rule != CIPHER_ADD) { - OPENSSL_PUT_ERROR(SSL, ssl_cipher_process_rulestr, - SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS); - retval = found = in_group = 0; - break; - } - - if (ITEM_SEP(ch)) { - l++; - continue; - } - - alg_mkey = 0; - alg_auth = 0; - alg_enc = 0; - alg_mac = 0; - alg_ssl = 0; - algo_strength = 0; - - for (;;) { - ch = *l; - buf = l; - buflen = 0; - while (((ch >= 'A') && (ch <= 'Z')) || ((ch >= '0') && (ch <= '9')) || - ((ch >= 'a') && (ch <= 'z')) || (ch == '-') || (ch == '.')) { - ch = *(++l); - buflen++; - } - - if (buflen == 0) { - /* We hit something we cannot deal with, it is no command or separator - * nor alphanumeric, so we call this an error. */ - OPENSSL_PUT_ERROR(SSL, ssl_cipher_process_rulestr, - SSL_R_INVALID_COMMAND); - retval = found = in_group = 0; - l++; - break; - } - - if (rule == CIPHER_SPECIAL) { - found = 0; /* unused -- avoid compiler warning */ - break; /* special treatment */ - } - - /* check for multi-part specification */ - if (ch == '+') { - multi = 1; - l++; - } else { - multi = 0; - } - - /* Now search for the cipher alias in the ca_list. Be careful with the - * strncmp, because the "buflen" limitation will make the rule "ADH:SOME" - * and the cipher "ADH-MY-CIPHER" look like a match for buflen=3. So - * additionally check whether the cipher name found has the correct - * length. We can save a strlen() call: just checking for the '\0' at the - * right place is sufficient, we have to strncmp() anyway. (We cannot use - * strcmp(), because buf is not '\0' terminated.) */ - j = found = 0; - cipher_id = 0; - while (ca_list[j]) { - if (!strncmp(buf, ca_list[j]->name, buflen) && - (ca_list[j]->name[buflen] == '\0')) { - found = 1; - break; - } else { - j++; - } - } - - if (!found) { - break; /* ignore this entry */ - } - - if (ca_list[j]->algorithm_mkey) { - if (alg_mkey) { - alg_mkey &= ca_list[j]->algorithm_mkey; - if (!alg_mkey) { - found = 0; - break; - } - } else { - alg_mkey = ca_list[j]->algorithm_mkey; - } - } - - if (ca_list[j]->algorithm_auth) { - if (alg_auth) { - alg_auth &= ca_list[j]->algorithm_auth; - if (!alg_auth) { - found = 0; - break; - } - } else { - alg_auth = ca_list[j]->algorithm_auth; - } - } - - if (ca_list[j]->algorithm_enc) { - if (alg_enc) { - alg_enc &= ca_list[j]->algorithm_enc; - if (!alg_enc) { - found = 0; - break; - } - } else { - alg_enc = ca_list[j]->algorithm_enc; - } - } - - if (ca_list[j]->algorithm_mac) { - if (alg_mac) { - alg_mac &= ca_list[j]->algorithm_mac; - if (!alg_mac) { - found = 0; - break; - } - } else { - alg_mac = ca_list[j]->algorithm_mac; - } - } - - if (ca_list[j]->algo_strength) { - if (algo_strength) { - algo_strength &= ca_list[j]->algo_strength; - if (!algo_strength) { - found = 0; - break; - } - } else { - algo_strength |= ca_list[j]->algo_strength; - } - } - - if (ca_list[j]->valid) { - /* explicit ciphersuite found; its protocol version does not become - * part of the search pattern! */ - cipher_id = ca_list[j]->id; - } else { - /* not an explicit ciphersuite; only in this case, the protocol version - * is considered part of the search pattern. */ - if (ca_list[j]->algorithm_ssl) { - if (alg_ssl) { - alg_ssl &= ca_list[j]->algorithm_ssl; - if (!alg_ssl) { - found = 0; - break; - } - } else { - alg_ssl = ca_list[j]->algorithm_ssl; - } - } - } - - if (!multi) { - break; - } - } - - /* Ok, we have the rule, now apply it. */ - if (rule == CIPHER_SPECIAL) { - /* special command */ - ok = 0; - if (buflen == 8 && !strncmp(buf, "STRENGTH", 8)) { - ok = ssl_cipher_strength_sort(head_p, tail_p); - } else { - OPENSSL_PUT_ERROR(SSL, ssl_cipher_process_rulestr, - SSL_R_INVALID_COMMAND); - } - - if (ok == 0) { - retval = 0; - } - - /* We do not support any "multi" options together with "@", so throw away - * the rest of the command, if any left, until end or ':' is found. */ - while (*l != '\0' && !ITEM_SEP(*l)) { - l++; - } - } else if (found) { - ssl_cipher_apply_rule(cipher_id, alg_mkey, alg_auth, alg_enc, alg_mac, - alg_ssl, algo_strength, rule, -1, in_group, head_p, - tail_p); - } else { - while (*l != '\0' && !ITEM_SEP(*l)) { - l++; - } - } - } - - if (in_group) { - OPENSSL_PUT_ERROR(SSL, ssl_cipher_process_rulestr, SSL_R_INVALID_COMMAND); - retval = 0; - } - - return retval; -} - -STACK_OF(SSL_CIPHER) * -ssl_create_cipher_list(const SSL_PROTOCOL_METHOD *ssl_method, - struct ssl_cipher_preference_list_st **cipher_list, - STACK_OF(SSL_CIPHER) * *cipher_list_by_id, - const char *rule_str, CERT *c) { - int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; - STACK_OF(SSL_CIPHER) *cipherstack = NULL, *tmp_cipher_list = NULL; - const char *rule_p; - CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; - const SSL_CIPHER **ca_list = NULL; - uint8_t *in_group_flags = NULL; - unsigned int num_in_group_flags = 0; - struct ssl_cipher_preference_list_st *pref_list = NULL; - - /* Return with error if nothing to do. */ - if (rule_str == NULL || cipher_list == NULL) { - return NULL; - } - - /* Now we have to collect the available ciphers from the compiled in ciphers. - * We cannot get more than the number compiled in, so it is used for - * allocation. */ - num_of_ciphers = ssl_method->num_ciphers(); - co_list = - (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); - if (co_list == NULL) { - OPENSSL_PUT_ERROR(SSL, ssl_create_cipher_list, ERR_R_MALLOC_FAILURE); - return NULL; - } - - ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, co_list, &head, &tail); - - /* Now arrange all ciphers by preference: - * TODO(davidben): Compute this order once and copy it. */ - - /* Everything else being equal, prefer ECDHE_ECDSA then ECDHE_RSA over other - * key exchange mechanisms */ - ssl_cipher_apply_rule(0, SSL_kEECDH, SSL_aECDSA, 0, 0, 0, 0, CIPHER_ADD, -1, - 0, &head, &tail); - ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, 0, &head, - &tail); - ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, 0, &head, - &tail); - - /* Order the bulk ciphers. First the preferred AEAD ciphers. We prefer - * CHACHA20 unless there is hardware support for fast and constant-time - * AES_GCM. */ - if (EVP_has_aes_hardware()) { - ssl_cipher_apply_rule(0, 0, 0, SSL_AES256GCM, 0, 0, 0, CIPHER_ADD, -1, 0, - &head, &tail); - ssl_cipher_apply_rule(0, 0, 0, SSL_AES128GCM, 0, 0, 0, CIPHER_ADD, -1, 0, - &head, &tail); - ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, 0, 0, 0, CIPHER_ADD, - -1, 0, &head, &tail); - } else { - ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, 0, 0, 0, CIPHER_ADD, - -1, 0, &head, &tail); - ssl_cipher_apply_rule(0, 0, 0, SSL_AES256GCM, 0, 0, 0, CIPHER_ADD, -1, 0, - &head, &tail); - ssl_cipher_apply_rule(0, 0, 0, SSL_AES128GCM, 0, 0, 0, CIPHER_ADD, -1, 0, - &head, &tail); - } - - /* Then the legacy non-AEAD ciphers: AES_256_CBC, AES-128_CBC, RC4_128_SHA, - * RC4_128_MD5, 3DES_EDE_CBC_SHA. */ - ssl_cipher_apply_rule(0, 0, 0, SSL_AES256, 0, 0, 0, CIPHER_ADD, -1, 0, &head, - &tail); - ssl_cipher_apply_rule(0, 0, 0, SSL_AES128, 0, 0, 0, CIPHER_ADD, -1, 0, &head, - &tail); - ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, ~SSL_MD5, 0, 0, CIPHER_ADD, -1, 0, - &head, &tail); - ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, SSL_MD5, 0, 0, CIPHER_ADD, -1, 0, - &head, &tail); - ssl_cipher_apply_rule(0, 0, 0, SSL_3DES, 0, 0, 0, CIPHER_ADD, -1, 0, &head, - &tail); - - /* Temporarily enable everything else for sorting */ - ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, 0, &head, &tail); - - /* Move ciphers without forward secrecy to the end. */ - ssl_cipher_apply_rule(0, ~(SSL_kEDH | SSL_kEECDH), 0, 0, 0, 0, 0, CIPHER_ORD, - -1, 0, &head, &tail); - - /* Move anonymous ciphers to the end. Usually, these will remain disabled. - * (For applications that allow them, they aren't too bad, but we prefer - * authenticated ciphers.) - * TODO(davidben): Remove them altogether? */ - ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, 0, &head, - &tail); - - /* Now disable everything (maintaining the ordering!) */ - ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, 0, &head, &tail); - - /* We also need cipher aliases for selecting based on the rule_str. There - * might be two types of entries in the rule_str: 1) names of ciphers - * themselves 2) aliases for groups of ciphers. For 1) we need the available - * ciphers and for 2) the cipher groups of cipher_aliases added together in - * one list (otherwise we would be happy with just the cipher_aliases - * table). */ - num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER); - num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; - ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); - if (ca_list == NULL) { - OPENSSL_PUT_ERROR(SSL, ssl_create_cipher_list, ERR_R_MALLOC_FAILURE); - goto err; - } - ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, head); - - /* If the rule_string begins with DEFAULT, apply the default rule before - * using the (possibly available) additional rules. */ - ok = 1; - rule_p = rule_str; - if (strncmp(rule_str, "DEFAULT", 7) == 0) { - ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, &head, &tail, - ca_list); - rule_p += 7; - if (*rule_p == ':') { - rule_p++; - } - } - - if (ok && strlen(rule_p) > 0) { - ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list); - } - - OPENSSL_free((void *)ca_list); /* Not needed anymore */ - - if (!ok) { - goto err; - } - - /* Allocate new "cipherstack" for the result, return with error - * if we cannot get one. */ - cipherstack = sk_SSL_CIPHER_new_null(); - if (cipherstack == NULL) { - goto err; - } - - in_group_flags = OPENSSL_malloc(num_of_ciphers); - if (!in_group_flags) { - goto err; - } - - /* The cipher selection for the list is done. The ciphers are added - * to the resulting precedence to the STACK_OF(SSL_CIPHER). */ - for (curr = head; curr != NULL; curr = curr->next) { - if (curr->active) { - if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) { - goto err; - } - in_group_flags[num_in_group_flags++] = curr->in_group; - } - } - OPENSSL_free(co_list); /* Not needed any longer */ - co_list = NULL; - - tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack); - if (tmp_cipher_list == NULL) { - goto err; - } - pref_list = OPENSSL_malloc(sizeof(struct ssl_cipher_preference_list_st)); - if (!pref_list) { - goto err; - } - pref_list->ciphers = cipherstack; - pref_list->in_group_flags = OPENSSL_malloc(num_in_group_flags); - if (!pref_list->in_group_flags) { - goto err; - } - memcpy(pref_list->in_group_flags, in_group_flags, num_in_group_flags); - OPENSSL_free(in_group_flags); - in_group_flags = NULL; - if (*cipher_list != NULL) { - ssl_cipher_preference_list_free(*cipher_list); - } - *cipher_list = pref_list; - pref_list = NULL; - - if (cipher_list_by_id != NULL) { - if (*cipher_list_by_id != NULL) { - sk_SSL_CIPHER_free(*cipher_list_by_id); - } - *cipher_list_by_id = tmp_cipher_list; - tmp_cipher_list = NULL; - (void) sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, ssl_cipher_ptr_id_cmp); - - sk_SSL_CIPHER_sort(*cipher_list_by_id); - } else { - sk_SSL_CIPHER_free(tmp_cipher_list); - tmp_cipher_list = NULL; - } - - return cipherstack; - -err: - if (co_list) { - OPENSSL_free(co_list); - } - if (in_group_flags) { - OPENSSL_free(in_group_flags); - } - if (cipherstack) { - sk_SSL_CIPHER_free(cipherstack); - } - if (tmp_cipher_list) { - sk_SSL_CIPHER_free(tmp_cipher_list); - } - if (pref_list && pref_list->in_group_flags) { - OPENSSL_free(pref_list->in_group_flags); - } - if (pref_list) { - OPENSSL_free(pref_list); - } - return NULL; -} - -const char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, - int len) { - const char *ver; - const char *kx, *au, *enc, *mac; - unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl; - static const char *format = "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n"; - - alg_mkey = cipher->algorithm_mkey; - alg_auth = cipher->algorithm_auth; - alg_enc = cipher->algorithm_enc; - alg_mac = cipher->algorithm_mac; - alg_ssl = cipher->algorithm_ssl; - - if (alg_ssl & SSL_SSLV3) { - ver = "SSLv3"; - } else if (alg_ssl & SSL_TLSV1_2) { - ver = "TLSv1.2"; - } else { - ver = "unknown"; - } - - switch (alg_mkey) { - case SSL_kRSA: - kx = "RSA"; - break; - - case SSL_kEDH: - kx = "DH"; - break; - - case SSL_kEECDH: - kx = "ECDH"; - break; - - case SSL_kPSK: - kx = "PSK"; - break; - - default: - kx = "unknown"; - } - - switch (alg_auth) { - case SSL_aRSA: - au = "RSA"; - break; - - case SSL_aNULL: - au = "None"; - break; - - case SSL_aECDSA: - au = "ECDSA"; - break; - - case SSL_aPSK: - au = "PSK"; - break; - - default: - au = "unknown"; - break; - } - - switch (alg_enc) { - case SSL_3DES: - enc = "3DES(168)"; - break; - - case SSL_RC4: - enc = "RC4(128)"; - break; - - case SSL_AES128: - enc = "AES(128)"; - break; - - case SSL_AES256: - enc = "AES(256)"; - break; - - case SSL_AES128GCM: - enc = "AESGCM(128)"; - break; - - case SSL_AES256GCM: - enc = "AESGCM(256)"; - break; - - case SSL_CHACHA20POLY1305: - enc = "ChaCha20-Poly1305"; - break; - - default: - enc = "unknown"; - break; - } - - switch (alg_mac) { - case SSL_MD5: - mac = "MD5"; - break; - - case SSL_SHA1: - mac = "SHA1"; - break; - - case SSL_SHA256: - mac = "SHA256"; - break; - - case SSL_SHA384: - mac = "SHA384"; - break; - - case SSL_AEAD: - mac = "AEAD"; - break; - - default: - mac = "unknown"; - break; - } - - if (buf == NULL) { - len = 128; - buf = OPENSSL_malloc(len); - if (buf == NULL) - return "OPENSSL_malloc Error"; - } else if (len < 128) { - return "Buffer too small"; - } - - BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac); - return buf; -} - -int SSL_CIPHER_is_AES(const SSL_CIPHER *c) { - return (c->algorithm_enc & SSL_AES) != 0; -} - -int SSL_CIPHER_has_MD5_HMAC(const SSL_CIPHER *c) { - return (c->algorithm_mac & SSL_MD5) != 0; -} - -int SSL_CIPHER_is_AESGCM(const SSL_CIPHER *c) { - return (c->algorithm_mac & (SSL_AES128GCM | SSL_AES256GCM)) != 0; -} - -int SSL_CIPHER_is_CHACHA20POLY1305(const SSL_CIPHER *c) { - return (c->algorithm_enc & SSL_CHACHA20POLY1305) != 0; -} - -const char *SSL_CIPHER_get_version(const SSL_CIPHER *c) { - int i; - - if (c == NULL) { - return "(NONE)"; - } - - i = (int)(c->id >> 24L); - if (i == 3) { - return "TLSv1/SSLv3"; - } else if (i == 2) { - return "SSLv2"; - } else { - return "unknown"; - } -} - -/* return the actual cipher being used */ -const char *SSL_CIPHER_get_name(const SSL_CIPHER *c) { - if (c != NULL) { - return c->name; - } - - return "(NONE)"; -} - -const char *SSL_CIPHER_get_kx_name(const SSL_CIPHER *cipher) { - if (cipher == NULL) { - return ""; - } - - switch (cipher->algorithm_mkey) { - case SSL_kRSA: - return SSL_TXT_RSA; - - case SSL_kEDH: - switch (cipher->algorithm_auth) { - case SSL_aRSA: - return "DHE_" SSL_TXT_RSA; - case SSL_aNULL: - return SSL_TXT_DH "_anon"; - default: - return "UNKNOWN"; - } - - case SSL_kEECDH: - switch (cipher->algorithm_auth) { - case SSL_aECDSA: - return "ECDHE_" SSL_TXT_ECDSA; - case SSL_aRSA: - return "ECDHE_" SSL_TXT_RSA; - case SSL_aNULL: - return SSL_TXT_ECDH "_anon"; - default: - return "UNKNOWN"; - } - - default: - return "UNKNOWN"; - } -} - -/* number of bits for symmetric cipher */ -int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits) { - int ret = 0; - - if (c != NULL) { - if (alg_bits != NULL) { - *alg_bits = c->alg_bits; - } - ret = c->strength_bits; - } - - return ret; -} - -unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c) { return c->id; } - -void *SSL_COMP_get_compression_methods(void) { return NULL; } - -int SSL_COMP_add_compression_method(int id, void *cm) { return 1; } - -const char *SSL_COMP_get_name(const void *comp) { return NULL; } - -/* For a cipher return the index corresponding to the certificate type */ -int ssl_cipher_get_cert_index(const SSL_CIPHER *c) { - unsigned long alg_a = c->algorithm_auth; - - if (alg_a & SSL_aECDSA) { - return SSL_PKEY_ECC; - } else if (alg_a & SSL_aRSA) { - return SSL_PKEY_RSA_ENC; - } - - return -1; -} - -/* ssl_cipher_has_server_public_key returns 1 if |cipher| involves a server - * public key in the key exchange, sent in a server Certificate message. - * Otherwise it returns 0. */ -int ssl_cipher_has_server_public_key(const SSL_CIPHER *cipher) { - /* Anonymous ciphers do not include a server certificate. */ - if (cipher->algorithm_auth & SSL_aNULL) { - return 0; - } - - /* Neither do PSK ciphers, except for RSA_PSK. */ - if ((cipher->algorithm_auth & SSL_aPSK) && - !(cipher->algorithm_mkey & SSL_kRSA)) { - return 0; - } - - /* All other ciphers include it. */ - return 1; -} - -/* ssl_cipher_requires_server_key_exchange returns 1 if |cipher| requires a - * ServerKeyExchange message. Otherwise it returns 0. - * - * Unlike ssl_cipher_has_server_public_key, some ciphers take optional - * ServerKeyExchanges. PSK and RSA_PSK only use the ServerKeyExchange to - * communicate a psk_identity_hint, so it is optional. */ -int ssl_cipher_requires_server_key_exchange(const SSL_CIPHER *cipher) { - /* Ephemeral Diffie-Hellman key exchanges require a ServerKeyExchange. */ - if (cipher->algorithm_mkey & SSL_kEDH || cipher->algorithm_mkey & SSL_kEECDH) { - return 1; - } - - /* It is optional in all others. */ - return 0; -} diff --git a/src/ssl/ssl_cipher.c b/src/ssl/ssl_cipher.c new file mode 100644 index 0000000..2cafeb9 --- /dev/null +++ b/src/ssl/ssl_cipher.c @@ -0,0 +1,1362 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECC cipher suite support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ +/* ==================================================================== + * Copyright 2005 Nokia. All rights reserved. + * + * The portions of the attached software ("Contribution") is developed by + * Nokia Corporation and is licensed pursuant to the OpenSSL open source + * license. + * + * The Contribution, originally written by Mika Kousa and Pasi Eronen of + * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites + * support (see RFC 4279) to OpenSSL. + * + * No patent licenses or other rights except those expressly stated in + * the OpenSSL open source license shall be deemed granted or received + * expressly, by implication, estoppel, or otherwise. + * + * No assurances are provided by Nokia that the Contribution does not + * infringe the patent or other intellectual property rights of any third + * party or that the license provides you with all the necessary rights + * to make use of the Contribution. + * + * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN + * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA + * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY + * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR + * OTHERWISE. */ + +#include +#include +#include + +#include +#include +#include +#include +#include +#include + +#include "internal.h" + + +struct handshake_digest { + uint32_t mask; + const EVP_MD *(*md_func)(void); +}; + +static const struct handshake_digest ssl_handshake_digests[SSL_MAX_DIGEST] = { + {SSL_HANDSHAKE_MAC_MD5, EVP_md5}, + {SSL_HANDSHAKE_MAC_SHA, EVP_sha1}, + {SSL_HANDSHAKE_MAC_SHA256, EVP_sha256}, + {SSL_HANDSHAKE_MAC_SHA384, EVP_sha384}, +}; + +#define CIPHER_ADD 1 +#define CIPHER_KILL 2 +#define CIPHER_DEL 3 +#define CIPHER_ORD 4 +#define CIPHER_SPECIAL 5 + +typedef struct cipher_order_st { + const SSL_CIPHER *cipher; + int active; + int in_group; + struct cipher_order_st *next, *prev; +} CIPHER_ORDER; + +typedef struct cipher_alias_st { + /* name is the name of the cipher alias. */ + const char *name; + + /* The following fields are bitmasks for the corresponding fields on + * |SSL_CIPHER|. A cipher matches a cipher alias iff, for each bitmask, the + * bit corresponding to the cipher's value is set to 1. If any bitmask is + * all zeroes, the alias matches nothing. Use |~0u| for the default value. */ + uint32_t algorithm_mkey; + uint32_t algorithm_auth; + uint32_t algorithm_enc; + uint32_t algorithm_mac; + uint32_t algorithm_ssl; + uint32_t algo_strength; +} CIPHER_ALIAS; + +static const CIPHER_ALIAS kCipherAliases[] = + { + {SSL_TXT_ALL, ~0u, ~0u, ~0u, ~0u, ~0u, ~0u}, + + /* The "COMPLEMENTOFDEFAULT" rule is omitted. It matches nothing. */ + + /* key exchange aliases + * (some of those using only a single bit here combine + * multiple key exchange algs according to the RFCs, + * e.g. kEDH combines DHE_DSS and DHE_RSA) */ + {SSL_TXT_kRSA, SSL_kRSA, ~0u, ~0u, ~0u, ~0u, ~0u}, + + {SSL_TXT_kDHE, SSL_kDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, + {SSL_TXT_kEDH, SSL_kDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, + {SSL_TXT_DH, SSL_kDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, + + {SSL_TXT_kECDHE, SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, + {SSL_TXT_kEECDH, SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, + {SSL_TXT_ECDH, SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, + + {SSL_TXT_kPSK, SSL_kPSK, ~0u, ~0u, ~0u, ~0u, ~0u}, + + /* server authentication aliases */ + {SSL_TXT_aRSA, ~0u, SSL_aRSA, ~0u, ~0u, ~0u, ~0u}, + {SSL_TXT_aECDSA, ~0u, SSL_aECDSA, ~0u, ~0u, ~0u, ~0u}, + {SSL_TXT_ECDSA, ~0u, SSL_aECDSA, ~0u, ~0u, ~0u, ~0u}, + {SSL_TXT_aPSK, ~0u, SSL_aPSK, ~0u, ~0u, ~0u, ~0u}, + + /* aliases combining key exchange and server authentication */ + {SSL_TXT_DHE, SSL_kDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, + {SSL_TXT_EDH, SSL_kDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, + {SSL_TXT_ECDHE, SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, + {SSL_TXT_EECDH, SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, + {SSL_TXT_RSA, SSL_kRSA, SSL_aRSA, ~0u, ~0u, ~0u, ~0u}, + {SSL_TXT_PSK, SSL_kPSK, SSL_aPSK, ~0u, ~0u, ~0u, ~0u}, + + /* symmetric encryption aliases */ + {SSL_TXT_3DES, ~0u, ~0u, SSL_3DES, ~0u, ~0u, ~0u}, + {SSL_TXT_RC4, ~0u, ~0u, SSL_RC4, ~0u, ~0u, ~0u}, + {SSL_TXT_AES128, ~0u, ~0u, SSL_AES128 | SSL_AES128GCM, ~0u, ~0u, ~0u}, + {SSL_TXT_AES256, ~0u, ~0u, SSL_AES256 | SSL_AES256GCM, ~0u, ~0u, ~0u}, + {SSL_TXT_AES, ~0u, ~0u, SSL_AES, ~0u, ~0u, ~0u}, + {SSL_TXT_AES_GCM, ~0u, ~0u, SSL_AES128GCM | SSL_AES256GCM, ~0u, ~0u, ~0u}, + {SSL_TXT_CHACHA20, ~0u, ~0u, SSL_CHACHA20POLY1305, ~0u, ~0u, ~0u}, + + /* MAC aliases */ + {SSL_TXT_MD5, ~0u, ~0u, ~0u, SSL_MD5, ~0u, ~0u}, + {SSL_TXT_SHA1, ~0u, ~0u, ~0u, SSL_SHA1, ~0u, ~0u}, + {SSL_TXT_SHA, ~0u, ~0u, ~0u, SSL_SHA1, ~0u, ~0u}, + {SSL_TXT_SHA256, ~0u, ~0u, ~0u, SSL_SHA256, ~0u, ~0u}, + {SSL_TXT_SHA384, ~0u, ~0u, ~0u, SSL_SHA384, ~0u, ~0u}, + + /* protocol version aliases */ + {SSL_TXT_SSLV3, ~0u, ~0u, ~0u, ~0u, SSL_SSLV3, ~0u}, + {SSL_TXT_TLSV1, ~0u, ~0u, ~0u, ~0u, SSL_TLSV1, ~0u}, + {SSL_TXT_TLSV1_2, ~0u, ~0u, ~0u, ~0u, SSL_TLSV1_2, ~0u}, + + /* strength classes */ + {SSL_TXT_MEDIUM, ~0u, ~0u, ~0u, ~0u, ~0u, SSL_MEDIUM}, + {SSL_TXT_HIGH, ~0u, ~0u, ~0u, ~0u, ~0u, SSL_HIGH}, + /* FIPS 140-2 approved ciphersuite */ + {SSL_TXT_FIPS, ~0u, ~0u, ~0u, ~0u, ~0u, SSL_FIPS}, +}; + +#define NUM_CIPHER_ALIASES (sizeof(kCipherAliases) / sizeof(kCipherAliases[0])) + +int ssl_cipher_get_evp_aead(const EVP_AEAD **out_aead, + size_t *out_mac_secret_len, + size_t *out_fixed_iv_len, + const SSL_CIPHER *cipher, uint16_t version) { + *out_aead = NULL; + *out_mac_secret_len = 0; + *out_fixed_iv_len = 0; + + switch (cipher->algorithm_enc) { + case SSL_AES128GCM: + *out_aead = EVP_aead_aes_128_gcm(); + *out_fixed_iv_len = 4; + return 1; + + case SSL_AES256GCM: + *out_aead = EVP_aead_aes_256_gcm(); + *out_fixed_iv_len = 4; + return 1; + + case SSL_CHACHA20POLY1305: + *out_aead = EVP_aead_chacha20_poly1305(); + *out_fixed_iv_len = 0; + return 1; + + case SSL_RC4: + switch (cipher->algorithm_mac) { + case SSL_MD5: + if (version == SSL3_VERSION) { + *out_aead = EVP_aead_rc4_md5_ssl3(); + } else { + *out_aead = EVP_aead_rc4_md5_tls(); + } + *out_mac_secret_len = MD5_DIGEST_LENGTH; + return 1; + case SSL_SHA1: + if (version == SSL3_VERSION) { + *out_aead = EVP_aead_rc4_sha1_ssl3(); + } else { + *out_aead = EVP_aead_rc4_sha1_tls(); + } + *out_mac_secret_len = SHA_DIGEST_LENGTH; + return 1; + default: + return 0; + } + + case SSL_AES128: + switch (cipher->algorithm_mac) { + case SSL_SHA1: + if (version == SSL3_VERSION) { + *out_aead = EVP_aead_aes_128_cbc_sha1_ssl3(); + *out_fixed_iv_len = 16; + } else if (version == TLS1_VERSION) { + *out_aead = EVP_aead_aes_128_cbc_sha1_tls_implicit_iv(); + *out_fixed_iv_len = 16; + } else { + *out_aead = EVP_aead_aes_128_cbc_sha1_tls(); + } + *out_mac_secret_len = SHA_DIGEST_LENGTH; + return 1; + case SSL_SHA256: + *out_aead = EVP_aead_aes_128_cbc_sha256_tls(); + *out_mac_secret_len = SHA256_DIGEST_LENGTH; + return 1; + default: + return 0; + } + + case SSL_AES256: + switch (cipher->algorithm_mac) { + case SSL_SHA1: + if (version == SSL3_VERSION) { + *out_aead = EVP_aead_aes_256_cbc_sha1_ssl3(); + *out_fixed_iv_len = 16; + } else if (version == TLS1_VERSION) { + *out_aead = EVP_aead_aes_256_cbc_sha1_tls_implicit_iv(); + *out_fixed_iv_len = 16; + } else { + *out_aead = EVP_aead_aes_256_cbc_sha1_tls(); + } + *out_mac_secret_len = SHA_DIGEST_LENGTH; + return 1; + case SSL_SHA256: + *out_aead = EVP_aead_aes_256_cbc_sha256_tls(); + *out_mac_secret_len = SHA256_DIGEST_LENGTH; + return 1; + case SSL_SHA384: + *out_aead = EVP_aead_aes_256_cbc_sha384_tls(); + *out_mac_secret_len = SHA384_DIGEST_LENGTH; + return 1; + default: + return 0; + } + + case SSL_3DES: + switch (cipher->algorithm_mac) { + case SSL_SHA1: + if (version == SSL3_VERSION) { + *out_aead = EVP_aead_des_ede3_cbc_sha1_ssl3(); + *out_fixed_iv_len = 8; + } else if (version == TLS1_VERSION) { + *out_aead = EVP_aead_des_ede3_cbc_sha1_tls_implicit_iv(); + *out_fixed_iv_len = 8; + } else { + *out_aead = EVP_aead_des_ede3_cbc_sha1_tls(); + } + *out_mac_secret_len = SHA_DIGEST_LENGTH; + return 1; + default: + return 0; + } + + default: + return 0; + } +} + +int ssl_get_handshake_digest(uint32_t *out_mask, const EVP_MD **out_md, + size_t idx) { + if (idx >= SSL_MAX_DIGEST) { + return 0; + } + *out_mask = ssl_handshake_digests[idx].mask; + *out_md = ssl_handshake_digests[idx].md_func(); + return 1; +} + +#define ITEM_SEP(a) \ + (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) + +/* rule_equals returns one iff the NUL-terminated string |rule| is equal to the + * |buf_len| bytes at |buf|. */ +static int rule_equals(const char *rule, const char *buf, size_t buf_len) { + /* |strncmp| alone only checks that |buf| is a prefix of |rule|. */ + return strncmp(rule, buf, buf_len) == 0 && rule[buf_len] == '\0'; +} + +static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr, + CIPHER_ORDER **tail) { + if (curr == *tail) { + return; + } + if (curr == *head) { + *head = curr->next; + } + if (curr->prev != NULL) { + curr->prev->next = curr->next; + } + if (curr->next != NULL) { + curr->next->prev = curr->prev; + } + (*tail)->next = curr; + curr->prev = *tail; + curr->next = NULL; + *tail = curr; +} + +static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr, + CIPHER_ORDER **tail) { + if (curr == *head) { + return; + } + if (curr == *tail) { + *tail = curr->prev; + } + if (curr->next != NULL) { + curr->next->prev = curr->prev; + } + if (curr->prev != NULL) { + curr->prev->next = curr->next; + } + (*head)->prev = curr; + curr->next = *head; + curr->prev = NULL; + *head = curr; +} + +static void ssl_cipher_collect_ciphers(const SSL_PROTOCOL_METHOD *ssl_method, + size_t num_of_ciphers, + CIPHER_ORDER *co_list, + CIPHER_ORDER **head_p, + CIPHER_ORDER **tail_p) { + size_t i, co_list_num; + + /* We have num_of_ciphers descriptions compiled in, depending on the method + * selected (SSLv2 and/or SSLv3, TLSv1 etc). These will later be sorted in a + * linked list with at most num entries. */ + + /* Get the initial list of ciphers */ + co_list_num = 0; /* actual count of ciphers */ + for (i = 0; i < num_of_ciphers; i++) { + const SSL_CIPHER *c = ssl_method->get_cipher(i); + if (c != NULL) { + co_list[co_list_num].cipher = c; + co_list[co_list_num].next = NULL; + co_list[co_list_num].prev = NULL; + co_list[co_list_num].active = 0; + co_list[co_list_num].in_group = 0; + co_list_num++; + } + } + + /* Prepare linked list from list entries. */ + if (co_list_num > 0) { + co_list[0].prev = NULL; + + if (co_list_num > 1) { + co_list[0].next = &co_list[1]; + + for (i = 1; i < co_list_num - 1; i++) { + co_list[i].prev = &co_list[i - 1]; + co_list[i].next = &co_list[i + 1]; + } + + co_list[co_list_num - 1].prev = &co_list[co_list_num - 2]; + } + + co_list[co_list_num - 1].next = NULL; + + *head_p = &co_list[0]; + *tail_p = &co_list[co_list_num - 1]; + } +} + +/* ssl_cipher_apply_rule applies the rule type |rule| to ciphers matching its + * parameters in the linked list from |*head_p| to |*tail_p|. It writes the new + * head and tail of the list to |*head_p| and |*tail_p|, respectively. + * + * - If |cipher_id| is non-zero, only that cipher is selected. + * - Otherwise, if |strength_bits| is non-negative, it selects ciphers + * of that strength. + * - Otherwise, it selects ciphers that match each bitmasks in |alg_*| and + * |algo_strength|. */ +static void ssl_cipher_apply_rule( + uint32_t cipher_id, uint32_t alg_mkey, uint32_t alg_auth, + uint32_t alg_enc, uint32_t alg_mac, uint32_t alg_ssl, + uint32_t algo_strength, int rule, int strength_bits, int in_group, + CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) { + CIPHER_ORDER *head, *tail, *curr, *next, *last; + const SSL_CIPHER *cp; + int reverse = 0; + + if (cipher_id == 0 && strength_bits == -1 && + (alg_mkey == 0 || alg_auth == 0 || alg_enc == 0 || alg_mac == 0 || + alg_ssl == 0 || algo_strength == 0)) { + /* The rule matches nothing, so bail early. */ + return; + } + + if (rule == CIPHER_DEL) { + /* needed to maintain sorting between currently deleted ciphers */ + reverse = 1; + } + + head = *head_p; + tail = *tail_p; + + if (reverse) { + next = tail; + last = head; + } else { + next = head; + last = tail; + } + + curr = NULL; + for (;;) { + if (curr == last) { + break; + } + + curr = next; + if (curr == NULL) { + break; + } + + next = reverse ? curr->prev : curr->next; + cp = curr->cipher; + + /* Selection criteria is either a specific cipher, the value of + * |strength_bits|, or the algorithms used. */ + if (cipher_id != 0) { + if (cipher_id != cp->id) { + continue; + } + } else if (strength_bits >= 0) { + if (strength_bits != cp->strength_bits) { + continue; + } + } else if (!(alg_mkey & cp->algorithm_mkey) || + !(alg_auth & cp->algorithm_auth) || + !(alg_enc & cp->algorithm_enc) || + !(alg_mac & cp->algorithm_mac) || + !(alg_ssl & cp->algorithm_ssl) || + !(algo_strength & cp->algo_strength)) { + continue; + } + + /* add the cipher if it has not been added yet. */ + if (rule == CIPHER_ADD) { + /* reverse == 0 */ + if (!curr->active) { + ll_append_tail(&head, curr, &tail); + curr->active = 1; + curr->in_group = in_group; + } + } + + /* Move the added cipher to this location */ + else if (rule == CIPHER_ORD) { + /* reverse == 0 */ + if (curr->active) { + ll_append_tail(&head, curr, &tail); + curr->in_group = 0; + } + } else if (rule == CIPHER_DEL) { + /* reverse == 1 */ + if (curr->active) { + /* most recently deleted ciphersuites get best positions + * for any future CIPHER_ADD (note that the CIPHER_DEL loop + * works in reverse to maintain the order) */ + ll_append_head(&head, curr, &tail); + curr->active = 0; + curr->in_group = 0; + } + } else if (rule == CIPHER_KILL) { + /* reverse == 0 */ + if (head == curr) { + head = curr->next; + } else { + curr->prev->next = curr->next; + } + + if (tail == curr) { + tail = curr->prev; + } + curr->active = 0; + if (curr->next != NULL) { + curr->next->prev = curr->prev; + } + if (curr->prev != NULL) { + curr->prev->next = curr->next; + } + curr->next = NULL; + curr->prev = NULL; + } + } + + *head_p = head; + *tail_p = tail; +} + +static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, + CIPHER_ORDER **tail_p) { + int max_strength_bits, i, *number_uses; + CIPHER_ORDER *curr; + + /* This routine sorts the ciphers with descending strength. The sorting must + * keep the pre-sorted sequence, so we apply the normal sorting routine as + * '+' movement to the end of the list. */ + max_strength_bits = 0; + curr = *head_p; + while (curr != NULL) { + if (curr->active && curr->cipher->strength_bits > max_strength_bits) { + max_strength_bits = curr->cipher->strength_bits; + } + curr = curr->next; + } + + number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int)); + if (!number_uses) { + OPENSSL_PUT_ERROR(SSL, ssl_cipher_strength_sort, ERR_R_MALLOC_FAILURE); + return 0; + } + memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int)); + + /* Now find the strength_bits values actually used. */ + curr = *head_p; + while (curr != NULL) { + if (curr->active) { + number_uses[curr->cipher->strength_bits]++; + } + curr = curr->next; + } + + /* Go through the list of used strength_bits values in descending order. */ + for (i = max_strength_bits; i >= 0; i--) { + if (number_uses[i] > 0) { + ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, 0, head_p, + tail_p); + } + } + + OPENSSL_free(number_uses); + return 1; +} + +static int ssl_cipher_process_rulestr(const SSL_PROTOCOL_METHOD *ssl_method, + const char *rule_str, + CIPHER_ORDER **head_p, + CIPHER_ORDER **tail_p) { + uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength; + const char *l, *buf; + int multi, rule, retval, ok, in_group = 0, has_group = 0; + size_t j, buf_len; + uint32_t cipher_id; + char ch; + + retval = 1; + l = rule_str; + for (;;) { + ch = *l; + + if (ch == '\0') { + break; /* done */ + } + + if (in_group) { + if (ch == ']') { + if (*tail_p) { + (*tail_p)->in_group = 0; + } + in_group = 0; + l++; + continue; + } + + if (ch == '|') { + rule = CIPHER_ADD; + l++; + continue; + } else if (!(ch >= 'a' && ch <= 'z') && !(ch >= 'A' && ch <= 'Z') && + !(ch >= '0' && ch <= '9')) { + OPENSSL_PUT_ERROR(SSL, ssl_cipher_process_rulestr, + SSL_R_UNEXPECTED_OPERATOR_IN_GROUP); + retval = in_group = 0; + break; + } else { + rule = CIPHER_ADD; + } + } else if (ch == '-') { + rule = CIPHER_DEL; + l++; + } else if (ch == '+') { + rule = CIPHER_ORD; + l++; + } else if (ch == '!') { + rule = CIPHER_KILL; + l++; + } else if (ch == '@') { + rule = CIPHER_SPECIAL; + l++; + } else if (ch == '[') { + if (in_group) { + OPENSSL_PUT_ERROR(SSL, ssl_cipher_process_rulestr, SSL_R_NESTED_GROUP); + retval = in_group = 0; + break; + } + in_group = 1; + has_group = 1; + l++; + continue; + } else { + rule = CIPHER_ADD; + } + + /* If preference groups are enabled, the only legal operator is +. + * Otherwise the in_group bits will get mixed up. */ + if (has_group && rule != CIPHER_ADD) { + OPENSSL_PUT_ERROR(SSL, ssl_cipher_process_rulestr, + SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS); + retval = in_group = 0; + break; + } + + if (ITEM_SEP(ch)) { + l++; + continue; + } + + multi = 0; + cipher_id = 0; + alg_mkey = ~0u; + alg_auth = ~0u; + alg_enc = ~0u; + alg_mac = ~0u; + alg_ssl = ~0u; + algo_strength = ~0u; + + for (;;) { + ch = *l; + buf = l; + buf_len = 0; + while (((ch >= 'A') && (ch <= 'Z')) || ((ch >= '0') && (ch <= '9')) || + ((ch >= 'a') && (ch <= 'z')) || (ch == '-') || (ch == '.')) { + ch = *(++l); + buf_len++; + } + + if (buf_len == 0) { + /* We hit something we cannot deal with, it is no command or separator + * nor alphanumeric, so we call this an error. */ + OPENSSL_PUT_ERROR(SSL, ssl_cipher_process_rulestr, + SSL_R_INVALID_COMMAND); + retval = in_group = 0; + l++; + break; + } + + if (rule == CIPHER_SPECIAL) { + break; + } + + /* Look for a matching exact cipher. These aren't allowed in multipart + * rules. */ + if (!multi && ch != '+') { + size_t num_ciphers = ssl_method->num_ciphers(); + for (j = 0; j < num_ciphers; j++) { + const SSL_CIPHER *cipher = ssl_method->get_cipher(j); + if (cipher != NULL && rule_equals(cipher->name, buf, buf_len)) { + cipher_id = cipher->id; + break; + } + } + } + if (cipher_id == 0) { + /* If not an exact cipher, look for a matching cipher alias. */ + for (j = 0; j < NUM_CIPHER_ALIASES; j++) { + if (rule_equals(kCipherAliases[j].name, buf, buf_len)) { + alg_mkey &= kCipherAliases[j].algorithm_mkey; + alg_auth &= kCipherAliases[j].algorithm_auth; + alg_enc &= kCipherAliases[j].algorithm_enc; + alg_mac &= kCipherAliases[j].algorithm_mac; + alg_ssl &= kCipherAliases[j].algorithm_ssl; + algo_strength &= kCipherAliases[j].algo_strength; + break; + } + } + if (j == NUM_CIPHER_ALIASES) { + alg_mkey = alg_auth = alg_enc = alg_mac = alg_ssl = algo_strength = 0; + } + } + + /* Check for a multipart rule. */ + if (ch != '+') { + break; + } + l++; + multi = 1; + } + + /* Ok, we have the rule, now apply it. */ + if (rule == CIPHER_SPECIAL) { + /* special command */ + ok = 0; + if (buf_len == 8 && !strncmp(buf, "STRENGTH", 8)) { + ok = ssl_cipher_strength_sort(head_p, tail_p); + } else { + OPENSSL_PUT_ERROR(SSL, ssl_cipher_process_rulestr, + SSL_R_INVALID_COMMAND); + } + + if (ok == 0) { + retval = 0; + } + + /* We do not support any "multi" options together with "@", so throw away + * the rest of the command, if any left, until end or ':' is found. */ + while (*l != '\0' && !ITEM_SEP(*l)) { + l++; + } + } else { + ssl_cipher_apply_rule(cipher_id, alg_mkey, alg_auth, alg_enc, alg_mac, + alg_ssl, algo_strength, rule, -1, in_group, head_p, + tail_p); + } + } + + if (in_group) { + OPENSSL_PUT_ERROR(SSL, ssl_cipher_process_rulestr, SSL_R_INVALID_COMMAND); + retval = 0; + } + + return retval; +} + +STACK_OF(SSL_CIPHER) * +ssl_create_cipher_list(const SSL_PROTOCOL_METHOD *ssl_method, + struct ssl_cipher_preference_list_st **out_cipher_list, + STACK_OF(SSL_CIPHER) **out_cipher_list_by_id, + const char *rule_str) { + int ok; + size_t num_of_ciphers; + STACK_OF(SSL_CIPHER) *cipherstack = NULL, *tmp_cipher_list = NULL; + const char *rule_p; + CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; + uint8_t *in_group_flags = NULL; + unsigned int num_in_group_flags = 0; + struct ssl_cipher_preference_list_st *pref_list = NULL; + + /* Return with error if nothing to do. */ + if (rule_str == NULL || out_cipher_list == NULL) { + return NULL; + } + + /* Now we have to collect the available ciphers from the compiled in ciphers. + * We cannot get more than the number compiled in, so it is used for + * allocation. */ + num_of_ciphers = ssl_method->num_ciphers(); + co_list = + (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); + if (co_list == NULL) { + OPENSSL_PUT_ERROR(SSL, ssl_create_cipher_list, ERR_R_MALLOC_FAILURE); + return NULL; + } + + ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, co_list, &head, &tail); + + /* Now arrange all ciphers by preference: + * TODO(davidben): Compute this order once and copy it. */ + + /* Everything else being equal, prefer ECDHE_ECDSA then ECDHE_RSA over other + * key exchange mechanisms */ + ssl_cipher_apply_rule(0, SSL_kECDHE, SSL_aECDSA, ~0u, ~0u, ~0u, ~0u, + CIPHER_ADD, -1, 0, &head, &tail); + ssl_cipher_apply_rule(0, SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, ~0u, CIPHER_ADD, -1, + 0, &head, &tail); + ssl_cipher_apply_rule(0, SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, ~0u, CIPHER_DEL, -1, + 0, &head, &tail); + + /* Order the bulk ciphers. First the preferred AEAD ciphers. We prefer + * CHACHA20 unless there is hardware support for fast and constant-time + * AES_GCM. */ + if (EVP_has_aes_hardware()) { + ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES256GCM, ~0u, ~0u, ~0u, CIPHER_ADD, + -1, 0, &head, &tail); + ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES128GCM, ~0u, ~0u, ~0u, CIPHER_ADD, + -1, 0, &head, &tail); + ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_CHACHA20POLY1305, ~0u, ~0u, ~0u, + CIPHER_ADD, -1, 0, &head, &tail); + } else { + ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_CHACHA20POLY1305, ~0u, ~0u, ~0u, + CIPHER_ADD, -1, 0, &head, &tail); + ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES256GCM, ~0u, ~0u, ~0u, CIPHER_ADD, + -1, 0, &head, &tail); + ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES128GCM, ~0u, ~0u, ~0u, CIPHER_ADD, + -1, 0, &head, &tail); + } + + /* Then the legacy non-AEAD ciphers: AES_256_CBC, AES-128_CBC, RC4_128_SHA, + * RC4_128_MD5, 3DES_EDE_CBC_SHA. */ + ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES256, ~0u, ~0u, ~0u, CIPHER_ADD, -1, + 0, &head, &tail); + ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES128, ~0u, ~0u, ~0u, CIPHER_ADD, -1, + 0, &head, &tail); + ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_RC4, ~SSL_MD5, ~0u, ~0u, CIPHER_ADD, + -1, 0, &head, &tail); + ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_RC4, SSL_MD5, ~0u, ~0u, CIPHER_ADD, -1, + 0, &head, &tail); + ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_3DES, ~0u, ~0u, ~0u, CIPHER_ADD, -1, 0, + &head, &tail); + + /* Temporarily enable everything else for sorting */ + ssl_cipher_apply_rule(0, ~0u, ~0u, ~0u, ~0u, ~0u, ~0u, CIPHER_ADD, -1, 0, + &head, &tail); + + /* Move ciphers without forward secrecy to the end. */ + ssl_cipher_apply_rule(0, ~(SSL_kDHE | SSL_kECDHE), ~0u, ~0u, ~0u, ~0u, ~0u, + CIPHER_ORD, -1, 0, &head, &tail); + + /* Now disable everything (maintaining the ordering!) */ + ssl_cipher_apply_rule(0, ~0u, ~0u, ~0u, ~0u, ~0u, ~0u, CIPHER_DEL, -1, 0, + &head, &tail); + + /* If the rule_string begins with DEFAULT, apply the default rule before + * using the (possibly available) additional rules. */ + ok = 1; + rule_p = rule_str; + if (strncmp(rule_str, "DEFAULT", 7) == 0) { + ok = ssl_cipher_process_rulestr(ssl_method, SSL_DEFAULT_CIPHER_LIST, &head, + &tail); + rule_p += 7; + if (*rule_p == ':') { + rule_p++; + } + } + + if (ok && strlen(rule_p) > 0) { + ok = ssl_cipher_process_rulestr(ssl_method, rule_p, &head, &tail); + } + + if (!ok) { + goto err; + } + + /* Allocate new "cipherstack" for the result, return with error + * if we cannot get one. */ + cipherstack = sk_SSL_CIPHER_new_null(); + if (cipherstack == NULL) { + goto err; + } + + in_group_flags = OPENSSL_malloc(num_of_ciphers); + if (!in_group_flags) { + goto err; + } + + /* The cipher selection for the list is done. The ciphers are added + * to the resulting precedence to the STACK_OF(SSL_CIPHER). */ + for (curr = head; curr != NULL; curr = curr->next) { + if (curr->active) { + if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) { + goto err; + } + in_group_flags[num_in_group_flags++] = curr->in_group; + } + } + OPENSSL_free(co_list); /* Not needed any longer */ + co_list = NULL; + + tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack); + if (tmp_cipher_list == NULL) { + goto err; + } + pref_list = OPENSSL_malloc(sizeof(struct ssl_cipher_preference_list_st)); + if (!pref_list) { + goto err; + } + pref_list->ciphers = cipherstack; + pref_list->in_group_flags = OPENSSL_malloc(num_in_group_flags); + if (!pref_list->in_group_flags) { + goto err; + } + memcpy(pref_list->in_group_flags, in_group_flags, num_in_group_flags); + OPENSSL_free(in_group_flags); + in_group_flags = NULL; + if (*out_cipher_list != NULL) { + ssl_cipher_preference_list_free(*out_cipher_list); + } + *out_cipher_list = pref_list; + pref_list = NULL; + + if (out_cipher_list_by_id != NULL) { + sk_SSL_CIPHER_free(*out_cipher_list_by_id); + *out_cipher_list_by_id = tmp_cipher_list; + tmp_cipher_list = NULL; + (void) sk_SSL_CIPHER_set_cmp_func(*out_cipher_list_by_id, + ssl_cipher_ptr_id_cmp); + + sk_SSL_CIPHER_sort(*out_cipher_list_by_id); + } else { + sk_SSL_CIPHER_free(tmp_cipher_list); + tmp_cipher_list = NULL; + } + + return cipherstack; + +err: + OPENSSL_free(co_list); + OPENSSL_free(in_group_flags); + sk_SSL_CIPHER_free(cipherstack); + sk_SSL_CIPHER_free(tmp_cipher_list); + if (pref_list) { + OPENSSL_free(pref_list->in_group_flags); + } + OPENSSL_free(pref_list); + return NULL; +} + +uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *cipher) { return cipher->id; } + +int SSL_CIPHER_is_AES(const SSL_CIPHER *cipher) { + return (cipher->algorithm_enc & SSL_AES) != 0; +} + +int SSL_CIPHER_has_MD5_HMAC(const SSL_CIPHER *cipher) { + return (cipher->algorithm_mac & SSL_MD5) != 0; +} + +int SSL_CIPHER_is_AESGCM(const SSL_CIPHER *cipher) { + return (cipher->algorithm_mac & (SSL_AES128GCM | SSL_AES256GCM)) != 0; +} + +int SSL_CIPHER_is_CHACHA20POLY1305(const SSL_CIPHER *cipher) { + return (cipher->algorithm_enc & SSL_CHACHA20POLY1305) != 0; +} + +/* return the actual cipher being used */ +const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher) { + if (cipher != NULL) { + return cipher->name; + } + + return "(NONE)"; +} + +const char *SSL_CIPHER_get_kx_name(const SSL_CIPHER *cipher) { + if (cipher == NULL) { + return ""; + } + + switch (cipher->algorithm_mkey) { + case SSL_kRSA: + return "RSA"; + + case SSL_kDHE: + switch (cipher->algorithm_auth) { + case SSL_aRSA: + return "DHE_RSA"; + default: + assert(0); + return "UNKNOWN"; + } + + case SSL_kECDHE: + switch (cipher->algorithm_auth) { + case SSL_aECDSA: + return "ECDHE_ECDSA"; + case SSL_aRSA: + return "ECDHE_RSA"; + case SSL_aPSK: + return "ECDHE_PSK"; + default: + assert(0); + return "UNKNOWN"; + } + + case SSL_kPSK: + assert(cipher->algorithm_auth == SSL_aPSK); + return "PSK"; + + default: + assert(0); + return "UNKNOWN"; + } +} + +static const char *ssl_cipher_get_enc_name(const SSL_CIPHER *cipher) { + switch (cipher->algorithm_enc) { + case SSL_3DES: + return "3DES_EDE_CBC"; + case SSL_RC4: + return "RC4"; + case SSL_AES128: + return "AES_128_CBC"; + case SSL_AES256: + return "AES_256_CBC"; + case SSL_AES128GCM: + return "AES_128_GCM"; + case SSL_AES256GCM: + return "AES_256_GCM"; + case SSL_CHACHA20POLY1305: + return "CHACHA20_POLY1305"; + break; + default: + assert(0); + return "UNKNOWN"; + } +} + +static const char *ssl_cipher_get_prf_name(const SSL_CIPHER *cipher) { + if ((cipher->algorithm2 & TLS1_PRF) == TLS1_PRF) { + /* Before TLS 1.2, the PRF component is the hash used in the HMAC, which is + * only ever MD5 or SHA-1. */ + switch (cipher->algorithm_mac) { + case SSL_MD5: + return "MD5"; + case SSL_SHA1: + return "SHA"; + default: + assert(0); + return "UNKNOWN"; + } + } else if (cipher->algorithm2 & TLS1_PRF_SHA256) { + return "SHA256"; + } else if (cipher->algorithm2 & TLS1_PRF_SHA384) { + return "SHA384"; + } else { + assert(0); + return "UNKNOWN"; + } +} + +char *SSL_CIPHER_get_rfc_name(const SSL_CIPHER *cipher) { + if (cipher == NULL) { + return NULL; + } + + const char *kx_name = SSL_CIPHER_get_kx_name(cipher); + const char *enc_name = ssl_cipher_get_enc_name(cipher); + const char *prf_name = ssl_cipher_get_prf_name(cipher); + + /* The final name is TLS_{kx_name}_WITH_{enc_name}_{prf_name}. */ + size_t len = 4 + strlen(kx_name) + 6 + strlen(enc_name) + 1 + + strlen(prf_name) + 1; + char *ret = OPENSSL_malloc(len); + if (ret == NULL) { + return NULL; + } + if (BUF_strlcpy(ret, "TLS_", len) >= len || + BUF_strlcat(ret, kx_name, len) >= len || + BUF_strlcat(ret, "_WITH_", len) >= len || + BUF_strlcat(ret, enc_name, len) >= len || + BUF_strlcat(ret, "_", len) >= len || + BUF_strlcat(ret, prf_name, len) >= len) { + assert(0); + OPENSSL_free(ret); + return NULL; + } + assert(strlen(ret) + 1 == len); + return ret; +} + +int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *out_alg_bits) { + if (cipher == NULL) { + return 0; + } + + if (out_alg_bits != NULL) { + *out_alg_bits = cipher->alg_bits; + } + return cipher->strength_bits; +} + +const char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, + int len) { + const char *ver; + const char *kx, *au, *enc, *mac; + uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl; + static const char *format = "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n"; + + alg_mkey = cipher->algorithm_mkey; + alg_auth = cipher->algorithm_auth; + alg_enc = cipher->algorithm_enc; + alg_mac = cipher->algorithm_mac; + alg_ssl = cipher->algorithm_ssl; + + if (alg_ssl & SSL_SSLV3) { + ver = "SSLv3"; + } else if (alg_ssl & SSL_TLSV1_2) { + ver = "TLSv1.2"; + } else { + ver = "unknown"; + } + + switch (alg_mkey) { + case SSL_kRSA: + kx = "RSA"; + break; + + case SSL_kDHE: + kx = "DH"; + break; + + case SSL_kECDHE: + kx = "ECDH"; + break; + + case SSL_kPSK: + kx = "PSK"; + break; + + default: + kx = "unknown"; + } + + switch (alg_auth) { + case SSL_aRSA: + au = "RSA"; + break; + + case SSL_aECDSA: + au = "ECDSA"; + break; + + case SSL_aPSK: + au = "PSK"; + break; + + default: + au = "unknown"; + break; + } + + switch (alg_enc) { + case SSL_3DES: + enc = "3DES(168)"; + break; + + case SSL_RC4: + enc = "RC4(128)"; + break; + + case SSL_AES128: + enc = "AES(128)"; + break; + + case SSL_AES256: + enc = "AES(256)"; + break; + + case SSL_AES128GCM: + enc = "AESGCM(128)"; + break; + + case SSL_AES256GCM: + enc = "AESGCM(256)"; + break; + + case SSL_CHACHA20POLY1305: + enc = "ChaCha20-Poly1305"; + break; + + default: + enc = "unknown"; + break; + } + + switch (alg_mac) { + case SSL_MD5: + mac = "MD5"; + break; + + case SSL_SHA1: + mac = "SHA1"; + break; + + case SSL_SHA256: + mac = "SHA256"; + break; + + case SSL_SHA384: + mac = "SHA384"; + break; + + case SSL_AEAD: + mac = "AEAD"; + break; + + default: + mac = "unknown"; + break; + } + + if (buf == NULL) { + len = 128; + buf = OPENSSL_malloc(len); + if (buf == NULL) { + return NULL; + } + } else if (len < 128) { + return "Buffer too small"; + } + + BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac); + return buf; +} + +const char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher) { + return "TLSv1/SSLv3"; +} + +void *SSL_COMP_get_compression_methods(void) { return NULL; } + +int SSL_COMP_add_compression_method(int id, void *cm) { return 1; } + +const char *SSL_COMP_get_name(const void *comp) { return NULL; } + +int ssl_cipher_get_cert_index(const SSL_CIPHER *cipher) { + uint32_t alg_a = cipher->algorithm_auth; + + if (alg_a & SSL_aECDSA) { + return SSL_PKEY_ECC; + } else if (alg_a & SSL_aRSA) { + return SSL_PKEY_RSA_ENC; + } + + return -1; +} + +int ssl_cipher_has_server_public_key(const SSL_CIPHER *cipher) { + /* PSK-authenticated ciphers do not use a public key, except for + * RSA_PSK. */ + if ((cipher->algorithm_auth & SSL_aPSK) && + !(cipher->algorithm_mkey & SSL_kRSA)) { + return 0; + } + + /* All other ciphers include it. */ + return 1; +} + +int ssl_cipher_requires_server_key_exchange(const SSL_CIPHER *cipher) { + /* Ephemeral Diffie-Hellman key exchanges require a ServerKeyExchange. */ + if (cipher->algorithm_mkey & SSL_kDHE || cipher->algorithm_mkey & SSL_kECDHE) { + return 1; + } + + /* It is optional in all others. */ + return 0; +} diff --git a/src/ssl/ssl_error.c b/src/ssl/ssl_error.c deleted file mode 100644 index 2ffb9e6..0000000 --- a/src/ssl/ssl_error.c +++ /dev/null @@ -1,566 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#include - -#include - -const ERR_STRING_DATA SSL_error_string_data[] = { - {ERR_PACK(ERR_LIB_SSL, SSL_F_D2I_SSL_SESSION, 0), "D2I_SSL_SESSION"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_check_private_key, 0), "SSL_CTX_check_private_key"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_new, 0), "SSL_CTX_new"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_set_cipher_list, 0), "SSL_CTX_set_cipher_list"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_set_cipher_list_tls11, 0), "SSL_CTX_set_cipher_list_tls11"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_set_session_id_context, 0), "SSL_CTX_set_session_id_context"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_set_ssl_version, 0), "SSL_CTX_set_ssl_version"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_use_PrivateKey, 0), "SSL_CTX_use_PrivateKey"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_use_PrivateKey_ASN1, 0), "SSL_CTX_use_PrivateKey_ASN1"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_use_PrivateKey_file, 0), "SSL_CTX_use_PrivateKey_file"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_use_RSAPrivateKey, 0), "SSL_CTX_use_RSAPrivateKey"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_use_RSAPrivateKey_ASN1, 0), "SSL_CTX_use_RSAPrivateKey_ASN1"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_use_RSAPrivateKey_file, 0), "SSL_CTX_use_RSAPrivateKey_file"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_use_authz, 0), "SSL_CTX_use_authz"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_use_certificate, 0), "SSL_CTX_use_certificate"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_use_certificate_ASN1, 0), "SSL_CTX_use_certificate_ASN1"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_use_certificate_chain_file, 0), "SSL_CTX_use_certificate_chain_file"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_use_certificate_file, 0), "SSL_CTX_use_certificate_file"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_use_psk_identity_hint, 0), "SSL_CTX_use_psk_identity_hint"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SESSION_new, 0), "SSL_SESSION_new"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SESSION_print_fp, 0), "SSL_SESSION_print_fp"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SESSION_set1_id_context, 0), "SSL_SESSION_set1_id_context"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SESSION_to_bytes_full, 0), "SSL_SESSION_to_bytes_full"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_accept, 0), "SSL_accept"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_add_dir_cert_subjects_to_stack, 0), "SSL_add_dir_cert_subjects_to_stack"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_add_file_cert_subjects_to_stack, 0), "SSL_add_file_cert_subjects_to_stack"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_check_private_key, 0), "SSL_check_private_key"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_clear, 0), "SSL_clear"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_connect, 0), "SSL_connect"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_do_handshake, 0), "SSL_do_handshake"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_load_client_CA_file, 0), "SSL_load_client_CA_file"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_new, 0), "SSL_new"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_peek, 0), "SSL_peek"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_read, 0), "SSL_read"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_set_cipher_list, 0), "SSL_set_cipher_list"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_set_fd, 0), "SSL_set_fd"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_set_rfd, 0), "SSL_set_rfd"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_set_session, 0), "SSL_set_session"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_set_session_id_context, 0), "SSL_set_session_id_context"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_set_session_ticket_ext, 0), "SSL_set_session_ticket_ext"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_set_wfd, 0), "SSL_set_wfd"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_shutdown, 0), "SSL_shutdown"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_use_PrivateKey, 0), "SSL_use_PrivateKey"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_use_PrivateKey_ASN1, 0), "SSL_use_PrivateKey_ASN1"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_use_PrivateKey_file, 0), "SSL_use_PrivateKey_file"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_use_RSAPrivateKey, 0), "SSL_use_RSAPrivateKey"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_use_RSAPrivateKey_ASN1, 0), "SSL_use_RSAPrivateKey_ASN1"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_use_RSAPrivateKey_file, 0), "SSL_use_RSAPrivateKey_file"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_use_authz, 0), "SSL_use_authz"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_use_certificate, 0), "SSL_use_certificate"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_use_certificate_ASN1, 0), "SSL_use_certificate_ASN1"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_use_certificate_file, 0), "SSL_use_certificate_file"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_use_psk_identity_hint, 0), "SSL_use_psk_identity_hint"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_write, 0), "SSL_write"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_authz_find_data, 0), "authz_find_data"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_check_suiteb_cipher_list, 0), "check_suiteb_cipher_list"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_d2i_SSL_SESSION, 0), "d2i_SSL_SESSION"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_d2i_SSL_SESSION_get_octet_string, 0), "d2i_SSL_SESSION_get_octet_string"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_d2i_SSL_SESSION_get_string, 0), "d2i_SSL_SESSION_get_string"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_do_dtls1_write, 0), "do_dtls1_write"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_do_ssl3_write, 0), "do_ssl3_write"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_dtls1_accept, 0), "dtls1_accept"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_dtls1_buffer_record, 0), "dtls1_buffer_record"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_dtls1_check_timeout_num, 0), "dtls1_check_timeout_num"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_dtls1_connect, 0), "dtls1_connect"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_dtls1_do_write, 0), "dtls1_do_write"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_dtls1_get_hello_verify, 0), "dtls1_get_hello_verify"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_dtls1_get_message, 0), "dtls1_get_message"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_dtls1_get_message_fragment, 0), "dtls1_get_message_fragment"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_dtls1_heartbeat, 0), "dtls1_heartbeat"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_dtls1_preprocess_fragment, 0), "dtls1_preprocess_fragment"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_dtls1_process_record, 0), "dtls1_process_record"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_dtls1_read_bytes, 0), "dtls1_read_bytes"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_dtls1_send_hello_verify_request, 0), "dtls1_send_hello_verify_request"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_dtls1_write_app_data_bytes, 0), "dtls1_write_app_data_bytes"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_fclose, 0), "fclose"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_fprintf, 0), "fprintf"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_i2d_SSL_SESSION, 0), "i2d_SSL_SESSION"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_printf, 0), "printf"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_read_authz, 0), "read_authz"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl23_accept, 0), "ssl23_accept"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl23_client_hello, 0), "ssl23_client_hello"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl23_connect, 0), "ssl23_connect"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl23_get_client_hello, 0), "ssl23_get_client_hello"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl23_get_server_hello, 0), "ssl23_get_server_hello"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl23_get_v2_client_hello, 0), "ssl23_get_v2_client_hello"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl23_peek, 0), "ssl23_peek"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl23_read, 0), "ssl23_read"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl23_write, 0), "ssl23_write"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_accept, 0), "ssl3_accept"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_callback_ctrl, 0), "ssl3_callback_ctrl"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_cert_verify_hash, 0), "ssl3_cert_verify_hash"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_change_cipher_state, 0), "ssl3_change_cipher_state"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_check_cert_and_algorithm, 0), "ssl3_check_cert_and_algorithm"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_check_client_hello, 0), "ssl3_check_client_hello"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_connect, 0), "ssl3_connect"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_ctrl, 0), "ssl3_ctrl"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_ctx_ctrl, 0), "ssl3_ctx_ctrl"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_digest_cached_records, 0), "ssl3_digest_cached_records"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_do_change_cipher_spec, 0), "ssl3_do_change_cipher_spec"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_expect_change_cipher_spec, 0), "ssl3_expect_change_cipher_spec"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_generate_key_block, 0), "ssl3_generate_key_block"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_get_cert_status, 0), "ssl3_get_cert_status"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_get_cert_verify, 0), "ssl3_get_cert_verify"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_get_certificate_request, 0), "ssl3_get_certificate_request"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_get_channel_id, 0), "ssl3_get_channel_id"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_get_client_certificate, 0), "ssl3_get_client_certificate"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_get_client_hello, 0), "ssl3_get_client_hello"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_get_client_key_exchange, 0), "ssl3_get_client_key_exchange"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_get_finished, 0), "ssl3_get_finished"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_get_initial_bytes, 0), "ssl3_get_initial_bytes"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_get_message, 0), "ssl3_get_message"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_get_new_session_ticket, 0), "ssl3_get_new_session_ticket"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_get_next_proto, 0), "ssl3_get_next_proto"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_get_record, 0), "ssl3_get_record"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_get_server_certificate, 0), "ssl3_get_server_certificate"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_get_server_done, 0), "ssl3_get_server_done"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_get_server_hello, 0), "ssl3_get_server_hello"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_get_server_key_exchange, 0), "ssl3_get_server_key_exchange"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_get_v2_client_hello, 0), "ssl3_get_v2_client_hello"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_handshake_mac, 0), "ssl3_handshake_mac"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_prf, 0), "ssl3_prf"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_read_bytes, 0), "ssl3_read_bytes"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_read_n, 0), "ssl3_read_n"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_send_cert_verify, 0), "ssl3_send_cert_verify"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_send_certificate_request, 0), "ssl3_send_certificate_request"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_send_channel_id, 0), "ssl3_send_channel_id"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_send_client_certificate, 0), "ssl3_send_client_certificate"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_send_client_hello, 0), "ssl3_send_client_hello"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_send_client_key_exchange, 0), "ssl3_send_client_key_exchange"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_send_new_session_ticket, 0), "ssl3_send_new_session_ticket"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_send_server_certificate, 0), "ssl3_send_server_certificate"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_send_server_hello, 0), "ssl3_send_server_hello"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_send_server_key_exchange, 0), "ssl3_send_server_key_exchange"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_setup_key_block, 0), "ssl3_setup_key_block"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_setup_read_buffer, 0), "ssl3_setup_read_buffer"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_setup_write_buffer, 0), "ssl3_setup_write_buffer"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_write_bytes, 0), "ssl3_write_bytes"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_write_pending, 0), "ssl3_write_pending"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_add_cert_chain, 0), "ssl_add_cert_chain"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_add_cert_to_buf, 0), "ssl_add_cert_to_buf"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_add_clienthello_renegotiate_ext, 0), "ssl_add_clienthello_renegotiate_ext"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_add_clienthello_tlsext, 0), "ssl_add_clienthello_tlsext"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_add_clienthello_use_srtp_ext, 0), "ssl_add_clienthello_use_srtp_ext"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_add_serverhello_renegotiate_ext, 0), "ssl_add_serverhello_renegotiate_ext"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_add_serverhello_tlsext, 0), "ssl_add_serverhello_tlsext"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_add_serverhello_use_srtp_ext, 0), "ssl_add_serverhello_use_srtp_ext"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_bad_method, 0), "ssl_bad_method"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_build_cert_chain, 0), "ssl_build_cert_chain"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_bytes_to_cipher_list, 0), "ssl_bytes_to_cipher_list"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_cert_dup, 0), "ssl_cert_dup"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_cert_inst, 0), "ssl_cert_inst"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_cert_new, 0), "ssl_cert_new"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_check_serverhello_tlsext, 0), "ssl_check_serverhello_tlsext"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_check_srvr_ecc_cert_and_alg, 0), "ssl_check_srvr_ecc_cert_and_alg"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_cipher_process_rulestr, 0), "ssl_cipher_process_rulestr"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_cipher_strength_sort, 0), "ssl_cipher_strength_sort"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_create_cipher_list, 0), "ssl_create_cipher_list"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_ctx_log_master_secret, 0), "ssl_ctx_log_master_secret"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_ctx_log_rsa_client_key_exchange, 0), "ssl_ctx_log_rsa_client_key_exchange"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_ctx_make_profiles, 0), "ssl_ctx_make_profiles"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_get_new_session, 0), "ssl_get_new_session"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_get_prev_session, 0), "ssl_get_prev_session"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_get_server_cert_index, 0), "ssl_get_server_cert_index"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_get_sign_pkey, 0), "ssl_get_sign_pkey"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_init_wbio_buffer, 0), "ssl_init_wbio_buffer"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_new, 0), "ssl_new"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_parse_clienthello_renegotiate_ext, 0), "ssl_parse_clienthello_renegotiate_ext"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_parse_clienthello_tlsext, 0), "ssl_parse_clienthello_tlsext"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_parse_clienthello_use_srtp_ext, 0), "ssl_parse_clienthello_use_srtp_ext"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_parse_serverhello_renegotiate_ext, 0), "ssl_parse_serverhello_renegotiate_ext"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_parse_serverhello_tlsext, 0), "ssl_parse_serverhello_tlsext"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_parse_serverhello_use_srtp_ext, 0), "ssl_parse_serverhello_use_srtp_ext"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_prepare_clienthello_tlsext, 0), "ssl_prepare_clienthello_tlsext"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_scan_clienthello_tlsext, 0), "ssl_scan_clienthello_tlsext"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_scan_serverhello_tlsext, 0), "ssl_scan_serverhello_tlsext"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_sess_cert_new, 0), "ssl_sess_cert_new"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_set_authz, 0), "ssl_set_authz"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_set_cert, 0), "ssl_set_cert"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_set_pkey, 0), "ssl_set_pkey"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_undefined_const_function, 0), "ssl_undefined_const_function"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_undefined_function, 0), "ssl_undefined_function"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_undefined_void_function, 0), "ssl_undefined_void_function"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl_verify_cert_chain, 0), "ssl_verify_cert_chain"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_tls12_check_peer_sigalg, 0), "tls12_check_peer_sigalg"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_tls1_aead_ctx_init, 0), "tls1_aead_ctx_init"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_tls1_cert_verify_mac, 0), "tls1_cert_verify_mac"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_tls1_change_cipher_state, 0), "tls1_change_cipher_state"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_tls1_change_cipher_state_aead, 0), "tls1_change_cipher_state_aead"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_tls1_change_cipher_state_cipher, 0), "tls1_change_cipher_state_cipher"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_tls1_check_duplicate_extensions, 0), "tls1_check_duplicate_extensions"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_tls1_enc, 0), "tls1_enc"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_tls1_export_keying_material, 0), "tls1_export_keying_material"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_tls1_get_server_supplemental_data, 0), "tls1_get_server_supplemental_data"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_tls1_heartbeat, 0), "tls1_heartbeat"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_tls1_prf, 0), "tls1_prf"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_tls1_send_server_supplemental_data, 0), "tls1_send_server_supplemental_data"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_tls1_setup_key_block, 0), "tls1_setup_key_block"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_APP_DATA_IN_HANDSHAKE), "APP_DATA_IN_HANDSHAKE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT), "ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_AUTHZ_DATA_TOO_LARGE), "AUTHZ_DATA_TOO_LARGE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_ALERT), "BAD_ALERT"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_ALERT_RECORD), "BAD_ALERT_RECORD"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_AUTHENTICATION_TYPE), "BAD_AUTHENTICATION_TYPE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_CHANGE_CIPHER_SPEC), "BAD_CHANGE_CIPHER_SPEC"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_CHECKSUM), "BAD_CHECKSUM"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DATA), "BAD_DATA"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DATA_RETURNED_BY_CALLBACK), "BAD_DATA_RETURNED_BY_CALLBACK"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DECOMPRESSION), "BAD_DECOMPRESSION"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DH_G_LENGTH), "BAD_DH_G_LENGTH"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DH_PUB_KEY_LENGTH), "BAD_DH_PUB_KEY_LENGTH"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DH_P_LENGTH), "BAD_DH_P_LENGTH"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DIGEST_LENGTH), "BAD_DIGEST_LENGTH"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DSA_SIGNATURE), "BAD_DSA_SIGNATURE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_ECC_CERT), "BAD_ECC_CERT"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_ECDSA_SIGNATURE), "BAD_ECDSA_SIGNATURE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_ECPOINT), "BAD_ECPOINT"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HANDSHAKE_LENGTH), "BAD_HANDSHAKE_LENGTH"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HELLO_REQUEST), "BAD_HELLO_REQUEST"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_LENGTH), "BAD_LENGTH"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_MAC_DECODE), "BAD_MAC_DECODE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_MAC_LENGTH), "BAD_MAC_LENGTH"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_MESSAGE_TYPE), "BAD_MESSAGE_TYPE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PACKET_LENGTH), "BAD_PACKET_LENGTH"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PROTOCOL_VERSION_NUMBER), "BAD_PROTOCOL_VERSION_NUMBER"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH), "BAD_PSK_IDENTITY_HINT_LENGTH"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_RESPONSE_ARGUMENT), "BAD_RESPONSE_ARGUMENT"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_RSA_DECRYPT), "BAD_RSA_DECRYPT"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_RSA_ENCRYPT), "BAD_RSA_ENCRYPT"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_RSA_E_LENGTH), "BAD_RSA_E_LENGTH"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_RSA_MODULUS_LENGTH), "BAD_RSA_MODULUS_LENGTH"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_RSA_SIGNATURE), "BAD_RSA_SIGNATURE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SIGNATURE), "BAD_SIGNATURE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRP_A_LENGTH), "BAD_SRP_A_LENGTH"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRP_B_LENGTH), "BAD_SRP_B_LENGTH"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRP_G_LENGTH), "BAD_SRP_G_LENGTH"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRP_N_LENGTH), "BAD_SRP_N_LENGTH"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRP_S_LENGTH), "BAD_SRP_S_LENGTH"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRTP_MKI_VALUE), "BAD_SRTP_MKI_VALUE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST), "BAD_SRTP_PROTECTION_PROFILE_LIST"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SSL_FILETYPE), "BAD_SSL_FILETYPE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SSL_SESSION_ID_LENGTH), "BAD_SSL_SESSION_ID_LENGTH"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_STATE), "BAD_STATE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_VALUE), "BAD_VALUE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_WRITE_RETRY), "BAD_WRITE_RETRY"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BIO_NOT_SET), "BIO_NOT_SET"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG), "BLOCK_CIPHER_PAD_IS_WRONG"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BN_LIB), "BN_LIB"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CANNOT_SERIALIZE_PUBLIC_KEY), "CANNOT_SERIALIZE_PUBLIC_KEY"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CA_DN_LENGTH_MISMATCH), "CA_DN_LENGTH_MISMATCH"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CA_DN_TOO_LONG), "CA_DN_TOO_LONG"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CCS_RECEIVED_EARLY), "CCS_RECEIVED_EARLY"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CERTIFICATE_VERIFY_FAILED), "CERTIFICATE_VERIFY_FAILED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CERT_CB_ERROR), "CERT_CB_ERROR"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CERT_LENGTH_MISMATCH), "CERT_LENGTH_MISMATCH"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CHALLENGE_IS_DIFFERENT), "CHALLENGE_IS_DIFFERENT"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CHANNEL_ID_NOT_P256), "CHANNEL_ID_NOT_P256"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CHANNEL_ID_SIGNATURE_INVALID), "CHANNEL_ID_SIGNATURE_INVALID"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CIPHER_CODE_WRONG_LENGTH), "CIPHER_CODE_WRONG_LENGTH"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CIPHER_OR_HASH_UNAVAILABLE), "CIPHER_OR_HASH_UNAVAILABLE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CIPHER_TABLE_SRC_ERROR), "CIPHER_TABLE_SRC_ERROR"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CLIENTHELLO_PARSE_FAILED), "CLIENTHELLO_PARSE_FAILED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CLIENTHELLO_TLSEXT), "CLIENTHELLO_TLSEXT"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSED_LENGTH_TOO_LONG), "COMPRESSED_LENGTH_TOO_LONG"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSION_DISABLED), "COMPRESSION_DISABLED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSION_FAILURE), "COMPRESSION_FAILURE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE), "COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSION_LIBRARY_ERROR), "COMPRESSION_LIBRARY_ERROR"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CONNECTION_ID_IS_DIFFERENT), "CONNECTION_ID_IS_DIFFERENT"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CONNECTION_REJECTED), "CONNECTION_REJECTED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CONNECTION_TYPE_NOT_SET), "CONNECTION_TYPE_NOT_SET"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COOKIE_MISMATCH), "COOKIE_MISMATCH"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_D2I_ECDSA_SIG), "D2I_ECDSA_SIG"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED), "DATA_BETWEEN_CCS_AND_FINISHED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DATA_LENGTH_TOO_LONG), "DATA_LENGTH_TOO_LONG"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DECODE_ERROR), "DECODE_ERROR"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DECRYPTION_FAILED), "DECRYPTION_FAILED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC), "DECRYPTION_FAILED_OR_BAD_RECORD_MAC"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG), "DH_PUBLIC_VALUE_LENGTH_IS_WRONG"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DIGEST_CHECK_FAILED), "DIGEST_CHECK_FAILED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DTLS_MESSAGE_TOO_BIG), "DTLS_MESSAGE_TOO_BIG"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DUPLICATE_COMPRESSION_ID), "DUPLICATE_COMPRESSION_ID"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT), "ECC_CERT_NOT_FOR_KEY_AGREEMENT"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ECC_CERT_NOT_FOR_SIGNING), "ECC_CERT_NOT_FOR_SIGNING"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE), "ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE), "ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER), "ECGROUP_TOO_LARGE_FOR_CIPHER"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST), "EMPTY_SRTP_PROTECTION_PROFILE_LIST"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ENCRYPTED_LENGTH_TOO_LONG), "ENCRYPTED_LENGTH_TOO_LONG"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ERROR_GENERATING_TMP_RSA_KEY), "ERROR_GENERATING_TMP_RSA_KEY"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST), "ERROR_IN_RECEIVED_CIPHER_LIST"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EVP_DIGESTSIGNFINAL_FAILED), "EVP_DIGESTSIGNFINAL_FAILED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EVP_DIGESTSIGNINIT_FAILED), "EVP_DIGESTSIGNINIT_FAILED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXCESSIVE_MESSAGE_SIZE), "EXCESSIVE_MESSAGE_SIZE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXTRA_DATA_IN_MESSAGE), "EXTRA_DATA_IN_MESSAGE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_GOST_NOT_SUPPORTED), "GOST_NOT_SUPPORTED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_GOT_A_FIN_BEFORE_A_CCS), "GOT_A_FIN_BEFORE_A_CCS"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_GOT_CHANNEL_ID_BEFORE_A_CCS), "GOT_CHANNEL_ID_BEFORE_A_CCS"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS), "GOT_NEXT_PROTO_BEFORE_A_CCS"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION), "GOT_NEXT_PROTO_WITHOUT_EXTENSION"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_HANDSHAKE_FAILURE_ON_CLIENT_HELLO), "HANDSHAKE_FAILURE_ON_CLIENT_HELLO"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_HANDSHAKE_RECORD_BEFORE_CCS), "HANDSHAKE_RECORD_BEFORE_CCS"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_HTTPS_PROXY_REQUEST), "HTTPS_PROXY_REQUEST"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_HTTP_REQUEST), "HTTP_REQUEST"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ILLEGAL_PADDING), "ILLEGAL_PADDING"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ILLEGAL_SUITEB_DIGEST), "ILLEGAL_SUITEB_DIGEST"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INAPPROPRIATE_FALLBACK), "INAPPROPRIATE_FALLBACK"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_COMPRESSION), "INCONSISTENT_COMPRESSION"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_AUDIT_PROOF), "INVALID_AUDIT_PROOF"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_AUTHZ_DATA), "INVALID_AUTHZ_DATA"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CHALLENGE_LENGTH), "INVALID_CHALLENGE_LENGTH"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_COMMAND), "INVALID_COMMAND"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_COMPRESSION_ALGORITHM), "INVALID_COMPRESSION_ALGORITHM"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_MESSAGE), "INVALID_MESSAGE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_NULL_CMD_NAME), "INVALID_NULL_CMD_NAME"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_PURPOSE), "INVALID_PURPOSE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SERVERINFO_DATA), "INVALID_SERVERINFO_DATA"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SRP_USERNAME), "INVALID_SRP_USERNAME"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SSL_SESSION), "INVALID_SSL_SESSION"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_STATUS_RESPONSE), "INVALID_STATUS_RESPONSE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_TICKET_KEYS_LENGTH), "INVALID_TICKET_KEYS_LENGTH"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_TRUST), "INVALID_TRUST"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_KEY_ARG_TOO_LONG), "KEY_ARG_TOO_LONG"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_KRB5), "KRB5"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_KRB5_C_CC_PRINC), "KRB5_C_CC_PRINC"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_KRB5_C_GET_CRED), "KRB5_C_GET_CRED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_KRB5_C_INIT), "KRB5_C_INIT"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_KRB5_C_MK_REQ), "KRB5_C_MK_REQ"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_KRB5_S_BAD_TICKET), "KRB5_S_BAD_TICKET"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_KRB5_S_INIT), "KRB5_S_INIT"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_KRB5_S_RD_REQ), "KRB5_S_RD_REQ"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_KRB5_S_TKT_EXPIRED), "KRB5_S_TKT_EXPIRED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_KRB5_S_TKT_NYV), "KRB5_S_TKT_NYV"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_KRB5_S_TKT_SKEW), "KRB5_S_TKT_SKEW"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_MISMATCH), "LENGTH_MISMATCH"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_TOO_SHORT), "LENGTH_TOO_SHORT"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LIBRARY_BUG), "LIBRARY_BUG"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LIBRARY_HAS_NO_CIPHERS), "LIBRARY_HAS_NO_CIPHERS"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MESSAGE_TOO_LONG), "MESSAGE_TOO_LONG"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_DH_DSA_CERT), "MISSING_DH_DSA_CERT"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_DH_KEY), "MISSING_DH_KEY"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_DH_RSA_CERT), "MISSING_DH_RSA_CERT"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_DSA_SIGNING_CERT), "MISSING_DSA_SIGNING_CERT"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_ECDH_CERT), "MISSING_ECDH_CERT"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_ECDSA_SIGNING_CERT), "MISSING_ECDSA_SIGNING_CERT"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_EXPORT_TMP_DH_KEY), "MISSING_EXPORT_TMP_DH_KEY"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_EXPORT_TMP_RSA_KEY), "MISSING_EXPORT_TMP_RSA_KEY"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_CERTIFICATE), "MISSING_RSA_CERTIFICATE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_ENCRYPTING_CERT), "MISSING_RSA_ENCRYPTING_CERT"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_SIGNING_CERT), "MISSING_RSA_SIGNING_CERT"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SRP_PARAM), "MISSING_SRP_PARAM"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_TMP_DH_KEY), "MISSING_TMP_DH_KEY"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_TMP_ECDH_KEY), "MISSING_TMP_ECDH_KEY"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_TMP_RSA_KEY), "MISSING_TMP_RSA_KEY"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_TMP_RSA_PKEY), "MISSING_TMP_RSA_PKEY"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_VERIFY_MESSAGE), "MISSING_VERIFY_MESSAGE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS), "MIXED_SPECIAL_OPERATOR_WITH_GROUPS"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MTU_TOO_SMALL), "MTU_TOO_SMALL"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MULTIPLE_SGC_RESTARTS), "MULTIPLE_SGC_RESTARTS"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NESTED_GROUP), "NESTED_GROUP"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NON_SSLV2_INITIAL_PACKET), "NON_SSLV2_INITIAL_PACKET"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CERTIFICATES_RETURNED), "NO_CERTIFICATES_RETURNED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CERTIFICATE_ASSIGNED), "NO_CERTIFICATE_ASSIGNED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CERTIFICATE_RETURNED), "NO_CERTIFICATE_RETURNED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CERTIFICATE_SET), "NO_CERTIFICATE_SET"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CERTIFICATE_SPECIFIED), "NO_CERTIFICATE_SPECIFIED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CIPHERS_AVAILABLE), "NO_CIPHERS_AVAILABLE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CIPHERS_PASSED), "NO_CIPHERS_PASSED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CIPHERS_SPECIFIED), "NO_CIPHERS_SPECIFIED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CIPHER_LIST), "NO_CIPHER_LIST"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CIPHER_MATCH), "NO_CIPHER_MATCH"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CLIENT_CERT_METHOD), "NO_CLIENT_CERT_METHOD"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CLIENT_CERT_RECEIVED), "NO_CLIENT_CERT_RECEIVED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_COMPRESSION_SPECIFIED), "NO_COMPRESSION_SPECIFIED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER), "NO_GOST_CERTIFICATE_SENT_BY_PEER"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_METHOD_SPECIFIED), "NO_METHOD_SPECIFIED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_P256_SUPPORT), "NO_P256_SUPPORT"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_PEM_EXTENSIONS), "NO_PEM_EXTENSIONS"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_PRIVATEKEY), "NO_PRIVATEKEY"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_PRIVATE_KEY_ASSIGNED), "NO_PRIVATE_KEY_ASSIGNED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_PROTOCOLS_AVAILABLE), "NO_PROTOCOLS_AVAILABLE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_PUBLICKEY), "NO_PUBLICKEY"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_RENEGOTIATION), "NO_RENEGOTIATION"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_REQUIRED_DIGEST), "NO_REQUIRED_DIGEST"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SHARED_CIPHER), "NO_SHARED_CIPHER"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SHARED_SIGATURE_ALGORITHMS), "NO_SHARED_SIGATURE_ALGORITHMS"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SRTP_PROFILES), "NO_SRTP_PROFILES"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_VERIFY_CALLBACK), "NO_VERIFY_CALLBACK"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_CTX), "NULL_SSL_CTX"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_METHOD_PASSED), "NULL_SSL_METHOD_PASSED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED), "OLD_SESSION_CIPHER_NOT_RETURNED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED), "OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE), "ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE), "ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE), "ONLY_TLS_ALLOWED_IN_FIPS_MODE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG), "OPAQUE_PRF_INPUT_TOO_LONG"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PACKET_LENGTH_TOO_LONG), "PACKET_LENGTH_TOO_LONG"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PARSE_TLSEXT), "PARSE_TLSEXT"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PATH_TOO_LONG), "PATH_TOO_LONG"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE), "PEER_DID_NOT_RETURN_A_CERTIFICATE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PEER_ERROR), "PEER_ERROR"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PEER_ERROR_CERTIFICATE), "PEER_ERROR_CERTIFICATE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PEER_ERROR_NO_CERTIFICATE), "PEER_ERROR_NO_CERTIFICATE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PEER_ERROR_NO_CIPHER), "PEER_ERROR_NO_CIPHER"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE), "PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PEM_NAME_BAD_PREFIX), "PEM_NAME_BAD_PREFIX"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PEM_NAME_TOO_SHORT), "PEM_NAME_TOO_SHORT"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PRE_MAC_LENGTH_TOO_LONG), "PRE_MAC_LENGTH_TOO_LONG"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS), "PROBLEMS_MAPPING_CIPHER_FUNCTIONS"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PROTOCOL_IS_SHUTDOWN), "PROTOCOL_IS_SHUTDOWN"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PSK_IDENTITY_NOT_FOUND), "PSK_IDENTITY_NOT_FOUND"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PSK_NO_CLIENT_CB), "PSK_NO_CLIENT_CB"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PSK_NO_SERVER_CB), "PSK_NO_SERVER_CB"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PUBLIC_KEY_ENCRYPT_ERROR), "PUBLIC_KEY_ENCRYPT_ERROR"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PUBLIC_KEY_IS_NOT_RSA), "PUBLIC_KEY_IS_NOT_RSA"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PUBLIC_KEY_NOT_RSA), "PUBLIC_KEY_NOT_RSA"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_READ_BIO_NOT_SET), "READ_BIO_NOT_SET"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_READ_TIMEOUT_EXPIRED), "READ_TIMEOUT_EXPIRED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_READ_WRONG_PACKET_TYPE), "READ_WRONG_PACKET_TYPE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RECORD_LENGTH_MISMATCH), "RECORD_LENGTH_MISMATCH"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RECORD_TOO_LARGE), "RECORD_TOO_LARGE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RECORD_TOO_SMALL), "RECORD_TOO_SMALL"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RENEGOTIATE_EXT_TOO_LONG), "RENEGOTIATE_EXT_TOO_LONG"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RENEGOTIATION_ENCODING_ERR), "RENEGOTIATION_ENCODING_ERR"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RENEGOTIATION_MISMATCH), "RENEGOTIATION_MISMATCH"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REQUIRED_CIPHER_MISSING), "REQUIRED_CIPHER_MISSING"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING), "REQUIRED_COMPRESSSION_ALGORITHM_MISSING"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REUSE_CERT_LENGTH_NOT_ZERO), "REUSE_CERT_LENGTH_NOT_ZERO"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REUSE_CERT_TYPE_NOT_ZERO), "REUSE_CERT_TYPE_NOT_ZERO"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REUSE_CIPHER_LIST_NOT_ZERO), "REUSE_CIPHER_LIST_NOT_ZERO"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING), "SCSV_RECEIVED_WHEN_RENEGOTIATING"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SERVERHELLO_TLSEXT), "SERVERHELLO_TLSEXT"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED), "SESSION_ID_CONTEXT_UNINITIALIZED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SESSION_MAY_NOT_BE_CREATED), "SESSION_MAY_NOT_BE_CREATED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SHORT_READ), "SHORT_READ"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SIGNATURE_ALGORITHMS_ERROR), "SIGNATURE_ALGORITHMS_ERROR"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE), "SIGNATURE_FOR_NON_SIGNING_CERTIFICATE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRP_A_CALC), "SRP_A_CALC"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES), "SRTP_COULD_NOT_ALLOCATE_PROFILES"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG), "SRTP_PROTECTION_PROFILE_LIST_TOO_LONG"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE), "SRTP_UNKNOWN_PROTECTION_PROFILE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL23_DOING_SESSION_ID_REUSE), "SSL23_DOING_SESSION_ID_REUSE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL2_CONNECTION_ID_TOO_LONG), "SSL2_CONNECTION_ID_TOO_LONG"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT), "SSL3_EXT_INVALID_ECPOINTFORMAT"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_SERVERNAME), "SSL3_EXT_INVALID_SERVERNAME"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE), "SSL3_EXT_INVALID_SERVERNAME_TYPE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_SESSION_ID_TOO_LONG), "SSL3_SESSION_ID_TOO_LONG"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_SESSION_ID_TOO_SHORT), "SSL3_SESSION_ID_TOO_SHORT"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_BAD_CERTIFICATE), "SSLV3_ALERT_BAD_CERTIFICATE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_BAD_RECORD_MAC), "SSLV3_ALERT_BAD_RECORD_MAC"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED), "SSLV3_ALERT_CERTIFICATE_EXPIRED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED), "SSLV3_ALERT_CERTIFICATE_REVOKED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN), "SSLV3_ALERT_CERTIFICATE_UNKNOWN"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CLOSE_NOTIFY), "SSLV3_ALERT_CLOSE_NOTIFY"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE), "SSLV3_ALERT_DECOMPRESSION_FAILURE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE), "SSLV3_ALERT_HANDSHAKE_FAILURE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER), "SSLV3_ALERT_ILLEGAL_PARAMETER"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_NO_CERTIFICATE), "SSLV3_ALERT_NO_CERTIFICATE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE), "SSLV3_ALERT_UNEXPECTED_MESSAGE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE), "SSLV3_ALERT_UNSUPPORTED_CERTIFICATE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION), "SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_HANDSHAKE_FAILURE), "SSL_HANDSHAKE_FAILURE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS), "SSL_LIBRARY_HAS_NO_CIPHERS"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_CALLBACK_FAILED), "SSL_SESSION_ID_CALLBACK_FAILED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_CONFLICT), "SSL_SESSION_ID_CONFLICT"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG), "SSL_SESSION_ID_CONTEXT_TOO_LONG"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH), "SSL_SESSION_ID_HAS_BAD_LENGTH"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_IS_DIFFERENT), "SSL_SESSION_ID_IS_DIFFERENT"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_ACCESS_DENIED), "TLSV1_ALERT_ACCESS_DENIED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_DECODE_ERROR), "TLSV1_ALERT_DECODE_ERROR"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_DECRYPTION_FAILED), "TLSV1_ALERT_DECRYPTION_FAILED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_DECRYPT_ERROR), "TLSV1_ALERT_DECRYPT_ERROR"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION), "TLSV1_ALERT_EXPORT_RESTRICTION"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK), "TLSV1_ALERT_INAPPROPRIATE_FALLBACK"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY), "TLSV1_ALERT_INSUFFICIENT_SECURITY"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_INTERNAL_ERROR), "TLSV1_ALERT_INTERNAL_ERROR"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_NO_RENEGOTIATION), "TLSV1_ALERT_NO_RENEGOTIATION"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_PROTOCOL_VERSION), "TLSV1_ALERT_PROTOCOL_VERSION"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_RECORD_OVERFLOW), "TLSV1_ALERT_RECORD_OVERFLOW"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_UNKNOWN_CA), "TLSV1_ALERT_UNKNOWN_CA"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_USER_CANCELLED), "TLSV1_ALERT_USER_CANCELLED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE), "TLSV1_BAD_CERTIFICATE_HASH_VALUE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE), "TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE), "TLSV1_CERTIFICATE_UNOBTAINABLE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_UNRECOGNIZED_NAME), "TLSV1_UNRECOGNIZED_NAME"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_UNSUPPORTED_EXTENSION), "TLSV1_UNSUPPORTED_EXTENSION"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER), "TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL), "TLS_ILLEGAL_EXPORTER_LABEL"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST), "TLS_INVALID_ECPOINTFORMAT_LIST"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST), "TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG), "TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TOO_MANY_EMPTY_FRAGMENTS), "TOO_MANY_EMPTY_FRAGMENTS"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER), "TRIED_TO_USE_UNSUPPORTED_CIPHER"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_DECODE_DH_CERTS), "UNABLE_TO_DECODE_DH_CERTS"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_DECODE_ECDH_CERTS), "UNABLE_TO_DECODE_ECDH_CERTS"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY), "UNABLE_TO_EXTRACT_PUBLIC_KEY"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_FIND_DH_PARAMETERS), "UNABLE_TO_FIND_DH_PARAMETERS"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS), "UNABLE_TO_FIND_ECDH_PARAMETERS"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS), "UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_FIND_SSL_METHOD), "UNABLE_TO_FIND_SSL_METHOD"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES), "UNABLE_TO_LOAD_SSL2_MD5_ROUTINES"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES), "UNABLE_TO_LOAD_SSL3_MD5_ROUTINES"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES), "UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_GROUP_CLOSE), "UNEXPECTED_GROUP_CLOSE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_MESSAGE), "UNEXPECTED_MESSAGE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_OPERATOR_IN_GROUP), "UNEXPECTED_OPERATOR_IN_GROUP"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_RECORD), "UNEXPECTED_RECORD"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "UNINITIALIZED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "UNKNOWN_ALERT_TYPE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_AUTHZ_DATA_TYPE), "UNKNOWN_AUTHZ_DATA_TYPE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_CERTIFICATE_TYPE), "UNKNOWN_CERTIFICATE_TYPE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_CIPHER_RETURNED), "UNKNOWN_CIPHER_RETURNED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_CIPHER_TYPE), "UNKNOWN_CIPHER_TYPE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_CMD_NAME), "UNKNOWN_CMD_NAME"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_DIGEST), "UNKNOWN_DIGEST"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE), "UNKNOWN_KEY_EXCHANGE_TYPE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_PKEY_TYPE), "UNKNOWN_PKEY_TYPE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_PROTOCOL), "UNKNOWN_PROTOCOL"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_REMOTE_ERROR_TYPE), "UNKNOWN_REMOTE_ERROR_TYPE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_SSL_VERSION), "UNKNOWN_SSL_VERSION"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_STATE), "UNKNOWN_STATE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_SUPPLEMENTAL_DATA_TYPE), "UNKNOWN_SUPPLEMENTAL_DATA_TYPE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNPROCESSED_HANDSHAKE_DATA), "UNPROCESSED_HANDSHAKE_DATA"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED), "UNSAFE_LEGACY_RENEGOTIATION_DISABLED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_CIPHER), "UNSUPPORTED_CIPHER"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM), "UNSUPPORTED_COMPRESSION_ALGORITHM"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_DIGEST_TYPE), "UNSUPPORTED_DIGEST_TYPE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE), "UNSUPPORTED_ELLIPTIC_CURVE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_PROTOCOL), "UNSUPPORTED_PROTOCOL"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_SSL_VERSION), "UNSUPPORTED_SSL_VERSION"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_STATUS_TYPE), "UNSUPPORTED_STATUS_TYPE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_USE_SRTP_NOT_NEGOTIATED), "USE_SRTP_NOT_NEGOTIATED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRITE_BIO_NOT_SET), "WRITE_BIO_NOT_SET"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_CERTIFICATE_TYPE), "WRONG_CERTIFICATE_TYPE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_CIPHER_RETURNED), "WRONG_CIPHER_RETURNED"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_CURVE), "WRONG_CURVE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_MESSAGE_TYPE), "WRONG_MESSAGE_TYPE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_NUMBER_OF_KEY_BITS), "WRONG_NUMBER_OF_KEY_BITS"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SIGNATURE_LENGTH), "WRONG_SIGNATURE_LENGTH"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SIGNATURE_SIZE), "WRONG_SIGNATURE_SIZE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SIGNATURE_TYPE), "WRONG_SIGNATURE_TYPE"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SSL_VERSION), "WRONG_SSL_VERSION"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_VERSION_NUMBER), "WRONG_VERSION_NUMBER"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_X509_LIB), "X509_LIB"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS), "X509_VERIFICATION_SETUP_PROBLEMS"}, - {0, NULL}, -}; diff --git a/src/ssl/ssl_lib.c b/src/ssl/ssl_lib.c index 35eb1ec..6c8e2c9 100644 --- a/src/ssl/ssl_lib.c +++ b/src/ssl/ssl_lib.c @@ -138,19 +138,22 @@ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR * OTHERWISE. */ -#include #include +#include +#include #include #include -#include +#include #include #include #include #include #include -#include "ssl_locl.h" +#include "internal.h" +#include "../crypto/internal.h" + /* Some error codes are special. Ensure the make_errors.go script never * regresses this. */ @@ -158,6 +161,12 @@ OPENSSL_COMPILE_ASSERT(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION == SSL_AD_NO_RENEGOTIATION + SSL_AD_REASON_OFFSET, ssl_alert_reason_code_mismatch); +/* kMaxHandshakeSize is the maximum size, in bytes, of a handshake message. */ +static const size_t kMaxHandshakeSize = (1u << 24) - 1; + +static CRYPTO_EX_DATA_CLASS g_ex_data_class_ssl = CRYPTO_EX_DATA_CLASS_INIT; +static CRYPTO_EX_DATA_CLASS g_ex_data_class_ssl_ctx = CRYPTO_EX_DATA_CLASS_INIT; + int SSL_clear(SSL *s) { if (s->method == NULL) { OPENSSL_PUT_ERROR(SSL, SSL_clear, SSL_R_NO_METHOD_SPECIFIED); @@ -199,21 +208,17 @@ int SSL_clear(SSL *s) { s->rwstate = SSL_NOTHING; s->rstate = SSL_ST_READ_HEADER; - if (s->init_buf != NULL) { - BUF_MEM_free(s->init_buf); - s->init_buf = NULL; - } + BUF_MEM_free(s->init_buf); + s->init_buf = NULL; s->packet = NULL; s->packet_length = 0; ssl_clear_cipher_ctx(s); - if (s->next_proto_negotiated) { - OPENSSL_free(s->next_proto_negotiated); - s->next_proto_negotiated = NULL; - s->next_proto_negotiated_len = 0; - } + OPENSSL_free(s->next_proto_negotiated); + s->next_proto_negotiated = NULL; + s->next_proto_negotiated_len = 0; /* The s->d1->mtu is simultaneously configuration (preserved across * clear) and connection-specific state (gets reset). @@ -265,21 +270,9 @@ SSL *SSL_new(SSL_CTX *ctx) { s->mode = ctx->mode; s->max_cert_list = ctx->max_cert_list; - if (ctx->cert != NULL) { - /* Earlier library versions used to copy the pointer to the CERT, not its - * contents; only when setting new parameters for the per-SSL copy, - * ssl_cert_new would be called (and the direct reference to the - * per-SSL_CTX settings would be lost, but those still were indirectly - * accessed for various purposes, and for that reason they used to be known - * as s->ctx->default_cert). Now we don't look at the SSL_CTX's CERT after - * having duplicated it once. */ - - s->cert = ssl_cert_dup(ctx->cert); - if (s->cert == NULL) { - goto err; - } - } else { - s->cert = NULL; /* Cannot really happen (see SSL_CTX_new) */ + s->cert = ssl_cert_dup(ctx->cert); + if (s->cert == NULL) { + goto err; } s->read_ahead = ctx->read_ahead; @@ -302,8 +295,6 @@ SSL *SSL_new(SSL_CTX *ctx) { CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); s->ctx = ctx; - s->tlsext_debug_cb = 0; - s->tlsext_debug_arg = NULL; s->tlsext_ticket_expected = 0; CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); s->initial_ctx = ctx; @@ -345,12 +336,10 @@ SSL *SSL_new(SSL_CTX *ctx) { s->enc_method = ssl3_get_enc_method(s->version); assert(s->enc_method != NULL); - s->references = 1; - s->rwstate = SSL_NOTHING; s->rstate = SSL_ST_READ_HEADER; - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); + CRYPTO_new_ex_data(&g_ex_data_class_ssl, s, &s->ex_data); s->psk_identity_hint = NULL; if (ctx->psk_identity_hint) { @@ -364,7 +353,8 @@ SSL *SSL_new(SSL_CTX *ctx) { s->tlsext_channel_id_enabled = ctx->tlsext_channel_id_enabled; if (ctx->tlsext_channel_id_private) { - s->tlsext_channel_id_private = EVP_PKEY_dup(ctx->tlsext_channel_id_private); + s->tlsext_channel_id_private = + EVP_PKEY_up_ref(ctx->tlsext_channel_id_private); } s->signed_cert_timestamps_enabled = s->ctx->signed_cert_timestamps_enabled; @@ -373,9 +363,7 @@ SSL *SSL_new(SSL_CTX *ctx) { return s; err: - if (s != NULL) { - SSL_free(s); - } + SSL_free(s); OPENSSL_PUT_ERROR(SSL, SSL_new, ERR_R_MALLOC_FAILURE); return NULL; @@ -415,9 +403,7 @@ int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) { } int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) { - CRYPTO_w_lock(CRYPTO_LOCK_SSL); ssl->generate_session_id = cb; - CRYPTO_w_unlock(CRYPTO_LOCK_SSL); return 1; } @@ -470,6 +456,9 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) { void ssl_cipher_preference_list_free( struct ssl_cipher_preference_list_st *cipher_list) { + if (cipher_list == NULL) { + return; + } sk_SSL_CIPHER_free(cipher_list->ciphers); OPENSSL_free(cipher_list->in_group_flags); OPENSSL_free(cipher_list); @@ -499,17 +488,12 @@ struct ssl_cipher_preference_list_st *ssl_cipher_preference_list_dup( return ret; err: - if (ret && ret->ciphers) { - sk_SSL_CIPHER_free(ret->ciphers); - } - if (ret) { - OPENSSL_free(ret); - } + ssl_cipher_preference_list_free(ret); return NULL; } struct ssl_cipher_preference_list_st *ssl_cipher_preference_list_from_ciphers( - STACK_OF(SSL_CIPHER) * ciphers) { + STACK_OF(SSL_CIPHER) *ciphers) { struct ssl_cipher_preference_list_st *ret = NULL; size_t n = sk_SSL_CIPHER_num(ciphers); @@ -531,12 +515,7 @@ struct ssl_cipher_preference_list_st *ssl_cipher_preference_list_from_ciphers( return ret; err: - if (ret && ret->ciphers) { - sk_SSL_CIPHER_free(ret->ciphers); - } - if (ret) { - OPENSSL_free(ret); - } + ssl_cipher_preference_list_free(ret); return NULL; } @@ -547,22 +526,13 @@ X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl) { return ssl->param; } void SSL_certs_clear(SSL *s) { ssl_cert_clear_certs(s->cert); } void SSL_free(SSL *s) { - int i; - if (s == NULL) { return; } - i = CRYPTO_add(&s->references, -1, CRYPTO_LOCK_SSL); - if (i > 0) { - return; - } - - if (s->param) { - X509_VERIFY_PARAM_free(s->param); - } + X509_VERIFY_PARAM_free(s->param); - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); + CRYPTO_free_ex_data(&g_ex_data_class_ssl, s, &s->ex_data); if (s->bbio != NULL) { /* If the buffering BIO is in place, pop it off */ @@ -573,74 +543,40 @@ void SSL_free(SSL *s) { s->bbio = NULL; } - if (s->rbio != NULL) { - BIO_free_all(s->rbio); - } - - if (s->wbio != NULL && s->wbio != s->rbio) { + int free_wbio = s->wbio != s->rbio; + BIO_free_all(s->rbio); + if (free_wbio) { BIO_free_all(s->wbio); } - if (s->init_buf != NULL) { - BUF_MEM_free(s->init_buf); - } + BUF_MEM_free(s->init_buf); /* add extra stuff */ - if (s->cipher_list != NULL) { - ssl_cipher_preference_list_free(s->cipher_list); - } - if (s->cipher_list_by_id != NULL) { - sk_SSL_CIPHER_free(s->cipher_list_by_id); - } + ssl_cipher_preference_list_free(s->cipher_list); + sk_SSL_CIPHER_free(s->cipher_list_by_id); - if (s->session != NULL) { - ssl_clear_bad_session(s); - SSL_SESSION_free(s->session); - } + ssl_clear_bad_session(s); + SSL_SESSION_free(s->session); ssl_clear_cipher_ctx(s); - if (s->cert != NULL) { - ssl_cert_free(s->cert); - } + ssl_cert_free(s->cert); - if (s->tlsext_hostname) { - OPENSSL_free(s->tlsext_hostname); - } - if (s->initial_ctx) { - SSL_CTX_free(s->initial_ctx); - } - if (s->tlsext_ecpointformatlist) { - OPENSSL_free(s->tlsext_ecpointformatlist); - } - if (s->tlsext_ellipticcurvelist) { - OPENSSL_free(s->tlsext_ellipticcurvelist); - } - if (s->alpn_client_proto_list) { - OPENSSL_free(s->alpn_client_proto_list); - } - if (s->tlsext_channel_id_private) { - EVP_PKEY_free(s->tlsext_channel_id_private); - } - if (s->psk_identity_hint) { - OPENSSL_free(s->psk_identity_hint); - } - if (s->client_CA != NULL) { - sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free); - } - if (s->next_proto_negotiated) { - OPENSSL_free(s->next_proto_negotiated); - } - if (s->srtp_profiles) { - sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); - } + OPENSSL_free(s->tlsext_hostname); + SSL_CTX_free(s->initial_ctx); + OPENSSL_free(s->tlsext_ecpointformatlist); + OPENSSL_free(s->tlsext_ellipticcurvelist); + OPENSSL_free(s->alpn_client_proto_list); + EVP_PKEY_free(s->tlsext_channel_id_private); + OPENSSL_free(s->psk_identity_hint); + sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free); + OPENSSL_free(s->next_proto_negotiated); + sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); if (s->method != NULL) { s->method->ssl_free(s); } - if (s->ctx) { - SSL_CTX_free(s->ctx); - } + SSL_CTX_free(s->ctx); OPENSSL_free(s); } @@ -654,10 +590,10 @@ void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio) { } } - if (s->rbio != NULL && s->rbio != rbio) { + if (s->rbio != rbio) { BIO_free_all(s->rbio); } - if (s->wbio != NULL && s->wbio != wbio && s->rbio != s->wbio) { + if (s->wbio != wbio && s->rbio != s->wbio) { BIO_free_all(s->wbio); } s->rbio = rbio; @@ -822,10 +758,14 @@ void SSL_set_verify_depth(SSL *s, int depth) { X509_VERIFY_PARAM_set_depth(s->param, depth); } -void SSL_set_read_ahead(SSL *s, int yes) { s->read_ahead = yes; } +int SSL_CTX_get_read_ahead(const SSL_CTX *ctx) { return ctx->read_ahead; } int SSL_get_read_ahead(const SSL *s) { return s->read_ahead; } +void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes) { ctx->read_ahead = !!yes; } + +void SSL_set_read_ahead(SSL *s, int yes) { s->read_ahead = !!yes; } + int SSL_pending(const SSL *s) { /* SSL_pending cannot work properly if read-ahead is enabled * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), and it is @@ -851,8 +791,8 @@ X509 *SSL_get_peer_certificate(const SSL *s) { return X509_up_ref(r); } -STACK_OF(X509) * SSL_get_peer_cert_chain(const SSL *s) { - STACK_OF(X509) * r; +STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) { + STACK_OF(X509) *r; if (s == NULL || s->session == NULL || s->session->sess_cert == NULL) { r = NULL; @@ -919,7 +859,7 @@ int SSL_accept(SSL *s) { } if (s->handshake_func != s->method->ssl_accept) { - OPENSSL_PUT_ERROR(SSL, SSL_connect, ERR_R_INTERNAL_ERROR); + OPENSSL_PUT_ERROR(SSL, SSL_accept, ERR_R_INTERNAL_ERROR); return -1; } @@ -1005,20 +945,17 @@ int SSL_shutdown(SSL *s) { } int SSL_renegotiate(SSL *s) { - if (s->renegotiate == 0) { - s->renegotiate = 1; + if (SSL_IS_DTLS(s)) { + /* Renegotiation is not supported for DTLS. */ + OPENSSL_PUT_ERROR(SSL, SSL_renegotiate, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; } - s->new_session = 1; - return s->method->ssl_renegotiate(s); -} - -int SSL_renegotiate_abbreviated(SSL *s) { if (s->renegotiate == 0) { s->renegotiate = 1; } - s->new_session = 0; + s->new_session = 1; return s->method->ssl_renegotiate(s); } @@ -1028,221 +965,140 @@ int SSL_renegotiate_pending(SSL *s) { return s->renegotiate != 0; } -long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) { - long l; - - switch (cmd) { - case SSL_CTRL_GET_READ_AHEAD: - return s->read_ahead; - - case SSL_CTRL_SET_READ_AHEAD: - l = s->read_ahead; - s->read_ahead = larg; - return l; - - case SSL_CTRL_SET_MSG_CALLBACK_ARG: - s->msg_callback_arg = parg; - return 1; - - case SSL_CTRL_OPTIONS: - return s->options |= larg; +uint32_t SSL_CTX_set_options(SSL_CTX *ctx, uint32_t options) { + ctx->options |= options; + return ctx->options; +} - case SSL_CTRL_CLEAR_OPTIONS: - return s->options &= ~larg; +uint32_t SSL_set_options(SSL *ssl, uint32_t options) { + ssl->options |= options; + return ssl->options; +} - case SSL_CTRL_MODE: - return s->mode |= larg; +uint32_t SSL_CTX_clear_options(SSL_CTX *ctx, uint32_t options) { + ctx->options &= ~options; + return ctx->options; +} - case SSL_CTRL_CLEAR_MODE: - return s->mode &= ~larg; +uint32_t SSL_clear_options(SSL *ssl, uint32_t options) { + ssl->options &= ~options; + return ssl->options; +} - case SSL_CTRL_GET_MAX_CERT_LIST: - return s->max_cert_list; +uint32_t SSL_CTX_get_options(const SSL_CTX *ctx) { return ctx->options; } - case SSL_CTRL_SET_MAX_CERT_LIST: - l = s->max_cert_list; - s->max_cert_list = larg; - return l; +uint32_t SSL_get_options(const SSL *ssl) { return ssl->options; } - case SSL_CTRL_SET_MTU: - if (larg < (long)dtls1_min_mtu()) { - return 0; - } - if (SSL_IS_DTLS(s)) { - s->d1->mtu = larg; - return larg; - } - return 0; +uint32_t SSL_CTX_set_mode(SSL_CTX *ctx, uint32_t mode) { + ctx->mode |= mode; + return ctx->mode; +} - case SSL_CTRL_SET_MAX_SEND_FRAGMENT: - if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) { - return 0; - } - s->max_send_fragment = larg; - return 1; +uint32_t SSL_set_mode(SSL *ssl, uint32_t mode) { + ssl->mode |= mode; + return ssl->mode; +} - case SSL_CTRL_GET_RI_SUPPORT: - if (s->s3) { - return s->s3->send_connection_binding; - } - return 0; +uint32_t SSL_CTX_clear_mode(SSL_CTX *ctx, uint32_t mode) { + ctx->mode &= ~mode; + return ctx->mode; +} - case SSL_CTRL_CERT_FLAGS: - return s->cert->cert_flags |= larg; +uint32_t SSL_clear_mode(SSL *ssl, uint32_t mode) { + ssl->mode &= ~mode; + return ssl->mode; +} - case SSL_CTRL_CLEAR_CERT_FLAGS: - return s->cert->cert_flags &= ~larg; +uint32_t SSL_CTX_get_mode(const SSL_CTX *ctx) { return ctx->mode; } - case SSL_CTRL_GET_RAW_CIPHERLIST: - if (parg) { - if (s->cert->ciphers_raw == NULL) { - return 0; - } - *(uint8_t **)parg = s->cert->ciphers_raw; - return (int)s->cert->ciphers_rawlen; - } +uint32_t SSL_get_mode(const SSL *ssl) { return ssl->mode; } - /* Passing a NULL |parg| returns the size of a single - * cipher suite value. */ - return 2; +size_t SSL_CTX_get_max_cert_list(const SSL_CTX *ctx) { + return ctx->max_cert_list; +} - default: - return s->method->ssl_ctrl(s, cmd, larg, parg); +void SSL_CTX_set_max_cert_list(SSL_CTX *ctx, size_t max_cert_list) { + if (max_cert_list > kMaxHandshakeSize) { + max_cert_list = kMaxHandshakeSize; } + ctx->max_cert_list = (uint32_t)max_cert_list; } -long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) { - switch (cmd) { - case SSL_CTRL_SET_MSG_CALLBACK: - s->msg_callback = - (void (*)(int write_p, int version, int content_type, const void *buf, - size_t len, SSL *ssl, void *arg))(fp); - return 1; +size_t SSL_get_max_cert_list(const SSL *ssl) { + return ssl->max_cert_list; +} - default: - return s->method->ssl_callback_ctrl(s, cmd, fp); +void SSL_set_max_cert_list(SSL *ssl, size_t max_cert_list) { + if (max_cert_list > kMaxHandshakeSize) { + max_cert_list = kMaxHandshakeSize; } + ssl->max_cert_list = (uint32_t)max_cert_list; } -LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx) { return ctx->sessions; } - -long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { - long l; - - switch (cmd) { - case SSL_CTRL_GET_READ_AHEAD: - return ctx->read_ahead; - - case SSL_CTRL_SET_READ_AHEAD: - l = ctx->read_ahead; - ctx->read_ahead = larg; - return l; - - case SSL_CTRL_SET_MSG_CALLBACK_ARG: - ctx->msg_callback_arg = parg; - return 1; - - case SSL_CTRL_GET_MAX_CERT_LIST: - return ctx->max_cert_list; - - case SSL_CTRL_SET_MAX_CERT_LIST: - l = ctx->max_cert_list; - ctx->max_cert_list = larg; - return l; - - case SSL_CTRL_SET_SESS_CACHE_SIZE: - l = ctx->session_cache_size; - ctx->session_cache_size = larg; - return l; - - case SSL_CTRL_GET_SESS_CACHE_SIZE: - return ctx->session_cache_size; - - case SSL_CTRL_SET_SESS_CACHE_MODE: - l = ctx->session_cache_mode; - ctx->session_cache_mode = larg; - return l; - - case SSL_CTRL_GET_SESS_CACHE_MODE: - return ctx->session_cache_mode; - - case SSL_CTRL_SESS_NUMBER: - return lh_SSL_SESSION_num_items(ctx->sessions); - - case SSL_CTRL_SESS_CONNECT: - return ctx->stats.sess_connect; - - case SSL_CTRL_SESS_CONNECT_GOOD: - return ctx->stats.sess_connect_good; - - case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: - return ctx->stats.sess_connect_renegotiate; - - case SSL_CTRL_SESS_ACCEPT: - return ctx->stats.sess_accept; - - case SSL_CTRL_SESS_ACCEPT_GOOD: - return ctx->stats.sess_accept_good; - - case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: - return ctx->stats.sess_accept_renegotiate; - - case SSL_CTRL_SESS_HIT: - return ctx->stats.sess_hit; - - case SSL_CTRL_SESS_CB_HIT: - return ctx->stats.sess_cb_hit; - - case SSL_CTRL_SESS_MISSES: - return ctx->stats.sess_miss; - - case SSL_CTRL_SESS_TIMEOUTS: - return ctx->stats.sess_timeout; +void SSL_CTX_set_max_send_fragment(SSL_CTX *ctx, size_t max_send_fragment) { + if (max_send_fragment < 512) { + max_send_fragment = 512; + } + if (max_send_fragment > SSL3_RT_MAX_PLAIN_LENGTH) { + max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; + } + ctx->max_send_fragment = (uint16_t)max_send_fragment; +} - case SSL_CTRL_SESS_CACHE_FULL: - return ctx->stats.sess_cache_full; +void SSL_set_max_send_fragment(SSL *ssl, size_t max_send_fragment) { + if (max_send_fragment < 512) { + max_send_fragment = 512; + } + if (max_send_fragment > SSL3_RT_MAX_PLAIN_LENGTH) { + max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; + } + ssl->max_send_fragment = (uint16_t)max_send_fragment; +} - case SSL_CTRL_OPTIONS: - return ctx->options |= larg; +int SSL_set_mtu(SSL *ssl, unsigned mtu) { + if (!SSL_IS_DTLS(ssl) || mtu < dtls1_min_mtu()) { + return 0; + } + ssl->d1->mtu = mtu; + return 1; +} - case SSL_CTRL_CLEAR_OPTIONS: - return ctx->options &= ~larg; +int SSL_get_secure_renegotiation_support(const SSL *ssl) { + return ssl->s3->send_connection_binding; +} - case SSL_CTRL_MODE: - return ctx->mode |= larg; +long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) { + return s->method->ssl_ctrl(s, cmd, larg, parg); +} - case SSL_CTRL_CLEAR_MODE: - return ctx->mode &= ~larg; +LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx) { return ctx->sessions; } - case SSL_CTRL_SET_MAX_SEND_FRAGMENT: - if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) { - return 0; - } - ctx->max_send_fragment = larg; - return 1; +size_t SSL_CTX_sess_number(const SSL_CTX *ctx) { + return lh_SSL_SESSION_num_items(ctx->sessions); +} - case SSL_CTRL_CERT_FLAGS: - return ctx->cert->cert_flags |= larg; +unsigned long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, unsigned long size) { + unsigned long ret = ctx->session_cache_size; + ctx->session_cache_size = size; + return ret; +} - case SSL_CTRL_CLEAR_CERT_FLAGS: - return ctx->cert->cert_flags &= ~larg; +unsigned long SSL_CTX_sess_get_cache_size(const SSL_CTX *ctx) { + return ctx->session_cache_size; +} - default: - return ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg); - } +int SSL_CTX_set_session_cache_mode(SSL_CTX *ctx, int mode) { + int ret = ctx->session_cache_mode; + ctx->session_cache_mode = mode; + return ret; } -long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) { - switch (cmd) { - case SSL_CTRL_SET_MSG_CALLBACK: - ctx->msg_callback = - (void (*)(int write_p, int version, int content_type, const void *buf, - size_t len, SSL *ssl, void *arg))(fp); - return 1; +int SSL_CTX_get_session_cache_mode(const SSL_CTX *ctx) { + return ctx->session_cache_mode; +} - default: - return ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp); - } +long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { + return ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg); } int ssl_cipher_id_cmp(const void *in_a, const void *in_b) { @@ -1275,7 +1131,7 @@ int ssl_cipher_ptr_id_cmp(const SSL_CIPHER **ap, const SSL_CIPHER **bp) { /* return a STACK of the ciphers available for the SSL and in order of * preference */ -STACK_OF(SSL_CIPHER) * SSL_get_ciphers(const SSL *s) { +STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) { if (s == NULL) { return NULL; } @@ -1298,7 +1154,7 @@ STACK_OF(SSL_CIPHER) * SSL_get_ciphers(const SSL *s) { /* return a STACK of the ciphers available for the SSL and in order of * algorithm id */ -STACK_OF(SSL_CIPHER) * ssl_get_ciphers_by_id(SSL *s) { +STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) { if (s == NULL) { return NULL; } @@ -1317,7 +1173,7 @@ STACK_OF(SSL_CIPHER) * ssl_get_ciphers_by_id(SSL *s) { /* The old interface to get the same thing as SSL_get_ciphers() */ const char *SSL_get_cipher_list(const SSL *s, int n) { const SSL_CIPHER *c; - STACK_OF(SSL_CIPHER) * sk; + STACK_OF(SSL_CIPHER) *sk; if (s == NULL) { return NULL; @@ -1341,7 +1197,7 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) { STACK_OF(SSL_CIPHER) *sk; sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, - &ctx->cipher_list_by_id, str, ctx->cert); + &ctx->cipher_list_by_id, str); /* ssl_create_cipher_list may return an empty stack if it was unable to find * a cipher matching the given rule string (for example if the rule string * specifies a cipher which has been disabled). This is not an error as far @@ -1360,8 +1216,7 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) { int SSL_CTX_set_cipher_list_tls11(SSL_CTX *ctx, const char *str) { STACK_OF(SSL_CIPHER) *sk; - sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list_tls11, NULL, str, - ctx->cert); + sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list_tls11, NULL, str); if (sk == NULL) { return 0; } else if (sk_SSL_CIPHER_num(sk) == 0) { @@ -1378,7 +1233,7 @@ int SSL_set_cipher_list(SSL *s, const char *str) { STACK_OF(SSL_CIPHER) *sk; sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list, - &s->cipher_list_by_id, str, s->cert); + &s->cipher_list_by_id, str); /* see comment in SSL_CTX_set_cipher_list */ if (sk == NULL) { @@ -1435,7 +1290,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, uint8_t *p) { STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const CBS *cbs) { CBS cipher_suites = *cbs; const SSL_CIPHER *c; - STACK_OF(SSL_CIPHER) * sk; + STACK_OF(SSL_CIPHER) *sk; if (s->s3) { s->s3->send_connection_binding = 0; @@ -1453,12 +1308,6 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const CBS *cbs) { goto err; } - if (!CBS_stow(&cipher_suites, &s->cert->ciphers_raw, - &s->cert->ciphers_rawlen)) { - OPENSSL_PUT_ERROR(SSL, ssl_bytes_to_cipher_list, ERR_R_MALLOC_FAILURE); - goto err; - } - while (CBS_len(&cipher_suites) > 0) { uint16_t cipher_suite; @@ -1503,9 +1352,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const CBS *cbs) { return sk; err: - if (sk != NULL) { - sk_SSL_CIPHER_free(sk); - } + sk_SSL_CIPHER_free(sk); return NULL; } @@ -1691,17 +1538,9 @@ void SSL_CTX_set_next_proto_select_cb( ctx->next_proto_select_cb_arg = arg; } -/* SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|. - * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit - * length-prefixed strings). - * - * Returns 0 on success. */ int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const uint8_t *protos, unsigned protos_len) { - if (ctx->alpn_client_proto_list) { - OPENSSL_free(ctx->alpn_client_proto_list); - } - + OPENSSL_free(ctx->alpn_client_proto_list); ctx->alpn_client_proto_list = BUF_memdup(protos, protos_len); if (!ctx->alpn_client_proto_list) { return 1; @@ -1711,16 +1550,8 @@ int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const uint8_t *protos, return 0; } -/* SSL_set_alpn_protos sets the ALPN protocol list on |ssl| to |protos|. - * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit - * length-prefixed strings). - * - * Returns 0 on success. */ int SSL_set_alpn_protos(SSL *ssl, const uint8_t *protos, unsigned protos_len) { - if (ssl->alpn_client_proto_list) { - OPENSSL_free(ssl->alpn_client_proto_list); - } - + OPENSSL_free(ssl->alpn_client_proto_list); ssl->alpn_client_proto_list = BUF_memdup(protos, protos_len); if (!ssl->alpn_client_proto_list) { return 1; @@ -1759,15 +1590,16 @@ void SSL_get0_alpn_selected(const SSL *ssl, const uint8_t **data, } } -int SSL_export_keying_material(SSL *s, uint8_t *out, size_t olen, - const char *label, size_t llen, const uint8_t *p, - size_t plen, int use_context) { +int SSL_export_keying_material(SSL *s, uint8_t *out, size_t out_len, + const char *label, size_t label_len, + const uint8_t *context, size_t context_len, + int use_context) { if (s->version < TLS1_VERSION) { - return -1; + return 0; } - return s->enc_method->export_keying_material(s, out, olen, label, llen, p, - plen, use_context); + return s->enc_method->export_keying_material( + s, out, out_len, label, label_len, context, context_len, use_context); } static uint32_t ssl_session_hash(const SSL_SESSION *a) { @@ -1833,8 +1665,6 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) { ret->get_session_cb = 0; ret->generate_session_id = 0; - memset((char *)&ret->stats, 0, sizeof(ret->stats)); - ret->references = 1; ret->quiet_shutdown = 0; @@ -1858,8 +1688,6 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) { ret->default_passwd_callback = 0; ret->default_passwd_callback_userdata = NULL; ret->client_cert_cb = 0; - ret->app_gen_cookie_cb = 0; - ret->app_verify_cookie_cb = 0; ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp); if (ret->sessions == NULL) { @@ -1871,8 +1699,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) { } ssl_create_cipher_list(ret->method, &ret->cipher_list, - &ret->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST, - ret->cert); + &ret->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST); if (ret->cipher_list == NULL || sk_SSL_CIPHER_num(ret->cipher_list->ciphers) <= 0) { OPENSSL_PUT_ERROR(SSL, SSL_CTX_new, SSL_R_LIBRARY_HAS_NO_CIPHERS); @@ -1889,7 +1716,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) { goto err; } - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data); + CRYPTO_new_ex_data(&g_ex_data_class_ssl_ctx, ret, &ret->ex_data); ret->extra_certs = NULL; @@ -1904,9 +1731,6 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) { ret->options |= SSL_OP_NO_TICKET; } - ret->tlsext_status_cb = 0; - ret->tlsext_status_arg = NULL; - ret->next_protos_advertised_cb = 0; ret->next_proto_select_cb = 0; ret->psk_identity_hint = NULL; @@ -1929,27 +1753,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) { err: OPENSSL_PUT_ERROR(SSL, SSL_CTX_new, ERR_R_MALLOC_FAILURE); err2: - if (ret != NULL) { - SSL_CTX_free(ret); - } + SSL_CTX_free(ret); return NULL; } -void SSL_CTX_free(SSL_CTX *a) { - int i; - - if (a == NULL) { +void SSL_CTX_free(SSL_CTX *ctx) { + if (ctx == NULL || + CRYPTO_add(&ctx->references, -1, CRYPTO_LOCK_SSL_CTX) > 0) { return; } - i = CRYPTO_add(&a->references, -1, CRYPTO_LOCK_SSL_CTX); - if (i > 0) { - return; - } - - if (a->param) { - X509_VERIFY_PARAM_free(a->param); - } + X509_VERIFY_PARAM_free(ctx->param); /* Free internal session cache. However: the remove_cb() may reference the * ex_data of SSL_CTX, thus the ex_data store can only be removed after the @@ -1957,59 +1771,27 @@ void SSL_CTX_free(SSL_CTX *a) { * the session cache, the most secure solution seems to be: empty (flush) the * cache, then free ex_data, then finally free the cache. (See ticket * [openssl.org #212].) */ - if (a->sessions != NULL) { - SSL_CTX_flush_sessions(a, 0); - } + SSL_CTX_flush_sessions(ctx, 0); - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); + CRYPTO_free_ex_data(&g_ex_data_class_ssl_ctx, ctx, &ctx->ex_data); - if (a->sessions != NULL) { - lh_SSL_SESSION_free(a->sessions); - } - if (a->cert_store != NULL) { - X509_STORE_free(a->cert_store); - } - if (a->cipher_list != NULL) { - ssl_cipher_preference_list_free(a->cipher_list); - } - if (a->cipher_list_by_id != NULL) { - sk_SSL_CIPHER_free(a->cipher_list_by_id); - } - if (a->cipher_list_tls11 != NULL) { - ssl_cipher_preference_list_free(a->cipher_list_tls11); - } - if (a->cert != NULL) { - ssl_cert_free(a->cert); - } - if (a->client_CA != NULL) { - sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free); - } - if (a->extra_certs != NULL) { - sk_X509_pop_free(a->extra_certs, X509_free); - } - if (a->srtp_profiles) { - sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); - } - if (a->psk_identity_hint) { - OPENSSL_free(a->psk_identity_hint); - } - if (a->tlsext_ecpointformatlist) { - OPENSSL_free(a->tlsext_ecpointformatlist); - } - if (a->tlsext_ellipticcurvelist) { - OPENSSL_free(a->tlsext_ellipticcurvelist); - } - if (a->alpn_client_proto_list != NULL) { - OPENSSL_free(a->alpn_client_proto_list); - } - if (a->tlsext_channel_id_private) { - EVP_PKEY_free(a->tlsext_channel_id_private); - } - if (a->keylog_bio) { - BIO_free(a->keylog_bio); - } + lh_SSL_SESSION_free(ctx->sessions); + X509_STORE_free(ctx->cert_store); + ssl_cipher_preference_list_free(ctx->cipher_list); + sk_SSL_CIPHER_free(ctx->cipher_list_by_id); + ssl_cipher_preference_list_free(ctx->cipher_list_tls11); + ssl_cert_free(ctx->cert); + sk_X509_NAME_pop_free(ctx->client_CA, X509_NAME_free); + sk_X509_pop_free(ctx->extra_certs, X509_free); + sk_SRTP_PROTECTION_PROFILE_free(ctx->srtp_profiles); + OPENSSL_free(ctx->psk_identity_hint); + OPENSSL_free(ctx->tlsext_ecpointformatlist); + OPENSSL_free(ctx->tlsext_ellipticcurvelist); + OPENSSL_free(ctx->alpn_client_proto_list); + EVP_PKEY_free(ctx->tlsext_channel_id_private); + BIO_free(ctx->keylog_bio); - OPENSSL_free(a); + OPENSSL_free(ctx); } void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) { @@ -2051,13 +1833,12 @@ static int ssl_has_key(SSL *s, size_t idx) { return cpk->x509 && cpk->privatekey; } -void ssl_get_compatible_server_ciphers(SSL *s, unsigned long *out_mask_k, - unsigned long *out_mask_a) { +void ssl_get_compatible_server_ciphers(SSL *s, uint32_t *out_mask_k, + uint32_t *out_mask_a) { CERT *c = s->cert; int rsa_enc, rsa_sign, dh_tmp; - unsigned long mask_k, mask_a; + uint32_t mask_k, mask_a; int have_ecc_cert, ecdsa_ok; - int have_ecdh_tmp; X509 *x; if (c == NULL) { @@ -2069,7 +1850,6 @@ void ssl_get_compatible_server_ciphers(SSL *s, unsigned long *out_mask_k, dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL); - have_ecdh_tmp = (c->ecdh_tmp || c->ecdh_tmp_cb || c->ecdh_tmp_auto); rsa_enc = ssl_has_key(s, SSL_PKEY_RSA_ENC); rsa_sign = ssl_has_key(s, SSL_PKEY_RSA_SIGN); have_ecc_cert = ssl_has_key(s, SSL_PKEY_ECC); @@ -2080,14 +1860,12 @@ void ssl_get_compatible_server_ciphers(SSL *s, unsigned long *out_mask_k, mask_k |= SSL_kRSA; } if (dh_tmp) { - mask_k |= SSL_kEDH; + mask_k |= SSL_kDHE; } if (rsa_enc || rsa_sign) { mask_a |= SSL_aRSA; } - mask_a |= SSL_aNULL; - /* An ECC certificate may be usable for ECDSA cipher suites depending on the * key usage extension and on the client's curve preferences. */ if (have_ecc_cert) { @@ -2107,8 +1885,8 @@ void ssl_get_compatible_server_ciphers(SSL *s, unsigned long *out_mask_k, /* If we are considering an ECC cipher suite that uses an ephemeral EC * key, check it. */ - if (have_ecdh_tmp && tls1_check_ec_tmp_key(s)) { - mask_k |= SSL_kEECDH; + if (tls1_check_ec_tmp_key(s)) { + mask_k |= SSL_kECDHE; } /* PSK requires a server callback. */ @@ -2126,11 +1904,9 @@ void ssl_get_compatible_server_ciphers(SSL *s, unsigned long *out_mask_k, (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) { - unsigned long alg_a; - int signature_nid = 0, md_nid = 0, pk_nid = 0; const SSL_CIPHER *cs = s->s3->tmp.new_cipher; - - alg_a = cs->algorithm_auth; + uint32_t alg_a = cs->algorithm_auth; + int signature_nid = 0, md_nid = 0, pk_nid = 0; /* This call populates the ex_flags field correctly */ X509_check_purpose(x, -1, 0); @@ -2175,13 +1951,10 @@ CERT_PKEY *ssl_get_server_send_pkey(const SSL *s) { } EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher) { - unsigned long alg_a; - CERT *c; + uint32_t alg_a = cipher->algorithm_auth; + CERT *c = s->cert; int idx = -1; - alg_a = cipher->algorithm_auth; - c = s->cert; - if (alg_a & SSL_aRSA) { if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL) { idx = SSL_PKEY_RSA_SIGN; @@ -2202,56 +1975,62 @@ EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher) { } void ssl_update_cache(SSL *s, int mode) { - int i; - - /* If the session_id_length is 0, we are not supposed to cache it, and it - * would be rather hard to do anyway :-) */ + /* Never cache sessions with empty session IDs. */ if (s->session->session_id_length == 0) { return; } - i = s->initial_ctx->session_cache_mode; - if ((i & mode) && !s->hit && - ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) || - SSL_CTX_add_session(s->initial_ctx, s->session)) && - s->initial_ctx->new_session_cb != NULL) { - CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION); - if (!s->initial_ctx->new_session_cb(s, s->session)) { + SSL_CTX *ctx = s->initial_ctx; + if ((ctx->session_cache_mode & mode) == mode && !s->hit && + ((ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE) || + SSL_CTX_add_session(ctx, s->session)) && + ctx->new_session_cb != NULL) { + /* Note: |new_session_cb| is called whether the internal session cache is + * used or not. */ + if (!ctx->new_session_cb(s, SSL_SESSION_up_ref(s->session))) { SSL_SESSION_free(s->session); } } - /* auto flush every 255 connections */ - if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) { - if ((((mode & SSL_SESS_CACHE_CLIENT) - ? s->initial_ctx->stats.sess_connect_good - : s->initial_ctx->stats.sess_accept_good) & - 0xff) == 0xff) { - SSL_CTX_flush_sessions(s->initial_ctx, (unsigned long)time(NULL)); + if (!(ctx->session_cache_mode & SSL_SESS_CACHE_NO_AUTO_CLEAR) && + !(ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE) && + (ctx->session_cache_mode & mode) == mode) { + /* Automatically flush the internal session cache every 255 connections. */ + int flush_cache = 0; + CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); + ctx->handshakes_since_cache_flush++; + if (ctx->handshakes_since_cache_flush >= 255) { + flush_cache = 1; + ctx->handshakes_since_cache_flush = 0; + } + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); + + if (flush_cache) { + SSL_CTX_flush_sessions(ctx, (unsigned long)time(NULL)); } } } -int SSL_get_error(const SSL *s, int i) { +int SSL_get_error(const SSL *s, int ret_code) { int reason; - unsigned long l; + uint32_t err; BIO *bio; - if (i > 0) { + if (ret_code > 0) { return SSL_ERROR_NONE; } /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc, * where we do encode the error */ - l = ERR_peek_error(); - if (l != 0) { - if (ERR_GET_LIB(l) == ERR_LIB_SYS) { + err = ERR_peek_error(); + if (err != 0) { + if (ERR_GET_LIB(err) == ERR_LIB_SYS) { return SSL_ERROR_SYSCALL; } return SSL_ERROR_SSL; } - if (i == 0) { + if (ret_code == 0) { if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) { /* The socket was cleanly shut down with a close_notify. */ @@ -2371,24 +2150,6 @@ void SSL_set_connect_state(SSL *s) { ssl_clear_cipher_ctx(s); } -int ssl_undefined_function(SSL *s) { - OPENSSL_PUT_ERROR(SSL, ssl_undefined_function, - ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; -} - -int ssl_undefined_void_function(void) { - OPENSSL_PUT_ERROR(SSL, ssl_undefined_void_function, - ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; -} - -int ssl_undefined_const_function(const SSL *s) { - OPENSSL_PUT_ERROR(SSL, ssl_undefined_const_function, - ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; -} - static const char *ssl_get_version(int version) { switch (version) { case TLS1_2_VERSION: @@ -2403,6 +2164,12 @@ static const char *ssl_get_version(int version) { case SSL3_VERSION: return "SSLv3"; + case DTLS1_VERSION: + return "DTLSv1"; + + case DTLS1_2_VERSION: + return "DTLSv1.2"; + default: return "unknown"; } @@ -2552,15 +2319,11 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) { ctx = ssl->initial_ctx; } - if (ssl->cert != NULL) { - ssl_cert_free(ssl->cert); - } - + ssl_cert_free(ssl->cert); ssl->cert = ssl_cert_dup(ctx->cert); + CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); - if (ssl->ctx != NULL) { - SSL_CTX_free(ssl->ctx); /* decrement reference count */ - } + SSL_CTX_free(ssl->ctx); /* decrement reference count */ ssl->ctx = ctx; ssl->sid_ctx_length = ctx->sid_ctx_length; @@ -2599,8 +2362,12 @@ long SSL_get_verify_result(const SSL *ssl) { return ssl->verify_result; } int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, new_func, - dup_func, free_func); + int index; + if (!CRYPTO_get_ex_new_index(&g_ex_data_class_ssl, &index, argl, argp, + new_func, dup_func, free_func)) { + return -1; + } + return index; } int SSL_set_ex_data(SSL *s, int idx, void *arg) { @@ -2614,8 +2381,12 @@ void *SSL_get_ex_data(const SSL *s, int idx) { int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, new_func, - dup_func, free_func); + int index; + if (!CRYPTO_get_ex_new_index(&g_ex_data_class_ssl_ctx, &index, argl, argp, + new_func, dup_func, free_func)) { + return -1; + } + return index; } int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg) { @@ -2633,9 +2404,7 @@ X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) { } void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) { - if (ctx->cert_store != NULL) { - X509_STORE_free(ctx->cert_store); - } + X509_STORE_free(ctx->cert_store); ctx->cert_store = store; } @@ -2644,35 +2413,33 @@ int SSL_want(const SSL *s) { return s->rwstate; } void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int is_export, int keylength)) { - SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB, (void (*)(void))cb); } void SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, int is_export, int keylength)) { - SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB, (void (*)(void))cb); } void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, - DH *(*dh)(SSL *ssl, int is_export, - int keylength)) { - SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh); + DH *(*callback)(SSL *ssl, int is_export, + int keylength)) { + ctx->cert->dh_tmp_cb = callback; } -void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl, int is_export, - int keylength)) { - SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh); +void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*callback)(SSL *ssl, int is_export, + int keylength)) { + ssl->cert->dh_tmp_cb = callback; } void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, - EC_KEY *(*ecdh)(SSL *ssl, int is_export, - int keylength)) { - SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB, (void (*)(void))ecdh); + EC_KEY *(*callback)(SSL *ssl, int is_export, + int keylength)) { + ctx->cert->ecdh_tmp_cb = callback; } void SSL_set_tmp_ecdh_callback(SSL *ssl, - EC_KEY *(*ecdh)(SSL *ssl, int is_export, - int keylength)) { - SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB, (void (*)(void))ecdh); + EC_KEY *(*callback)(SSL *ssl, int is_export, + int keylength)) { + ssl->cert->ecdh_tmp_cb = callback; } int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) { @@ -2682,9 +2449,7 @@ int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) { return 0; } - if (ctx->psk_identity_hint != NULL) { - OPENSSL_free(ctx->psk_identity_hint); - } + OPENSSL_free(ctx->psk_identity_hint); if (identity_hint != NULL) { ctx->psk_identity_hint = BUF_strdup(identity_hint); @@ -2710,10 +2475,8 @@ int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint) { } /* Clear currently configured hint, if any. */ - if (s->psk_identity_hint != NULL) { - OPENSSL_free(s->psk_identity_hint); - s->psk_identity_hint = NULL; - } + OPENSSL_free(s->psk_identity_hint); + s->psk_identity_hint = NULL; if (identity_hint != NULL) { s->psk_identity_hint = BUF_strdup(identity_hint); @@ -2786,19 +2549,26 @@ void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) { - SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); + ctx->msg_callback = cb; +} + +void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg) { + ctx->msg_callback_arg = arg; } + void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) { - SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); + ssl->msg_callback = cb; +} + +void SSL_set_msg_callback_arg(SSL *ssl, void *arg) { + ssl->msg_callback_arg = arg; } void SSL_CTX_set_keylog_bio(SSL_CTX *ctx, BIO *keylog_bio) { - if (ctx->keylog_bio != NULL) { - BIO_free(ctx->keylog_bio); - } + BIO_free(ctx->keylog_bio); ctx->keylog_bio = keylog_bio; } @@ -2904,19 +2674,12 @@ int ssl_ctx_log_master_secret(SSL_CTX *ctx, const uint8_t *client_random, return ret; } +int SSL_in_false_start(const SSL *s) { + return s->s3->tmp.in_false_start; +} + int SSL_cutthrough_complete(const SSL *s) { - return ( - !s->server && /* cutthrough only applies to clients */ - !s->hit && /* full-handshake */ - s->version >= SSL3_VERSION && - s->s3->in_read_app_data == 0 && /* cutthrough only applies to write() */ - (SSL_get_mode((SSL *)s) & - SSL_MODE_HANDSHAKE_CUTTHROUGH) && /* cutthrough enabled */ - ssl3_can_cutthrough(s) && /* cutthrough allowed */ - s->s3->previous_server_finished_len == - 0 && /* not a renegotiation handshake */ - (s->state == SSL3_ST_CR_SESSION_TICKET_A || /* ready to write app-data*/ - s->state == SSL3_ST_CR_CHANGE || s->state == SSL3_ST_CR_FINISHED_A)); + return SSL_in_false_start(s); } void SSL_get_structure_sizes(size_t *ssl_size, size_t *ssl_ctx_size, @@ -2926,27 +2689,18 @@ void SSL_get_structure_sizes(size_t *ssl_size, size_t *ssl_ctx_size, *ssl_session_size = sizeof(SSL_SESSION); } -int ssl3_can_cutthrough(const SSL *s) { - const SSL_CIPHER *c; - - /* require a strong enough cipher */ - if (SSL_get_cipher_bits(s, NULL) < 128) { - return 0; - } - - /* require ALPN or NPN extension */ - if (!s->s3->alpn_selected && !s->s3->next_proto_neg_seen) { - return 0; - } - - /* require a forward-secret cipher */ - c = SSL_get_current_cipher(s); - if (!c || - (c->algorithm_mkey != SSL_kEDH && c->algorithm_mkey != SSL_kEECDH)) { - return 0; - } +int ssl3_can_false_start(const SSL *s) { + const SSL_CIPHER *const cipher = SSL_get_current_cipher(s); - return 1; + /* False Start only for TLS 1.2 with an ECDHE+AEAD cipher and ALPN or NPN. */ + return !SSL_IS_DTLS(s) && + SSL_version(s) >= TLS1_2_VERSION && + (s->s3->alpn_selected || s->s3->next_proto_neg_seen) && + cipher != NULL && + cipher->algorithm_mkey == SSL_kECDHE && + (cipher->algorithm_enc == SSL_AES128GCM || + cipher->algorithm_enc == SSL_AES256GCM || + cipher->algorithm_enc == SSL_CHACHA20POLY1305); } const SSL3_ENC_METHOD *ssl3_get_enc_method(uint16_t version) { @@ -2957,18 +2711,14 @@ const SSL3_ENC_METHOD *ssl3_get_enc_method(uint16_t version) { case TLS1_VERSION: return &TLSv1_enc_data; + case DTLS1_VERSION: case TLS1_1_VERSION: return &TLSv1_1_enc_data; + case DTLS1_2_VERSION: case TLS1_2_VERSION: return &TLSv1_2_enc_data; - case DTLS1_VERSION: - return &DTLSv1_enc_data; - - case DTLS1_2_VERSION: - return &DTLSv1_2_enc_data; - default: return NULL; } @@ -3016,7 +2766,7 @@ uint16_t ssl3_get_mutual_version(SSL *s, uint16_t client_version) { if (client_version <= DTLS1_2_VERSION && !(s->options & SSL_OP_NO_DTLSv1_2)) { version = DTLS1_2_VERSION; } else if (client_version <= DTLS1_VERSION && - !(s->options & SSL_OP_NO_DTLSv1)) { + !(s->options & SSL_OP_NO_DTLSv1)) { version = DTLS1_VERSION; } @@ -3051,7 +2801,7 @@ uint16_t ssl3_get_mutual_version(SSL *s, uint16_t client_version) { } uint16_t ssl3_get_max_client_version(SSL *s) { - unsigned long options = s->options; + uint32_t options = s->options; uint16_t version = 0; /* OpenSSL's API for controlling versions entails blacklisting individual @@ -3169,6 +2919,41 @@ int SSL_cache_hit(SSL *s) { return s->hit; } int SSL_is_server(SSL *s) { return s->server; } +void SSL_CTX_set_dos_protection_cb( + SSL_CTX *ctx, int (*cb)(const struct ssl_early_callback_ctx *)) { + ctx->dos_protection_cb = cb; +} + void SSL_enable_fastradio_padding(SSL *s, char on_off) { s->fastradio_padding = on_off; } + +void SSL_set_reject_peer_renegotiations(SSL *s, int reject) { + s->reject_peer_renegotiations = !!reject; +} + +const SSL_CIPHER *SSL_get_cipher_by_value(uint16_t value) { + return ssl3_get_cipher_by_value(value); +} + +int SSL_get_rc4_state(const SSL *ssl, const RC4_KEY **read_key, + const RC4_KEY **write_key) { + if (ssl->aead_read_ctx == NULL || ssl->aead_write_ctx == NULL) { + return 0; + } + + return EVP_AEAD_CTX_get_rc4_state(&ssl->aead_read_ctx->ctx, read_key) && + EVP_AEAD_CTX_get_rc4_state(&ssl->aead_write_ctx->ctx, write_key); +} + +int SSL_CTX_sess_connect(const SSL_CTX *ctx) { return 0; } +int SSL_CTX_sess_connect_good(const SSL_CTX *ctx) { return 0; } +int SSL_CTX_sess_connect_renegotiate(const SSL_CTX *ctx) { return 0; } +int SSL_CTX_sess_accept(const SSL_CTX *ctx) { return 0; } +int SSL_CTX_sess_accept_renegotiate(const SSL_CTX *ctx) { return 0; } +int SSL_CTX_sess_accept_good(const SSL_CTX *ctx) { return 0; } +int SSL_CTX_sess_hits(const SSL_CTX *ctx) { return 0; } +int SSL_CTX_sess_cb_hits(const SSL_CTX *ctx) { return 0; } +int SSL_CTX_sess_misses(const SSL_CTX *ctx) { return 0; } +int SSL_CTX_sess_timeouts(const SSL_CTX *ctx) { return 0; } +int SSL_CTX_sess_cache_full(const SSL_CTX *ctx) { return 0; } diff --git a/src/ssl/ssl_locl.h b/src/ssl/ssl_locl.h deleted file mode 100644 index a0c323c..0000000 --- a/src/ssl/ssl_locl.h +++ /dev/null @@ -1,1035 +0,0 @@ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECC cipher suite support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - -#ifndef HEADER_SSL_LOCL_H -#define HEADER_SSL_LOCL_H - -#include - -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include - - -#define c2l(c, l) \ - (l = ((unsigned long)(*((c)++))), l |= (((unsigned long)(*((c)++))) << 8), \ - l |= (((unsigned long)(*((c)++))) << 16), \ - l |= (((unsigned long)(*((c)++))) << 24)) - -/* NOTE - c is not incremented as per c2l */ -#define c2ln(c, l1, l2, n) \ - { \ - c += n; \ - l1 = l2 = 0; \ - switch (n) { \ - case 8: \ - l2 = ((unsigned long)(*(--(c)))) << 24; \ - case 7: \ - l2 |= ((unsigned long)(*(--(c)))) << 16; \ - case 6: \ - l2 |= ((unsigned long)(*(--(c)))) << 8; \ - case 5: \ - l2 |= ((unsigned long)(*(--(c)))); \ - case 4: \ - l1 = ((unsigned long)(*(--(c)))) << 24; \ - case 3: \ - l1 |= ((unsigned long)(*(--(c)))) << 16; \ - case 2: \ - l1 |= ((unsigned long)(*(--(c)))) << 8; \ - case 1: \ - l1 |= ((unsigned long)(*(--(c)))); \ - } \ - } - -#define l2c(l, c) \ - (*((c)++) = (uint8_t)(((l)) & 0xff), \ - *((c)++) = (uint8_t)(((l) >> 8) & 0xff), \ - *((c)++) = (uint8_t)(((l) >> 16) & 0xff), \ - *((c)++) = (uint8_t)(((l) >> 24) & 0xff)) - -#define n2l(c, l) \ - (l = ((unsigned long)(*((c)++))) << 24, \ - l |= ((unsigned long)(*((c)++))) << 16, \ - l |= ((unsigned long)(*((c)++))) << 8, l |= ((unsigned long)(*((c)++)))) - -#define l2n(l, c) \ - (*((c)++) = (uint8_t)(((l) >> 24) & 0xff), \ - *((c)++) = (uint8_t)(((l) >> 16) & 0xff), \ - *((c)++) = (uint8_t)(((l) >> 8) & 0xff), \ - *((c)++) = (uint8_t)(((l)) & 0xff)) - -#define l2n8(l, c) \ - (*((c)++) = (uint8_t)(((l) >> 56) & 0xff), \ - *((c)++) = (uint8_t)(((l) >> 48) & 0xff), \ - *((c)++) = (uint8_t)(((l) >> 40) & 0xff), \ - *((c)++) = (uint8_t)(((l) >> 32) & 0xff), \ - *((c)++) = (uint8_t)(((l) >> 24) & 0xff), \ - *((c)++) = (uint8_t)(((l) >> 16) & 0xff), \ - *((c)++) = (uint8_t)(((l) >> 8) & 0xff), \ - *((c)++) = (uint8_t)(((l)) & 0xff)) - -/* NOTE - c is not incremented as per l2c */ -#define l2cn(l1, l2, c, n) \ - { \ - c += n; \ - switch (n) { \ - case 8: \ - *(--(c)) = (uint8_t)(((l2) >> 24) & 0xff); \ - case 7: \ - *(--(c)) = (uint8_t)(((l2) >> 16) & 0xff); \ - case 6: \ - *(--(c)) = (uint8_t)(((l2) >> 8) & 0xff); \ - case 5: \ - *(--(c)) = (uint8_t)(((l2)) & 0xff); \ - case 4: \ - *(--(c)) = (uint8_t)(((l1) >> 24) & 0xff); \ - case 3: \ - *(--(c)) = (uint8_t)(((l1) >> 16) & 0xff); \ - case 2: \ - *(--(c)) = (uint8_t)(((l1) >> 8) & 0xff); \ - case 1: \ - *(--(c)) = (uint8_t)(((l1)) & 0xff); \ - } \ - } - -#define n2s(c, s) \ - ((s = (((unsigned int)(c[0])) << 8) | (((unsigned int)(c[1])))), c += 2) - -#define s2n(s, c) \ - ((c[0] = (uint8_t)(((s) >> 8) & 0xff), \ - c[1] = (uint8_t)(((s)) & 0xff)), \ - c += 2) - -#define n2l3(c, l) \ - ((l = (((unsigned long)(c[0])) << 16) | (((unsigned long)(c[1])) << 8) | \ - (((unsigned long)(c[2])))), \ - c += 3) - -#define l2n3(l, c) \ - ((c[0] = (uint8_t)(((l) >> 16) & 0xff), \ - c[1] = (uint8_t)(((l) >> 8) & 0xff), \ - c[2] = (uint8_t)(((l)) & 0xff)), \ - c += 3) - -/* LOCAL STUFF */ - -#define SSL_DECRYPT 0 -#define SSL_ENCRYPT 1 - -#define TWO_BYTE_BIT 0x80 -#define SEC_ESC_BIT 0x40 -#define TWO_BYTE_MASK 0x7fff -#define THREE_BYTE_MASK 0x3fff - -#define INC32(a) ((a) = ((a) + 1) & 0xffffffffL) -#define DEC32(a) ((a) = ((a)-1) & 0xffffffffL) -#define MAX_MAC_SIZE 20 /* up from 16 for SSLv3 */ - -/* Define the Bitmasks for SSL_CIPHER.algorithms. - * - * This bits are used packed as dense as possible. If new methods/ciphers etc - * will be added, the bits a likely to change, so this information is for - * internal library use only, even though SSL_CIPHER.algorithms can be publicly - * accessed. Use the according functions for cipher management instead. - * - * The bit mask handling in the selection and sorting scheme in - * ssl_create_cipher_list() has only limited capabilities, reflecting that the - * different entities within are mutually exclusive: - * ONLY ONE BIT PER MASK CAN BE SET AT A TIME. */ - -/* Bits for algorithm_mkey (key exchange algorithm) */ -#define SSL_kRSA 0x00000001L /* RSA key exchange */ -#define SSL_kEDH 0x00000002L /* tmp DH key no DH cert */ -#define SSL_kEECDH 0x00000004L /* ephemeral ECDH */ -#define SSL_kPSK 0x00000008L /* PSK */ - -/* Bits for algorithm_auth (server authentication) */ -#define SSL_aRSA 0x00000001L /* RSA auth */ -#define SSL_aNULL 0x00000002L /* no auth (i.e. use ADH or AECDH) */ -#define SSL_aECDSA 0x00000004L /* ECDSA auth*/ -#define SSL_aPSK 0x00000008L /* PSK auth */ - -/* Bits for algorithm_enc (symmetric encryption) */ -#define SSL_3DES 0x00000001L -#define SSL_RC4 0x00000002L -#define SSL_AES128 0x00000004L -#define SSL_AES256 0x00000008L -#define SSL_AES128GCM 0x00000010L -#define SSL_AES256GCM 0x00000020L -#define SSL_CHACHA20POLY1305 0x00000040L - -#define SSL_AES (SSL_AES128 | SSL_AES256 | SSL_AES128GCM | SSL_AES256GCM) - -/* Bits for algorithm_mac (symmetric authentication) */ - -#define SSL_MD5 0x00000001L -#define SSL_SHA1 0x00000002L -#define SSL_SHA256 0x00000004L -#define SSL_SHA384 0x00000008L -/* Not a real MAC, just an indication it is part of cipher */ -#define SSL_AEAD 0x00000010L - -/* Bits for algorithm_ssl (protocol version) */ -#define SSL_SSLV3 0x00000002L -#define SSL_TLSV1 SSL_SSLV3 /* for now */ -#define SSL_TLSV1_2 0x00000004L - -/* Bits for algorithm2 (handshake digests and other extra flags) */ - -#define SSL_HANDSHAKE_MAC_MD5 0x10 -#define SSL_HANDSHAKE_MAC_SHA 0x20 -#define SSL_HANDSHAKE_MAC_SHA256 0x40 -#define SSL_HANDSHAKE_MAC_SHA384 0x80 -#define SSL_HANDSHAKE_MAC_DEFAULT \ - (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA) - -/* When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX - * make sure to update this constant too */ -#define SSL_MAX_DIGEST 4 - -#define TLS1_PRF_DGST_MASK (0xff << TLS1_PRF_DGST_SHIFT) - -#define TLS1_PRF_DGST_SHIFT 10 -#define TLS1_PRF_MD5 (SSL_HANDSHAKE_MAC_MD5 << TLS1_PRF_DGST_SHIFT) -#define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT) -#define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT) -#define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT) -#define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1) - -#define TLSEXT_CHANNEL_ID_SIZE 128 - -/* SSL_CIPHER_ALGORITHM2_AEAD is a flag in SSL_CIPHER.algorithm2 which - * indicates that the cipher is implemented via an EVP_AEAD. */ -#define SSL_CIPHER_ALGORITHM2_AEAD (1 << 23) - -/* SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD is a flag in - * SSL_CIPHER.algorithm2 which indicates that the variable part of the nonce is - * included as a prefix of the record. (AES-GCM, for example, does with with an - * 8-byte variable nonce.) */ -#define SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD (1<<22) - -/* Cipher strength information. */ -#define SSL_MEDIUM 0x00000001L -#define SSL_HIGH 0x00000002L -#define SSL_FIPS 0x00000004L - -/* we have used 000001ff - 23 bits left to go */ - -/* Check if an SSL structure is using DTLS */ -#define SSL_IS_DTLS(s) (s->enc_method->enc_flags & SSL_ENC_FLAG_DTLS) -/* See if we need explicit IV */ -#define SSL_USE_EXPLICIT_IV(s) \ - (s->enc_method->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV) -/* See if we use signature algorithms extension and signature algorithm before - * signatures. */ -#define SSL_USE_SIGALGS(s) (s->enc_method->enc_flags & SSL_ENC_FLAG_SIGALGS) -/* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2: may - * apply to others in future. */ -#define SSL_USE_TLS1_2_CIPHERS(s) \ - (s->enc_method->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS) -/* Determine if a client can use TLS 1.2 ciphersuites: can't rely on method - * flags because it may not be set to correct version yet. */ -#define SSL_CLIENT_USE_TLS1_2_CIPHERS(s) \ - ((SSL_IS_DTLS(s) && s->client_version <= DTLS1_2_VERSION) || \ - (!SSL_IS_DTLS(s) && s->client_version >= TLS1_2_VERSION)) - -/* Mostly for SSLv3 */ -#define SSL_PKEY_RSA_ENC 0 -#define SSL_PKEY_RSA_SIGN 1 -#define SSL_PKEY_ECC 2 -#define SSL_PKEY_NUM 3 - -/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | - * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) - * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN) - * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN - * SSL_aRSA <- RSA_ENC | RSA_SIGN - * SSL_aDSS <- DSA_SIGN */ - -#define PENDING_SESSION -10000 -#define CERTIFICATE_SELECTION_PENDING -10001 - -/* From RFC4492, used in encoding the curve type in ECParameters */ -#define EXPLICIT_PRIME_CURVE_TYPE 1 -#define EXPLICIT_CHAR2_CURVE_TYPE 2 -#define NAMED_CURVE_TYPE 3 - -/* Values for the |hash_message| parameter of |s->method->ssl_get_message|. */ -#define SSL_GET_MESSAGE_DONT_HASH_MESSAGE 0 -#define SSL_GET_MESSAGE_HASH_MESSAGE 1 - -typedef struct cert_pkey_st { - X509 *x509; - EVP_PKEY *privatekey; - /* Chain for this certificate */ - STACK_OF(X509) * chain; -} CERT_PKEY; - -typedef struct cert_st { - /* Current active set */ - CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array - * Probably it would make more sense to store - * an index, not a pointer. */ - - /* For clients the following masks are of *disabled* key and auth algorithms - * based on the current session. - * - * TODO(davidben): Remove these. They get checked twice: when sending the - * ClientHello and when processing the ServerHello. However, mask_ssl is a - * different value both times. mask_k and mask_a are not, but is a - * round-about way of checking the server's cipher was one of the advertised - * ones. (Currently it checks the masks and then the list of ciphers prior to - * applying the masks in ClientHello.) */ - unsigned long mask_k; - unsigned long mask_a; - unsigned long mask_ssl; - - DH *dh_tmp; - DH *(*dh_tmp_cb)(SSL *ssl, int is_export, int keysize); - EC_KEY *ecdh_tmp; - /* Callback for generating ephemeral ECDH keys */ - EC_KEY *(*ecdh_tmp_cb)(SSL *ssl, int is_export, int keysize); - /* Select ECDH parameters automatically */ - int ecdh_tmp_auto; - /* Flags related to certificates */ - unsigned int cert_flags; - CERT_PKEY pkeys[SSL_PKEY_NUM]; - - /* Server-only: client_certificate_types is list of certificate types to - * include in the CertificateRequest message. - */ - uint8_t *client_certificate_types; - size_t num_client_certificate_types; - - /* signature algorithms peer reports: e.g. supported signature - * algorithms extension for server or as part of a certificate - * request for client. */ - uint8_t *peer_sigalgs; - /* Size of above array */ - size_t peer_sigalgslen; - /* suppported signature algorithms. - * When set on a client this is sent in the client hello as the - * supported signature algorithms extension. For servers - * it represents the signature algorithms we are willing to use. */ - uint8_t *conf_sigalgs; - /* Size of above array */ - size_t conf_sigalgslen; - /* Client authentication signature algorithms, if not set then - * uses conf_sigalgs. On servers these will be the signature - * algorithms sent to the client in a cerificate request for TLS 1.2. - * On a client this represents the signature algortithms we are - * willing to use for client authentication. */ - uint8_t *client_sigalgs; - /* Size of above array */ - size_t client_sigalgslen; - /* Signature algorithms shared by client and server: cached - * because these are used most often. */ - TLS_SIGALGS *shared_sigalgs; - size_t shared_sigalgslen; - - /* Certificate setup callback: if set is called whenever a - * certificate may be required (client or server). the callback - * can then examine any appropriate parameters and setup any - * certificates required. This allows advanced applications - * to select certificates on the fly: for example based on - * supported signature algorithms or curves. */ - int (*cert_cb)(SSL *ssl, void *arg); - void *cert_cb_arg; - - /* Optional X509_STORE for chain building or certificate validation - * If NULL the parent SSL_CTX store is used instead. */ - X509_STORE *chain_store; - X509_STORE *verify_store; - - /* Raw values of the cipher list from a client */ - uint8_t *ciphers_raw; - size_t ciphers_rawlen; -} CERT; - -typedef struct sess_cert_st { - STACK_OF(X509) * cert_chain; /* as received from peer (not for SSL2) */ - - /* The 'peer_...' members are used only by clients. */ - int peer_cert_type; - - CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */ - CERT_PKEY peer_pkeys[SSL_PKEY_NUM]; - /* Obviously we don't have the private keys of these, - * so maybe we shouldn't even use the CERT_PKEY type here. */ - - DH *peer_dh_tmp; - EC_KEY *peer_ecdh_tmp; -} SESS_CERT; - -/* Structure containing decoded values of signature algorithms extension */ -struct tls_sigalgs_st { - /* NID of hash algorithm */ - int hash_nid; - /* NID of signature algorithm */ - int sign_nid; - /* Combined hash and signature NID */ - int signandhash_nid; - /* Raw values used in extension */ - uint8_t rsign; - uint8_t rhash; -}; - -/* SSL_METHOD is a compatibility structure to support the legacy version-locked - * methods. */ -struct ssl_method_st { - /* version, if non-zero, is the only protocol version acceptable to an - * SSL_CTX initialized from this method. */ - uint16_t version; - /* method is the underlying SSL_PROTOCOL_METHOD that initializes the - * SSL_CTX. */ - const SSL_PROTOCOL_METHOD *method; -}; - -/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ -struct ssl_protocol_method_st { - int (*ssl_new)(SSL *s); - void (*ssl_free)(SSL *s); - int (*ssl_accept)(SSL *s); - int (*ssl_connect)(SSL *s); - int (*ssl_read)(SSL *s, void *buf, int len); - int (*ssl_peek)(SSL *s, void *buf, int len); - int (*ssl_write)(SSL *s, const void *buf, int len); - int (*ssl_shutdown)(SSL *s); - int (*ssl_renegotiate)(SSL *s); - int (*ssl_renegotiate_check)(SSL *s); - long (*ssl_get_message)(SSL *s, int header_state, int body_state, - int msg_type, long max, int hash_message, int *ok); - int (*ssl_read_bytes)(SSL *s, int type, uint8_t *buf, int len, int peek); - int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len); - int (*ssl_dispatch_alert)(SSL *s); - long (*ssl_ctrl)(SSL *s, int cmd, long larg, void *parg); - long (*ssl_ctx_ctrl)(SSL_CTX *ctx, int cmd, long larg, void *parg); - int (*ssl_pending)(const SSL *s); - int (*num_ciphers)(void); - const SSL_CIPHER *(*get_cipher)(unsigned ncipher); - int (*ssl_version)(void); - long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void)); - long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void)); -}; - -/* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff It is a bit - * of a mess of functions, but hell, think of it as an opaque structure. */ -struct ssl3_enc_method { - int (*enc)(SSL *, int); - int (*prf)(SSL *, uint8_t *, size_t, const uint8_t *, size_t, const char *, - size_t, const uint8_t *, size_t, const uint8_t *, size_t); - int (*setup_key_block)(SSL *); - int (*generate_master_secret)(SSL *, uint8_t *, const uint8_t *, size_t); - int (*change_cipher_state)(SSL *, int); - int (*final_finish_mac)(SSL *, const char *, int, uint8_t *); - int finish_mac_length; - int (*cert_verify_mac)(SSL *, int, uint8_t *); - const char *client_finished_label; - int client_finished_label_len; - const char *server_finished_label; - int server_finished_label_len; - int (*alert_value)(int); - int (*export_keying_material)(SSL *, uint8_t *, size_t, const char *, size_t, - const uint8_t *, size_t, int use_context); - /* Various flags indicating protocol version requirements */ - unsigned int enc_flags; - /* Handshake header length */ - unsigned int hhlen; - /* Set the handshake header */ - void (*set_handshake_header)(SSL *s, int type, unsigned long len); - /* Write out handshake message */ - int (*do_write)(SSL *s); -}; - -#define SSL_HM_HEADER_LENGTH(s) s->enc_method->hhlen -#define ssl_handshake_start(s) \ - (((uint8_t *)s->init_buf->data) + s->enc_method->hhlen) -#define ssl_set_handshake_header(s, htype, len) \ - s->enc_method->set_handshake_header(s, htype, len) -#define ssl_do_write(s) s->enc_method->do_write(s) - -/* Values for enc_flags */ - -/* Uses explicit IV for CBC mode */ -#define SSL_ENC_FLAG_EXPLICIT_IV 0x1 -/* Uses signature algorithms extension */ -#define SSL_ENC_FLAG_SIGALGS 0x2 -/* Uses SHA256 default PRF */ -#define SSL_ENC_FLAG_SHA256_PRF 0x4 -/* Is DTLS */ -#define SSL_ENC_FLAG_DTLS 0x8 -/* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2: - * may apply to others in future. */ -#define SSL_ENC_FLAG_TLS1_2_CIPHERS 0x10 - -/* ssl_aead_ctx_st contains information about an AEAD that is being used to - * encrypt an SSL connection. */ -struct ssl_aead_ctx_st { - EVP_AEAD_CTX ctx; - /* fixed_nonce contains any bytes of the nonce that are fixed for all - * records. */ - uint8_t fixed_nonce[8]; - uint8_t fixed_nonce_len, variable_nonce_len, tag_len; - /* variable_nonce_included_in_record is non-zero if the variable nonce - * for a record is included as a prefix before the ciphertext. */ - char variable_nonce_included_in_record; - /* random_variable_nonce is non-zero if the variable nonce is - * randomly generated, rather than derived from the sequence - * number. */ - char random_variable_nonce; - /* omit_length_in_ad is non-zero if the length should be omitted in the - * AEAD's ad parameter. */ - char omit_length_in_ad; - /* omit_version_in_ad is non-zero if the version should be omitted - * in the AEAD's ad parameter. */ - char omit_version_in_ad; -}; - -extern const SSL_CIPHER ssl3_ciphers[]; - -extern const SSL3_ENC_METHOD TLSv1_enc_data; -extern const SSL3_ENC_METHOD TLSv1_1_enc_data; -extern const SSL3_ENC_METHOD TLSv1_2_enc_data; -extern const SSL3_ENC_METHOD SSLv3_enc_data; -extern const SSL3_ENC_METHOD DTLSv1_enc_data; -extern const SSL3_ENC_METHOD DTLSv1_2_enc_data; - -void ssl_clear_cipher_ctx(SSL *s); -int ssl_clear_bad_session(SSL *s); -CERT *ssl_cert_new(void); -CERT *ssl_cert_dup(CERT *cert); -int ssl_cert_inst(CERT **o); -void ssl_cert_clear_certs(CERT *c); -void ssl_cert_free(CERT *c); -SESS_CERT *ssl_sess_cert_new(void); -void ssl_sess_cert_free(SESS_CERT *sc); -int ssl_set_peer_cert_type(SESS_CERT *c, int type); -int ssl_get_prev_session(SSL *s, const struct ssl_early_callback_ctx *ctx); -int ssl_cipher_id_cmp(const void *in_a, const void *in_b); -int ssl_cipher_ptr_id_cmp(const SSL_CIPHER **ap, const SSL_CIPHER **bp); -STACK_OF(SSL_CIPHER) * ssl_bytes_to_cipher_list(SSL *s, const CBS *cbs); -int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) * sk, uint8_t *p); -STACK_OF(SSL_CIPHER) * - ssl_create_cipher_list(const SSL_PROTOCOL_METHOD *meth, - struct ssl_cipher_preference_list_st **pref, - STACK_OF(SSL_CIPHER) * *sorted, const char *rule_str, - CERT *c); -struct ssl_cipher_preference_list_st *ssl_cipher_preference_list_dup( - struct ssl_cipher_preference_list_st *cipher_list); -void ssl_cipher_preference_list_free( - struct ssl_cipher_preference_list_st *cipher_list); -struct ssl_cipher_preference_list_st *ssl_cipher_preference_list_from_ciphers( - STACK_OF(SSL_CIPHER) * ciphers); -struct ssl_cipher_preference_list_st *ssl_get_cipher_preferences(SSL *s); - -/* ssl_cipher_get_evp_aead sets |*out_aead| to point to the correct EVP_AEAD -* object for |cipher| protocol version |version|. It sets |*out_mac_secret_len| -* and |*out_fixed_iv_len| to the MAC key length and fixed IV length, -* respectively. The MAC key length is zero except for legacy block and stream -* ciphers. It returns 1 on success and 0 on error. */ -int ssl_cipher_get_evp_aead(const EVP_AEAD **out_aead, - size_t *out_mac_secret_len, - size_t *out_fixed_iv_len, - const SSL_CIPHER *cipher, uint16_t version); - -int ssl_get_handshake_digest(size_t i, long *mask, const EVP_MD **md); -int ssl_cipher_get_cert_index(const SSL_CIPHER *c); -int ssl_cipher_has_server_public_key(const SSL_CIPHER *cipher); -int ssl_cipher_requires_server_key_exchange(const SSL_CIPHER *cipher); - -int ssl_cert_set0_chain(CERT *c, STACK_OF(X509) * chain); -int ssl_cert_set1_chain(CERT *c, STACK_OF(X509) * chain); -int ssl_cert_add0_chain_cert(CERT *c, X509 *x); -int ssl_cert_add1_chain_cert(CERT *c, X509 *x); -int ssl_cert_select_current(CERT *c, X509 *x); -void ssl_cert_set_cert_cb(CERT *c, int (*cb)(SSL *ssl, void *arg), void *arg); - -int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) * sk); -int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l); -int ssl_build_cert_chain(CERT *c, X509_STORE *chain_store, int flags); -int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref); -int ssl_undefined_function(SSL *s); -int ssl_undefined_void_function(void); -int ssl_undefined_const_function(const SSL *s); -CERT_PKEY *ssl_get_server_send_pkey(const SSL *s); -EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c); -int ssl_cert_type(EVP_PKEY *pkey); - -/* ssl_get_compatible_server_ciphers determines the key exchange and - * authentication cipher suite masks compatible with the server configuration - * and current ClientHello parameters of |s|. It sets |*out_mask_k| to the key - * exchange mask and |*out_mask_a| to the authentication mask. */ -void ssl_get_compatible_server_ciphers(SSL *s, unsigned long *out_mask_k, - unsigned long *out_mask_a); - -STACK_OF(SSL_CIPHER) * ssl_get_ciphers_by_id(SSL *s); -int ssl_verify_alarm_type(long type); -int ssl_fill_hello_random(SSL *s, int server, uint8_t *field, size_t len); - -const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value); -uint16_t ssl3_get_cipher_value(const SSL_CIPHER *c); -int ssl3_init_finished_mac(SSL *s); -int ssl3_send_server_certificate(SSL *s); -int ssl3_send_new_session_ticket(SSL *s); -int ssl3_send_cert_status(SSL *s); -int ssl3_get_finished(SSL *s, int state_a, int state_b); -int ssl3_send_change_cipher_spec(SSL *s, int state_a, int state_b); -int ssl3_prf(SSL *s, uint8_t *out, size_t out_len, const uint8_t *secret, - size_t secret_len, const char *label, size_t label_len, - const uint8_t *seed1, size_t seed1_len, - const uint8_t *seed2, size_t seed2_len); -void ssl3_cleanup_key_block(SSL *s); -int ssl3_do_write(SSL *s, int type); -int ssl3_send_alert(SSL *s, int level, int desc); -int ssl3_get_req_cert_type(SSL *s, uint8_t *p); -long ssl3_get_message(SSL *s, int header_state, int body_state, int msg_type, - long max, int hash_message, int *ok); - -/* ssl3_hash_current_message incorporates the current handshake message into - * the handshake hash. */ -void ssl3_hash_current_message(SSL *s); - -/* ssl3_cert_verify_hash writes the CertificateVerify hash into the bytes - * pointed to by |out| and writes the number of bytes to |*out_len|. |out| must - * have room for EVP_MAX_MD_SIZE bytes. For TLS 1.2 and up, |*out_md| is used - * for the hash function, otherwise the hash function depends on the type of - * |pkey| and is written to |*out_md|. It returns one on success and zero on - * failure. */ -int ssl3_cert_verify_hash(SSL *s, uint8_t *out, size_t *out_len, - const EVP_MD **out_md, EVP_PKEY *pkey); - -int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen); -int ssl3_num_ciphers(void); -const SSL_CIPHER *ssl3_get_cipher(unsigned int u); -int ssl3_renegotiate(SSL *ssl); -int ssl3_renegotiate_check(SSL *ssl); -int ssl3_dispatch_alert(SSL *s); -int ssl3_expect_change_cipher_spec(SSL *s); -int ssl3_read_bytes(SSL *s, int type, uint8_t *buf, int len, int peek); -int ssl3_write_bytes(SSL *s, int type, const void *buf, int len); -int ssl3_final_finish_mac(SSL *s, const char *sender, int slen, uint8_t *p); -int ssl3_cert_verify_mac(SSL *s, int md_nid, uint8_t *p); -void ssl3_finish_mac(SSL *s, const uint8_t *buf, int len); -void ssl3_free_digest_list(SSL *s); -unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk); -const SSL_CIPHER *ssl3_choose_cipher( - SSL *ssl, STACK_OF(SSL_CIPHER) * clnt, - struct ssl_cipher_preference_list_st *srvr); -int ssl3_setup_buffers(SSL *s); -int ssl3_setup_read_buffer(SSL *s); -int ssl3_setup_write_buffer(SSL *s); -int ssl3_release_read_buffer(SSL *s); -int ssl3_release_write_buffer(SSL *s); - -enum should_free_handshake_buffer_t { - free_handshake_buffer, - dont_free_handshake_buffer, -}; -int ssl3_digest_cached_records(SSL *s, enum should_free_handshake_buffer_t); - -int ssl3_new(SSL *s); -void ssl3_free(SSL *s); -int ssl3_accept(SSL *s); -int ssl3_connect(SSL *s); -int ssl3_read(SSL *s, void *buf, int len); -int ssl3_peek(SSL *s, void *buf, int len); -int ssl3_write(SSL *s, const void *buf, int len); -int ssl3_shutdown(SSL *s); -long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg); -long ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg); -long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)); -long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp)(void)); -int ssl3_pending(const SSL *s); - -void ssl3_record_sequence_update(uint8_t *seq); -int ssl3_do_change_cipher_spec(SSL *ssl); - -void ssl3_set_handshake_header(SSL *s, int htype, unsigned long len); -int ssl3_handshake_write(SSL *s); - -int dtls1_do_write(SSL *s, int type); -int ssl3_read_n(SSL *s, int n, int max, int extend); -int dtls1_read_bytes(SSL *s, int type, uint8_t *buf, int len, int peek); -int ssl3_write_pending(SSL *s, int type, const uint8_t *buf, unsigned int len); -void dtls1_set_message_header(SSL *s, uint8_t mt, unsigned long len, - unsigned short seq_num, unsigned long frag_off, - unsigned long frag_len); - -int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len); -int dtls1_write_bytes(SSL *s, int type, const void *buf, int len); - -int dtls1_send_change_cipher_spec(SSL *s, int a, int b); -int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen); -int dtls1_read_failed(SSL *s, int code); -int dtls1_buffer_message(SSL *s, int ccs); -int dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, - int *found); -int dtls1_get_queue_priority(unsigned short seq, int is_ccs); -int dtls1_retransmit_buffered_messages(SSL *s); -void dtls1_clear_record_buffer(SSL *s); -void dtls1_get_message_header(uint8_t *data, struct hm_header_st *msg_hdr); -void dtls1_get_ccs_header(uint8_t *data, struct ccs_header_st *ccs_hdr); -void dtls1_reset_seq_numbers(SSL *s, int rw); -int dtls1_check_timeout_num(SSL *s); -int dtls1_handle_timeout(SSL *s); -const SSL_CIPHER *dtls1_get_cipher(unsigned int u); -void dtls1_start_timer(SSL *s); -void dtls1_stop_timer(SSL *s); -int dtls1_is_timer_expired(SSL *s); -void dtls1_double_timeout(SSL *s); -unsigned int dtls1_min_mtu(void); -void dtls1_hm_fragment_free(hm_fragment *frag); - -/* some client-only functions */ -int ssl3_send_client_hello(SSL *s); -int ssl3_get_server_hello(SSL *s); -int ssl3_get_certificate_request(SSL *s); -int ssl3_get_new_session_ticket(SSL *s); -int ssl3_get_cert_status(SSL *s); -int ssl3_get_server_done(SSL *s); -int ssl3_send_cert_verify(SSL *s); -int ssl3_send_client_certificate(SSL *s); -int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey); -int ssl3_send_client_key_exchange(SSL *s); -int ssl3_get_server_key_exchange(SSL *s); -int ssl3_get_server_certificate(SSL *s); -int ssl3_check_cert_and_algorithm(SSL *s); -int ssl3_send_next_proto(SSL *s); -int ssl3_send_channel_id(SSL *s); - -int dtls1_client_hello(SSL *s); - -/* some server-only functions */ -int ssl3_get_initial_bytes(SSL *s); -int ssl3_get_v2_client_hello(SSL *s); -int ssl3_get_client_hello(SSL *s); -int ssl3_send_server_hello(SSL *s); -int ssl3_send_hello_request(SSL *s); -int ssl3_send_server_key_exchange(SSL *s); -int ssl3_send_certificate_request(SSL *s); -int ssl3_send_server_done(SSL *s); -int ssl3_get_client_certificate(SSL *s); -int ssl3_get_client_key_exchange(SSL *s); -int ssl3_get_cert_verify(SSL *s); -int ssl3_get_next_proto(SSL *s); -int ssl3_get_channel_id(SSL *s); - -int dtls1_new(SSL *s); -int dtls1_accept(SSL *s); -int dtls1_connect(SSL *s); -void dtls1_free(SSL *s); -long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg); -int dtls1_shutdown(SSL *s); - -long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, - int hash_message, int *ok); -int dtls1_get_record(SSL *s); -int dtls1_dispatch_alert(SSL *s); - -int ssl_init_wbio_buffer(SSL *s, int push); -void ssl_free_wbio_buffer(SSL *s); - -/* tls1_prf computes the TLS PRF function for |s| as described in RFC 5246, - * section 5 and RFC 2246 section 5. It writes |out_len| bytes to |out|, using - * |secret| as the secret and |label| as the label. |seed1| and |seed2| are - * concatenated to form the seed parameter. It returns one on success and zero - * on failure. */ -int tls1_prf(SSL *s, uint8_t *out, size_t out_len, const uint8_t *secret, - size_t secret_len, const char *label, size_t label_len, - const uint8_t *seed1, size_t seed1_len, - const uint8_t *seed2, size_t seed2_len); - -int tls1_change_cipher_state(SSL *s, int which); -int tls1_setup_key_block(SSL *s); -int tls1_enc(SSL *s, int snd); -int tls1_handshake_digest(SSL *s, uint8_t *out, size_t out_len); -int tls1_final_finish_mac(SSL *s, const char *str, int slen, uint8_t *p); -int tls1_cert_verify_mac(SSL *s, int md_nid, uint8_t *p); -int tls1_generate_master_secret(SSL *s, uint8_t *out, const uint8_t *premaster, - size_t premaster_len); -int tls1_export_keying_material(SSL *s, uint8_t *out, size_t olen, - const char *label, size_t llen, - const uint8_t *p, size_t plen, int use_context); -int tls1_alert_code(int code); -int ssl3_alert_code(int code); -int ssl_ok(SSL *s); - -int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s); - -char ssl_early_callback_init(struct ssl_early_callback_ctx *ctx); -int tls1_ec_curve_id2nid(uint16_t curve_id); -int tls1_ec_nid2curve_id(uint16_t *out_curve_id, int nid); - -/* tls1_check_curve parses ECParameters out of |cbs|, modifying it. It - * checks the curve is one of our preferences and writes the - * NamedCurve value to |*out_curve_id|. It returns one on success and - * zero on error. */ -int tls1_check_curve(SSL *s, CBS *cbs, uint16_t *out_curve_id); - -/* tls1_get_shared_curve returns the NID of the first preferred shared curve - * between client and server preferences. If none can be found, it returns - * NID_undef. */ -int tls1_get_shared_curve(SSL *s); - -/* tls1_set_curves converts the array of |ncurves| NIDs pointed to by |curves| - * into a newly allocated array of TLS curve IDs. On success, the function - * returns one and writes the array to |*out_curve_ids| and its size to - * |*out_curve_ids_len|. Otherwise, it returns zero. */ -int tls1_set_curves(uint16_t **out_curve_ids, size_t *out_curve_ids_len, - const int *curves, size_t ncurves); - -/* tls1_check_ec_cert returns one if |x| is an ECC certificate with curve and - * point format compatible with the client's preferences. Otherwise it returns - * zero. */ -int tls1_check_ec_cert(SSL *s, X509 *x); - -/* tls1_check_ec_tmp_key returns one if the EC temporary key is compatible with - * client extensions and zero otherwise. */ -int tls1_check_ec_tmp_key(SSL *s); - -int tls1_shared_list(SSL *s, const uint8_t *l1, size_t l1len, const uint8_t *l2, - size_t l2len, int nmatch); -uint8_t *ssl_add_clienthello_tlsext(SSL *s, uint8_t *buf, uint8_t *limit, - size_t header_len); -uint8_t *ssl_add_serverhello_tlsext(SSL *s, uint8_t *buf, uint8_t *limit); -int ssl_parse_clienthello_tlsext(SSL *s, CBS *cbs); -int ssl_parse_serverhello_tlsext(SSL *s, CBS *cbs); -int ssl_prepare_clienthello_tlsext(SSL *s); -int ssl_prepare_serverhello_tlsext(SSL *s); - -#define tlsext_tick_md EVP_sha256 -int tls1_process_ticket(SSL *s, const struct ssl_early_callback_ctx *ctx, - SSL_SESSION **ret); - -int tls12_get_sigandhash(uint8_t *p, const EVP_PKEY *pk, const EVP_MD *md); -int tls12_get_sigid(const EVP_PKEY *pk); -const EVP_MD *tls12_get_hash(uint8_t hash_alg); - -int tls1_channel_id_hash(EVP_MD_CTX *ctx, SSL *s); -int tls1_record_handshake_hashes_for_channel_id(SSL *s); - -int tls1_set_sigalgs_list(CERT *c, const char *str, int client); -int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen, int client); - -/* ssl_ctx_log_rsa_client_key_exchange logs |premaster| to |ctx|, if logging is - * enabled. It returns one on success and zero on failure. The entry is - * identified by the first 8 bytes of |encrypted_premaster|. */ -int ssl_ctx_log_rsa_client_key_exchange(SSL_CTX *ctx, - const uint8_t *encrypted_premaster, - size_t encrypted_premaster_len, - const uint8_t *premaster, - size_t premaster_len); - -/* ssl_ctx_log_master_secret logs |master| to |ctx|, if logging is enabled. It - * returns one on success and zero on failure. The entry is identified by - * |client_random|. */ -int ssl_ctx_log_master_secret(SSL_CTX *ctx, const uint8_t *client_random, - size_t client_random_len, const uint8_t *master, - size_t master_len); - -int ssl3_can_cutthrough(const SSL *s); - -/* ssl3_get_enc_method returns the SSL3_ENC_METHOD corresponding to - * |version|. */ -const SSL3_ENC_METHOD *ssl3_get_enc_method(uint16_t version); - -/* ssl3_get_max_server_version returns the maximum SSL/TLS version number - * supported by |s| as a server, or zero if all versions are disabled. */ -uint16_t ssl3_get_max_server_version(const SSL *s); - -/* ssl3_get_mutual_version selects the protocol version on |s| for a client - * which advertises |client_version|. If no suitable version exists, it returns - * zero. */ -uint16_t ssl3_get_mutual_version(SSL *s, uint16_t client_version); - -/* ssl3_get_max_client_version returns the maximum protocol version configured - * for the client. It is guaranteed that the set of allowed versions at or below - * this maximum version is contiguous. If all versions are disabled, it returns - * zero. */ -uint16_t ssl3_get_max_client_version(SSL *s); - -/* ssl3_is_version_enabled returns one if |version| is an enabled protocol - * version for |s| and zero otherwise. */ -int ssl3_is_version_enabled(SSL *s, uint16_t version); - -/* ssl3_version_from_wire maps |wire_version| to a protocol version. For - * SSLv3/TLS, the version is returned as-is. For DTLS, the corresponding TLS - * version is used. Note that this mapping is not injective but preserves - * comparisons. - * - * TODO(davidben): To normalize some DTLS-specific code, move away from using - * the wire version except at API boundaries. */ -uint16_t ssl3_version_from_wire(SSL *s, uint16_t wire_version); - -int ssl_add_serverhello_renegotiate_ext(SSL *s, uint8_t *p, int *len, - int maxlen); -int ssl_parse_serverhello_renegotiate_ext(SSL *s, CBS *cbs, int *out_alert); -int ssl_add_clienthello_renegotiate_ext(SSL *s, uint8_t *p, int *len, - int maxlen); -int ssl_parse_clienthello_renegotiate_ext(SSL *s, CBS *cbs, int *out_alert); -long ssl_get_algorithm2(SSL *s); -int tls1_process_sigalgs(SSL *s, const CBS *sigalgs); - -/* tls1_choose_signing_digest returns a digest for use with |pkey| based on the - * peer's preferences recorded for |s| and the digests supported by |pkey|. */ -const EVP_MD *tls1_choose_signing_digest(SSL *s, EVP_PKEY *pkey); - -size_t tls12_get_psigalgs(SSL *s, const uint8_t **psigs); -int tls12_check_peer_sigalg(const EVP_MD **out_md, int *out_alert, SSL *s, - CBS *cbs, EVP_PKEY *pkey); -void ssl_set_client_disabled(SSL *s); - -int ssl_add_clienthello_use_srtp_ext(SSL *s, uint8_t *p, int *len, int maxlen); -int ssl_parse_clienthello_use_srtp_ext(SSL *s, CBS *cbs, int *out_alert); -int ssl_add_serverhello_use_srtp_ext(SSL *s, uint8_t *p, int *len, int maxlen); -int ssl_parse_serverhello_use_srtp_ext(SSL *s, CBS *cbs, int *out_alert); - -#endif diff --git a/src/ssl/ssl_rsa.c b/src/ssl/ssl_rsa.c index 3d1bc62..87f4c1c 100644 --- a/src/ssl/ssl_rsa.c +++ b/src/ssl/ssl_rsa.c @@ -64,7 +64,7 @@ #include #include -#include "ssl_locl.h" +#include "internal.h" static int ssl_set_cert(CERT *c, X509 *x509); static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); @@ -74,10 +74,6 @@ int SSL_use_certificate(SSL *ssl, X509 *x) { OPENSSL_PUT_ERROR(SSL, SSL_use_certificate, ERR_R_PASSED_NULL_PARAMETER); return 0; } - if (!ssl_cert_inst(&ssl->cert)) { - OPENSSL_PUT_ERROR(SSL, SSL_use_certificate, ERR_R_MALLOC_FAILURE); - return 0; - } return ssl_set_cert(ssl->cert, x); } @@ -118,12 +114,8 @@ int SSL_use_certificate_file(SSL *ssl, const char *file, int type) { ret = SSL_use_certificate(ssl, x); end: - if (x != NULL) { - X509_free(x); - } - if (in != NULL) { - BIO_free(in); - } + X509_free(x); + BIO_free(in); return ret; } @@ -152,11 +144,6 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) { return 0; } - if (!ssl_cert_inst(&ssl->cert)) { - OPENSSL_PUT_ERROR(SSL, SSL_use_RSAPrivateKey, ERR_R_MALLOC_FAILURE); - return 0; - } - pkey = EVP_PKEY_new(); if (pkey == NULL) { OPENSSL_PUT_ERROR(SSL, SSL_use_RSAPrivateKey, ERR_R_EVP_LIB); @@ -182,12 +169,6 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) { } if (c->pkeys[i].x509 != NULL) { - EVP_PKEY *pktmp; - pktmp = X509_get_pubkey(c->pkeys[i].x509); - EVP_PKEY_copy_parameters(pktmp, pkey); - EVP_PKEY_free(pktmp); - ERR_clear_error(); - /* Sanity-check that the private key and the certificate match, unless the * key is opaque (in case of, say, a smartcard). */ if (!EVP_PKEY_is_opaque(pkey) && @@ -198,10 +179,8 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) { } } - if (c->pkeys[i].privatekey != NULL) { - EVP_PKEY_free(c->pkeys[i].privatekey); - } - c->pkeys[i].privatekey = EVP_PKEY_dup(pkey); + EVP_PKEY_free(c->pkeys[i].privatekey); + c->pkeys[i].privatekey = EVP_PKEY_up_ref(pkey); c->key = &(c->pkeys[i]); return 1; @@ -244,9 +223,7 @@ int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) { RSA_free(rsa); end: - if (in != NULL) { - BIO_free(in); - } + BIO_free(in); return ret; } @@ -275,11 +252,6 @@ int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) { return 0; } - if (!ssl_cert_inst(&ssl->cert)) { - OPENSSL_PUT_ERROR(SSL, SSL_use_PrivateKey, ERR_R_MALLOC_FAILURE); - return 0; - } - ret = ssl_set_pkey(ssl->cert, pkey); return ret; } @@ -320,9 +292,7 @@ int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) { EVP_PKEY_free(pkey); end: - if (in != NULL) { - BIO_free(in); - } + BIO_free(in); return ret; } @@ -349,10 +319,6 @@ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) { ERR_R_PASSED_NULL_PARAMETER); return 0; } - if (!ssl_cert_inst(&ctx->cert)) { - OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_certificate, ERR_R_MALLOC_FAILURE); - return 0; - } return ssl_set_cert(ctx->cert, x); } @@ -375,9 +341,6 @@ static int ssl_set_cert(CERT *c, X509 *x) { } if (c->pkeys[i].privatekey != NULL) { - EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey); - ERR_clear_error(); - /* Sanity-check that the private key and the certificate match, unless the * key is opaque (in case of, say, a smartcard). */ if (!EVP_PKEY_is_opaque(c->pkeys[i].privatekey) && @@ -394,9 +357,7 @@ static int ssl_set_cert(CERT *c, X509 *x) { EVP_PKEY_free(pkey); - if (c->pkeys[i].x509 != NULL) { - X509_free(c->pkeys[i].x509); - } + X509_free(c->pkeys[i].x509); c->pkeys[i].x509 = X509_up_ref(x); c->key = &(c->pkeys[i]); @@ -441,12 +402,8 @@ int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) { ret = SSL_CTX_use_certificate(ctx, x); end: - if (x != NULL) { - X509_free(x); - } - if (in != NULL) { - BIO_free(in); - } + X509_free(x); + BIO_free(in); return ret; } @@ -475,11 +432,6 @@ int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) { return 0; } - if (!ssl_cert_inst(&ctx->cert)) { - OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_RSAPrivateKey, ERR_R_MALLOC_FAILURE); - return 0; - } - pkey = EVP_PKEY_new(); if (pkey == NULL) { OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_RSAPrivateKey, ERR_R_EVP_LIB); @@ -531,9 +483,7 @@ int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) { RSA_free(rsa); end: - if (in != NULL) { - BIO_free(in); - } + BIO_free(in); return ret; } @@ -560,11 +510,6 @@ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) { return 0; } - if (!ssl_cert_inst(&ctx->cert)) { - OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_PrivateKey, ERR_R_MALLOC_FAILURE); - return 0; - } - return ssl_set_pkey(ctx->cert, pkey); } @@ -604,9 +549,7 @@ int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) { EVP_PKEY_free(pkey); end: - if (in != NULL) { - BIO_free(in); - } + BIO_free(in); return ret; } @@ -668,7 +611,7 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) { * certificates. */ X509 *ca; int r; - unsigned long err; + uint32_t err; SSL_CTX_clear_chain_certs(ctx); @@ -697,11 +640,7 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) { } end: - if (x != NULL) { - X509_free(x); - } - if (in != NULL) { - BIO_free(in); - } + X509_free(x); + BIO_free(in); return ret; } diff --git a/src/ssl/ssl_sess.c b/src/ssl/ssl_sess.c index c5069d8..3eb428f 100644 --- a/src/ssl/ssl_sess.c +++ b/src/ssl/ssl_sess.c @@ -134,22 +134,26 @@ * OTHERWISE. */ #include +#include -#include #include #include #include #include -#include "ssl_locl.h" +#include "internal.h" +#include "../crypto/internal.h" + /* The address of this is a magic value, a pointer to which is returned by * SSL_magic_pending_session_ptr(). It allows a session callback to indicate * that it needs to asynchronously fetch session information. */ static const char g_pending_session_magic = 0; +static CRYPTO_EX_DATA_CLASS g_ex_data_class = CRYPTO_EX_DATA_CLASS_INIT; + static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); -static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s); +static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s); static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck); SSL_SESSION *SSL_magic_pending_session_ptr(void) { @@ -164,25 +168,18 @@ SSL_SESSION *SSL_get_session(const SSL *ssl) SSL_SESSION *SSL_get1_session(SSL *ssl) { /* variant of SSL_get_session: caller really gets something */ - SSL_SESSION *sess; - /* Need to lock this all up rather than just use CRYPTO_add so that - * somebody doesn't free ssl->session between when we check it's - * non-null and when we up the reference count. */ - CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION); - sess = ssl->session; - if (sess) { - sess->references++; - } - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION); - - return sess; + return SSL_SESSION_up_ref(ssl->session); } int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp, - new_func, dup_func, free_func); + int index; + if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp, new_func, + dup_func, free_func)) { + return -1; + } + return index; } int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) { @@ -207,7 +204,7 @@ SSL_SESSION *SSL_SESSION_new(void) { ss->references = 1; ss->timeout = SSL_DEFAULT_SESSION_TIMEOUT; ss->time = (unsigned long)time(NULL); - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); + CRYPTO_new_ex_data(&g_ex_data_class, ss, &ss->ex_data); return ss; } @@ -275,10 +272,8 @@ int ssl_get_new_session(SSL *s, int session) { ss->timeout = s->initial_ctx->session_timeout; } - if (s->session != NULL) { - SSL_SESSION_free(s->session); - s->session = NULL; - } + SSL_SESSION_free(s->session); + s->session = NULL; if (session) { if (s->version == SSL3_VERSION || s->version == TLS1_VERSION || @@ -425,15 +420,9 @@ int ssl_get_prev_session(SSL *s, const struct ssl_early_callback_ctx *ctx) { } memcpy(data.session_id, ctx->session_id, ctx->session_id_len); CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); - ret = lh_SSL_SESSION_retrieve(s->initial_ctx->sessions, &data); - if (ret != NULL) { - /* don't allow other threads to steal it: */ - CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_SSL_SESSION); - } + ret = SSL_SESSION_up_ref(lh_SSL_SESSION_retrieve(s->initial_ctx->sessions, + &data)); CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); - if (ret == NULL) { - s->initial_ctx->stats.sess_miss++; - } } if (try_session_cache && ret == NULL && @@ -448,14 +437,13 @@ int ssl_get_prev_session(SSL *s, const struct ssl_early_callback_ctx *ctx) { * unwind the stack and figure out the session asynchronously. */ return PENDING_SESSION; } - s->initial_ctx->stats.sess_cb_hit++; /* Increment reference count now if the session callback asks us to do so * (note that if the session structures returned by the callback are * shared between threads, it must handle the reference count itself * [i.e. copy == 0], or things won't be thread-safe). */ if (copy) { - CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_SSL_SESSION); + SSL_SESSION_up_ref(ret); } /* Add the externally cached session to the internal cache as well if and @@ -499,7 +487,6 @@ int ssl_get_prev_session(SSL *s, const struct ssl_early_callback_ctx *ctx) { if (ret->timeout < (long)(time(NULL) - ret->time)) { /* timeout */ - s->initial_ctx->stats.sess_timeout++; if (try_session_cache) { /* session was from the cache, so remove it */ SSL_CTX_remove_session(s->initial_ctx, ret); @@ -507,11 +494,7 @@ int ssl_get_prev_session(SSL *s, const struct ssl_early_callback_ctx *ctx) { goto err; } - s->initial_ctx->stats.sess_hit++; - - if (s->session != NULL) { - SSL_SESSION_free(s->session); - } + SSL_SESSION_free(s->session); s->session = ret; s->verify_result = s->session->verify_result; return 1; @@ -538,7 +521,7 @@ int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) { /* add just 1 reference count for the SSL_CTX's session cache even though it * has two ways of access: each session is in a doubly linked list and an * lhash */ - CRYPTO_add(&c->references, 1, CRYPTO_LOCK_SSL_SESSION); + SSL_SESSION_up_ref(c); /* if session c is in already in cache, we take back the increment later */ CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); @@ -579,7 +562,6 @@ int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) { if (!remove_session_lock(ctx, ctx->session_cache_tail, 0)) { break; } - ctx->stats.sess_cache_full++; } } } @@ -623,45 +605,32 @@ static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lock) { return ret; } -void SSL_SESSION_free(SSL_SESSION *ss) { - int i; - - if (ss == NULL) { - return; +SSL_SESSION *SSL_SESSION_up_ref(SSL_SESSION *session) { + if (session) { + CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION); } + return session; +} - i = CRYPTO_add(&ss->references, -1, CRYPTO_LOCK_SSL_SESSION); - if (i > 0) { +void SSL_SESSION_free(SSL_SESSION *session) { + if (session == NULL || + CRYPTO_add(&session->references, -1, CRYPTO_LOCK_SSL_SESSION) > 0) { return; } - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); + CRYPTO_free_ex_data(&g_ex_data_class, session, &session->ex_data); - OPENSSL_cleanse(ss->master_key, sizeof ss->master_key); - OPENSSL_cleanse(ss->session_id, sizeof ss->session_id); - if (ss->sess_cert != NULL) { - ssl_sess_cert_free(ss->sess_cert); - } - if (ss->peer != NULL) { - X509_free(ss->peer); - } - if (ss->tlsext_hostname != NULL) { - OPENSSL_free(ss->tlsext_hostname); - } - if (ss->tlsext_tick != NULL) { - OPENSSL_free(ss->tlsext_tick); - } - if (ss->tlsext_signed_cert_timestamp_list != NULL) { - OPENSSL_free(ss->tlsext_signed_cert_timestamp_list); - } - if (ss->ocsp_response != NULL) { - OPENSSL_free(ss->ocsp_response); - } - if (ss->psk_identity != NULL) { - OPENSSL_free(ss->psk_identity); - } - OPENSSL_cleanse(ss, sizeof(*ss)); - OPENSSL_free(ss); + OPENSSL_cleanse(session->master_key, sizeof(session->master_key)); + OPENSSL_cleanse(session->session_id, sizeof(session->session_id)); + ssl_sess_cert_free(session->sess_cert); + X509_free(session->peer); + OPENSSL_free(session->tlsext_hostname); + OPENSSL_free(session->tlsext_tick); + OPENSSL_free(session->tlsext_signed_cert_timestamp_list); + OPENSSL_free(session->ocsp_response); + OPENSSL_free(session->psk_identity); + OPENSSL_cleanse(session, sizeof(*session)); + OPENSSL_free(session); } int SSL_set_session(SSL *s, SSL_SESSION *session) { @@ -669,12 +638,10 @@ int SSL_set_session(SSL *s, SSL_SESSION *session) { return 1; } - if (s->session != NULL) { - SSL_SESSION_free(s->session); - } + SSL_SESSION_free(s->session); s->session = session; if (session != NULL) { - CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION); + SSL_SESSION_up_ref(session); s->verify_result = session->verify_result; } @@ -753,7 +720,7 @@ long SSL_CTX_get_timeout(const SSL_CTX *s) { typedef struct timeout_param_st { SSL_CTX *ctx; long time; - LHASH_OF(SSL_SESSION) * cache; + LHASH_OF(SSL_SESSION) *cache; } TIMEOUT_PARAM; static void timeout_doall_arg(SSL_SESSION *sess, void *void_param) { @@ -896,18 +863,6 @@ int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, return ctx->client_cert_cb; } -void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, - int (*cb)(SSL *ssl, uint8_t *cookie, - size_t *cookie_len)) { - ctx->app_gen_cookie_cb = cb; -} - -void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, - int (*cb)(SSL *ssl, const uint8_t *cookie, - size_t cookie_len)) { - ctx->app_verify_cookie_cb = cb; -} - void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx, void (*cb)(SSL *ssl, EVP_PKEY **pkey)) { ctx->channel_id_cb = cb; diff --git a/src/ssl/ssl_stat.c b/src/ssl/ssl_stat.c index 450ed7c..8bed9ad 100644 --- a/src/ssl/ssl_stat.c +++ b/src/ssl/ssl_stat.c @@ -83,7 +83,7 @@ */ #include -#include "ssl_locl.h" +#include "internal.h" const char *SSL_state_string_long(const SSL *s) { const char *str; @@ -382,14 +382,6 @@ const char *SSL_state_string_long(const SSL *s) { str = "DTLS1 read hello verify request B"; break; - case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: - str = "DTLS1 write hello verify request A"; - break; - - case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: - str = "DTLS1 write hello verify request B"; - break; - default: str = "unknown state"; break; @@ -691,14 +683,6 @@ const char *SSL_state_string(const SSL *s) { str = "DRCHVB"; break; - case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: - str = "DWCHVA"; - break; - - case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: - str = "DWCHVB"; - break; - default: str = "UNKWN "; break; diff --git a/src/ssl/ssl_test.c b/src/ssl/ssl_test.c deleted file mode 100644 index 70291a2..0000000 --- a/src/ssl/ssl_test.c +++ /dev/null @@ -1,456 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#include -#include - -#include -#include -#include -#include - -typedef struct { - int id; - int in_group_flag; -} EXPECTED_CIPHER; - -typedef struct { - /* The rule string to apply. */ - const char *rule; - /* The list of expected ciphers, in order, terminated with -1. */ - const EXPECTED_CIPHER *expected; -} CIPHER_TEST; - -/* Selecting individual ciphers should work. */ -static const char kRule1[] = - "ECDHE-ECDSA-CHACHA20-POLY1305:" - "ECDHE-RSA-CHACHA20-POLY1305:" - "ECDHE-ECDSA-AES128-GCM-SHA256:" - "ECDHE-RSA-AES128-GCM-SHA256"; - -static const EXPECTED_CIPHER kExpected1[] = { - { TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, 0 }, - { TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, 0 }, - { TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0 }, - { TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0 }, - { -1, -1 }, -}; - -/* + reorders selected ciphers to the end, keeping their relative - * order. */ -static const char kRule2[] = - "ECDHE-ECDSA-CHACHA20-POLY1305:" - "ECDHE-RSA-CHACHA20-POLY1305:" - "ECDHE-ECDSA-AES128-GCM-SHA256:" - "ECDHE-RSA-AES128-GCM-SHA256:" - "+aRSA"; - -static const EXPECTED_CIPHER kExpected2[] = { - { TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, 0 }, - { TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0 }, - { TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, 0 }, - { TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0 }, - { -1, -1 }, -}; - -/* ! banishes ciphers from future selections. */ -static const char kRule3[] = - "!aRSA:" - "ECDHE-ECDSA-CHACHA20-POLY1305:" - "ECDHE-RSA-CHACHA20-POLY1305:" - "ECDHE-ECDSA-AES128-GCM-SHA256:" - "ECDHE-RSA-AES128-GCM-SHA256"; - -static const EXPECTED_CIPHER kExpected3[] = { - { TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, 0 }, - { TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0 }, - { -1, -1 }, -}; - -/* Multiple masks can be ANDed in a single rule. */ -static const char kRule4[] = "kRSA+AESGCM+AES128"; - -static const EXPECTED_CIPHER kExpected4[] = { - { TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0 }, - { -1, -1 }, -}; - -/* - removes selected ciphers, but preserves their order for future - * selections. Select AES_128_GCM, but order the key exchanges RSA, - * DHE_RSA, ECDHE_RSA. */ -static const char kRule5[] = - "ALL:-kEECDH:-kEDH:-kRSA:-ALL:" - "AESGCM+AES128+aRSA"; - -static const EXPECTED_CIPHER kExpected5[] = { - { TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0 }, - { TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 0 }, - { TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0 }, - { -1, -1 }, -}; - -/* Unknown selectors are no-ops. */ -static const char kRule6[] = - "ECDHE-ECDSA-CHACHA20-POLY1305:" - "ECDHE-RSA-CHACHA20-POLY1305:" - "ECDHE-ECDSA-AES128-GCM-SHA256:" - "ECDHE-RSA-AES128-GCM-SHA256:" - "BOGUS1:-BOGUS2:+BOGUS3:!BOGUS4"; - -static const EXPECTED_CIPHER kExpected6[] = { - { TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, 0 }, - { TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, 0 }, - { TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0 }, - { TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0 }, - { -1, -1 }, -}; - -/* Square brackets specify equi-preference groups. */ -static const char kRule7[] = - "[ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256]:" - "[ECDHE-RSA-CHACHA20-POLY1305]:" - "ECDHE-RSA-AES128-GCM-SHA256"; - -static const EXPECTED_CIPHER kExpected7[] = { - { TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, 1 }, - { TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0 }, - { TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, 0 }, - { TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0 }, - { -1, -1 }, -}; - -/* @STRENGTH performs a stable strength-sort of the selected - * ciphers and only the selected ciphers. */ -static const char kRule8[] = - /* To simplify things, banish all but {ECDHE_RSA,RSA} x - * {CHACHA20,AES_256_CBC,AES_128_CBC,RC4} x SHA1. */ - "!kEDH:!AESGCM:!3DES:!SHA256:!MD5:!SHA384:" - /* Order some ciphers backwards by strength. */ - "ALL:-CHACHA20:-AES256:-AES128:-RC4:-ALL:" - /* Select ECDHE ones and sort them by strength. Ties should resolve - * based on the order above. */ - "kEECDH:@STRENGTH:-ALL:" - /* Now bring back everything uses RSA. ECDHE_RSA should be first, - * sorted by strength. Then RSA, backwards by strength. */ - "aRSA"; - -static const EXPECTED_CIPHER kExpected8[] = { - { TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0 }, - { TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, 0 }, - { TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, 0 }, - { TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0 }, - { SSL3_CK_RSA_RC4_128_SHA, 0 }, - { TLS1_CK_RSA_WITH_AES_128_SHA, 0 }, - { TLS1_CK_RSA_WITH_AES_256_SHA, 0 }, - { -1, -1 }, -}; - -static CIPHER_TEST kCipherTests[] = { - { kRule1, kExpected1 }, - { kRule2, kExpected2 }, - { kRule3, kExpected3 }, - { kRule4, kExpected4 }, - { kRule5, kExpected5 }, - { kRule6, kExpected6 }, - { kRule7, kExpected7 }, - { kRule8, kExpected8 }, - { NULL, NULL }, -}; - -static const char *kBadRules[] = { - /* Invalid brackets. */ - "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256", - "RSA]", - "[[RSA]]", - /* Operators inside brackets */ - "[+RSA]", - /* Unknown directive. */ - "@BOGUS", - /* Empty cipher lists error at SSL_CTX_set_cipher_list. */ - "", - "BOGUS", - /* Invalid command. */ - "?BAR", - /* Special operators are not allowed if groups are used. */ - "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:+FOO", - "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:!FOO", - "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:-FOO", - "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:@STRENGTH", - NULL, -}; - -static void print_cipher_preference_list( - struct ssl_cipher_preference_list_st *list) { - size_t i; - int in_group = 0; - for (i = 0; i < sk_SSL_CIPHER_num(list->ciphers); i++) { - const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(list->ciphers, i); - if (!in_group && list->in_group_flags[i]) { - fprintf(stderr, "\t[\n"); - in_group = 1; - } - fprintf(stderr, "\t"); - if (in_group) { - fprintf(stderr, " "); - } - fprintf(stderr, "%s\n", SSL_CIPHER_get_name(cipher)); - if (in_group && !list->in_group_flags[i]) { - fprintf(stderr, "\t]\n"); - in_group = 0; - } - } -} - -static int test_cipher_rule(CIPHER_TEST *t) { - int ret = 0; - SSL_CTX *ctx = SSL_CTX_new(SSLv23_server_method()); - size_t i; - - if (!SSL_CTX_set_cipher_list(ctx, t->rule)) { - fprintf(stderr, "Error testing cipher rule '%s'\n", t->rule); - BIO_print_errors_fp(stderr); - goto done; - } - - /* Compare the two lists. */ - for (i = 0; i < sk_SSL_CIPHER_num(ctx->cipher_list->ciphers); i++) { - const SSL_CIPHER *cipher = - sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i); - if (t->expected[i].id != SSL_CIPHER_get_id(cipher) || - t->expected[i].in_group_flag != ctx->cipher_list->in_group_flags[i]) { - fprintf(stderr, "Error: cipher rule '%s' evaluted to:\n", t->rule); - print_cipher_preference_list(ctx->cipher_list); - goto done; - } - } - - if (t->expected[i].id != -1) { - fprintf(stderr, "Error: cipher rule '%s' evaluted to:\n", t->rule); - print_cipher_preference_list(ctx->cipher_list); - goto done; - } - - ret = 1; -done: - SSL_CTX_free(ctx); - return ret; -} - -static int test_cipher_rules(void) { - size_t i; - for (i = 0; kCipherTests[i].rule != NULL; i++) { - if (!test_cipher_rule(&kCipherTests[i])) { - return 0; - } - } - - for (i = 0; kBadRules[i] != NULL; i++) { - SSL_CTX *ctx = SSL_CTX_new(SSLv23_server_method()); - if (SSL_CTX_set_cipher_list(ctx, kBadRules[i])) { - fprintf(stderr, "Cipher rule '%s' unexpectedly succeeded\n", kBadRules[i]); - return 0; - } - ERR_clear_error(); - SSL_CTX_free(ctx); - } - - return 1; -} - -/* kOpenSSLSession is a serialized SSL_SESSION generated from openssl - * s_client -sess_out. */ -static const char kOpenSSLSession[] = - "MIIFpQIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ" - "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH" - "IWoJoQYCBFRDO46iBAICASyjggR6MIIEdjCCA16gAwIBAgIIK9dUvsPWSlUwDQYJ" - "KoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx" - "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTQxMDA4" - "MTIwNzU3WhcNMTUwMTA2MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK" - "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v" - "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB" - "AQUAA4IBDwAwggEKAoIBAQCcKeLrplAC+Lofy8t/wDwtB6eu72CVp0cJ4V3lknN6" - "huH9ct6FFk70oRIh/VBNBBz900jYy+7111Jm1b8iqOTQ9aT5C7SEhNcQFJvqzH3e" - "MPkb6ZSWGm1yGF7MCQTGQXF20Sk/O16FSjAynU/b3oJmOctcycWYkY0ytS/k3LBu" - "Id45PJaoMqjB0WypqvNeJHC3q5JjCB4RP7Nfx5jjHSrCMhw8lUMW4EaDxjaR9KDh" - "PLgjsk+LDIySRSRDaCQGhEOWLJZVLzLo4N6/UlctCHEllpBUSvEOyFga52qroGjg" - "rf3WOQ925MFwzd6AK+Ich0gDRg8sQfdLH5OuP1cfLfU1AgMBAAGjggFBMIIBPTAd" - "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv" - "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp" - "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50" - "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBQ7a+CcxsZByOpc+xpYFcIbnUMZ" - "hTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv" - "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw" - "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCa" - "OXCBdoqUy5bxyq+Wrh1zsyyCFim1PH5VU2+yvDSWrgDY8ibRGJmfff3r4Lud5kal" - "dKs9k8YlKD3ITG7P0YT/Rk8hLgfEuLcq5cc0xqmE42xJ+Eo2uzq9rYorc5emMCxf" - "5L0TJOXZqHQpOEcuptZQ4OjdYMfSxk5UzueUhA3ogZKRcRkdB3WeWRp+nYRhx4St" - "o2rt2A0MKmY9165GHUqMK9YaaXHDXqBu7Sefr1uSoAP9gyIJKeihMivsGqJ1TD6Z" - "cc6LMe+dN2P8cZEQHtD1y296ul4Mivqk3jatUVL8/hCwgch9A8O4PGZq9WqBfEWm" - "IyHh1dPtbg1lOXdYCWtjpAIEAKUDAgEUqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36S" - "YTcLEkXqKwOBfF9vE4KX0NxeLwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9B" - "sNHM362zZnY27GpTw+Kwd751CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yE" - "OTDKPNj3+inbMaVigtK4PLyPq+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdA" - "i4gv7Y5oliyn"; - -/* kCustomSession is a custom serialized SSL_SESSION generated by - * filling in missing fields from |kOpenSSLSession|. This includes - * providing |peer_sha256|, so |peer| is not serialized. */ -static const char kCustomSession[] = - "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ" - "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH" - "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE" - "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe" - "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751" - "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP" - "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG" - "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF"; - -static int decode_base64(uint8_t **out, size_t *out_len, const char *in) { - size_t len; - - if (!EVP_DecodedLength(&len, strlen(in))) { - fprintf(stderr, "EVP_DecodedLength failed\n"); - return 0; - } - - *out = OPENSSL_malloc(len); - if (*out == NULL) { - fprintf(stderr, "malloc failed\n"); - return 0; - } - - if (!EVP_DecodeBase64(*out, out_len, len, (const uint8_t *)in, - strlen(in))) { - fprintf(stderr, "EVP_DecodeBase64 failed\n"); - OPENSSL_free(*out); - *out = NULL; - return 0; - } - return 1; -} - -static int test_ssl_session_asn1(const char *input_b64) { - int ret = 0, len; - size_t input_len, encoded_len; - uint8_t *input = NULL, *encoded = NULL; - const uint8_t *cptr; - uint8_t *ptr; - SSL_SESSION *session = NULL; - - /* Decode the input. */ - if (!decode_base64(&input, &input_len, input_b64)) { - goto done; - } - - /* Verify the SSL_SESSION decodes. */ - cptr = input; - session = d2i_SSL_SESSION(NULL, &cptr, input_len); - if (session == NULL || cptr != input + input_len) { - fprintf(stderr, "d2i_SSL_SESSION failed\n"); - goto done; - } - - /* Verify the SSL_SESSION encoding round-trips. */ - if (!SSL_SESSION_to_bytes(session, &encoded, &encoded_len)) { - fprintf(stderr, "SSL_SESSION_to_bytes failed\n"); - goto done; - } - if (encoded_len != input_len || - memcmp(input, encoded, input_len) != 0) { - fprintf(stderr, "SSL_SESSION_to_bytes did not round-trip\n"); - goto done; - } - OPENSSL_free(encoded); - encoded = NULL; - - /* Verify the SSL_SESSION encoding round-trips via the legacy API. */ - len = i2d_SSL_SESSION(session, NULL); - if (len < 0 || (size_t)len != input_len) { - fprintf(stderr, "i2d_SSL_SESSION(NULL) returned invalid length\n"); - goto done; - } - - encoded = OPENSSL_malloc(input_len); - if (encoded == NULL) { - fprintf(stderr, "malloc failed\n"); - goto done; - } - ptr = encoded; - len = i2d_SSL_SESSION(session, &ptr); - if (len < 0 || (size_t)len != input_len) { - fprintf(stderr, "i2d_SSL_SESSION returned invalid length\n"); - goto done; - } - if (ptr != encoded + input_len) { - fprintf(stderr, "i2d_SSL_SESSION did not advance ptr correctly\n"); - goto done; - } - if (memcmp(input, encoded, input_len) != 0) { - fprintf(stderr, "i2d_SSL_SESSION did not round-trip\n"); - goto done; - } - - ret = 1; - - done: - if (!ret) { - BIO_print_errors_fp(stderr); - } - - if (session) { - SSL_SESSION_free(session); - } - if (input) { - OPENSSL_free(input); - } - if (encoded) { - OPENSSL_free(encoded); - } - return ret; -} - -int test_default_version(uint16_t version, const SSL_METHOD *(*method)(void)) { - SSL_CTX *ctx; - int ret; - - ctx = SSL_CTX_new(method()); - if (ctx == NULL) { - return 0; - } - - ret = ctx->min_version == version && ctx->max_version == version; - SSL_CTX_free(ctx); - return ret; -} - -int main(void) { - SSL_library_init(); - - if (!test_cipher_rules() || - !test_ssl_session_asn1(kOpenSSLSession) || - !test_ssl_session_asn1(kCustomSession) || - !test_default_version(0, &TLS_method) || - !test_default_version(SSL3_VERSION, &SSLv3_method) || - !test_default_version(TLS1_VERSION, &TLSv1_method) || - !test_default_version(TLS1_1_VERSION, &TLSv1_1_method) || - !test_default_version(TLS1_2_VERSION, &TLSv1_2_method) || - !test_default_version(0, &DTLS_method) || - !test_default_version(DTLS1_VERSION, &DTLSv1_method) || - !test_default_version(DTLS1_2_VERSION, &DTLSv1_2_method)) { - return 1; - } - - printf("PASS\n"); - return 0; -} diff --git a/src/ssl/ssl_test.cc b/src/ssl/ssl_test.cc new file mode 100644 index 0000000..7886304 --- /dev/null +++ b/src/ssl/ssl_test.cc @@ -0,0 +1,509 @@ +/* Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include +#include + +#include +#include + +#include +#include +#include +#include + +#include "test/scoped_types.h" + +struct ExpectedCipher { + unsigned long id; + int in_group_flag; +}; + +struct CipherTest { + // The rule string to apply. + const char *rule; + // The list of expected ciphers, in order, terminated with -1. + const ExpectedCipher *expected; +}; + +// Selecting individual ciphers should work. +static const char kRule1[] = + "ECDHE-ECDSA-CHACHA20-POLY1305:" + "ECDHE-RSA-CHACHA20-POLY1305:" + "ECDHE-ECDSA-AES128-GCM-SHA256:" + "ECDHE-RSA-AES128-GCM-SHA256"; + +static const ExpectedCipher kExpected1[] = { + { TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, 0 }, + { TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, 0 }, + { TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0 }, + { TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0 }, + { 0, 0 }, +}; + +// + reorders selected ciphers to the end, keeping their relative +// order. +static const char kRule2[] = + "ECDHE-ECDSA-CHACHA20-POLY1305:" + "ECDHE-RSA-CHACHA20-POLY1305:" + "ECDHE-ECDSA-AES128-GCM-SHA256:" + "ECDHE-RSA-AES128-GCM-SHA256:" + "+aRSA"; + +static const ExpectedCipher kExpected2[] = { + { TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, 0 }, + { TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0 }, + { TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, 0 }, + { TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0 }, + { 0, 0 }, +}; + +// ! banishes ciphers from future selections. +static const char kRule3[] = + "!aRSA:" + "ECDHE-ECDSA-CHACHA20-POLY1305:" + "ECDHE-RSA-CHACHA20-POLY1305:" + "ECDHE-ECDSA-AES128-GCM-SHA256:" + "ECDHE-RSA-AES128-GCM-SHA256"; + +static const ExpectedCipher kExpected3[] = { + { TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, 0 }, + { TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0 }, + { 0, 0 }, +}; + +// Multiple masks can be ANDed in a single rule. +static const char kRule4[] = "kRSA+AESGCM+AES128"; + +static const ExpectedCipher kExpected4[] = { + { TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0 }, + { 0, 0 }, +}; + +// - removes selected ciphers, but preserves their order for future +// selections. Select AES_128_GCM, but order the key exchanges RSA, +// DHE_RSA, ECDHE_RSA. +static const char kRule5[] = + "ALL:-kECDHE:-kDHE:-kRSA:-ALL:" + "AESGCM+AES128+aRSA"; + +static const ExpectedCipher kExpected5[] = { + { TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0 }, + { TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 0 }, + { TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0 }, + { 0, 0 }, +}; + +// Unknown selectors are no-ops. +static const char kRule6[] = + "ECDHE-ECDSA-CHACHA20-POLY1305:" + "ECDHE-RSA-CHACHA20-POLY1305:" + "ECDHE-ECDSA-AES128-GCM-SHA256:" + "ECDHE-RSA-AES128-GCM-SHA256:" + "BOGUS1:-BOGUS2:+BOGUS3:!BOGUS4"; + +static const ExpectedCipher kExpected6[] = { + { TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, 0 }, + { TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, 0 }, + { TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0 }, + { TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0 }, + { 0, 0 }, +}; + +// Square brackets specify equi-preference groups. +static const char kRule7[] = + "[ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256]:" + "[ECDHE-RSA-CHACHA20-POLY1305]:" + "ECDHE-RSA-AES128-GCM-SHA256"; + +static const ExpectedCipher kExpected7[] = { + { TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, 1 }, + { TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0 }, + { TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, 0 }, + { TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0 }, + { 0, 0 }, +}; + +// @STRENGTH performs a stable strength-sort of the selected +// ciphers and only the selected ciphers. +static const char kRule8[] = + // To simplify things, banish all but {ECDHE_RSA,RSA} x + // {CHACHA20,AES_256_CBC,AES_128_CBC,RC4} x SHA1. + "!kEDH:!AESGCM:!3DES:!SHA256:!MD5:!SHA384:" + // Order some ciphers backwards by strength. + "ALL:-CHACHA20:-AES256:-AES128:-RC4:-ALL:" + // Select ECDHE ones and sort them by strength. Ties should resolve + // based on the order above. + "kECDHE:@STRENGTH:-ALL:" + // Now bring back everything uses RSA. ECDHE_RSA should be first, + // sorted by strength. Then RSA, backwards by strength. + "aRSA"; + +static const ExpectedCipher kExpected8[] = { + { TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0 }, + { TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, 0 }, + { TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, 0 }, + { TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0 }, + { SSL3_CK_RSA_RC4_128_SHA, 0 }, + { TLS1_CK_RSA_WITH_AES_128_SHA, 0 }, + { TLS1_CK_RSA_WITH_AES_256_SHA, 0 }, + { 0, 0 }, +}; + +// Exact ciphers may not be used in multi-part rules; they are treated +// as unknown aliases. +static const char kRule9[] = + "ECDHE-ECDSA-CHACHA20-POLY1305:" + "ECDHE-RSA-CHACHA20-POLY1305:" + "!ECDHE-RSA-CHACHA20-POLY1305+RSA:" + "!ECDSA+ECDHE-ECDSA-CHACHA20-POLY1305"; + +static const ExpectedCipher kExpected9[] = { + { TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, 0 }, + { TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, 0 }, + { 0, 0 }, +}; + +static CipherTest kCipherTests[] = { + { kRule1, kExpected1 }, + { kRule2, kExpected2 }, + { kRule3, kExpected3 }, + { kRule4, kExpected4 }, + { kRule5, kExpected5 }, + { kRule6, kExpected6 }, + { kRule7, kExpected7 }, + { kRule8, kExpected8 }, + { kRule9, kExpected9 }, + { NULL, NULL }, +}; + +static const char *kBadRules[] = { + // Invalid brackets. + "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256", + "RSA]", + "[[RSA]]", + // Operators inside brackets. + "[+RSA]", + // Unknown directive. + "@BOGUS", + // Empty cipher lists error at SSL_CTX_set_cipher_list. + "", + "BOGUS", + // COMPLEMENTOFDEFAULT is empty. + "COMPLEMENTOFDEFAULT", + // Invalid command. + "?BAR", + // Special operators are not allowed if groups are used. + "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:+FOO", + "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:!FOO", + "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:-FOO", + "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:@STRENGTH", + NULL, +}; + +static void PrintCipherPreferenceList(ssl_cipher_preference_list_st *list) { + bool in_group = false; + for (size_t i = 0; i < sk_SSL_CIPHER_num(list->ciphers); i++) { + const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(list->ciphers, i); + if (!in_group && list->in_group_flags[i]) { + fprintf(stderr, "\t[\n"); + in_group = true; + } + fprintf(stderr, "\t"); + if (in_group) { + fprintf(stderr, " "); + } + fprintf(stderr, "%s\n", SSL_CIPHER_get_name(cipher)); + if (in_group && !list->in_group_flags[i]) { + fprintf(stderr, "\t]\n"); + in_group = false; + } + } +} + +static bool TestCipherRule(CipherTest *t) { + ScopedSSL_CTX ctx(SSL_CTX_new(TLS_method())); + if (!ctx) { + return false; + } + + if (!SSL_CTX_set_cipher_list(ctx.get(), t->rule)) { + fprintf(stderr, "Error testing cipher rule '%s'\n", t->rule); + return false; + } + + // Compare the two lists. + size_t i; + for (i = 0; i < sk_SSL_CIPHER_num(ctx->cipher_list->ciphers); i++) { + const SSL_CIPHER *cipher = + sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i); + if (t->expected[i].id != SSL_CIPHER_get_id(cipher) || + t->expected[i].in_group_flag != ctx->cipher_list->in_group_flags[i]) { + fprintf(stderr, "Error: cipher rule '%s' evaluated to:\n", t->rule); + PrintCipherPreferenceList(ctx->cipher_list); + return false; + } + } + + if (t->expected[i].id != 0) { + fprintf(stderr, "Error: cipher rule '%s' evaluated to:\n", t->rule); + PrintCipherPreferenceList(ctx->cipher_list); + return false; + } + + return true; +} + +static bool TestCipherRules() { + for (size_t i = 0; kCipherTests[i].rule != NULL; i++) { + if (!TestCipherRule(&kCipherTests[i])) { + return false; + } + } + + for (size_t i = 0; kBadRules[i] != NULL; i++) { + ScopedSSL_CTX ctx(SSL_CTX_new(SSLv23_server_method())); + if (!ctx) { + return false; + } + if (SSL_CTX_set_cipher_list(ctx.get(), kBadRules[i])) { + fprintf(stderr, "Cipher rule '%s' unexpectedly succeeded\n", kBadRules[i]); + return false; + } + ERR_clear_error(); + } + + return true; +} + +// kOpenSSLSession is a serialized SSL_SESSION generated from openssl +// s_client -sess_out. +static const char kOpenSSLSession[] = + "MIIFpQIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ" + "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH" + "IWoJoQYCBFRDO46iBAICASyjggR6MIIEdjCCA16gAwIBAgIIK9dUvsPWSlUwDQYJ" + "KoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx" + "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTQxMDA4" + "MTIwNzU3WhcNMTUwMTA2MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK" + "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v" + "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB" + "AQUAA4IBDwAwggEKAoIBAQCcKeLrplAC+Lofy8t/wDwtB6eu72CVp0cJ4V3lknN6" + "huH9ct6FFk70oRIh/VBNBBz900jYy+7111Jm1b8iqOTQ9aT5C7SEhNcQFJvqzH3e" + "MPkb6ZSWGm1yGF7MCQTGQXF20Sk/O16FSjAynU/b3oJmOctcycWYkY0ytS/k3LBu" + "Id45PJaoMqjB0WypqvNeJHC3q5JjCB4RP7Nfx5jjHSrCMhw8lUMW4EaDxjaR9KDh" + "PLgjsk+LDIySRSRDaCQGhEOWLJZVLzLo4N6/UlctCHEllpBUSvEOyFga52qroGjg" + "rf3WOQ925MFwzd6AK+Ich0gDRg8sQfdLH5OuP1cfLfU1AgMBAAGjggFBMIIBPTAd" + "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv" + "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp" + "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50" + "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBQ7a+CcxsZByOpc+xpYFcIbnUMZ" + "hTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv" + "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw" + "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCa" + "OXCBdoqUy5bxyq+Wrh1zsyyCFim1PH5VU2+yvDSWrgDY8ibRGJmfff3r4Lud5kal" + "dKs9k8YlKD3ITG7P0YT/Rk8hLgfEuLcq5cc0xqmE42xJ+Eo2uzq9rYorc5emMCxf" + "5L0TJOXZqHQpOEcuptZQ4OjdYMfSxk5UzueUhA3ogZKRcRkdB3WeWRp+nYRhx4St" + "o2rt2A0MKmY9165GHUqMK9YaaXHDXqBu7Sefr1uSoAP9gyIJKeihMivsGqJ1TD6Z" + "cc6LMe+dN2P8cZEQHtD1y296ul4Mivqk3jatUVL8/hCwgch9A8O4PGZq9WqBfEWm" + "IyHh1dPtbg1lOXdYCWtjpAIEAKUDAgEUqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36S" + "YTcLEkXqKwOBfF9vE4KX0NxeLwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9B" + "sNHM362zZnY27GpTw+Kwd751CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yE" + "OTDKPNj3+inbMaVigtK4PLyPq+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdA" + "i4gv7Y5oliyn"; + +// kCustomSession is a custom serialized SSL_SESSION generated by +// filling in missing fields from |kOpenSSLSession|. This includes +// providing |peer_sha256|, so |peer| is not serialized. +static const char kCustomSession[] = + "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ" + "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH" + "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE" + "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe" + "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751" + "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP" + "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG" + "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF"; + +static bool DecodeBase64(std::vector *out, const char *in) { + size_t len; + if (!EVP_DecodedLength(&len, strlen(in))) { + fprintf(stderr, "EVP_DecodedLength failed\n"); + return false; + } + + out->resize(len); + if (!EVP_DecodeBase64(bssl::vector_data(out), &len, len, (const uint8_t *)in, + strlen(in))) { + fprintf(stderr, "EVP_DecodeBase64 failed\n"); + return false; + } + out->resize(len); + return true; +} + +static bool TestSSL_SESSIONEncoding(const char *input_b64) { + const uint8_t *cptr; + uint8_t *ptr; + + // Decode the input. + std::vector input; + if (!DecodeBase64(&input, input_b64)) { + return false; + } + + // Verify the SSL_SESSION decodes. + cptr = bssl::vector_data(&input); + ScopedSSL_SESSION session(d2i_SSL_SESSION(NULL, &cptr, input.size())); + if (!session || cptr != bssl::vector_data(&input) + input.size()) { + fprintf(stderr, "d2i_SSL_SESSION failed\n"); + return false; + } + + // Verify the SSL_SESSION encoding round-trips. + size_t encoded_len; + ScopedOpenSSLBytes encoded; + uint8_t *encoded_raw; + if (!SSL_SESSION_to_bytes(session.get(), &encoded_raw, &encoded_len)) { + fprintf(stderr, "SSL_SESSION_to_bytes failed\n"); + return false; + } + encoded.reset(encoded_raw); + if (encoded_len != input.size() || + memcmp(bssl::vector_data(&input), encoded.get(), input.size()) != 0) { + fprintf(stderr, "SSL_SESSION_to_bytes did not round-trip\n"); + return false; + } + + // Verify the SSL_SESSION encoding round-trips via the legacy API. + int len = i2d_SSL_SESSION(session.get(), NULL); + if (len < 0 || (size_t)len != input.size()) { + fprintf(stderr, "i2d_SSL_SESSION(NULL) returned invalid length\n"); + return false; + } + + encoded.reset((uint8_t *)OPENSSL_malloc(input.size())); + if (!encoded) { + fprintf(stderr, "malloc failed\n"); + return false; + } + + ptr = encoded.get(); + len = i2d_SSL_SESSION(session.get(), &ptr); + if (len < 0 || (size_t)len != input.size()) { + fprintf(stderr, "i2d_SSL_SESSION returned invalid length\n"); + return false; + } + if (ptr != encoded.get() + input.size()) { + fprintf(stderr, "i2d_SSL_SESSION did not advance ptr correctly\n"); + return false; + } + if (memcmp(bssl::vector_data(&input), encoded.get(), input.size()) != 0) { + fprintf(stderr, "i2d_SSL_SESSION did not round-trip\n"); + return false; + } + + return true; +} + +static bool TestDefaultVersion(uint16_t version, + const SSL_METHOD *(*method)(void)) { + ScopedSSL_CTX ctx(SSL_CTX_new(method())); + if (!ctx) { + return false; + } + return ctx->min_version == version && ctx->max_version == version; +} + +static bool CipherGetRFCName(std::string *out, uint16_t value) { + const SSL_CIPHER *cipher = SSL_get_cipher_by_value(value); + if (cipher == NULL) { + return false; + } + ScopedOpenSSLString rfc_name(SSL_CIPHER_get_rfc_name(cipher)); + out->assign(rfc_name.get()); + return true; +} + +typedef struct { + int id; + const char *rfc_name; +} CIPHER_RFC_NAME_TEST; + +static const CIPHER_RFC_NAME_TEST kCipherRFCNameTests[] = { + { SSL3_CK_RSA_DES_192_CBC3_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" }, + { SSL3_CK_RSA_RC4_128_MD5, "TLS_RSA_WITH_RC4_MD5" }, + { TLS1_CK_RSA_WITH_AES_128_SHA, "TLS_RSA_WITH_AES_128_CBC_SHA" }, + { TLS1_CK_DHE_RSA_WITH_AES_256_SHA, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" }, + { TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, + "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" }, + { TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" }, + { TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, + "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" }, + { TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" }, + { TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" }, + { TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" }, + { TLS1_CK_PSK_WITH_RC4_128_SHA, "TLS_PSK_WITH_RC4_SHA" }, + // These names are non-standard: + { TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, + "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, + { TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, + "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" }, + { TLS1_CK_ECDHE_PSK_WITH_AES_128_GCM_SHA256, + "TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256" }, +}; + +static bool TestCipherGetRFCName(void) { + for (size_t i = 0; + i < sizeof(kCipherRFCNameTests) / sizeof(kCipherRFCNameTests[0]); i++) { + const CIPHER_RFC_NAME_TEST *test = &kCipherRFCNameTests[i]; + std::string rfc_name; + if (!CipherGetRFCName(&rfc_name, test->id & 0xffff)) { + fprintf(stderr, "SSL_CIPHER_get_rfc_name failed\n"); + return false; + } + if (rfc_name != test->rfc_name) { + fprintf(stderr, "SSL_CIPHER_get_rfc_name: got '%s', wanted '%s'\n", + rfc_name.c_str(), test->rfc_name); + return false; + } + } + return true; +} + +int main(void) { + SSL_library_init(); + + if (!TestCipherRules() || + !TestSSL_SESSIONEncoding(kOpenSSLSession) || + !TestSSL_SESSIONEncoding(kCustomSession) || + !TestDefaultVersion(0, &TLS_method) || + !TestDefaultVersion(SSL3_VERSION, &SSLv3_method) || + !TestDefaultVersion(TLS1_VERSION, &TLSv1_method) || + !TestDefaultVersion(TLS1_1_VERSION, &TLSv1_1_method) || + !TestDefaultVersion(TLS1_2_VERSION, &TLSv1_2_method) || + !TestDefaultVersion(0, &DTLS_method) || + !TestDefaultVersion(DTLS1_VERSION, &DTLSv1_method) || + !TestDefaultVersion(DTLS1_2_VERSION, &DTLSv1_2_method) || + !TestCipherGetRFCName()) { + ERR_print_errors_fp(stderr); + return 1; + } + + printf("PASS\n"); + return 0; +} diff --git a/src/ssl/ssl_txt.c b/src/ssl/ssl_txt.c index c950ce8..2275f16 100644 --- a/src/ssl/ssl_txt.c +++ b/src/ssl/ssl_txt.c @@ -87,7 +87,7 @@ #include #include -#include "ssl_locl.h" +#include "internal.h" int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) { @@ -145,8 +145,9 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) { } for (i = 0; i < x->session_id_length; i++) { - if (BIO_printf(bp, "%02X", x->session_id[i]) <= 0) + if (BIO_printf(bp, "%02X", x->session_id[i]) <= 0) { goto err; + } } if (BIO_puts(bp, "\n Session-ID-ctx: ") <= 0) { diff --git a/src/ssl/t1_enc.c b/src/ssl/t1_enc.c index 014bc88..3eaffe7 100644 --- a/src/ssl/t1_enc.c +++ b/src/ssl/t1_enc.c @@ -133,8 +133,9 @@ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR * OTHERWISE. */ -#include #include +#include +#include #include #include @@ -144,7 +145,7 @@ #include #include -#include "ssl_locl.h" +#include "internal.h" /* tls1_P_hash computes the TLS P_ function as described in RFC 5246, @@ -225,7 +226,7 @@ int tls1_prf(SSL *s, uint8_t *out, size_t out_len, const uint8_t *secret, const uint8_t *seed2, size_t seed2_len) { size_t idx, len, count, i; const uint8_t *S1; - long m; + uint32_t m; const EVP_MD *md; int ret = 0; uint8_t *tmp; @@ -243,7 +244,7 @@ int tls1_prf(SSL *s, uint8_t *out, size_t out_len, const uint8_t *secret, /* Count number of digests and partition |secret| evenly. */ count = 0; - for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) { + for (idx = 0; ssl_get_handshake_digest(&m, &md, idx); idx++) { if ((m << TLS1_PRF_DGST_SHIFT) & ssl_get_algorithm2(s)) { count++; } @@ -258,7 +259,7 @@ int tls1_prf(SSL *s, uint8_t *out, size_t out_len, const uint8_t *secret, } S1 = secret; memset(out, 0, out_len); - for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) { + for (idx = 0; ssl_get_handshake_digest(&m, &md, idx); idx++) { if ((m << TLS1_PRF_DGST_SHIFT) & ssl_get_algorithm2(s)) { /* If |count| is 2 and |secret_len| is odd, |secret| is partitioned into * two halves with an overlapping byte. */ @@ -340,14 +341,12 @@ static int tls1_change_cipher_state_aead(SSL *s, char is_read, } aead_ctx = s->aead_read_ctx; } else { - /* When updating the cipher state for DTLS, we do not wish to overwrite the - * old ones because DTLS stores pointers to them in order to implement - * retransmission. See dtls1_hm_fragment_free. - * - * TODO(davidben): Simplify aead_write_ctx ownership, probably by just - * forbidding DTLS renego. */ - if (SSL_IS_DTLS(s)) { - s->aead_write_ctx = NULL; + if (SSL_IS_DTLS(s) && s->aead_write_ctx != NULL) { + /* DTLS renegotiation is unsupported, so a CCS can only switch away from + * the NULL cipher. This simplifies renegotiation. */ + OPENSSL_PUT_ERROR(SSL, tls1_change_cipher_state_aead, + ERR_R_INTERNAL_ERROR); + return 0; } if (!tls1_aead_ctx_init(&s->aead_write_ctx)) { return 0; @@ -355,8 +354,9 @@ static int tls1_change_cipher_state_aead(SSL *s, char is_read, aead_ctx = s->aead_write_ctx; } - if (!EVP_AEAD_CTX_init(&aead_ctx->ctx, aead, key, key_len, - EVP_AEAD_DEFAULT_TAG_LENGTH, NULL /* engine */)) { + if (!EVP_AEAD_CTX_init_with_direction( + &aead_ctx->ctx, aead, key, key_len, EVP_AEAD_DEFAULT_TAG_LENGTH, + is_read ? evp_aead_open : evp_aead_seal)) { OPENSSL_free(aead_ctx); if (is_read) { s->aead_read_ctx = NULL; @@ -578,7 +578,7 @@ int tls1_enc(SSL *s, int send) { aead = s->aead_read_ctx; } - if (s->session == NULL || aead == NULL) { + if (aead == NULL) { /* Handle the initial NULL cipher. */ memmove(rec->data, rec->input, rec->length); rec->input = rec->data; @@ -598,13 +598,9 @@ int tls1_enc(SSL *s, int send) { memcpy(p, &seq[2], 6); memcpy(ad, dtlsseq, 8); } else { - int i; memcpy(ad, seq, 8); - for (i = 7; i >= 0; i--) { - ++seq[i]; - if (seq[i] != 0) { - break; - } + if (!ssl3_record_sequence_update(seq, 8)) { + return 0; } } @@ -739,7 +735,10 @@ int tls1_cert_verify_mac(SSL *s, int md_nid, uint8_t *out) { } EVP_MD_CTX_init(&ctx); - EVP_MD_CTX_copy_ex(&ctx, d); + if (!EVP_MD_CTX_copy_ex(&ctx, d)) { + EVP_MD_CTX_cleanup(&ctx); + return 0; + } EVP_DigestFinal_ex(&ctx, out, &ret); EVP_MD_CTX_cleanup(&ctx); @@ -756,11 +755,11 @@ int tls1_handshake_digest(SSL *s, uint8_t *out, size_t out_len) { EVP_MD_CTX ctx; int err = 0, len = 0; size_t i; - long mask; + uint32_t mask; EVP_MD_CTX_init(&ctx); - for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++) { + for (i = 0; ssl_get_handshake_digest(&mask, &md, i); i++) { size_t hash_size; unsigned int digest_len; EVP_MD_CTX *hdgst = s->s3->handshake_dgst[i]; @@ -863,82 +862,42 @@ int tls1_generate_master_secret(SSL *s, uint8_t *out, const uint8_t *premaster, return SSL3_MASTER_SECRET_SIZE; } -int tls1_export_keying_material(SSL *s, uint8_t *out, size_t olen, - const char *label, size_t llen, - const uint8_t *context, size_t contextlen, +int tls1_export_keying_material(SSL *s, uint8_t *out, size_t out_len, + const char *label, size_t label_len, + const uint8_t *context, size_t context_len, int use_context) { - uint8_t *val = NULL; - size_t vallen, currentvalpos; - int ret; - - /* construct PRF arguments we construct the PRF argument ourself rather than - * passing separate values into the TLS PRF to ensure that the concatenation - * of values does not create a prohibited label. */ - vallen = llen + SSL3_RANDOM_SIZE * 2; - if (use_context) { - vallen += 2 + contextlen; - } - - val = OPENSSL_malloc(vallen); - if (val == NULL) { - goto err2; + if (!s->s3->have_version || s->version == SSL3_VERSION) { + OPENSSL_PUT_ERROR(SSL, tls1_export_keying_material, + ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; } - currentvalpos = 0; - memcpy(val + currentvalpos, (uint8_t *)label, llen); - currentvalpos += llen; - memcpy(val + currentvalpos, s->s3->client_random, SSL3_RANDOM_SIZE); - currentvalpos += SSL3_RANDOM_SIZE; - memcpy(val + currentvalpos, s->s3->server_random, SSL3_RANDOM_SIZE); - currentvalpos += SSL3_RANDOM_SIZE; - + size_t seed_len = 2 * SSL3_RANDOM_SIZE; if (use_context) { - val[currentvalpos] = (contextlen >> 8) & 0xff; - currentvalpos++; - val[currentvalpos] = contextlen & 0xff; - currentvalpos++; - if (contextlen > 0 || context != NULL) { - memcpy(val + currentvalpos, context, contextlen); + if (context_len >= 1u << 16) { + OPENSSL_PUT_ERROR(SSL, tls1_export_keying_material, ERR_R_OVERFLOW); + return 0; } + seed_len += 2 + context_len; } - - /* disallow prohibited labels note that SSL3_RANDOM_SIZE > max(prohibited - * label len) = 15, so size of val > max(prohibited label len) = 15 and the - * comparisons won't have buffer overflow. */ - if (memcmp(val, TLS_MD_CLIENT_FINISH_CONST, - TLS_MD_CLIENT_FINISH_CONST_SIZE) == 0 || - memcmp(val, TLS_MD_SERVER_FINISH_CONST, - TLS_MD_SERVER_FINISH_CONST_SIZE) == 0 || - memcmp(val, TLS_MD_MASTER_SECRET_CONST, - TLS_MD_MASTER_SECRET_CONST_SIZE) == 0 || - memcmp(val, TLS_MD_KEY_EXPANSION_CONST, - TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0) { - goto err1; + uint8_t *seed = OPENSSL_malloc(seed_len); + if (seed == NULL) { + OPENSSL_PUT_ERROR(SSL, tls1_export_keying_material, ERR_R_MALLOC_FAILURE); + return 0; } - /* SSL_export_keying_material is not implemented for SSLv3, so passing - * everything through the label parameter works. */ - assert(s->version != SSL3_VERSION); - ret = s->enc_method->prf(s, out, olen, s->session->master_key, - s->session->master_key_length, (const char *)val, - vallen, NULL, 0, NULL, 0); - goto out; - -err1: - OPENSSL_PUT_ERROR(SSL, tls1_export_keying_material, - SSL_R_TLS_ILLEGAL_EXPORTER_LABEL); - ret = 0; - goto out; - -err2: - OPENSSL_PUT_ERROR(SSL, tls1_export_keying_material, ERR_R_MALLOC_FAILURE); - ret = 0; - -out: - if (val != NULL) { - OPENSSL_free(val); + memcpy(seed, s->s3->client_random, SSL3_RANDOM_SIZE); + memcpy(seed + SSL3_RANDOM_SIZE, s->s3->server_random, SSL3_RANDOM_SIZE); + if (use_context) { + seed[2 * SSL3_RANDOM_SIZE] = (uint8_t)(context_len >> 8); + seed[2 * SSL3_RANDOM_SIZE + 1] = (uint8_t)context_len; + memcpy(seed + 2 * SSL3_RANDOM_SIZE + 2, context, context_len); } + int ret = s->enc_method->prf(s, out, out_len, s->session->master_key, + s->session->master_key_length, label, label_len, + seed, seed_len, NULL, 0); + OPENSSL_free(seed); return ret; } diff --git a/src/ssl/t1_lib.c b/src/ssl/t1_lib.c index e26351b..433a647 100644 --- a/src/ssl/t1_lib.c +++ b/src/ssl/t1_lib.c @@ -106,18 +106,20 @@ * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). */ +#include #include #include -#include +#include #include +#include #include #include #include #include #include -#include "ssl_locl.h" +#include "internal.h" static int tls_decrypt_ticket(SSL *s, const uint8_t *tick, int ticklen, @@ -133,16 +135,12 @@ const SSL3_ENC_METHOD TLSv1_enc_data = { tls1_generate_master_secret, tls1_change_cipher_state, tls1_final_finish_mac, - TLS1_FINISH_MAC_LENGTH, tls1_cert_verify_mac, TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE, TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE, tls1_alert_code, tls1_export_keying_material, 0, - SSL3_HM_HEADER_LENGTH, - ssl3_set_handshake_header, - ssl3_handshake_write, }; const SSL3_ENC_METHOD TLSv1_1_enc_data = { @@ -152,16 +150,12 @@ const SSL3_ENC_METHOD TLSv1_1_enc_data = { tls1_generate_master_secret, tls1_change_cipher_state, tls1_final_finish_mac, - TLS1_FINISH_MAC_LENGTH, tls1_cert_verify_mac, TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE, TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE, tls1_alert_code, tls1_export_keying_material, SSL_ENC_FLAG_EXPLICIT_IV, - SSL3_HM_HEADER_LENGTH, - ssl3_set_handshake_header, - ssl3_handshake_write, }; const SSL3_ENC_METHOD TLSv1_2_enc_data = { @@ -171,7 +165,6 @@ const SSL3_ENC_METHOD TLSv1_2_enc_data = { tls1_generate_master_secret, tls1_change_cipher_state, tls1_final_finish_mac, - TLS1_FINISH_MAC_LENGTH, tls1_cert_verify_mac, TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE, TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE, @@ -179,9 +172,6 @@ const SSL3_ENC_METHOD TLSv1_2_enc_data = { tls1_export_keying_material, SSL_ENC_FLAG_EXPLICIT_IV|SSL_ENC_FLAG_SIGALGS|SSL_ENC_FLAG_SHA256_PRF |SSL_ENC_FLAG_TLS1_2_CIPHERS, - SSL3_HM_HEADER_LENGTH, - ssl3_set_handshake_header, - ssl3_handshake_write, }; static int compare_uint16_t(const void *p1, const void *p2) { @@ -255,8 +245,7 @@ static int tls1_check_duplicate_extensions(const CBS *cbs) { ret = 1; done: - if (extension_types) - OPENSSL_free(extension_types); + OPENSSL_free(extension_types); return ret; } @@ -367,7 +356,7 @@ static const uint8_t ecformats_default[] = { }; static const uint16_t eccurves_default[] = { - 23, /* X9_64_prime256v1 */ + 23, /* X9_62_prime256v1 */ 24, /* secp384r1 */ }; @@ -399,6 +388,9 @@ static void tls1_get_curvelist(SSL *s, int get_peer_curves, const uint16_t **out_curve_ids, size_t *out_curve_ids_len) { if (get_peer_curves) { + /* Only clients send a curve list, so this function is only called + * on the server. */ + assert(s->server); *out_curve_ids = s->s3->tmp.peer_ellipticcurvelist; *out_curve_ids_len = s->s3->tmp.peer_ellipticcurvelist_length; return; @@ -437,22 +429,38 @@ int tls1_check_curve(SSL *s, CBS *cbs, uint16_t *out_curve_id) { } int tls1_get_shared_curve(SSL *s) { - const uint16_t *pref, *supp; - size_t preflen, supplen, i, j; + const uint16_t *curves, *peer_curves, *pref, *supp; + size_t curves_len, peer_curves_len, pref_len, supp_len, i, j; /* Can't do anything on client side */ if (s->server == 0) { return NID_undef; } - /* Return first preference shared curve */ - tls1_get_curvelist(s, !!(s->options & SSL_OP_CIPHER_SERVER_PREFERENCE), &supp, - &supplen); - tls1_get_curvelist(s, !(s->options & SSL_OP_CIPHER_SERVER_PREFERENCE), &pref, - &preflen); + tls1_get_curvelist(s, 0 /* local curves */, &curves, &curves_len); + tls1_get_curvelist(s, 1 /* peer curves */, &peer_curves, &peer_curves_len); + + if (peer_curves_len == 0) { + /* Clients are not required to send a supported_curves extension. In this + * case, the server is free to pick any curve it likes. See RFC 4492, + * section 4, paragraph 3. */ + return (curves_len == 0) ? NID_undef : tls1_ec_curve_id2nid(curves[0]); + } + + if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) { + pref = curves; + pref_len = curves_len; + supp = peer_curves; + supp_len = peer_curves_len; + } else { + pref = peer_curves; + pref_len = peer_curves_len; + supp = curves; + supp_len = curves_len; + } - for (i = 0; i < preflen; i++) { - for (j = 0; j < supplen; j++) { + for (i = 0; i < pref_len; i++) { + for (j = 0; j < supp_len; j++) { if (pref[i] == supp[j]) { return tls1_ec_curve_id2nid(pref[i]); } @@ -479,9 +487,7 @@ int tls1_set_curves(uint16_t **out_curve_ids, size_t *out_curve_ids_len, } } - if (*out_curve_ids) { - OPENSSL_free(*out_curve_ids); - } + OPENSSL_free(*out_curve_ids); *out_curve_ids = curve_ids; *out_curve_ids_len = ncurves; @@ -556,11 +562,23 @@ static int tls1_check_point_format(SSL *s, uint8_t comp_id) { * preferences are checked; the peer (the server) does not send preferences. */ static int tls1_check_curve_id(SSL *s, uint16_t curve_id) { const uint16_t *curves; - size_t curves_len, i, j; + size_t curves_len, i, get_peer_curves; /* Check against our list, then the peer's list. */ - for (j = 0; j <= 1; j++) { - tls1_get_curvelist(s, j, &curves, &curves_len); + for (get_peer_curves = 0; get_peer_curves <= 1; get_peer_curves++) { + if (get_peer_curves && !s->server) { + /* Servers do not present a preference list so, if we are a client, only + * check our list. */ + continue; + } + + tls1_get_curvelist(s, get_peer_curves, &curves, &curves_len); + if (get_peer_curves && curves_len == 0) { + /* Clients are not required to send a supported_curves extension. In this + * case, the server is free to pick any curve it likes. See RFC 4492, + * section 4, paragraph 3. */ + continue; + } for (i = 0; i < curves_len; i++) { if (curves[i] == curve_id) { break; @@ -570,12 +588,6 @@ static int tls1_check_curve_id(SSL *s, uint16_t curve_id) { if (i == curves_len) { return 0; } - - /* Servers do not present a preference list so, if we are a client, only - * check our list. */ - if (!s->server) { - return 1; - } } return 1; @@ -610,30 +622,27 @@ int tls1_check_ec_cert(SSL *s, X509 *x) { ret = 1; done: - if (pkey) { - EVP_PKEY_free(pkey); - } + EVP_PKEY_free(pkey); return ret; } int tls1_check_ec_tmp_key(SSL *s) { - uint16_t curve_id; - EC_KEY *ec = s->cert->ecdh_tmp; - - if (s->cert->ecdh_tmp_auto) { - /* Need a shared curve */ - return tls1_get_shared_curve(s) != NID_undef; + if (s->cert->ecdh_nid != NID_undef) { + /* If the curve is preconfigured, ECDH is acceptable iff the peer supports + * the curve. */ + uint16_t curve_id; + return tls1_ec_nid2curve_id(&curve_id, s->cert->ecdh_nid) && + tls1_check_curve_id(s, curve_id); } - if (!ec) { - if (s->cert->ecdh_tmp_cb) { - return 1; - } - return 0; + if (s->cert->ecdh_tmp_cb != NULL) { + /* Assume the callback will provide an acceptable curve. */ + return 1; } - return tls1_curve_params_from_ec_key(&curve_id, NULL, ec) && - tls1_check_curve_id(s, curve_id); + /* Otherwise, the curve gets selected automatically. ECDH is acceptable iff + * there is a shared curve. */ + return tls1_get_shared_curve(s) != NID_undef; } /* List of supported signature algorithms and hashes. Should make this @@ -803,7 +812,7 @@ uint8_t *ssl_add_clienthello_tlsext(SSL *s, uint8_t *buf, uint8_t *limit, if (s->version >= TLS1_VERSION || SSL_IS_DTLS(s)) { size_t i; - unsigned long alg_k, alg_a; + uint32_t alg_k, alg_a; STACK_OF(SSL_CIPHER) *cipher_stack = SSL_get_ciphers(s); for (i = 0; i < sk_SSL_CIPHER_num(cipher_stack); i++) { @@ -811,7 +820,7 @@ uint8_t *ssl_add_clienthello_tlsext(SSL *s, uint8_t *buf, uint8_t *limit, alg_k = c->algorithm_mkey; alg_a = c->algorithm_auth; - if ((alg_k & SSL_kEECDH) || (alg_a & SSL_aECDSA)) { + if ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) { using_ecc = 1; break; } @@ -1117,9 +1126,9 @@ uint8_t *ssl_add_serverhello_tlsext(SSL *s, uint8_t *buf, uint8_t *limit) { uint8_t *orig = buf; uint8_t *ret = buf; int next_proto_neg_seen; - unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; - unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; - int using_ecc = (alg_k & SSL_kEECDH) || (alg_a & SSL_aECDSA); + uint32_t alg_k = s->s3->tmp.new_cipher->algorithm_mkey; + uint32_t alg_a = s->s3->tmp.new_cipher->algorithm_auth; + int using_ecc = (alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA); using_ecc = using_ecc && (s->s3->tmp.peer_ecpointformatlist != NULL); /* don't add extensions for SSLv3, unless doing secure renegotiation */ @@ -1331,9 +1340,7 @@ static int tls1_alpn_handle_client_hello(SSL *s, CBS *cbs, int *out_alert) { s, &selected, &selected_len, CBS_data(&protocol_name_list), CBS_len(&protocol_name_list), s->ctx->alpn_select_cb_arg); if (r == SSL_TLSEXT_ERR_OK) { - if (s->s3->alpn_selected) { - OPENSSL_free(s->s3->alpn_selected); - } + OPENSSL_free(s->s3->alpn_selected); s->s3->alpn_selected = BUF_memdup(selected, selected_len); if (!s->s3->alpn_selected) { *out_alert = SSL_AD_INTERNAL_ERROR; @@ -1359,35 +1366,27 @@ static int ssl_scan_clienthello_tlsext(SSL *s, CBS *cbs, int *out_alert) { s->s3->tmp.certificate_status_expected = 0; s->s3->tmp.extended_master_secret = 0; - if (s->s3->alpn_selected) { - OPENSSL_free(s->s3->alpn_selected); - s->s3->alpn_selected = NULL; - } + OPENSSL_free(s->s3->alpn_selected); + s->s3->alpn_selected = NULL; /* Clear any signature algorithms extension received */ - if (s->cert->peer_sigalgs) { - OPENSSL_free(s->cert->peer_sigalgs); - s->cert->peer_sigalgs = NULL; - } + OPENSSL_free(s->cert->peer_sigalgs); + s->cert->peer_sigalgs = NULL; + s->cert->peer_sigalgslen = 0; /* Clear any shared signature algorithms */ - if (s->cert->shared_sigalgs) { - OPENSSL_free(s->cert->shared_sigalgs); - s->cert->shared_sigalgs = NULL; - } + OPENSSL_free(s->cert->shared_sigalgs); + s->cert->shared_sigalgs = NULL; + s->cert->shared_sigalgslen = 0; /* Clear ECC extensions */ - if (s->s3->tmp.peer_ecpointformatlist != 0) { - OPENSSL_free(s->s3->tmp.peer_ecpointformatlist); - s->s3->tmp.peer_ecpointformatlist = NULL; - s->s3->tmp.peer_ecpointformatlist_length = 0; - } + OPENSSL_free(s->s3->tmp.peer_ecpointformatlist); + s->s3->tmp.peer_ecpointformatlist = NULL; + s->s3->tmp.peer_ecpointformatlist_length = 0; - if (s->s3->tmp.peer_ellipticcurvelist != 0) { - OPENSSL_free(s->s3->tmp.peer_ellipticcurvelist); - s->s3->tmp.peer_ellipticcurvelist = NULL; - s->s3->tmp.peer_ellipticcurvelist_length = 0; - } + OPENSSL_free(s->s3->tmp.peer_ellipticcurvelist); + s->s3->tmp.peer_ellipticcurvelist = NULL; + s->s3->tmp.peer_ellipticcurvelist_length = 0; /* There may be no extensions. */ if (CBS_len(cbs) == 0) { @@ -1412,11 +1411,6 @@ static int ssl_scan_clienthello_tlsext(SSL *s, CBS *cbs, int *out_alert) { return 0; } - if (s->tlsext_debug_cb) { - s->tlsext_debug_cb(s, 0, type, (uint8_t *)CBS_data(&extension), - CBS_len(&extension), s->tlsext_debug_arg); - } - /* The servername extension is treated as follows: - Only the hostname type is supported with a maximum length of 255. @@ -1529,10 +1523,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, CBS *cbs, int *out_alert) { return 0; } - if (s->s3->tmp.peer_ellipticcurvelist) { - OPENSSL_free(s->s3->tmp.peer_ellipticcurvelist); - s->s3->tmp.peer_ellipticcurvelist_length = 0; - } + OPENSSL_free(s->s3->tmp.peer_ellipticcurvelist); + s->s3->tmp.peer_ellipticcurvelist_length = 0; s->s3->tmp.peer_ellipticcurvelist = (uint16_t *)OPENSSL_malloc(CBS_len(&elliptic_curve_list)); @@ -1586,7 +1578,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, CBS *cbs, int *out_alert) { } /* If sigalgs received and no shared algorithms fatal error. */ if (s->cert->peer_sigalgs && !s->cert->shared_sigalgs) { - OPENSSL_PUT_ERROR(SSL, ssl_add_serverhello_tlsext, + OPENSSL_PUT_ERROR(SSL, ssl_scan_clienthello_tlsext, SSL_R_NO_SHARED_SIGATURE_ALGORITHMS); *out_alert = SSL_AD_ILLEGAL_PARAMETER; return 0; @@ -1714,17 +1706,13 @@ static int ssl_scan_serverhello_tlsext(SSL *s, CBS *cbs, int *out_alert) { s->s3->tmp.extended_master_secret = 0; s->srtp_profile = NULL; - if (s->s3->alpn_selected) { - OPENSSL_free(s->s3->alpn_selected); - s->s3->alpn_selected = NULL; - } + OPENSSL_free(s->s3->alpn_selected); + s->s3->alpn_selected = NULL; /* Clear ECC extensions */ - if (s->s3->tmp.peer_ecpointformatlist != 0) { - OPENSSL_free(s->s3->tmp.peer_ecpointformatlist); - s->s3->tmp.peer_ecpointformatlist = NULL; - s->s3->tmp.peer_ecpointformatlist_length = 0; - } + OPENSSL_free(s->s3->tmp.peer_ecpointformatlist); + s->s3->tmp.peer_ecpointformatlist = NULL; + s->s3->tmp.peer_ecpointformatlist_length = 0; /* There may be no extensions. */ if (CBS_len(cbs) == 0) { @@ -1749,11 +1737,6 @@ static int ssl_scan_serverhello_tlsext(SSL *s, CBS *cbs, int *out_alert) { return 0; } - if (s->tlsext_debug_cb) { - s->tlsext_debug_cb(s, 1, type, (uint8_t *)CBS_data(&extension), - CBS_len(&extension), s->tlsext_debug_arg); - } - if (type == TLSEXT_TYPE_server_name) { /* The extension must be empty. */ if (CBS_len(&extension) != 0) { @@ -1987,9 +1970,9 @@ static int ssl_check_serverhello_tlsext(SSL *s) { /* If we are client and using an elliptic curve cryptography cipher suite, * then if server returns an EC point formats lists extension it must contain * uncompressed. */ - unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; - unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; - if (((alg_k & SSL_kEECDH) || (alg_a & SSL_aECDSA)) && + uint32_t alg_k = s->s3->tmp.new_cipher->algorithm_mkey; + uint32_t alg_a = s->s3->tmp.new_cipher->algorithm_auth; + if (((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) && !tls1_check_point_format(s, TLSEXT_ECPOINTFORMAT_uncompressed)) { OPENSSL_PUT_ERROR(SSL, ssl_check_serverhello_tlsext, SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST); @@ -2001,7 +1984,7 @@ static int ssl_check_serverhello_tlsext(SSL *s) { ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg); } else if (s->initial_ctx != NULL && - s->initial_ctx->tlsext_servername_callback != 0) { + s->initial_ctx->tlsext_servername_callback != 0) { ret = s->initial_ctx->tlsext_servername_callback( s, &al, s->initial_ctx->tlsext_servername_arg); } @@ -2133,8 +2116,11 @@ static int tls_decrypt_ticket(SSL *s, const uint8_t *etick, int eticklen, EVP_CIPHER_CTX ctx; SSL_CTX *tctx = s->initial_ctx; - /* Need at least keyname + iv + some encrypted data */ - if (eticklen < 48) { + /* Ensure there is room for the key name and the largest IV + * |tlsext_ticket_key_cb| may try to consume. The real limit may be lower, but + * the maximum IV length should be well under the minimum size for the + * session material and HMAC. */ + if (eticklen < 16 + EVP_MAX_IV_LENGTH) { return 2; } @@ -2143,7 +2129,8 @@ static int tls_decrypt_ticket(SSL *s, const uint8_t *etick, int eticklen, EVP_CIPHER_CTX_init(&ctx); if (tctx->tlsext_ticket_key_cb) { uint8_t *nctick = (uint8_t *)etick; - int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16, &ctx, &hctx, 0); + int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16, &ctx, &hctx, + 0 /* decrypt */); if (rv < 0) { return -1; } @@ -2168,13 +2155,13 @@ static int tls_decrypt_ticket(SSL *s, const uint8_t *etick, int eticklen, } } - /* Attempt to process session ticket, first conduct sanity and integrity - * checks on ticket. */ + /* First, check the MAC. The MAC is at the end of the ticket. */ mlen = HMAC_size(&hctx); - if (mlen < 0) { + if ((size_t) eticklen < 16 + EVP_CIPHER_CTX_iv_length(&ctx) + 1 + mlen) { + /* The ticket must be large enough for key name, IV, data, and MAC. */ HMAC_CTX_cleanup(&hctx); EVP_CIPHER_CTX_cleanup(&ctx); - return -1; + return 2; } eticklen -= mlen; /* Check HMAC of encrypted ticket */ @@ -2407,10 +2394,9 @@ static int tls1_set_shared_sigalgs(SSL *s) { TLS_SIGALGS *salgs = NULL; CERT *c = s->cert; - if (c->shared_sigalgs) { - OPENSSL_free(c->shared_sigalgs); - c->shared_sigalgs = NULL; - } + OPENSSL_free(c->shared_sigalgs); + c->shared_sigalgs = NULL; + c->shared_sigalgslen = 0; /* If client use client signature algorithms if not NULL */ if (!s->server && c->client_sigalgs) { @@ -2460,21 +2446,12 @@ int tls1_process_sigalgs(SSL *s, const CBS *sigalgs) { return 1; } - /* Length must be even */ - if (CBS_len(sigalgs) % 2 != 0) { - return 0; - } - - /* Should never happen */ - if (!c) { - return 0; - } - - if (!CBS_stow(sigalgs, &c->peer_sigalgs, &c->peer_sigalgslen)) { + if (CBS_len(sigalgs) % 2 != 0 || + !CBS_stow(sigalgs, &c->peer_sigalgs, &c->peer_sigalgslen) || + !tls1_set_shared_sigalgs(s)) { return 0; } - tls1_set_shared_sigalgs(s); return 1; } @@ -2583,7 +2560,10 @@ int tls1_channel_id_hash(EVP_MD_CTX *md, SSL *s) { if (s->s3->handshake_dgst[i] == NULL) { continue; } - EVP_MD_CTX_copy_ex(&ctx, s->s3->handshake_dgst[i]); + if (!EVP_MD_CTX_copy_ex(&ctx, s->s3->handshake_dgst[i])) { + EVP_MD_CTX_cleanup(&ctx); + return 0; + } EVP_DigestFinal_ex(&ctx, temp_digest, &temp_digest_len); EVP_DigestUpdate(md, temp_digest, temp_digest_len); } @@ -2650,15 +2630,11 @@ int tls1_set_sigalgs(CERT *c, const int *psig_nids, size_t salglen, } if (client) { - if (c->client_sigalgs) { - OPENSSL_free(c->client_sigalgs); - } + OPENSSL_free(c->client_sigalgs); c->client_sigalgs = sigalgs; c->client_sigalgslen = salglen; } else { - if (c->conf_sigalgs) { - OPENSSL_free(c->conf_sigalgs); - } + OPENSSL_free(c->conf_sigalgs); c->conf_sigalgs = sigalgs; c->conf_sigalgslen = salglen; } diff --git a/src/ssl/t1_reneg.c b/src/ssl/t1_reneg.c index 2d9fbc0..d0009c1 100644 --- a/src/ssl/t1_reneg.c +++ b/src/ssl/t1_reneg.c @@ -106,14 +106,14 @@ * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). */ -#include #include +#include +#include #include -#include #include -#include "ssl_locl.h" +#include "internal.h" /* Add the client's renegotiation binding */ @@ -170,8 +170,7 @@ int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len, int maxlen) { if (p) { if (s->s3->previous_client_finished_len + - s->s3->previous_server_finished_len + 1 > - maxlen) { + s->s3->previous_server_finished_len + 1 > maxlen) { OPENSSL_PUT_ERROR(SSL, ssl_add_serverhello_renegotiate_ext, SSL_R_RENEGOTIATE_EXT_TOO_LONG); return 0; diff --git a/src/ssl/test/CMakeLists.txt b/src/ssl/test/CMakeLists.txt index 9992360..a0d7a5e 100644 --- a/src/ssl/test/CMakeLists.txt +++ b/src/ssl/test/CMakeLists.txt @@ -11,6 +11,3 @@ add_executable( ) target_link_libraries(bssl_shim ssl crypto) -if (NOT APPLE AND NOT WIN32) - target_link_libraries(bssl_shim dl) -endif() diff --git a/src/ssl/test/async_bio.cc b/src/ssl/test/async_bio.cc index c007ffa..0534845 100644 --- a/src/ssl/test/async_bio.cc +++ b/src/ssl/test/async_bio.cc @@ -22,23 +22,23 @@ namespace { -extern const BIO_METHOD async_bio_method; +extern const BIO_METHOD g_async_bio_method; -struct async_bio { +struct AsyncBio { bool datagram; size_t read_quota; size_t write_quota; }; -async_bio *get_data(BIO *bio) { - if (bio->method != &async_bio_method) { +AsyncBio *GetData(BIO *bio) { + if (bio->method != &g_async_bio_method) { return NULL; } - return (async_bio *)bio->ptr; + return (AsyncBio *)bio->ptr; } -static int async_write(BIO *bio, const char *in, int inl) { - async_bio *a = get_data(bio); +static int AsyncWrite(BIO *bio, const char *in, int inl) { + AsyncBio *a = GetData(bio); if (a == NULL || bio->next_bio == NULL) { return 0; } @@ -69,8 +69,8 @@ static int async_write(BIO *bio, const char *in, int inl) { return ret; } -static int async_read(BIO *bio, char *out, int outl) { - async_bio *a = get_data(bio); +static int AsyncRead(BIO *bio, char *out, int outl) { + AsyncBio *a = GetData(bio); if (a == NULL || bio->next_bio == NULL) { return 0; } @@ -95,7 +95,7 @@ static int async_read(BIO *bio, char *out, int outl) { return ret; } -static long async_ctrl(BIO *bio, int cmd, long num, void *ptr) { +static long AsyncCtrl(BIO *bio, int cmd, long num, void *ptr) { if (bio->next_bio == NULL) { return 0; } @@ -105,8 +105,8 @@ static long async_ctrl(BIO *bio, int cmd, long num, void *ptr) { return ret; } -static int async_new(BIO *bio) { - async_bio *a = (async_bio *)OPENSSL_malloc(sizeof(*a)); +static int AsyncNew(BIO *bio) { + AsyncBio *a = (AsyncBio *)OPENSSL_malloc(sizeof(*a)); if (a == NULL) { return 0; } @@ -116,7 +116,7 @@ static int async_new(BIO *bio) { return 1; } -static int async_free(BIO *bio) { +static int AsyncFree(BIO *bio) { if (bio == NULL) { return 0; } @@ -128,51 +128,51 @@ static int async_free(BIO *bio) { return 1; } -static long async_callback_ctrl(BIO *bio, int cmd, bio_info_cb fp) { +static long AsyncCallbackCtrl(BIO *bio, int cmd, bio_info_cb fp) { if (bio->next_bio == NULL) { return 0; } return BIO_callback_ctrl(bio->next_bio, cmd, fp); } -const BIO_METHOD async_bio_method = { +const BIO_METHOD g_async_bio_method = { BIO_TYPE_FILTER, "async bio", - async_write, - async_read, + AsyncWrite, + AsyncRead, NULL /* puts */, NULL /* gets */, - async_ctrl, - async_new, - async_free, - async_callback_ctrl, + AsyncCtrl, + AsyncNew, + AsyncFree, + AsyncCallbackCtrl, }; } // namespace -BIO *async_bio_create() { - return BIO_new(&async_bio_method); +ScopedBIO AsyncBioCreate() { + return ScopedBIO(BIO_new(&g_async_bio_method)); } -BIO *async_bio_create_datagram() { - BIO *ret = BIO_new(&async_bio_method); +ScopedBIO AsyncBioCreateDatagram() { + ScopedBIO ret(BIO_new(&g_async_bio_method)); if (!ret) { - return NULL; + return nullptr; } - get_data(ret)->datagram = true; + GetData(ret.get())->datagram = true; return ret; } -void async_bio_allow_read(BIO *bio, size_t count) { - async_bio *a = get_data(bio); +void AsyncBioAllowRead(BIO *bio, size_t count) { + AsyncBio *a = GetData(bio); if (a == NULL) { return; } a->read_quota += count; } -void async_bio_allow_write(BIO *bio, size_t count) { - async_bio *a = get_data(bio); +void AsyncBioAllowWrite(BIO *bio, size_t count) { + AsyncBio *a = GetData(bio); if (a == NULL) { return; } diff --git a/src/ssl/test/async_bio.h b/src/ssl/test/async_bio.h index 2904036..1ccdf9b 100644 --- a/src/ssl/test/async_bio.h +++ b/src/ssl/test/async_bio.h @@ -17,24 +17,26 @@ #include +#include "../../crypto/test/scoped_types.h" -// async_bio_create creates a filter BIO for testing asynchronous state + +// AsyncBioCreate creates a filter BIO for testing asynchronous state // machines which consume a stream socket. Reads and writes will fail // and return EAGAIN unless explicitly allowed. Each async BIO has a // read quota and a write quota. Initially both are zero. As each is // incremented, bytes are allowed to flow through the BIO. -BIO *async_bio_create(); +ScopedBIO AsyncBioCreate(); -// async_bio_create_datagram creates a filter BIO for testing for +// AsyncBioCreateDatagram creates a filter BIO for testing for // asynchronous state machines which consume datagram sockets. The read // and write quota count in packets rather than bytes. -BIO *async_bio_create_datagram(); +ScopedBIO AsyncBioCreateDatagram(); -// async_bio_allow_read increments |bio|'s read quota by |count|. -void async_bio_allow_read(BIO *bio, size_t count); +// AsyncBioAllowRead increments |bio|'s read quota by |count|. +void AsyncBioAllowRead(BIO *bio, size_t count); -// async_bio_allow_write increments |bio|'s write quota by |count|. -void async_bio_allow_write(BIO *bio, size_t count); +// AsyncBioAllowWrite increments |bio|'s write quota by |count|. +void AsyncBioAllowWrite(BIO *bio, size_t count); #endif // HEADER_ASYNC_BIO diff --git a/src/ssl/test/bssl_shim.cc b/src/ssl/test/bssl_shim.cc index 37891b9..1cf96f2 100644 --- a/src/ssl/test/bssl_shim.cc +++ b/src/ssl/test/bssl_shim.cc @@ -17,9 +17,19 @@ #if !defined(OPENSSL_WINDOWS) #include #include +#include #include #include +#include #include +#else +#include +#pragma warning(push, 3) +#include +#include +#pragma warning(pop) + +#pragma comment(lib, "Ws2_32.lib") #endif #include @@ -28,126 +38,198 @@ #include #include #include +#include #include +#include +#include + +#include "../../crypto/test/scoped_types.h" #include "async_bio.h" #include "packeted_bio.h" +#include "scoped_types.h" #include "test_config.h" -static int usage(const char *program) { - fprintf(stderr, "Usage: %s [flags...]\n", - program); + +#if !defined(OPENSSL_WINDOWS) +static int closesocket(int sock) { + return close(sock); +} + +static void PrintSocketError(const char *func) { + perror(func); +} +#else +static void PrintSocketError(const char *func) { + fprintf(stderr, "%s: %d\n", func, WSAGetLastError()); +} +#endif + +static int Usage(const char *program) { + fprintf(stderr, "Usage: %s [flags...]\n", program); return 1; } -static int g_ex_data_index = 0; +struct TestState { + TestState() { + // MSVC cannot initialize these inline. + memset(&clock, 0, sizeof(clock)); + memset(&clock_delta, 0, sizeof(clock_delta)); + } + + // async_bio is async BIO which pauses reads and writes. + BIO *async_bio = nullptr; + // clock is the current time for the SSL connection. + timeval clock; + // clock_delta is how far the clock advanced in the most recent failed + // |BIO_read|. + timeval clock_delta; + ScopedEVP_PKEY channel_id; + bool cert_ready = false; + ScopedSSL_SESSION session; + ScopedSSL_SESSION pending_session; + bool early_callback_called = false; + bool handshake_done = false; +}; + +static void TestStateExFree(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int index, long argl, void *argp) { + delete ((TestState *)ptr); +} + +static int g_config_index = 0; +static int g_state_index = 0; static bool SetConfigPtr(SSL *ssl, const TestConfig *config) { - return SSL_set_ex_data(ssl, g_ex_data_index, (void *)config) == 1; + return SSL_set_ex_data(ssl, g_config_index, (void *)config) == 1; } -static const TestConfig *GetConfigPtr(SSL *ssl) { - return (const TestConfig *)SSL_get_ex_data(ssl, g_ex_data_index); +static const TestConfig *GetConfigPtr(const SSL *ssl) { + return (const TestConfig *)SSL_get_ex_data(ssl, g_config_index); } -static EVP_PKEY *LoadPrivateKey(const std::string &file) { - BIO *bio = BIO_new(BIO_s_file()); - if (bio == NULL) { - return NULL; +static bool SetTestState(SSL *ssl, std::unique_ptr async) { + if (SSL_set_ex_data(ssl, g_state_index, (void *)async.get()) == 1) { + async.release(); + return true; } - if (!BIO_read_filename(bio, file.c_str())) { - BIO_free(bio); - return NULL; + return false; +} + +static TestState *GetTestState(const SSL *ssl) { + return (TestState *)SSL_get_ex_data(ssl, g_state_index); +} + +static ScopedEVP_PKEY LoadPrivateKey(const std::string &file) { + ScopedBIO bio(BIO_new(BIO_s_file())); + if (!bio || !BIO_read_filename(bio.get(), file.c_str())) { + return nullptr; } - EVP_PKEY *pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL); - BIO_free(bio); + ScopedEVP_PKEY pkey(PEM_read_bio_PrivateKey(bio.get(), NULL, NULL, NULL)); return pkey; } -static int early_callback_called = 0; - -static int select_certificate_callback(const struct ssl_early_callback_ctx *ctx) { - early_callback_called = 1; +static bool InstallCertificate(SSL *ssl) { + const TestConfig *config = GetConfigPtr(ssl); + if (!config->key_file.empty() && + !SSL_use_PrivateKey_file(ssl, config->key_file.c_str(), + SSL_FILETYPE_PEM)) { + return false; + } + if (!config->cert_file.empty() && + !SSL_use_certificate_file(ssl, config->cert_file.c_str(), + SSL_FILETYPE_PEM)) { + return false; + } + return true; +} +static int SelectCertificateCallback(const struct ssl_early_callback_ctx *ctx) { const TestConfig *config = GetConfigPtr(ctx->ssl); + GetTestState(ctx->ssl)->early_callback_called = true; - if (config->expected_server_name.empty()) { - return 1; - } + if (!config->expected_server_name.empty()) { + const uint8_t *extension_data; + size_t extension_len; + CBS extension, server_name_list, host_name; + uint8_t name_type; + + if (!SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_server_name, + &extension_data, + &extension_len)) { + fprintf(stderr, "Could not find server_name extension.\n"); + return -1; + } - const uint8_t *extension_data; - size_t extension_len; - CBS extension, server_name_list, host_name; - uint8_t name_type; + CBS_init(&extension, extension_data, extension_len); + if (!CBS_get_u16_length_prefixed(&extension, &server_name_list) || + CBS_len(&extension) != 0 || + !CBS_get_u8(&server_name_list, &name_type) || + name_type != TLSEXT_NAMETYPE_host_name || + !CBS_get_u16_length_prefixed(&server_name_list, &host_name) || + CBS_len(&server_name_list) != 0) { + fprintf(stderr, "Could not decode server_name extension.\n"); + return -1; + } - if (!SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_server_name, - &extension_data, - &extension_len)) { - fprintf(stderr, "Could not find server_name extension.\n"); - return -1; + if (!CBS_mem_equal(&host_name, + (const uint8_t*)config->expected_server_name.data(), + config->expected_server_name.size())) { + fprintf(stderr, "Server name mismatch.\n"); + } } - CBS_init(&extension, extension_data, extension_len); - if (!CBS_get_u16_length_prefixed(&extension, &server_name_list) || - CBS_len(&extension) != 0 || - !CBS_get_u8(&server_name_list, &name_type) || - name_type != TLSEXT_NAMETYPE_host_name || - !CBS_get_u16_length_prefixed(&server_name_list, &host_name) || - CBS_len(&server_name_list) != 0) { - fprintf(stderr, "Could not decode server_name extension.\n"); + if (config->fail_early_callback) { return -1; } - if (!CBS_mem_equal(&host_name, - (const uint8_t*)config->expected_server_name.data(), - config->expected_server_name.size())) { - fprintf(stderr, "Server name mismatch.\n"); + // Install the certificate in the early callback. + if (config->use_early_callback) { + if (config->async) { + // Install the certificate asynchronously. + return 0; + } + if (!InstallCertificate(ctx->ssl)) { + return -1; + } } - return 1; } -static int skip_verify(int preverify_ok, X509_STORE_CTX *store_ctx) { +static int SkipVerify(int preverify_ok, X509_STORE_CTX *store_ctx) { return 1; } -static int next_protos_advertised_callback(SSL *ssl, - const uint8_t **out, - unsigned int *out_len, - void *arg) { +static int NextProtosAdvertisedCallback(SSL *ssl, const uint8_t **out, + unsigned int *out_len, void *arg) { const TestConfig *config = GetConfigPtr(ssl); - if (config->advertise_npn.empty()) + if (config->advertise_npn.empty()) { return SSL_TLSEXT_ERR_NOACK; + } *out = (const uint8_t*)config->advertise_npn.data(); *out_len = config->advertise_npn.size(); return SSL_TLSEXT_ERR_OK; } -static int next_proto_select_callback(SSL* ssl, - uint8_t** out, - uint8_t* outlen, - const uint8_t* in, - unsigned inlen, - void* arg) { +static int NextProtoSelectCallback(SSL* ssl, uint8_t** out, uint8_t* outlen, + const uint8_t* in, unsigned inlen, void* arg) { const TestConfig *config = GetConfigPtr(ssl); - if (config->select_next_proto.empty()) + if (config->select_next_proto.empty()) { return SSL_TLSEXT_ERR_NOACK; + } *out = (uint8_t*)config->select_next_proto.data(); *outlen = config->select_next_proto.size(); return SSL_TLSEXT_ERR_OK; } -static int alpn_select_callback(SSL* ssl, - const uint8_t** out, - uint8_t* outlen, - const uint8_t* in, - unsigned inlen, - void* arg) { +static int AlpnSelectCallback(SSL* ssl, const uint8_t** out, uint8_t* outlen, + const uint8_t* in, unsigned inlen, void* arg) { const TestConfig *config = GetConfigPtr(ssl); - if (config->select_alpn.empty()) + if (config->select_alpn.empty()) { return SSL_TLSEXT_ERR_NOACK; + } if (!config->expected_advertised_alpn.empty() && (config->expected_advertised_alpn.size() != inlen || @@ -162,34 +244,10 @@ static int alpn_select_callback(SSL* ssl, return SSL_TLSEXT_ERR_OK; } -static int cookie_generate_callback(SSL *ssl, uint8_t *cookie, size_t *cookie_len) { - if (*cookie_len < 32) { - fprintf(stderr, "Insufficient space for cookie\n"); - return 0; - } - *cookie_len = 32; - memset(cookie, 42, *cookie_len); - return 1; -} - -static int cookie_verify_callback(SSL *ssl, const uint8_t *cookie, size_t cookie_len) { - if (cookie_len != 32) { - fprintf(stderr, "Cookie length mismatch.\n"); - return 0; - } - for (size_t i = 0; i < cookie_len; i++) { - if (cookie[i] != 42) { - fprintf(stderr, "Cookie mismatch.\n"); - return 0; - } - } - return 1; -} - -static unsigned psk_client_callback(SSL *ssl, const char *hint, - char *out_identity, - unsigned max_identity_len, - uint8_t *out_psk, unsigned max_psk_len) { +static unsigned PskClientCallback(SSL *ssl, const char *hint, + char *out_identity, + unsigned max_identity_len, + uint8_t *out_psk, unsigned max_psk_len) { const TestConfig *config = GetConfigPtr(ssl); if (strcmp(hint ? hint : "", config->psk_identity.c_str()) != 0) { @@ -210,8 +268,8 @@ static unsigned psk_client_callback(SSL *ssl, const char *hint, return config->psk.size(); } -static unsigned psk_server_callback(SSL *ssl, const char *identity, - uint8_t *out_psk, unsigned max_psk_len) { +static unsigned PskServerCallback(SSL *ssl, const char *identity, + uint8_t *out_psk, unsigned max_psk_len) { const TestConfig *config = GetConfigPtr(ssl); if (strcmp(identity, config->psk_identity.c_str()) != 0) { @@ -228,13 +286,124 @@ static unsigned psk_server_callback(SSL *ssl, const char *identity, return config->psk.size(); } -static SSL_CTX *setup_ctx(const TestConfig *config) { - SSL_CTX *ssl_ctx = NULL; - DH *dh = NULL; +static void CurrentTimeCallback(const SSL *ssl, timeval *out_clock) { + *out_clock = GetTestState(ssl)->clock; +} - ssl_ctx = SSL_CTX_new(config->is_dtls ? DTLS_method() : TLS_method()); - if (ssl_ctx == NULL) { - goto err; +static void ChannelIdCallback(SSL *ssl, EVP_PKEY **out_pkey) { + *out_pkey = GetTestState(ssl)->channel_id.release(); +} + +static int CertCallback(SSL *ssl, void *arg) { + if (!GetTestState(ssl)->cert_ready) { + return -1; + } + if (!InstallCertificate(ssl)) { + return 0; + } + return 1; +} + +static SSL_SESSION *GetSessionCallback(SSL *ssl, uint8_t *data, int len, + int *copy) { + TestState *async_state = GetTestState(ssl); + if (async_state->session) { + *copy = 0; + return async_state->session.release(); + } else if (async_state->pending_session) { + return SSL_magic_pending_session_ptr(); + } else { + return NULL; + } +} + +static int DDoSCallback(const struct ssl_early_callback_ctx *early_context) { + const TestConfig *config = GetConfigPtr(early_context->ssl); + static int callback_num = 0; + + callback_num++; + if (config->fail_ddos_callback || + (config->fail_second_ddos_callback && callback_num == 2)) { + return 0; + } + return 1; +} + +static void InfoCallback(const SSL *ssl, int type, int val) { + if (type == SSL_CB_HANDSHAKE_DONE) { + if (GetConfigPtr(ssl)->handshake_never_done) { + fprintf(stderr, "handshake completed\n"); + // Abort before any expected error code is printed, to ensure the overall + // test fails. + abort(); + } + GetTestState(ssl)->handshake_done = true; + } +} + +// Connect returns a new socket connected to localhost on |port| or -1 on +// error. +static int Connect(uint16_t port) { + int sock = socket(AF_INET, SOCK_STREAM, 0); + if (sock == -1) { + PrintSocketError("socket"); + return -1; + } + int nodelay = 1; + if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, + reinterpret_cast(&nodelay), sizeof(nodelay)) != 0) { + PrintSocketError("setsockopt"); + closesocket(sock); + return -1; + } + sockaddr_in sin; + memset(&sin, 0, sizeof(sin)); + sin.sin_family = AF_INET; + sin.sin_port = htons(port); + if (!inet_pton(AF_INET, "127.0.0.1", &sin.sin_addr)) { + PrintSocketError("inet_pton"); + closesocket(sock); + return -1; + } + if (connect(sock, reinterpret_cast(&sin), + sizeof(sin)) != 0) { + PrintSocketError("connect"); + closesocket(sock); + return -1; + } + return sock; +} + +class SocketCloser { + public: + explicit SocketCloser(int sock) : sock_(sock) {} + ~SocketCloser() { + // Half-close and drain the socket before releasing it. This seems to be + // necessary for graceful shutdown on Windows. It will also avoid write + // failures in the test runner. +#if defined(OPENSSL_WINDOWS) + shutdown(sock_, SD_SEND); +#else + shutdown(sock_, SHUT_WR); +#endif + while (true) { + char buf[1024]; + if (recv(sock_, buf, sizeof(buf), 0) <= 0) { + break; + } + } + closesocket(sock_); + } + + private: + const int sock_; +}; + +static ScopedSSL_CTX SetupCtx(const TestConfig *config) { + ScopedSSL_CTX ssl_ctx(SSL_CTX_new( + config->is_dtls ? DTLS_method() : TLS_method())); + if (!ssl_ctx) { + return nullptr; } if (config->is_dtls) { @@ -242,376 +411,473 @@ static SSL_CTX *setup_ctx(const TestConfig *config) { // // TODO(davidben): this should not be necessary. DTLS code should only // expect a datagram BIO. - SSL_CTX_set_read_ahead(ssl_ctx, 1); + SSL_CTX_set_read_ahead(ssl_ctx.get(), 1); } - if (!SSL_CTX_set_ecdh_auto(ssl_ctx, 1)) { - goto err; + if (!SSL_CTX_set_cipher_list(ssl_ctx.get(), "ALL")) { + return nullptr; } - if (!SSL_CTX_set_cipher_list(ssl_ctx, "ALL")) { - goto err; + ScopedDH dh(DH_get_2048_256(NULL)); + if (!dh || !SSL_CTX_set_tmp_dh(ssl_ctx.get(), dh.get())) { + return nullptr; } - dh = DH_get_2048_256(NULL); - if (dh == NULL || - !SSL_CTX_set_tmp_dh(ssl_ctx, dh)) { - goto err; + if (config->async && config->is_server) { + // Disable the internal session cache. To test asynchronous session lookup, + // we use an external session cache. + SSL_CTX_set_session_cache_mode( + ssl_ctx.get(), SSL_SESS_CACHE_BOTH | SSL_SESS_CACHE_NO_INTERNAL); + SSL_CTX_sess_set_get_cb(ssl_ctx.get(), GetSessionCallback); + } else { + SSL_CTX_set_session_cache_mode(ssl_ctx.get(), SSL_SESS_CACHE_BOTH); } - SSL_CTX_set_session_cache_mode(ssl_ctx, SSL_SESS_CACHE_BOTH); - - ssl_ctx->select_certificate_cb = select_certificate_callback; + ssl_ctx->select_certificate_cb = SelectCertificateCallback; SSL_CTX_set_next_protos_advertised_cb( - ssl_ctx, next_protos_advertised_callback, NULL); + ssl_ctx.get(), NextProtosAdvertisedCallback, NULL); if (!config->select_next_proto.empty()) { - SSL_CTX_set_next_proto_select_cb(ssl_ctx, next_proto_select_callback, NULL); + SSL_CTX_set_next_proto_select_cb(ssl_ctx.get(), NextProtoSelectCallback, + NULL); } if (!config->select_alpn.empty()) { - SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_callback, NULL); + SSL_CTX_set_alpn_select_cb(ssl_ctx.get(), AlpnSelectCallback, NULL); } - SSL_CTX_set_cookie_generate_cb(ssl_ctx, cookie_generate_callback); - SSL_CTX_set_cookie_verify_cb(ssl_ctx, cookie_verify_callback); - ssl_ctx->tlsext_channel_id_enabled_new = 1; + SSL_CTX_set_channel_id_cb(ssl_ctx.get(), ChannelIdCallback); - DH_free(dh); - return ssl_ctx; + ssl_ctx->current_time_cb = CurrentTimeCallback; - err: - if (dh != NULL) { - DH_free(dh); - } - if (ssl_ctx != NULL) { - SSL_CTX_free(ssl_ctx); - } - return NULL; + SSL_CTX_set_info_callback(ssl_ctx.get(), InfoCallback); + + return ssl_ctx; } -static int retry_async(SSL *ssl, int ret, BIO *bio) { +// RetryAsync is called after a failed operation on |ssl| with return code +// |ret|. If the operation should be retried, it simulates one asynchronous +// event and returns true. Otherwise it returns false. +static bool RetryAsync(SSL *ssl, int ret) { // No error; don't retry. if (ret >= 0) { - return 0; + return false; + } + + TestState *test_state = GetTestState(ssl); + if (test_state->clock_delta.tv_usec != 0 || + test_state->clock_delta.tv_sec != 0) { + // Process the timeout and retry. + test_state->clock.tv_usec += test_state->clock_delta.tv_usec; + test_state->clock.tv_sec += test_state->clock.tv_usec / 1000000; + test_state->clock.tv_usec %= 1000000; + test_state->clock.tv_sec += test_state->clock_delta.tv_sec; + memset(&test_state->clock_delta, 0, sizeof(test_state->clock_delta)); + + if (DTLSv1_handle_timeout(ssl) < 0) { + fprintf(stderr, "Error retransmitting.\n"); + return false; + } + return true; } + // See if we needed to read or write more. If so, allow one byte through on // the appropriate end to maximally stress the state machine. - int err = SSL_get_error(ssl, ret); - if (err == SSL_ERROR_WANT_READ) { - async_bio_allow_read(bio, 1); - return 1; - } else if (err == SSL_ERROR_WANT_WRITE) { - async_bio_allow_write(bio, 1); - return 1; + switch (SSL_get_error(ssl, ret)) { + case SSL_ERROR_WANT_READ: + AsyncBioAllowRead(test_state->async_bio, 1); + return true; + case SSL_ERROR_WANT_WRITE: + AsyncBioAllowWrite(test_state->async_bio, 1); + return true; + case SSL_ERROR_WANT_CHANNEL_ID_LOOKUP: { + ScopedEVP_PKEY pkey = LoadPrivateKey(GetConfigPtr(ssl)->send_channel_id); + if (!pkey) { + return false; + } + test_state->channel_id = std::move(pkey); + return true; + } + case SSL_ERROR_WANT_X509_LOOKUP: + test_state->cert_ready = true; + return true; + case SSL_ERROR_PENDING_SESSION: + test_state->session = std::move(test_state->pending_session); + return true; + case SSL_ERROR_PENDING_CERTIFICATE: + // The handshake will resume without a second call to the early callback. + return InstallCertificate(ssl); + default: + return false; } - return 0; } -static int do_exchange(SSL_SESSION **out_session, - SSL_CTX *ssl_ctx, - const TestConfig *config, - bool is_resume, - int fd, - SSL_SESSION *session) { - early_callback_called = 0; +// DoRead reads from |ssl|, resolving any asynchronous operations. It returns +// the result value of the final |SSL_read| call. +static int DoRead(SSL *ssl, uint8_t *out, size_t max_out) { + const TestConfig *config = GetConfigPtr(ssl); + int ret; + do { + ret = SSL_read(ssl, out, max_out); + } while (config->async && RetryAsync(ssl, ret)); + return ret; +} - SSL *ssl = SSL_new(ssl_ctx); - if (ssl == NULL) { - BIO_print_errors_fp(stdout); - return 1; - } +// WriteAll writes |in_len| bytes from |in| to |ssl|, resolving any asynchronous +// operations. It returns the result of the final |SSL_write| call. +static int WriteAll(SSL *ssl, const uint8_t *in, size_t in_len) { + const TestConfig *config = GetConfigPtr(ssl); + int ret; + do { + ret = SSL_write(ssl, in, in_len); + if (ret > 0) { + in += ret; + in_len -= ret; + } + } while ((config->async && RetryAsync(ssl, ret)) || (ret > 0 && in_len > 0)); + return ret; +} - if (!SetConfigPtr(ssl, config)) { - BIO_print_errors_fp(stdout); - return 1; +// DoExchange runs a test SSL exchange against the peer. On success, it returns +// true and sets |*out_session| to the negotiated SSL session. If the test is a +// resumption attempt, |is_resume| is true and |session| is the session from the +// previous exchange. +static bool DoExchange(ScopedSSL_SESSION *out_session, SSL_CTX *ssl_ctx, + const TestConfig *config, bool is_resume, + SSL_SESSION *session) { + ScopedSSL ssl(SSL_new(ssl_ctx)); + if (!ssl) { + return false; } - if (config->fallback_scsv) { - if (!SSL_enable_fallback_scsv(ssl)) { - BIO_print_errors_fp(stdout); - return 1; - } + if (!SetConfigPtr(ssl.get(), config) || + !SetTestState(ssl.get(), std::unique_ptr(new TestState))) { + return false; } - if (!config->key_file.empty()) { - if (!SSL_use_PrivateKey_file(ssl, config->key_file.c_str(), - SSL_FILETYPE_PEM)) { - BIO_print_errors_fp(stdout); - return 1; - } + + if (config->fallback_scsv && + !SSL_set_mode(ssl.get(), SSL_MODE_SEND_FALLBACK_SCSV)) { + return false; } - if (!config->cert_file.empty()) { - if (!SSL_use_certificate_file(ssl, config->cert_file.c_str(), - SSL_FILETYPE_PEM)) { - BIO_print_errors_fp(stdout); - return 1; + if (!config->use_early_callback) { + if (config->async) { + // TODO(davidben): Also test |s->ctx->client_cert_cb| on the client. + SSL_set_cert_cb(ssl.get(), CertCallback, NULL); + } else if (!InstallCertificate(ssl.get())) { + return false; } } if (config->require_any_client_certificate) { - SSL_set_verify(ssl, SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, - skip_verify); + SSL_set_verify(ssl.get(), SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, + SkipVerify); } if (config->false_start) { - SSL_set_mode(ssl, SSL_MODE_HANDSHAKE_CUTTHROUGH); + SSL_set_mode(ssl.get(), SSL_MODE_ENABLE_FALSE_START); } if (config->cbc_record_splitting) { - SSL_set_mode(ssl, SSL_MODE_CBC_RECORD_SPLITTING); + SSL_set_mode(ssl.get(), SSL_MODE_CBC_RECORD_SPLITTING); } if (config->partial_write) { - SSL_set_mode(ssl, SSL_MODE_ENABLE_PARTIAL_WRITE); + SSL_set_mode(ssl.get(), SSL_MODE_ENABLE_PARTIAL_WRITE); } if (config->no_tls12) { - SSL_set_options(ssl, SSL_OP_NO_TLSv1_2); + SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1_2); } if (config->no_tls11) { - SSL_set_options(ssl, SSL_OP_NO_TLSv1_1); + SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1_1); } if (config->no_tls1) { - SSL_set_options(ssl, SSL_OP_NO_TLSv1); + SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1); } if (config->no_ssl3) { - SSL_set_options(ssl, SSL_OP_NO_SSLv3); - } - if (config->cookie_exchange) { - SSL_set_options(ssl, SSL_OP_COOKIE_EXCHANGE); + SSL_set_options(ssl.get(), SSL_OP_NO_SSLv3); } if (config->tls_d5_bug) { - SSL_set_options(ssl, SSL_OP_TLS_D5_BUG); + SSL_set_options(ssl.get(), SSL_OP_TLS_D5_BUG); } if (config->allow_unsafe_legacy_renegotiation) { - SSL_set_options(ssl, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION); + SSL_set_options(ssl.get(), SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION); } if (!config->expected_channel_id.empty()) { - SSL_enable_tls_channel_id(ssl); + SSL_enable_tls_channel_id(ssl.get()); } if (!config->send_channel_id.empty()) { - EVP_PKEY *pkey = LoadPrivateKey(config->send_channel_id); - if (pkey == NULL) { - BIO_print_errors_fp(stdout); - return 1; - } - SSL_enable_tls_channel_id(ssl); - if (!SSL_set1_tls_channel_id(ssl, pkey)) { - EVP_PKEY_free(pkey); - BIO_print_errors_fp(stdout); - return 1; + SSL_enable_tls_channel_id(ssl.get()); + if (!config->async) { + // The async case will be supplied by |ChannelIdCallback|. + ScopedEVP_PKEY pkey = LoadPrivateKey(config->send_channel_id); + if (!pkey || !SSL_set1_tls_channel_id(ssl.get(), pkey.get())) { + return false; + } } - EVP_PKEY_free(pkey); } - if (!config->host_name.empty()) { - SSL_set_tlsext_host_name(ssl, config->host_name.c_str()); + if (!config->host_name.empty() && + !SSL_set_tlsext_host_name(ssl.get(), config->host_name.c_str())) { + return false; } - if (!config->advertise_alpn.empty()) { - SSL_set_alpn_protos(ssl, (const uint8_t *)config->advertise_alpn.data(), - config->advertise_alpn.size()); + if (!config->advertise_alpn.empty() && + SSL_set_alpn_protos(ssl.get(), + (const uint8_t *)config->advertise_alpn.data(), + config->advertise_alpn.size()) != 0) { + return false; } if (!config->psk.empty()) { - SSL_set_psk_client_callback(ssl, psk_client_callback); - SSL_set_psk_server_callback(ssl, psk_server_callback); + SSL_set_psk_client_callback(ssl.get(), PskClientCallback); + SSL_set_psk_server_callback(ssl.get(), PskServerCallback); } if (!config->psk_identity.empty() && - !SSL_use_psk_identity_hint(ssl, config->psk_identity.c_str())) { - BIO_print_errors_fp(stdout); - return 1; + !SSL_use_psk_identity_hint(ssl.get(), config->psk_identity.c_str())) { + return false; } if (!config->srtp_profiles.empty() && - !SSL_set_srtp_profiles(ssl, config->srtp_profiles.c_str())) { - BIO_print_errors_fp(stdout); - return 1; + !SSL_set_srtp_profiles(ssl.get(), config->srtp_profiles.c_str())) { + return false; } if (config->enable_ocsp_stapling && - !SSL_enable_ocsp_stapling(ssl)) { - BIO_print_errors_fp(stdout); - return 1; + !SSL_enable_ocsp_stapling(ssl.get())) { + return false; } if (config->enable_signed_cert_timestamps && - !SSL_enable_signed_cert_timestamps(ssl)) { - BIO_print_errors_fp(stdout); - return 1; + !SSL_enable_signed_cert_timestamps(ssl.get())) { + return false; } - SSL_enable_fastradio_padding(ssl, config->fastradio_padding); + SSL_enable_fastradio_padding(ssl.get(), config->fastradio_padding); if (config->min_version != 0) { - SSL_set_min_version(ssl, (uint16_t)config->min_version); + SSL_set_min_version(ssl.get(), (uint16_t)config->min_version); } if (config->max_version != 0) { - SSL_set_max_version(ssl, (uint16_t)config->max_version); + SSL_set_max_version(ssl.get(), (uint16_t)config->max_version); } if (config->mtu != 0) { - SSL_set_options(ssl, SSL_OP_NO_QUERY_MTU); - SSL_set_mtu(ssl, config->mtu); + SSL_set_options(ssl.get(), SSL_OP_NO_QUERY_MTU); + SSL_set_mtu(ssl.get(), config->mtu); + } + if (config->install_ddos_callback) { + SSL_CTX_set_dos_protection_cb(ssl_ctx, DDoSCallback); + } + if (!config->cipher.empty() && + !SSL_set_cipher_list(ssl.get(), config->cipher.c_str())) { + return false; + } + if (config->reject_peer_renegotiations) { + SSL_set_reject_peer_renegotiations(ssl.get(), 1); } - BIO *bio = BIO_new_fd(fd, 1 /* take ownership */); - if (bio == NULL) { - BIO_print_errors_fp(stdout); - return 1; + int sock = Connect(config->port); + if (sock == -1) { + return false; + } + SocketCloser closer(sock); + + ScopedBIO bio(BIO_new_socket(sock, BIO_NOCLOSE)); + if (!bio) { + return false; } if (config->is_dtls) { - BIO *packeted = packeted_bio_create(); - BIO_push(packeted, bio); - bio = packeted; + ScopedBIO packeted = + PacketedBioCreate(&GetTestState(ssl.get())->clock_delta); + BIO_push(packeted.get(), bio.release()); + bio = std::move(packeted); } if (config->async) { - BIO *async = - config->is_dtls ? async_bio_create_datagram() : async_bio_create(); - BIO_push(async, bio); - bio = async; + ScopedBIO async_scoped = + config->is_dtls ? AsyncBioCreateDatagram() : AsyncBioCreate(); + BIO_push(async_scoped.get(), bio.release()); + GetTestState(ssl.get())->async_bio = async_scoped.get(); + bio = std::move(async_scoped); } - SSL_set_bio(ssl, bio, bio); + SSL_set_bio(ssl.get(), bio.get(), bio.get()); + bio.release(); // SSL_set_bio takes ownership. if (session != NULL) { - if (SSL_set_session(ssl, session) != 1) { - fprintf(stderr, "failed to set session\n"); - return 2; + if (!config->is_server) { + if (SSL_set_session(ssl.get(), session) != 1) { + return false; + } + } else if (config->async) { + // The internal session cache is disabled, so install the session + // manually. + GetTestState(ssl.get())->pending_session.reset( + SSL_SESSION_up_ref(session)); } } int ret; - do { + if (config->implicit_handshake) { if (config->is_server) { - ret = SSL_accept(ssl); + SSL_set_accept_state(ssl.get()); } else { - ret = SSL_connect(ssl); + SSL_set_connect_state(ssl.get()); + } + } else { + do { + if (config->is_server) { + ret = SSL_accept(ssl.get()); + } else { + ret = SSL_connect(ssl.get()); + } + } while (config->async && RetryAsync(ssl.get(), ret)); + if (ret != 1) { + return false; } - } while (config->async && retry_async(ssl, ret, bio)); - if (ret != 1) { - SSL_free(ssl); - BIO_print_errors_fp(stdout); - return 2; - } - if (is_resume && (!!SSL_session_reused(ssl) == config->expect_session_miss)) { - fprintf(stderr, "session was%s reused\n", - SSL_session_reused(ssl) ? "" : " not"); - return 2; - } + if (is_resume && + (!!SSL_session_reused(ssl.get()) == config->expect_session_miss)) { + fprintf(stderr, "session was%s reused\n", + SSL_session_reused(ssl.get()) ? "" : " not"); + return false; + } - if (!config->expected_server_name.empty()) { - const char *server_name = - SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name); - if (server_name != config->expected_server_name) { - fprintf(stderr, "servername mismatch (got %s; want %s)\n", - server_name, config->expected_server_name.c_str()); - return 2; + bool expect_handshake_done = is_resume || !config->false_start; + if (expect_handshake_done != GetTestState(ssl.get())->handshake_done) { + fprintf(stderr, "handshake was%s completed\n", + GetTestState(ssl.get())->handshake_done ? "" : " not"); + return false; } - if (!early_callback_called) { + if (config->is_server && !GetTestState(ssl.get())->early_callback_called) { fprintf(stderr, "early callback not called\n"); - return 2; + return false; } - } - if (!config->expected_certificate_types.empty()) { - uint8_t *certificate_types; - int num_certificate_types = - SSL_get0_certificate_types(ssl, &certificate_types); - if (num_certificate_types != - (int)config->expected_certificate_types.size() || - memcmp(certificate_types, - config->expected_certificate_types.data(), - num_certificate_types) != 0) { - fprintf(stderr, "certificate types mismatch\n"); - return 2; + if (!config->expected_server_name.empty()) { + const char *server_name = + SSL_get_servername(ssl.get(), TLSEXT_NAMETYPE_host_name); + if (server_name != config->expected_server_name) { + fprintf(stderr, "servername mismatch (got %s; want %s)\n", + server_name, config->expected_server_name.c_str()); + return false; + } } - } - if (!config->expected_next_proto.empty()) { - const uint8_t *next_proto; - unsigned next_proto_len; - SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len); - if (next_proto_len != config->expected_next_proto.size() || - memcmp(next_proto, config->expected_next_proto.data(), - next_proto_len) != 0) { - fprintf(stderr, "negotiated next proto mismatch\n"); - return 2; + if (!config->expected_certificate_types.empty()) { + uint8_t *certificate_types; + int num_certificate_types = + SSL_get0_certificate_types(ssl.get(), &certificate_types); + if (num_certificate_types != + (int)config->expected_certificate_types.size() || + memcmp(certificate_types, + config->expected_certificate_types.data(), + num_certificate_types) != 0) { + fprintf(stderr, "certificate types mismatch\n"); + return false; + } } - } - if (!config->expected_alpn.empty()) { - const uint8_t *alpn_proto; - unsigned alpn_proto_len; - SSL_get0_alpn_selected(ssl, &alpn_proto, &alpn_proto_len); - if (alpn_proto_len != config->expected_alpn.size() || - memcmp(alpn_proto, config->expected_alpn.data(), - alpn_proto_len) != 0) { - fprintf(stderr, "negotiated alpn proto mismatch\n"); - return 2; + if (!config->expected_next_proto.empty()) { + const uint8_t *next_proto; + unsigned next_proto_len; + SSL_get0_next_proto_negotiated(ssl.get(), &next_proto, &next_proto_len); + if (next_proto_len != config->expected_next_proto.size() || + memcmp(next_proto, config->expected_next_proto.data(), + next_proto_len) != 0) { + fprintf(stderr, "negotiated next proto mismatch\n"); + return false; + } } - } - if (!config->expected_channel_id.empty()) { - uint8_t channel_id[64]; - if (!SSL_get_tls_channel_id(ssl, channel_id, sizeof(channel_id))) { - fprintf(stderr, "no channel id negotiated\n"); - return 2; + if (!config->expected_alpn.empty()) { + const uint8_t *alpn_proto; + unsigned alpn_proto_len; + SSL_get0_alpn_selected(ssl.get(), &alpn_proto, &alpn_proto_len); + if (alpn_proto_len != config->expected_alpn.size() || + memcmp(alpn_proto, config->expected_alpn.data(), + alpn_proto_len) != 0) { + fprintf(stderr, "negotiated alpn proto mismatch\n"); + return false; + } } - if (config->expected_channel_id.size() != 64 || - memcmp(config->expected_channel_id.data(), - channel_id, 64) != 0) { - fprintf(stderr, "channel id mismatch\n"); - return 2; + + if (!config->expected_channel_id.empty()) { + uint8_t channel_id[64]; + if (!SSL_get_tls_channel_id(ssl.get(), channel_id, sizeof(channel_id))) { + fprintf(stderr, "no channel id negotiated\n"); + return false; + } + if (config->expected_channel_id.size() != 64 || + memcmp(config->expected_channel_id.data(), + channel_id, 64) != 0) { + fprintf(stderr, "channel id mismatch\n"); + return false; + } } - } - if (config->expect_extended_master_secret) { - if (!ssl->session->extended_master_secret) { - fprintf(stderr, "No EMS for session when expected"); - return 2; + if (config->expect_extended_master_secret) { + if (!ssl->session->extended_master_secret) { + fprintf(stderr, "No EMS for session when expected"); + return false; + } } - } - if (!config->expected_ocsp_response.empty()) { - const uint8_t *data; - size_t len; - SSL_get0_ocsp_response(ssl, &data, &len); - if (config->expected_ocsp_response.size() != len || - memcmp(config->expected_ocsp_response.data(), data, len) != 0) { - fprintf(stderr, "OCSP response mismatch\n"); - return 2; + if (!config->expected_ocsp_response.empty()) { + const uint8_t *data; + size_t len; + SSL_get0_ocsp_response(ssl.get(), &data, &len); + if (config->expected_ocsp_response.size() != len || + memcmp(config->expected_ocsp_response.data(), data, len) != 0) { + fprintf(stderr, "OCSP response mismatch\n"); + return false; + } } - } - if (!config->expected_signed_cert_timestamps.empty()) { - const uint8_t *data; - size_t len; - SSL_get0_signed_cert_timestamp_list(ssl, &data, &len); - if (config->expected_signed_cert_timestamps.size() != len || - memcmp(config->expected_signed_cert_timestamps.data(), - data, len) != 0) { - fprintf(stderr, "SCT list mismatch\n"); - return 2; + if (!config->expected_signed_cert_timestamps.empty()) { + const uint8_t *data; + size_t len; + SSL_get0_signed_cert_timestamp_list(ssl.get(), &data, &len); + if (config->expected_signed_cert_timestamps.size() != len || + memcmp(config->expected_signed_cert_timestamps.data(), + data, len) != 0) { + fprintf(stderr, "SCT list mismatch\n"); + return false; + } } } if (config->renegotiate) { if (config->async) { - fprintf(stderr, "--renegotiate is not supported with --async.\n"); - return 2; + fprintf(stderr, "-renegotiate is not supported with -async.\n"); + return false; + } + if (config->implicit_handshake) { + fprintf(stderr, "-renegotiate is not supported with -implicit-handshake.\n"); + return false; } - SSL_renegotiate(ssl); + SSL_renegotiate(ssl.get()); - ret = SSL_do_handshake(ssl); + ret = SSL_do_handshake(ssl.get()); if (ret != 1) { - SSL_free(ssl); - BIO_print_errors_fp(stdout); - return 2; + return false; } - SSL_set_state(ssl, SSL_ST_ACCEPT); - ret = SSL_do_handshake(ssl); + SSL_set_state(ssl.get(), SSL_ST_ACCEPT); + ret = SSL_do_handshake(ssl.get()); if (ret != 1) { - SSL_free(ssl); - BIO_print_errors_fp(stdout); - return 2; + return false; + } + } + + if (config->export_keying_material > 0) { + std::vector result( + static_cast(config->export_keying_material)); + if (!SSL_export_keying_material( + ssl.get(), result.data(), result.size(), + config->export_label.data(), config->export_label.size(), + reinterpret_cast(config->export_context.data()), + config->export_context.size(), config->use_export_context)) { + fprintf(stderr, "failed to export keying material\n"); + return false; + } + if (WriteAll(ssl.get(), result.data(), result.size()) < 0) { + return false; } } if (config->write_different_record_sizes) { if (config->is_dtls) { fprintf(stderr, "write_different_record_sizes not supported for DTLS\n"); - return 6; + return false; } // This mode writes a number of different record sizes in an attempt to // trip up the CBC record splitting code. @@ -621,138 +887,123 @@ static int do_exchange(SSL_SESSION **out_session, 0, 1, 255, 256, 257, 16383, 16384, 16385, 32767, 32768, 32769}; for (size_t i = 0; i < sizeof(kRecordSizes) / sizeof(kRecordSizes[0]); i++) { - int w; const size_t len = kRecordSizes[i]; - size_t off = 0; - if (len > sizeof(buf)) { fprintf(stderr, "Bad kRecordSizes value.\n"); - return 5; + return false; } - - do { - w = SSL_write(ssl, buf + off, len - off); - if (w > 0) { - off += (size_t) w; - } - } while ((config->async && retry_async(ssl, w, bio)) || - (w > 0 && off < len)); - - if (w < 0 || off != len) { - SSL_free(ssl); - BIO_print_errors_fp(stdout); - return 4; + if (WriteAll(ssl.get(), buf, len) < 0) { + return false; } } } else { if (config->shim_writes_first) { - int w; - do { - w = SSL_write(ssl, "hello", 5); - } while (config->async && retry_async(ssl, w, bio)); + if (WriteAll(ssl.get(), reinterpret_cast("hello"), + 5) < 0) { + return false; + } } for (;;) { uint8_t buf[512]; - int n; - do { - n = SSL_read(ssl, buf, sizeof(buf)); - } while (config->async && retry_async(ssl, n, bio)); - int err = SSL_get_error(ssl, n); + int n = DoRead(ssl.get(), buf, sizeof(buf)); + int err = SSL_get_error(ssl.get(), n); if (err == SSL_ERROR_ZERO_RETURN || (n == 0 && err == SSL_ERROR_SYSCALL)) { if (n != 0) { fprintf(stderr, "Invalid SSL_get_error output\n"); - return 3; + return false; } - /* Accept shutdowns with or without close_notify. - * TODO(davidben): Write tests which distinguish these two cases. */ + // Accept shutdowns with or without close_notify. + // TODO(davidben): Write tests which distinguish these two cases. break; } else if (err != SSL_ERROR_NONE) { if (n > 0) { fprintf(stderr, "Invalid SSL_get_error output\n"); - return 3; + return false; } - SSL_free(ssl); - BIO_print_errors_fp(stdout); - return 3; + return false; } - /* Successfully read data. */ + // Successfully read data. if (n <= 0) { fprintf(stderr, "Invalid SSL_get_error output\n"); - return 3; + return false; } + + // After a successful read, with or without False Start, the handshake + // must be complete. + if (!GetTestState(ssl.get())->handshake_done) { + fprintf(stderr, "handshake was not completed after SSL_read\n"); + return false; + } + for (int i = 0; i < n; i++) { buf[i] ^= 0xff; } - int w; - do { - w = SSL_write(ssl, buf, n); - } while (config->async && retry_async(ssl, w, bio)); - if (w != n) { - SSL_free(ssl); - BIO_print_errors_fp(stdout); - return 4; + if (WriteAll(ssl.get(), buf, n) < 0) { + return false; } } } if (out_session) { - *out_session = SSL_get1_session(ssl); + out_session->reset(SSL_get1_session(ssl.get())); } - SSL_shutdown(ssl); - SSL_free(ssl); - return 0; + SSL_shutdown(ssl.get()); + return true; } int main(int argc, char **argv) { -#if !defined(OPENSSL_WINDOWS) +#if defined(OPENSSL_WINDOWS) + /* Initialize Winsock. */ + WORD wsa_version = MAKEWORD(2, 2); + WSADATA wsa_data; + int wsa_err = WSAStartup(wsa_version, &wsa_data); + if (wsa_err != 0) { + fprintf(stderr, "WSAStartup failed: %d\n", wsa_err); + return 1; + } + if (wsa_data.wVersion != wsa_version) { + fprintf(stderr, "Didn't get expected version: %x\n", wsa_data.wVersion); + return 1; + } +#else signal(SIGPIPE, SIG_IGN); #endif if (!SSL_library_init()) { return 1; } - g_ex_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); - if (g_ex_data_index < 0) { + g_config_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); + g_state_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, TestStateExFree); + if (g_config_index < 0 || g_state_index < 0) { return 1; } TestConfig config; if (!ParseConfig(argc - 1, argv + 1, &config)) { - return usage(argv[0]); + return Usage(argv[0]); } - SSL_CTX *ssl_ctx = setup_ctx(&config); - if (ssl_ctx == NULL) { - BIO_print_errors_fp(stdout); + ScopedSSL_CTX ssl_ctx = SetupCtx(&config); + if (!ssl_ctx) { + ERR_print_errors_fp(stderr); return 1; } - SSL_SESSION *session = NULL; - int ret = do_exchange(&session, - ssl_ctx, &config, - false /* is_resume */, - 3 /* fd */, NULL /* session */); - if (ret != 0) { - goto out; + ScopedSSL_SESSION session; + if (!DoExchange(&session, ssl_ctx.get(), &config, false /* is_resume */, + NULL /* session */)) { + ERR_print_errors_fp(stderr); + return 1; } - if (config.resume) { - ret = do_exchange(NULL, - ssl_ctx, &config, - true /* is_resume */, - 4 /* fd */, - config.is_server ? NULL : session); - if (ret != 0) { - goto out; - } + if (config.resume && + !DoExchange(NULL, ssl_ctx.get(), &config, true /* is_resume */, + session.get())) { + ERR_print_errors_fp(stderr); + return 1; } - ret = 0; - -out: - SSL_SESSION_free(session); - SSL_CTX_free(ssl_ctx); - return ret; + return 0; } diff --git a/src/ssl/test/malloc.cc b/src/ssl/test/malloc.cc index 6cc0b33..2ec5582 100644 --- a/src/ssl/test/malloc.cc +++ b/src/ssl/test/malloc.cc @@ -14,15 +14,24 @@ #include +#if defined(__has_feature) +#if __has_feature(address_sanitizer) +#define OPENSSL_ASAN +#endif +#endif + // This file isn't built on ARM or Aarch64 because we link statically in those -// builds and trying to override malloc in a static link doesn't work. -#if defined(__linux__) && !defined(OPENSSL_ARM) && !defined(OPENSSL_AARCH64) +// builds and trying to override malloc in a static link doesn't work. It's also +// disabled on ASan builds as this interferes with ASan's malloc interceptor. +// +// TODO(davidben): See if this and ASan's interceptors can be made to coexist. +#if defined(__linux__) && !defined(OPENSSL_ARM) && \ + !defined(OPENSSL_AARCH64) && !defined(OPENSSL_ASAN) #include +#include #include #include -#include -#include #include @@ -127,4 +136,4 @@ void *realloc(void *ptr, size_t size) { } // extern "C" -#endif /* defined(linux) && !ARM && !AARCH64 */ +#endif /* defined(linux) && !ARM && !AARCH64 && !ASAN */ diff --git a/src/ssl/test/packeted_bio.cc b/src/ssl/test/packeted_bio.cc index 93b2164..e831082 100644 --- a/src/ssl/test/packeted_bio.cc +++ b/src/ssl/test/packeted_bio.cc @@ -15,7 +15,8 @@ #include "packeted_bio.h" #include -#include +#include +#include #include #include @@ -23,58 +24,135 @@ namespace { -extern const BIO_METHOD packeted_bio_method; +extern const BIO_METHOD g_packeted_bio_method; + +const uint8_t kOpcodePacket = 'P'; +const uint8_t kOpcodeTimeout = 'T'; +const uint8_t kOpcodeTimeoutAck = 't'; + +// ReadAll reads |len| bytes from |bio| into |out|. It returns 1 on success and +// 0 or -1 on error. +static int ReadAll(BIO *bio, uint8_t *out, size_t len) { + while (len > 0) { + int chunk_len = INT_MAX; + if (len <= INT_MAX) { + chunk_len = (int)len; + } + int ret = BIO_read(bio, out, chunk_len); + if (ret <= 0) { + return ret; + } + out += ret; + len -= ret; + } + return 1; +} -static int packeted_write(BIO *bio, const char *in, int inl) { +static int PacketedWrite(BIO *bio, const char *in, int inl) { if (bio->next_bio == NULL) { return 0; } BIO_clear_retry_flags(bio); - // Write the length prefix. - uint8_t len_bytes[4]; - len_bytes[0] = (inl >> 24) & 0xff; - len_bytes[1] = (inl >> 16) & 0xff; - len_bytes[2] = (inl >> 8) & 0xff; - len_bytes[3] = inl & 0xff; - int ret = BIO_write(bio->next_bio, len_bytes, sizeof(len_bytes)); + // Write the header. + uint8_t header[5]; + header[0] = kOpcodePacket; + header[1] = (inl >> 24) & 0xff; + header[2] = (inl >> 16) & 0xff; + header[3] = (inl >> 8) & 0xff; + header[4] = inl & 0xff; + int ret = BIO_write(bio->next_bio, header, sizeof(header)); if (ret <= 0) { BIO_copy_next_retry(bio); return ret; } - // Write the buffer. BIOs for which this operation fails are not supported. + // Write the buffer. ret = BIO_write(bio->next_bio, in, inl); + if (ret < 0 || (inl > 0 && ret == 0)) { + BIO_copy_next_retry(bio); + return ret; + } assert(ret == inl); return ret; } -static int packeted_read(BIO *bio, char *out, int outl) { +static int PacketedRead(BIO *bio, char *out, int outl) { if (bio->next_bio == NULL) { return 0; } BIO_clear_retry_flags(bio); + // Read the opcode. + uint8_t opcode; + int ret = ReadAll(bio->next_bio, &opcode, sizeof(opcode)); + if (ret <= 0) { + BIO_copy_next_retry(bio); + return ret; + } + + if (opcode == kOpcodeTimeout) { + // Process the timeout. + uint8_t buf[8]; + ret = ReadAll(bio->next_bio, buf, sizeof(buf)); + if (ret <= 0) { + BIO_copy_next_retry(bio); + return ret; + } + uint64_t timeout = (static_cast(buf[0]) << 56) | + (static_cast(buf[1]) << 48) | + (static_cast(buf[2]) << 40) | + (static_cast(buf[3]) << 32) | + (static_cast(buf[4]) << 24) | + (static_cast(buf[5]) << 16) | + (static_cast(buf[6]) << 8) | + static_cast(buf[7]); + timeout /= 1000; // Convert nanoseconds to microseconds. + timeval *out_timeout = reinterpret_cast(bio->ptr); + assert(out_timeout->tv_usec == 0); + assert(out_timeout->tv_sec == 0); + out_timeout->tv_usec = timeout % 1000000; + out_timeout->tv_sec = timeout / 1000000; + + // Send an ACK to the peer. + ret = BIO_write(bio->next_bio, &kOpcodeTimeoutAck, 1); + if (ret <= 0) { + return ret; + } + assert(ret == 1); + + // Signal to the caller to retry the read, after processing the + // new clock. + BIO_set_retry_read(bio); + return -1; + } + + if (opcode != kOpcodePacket) { + fprintf(stderr, "Unknown opcode, %u\n", opcode); + return -1; + } + // Read the length prefix. uint8_t len_bytes[4]; - int ret = BIO_read(bio->next_bio, &len_bytes, sizeof(len_bytes)); + ret = ReadAll(bio->next_bio, len_bytes, sizeof(len_bytes)); if (ret <= 0) { BIO_copy_next_retry(bio); return ret; } - // BIOs for which a partial length comes back are not supported. - assert(ret == 4); uint32_t len = (len_bytes[0] << 24) | (len_bytes[1] << 16) | (len_bytes[2] << 8) | len_bytes[3]; - char *buf = (char *)OPENSSL_malloc(len); + uint8_t *buf = (uint8_t *)OPENSSL_malloc(len); if (buf == NULL) { return -1; } - ret = BIO_read(bio->next_bio, buf, len); - assert(ret == (int)len); + ret = ReadAll(bio->next_bio, buf, len); + if (ret <= 0) { + fprintf(stderr, "Packeted BIO was truncated\n"); + return -1; + } if (outl > (int)len) { outl = len; @@ -84,7 +162,7 @@ static int packeted_read(BIO *bio, char *out, int outl) { return outl; } -static long packeted_ctrl(BIO *bio, int cmd, long num, void *ptr) { +static long PacketedCtrl(BIO *bio, int cmd, long num, void *ptr) { if (bio->next_bio == NULL) { return 0; } @@ -94,12 +172,12 @@ static long packeted_ctrl(BIO *bio, int cmd, long num, void *ptr) { return ret; } -static int packeted_new(BIO *bio) { +static int PacketedNew(BIO *bio) { bio->init = 1; return 1; } -static int packeted_free(BIO *bio) { +static int PacketedFree(BIO *bio) { if (bio == NULL) { return 0; } @@ -108,28 +186,33 @@ static int packeted_free(BIO *bio) { return 1; } -static long packeted_callback_ctrl(BIO *bio, int cmd, bio_info_cb fp) { +static long PacketedCallbackCtrl(BIO *bio, int cmd, bio_info_cb fp) { if (bio->next_bio == NULL) { return 0; } return BIO_callback_ctrl(bio->next_bio, cmd, fp); } -const BIO_METHOD packeted_bio_method = { +const BIO_METHOD g_packeted_bio_method = { BIO_TYPE_FILTER, "packeted bio", - packeted_write, - packeted_read, + PacketedWrite, + PacketedRead, NULL /* puts */, NULL /* gets */, - packeted_ctrl, - packeted_new, - packeted_free, - packeted_callback_ctrl, + PacketedCtrl, + PacketedNew, + PacketedFree, + PacketedCallbackCtrl, }; } // namespace -BIO *packeted_bio_create() { - return BIO_new(&packeted_bio_method); +ScopedBIO PacketedBioCreate(timeval *out_timeout) { + ScopedBIO bio(BIO_new(&g_packeted_bio_method)); + if (!bio) { + return nullptr; + } + bio->ptr = out_timeout; + return bio; } diff --git a/src/ssl/test/packeted_bio.h b/src/ssl/test/packeted_bio.h index 384bd64..30697a5 100644 --- a/src/ssl/test/packeted_bio.h +++ b/src/ssl/test/packeted_bio.h @@ -15,18 +15,30 @@ #ifndef HEADER_PACKETED_BIO #define HEADER_PACKETED_BIO +#include #include +#include "../../crypto/test/scoped_types.h" -// packeted_bio_create creates a filter BIO for testing protocols which expect -// datagram BIOs. It implements a reliable datagram socket and reads and writes -// packets by prefixing each packet with a big-endian 32-bit length. It must be -// layered over a reliable blocking stream BIO. +#if defined(OPENSSL_WINDOWS) +#pragma warning(push, 3) +#include +#pragma warning(pop) +#else +#include +#endif + + +// PacketedBioCreate creates a filter BIO which implements a reliable in-order +// blocking datagram socket. The resulting BIO, on |BIO_read|, may simulate a +// timeout which sets |*out_timeout| to the timeout and fails the read. +// |*out_timeout| must be zero on entry to |BIO_read|; it is an error to not +// apply the timeout before the next |BIO_read|. // -// Note: packeted_bio_create exists because a SOCK_DGRAM socketpair on OS X is -// does not block the caller, unlike on Linux. Writes simply fail with -// ENOBUFS. POSIX also does not guarantee that such sockets are reliable. -BIO *packeted_bio_create(); +// Note: The read timeout simulation is intended to be used with the async BIO +// wrapper. It doesn't simulate BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, used in DTLS's +// blocking mode. +ScopedBIO PacketedBioCreate(timeval *out_timeout); #endif // HEADER_PACKETED_BIO diff --git a/src/ssl/test/runner/chacha20_poly1305.go b/src/ssl/test/runner/chacha20_poly1305.go new file mode 100644 index 0000000..42911d4 --- /dev/null +++ b/src/ssl/test/runner/chacha20_poly1305.go @@ -0,0 +1,159 @@ +package main + +import ( + "crypto/cipher" + "crypto/subtle" + "encoding/binary" + "errors" +) + +// See draft-agl-tls-chacha20poly1305-04 and +// draft-irtf-cfrg-chacha20-poly1305-10. Where the two differ, the +// draft-agl-tls-chacha20poly1305-04 variant is implemented. + +func leftRotate(a uint32, n uint) uint32 { + return (a << n) | (a >> (32 - n)) +} + +func chaChaQuarterRound(state *[16]uint32, a, b, c, d int) { + state[a] += state[b] + state[d] = leftRotate(state[d]^state[a], 16) + + state[c] += state[d] + state[b] = leftRotate(state[b]^state[c], 12) + + state[a] += state[b] + state[d] = leftRotate(state[d]^state[a], 8) + + state[c] += state[d] + state[b] = leftRotate(state[b]^state[c], 7) +} + +func chaCha20Block(state *[16]uint32, out []byte) { + var workingState [16]uint32 + copy(workingState[:], state[:]) + for i := 0; i < 10; i++ { + chaChaQuarterRound(&workingState, 0, 4, 8, 12) + chaChaQuarterRound(&workingState, 1, 5, 9, 13) + chaChaQuarterRound(&workingState, 2, 6, 10, 14) + chaChaQuarterRound(&workingState, 3, 7, 11, 15) + chaChaQuarterRound(&workingState, 0, 5, 10, 15) + chaChaQuarterRound(&workingState, 1, 6, 11, 12) + chaChaQuarterRound(&workingState, 2, 7, 8, 13) + chaChaQuarterRound(&workingState, 3, 4, 9, 14) + } + for i := 0; i < 16; i++ { + binary.LittleEndian.PutUint32(out[i*4:i*4+4], workingState[i]+state[i]) + } +} + +// sliceForAppend takes a slice and a requested number of bytes. It returns a +// slice with the contents of the given slice followed by that many bytes and a +// second slice that aliases into it and contains only the extra bytes. If the +// original slice has sufficient capacity then no allocation is performed. +func sliceForAppend(in []byte, n int) (head, tail []byte) { + if total := len(in) + n; cap(in) >= total { + head = in[:total] + } else { + head = make([]byte, total) + copy(head, in) + } + tail = head[len(in):] + return +} + +type chaCha20Poly1305 struct { + key [32]byte +} + +func newChaCha20Poly1305(key []byte) (cipher.AEAD, error) { + if len(key) != 32 { + return nil, errors.New("bad key length") + } + aead := new(chaCha20Poly1305) + copy(aead.key[:], key) + return aead, nil +} + +func (c *chaCha20Poly1305) NonceSize() int { return 8 } +func (c *chaCha20Poly1305) Overhead() int { return 16 } + +func (c *chaCha20Poly1305) chaCha20(out, in, nonce []byte, counter uint64) { + var state [16]uint32 + state[0] = 0x61707865 + state[1] = 0x3320646e + state[2] = 0x79622d32 + state[3] = 0x6b206574 + for i := 0; i < 8; i++ { + state[4+i] = binary.LittleEndian.Uint32(c.key[i*4 : i*4+4]) + } + state[14] = binary.LittleEndian.Uint32(nonce[0:4]) + state[15] = binary.LittleEndian.Uint32(nonce[4:8]) + + for i := 0; i < len(in); i += 64 { + state[12] = uint32(counter & 0xffffffff) + state[13] = uint32(counter >> 32) + + var tmp [64]byte + chaCha20Block(&state, tmp[:]) + count := 64 + if len(in)-i < count { + count = len(in) - i + } + for j := 0; j < count; j++ { + out[i+j] = in[i+j] ^ tmp[j] + } + + counter++ + } +} + +func (c *chaCha20Poly1305) poly1305(tag *[16]byte, nonce, ciphertext, additionalData []byte) { + input := make([]byte, 0, len(additionalData)+8+len(ciphertext)+8) + input = append(input, additionalData...) + input, out := sliceForAppend(input, 8) + binary.LittleEndian.PutUint64(out, uint64(len(additionalData))) + input = append(input, ciphertext...) + input, out = sliceForAppend(input, 8) + binary.LittleEndian.PutUint64(out, uint64(len(ciphertext))) + + var poly1305Key [32]byte + c.chaCha20(poly1305Key[:], poly1305Key[:], nonce, 0) + + poly1305Sum(tag, input, &poly1305Key) +} + +func (c *chaCha20Poly1305) Seal(dst, nonce, plaintext, additionalData []byte) []byte { + if len(nonce) != 8 { + panic("Bad nonce length") + } + + ret, out := sliceForAppend(dst, len(plaintext)+16) + c.chaCha20(out[:len(plaintext)], plaintext, nonce, 1) + + var tag [16]byte + c.poly1305(&tag, nonce, out[:len(plaintext)], additionalData) + copy(out[len(plaintext):], tag[:]) + + return ret +} + +func (c *chaCha20Poly1305) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) { + if len(nonce) != 8 { + panic("Bad nonce length") + } + if len(ciphertext) < 16 { + return nil, errors.New("chacha20: message authentication failed") + } + plaintextLen := len(ciphertext) - 16 + + var tag [16]byte + c.poly1305(&tag, nonce, ciphertext[:plaintextLen], additionalData) + if subtle.ConstantTimeCompare(tag[:], ciphertext[plaintextLen:]) != 1 { + return nil, errors.New("chacha20: message authentication failed") + } + + ret, out := sliceForAppend(dst, plaintextLen) + c.chaCha20(out, ciphertext[:plaintextLen], nonce, 1) + return ret, nil +} diff --git a/src/ssl/test/runner/chacha20_poly1305_test.go b/src/ssl/test/runner/chacha20_poly1305_test.go new file mode 100644 index 0000000..726f482 --- /dev/null +++ b/src/ssl/test/runner/chacha20_poly1305_test.go @@ -0,0 +1,99 @@ +package main + +import ( + "bytes" + "encoding/hex" + "testing" +) + +// See draft-irtf-cfrg-chacha20-poly1305-10, section 2.1.1. +func TestChaChaQuarterRound(t *testing.T) { + state := [16]uint32{0x11111111, 0x01020304, 0x9b8d6f43, 0x01234567} + chaChaQuarterRound(&state, 0, 1, 2, 3) + + a, b, c, d := state[0], state[1], state[2], state[3] + if a != 0xea2a92f4 || b != 0xcb1cf8ce || c != 0x4581472e || d != 0x5881c4bb { + t.Errorf("Incorrect results: %x", state) + } +} + +// See draft-irtf-cfrg-chacha20-poly1305-10, section 2.2.1. +func TestChaChaQuarterRoundState(t *testing.T) { + state := [16]uint32{ + 0x879531e0, 0xc5ecf37d, 0x516461b1, 0xc9a62f8a, + 0x44c20ef3, 0x3390af7f, 0xd9fc690b, 0x2a5f714c, + 0x53372767, 0xb00a5631, 0x974c541a, 0x359e9963, + 0x5c971061, 0x3d631689, 0x2098d9d6, 0x91dbd320, + } + chaChaQuarterRound(&state, 2, 7, 8, 13) + + expected := [16]uint32{ + 0x879531e0, 0xc5ecf37d, 0xbdb886dc, 0xc9a62f8a, + 0x44c20ef3, 0x3390af7f, 0xd9fc690b, 0xcfacafd2, + 0xe46bea80, 0xb00a5631, 0x974c541a, 0x359e9963, + 0x5c971061, 0xccc07c79, 0x2098d9d6, 0x91dbd320, + } + for i := range state { + if state[i] != expected[i] { + t.Errorf("Mismatch at %d: %x vs %x", i, state, expected) + } + } +} + +// See draft-irtf-cfrg-chacha20-poly1305-10, section 2.3.2. +func TestChaCha20Block(t *testing.T) { + state := [16]uint32{ + 0x61707865, 0x3320646e, 0x79622d32, 0x6b206574, + 0x03020100, 0x07060504, 0x0b0a0908, 0x0f0e0d0c, + 0x13121110, 0x17161514, 0x1b1a1918, 0x1f1e1d1c, + 0x00000001, 0x09000000, 0x4a000000, 0x00000000, + } + out := make([]byte, 64) + chaCha20Block(&state, out) + + expected := []byte{ + 0x10, 0xf1, 0xe7, 0xe4, 0xd1, 0x3b, 0x59, 0x15, + 0x50, 0x0f, 0xdd, 0x1f, 0xa3, 0x20, 0x71, 0xc4, + 0xc7, 0xd1, 0xf4, 0xc7, 0x33, 0xc0, 0x68, 0x03, + 0x04, 0x22, 0xaa, 0x9a, 0xc3, 0xd4, 0x6c, 0x4e, + 0xd2, 0x82, 0x64, 0x46, 0x07, 0x9f, 0xaa, 0x09, + 0x14, 0xc2, 0xd7, 0x05, 0xd9, 0x8b, 0x02, 0xa2, + 0xb5, 0x12, 0x9c, 0xd1, 0xde, 0x16, 0x4e, 0xb9, + 0xcb, 0xd0, 0x83, 0xe8, 0xa2, 0x50, 0x3c, 0x4e, + } + if !bytes.Equal(out, expected) { + t.Errorf("Got %x, wanted %x", out, expected) + } +} + +// See draft-agl-tls-chacha20poly1305-04, section 7. +func TestChaCha20Poly1305(t *testing.T) { + key, _ := hex.DecodeString("4290bcb154173531f314af57f3be3b5006da371ece272afa1b5dbdd1100a1007") + input, _ := hex.DecodeString("86d09974840bded2a5ca") + nonce, _ := hex.DecodeString("cd7cf67be39c794a") + ad, _ := hex.DecodeString("87e229d4500845a079c0") + output, _ := hex.DecodeString("e3e446f7ede9a19b62a4677dabf4e3d24b876bb284753896e1d6") + + aead, err := newChaCha20Poly1305(key) + if err != nil { + t.Fatal(err) + } + + out, err := aead.Open(nil, nonce, output, ad) + if err != nil { + t.Errorf("Open failed: %s", err) + } else if !bytes.Equal(out, input) { + t.Errorf("Open gave %x, wanted %x", out, input) + } + + out = aead.Seal(nil, nonce, input, ad) + if !bytes.Equal(out, output) { + t.Errorf("Open gave %x, wanted %x", out, output) + } + + out[0]++ + _, err = aead.Open(nil, nonce, out, ad) + if err == nil { + t.Errorf("Open on malformed data unexpectedly succeeded") + } +} diff --git a/src/ssl/test/runner/cipher_suites.go b/src/ssl/test/runner/cipher_suites.go index 89e75c8..162c0c0 100644 --- a/src/ssl/test/runner/cipher_suites.go +++ b/src/ssl/test/runner/cipher_suites.go @@ -62,6 +62,11 @@ const ( suitePSK ) +type tlsAead struct { + cipher.AEAD + explicitNonce bool +} + // A cipherSuite is a specific combination of key agreement, cipher and MAC // function. All cipher suites currently assume RSA key agreement. type cipherSuite struct { @@ -75,12 +80,14 @@ type cipherSuite struct { flags int cipher func(key, iv []byte, isRead bool) interface{} mac func(version uint16, macKey []byte) macFunction - aead func(key, fixedNonce []byte) cipher.AEAD + aead func(key, fixedNonce []byte) *tlsAead } var cipherSuites = []*cipherSuite{ // Ciphersuite order is chosen so that ECDHE comes before plain RSA // and RC4 comes before AES (because of the Lucky13 attack). + {TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 32, 0, 0, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12, nil, nil, aeadCHACHA20POLY1305}, + {TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 32, 0, 0, ecdheRSAKA, suiteECDHE | suiteTLS12, nil, nil, aeadCHACHA20POLY1305}, {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, ecdheRSAKA, suiteECDHE | suiteTLS12, nil, nil, aeadAESGCM}, {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12, nil, nil, aeadAESGCM}, {TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, ecdheRSAKA, suiteECDHE | suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM}, @@ -95,6 +102,7 @@ var cipherSuites = []*cipherSuite{ {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 32, 48, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12 | suiteSHA384, cipherAES, macSHA384, nil}, {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, ecdheRSAKA, suiteECDHE, cipherAES, macSHA1, nil}, {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 32, 20, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA, cipherAES, macSHA1, nil}, + {TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 32, 0, 0, dheRSAKA, suiteTLS12, nil, nil, aeadCHACHA20POLY1305}, {TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, dheRSAKA, suiteTLS12, nil, nil, aeadAESGCM}, {TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, dheRSAKA, suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM}, {TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, dheRSAKA, suiteTLS12, cipherAES, macSHA256, nil}, @@ -216,7 +224,7 @@ func (f *fixedNonceAEAD) Open(out, nonce, plaintext, additionalData []byte) ([]b return f.aead.Open(out, f.openNonce, plaintext, additionalData) } -func aeadAESGCM(key, fixedNonce []byte) cipher.AEAD { +func aeadAESGCM(key, fixedNonce []byte) *tlsAead { aes, err := aes.NewCipher(key) if err != nil { panic(err) @@ -230,7 +238,15 @@ func aeadAESGCM(key, fixedNonce []byte) cipher.AEAD { copy(nonce1, fixedNonce) copy(nonce2, fixedNonce) - return &fixedNonceAEAD{nonce1, nonce2, aead} + return &tlsAead{&fixedNonceAEAD{nonce1, nonce2, aead}, true} +} + +func aeadCHACHA20POLY1305(key, fixedNonce []byte) *tlsAead { + aead, err := newChaCha20Poly1305(key) + if err != nil { + panic(err) + } + return &tlsAead{aead, false} } // ssl30MAC implements the SSLv3 MAC function, as defined in @@ -289,7 +305,7 @@ func (s tls10MAC) MAC(digestBuf, seq, header, length, data []byte) []byte { } func rsaKA(version uint16) keyAgreement { - return &rsaKeyAgreement{} + return &rsaKeyAgreement{version: version} } func ecdheECDSAKA(version uint16) keyAgreement { @@ -391,5 +407,8 @@ const ( // Additional cipher suite IDs, not IANA-assigned. const ( - TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 uint16 = 0xcafe + TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 uint16 = 0xcafe + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xcc13 + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xcc14 + TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xcc15 ) diff --git a/src/ssl/test/runner/common.go b/src/ssl/test/runner/common.go index 7aaf9a2..4ac7250 100644 --- a/src/ssl/test/runner/common.go +++ b/src/ssl/test/runner/common.go @@ -97,6 +97,7 @@ const ( type CurveID uint16 const ( + CurveP224 CurveID = 21 CurveP256 CurveID = 23 CurveP384 CurveID = 24 CurveP521 CurveID = 25 @@ -429,15 +430,32 @@ type ProtocolBugs struct { // ServerKeyExchange. UnauthenticatedECDH bool + // SkipHelloVerifyRequest causes a DTLS server to skip the + // HelloVerifyRequest message. + SkipHelloVerifyRequest bool + + // SkipCertificateStatus, if true, causes the server to skip the + // CertificateStatus message. This is legal because CertificateStatus is + // optional, even with a status_request in ServerHello. + SkipCertificateStatus bool + // SkipServerKeyExchange causes the server to skip sending // ServerKeyExchange messages. SkipServerKeyExchange bool + // SkipNewSessionTicket causes the server to skip sending the + // NewSessionTicket message despite promising to in ServerHello. + SkipNewSessionTicket bool + // SkipChangeCipherSpec causes the implementation to skip // sending the ChangeCipherSpec message (and adjusting cipher // state accordingly for the Finished message). SkipChangeCipherSpec bool + // SkipFinished causes the implementation to skip sending the Finished + // message. + SkipFinished bool + // EarlyChangeCipherSpec causes the client to send an early // ChangeCipherSpec message before the ClientKeyExchange. A value of // zero disables this behavior. One and two configure variants for 0.9.8 @@ -449,10 +467,6 @@ type ProtocolBugs struct { // messages. FragmentAcrossChangeCipherSpec bool - // SkipNewSessionTicket causes the server to skip sending the - // NewSessionTicket message despite promising to in ServerHello. - SkipNewSessionTicket bool - // SendV2ClientHello causes the client to send a V2ClientHello // instead of a normal ClientHello. SendV2ClientHello bool @@ -475,8 +489,9 @@ type ProtocolBugs struct { // two records. FragmentAlert bool - // SendSpuriousAlert will cause an spurious, unwanted alert to be sent. - SendSpuriousAlert bool + // SendSpuriousAlert, if non-zero, will cause an spurious, unwanted + // alert to be sent. + SendSpuriousAlert alert // RsaClientKeyExchangeVersion, if non-zero, causes the client to send a // ClientKeyExchange with the specified version rather than the @@ -491,16 +506,19 @@ type ProtocolBugs struct { // TLS version in the ClientHello than the maximum supported version. SendClientVersion uint16 - // SkipHelloVerifyRequest causes a DTLS server to skip the - // HelloVerifyRequest message. - SkipHelloVerifyRequest bool - // ExpectFalseStart causes the server to, on full handshakes, // expect the peer to False Start; the server Finished message // isn't sent until we receive an application data record // from the peer. ExpectFalseStart bool + // AlertBeforeFalseStartTest, if non-zero, causes the server to, on full + // handshakes, send an alert just before reading the application data + // record to test False Start. This can be used in a negative False + // Start test to determine whether the peer processed the alert (and + // closed the connection) before or after sending app data. + AlertBeforeFalseStartTest alert + // SSL3RSAKeyExchange causes the client to always send an RSA // ClientKeyExchange message without the two-byte length // prefix, as if it were SSL3. @@ -557,9 +575,10 @@ type ProtocolBugs struct { // retransmit at the record layer. SequenceNumberIncrement uint64 - // RSAServerKeyExchange, if true, causes the server to send a - // ServerKeyExchange message in the plain RSA key exchange. - RSAServerKeyExchange bool + // RSAEphemeralKey, if true, causes the server to send a + // ServerKeyExchange message containing an ephemeral key (as in + // RSA_EXPORT) in the plain RSA key exchange. + RSAEphemeralKey bool // SRTPMasterKeyIdentifer, if not empty, is the SRTP MKI value that the // client offers when negotiating SRTP. MKI support is still missing so @@ -578,6 +597,10 @@ type ProtocolBugs struct { // still be enforced. NoSignatureAndHashes bool + // NoSupportedCurves, if true, causes the client to omit the + // supported_curves extension. + NoSupportedCurves bool + // RequireSameRenegoClientVersion, if true, causes the server // to require that all ClientHellos match in offered version // across a renego. @@ -603,6 +626,87 @@ type ProtocolBugs struct { // AppDataAfterChangeCipherSpec, if not null, causes application data to // be sent immediately after ChangeCipherSpec. AppDataAfterChangeCipherSpec []byte + + // AlertAfterChangeCipherSpec, if non-zero, causes an alert to be sent + // immediately after ChangeCipherSpec. + AlertAfterChangeCipherSpec alert + + // TimeoutSchedule is the schedule of packet drops and simulated + // timeouts for before each handshake leg from the peer. + TimeoutSchedule []time.Duration + + // PacketAdaptor is the packetAdaptor to use to simulate timeouts. + PacketAdaptor *packetAdaptor + + // ReorderHandshakeFragments, if true, causes handshake fragments in + // DTLS to overlap and be sent in the wrong order. It also causes + // pre-CCS flights to be sent twice. (Post-CCS flights consist of + // Finished and will trigger a spurious retransmit.) + ReorderHandshakeFragments bool + + // MixCompleteMessageWithFragments, if true, causes handshake + // messages in DTLS to redundantly both fragment the message + // and include a copy of the full one. + MixCompleteMessageWithFragments bool + + // SendInvalidRecordType, if true, causes a record with an invalid + // content type to be sent immediately following the handshake. + SendInvalidRecordType bool + + // WrongCertificateMessageType, if true, causes Certificate message to + // be sent with the wrong message type. + WrongCertificateMessageType bool + + // FragmentMessageTypeMismatch, if true, causes all non-initial + // handshake fragments in DTLS to have the wrong message type. + FragmentMessageTypeMismatch bool + + // FragmentMessageLengthMismatch, if true, causes all non-initial + // handshake fragments in DTLS to have the wrong message length. + FragmentMessageLengthMismatch bool + + // SplitFragmentHeader, if true, causes the handshake fragments in DTLS + // to be split across two records. + SplitFragmentHeader bool + + // SplitFragmentBody, if true, causes the handshake bodies in DTLS to be + // split across two records. + // + // TODO(davidben): There's one final split to test: when the header and + // body are split across two records. But those are (incorrectly) + // accepted right now. + SplitFragmentBody bool + + // SendEmptyFragments, if true, causes handshakes to include empty + // fragments in DTLS. + SendEmptyFragments bool + + // NeverResumeOnRenego, if true, causes renegotiations to always be full + // handshakes. + NeverResumeOnRenego bool + + // NoSignatureAlgorithmsOnRenego, if true, causes renegotiations to omit + // the signature_algorithms extension. + NoSignatureAlgorithmsOnRenego bool + + // IgnorePeerCipherPreferences, if true, causes the peer's cipher + // preferences to be ignored. + IgnorePeerCipherPreferences bool + + // IgnorePeerSignatureAlgorithmPreferences, if true, causes the peer's + // signature algorithm preferences to be ignored. + IgnorePeerSignatureAlgorithmPreferences bool + + // IgnorePeerCurvePreferences, if true, causes the peer's curve + // preferences to be ignored. + IgnorePeerCurvePreferences bool + + // SendWarningAlerts, if non-zero, causes every record to be prefaced by + // a warning alert. + SendWarningAlerts alert + + // BadFinished, if true, causes the Finished hash to be broken. + BadFinished bool } func (c *Config) serverInit() { diff --git a/src/ssl/test/runner/conn.go b/src/ssl/test/runner/conn.go index d4a6817..fd198ca 100644 --- a/src/ssl/test/runner/conn.go +++ b/src/ssl/test/runner/conn.go @@ -37,14 +37,16 @@ type Conn struct { handshakeComplete bool didResume bool // whether this connection was a session resumption extendedMasterSecret bool // whether this session used an extended master secret - cipherSuite uint16 + cipherSuite *cipherSuite ocspResponse []byte // stapled OCSP response peerCertificates []*x509.Certificate // verifiedChains contains the certificate chains that we built, as // opposed to the ones presented by the server. verifiedChains [][]*x509.Certificate // serverName contains the server name indicated by the client, if any. - serverName string + serverName string + clientRandom, serverRandom [32]byte + masterSecret [48]byte clientProtocol string clientProtocolFallback bool @@ -69,8 +71,9 @@ type Conn struct { // DTLS state sendHandshakeSeq uint16 recvHandshakeSeq uint16 - handMsg []byte // pending assembled handshake message - handMsgLen int // handshake message length, not including the header + handMsg []byte // pending assembled handshake message + handMsgLen int // handshake message length, not including the header + pendingFragments [][]byte // pending outgoing handshake fragments. tmp [16]byte } @@ -131,6 +134,7 @@ type halfConn struct { nextCipher interface{} // next encryption state nextMac macFunction // next MAC algorithm + nextSeq [6]byte // next epoch's starting sequence number in DTLS // used to save allocating a new buffer for each MAC. inDigestBuf, outDigestBuf []byte @@ -200,10 +204,20 @@ func (hc *halfConn) incSeq(isOutgoing bool) { } } -// incEpoch resets the sequence number. In DTLS, it increments the -// epoch half of the sequence number. +// incNextSeq increments the starting sequence number for the next epoch. +func (hc *halfConn) incNextSeq() { + for i := len(hc.nextSeq) - 1; i >= 0; i-- { + hc.nextSeq[i]++ + if hc.nextSeq[i] != 0 { + return + } + } + panic("TLS: sequence number wraparound") +} + +// incEpoch resets the sequence number. In DTLS, it also increments the epoch +// half of the sequence number. func (hc *halfConn) incEpoch() { - limit := 0 if hc.isDTLS { for i := 1; i >= 0; i-- { hc.seq[i]++ @@ -214,11 +228,14 @@ func (hc *halfConn) incEpoch() { panic("TLS: epoch number wraparound") } } - limit = 2 - } - seq := hc.seq[limit:] - for i := range seq { - seq[i] = 0 + copy(hc.seq[2:], hc.nextSeq[:]) + for i := range hc.nextSeq { + hc.nextSeq[i] = 0 + } + } else { + for i := range hc.seq { + hc.seq[i] = 0 + } } } @@ -321,13 +338,16 @@ func (hc *halfConn) decrypt(b *block) (ok bool, prefixLen int, alertValue alert) switch c := hc.cipher.(type) { case cipher.Stream: c.XORKeyStream(payload, payload) - case cipher.AEAD: - explicitIVLen = 8 - if len(payload) < explicitIVLen { - return false, 0, alertBadRecordMAC + case *tlsAead: + nonce := seq + if c.explicitNonce { + explicitIVLen = 8 + if len(payload) < explicitIVLen { + return false, 0, alertBadRecordMAC + } + nonce = payload[:8] + payload = payload[8:] } - nonce := payload[:8] - payload = payload[8:] var additionalData [13]byte copy(additionalData[:], seq) @@ -451,10 +471,13 @@ func (hc *halfConn) encrypt(b *block, explicitIVLen int) (bool, alert) { switch c := hc.cipher.(type) { case cipher.Stream: c.XORKeyStream(payload, payload) - case cipher.AEAD: + case *tlsAead: payloadLen := len(b.data) - recordHeaderLen - explicitIVLen b.resize(len(b.data) + c.Overhead()) - nonce := b.data[recordHeaderLen : recordHeaderLen+explicitIVLen] + nonce := hc.seq[:] + if c.explicitNonce { + nonce = b.data[recordHeaderLen : recordHeaderLen+explicitIVLen] + } payload := b.data[recordHeaderLen+explicitIVLen:] payload = payload[:payloadLen] @@ -756,11 +779,8 @@ Again: if typ != want { // A client might need to process a HelloRequest from // the server, thus receiving a handshake message when - // application data is expected is ok. Moreover, a DTLS - // peer who sends Finished second may retransmit the - // final leg. BoringSSL retrainsmits on an internal - // timer, so this may also occur in test code. - if !c.isClient && !c.isDTLS { + // application data is expected is ok. + if !c.isClient { return c.in.setErrorLocked(c.sendAlert(alertNoRenegotiation)) } } @@ -817,6 +837,13 @@ func (c *Conn) writeV2Record(data []byte) (n int, err error) { // to the connection and updates the record layer state. // c.out.Mutex <= L. func (c *Conn) writeRecord(typ recordType, data []byte) (n int, err error) { + if typ != recordTypeAlert && c.config.Bugs.SendWarningAlerts != 0 { + alert := make([]byte, 2) + alert[0] = alertLevelWarning + alert[1] = byte(c.config.Bugs.SendWarningAlerts) + c.writeRecord(recordTypeAlert, alert) + } + if c.isDTLS { return c.dtlsWriteRecord(typ, data) } @@ -851,7 +878,7 @@ func (c *Conn) writeRecord(typ recordType, data []byte) (n int, err error) { } } if explicitIVLen == 0 { - if _, ok := c.out.cipher.(cipher.AEAD); ok { + if aead, ok := c.out.cipher.(*tlsAead); ok && aead.explicitNonce { explicitIVLen = 8 // The AES-GCM construction in TLS has an // explicit nonce so that the nonce can be @@ -1003,6 +1030,67 @@ func (c *Conn) readHandshake() (interface{}, error) { return m, nil } +// skipPacket processes all the DTLS records in packet. It updates +// sequence number expectations but otherwise ignores them. +func (c *Conn) skipPacket(packet []byte) error { + for len(packet) > 0 { + // Dropped packets are completely ignored save to update + // expected sequence numbers for this and the next epoch. (We + // don't assert on the contents of the packets both for + // simplicity and because a previous test with one shorter + // timeout schedule would have done so.) + epoch := packet[3:5] + seq := packet[5:11] + length := uint16(packet[11])<<8 | uint16(packet[12]) + if bytes.Equal(c.in.seq[:2], epoch) { + if !bytes.Equal(c.in.seq[2:], seq) { + return errors.New("tls: sequence mismatch") + } + c.in.incSeq(false) + } else { + if !bytes.Equal(c.in.nextSeq[:], seq) { + return errors.New("tls: sequence mismatch") + } + c.in.incNextSeq() + } + packet = packet[13+length:] + } + return nil +} + +// simulatePacketLoss simulates the loss of a handshake leg from the +// peer based on the schedule in c.config.Bugs. If resendFunc is +// non-nil, it is called after each simulated timeout to retransmit +// handshake messages from the local end. This is used in cases where +// the peer retransmits on a stale Finished rather than a timeout. +func (c *Conn) simulatePacketLoss(resendFunc func()) error { + if len(c.config.Bugs.TimeoutSchedule) == 0 { + return nil + } + if !c.isDTLS { + return errors.New("tls: TimeoutSchedule may only be set in DTLS") + } + if c.config.Bugs.PacketAdaptor == nil { + return errors.New("tls: TimeoutSchedule set without PacketAdapter") + } + for _, timeout := range c.config.Bugs.TimeoutSchedule { + // Simulate a timeout. + packets, err := c.config.Bugs.PacketAdaptor.SendReadTimeout(timeout) + if err != nil { + return err + } + for _, packet := range packets { + if err := c.skipPacket(packet); err != nil { + return err + } + } + if resendFunc != nil { + resendFunc() + } + } + return nil +} + // Write writes data to the connection. func (c *Conn) Write(b []byte) (int, error) { if err := c.Handshake(); err != nil { @@ -1020,8 +1108,8 @@ func (c *Conn) Write(b []byte) (int, error) { return 0, alertInternalError } - if c.config.Bugs.SendSpuriousAlert { - c.sendAlertLocked(alertRecordOverflow) + if c.config.Bugs.SendSpuriousAlert != 0 { + c.sendAlertLocked(c.config.Bugs.SendSpuriousAlert) } // SSL 3.0 and TLS 1.0 are susceptible to a chosen-plaintext @@ -1096,9 +1184,9 @@ func (c *Conn) Read(b []byte) (n int, err error) { // Soft error, like EAGAIN return 0, err } - if c.hand.Len() > 0 && !c.isDTLS { + if c.hand.Len() > 0 { // We received handshake bytes, indicating the - // start of a renegotiation or a DTLS retransmit. + // start of a renegotiation. if err := c.handleRenegotiation(); err != nil { return 0, err } @@ -1177,6 +1265,9 @@ func (c *Conn) Handshake() error { } else { c.handshakeErr = c.serverHandshake() } + if c.handshakeErr == nil && c.config.Bugs.SendInvalidRecordType { + c.writeRecord(recordType(42), []byte("invalid record")) + } return c.handshakeErr } @@ -1193,7 +1284,7 @@ func (c *Conn) ConnectionState() ConnectionState { state.DidResume = c.didResume state.NegotiatedProtocolIsMutual = !c.clientProtocolFallback state.NegotiatedProtocolFromALPN = c.usedALPN - state.CipherSuite = c.cipherSuite + state.CipherSuite = c.cipherSuite.id state.PeerCertificates = c.peerCertificates state.VerifiedChains = c.verifiedChains state.ServerName = c.serverName @@ -1227,3 +1318,28 @@ func (c *Conn) VerifyHostname(host string) error { } return c.peerCertificates[0].VerifyHostname(host) } + +// ExportKeyingMaterial exports keying material from the current connection +// state, as per RFC 5705. +func (c *Conn) ExportKeyingMaterial(length int, label, context []byte, useContext bool) ([]byte, error) { + c.handshakeMutex.Lock() + defer c.handshakeMutex.Unlock() + if !c.handshakeComplete { + return nil, errors.New("tls: handshake has not yet been performed") + } + + seedLen := len(c.clientRandom) + len(c.serverRandom) + if useContext { + seedLen += 2 + len(context) + } + seed := make([]byte, 0, seedLen) + seed = append(seed, c.clientRandom[:]...) + seed = append(seed, c.serverRandom[:]...) + if useContext { + seed = append(seed, byte(len(context)>>8), byte(len(context))) + seed = append(seed, context...) + } + result := make([]byte, length) + prfForVersion(c.vers, c.cipherSuite)(result, c.masterSecret[:], label, seed) + return result, nil +} diff --git a/src/ssl/test/runner/dtls.go b/src/ssl/test/runner/dtls.go index a395980..85c4247 100644 --- a/src/ssl/test/runner/dtls.go +++ b/src/ssl/test/runner/dtls.go @@ -16,10 +16,10 @@ package main import ( "bytes" - "crypto/cipher" "errors" "fmt" "io" + "math/rand" "net" ) @@ -38,7 +38,6 @@ func wireToVersion(vers uint16, isDTLS bool) uint16 { } func (c *Conn) dtlsDoReadRecord(want recordType) (recordType, *block, error) { -Again: recordHeaderLen := dtlsRecordHeaderLen if c.rawInput == nil { @@ -82,13 +81,6 @@ Again: } } seq := b.data[3:11] - if !bytes.Equal(seq[:2], c.in.seq[:2]) { - // If the epoch didn't match, silently drop the record. - // BoringSSL retransmits on an internal timer, so it may flakily - // revisit the previous epoch if retransmiting ChangeCipherSpec - // and Finished. - goto Again - } // For test purposes, we assume a reliable channel. Require // that the explicit sequence number matches the incrementing // one we maintain. A real implementation would maintain a @@ -113,127 +105,196 @@ Again: return typ, b, nil } +func (c *Conn) makeFragment(header, data []byte, fragOffset, fragLen int) []byte { + fragment := make([]byte, 0, 12+fragLen) + fragment = append(fragment, header...) + fragment = append(fragment, byte(c.sendHandshakeSeq>>8), byte(c.sendHandshakeSeq)) + fragment = append(fragment, byte(fragOffset>>16), byte(fragOffset>>8), byte(fragOffset)) + fragment = append(fragment, byte(fragLen>>16), byte(fragLen>>8), byte(fragLen)) + fragment = append(fragment, data[fragOffset:fragOffset+fragLen]...) + return fragment +} + func (c *Conn) dtlsWriteRecord(typ recordType, data []byte) (n int, err error) { - recordHeaderLen := dtlsRecordHeaderLen + if typ != recordTypeHandshake { + // Only handshake messages are fragmented. + return c.dtlsWriteRawRecord(typ, data) + } + maxLen := c.config.Bugs.MaxHandshakeRecordLength if maxLen <= 0 { maxLen = 1024 } - b := c.out.newBlock() + // Handshake messages have to be modified to include fragment + // offset and length and with the header replicated. Save the + // TLS header here. + // + // TODO(davidben): This assumes that data contains exactly one + // handshake message. This is incompatible with + // FragmentAcrossChangeCipherSpec. (Which is unfortunate + // because OpenSSL's DTLS implementation will probably accept + // such fragmentation and could do with a fix + tests.) + header := data[:4] + data = data[4:] - var header []byte - if typ == recordTypeHandshake { - // Handshake messages have to be modified to include - // fragment offset and length and with the header - // replicated. Save the header here. - // - // TODO(davidben): This assumes that data contains - // exactly one handshake message. This is incompatible - // with FragmentAcrossChangeCipherSpec. (Which is - // unfortunate because OpenSSL's DTLS implementation - // will probably accept such fragmentation and could - // do with a fix + tests.) - if len(data) < 4 { - // This should not happen. - panic(data) - } - header = data[:4] - data = data[4:] + isFinished := header[0] == typeFinished + + if c.config.Bugs.SendEmptyFragments { + fragment := c.makeFragment(header, data, 0, 0) + c.pendingFragments = append(c.pendingFragments, fragment) } firstRun := true - for firstRun || len(data) > 0 { + fragOffset := 0 + for firstRun || fragOffset < len(data) { firstRun = false - m := len(data) - var fragment []byte - // Handshake messages get fragmented. Other records we - // pass-through as is. DTLS should be a packet - // interface. - if typ == recordTypeHandshake { - if m > maxLen { - m = maxLen - } + fragLen := len(data) - fragOffset + if fragLen > maxLen { + fragLen = maxLen + } - // Standard handshake header. - fragment = make([]byte, 0, 12+m) - fragment = append(fragment, header...) - // message_seq - fragment = append(fragment, byte(c.sendHandshakeSeq>>8), byte(c.sendHandshakeSeq)) - // fragment_offset - fragment = append(fragment, byte(n>>16), byte(n>>8), byte(n)) - // fragment_length - fragment = append(fragment, byte(m>>16), byte(m>>8), byte(m)) - fragment = append(fragment, data[:m]...) - } else { - fragment = data[:m] + fragment := c.makeFragment(header, data, fragOffset, fragLen) + if c.config.Bugs.FragmentMessageTypeMismatch && fragOffset > 0 { + fragment[0]++ + } + if c.config.Bugs.FragmentMessageLengthMismatch && fragOffset > 0 { + fragment[3]++ } - // Send the fragment. - explicitIVLen := 0 - explicitIVIsSeq := false + // Buffer the fragment for later. They will be sent (and + // reordered) on flush. + c.pendingFragments = append(c.pendingFragments, fragment) + if c.config.Bugs.ReorderHandshakeFragments { + // Don't duplicate Finished to avoid the peer + // interpreting it as a retransmit request. + if !isFinished { + c.pendingFragments = append(c.pendingFragments, fragment) + } - if cbc, ok := c.out.cipher.(cbcMode); ok { - // Block cipher modes have an explicit IV. - explicitIVLen = cbc.BlockSize() - } else if _, ok := c.out.cipher.(cipher.AEAD); ok { - explicitIVLen = 8 - // The AES-GCM construction in TLS has an - // explicit nonce so that the nonce can be - // random. However, the nonce is only 8 bytes - // which is too small for a secure, random - // nonce. Therefore we use the sequence number - // as the nonce. - explicitIVIsSeq = true - } else if c.out.cipher != nil { - panic("Unknown cipher") + if fragLen > (maxLen+1)/2 { + // Overlap each fragment by half. + fragLen = (maxLen + 1) / 2 + } } - b.resize(recordHeaderLen + explicitIVLen + len(fragment)) - b.data[0] = byte(typ) - vers := c.vers - if vers == 0 { - // Some TLS servers fail if the record version is - // greater than TLS 1.0 for the initial ClientHello. - vers = VersionTLS10 + fragOffset += fragLen + n += fragLen + } + if !isFinished && c.config.Bugs.MixCompleteMessageWithFragments { + fragment := c.makeFragment(header, data, 0, len(data)) + c.pendingFragments = append(c.pendingFragments, fragment) + } + + // Increment the handshake sequence number for the next + // handshake message. + c.sendHandshakeSeq++ + return +} + +func (c *Conn) dtlsFlushHandshake() error { + if !c.isDTLS { + return nil + } + + var fragments [][]byte + fragments, c.pendingFragments = c.pendingFragments, fragments + + if c.config.Bugs.ReorderHandshakeFragments { + perm := rand.New(rand.NewSource(0)).Perm(len(fragments)) + tmp := make([][]byte, len(fragments)) + for i := range tmp { + tmp[i] = fragments[perm[i]] } - vers = versionToWire(vers, c.isDTLS) - b.data[1] = byte(vers >> 8) - b.data[2] = byte(vers) - // DTLS records include an explicit sequence number. - copy(b.data[3:11], c.out.seq[0:]) - b.data[11] = byte(len(fragment) >> 8) - b.data[12] = byte(len(fragment)) - if explicitIVLen > 0 { - explicitIV := b.data[recordHeaderLen : recordHeaderLen+explicitIVLen] - if explicitIVIsSeq { - copy(explicitIV, c.out.seq[:]) - } else { - if _, err = io.ReadFull(c.config.rand(), explicitIV); err != nil { - break - } + fragments = tmp + } + + // Send them all. + for _, fragment := range fragments { + if c.config.Bugs.SplitFragmentHeader { + if _, err := c.dtlsWriteRawRecord(recordTypeHandshake, fragment[:2]); err != nil { + return err } + fragment = fragment[2:] + } else if c.config.Bugs.SplitFragmentBody && len(fragment) > 12 { + if _, err := c.dtlsWriteRawRecord(recordTypeHandshake, fragment[:13]); err != nil { + return err + } + fragment = fragment[13:] } - copy(b.data[recordHeaderLen+explicitIVLen:], fragment) - c.out.encrypt(b, explicitIVLen) // TODO(davidben): A real DTLS implementation needs to - // retransmit handshake messages. For testing - // purposes, we don't actually care. - _, err = c.conn.Write(b.data) - if err != nil { - break + // retransmit handshake messages. For testing purposes, we don't + // actually care. + if _, err := c.dtlsWriteRawRecord(recordTypeHandshake, fragment); err != nil { + return err } - n += m - data = data[m:] } - c.out.freeBlock(b) + return nil +} - // Increment the handshake sequence number for the next - // handshake message. - if typ == recordTypeHandshake { - c.sendHandshakeSeq++ +func (c *Conn) dtlsWriteRawRecord(typ recordType, data []byte) (n int, err error) { + recordHeaderLen := dtlsRecordHeaderLen + maxLen := c.config.Bugs.MaxHandshakeRecordLength + if maxLen <= 0 { + maxLen = 1024 } + b := c.out.newBlock() + + explicitIVLen := 0 + explicitIVIsSeq := false + + if cbc, ok := c.out.cipher.(cbcMode); ok { + // Block cipher modes have an explicit IV. + explicitIVLen = cbc.BlockSize() + } else if aead, ok := c.out.cipher.(*tlsAead); ok { + if aead.explicitNonce { + explicitIVLen = 8 + // The AES-GCM construction in TLS has an explicit nonce so that + // the nonce can be random. However, the nonce is only 8 bytes + // which is too small for a secure, random nonce. Therefore we + // use the sequence number as the nonce. + explicitIVIsSeq = true + } + } else if c.out.cipher != nil { + panic("Unknown cipher") + } + b.resize(recordHeaderLen + explicitIVLen + len(data)) + b.data[0] = byte(typ) + vers := c.vers + if vers == 0 { + // Some TLS servers fail if the record version is greater than + // TLS 1.0 for the initial ClientHello. + vers = VersionTLS10 + } + vers = versionToWire(vers, c.isDTLS) + b.data[1] = byte(vers >> 8) + b.data[2] = byte(vers) + // DTLS records include an explicit sequence number. + copy(b.data[3:11], c.out.seq[0:]) + b.data[11] = byte(len(data) >> 8) + b.data[12] = byte(len(data)) + if explicitIVLen > 0 { + explicitIV := b.data[recordHeaderLen : recordHeaderLen+explicitIVLen] + if explicitIVIsSeq { + copy(explicitIV, c.out.seq[:]) + } else { + if _, err = io.ReadFull(c.config.rand(), explicitIV); err != nil { + return + } + } + } + copy(b.data[recordHeaderLen+explicitIVLen:], data) + c.out.encrypt(b, explicitIVLen) + + _, err = c.conn.Write(b.data) + if err != nil { + return + } + n = len(data) + + c.out.freeBlock(b) + if typ == recordTypeChangeCipherSpec { err = c.out.changeCipherSpec(c.config) if err != nil { @@ -250,9 +311,9 @@ func (c *Conn) dtlsWriteRecord(typ recordType, data []byte) (n int, err error) { func (c *Conn) dtlsDoReadHandshake() ([]byte, error) { // Assemble a full handshake message. For test purposes, this - // implementation assumes fragments arrive in order, but tolerates - // retransmits. It may need to be cleverer if we ever test BoringSSL's - // retransmit behavior. + // implementation assumes fragments arrive in order. It may + // need to be cleverer if we ever test BoringSSL's retransmit + // behavior. for len(c.handMsg) < 4+c.handMsgLen { // Get a new handshake record if the previous has been // exhausted. @@ -281,16 +342,9 @@ func (c *Conn) dtlsDoReadHandshake() ([]byte, error) { } fragment := c.hand.Next(fragLen) - if fragSeq < c.recvHandshakeSeq { - // BoringSSL retransmits based on an internal timer, so - // it may flakily retransmit part of a handshake - // message. Ignore those fragments. - // - // TODO(davidben): Revise this if BoringSSL's retransmit - // logic is made more deterministic. - continue - } else if fragSeq > c.recvHandshakeSeq { - return nil, errors.New("dtls: handshake messages sent out of order") + // Check it's a fragment for the right message. + if fragSeq != c.recvHandshakeSeq { + return nil, errors.New("dtls: bad handshake sequence number") } // Check that the length is consistent. diff --git a/src/ssl/test/runner/handshake_client.go b/src/ssl/test/runner/handshake_client.go index f297fc1..0dac05d 100644 --- a/src/ssl/test/runner/handshake_client.go +++ b/src/ssl/test/runner/handshake_client.go @@ -6,7 +6,6 @@ package main import ( "bytes" - "crypto" "crypto/ecdsa" "crypto/elliptic" "crypto/rsa" @@ -22,13 +21,14 @@ import ( ) type clientHandshakeState struct { - c *Conn - serverHello *serverHelloMsg - hello *clientHelloMsg - suite *cipherSuite - finishedHash finishedHash - masterSecret []byte - session *ClientSessionState + c *Conn + serverHello *serverHelloMsg + hello *clientHelloMsg + suite *cipherSuite + finishedHash finishedHash + masterSecret []byte + session *ClientSessionState + finishedBytes []byte } func (c *Conn) clientHandshake() error { @@ -83,6 +83,10 @@ func (c *Conn) clientHandshake() error { hello.extendedMasterSecret = false } + if c.config.Bugs.NoSupportedCurves { + hello.supportedCurves = nil + } + if len(c.clientVerify) > 0 && !c.config.Bugs.EmptyRenegotiationInfo { if c.config.Bugs.BadRenegotiationInfo { hello.secureRenegotiation = append(hello.secureRenegotiation, c.clientVerify...) @@ -129,13 +133,16 @@ NextCipherSuite: return errors.New("tls: short read from Rand: " + err.Error()) } - if hello.vers >= VersionTLS12 && !c.config.Bugs.NoSignatureAndHashes { + if hello.vers >= VersionTLS12 && !c.config.Bugs.NoSignatureAndHashes && (c.cipherSuite == nil || !c.config.Bugs.NoSignatureAlgorithmsOnRenego) { hello.signatureAndHashes = c.config.signatureAndHashesForClient() } var session *ClientSessionState var cacheKey string sessionCache := c.config.ClientSessionCache + if c.config.Bugs.NeverResumeOnRenego && c.cipherSuite != nil { + sessionCache = nil + } if sessionCache != nil { hello.ticketSupported = !c.config.SessionTicketsDisabled @@ -213,7 +220,11 @@ NextCipherSuite: helloBytes = hello.marshal() c.writeRecord(recordTypeHandshake, helloBytes) } + c.dtlsFlushHandshake() + if err := c.simulatePacketLoss(nil); err != nil { + return err + } msg, err := c.readHandshake() if err != nil { return err @@ -233,7 +244,11 @@ NextCipherSuite: hello.cookie = helloVerifyRequest.cookie helloBytes = hello.marshal() c.writeRecord(recordTypeHandshake, helloBytes) + c.dtlsFlushHandshake() + if err := c.simulatePacketLoss(nil); err != nil { + return err + } msg, err = c.readHandshake() if err != nil { return err @@ -317,6 +332,15 @@ NextCipherSuite: if err := hs.sendFinished(isResume); err != nil { return err } + // Most retransmits are triggered by a timeout, but the final + // leg of the handshake is retransmited upon re-receiving a + // Finished. + if err := c.simulatePacketLoss(func() { + c.writeRecord(recordTypeHandshake, hs.finishedBytes) + c.dtlsFlushHandshake() + }); err != nil { + return err + } if err := hs.readSessionTicket(); err != nil { return err } @@ -331,7 +355,10 @@ NextCipherSuite: c.didResume = isResume c.handshakeComplete = true - c.cipherSuite = suite.id + c.cipherSuite = suite + copy(c.clientRandom[:], hs.hello.random) + copy(c.serverRandom[:], hs.serverHello.random) + copy(c.masterSecret[:], hs.masterSecret) return nil } @@ -559,33 +586,39 @@ func (hs *clientHandshakeState) doFullHandshake() error { hasSignatureAndHash: c.vers >= VersionTLS12, } + // Determine the hash to sign. + var signatureType uint8 + switch c.config.Certificates[0].PrivateKey.(type) { + case *ecdsa.PrivateKey: + signatureType = signatureECDSA + case *rsa.PrivateKey: + signatureType = signatureRSA + default: + c.sendAlert(alertInternalError) + return errors.New("unknown private key type") + } + if c.config.Bugs.IgnorePeerSignatureAlgorithmPreferences { + certReq.signatureAndHashes = c.config.signatureAndHashesForClient() + } + certVerify.signatureAndHash, err = hs.finishedHash.selectClientCertSignatureAlgorithm(certReq.signatureAndHashes, c.config.signatureAndHashesForClient(), signatureType) + if err != nil { + c.sendAlert(alertInternalError) + return err + } + digest, hashFunc, err := hs.finishedHash.hashForClientCertificate(certVerify.signatureAndHash, hs.masterSecret) + if err != nil { + c.sendAlert(alertInternalError) + return err + } + switch key := c.config.Certificates[0].PrivateKey.(type) { case *ecdsa.PrivateKey: - certVerify.signatureAndHash, err = hs.finishedHash.selectClientCertSignatureAlgorithm(certReq.signatureAndHashes, signatureECDSA) - if err != nil { - break - } - var digest []byte - digest, _, err = hs.finishedHash.hashForClientCertificate(certVerify.signatureAndHash, hs.masterSecret) - if err != nil { - break - } var r, s *big.Int r, s, err = ecdsa.Sign(c.config.rand(), key, digest) if err == nil { signed, err = asn1.Marshal(ecdsaSignature{r, s}) } case *rsa.PrivateKey: - certVerify.signatureAndHash, err = hs.finishedHash.selectClientCertSignatureAlgorithm(certReq.signatureAndHashes, signatureRSA) - if err != nil { - break - } - var digest []byte - var hashFunc crypto.Hash - digest, hashFunc, err = hs.finishedHash.hashForClientCertificate(certVerify.signatureAndHash, hs.masterSecret) - if err != nil { - break - } signed, err = rsa.SignPKCS1v15(c.config.rand(), key, hashFunc, digest) default: err = errors.New("unknown private key type") @@ -599,6 +632,7 @@ func (hs *clientHandshakeState) doFullHandshake() error { hs.writeClientHash(certVerify.marshal()) c.writeRecord(recordTypeHandshake, certVerify.marshal()) } + c.dtlsFlushHandshake() hs.finishedHash.discardHandshakeBuffer() @@ -825,15 +859,19 @@ func (hs *clientHandshakeState) sendFinished(isResume bool) error { } else { finished.verifyData = hs.finishedHash.clientSum(hs.masterSecret) } + if c.config.Bugs.BadFinished { + finished.verifyData[0]++ + } c.clientVerify = append(c.clientVerify[:0], finished.verifyData...) - finishedBytes := finished.marshal() - hs.writeHash(finishedBytes, seqno) - postCCSBytes = append(postCCSBytes, finishedBytes...) + hs.finishedBytes = finished.marshal() + hs.writeHash(hs.finishedBytes, seqno) + postCCSBytes = append(postCCSBytes, hs.finishedBytes...) if c.config.Bugs.FragmentAcrossChangeCipherSpec { c.writeRecord(recordTypeHandshake, postCCSBytes[:5]) postCCSBytes = postCCSBytes[5:] } + c.dtlsFlushHandshake() if !c.config.Bugs.SkipChangeCipherSpec && c.config.Bugs.EarlyChangeCipherSpec == 0 { @@ -843,8 +881,15 @@ func (hs *clientHandshakeState) sendFinished(isResume bool) error { if c.config.Bugs.AppDataAfterChangeCipherSpec != nil { c.writeRecord(recordTypeApplicationData, c.config.Bugs.AppDataAfterChangeCipherSpec) } + if c.config.Bugs.AlertAfterChangeCipherSpec != 0 { + c.sendAlert(c.config.Bugs.AlertAfterChangeCipherSpec) + return errors.New("tls: simulating post-CCS alert") + } - c.writeRecord(recordTypeHandshake, postCCSBytes) + if !c.config.Bugs.SkipFinished { + c.writeRecord(recordTypeHandshake, postCCSBytes) + c.dtlsFlushHandshake() + } return nil } diff --git a/src/ssl/test/runner/handshake_server.go b/src/ssl/test/runner/handshake_server.go index 1234a57..59ed9df 100644 --- a/src/ssl/test/runner/handshake_server.go +++ b/src/ssl/test/runner/handshake_server.go @@ -33,6 +33,7 @@ type serverHandshakeState struct { masterSecret []byte certsFromClient [][]byte cert *Certificate + finishedBytes []byte } // serverHandshake performs a TLS handshake as a server. @@ -71,6 +72,15 @@ func (c *Conn) serverHandshake() error { if err := hs.sendFinished(); err != nil { return err } + // Most retransmits are triggered by a timeout, but the final + // leg of the handshake is retransmited upon re-receiving a + // Finished. + if err := c.simulatePacketLoss(func() { + c.writeRecord(recordTypeHandshake, hs.finishedBytes) + c.dtlsFlushHandshake() + }); err != nil { + return err + } if err := hs.readFinished(isResume); err != nil { return err } @@ -87,9 +97,12 @@ func (c *Conn) serverHandshake() error { if err := hs.readFinished(isResume); err != nil { return err } + if c.config.Bugs.AlertBeforeFalseStartTest != 0 { + c.sendAlert(c.config.Bugs.AlertBeforeFalseStartTest) + } if c.config.Bugs.ExpectFalseStart { if err := c.readRecord(recordTypeApplicationData); err != nil { - return err + return fmt.Errorf("tls: peer did not false start: %s", err) } } if err := hs.sendSessionTicket(); err != nil { @@ -100,6 +113,9 @@ func (c *Conn) serverHandshake() error { } } c.handshakeComplete = true + copy(c.clientRandom[:], hs.clientHello.random) + copy(c.serverRandom[:], hs.hello.random) + copy(c.masterSecret[:], hs.masterSecret) return nil } @@ -110,6 +126,9 @@ func (hs *serverHandshakeState) readClientHello() (isResume bool, err error) { config := hs.c.config c := hs.c + if err := c.simulatePacketLoss(nil); err != nil { + return false, err + } msg, err := c.readHandshake() if err != nil { return false, err @@ -136,7 +155,11 @@ func (hs *serverHandshakeState) readClientHello() (isResume bool, err error) { return false, errors.New("dtls: short read from Rand: " + err.Error()) } c.writeRecord(recordTypeHandshake, helloVerifyRequest.marshal()) + c.dtlsFlushHandshake() + if err := c.simulatePacketLoss(nil); err != nil { + return false, err + } msg, err := c.readHandshake() if err != nil { return false, err @@ -176,6 +199,9 @@ func (hs *serverHandshakeState) readClientHello() (isResume bool, err error) { if c.clientVersion < VersionTLS12 && len(hs.clientHello.signatureAndHashes) > 0 { return false, fmt.Errorf("tls: client included signature_algorithms before TLS 1.2") } + if config.Bugs.IgnorePeerSignatureAlgorithmPreferences { + hs.clientHello.signatureAndHashes = config.signatureAndHashesForServer() + } c.vers, ok = config.mutualVersion(hs.clientHello.vers) if !ok { @@ -189,6 +215,9 @@ func (hs *serverHandshakeState) readClientHello() (isResume bool, err error) { supportedCurve := false preferredCurves := config.curvePreferences() + if config.Bugs.IgnorePeerCurvePreferences { + hs.clientHello.supportedCurves = preferredCurves + } Curves: for _, curve := range hs.clientHello.supportedCurves { for _, supported := range preferredCurves { @@ -323,6 +352,9 @@ Curves: return false, errors.New("tls: fallback SCSV found when not expected") } + if config.Bugs.IgnorePeerCipherPreferences { + hs.clientHello.cipherSuites = c.config.cipherSuites() + } var preferenceList, supportedList []uint16 if c.config.PreferServerCipherSuites { preferenceList = c.config.cipherSuites() @@ -350,6 +382,10 @@ Curves: func (hs *serverHandshakeState) checkForResumption() bool { c := hs.c + if c.config.Bugs.NeverResumeOnRenego && c.cipherSuite != nil { + return false + } + if len(hs.clientHello.sessionTicket) > 0 { if c.config.SessionTicketsDisabled { return false @@ -410,6 +446,9 @@ func (hs *serverHandshakeState) doResumeHandshake() error { c := hs.c hs.hello.cipherSuite = hs.suite.id + if c.config.Bugs.SendCipherSuite != 0 { + hs.hello.cipherSuite = c.config.Bugs.SendCipherSuite + } // We echo the client's session ID in the ServerHello to let it know // that we're doing a resumption. hs.hello.sessionId = hs.clientHello.sessionId @@ -473,12 +512,16 @@ func (hs *serverHandshakeState) doFullHandshake() error { certMsg := new(certificateMsg) certMsg.certificates = hs.cert.Certificate if !config.Bugs.UnauthenticatedECDH { - hs.writeServerHash(certMsg.marshal()) - c.writeRecord(recordTypeHandshake, certMsg.marshal()) + certMsgBytes := certMsg.marshal() + if config.Bugs.WrongCertificateMessageType { + certMsgBytes[0] += 42 + } + hs.writeServerHash(certMsgBytes) + c.writeRecord(recordTypeHandshake, certMsgBytes) } } - if hs.hello.ocspStapling { + if hs.hello.ocspStapling && !c.config.Bugs.SkipCertificateStatus { certStatus := new(certificateStatusMsg) certStatus.statusType = statusTypeOCSP certStatus.response = hs.cert.OCSPStaple @@ -530,9 +573,13 @@ func (hs *serverHandshakeState) doFullHandshake() error { helloDone := new(serverHelloDoneMsg) hs.writeServerHash(helloDone.marshal()) c.writeRecord(recordTypeHandshake, helloDone.marshal()) + c.dtlsFlushHandshake() var pub crypto.PublicKey // public key for client auth, if any + if err := c.simulatePacketLoss(nil); err != nil { + return err + } msg, err := c.readHandshake() if err != nil { return err @@ -811,14 +858,19 @@ func (hs *serverHandshakeState) sendFinished() error { finished := new(finishedMsg) finished.verifyData = hs.finishedHash.serverSum(hs.masterSecret) + if c.config.Bugs.BadFinished { + finished.verifyData[0]++ + } c.serverVerify = append(c.serverVerify[:0], finished.verifyData...) - postCCSBytes := finished.marshal() - hs.writeServerHash(postCCSBytes) + hs.finishedBytes = finished.marshal() + hs.writeServerHash(hs.finishedBytes) + postCCSBytes := hs.finishedBytes if c.config.Bugs.FragmentAcrossChangeCipherSpec { c.writeRecord(recordTypeHandshake, postCCSBytes[:5]) postCCSBytes = postCCSBytes[5:] } + c.dtlsFlushHandshake() if !c.config.Bugs.SkipChangeCipherSpec { c.writeRecord(recordTypeChangeCipherSpec, []byte{1}) @@ -827,10 +879,17 @@ func (hs *serverHandshakeState) sendFinished() error { if c.config.Bugs.AppDataAfterChangeCipherSpec != nil { c.writeRecord(recordTypeApplicationData, c.config.Bugs.AppDataAfterChangeCipherSpec) } + if c.config.Bugs.AlertAfterChangeCipherSpec != 0 { + c.sendAlert(c.config.Bugs.AlertAfterChangeCipherSpec) + return errors.New("tls: simulating post-CCS alert") + } - c.writeRecord(recordTypeHandshake, postCCSBytes) + if !c.config.Bugs.SkipFinished { + c.writeRecord(recordTypeHandshake, postCCSBytes) + c.dtlsFlushHandshake() + } - c.cipherSuite = hs.suite.id + c.cipherSuite = hs.suite return nil } diff --git a/src/ssl/test/runner/key_agreement.go b/src/ssl/test/runner/key_agreement.go index 116dfd8..5e44b54 100644 --- a/src/ssl/test/runner/key_agreement.go +++ b/src/ssl/test/runner/key_agreement.go @@ -25,19 +25,73 @@ var errServerKeyExchange = errors.New("tls: invalid ServerKeyExchange message") // rsaKeyAgreement implements the standard TLS key agreement where the client // encrypts the pre-master secret to the server's public key. type rsaKeyAgreement struct { + version uint16 clientVersion uint16 + exportKey *rsa.PrivateKey } func (ka *rsaKeyAgreement) generateServerKeyExchange(config *Config, cert *Certificate, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) { // Save the client version for comparison later. ka.clientVersion = versionToWire(clientHello.vers, clientHello.isDTLS) - if config.Bugs.RSAServerKeyExchange { - // Send an empty ServerKeyExchange message. - return &serverKeyExchangeMsg{}, nil + if !config.Bugs.RSAEphemeralKey { + return nil, nil } - return nil, nil + // Generate an ephemeral RSA key to use instead of the real + // one, as in RSA_EXPORT. + key, err := rsa.GenerateKey(config.rand(), 512) + if err != nil { + return nil, err + } + ka.exportKey = key + + modulus := key.N.Bytes() + exponent := big.NewInt(int64(key.E)).Bytes() + serverRSAParams := make([]byte, 0, 2+len(modulus)+2+len(exponent)) + serverRSAParams = append(serverRSAParams, byte(len(modulus)>>8), byte(len(modulus))) + serverRSAParams = append(serverRSAParams, modulus...) + serverRSAParams = append(serverRSAParams, byte(len(exponent)>>8), byte(len(exponent))) + serverRSAParams = append(serverRSAParams, exponent...) + + var tls12HashId uint8 + if ka.version >= VersionTLS12 { + if tls12HashId, err = pickTLS12HashForSignature(signatureRSA, clientHello.signatureAndHashes, config.signatureAndHashesForServer()); err != nil { + return nil, err + } + } + + digest, hashFunc, err := hashForServerKeyExchange(signatureRSA, tls12HashId, ka.version, clientHello.random, hello.random, serverRSAParams) + if err != nil { + return nil, err + } + privKey, ok := cert.PrivateKey.(*rsa.PrivateKey) + if !ok { + return nil, errors.New("RSA ephemeral key requires an RSA server private key") + } + sig, err := rsa.SignPKCS1v15(config.rand(), privKey, hashFunc, digest) + if err != nil { + return nil, errors.New("failed to sign RSA parameters: " + err.Error()) + } + + skx := new(serverKeyExchangeMsg) + sigAndHashLen := 0 + if ka.version >= VersionTLS12 { + sigAndHashLen = 2 + } + skx.key = make([]byte, len(serverRSAParams)+sigAndHashLen+2+len(sig)) + copy(skx.key, serverRSAParams) + k := skx.key[len(serverRSAParams):] + if ka.version >= VersionTLS12 { + k[0] = tls12HashId + k[1] = signatureRSA + k = k[2:] + } + k[0] = byte(len(sig) >> 8) + k[1] = byte(len(sig)) + copy(k[2:], sig) + + return skx, nil } func (ka *rsaKeyAgreement) processClientKeyExchange(config *Config, cert *Certificate, ckx *clientKeyExchangeMsg, version uint16) ([]byte, error) { @@ -60,7 +114,11 @@ func (ka *rsaKeyAgreement) processClientKeyExchange(config *Config, cert *Certif ciphertext = ckx.ciphertext[2:] } - err = rsa.DecryptPKCS1v15SessionKey(config.rand(), cert.PrivateKey.(*rsa.PrivateKey), ciphertext, preMasterSecret) + key := cert.PrivateKey.(*rsa.PrivateKey) + if ka.exportKey != nil { + key = ka.exportKey + } + err = rsa.DecryptPKCS1v15SessionKey(config.rand(), key, ciphertext, preMasterSecret) if err != nil { return nil, err } @@ -154,20 +212,19 @@ func hashForServerKeyExchange(sigType, hashFunc uint8, version uint16, slices .. // pickTLS12HashForSignature returns a TLS 1.2 hash identifier for signing a // ServerKeyExchange given the signature type being used and the client's // advertized list of supported signature and hash combinations. -func pickTLS12HashForSignature(sigType uint8, clientSignatureAndHashes []signatureAndHash) (uint8, error) { - if len(clientSignatureAndHashes) == 0 { +func pickTLS12HashForSignature(sigType uint8, clientList, serverList []signatureAndHash) (uint8, error) { + if len(clientList) == 0 { // If the client didn't specify any signature_algorithms // extension then we can assume that it supports SHA1. See // http://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 return hashSHA1, nil } - for _, sigAndHash := range clientSignatureAndHashes { + for _, sigAndHash := range clientList { if sigAndHash.signature != sigType { continue } - switch sigAndHash.hash { - case hashSHA1, hashSHA256: + if isSupportedSignatureAndHash(sigAndHash, serverList) { return sigAndHash.hash, nil } } @@ -177,6 +234,8 @@ func pickTLS12HashForSignature(sigType uint8, clientSignatureAndHashes []signatu func curveForCurveID(id CurveID) (elliptic.Curve, bool) { switch id { + case CurveP224: + return elliptic.P224(), true case CurveP256: return elliptic.P256(), true case CurveP384: @@ -221,7 +280,7 @@ func (ka *signedKeyAgreement) signParameters(config *Config, cert *Certificate, var tls12HashId uint8 var err error if ka.version >= VersionTLS12 { - if tls12HashId, err = pickTLS12HashForSignature(ka.sigType, clientHello.signatureAndHashes); err != nil { + if tls12HashId, err = pickTLS12HashForSignature(ka.sigType, clientHello.signatureAndHashes, config.signatureAndHashesForServer()); err != nil { return nil, err } } diff --git a/src/ssl/test/runner/packet_adapter.go b/src/ssl/test/runner/packet_adapter.go index 671b413..bbcd388 100644 --- a/src/ssl/test/runner/packet_adapter.go +++ b/src/ssl/test/runner/packet_adapter.go @@ -6,50 +6,115 @@ package main import ( "encoding/binary" - "errors" + "fmt" + "io" "net" + "time" ) +// opcodePacket signals a packet, encoded with a 32-bit length prefix, followed +// by the payload. +const opcodePacket = byte('P') + +// opcodeTimeout signals a read timeout, encoded by a 64-bit number of +// nanoseconds. On receipt, the peer should reply with +// opcodeTimeoutAck. opcodeTimeout may only be sent by the Go side. +const opcodeTimeout = byte('T') + +// opcodeTimeoutAck acknowledges a read timeout. This opcode has no payload and +// may only be sent by the C side. Timeout ACKs act as a synchronization point +// at the timeout, to bracket one flight of messages from C. +const opcodeTimeoutAck = byte('t') + type packetAdaptor struct { net.Conn } -// newPacketAdaptor wraps a reliable streaming net.Conn into a -// reliable packet-based net.Conn. Every packet is encoded with a -// 32-bit length prefix as a framing layer. -func newPacketAdaptor(conn net.Conn) net.Conn { +// newPacketAdaptor wraps a reliable streaming net.Conn into a reliable +// packet-based net.Conn. The stream contains packets and control commands, +// distinguished by a one byte opcode. +func newPacketAdaptor(conn net.Conn) *packetAdaptor { return &packetAdaptor{conn} } -func (p *packetAdaptor) Read(b []byte) (int, error) { +func (p *packetAdaptor) readOpcode() (byte, error) { + out := make([]byte, 1) + if _, err := io.ReadFull(p.Conn, out); err != nil { + return 0, err + } + return out[0], nil +} + +func (p *packetAdaptor) readPacketBody() ([]byte, error) { var length uint32 if err := binary.Read(p.Conn, binary.BigEndian, &length); err != nil { - return 0, err + return nil, err } out := make([]byte, length) - n, err := p.Conn.Read(out) + if _, err := io.ReadFull(p.Conn, out); err != nil { + return nil, err + } + return out, nil +} + +func (p *packetAdaptor) Read(b []byte) (int, error) { + opcode, err := p.readOpcode() if err != nil { return 0, err } - if n != int(length) { - return 0, errors.New("internal error: length mismatch!") + if opcode != opcodePacket { + return 0, fmt.Errorf("unexpected opcode '%d'", opcode) + } + out, err := p.readPacketBody() + if err != nil { + return 0, err } return copy(b, out), nil } func (p *packetAdaptor) Write(b []byte) (int, error) { - length := uint32(len(b)) - if err := binary.Write(p.Conn, binary.BigEndian, length); err != nil { + payload := make([]byte, 1+4+len(b)) + payload[0] = opcodePacket + binary.BigEndian.PutUint32(payload[1:5], uint32(len(b))) + copy(payload[5:], b) + if _, err := p.Conn.Write(payload); err != nil { return 0, err } - n, err := p.Conn.Write(b) - if err != nil { - return 0, err + return len(b), nil +} + +// SendReadTimeout instructs the peer to simulate a read timeout. It then waits +// for acknowledgement of the timeout, buffering any packets received since +// then. The packets are then returned. +func (p *packetAdaptor) SendReadTimeout(d time.Duration) ([][]byte, error) { + payload := make([]byte, 1+8) + payload[0] = opcodeTimeout + binary.BigEndian.PutUint64(payload[1:], uint64(d.Nanoseconds())) + if _, err := p.Conn.Write(payload); err != nil { + return nil, err } - if n != len(b) { - return 0, errors.New("internal error: length mismatch!") + + var packets [][]byte + for { + opcode, err := p.readOpcode() + if err != nil { + return nil, err + } + switch opcode { + case opcodeTimeoutAck: + // Done! Return the packets buffered and continue. + return packets, nil + case opcodePacket: + // Buffer the packet for the caller to process. + packet, err := p.readPacketBody() + if err != nil { + return nil, err + } + packets = append(packets, packet) + default: + return nil, fmt.Errorf("unexpected opcode '%d'", opcode) + } } - return len(b), nil } type replayAdaptor struct { diff --git a/src/ssl/test/runner/poly1305.go b/src/ssl/test/runner/poly1305.go new file mode 100644 index 0000000..51a1009 --- /dev/null +++ b/src/ssl/test/runner/poly1305.go @@ -0,0 +1,1540 @@ +// Copyright 2012 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package main + +// Based on original, public domain implementation from NaCl by D. J. +// Bernstein. + +import ( + "crypto/subtle" + "math" +) + +const ( + alpham80 = 0.00000000558793544769287109375 + alpham48 = 24.0 + alpham16 = 103079215104.0 + alpha0 = 6755399441055744.0 + alpha18 = 1770887431076116955136.0 + alpha32 = 29014219670751100192948224.0 + alpha50 = 7605903601369376408980219232256.0 + alpha64 = 124615124604835863084731911901282304.0 + alpha82 = 32667107224410092492483962313449748299776.0 + alpha96 = 535217884764734955396857238543560676143529984.0 + alpha112 = 35076039295941670036888435985190792471742381031424.0 + alpha130 = 9194973245195333150150082162901855101712434733101613056.0 + scale = 0.0000000000000000000000000000000000000036734198463196484624023016788195177431833298649127735047148490821200539357960224151611328125 + offset0 = 6755408030990331.0 + offset1 = 29014256564239239022116864.0 + offset2 = 124615283061160854719918951570079744.0 + offset3 = 535219245894202480694386063513315216128475136.0 +) + +// poly1305Verify returns true if mac is a valid authenticator for m with the +// given key. +func poly1305Verify(mac *[16]byte, m []byte, key *[32]byte) bool { + var tmp [16]byte + poly1305Sum(&tmp, m, key) + return subtle.ConstantTimeCompare(tmp[:], mac[:]) == 1 +} + +// poly1305Sum generates an authenticator for m using a one-time key and puts +// the 16-byte result into out. Authenticating two different messages with the +// same key allows an attacker to forge messages at will. +func poly1305Sum(out *[16]byte, m []byte, key *[32]byte) { + r := key + s := key[16:] + var ( + y7 float64 + y6 float64 + y1 float64 + y0 float64 + y5 float64 + y4 float64 + x7 float64 + x6 float64 + x1 float64 + x0 float64 + y3 float64 + y2 float64 + x5 float64 + r3lowx0 float64 + x4 float64 + r0lowx6 float64 + x3 float64 + r3highx0 float64 + x2 float64 + r0highx6 float64 + r0lowx0 float64 + sr1lowx6 float64 + r0highx0 float64 + sr1highx6 float64 + sr3low float64 + r1lowx0 float64 + sr2lowx6 float64 + r1highx0 float64 + sr2highx6 float64 + r2lowx0 float64 + sr3lowx6 float64 + r2highx0 float64 + sr3highx6 float64 + r1highx4 float64 + r1lowx4 float64 + r0highx4 float64 + r0lowx4 float64 + sr3highx4 float64 + sr3lowx4 float64 + sr2highx4 float64 + sr2lowx4 float64 + r0lowx2 float64 + r0highx2 float64 + r1lowx2 float64 + r1highx2 float64 + r2lowx2 float64 + r2highx2 float64 + sr3lowx2 float64 + sr3highx2 float64 + z0 float64 + z1 float64 + z2 float64 + z3 float64 + m0 int64 + m1 int64 + m2 int64 + m3 int64 + m00 uint32 + m01 uint32 + m02 uint32 + m03 uint32 + m10 uint32 + m11 uint32 + m12 uint32 + m13 uint32 + m20 uint32 + m21 uint32 + m22 uint32 + m23 uint32 + m30 uint32 + m31 uint32 + m32 uint32 + m33 uint64 + lbelow2 int32 + lbelow3 int32 + lbelow4 int32 + lbelow5 int32 + lbelow6 int32 + lbelow7 int32 + lbelow8 int32 + lbelow9 int32 + lbelow10 int32 + lbelow11 int32 + lbelow12 int32 + lbelow13 int32 + lbelow14 int32 + lbelow15 int32 + s00 uint32 + s01 uint32 + s02 uint32 + s03 uint32 + s10 uint32 + s11 uint32 + s12 uint32 + s13 uint32 + s20 uint32 + s21 uint32 + s22 uint32 + s23 uint32 + s30 uint32 + s31 uint32 + s32 uint32 + s33 uint32 + bits32 uint64 + f uint64 + f0 uint64 + f1 uint64 + f2 uint64 + f3 uint64 + f4 uint64 + g uint64 + g0 uint64 + g1 uint64 + g2 uint64 + g3 uint64 + g4 uint64 + ) + + var p int32 + + l := int32(len(m)) + + r00 := uint32(r[0]) + + r01 := uint32(r[1]) + + r02 := uint32(r[2]) + r0 := int64(2151) + + r03 := uint32(r[3]) + r03 &= 15 + r0 <<= 51 + + r10 := uint32(r[4]) + r10 &= 252 + r01 <<= 8 + r0 += int64(r00) + + r11 := uint32(r[5]) + r02 <<= 16 + r0 += int64(r01) + + r12 := uint32(r[6]) + r03 <<= 24 + r0 += int64(r02) + + r13 := uint32(r[7]) + r13 &= 15 + r1 := int64(2215) + r0 += int64(r03) + + d0 := r0 + r1 <<= 51 + r2 := int64(2279) + + r20 := uint32(r[8]) + r20 &= 252 + r11 <<= 8 + r1 += int64(r10) + + r21 := uint32(r[9]) + r12 <<= 16 + r1 += int64(r11) + + r22 := uint32(r[10]) + r13 <<= 24 + r1 += int64(r12) + + r23 := uint32(r[11]) + r23 &= 15 + r2 <<= 51 + r1 += int64(r13) + + d1 := r1 + r21 <<= 8 + r2 += int64(r20) + + r30 := uint32(r[12]) + r30 &= 252 + r22 <<= 16 + r2 += int64(r21) + + r31 := uint32(r[13]) + r23 <<= 24 + r2 += int64(r22) + + r32 := uint32(r[14]) + r2 += int64(r23) + r3 := int64(2343) + + d2 := r2 + r3 <<= 51 + + r33 := uint32(r[15]) + r33 &= 15 + r31 <<= 8 + r3 += int64(r30) + + r32 <<= 16 + r3 += int64(r31) + + r33 <<= 24 + r3 += int64(r32) + + r3 += int64(r33) + h0 := alpha32 - alpha32 + + d3 := r3 + h1 := alpha32 - alpha32 + + h2 := alpha32 - alpha32 + + h3 := alpha32 - alpha32 + + h4 := alpha32 - alpha32 + + r0low := math.Float64frombits(uint64(d0)) + h5 := alpha32 - alpha32 + + r1low := math.Float64frombits(uint64(d1)) + h6 := alpha32 - alpha32 + + r2low := math.Float64frombits(uint64(d2)) + h7 := alpha32 - alpha32 + + r0low -= alpha0 + + r1low -= alpha32 + + r2low -= alpha64 + + r0high := r0low + alpha18 + + r3low := math.Float64frombits(uint64(d3)) + + r1high := r1low + alpha50 + sr1low := scale * r1low + + r2high := r2low + alpha82 + sr2low := scale * r2low + + r0high -= alpha18 + r0high_stack := r0high + + r3low -= alpha96 + + r1high -= alpha50 + r1high_stack := r1high + + sr1high := sr1low + alpham80 + + r0low -= r0high + + r2high -= alpha82 + sr3low = scale * r3low + + sr2high := sr2low + alpham48 + + r1low -= r1high + r1low_stack := r1low + + sr1high -= alpham80 + sr1high_stack := sr1high + + r2low -= r2high + r2low_stack := r2low + + sr2high -= alpham48 + sr2high_stack := sr2high + + r3high := r3low + alpha112 + r0low_stack := r0low + + sr1low -= sr1high + sr1low_stack := sr1low + + sr3high := sr3low + alpham16 + r2high_stack := r2high + + sr2low -= sr2high + sr2low_stack := sr2low + + r3high -= alpha112 + r3high_stack := r3high + + sr3high -= alpham16 + sr3high_stack := sr3high + + r3low -= r3high + r3low_stack := r3low + + sr3low -= sr3high + sr3low_stack := sr3low + + if l < 16 { + goto addatmost15bytes + } + + m00 = uint32(m[p+0]) + m0 = 2151 + + m0 <<= 51 + m1 = 2215 + m01 = uint32(m[p+1]) + + m1 <<= 51 + m2 = 2279 + m02 = uint32(m[p+2]) + + m2 <<= 51 + m3 = 2343 + m03 = uint32(m[p+3]) + + m10 = uint32(m[p+4]) + m01 <<= 8 + m0 += int64(m00) + + m11 = uint32(m[p+5]) + m02 <<= 16 + m0 += int64(m01) + + m12 = uint32(m[p+6]) + m03 <<= 24 + m0 += int64(m02) + + m13 = uint32(m[p+7]) + m3 <<= 51 + m0 += int64(m03) + + m20 = uint32(m[p+8]) + m11 <<= 8 + m1 += int64(m10) + + m21 = uint32(m[p+9]) + m12 <<= 16 + m1 += int64(m11) + + m22 = uint32(m[p+10]) + m13 <<= 24 + m1 += int64(m12) + + m23 = uint32(m[p+11]) + m1 += int64(m13) + + m30 = uint32(m[p+12]) + m21 <<= 8 + m2 += int64(m20) + + m31 = uint32(m[p+13]) + m22 <<= 16 + m2 += int64(m21) + + m32 = uint32(m[p+14]) + m23 <<= 24 + m2 += int64(m22) + + m33 = uint64(m[p+15]) + m2 += int64(m23) + + d0 = m0 + m31 <<= 8 + m3 += int64(m30) + + d1 = m1 + m32 <<= 16 + m3 += int64(m31) + + d2 = m2 + m33 += 256 + + m33 <<= 24 + m3 += int64(m32) + + m3 += int64(m33) + d3 = m3 + + p += 16 + l -= 16 + + z0 = math.Float64frombits(uint64(d0)) + + z1 = math.Float64frombits(uint64(d1)) + + z2 = math.Float64frombits(uint64(d2)) + + z3 = math.Float64frombits(uint64(d3)) + + z0 -= alpha0 + + z1 -= alpha32 + + z2 -= alpha64 + + z3 -= alpha96 + + h0 += z0 + + h1 += z1 + + h3 += z2 + + h5 += z3 + + if l < 16 { + goto multiplyaddatmost15bytes + } + +multiplyaddatleast16bytes: + + m2 = 2279 + m20 = uint32(m[p+8]) + y7 = h7 + alpha130 + + m2 <<= 51 + m3 = 2343 + m21 = uint32(m[p+9]) + y6 = h6 + alpha130 + + m3 <<= 51 + m0 = 2151 + m22 = uint32(m[p+10]) + y1 = h1 + alpha32 + + m0 <<= 51 + m1 = 2215 + m23 = uint32(m[p+11]) + y0 = h0 + alpha32 + + m1 <<= 51 + m30 = uint32(m[p+12]) + y7 -= alpha130 + + m21 <<= 8 + m2 += int64(m20) + m31 = uint32(m[p+13]) + y6 -= alpha130 + + m22 <<= 16 + m2 += int64(m21) + m32 = uint32(m[p+14]) + y1 -= alpha32 + + m23 <<= 24 + m2 += int64(m22) + m33 = uint64(m[p+15]) + y0 -= alpha32 + + m2 += int64(m23) + m00 = uint32(m[p+0]) + y5 = h5 + alpha96 + + m31 <<= 8 + m3 += int64(m30) + m01 = uint32(m[p+1]) + y4 = h4 + alpha96 + + m32 <<= 16 + m02 = uint32(m[p+2]) + x7 = h7 - y7 + y7 *= scale + + m33 += 256 + m03 = uint32(m[p+3]) + x6 = h6 - y6 + y6 *= scale + + m33 <<= 24 + m3 += int64(m31) + m10 = uint32(m[p+4]) + x1 = h1 - y1 + + m01 <<= 8 + m3 += int64(m32) + m11 = uint32(m[p+5]) + x0 = h0 - y0 + + m3 += int64(m33) + m0 += int64(m00) + m12 = uint32(m[p+6]) + y5 -= alpha96 + + m02 <<= 16 + m0 += int64(m01) + m13 = uint32(m[p+7]) + y4 -= alpha96 + + m03 <<= 24 + m0 += int64(m02) + d2 = m2 + x1 += y7 + + m0 += int64(m03) + d3 = m3 + x0 += y6 + + m11 <<= 8 + m1 += int64(m10) + d0 = m0 + x7 += y5 + + m12 <<= 16 + m1 += int64(m11) + x6 += y4 + + m13 <<= 24 + m1 += int64(m12) + y3 = h3 + alpha64 + + m1 += int64(m13) + d1 = m1 + y2 = h2 + alpha64 + + x0 += x1 + + x6 += x7 + + y3 -= alpha64 + r3low = r3low_stack + + y2 -= alpha64 + r0low = r0low_stack + + x5 = h5 - y5 + r3lowx0 = r3low * x0 + r3high = r3high_stack + + x4 = h4 - y4 + r0lowx6 = r0low * x6 + r0high = r0high_stack + + x3 = h3 - y3 + r3highx0 = r3high * x0 + sr1low = sr1low_stack + + x2 = h2 - y2 + r0highx6 = r0high * x6 + sr1high = sr1high_stack + + x5 += y3 + r0lowx0 = r0low * x0 + r1low = r1low_stack + + h6 = r3lowx0 + r0lowx6 + sr1lowx6 = sr1low * x6 + r1high = r1high_stack + + x4 += y2 + r0highx0 = r0high * x0 + sr2low = sr2low_stack + + h7 = r3highx0 + r0highx6 + sr1highx6 = sr1high * x6 + sr2high = sr2high_stack + + x3 += y1 + r1lowx0 = r1low * x0 + r2low = r2low_stack + + h0 = r0lowx0 + sr1lowx6 + sr2lowx6 = sr2low * x6 + r2high = r2high_stack + + x2 += y0 + r1highx0 = r1high * x0 + sr3low = sr3low_stack + + h1 = r0highx0 + sr1highx6 + sr2highx6 = sr2high * x6 + sr3high = sr3high_stack + + x4 += x5 + r2lowx0 = r2low * x0 + z2 = math.Float64frombits(uint64(d2)) + + h2 = r1lowx0 + sr2lowx6 + sr3lowx6 = sr3low * x6 + + x2 += x3 + r2highx0 = r2high * x0 + z3 = math.Float64frombits(uint64(d3)) + + h3 = r1highx0 + sr2highx6 + sr3highx6 = sr3high * x6 + + r1highx4 = r1high * x4 + z2 -= alpha64 + + h4 = r2lowx0 + sr3lowx6 + r1lowx4 = r1low * x4 + + r0highx4 = r0high * x4 + z3 -= alpha96 + + h5 = r2highx0 + sr3highx6 + r0lowx4 = r0low * x4 + + h7 += r1highx4 + sr3highx4 = sr3high * x4 + + h6 += r1lowx4 + sr3lowx4 = sr3low * x4 + + h5 += r0highx4 + sr2highx4 = sr2high * x4 + + h4 += r0lowx4 + sr2lowx4 = sr2low * x4 + + h3 += sr3highx4 + r0lowx2 = r0low * x2 + + h2 += sr3lowx4 + r0highx2 = r0high * x2 + + h1 += sr2highx4 + r1lowx2 = r1low * x2 + + h0 += sr2lowx4 + r1highx2 = r1high * x2 + + h2 += r0lowx2 + r2lowx2 = r2low * x2 + + h3 += r0highx2 + r2highx2 = r2high * x2 + + h4 += r1lowx2 + sr3lowx2 = sr3low * x2 + + h5 += r1highx2 + sr3highx2 = sr3high * x2 + + p += 16 + l -= 16 + h6 += r2lowx2 + + h7 += r2highx2 + + z1 = math.Float64frombits(uint64(d1)) + h0 += sr3lowx2 + + z0 = math.Float64frombits(uint64(d0)) + h1 += sr3highx2 + + z1 -= alpha32 + + z0 -= alpha0 + + h5 += z3 + + h3 += z2 + + h1 += z1 + + h0 += z0 + + if l >= 16 { + goto multiplyaddatleast16bytes + } + +multiplyaddatmost15bytes: + + y7 = h7 + alpha130 + + y6 = h6 + alpha130 + + y1 = h1 + alpha32 + + y0 = h0 + alpha32 + + y7 -= alpha130 + + y6 -= alpha130 + + y1 -= alpha32 + + y0 -= alpha32 + + y5 = h5 + alpha96 + + y4 = h4 + alpha96 + + x7 = h7 - y7 + y7 *= scale + + x6 = h6 - y6 + y6 *= scale + + x1 = h1 - y1 + + x0 = h0 - y0 + + y5 -= alpha96 + + y4 -= alpha96 + + x1 += y7 + + x0 += y6 + + x7 += y5 + + x6 += y4 + + y3 = h3 + alpha64 + + y2 = h2 + alpha64 + + x0 += x1 + + x6 += x7 + + y3 -= alpha64 + r3low = r3low_stack + + y2 -= alpha64 + r0low = r0low_stack + + x5 = h5 - y5 + r3lowx0 = r3low * x0 + r3high = r3high_stack + + x4 = h4 - y4 + r0lowx6 = r0low * x6 + r0high = r0high_stack + + x3 = h3 - y3 + r3highx0 = r3high * x0 + sr1low = sr1low_stack + + x2 = h2 - y2 + r0highx6 = r0high * x6 + sr1high = sr1high_stack + + x5 += y3 + r0lowx0 = r0low * x0 + r1low = r1low_stack + + h6 = r3lowx0 + r0lowx6 + sr1lowx6 = sr1low * x6 + r1high = r1high_stack + + x4 += y2 + r0highx0 = r0high * x0 + sr2low = sr2low_stack + + h7 = r3highx0 + r0highx6 + sr1highx6 = sr1high * x6 + sr2high = sr2high_stack + + x3 += y1 + r1lowx0 = r1low * x0 + r2low = r2low_stack + + h0 = r0lowx0 + sr1lowx6 + sr2lowx6 = sr2low * x6 + r2high = r2high_stack + + x2 += y0 + r1highx0 = r1high * x0 + sr3low = sr3low_stack + + h1 = r0highx0 + sr1highx6 + sr2highx6 = sr2high * x6 + sr3high = sr3high_stack + + x4 += x5 + r2lowx0 = r2low * x0 + + h2 = r1lowx0 + sr2lowx6 + sr3lowx6 = sr3low * x6 + + x2 += x3 + r2highx0 = r2high * x0 + + h3 = r1highx0 + sr2highx6 + sr3highx6 = sr3high * x6 + + r1highx4 = r1high * x4 + + h4 = r2lowx0 + sr3lowx6 + r1lowx4 = r1low * x4 + + r0highx4 = r0high * x4 + + h5 = r2highx0 + sr3highx6 + r0lowx4 = r0low * x4 + + h7 += r1highx4 + sr3highx4 = sr3high * x4 + + h6 += r1lowx4 + sr3lowx4 = sr3low * x4 + + h5 += r0highx4 + sr2highx4 = sr2high * x4 + + h4 += r0lowx4 + sr2lowx4 = sr2low * x4 + + h3 += sr3highx4 + r0lowx2 = r0low * x2 + + h2 += sr3lowx4 + r0highx2 = r0high * x2 + + h1 += sr2highx4 + r1lowx2 = r1low * x2 + + h0 += sr2lowx4 + r1highx2 = r1high * x2 + + h2 += r0lowx2 + r2lowx2 = r2low * x2 + + h3 += r0highx2 + r2highx2 = r2high * x2 + + h4 += r1lowx2 + sr3lowx2 = sr3low * x2 + + h5 += r1highx2 + sr3highx2 = sr3high * x2 + + h6 += r2lowx2 + + h7 += r2highx2 + + h0 += sr3lowx2 + + h1 += sr3highx2 + +addatmost15bytes: + + if l == 0 { + goto nomorebytes + } + + lbelow2 = l - 2 + + lbelow3 = l - 3 + + lbelow2 >>= 31 + lbelow4 = l - 4 + + m00 = uint32(m[p+0]) + lbelow3 >>= 31 + p += lbelow2 + + m01 = uint32(m[p+1]) + lbelow4 >>= 31 + p += lbelow3 + + m02 = uint32(m[p+2]) + p += lbelow4 + m0 = 2151 + + m03 = uint32(m[p+3]) + m0 <<= 51 + m1 = 2215 + + m0 += int64(m00) + m01 &^= uint32(lbelow2) + + m02 &^= uint32(lbelow3) + m01 -= uint32(lbelow2) + + m01 <<= 8 + m03 &^= uint32(lbelow4) + + m0 += int64(m01) + lbelow2 -= lbelow3 + + m02 += uint32(lbelow2) + lbelow3 -= lbelow4 + + m02 <<= 16 + m03 += uint32(lbelow3) + + m03 <<= 24 + m0 += int64(m02) + + m0 += int64(m03) + lbelow5 = l - 5 + + lbelow6 = l - 6 + lbelow7 = l - 7 + + lbelow5 >>= 31 + lbelow8 = l - 8 + + lbelow6 >>= 31 + p += lbelow5 + + m10 = uint32(m[p+4]) + lbelow7 >>= 31 + p += lbelow6 + + m11 = uint32(m[p+5]) + lbelow8 >>= 31 + p += lbelow7 + + m12 = uint32(m[p+6]) + m1 <<= 51 + p += lbelow8 + + m13 = uint32(m[p+7]) + m10 &^= uint32(lbelow5) + lbelow4 -= lbelow5 + + m10 += uint32(lbelow4) + lbelow5 -= lbelow6 + + m11 &^= uint32(lbelow6) + m11 += uint32(lbelow5) + + m11 <<= 8 + m1 += int64(m10) + + m1 += int64(m11) + m12 &^= uint32(lbelow7) + + lbelow6 -= lbelow7 + m13 &^= uint32(lbelow8) + + m12 += uint32(lbelow6) + lbelow7 -= lbelow8 + + m12 <<= 16 + m13 += uint32(lbelow7) + + m13 <<= 24 + m1 += int64(m12) + + m1 += int64(m13) + m2 = 2279 + + lbelow9 = l - 9 + m3 = 2343 + + lbelow10 = l - 10 + lbelow11 = l - 11 + + lbelow9 >>= 31 + lbelow12 = l - 12 + + lbelow10 >>= 31 + p += lbelow9 + + m20 = uint32(m[p+8]) + lbelow11 >>= 31 + p += lbelow10 + + m21 = uint32(m[p+9]) + lbelow12 >>= 31 + p += lbelow11 + + m22 = uint32(m[p+10]) + m2 <<= 51 + p += lbelow12 + + m23 = uint32(m[p+11]) + m20 &^= uint32(lbelow9) + lbelow8 -= lbelow9 + + m20 += uint32(lbelow8) + lbelow9 -= lbelow10 + + m21 &^= uint32(lbelow10) + m21 += uint32(lbelow9) + + m21 <<= 8 + m2 += int64(m20) + + m2 += int64(m21) + m22 &^= uint32(lbelow11) + + lbelow10 -= lbelow11 + m23 &^= uint32(lbelow12) + + m22 += uint32(lbelow10) + lbelow11 -= lbelow12 + + m22 <<= 16 + m23 += uint32(lbelow11) + + m23 <<= 24 + m2 += int64(m22) + + m3 <<= 51 + lbelow13 = l - 13 + + lbelow13 >>= 31 + lbelow14 = l - 14 + + lbelow14 >>= 31 + p += lbelow13 + lbelow15 = l - 15 + + m30 = uint32(m[p+12]) + lbelow15 >>= 31 + p += lbelow14 + + m31 = uint32(m[p+13]) + p += lbelow15 + m2 += int64(m23) + + m32 = uint32(m[p+14]) + m30 &^= uint32(lbelow13) + lbelow12 -= lbelow13 + + m30 += uint32(lbelow12) + lbelow13 -= lbelow14 + + m3 += int64(m30) + m31 &^= uint32(lbelow14) + + m31 += uint32(lbelow13) + m32 &^= uint32(lbelow15) + + m31 <<= 8 + lbelow14 -= lbelow15 + + m3 += int64(m31) + m32 += uint32(lbelow14) + d0 = m0 + + m32 <<= 16 + m33 = uint64(lbelow15 + 1) + d1 = m1 + + m33 <<= 24 + m3 += int64(m32) + d2 = m2 + + m3 += int64(m33) + d3 = m3 + + z3 = math.Float64frombits(uint64(d3)) + + z2 = math.Float64frombits(uint64(d2)) + + z1 = math.Float64frombits(uint64(d1)) + + z0 = math.Float64frombits(uint64(d0)) + + z3 -= alpha96 + + z2 -= alpha64 + + z1 -= alpha32 + + z0 -= alpha0 + + h5 += z3 + + h3 += z2 + + h1 += z1 + + h0 += z0 + + y7 = h7 + alpha130 + + y6 = h6 + alpha130 + + y1 = h1 + alpha32 + + y0 = h0 + alpha32 + + y7 -= alpha130 + + y6 -= alpha130 + + y1 -= alpha32 + + y0 -= alpha32 + + y5 = h5 + alpha96 + + y4 = h4 + alpha96 + + x7 = h7 - y7 + y7 *= scale + + x6 = h6 - y6 + y6 *= scale + + x1 = h1 - y1 + + x0 = h0 - y0 + + y5 -= alpha96 + + y4 -= alpha96 + + x1 += y7 + + x0 += y6 + + x7 += y5 + + x6 += y4 + + y3 = h3 + alpha64 + + y2 = h2 + alpha64 + + x0 += x1 + + x6 += x7 + + y3 -= alpha64 + r3low = r3low_stack + + y2 -= alpha64 + r0low = r0low_stack + + x5 = h5 - y5 + r3lowx0 = r3low * x0 + r3high = r3high_stack + + x4 = h4 - y4 + r0lowx6 = r0low * x6 + r0high = r0high_stack + + x3 = h3 - y3 + r3highx0 = r3high * x0 + sr1low = sr1low_stack + + x2 = h2 - y2 + r0highx6 = r0high * x6 + sr1high = sr1high_stack + + x5 += y3 + r0lowx0 = r0low * x0 + r1low = r1low_stack + + h6 = r3lowx0 + r0lowx6 + sr1lowx6 = sr1low * x6 + r1high = r1high_stack + + x4 += y2 + r0highx0 = r0high * x0 + sr2low = sr2low_stack + + h7 = r3highx0 + r0highx6 + sr1highx6 = sr1high * x6 + sr2high = sr2high_stack + + x3 += y1 + r1lowx0 = r1low * x0 + r2low = r2low_stack + + h0 = r0lowx0 + sr1lowx6 + sr2lowx6 = sr2low * x6 + r2high = r2high_stack + + x2 += y0 + r1highx0 = r1high * x0 + sr3low = sr3low_stack + + h1 = r0highx0 + sr1highx6 + sr2highx6 = sr2high * x6 + sr3high = sr3high_stack + + x4 += x5 + r2lowx0 = r2low * x0 + + h2 = r1lowx0 + sr2lowx6 + sr3lowx6 = sr3low * x6 + + x2 += x3 + r2highx0 = r2high * x0 + + h3 = r1highx0 + sr2highx6 + sr3highx6 = sr3high * x6 + + r1highx4 = r1high * x4 + + h4 = r2lowx0 + sr3lowx6 + r1lowx4 = r1low * x4 + + r0highx4 = r0high * x4 + + h5 = r2highx0 + sr3highx6 + r0lowx4 = r0low * x4 + + h7 += r1highx4 + sr3highx4 = sr3high * x4 + + h6 += r1lowx4 + sr3lowx4 = sr3low * x4 + + h5 += r0highx4 + sr2highx4 = sr2high * x4 + + h4 += r0lowx4 + sr2lowx4 = sr2low * x4 + + h3 += sr3highx4 + r0lowx2 = r0low * x2 + + h2 += sr3lowx4 + r0highx2 = r0high * x2 + + h1 += sr2highx4 + r1lowx2 = r1low * x2 + + h0 += sr2lowx4 + r1highx2 = r1high * x2 + + h2 += r0lowx2 + r2lowx2 = r2low * x2 + + h3 += r0highx2 + r2highx2 = r2high * x2 + + h4 += r1lowx2 + sr3lowx2 = sr3low * x2 + + h5 += r1highx2 + sr3highx2 = sr3high * x2 + + h6 += r2lowx2 + + h7 += r2highx2 + + h0 += sr3lowx2 + + h1 += sr3highx2 + +nomorebytes: + + y7 = h7 + alpha130 + + y0 = h0 + alpha32 + + y1 = h1 + alpha32 + + y2 = h2 + alpha64 + + y7 -= alpha130 + + y3 = h3 + alpha64 + + y4 = h4 + alpha96 + + y5 = h5 + alpha96 + + x7 = h7 - y7 + y7 *= scale + + y0 -= alpha32 + + y1 -= alpha32 + + y2 -= alpha64 + + h6 += x7 + + y3 -= alpha64 + + y4 -= alpha96 + + y5 -= alpha96 + + y6 = h6 + alpha130 + + x0 = h0 - y0 + + x1 = h1 - y1 + + x2 = h2 - y2 + + y6 -= alpha130 + + x0 += y7 + + x3 = h3 - y3 + + x4 = h4 - y4 + + x5 = h5 - y5 + + x6 = h6 - y6 + + y6 *= scale + + x2 += y0 + + x3 += y1 + + x4 += y2 + + x0 += y6 + + x5 += y3 + + x6 += y4 + + x2 += x3 + + x0 += x1 + + x4 += x5 + + x6 += y5 + + x2 += offset1 + d1 = int64(math.Float64bits(x2)) + + x0 += offset0 + d0 = int64(math.Float64bits(x0)) + + x4 += offset2 + d2 = int64(math.Float64bits(x4)) + + x6 += offset3 + d3 = int64(math.Float64bits(x6)) + + f0 = uint64(d0) + + f1 = uint64(d1) + bits32 = math.MaxUint64 + + f2 = uint64(d2) + bits32 >>= 32 + + f3 = uint64(d3) + f = f0 >> 32 + + f0 &= bits32 + f &= 255 + + f1 += f + g0 = f0 + 5 + + g = g0 >> 32 + g0 &= bits32 + + f = f1 >> 32 + f1 &= bits32 + + f &= 255 + g1 = f1 + g + + g = g1 >> 32 + f2 += f + + f = f2 >> 32 + g1 &= bits32 + + f2 &= bits32 + f &= 255 + + f3 += f + g2 = f2 + g + + g = g2 >> 32 + g2 &= bits32 + + f4 = f3 >> 32 + f3 &= bits32 + + f4 &= 255 + g3 = f3 + g + + g = g3 >> 32 + g3 &= bits32 + + g4 = f4 + g + + g4 = g4 - 4 + s00 = uint32(s[0]) + + f = uint64(int64(g4) >> 63) + s01 = uint32(s[1]) + + f0 &= f + g0 &^= f + s02 = uint32(s[2]) + + f1 &= f + f0 |= g0 + s03 = uint32(s[3]) + + g1 &^= f + f2 &= f + s10 = uint32(s[4]) + + f3 &= f + g2 &^= f + s11 = uint32(s[5]) + + g3 &^= f + f1 |= g1 + s12 = uint32(s[6]) + + f2 |= g2 + f3 |= g3 + s13 = uint32(s[7]) + + s01 <<= 8 + f0 += uint64(s00) + s20 = uint32(s[8]) + + s02 <<= 16 + f0 += uint64(s01) + s21 = uint32(s[9]) + + s03 <<= 24 + f0 += uint64(s02) + s22 = uint32(s[10]) + + s11 <<= 8 + f1 += uint64(s10) + s23 = uint32(s[11]) + + s12 <<= 16 + f1 += uint64(s11) + s30 = uint32(s[12]) + + s13 <<= 24 + f1 += uint64(s12) + s31 = uint32(s[13]) + + f0 += uint64(s03) + f1 += uint64(s13) + s32 = uint32(s[14]) + + s21 <<= 8 + f2 += uint64(s20) + s33 = uint32(s[15]) + + s22 <<= 16 + f2 += uint64(s21) + + s23 <<= 24 + f2 += uint64(s22) + + s31 <<= 8 + f3 += uint64(s30) + + s32 <<= 16 + f3 += uint64(s31) + + s33 <<= 24 + f3 += uint64(s32) + + f2 += uint64(s23) + f3 += uint64(s33) + + out[0] = byte(f0) + f0 >>= 8 + out[1] = byte(f0) + f0 >>= 8 + out[2] = byte(f0) + f0 >>= 8 + out[3] = byte(f0) + f0 >>= 8 + f1 += f0 + + out[4] = byte(f1) + f1 >>= 8 + out[5] = byte(f1) + f1 >>= 8 + out[6] = byte(f1) + f1 >>= 8 + out[7] = byte(f1) + f1 >>= 8 + f2 += f1 + + out[8] = byte(f2) + f2 >>= 8 + out[9] = byte(f2) + f2 >>= 8 + out[10] = byte(f2) + f2 >>= 8 + out[11] = byte(f2) + f2 >>= 8 + f3 += f2 + + out[12] = byte(f3) + f3 >>= 8 + out[13] = byte(f3) + f3 >>= 8 + out[14] = byte(f3) + f3 >>= 8 + out[15] = byte(f3) +} diff --git a/src/ssl/test/runner/prf.go b/src/ssl/test/runner/prf.go index 75a8933..d445e76 100644 --- a/src/ssl/test/runner/prf.go +++ b/src/ssl/test/runner/prf.go @@ -323,14 +323,14 @@ func (h finishedHash) serverSum(masterSecret []byte) []byte { // selectClientCertSignatureAlgorithm returns a signatureAndHash to sign a // client's CertificateVerify with, or an error if none can be found. -func (h finishedHash) selectClientCertSignatureAlgorithm(serverList []signatureAndHash, sigType uint8) (signatureAndHash, error) { +func (h finishedHash) selectClientCertSignatureAlgorithm(serverList, clientList []signatureAndHash, sigType uint8) (signatureAndHash, error) { if h.version < VersionTLS12 { // Nothing to negotiate before TLS 1.2. return signatureAndHash{signature: sigType}, nil } for _, v := range serverList { - if v.signature == sigType && v.hash == hashSHA256 { + if v.signature == sigType && isSupportedSignatureAndHash(v, clientList) { return v, nil } } diff --git a/src/ssl/test/runner/runner.go b/src/ssl/test/runner/runner.go index aaa2a4d..ec2fede 100644 --- a/src/ssl/test/runner/runner.go +++ b/src/ssl/test/runner/runner.go @@ -20,14 +20,17 @@ import ( "strings" "sync" "syscall" + "time" ) var ( - useValgrind = flag.Bool("valgrind", false, "If true, run code under valgrind") - useGDB = flag.Bool("gdb", false, "If true, run BoringSSL code under gdb") - flagDebug *bool = flag.Bool("debug", false, "Hexdump the contents of the connection") - mallocTest *int64 = flag.Int64("malloc-test", -1, "If non-negative, run each test with each malloc in turn failing from the given number onwards.") - mallocTestDebug *bool = flag.Bool("malloc-test-debug", false, "If true, ask bssl_shim to abort rather than fail a malloc. This can be used with a specific value for --malloc-test to identity the malloc failing that is causing problems.") + useValgrind = flag.Bool("valgrind", false, "If true, run code under valgrind") + useGDB = flag.Bool("gdb", false, "If true, run BoringSSL code under gdb") + flagDebug = flag.Bool("debug", false, "Hexdump the contents of the connection") + mallocTest = flag.Int64("malloc-test", -1, "If non-negative, run each test with each malloc in turn failing from the given number onwards.") + mallocTestDebug = flag.Bool("malloc-test-debug", false, "If true, ask bssl_shim to abort rather than fail a malloc. This can be used with a specific value for --malloc-test to identity the malloc failing that is causing problems.") + jsonOutput = flag.String("json-output", "", "The file to output JSON results to.") + pipe = flag.Bool("pipe", false, "If true, print status output suitable for piping into another program.") ) const ( @@ -132,6 +135,9 @@ type testCase struct { // expectedResumeVersion, if non-zero, specifies the TLS version that // must be negotiated on resumption. If zero, expectedVersion is used. expectedResumeVersion uint16 + // expectedCipher, if non-zero, specifies the TLS cipher suite that + // should be negotiated. + expectedCipher uint16 // expectChannelID controls whether the connection should have // negotiated a Channel ID with channelIDKey. expectChannelID bool @@ -181,6 +187,12 @@ type testCase struct { // damageFirstWrite, if true, configures the underlying transport to // damage the final byte of the first application data write. damageFirstWrite bool + // exportKeyingMaterial, if non-zero, configures the test to exchange + // keying material and verify they match. + exportKeyingMaterial int + exportLabel string + exportContext string + useExportContext bool // flags, if not empty, contains a list of command-line flags that will // be passed to the shim program. flags []string @@ -292,6 +304,18 @@ var testCases = []testCase{ expectedError: ":UNEXPECTED_MESSAGE:", }, { + name: "SkipCertificateStatus", + config: Config{ + CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, + Bugs: ProtocolBugs{ + SkipCertificateStatus: true, + }, + }, + flags: []string{ + "-enable-ocsp-stapling", + }, + }, + { name: "SkipServerKeyExchange", config: Config{ CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, @@ -376,11 +400,47 @@ var testCases = []testCase{ }, { testType: serverTest, + name: "Alert", + config: Config{ + Bugs: ProtocolBugs{ + SendSpuriousAlert: alertRecordOverflow, + }, + }, + shouldFail: true, + expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:", + }, + { + protocol: dtls, + testType: serverTest, + name: "Alert-DTLS", + config: Config{ + Bugs: ProtocolBugs{ + SendSpuriousAlert: alertRecordOverflow, + }, + }, + shouldFail: true, + expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:", + }, + { + testType: serverTest, name: "FragmentAlert", config: Config{ Bugs: ProtocolBugs{ FragmentAlert: true, - SendSpuriousAlert: true, + SendSpuriousAlert: alertRecordOverflow, + }, + }, + shouldFail: true, + expectedError: ":BAD_ALERT:", + }, + { + protocol: dtls, + testType: serverTest, + name: "FragmentAlert-DTLS", + config: Config{ + Bugs: ProtocolBugs{ + FragmentAlert: true, + SendSpuriousAlert: alertRecordOverflow, }, }, shouldFail: true, @@ -536,11 +596,11 @@ var testCases = []testCase{ expectedError: ":WRONG_CIPHER_RETURNED:", }, { - name: "RSAServerKeyExchange", + name: "RSAEphemeralKey", config: Config{ CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA}, Bugs: ProtocolBugs{ - RSAServerKeyExchange: true, + RSAEphemeralKey: true, }, }, shouldFail: true, @@ -650,6 +710,380 @@ var testCases = []testCase{ AppDataAfterChangeCipherSpec: []byte("TEST MESSAGE"), }, }, + // BoringSSL's DTLS implementation will drop the out-of-order + // application data. + }, + { + name: "AlertAfterChangeCipherSpec", + config: Config{ + Bugs: ProtocolBugs{ + AlertAfterChangeCipherSpec: alertRecordOverflow, + }, + }, + shouldFail: true, + expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:", + }, + { + protocol: dtls, + name: "AlertAfterChangeCipherSpec-DTLS", + config: Config{ + Bugs: ProtocolBugs{ + AlertAfterChangeCipherSpec: alertRecordOverflow, + }, + }, + shouldFail: true, + expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:", + }, + { + protocol: dtls, + name: "ReorderHandshakeFragments-Small-DTLS", + config: Config{ + Bugs: ProtocolBugs{ + ReorderHandshakeFragments: true, + // Small enough that every handshake message is + // fragmented. + MaxHandshakeRecordLength: 2, + }, + }, + }, + { + protocol: dtls, + name: "ReorderHandshakeFragments-Large-DTLS", + config: Config{ + Bugs: ProtocolBugs{ + ReorderHandshakeFragments: true, + // Large enough that no handshake message is + // fragmented. + MaxHandshakeRecordLength: 2048, + }, + }, + }, + { + protocol: dtls, + name: "MixCompleteMessageWithFragments-DTLS", + config: Config{ + Bugs: ProtocolBugs{ + ReorderHandshakeFragments: true, + MixCompleteMessageWithFragments: true, + MaxHandshakeRecordLength: 2, + }, + }, + }, + { + name: "SendInvalidRecordType", + config: Config{ + Bugs: ProtocolBugs{ + SendInvalidRecordType: true, + }, + }, + shouldFail: true, + expectedError: ":UNEXPECTED_RECORD:", + }, + { + protocol: dtls, + name: "SendInvalidRecordType-DTLS", + config: Config{ + Bugs: ProtocolBugs{ + SendInvalidRecordType: true, + }, + }, + shouldFail: true, + expectedError: ":UNEXPECTED_RECORD:", + }, + { + name: "FalseStart-SkipServerSecondLeg", + config: Config{ + CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, + NextProtos: []string{"foo"}, + Bugs: ProtocolBugs{ + SkipNewSessionTicket: true, + SkipChangeCipherSpec: true, + SkipFinished: true, + ExpectFalseStart: true, + }, + }, + flags: []string{ + "-false-start", + "-handshake-never-done", + "-advertise-alpn", "\x03foo", + }, + shimWritesFirst: true, + shouldFail: true, + expectedError: ":UNEXPECTED_RECORD:", + }, + { + name: "FalseStart-SkipServerSecondLeg-Implicit", + config: Config{ + CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, + NextProtos: []string{"foo"}, + Bugs: ProtocolBugs{ + SkipNewSessionTicket: true, + SkipChangeCipherSpec: true, + SkipFinished: true, + }, + }, + flags: []string{ + "-implicit-handshake", + "-false-start", + "-handshake-never-done", + "-advertise-alpn", "\x03foo", + }, + shouldFail: true, + expectedError: ":UNEXPECTED_RECORD:", + }, + { + testType: serverTest, + name: "FailEarlyCallback", + flags: []string{"-fail-early-callback"}, + shouldFail: true, + expectedError: ":CONNECTION_REJECTED:", + expectedLocalError: "remote error: access denied", + }, + { + name: "WrongMessageType", + config: Config{ + Bugs: ProtocolBugs{ + WrongCertificateMessageType: true, + }, + }, + shouldFail: true, + expectedError: ":UNEXPECTED_MESSAGE:", + expectedLocalError: "remote error: unexpected message", + }, + { + protocol: dtls, + name: "WrongMessageType-DTLS", + config: Config{ + Bugs: ProtocolBugs{ + WrongCertificateMessageType: true, + }, + }, + shouldFail: true, + expectedError: ":UNEXPECTED_MESSAGE:", + expectedLocalError: "remote error: unexpected message", + }, + { + protocol: dtls, + name: "FragmentMessageTypeMismatch-DTLS", + config: Config{ + Bugs: ProtocolBugs{ + MaxHandshakeRecordLength: 2, + FragmentMessageTypeMismatch: true, + }, + }, + shouldFail: true, + expectedError: ":FRAGMENT_MISMATCH:", + }, + { + protocol: dtls, + name: "FragmentMessageLengthMismatch-DTLS", + config: Config{ + Bugs: ProtocolBugs{ + MaxHandshakeRecordLength: 2, + FragmentMessageLengthMismatch: true, + }, + }, + shouldFail: true, + expectedError: ":FRAGMENT_MISMATCH:", + }, + { + protocol: dtls, + name: "SplitFragmentHeader-DTLS", + config: Config{ + Bugs: ProtocolBugs{ + SplitFragmentHeader: true, + }, + }, + shouldFail: true, + expectedError: ":UNEXPECTED_MESSAGE:", + }, + { + protocol: dtls, + name: "SplitFragmentBody-DTLS", + config: Config{ + Bugs: ProtocolBugs{ + SplitFragmentBody: true, + }, + }, + shouldFail: true, + expectedError: ":UNEXPECTED_MESSAGE:", + }, + { + protocol: dtls, + name: "SendEmptyFragments-DTLS", + config: Config{ + Bugs: ProtocolBugs{ + SendEmptyFragments: true, + }, + }, + }, + { + name: "UnsupportedCipherSuite", + config: Config{ + CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA}, + Bugs: ProtocolBugs{ + IgnorePeerCipherPreferences: true, + }, + }, + flags: []string{"-cipher", "DEFAULT:!RC4"}, + shouldFail: true, + expectedError: ":WRONG_CIPHER_RETURNED:", + }, + { + name: "UnsupportedCurve", + config: Config{ + CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, + // BoringSSL implements P-224 but doesn't enable it by + // default. + CurvePreferences: []CurveID{CurveP224}, + Bugs: ProtocolBugs{ + IgnorePeerCurvePreferences: true, + }, + }, + shouldFail: true, + expectedError: ":WRONG_CURVE:", + }, + { + name: "SendWarningAlerts", + config: Config{ + Bugs: ProtocolBugs{ + SendWarningAlerts: alertAccessDenied, + }, + }, + }, + { + protocol: dtls, + name: "SendWarningAlerts-DTLS", + config: Config{ + Bugs: ProtocolBugs{ + SendWarningAlerts: alertAccessDenied, + }, + }, + }, + { + name: "BadFinished", + config: Config{ + Bugs: ProtocolBugs{ + BadFinished: true, + }, + }, + shouldFail: true, + expectedError: ":DIGEST_CHECK_FAILED:", + }, + { + name: "FalseStart-BadFinished", + config: Config{ + CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, + NextProtos: []string{"foo"}, + Bugs: ProtocolBugs{ + BadFinished: true, + ExpectFalseStart: true, + }, + }, + flags: []string{ + "-false-start", + "-handshake-never-done", + "-advertise-alpn", "\x03foo", + }, + shimWritesFirst: true, + shouldFail: true, + expectedError: ":DIGEST_CHECK_FAILED:", + }, + { + name: "NoFalseStart-NoALPN", + config: Config{ + CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, + Bugs: ProtocolBugs{ + ExpectFalseStart: true, + AlertBeforeFalseStartTest: alertAccessDenied, + }, + }, + flags: []string{ + "-false-start", + }, + shimWritesFirst: true, + shouldFail: true, + expectedError: ":TLSV1_ALERT_ACCESS_DENIED:", + expectedLocalError: "tls: peer did not false start: EOF", + }, + { + name: "NoFalseStart-NoAEAD", + config: Config{ + CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA}, + NextProtos: []string{"foo"}, + Bugs: ProtocolBugs{ + ExpectFalseStart: true, + AlertBeforeFalseStartTest: alertAccessDenied, + }, + }, + flags: []string{ + "-false-start", + "-advertise-alpn", "\x03foo", + }, + shimWritesFirst: true, + shouldFail: true, + expectedError: ":TLSV1_ALERT_ACCESS_DENIED:", + expectedLocalError: "tls: peer did not false start: EOF", + }, + { + name: "NoFalseStart-RSA", + config: Config{ + CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256}, + NextProtos: []string{"foo"}, + Bugs: ProtocolBugs{ + ExpectFalseStart: true, + AlertBeforeFalseStartTest: alertAccessDenied, + }, + }, + flags: []string{ + "-false-start", + "-advertise-alpn", "\x03foo", + }, + shimWritesFirst: true, + shouldFail: true, + expectedError: ":TLSV1_ALERT_ACCESS_DENIED:", + expectedLocalError: "tls: peer did not false start: EOF", + }, + { + name: "NoFalseStart-DHE_RSA", + config: Config{ + CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256}, + NextProtos: []string{"foo"}, + Bugs: ProtocolBugs{ + ExpectFalseStart: true, + AlertBeforeFalseStartTest: alertAccessDenied, + }, + }, + flags: []string{ + "-false-start", + "-advertise-alpn", "\x03foo", + }, + shimWritesFirst: true, + shouldFail: true, + expectedError: ":TLSV1_ALERT_ACCESS_DENIED:", + expectedLocalError: "tls: peer did not false start: EOF", + }, + { + testType: serverTest, + name: "NoSupportedCurves", + config: Config{ + CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, + Bugs: ProtocolBugs{ + NoSupportedCurves: true, + }, + }, + }, + { + testType: serverTest, + name: "NoCommonCurves", + config: Config{ + CipherSuites: []uint16{ + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, + }, + CurvePreferences: []CurveID{CurveP224}, + }, + expectedCipher: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, }, } @@ -665,7 +1099,8 @@ func doExchange(test *testCase, config *Config, conn net.Conn, messageLen int, i } if test.protocol == dtls { - conn = newPacketAdaptor(conn) + config.Bugs.PacketAdaptor = newPacketAdaptor(conn) + conn = config.Bugs.PacketAdaptor if test.replayWrites { conn = newReplayAdaptor(conn) } @@ -713,6 +1148,10 @@ func doExchange(test *testCase, config *Config, conn net.Conn, messageLen int, i return fmt.Errorf("got version %x, expected %x", vers, expectedVersion) } + if cipher := tlsConn.ConnectionState().CipherSuite; test.expectedCipher != 0 && cipher != test.expectedCipher { + return fmt.Errorf("got cipher %x, expected %x", cipher, test.expectedCipher) + } + if test.expectChannelID { channelID := tlsConn.ConnectionState().ChannelID if channelID == nil { @@ -741,6 +1180,20 @@ func doExchange(test *testCase, config *Config, conn net.Conn, messageLen int, i return fmt.Errorf("SRTP profile mismatch: got %d, wanted %d", p, test.expectedSRTPProtectionProfile) } + if test.exportKeyingMaterial > 0 { + actual := make([]byte, test.exportKeyingMaterial) + if _, err := io.ReadFull(tlsConn, actual); err != nil { + return err + } + expected, err := tlsConn.ExportKeyingMaterial(test.exportKeyingMaterial, []byte(test.exportLabel), []byte(test.exportContext), test.useExportContext) + if err != nil { + return err + } + if !bytes.Equal(actual, expected) { + return fmt.Errorf("keying material mismatch") + } + } + if test.shimWritesFirst { var buf [5]byte _, err := io.ReadFull(tlsConn, buf[:]) @@ -778,21 +1231,14 @@ func doExchange(test *testCase, config *Config, conn net.Conn, messageLen int, i return err } - var testMessage []byte - if config.Bugs.AppDataAfterChangeCipherSpec != nil { - // We've already sent a message. Expect the shim to echo it - // back. - testMessage = config.Bugs.AppDataAfterChangeCipherSpec - } else { - if messageLen == 0 { - messageLen = 32 - } - testMessage = make([]byte, messageLen) - for i := range testMessage { - testMessage[i] = 0x42 - } - tlsConn.Write(testMessage) + if messageLen == 0 { + messageLen = 32 + } + testMessage := make([]byte, messageLen) + for i := range testMessage { + testMessage[i] = 0x42 } + tlsConn.Write(testMessage) buf := make([]byte, len(testMessage)) if test.protocol == dtls { @@ -833,32 +1279,11 @@ func valgrindOf(dbAttach bool, path string, args ...string) *exec.Cmd { } func gdbOf(path string, args ...string) *exec.Cmd { - xtermArgs := []string{"-e", "gdb", "--args"} - xtermArgs = append(xtermArgs, path) - xtermArgs = append(xtermArgs, args...) - - return exec.Command("xterm", xtermArgs...) -} - -func openSocketPair() (shimEnd *os.File, conn net.Conn) { - socks, err := syscall.Socketpair(syscall.AF_UNIX, syscall.SOCK_STREAM, 0) - if err != nil { - panic(err) - } - - syscall.CloseOnExec(socks[0]) - syscall.CloseOnExec(socks[1]) - shimEnd = os.NewFile(uintptr(socks[0]), "shim end") - connFile := os.NewFile(uintptr(socks[1]), "our end") - conn, err = net.FileConn(connFile) - if err != nil { - panic(err) - } - connFile.Close() - if err != nil { - panic(err) - } - return shimEnd, conn + xtermArgs := []string{"-e", "gdb", "--args"} + xtermArgs = append(xtermArgs, path) + xtermArgs = append(xtermArgs, args...) + + return exec.Command("xterm", xtermArgs...) } type moreMallocsError struct{} @@ -869,16 +1294,45 @@ func (moreMallocsError) Error() string { var errMoreMallocs = moreMallocsError{} +// accept accepts a connection from listener, unless waitChan signals a process +// exit first. +func acceptOrWait(listener net.Listener, waitChan chan error) (net.Conn, error) { + type connOrError struct { + conn net.Conn + err error + } + connChan := make(chan connOrError, 1) + go func() { + conn, err := listener.Accept() + connChan <- connOrError{conn, err} + close(connChan) + }() + select { + case result := <-connChan: + return result.conn, result.err + case childErr := <-waitChan: + waitChan <- childErr + return nil, fmt.Errorf("child exited early: %s", childErr) + } +} + func runTest(test *testCase, buildDir string, mallocNumToFail int64) error { if !test.shouldFail && (len(test.expectedError) > 0 || len(test.expectedLocalError) > 0) { panic("Error expected without shouldFail in " + test.name) } - shimEnd, conn := openSocketPair() - shimEndResume, connResume := openSocketPair() + listener, err := net.ListenTCP("tcp4", &net.TCPAddr{IP: net.IP{127, 0, 0, 1}}) + if err != nil { + panic(err) + } + defer func() { + if listener != nil { + listener.Close() + } + }() shim_path := path.Join(buildDir, "ssl/test/bssl_shim") - var flags []string + flags := []string{"-port", strconv.Itoa(listener.Addr().(*net.TCPAddr).Port)} if test.testType == serverTest { flags = append(flags, "-server") @@ -909,6 +1363,15 @@ func runTest(test *testCase, buildDir string, mallocNumToFail int64) error { flags = append(flags, "-shim-writes-first") } + if test.exportKeyingMaterial > 0 { + flags = append(flags, "-export-keying-material", strconv.Itoa(test.exportKeyingMaterial)) + flags = append(flags, "-export-label", test.exportLabel) + flags = append(flags, "-export-context", test.exportContext) + if test.useExportContext { + flags = append(flags, "-use-export-context") + } + } + flags = append(flags, test.flags...) var shim *exec.Cmd @@ -919,13 +1382,13 @@ func runTest(test *testCase, buildDir string, mallocNumToFail int64) error { } else { shim = exec.Command(shim_path, flags...) } - shim.ExtraFiles = []*os.File{shimEnd, shimEndResume} shim.Stdin = os.Stdin var stdoutBuf, stderrBuf bytes.Buffer shim.Stdout = &stdoutBuf shim.Stderr = &stderrBuf if mallocNumToFail >= 0 { - shim.Env = []string{"MALLOC_NUMBER_TO_FAIL=" + strconv.FormatInt(mallocNumToFail, 10)} + shim.Env = os.Environ() + shim.Env = append(shim.Env, "MALLOC_NUMBER_TO_FAIL="+strconv.FormatInt(mallocNumToFail, 10)) if *mallocTestDebug { shim.Env = append(shim.Env, "MALLOC_ABORT_ON_FAIL=1") } @@ -935,8 +1398,8 @@ func runTest(test *testCase, buildDir string, mallocNumToFail int64) error { if err := shim.Start(); err != nil { panic(err) } - shimEnd.Close() - shimEndResume.Close() + waitChan := make(chan error, 1) + go func() { waitChan <- shim.Wait() }() config := test.config config.ClientSessionCache = NewLRUClientSessionCache(1) @@ -945,16 +1408,27 @@ func runTest(test *testCase, buildDir string, mallocNumToFail int64) error { if len(config.Certificates) == 0 { config.Certificates = []Certificate{getRSACertificate()} } + } else { + // Supply a ServerName to ensure a constant session cache key, + // rather than falling back to net.Conn.RemoteAddr. + if len(config.ServerName) == 0 { + config.ServerName = "test" + } } - err := doExchange(test, &config, conn, test.messageLen, - false /* not a resumption */) - conn.Close() + conn, err := acceptOrWait(listener, waitChan) + if err == nil { + err = doExchange(test, &config, conn, test.messageLen, false /* not a resumption */) + conn.Close() + } if err == nil && test.resumeSession { var resumeConfig Config if test.resumeConfig != nil { resumeConfig = *test.resumeConfig + if len(resumeConfig.ServerName) == 0 { + resumeConfig.ServerName = config.ServerName + } if len(resumeConfig.Certificates) == 0 { resumeConfig.Certificates = []Certificate{getRSACertificate()} } @@ -966,12 +1440,20 @@ func runTest(test *testCase, buildDir string, mallocNumToFail int64) error { } else { resumeConfig = config } - err = doExchange(test, &resumeConfig, connResume, test.messageLen, - true /* resumption */) + var connResume net.Conn + connResume, err = acceptOrWait(listener, waitChan) + if err == nil { + err = doExchange(test, &resumeConfig, connResume, test.messageLen, true /* resumption */) + connResume.Close() + } } - connResume.Close() - childErr := shim.Wait() + // Close the listener now. This is to avoid hangs should the shim try to + // open more connections than expected. + listener.Close() + listener = nil + + childErr := <-waitChan if exitError, ok := childErr.(*exec.ExitError); ok { if exitError.Sys().(syscall.WaitStatus).ExitStatus() == 88 { return errMoreMallocs @@ -981,7 +1463,7 @@ func runTest(test *testCase, buildDir string, mallocNumToFail int64) error { stdout := string(stdoutBuf.Bytes()) stderr := string(stderrBuf.Bytes()) failed := err != nil || childErr != nil - correctFailure := len(test.expectedError) == 0 || strings.Contains(stdout, test.expectedError) + correctFailure := len(test.expectedError) == 0 || strings.Contains(stderr, test.expectedError) localError := "none" if err != nil { localError = err.Error() @@ -1008,10 +1490,10 @@ func runTest(test *testCase, buildDir string, mallocNumToFail int64) error { panic("internal error") } - return fmt.Errorf("%s: local error '%s', child error '%s', stdout:\n%s\nstderr:\n%s", msg, localError, childError, string(stdoutBuf.Bytes()), stderr) + return fmt.Errorf("%s: local error '%s', child error '%s', stdout:\n%s\nstderr:\n%s", msg, localError, childError, stdout, stderr) } - if !*useValgrind && len(stderr) > 0 { + if !*useValgrind && !failed && len(stderr) > 0 { println(stderr) } @@ -1047,12 +1529,14 @@ var testCipherSuites = []struct { {"DHE-RSA-AES256-GCM", TLS_DHE_RSA_WITH_AES_256_GCM_SHA384}, {"DHE-RSA-AES256-SHA", TLS_DHE_RSA_WITH_AES_256_CBC_SHA}, {"DHE-RSA-AES256-SHA256", TLS_DHE_RSA_WITH_AES_256_CBC_SHA256}, + {"DHE-RSA-CHACHA20-POLY1305", TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256}, {"ECDHE-ECDSA-AES128-GCM", TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}, {"ECDHE-ECDSA-AES128-SHA", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA}, {"ECDHE-ECDSA-AES128-SHA256", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256}, {"ECDHE-ECDSA-AES256-GCM", TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384}, {"ECDHE-ECDSA-AES256-SHA", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA}, {"ECDHE-ECDSA-AES256-SHA384", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384}, + {"ECDHE-ECDSA-CHACHA20-POLY1305", TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256}, {"ECDHE-ECDSA-RC4-SHA", TLS_ECDHE_ECDSA_WITH_RC4_128_SHA}, {"ECDHE-PSK-AES128-GCM-SHA256", TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256}, {"ECDHE-RSA-AES128-GCM", TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, @@ -1061,6 +1545,7 @@ var testCipherSuites = []struct { {"ECDHE-RSA-AES256-GCM", TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384}, {"ECDHE-RSA-AES256-SHA", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA}, {"ECDHE-RSA-AES256-SHA384", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384}, + {"ECDHE-RSA-CHACHA20-POLY1305", TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256}, {"ECDHE-RSA-RC4-SHA", TLS_ECDHE_RSA_WITH_RC4_128_SHA}, {"PSK-AES128-CBC-SHA", TLS_PSK_WITH_AES_128_CBC_SHA}, {"PSK-AES256-CBC-SHA", TLS_PSK_WITH_AES_256_CBC_SHA}, @@ -1076,7 +1561,8 @@ func hasComponent(suiteName, component string) bool { func isTLS12Only(suiteName string) bool { return hasComponent(suiteName, "GCM") || hasComponent(suiteName, "SHA256") || - hasComponent(suiteName, "SHA384") + hasComponent(suiteName, "SHA384") || + hasComponent(suiteName, "POLY1305") } func isDTLSCipher(suiteName string) bool { @@ -1454,6 +1940,17 @@ func addStateMachineCoverageTests(async, splitHandshake bool, protocol protocol) }) testCases = append(testCases, testCase{ protocol: protocol, + name: "Basic-Client-Implicit" + suffix, + config: Config{ + Bugs: ProtocolBugs{ + MaxHandshakeRecordLength: maxHandshakeRecordLength, + }, + }, + flags: append(flags, "-implicit-handshake"), + resumeSession: true, + }) + testCases = append(testCases, testCase{ + protocol: protocol, testType: serverTest, name: "Basic-Server" + suffix, config: Config{ @@ -1477,6 +1974,30 @@ func addStateMachineCoverageTests(async, splitHandshake bool, protocol protocol) flags: flags, resumeSession: true, }) + testCases = append(testCases, testCase{ + protocol: protocol, + testType: serverTest, + name: "Basic-Server-Implicit" + suffix, + config: Config{ + Bugs: ProtocolBugs{ + MaxHandshakeRecordLength: maxHandshakeRecordLength, + }, + }, + flags: append(flags, "-implicit-handshake"), + resumeSession: true, + }) + testCases = append(testCases, testCase{ + protocol: protocol, + testType: serverTest, + name: "Basic-Server-EarlyCallback" + suffix, + config: Config{ + Bugs: ProtocolBugs{ + MaxHandshakeRecordLength: maxHandshakeRecordLength, + }, + }, + flags: append(flags, "-use-early-callback"), + resumeSession: true, + }) // TLS client auth. testCases = append(testCases, testCase{ @@ -1588,6 +2109,8 @@ func addStateMachineCoverageTests(async, splitHandshake bool, protocol protocol) expectedNextProtoType: npn, }) + // TODO(davidben): Add tests for when False Start doesn't trigger. + // Client does False Start and negotiates NPN. testCases = append(testCases, testCase{ protocol: protocol, @@ -1626,9 +2149,27 @@ func addStateMachineCoverageTests(async, splitHandshake bool, protocol protocol) resumeSession: true, }) + // Client does False Start but doesn't explicitly call + // SSL_connect. + testCases = append(testCases, testCase{ + protocol: protocol, + name: "FalseStart-Implicit" + suffix, + config: Config{ + CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, + NextProtos: []string{"foo"}, + Bugs: ProtocolBugs{ + MaxHandshakeRecordLength: maxHandshakeRecordLength, + }, + }, + flags: append(flags, + "-implicit-handshake", + "-false-start", + "-advertise-alpn", "\x03foo"), + }) + // False Start without session tickets. testCases = append(testCases, testCase{ - name: "FalseStart-SessionTicketsDisabled", + name: "FalseStart-SessionTicketsDisabled" + suffix, config: Config{ CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, NextProtos: []string{"foo"}, @@ -1710,17 +2251,36 @@ func addStateMachineCoverageTests(async, splitHandshake bool, protocol protocol) }, flags: flags, }) + } +} + +func addDDoSCallbackTests() { + // DDoS callback. + + for _, resume := range []bool{false, true} { + suffix := "Resume" + if resume { + suffix = "No" + suffix + } testCases = append(testCases, testCase{ - testType: serverTest, - protocol: protocol, - name: "CookieExchange" + suffix, - config: Config{ - Bugs: ProtocolBugs{ - MaxHandshakeRecordLength: maxHandshakeRecordLength, - }, - }, - flags: append(flags, "-cookie-exchange"), + testType: serverTest, + name: "Server-DDoS-OK-" + suffix, + flags: []string{"-install-ddos-callback"}, + resumeSession: resume, + }) + + failFlag := "-fail-ddos-callback" + if resume { + failFlag = "-fail-second-ddos-callback" + } + testCases = append(testCases, testCase{ + testType: serverTest, + name: "Server-DDoS-Reject-" + suffix, + flags: []string{"-install-ddos-callback", failFlag}, + resumeSession: resume, + shouldFail: true, + expectedError: ":CONNECTION_REJECTED:", }) } } @@ -1976,7 +2536,7 @@ func addExtensionTests() { }) testCases = append(testCases, testCase{ testType: clientTest, - name: "ServerNameExtensionClient", + name: "ServerNameExtensionClientMismatch", config: Config{ Bugs: ProtocolBugs{ ExpectServerName: "mismatch.com", @@ -1988,7 +2548,7 @@ func addExtensionTests() { }) testCases = append(testCases, testCase{ testType: clientTest, - name: "ServerNameExtensionClient", + name: "ServerNameExtensionClientMissing", config: Config{ Bugs: ProtocolBugs{ ExpectServerName: "missing.com", @@ -2201,27 +2761,40 @@ func addResumptionVersionTests() { suffix += "-DTLS" } - testCases = append(testCases, testCase{ - protocol: protocol, - name: "Resume-Client" + suffix, - resumeSession: true, - config: Config{ - MaxVersion: sessionVers.version, - CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA}, - Bugs: ProtocolBugs{ - AllowSessionVersionMismatch: true, + if sessionVers.version == resumeVers.version { + testCases = append(testCases, testCase{ + protocol: protocol, + name: "Resume-Client" + suffix, + resumeSession: true, + config: Config{ + MaxVersion: sessionVers.version, + CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA}, }, - }, - expectedVersion: sessionVers.version, - resumeConfig: &Config{ - MaxVersion: resumeVers.version, - CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA}, - Bugs: ProtocolBugs{ - AllowSessionVersionMismatch: true, + expectedVersion: sessionVers.version, + expectedResumeVersion: resumeVers.version, + }) + } else { + testCases = append(testCases, testCase{ + protocol: protocol, + name: "Resume-Client-Mismatch" + suffix, + resumeSession: true, + config: Config{ + MaxVersion: sessionVers.version, + CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA}, }, - }, - expectedResumeVersion: resumeVers.version, - }) + expectedVersion: sessionVers.version, + resumeConfig: &Config{ + MaxVersion: resumeVers.version, + CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA}, + Bugs: ProtocolBugs{ + AllowSessionVersionMismatch: true, + }, + }, + expectedResumeVersion: resumeVers.version, + shouldFail: true, + expectedError: ":OLD_SESSION_VERSION_NOT_RETURNED:", + }) + } testCases = append(testCases, testCase{ protocol: protocol, @@ -2265,6 +2838,22 @@ func addResumptionVersionTests() { } } } + + testCases = append(testCases, testCase{ + name: "Resume-Client-CipherMismatch", + resumeSession: true, + config: Config{ + CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256}, + }, + resumeConfig: &Config{ + CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256}, + Bugs: ProtocolBugs{ + SendCipherSuite: TLS_RSA_WITH_AES_128_CBC_SHA, + }, + }, + shouldFail: true, + expectedError: ":OLD_SESSION_CIPHER_NOT_RETURNED:", + }) } func addRenegotiationTests() { @@ -2276,6 +2865,17 @@ func addRenegotiationTests() { }) testCases = append(testCases, testCase{ testType: serverTest, + name: "Renegotiate-Server-Full", + config: Config{ + Bugs: ProtocolBugs{ + NeverResumeOnRenego: true, + }, + }, + flags: []string{"-renegotiate"}, + shimWritesFirst: true, + }) + testCases = append(testCases, testCase{ + testType: serverTest, name: "Renegotiate-Server-EmptyExt", config: Config{ Bugs: ProtocolBugs{ @@ -2328,12 +2928,43 @@ func addRenegotiationTests() { }, flags: []string{"-allow-unsafe-legacy-renegotiation"}, }) + testCases = append(testCases, testCase{ + testType: serverTest, + name: "Renegotiate-Server-ClientInitiated-Forbidden", + renegotiate: true, + flags: []string{"-reject-peer-renegotiations"}, + shouldFail: true, + expectedError: ":NO_RENEGOTIATION:", + expectedLocalError: "remote error: no renegotiation", + }) + // Regression test for CVE-2015-0291. + testCases = append(testCases, testCase{ + testType: serverTest, + name: "Renegotiate-Server-NoSignatureAlgorithms", + config: Config{ + Bugs: ProtocolBugs{ + NeverResumeOnRenego: true, + NoSignatureAlgorithmsOnRenego: true, + }, + }, + flags: []string{"-renegotiate"}, + shimWritesFirst: true, + }) // TODO(agl): test the renegotiation info SCSV. testCases = append(testCases, testCase{ name: "Renegotiate-Client", renegotiate: true, }) testCases = append(testCases, testCase{ + name: "Renegotiate-Client-Full", + config: Config{ + Bugs: ProtocolBugs{ + NeverResumeOnRenego: true, + }, + }, + renegotiate: true, + }) + testCases = append(testCases, testCase{ name: "Renegotiate-Client-EmptyExt", renegotiate: true, config: Config{ @@ -2372,6 +3003,14 @@ func addRenegotiationTests() { renegotiateCiphers: []uint16{TLS_RSA_WITH_RC4_128_SHA}, }) testCases = append(testCases, testCase{ + name: "Renegotiate-Client-Forbidden", + renegotiate: true, + flags: []string{"-reject-peer-renegotiations"}, + shouldFail: true, + expectedError: ":NO_RENEGOTIATION:", + expectedLocalError: "remote error: no renegotiation", + }) + testCases = append(testCases, testCase{ name: "Renegotiate-SameClientVersion", renegotiate: true, config: Config{ @@ -2418,7 +3057,7 @@ func addFastRadioPaddingTests() { }) testCases = append(testCases, testCase{ protocol: dtls, - name: "FastRadio-Padding", + name: "FastRadio-Padding-DTLS", config: Config{ Bugs: ProtocolBugs{ RequireFastradioPadding: true, @@ -2534,6 +3173,196 @@ func addSigningHashTests() { }, }, }) + + // Test that hash preferences are enforced. BoringSSL defaults to + // rejecting MD5 signatures. + testCases = append(testCases, testCase{ + testType: serverTest, + name: "SigningHash-ClientAuth-Enforced", + config: Config{ + Certificates: []Certificate{rsaCertificate}, + SignatureAndHashes: []signatureAndHash{ + {signatureRSA, hashMD5}, + // Advertise SHA-1 so the handshake will + // proceed, but the shim's preferences will be + // ignored in CertificateVerify generation, so + // MD5 will be chosen. + {signatureRSA, hashSHA1}, + }, + Bugs: ProtocolBugs{ + IgnorePeerSignatureAlgorithmPreferences: true, + }, + }, + flags: []string{"-require-any-client-certificate"}, + shouldFail: true, + expectedError: ":WRONG_SIGNATURE_TYPE:", + }) + + testCases = append(testCases, testCase{ + name: "SigningHash-ServerKeyExchange-Enforced", + config: Config{ + CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, + SignatureAndHashes: []signatureAndHash{ + {signatureRSA, hashMD5}, + }, + Bugs: ProtocolBugs{ + IgnorePeerSignatureAlgorithmPreferences: true, + }, + }, + shouldFail: true, + expectedError: ":WRONG_SIGNATURE_TYPE:", + }) +} + +// timeouts is the retransmit schedule for BoringSSL. It doubles and +// caps at 60 seconds. On the 13th timeout, it gives up. +var timeouts = []time.Duration{ + 1 * time.Second, + 2 * time.Second, + 4 * time.Second, + 8 * time.Second, + 16 * time.Second, + 32 * time.Second, + 60 * time.Second, + 60 * time.Second, + 60 * time.Second, + 60 * time.Second, + 60 * time.Second, + 60 * time.Second, + 60 * time.Second, +} + +func addDTLSRetransmitTests() { + // Test that this is indeed the timeout schedule. Stress all + // four patterns of handshake. + for i := 1; i < len(timeouts); i++ { + number := strconv.Itoa(i) + testCases = append(testCases, testCase{ + protocol: dtls, + name: "DTLS-Retransmit-Client-" + number, + config: Config{ + Bugs: ProtocolBugs{ + TimeoutSchedule: timeouts[:i], + }, + }, + resumeSession: true, + flags: []string{"-async"}, + }) + testCases = append(testCases, testCase{ + protocol: dtls, + testType: serverTest, + name: "DTLS-Retransmit-Server-" + number, + config: Config{ + Bugs: ProtocolBugs{ + TimeoutSchedule: timeouts[:i], + }, + }, + resumeSession: true, + flags: []string{"-async"}, + }) + } + + // Test that exceeding the timeout schedule hits a read + // timeout. + testCases = append(testCases, testCase{ + protocol: dtls, + name: "DTLS-Retransmit-Timeout", + config: Config{ + Bugs: ProtocolBugs{ + TimeoutSchedule: timeouts, + }, + }, + resumeSession: true, + flags: []string{"-async"}, + shouldFail: true, + expectedError: ":READ_TIMEOUT_EXPIRED:", + }) + + // Test that timeout handling has a fudge factor, due to API + // problems. + testCases = append(testCases, testCase{ + protocol: dtls, + name: "DTLS-Retransmit-Fudge", + config: Config{ + Bugs: ProtocolBugs{ + TimeoutSchedule: []time.Duration{ + timeouts[0] - 10*time.Millisecond, + }, + }, + }, + resumeSession: true, + flags: []string{"-async"}, + }) + + // Test that the final Finished retransmitting isn't + // duplicated if the peer badly fragments everything. + testCases = append(testCases, testCase{ + testType: serverTest, + protocol: dtls, + name: "DTLS-Retransmit-Fragmented", + config: Config{ + Bugs: ProtocolBugs{ + TimeoutSchedule: []time.Duration{timeouts[0]}, + MaxHandshakeRecordLength: 2, + }, + }, + flags: []string{"-async"}, + }) +} + +func addExportKeyingMaterialTests() { + for _, vers := range tlsVersions { + if vers.version == VersionSSL30 { + continue + } + testCases = append(testCases, testCase{ + name: "ExportKeyingMaterial-" + vers.name, + config: Config{ + MaxVersion: vers.version, + }, + exportKeyingMaterial: 1024, + exportLabel: "label", + exportContext: "context", + useExportContext: true, + }) + testCases = append(testCases, testCase{ + name: "ExportKeyingMaterial-NoContext-" + vers.name, + config: Config{ + MaxVersion: vers.version, + }, + exportKeyingMaterial: 1024, + }) + testCases = append(testCases, testCase{ + name: "ExportKeyingMaterial-EmptyContext-" + vers.name, + config: Config{ + MaxVersion: vers.version, + }, + exportKeyingMaterial: 1024, + useExportContext: true, + }) + testCases = append(testCases, testCase{ + name: "ExportKeyingMaterial-Small-" + vers.name, + config: Config{ + MaxVersion: vers.version, + }, + exportKeyingMaterial: 1, + exportLabel: "label", + exportContext: "context", + useExportContext: true, + }) + } + testCases = append(testCases, testCase{ + name: "ExportKeyingMaterial-SSL3", + config: Config{ + MaxVersion: VersionSSL30, + }, + exportKeyingMaterial: 1024, + exportLabel: "label", + exportContext: "context", + useExportContext: true, + shouldFail: true, + expectedError: "failed to export keying material", + }) } func worker(statusChan chan statusMsg, c chan *testCase, buildDir string, wg *sync.WaitGroup) { @@ -2566,27 +3395,47 @@ type statusMsg struct { err error } -func statusPrinter(doneChan chan struct{}, statusChan chan statusMsg, total int) { +func statusPrinter(doneChan chan *testOutput, statusChan chan statusMsg, total int) { var started, done, failed, lineLen int - defer close(doneChan) + testOutput := newTestOutput() for msg := range statusChan { + if !*pipe { + // Erase the previous status line. + var erase string + for i := 0; i < lineLen; i++ { + erase += "\b \b" + } + fmt.Print(erase) + } + if msg.started { started++ } else { done++ - } - fmt.Printf("\x1b[%dD\x1b[K", lineLen) + if msg.err != nil { + fmt.Printf("FAILED (%s)\n%s\n", msg.test.name, msg.err) + failed++ + testOutput.addResult(msg.test.name, "FAIL") + } else { + if *pipe { + // Print each test instead of a status line. + fmt.Printf("PASSED (%s)\n", msg.test.name) + } + testOutput.addResult(msg.test.name, "PASS") + } + } - if msg.err != nil { - fmt.Printf("FAILED (%s)\n%s\n", msg.test.name, msg.err) - failed++ + if !*pipe { + // Print a new status line. + line := fmt.Sprintf("%d/%d/%d/%d", failed, done, started, total) + lineLen = len(line) + os.Stdout.WriteString(line) } - line := fmt.Sprintf("%d/%d/%d/%d", failed, done, started, total) - lineLen = len(line) - os.Stdout.WriteString(line) } + + doneChan <- testOutput } func main() { @@ -2601,6 +3450,7 @@ func main() { addCBCPaddingTests() addCBCSplittingTests() addClientAuthTests() + addDDoSCallbackTests() addVersionNegotiationTests() addMinimumVersionTests() addD5BugTests() @@ -2611,6 +3461,8 @@ func main() { addDTLSReplayTests() addSigningHashTests() addFastRadioPaddingTests() + addDTLSRetransmitTests() + addExportKeyingMaterialTests() for _, async := range []bool{false, true} { for _, splitHandshake := range []bool{false, true} { for _, protocol := range []protocol{tls, dtls} { @@ -2625,7 +3477,7 @@ func main() { statusChan := make(chan statusMsg, numWorkers) testChan := make(chan *testCase, numWorkers) - doneChan := make(chan struct{}) + doneChan := make(chan *testOutput) go statusPrinter(doneChan, statusChan, len(testCases)) @@ -2643,7 +3495,17 @@ func main() { close(testChan) wg.Wait() close(statusChan) - <-doneChan + testOutput := <-doneChan fmt.Printf("\n") + + if *jsonOutput != "" { + if err := testOutput.writeTo(*jsonOutput); err != nil { + fmt.Fprintf(os.Stderr, "Error: %s\n", err) + } + } + + if !testOutput.allPassed { + os.Exit(1) + } } diff --git a/src/ssl/test/runner/test_output.go b/src/ssl/test/runner/test_output.go new file mode 100644 index 0000000..bcb7a93 --- /dev/null +++ b/src/ssl/test/runner/test_output.go @@ -0,0 +1,79 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +package main + +import ( + "encoding/json" + "os" + "time" +) + +// testOutput is a representation of Chromium's JSON test result format. See +// https://www.chromium.org/developers/the-json-test-results-format +type testOutput struct { + Version int `json:"version"` + Interrupted bool `json:"interrupted"` + PathDelimiter string `json:"path_delimiter"` + SecondsSinceEpoch float64 `json:"seconds_since_epoch"` + NumFailuresByType map[string]int `json:"num_failures_by_type"` + Tests map[string]testResult `json:"tests"` + allPassed bool +} + +type testResult struct { + Actual string `json:"actual"` + Expected string `json:"expected"` + IsUnexpected bool `json:"is_unexpected"` +} + +func newTestOutput() *testOutput { + return &testOutput{ + Version: 3, + PathDelimiter: ".", + SecondsSinceEpoch: float64(time.Now().UnixNano()) / float64(time.Second/time.Nanosecond), + NumFailuresByType: make(map[string]int), + Tests: make(map[string]testResult), + allPassed: true, + } +} + +func (t *testOutput) addResult(name, result string) { + if _, found := t.Tests[name]; found { + panic(name) + } + t.Tests[name] = testResult{ + Actual: result, + Expected: "PASS", + IsUnexpected: result != "PASS", + } + t.NumFailuresByType[result]++ + if result != "PASS" { + t.allPassed = false + } +} + +func (t *testOutput) writeTo(name string) error { + file, err := os.Create(name) + if err != nil { + return err + } + defer file.Close() + out, err := json.MarshalIndent(t, "", " ") + if err != nil { + return err + } + _, err = file.Write(out) + return err +} diff --git a/src/ssl/test/scoped_types.h b/src/ssl/test/scoped_types.h new file mode 100644 index 0000000..7e92cee --- /dev/null +++ b/src/ssl/test/scoped_types.h @@ -0,0 +1,28 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#ifndef OPENSSL_HEADER_SSL_TEST_SCOPED_TYPES_H +#define OPENSSL_HEADER_SSL_TEST_SCOPED_TYPES_H + +#include + +#include "../../crypto/test/scoped_types.h" + + +using ScopedSSL = ScopedOpenSSLType; +using ScopedSSL_CTX = ScopedOpenSSLType; +using ScopedSSL_SESSION = ScopedOpenSSLType; + + +#endif // OPENSSL_HEADER_SSL_TEST_SCOPED_TYPES_H diff --git a/src/ssl/test/test_config.cc b/src/ssl/test/test_config.cc index c032d96..25906f7 100644 --- a/src/ssl/test/test_config.cc +++ b/src/ssl/test/test_config.cc @@ -60,7 +60,6 @@ const Flag kBoolFlags[] = { { "-no-tls11", &TestConfig::no_tls11 }, { "-no-tls1", &TestConfig::no_tls1 }, { "-no-ssl3", &TestConfig::no_ssl3 }, - { "-cookie-exchange", &TestConfig::cookie_exchange }, { "-shim-writes-first", &TestConfig::shim_writes_first }, { "-tls-d5-bug", &TestConfig::tls_d5_bug }, { "-expect-session-miss", &TestConfig::expect_session_miss }, @@ -73,6 +72,15 @@ const Flag kBoolFlags[] = { { "-enable-signed-cert-timestamps", &TestConfig::enable_signed_cert_timestamps }, { "-fastradio-padding", &TestConfig::fastradio_padding }, + { "-implicit-handshake", &TestConfig::implicit_handshake }, + { "-use-early-callback", &TestConfig::use_early_callback }, + { "-fail-early-callback", &TestConfig::fail_early_callback }, + { "-install-ddos-callback", &TestConfig::install_ddos_callback }, + { "-fail-ddos-callback", &TestConfig::fail_ddos_callback }, + { "-fail-second-ddos-callback", &TestConfig::fail_second_ddos_callback }, + { "-handshake-never-done", &TestConfig::handshake_never_done }, + { "-use-export-context", &TestConfig::use_export_context }, + { "-reject-peer-renegotiations", &TestConfig::reject_peer_renegotiations }, }; const Flag kStringFlags[] = { @@ -91,6 +99,9 @@ const Flag kStringFlags[] = { { "-psk", &TestConfig::psk }, { "-psk-identity", &TestConfig::psk_identity }, { "-srtp-profiles", &TestConfig::srtp_profiles }, + { "-cipher", &TestConfig::cipher }, + { "-export-label", &TestConfig::export_label }, + { "-export-context", &TestConfig::export_context }, }; const Flag kBase64Flags[] = { @@ -102,43 +113,15 @@ const Flag kBase64Flags[] = { }; const Flag kIntFlags[] = { + { "-port", &TestConfig::port }, { "-min-version", &TestConfig::min_version }, { "-max-version", &TestConfig::max_version }, { "-mtu", &TestConfig::mtu }, + { "-export-keying-material", &TestConfig::export_keying_material }, }; } // namespace -TestConfig::TestConfig() - : is_server(false), - is_dtls(false), - resume(false), - fallback_scsv(false), - require_any_client_certificate(false), - false_start(false), - async(false), - write_different_record_sizes(false), - cbc_record_splitting(false), - partial_write(false), - no_tls12(false), - no_tls11(false), - no_tls1(false), - no_ssl3(false), - cookie_exchange(false), - shim_writes_first(false), - tls_d5_bug(false), - expect_session_miss(false), - expect_extended_master_secret(false), - renegotiate(false), - allow_unsafe_legacy_renegotiation(false), - enable_ocsp_stapling(false), - enable_signed_cert_timestamps(false), - fastradio_padding(false), - min_version(0), - max_version(0), - mtu(0) { -} - bool ParseConfig(int argc, char **argv, TestConfig *out_config) { for (int i = 0; i < argc; i++) { bool *bool_field = FindField(out_config, kBoolFlags, argv[i]); diff --git a/src/ssl/test/test_config.h b/src/ssl/test/test_config.h index ba54227..f107a0f 100644 --- a/src/ssl/test/test_config.h +++ b/src/ssl/test/test_config.h @@ -19,54 +19,65 @@ struct TestConfig { - TestConfig(); - - bool is_server; - bool is_dtls; - bool resume; - bool fallback_scsv; + int port = 0; + bool is_server = false; + bool is_dtls = false; + bool resume = false; + bool fallback_scsv = false; std::string key_file; std::string cert_file; std::string expected_server_name; std::string expected_certificate_types; - bool require_any_client_certificate; + bool require_any_client_certificate = false; std::string advertise_npn; std::string expected_next_proto; - bool false_start; + bool false_start = false; std::string select_next_proto; - bool async; - bool write_different_record_sizes; - bool cbc_record_splitting; - bool partial_write; - bool no_tls12; - bool no_tls11; - bool no_tls1; - bool no_ssl3; - bool cookie_exchange; + bool async = false; + bool write_different_record_sizes = false; + bool cbc_record_splitting = false; + bool partial_write = false; + bool no_tls12 = false; + bool no_tls11 = false; + bool no_tls1 = false; + bool no_ssl3 = false; std::string expected_channel_id; std::string send_channel_id; - bool shim_writes_first; - bool tls_d5_bug; + bool shim_writes_first = false; + bool tls_d5_bug = false; std::string host_name; std::string advertise_alpn; std::string expected_alpn; std::string expected_advertised_alpn; std::string select_alpn; - bool expect_session_miss; - bool expect_extended_master_secret; + bool expect_session_miss = false; + bool expect_extended_master_secret = false; std::string psk; std::string psk_identity; - bool renegotiate; - bool allow_unsafe_legacy_renegotiation; + bool renegotiate = false; + bool allow_unsafe_legacy_renegotiation = false; std::string srtp_profiles; - bool enable_ocsp_stapling; + bool enable_ocsp_stapling = false; std::string expected_ocsp_response; - bool enable_signed_cert_timestamps; + bool enable_signed_cert_timestamps = false; std::string expected_signed_cert_timestamps; - bool fastradio_padding; - int min_version; - int max_version; - int mtu; + bool fastradio_padding = false; + int min_version = 0; + int max_version = 0; + int mtu = 0; + bool implicit_handshake = false; + bool use_early_callback = false; + bool fail_early_callback = false; + bool install_ddos_callback = false; + bool fail_ddos_callback = false; + bool fail_second_ddos_callback = false; + std::string cipher; + bool handshake_never_done = false; + int export_keying_material = 0; + std::string export_label; + std::string export_context; + bool use_export_context = false; + bool reject_peer_renegotiations = false; }; bool ParseConfig(int argc, char **argv, TestConfig *out_config); diff --git a/src/tool/CMakeLists.txt b/src/tool/CMakeLists.txt index d542f26..4bb6ca2 100644 --- a/src/tool/CMakeLists.txt +++ b/src/tool/CMakeLists.txt @@ -8,14 +8,11 @@ add_executable( const.cc digest.cc pkcs12.cc + rand.cc server.cc speed.cc tool.cc transport_common.cc ) -if (APPLE OR WIN32) - target_link_libraries(bssl ssl crypto) -else() - target_link_libraries(bssl ssl crypto -lrt) -endif() +target_link_libraries(bssl ssl crypto) diff --git a/src/tool/args.cc b/src/tool/args.cc index 52856d4..a164476 100644 --- a/src/tool/args.cc +++ b/src/tool/args.cc @@ -41,22 +41,26 @@ bool ParseKeyValueArguments(std::map *out_args, return false; } - if (i + 1 >= args.size()) { - fprintf(stderr, "Missing argument for option: %s\n", arg.c_str()); - return false; - } - if (out_args->find(arg) != out_args->end()) { - fprintf(stderr, "Duplicate value given for: %s\n", arg.c_str()); + fprintf(stderr, "Duplicate argument: %s\n", arg.c_str()); return false; } - (*out_args)[arg] = args[++i]; + if (templ->type == kBooleanArgument) { + (*out_args)[arg] = ""; + } else { + if (i + 1 >= args.size()) { + fprintf(stderr, "Missing argument for option: %s\n", arg.c_str()); + return false; + } + (*out_args)[arg] = args[++i]; + } } for (size_t j = 0; templates[j].name[0] != 0; j++) { const struct argument *templ = &templates[j]; - if (templ->required && out_args->find(templ->name) == out_args->end()) { + if (templ->type == kRequiredArgument && + out_args->find(templ->name) == out_args->end()) { fprintf(stderr, "Missing value for required argument: %s\n", templ->name); return false; } diff --git a/src/tool/client.cc b/src/tool/client.cc index 59c5fe3..1de0df2 100644 --- a/src/tool/client.cc +++ b/src/tool/client.cc @@ -14,34 +14,101 @@ #include -#include -#include - -#include -#include -#include - #include +#include #include +#include "../crypto/test/scoped_types.h" +#include "../ssl/test/scoped_types.h" #include "internal.h" #include "transport_common.h" static const struct argument kArguments[] = { { - "-connect", true, + "-connect", kRequiredArgument, "The hostname and port of the server to connect to, e.g. foo.com:443", }, { - "-cipher", false, + "-cipher", kOptionalArgument, "An OpenSSL-style cipher suite string that configures the offered ciphers", }, { - "", false, "", + "-max-version", kOptionalArgument, + "The maximum acceptable protocol version", + }, + { + "-min-version", kOptionalArgument, + "The minimum acceptable protocol version", + }, + { + "-server-name", kOptionalArgument, + "The server name to advertise", + }, + { + "-select-next-proto", kOptionalArgument, + "An NPN protocol to select if the server supports NPN", + }, + { + "-alpn-protos", kOptionalArgument, + "A comma-separated list of ALPN protocols to advertise", + }, + { + "-fallback-scsv", kBooleanArgument, + "Enable FALLBACK_SCSV", + }, + { + "-ocsp-stapling", kBooleanArgument, + "Advertise support for OCSP stabling", + }, + { + "-signed-certificate-timestamps", kBooleanArgument, + "Advertise support for signed certificate timestamps", + }, + { + "-channel-id-key", kOptionalArgument, + "The key to use for signing a channel ID", + }, + { + "", kOptionalArgument, "", }, }; +static ScopedEVP_PKEY LoadPrivateKey(const std::string &file) { + ScopedBIO bio(BIO_new(BIO_s_file())); + if (!bio || !BIO_read_filename(bio.get(), file.c_str())) { + return nullptr; + } + ScopedEVP_PKEY pkey(PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, + nullptr)); + return pkey; +} + +static bool VersionFromString(uint16_t *out_version, + const std::string& version) { + if (version == "ssl3") { + *out_version = SSL3_VERSION; + return true; + } else if (version == "tls1" || version == "tls1.0") { + *out_version = TLS1_VERSION; + return true; + } else if (version == "tls1.1") { + *out_version = TLS1_1_VERSION; + return true; + } else if (version == "tls1.2") { + *out_version = TLS1_2_VERSION; + return true; + } + return false; +} + +static int NextProtoSelectCallback(SSL* ssl, uint8_t** out, uint8_t* outlen, + const uint8_t* in, unsigned inlen, void* arg) { + *out = reinterpret_cast(arg); + *outlen = strlen(reinterpret_cast(arg)); + return SSL_TLSEXT_ERR_OK; +} + bool Client(const std::vector &args) { if (!InitSocketLibrary()) { return false; @@ -54,7 +121,7 @@ bool Client(const std::vector &args) { return false; } - SSL_CTX *ctx = SSL_CTX_new(SSLv23_client_method()); + ScopedSSL_CTX ctx(SSL_CTX_new(SSLv23_client_method())); const char *keylog_file = getenv("SSLKEYLOGFILE"); if (keylog_file) { @@ -63,38 +130,117 @@ bool Client(const std::vector &args) { ERR_print_errors_cb(PrintErrorCallback, stderr); return false; } - SSL_CTX_set_keylog_bio(ctx, keylog_bio); + SSL_CTX_set_keylog_bio(ctx.get(), keylog_bio); } if (args_map.count("-cipher") != 0 && - !SSL_CTX_set_cipher_list(ctx, args_map["-cipher"].c_str())) { + !SSL_CTX_set_cipher_list(ctx.get(), args_map["-cipher"].c_str())) { fprintf(stderr, "Failed setting cipher list\n"); return false; } + if (args_map.count("-max-version") != 0) { + uint16_t version; + if (!VersionFromString(&version, args_map["-max-version"])) { + fprintf(stderr, "Unknown protocol version: '%s'\n", + args_map["-max-version"].c_str()); + return false; + } + SSL_CTX_set_max_version(ctx.get(), version); + } + + if (args_map.count("-min-version") != 0) { + uint16_t version; + if (!VersionFromString(&version, args_map["-min-version"])) { + fprintf(stderr, "Unknown protocol version: '%s'\n", + args_map["-min-version"].c_str()); + return false; + } + SSL_CTX_set_min_version(ctx.get(), version); + } + + if (args_map.count("-select-next-proto") != 0) { + const std::string &proto = args_map["-select-next-proto"]; + if (proto.size() > 255) { + fprintf(stderr, "Bad NPN protocol: '%s'\n", proto.c_str()); + return false; + } + // |SSL_CTX_set_next_proto_select_cb| is not const-correct. + SSL_CTX_set_next_proto_select_cb(ctx.get(), NextProtoSelectCallback, + const_cast(proto.c_str())); + } + + if (args_map.count("-alpn-protos") != 0) { + const std::string &alpn_protos = args_map["-alpn-protos"]; + std::vector wire; + size_t i = 0; + while (i <= alpn_protos.size()) { + size_t j = alpn_protos.find(',', i); + if (j == std::string::npos) { + j = alpn_protos.size(); + } + size_t len = j - i; + if (len > 255) { + fprintf(stderr, "Invalid ALPN protocols: '%s'\n", alpn_protos.c_str()); + return false; + } + wire.push_back(static_cast(len)); + wire.resize(wire.size() + len); + memcpy(wire.data() + wire.size() - len, alpn_protos.data() + i, len); + i = j + 1; + } + if (SSL_CTX_set_alpn_protos(ctx.get(), wire.data(), wire.size()) != 0) { + return false; + } + } + + if (args_map.count("-fallback-scsv") != 0) { + SSL_CTX_set_mode(ctx.get(), SSL_MODE_SEND_FALLBACK_SCSV); + } + + if (args_map.count("-ocsp-stapling") != 0) { + SSL_CTX_enable_ocsp_stapling(ctx.get()); + } + + if (args_map.count("-signed-certificate-timestamps") != 0) { + SSL_CTX_enable_signed_cert_timestamps(ctx.get()); + } + + if (args_map.count("-channel-id-key") != 0) { + ScopedEVP_PKEY pkey = LoadPrivateKey(args_map["-channel-id-key"]); + if (!pkey || !SSL_CTX_set1_tls_channel_id(ctx.get(), pkey.get())) { + return false; + } + ctx->tlsext_channel_id_enabled_new = 1; + } + int sock = -1; if (!Connect(&sock, args_map["-connect"])) { return false; } - BIO *bio = BIO_new_socket(sock, BIO_CLOSE); - SSL *ssl = SSL_new(ctx); - SSL_set_bio(ssl, bio, bio); + ScopedBIO bio(BIO_new_socket(sock, BIO_CLOSE)); + ScopedSSL ssl(SSL_new(ctx.get())); + + if (args_map.count("-server-name") != 0) { + SSL_set_tlsext_host_name(ssl.get(), args_map["-server-name"].c_str()); + } + + SSL_set_bio(ssl.get(), bio.get(), bio.get()); + bio.release(); - int ret = SSL_connect(ssl); + int ret = SSL_connect(ssl.get()); if (ret != 1) { - int ssl_err = SSL_get_error(ssl, ret); + int ssl_err = SSL_get_error(ssl.get(), ret); fprintf(stderr, "Error while connecting: %d\n", ssl_err); ERR_print_errors_cb(PrintErrorCallback, stderr); return false; } fprintf(stderr, "Connected.\n"); - PrintConnectionInfo(ssl); + PrintConnectionInfo(ssl.get()); - bool ok = TransferData(ssl, sock); + bool ok = TransferData(ssl.get(), sock); - SSL_free(ssl); - SSL_CTX_free(ctx); return ok; } diff --git a/src/tool/const.cc b/src/tool/const.cc index 219fd3c..5222667 100644 --- a/src/tool/const.cc +++ b/src/tool/const.cc @@ -12,8 +12,8 @@ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include #include -#include extern "C" { diff --git a/src/tool/digest.cc b/src/tool/digest.cc index f95f412..7cd8827 100644 --- a/src/tool/digest.cc +++ b/src/tool/digest.cc @@ -21,18 +21,16 @@ #include #include #include -#include -#include #include #include #if !defined(OPENSSL_WINDOWS) +#include #include #if !defined(O_BINARY) #define O_BINARY 0 #endif #else -#define NOMINMAX #pragma warning(push, 3) #include #pragma warning(pop) @@ -89,29 +87,25 @@ static bool OpenFile(int *out_fd, const std::string &filename) { strerror(errno)); return false; } + std::unique_ptr scoped_fd(&fd); #if !defined(OPENSSL_WINDOWS) struct stat st; if (fstat(fd, &st)) { fprintf(stderr, "Failed to stat input file '%s': %s\n", filename.c_str(), strerror(errno)); - goto err; + return false; } if (!S_ISREG(st.st_mode)) { fprintf(stderr, "%s: not a regular file\n", filename.c_str()); - goto err; + return false; } #endif *out_fd = fd; + scoped_fd.release(); return true; - -#if !defined(OPENSSL_WINDOWS) -err: - close(fd); - return false; -#endif } // SumFile hashes the contents of |source| with |md| and sets |*out_hex| to the diff --git a/src/tool/internal.h b/src/tool/internal.h index bc87c51..277d099 100644 --- a/src/tool/internal.h +++ b/src/tool/internal.h @@ -32,9 +32,15 @@ #pragma warning(pop) #endif +enum ArgumentType { + kRequiredArgument, + kOptionalArgument, + kBooleanArgument, +}; + struct argument { - const char name[15]; - bool required; + const char *name; + ArgumentType type; const char *description; }; diff --git a/src/tool/pkcs12.cc b/src/tool/pkcs12.cc index e0133e5..c191531 100644 --- a/src/tool/pkcs12.cc +++ b/src/tool/pkcs12.cc @@ -31,6 +31,7 @@ #endif #include +#include #include #include #include @@ -46,10 +47,11 @@ typedef ssize_t read_result_t; static const struct argument kArguments[] = { { - "-dump", false, "Dump the key and contents of the given file to stdout", + "-dump", kOptionalArgument, + "Dump the key and contents of the given file to stdout", }, { - "", false, "", + "", kOptionalArgument, "", }, }; @@ -122,7 +124,7 @@ bool DoPKCS12(const std::vector &args) { if (!PKCS12_get_key_and_certs(&key, certs, &pkcs12, password)) { fprintf(stderr, "Failed to parse PKCS#12 data:\n"); - BIO_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); return false; } diff --git a/src/tool/rand.cc b/src/tool/rand.cc new file mode 100644 index 0000000..10078e2 --- /dev/null +++ b/src/tool/rand.cc @@ -0,0 +1,95 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include +#include + +#include +#include + +#include + +#include "internal.h" + + +static const struct argument kArguments[] = { + { + "-hex", kBooleanArgument, + "Hex encoded output." + }, + { + "", kOptionalArgument, "", + }, +}; + +bool Rand(const std::vector &args) { + bool forever = true, hex = false; + size_t len = 0; + + if (!args.empty()) { + std::vector args_copy(args); + const std::string &last_arg = args.back(); + + if (last_arg.size() > 0 && last_arg[0] != '-') { + char *endptr; + unsigned long long num = strtoull(last_arg.c_str(), &endptr, 10); + if (*endptr == 0) { + len = num; + forever = false; + args_copy.pop_back(); + } + } + + std::map args_map; + if (!ParseKeyValueArguments(&args_map, args_copy, kArguments)) { + PrintUsage(kArguments); + return false; + } + + hex = args_map.count("-hex") > 0; + } + + uint8_t buf[4096]; + uint8_t hex_buf[8192]; + + size_t done = 0; + while (forever || done < len) { + size_t todo = sizeof(buf); + if (!forever && todo > len - done) { + todo = len - done; + } + RAND_bytes(buf, todo); + if (hex) { + static const char hextable[] = "0123456789abdef"; + for (unsigned i = 0; i < todo; i++) { + hex_buf[i*2] = hextable[buf[i] >> 4]; + hex_buf[i*2 + 1] = hextable[buf[i] & 0xf]; + } + if (fwrite(hex_buf, todo*2, 1, stdout) != 1) { + return false; + } + } else { + if (fwrite(buf, todo, 1, stdout) != 1) { + return false; + } + } + done += todo; + } + + if (hex && fwrite("\n", 1, 1, stdout) != 1) { + return false; + } + + return true; +} diff --git a/src/tool/server.cc b/src/tool/server.cc index 120e450..164d6a5 100644 --- a/src/tool/server.cc +++ b/src/tool/server.cc @@ -14,13 +14,6 @@ #include -#include -#include - -#include -#include -#include - #include #include @@ -30,19 +23,19 @@ static const struct argument kArguments[] = { { - "-accept", true, + "-accept", kRequiredArgument, "The port of the server to bind on; eg 45102", }, { - "-cipher", false, + "-cipher", kOptionalArgument, "An OpenSSL-style cipher suite string that configures the offered ciphers", }, { - "-key", false, + "-key", kOptionalArgument, "Private-key file to use (default is server.pem)", }, { - "", false, "", + "", kOptionalArgument, "", }, }; diff --git a/src/tool/speed.cc b/src/tool/speed.cc index 3c2a0f1..ab17c2f 100644 --- a/src/tool/speed.cc +++ b/src/tool/speed.cc @@ -19,12 +19,12 @@ #include #include -#include #include -#include #include +#include #include +#include #include #if defined(OPENSSL_WINDOWS) @@ -35,6 +35,8 @@ #include #endif +#include "../crypto/test/scoped_types.h" + extern "C" { // These values are DER encoded, RSA private keys. @@ -93,7 +95,7 @@ static uint64_t time_now() { static bool TimeFunction(TimeResults *results, std::function func) { // kTotalMS is the total amount of time that we'll aim to measure a function // for. - static const uint64_t kTotalUS = 3000000; + static const uint64_t kTotalUS = 1000000; uint64_t start = time_now(), now, delta; unsigned done = 0, iterations_between_time_checks; @@ -134,20 +136,24 @@ static bool TimeFunction(TimeResults *results, std::function func) { return true; } -static bool SpeedRSA(const std::string& key_name, RSA *key) { - TimeResults results; +static bool SpeedRSA(const std::string &key_name, RSA *key, + const std::string &selected) { + if (!selected.empty() && key_name.find(selected) == std::string::npos) { + return true; + } std::unique_ptr sig(new uint8_t[RSA_size(key)]); const uint8_t fake_sha256_hash[32] = {0}; unsigned sig_len; + TimeResults results; if (!TimeFunction(&results, [key, &sig, &fake_sha256_hash, &sig_len]() -> bool { return RSA_sign(NID_sha256, fake_sha256_hash, sizeof(fake_sha256_hash), sig.get(), &sig_len, key); })) { fprintf(stderr, "RSA_sign failed.\n"); - BIO_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); return false; } results.Print(key_name + " signing"); @@ -158,7 +164,7 @@ static bool SpeedRSA(const std::string& key_name, RSA *key) { sizeof(fake_sha256_hash), sig.get(), sig_len, key); })) { fprintf(stderr, "RSA_verify failed.\n"); - BIO_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); return false; } results.Print(key_name + " verify"); @@ -166,16 +172,10 @@ static bool SpeedRSA(const std::string& key_name, RSA *key) { return true; } -template -struct free_functor { - void operator()(T* ptr) { - free(ptr); - } -}; - static uint8_t *align(uint8_t *in, unsigned alignment) { return reinterpret_cast( - (reinterpret_cast(in) + alignment) & ~(alignment - 1)); + (reinterpret_cast(in) + alignment) & + ~static_cast(alignment - 1)); } static bool SpeedAEADChunk(const EVP_AEAD *aead, const std::string &name, @@ -191,10 +191,8 @@ static bool SpeedAEADChunk(const EVP_AEAD *aead, const std::string &name, memset(key.get(), 0, key_len); std::unique_ptr nonce(new uint8_t[nonce_len]); memset(nonce.get(), 0, nonce_len); - std::unique_ptr> in_storage( - new uint8_t[chunk_len + kAlignment]); - std::unique_ptr> out_storage( - new uint8_t[chunk_len + overhead_len + kAlignment]); + std::unique_ptr in_storage(new uint8_t[chunk_len + kAlignment]); + std::unique_ptr out_storage(new uint8_t[chunk_len + overhead_len + kAlignment]); std::unique_ptr ad(new uint8_t[ad_len]); memset(ad.get(), 0, ad_len); @@ -203,10 +201,11 @@ static bool SpeedAEADChunk(const EVP_AEAD *aead, const std::string &name, uint8_t *const out = align(out_storage.get(), kAlignment); memset(out, 0, chunk_len + overhead_len); - if (!EVP_AEAD_CTX_init(&ctx, aead, key.get(), key_len, - EVP_AEAD_DEFAULT_TAG_LENGTH, NULL)) { + if (!EVP_AEAD_CTX_init_with_direction(&ctx, aead, key.get(), key_len, + EVP_AEAD_DEFAULT_TAG_LENGTH, + evp_aead_seal)) { fprintf(stderr, "Failed to create EVP_AEAD_CTX.\n"); - BIO_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); return false; } @@ -220,7 +219,7 @@ static bool SpeedAEADChunk(const EVP_AEAD *aead, const std::string &name, nonce_len, in, chunk_len, ad.get(), ad_len); })) { fprintf(stderr, "EVP_AEAD_CTX_seal failed.\n"); - BIO_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); return false; } @@ -232,7 +231,11 @@ static bool SpeedAEADChunk(const EVP_AEAD *aead, const std::string &name, } static bool SpeedAEAD(const EVP_AEAD *aead, const std::string &name, - size_t ad_len) { + size_t ad_len, const std::string &selected) { + if (!selected.empty() && name.find(selected) == std::string::npos) { + return true; + } + return SpeedAEADChunk(aead, name + " (16 bytes)", 16, ad_len) && SpeedAEADChunk(aead, name + " (1350 bytes)", 1350, ad_len) && SpeedAEADChunk(aead, name + " (8192 bytes)", 8192, ad_len); @@ -257,7 +260,7 @@ static bool SpeedHashChunk(const EVP_MD *md, const std::string &name, EVP_DigestFinal_ex(ctx, digest, &md_len); })) { fprintf(stderr, "EVP_DigestInit_ex failed.\n"); - BIO_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); return false; } @@ -267,24 +270,159 @@ static bool SpeedHashChunk(const EVP_MD *md, const std::string &name, return true; } -static bool SpeedHash(const EVP_MD *md, const std::string &name) { +static bool SpeedHash(const EVP_MD *md, const std::string &name, + const std::string &selected) { + if (!selected.empty() && name.find(selected) == std::string::npos) { + return true; + } + return SpeedHashChunk(md, name + " (16 bytes)", 16) && SpeedHashChunk(md, name + " (256 bytes)", 256) && SpeedHashChunk(md, name + " (8192 bytes)", 8192); } -bool Speed(const std::vector& /*args*/) { - const uint8_t *inp; +static bool SpeedRandomChunk(const std::string name, size_t chunk_len) { + uint8_t scratch[8192]; + + if (chunk_len > sizeof(scratch)) { + return false; + } + + TimeResults results; + if (!TimeFunction(&results, [chunk_len, &scratch]() -> bool { + RAND_bytes(scratch, chunk_len); + return true; + })) { + return false; + } + + results.PrintWithBytes(name, chunk_len); + return true; +} + +static bool SpeedRandom(const std::string &selected) { + if (!selected.empty() && selected != "RNG") { + return true; + } + + return SpeedRandomChunk("RNG (16 bytes)", 16) && + SpeedRandomChunk("RNG (256 bytes)", 256) && + SpeedRandomChunk("RNG (8192 bytes)", 8192); +} + +static bool SpeedECDHCurve(const std::string &name, int nid, + const std::string &selected) { + if (!selected.empty() && name.find(selected) == std::string::npos) { + return true; + } + + TimeResults results; + if (!TimeFunction(&results, [nid]() -> bool { + ScopedEC_KEY key(EC_KEY_new_by_curve_name(nid)); + if (!key || + !EC_KEY_generate_key(key.get())) { + return false; + } + const EC_GROUP *const group = EC_KEY_get0_group(key.get()); + ScopedEC_POINT point(EC_POINT_new(group)); + ScopedBN_CTX ctx(BN_CTX_new()); + + ScopedBIGNUM x(BN_new()); + ScopedBIGNUM y(BN_new()); + + if (!point || !ctx || !x || !y || + !EC_POINT_mul(group, point.get(), NULL, + EC_KEY_get0_public_key(key.get()), + EC_KEY_get0_private_key(key.get()), ctx.get()) || + !EC_POINT_get_affine_coordinates_GFp(group, point.get(), x.get(), + y.get(), ctx.get())) { + return false; + } + + return true; + })) { + return false; + } + + results.Print(name); + return true; +} + +static bool SpeedECDSACurve(const std::string &name, int nid, + const std::string &selected) { + if (!selected.empty() && name.find(selected) == std::string::npos) { + return true; + } + + ScopedEC_KEY key(EC_KEY_new_by_curve_name(nid)); + if (!key || + !EC_KEY_generate_key(key.get())) { + return false; + } + + uint8_t signature[256]; + if (ECDSA_size(key.get()) > sizeof(signature)) { + return false; + } + uint8_t digest[20]; + memset(digest, 42, sizeof(digest)); + unsigned sig_len; + + TimeResults results; + if (!TimeFunction(&results, [&key, &signature, &digest, &sig_len]() -> bool { + return ECDSA_sign(0, digest, sizeof(digest), signature, &sig_len, + key.get()) == 1; + })) { + return false; + } + + results.Print(name + " signing"); + + if (!TimeFunction(&results, [&key, &signature, &digest, sig_len]() -> bool { + return ECDSA_verify(0, digest, sizeof(digest), signature, sig_len, + key.get()) == 1; + })) { + return false; + } + + results.Print(name + " verify"); + + return true; +} + +static bool SpeedECDH(const std::string &selected) { + return SpeedECDHCurve("ECDH P-224", NID_secp224r1, selected) && + SpeedECDHCurve("ECDH P-256", NID_X9_62_prime256v1, selected) && + SpeedECDHCurve("ECDH P-384", NID_secp384r1, selected) && + SpeedECDHCurve("ECDH P-521", NID_secp521r1, selected); +} + +static bool SpeedECDSA(const std::string &selected) { + return SpeedECDSACurve("ECDSA P-224", NID_secp224r1, selected) && + SpeedECDSACurve("ECDSA P-256", NID_X9_62_prime256v1, selected) && + SpeedECDSACurve("ECDSA P-384", NID_secp384r1, selected) && + SpeedECDSACurve("ECDSA P-521", NID_secp521r1, selected); +} + +bool Speed(const std::vector &args) { + std::string selected; + if (args.size() > 1) { + fprintf(stderr, "Usage: bssl speed [speed test selector, i.e. 'RNG']\n"); + return false; + } + if (args.size() > 0) { + selected = args[0]; + } RSA *key = NULL; - inp = kDERRSAPrivate2048; + const uint8_t *inp = kDERRSAPrivate2048; if (NULL == d2i_RSAPrivateKey(&key, &inp, kDERRSAPrivate2048Len)) { fprintf(stderr, "Failed to parse RSA key.\n"); - BIO_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); return false; } - if (!SpeedRSA("RSA 2048", key)) { + if (!SpeedRSA("RSA 2048", key, selected)) { return false; } @@ -294,11 +432,11 @@ bool Speed(const std::vector& /*args*/) { inp = kDERRSAPrivate4096; if (NULL == d2i_RSAPrivateKey(&key, &inp, kDERRSAPrivate4096Len)) { fprintf(stderr, "Failed to parse 4096-bit RSA key.\n"); - BIO_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); return 1; } - if (!SpeedRSA("RSA 4096", key)) { + if (!SpeedRSA("RSA 4096", key, selected)) { return false; } @@ -313,17 +451,23 @@ bool Speed(const std::vector& /*args*/) { // knowledge in them and construct a couple of the AD bytes internally. static const size_t kLegacyADLen = kTLSADLen - 2; - if (!SpeedAEAD(EVP_aead_aes_128_gcm(), "AES-128-GCM", kTLSADLen) || - !SpeedAEAD(EVP_aead_aes_256_gcm(), "AES-256-GCM", kTLSADLen) || - !SpeedAEAD(EVP_aead_chacha20_poly1305(), "ChaCha20-Poly1305", kTLSADLen) || - !SpeedAEAD(EVP_aead_rc4_md5_tls(), "RC4-MD5", kLegacyADLen) || - !SpeedAEAD(EVP_aead_aes_128_cbc_sha1_tls(), "AES-128-CBC-SHA1", kLegacyADLen) || - !SpeedAEAD(EVP_aead_aes_256_cbc_sha1_tls(), "AES-256-CBC-SHA1", kLegacyADLen) || - !SpeedHash(EVP_sha1(), "SHA-1") || - !SpeedHash(EVP_sha256(), "SHA-256") || - !SpeedHash(EVP_sha512(), "SHA-512")) { + if (!SpeedAEAD(EVP_aead_aes_128_gcm(), "AES-128-GCM", kTLSADLen, selected) || + !SpeedAEAD(EVP_aead_aes_256_gcm(), "AES-256-GCM", kTLSADLen, selected) || + !SpeedAEAD(EVP_aead_chacha20_poly1305(), "ChaCha20-Poly1305", kTLSADLen, + selected) || + !SpeedAEAD(EVP_aead_rc4_md5_tls(), "RC4-MD5", kLegacyADLen, selected) || + !SpeedAEAD(EVP_aead_aes_128_cbc_sha1_tls(), "AES-128-CBC-SHA1", + kLegacyADLen, selected) || + !SpeedAEAD(EVP_aead_aes_256_cbc_sha1_tls(), "AES-256-CBC-SHA1", + kLegacyADLen, selected) || + !SpeedHash(EVP_sha1(), "SHA-1", selected) || + !SpeedHash(EVP_sha256(), "SHA-256", selected) || + !SpeedHash(EVP_sha512(), "SHA-512", selected) || + !SpeedRandom(selected) || + !SpeedECDH(selected) || + !SpeedECDSA(selected)) { return false; } - return 0; + return true; } diff --git a/src/tool/tool.cc b/src/tool/tool.cc index 36e3de9..4bd7d1a 100644 --- a/src/tool/tool.cc +++ b/src/tool/tool.cc @@ -36,6 +36,7 @@ bool SHA384Sum(const std::vector &args); bool SHA512Sum(const std::vector &args); bool DoPKCS12(const std::vector &args); bool Speed(const std::vector &args); +bool Rand(const std::vector &args); typedef bool (*tool_func_t)(const std::vector &args); @@ -57,6 +58,7 @@ static const Tool kTools[] = { { "sha256sum", SHA256Sum }, { "sha384sum", SHA384Sum }, { "sha512sum", SHA512Sum }, + { "rand", Rand }, { "", nullptr }, }; diff --git a/src/tool/transport_common.cc b/src/tool/transport_common.cc index 1a09d08..3f5e631 100644 --- a/src/tool/transport_common.cc +++ b/src/tool/transport_common.cc @@ -18,6 +18,7 @@ #include #include +#include #include #include #include @@ -31,7 +32,6 @@ #include #include #else -#define NOMINMAX #include #pragma warning(push, 3) #include @@ -172,6 +172,17 @@ void PrintConnectionInfo(const SSL *ssl) { fprintf(stderr, " Cipher: %s\n", SSL_CIPHER_get_name(cipher)); fprintf(stderr, " Secure renegotiation: %s\n", SSL_get_secure_renegotiation_support(ssl) ? "yes" : "no"); + + const uint8_t *next_proto; + unsigned next_proto_len; + SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len); + fprintf(stderr, " Next protocol negotiated: %.*s\n", next_proto_len, + next_proto); + + const uint8_t *alpn; + unsigned alpn_len; + SSL_get0_alpn_selected(ssl, &alpn, &alpn_len); + fprintf(stderr, " ALPN protocol: %.*s\n", alpn_len, alpn); } bool SocketSetNonBlocking(int sock, bool is_non_blocking) { diff --git a/src/util/aarch64-toolchain.cmake b/src/util/aarch64-toolchain.cmake deleted file mode 100644 index 77f33ab..0000000 --- a/src/util/aarch64-toolchain.cmake +++ /dev/null @@ -1,6 +0,0 @@ -set(CMAKE_SYSTEM_NAME Linux) -set(CMAKE_SYSTEM_VERSION 1) -set(CMAKE_SYSTEM_PROCESSOR "aarch64") -set(CMAKE_CXX_COMPILER "/opt/gcc-linaro-4.9-2014.11-x86_64_aarch64-linux-gnu/bin/aarch64-linux-gnu-g++") -set(CMAKE_C_COMPILER "/opt/gcc-linaro-4.9-2014.11-x86_64_aarch64-linux-gnu/bin/aarch64-linux-gnu-gcc") -set(CMAKE_EXE_LINKER_FLAGS "-static") diff --git a/src/util/all_tests.go b/src/util/all_tests.go new file mode 100644 index 0000000..91822d1 --- /dev/null +++ b/src/util/all_tests.go @@ -0,0 +1,240 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +package main + +import ( + "bytes" + "encoding/json" + "flag" + "fmt" + "os" + "os/exec" + "path" + "strings" + "time" +) + +// TODO(davidben): Link tests with the malloc shim and port -malloc-test to this runner. + +var ( + useValgrind = flag.Bool("valgrind", false, "If true, run code under valgrind") + buildDir = flag.String("build-dir", "build", "The build directory to run the tests from.") + jsonOutput = flag.String("json-output", "", "The file to output JSON results to.") +) + +type test []string + +var tests = []test{ + {"crypto/base64/base64_test"}, + {"crypto/bio/bio_test"}, + {"crypto/bn/bn_test"}, + {"crypto/bytestring/bytestring_test"}, + {"crypto/cipher/aead_test", "aes-128-gcm", "crypto/cipher/test/aes_128_gcm_tests.txt"}, + {"crypto/cipher/aead_test", "aes-128-key-wrap", "crypto/cipher/test/aes_128_key_wrap_tests.txt"}, + {"crypto/cipher/aead_test", "aes-256-gcm", "crypto/cipher/test/aes_256_gcm_tests.txt"}, + {"crypto/cipher/aead_test", "aes-256-key-wrap", "crypto/cipher/test/aes_256_key_wrap_tests.txt"}, + {"crypto/cipher/aead_test", "chacha20-poly1305", "crypto/cipher/test/chacha20_poly1305_tests.txt"}, + {"crypto/cipher/aead_test", "rc4-md5-tls", "crypto/cipher/test/rc4_md5_tls_tests.txt"}, + {"crypto/cipher/aead_test", "rc4-sha1-tls", "crypto/cipher/test/rc4_sha1_tls_tests.txt"}, + {"crypto/cipher/aead_test", "aes-128-cbc-sha1-tls", "crypto/cipher/test/aes_128_cbc_sha1_tls_tests.txt"}, + {"crypto/cipher/aead_test", "aes-128-cbc-sha1-tls-implicit-iv", "crypto/cipher/test/aes_128_cbc_sha1_tls_implicit_iv_tests.txt"}, + {"crypto/cipher/aead_test", "aes-128-cbc-sha256-tls", "crypto/cipher/test/aes_128_cbc_sha256_tls_tests.txt"}, + {"crypto/cipher/aead_test", "aes-256-cbc-sha1-tls", "crypto/cipher/test/aes_256_cbc_sha1_tls_tests.txt"}, + {"crypto/cipher/aead_test", "aes-256-cbc-sha1-tls-implicit-iv", "crypto/cipher/test/aes_256_cbc_sha1_tls_implicit_iv_tests.txt"}, + {"crypto/cipher/aead_test", "aes-256-cbc-sha256-tls", "crypto/cipher/test/aes_256_cbc_sha256_tls_tests.txt"}, + {"crypto/cipher/aead_test", "aes-256-cbc-sha384-tls", "crypto/cipher/test/aes_256_cbc_sha384_tls_tests.txt"}, + {"crypto/cipher/aead_test", "des-ede3-cbc-sha1-tls", "crypto/cipher/test/des_ede3_cbc_sha1_tls_tests.txt"}, + {"crypto/cipher/aead_test", "des-ede3-cbc-sha1-tls-implicit-iv", "crypto/cipher/test/des_ede3_cbc_sha1_tls_implicit_iv_tests.txt"}, + {"crypto/cipher/aead_test", "rc4-md5-ssl3", "crypto/cipher/test/rc4_md5_ssl3_tests.txt"}, + {"crypto/cipher/aead_test", "rc4-sha1-ssl3", "crypto/cipher/test/rc4_sha1_ssl3_tests.txt"}, + {"crypto/cipher/aead_test", "aes-128-cbc-sha1-ssl3", "crypto/cipher/test/aes_128_cbc_sha1_ssl3_tests.txt"}, + {"crypto/cipher/aead_test", "aes-256-cbc-sha1-ssl3", "crypto/cipher/test/aes_256_cbc_sha1_ssl3_tests.txt"}, + {"crypto/cipher/aead_test", "des-ede3-cbc-sha1-ssl3", "crypto/cipher/test/des_ede3_cbc_sha1_ssl3_tests.txt"}, + {"crypto/cipher/aead_test", "aes-128-ctr-hmac-sha256", "crypto/cipher/test/aes_128_ctr_hmac_sha256.txt"}, + {"crypto/cipher/aead_test", "aes-256-ctr-hmac-sha256", "crypto/cipher/test/aes_256_ctr_hmac_sha256.txt"}, + {"crypto/cipher/cipher_test", "crypto/cipher/test/cipher_test.txt"}, + {"crypto/cmac/cmac_test"}, + {"crypto/constant_time_test"}, + {"crypto/dh/dh_test"}, + {"crypto/digest/digest_test"}, + {"crypto/dsa/dsa_test"}, + {"crypto/ec/ec_test"}, + {"crypto/ec/example_mul"}, + {"crypto/ecdsa/ecdsa_test"}, + {"crypto/err/err_test"}, + {"crypto/evp/evp_extra_test"}, + {"crypto/evp/evp_test", "crypto/evp/evp_tests.txt"}, + {"crypto/evp/evp_test", "crypto/hmac/hmac_tests.txt"}, + {"crypto/evp/pbkdf_test"}, + {"crypto/hkdf/hkdf_test"}, + {"crypto/hmac/hmac_test", "crypto/hmac/hmac_tests.txt"}, + {"crypto/lhash/lhash_test"}, + {"crypto/modes/gcm_test"}, + {"crypto/pkcs8/pkcs12_test"}, + {"crypto/rsa/rsa_test"}, + {"crypto/thread_test"}, + {"crypto/x509/pkcs7_test"}, + {"crypto/x509v3/tab_test"}, + {"crypto/x509v3/v3name_test"}, + {"ssl/pqueue/pqueue_test"}, + {"ssl/ssl_test"}, +} + +// testOutput is a representation of Chromium's JSON test result format. See +// https://www.chromium.org/developers/the-json-test-results-format +type testOutput struct { + Version int `json:"version"` + Interrupted bool `json:"interrupted"` + PathDelimiter string `json:"path_delimiter"` + SecondsSinceEpoch float64 `json:"seconds_since_epoch"` + NumFailuresByType map[string]int `json:"num_failures_by_type"` + Tests map[string]testResult `json:"tests"` +} + +type testResult struct { + Actual string `json:"actual"` + Expected string `json:"expected"` + IsUnexpected bool `json:"is_unexpected"` +} + +func newTestOutput() *testOutput { + return &testOutput{ + Version: 3, + PathDelimiter: ".", + SecondsSinceEpoch: float64(time.Now().UnixNano()) / float64(time.Second/time.Nanosecond), + NumFailuresByType: make(map[string]int), + Tests: make(map[string]testResult), + } +} + +func (t *testOutput) addResult(name, result string) { + if _, found := t.Tests[name]; found { + panic(name) + } + t.Tests[name] = testResult{ + Actual: result, + Expected: "PASS", + IsUnexpected: result != "PASS", + } + t.NumFailuresByType[result]++ +} + +func (t *testOutput) writeTo(name string) error { + file, err := os.Create(name) + if err != nil { + return err + } + defer file.Close() + out, err := json.MarshalIndent(t, "", " ") + if err != nil { + return err + } + _, err = file.Write(out) + return err +} + +func valgrindOf(dbAttach bool, path string, args ...string) *exec.Cmd { + valgrindArgs := []string{"--error-exitcode=99", "--track-origins=yes", "--leak-check=full"} + if dbAttach { + valgrindArgs = append(valgrindArgs, "--db-attach=yes", "--db-command=xterm -e gdb -nw %f %p") + } + valgrindArgs = append(valgrindArgs, path) + valgrindArgs = append(valgrindArgs, args...) + + return exec.Command("valgrind", valgrindArgs...) +} + +func runTest(test test) (passed bool, err error) { + prog := path.Join(*buildDir, test[0]) + args := test[1:] + var cmd *exec.Cmd + if *useValgrind { + cmd = valgrindOf(false, prog, args...) + } else { + cmd = exec.Command(prog, args...) + } + var stdoutBuf bytes.Buffer + cmd.Stdout = &stdoutBuf + cmd.Stderr = os.Stderr + + if err := cmd.Start(); err != nil { + return false, err + } + if err := cmd.Wait(); err != nil { + return false, err + } + + // Account for Windows line-endings. + stdout := bytes.Replace(stdoutBuf.Bytes(), []byte("\r\n"), []byte("\n"), -1) + + if bytes.HasSuffix(stdout, []byte("PASS\n")) && + (len(stdout) == 5 || stdout[len(stdout)-6] == '\n') { + return true, nil + } + return false, nil +} + +// shortTestName returns the short name of a test. Except for evp_test, it +// assumes that any argument which ends in .txt is a path to a data file and not +// relevant to the test's uniqueness. +func shortTestName(test test) string { + var args []string + for _, arg := range test { + if test[0] == "crypto/evp/evp_test" || !strings.HasSuffix(arg, ".txt") { + args = append(args, arg) + } + } + return strings.Join(args, " ") +} + +func main() { + flag.Parse() + + testOutput := newTestOutput() + var failed []test + for _, test := range tests { + fmt.Printf("%s\n", strings.Join([]string(test), " ")) + + name := shortTestName(test) + passed, err := runTest(test) + if err != nil { + fmt.Printf("%s failed to complete: %s\n", test[0], err) + failed = append(failed, test) + testOutput.addResult(name, "CRASHED") + } else if !passed { + fmt.Printf("%s failed to print PASS on the last line.\n", test[0]) + failed = append(failed, test) + testOutput.addResult(name, "FAIL") + } else { + testOutput.addResult(name, "PASS") + } + } + + if *jsonOutput != "" { + if err := testOutput.writeTo(*jsonOutput); err != nil { + fmt.Fprintf(os.Stderr, "Error: %s\n", err) + } + } + + if len(failed) > 0 { + fmt.Printf("\n%d of %d tests failed:\n", len(failed), len(tests)) + for _, test := range failed { + fmt.Printf("\t%s\n", strings.Join([]string(test), " ")) + } + os.Exit(1) + } + + fmt.Printf("\nAll tests passed!\n") +} diff --git a/src/util/all_tests.sh b/src/util/all_tests.sh deleted file mode 100644 index bcb5c24..0000000 --- a/src/util/all_tests.sh +++ /dev/null @@ -1,85 +0,0 @@ -#!/usr/bin/env bash - -# Copyright (c) 2014, Google Inc. -# -# Permission to use, copy, modify, and/or distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY -# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION -# OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN -# CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -SRC=.. -if [ "$#" -ge 1 ]; then - SRC=$1 -fi - -TESTS=" -./crypto/base64/base64_test -./crypto/bio/bio_test -./crypto/bn/bn_test -./crypto/bytestring/bytestring_test -./crypto/cipher/aead_test aes-128-gcm $SRC/crypto/cipher/test/aes_128_gcm_tests.txt -./crypto/cipher/aead_test aes-128-key-wrap $SRC/crypto/cipher/test/aes_128_key_wrap_tests.txt -./crypto/cipher/aead_test aes-256-gcm $SRC/crypto/cipher/test/aes_256_gcm_tests.txt -./crypto/cipher/aead_test aes-256-key-wrap $SRC/crypto/cipher/test/aes_256_key_wrap_tests.txt -./crypto/cipher/aead_test chacha20-poly1305 $SRC/crypto/cipher/test/chacha20_poly1305_tests.txt -./crypto/cipher/aead_test rc4-md5-tls $SRC/crypto/cipher/test/rc4_md5_tls_tests.txt -./crypto/cipher/aead_test rc4-sha1-tls $SRC/crypto/cipher/test/rc4_sha1_tls_tests.txt -./crypto/cipher/aead_test aes-128-cbc-sha1-tls $SRC/crypto/cipher/test/aes_128_cbc_sha1_tls_tests.txt -./crypto/cipher/aead_test aes-128-cbc-sha1-tls-implicit-iv $SRC/crypto/cipher/test/aes_128_cbc_sha1_tls_implicit_iv_tests.txt -./crypto/cipher/aead_test aes-128-cbc-sha256-tls $SRC/crypto/cipher/test/aes_128_cbc_sha256_tls_tests.txt -./crypto/cipher/aead_test aes-256-cbc-sha1-tls $SRC/crypto/cipher/test/aes_256_cbc_sha1_tls_tests.txt -./crypto/cipher/aead_test aes-256-cbc-sha1-tls-implicit-iv $SRC/crypto/cipher/test/aes_256_cbc_sha1_tls_implicit_iv_tests.txt -./crypto/cipher/aead_test aes-256-cbc-sha256-tls $SRC/crypto/cipher/test/aes_256_cbc_sha256_tls_tests.txt -./crypto/cipher/aead_test aes-256-cbc-sha384-tls $SRC/crypto/cipher/test/aes_256_cbc_sha384_tls_tests.txt -./crypto/cipher/aead_test des-ede3-cbc-sha1-tls $SRC/crypto/cipher/test/des_ede3_cbc_sha1_tls_tests.txt -./crypto/cipher/aead_test des-ede3-cbc-sha1-tls-implicit-iv $SRC/crypto/cipher/test/des_ede3_cbc_sha1_tls_implicit_iv_tests.txt -./crypto/cipher/aead_test rc4-md5-ssl3 $SRC/crypto/cipher/test/rc4_md5_ssl3_tests.txt -./crypto/cipher/aead_test rc4-sha1-ssl3 $SRC/crypto/cipher/test/rc4_sha1_ssl3_tests.txt -./crypto/cipher/aead_test aes-128-cbc-sha1-ssl3 $SRC/crypto/cipher/test/aes_128_cbc_sha1_ssl3_tests.txt -./crypto/cipher/aead_test aes-256-cbc-sha1-ssl3 $SRC/crypto/cipher/test/aes_256_cbc_sha1_ssl3_tests.txt -./crypto/cipher/aead_test des-ede3-cbc-sha1-ssl3 $SRC/crypto/cipher/test/des_ede3_cbc_sha1_ssl3_tests.txt -./crypto/cipher/cipher_test $SRC/crypto/cipher/test/cipher_test.txt -./crypto/constant_time_test -./crypto/dh/dh_test -./crypto/digest/digest_test -./crypto/dsa/dsa_test -./crypto/ec/ec_test -./crypto/ec/example_mul -./crypto/ecdsa/ecdsa_test -./crypto/err/err_test -./crypto/evp/evp_test -./crypto/evp/pbkdf_test -./crypto/hkdf/hkdf_test -./crypto/hmac/hmac_test -./crypto/lhash/lhash_test -./crypto/modes/gcm_test -./crypto/pkcs8/pkcs12_test -./crypto/rsa/rsa_test -./crypto/x509/pkcs7_test -./crypto/x509v3/tab_test -./crypto/x509v3/v3name_test -./ssl/pqueue/pqueue_test -./ssl/ssl_test -" - -IFS=$'\n' -for bin in $TESTS; do - echo $bin - out=$(bash -c "$bin" | tail -n 1) - if [ $? -ne 0 ]; then - echo $bin failed to complete. - exit 1 - fi - - if [ "x$out" != "xPASS" ]; then - echo $bin failed to print PASS on the last line. - exit 1 - fi -done diff --git a/src/util/arm-toolchain.cmake b/src/util/arm-toolchain.cmake deleted file mode 100644 index 2dfd2bd..0000000 --- a/src/util/arm-toolchain.cmake +++ /dev/null @@ -1,6 +0,0 @@ -set(CMAKE_SYSTEM_NAME Linux) -set(CMAKE_SYSTEM_VERSION 1) -set(CMAKE_SYSTEM_PROCESSOR "arm") -set(CMAKE_CXX_COMPILER "/opt/gcc-linaro-4.9-2014.11-x86_64_arm-linux-gnueabihf/bin/arm-linux-gnueabihf-g++") -set(CMAKE_C_COMPILER "/opt/gcc-linaro-4.9-2014.11-x86_64_arm-linux-gnueabihf/bin/arm-linux-gnueabihf-gcc") -set(CMAKE_EXE_LINKER_FLAGS "-static") diff --git a/src/util/bot/DEPS b/src/util/bot/DEPS new file mode 100644 index 0000000..738fbd3 --- /dev/null +++ b/src/util/bot/DEPS @@ -0,0 +1,134 @@ +# Copyright (c) 2015, Google Inc. +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +# OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +# CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +vars = { + 'chromium_git': 'https://chromium.googlesource.com', +} + +deps = { + 'boringssl/util/bot/gyp': + Var('chromium_git') + '/external/gyp.git' + '@' + '4a9b712d5cb4a5ba7a9950128a7219569caf7263', +} + +hooks = [ + { + 'name': 'cmake_linux64', + 'pattern': '.', + 'action': [ 'download_from_google_storage', + '--no_resume', + '--platform=linux*', + '--no_auth', + '--bucket', 'chromium-tools', + '-s', 'boringssl/util/bot/cmake-linux64.tar.gz.sha1', + ], + }, + { + 'name': 'cmake_mac', + 'pattern': '.', + 'action': [ 'download_from_google_storage', + '--no_resume', + '--platform=darwin', + '--no_auth', + '--bucket', 'chromium-tools', + '-s', 'boringssl/util/bot/cmake-mac.tar.gz.sha1', + ], + }, + { + 'name': 'cmake_win32', + 'pattern': '.', + 'action': [ 'download_from_google_storage', + '--no_resume', + '--platform=win32', + '--no_auth', + '--bucket', 'chromium-tools', + '-s', 'boringssl/util/bot/cmake-win32.zip.sha1', + ], + }, + { + 'name': 'perl_win32', + 'pattern': '.', + 'action': [ 'download_from_google_storage', + '--no_resume', + '--platform=win32', + '--no_auth', + '--bucket', 'chromium-tools', + '-s', 'boringssl/util/bot/perl-win32.zip.sha1', + ], + }, + { + 'name': 'yasm_win32', + 'pattern': '.', + 'action': [ 'download_from_google_storage', + '--no_resume', + '--platform=win32', + '--no_auth', + '--bucket', 'chromium-tools', + '-s', 'boringssl/util/bot/yasm-win32.exe.sha1', + ], + }, + { + 'name': 'win_toolchain', + 'pattern': '.', + 'action': [ 'python', + 'boringssl/util/bot/vs_toolchain.py', + 'update', + ], + }, + { + 'name': 'clang', + 'pattern': '.', + 'action': [ 'python', + 'boringssl/util/bot/update_clang.py', + ], + }, + # TODO(davidben): Only extract archives when they've changed. Extracting perl + # on Windows is a significant part of the cycle time. + { + 'name': 'cmake_linux64_extract', + 'pattern': '.', + 'action': [ 'python', + 'boringssl/util/bot/extract.py', + 'boringssl/util/bot/cmake-linux64.tar.gz', + 'boringssl/util/bot/cmake-linux64/', + ], + }, + { + 'name': 'cmake_mac_extract', + 'pattern': '.', + 'action': [ 'python', + 'boringssl/util/bot/extract.py', + 'boringssl/util/bot/cmake-mac.tar.gz', + 'boringssl/util/bot/cmake-mac/', + ], + }, + { + 'name': 'cmake_win32_extract', + 'pattern': '.', + 'action': [ 'python', + 'boringssl/util/bot/extract.py', + 'boringssl/util/bot/cmake-win32.zip', + 'boringssl/util/bot/cmake-win32/', + ], + }, + { + 'name': 'perl_win32_extract', + 'pattern': '.', + 'action': [ 'python', + 'boringssl/util/bot/extract.py', + '--no-prefix', + 'boringssl/util/bot/perl-win32.zip', + 'boringssl/util/bot/perl-win32/', + ], + }, +] diff --git a/src/util/bot/README b/src/util/bot/README new file mode 100644 index 0000000..b7a4332 --- /dev/null +++ b/src/util/bot/README @@ -0,0 +1,3 @@ +This directory contains tools for setting up a hermetic toolchain on the +continuous integration bots. It is in the repository for convenience and can be +ignored in development. diff --git a/src/util/bot/cmake-linux64.tar.gz.sha1 b/src/util/bot/cmake-linux64.tar.gz.sha1 new file mode 100644 index 0000000..6a8aa1c --- /dev/null +++ b/src/util/bot/cmake-linux64.tar.gz.sha1 @@ -0,0 +1 @@ +32cd1d5fe84ae569dbb36f5767650d62efb8be38 \ No newline at end of file diff --git a/src/util/bot/cmake-mac.tar.gz.sha1 b/src/util/bot/cmake-mac.tar.gz.sha1 new file mode 100644 index 0000000..cb7251b --- /dev/null +++ b/src/util/bot/cmake-mac.tar.gz.sha1 @@ -0,0 +1 @@ +310df6945ae7f8c9da559d22f5794ee8e578a663 \ No newline at end of file diff --git a/src/util/bot/cmake-win32.zip.sha1 b/src/util/bot/cmake-win32.zip.sha1 new file mode 100644 index 0000000..9196b58 --- /dev/null +++ b/src/util/bot/cmake-win32.zip.sha1 @@ -0,0 +1 @@ +e9493171de0edd8879755aa7229a701010a19561 \ No newline at end of file diff --git a/src/util/bot/extract.py b/src/util/bot/extract.py new file mode 100644 index 0000000..77603c0 --- /dev/null +++ b/src/util/bot/extract.py @@ -0,0 +1,139 @@ +# Copyright (c) 2015, Google Inc. +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +# OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +# CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +"""Extracts archives.""" + + +import optparse +import os +import os.path +import tarfile +import shutil +import sys +import zipfile + + +def CheckedJoin(output, path): + """ + CheckedJoin returns os.path.join(output, path). It does sanity checks to + ensure the resulting path is under output, but shouldn't be used on untrusted + input. + """ + path = os.path.normpath(path) + if os.path.isabs(path) or path.startswith('.'): + raise ValueError(path) + return os.path.join(output, path) + + +def IterateZip(path): + """ + IterateZip opens the zip file at path and returns a generator of + (filename, mode, fileobj) tuples for each file in it. + """ + with zipfile.ZipFile(path, 'r') as zip_file: + for info in zip_file.infolist(): + if info.filename.endswith('/'): + continue + yield (info.filename, None, zip_file.open(info)) + + +def IterateTar(path): + """ + IterateTar opens the tar.gz file at path and returns a generator of + (filename, mode, fileobj) tuples for each file in it. + """ + with tarfile.open(path, 'r:gz') as tar_file: + for info in tar_file: + if info.isdir(): + continue + if not info.isfile(): + raise ValueError('Unknown entry type "%s"' % (info.name, )) + yield (info.name, info.mode, tar_file.extractfile(info)) + + +def main(args): + parser = optparse.OptionParser(usage='Usage: %prog ARCHIVE OUTPUT') + parser.add_option('--no-prefix', dest='no_prefix', action='store_true', + help='Do not remove a prefix from paths in the archive.') + options, args = parser.parse_args(args) + + if len(args) != 2: + parser.print_help() + return 1 + + archive, output = args + + if not os.path.exists(archive): + # Skip archives that weren't downloaded. + return 0 + + if archive.endswith('.zip'): + entries = IterateZip(archive) + elif archive.endswith('.tar.gz'): + entries = IterateTar(archive) + else: + raise ValueError(archive) + + try: + if os.path.exists(output): + print "Removing %s" % (output, ) + shutil.rmtree(output) + + print "Extracting %s to %s" % (archive, output) + prefix = None + num_extracted = 0 + for path, mode, inp in entries: + # Even on Windows, zip files must always use forward slashes. + if '\\' in path or path.startswith('/'): + raise ValueError(path) + + if not options.no_prefix: + new_prefix, rest = path.split('/', 1) + + # Ensure the archive is consistent. + if prefix is None: + prefix = new_prefix + if prefix != new_prefix: + raise ValueError((prefix, new_prefix)) + else: + rest = path + + # Extract the file into the output directory. + fixed_path = CheckedJoin(output, rest) + if not os.path.isdir(os.path.dirname(fixed_path)): + os.makedirs(os.path.dirname(fixed_path)) + with open(fixed_path, 'wb') as out: + shutil.copyfileobj(inp, out) + + # Fix up permissions if needbe. + # TODO(davidben): To be extra tidy, this should only track the execute bit + # as in git. + if mode is not None: + os.chmod(fixed_path, mode) + + # Print every 100 files, so bots do not time out on large archives. + num_extracted += 1 + if num_extracted % 100 == 0: + print "Extracted %d files..." % (num_extracted,) + finally: + entries.close() + + if num_extracted % 100 == 0: + print "Done. Extracted %d files." % (num_extracted,) + + return 0 + + +if __name__ == '__main__': + sys.exit(main(sys.argv[1:])) diff --git a/src/util/bot/go/bootstrap.py b/src/util/bot/go/bootstrap.py new file mode 100755 index 0000000..166ef3b --- /dev/null +++ b/src/util/bot/go/bootstrap.py @@ -0,0 +1,297 @@ +#!/usr/bin/env python +# Copyright 2014 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +# Modified from go/bootstrap.py in Chromium infrastructure's repository to patch +# out everything but the core toolchain. +# +# https://chromium.googlesource.com/infra/infra/ + +"""Prepares a local hermetic Go installation. + +- Downloads and unpacks the Go toolset in ../golang. +""" + +import contextlib +import logging +import os +import platform +import shutil +import stat +import subprocess +import sys +import tarfile +import tempfile +import urllib +import zipfile + +# TODO(vadimsh): Migrate to new golang.org/x/ paths once Golang moves to +# git completely. + +LOGGER = logging.getLogger(__name__) + + +# /path/to/util/bot +ROOT = os.path.dirname(os.path.abspath(__file__)) + +# Where to install Go toolset to. GOROOT would be /go. +TOOLSET_ROOT = os.path.join(os.path.dirname(ROOT), 'golang') + +# Default workspace with infra go code. +WORKSPACE = os.path.join(ROOT, 'go') + +# Platform depended suffix for executable files. +EXE_SFX = '.exe' if sys.platform == 'win32' else '' + +# Pinned version of Go toolset to download. +TOOLSET_VERSION = 'go1.4' + +# Platform dependent portion of a download URL. See http://golang.org/dl/. +TOOLSET_VARIANTS = { + ('darwin', 'x86-32'): 'darwin-386-osx10.8.tar.gz', + ('darwin', 'x86-64'): 'darwin-amd64-osx10.8.tar.gz', + ('linux2', 'x86-32'): 'linux-386.tar.gz', + ('linux2', 'x86-64'): 'linux-amd64.tar.gz', + ('win32', 'x86-32'): 'windows-386.zip', + ('win32', 'x86-64'): 'windows-amd64.zip', +} + +# Download URL root. +DOWNLOAD_URL_PREFIX = 'https://storage.googleapis.com/golang' + + +class Failure(Exception): + """Bootstrap failed.""" + + +def get_toolset_url(): + """URL of a platform specific Go toolset archive.""" + # TODO(vadimsh): Support toolset for cross-compilation. + arch = { + 'amd64': 'x86-64', + 'x86_64': 'x86-64', + 'i386': 'x86-32', + 'x86': 'x86-32', + }.get(platform.machine().lower()) + variant = TOOLSET_VARIANTS.get((sys.platform, arch)) + if not variant: + # TODO(vadimsh): Compile go lang from source. + raise Failure('Unrecognized platform') + return '%s/%s.%s' % (DOWNLOAD_URL_PREFIX, TOOLSET_VERSION, variant) + + +def read_file(path): + """Returns contents of a given file or None if not readable.""" + assert isinstance(path, (list, tuple)) + try: + with open(os.path.join(*path), 'r') as f: + return f.read() + except IOError: + return None + + +def write_file(path, data): + """Writes |data| to a file.""" + assert isinstance(path, (list, tuple)) + with open(os.path.join(*path), 'w') as f: + f.write(data) + + +def remove_directory(path): + """Recursively removes a directory.""" + assert isinstance(path, (list, tuple)) + p = os.path.join(*path) + if not os.path.exists(p): + return + LOGGER.info('Removing %s', p) + # Crutch to remove read-only file (.git/* in particular) on Windows. + def onerror(func, path, _exc_info): + if not os.access(path, os.W_OK): + os.chmod(path, stat.S_IWUSR) + func(path) + else: + raise + shutil.rmtree(p, onerror=onerror if sys.platform == 'win32' else None) + + +def install_toolset(toolset_root, url): + """Downloads and installs Go toolset. + + GOROOT would be /go/. + """ + if not os.path.exists(toolset_root): + os.makedirs(toolset_root) + pkg_path = os.path.join(toolset_root, url[url.rfind('/')+1:]) + + LOGGER.info('Downloading %s...', url) + download_file(url, pkg_path) + + LOGGER.info('Extracting...') + if pkg_path.endswith('.zip'): + with zipfile.ZipFile(pkg_path, 'r') as f: + f.extractall(toolset_root) + elif pkg_path.endswith('.tar.gz'): + with tarfile.open(pkg_path, 'r:gz') as f: + f.extractall(toolset_root) + else: + raise Failure('Unrecognized archive format') + + LOGGER.info('Validating...') + if not check_hello_world(toolset_root): + raise Failure('Something is not right, test program doesn\'t work') + + +def download_file(url, path): + """Fetches |url| to |path|.""" + last_progress = [0] + def report(a, b, c): + progress = int(a * b * 100.0 / c) + if progress != last_progress[0]: + print >> sys.stderr, 'Downloading... %d%%' % progress + last_progress[0] = progress + # TODO(vadimsh): Use something less crippled, something that validates SSL. + urllib.urlretrieve(url, path, reporthook=report) + + +@contextlib.contextmanager +def temp_dir(path): + """Creates a temporary directory, then deletes it.""" + tmp = tempfile.mkdtemp(dir=path) + try: + yield tmp + finally: + remove_directory([tmp]) + + +def check_hello_world(toolset_root): + """Compiles and runs 'hello world' program to verify that toolset works.""" + with temp_dir(toolset_root) as tmp: + path = os.path.join(tmp, 'hello.go') + write_file([path], r""" + package main + func main() { println("hello, world\n") } + """) + out = subprocess.check_output( + [get_go_exe(toolset_root), 'run', path], + env=get_go_environ(toolset_root, tmp), + stderr=subprocess.STDOUT) + if out.strip() != 'hello, world': + LOGGER.error('Failed to run sample program:\n%s', out) + return False + return True + + +def ensure_toolset_installed(toolset_root): + """Installs or updates Go toolset if necessary. + + Returns True if new toolset was installed. + """ + installed = read_file([toolset_root, 'INSTALLED_TOOLSET']) + available = get_toolset_url() + if installed == available: + LOGGER.debug('Go toolset is up-to-date: %s', TOOLSET_VERSION) + return False + + LOGGER.info('Installing Go toolset.') + LOGGER.info(' Old toolset is %s', installed) + LOGGER.info(' New toolset is %s', available) + remove_directory([toolset_root]) + install_toolset(toolset_root, available) + LOGGER.info('Go toolset installed: %s', TOOLSET_VERSION) + write_file([toolset_root, 'INSTALLED_TOOLSET'], available) + return True + + +def get_go_environ( + toolset_root, + workspace=None): + """Returns a copy of os.environ with added GO* environment variables. + + Overrides GOROOT, GOPATH and GOBIN. Keeps everything else. Idempotent. + + Args: + toolset_root: GOROOT would be /go. + workspace: main workspace directory or None if compiling in GOROOT. + """ + env = os.environ.copy() + env['GOROOT'] = os.path.join(toolset_root, 'go') + if workspace: + env['GOBIN'] = os.path.join(workspace, 'bin') + else: + env.pop('GOBIN', None) + + all_go_paths = [] + if workspace: + all_go_paths.append(workspace) + env['GOPATH'] = os.pathsep.join(all_go_paths) + + # New PATH entries. + paths_to_add = [ + os.path.join(env['GOROOT'], 'bin'), + env.get('GOBIN'), + ] + + # Make sure not to add duplicates entries to PATH over and over again when + # get_go_environ is invoked multiple times. + path = env['PATH'].split(os.pathsep) + paths_to_add = [p for p in paths_to_add if p and p not in path] + env['PATH'] = os.pathsep.join(paths_to_add + path) + + return env + + +def get_go_exe(toolset_root): + """Returns path to go executable.""" + return os.path.join(toolset_root, 'go', 'bin', 'go' + EXE_SFX) + + +def bootstrap(logging_level): + """Installs all dependencies in default locations. + + Supposed to be called at the beginning of some script (it modifies logger). + + Args: + logging_level: logging level of bootstrap process. + """ + logging.basicConfig() + LOGGER.setLevel(logging_level) + ensure_toolset_installed(TOOLSET_ROOT) + + +def prepare_go_environ(): + """Returns dict with environment variables to set to use Go toolset. + + Installs or updates the toolset if necessary. + """ + bootstrap(logging.INFO) + return get_go_environ(TOOLSET_ROOT, WORKSPACE) + + +def find_executable(name, workspaces): + """Returns full path to an executable in some bin/ (in GOROOT or GOBIN).""" + basename = name + if EXE_SFX and basename.endswith(EXE_SFX): + basename = basename[:-len(EXE_SFX)] + roots = [os.path.join(TOOLSET_ROOT, 'go', 'bin')] + for path in workspaces: + roots.extend([ + os.path.join(path, 'bin'), + ]) + for root in roots: + full_path = os.path.join(root, basename + EXE_SFX) + if os.path.exists(full_path): + return full_path + return name + + +def main(args): + if args: + print >> sys.stderr, sys.modules[__name__].__doc__, + return 2 + bootstrap(logging.DEBUG) + return 0 + + +if __name__ == '__main__': + sys.exit(main(sys.argv[1:])) diff --git a/src/util/bot/go/env.py b/src/util/bot/go/env.py new file mode 100755 index 0000000..820968c --- /dev/null +++ b/src/util/bot/go/env.py @@ -0,0 +1,49 @@ +#!/usr/bin/env python +# Copyright 2014 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +# Modified from go/env.py in Chromium infrastructure's repository to patch out +# everything but the core toolchain. +# +# https://chromium.googlesource.com/infra/infra/ + +"""Can be used to point environment variable to hermetic Go toolset. + +Usage (on linux and mac): +$ eval `./env.py` +$ go version + +Or it can be used to wrap a command: + +$ ./env.py go version +""" + +assert __name__ == '__main__' + +import imp +import os +import subprocess +import sys + +# Do not want to mess with sys.path, load the module directly. +bootstrap = imp.load_source( + 'bootstrap', os.path.join(os.path.dirname(__file__), 'bootstrap.py')) + +old = os.environ.copy() +new = bootstrap.prepare_go_environ() + +if len(sys.argv) == 1: + for key, value in sorted(new.iteritems()): + if old.get(key) != value: + print 'export %s="%s"' % (key, value) +else: + exe = sys.argv[1] + if exe == 'python': + exe = sys.executable + else: + # Help Windows to find the executable in new PATH, do it only when + # executable is referenced by name (and not by path). + if os.sep not in exe: + exe = bootstrap.find_executable(exe, [bootstrap.WORKSPACE]) + sys.exit(subprocess.call([exe] + sys.argv[2:], env=new)) diff --git a/src/util/bot/perl-win32.zip.sha1 b/src/util/bot/perl-win32.zip.sha1 new file mode 100644 index 0000000..a5559d8 --- /dev/null +++ b/src/util/bot/perl-win32.zip.sha1 @@ -0,0 +1 @@ +ab6e7aee6a915c4d820b86f5227094763b649fce \ No newline at end of file diff --git a/src/util/bot/toolchain_vs2013.hash b/src/util/bot/toolchain_vs2013.hash new file mode 100644 index 0000000..4ed8816 --- /dev/null +++ b/src/util/bot/toolchain_vs2013.hash @@ -0,0 +1 @@ +ee7d718ec60c2dc5d255bbe325909c2021a7efef diff --git a/src/util/bot/update_clang.py b/src/util/bot/update_clang.py new file mode 100644 index 0000000..0836d11 --- /dev/null +++ b/src/util/bot/update_clang.py @@ -0,0 +1,71 @@ +# Copyright (c) 2015, Google Inc. +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +# OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +# CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +import os.path +import shutil +import sys +import tarfile +import tempfile +import urllib + +# CLANG_REVISION and CLANG_SUB_REVISION determine the build of clang +# to use. These should be synced with tools/clang/scripts/update.sh in +# Chromium. +CLANG_REVISION = "233105" +CLANG_SUB_REVISION = "1" + +PACKAGE_VERSION = "%s-%s" % (CLANG_REVISION, CLANG_SUB_REVISION) +LLVM_BUILD_DIR = os.path.join(os.path.dirname(__file__), "llvm-build") +STAMP_FILE = os.path.join(LLVM_BUILD_DIR, "cr_build_revision") + +CDS_URL = "https://commondatastorage.googleapis.com/chromium-browser-clang" + +def DownloadFile(url, path): + """DownloadFile fetches |url| to |path|.""" + last_progress = [0] + def report(a, b, c): + progress = int(a * b * 100.0 / c) + if progress != last_progress[0]: + print >> sys.stderr, "Downloading... %d%%" % progress + last_progress[0] = progress + urllib.urlretrieve(url, path, reporthook=report) + +def main(args): + # For now, only download clang on Linux. + if not sys.platform.startswith("linux"): + return 0 + + if os.path.exists(STAMP_FILE): + with open(STAMP_FILE) as f: + if f.read().strip() == PACKAGE_VERSION: + print >> sys.stderr, "Clang already at %s" % (PACKAGE_VERSION,) + return 0 + + if os.path.exists(LLVM_BUILD_DIR): + shutil.rmtree(LLVM_BUILD_DIR) + + print >> sys.stderr, "Downloading Clang %s" % (PACKAGE_VERSION,) + cds_full_url = "%s/Linux_x64/clang-%s.tgz" % (CDS_URL, PACKAGE_VERSION) + with tempfile.NamedTemporaryFile() as temp: + DownloadFile(cds_full_url, temp.name) + with tarfile.open(temp.name, "r:gz") as tar_file: + tar_file.extractall(LLVM_BUILD_DIR) + + with open(STAMP_FILE, "wb") as stamp_file: + stamp_file.write(PACKAGE_VERSION) + + return 0 + +if __name__ == "__main__": + sys.exit(main(sys.argv[1:])) diff --git a/src/util/bot/vs_env.py b/src/util/bot/vs_env.py new file mode 100644 index 0000000..1847500 --- /dev/null +++ b/src/util/bot/vs_env.py @@ -0,0 +1,37 @@ +# Copyright (c) 2015, Google Inc. +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +# OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +# CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +import subprocess +import sys + +import vs_toolchain +# vs_toolchain adds gyp to sys.path. +import gyp.MSVSVersion + +if len(sys.argv) < 2: + print >>sys.stderr, "Usage: vs_env.py TARGET_ARCH CMD..." + sys.exit(1) + +target_arch = sys.argv[1] +cmd = sys.argv[2:] + +vs_toolchain.SetEnvironmentAndGetRuntimeDllDirs() +vs_version = gyp.MSVSVersion.SelectVisualStudioVersion() + +# Using shell=True is somewhat ugly, but the alternative is to pull in a copy +# of the Chromium GN build's setup_toolchain.py which runs the setup script, +# then 'set', and then parses the environment variables out. (GYP internally +# does the same thing.) +sys.exit(subprocess.call(vs_version.SetupScript(target_arch) + ["&&"] + cmd, + shell=True)) diff --git a/src/util/bot/vs_toolchain.py b/src/util/bot/vs_toolchain.py new file mode 100644 index 0000000..fd76f39 --- /dev/null +++ b/src/util/bot/vs_toolchain.py @@ -0,0 +1,114 @@ +# Copyright 2014 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +import json +import os +import pipes +import shutil +import subprocess +import sys + + +script_dir = os.path.dirname(os.path.realpath(__file__)) +sys.path.insert(0, os.path.join(script_dir, 'gyp', 'pylib')) +json_data_file = os.path.join(script_dir, 'win_toolchain.json') + + +import gyp + + +def SetEnvironmentAndGetRuntimeDllDirs(): + """Sets up os.environ to use the depot_tools VS toolchain with gyp, and + returns the location of the VS runtime DLLs so they can be copied into + the output directory after gyp generation. + """ + vs2013_runtime_dll_dirs = None + depot_tools_win_toolchain = \ + bool(int(os.environ.get('DEPOT_TOOLS_WIN_TOOLCHAIN', '1'))) + if sys.platform in ('win32', 'cygwin') and depot_tools_win_toolchain: + if not os.path.exists(json_data_file): + Update() + with open(json_data_file, 'r') as tempf: + toolchain_data = json.load(tempf) + + toolchain = toolchain_data['path'] + version = toolchain_data['version'] + version_is_pro = version[-1] != 'e' + win8sdk = toolchain_data['win8sdk'] + wdk = toolchain_data['wdk'] + # TODO(scottmg): The order unfortunately matters in these. They should be + # split into separate keys for x86 and x64. (See CopyVsRuntimeDlls call + # below). http://crbug.com/345992 + vs2013_runtime_dll_dirs = toolchain_data['runtime_dirs'] + + os.environ['GYP_MSVS_OVERRIDE_PATH'] = toolchain + os.environ['GYP_MSVS_VERSION'] = version + # We need to make sure windows_sdk_path is set to the automated + # toolchain values in GYP_DEFINES, but don't want to override any + # otheroptions.express + # values there. + gyp_defines_dict = gyp.NameValueListToDict(gyp.ShlexEnv('GYP_DEFINES')) + gyp_defines_dict['windows_sdk_path'] = win8sdk + os.environ['GYP_DEFINES'] = ' '.join('%s=%s' % (k, pipes.quote(str(v))) + for k, v in gyp_defines_dict.iteritems()) + os.environ['WINDOWSSDKDIR'] = win8sdk + os.environ['WDK_DIR'] = wdk + # Include the VS runtime in the PATH in case it's not machine-installed. + runtime_path = ';'.join(vs2013_runtime_dll_dirs) + os.environ['PATH'] = runtime_path + ';' + os.environ['PATH'] + return vs2013_runtime_dll_dirs + + +def _GetDesiredVsToolchainHashes(): + """Load a list of SHA1s corresponding to the toolchains that we want installed + to build with.""" + sha1path = os.path.join(script_dir, 'toolchain_vs2013.hash') + with open(sha1path, 'rb') as f: + return f.read().strip().splitlines() + + +def FindDepotTools(): + """Returns the path to depot_tools in $PATH.""" + for path in os.environ['PATH'].split(os.pathsep): + if os.path.isfile(os.path.join(path, 'gclient.py')): + return path + raise Exception("depot_tools not found!") + + +def Update(): + """Requests an update of the toolchain to the specific hashes we have at + this revision. The update outputs a .json of the various configuration + information required to pass to gyp which we use in |GetToolchainDir()|. + """ + depot_tools_win_toolchain = \ + bool(int(os.environ.get('DEPOT_TOOLS_WIN_TOOLCHAIN', '1'))) + if sys.platform in ('win32', 'cygwin') and depot_tools_win_toolchain: + depot_tools_path = FindDepotTools() + json_data_file = os.path.join(script_dir, 'win_toolchain.json') + get_toolchain_args = [ + sys.executable, + os.path.join(depot_tools_path, + 'win_toolchain', + 'get_toolchain_if_necessary.py'), + '--output-json', json_data_file, + ] + _GetDesiredVsToolchainHashes() + subprocess.check_call(get_toolchain_args) + + return 0 + + +def main(): + if not sys.platform.startswith(('win32', 'cygwin')): + return 0 + commands = { + 'update': Update, + } + if len(sys.argv) < 2 or sys.argv[1] not in commands: + print >>sys.stderr, 'Expected one of: %s' % ', '.join(commands) + return 1 + return commands[sys.argv[1]](*sys.argv[2:]) + + +if __name__ == '__main__': + sys.exit(main()) diff --git a/src/util/bot/yasm-win32.exe.sha1 b/src/util/bot/yasm-win32.exe.sha1 new file mode 100644 index 0000000..5b8c9aa --- /dev/null +++ b/src/util/bot/yasm-win32.exe.sha1 @@ -0,0 +1 @@ +4c4d1951181a610923523cb10d83d9ae9952fbf3 \ No newline at end of file diff --git a/src/util/clang-toolchain.cmake b/src/util/clang-toolchain.cmake deleted file mode 100644 index 8d81379..0000000 --- a/src/util/clang-toolchain.cmake +++ /dev/null @@ -1,2 +0,0 @@ -set(CMAKE_CXX_COMPILER "/agl/chromium/src/third_party/llvm-build/Release+Asserts/bin/clang++") -set(CMAKE_C_COMPILER "/agl/chromium/src/third_party/llvm-build/Release+Asserts/bin/clang") diff --git a/src/util/doc.config b/src/util/doc.config index 62db0f3..a427e04 100644 --- a/src/util/doc.config +++ b/src/util/doc.config @@ -9,10 +9,12 @@ "include/openssl/bytestring.h", "include/openssl/err.h", "include/openssl/cpu.h", + "include/openssl/crypto.h", "include/openssl/ex_data.h", "include/openssl/lhash.h", "include/openssl/mem.h", "include/openssl/obj.h", + "include/openssl/rand.h", "include/openssl/stack.h", "include/openssl/thread.h", "include/openssl/time_support.h" @@ -22,6 +24,7 @@ "Headers": [ "include/openssl/aes.h", "include/openssl/bn.h", + "include/openssl/cmac.h", "include/openssl/des.h", "include/openssl/dh.h", "include/openssl/dsa.h", @@ -45,5 +48,10 @@ "include/openssl/aead.h", "include/openssl/evp.h" ] + },{ + "Name": "SSL implementation", + "Headers": [ + "include/openssl/ssl.h" + ] }] } diff --git a/src/util/doc.go b/src/util/doc.go index 7c96af8..20feae5 100644 --- a/src/util/doc.go +++ b/src/util/doc.go @@ -111,7 +111,9 @@ func extractComment(lines []string, lineNo int) (comment []string, rest []string err = fmt.Errorf("comment doesn't start with block prefix on line %d: %s", restLineNo, line) return } - line = line[2:] + if len(line) == 2 || line[2] != '/' { + line = line[2:] + } if strings.HasPrefix(line, " ") { /* Identing the lines of a paragraph marks them as * preformatted. */ @@ -193,12 +195,23 @@ func extractDecl(lines []string, lineNo int) (decl string, rest []string, restLi func skipPast(s, skip string) string { i := strings.Index(s, skip) if i > 0 { - return s[len(skip):] + return s[i:] } return s } +func skipLine(s string) string { + i := strings.Index(s, "\n") + if i > 0 { + return s[i:] + } + return "" +} + func getNameFromDecl(decl string) (string, bool) { + for strings.HasPrefix(decl, "#if") { + decl = skipLine(decl) + } if strings.HasPrefix(decl, "struct ") { return "", false } @@ -582,8 +595,8 @@ func generateIndex(outPath string, config *Config, headerDescriptions map[string func main() { var ( - configFlag *string = flag.String("config", "", "Location of config file") - outputDir *string = flag.String("out", "", "Path to the directory where the output will be written") + configFlag *string = flag.String("config", "doc.config", "Location of config file") + outputDir *string = flag.String("out", ".", "Path to the directory where the output will be written") config Config ) diff --git a/src/util/generate_build_files.py b/src/util/generate_build_files.py new file mode 100644 index 0000000..94de546 --- /dev/null +++ b/src/util/generate_build_files.py @@ -0,0 +1,341 @@ +# Copyright (c) 2015, Google Inc. +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +# OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +# CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +"""Enumerates the BoringSSL source in src/ and either generates two gypi files + (boringssl.gypi and boringssl_tests.gypi) for Chromium, or generates + source-list files for Android.""" + +import os +import subprocess +import sys + + +# OS_ARCH_COMBOS maps from OS and platform to the OpenSSL assembly "style" for +# that platform and the extension used by asm files. +OS_ARCH_COMBOS = [ + ('linux', 'arm', 'linux32', [], 'S'), + ('linux', 'aarch64', 'linux64', [], 'S'), + ('linux', 'x86', 'elf', ['-fPIC', '-DOPENSSL_IA32_SSE2'], 'S'), + ('linux', 'x86_64', 'elf', [], 'S'), + ('mac', 'x86', 'macosx', ['-fPIC', '-DOPENSSL_IA32_SSE2'], 'S'), + ('mac', 'x86_64', 'macosx', [], 'S'), + ('win', 'x86', 'win32n', ['-DOPENSSL_IA32_SSE2'], 'asm'), + ('win', 'x86_64', 'nasm', [], 'asm'), +] + +# NON_PERL_FILES enumerates assembly files that are not processed by the +# perlasm system. +NON_PERL_FILES = { + ('linux', 'arm'): [ + 'src/crypto/poly1305/poly1305_arm_asm.S', + 'src/crypto/chacha/chacha_vec_arm.S', + 'src/crypto/cpu-arm-asm.S', + ], +} + + +class Chromium(object): + + def __init__(self): + self.header = \ +"""# Copyright (c) 2014 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +# This file is created by generate_build_files.py. Do not edit manually. + +""" + + def PrintVariableSection(self, out, name, files): + out.write(' \'%s\': [\n' % name) + for f in sorted(files): + out.write(' \'%s\',\n' % f) + out.write(' ],\n') + + def WriteFiles(self, files, asm_outputs): + with open('boringssl.gypi', 'w+') as gypi: + gypi.write(self.header + '{\n \'variables\': {\n') + + self.PrintVariableSection( + gypi, 'boringssl_lib_sources', files['crypto'] + files['ssl']) + + for ((osname, arch), asm_files) in asm_outputs: + self.PrintVariableSection(gypi, 'boringssl_%s_%s_sources' % + (osname, arch), asm_files) + + gypi.write(' }\n}\n') + + with open('boringssl_tests.gypi', 'w+') as test_gypi: + test_gypi.write(self.header + '{\n \'targets\': [\n') + + test_names = [] + for test in sorted(files['test']): + test_name = 'boringssl_%s' % os.path.splitext(os.path.basename(test))[0] + test_gypi.write(""" { + 'target_name': '%s', + 'type': 'executable', + 'dependencies': [ + 'boringssl.gyp:boringssl', + ], + 'sources': [ + '%s', + ], + # TODO(davidben): Fix size_t truncations in BoringSSL. + # https://crbug.com/429039 + 'msvs_disabled_warnings': [ 4267, ], + },\n""" % (test_name, test)) + test_names.append(test_name) + + test_names.sort() + + test_gypi.write(""" ], + 'variables': { + 'boringssl_test_targets': [\n""") + + for test in test_names: + test_gypi.write(""" '%s',\n""" % test) + + test_gypi.write(' ],\n }\n}\n') + + +class Android(object): + + def __init__(self): + self.header = \ +"""# Copyright (C) 2015 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +""" + + def PrintVariableSection(self, out, name, files): + out.write('%s := \\\n' % name) + for f in sorted(files): + out.write(' %s\\\n' % f) + out.write('\n') + + def WriteFiles(self, files, asm_outputs): + with open('sources.mk', 'w+') as makefile: + makefile.write(self.header) + + files['crypto'].append('android_compat_hacks.c') + files['crypto'].append('android_compat_keywrap.c') + self.PrintVariableSection(makefile, 'crypto_sources', files['crypto']) + self.PrintVariableSection(makefile, 'ssl_sources', files['ssl']) + self.PrintVariableSection(makefile, 'tool_sources', files['tool']) + + for ((osname, arch), asm_files) in asm_outputs: + self.PrintVariableSection( + makefile, '%s_%s_sources' % (osname, arch), asm_files) + + +def FindCMakeFiles(directory): + """Returns list of all CMakeLists.txt files recursively in directory.""" + cmakefiles = [] + + for (path, _, filenames) in os.walk(directory): + for filename in filenames: + if filename == 'CMakeLists.txt': + cmakefiles.append(os.path.join(path, filename)) + + return cmakefiles + + +def NoTests(dent, is_dir): + """Filter function that can be passed to FindCFiles in order to remove test + sources.""" + if is_dir: + return dent != 'test' + return 'test.' not in dent and not dent.startswith('example_') + + +def OnlyTests(dent, is_dir): + """Filter function that can be passed to FindCFiles in order to remove + non-test sources.""" + if is_dir: + return True + return '_test.' in dent or dent.startswith('example_') + + +def FindCFiles(directory, filter_func): + """Recurses through directory and returns a list of paths to all the C source + files that pass filter_func.""" + cfiles = [] + + for (path, dirnames, filenames) in os.walk(directory): + for filename in filenames: + if not filename.endswith('.c') and not filename.endswith('.cc'): + continue + if not filter_func(filename, False): + continue + cfiles.append(os.path.join(path, filename)) + + for (i, dirname) in enumerate(dirnames): + if not filter_func(dirname, True): + del dirnames[i] + + return cfiles + + +def ExtractPerlAsmFromCMakeFile(cmakefile): + """Parses the contents of the CMakeLists.txt file passed as an argument and + returns a list of all the perlasm() directives found in the file.""" + perlasms = [] + with open(cmakefile) as f: + for line in f: + line = line.strip() + if not line.startswith('perlasm('): + continue + if not line.endswith(')'): + raise ValueError('Bad perlasm line in %s' % cmakefile) + # Remove "perlasm(" from start and ")" from end + params = line[8:-1].split() + if len(params) < 2: + raise ValueError('Bad perlasm line in %s' % cmakefile) + perlasms.append({ + 'extra_args': params[2:], + 'input': os.path.join(os.path.dirname(cmakefile), params[1]), + 'output': os.path.join(os.path.dirname(cmakefile), params[0]), + }) + + return perlasms + + +def ReadPerlAsmOperations(): + """Returns a list of all perlasm() directives found in CMake config files in + src/.""" + perlasms = [] + cmakefiles = FindCMakeFiles('src') + + for cmakefile in cmakefiles: + perlasms.extend(ExtractPerlAsmFromCMakeFile(cmakefile)) + + return perlasms + + +def PerlAsm(output_filename, input_filename, perlasm_style, extra_args): + """Runs the a perlasm script and puts the output into output_filename.""" + base_dir = os.path.dirname(output_filename) + if not os.path.isdir(base_dir): + os.makedirs(base_dir) + output = subprocess.check_output( + ['perl', input_filename, perlasm_style] + extra_args) + with open(output_filename, 'w+') as out_file: + out_file.write(output) + + +def ArchForAsmFilename(filename): + """Returns the architectures that a given asm file should be compiled for + based on substrings in the filename.""" + + if 'x86_64' in filename or 'avx2' in filename: + return ['x86_64'] + elif ('x86' in filename and 'x86_64' not in filename) or '586' in filename: + return ['x86'] + elif 'armx' in filename: + return ['arm', 'aarch64'] + elif 'armv8' in filename: + return ['aarch64'] + elif 'arm' in filename: + return ['arm'] + else: + raise ValueError('Unknown arch for asm filename: ' + filename) + + +def WriteAsmFiles(perlasms): + """Generates asm files from perlasm directives for each supported OS x + platform combination.""" + asmfiles = {} + + for osarch in OS_ARCH_COMBOS: + (osname, arch, perlasm_style, extra_args, asm_ext) = osarch + key = (osname, arch) + outDir = '%s-%s' % key + + for perlasm in perlasms: + filename = os.path.basename(perlasm['input']) + output = perlasm['output'] + if not output.startswith('src'): + raise ValueError('output missing src: %s' % output) + output = os.path.join(outDir, output[4:]) + output = output.replace('${ASM_EXT}', asm_ext) + + if arch in ArchForAsmFilename(filename): + PerlAsm(output, perlasm['input'], perlasm_style, + perlasm['extra_args'] + extra_args) + asmfiles.setdefault(key, []).append(output) + + for (key, non_perl_asm_files) in NON_PERL_FILES.iteritems(): + asmfiles.setdefault(key, []).extend(non_perl_asm_files) + + return asmfiles + + +def main(platform): + crypto_c_files = FindCFiles(os.path.join('src', 'crypto'), NoTests) + ssl_c_files = FindCFiles(os.path.join('src', 'ssl'), NoTests) + tool_cc_files = FindCFiles(os.path.join('src', 'tool'), NoTests) + + # Generate err_data.c + with open('err_data.c', 'w+') as err_data: + subprocess.check_call(['go', 'run', 'err_data_generate.go'], + cwd=os.path.join('src', 'crypto', 'err'), + stdout=err_data) + crypto_c_files.append('err_data.c') + + test_c_files = FindCFiles(os.path.join('src', 'crypto'), OnlyTests) + test_c_files += FindCFiles(os.path.join('src', 'ssl'), OnlyTests) + + files = { + 'crypto': crypto_c_files, + 'ssl': ssl_c_files, + 'tool': tool_cc_files, + 'test': test_c_files, + } + + asm_outputs = sorted(WriteAsmFiles(ReadPerlAsmOperations()).iteritems()) + + platform.WriteFiles(files, asm_outputs) + + return 0 + + +def Usage(): + print 'Usage: python %s [chromium|android]' % sys.argv[0] + sys.exit(1) + + +if __name__ == '__main__': + if len(sys.argv) != 2: + Usage() + + platform = None + if sys.argv[1] == 'chromium': + platform = Chromium() + elif sys.argv[1] == 'android': + platform = Android() + else: + Usage() + + sys.exit(main(platform)) diff --git a/src/util/make_errors.go b/src/util/make_errors.go index 5fd75e2..dc8039a 100644 --- a/src/util/make_errors.go +++ b/src/util/make_errors.go @@ -36,17 +36,20 @@ const reservedReasonCode = 1000 var resetFlag *bool = flag.Bool("reset", false, "If true, ignore current assignments and reassign from scratch") func makeErrors(reset bool) error { - dirName, err := os.Getwd() + topLevelPath, err := findToplevel() if err != nil { return err } - lib := filepath.Base(dirName) - headerPath, err := findHeader(lib + ".h") + dirName, err := os.Getwd() if err != nil { return err } - sourcePath := lib + "_error.c" + + lib := filepath.Base(dirName) + headerPath := filepath.Join(topLevelPath, "include", "openssl", lib+".h") + errDir := filepath.Join(topLevelPath, "crypto", "err") + dataPath := filepath.Join(errDir, lib+".errordata") headerFile, err := os.Open(headerPath) if err != nil { @@ -90,7 +93,7 @@ func makeErrors(reset bool) error { } for _, name := range filenames { - if !strings.HasSuffix(name, ".c") || name == sourcePath { + if !strings.HasSuffix(name, ".c") { continue } @@ -119,55 +122,32 @@ func makeErrors(reset bool) error { } os.Rename(headerPath+".tmp", headerPath) - sourceFile, err := os.OpenFile(sourcePath, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0644) + dataFile, err := os.OpenFile(dataPath, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0644) if err != nil { return err } - defer sourceFile.Close() - fmt.Fprintf(sourceFile, `/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#include - -#include - -const ERR_STRING_DATA %s_error_string_data[] = { -`, lib, prefix) - outputStrings(sourceFile, lib, typeFunctions, functions) - outputStrings(sourceFile, lib, typeReasons, reasons) - - sourceFile.WriteString(" {0, NULL},\n};\n") + outputStrings(dataFile, lib, typeFunctions, functions) + outputStrings(dataFile, lib, typeReasons, reasons) + dataFile.Close() return nil } -func findHeader(basename string) (path string, err error) { - includeDir := filepath.Join("..", "include") +func findToplevel() (path string, err error) { + path = ".." + buildingPath := filepath.Join(path, "BUILDING") - fi, err := os.Stat(includeDir) + _, err = os.Stat(buildingPath) if err != nil && os.IsNotExist(err) { - includeDir = filepath.Join("..", includeDir) - fi, err = os.Stat(includeDir) + path = filepath.Join("..", path) + buildingPath = filepath.Join(path, "BUILDING") + _, err = os.Stat(buildingPath) } if err != nil { - return "", errors.New("cannot find path to include directory") - } - if !fi.IsDir() { - return "", errors.New("include node is not a directory") + return "", errors.New("Cannot find BUILDING file at the top-level") } - return filepath.Join(includeDir, "openssl", basename), nil + return path, nil } type assignment struct { @@ -295,18 +275,17 @@ func outputStrings(w io.Writer, lib string, ty int, assignments map[string]int) sort.Strings(keys) for _, key := range keys { - var pack string - if ty == typeFunctions { - pack = key + ", 0" - } else { - pack = "0, " + key + typeString := "function" + if ty == typeReasons { + typeString = "reason" } - - fmt.Fprintf(w, " {ERR_PACK(ERR_LIB_%s, %s), \"%s\"},\n", lib, pack, key[prefixLen:]) + fmt.Fprintf(w, "%s,%s,%d,%s\n", lib, typeString, assignments[key], key[prefixLen:]) } } func assignNewValues(assignments map[string]int, reserved int) { + // Needs to be in sync with the reason limit in + // |ERR_reason_error_string|. max := 99 for _, value := range assignments { @@ -320,16 +299,23 @@ func assignNewValues(assignments map[string]int, reserved int) { max++ + // Sort the keys, so this script is reproducible. + keys := make([]string, 0, len(assignments)) for key, value := range assignments { if value == -1 { - if reserved >= 0 && max >= reserved { - // If this happens, try passing - // -reset. Otherwise bump up reservedReasonCode. - panic("Automatically-assigned values exceeded limit!") - } - assignments[key] = max - max++ + keys = append(keys, key) + } + } + sort.Strings(keys) + + for _, key := range keys { + if reserved >= 0 && max >= reserved { + // If this happens, try passing -reset. Otherwise bump + // up reservedReasonCode. + panic("Automatically-assigned values exceeded limit!") } + assignments[key] = max + max++ } } @@ -360,8 +346,7 @@ func addFunctionsAndReasons(functions, reasons map[string]int, filename, prefix } defer file.Close() - prefix += "_" - reasonPrefix := prefix + "R_" + reasonPrefix := prefix + "_R_" var currentFunction string scanner := bufio.NewScanner(file) @@ -388,8 +373,9 @@ func addFunctionsAndReasons(functions, reasons map[string]int, filename, prefix } } - if strings.Contains(line, "OPENSSL_PUT_ERROR(") { - functionToken := prefix + "F_" + currentFunction + // Do not include cross-module error lines. + if strings.Contains(line, "OPENSSL_PUT_ERROR(" + prefix + ",") { + functionToken := prefix + "_F_" + currentFunction if _, ok := functions[functionToken]; !ok { functions[functionToken] = -1 } @@ -399,7 +385,7 @@ func addFunctionsAndReasons(functions, reasons map[string]int, filename, prefix handleDeclareMacro(line, "_F_", "OPENSSL_DECLARE_ERROR_FUNCTION(", functions) for len(line) > 0 { - i := strings.Index(line, prefix) + i := strings.Index(line, prefix + "_") if i == -1 { break } diff --git a/update_gypi_and_asm.py b/update_gypi_and_asm.py deleted file mode 100644 index 349a7e7..0000000 --- a/update_gypi_and_asm.py +++ /dev/null @@ -1,215 +0,0 @@ -# Copyright 2014 The Chromium Authors. All rights reserved. -# Use of this source code is governed by a BSD-style license that can b -# found in the LICENSE file. - -import os -import subprocess -import sys - - -# OS_ARCH_COMBOS maps from OS and platform to the OpenSSL assembly "style" for -# that platform and the extension used by asm files. -OS_ARCH_COMBOS = [ - ('linux', 'arm', 'elf', [''], 'S'), - ('linux', 'x86', 'elf', ['-fPIC'], 'S'), - ('linux', 'x86_64', 'elf', [''], 'S'), - ('linux', 'aarch64', 'linux64', [''], 'S'), - ('mac', 'x86', 'macosx', ['-fPIC'], 'S'), - ('mac', 'x86_64', 'macosx', [''], 'S'), - ('win', 'x86_64', 'masm', [''], 'asm'), -] - -# NON_PERL_FILES enumerates assembly files that are not processed by the -# perlasm system. -NON_PERL_FILES = { - ('linux', 'arm'): [ - 'src/crypto/poly1305/poly1305_arm_asm.S', - 'src/crypto/chacha/chacha_vec_arm.S', - ], -} - -FILE_HEADER = """# This file is created by update_gypi_and_asm.py. Do not edit manually. - -""" - - -def FindCMakeFiles(directory): - """Returns list of all CMakeLists.txt files recursively in directory.""" - cmakefiles = [] - - for (path, _, filenames) in os.walk(directory): - for filename in filenames: - if filename == 'CMakeLists.txt': - cmakefiles.append(os.path.join(path, filename)) - - return cmakefiles - - -def NoTests(dent, is_dir): - """Filter function that can be passed to FindCFiles in order to remove test - sources.""" - if is_dir: - return dent != 'test' - return 'test.' not in dent and not dent.startswith('example_') - - -def OnlyTests(dent, is_dir): - """Filter function that can be passed to FindCFiles in order to remove - non-test sources.""" - if is_dir: - return True - return '_test.' in dent or dent.startswith('example_') - - -def FindCFiles(directory, filter_func): - """Recurses through directory and returns a list of paths to all the C source - files that pass filter_func.""" - cfiles = [] - - for (path, dirnames, filenames) in os.walk(directory): - for filename in filenames: - if (filename.endswith('.c') or filename.endswith('.cc')) and filter_func( - filename, False): - cfiles.append(os.path.join(path, filename)) - continue - - for (i, dirname) in enumerate(dirnames): - if not filter_func(dirname, True): - del dirnames[i] - - return cfiles - - -def ExtractPerlAsmFromCMakeFile(cmakefile): - """Parses the contents of the CMakeLists.txt file passed as an argument and - returns a list of all the perlasm() directives found in the file.""" - perlasms = [] - with open(cmakefile) as f: - for line in f: - line = line.strip() - if not line.startswith('perlasm('): - continue - if not line.endswith(')'): - raise ValueError('Bad perlasm line in %s' % cmakefile) - # Remove "perlasm(" from start and ")" from end - params = line[8:-1].split() - if len(params) < 2: - raise ValueError('Bad perlasm line in %s' % cmakefile) - perlasms.append({ - 'extra_args': params[2:], - 'input': os.path.join(os.path.dirname(cmakefile), params[1]), - 'output': os.path.join(os.path.dirname(cmakefile), params[0]), - }) - - return perlasms - - -def ReadPerlAsmOperations(): - """Returns a list of all perlasm() directives found in CMake config files in - src/.""" - perlasms = [] - cmakefiles = FindCMakeFiles('src') - - for cmakefile in cmakefiles: - perlasms.extend(ExtractPerlAsmFromCMakeFile(cmakefile)) - - return perlasms - - -def PerlAsm(output_filename, input_filename, perlasm_style, extra_args): - """Runs the a perlasm script and puts the output into output_filename.""" - base_dir = os.path.dirname(output_filename) - if not os.path.isdir(base_dir): - os.makedirs(base_dir) - output = subprocess.check_output( - ['perl', input_filename, perlasm_style] + extra_args) - with open(output_filename, 'w+') as out_file: - out_file.write(output) - - -def ArchForAsmFilename(filename): - """Returns the architectures that a given asm file should be compiled for - based on substrings in the filename.""" - - if 'x86_64' in filename or 'avx2' in filename: - return ['x86_64'] - elif ('x86' in filename and 'x86_64' not in filename) or '586' in filename: - return ['x86'] - elif 'armx' in filename: - return ['arm', 'aarch64'] - elif 'armv8' in filename: - return ['aarch64'] - elif 'arm' in filename: - return ['arm'] - else: - raise ValueError('Unknown arch for asm filename: ' + filename) - - -def WriteAsmFiles(perlasms): - """Generates asm files from perlasm directives for each supported OS x - platform combination.""" - asmfiles = {} - - for osarch in OS_ARCH_COMBOS: - (osname, arch, perlasm_style, extra_args, asm_ext) = osarch - key = (osname, arch) - outDir = '%s-%s' % key - - for perlasm in perlasms: - filename = os.path.basename(perlasm['input']) - output = perlasm['output'] - if not output.startswith('src'): - raise ValueError('output missing src: %s' % output) - output = os.path.join(outDir, output[4:]) - output = output.replace('${ASM_EXT}', asm_ext) - - if arch in ArchForAsmFilename(filename): - PerlAsm(output, perlasm['input'], perlasm_style, - perlasm['extra_args'] + extra_args) - asmfiles.setdefault(key, []).append(output) - - for (key, non_perl_asm_files) in NON_PERL_FILES.iteritems(): - asmfiles.setdefault(key, []).extend(non_perl_asm_files) - - return asmfiles - - -def PrintVariableSection(out, name, files): - out.write('%s := \\\n' % name) - for f in sorted(files): - out.write(' %s\\\n' % f) - out.write('\n') - - -def main(): - crypto_c_files = FindCFiles(os.path.join('src', 'crypto'), NoTests) - ssl_c_files = FindCFiles(os.path.join('src', 'ssl'), NoTests) - tool_cc_files = FindCFiles(os.path.join('src', 'tool'), NoTests) - - crypto_c_files.append('android_compat_hacks.c') - crypto_c_files.append('android_compat_keywrap.c') - - with open('sources.mk', 'w+') as makefile: - makefile.write(FILE_HEADER) - - PrintVariableSection( - makefile, 'crypto_sources', crypto_c_files) - - PrintVariableSection( - makefile, 'ssl_sources', ssl_c_files) - - PrintVariableSection( - makefile, 'tool_sources', tool_cc_files) - - perlasms = ReadPerlAsmOperations() - - for ((osname, arch), asm_files) in sorted( - WriteAsmFiles(perlasms).iteritems()): - PrintVariableSection(makefile, '%s_%s_sources' % - (osname, arch), asm_files) - - return 0 - - -if __name__ == '__main__': - sys.exit(main()) diff --git a/win-x86/crypto/aes/aes-586.asm b/win-x86/crypto/aes/aes-586.asm new file mode 100644 index 0000000..42ca026 --- /dev/null +++ b/win-x86/crypto/aes/aes-586.asm @@ -0,0 +1,3219 @@ +%ifidn __OUTPUT_FORMAT__,obj +section code use32 class=code align=64 +%elifidn __OUTPUT_FORMAT__,win32 +%ifdef __YASM_VERSION_ID__ +%if __YASM_VERSION_ID__ < 01010000h +%error yasm version 1.1.0 or later needed. +%endif +; Yasm automatically includes .00 and complains about redefining it. +; https://www.tortall.net/projects/yasm/manual/html/objfmt-win32-safeseh.html +%else +$@feat.00 equ 1 +%endif +section .text code align=64 +%else +section .text code +%endif +align 16 +__x86_AES_encrypt_compact: + mov DWORD [20+esp],edi + xor eax,DWORD [edi] + xor ebx,DWORD [4+edi] + xor ecx,DWORD [8+edi] + xor edx,DWORD [12+edi] + mov esi,DWORD [240+edi] + lea esi,[esi*1+esi-2] + lea esi,[esi*8+edi] + mov DWORD [24+esp],esi + mov edi,DWORD [ebp-128] + mov esi,DWORD [ebp-96] + mov edi,DWORD [ebp-64] + mov esi,DWORD [ebp-32] + mov edi,DWORD [ebp] + mov esi,DWORD [32+ebp] + mov edi,DWORD [64+ebp] + mov esi,DWORD [96+ebp] +align 16 +L$000loop: + mov esi,eax + and esi,255 + movzx esi,BYTE [esi*1+ebp-128] + movzx edi,bh + movzx edi,BYTE [edi*1+ebp-128] + shl edi,8 + xor esi,edi + mov edi,ecx + shr edi,16 + and edi,255 + movzx edi,BYTE [edi*1+ebp-128] + shl edi,16 + xor esi,edi + mov edi,edx + shr edi,24 + movzx edi,BYTE [edi*1+ebp-128] + shl edi,24 + xor esi,edi + mov DWORD [4+esp],esi + mov esi,ebx + and esi,255 + shr ebx,16 + movzx esi,BYTE [esi*1+ebp-128] + movzx edi,ch + movzx edi,BYTE [edi*1+ebp-128] + shl edi,8 + xor esi,edi + mov edi,edx + shr edi,16 + and edi,255 + movzx edi,BYTE [edi*1+ebp-128] + shl edi,16 + xor esi,edi + mov edi,eax + shr edi,24 + movzx edi,BYTE [edi*1+ebp-128] + shl edi,24 + xor esi,edi + mov DWORD [8+esp],esi + mov esi,ecx + and esi,255 + shr ecx,24 + movzx esi,BYTE [esi*1+ebp-128] + movzx edi,dh + movzx edi,BYTE [edi*1+ebp-128] + shl edi,8 + xor esi,edi + mov edi,eax + shr edi,16 + and edx,255 + and edi,255 + movzx edi,BYTE [edi*1+ebp-128] + shl edi,16 + xor esi,edi + movzx edi,bh + movzx edi,BYTE [edi*1+ebp-128] + shl edi,24 + xor esi,edi + and edx,255 + movzx edx,BYTE [edx*1+ebp-128] + movzx eax,ah + movzx eax,BYTE [eax*1+ebp-128] + shl eax,8 + xor edx,eax + mov eax,DWORD [4+esp] + and ebx,255 + movzx ebx,BYTE [ebx*1+ebp-128] + shl ebx,16 + xor edx,ebx + mov ebx,DWORD [8+esp] + movzx ecx,BYTE [ecx*1+ebp-128] + shl ecx,24 + xor edx,ecx + mov ecx,esi + mov ebp,2155905152 + and ebp,ecx + lea edi,[ecx*1+ecx] + mov esi,ebp + shr ebp,7 + and edi,4278124286 + sub esi,ebp + mov ebp,ecx + and esi,454761243 + ror ebp,16 + xor esi,edi + mov edi,ecx + xor ecx,esi + ror edi,24 + xor esi,ebp + rol ecx,24 + xor esi,edi + mov ebp,2155905152 + xor ecx,esi + and ebp,edx + lea edi,[edx*1+edx] + mov esi,ebp + shr ebp,7 + and edi,4278124286 + sub esi,ebp + mov ebp,edx + and esi,454761243 + ror ebp,16 + xor esi,edi + mov edi,edx + xor edx,esi + ror edi,24 + xor esi,ebp + rol edx,24 + xor esi,edi + mov ebp,2155905152 + xor edx,esi + and ebp,eax + lea edi,[eax*1+eax] + mov esi,ebp + shr ebp,7 + and edi,4278124286 + sub esi,ebp + mov ebp,eax + and esi,454761243 + ror ebp,16 + xor esi,edi + mov edi,eax + xor eax,esi + ror edi,24 + xor esi,ebp + rol eax,24 + xor esi,edi + mov ebp,2155905152 + xor eax,esi + and ebp,ebx + lea edi,[ebx*1+ebx] + mov esi,ebp + shr ebp,7 + and edi,4278124286 + sub esi,ebp + mov ebp,ebx + and esi,454761243 + ror ebp,16 + xor esi,edi + mov edi,ebx + xor ebx,esi + ror edi,24 + xor esi,ebp + rol ebx,24 + xor esi,edi + xor ebx,esi + mov edi,DWORD [20+esp] + mov ebp,DWORD [28+esp] + add edi,16 + xor eax,DWORD [edi] + xor ebx,DWORD [4+edi] + xor ecx,DWORD [8+edi] + xor edx,DWORD [12+edi] + cmp edi,DWORD [24+esp] + mov DWORD [20+esp],edi + jb NEAR L$000loop + mov esi,eax + and esi,255 + movzx esi,BYTE [esi*1+ebp-128] + movzx edi,bh + movzx edi,BYTE [edi*1+ebp-128] + shl edi,8 + xor esi,edi + mov edi,ecx + shr edi,16 + and edi,255 + movzx edi,BYTE [edi*1+ebp-128] + shl edi,16 + xor esi,edi + mov edi,edx + shr edi,24 + movzx edi,BYTE [edi*1+ebp-128] + shl edi,24 + xor esi,edi + mov DWORD [4+esp],esi + mov esi,ebx + and esi,255 + shr ebx,16 + movzx esi,BYTE [esi*1+ebp-128] + movzx edi,ch + movzx edi,BYTE [edi*1+ebp-128] + shl edi,8 + xor esi,edi + mov edi,edx + shr edi,16 + and edi,255 + movzx edi,BYTE [edi*1+ebp-128] + shl edi,16 + xor esi,edi + mov edi,eax + shr edi,24 + movzx edi,BYTE [edi*1+ebp-128] + shl edi,24 + xor esi,edi + mov DWORD [8+esp],esi + mov esi,ecx + and esi,255 + shr ecx,24 + movzx esi,BYTE [esi*1+ebp-128] + movzx edi,dh + movzx edi,BYTE [edi*1+ebp-128] + shl edi,8 + xor esi,edi + mov edi,eax + shr edi,16 + and edx,255 + and edi,255 + movzx edi,BYTE [edi*1+ebp-128] + shl edi,16 + xor esi,edi + movzx edi,bh + movzx edi,BYTE [edi*1+ebp-128] + shl edi,24 + xor esi,edi + mov edi,DWORD [20+esp] + and edx,255 + movzx edx,BYTE [edx*1+ebp-128] + movzx eax,ah + movzx eax,BYTE [eax*1+ebp-128] + shl eax,8 + xor edx,eax + mov eax,DWORD [4+esp] + and ebx,255 + movzx ebx,BYTE [ebx*1+ebp-128] + shl ebx,16 + xor edx,ebx + mov ebx,DWORD [8+esp] + movzx ecx,BYTE [ecx*1+ebp-128] + shl ecx,24 + xor edx,ecx + mov ecx,esi + xor eax,DWORD [16+edi] + xor ebx,DWORD [20+edi] + xor ecx,DWORD [24+edi] + xor edx,DWORD [28+edi] + ret +align 16 +__sse_AES_encrypt_compact: + pxor mm0,[edi] + pxor mm4,[8+edi] + mov esi,DWORD [240+edi] + lea esi,[esi*1+esi-2] + lea esi,[esi*8+edi] + mov DWORD [24+esp],esi + mov eax,454761243 + mov DWORD [8+esp],eax + mov DWORD [12+esp],eax + mov eax,DWORD [ebp-128] + mov ebx,DWORD [ebp-96] + mov ecx,DWORD [ebp-64] + mov edx,DWORD [ebp-32] + mov eax,DWORD [ebp] + mov ebx,DWORD [32+ebp] + mov ecx,DWORD [64+ebp] + mov edx,DWORD [96+ebp] +align 16 +L$001loop: + pshufw mm1,mm0,8 + pshufw mm5,mm4,13 + movd eax,mm1 + movd ebx,mm5 + mov DWORD [20+esp],edi + movzx esi,al + movzx edx,ah + pshufw mm2,mm0,13 + movzx ecx,BYTE [esi*1+ebp-128] + movzx edi,bl + movzx edx,BYTE [edx*1+ebp-128] + shr eax,16 + shl edx,8 + movzx esi,BYTE [edi*1+ebp-128] + movzx edi,bh + shl esi,16 + pshufw mm6,mm4,8 + or ecx,esi + movzx esi,BYTE [edi*1+ebp-128] + movzx edi,ah + shl esi,24 + shr ebx,16 + or edx,esi + movzx esi,BYTE [edi*1+ebp-128] + movzx edi,bh + shl esi,8 + or ecx,esi + movzx esi,BYTE [edi*1+ebp-128] + movzx edi,al + shl esi,24 + or ecx,esi + movzx esi,BYTE [edi*1+ebp-128] + movzx edi,bl + movd eax,mm2 + movd mm0,ecx + movzx ecx,BYTE [edi*1+ebp-128] + movzx edi,ah + shl ecx,16 + movd ebx,mm6 + or ecx,esi + movzx esi,BYTE [edi*1+ebp-128] + movzx edi,bh + shl esi,24 + or ecx,esi + movzx esi,BYTE [edi*1+ebp-128] + movzx edi,bl + shl esi,8 + shr ebx,16 + or ecx,esi + movzx esi,BYTE [edi*1+ebp-128] + movzx edi,al + shr eax,16 + movd mm1,ecx + movzx ecx,BYTE [edi*1+ebp-128] + movzx edi,ah + shl ecx,16 + and eax,255 + or ecx,esi + punpckldq mm0,mm1 + movzx esi,BYTE [edi*1+ebp-128] + movzx edi,bh + shl esi,24 + and ebx,255 + movzx eax,BYTE [eax*1+ebp-128] + or ecx,esi + shl eax,16 + movzx esi,BYTE [edi*1+ebp-128] + or edx,eax + shl esi,8 + movzx ebx,BYTE [ebx*1+ebp-128] + or ecx,esi + or edx,ebx + mov edi,DWORD [20+esp] + movd mm4,ecx + movd mm5,edx + punpckldq mm4,mm5 + add edi,16 + cmp edi,DWORD [24+esp] + ja NEAR L$002out + movq mm2,[8+esp] + pxor mm3,mm3 + pxor mm7,mm7 + movq mm1,mm0 + movq mm5,mm4 + pcmpgtb mm3,mm0 + pcmpgtb mm7,mm4 + pand mm3,mm2 + pand mm7,mm2 + pshufw mm2,mm0,177 + pshufw mm6,mm4,177 + paddb mm0,mm0 + paddb mm4,mm4 + pxor mm0,mm3 + pxor mm4,mm7 + pshufw mm3,mm2,177 + pshufw mm7,mm6,177 + pxor mm1,mm0 + pxor mm5,mm4 + pxor mm0,mm2 + pxor mm4,mm6 + movq mm2,mm3 + movq mm6,mm7 + pslld mm3,8 + pslld mm7,8 + psrld mm2,24 + psrld mm6,24 + pxor mm0,mm3 + pxor mm4,mm7 + pxor mm0,mm2 + pxor mm4,mm6 + movq mm3,mm1 + movq mm7,mm5 + movq mm2,[edi] + movq mm6,[8+edi] + psrld mm1,8 + psrld mm5,8 + mov eax,DWORD [ebp-128] + pslld mm3,24 + pslld mm7,24 + mov ebx,DWORD [ebp-64] + pxor mm0,mm1 + pxor mm4,mm5 + mov ecx,DWORD [ebp] + pxor mm0,mm3 + pxor mm4,mm7 + mov edx,DWORD [64+ebp] + pxor mm0,mm2 + pxor mm4,mm6 + jmp NEAR L$001loop +align 16 +L$002out: + pxor mm0,[edi] + pxor mm4,[8+edi] + ret +align 16 +__x86_AES_encrypt: + mov DWORD [20+esp],edi + xor eax,DWORD [edi] + xor ebx,DWORD [4+edi] + xor ecx,DWORD [8+edi] + xor edx,DWORD [12+edi] + mov esi,DWORD [240+edi] + lea esi,[esi*1+esi-2] + lea esi,[esi*8+edi] + mov DWORD [24+esp],esi +align 16 +L$003loop: + mov esi,eax + and esi,255 + mov esi,DWORD [esi*8+ebp] + movzx edi,bh + xor esi,DWORD [3+edi*8+ebp] + mov edi,ecx + shr edi,16 + and edi,255 + xor esi,DWORD [2+edi*8+ebp] + mov edi,edx + shr edi,24 + xor esi,DWORD [1+edi*8+ebp] + mov DWORD [4+esp],esi + mov esi,ebx + and esi,255 + shr ebx,16 + mov esi,DWORD [esi*8+ebp] + movzx edi,ch + xor esi,DWORD [3+edi*8+ebp] + mov edi,edx + shr edi,16 + and edi,255 + xor esi,DWORD [2+edi*8+ebp] + mov edi,eax + shr edi,24 + xor esi,DWORD [1+edi*8+ebp] + mov DWORD [8+esp],esi + mov esi,ecx + and esi,255 + shr ecx,24 + mov esi,DWORD [esi*8+ebp] + movzx edi,dh + xor esi,DWORD [3+edi*8+ebp] + mov edi,eax + shr edi,16 + and edx,255 + and edi,255 + xor esi,DWORD [2+edi*8+ebp] + movzx edi,bh + xor esi,DWORD [1+edi*8+ebp] + mov edi,DWORD [20+esp] + mov edx,DWORD [edx*8+ebp] + movzx eax,ah + xor edx,DWORD [3+eax*8+ebp] + mov eax,DWORD [4+esp] + and ebx,255 + xor edx,DWORD [2+ebx*8+ebp] + mov ebx,DWORD [8+esp] + xor edx,DWORD [1+ecx*8+ebp] + mov ecx,esi + add edi,16 + xor eax,DWORD [edi] + xor ebx,DWORD [4+edi] + xor ecx,DWORD [8+edi] + xor edx,DWORD [12+edi] + cmp edi,DWORD [24+esp] + mov DWORD [20+esp],edi + jb NEAR L$003loop + mov esi,eax + and esi,255 + mov esi,DWORD [2+esi*8+ebp] + and esi,255 + movzx edi,bh + mov edi,DWORD [edi*8+ebp] + and edi,65280 + xor esi,edi + mov edi,ecx + shr edi,16 + and edi,255 + mov edi,DWORD [edi*8+ebp] + and edi,16711680 + xor esi,edi + mov edi,edx + shr edi,24 + mov edi,DWORD [2+edi*8+ebp] + and edi,4278190080 + xor esi,edi + mov DWORD [4+esp],esi + mov esi,ebx + and esi,255 + shr ebx,16 + mov esi,DWORD [2+esi*8+ebp] + and esi,255 + movzx edi,ch + mov edi,DWORD [edi*8+ebp] + and edi,65280 + xor esi,edi + mov edi,edx + shr edi,16 + and edi,255 + mov edi,DWORD [edi*8+ebp] + and edi,16711680 + xor esi,edi + mov edi,eax + shr edi,24 + mov edi,DWORD [2+edi*8+ebp] + and edi,4278190080 + xor esi,edi + mov DWORD [8+esp],esi + mov esi,ecx + and esi,255 + shr ecx,24 + mov esi,DWORD [2+esi*8+ebp] + and esi,255 + movzx edi,dh + mov edi,DWORD [edi*8+ebp] + and edi,65280 + xor esi,edi + mov edi,eax + shr edi,16 + and edx,255 + and edi,255 + mov edi,DWORD [edi*8+ebp] + and edi,16711680 + xor esi,edi + movzx edi,bh + mov edi,DWORD [2+edi*8+ebp] + and edi,4278190080 + xor esi,edi + mov edi,DWORD [20+esp] + and edx,255 + mov edx,DWORD [2+edx*8+ebp] + and edx,255 + movzx eax,ah + mov eax,DWORD [eax*8+ebp] + and eax,65280 + xor edx,eax + mov eax,DWORD [4+esp] + and ebx,255 + mov ebx,DWORD [ebx*8+ebp] + and ebx,16711680 + xor edx,ebx + mov ebx,DWORD [8+esp] + mov ecx,DWORD [2+ecx*8+ebp] + and ecx,4278190080 + xor edx,ecx + mov ecx,esi + add edi,16 + xor eax,DWORD [edi] + xor ebx,DWORD [4+edi] + xor ecx,DWORD [8+edi] + xor edx,DWORD [12+edi] + ret +align 64 +L$AES_Te: +dd 2774754246,2774754246 +dd 2222750968,2222750968 +dd 2574743534,2574743534 +dd 2373680118,2373680118 +dd 234025727,234025727 +dd 3177933782,3177933782 +dd 2976870366,2976870366 +dd 1422247313,1422247313 +dd 1345335392,1345335392 +dd 50397442,50397442 +dd 2842126286,2842126286 +dd 2099981142,2099981142 +dd 436141799,436141799 +dd 1658312629,1658312629 +dd 3870010189,3870010189 +dd 2591454956,2591454956 +dd 1170918031,1170918031 +dd 2642575903,2642575903 +dd 1086966153,1086966153 +dd 2273148410,2273148410 +dd 368769775,368769775 +dd 3948501426,3948501426 +dd 3376891790,3376891790 +dd 200339707,200339707 +dd 3970805057,3970805057 +dd 1742001331,1742001331 +dd 4255294047,4255294047 +dd 3937382213,3937382213 +dd 3214711843,3214711843 +dd 4154762323,4154762323 +dd 2524082916,2524082916 +dd 1539358875,1539358875 +dd 3266819957,3266819957 +dd 486407649,486407649 +dd 2928907069,2928907069 +dd 1780885068,1780885068 +dd 1513502316,1513502316 +dd 1094664062,1094664062 +dd 49805301,49805301 +dd 1338821763,1338821763 +dd 1546925160,1546925160 +dd 4104496465,4104496465 +dd 887481809,887481809 +dd 150073849,150073849 +dd 2473685474,2473685474 +dd 1943591083,1943591083 +dd 1395732834,1395732834 +dd 1058346282,1058346282 +dd 201589768,201589768 +dd 1388824469,1388824469 +dd 1696801606,1696801606 +dd 1589887901,1589887901 +dd 672667696,672667696 +dd 2711000631,2711000631 +dd 251987210,251987210 +dd 3046808111,3046808111 +dd 151455502,151455502 +dd 907153956,907153956 +dd 2608889883,2608889883 +dd 1038279391,1038279391 +dd 652995533,652995533 +dd 1764173646,1764173646 +dd 3451040383,3451040383 +dd 2675275242,2675275242 +dd 453576978,453576978 +dd 2659418909,2659418909 +dd 1949051992,1949051992 +dd 773462580,773462580 +dd 756751158,756751158 +dd 2993581788,2993581788 +dd 3998898868,3998898868 +dd 4221608027,4221608027 +dd 4132590244,4132590244 +dd 1295727478,1295727478 +dd 1641469623,1641469623 +dd 3467883389,3467883389 +dd 2066295122,2066295122 +dd 1055122397,1055122397 +dd 1898917726,1898917726 +dd 2542044179,2542044179 +dd 4115878822,4115878822 +dd 1758581177,1758581177 +dd 0,0 +dd 753790401,753790401 +dd 1612718144,1612718144 +dd 536673507,536673507 +dd 3367088505,3367088505 +dd 3982187446,3982187446 +dd 3194645204,3194645204 +dd 1187761037,1187761037 +dd 3653156455,3653156455 +dd 1262041458,1262041458 +dd 3729410708,3729410708 +dd 3561770136,3561770136 +dd 3898103984,3898103984 +dd 1255133061,1255133061 +dd 1808847035,1808847035 +dd 720367557,720367557 +dd 3853167183,3853167183 +dd 385612781,385612781 +dd 3309519750,3309519750 +dd 3612167578,3612167578 +dd 1429418854,1429418854 +dd 2491778321,2491778321 +dd 3477423498,3477423498 +dd 284817897,284817897 +dd 100794884,100794884 +dd 2172616702,2172616702 +dd 4031795360,4031795360 +dd 1144798328,1144798328 +dd 3131023141,3131023141 +dd 3819481163,3819481163 +dd 4082192802,4082192802 +dd 4272137053,4272137053 +dd 3225436288,3225436288 +dd 2324664069,2324664069 +dd 2912064063,2912064063 +dd 3164445985,3164445985 +dd 1211644016,1211644016 +dd 83228145,83228145 +dd 3753688163,3753688163 +dd 3249976951,3249976951 +dd 1977277103,1977277103 +dd 1663115586,1663115586 +dd 806359072,806359072 +dd 452984805,452984805 +dd 250868733,250868733 +dd 1842533055,1842533055 +dd 1288555905,1288555905 +dd 336333848,336333848 +dd 890442534,890442534 +dd 804056259,804056259 +dd 3781124030,3781124030 +dd 2727843637,2727843637 +dd 3427026056,3427026056 +dd 957814574,957814574 +dd 1472513171,1472513171 +dd 4071073621,4071073621 +dd 2189328124,2189328124 +dd 1195195770,1195195770 +dd 2892260552,2892260552 +dd 3881655738,3881655738 +dd 723065138,723065138 +dd 2507371494,2507371494 +dd 2690670784,2690670784 +dd 2558624025,2558624025 +dd 3511635870,3511635870 +dd 2145180835,2145180835 +dd 1713513028,1713513028 +dd 2116692564,2116692564 +dd 2878378043,2878378043 +dd 2206763019,2206763019 +dd 3393603212,3393603212 +dd 703524551,703524551 +dd 3552098411,3552098411 +dd 1007948840,1007948840 +dd 2044649127,2044649127 +dd 3797835452,3797835452 +dd 487262998,487262998 +dd 1994120109,1994120109 +dd 1004593371,1004593371 +dd 1446130276,1446130276 +dd 1312438900,1312438900 +dd 503974420,503974420 +dd 3679013266,3679013266 +dd 168166924,168166924 +dd 1814307912,1814307912 +dd 3831258296,3831258296 +dd 1573044895,1573044895 +dd 1859376061,1859376061 +dd 4021070915,4021070915 +dd 2791465668,2791465668 +dd 2828112185,2828112185 +dd 2761266481,2761266481 +dd 937747667,937747667 +dd 2339994098,2339994098 +dd 854058965,854058965 +dd 1137232011,1137232011 +dd 1496790894,1496790894 +dd 3077402074,3077402074 +dd 2358086913,2358086913 +dd 1691735473,1691735473 +dd 3528347292,3528347292 +dd 3769215305,3769215305 +dd 3027004632,3027004632 +dd 4199962284,4199962284 +dd 133494003,133494003 +dd 636152527,636152527 +dd 2942657994,2942657994 +dd 2390391540,2390391540 +dd 3920539207,3920539207 +dd 403179536,403179536 +dd 3585784431,3585784431 +dd 2289596656,2289596656 +dd 1864705354,1864705354 +dd 1915629148,1915629148 +dd 605822008,605822008 +dd 4054230615,4054230615 +dd 3350508659,3350508659 +dd 1371981463,1371981463 +dd 602466507,602466507 +dd 2094914977,2094914977 +dd 2624877800,2624877800 +dd 555687742,555687742 +dd 3712699286,3712699286 +dd 3703422305,3703422305 +dd 2257292045,2257292045 +dd 2240449039,2240449039 +dd 2423288032,2423288032 +dd 1111375484,1111375484 +dd 3300242801,3300242801 +dd 2858837708,2858837708 +dd 3628615824,3628615824 +dd 84083462,84083462 +dd 32962295,32962295 +dd 302911004,302911004 +dd 2741068226,2741068226 +dd 1597322602,1597322602 +dd 4183250862,4183250862 +dd 3501832553,3501832553 +dd 2441512471,2441512471 +dd 1489093017,1489093017 +dd 656219450,656219450 +dd 3114180135,3114180135 +dd 954327513,954327513 +dd 335083755,335083755 +dd 3013122091,3013122091 +dd 856756514,856756514 +dd 3144247762,3144247762 +dd 1893325225,1893325225 +dd 2307821063,2307821063 +dd 2811532339,2811532339 +dd 3063651117,3063651117 +dd 572399164,572399164 +dd 2458355477,2458355477 +dd 552200649,552200649 +dd 1238290055,1238290055 +dd 4283782570,4283782570 +dd 2015897680,2015897680 +dd 2061492133,2061492133 +dd 2408352771,2408352771 +dd 4171342169,4171342169 +dd 2156497161,2156497161 +dd 386731290,386731290 +dd 3669999461,3669999461 +dd 837215959,837215959 +dd 3326231172,3326231172 +dd 3093850320,3093850320 +dd 3275833730,3275833730 +dd 2962856233,2962856233 +dd 1999449434,1999449434 +dd 286199582,286199582 +dd 3417354363,3417354363 +dd 4233385128,4233385128 +dd 3602627437,3602627437 +dd 974525996,974525996 +db 99,124,119,123,242,107,111,197 +db 48,1,103,43,254,215,171,118 +db 202,130,201,125,250,89,71,240 +db 173,212,162,175,156,164,114,192 +db 183,253,147,38,54,63,247,204 +db 52,165,229,241,113,216,49,21 +db 4,199,35,195,24,150,5,154 +db 7,18,128,226,235,39,178,117 +db 9,131,44,26,27,110,90,160 +db 82,59,214,179,41,227,47,132 +db 83,209,0,237,32,252,177,91 +db 106,203,190,57,74,76,88,207 +db 208,239,170,251,67,77,51,133 +db 69,249,2,127,80,60,159,168 +db 81,163,64,143,146,157,56,245 +db 188,182,218,33,16,255,243,210 +db 205,12,19,236,95,151,68,23 +db 196,167,126,61,100,93,25,115 +db 96,129,79,220,34,42,144,136 +db 70,238,184,20,222,94,11,219 +db 224,50,58,10,73,6,36,92 +db 194,211,172,98,145,149,228,121 +db 231,200,55,109,141,213,78,169 +db 108,86,244,234,101,122,174,8 +db 186,120,37,46,28,166,180,198 +db 232,221,116,31,75,189,139,138 +db 112,62,181,102,72,3,246,14 +db 97,53,87,185,134,193,29,158 +db 225,248,152,17,105,217,142,148 +db 155,30,135,233,206,85,40,223 +db 140,161,137,13,191,230,66,104 +db 65,153,45,15,176,84,187,22 +db 99,124,119,123,242,107,111,197 +db 48,1,103,43,254,215,171,118 +db 202,130,201,125,250,89,71,240 +db 173,212,162,175,156,164,114,192 +db 183,253,147,38,54,63,247,204 +db 52,165,229,241,113,216,49,21 +db 4,199,35,195,24,150,5,154 +db 7,18,128,226,235,39,178,117 +db 9,131,44,26,27,110,90,160 +db 82,59,214,179,41,227,47,132 +db 83,209,0,237,32,252,177,91 +db 106,203,190,57,74,76,88,207 +db 208,239,170,251,67,77,51,133 +db 69,249,2,127,80,60,159,168 +db 81,163,64,143,146,157,56,245 +db 188,182,218,33,16,255,243,210 +db 205,12,19,236,95,151,68,23 +db 196,167,126,61,100,93,25,115 +db 96,129,79,220,34,42,144,136 +db 70,238,184,20,222,94,11,219 +db 224,50,58,10,73,6,36,92 +db 194,211,172,98,145,149,228,121 +db 231,200,55,109,141,213,78,169 +db 108,86,244,234,101,122,174,8 +db 186,120,37,46,28,166,180,198 +db 232,221,116,31,75,189,139,138 +db 112,62,181,102,72,3,246,14 +db 97,53,87,185,134,193,29,158 +db 225,248,152,17,105,217,142,148 +db 155,30,135,233,206,85,40,223 +db 140,161,137,13,191,230,66,104 +db 65,153,45,15,176,84,187,22 +db 99,124,119,123,242,107,111,197 +db 48,1,103,43,254,215,171,118 +db 202,130,201,125,250,89,71,240 +db 173,212,162,175,156,164,114,192 +db 183,253,147,38,54,63,247,204 +db 52,165,229,241,113,216,49,21 +db 4,199,35,195,24,150,5,154 +db 7,18,128,226,235,39,178,117 +db 9,131,44,26,27,110,90,160 +db 82,59,214,179,41,227,47,132 +db 83,209,0,237,32,252,177,91 +db 106,203,190,57,74,76,88,207 +db 208,239,170,251,67,77,51,133 +db 69,249,2,127,80,60,159,168 +db 81,163,64,143,146,157,56,245 +db 188,182,218,33,16,255,243,210 +db 205,12,19,236,95,151,68,23 +db 196,167,126,61,100,93,25,115 +db 96,129,79,220,34,42,144,136 +db 70,238,184,20,222,94,11,219 +db 224,50,58,10,73,6,36,92 +db 194,211,172,98,145,149,228,121 +db 231,200,55,109,141,213,78,169 +db 108,86,244,234,101,122,174,8 +db 186,120,37,46,28,166,180,198 +db 232,221,116,31,75,189,139,138 +db 112,62,181,102,72,3,246,14 +db 97,53,87,185,134,193,29,158 +db 225,248,152,17,105,217,142,148 +db 155,30,135,233,206,85,40,223 +db 140,161,137,13,191,230,66,104 +db 65,153,45,15,176,84,187,22 +db 99,124,119,123,242,107,111,197 +db 48,1,103,43,254,215,171,118 +db 202,130,201,125,250,89,71,240 +db 173,212,162,175,156,164,114,192 +db 183,253,147,38,54,63,247,204 +db 52,165,229,241,113,216,49,21 +db 4,199,35,195,24,150,5,154 +db 7,18,128,226,235,39,178,117 +db 9,131,44,26,27,110,90,160 +db 82,59,214,179,41,227,47,132 +db 83,209,0,237,32,252,177,91 +db 106,203,190,57,74,76,88,207 +db 208,239,170,251,67,77,51,133 +db 69,249,2,127,80,60,159,168 +db 81,163,64,143,146,157,56,245 +db 188,182,218,33,16,255,243,210 +db 205,12,19,236,95,151,68,23 +db 196,167,126,61,100,93,25,115 +db 96,129,79,220,34,42,144,136 +db 70,238,184,20,222,94,11,219 +db 224,50,58,10,73,6,36,92 +db 194,211,172,98,145,149,228,121 +db 231,200,55,109,141,213,78,169 +db 108,86,244,234,101,122,174,8 +db 186,120,37,46,28,166,180,198 +db 232,221,116,31,75,189,139,138 +db 112,62,181,102,72,3,246,14 +db 97,53,87,185,134,193,29,158 +db 225,248,152,17,105,217,142,148 +db 155,30,135,233,206,85,40,223 +db 140,161,137,13,191,230,66,104 +db 65,153,45,15,176,84,187,22 +dd 1,2,4,8 +dd 16,32,64,128 +dd 27,54,0,0 +dd 0,0,0,0 +global _asm_AES_encrypt +align 16 +_asm_AES_encrypt: +L$_asm_AES_encrypt_begin: + push ebp + push ebx + push esi + push edi + mov esi,DWORD [20+esp] + mov edi,DWORD [28+esp] + mov eax,esp + sub esp,36 + and esp,-64 + lea ebx,[edi-127] + sub ebx,esp + neg ebx + and ebx,960 + sub esp,ebx + add esp,4 + mov DWORD [28+esp],eax + call L$004pic_point +L$004pic_point: + pop ebp + lea eax,[_OPENSSL_ia32cap_P] + lea ebp,[(L$AES_Te-L$004pic_point)+ebp] + lea ebx,[764+esp] + sub ebx,ebp + and ebx,768 + lea ebp,[2176+ebx*1+ebp] + bt DWORD [eax],25 + jnc NEAR L$005x86 + movq mm0,[esi] + movq mm4,[8+esi] + call __sse_AES_encrypt_compact + mov esp,DWORD [28+esp] + mov esi,DWORD [24+esp] + movq [esi],mm0 + movq [8+esi],mm4 + emms + pop edi + pop esi + pop ebx + pop ebp + ret +align 16 +L$005x86: + mov DWORD [24+esp],ebp + mov eax,DWORD [esi] + mov ebx,DWORD [4+esi] + mov ecx,DWORD [8+esi] + mov edx,DWORD [12+esi] + call __x86_AES_encrypt_compact + mov esp,DWORD [28+esp] + mov esi,DWORD [24+esp] + mov DWORD [esi],eax + mov DWORD [4+esi],ebx + mov DWORD [8+esi],ecx + mov DWORD [12+esi],edx + pop edi + pop esi + pop ebx + pop ebp + ret +align 16 +__x86_AES_decrypt_compact: + mov DWORD [20+esp],edi + xor eax,DWORD [edi] + xor ebx,DWORD [4+edi] + xor ecx,DWORD [8+edi] + xor edx,DWORD [12+edi] + mov esi,DWORD [240+edi] + lea esi,[esi*1+esi-2] + lea esi,[esi*8+edi] + mov DWORD [24+esp],esi + mov edi,DWORD [ebp-128] + mov esi,DWORD [ebp-96] + mov edi,DWORD [ebp-64] + mov esi,DWORD [ebp-32] + mov edi,DWORD [ebp] + mov esi,DWORD [32+ebp] + mov edi,DWORD [64+ebp] + mov esi,DWORD [96+ebp] +align 16 +L$006loop: + mov esi,eax + and esi,255 + movzx esi,BYTE [esi*1+ebp-128] + movzx edi,dh + movzx edi,BYTE [edi*1+ebp-128] + shl edi,8 + xor esi,edi + mov edi,ecx + shr edi,16 + and edi,255 + movzx edi,BYTE [edi*1+ebp-128] + shl edi,16 + xor esi,edi + mov edi,ebx + shr edi,24 + movzx edi,BYTE [edi*1+ebp-128] + shl edi,24 + xor esi,edi + mov DWORD [4+esp],esi + mov esi,ebx + and esi,255 + movzx esi,BYTE [esi*1+ebp-128] + movzx edi,ah + movzx edi,BYTE [edi*1+ebp-128] + shl edi,8 + xor esi,edi + mov edi,edx + shr edi,16 + and edi,255 + movzx edi,BYTE [edi*1+ebp-128] + shl edi,16 + xor esi,edi + mov edi,ecx + shr edi,24 + movzx edi,BYTE [edi*1+ebp-128] + shl edi,24 + xor esi,edi + mov DWORD [8+esp],esi + mov esi,ecx + and esi,255 + movzx esi,BYTE [esi*1+ebp-128] + movzx edi,bh + movzx edi,BYTE [edi*1+ebp-128] + shl edi,8 + xor esi,edi + mov edi,eax + shr edi,16 + and edi,255 + movzx edi,BYTE [edi*1+ebp-128] + shl edi,16 + xor esi,edi + mov edi,edx + shr edi,24 + movzx edi,BYTE [edi*1+ebp-128] + shl edi,24 + xor esi,edi + and edx,255 + movzx edx,BYTE [edx*1+ebp-128] + movzx ecx,ch + movzx ecx,BYTE [ecx*1+ebp-128] + shl ecx,8 + xor edx,ecx + mov ecx,esi + shr ebx,16 + and ebx,255 + movzx ebx,BYTE [ebx*1+ebp-128] + shl ebx,16 + xor edx,ebx + shr eax,24 + movzx eax,BYTE [eax*1+ebp-128] + shl eax,24 + xor edx,eax + mov edi,2155905152 + and edi,ecx + mov esi,edi + shr edi,7 + lea eax,[ecx*1+ecx] + sub esi,edi + and eax,4278124286 + and esi,454761243 + xor eax,esi + mov edi,2155905152 + and edi,eax + mov esi,edi + shr edi,7 + lea ebx,[eax*1+eax] + sub esi,edi + and ebx,4278124286 + and esi,454761243 + xor eax,ecx + xor ebx,esi + mov edi,2155905152 + and edi,ebx + mov esi,edi + shr edi,7 + lea ebp,[ebx*1+ebx] + sub esi,edi + and ebp,4278124286 + and esi,454761243 + xor ebx,ecx + rol ecx,8 + xor ebp,esi + xor ecx,eax + xor eax,ebp + xor ecx,ebx + xor ebx,ebp + rol eax,24 + xor ecx,ebp + rol ebx,16 + xor ecx,eax + rol ebp,8 + xor ecx,ebx + mov eax,DWORD [4+esp] + xor ecx,ebp + mov DWORD [12+esp],ecx + mov edi,2155905152 + and edi,edx + mov esi,edi + shr edi,7 + lea ebx,[edx*1+edx] + sub esi,edi + and ebx,4278124286 + and esi,454761243 + xor ebx,esi + mov edi,2155905152 + and edi,ebx + mov esi,edi + shr edi,7 + lea ecx,[ebx*1+ebx] + sub esi,edi + and ecx,4278124286 + and esi,454761243 + xor ebx,edx + xor ecx,esi + mov edi,2155905152 + and edi,ecx + mov esi,edi + shr edi,7 + lea ebp,[ecx*1+ecx] + sub esi,edi + and ebp,4278124286 + and esi,454761243 + xor ecx,edx + rol edx,8 + xor ebp,esi + xor edx,ebx + xor ebx,ebp + xor edx,ecx + xor ecx,ebp + rol ebx,24 + xor edx,ebp + rol ecx,16 + xor edx,ebx + rol ebp,8 + xor edx,ecx + mov ebx,DWORD [8+esp] + xor edx,ebp + mov DWORD [16+esp],edx + mov edi,2155905152 + and edi,eax + mov esi,edi + shr edi,7 + lea ecx,[eax*1+eax] + sub esi,edi + and ecx,4278124286 + and esi,454761243 + xor ecx,esi + mov edi,2155905152 + and edi,ecx + mov esi,edi + shr edi,7 + lea edx,[ecx*1+ecx] + sub esi,edi + and edx,4278124286 + and esi,454761243 + xor ecx,eax + xor edx,esi + mov edi,2155905152 + and edi,edx + mov esi,edi + shr edi,7 + lea ebp,[edx*1+edx] + sub esi,edi + and ebp,4278124286 + and esi,454761243 + xor edx,eax + rol eax,8 + xor ebp,esi + xor eax,ecx + xor ecx,ebp + xor eax,edx + xor edx,ebp + rol ecx,24 + xor eax,ebp + rol edx,16 + xor eax,ecx + rol ebp,8 + xor eax,edx + xor eax,ebp + mov edi,2155905152 + and edi,ebx + mov esi,edi + shr edi,7 + lea ecx,[ebx*1+ebx] + sub esi,edi + and ecx,4278124286 + and esi,454761243 + xor ecx,esi + mov edi,2155905152 + and edi,ecx + mov esi,edi + shr edi,7 + lea edx,[ecx*1+ecx] + sub esi,edi + and edx,4278124286 + and esi,454761243 + xor ecx,ebx + xor edx,esi + mov edi,2155905152 + and edi,edx + mov esi,edi + shr edi,7 + lea ebp,[edx*1+edx] + sub esi,edi + and ebp,4278124286 + and esi,454761243 + xor edx,ebx + rol ebx,8 + xor ebp,esi + xor ebx,ecx + xor ecx,ebp + xor ebx,edx + xor edx,ebp + rol ecx,24 + xor ebx,ebp + rol edx,16 + xor ebx,ecx + rol ebp,8 + xor ebx,edx + mov ecx,DWORD [12+esp] + xor ebx,ebp + mov edx,DWORD [16+esp] + mov edi,DWORD [20+esp] + mov ebp,DWORD [28+esp] + add edi,16 + xor eax,DWORD [edi] + xor ebx,DWORD [4+edi] + xor ecx,DWORD [8+edi] + xor edx,DWORD [12+edi] + cmp edi,DWORD [24+esp] + mov DWORD [20+esp],edi + jb NEAR L$006loop + mov esi,eax + and esi,255 + movzx esi,BYTE [esi*1+ebp-128] + movzx edi,dh + movzx edi,BYTE [edi*1+ebp-128] + shl edi,8 + xor esi,edi + mov edi,ecx + shr edi,16 + and edi,255 + movzx edi,BYTE [edi*1+ebp-128] + shl edi,16 + xor esi,edi + mov edi,ebx + shr edi,24 + movzx edi,BYTE [edi*1+ebp-128] + shl edi,24 + xor esi,edi + mov DWORD [4+esp],esi + mov esi,ebx + and esi,255 + movzx esi,BYTE [esi*1+ebp-128] + movzx edi,ah + movzx edi,BYTE [edi*1+ebp-128] + shl edi,8 + xor esi,edi + mov edi,edx + shr edi,16 + and edi,255 + movzx edi,BYTE [edi*1+ebp-128] + shl edi,16 + xor esi,edi + mov edi,ecx + shr edi,24 + movzx edi,BYTE [edi*1+ebp-128] + shl edi,24 + xor esi,edi + mov DWORD [8+esp],esi + mov esi,ecx + and esi,255 + movzx esi,BYTE [esi*1+ebp-128] + movzx edi,bh + movzx edi,BYTE [edi*1+ebp-128] + shl edi,8 + xor esi,edi + mov edi,eax + shr edi,16 + and edi,255 + movzx edi,BYTE [edi*1+ebp-128] + shl edi,16 + xor esi,edi + mov edi,edx + shr edi,24 + movzx edi,BYTE [edi*1+ebp-128] + shl edi,24 + xor esi,edi + mov edi,DWORD [20+esp] + and edx,255 + movzx edx,BYTE [edx*1+ebp-128] + movzx ecx,ch + movzx ecx,BYTE [ecx*1+ebp-128] + shl ecx,8 + xor edx,ecx + mov ecx,esi + shr ebx,16 + and ebx,255 + movzx ebx,BYTE [ebx*1+ebp-128] + shl ebx,16 + xor edx,ebx + mov ebx,DWORD [8+esp] + shr eax,24 + movzx eax,BYTE [eax*1+ebp-128] + shl eax,24 + xor edx,eax + mov eax,DWORD [4+esp] + xor eax,DWORD [16+edi] + xor ebx,DWORD [20+edi] + xor ecx,DWORD [24+edi] + xor edx,DWORD [28+edi] + ret +align 16 +__sse_AES_decrypt_compact: + pxor mm0,[edi] + pxor mm4,[8+edi] + mov esi,DWORD [240+edi] + lea esi,[esi*1+esi-2] + lea esi,[esi*8+edi] + mov DWORD [24+esp],esi + mov eax,454761243 + mov DWORD [8+esp],eax + mov DWORD [12+esp],eax + mov eax,DWORD [ebp-128] + mov ebx,DWORD [ebp-96] + mov ecx,DWORD [ebp-64] + mov edx,DWORD [ebp-32] + mov eax,DWORD [ebp] + mov ebx,DWORD [32+ebp] + mov ecx,DWORD [64+ebp] + mov edx,DWORD [96+ebp] +align 16 +L$007loop: + pshufw mm1,mm0,12 + pshufw mm5,mm4,9 + movd eax,mm1 + movd ebx,mm5 + mov DWORD [20+esp],edi + movzx esi,al + movzx edx,ah + pshufw mm2,mm0,6 + movzx ecx,BYTE [esi*1+ebp-128] + movzx edi,bl + movzx edx,BYTE [edx*1+ebp-128] + shr eax,16 + shl edx,8 + movzx esi,BYTE [edi*1+ebp-128] + movzx edi,bh + shl esi,16 + pshufw mm6,mm4,3 + or ecx,esi + movzx esi,BYTE [edi*1+ebp-128] + movzx edi,ah + shl esi,24 + shr ebx,16 + or edx,esi + movzx esi,BYTE [edi*1+ebp-128] + movzx edi,bh + shl esi,24 + or ecx,esi + movzx esi,BYTE [edi*1+ebp-128] + movzx edi,al + shl esi,8 + movd eax,mm2 + or ecx,esi + movzx esi,BYTE [edi*1+ebp-128] + movzx edi,bl + shl esi,16 + movd ebx,mm6 + movd mm0,ecx + movzx ecx,BYTE [edi*1+ebp-128] + movzx edi,al + or ecx,esi + movzx esi,BYTE [edi*1+ebp-128] + movzx edi,bl + or edx,esi + movzx esi,BYTE [edi*1+ebp-128] + movzx edi,ah + shl esi,16 + shr eax,16 + or edx,esi + movzx esi,BYTE [edi*1+ebp-128] + movzx edi,bh + shr ebx,16 + shl esi,8 + movd mm1,edx + movzx edx,BYTE [edi*1+ebp-128] + movzx edi,bh + shl edx,24 + and ebx,255 + or edx,esi + punpckldq mm0,mm1 + movzx esi,BYTE [edi*1+ebp-128] + movzx edi,al + shl esi,8 + movzx eax,ah + movzx ebx,BYTE [ebx*1+ebp-128] + or ecx,esi + movzx esi,BYTE [edi*1+ebp-128] + or edx,ebx + shl esi,16 + movzx eax,BYTE [eax*1+ebp-128] + or edx,esi + shl eax,24 + or ecx,eax + mov edi,DWORD [20+esp] + movd mm4,edx + movd mm5,ecx + punpckldq mm4,mm5 + add edi,16 + cmp edi,DWORD [24+esp] + ja NEAR L$008out + movq mm3,mm0 + movq mm7,mm4 + pshufw mm2,mm0,228 + pshufw mm6,mm4,228 + movq mm1,mm0 + movq mm5,mm4 + pshufw mm0,mm0,177 + pshufw mm4,mm4,177 + pslld mm2,8 + pslld mm6,8 + psrld mm3,8 + psrld mm7,8 + pxor mm0,mm2 + pxor mm4,mm6 + pxor mm0,mm3 + pxor mm4,mm7 + pslld mm2,16 + pslld mm6,16 + psrld mm3,16 + psrld mm7,16 + pxor mm0,mm2 + pxor mm4,mm6 + pxor mm0,mm3 + pxor mm4,mm7 + movq mm3,[8+esp] + pxor mm2,mm2 + pxor mm6,mm6 + pcmpgtb mm2,mm1 + pcmpgtb mm6,mm5 + pand mm2,mm3 + pand mm6,mm3 + paddb mm1,mm1 + paddb mm5,mm5 + pxor mm1,mm2 + pxor mm5,mm6 + movq mm3,mm1 + movq mm7,mm5 + movq mm2,mm1 + movq mm6,mm5 + pxor mm0,mm1 + pxor mm4,mm5 + pslld mm3,24 + pslld mm7,24 + psrld mm2,8 + psrld mm6,8 + pxor mm0,mm3 + pxor mm4,mm7 + pxor mm0,mm2 + pxor mm4,mm6 + movq mm2,[8+esp] + pxor mm3,mm3 + pxor mm7,mm7 + pcmpgtb mm3,mm1 + pcmpgtb mm7,mm5 + pand mm3,mm2 + pand mm7,mm2 + paddb mm1,mm1 + paddb mm5,mm5 + pxor mm1,mm3 + pxor mm5,mm7 + pshufw mm3,mm1,177 + pshufw mm7,mm5,177 + pxor mm0,mm1 + pxor mm4,mm5 + pxor mm0,mm3 + pxor mm4,mm7 + pxor mm3,mm3 + pxor mm7,mm7 + pcmpgtb mm3,mm1 + pcmpgtb mm7,mm5 + pand mm3,mm2 + pand mm7,mm2 + paddb mm1,mm1 + paddb mm5,mm5 + pxor mm1,mm3 + pxor mm5,mm7 + pxor mm0,mm1 + pxor mm4,mm5 + movq mm3,mm1 + movq mm7,mm5 + pshufw mm2,mm1,177 + pshufw mm6,mm5,177 + pxor mm0,mm2 + pxor mm4,mm6 + pslld mm1,8 + pslld mm5,8 + psrld mm3,8 + psrld mm7,8 + movq mm2,[edi] + movq mm6,[8+edi] + pxor mm0,mm1 + pxor mm4,mm5 + pxor mm0,mm3 + pxor mm4,mm7 + mov eax,DWORD [ebp-128] + pslld mm1,16 + pslld mm5,16 + mov ebx,DWORD [ebp-64] + psrld mm3,16 + psrld mm7,16 + mov ecx,DWORD [ebp] + pxor mm0,mm1 + pxor mm4,mm5 + mov edx,DWORD [64+ebp] + pxor mm0,mm3 + pxor mm4,mm7 + pxor mm0,mm2 + pxor mm4,mm6 + jmp NEAR L$007loop +align 16 +L$008out: + pxor mm0,[edi] + pxor mm4,[8+edi] + ret +align 16 +__x86_AES_decrypt: + mov DWORD [20+esp],edi + xor eax,DWORD [edi] + xor ebx,DWORD [4+edi] + xor ecx,DWORD [8+edi] + xor edx,DWORD [12+edi] + mov esi,DWORD [240+edi] + lea esi,[esi*1+esi-2] + lea esi,[esi*8+edi] + mov DWORD [24+esp],esi +align 16 +L$009loop: + mov esi,eax + and esi,255 + mov esi,DWORD [esi*8+ebp] + movzx edi,dh + xor esi,DWORD [3+edi*8+ebp] + mov edi,ecx + shr edi,16 + and edi,255 + xor esi,DWORD [2+edi*8+ebp] + mov edi,ebx + shr edi,24 + xor esi,DWORD [1+edi*8+ebp] + mov DWORD [4+esp],esi + mov esi,ebx + and esi,255 + mov esi,DWORD [esi*8+ebp] + movzx edi,ah + xor esi,DWORD [3+edi*8+ebp] + mov edi,edx + shr edi,16 + and edi,255 + xor esi,DWORD [2+edi*8+ebp] + mov edi,ecx + shr edi,24 + xor esi,DWORD [1+edi*8+ebp] + mov DWORD [8+esp],esi + mov esi,ecx + and esi,255 + mov esi,DWORD [esi*8+ebp] + movzx edi,bh + xor esi,DWORD [3+edi*8+ebp] + mov edi,eax + shr edi,16 + and edi,255 + xor esi,DWORD [2+edi*8+ebp] + mov edi,edx + shr edi,24 + xor esi,DWORD [1+edi*8+ebp] + mov edi,DWORD [20+esp] + and edx,255 + mov edx,DWORD [edx*8+ebp] + movzx ecx,ch + xor edx,DWORD [3+ecx*8+ebp] + mov ecx,esi + shr ebx,16 + and ebx,255 + xor edx,DWORD [2+ebx*8+ebp] + mov ebx,DWORD [8+esp] + shr eax,24 + xor edx,DWORD [1+eax*8+ebp] + mov eax,DWORD [4+esp] + add edi,16 + xor eax,DWORD [edi] + xor ebx,DWORD [4+edi] + xor ecx,DWORD [8+edi] + xor edx,DWORD [12+edi] + cmp edi,DWORD [24+esp] + mov DWORD [20+esp],edi + jb NEAR L$009loop + lea ebp,[2176+ebp] + mov edi,DWORD [ebp-128] + mov esi,DWORD [ebp-96] + mov edi,DWORD [ebp-64] + mov esi,DWORD [ebp-32] + mov edi,DWORD [ebp] + mov esi,DWORD [32+ebp] + mov edi,DWORD [64+ebp] + mov esi,DWORD [96+ebp] + lea ebp,[ebp-128] + mov esi,eax + and esi,255 + movzx esi,BYTE [esi*1+ebp] + movzx edi,dh + movzx edi,BYTE [edi*1+ebp] + shl edi,8 + xor esi,edi + mov edi,ecx + shr edi,16 + and edi,255 + movzx edi,BYTE [edi*1+ebp] + shl edi,16 + xor esi,edi + mov edi,ebx + shr edi,24 + movzx edi,BYTE [edi*1+ebp] + shl edi,24 + xor esi,edi + mov DWORD [4+esp],esi + mov esi,ebx + and esi,255 + movzx esi,BYTE [esi*1+ebp] + movzx edi,ah + movzx edi,BYTE [edi*1+ebp] + shl edi,8 + xor esi,edi + mov edi,edx + shr edi,16 + and edi,255 + movzx edi,BYTE [edi*1+ebp] + shl edi,16 + xor esi,edi + mov edi,ecx + shr edi,24 + movzx edi,BYTE [edi*1+ebp] + shl edi,24 + xor esi,edi + mov DWORD [8+esp],esi + mov esi,ecx + and esi,255 + movzx esi,BYTE [esi*1+ebp] + movzx edi,bh + movzx edi,BYTE [edi*1+ebp] + shl edi,8 + xor esi,edi + mov edi,eax + shr edi,16 + and edi,255 + movzx edi,BYTE [edi*1+ebp] + shl edi,16 + xor esi,edi + mov edi,edx + shr edi,24 + movzx edi,BYTE [edi*1+ebp] + shl edi,24 + xor esi,edi + mov edi,DWORD [20+esp] + and edx,255 + movzx edx,BYTE [edx*1+ebp] + movzx ecx,ch + movzx ecx,BYTE [ecx*1+ebp] + shl ecx,8 + xor edx,ecx + mov ecx,esi + shr ebx,16 + and ebx,255 + movzx ebx,BYTE [ebx*1+ebp] + shl ebx,16 + xor edx,ebx + mov ebx,DWORD [8+esp] + shr eax,24 + movzx eax,BYTE [eax*1+ebp] + shl eax,24 + xor edx,eax + mov eax,DWORD [4+esp] + lea ebp,[ebp-2048] + add edi,16 + xor eax,DWORD [edi] + xor ebx,DWORD [4+edi] + xor ecx,DWORD [8+edi] + xor edx,DWORD [12+edi] + ret +align 64 +L$AES_Td: +dd 1353184337,1353184337 +dd 1399144830,1399144830 +dd 3282310938,3282310938 +dd 2522752826,2522752826 +dd 3412831035,3412831035 +dd 4047871263,4047871263 +dd 2874735276,2874735276 +dd 2466505547,2466505547 +dd 1442459680,1442459680 +dd 4134368941,4134368941 +dd 2440481928,2440481928 +dd 625738485,625738485 +dd 4242007375,4242007375 +dd 3620416197,3620416197 +dd 2151953702,2151953702 +dd 2409849525,2409849525 +dd 1230680542,1230680542 +dd 1729870373,1729870373 +dd 2551114309,2551114309 +dd 3787521629,3787521629 +dd 41234371,41234371 +dd 317738113,317738113 +dd 2744600205,2744600205 +dd 3338261355,3338261355 +dd 3881799427,3881799427 +dd 2510066197,2510066197 +dd 3950669247,3950669247 +dd 3663286933,3663286933 +dd 763608788,763608788 +dd 3542185048,3542185048 +dd 694804553,694804553 +dd 1154009486,1154009486 +dd 1787413109,1787413109 +dd 2021232372,2021232372 +dd 1799248025,1799248025 +dd 3715217703,3715217703 +dd 3058688446,3058688446 +dd 397248752,397248752 +dd 1722556617,1722556617 +dd 3023752829,3023752829 +dd 407560035,407560035 +dd 2184256229,2184256229 +dd 1613975959,1613975959 +dd 1165972322,1165972322 +dd 3765920945,3765920945 +dd 2226023355,2226023355 +dd 480281086,480281086 +dd 2485848313,2485848313 +dd 1483229296,1483229296 +dd 436028815,436028815 +dd 2272059028,2272059028 +dd 3086515026,3086515026 +dd 601060267,601060267 +dd 3791801202,3791801202 +dd 1468997603,1468997603 +dd 715871590,715871590 +dd 120122290,120122290 +dd 63092015,63092015 +dd 2591802758,2591802758 +dd 2768779219,2768779219 +dd 4068943920,4068943920 +dd 2997206819,2997206819 +dd 3127509762,3127509762 +dd 1552029421,1552029421 +dd 723308426,723308426 +dd 2461301159,2461301159 +dd 4042393587,4042393587 +dd 2715969870,2715969870 +dd 3455375973,3455375973 +dd 3586000134,3586000134 +dd 526529745,526529745 +dd 2331944644,2331944644 +dd 2639474228,2639474228 +dd 2689987490,2689987490 +dd 853641733,853641733 +dd 1978398372,1978398372 +dd 971801355,971801355 +dd 2867814464,2867814464 +dd 111112542,111112542 +dd 1360031421,1360031421 +dd 4186579262,4186579262 +dd 1023860118,1023860118 +dd 2919579357,2919579357 +dd 1186850381,1186850381 +dd 3045938321,3045938321 +dd 90031217,90031217 +dd 1876166148,1876166148 +dd 4279586912,4279586912 +dd 620468249,620468249 +dd 2548678102,2548678102 +dd 3426959497,3426959497 +dd 2006899047,2006899047 +dd 3175278768,3175278768 +dd 2290845959,2290845959 +dd 945494503,945494503 +dd 3689859193,3689859193 +dd 1191869601,1191869601 +dd 3910091388,3910091388 +dd 3374220536,3374220536 +dd 0,0 +dd 2206629897,2206629897 +dd 1223502642,1223502642 +dd 2893025566,2893025566 +dd 1316117100,1316117100 +dd 4227796733,4227796733 +dd 1446544655,1446544655 +dd 517320253,517320253 +dd 658058550,658058550 +dd 1691946762,1691946762 +dd 564550760,564550760 +dd 3511966619,3511966619 +dd 976107044,976107044 +dd 2976320012,2976320012 +dd 266819475,266819475 +dd 3533106868,3533106868 +dd 2660342555,2660342555 +dd 1338359936,1338359936 +dd 2720062561,2720062561 +dd 1766553434,1766553434 +dd 370807324,370807324 +dd 179999714,179999714 +dd 3844776128,3844776128 +dd 1138762300,1138762300 +dd 488053522,488053522 +dd 185403662,185403662 +dd 2915535858,2915535858 +dd 3114841645,3114841645 +dd 3366526484,3366526484 +dd 2233069911,2233069911 +dd 1275557295,1275557295 +dd 3151862254,3151862254 +dd 4250959779,4250959779 +dd 2670068215,2670068215 +dd 3170202204,3170202204 +dd 3309004356,3309004356 +dd 880737115,880737115 +dd 1982415755,1982415755 +dd 3703972811,3703972811 +dd 1761406390,1761406390 +dd 1676797112,1676797112 +dd 3403428311,3403428311 +dd 277177154,277177154 +dd 1076008723,1076008723 +dd 538035844,538035844 +dd 2099530373,2099530373 +dd 4164795346,4164795346 +dd 288553390,288553390 +dd 1839278535,1839278535 +dd 1261411869,1261411869 +dd 4080055004,4080055004 +dd 3964831245,3964831245 +dd 3504587127,3504587127 +dd 1813426987,1813426987 +dd 2579067049,2579067049 +dd 4199060497,4199060497 +dd 577038663,577038663 +dd 3297574056,3297574056 +dd 440397984,440397984 +dd 3626794326,3626794326 +dd 4019204898,4019204898 +dd 3343796615,3343796615 +dd 3251714265,3251714265 +dd 4272081548,4272081548 +dd 906744984,906744984 +dd 3481400742,3481400742 +dd 685669029,685669029 +dd 646887386,646887386 +dd 2764025151,2764025151 +dd 3835509292,3835509292 +dd 227702864,227702864 +dd 2613862250,2613862250 +dd 1648787028,1648787028 +dd 3256061430,3256061430 +dd 3904428176,3904428176 +dd 1593260334,1593260334 +dd 4121936770,4121936770 +dd 3196083615,3196083615 +dd 2090061929,2090061929 +dd 2838353263,2838353263 +dd 3004310991,3004310991 +dd 999926984,999926984 +dd 2809993232,2809993232 +dd 1852021992,1852021992 +dd 2075868123,2075868123 +dd 158869197,158869197 +dd 4095236462,4095236462 +dd 28809964,28809964 +dd 2828685187,2828685187 +dd 1701746150,1701746150 +dd 2129067946,2129067946 +dd 147831841,147831841 +dd 3873969647,3873969647 +dd 3650873274,3650873274 +dd 3459673930,3459673930 +dd 3557400554,3557400554 +dd 3598495785,3598495785 +dd 2947720241,2947720241 +dd 824393514,824393514 +dd 815048134,815048134 +dd 3227951669,3227951669 +dd 935087732,935087732 +dd 2798289660,2798289660 +dd 2966458592,2966458592 +dd 366520115,366520115 +dd 1251476721,1251476721 +dd 4158319681,4158319681 +dd 240176511,240176511 +dd 804688151,804688151 +dd 2379631990,2379631990 +dd 1303441219,1303441219 +dd 1414376140,1414376140 +dd 3741619940,3741619940 +dd 3820343710,3820343710 +dd 461924940,461924940 +dd 3089050817,3089050817 +dd 2136040774,2136040774 +dd 82468509,82468509 +dd 1563790337,1563790337 +dd 1937016826,1937016826 +dd 776014843,776014843 +dd 1511876531,1511876531 +dd 1389550482,1389550482 +dd 861278441,861278441 +dd 323475053,323475053 +dd 2355222426,2355222426 +dd 2047648055,2047648055 +dd 2383738969,2383738969 +dd 2302415851,2302415851 +dd 3995576782,3995576782 +dd 902390199,902390199 +dd 3991215329,3991215329 +dd 1018251130,1018251130 +dd 1507840668,1507840668 +dd 1064563285,1064563285 +dd 2043548696,2043548696 +dd 3208103795,3208103795 +dd 3939366739,3939366739 +dd 1537932639,1537932639 +dd 342834655,342834655 +dd 2262516856,2262516856 +dd 2180231114,2180231114 +dd 1053059257,1053059257 +dd 741614648,741614648 +dd 1598071746,1598071746 +dd 1925389590,1925389590 +dd 203809468,203809468 +dd 2336832552,2336832552 +dd 1100287487,1100287487 +dd 1895934009,1895934009 +dd 3736275976,3736275976 +dd 2632234200,2632234200 +dd 2428589668,2428589668 +dd 1636092795,1636092795 +dd 1890988757,1890988757 +dd 1952214088,1952214088 +dd 1113045200,1113045200 +db 82,9,106,213,48,54,165,56 +db 191,64,163,158,129,243,215,251 +db 124,227,57,130,155,47,255,135 +db 52,142,67,68,196,222,233,203 +db 84,123,148,50,166,194,35,61 +db 238,76,149,11,66,250,195,78 +db 8,46,161,102,40,217,36,178 +db 118,91,162,73,109,139,209,37 +db 114,248,246,100,134,104,152,22 +db 212,164,92,204,93,101,182,146 +db 108,112,72,80,253,237,185,218 +db 94,21,70,87,167,141,157,132 +db 144,216,171,0,140,188,211,10 +db 247,228,88,5,184,179,69,6 +db 208,44,30,143,202,63,15,2 +db 193,175,189,3,1,19,138,107 +db 58,145,17,65,79,103,220,234 +db 151,242,207,206,240,180,230,115 +db 150,172,116,34,231,173,53,133 +db 226,249,55,232,28,117,223,110 +db 71,241,26,113,29,41,197,137 +db 111,183,98,14,170,24,190,27 +db 252,86,62,75,198,210,121,32 +db 154,219,192,254,120,205,90,244 +db 31,221,168,51,136,7,199,49 +db 177,18,16,89,39,128,236,95 +db 96,81,127,169,25,181,74,13 +db 45,229,122,159,147,201,156,239 +db 160,224,59,77,174,42,245,176 +db 200,235,187,60,131,83,153,97 +db 23,43,4,126,186,119,214,38 +db 225,105,20,99,85,33,12,125 +db 82,9,106,213,48,54,165,56 +db 191,64,163,158,129,243,215,251 +db 124,227,57,130,155,47,255,135 +db 52,142,67,68,196,222,233,203 +db 84,123,148,50,166,194,35,61 +db 238,76,149,11,66,250,195,78 +db 8,46,161,102,40,217,36,178 +db 118,91,162,73,109,139,209,37 +db 114,248,246,100,134,104,152,22 +db 212,164,92,204,93,101,182,146 +db 108,112,72,80,253,237,185,218 +db 94,21,70,87,167,141,157,132 +db 144,216,171,0,140,188,211,10 +db 247,228,88,5,184,179,69,6 +db 208,44,30,143,202,63,15,2 +db 193,175,189,3,1,19,138,107 +db 58,145,17,65,79,103,220,234 +db 151,242,207,206,240,180,230,115 +db 150,172,116,34,231,173,53,133 +db 226,249,55,232,28,117,223,110 +db 71,241,26,113,29,41,197,137 +db 111,183,98,14,170,24,190,27 +db 252,86,62,75,198,210,121,32 +db 154,219,192,254,120,205,90,244 +db 31,221,168,51,136,7,199,49 +db 177,18,16,89,39,128,236,95 +db 96,81,127,169,25,181,74,13 +db 45,229,122,159,147,201,156,239 +db 160,224,59,77,174,42,245,176 +db 200,235,187,60,131,83,153,97 +db 23,43,4,126,186,119,214,38 +db 225,105,20,99,85,33,12,125 +db 82,9,106,213,48,54,165,56 +db 191,64,163,158,129,243,215,251 +db 124,227,57,130,155,47,255,135 +db 52,142,67,68,196,222,233,203 +db 84,123,148,50,166,194,35,61 +db 238,76,149,11,66,250,195,78 +db 8,46,161,102,40,217,36,178 +db 118,91,162,73,109,139,209,37 +db 114,248,246,100,134,104,152,22 +db 212,164,92,204,93,101,182,146 +db 108,112,72,80,253,237,185,218 +db 94,21,70,87,167,141,157,132 +db 144,216,171,0,140,188,211,10 +db 247,228,88,5,184,179,69,6 +db 208,44,30,143,202,63,15,2 +db 193,175,189,3,1,19,138,107 +db 58,145,17,65,79,103,220,234 +db 151,242,207,206,240,180,230,115 +db 150,172,116,34,231,173,53,133 +db 226,249,55,232,28,117,223,110 +db 71,241,26,113,29,41,197,137 +db 111,183,98,14,170,24,190,27 +db 252,86,62,75,198,210,121,32 +db 154,219,192,254,120,205,90,244 +db 31,221,168,51,136,7,199,49 +db 177,18,16,89,39,128,236,95 +db 96,81,127,169,25,181,74,13 +db 45,229,122,159,147,201,156,239 +db 160,224,59,77,174,42,245,176 +db 200,235,187,60,131,83,153,97 +db 23,43,4,126,186,119,214,38 +db 225,105,20,99,85,33,12,125 +db 82,9,106,213,48,54,165,56 +db 191,64,163,158,129,243,215,251 +db 124,227,57,130,155,47,255,135 +db 52,142,67,68,196,222,233,203 +db 84,123,148,50,166,194,35,61 +db 238,76,149,11,66,250,195,78 +db 8,46,161,102,40,217,36,178 +db 118,91,162,73,109,139,209,37 +db 114,248,246,100,134,104,152,22 +db 212,164,92,204,93,101,182,146 +db 108,112,72,80,253,237,185,218 +db 94,21,70,87,167,141,157,132 +db 144,216,171,0,140,188,211,10 +db 247,228,88,5,184,179,69,6 +db 208,44,30,143,202,63,15,2 +db 193,175,189,3,1,19,138,107 +db 58,145,17,65,79,103,220,234 +db 151,242,207,206,240,180,230,115 +db 150,172,116,34,231,173,53,133 +db 226,249,55,232,28,117,223,110 +db 71,241,26,113,29,41,197,137 +db 111,183,98,14,170,24,190,27 +db 252,86,62,75,198,210,121,32 +db 154,219,192,254,120,205,90,244 +db 31,221,168,51,136,7,199,49 +db 177,18,16,89,39,128,236,95 +db 96,81,127,169,25,181,74,13 +db 45,229,122,159,147,201,156,239 +db 160,224,59,77,174,42,245,176 +db 200,235,187,60,131,83,153,97 +db 23,43,4,126,186,119,214,38 +db 225,105,20,99,85,33,12,125 +global _asm_AES_decrypt +align 16 +_asm_AES_decrypt: +L$_asm_AES_decrypt_begin: + push ebp + push ebx + push esi + push edi + mov esi,DWORD [20+esp] + mov edi,DWORD [28+esp] + mov eax,esp + sub esp,36 + and esp,-64 + lea ebx,[edi-127] + sub ebx,esp + neg ebx + and ebx,960 + sub esp,ebx + add esp,4 + mov DWORD [28+esp],eax + call L$010pic_point +L$010pic_point: + pop ebp + lea eax,[_OPENSSL_ia32cap_P] + lea ebp,[(L$AES_Td-L$010pic_point)+ebp] + lea ebx,[764+esp] + sub ebx,ebp + and ebx,768 + lea ebp,[2176+ebx*1+ebp] + bt DWORD [eax],25 + jnc NEAR L$011x86 + movq mm0,[esi] + movq mm4,[8+esi] + call __sse_AES_decrypt_compact + mov esp,DWORD [28+esp] + mov esi,DWORD [24+esp] + movq [esi],mm0 + movq [8+esi],mm4 + emms + pop edi + pop esi + pop ebx + pop ebp + ret +align 16 +L$011x86: + mov DWORD [24+esp],ebp + mov eax,DWORD [esi] + mov ebx,DWORD [4+esi] + mov ecx,DWORD [8+esi] + mov edx,DWORD [12+esi] + call __x86_AES_decrypt_compact + mov esp,DWORD [28+esp] + mov esi,DWORD [24+esp] + mov DWORD [esi],eax + mov DWORD [4+esi],ebx + mov DWORD [8+esi],ecx + mov DWORD [12+esi],edx + pop edi + pop esi + pop ebx + pop ebp + ret +global _asm_AES_cbc_encrypt +align 16 +_asm_AES_cbc_encrypt: +L$_asm_AES_cbc_encrypt_begin: + push ebp + push ebx + push esi + push edi + mov ecx,DWORD [28+esp] + cmp ecx,0 + je NEAR L$012drop_out + call L$013pic_point +L$013pic_point: + pop ebp + lea eax,[_OPENSSL_ia32cap_P] + cmp DWORD [40+esp],0 + lea ebp,[(L$AES_Te-L$013pic_point)+ebp] + jne NEAR L$014picked_te + lea ebp,[(L$AES_Td-L$AES_Te)+ebp] +L$014picked_te: + pushfd + cld + cmp ecx,512 + jb NEAR L$015slow_way + test ecx,15 + jnz NEAR L$015slow_way + bt DWORD [eax],28 + jc NEAR L$015slow_way + lea esi,[esp-324] + and esi,-64 + mov eax,ebp + lea ebx,[2304+ebp] + mov edx,esi + and eax,4095 + and ebx,4095 + and edx,4095 + cmp edx,ebx + jb NEAR L$016tbl_break_out + sub edx,ebx + sub esi,edx + jmp NEAR L$017tbl_ok +align 4 +L$016tbl_break_out: + sub edx,eax + and edx,4095 + add edx,384 + sub esi,edx +align 4 +L$017tbl_ok: + lea edx,[24+esp] + xchg esp,esi + add esp,4 + mov DWORD [24+esp],ebp + mov DWORD [28+esp],esi + mov eax,DWORD [edx] + mov ebx,DWORD [4+edx] + mov edi,DWORD [12+edx] + mov esi,DWORD [16+edx] + mov edx,DWORD [20+edx] + mov DWORD [32+esp],eax + mov DWORD [36+esp],ebx + mov DWORD [40+esp],ecx + mov DWORD [44+esp],edi + mov DWORD [48+esp],esi + mov DWORD [316+esp],0 + mov ebx,edi + mov ecx,61 + sub ebx,ebp + mov esi,edi + and ebx,4095 + lea edi,[76+esp] + cmp ebx,2304 + jb NEAR L$018do_copy + cmp ebx,3852 + jb NEAR L$019skip_copy +align 4 +L$018do_copy: + mov DWORD [44+esp],edi +dd 2784229001 +L$019skip_copy: + mov edi,16 +align 4 +L$020prefetch_tbl: + mov eax,DWORD [ebp] + mov ebx,DWORD [32+ebp] + mov ecx,DWORD [64+ebp] + mov esi,DWORD [96+ebp] + lea ebp,[128+ebp] + sub edi,1 + jnz NEAR L$020prefetch_tbl + sub ebp,2048 + mov esi,DWORD [32+esp] + mov edi,DWORD [48+esp] + cmp edx,0 + je NEAR L$021fast_decrypt + mov eax,DWORD [edi] + mov ebx,DWORD [4+edi] +align 16 +L$022fast_enc_loop: + mov ecx,DWORD [8+edi] + mov edx,DWORD [12+edi] + xor eax,DWORD [esi] + xor ebx,DWORD [4+esi] + xor ecx,DWORD [8+esi] + xor edx,DWORD [12+esi] + mov edi,DWORD [44+esp] + call __x86_AES_encrypt + mov esi,DWORD [32+esp] + mov edi,DWORD [36+esp] + mov DWORD [edi],eax + mov DWORD [4+edi],ebx + mov DWORD [8+edi],ecx + mov DWORD [12+edi],edx + lea esi,[16+esi] + mov ecx,DWORD [40+esp] + mov DWORD [32+esp],esi + lea edx,[16+edi] + mov DWORD [36+esp],edx + sub ecx,16 + mov DWORD [40+esp],ecx + jnz NEAR L$022fast_enc_loop + mov esi,DWORD [48+esp] + mov ecx,DWORD [8+edi] + mov edx,DWORD [12+edi] + mov DWORD [esi],eax + mov DWORD [4+esi],ebx + mov DWORD [8+esi],ecx + mov DWORD [12+esi],edx + cmp DWORD [316+esp],0 + mov edi,DWORD [44+esp] + je NEAR L$023skip_ezero + mov ecx,60 + xor eax,eax +align 4 +dd 2884892297 +L$023skip_ezero: + mov esp,DWORD [28+esp] + popfd +L$012drop_out: + pop edi + pop esi + pop ebx + pop ebp + ret + pushfd +align 16 +L$021fast_decrypt: + cmp esi,DWORD [36+esp] + je NEAR L$024fast_dec_in_place + mov DWORD [52+esp],edi +align 4 +align 16 +L$025fast_dec_loop: + mov eax,DWORD [esi] + mov ebx,DWORD [4+esi] + mov ecx,DWORD [8+esi] + mov edx,DWORD [12+esi] + mov edi,DWORD [44+esp] + call __x86_AES_decrypt + mov edi,DWORD [52+esp] + mov esi,DWORD [40+esp] + xor eax,DWORD [edi] + xor ebx,DWORD [4+edi] + xor ecx,DWORD [8+edi] + xor edx,DWORD [12+edi] + mov edi,DWORD [36+esp] + mov esi,DWORD [32+esp] + mov DWORD [edi],eax + mov DWORD [4+edi],ebx + mov DWORD [8+edi],ecx + mov DWORD [12+edi],edx + mov ecx,DWORD [40+esp] + mov DWORD [52+esp],esi + lea esi,[16+esi] + mov DWORD [32+esp],esi + lea edi,[16+edi] + mov DWORD [36+esp],edi + sub ecx,16 + mov DWORD [40+esp],ecx + jnz NEAR L$025fast_dec_loop + mov edi,DWORD [52+esp] + mov esi,DWORD [48+esp] + mov eax,DWORD [edi] + mov ebx,DWORD [4+edi] + mov ecx,DWORD [8+edi] + mov edx,DWORD [12+edi] + mov DWORD [esi],eax + mov DWORD [4+esi],ebx + mov DWORD [8+esi],ecx + mov DWORD [12+esi],edx + jmp NEAR L$026fast_dec_out +align 16 +L$024fast_dec_in_place: +L$027fast_dec_in_place_loop: + mov eax,DWORD [esi] + mov ebx,DWORD [4+esi] + mov ecx,DWORD [8+esi] + mov edx,DWORD [12+esi] + lea edi,[60+esp] + mov DWORD [edi],eax + mov DWORD [4+edi],ebx + mov DWORD [8+edi],ecx + mov DWORD [12+edi],edx + mov edi,DWORD [44+esp] + call __x86_AES_decrypt + mov edi,DWORD [48+esp] + mov esi,DWORD [36+esp] + xor eax,DWORD [edi] + xor ebx,DWORD [4+edi] + xor ecx,DWORD [8+edi] + xor edx,DWORD [12+edi] + mov DWORD [esi],eax + mov DWORD [4+esi],ebx + mov DWORD [8+esi],ecx + mov DWORD [12+esi],edx + lea esi,[16+esi] + mov DWORD [36+esp],esi + lea esi,[60+esp] + mov eax,DWORD [esi] + mov ebx,DWORD [4+esi] + mov ecx,DWORD [8+esi] + mov edx,DWORD [12+esi] + mov DWORD [edi],eax + mov DWORD [4+edi],ebx + mov DWORD [8+edi],ecx + mov DWORD [12+edi],edx + mov esi,DWORD [32+esp] + mov ecx,DWORD [40+esp] + lea esi,[16+esi] + mov DWORD [32+esp],esi + sub ecx,16 + mov DWORD [40+esp],ecx + jnz NEAR L$027fast_dec_in_place_loop +align 4 +L$026fast_dec_out: + cmp DWORD [316+esp],0 + mov edi,DWORD [44+esp] + je NEAR L$028skip_dzero + mov ecx,60 + xor eax,eax +align 4 +dd 2884892297 +L$028skip_dzero: + mov esp,DWORD [28+esp] + popfd + pop edi + pop esi + pop ebx + pop ebp + ret + pushfd +align 16 +L$015slow_way: + mov eax,DWORD [eax] + mov edi,DWORD [36+esp] + lea esi,[esp-80] + and esi,-64 + lea ebx,[edi-143] + sub ebx,esi + neg ebx + and ebx,960 + sub esi,ebx + lea ebx,[768+esi] + sub ebx,ebp + and ebx,768 + lea ebp,[2176+ebx*1+ebp] + lea edx,[24+esp] + xchg esp,esi + add esp,4 + mov DWORD [24+esp],ebp + mov DWORD [28+esp],esi + mov DWORD [52+esp],eax + mov eax,DWORD [edx] + mov ebx,DWORD [4+edx] + mov esi,DWORD [16+edx] + mov edx,DWORD [20+edx] + mov DWORD [32+esp],eax + mov DWORD [36+esp],ebx + mov DWORD [40+esp],ecx + mov DWORD [44+esp],edi + mov DWORD [48+esp],esi + mov edi,esi + mov esi,eax + cmp edx,0 + je NEAR L$029slow_decrypt + cmp ecx,16 + mov edx,ebx + jb NEAR L$030slow_enc_tail + bt DWORD [52+esp],25 + jnc NEAR L$031slow_enc_x86 + movq mm0,[edi] + movq mm4,[8+edi] +align 16 +L$032slow_enc_loop_sse: + pxor mm0,[esi] + pxor mm4,[8+esi] + mov edi,DWORD [44+esp] + call __sse_AES_encrypt_compact + mov esi,DWORD [32+esp] + mov edi,DWORD [36+esp] + mov ecx,DWORD [40+esp] + movq [edi],mm0 + movq [8+edi],mm4 + lea esi,[16+esi] + mov DWORD [32+esp],esi + lea edx,[16+edi] + mov DWORD [36+esp],edx + sub ecx,16 + cmp ecx,16 + mov DWORD [40+esp],ecx + jae NEAR L$032slow_enc_loop_sse + test ecx,15 + jnz NEAR L$030slow_enc_tail + mov esi,DWORD [48+esp] + movq [esi],mm0 + movq [8+esi],mm4 + emms + mov esp,DWORD [28+esp] + popfd + pop edi + pop esi + pop ebx + pop ebp + ret + pushfd +align 16 +L$031slow_enc_x86: + mov eax,DWORD [edi] + mov ebx,DWORD [4+edi] +align 4 +L$033slow_enc_loop_x86: + mov ecx,DWORD [8+edi] + mov edx,DWORD [12+edi] + xor eax,DWORD [esi] + xor ebx,DWORD [4+esi] + xor ecx,DWORD [8+esi] + xor edx,DWORD [12+esi] + mov edi,DWORD [44+esp] + call __x86_AES_encrypt_compact + mov esi,DWORD [32+esp] + mov edi,DWORD [36+esp] + mov DWORD [edi],eax + mov DWORD [4+edi],ebx + mov DWORD [8+edi],ecx + mov DWORD [12+edi],edx + mov ecx,DWORD [40+esp] + lea esi,[16+esi] + mov DWORD [32+esp],esi + lea edx,[16+edi] + mov DWORD [36+esp],edx + sub ecx,16 + cmp ecx,16 + mov DWORD [40+esp],ecx + jae NEAR L$033slow_enc_loop_x86 + test ecx,15 + jnz NEAR L$030slow_enc_tail + mov esi,DWORD [48+esp] + mov ecx,DWORD [8+edi] + mov edx,DWORD [12+edi] + mov DWORD [esi],eax + mov DWORD [4+esi],ebx + mov DWORD [8+esi],ecx + mov DWORD [12+esi],edx + mov esp,DWORD [28+esp] + popfd + pop edi + pop esi + pop ebx + pop ebp + ret + pushfd +align 16 +L$030slow_enc_tail: + emms + mov edi,edx + mov ebx,16 + sub ebx,ecx + cmp edi,esi + je NEAR L$034enc_in_place +align 4 +dd 2767451785 + jmp NEAR L$035enc_skip_in_place +L$034enc_in_place: + lea edi,[ecx*1+edi] +L$035enc_skip_in_place: + mov ecx,ebx + xor eax,eax +align 4 +dd 2868115081 + mov edi,DWORD [48+esp] + mov esi,edx + mov eax,DWORD [edi] + mov ebx,DWORD [4+edi] + mov DWORD [40+esp],16 + jmp NEAR L$033slow_enc_loop_x86 +align 16 +L$029slow_decrypt: + bt DWORD [52+esp],25 + jnc NEAR L$036slow_dec_loop_x86 +align 4 +L$037slow_dec_loop_sse: + movq mm0,[esi] + movq mm4,[8+esi] + mov edi,DWORD [44+esp] + call __sse_AES_decrypt_compact + mov esi,DWORD [32+esp] + lea eax,[60+esp] + mov ebx,DWORD [36+esp] + mov ecx,DWORD [40+esp] + mov edi,DWORD [48+esp] + movq mm1,[esi] + movq mm5,[8+esi] + pxor mm0,[edi] + pxor mm4,[8+edi] + movq [edi],mm1 + movq [8+edi],mm5 + sub ecx,16 + jc NEAR L$038slow_dec_partial_sse + movq [ebx],mm0 + movq [8+ebx],mm4 + lea ebx,[16+ebx] + mov DWORD [36+esp],ebx + lea esi,[16+esi] + mov DWORD [32+esp],esi + mov DWORD [40+esp],ecx + jnz NEAR L$037slow_dec_loop_sse + emms + mov esp,DWORD [28+esp] + popfd + pop edi + pop esi + pop ebx + pop ebp + ret + pushfd +align 16 +L$038slow_dec_partial_sse: + movq [eax],mm0 + movq [8+eax],mm4 + emms + add ecx,16 + mov edi,ebx + mov esi,eax +align 4 +dd 2767451785 + mov esp,DWORD [28+esp] + popfd + pop edi + pop esi + pop ebx + pop ebp + ret + pushfd +align 16 +L$036slow_dec_loop_x86: + mov eax,DWORD [esi] + mov ebx,DWORD [4+esi] + mov ecx,DWORD [8+esi] + mov edx,DWORD [12+esi] + lea edi,[60+esp] + mov DWORD [edi],eax + mov DWORD [4+edi],ebx + mov DWORD [8+edi],ecx + mov DWORD [12+edi],edx + mov edi,DWORD [44+esp] + call __x86_AES_decrypt_compact + mov edi,DWORD [48+esp] + mov esi,DWORD [40+esp] + xor eax,DWORD [edi] + xor ebx,DWORD [4+edi] + xor ecx,DWORD [8+edi] + xor edx,DWORD [12+edi] + sub esi,16 + jc NEAR L$039slow_dec_partial_x86 + mov DWORD [40+esp],esi + mov esi,DWORD [36+esp] + mov DWORD [esi],eax + mov DWORD [4+esi],ebx + mov DWORD [8+esi],ecx + mov DWORD [12+esi],edx + lea esi,[16+esi] + mov DWORD [36+esp],esi + lea esi,[60+esp] + mov eax,DWORD [esi] + mov ebx,DWORD [4+esi] + mov ecx,DWORD [8+esi] + mov edx,DWORD [12+esi] + mov DWORD [edi],eax + mov DWORD [4+edi],ebx + mov DWORD [8+edi],ecx + mov DWORD [12+edi],edx + mov esi,DWORD [32+esp] + lea esi,[16+esi] + mov DWORD [32+esp],esi + jnz NEAR L$036slow_dec_loop_x86 + mov esp,DWORD [28+esp] + popfd + pop edi + pop esi + pop ebx + pop ebp + ret + pushfd +align 16 +L$039slow_dec_partial_x86: + lea esi,[60+esp] + mov DWORD [esi],eax + mov DWORD [4+esi],ebx + mov DWORD [8+esi],ecx + mov DWORD [12+esi],edx + mov esi,DWORD [32+esp] + mov eax,DWORD [esi] + mov ebx,DWORD [4+esi] + mov ecx,DWORD [8+esi] + mov edx,DWORD [12+esi] + mov DWORD [edi],eax + mov DWORD [4+edi],ebx + mov DWORD [8+edi],ecx + mov DWORD [12+edi],edx + mov ecx,DWORD [40+esp] + mov edi,DWORD [36+esp] + lea esi,[60+esp] +align 4 +dd 2767451785 + mov esp,DWORD [28+esp] + popfd + pop edi + pop esi + pop ebx + pop ebp + ret +align 16 +__x86_AES_set_encrypt_key: + push ebp + push ebx + push esi + push edi + mov esi,DWORD [24+esp] + mov edi,DWORD [32+esp] + test esi,-1 + jz NEAR L$040badpointer + test edi,-1 + jz NEAR L$040badpointer + call L$041pic_point +L$041pic_point: + pop ebp + lea ebp,[(L$AES_Te-L$041pic_point)+ebp] + lea ebp,[2176+ebp] + mov eax,DWORD [ebp-128] + mov ebx,DWORD [ebp-96] + mov ecx,DWORD [ebp-64] + mov edx,DWORD [ebp-32] + mov eax,DWORD [ebp] + mov ebx,DWORD [32+ebp] + mov ecx,DWORD [64+ebp] + mov edx,DWORD [96+ebp] + mov ecx,DWORD [28+esp] + cmp ecx,128 + je NEAR L$04210rounds + cmp ecx,192 + je NEAR L$04312rounds + cmp ecx,256 + je NEAR L$04414rounds + mov eax,-2 + jmp NEAR L$045exit +L$04210rounds: + mov eax,DWORD [esi] + mov ebx,DWORD [4+esi] + mov ecx,DWORD [8+esi] + mov edx,DWORD [12+esi] + mov DWORD [edi],eax + mov DWORD [4+edi],ebx + mov DWORD [8+edi],ecx + mov DWORD [12+edi],edx + xor ecx,ecx + jmp NEAR L$04610shortcut +align 4 +L$04710loop: + mov eax,DWORD [edi] + mov edx,DWORD [12+edi] +L$04610shortcut: + movzx esi,dl + movzx ebx,BYTE [esi*1+ebp-128] + movzx esi,dh + shl ebx,24 + xor eax,ebx + movzx ebx,BYTE [esi*1+ebp-128] + shr edx,16 + movzx esi,dl + xor eax,ebx + movzx ebx,BYTE [esi*1+ebp-128] + movzx esi,dh + shl ebx,8 + xor eax,ebx + movzx ebx,BYTE [esi*1+ebp-128] + shl ebx,16 + xor eax,ebx + xor eax,DWORD [896+ecx*4+ebp] + mov DWORD [16+edi],eax + xor eax,DWORD [4+edi] + mov DWORD [20+edi],eax + xor eax,DWORD [8+edi] + mov DWORD [24+edi],eax + xor eax,DWORD [12+edi] + mov DWORD [28+edi],eax + inc ecx + add edi,16 + cmp ecx,10 + jl NEAR L$04710loop + mov DWORD [80+edi],10 + xor eax,eax + jmp NEAR L$045exit +L$04312rounds: + mov eax,DWORD [esi] + mov ebx,DWORD [4+esi] + mov ecx,DWORD [8+esi] + mov edx,DWORD [12+esi] + mov DWORD [edi],eax + mov DWORD [4+edi],ebx + mov DWORD [8+edi],ecx + mov DWORD [12+edi],edx + mov ecx,DWORD [16+esi] + mov edx,DWORD [20+esi] + mov DWORD [16+edi],ecx + mov DWORD [20+edi],edx + xor ecx,ecx + jmp NEAR L$04812shortcut +align 4 +L$04912loop: + mov eax,DWORD [edi] + mov edx,DWORD [20+edi] +L$04812shortcut: + movzx esi,dl + movzx ebx,BYTE [esi*1+ebp-128] + movzx esi,dh + shl ebx,24 + xor eax,ebx + movzx ebx,BYTE [esi*1+ebp-128] + shr edx,16 + movzx esi,dl + xor eax,ebx + movzx ebx,BYTE [esi*1+ebp-128] + movzx esi,dh + shl ebx,8 + xor eax,ebx + movzx ebx,BYTE [esi*1+ebp-128] + shl ebx,16 + xor eax,ebx + xor eax,DWORD [896+ecx*4+ebp] + mov DWORD [24+edi],eax + xor eax,DWORD [4+edi] + mov DWORD [28+edi],eax + xor eax,DWORD [8+edi] + mov DWORD [32+edi],eax + xor eax,DWORD [12+edi] + mov DWORD [36+edi],eax + cmp ecx,7 + je NEAR L$05012break + inc ecx + xor eax,DWORD [16+edi] + mov DWORD [40+edi],eax + xor eax,DWORD [20+edi] + mov DWORD [44+edi],eax + add edi,24 + jmp NEAR L$04912loop +L$05012break: + mov DWORD [72+edi],12 + xor eax,eax + jmp NEAR L$045exit +L$04414rounds: + mov eax,DWORD [esi] + mov ebx,DWORD [4+esi] + mov ecx,DWORD [8+esi] + mov edx,DWORD [12+esi] + mov DWORD [edi],eax + mov DWORD [4+edi],ebx + mov DWORD [8+edi],ecx + mov DWORD [12+edi],edx + mov eax,DWORD [16+esi] + mov ebx,DWORD [20+esi] + mov ecx,DWORD [24+esi] + mov edx,DWORD [28+esi] + mov DWORD [16+edi],eax + mov DWORD [20+edi],ebx + mov DWORD [24+edi],ecx + mov DWORD [28+edi],edx + xor ecx,ecx + jmp NEAR L$05114shortcut +align 4 +L$05214loop: + mov edx,DWORD [28+edi] +L$05114shortcut: + mov eax,DWORD [edi] + movzx esi,dl + movzx ebx,BYTE [esi*1+ebp-128] + movzx esi,dh + shl ebx,24 + xor eax,ebx + movzx ebx,BYTE [esi*1+ebp-128] + shr edx,16 + movzx esi,dl + xor eax,ebx + movzx ebx,BYTE [esi*1+ebp-128] + movzx esi,dh + shl ebx,8 + xor eax,ebx + movzx ebx,BYTE [esi*1+ebp-128] + shl ebx,16 + xor eax,ebx + xor eax,DWORD [896+ecx*4+ebp] + mov DWORD [32+edi],eax + xor eax,DWORD [4+edi] + mov DWORD [36+edi],eax + xor eax,DWORD [8+edi] + mov DWORD [40+edi],eax + xor eax,DWORD [12+edi] + mov DWORD [44+edi],eax + cmp ecx,6 + je NEAR L$05314break + inc ecx + mov edx,eax + mov eax,DWORD [16+edi] + movzx esi,dl + movzx ebx,BYTE [esi*1+ebp-128] + movzx esi,dh + xor eax,ebx + movzx ebx,BYTE [esi*1+ebp-128] + shr edx,16 + shl ebx,8 + movzx esi,dl + xor eax,ebx + movzx ebx,BYTE [esi*1+ebp-128] + movzx esi,dh + shl ebx,16 + xor eax,ebx + movzx ebx,BYTE [esi*1+ebp-128] + shl ebx,24 + xor eax,ebx + mov DWORD [48+edi],eax + xor eax,DWORD [20+edi] + mov DWORD [52+edi],eax + xor eax,DWORD [24+edi] + mov DWORD [56+edi],eax + xor eax,DWORD [28+edi] + mov DWORD [60+edi],eax + add edi,32 + jmp NEAR L$05214loop +L$05314break: + mov DWORD [48+edi],14 + xor eax,eax + jmp NEAR L$045exit +L$040badpointer: + mov eax,-1 +L$045exit: + pop edi + pop esi + pop ebx + pop ebp + ret +global _asm_AES_set_encrypt_key +align 16 +_asm_AES_set_encrypt_key: +L$_asm_AES_set_encrypt_key_begin: + call __x86_AES_set_encrypt_key + ret +global _asm_AES_set_decrypt_key +align 16 +_asm_AES_set_decrypt_key: +L$_asm_AES_set_decrypt_key_begin: + call __x86_AES_set_encrypt_key + cmp eax,0 + je NEAR L$054proceed + ret +L$054proceed: + push ebp + push ebx + push esi + push edi + mov esi,DWORD [28+esp] + mov ecx,DWORD [240+esi] + lea ecx,[ecx*4] + lea edi,[ecx*4+esi] +align 4 +L$055invert: + mov eax,DWORD [esi] + mov ebx,DWORD [4+esi] + mov ecx,DWORD [edi] + mov edx,DWORD [4+edi] + mov DWORD [edi],eax + mov DWORD [4+edi],ebx + mov DWORD [esi],ecx + mov DWORD [4+esi],edx + mov eax,DWORD [8+esi] + mov ebx,DWORD [12+esi] + mov ecx,DWORD [8+edi] + mov edx,DWORD [12+edi] + mov DWORD [8+edi],eax + mov DWORD [12+edi],ebx + mov DWORD [8+esi],ecx + mov DWORD [12+esi],edx + add esi,16 + sub edi,16 + cmp esi,edi + jne NEAR L$055invert + mov edi,DWORD [28+esp] + mov esi,DWORD [240+edi] + lea esi,[esi*1+esi-2] + lea esi,[esi*8+edi] + mov DWORD [28+esp],esi + mov eax,DWORD [16+edi] +align 4 +L$056permute: + add edi,16 + mov ebp,2155905152 + and ebp,eax + lea ebx,[eax*1+eax] + mov esi,ebp + shr ebp,7 + sub esi,ebp + and ebx,4278124286 + and esi,454761243 + xor ebx,esi + mov ebp,2155905152 + and ebp,ebx + lea ecx,[ebx*1+ebx] + mov esi,ebp + shr ebp,7 + sub esi,ebp + and ecx,4278124286 + and esi,454761243 + xor ebx,eax + xor ecx,esi + mov ebp,2155905152 + and ebp,ecx + lea edx,[ecx*1+ecx] + mov esi,ebp + shr ebp,7 + xor ecx,eax + sub esi,ebp + and edx,4278124286 + and esi,454761243 + rol eax,8 + xor edx,esi + mov ebp,DWORD [4+edi] + xor eax,ebx + xor ebx,edx + xor eax,ecx + rol ebx,24 + xor ecx,edx + xor eax,edx + rol ecx,16 + xor eax,ebx + rol edx,8 + xor eax,ecx + mov ebx,ebp + xor eax,edx + mov DWORD [edi],eax + mov ebp,2155905152 + and ebp,ebx + lea ecx,[ebx*1+ebx] + mov esi,ebp + shr ebp,7 + sub esi,ebp + and ecx,4278124286 + and esi,454761243 + xor ecx,esi + mov ebp,2155905152 + and ebp,ecx + lea edx,[ecx*1+ecx] + mov esi,ebp + shr ebp,7 + sub esi,ebp + and edx,4278124286 + and esi,454761243 + xor ecx,ebx + xor edx,esi + mov ebp,2155905152 + and ebp,edx + lea eax,[edx*1+edx] + mov esi,ebp + shr ebp,7 + xor edx,ebx + sub esi,ebp + and eax,4278124286 + and esi,454761243 + rol ebx,8 + xor eax,esi + mov ebp,DWORD [8+edi] + xor ebx,ecx + xor ecx,eax + xor ebx,edx + rol ecx,24 + xor edx,eax + xor ebx,eax + rol edx,16 + xor ebx,ecx + rol eax,8 + xor ebx,edx + mov ecx,ebp + xor ebx,eax + mov DWORD [4+edi],ebx + mov ebp,2155905152 + and ebp,ecx + lea edx,[ecx*1+ecx] + mov esi,ebp + shr ebp,7 + sub esi,ebp + and edx,4278124286 + and esi,454761243 + xor edx,esi + mov ebp,2155905152 + and ebp,edx + lea eax,[edx*1+edx] + mov esi,ebp + shr ebp,7 + sub esi,ebp + and eax,4278124286 + and esi,454761243 + xor edx,ecx + xor eax,esi + mov ebp,2155905152 + and ebp,eax + lea ebx,[eax*1+eax] + mov esi,ebp + shr ebp,7 + xor eax,ecx + sub esi,ebp + and ebx,4278124286 + and esi,454761243 + rol ecx,8 + xor ebx,esi + mov ebp,DWORD [12+edi] + xor ecx,edx + xor edx,ebx + xor ecx,eax + rol edx,24 + xor eax,ebx + xor ecx,ebx + rol eax,16 + xor ecx,edx + rol ebx,8 + xor ecx,eax + mov edx,ebp + xor ecx,ebx + mov DWORD [8+edi],ecx + mov ebp,2155905152 + and ebp,edx + lea eax,[edx*1+edx] + mov esi,ebp + shr ebp,7 + sub esi,ebp + and eax,4278124286 + and esi,454761243 + xor eax,esi + mov ebp,2155905152 + and ebp,eax + lea ebx,[eax*1+eax] + mov esi,ebp + shr ebp,7 + sub esi,ebp + and ebx,4278124286 + and esi,454761243 + xor eax,edx + xor ebx,esi + mov ebp,2155905152 + and ebp,ebx + lea ecx,[ebx*1+ebx] + mov esi,ebp + shr ebp,7 + xor ebx,edx + sub esi,ebp + and ecx,4278124286 + and esi,454761243 + rol edx,8 + xor ecx,esi + mov ebp,DWORD [16+edi] + xor edx,eax + xor eax,ecx + xor edx,ebx + rol eax,24 + xor ebx,ecx + xor edx,ecx + rol ebx,16 + xor edx,eax + rol ecx,8 + xor edx,ebx + mov eax,ebp + xor edx,ecx + mov DWORD [12+edi],edx + cmp edi,DWORD [28+esp] + jb NEAR L$056permute + xor eax,eax + pop edi + pop esi + pop ebx + pop ebp + ret +db 65,69,83,32,102,111,114,32,120,56,54,44,32,67,82,89 +db 80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114 +db 111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 +segment .bss +common _OPENSSL_ia32cap_P 16 diff --git a/win-x86/crypto/aes/aesni-x86.asm b/win-x86/crypto/aes/aesni-x86.asm new file mode 100644 index 0000000..a9a5956 --- /dev/null +++ b/win-x86/crypto/aes/aesni-x86.asm @@ -0,0 +1,2424 @@ +%ifidn __OUTPUT_FORMAT__,obj +section code use32 class=code align=64 +%elifidn __OUTPUT_FORMAT__,win32 +%ifdef __YASM_VERSION_ID__ +%if __YASM_VERSION_ID__ < 01010000h +%error yasm version 1.1.0 or later needed. +%endif +; Yasm automatically includes .00 and complains about redefining it. +; https://www.tortall.net/projects/yasm/manual/html/objfmt-win32-safeseh.html +%else +$@feat.00 equ 1 +%endif +section .text code align=64 +%else +section .text code +%endif +;extern _OPENSSL_ia32cap_P +global _aesni_encrypt +align 16 +_aesni_encrypt: +L$_aesni_encrypt_begin: + mov eax,DWORD [4+esp] + mov edx,DWORD [12+esp] + movups xmm2,[eax] + mov ecx,DWORD [240+edx] + mov eax,DWORD [8+esp] + movups xmm0,[edx] + movups xmm1,[16+edx] + lea edx,[32+edx] + xorps xmm2,xmm0 +L$000enc1_loop_1: +db 102,15,56,220,209 + dec ecx + movups xmm1,[edx] + lea edx,[16+edx] + jnz NEAR L$000enc1_loop_1 +db 102,15,56,221,209 + pxor xmm0,xmm0 + pxor xmm1,xmm1 + movups [eax],xmm2 + pxor xmm2,xmm2 + ret +global _aesni_decrypt +align 16 +_aesni_decrypt: +L$_aesni_decrypt_begin: + mov eax,DWORD [4+esp] + mov edx,DWORD [12+esp] + movups xmm2,[eax] + mov ecx,DWORD [240+edx] + mov eax,DWORD [8+esp] + movups xmm0,[edx] + movups xmm1,[16+edx] + lea edx,[32+edx] + xorps xmm2,xmm0 +L$001dec1_loop_2: +db 102,15,56,222,209 + dec ecx + movups xmm1,[edx] + lea edx,[16+edx] + jnz NEAR L$001dec1_loop_2 +db 102,15,56,223,209 + pxor xmm0,xmm0 + pxor xmm1,xmm1 + movups [eax],xmm2 + pxor xmm2,xmm2 + ret +align 16 +__aesni_encrypt2: + movups xmm0,[edx] + shl ecx,4 + movups xmm1,[16+edx] + xorps xmm2,xmm0 + pxor xmm3,xmm0 + movups xmm0,[32+edx] + lea edx,[32+ecx*1+edx] + neg ecx + add ecx,16 +L$002enc2_loop: +db 102,15,56,220,209 +db 102,15,56,220,217 + movups xmm1,[ecx*1+edx] + add ecx,32 +db 102,15,56,220,208 +db 102,15,56,220,216 + movups xmm0,[ecx*1+edx-16] + jnz NEAR L$002enc2_loop +db 102,15,56,220,209 +db 102,15,56,220,217 +db 102,15,56,221,208 +db 102,15,56,221,216 + ret +align 16 +__aesni_decrypt2: + movups xmm0,[edx] + shl ecx,4 + movups xmm1,[16+edx] + xorps xmm2,xmm0 + pxor xmm3,xmm0 + movups xmm0,[32+edx] + lea edx,[32+ecx*1+edx] + neg ecx + add ecx,16 +L$003dec2_loop: +db 102,15,56,222,209 +db 102,15,56,222,217 + movups xmm1,[ecx*1+edx] + add ecx,32 +db 102,15,56,222,208 +db 102,15,56,222,216 + movups xmm0,[ecx*1+edx-16] + jnz NEAR L$003dec2_loop +db 102,15,56,222,209 +db 102,15,56,222,217 +db 102,15,56,223,208 +db 102,15,56,223,216 + ret +align 16 +__aesni_encrypt3: + movups xmm0,[edx] + shl ecx,4 + movups xmm1,[16+edx] + xorps xmm2,xmm0 + pxor xmm3,xmm0 + pxor xmm4,xmm0 + movups xmm0,[32+edx] + lea edx,[32+ecx*1+edx] + neg ecx + add ecx,16 +L$004enc3_loop: +db 102,15,56,220,209 +db 102,15,56,220,217 +db 102,15,56,220,225 + movups xmm1,[ecx*1+edx] + add ecx,32 +db 102,15,56,220,208 +db 102,15,56,220,216 +db 102,15,56,220,224 + movups xmm0,[ecx*1+edx-16] + jnz NEAR L$004enc3_loop +db 102,15,56,220,209 +db 102,15,56,220,217 +db 102,15,56,220,225 +db 102,15,56,221,208 +db 102,15,56,221,216 +db 102,15,56,221,224 + ret +align 16 +__aesni_decrypt3: + movups xmm0,[edx] + shl ecx,4 + movups xmm1,[16+edx] + xorps xmm2,xmm0 + pxor xmm3,xmm0 + pxor xmm4,xmm0 + movups xmm0,[32+edx] + lea edx,[32+ecx*1+edx] + neg ecx + add ecx,16 +L$005dec3_loop: +db 102,15,56,222,209 +db 102,15,56,222,217 +db 102,15,56,222,225 + movups xmm1,[ecx*1+edx] + add ecx,32 +db 102,15,56,222,208 +db 102,15,56,222,216 +db 102,15,56,222,224 + movups xmm0,[ecx*1+edx-16] + jnz NEAR L$005dec3_loop +db 102,15,56,222,209 +db 102,15,56,222,217 +db 102,15,56,222,225 +db 102,15,56,223,208 +db 102,15,56,223,216 +db 102,15,56,223,224 + ret +align 16 +__aesni_encrypt4: + movups xmm0,[edx] + movups xmm1,[16+edx] + shl ecx,4 + xorps xmm2,xmm0 + pxor xmm3,xmm0 + pxor xmm4,xmm0 + pxor xmm5,xmm0 + movups xmm0,[32+edx] + lea edx,[32+ecx*1+edx] + neg ecx +db 15,31,64,0 + add ecx,16 +L$006enc4_loop: +db 102,15,56,220,209 +db 102,15,56,220,217 +db 102,15,56,220,225 +db 102,15,56,220,233 + movups xmm1,[ecx*1+edx] + add ecx,32 +db 102,15,56,220,208 +db 102,15,56,220,216 +db 102,15,56,220,224 +db 102,15,56,220,232 + movups xmm0,[ecx*1+edx-16] + jnz NEAR L$006enc4_loop +db 102,15,56,220,209 +db 102,15,56,220,217 +db 102,15,56,220,225 +db 102,15,56,220,233 +db 102,15,56,221,208 +db 102,15,56,221,216 +db 102,15,56,221,224 +db 102,15,56,221,232 + ret +align 16 +__aesni_decrypt4: + movups xmm0,[edx] + movups xmm1,[16+edx] + shl ecx,4 + xorps xmm2,xmm0 + pxor xmm3,xmm0 + pxor xmm4,xmm0 + pxor xmm5,xmm0 + movups xmm0,[32+edx] + lea edx,[32+ecx*1+edx] + neg ecx +db 15,31,64,0 + add ecx,16 +L$007dec4_loop: +db 102,15,56,222,209 +db 102,15,56,222,217 +db 102,15,56,222,225 +db 102,15,56,222,233 + movups xmm1,[ecx*1+edx] + add ecx,32 +db 102,15,56,222,208 +db 102,15,56,222,216 +db 102,15,56,222,224 +db 102,15,56,222,232 + movups xmm0,[ecx*1+edx-16] + jnz NEAR L$007dec4_loop +db 102,15,56,222,209 +db 102,15,56,222,217 +db 102,15,56,222,225 +db 102,15,56,222,233 +db 102,15,56,223,208 +db 102,15,56,223,216 +db 102,15,56,223,224 +db 102,15,56,223,232 + ret +align 16 +__aesni_encrypt6: + movups xmm0,[edx] + shl ecx,4 + movups xmm1,[16+edx] + xorps xmm2,xmm0 + pxor xmm3,xmm0 + pxor xmm4,xmm0 +db 102,15,56,220,209 + pxor xmm5,xmm0 + pxor xmm6,xmm0 +db 102,15,56,220,217 + lea edx,[32+ecx*1+edx] + neg ecx +db 102,15,56,220,225 + pxor xmm7,xmm0 + movups xmm0,[ecx*1+edx] + add ecx,16 + jmp NEAR L$008_aesni_encrypt6_inner +align 16 +L$009enc6_loop: +db 102,15,56,220,209 +db 102,15,56,220,217 +db 102,15,56,220,225 +L$008_aesni_encrypt6_inner: +db 102,15,56,220,233 +db 102,15,56,220,241 +db 102,15,56,220,249 +L$_aesni_encrypt6_enter: + movups xmm1,[ecx*1+edx] + add ecx,32 +db 102,15,56,220,208 +db 102,15,56,220,216 +db 102,15,56,220,224 +db 102,15,56,220,232 +db 102,15,56,220,240 +db 102,15,56,220,248 + movups xmm0,[ecx*1+edx-16] + jnz NEAR L$009enc6_loop +db 102,15,56,220,209 +db 102,15,56,220,217 +db 102,15,56,220,225 +db 102,15,56,220,233 +db 102,15,56,220,241 +db 102,15,56,220,249 +db 102,15,56,221,208 +db 102,15,56,221,216 +db 102,15,56,221,224 +db 102,15,56,221,232 +db 102,15,56,221,240 +db 102,15,56,221,248 + ret +align 16 +__aesni_decrypt6: + movups xmm0,[edx] + shl ecx,4 + movups xmm1,[16+edx] + xorps xmm2,xmm0 + pxor xmm3,xmm0 + pxor xmm4,xmm0 +db 102,15,56,222,209 + pxor xmm5,xmm0 + pxor xmm6,xmm0 +db 102,15,56,222,217 + lea edx,[32+ecx*1+edx] + neg ecx +db 102,15,56,222,225 + pxor xmm7,xmm0 + movups xmm0,[ecx*1+edx] + add ecx,16 + jmp NEAR L$010_aesni_decrypt6_inner +align 16 +L$011dec6_loop: +db 102,15,56,222,209 +db 102,15,56,222,217 +db 102,15,56,222,225 +L$010_aesni_decrypt6_inner: +db 102,15,56,222,233 +db 102,15,56,222,241 +db 102,15,56,222,249 +L$_aesni_decrypt6_enter: + movups xmm1,[ecx*1+edx] + add ecx,32 +db 102,15,56,222,208 +db 102,15,56,222,216 +db 102,15,56,222,224 +db 102,15,56,222,232 +db 102,15,56,222,240 +db 102,15,56,222,248 + movups xmm0,[ecx*1+edx-16] + jnz NEAR L$011dec6_loop +db 102,15,56,222,209 +db 102,15,56,222,217 +db 102,15,56,222,225 +db 102,15,56,222,233 +db 102,15,56,222,241 +db 102,15,56,222,249 +db 102,15,56,223,208 +db 102,15,56,223,216 +db 102,15,56,223,224 +db 102,15,56,223,232 +db 102,15,56,223,240 +db 102,15,56,223,248 + ret +global _aesni_ecb_encrypt +align 16 +_aesni_ecb_encrypt: +L$_aesni_ecb_encrypt_begin: + push ebp + push ebx + push esi + push edi + mov esi,DWORD [20+esp] + mov edi,DWORD [24+esp] + mov eax,DWORD [28+esp] + mov edx,DWORD [32+esp] + mov ebx,DWORD [36+esp] + and eax,-16 + jz NEAR L$012ecb_ret + mov ecx,DWORD [240+edx] + test ebx,ebx + jz NEAR L$013ecb_decrypt + mov ebp,edx + mov ebx,ecx + cmp eax,96 + jb NEAR L$014ecb_enc_tail + movdqu xmm2,[esi] + movdqu xmm3,[16+esi] + movdqu xmm4,[32+esi] + movdqu xmm5,[48+esi] + movdqu xmm6,[64+esi] + movdqu xmm7,[80+esi] + lea esi,[96+esi] + sub eax,96 + jmp NEAR L$015ecb_enc_loop6_enter +align 16 +L$016ecb_enc_loop6: + movups [edi],xmm2 + movdqu xmm2,[esi] + movups [16+edi],xmm3 + movdqu xmm3,[16+esi] + movups [32+edi],xmm4 + movdqu xmm4,[32+esi] + movups [48+edi],xmm5 + movdqu xmm5,[48+esi] + movups [64+edi],xmm6 + movdqu xmm6,[64+esi] + movups [80+edi],xmm7 + lea edi,[96+edi] + movdqu xmm7,[80+esi] + lea esi,[96+esi] +L$015ecb_enc_loop6_enter: + call __aesni_encrypt6 + mov edx,ebp + mov ecx,ebx + sub eax,96 + jnc NEAR L$016ecb_enc_loop6 + movups [edi],xmm2 + movups [16+edi],xmm3 + movups [32+edi],xmm4 + movups [48+edi],xmm5 + movups [64+edi],xmm6 + movups [80+edi],xmm7 + lea edi,[96+edi] + add eax,96 + jz NEAR L$012ecb_ret +L$014ecb_enc_tail: + movups xmm2,[esi] + cmp eax,32 + jb NEAR L$017ecb_enc_one + movups xmm3,[16+esi] + je NEAR L$018ecb_enc_two + movups xmm4,[32+esi] + cmp eax,64 + jb NEAR L$019ecb_enc_three + movups xmm5,[48+esi] + je NEAR L$020ecb_enc_four + movups xmm6,[64+esi] + xorps xmm7,xmm7 + call __aesni_encrypt6 + movups [edi],xmm2 + movups [16+edi],xmm3 + movups [32+edi],xmm4 + movups [48+edi],xmm5 + movups [64+edi],xmm6 + jmp NEAR L$012ecb_ret +align 16 +L$017ecb_enc_one: + movups xmm0,[edx] + movups xmm1,[16+edx] + lea edx,[32+edx] + xorps xmm2,xmm0 +L$021enc1_loop_3: +db 102,15,56,220,209 + dec ecx + movups xmm1,[edx] + lea edx,[16+edx] + jnz NEAR L$021enc1_loop_3 +db 102,15,56,221,209 + movups [edi],xmm2 + jmp NEAR L$012ecb_ret +align 16 +L$018ecb_enc_two: + call __aesni_encrypt2 + movups [edi],xmm2 + movups [16+edi],xmm3 + jmp NEAR L$012ecb_ret +align 16 +L$019ecb_enc_three: + call __aesni_encrypt3 + movups [edi],xmm2 + movups [16+edi],xmm3 + movups [32+edi],xmm4 + jmp NEAR L$012ecb_ret +align 16 +L$020ecb_enc_four: + call __aesni_encrypt4 + movups [edi],xmm2 + movups [16+edi],xmm3 + movups [32+edi],xmm4 + movups [48+edi],xmm5 + jmp NEAR L$012ecb_ret +align 16 +L$013ecb_decrypt: + mov ebp,edx + mov ebx,ecx + cmp eax,96 + jb NEAR L$022ecb_dec_tail + movdqu xmm2,[esi] + movdqu xmm3,[16+esi] + movdqu xmm4,[32+esi] + movdqu xmm5,[48+esi] + movdqu xmm6,[64+esi] + movdqu xmm7,[80+esi] + lea esi,[96+esi] + sub eax,96 + jmp NEAR L$023ecb_dec_loop6_enter +align 16 +L$024ecb_dec_loop6: + movups [edi],xmm2 + movdqu xmm2,[esi] + movups [16+edi],xmm3 + movdqu xmm3,[16+esi] + movups [32+edi],xmm4 + movdqu xmm4,[32+esi] + movups [48+edi],xmm5 + movdqu xmm5,[48+esi] + movups [64+edi],xmm6 + movdqu xmm6,[64+esi] + movups [80+edi],xmm7 + lea edi,[96+edi] + movdqu xmm7,[80+esi] + lea esi,[96+esi] +L$023ecb_dec_loop6_enter: + call __aesni_decrypt6 + mov edx,ebp + mov ecx,ebx + sub eax,96 + jnc NEAR L$024ecb_dec_loop6 + movups [edi],xmm2 + movups [16+edi],xmm3 + movups [32+edi],xmm4 + movups [48+edi],xmm5 + movups [64+edi],xmm6 + movups [80+edi],xmm7 + lea edi,[96+edi] + add eax,96 + jz NEAR L$012ecb_ret +L$022ecb_dec_tail: + movups xmm2,[esi] + cmp eax,32 + jb NEAR L$025ecb_dec_one + movups xmm3,[16+esi] + je NEAR L$026ecb_dec_two + movups xmm4,[32+esi] + cmp eax,64 + jb NEAR L$027ecb_dec_three + movups xmm5,[48+esi] + je NEAR L$028ecb_dec_four + movups xmm6,[64+esi] + xorps xmm7,xmm7 + call __aesni_decrypt6 + movups [edi],xmm2 + movups [16+edi],xmm3 + movups [32+edi],xmm4 + movups [48+edi],xmm5 + movups [64+edi],xmm6 + jmp NEAR L$012ecb_ret +align 16 +L$025ecb_dec_one: + movups xmm0,[edx] + movups xmm1,[16+edx] + lea edx,[32+edx] + xorps xmm2,xmm0 +L$029dec1_loop_4: +db 102,15,56,222,209 + dec ecx + movups xmm1,[edx] + lea edx,[16+edx] + jnz NEAR L$029dec1_loop_4 +db 102,15,56,223,209 + movups [edi],xmm2 + jmp NEAR L$012ecb_ret +align 16 +L$026ecb_dec_two: + call __aesni_decrypt2 + movups [edi],xmm2 + movups [16+edi],xmm3 + jmp NEAR L$012ecb_ret +align 16 +L$027ecb_dec_three: + call __aesni_decrypt3 + movups [edi],xmm2 + movups [16+edi],xmm3 + movups [32+edi],xmm4 + jmp NEAR L$012ecb_ret +align 16 +L$028ecb_dec_four: + call __aesni_decrypt4 + movups [edi],xmm2 + movups [16+edi],xmm3 + movups [32+edi],xmm4 + movups [48+edi],xmm5 +L$012ecb_ret: + pxor xmm0,xmm0 + pxor xmm1,xmm1 + pxor xmm2,xmm2 + pxor xmm3,xmm3 + pxor xmm4,xmm4 + pxor xmm5,xmm5 + pxor xmm6,xmm6 + pxor xmm7,xmm7 + pop edi + pop esi + pop ebx + pop ebp + ret +global _aesni_ccm64_encrypt_blocks +align 16 +_aesni_ccm64_encrypt_blocks: +L$_aesni_ccm64_encrypt_blocks_begin: + push ebp + push ebx + push esi + push edi + mov esi,DWORD [20+esp] + mov edi,DWORD [24+esp] + mov eax,DWORD [28+esp] + mov edx,DWORD [32+esp] + mov ebx,DWORD [36+esp] + mov ecx,DWORD [40+esp] + mov ebp,esp + sub esp,60 + and esp,-16 + mov DWORD [48+esp],ebp + movdqu xmm7,[ebx] + movdqu xmm3,[ecx] + mov ecx,DWORD [240+edx] + mov DWORD [esp],202182159 + mov DWORD [4+esp],134810123 + mov DWORD [8+esp],67438087 + mov DWORD [12+esp],66051 + mov ebx,1 + xor ebp,ebp + mov DWORD [16+esp],ebx + mov DWORD [20+esp],ebp + mov DWORD [24+esp],ebp + mov DWORD [28+esp],ebp + shl ecx,4 + mov ebx,16 + lea ebp,[edx] + movdqa xmm5,[esp] + movdqa xmm2,xmm7 + lea edx,[32+ecx*1+edx] + sub ebx,ecx +db 102,15,56,0,253 +L$030ccm64_enc_outer: + movups xmm0,[ebp] + mov ecx,ebx + movups xmm6,[esi] + xorps xmm2,xmm0 + movups xmm1,[16+ebp] + xorps xmm0,xmm6 + xorps xmm3,xmm0 + movups xmm0,[32+ebp] +L$031ccm64_enc2_loop: +db 102,15,56,220,209 +db 102,15,56,220,217 + movups xmm1,[ecx*1+edx] + add ecx,32 +db 102,15,56,220,208 +db 102,15,56,220,216 + movups xmm0,[ecx*1+edx-16] + jnz NEAR L$031ccm64_enc2_loop +db 102,15,56,220,209 +db 102,15,56,220,217 + paddq xmm7,[16+esp] + dec eax +db 102,15,56,221,208 +db 102,15,56,221,216 + lea esi,[16+esi] + xorps xmm6,xmm2 + movdqa xmm2,xmm7 + movups [edi],xmm6 +db 102,15,56,0,213 + lea edi,[16+edi] + jnz NEAR L$030ccm64_enc_outer + mov esp,DWORD [48+esp] + mov edi,DWORD [40+esp] + movups [edi],xmm3 + pxor xmm0,xmm0 + pxor xmm1,xmm1 + pxor xmm2,xmm2 + pxor xmm3,xmm3 + pxor xmm4,xmm4 + pxor xmm5,xmm5 + pxor xmm6,xmm6 + pxor xmm7,xmm7 + pop edi + pop esi + pop ebx + pop ebp + ret +global _aesni_ccm64_decrypt_blocks +align 16 +_aesni_ccm64_decrypt_blocks: +L$_aesni_ccm64_decrypt_blocks_begin: + push ebp + push ebx + push esi + push edi + mov esi,DWORD [20+esp] + mov edi,DWORD [24+esp] + mov eax,DWORD [28+esp] + mov edx,DWORD [32+esp] + mov ebx,DWORD [36+esp] + mov ecx,DWORD [40+esp] + mov ebp,esp + sub esp,60 + and esp,-16 + mov DWORD [48+esp],ebp + movdqu xmm7,[ebx] + movdqu xmm3,[ecx] + mov ecx,DWORD [240+edx] + mov DWORD [esp],202182159 + mov DWORD [4+esp],134810123 + mov DWORD [8+esp],67438087 + mov DWORD [12+esp],66051 + mov ebx,1 + xor ebp,ebp + mov DWORD [16+esp],ebx + mov DWORD [20+esp],ebp + mov DWORD [24+esp],ebp + mov DWORD [28+esp],ebp + movdqa xmm5,[esp] + movdqa xmm2,xmm7 + mov ebp,edx + mov ebx,ecx +db 102,15,56,0,253 + movups xmm0,[edx] + movups xmm1,[16+edx] + lea edx,[32+edx] + xorps xmm2,xmm0 +L$032enc1_loop_5: +db 102,15,56,220,209 + dec ecx + movups xmm1,[edx] + lea edx,[16+edx] + jnz NEAR L$032enc1_loop_5 +db 102,15,56,221,209 + shl ebx,4 + mov ecx,16 + movups xmm6,[esi] + paddq xmm7,[16+esp] + lea esi,[16+esi] + sub ecx,ebx + lea edx,[32+ebx*1+ebp] + mov ebx,ecx + jmp NEAR L$033ccm64_dec_outer +align 16 +L$033ccm64_dec_outer: + xorps xmm6,xmm2 + movdqa xmm2,xmm7 + movups [edi],xmm6 + lea edi,[16+edi] +db 102,15,56,0,213 + sub eax,1 + jz NEAR L$034ccm64_dec_break + movups xmm0,[ebp] + mov ecx,ebx + movups xmm1,[16+ebp] + xorps xmm6,xmm0 + xorps xmm2,xmm0 + xorps xmm3,xmm6 + movups xmm0,[32+ebp] +L$035ccm64_dec2_loop: +db 102,15,56,220,209 +db 102,15,56,220,217 + movups xmm1,[ecx*1+edx] + add ecx,32 +db 102,15,56,220,208 +db 102,15,56,220,216 + movups xmm0,[ecx*1+edx-16] + jnz NEAR L$035ccm64_dec2_loop + movups xmm6,[esi] + paddq xmm7,[16+esp] +db 102,15,56,220,209 +db 102,15,56,220,217 +db 102,15,56,221,208 +db 102,15,56,221,216 + lea esi,[16+esi] + jmp NEAR L$033ccm64_dec_outer +align 16 +L$034ccm64_dec_break: + mov ecx,DWORD [240+ebp] + mov edx,ebp + movups xmm0,[edx] + movups xmm1,[16+edx] + xorps xmm6,xmm0 + lea edx,[32+edx] + xorps xmm3,xmm6 +L$036enc1_loop_6: +db 102,15,56,220,217 + dec ecx + movups xmm1,[edx] + lea edx,[16+edx] + jnz NEAR L$036enc1_loop_6 +db 102,15,56,221,217 + mov esp,DWORD [48+esp] + mov edi,DWORD [40+esp] + movups [edi],xmm3 + pxor xmm0,xmm0 + pxor xmm1,xmm1 + pxor xmm2,xmm2 + pxor xmm3,xmm3 + pxor xmm4,xmm4 + pxor xmm5,xmm5 + pxor xmm6,xmm6 + pxor xmm7,xmm7 + pop edi + pop esi + pop ebx + pop ebp + ret +global _aesni_ctr32_encrypt_blocks +align 16 +_aesni_ctr32_encrypt_blocks: +L$_aesni_ctr32_encrypt_blocks_begin: + push ebp + push ebx + push esi + push edi + mov esi,DWORD [20+esp] + mov edi,DWORD [24+esp] + mov eax,DWORD [28+esp] + mov edx,DWORD [32+esp] + mov ebx,DWORD [36+esp] + mov ebp,esp + sub esp,88 + and esp,-16 + mov DWORD [80+esp],ebp + cmp eax,1 + je NEAR L$037ctr32_one_shortcut + movdqu xmm7,[ebx] + mov DWORD [esp],202182159 + mov DWORD [4+esp],134810123 + mov DWORD [8+esp],67438087 + mov DWORD [12+esp],66051 + mov ecx,6 + xor ebp,ebp + mov DWORD [16+esp],ecx + mov DWORD [20+esp],ecx + mov DWORD [24+esp],ecx + mov DWORD [28+esp],ebp +db 102,15,58,22,251,3 +db 102,15,58,34,253,3 + mov ecx,DWORD [240+edx] + bswap ebx + pxor xmm0,xmm0 + pxor xmm1,xmm1 + movdqa xmm2,[esp] +db 102,15,58,34,195,0 + lea ebp,[3+ebx] +db 102,15,58,34,205,0 + inc ebx +db 102,15,58,34,195,1 + inc ebp +db 102,15,58,34,205,1 + inc ebx +db 102,15,58,34,195,2 + inc ebp +db 102,15,58,34,205,2 + movdqa [48+esp],xmm0 +db 102,15,56,0,194 + movdqu xmm6,[edx] + movdqa [64+esp],xmm1 +db 102,15,56,0,202 + pshufd xmm2,xmm0,192 + pshufd xmm3,xmm0,128 + cmp eax,6 + jb NEAR L$038ctr32_tail + pxor xmm7,xmm6 + shl ecx,4 + mov ebx,16 + movdqa [32+esp],xmm7 + mov ebp,edx + sub ebx,ecx + lea edx,[32+ecx*1+edx] + sub eax,6 + jmp NEAR L$039ctr32_loop6 +align 16 +L$039ctr32_loop6: + pshufd xmm4,xmm0,64 + movdqa xmm0,[32+esp] + pshufd xmm5,xmm1,192 + pxor xmm2,xmm0 + pshufd xmm6,xmm1,128 + pxor xmm3,xmm0 + pshufd xmm7,xmm1,64 + movups xmm1,[16+ebp] + pxor xmm4,xmm0 + pxor xmm5,xmm0 +db 102,15,56,220,209 + pxor xmm6,xmm0 + pxor xmm7,xmm0 +db 102,15,56,220,217 + movups xmm0,[32+ebp] + mov ecx,ebx +db 102,15,56,220,225 +db 102,15,56,220,233 +db 102,15,56,220,241 +db 102,15,56,220,249 + call L$_aesni_encrypt6_enter + movups xmm1,[esi] + movups xmm0,[16+esi] + xorps xmm2,xmm1 + movups xmm1,[32+esi] + xorps xmm3,xmm0 + movups [edi],xmm2 + movdqa xmm0,[16+esp] + xorps xmm4,xmm1 + movdqa xmm1,[64+esp] + movups [16+edi],xmm3 + movups [32+edi],xmm4 + paddd xmm1,xmm0 + paddd xmm0,[48+esp] + movdqa xmm2,[esp] + movups xmm3,[48+esi] + movups xmm4,[64+esi] + xorps xmm5,xmm3 + movups xmm3,[80+esi] + lea esi,[96+esi] + movdqa [48+esp],xmm0 +db 102,15,56,0,194 + xorps xmm6,xmm4 + movups [48+edi],xmm5 + xorps xmm7,xmm3 + movdqa [64+esp],xmm1 +db 102,15,56,0,202 + movups [64+edi],xmm6 + pshufd xmm2,xmm0,192 + movups [80+edi],xmm7 + lea edi,[96+edi] + pshufd xmm3,xmm0,128 + sub eax,6 + jnc NEAR L$039ctr32_loop6 + add eax,6 + jz NEAR L$040ctr32_ret + movdqu xmm7,[ebp] + mov edx,ebp + pxor xmm7,[32+esp] + mov ecx,DWORD [240+ebp] +L$038ctr32_tail: + por xmm2,xmm7 + cmp eax,2 + jb NEAR L$041ctr32_one + pshufd xmm4,xmm0,64 + por xmm3,xmm7 + je NEAR L$042ctr32_two + pshufd xmm5,xmm1,192 + por xmm4,xmm7 + cmp eax,4 + jb NEAR L$043ctr32_three + pshufd xmm6,xmm1,128 + por xmm5,xmm7 + je NEAR L$044ctr32_four + por xmm6,xmm7 + call __aesni_encrypt6 + movups xmm1,[esi] + movups xmm0,[16+esi] + xorps xmm2,xmm1 + movups xmm1,[32+esi] + xorps xmm3,xmm0 + movups xmm0,[48+esi] + xorps xmm4,xmm1 + movups xmm1,[64+esi] + xorps xmm5,xmm0 + movups [edi],xmm2 + xorps xmm6,xmm1 + movups [16+edi],xmm3 + movups [32+edi],xmm4 + movups [48+edi],xmm5 + movups [64+edi],xmm6 + jmp NEAR L$040ctr32_ret +align 16 +L$037ctr32_one_shortcut: + movups xmm2,[ebx] + mov ecx,DWORD [240+edx] +L$041ctr32_one: + movups xmm0,[edx] + movups xmm1,[16+edx] + lea edx,[32+edx] + xorps xmm2,xmm0 +L$045enc1_loop_7: +db 102,15,56,220,209 + dec ecx + movups xmm1,[edx] + lea edx,[16+edx] + jnz NEAR L$045enc1_loop_7 +db 102,15,56,221,209 + movups xmm6,[esi] + xorps xmm6,xmm2 + movups [edi],xmm6 + jmp NEAR L$040ctr32_ret +align 16 +L$042ctr32_two: + call __aesni_encrypt2 + movups xmm5,[esi] + movups xmm6,[16+esi] + xorps xmm2,xmm5 + xorps xmm3,xmm6 + movups [edi],xmm2 + movups [16+edi],xmm3 + jmp NEAR L$040ctr32_ret +align 16 +L$043ctr32_three: + call __aesni_encrypt3 + movups xmm5,[esi] + movups xmm6,[16+esi] + xorps xmm2,xmm5 + movups xmm7,[32+esi] + xorps xmm3,xmm6 + movups [edi],xmm2 + xorps xmm4,xmm7 + movups [16+edi],xmm3 + movups [32+edi],xmm4 + jmp NEAR L$040ctr32_ret +align 16 +L$044ctr32_four: + call __aesni_encrypt4 + movups xmm6,[esi] + movups xmm7,[16+esi] + movups xmm1,[32+esi] + xorps xmm2,xmm6 + movups xmm0,[48+esi] + xorps xmm3,xmm7 + movups [edi],xmm2 + xorps xmm4,xmm1 + movups [16+edi],xmm3 + xorps xmm5,xmm0 + movups [32+edi],xmm4 + movups [48+edi],xmm5 +L$040ctr32_ret: + pxor xmm0,xmm0 + pxor xmm1,xmm1 + pxor xmm2,xmm2 + pxor xmm3,xmm3 + pxor xmm4,xmm4 + movdqa [32+esp],xmm0 + pxor xmm5,xmm5 + movdqa [48+esp],xmm0 + pxor xmm6,xmm6 + movdqa [64+esp],xmm0 + pxor xmm7,xmm7 + mov esp,DWORD [80+esp] + pop edi + pop esi + pop ebx + pop ebp + ret +global _aesni_xts_encrypt +align 16 +_aesni_xts_encrypt: +L$_aesni_xts_encrypt_begin: + push ebp + push ebx + push esi + push edi + mov edx,DWORD [36+esp] + mov esi,DWORD [40+esp] + mov ecx,DWORD [240+edx] + movups xmm2,[esi] + movups xmm0,[edx] + movups xmm1,[16+edx] + lea edx,[32+edx] + xorps xmm2,xmm0 +L$046enc1_loop_8: +db 102,15,56,220,209 + dec ecx + movups xmm1,[edx] + lea edx,[16+edx] + jnz NEAR L$046enc1_loop_8 +db 102,15,56,221,209 + mov esi,DWORD [20+esp] + mov edi,DWORD [24+esp] + mov eax,DWORD [28+esp] + mov edx,DWORD [32+esp] + mov ebp,esp + sub esp,120 + mov ecx,DWORD [240+edx] + and esp,-16 + mov DWORD [96+esp],135 + mov DWORD [100+esp],0 + mov DWORD [104+esp],1 + mov DWORD [108+esp],0 + mov DWORD [112+esp],eax + mov DWORD [116+esp],ebp + movdqa xmm1,xmm2 + pxor xmm0,xmm0 + movdqa xmm3,[96+esp] + pcmpgtd xmm0,xmm1 + and eax,-16 + mov ebp,edx + mov ebx,ecx + sub eax,96 + jc NEAR L$047xts_enc_short + shl ecx,4 + mov ebx,16 + sub ebx,ecx + lea edx,[32+ecx*1+edx] + jmp NEAR L$048xts_enc_loop6 +align 16 +L$048xts_enc_loop6: + pshufd xmm2,xmm0,19 + pxor xmm0,xmm0 + movdqa [esp],xmm1 + paddq xmm1,xmm1 + pand xmm2,xmm3 + pcmpgtd xmm0,xmm1 + pxor xmm1,xmm2 + pshufd xmm2,xmm0,19 + pxor xmm0,xmm0 + movdqa [16+esp],xmm1 + paddq xmm1,xmm1 + pand xmm2,xmm3 + pcmpgtd xmm0,xmm1 + pxor xmm1,xmm2 + pshufd xmm2,xmm0,19 + pxor xmm0,xmm0 + movdqa [32+esp],xmm1 + paddq xmm1,xmm1 + pand xmm2,xmm3 + pcmpgtd xmm0,xmm1 + pxor xmm1,xmm2 + pshufd xmm2,xmm0,19 + pxor xmm0,xmm0 + movdqa [48+esp],xmm1 + paddq xmm1,xmm1 + pand xmm2,xmm3 + pcmpgtd xmm0,xmm1 + pxor xmm1,xmm2 + pshufd xmm7,xmm0,19 + movdqa [64+esp],xmm1 + paddq xmm1,xmm1 + movups xmm0,[ebp] + pand xmm7,xmm3 + movups xmm2,[esi] + pxor xmm7,xmm1 + mov ecx,ebx + movdqu xmm3,[16+esi] + xorps xmm2,xmm0 + movdqu xmm4,[32+esi] + pxor xmm3,xmm0 + movdqu xmm5,[48+esi] + pxor xmm4,xmm0 + movdqu xmm6,[64+esi] + pxor xmm5,xmm0 + movdqu xmm1,[80+esi] + pxor xmm6,xmm0 + lea esi,[96+esi] + pxor xmm2,[esp] + movdqa [80+esp],xmm7 + pxor xmm7,xmm1 + movups xmm1,[16+ebp] + pxor xmm3,[16+esp] + pxor xmm4,[32+esp] +db 102,15,56,220,209 + pxor xmm5,[48+esp] + pxor xmm6,[64+esp] +db 102,15,56,220,217 + pxor xmm7,xmm0 + movups xmm0,[32+ebp] +db 102,15,56,220,225 +db 102,15,56,220,233 +db 102,15,56,220,241 +db 102,15,56,220,249 + call L$_aesni_encrypt6_enter + movdqa xmm1,[80+esp] + pxor xmm0,xmm0 + xorps xmm2,[esp] + pcmpgtd xmm0,xmm1 + xorps xmm3,[16+esp] + movups [edi],xmm2 + xorps xmm4,[32+esp] + movups [16+edi],xmm3 + xorps xmm5,[48+esp] + movups [32+edi],xmm4 + xorps xmm6,[64+esp] + movups [48+edi],xmm5 + xorps xmm7,xmm1 + movups [64+edi],xmm6 + pshufd xmm2,xmm0,19 + movups [80+edi],xmm7 + lea edi,[96+edi] + movdqa xmm3,[96+esp] + pxor xmm0,xmm0 + paddq xmm1,xmm1 + pand xmm2,xmm3 + pcmpgtd xmm0,xmm1 + pxor xmm1,xmm2 + sub eax,96 + jnc NEAR L$048xts_enc_loop6 + mov ecx,DWORD [240+ebp] + mov edx,ebp + mov ebx,ecx +L$047xts_enc_short: + add eax,96 + jz NEAR L$049xts_enc_done6x + movdqa xmm5,xmm1 + cmp eax,32 + jb NEAR L$050xts_enc_one + pshufd xmm2,xmm0,19 + pxor xmm0,xmm0 + paddq xmm1,xmm1 + pand xmm2,xmm3 + pcmpgtd xmm0,xmm1 + pxor xmm1,xmm2 + je NEAR L$051xts_enc_two + pshufd xmm2,xmm0,19 + pxor xmm0,xmm0 + movdqa xmm6,xmm1 + paddq xmm1,xmm1 + pand xmm2,xmm3 + pcmpgtd xmm0,xmm1 + pxor xmm1,xmm2 + cmp eax,64 + jb NEAR L$052xts_enc_three + pshufd xmm2,xmm0,19 + pxor xmm0,xmm0 + movdqa xmm7,xmm1 + paddq xmm1,xmm1 + pand xmm2,xmm3 + pcmpgtd xmm0,xmm1 + pxor xmm1,xmm2 + movdqa [esp],xmm5 + movdqa [16+esp],xmm6 + je NEAR L$053xts_enc_four + movdqa [32+esp],xmm7 + pshufd xmm7,xmm0,19 + movdqa [48+esp],xmm1 + paddq xmm1,xmm1 + pand xmm7,xmm3 + pxor xmm7,xmm1 + movdqu xmm2,[esi] + movdqu xmm3,[16+esi] + movdqu xmm4,[32+esi] + pxor xmm2,[esp] + movdqu xmm5,[48+esi] + pxor xmm3,[16+esp] + movdqu xmm6,[64+esi] + pxor xmm4,[32+esp] + lea esi,[80+esi] + pxor xmm5,[48+esp] + movdqa [64+esp],xmm7 + pxor xmm6,xmm7 + call __aesni_encrypt6 + movaps xmm1,[64+esp] + xorps xmm2,[esp] + xorps xmm3,[16+esp] + xorps xmm4,[32+esp] + movups [edi],xmm2 + xorps xmm5,[48+esp] + movups [16+edi],xmm3 + xorps xmm6,xmm1 + movups [32+edi],xmm4 + movups [48+edi],xmm5 + movups [64+edi],xmm6 + lea edi,[80+edi] + jmp NEAR L$054xts_enc_done +align 16 +L$050xts_enc_one: + movups xmm2,[esi] + lea esi,[16+esi] + xorps xmm2,xmm5 + movups xmm0,[edx] + movups xmm1,[16+edx] + lea edx,[32+edx] + xorps xmm2,xmm0 +L$055enc1_loop_9: +db 102,15,56,220,209 + dec ecx + movups xmm1,[edx] + lea edx,[16+edx] + jnz NEAR L$055enc1_loop_9 +db 102,15,56,221,209 + xorps xmm2,xmm5 + movups [edi],xmm2 + lea edi,[16+edi] + movdqa xmm1,xmm5 + jmp NEAR L$054xts_enc_done +align 16 +L$051xts_enc_two: + movaps xmm6,xmm1 + movups xmm2,[esi] + movups xmm3,[16+esi] + lea esi,[32+esi] + xorps xmm2,xmm5 + xorps xmm3,xmm6 + call __aesni_encrypt2 + xorps xmm2,xmm5 + xorps xmm3,xmm6 + movups [edi],xmm2 + movups [16+edi],xmm3 + lea edi,[32+edi] + movdqa xmm1,xmm6 + jmp NEAR L$054xts_enc_done +align 16 +L$052xts_enc_three: + movaps xmm7,xmm1 + movups xmm2,[esi] + movups xmm3,[16+esi] + movups xmm4,[32+esi] + lea esi,[48+esi] + xorps xmm2,xmm5 + xorps xmm3,xmm6 + xorps xmm4,xmm7 + call __aesni_encrypt3 + xorps xmm2,xmm5 + xorps xmm3,xmm6 + xorps xmm4,xmm7 + movups [edi],xmm2 + movups [16+edi],xmm3 + movups [32+edi],xmm4 + lea edi,[48+edi] + movdqa xmm1,xmm7 + jmp NEAR L$054xts_enc_done +align 16 +L$053xts_enc_four: + movaps xmm6,xmm1 + movups xmm2,[esi] + movups xmm3,[16+esi] + movups xmm4,[32+esi] + xorps xmm2,[esp] + movups xmm5,[48+esi] + lea esi,[64+esi] + xorps xmm3,[16+esp] + xorps xmm4,xmm7 + xorps xmm5,xmm6 + call __aesni_encrypt4 + xorps xmm2,[esp] + xorps xmm3,[16+esp] + xorps xmm4,xmm7 + movups [edi],xmm2 + xorps xmm5,xmm6 + movups [16+edi],xmm3 + movups [32+edi],xmm4 + movups [48+edi],xmm5 + lea edi,[64+edi] + movdqa xmm1,xmm6 + jmp NEAR L$054xts_enc_done +align 16 +L$049xts_enc_done6x: + mov eax,DWORD [112+esp] + and eax,15 + jz NEAR L$056xts_enc_ret + movdqa xmm5,xmm1 + mov DWORD [112+esp],eax + jmp NEAR L$057xts_enc_steal +align 16 +L$054xts_enc_done: + mov eax,DWORD [112+esp] + pxor xmm0,xmm0 + and eax,15 + jz NEAR L$056xts_enc_ret + pcmpgtd xmm0,xmm1 + mov DWORD [112+esp],eax + pshufd xmm5,xmm0,19 + paddq xmm1,xmm1 + pand xmm5,[96+esp] + pxor xmm5,xmm1 +L$057xts_enc_steal: + movzx ecx,BYTE [esi] + movzx edx,BYTE [edi-16] + lea esi,[1+esi] + mov BYTE [edi-16],cl + mov BYTE [edi],dl + lea edi,[1+edi] + sub eax,1 + jnz NEAR L$057xts_enc_steal + sub edi,DWORD [112+esp] + mov edx,ebp + mov ecx,ebx + movups xmm2,[edi-16] + xorps xmm2,xmm5 + movups xmm0,[edx] + movups xmm1,[16+edx] + lea edx,[32+edx] + xorps xmm2,xmm0 +L$058enc1_loop_10: +db 102,15,56,220,209 + dec ecx + movups xmm1,[edx] + lea edx,[16+edx] + jnz NEAR L$058enc1_loop_10 +db 102,15,56,221,209 + xorps xmm2,xmm5 + movups [edi-16],xmm2 +L$056xts_enc_ret: + pxor xmm0,xmm0 + pxor xmm1,xmm1 + pxor xmm2,xmm2 + movdqa [esp],xmm0 + pxor xmm3,xmm3 + movdqa [16+esp],xmm0 + pxor xmm4,xmm4 + movdqa [32+esp],xmm0 + pxor xmm5,xmm5 + movdqa [48+esp],xmm0 + pxor xmm6,xmm6 + movdqa [64+esp],xmm0 + pxor xmm7,xmm7 + movdqa [80+esp],xmm0 + mov esp,DWORD [116+esp] + pop edi + pop esi + pop ebx + pop ebp + ret +global _aesni_xts_decrypt +align 16 +_aesni_xts_decrypt: +L$_aesni_xts_decrypt_begin: + push ebp + push ebx + push esi + push edi + mov edx,DWORD [36+esp] + mov esi,DWORD [40+esp] + mov ecx,DWORD [240+edx] + movups xmm2,[esi] + movups xmm0,[edx] + movups xmm1,[16+edx] + lea edx,[32+edx] + xorps xmm2,xmm0 +L$059enc1_loop_11: +db 102,15,56,220,209 + dec ecx + movups xmm1,[edx] + lea edx,[16+edx] + jnz NEAR L$059enc1_loop_11 +db 102,15,56,221,209 + mov esi,DWORD [20+esp] + mov edi,DWORD [24+esp] + mov eax,DWORD [28+esp] + mov edx,DWORD [32+esp] + mov ebp,esp + sub esp,120 + and esp,-16 + xor ebx,ebx + test eax,15 + setnz bl + shl ebx,4 + sub eax,ebx + mov DWORD [96+esp],135 + mov DWORD [100+esp],0 + mov DWORD [104+esp],1 + mov DWORD [108+esp],0 + mov DWORD [112+esp],eax + mov DWORD [116+esp],ebp + mov ecx,DWORD [240+edx] + mov ebp,edx + mov ebx,ecx + movdqa xmm1,xmm2 + pxor xmm0,xmm0 + movdqa xmm3,[96+esp] + pcmpgtd xmm0,xmm1 + and eax,-16 + sub eax,96 + jc NEAR L$060xts_dec_short + shl ecx,4 + mov ebx,16 + sub ebx,ecx + lea edx,[32+ecx*1+edx] + jmp NEAR L$061xts_dec_loop6 +align 16 +L$061xts_dec_loop6: + pshufd xmm2,xmm0,19 + pxor xmm0,xmm0 + movdqa [esp],xmm1 + paddq xmm1,xmm1 + pand xmm2,xmm3 + pcmpgtd xmm0,xmm1 + pxor xmm1,xmm2 + pshufd xmm2,xmm0,19 + pxor xmm0,xmm0 + movdqa [16+esp],xmm1 + paddq xmm1,xmm1 + pand xmm2,xmm3 + pcmpgtd xmm0,xmm1 + pxor xmm1,xmm2 + pshufd xmm2,xmm0,19 + pxor xmm0,xmm0 + movdqa [32+esp],xmm1 + paddq xmm1,xmm1 + pand xmm2,xmm3 + pcmpgtd xmm0,xmm1 + pxor xmm1,xmm2 + pshufd xmm2,xmm0,19 + pxor xmm0,xmm0 + movdqa [48+esp],xmm1 + paddq xmm1,xmm1 + pand xmm2,xmm3 + pcmpgtd xmm0,xmm1 + pxor xmm1,xmm2 + pshufd xmm7,xmm0,19 + movdqa [64+esp],xmm1 + paddq xmm1,xmm1 + movups xmm0,[ebp] + pand xmm7,xmm3 + movups xmm2,[esi] + pxor xmm7,xmm1 + mov ecx,ebx + movdqu xmm3,[16+esi] + xorps xmm2,xmm0 + movdqu xmm4,[32+esi] + pxor xmm3,xmm0 + movdqu xmm5,[48+esi] + pxor xmm4,xmm0 + movdqu xmm6,[64+esi] + pxor xmm5,xmm0 + movdqu xmm1,[80+esi] + pxor xmm6,xmm0 + lea esi,[96+esi] + pxor xmm2,[esp] + movdqa [80+esp],xmm7 + pxor xmm7,xmm1 + movups xmm1,[16+ebp] + pxor xmm3,[16+esp] + pxor xmm4,[32+esp] +db 102,15,56,222,209 + pxor xmm5,[48+esp] + pxor xmm6,[64+esp] +db 102,15,56,222,217 + pxor xmm7,xmm0 + movups xmm0,[32+ebp] +db 102,15,56,222,225 +db 102,15,56,222,233 +db 102,15,56,222,241 +db 102,15,56,222,249 + call L$_aesni_decrypt6_enter + movdqa xmm1,[80+esp] + pxor xmm0,xmm0 + xorps xmm2,[esp] + pcmpgtd xmm0,xmm1 + xorps xmm3,[16+esp] + movups [edi],xmm2 + xorps xmm4,[32+esp] + movups [16+edi],xmm3 + xorps xmm5,[48+esp] + movups [32+edi],xmm4 + xorps xmm6,[64+esp] + movups [48+edi],xmm5 + xorps xmm7,xmm1 + movups [64+edi],xmm6 + pshufd xmm2,xmm0,19 + movups [80+edi],xmm7 + lea edi,[96+edi] + movdqa xmm3,[96+esp] + pxor xmm0,xmm0 + paddq xmm1,xmm1 + pand xmm2,xmm3 + pcmpgtd xmm0,xmm1 + pxor xmm1,xmm2 + sub eax,96 + jnc NEAR L$061xts_dec_loop6 + mov ecx,DWORD [240+ebp] + mov edx,ebp + mov ebx,ecx +L$060xts_dec_short: + add eax,96 + jz NEAR L$062xts_dec_done6x + movdqa xmm5,xmm1 + cmp eax,32 + jb NEAR L$063xts_dec_one + pshufd xmm2,xmm0,19 + pxor xmm0,xmm0 + paddq xmm1,xmm1 + pand xmm2,xmm3 + pcmpgtd xmm0,xmm1 + pxor xmm1,xmm2 + je NEAR L$064xts_dec_two + pshufd xmm2,xmm0,19 + pxor xmm0,xmm0 + movdqa xmm6,xmm1 + paddq xmm1,xmm1 + pand xmm2,xmm3 + pcmpgtd xmm0,xmm1 + pxor xmm1,xmm2 + cmp eax,64 + jb NEAR L$065xts_dec_three + pshufd xmm2,xmm0,19 + pxor xmm0,xmm0 + movdqa xmm7,xmm1 + paddq xmm1,xmm1 + pand xmm2,xmm3 + pcmpgtd xmm0,xmm1 + pxor xmm1,xmm2 + movdqa [esp],xmm5 + movdqa [16+esp],xmm6 + je NEAR L$066xts_dec_four + movdqa [32+esp],xmm7 + pshufd xmm7,xmm0,19 + movdqa [48+esp],xmm1 + paddq xmm1,xmm1 + pand xmm7,xmm3 + pxor xmm7,xmm1 + movdqu xmm2,[esi] + movdqu xmm3,[16+esi] + movdqu xmm4,[32+esi] + pxor xmm2,[esp] + movdqu xmm5,[48+esi] + pxor xmm3,[16+esp] + movdqu xmm6,[64+esi] + pxor xmm4,[32+esp] + lea esi,[80+esi] + pxor xmm5,[48+esp] + movdqa [64+esp],xmm7 + pxor xmm6,xmm7 + call __aesni_decrypt6 + movaps xmm1,[64+esp] + xorps xmm2,[esp] + xorps xmm3,[16+esp] + xorps xmm4,[32+esp] + movups [edi],xmm2 + xorps xmm5,[48+esp] + movups [16+edi],xmm3 + xorps xmm6,xmm1 + movups [32+edi],xmm4 + movups [48+edi],xmm5 + movups [64+edi],xmm6 + lea edi,[80+edi] + jmp NEAR L$067xts_dec_done +align 16 +L$063xts_dec_one: + movups xmm2,[esi] + lea esi,[16+esi] + xorps xmm2,xmm5 + movups xmm0,[edx] + movups xmm1,[16+edx] + lea edx,[32+edx] + xorps xmm2,xmm0 +L$068dec1_loop_12: +db 102,15,56,222,209 + dec ecx + movups xmm1,[edx] + lea edx,[16+edx] + jnz NEAR L$068dec1_loop_12 +db 102,15,56,223,209 + xorps xmm2,xmm5 + movups [edi],xmm2 + lea edi,[16+edi] + movdqa xmm1,xmm5 + jmp NEAR L$067xts_dec_done +align 16 +L$064xts_dec_two: + movaps xmm6,xmm1 + movups xmm2,[esi] + movups xmm3,[16+esi] + lea esi,[32+esi] + xorps xmm2,xmm5 + xorps xmm3,xmm6 + call __aesni_decrypt2 + xorps xmm2,xmm5 + xorps xmm3,xmm6 + movups [edi],xmm2 + movups [16+edi],xmm3 + lea edi,[32+edi] + movdqa xmm1,xmm6 + jmp NEAR L$067xts_dec_done +align 16 +L$065xts_dec_three: + movaps xmm7,xmm1 + movups xmm2,[esi] + movups xmm3,[16+esi] + movups xmm4,[32+esi] + lea esi,[48+esi] + xorps xmm2,xmm5 + xorps xmm3,xmm6 + xorps xmm4,xmm7 + call __aesni_decrypt3 + xorps xmm2,xmm5 + xorps xmm3,xmm6 + xorps xmm4,xmm7 + movups [edi],xmm2 + movups [16+edi],xmm3 + movups [32+edi],xmm4 + lea edi,[48+edi] + movdqa xmm1,xmm7 + jmp NEAR L$067xts_dec_done +align 16 +L$066xts_dec_four: + movaps xmm6,xmm1 + movups xmm2,[esi] + movups xmm3,[16+esi] + movups xmm4,[32+esi] + xorps xmm2,[esp] + movups xmm5,[48+esi] + lea esi,[64+esi] + xorps xmm3,[16+esp] + xorps xmm4,xmm7 + xorps xmm5,xmm6 + call __aesni_decrypt4 + xorps xmm2,[esp] + xorps xmm3,[16+esp] + xorps xmm4,xmm7 + movups [edi],xmm2 + xorps xmm5,xmm6 + movups [16+edi],xmm3 + movups [32+edi],xmm4 + movups [48+edi],xmm5 + lea edi,[64+edi] + movdqa xmm1,xmm6 + jmp NEAR L$067xts_dec_done +align 16 +L$062xts_dec_done6x: + mov eax,DWORD [112+esp] + and eax,15 + jz NEAR L$069xts_dec_ret + mov DWORD [112+esp],eax + jmp NEAR L$070xts_dec_only_one_more +align 16 +L$067xts_dec_done: + mov eax,DWORD [112+esp] + pxor xmm0,xmm0 + and eax,15 + jz NEAR L$069xts_dec_ret + pcmpgtd xmm0,xmm1 + mov DWORD [112+esp],eax + pshufd xmm2,xmm0,19 + pxor xmm0,xmm0 + movdqa xmm3,[96+esp] + paddq xmm1,xmm1 + pand xmm2,xmm3 + pcmpgtd xmm0,xmm1 + pxor xmm1,xmm2 +L$070xts_dec_only_one_more: + pshufd xmm5,xmm0,19 + movdqa xmm6,xmm1 + paddq xmm1,xmm1 + pand xmm5,xmm3 + pxor xmm5,xmm1 + mov edx,ebp + mov ecx,ebx + movups xmm2,[esi] + xorps xmm2,xmm5 + movups xmm0,[edx] + movups xmm1,[16+edx] + lea edx,[32+edx] + xorps xmm2,xmm0 +L$071dec1_loop_13: +db 102,15,56,222,209 + dec ecx + movups xmm1,[edx] + lea edx,[16+edx] + jnz NEAR L$071dec1_loop_13 +db 102,15,56,223,209 + xorps xmm2,xmm5 + movups [edi],xmm2 +L$072xts_dec_steal: + movzx ecx,BYTE [16+esi] + movzx edx,BYTE [edi] + lea esi,[1+esi] + mov BYTE [edi],cl + mov BYTE [16+edi],dl + lea edi,[1+edi] + sub eax,1 + jnz NEAR L$072xts_dec_steal + sub edi,DWORD [112+esp] + mov edx,ebp + mov ecx,ebx + movups xmm2,[edi] + xorps xmm2,xmm6 + movups xmm0,[edx] + movups xmm1,[16+edx] + lea edx,[32+edx] + xorps xmm2,xmm0 +L$073dec1_loop_14: +db 102,15,56,222,209 + dec ecx + movups xmm1,[edx] + lea edx,[16+edx] + jnz NEAR L$073dec1_loop_14 +db 102,15,56,223,209 + xorps xmm2,xmm6 + movups [edi],xmm2 +L$069xts_dec_ret: + pxor xmm0,xmm0 + pxor xmm1,xmm1 + pxor xmm2,xmm2 + movdqa [esp],xmm0 + pxor xmm3,xmm3 + movdqa [16+esp],xmm0 + pxor xmm4,xmm4 + movdqa [32+esp],xmm0 + pxor xmm5,xmm5 + movdqa [48+esp],xmm0 + pxor xmm6,xmm6 + movdqa [64+esp],xmm0 + pxor xmm7,xmm7 + movdqa [80+esp],xmm0 + mov esp,DWORD [116+esp] + pop edi + pop esi + pop ebx + pop ebp + ret +global _aesni_cbc_encrypt +align 16 +_aesni_cbc_encrypt: +L$_aesni_cbc_encrypt_begin: + push ebp + push ebx + push esi + push edi + mov esi,DWORD [20+esp] + mov ebx,esp + mov edi,DWORD [24+esp] + sub ebx,24 + mov eax,DWORD [28+esp] + and ebx,-16 + mov edx,DWORD [32+esp] + mov ebp,DWORD [36+esp] + test eax,eax + jz NEAR L$074cbc_abort + cmp DWORD [40+esp],0 + xchg ebx,esp + movups xmm7,[ebp] + mov ecx,DWORD [240+edx] + mov ebp,edx + mov DWORD [16+esp],ebx + mov ebx,ecx + je NEAR L$075cbc_decrypt + movaps xmm2,xmm7 + cmp eax,16 + jb NEAR L$076cbc_enc_tail + sub eax,16 + jmp NEAR L$077cbc_enc_loop +align 16 +L$077cbc_enc_loop: + movups xmm7,[esi] + lea esi,[16+esi] + movups xmm0,[edx] + movups xmm1,[16+edx] + xorps xmm7,xmm0 + lea edx,[32+edx] + xorps xmm2,xmm7 +L$078enc1_loop_15: +db 102,15,56,220,209 + dec ecx + movups xmm1,[edx] + lea edx,[16+edx] + jnz NEAR L$078enc1_loop_15 +db 102,15,56,221,209 + mov ecx,ebx + mov edx,ebp + movups [edi],xmm2 + lea edi,[16+edi] + sub eax,16 + jnc NEAR L$077cbc_enc_loop + add eax,16 + jnz NEAR L$076cbc_enc_tail + movaps xmm7,xmm2 + pxor xmm2,xmm2 + jmp NEAR L$079cbc_ret +L$076cbc_enc_tail: + mov ecx,eax +dd 2767451785 + mov ecx,16 + sub ecx,eax + xor eax,eax +dd 2868115081 + lea edi,[edi-16] + mov ecx,ebx + mov esi,edi + mov edx,ebp + jmp NEAR L$077cbc_enc_loop +align 16 +L$075cbc_decrypt: + cmp eax,80 + jbe NEAR L$080cbc_dec_tail + movaps [esp],xmm7 + sub eax,80 + jmp NEAR L$081cbc_dec_loop6_enter +align 16 +L$082cbc_dec_loop6: + movaps [esp],xmm0 + movups [edi],xmm7 + lea edi,[16+edi] +L$081cbc_dec_loop6_enter: + movdqu xmm2,[esi] + movdqu xmm3,[16+esi] + movdqu xmm4,[32+esi] + movdqu xmm5,[48+esi] + movdqu xmm6,[64+esi] + movdqu xmm7,[80+esi] + call __aesni_decrypt6 + movups xmm1,[esi] + movups xmm0,[16+esi] + xorps xmm2,[esp] + xorps xmm3,xmm1 + movups xmm1,[32+esi] + xorps xmm4,xmm0 + movups xmm0,[48+esi] + xorps xmm5,xmm1 + movups xmm1,[64+esi] + xorps xmm6,xmm0 + movups xmm0,[80+esi] + xorps xmm7,xmm1 + movups [edi],xmm2 + movups [16+edi],xmm3 + lea esi,[96+esi] + movups [32+edi],xmm4 + mov ecx,ebx + movups [48+edi],xmm5 + mov edx,ebp + movups [64+edi],xmm6 + lea edi,[80+edi] + sub eax,96 + ja NEAR L$082cbc_dec_loop6 + movaps xmm2,xmm7 + movaps xmm7,xmm0 + add eax,80 + jle NEAR L$083cbc_dec_clear_tail_collected + movups [edi],xmm2 + lea edi,[16+edi] +L$080cbc_dec_tail: + movups xmm2,[esi] + movaps xmm6,xmm2 + cmp eax,16 + jbe NEAR L$084cbc_dec_one + movups xmm3,[16+esi] + movaps xmm5,xmm3 + cmp eax,32 + jbe NEAR L$085cbc_dec_two + movups xmm4,[32+esi] + cmp eax,48 + jbe NEAR L$086cbc_dec_three + movups xmm5,[48+esi] + cmp eax,64 + jbe NEAR L$087cbc_dec_four + movups xmm6,[64+esi] + movaps [esp],xmm7 + movups xmm2,[esi] + xorps xmm7,xmm7 + call __aesni_decrypt6 + movups xmm1,[esi] + movups xmm0,[16+esi] + xorps xmm2,[esp] + xorps xmm3,xmm1 + movups xmm1,[32+esi] + xorps xmm4,xmm0 + movups xmm0,[48+esi] + xorps xmm5,xmm1 + movups xmm7,[64+esi] + xorps xmm6,xmm0 + movups [edi],xmm2 + movups [16+edi],xmm3 + pxor xmm3,xmm3 + movups [32+edi],xmm4 + pxor xmm4,xmm4 + movups [48+edi],xmm5 + pxor xmm5,xmm5 + lea edi,[64+edi] + movaps xmm2,xmm6 + pxor xmm6,xmm6 + sub eax,80 + jmp NEAR L$088cbc_dec_tail_collected +align 16 +L$084cbc_dec_one: + movups xmm0,[edx] + movups xmm1,[16+edx] + lea edx,[32+edx] + xorps xmm2,xmm0 +L$089dec1_loop_16: +db 102,15,56,222,209 + dec ecx + movups xmm1,[edx] + lea edx,[16+edx] + jnz NEAR L$089dec1_loop_16 +db 102,15,56,223,209 + xorps xmm2,xmm7 + movaps xmm7,xmm6 + sub eax,16 + jmp NEAR L$088cbc_dec_tail_collected +align 16 +L$085cbc_dec_two: + call __aesni_decrypt2 + xorps xmm2,xmm7 + xorps xmm3,xmm6 + movups [edi],xmm2 + movaps xmm2,xmm3 + pxor xmm3,xmm3 + lea edi,[16+edi] + movaps xmm7,xmm5 + sub eax,32 + jmp NEAR L$088cbc_dec_tail_collected +align 16 +L$086cbc_dec_three: + call __aesni_decrypt3 + xorps xmm2,xmm7 + xorps xmm3,xmm6 + xorps xmm4,xmm5 + movups [edi],xmm2 + movaps xmm2,xmm4 + pxor xmm4,xmm4 + movups [16+edi],xmm3 + pxor xmm3,xmm3 + lea edi,[32+edi] + movups xmm7,[32+esi] + sub eax,48 + jmp NEAR L$088cbc_dec_tail_collected +align 16 +L$087cbc_dec_four: + call __aesni_decrypt4 + movups xmm1,[16+esi] + movups xmm0,[32+esi] + xorps xmm2,xmm7 + movups xmm7,[48+esi] + xorps xmm3,xmm6 + movups [edi],xmm2 + xorps xmm4,xmm1 + movups [16+edi],xmm3 + pxor xmm3,xmm3 + xorps xmm5,xmm0 + movups [32+edi],xmm4 + pxor xmm4,xmm4 + lea edi,[48+edi] + movaps xmm2,xmm5 + pxor xmm5,xmm5 + sub eax,64 + jmp NEAR L$088cbc_dec_tail_collected +align 16 +L$083cbc_dec_clear_tail_collected: + pxor xmm3,xmm3 + pxor xmm4,xmm4 + pxor xmm5,xmm5 + pxor xmm6,xmm6 +L$088cbc_dec_tail_collected: + and eax,15 + jnz NEAR L$090cbc_dec_tail_partial + movups [edi],xmm2 + pxor xmm0,xmm0 + jmp NEAR L$079cbc_ret +align 16 +L$090cbc_dec_tail_partial: + movaps [esp],xmm2 + pxor xmm0,xmm0 + mov ecx,16 + mov esi,esp + sub ecx,eax +dd 2767451785 + movdqa [esp],xmm2 +L$079cbc_ret: + mov esp,DWORD [16+esp] + mov ebp,DWORD [36+esp] + pxor xmm2,xmm2 + pxor xmm1,xmm1 + movups [ebp],xmm7 + pxor xmm7,xmm7 +L$074cbc_abort: + pop edi + pop esi + pop ebx + pop ebp + ret +align 16 +__aesni_set_encrypt_key: + push ebp + push ebx + test eax,eax + jz NEAR L$091bad_pointer + test edx,edx + jz NEAR L$091bad_pointer + call L$092pic +L$092pic: + pop ebx + lea ebx,[(L$key_const-L$092pic)+ebx] + lea ebp,[_OPENSSL_ia32cap_P] + movups xmm0,[eax] + xorps xmm4,xmm4 + mov ebp,DWORD [4+ebp] + lea edx,[16+edx] + and ebp,268437504 + cmp ecx,256 + je NEAR L$09314rounds + cmp ecx,192 + je NEAR L$09412rounds + cmp ecx,128 + jne NEAR L$095bad_keybits +align 16 +L$09610rounds: + cmp ebp,268435456 + je NEAR L$09710rounds_alt + mov ecx,9 + movups [edx-16],xmm0 +db 102,15,58,223,200,1 + call L$098key_128_cold +db 102,15,58,223,200,2 + call L$099key_128 +db 102,15,58,223,200,4 + call L$099key_128 +db 102,15,58,223,200,8 + call L$099key_128 +db 102,15,58,223,200,16 + call L$099key_128 +db 102,15,58,223,200,32 + call L$099key_128 +db 102,15,58,223,200,64 + call L$099key_128 +db 102,15,58,223,200,128 + call L$099key_128 +db 102,15,58,223,200,27 + call L$099key_128 +db 102,15,58,223,200,54 + call L$099key_128 + movups [edx],xmm0 + mov DWORD [80+edx],ecx + jmp NEAR L$100good_key +align 16 +L$099key_128: + movups [edx],xmm0 + lea edx,[16+edx] +L$098key_128_cold: + shufps xmm4,xmm0,16 + xorps xmm0,xmm4 + shufps xmm4,xmm0,140 + xorps xmm0,xmm4 + shufps xmm1,xmm1,255 + xorps xmm0,xmm1 + ret +align 16 +L$09710rounds_alt: + movdqa xmm5,[ebx] + mov ecx,8 + movdqa xmm4,[32+ebx] + movdqa xmm2,xmm0 + movdqu [edx-16],xmm0 +L$101loop_key128: +db 102,15,56,0,197 +db 102,15,56,221,196 + pslld xmm4,1 + lea edx,[16+edx] + movdqa xmm3,xmm2 + pslldq xmm2,4 + pxor xmm3,xmm2 + pslldq xmm2,4 + pxor xmm3,xmm2 + pslldq xmm2,4 + pxor xmm2,xmm3 + pxor xmm0,xmm2 + movdqu [edx-16],xmm0 + movdqa xmm2,xmm0 + dec ecx + jnz NEAR L$101loop_key128 + movdqa xmm4,[48+ebx] +db 102,15,56,0,197 +db 102,15,56,221,196 + pslld xmm4,1 + movdqa xmm3,xmm2 + pslldq xmm2,4 + pxor xmm3,xmm2 + pslldq xmm2,4 + pxor xmm3,xmm2 + pslldq xmm2,4 + pxor xmm2,xmm3 + pxor xmm0,xmm2 + movdqu [edx],xmm0 + movdqa xmm2,xmm0 +db 102,15,56,0,197 +db 102,15,56,221,196 + movdqa xmm3,xmm2 + pslldq xmm2,4 + pxor xmm3,xmm2 + pslldq xmm2,4 + pxor xmm3,xmm2 + pslldq xmm2,4 + pxor xmm2,xmm3 + pxor xmm0,xmm2 + movdqu [16+edx],xmm0 + mov ecx,9 + mov DWORD [96+edx],ecx + jmp NEAR L$100good_key +align 16 +L$09412rounds: + movq xmm2,[16+eax] + cmp ebp,268435456 + je NEAR L$10212rounds_alt + mov ecx,11 + movups [edx-16],xmm0 +db 102,15,58,223,202,1 + call L$103key_192a_cold +db 102,15,58,223,202,2 + call L$104key_192b +db 102,15,58,223,202,4 + call L$105key_192a +db 102,15,58,223,202,8 + call L$104key_192b +db 102,15,58,223,202,16 + call L$105key_192a +db 102,15,58,223,202,32 + call L$104key_192b +db 102,15,58,223,202,64 + call L$105key_192a +db 102,15,58,223,202,128 + call L$104key_192b + movups [edx],xmm0 + mov DWORD [48+edx],ecx + jmp NEAR L$100good_key +align 16 +L$105key_192a: + movups [edx],xmm0 + lea edx,[16+edx] +align 16 +L$103key_192a_cold: + movaps xmm5,xmm2 +L$106key_192b_warm: + shufps xmm4,xmm0,16 + movdqa xmm3,xmm2 + xorps xmm0,xmm4 + shufps xmm4,xmm0,140 + pslldq xmm3,4 + xorps xmm0,xmm4 + pshufd xmm1,xmm1,85 + pxor xmm2,xmm3 + pxor xmm0,xmm1 + pshufd xmm3,xmm0,255 + pxor xmm2,xmm3 + ret +align 16 +L$104key_192b: + movaps xmm3,xmm0 + shufps xmm5,xmm0,68 + movups [edx],xmm5 + shufps xmm3,xmm2,78 + movups [16+edx],xmm3 + lea edx,[32+edx] + jmp NEAR L$106key_192b_warm +align 16 +L$10212rounds_alt: + movdqa xmm5,[16+ebx] + movdqa xmm4,[32+ebx] + mov ecx,8 + movdqu [edx-16],xmm0 +L$107loop_key192: + movq [edx],xmm2 + movdqa xmm1,xmm2 +db 102,15,56,0,213 +db 102,15,56,221,212 + pslld xmm4,1 + lea edx,[24+edx] + movdqa xmm3,xmm0 + pslldq xmm0,4 + pxor xmm3,xmm0 + pslldq xmm0,4 + pxor xmm3,xmm0 + pslldq xmm0,4 + pxor xmm0,xmm3 + pshufd xmm3,xmm0,255 + pxor xmm3,xmm1 + pslldq xmm1,4 + pxor xmm3,xmm1 + pxor xmm0,xmm2 + pxor xmm2,xmm3 + movdqu [edx-16],xmm0 + dec ecx + jnz NEAR L$107loop_key192 + mov ecx,11 + mov DWORD [32+edx],ecx + jmp NEAR L$100good_key +align 16 +L$09314rounds: + movups xmm2,[16+eax] + lea edx,[16+edx] + cmp ebp,268435456 + je NEAR L$10814rounds_alt + mov ecx,13 + movups [edx-32],xmm0 + movups [edx-16],xmm2 +db 102,15,58,223,202,1 + call L$109key_256a_cold +db 102,15,58,223,200,1 + call L$110key_256b +db 102,15,58,223,202,2 + call L$111key_256a +db 102,15,58,223,200,2 + call L$110key_256b +db 102,15,58,223,202,4 + call L$111key_256a +db 102,15,58,223,200,4 + call L$110key_256b +db 102,15,58,223,202,8 + call L$111key_256a +db 102,15,58,223,200,8 + call L$110key_256b +db 102,15,58,223,202,16 + call L$111key_256a +db 102,15,58,223,200,16 + call L$110key_256b +db 102,15,58,223,202,32 + call L$111key_256a +db 102,15,58,223,200,32 + call L$110key_256b +db 102,15,58,223,202,64 + call L$111key_256a + movups [edx],xmm0 + mov DWORD [16+edx],ecx + xor eax,eax + jmp NEAR L$100good_key +align 16 +L$111key_256a: + movups [edx],xmm2 + lea edx,[16+edx] +L$109key_256a_cold: + shufps xmm4,xmm0,16 + xorps xmm0,xmm4 + shufps xmm4,xmm0,140 + xorps xmm0,xmm4 + shufps xmm1,xmm1,255 + xorps xmm0,xmm1 + ret +align 16 +L$110key_256b: + movups [edx],xmm0 + lea edx,[16+edx] + shufps xmm4,xmm2,16 + xorps xmm2,xmm4 + shufps xmm4,xmm2,140 + xorps xmm2,xmm4 + shufps xmm1,xmm1,170 + xorps xmm2,xmm1 + ret +align 16 +L$10814rounds_alt: + movdqa xmm5,[ebx] + movdqa xmm4,[32+ebx] + mov ecx,7 + movdqu [edx-32],xmm0 + movdqa xmm1,xmm2 + movdqu [edx-16],xmm2 +L$112loop_key256: +db 102,15,56,0,213 +db 102,15,56,221,212 + movdqa xmm3,xmm0 + pslldq xmm0,4 + pxor xmm3,xmm0 + pslldq xmm0,4 + pxor xmm3,xmm0 + pslldq xmm0,4 + pxor xmm0,xmm3 + pslld xmm4,1 + pxor xmm0,xmm2 + movdqu [edx],xmm0 + dec ecx + jz NEAR L$113done_key256 + pshufd xmm2,xmm0,255 + pxor xmm3,xmm3 +db 102,15,56,221,211 + movdqa xmm3,xmm1 + pslldq xmm1,4 + pxor xmm3,xmm1 + pslldq xmm1,4 + pxor xmm3,xmm1 + pslldq xmm1,4 + pxor xmm1,xmm3 + pxor xmm2,xmm1 + movdqu [16+edx],xmm2 + lea edx,[32+edx] + movdqa xmm1,xmm2 + jmp NEAR L$112loop_key256 +L$113done_key256: + mov ecx,13 + mov DWORD [16+edx],ecx +L$100good_key: + pxor xmm0,xmm0 + pxor xmm1,xmm1 + pxor xmm2,xmm2 + pxor xmm3,xmm3 + pxor xmm4,xmm4 + pxor xmm5,xmm5 + xor eax,eax + pop ebx + pop ebp + ret +align 4 +L$091bad_pointer: + mov eax,-1 + pop ebx + pop ebp + ret +align 4 +L$095bad_keybits: + pxor xmm0,xmm0 + mov eax,-2 + pop ebx + pop ebp + ret +global _aesni_set_encrypt_key +align 16 +_aesni_set_encrypt_key: +L$_aesni_set_encrypt_key_begin: + mov eax,DWORD [4+esp] + mov ecx,DWORD [8+esp] + mov edx,DWORD [12+esp] + call __aesni_set_encrypt_key + ret +global _aesni_set_decrypt_key +align 16 +_aesni_set_decrypt_key: +L$_aesni_set_decrypt_key_begin: + mov eax,DWORD [4+esp] + mov ecx,DWORD [8+esp] + mov edx,DWORD [12+esp] + call __aesni_set_encrypt_key + mov edx,DWORD [12+esp] + shl ecx,4 + test eax,eax + jnz NEAR L$114dec_key_ret + lea eax,[16+ecx*1+edx] + movups xmm0,[edx] + movups xmm1,[eax] + movups [eax],xmm0 + movups [edx],xmm1 + lea edx,[16+edx] + lea eax,[eax-16] +L$115dec_key_inverse: + movups xmm0,[edx] + movups xmm1,[eax] +db 102,15,56,219,192 +db 102,15,56,219,201 + lea edx,[16+edx] + lea eax,[eax-16] + movups [16+eax],xmm0 + movups [edx-16],xmm1 + cmp eax,edx + ja NEAR L$115dec_key_inverse + movups xmm0,[edx] +db 102,15,56,219,192 + movups [edx],xmm0 + pxor xmm0,xmm0 + pxor xmm1,xmm1 + xor eax,eax +L$114dec_key_ret: + ret +align 64 +L$key_const: +dd 202313229,202313229,202313229,202313229 +dd 67569157,67569157,67569157,67569157 +dd 1,1,1,1 +dd 27,27,27,27 +db 65,69,83,32,102,111,114,32,73,110,116,101,108,32,65,69 +db 83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83 +db 32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115 +db 115,108,46,111,114,103,62,0 +segment .bss +common _OPENSSL_ia32cap_P 16 diff --git a/win-x86/crypto/aes/vpaes-x86.asm b/win-x86/crypto/aes/vpaes-x86.asm new file mode 100644 index 0000000..b08b056 --- /dev/null +++ b/win-x86/crypto/aes/vpaes-x86.asm @@ -0,0 +1,649 @@ +%ifidn __OUTPUT_FORMAT__,obj +section code use32 class=code align=64 +%elifidn __OUTPUT_FORMAT__,win32 +%ifdef __YASM_VERSION_ID__ +%if __YASM_VERSION_ID__ < 01010000h +%error yasm version 1.1.0 or later needed. +%endif +; Yasm automatically includes .00 and complains about redefining it. +; https://www.tortall.net/projects/yasm/manual/html/objfmt-win32-safeseh.html +%else +$@feat.00 equ 1 +%endif +section .text code align=64 +%else +section .text code +%endif +align 64 +L$_vpaes_consts: +dd 218628480,235210255,168496130,67568393 +dd 252381056,17041926,33884169,51187212 +dd 252645135,252645135,252645135,252645135 +dd 1512730624,3266504856,1377990664,3401244816 +dd 830229760,1275146365,2969422977,3447763452 +dd 3411033600,2979783055,338359620,2782886510 +dd 4209124096,907596821,221174255,1006095553 +dd 191964160,3799684038,3164090317,1589111125 +dd 182528256,1777043520,2877432650,3265356744 +dd 1874708224,3503451415,3305285752,363511674 +dd 1606117888,3487855781,1093350906,2384367825 +dd 197121,67569157,134941193,202313229 +dd 67569157,134941193,202313229,197121 +dd 134941193,202313229,197121,67569157 +dd 202313229,197121,67569157,134941193 +dd 33619971,100992007,168364043,235736079 +dd 235736079,33619971,100992007,168364043 +dd 168364043,235736079,33619971,100992007 +dd 100992007,168364043,235736079,33619971 +dd 50462976,117835012,185207048,252579084 +dd 252314880,51251460,117574920,184942860 +dd 184682752,252054788,50987272,118359308 +dd 118099200,185467140,251790600,50727180 +dd 2946363062,528716217,1300004225,1881839624 +dd 1532713819,1532713819,1532713819,1532713819 +dd 3602276352,4288629033,3737020424,4153884961 +dd 1354558464,32357713,2958822624,3775749553 +dd 1201988352,132424512,1572796698,503232858 +dd 2213177600,1597421020,4103937655,675398315 +dd 2749646592,4273543773,1511898873,121693092 +dd 3040248576,1103263732,2871565598,1608280554 +dd 2236667136,2588920351,482954393,64377734 +dd 3069987328,291237287,2117370568,3650299247 +dd 533321216,3573750986,2572112006,1401264716 +dd 1339849704,2721158661,548607111,3445553514 +dd 2128193280,3054596040,2183486460,1257083700 +dd 655635200,1165381986,3923443150,2344132524 +dd 190078720,256924420,290342170,357187870 +dd 1610966272,2263057382,4103205268,309794674 +dd 2592527872,2233205587,1335446729,3402964816 +dd 3973531904,3225098121,3002836325,1918774430 +dd 3870401024,2102906079,2284471353,4117666579 +dd 617007872,1021508343,366931923,691083277 +dd 2528395776,3491914898,2968704004,1613121270 +dd 3445188352,3247741094,844474987,4093578302 +dd 651481088,1190302358,1689581232,574775300 +dd 4289380608,206939853,2555985458,2489840491 +dd 2130264064,327674451,3566485037,3349835193 +dd 2470714624,316102159,3636825756,3393945945 +db 86,101,99,116,111,114,32,80,101,114,109,117,116,97,116,105 +db 111,110,32,65,69,83,32,102,111,114,32,120,56,54,47,83 +db 83,83,69,51,44,32,77,105,107,101,32,72,97,109,98,117 +db 114,103,32,40,83,116,97,110,102,111,114,100,32,85,110,105 +db 118,101,114,115,105,116,121,41,0 +align 64 +align 16 +__vpaes_preheat: + add ebp,DWORD [esp] + movdqa xmm7,[ebp-48] + movdqa xmm6,[ebp-16] + ret +align 16 +__vpaes_encrypt_core: + mov ecx,16 + mov eax,DWORD [240+edx] + movdqa xmm1,xmm6 + movdqa xmm2,[ebp] + pandn xmm1,xmm0 + pand xmm0,xmm6 + movdqu xmm5,[edx] +db 102,15,56,0,208 + movdqa xmm0,[16+ebp] + pxor xmm2,xmm5 + psrld xmm1,4 + add edx,16 +db 102,15,56,0,193 + lea ebx,[192+ebp] + pxor xmm0,xmm2 + jmp NEAR L$000enc_entry +align 16 +L$001enc_loop: + movdqa xmm4,[32+ebp] + movdqa xmm0,[48+ebp] +db 102,15,56,0,226 +db 102,15,56,0,195 + pxor xmm4,xmm5 + movdqa xmm5,[64+ebp] + pxor xmm0,xmm4 + movdqa xmm1,[ecx*1+ebx-64] +db 102,15,56,0,234 + movdqa xmm2,[80+ebp] + movdqa xmm4,[ecx*1+ebx] +db 102,15,56,0,211 + movdqa xmm3,xmm0 + pxor xmm2,xmm5 +db 102,15,56,0,193 + add edx,16 + pxor xmm0,xmm2 +db 102,15,56,0,220 + add ecx,16 + pxor xmm3,xmm0 +db 102,15,56,0,193 + and ecx,48 + sub eax,1 + pxor xmm0,xmm3 +L$000enc_entry: + movdqa xmm1,xmm6 + movdqa xmm5,[ebp-32] + pandn xmm1,xmm0 + psrld xmm1,4 + pand xmm0,xmm6 +db 102,15,56,0,232 + movdqa xmm3,xmm7 + pxor xmm0,xmm1 +db 102,15,56,0,217 + movdqa xmm4,xmm7 + pxor xmm3,xmm5 +db 102,15,56,0,224 + movdqa xmm2,xmm7 + pxor xmm4,xmm5 +db 102,15,56,0,211 + movdqa xmm3,xmm7 + pxor xmm2,xmm0 +db 102,15,56,0,220 + movdqu xmm5,[edx] + pxor xmm3,xmm1 + jnz NEAR L$001enc_loop + movdqa xmm4,[96+ebp] + movdqa xmm0,[112+ebp] +db 102,15,56,0,226 + pxor xmm4,xmm5 +db 102,15,56,0,195 + movdqa xmm1,[64+ecx*1+ebx] + pxor xmm0,xmm4 +db 102,15,56,0,193 + ret +align 16 +__vpaes_decrypt_core: + lea ebx,[608+ebp] + mov eax,DWORD [240+edx] + movdqa xmm1,xmm6 + movdqa xmm2,[ebx-64] + pandn xmm1,xmm0 + mov ecx,eax + psrld xmm1,4 + movdqu xmm5,[edx] + shl ecx,4 + pand xmm0,xmm6 +db 102,15,56,0,208 + movdqa xmm0,[ebx-48] + xor ecx,48 +db 102,15,56,0,193 + and ecx,48 + pxor xmm2,xmm5 + movdqa xmm5,[176+ebp] + pxor xmm0,xmm2 + add edx,16 + lea ecx,[ecx*1+ebx-352] + jmp NEAR L$002dec_entry +align 16 +L$003dec_loop: + movdqa xmm4,[ebx-32] + movdqa xmm1,[ebx-16] +db 102,15,56,0,226 +db 102,15,56,0,203 + pxor xmm0,xmm4 + movdqa xmm4,[ebx] + pxor xmm0,xmm1 + movdqa xmm1,[16+ebx] +db 102,15,56,0,226 +db 102,15,56,0,197 +db 102,15,56,0,203 + pxor xmm0,xmm4 + movdqa xmm4,[32+ebx] + pxor xmm0,xmm1 + movdqa xmm1,[48+ebx] +db 102,15,56,0,226 +db 102,15,56,0,197 +db 102,15,56,0,203 + pxor xmm0,xmm4 + movdqa xmm4,[64+ebx] + pxor xmm0,xmm1 + movdqa xmm1,[80+ebx] +db 102,15,56,0,226 +db 102,15,56,0,197 +db 102,15,56,0,203 + pxor xmm0,xmm4 + add edx,16 +db 102,15,58,15,237,12 + pxor xmm0,xmm1 + sub eax,1 +L$002dec_entry: + movdqa xmm1,xmm6 + movdqa xmm2,[ebp-32] + pandn xmm1,xmm0 + pand xmm0,xmm6 + psrld xmm1,4 +db 102,15,56,0,208 + movdqa xmm3,xmm7 + pxor xmm0,xmm1 +db 102,15,56,0,217 + movdqa xmm4,xmm7 + pxor xmm3,xmm2 +db 102,15,56,0,224 + pxor xmm4,xmm2 + movdqa xmm2,xmm7 +db 102,15,56,0,211 + movdqa xmm3,xmm7 + pxor xmm2,xmm0 +db 102,15,56,0,220 + movdqu xmm0,[edx] + pxor xmm3,xmm1 + jnz NEAR L$003dec_loop + movdqa xmm4,[96+ebx] +db 102,15,56,0,226 + pxor xmm4,xmm0 + movdqa xmm0,[112+ebx] + movdqa xmm2,[ecx] +db 102,15,56,0,195 + pxor xmm0,xmm4 +db 102,15,56,0,194 + ret +align 16 +__vpaes_schedule_core: + add ebp,DWORD [esp] + movdqu xmm0,[esi] + movdqa xmm2,[320+ebp] + movdqa xmm3,xmm0 + lea ebx,[ebp] + movdqa [4+esp],xmm2 + call __vpaes_schedule_transform + movdqa xmm7,xmm0 + test edi,edi + jnz NEAR L$004schedule_am_decrypting + movdqu [edx],xmm0 + jmp NEAR L$005schedule_go +L$004schedule_am_decrypting: + movdqa xmm1,[256+ecx*1+ebp] +db 102,15,56,0,217 + movdqu [edx],xmm3 + xor ecx,48 +L$005schedule_go: + cmp eax,192 + ja NEAR L$006schedule_256 + je NEAR L$007schedule_192 +L$008schedule_128: + mov eax,10 +L$009loop_schedule_128: + call __vpaes_schedule_round + dec eax + jz NEAR L$010schedule_mangle_last + call __vpaes_schedule_mangle + jmp NEAR L$009loop_schedule_128 +align 16 +L$007schedule_192: + movdqu xmm0,[8+esi] + call __vpaes_schedule_transform + movdqa xmm6,xmm0 + pxor xmm4,xmm4 + movhlps xmm6,xmm4 + mov eax,4 +L$011loop_schedule_192: + call __vpaes_schedule_round +db 102,15,58,15,198,8 + call __vpaes_schedule_mangle + call __vpaes_schedule_192_smear + call __vpaes_schedule_mangle + call __vpaes_schedule_round + dec eax + jz NEAR L$010schedule_mangle_last + call __vpaes_schedule_mangle + call __vpaes_schedule_192_smear + jmp NEAR L$011loop_schedule_192 +align 16 +L$006schedule_256: + movdqu xmm0,[16+esi] + call __vpaes_schedule_transform + mov eax,7 +L$012loop_schedule_256: + call __vpaes_schedule_mangle + movdqa xmm6,xmm0 + call __vpaes_schedule_round + dec eax + jz NEAR L$010schedule_mangle_last + call __vpaes_schedule_mangle + pshufd xmm0,xmm0,255 + movdqa [20+esp],xmm7 + movdqa xmm7,xmm6 + call L$_vpaes_schedule_low_round + movdqa xmm7,[20+esp] + jmp NEAR L$012loop_schedule_256 +align 16 +L$010schedule_mangle_last: + lea ebx,[384+ebp] + test edi,edi + jnz NEAR L$013schedule_mangle_last_dec + movdqa xmm1,[256+ecx*1+ebp] +db 102,15,56,0,193 + lea ebx,[352+ebp] + add edx,32 +L$013schedule_mangle_last_dec: + add edx,-16 + pxor xmm0,[336+ebp] + call __vpaes_schedule_transform + movdqu [edx],xmm0 + pxor xmm0,xmm0 + pxor xmm1,xmm1 + pxor xmm2,xmm2 + pxor xmm3,xmm3 + pxor xmm4,xmm4 + pxor xmm5,xmm5 + pxor xmm6,xmm6 + pxor xmm7,xmm7 + ret +align 16 +__vpaes_schedule_192_smear: + pshufd xmm1,xmm6,128 + pshufd xmm0,xmm7,254 + pxor xmm6,xmm1 + pxor xmm1,xmm1 + pxor xmm6,xmm0 + movdqa xmm0,xmm6 + movhlps xmm6,xmm1 + ret +align 16 +__vpaes_schedule_round: + movdqa xmm2,[8+esp] + pxor xmm1,xmm1 +db 102,15,58,15,202,15 +db 102,15,58,15,210,15 + pxor xmm7,xmm1 + pshufd xmm0,xmm0,255 +db 102,15,58,15,192,1 + movdqa [8+esp],xmm2 +L$_vpaes_schedule_low_round: + movdqa xmm1,xmm7 + pslldq xmm7,4 + pxor xmm7,xmm1 + movdqa xmm1,xmm7 + pslldq xmm7,8 + pxor xmm7,xmm1 + pxor xmm7,[336+ebp] + movdqa xmm4,[ebp-16] + movdqa xmm5,[ebp-48] + movdqa xmm1,xmm4 + pandn xmm1,xmm0 + psrld xmm1,4 + pand xmm0,xmm4 + movdqa xmm2,[ebp-32] +db 102,15,56,0,208 + pxor xmm0,xmm1 + movdqa xmm3,xmm5 +db 102,15,56,0,217 + pxor xmm3,xmm2 + movdqa xmm4,xmm5 +db 102,15,56,0,224 + pxor xmm4,xmm2 + movdqa xmm2,xmm5 +db 102,15,56,0,211 + pxor xmm2,xmm0 + movdqa xmm3,xmm5 +db 102,15,56,0,220 + pxor xmm3,xmm1 + movdqa xmm4,[32+ebp] +db 102,15,56,0,226 + movdqa xmm0,[48+ebp] +db 102,15,56,0,195 + pxor xmm0,xmm4 + pxor xmm0,xmm7 + movdqa xmm7,xmm0 + ret +align 16 +__vpaes_schedule_transform: + movdqa xmm2,[ebp-16] + movdqa xmm1,xmm2 + pandn xmm1,xmm0 + psrld xmm1,4 + pand xmm0,xmm2 + movdqa xmm2,[ebx] +db 102,15,56,0,208 + movdqa xmm0,[16+ebx] +db 102,15,56,0,193 + pxor xmm0,xmm2 + ret +align 16 +__vpaes_schedule_mangle: + movdqa xmm4,xmm0 + movdqa xmm5,[128+ebp] + test edi,edi + jnz NEAR L$014schedule_mangle_dec + add edx,16 + pxor xmm4,[336+ebp] +db 102,15,56,0,229 + movdqa xmm3,xmm4 +db 102,15,56,0,229 + pxor xmm3,xmm4 +db 102,15,56,0,229 + pxor xmm3,xmm4 + jmp NEAR L$015schedule_mangle_both +align 16 +L$014schedule_mangle_dec: + movdqa xmm2,[ebp-16] + lea esi,[416+ebp] + movdqa xmm1,xmm2 + pandn xmm1,xmm4 + psrld xmm1,4 + pand xmm4,xmm2 + movdqa xmm2,[esi] +db 102,15,56,0,212 + movdqa xmm3,[16+esi] +db 102,15,56,0,217 + pxor xmm3,xmm2 +db 102,15,56,0,221 + movdqa xmm2,[32+esi] +db 102,15,56,0,212 + pxor xmm2,xmm3 + movdqa xmm3,[48+esi] +db 102,15,56,0,217 + pxor xmm3,xmm2 +db 102,15,56,0,221 + movdqa xmm2,[64+esi] +db 102,15,56,0,212 + pxor xmm2,xmm3 + movdqa xmm3,[80+esi] +db 102,15,56,0,217 + pxor xmm3,xmm2 +db 102,15,56,0,221 + movdqa xmm2,[96+esi] +db 102,15,56,0,212 + pxor xmm2,xmm3 + movdqa xmm3,[112+esi] +db 102,15,56,0,217 + pxor xmm3,xmm2 + add edx,-16 +L$015schedule_mangle_both: + movdqa xmm1,[256+ecx*1+ebp] +db 102,15,56,0,217 + add ecx,-16 + and ecx,48 + movdqu [edx],xmm3 + ret +global _vpaes_set_encrypt_key +align 16 +_vpaes_set_encrypt_key: +L$_vpaes_set_encrypt_key_begin: + push ebp + push ebx + push esi + push edi + mov esi,DWORD [20+esp] + lea ebx,[esp-56] + mov eax,DWORD [24+esp] + and ebx,-16 + mov edx,DWORD [28+esp] + xchg ebx,esp + mov DWORD [48+esp],ebx + mov ebx,eax + shr ebx,5 + add ebx,5 + mov DWORD [240+edx],ebx + mov ecx,48 + mov edi,0 + lea ebp,[(L$_vpaes_consts+0x30-L$016pic_point)] + call __vpaes_schedule_core +L$016pic_point: + mov esp,DWORD [48+esp] + xor eax,eax + pop edi + pop esi + pop ebx + pop ebp + ret +global _vpaes_set_decrypt_key +align 16 +_vpaes_set_decrypt_key: +L$_vpaes_set_decrypt_key_begin: + push ebp + push ebx + push esi + push edi + mov esi,DWORD [20+esp] + lea ebx,[esp-56] + mov eax,DWORD [24+esp] + and ebx,-16 + mov edx,DWORD [28+esp] + xchg ebx,esp + mov DWORD [48+esp],ebx + mov ebx,eax + shr ebx,5 + add ebx,5 + mov DWORD [240+edx],ebx + shl ebx,4 + lea edx,[16+ebx*1+edx] + mov edi,1 + mov ecx,eax + shr ecx,1 + and ecx,32 + xor ecx,32 + lea ebp,[(L$_vpaes_consts+0x30-L$017pic_point)] + call __vpaes_schedule_core +L$017pic_point: + mov esp,DWORD [48+esp] + xor eax,eax + pop edi + pop esi + pop ebx + pop ebp + ret +global _vpaes_encrypt +align 16 +_vpaes_encrypt: +L$_vpaes_encrypt_begin: + push ebp + push ebx + push esi + push edi + lea ebp,[(L$_vpaes_consts+0x30-L$018pic_point)] + call __vpaes_preheat +L$018pic_point: + mov esi,DWORD [20+esp] + lea ebx,[esp-56] + mov edi,DWORD [24+esp] + and ebx,-16 + mov edx,DWORD [28+esp] + xchg ebx,esp + mov DWORD [48+esp],ebx + movdqu xmm0,[esi] + call __vpaes_encrypt_core + movdqu [edi],xmm0 + mov esp,DWORD [48+esp] + pop edi + pop esi + pop ebx + pop ebp + ret +global _vpaes_decrypt +align 16 +_vpaes_decrypt: +L$_vpaes_decrypt_begin: + push ebp + push ebx + push esi + push edi + lea ebp,[(L$_vpaes_consts+0x30-L$019pic_point)] + call __vpaes_preheat +L$019pic_point: + mov esi,DWORD [20+esp] + lea ebx,[esp-56] + mov edi,DWORD [24+esp] + and ebx,-16 + mov edx,DWORD [28+esp] + xchg ebx,esp + mov DWORD [48+esp],ebx + movdqu xmm0,[esi] + call __vpaes_decrypt_core + movdqu [edi],xmm0 + mov esp,DWORD [48+esp] + pop edi + pop esi + pop ebx + pop ebp + ret +global _vpaes_cbc_encrypt +align 16 +_vpaes_cbc_encrypt: +L$_vpaes_cbc_encrypt_begin: + push ebp + push ebx + push esi + push edi + mov esi,DWORD [20+esp] + mov edi,DWORD [24+esp] + mov eax,DWORD [28+esp] + mov edx,DWORD [32+esp] + sub eax,16 + jc NEAR L$020cbc_abort + lea ebx,[esp-56] + mov ebp,DWORD [36+esp] + and ebx,-16 + mov ecx,DWORD [40+esp] + xchg ebx,esp + movdqu xmm1,[ebp] + sub edi,esi + mov DWORD [48+esp],ebx + mov DWORD [esp],edi + mov DWORD [4+esp],edx + mov DWORD [8+esp],ebp + mov edi,eax + lea ebp,[(L$_vpaes_consts+0x30-L$021pic_point)] + call __vpaes_preheat +L$021pic_point: + cmp ecx,0 + je NEAR L$022cbc_dec_loop + jmp NEAR L$023cbc_enc_loop +align 16 +L$023cbc_enc_loop: + movdqu xmm0,[esi] + pxor xmm0,xmm1 + call __vpaes_encrypt_core + mov ebx,DWORD [esp] + mov edx,DWORD [4+esp] + movdqa xmm1,xmm0 + movdqu [esi*1+ebx],xmm0 + lea esi,[16+esi] + sub edi,16 + jnc NEAR L$023cbc_enc_loop + jmp NEAR L$024cbc_done +align 16 +L$022cbc_dec_loop: + movdqu xmm0,[esi] + movdqa [16+esp],xmm1 + movdqa [32+esp],xmm0 + call __vpaes_decrypt_core + mov ebx,DWORD [esp] + mov edx,DWORD [4+esp] + pxor xmm0,[16+esp] + movdqa xmm1,[32+esp] + movdqu [esi*1+ebx],xmm0 + lea esi,[16+esi] + sub edi,16 + jnc NEAR L$022cbc_dec_loop +L$024cbc_done: + mov ebx,DWORD [8+esp] + mov esp,DWORD [48+esp] + movdqu [ebx],xmm1 +L$020cbc_abort: + pop edi + pop esi + pop ebx + pop ebp + ret diff --git a/win-x86/crypto/bn/bn-586.asm b/win-x86/crypto/bn/bn-586.asm new file mode 100644 index 0000000..b222040 --- /dev/null +++ b/win-x86/crypto/bn/bn-586.asm @@ -0,0 +1,1523 @@ +%ifidn __OUTPUT_FORMAT__,obj +section code use32 class=code align=64 +%elifidn __OUTPUT_FORMAT__,win32 +%ifdef __YASM_VERSION_ID__ +%if __YASM_VERSION_ID__ < 01010000h +%error yasm version 1.1.0 or later needed. +%endif +; Yasm automatically includes .00 and complains about redefining it. +; https://www.tortall.net/projects/yasm/manual/html/objfmt-win32-safeseh.html +%else +$@feat.00 equ 1 +%endif +section .text code align=64 +%else +section .text code +%endif +;extern _OPENSSL_ia32cap_P +global _bn_mul_add_words +align 16 +_bn_mul_add_words: +L$_bn_mul_add_words_begin: + lea eax,[_OPENSSL_ia32cap_P] + bt DWORD [eax],26 + jnc NEAR L$000maw_non_sse2 + mov eax,DWORD [4+esp] + mov edx,DWORD [8+esp] + mov ecx,DWORD [12+esp] + movd mm0,DWORD [16+esp] + pxor mm1,mm1 + jmp NEAR L$001maw_sse2_entry +align 16 +L$002maw_sse2_unrolled: + movd mm3,DWORD [eax] + paddq mm1,mm3 + movd mm2,DWORD [edx] + pmuludq mm2,mm0 + movd mm4,DWORD [4+edx] + pmuludq mm4,mm0 + movd mm6,DWORD [8+edx] + pmuludq mm6,mm0 + movd mm7,DWORD [12+edx] + pmuludq mm7,mm0 + paddq mm1,mm2 + movd mm3,DWORD [4+eax] + paddq mm3,mm4 + movd mm5,DWORD [8+eax] + paddq mm5,mm6 + movd mm4,DWORD [12+eax] + paddq mm7,mm4 + movd DWORD [eax],mm1 + movd mm2,DWORD [16+edx] + pmuludq mm2,mm0 + psrlq mm1,32 + movd mm4,DWORD [20+edx] + pmuludq mm4,mm0 + paddq mm1,mm3 + movd mm6,DWORD [24+edx] + pmuludq mm6,mm0 + movd DWORD [4+eax],mm1 + psrlq mm1,32 + movd mm3,DWORD [28+edx] + add edx,32 + pmuludq mm3,mm0 + paddq mm1,mm5 + movd mm5,DWORD [16+eax] + paddq mm2,mm5 + movd DWORD [8+eax],mm1 + psrlq mm1,32 + paddq mm1,mm7 + movd mm5,DWORD [20+eax] + paddq mm4,mm5 + movd DWORD [12+eax],mm1 + psrlq mm1,32 + paddq mm1,mm2 + movd mm5,DWORD [24+eax] + paddq mm6,mm5 + movd DWORD [16+eax],mm1 + psrlq mm1,32 + paddq mm1,mm4 + movd mm5,DWORD [28+eax] + paddq mm3,mm5 + movd DWORD [20+eax],mm1 + psrlq mm1,32 + paddq mm1,mm6 + movd DWORD [24+eax],mm1 + psrlq mm1,32 + paddq mm1,mm3 + movd DWORD [28+eax],mm1 + lea eax,[32+eax] + psrlq mm1,32 + sub ecx,8 + jz NEAR L$003maw_sse2_exit +L$001maw_sse2_entry: + test ecx,4294967288 + jnz NEAR L$002maw_sse2_unrolled +align 4 +L$004maw_sse2_loop: + movd mm2,DWORD [edx] + movd mm3,DWORD [eax] + pmuludq mm2,mm0 + lea edx,[4+edx] + paddq mm1,mm3 + paddq mm1,mm2 + movd DWORD [eax],mm1 + sub ecx,1 + psrlq mm1,32 + lea eax,[4+eax] + jnz NEAR L$004maw_sse2_loop +L$003maw_sse2_exit: + movd eax,mm1 + emms + ret +align 16 +L$000maw_non_sse2: + push ebp + push ebx + push esi + push edi + ; + xor esi,esi + mov edi,DWORD [20+esp] + mov ecx,DWORD [28+esp] + mov ebx,DWORD [24+esp] + and ecx,4294967288 + mov ebp,DWORD [32+esp] + push ecx + jz NEAR L$005maw_finish +align 16 +L$006maw_loop: + ; Round 0 + mov eax,DWORD [ebx] + mul ebp + add eax,esi + adc edx,0 + add eax,DWORD [edi] + adc edx,0 + mov DWORD [edi],eax + mov esi,edx + ; Round 4 + mov eax,DWORD [4+ebx] + mul ebp + add eax,esi + adc edx,0 + add eax,DWORD [4+edi] + adc edx,0 + mov DWORD [4+edi],eax + mov esi,edx + ; Round 8 + mov eax,DWORD [8+ebx] + mul ebp + add eax,esi + adc edx,0 + add eax,DWORD [8+edi] + adc edx,0 + mov DWORD [8+edi],eax + mov esi,edx + ; Round 12 + mov eax,DWORD [12+ebx] + mul ebp + add eax,esi + adc edx,0 + add eax,DWORD [12+edi] + adc edx,0 + mov DWORD [12+edi],eax + mov esi,edx + ; Round 16 + mov eax,DWORD [16+ebx] + mul ebp + add eax,esi + adc edx,0 + add eax,DWORD [16+edi] + adc edx,0 + mov DWORD [16+edi],eax + mov esi,edx + ; Round 20 + mov eax,DWORD [20+ebx] + mul ebp + add eax,esi + adc edx,0 + add eax,DWORD [20+edi] + adc edx,0 + mov DWORD [20+edi],eax + mov esi,edx + ; Round 24 + mov eax,DWORD [24+ebx] + mul ebp + add eax,esi + adc edx,0 + add eax,DWORD [24+edi] + adc edx,0 + mov DWORD [24+edi],eax + mov esi,edx + ; Round 28 + mov eax,DWORD [28+ebx] + mul ebp + add eax,esi + adc edx,0 + add eax,DWORD [28+edi] + adc edx,0 + mov DWORD [28+edi],eax + mov esi,edx + ; + sub ecx,8 + lea ebx,[32+ebx] + lea edi,[32+edi] + jnz NEAR L$006maw_loop +L$005maw_finish: + mov ecx,DWORD [32+esp] + and ecx,7 + jnz NEAR L$007maw_finish2 + jmp NEAR L$008maw_end +L$007maw_finish2: + ; Tail Round 0 + mov eax,DWORD [ebx] + mul ebp + add eax,esi + adc edx,0 + add eax,DWORD [edi] + adc edx,0 + dec ecx + mov DWORD [edi],eax + mov esi,edx + jz NEAR L$008maw_end + ; Tail Round 1 + mov eax,DWORD [4+ebx] + mul ebp + add eax,esi + adc edx,0 + add eax,DWORD [4+edi] + adc edx,0 + dec ecx + mov DWORD [4+edi],eax + mov esi,edx + jz NEAR L$008maw_end + ; Tail Round 2 + mov eax,DWORD [8+ebx] + mul ebp + add eax,esi + adc edx,0 + add eax,DWORD [8+edi] + adc edx,0 + dec ecx + mov DWORD [8+edi],eax + mov esi,edx + jz NEAR L$008maw_end + ; Tail Round 3 + mov eax,DWORD [12+ebx] + mul ebp + add eax,esi + adc edx,0 + add eax,DWORD [12+edi] + adc edx,0 + dec ecx + mov DWORD [12+edi],eax + mov esi,edx + jz NEAR L$008maw_end + ; Tail Round 4 + mov eax,DWORD [16+ebx] + mul ebp + add eax,esi + adc edx,0 + add eax,DWORD [16+edi] + adc edx,0 + dec ecx + mov DWORD [16+edi],eax + mov esi,edx + jz NEAR L$008maw_end + ; Tail Round 5 + mov eax,DWORD [20+ebx] + mul ebp + add eax,esi + adc edx,0 + add eax,DWORD [20+edi] + adc edx,0 + dec ecx + mov DWORD [20+edi],eax + mov esi,edx + jz NEAR L$008maw_end + ; Tail Round 6 + mov eax,DWORD [24+ebx] + mul ebp + add eax,esi + adc edx,0 + add eax,DWORD [24+edi] + adc edx,0 + mov DWORD [24+edi],eax + mov esi,edx +L$008maw_end: + mov eax,esi + pop ecx + pop edi + pop esi + pop ebx + pop ebp + ret +global _bn_mul_words +align 16 +_bn_mul_words: +L$_bn_mul_words_begin: + lea eax,[_OPENSSL_ia32cap_P] + bt DWORD [eax],26 + jnc NEAR L$009mw_non_sse2 + mov eax,DWORD [4+esp] + mov edx,DWORD [8+esp] + mov ecx,DWORD [12+esp] + movd mm0,DWORD [16+esp] + pxor mm1,mm1 +align 16 +L$010mw_sse2_loop: + movd mm2,DWORD [edx] + pmuludq mm2,mm0 + lea edx,[4+edx] + paddq mm1,mm2 + movd DWORD [eax],mm1 + sub ecx,1 + psrlq mm1,32 + lea eax,[4+eax] + jnz NEAR L$010mw_sse2_loop + movd eax,mm1 + emms + ret +align 16 +L$009mw_non_sse2: + push ebp + push ebx + push esi + push edi + ; + xor esi,esi + mov edi,DWORD [20+esp] + mov ebx,DWORD [24+esp] + mov ebp,DWORD [28+esp] + mov ecx,DWORD [32+esp] + and ebp,4294967288 + jz NEAR L$011mw_finish +L$012mw_loop: + ; Round 0 + mov eax,DWORD [ebx] + mul ecx + add eax,esi + adc edx,0 + mov DWORD [edi],eax + mov esi,edx + ; Round 4 + mov eax,DWORD [4+ebx] + mul ecx + add eax,esi + adc edx,0 + mov DWORD [4+edi],eax + mov esi,edx + ; Round 8 + mov eax,DWORD [8+ebx] + mul ecx + add eax,esi + adc edx,0 + mov DWORD [8+edi],eax + mov esi,edx + ; Round 12 + mov eax,DWORD [12+ebx] + mul ecx + add eax,esi + adc edx,0 + mov DWORD [12+edi],eax + mov esi,edx + ; Round 16 + mov eax,DWORD [16+ebx] + mul ecx + add eax,esi + adc edx,0 + mov DWORD [16+edi],eax + mov esi,edx + ; Round 20 + mov eax,DWORD [20+ebx] + mul ecx + add eax,esi + adc edx,0 + mov DWORD [20+edi],eax + mov esi,edx + ; Round 24 + mov eax,DWORD [24+ebx] + mul ecx + add eax,esi + adc edx,0 + mov DWORD [24+edi],eax + mov esi,edx + ; Round 28 + mov eax,DWORD [28+ebx] + mul ecx + add eax,esi + adc edx,0 + mov DWORD [28+edi],eax + mov esi,edx + ; + add ebx,32 + add edi,32 + sub ebp,8 + jz NEAR L$011mw_finish + jmp NEAR L$012mw_loop +L$011mw_finish: + mov ebp,DWORD [28+esp] + and ebp,7 + jnz NEAR L$013mw_finish2 + jmp NEAR L$014mw_end +L$013mw_finish2: + ; Tail Round 0 + mov eax,DWORD [ebx] + mul ecx + add eax,esi + adc edx,0 + mov DWORD [edi],eax + mov esi,edx + dec ebp + jz NEAR L$014mw_end + ; Tail Round 1 + mov eax,DWORD [4+ebx] + mul ecx + add eax,esi + adc edx,0 + mov DWORD [4+edi],eax + mov esi,edx + dec ebp + jz NEAR L$014mw_end + ; Tail Round 2 + mov eax,DWORD [8+ebx] + mul ecx + add eax,esi + adc edx,0 + mov DWORD [8+edi],eax + mov esi,edx + dec ebp + jz NEAR L$014mw_end + ; Tail Round 3 + mov eax,DWORD [12+ebx] + mul ecx + add eax,esi + adc edx,0 + mov DWORD [12+edi],eax + mov esi,edx + dec ebp + jz NEAR L$014mw_end + ; Tail Round 4 + mov eax,DWORD [16+ebx] + mul ecx + add eax,esi + adc edx,0 + mov DWORD [16+edi],eax + mov esi,edx + dec ebp + jz NEAR L$014mw_end + ; Tail Round 5 + mov eax,DWORD [20+ebx] + mul ecx + add eax,esi + adc edx,0 + mov DWORD [20+edi],eax + mov esi,edx + dec ebp + jz NEAR L$014mw_end + ; Tail Round 6 + mov eax,DWORD [24+ebx] + mul ecx + add eax,esi + adc edx,0 + mov DWORD [24+edi],eax + mov esi,edx +L$014mw_end: + mov eax,esi + pop edi + pop esi + pop ebx + pop ebp + ret +global _bn_sqr_words +align 16 +_bn_sqr_words: +L$_bn_sqr_words_begin: + lea eax,[_OPENSSL_ia32cap_P] + bt DWORD [eax],26 + jnc NEAR L$015sqr_non_sse2 + mov eax,DWORD [4+esp] + mov edx,DWORD [8+esp] + mov ecx,DWORD [12+esp] +align 16 +L$016sqr_sse2_loop: + movd mm0,DWORD [edx] + pmuludq mm0,mm0 + lea edx,[4+edx] + movq [eax],mm0 + sub ecx,1 + lea eax,[8+eax] + jnz NEAR L$016sqr_sse2_loop + emms + ret +align 16 +L$015sqr_non_sse2: + push ebp + push ebx + push esi + push edi + ; + mov esi,DWORD [20+esp] + mov edi,DWORD [24+esp] + mov ebx,DWORD [28+esp] + and ebx,4294967288 + jz NEAR L$017sw_finish +L$018sw_loop: + ; Round 0 + mov eax,DWORD [edi] + mul eax + mov DWORD [esi],eax + mov DWORD [4+esi],edx + ; Round 4 + mov eax,DWORD [4+edi] + mul eax + mov DWORD [8+esi],eax + mov DWORD [12+esi],edx + ; Round 8 + mov eax,DWORD [8+edi] + mul eax + mov DWORD [16+esi],eax + mov DWORD [20+esi],edx + ; Round 12 + mov eax,DWORD [12+edi] + mul eax + mov DWORD [24+esi],eax + mov DWORD [28+esi],edx + ; Round 16 + mov eax,DWORD [16+edi] + mul eax + mov DWORD [32+esi],eax + mov DWORD [36+esi],edx + ; Round 20 + mov eax,DWORD [20+edi] + mul eax + mov DWORD [40+esi],eax + mov DWORD [44+esi],edx + ; Round 24 + mov eax,DWORD [24+edi] + mul eax + mov DWORD [48+esi],eax + mov DWORD [52+esi],edx + ; Round 28 + mov eax,DWORD [28+edi] + mul eax + mov DWORD [56+esi],eax + mov DWORD [60+esi],edx + ; + add edi,32 + add esi,64 + sub ebx,8 + jnz NEAR L$018sw_loop +L$017sw_finish: + mov ebx,DWORD [28+esp] + and ebx,7 + jz NEAR L$019sw_end + ; Tail Round 0 + mov eax,DWORD [edi] + mul eax + mov DWORD [esi],eax + dec ebx + mov DWORD [4+esi],edx + jz NEAR L$019sw_end + ; Tail Round 1 + mov eax,DWORD [4+edi] + mul eax + mov DWORD [8+esi],eax + dec ebx + mov DWORD [12+esi],edx + jz NEAR L$019sw_end + ; Tail Round 2 + mov eax,DWORD [8+edi] + mul eax + mov DWORD [16+esi],eax + dec ebx + mov DWORD [20+esi],edx + jz NEAR L$019sw_end + ; Tail Round 3 + mov eax,DWORD [12+edi] + mul eax + mov DWORD [24+esi],eax + dec ebx + mov DWORD [28+esi],edx + jz NEAR L$019sw_end + ; Tail Round 4 + mov eax,DWORD [16+edi] + mul eax + mov DWORD [32+esi],eax + dec ebx + mov DWORD [36+esi],edx + jz NEAR L$019sw_end + ; Tail Round 5 + mov eax,DWORD [20+edi] + mul eax + mov DWORD [40+esi],eax + dec ebx + mov DWORD [44+esi],edx + jz NEAR L$019sw_end + ; Tail Round 6 + mov eax,DWORD [24+edi] + mul eax + mov DWORD [48+esi],eax + mov DWORD [52+esi],edx +L$019sw_end: + pop edi + pop esi + pop ebx + pop ebp + ret +global _bn_div_words +align 16 +_bn_div_words: +L$_bn_div_words_begin: + mov edx,DWORD [4+esp] + mov eax,DWORD [8+esp] + mov ecx,DWORD [12+esp] + div ecx + ret +global _bn_add_words +align 16 +_bn_add_words: +L$_bn_add_words_begin: + push ebp + push ebx + push esi + push edi + ; + mov ebx,DWORD [20+esp] + mov esi,DWORD [24+esp] + mov edi,DWORD [28+esp] + mov ebp,DWORD [32+esp] + xor eax,eax + and ebp,4294967288 + jz NEAR L$020aw_finish +L$021aw_loop: + ; Round 0 + mov ecx,DWORD [esi] + mov edx,DWORD [edi] + add ecx,eax + mov eax,0 + adc eax,eax + add ecx,edx + adc eax,0 + mov DWORD [ebx],ecx + ; Round 1 + mov ecx,DWORD [4+esi] + mov edx,DWORD [4+edi] + add ecx,eax + mov eax,0 + adc eax,eax + add ecx,edx + adc eax,0 + mov DWORD [4+ebx],ecx + ; Round 2 + mov ecx,DWORD [8+esi] + mov edx,DWORD [8+edi] + add ecx,eax + mov eax,0 + adc eax,eax + add ecx,edx + adc eax,0 + mov DWORD [8+ebx],ecx + ; Round 3 + mov ecx,DWORD [12+esi] + mov edx,DWORD [12+edi] + add ecx,eax + mov eax,0 + adc eax,eax + add ecx,edx + adc eax,0 + mov DWORD [12+ebx],ecx + ; Round 4 + mov ecx,DWORD [16+esi] + mov edx,DWORD [16+edi] + add ecx,eax + mov eax,0 + adc eax,eax + add ecx,edx + adc eax,0 + mov DWORD [16+ebx],ecx + ; Round 5 + mov ecx,DWORD [20+esi] + mov edx,DWORD [20+edi] + add ecx,eax + mov eax,0 + adc eax,eax + add ecx,edx + adc eax,0 + mov DWORD [20+ebx],ecx + ; Round 6 + mov ecx,DWORD [24+esi] + mov edx,DWORD [24+edi] + add ecx,eax + mov eax,0 + adc eax,eax + add ecx,edx + adc eax,0 + mov DWORD [24+ebx],ecx + ; Round 7 + mov ecx,DWORD [28+esi] + mov edx,DWORD [28+edi] + add ecx,eax + mov eax,0 + adc eax,eax + add ecx,edx + adc eax,0 + mov DWORD [28+ebx],ecx + ; + add esi,32 + add edi,32 + add ebx,32 + sub ebp,8 + jnz NEAR L$021aw_loop +L$020aw_finish: + mov ebp,DWORD [32+esp] + and ebp,7 + jz NEAR L$022aw_end + ; Tail Round 0 + mov ecx,DWORD [esi] + mov edx,DWORD [edi] + add ecx,eax + mov eax,0 + adc eax,eax + add ecx,edx + adc eax,0 + dec ebp + mov DWORD [ebx],ecx + jz NEAR L$022aw_end + ; Tail Round 1 + mov ecx,DWORD [4+esi] + mov edx,DWORD [4+edi] + add ecx,eax + mov eax,0 + adc eax,eax + add ecx,edx + adc eax,0 + dec ebp + mov DWORD [4+ebx],ecx + jz NEAR L$022aw_end + ; Tail Round 2 + mov ecx,DWORD [8+esi] + mov edx,DWORD [8+edi] + add ecx,eax + mov eax,0 + adc eax,eax + add ecx,edx + adc eax,0 + dec ebp + mov DWORD [8+ebx],ecx + jz NEAR L$022aw_end + ; Tail Round 3 + mov ecx,DWORD [12+esi] + mov edx,DWORD [12+edi] + add ecx,eax + mov eax,0 + adc eax,eax + add ecx,edx + adc eax,0 + dec ebp + mov DWORD [12+ebx],ecx + jz NEAR L$022aw_end + ; Tail Round 4 + mov ecx,DWORD [16+esi] + mov edx,DWORD [16+edi] + add ecx,eax + mov eax,0 + adc eax,eax + add ecx,edx + adc eax,0 + dec ebp + mov DWORD [16+ebx],ecx + jz NEAR L$022aw_end + ; Tail Round 5 + mov ecx,DWORD [20+esi] + mov edx,DWORD [20+edi] + add ecx,eax + mov eax,0 + adc eax,eax + add ecx,edx + adc eax,0 + dec ebp + mov DWORD [20+ebx],ecx + jz NEAR L$022aw_end + ; Tail Round 6 + mov ecx,DWORD [24+esi] + mov edx,DWORD [24+edi] + add ecx,eax + mov eax,0 + adc eax,eax + add ecx,edx + adc eax,0 + mov DWORD [24+ebx],ecx +L$022aw_end: + pop edi + pop esi + pop ebx + pop ebp + ret +global _bn_sub_words +align 16 +_bn_sub_words: +L$_bn_sub_words_begin: + push ebp + push ebx + push esi + push edi + ; + mov ebx,DWORD [20+esp] + mov esi,DWORD [24+esp] + mov edi,DWORD [28+esp] + mov ebp,DWORD [32+esp] + xor eax,eax + and ebp,4294967288 + jz NEAR L$023aw_finish +L$024aw_loop: + ; Round 0 + mov ecx,DWORD [esi] + mov edx,DWORD [edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + mov DWORD [ebx],ecx + ; Round 1 + mov ecx,DWORD [4+esi] + mov edx,DWORD [4+edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + mov DWORD [4+ebx],ecx + ; Round 2 + mov ecx,DWORD [8+esi] + mov edx,DWORD [8+edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + mov DWORD [8+ebx],ecx + ; Round 3 + mov ecx,DWORD [12+esi] + mov edx,DWORD [12+edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + mov DWORD [12+ebx],ecx + ; Round 4 + mov ecx,DWORD [16+esi] + mov edx,DWORD [16+edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + mov DWORD [16+ebx],ecx + ; Round 5 + mov ecx,DWORD [20+esi] + mov edx,DWORD [20+edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + mov DWORD [20+ebx],ecx + ; Round 6 + mov ecx,DWORD [24+esi] + mov edx,DWORD [24+edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + mov DWORD [24+ebx],ecx + ; Round 7 + mov ecx,DWORD [28+esi] + mov edx,DWORD [28+edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + mov DWORD [28+ebx],ecx + ; + add esi,32 + add edi,32 + add ebx,32 + sub ebp,8 + jnz NEAR L$024aw_loop +L$023aw_finish: + mov ebp,DWORD [32+esp] + and ebp,7 + jz NEAR L$025aw_end + ; Tail Round 0 + mov ecx,DWORD [esi] + mov edx,DWORD [edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + dec ebp + mov DWORD [ebx],ecx + jz NEAR L$025aw_end + ; Tail Round 1 + mov ecx,DWORD [4+esi] + mov edx,DWORD [4+edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + dec ebp + mov DWORD [4+ebx],ecx + jz NEAR L$025aw_end + ; Tail Round 2 + mov ecx,DWORD [8+esi] + mov edx,DWORD [8+edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + dec ebp + mov DWORD [8+ebx],ecx + jz NEAR L$025aw_end + ; Tail Round 3 + mov ecx,DWORD [12+esi] + mov edx,DWORD [12+edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + dec ebp + mov DWORD [12+ebx],ecx + jz NEAR L$025aw_end + ; Tail Round 4 + mov ecx,DWORD [16+esi] + mov edx,DWORD [16+edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + dec ebp + mov DWORD [16+ebx],ecx + jz NEAR L$025aw_end + ; Tail Round 5 + mov ecx,DWORD [20+esi] + mov edx,DWORD [20+edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + dec ebp + mov DWORD [20+ebx],ecx + jz NEAR L$025aw_end + ; Tail Round 6 + mov ecx,DWORD [24+esi] + mov edx,DWORD [24+edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + mov DWORD [24+ebx],ecx +L$025aw_end: + pop edi + pop esi + pop ebx + pop ebp + ret +global _bn_sub_part_words +align 16 +_bn_sub_part_words: +L$_bn_sub_part_words_begin: + push ebp + push ebx + push esi + push edi + ; + mov ebx,DWORD [20+esp] + mov esi,DWORD [24+esp] + mov edi,DWORD [28+esp] + mov ebp,DWORD [32+esp] + xor eax,eax + and ebp,4294967288 + jz NEAR L$026aw_finish +L$027aw_loop: + ; Round 0 + mov ecx,DWORD [esi] + mov edx,DWORD [edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + mov DWORD [ebx],ecx + ; Round 1 + mov ecx,DWORD [4+esi] + mov edx,DWORD [4+edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + mov DWORD [4+ebx],ecx + ; Round 2 + mov ecx,DWORD [8+esi] + mov edx,DWORD [8+edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + mov DWORD [8+ebx],ecx + ; Round 3 + mov ecx,DWORD [12+esi] + mov edx,DWORD [12+edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + mov DWORD [12+ebx],ecx + ; Round 4 + mov ecx,DWORD [16+esi] + mov edx,DWORD [16+edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + mov DWORD [16+ebx],ecx + ; Round 5 + mov ecx,DWORD [20+esi] + mov edx,DWORD [20+edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + mov DWORD [20+ebx],ecx + ; Round 6 + mov ecx,DWORD [24+esi] + mov edx,DWORD [24+edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + mov DWORD [24+ebx],ecx + ; Round 7 + mov ecx,DWORD [28+esi] + mov edx,DWORD [28+edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + mov DWORD [28+ebx],ecx + ; + add esi,32 + add edi,32 + add ebx,32 + sub ebp,8 + jnz NEAR L$027aw_loop +L$026aw_finish: + mov ebp,DWORD [32+esp] + and ebp,7 + jz NEAR L$028aw_end + ; Tail Round 0 + mov ecx,DWORD [esi] + mov edx,DWORD [edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + mov DWORD [ebx],ecx + add esi,4 + add edi,4 + add ebx,4 + dec ebp + jz NEAR L$028aw_end + ; Tail Round 1 + mov ecx,DWORD [esi] + mov edx,DWORD [edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + mov DWORD [ebx],ecx + add esi,4 + add edi,4 + add ebx,4 + dec ebp + jz NEAR L$028aw_end + ; Tail Round 2 + mov ecx,DWORD [esi] + mov edx,DWORD [edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + mov DWORD [ebx],ecx + add esi,4 + add edi,4 + add ebx,4 + dec ebp + jz NEAR L$028aw_end + ; Tail Round 3 + mov ecx,DWORD [esi] + mov edx,DWORD [edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + mov DWORD [ebx],ecx + add esi,4 + add edi,4 + add ebx,4 + dec ebp + jz NEAR L$028aw_end + ; Tail Round 4 + mov ecx,DWORD [esi] + mov edx,DWORD [edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + mov DWORD [ebx],ecx + add esi,4 + add edi,4 + add ebx,4 + dec ebp + jz NEAR L$028aw_end + ; Tail Round 5 + mov ecx,DWORD [esi] + mov edx,DWORD [edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + mov DWORD [ebx],ecx + add esi,4 + add edi,4 + add ebx,4 + dec ebp + jz NEAR L$028aw_end + ; Tail Round 6 + mov ecx,DWORD [esi] + mov edx,DWORD [edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + mov DWORD [ebx],ecx + add esi,4 + add edi,4 + add ebx,4 +L$028aw_end: + cmp DWORD [36+esp],0 + je NEAR L$029pw_end + mov ebp,DWORD [36+esp] + cmp ebp,0 + je NEAR L$029pw_end + jge NEAR L$030pw_pos + ; pw_neg + mov edx,0 + sub edx,ebp + mov ebp,edx + and ebp,4294967288 + jz NEAR L$031pw_neg_finish +L$032pw_neg_loop: + ; dl<0 Round 0 + mov ecx,0 + mov edx,DWORD [edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + mov DWORD [ebx],ecx + ; dl<0 Round 1 + mov ecx,0 + mov edx,DWORD [4+edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + mov DWORD [4+ebx],ecx + ; dl<0 Round 2 + mov ecx,0 + mov edx,DWORD [8+edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + mov DWORD [8+ebx],ecx + ; dl<0 Round 3 + mov ecx,0 + mov edx,DWORD [12+edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + mov DWORD [12+ebx],ecx + ; dl<0 Round 4 + mov ecx,0 + mov edx,DWORD [16+edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + mov DWORD [16+ebx],ecx + ; dl<0 Round 5 + mov ecx,0 + mov edx,DWORD [20+edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + mov DWORD [20+ebx],ecx + ; dl<0 Round 6 + mov ecx,0 + mov edx,DWORD [24+edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + mov DWORD [24+ebx],ecx + ; dl<0 Round 7 + mov ecx,0 + mov edx,DWORD [28+edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + mov DWORD [28+ebx],ecx + ; + add edi,32 + add ebx,32 + sub ebp,8 + jnz NEAR L$032pw_neg_loop +L$031pw_neg_finish: + mov edx,DWORD [36+esp] + mov ebp,0 + sub ebp,edx + and ebp,7 + jz NEAR L$029pw_end + ; dl<0 Tail Round 0 + mov ecx,0 + mov edx,DWORD [edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + dec ebp + mov DWORD [ebx],ecx + jz NEAR L$029pw_end + ; dl<0 Tail Round 1 + mov ecx,0 + mov edx,DWORD [4+edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + dec ebp + mov DWORD [4+ebx],ecx + jz NEAR L$029pw_end + ; dl<0 Tail Round 2 + mov ecx,0 + mov edx,DWORD [8+edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + dec ebp + mov DWORD [8+ebx],ecx + jz NEAR L$029pw_end + ; dl<0 Tail Round 3 + mov ecx,0 + mov edx,DWORD [12+edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + dec ebp + mov DWORD [12+ebx],ecx + jz NEAR L$029pw_end + ; dl<0 Tail Round 4 + mov ecx,0 + mov edx,DWORD [16+edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + dec ebp + mov DWORD [16+ebx],ecx + jz NEAR L$029pw_end + ; dl<0 Tail Round 5 + mov ecx,0 + mov edx,DWORD [20+edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + dec ebp + mov DWORD [20+ebx],ecx + jz NEAR L$029pw_end + ; dl<0 Tail Round 6 + mov ecx,0 + mov edx,DWORD [24+edi] + sub ecx,eax + mov eax,0 + adc eax,eax + sub ecx,edx + adc eax,0 + mov DWORD [24+ebx],ecx + jmp NEAR L$029pw_end +L$030pw_pos: + and ebp,4294967288 + jz NEAR L$033pw_pos_finish +L$034pw_pos_loop: + ; dl>0 Round 0 + mov ecx,DWORD [esi] + sub ecx,eax + mov DWORD [ebx],ecx + jnc NEAR L$035pw_nc0 + ; dl>0 Round 1 + mov ecx,DWORD [4+esi] + sub ecx,eax + mov DWORD [4+ebx],ecx + jnc NEAR L$036pw_nc1 + ; dl>0 Round 2 + mov ecx,DWORD [8+esi] + sub ecx,eax + mov DWORD [8+ebx],ecx + jnc NEAR L$037pw_nc2 + ; dl>0 Round 3 + mov ecx,DWORD [12+esi] + sub ecx,eax + mov DWORD [12+ebx],ecx + jnc NEAR L$038pw_nc3 + ; dl>0 Round 4 + mov ecx,DWORD [16+esi] + sub ecx,eax + mov DWORD [16+ebx],ecx + jnc NEAR L$039pw_nc4 + ; dl>0 Round 5 + mov ecx,DWORD [20+esi] + sub ecx,eax + mov DWORD [20+ebx],ecx + jnc NEAR L$040pw_nc5 + ; dl>0 Round 6 + mov ecx,DWORD [24+esi] + sub ecx,eax + mov DWORD [24+ebx],ecx + jnc NEAR L$041pw_nc6 + ; dl>0 Round 7 + mov ecx,DWORD [28+esi] + sub ecx,eax + mov DWORD [28+ebx],ecx + jnc NEAR L$042pw_nc7 + ; + add esi,32 + add ebx,32 + sub ebp,8 + jnz NEAR L$034pw_pos_loop +L$033pw_pos_finish: + mov ebp,DWORD [36+esp] + and ebp,7 + jz NEAR L$029pw_end + ; dl>0 Tail Round 0 + mov ecx,DWORD [esi] + sub ecx,eax + mov DWORD [ebx],ecx + jnc NEAR L$043pw_tail_nc0 + dec ebp + jz NEAR L$029pw_end + ; dl>0 Tail Round 1 + mov ecx,DWORD [4+esi] + sub ecx,eax + mov DWORD [4+ebx],ecx + jnc NEAR L$044pw_tail_nc1 + dec ebp + jz NEAR L$029pw_end + ; dl>0 Tail Round 2 + mov ecx,DWORD [8+esi] + sub ecx,eax + mov DWORD [8+ebx],ecx + jnc NEAR L$045pw_tail_nc2 + dec ebp + jz NEAR L$029pw_end + ; dl>0 Tail Round 3 + mov ecx,DWORD [12+esi] + sub ecx,eax + mov DWORD [12+ebx],ecx + jnc NEAR L$046pw_tail_nc3 + dec ebp + jz NEAR L$029pw_end + ; dl>0 Tail Round 4 + mov ecx,DWORD [16+esi] + sub ecx,eax + mov DWORD [16+ebx],ecx + jnc NEAR L$047pw_tail_nc4 + dec ebp + jz NEAR L$029pw_end + ; dl>0 Tail Round 5 + mov ecx,DWORD [20+esi] + sub ecx,eax + mov DWORD [20+ebx],ecx + jnc NEAR L$048pw_tail_nc5 + dec ebp + jz NEAR L$029pw_end + ; dl>0 Tail Round 6 + mov ecx,DWORD [24+esi] + sub ecx,eax + mov DWORD [24+ebx],ecx + jnc NEAR L$049pw_tail_nc6 + mov eax,1 + jmp NEAR L$029pw_end +L$050pw_nc_loop: + mov ecx,DWORD [esi] + mov DWORD [ebx],ecx +L$035pw_nc0: + mov ecx,DWORD [4+esi] + mov DWORD [4+ebx],ecx +L$036pw_nc1: + mov ecx,DWORD [8+esi] + mov DWORD [8+ebx],ecx +L$037pw_nc2: + mov ecx,DWORD [12+esi] + mov DWORD [12+ebx],ecx +L$038pw_nc3: + mov ecx,DWORD [16+esi] + mov DWORD [16+ebx],ecx +L$039pw_nc4: + mov ecx,DWORD [20+esi] + mov DWORD [20+ebx],ecx +L$040pw_nc5: + mov ecx,DWORD [24+esi] + mov DWORD [24+ebx],ecx +L$041pw_nc6: + mov ecx,DWORD [28+esi] + mov DWORD [28+ebx],ecx +L$042pw_nc7: + ; + add esi,32 + add ebx,32 + sub ebp,8 + jnz NEAR L$050pw_nc_loop + mov ebp,DWORD [36+esp] + and ebp,7 + jz NEAR L$051pw_nc_end + mov ecx,DWORD [esi] + mov DWORD [ebx],ecx +L$043pw_tail_nc0: + dec ebp + jz NEAR L$051pw_nc_end + mov ecx,DWORD [4+esi] + mov DWORD [4+ebx],ecx +L$044pw_tail_nc1: + dec ebp + jz NEAR L$051pw_nc_end + mov ecx,DWORD [8+esi] + mov DWORD [8+ebx],ecx +L$045pw_tail_nc2: + dec ebp + jz NEAR L$051pw_nc_end + mov ecx,DWORD [12+esi] + mov DWORD [12+ebx],ecx +L$046pw_tail_nc3: + dec ebp + jz NEAR L$051pw_nc_end + mov ecx,DWORD [16+esi] + mov DWORD [16+ebx],ecx +L$047pw_tail_nc4: + dec ebp + jz NEAR L$051pw_nc_end + mov ecx,DWORD [20+esi] + mov DWORD [20+ebx],ecx +L$048pw_tail_nc5: + dec ebp + jz NEAR L$051pw_nc_end + mov ecx,DWORD [24+esi] + mov DWORD [24+ebx],ecx +L$049pw_tail_nc6: +L$051pw_nc_end: + mov eax,0 +L$029pw_end: + pop edi + pop esi + pop ebx + pop ebp + ret +segment .bss +common _OPENSSL_ia32cap_P 16 diff --git a/win-x86/crypto/bn/co-586.asm b/win-x86/crypto/bn/co-586.asm new file mode 100644 index 0000000..5780dc8 --- /dev/null +++ b/win-x86/crypto/bn/co-586.asm @@ -0,0 +1,1260 @@ +%ifidn __OUTPUT_FORMAT__,obj +section code use32 class=code align=64 +%elifidn __OUTPUT_FORMAT__,win32 +%ifdef __YASM_VERSION_ID__ +%if __YASM_VERSION_ID__ < 01010000h +%error yasm version 1.1.0 or later needed. +%endif +; Yasm automatically includes .00 and complains about redefining it. +; https://www.tortall.net/projects/yasm/manual/html/objfmt-win32-safeseh.html +%else +$@feat.00 equ 1 +%endif +section .text code align=64 +%else +section .text code +%endif +global _bn_mul_comba8 +align 16 +_bn_mul_comba8: +L$_bn_mul_comba8_begin: + push esi + mov esi,DWORD [12+esp] + push edi + mov edi,DWORD [20+esp] + push ebp + push ebx + xor ebx,ebx + mov eax,DWORD [esi] + xor ecx,ecx + mov edx,DWORD [edi] + ; ################## Calculate word 0 + xor ebp,ebp + ; mul a[0]*b[0] + mul edx + add ebx,eax + mov eax,DWORD [20+esp] + adc ecx,edx + mov edx,DWORD [edi] + adc ebp,0 + mov DWORD [eax],ebx + mov eax,DWORD [4+esi] + ; saved r[0] + ; ################## Calculate word 1 + xor ebx,ebx + ; mul a[1]*b[0] + mul edx + add ecx,eax + mov eax,DWORD [esi] + adc ebp,edx + mov edx,DWORD [4+edi] + adc ebx,0 + ; mul a[0]*b[1] + mul edx + add ecx,eax + mov eax,DWORD [20+esp] + adc ebp,edx + mov edx,DWORD [edi] + adc ebx,0 + mov DWORD [4+eax],ecx + mov eax,DWORD [8+esi] + ; saved r[1] + ; ################## Calculate word 2 + xor ecx,ecx + ; mul a[2]*b[0] + mul edx + add ebp,eax + mov eax,DWORD [4+esi] + adc ebx,edx + mov edx,DWORD [4+edi] + adc ecx,0 + ; mul a[1]*b[1] + mul edx + add ebp,eax + mov eax,DWORD [esi] + adc ebx,edx + mov edx,DWORD [8+edi] + adc ecx,0 + ; mul a[0]*b[2] + mul edx + add ebp,eax + mov eax,DWORD [20+esp] + adc ebx,edx + mov edx,DWORD [edi] + adc ecx,0 + mov DWORD [8+eax],ebp + mov eax,DWORD [12+esi] + ; saved r[2] + ; ################## Calculate word 3 + xor ebp,ebp + ; mul a[3]*b[0] + mul edx + add ebx,eax + mov eax,DWORD [8+esi] + adc ecx,edx + mov edx,DWORD [4+edi] + adc ebp,0 + ; mul a[2]*b[1] + mul edx + add ebx,eax + mov eax,DWORD [4+esi] + adc ecx,edx + mov edx,DWORD [8+edi] + adc ebp,0 + ; mul a[1]*b[2] + mul edx + add ebx,eax + mov eax,DWORD [esi] + adc ecx,edx + mov edx,DWORD [12+edi] + adc ebp,0 + ; mul a[0]*b[3] + mul edx + add ebx,eax + mov eax,DWORD [20+esp] + adc ecx,edx + mov edx,DWORD [edi] + adc ebp,0 + mov DWORD [12+eax],ebx + mov eax,DWORD [16+esi] + ; saved r[3] + ; ################## Calculate word 4 + xor ebx,ebx + ; mul a[4]*b[0] + mul edx + add ecx,eax + mov eax,DWORD [12+esi] + adc ebp,edx + mov edx,DWORD [4+edi] + adc ebx,0 + ; mul a[3]*b[1] + mul edx + add ecx,eax + mov eax,DWORD [8+esi] + adc ebp,edx + mov edx,DWORD [8+edi] + adc ebx,0 + ; mul a[2]*b[2] + mul edx + add ecx,eax + mov eax,DWORD [4+esi] + adc ebp,edx + mov edx,DWORD [12+edi] + adc ebx,0 + ; mul a[1]*b[3] + mul edx + add ecx,eax + mov eax,DWORD [esi] + adc ebp,edx + mov edx,DWORD [16+edi] + adc ebx,0 + ; mul a[0]*b[4] + mul edx + add ecx,eax + mov eax,DWORD [20+esp] + adc ebp,edx + mov edx,DWORD [edi] + adc ebx,0 + mov DWORD [16+eax],ecx + mov eax,DWORD [20+esi] + ; saved r[4] + ; ################## Calculate word 5 + xor ecx,ecx + ; mul a[5]*b[0] + mul edx + add ebp,eax + mov eax,DWORD [16+esi] + adc ebx,edx + mov edx,DWORD [4+edi] + adc ecx,0 + ; mul a[4]*b[1] + mul edx + add ebp,eax + mov eax,DWORD [12+esi] + adc ebx,edx + mov edx,DWORD [8+edi] + adc ecx,0 + ; mul a[3]*b[2] + mul edx + add ebp,eax + mov eax,DWORD [8+esi] + adc ebx,edx + mov edx,DWORD [12+edi] + adc ecx,0 + ; mul a[2]*b[3] + mul edx + add ebp,eax + mov eax,DWORD [4+esi] + adc ebx,edx + mov edx,DWORD [16+edi] + adc ecx,0 + ; mul a[1]*b[4] + mul edx + add ebp,eax + mov eax,DWORD [esi] + adc ebx,edx + mov edx,DWORD [20+edi] + adc ecx,0 + ; mul a[0]*b[5] + mul edx + add ebp,eax + mov eax,DWORD [20+esp] + adc ebx,edx + mov edx,DWORD [edi] + adc ecx,0 + mov DWORD [20+eax],ebp + mov eax,DWORD [24+esi] + ; saved r[5] + ; ################## Calculate word 6 + xor ebp,ebp + ; mul a[6]*b[0] + mul edx + add ebx,eax + mov eax,DWORD [20+esi] + adc ecx,edx + mov edx,DWORD [4+edi] + adc ebp,0 + ; mul a[5]*b[1] + mul edx + add ebx,eax + mov eax,DWORD [16+esi] + adc ecx,edx + mov edx,DWORD [8+edi] + adc ebp,0 + ; mul a[4]*b[2] + mul edx + add ebx,eax + mov eax,DWORD [12+esi] + adc ecx,edx + mov edx,DWORD [12+edi] + adc ebp,0 + ; mul a[3]*b[3] + mul edx + add ebx,eax + mov eax,DWORD [8+esi] + adc ecx,edx + mov edx,DWORD [16+edi] + adc ebp,0 + ; mul a[2]*b[4] + mul edx + add ebx,eax + mov eax,DWORD [4+esi] + adc ecx,edx + mov edx,DWORD [20+edi] + adc ebp,0 + ; mul a[1]*b[5] + mul edx + add ebx,eax + mov eax,DWORD [esi] + adc ecx,edx + mov edx,DWORD [24+edi] + adc ebp,0 + ; mul a[0]*b[6] + mul edx + add ebx,eax + mov eax,DWORD [20+esp] + adc ecx,edx + mov edx,DWORD [edi] + adc ebp,0 + mov DWORD [24+eax],ebx + mov eax,DWORD [28+esi] + ; saved r[6] + ; ################## Calculate word 7 + xor ebx,ebx + ; mul a[7]*b[0] + mul edx + add ecx,eax + mov eax,DWORD [24+esi] + adc ebp,edx + mov edx,DWORD [4+edi] + adc ebx,0 + ; mul a[6]*b[1] + mul edx + add ecx,eax + mov eax,DWORD [20+esi] + adc ebp,edx + mov edx,DWORD [8+edi] + adc ebx,0 + ; mul a[5]*b[2] + mul edx + add ecx,eax + mov eax,DWORD [16+esi] + adc ebp,edx + mov edx,DWORD [12+edi] + adc ebx,0 + ; mul a[4]*b[3] + mul edx + add ecx,eax + mov eax,DWORD [12+esi] + adc ebp,edx + mov edx,DWORD [16+edi] + adc ebx,0 + ; mul a[3]*b[4] + mul edx + add ecx,eax + mov eax,DWORD [8+esi] + adc ebp,edx + mov edx,DWORD [20+edi] + adc ebx,0 + ; mul a[2]*b[5] + mul edx + add ecx,eax + mov eax,DWORD [4+esi] + adc ebp,edx + mov edx,DWORD [24+edi] + adc ebx,0 + ; mul a[1]*b[6] + mul edx + add ecx,eax + mov eax,DWORD [esi] + adc ebp,edx + mov edx,DWORD [28+edi] + adc ebx,0 + ; mul a[0]*b[7] + mul edx + add ecx,eax + mov eax,DWORD [20+esp] + adc ebp,edx + mov edx,DWORD [4+edi] + adc ebx,0 + mov DWORD [28+eax],ecx + mov eax,DWORD [28+esi] + ; saved r[7] + ; ################## Calculate word 8 + xor ecx,ecx + ; mul a[7]*b[1] + mul edx + add ebp,eax + mov eax,DWORD [24+esi] + adc ebx,edx + mov edx,DWORD [8+edi] + adc ecx,0 + ; mul a[6]*b[2] + mul edx + add ebp,eax + mov eax,DWORD [20+esi] + adc ebx,edx + mov edx,DWORD [12+edi] + adc ecx,0 + ; mul a[5]*b[3] + mul edx + add ebp,eax + mov eax,DWORD [16+esi] + adc ebx,edx + mov edx,DWORD [16+edi] + adc ecx,0 + ; mul a[4]*b[4] + mul edx + add ebp,eax + mov eax,DWORD [12+esi] + adc ebx,edx + mov edx,DWORD [20+edi] + adc ecx,0 + ; mul a[3]*b[5] + mul edx + add ebp,eax + mov eax,DWORD [8+esi] + adc ebx,edx + mov edx,DWORD [24+edi] + adc ecx,0 + ; mul a[2]*b[6] + mul edx + add ebp,eax + mov eax,DWORD [4+esi] + adc ebx,edx + mov edx,DWORD [28+edi] + adc ecx,0 + ; mul a[1]*b[7] + mul edx + add ebp,eax + mov eax,DWORD [20+esp] + adc ebx,edx + mov edx,DWORD [8+edi] + adc ecx,0 + mov DWORD [32+eax],ebp + mov eax,DWORD [28+esi] + ; saved r[8] + ; ################## Calculate word 9 + xor ebp,ebp + ; mul a[7]*b[2] + mul edx + add ebx,eax + mov eax,DWORD [24+esi] + adc ecx,edx + mov edx,DWORD [12+edi] + adc ebp,0 + ; mul a[6]*b[3] + mul edx + add ebx,eax + mov eax,DWORD [20+esi] + adc ecx,edx + mov edx,DWORD [16+edi] + adc ebp,0 + ; mul a[5]*b[4] + mul edx + add ebx,eax + mov eax,DWORD [16+esi] + adc ecx,edx + mov edx,DWORD [20+edi] + adc ebp,0 + ; mul a[4]*b[5] + mul edx + add ebx,eax + mov eax,DWORD [12+esi] + adc ecx,edx + mov edx,DWORD [24+edi] + adc ebp,0 + ; mul a[3]*b[6] + mul edx + add ebx,eax + mov eax,DWORD [8+esi] + adc ecx,edx + mov edx,DWORD [28+edi] + adc ebp,0 + ; mul a[2]*b[7] + mul edx + add ebx,eax + mov eax,DWORD [20+esp] + adc ecx,edx + mov edx,DWORD [12+edi] + adc ebp,0 + mov DWORD [36+eax],ebx + mov eax,DWORD [28+esi] + ; saved r[9] + ; ################## Calculate word 10 + xor ebx,ebx + ; mul a[7]*b[3] + mul edx + add ecx,eax + mov eax,DWORD [24+esi] + adc ebp,edx + mov edx,DWORD [16+edi] + adc ebx,0 + ; mul a[6]*b[4] + mul edx + add ecx,eax + mov eax,DWORD [20+esi] + adc ebp,edx + mov edx,DWORD [20+edi] + adc ebx,0 + ; mul a[5]*b[5] + mul edx + add ecx,eax + mov eax,DWORD [16+esi] + adc ebp,edx + mov edx,DWORD [24+edi] + adc ebx,0 + ; mul a[4]*b[6] + mul edx + add ecx,eax + mov eax,DWORD [12+esi] + adc ebp,edx + mov edx,DWORD [28+edi] + adc ebx,0 + ; mul a[3]*b[7] + mul edx + add ecx,eax + mov eax,DWORD [20+esp] + adc ebp,edx + mov edx,DWORD [16+edi] + adc ebx,0 + mov DWORD [40+eax],ecx + mov eax,DWORD [28+esi] + ; saved r[10] + ; ################## Calculate word 11 + xor ecx,ecx + ; mul a[7]*b[4] + mul edx + add ebp,eax + mov eax,DWORD [24+esi] + adc ebx,edx + mov edx,DWORD [20+edi] + adc ecx,0 + ; mul a[6]*b[5] + mul edx + add ebp,eax + mov eax,DWORD [20+esi] + adc ebx,edx + mov edx,DWORD [24+edi] + adc ecx,0 + ; mul a[5]*b[6] + mul edx + add ebp,eax + mov eax,DWORD [16+esi] + adc ebx,edx + mov edx,DWORD [28+edi] + adc ecx,0 + ; mul a[4]*b[7] + mul edx + add ebp,eax + mov eax,DWORD [20+esp] + adc ebx,edx + mov edx,DWORD [20+edi] + adc ecx,0 + mov DWORD [44+eax],ebp + mov eax,DWORD [28+esi] + ; saved r[11] + ; ################## Calculate word 12 + xor ebp,ebp + ; mul a[7]*b[5] + mul edx + add ebx,eax + mov eax,DWORD [24+esi] + adc ecx,edx + mov edx,DWORD [24+edi] + adc ebp,0 + ; mul a[6]*b[6] + mul edx + add ebx,eax + mov eax,DWORD [20+esi] + adc ecx,edx + mov edx,DWORD [28+edi] + adc ebp,0 + ; mul a[5]*b[7] + mul edx + add ebx,eax + mov eax,DWORD [20+esp] + adc ecx,edx + mov edx,DWORD [24+edi] + adc ebp,0 + mov DWORD [48+eax],ebx + mov eax,DWORD [28+esi] + ; saved r[12] + ; ################## Calculate word 13 + xor ebx,ebx + ; mul a[7]*b[6] + mul edx + add ecx,eax + mov eax,DWORD [24+esi] + adc ebp,edx + mov edx,DWORD [28+edi] + adc ebx,0 + ; mul a[6]*b[7] + mul edx + add ecx,eax + mov eax,DWORD [20+esp] + adc ebp,edx + mov edx,DWORD [28+edi] + adc ebx,0 + mov DWORD [52+eax],ecx + mov eax,DWORD [28+esi] + ; saved r[13] + ; ################## Calculate word 14 + xor ecx,ecx + ; mul a[7]*b[7] + mul edx + add ebp,eax + mov eax,DWORD [20+esp] + adc ebx,edx + adc ecx,0 + mov DWORD [56+eax],ebp + ; saved r[14] + ; save r[15] + mov DWORD [60+eax],ebx + pop ebx + pop ebp + pop edi + pop esi + ret +global _bn_mul_comba4 +align 16 +_bn_mul_comba4: +L$_bn_mul_comba4_begin: + push esi + mov esi,DWORD [12+esp] + push edi + mov edi,DWORD [20+esp] + push ebp + push ebx + xor ebx,ebx + mov eax,DWORD [esi] + xor ecx,ecx + mov edx,DWORD [edi] + ; ################## Calculate word 0 + xor ebp,ebp + ; mul a[0]*b[0] + mul edx + add ebx,eax + mov eax,DWORD [20+esp] + adc ecx,edx + mov edx,DWORD [edi] + adc ebp,0 + mov DWORD [eax],ebx + mov eax,DWORD [4+esi] + ; saved r[0] + ; ################## Calculate word 1 + xor ebx,ebx + ; mul a[1]*b[0] + mul edx + add ecx,eax + mov eax,DWORD [esi] + adc ebp,edx + mov edx,DWORD [4+edi] + adc ebx,0 + ; mul a[0]*b[1] + mul edx + add ecx,eax + mov eax,DWORD [20+esp] + adc ebp,edx + mov edx,DWORD [edi] + adc ebx,0 + mov DWORD [4+eax],ecx + mov eax,DWORD [8+esi] + ; saved r[1] + ; ################## Calculate word 2 + xor ecx,ecx + ; mul a[2]*b[0] + mul edx + add ebp,eax + mov eax,DWORD [4+esi] + adc ebx,edx + mov edx,DWORD [4+edi] + adc ecx,0 + ; mul a[1]*b[1] + mul edx + add ebp,eax + mov eax,DWORD [esi] + adc ebx,edx + mov edx,DWORD [8+edi] + adc ecx,0 + ; mul a[0]*b[2] + mul edx + add ebp,eax + mov eax,DWORD [20+esp] + adc ebx,edx + mov edx,DWORD [edi] + adc ecx,0 + mov DWORD [8+eax],ebp + mov eax,DWORD [12+esi] + ; saved r[2] + ; ################## Calculate word 3 + xor ebp,ebp + ; mul a[3]*b[0] + mul edx + add ebx,eax + mov eax,DWORD [8+esi] + adc ecx,edx + mov edx,DWORD [4+edi] + adc ebp,0 + ; mul a[2]*b[1] + mul edx + add ebx,eax + mov eax,DWORD [4+esi] + adc ecx,edx + mov edx,DWORD [8+edi] + adc ebp,0 + ; mul a[1]*b[2] + mul edx + add ebx,eax + mov eax,DWORD [esi] + adc ecx,edx + mov edx,DWORD [12+edi] + adc ebp,0 + ; mul a[0]*b[3] + mul edx + add ebx,eax + mov eax,DWORD [20+esp] + adc ecx,edx + mov edx,DWORD [4+edi] + adc ebp,0 + mov DWORD [12+eax],ebx + mov eax,DWORD [12+esi] + ; saved r[3] + ; ################## Calculate word 4 + xor ebx,ebx + ; mul a[3]*b[1] + mul edx + add ecx,eax + mov eax,DWORD [8+esi] + adc ebp,edx + mov edx,DWORD [8+edi] + adc ebx,0 + ; mul a[2]*b[2] + mul edx + add ecx,eax + mov eax,DWORD [4+esi] + adc ebp,edx + mov edx,DWORD [12+edi] + adc ebx,0 + ; mul a[1]*b[3] + mul edx + add ecx,eax + mov eax,DWORD [20+esp] + adc ebp,edx + mov edx,DWORD [8+edi] + adc ebx,0 + mov DWORD [16+eax],ecx + mov eax,DWORD [12+esi] + ; saved r[4] + ; ################## Calculate word 5 + xor ecx,ecx + ; mul a[3]*b[2] + mul edx + add ebp,eax + mov eax,DWORD [8+esi] + adc ebx,edx + mov edx,DWORD [12+edi] + adc ecx,0 + ; mul a[2]*b[3] + mul edx + add ebp,eax + mov eax,DWORD [20+esp] + adc ebx,edx + mov edx,DWORD [12+edi] + adc ecx,0 + mov DWORD [20+eax],ebp + mov eax,DWORD [12+esi] + ; saved r[5] + ; ################## Calculate word 6 + xor ebp,ebp + ; mul a[3]*b[3] + mul edx + add ebx,eax + mov eax,DWORD [20+esp] + adc ecx,edx + adc ebp,0 + mov DWORD [24+eax],ebx + ; saved r[6] + ; save r[7] + mov DWORD [28+eax],ecx + pop ebx + pop ebp + pop edi + pop esi + ret +global _bn_sqr_comba8 +align 16 +_bn_sqr_comba8: +L$_bn_sqr_comba8_begin: + push esi + push edi + push ebp + push ebx + mov edi,DWORD [20+esp] + mov esi,DWORD [24+esp] + xor ebx,ebx + xor ecx,ecx + mov eax,DWORD [esi] + ; ############### Calculate word 0 + xor ebp,ebp + ; sqr a[0]*a[0] + mul eax + add ebx,eax + adc ecx,edx + mov edx,DWORD [esi] + adc ebp,0 + mov DWORD [edi],ebx + mov eax,DWORD [4+esi] + ; saved r[0] + ; ############### Calculate word 1 + xor ebx,ebx + ; sqr a[1]*a[0] + mul edx + add eax,eax + adc edx,edx + adc ebx,0 + add ecx,eax + adc ebp,edx + mov eax,DWORD [8+esi] + adc ebx,0 + mov DWORD [4+edi],ecx + mov edx,DWORD [esi] + ; saved r[1] + ; ############### Calculate word 2 + xor ecx,ecx + ; sqr a[2]*a[0] + mul edx + add eax,eax + adc edx,edx + adc ecx,0 + add ebp,eax + adc ebx,edx + mov eax,DWORD [4+esi] + adc ecx,0 + ; sqr a[1]*a[1] + mul eax + add ebp,eax + adc ebx,edx + mov edx,DWORD [esi] + adc ecx,0 + mov DWORD [8+edi],ebp + mov eax,DWORD [12+esi] + ; saved r[2] + ; ############### Calculate word 3 + xor ebp,ebp + ; sqr a[3]*a[0] + mul edx + add eax,eax + adc edx,edx + adc ebp,0 + add ebx,eax + adc ecx,edx + mov eax,DWORD [8+esi] + adc ebp,0 + mov edx,DWORD [4+esi] + ; sqr a[2]*a[1] + mul edx + add eax,eax + adc edx,edx + adc ebp,0 + add ebx,eax + adc ecx,edx + mov eax,DWORD [16+esi] + adc ebp,0 + mov DWORD [12+edi],ebx + mov edx,DWORD [esi] + ; saved r[3] + ; ############### Calculate word 4 + xor ebx,ebx + ; sqr a[4]*a[0] + mul edx + add eax,eax + adc edx,edx + adc ebx,0 + add ecx,eax + adc ebp,edx + mov eax,DWORD [12+esi] + adc ebx,0 + mov edx,DWORD [4+esi] + ; sqr a[3]*a[1] + mul edx + add eax,eax + adc edx,edx + adc ebx,0 + add ecx,eax + adc ebp,edx + mov eax,DWORD [8+esi] + adc ebx,0 + ; sqr a[2]*a[2] + mul eax + add ecx,eax + adc ebp,edx + mov edx,DWORD [esi] + adc ebx,0 + mov DWORD [16+edi],ecx + mov eax,DWORD [20+esi] + ; saved r[4] + ; ############### Calculate word 5 + xor ecx,ecx + ; sqr a[5]*a[0] + mul edx + add eax,eax + adc edx,edx + adc ecx,0 + add ebp,eax + adc ebx,edx + mov eax,DWORD [16+esi] + adc ecx,0 + mov edx,DWORD [4+esi] + ; sqr a[4]*a[1] + mul edx + add eax,eax + adc edx,edx + adc ecx,0 + add ebp,eax + adc ebx,edx + mov eax,DWORD [12+esi] + adc ecx,0 + mov edx,DWORD [8+esi] + ; sqr a[3]*a[2] + mul edx + add eax,eax + adc edx,edx + adc ecx,0 + add ebp,eax + adc ebx,edx + mov eax,DWORD [24+esi] + adc ecx,0 + mov DWORD [20+edi],ebp + mov edx,DWORD [esi] + ; saved r[5] + ; ############### Calculate word 6 + xor ebp,ebp + ; sqr a[6]*a[0] + mul edx + add eax,eax + adc edx,edx + adc ebp,0 + add ebx,eax + adc ecx,edx + mov eax,DWORD [20+esi] + adc ebp,0 + mov edx,DWORD [4+esi] + ; sqr a[5]*a[1] + mul edx + add eax,eax + adc edx,edx + adc ebp,0 + add ebx,eax + adc ecx,edx + mov eax,DWORD [16+esi] + adc ebp,0 + mov edx,DWORD [8+esi] + ; sqr a[4]*a[2] + mul edx + add eax,eax + adc edx,edx + adc ebp,0 + add ebx,eax + adc ecx,edx + mov eax,DWORD [12+esi] + adc ebp,0 + ; sqr a[3]*a[3] + mul eax + add ebx,eax + adc ecx,edx + mov edx,DWORD [esi] + adc ebp,0 + mov DWORD [24+edi],ebx + mov eax,DWORD [28+esi] + ; saved r[6] + ; ############### Calculate word 7 + xor ebx,ebx + ; sqr a[7]*a[0] + mul edx + add eax,eax + adc edx,edx + adc ebx,0 + add ecx,eax + adc ebp,edx + mov eax,DWORD [24+esi] + adc ebx,0 + mov edx,DWORD [4+esi] + ; sqr a[6]*a[1] + mul edx + add eax,eax + adc edx,edx + adc ebx,0 + add ecx,eax + adc ebp,edx + mov eax,DWORD [20+esi] + adc ebx,0 + mov edx,DWORD [8+esi] + ; sqr a[5]*a[2] + mul edx + add eax,eax + adc edx,edx + adc ebx,0 + add ecx,eax + adc ebp,edx + mov eax,DWORD [16+esi] + adc ebx,0 + mov edx,DWORD [12+esi] + ; sqr a[4]*a[3] + mul edx + add eax,eax + adc edx,edx + adc ebx,0 + add ecx,eax + adc ebp,edx + mov eax,DWORD [28+esi] + adc ebx,0 + mov DWORD [28+edi],ecx + mov edx,DWORD [4+esi] + ; saved r[7] + ; ############### Calculate word 8 + xor ecx,ecx + ; sqr a[7]*a[1] + mul edx + add eax,eax + adc edx,edx + adc ecx,0 + add ebp,eax + adc ebx,edx + mov eax,DWORD [24+esi] + adc ecx,0 + mov edx,DWORD [8+esi] + ; sqr a[6]*a[2] + mul edx + add eax,eax + adc edx,edx + adc ecx,0 + add ebp,eax + adc ebx,edx + mov eax,DWORD [20+esi] + adc ecx,0 + mov edx,DWORD [12+esi] + ; sqr a[5]*a[3] + mul edx + add eax,eax + adc edx,edx + adc ecx,0 + add ebp,eax + adc ebx,edx + mov eax,DWORD [16+esi] + adc ecx,0 + ; sqr a[4]*a[4] + mul eax + add ebp,eax + adc ebx,edx + mov edx,DWORD [8+esi] + adc ecx,0 + mov DWORD [32+edi],ebp + mov eax,DWORD [28+esi] + ; saved r[8] + ; ############### Calculate word 9 + xor ebp,ebp + ; sqr a[7]*a[2] + mul edx + add eax,eax + adc edx,edx + adc ebp,0 + add ebx,eax + adc ecx,edx + mov eax,DWORD [24+esi] + adc ebp,0 + mov edx,DWORD [12+esi] + ; sqr a[6]*a[3] + mul edx + add eax,eax + adc edx,edx + adc ebp,0 + add ebx,eax + adc ecx,edx + mov eax,DWORD [20+esi] + adc ebp,0 + mov edx,DWORD [16+esi] + ; sqr a[5]*a[4] + mul edx + add eax,eax + adc edx,edx + adc ebp,0 + add ebx,eax + adc ecx,edx + mov eax,DWORD [28+esi] + adc ebp,0 + mov DWORD [36+edi],ebx + mov edx,DWORD [12+esi] + ; saved r[9] + ; ############### Calculate word 10 + xor ebx,ebx + ; sqr a[7]*a[3] + mul edx + add eax,eax + adc edx,edx + adc ebx,0 + add ecx,eax + adc ebp,edx + mov eax,DWORD [24+esi] + adc ebx,0 + mov edx,DWORD [16+esi] + ; sqr a[6]*a[4] + mul edx + add eax,eax + adc edx,edx + adc ebx,0 + add ecx,eax + adc ebp,edx + mov eax,DWORD [20+esi] + adc ebx,0 + ; sqr a[5]*a[5] + mul eax + add ecx,eax + adc ebp,edx + mov edx,DWORD [16+esi] + adc ebx,0 + mov DWORD [40+edi],ecx + mov eax,DWORD [28+esi] + ; saved r[10] + ; ############### Calculate word 11 + xor ecx,ecx + ; sqr a[7]*a[4] + mul edx + add eax,eax + adc edx,edx + adc ecx,0 + add ebp,eax + adc ebx,edx + mov eax,DWORD [24+esi] + adc ecx,0 + mov edx,DWORD [20+esi] + ; sqr a[6]*a[5] + mul edx + add eax,eax + adc edx,edx + adc ecx,0 + add ebp,eax + adc ebx,edx + mov eax,DWORD [28+esi] + adc ecx,0 + mov DWORD [44+edi],ebp + mov edx,DWORD [20+esi] + ; saved r[11] + ; ############### Calculate word 12 + xor ebp,ebp + ; sqr a[7]*a[5] + mul edx + add eax,eax + adc edx,edx + adc ebp,0 + add ebx,eax + adc ecx,edx + mov eax,DWORD [24+esi] + adc ebp,0 + ; sqr a[6]*a[6] + mul eax + add ebx,eax + adc ecx,edx + mov edx,DWORD [24+esi] + adc ebp,0 + mov DWORD [48+edi],ebx + mov eax,DWORD [28+esi] + ; saved r[12] + ; ############### Calculate word 13 + xor ebx,ebx + ; sqr a[7]*a[6] + mul edx + add eax,eax + adc edx,edx + adc ebx,0 + add ecx,eax + adc ebp,edx + mov eax,DWORD [28+esi] + adc ebx,0 + mov DWORD [52+edi],ecx + ; saved r[13] + ; ############### Calculate word 14 + xor ecx,ecx + ; sqr a[7]*a[7] + mul eax + add ebp,eax + adc ebx,edx + adc ecx,0 + mov DWORD [56+edi],ebp + ; saved r[14] + mov DWORD [60+edi],ebx + pop ebx + pop ebp + pop edi + pop esi + ret +global _bn_sqr_comba4 +align 16 +_bn_sqr_comba4: +L$_bn_sqr_comba4_begin: + push esi + push edi + push ebp + push ebx + mov edi,DWORD [20+esp] + mov esi,DWORD [24+esp] + xor ebx,ebx + xor ecx,ecx + mov eax,DWORD [esi] + ; ############### Calculate word 0 + xor ebp,ebp + ; sqr a[0]*a[0] + mul eax + add ebx,eax + adc ecx,edx + mov edx,DWORD [esi] + adc ebp,0 + mov DWORD [edi],ebx + mov eax,DWORD [4+esi] + ; saved r[0] + ; ############### Calculate word 1 + xor ebx,ebx + ; sqr a[1]*a[0] + mul edx + add eax,eax + adc edx,edx + adc ebx,0 + add ecx,eax + adc ebp,edx + mov eax,DWORD [8+esi] + adc ebx,0 + mov DWORD [4+edi],ecx + mov edx,DWORD [esi] + ; saved r[1] + ; ############### Calculate word 2 + xor ecx,ecx + ; sqr a[2]*a[0] + mul edx + add eax,eax + adc edx,edx + adc ecx,0 + add ebp,eax + adc ebx,edx + mov eax,DWORD [4+esi] + adc ecx,0 + ; sqr a[1]*a[1] + mul eax + add ebp,eax + adc ebx,edx + mov edx,DWORD [esi] + adc ecx,0 + mov DWORD [8+edi],ebp + mov eax,DWORD [12+esi] + ; saved r[2] + ; ############### Calculate word 3 + xor ebp,ebp + ; sqr a[3]*a[0] + mul edx + add eax,eax + adc edx,edx + adc ebp,0 + add ebx,eax + adc ecx,edx + mov eax,DWORD [8+esi] + adc ebp,0 + mov edx,DWORD [4+esi] + ; sqr a[2]*a[1] + mul edx + add eax,eax + adc edx,edx + adc ebp,0 + add ebx,eax + adc ecx,edx + mov eax,DWORD [12+esi] + adc ebp,0 + mov DWORD [12+edi],ebx + mov edx,DWORD [4+esi] + ; saved r[3] + ; ############### Calculate word 4 + xor ebx,ebx + ; sqr a[3]*a[1] + mul edx + add eax,eax + adc edx,edx + adc ebx,0 + add ecx,eax + adc ebp,edx + mov eax,DWORD [8+esi] + adc ebx,0 + ; sqr a[2]*a[2] + mul eax + add ecx,eax + adc ebp,edx + mov edx,DWORD [8+esi] + adc ebx,0 + mov DWORD [16+edi],ecx + mov eax,DWORD [12+esi] + ; saved r[4] + ; ############### Calculate word 5 + xor ecx,ecx + ; sqr a[3]*a[2] + mul edx + add eax,eax + adc edx,edx + adc ecx,0 + add ebp,eax + adc ebx,edx + mov eax,DWORD [12+esi] + adc ecx,0 + mov DWORD [20+edi],ebp + ; saved r[5] + ; ############### Calculate word 6 + xor ebp,ebp + ; sqr a[3]*a[3] + mul eax + add ebx,eax + adc ecx,edx + adc ebp,0 + mov DWORD [24+edi],ebx + ; saved r[6] + mov DWORD [28+edi],ecx + pop ebx + pop ebp + pop edi + pop esi + ret diff --git a/win-x86/crypto/bn/x86-mont.asm b/win-x86/crypto/bn/x86-mont.asm new file mode 100644 index 0000000..de7b949 --- /dev/null +++ b/win-x86/crypto/bn/x86-mont.asm @@ -0,0 +1,469 @@ +%ifidn __OUTPUT_FORMAT__,obj +section code use32 class=code align=64 +%elifidn __OUTPUT_FORMAT__,win32 +%ifdef __YASM_VERSION_ID__ +%if __YASM_VERSION_ID__ < 01010000h +%error yasm version 1.1.0 or later needed. +%endif +; Yasm automatically includes .00 and complains about redefining it. +; https://www.tortall.net/projects/yasm/manual/html/objfmt-win32-safeseh.html +%else +$@feat.00 equ 1 +%endif +section .text code align=64 +%else +section .text code +%endif +;extern _OPENSSL_ia32cap_P +global _bn_mul_mont +align 16 +_bn_mul_mont: +L$_bn_mul_mont_begin: + push ebp + push ebx + push esi + push edi + xor eax,eax + mov edi,DWORD [40+esp] + cmp edi,4 + jl NEAR L$000just_leave + lea esi,[20+esp] + lea edx,[24+esp] + mov ebp,esp + add edi,2 + neg edi + lea esp,[edi*4+esp-32] + neg edi + mov eax,esp + sub eax,edx + and eax,2047 + sub esp,eax + xor edx,esp + and edx,2048 + xor edx,2048 + sub esp,edx + and esp,-64 + mov eax,DWORD [esi] + mov ebx,DWORD [4+esi] + mov ecx,DWORD [8+esi] + mov edx,DWORD [12+esi] + mov esi,DWORD [16+esi] + mov esi,DWORD [esi] + mov DWORD [4+esp],eax + mov DWORD [8+esp],ebx + mov DWORD [12+esp],ecx + mov DWORD [16+esp],edx + mov DWORD [20+esp],esi + lea ebx,[edi-3] + mov DWORD [24+esp],ebp + lea eax,[_OPENSSL_ia32cap_P] + bt DWORD [eax],26 + jnc NEAR L$001non_sse2 + mov eax,-1 + movd mm7,eax + mov esi,DWORD [8+esp] + mov edi,DWORD [12+esp] + mov ebp,DWORD [16+esp] + xor edx,edx + xor ecx,ecx + movd mm4,DWORD [edi] + movd mm5,DWORD [esi] + movd mm3,DWORD [ebp] + pmuludq mm5,mm4 + movq mm2,mm5 + movq mm0,mm5 + pand mm0,mm7 + pmuludq mm5,[20+esp] + pmuludq mm3,mm5 + paddq mm3,mm0 + movd mm1,DWORD [4+ebp] + movd mm0,DWORD [4+esi] + psrlq mm2,32 + psrlq mm3,32 + inc ecx +align 16 +L$0021st: + pmuludq mm0,mm4 + pmuludq mm1,mm5 + paddq mm2,mm0 + paddq mm3,mm1 + movq mm0,mm2 + pand mm0,mm7 + movd mm1,DWORD [4+ecx*4+ebp] + paddq mm3,mm0 + movd mm0,DWORD [4+ecx*4+esi] + psrlq mm2,32 + movd DWORD [28+ecx*4+esp],mm3 + psrlq mm3,32 + lea ecx,[1+ecx] + cmp ecx,ebx + jl NEAR L$0021st + pmuludq mm0,mm4 + pmuludq mm1,mm5 + paddq mm2,mm0 + paddq mm3,mm1 + movq mm0,mm2 + pand mm0,mm7 + paddq mm3,mm0 + movd DWORD [28+ecx*4+esp],mm3 + psrlq mm2,32 + psrlq mm3,32 + paddq mm3,mm2 + movq [32+ebx*4+esp],mm3 + inc edx +L$003outer: + xor ecx,ecx + movd mm4,DWORD [edx*4+edi] + movd mm5,DWORD [esi] + movd mm6,DWORD [32+esp] + movd mm3,DWORD [ebp] + pmuludq mm5,mm4 + paddq mm5,mm6 + movq mm0,mm5 + movq mm2,mm5 + pand mm0,mm7 + pmuludq mm5,[20+esp] + pmuludq mm3,mm5 + paddq mm3,mm0 + movd mm6,DWORD [36+esp] + movd mm1,DWORD [4+ebp] + movd mm0,DWORD [4+esi] + psrlq mm2,32 + psrlq mm3,32 + paddq mm2,mm6 + inc ecx + dec ebx +L$004inner: + pmuludq mm0,mm4 + pmuludq mm1,mm5 + paddq mm2,mm0 + paddq mm3,mm1 + movq mm0,mm2 + movd mm6,DWORD [36+ecx*4+esp] + pand mm0,mm7 + movd mm1,DWORD [4+ecx*4+ebp] + paddq mm3,mm0 + movd mm0,DWORD [4+ecx*4+esi] + psrlq mm2,32 + movd DWORD [28+ecx*4+esp],mm3 + psrlq mm3,32 + paddq mm2,mm6 + dec ebx + lea ecx,[1+ecx] + jnz NEAR L$004inner + mov ebx,ecx + pmuludq mm0,mm4 + pmuludq mm1,mm5 + paddq mm2,mm0 + paddq mm3,mm1 + movq mm0,mm2 + pand mm0,mm7 + paddq mm3,mm0 + movd DWORD [28+ecx*4+esp],mm3 + psrlq mm2,32 + psrlq mm3,32 + movd mm6,DWORD [36+ebx*4+esp] + paddq mm3,mm2 + paddq mm3,mm6 + movq [32+ebx*4+esp],mm3 + lea edx,[1+edx] + cmp edx,ebx + jle NEAR L$003outer + emms + jmp NEAR L$005common_tail +align 16 +L$001non_sse2: + mov esi,DWORD [8+esp] + lea ebp,[1+ebx] + mov edi,DWORD [12+esp] + xor ecx,ecx + mov edx,esi + and ebp,1 + sub edx,edi + lea eax,[4+ebx*4+edi] + or ebp,edx + mov edi,DWORD [edi] + jz NEAR L$006bn_sqr_mont + mov DWORD [28+esp],eax + mov eax,DWORD [esi] + xor edx,edx +align 16 +L$007mull: + mov ebp,edx + mul edi + add ebp,eax + lea ecx,[1+ecx] + adc edx,0 + mov eax,DWORD [ecx*4+esi] + cmp ecx,ebx + mov DWORD [28+ecx*4+esp],ebp + jl NEAR L$007mull + mov ebp,edx + mul edi + mov edi,DWORD [20+esp] + add eax,ebp + mov esi,DWORD [16+esp] + adc edx,0 + imul edi,DWORD [32+esp] + mov DWORD [32+ebx*4+esp],eax + xor ecx,ecx + mov DWORD [36+ebx*4+esp],edx + mov DWORD [40+ebx*4+esp],ecx + mov eax,DWORD [esi] + mul edi + add eax,DWORD [32+esp] + mov eax,DWORD [4+esi] + adc edx,0 + inc ecx + jmp NEAR L$0082ndmadd +align 16 +L$0091stmadd: + mov ebp,edx + mul edi + add ebp,DWORD [32+ecx*4+esp] + lea ecx,[1+ecx] + adc edx,0 + add ebp,eax + mov eax,DWORD [ecx*4+esi] + adc edx,0 + cmp ecx,ebx + mov DWORD [28+ecx*4+esp],ebp + jl NEAR L$0091stmadd + mov ebp,edx + mul edi + add eax,DWORD [32+ebx*4+esp] + mov edi,DWORD [20+esp] + adc edx,0 + mov esi,DWORD [16+esp] + add ebp,eax + adc edx,0 + imul edi,DWORD [32+esp] + xor ecx,ecx + add edx,DWORD [36+ebx*4+esp] + mov DWORD [32+ebx*4+esp],ebp + adc ecx,0 + mov eax,DWORD [esi] + mov DWORD [36+ebx*4+esp],edx + mov DWORD [40+ebx*4+esp],ecx + mul edi + add eax,DWORD [32+esp] + mov eax,DWORD [4+esi] + adc edx,0 + mov ecx,1 +align 16 +L$0082ndmadd: + mov ebp,edx + mul edi + add ebp,DWORD [32+ecx*4+esp] + lea ecx,[1+ecx] + adc edx,0 + add ebp,eax + mov eax,DWORD [ecx*4+esi] + adc edx,0 + cmp ecx,ebx + mov DWORD [24+ecx*4+esp],ebp + jl NEAR L$0082ndmadd + mov ebp,edx + mul edi + add ebp,DWORD [32+ebx*4+esp] + adc edx,0 + add ebp,eax + adc edx,0 + mov DWORD [28+ebx*4+esp],ebp + xor eax,eax + mov ecx,DWORD [12+esp] + add edx,DWORD [36+ebx*4+esp] + adc eax,DWORD [40+ebx*4+esp] + lea ecx,[4+ecx] + mov DWORD [32+ebx*4+esp],edx + cmp ecx,DWORD [28+esp] + mov DWORD [36+ebx*4+esp],eax + je NEAR L$005common_tail + mov edi,DWORD [ecx] + mov esi,DWORD [8+esp] + mov DWORD [12+esp],ecx + xor ecx,ecx + xor edx,edx + mov eax,DWORD [esi] + jmp NEAR L$0091stmadd +align 16 +L$006bn_sqr_mont: + mov DWORD [esp],ebx + mov DWORD [12+esp],ecx + mov eax,edi + mul edi + mov DWORD [32+esp],eax + mov ebx,edx + shr edx,1 + and ebx,1 + inc ecx +align 16 +L$010sqr: + mov eax,DWORD [ecx*4+esi] + mov ebp,edx + mul edi + add eax,ebp + lea ecx,[1+ecx] + adc edx,0 + lea ebp,[eax*2+ebx] + shr eax,31 + cmp ecx,DWORD [esp] + mov ebx,eax + mov DWORD [28+ecx*4+esp],ebp + jl NEAR L$010sqr + mov eax,DWORD [ecx*4+esi] + mov ebp,edx + mul edi + add eax,ebp + mov edi,DWORD [20+esp] + adc edx,0 + mov esi,DWORD [16+esp] + lea ebp,[eax*2+ebx] + imul edi,DWORD [32+esp] + shr eax,31 + mov DWORD [32+ecx*4+esp],ebp + lea ebp,[edx*2+eax] + mov eax,DWORD [esi] + shr edx,31 + mov DWORD [36+ecx*4+esp],ebp + mov DWORD [40+ecx*4+esp],edx + mul edi + add eax,DWORD [32+esp] + mov ebx,ecx + adc edx,0 + mov eax,DWORD [4+esi] + mov ecx,1 +align 16 +L$0113rdmadd: + mov ebp,edx + mul edi + add ebp,DWORD [32+ecx*4+esp] + adc edx,0 + add ebp,eax + mov eax,DWORD [4+ecx*4+esi] + adc edx,0 + mov DWORD [28+ecx*4+esp],ebp + mov ebp,edx + mul edi + add ebp,DWORD [36+ecx*4+esp] + lea ecx,[2+ecx] + adc edx,0 + add ebp,eax + mov eax,DWORD [ecx*4+esi] + adc edx,0 + cmp ecx,ebx + mov DWORD [24+ecx*4+esp],ebp + jl NEAR L$0113rdmadd + mov ebp,edx + mul edi + add ebp,DWORD [32+ebx*4+esp] + adc edx,0 + add ebp,eax + adc edx,0 + mov DWORD [28+ebx*4+esp],ebp + mov ecx,DWORD [12+esp] + xor eax,eax + mov esi,DWORD [8+esp] + add edx,DWORD [36+ebx*4+esp] + adc eax,DWORD [40+ebx*4+esp] + mov DWORD [32+ebx*4+esp],edx + cmp ecx,ebx + mov DWORD [36+ebx*4+esp],eax + je NEAR L$005common_tail + mov edi,DWORD [4+ecx*4+esi] + lea ecx,[1+ecx] + mov eax,edi + mov DWORD [12+esp],ecx + mul edi + add eax,DWORD [32+ecx*4+esp] + adc edx,0 + mov DWORD [32+ecx*4+esp],eax + xor ebp,ebp + cmp ecx,ebx + lea ecx,[1+ecx] + je NEAR L$012sqrlast + mov ebx,edx + shr edx,1 + and ebx,1 +align 16 +L$013sqradd: + mov eax,DWORD [ecx*4+esi] + mov ebp,edx + mul edi + add eax,ebp + lea ebp,[eax*1+eax] + adc edx,0 + shr eax,31 + add ebp,DWORD [32+ecx*4+esp] + lea ecx,[1+ecx] + adc eax,0 + add ebp,ebx + adc eax,0 + cmp ecx,DWORD [esp] + mov DWORD [28+ecx*4+esp],ebp + mov ebx,eax + jle NEAR L$013sqradd + mov ebp,edx + add edx,edx + shr ebp,31 + add edx,ebx + adc ebp,0 +L$012sqrlast: + mov edi,DWORD [20+esp] + mov esi,DWORD [16+esp] + imul edi,DWORD [32+esp] + add edx,DWORD [32+ecx*4+esp] + mov eax,DWORD [esi] + adc ebp,0 + mov DWORD [32+ecx*4+esp],edx + mov DWORD [36+ecx*4+esp],ebp + mul edi + add eax,DWORD [32+esp] + lea ebx,[ecx-1] + adc edx,0 + mov ecx,1 + mov eax,DWORD [4+esi] + jmp NEAR L$0113rdmadd +align 16 +L$005common_tail: + mov ebp,DWORD [16+esp] + mov edi,DWORD [4+esp] + lea esi,[32+esp] + mov eax,DWORD [esi] + mov ecx,ebx + xor edx,edx +align 16 +L$014sub: + sbb eax,DWORD [edx*4+ebp] + mov DWORD [edx*4+edi],eax + dec ecx + mov eax,DWORD [4+edx*4+esi] + lea edx,[1+edx] + jge NEAR L$014sub + sbb eax,0 +align 16 +L$015copy: + mov edx,DWORD [ebx*4+esi] + mov ebp,DWORD [ebx*4+edi] + xor edx,ebp + and edx,eax + xor edx,ebp + mov DWORD [ebx*4+esi],ecx + mov DWORD [ebx*4+edi],edx + dec ebx + jge NEAR L$015copy + mov esp,DWORD [24+esp] + mov eax,1 +L$000just_leave: + pop edi + pop esi + pop ebx + pop ebp + ret +db 77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105 +db 112,108,105,99,97,116,105,111,110,32,102,111,114,32,120,56 +db 54,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121 +db 32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46 +db 111,114,103,62,0 +segment .bss +common _OPENSSL_ia32cap_P 16 diff --git a/win-x86/crypto/cpu-x86-asm.asm b/win-x86/crypto/cpu-x86-asm.asm new file mode 100644 index 0000000..4317a73 --- /dev/null +++ b/win-x86/crypto/cpu-x86-asm.asm @@ -0,0 +1,303 @@ +%ifidn __OUTPUT_FORMAT__,obj +section code use32 class=code align=64 +%elifidn __OUTPUT_FORMAT__,win32 +%ifdef __YASM_VERSION_ID__ +%if __YASM_VERSION_ID__ < 01010000h +%error yasm version 1.1.0 or later needed. +%endif +; Yasm automatically includes .00 and complains about redefining it. +; https://www.tortall.net/projects/yasm/manual/html/objfmt-win32-safeseh.html +%else +$@feat.00 equ 1 +%endif +section .text code align=64 +%else +section .text code +%endif +global _OPENSSL_ia32_cpuid +align 16 +_OPENSSL_ia32_cpuid: +L$_OPENSSL_ia32_cpuid_begin: + push ebp + push ebx + push esi + push edi + xor edx,edx + pushfd + pop eax + mov ecx,eax + xor eax,2097152 + push eax + popfd + pushfd + pop eax + xor ecx,eax + xor eax,eax + bt ecx,21 + jnc NEAR L$000nocpuid + mov esi,DWORD [20+esp] + mov DWORD [8+esi],eax + cpuid + mov edi,eax + xor eax,eax + cmp ebx,1970169159 + setne al + mov ebp,eax + cmp edx,1231384169 + setne al + or ebp,eax + cmp ecx,1818588270 + setne al + or ebp,eax + jz NEAR L$001intel + cmp ebx,1752462657 + setne al + mov esi,eax + cmp edx,1769238117 + setne al + or esi,eax + cmp ecx,1145913699 + setne al + or esi,eax + jnz NEAR L$001intel + mov eax,2147483648 + cpuid + cmp eax,2147483649 + jb NEAR L$001intel + mov esi,eax + mov eax,2147483649 + cpuid + or ebp,ecx + and ebp,2049 + cmp esi,2147483656 + jb NEAR L$001intel + mov eax,2147483656 + cpuid + movzx esi,cl + inc esi + mov eax,1 + xor ecx,ecx + cpuid + bt edx,28 + jnc NEAR L$002generic + shr ebx,16 + and ebx,255 + cmp ebx,esi + ja NEAR L$002generic + and edx,4026531839 + jmp NEAR L$002generic +L$001intel: + cmp edi,7 + jb NEAR L$003cacheinfo + mov esi,DWORD [20+esp] + mov eax,7 + xor ecx,ecx + cpuid + mov DWORD [8+esi],ebx +L$003cacheinfo: + cmp edi,4 + mov edi,-1 + jb NEAR L$004nocacheinfo + mov eax,4 + mov ecx,0 + cpuid + mov edi,eax + shr edi,14 + and edi,4095 +L$004nocacheinfo: + mov eax,1 + xor ecx,ecx + cpuid + and edx,3220176895 + cmp ebp,0 + jne NEAR L$005notintel + or edx,1073741824 +L$005notintel: + bt edx,28 + jnc NEAR L$002generic + and edx,4026531839 + cmp edi,0 + je NEAR L$002generic + or edx,268435456 + shr ebx,16 + cmp bl,1 + ja NEAR L$002generic + and edx,4026531839 +L$002generic: + and ebp,2048 + and ecx,4294965247 + mov esi,edx + or ebp,ecx + bt ecx,27 + jnc NEAR L$006clear_avx + xor ecx,ecx +db 15,1,208 + and eax,6 + cmp eax,6 + je NEAR L$007done + cmp eax,2 + je NEAR L$006clear_avx +L$008clear_xmm: + and ebp,4261412861 + and esi,4278190079 +L$006clear_avx: + and ebp,4026525695 + mov edi,DWORD [20+esp] + and DWORD [8+edi],4294967263 +L$007done: + mov eax,esi + mov edx,ebp +L$000nocpuid: + pop edi + pop esi + pop ebx + pop ebp + ret +;extern _OPENSSL_ia32cap_P +global _OPENSSL_rdtsc +align 16 +_OPENSSL_rdtsc: +L$_OPENSSL_rdtsc_begin: + xor eax,eax + xor edx,edx + lea ecx,[_OPENSSL_ia32cap_P] + bt DWORD [ecx],4 + jnc NEAR L$009notsc + rdtsc +L$009notsc: + ret +global _OPENSSL_instrument_halt +align 16 +_OPENSSL_instrument_halt: +L$_OPENSSL_instrument_halt_begin: + lea ecx,[_OPENSSL_ia32cap_P] + bt DWORD [ecx],4 + jnc NEAR L$010nohalt +dd 2421723150 + and eax,3 + jnz NEAR L$010nohalt + pushfd + pop eax + bt eax,9 + jnc NEAR L$010nohalt + rdtsc + push edx + push eax + hlt + rdtsc + sub eax,DWORD [esp] + sbb edx,DWORD [4+esp] + add esp,8 + ret +L$010nohalt: + xor eax,eax + xor edx,edx + ret +global _OPENSSL_far_spin +align 16 +_OPENSSL_far_spin: +L$_OPENSSL_far_spin_begin: + pushfd + pop eax + bt eax,9 + jnc NEAR L$011nospin + mov eax,DWORD [4+esp] + mov ecx,DWORD [8+esp] +dd 2430111262 + xor eax,eax + mov edx,DWORD [ecx] + jmp NEAR L$012spin +align 16 +L$012spin: + inc eax + cmp edx,DWORD [ecx] + je NEAR L$012spin +dd 529567888 + ret +L$011nospin: + xor eax,eax + xor edx,edx + ret +global _OPENSSL_wipe_cpu +align 16 +_OPENSSL_wipe_cpu: +L$_OPENSSL_wipe_cpu_begin: + xor eax,eax + xor edx,edx + lea ecx,[_OPENSSL_ia32cap_P] + mov ecx,DWORD [ecx] + bt DWORD [ecx],1 + jnc NEAR L$013no_x87 + and ecx,83886080 + cmp ecx,83886080 + jne NEAR L$014no_sse2 + pxor xmm0,xmm0 + pxor xmm1,xmm1 + pxor xmm2,xmm2 + pxor xmm3,xmm3 + pxor xmm4,xmm4 + pxor xmm5,xmm5 + pxor xmm6,xmm6 + pxor xmm7,xmm7 +L$014no_sse2: +dd 4007259865,4007259865,4007259865,4007259865,2430851995 +L$013no_x87: + lea eax,[4+esp] + ret +global _OPENSSL_atomic_add +align 16 +_OPENSSL_atomic_add: +L$_OPENSSL_atomic_add_begin: + mov edx,DWORD [4+esp] + mov ecx,DWORD [8+esp] + push ebx + nop + mov eax,DWORD [edx] +L$015spin: + lea ebx,[ecx*1+eax] + nop +dd 447811568 + jne NEAR L$015spin + mov eax,ebx + pop ebx + ret +global _OPENSSL_indirect_call +align 16 +_OPENSSL_indirect_call: +L$_OPENSSL_indirect_call_begin: + push ebp + mov ebp,esp + sub esp,28 + mov ecx,DWORD [12+ebp] + mov DWORD [esp],ecx + mov edx,DWORD [16+ebp] + mov DWORD [4+esp],edx + mov eax,DWORD [20+ebp] + mov DWORD [8+esp],eax + mov eax,DWORD [24+ebp] + mov DWORD [12+esp],eax + mov eax,DWORD [28+ebp] + mov DWORD [16+esp],eax + mov eax,DWORD [32+ebp] + mov DWORD [20+esp],eax + mov eax,DWORD [36+ebp] + mov DWORD [24+esp],eax + call DWORD [8+ebp] + mov esp,ebp + pop ebp + ret +global _OPENSSL_ia32_rdrand +align 16 +_OPENSSL_ia32_rdrand: +L$_OPENSSL_ia32_rdrand_begin: + mov ecx,8 +L$016loop: +db 15,199,240 + jc NEAR L$017break + loop L$016loop +L$017break: + cmp eax,0 + cmove eax,ecx + ret +segment .bss +common _OPENSSL_ia32cap_P 16 diff --git a/win-x86/crypto/md5/md5-586.asm b/win-x86/crypto/md5/md5-586.asm new file mode 100644 index 0000000..67ee216 --- /dev/null +++ b/win-x86/crypto/md5/md5-586.asm @@ -0,0 +1,691 @@ +%ifidn __OUTPUT_FORMAT__,obj +section code use32 class=code align=64 +%elifidn __OUTPUT_FORMAT__,win32 +%ifdef __YASM_VERSION_ID__ +%if __YASM_VERSION_ID__ < 01010000h +%error yasm version 1.1.0 or later needed. +%endif +; Yasm automatically includes .00 and complains about redefining it. +; https://www.tortall.net/projects/yasm/manual/html/objfmt-win32-safeseh.html +%else +$@feat.00 equ 1 +%endif +section .text code align=64 +%else +section .text code +%endif +global _md5_block_asm_data_order +align 16 +_md5_block_asm_data_order: +L$_md5_block_asm_data_order_begin: + push esi + push edi + mov edi,DWORD [12+esp] + mov esi,DWORD [16+esp] + mov ecx,DWORD [20+esp] + push ebp + shl ecx,6 + push ebx + add ecx,esi + sub ecx,64 + mov eax,DWORD [edi] + push ecx + mov ebx,DWORD [4+edi] + mov ecx,DWORD [8+edi] + mov edx,DWORD [12+edi] +L$000start: + ; + ; R0 section + mov edi,ecx + mov ebp,DWORD [esi] + ; R0 0 + xor edi,edx + and edi,ebx + lea eax,[3614090360+ebp*1+eax] + xor edi,edx + add eax,edi + mov edi,ebx + rol eax,7 + mov ebp,DWORD [4+esi] + add eax,ebx + ; R0 1 + xor edi,ecx + and edi,eax + lea edx,[3905402710+ebp*1+edx] + xor edi,ecx + add edx,edi + mov edi,eax + rol edx,12 + mov ebp,DWORD [8+esi] + add edx,eax + ; R0 2 + xor edi,ebx + and edi,edx + lea ecx,[606105819+ebp*1+ecx] + xor edi,ebx + add ecx,edi + mov edi,edx + rol ecx,17 + mov ebp,DWORD [12+esi] + add ecx,edx + ; R0 3 + xor edi,eax + and edi,ecx + lea ebx,[3250441966+ebp*1+ebx] + xor edi,eax + add ebx,edi + mov edi,ecx + rol ebx,22 + mov ebp,DWORD [16+esi] + add ebx,ecx + ; R0 4 + xor edi,edx + and edi,ebx + lea eax,[4118548399+ebp*1+eax] + xor edi,edx + add eax,edi + mov edi,ebx + rol eax,7 + mov ebp,DWORD [20+esi] + add eax,ebx + ; R0 5 + xor edi,ecx + and edi,eax + lea edx,[1200080426+ebp*1+edx] + xor edi,ecx + add edx,edi + mov edi,eax + rol edx,12 + mov ebp,DWORD [24+esi] + add edx,eax + ; R0 6 + xor edi,ebx + and edi,edx + lea ecx,[2821735955+ebp*1+ecx] + xor edi,ebx + add ecx,edi + mov edi,edx + rol ecx,17 + mov ebp,DWORD [28+esi] + add ecx,edx + ; R0 7 + xor edi,eax + and edi,ecx + lea ebx,[4249261313+ebp*1+ebx] + xor edi,eax + add ebx,edi + mov edi,ecx + rol ebx,22 + mov ebp,DWORD [32+esi] + add ebx,ecx + ; R0 8 + xor edi,edx + and edi,ebx + lea eax,[1770035416+ebp*1+eax] + xor edi,edx + add eax,edi + mov edi,ebx + rol eax,7 + mov ebp,DWORD [36+esi] + add eax,ebx + ; R0 9 + xor edi,ecx + and edi,eax + lea edx,[2336552879+ebp*1+edx] + xor edi,ecx + add edx,edi + mov edi,eax + rol edx,12 + mov ebp,DWORD [40+esi] + add edx,eax + ; R0 10 + xor edi,ebx + and edi,edx + lea ecx,[4294925233+ebp*1+ecx] + xor edi,ebx + add ecx,edi + mov edi,edx + rol ecx,17 + mov ebp,DWORD [44+esi] + add ecx,edx + ; R0 11 + xor edi,eax + and edi,ecx + lea ebx,[2304563134+ebp*1+ebx] + xor edi,eax + add ebx,edi + mov edi,ecx + rol ebx,22 + mov ebp,DWORD [48+esi] + add ebx,ecx + ; R0 12 + xor edi,edx + and edi,ebx + lea eax,[1804603682+ebp*1+eax] + xor edi,edx + add eax,edi + mov edi,ebx + rol eax,7 + mov ebp,DWORD [52+esi] + add eax,ebx + ; R0 13 + xor edi,ecx + and edi,eax + lea edx,[4254626195+ebp*1+edx] + xor edi,ecx + add edx,edi + mov edi,eax + rol edx,12 + mov ebp,DWORD [56+esi] + add edx,eax + ; R0 14 + xor edi,ebx + and edi,edx + lea ecx,[2792965006+ebp*1+ecx] + xor edi,ebx + add ecx,edi + mov edi,edx + rol ecx,17 + mov ebp,DWORD [60+esi] + add ecx,edx + ; R0 15 + xor edi,eax + and edi,ecx + lea ebx,[1236535329+ebp*1+ebx] + xor edi,eax + add ebx,edi + mov edi,ecx + rol ebx,22 + mov ebp,DWORD [4+esi] + add ebx,ecx + ; + ; R1 section + ; R1 16 + lea eax,[4129170786+ebp*1+eax] + xor edi,ebx + and edi,edx + mov ebp,DWORD [24+esi] + xor edi,ecx + add eax,edi + mov edi,ebx + rol eax,5 + add eax,ebx + ; R1 17 + lea edx,[3225465664+ebp*1+edx] + xor edi,eax + and edi,ecx + mov ebp,DWORD [44+esi] + xor edi,ebx + add edx,edi + mov edi,eax + rol edx,9 + add edx,eax + ; R1 18 + lea ecx,[643717713+ebp*1+ecx] + xor edi,edx + and edi,ebx + mov ebp,DWORD [esi] + xor edi,eax + add ecx,edi + mov edi,edx + rol ecx,14 + add ecx,edx + ; R1 19 + lea ebx,[3921069994+ebp*1+ebx] + xor edi,ecx + and edi,eax + mov ebp,DWORD [20+esi] + xor edi,edx + add ebx,edi + mov edi,ecx + rol ebx,20 + add ebx,ecx + ; R1 20 + lea eax,[3593408605+ebp*1+eax] + xor edi,ebx + and edi,edx + mov ebp,DWORD [40+esi] + xor edi,ecx + add eax,edi + mov edi,ebx + rol eax,5 + add eax,ebx + ; R1 21 + lea edx,[38016083+ebp*1+edx] + xor edi,eax + and edi,ecx + mov ebp,DWORD [60+esi] + xor edi,ebx + add edx,edi + mov edi,eax + rol edx,9 + add edx,eax + ; R1 22 + lea ecx,[3634488961+ebp*1+ecx] + xor edi,edx + and edi,ebx + mov ebp,DWORD [16+esi] + xor edi,eax + add ecx,edi + mov edi,edx + rol ecx,14 + add ecx,edx + ; R1 23 + lea ebx,[3889429448+ebp*1+ebx] + xor edi,ecx + and edi,eax + mov ebp,DWORD [36+esi] + xor edi,edx + add ebx,edi + mov edi,ecx + rol ebx,20 + add ebx,ecx + ; R1 24 + lea eax,[568446438+ebp*1+eax] + xor edi,ebx + and edi,edx + mov ebp,DWORD [56+esi] + xor edi,ecx + add eax,edi + mov edi,ebx + rol eax,5 + add eax,ebx + ; R1 25 + lea edx,[3275163606+ebp*1+edx] + xor edi,eax + and edi,ecx + mov ebp,DWORD [12+esi] + xor edi,ebx + add edx,edi + mov edi,eax + rol edx,9 + add edx,eax + ; R1 26 + lea ecx,[4107603335+ebp*1+ecx] + xor edi,edx + and edi,ebx + mov ebp,DWORD [32+esi] + xor edi,eax + add ecx,edi + mov edi,edx + rol ecx,14 + add ecx,edx + ; R1 27 + lea ebx,[1163531501+ebp*1+ebx] + xor edi,ecx + and edi,eax + mov ebp,DWORD [52+esi] + xor edi,edx + add ebx,edi + mov edi,ecx + rol ebx,20 + add ebx,ecx + ; R1 28 + lea eax,[2850285829+ebp*1+eax] + xor edi,ebx + and edi,edx + mov ebp,DWORD [8+esi] + xor edi,ecx + add eax,edi + mov edi,ebx + rol eax,5 + add eax,ebx + ; R1 29 + lea edx,[4243563512+ebp*1+edx] + xor edi,eax + and edi,ecx + mov ebp,DWORD [28+esi] + xor edi,ebx + add edx,edi + mov edi,eax + rol edx,9 + add edx,eax + ; R1 30 + lea ecx,[1735328473+ebp*1+ecx] + xor edi,edx + and edi,ebx + mov ebp,DWORD [48+esi] + xor edi,eax + add ecx,edi + mov edi,edx + rol ecx,14 + add ecx,edx + ; R1 31 + lea ebx,[2368359562+ebp*1+ebx] + xor edi,ecx + and edi,eax + mov ebp,DWORD [20+esi] + xor edi,edx + add ebx,edi + mov edi,ecx + rol ebx,20 + add ebx,ecx + ; + ; R2 section + ; R2 32 + xor edi,edx + xor edi,ebx + lea eax,[4294588738+ebp*1+eax] + add eax,edi + rol eax,4 + mov ebp,DWORD [32+esi] + mov edi,ebx + ; R2 33 + lea edx,[2272392833+ebp*1+edx] + add eax,ebx + xor edi,ecx + xor edi,eax + mov ebp,DWORD [44+esi] + add edx,edi + mov edi,eax + rol edx,11 + add edx,eax + ; R2 34 + xor edi,ebx + xor edi,edx + lea ecx,[1839030562+ebp*1+ecx] + add ecx,edi + rol ecx,16 + mov ebp,DWORD [56+esi] + mov edi,edx + ; R2 35 + lea ebx,[4259657740+ebp*1+ebx] + add ecx,edx + xor edi,eax + xor edi,ecx + mov ebp,DWORD [4+esi] + add ebx,edi + mov edi,ecx + rol ebx,23 + add ebx,ecx + ; R2 36 + xor edi,edx + xor edi,ebx + lea eax,[2763975236+ebp*1+eax] + add eax,edi + rol eax,4 + mov ebp,DWORD [16+esi] + mov edi,ebx + ; R2 37 + lea edx,[1272893353+ebp*1+edx] + add eax,ebx + xor edi,ecx + xor edi,eax + mov ebp,DWORD [28+esi] + add edx,edi + mov edi,eax + rol edx,11 + add edx,eax + ; R2 38 + xor edi,ebx + xor edi,edx + lea ecx,[4139469664+ebp*1+ecx] + add ecx,edi + rol ecx,16 + mov ebp,DWORD [40+esi] + mov edi,edx + ; R2 39 + lea ebx,[3200236656+ebp*1+ebx] + add ecx,edx + xor edi,eax + xor edi,ecx + mov ebp,DWORD [52+esi] + add ebx,edi + mov edi,ecx + rol ebx,23 + add ebx,ecx + ; R2 40 + xor edi,edx + xor edi,ebx + lea eax,[681279174+ebp*1+eax] + add eax,edi + rol eax,4 + mov ebp,DWORD [esi] + mov edi,ebx + ; R2 41 + lea edx,[3936430074+ebp*1+edx] + add eax,ebx + xor edi,ecx + xor edi,eax + mov ebp,DWORD [12+esi] + add edx,edi + mov edi,eax + rol edx,11 + add edx,eax + ; R2 42 + xor edi,ebx + xor edi,edx + lea ecx,[3572445317+ebp*1+ecx] + add ecx,edi + rol ecx,16 + mov ebp,DWORD [24+esi] + mov edi,edx + ; R2 43 + lea ebx,[76029189+ebp*1+ebx] + add ecx,edx + xor edi,eax + xor edi,ecx + mov ebp,DWORD [36+esi] + add ebx,edi + mov edi,ecx + rol ebx,23 + add ebx,ecx + ; R2 44 + xor edi,edx + xor edi,ebx + lea eax,[3654602809+ebp*1+eax] + add eax,edi + rol eax,4 + mov ebp,DWORD [48+esi] + mov edi,ebx + ; R2 45 + lea edx,[3873151461+ebp*1+edx] + add eax,ebx + xor edi,ecx + xor edi,eax + mov ebp,DWORD [60+esi] + add edx,edi + mov edi,eax + rol edx,11 + add edx,eax + ; R2 46 + xor edi,ebx + xor edi,edx + lea ecx,[530742520+ebp*1+ecx] + add ecx,edi + rol ecx,16 + mov ebp,DWORD [8+esi] + mov edi,edx + ; R2 47 + lea ebx,[3299628645+ebp*1+ebx] + add ecx,edx + xor edi,eax + xor edi,ecx + mov ebp,DWORD [esi] + add ebx,edi + mov edi,-1 + rol ebx,23 + add ebx,ecx + ; + ; R3 section + ; R3 48 + xor edi,edx + or edi,ebx + lea eax,[4096336452+ebp*1+eax] + xor edi,ecx + mov ebp,DWORD [28+esi] + add eax,edi + mov edi,-1 + rol eax,6 + xor edi,ecx + add eax,ebx + ; R3 49 + or edi,eax + lea edx,[1126891415+ebp*1+edx] + xor edi,ebx + mov ebp,DWORD [56+esi] + add edx,edi + mov edi,-1 + rol edx,10 + xor edi,ebx + add edx,eax + ; R3 50 + or edi,edx + lea ecx,[2878612391+ebp*1+ecx] + xor edi,eax + mov ebp,DWORD [20+esi] + add ecx,edi + mov edi,-1 + rol ecx,15 + xor edi,eax + add ecx,edx + ; R3 51 + or edi,ecx + lea ebx,[4237533241+ebp*1+ebx] + xor edi,edx + mov ebp,DWORD [48+esi] + add ebx,edi + mov edi,-1 + rol ebx,21 + xor edi,edx + add ebx,ecx + ; R3 52 + or edi,ebx + lea eax,[1700485571+ebp*1+eax] + xor edi,ecx + mov ebp,DWORD [12+esi] + add eax,edi + mov edi,-1 + rol eax,6 + xor edi,ecx + add eax,ebx + ; R3 53 + or edi,eax + lea edx,[2399980690+ebp*1+edx] + xor edi,ebx + mov ebp,DWORD [40+esi] + add edx,edi + mov edi,-1 + rol edx,10 + xor edi,ebx + add edx,eax + ; R3 54 + or edi,edx + lea ecx,[4293915773+ebp*1+ecx] + xor edi,eax + mov ebp,DWORD [4+esi] + add ecx,edi + mov edi,-1 + rol ecx,15 + xor edi,eax + add ecx,edx + ; R3 55 + or edi,ecx + lea ebx,[2240044497+ebp*1+ebx] + xor edi,edx + mov ebp,DWORD [32+esi] + add ebx,edi + mov edi,-1 + rol ebx,21 + xor edi,edx + add ebx,ecx + ; R3 56 + or edi,ebx + lea eax,[1873313359+ebp*1+eax] + xor edi,ecx + mov ebp,DWORD [60+esi] + add eax,edi + mov edi,-1 + rol eax,6 + xor edi,ecx + add eax,ebx + ; R3 57 + or edi,eax + lea edx,[4264355552+ebp*1+edx] + xor edi,ebx + mov ebp,DWORD [24+esi] + add edx,edi + mov edi,-1 + rol edx,10 + xor edi,ebx + add edx,eax + ; R3 58 + or edi,edx + lea ecx,[2734768916+ebp*1+ecx] + xor edi,eax + mov ebp,DWORD [52+esi] + add ecx,edi + mov edi,-1 + rol ecx,15 + xor edi,eax + add ecx,edx + ; R3 59 + or edi,ecx + lea ebx,[1309151649+ebp*1+ebx] + xor edi,edx + mov ebp,DWORD [16+esi] + add ebx,edi + mov edi,-1 + rol ebx,21 + xor edi,edx + add ebx,ecx + ; R3 60 + or edi,ebx + lea eax,[4149444226+ebp*1+eax] + xor edi,ecx + mov ebp,DWORD [44+esi] + add eax,edi + mov edi,-1 + rol eax,6 + xor edi,ecx + add eax,ebx + ; R3 61 + or edi,eax + lea edx,[3174756917+ebp*1+edx] + xor edi,ebx + mov ebp,DWORD [8+esi] + add edx,edi + mov edi,-1 + rol edx,10 + xor edi,ebx + add edx,eax + ; R3 62 + or edi,edx + lea ecx,[718787259+ebp*1+ecx] + xor edi,eax + mov ebp,DWORD [36+esi] + add ecx,edi + mov edi,-1 + rol ecx,15 + xor edi,eax + add ecx,edx + ; R3 63 + or edi,ecx + lea ebx,[3951481745+ebp*1+ebx] + xor edi,edx + mov ebp,DWORD [24+esp] + add ebx,edi + add esi,64 + rol ebx,21 + mov edi,DWORD [ebp] + add ebx,ecx + add eax,edi + mov edi,DWORD [4+ebp] + add ebx,edi + mov edi,DWORD [8+ebp] + add ecx,edi + mov edi,DWORD [12+ebp] + add edx,edi + mov DWORD [ebp],eax + mov DWORD [4+ebp],ebx + mov edi,DWORD [esp] + mov DWORD [8+ebp],ecx + mov DWORD [12+ebp],edx + cmp edi,esi + jae NEAR L$000start + pop eax + pop ebx + pop ebp + pop edi + pop esi + ret diff --git a/win-x86/crypto/modes/ghash-x86.asm b/win-x86/crypto/modes/ghash-x86.asm new file mode 100644 index 0000000..eb493ac --- /dev/null +++ b/win-x86/crypto/modes/ghash-x86.asm @@ -0,0 +1,1265 @@ +%ifidn __OUTPUT_FORMAT__,obj +section code use32 class=code align=64 +%elifidn __OUTPUT_FORMAT__,win32 +%ifdef __YASM_VERSION_ID__ +%if __YASM_VERSION_ID__ < 01010000h +%error yasm version 1.1.0 or later needed. +%endif +; Yasm automatically includes .00 and complains about redefining it. +; https://www.tortall.net/projects/yasm/manual/html/objfmt-win32-safeseh.html +%else +$@feat.00 equ 1 +%endif +section .text code align=64 +%else +section .text code +%endif +global _gcm_gmult_4bit_x86 +align 16 +_gcm_gmult_4bit_x86: +L$_gcm_gmult_4bit_x86_begin: + push ebp + push ebx + push esi + push edi + sub esp,84 + mov edi,DWORD [104+esp] + mov esi,DWORD [108+esp] + mov ebp,DWORD [edi] + mov edx,DWORD [4+edi] + mov ecx,DWORD [8+edi] + mov ebx,DWORD [12+edi] + mov DWORD [16+esp],0 + mov DWORD [20+esp],471859200 + mov DWORD [24+esp],943718400 + mov DWORD [28+esp],610271232 + mov DWORD [32+esp],1887436800 + mov DWORD [36+esp],1822425088 + mov DWORD [40+esp],1220542464 + mov DWORD [44+esp],1423966208 + mov DWORD [48+esp],3774873600 + mov DWORD [52+esp],4246732800 + mov DWORD [56+esp],3644850176 + mov DWORD [60+esp],3311403008 + mov DWORD [64+esp],2441084928 + mov DWORD [68+esp],2376073216 + mov DWORD [72+esp],2847932416 + mov DWORD [76+esp],3051356160 + mov DWORD [esp],ebp + mov DWORD [4+esp],edx + mov DWORD [8+esp],ecx + mov DWORD [12+esp],ebx + shr ebx,20 + and ebx,240 + mov ebp,DWORD [4+ebx*1+esi] + mov edx,DWORD [ebx*1+esi] + mov ecx,DWORD [12+ebx*1+esi] + mov ebx,DWORD [8+ebx*1+esi] + xor eax,eax + mov edi,15 + jmp NEAR L$000x86_loop +align 16 +L$000x86_loop: + mov al,bl + shrd ebx,ecx,4 + and al,15 + shrd ecx,edx,4 + shrd edx,ebp,4 + shr ebp,4 + xor ebp,DWORD [16+eax*4+esp] + mov al,BYTE [edi*1+esp] + and al,240 + xor ebx,DWORD [8+eax*1+esi] + xor ecx,DWORD [12+eax*1+esi] + xor edx,DWORD [eax*1+esi] + xor ebp,DWORD [4+eax*1+esi] + dec edi + js NEAR L$001x86_break + mov al,bl + shrd ebx,ecx,4 + and al,15 + shrd ecx,edx,4 + shrd edx,ebp,4 + shr ebp,4 + xor ebp,DWORD [16+eax*4+esp] + mov al,BYTE [edi*1+esp] + shl al,4 + xor ebx,DWORD [8+eax*1+esi] + xor ecx,DWORD [12+eax*1+esi] + xor edx,DWORD [eax*1+esi] + xor ebp,DWORD [4+eax*1+esi] + jmp NEAR L$000x86_loop +align 16 +L$001x86_break: + bswap ebx + bswap ecx + bswap edx + bswap ebp + mov edi,DWORD [104+esp] + mov DWORD [12+edi],ebx + mov DWORD [8+edi],ecx + mov DWORD [4+edi],edx + mov DWORD [edi],ebp + add esp,84 + pop edi + pop esi + pop ebx + pop ebp + ret +global _gcm_ghash_4bit_x86 +align 16 +_gcm_ghash_4bit_x86: +L$_gcm_ghash_4bit_x86_begin: + push ebp + push ebx + push esi + push edi + sub esp,84 + mov ebx,DWORD [104+esp] + mov esi,DWORD [108+esp] + mov edi,DWORD [112+esp] + mov ecx,DWORD [116+esp] + add ecx,edi + mov DWORD [116+esp],ecx + mov ebp,DWORD [ebx] + mov edx,DWORD [4+ebx] + mov ecx,DWORD [8+ebx] + mov ebx,DWORD [12+ebx] + mov DWORD [16+esp],0 + mov DWORD [20+esp],471859200 + mov DWORD [24+esp],943718400 + mov DWORD [28+esp],610271232 + mov DWORD [32+esp],1887436800 + mov DWORD [36+esp],1822425088 + mov DWORD [40+esp],1220542464 + mov DWORD [44+esp],1423966208 + mov DWORD [48+esp],3774873600 + mov DWORD [52+esp],4246732800 + mov DWORD [56+esp],3644850176 + mov DWORD [60+esp],3311403008 + mov DWORD [64+esp],2441084928 + mov DWORD [68+esp],2376073216 + mov DWORD [72+esp],2847932416 + mov DWORD [76+esp],3051356160 +align 16 +L$002x86_outer_loop: + xor ebx,DWORD [12+edi] + xor ecx,DWORD [8+edi] + xor edx,DWORD [4+edi] + xor ebp,DWORD [edi] + mov DWORD [12+esp],ebx + mov DWORD [8+esp],ecx + mov DWORD [4+esp],edx + mov DWORD [esp],ebp + shr ebx,20 + and ebx,240 + mov ebp,DWORD [4+ebx*1+esi] + mov edx,DWORD [ebx*1+esi] + mov ecx,DWORD [12+ebx*1+esi] + mov ebx,DWORD [8+ebx*1+esi] + xor eax,eax + mov edi,15 + jmp NEAR L$003x86_loop +align 16 +L$003x86_loop: + mov al,bl + shrd ebx,ecx,4 + and al,15 + shrd ecx,edx,4 + shrd edx,ebp,4 + shr ebp,4 + xor ebp,DWORD [16+eax*4+esp] + mov al,BYTE [edi*1+esp] + and al,240 + xor ebx,DWORD [8+eax*1+esi] + xor ecx,DWORD [12+eax*1+esi] + xor edx,DWORD [eax*1+esi] + xor ebp,DWORD [4+eax*1+esi] + dec edi + js NEAR L$004x86_break + mov al,bl + shrd ebx,ecx,4 + and al,15 + shrd ecx,edx,4 + shrd edx,ebp,4 + shr ebp,4 + xor ebp,DWORD [16+eax*4+esp] + mov al,BYTE [edi*1+esp] + shl al,4 + xor ebx,DWORD [8+eax*1+esi] + xor ecx,DWORD [12+eax*1+esi] + xor edx,DWORD [eax*1+esi] + xor ebp,DWORD [4+eax*1+esi] + jmp NEAR L$003x86_loop +align 16 +L$004x86_break: + bswap ebx + bswap ecx + bswap edx + bswap ebp + mov edi,DWORD [112+esp] + lea edi,[16+edi] + cmp edi,DWORD [116+esp] + mov DWORD [112+esp],edi + jb NEAR L$002x86_outer_loop + mov edi,DWORD [104+esp] + mov DWORD [12+edi],ebx + mov DWORD [8+edi],ecx + mov DWORD [4+edi],edx + mov DWORD [edi],ebp + add esp,84 + pop edi + pop esi + pop ebx + pop ebp + ret +global _gcm_gmult_4bit_mmx +align 16 +_gcm_gmult_4bit_mmx: +L$_gcm_gmult_4bit_mmx_begin: + push ebp + push ebx + push esi + push edi + mov edi,DWORD [20+esp] + mov esi,DWORD [24+esp] + call L$005pic_point +L$005pic_point: + pop eax + lea eax,[(L$rem_4bit-L$005pic_point)+eax] + movzx ebx,BYTE [15+edi] + xor ecx,ecx + mov edx,ebx + mov cl,dl + mov ebp,14 + shl cl,4 + and edx,240 + movq mm0,[8+ecx*1+esi] + movq mm1,[ecx*1+esi] + movd ebx,mm0 + jmp NEAR L$006mmx_loop +align 16 +L$006mmx_loop: + psrlq mm0,4 + and ebx,15 + movq mm2,mm1 + psrlq mm1,4 + pxor mm0,[8+edx*1+esi] + mov cl,BYTE [ebp*1+edi] + psllq mm2,60 + pxor mm1,[ebx*8+eax] + dec ebp + movd ebx,mm0 + pxor mm1,[edx*1+esi] + mov edx,ecx + pxor mm0,mm2 + js NEAR L$007mmx_break + shl cl,4 + and ebx,15 + psrlq mm0,4 + and edx,240 + movq mm2,mm1 + psrlq mm1,4 + pxor mm0,[8+ecx*1+esi] + psllq mm2,60 + pxor mm1,[ebx*8+eax] + movd ebx,mm0 + pxor mm1,[ecx*1+esi] + pxor mm0,mm2 + jmp NEAR L$006mmx_loop +align 16 +L$007mmx_break: + shl cl,4 + and ebx,15 + psrlq mm0,4 + and edx,240 + movq mm2,mm1 + psrlq mm1,4 + pxor mm0,[8+ecx*1+esi] + psllq mm2,60 + pxor mm1,[ebx*8+eax] + movd ebx,mm0 + pxor mm1,[ecx*1+esi] + pxor mm0,mm2 + psrlq mm0,4 + and ebx,15 + movq mm2,mm1 + psrlq mm1,4 + pxor mm0,[8+edx*1+esi] + psllq mm2,60 + pxor mm1,[ebx*8+eax] + movd ebx,mm0 + pxor mm1,[edx*1+esi] + pxor mm0,mm2 + psrlq mm0,32 + movd edx,mm1 + psrlq mm1,32 + movd ecx,mm0 + movd ebp,mm1 + bswap ebx + bswap edx + bswap ecx + bswap ebp + emms + mov DWORD [12+edi],ebx + mov DWORD [4+edi],edx + mov DWORD [8+edi],ecx + mov DWORD [edi],ebp + pop edi + pop esi + pop ebx + pop ebp + ret +global _gcm_ghash_4bit_mmx +align 16 +_gcm_ghash_4bit_mmx: +L$_gcm_ghash_4bit_mmx_begin: + push ebp + push ebx + push esi + push edi + mov eax,DWORD [20+esp] + mov ebx,DWORD [24+esp] + mov ecx,DWORD [28+esp] + mov edx,DWORD [32+esp] + mov ebp,esp + call L$008pic_point +L$008pic_point: + pop esi + lea esi,[(L$rem_8bit-L$008pic_point)+esi] + sub esp,544 + and esp,-64 + sub esp,16 + add edx,ecx + mov DWORD [544+esp],eax + mov DWORD [552+esp],edx + mov DWORD [556+esp],ebp + add ebx,128 + lea edi,[144+esp] + lea ebp,[400+esp] + mov edx,DWORD [ebx-120] + movq mm0,[ebx-120] + movq mm3,[ebx-128] + shl edx,4 + mov BYTE [esp],dl + mov edx,DWORD [ebx-104] + movq mm2,[ebx-104] + movq mm5,[ebx-112] + movq [edi-128],mm0 + psrlq mm0,4 + movq [edi],mm3 + movq mm7,mm3 + psrlq mm3,4 + shl edx,4 + mov BYTE [1+esp],dl + mov edx,DWORD [ebx-88] + movq mm1,[ebx-88] + psllq mm7,60 + movq mm4,[ebx-96] + por mm0,mm7 + movq [edi-120],mm2 + psrlq mm2,4 + movq [8+edi],mm5 + movq mm6,mm5 + movq [ebp-128],mm0 + psrlq mm5,4 + movq [ebp],mm3 + shl edx,4 + mov BYTE [2+esp],dl + mov edx,DWORD [ebx-72] + movq mm0,[ebx-72] + psllq mm6,60 + movq mm3,[ebx-80] + por mm2,mm6 + movq [edi-112],mm1 + psrlq mm1,4 + movq [16+edi],mm4 + movq mm7,mm4 + movq [ebp-120],mm2 + psrlq mm4,4 + movq [8+ebp],mm5 + shl edx,4 + mov BYTE [3+esp],dl + mov edx,DWORD [ebx-56] + movq mm2,[ebx-56] + psllq mm7,60 + movq mm5,[ebx-64] + por mm1,mm7 + movq [edi-104],mm0 + psrlq mm0,4 + movq [24+edi],mm3 + movq mm6,mm3 + movq [ebp-112],mm1 + psrlq mm3,4 + movq [16+ebp],mm4 + shl edx,4 + mov BYTE [4+esp],dl + mov edx,DWORD [ebx-40] + movq mm1,[ebx-40] + psllq mm6,60 + movq mm4,[ebx-48] + por mm0,mm6 + movq [edi-96],mm2 + psrlq mm2,4 + movq [32+edi],mm5 + movq mm7,mm5 + movq [ebp-104],mm0 + psrlq mm5,4 + movq [24+ebp],mm3 + shl edx,4 + mov BYTE [5+esp],dl + mov edx,DWORD [ebx-24] + movq mm0,[ebx-24] + psllq mm7,60 + movq mm3,[ebx-32] + por mm2,mm7 + movq [edi-88],mm1 + psrlq mm1,4 + movq [40+edi],mm4 + movq mm6,mm4 + movq [ebp-96],mm2 + psrlq mm4,4 + movq [32+ebp],mm5 + shl edx,4 + mov BYTE [6+esp],dl + mov edx,DWORD [ebx-8] + movq mm2,[ebx-8] + psllq mm6,60 + movq mm5,[ebx-16] + por mm1,mm6 + movq [edi-80],mm0 + psrlq mm0,4 + movq [48+edi],mm3 + movq mm7,mm3 + movq [ebp-88],mm1 + psrlq mm3,4 + movq [40+ebp],mm4 + shl edx,4 + mov BYTE [7+esp],dl + mov edx,DWORD [8+ebx] + movq mm1,[8+ebx] + psllq mm7,60 + movq mm4,[ebx] + por mm0,mm7 + movq [edi-72],mm2 + psrlq mm2,4 + movq [56+edi],mm5 + movq mm6,mm5 + movq [ebp-80],mm0 + psrlq mm5,4 + movq [48+ebp],mm3 + shl edx,4 + mov BYTE [8+esp],dl + mov edx,DWORD [24+ebx] + movq mm0,[24+ebx] + psllq mm6,60 + movq mm3,[16+ebx] + por mm2,mm6 + movq [edi-64],mm1 + psrlq mm1,4 + movq [64+edi],mm4 + movq mm7,mm4 + movq [ebp-72],mm2 + psrlq mm4,4 + movq [56+ebp],mm5 + shl edx,4 + mov BYTE [9+esp],dl + mov edx,DWORD [40+ebx] + movq mm2,[40+ebx] + psllq mm7,60 + movq mm5,[32+ebx] + por mm1,mm7 + movq [edi-56],mm0 + psrlq mm0,4 + movq [72+edi],mm3 + movq mm6,mm3 + movq [ebp-64],mm1 + psrlq mm3,4 + movq [64+ebp],mm4 + shl edx,4 + mov BYTE [10+esp],dl + mov edx,DWORD [56+ebx] + movq mm1,[56+ebx] + psllq mm6,60 + movq mm4,[48+ebx] + por mm0,mm6 + movq [edi-48],mm2 + psrlq mm2,4 + movq [80+edi],mm5 + movq mm7,mm5 + movq [ebp-56],mm0 + psrlq mm5,4 + movq [72+ebp],mm3 + shl edx,4 + mov BYTE [11+esp],dl + mov edx,DWORD [72+ebx] + movq mm0,[72+ebx] + psllq mm7,60 + movq mm3,[64+ebx] + por mm2,mm7 + movq [edi-40],mm1 + psrlq mm1,4 + movq [88+edi],mm4 + movq mm6,mm4 + movq [ebp-48],mm2 + psrlq mm4,4 + movq [80+ebp],mm5 + shl edx,4 + mov BYTE [12+esp],dl + mov edx,DWORD [88+ebx] + movq mm2,[88+ebx] + psllq mm6,60 + movq mm5,[80+ebx] + por mm1,mm6 + movq [edi-32],mm0 + psrlq mm0,4 + movq [96+edi],mm3 + movq mm7,mm3 + movq [ebp-40],mm1 + psrlq mm3,4 + movq [88+ebp],mm4 + shl edx,4 + mov BYTE [13+esp],dl + mov edx,DWORD [104+ebx] + movq mm1,[104+ebx] + psllq mm7,60 + movq mm4,[96+ebx] + por mm0,mm7 + movq [edi-24],mm2 + psrlq mm2,4 + movq [104+edi],mm5 + movq mm6,mm5 + movq [ebp-32],mm0 + psrlq mm5,4 + movq [96+ebp],mm3 + shl edx,4 + mov BYTE [14+esp],dl + mov edx,DWORD [120+ebx] + movq mm0,[120+ebx] + psllq mm6,60 + movq mm3,[112+ebx] + por mm2,mm6 + movq [edi-16],mm1 + psrlq mm1,4 + movq [112+edi],mm4 + movq mm7,mm4 + movq [ebp-24],mm2 + psrlq mm4,4 + movq [104+ebp],mm5 + shl edx,4 + mov BYTE [15+esp],dl + psllq mm7,60 + por mm1,mm7 + movq [edi-8],mm0 + psrlq mm0,4 + movq [120+edi],mm3 + movq mm6,mm3 + movq [ebp-16],mm1 + psrlq mm3,4 + movq [112+ebp],mm4 + psllq mm6,60 + por mm0,mm6 + movq [ebp-8],mm0 + movq [120+ebp],mm3 + movq mm6,[eax] + mov ebx,DWORD [8+eax] + mov edx,DWORD [12+eax] +align 16 +L$009outer: + xor edx,DWORD [12+ecx] + xor ebx,DWORD [8+ecx] + pxor mm6,[ecx] + lea ecx,[16+ecx] + mov DWORD [536+esp],ebx + movq [528+esp],mm6 + mov DWORD [548+esp],ecx + xor eax,eax + rol edx,8 + mov al,dl + mov ebp,eax + and al,15 + shr ebp,4 + pxor mm0,mm0 + rol edx,8 + pxor mm1,mm1 + pxor mm2,mm2 + movq mm7,[16+eax*8+esp] + movq mm6,[144+eax*8+esp] + mov al,dl + movd ebx,mm7 + psrlq mm7,8 + movq mm3,mm6 + mov edi,eax + psrlq mm6,8 + pxor mm7,[272+ebp*8+esp] + and al,15 + psllq mm3,56 + shr edi,4 + pxor mm7,[16+eax*8+esp] + rol edx,8 + pxor mm6,[144+eax*8+esp] + pxor mm7,mm3 + pxor mm6,[400+ebp*8+esp] + xor bl,BYTE [ebp*1+esp] + mov al,dl + movd ecx,mm7 + movzx ebx,bl + psrlq mm7,8 + movq mm3,mm6 + mov ebp,eax + psrlq mm6,8 + pxor mm7,[272+edi*8+esp] + and al,15 + psllq mm3,56 + shr ebp,4 + pinsrw mm2,WORD [ebx*2+esi],2 + pxor mm7,[16+eax*8+esp] + rol edx,8 + pxor mm6,[144+eax*8+esp] + pxor mm7,mm3 + pxor mm6,[400+edi*8+esp] + xor cl,BYTE [edi*1+esp] + mov al,dl + mov edx,DWORD [536+esp] + movd ebx,mm7 + movzx ecx,cl + psrlq mm7,8 + movq mm3,mm6 + mov edi,eax + psrlq mm6,8 + pxor mm7,[272+ebp*8+esp] + and al,15 + psllq mm3,56 + pxor mm6,mm2 + shr edi,4 + pinsrw mm1,WORD [ecx*2+esi],2 + pxor mm7,[16+eax*8+esp] + rol edx,8 + pxor mm6,[144+eax*8+esp] + pxor mm7,mm3 + pxor mm6,[400+ebp*8+esp] + xor bl,BYTE [ebp*1+esp] + mov al,dl + movd ecx,mm7 + movzx ebx,bl + psrlq mm7,8 + movq mm3,mm6 + mov ebp,eax + psrlq mm6,8 + pxor mm7,[272+edi*8+esp] + and al,15 + psllq mm3,56 + pxor mm6,mm1 + shr ebp,4 + pinsrw mm0,WORD [ebx*2+esi],2 + pxor mm7,[16+eax*8+esp] + rol edx,8 + pxor mm6,[144+eax*8+esp] + pxor mm7,mm3 + pxor mm6,[400+edi*8+esp] + xor cl,BYTE [edi*1+esp] + mov al,dl + movd ebx,mm7 + movzx ecx,cl + psrlq mm7,8 + movq mm3,mm6 + mov edi,eax + psrlq mm6,8 + pxor mm7,[272+ebp*8+esp] + and al,15 + psllq mm3,56 + pxor mm6,mm0 + shr edi,4 + pinsrw mm2,WORD [ecx*2+esi],2 + pxor mm7,[16+eax*8+esp] + rol edx,8 + pxor mm6,[144+eax*8+esp] + pxor mm7,mm3 + pxor mm6,[400+ebp*8+esp] + xor bl,BYTE [ebp*1+esp] + mov al,dl + movd ecx,mm7 + movzx ebx,bl + psrlq mm7,8 + movq mm3,mm6 + mov ebp,eax + psrlq mm6,8 + pxor mm7,[272+edi*8+esp] + and al,15 + psllq mm3,56 + pxor mm6,mm2 + shr ebp,4 + pinsrw mm1,WORD [ebx*2+esi],2 + pxor mm7,[16+eax*8+esp] + rol edx,8 + pxor mm6,[144+eax*8+esp] + pxor mm7,mm3 + pxor mm6,[400+edi*8+esp] + xor cl,BYTE [edi*1+esp] + mov al,dl + mov edx,DWORD [532+esp] + movd ebx,mm7 + movzx ecx,cl + psrlq mm7,8 + movq mm3,mm6 + mov edi,eax + psrlq mm6,8 + pxor mm7,[272+ebp*8+esp] + and al,15 + psllq mm3,56 + pxor mm6,mm1 + shr edi,4 + pinsrw mm0,WORD [ecx*2+esi],2 + pxor mm7,[16+eax*8+esp] + rol edx,8 + pxor mm6,[144+eax*8+esp] + pxor mm7,mm3 + pxor mm6,[400+ebp*8+esp] + xor bl,BYTE [ebp*1+esp] + mov al,dl + movd ecx,mm7 + movzx ebx,bl + psrlq mm7,8 + movq mm3,mm6 + mov ebp,eax + psrlq mm6,8 + pxor mm7,[272+edi*8+esp] + and al,15 + psllq mm3,56 + pxor mm6,mm0 + shr ebp,4 + pinsrw mm2,WORD [ebx*2+esi],2 + pxor mm7,[16+eax*8+esp] + rol edx,8 + pxor mm6,[144+eax*8+esp] + pxor mm7,mm3 + pxor mm6,[400+edi*8+esp] + xor cl,BYTE [edi*1+esp] + mov al,dl + movd ebx,mm7 + movzx ecx,cl + psrlq mm7,8 + movq mm3,mm6 + mov edi,eax + psrlq mm6,8 + pxor mm7,[272+ebp*8+esp] + and al,15 + psllq mm3,56 + pxor mm6,mm2 + shr edi,4 + pinsrw mm1,WORD [ecx*2+esi],2 + pxor mm7,[16+eax*8+esp] + rol edx,8 + pxor mm6,[144+eax*8+esp] + pxor mm7,mm3 + pxor mm6,[400+ebp*8+esp] + xor bl,BYTE [ebp*1+esp] + mov al,dl + movd ecx,mm7 + movzx ebx,bl + psrlq mm7,8 + movq mm3,mm6 + mov ebp,eax + psrlq mm6,8 + pxor mm7,[272+edi*8+esp] + and al,15 + psllq mm3,56 + pxor mm6,mm1 + shr ebp,4 + pinsrw mm0,WORD [ebx*2+esi],2 + pxor mm7,[16+eax*8+esp] + rol edx,8 + pxor mm6,[144+eax*8+esp] + pxor mm7,mm3 + pxor mm6,[400+edi*8+esp] + xor cl,BYTE [edi*1+esp] + mov al,dl + mov edx,DWORD [528+esp] + movd ebx,mm7 + movzx ecx,cl + psrlq mm7,8 + movq mm3,mm6 + mov edi,eax + psrlq mm6,8 + pxor mm7,[272+ebp*8+esp] + and al,15 + psllq mm3,56 + pxor mm6,mm0 + shr edi,4 + pinsrw mm2,WORD [ecx*2+esi],2 + pxor mm7,[16+eax*8+esp] + rol edx,8 + pxor mm6,[144+eax*8+esp] + pxor mm7,mm3 + pxor mm6,[400+ebp*8+esp] + xor bl,BYTE [ebp*1+esp] + mov al,dl + movd ecx,mm7 + movzx ebx,bl + psrlq mm7,8 + movq mm3,mm6 + mov ebp,eax + psrlq mm6,8 + pxor mm7,[272+edi*8+esp] + and al,15 + psllq mm3,56 + pxor mm6,mm2 + shr ebp,4 + pinsrw mm1,WORD [ebx*2+esi],2 + pxor mm7,[16+eax*8+esp] + rol edx,8 + pxor mm6,[144+eax*8+esp] + pxor mm7,mm3 + pxor mm6,[400+edi*8+esp] + xor cl,BYTE [edi*1+esp] + mov al,dl + movd ebx,mm7 + movzx ecx,cl + psrlq mm7,8 + movq mm3,mm6 + mov edi,eax + psrlq mm6,8 + pxor mm7,[272+ebp*8+esp] + and al,15 + psllq mm3,56 + pxor mm6,mm1 + shr edi,4 + pinsrw mm0,WORD [ecx*2+esi],2 + pxor mm7,[16+eax*8+esp] + rol edx,8 + pxor mm6,[144+eax*8+esp] + pxor mm7,mm3 + pxor mm6,[400+ebp*8+esp] + xor bl,BYTE [ebp*1+esp] + mov al,dl + movd ecx,mm7 + movzx ebx,bl + psrlq mm7,8 + movq mm3,mm6 + mov ebp,eax + psrlq mm6,8 + pxor mm7,[272+edi*8+esp] + and al,15 + psllq mm3,56 + pxor mm6,mm0 + shr ebp,4 + pinsrw mm2,WORD [ebx*2+esi],2 + pxor mm7,[16+eax*8+esp] + rol edx,8 + pxor mm6,[144+eax*8+esp] + pxor mm7,mm3 + pxor mm6,[400+edi*8+esp] + xor cl,BYTE [edi*1+esp] + mov al,dl + mov edx,DWORD [524+esp] + movd ebx,mm7 + movzx ecx,cl + psrlq mm7,8 + movq mm3,mm6 + mov edi,eax + psrlq mm6,8 + pxor mm7,[272+ebp*8+esp] + and al,15 + psllq mm3,56 + pxor mm6,mm2 + shr edi,4 + pinsrw mm1,WORD [ecx*2+esi],2 + pxor mm7,[16+eax*8+esp] + pxor mm6,[144+eax*8+esp] + xor bl,BYTE [ebp*1+esp] + pxor mm7,mm3 + pxor mm6,[400+ebp*8+esp] + movzx ebx,bl + pxor mm2,mm2 + psllq mm1,4 + movd ecx,mm7 + psrlq mm7,4 + movq mm3,mm6 + psrlq mm6,4 + shl ecx,4 + pxor mm7,[16+edi*8+esp] + psllq mm3,60 + movzx ecx,cl + pxor mm7,mm3 + pxor mm6,[144+edi*8+esp] + pinsrw mm0,WORD [ebx*2+esi],2 + pxor mm6,mm1 + movd edx,mm7 + pinsrw mm2,WORD [ecx*2+esi],3 + psllq mm0,12 + pxor mm6,mm0 + psrlq mm7,32 + pxor mm6,mm2 + mov ecx,DWORD [548+esp] + movd ebx,mm7 + movq mm3,mm6 + psllw mm6,8 + psrlw mm3,8 + por mm6,mm3 + bswap edx + pshufw mm6,mm6,27 + bswap ebx + cmp ecx,DWORD [552+esp] + jne NEAR L$009outer + mov eax,DWORD [544+esp] + mov DWORD [12+eax],edx + mov DWORD [8+eax],ebx + movq [eax],mm6 + mov esp,DWORD [556+esp] + emms + pop edi + pop esi + pop ebx + pop ebp + ret +global _gcm_init_clmul +align 16 +_gcm_init_clmul: +L$_gcm_init_clmul_begin: + mov edx,DWORD [4+esp] + mov eax,DWORD [8+esp] + call L$010pic +L$010pic: + pop ecx + lea ecx,[(L$bswap-L$010pic)+ecx] + movdqu xmm2,[eax] + pshufd xmm2,xmm2,78 + pshufd xmm4,xmm2,255 + movdqa xmm3,xmm2 + psllq xmm2,1 + pxor xmm5,xmm5 + psrlq xmm3,63 + pcmpgtd xmm5,xmm4 + pslldq xmm3,8 + por xmm2,xmm3 + pand xmm5,[16+ecx] + pxor xmm2,xmm5 + movdqa xmm0,xmm2 + movdqa xmm1,xmm0 + pshufd xmm3,xmm0,78 + pshufd xmm4,xmm2,78 + pxor xmm3,xmm0 + pxor xmm4,xmm2 +db 102,15,58,68,194,0 +db 102,15,58,68,202,17 +db 102,15,58,68,220,0 + xorps xmm3,xmm0 + xorps xmm3,xmm1 + movdqa xmm4,xmm3 + psrldq xmm3,8 + pslldq xmm4,8 + pxor xmm1,xmm3 + pxor xmm0,xmm4 + movdqa xmm4,xmm0 + movdqa xmm3,xmm0 + psllq xmm0,5 + pxor xmm3,xmm0 + psllq xmm0,1 + pxor xmm0,xmm3 + psllq xmm0,57 + movdqa xmm3,xmm0 + pslldq xmm0,8 + psrldq xmm3,8 + pxor xmm0,xmm4 + pxor xmm1,xmm3 + movdqa xmm4,xmm0 + psrlq xmm0,1 + pxor xmm1,xmm4 + pxor xmm4,xmm0 + psrlq xmm0,5 + pxor xmm0,xmm4 + psrlq xmm0,1 + pxor xmm0,xmm1 + pshufd xmm3,xmm2,78 + pshufd xmm4,xmm0,78 + pxor xmm3,xmm2 + movdqu [edx],xmm2 + pxor xmm4,xmm0 + movdqu [16+edx],xmm0 +db 102,15,58,15,227,8 + movdqu [32+edx],xmm4 + ret +global _gcm_gmult_clmul +align 16 +_gcm_gmult_clmul: +L$_gcm_gmult_clmul_begin: + mov eax,DWORD [4+esp] + mov edx,DWORD [8+esp] + call L$011pic +L$011pic: + pop ecx + lea ecx,[(L$bswap-L$011pic)+ecx] + movdqu xmm0,[eax] + movdqa xmm5,[ecx] + movups xmm2,[edx] +db 102,15,56,0,197 + movups xmm4,[32+edx] + movdqa xmm1,xmm0 + pshufd xmm3,xmm0,78 + pxor xmm3,xmm0 +db 102,15,58,68,194,0 +db 102,15,58,68,202,17 +db 102,15,58,68,220,0 + xorps xmm3,xmm0 + xorps xmm3,xmm1 + movdqa xmm4,xmm3 + psrldq xmm3,8 + pslldq xmm4,8 + pxor xmm1,xmm3 + pxor xmm0,xmm4 + movdqa xmm4,xmm0 + movdqa xmm3,xmm0 + psllq xmm0,5 + pxor xmm3,xmm0 + psllq xmm0,1 + pxor xmm0,xmm3 + psllq xmm0,57 + movdqa xmm3,xmm0 + pslldq xmm0,8 + psrldq xmm3,8 + pxor xmm0,xmm4 + pxor xmm1,xmm3 + movdqa xmm4,xmm0 + psrlq xmm0,1 + pxor xmm1,xmm4 + pxor xmm4,xmm0 + psrlq xmm0,5 + pxor xmm0,xmm4 + psrlq xmm0,1 + pxor xmm0,xmm1 +db 102,15,56,0,197 + movdqu [eax],xmm0 + ret +global _gcm_ghash_clmul +align 16 +_gcm_ghash_clmul: +L$_gcm_ghash_clmul_begin: + push ebp + push ebx + push esi + push edi + mov eax,DWORD [20+esp] + mov edx,DWORD [24+esp] + mov esi,DWORD [28+esp] + mov ebx,DWORD [32+esp] + call L$012pic +L$012pic: + pop ecx + lea ecx,[(L$bswap-L$012pic)+ecx] + movdqu xmm0,[eax] + movdqa xmm5,[ecx] + movdqu xmm2,[edx] +db 102,15,56,0,197 + sub ebx,16 + jz NEAR L$013odd_tail + movdqu xmm3,[esi] + movdqu xmm6,[16+esi] +db 102,15,56,0,221 +db 102,15,56,0,245 + movdqu xmm5,[32+edx] + pxor xmm0,xmm3 + pshufd xmm3,xmm6,78 + movdqa xmm7,xmm6 + pxor xmm3,xmm6 + lea esi,[32+esi] +db 102,15,58,68,242,0 +db 102,15,58,68,250,17 +db 102,15,58,68,221,0 + movups xmm2,[16+edx] + nop + sub ebx,32 + jbe NEAR L$014even_tail + jmp NEAR L$015mod_loop +align 32 +L$015mod_loop: + pshufd xmm4,xmm0,78 + movdqa xmm1,xmm0 + pxor xmm4,xmm0 + nop +db 102,15,58,68,194,0 +db 102,15,58,68,202,17 +db 102,15,58,68,229,16 + movups xmm2,[edx] + xorps xmm0,xmm6 + movdqa xmm5,[ecx] + xorps xmm1,xmm7 + movdqu xmm7,[esi] + pxor xmm3,xmm0 + movdqu xmm6,[16+esi] + pxor xmm3,xmm1 +db 102,15,56,0,253 + pxor xmm4,xmm3 + movdqa xmm3,xmm4 + psrldq xmm4,8 + pslldq xmm3,8 + pxor xmm1,xmm4 + pxor xmm0,xmm3 +db 102,15,56,0,245 + pxor xmm1,xmm7 + movdqa xmm7,xmm6 + movdqa xmm4,xmm0 + movdqa xmm3,xmm0 + psllq xmm0,5 + pxor xmm3,xmm0 + psllq xmm0,1 + pxor xmm0,xmm3 +db 102,15,58,68,242,0 + movups xmm5,[32+edx] + psllq xmm0,57 + movdqa xmm3,xmm0 + pslldq xmm0,8 + psrldq xmm3,8 + pxor xmm0,xmm4 + pxor xmm1,xmm3 + pshufd xmm3,xmm7,78 + movdqa xmm4,xmm0 + psrlq xmm0,1 + pxor xmm3,xmm7 + pxor xmm1,xmm4 +db 102,15,58,68,250,17 + movups xmm2,[16+edx] + pxor xmm4,xmm0 + psrlq xmm0,5 + pxor xmm0,xmm4 + psrlq xmm0,1 + pxor xmm0,xmm1 +db 102,15,58,68,221,0 + lea esi,[32+esi] + sub ebx,32 + ja NEAR L$015mod_loop +L$014even_tail: + pshufd xmm4,xmm0,78 + movdqa xmm1,xmm0 + pxor xmm4,xmm0 +db 102,15,58,68,194,0 +db 102,15,58,68,202,17 +db 102,15,58,68,229,16 + movdqa xmm5,[ecx] + xorps xmm0,xmm6 + xorps xmm1,xmm7 + pxor xmm3,xmm0 + pxor xmm3,xmm1 + pxor xmm4,xmm3 + movdqa xmm3,xmm4 + psrldq xmm4,8 + pslldq xmm3,8 + pxor xmm1,xmm4 + pxor xmm0,xmm3 + movdqa xmm4,xmm0 + movdqa xmm3,xmm0 + psllq xmm0,5 + pxor xmm3,xmm0 + psllq xmm0,1 + pxor xmm0,xmm3 + psllq xmm0,57 + movdqa xmm3,xmm0 + pslldq xmm0,8 + psrldq xmm3,8 + pxor xmm0,xmm4 + pxor xmm1,xmm3 + movdqa xmm4,xmm0 + psrlq xmm0,1 + pxor xmm1,xmm4 + pxor xmm4,xmm0 + psrlq xmm0,5 + pxor xmm0,xmm4 + psrlq xmm0,1 + pxor xmm0,xmm1 + test ebx,ebx + jnz NEAR L$016done + movups xmm2,[edx] +L$013odd_tail: + movdqu xmm3,[esi] +db 102,15,56,0,221 + pxor xmm0,xmm3 + movdqa xmm1,xmm0 + pshufd xmm3,xmm0,78 + pshufd xmm4,xmm2,78 + pxor xmm3,xmm0 + pxor xmm4,xmm2 +db 102,15,58,68,194,0 +db 102,15,58,68,202,17 +db 102,15,58,68,220,0 + xorps xmm3,xmm0 + xorps xmm3,xmm1 + movdqa xmm4,xmm3 + psrldq xmm3,8 + pslldq xmm4,8 + pxor xmm1,xmm3 + pxor xmm0,xmm4 + movdqa xmm4,xmm0 + movdqa xmm3,xmm0 + psllq xmm0,5 + pxor xmm3,xmm0 + psllq xmm0,1 + pxor xmm0,xmm3 + psllq xmm0,57 + movdqa xmm3,xmm0 + pslldq xmm0,8 + psrldq xmm3,8 + pxor xmm0,xmm4 + pxor xmm1,xmm3 + movdqa xmm4,xmm0 + psrlq xmm0,1 + pxor xmm1,xmm4 + pxor xmm4,xmm0 + psrlq xmm0,5 + pxor xmm0,xmm4 + psrlq xmm0,1 + pxor xmm0,xmm1 +L$016done: +db 102,15,56,0,197 + movdqu [eax],xmm0 + pop edi + pop esi + pop ebx + pop ebp + ret +align 64 +L$bswap: +db 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 +db 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,194 +align 64 +L$rem_8bit: +dw 0,450,900,582,1800,1738,1164,1358 +dw 3600,4050,3476,3158,2328,2266,2716,2910 +dw 7200,7650,8100,7782,6952,6890,6316,6510 +dw 4656,5106,4532,4214,5432,5370,5820,6014 +dw 14400,14722,15300,14854,16200,16010,15564,15630 +dw 13904,14226,13780,13334,12632,12442,13020,13086 +dw 9312,9634,10212,9766,9064,8874,8428,8494 +dw 10864,11186,10740,10294,11640,11450,12028,12094 +dw 28800,28994,29444,29382,30600,30282,29708,30158 +dw 32400,32594,32020,31958,31128,30810,31260,31710 +dw 27808,28002,28452,28390,27560,27242,26668,27118 +dw 25264,25458,24884,24822,26040,25722,26172,26622 +dw 18624,18690,19268,19078,20424,19978,19532,19854 +dw 18128,18194,17748,17558,16856,16410,16988,17310 +dw 21728,21794,22372,22182,21480,21034,20588,20910 +dw 23280,23346,22900,22710,24056,23610,24188,24510 +dw 57600,57538,57988,58182,58888,59338,58764,58446 +dw 61200,61138,60564,60758,59416,59866,60316,59998 +dw 64800,64738,65188,65382,64040,64490,63916,63598 +dw 62256,62194,61620,61814,62520,62970,63420,63102 +dw 55616,55426,56004,56070,56904,57226,56780,56334 +dw 55120,54930,54484,54550,53336,53658,54236,53790 +dw 50528,50338,50916,50982,49768,50090,49644,49198 +dw 52080,51890,51444,51510,52344,52666,53244,52798 +dw 37248,36930,37380,37830,38536,38730,38156,38094 +dw 40848,40530,39956,40406,39064,39258,39708,39646 +dw 36256,35938,36388,36838,35496,35690,35116,35054 +dw 33712,33394,32820,33270,33976,34170,34620,34558 +dw 43456,43010,43588,43910,44744,44810,44364,44174 +dw 42960,42514,42068,42390,41176,41242,41820,41630 +dw 46560,46114,46692,47014,45800,45866,45420,45230 +dw 48112,47666,47220,47542,48376,48442,49020,48830 +align 64 +L$rem_4bit: +dd 0,0,0,471859200,0,943718400,0,610271232 +dd 0,1887436800,0,1822425088,0,1220542464,0,1423966208 +dd 0,3774873600,0,4246732800,0,3644850176,0,3311403008 +dd 0,2441084928,0,2376073216,0,2847932416,0,3051356160 +db 71,72,65,83,72,32,102,111,114,32,120,56,54,44,32,67 +db 82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112 +db 112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62 +db 0 diff --git a/win-x86/crypto/rc4/rc4-586.asm b/win-x86/crypto/rc4/rc4-586.asm new file mode 100644 index 0000000..08cd9f6 --- /dev/null +++ b/win-x86/crypto/rc4/rc4-586.asm @@ -0,0 +1,382 @@ +%ifidn __OUTPUT_FORMAT__,obj +section code use32 class=code align=64 +%elifidn __OUTPUT_FORMAT__,win32 +%ifdef __YASM_VERSION_ID__ +%if __YASM_VERSION_ID__ < 01010000h +%error yasm version 1.1.0 or later needed. +%endif +; Yasm automatically includes .00 and complains about redefining it. +; https://www.tortall.net/projects/yasm/manual/html/objfmt-win32-safeseh.html +%else +$@feat.00 equ 1 +%endif +section .text code align=64 +%else +section .text code +%endif +;extern _OPENSSL_ia32cap_P +global _asm_RC4 +align 16 +_asm_RC4: +L$_asm_RC4_begin: + push ebp + push ebx + push esi + push edi + mov edi,DWORD [20+esp] + mov edx,DWORD [24+esp] + mov esi,DWORD [28+esp] + mov ebp,DWORD [32+esp] + xor eax,eax + xor ebx,ebx + cmp edx,0 + je NEAR L$000abort + mov al,BYTE [edi] + mov bl,BYTE [4+edi] + add edi,8 + lea ecx,[edx*1+esi] + sub ebp,esi + mov DWORD [24+esp],ecx + inc al + cmp DWORD [256+edi],-1 + je NEAR L$001RC4_CHAR + mov ecx,DWORD [eax*4+edi] + and edx,-4 + jz NEAR L$002loop1 + mov DWORD [32+esp],ebp + test edx,-8 + jz NEAR L$003go4loop4 + lea ebp,[_OPENSSL_ia32cap_P] + bt DWORD [ebp],26 + jnc NEAR L$003go4loop4 + mov ebp,DWORD [32+esp] + and edx,-8 + lea edx,[edx*1+esi-8] + mov DWORD [edi-4],edx + add bl,cl + mov edx,DWORD [ebx*4+edi] + mov DWORD [ebx*4+edi],ecx + mov DWORD [eax*4+edi],edx + inc eax + add edx,ecx + movzx eax,al + movzx edx,dl + movq mm0,[esi] + mov ecx,DWORD [eax*4+edi] + movd mm2,DWORD [edx*4+edi] + jmp NEAR L$004loop_mmx_enter +align 16 +L$005loop_mmx: + add bl,cl + psllq mm1,56 + mov edx,DWORD [ebx*4+edi] + mov DWORD [ebx*4+edi],ecx + mov DWORD [eax*4+edi],edx + inc eax + add edx,ecx + movzx eax,al + movzx edx,dl + pxor mm2,mm1 + movq mm0,[esi] + movq [esi*1+ebp-8],mm2 + mov ecx,DWORD [eax*4+edi] + movd mm2,DWORD [edx*4+edi] +L$004loop_mmx_enter: + add bl,cl + mov edx,DWORD [ebx*4+edi] + mov DWORD [ebx*4+edi],ecx + mov DWORD [eax*4+edi],edx + inc eax + add edx,ecx + movzx eax,al + movzx edx,dl + pxor mm2,mm0 + mov ecx,DWORD [eax*4+edi] + movd mm1,DWORD [edx*4+edi] + add bl,cl + psllq mm1,8 + mov edx,DWORD [ebx*4+edi] + mov DWORD [ebx*4+edi],ecx + mov DWORD [eax*4+edi],edx + inc eax + add edx,ecx + movzx eax,al + movzx edx,dl + pxor mm2,mm1 + mov ecx,DWORD [eax*4+edi] + movd mm1,DWORD [edx*4+edi] + add bl,cl + psllq mm1,16 + mov edx,DWORD [ebx*4+edi] + mov DWORD [ebx*4+edi],ecx + mov DWORD [eax*4+edi],edx + inc eax + add edx,ecx + movzx eax,al + movzx edx,dl + pxor mm2,mm1 + mov ecx,DWORD [eax*4+edi] + movd mm1,DWORD [edx*4+edi] + add bl,cl + psllq mm1,24 + mov edx,DWORD [ebx*4+edi] + mov DWORD [ebx*4+edi],ecx + mov DWORD [eax*4+edi],edx + inc eax + add edx,ecx + movzx eax,al + movzx edx,dl + pxor mm2,mm1 + mov ecx,DWORD [eax*4+edi] + movd mm1,DWORD [edx*4+edi] + add bl,cl + psllq mm1,32 + mov edx,DWORD [ebx*4+edi] + mov DWORD [ebx*4+edi],ecx + mov DWORD [eax*4+edi],edx + inc eax + add edx,ecx + movzx eax,al + movzx edx,dl + pxor mm2,mm1 + mov ecx,DWORD [eax*4+edi] + movd mm1,DWORD [edx*4+edi] + add bl,cl + psllq mm1,40 + mov edx,DWORD [ebx*4+edi] + mov DWORD [ebx*4+edi],ecx + mov DWORD [eax*4+edi],edx + inc eax + add edx,ecx + movzx eax,al + movzx edx,dl + pxor mm2,mm1 + mov ecx,DWORD [eax*4+edi] + movd mm1,DWORD [edx*4+edi] + add bl,cl + psllq mm1,48 + mov edx,DWORD [ebx*4+edi] + mov DWORD [ebx*4+edi],ecx + mov DWORD [eax*4+edi],edx + inc eax + add edx,ecx + movzx eax,al + movzx edx,dl + pxor mm2,mm1 + mov ecx,DWORD [eax*4+edi] + movd mm1,DWORD [edx*4+edi] + mov edx,ebx + xor ebx,ebx + mov bl,dl + cmp esi,DWORD [edi-4] + lea esi,[8+esi] + jb NEAR L$005loop_mmx + psllq mm1,56 + pxor mm2,mm1 + movq [esi*1+ebp-8],mm2 + emms + cmp esi,DWORD [24+esp] + je NEAR L$006done + jmp NEAR L$002loop1 +align 16 +L$003go4loop4: + lea edx,[edx*1+esi-4] + mov DWORD [28+esp],edx +L$007loop4: + add bl,cl + mov edx,DWORD [ebx*4+edi] + mov DWORD [ebx*4+edi],ecx + mov DWORD [eax*4+edi],edx + add edx,ecx + inc al + and edx,255 + mov ecx,DWORD [eax*4+edi] + mov ebp,DWORD [edx*4+edi] + add bl,cl + mov edx,DWORD [ebx*4+edi] + mov DWORD [ebx*4+edi],ecx + mov DWORD [eax*4+edi],edx + add edx,ecx + inc al + and edx,255 + ror ebp,8 + mov ecx,DWORD [eax*4+edi] + or ebp,DWORD [edx*4+edi] + add bl,cl + mov edx,DWORD [ebx*4+edi] + mov DWORD [ebx*4+edi],ecx + mov DWORD [eax*4+edi],edx + add edx,ecx + inc al + and edx,255 + ror ebp,8 + mov ecx,DWORD [eax*4+edi] + or ebp,DWORD [edx*4+edi] + add bl,cl + mov edx,DWORD [ebx*4+edi] + mov DWORD [ebx*4+edi],ecx + mov DWORD [eax*4+edi],edx + add edx,ecx + inc al + and edx,255 + ror ebp,8 + mov ecx,DWORD [32+esp] + or ebp,DWORD [edx*4+edi] + ror ebp,8 + xor ebp,DWORD [esi] + cmp esi,DWORD [28+esp] + mov DWORD [esi*1+ecx],ebp + lea esi,[4+esi] + mov ecx,DWORD [eax*4+edi] + jb NEAR L$007loop4 + cmp esi,DWORD [24+esp] + je NEAR L$006done + mov ebp,DWORD [32+esp] +align 16 +L$002loop1: + add bl,cl + mov edx,DWORD [ebx*4+edi] + mov DWORD [ebx*4+edi],ecx + mov DWORD [eax*4+edi],edx + add edx,ecx + inc al + and edx,255 + mov edx,DWORD [edx*4+edi] + xor dl,BYTE [esi] + lea esi,[1+esi] + mov ecx,DWORD [eax*4+edi] + cmp esi,DWORD [24+esp] + mov BYTE [esi*1+ebp-1],dl + jb NEAR L$002loop1 + jmp NEAR L$006done +align 16 +L$001RC4_CHAR: + movzx ecx,BYTE [eax*1+edi] +L$008cloop1: + add bl,cl + movzx edx,BYTE [ebx*1+edi] + mov BYTE [ebx*1+edi],cl + mov BYTE [eax*1+edi],dl + add dl,cl + movzx edx,BYTE [edx*1+edi] + add al,1 + xor dl,BYTE [esi] + lea esi,[1+esi] + movzx ecx,BYTE [eax*1+edi] + cmp esi,DWORD [24+esp] + mov BYTE [esi*1+ebp-1],dl + jb NEAR L$008cloop1 +L$006done: + dec al + mov DWORD [edi-4],ebx + mov BYTE [edi-8],al +L$000abort: + pop edi + pop esi + pop ebx + pop ebp + ret +global _asm_RC4_set_key +align 16 +_asm_RC4_set_key: +L$_asm_RC4_set_key_begin: + push ebp + push ebx + push esi + push edi + mov edi,DWORD [20+esp] + mov ebp,DWORD [24+esp] + mov esi,DWORD [28+esp] + lea edx,[_OPENSSL_ia32cap_P] + lea edi,[8+edi] + lea esi,[ebp*1+esi] + neg ebp + xor eax,eax + mov DWORD [edi-4],ebp + bt DWORD [edx],20 + jc NEAR L$009c1stloop +align 16 +L$010w1stloop: + mov DWORD [eax*4+edi],eax + add al,1 + jnc NEAR L$010w1stloop + xor ecx,ecx + xor edx,edx +align 16 +L$011w2ndloop: + mov eax,DWORD [ecx*4+edi] + add dl,BYTE [ebp*1+esi] + add dl,al + add ebp,1 + mov ebx,DWORD [edx*4+edi] + jnz NEAR L$012wnowrap + mov ebp,DWORD [edi-4] +L$012wnowrap: + mov DWORD [edx*4+edi],eax + mov DWORD [ecx*4+edi],ebx + add cl,1 + jnc NEAR L$011w2ndloop + jmp NEAR L$013exit +align 16 +L$009c1stloop: + mov BYTE [eax*1+edi],al + add al,1 + jnc NEAR L$009c1stloop + xor ecx,ecx + xor edx,edx + xor ebx,ebx +align 16 +L$014c2ndloop: + mov al,BYTE [ecx*1+edi] + add dl,BYTE [ebp*1+esi] + add dl,al + add ebp,1 + mov bl,BYTE [edx*1+edi] + jnz NEAR L$015cnowrap + mov ebp,DWORD [edi-4] +L$015cnowrap: + mov BYTE [edx*1+edi],al + mov BYTE [ecx*1+edi],bl + add cl,1 + jnc NEAR L$014c2ndloop + mov DWORD [256+edi],-1 +L$013exit: + xor eax,eax + mov DWORD [edi-8],eax + mov DWORD [edi-4],eax + pop edi + pop esi + pop ebx + pop ebp + ret +global _RC4_options +align 16 +_RC4_options: +L$_RC4_options_begin: + call L$016pic_point +L$016pic_point: + pop eax + lea eax,[(L$017opts-L$016pic_point)+eax] + lea edx,[_OPENSSL_ia32cap_P] + mov edx,DWORD [edx] + bt edx,20 + jc NEAR L$0181xchar + bt edx,26 + jnc NEAR L$019ret + add eax,25 + ret +L$0181xchar: + add eax,12 +L$019ret: + ret +align 64 +L$017opts: +db 114,99,52,40,52,120,44,105,110,116,41,0 +db 114,99,52,40,49,120,44,99,104,97,114,41,0 +db 114,99,52,40,56,120,44,109,109,120,41,0 +db 82,67,52,32,102,111,114,32,120,56,54,44,32,67,82,89 +db 80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114 +db 111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 +align 64 +segment .bss +common _OPENSSL_ia32cap_P 16 diff --git a/win-x86/crypto/sha/sha1-586.asm b/win-x86/crypto/sha/sha1-586.asm new file mode 100644 index 0000000..e24449d --- /dev/null +++ b/win-x86/crypto/sha/sha1-586.asm @@ -0,0 +1,2805 @@ +%ifidn __OUTPUT_FORMAT__,obj +section code use32 class=code align=64 +%elifidn __OUTPUT_FORMAT__,win32 +%ifdef __YASM_VERSION_ID__ +%if __YASM_VERSION_ID__ < 01010000h +%error yasm version 1.1.0 or later needed. +%endif +; Yasm automatically includes .00 and complains about redefining it. +; https://www.tortall.net/projects/yasm/manual/html/objfmt-win32-safeseh.html +%else +$@feat.00 equ 1 +%endif +section .text code align=64 +%else +section .text code +%endif +;extern _OPENSSL_ia32cap_P +global _sha1_block_data_order +align 16 +_sha1_block_data_order: +L$_sha1_block_data_order_begin: + push ebp + push ebx + push esi + push edi + call L$000pic_point +L$000pic_point: + pop ebp + lea esi,[_OPENSSL_ia32cap_P] + lea ebp,[(L$K_XX_XX-L$000pic_point)+ebp] + mov eax,DWORD [esi] + mov edx,DWORD [4+esi] + test edx,512 + jz NEAR L$001x86 + mov ecx,DWORD [8+esi] + test eax,16777216 + jz NEAR L$001x86 + test ecx,536870912 + jnz NEAR L$shaext_shortcut + jmp NEAR L$ssse3_shortcut +align 16 +L$001x86: + mov ebp,DWORD [20+esp] + mov esi,DWORD [24+esp] + mov eax,DWORD [28+esp] + sub esp,76 + shl eax,6 + add eax,esi + mov DWORD [104+esp],eax + mov edi,DWORD [16+ebp] + jmp NEAR L$002loop +align 16 +L$002loop: + mov eax,DWORD [esi] + mov ebx,DWORD [4+esi] + mov ecx,DWORD [8+esi] + mov edx,DWORD [12+esi] + bswap eax + bswap ebx + bswap ecx + bswap edx + mov DWORD [esp],eax + mov DWORD [4+esp],ebx + mov DWORD [8+esp],ecx + mov DWORD [12+esp],edx + mov eax,DWORD [16+esi] + mov ebx,DWORD [20+esi] + mov ecx,DWORD [24+esi] + mov edx,DWORD [28+esi] + bswap eax + bswap ebx + bswap ecx + bswap edx + mov DWORD [16+esp],eax + mov DWORD [20+esp],ebx + mov DWORD [24+esp],ecx + mov DWORD [28+esp],edx + mov eax,DWORD [32+esi] + mov ebx,DWORD [36+esi] + mov ecx,DWORD [40+esi] + mov edx,DWORD [44+esi] + bswap eax + bswap ebx + bswap ecx + bswap edx + mov DWORD [32+esp],eax + mov DWORD [36+esp],ebx + mov DWORD [40+esp],ecx + mov DWORD [44+esp],edx + mov eax,DWORD [48+esi] + mov ebx,DWORD [52+esi] + mov ecx,DWORD [56+esi] + mov edx,DWORD [60+esi] + bswap eax + bswap ebx + bswap ecx + bswap edx + mov DWORD [48+esp],eax + mov DWORD [52+esp],ebx + mov DWORD [56+esp],ecx + mov DWORD [60+esp],edx + mov DWORD [100+esp],esi + mov eax,DWORD [ebp] + mov ebx,DWORD [4+ebp] + mov ecx,DWORD [8+ebp] + mov edx,DWORD [12+ebp] + ; 00_15 0 + mov esi,ecx + mov ebp,eax + rol ebp,5 + xor esi,edx + add ebp,edi + mov edi,DWORD [esp] + and esi,ebx + ror ebx,2 + xor esi,edx + lea ebp,[1518500249+edi*1+ebp] + add ebp,esi + ; 00_15 1 + mov edi,ebx + mov esi,ebp + rol ebp,5 + xor edi,ecx + add ebp,edx + mov edx,DWORD [4+esp] + and edi,eax + ror eax,2 + xor edi,ecx + lea ebp,[1518500249+edx*1+ebp] + add ebp,edi + ; 00_15 2 + mov edx,eax + mov edi,ebp + rol ebp,5 + xor edx,ebx + add ebp,ecx + mov ecx,DWORD [8+esp] + and edx,esi + ror esi,2 + xor edx,ebx + lea ebp,[1518500249+ecx*1+ebp] + add ebp,edx + ; 00_15 3 + mov ecx,esi + mov edx,ebp + rol ebp,5 + xor ecx,eax + add ebp,ebx + mov ebx,DWORD [12+esp] + and ecx,edi + ror edi,2 + xor ecx,eax + lea ebp,[1518500249+ebx*1+ebp] + add ebp,ecx + ; 00_15 4 + mov ebx,edi + mov ecx,ebp + rol ebp,5 + xor ebx,esi + add ebp,eax + mov eax,DWORD [16+esp] + and ebx,edx + ror edx,2 + xor ebx,esi + lea ebp,[1518500249+eax*1+ebp] + add ebp,ebx + ; 00_15 5 + mov eax,edx + mov ebx,ebp + rol ebp,5 + xor eax,edi + add ebp,esi + mov esi,DWORD [20+esp] + and eax,ecx + ror ecx,2 + xor eax,edi + lea ebp,[1518500249+esi*1+ebp] + add ebp,eax + ; 00_15 6 + mov esi,ecx + mov eax,ebp + rol ebp,5 + xor esi,edx + add ebp,edi + mov edi,DWORD [24+esp] + and esi,ebx + ror ebx,2 + xor esi,edx + lea ebp,[1518500249+edi*1+ebp] + add ebp,esi + ; 00_15 7 + mov edi,ebx + mov esi,ebp + rol ebp,5 + xor edi,ecx + add ebp,edx + mov edx,DWORD [28+esp] + and edi,eax + ror eax,2 + xor edi,ecx + lea ebp,[1518500249+edx*1+ebp] + add ebp,edi + ; 00_15 8 + mov edx,eax + mov edi,ebp + rol ebp,5 + xor edx,ebx + add ebp,ecx + mov ecx,DWORD [32+esp] + and edx,esi + ror esi,2 + xor edx,ebx + lea ebp,[1518500249+ecx*1+ebp] + add ebp,edx + ; 00_15 9 + mov ecx,esi + mov edx,ebp + rol ebp,5 + xor ecx,eax + add ebp,ebx + mov ebx,DWORD [36+esp] + and ecx,edi + ror edi,2 + xor ecx,eax + lea ebp,[1518500249+ebx*1+ebp] + add ebp,ecx + ; 00_15 10 + mov ebx,edi + mov ecx,ebp + rol ebp,5 + xor ebx,esi + add ebp,eax + mov eax,DWORD [40+esp] + and ebx,edx + ror edx,2 + xor ebx,esi + lea ebp,[1518500249+eax*1+ebp] + add ebp,ebx + ; 00_15 11 + mov eax,edx + mov ebx,ebp + rol ebp,5 + xor eax,edi + add ebp,esi + mov esi,DWORD [44+esp] + and eax,ecx + ror ecx,2 + xor eax,edi + lea ebp,[1518500249+esi*1+ebp] + add ebp,eax + ; 00_15 12 + mov esi,ecx + mov eax,ebp + rol ebp,5 + xor esi,edx + add ebp,edi + mov edi,DWORD [48+esp] + and esi,ebx + ror ebx,2 + xor esi,edx + lea ebp,[1518500249+edi*1+ebp] + add ebp,esi + ; 00_15 13 + mov edi,ebx + mov esi,ebp + rol ebp,5 + xor edi,ecx + add ebp,edx + mov edx,DWORD [52+esp] + and edi,eax + ror eax,2 + xor edi,ecx + lea ebp,[1518500249+edx*1+ebp] + add ebp,edi + ; 00_15 14 + mov edx,eax + mov edi,ebp + rol ebp,5 + xor edx,ebx + add ebp,ecx + mov ecx,DWORD [56+esp] + and edx,esi + ror esi,2 + xor edx,ebx + lea ebp,[1518500249+ecx*1+ebp] + add ebp,edx + ; 00_15 15 + mov ecx,esi + mov edx,ebp + rol ebp,5 + xor ecx,eax + add ebp,ebx + mov ebx,DWORD [60+esp] + and ecx,edi + ror edi,2 + xor ecx,eax + lea ebp,[1518500249+ebx*1+ebp] + mov ebx,DWORD [esp] + add ecx,ebp + ; 16_19 16 + mov ebp,edi + xor ebx,DWORD [8+esp] + xor ebp,esi + xor ebx,DWORD [32+esp] + and ebp,edx + xor ebx,DWORD [52+esp] + rol ebx,1 + xor ebp,esi + add eax,ebp + mov ebp,ecx + ror edx,2 + mov DWORD [esp],ebx + rol ebp,5 + lea ebx,[1518500249+eax*1+ebx] + mov eax,DWORD [4+esp] + add ebx,ebp + ; 16_19 17 + mov ebp,edx + xor eax,DWORD [12+esp] + xor ebp,edi + xor eax,DWORD [36+esp] + and ebp,ecx + xor eax,DWORD [56+esp] + rol eax,1 + xor ebp,edi + add esi,ebp + mov ebp,ebx + ror ecx,2 + mov DWORD [4+esp],eax + rol ebp,5 + lea eax,[1518500249+esi*1+eax] + mov esi,DWORD [8+esp] + add eax,ebp + ; 16_19 18 + mov ebp,ecx + xor esi,DWORD [16+esp] + xor ebp,edx + xor esi,DWORD [40+esp] + and ebp,ebx + xor esi,DWORD [60+esp] + rol esi,1 + xor ebp,edx + add edi,ebp + mov ebp,eax + ror ebx,2 + mov DWORD [8+esp],esi + rol ebp,5 + lea esi,[1518500249+edi*1+esi] + mov edi,DWORD [12+esp] + add esi,ebp + ; 16_19 19 + mov ebp,ebx + xor edi,DWORD [20+esp] + xor ebp,ecx + xor edi,DWORD [44+esp] + and ebp,eax + xor edi,DWORD [esp] + rol edi,1 + xor ebp,ecx + add edx,ebp + mov ebp,esi + ror eax,2 + mov DWORD [12+esp],edi + rol ebp,5 + lea edi,[1518500249+edx*1+edi] + mov edx,DWORD [16+esp] + add edi,ebp + ; 20_39 20 + mov ebp,esi + xor edx,DWORD [24+esp] + xor ebp,eax + xor edx,DWORD [48+esp] + xor ebp,ebx + xor edx,DWORD [4+esp] + rol edx,1 + add ecx,ebp + ror esi,2 + mov ebp,edi + rol ebp,5 + mov DWORD [16+esp],edx + lea edx,[1859775393+ecx*1+edx] + mov ecx,DWORD [20+esp] + add edx,ebp + ; 20_39 21 + mov ebp,edi + xor ecx,DWORD [28+esp] + xor ebp,esi + xor ecx,DWORD [52+esp] + xor ebp,eax + xor ecx,DWORD [8+esp] + rol ecx,1 + add ebx,ebp + ror edi,2 + mov ebp,edx + rol ebp,5 + mov DWORD [20+esp],ecx + lea ecx,[1859775393+ebx*1+ecx] + mov ebx,DWORD [24+esp] + add ecx,ebp + ; 20_39 22 + mov ebp,edx + xor ebx,DWORD [32+esp] + xor ebp,edi + xor ebx,DWORD [56+esp] + xor ebp,esi + xor ebx,DWORD [12+esp] + rol ebx,1 + add eax,ebp + ror edx,2 + mov ebp,ecx + rol ebp,5 + mov DWORD [24+esp],ebx + lea ebx,[1859775393+eax*1+ebx] + mov eax,DWORD [28+esp] + add ebx,ebp + ; 20_39 23 + mov ebp,ecx + xor eax,DWORD [36+esp] + xor ebp,edx + xor eax,DWORD [60+esp] + xor ebp,edi + xor eax,DWORD [16+esp] + rol eax,1 + add esi,ebp + ror ecx,2 + mov ebp,ebx + rol ebp,5 + mov DWORD [28+esp],eax + lea eax,[1859775393+esi*1+eax] + mov esi,DWORD [32+esp] + add eax,ebp + ; 20_39 24 + mov ebp,ebx + xor esi,DWORD [40+esp] + xor ebp,ecx + xor esi,DWORD [esp] + xor ebp,edx + xor esi,DWORD [20+esp] + rol esi,1 + add edi,ebp + ror ebx,2 + mov ebp,eax + rol ebp,5 + mov DWORD [32+esp],esi + lea esi,[1859775393+edi*1+esi] + mov edi,DWORD [36+esp] + add esi,ebp + ; 20_39 25 + mov ebp,eax + xor edi,DWORD [44+esp] + xor ebp,ebx + xor edi,DWORD [4+esp] + xor ebp,ecx + xor edi,DWORD [24+esp] + rol edi,1 + add edx,ebp + ror eax,2 + mov ebp,esi + rol ebp,5 + mov DWORD [36+esp],edi + lea edi,[1859775393+edx*1+edi] + mov edx,DWORD [40+esp] + add edi,ebp + ; 20_39 26 + mov ebp,esi + xor edx,DWORD [48+esp] + xor ebp,eax + xor edx,DWORD [8+esp] + xor ebp,ebx + xor edx,DWORD [28+esp] + rol edx,1 + add ecx,ebp + ror esi,2 + mov ebp,edi + rol ebp,5 + mov DWORD [40+esp],edx + lea edx,[1859775393+ecx*1+edx] + mov ecx,DWORD [44+esp] + add edx,ebp + ; 20_39 27 + mov ebp,edi + xor ecx,DWORD [52+esp] + xor ebp,esi + xor ecx,DWORD [12+esp] + xor ebp,eax + xor ecx,DWORD [32+esp] + rol ecx,1 + add ebx,ebp + ror edi,2 + mov ebp,edx + rol ebp,5 + mov DWORD [44+esp],ecx + lea ecx,[1859775393+ebx*1+ecx] + mov ebx,DWORD [48+esp] + add ecx,ebp + ; 20_39 28 + mov ebp,edx + xor ebx,DWORD [56+esp] + xor ebp,edi + xor ebx,DWORD [16+esp] + xor ebp,esi + xor ebx,DWORD [36+esp] + rol ebx,1 + add eax,ebp + ror edx,2 + mov ebp,ecx + rol ebp,5 + mov DWORD [48+esp],ebx + lea ebx,[1859775393+eax*1+ebx] + mov eax,DWORD [52+esp] + add ebx,ebp + ; 20_39 29 + mov ebp,ecx + xor eax,DWORD [60+esp] + xor ebp,edx + xor eax,DWORD [20+esp] + xor ebp,edi + xor eax,DWORD [40+esp] + rol eax,1 + add esi,ebp + ror ecx,2 + mov ebp,ebx + rol ebp,5 + mov DWORD [52+esp],eax + lea eax,[1859775393+esi*1+eax] + mov esi,DWORD [56+esp] + add eax,ebp + ; 20_39 30 + mov ebp,ebx + xor esi,DWORD [esp] + xor ebp,ecx + xor esi,DWORD [24+esp] + xor ebp,edx + xor esi,DWORD [44+esp] + rol esi,1 + add edi,ebp + ror ebx,2 + mov ebp,eax + rol ebp,5 + mov DWORD [56+esp],esi + lea esi,[1859775393+edi*1+esi] + mov edi,DWORD [60+esp] + add esi,ebp + ; 20_39 31 + mov ebp,eax + xor edi,DWORD [4+esp] + xor ebp,ebx + xor edi,DWORD [28+esp] + xor ebp,ecx + xor edi,DWORD [48+esp] + rol edi,1 + add edx,ebp + ror eax,2 + mov ebp,esi + rol ebp,5 + mov DWORD [60+esp],edi + lea edi,[1859775393+edx*1+edi] + mov edx,DWORD [esp] + add edi,ebp + ; 20_39 32 + mov ebp,esi + xor edx,DWORD [8+esp] + xor ebp,eax + xor edx,DWORD [32+esp] + xor ebp,ebx + xor edx,DWORD [52+esp] + rol edx,1 + add ecx,ebp + ror esi,2 + mov ebp,edi + rol ebp,5 + mov DWORD [esp],edx + lea edx,[1859775393+ecx*1+edx] + mov ecx,DWORD [4+esp] + add edx,ebp + ; 20_39 33 + mov ebp,edi + xor ecx,DWORD [12+esp] + xor ebp,esi + xor ecx,DWORD [36+esp] + xor ebp,eax + xor ecx,DWORD [56+esp] + rol ecx,1 + add ebx,ebp + ror edi,2 + mov ebp,edx + rol ebp,5 + mov DWORD [4+esp],ecx + lea ecx,[1859775393+ebx*1+ecx] + mov ebx,DWORD [8+esp] + add ecx,ebp + ; 20_39 34 + mov ebp,edx + xor ebx,DWORD [16+esp] + xor ebp,edi + xor ebx,DWORD [40+esp] + xor ebp,esi + xor ebx,DWORD [60+esp] + rol ebx,1 + add eax,ebp + ror edx,2 + mov ebp,ecx + rol ebp,5 + mov DWORD [8+esp],ebx + lea ebx,[1859775393+eax*1+ebx] + mov eax,DWORD [12+esp] + add ebx,ebp + ; 20_39 35 + mov ebp,ecx + xor eax,DWORD [20+esp] + xor ebp,edx + xor eax,DWORD [44+esp] + xor ebp,edi + xor eax,DWORD [esp] + rol eax,1 + add esi,ebp + ror ecx,2 + mov ebp,ebx + rol ebp,5 + mov DWORD [12+esp],eax + lea eax,[1859775393+esi*1+eax] + mov esi,DWORD [16+esp] + add eax,ebp + ; 20_39 36 + mov ebp,ebx + xor esi,DWORD [24+esp] + xor ebp,ecx + xor esi,DWORD [48+esp] + xor ebp,edx + xor esi,DWORD [4+esp] + rol esi,1 + add edi,ebp + ror ebx,2 + mov ebp,eax + rol ebp,5 + mov DWORD [16+esp],esi + lea esi,[1859775393+edi*1+esi] + mov edi,DWORD [20+esp] + add esi,ebp + ; 20_39 37 + mov ebp,eax + xor edi,DWORD [28+esp] + xor ebp,ebx + xor edi,DWORD [52+esp] + xor ebp,ecx + xor edi,DWORD [8+esp] + rol edi,1 + add edx,ebp + ror eax,2 + mov ebp,esi + rol ebp,5 + mov DWORD [20+esp],edi + lea edi,[1859775393+edx*1+edi] + mov edx,DWORD [24+esp] + add edi,ebp + ; 20_39 38 + mov ebp,esi + xor edx,DWORD [32+esp] + xor ebp,eax + xor edx,DWORD [56+esp] + xor ebp,ebx + xor edx,DWORD [12+esp] + rol edx,1 + add ecx,ebp + ror esi,2 + mov ebp,edi + rol ebp,5 + mov DWORD [24+esp],edx + lea edx,[1859775393+ecx*1+edx] + mov ecx,DWORD [28+esp] + add edx,ebp + ; 20_39 39 + mov ebp,edi + xor ecx,DWORD [36+esp] + xor ebp,esi + xor ecx,DWORD [60+esp] + xor ebp,eax + xor ecx,DWORD [16+esp] + rol ecx,1 + add ebx,ebp + ror edi,2 + mov ebp,edx + rol ebp,5 + mov DWORD [28+esp],ecx + lea ecx,[1859775393+ebx*1+ecx] + mov ebx,DWORD [32+esp] + add ecx,ebp + ; 40_59 40 + mov ebp,edi + xor ebx,DWORD [40+esp] + xor ebp,esi + xor ebx,DWORD [esp] + and ebp,edx + xor ebx,DWORD [20+esp] + rol ebx,1 + add ebp,eax + ror edx,2 + mov eax,ecx + rol eax,5 + mov DWORD [32+esp],ebx + lea ebx,[2400959708+ebp*1+ebx] + mov ebp,edi + add ebx,eax + and ebp,esi + mov eax,DWORD [36+esp] + add ebx,ebp + ; 40_59 41 + mov ebp,edx + xor eax,DWORD [44+esp] + xor ebp,edi + xor eax,DWORD [4+esp] + and ebp,ecx + xor eax,DWORD [24+esp] + rol eax,1 + add ebp,esi + ror ecx,2 + mov esi,ebx + rol esi,5 + mov DWORD [36+esp],eax + lea eax,[2400959708+ebp*1+eax] + mov ebp,edx + add eax,esi + and ebp,edi + mov esi,DWORD [40+esp] + add eax,ebp + ; 40_59 42 + mov ebp,ecx + xor esi,DWORD [48+esp] + xor ebp,edx + xor esi,DWORD [8+esp] + and ebp,ebx + xor esi,DWORD [28+esp] + rol esi,1 + add ebp,edi + ror ebx,2 + mov edi,eax + rol edi,5 + mov DWORD [40+esp],esi + lea esi,[2400959708+ebp*1+esi] + mov ebp,ecx + add esi,edi + and ebp,edx + mov edi,DWORD [44+esp] + add esi,ebp + ; 40_59 43 + mov ebp,ebx + xor edi,DWORD [52+esp] + xor ebp,ecx + xor edi,DWORD [12+esp] + and ebp,eax + xor edi,DWORD [32+esp] + rol edi,1 + add ebp,edx + ror eax,2 + mov edx,esi + rol edx,5 + mov DWORD [44+esp],edi + lea edi,[2400959708+ebp*1+edi] + mov ebp,ebx + add edi,edx + and ebp,ecx + mov edx,DWORD [48+esp] + add edi,ebp + ; 40_59 44 + mov ebp,eax + xor edx,DWORD [56+esp] + xor ebp,ebx + xor edx,DWORD [16+esp] + and ebp,esi + xor edx,DWORD [36+esp] + rol edx,1 + add ebp,ecx + ror esi,2 + mov ecx,edi + rol ecx,5 + mov DWORD [48+esp],edx + lea edx,[2400959708+ebp*1+edx] + mov ebp,eax + add edx,ecx + and ebp,ebx + mov ecx,DWORD [52+esp] + add edx,ebp + ; 40_59 45 + mov ebp,esi + xor ecx,DWORD [60+esp] + xor ebp,eax + xor ecx,DWORD [20+esp] + and ebp,edi + xor ecx,DWORD [40+esp] + rol ecx,1 + add ebp,ebx + ror edi,2 + mov ebx,edx + rol ebx,5 + mov DWORD [52+esp],ecx + lea ecx,[2400959708+ebp*1+ecx] + mov ebp,esi + add ecx,ebx + and ebp,eax + mov ebx,DWORD [56+esp] + add ecx,ebp + ; 40_59 46 + mov ebp,edi + xor ebx,DWORD [esp] + xor ebp,esi + xor ebx,DWORD [24+esp] + and ebp,edx + xor ebx,DWORD [44+esp] + rol ebx,1 + add ebp,eax + ror edx,2 + mov eax,ecx + rol eax,5 + mov DWORD [56+esp],ebx + lea ebx,[2400959708+ebp*1+ebx] + mov ebp,edi + add ebx,eax + and ebp,esi + mov eax,DWORD [60+esp] + add ebx,ebp + ; 40_59 47 + mov ebp,edx + xor eax,DWORD [4+esp] + xor ebp,edi + xor eax,DWORD [28+esp] + and ebp,ecx + xor eax,DWORD [48+esp] + rol eax,1 + add ebp,esi + ror ecx,2 + mov esi,ebx + rol esi,5 + mov DWORD [60+esp],eax + lea eax,[2400959708+ebp*1+eax] + mov ebp,edx + add eax,esi + and ebp,edi + mov esi,DWORD [esp] + add eax,ebp + ; 40_59 48 + mov ebp,ecx + xor esi,DWORD [8+esp] + xor ebp,edx + xor esi,DWORD [32+esp] + and ebp,ebx + xor esi,DWORD [52+esp] + rol esi,1 + add ebp,edi + ror ebx,2 + mov edi,eax + rol edi,5 + mov DWORD [esp],esi + lea esi,[2400959708+ebp*1+esi] + mov ebp,ecx + add esi,edi + and ebp,edx + mov edi,DWORD [4+esp] + add esi,ebp + ; 40_59 49 + mov ebp,ebx + xor edi,DWORD [12+esp] + xor ebp,ecx + xor edi,DWORD [36+esp] + and ebp,eax + xor edi,DWORD [56+esp] + rol edi,1 + add ebp,edx + ror eax,2 + mov edx,esi + rol edx,5 + mov DWORD [4+esp],edi + lea edi,[2400959708+ebp*1+edi] + mov ebp,ebx + add edi,edx + and ebp,ecx + mov edx,DWORD [8+esp] + add edi,ebp + ; 40_59 50 + mov ebp,eax + xor edx,DWORD [16+esp] + xor ebp,ebx + xor edx,DWORD [40+esp] + and ebp,esi + xor edx,DWORD [60+esp] + rol edx,1 + add ebp,ecx + ror esi,2 + mov ecx,edi + rol ecx,5 + mov DWORD [8+esp],edx + lea edx,[2400959708+ebp*1+edx] + mov ebp,eax + add edx,ecx + and ebp,ebx + mov ecx,DWORD [12+esp] + add edx,ebp + ; 40_59 51 + mov ebp,esi + xor ecx,DWORD [20+esp] + xor ebp,eax + xor ecx,DWORD [44+esp] + and ebp,edi + xor ecx,DWORD [esp] + rol ecx,1 + add ebp,ebx + ror edi,2 + mov ebx,edx + rol ebx,5 + mov DWORD [12+esp],ecx + lea ecx,[2400959708+ebp*1+ecx] + mov ebp,esi + add ecx,ebx + and ebp,eax + mov ebx,DWORD [16+esp] + add ecx,ebp + ; 40_59 52 + mov ebp,edi + xor ebx,DWORD [24+esp] + xor ebp,esi + xor ebx,DWORD [48+esp] + and ebp,edx + xor ebx,DWORD [4+esp] + rol ebx,1 + add ebp,eax + ror edx,2 + mov eax,ecx + rol eax,5 + mov DWORD [16+esp],ebx + lea ebx,[2400959708+ebp*1+ebx] + mov ebp,edi + add ebx,eax + and ebp,esi + mov eax,DWORD [20+esp] + add ebx,ebp + ; 40_59 53 + mov ebp,edx + xor eax,DWORD [28+esp] + xor ebp,edi + xor eax,DWORD [52+esp] + and ebp,ecx + xor eax,DWORD [8+esp] + rol eax,1 + add ebp,esi + ror ecx,2 + mov esi,ebx + rol esi,5 + mov DWORD [20+esp],eax + lea eax,[2400959708+ebp*1+eax] + mov ebp,edx + add eax,esi + and ebp,edi + mov esi,DWORD [24+esp] + add eax,ebp + ; 40_59 54 + mov ebp,ecx + xor esi,DWORD [32+esp] + xor ebp,edx + xor esi,DWORD [56+esp] + and ebp,ebx + xor esi,DWORD [12+esp] + rol esi,1 + add ebp,edi + ror ebx,2 + mov edi,eax + rol edi,5 + mov DWORD [24+esp],esi + lea esi,[2400959708+ebp*1+esi] + mov ebp,ecx + add esi,edi + and ebp,edx + mov edi,DWORD [28+esp] + add esi,ebp + ; 40_59 55 + mov ebp,ebx + xor edi,DWORD [36+esp] + xor ebp,ecx + xor edi,DWORD [60+esp] + and ebp,eax + xor edi,DWORD [16+esp] + rol edi,1 + add ebp,edx + ror eax,2 + mov edx,esi + rol edx,5 + mov DWORD [28+esp],edi + lea edi,[2400959708+ebp*1+edi] + mov ebp,ebx + add edi,edx + and ebp,ecx + mov edx,DWORD [32+esp] + add edi,ebp + ; 40_59 56 + mov ebp,eax + xor edx,DWORD [40+esp] + xor ebp,ebx + xor edx,DWORD [esp] + and ebp,esi + xor edx,DWORD [20+esp] + rol edx,1 + add ebp,ecx + ror esi,2 + mov ecx,edi + rol ecx,5 + mov DWORD [32+esp],edx + lea edx,[2400959708+ebp*1+edx] + mov ebp,eax + add edx,ecx + and ebp,ebx + mov ecx,DWORD [36+esp] + add edx,ebp + ; 40_59 57 + mov ebp,esi + xor ecx,DWORD [44+esp] + xor ebp,eax + xor ecx,DWORD [4+esp] + and ebp,edi + xor ecx,DWORD [24+esp] + rol ecx,1 + add ebp,ebx + ror edi,2 + mov ebx,edx + rol ebx,5 + mov DWORD [36+esp],ecx + lea ecx,[2400959708+ebp*1+ecx] + mov ebp,esi + add ecx,ebx + and ebp,eax + mov ebx,DWORD [40+esp] + add ecx,ebp + ; 40_59 58 + mov ebp,edi + xor ebx,DWORD [48+esp] + xor ebp,esi + xor ebx,DWORD [8+esp] + and ebp,edx + xor ebx,DWORD [28+esp] + rol ebx,1 + add ebp,eax + ror edx,2 + mov eax,ecx + rol eax,5 + mov DWORD [40+esp],ebx + lea ebx,[2400959708+ebp*1+ebx] + mov ebp,edi + add ebx,eax + and ebp,esi + mov eax,DWORD [44+esp] + add ebx,ebp + ; 40_59 59 + mov ebp,edx + xor eax,DWORD [52+esp] + xor ebp,edi + xor eax,DWORD [12+esp] + and ebp,ecx + xor eax,DWORD [32+esp] + rol eax,1 + add ebp,esi + ror ecx,2 + mov esi,ebx + rol esi,5 + mov DWORD [44+esp],eax + lea eax,[2400959708+ebp*1+eax] + mov ebp,edx + add eax,esi + and ebp,edi + mov esi,DWORD [48+esp] + add eax,ebp + ; 20_39 60 + mov ebp,ebx + xor esi,DWORD [56+esp] + xor ebp,ecx + xor esi,DWORD [16+esp] + xor ebp,edx + xor esi,DWORD [36+esp] + rol esi,1 + add edi,ebp + ror ebx,2 + mov ebp,eax + rol ebp,5 + mov DWORD [48+esp],esi + lea esi,[3395469782+edi*1+esi] + mov edi,DWORD [52+esp] + add esi,ebp + ; 20_39 61 + mov ebp,eax + xor edi,DWORD [60+esp] + xor ebp,ebx + xor edi,DWORD [20+esp] + xor ebp,ecx + xor edi,DWORD [40+esp] + rol edi,1 + add edx,ebp + ror eax,2 + mov ebp,esi + rol ebp,5 + mov DWORD [52+esp],edi + lea edi,[3395469782+edx*1+edi] + mov edx,DWORD [56+esp] + add edi,ebp + ; 20_39 62 + mov ebp,esi + xor edx,DWORD [esp] + xor ebp,eax + xor edx,DWORD [24+esp] + xor ebp,ebx + xor edx,DWORD [44+esp] + rol edx,1 + add ecx,ebp + ror esi,2 + mov ebp,edi + rol ebp,5 + mov DWORD [56+esp],edx + lea edx,[3395469782+ecx*1+edx] + mov ecx,DWORD [60+esp] + add edx,ebp + ; 20_39 63 + mov ebp,edi + xor ecx,DWORD [4+esp] + xor ebp,esi + xor ecx,DWORD [28+esp] + xor ebp,eax + xor ecx,DWORD [48+esp] + rol ecx,1 + add ebx,ebp + ror edi,2 + mov ebp,edx + rol ebp,5 + mov DWORD [60+esp],ecx + lea ecx,[3395469782+ebx*1+ecx] + mov ebx,DWORD [esp] + add ecx,ebp + ; 20_39 64 + mov ebp,edx + xor ebx,DWORD [8+esp] + xor ebp,edi + xor ebx,DWORD [32+esp] + xor ebp,esi + xor ebx,DWORD [52+esp] + rol ebx,1 + add eax,ebp + ror edx,2 + mov ebp,ecx + rol ebp,5 + mov DWORD [esp],ebx + lea ebx,[3395469782+eax*1+ebx] + mov eax,DWORD [4+esp] + add ebx,ebp + ; 20_39 65 + mov ebp,ecx + xor eax,DWORD [12+esp] + xor ebp,edx + xor eax,DWORD [36+esp] + xor ebp,edi + xor eax,DWORD [56+esp] + rol eax,1 + add esi,ebp + ror ecx,2 + mov ebp,ebx + rol ebp,5 + mov DWORD [4+esp],eax + lea eax,[3395469782+esi*1+eax] + mov esi,DWORD [8+esp] + add eax,ebp + ; 20_39 66 + mov ebp,ebx + xor esi,DWORD [16+esp] + xor ebp,ecx + xor esi,DWORD [40+esp] + xor ebp,edx + xor esi,DWORD [60+esp] + rol esi,1 + add edi,ebp + ror ebx,2 + mov ebp,eax + rol ebp,5 + mov DWORD [8+esp],esi + lea esi,[3395469782+edi*1+esi] + mov edi,DWORD [12+esp] + add esi,ebp + ; 20_39 67 + mov ebp,eax + xor edi,DWORD [20+esp] + xor ebp,ebx + xor edi,DWORD [44+esp] + xor ebp,ecx + xor edi,DWORD [esp] + rol edi,1 + add edx,ebp + ror eax,2 + mov ebp,esi + rol ebp,5 + mov DWORD [12+esp],edi + lea edi,[3395469782+edx*1+edi] + mov edx,DWORD [16+esp] + add edi,ebp + ; 20_39 68 + mov ebp,esi + xor edx,DWORD [24+esp] + xor ebp,eax + xor edx,DWORD [48+esp] + xor ebp,ebx + xor edx,DWORD [4+esp] + rol edx,1 + add ecx,ebp + ror esi,2 + mov ebp,edi + rol ebp,5 + mov DWORD [16+esp],edx + lea edx,[3395469782+ecx*1+edx] + mov ecx,DWORD [20+esp] + add edx,ebp + ; 20_39 69 + mov ebp,edi + xor ecx,DWORD [28+esp] + xor ebp,esi + xor ecx,DWORD [52+esp] + xor ebp,eax + xor ecx,DWORD [8+esp] + rol ecx,1 + add ebx,ebp + ror edi,2 + mov ebp,edx + rol ebp,5 + mov DWORD [20+esp],ecx + lea ecx,[3395469782+ebx*1+ecx] + mov ebx,DWORD [24+esp] + add ecx,ebp + ; 20_39 70 + mov ebp,edx + xor ebx,DWORD [32+esp] + xor ebp,edi + xor ebx,DWORD [56+esp] + xor ebp,esi + xor ebx,DWORD [12+esp] + rol ebx,1 + add eax,ebp + ror edx,2 + mov ebp,ecx + rol ebp,5 + mov DWORD [24+esp],ebx + lea ebx,[3395469782+eax*1+ebx] + mov eax,DWORD [28+esp] + add ebx,ebp + ; 20_39 71 + mov ebp,ecx + xor eax,DWORD [36+esp] + xor ebp,edx + xor eax,DWORD [60+esp] + xor ebp,edi + xor eax,DWORD [16+esp] + rol eax,1 + add esi,ebp + ror ecx,2 + mov ebp,ebx + rol ebp,5 + mov DWORD [28+esp],eax + lea eax,[3395469782+esi*1+eax] + mov esi,DWORD [32+esp] + add eax,ebp + ; 20_39 72 + mov ebp,ebx + xor esi,DWORD [40+esp] + xor ebp,ecx + xor esi,DWORD [esp] + xor ebp,edx + xor esi,DWORD [20+esp] + rol esi,1 + add edi,ebp + ror ebx,2 + mov ebp,eax + rol ebp,5 + mov DWORD [32+esp],esi + lea esi,[3395469782+edi*1+esi] + mov edi,DWORD [36+esp] + add esi,ebp + ; 20_39 73 + mov ebp,eax + xor edi,DWORD [44+esp] + xor ebp,ebx + xor edi,DWORD [4+esp] + xor ebp,ecx + xor edi,DWORD [24+esp] + rol edi,1 + add edx,ebp + ror eax,2 + mov ebp,esi + rol ebp,5 + mov DWORD [36+esp],edi + lea edi,[3395469782+edx*1+edi] + mov edx,DWORD [40+esp] + add edi,ebp + ; 20_39 74 + mov ebp,esi + xor edx,DWORD [48+esp] + xor ebp,eax + xor edx,DWORD [8+esp] + xor ebp,ebx + xor edx,DWORD [28+esp] + rol edx,1 + add ecx,ebp + ror esi,2 + mov ebp,edi + rol ebp,5 + mov DWORD [40+esp],edx + lea edx,[3395469782+ecx*1+edx] + mov ecx,DWORD [44+esp] + add edx,ebp + ; 20_39 75 + mov ebp,edi + xor ecx,DWORD [52+esp] + xor ebp,esi + xor ecx,DWORD [12+esp] + xor ebp,eax + xor ecx,DWORD [32+esp] + rol ecx,1 + add ebx,ebp + ror edi,2 + mov ebp,edx + rol ebp,5 + mov DWORD [44+esp],ecx + lea ecx,[3395469782+ebx*1+ecx] + mov ebx,DWORD [48+esp] + add ecx,ebp + ; 20_39 76 + mov ebp,edx + xor ebx,DWORD [56+esp] + xor ebp,edi + xor ebx,DWORD [16+esp] + xor ebp,esi + xor ebx,DWORD [36+esp] + rol ebx,1 + add eax,ebp + ror edx,2 + mov ebp,ecx + rol ebp,5 + mov DWORD [48+esp],ebx + lea ebx,[3395469782+eax*1+ebx] + mov eax,DWORD [52+esp] + add ebx,ebp + ; 20_39 77 + mov ebp,ecx + xor eax,DWORD [60+esp] + xor ebp,edx + xor eax,DWORD [20+esp] + xor ebp,edi + xor eax,DWORD [40+esp] + rol eax,1 + add esi,ebp + ror ecx,2 + mov ebp,ebx + rol ebp,5 + lea eax,[3395469782+esi*1+eax] + mov esi,DWORD [56+esp] + add eax,ebp + ; 20_39 78 + mov ebp,ebx + xor esi,DWORD [esp] + xor ebp,ecx + xor esi,DWORD [24+esp] + xor ebp,edx + xor esi,DWORD [44+esp] + rol esi,1 + add edi,ebp + ror ebx,2 + mov ebp,eax + rol ebp,5 + lea esi,[3395469782+edi*1+esi] + mov edi,DWORD [60+esp] + add esi,ebp + ; 20_39 79 + mov ebp,eax + xor edi,DWORD [4+esp] + xor ebp,ebx + xor edi,DWORD [28+esp] + xor ebp,ecx + xor edi,DWORD [48+esp] + rol edi,1 + add edx,ebp + ror eax,2 + mov ebp,esi + rol ebp,5 + lea edi,[3395469782+edx*1+edi] + add edi,ebp + mov ebp,DWORD [96+esp] + mov edx,DWORD [100+esp] + add edi,DWORD [ebp] + add esi,DWORD [4+ebp] + add eax,DWORD [8+ebp] + add ebx,DWORD [12+ebp] + add ecx,DWORD [16+ebp] + mov DWORD [ebp],edi + add edx,64 + mov DWORD [4+ebp],esi + cmp edx,DWORD [104+esp] + mov DWORD [8+ebp],eax + mov edi,ecx + mov DWORD [12+ebp],ebx + mov esi,edx + mov DWORD [16+ebp],ecx + jb NEAR L$002loop + add esp,76 + pop edi + pop esi + pop ebx + pop ebp + ret +align 16 +__sha1_block_data_order_shaext: + push ebp + push ebx + push esi + push edi + call L$003pic_point +L$003pic_point: + pop ebp + lea ebp,[(L$K_XX_XX-L$003pic_point)+ebp] +L$shaext_shortcut: + mov edi,DWORD [20+esp] + mov ebx,esp + mov esi,DWORD [24+esp] + mov ecx,DWORD [28+esp] + sub esp,32 + movdqu xmm0,[edi] + movd xmm1,DWORD [16+edi] + and esp,-32 + movdqa xmm3,[80+ebp] + movdqu xmm4,[esi] + pshufd xmm0,xmm0,27 + movdqu xmm5,[16+esi] + pshufd xmm1,xmm1,27 + movdqu xmm6,[32+esi] +db 102,15,56,0,227 + movdqu xmm7,[48+esi] +db 102,15,56,0,235 +db 102,15,56,0,243 +db 102,15,56,0,251 + jmp NEAR L$004loop_shaext +align 16 +L$004loop_shaext: + dec ecx + lea eax,[64+esi] + movdqa [esp],xmm1 + paddd xmm1,xmm4 + cmovne esi,eax + movdqa [16+esp],xmm0 +db 15,56,201,229 + movdqa xmm2,xmm0 +db 15,58,204,193,0 +db 15,56,200,213 + pxor xmm4,xmm6 +db 15,56,201,238 +db 15,56,202,231 + movdqa xmm1,xmm0 +db 15,58,204,194,0 +db 15,56,200,206 + pxor xmm5,xmm7 +db 15,56,202,236 +db 15,56,201,247 + movdqa xmm2,xmm0 +db 15,58,204,193,0 +db 15,56,200,215 + pxor xmm6,xmm4 +db 15,56,201,252 +db 15,56,202,245 + movdqa xmm1,xmm0 +db 15,58,204,194,0 +db 15,56,200,204 + pxor xmm7,xmm5 +db 15,56,202,254 +db 15,56,201,229 + movdqa xmm2,xmm0 +db 15,58,204,193,0 +db 15,56,200,213 + pxor xmm4,xmm6 +db 15,56,201,238 +db 15,56,202,231 + movdqa xmm1,xmm0 +db 15,58,204,194,1 +db 15,56,200,206 + pxor xmm5,xmm7 +db 15,56,202,236 +db 15,56,201,247 + movdqa xmm2,xmm0 +db 15,58,204,193,1 +db 15,56,200,215 + pxor xmm6,xmm4 +db 15,56,201,252 +db 15,56,202,245 + movdqa xmm1,xmm0 +db 15,58,204,194,1 +db 15,56,200,204 + pxor xmm7,xmm5 +db 15,56,202,254 +db 15,56,201,229 + movdqa xmm2,xmm0 +db 15,58,204,193,1 +db 15,56,200,213 + pxor xmm4,xmm6 +db 15,56,201,238 +db 15,56,202,231 + movdqa xmm1,xmm0 +db 15,58,204,194,1 +db 15,56,200,206 + pxor xmm5,xmm7 +db 15,56,202,236 +db 15,56,201,247 + movdqa xmm2,xmm0 +db 15,58,204,193,2 +db 15,56,200,215 + pxor xmm6,xmm4 +db 15,56,201,252 +db 15,56,202,245 + movdqa xmm1,xmm0 +db 15,58,204,194,2 +db 15,56,200,204 + pxor xmm7,xmm5 +db 15,56,202,254 +db 15,56,201,229 + movdqa xmm2,xmm0 +db 15,58,204,193,2 +db 15,56,200,213 + pxor xmm4,xmm6 +db 15,56,201,238 +db 15,56,202,231 + movdqa xmm1,xmm0 +db 15,58,204,194,2 +db 15,56,200,206 + pxor xmm5,xmm7 +db 15,56,202,236 +db 15,56,201,247 + movdqa xmm2,xmm0 +db 15,58,204,193,2 +db 15,56,200,215 + pxor xmm6,xmm4 +db 15,56,201,252 +db 15,56,202,245 + movdqa xmm1,xmm0 +db 15,58,204,194,3 +db 15,56,200,204 + pxor xmm7,xmm5 +db 15,56,202,254 + movdqu xmm4,[esi] + movdqa xmm2,xmm0 +db 15,58,204,193,3 +db 15,56,200,213 + movdqu xmm5,[16+esi] +db 102,15,56,0,227 + movdqa xmm1,xmm0 +db 15,58,204,194,3 +db 15,56,200,206 + movdqu xmm6,[32+esi] +db 102,15,56,0,235 + movdqa xmm2,xmm0 +db 15,58,204,193,3 +db 15,56,200,215 + movdqu xmm7,[48+esi] +db 102,15,56,0,243 + movdqa xmm1,xmm0 +db 15,58,204,194,3 + movdqa xmm2,[esp] +db 102,15,56,0,251 +db 15,56,200,202 + paddd xmm0,[16+esp] + jnz NEAR L$004loop_shaext + pshufd xmm0,xmm0,27 + pshufd xmm1,xmm1,27 + movdqu [edi],xmm0 + movd DWORD [16+edi],xmm1 + mov esp,ebx + pop edi + pop esi + pop ebx + pop ebp + ret +align 16 +__sha1_block_data_order_ssse3: + push ebp + push ebx + push esi + push edi + call L$005pic_point +L$005pic_point: + pop ebp + lea ebp,[(L$K_XX_XX-L$005pic_point)+ebp] +L$ssse3_shortcut: + movdqa xmm7,[ebp] + movdqa xmm0,[16+ebp] + movdqa xmm1,[32+ebp] + movdqa xmm2,[48+ebp] + movdqa xmm6,[64+ebp] + mov edi,DWORD [20+esp] + mov ebp,DWORD [24+esp] + mov edx,DWORD [28+esp] + mov esi,esp + sub esp,208 + and esp,-64 + movdqa [112+esp],xmm0 + movdqa [128+esp],xmm1 + movdqa [144+esp],xmm2 + shl edx,6 + movdqa [160+esp],xmm7 + add edx,ebp + movdqa [176+esp],xmm6 + add ebp,64 + mov DWORD [192+esp],edi + mov DWORD [196+esp],ebp + mov DWORD [200+esp],edx + mov DWORD [204+esp],esi + mov eax,DWORD [edi] + mov ebx,DWORD [4+edi] + mov ecx,DWORD [8+edi] + mov edx,DWORD [12+edi] + mov edi,DWORD [16+edi] + mov esi,ebx + movdqu xmm0,[ebp-64] + movdqu xmm1,[ebp-48] + movdqu xmm2,[ebp-32] + movdqu xmm3,[ebp-16] +db 102,15,56,0,198 +db 102,15,56,0,206 +db 102,15,56,0,214 + movdqa [96+esp],xmm7 +db 102,15,56,0,222 + paddd xmm0,xmm7 + paddd xmm1,xmm7 + paddd xmm2,xmm7 + movdqa [esp],xmm0 + psubd xmm0,xmm7 + movdqa [16+esp],xmm1 + psubd xmm1,xmm7 + movdqa [32+esp],xmm2 + mov ebp,ecx + psubd xmm2,xmm7 + xor ebp,edx + pshufd xmm4,xmm0,238 + and esi,ebp + jmp NEAR L$006loop +align 16 +L$006loop: + ror ebx,2 + xor esi,edx + mov ebp,eax + punpcklqdq xmm4,xmm1 + movdqa xmm6,xmm3 + add edi,DWORD [esp] + xor ebx,ecx + paddd xmm7,xmm3 + movdqa [64+esp],xmm0 + rol eax,5 + add edi,esi + psrldq xmm6,4 + and ebp,ebx + xor ebx,ecx + pxor xmm4,xmm0 + add edi,eax + ror eax,7 + pxor xmm6,xmm2 + xor ebp,ecx + mov esi,edi + add edx,DWORD [4+esp] + pxor xmm4,xmm6 + xor eax,ebx + rol edi,5 + movdqa [48+esp],xmm7 + add edx,ebp + and esi,eax + movdqa xmm0,xmm4 + xor eax,ebx + add edx,edi + ror edi,7 + movdqa xmm6,xmm4 + xor esi,ebx + pslldq xmm0,12 + paddd xmm4,xmm4 + mov ebp,edx + add ecx,DWORD [8+esp] + psrld xmm6,31 + xor edi,eax + rol edx,5 + movdqa xmm7,xmm0 + add ecx,esi + and ebp,edi + xor edi,eax + psrld xmm0,30 + add ecx,edx + ror edx,7 + por xmm4,xmm6 + xor ebp,eax + mov esi,ecx + add ebx,DWORD [12+esp] + pslld xmm7,2 + xor edx,edi + rol ecx,5 + pxor xmm4,xmm0 + movdqa xmm0,[96+esp] + add ebx,ebp + and esi,edx + pxor xmm4,xmm7 + pshufd xmm5,xmm1,238 + xor edx,edi + add ebx,ecx + ror ecx,7 + xor esi,edi + mov ebp,ebx + punpcklqdq xmm5,xmm2 + movdqa xmm7,xmm4 + add eax,DWORD [16+esp] + xor ecx,edx + paddd xmm0,xmm4 + movdqa [80+esp],xmm1 + rol ebx,5 + add eax,esi + psrldq xmm7,4 + and ebp,ecx + xor ecx,edx + pxor xmm5,xmm1 + add eax,ebx + ror ebx,7 + pxor xmm7,xmm3 + xor ebp,edx + mov esi,eax + add edi,DWORD [20+esp] + pxor xmm5,xmm7 + xor ebx,ecx + rol eax,5 + movdqa [esp],xmm0 + add edi,ebp + and esi,ebx + movdqa xmm1,xmm5 + xor ebx,ecx + add edi,eax + ror eax,7 + movdqa xmm7,xmm5 + xor esi,ecx + pslldq xmm1,12 + paddd xmm5,xmm5 + mov ebp,edi + add edx,DWORD [24+esp] + psrld xmm7,31 + xor eax,ebx + rol edi,5 + movdqa xmm0,xmm1 + add edx,esi + and ebp,eax + xor eax,ebx + psrld xmm1,30 + add edx,edi + ror edi,7 + por xmm5,xmm7 + xor ebp,ebx + mov esi,edx + add ecx,DWORD [28+esp] + pslld xmm0,2 + xor edi,eax + rol edx,5 + pxor xmm5,xmm1 + movdqa xmm1,[112+esp] + add ecx,ebp + and esi,edi + pxor xmm5,xmm0 + pshufd xmm6,xmm2,238 + xor edi,eax + add ecx,edx + ror edx,7 + xor esi,eax + mov ebp,ecx + punpcklqdq xmm6,xmm3 + movdqa xmm0,xmm5 + add ebx,DWORD [32+esp] + xor edx,edi + paddd xmm1,xmm5 + movdqa [96+esp],xmm2 + rol ecx,5 + add ebx,esi + psrldq xmm0,4 + and ebp,edx + xor edx,edi + pxor xmm6,xmm2 + add ebx,ecx + ror ecx,7 + pxor xmm0,xmm4 + xor ebp,edi + mov esi,ebx + add eax,DWORD [36+esp] + pxor xmm6,xmm0 + xor ecx,edx + rol ebx,5 + movdqa [16+esp],xmm1 + add eax,ebp + and esi,ecx + movdqa xmm2,xmm6 + xor ecx,edx + add eax,ebx + ror ebx,7 + movdqa xmm0,xmm6 + xor esi,edx + pslldq xmm2,12 + paddd xmm6,xmm6 + mov ebp,eax + add edi,DWORD [40+esp] + psrld xmm0,31 + xor ebx,ecx + rol eax,5 + movdqa xmm1,xmm2 + add edi,esi + and ebp,ebx + xor ebx,ecx + psrld xmm2,30 + add edi,eax + ror eax,7 + por xmm6,xmm0 + xor ebp,ecx + movdqa xmm0,[64+esp] + mov esi,edi + add edx,DWORD [44+esp] + pslld xmm1,2 + xor eax,ebx + rol edi,5 + pxor xmm6,xmm2 + movdqa xmm2,[112+esp] + add edx,ebp + and esi,eax + pxor xmm6,xmm1 + pshufd xmm7,xmm3,238 + xor eax,ebx + add edx,edi + ror edi,7 + xor esi,ebx + mov ebp,edx + punpcklqdq xmm7,xmm4 + movdqa xmm1,xmm6 + add ecx,DWORD [48+esp] + xor edi,eax + paddd xmm2,xmm6 + movdqa [64+esp],xmm3 + rol edx,5 + add ecx,esi + psrldq xmm1,4 + and ebp,edi + xor edi,eax + pxor xmm7,xmm3 + add ecx,edx + ror edx,7 + pxor xmm1,xmm5 + xor ebp,eax + mov esi,ecx + add ebx,DWORD [52+esp] + pxor xmm7,xmm1 + xor edx,edi + rol ecx,5 + movdqa [32+esp],xmm2 + add ebx,ebp + and esi,edx + movdqa xmm3,xmm7 + xor edx,edi + add ebx,ecx + ror ecx,7 + movdqa xmm1,xmm7 + xor esi,edi + pslldq xmm3,12 + paddd xmm7,xmm7 + mov ebp,ebx + add eax,DWORD [56+esp] + psrld xmm1,31 + xor ecx,edx + rol ebx,5 + movdqa xmm2,xmm3 + add eax,esi + and ebp,ecx + xor ecx,edx + psrld xmm3,30 + add eax,ebx + ror ebx,7 + por xmm7,xmm1 + xor ebp,edx + movdqa xmm1,[80+esp] + mov esi,eax + add edi,DWORD [60+esp] + pslld xmm2,2 + xor ebx,ecx + rol eax,5 + pxor xmm7,xmm3 + movdqa xmm3,[112+esp] + add edi,ebp + and esi,ebx + pxor xmm7,xmm2 + pshufd xmm2,xmm6,238 + xor ebx,ecx + add edi,eax + ror eax,7 + pxor xmm0,xmm4 + punpcklqdq xmm2,xmm7 + xor esi,ecx + mov ebp,edi + add edx,DWORD [esp] + pxor xmm0,xmm1 + movdqa [80+esp],xmm4 + xor eax,ebx + rol edi,5 + movdqa xmm4,xmm3 + add edx,esi + paddd xmm3,xmm7 + and ebp,eax + pxor xmm0,xmm2 + xor eax,ebx + add edx,edi + ror edi,7 + xor ebp,ebx + movdqa xmm2,xmm0 + movdqa [48+esp],xmm3 + mov esi,edx + add ecx,DWORD [4+esp] + xor edi,eax + rol edx,5 + pslld xmm0,2 + add ecx,ebp + and esi,edi + psrld xmm2,30 + xor edi,eax + add ecx,edx + ror edx,7 + xor esi,eax + mov ebp,ecx + add ebx,DWORD [8+esp] + xor edx,edi + rol ecx,5 + por xmm0,xmm2 + add ebx,esi + and ebp,edx + movdqa xmm2,[96+esp] + xor edx,edi + add ebx,ecx + add eax,DWORD [12+esp] + xor ebp,edi + mov esi,ebx + pshufd xmm3,xmm7,238 + rol ebx,5 + add eax,ebp + xor esi,edx + ror ecx,7 + add eax,ebx + add edi,DWORD [16+esp] + pxor xmm1,xmm5 + punpcklqdq xmm3,xmm0 + xor esi,ecx + mov ebp,eax + rol eax,5 + pxor xmm1,xmm2 + movdqa [96+esp],xmm5 + add edi,esi + xor ebp,ecx + movdqa xmm5,xmm4 + ror ebx,7 + paddd xmm4,xmm0 + add edi,eax + pxor xmm1,xmm3 + add edx,DWORD [20+esp] + xor ebp,ebx + mov esi,edi + rol edi,5 + movdqa xmm3,xmm1 + movdqa [esp],xmm4 + add edx,ebp + xor esi,ebx + ror eax,7 + add edx,edi + pslld xmm1,2 + add ecx,DWORD [24+esp] + xor esi,eax + psrld xmm3,30 + mov ebp,edx + rol edx,5 + add ecx,esi + xor ebp,eax + ror edi,7 + add ecx,edx + por xmm1,xmm3 + add ebx,DWORD [28+esp] + xor ebp,edi + movdqa xmm3,[64+esp] + mov esi,ecx + rol ecx,5 + add ebx,ebp + xor esi,edi + ror edx,7 + pshufd xmm4,xmm0,238 + add ebx,ecx + add eax,DWORD [32+esp] + pxor xmm2,xmm6 + punpcklqdq xmm4,xmm1 + xor esi,edx + mov ebp,ebx + rol ebx,5 + pxor xmm2,xmm3 + movdqa [64+esp],xmm6 + add eax,esi + xor ebp,edx + movdqa xmm6,[128+esp] + ror ecx,7 + paddd xmm5,xmm1 + add eax,ebx + pxor xmm2,xmm4 + add edi,DWORD [36+esp] + xor ebp,ecx + mov esi,eax + rol eax,5 + movdqa xmm4,xmm2 + movdqa [16+esp],xmm5 + add edi,ebp + xor esi,ecx + ror ebx,7 + add edi,eax + pslld xmm2,2 + add edx,DWORD [40+esp] + xor esi,ebx + psrld xmm4,30 + mov ebp,edi + rol edi,5 + add edx,esi + xor ebp,ebx + ror eax,7 + add edx,edi + por xmm2,xmm4 + add ecx,DWORD [44+esp] + xor ebp,eax + movdqa xmm4,[80+esp] + mov esi,edx + rol edx,5 + add ecx,ebp + xor esi,eax + ror edi,7 + pshufd xmm5,xmm1,238 + add ecx,edx + add ebx,DWORD [48+esp] + pxor xmm3,xmm7 + punpcklqdq xmm5,xmm2 + xor esi,edi + mov ebp,ecx + rol ecx,5 + pxor xmm3,xmm4 + movdqa [80+esp],xmm7 + add ebx,esi + xor ebp,edi + movdqa xmm7,xmm6 + ror edx,7 + paddd xmm6,xmm2 + add ebx,ecx + pxor xmm3,xmm5 + add eax,DWORD [52+esp] + xor ebp,edx + mov esi,ebx + rol ebx,5 + movdqa xmm5,xmm3 + movdqa [32+esp],xmm6 + add eax,ebp + xor esi,edx + ror ecx,7 + add eax,ebx + pslld xmm3,2 + add edi,DWORD [56+esp] + xor esi,ecx + psrld xmm5,30 + mov ebp,eax + rol eax,5 + add edi,esi + xor ebp,ecx + ror ebx,7 + add edi,eax + por xmm3,xmm5 + add edx,DWORD [60+esp] + xor ebp,ebx + movdqa xmm5,[96+esp] + mov esi,edi + rol edi,5 + add edx,ebp + xor esi,ebx + ror eax,7 + pshufd xmm6,xmm2,238 + add edx,edi + add ecx,DWORD [esp] + pxor xmm4,xmm0 + punpcklqdq xmm6,xmm3 + xor esi,eax + mov ebp,edx + rol edx,5 + pxor xmm4,xmm5 + movdqa [96+esp],xmm0 + add ecx,esi + xor ebp,eax + movdqa xmm0,xmm7 + ror edi,7 + paddd xmm7,xmm3 + add ecx,edx + pxor xmm4,xmm6 + add ebx,DWORD [4+esp] + xor ebp,edi + mov esi,ecx + rol ecx,5 + movdqa xmm6,xmm4 + movdqa [48+esp],xmm7 + add ebx,ebp + xor esi,edi + ror edx,7 + add ebx,ecx + pslld xmm4,2 + add eax,DWORD [8+esp] + xor esi,edx + psrld xmm6,30 + mov ebp,ebx + rol ebx,5 + add eax,esi + xor ebp,edx + ror ecx,7 + add eax,ebx + por xmm4,xmm6 + add edi,DWORD [12+esp] + xor ebp,ecx + movdqa xmm6,[64+esp] + mov esi,eax + rol eax,5 + add edi,ebp + xor esi,ecx + ror ebx,7 + pshufd xmm7,xmm3,238 + add edi,eax + add edx,DWORD [16+esp] + pxor xmm5,xmm1 + punpcklqdq xmm7,xmm4 + xor esi,ebx + mov ebp,edi + rol edi,5 + pxor xmm5,xmm6 + movdqa [64+esp],xmm1 + add edx,esi + xor ebp,ebx + movdqa xmm1,xmm0 + ror eax,7 + paddd xmm0,xmm4 + add edx,edi + pxor xmm5,xmm7 + add ecx,DWORD [20+esp] + xor ebp,eax + mov esi,edx + rol edx,5 + movdqa xmm7,xmm5 + movdqa [esp],xmm0 + add ecx,ebp + xor esi,eax + ror edi,7 + add ecx,edx + pslld xmm5,2 + add ebx,DWORD [24+esp] + xor esi,edi + psrld xmm7,30 + mov ebp,ecx + rol ecx,5 + add ebx,esi + xor ebp,edi + ror edx,7 + add ebx,ecx + por xmm5,xmm7 + add eax,DWORD [28+esp] + movdqa xmm7,[80+esp] + ror ecx,7 + mov esi,ebx + xor ebp,edx + rol ebx,5 + pshufd xmm0,xmm4,238 + add eax,ebp + xor esi,ecx + xor ecx,edx + add eax,ebx + add edi,DWORD [32+esp] + pxor xmm6,xmm2 + punpcklqdq xmm0,xmm5 + and esi,ecx + xor ecx,edx + ror ebx,7 + pxor xmm6,xmm7 + movdqa [80+esp],xmm2 + mov ebp,eax + xor esi,ecx + rol eax,5 + movdqa xmm2,xmm1 + add edi,esi + paddd xmm1,xmm5 + xor ebp,ebx + pxor xmm6,xmm0 + xor ebx,ecx + add edi,eax + add edx,DWORD [36+esp] + and ebp,ebx + movdqa xmm0,xmm6 + movdqa [16+esp],xmm1 + xor ebx,ecx + ror eax,7 + mov esi,edi + xor ebp,ebx + rol edi,5 + pslld xmm6,2 + add edx,ebp + xor esi,eax + psrld xmm0,30 + xor eax,ebx + add edx,edi + add ecx,DWORD [40+esp] + and esi,eax + xor eax,ebx + ror edi,7 + por xmm6,xmm0 + mov ebp,edx + xor esi,eax + movdqa xmm0,[96+esp] + rol edx,5 + add ecx,esi + xor ebp,edi + xor edi,eax + add ecx,edx + pshufd xmm1,xmm5,238 + add ebx,DWORD [44+esp] + and ebp,edi + xor edi,eax + ror edx,7 + mov esi,ecx + xor ebp,edi + rol ecx,5 + add ebx,ebp + xor esi,edx + xor edx,edi + add ebx,ecx + add eax,DWORD [48+esp] + pxor xmm7,xmm3 + punpcklqdq xmm1,xmm6 + and esi,edx + xor edx,edi + ror ecx,7 + pxor xmm7,xmm0 + movdqa [96+esp],xmm3 + mov ebp,ebx + xor esi,edx + rol ebx,5 + movdqa xmm3,[144+esp] + add eax,esi + paddd xmm2,xmm6 + xor ebp,ecx + pxor xmm7,xmm1 + xor ecx,edx + add eax,ebx + add edi,DWORD [52+esp] + and ebp,ecx + movdqa xmm1,xmm7 + movdqa [32+esp],xmm2 + xor ecx,edx + ror ebx,7 + mov esi,eax + xor ebp,ecx + rol eax,5 + pslld xmm7,2 + add edi,ebp + xor esi,ebx + psrld xmm1,30 + xor ebx,ecx + add edi,eax + add edx,DWORD [56+esp] + and esi,ebx + xor ebx,ecx + ror eax,7 + por xmm7,xmm1 + mov ebp,edi + xor esi,ebx + movdqa xmm1,[64+esp] + rol edi,5 + add edx,esi + xor ebp,eax + xor eax,ebx + add edx,edi + pshufd xmm2,xmm6,238 + add ecx,DWORD [60+esp] + and ebp,eax + xor eax,ebx + ror edi,7 + mov esi,edx + xor ebp,eax + rol edx,5 + add ecx,ebp + xor esi,edi + xor edi,eax + add ecx,edx + add ebx,DWORD [esp] + pxor xmm0,xmm4 + punpcklqdq xmm2,xmm7 + and esi,edi + xor edi,eax + ror edx,7 + pxor xmm0,xmm1 + movdqa [64+esp],xmm4 + mov ebp,ecx + xor esi,edi + rol ecx,5 + movdqa xmm4,xmm3 + add ebx,esi + paddd xmm3,xmm7 + xor ebp,edx + pxor xmm0,xmm2 + xor edx,edi + add ebx,ecx + add eax,DWORD [4+esp] + and ebp,edx + movdqa xmm2,xmm0 + movdqa [48+esp],xmm3 + xor edx,edi + ror ecx,7 + mov esi,ebx + xor ebp,edx + rol ebx,5 + pslld xmm0,2 + add eax,ebp + xor esi,ecx + psrld xmm2,30 + xor ecx,edx + add eax,ebx + add edi,DWORD [8+esp] + and esi,ecx + xor ecx,edx + ror ebx,7 + por xmm0,xmm2 + mov ebp,eax + xor esi,ecx + movdqa xmm2,[80+esp] + rol eax,5 + add edi,esi + xor ebp,ebx + xor ebx,ecx + add edi,eax + pshufd xmm3,xmm7,238 + add edx,DWORD [12+esp] + and ebp,ebx + xor ebx,ecx + ror eax,7 + mov esi,edi + xor ebp,ebx + rol edi,5 + add edx,ebp + xor esi,eax + xor eax,ebx + add edx,edi + add ecx,DWORD [16+esp] + pxor xmm1,xmm5 + punpcklqdq xmm3,xmm0 + and esi,eax + xor eax,ebx + ror edi,7 + pxor xmm1,xmm2 + movdqa [80+esp],xmm5 + mov ebp,edx + xor esi,eax + rol edx,5 + movdqa xmm5,xmm4 + add ecx,esi + paddd xmm4,xmm0 + xor ebp,edi + pxor xmm1,xmm3 + xor edi,eax + add ecx,edx + add ebx,DWORD [20+esp] + and ebp,edi + movdqa xmm3,xmm1 + movdqa [esp],xmm4 + xor edi,eax + ror edx,7 + mov esi,ecx + xor ebp,edi + rol ecx,5 + pslld xmm1,2 + add ebx,ebp + xor esi,edx + psrld xmm3,30 + xor edx,edi + add ebx,ecx + add eax,DWORD [24+esp] + and esi,edx + xor edx,edi + ror ecx,7 + por xmm1,xmm3 + mov ebp,ebx + xor esi,edx + movdqa xmm3,[96+esp] + rol ebx,5 + add eax,esi + xor ebp,ecx + xor ecx,edx + add eax,ebx + pshufd xmm4,xmm0,238 + add edi,DWORD [28+esp] + and ebp,ecx + xor ecx,edx + ror ebx,7 + mov esi,eax + xor ebp,ecx + rol eax,5 + add edi,ebp + xor esi,ebx + xor ebx,ecx + add edi,eax + add edx,DWORD [32+esp] + pxor xmm2,xmm6 + punpcklqdq xmm4,xmm1 + and esi,ebx + xor ebx,ecx + ror eax,7 + pxor xmm2,xmm3 + movdqa [96+esp],xmm6 + mov ebp,edi + xor esi,ebx + rol edi,5 + movdqa xmm6,xmm5 + add edx,esi + paddd xmm5,xmm1 + xor ebp,eax + pxor xmm2,xmm4 + xor eax,ebx + add edx,edi + add ecx,DWORD [36+esp] + and ebp,eax + movdqa xmm4,xmm2 + movdqa [16+esp],xmm5 + xor eax,ebx + ror edi,7 + mov esi,edx + xor ebp,eax + rol edx,5 + pslld xmm2,2 + add ecx,ebp + xor esi,edi + psrld xmm4,30 + xor edi,eax + add ecx,edx + add ebx,DWORD [40+esp] + and esi,edi + xor edi,eax + ror edx,7 + por xmm2,xmm4 + mov ebp,ecx + xor esi,edi + movdqa xmm4,[64+esp] + rol ecx,5 + add ebx,esi + xor ebp,edx + xor edx,edi + add ebx,ecx + pshufd xmm5,xmm1,238 + add eax,DWORD [44+esp] + and ebp,edx + xor edx,edi + ror ecx,7 + mov esi,ebx + xor ebp,edx + rol ebx,5 + add eax,ebp + xor esi,edx + add eax,ebx + add edi,DWORD [48+esp] + pxor xmm3,xmm7 + punpcklqdq xmm5,xmm2 + xor esi,ecx + mov ebp,eax + rol eax,5 + pxor xmm3,xmm4 + movdqa [64+esp],xmm7 + add edi,esi + xor ebp,ecx + movdqa xmm7,xmm6 + ror ebx,7 + paddd xmm6,xmm2 + add edi,eax + pxor xmm3,xmm5 + add edx,DWORD [52+esp] + xor ebp,ebx + mov esi,edi + rol edi,5 + movdqa xmm5,xmm3 + movdqa [32+esp],xmm6 + add edx,ebp + xor esi,ebx + ror eax,7 + add edx,edi + pslld xmm3,2 + add ecx,DWORD [56+esp] + xor esi,eax + psrld xmm5,30 + mov ebp,edx + rol edx,5 + add ecx,esi + xor ebp,eax + ror edi,7 + add ecx,edx + por xmm3,xmm5 + add ebx,DWORD [60+esp] + xor ebp,edi + mov esi,ecx + rol ecx,5 + add ebx,ebp + xor esi,edi + ror edx,7 + add ebx,ecx + add eax,DWORD [esp] + xor esi,edx + mov ebp,ebx + rol ebx,5 + add eax,esi + xor ebp,edx + ror ecx,7 + paddd xmm7,xmm3 + add eax,ebx + add edi,DWORD [4+esp] + xor ebp,ecx + mov esi,eax + movdqa [48+esp],xmm7 + rol eax,5 + add edi,ebp + xor esi,ecx + ror ebx,7 + add edi,eax + add edx,DWORD [8+esp] + xor esi,ebx + mov ebp,edi + rol edi,5 + add edx,esi + xor ebp,ebx + ror eax,7 + add edx,edi + add ecx,DWORD [12+esp] + xor ebp,eax + mov esi,edx + rol edx,5 + add ecx,ebp + xor esi,eax + ror edi,7 + add ecx,edx + mov ebp,DWORD [196+esp] + cmp ebp,DWORD [200+esp] + je NEAR L$007done + movdqa xmm7,[160+esp] + movdqa xmm6,[176+esp] + movdqu xmm0,[ebp] + movdqu xmm1,[16+ebp] + movdqu xmm2,[32+ebp] + movdqu xmm3,[48+ebp] + add ebp,64 +db 102,15,56,0,198 + mov DWORD [196+esp],ebp + movdqa [96+esp],xmm7 + add ebx,DWORD [16+esp] + xor esi,edi + mov ebp,ecx + rol ecx,5 + add ebx,esi + xor ebp,edi + ror edx,7 +db 102,15,56,0,206 + add ebx,ecx + add eax,DWORD [20+esp] + xor ebp,edx + mov esi,ebx + paddd xmm0,xmm7 + rol ebx,5 + add eax,ebp + xor esi,edx + ror ecx,7 + movdqa [esp],xmm0 + add eax,ebx + add edi,DWORD [24+esp] + xor esi,ecx + mov ebp,eax + psubd xmm0,xmm7 + rol eax,5 + add edi,esi + xor ebp,ecx + ror ebx,7 + add edi,eax + add edx,DWORD [28+esp] + xor ebp,ebx + mov esi,edi + rol edi,5 + add edx,ebp + xor esi,ebx + ror eax,7 + add edx,edi + add ecx,DWORD [32+esp] + xor esi,eax + mov ebp,edx + rol edx,5 + add ecx,esi + xor ebp,eax + ror edi,7 +db 102,15,56,0,214 + add ecx,edx + add ebx,DWORD [36+esp] + xor ebp,edi + mov esi,ecx + paddd xmm1,xmm7 + rol ecx,5 + add ebx,ebp + xor esi,edi + ror edx,7 + movdqa [16+esp],xmm1 + add ebx,ecx + add eax,DWORD [40+esp] + xor esi,edx + mov ebp,ebx + psubd xmm1,xmm7 + rol ebx,5 + add eax,esi + xor ebp,edx + ror ecx,7 + add eax,ebx + add edi,DWORD [44+esp] + xor ebp,ecx + mov esi,eax + rol eax,5 + add edi,ebp + xor esi,ecx + ror ebx,7 + add edi,eax + add edx,DWORD [48+esp] + xor esi,ebx + mov ebp,edi + rol edi,5 + add edx,esi + xor ebp,ebx + ror eax,7 +db 102,15,56,0,222 + add edx,edi + add ecx,DWORD [52+esp] + xor ebp,eax + mov esi,edx + paddd xmm2,xmm7 + rol edx,5 + add ecx,ebp + xor esi,eax + ror edi,7 + movdqa [32+esp],xmm2 + add ecx,edx + add ebx,DWORD [56+esp] + xor esi,edi + mov ebp,ecx + psubd xmm2,xmm7 + rol ecx,5 + add ebx,esi + xor ebp,edi + ror edx,7 + add ebx,ecx + add eax,DWORD [60+esp] + xor ebp,edx + mov esi,ebx + rol ebx,5 + add eax,ebp + ror ecx,7 + add eax,ebx + mov ebp,DWORD [192+esp] + add eax,DWORD [ebp] + add esi,DWORD [4+ebp] + add ecx,DWORD [8+ebp] + mov DWORD [ebp],eax + add edx,DWORD [12+ebp] + mov DWORD [4+ebp],esi + add edi,DWORD [16+ebp] + mov DWORD [8+ebp],ecx + mov ebx,ecx + mov DWORD [12+ebp],edx + xor ebx,edx + mov DWORD [16+ebp],edi + mov ebp,esi + pshufd xmm4,xmm0,238 + and esi,ebx + mov ebx,ebp + jmp NEAR L$006loop +align 16 +L$007done: + add ebx,DWORD [16+esp] + xor esi,edi + mov ebp,ecx + rol ecx,5 + add ebx,esi + xor ebp,edi + ror edx,7 + add ebx,ecx + add eax,DWORD [20+esp] + xor ebp,edx + mov esi,ebx + rol ebx,5 + add eax,ebp + xor esi,edx + ror ecx,7 + add eax,ebx + add edi,DWORD [24+esp] + xor esi,ecx + mov ebp,eax + rol eax,5 + add edi,esi + xor ebp,ecx + ror ebx,7 + add edi,eax + add edx,DWORD [28+esp] + xor ebp,ebx + mov esi,edi + rol edi,5 + add edx,ebp + xor esi,ebx + ror eax,7 + add edx,edi + add ecx,DWORD [32+esp] + xor esi,eax + mov ebp,edx + rol edx,5 + add ecx,esi + xor ebp,eax + ror edi,7 + add ecx,edx + add ebx,DWORD [36+esp] + xor ebp,edi + mov esi,ecx + rol ecx,5 + add ebx,ebp + xor esi,edi + ror edx,7 + add ebx,ecx + add eax,DWORD [40+esp] + xor esi,edx + mov ebp,ebx + rol ebx,5 + add eax,esi + xor ebp,edx + ror ecx,7 + add eax,ebx + add edi,DWORD [44+esp] + xor ebp,ecx + mov esi,eax + rol eax,5 + add edi,ebp + xor esi,ecx + ror ebx,7 + add edi,eax + add edx,DWORD [48+esp] + xor esi,ebx + mov ebp,edi + rol edi,5 + add edx,esi + xor ebp,ebx + ror eax,7 + add edx,edi + add ecx,DWORD [52+esp] + xor ebp,eax + mov esi,edx + rol edx,5 + add ecx,ebp + xor esi,eax + ror edi,7 + add ecx,edx + add ebx,DWORD [56+esp] + xor esi,edi + mov ebp,ecx + rol ecx,5 + add ebx,esi + xor ebp,edi + ror edx,7 + add ebx,ecx + add eax,DWORD [60+esp] + xor ebp,edx + mov esi,ebx + rol ebx,5 + add eax,ebp + ror ecx,7 + add eax,ebx + mov ebp,DWORD [192+esp] + add eax,DWORD [ebp] + mov esp,DWORD [204+esp] + add esi,DWORD [4+ebp] + add ecx,DWORD [8+ebp] + mov DWORD [ebp],eax + add edx,DWORD [12+ebp] + mov DWORD [4+ebp],esi + add edi,DWORD [16+ebp] + mov DWORD [8+ebp],ecx + mov DWORD [12+ebp],edx + mov DWORD [16+ebp],edi + pop edi + pop esi + pop ebx + pop ebp + ret +align 64 +L$K_XX_XX: +dd 1518500249,1518500249,1518500249,1518500249 +dd 1859775393,1859775393,1859775393,1859775393 +dd 2400959708,2400959708,2400959708,2400959708 +dd 3395469782,3395469782,3395469782,3395469782 +dd 66051,67438087,134810123,202182159 +db 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 +db 83,72,65,49,32,98,108,111,99,107,32,116,114,97,110,115 +db 102,111,114,109,32,102,111,114,32,120,56,54,44,32,67,82 +db 89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112 +db 114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 +segment .bss +common _OPENSSL_ia32cap_P 16 diff --git a/win-x86/crypto/sha/sha256-586.asm b/win-x86/crypto/sha/sha256-586.asm new file mode 100644 index 0000000..fe36bc5 --- /dev/null +++ b/win-x86/crypto/sha/sha256-586.asm @@ -0,0 +1,4591 @@ +%ifidn __OUTPUT_FORMAT__,obj +section code use32 class=code align=64 +%elifidn __OUTPUT_FORMAT__,win32 +%ifdef __YASM_VERSION_ID__ +%if __YASM_VERSION_ID__ < 01010000h +%error yasm version 1.1.0 or later needed. +%endif +; Yasm automatically includes .00 and complains about redefining it. +; https://www.tortall.net/projects/yasm/manual/html/objfmt-win32-safeseh.html +%else +$@feat.00 equ 1 +%endif +section .text code align=64 +%else +section .text code +%endif +;extern _OPENSSL_ia32cap_P +global _sha256_block_data_order +align 16 +_sha256_block_data_order: +L$_sha256_block_data_order_begin: + push ebp + push ebx + push esi + push edi + mov esi,DWORD [20+esp] + mov edi,DWORD [24+esp] + mov eax,DWORD [28+esp] + mov ebx,esp + call L$000pic_point +L$000pic_point: + pop ebp + lea ebp,[(L$001K256-L$000pic_point)+ebp] + sub esp,16 + and esp,-64 + shl eax,6 + add eax,edi + mov DWORD [esp],esi + mov DWORD [4+esp],edi + mov DWORD [8+esp],eax + mov DWORD [12+esp],ebx + lea edx,[_OPENSSL_ia32cap_P] + mov ecx,DWORD [edx] + mov ebx,DWORD [4+edx] + test ecx,1048576 + jnz NEAR L$002loop + mov edx,DWORD [8+edx] + test ecx,16777216 + jz NEAR L$003no_xmm + and ecx,1073741824 + and ebx,268435968 + test edx,536870912 + jnz NEAR L$004shaext + or ecx,ebx + and ecx,1342177280 + cmp ecx,1342177280 + test ebx,512 + jnz NEAR L$005SSSE3 +L$003no_xmm: + sub eax,edi + cmp eax,256 + jae NEAR L$006unrolled + jmp NEAR L$002loop +align 16 +L$002loop: + mov eax,DWORD [edi] + mov ebx,DWORD [4+edi] + mov ecx,DWORD [8+edi] + bswap eax + mov edx,DWORD [12+edi] + bswap ebx + push eax + bswap ecx + push ebx + bswap edx + push ecx + push edx + mov eax,DWORD [16+edi] + mov ebx,DWORD [20+edi] + mov ecx,DWORD [24+edi] + bswap eax + mov edx,DWORD [28+edi] + bswap ebx + push eax + bswap ecx + push ebx + bswap edx + push ecx + push edx + mov eax,DWORD [32+edi] + mov ebx,DWORD [36+edi] + mov ecx,DWORD [40+edi] + bswap eax + mov edx,DWORD [44+edi] + bswap ebx + push eax + bswap ecx + push ebx + bswap edx + push ecx + push edx + mov eax,DWORD [48+edi] + mov ebx,DWORD [52+edi] + mov ecx,DWORD [56+edi] + bswap eax + mov edx,DWORD [60+edi] + bswap ebx + push eax + bswap ecx + push ebx + bswap edx + push ecx + push edx + add edi,64 + lea esp,[esp-36] + mov DWORD [104+esp],edi + mov eax,DWORD [esi] + mov ebx,DWORD [4+esi] + mov ecx,DWORD [8+esi] + mov edi,DWORD [12+esi] + mov DWORD [8+esp],ebx + xor ebx,ecx + mov DWORD [12+esp],ecx + mov DWORD [16+esp],edi + mov DWORD [esp],ebx + mov edx,DWORD [16+esi] + mov ebx,DWORD [20+esi] + mov ecx,DWORD [24+esi] + mov edi,DWORD [28+esi] + mov DWORD [24+esp],ebx + mov DWORD [28+esp],ecx + mov DWORD [32+esp],edi +align 16 +L$00700_15: + mov ecx,edx + mov esi,DWORD [24+esp] + ror ecx,14 + mov edi,DWORD [28+esp] + xor ecx,edx + xor esi,edi + mov ebx,DWORD [96+esp] + ror ecx,5 + and esi,edx + mov DWORD [20+esp],edx + xor edx,ecx + add ebx,DWORD [32+esp] + xor esi,edi + ror edx,6 + mov ecx,eax + add ebx,esi + ror ecx,9 + add ebx,edx + mov edi,DWORD [8+esp] + xor ecx,eax + mov DWORD [4+esp],eax + lea esp,[esp-4] + ror ecx,11 + mov esi,DWORD [ebp] + xor ecx,eax + mov edx,DWORD [20+esp] + xor eax,edi + ror ecx,2 + add ebx,esi + mov DWORD [esp],eax + add edx,ebx + and eax,DWORD [4+esp] + add ebx,ecx + xor eax,edi + add ebp,4 + add eax,ebx + cmp esi,3248222580 + jne NEAR L$00700_15 + mov ecx,DWORD [156+esp] + jmp NEAR L$00816_63 +align 16 +L$00816_63: + mov ebx,ecx + mov esi,DWORD [104+esp] + ror ecx,11 + mov edi,esi + ror esi,2 + xor ecx,ebx + shr ebx,3 + ror ecx,7 + xor esi,edi + xor ebx,ecx + ror esi,17 + add ebx,DWORD [160+esp] + shr edi,10 + add ebx,DWORD [124+esp] + mov ecx,edx + xor edi,esi + mov esi,DWORD [24+esp] + ror ecx,14 + add ebx,edi + mov edi,DWORD [28+esp] + xor ecx,edx + xor esi,edi + mov DWORD [96+esp],ebx + ror ecx,5 + and esi,edx + mov DWORD [20+esp],edx + xor edx,ecx + add ebx,DWORD [32+esp] + xor esi,edi + ror edx,6 + mov ecx,eax + add ebx,esi + ror ecx,9 + add ebx,edx + mov edi,DWORD [8+esp] + xor ecx,eax + mov DWORD [4+esp],eax + lea esp,[esp-4] + ror ecx,11 + mov esi,DWORD [ebp] + xor ecx,eax + mov edx,DWORD [20+esp] + xor eax,edi + ror ecx,2 + add ebx,esi + mov DWORD [esp],eax + add edx,ebx + and eax,DWORD [4+esp] + add ebx,ecx + xor eax,edi + mov ecx,DWORD [156+esp] + add ebp,4 + add eax,ebx + cmp esi,3329325298 + jne NEAR L$00816_63 + mov esi,DWORD [356+esp] + mov ebx,DWORD [8+esp] + mov ecx,DWORD [16+esp] + add eax,DWORD [esi] + add ebx,DWORD [4+esi] + add edi,DWORD [8+esi] + add ecx,DWORD [12+esi] + mov DWORD [esi],eax + mov DWORD [4+esi],ebx + mov DWORD [8+esi],edi + mov DWORD [12+esi],ecx + mov eax,DWORD [24+esp] + mov ebx,DWORD [28+esp] + mov ecx,DWORD [32+esp] + mov edi,DWORD [360+esp] + add edx,DWORD [16+esi] + add eax,DWORD [20+esi] + add ebx,DWORD [24+esi] + add ecx,DWORD [28+esi] + mov DWORD [16+esi],edx + mov DWORD [20+esi],eax + mov DWORD [24+esi],ebx + mov DWORD [28+esi],ecx + lea esp,[356+esp] + sub ebp,256 + cmp edi,DWORD [8+esp] + jb NEAR L$002loop + mov esp,DWORD [12+esp] + pop edi + pop esi + pop ebx + pop ebp + ret +align 64 +L$001K256: +dd 1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298 +dd 66051,67438087,134810123,202182159 +db 83,72,65,50,53,54,32,98,108,111,99,107,32,116,114,97 +db 110,115,102,111,114,109,32,102,111,114,32,120,56,54,44,32 +db 67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97 +db 112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103 +db 62,0 +align 16 +L$006unrolled: + lea esp,[esp-96] + mov eax,DWORD [esi] + mov ebp,DWORD [4+esi] + mov ecx,DWORD [8+esi] + mov ebx,DWORD [12+esi] + mov DWORD [4+esp],ebp + xor ebp,ecx + mov DWORD [8+esp],ecx + mov DWORD [12+esp],ebx + mov edx,DWORD [16+esi] + mov ebx,DWORD [20+esi] + mov ecx,DWORD [24+esi] + mov esi,DWORD [28+esi] + mov DWORD [20+esp],ebx + mov DWORD [24+esp],ecx + mov DWORD [28+esp],esi + jmp NEAR L$009grand_loop +align 16 +L$009grand_loop: + mov ebx,DWORD [edi] + mov ecx,DWORD [4+edi] + bswap ebx + mov esi,DWORD [8+edi] + bswap ecx + mov DWORD [32+esp],ebx + bswap esi + mov DWORD [36+esp],ecx + mov DWORD [40+esp],esi + mov ebx,DWORD [12+edi] + mov ecx,DWORD [16+edi] + bswap ebx + mov esi,DWORD [20+edi] + bswap ecx + mov DWORD [44+esp],ebx + bswap esi + mov DWORD [48+esp],ecx + mov DWORD [52+esp],esi + mov ebx,DWORD [24+edi] + mov ecx,DWORD [28+edi] + bswap ebx + mov esi,DWORD [32+edi] + bswap ecx + mov DWORD [56+esp],ebx + bswap esi + mov DWORD [60+esp],ecx + mov DWORD [64+esp],esi + mov ebx,DWORD [36+edi] + mov ecx,DWORD [40+edi] + bswap ebx + mov esi,DWORD [44+edi] + bswap ecx + mov DWORD [68+esp],ebx + bswap esi + mov DWORD [72+esp],ecx + mov DWORD [76+esp],esi + mov ebx,DWORD [48+edi] + mov ecx,DWORD [52+edi] + bswap ebx + mov esi,DWORD [56+edi] + bswap ecx + mov DWORD [80+esp],ebx + bswap esi + mov DWORD [84+esp],ecx + mov DWORD [88+esp],esi + mov ebx,DWORD [60+edi] + add edi,64 + bswap ebx + mov DWORD [100+esp],edi + mov DWORD [92+esp],ebx + mov ecx,edx + mov esi,DWORD [20+esp] + ror edx,14 + mov edi,DWORD [24+esp] + xor edx,ecx + mov ebx,DWORD [32+esp] + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [16+esp],ecx + xor edx,ecx + add ebx,DWORD [28+esp] + xor edi,esi + ror edx,6 + mov ecx,eax + add ebx,edi + ror ecx,9 + mov esi,eax + mov edi,DWORD [4+esp] + xor ecx,eax + mov DWORD [esp],eax + xor eax,edi + ror ecx,11 + and ebp,eax + lea edx,[1116352408+edx*1+ebx] + xor ecx,esi + xor ebp,edi + ror ecx,2 + add ebp,edx + add edx,DWORD [12+esp] + add ebp,ecx + mov esi,edx + mov ecx,DWORD [16+esp] + ror edx,14 + mov edi,DWORD [20+esp] + xor edx,esi + mov ebx,DWORD [36+esp] + xor ecx,edi + ror edx,5 + and ecx,esi + mov DWORD [12+esp],esi + xor edx,esi + add ebx,DWORD [24+esp] + xor edi,ecx + ror edx,6 + mov esi,ebp + add ebx,edi + ror esi,9 + mov ecx,ebp + mov edi,DWORD [esp] + xor esi,ebp + mov DWORD [28+esp],ebp + xor ebp,edi + ror esi,11 + and eax,ebp + lea edx,[1899447441+edx*1+ebx] + xor esi,ecx + xor eax,edi + ror esi,2 + add eax,edx + add edx,DWORD [8+esp] + add eax,esi + mov ecx,edx + mov esi,DWORD [12+esp] + ror edx,14 + mov edi,DWORD [16+esp] + xor edx,ecx + mov ebx,DWORD [40+esp] + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [8+esp],ecx + xor edx,ecx + add ebx,DWORD [20+esp] + xor edi,esi + ror edx,6 + mov ecx,eax + add ebx,edi + ror ecx,9 + mov esi,eax + mov edi,DWORD [28+esp] + xor ecx,eax + mov DWORD [24+esp],eax + xor eax,edi + ror ecx,11 + and ebp,eax + lea edx,[3049323471+edx*1+ebx] + xor ecx,esi + xor ebp,edi + ror ecx,2 + add ebp,edx + add edx,DWORD [4+esp] + add ebp,ecx + mov esi,edx + mov ecx,DWORD [8+esp] + ror edx,14 + mov edi,DWORD [12+esp] + xor edx,esi + mov ebx,DWORD [44+esp] + xor ecx,edi + ror edx,5 + and ecx,esi + mov DWORD [4+esp],esi + xor edx,esi + add ebx,DWORD [16+esp] + xor edi,ecx + ror edx,6 + mov esi,ebp + add ebx,edi + ror esi,9 + mov ecx,ebp + mov edi,DWORD [24+esp] + xor esi,ebp + mov DWORD [20+esp],ebp + xor ebp,edi + ror esi,11 + and eax,ebp + lea edx,[3921009573+edx*1+ebx] + xor esi,ecx + xor eax,edi + ror esi,2 + add eax,edx + add edx,DWORD [esp] + add eax,esi + mov ecx,edx + mov esi,DWORD [4+esp] + ror edx,14 + mov edi,DWORD [8+esp] + xor edx,ecx + mov ebx,DWORD [48+esp] + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [esp],ecx + xor edx,ecx + add ebx,DWORD [12+esp] + xor edi,esi + ror edx,6 + mov ecx,eax + add ebx,edi + ror ecx,9 + mov esi,eax + mov edi,DWORD [20+esp] + xor ecx,eax + mov DWORD [16+esp],eax + xor eax,edi + ror ecx,11 + and ebp,eax + lea edx,[961987163+edx*1+ebx] + xor ecx,esi + xor ebp,edi + ror ecx,2 + add ebp,edx + add edx,DWORD [28+esp] + add ebp,ecx + mov esi,edx + mov ecx,DWORD [esp] + ror edx,14 + mov edi,DWORD [4+esp] + xor edx,esi + mov ebx,DWORD [52+esp] + xor ecx,edi + ror edx,5 + and ecx,esi + mov DWORD [28+esp],esi + xor edx,esi + add ebx,DWORD [8+esp] + xor edi,ecx + ror edx,6 + mov esi,ebp + add ebx,edi + ror esi,9 + mov ecx,ebp + mov edi,DWORD [16+esp] + xor esi,ebp + mov DWORD [12+esp],ebp + xor ebp,edi + ror esi,11 + and eax,ebp + lea edx,[1508970993+edx*1+ebx] + xor esi,ecx + xor eax,edi + ror esi,2 + add eax,edx + add edx,DWORD [24+esp] + add eax,esi + mov ecx,edx + mov esi,DWORD [28+esp] + ror edx,14 + mov edi,DWORD [esp] + xor edx,ecx + mov ebx,DWORD [56+esp] + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [24+esp],ecx + xor edx,ecx + add ebx,DWORD [4+esp] + xor edi,esi + ror edx,6 + mov ecx,eax + add ebx,edi + ror ecx,9 + mov esi,eax + mov edi,DWORD [12+esp] + xor ecx,eax + mov DWORD [8+esp],eax + xor eax,edi + ror ecx,11 + and ebp,eax + lea edx,[2453635748+edx*1+ebx] + xor ecx,esi + xor ebp,edi + ror ecx,2 + add ebp,edx + add edx,DWORD [20+esp] + add ebp,ecx + mov esi,edx + mov ecx,DWORD [24+esp] + ror edx,14 + mov edi,DWORD [28+esp] + xor edx,esi + mov ebx,DWORD [60+esp] + xor ecx,edi + ror edx,5 + and ecx,esi + mov DWORD [20+esp],esi + xor edx,esi + add ebx,DWORD [esp] + xor edi,ecx + ror edx,6 + mov esi,ebp + add ebx,edi + ror esi,9 + mov ecx,ebp + mov edi,DWORD [8+esp] + xor esi,ebp + mov DWORD [4+esp],ebp + xor ebp,edi + ror esi,11 + and eax,ebp + lea edx,[2870763221+edx*1+ebx] + xor esi,ecx + xor eax,edi + ror esi,2 + add eax,edx + add edx,DWORD [16+esp] + add eax,esi + mov ecx,edx + mov esi,DWORD [20+esp] + ror edx,14 + mov edi,DWORD [24+esp] + xor edx,ecx + mov ebx,DWORD [64+esp] + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [16+esp],ecx + xor edx,ecx + add ebx,DWORD [28+esp] + xor edi,esi + ror edx,6 + mov ecx,eax + add ebx,edi + ror ecx,9 + mov esi,eax + mov edi,DWORD [4+esp] + xor ecx,eax + mov DWORD [esp],eax + xor eax,edi + ror ecx,11 + and ebp,eax + lea edx,[3624381080+edx*1+ebx] + xor ecx,esi + xor ebp,edi + ror ecx,2 + add ebp,edx + add edx,DWORD [12+esp] + add ebp,ecx + mov esi,edx + mov ecx,DWORD [16+esp] + ror edx,14 + mov edi,DWORD [20+esp] + xor edx,esi + mov ebx,DWORD [68+esp] + xor ecx,edi + ror edx,5 + and ecx,esi + mov DWORD [12+esp],esi + xor edx,esi + add ebx,DWORD [24+esp] + xor edi,ecx + ror edx,6 + mov esi,ebp + add ebx,edi + ror esi,9 + mov ecx,ebp + mov edi,DWORD [esp] + xor esi,ebp + mov DWORD [28+esp],ebp + xor ebp,edi + ror esi,11 + and eax,ebp + lea edx,[310598401+edx*1+ebx] + xor esi,ecx + xor eax,edi + ror esi,2 + add eax,edx + add edx,DWORD [8+esp] + add eax,esi + mov ecx,edx + mov esi,DWORD [12+esp] + ror edx,14 + mov edi,DWORD [16+esp] + xor edx,ecx + mov ebx,DWORD [72+esp] + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [8+esp],ecx + xor edx,ecx + add ebx,DWORD [20+esp] + xor edi,esi + ror edx,6 + mov ecx,eax + add ebx,edi + ror ecx,9 + mov esi,eax + mov edi,DWORD [28+esp] + xor ecx,eax + mov DWORD [24+esp],eax + xor eax,edi + ror ecx,11 + and ebp,eax + lea edx,[607225278+edx*1+ebx] + xor ecx,esi + xor ebp,edi + ror ecx,2 + add ebp,edx + add edx,DWORD [4+esp] + add ebp,ecx + mov esi,edx + mov ecx,DWORD [8+esp] + ror edx,14 + mov edi,DWORD [12+esp] + xor edx,esi + mov ebx,DWORD [76+esp] + xor ecx,edi + ror edx,5 + and ecx,esi + mov DWORD [4+esp],esi + xor edx,esi + add ebx,DWORD [16+esp] + xor edi,ecx + ror edx,6 + mov esi,ebp + add ebx,edi + ror esi,9 + mov ecx,ebp + mov edi,DWORD [24+esp] + xor esi,ebp + mov DWORD [20+esp],ebp + xor ebp,edi + ror esi,11 + and eax,ebp + lea edx,[1426881987+edx*1+ebx] + xor esi,ecx + xor eax,edi + ror esi,2 + add eax,edx + add edx,DWORD [esp] + add eax,esi + mov ecx,edx + mov esi,DWORD [4+esp] + ror edx,14 + mov edi,DWORD [8+esp] + xor edx,ecx + mov ebx,DWORD [80+esp] + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [esp],ecx + xor edx,ecx + add ebx,DWORD [12+esp] + xor edi,esi + ror edx,6 + mov ecx,eax + add ebx,edi + ror ecx,9 + mov esi,eax + mov edi,DWORD [20+esp] + xor ecx,eax + mov DWORD [16+esp],eax + xor eax,edi + ror ecx,11 + and ebp,eax + lea edx,[1925078388+edx*1+ebx] + xor ecx,esi + xor ebp,edi + ror ecx,2 + add ebp,edx + add edx,DWORD [28+esp] + add ebp,ecx + mov esi,edx + mov ecx,DWORD [esp] + ror edx,14 + mov edi,DWORD [4+esp] + xor edx,esi + mov ebx,DWORD [84+esp] + xor ecx,edi + ror edx,5 + and ecx,esi + mov DWORD [28+esp],esi + xor edx,esi + add ebx,DWORD [8+esp] + xor edi,ecx + ror edx,6 + mov esi,ebp + add ebx,edi + ror esi,9 + mov ecx,ebp + mov edi,DWORD [16+esp] + xor esi,ebp + mov DWORD [12+esp],ebp + xor ebp,edi + ror esi,11 + and eax,ebp + lea edx,[2162078206+edx*1+ebx] + xor esi,ecx + xor eax,edi + ror esi,2 + add eax,edx + add edx,DWORD [24+esp] + add eax,esi + mov ecx,edx + mov esi,DWORD [28+esp] + ror edx,14 + mov edi,DWORD [esp] + xor edx,ecx + mov ebx,DWORD [88+esp] + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [24+esp],ecx + xor edx,ecx + add ebx,DWORD [4+esp] + xor edi,esi + ror edx,6 + mov ecx,eax + add ebx,edi + ror ecx,9 + mov esi,eax + mov edi,DWORD [12+esp] + xor ecx,eax + mov DWORD [8+esp],eax + xor eax,edi + ror ecx,11 + and ebp,eax + lea edx,[2614888103+edx*1+ebx] + xor ecx,esi + xor ebp,edi + ror ecx,2 + add ebp,edx + add edx,DWORD [20+esp] + add ebp,ecx + mov esi,edx + mov ecx,DWORD [24+esp] + ror edx,14 + mov edi,DWORD [28+esp] + xor edx,esi + mov ebx,DWORD [92+esp] + xor ecx,edi + ror edx,5 + and ecx,esi + mov DWORD [20+esp],esi + xor edx,esi + add ebx,DWORD [esp] + xor edi,ecx + ror edx,6 + mov esi,ebp + add ebx,edi + ror esi,9 + mov ecx,ebp + mov edi,DWORD [8+esp] + xor esi,ebp + mov DWORD [4+esp],ebp + xor ebp,edi + ror esi,11 + and eax,ebp + lea edx,[3248222580+edx*1+ebx] + xor esi,ecx + xor eax,edi + mov ecx,DWORD [36+esp] + ror esi,2 + add eax,edx + add edx,DWORD [16+esp] + add eax,esi + mov esi,DWORD [88+esp] + mov ebx,ecx + ror ecx,11 + mov edi,esi + ror esi,2 + xor ecx,ebx + shr ebx,3 + ror ecx,7 + xor esi,edi + xor ebx,ecx + ror esi,17 + add ebx,DWORD [32+esp] + shr edi,10 + add ebx,DWORD [68+esp] + mov ecx,edx + xor edi,esi + mov esi,DWORD [20+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [24+esp] + xor edx,ecx + mov DWORD [32+esp],ebx + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [16+esp],ecx + xor edx,ecx + add ebx,DWORD [28+esp] + xor edi,esi + ror edx,6 + mov ecx,eax + add ebx,edi + ror ecx,9 + mov esi,eax + mov edi,DWORD [4+esp] + xor ecx,eax + mov DWORD [esp],eax + xor eax,edi + ror ecx,11 + and ebp,eax + lea edx,[3835390401+edx*1+ebx] + xor ecx,esi + xor ebp,edi + mov esi,DWORD [40+esp] + ror ecx,2 + add ebp,edx + add edx,DWORD [12+esp] + add ebp,ecx + mov ecx,DWORD [92+esp] + mov ebx,esi + ror esi,11 + mov edi,ecx + ror ecx,2 + xor esi,ebx + shr ebx,3 + ror esi,7 + xor ecx,edi + xor ebx,esi + ror ecx,17 + add ebx,DWORD [36+esp] + shr edi,10 + add ebx,DWORD [72+esp] + mov esi,edx + xor edi,ecx + mov ecx,DWORD [16+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [20+esp] + xor edx,esi + mov DWORD [36+esp],ebx + xor ecx,edi + ror edx,5 + and ecx,esi + mov DWORD [12+esp],esi + xor edx,esi + add ebx,DWORD [24+esp] + xor edi,ecx + ror edx,6 + mov esi,ebp + add ebx,edi + ror esi,9 + mov ecx,ebp + mov edi,DWORD [esp] + xor esi,ebp + mov DWORD [28+esp],ebp + xor ebp,edi + ror esi,11 + and eax,ebp + lea edx,[4022224774+edx*1+ebx] + xor esi,ecx + xor eax,edi + mov ecx,DWORD [44+esp] + ror esi,2 + add eax,edx + add edx,DWORD [8+esp] + add eax,esi + mov esi,DWORD [32+esp] + mov ebx,ecx + ror ecx,11 + mov edi,esi + ror esi,2 + xor ecx,ebx + shr ebx,3 + ror ecx,7 + xor esi,edi + xor ebx,ecx + ror esi,17 + add ebx,DWORD [40+esp] + shr edi,10 + add ebx,DWORD [76+esp] + mov ecx,edx + xor edi,esi + mov esi,DWORD [12+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [16+esp] + xor edx,ecx + mov DWORD [40+esp],ebx + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [8+esp],ecx + xor edx,ecx + add ebx,DWORD [20+esp] + xor edi,esi + ror edx,6 + mov ecx,eax + add ebx,edi + ror ecx,9 + mov esi,eax + mov edi,DWORD [28+esp] + xor ecx,eax + mov DWORD [24+esp],eax + xor eax,edi + ror ecx,11 + and ebp,eax + lea edx,[264347078+edx*1+ebx] + xor ecx,esi + xor ebp,edi + mov esi,DWORD [48+esp] + ror ecx,2 + add ebp,edx + add edx,DWORD [4+esp] + add ebp,ecx + mov ecx,DWORD [36+esp] + mov ebx,esi + ror esi,11 + mov edi,ecx + ror ecx,2 + xor esi,ebx + shr ebx,3 + ror esi,7 + xor ecx,edi + xor ebx,esi + ror ecx,17 + add ebx,DWORD [44+esp] + shr edi,10 + add ebx,DWORD [80+esp] + mov esi,edx + xor edi,ecx + mov ecx,DWORD [8+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [12+esp] + xor edx,esi + mov DWORD [44+esp],ebx + xor ecx,edi + ror edx,5 + and ecx,esi + mov DWORD [4+esp],esi + xor edx,esi + add ebx,DWORD [16+esp] + xor edi,ecx + ror edx,6 + mov esi,ebp + add ebx,edi + ror esi,9 + mov ecx,ebp + mov edi,DWORD [24+esp] + xor esi,ebp + mov DWORD [20+esp],ebp + xor ebp,edi + ror esi,11 + and eax,ebp + lea edx,[604807628+edx*1+ebx] + xor esi,ecx + xor eax,edi + mov ecx,DWORD [52+esp] + ror esi,2 + add eax,edx + add edx,DWORD [esp] + add eax,esi + mov esi,DWORD [40+esp] + mov ebx,ecx + ror ecx,11 + mov edi,esi + ror esi,2 + xor ecx,ebx + shr ebx,3 + ror ecx,7 + xor esi,edi + xor ebx,ecx + ror esi,17 + add ebx,DWORD [48+esp] + shr edi,10 + add ebx,DWORD [84+esp] + mov ecx,edx + xor edi,esi + mov esi,DWORD [4+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [8+esp] + xor edx,ecx + mov DWORD [48+esp],ebx + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [esp],ecx + xor edx,ecx + add ebx,DWORD [12+esp] + xor edi,esi + ror edx,6 + mov ecx,eax + add ebx,edi + ror ecx,9 + mov esi,eax + mov edi,DWORD [20+esp] + xor ecx,eax + mov DWORD [16+esp],eax + xor eax,edi + ror ecx,11 + and ebp,eax + lea edx,[770255983+edx*1+ebx] + xor ecx,esi + xor ebp,edi + mov esi,DWORD [56+esp] + ror ecx,2 + add ebp,edx + add edx,DWORD [28+esp] + add ebp,ecx + mov ecx,DWORD [44+esp] + mov ebx,esi + ror esi,11 + mov edi,ecx + ror ecx,2 + xor esi,ebx + shr ebx,3 + ror esi,7 + xor ecx,edi + xor ebx,esi + ror ecx,17 + add ebx,DWORD [52+esp] + shr edi,10 + add ebx,DWORD [88+esp] + mov esi,edx + xor edi,ecx + mov ecx,DWORD [esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [4+esp] + xor edx,esi + mov DWORD [52+esp],ebx + xor ecx,edi + ror edx,5 + and ecx,esi + mov DWORD [28+esp],esi + xor edx,esi + add ebx,DWORD [8+esp] + xor edi,ecx + ror edx,6 + mov esi,ebp + add ebx,edi + ror esi,9 + mov ecx,ebp + mov edi,DWORD [16+esp] + xor esi,ebp + mov DWORD [12+esp],ebp + xor ebp,edi + ror esi,11 + and eax,ebp + lea edx,[1249150122+edx*1+ebx] + xor esi,ecx + xor eax,edi + mov ecx,DWORD [60+esp] + ror esi,2 + add eax,edx + add edx,DWORD [24+esp] + add eax,esi + mov esi,DWORD [48+esp] + mov ebx,ecx + ror ecx,11 + mov edi,esi + ror esi,2 + xor ecx,ebx + shr ebx,3 + ror ecx,7 + xor esi,edi + xor ebx,ecx + ror esi,17 + add ebx,DWORD [56+esp] + shr edi,10 + add ebx,DWORD [92+esp] + mov ecx,edx + xor edi,esi + mov esi,DWORD [28+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [esp] + xor edx,ecx + mov DWORD [56+esp],ebx + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [24+esp],ecx + xor edx,ecx + add ebx,DWORD [4+esp] + xor edi,esi + ror edx,6 + mov ecx,eax + add ebx,edi + ror ecx,9 + mov esi,eax + mov edi,DWORD [12+esp] + xor ecx,eax + mov DWORD [8+esp],eax + xor eax,edi + ror ecx,11 + and ebp,eax + lea edx,[1555081692+edx*1+ebx] + xor ecx,esi + xor ebp,edi + mov esi,DWORD [64+esp] + ror ecx,2 + add ebp,edx + add edx,DWORD [20+esp] + add ebp,ecx + mov ecx,DWORD [52+esp] + mov ebx,esi + ror esi,11 + mov edi,ecx + ror ecx,2 + xor esi,ebx + shr ebx,3 + ror esi,7 + xor ecx,edi + xor ebx,esi + ror ecx,17 + add ebx,DWORD [60+esp] + shr edi,10 + add ebx,DWORD [32+esp] + mov esi,edx + xor edi,ecx + mov ecx,DWORD [24+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [28+esp] + xor edx,esi + mov DWORD [60+esp],ebx + xor ecx,edi + ror edx,5 + and ecx,esi + mov DWORD [20+esp],esi + xor edx,esi + add ebx,DWORD [esp] + xor edi,ecx + ror edx,6 + mov esi,ebp + add ebx,edi + ror esi,9 + mov ecx,ebp + mov edi,DWORD [8+esp] + xor esi,ebp + mov DWORD [4+esp],ebp + xor ebp,edi + ror esi,11 + and eax,ebp + lea edx,[1996064986+edx*1+ebx] + xor esi,ecx + xor eax,edi + mov ecx,DWORD [68+esp] + ror esi,2 + add eax,edx + add edx,DWORD [16+esp] + add eax,esi + mov esi,DWORD [56+esp] + mov ebx,ecx + ror ecx,11 + mov edi,esi + ror esi,2 + xor ecx,ebx + shr ebx,3 + ror ecx,7 + xor esi,edi + xor ebx,ecx + ror esi,17 + add ebx,DWORD [64+esp] + shr edi,10 + add ebx,DWORD [36+esp] + mov ecx,edx + xor edi,esi + mov esi,DWORD [20+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [24+esp] + xor edx,ecx + mov DWORD [64+esp],ebx + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [16+esp],ecx + xor edx,ecx + add ebx,DWORD [28+esp] + xor edi,esi + ror edx,6 + mov ecx,eax + add ebx,edi + ror ecx,9 + mov esi,eax + mov edi,DWORD [4+esp] + xor ecx,eax + mov DWORD [esp],eax + xor eax,edi + ror ecx,11 + and ebp,eax + lea edx,[2554220882+edx*1+ebx] + xor ecx,esi + xor ebp,edi + mov esi,DWORD [72+esp] + ror ecx,2 + add ebp,edx + add edx,DWORD [12+esp] + add ebp,ecx + mov ecx,DWORD [60+esp] + mov ebx,esi + ror esi,11 + mov edi,ecx + ror ecx,2 + xor esi,ebx + shr ebx,3 + ror esi,7 + xor ecx,edi + xor ebx,esi + ror ecx,17 + add ebx,DWORD [68+esp] + shr edi,10 + add ebx,DWORD [40+esp] + mov esi,edx + xor edi,ecx + mov ecx,DWORD [16+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [20+esp] + xor edx,esi + mov DWORD [68+esp],ebx + xor ecx,edi + ror edx,5 + and ecx,esi + mov DWORD [12+esp],esi + xor edx,esi + add ebx,DWORD [24+esp] + xor edi,ecx + ror edx,6 + mov esi,ebp + add ebx,edi + ror esi,9 + mov ecx,ebp + mov edi,DWORD [esp] + xor esi,ebp + mov DWORD [28+esp],ebp + xor ebp,edi + ror esi,11 + and eax,ebp + lea edx,[2821834349+edx*1+ebx] + xor esi,ecx + xor eax,edi + mov ecx,DWORD [76+esp] + ror esi,2 + add eax,edx + add edx,DWORD [8+esp] + add eax,esi + mov esi,DWORD [64+esp] + mov ebx,ecx + ror ecx,11 + mov edi,esi + ror esi,2 + xor ecx,ebx + shr ebx,3 + ror ecx,7 + xor esi,edi + xor ebx,ecx + ror esi,17 + add ebx,DWORD [72+esp] + shr edi,10 + add ebx,DWORD [44+esp] + mov ecx,edx + xor edi,esi + mov esi,DWORD [12+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [16+esp] + xor edx,ecx + mov DWORD [72+esp],ebx + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [8+esp],ecx + xor edx,ecx + add ebx,DWORD [20+esp] + xor edi,esi + ror edx,6 + mov ecx,eax + add ebx,edi + ror ecx,9 + mov esi,eax + mov edi,DWORD [28+esp] + xor ecx,eax + mov DWORD [24+esp],eax + xor eax,edi + ror ecx,11 + and ebp,eax + lea edx,[2952996808+edx*1+ebx] + xor ecx,esi + xor ebp,edi + mov esi,DWORD [80+esp] + ror ecx,2 + add ebp,edx + add edx,DWORD [4+esp] + add ebp,ecx + mov ecx,DWORD [68+esp] + mov ebx,esi + ror esi,11 + mov edi,ecx + ror ecx,2 + xor esi,ebx + shr ebx,3 + ror esi,7 + xor ecx,edi + xor ebx,esi + ror ecx,17 + add ebx,DWORD [76+esp] + shr edi,10 + add ebx,DWORD [48+esp] + mov esi,edx + xor edi,ecx + mov ecx,DWORD [8+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [12+esp] + xor edx,esi + mov DWORD [76+esp],ebx + xor ecx,edi + ror edx,5 + and ecx,esi + mov DWORD [4+esp],esi + xor edx,esi + add ebx,DWORD [16+esp] + xor edi,ecx + ror edx,6 + mov esi,ebp + add ebx,edi + ror esi,9 + mov ecx,ebp + mov edi,DWORD [24+esp] + xor esi,ebp + mov DWORD [20+esp],ebp + xor ebp,edi + ror esi,11 + and eax,ebp + lea edx,[3210313671+edx*1+ebx] + xor esi,ecx + xor eax,edi + mov ecx,DWORD [84+esp] + ror esi,2 + add eax,edx + add edx,DWORD [esp] + add eax,esi + mov esi,DWORD [72+esp] + mov ebx,ecx + ror ecx,11 + mov edi,esi + ror esi,2 + xor ecx,ebx + shr ebx,3 + ror ecx,7 + xor esi,edi + xor ebx,ecx + ror esi,17 + add ebx,DWORD [80+esp] + shr edi,10 + add ebx,DWORD [52+esp] + mov ecx,edx + xor edi,esi + mov esi,DWORD [4+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [8+esp] + xor edx,ecx + mov DWORD [80+esp],ebx + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [esp],ecx + xor edx,ecx + add ebx,DWORD [12+esp] + xor edi,esi + ror edx,6 + mov ecx,eax + add ebx,edi + ror ecx,9 + mov esi,eax + mov edi,DWORD [20+esp] + xor ecx,eax + mov DWORD [16+esp],eax + xor eax,edi + ror ecx,11 + and ebp,eax + lea edx,[3336571891+edx*1+ebx] + xor ecx,esi + xor ebp,edi + mov esi,DWORD [88+esp] + ror ecx,2 + add ebp,edx + add edx,DWORD [28+esp] + add ebp,ecx + mov ecx,DWORD [76+esp] + mov ebx,esi + ror esi,11 + mov edi,ecx + ror ecx,2 + xor esi,ebx + shr ebx,3 + ror esi,7 + xor ecx,edi + xor ebx,esi + ror ecx,17 + add ebx,DWORD [84+esp] + shr edi,10 + add ebx,DWORD [56+esp] + mov esi,edx + xor edi,ecx + mov ecx,DWORD [esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [4+esp] + xor edx,esi + mov DWORD [84+esp],ebx + xor ecx,edi + ror edx,5 + and ecx,esi + mov DWORD [28+esp],esi + xor edx,esi + add ebx,DWORD [8+esp] + xor edi,ecx + ror edx,6 + mov esi,ebp + add ebx,edi + ror esi,9 + mov ecx,ebp + mov edi,DWORD [16+esp] + xor esi,ebp + mov DWORD [12+esp],ebp + xor ebp,edi + ror esi,11 + and eax,ebp + lea edx,[3584528711+edx*1+ebx] + xor esi,ecx + xor eax,edi + mov ecx,DWORD [92+esp] + ror esi,2 + add eax,edx + add edx,DWORD [24+esp] + add eax,esi + mov esi,DWORD [80+esp] + mov ebx,ecx + ror ecx,11 + mov edi,esi + ror esi,2 + xor ecx,ebx + shr ebx,3 + ror ecx,7 + xor esi,edi + xor ebx,ecx + ror esi,17 + add ebx,DWORD [88+esp] + shr edi,10 + add ebx,DWORD [60+esp] + mov ecx,edx + xor edi,esi + mov esi,DWORD [28+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [esp] + xor edx,ecx + mov DWORD [88+esp],ebx + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [24+esp],ecx + xor edx,ecx + add ebx,DWORD [4+esp] + xor edi,esi + ror edx,6 + mov ecx,eax + add ebx,edi + ror ecx,9 + mov esi,eax + mov edi,DWORD [12+esp] + xor ecx,eax + mov DWORD [8+esp],eax + xor eax,edi + ror ecx,11 + and ebp,eax + lea edx,[113926993+edx*1+ebx] + xor ecx,esi + xor ebp,edi + mov esi,DWORD [32+esp] + ror ecx,2 + add ebp,edx + add edx,DWORD [20+esp] + add ebp,ecx + mov ecx,DWORD [84+esp] + mov ebx,esi + ror esi,11 + mov edi,ecx + ror ecx,2 + xor esi,ebx + shr ebx,3 + ror esi,7 + xor ecx,edi + xor ebx,esi + ror ecx,17 + add ebx,DWORD [92+esp] + shr edi,10 + add ebx,DWORD [64+esp] + mov esi,edx + xor edi,ecx + mov ecx,DWORD [24+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [28+esp] + xor edx,esi + mov DWORD [92+esp],ebx + xor ecx,edi + ror edx,5 + and ecx,esi + mov DWORD [20+esp],esi + xor edx,esi + add ebx,DWORD [esp] + xor edi,ecx + ror edx,6 + mov esi,ebp + add ebx,edi + ror esi,9 + mov ecx,ebp + mov edi,DWORD [8+esp] + xor esi,ebp + mov DWORD [4+esp],ebp + xor ebp,edi + ror esi,11 + and eax,ebp + lea edx,[338241895+edx*1+ebx] + xor esi,ecx + xor eax,edi + mov ecx,DWORD [36+esp] + ror esi,2 + add eax,edx + add edx,DWORD [16+esp] + add eax,esi + mov esi,DWORD [88+esp] + mov ebx,ecx + ror ecx,11 + mov edi,esi + ror esi,2 + xor ecx,ebx + shr ebx,3 + ror ecx,7 + xor esi,edi + xor ebx,ecx + ror esi,17 + add ebx,DWORD [32+esp] + shr edi,10 + add ebx,DWORD [68+esp] + mov ecx,edx + xor edi,esi + mov esi,DWORD [20+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [24+esp] + xor edx,ecx + mov DWORD [32+esp],ebx + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [16+esp],ecx + xor edx,ecx + add ebx,DWORD [28+esp] + xor edi,esi + ror edx,6 + mov ecx,eax + add ebx,edi + ror ecx,9 + mov esi,eax + mov edi,DWORD [4+esp] + xor ecx,eax + mov DWORD [esp],eax + xor eax,edi + ror ecx,11 + and ebp,eax + lea edx,[666307205+edx*1+ebx] + xor ecx,esi + xor ebp,edi + mov esi,DWORD [40+esp] + ror ecx,2 + add ebp,edx + add edx,DWORD [12+esp] + add ebp,ecx + mov ecx,DWORD [92+esp] + mov ebx,esi + ror esi,11 + mov edi,ecx + ror ecx,2 + xor esi,ebx + shr ebx,3 + ror esi,7 + xor ecx,edi + xor ebx,esi + ror ecx,17 + add ebx,DWORD [36+esp] + shr edi,10 + add ebx,DWORD [72+esp] + mov esi,edx + xor edi,ecx + mov ecx,DWORD [16+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [20+esp] + xor edx,esi + mov DWORD [36+esp],ebx + xor ecx,edi + ror edx,5 + and ecx,esi + mov DWORD [12+esp],esi + xor edx,esi + add ebx,DWORD [24+esp] + xor edi,ecx + ror edx,6 + mov esi,ebp + add ebx,edi + ror esi,9 + mov ecx,ebp + mov edi,DWORD [esp] + xor esi,ebp + mov DWORD [28+esp],ebp + xor ebp,edi + ror esi,11 + and eax,ebp + lea edx,[773529912+edx*1+ebx] + xor esi,ecx + xor eax,edi + mov ecx,DWORD [44+esp] + ror esi,2 + add eax,edx + add edx,DWORD [8+esp] + add eax,esi + mov esi,DWORD [32+esp] + mov ebx,ecx + ror ecx,11 + mov edi,esi + ror esi,2 + xor ecx,ebx + shr ebx,3 + ror ecx,7 + xor esi,edi + xor ebx,ecx + ror esi,17 + add ebx,DWORD [40+esp] + shr edi,10 + add ebx,DWORD [76+esp] + mov ecx,edx + xor edi,esi + mov esi,DWORD [12+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [16+esp] + xor edx,ecx + mov DWORD [40+esp],ebx + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [8+esp],ecx + xor edx,ecx + add ebx,DWORD [20+esp] + xor edi,esi + ror edx,6 + mov ecx,eax + add ebx,edi + ror ecx,9 + mov esi,eax + mov edi,DWORD [28+esp] + xor ecx,eax + mov DWORD [24+esp],eax + xor eax,edi + ror ecx,11 + and ebp,eax + lea edx,[1294757372+edx*1+ebx] + xor ecx,esi + xor ebp,edi + mov esi,DWORD [48+esp] + ror ecx,2 + add ebp,edx + add edx,DWORD [4+esp] + add ebp,ecx + mov ecx,DWORD [36+esp] + mov ebx,esi + ror esi,11 + mov edi,ecx + ror ecx,2 + xor esi,ebx + shr ebx,3 + ror esi,7 + xor ecx,edi + xor ebx,esi + ror ecx,17 + add ebx,DWORD [44+esp] + shr edi,10 + add ebx,DWORD [80+esp] + mov esi,edx + xor edi,ecx + mov ecx,DWORD [8+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [12+esp] + xor edx,esi + mov DWORD [44+esp],ebx + xor ecx,edi + ror edx,5 + and ecx,esi + mov DWORD [4+esp],esi + xor edx,esi + add ebx,DWORD [16+esp] + xor edi,ecx + ror edx,6 + mov esi,ebp + add ebx,edi + ror esi,9 + mov ecx,ebp + mov edi,DWORD [24+esp] + xor esi,ebp + mov DWORD [20+esp],ebp + xor ebp,edi + ror esi,11 + and eax,ebp + lea edx,[1396182291+edx*1+ebx] + xor esi,ecx + xor eax,edi + mov ecx,DWORD [52+esp] + ror esi,2 + add eax,edx + add edx,DWORD [esp] + add eax,esi + mov esi,DWORD [40+esp] + mov ebx,ecx + ror ecx,11 + mov edi,esi + ror esi,2 + xor ecx,ebx + shr ebx,3 + ror ecx,7 + xor esi,edi + xor ebx,ecx + ror esi,17 + add ebx,DWORD [48+esp] + shr edi,10 + add ebx,DWORD [84+esp] + mov ecx,edx + xor edi,esi + mov esi,DWORD [4+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [8+esp] + xor edx,ecx + mov DWORD [48+esp],ebx + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [esp],ecx + xor edx,ecx + add ebx,DWORD [12+esp] + xor edi,esi + ror edx,6 + mov ecx,eax + add ebx,edi + ror ecx,9 + mov esi,eax + mov edi,DWORD [20+esp] + xor ecx,eax + mov DWORD [16+esp],eax + xor eax,edi + ror ecx,11 + and ebp,eax + lea edx,[1695183700+edx*1+ebx] + xor ecx,esi + xor ebp,edi + mov esi,DWORD [56+esp] + ror ecx,2 + add ebp,edx + add edx,DWORD [28+esp] + add ebp,ecx + mov ecx,DWORD [44+esp] + mov ebx,esi + ror esi,11 + mov edi,ecx + ror ecx,2 + xor esi,ebx + shr ebx,3 + ror esi,7 + xor ecx,edi + xor ebx,esi + ror ecx,17 + add ebx,DWORD [52+esp] + shr edi,10 + add ebx,DWORD [88+esp] + mov esi,edx + xor edi,ecx + mov ecx,DWORD [esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [4+esp] + xor edx,esi + mov DWORD [52+esp],ebx + xor ecx,edi + ror edx,5 + and ecx,esi + mov DWORD [28+esp],esi + xor edx,esi + add ebx,DWORD [8+esp] + xor edi,ecx + ror edx,6 + mov esi,ebp + add ebx,edi + ror esi,9 + mov ecx,ebp + mov edi,DWORD [16+esp] + xor esi,ebp + mov DWORD [12+esp],ebp + xor ebp,edi + ror esi,11 + and eax,ebp + lea edx,[1986661051+edx*1+ebx] + xor esi,ecx + xor eax,edi + mov ecx,DWORD [60+esp] + ror esi,2 + add eax,edx + add edx,DWORD [24+esp] + add eax,esi + mov esi,DWORD [48+esp] + mov ebx,ecx + ror ecx,11 + mov edi,esi + ror esi,2 + xor ecx,ebx + shr ebx,3 + ror ecx,7 + xor esi,edi + xor ebx,ecx + ror esi,17 + add ebx,DWORD [56+esp] + shr edi,10 + add ebx,DWORD [92+esp] + mov ecx,edx + xor edi,esi + mov esi,DWORD [28+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [esp] + xor edx,ecx + mov DWORD [56+esp],ebx + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [24+esp],ecx + xor edx,ecx + add ebx,DWORD [4+esp] + xor edi,esi + ror edx,6 + mov ecx,eax + add ebx,edi + ror ecx,9 + mov esi,eax + mov edi,DWORD [12+esp] + xor ecx,eax + mov DWORD [8+esp],eax + xor eax,edi + ror ecx,11 + and ebp,eax + lea edx,[2177026350+edx*1+ebx] + xor ecx,esi + xor ebp,edi + mov esi,DWORD [64+esp] + ror ecx,2 + add ebp,edx + add edx,DWORD [20+esp] + add ebp,ecx + mov ecx,DWORD [52+esp] + mov ebx,esi + ror esi,11 + mov edi,ecx + ror ecx,2 + xor esi,ebx + shr ebx,3 + ror esi,7 + xor ecx,edi + xor ebx,esi + ror ecx,17 + add ebx,DWORD [60+esp] + shr edi,10 + add ebx,DWORD [32+esp] + mov esi,edx + xor edi,ecx + mov ecx,DWORD [24+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [28+esp] + xor edx,esi + mov DWORD [60+esp],ebx + xor ecx,edi + ror edx,5 + and ecx,esi + mov DWORD [20+esp],esi + xor edx,esi + add ebx,DWORD [esp] + xor edi,ecx + ror edx,6 + mov esi,ebp + add ebx,edi + ror esi,9 + mov ecx,ebp + mov edi,DWORD [8+esp] + xor esi,ebp + mov DWORD [4+esp],ebp + xor ebp,edi + ror esi,11 + and eax,ebp + lea edx,[2456956037+edx*1+ebx] + xor esi,ecx + xor eax,edi + mov ecx,DWORD [68+esp] + ror esi,2 + add eax,edx + add edx,DWORD [16+esp] + add eax,esi + mov esi,DWORD [56+esp] + mov ebx,ecx + ror ecx,11 + mov edi,esi + ror esi,2 + xor ecx,ebx + shr ebx,3 + ror ecx,7 + xor esi,edi + xor ebx,ecx + ror esi,17 + add ebx,DWORD [64+esp] + shr edi,10 + add ebx,DWORD [36+esp] + mov ecx,edx + xor edi,esi + mov esi,DWORD [20+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [24+esp] + xor edx,ecx + mov DWORD [64+esp],ebx + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [16+esp],ecx + xor edx,ecx + add ebx,DWORD [28+esp] + xor edi,esi + ror edx,6 + mov ecx,eax + add ebx,edi + ror ecx,9 + mov esi,eax + mov edi,DWORD [4+esp] + xor ecx,eax + mov DWORD [esp],eax + xor eax,edi + ror ecx,11 + and ebp,eax + lea edx,[2730485921+edx*1+ebx] + xor ecx,esi + xor ebp,edi + mov esi,DWORD [72+esp] + ror ecx,2 + add ebp,edx + add edx,DWORD [12+esp] + add ebp,ecx + mov ecx,DWORD [60+esp] + mov ebx,esi + ror esi,11 + mov edi,ecx + ror ecx,2 + xor esi,ebx + shr ebx,3 + ror esi,7 + xor ecx,edi + xor ebx,esi + ror ecx,17 + add ebx,DWORD [68+esp] + shr edi,10 + add ebx,DWORD [40+esp] + mov esi,edx + xor edi,ecx + mov ecx,DWORD [16+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [20+esp] + xor edx,esi + mov DWORD [68+esp],ebx + xor ecx,edi + ror edx,5 + and ecx,esi + mov DWORD [12+esp],esi + xor edx,esi + add ebx,DWORD [24+esp] + xor edi,ecx + ror edx,6 + mov esi,ebp + add ebx,edi + ror esi,9 + mov ecx,ebp + mov edi,DWORD [esp] + xor esi,ebp + mov DWORD [28+esp],ebp + xor ebp,edi + ror esi,11 + and eax,ebp + lea edx,[2820302411+edx*1+ebx] + xor esi,ecx + xor eax,edi + mov ecx,DWORD [76+esp] + ror esi,2 + add eax,edx + add edx,DWORD [8+esp] + add eax,esi + mov esi,DWORD [64+esp] + mov ebx,ecx + ror ecx,11 + mov edi,esi + ror esi,2 + xor ecx,ebx + shr ebx,3 + ror ecx,7 + xor esi,edi + xor ebx,ecx + ror esi,17 + add ebx,DWORD [72+esp] + shr edi,10 + add ebx,DWORD [44+esp] + mov ecx,edx + xor edi,esi + mov esi,DWORD [12+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [16+esp] + xor edx,ecx + mov DWORD [72+esp],ebx + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [8+esp],ecx + xor edx,ecx + add ebx,DWORD [20+esp] + xor edi,esi + ror edx,6 + mov ecx,eax + add ebx,edi + ror ecx,9 + mov esi,eax + mov edi,DWORD [28+esp] + xor ecx,eax + mov DWORD [24+esp],eax + xor eax,edi + ror ecx,11 + and ebp,eax + lea edx,[3259730800+edx*1+ebx] + xor ecx,esi + xor ebp,edi + mov esi,DWORD [80+esp] + ror ecx,2 + add ebp,edx + add edx,DWORD [4+esp] + add ebp,ecx + mov ecx,DWORD [68+esp] + mov ebx,esi + ror esi,11 + mov edi,ecx + ror ecx,2 + xor esi,ebx + shr ebx,3 + ror esi,7 + xor ecx,edi + xor ebx,esi + ror ecx,17 + add ebx,DWORD [76+esp] + shr edi,10 + add ebx,DWORD [48+esp] + mov esi,edx + xor edi,ecx + mov ecx,DWORD [8+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [12+esp] + xor edx,esi + mov DWORD [76+esp],ebx + xor ecx,edi + ror edx,5 + and ecx,esi + mov DWORD [4+esp],esi + xor edx,esi + add ebx,DWORD [16+esp] + xor edi,ecx + ror edx,6 + mov esi,ebp + add ebx,edi + ror esi,9 + mov ecx,ebp + mov edi,DWORD [24+esp] + xor esi,ebp + mov DWORD [20+esp],ebp + xor ebp,edi + ror esi,11 + and eax,ebp + lea edx,[3345764771+edx*1+ebx] + xor esi,ecx + xor eax,edi + mov ecx,DWORD [84+esp] + ror esi,2 + add eax,edx + add edx,DWORD [esp] + add eax,esi + mov esi,DWORD [72+esp] + mov ebx,ecx + ror ecx,11 + mov edi,esi + ror esi,2 + xor ecx,ebx + shr ebx,3 + ror ecx,7 + xor esi,edi + xor ebx,ecx + ror esi,17 + add ebx,DWORD [80+esp] + shr edi,10 + add ebx,DWORD [52+esp] + mov ecx,edx + xor edi,esi + mov esi,DWORD [4+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [8+esp] + xor edx,ecx + mov DWORD [80+esp],ebx + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [esp],ecx + xor edx,ecx + add ebx,DWORD [12+esp] + xor edi,esi + ror edx,6 + mov ecx,eax + add ebx,edi + ror ecx,9 + mov esi,eax + mov edi,DWORD [20+esp] + xor ecx,eax + mov DWORD [16+esp],eax + xor eax,edi + ror ecx,11 + and ebp,eax + lea edx,[3516065817+edx*1+ebx] + xor ecx,esi + xor ebp,edi + mov esi,DWORD [88+esp] + ror ecx,2 + add ebp,edx + add edx,DWORD [28+esp] + add ebp,ecx + mov ecx,DWORD [76+esp] + mov ebx,esi + ror esi,11 + mov edi,ecx + ror ecx,2 + xor esi,ebx + shr ebx,3 + ror esi,7 + xor ecx,edi + xor ebx,esi + ror ecx,17 + add ebx,DWORD [84+esp] + shr edi,10 + add ebx,DWORD [56+esp] + mov esi,edx + xor edi,ecx + mov ecx,DWORD [esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [4+esp] + xor edx,esi + mov DWORD [84+esp],ebx + xor ecx,edi + ror edx,5 + and ecx,esi + mov DWORD [28+esp],esi + xor edx,esi + add ebx,DWORD [8+esp] + xor edi,ecx + ror edx,6 + mov esi,ebp + add ebx,edi + ror esi,9 + mov ecx,ebp + mov edi,DWORD [16+esp] + xor esi,ebp + mov DWORD [12+esp],ebp + xor ebp,edi + ror esi,11 + and eax,ebp + lea edx,[3600352804+edx*1+ebx] + xor esi,ecx + xor eax,edi + mov ecx,DWORD [92+esp] + ror esi,2 + add eax,edx + add edx,DWORD [24+esp] + add eax,esi + mov esi,DWORD [80+esp] + mov ebx,ecx + ror ecx,11 + mov edi,esi + ror esi,2 + xor ecx,ebx + shr ebx,3 + ror ecx,7 + xor esi,edi + xor ebx,ecx + ror esi,17 + add ebx,DWORD [88+esp] + shr edi,10 + add ebx,DWORD [60+esp] + mov ecx,edx + xor edi,esi + mov esi,DWORD [28+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [esp] + xor edx,ecx + mov DWORD [88+esp],ebx + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [24+esp],ecx + xor edx,ecx + add ebx,DWORD [4+esp] + xor edi,esi + ror edx,6 + mov ecx,eax + add ebx,edi + ror ecx,9 + mov esi,eax + mov edi,DWORD [12+esp] + xor ecx,eax + mov DWORD [8+esp],eax + xor eax,edi + ror ecx,11 + and ebp,eax + lea edx,[4094571909+edx*1+ebx] + xor ecx,esi + xor ebp,edi + mov esi,DWORD [32+esp] + ror ecx,2 + add ebp,edx + add edx,DWORD [20+esp] + add ebp,ecx + mov ecx,DWORD [84+esp] + mov ebx,esi + ror esi,11 + mov edi,ecx + ror ecx,2 + xor esi,ebx + shr ebx,3 + ror esi,7 + xor ecx,edi + xor ebx,esi + ror ecx,17 + add ebx,DWORD [92+esp] + shr edi,10 + add ebx,DWORD [64+esp] + mov esi,edx + xor edi,ecx + mov ecx,DWORD [24+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [28+esp] + xor edx,esi + mov DWORD [92+esp],ebx + xor ecx,edi + ror edx,5 + and ecx,esi + mov DWORD [20+esp],esi + xor edx,esi + add ebx,DWORD [esp] + xor edi,ecx + ror edx,6 + mov esi,ebp + add ebx,edi + ror esi,9 + mov ecx,ebp + mov edi,DWORD [8+esp] + xor esi,ebp + mov DWORD [4+esp],ebp + xor ebp,edi + ror esi,11 + and eax,ebp + lea edx,[275423344+edx*1+ebx] + xor esi,ecx + xor eax,edi + mov ecx,DWORD [36+esp] + ror esi,2 + add eax,edx + add edx,DWORD [16+esp] + add eax,esi + mov esi,DWORD [88+esp] + mov ebx,ecx + ror ecx,11 + mov edi,esi + ror esi,2 + xor ecx,ebx + shr ebx,3 + ror ecx,7 + xor esi,edi + xor ebx,ecx + ror esi,17 + add ebx,DWORD [32+esp] + shr edi,10 + add ebx,DWORD [68+esp] + mov ecx,edx + xor edi,esi + mov esi,DWORD [20+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [24+esp] + xor edx,ecx + mov DWORD [32+esp],ebx + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [16+esp],ecx + xor edx,ecx + add ebx,DWORD [28+esp] + xor edi,esi + ror edx,6 + mov ecx,eax + add ebx,edi + ror ecx,9 + mov esi,eax + mov edi,DWORD [4+esp] + xor ecx,eax + mov DWORD [esp],eax + xor eax,edi + ror ecx,11 + and ebp,eax + lea edx,[430227734+edx*1+ebx] + xor ecx,esi + xor ebp,edi + mov esi,DWORD [40+esp] + ror ecx,2 + add ebp,edx + add edx,DWORD [12+esp] + add ebp,ecx + mov ecx,DWORD [92+esp] + mov ebx,esi + ror esi,11 + mov edi,ecx + ror ecx,2 + xor esi,ebx + shr ebx,3 + ror esi,7 + xor ecx,edi + xor ebx,esi + ror ecx,17 + add ebx,DWORD [36+esp] + shr edi,10 + add ebx,DWORD [72+esp] + mov esi,edx + xor edi,ecx + mov ecx,DWORD [16+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [20+esp] + xor edx,esi + mov DWORD [36+esp],ebx + xor ecx,edi + ror edx,5 + and ecx,esi + mov DWORD [12+esp],esi + xor edx,esi + add ebx,DWORD [24+esp] + xor edi,ecx + ror edx,6 + mov esi,ebp + add ebx,edi + ror esi,9 + mov ecx,ebp + mov edi,DWORD [esp] + xor esi,ebp + mov DWORD [28+esp],ebp + xor ebp,edi + ror esi,11 + and eax,ebp + lea edx,[506948616+edx*1+ebx] + xor esi,ecx + xor eax,edi + mov ecx,DWORD [44+esp] + ror esi,2 + add eax,edx + add edx,DWORD [8+esp] + add eax,esi + mov esi,DWORD [32+esp] + mov ebx,ecx + ror ecx,11 + mov edi,esi + ror esi,2 + xor ecx,ebx + shr ebx,3 + ror ecx,7 + xor esi,edi + xor ebx,ecx + ror esi,17 + add ebx,DWORD [40+esp] + shr edi,10 + add ebx,DWORD [76+esp] + mov ecx,edx + xor edi,esi + mov esi,DWORD [12+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [16+esp] + xor edx,ecx + mov DWORD [40+esp],ebx + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [8+esp],ecx + xor edx,ecx + add ebx,DWORD [20+esp] + xor edi,esi + ror edx,6 + mov ecx,eax + add ebx,edi + ror ecx,9 + mov esi,eax + mov edi,DWORD [28+esp] + xor ecx,eax + mov DWORD [24+esp],eax + xor eax,edi + ror ecx,11 + and ebp,eax + lea edx,[659060556+edx*1+ebx] + xor ecx,esi + xor ebp,edi + mov esi,DWORD [48+esp] + ror ecx,2 + add ebp,edx + add edx,DWORD [4+esp] + add ebp,ecx + mov ecx,DWORD [36+esp] + mov ebx,esi + ror esi,11 + mov edi,ecx + ror ecx,2 + xor esi,ebx + shr ebx,3 + ror esi,7 + xor ecx,edi + xor ebx,esi + ror ecx,17 + add ebx,DWORD [44+esp] + shr edi,10 + add ebx,DWORD [80+esp] + mov esi,edx + xor edi,ecx + mov ecx,DWORD [8+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [12+esp] + xor edx,esi + mov DWORD [44+esp],ebx + xor ecx,edi + ror edx,5 + and ecx,esi + mov DWORD [4+esp],esi + xor edx,esi + add ebx,DWORD [16+esp] + xor edi,ecx + ror edx,6 + mov esi,ebp + add ebx,edi + ror esi,9 + mov ecx,ebp + mov edi,DWORD [24+esp] + xor esi,ebp + mov DWORD [20+esp],ebp + xor ebp,edi + ror esi,11 + and eax,ebp + lea edx,[883997877+edx*1+ebx] + xor esi,ecx + xor eax,edi + mov ecx,DWORD [52+esp] + ror esi,2 + add eax,edx + add edx,DWORD [esp] + add eax,esi + mov esi,DWORD [40+esp] + mov ebx,ecx + ror ecx,11 + mov edi,esi + ror esi,2 + xor ecx,ebx + shr ebx,3 + ror ecx,7 + xor esi,edi + xor ebx,ecx + ror esi,17 + add ebx,DWORD [48+esp] + shr edi,10 + add ebx,DWORD [84+esp] + mov ecx,edx + xor edi,esi + mov esi,DWORD [4+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [8+esp] + xor edx,ecx + mov DWORD [48+esp],ebx + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [esp],ecx + xor edx,ecx + add ebx,DWORD [12+esp] + xor edi,esi + ror edx,6 + mov ecx,eax + add ebx,edi + ror ecx,9 + mov esi,eax + mov edi,DWORD [20+esp] + xor ecx,eax + mov DWORD [16+esp],eax + xor eax,edi + ror ecx,11 + and ebp,eax + lea edx,[958139571+edx*1+ebx] + xor ecx,esi + xor ebp,edi + mov esi,DWORD [56+esp] + ror ecx,2 + add ebp,edx + add edx,DWORD [28+esp] + add ebp,ecx + mov ecx,DWORD [44+esp] + mov ebx,esi + ror esi,11 + mov edi,ecx + ror ecx,2 + xor esi,ebx + shr ebx,3 + ror esi,7 + xor ecx,edi + xor ebx,esi + ror ecx,17 + add ebx,DWORD [52+esp] + shr edi,10 + add ebx,DWORD [88+esp] + mov esi,edx + xor edi,ecx + mov ecx,DWORD [esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [4+esp] + xor edx,esi + mov DWORD [52+esp],ebx + xor ecx,edi + ror edx,5 + and ecx,esi + mov DWORD [28+esp],esi + xor edx,esi + add ebx,DWORD [8+esp] + xor edi,ecx + ror edx,6 + mov esi,ebp + add ebx,edi + ror esi,9 + mov ecx,ebp + mov edi,DWORD [16+esp] + xor esi,ebp + mov DWORD [12+esp],ebp + xor ebp,edi + ror esi,11 + and eax,ebp + lea edx,[1322822218+edx*1+ebx] + xor esi,ecx + xor eax,edi + mov ecx,DWORD [60+esp] + ror esi,2 + add eax,edx + add edx,DWORD [24+esp] + add eax,esi + mov esi,DWORD [48+esp] + mov ebx,ecx + ror ecx,11 + mov edi,esi + ror esi,2 + xor ecx,ebx + shr ebx,3 + ror ecx,7 + xor esi,edi + xor ebx,ecx + ror esi,17 + add ebx,DWORD [56+esp] + shr edi,10 + add ebx,DWORD [92+esp] + mov ecx,edx + xor edi,esi + mov esi,DWORD [28+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [esp] + xor edx,ecx + mov DWORD [56+esp],ebx + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [24+esp],ecx + xor edx,ecx + add ebx,DWORD [4+esp] + xor edi,esi + ror edx,6 + mov ecx,eax + add ebx,edi + ror ecx,9 + mov esi,eax + mov edi,DWORD [12+esp] + xor ecx,eax + mov DWORD [8+esp],eax + xor eax,edi + ror ecx,11 + and ebp,eax + lea edx,[1537002063+edx*1+ebx] + xor ecx,esi + xor ebp,edi + mov esi,DWORD [64+esp] + ror ecx,2 + add ebp,edx + add edx,DWORD [20+esp] + add ebp,ecx + mov ecx,DWORD [52+esp] + mov ebx,esi + ror esi,11 + mov edi,ecx + ror ecx,2 + xor esi,ebx + shr ebx,3 + ror esi,7 + xor ecx,edi + xor ebx,esi + ror ecx,17 + add ebx,DWORD [60+esp] + shr edi,10 + add ebx,DWORD [32+esp] + mov esi,edx + xor edi,ecx + mov ecx,DWORD [24+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [28+esp] + xor edx,esi + mov DWORD [60+esp],ebx + xor ecx,edi + ror edx,5 + and ecx,esi + mov DWORD [20+esp],esi + xor edx,esi + add ebx,DWORD [esp] + xor edi,ecx + ror edx,6 + mov esi,ebp + add ebx,edi + ror esi,9 + mov ecx,ebp + mov edi,DWORD [8+esp] + xor esi,ebp + mov DWORD [4+esp],ebp + xor ebp,edi + ror esi,11 + and eax,ebp + lea edx,[1747873779+edx*1+ebx] + xor esi,ecx + xor eax,edi + mov ecx,DWORD [68+esp] + ror esi,2 + add eax,edx + add edx,DWORD [16+esp] + add eax,esi + mov esi,DWORD [56+esp] + mov ebx,ecx + ror ecx,11 + mov edi,esi + ror esi,2 + xor ecx,ebx + shr ebx,3 + ror ecx,7 + xor esi,edi + xor ebx,ecx + ror esi,17 + add ebx,DWORD [64+esp] + shr edi,10 + add ebx,DWORD [36+esp] + mov ecx,edx + xor edi,esi + mov esi,DWORD [20+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [24+esp] + xor edx,ecx + mov DWORD [64+esp],ebx + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [16+esp],ecx + xor edx,ecx + add ebx,DWORD [28+esp] + xor edi,esi + ror edx,6 + mov ecx,eax + add ebx,edi + ror ecx,9 + mov esi,eax + mov edi,DWORD [4+esp] + xor ecx,eax + mov DWORD [esp],eax + xor eax,edi + ror ecx,11 + and ebp,eax + lea edx,[1955562222+edx*1+ebx] + xor ecx,esi + xor ebp,edi + mov esi,DWORD [72+esp] + ror ecx,2 + add ebp,edx + add edx,DWORD [12+esp] + add ebp,ecx + mov ecx,DWORD [60+esp] + mov ebx,esi + ror esi,11 + mov edi,ecx + ror ecx,2 + xor esi,ebx + shr ebx,3 + ror esi,7 + xor ecx,edi + xor ebx,esi + ror ecx,17 + add ebx,DWORD [68+esp] + shr edi,10 + add ebx,DWORD [40+esp] + mov esi,edx + xor edi,ecx + mov ecx,DWORD [16+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [20+esp] + xor edx,esi + mov DWORD [68+esp],ebx + xor ecx,edi + ror edx,5 + and ecx,esi + mov DWORD [12+esp],esi + xor edx,esi + add ebx,DWORD [24+esp] + xor edi,ecx + ror edx,6 + mov esi,ebp + add ebx,edi + ror esi,9 + mov ecx,ebp + mov edi,DWORD [esp] + xor esi,ebp + mov DWORD [28+esp],ebp + xor ebp,edi + ror esi,11 + and eax,ebp + lea edx,[2024104815+edx*1+ebx] + xor esi,ecx + xor eax,edi + mov ecx,DWORD [76+esp] + ror esi,2 + add eax,edx + add edx,DWORD [8+esp] + add eax,esi + mov esi,DWORD [64+esp] + mov ebx,ecx + ror ecx,11 + mov edi,esi + ror esi,2 + xor ecx,ebx + shr ebx,3 + ror ecx,7 + xor esi,edi + xor ebx,ecx + ror esi,17 + add ebx,DWORD [72+esp] + shr edi,10 + add ebx,DWORD [44+esp] + mov ecx,edx + xor edi,esi + mov esi,DWORD [12+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [16+esp] + xor edx,ecx + mov DWORD [72+esp],ebx + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [8+esp],ecx + xor edx,ecx + add ebx,DWORD [20+esp] + xor edi,esi + ror edx,6 + mov ecx,eax + add ebx,edi + ror ecx,9 + mov esi,eax + mov edi,DWORD [28+esp] + xor ecx,eax + mov DWORD [24+esp],eax + xor eax,edi + ror ecx,11 + and ebp,eax + lea edx,[2227730452+edx*1+ebx] + xor ecx,esi + xor ebp,edi + mov esi,DWORD [80+esp] + ror ecx,2 + add ebp,edx + add edx,DWORD [4+esp] + add ebp,ecx + mov ecx,DWORD [68+esp] + mov ebx,esi + ror esi,11 + mov edi,ecx + ror ecx,2 + xor esi,ebx + shr ebx,3 + ror esi,7 + xor ecx,edi + xor ebx,esi + ror ecx,17 + add ebx,DWORD [76+esp] + shr edi,10 + add ebx,DWORD [48+esp] + mov esi,edx + xor edi,ecx + mov ecx,DWORD [8+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [12+esp] + xor edx,esi + mov DWORD [76+esp],ebx + xor ecx,edi + ror edx,5 + and ecx,esi + mov DWORD [4+esp],esi + xor edx,esi + add ebx,DWORD [16+esp] + xor edi,ecx + ror edx,6 + mov esi,ebp + add ebx,edi + ror esi,9 + mov ecx,ebp + mov edi,DWORD [24+esp] + xor esi,ebp + mov DWORD [20+esp],ebp + xor ebp,edi + ror esi,11 + and eax,ebp + lea edx,[2361852424+edx*1+ebx] + xor esi,ecx + xor eax,edi + mov ecx,DWORD [84+esp] + ror esi,2 + add eax,edx + add edx,DWORD [esp] + add eax,esi + mov esi,DWORD [72+esp] + mov ebx,ecx + ror ecx,11 + mov edi,esi + ror esi,2 + xor ecx,ebx + shr ebx,3 + ror ecx,7 + xor esi,edi + xor ebx,ecx + ror esi,17 + add ebx,DWORD [80+esp] + shr edi,10 + add ebx,DWORD [52+esp] + mov ecx,edx + xor edi,esi + mov esi,DWORD [4+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [8+esp] + xor edx,ecx + mov DWORD [80+esp],ebx + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [esp],ecx + xor edx,ecx + add ebx,DWORD [12+esp] + xor edi,esi + ror edx,6 + mov ecx,eax + add ebx,edi + ror ecx,9 + mov esi,eax + mov edi,DWORD [20+esp] + xor ecx,eax + mov DWORD [16+esp],eax + xor eax,edi + ror ecx,11 + and ebp,eax + lea edx,[2428436474+edx*1+ebx] + xor ecx,esi + xor ebp,edi + mov esi,DWORD [88+esp] + ror ecx,2 + add ebp,edx + add edx,DWORD [28+esp] + add ebp,ecx + mov ecx,DWORD [76+esp] + mov ebx,esi + ror esi,11 + mov edi,ecx + ror ecx,2 + xor esi,ebx + shr ebx,3 + ror esi,7 + xor ecx,edi + xor ebx,esi + ror ecx,17 + add ebx,DWORD [84+esp] + shr edi,10 + add ebx,DWORD [56+esp] + mov esi,edx + xor edi,ecx + mov ecx,DWORD [esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [4+esp] + xor edx,esi + mov DWORD [84+esp],ebx + xor ecx,edi + ror edx,5 + and ecx,esi + mov DWORD [28+esp],esi + xor edx,esi + add ebx,DWORD [8+esp] + xor edi,ecx + ror edx,6 + mov esi,ebp + add ebx,edi + ror esi,9 + mov ecx,ebp + mov edi,DWORD [16+esp] + xor esi,ebp + mov DWORD [12+esp],ebp + xor ebp,edi + ror esi,11 + and eax,ebp + lea edx,[2756734187+edx*1+ebx] + xor esi,ecx + xor eax,edi + mov ecx,DWORD [92+esp] + ror esi,2 + add eax,edx + add edx,DWORD [24+esp] + add eax,esi + mov esi,DWORD [80+esp] + mov ebx,ecx + ror ecx,11 + mov edi,esi + ror esi,2 + xor ecx,ebx + shr ebx,3 + ror ecx,7 + xor esi,edi + xor ebx,ecx + ror esi,17 + add ebx,DWORD [88+esp] + shr edi,10 + add ebx,DWORD [60+esp] + mov ecx,edx + xor edi,esi + mov esi,DWORD [28+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [esp] + xor edx,ecx + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [24+esp],ecx + xor edx,ecx + add ebx,DWORD [4+esp] + xor edi,esi + ror edx,6 + mov ecx,eax + add ebx,edi + ror ecx,9 + mov esi,eax + mov edi,DWORD [12+esp] + xor ecx,eax + mov DWORD [8+esp],eax + xor eax,edi + ror ecx,11 + and ebp,eax + lea edx,[3204031479+edx*1+ebx] + xor ecx,esi + xor ebp,edi + mov esi,DWORD [32+esp] + ror ecx,2 + add ebp,edx + add edx,DWORD [20+esp] + add ebp,ecx + mov ecx,DWORD [84+esp] + mov ebx,esi + ror esi,11 + mov edi,ecx + ror ecx,2 + xor esi,ebx + shr ebx,3 + ror esi,7 + xor ecx,edi + xor ebx,esi + ror ecx,17 + add ebx,DWORD [92+esp] + shr edi,10 + add ebx,DWORD [64+esp] + mov esi,edx + xor edi,ecx + mov ecx,DWORD [24+esp] + ror edx,14 + add ebx,edi + mov edi,DWORD [28+esp] + xor edx,esi + xor ecx,edi + ror edx,5 + and ecx,esi + mov DWORD [20+esp],esi + xor edx,esi + add ebx,DWORD [esp] + xor edi,ecx + ror edx,6 + mov esi,ebp + add ebx,edi + ror esi,9 + mov ecx,ebp + mov edi,DWORD [8+esp] + xor esi,ebp + mov DWORD [4+esp],ebp + xor ebp,edi + ror esi,11 + and eax,ebp + lea edx,[3329325298+edx*1+ebx] + xor esi,ecx + xor eax,edi + ror esi,2 + add eax,edx + add edx,DWORD [16+esp] + add eax,esi + mov esi,DWORD [96+esp] + xor ebp,edi + mov ecx,DWORD [12+esp] + add eax,DWORD [esi] + add ebp,DWORD [4+esi] + add edi,DWORD [8+esi] + add ecx,DWORD [12+esi] + mov DWORD [esi],eax + mov DWORD [4+esi],ebp + mov DWORD [8+esi],edi + mov DWORD [12+esi],ecx + mov DWORD [4+esp],ebp + xor ebp,edi + mov DWORD [8+esp],edi + mov DWORD [12+esp],ecx + mov edi,DWORD [20+esp] + mov ebx,DWORD [24+esp] + mov ecx,DWORD [28+esp] + add edx,DWORD [16+esi] + add edi,DWORD [20+esi] + add ebx,DWORD [24+esi] + add ecx,DWORD [28+esi] + mov DWORD [16+esi],edx + mov DWORD [20+esi],edi + mov DWORD [24+esi],ebx + mov DWORD [28+esi],ecx + mov DWORD [20+esp],edi + mov edi,DWORD [100+esp] + mov DWORD [24+esp],ebx + mov DWORD [28+esp],ecx + cmp edi,DWORD [104+esp] + jb NEAR L$009grand_loop + mov esp,DWORD [108+esp] + pop edi + pop esi + pop ebx + pop ebp + ret +align 32 +L$004shaext: + sub esp,32 + movdqu xmm1,[esi] + lea ebp,[128+ebp] + movdqu xmm2,[16+esi] + movdqa xmm7,[128+ebp] + pshufd xmm0,xmm1,27 + pshufd xmm1,xmm1,177 + pshufd xmm2,xmm2,27 +db 102,15,58,15,202,8 + punpcklqdq xmm2,xmm0 + jmp NEAR L$010loop_shaext +align 16 +L$010loop_shaext: + movdqu xmm3,[edi] + movdqu xmm4,[16+edi] + movdqu xmm5,[32+edi] +db 102,15,56,0,223 + movdqu xmm6,[48+edi] + movdqa [16+esp],xmm2 + movdqa xmm0,[ebp-128] + paddd xmm0,xmm3 +db 102,15,56,0,231 +db 15,56,203,209 + pshufd xmm0,xmm0,14 + nop + movdqa [esp],xmm1 +db 15,56,203,202 + movdqa xmm0,[ebp-112] + paddd xmm0,xmm4 +db 102,15,56,0,239 +db 15,56,203,209 + pshufd xmm0,xmm0,14 + lea edi,[64+edi] +db 15,56,204,220 +db 15,56,203,202 + movdqa xmm0,[ebp-96] + paddd xmm0,xmm5 +db 102,15,56,0,247 +db 15,56,203,209 + pshufd xmm0,xmm0,14 + movdqa xmm7,xmm6 +db 102,15,58,15,253,4 + nop + paddd xmm3,xmm7 +db 15,56,204,229 +db 15,56,203,202 + movdqa xmm0,[ebp-80] + paddd xmm0,xmm6 +db 15,56,205,222 +db 15,56,203,209 + pshufd xmm0,xmm0,14 + movdqa xmm7,xmm3 +db 102,15,58,15,254,4 + nop + paddd xmm4,xmm7 +db 15,56,204,238 +db 15,56,203,202 + movdqa xmm0,[ebp-64] + paddd xmm0,xmm3 +db 15,56,205,227 +db 15,56,203,209 + pshufd xmm0,xmm0,14 + movdqa xmm7,xmm4 +db 102,15,58,15,251,4 + nop + paddd xmm5,xmm7 +db 15,56,204,243 +db 15,56,203,202 + movdqa xmm0,[ebp-48] + paddd xmm0,xmm4 +db 15,56,205,236 +db 15,56,203,209 + pshufd xmm0,xmm0,14 + movdqa xmm7,xmm5 +db 102,15,58,15,252,4 + nop + paddd xmm6,xmm7 +db 15,56,204,220 +db 15,56,203,202 + movdqa xmm0,[ebp-32] + paddd xmm0,xmm5 +db 15,56,205,245 +db 15,56,203,209 + pshufd xmm0,xmm0,14 + movdqa xmm7,xmm6 +db 102,15,58,15,253,4 + nop + paddd xmm3,xmm7 +db 15,56,204,229 +db 15,56,203,202 + movdqa xmm0,[ebp-16] + paddd xmm0,xmm6 +db 15,56,205,222 +db 15,56,203,209 + pshufd xmm0,xmm0,14 + movdqa xmm7,xmm3 +db 102,15,58,15,254,4 + nop + paddd xmm4,xmm7 +db 15,56,204,238 +db 15,56,203,202 + movdqa xmm0,[ebp] + paddd xmm0,xmm3 +db 15,56,205,227 +db 15,56,203,209 + pshufd xmm0,xmm0,14 + movdqa xmm7,xmm4 +db 102,15,58,15,251,4 + nop + paddd xmm5,xmm7 +db 15,56,204,243 +db 15,56,203,202 + movdqa xmm0,[16+ebp] + paddd xmm0,xmm4 +db 15,56,205,236 +db 15,56,203,209 + pshufd xmm0,xmm0,14 + movdqa xmm7,xmm5 +db 102,15,58,15,252,4 + nop + paddd xmm6,xmm7 +db 15,56,204,220 +db 15,56,203,202 + movdqa xmm0,[32+ebp] + paddd xmm0,xmm5 +db 15,56,205,245 +db 15,56,203,209 + pshufd xmm0,xmm0,14 + movdqa xmm7,xmm6 +db 102,15,58,15,253,4 + nop + paddd xmm3,xmm7 +db 15,56,204,229 +db 15,56,203,202 + movdqa xmm0,[48+ebp] + paddd xmm0,xmm6 +db 15,56,205,222 +db 15,56,203,209 + pshufd xmm0,xmm0,14 + movdqa xmm7,xmm3 +db 102,15,58,15,254,4 + nop + paddd xmm4,xmm7 +db 15,56,204,238 +db 15,56,203,202 + movdqa xmm0,[64+ebp] + paddd xmm0,xmm3 +db 15,56,205,227 +db 15,56,203,209 + pshufd xmm0,xmm0,14 + movdqa xmm7,xmm4 +db 102,15,58,15,251,4 + nop + paddd xmm5,xmm7 +db 15,56,204,243 +db 15,56,203,202 + movdqa xmm0,[80+ebp] + paddd xmm0,xmm4 +db 15,56,205,236 +db 15,56,203,209 + pshufd xmm0,xmm0,14 + movdqa xmm7,xmm5 +db 102,15,58,15,252,4 +db 15,56,203,202 + paddd xmm6,xmm7 + movdqa xmm0,[96+ebp] + paddd xmm0,xmm5 +db 15,56,203,209 + pshufd xmm0,xmm0,14 +db 15,56,205,245 + movdqa xmm7,[128+ebp] +db 15,56,203,202 + movdqa xmm0,[112+ebp] + paddd xmm0,xmm6 + nop +db 15,56,203,209 + pshufd xmm0,xmm0,14 + cmp eax,edi + nop +db 15,56,203,202 + paddd xmm2,[16+esp] + paddd xmm1,[esp] + jnz NEAR L$010loop_shaext + pshufd xmm2,xmm2,177 + pshufd xmm7,xmm1,27 + pshufd xmm1,xmm1,177 + punpckhqdq xmm1,xmm2 +db 102,15,58,15,215,8 + mov esp,DWORD [44+esp] + movdqu [esi],xmm1 + movdqu [16+esi],xmm2 + pop edi + pop esi + pop ebx + pop ebp + ret +align 32 +L$005SSSE3: + lea esp,[esp-96] + mov eax,DWORD [esi] + mov ebx,DWORD [4+esi] + mov ecx,DWORD [8+esi] + mov edi,DWORD [12+esi] + mov DWORD [4+esp],ebx + xor ebx,ecx + mov DWORD [8+esp],ecx + mov DWORD [12+esp],edi + mov edx,DWORD [16+esi] + mov edi,DWORD [20+esi] + mov ecx,DWORD [24+esi] + mov esi,DWORD [28+esi] + mov DWORD [20+esp],edi + mov edi,DWORD [100+esp] + mov DWORD [24+esp],ecx + mov DWORD [28+esp],esi + movdqa xmm7,[256+ebp] + jmp NEAR L$011grand_ssse3 +align 16 +L$011grand_ssse3: + movdqu xmm0,[edi] + movdqu xmm1,[16+edi] + movdqu xmm2,[32+edi] + movdqu xmm3,[48+edi] + add edi,64 +db 102,15,56,0,199 + mov DWORD [100+esp],edi +db 102,15,56,0,207 + movdqa xmm4,[ebp] +db 102,15,56,0,215 + movdqa xmm5,[16+ebp] + paddd xmm4,xmm0 +db 102,15,56,0,223 + movdqa xmm6,[32+ebp] + paddd xmm5,xmm1 + movdqa xmm7,[48+ebp] + movdqa [32+esp],xmm4 + paddd xmm6,xmm2 + movdqa [48+esp],xmm5 + paddd xmm7,xmm3 + movdqa [64+esp],xmm6 + movdqa [80+esp],xmm7 + jmp NEAR L$012ssse3_00_47 +align 16 +L$012ssse3_00_47: + add ebp,64 + mov ecx,edx + movdqa xmm4,xmm1 + ror edx,14 + mov esi,DWORD [20+esp] + movdqa xmm7,xmm3 + xor edx,ecx + mov edi,DWORD [24+esp] +db 102,15,58,15,224,4 + xor esi,edi + ror edx,5 + and esi,ecx +db 102,15,58,15,250,4 + mov DWORD [16+esp],ecx + xor edx,ecx + xor edi,esi + movdqa xmm5,xmm4 + ror edx,6 + mov ecx,eax + movdqa xmm6,xmm4 + add edx,edi + mov edi,DWORD [4+esp] + psrld xmm4,3 + mov esi,eax + ror ecx,9 + paddd xmm0,xmm7 + mov DWORD [esp],eax + xor ecx,eax + psrld xmm6,7 + xor eax,edi + add edx,DWORD [28+esp] + ror ecx,11 + and ebx,eax + pshufd xmm7,xmm3,250 + xor ecx,esi + add edx,DWORD [32+esp] + pslld xmm5,14 + xor ebx,edi + ror ecx,2 + pxor xmm4,xmm6 + add ebx,edx + add edx,DWORD [12+esp] + psrld xmm6,11 + add ebx,ecx + mov ecx,edx + ror edx,14 + pxor xmm4,xmm5 + mov esi,DWORD [16+esp] + xor edx,ecx + pslld xmm5,11 + mov edi,DWORD [20+esp] + xor esi,edi + ror edx,5 + pxor xmm4,xmm6 + and esi,ecx + mov DWORD [12+esp],ecx + movdqa xmm6,xmm7 + xor edx,ecx + xor edi,esi + ror edx,6 + pxor xmm4,xmm5 + mov ecx,ebx + add edx,edi + psrld xmm7,10 + mov edi,DWORD [esp] + mov esi,ebx + ror ecx,9 + paddd xmm0,xmm4 + mov DWORD [28+esp],ebx + xor ecx,ebx + psrlq xmm6,17 + xor ebx,edi + add edx,DWORD [24+esp] + ror ecx,11 + pxor xmm7,xmm6 + and eax,ebx + xor ecx,esi + psrlq xmm6,2 + add edx,DWORD [36+esp] + xor eax,edi + ror ecx,2 + pxor xmm7,xmm6 + add eax,edx + add edx,DWORD [8+esp] + pshufd xmm7,xmm7,128 + add eax,ecx + mov ecx,edx + ror edx,14 + mov esi,DWORD [12+esp] + xor edx,ecx + mov edi,DWORD [16+esp] + xor esi,edi + ror edx,5 + and esi,ecx + psrldq xmm7,8 + mov DWORD [8+esp],ecx + xor edx,ecx + xor edi,esi + paddd xmm0,xmm7 + ror edx,6 + mov ecx,eax + add edx,edi + mov edi,DWORD [28+esp] + mov esi,eax + ror ecx,9 + mov DWORD [24+esp],eax + pshufd xmm7,xmm0,80 + xor ecx,eax + xor eax,edi + add edx,DWORD [20+esp] + movdqa xmm6,xmm7 + ror ecx,11 + psrld xmm7,10 + and ebx,eax + psrlq xmm6,17 + xor ecx,esi + add edx,DWORD [40+esp] + xor ebx,edi + ror ecx,2 + pxor xmm7,xmm6 + add ebx,edx + add edx,DWORD [4+esp] + psrlq xmm6,2 + add ebx,ecx + mov ecx,edx + ror edx,14 + pxor xmm7,xmm6 + mov esi,DWORD [8+esp] + xor edx,ecx + mov edi,DWORD [12+esp] + pshufd xmm7,xmm7,8 + xor esi,edi + ror edx,5 + movdqa xmm6,[ebp] + and esi,ecx + mov DWORD [4+esp],ecx + pslldq xmm7,8 + xor edx,ecx + xor edi,esi + ror edx,6 + mov ecx,ebx + add edx,edi + mov edi,DWORD [24+esp] + mov esi,ebx + ror ecx,9 + paddd xmm0,xmm7 + mov DWORD [20+esp],ebx + xor ecx,ebx + xor ebx,edi + add edx,DWORD [16+esp] + paddd xmm6,xmm0 + ror ecx,11 + and eax,ebx + xor ecx,esi + add edx,DWORD [44+esp] + xor eax,edi + ror ecx,2 + add eax,edx + add edx,DWORD [esp] + add eax,ecx + movdqa [32+esp],xmm6 + mov ecx,edx + movdqa xmm4,xmm2 + ror edx,14 + mov esi,DWORD [4+esp] + movdqa xmm7,xmm0 + xor edx,ecx + mov edi,DWORD [8+esp] +db 102,15,58,15,225,4 + xor esi,edi + ror edx,5 + and esi,ecx +db 102,15,58,15,251,4 + mov DWORD [esp],ecx + xor edx,ecx + xor edi,esi + movdqa xmm5,xmm4 + ror edx,6 + mov ecx,eax + movdqa xmm6,xmm4 + add edx,edi + mov edi,DWORD [20+esp] + psrld xmm4,3 + mov esi,eax + ror ecx,9 + paddd xmm1,xmm7 + mov DWORD [16+esp],eax + xor ecx,eax + psrld xmm6,7 + xor eax,edi + add edx,DWORD [12+esp] + ror ecx,11 + and ebx,eax + pshufd xmm7,xmm0,250 + xor ecx,esi + add edx,DWORD [48+esp] + pslld xmm5,14 + xor ebx,edi + ror ecx,2 + pxor xmm4,xmm6 + add ebx,edx + add edx,DWORD [28+esp] + psrld xmm6,11 + add ebx,ecx + mov ecx,edx + ror edx,14 + pxor xmm4,xmm5 + mov esi,DWORD [esp] + xor edx,ecx + pslld xmm5,11 + mov edi,DWORD [4+esp] + xor esi,edi + ror edx,5 + pxor xmm4,xmm6 + and esi,ecx + mov DWORD [28+esp],ecx + movdqa xmm6,xmm7 + xor edx,ecx + xor edi,esi + ror edx,6 + pxor xmm4,xmm5 + mov ecx,ebx + add edx,edi + psrld xmm7,10 + mov edi,DWORD [16+esp] + mov esi,ebx + ror ecx,9 + paddd xmm1,xmm4 + mov DWORD [12+esp],ebx + xor ecx,ebx + psrlq xmm6,17 + xor ebx,edi + add edx,DWORD [8+esp] + ror ecx,11 + pxor xmm7,xmm6 + and eax,ebx + xor ecx,esi + psrlq xmm6,2 + add edx,DWORD [52+esp] + xor eax,edi + ror ecx,2 + pxor xmm7,xmm6 + add eax,edx + add edx,DWORD [24+esp] + pshufd xmm7,xmm7,128 + add eax,ecx + mov ecx,edx + ror edx,14 + mov esi,DWORD [28+esp] + xor edx,ecx + mov edi,DWORD [esp] + xor esi,edi + ror edx,5 + and esi,ecx + psrldq xmm7,8 + mov DWORD [24+esp],ecx + xor edx,ecx + xor edi,esi + paddd xmm1,xmm7 + ror edx,6 + mov ecx,eax + add edx,edi + mov edi,DWORD [12+esp] + mov esi,eax + ror ecx,9 + mov DWORD [8+esp],eax + pshufd xmm7,xmm1,80 + xor ecx,eax + xor eax,edi + add edx,DWORD [4+esp] + movdqa xmm6,xmm7 + ror ecx,11 + psrld xmm7,10 + and ebx,eax + psrlq xmm6,17 + xor ecx,esi + add edx,DWORD [56+esp] + xor ebx,edi + ror ecx,2 + pxor xmm7,xmm6 + add ebx,edx + add edx,DWORD [20+esp] + psrlq xmm6,2 + add ebx,ecx + mov ecx,edx + ror edx,14 + pxor xmm7,xmm6 + mov esi,DWORD [24+esp] + xor edx,ecx + mov edi,DWORD [28+esp] + pshufd xmm7,xmm7,8 + xor esi,edi + ror edx,5 + movdqa xmm6,[16+ebp] + and esi,ecx + mov DWORD [20+esp],ecx + pslldq xmm7,8 + xor edx,ecx + xor edi,esi + ror edx,6 + mov ecx,ebx + add edx,edi + mov edi,DWORD [8+esp] + mov esi,ebx + ror ecx,9 + paddd xmm1,xmm7 + mov DWORD [4+esp],ebx + xor ecx,ebx + xor ebx,edi + add edx,DWORD [esp] + paddd xmm6,xmm1 + ror ecx,11 + and eax,ebx + xor ecx,esi + add edx,DWORD [60+esp] + xor eax,edi + ror ecx,2 + add eax,edx + add edx,DWORD [16+esp] + add eax,ecx + movdqa [48+esp],xmm6 + mov ecx,edx + movdqa xmm4,xmm3 + ror edx,14 + mov esi,DWORD [20+esp] + movdqa xmm7,xmm1 + xor edx,ecx + mov edi,DWORD [24+esp] +db 102,15,58,15,226,4 + xor esi,edi + ror edx,5 + and esi,ecx +db 102,15,58,15,248,4 + mov DWORD [16+esp],ecx + xor edx,ecx + xor edi,esi + movdqa xmm5,xmm4 + ror edx,6 + mov ecx,eax + movdqa xmm6,xmm4 + add edx,edi + mov edi,DWORD [4+esp] + psrld xmm4,3 + mov esi,eax + ror ecx,9 + paddd xmm2,xmm7 + mov DWORD [esp],eax + xor ecx,eax + psrld xmm6,7 + xor eax,edi + add edx,DWORD [28+esp] + ror ecx,11 + and ebx,eax + pshufd xmm7,xmm1,250 + xor ecx,esi + add edx,DWORD [64+esp] + pslld xmm5,14 + xor ebx,edi + ror ecx,2 + pxor xmm4,xmm6 + add ebx,edx + add edx,DWORD [12+esp] + psrld xmm6,11 + add ebx,ecx + mov ecx,edx + ror edx,14 + pxor xmm4,xmm5 + mov esi,DWORD [16+esp] + xor edx,ecx + pslld xmm5,11 + mov edi,DWORD [20+esp] + xor esi,edi + ror edx,5 + pxor xmm4,xmm6 + and esi,ecx + mov DWORD [12+esp],ecx + movdqa xmm6,xmm7 + xor edx,ecx + xor edi,esi + ror edx,6 + pxor xmm4,xmm5 + mov ecx,ebx + add edx,edi + psrld xmm7,10 + mov edi,DWORD [esp] + mov esi,ebx + ror ecx,9 + paddd xmm2,xmm4 + mov DWORD [28+esp],ebx + xor ecx,ebx + psrlq xmm6,17 + xor ebx,edi + add edx,DWORD [24+esp] + ror ecx,11 + pxor xmm7,xmm6 + and eax,ebx + xor ecx,esi + psrlq xmm6,2 + add edx,DWORD [68+esp] + xor eax,edi + ror ecx,2 + pxor xmm7,xmm6 + add eax,edx + add edx,DWORD [8+esp] + pshufd xmm7,xmm7,128 + add eax,ecx + mov ecx,edx + ror edx,14 + mov esi,DWORD [12+esp] + xor edx,ecx + mov edi,DWORD [16+esp] + xor esi,edi + ror edx,5 + and esi,ecx + psrldq xmm7,8 + mov DWORD [8+esp],ecx + xor edx,ecx + xor edi,esi + paddd xmm2,xmm7 + ror edx,6 + mov ecx,eax + add edx,edi + mov edi,DWORD [28+esp] + mov esi,eax + ror ecx,9 + mov DWORD [24+esp],eax + pshufd xmm7,xmm2,80 + xor ecx,eax + xor eax,edi + add edx,DWORD [20+esp] + movdqa xmm6,xmm7 + ror ecx,11 + psrld xmm7,10 + and ebx,eax + psrlq xmm6,17 + xor ecx,esi + add edx,DWORD [72+esp] + xor ebx,edi + ror ecx,2 + pxor xmm7,xmm6 + add ebx,edx + add edx,DWORD [4+esp] + psrlq xmm6,2 + add ebx,ecx + mov ecx,edx + ror edx,14 + pxor xmm7,xmm6 + mov esi,DWORD [8+esp] + xor edx,ecx + mov edi,DWORD [12+esp] + pshufd xmm7,xmm7,8 + xor esi,edi + ror edx,5 + movdqa xmm6,[32+ebp] + and esi,ecx + mov DWORD [4+esp],ecx + pslldq xmm7,8 + xor edx,ecx + xor edi,esi + ror edx,6 + mov ecx,ebx + add edx,edi + mov edi,DWORD [24+esp] + mov esi,ebx + ror ecx,9 + paddd xmm2,xmm7 + mov DWORD [20+esp],ebx + xor ecx,ebx + xor ebx,edi + add edx,DWORD [16+esp] + paddd xmm6,xmm2 + ror ecx,11 + and eax,ebx + xor ecx,esi + add edx,DWORD [76+esp] + xor eax,edi + ror ecx,2 + add eax,edx + add edx,DWORD [esp] + add eax,ecx + movdqa [64+esp],xmm6 + mov ecx,edx + movdqa xmm4,xmm0 + ror edx,14 + mov esi,DWORD [4+esp] + movdqa xmm7,xmm2 + xor edx,ecx + mov edi,DWORD [8+esp] +db 102,15,58,15,227,4 + xor esi,edi + ror edx,5 + and esi,ecx +db 102,15,58,15,249,4 + mov DWORD [esp],ecx + xor edx,ecx + xor edi,esi + movdqa xmm5,xmm4 + ror edx,6 + mov ecx,eax + movdqa xmm6,xmm4 + add edx,edi + mov edi,DWORD [20+esp] + psrld xmm4,3 + mov esi,eax + ror ecx,9 + paddd xmm3,xmm7 + mov DWORD [16+esp],eax + xor ecx,eax + psrld xmm6,7 + xor eax,edi + add edx,DWORD [12+esp] + ror ecx,11 + and ebx,eax + pshufd xmm7,xmm2,250 + xor ecx,esi + add edx,DWORD [80+esp] + pslld xmm5,14 + xor ebx,edi + ror ecx,2 + pxor xmm4,xmm6 + add ebx,edx + add edx,DWORD [28+esp] + psrld xmm6,11 + add ebx,ecx + mov ecx,edx + ror edx,14 + pxor xmm4,xmm5 + mov esi,DWORD [esp] + xor edx,ecx + pslld xmm5,11 + mov edi,DWORD [4+esp] + xor esi,edi + ror edx,5 + pxor xmm4,xmm6 + and esi,ecx + mov DWORD [28+esp],ecx + movdqa xmm6,xmm7 + xor edx,ecx + xor edi,esi + ror edx,6 + pxor xmm4,xmm5 + mov ecx,ebx + add edx,edi + psrld xmm7,10 + mov edi,DWORD [16+esp] + mov esi,ebx + ror ecx,9 + paddd xmm3,xmm4 + mov DWORD [12+esp],ebx + xor ecx,ebx + psrlq xmm6,17 + xor ebx,edi + add edx,DWORD [8+esp] + ror ecx,11 + pxor xmm7,xmm6 + and eax,ebx + xor ecx,esi + psrlq xmm6,2 + add edx,DWORD [84+esp] + xor eax,edi + ror ecx,2 + pxor xmm7,xmm6 + add eax,edx + add edx,DWORD [24+esp] + pshufd xmm7,xmm7,128 + add eax,ecx + mov ecx,edx + ror edx,14 + mov esi,DWORD [28+esp] + xor edx,ecx + mov edi,DWORD [esp] + xor esi,edi + ror edx,5 + and esi,ecx + psrldq xmm7,8 + mov DWORD [24+esp],ecx + xor edx,ecx + xor edi,esi + paddd xmm3,xmm7 + ror edx,6 + mov ecx,eax + add edx,edi + mov edi,DWORD [12+esp] + mov esi,eax + ror ecx,9 + mov DWORD [8+esp],eax + pshufd xmm7,xmm3,80 + xor ecx,eax + xor eax,edi + add edx,DWORD [4+esp] + movdqa xmm6,xmm7 + ror ecx,11 + psrld xmm7,10 + and ebx,eax + psrlq xmm6,17 + xor ecx,esi + add edx,DWORD [88+esp] + xor ebx,edi + ror ecx,2 + pxor xmm7,xmm6 + add ebx,edx + add edx,DWORD [20+esp] + psrlq xmm6,2 + add ebx,ecx + mov ecx,edx + ror edx,14 + pxor xmm7,xmm6 + mov esi,DWORD [24+esp] + xor edx,ecx + mov edi,DWORD [28+esp] + pshufd xmm7,xmm7,8 + xor esi,edi + ror edx,5 + movdqa xmm6,[48+ebp] + and esi,ecx + mov DWORD [20+esp],ecx + pslldq xmm7,8 + xor edx,ecx + xor edi,esi + ror edx,6 + mov ecx,ebx + add edx,edi + mov edi,DWORD [8+esp] + mov esi,ebx + ror ecx,9 + paddd xmm3,xmm7 + mov DWORD [4+esp],ebx + xor ecx,ebx + xor ebx,edi + add edx,DWORD [esp] + paddd xmm6,xmm3 + ror ecx,11 + and eax,ebx + xor ecx,esi + add edx,DWORD [92+esp] + xor eax,edi + ror ecx,2 + add eax,edx + add edx,DWORD [16+esp] + add eax,ecx + movdqa [80+esp],xmm6 + cmp DWORD [64+ebp],66051 + jne NEAR L$012ssse3_00_47 + mov ecx,edx + ror edx,14 + mov esi,DWORD [20+esp] + xor edx,ecx + mov edi,DWORD [24+esp] + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [16+esp],ecx + xor edx,ecx + xor edi,esi + ror edx,6 + mov ecx,eax + add edx,edi + mov edi,DWORD [4+esp] + mov esi,eax + ror ecx,9 + mov DWORD [esp],eax + xor ecx,eax + xor eax,edi + add edx,DWORD [28+esp] + ror ecx,11 + and ebx,eax + xor ecx,esi + add edx,DWORD [32+esp] + xor ebx,edi + ror ecx,2 + add ebx,edx + add edx,DWORD [12+esp] + add ebx,ecx + mov ecx,edx + ror edx,14 + mov esi,DWORD [16+esp] + xor edx,ecx + mov edi,DWORD [20+esp] + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [12+esp],ecx + xor edx,ecx + xor edi,esi + ror edx,6 + mov ecx,ebx + add edx,edi + mov edi,DWORD [esp] + mov esi,ebx + ror ecx,9 + mov DWORD [28+esp],ebx + xor ecx,ebx + xor ebx,edi + add edx,DWORD [24+esp] + ror ecx,11 + and eax,ebx + xor ecx,esi + add edx,DWORD [36+esp] + xor eax,edi + ror ecx,2 + add eax,edx + add edx,DWORD [8+esp] + add eax,ecx + mov ecx,edx + ror edx,14 + mov esi,DWORD [12+esp] + xor edx,ecx + mov edi,DWORD [16+esp] + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [8+esp],ecx + xor edx,ecx + xor edi,esi + ror edx,6 + mov ecx,eax + add edx,edi + mov edi,DWORD [28+esp] + mov esi,eax + ror ecx,9 + mov DWORD [24+esp],eax + xor ecx,eax + xor eax,edi + add edx,DWORD [20+esp] + ror ecx,11 + and ebx,eax + xor ecx,esi + add edx,DWORD [40+esp] + xor ebx,edi + ror ecx,2 + add ebx,edx + add edx,DWORD [4+esp] + add ebx,ecx + mov ecx,edx + ror edx,14 + mov esi,DWORD [8+esp] + xor edx,ecx + mov edi,DWORD [12+esp] + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [4+esp],ecx + xor edx,ecx + xor edi,esi + ror edx,6 + mov ecx,ebx + add edx,edi + mov edi,DWORD [24+esp] + mov esi,ebx + ror ecx,9 + mov DWORD [20+esp],ebx + xor ecx,ebx + xor ebx,edi + add edx,DWORD [16+esp] + ror ecx,11 + and eax,ebx + xor ecx,esi + add edx,DWORD [44+esp] + xor eax,edi + ror ecx,2 + add eax,edx + add edx,DWORD [esp] + add eax,ecx + mov ecx,edx + ror edx,14 + mov esi,DWORD [4+esp] + xor edx,ecx + mov edi,DWORD [8+esp] + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [esp],ecx + xor edx,ecx + xor edi,esi + ror edx,6 + mov ecx,eax + add edx,edi + mov edi,DWORD [20+esp] + mov esi,eax + ror ecx,9 + mov DWORD [16+esp],eax + xor ecx,eax + xor eax,edi + add edx,DWORD [12+esp] + ror ecx,11 + and ebx,eax + xor ecx,esi + add edx,DWORD [48+esp] + xor ebx,edi + ror ecx,2 + add ebx,edx + add edx,DWORD [28+esp] + add ebx,ecx + mov ecx,edx + ror edx,14 + mov esi,DWORD [esp] + xor edx,ecx + mov edi,DWORD [4+esp] + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [28+esp],ecx + xor edx,ecx + xor edi,esi + ror edx,6 + mov ecx,ebx + add edx,edi + mov edi,DWORD [16+esp] + mov esi,ebx + ror ecx,9 + mov DWORD [12+esp],ebx + xor ecx,ebx + xor ebx,edi + add edx,DWORD [8+esp] + ror ecx,11 + and eax,ebx + xor ecx,esi + add edx,DWORD [52+esp] + xor eax,edi + ror ecx,2 + add eax,edx + add edx,DWORD [24+esp] + add eax,ecx + mov ecx,edx + ror edx,14 + mov esi,DWORD [28+esp] + xor edx,ecx + mov edi,DWORD [esp] + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [24+esp],ecx + xor edx,ecx + xor edi,esi + ror edx,6 + mov ecx,eax + add edx,edi + mov edi,DWORD [12+esp] + mov esi,eax + ror ecx,9 + mov DWORD [8+esp],eax + xor ecx,eax + xor eax,edi + add edx,DWORD [4+esp] + ror ecx,11 + and ebx,eax + xor ecx,esi + add edx,DWORD [56+esp] + xor ebx,edi + ror ecx,2 + add ebx,edx + add edx,DWORD [20+esp] + add ebx,ecx + mov ecx,edx + ror edx,14 + mov esi,DWORD [24+esp] + xor edx,ecx + mov edi,DWORD [28+esp] + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [20+esp],ecx + xor edx,ecx + xor edi,esi + ror edx,6 + mov ecx,ebx + add edx,edi + mov edi,DWORD [8+esp] + mov esi,ebx + ror ecx,9 + mov DWORD [4+esp],ebx + xor ecx,ebx + xor ebx,edi + add edx,DWORD [esp] + ror ecx,11 + and eax,ebx + xor ecx,esi + add edx,DWORD [60+esp] + xor eax,edi + ror ecx,2 + add eax,edx + add edx,DWORD [16+esp] + add eax,ecx + mov ecx,edx + ror edx,14 + mov esi,DWORD [20+esp] + xor edx,ecx + mov edi,DWORD [24+esp] + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [16+esp],ecx + xor edx,ecx + xor edi,esi + ror edx,6 + mov ecx,eax + add edx,edi + mov edi,DWORD [4+esp] + mov esi,eax + ror ecx,9 + mov DWORD [esp],eax + xor ecx,eax + xor eax,edi + add edx,DWORD [28+esp] + ror ecx,11 + and ebx,eax + xor ecx,esi + add edx,DWORD [64+esp] + xor ebx,edi + ror ecx,2 + add ebx,edx + add edx,DWORD [12+esp] + add ebx,ecx + mov ecx,edx + ror edx,14 + mov esi,DWORD [16+esp] + xor edx,ecx + mov edi,DWORD [20+esp] + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [12+esp],ecx + xor edx,ecx + xor edi,esi + ror edx,6 + mov ecx,ebx + add edx,edi + mov edi,DWORD [esp] + mov esi,ebx + ror ecx,9 + mov DWORD [28+esp],ebx + xor ecx,ebx + xor ebx,edi + add edx,DWORD [24+esp] + ror ecx,11 + and eax,ebx + xor ecx,esi + add edx,DWORD [68+esp] + xor eax,edi + ror ecx,2 + add eax,edx + add edx,DWORD [8+esp] + add eax,ecx + mov ecx,edx + ror edx,14 + mov esi,DWORD [12+esp] + xor edx,ecx + mov edi,DWORD [16+esp] + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [8+esp],ecx + xor edx,ecx + xor edi,esi + ror edx,6 + mov ecx,eax + add edx,edi + mov edi,DWORD [28+esp] + mov esi,eax + ror ecx,9 + mov DWORD [24+esp],eax + xor ecx,eax + xor eax,edi + add edx,DWORD [20+esp] + ror ecx,11 + and ebx,eax + xor ecx,esi + add edx,DWORD [72+esp] + xor ebx,edi + ror ecx,2 + add ebx,edx + add edx,DWORD [4+esp] + add ebx,ecx + mov ecx,edx + ror edx,14 + mov esi,DWORD [8+esp] + xor edx,ecx + mov edi,DWORD [12+esp] + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [4+esp],ecx + xor edx,ecx + xor edi,esi + ror edx,6 + mov ecx,ebx + add edx,edi + mov edi,DWORD [24+esp] + mov esi,ebx + ror ecx,9 + mov DWORD [20+esp],ebx + xor ecx,ebx + xor ebx,edi + add edx,DWORD [16+esp] + ror ecx,11 + and eax,ebx + xor ecx,esi + add edx,DWORD [76+esp] + xor eax,edi + ror ecx,2 + add eax,edx + add edx,DWORD [esp] + add eax,ecx + mov ecx,edx + ror edx,14 + mov esi,DWORD [4+esp] + xor edx,ecx + mov edi,DWORD [8+esp] + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [esp],ecx + xor edx,ecx + xor edi,esi + ror edx,6 + mov ecx,eax + add edx,edi + mov edi,DWORD [20+esp] + mov esi,eax + ror ecx,9 + mov DWORD [16+esp],eax + xor ecx,eax + xor eax,edi + add edx,DWORD [12+esp] + ror ecx,11 + and ebx,eax + xor ecx,esi + add edx,DWORD [80+esp] + xor ebx,edi + ror ecx,2 + add ebx,edx + add edx,DWORD [28+esp] + add ebx,ecx + mov ecx,edx + ror edx,14 + mov esi,DWORD [esp] + xor edx,ecx + mov edi,DWORD [4+esp] + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [28+esp],ecx + xor edx,ecx + xor edi,esi + ror edx,6 + mov ecx,ebx + add edx,edi + mov edi,DWORD [16+esp] + mov esi,ebx + ror ecx,9 + mov DWORD [12+esp],ebx + xor ecx,ebx + xor ebx,edi + add edx,DWORD [8+esp] + ror ecx,11 + and eax,ebx + xor ecx,esi + add edx,DWORD [84+esp] + xor eax,edi + ror ecx,2 + add eax,edx + add edx,DWORD [24+esp] + add eax,ecx + mov ecx,edx + ror edx,14 + mov esi,DWORD [28+esp] + xor edx,ecx + mov edi,DWORD [esp] + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [24+esp],ecx + xor edx,ecx + xor edi,esi + ror edx,6 + mov ecx,eax + add edx,edi + mov edi,DWORD [12+esp] + mov esi,eax + ror ecx,9 + mov DWORD [8+esp],eax + xor ecx,eax + xor eax,edi + add edx,DWORD [4+esp] + ror ecx,11 + and ebx,eax + xor ecx,esi + add edx,DWORD [88+esp] + xor ebx,edi + ror ecx,2 + add ebx,edx + add edx,DWORD [20+esp] + add ebx,ecx + mov ecx,edx + ror edx,14 + mov esi,DWORD [24+esp] + xor edx,ecx + mov edi,DWORD [28+esp] + xor esi,edi + ror edx,5 + and esi,ecx + mov DWORD [20+esp],ecx + xor edx,ecx + xor edi,esi + ror edx,6 + mov ecx,ebx + add edx,edi + mov edi,DWORD [8+esp] + mov esi,ebx + ror ecx,9 + mov DWORD [4+esp],ebx + xor ecx,ebx + xor ebx,edi + add edx,DWORD [esp] + ror ecx,11 + and eax,ebx + xor ecx,esi + add edx,DWORD [92+esp] + xor eax,edi + ror ecx,2 + add eax,edx + add edx,DWORD [16+esp] + add eax,ecx + mov esi,DWORD [96+esp] + xor ebx,edi + mov ecx,DWORD [12+esp] + add eax,DWORD [esi] + add ebx,DWORD [4+esi] + add edi,DWORD [8+esi] + add ecx,DWORD [12+esi] + mov DWORD [esi],eax + mov DWORD [4+esi],ebx + mov DWORD [8+esi],edi + mov DWORD [12+esi],ecx + mov DWORD [4+esp],ebx + xor ebx,edi + mov DWORD [8+esp],edi + mov DWORD [12+esp],ecx + mov edi,DWORD [20+esp] + mov ecx,DWORD [24+esp] + add edx,DWORD [16+esi] + add edi,DWORD [20+esi] + add ecx,DWORD [24+esi] + mov DWORD [16+esi],edx + mov DWORD [20+esi],edi + mov DWORD [20+esp],edi + mov edi,DWORD [28+esp] + mov DWORD [24+esi],ecx + add edi,DWORD [28+esi] + mov DWORD [24+esp],ecx + mov DWORD [28+esi],edi + mov DWORD [28+esp],edi + mov edi,DWORD [100+esp] + movdqa xmm7,[64+ebp] + sub ebp,192 + cmp edi,DWORD [104+esp] + jb NEAR L$011grand_ssse3 + mov esp,DWORD [108+esp] + pop edi + pop esi + pop ebx + pop ebp + ret +segment .bss +common _OPENSSL_ia32cap_P 16 diff --git a/win-x86/crypto/sha/sha512-586.asm b/win-x86/crypto/sha/sha512-586.asm new file mode 100644 index 0000000..88ed0b3 --- /dev/null +++ b/win-x86/crypto/sha/sha512-586.asm @@ -0,0 +1,2843 @@ +%ifidn __OUTPUT_FORMAT__,obj +section code use32 class=code align=64 +%elifidn __OUTPUT_FORMAT__,win32 +%ifdef __YASM_VERSION_ID__ +%if __YASM_VERSION_ID__ < 01010000h +%error yasm version 1.1.0 or later needed. +%endif +; Yasm automatically includes .00 and complains about redefining it. +; https://www.tortall.net/projects/yasm/manual/html/objfmt-win32-safeseh.html +%else +$@feat.00 equ 1 +%endif +section .text code align=64 +%else +section .text code +%endif +;extern _OPENSSL_ia32cap_P +global _sha512_block_data_order +align 16 +_sha512_block_data_order: +L$_sha512_block_data_order_begin: + push ebp + push ebx + push esi + push edi + mov esi,DWORD [20+esp] + mov edi,DWORD [24+esp] + mov eax,DWORD [28+esp] + mov ebx,esp + call L$000pic_point +L$000pic_point: + pop ebp + lea ebp,[(L$001K512-L$000pic_point)+ebp] + sub esp,16 + and esp,-64 + shl eax,7 + add eax,edi + mov DWORD [esp],esi + mov DWORD [4+esp],edi + mov DWORD [8+esp],eax + mov DWORD [12+esp],ebx + lea edx,[_OPENSSL_ia32cap_P] + mov ecx,DWORD [edx] + test ecx,67108864 + jz NEAR L$002loop_x86 + mov edx,DWORD [4+edx] + movq mm0,[esi] + and ecx,16777216 + movq mm1,[8+esi] + and edx,512 + movq mm2,[16+esi] + or ecx,edx + movq mm3,[24+esi] + movq mm4,[32+esi] + movq mm5,[40+esi] + movq mm6,[48+esi] + movq mm7,[56+esi] + cmp ecx,16777728 + je NEAR L$003SSSE3 + sub esp,80 + jmp NEAR L$004loop_sse2 +align 16 +L$004loop_sse2: + movq [8+esp],mm1 + movq [16+esp],mm2 + movq [24+esp],mm3 + movq [40+esp],mm5 + movq [48+esp],mm6 + pxor mm2,mm1 + movq [56+esp],mm7 + movq mm3,mm0 + mov eax,DWORD [edi] + mov ebx,DWORD [4+edi] + add edi,8 + mov edx,15 + bswap eax + bswap ebx + jmp NEAR L$00500_14_sse2 +align 16 +L$00500_14_sse2: + movd mm1,eax + mov eax,DWORD [edi] + movd mm7,ebx + mov ebx,DWORD [4+edi] + add edi,8 + bswap eax + bswap ebx + punpckldq mm7,mm1 + movq mm1,mm4 + pxor mm5,mm6 + psrlq mm1,14 + movq [32+esp],mm4 + pand mm5,mm4 + psllq mm4,23 + movq mm0,mm3 + movq [72+esp],mm7 + movq mm3,mm1 + psrlq mm1,4 + pxor mm5,mm6 + pxor mm3,mm4 + psllq mm4,23 + pxor mm3,mm1 + movq [esp],mm0 + paddq mm7,mm5 + pxor mm3,mm4 + psrlq mm1,23 + paddq mm7,[56+esp] + pxor mm3,mm1 + psllq mm4,4 + paddq mm7,[ebp] + pxor mm3,mm4 + movq mm4,[24+esp] + paddq mm3,mm7 + movq mm5,mm0 + psrlq mm5,28 + paddq mm4,mm3 + movq mm6,mm0 + movq mm7,mm5 + psllq mm6,25 + movq mm1,[8+esp] + psrlq mm5,6 + pxor mm7,mm6 + sub esp,8 + psllq mm6,5 + pxor mm7,mm5 + pxor mm0,mm1 + psrlq mm5,5 + pxor mm7,mm6 + pand mm2,mm0 + psllq mm6,6 + pxor mm7,mm5 + pxor mm2,mm1 + pxor mm6,mm7 + movq mm5,[40+esp] + paddq mm3,mm2 + movq mm2,mm0 + add ebp,8 + paddq mm3,mm6 + movq mm6,[48+esp] + dec edx + jnz NEAR L$00500_14_sse2 + movd mm1,eax + movd mm7,ebx + punpckldq mm7,mm1 + movq mm1,mm4 + pxor mm5,mm6 + psrlq mm1,14 + movq [32+esp],mm4 + pand mm5,mm4 + psllq mm4,23 + movq mm0,mm3 + movq [72+esp],mm7 + movq mm3,mm1 + psrlq mm1,4 + pxor mm5,mm6 + pxor mm3,mm4 + psllq mm4,23 + pxor mm3,mm1 + movq [esp],mm0 + paddq mm7,mm5 + pxor mm3,mm4 + psrlq mm1,23 + paddq mm7,[56+esp] + pxor mm3,mm1 + psllq mm4,4 + paddq mm7,[ebp] + pxor mm3,mm4 + movq mm4,[24+esp] + paddq mm3,mm7 + movq mm5,mm0 + psrlq mm5,28 + paddq mm4,mm3 + movq mm6,mm0 + movq mm7,mm5 + psllq mm6,25 + movq mm1,[8+esp] + psrlq mm5,6 + pxor mm7,mm6 + sub esp,8 + psllq mm6,5 + pxor mm7,mm5 + pxor mm0,mm1 + psrlq mm5,5 + pxor mm7,mm6 + pand mm2,mm0 + psllq mm6,6 + pxor mm7,mm5 + pxor mm2,mm1 + pxor mm6,mm7 + movq mm7,[192+esp] + paddq mm3,mm2 + movq mm2,mm0 + add ebp,8 + paddq mm3,mm6 + pxor mm0,mm0 + mov edx,32 + jmp NEAR L$00616_79_sse2 +align 16 +L$00616_79_sse2: + movq mm5,[88+esp] + movq mm1,mm7 + psrlq mm7,1 + movq mm6,mm5 + psrlq mm5,6 + psllq mm1,56 + paddq mm0,mm3 + movq mm3,mm7 + psrlq mm7,6 + pxor mm3,mm1 + psllq mm1,7 + pxor mm3,mm7 + psrlq mm7,1 + pxor mm3,mm1 + movq mm1,mm5 + psrlq mm5,13 + pxor mm7,mm3 + psllq mm6,3 + pxor mm1,mm5 + paddq mm7,[200+esp] + pxor mm1,mm6 + psrlq mm5,42 + paddq mm7,[128+esp] + pxor mm1,mm5 + psllq mm6,42 + movq mm5,[40+esp] + pxor mm1,mm6 + movq mm6,[48+esp] + paddq mm7,mm1 + movq mm1,mm4 + pxor mm5,mm6 + psrlq mm1,14 + movq [32+esp],mm4 + pand mm5,mm4 + psllq mm4,23 + movq [72+esp],mm7 + movq mm3,mm1 + psrlq mm1,4 + pxor mm5,mm6 + pxor mm3,mm4 + psllq mm4,23 + pxor mm3,mm1 + movq [esp],mm0 + paddq mm7,mm5 + pxor mm3,mm4 + psrlq mm1,23 + paddq mm7,[56+esp] + pxor mm3,mm1 + psllq mm4,4 + paddq mm7,[ebp] + pxor mm3,mm4 + movq mm4,[24+esp] + paddq mm3,mm7 + movq mm5,mm0 + psrlq mm5,28 + paddq mm4,mm3 + movq mm6,mm0 + movq mm7,mm5 + psllq mm6,25 + movq mm1,[8+esp] + psrlq mm5,6 + pxor mm7,mm6 + sub esp,8 + psllq mm6,5 + pxor mm7,mm5 + pxor mm0,mm1 + psrlq mm5,5 + pxor mm7,mm6 + pand mm2,mm0 + psllq mm6,6 + pxor mm7,mm5 + pxor mm2,mm1 + pxor mm6,mm7 + movq mm7,[192+esp] + paddq mm2,mm6 + add ebp,8 + movq mm5,[88+esp] + movq mm1,mm7 + psrlq mm7,1 + movq mm6,mm5 + psrlq mm5,6 + psllq mm1,56 + paddq mm2,mm3 + movq mm3,mm7 + psrlq mm7,6 + pxor mm3,mm1 + psllq mm1,7 + pxor mm3,mm7 + psrlq mm7,1 + pxor mm3,mm1 + movq mm1,mm5 + psrlq mm5,13 + pxor mm7,mm3 + psllq mm6,3 + pxor mm1,mm5 + paddq mm7,[200+esp] + pxor mm1,mm6 + psrlq mm5,42 + paddq mm7,[128+esp] + pxor mm1,mm5 + psllq mm6,42 + movq mm5,[40+esp] + pxor mm1,mm6 + movq mm6,[48+esp] + paddq mm7,mm1 + movq mm1,mm4 + pxor mm5,mm6 + psrlq mm1,14 + movq [32+esp],mm4 + pand mm5,mm4 + psllq mm4,23 + movq [72+esp],mm7 + movq mm3,mm1 + psrlq mm1,4 + pxor mm5,mm6 + pxor mm3,mm4 + psllq mm4,23 + pxor mm3,mm1 + movq [esp],mm2 + paddq mm7,mm5 + pxor mm3,mm4 + psrlq mm1,23 + paddq mm7,[56+esp] + pxor mm3,mm1 + psllq mm4,4 + paddq mm7,[ebp] + pxor mm3,mm4 + movq mm4,[24+esp] + paddq mm3,mm7 + movq mm5,mm2 + psrlq mm5,28 + paddq mm4,mm3 + movq mm6,mm2 + movq mm7,mm5 + psllq mm6,25 + movq mm1,[8+esp] + psrlq mm5,6 + pxor mm7,mm6 + sub esp,8 + psllq mm6,5 + pxor mm7,mm5 + pxor mm2,mm1 + psrlq mm5,5 + pxor mm7,mm6 + pand mm0,mm2 + psllq mm6,6 + pxor mm7,mm5 + pxor mm0,mm1 + pxor mm6,mm7 + movq mm7,[192+esp] + paddq mm0,mm6 + add ebp,8 + dec edx + jnz NEAR L$00616_79_sse2 + paddq mm0,mm3 + movq mm1,[8+esp] + movq mm3,[24+esp] + movq mm5,[40+esp] + movq mm6,[48+esp] + movq mm7,[56+esp] + pxor mm2,mm1 + paddq mm0,[esi] + paddq mm1,[8+esi] + paddq mm2,[16+esi] + paddq mm3,[24+esi] + paddq mm4,[32+esi] + paddq mm5,[40+esi] + paddq mm6,[48+esi] + paddq mm7,[56+esi] + mov eax,640 + movq [esi],mm0 + movq [8+esi],mm1 + movq [16+esi],mm2 + movq [24+esi],mm3 + movq [32+esi],mm4 + movq [40+esi],mm5 + movq [48+esi],mm6 + movq [56+esi],mm7 + lea esp,[eax*1+esp] + sub ebp,eax + cmp edi,DWORD [88+esp] + jb NEAR L$004loop_sse2 + mov esp,DWORD [92+esp] + emms + pop edi + pop esi + pop ebx + pop ebp + ret +align 32 +L$003SSSE3: + lea edx,[esp-64] + sub esp,256 + movdqa xmm1,[640+ebp] + movdqu xmm0,[edi] +db 102,15,56,0,193 + movdqa xmm3,[ebp] + movdqa xmm2,xmm1 + movdqu xmm1,[16+edi] + paddq xmm3,xmm0 +db 102,15,56,0,202 + movdqa [edx-128],xmm3 + movdqa xmm4,[16+ebp] + movdqa xmm3,xmm2 + movdqu xmm2,[32+edi] + paddq xmm4,xmm1 +db 102,15,56,0,211 + movdqa [edx-112],xmm4 + movdqa xmm5,[32+ebp] + movdqa xmm4,xmm3 + movdqu xmm3,[48+edi] + paddq xmm5,xmm2 +db 102,15,56,0,220 + movdqa [edx-96],xmm5 + movdqa xmm6,[48+ebp] + movdqa xmm5,xmm4 + movdqu xmm4,[64+edi] + paddq xmm6,xmm3 +db 102,15,56,0,229 + movdqa [edx-80],xmm6 + movdqa xmm7,[64+ebp] + movdqa xmm6,xmm5 + movdqu xmm5,[80+edi] + paddq xmm7,xmm4 +db 102,15,56,0,238 + movdqa [edx-64],xmm7 + movdqa [edx],xmm0 + movdqa xmm0,[80+ebp] + movdqa xmm7,xmm6 + movdqu xmm6,[96+edi] + paddq xmm0,xmm5 +db 102,15,56,0,247 + movdqa [edx-48],xmm0 + movdqa [16+edx],xmm1 + movdqa xmm1,[96+ebp] + movdqa xmm0,xmm7 + movdqu xmm7,[112+edi] + paddq xmm1,xmm6 +db 102,15,56,0,248 + movdqa [edx-32],xmm1 + movdqa [32+edx],xmm2 + movdqa xmm2,[112+ebp] + movdqa xmm0,[edx] + paddq xmm2,xmm7 + movdqa [edx-16],xmm2 + nop +align 32 +L$007loop_ssse3: + movdqa xmm2,[16+edx] + movdqa [48+edx],xmm3 + lea ebp,[128+ebp] + movq [8+esp],mm1 + mov ebx,edi + movq [16+esp],mm2 + lea edi,[128+edi] + movq [24+esp],mm3 + cmp edi,eax + movq [40+esp],mm5 + cmovb ebx,edi + movq [48+esp],mm6 + mov ecx,4 + pxor mm2,mm1 + movq [56+esp],mm7 + pxor mm3,mm3 + jmp NEAR L$00800_47_ssse3 +align 32 +L$00800_47_ssse3: + movdqa xmm3,xmm5 + movdqa xmm1,xmm2 +db 102,15,58,15,208,8 + movdqa [edx],xmm4 +db 102,15,58,15,220,8 + movdqa xmm4,xmm2 + psrlq xmm2,7 + paddq xmm0,xmm3 + movdqa xmm3,xmm4 + psrlq xmm4,1 + psllq xmm3,56 + pxor xmm2,xmm4 + psrlq xmm4,7 + pxor xmm2,xmm3 + psllq xmm3,7 + pxor xmm2,xmm4 + movdqa xmm4,xmm7 + pxor xmm2,xmm3 + movdqa xmm3,xmm7 + psrlq xmm4,6 + paddq xmm0,xmm2 + movdqa xmm2,xmm7 + psrlq xmm3,19 + psllq xmm2,3 + pxor xmm4,xmm3 + psrlq xmm3,42 + pxor xmm4,xmm2 + psllq xmm2,42 + pxor xmm4,xmm3 + movdqa xmm3,[32+edx] + pxor xmm4,xmm2 + movdqa xmm2,[ebp] + movq mm1,mm4 + paddq xmm0,xmm4 + movq mm7,[edx-128] + pxor mm5,mm6 + psrlq mm1,14 + movq [32+esp],mm4 + paddq xmm2,xmm0 + pand mm5,mm4 + psllq mm4,23 + paddq mm0,mm3 + movq mm3,mm1 + psrlq mm1,4 + pxor mm5,mm6 + pxor mm3,mm4 + psllq mm4,23 + pxor mm3,mm1 + movq [esp],mm0 + paddq mm7,mm5 + pxor mm3,mm4 + psrlq mm1,23 + paddq mm7,[56+esp] + pxor mm3,mm1 + psllq mm4,4 + pxor mm3,mm4 + movq mm4,[24+esp] + paddq mm3,mm7 + movq mm5,mm0 + psrlq mm5,28 + paddq mm4,mm3 + movq mm6,mm0 + movq mm7,mm5 + psllq mm6,25 + movq mm1,[8+esp] + psrlq mm5,6 + pxor mm7,mm6 + psllq mm6,5 + pxor mm7,mm5 + pxor mm0,mm1 + psrlq mm5,5 + pxor mm7,mm6 + pand mm2,mm0 + psllq mm6,6 + pxor mm7,mm5 + pxor mm2,mm1 + pxor mm6,mm7 + movq mm5,[32+esp] + paddq mm2,mm6 + movq mm6,[40+esp] + movq mm1,mm4 + movq mm7,[edx-120] + pxor mm5,mm6 + psrlq mm1,14 + movq [24+esp],mm4 + pand mm5,mm4 + psllq mm4,23 + paddq mm2,mm3 + movq mm3,mm1 + psrlq mm1,4 + pxor mm5,mm6 + pxor mm3,mm4 + psllq mm4,23 + pxor mm3,mm1 + movq [56+esp],mm2 + paddq mm7,mm5 + pxor mm3,mm4 + psrlq mm1,23 + paddq mm7,[48+esp] + pxor mm3,mm1 + psllq mm4,4 + pxor mm3,mm4 + movq mm4,[16+esp] + paddq mm3,mm7 + movq mm5,mm2 + psrlq mm5,28 + paddq mm4,mm3 + movq mm6,mm2 + movq mm7,mm5 + psllq mm6,25 + movq mm1,[esp] + psrlq mm5,6 + pxor mm7,mm6 + psllq mm6,5 + pxor mm7,mm5 + pxor mm2,mm1 + psrlq mm5,5 + pxor mm7,mm6 + pand mm0,mm2 + psllq mm6,6 + pxor mm7,mm5 + pxor mm0,mm1 + pxor mm6,mm7 + movq mm5,[24+esp] + paddq mm0,mm6 + movq mm6,[32+esp] + movdqa [edx-128],xmm2 + movdqa xmm4,xmm6 + movdqa xmm2,xmm3 +db 102,15,58,15,217,8 + movdqa [16+edx],xmm5 +db 102,15,58,15,229,8 + movdqa xmm5,xmm3 + psrlq xmm3,7 + paddq xmm1,xmm4 + movdqa xmm4,xmm5 + psrlq xmm5,1 + psllq xmm4,56 + pxor xmm3,xmm5 + psrlq xmm5,7 + pxor xmm3,xmm4 + psllq xmm4,7 + pxor xmm3,xmm5 + movdqa xmm5,xmm0 + pxor xmm3,xmm4 + movdqa xmm4,xmm0 + psrlq xmm5,6 + paddq xmm1,xmm3 + movdqa xmm3,xmm0 + psrlq xmm4,19 + psllq xmm3,3 + pxor xmm5,xmm4 + psrlq xmm4,42 + pxor xmm5,xmm3 + psllq xmm3,42 + pxor xmm5,xmm4 + movdqa xmm4,[48+edx] + pxor xmm5,xmm3 + movdqa xmm3,[16+ebp] + movq mm1,mm4 + paddq xmm1,xmm5 + movq mm7,[edx-112] + pxor mm5,mm6 + psrlq mm1,14 + movq [16+esp],mm4 + paddq xmm3,xmm1 + pand mm5,mm4 + psllq mm4,23 + paddq mm0,mm3 + movq mm3,mm1 + psrlq mm1,4 + pxor mm5,mm6 + pxor mm3,mm4 + psllq mm4,23 + pxor mm3,mm1 + movq [48+esp],mm0 + paddq mm7,mm5 + pxor mm3,mm4 + psrlq mm1,23 + paddq mm7,[40+esp] + pxor mm3,mm1 + psllq mm4,4 + pxor mm3,mm4 + movq mm4,[8+esp] + paddq mm3,mm7 + movq mm5,mm0 + psrlq mm5,28 + paddq mm4,mm3 + movq mm6,mm0 + movq mm7,mm5 + psllq mm6,25 + movq mm1,[56+esp] + psrlq mm5,6 + pxor mm7,mm6 + psllq mm6,5 + pxor mm7,mm5 + pxor mm0,mm1 + psrlq mm5,5 + pxor mm7,mm6 + pand mm2,mm0 + psllq mm6,6 + pxor mm7,mm5 + pxor mm2,mm1 + pxor mm6,mm7 + movq mm5,[16+esp] + paddq mm2,mm6 + movq mm6,[24+esp] + movq mm1,mm4 + movq mm7,[edx-104] + pxor mm5,mm6 + psrlq mm1,14 + movq [8+esp],mm4 + pand mm5,mm4 + psllq mm4,23 + paddq mm2,mm3 + movq mm3,mm1 + psrlq mm1,4 + pxor mm5,mm6 + pxor mm3,mm4 + psllq mm4,23 + pxor mm3,mm1 + movq [40+esp],mm2 + paddq mm7,mm5 + pxor mm3,mm4 + psrlq mm1,23 + paddq mm7,[32+esp] + pxor mm3,mm1 + psllq mm4,4 + pxor mm3,mm4 + movq mm4,[esp] + paddq mm3,mm7 + movq mm5,mm2 + psrlq mm5,28 + paddq mm4,mm3 + movq mm6,mm2 + movq mm7,mm5 + psllq mm6,25 + movq mm1,[48+esp] + psrlq mm5,6 + pxor mm7,mm6 + psllq mm6,5 + pxor mm7,mm5 + pxor mm2,mm1 + psrlq mm5,5 + pxor mm7,mm6 + pand mm0,mm2 + psllq mm6,6 + pxor mm7,mm5 + pxor mm0,mm1 + pxor mm6,mm7 + movq mm5,[8+esp] + paddq mm0,mm6 + movq mm6,[16+esp] + movdqa [edx-112],xmm3 + movdqa xmm5,xmm7 + movdqa xmm3,xmm4 +db 102,15,58,15,226,8 + movdqa [32+edx],xmm6 +db 102,15,58,15,238,8 + movdqa xmm6,xmm4 + psrlq xmm4,7 + paddq xmm2,xmm5 + movdqa xmm5,xmm6 + psrlq xmm6,1 + psllq xmm5,56 + pxor xmm4,xmm6 + psrlq xmm6,7 + pxor xmm4,xmm5 + psllq xmm5,7 + pxor xmm4,xmm6 + movdqa xmm6,xmm1 + pxor xmm4,xmm5 + movdqa xmm5,xmm1 + psrlq xmm6,6 + paddq xmm2,xmm4 + movdqa xmm4,xmm1 + psrlq xmm5,19 + psllq xmm4,3 + pxor xmm6,xmm5 + psrlq xmm5,42 + pxor xmm6,xmm4 + psllq xmm4,42 + pxor xmm6,xmm5 + movdqa xmm5,[edx] + pxor xmm6,xmm4 + movdqa xmm4,[32+ebp] + movq mm1,mm4 + paddq xmm2,xmm6 + movq mm7,[edx-96] + pxor mm5,mm6 + psrlq mm1,14 + movq [esp],mm4 + paddq xmm4,xmm2 + pand mm5,mm4 + psllq mm4,23 + paddq mm0,mm3 + movq mm3,mm1 + psrlq mm1,4 + pxor mm5,mm6 + pxor mm3,mm4 + psllq mm4,23 + pxor mm3,mm1 + movq [32+esp],mm0 + paddq mm7,mm5 + pxor mm3,mm4 + psrlq mm1,23 + paddq mm7,[24+esp] + pxor mm3,mm1 + psllq mm4,4 + pxor mm3,mm4 + movq mm4,[56+esp] + paddq mm3,mm7 + movq mm5,mm0 + psrlq mm5,28 + paddq mm4,mm3 + movq mm6,mm0 + movq mm7,mm5 + psllq mm6,25 + movq mm1,[40+esp] + psrlq mm5,6 + pxor mm7,mm6 + psllq mm6,5 + pxor mm7,mm5 + pxor mm0,mm1 + psrlq mm5,5 + pxor mm7,mm6 + pand mm2,mm0 + psllq mm6,6 + pxor mm7,mm5 + pxor mm2,mm1 + pxor mm6,mm7 + movq mm5,[esp] + paddq mm2,mm6 + movq mm6,[8+esp] + movq mm1,mm4 + movq mm7,[edx-88] + pxor mm5,mm6 + psrlq mm1,14 + movq [56+esp],mm4 + pand mm5,mm4 + psllq mm4,23 + paddq mm2,mm3 + movq mm3,mm1 + psrlq mm1,4 + pxor mm5,mm6 + pxor mm3,mm4 + psllq mm4,23 + pxor mm3,mm1 + movq [24+esp],mm2 + paddq mm7,mm5 + pxor mm3,mm4 + psrlq mm1,23 + paddq mm7,[16+esp] + pxor mm3,mm1 + psllq mm4,4 + pxor mm3,mm4 + movq mm4,[48+esp] + paddq mm3,mm7 + movq mm5,mm2 + psrlq mm5,28 + paddq mm4,mm3 + movq mm6,mm2 + movq mm7,mm5 + psllq mm6,25 + movq mm1,[32+esp] + psrlq mm5,6 + pxor mm7,mm6 + psllq mm6,5 + pxor mm7,mm5 + pxor mm2,mm1 + psrlq mm5,5 + pxor mm7,mm6 + pand mm0,mm2 + psllq mm6,6 + pxor mm7,mm5 + pxor mm0,mm1 + pxor mm6,mm7 + movq mm5,[56+esp] + paddq mm0,mm6 + movq mm6,[esp] + movdqa [edx-96],xmm4 + movdqa xmm6,xmm0 + movdqa xmm4,xmm5 +db 102,15,58,15,235,8 + movdqa [48+edx],xmm7 +db 102,15,58,15,247,8 + movdqa xmm7,xmm5 + psrlq xmm5,7 + paddq xmm3,xmm6 + movdqa xmm6,xmm7 + psrlq xmm7,1 + psllq xmm6,56 + pxor xmm5,xmm7 + psrlq xmm7,7 + pxor xmm5,xmm6 + psllq xmm6,7 + pxor xmm5,xmm7 + movdqa xmm7,xmm2 + pxor xmm5,xmm6 + movdqa xmm6,xmm2 + psrlq xmm7,6 + paddq xmm3,xmm5 + movdqa xmm5,xmm2 + psrlq xmm6,19 + psllq xmm5,3 + pxor xmm7,xmm6 + psrlq xmm6,42 + pxor xmm7,xmm5 + psllq xmm5,42 + pxor xmm7,xmm6 + movdqa xmm6,[16+edx] + pxor xmm7,xmm5 + movdqa xmm5,[48+ebp] + movq mm1,mm4 + paddq xmm3,xmm7 + movq mm7,[edx-80] + pxor mm5,mm6 + psrlq mm1,14 + movq [48+esp],mm4 + paddq xmm5,xmm3 + pand mm5,mm4 + psllq mm4,23 + paddq mm0,mm3 + movq mm3,mm1 + psrlq mm1,4 + pxor mm5,mm6 + pxor mm3,mm4 + psllq mm4,23 + pxor mm3,mm1 + movq [16+esp],mm0 + paddq mm7,mm5 + pxor mm3,mm4 + psrlq mm1,23 + paddq mm7,[8+esp] + pxor mm3,mm1 + psllq mm4,4 + pxor mm3,mm4 + movq mm4,[40+esp] + paddq mm3,mm7 + movq mm5,mm0 + psrlq mm5,28 + paddq mm4,mm3 + movq mm6,mm0 + movq mm7,mm5 + psllq mm6,25 + movq mm1,[24+esp] + psrlq mm5,6 + pxor mm7,mm6 + psllq mm6,5 + pxor mm7,mm5 + pxor mm0,mm1 + psrlq mm5,5 + pxor mm7,mm6 + pand mm2,mm0 + psllq mm6,6 + pxor mm7,mm5 + pxor mm2,mm1 + pxor mm6,mm7 + movq mm5,[48+esp] + paddq mm2,mm6 + movq mm6,[56+esp] + movq mm1,mm4 + movq mm7,[edx-72] + pxor mm5,mm6 + psrlq mm1,14 + movq [40+esp],mm4 + pand mm5,mm4 + psllq mm4,23 + paddq mm2,mm3 + movq mm3,mm1 + psrlq mm1,4 + pxor mm5,mm6 + pxor mm3,mm4 + psllq mm4,23 + pxor mm3,mm1 + movq [8+esp],mm2 + paddq mm7,mm5 + pxor mm3,mm4 + psrlq mm1,23 + paddq mm7,[esp] + pxor mm3,mm1 + psllq mm4,4 + pxor mm3,mm4 + movq mm4,[32+esp] + paddq mm3,mm7 + movq mm5,mm2 + psrlq mm5,28 + paddq mm4,mm3 + movq mm6,mm2 + movq mm7,mm5 + psllq mm6,25 + movq mm1,[16+esp] + psrlq mm5,6 + pxor mm7,mm6 + psllq mm6,5 + pxor mm7,mm5 + pxor mm2,mm1 + psrlq mm5,5 + pxor mm7,mm6 + pand mm0,mm2 + psllq mm6,6 + pxor mm7,mm5 + pxor mm0,mm1 + pxor mm6,mm7 + movq mm5,[40+esp] + paddq mm0,mm6 + movq mm6,[48+esp] + movdqa [edx-80],xmm5 + movdqa xmm7,xmm1 + movdqa xmm5,xmm6 +db 102,15,58,15,244,8 + movdqa [edx],xmm0 +db 102,15,58,15,248,8 + movdqa xmm0,xmm6 + psrlq xmm6,7 + paddq xmm4,xmm7 + movdqa xmm7,xmm0 + psrlq xmm0,1 + psllq xmm7,56 + pxor xmm6,xmm0 + psrlq xmm0,7 + pxor xmm6,xmm7 + psllq xmm7,7 + pxor xmm6,xmm0 + movdqa xmm0,xmm3 + pxor xmm6,xmm7 + movdqa xmm7,xmm3 + psrlq xmm0,6 + paddq xmm4,xmm6 + movdqa xmm6,xmm3 + psrlq xmm7,19 + psllq xmm6,3 + pxor xmm0,xmm7 + psrlq xmm7,42 + pxor xmm0,xmm6 + psllq xmm6,42 + pxor xmm0,xmm7 + movdqa xmm7,[32+edx] + pxor xmm0,xmm6 + movdqa xmm6,[64+ebp] + movq mm1,mm4 + paddq xmm4,xmm0 + movq mm7,[edx-64] + pxor mm5,mm6 + psrlq mm1,14 + movq [32+esp],mm4 + paddq xmm6,xmm4 + pand mm5,mm4 + psllq mm4,23 + paddq mm0,mm3 + movq mm3,mm1 + psrlq mm1,4 + pxor mm5,mm6 + pxor mm3,mm4 + psllq mm4,23 + pxor mm3,mm1 + movq [esp],mm0 + paddq mm7,mm5 + pxor mm3,mm4 + psrlq mm1,23 + paddq mm7,[56+esp] + pxor mm3,mm1 + psllq mm4,4 + pxor mm3,mm4 + movq mm4,[24+esp] + paddq mm3,mm7 + movq mm5,mm0 + psrlq mm5,28 + paddq mm4,mm3 + movq mm6,mm0 + movq mm7,mm5 + psllq mm6,25 + movq mm1,[8+esp] + psrlq mm5,6 + pxor mm7,mm6 + psllq mm6,5 + pxor mm7,mm5 + pxor mm0,mm1 + psrlq mm5,5 + pxor mm7,mm6 + pand mm2,mm0 + psllq mm6,6 + pxor mm7,mm5 + pxor mm2,mm1 + pxor mm6,mm7 + movq mm5,[32+esp] + paddq mm2,mm6 + movq mm6,[40+esp] + movq mm1,mm4 + movq mm7,[edx-56] + pxor mm5,mm6 + psrlq mm1,14 + movq [24+esp],mm4 + pand mm5,mm4 + psllq mm4,23 + paddq mm2,mm3 + movq mm3,mm1 + psrlq mm1,4 + pxor mm5,mm6 + pxor mm3,mm4 + psllq mm4,23 + pxor mm3,mm1 + movq [56+esp],mm2 + paddq mm7,mm5 + pxor mm3,mm4 + psrlq mm1,23 + paddq mm7,[48+esp] + pxor mm3,mm1 + psllq mm4,4 + pxor mm3,mm4 + movq mm4,[16+esp] + paddq mm3,mm7 + movq mm5,mm2 + psrlq mm5,28 + paddq mm4,mm3 + movq mm6,mm2 + movq mm7,mm5 + psllq mm6,25 + movq mm1,[esp] + psrlq mm5,6 + pxor mm7,mm6 + psllq mm6,5 + pxor mm7,mm5 + pxor mm2,mm1 + psrlq mm5,5 + pxor mm7,mm6 + pand mm0,mm2 + psllq mm6,6 + pxor mm7,mm5 + pxor mm0,mm1 + pxor mm6,mm7 + movq mm5,[24+esp] + paddq mm0,mm6 + movq mm6,[32+esp] + movdqa [edx-64],xmm6 + movdqa xmm0,xmm2 + movdqa xmm6,xmm7 +db 102,15,58,15,253,8 + movdqa [16+edx],xmm1 +db 102,15,58,15,193,8 + movdqa xmm1,xmm7 + psrlq xmm7,7 + paddq xmm5,xmm0 + movdqa xmm0,xmm1 + psrlq xmm1,1 + psllq xmm0,56 + pxor xmm7,xmm1 + psrlq xmm1,7 + pxor xmm7,xmm0 + psllq xmm0,7 + pxor xmm7,xmm1 + movdqa xmm1,xmm4 + pxor xmm7,xmm0 + movdqa xmm0,xmm4 + psrlq xmm1,6 + paddq xmm5,xmm7 + movdqa xmm7,xmm4 + psrlq xmm0,19 + psllq xmm7,3 + pxor xmm1,xmm0 + psrlq xmm0,42 + pxor xmm1,xmm7 + psllq xmm7,42 + pxor xmm1,xmm0 + movdqa xmm0,[48+edx] + pxor xmm1,xmm7 + movdqa xmm7,[80+ebp] + movq mm1,mm4 + paddq xmm5,xmm1 + movq mm7,[edx-48] + pxor mm5,mm6 + psrlq mm1,14 + movq [16+esp],mm4 + paddq xmm7,xmm5 + pand mm5,mm4 + psllq mm4,23 + paddq mm0,mm3 + movq mm3,mm1 + psrlq mm1,4 + pxor mm5,mm6 + pxor mm3,mm4 + psllq mm4,23 + pxor mm3,mm1 + movq [48+esp],mm0 + paddq mm7,mm5 + pxor mm3,mm4 + psrlq mm1,23 + paddq mm7,[40+esp] + pxor mm3,mm1 + psllq mm4,4 + pxor mm3,mm4 + movq mm4,[8+esp] + paddq mm3,mm7 + movq mm5,mm0 + psrlq mm5,28 + paddq mm4,mm3 + movq mm6,mm0 + movq mm7,mm5 + psllq mm6,25 + movq mm1,[56+esp] + psrlq mm5,6 + pxor mm7,mm6 + psllq mm6,5 + pxor mm7,mm5 + pxor mm0,mm1 + psrlq mm5,5 + pxor mm7,mm6 + pand mm2,mm0 + psllq mm6,6 + pxor mm7,mm5 + pxor mm2,mm1 + pxor mm6,mm7 + movq mm5,[16+esp] + paddq mm2,mm6 + movq mm6,[24+esp] + movq mm1,mm4 + movq mm7,[edx-40] + pxor mm5,mm6 + psrlq mm1,14 + movq [8+esp],mm4 + pand mm5,mm4 + psllq mm4,23 + paddq mm2,mm3 + movq mm3,mm1 + psrlq mm1,4 + pxor mm5,mm6 + pxor mm3,mm4 + psllq mm4,23 + pxor mm3,mm1 + movq [40+esp],mm2 + paddq mm7,mm5 + pxor mm3,mm4 + psrlq mm1,23 + paddq mm7,[32+esp] + pxor mm3,mm1 + psllq mm4,4 + pxor mm3,mm4 + movq mm4,[esp] + paddq mm3,mm7 + movq mm5,mm2 + psrlq mm5,28 + paddq mm4,mm3 + movq mm6,mm2 + movq mm7,mm5 + psllq mm6,25 + movq mm1,[48+esp] + psrlq mm5,6 + pxor mm7,mm6 + psllq mm6,5 + pxor mm7,mm5 + pxor mm2,mm1 + psrlq mm5,5 + pxor mm7,mm6 + pand mm0,mm2 + psllq mm6,6 + pxor mm7,mm5 + pxor mm0,mm1 + pxor mm6,mm7 + movq mm5,[8+esp] + paddq mm0,mm6 + movq mm6,[16+esp] + movdqa [edx-48],xmm7 + movdqa xmm1,xmm3 + movdqa xmm7,xmm0 +db 102,15,58,15,198,8 + movdqa [32+edx],xmm2 +db 102,15,58,15,202,8 + movdqa xmm2,xmm0 + psrlq xmm0,7 + paddq xmm6,xmm1 + movdqa xmm1,xmm2 + psrlq xmm2,1 + psllq xmm1,56 + pxor xmm0,xmm2 + psrlq xmm2,7 + pxor xmm0,xmm1 + psllq xmm1,7 + pxor xmm0,xmm2 + movdqa xmm2,xmm5 + pxor xmm0,xmm1 + movdqa xmm1,xmm5 + psrlq xmm2,6 + paddq xmm6,xmm0 + movdqa xmm0,xmm5 + psrlq xmm1,19 + psllq xmm0,3 + pxor xmm2,xmm1 + psrlq xmm1,42 + pxor xmm2,xmm0 + psllq xmm0,42 + pxor xmm2,xmm1 + movdqa xmm1,[edx] + pxor xmm2,xmm0 + movdqa xmm0,[96+ebp] + movq mm1,mm4 + paddq xmm6,xmm2 + movq mm7,[edx-32] + pxor mm5,mm6 + psrlq mm1,14 + movq [esp],mm4 + paddq xmm0,xmm6 + pand mm5,mm4 + psllq mm4,23 + paddq mm0,mm3 + movq mm3,mm1 + psrlq mm1,4 + pxor mm5,mm6 + pxor mm3,mm4 + psllq mm4,23 + pxor mm3,mm1 + movq [32+esp],mm0 + paddq mm7,mm5 + pxor mm3,mm4 + psrlq mm1,23 + paddq mm7,[24+esp] + pxor mm3,mm1 + psllq mm4,4 + pxor mm3,mm4 + movq mm4,[56+esp] + paddq mm3,mm7 + movq mm5,mm0 + psrlq mm5,28 + paddq mm4,mm3 + movq mm6,mm0 + movq mm7,mm5 + psllq mm6,25 + movq mm1,[40+esp] + psrlq mm5,6 + pxor mm7,mm6 + psllq mm6,5 + pxor mm7,mm5 + pxor mm0,mm1 + psrlq mm5,5 + pxor mm7,mm6 + pand mm2,mm0 + psllq mm6,6 + pxor mm7,mm5 + pxor mm2,mm1 + pxor mm6,mm7 + movq mm5,[esp] + paddq mm2,mm6 + movq mm6,[8+esp] + movq mm1,mm4 + movq mm7,[edx-24] + pxor mm5,mm6 + psrlq mm1,14 + movq [56+esp],mm4 + pand mm5,mm4 + psllq mm4,23 + paddq mm2,mm3 + movq mm3,mm1 + psrlq mm1,4 + pxor mm5,mm6 + pxor mm3,mm4 + psllq mm4,23 + pxor mm3,mm1 + movq [24+esp],mm2 + paddq mm7,mm5 + pxor mm3,mm4 + psrlq mm1,23 + paddq mm7,[16+esp] + pxor mm3,mm1 + psllq mm4,4 + pxor mm3,mm4 + movq mm4,[48+esp] + paddq mm3,mm7 + movq mm5,mm2 + psrlq mm5,28 + paddq mm4,mm3 + movq mm6,mm2 + movq mm7,mm5 + psllq mm6,25 + movq mm1,[32+esp] + psrlq mm5,6 + pxor mm7,mm6 + psllq mm6,5 + pxor mm7,mm5 + pxor mm2,mm1 + psrlq mm5,5 + pxor mm7,mm6 + pand mm0,mm2 + psllq mm6,6 + pxor mm7,mm5 + pxor mm0,mm1 + pxor mm6,mm7 + movq mm5,[56+esp] + paddq mm0,mm6 + movq mm6,[esp] + movdqa [edx-32],xmm0 + movdqa xmm2,xmm4 + movdqa xmm0,xmm1 +db 102,15,58,15,207,8 + movdqa [48+edx],xmm3 +db 102,15,58,15,211,8 + movdqa xmm3,xmm1 + psrlq xmm1,7 + paddq xmm7,xmm2 + movdqa xmm2,xmm3 + psrlq xmm3,1 + psllq xmm2,56 + pxor xmm1,xmm3 + psrlq xmm3,7 + pxor xmm1,xmm2 + psllq xmm2,7 + pxor xmm1,xmm3 + movdqa xmm3,xmm6 + pxor xmm1,xmm2 + movdqa xmm2,xmm6 + psrlq xmm3,6 + paddq xmm7,xmm1 + movdqa xmm1,xmm6 + psrlq xmm2,19 + psllq xmm1,3 + pxor xmm3,xmm2 + psrlq xmm2,42 + pxor xmm3,xmm1 + psllq xmm1,42 + pxor xmm3,xmm2 + movdqa xmm2,[16+edx] + pxor xmm3,xmm1 + movdqa xmm1,[112+ebp] + movq mm1,mm4 + paddq xmm7,xmm3 + movq mm7,[edx-16] + pxor mm5,mm6 + psrlq mm1,14 + movq [48+esp],mm4 + paddq xmm1,xmm7 + pand mm5,mm4 + psllq mm4,23 + paddq mm0,mm3 + movq mm3,mm1 + psrlq mm1,4 + pxor mm5,mm6 + pxor mm3,mm4 + psllq mm4,23 + pxor mm3,mm1 + movq [16+esp],mm0 + paddq mm7,mm5 + pxor mm3,mm4 + psrlq mm1,23 + paddq mm7,[8+esp] + pxor mm3,mm1 + psllq mm4,4 + pxor mm3,mm4 + movq mm4,[40+esp] + paddq mm3,mm7 + movq mm5,mm0 + psrlq mm5,28 + paddq mm4,mm3 + movq mm6,mm0 + movq mm7,mm5 + psllq mm6,25 + movq mm1,[24+esp] + psrlq mm5,6 + pxor mm7,mm6 + psllq mm6,5 + pxor mm7,mm5 + pxor mm0,mm1 + psrlq mm5,5 + pxor mm7,mm6 + pand mm2,mm0 + psllq mm6,6 + pxor mm7,mm5 + pxor mm2,mm1 + pxor mm6,mm7 + movq mm5,[48+esp] + paddq mm2,mm6 + movq mm6,[56+esp] + movq mm1,mm4 + movq mm7,[edx-8] + pxor mm5,mm6 + psrlq mm1,14 + movq [40+esp],mm4 + pand mm5,mm4 + psllq mm4,23 + paddq mm2,mm3 + movq mm3,mm1 + psrlq mm1,4 + pxor mm5,mm6 + pxor mm3,mm4 + psllq mm4,23 + pxor mm3,mm1 + movq [8+esp],mm2 + paddq mm7,mm5 + pxor mm3,mm4 + psrlq mm1,23 + paddq mm7,[esp] + pxor mm3,mm1 + psllq mm4,4 + pxor mm3,mm4 + movq mm4,[32+esp] + paddq mm3,mm7 + movq mm5,mm2 + psrlq mm5,28 + paddq mm4,mm3 + movq mm6,mm2 + movq mm7,mm5 + psllq mm6,25 + movq mm1,[16+esp] + psrlq mm5,6 + pxor mm7,mm6 + psllq mm6,5 + pxor mm7,mm5 + pxor mm2,mm1 + psrlq mm5,5 + pxor mm7,mm6 + pand mm0,mm2 + psllq mm6,6 + pxor mm7,mm5 + pxor mm0,mm1 + pxor mm6,mm7 + movq mm5,[40+esp] + paddq mm0,mm6 + movq mm6,[48+esp] + movdqa [edx-16],xmm1 + lea ebp,[128+ebp] + dec ecx + jnz NEAR L$00800_47_ssse3 + movdqa xmm1,[ebp] + lea ebp,[ebp-640] + movdqu xmm0,[ebx] +db 102,15,56,0,193 + movdqa xmm3,[ebp] + movdqa xmm2,xmm1 + movdqu xmm1,[16+ebx] + paddq xmm3,xmm0 +db 102,15,56,0,202 + movq mm1,mm4 + movq mm7,[edx-128] + pxor mm5,mm6 + psrlq mm1,14 + movq [32+esp],mm4 + pand mm5,mm4 + psllq mm4,23 + paddq mm0,mm3 + movq mm3,mm1 + psrlq mm1,4 + pxor mm5,mm6 + pxor mm3,mm4 + psllq mm4,23 + pxor mm3,mm1 + movq [esp],mm0 + paddq mm7,mm5 + pxor mm3,mm4 + psrlq mm1,23 + paddq mm7,[56+esp] + pxor mm3,mm1 + psllq mm4,4 + pxor mm3,mm4 + movq mm4,[24+esp] + paddq mm3,mm7 + movq mm5,mm0 + psrlq mm5,28 + paddq mm4,mm3 + movq mm6,mm0 + movq mm7,mm5 + psllq mm6,25 + movq mm1,[8+esp] + psrlq mm5,6 + pxor mm7,mm6 + psllq mm6,5 + pxor mm7,mm5 + pxor mm0,mm1 + psrlq mm5,5 + pxor mm7,mm6 + pand mm2,mm0 + psllq mm6,6 + pxor mm7,mm5 + pxor mm2,mm1 + pxor mm6,mm7 + movq mm5,[32+esp] + paddq mm2,mm6 + movq mm6,[40+esp] + movq mm1,mm4 + movq mm7,[edx-120] + pxor mm5,mm6 + psrlq mm1,14 + movq [24+esp],mm4 + pand mm5,mm4 + psllq mm4,23 + paddq mm2,mm3 + movq mm3,mm1 + psrlq mm1,4 + pxor mm5,mm6 + pxor mm3,mm4 + psllq mm4,23 + pxor mm3,mm1 + movq [56+esp],mm2 + paddq mm7,mm5 + pxor mm3,mm4 + psrlq mm1,23 + paddq mm7,[48+esp] + pxor mm3,mm1 + psllq mm4,4 + pxor mm3,mm4 + movq mm4,[16+esp] + paddq mm3,mm7 + movq mm5,mm2 + psrlq mm5,28 + paddq mm4,mm3 + movq mm6,mm2 + movq mm7,mm5 + psllq mm6,25 + movq mm1,[esp] + psrlq mm5,6 + pxor mm7,mm6 + psllq mm6,5 + pxor mm7,mm5 + pxor mm2,mm1 + psrlq mm5,5 + pxor mm7,mm6 + pand mm0,mm2 + psllq mm6,6 + pxor mm7,mm5 + pxor mm0,mm1 + pxor mm6,mm7 + movq mm5,[24+esp] + paddq mm0,mm6 + movq mm6,[32+esp] + movdqa [edx-128],xmm3 + movdqa xmm4,[16+ebp] + movdqa xmm3,xmm2 + movdqu xmm2,[32+ebx] + paddq xmm4,xmm1 +db 102,15,56,0,211 + movq mm1,mm4 + movq mm7,[edx-112] + pxor mm5,mm6 + psrlq mm1,14 + movq [16+esp],mm4 + pand mm5,mm4 + psllq mm4,23 + paddq mm0,mm3 + movq mm3,mm1 + psrlq mm1,4 + pxor mm5,mm6 + pxor mm3,mm4 + psllq mm4,23 + pxor mm3,mm1 + movq [48+esp],mm0 + paddq mm7,mm5 + pxor mm3,mm4 + psrlq mm1,23 + paddq mm7,[40+esp] + pxor mm3,mm1 + psllq mm4,4 + pxor mm3,mm4 + movq mm4,[8+esp] + paddq mm3,mm7 + movq mm5,mm0 + psrlq mm5,28 + paddq mm4,mm3 + movq mm6,mm0 + movq mm7,mm5 + psllq mm6,25 + movq mm1,[56+esp] + psrlq mm5,6 + pxor mm7,mm6 + psllq mm6,5 + pxor mm7,mm5 + pxor mm0,mm1 + psrlq mm5,5 + pxor mm7,mm6 + pand mm2,mm0 + psllq mm6,6 + pxor mm7,mm5 + pxor mm2,mm1 + pxor mm6,mm7 + movq mm5,[16+esp] + paddq mm2,mm6 + movq mm6,[24+esp] + movq mm1,mm4 + movq mm7,[edx-104] + pxor mm5,mm6 + psrlq mm1,14 + movq [8+esp],mm4 + pand mm5,mm4 + psllq mm4,23 + paddq mm2,mm3 + movq mm3,mm1 + psrlq mm1,4 + pxor mm5,mm6 + pxor mm3,mm4 + psllq mm4,23 + pxor mm3,mm1 + movq [40+esp],mm2 + paddq mm7,mm5 + pxor mm3,mm4 + psrlq mm1,23 + paddq mm7,[32+esp] + pxor mm3,mm1 + psllq mm4,4 + pxor mm3,mm4 + movq mm4,[esp] + paddq mm3,mm7 + movq mm5,mm2 + psrlq mm5,28 + paddq mm4,mm3 + movq mm6,mm2 + movq mm7,mm5 + psllq mm6,25 + movq mm1,[48+esp] + psrlq mm5,6 + pxor mm7,mm6 + psllq mm6,5 + pxor mm7,mm5 + pxor mm2,mm1 + psrlq mm5,5 + pxor mm7,mm6 + pand mm0,mm2 + psllq mm6,6 + pxor mm7,mm5 + pxor mm0,mm1 + pxor mm6,mm7 + movq mm5,[8+esp] + paddq mm0,mm6 + movq mm6,[16+esp] + movdqa [edx-112],xmm4 + movdqa xmm5,[32+ebp] + movdqa xmm4,xmm3 + movdqu xmm3,[48+ebx] + paddq xmm5,xmm2 +db 102,15,56,0,220 + movq mm1,mm4 + movq mm7,[edx-96] + pxor mm5,mm6 + psrlq mm1,14 + movq [esp],mm4 + pand mm5,mm4 + psllq mm4,23 + paddq mm0,mm3 + movq mm3,mm1 + psrlq mm1,4 + pxor mm5,mm6 + pxor mm3,mm4 + psllq mm4,23 + pxor mm3,mm1 + movq [32+esp],mm0 + paddq mm7,mm5 + pxor mm3,mm4 + psrlq mm1,23 + paddq mm7,[24+esp] + pxor mm3,mm1 + psllq mm4,4 + pxor mm3,mm4 + movq mm4,[56+esp] + paddq mm3,mm7 + movq mm5,mm0 + psrlq mm5,28 + paddq mm4,mm3 + movq mm6,mm0 + movq mm7,mm5 + psllq mm6,25 + movq mm1,[40+esp] + psrlq mm5,6 + pxor mm7,mm6 + psllq mm6,5 + pxor mm7,mm5 + pxor mm0,mm1 + psrlq mm5,5 + pxor mm7,mm6 + pand mm2,mm0 + psllq mm6,6 + pxor mm7,mm5 + pxor mm2,mm1 + pxor mm6,mm7 + movq mm5,[esp] + paddq mm2,mm6 + movq mm6,[8+esp] + movq mm1,mm4 + movq mm7,[edx-88] + pxor mm5,mm6 + psrlq mm1,14 + movq [56+esp],mm4 + pand mm5,mm4 + psllq mm4,23 + paddq mm2,mm3 + movq mm3,mm1 + psrlq mm1,4 + pxor mm5,mm6 + pxor mm3,mm4 + psllq mm4,23 + pxor mm3,mm1 + movq [24+esp],mm2 + paddq mm7,mm5 + pxor mm3,mm4 + psrlq mm1,23 + paddq mm7,[16+esp] + pxor mm3,mm1 + psllq mm4,4 + pxor mm3,mm4 + movq mm4,[48+esp] + paddq mm3,mm7 + movq mm5,mm2 + psrlq mm5,28 + paddq mm4,mm3 + movq mm6,mm2 + movq mm7,mm5 + psllq mm6,25 + movq mm1,[32+esp] + psrlq mm5,6 + pxor mm7,mm6 + psllq mm6,5 + pxor mm7,mm5 + pxor mm2,mm1 + psrlq mm5,5 + pxor mm7,mm6 + pand mm0,mm2 + psllq mm6,6 + pxor mm7,mm5 + pxor mm0,mm1 + pxor mm6,mm7 + movq mm5,[56+esp] + paddq mm0,mm6 + movq mm6,[esp] + movdqa [edx-96],xmm5 + movdqa xmm6,[48+ebp] + movdqa xmm5,xmm4 + movdqu xmm4,[64+ebx] + paddq xmm6,xmm3 +db 102,15,56,0,229 + movq mm1,mm4 + movq mm7,[edx-80] + pxor mm5,mm6 + psrlq mm1,14 + movq [48+esp],mm4 + pand mm5,mm4 + psllq mm4,23 + paddq mm0,mm3 + movq mm3,mm1 + psrlq mm1,4 + pxor mm5,mm6 + pxor mm3,mm4 + psllq mm4,23 + pxor mm3,mm1 + movq [16+esp],mm0 + paddq mm7,mm5 + pxor mm3,mm4 + psrlq mm1,23 + paddq mm7,[8+esp] + pxor mm3,mm1 + psllq mm4,4 + pxor mm3,mm4 + movq mm4,[40+esp] + paddq mm3,mm7 + movq mm5,mm0 + psrlq mm5,28 + paddq mm4,mm3 + movq mm6,mm0 + movq mm7,mm5 + psllq mm6,25 + movq mm1,[24+esp] + psrlq mm5,6 + pxor mm7,mm6 + psllq mm6,5 + pxor mm7,mm5 + pxor mm0,mm1 + psrlq mm5,5 + pxor mm7,mm6 + pand mm2,mm0 + psllq mm6,6 + pxor mm7,mm5 + pxor mm2,mm1 + pxor mm6,mm7 + movq mm5,[48+esp] + paddq mm2,mm6 + movq mm6,[56+esp] + movq mm1,mm4 + movq mm7,[edx-72] + pxor mm5,mm6 + psrlq mm1,14 + movq [40+esp],mm4 + pand mm5,mm4 + psllq mm4,23 + paddq mm2,mm3 + movq mm3,mm1 + psrlq mm1,4 + pxor mm5,mm6 + pxor mm3,mm4 + psllq mm4,23 + pxor mm3,mm1 + movq [8+esp],mm2 + paddq mm7,mm5 + pxor mm3,mm4 + psrlq mm1,23 + paddq mm7,[esp] + pxor mm3,mm1 + psllq mm4,4 + pxor mm3,mm4 + movq mm4,[32+esp] + paddq mm3,mm7 + movq mm5,mm2 + psrlq mm5,28 + paddq mm4,mm3 + movq mm6,mm2 + movq mm7,mm5 + psllq mm6,25 + movq mm1,[16+esp] + psrlq mm5,6 + pxor mm7,mm6 + psllq mm6,5 + pxor mm7,mm5 + pxor mm2,mm1 + psrlq mm5,5 + pxor mm7,mm6 + pand mm0,mm2 + psllq mm6,6 + pxor mm7,mm5 + pxor mm0,mm1 + pxor mm6,mm7 + movq mm5,[40+esp] + paddq mm0,mm6 + movq mm6,[48+esp] + movdqa [edx-80],xmm6 + movdqa xmm7,[64+ebp] + movdqa xmm6,xmm5 + movdqu xmm5,[80+ebx] + paddq xmm7,xmm4 +db 102,15,56,0,238 + movq mm1,mm4 + movq mm7,[edx-64] + pxor mm5,mm6 + psrlq mm1,14 + movq [32+esp],mm4 + pand mm5,mm4 + psllq mm4,23 + paddq mm0,mm3 + movq mm3,mm1 + psrlq mm1,4 + pxor mm5,mm6 + pxor mm3,mm4 + psllq mm4,23 + pxor mm3,mm1 + movq [esp],mm0 + paddq mm7,mm5 + pxor mm3,mm4 + psrlq mm1,23 + paddq mm7,[56+esp] + pxor mm3,mm1 + psllq mm4,4 + pxor mm3,mm4 + movq mm4,[24+esp] + paddq mm3,mm7 + movq mm5,mm0 + psrlq mm5,28 + paddq mm4,mm3 + movq mm6,mm0 + movq mm7,mm5 + psllq mm6,25 + movq mm1,[8+esp] + psrlq mm5,6 + pxor mm7,mm6 + psllq mm6,5 + pxor mm7,mm5 + pxor mm0,mm1 + psrlq mm5,5 + pxor mm7,mm6 + pand mm2,mm0 + psllq mm6,6 + pxor mm7,mm5 + pxor mm2,mm1 + pxor mm6,mm7 + movq mm5,[32+esp] + paddq mm2,mm6 + movq mm6,[40+esp] + movq mm1,mm4 + movq mm7,[edx-56] + pxor mm5,mm6 + psrlq mm1,14 + movq [24+esp],mm4 + pand mm5,mm4 + psllq mm4,23 + paddq mm2,mm3 + movq mm3,mm1 + psrlq mm1,4 + pxor mm5,mm6 + pxor mm3,mm4 + psllq mm4,23 + pxor mm3,mm1 + movq [56+esp],mm2 + paddq mm7,mm5 + pxor mm3,mm4 + psrlq mm1,23 + paddq mm7,[48+esp] + pxor mm3,mm1 + psllq mm4,4 + pxor mm3,mm4 + movq mm4,[16+esp] + paddq mm3,mm7 + movq mm5,mm2 + psrlq mm5,28 + paddq mm4,mm3 + movq mm6,mm2 + movq mm7,mm5 + psllq mm6,25 + movq mm1,[esp] + psrlq mm5,6 + pxor mm7,mm6 + psllq mm6,5 + pxor mm7,mm5 + pxor mm2,mm1 + psrlq mm5,5 + pxor mm7,mm6 + pand mm0,mm2 + psllq mm6,6 + pxor mm7,mm5 + pxor mm0,mm1 + pxor mm6,mm7 + movq mm5,[24+esp] + paddq mm0,mm6 + movq mm6,[32+esp] + movdqa [edx-64],xmm7 + movdqa [edx],xmm0 + movdqa xmm0,[80+ebp] + movdqa xmm7,xmm6 + movdqu xmm6,[96+ebx] + paddq xmm0,xmm5 +db 102,15,56,0,247 + movq mm1,mm4 + movq mm7,[edx-48] + pxor mm5,mm6 + psrlq mm1,14 + movq [16+esp],mm4 + pand mm5,mm4 + psllq mm4,23 + paddq mm0,mm3 + movq mm3,mm1 + psrlq mm1,4 + pxor mm5,mm6 + pxor mm3,mm4 + psllq mm4,23 + pxor mm3,mm1 + movq [48+esp],mm0 + paddq mm7,mm5 + pxor mm3,mm4 + psrlq mm1,23 + paddq mm7,[40+esp] + pxor mm3,mm1 + psllq mm4,4 + pxor mm3,mm4 + movq mm4,[8+esp] + paddq mm3,mm7 + movq mm5,mm0 + psrlq mm5,28 + paddq mm4,mm3 + movq mm6,mm0 + movq mm7,mm5 + psllq mm6,25 + movq mm1,[56+esp] + psrlq mm5,6 + pxor mm7,mm6 + psllq mm6,5 + pxor mm7,mm5 + pxor mm0,mm1 + psrlq mm5,5 + pxor mm7,mm6 + pand mm2,mm0 + psllq mm6,6 + pxor mm7,mm5 + pxor mm2,mm1 + pxor mm6,mm7 + movq mm5,[16+esp] + paddq mm2,mm6 + movq mm6,[24+esp] + movq mm1,mm4 + movq mm7,[edx-40] + pxor mm5,mm6 + psrlq mm1,14 + movq [8+esp],mm4 + pand mm5,mm4 + psllq mm4,23 + paddq mm2,mm3 + movq mm3,mm1 + psrlq mm1,4 + pxor mm5,mm6 + pxor mm3,mm4 + psllq mm4,23 + pxor mm3,mm1 + movq [40+esp],mm2 + paddq mm7,mm5 + pxor mm3,mm4 + psrlq mm1,23 + paddq mm7,[32+esp] + pxor mm3,mm1 + psllq mm4,4 + pxor mm3,mm4 + movq mm4,[esp] + paddq mm3,mm7 + movq mm5,mm2 + psrlq mm5,28 + paddq mm4,mm3 + movq mm6,mm2 + movq mm7,mm5 + psllq mm6,25 + movq mm1,[48+esp] + psrlq mm5,6 + pxor mm7,mm6 + psllq mm6,5 + pxor mm7,mm5 + pxor mm2,mm1 + psrlq mm5,5 + pxor mm7,mm6 + pand mm0,mm2 + psllq mm6,6 + pxor mm7,mm5 + pxor mm0,mm1 + pxor mm6,mm7 + movq mm5,[8+esp] + paddq mm0,mm6 + movq mm6,[16+esp] + movdqa [edx-48],xmm0 + movdqa [16+edx],xmm1 + movdqa xmm1,[96+ebp] + movdqa xmm0,xmm7 + movdqu xmm7,[112+ebx] + paddq xmm1,xmm6 +db 102,15,56,0,248 + movq mm1,mm4 + movq mm7,[edx-32] + pxor mm5,mm6 + psrlq mm1,14 + movq [esp],mm4 + pand mm5,mm4 + psllq mm4,23 + paddq mm0,mm3 + movq mm3,mm1 + psrlq mm1,4 + pxor mm5,mm6 + pxor mm3,mm4 + psllq mm4,23 + pxor mm3,mm1 + movq [32+esp],mm0 + paddq mm7,mm5 + pxor mm3,mm4 + psrlq mm1,23 + paddq mm7,[24+esp] + pxor mm3,mm1 + psllq mm4,4 + pxor mm3,mm4 + movq mm4,[56+esp] + paddq mm3,mm7 + movq mm5,mm0 + psrlq mm5,28 + paddq mm4,mm3 + movq mm6,mm0 + movq mm7,mm5 + psllq mm6,25 + movq mm1,[40+esp] + psrlq mm5,6 + pxor mm7,mm6 + psllq mm6,5 + pxor mm7,mm5 + pxor mm0,mm1 + psrlq mm5,5 + pxor mm7,mm6 + pand mm2,mm0 + psllq mm6,6 + pxor mm7,mm5 + pxor mm2,mm1 + pxor mm6,mm7 + movq mm5,[esp] + paddq mm2,mm6 + movq mm6,[8+esp] + movq mm1,mm4 + movq mm7,[edx-24] + pxor mm5,mm6 + psrlq mm1,14 + movq [56+esp],mm4 + pand mm5,mm4 + psllq mm4,23 + paddq mm2,mm3 + movq mm3,mm1 + psrlq mm1,4 + pxor mm5,mm6 + pxor mm3,mm4 + psllq mm4,23 + pxor mm3,mm1 + movq [24+esp],mm2 + paddq mm7,mm5 + pxor mm3,mm4 + psrlq mm1,23 + paddq mm7,[16+esp] + pxor mm3,mm1 + psllq mm4,4 + pxor mm3,mm4 + movq mm4,[48+esp] + paddq mm3,mm7 + movq mm5,mm2 + psrlq mm5,28 + paddq mm4,mm3 + movq mm6,mm2 + movq mm7,mm5 + psllq mm6,25 + movq mm1,[32+esp] + psrlq mm5,6 + pxor mm7,mm6 + psllq mm6,5 + pxor mm7,mm5 + pxor mm2,mm1 + psrlq mm5,5 + pxor mm7,mm6 + pand mm0,mm2 + psllq mm6,6 + pxor mm7,mm5 + pxor mm0,mm1 + pxor mm6,mm7 + movq mm5,[56+esp] + paddq mm0,mm6 + movq mm6,[esp] + movdqa [edx-32],xmm1 + movdqa [32+edx],xmm2 + movdqa xmm2,[112+ebp] + movdqa xmm0,[edx] + paddq xmm2,xmm7 + movq mm1,mm4 + movq mm7,[edx-16] + pxor mm5,mm6 + psrlq mm1,14 + movq [48+esp],mm4 + pand mm5,mm4 + psllq mm4,23 + paddq mm0,mm3 + movq mm3,mm1 + psrlq mm1,4 + pxor mm5,mm6 + pxor mm3,mm4 + psllq mm4,23 + pxor mm3,mm1 + movq [16+esp],mm0 + paddq mm7,mm5 + pxor mm3,mm4 + psrlq mm1,23 + paddq mm7,[8+esp] + pxor mm3,mm1 + psllq mm4,4 + pxor mm3,mm4 + movq mm4,[40+esp] + paddq mm3,mm7 + movq mm5,mm0 + psrlq mm5,28 + paddq mm4,mm3 + movq mm6,mm0 + movq mm7,mm5 + psllq mm6,25 + movq mm1,[24+esp] + psrlq mm5,6 + pxor mm7,mm6 + psllq mm6,5 + pxor mm7,mm5 + pxor mm0,mm1 + psrlq mm5,5 + pxor mm7,mm6 + pand mm2,mm0 + psllq mm6,6 + pxor mm7,mm5 + pxor mm2,mm1 + pxor mm6,mm7 + movq mm5,[48+esp] + paddq mm2,mm6 + movq mm6,[56+esp] + movq mm1,mm4 + movq mm7,[edx-8] + pxor mm5,mm6 + psrlq mm1,14 + movq [40+esp],mm4 + pand mm5,mm4 + psllq mm4,23 + paddq mm2,mm3 + movq mm3,mm1 + psrlq mm1,4 + pxor mm5,mm6 + pxor mm3,mm4 + psllq mm4,23 + pxor mm3,mm1 + movq [8+esp],mm2 + paddq mm7,mm5 + pxor mm3,mm4 + psrlq mm1,23 + paddq mm7,[esp] + pxor mm3,mm1 + psllq mm4,4 + pxor mm3,mm4 + movq mm4,[32+esp] + paddq mm3,mm7 + movq mm5,mm2 + psrlq mm5,28 + paddq mm4,mm3 + movq mm6,mm2 + movq mm7,mm5 + psllq mm6,25 + movq mm1,[16+esp] + psrlq mm5,6 + pxor mm7,mm6 + psllq mm6,5 + pxor mm7,mm5 + pxor mm2,mm1 + psrlq mm5,5 + pxor mm7,mm6 + pand mm0,mm2 + psllq mm6,6 + pxor mm7,mm5 + pxor mm0,mm1 + pxor mm6,mm7 + movq mm5,[40+esp] + paddq mm0,mm6 + movq mm6,[48+esp] + movdqa [edx-16],xmm2 + movq mm1,[8+esp] + paddq mm0,mm3 + movq mm3,[24+esp] + movq mm7,[56+esp] + pxor mm2,mm1 + paddq mm0,[esi] + paddq mm1,[8+esi] + paddq mm2,[16+esi] + paddq mm3,[24+esi] + paddq mm4,[32+esi] + paddq mm5,[40+esi] + paddq mm6,[48+esi] + paddq mm7,[56+esi] + movq [esi],mm0 + movq [8+esi],mm1 + movq [16+esi],mm2 + movq [24+esi],mm3 + movq [32+esi],mm4 + movq [40+esi],mm5 + movq [48+esi],mm6 + movq [56+esi],mm7 + cmp edi,eax + jb NEAR L$007loop_ssse3 + mov esp,DWORD [76+edx] + emms + pop edi + pop esi + pop ebx + pop ebp + ret +align 16 +L$002loop_x86: + mov eax,DWORD [edi] + mov ebx,DWORD [4+edi] + mov ecx,DWORD [8+edi] + mov edx,DWORD [12+edi] + bswap eax + bswap ebx + bswap ecx + bswap edx + push eax + push ebx + push ecx + push edx + mov eax,DWORD [16+edi] + mov ebx,DWORD [20+edi] + mov ecx,DWORD [24+edi] + mov edx,DWORD [28+edi] + bswap eax + bswap ebx + bswap ecx + bswap edx + push eax + push ebx + push ecx + push edx + mov eax,DWORD [32+edi] + mov ebx,DWORD [36+edi] + mov ecx,DWORD [40+edi] + mov edx,DWORD [44+edi] + bswap eax + bswap ebx + bswap ecx + bswap edx + push eax + push ebx + push ecx + push edx + mov eax,DWORD [48+edi] + mov ebx,DWORD [52+edi] + mov ecx,DWORD [56+edi] + mov edx,DWORD [60+edi] + bswap eax + bswap ebx + bswap ecx + bswap edx + push eax + push ebx + push ecx + push edx + mov eax,DWORD [64+edi] + mov ebx,DWORD [68+edi] + mov ecx,DWORD [72+edi] + mov edx,DWORD [76+edi] + bswap eax + bswap ebx + bswap ecx + bswap edx + push eax + push ebx + push ecx + push edx + mov eax,DWORD [80+edi] + mov ebx,DWORD [84+edi] + mov ecx,DWORD [88+edi] + mov edx,DWORD [92+edi] + bswap eax + bswap ebx + bswap ecx + bswap edx + push eax + push ebx + push ecx + push edx + mov eax,DWORD [96+edi] + mov ebx,DWORD [100+edi] + mov ecx,DWORD [104+edi] + mov edx,DWORD [108+edi] + bswap eax + bswap ebx + bswap ecx + bswap edx + push eax + push ebx + push ecx + push edx + mov eax,DWORD [112+edi] + mov ebx,DWORD [116+edi] + mov ecx,DWORD [120+edi] + mov edx,DWORD [124+edi] + bswap eax + bswap ebx + bswap ecx + bswap edx + push eax + push ebx + push ecx + push edx + add edi,128 + sub esp,72 + mov DWORD [204+esp],edi + lea edi,[8+esp] + mov ecx,16 +dd 2784229001 +align 16 +L$00900_15_x86: + mov ecx,DWORD [40+esp] + mov edx,DWORD [44+esp] + mov esi,ecx + shr ecx,9 + mov edi,edx + shr edx,9 + mov ebx,ecx + shl esi,14 + mov eax,edx + shl edi,14 + xor ebx,esi + shr ecx,5 + xor eax,edi + shr edx,5 + xor eax,ecx + shl esi,4 + xor ebx,edx + shl edi,4 + xor ebx,esi + shr ecx,4 + xor eax,edi + shr edx,4 + xor eax,ecx + shl esi,5 + xor ebx,edx + shl edi,5 + xor eax,esi + xor ebx,edi + mov ecx,DWORD [48+esp] + mov edx,DWORD [52+esp] + mov esi,DWORD [56+esp] + mov edi,DWORD [60+esp] + add eax,DWORD [64+esp] + adc ebx,DWORD [68+esp] + xor ecx,esi + xor edx,edi + and ecx,DWORD [40+esp] + and edx,DWORD [44+esp] + add eax,DWORD [192+esp] + adc ebx,DWORD [196+esp] + xor ecx,esi + xor edx,edi + mov esi,DWORD [ebp] + mov edi,DWORD [4+ebp] + add eax,ecx + adc ebx,edx + mov ecx,DWORD [32+esp] + mov edx,DWORD [36+esp] + add eax,esi + adc ebx,edi + mov DWORD [esp],eax + mov DWORD [4+esp],ebx + add eax,ecx + adc ebx,edx + mov ecx,DWORD [8+esp] + mov edx,DWORD [12+esp] + mov DWORD [32+esp],eax + mov DWORD [36+esp],ebx + mov esi,ecx + shr ecx,2 + mov edi,edx + shr edx,2 + mov ebx,ecx + shl esi,4 + mov eax,edx + shl edi,4 + xor ebx,esi + shr ecx,5 + xor eax,edi + shr edx,5 + xor ebx,ecx + shl esi,21 + xor eax,edx + shl edi,21 + xor eax,esi + shr ecx,21 + xor ebx,edi + shr edx,21 + xor eax,ecx + shl esi,5 + xor ebx,edx + shl edi,5 + xor eax,esi + xor ebx,edi + mov ecx,DWORD [8+esp] + mov edx,DWORD [12+esp] + mov esi,DWORD [16+esp] + mov edi,DWORD [20+esp] + add eax,DWORD [esp] + adc ebx,DWORD [4+esp] + or ecx,esi + or edx,edi + and ecx,DWORD [24+esp] + and edx,DWORD [28+esp] + and esi,DWORD [8+esp] + and edi,DWORD [12+esp] + or ecx,esi + or edx,edi + add eax,ecx + adc ebx,edx + mov DWORD [esp],eax + mov DWORD [4+esp],ebx + mov dl,BYTE [ebp] + sub esp,8 + lea ebp,[8+ebp] + cmp dl,148 + jne NEAR L$00900_15_x86 +align 16 +L$01016_79_x86: + mov ecx,DWORD [312+esp] + mov edx,DWORD [316+esp] + mov esi,ecx + shr ecx,1 + mov edi,edx + shr edx,1 + mov eax,ecx + shl esi,24 + mov ebx,edx + shl edi,24 + xor ebx,esi + shr ecx,6 + xor eax,edi + shr edx,6 + xor eax,ecx + shl esi,7 + xor ebx,edx + shl edi,1 + xor ebx,esi + shr ecx,1 + xor eax,edi + shr edx,1 + xor eax,ecx + shl edi,6 + xor ebx,edx + xor eax,edi + mov DWORD [esp],eax + mov DWORD [4+esp],ebx + mov ecx,DWORD [208+esp] + mov edx,DWORD [212+esp] + mov esi,ecx + shr ecx,6 + mov edi,edx + shr edx,6 + mov eax,ecx + shl esi,3 + mov ebx,edx + shl edi,3 + xor eax,esi + shr ecx,13 + xor ebx,edi + shr edx,13 + xor eax,ecx + shl esi,10 + xor ebx,edx + shl edi,10 + xor ebx,esi + shr ecx,10 + xor eax,edi + shr edx,10 + xor ebx,ecx + shl edi,13 + xor eax,edx + xor eax,edi + mov ecx,DWORD [320+esp] + mov edx,DWORD [324+esp] + add eax,DWORD [esp] + adc ebx,DWORD [4+esp] + mov esi,DWORD [248+esp] + mov edi,DWORD [252+esp] + add eax,ecx + adc ebx,edx + add eax,esi + adc ebx,edi + mov DWORD [192+esp],eax + mov DWORD [196+esp],ebx + mov ecx,DWORD [40+esp] + mov edx,DWORD [44+esp] + mov esi,ecx + shr ecx,9 + mov edi,edx + shr edx,9 + mov ebx,ecx + shl esi,14 + mov eax,edx + shl edi,14 + xor ebx,esi + shr ecx,5 + xor eax,edi + shr edx,5 + xor eax,ecx + shl esi,4 + xor ebx,edx + shl edi,4 + xor ebx,esi + shr ecx,4 + xor eax,edi + shr edx,4 + xor eax,ecx + shl esi,5 + xor ebx,edx + shl edi,5 + xor eax,esi + xor ebx,edi + mov ecx,DWORD [48+esp] + mov edx,DWORD [52+esp] + mov esi,DWORD [56+esp] + mov edi,DWORD [60+esp] + add eax,DWORD [64+esp] + adc ebx,DWORD [68+esp] + xor ecx,esi + xor edx,edi + and ecx,DWORD [40+esp] + and edx,DWORD [44+esp] + add eax,DWORD [192+esp] + adc ebx,DWORD [196+esp] + xor ecx,esi + xor edx,edi + mov esi,DWORD [ebp] + mov edi,DWORD [4+ebp] + add eax,ecx + adc ebx,edx + mov ecx,DWORD [32+esp] + mov edx,DWORD [36+esp] + add eax,esi + adc ebx,edi + mov DWORD [esp],eax + mov DWORD [4+esp],ebx + add eax,ecx + adc ebx,edx + mov ecx,DWORD [8+esp] + mov edx,DWORD [12+esp] + mov DWORD [32+esp],eax + mov DWORD [36+esp],ebx + mov esi,ecx + shr ecx,2 + mov edi,edx + shr edx,2 + mov ebx,ecx + shl esi,4 + mov eax,edx + shl edi,4 + xor ebx,esi + shr ecx,5 + xor eax,edi + shr edx,5 + xor ebx,ecx + shl esi,21 + xor eax,edx + shl edi,21 + xor eax,esi + shr ecx,21 + xor ebx,edi + shr edx,21 + xor eax,ecx + shl esi,5 + xor ebx,edx + shl edi,5 + xor eax,esi + xor ebx,edi + mov ecx,DWORD [8+esp] + mov edx,DWORD [12+esp] + mov esi,DWORD [16+esp] + mov edi,DWORD [20+esp] + add eax,DWORD [esp] + adc ebx,DWORD [4+esp] + or ecx,esi + or edx,edi + and ecx,DWORD [24+esp] + and edx,DWORD [28+esp] + and esi,DWORD [8+esp] + and edi,DWORD [12+esp] + or ecx,esi + or edx,edi + add eax,ecx + adc ebx,edx + mov DWORD [esp],eax + mov DWORD [4+esp],ebx + mov dl,BYTE [ebp] + sub esp,8 + lea ebp,[8+ebp] + cmp dl,23 + jne NEAR L$01016_79_x86 + mov esi,DWORD [840+esp] + mov edi,DWORD [844+esp] + mov eax,DWORD [esi] + mov ebx,DWORD [4+esi] + mov ecx,DWORD [8+esi] + mov edx,DWORD [12+esi] + add eax,DWORD [8+esp] + adc ebx,DWORD [12+esp] + mov DWORD [esi],eax + mov DWORD [4+esi],ebx + add ecx,DWORD [16+esp] + adc edx,DWORD [20+esp] + mov DWORD [8+esi],ecx + mov DWORD [12+esi],edx + mov eax,DWORD [16+esi] + mov ebx,DWORD [20+esi] + mov ecx,DWORD [24+esi] + mov edx,DWORD [28+esi] + add eax,DWORD [24+esp] + adc ebx,DWORD [28+esp] + mov DWORD [16+esi],eax + mov DWORD [20+esi],ebx + add ecx,DWORD [32+esp] + adc edx,DWORD [36+esp] + mov DWORD [24+esi],ecx + mov DWORD [28+esi],edx + mov eax,DWORD [32+esi] + mov ebx,DWORD [36+esi] + mov ecx,DWORD [40+esi] + mov edx,DWORD [44+esi] + add eax,DWORD [40+esp] + adc ebx,DWORD [44+esp] + mov DWORD [32+esi],eax + mov DWORD [36+esi],ebx + add ecx,DWORD [48+esp] + adc edx,DWORD [52+esp] + mov DWORD [40+esi],ecx + mov DWORD [44+esi],edx + mov eax,DWORD [48+esi] + mov ebx,DWORD [52+esi] + mov ecx,DWORD [56+esi] + mov edx,DWORD [60+esi] + add eax,DWORD [56+esp] + adc ebx,DWORD [60+esp] + mov DWORD [48+esi],eax + mov DWORD [52+esi],ebx + add ecx,DWORD [64+esp] + adc edx,DWORD [68+esp] + mov DWORD [56+esi],ecx + mov DWORD [60+esi],edx + add esp,840 + sub ebp,640 + cmp edi,DWORD [8+esp] + jb NEAR L$002loop_x86 + mov esp,DWORD [12+esp] + pop edi + pop esi + pop ebx + pop ebp + ret +align 64 +L$001K512: +dd 3609767458,1116352408 +dd 602891725,1899447441 +dd 3964484399,3049323471 +dd 2173295548,3921009573 +dd 4081628472,961987163 +dd 3053834265,1508970993 +dd 2937671579,2453635748 +dd 3664609560,2870763221 +dd 2734883394,3624381080 +dd 1164996542,310598401 +dd 1323610764,607225278 +dd 3590304994,1426881987 +dd 4068182383,1925078388 +dd 991336113,2162078206 +dd 633803317,2614888103 +dd 3479774868,3248222580 +dd 2666613458,3835390401 +dd 944711139,4022224774 +dd 2341262773,264347078 +dd 2007800933,604807628 +dd 1495990901,770255983 +dd 1856431235,1249150122 +dd 3175218132,1555081692 +dd 2198950837,1996064986 +dd 3999719339,2554220882 +dd 766784016,2821834349 +dd 2566594879,2952996808 +dd 3203337956,3210313671 +dd 1034457026,3336571891 +dd 2466948901,3584528711 +dd 3758326383,113926993 +dd 168717936,338241895 +dd 1188179964,666307205 +dd 1546045734,773529912 +dd 1522805485,1294757372 +dd 2643833823,1396182291 +dd 2343527390,1695183700 +dd 1014477480,1986661051 +dd 1206759142,2177026350 +dd 344077627,2456956037 +dd 1290863460,2730485921 +dd 3158454273,2820302411 +dd 3505952657,3259730800 +dd 106217008,3345764771 +dd 3606008344,3516065817 +dd 1432725776,3600352804 +dd 1467031594,4094571909 +dd 851169720,275423344 +dd 3100823752,430227734 +dd 1363258195,506948616 +dd 3750685593,659060556 +dd 3785050280,883997877 +dd 3318307427,958139571 +dd 3812723403,1322822218 +dd 2003034995,1537002063 +dd 3602036899,1747873779 +dd 1575990012,1955562222 +dd 1125592928,2024104815 +dd 2716904306,2227730452 +dd 442776044,2361852424 +dd 593698344,2428436474 +dd 3733110249,2756734187 +dd 2999351573,3204031479 +dd 3815920427,3329325298 +dd 3928383900,3391569614 +dd 566280711,3515267271 +dd 3454069534,3940187606 +dd 4000239992,4118630271 +dd 1914138554,116418474 +dd 2731055270,174292421 +dd 3203993006,289380356 +dd 320620315,460393269 +dd 587496836,685471733 +dd 1086792851,852142971 +dd 365543100,1017036298 +dd 2618297676,1126000580 +dd 3409855158,1288033470 +dd 4234509866,1501505948 +dd 987167468,1607167915 +dd 1246189591,1816402316 +dd 67438087,66051 +dd 202182159,134810123 +db 83,72,65,53,49,50,32,98,108,111,99,107,32,116,114,97 +db 110,115,102,111,114,109,32,102,111,114,32,120,56,54,44,32 +db 67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97 +db 112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103 +db 62,0 +segment .bss +common _OPENSSL_ia32cap_P 16 diff --git a/win-x86_64/crypto/aes/aes-x86_64.asm b/win-x86_64/crypto/aes/aes-x86_64.asm index 96cbb4b..53394f0 100644 --- a/win-x86_64/crypto/aes/aes-x86_64.asm +++ b/win-x86_64/crypto/aes/aes-x86_64.asm @@ -1,89 +1,93 @@ -OPTION DOTNAME -.text$ SEGMENT ALIGN(256) 'CODE' +default rel +%define XMMWORD +%define YMMWORD +%define ZMMWORD +section .text code align=64 + ALIGN 16 -_x86_64_AES_encrypt PROC PRIVATE - xor eax,DWORD PTR[r15] - xor ebx,DWORD PTR[4+r15] - xor ecx,DWORD PTR[8+r15] - xor edx,DWORD PTR[12+r15] +_x86_64_AES_encrypt: + xor eax,DWORD[r15] + xor ebx,DWORD[4+r15] + xor ecx,DWORD[8+r15] + xor edx,DWORD[12+r15] - mov r13d,DWORD PTR[240+r15] + mov r13d,DWORD[240+r15] sub r13d,1 - jmp $L$enc_loop + jmp NEAR $L$enc_loop ALIGN 16 -$L$enc_loop:: +$L$enc_loop: movzx esi,al movzx edi,bl movzx ebp,cl - mov r10d,DWORD PTR[rsi*8+r14] - mov r11d,DWORD PTR[rdi*8+r14] - mov r12d,DWORD PTR[rbp*8+r14] + mov r10d,DWORD[rsi*8+r14] + mov r11d,DWORD[rdi*8+r14] + mov r12d,DWORD[rbp*8+r14] movzx esi,bh movzx edi,ch movzx ebp,dl - xor r10d,DWORD PTR[3+rsi*8+r14] - xor r11d,DWORD PTR[3+rdi*8+r14] - mov r8d,DWORD PTR[rbp*8+r14] + xor r10d,DWORD[3+rsi*8+r14] + xor r11d,DWORD[3+rdi*8+r14] + mov r8d,DWORD[rbp*8+r14] movzx esi,dh shr ecx,16 movzx ebp,ah - xor r12d,DWORD PTR[3+rsi*8+r14] + xor r12d,DWORD[3+rsi*8+r14] shr edx,16 - xor r8d,DWORD PTR[3+rbp*8+r14] + xor r8d,DWORD[3+rbp*8+r14] shr ebx,16 - lea r15,QWORD PTR[16+r15] + lea r15,[16+r15] shr eax,16 movzx esi,cl movzx edi,dl movzx ebp,al - xor r10d,DWORD PTR[2+rsi*8+r14] - xor r11d,DWORD PTR[2+rdi*8+r14] - xor r12d,DWORD PTR[2+rbp*8+r14] + xor r10d,DWORD[2+rsi*8+r14] + xor r11d,DWORD[2+rdi*8+r14] + xor r12d,DWORD[2+rbp*8+r14] movzx esi,dh movzx edi,ah movzx ebp,bl - xor r10d,DWORD PTR[1+rsi*8+r14] - xor r11d,DWORD PTR[1+rdi*8+r14] - xor r8d,DWORD PTR[2+rbp*8+r14] + xor r10d,DWORD[1+rsi*8+r14] + xor r11d,DWORD[1+rdi*8+r14] + xor r8d,DWORD[2+rbp*8+r14] - mov edx,DWORD PTR[12+r15] + mov edx,DWORD[12+r15] movzx edi,bh movzx ebp,ch - mov eax,DWORD PTR[r15] - xor r12d,DWORD PTR[1+rdi*8+r14] - xor r8d,DWORD PTR[1+rbp*8+r14] + mov eax,DWORD[r15] + xor r12d,DWORD[1+rdi*8+r14] + xor r8d,DWORD[1+rbp*8+r14] - mov ebx,DWORD PTR[4+r15] - mov ecx,DWORD PTR[8+r15] + mov ebx,DWORD[4+r15] + mov ecx,DWORD[8+r15] xor eax,r10d xor ebx,r11d xor ecx,r12d xor edx,r8d sub r13d,1 - jnz $L$enc_loop + jnz NEAR $L$enc_loop movzx esi,al movzx edi,bl movzx ebp,cl - movzx r10d,BYTE PTR[2+rsi*8+r14] - movzx r11d,BYTE PTR[2+rdi*8+r14] - movzx r12d,BYTE PTR[2+rbp*8+r14] + movzx r10d,BYTE[2+rsi*8+r14] + movzx r11d,BYTE[2+rdi*8+r14] + movzx r12d,BYTE[2+rbp*8+r14] movzx esi,dl movzx edi,bh movzx ebp,ch - movzx r8d,BYTE PTR[2+rsi*8+r14] - mov edi,DWORD PTR[rdi*8+r14] - mov ebp,DWORD PTR[rbp*8+r14] + movzx r8d,BYTE[2+rsi*8+r14] + mov edi,DWORD[rdi*8+r14] + mov ebp,DWORD[rbp*8+r14] - and edi,00000ff00h - and ebp,00000ff00h + and edi,0x0000ff00 + and ebp,0x0000ff00 xor r10d,edi xor r11d,ebp @@ -92,11 +96,11 @@ $L$enc_loop:: movzx esi,dh movzx edi,ah shr edx,16 - mov esi,DWORD PTR[rsi*8+r14] - mov edi,DWORD PTR[rdi*8+r14] + mov esi,DWORD[rsi*8+r14] + mov edi,DWORD[rdi*8+r14] - and esi,00000ff00h - and edi,00000ff00h + and esi,0x0000ff00 + and edi,0x0000ff00 shr ebx,16 xor r12d,esi xor r8d,edi @@ -105,13 +109,13 @@ $L$enc_loop:: movzx esi,cl movzx edi,dl movzx ebp,al - mov esi,DWORD PTR[rsi*8+r14] - mov edi,DWORD PTR[rdi*8+r14] - mov ebp,DWORD PTR[rbp*8+r14] + mov esi,DWORD[rsi*8+r14] + mov edi,DWORD[rdi*8+r14] + mov ebp,DWORD[rbp*8+r14] - and esi,000ff0000h - and edi,000ff0000h - and ebp,000ff0000h + and esi,0x00ff0000 + and edi,0x00ff0000 + and ebp,0x00ff0000 xor r10d,esi xor r11d,edi @@ -120,13 +124,13 @@ $L$enc_loop:: movzx esi,bl movzx edi,dh movzx ebp,ah - mov esi,DWORD PTR[rsi*8+r14] - mov edi,DWORD PTR[2+rdi*8+r14] - mov ebp,DWORD PTR[2+rbp*8+r14] + mov esi,DWORD[rsi*8+r14] + mov edi,DWORD[2+rdi*8+r14] + mov ebp,DWORD[2+rbp*8+r14] - and esi,000ff0000h - and edi,0ff000000h - and ebp,0ff000000h + and esi,0x00ff0000 + and edi,0xff000000 + and ebp,0xff000000 xor r8d,esi xor r10d,edi @@ -134,45 +138,45 @@ $L$enc_loop:: movzx esi,bh movzx edi,ch - mov edx,DWORD PTR[((16+12))+r15] - mov esi,DWORD PTR[2+rsi*8+r14] - mov edi,DWORD PTR[2+rdi*8+r14] - mov eax,DWORD PTR[((16+0))+r15] + mov edx,DWORD[((16+12))+r15] + mov esi,DWORD[2+rsi*8+r14] + mov edi,DWORD[2+rdi*8+r14] + mov eax,DWORD[((16+0))+r15] - and esi,0ff000000h - and edi,0ff000000h + and esi,0xff000000 + and edi,0xff000000 xor r12d,esi xor r8d,edi - mov ebx,DWORD PTR[((16+4))+r15] - mov ecx,DWORD PTR[((16+8))+r15] + mov ebx,DWORD[((16+4))+r15] + mov ecx,DWORD[((16+8))+r15] xor eax,r10d xor ebx,r11d xor ecx,r12d xor edx,r8d -DB 0f3h,0c3h -_x86_64_AES_encrypt ENDP +DB 0xf3,0xc3 + ALIGN 16 -_x86_64_AES_encrypt_compact PROC PRIVATE - lea r8,QWORD PTR[128+r14] - mov edi,DWORD PTR[((0-128))+r8] - mov ebp,DWORD PTR[((32-128))+r8] - mov r10d,DWORD PTR[((64-128))+r8] - mov r11d,DWORD PTR[((96-128))+r8] - mov edi,DWORD PTR[((128-128))+r8] - mov ebp,DWORD PTR[((160-128))+r8] - mov r10d,DWORD PTR[((192-128))+r8] - mov r11d,DWORD PTR[((224-128))+r8] - jmp $L$enc_loop_compact +_x86_64_AES_encrypt_compact: + lea r8,[128+r14] + mov edi,DWORD[((0-128))+r8] + mov ebp,DWORD[((32-128))+r8] + mov r10d,DWORD[((64-128))+r8] + mov r11d,DWORD[((96-128))+r8] + mov edi,DWORD[((128-128))+r8] + mov ebp,DWORD[((160-128))+r8] + mov r10d,DWORD[((192-128))+r8] + mov r11d,DWORD[((224-128))+r8] + jmp NEAR $L$enc_loop_compact ALIGN 16 -$L$enc_loop_compact:: - xor eax,DWORD PTR[r15] - xor ebx,DWORD PTR[4+r15] - xor ecx,DWORD PTR[8+r15] - xor edx,DWORD PTR[12+r15] - lea r15,QWORD PTR[16+r15] +$L$enc_loop_compact: + xor eax,DWORD[r15] + xor ebx,DWORD[4+r15] + xor ecx,DWORD[8+r15] + xor edx,DWORD[12+r15] + lea r15,[16+r15] movzx r10d,al movzx r11d,bl movzx r12d,cl @@ -181,17 +185,17 @@ $L$enc_loop_compact:: movzx edi,ch shr ecx,16 movzx ebp,dh - movzx r10d,BYTE PTR[r10*1+r14] - movzx r11d,BYTE PTR[r11*1+r14] - movzx r12d,BYTE PTR[r12*1+r14] - movzx r8d,BYTE PTR[r8*1+r14] + movzx r10d,BYTE[r10*1+r14] + movzx r11d,BYTE[r11*1+r14] + movzx r12d,BYTE[r12*1+r14] + movzx r8d,BYTE[r8*1+r14] - movzx r9d,BYTE PTR[rsi*1+r14] + movzx r9d,BYTE[rsi*1+r14] movzx esi,ah - movzx r13d,BYTE PTR[rdi*1+r14] + movzx r13d,BYTE[rdi*1+r14] movzx edi,cl - movzx ebp,BYTE PTR[rbp*1+r14] - movzx esi,BYTE PTR[rsi*1+r14] + movzx ebp,BYTE[rbp*1+r14] + movzx esi,BYTE[rsi*1+r14] shl r9d,8 shr edx,16 @@ -203,16 +207,16 @@ $L$enc_loop_compact:: xor r11d,r13d shl ebp,8 movzx r13d,al - movzx edi,BYTE PTR[rdi*1+r14] + movzx edi,BYTE[rdi*1+r14] xor r12d,ebp shl esi,8 movzx ebp,bl shl edi,16 xor r8d,esi - movzx r9d,BYTE PTR[r9*1+r14] + movzx r9d,BYTE[r9*1+r14] movzx esi,dh - movzx r13d,BYTE PTR[r13*1+r14] + movzx r13d,BYTE[r13*1+r14] xor r10d,edi shr ecx,8 @@ -221,11 +225,11 @@ $L$enc_loop_compact:: shr ebx,8 shl r13d,16 xor r11d,r9d - movzx ebp,BYTE PTR[rbp*1+r14] - movzx esi,BYTE PTR[rsi*1+r14] - movzx edi,BYTE PTR[rdi*1+r14] - movzx edx,BYTE PTR[rcx*1+r14] - movzx ecx,BYTE PTR[rbx*1+r14] + movzx ebp,BYTE[rbp*1+r14] + movzx esi,BYTE[rsi*1+r14] + movzx edi,BYTE[rdi*1+r14] + movzx edx,BYTE[rcx*1+r14] + movzx ecx,BYTE[rbx*1+r14] shl ebp,16 xor r12d,r13d @@ -240,24 +244,24 @@ $L$enc_loop_compact:: mov ebx,r11d xor ecx,r12d xor edx,r8d - cmp r15,QWORD PTR[16+rsp] - je $L$enc_compact_done - mov r10d,080808080h - mov r11d,080808080h + cmp r15,QWORD[16+rsp] + je NEAR $L$enc_compact_done + mov r10d,0x80808080 + mov r11d,0x80808080 and r10d,eax and r11d,ebx mov esi,r10d mov edi,r11d shr r10d,7 - lea r8d,DWORD PTR[rax*1+rax] + lea r8d,[rax*1+rax] shr r11d,7 - lea r9d,DWORD PTR[rbx*1+rbx] + lea r9d,[rbx*1+rbx] sub esi,r10d sub edi,r11d - and r8d,0fefefefeh - and r9d,0fefefefeh - and esi,01b1b1b1bh - and edi,01b1b1b1bh + and r8d,0xfefefefe + and r9d,0xfefefefe + and esi,0x1b1b1b1b + and edi,0x1b1b1b1b mov r10d,eax mov r11d,ebx xor r8d,esi @@ -265,9 +269,9 @@ $L$enc_loop_compact:: xor eax,r8d xor ebx,r9d - mov r12d,080808080h + mov r12d,0x80808080 rol eax,24 - mov ebp,080808080h + mov ebp,0x80808080 rol ebx,24 and r12d,ecx and ebp,edx @@ -277,23 +281,23 @@ $L$enc_loop_compact:: ror r10d,16 mov edi,ebp ror r11d,16 - lea r8d,DWORD PTR[rcx*1+rcx] + lea r8d,[rcx*1+rcx] shr r12d,7 xor eax,r10d shr ebp,7 xor ebx,r11d ror r10d,8 - lea r9d,DWORD PTR[rdx*1+rdx] + lea r9d,[rdx*1+rdx] ror r11d,8 sub esi,r12d sub edi,ebp xor eax,r10d xor ebx,r11d - and r8d,0fefefefeh - and r9d,0fefefefeh - and esi,01b1b1b1bh - and edi,01b1b1b1bh + and r8d,0xfefefefe + and r9d,0xfefefefe + and esi,0x1b1b1b1b + and edi,0x1b1b1b1b mov r12d,ecx mov ebp,edx xor r8d,esi @@ -304,37 +308,37 @@ $L$enc_loop_compact:: ror ebp,16 xor edx,r9d rol ecx,24 - mov esi,DWORD PTR[r14] + mov esi,DWORD[r14] rol edx,24 xor ecx,r8d - mov edi,DWORD PTR[64+r14] + mov edi,DWORD[64+r14] xor edx,r9d - mov r8d,DWORD PTR[128+r14] + mov r8d,DWORD[128+r14] xor ecx,r12d ror r12d,8 xor edx,ebp ror ebp,8 xor ecx,r12d - mov r9d,DWORD PTR[192+r14] + mov r9d,DWORD[192+r14] xor edx,ebp - jmp $L$enc_loop_compact + jmp NEAR $L$enc_loop_compact ALIGN 16 -$L$enc_compact_done:: - xor eax,DWORD PTR[r15] - xor ebx,DWORD PTR[4+r15] - xor ecx,DWORD PTR[8+r15] - xor edx,DWORD PTR[12+r15] -DB 0f3h,0c3h -_x86_64_AES_encrypt_compact ENDP +$L$enc_compact_done: + xor eax,DWORD[r15] + xor ebx,DWORD[4+r15] + xor ecx,DWORD[8+r15] + xor edx,DWORD[12+r15] +DB 0xf3,0xc3 + ALIGN 16 -PUBLIC asm_AES_encrypt +global asm_AES_encrypt -asm_AES_encrypt PROC PUBLIC - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +asm_AES_encrypt: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_asm_AES_encrypt:: +$L$SEH_begin_asm_AES_encrypt: mov rdi,rcx mov rsi,rdx mov rdx,r8 @@ -349,142 +353,141 @@ $L$SEH_begin_asm_AES_encrypt:: mov r10,rsp - lea rcx,QWORD PTR[((-63))+rdx] + lea rcx,[((-63))+rdx] and rsp,-64 sub rcx,rsp neg rcx - and rcx,03c0h + and rcx,0x3c0 sub rsp,rcx sub rsp,32 - mov QWORD PTR[16+rsp],rsi - mov QWORD PTR[24+rsp],r10 -$L$enc_prologue:: + mov QWORD[16+rsp],rsi + mov QWORD[24+rsp],r10 +$L$enc_prologue: mov r15,rdx - mov r13d,DWORD PTR[240+r15] + mov r13d,DWORD[240+r15] - mov eax,DWORD PTR[rdi] - mov ebx,DWORD PTR[4+rdi] - mov ecx,DWORD PTR[8+rdi] - mov edx,DWORD PTR[12+rdi] + mov eax,DWORD[rdi] + mov ebx,DWORD[4+rdi] + mov ecx,DWORD[8+rdi] + mov edx,DWORD[12+rdi] shl r13d,4 - lea rbp,QWORD PTR[r13*1+r15] - mov QWORD PTR[rsp],r15 - mov QWORD PTR[8+rsp],rbp + lea rbp,[r13*1+r15] + mov QWORD[rsp],r15 + mov QWORD[8+rsp],rbp - lea r14,QWORD PTR[(($L$AES_Te+2048))] - lea rbp,QWORD PTR[768+rsp] + lea r14,[(($L$AES_Te+2048))] + lea rbp,[768+rsp] sub rbp,r14 - and rbp,0300h - lea r14,QWORD PTR[rbp*1+r14] + and rbp,0x300 + lea r14,[rbp*1+r14] call _x86_64_AES_encrypt_compact - mov r9,QWORD PTR[16+rsp] - mov rsi,QWORD PTR[24+rsp] - mov DWORD PTR[r9],eax - mov DWORD PTR[4+r9],ebx - mov DWORD PTR[8+r9],ecx - mov DWORD PTR[12+r9],edx - - mov r15,QWORD PTR[rsi] - mov r14,QWORD PTR[8+rsi] - mov r13,QWORD PTR[16+rsi] - mov r12,QWORD PTR[24+rsi] - mov rbp,QWORD PTR[32+rsi] - mov rbx,QWORD PTR[40+rsi] - lea rsp,QWORD PTR[48+rsi] -$L$enc_epilogue:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] + mov r9,QWORD[16+rsp] + mov rsi,QWORD[24+rsp] + mov DWORD[r9],eax + mov DWORD[4+r9],ebx + mov DWORD[8+r9],ecx + mov DWORD[12+r9],edx + + mov r15,QWORD[rsi] + mov r14,QWORD[8+rsi] + mov r13,QWORD[16+rsi] + mov r12,QWORD[24+rsi] + mov rbp,QWORD[32+rsi] + mov rbx,QWORD[40+rsi] + lea rsp,[48+rsi] +$L$enc_epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_asm_AES_encrypt:: -asm_AES_encrypt ENDP +$L$SEH_end_asm_AES_encrypt: ALIGN 16 -_x86_64_AES_decrypt PROC PRIVATE - xor eax,DWORD PTR[r15] - xor ebx,DWORD PTR[4+r15] - xor ecx,DWORD PTR[8+r15] - xor edx,DWORD PTR[12+r15] +_x86_64_AES_decrypt: + xor eax,DWORD[r15] + xor ebx,DWORD[4+r15] + xor ecx,DWORD[8+r15] + xor edx,DWORD[12+r15] - mov r13d,DWORD PTR[240+r15] + mov r13d,DWORD[240+r15] sub r13d,1 - jmp $L$dec_loop + jmp NEAR $L$dec_loop ALIGN 16 -$L$dec_loop:: +$L$dec_loop: movzx esi,al movzx edi,bl movzx ebp,cl - mov r10d,DWORD PTR[rsi*8+r14] - mov r11d,DWORD PTR[rdi*8+r14] - mov r12d,DWORD PTR[rbp*8+r14] + mov r10d,DWORD[rsi*8+r14] + mov r11d,DWORD[rdi*8+r14] + mov r12d,DWORD[rbp*8+r14] movzx esi,dh movzx edi,ah movzx ebp,dl - xor r10d,DWORD PTR[3+rsi*8+r14] - xor r11d,DWORD PTR[3+rdi*8+r14] - mov r8d,DWORD PTR[rbp*8+r14] + xor r10d,DWORD[3+rsi*8+r14] + xor r11d,DWORD[3+rdi*8+r14] + mov r8d,DWORD[rbp*8+r14] movzx esi,bh shr eax,16 movzx ebp,ch - xor r12d,DWORD PTR[3+rsi*8+r14] + xor r12d,DWORD[3+rsi*8+r14] shr edx,16 - xor r8d,DWORD PTR[3+rbp*8+r14] + xor r8d,DWORD[3+rbp*8+r14] shr ebx,16 - lea r15,QWORD PTR[16+r15] + lea r15,[16+r15] shr ecx,16 movzx esi,cl movzx edi,dl movzx ebp,al - xor r10d,DWORD PTR[2+rsi*8+r14] - xor r11d,DWORD PTR[2+rdi*8+r14] - xor r12d,DWORD PTR[2+rbp*8+r14] + xor r10d,DWORD[2+rsi*8+r14] + xor r11d,DWORD[2+rdi*8+r14] + xor r12d,DWORD[2+rbp*8+r14] movzx esi,bh movzx edi,ch movzx ebp,bl - xor r10d,DWORD PTR[1+rsi*8+r14] - xor r11d,DWORD PTR[1+rdi*8+r14] - xor r8d,DWORD PTR[2+rbp*8+r14] + xor r10d,DWORD[1+rsi*8+r14] + xor r11d,DWORD[1+rdi*8+r14] + xor r8d,DWORD[2+rbp*8+r14] movzx esi,dh - mov edx,DWORD PTR[12+r15] + mov edx,DWORD[12+r15] movzx ebp,ah - xor r12d,DWORD PTR[1+rsi*8+r14] - mov eax,DWORD PTR[r15] - xor r8d,DWORD PTR[1+rbp*8+r14] + xor r12d,DWORD[1+rsi*8+r14] + mov eax,DWORD[r15] + xor r8d,DWORD[1+rbp*8+r14] xor eax,r10d - mov ebx,DWORD PTR[4+r15] - mov ecx,DWORD PTR[8+r15] + mov ebx,DWORD[4+r15] + mov ecx,DWORD[8+r15] xor ecx,r12d xor ebx,r11d xor edx,r8d sub r13d,1 - jnz $L$dec_loop - lea r14,QWORD PTR[2048+r14] + jnz NEAR $L$dec_loop + lea r14,[2048+r14] movzx esi,al movzx edi,bl movzx ebp,cl - movzx r10d,BYTE PTR[rsi*1+r14] - movzx r11d,BYTE PTR[rdi*1+r14] - movzx r12d,BYTE PTR[rbp*1+r14] + movzx r10d,BYTE[rsi*1+r14] + movzx r11d,BYTE[rdi*1+r14] + movzx r12d,BYTE[rbp*1+r14] movzx esi,dl movzx edi,dh movzx ebp,ah - movzx r8d,BYTE PTR[rsi*1+r14] - movzx edi,BYTE PTR[rdi*1+r14] - movzx ebp,BYTE PTR[rbp*1+r14] + movzx r8d,BYTE[rsi*1+r14] + movzx edi,BYTE[rdi*1+r14] + movzx ebp,BYTE[rbp*1+r14] shl edi,8 shl ebp,8 @@ -496,8 +499,8 @@ $L$dec_loop:: movzx esi,bh movzx edi,ch shr eax,16 - movzx esi,BYTE PTR[rsi*1+r14] - movzx edi,BYTE PTR[rdi*1+r14] + movzx esi,BYTE[rsi*1+r14] + movzx edi,BYTE[rdi*1+r14] shl esi,8 shl edi,8 @@ -509,9 +512,9 @@ $L$dec_loop:: movzx esi,cl movzx edi,dl movzx ebp,al - movzx esi,BYTE PTR[rsi*1+r14] - movzx edi,BYTE PTR[rdi*1+r14] - movzx ebp,BYTE PTR[rbp*1+r14] + movzx esi,BYTE[rsi*1+r14] + movzx edi,BYTE[rdi*1+r14] + movzx ebp,BYTE[rbp*1+r14] shl esi,16 shl edi,16 @@ -524,9 +527,9 @@ $L$dec_loop:: movzx esi,bl movzx edi,bh movzx ebp,ch - movzx esi,BYTE PTR[rsi*1+r14] - movzx edi,BYTE PTR[rdi*1+r14] - movzx ebp,BYTE PTR[rbp*1+r14] + movzx esi,BYTE[rsi*1+r14] + movzx edi,BYTE[rdi*1+r14] + movzx ebp,BYTE[rbp*1+r14] shl esi,16 shl edi,24 @@ -538,10 +541,10 @@ $L$dec_loop:: movzx esi,dh movzx edi,ah - mov edx,DWORD PTR[((16+12))+r15] - movzx esi,BYTE PTR[rsi*1+r14] - movzx edi,BYTE PTR[rdi*1+r14] - mov eax,DWORD PTR[((16+0))+r15] + mov edx,DWORD[((16+12))+r15] + movzx esi,BYTE[rsi*1+r14] + movzx edi,BYTE[rdi*1+r14] + mov eax,DWORD[((16+0))+r15] shl esi,24 shl edi,24 @@ -549,36 +552,36 @@ $L$dec_loop:: xor r12d,esi xor r8d,edi - mov ebx,DWORD PTR[((16+4))+r15] - mov ecx,DWORD PTR[((16+8))+r15] - lea r14,QWORD PTR[((-2048))+r14] + mov ebx,DWORD[((16+4))+r15] + mov ecx,DWORD[((16+8))+r15] + lea r14,[((-2048))+r14] xor eax,r10d xor ebx,r11d xor ecx,r12d xor edx,r8d -DB 0f3h,0c3h -_x86_64_AES_decrypt ENDP +DB 0xf3,0xc3 + ALIGN 16 -_x86_64_AES_decrypt_compact PROC PRIVATE - lea r8,QWORD PTR[128+r14] - mov edi,DWORD PTR[((0-128))+r8] - mov ebp,DWORD PTR[((32-128))+r8] - mov r10d,DWORD PTR[((64-128))+r8] - mov r11d,DWORD PTR[((96-128))+r8] - mov edi,DWORD PTR[((128-128))+r8] - mov ebp,DWORD PTR[((160-128))+r8] - mov r10d,DWORD PTR[((192-128))+r8] - mov r11d,DWORD PTR[((224-128))+r8] - jmp $L$dec_loop_compact +_x86_64_AES_decrypt_compact: + lea r8,[128+r14] + mov edi,DWORD[((0-128))+r8] + mov ebp,DWORD[((32-128))+r8] + mov r10d,DWORD[((64-128))+r8] + mov r11d,DWORD[((96-128))+r8] + mov edi,DWORD[((128-128))+r8] + mov ebp,DWORD[((160-128))+r8] + mov r10d,DWORD[((192-128))+r8] + mov r11d,DWORD[((224-128))+r8] + jmp NEAR $L$dec_loop_compact ALIGN 16 -$L$dec_loop_compact:: - xor eax,DWORD PTR[r15] - xor ebx,DWORD PTR[4+r15] - xor ecx,DWORD PTR[8+r15] - xor edx,DWORD PTR[12+r15] - lea r15,QWORD PTR[16+r15] +$L$dec_loop_compact: + xor eax,DWORD[r15] + xor ebx,DWORD[4+r15] + xor ecx,DWORD[8+r15] + xor edx,DWORD[12+r15] + lea r15,[16+r15] movzx r10d,al movzx r11d,bl movzx r12d,cl @@ -587,16 +590,16 @@ $L$dec_loop_compact:: movzx edi,ah shr edx,16 movzx ebp,bh - movzx r10d,BYTE PTR[r10*1+r14] - movzx r11d,BYTE PTR[r11*1+r14] - movzx r12d,BYTE PTR[r12*1+r14] - movzx r8d,BYTE PTR[r8*1+r14] + movzx r10d,BYTE[r10*1+r14] + movzx r11d,BYTE[r11*1+r14] + movzx r12d,BYTE[r12*1+r14] + movzx r8d,BYTE[r8*1+r14] - movzx r9d,BYTE PTR[rsi*1+r14] + movzx r9d,BYTE[rsi*1+r14] movzx esi,ch - movzx r13d,BYTE PTR[rdi*1+r14] - movzx ebp,BYTE PTR[rbp*1+r14] - movzx esi,BYTE PTR[rsi*1+r14] + movzx r13d,BYTE[rdi*1+r14] + movzx ebp,BYTE[rbp*1+r14] + movzx esi,BYTE[rsi*1+r14] shr ecx,16 shl r13d,8 @@ -611,17 +614,17 @@ $L$dec_loop_compact:: xor r11d,r13d shl esi,8 movzx r13d,al - movzx edi,BYTE PTR[rdi*1+r14] + movzx edi,BYTE[rdi*1+r14] xor r12d,ebp movzx ebp,bl shl edi,16 xor r8d,esi - movzx r9d,BYTE PTR[r9*1+r14] + movzx r9d,BYTE[r9*1+r14] movzx esi,bh - movzx ebp,BYTE PTR[rbp*1+r14] + movzx ebp,BYTE[rbp*1+r14] xor r10d,edi - movzx r13d,BYTE PTR[r13*1+r14] + movzx r13d,BYTE[r13*1+r14] movzx edi,ch shl ebp,16 @@ -633,10 +636,10 @@ $L$dec_loop_compact:: shr eax,8 xor r12d,r13d - movzx esi,BYTE PTR[rsi*1+r14] - movzx ebx,BYTE PTR[rdi*1+r14] - movzx ecx,BYTE PTR[rbp*1+r14] - movzx edx,BYTE PTR[rax*1+r14] + movzx esi,BYTE[rsi*1+r14] + movzx ebx,BYTE[rdi*1+r14] + movzx ecx,BYTE[rbp*1+r14] + movzx edx,BYTE[rax*1+r14] mov eax,r10d shl esi,24 @@ -647,16 +650,16 @@ $L$dec_loop_compact:: xor ebx,r11d xor ecx,r12d xor edx,r8d - cmp r15,QWORD PTR[16+rsp] - je $L$dec_compact_done + cmp r15,QWORD[16+rsp] + je NEAR $L$dec_compact_done - mov rsi,QWORD PTR[((256+0))+r14] + mov rsi,QWORD[((256+0))+r14] shl rbx,32 shl rdx,32 - mov rdi,QWORD PTR[((256+8))+r14] + mov rdi,QWORD[((256+8))+r14] or rax,rbx or rcx,rdx - mov rbp,QWORD PTR[((256+16))+r14] + mov rbp,QWORD[((256+16))+r14] mov r9,rsi mov r12,rsi and r9,rax @@ -664,9 +667,9 @@ $L$dec_loop_compact:: mov rbx,r9 mov rdx,r12 shr r9,7 - lea r8,QWORD PTR[rax*1+rax] + lea r8,[rax*1+rax] shr r12,7 - lea r11,QWORD PTR[rcx*1+rcx] + lea r11,[rcx*1+rcx] sub rbx,r9 sub rdx,r12 and r8,rdi @@ -683,9 +686,9 @@ $L$dec_loop_compact:: mov rbx,r10 mov rdx,r13 shr r10,7 - lea r9,QWORD PTR[r8*1+r8] + lea r9,[r8*1+r8] shr r13,7 - lea r12,QWORD PTR[r11*1+r11] + lea r12,[r11*1+r11] sub rbx,r10 sub rdx,r13 and r9,rdi @@ -707,8 +710,8 @@ $L$dec_loop_compact:: xor r11,rcx sub rbx,r10 sub rdx,r13 - lea r10,QWORD PTR[r9*1+r9] - lea r13,QWORD PTR[r12*1+r12] + lea r10,[r9*1+r9] + lea r13,[r12*1+r12] xor r9,rax xor r12,rcx and r10,rdi @@ -761,37 +764,37 @@ $L$dec_loop_compact:: shr r11,32 xor edx,r13d - mov rsi,QWORD PTR[r14] + mov rsi,QWORD[r14] rol r9d,16 - mov rdi,QWORD PTR[64+r14] + mov rdi,QWORD[64+r14] rol r12d,16 - mov rbp,QWORD PTR[128+r14] + mov rbp,QWORD[128+r14] rol r8d,16 - mov r10,QWORD PTR[192+r14] + mov r10,QWORD[192+r14] xor eax,r9d rol r11d,16 xor ecx,r12d - mov r13,QWORD PTR[256+r14] + mov r13,QWORD[256+r14] xor ebx,r8d xor edx,r11d - jmp $L$dec_loop_compact + jmp NEAR $L$dec_loop_compact ALIGN 16 -$L$dec_compact_done:: - xor eax,DWORD PTR[r15] - xor ebx,DWORD PTR[4+r15] - xor ecx,DWORD PTR[8+r15] - xor edx,DWORD PTR[12+r15] -DB 0f3h,0c3h -_x86_64_AES_decrypt_compact ENDP +$L$dec_compact_done: + xor eax,DWORD[r15] + xor ebx,DWORD[4+r15] + xor ecx,DWORD[8+r15] + xor edx,DWORD[12+r15] +DB 0xf3,0xc3 + ALIGN 16 -PUBLIC asm_AES_decrypt +global asm_AES_decrypt -asm_AES_decrypt PROC PUBLIC - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +asm_AES_decrypt: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_asm_AES_decrypt:: +$L$SEH_begin_asm_AES_decrypt: mov rdi,rcx mov rsi,rdx mov rdx,r8 @@ -806,70 +809,69 @@ $L$SEH_begin_asm_AES_decrypt:: mov r10,rsp - lea rcx,QWORD PTR[((-63))+rdx] + lea rcx,[((-63))+rdx] and rsp,-64 sub rcx,rsp neg rcx - and rcx,03c0h + and rcx,0x3c0 sub rsp,rcx sub rsp,32 - mov QWORD PTR[16+rsp],rsi - mov QWORD PTR[24+rsp],r10 -$L$dec_prologue:: + mov QWORD[16+rsp],rsi + mov QWORD[24+rsp],r10 +$L$dec_prologue: mov r15,rdx - mov r13d,DWORD PTR[240+r15] + mov r13d,DWORD[240+r15] - mov eax,DWORD PTR[rdi] - mov ebx,DWORD PTR[4+rdi] - mov ecx,DWORD PTR[8+rdi] - mov edx,DWORD PTR[12+rdi] + mov eax,DWORD[rdi] + mov ebx,DWORD[4+rdi] + mov ecx,DWORD[8+rdi] + mov edx,DWORD[12+rdi] shl r13d,4 - lea rbp,QWORD PTR[r13*1+r15] - mov QWORD PTR[rsp],r15 - mov QWORD PTR[8+rsp],rbp + lea rbp,[r13*1+r15] + mov QWORD[rsp],r15 + mov QWORD[8+rsp],rbp - lea r14,QWORD PTR[(($L$AES_Td+2048))] - lea rbp,QWORD PTR[768+rsp] + lea r14,[(($L$AES_Td+2048))] + lea rbp,[768+rsp] sub rbp,r14 - and rbp,0300h - lea r14,QWORD PTR[rbp*1+r14] + and rbp,0x300 + lea r14,[rbp*1+r14] shr rbp,3 add r14,rbp call _x86_64_AES_decrypt_compact - mov r9,QWORD PTR[16+rsp] - mov rsi,QWORD PTR[24+rsp] - mov DWORD PTR[r9],eax - mov DWORD PTR[4+r9],ebx - mov DWORD PTR[8+r9],ecx - mov DWORD PTR[12+r9],edx - - mov r15,QWORD PTR[rsi] - mov r14,QWORD PTR[8+rsi] - mov r13,QWORD PTR[16+rsi] - mov r12,QWORD PTR[24+rsi] - mov rbp,QWORD PTR[32+rsi] - mov rbx,QWORD PTR[40+rsi] - lea rsp,QWORD PTR[48+rsi] -$L$dec_epilogue:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] + mov r9,QWORD[16+rsp] + mov rsi,QWORD[24+rsp] + mov DWORD[r9],eax + mov DWORD[4+r9],ebx + mov DWORD[8+r9],ecx + mov DWORD[12+r9],edx + + mov r15,QWORD[rsi] + mov r14,QWORD[8+rsi] + mov r13,QWORD[16+rsi] + mov r12,QWORD[24+rsi] + mov rbp,QWORD[32+rsi] + mov rbx,QWORD[40+rsi] + lea rsp,[48+rsi] +$L$dec_epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_asm_AES_decrypt:: -asm_AES_decrypt ENDP +$L$SEH_end_asm_AES_decrypt: ALIGN 16 -PUBLIC asm_AES_set_encrypt_key +global asm_AES_set_encrypt_key -asm_AES_set_encrypt_key PROC PUBLIC - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +asm_AES_set_encrypt_key: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_asm_AES_set_encrypt_key:: +$L$SEH_begin_asm_AES_set_encrypt_key: mov rdi,rcx mov rsi,rdx mov rdx,r8 @@ -882,267 +884,266 @@ $L$SEH_begin_asm_AES_set_encrypt_key:: push r14 push r15 sub rsp,8 -$L$enc_key_prologue:: +$L$enc_key_prologue: call _x86_64_AES_set_encrypt_key - mov rbp,QWORD PTR[40+rsp] - mov rbx,QWORD PTR[48+rsp] + mov rbp,QWORD[40+rsp] + mov rbx,QWORD[48+rsp] add rsp,56 -$L$enc_key_epilogue:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] +$L$enc_key_epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_asm_AES_set_encrypt_key:: -asm_AES_set_encrypt_key ENDP +$L$SEH_end_asm_AES_set_encrypt_key: ALIGN 16 -_x86_64_AES_set_encrypt_key PROC PRIVATE +_x86_64_AES_set_encrypt_key: mov ecx,esi mov rsi,rdi mov rdi,rdx test rsi,-1 - jz $L$badpointer + jz NEAR $L$badpointer test rdi,-1 - jz $L$badpointer + jz NEAR $L$badpointer - lea rbp,QWORD PTR[$L$AES_Te] - lea rbp,QWORD PTR[((2048+128))+rbp] + lea rbp,[$L$AES_Te] + lea rbp,[((2048+128))+rbp] - mov eax,DWORD PTR[((0-128))+rbp] - mov ebx,DWORD PTR[((32-128))+rbp] - mov r8d,DWORD PTR[((64-128))+rbp] - mov edx,DWORD PTR[((96-128))+rbp] - mov eax,DWORD PTR[((128-128))+rbp] - mov ebx,DWORD PTR[((160-128))+rbp] - mov r8d,DWORD PTR[((192-128))+rbp] - mov edx,DWORD PTR[((224-128))+rbp] + mov eax,DWORD[((0-128))+rbp] + mov ebx,DWORD[((32-128))+rbp] + mov r8d,DWORD[((64-128))+rbp] + mov edx,DWORD[((96-128))+rbp] + mov eax,DWORD[((128-128))+rbp] + mov ebx,DWORD[((160-128))+rbp] + mov r8d,DWORD[((192-128))+rbp] + mov edx,DWORD[((224-128))+rbp] cmp ecx,128 - je $L$10rounds + je NEAR $L$10rounds cmp ecx,192 - je $L$12rounds + je NEAR $L$12rounds cmp ecx,256 - je $L$14rounds + je NEAR $L$14rounds mov rax,-2 - jmp $L$exit + jmp NEAR $L$exit -$L$10rounds:: - mov rax,QWORD PTR[rsi] - mov rdx,QWORD PTR[8+rsi] - mov QWORD PTR[rdi],rax - mov QWORD PTR[8+rdi],rdx +$L$10rounds: + mov rax,QWORD[rsi] + mov rdx,QWORD[8+rsi] + mov QWORD[rdi],rax + mov QWORD[8+rdi],rdx shr rdx,32 xor ecx,ecx - jmp $L$10shortcut + jmp NEAR $L$10shortcut ALIGN 4 -$L$10loop:: - mov eax,DWORD PTR[rdi] - mov edx,DWORD PTR[12+rdi] -$L$10shortcut:: +$L$10loop: + mov eax,DWORD[rdi] + mov edx,DWORD[12+rdi] +$L$10shortcut: movzx esi,dl - movzx ebx,BYTE PTR[((-128))+rsi*1+rbp] + movzx ebx,BYTE[((-128))+rsi*1+rbp] movzx esi,dh shl ebx,24 xor eax,ebx - movzx ebx,BYTE PTR[((-128))+rsi*1+rbp] + movzx ebx,BYTE[((-128))+rsi*1+rbp] shr edx,16 movzx esi,dl xor eax,ebx - movzx ebx,BYTE PTR[((-128))+rsi*1+rbp] + movzx ebx,BYTE[((-128))+rsi*1+rbp] movzx esi,dh shl ebx,8 xor eax,ebx - movzx ebx,BYTE PTR[((-128))+rsi*1+rbp] + movzx ebx,BYTE[((-128))+rsi*1+rbp] shl ebx,16 xor eax,ebx - xor eax,DWORD PTR[((1024-128))+rcx*4+rbp] - mov DWORD PTR[16+rdi],eax - xor eax,DWORD PTR[4+rdi] - mov DWORD PTR[20+rdi],eax - xor eax,DWORD PTR[8+rdi] - mov DWORD PTR[24+rdi],eax - xor eax,DWORD PTR[12+rdi] - mov DWORD PTR[28+rdi],eax + xor eax,DWORD[((1024-128))+rcx*4+rbp] + mov DWORD[16+rdi],eax + xor eax,DWORD[4+rdi] + mov DWORD[20+rdi],eax + xor eax,DWORD[8+rdi] + mov DWORD[24+rdi],eax + xor eax,DWORD[12+rdi] + mov DWORD[28+rdi],eax add ecx,1 - lea rdi,QWORD PTR[16+rdi] + lea rdi,[16+rdi] cmp ecx,10 - jl $L$10loop + jl NEAR $L$10loop - mov DWORD PTR[80+rdi],10 + mov DWORD[80+rdi],10 xor rax,rax - jmp $L$exit + jmp NEAR $L$exit -$L$12rounds:: - mov rax,QWORD PTR[rsi] - mov rbx,QWORD PTR[8+rsi] - mov rdx,QWORD PTR[16+rsi] - mov QWORD PTR[rdi],rax - mov QWORD PTR[8+rdi],rbx - mov QWORD PTR[16+rdi],rdx +$L$12rounds: + mov rax,QWORD[rsi] + mov rbx,QWORD[8+rsi] + mov rdx,QWORD[16+rsi] + mov QWORD[rdi],rax + mov QWORD[8+rdi],rbx + mov QWORD[16+rdi],rdx shr rdx,32 xor ecx,ecx - jmp $L$12shortcut + jmp NEAR $L$12shortcut ALIGN 4 -$L$12loop:: - mov eax,DWORD PTR[rdi] - mov edx,DWORD PTR[20+rdi] -$L$12shortcut:: +$L$12loop: + mov eax,DWORD[rdi] + mov edx,DWORD[20+rdi] +$L$12shortcut: movzx esi,dl - movzx ebx,BYTE PTR[((-128))+rsi*1+rbp] + movzx ebx,BYTE[((-128))+rsi*1+rbp] movzx esi,dh shl ebx,24 xor eax,ebx - movzx ebx,BYTE PTR[((-128))+rsi*1+rbp] + movzx ebx,BYTE[((-128))+rsi*1+rbp] shr edx,16 movzx esi,dl xor eax,ebx - movzx ebx,BYTE PTR[((-128))+rsi*1+rbp] + movzx ebx,BYTE[((-128))+rsi*1+rbp] movzx esi,dh shl ebx,8 xor eax,ebx - movzx ebx,BYTE PTR[((-128))+rsi*1+rbp] + movzx ebx,BYTE[((-128))+rsi*1+rbp] shl ebx,16 xor eax,ebx - xor eax,DWORD PTR[((1024-128))+rcx*4+rbp] - mov DWORD PTR[24+rdi],eax - xor eax,DWORD PTR[4+rdi] - mov DWORD PTR[28+rdi],eax - xor eax,DWORD PTR[8+rdi] - mov DWORD PTR[32+rdi],eax - xor eax,DWORD PTR[12+rdi] - mov DWORD PTR[36+rdi],eax + xor eax,DWORD[((1024-128))+rcx*4+rbp] + mov DWORD[24+rdi],eax + xor eax,DWORD[4+rdi] + mov DWORD[28+rdi],eax + xor eax,DWORD[8+rdi] + mov DWORD[32+rdi],eax + xor eax,DWORD[12+rdi] + mov DWORD[36+rdi],eax cmp ecx,7 - je $L$12break + je NEAR $L$12break add ecx,1 - xor eax,DWORD PTR[16+rdi] - mov DWORD PTR[40+rdi],eax - xor eax,DWORD PTR[20+rdi] - mov DWORD PTR[44+rdi],eax + xor eax,DWORD[16+rdi] + mov DWORD[40+rdi],eax + xor eax,DWORD[20+rdi] + mov DWORD[44+rdi],eax - lea rdi,QWORD PTR[24+rdi] - jmp $L$12loop -$L$12break:: - mov DWORD PTR[72+rdi],12 + lea rdi,[24+rdi] + jmp NEAR $L$12loop +$L$12break: + mov DWORD[72+rdi],12 xor rax,rax - jmp $L$exit - -$L$14rounds:: - mov rax,QWORD PTR[rsi] - mov rbx,QWORD PTR[8+rsi] - mov rcx,QWORD PTR[16+rsi] - mov rdx,QWORD PTR[24+rsi] - mov QWORD PTR[rdi],rax - mov QWORD PTR[8+rdi],rbx - mov QWORD PTR[16+rdi],rcx - mov QWORD PTR[24+rdi],rdx + jmp NEAR $L$exit + +$L$14rounds: + mov rax,QWORD[rsi] + mov rbx,QWORD[8+rsi] + mov rcx,QWORD[16+rsi] + mov rdx,QWORD[24+rsi] + mov QWORD[rdi],rax + mov QWORD[8+rdi],rbx + mov QWORD[16+rdi],rcx + mov QWORD[24+rdi],rdx shr rdx,32 xor ecx,ecx - jmp $L$14shortcut + jmp NEAR $L$14shortcut ALIGN 4 -$L$14loop:: - mov eax,DWORD PTR[rdi] - mov edx,DWORD PTR[28+rdi] -$L$14shortcut:: +$L$14loop: + mov eax,DWORD[rdi] + mov edx,DWORD[28+rdi] +$L$14shortcut: movzx esi,dl - movzx ebx,BYTE PTR[((-128))+rsi*1+rbp] + movzx ebx,BYTE[((-128))+rsi*1+rbp] movzx esi,dh shl ebx,24 xor eax,ebx - movzx ebx,BYTE PTR[((-128))+rsi*1+rbp] + movzx ebx,BYTE[((-128))+rsi*1+rbp] shr edx,16 movzx esi,dl xor eax,ebx - movzx ebx,BYTE PTR[((-128))+rsi*1+rbp] + movzx ebx,BYTE[((-128))+rsi*1+rbp] movzx esi,dh shl ebx,8 xor eax,ebx - movzx ebx,BYTE PTR[((-128))+rsi*1+rbp] + movzx ebx,BYTE[((-128))+rsi*1+rbp] shl ebx,16 xor eax,ebx - xor eax,DWORD PTR[((1024-128))+rcx*4+rbp] - mov DWORD PTR[32+rdi],eax - xor eax,DWORD PTR[4+rdi] - mov DWORD PTR[36+rdi],eax - xor eax,DWORD PTR[8+rdi] - mov DWORD PTR[40+rdi],eax - xor eax,DWORD PTR[12+rdi] - mov DWORD PTR[44+rdi],eax + xor eax,DWORD[((1024-128))+rcx*4+rbp] + mov DWORD[32+rdi],eax + xor eax,DWORD[4+rdi] + mov DWORD[36+rdi],eax + xor eax,DWORD[8+rdi] + mov DWORD[40+rdi],eax + xor eax,DWORD[12+rdi] + mov DWORD[44+rdi],eax cmp ecx,6 - je $L$14break + je NEAR $L$14break add ecx,1 mov edx,eax - mov eax,DWORD PTR[16+rdi] + mov eax,DWORD[16+rdi] movzx esi,dl - movzx ebx,BYTE PTR[((-128))+rsi*1+rbp] + movzx ebx,BYTE[((-128))+rsi*1+rbp] movzx esi,dh xor eax,ebx - movzx ebx,BYTE PTR[((-128))+rsi*1+rbp] + movzx ebx,BYTE[((-128))+rsi*1+rbp] shr edx,16 shl ebx,8 movzx esi,dl xor eax,ebx - movzx ebx,BYTE PTR[((-128))+rsi*1+rbp] + movzx ebx,BYTE[((-128))+rsi*1+rbp] movzx esi,dh shl ebx,16 xor eax,ebx - movzx ebx,BYTE PTR[((-128))+rsi*1+rbp] + movzx ebx,BYTE[((-128))+rsi*1+rbp] shl ebx,24 xor eax,ebx - mov DWORD PTR[48+rdi],eax - xor eax,DWORD PTR[20+rdi] - mov DWORD PTR[52+rdi],eax - xor eax,DWORD PTR[24+rdi] - mov DWORD PTR[56+rdi],eax - xor eax,DWORD PTR[28+rdi] - mov DWORD PTR[60+rdi],eax - - lea rdi,QWORD PTR[32+rdi] - jmp $L$14loop -$L$14break:: - mov DWORD PTR[48+rdi],14 + mov DWORD[48+rdi],eax + xor eax,DWORD[20+rdi] + mov DWORD[52+rdi],eax + xor eax,DWORD[24+rdi] + mov DWORD[56+rdi],eax + xor eax,DWORD[28+rdi] + mov DWORD[60+rdi],eax + + lea rdi,[32+rdi] + jmp NEAR $L$14loop +$L$14break: + mov DWORD[48+rdi],14 xor rax,rax - jmp $L$exit + jmp NEAR $L$exit -$L$badpointer:: +$L$badpointer: mov rax,-1 -$L$exit:: -DB 0f3h,0c3h -_x86_64_AES_set_encrypt_key ENDP +$L$exit: +DB 0xf3,0xc3 + ALIGN 16 -PUBLIC asm_AES_set_decrypt_key +global asm_AES_set_decrypt_key -asm_AES_set_decrypt_key PROC PUBLIC - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +asm_AES_set_decrypt_key: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_asm_AES_set_decrypt_key:: +$L$SEH_begin_asm_AES_set_decrypt_key: mov rdi,rcx mov rsi,rdx mov rdx,r8 @@ -1155,46 +1156,46 @@ $L$SEH_begin_asm_AES_set_decrypt_key:: push r14 push r15 push rdx -$L$dec_key_prologue:: +$L$dec_key_prologue: call _x86_64_AES_set_encrypt_key - mov r8,QWORD PTR[rsp] + mov r8,QWORD[rsp] cmp eax,0 - jne $L$abort + jne NEAR $L$abort - mov r14d,DWORD PTR[240+r8] + mov r14d,DWORD[240+r8] xor rdi,rdi - lea rcx,QWORD PTR[r14*4+rdi] + lea rcx,[r14*4+rdi] mov rsi,r8 - lea rdi,QWORD PTR[rcx*4+r8] + lea rdi,[rcx*4+r8] ALIGN 4 -$L$invert:: - mov rax,QWORD PTR[rsi] - mov rbx,QWORD PTR[8+rsi] - mov rcx,QWORD PTR[rdi] - mov rdx,QWORD PTR[8+rdi] - mov QWORD PTR[rdi],rax - mov QWORD PTR[8+rdi],rbx - mov QWORD PTR[rsi],rcx - mov QWORD PTR[8+rsi],rdx - lea rsi,QWORD PTR[16+rsi] - lea rdi,QWORD PTR[((-16))+rdi] +$L$invert: + mov rax,QWORD[rsi] + mov rbx,QWORD[8+rsi] + mov rcx,QWORD[rdi] + mov rdx,QWORD[8+rdi] + mov QWORD[rdi],rax + mov QWORD[8+rdi],rbx + mov QWORD[rsi],rcx + mov QWORD[8+rsi],rdx + lea rsi,[16+rsi] + lea rdi,[((-16))+rdi] cmp rdi,rsi - jne $L$invert + jne NEAR $L$invert - lea rax,QWORD PTR[(($L$AES_Te+2048+1024))] + lea rax,[(($L$AES_Te+2048+1024))] - mov rsi,QWORD PTR[40+rax] - mov rdi,QWORD PTR[48+rax] - mov rbp,QWORD PTR[56+rax] + mov rsi,QWORD[40+rax] + mov rdi,QWORD[48+rax] + mov rbp,QWORD[56+rax] mov r15,r8 sub r14d,1 ALIGN 4 -$L$permute:: - lea r15,QWORD PTR[16+r15] - mov rax,QWORD PTR[r15] - mov rcx,QWORD PTR[8+r15] +$L$permute: + lea r15,[16+r15] + mov rax,QWORD[r15] + mov rcx,QWORD[8+r15] mov r9,rsi mov r12,rsi and r9,rax @@ -1202,9 +1203,9 @@ $L$permute:: mov rbx,r9 mov rdx,r12 shr r9,7 - lea r8,QWORD PTR[rax*1+rax] + lea r8,[rax*1+rax] shr r12,7 - lea r11,QWORD PTR[rcx*1+rcx] + lea r11,[rcx*1+rcx] sub rbx,r9 sub rdx,r12 and r8,rdi @@ -1221,9 +1222,9 @@ $L$permute:: mov rbx,r10 mov rdx,r13 shr r10,7 - lea r9,QWORD PTR[r8*1+r8] + lea r9,[r8*1+r8] shr r13,7 - lea r12,QWORD PTR[r11*1+r11] + lea r12,[r11*1+r11] sub rbx,r10 sub rdx,r13 and r9,rdi @@ -1245,8 +1246,8 @@ $L$permute:: xor r11,rcx sub rbx,r10 sub rdx,r13 - lea r10,QWORD PTR[r9*1+r9] - lea r13,QWORD PTR[r12*1+r12] + lea r10,[r9*1+r9] + lea r13,[r12*1+r12] xor r9,rax xor r12,rcx and r10,rdi @@ -1312,48 +1313,47 @@ $L$permute:: xor ebx,r8d xor edx,r11d - mov DWORD PTR[r15],eax - mov DWORD PTR[4+r15],ebx - mov DWORD PTR[8+r15],ecx - mov DWORD PTR[12+r15],edx + mov DWORD[r15],eax + mov DWORD[4+r15],ebx + mov DWORD[8+r15],ecx + mov DWORD[12+r15],edx sub r14d,1 - jnz $L$permute + jnz NEAR $L$permute xor rax,rax -$L$abort:: - mov r15,QWORD PTR[8+rsp] - mov r14,QWORD PTR[16+rsp] - mov r13,QWORD PTR[24+rsp] - mov r12,QWORD PTR[32+rsp] - mov rbp,QWORD PTR[40+rsp] - mov rbx,QWORD PTR[48+rsp] +$L$abort: + mov r15,QWORD[8+rsp] + mov r14,QWORD[16+rsp] + mov r13,QWORD[24+rsp] + mov r12,QWORD[32+rsp] + mov rbp,QWORD[40+rsp] + mov rbx,QWORD[48+rsp] add rsp,56 -$L$dec_key_epilogue:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] +$L$dec_key_epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_asm_AES_set_decrypt_key:: -asm_AES_set_decrypt_key ENDP +$L$SEH_end_asm_AES_set_decrypt_key: ALIGN 16 -PUBLIC asm_AES_cbc_encrypt +global asm_AES_cbc_encrypt -EXTERN OPENSSL_ia32cap_P:NEAR +EXTERN OPENSSL_ia32cap_P -asm_AES_cbc_encrypt PROC PUBLIC - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +asm_AES_cbc_encrypt: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_asm_AES_cbc_encrypt:: +$L$SEH_begin_asm_AES_cbc_encrypt: mov rdi,rcx mov rsi,rdx mov rdx,r8 mov rcx,r9 - mov r8,QWORD PTR[40+rsp] - mov r9,QWORD PTR[48+rsp] + mov r8,QWORD[40+rsp] + mov r9,QWORD[48+rsp] cmp rdx,0 - je $L$cbc_epilogue + je NEAR $L$cbc_epilogue pushfq push rbx push rbp @@ -1361,269 +1361,269 @@ $L$SEH_begin_asm_AES_cbc_encrypt:: push r13 push r14 push r15 -$L$cbc_prologue:: +$L$cbc_prologue: cld mov r9d,r9d - lea r14,QWORD PTR[$L$AES_Te] + lea r14,[$L$AES_Te] cmp r9,0 - jne $L$cbc_picked_te - lea r14,QWORD PTR[$L$AES_Td] -$L$cbc_picked_te:: + jne NEAR $L$cbc_picked_te + lea r14,[$L$AES_Td] +$L$cbc_picked_te: - mov r10d,DWORD PTR[OPENSSL_ia32cap_P] + mov r10d,DWORD[OPENSSL_ia32cap_P] cmp rdx,512 - jb $L$cbc_slow_prologue + jb NEAR $L$cbc_slow_prologue test rdx,15 - jnz $L$cbc_slow_prologue + jnz NEAR $L$cbc_slow_prologue bt r10d,28 - jc $L$cbc_slow_prologue + jc NEAR $L$cbc_slow_prologue - lea r15,QWORD PTR[((-88-248))+rsp] + lea r15,[((-88-248))+rsp] and r15,-64 mov r10,r14 - lea r11,QWORD PTR[2304+r14] + lea r11,[2304+r14] mov r12,r15 - and r10,0FFFh - and r11,0FFFh - and r12,0FFFh + and r10,0xFFF + and r11,0xFFF + and r12,0xFFF cmp r12,r11 - jb $L$cbc_te_break_out + jb NEAR $L$cbc_te_break_out sub r12,r11 sub r15,r12 - jmp $L$cbc_te_ok -$L$cbc_te_break_out:: + jmp NEAR $L$cbc_te_ok +$L$cbc_te_break_out: sub r12,r10 - and r12,0FFFh + and r12,0xFFF add r12,320 sub r15,r12 ALIGN 4 -$L$cbc_te_ok:: +$L$cbc_te_ok: xchg r15,rsp - mov QWORD PTR[16+rsp],r15 -$L$cbc_fast_body:: - mov QWORD PTR[24+rsp],rdi - mov QWORD PTR[32+rsp],rsi - mov QWORD PTR[40+rsp],rdx - mov QWORD PTR[48+rsp],rcx - mov QWORD PTR[56+rsp],r8 - mov DWORD PTR[((80+240))+rsp],0 + mov QWORD[16+rsp],r15 +$L$cbc_fast_body: + mov QWORD[24+rsp],rdi + mov QWORD[32+rsp],rsi + mov QWORD[40+rsp],rdx + mov QWORD[48+rsp],rcx + mov QWORD[56+rsp],r8 + mov DWORD[((80+240))+rsp],0 mov rbp,r8 mov rbx,r9 mov r9,rsi mov r8,rdi mov r15,rcx - mov eax,DWORD PTR[240+r15] + mov eax,DWORD[240+r15] mov r10,r15 sub r10,r14 - and r10,0fffh + and r10,0xfff cmp r10,2304 - jb $L$cbc_do_ecopy + jb NEAR $L$cbc_do_ecopy cmp r10,4096-248 - jb $L$cbc_skip_ecopy + jb NEAR $L$cbc_skip_ecopy ALIGN 4 -$L$cbc_do_ecopy:: +$L$cbc_do_ecopy: mov rsi,r15 - lea rdi,QWORD PTR[80+rsp] - lea r15,QWORD PTR[80+rsp] + lea rdi,[80+rsp] + lea r15,[80+rsp] mov ecx,240/8 - DD 090A548F3h - mov DWORD PTR[rdi],eax -$L$cbc_skip_ecopy:: - mov QWORD PTR[rsp],r15 + DD 0x90A548F3 + mov DWORD[rdi],eax +$L$cbc_skip_ecopy: + mov QWORD[rsp],r15 mov ecx,18 ALIGN 4 -$L$cbc_prefetch_te:: - mov r10,QWORD PTR[r14] - mov r11,QWORD PTR[32+r14] - mov r12,QWORD PTR[64+r14] - mov r13,QWORD PTR[96+r14] - lea r14,QWORD PTR[128+r14] +$L$cbc_prefetch_te: + mov r10,QWORD[r14] + mov r11,QWORD[32+r14] + mov r12,QWORD[64+r14] + mov r13,QWORD[96+r14] + lea r14,[128+r14] sub ecx,1 - jnz $L$cbc_prefetch_te - lea r14,QWORD PTR[((-2304))+r14] + jnz NEAR $L$cbc_prefetch_te + lea r14,[((-2304))+r14] cmp rbx,0 - je $L$FAST_DECRYPT + je NEAR $L$FAST_DECRYPT - mov eax,DWORD PTR[rbp] - mov ebx,DWORD PTR[4+rbp] - mov ecx,DWORD PTR[8+rbp] - mov edx,DWORD PTR[12+rbp] + mov eax,DWORD[rbp] + mov ebx,DWORD[4+rbp] + mov ecx,DWORD[8+rbp] + mov edx,DWORD[12+rbp] ALIGN 4 -$L$cbc_fast_enc_loop:: - xor eax,DWORD PTR[r8] - xor ebx,DWORD PTR[4+r8] - xor ecx,DWORD PTR[8+r8] - xor edx,DWORD PTR[12+r8] - mov r15,QWORD PTR[rsp] - mov QWORD PTR[24+rsp],r8 +$L$cbc_fast_enc_loop: + xor eax,DWORD[r8] + xor ebx,DWORD[4+r8] + xor ecx,DWORD[8+r8] + xor edx,DWORD[12+r8] + mov r15,QWORD[rsp] + mov QWORD[24+rsp],r8 call _x86_64_AES_encrypt - mov r8,QWORD PTR[24+rsp] - mov r10,QWORD PTR[40+rsp] - mov DWORD PTR[r9],eax - mov DWORD PTR[4+r9],ebx - mov DWORD PTR[8+r9],ecx - mov DWORD PTR[12+r9],edx + mov r8,QWORD[24+rsp] + mov r10,QWORD[40+rsp] + mov DWORD[r9],eax + mov DWORD[4+r9],ebx + mov DWORD[8+r9],ecx + mov DWORD[12+r9],edx - lea r8,QWORD PTR[16+r8] - lea r9,QWORD PTR[16+r9] + lea r8,[16+r8] + lea r9,[16+r9] sub r10,16 test r10,-16 - mov QWORD PTR[40+rsp],r10 - jnz $L$cbc_fast_enc_loop - mov rbp,QWORD PTR[56+rsp] - mov DWORD PTR[rbp],eax - mov DWORD PTR[4+rbp],ebx - mov DWORD PTR[8+rbp],ecx - mov DWORD PTR[12+rbp],edx + mov QWORD[40+rsp],r10 + jnz NEAR $L$cbc_fast_enc_loop + mov rbp,QWORD[56+rsp] + mov DWORD[rbp],eax + mov DWORD[4+rbp],ebx + mov DWORD[8+rbp],ecx + mov DWORD[12+rbp],edx - jmp $L$cbc_fast_cleanup + jmp NEAR $L$cbc_fast_cleanup ALIGN 16 -$L$FAST_DECRYPT:: +$L$FAST_DECRYPT: cmp r9,r8 - je $L$cbc_fast_dec_in_place + je NEAR $L$cbc_fast_dec_in_place - mov QWORD PTR[64+rsp],rbp + mov QWORD[64+rsp],rbp ALIGN 4 -$L$cbc_fast_dec_loop:: - mov eax,DWORD PTR[r8] - mov ebx,DWORD PTR[4+r8] - mov ecx,DWORD PTR[8+r8] - mov edx,DWORD PTR[12+r8] - mov r15,QWORD PTR[rsp] - mov QWORD PTR[24+rsp],r8 +$L$cbc_fast_dec_loop: + mov eax,DWORD[r8] + mov ebx,DWORD[4+r8] + mov ecx,DWORD[8+r8] + mov edx,DWORD[12+r8] + mov r15,QWORD[rsp] + mov QWORD[24+rsp],r8 call _x86_64_AES_decrypt - mov rbp,QWORD PTR[64+rsp] - mov r8,QWORD PTR[24+rsp] - mov r10,QWORD PTR[40+rsp] - xor eax,DWORD PTR[rbp] - xor ebx,DWORD PTR[4+rbp] - xor ecx,DWORD PTR[8+rbp] - xor edx,DWORD PTR[12+rbp] + mov rbp,QWORD[64+rsp] + mov r8,QWORD[24+rsp] + mov r10,QWORD[40+rsp] + xor eax,DWORD[rbp] + xor ebx,DWORD[4+rbp] + xor ecx,DWORD[8+rbp] + xor edx,DWORD[12+rbp] mov rbp,r8 sub r10,16 - mov QWORD PTR[40+rsp],r10 - mov QWORD PTR[64+rsp],rbp - - mov DWORD PTR[r9],eax - mov DWORD PTR[4+r9],ebx - mov DWORD PTR[8+r9],ecx - mov DWORD PTR[12+r9],edx - - lea r8,QWORD PTR[16+r8] - lea r9,QWORD PTR[16+r9] - jnz $L$cbc_fast_dec_loop - mov r12,QWORD PTR[56+rsp] - mov r10,QWORD PTR[rbp] - mov r11,QWORD PTR[8+rbp] - mov QWORD PTR[r12],r10 - mov QWORD PTR[8+r12],r11 - jmp $L$cbc_fast_cleanup + mov QWORD[40+rsp],r10 + mov QWORD[64+rsp],rbp + + mov DWORD[r9],eax + mov DWORD[4+r9],ebx + mov DWORD[8+r9],ecx + mov DWORD[12+r9],edx + + lea r8,[16+r8] + lea r9,[16+r9] + jnz NEAR $L$cbc_fast_dec_loop + mov r12,QWORD[56+rsp] + mov r10,QWORD[rbp] + mov r11,QWORD[8+rbp] + mov QWORD[r12],r10 + mov QWORD[8+r12],r11 + jmp NEAR $L$cbc_fast_cleanup ALIGN 16 -$L$cbc_fast_dec_in_place:: - mov r10,QWORD PTR[rbp] - mov r11,QWORD PTR[8+rbp] - mov QWORD PTR[((0+64))+rsp],r10 - mov QWORD PTR[((8+64))+rsp],r11 +$L$cbc_fast_dec_in_place: + mov r10,QWORD[rbp] + mov r11,QWORD[8+rbp] + mov QWORD[((0+64))+rsp],r10 + mov QWORD[((8+64))+rsp],r11 ALIGN 4 -$L$cbc_fast_dec_in_place_loop:: - mov eax,DWORD PTR[r8] - mov ebx,DWORD PTR[4+r8] - mov ecx,DWORD PTR[8+r8] - mov edx,DWORD PTR[12+r8] - mov r15,QWORD PTR[rsp] - mov QWORD PTR[24+rsp],r8 +$L$cbc_fast_dec_in_place_loop: + mov eax,DWORD[r8] + mov ebx,DWORD[4+r8] + mov ecx,DWORD[8+r8] + mov edx,DWORD[12+r8] + mov r15,QWORD[rsp] + mov QWORD[24+rsp],r8 call _x86_64_AES_decrypt - mov r8,QWORD PTR[24+rsp] - mov r10,QWORD PTR[40+rsp] - xor eax,DWORD PTR[((0+64))+rsp] - xor ebx,DWORD PTR[((4+64))+rsp] - xor ecx,DWORD PTR[((8+64))+rsp] - xor edx,DWORD PTR[((12+64))+rsp] + mov r8,QWORD[24+rsp] + mov r10,QWORD[40+rsp] + xor eax,DWORD[((0+64))+rsp] + xor ebx,DWORD[((4+64))+rsp] + xor ecx,DWORD[((8+64))+rsp] + xor edx,DWORD[((12+64))+rsp] - mov r11,QWORD PTR[r8] - mov r12,QWORD PTR[8+r8] + mov r11,QWORD[r8] + mov r12,QWORD[8+r8] sub r10,16 - jz $L$cbc_fast_dec_in_place_done - - mov QWORD PTR[((0+64))+rsp],r11 - mov QWORD PTR[((8+64))+rsp],r12 - - mov DWORD PTR[r9],eax - mov DWORD PTR[4+r9],ebx - mov DWORD PTR[8+r9],ecx - mov DWORD PTR[12+r9],edx - - lea r8,QWORD PTR[16+r8] - lea r9,QWORD PTR[16+r9] - mov QWORD PTR[40+rsp],r10 - jmp $L$cbc_fast_dec_in_place_loop -$L$cbc_fast_dec_in_place_done:: - mov rdi,QWORD PTR[56+rsp] - mov QWORD PTR[rdi],r11 - mov QWORD PTR[8+rdi],r12 - - mov DWORD PTR[r9],eax - mov DWORD PTR[4+r9],ebx - mov DWORD PTR[8+r9],ecx - mov DWORD PTR[12+r9],edx + jz NEAR $L$cbc_fast_dec_in_place_done + + mov QWORD[((0+64))+rsp],r11 + mov QWORD[((8+64))+rsp],r12 + + mov DWORD[r9],eax + mov DWORD[4+r9],ebx + mov DWORD[8+r9],ecx + mov DWORD[12+r9],edx + + lea r8,[16+r8] + lea r9,[16+r9] + mov QWORD[40+rsp],r10 + jmp NEAR $L$cbc_fast_dec_in_place_loop +$L$cbc_fast_dec_in_place_done: + mov rdi,QWORD[56+rsp] + mov QWORD[rdi],r11 + mov QWORD[8+rdi],r12 + + mov DWORD[r9],eax + mov DWORD[4+r9],ebx + mov DWORD[8+r9],ecx + mov DWORD[12+r9],edx ALIGN 4 -$L$cbc_fast_cleanup:: - cmp DWORD PTR[((80+240))+rsp],0 - lea rdi,QWORD PTR[80+rsp] - je $L$cbc_exit +$L$cbc_fast_cleanup: + cmp DWORD[((80+240))+rsp],0 + lea rdi,[80+rsp] + je NEAR $L$cbc_exit mov ecx,240/8 xor rax,rax - DD 090AB48F3h + DD 0x90AB48F3 - jmp $L$cbc_exit + jmp NEAR $L$cbc_exit ALIGN 16 -$L$cbc_slow_prologue:: +$L$cbc_slow_prologue: - lea rbp,QWORD PTR[((-88))+rsp] + lea rbp,[((-88))+rsp] and rbp,-64 - lea r10,QWORD PTR[((-88-63))+rcx] + lea r10,[((-88-63))+rcx] sub r10,rbp neg r10 - and r10,03c0h + and r10,0x3c0 sub rbp,r10 xchg rbp,rsp - mov QWORD PTR[16+rsp],rbp -$L$cbc_slow_body:: + mov QWORD[16+rsp],rbp +$L$cbc_slow_body: - mov QWORD PTR[56+rsp],r8 + mov QWORD[56+rsp],r8 mov rbp,r8 mov rbx,r9 mov r9,rsi @@ -1631,972 +1631,971 @@ $L$cbc_slow_body:: mov r15,rcx mov r10,rdx - mov eax,DWORD PTR[240+r15] - mov QWORD PTR[rsp],r15 + mov eax,DWORD[240+r15] + mov QWORD[rsp],r15 shl eax,4 - lea rax,QWORD PTR[rax*1+r15] - mov QWORD PTR[8+rsp],rax + lea rax,[rax*1+r15] + mov QWORD[8+rsp],rax - lea r14,QWORD PTR[2048+r14] - lea rax,QWORD PTR[((768-8))+rsp] + lea r14,[2048+r14] + lea rax,[((768-8))+rsp] sub rax,r14 - and rax,0300h - lea r14,QWORD PTR[rax*1+r14] + and rax,0x300 + lea r14,[rax*1+r14] cmp rbx,0 - je $L$SLOW_DECRYPT + je NEAR $L$SLOW_DECRYPT test r10,-16 - mov eax,DWORD PTR[rbp] - mov ebx,DWORD PTR[4+rbp] - mov ecx,DWORD PTR[8+rbp] - mov edx,DWORD PTR[12+rbp] - jz $L$cbc_slow_enc_tail + mov eax,DWORD[rbp] + mov ebx,DWORD[4+rbp] + mov ecx,DWORD[8+rbp] + mov edx,DWORD[12+rbp] + jz NEAR $L$cbc_slow_enc_tail ALIGN 4 -$L$cbc_slow_enc_loop:: - xor eax,DWORD PTR[r8] - xor ebx,DWORD PTR[4+r8] - xor ecx,DWORD PTR[8+r8] - xor edx,DWORD PTR[12+r8] - mov r15,QWORD PTR[rsp] - mov QWORD PTR[24+rsp],r8 - mov QWORD PTR[32+rsp],r9 - mov QWORD PTR[40+rsp],r10 +$L$cbc_slow_enc_loop: + xor eax,DWORD[r8] + xor ebx,DWORD[4+r8] + xor ecx,DWORD[8+r8] + xor edx,DWORD[12+r8] + mov r15,QWORD[rsp] + mov QWORD[24+rsp],r8 + mov QWORD[32+rsp],r9 + mov QWORD[40+rsp],r10 call _x86_64_AES_encrypt_compact - mov r8,QWORD PTR[24+rsp] - mov r9,QWORD PTR[32+rsp] - mov r10,QWORD PTR[40+rsp] - mov DWORD PTR[r9],eax - mov DWORD PTR[4+r9],ebx - mov DWORD PTR[8+r9],ecx - mov DWORD PTR[12+r9],edx + mov r8,QWORD[24+rsp] + mov r9,QWORD[32+rsp] + mov r10,QWORD[40+rsp] + mov DWORD[r9],eax + mov DWORD[4+r9],ebx + mov DWORD[8+r9],ecx + mov DWORD[12+r9],edx - lea r8,QWORD PTR[16+r8] - lea r9,QWORD PTR[16+r9] + lea r8,[16+r8] + lea r9,[16+r9] sub r10,16 test r10,-16 - jnz $L$cbc_slow_enc_loop + jnz NEAR $L$cbc_slow_enc_loop test r10,15 - jnz $L$cbc_slow_enc_tail - mov rbp,QWORD PTR[56+rsp] - mov DWORD PTR[rbp],eax - mov DWORD PTR[4+rbp],ebx - mov DWORD PTR[8+rbp],ecx - mov DWORD PTR[12+rbp],edx + jnz NEAR $L$cbc_slow_enc_tail + mov rbp,QWORD[56+rsp] + mov DWORD[rbp],eax + mov DWORD[4+rbp],ebx + mov DWORD[8+rbp],ecx + mov DWORD[12+rbp],edx - jmp $L$cbc_exit + jmp NEAR $L$cbc_exit ALIGN 4 -$L$cbc_slow_enc_tail:: +$L$cbc_slow_enc_tail: mov r11,rax mov r12,rcx mov rcx,r10 mov rsi,r8 mov rdi,r9 - DD 09066A4F3h + DD 0x9066A4F3 mov rcx,16 sub rcx,r10 xor rax,rax - DD 09066AAF3h + DD 0x9066AAF3 mov r8,r9 mov r10,16 mov rax,r11 mov rcx,r12 - jmp $L$cbc_slow_enc_loop + jmp NEAR $L$cbc_slow_enc_loop ALIGN 16 -$L$SLOW_DECRYPT:: +$L$SLOW_DECRYPT: shr rax,3 add r14,rax - mov r11,QWORD PTR[rbp] - mov r12,QWORD PTR[8+rbp] - mov QWORD PTR[((0+64))+rsp],r11 - mov QWORD PTR[((8+64))+rsp],r12 + mov r11,QWORD[rbp] + mov r12,QWORD[8+rbp] + mov QWORD[((0+64))+rsp],r11 + mov QWORD[((8+64))+rsp],r12 ALIGN 4 -$L$cbc_slow_dec_loop:: - mov eax,DWORD PTR[r8] - mov ebx,DWORD PTR[4+r8] - mov ecx,DWORD PTR[8+r8] - mov edx,DWORD PTR[12+r8] - mov r15,QWORD PTR[rsp] - mov QWORD PTR[24+rsp],r8 - mov QWORD PTR[32+rsp],r9 - mov QWORD PTR[40+rsp],r10 +$L$cbc_slow_dec_loop: + mov eax,DWORD[r8] + mov ebx,DWORD[4+r8] + mov ecx,DWORD[8+r8] + mov edx,DWORD[12+r8] + mov r15,QWORD[rsp] + mov QWORD[24+rsp],r8 + mov QWORD[32+rsp],r9 + mov QWORD[40+rsp],r10 call _x86_64_AES_decrypt_compact - mov r8,QWORD PTR[24+rsp] - mov r9,QWORD PTR[32+rsp] - mov r10,QWORD PTR[40+rsp] - xor eax,DWORD PTR[((0+64))+rsp] - xor ebx,DWORD PTR[((4+64))+rsp] - xor ecx,DWORD PTR[((8+64))+rsp] - xor edx,DWORD PTR[((12+64))+rsp] + mov r8,QWORD[24+rsp] + mov r9,QWORD[32+rsp] + mov r10,QWORD[40+rsp] + xor eax,DWORD[((0+64))+rsp] + xor ebx,DWORD[((4+64))+rsp] + xor ecx,DWORD[((8+64))+rsp] + xor edx,DWORD[((12+64))+rsp] - mov r11,QWORD PTR[r8] - mov r12,QWORD PTR[8+r8] + mov r11,QWORD[r8] + mov r12,QWORD[8+r8] sub r10,16 - jc $L$cbc_slow_dec_partial - jz $L$cbc_slow_dec_done + jc NEAR $L$cbc_slow_dec_partial + jz NEAR $L$cbc_slow_dec_done - mov QWORD PTR[((0+64))+rsp],r11 - mov QWORD PTR[((8+64))+rsp],r12 + mov QWORD[((0+64))+rsp],r11 + mov QWORD[((8+64))+rsp],r12 - mov DWORD PTR[r9],eax - mov DWORD PTR[4+r9],ebx - mov DWORD PTR[8+r9],ecx - mov DWORD PTR[12+r9],edx + mov DWORD[r9],eax + mov DWORD[4+r9],ebx + mov DWORD[8+r9],ecx + mov DWORD[12+r9],edx - lea r8,QWORD PTR[16+r8] - lea r9,QWORD PTR[16+r9] - jmp $L$cbc_slow_dec_loop -$L$cbc_slow_dec_done:: - mov rdi,QWORD PTR[56+rsp] - mov QWORD PTR[rdi],r11 - mov QWORD PTR[8+rdi],r12 + lea r8,[16+r8] + lea r9,[16+r9] + jmp NEAR $L$cbc_slow_dec_loop +$L$cbc_slow_dec_done: + mov rdi,QWORD[56+rsp] + mov QWORD[rdi],r11 + mov QWORD[8+rdi],r12 - mov DWORD PTR[r9],eax - mov DWORD PTR[4+r9],ebx - mov DWORD PTR[8+r9],ecx - mov DWORD PTR[12+r9],edx + mov DWORD[r9],eax + mov DWORD[4+r9],ebx + mov DWORD[8+r9],ecx + mov DWORD[12+r9],edx - jmp $L$cbc_exit + jmp NEAR $L$cbc_exit ALIGN 4 -$L$cbc_slow_dec_partial:: - mov rdi,QWORD PTR[56+rsp] - mov QWORD PTR[rdi],r11 - mov QWORD PTR[8+rdi],r12 +$L$cbc_slow_dec_partial: + mov rdi,QWORD[56+rsp] + mov QWORD[rdi],r11 + mov QWORD[8+rdi],r12 - mov DWORD PTR[((0+64))+rsp],eax - mov DWORD PTR[((4+64))+rsp],ebx - mov DWORD PTR[((8+64))+rsp],ecx - mov DWORD PTR[((12+64))+rsp],edx + mov DWORD[((0+64))+rsp],eax + mov DWORD[((4+64))+rsp],ebx + mov DWORD[((8+64))+rsp],ecx + mov DWORD[((12+64))+rsp],edx mov rdi,r9 - lea rsi,QWORD PTR[64+rsp] - lea rcx,QWORD PTR[16+r10] - DD 09066A4F3h - jmp $L$cbc_exit + lea rsi,[64+rsp] + lea rcx,[16+r10] + DD 0x9066A4F3 + jmp NEAR $L$cbc_exit ALIGN 16 -$L$cbc_exit:: - mov rsi,QWORD PTR[16+rsp] - mov r15,QWORD PTR[rsi] - mov r14,QWORD PTR[8+rsi] - mov r13,QWORD PTR[16+rsi] - mov r12,QWORD PTR[24+rsi] - mov rbp,QWORD PTR[32+rsi] - mov rbx,QWORD PTR[40+rsi] - lea rsp,QWORD PTR[48+rsi] -$L$cbc_popfq:: +$L$cbc_exit: + mov rsi,QWORD[16+rsp] + mov r15,QWORD[rsi] + mov r14,QWORD[8+rsi] + mov r13,QWORD[16+rsi] + mov r12,QWORD[24+rsi] + mov rbp,QWORD[32+rsi] + mov rbx,QWORD[40+rsi] + lea rsp,[48+rsi] +$L$cbc_popfq: popfq -$L$cbc_epilogue:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] +$L$cbc_epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_asm_AES_cbc_encrypt:: -asm_AES_cbc_encrypt ENDP +$L$SEH_end_asm_AES_cbc_encrypt: ALIGN 64 -$L$AES_Te:: - DD 0a56363c6h,0a56363c6h - DD 0847c7cf8h,0847c7cf8h - DD 0997777eeh,0997777eeh - DD 08d7b7bf6h,08d7b7bf6h - DD 00df2f2ffh,00df2f2ffh - DD 0bd6b6bd6h,0bd6b6bd6h - DD 0b16f6fdeh,0b16f6fdeh - DD 054c5c591h,054c5c591h - DD 050303060h,050303060h - DD 003010102h,003010102h - DD 0a96767ceh,0a96767ceh - DD 07d2b2b56h,07d2b2b56h - DD 019fefee7h,019fefee7h - DD 062d7d7b5h,062d7d7b5h - DD 0e6abab4dh,0e6abab4dh - DD 09a7676ech,09a7676ech - DD 045caca8fh,045caca8fh - DD 09d82821fh,09d82821fh - DD 040c9c989h,040c9c989h - DD 0877d7dfah,0877d7dfah - DD 015fafaefh,015fafaefh - DD 0eb5959b2h,0eb5959b2h - DD 0c947478eh,0c947478eh - DD 00bf0f0fbh,00bf0f0fbh - DD 0ecadad41h,0ecadad41h - DD 067d4d4b3h,067d4d4b3h - DD 0fda2a25fh,0fda2a25fh - DD 0eaafaf45h,0eaafaf45h - DD 0bf9c9c23h,0bf9c9c23h - DD 0f7a4a453h,0f7a4a453h - DD 0967272e4h,0967272e4h - DD 05bc0c09bh,05bc0c09bh - DD 0c2b7b775h,0c2b7b775h - DD 01cfdfde1h,01cfdfde1h - DD 0ae93933dh,0ae93933dh - DD 06a26264ch,06a26264ch - DD 05a36366ch,05a36366ch - DD 0413f3f7eh,0413f3f7eh - DD 002f7f7f5h,002f7f7f5h - DD 04fcccc83h,04fcccc83h - DD 05c343468h,05c343468h - DD 0f4a5a551h,0f4a5a551h - DD 034e5e5d1h,034e5e5d1h - DD 008f1f1f9h,008f1f1f9h - DD 0937171e2h,0937171e2h - DD 073d8d8abh,073d8d8abh - DD 053313162h,053313162h - DD 03f15152ah,03f15152ah - DD 00c040408h,00c040408h - DD 052c7c795h,052c7c795h - DD 065232346h,065232346h - DD 05ec3c39dh,05ec3c39dh - DD 028181830h,028181830h - DD 0a1969637h,0a1969637h - DD 00f05050ah,00f05050ah - DD 0b59a9a2fh,0b59a9a2fh - DD 00907070eh,00907070eh - DD 036121224h,036121224h - DD 09b80801bh,09b80801bh - DD 03de2e2dfh,03de2e2dfh - DD 026ebebcdh,026ebebcdh - DD 06927274eh,06927274eh - DD 0cdb2b27fh,0cdb2b27fh - DD 09f7575eah,09f7575eah - DD 01b090912h,01b090912h - DD 09e83831dh,09e83831dh - DD 0742c2c58h,0742c2c58h - DD 02e1a1a34h,02e1a1a34h - DD 02d1b1b36h,02d1b1b36h - DD 0b26e6edch,0b26e6edch - DD 0ee5a5ab4h,0ee5a5ab4h - DD 0fba0a05bh,0fba0a05bh - DD 0f65252a4h,0f65252a4h - DD 04d3b3b76h,04d3b3b76h - DD 061d6d6b7h,061d6d6b7h - DD 0ceb3b37dh,0ceb3b37dh - DD 07b292952h,07b292952h - DD 03ee3e3ddh,03ee3e3ddh - DD 0712f2f5eh,0712f2f5eh - DD 097848413h,097848413h - DD 0f55353a6h,0f55353a6h - DD 068d1d1b9h,068d1d1b9h - DD 000000000h,000000000h - DD 02cededc1h,02cededc1h - DD 060202040h,060202040h - DD 01ffcfce3h,01ffcfce3h - DD 0c8b1b179h,0c8b1b179h - DD 0ed5b5bb6h,0ed5b5bb6h - DD 0be6a6ad4h,0be6a6ad4h - DD 046cbcb8dh,046cbcb8dh - DD 0d9bebe67h,0d9bebe67h - DD 04b393972h,04b393972h - DD 0de4a4a94h,0de4a4a94h - DD 0d44c4c98h,0d44c4c98h - DD 0e85858b0h,0e85858b0h - DD 04acfcf85h,04acfcf85h - DD 06bd0d0bbh,06bd0d0bbh - DD 02aefefc5h,02aefefc5h - DD 0e5aaaa4fh,0e5aaaa4fh - DD 016fbfbedh,016fbfbedh - DD 0c5434386h,0c5434386h - DD 0d74d4d9ah,0d74d4d9ah - DD 055333366h,055333366h - DD 094858511h,094858511h - DD 0cf45458ah,0cf45458ah - DD 010f9f9e9h,010f9f9e9h - DD 006020204h,006020204h - DD 0817f7ffeh,0817f7ffeh - DD 0f05050a0h,0f05050a0h - DD 0443c3c78h,0443c3c78h - DD 0ba9f9f25h,0ba9f9f25h - DD 0e3a8a84bh,0e3a8a84bh - DD 0f35151a2h,0f35151a2h - DD 0fea3a35dh,0fea3a35dh - DD 0c0404080h,0c0404080h - DD 08a8f8f05h,08a8f8f05h - DD 0ad92923fh,0ad92923fh - DD 0bc9d9d21h,0bc9d9d21h - DD 048383870h,048383870h - DD 004f5f5f1h,004f5f5f1h - DD 0dfbcbc63h,0dfbcbc63h - DD 0c1b6b677h,0c1b6b677h - DD 075dadaafh,075dadaafh - DD 063212142h,063212142h - DD 030101020h,030101020h - DD 01affffe5h,01affffe5h - DD 00ef3f3fdh,00ef3f3fdh - DD 06dd2d2bfh,06dd2d2bfh - DD 04ccdcd81h,04ccdcd81h - DD 0140c0c18h,0140c0c18h - DD 035131326h,035131326h - DD 02fececc3h,02fececc3h - DD 0e15f5fbeh,0e15f5fbeh - DD 0a2979735h,0a2979735h - DD 0cc444488h,0cc444488h - DD 03917172eh,03917172eh - DD 057c4c493h,057c4c493h - DD 0f2a7a755h,0f2a7a755h - DD 0827e7efch,0827e7efch - DD 0473d3d7ah,0473d3d7ah - DD 0ac6464c8h,0ac6464c8h - DD 0e75d5dbah,0e75d5dbah - DD 02b191932h,02b191932h - DD 0957373e6h,0957373e6h - DD 0a06060c0h,0a06060c0h - DD 098818119h,098818119h - DD 0d14f4f9eh,0d14f4f9eh - DD 07fdcdca3h,07fdcdca3h - DD 066222244h,066222244h - DD 07e2a2a54h,07e2a2a54h - DD 0ab90903bh,0ab90903bh - DD 08388880bh,08388880bh - DD 0ca46468ch,0ca46468ch - DD 029eeeec7h,029eeeec7h - DD 0d3b8b86bh,0d3b8b86bh - DD 03c141428h,03c141428h - DD 079dedea7h,079dedea7h - DD 0e25e5ebch,0e25e5ebch - DD 01d0b0b16h,01d0b0b16h - DD 076dbdbadh,076dbdbadh - DD 03be0e0dbh,03be0e0dbh - DD 056323264h,056323264h - DD 04e3a3a74h,04e3a3a74h - DD 01e0a0a14h,01e0a0a14h - DD 0db494992h,0db494992h - DD 00a06060ch,00a06060ch - DD 06c242448h,06c242448h - DD 0e45c5cb8h,0e45c5cb8h - DD 05dc2c29fh,05dc2c29fh - DD 06ed3d3bdh,06ed3d3bdh - DD 0efacac43h,0efacac43h - DD 0a66262c4h,0a66262c4h - DD 0a8919139h,0a8919139h - DD 0a4959531h,0a4959531h - DD 037e4e4d3h,037e4e4d3h - DD 08b7979f2h,08b7979f2h - DD 032e7e7d5h,032e7e7d5h - DD 043c8c88bh,043c8c88bh - DD 05937376eh,05937376eh - DD 0b76d6ddah,0b76d6ddah - DD 08c8d8d01h,08c8d8d01h - DD 064d5d5b1h,064d5d5b1h - DD 0d24e4e9ch,0d24e4e9ch - DD 0e0a9a949h,0e0a9a949h - DD 0b46c6cd8h,0b46c6cd8h - DD 0fa5656ach,0fa5656ach - DD 007f4f4f3h,007f4f4f3h - DD 025eaeacfh,025eaeacfh - DD 0af6565cah,0af6565cah - DD 08e7a7af4h,08e7a7af4h - DD 0e9aeae47h,0e9aeae47h - DD 018080810h,018080810h - DD 0d5baba6fh,0d5baba6fh - DD 0887878f0h,0887878f0h - DD 06f25254ah,06f25254ah - DD 0722e2e5ch,0722e2e5ch - DD 0241c1c38h,0241c1c38h - DD 0f1a6a657h,0f1a6a657h - DD 0c7b4b473h,0c7b4b473h - DD 051c6c697h,051c6c697h - DD 023e8e8cbh,023e8e8cbh - DD 07cdddda1h,07cdddda1h - DD 09c7474e8h,09c7474e8h - DD 0211f1f3eh,0211f1f3eh - DD 0dd4b4b96h,0dd4b4b96h - DD 0dcbdbd61h,0dcbdbd61h - DD 0868b8b0dh,0868b8b0dh - DD 0858a8a0fh,0858a8a0fh - DD 0907070e0h,0907070e0h - DD 0423e3e7ch,0423e3e7ch - DD 0c4b5b571h,0c4b5b571h - DD 0aa6666cch,0aa6666cch - DD 0d8484890h,0d8484890h - DD 005030306h,005030306h - DD 001f6f6f7h,001f6f6f7h - DD 0120e0e1ch,0120e0e1ch - DD 0a36161c2h,0a36161c2h - DD 05f35356ah,05f35356ah - DD 0f95757aeh,0f95757aeh - DD 0d0b9b969h,0d0b9b969h - DD 091868617h,091868617h - DD 058c1c199h,058c1c199h - DD 0271d1d3ah,0271d1d3ah - DD 0b99e9e27h,0b99e9e27h - DD 038e1e1d9h,038e1e1d9h - DD 013f8f8ebh,013f8f8ebh - DD 0b398982bh,0b398982bh - DD 033111122h,033111122h - DD 0bb6969d2h,0bb6969d2h - DD 070d9d9a9h,070d9d9a9h - DD 0898e8e07h,0898e8e07h - DD 0a7949433h,0a7949433h - DD 0b69b9b2dh,0b69b9b2dh - DD 0221e1e3ch,0221e1e3ch - DD 092878715h,092878715h - DD 020e9e9c9h,020e9e9c9h - DD 049cece87h,049cece87h - DD 0ff5555aah,0ff5555aah - DD 078282850h,078282850h - DD 07adfdfa5h,07adfdfa5h - DD 08f8c8c03h,08f8c8c03h - DD 0f8a1a159h,0f8a1a159h - DD 080898909h,080898909h - DD 0170d0d1ah,0170d0d1ah - DD 0dabfbf65h,0dabfbf65h - DD 031e6e6d7h,031e6e6d7h - DD 0c6424284h,0c6424284h - DD 0b86868d0h,0b86868d0h - DD 0c3414182h,0c3414182h - DD 0b0999929h,0b0999929h - DD 0772d2d5ah,0772d2d5ah - DD 0110f0f1eh,0110f0f1eh - DD 0cbb0b07bh,0cbb0b07bh - DD 0fc5454a8h,0fc5454a8h - DD 0d6bbbb6dh,0d6bbbb6dh - DD 03a16162ch,03a16162ch -DB 063h,07ch,077h,07bh,0f2h,06bh,06fh,0c5h -DB 030h,001h,067h,02bh,0feh,0d7h,0abh,076h -DB 0cah,082h,0c9h,07dh,0fah,059h,047h,0f0h -DB 0adh,0d4h,0a2h,0afh,09ch,0a4h,072h,0c0h -DB 0b7h,0fdh,093h,026h,036h,03fh,0f7h,0cch -DB 034h,0a5h,0e5h,0f1h,071h,0d8h,031h,015h -DB 004h,0c7h,023h,0c3h,018h,096h,005h,09ah -DB 007h,012h,080h,0e2h,0ebh,027h,0b2h,075h -DB 009h,083h,02ch,01ah,01bh,06eh,05ah,0a0h -DB 052h,03bh,0d6h,0b3h,029h,0e3h,02fh,084h -DB 053h,0d1h,000h,0edh,020h,0fch,0b1h,05bh -DB 06ah,0cbh,0beh,039h,04ah,04ch,058h,0cfh -DB 0d0h,0efh,0aah,0fbh,043h,04dh,033h,085h -DB 045h,0f9h,002h,07fh,050h,03ch,09fh,0a8h -DB 051h,0a3h,040h,08fh,092h,09dh,038h,0f5h -DB 0bch,0b6h,0dah,021h,010h,0ffh,0f3h,0d2h -DB 0cdh,00ch,013h,0ech,05fh,097h,044h,017h -DB 0c4h,0a7h,07eh,03dh,064h,05dh,019h,073h -DB 060h,081h,04fh,0dch,022h,02ah,090h,088h -DB 046h,0eeh,0b8h,014h,0deh,05eh,00bh,0dbh -DB 0e0h,032h,03ah,00ah,049h,006h,024h,05ch -DB 0c2h,0d3h,0ach,062h,091h,095h,0e4h,079h -DB 0e7h,0c8h,037h,06dh,08dh,0d5h,04eh,0a9h -DB 06ch,056h,0f4h,0eah,065h,07ah,0aeh,008h -DB 0bah,078h,025h,02eh,01ch,0a6h,0b4h,0c6h -DB 0e8h,0ddh,074h,01fh,04bh,0bdh,08bh,08ah -DB 070h,03eh,0b5h,066h,048h,003h,0f6h,00eh -DB 061h,035h,057h,0b9h,086h,0c1h,01dh,09eh -DB 0e1h,0f8h,098h,011h,069h,0d9h,08eh,094h -DB 09bh,01eh,087h,0e9h,0ceh,055h,028h,0dfh -DB 08ch,0a1h,089h,00dh,0bfh,0e6h,042h,068h -DB 041h,099h,02dh,00fh,0b0h,054h,0bbh,016h -DB 063h,07ch,077h,07bh,0f2h,06bh,06fh,0c5h -DB 030h,001h,067h,02bh,0feh,0d7h,0abh,076h -DB 0cah,082h,0c9h,07dh,0fah,059h,047h,0f0h -DB 0adh,0d4h,0a2h,0afh,09ch,0a4h,072h,0c0h -DB 0b7h,0fdh,093h,026h,036h,03fh,0f7h,0cch -DB 034h,0a5h,0e5h,0f1h,071h,0d8h,031h,015h -DB 004h,0c7h,023h,0c3h,018h,096h,005h,09ah -DB 007h,012h,080h,0e2h,0ebh,027h,0b2h,075h -DB 009h,083h,02ch,01ah,01bh,06eh,05ah,0a0h -DB 052h,03bh,0d6h,0b3h,029h,0e3h,02fh,084h -DB 053h,0d1h,000h,0edh,020h,0fch,0b1h,05bh -DB 06ah,0cbh,0beh,039h,04ah,04ch,058h,0cfh -DB 0d0h,0efh,0aah,0fbh,043h,04dh,033h,085h -DB 045h,0f9h,002h,07fh,050h,03ch,09fh,0a8h -DB 051h,0a3h,040h,08fh,092h,09dh,038h,0f5h -DB 0bch,0b6h,0dah,021h,010h,0ffh,0f3h,0d2h -DB 0cdh,00ch,013h,0ech,05fh,097h,044h,017h -DB 0c4h,0a7h,07eh,03dh,064h,05dh,019h,073h -DB 060h,081h,04fh,0dch,022h,02ah,090h,088h -DB 046h,0eeh,0b8h,014h,0deh,05eh,00bh,0dbh -DB 0e0h,032h,03ah,00ah,049h,006h,024h,05ch -DB 0c2h,0d3h,0ach,062h,091h,095h,0e4h,079h -DB 0e7h,0c8h,037h,06dh,08dh,0d5h,04eh,0a9h -DB 06ch,056h,0f4h,0eah,065h,07ah,0aeh,008h -DB 0bah,078h,025h,02eh,01ch,0a6h,0b4h,0c6h -DB 0e8h,0ddh,074h,01fh,04bh,0bdh,08bh,08ah -DB 070h,03eh,0b5h,066h,048h,003h,0f6h,00eh -DB 061h,035h,057h,0b9h,086h,0c1h,01dh,09eh -DB 0e1h,0f8h,098h,011h,069h,0d9h,08eh,094h -DB 09bh,01eh,087h,0e9h,0ceh,055h,028h,0dfh -DB 08ch,0a1h,089h,00dh,0bfh,0e6h,042h,068h -DB 041h,099h,02dh,00fh,0b0h,054h,0bbh,016h -DB 063h,07ch,077h,07bh,0f2h,06bh,06fh,0c5h -DB 030h,001h,067h,02bh,0feh,0d7h,0abh,076h -DB 0cah,082h,0c9h,07dh,0fah,059h,047h,0f0h -DB 0adh,0d4h,0a2h,0afh,09ch,0a4h,072h,0c0h -DB 0b7h,0fdh,093h,026h,036h,03fh,0f7h,0cch -DB 034h,0a5h,0e5h,0f1h,071h,0d8h,031h,015h -DB 004h,0c7h,023h,0c3h,018h,096h,005h,09ah -DB 007h,012h,080h,0e2h,0ebh,027h,0b2h,075h -DB 009h,083h,02ch,01ah,01bh,06eh,05ah,0a0h -DB 052h,03bh,0d6h,0b3h,029h,0e3h,02fh,084h -DB 053h,0d1h,000h,0edh,020h,0fch,0b1h,05bh -DB 06ah,0cbh,0beh,039h,04ah,04ch,058h,0cfh -DB 0d0h,0efh,0aah,0fbh,043h,04dh,033h,085h -DB 045h,0f9h,002h,07fh,050h,03ch,09fh,0a8h -DB 051h,0a3h,040h,08fh,092h,09dh,038h,0f5h -DB 0bch,0b6h,0dah,021h,010h,0ffh,0f3h,0d2h -DB 0cdh,00ch,013h,0ech,05fh,097h,044h,017h -DB 0c4h,0a7h,07eh,03dh,064h,05dh,019h,073h -DB 060h,081h,04fh,0dch,022h,02ah,090h,088h -DB 046h,0eeh,0b8h,014h,0deh,05eh,00bh,0dbh -DB 0e0h,032h,03ah,00ah,049h,006h,024h,05ch -DB 0c2h,0d3h,0ach,062h,091h,095h,0e4h,079h -DB 0e7h,0c8h,037h,06dh,08dh,0d5h,04eh,0a9h -DB 06ch,056h,0f4h,0eah,065h,07ah,0aeh,008h -DB 0bah,078h,025h,02eh,01ch,0a6h,0b4h,0c6h -DB 0e8h,0ddh,074h,01fh,04bh,0bdh,08bh,08ah -DB 070h,03eh,0b5h,066h,048h,003h,0f6h,00eh -DB 061h,035h,057h,0b9h,086h,0c1h,01dh,09eh -DB 0e1h,0f8h,098h,011h,069h,0d9h,08eh,094h -DB 09bh,01eh,087h,0e9h,0ceh,055h,028h,0dfh -DB 08ch,0a1h,089h,00dh,0bfh,0e6h,042h,068h -DB 041h,099h,02dh,00fh,0b0h,054h,0bbh,016h -DB 063h,07ch,077h,07bh,0f2h,06bh,06fh,0c5h -DB 030h,001h,067h,02bh,0feh,0d7h,0abh,076h -DB 0cah,082h,0c9h,07dh,0fah,059h,047h,0f0h -DB 0adh,0d4h,0a2h,0afh,09ch,0a4h,072h,0c0h -DB 0b7h,0fdh,093h,026h,036h,03fh,0f7h,0cch -DB 034h,0a5h,0e5h,0f1h,071h,0d8h,031h,015h -DB 004h,0c7h,023h,0c3h,018h,096h,005h,09ah -DB 007h,012h,080h,0e2h,0ebh,027h,0b2h,075h -DB 009h,083h,02ch,01ah,01bh,06eh,05ah,0a0h -DB 052h,03bh,0d6h,0b3h,029h,0e3h,02fh,084h -DB 053h,0d1h,000h,0edh,020h,0fch,0b1h,05bh -DB 06ah,0cbh,0beh,039h,04ah,04ch,058h,0cfh -DB 0d0h,0efh,0aah,0fbh,043h,04dh,033h,085h -DB 045h,0f9h,002h,07fh,050h,03ch,09fh,0a8h -DB 051h,0a3h,040h,08fh,092h,09dh,038h,0f5h -DB 0bch,0b6h,0dah,021h,010h,0ffh,0f3h,0d2h -DB 0cdh,00ch,013h,0ech,05fh,097h,044h,017h -DB 0c4h,0a7h,07eh,03dh,064h,05dh,019h,073h -DB 060h,081h,04fh,0dch,022h,02ah,090h,088h -DB 046h,0eeh,0b8h,014h,0deh,05eh,00bh,0dbh -DB 0e0h,032h,03ah,00ah,049h,006h,024h,05ch -DB 0c2h,0d3h,0ach,062h,091h,095h,0e4h,079h -DB 0e7h,0c8h,037h,06dh,08dh,0d5h,04eh,0a9h -DB 06ch,056h,0f4h,0eah,065h,07ah,0aeh,008h -DB 0bah,078h,025h,02eh,01ch,0a6h,0b4h,0c6h -DB 0e8h,0ddh,074h,01fh,04bh,0bdh,08bh,08ah -DB 070h,03eh,0b5h,066h,048h,003h,0f6h,00eh -DB 061h,035h,057h,0b9h,086h,0c1h,01dh,09eh -DB 0e1h,0f8h,098h,011h,069h,0d9h,08eh,094h -DB 09bh,01eh,087h,0e9h,0ceh,055h,028h,0dfh -DB 08ch,0a1h,089h,00dh,0bfh,0e6h,042h,068h -DB 041h,099h,02dh,00fh,0b0h,054h,0bbh,016h - DD 000000001h,000000002h,000000004h,000000008h - DD 000000010h,000000020h,000000040h,000000080h - DD 00000001bh,000000036h,080808080h,080808080h - DD 0fefefefeh,0fefefefeh,01b1b1b1bh,01b1b1b1bh +$L$AES_Te: + DD 0xa56363c6,0xa56363c6 + DD 0x847c7cf8,0x847c7cf8 + DD 0x997777ee,0x997777ee + DD 0x8d7b7bf6,0x8d7b7bf6 + DD 0x0df2f2ff,0x0df2f2ff + DD 0xbd6b6bd6,0xbd6b6bd6 + DD 0xb16f6fde,0xb16f6fde + DD 0x54c5c591,0x54c5c591 + DD 0x50303060,0x50303060 + DD 0x03010102,0x03010102 + DD 0xa96767ce,0xa96767ce + DD 0x7d2b2b56,0x7d2b2b56 + DD 0x19fefee7,0x19fefee7 + DD 0x62d7d7b5,0x62d7d7b5 + DD 0xe6abab4d,0xe6abab4d + DD 0x9a7676ec,0x9a7676ec + DD 0x45caca8f,0x45caca8f + DD 0x9d82821f,0x9d82821f + DD 0x40c9c989,0x40c9c989 + DD 0x877d7dfa,0x877d7dfa + DD 0x15fafaef,0x15fafaef + DD 0xeb5959b2,0xeb5959b2 + DD 0xc947478e,0xc947478e + DD 0x0bf0f0fb,0x0bf0f0fb + DD 0xecadad41,0xecadad41 + DD 0x67d4d4b3,0x67d4d4b3 + DD 0xfda2a25f,0xfda2a25f + DD 0xeaafaf45,0xeaafaf45 + DD 0xbf9c9c23,0xbf9c9c23 + DD 0xf7a4a453,0xf7a4a453 + DD 0x967272e4,0x967272e4 + DD 0x5bc0c09b,0x5bc0c09b + DD 0xc2b7b775,0xc2b7b775 + DD 0x1cfdfde1,0x1cfdfde1 + DD 0xae93933d,0xae93933d + DD 0x6a26264c,0x6a26264c + DD 0x5a36366c,0x5a36366c + DD 0x413f3f7e,0x413f3f7e + DD 0x02f7f7f5,0x02f7f7f5 + DD 0x4fcccc83,0x4fcccc83 + DD 0x5c343468,0x5c343468 + DD 0xf4a5a551,0xf4a5a551 + DD 0x34e5e5d1,0x34e5e5d1 + DD 0x08f1f1f9,0x08f1f1f9 + DD 0x937171e2,0x937171e2 + DD 0x73d8d8ab,0x73d8d8ab + DD 0x53313162,0x53313162 + DD 0x3f15152a,0x3f15152a + DD 0x0c040408,0x0c040408 + DD 0x52c7c795,0x52c7c795 + DD 0x65232346,0x65232346 + DD 0x5ec3c39d,0x5ec3c39d + DD 0x28181830,0x28181830 + DD 0xa1969637,0xa1969637 + DD 0x0f05050a,0x0f05050a + DD 0xb59a9a2f,0xb59a9a2f + DD 0x0907070e,0x0907070e + DD 0x36121224,0x36121224 + DD 0x9b80801b,0x9b80801b + DD 0x3de2e2df,0x3de2e2df + DD 0x26ebebcd,0x26ebebcd + DD 0x6927274e,0x6927274e + DD 0xcdb2b27f,0xcdb2b27f + DD 0x9f7575ea,0x9f7575ea + DD 0x1b090912,0x1b090912 + DD 0x9e83831d,0x9e83831d + DD 0x742c2c58,0x742c2c58 + DD 0x2e1a1a34,0x2e1a1a34 + DD 0x2d1b1b36,0x2d1b1b36 + DD 0xb26e6edc,0xb26e6edc + DD 0xee5a5ab4,0xee5a5ab4 + DD 0xfba0a05b,0xfba0a05b + DD 0xf65252a4,0xf65252a4 + DD 0x4d3b3b76,0x4d3b3b76 + DD 0x61d6d6b7,0x61d6d6b7 + DD 0xceb3b37d,0xceb3b37d + DD 0x7b292952,0x7b292952 + DD 0x3ee3e3dd,0x3ee3e3dd + DD 0x712f2f5e,0x712f2f5e + DD 0x97848413,0x97848413 + DD 0xf55353a6,0xf55353a6 + DD 0x68d1d1b9,0x68d1d1b9 + DD 0x00000000,0x00000000 + DD 0x2cededc1,0x2cededc1 + DD 0x60202040,0x60202040 + DD 0x1ffcfce3,0x1ffcfce3 + DD 0xc8b1b179,0xc8b1b179 + DD 0xed5b5bb6,0xed5b5bb6 + DD 0xbe6a6ad4,0xbe6a6ad4 + DD 0x46cbcb8d,0x46cbcb8d + DD 0xd9bebe67,0xd9bebe67 + DD 0x4b393972,0x4b393972 + DD 0xde4a4a94,0xde4a4a94 + DD 0xd44c4c98,0xd44c4c98 + DD 0xe85858b0,0xe85858b0 + DD 0x4acfcf85,0x4acfcf85 + DD 0x6bd0d0bb,0x6bd0d0bb + DD 0x2aefefc5,0x2aefefc5 + DD 0xe5aaaa4f,0xe5aaaa4f + DD 0x16fbfbed,0x16fbfbed + DD 0xc5434386,0xc5434386 + DD 0xd74d4d9a,0xd74d4d9a + DD 0x55333366,0x55333366 + DD 0x94858511,0x94858511 + DD 0xcf45458a,0xcf45458a + DD 0x10f9f9e9,0x10f9f9e9 + DD 0x06020204,0x06020204 + DD 0x817f7ffe,0x817f7ffe + DD 0xf05050a0,0xf05050a0 + DD 0x443c3c78,0x443c3c78 + DD 0xba9f9f25,0xba9f9f25 + DD 0xe3a8a84b,0xe3a8a84b + DD 0xf35151a2,0xf35151a2 + DD 0xfea3a35d,0xfea3a35d + DD 0xc0404080,0xc0404080 + DD 0x8a8f8f05,0x8a8f8f05 + DD 0xad92923f,0xad92923f + DD 0xbc9d9d21,0xbc9d9d21 + DD 0x48383870,0x48383870 + DD 0x04f5f5f1,0x04f5f5f1 + DD 0xdfbcbc63,0xdfbcbc63 + DD 0xc1b6b677,0xc1b6b677 + DD 0x75dadaaf,0x75dadaaf + DD 0x63212142,0x63212142 + DD 0x30101020,0x30101020 + DD 0x1affffe5,0x1affffe5 + DD 0x0ef3f3fd,0x0ef3f3fd + DD 0x6dd2d2bf,0x6dd2d2bf + DD 0x4ccdcd81,0x4ccdcd81 + DD 0x140c0c18,0x140c0c18 + DD 0x35131326,0x35131326 + DD 0x2fececc3,0x2fececc3 + DD 0xe15f5fbe,0xe15f5fbe + DD 0xa2979735,0xa2979735 + DD 0xcc444488,0xcc444488 + DD 0x3917172e,0x3917172e + DD 0x57c4c493,0x57c4c493 + DD 0xf2a7a755,0xf2a7a755 + DD 0x827e7efc,0x827e7efc + DD 0x473d3d7a,0x473d3d7a + DD 0xac6464c8,0xac6464c8 + DD 0xe75d5dba,0xe75d5dba + DD 0x2b191932,0x2b191932 + DD 0x957373e6,0x957373e6 + DD 0xa06060c0,0xa06060c0 + DD 0x98818119,0x98818119 + DD 0xd14f4f9e,0xd14f4f9e + DD 0x7fdcdca3,0x7fdcdca3 + DD 0x66222244,0x66222244 + DD 0x7e2a2a54,0x7e2a2a54 + DD 0xab90903b,0xab90903b + DD 0x8388880b,0x8388880b + DD 0xca46468c,0xca46468c + DD 0x29eeeec7,0x29eeeec7 + DD 0xd3b8b86b,0xd3b8b86b + DD 0x3c141428,0x3c141428 + DD 0x79dedea7,0x79dedea7 + DD 0xe25e5ebc,0xe25e5ebc + DD 0x1d0b0b16,0x1d0b0b16 + DD 0x76dbdbad,0x76dbdbad + DD 0x3be0e0db,0x3be0e0db + DD 0x56323264,0x56323264 + DD 0x4e3a3a74,0x4e3a3a74 + DD 0x1e0a0a14,0x1e0a0a14 + DD 0xdb494992,0xdb494992 + DD 0x0a06060c,0x0a06060c + DD 0x6c242448,0x6c242448 + DD 0xe45c5cb8,0xe45c5cb8 + DD 0x5dc2c29f,0x5dc2c29f + DD 0x6ed3d3bd,0x6ed3d3bd + DD 0xefacac43,0xefacac43 + DD 0xa66262c4,0xa66262c4 + DD 0xa8919139,0xa8919139 + DD 0xa4959531,0xa4959531 + DD 0x37e4e4d3,0x37e4e4d3 + DD 0x8b7979f2,0x8b7979f2 + DD 0x32e7e7d5,0x32e7e7d5 + DD 0x43c8c88b,0x43c8c88b + DD 0x5937376e,0x5937376e + DD 0xb76d6dda,0xb76d6dda + DD 0x8c8d8d01,0x8c8d8d01 + DD 0x64d5d5b1,0x64d5d5b1 + DD 0xd24e4e9c,0xd24e4e9c + DD 0xe0a9a949,0xe0a9a949 + DD 0xb46c6cd8,0xb46c6cd8 + DD 0xfa5656ac,0xfa5656ac + DD 0x07f4f4f3,0x07f4f4f3 + DD 0x25eaeacf,0x25eaeacf + DD 0xaf6565ca,0xaf6565ca + DD 0x8e7a7af4,0x8e7a7af4 + DD 0xe9aeae47,0xe9aeae47 + DD 0x18080810,0x18080810 + DD 0xd5baba6f,0xd5baba6f + DD 0x887878f0,0x887878f0 + DD 0x6f25254a,0x6f25254a + DD 0x722e2e5c,0x722e2e5c + DD 0x241c1c38,0x241c1c38 + DD 0xf1a6a657,0xf1a6a657 + DD 0xc7b4b473,0xc7b4b473 + DD 0x51c6c697,0x51c6c697 + DD 0x23e8e8cb,0x23e8e8cb + DD 0x7cdddda1,0x7cdddda1 + DD 0x9c7474e8,0x9c7474e8 + DD 0x211f1f3e,0x211f1f3e + DD 0xdd4b4b96,0xdd4b4b96 + DD 0xdcbdbd61,0xdcbdbd61 + DD 0x868b8b0d,0x868b8b0d + DD 0x858a8a0f,0x858a8a0f + DD 0x907070e0,0x907070e0 + DD 0x423e3e7c,0x423e3e7c + DD 0xc4b5b571,0xc4b5b571 + DD 0xaa6666cc,0xaa6666cc + DD 0xd8484890,0xd8484890 + DD 0x05030306,0x05030306 + DD 0x01f6f6f7,0x01f6f6f7 + DD 0x120e0e1c,0x120e0e1c + DD 0xa36161c2,0xa36161c2 + DD 0x5f35356a,0x5f35356a + DD 0xf95757ae,0xf95757ae + DD 0xd0b9b969,0xd0b9b969 + DD 0x91868617,0x91868617 + DD 0x58c1c199,0x58c1c199 + DD 0x271d1d3a,0x271d1d3a + DD 0xb99e9e27,0xb99e9e27 + DD 0x38e1e1d9,0x38e1e1d9 + DD 0x13f8f8eb,0x13f8f8eb + DD 0xb398982b,0xb398982b + DD 0x33111122,0x33111122 + DD 0xbb6969d2,0xbb6969d2 + DD 0x70d9d9a9,0x70d9d9a9 + DD 0x898e8e07,0x898e8e07 + DD 0xa7949433,0xa7949433 + DD 0xb69b9b2d,0xb69b9b2d + DD 0x221e1e3c,0x221e1e3c + DD 0x92878715,0x92878715 + DD 0x20e9e9c9,0x20e9e9c9 + DD 0x49cece87,0x49cece87 + DD 0xff5555aa,0xff5555aa + DD 0x78282850,0x78282850 + DD 0x7adfdfa5,0x7adfdfa5 + DD 0x8f8c8c03,0x8f8c8c03 + DD 0xf8a1a159,0xf8a1a159 + DD 0x80898909,0x80898909 + DD 0x170d0d1a,0x170d0d1a + DD 0xdabfbf65,0xdabfbf65 + DD 0x31e6e6d7,0x31e6e6d7 + DD 0xc6424284,0xc6424284 + DD 0xb86868d0,0xb86868d0 + DD 0xc3414182,0xc3414182 + DD 0xb0999929,0xb0999929 + DD 0x772d2d5a,0x772d2d5a + DD 0x110f0f1e,0x110f0f1e + DD 0xcbb0b07b,0xcbb0b07b + DD 0xfc5454a8,0xfc5454a8 + DD 0xd6bbbb6d,0xd6bbbb6d + DD 0x3a16162c,0x3a16162c +DB 0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5 +DB 0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76 +DB 0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0 +DB 0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0 +DB 0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc +DB 0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15 +DB 0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a +DB 0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75 +DB 0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0 +DB 0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84 +DB 0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b +DB 0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf +DB 0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85 +DB 0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8 +DB 0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5 +DB 0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2 +DB 0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17 +DB 0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73 +DB 0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88 +DB 0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb +DB 0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c +DB 0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79 +DB 0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9 +DB 0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08 +DB 0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6 +DB 0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a +DB 0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e +DB 0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e +DB 0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94 +DB 0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf +DB 0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68 +DB 0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16 +DB 0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5 +DB 0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76 +DB 0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0 +DB 0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0 +DB 0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc +DB 0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15 +DB 0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a +DB 0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75 +DB 0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0 +DB 0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84 +DB 0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b +DB 0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf +DB 0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85 +DB 0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8 +DB 0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5 +DB 0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2 +DB 0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17 +DB 0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73 +DB 0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88 +DB 0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb +DB 0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c +DB 0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79 +DB 0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9 +DB 0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08 +DB 0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6 +DB 0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a +DB 0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e +DB 0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e +DB 0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94 +DB 0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf +DB 0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68 +DB 0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16 +DB 0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5 +DB 0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76 +DB 0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0 +DB 0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0 +DB 0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc +DB 0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15 +DB 0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a +DB 0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75 +DB 0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0 +DB 0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84 +DB 0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b +DB 0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf +DB 0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85 +DB 0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8 +DB 0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5 +DB 0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2 +DB 0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17 +DB 0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73 +DB 0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88 +DB 0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb +DB 0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c +DB 0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79 +DB 0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9 +DB 0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08 +DB 0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6 +DB 0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a +DB 0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e +DB 0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e +DB 0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94 +DB 0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf +DB 0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68 +DB 0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16 +DB 0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5 +DB 0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76 +DB 0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0 +DB 0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0 +DB 0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc +DB 0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15 +DB 0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a +DB 0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75 +DB 0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0 +DB 0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84 +DB 0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b +DB 0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf +DB 0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85 +DB 0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8 +DB 0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5 +DB 0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2 +DB 0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17 +DB 0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73 +DB 0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88 +DB 0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb +DB 0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c +DB 0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79 +DB 0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9 +DB 0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08 +DB 0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6 +DB 0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a +DB 0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e +DB 0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e +DB 0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94 +DB 0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf +DB 0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68 +DB 0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16 + DD 0x00000001,0x00000002,0x00000004,0x00000008 + DD 0x00000010,0x00000020,0x00000040,0x00000080 + DD 0x0000001b,0x00000036,0x80808080,0x80808080 + DD 0xfefefefe,0xfefefefe,0x1b1b1b1b,0x1b1b1b1b ALIGN 64 -$L$AES_Td:: - DD 050a7f451h,050a7f451h - DD 05365417eh,05365417eh - DD 0c3a4171ah,0c3a4171ah - DD 0965e273ah,0965e273ah - DD 0cb6bab3bh,0cb6bab3bh - DD 0f1459d1fh,0f1459d1fh - DD 0ab58faach,0ab58faach - DD 09303e34bh,09303e34bh - DD 055fa3020h,055fa3020h - DD 0f66d76adh,0f66d76adh - DD 09176cc88h,09176cc88h - DD 0254c02f5h,0254c02f5h - DD 0fcd7e54fh,0fcd7e54fh - DD 0d7cb2ac5h,0d7cb2ac5h - DD 080443526h,080443526h - DD 08fa362b5h,08fa362b5h - DD 0495ab1deh,0495ab1deh - DD 0671bba25h,0671bba25h - DD 0980eea45h,0980eea45h - DD 0e1c0fe5dh,0e1c0fe5dh - DD 002752fc3h,002752fc3h - DD 012f04c81h,012f04c81h - DD 0a397468dh,0a397468dh - DD 0c6f9d36bh,0c6f9d36bh - DD 0e75f8f03h,0e75f8f03h - DD 0959c9215h,0959c9215h - DD 0eb7a6dbfh,0eb7a6dbfh - DD 0da595295h,0da595295h - DD 02d83bed4h,02d83bed4h - DD 0d3217458h,0d3217458h - DD 02969e049h,02969e049h - DD 044c8c98eh,044c8c98eh - DD 06a89c275h,06a89c275h - DD 078798ef4h,078798ef4h - DD 06b3e5899h,06b3e5899h - DD 0dd71b927h,0dd71b927h - DD 0b64fe1beh,0b64fe1beh - DD 017ad88f0h,017ad88f0h - DD 066ac20c9h,066ac20c9h - DD 0b43ace7dh,0b43ace7dh - DD 0184adf63h,0184adf63h - DD 082311ae5h,082311ae5h - DD 060335197h,060335197h - DD 0457f5362h,0457f5362h - DD 0e07764b1h,0e07764b1h - DD 084ae6bbbh,084ae6bbbh - DD 01ca081feh,01ca081feh - DD 0942b08f9h,0942b08f9h - DD 058684870h,058684870h - DD 019fd458fh,019fd458fh - DD 0876cde94h,0876cde94h - DD 0b7f87b52h,0b7f87b52h - DD 023d373abh,023d373abh - DD 0e2024b72h,0e2024b72h - DD 0578f1fe3h,0578f1fe3h - DD 02aab5566h,02aab5566h - DD 00728ebb2h,00728ebb2h - DD 003c2b52fh,003c2b52fh - DD 09a7bc586h,09a7bc586h - DD 0a50837d3h,0a50837d3h - DD 0f2872830h,0f2872830h - DD 0b2a5bf23h,0b2a5bf23h - DD 0ba6a0302h,0ba6a0302h - DD 05c8216edh,05c8216edh - DD 02b1ccf8ah,02b1ccf8ah - DD 092b479a7h,092b479a7h - DD 0f0f207f3h,0f0f207f3h - DD 0a1e2694eh,0a1e2694eh - DD 0cdf4da65h,0cdf4da65h - DD 0d5be0506h,0d5be0506h - DD 01f6234d1h,01f6234d1h - DD 08afea6c4h,08afea6c4h - DD 09d532e34h,09d532e34h - DD 0a055f3a2h,0a055f3a2h - DD 032e18a05h,032e18a05h - DD 075ebf6a4h,075ebf6a4h - DD 039ec830bh,039ec830bh - DD 0aaef6040h,0aaef6040h - DD 0069f715eh,0069f715eh - DD 051106ebdh,051106ebdh - DD 0f98a213eh,0f98a213eh - DD 03d06dd96h,03d06dd96h - DD 0ae053eddh,0ae053eddh - DD 046bde64dh,046bde64dh - DD 0b58d5491h,0b58d5491h - DD 0055dc471h,0055dc471h - DD 06fd40604h,06fd40604h - DD 0ff155060h,0ff155060h - DD 024fb9819h,024fb9819h - DD 097e9bdd6h,097e9bdd6h - DD 0cc434089h,0cc434089h - DD 0779ed967h,0779ed967h - DD 0bd42e8b0h,0bd42e8b0h - DD 0888b8907h,0888b8907h - DD 0385b19e7h,0385b19e7h - DD 0dbeec879h,0dbeec879h - DD 0470a7ca1h,0470a7ca1h - DD 0e90f427ch,0e90f427ch - DD 0c91e84f8h,0c91e84f8h - DD 000000000h,000000000h - DD 083868009h,083868009h - DD 048ed2b32h,048ed2b32h - DD 0ac70111eh,0ac70111eh - DD 04e725a6ch,04e725a6ch - DD 0fbff0efdh,0fbff0efdh - DD 05638850fh,05638850fh - DD 01ed5ae3dh,01ed5ae3dh - DD 027392d36h,027392d36h - DD 064d90f0ah,064d90f0ah - DD 021a65c68h,021a65c68h - DD 0d1545b9bh,0d1545b9bh - DD 03a2e3624h,03a2e3624h - DD 0b1670a0ch,0b1670a0ch - DD 00fe75793h,00fe75793h - DD 0d296eeb4h,0d296eeb4h - DD 09e919b1bh,09e919b1bh - DD 04fc5c080h,04fc5c080h - DD 0a220dc61h,0a220dc61h - DD 0694b775ah,0694b775ah - DD 0161a121ch,0161a121ch - DD 00aba93e2h,00aba93e2h - DD 0e52aa0c0h,0e52aa0c0h - DD 043e0223ch,043e0223ch - DD 01d171b12h,01d171b12h - DD 00b0d090eh,00b0d090eh - DD 0adc78bf2h,0adc78bf2h - DD 0b9a8b62dh,0b9a8b62dh - DD 0c8a91e14h,0c8a91e14h - DD 08519f157h,08519f157h - DD 04c0775afh,04c0775afh - DD 0bbdd99eeh,0bbdd99eeh - DD 0fd607fa3h,0fd607fa3h - DD 09f2601f7h,09f2601f7h - DD 0bcf5725ch,0bcf5725ch - DD 0c53b6644h,0c53b6644h - DD 0347efb5bh,0347efb5bh - DD 07629438bh,07629438bh - DD 0dcc623cbh,0dcc623cbh - DD 068fcedb6h,068fcedb6h - DD 063f1e4b8h,063f1e4b8h - DD 0cadc31d7h,0cadc31d7h - DD 010856342h,010856342h - DD 040229713h,040229713h - DD 02011c684h,02011c684h - DD 07d244a85h,07d244a85h - DD 0f83dbbd2h,0f83dbbd2h - DD 01132f9aeh,01132f9aeh - DD 06da129c7h,06da129c7h - DD 04b2f9e1dh,04b2f9e1dh - DD 0f330b2dch,0f330b2dch - DD 0ec52860dh,0ec52860dh - DD 0d0e3c177h,0d0e3c177h - DD 06c16b32bh,06c16b32bh - DD 099b970a9h,099b970a9h - DD 0fa489411h,0fa489411h - DD 02264e947h,02264e947h - DD 0c48cfca8h,0c48cfca8h - DD 01a3ff0a0h,01a3ff0a0h - DD 0d82c7d56h,0d82c7d56h - DD 0ef903322h,0ef903322h - DD 0c74e4987h,0c74e4987h - DD 0c1d138d9h,0c1d138d9h - DD 0fea2ca8ch,0fea2ca8ch - DD 0360bd498h,0360bd498h - DD 0cf81f5a6h,0cf81f5a6h - DD 028de7aa5h,028de7aa5h - DD 0268eb7dah,0268eb7dah - DD 0a4bfad3fh,0a4bfad3fh - DD 0e49d3a2ch,0e49d3a2ch - DD 00d927850h,00d927850h - DD 09bcc5f6ah,09bcc5f6ah - DD 062467e54h,062467e54h - DD 0c2138df6h,0c2138df6h - DD 0e8b8d890h,0e8b8d890h - DD 05ef7392eh,05ef7392eh - DD 0f5afc382h,0f5afc382h - DD 0be805d9fh,0be805d9fh - DD 07c93d069h,07c93d069h - DD 0a92dd56fh,0a92dd56fh - DD 0b31225cfh,0b31225cfh - DD 03b99acc8h,03b99acc8h - DD 0a77d1810h,0a77d1810h - DD 06e639ce8h,06e639ce8h - DD 07bbb3bdbh,07bbb3bdbh - DD 0097826cdh,0097826cdh - DD 0f418596eh,0f418596eh - DD 001b79aech,001b79aech - DD 0a89a4f83h,0a89a4f83h - DD 0656e95e6h,0656e95e6h - DD 07ee6ffaah,07ee6ffaah - DD 008cfbc21h,008cfbc21h - DD 0e6e815efh,0e6e815efh - DD 0d99be7bah,0d99be7bah - DD 0ce366f4ah,0ce366f4ah - DD 0d4099feah,0d4099feah - DD 0d67cb029h,0d67cb029h - DD 0afb2a431h,0afb2a431h - DD 031233f2ah,031233f2ah - DD 03094a5c6h,03094a5c6h - DD 0c066a235h,0c066a235h - DD 037bc4e74h,037bc4e74h - DD 0a6ca82fch,0a6ca82fch - DD 0b0d090e0h,0b0d090e0h - DD 015d8a733h,015d8a733h - DD 04a9804f1h,04a9804f1h - DD 0f7daec41h,0f7daec41h - DD 00e50cd7fh,00e50cd7fh - DD 02ff69117h,02ff69117h - DD 08dd64d76h,08dd64d76h - DD 04db0ef43h,04db0ef43h - DD 0544daacch,0544daacch - DD 0df0496e4h,0df0496e4h - DD 0e3b5d19eh,0e3b5d19eh - DD 01b886a4ch,01b886a4ch - DD 0b81f2cc1h,0b81f2cc1h - DD 07f516546h,07f516546h - DD 004ea5e9dh,004ea5e9dh - DD 05d358c01h,05d358c01h - DD 0737487fah,0737487fah - DD 02e410bfbh,02e410bfbh - DD 05a1d67b3h,05a1d67b3h - DD 052d2db92h,052d2db92h - DD 0335610e9h,0335610e9h - DD 01347d66dh,01347d66dh - DD 08c61d79ah,08c61d79ah - DD 07a0ca137h,07a0ca137h - DD 08e14f859h,08e14f859h - DD 0893c13ebh,0893c13ebh - DD 0ee27a9ceh,0ee27a9ceh - DD 035c961b7h,035c961b7h - DD 0ede51ce1h,0ede51ce1h - DD 03cb1477ah,03cb1477ah - DD 059dfd29ch,059dfd29ch - DD 03f73f255h,03f73f255h - DD 079ce1418h,079ce1418h - DD 0bf37c773h,0bf37c773h - DD 0eacdf753h,0eacdf753h - DD 05baafd5fh,05baafd5fh - DD 0146f3ddfh,0146f3ddfh - DD 086db4478h,086db4478h - DD 081f3afcah,081f3afcah - DD 03ec468b9h,03ec468b9h - DD 02c342438h,02c342438h - DD 05f40a3c2h,05f40a3c2h - DD 072c31d16h,072c31d16h - DD 00c25e2bch,00c25e2bch - DD 08b493c28h,08b493c28h - DD 041950dffh,041950dffh - DD 07101a839h,07101a839h - DD 0deb30c08h,0deb30c08h - DD 09ce4b4d8h,09ce4b4d8h - DD 090c15664h,090c15664h - DD 06184cb7bh,06184cb7bh - DD 070b632d5h,070b632d5h - DD 0745c6c48h,0745c6c48h - DD 04257b8d0h,04257b8d0h -DB 052h,009h,06ah,0d5h,030h,036h,0a5h,038h -DB 0bfh,040h,0a3h,09eh,081h,0f3h,0d7h,0fbh -DB 07ch,0e3h,039h,082h,09bh,02fh,0ffh,087h -DB 034h,08eh,043h,044h,0c4h,0deh,0e9h,0cbh -DB 054h,07bh,094h,032h,0a6h,0c2h,023h,03dh -DB 0eeh,04ch,095h,00bh,042h,0fah,0c3h,04eh -DB 008h,02eh,0a1h,066h,028h,0d9h,024h,0b2h -DB 076h,05bh,0a2h,049h,06dh,08bh,0d1h,025h -DB 072h,0f8h,0f6h,064h,086h,068h,098h,016h -DB 0d4h,0a4h,05ch,0cch,05dh,065h,0b6h,092h -DB 06ch,070h,048h,050h,0fdh,0edh,0b9h,0dah -DB 05eh,015h,046h,057h,0a7h,08dh,09dh,084h -DB 090h,0d8h,0abh,000h,08ch,0bch,0d3h,00ah -DB 0f7h,0e4h,058h,005h,0b8h,0b3h,045h,006h -DB 0d0h,02ch,01eh,08fh,0cah,03fh,00fh,002h -DB 0c1h,0afh,0bdh,003h,001h,013h,08ah,06bh -DB 03ah,091h,011h,041h,04fh,067h,0dch,0eah -DB 097h,0f2h,0cfh,0ceh,0f0h,0b4h,0e6h,073h -DB 096h,0ach,074h,022h,0e7h,0adh,035h,085h -DB 0e2h,0f9h,037h,0e8h,01ch,075h,0dfh,06eh -DB 047h,0f1h,01ah,071h,01dh,029h,0c5h,089h -DB 06fh,0b7h,062h,00eh,0aah,018h,0beh,01bh -DB 0fch,056h,03eh,04bh,0c6h,0d2h,079h,020h -DB 09ah,0dbh,0c0h,0feh,078h,0cdh,05ah,0f4h -DB 01fh,0ddh,0a8h,033h,088h,007h,0c7h,031h -DB 0b1h,012h,010h,059h,027h,080h,0ech,05fh -DB 060h,051h,07fh,0a9h,019h,0b5h,04ah,00dh -DB 02dh,0e5h,07ah,09fh,093h,0c9h,09ch,0efh -DB 0a0h,0e0h,03bh,04dh,0aeh,02ah,0f5h,0b0h -DB 0c8h,0ebh,0bbh,03ch,083h,053h,099h,061h -DB 017h,02bh,004h,07eh,0bah,077h,0d6h,026h -DB 0e1h,069h,014h,063h,055h,021h,00ch,07dh - DD 080808080h,080808080h,0fefefefeh,0fefefefeh - DD 01b1b1b1bh,01b1b1b1bh,0,0 -DB 052h,009h,06ah,0d5h,030h,036h,0a5h,038h -DB 0bfh,040h,0a3h,09eh,081h,0f3h,0d7h,0fbh -DB 07ch,0e3h,039h,082h,09bh,02fh,0ffh,087h -DB 034h,08eh,043h,044h,0c4h,0deh,0e9h,0cbh -DB 054h,07bh,094h,032h,0a6h,0c2h,023h,03dh -DB 0eeh,04ch,095h,00bh,042h,0fah,0c3h,04eh -DB 008h,02eh,0a1h,066h,028h,0d9h,024h,0b2h -DB 076h,05bh,0a2h,049h,06dh,08bh,0d1h,025h -DB 072h,0f8h,0f6h,064h,086h,068h,098h,016h -DB 0d4h,0a4h,05ch,0cch,05dh,065h,0b6h,092h -DB 06ch,070h,048h,050h,0fdh,0edh,0b9h,0dah -DB 05eh,015h,046h,057h,0a7h,08dh,09dh,084h -DB 090h,0d8h,0abh,000h,08ch,0bch,0d3h,00ah -DB 0f7h,0e4h,058h,005h,0b8h,0b3h,045h,006h -DB 0d0h,02ch,01eh,08fh,0cah,03fh,00fh,002h -DB 0c1h,0afh,0bdh,003h,001h,013h,08ah,06bh -DB 03ah,091h,011h,041h,04fh,067h,0dch,0eah -DB 097h,0f2h,0cfh,0ceh,0f0h,0b4h,0e6h,073h -DB 096h,0ach,074h,022h,0e7h,0adh,035h,085h -DB 0e2h,0f9h,037h,0e8h,01ch,075h,0dfh,06eh -DB 047h,0f1h,01ah,071h,01dh,029h,0c5h,089h -DB 06fh,0b7h,062h,00eh,0aah,018h,0beh,01bh -DB 0fch,056h,03eh,04bh,0c6h,0d2h,079h,020h -DB 09ah,0dbh,0c0h,0feh,078h,0cdh,05ah,0f4h -DB 01fh,0ddh,0a8h,033h,088h,007h,0c7h,031h -DB 0b1h,012h,010h,059h,027h,080h,0ech,05fh -DB 060h,051h,07fh,0a9h,019h,0b5h,04ah,00dh -DB 02dh,0e5h,07ah,09fh,093h,0c9h,09ch,0efh -DB 0a0h,0e0h,03bh,04dh,0aeh,02ah,0f5h,0b0h -DB 0c8h,0ebh,0bbh,03ch,083h,053h,099h,061h -DB 017h,02bh,004h,07eh,0bah,077h,0d6h,026h -DB 0e1h,069h,014h,063h,055h,021h,00ch,07dh - DD 080808080h,080808080h,0fefefefeh,0fefefefeh - DD 01b1b1b1bh,01b1b1b1bh,0,0 -DB 052h,009h,06ah,0d5h,030h,036h,0a5h,038h -DB 0bfh,040h,0a3h,09eh,081h,0f3h,0d7h,0fbh -DB 07ch,0e3h,039h,082h,09bh,02fh,0ffh,087h -DB 034h,08eh,043h,044h,0c4h,0deh,0e9h,0cbh -DB 054h,07bh,094h,032h,0a6h,0c2h,023h,03dh -DB 0eeh,04ch,095h,00bh,042h,0fah,0c3h,04eh -DB 008h,02eh,0a1h,066h,028h,0d9h,024h,0b2h -DB 076h,05bh,0a2h,049h,06dh,08bh,0d1h,025h -DB 072h,0f8h,0f6h,064h,086h,068h,098h,016h -DB 0d4h,0a4h,05ch,0cch,05dh,065h,0b6h,092h -DB 06ch,070h,048h,050h,0fdh,0edh,0b9h,0dah -DB 05eh,015h,046h,057h,0a7h,08dh,09dh,084h -DB 090h,0d8h,0abh,000h,08ch,0bch,0d3h,00ah -DB 0f7h,0e4h,058h,005h,0b8h,0b3h,045h,006h -DB 0d0h,02ch,01eh,08fh,0cah,03fh,00fh,002h -DB 0c1h,0afh,0bdh,003h,001h,013h,08ah,06bh -DB 03ah,091h,011h,041h,04fh,067h,0dch,0eah -DB 097h,0f2h,0cfh,0ceh,0f0h,0b4h,0e6h,073h -DB 096h,0ach,074h,022h,0e7h,0adh,035h,085h -DB 0e2h,0f9h,037h,0e8h,01ch,075h,0dfh,06eh -DB 047h,0f1h,01ah,071h,01dh,029h,0c5h,089h -DB 06fh,0b7h,062h,00eh,0aah,018h,0beh,01bh -DB 0fch,056h,03eh,04bh,0c6h,0d2h,079h,020h -DB 09ah,0dbh,0c0h,0feh,078h,0cdh,05ah,0f4h -DB 01fh,0ddh,0a8h,033h,088h,007h,0c7h,031h -DB 0b1h,012h,010h,059h,027h,080h,0ech,05fh -DB 060h,051h,07fh,0a9h,019h,0b5h,04ah,00dh -DB 02dh,0e5h,07ah,09fh,093h,0c9h,09ch,0efh -DB 0a0h,0e0h,03bh,04dh,0aeh,02ah,0f5h,0b0h -DB 0c8h,0ebh,0bbh,03ch,083h,053h,099h,061h -DB 017h,02bh,004h,07eh,0bah,077h,0d6h,026h -DB 0e1h,069h,014h,063h,055h,021h,00ch,07dh - DD 080808080h,080808080h,0fefefefeh,0fefefefeh - DD 01b1b1b1bh,01b1b1b1bh,0,0 -DB 052h,009h,06ah,0d5h,030h,036h,0a5h,038h -DB 0bfh,040h,0a3h,09eh,081h,0f3h,0d7h,0fbh -DB 07ch,0e3h,039h,082h,09bh,02fh,0ffh,087h -DB 034h,08eh,043h,044h,0c4h,0deh,0e9h,0cbh -DB 054h,07bh,094h,032h,0a6h,0c2h,023h,03dh -DB 0eeh,04ch,095h,00bh,042h,0fah,0c3h,04eh -DB 008h,02eh,0a1h,066h,028h,0d9h,024h,0b2h -DB 076h,05bh,0a2h,049h,06dh,08bh,0d1h,025h -DB 072h,0f8h,0f6h,064h,086h,068h,098h,016h -DB 0d4h,0a4h,05ch,0cch,05dh,065h,0b6h,092h -DB 06ch,070h,048h,050h,0fdh,0edh,0b9h,0dah -DB 05eh,015h,046h,057h,0a7h,08dh,09dh,084h -DB 090h,0d8h,0abh,000h,08ch,0bch,0d3h,00ah -DB 0f7h,0e4h,058h,005h,0b8h,0b3h,045h,006h -DB 0d0h,02ch,01eh,08fh,0cah,03fh,00fh,002h -DB 0c1h,0afh,0bdh,003h,001h,013h,08ah,06bh -DB 03ah,091h,011h,041h,04fh,067h,0dch,0eah -DB 097h,0f2h,0cfh,0ceh,0f0h,0b4h,0e6h,073h -DB 096h,0ach,074h,022h,0e7h,0adh,035h,085h -DB 0e2h,0f9h,037h,0e8h,01ch,075h,0dfh,06eh -DB 047h,0f1h,01ah,071h,01dh,029h,0c5h,089h -DB 06fh,0b7h,062h,00eh,0aah,018h,0beh,01bh -DB 0fch,056h,03eh,04bh,0c6h,0d2h,079h,020h -DB 09ah,0dbh,0c0h,0feh,078h,0cdh,05ah,0f4h -DB 01fh,0ddh,0a8h,033h,088h,007h,0c7h,031h -DB 0b1h,012h,010h,059h,027h,080h,0ech,05fh -DB 060h,051h,07fh,0a9h,019h,0b5h,04ah,00dh -DB 02dh,0e5h,07ah,09fh,093h,0c9h,09ch,0efh -DB 0a0h,0e0h,03bh,04dh,0aeh,02ah,0f5h,0b0h -DB 0c8h,0ebh,0bbh,03ch,083h,053h,099h,061h -DB 017h,02bh,004h,07eh,0bah,077h,0d6h,026h -DB 0e1h,069h,014h,063h,055h,021h,00ch,07dh - DD 080808080h,080808080h,0fefefefeh,0fefefefeh - DD 01b1b1b1bh,01b1b1b1bh,0,0 +$L$AES_Td: + DD 0x50a7f451,0x50a7f451 + DD 0x5365417e,0x5365417e + DD 0xc3a4171a,0xc3a4171a + DD 0x965e273a,0x965e273a + DD 0xcb6bab3b,0xcb6bab3b + DD 0xf1459d1f,0xf1459d1f + DD 0xab58faac,0xab58faac + DD 0x9303e34b,0x9303e34b + DD 0x55fa3020,0x55fa3020 + DD 0xf66d76ad,0xf66d76ad + DD 0x9176cc88,0x9176cc88 + DD 0x254c02f5,0x254c02f5 + DD 0xfcd7e54f,0xfcd7e54f + DD 0xd7cb2ac5,0xd7cb2ac5 + DD 0x80443526,0x80443526 + DD 0x8fa362b5,0x8fa362b5 + DD 0x495ab1de,0x495ab1de + DD 0x671bba25,0x671bba25 + DD 0x980eea45,0x980eea45 + DD 0xe1c0fe5d,0xe1c0fe5d + DD 0x02752fc3,0x02752fc3 + DD 0x12f04c81,0x12f04c81 + DD 0xa397468d,0xa397468d + DD 0xc6f9d36b,0xc6f9d36b + DD 0xe75f8f03,0xe75f8f03 + DD 0x959c9215,0x959c9215 + DD 0xeb7a6dbf,0xeb7a6dbf + DD 0xda595295,0xda595295 + DD 0x2d83bed4,0x2d83bed4 + DD 0xd3217458,0xd3217458 + DD 0x2969e049,0x2969e049 + DD 0x44c8c98e,0x44c8c98e + DD 0x6a89c275,0x6a89c275 + DD 0x78798ef4,0x78798ef4 + DD 0x6b3e5899,0x6b3e5899 + DD 0xdd71b927,0xdd71b927 + DD 0xb64fe1be,0xb64fe1be + DD 0x17ad88f0,0x17ad88f0 + DD 0x66ac20c9,0x66ac20c9 + DD 0xb43ace7d,0xb43ace7d + DD 0x184adf63,0x184adf63 + DD 0x82311ae5,0x82311ae5 + DD 0x60335197,0x60335197 + DD 0x457f5362,0x457f5362 + DD 0xe07764b1,0xe07764b1 + DD 0x84ae6bbb,0x84ae6bbb + DD 0x1ca081fe,0x1ca081fe + DD 0x942b08f9,0x942b08f9 + DD 0x58684870,0x58684870 + DD 0x19fd458f,0x19fd458f + DD 0x876cde94,0x876cde94 + DD 0xb7f87b52,0xb7f87b52 + DD 0x23d373ab,0x23d373ab + DD 0xe2024b72,0xe2024b72 + DD 0x578f1fe3,0x578f1fe3 + DD 0x2aab5566,0x2aab5566 + DD 0x0728ebb2,0x0728ebb2 + DD 0x03c2b52f,0x03c2b52f + DD 0x9a7bc586,0x9a7bc586 + DD 0xa50837d3,0xa50837d3 + DD 0xf2872830,0xf2872830 + DD 0xb2a5bf23,0xb2a5bf23 + DD 0xba6a0302,0xba6a0302 + DD 0x5c8216ed,0x5c8216ed + DD 0x2b1ccf8a,0x2b1ccf8a + DD 0x92b479a7,0x92b479a7 + DD 0xf0f207f3,0xf0f207f3 + DD 0xa1e2694e,0xa1e2694e + DD 0xcdf4da65,0xcdf4da65 + DD 0xd5be0506,0xd5be0506 + DD 0x1f6234d1,0x1f6234d1 + DD 0x8afea6c4,0x8afea6c4 + DD 0x9d532e34,0x9d532e34 + DD 0xa055f3a2,0xa055f3a2 + DD 0x32e18a05,0x32e18a05 + DD 0x75ebf6a4,0x75ebf6a4 + DD 0x39ec830b,0x39ec830b + DD 0xaaef6040,0xaaef6040 + DD 0x069f715e,0x069f715e + DD 0x51106ebd,0x51106ebd + DD 0xf98a213e,0xf98a213e + DD 0x3d06dd96,0x3d06dd96 + DD 0xae053edd,0xae053edd + DD 0x46bde64d,0x46bde64d + DD 0xb58d5491,0xb58d5491 + DD 0x055dc471,0x055dc471 + DD 0x6fd40604,0x6fd40604 + DD 0xff155060,0xff155060 + DD 0x24fb9819,0x24fb9819 + DD 0x97e9bdd6,0x97e9bdd6 + DD 0xcc434089,0xcc434089 + DD 0x779ed967,0x779ed967 + DD 0xbd42e8b0,0xbd42e8b0 + DD 0x888b8907,0x888b8907 + DD 0x385b19e7,0x385b19e7 + DD 0xdbeec879,0xdbeec879 + DD 0x470a7ca1,0x470a7ca1 + DD 0xe90f427c,0xe90f427c + DD 0xc91e84f8,0xc91e84f8 + DD 0x00000000,0x00000000 + DD 0x83868009,0x83868009 + DD 0x48ed2b32,0x48ed2b32 + DD 0xac70111e,0xac70111e + DD 0x4e725a6c,0x4e725a6c + DD 0xfbff0efd,0xfbff0efd + DD 0x5638850f,0x5638850f + DD 0x1ed5ae3d,0x1ed5ae3d + DD 0x27392d36,0x27392d36 + DD 0x64d90f0a,0x64d90f0a + DD 0x21a65c68,0x21a65c68 + DD 0xd1545b9b,0xd1545b9b + DD 0x3a2e3624,0x3a2e3624 + DD 0xb1670a0c,0xb1670a0c + DD 0x0fe75793,0x0fe75793 + DD 0xd296eeb4,0xd296eeb4 + DD 0x9e919b1b,0x9e919b1b + DD 0x4fc5c080,0x4fc5c080 + DD 0xa220dc61,0xa220dc61 + DD 0x694b775a,0x694b775a + DD 0x161a121c,0x161a121c + DD 0x0aba93e2,0x0aba93e2 + DD 0xe52aa0c0,0xe52aa0c0 + DD 0x43e0223c,0x43e0223c + DD 0x1d171b12,0x1d171b12 + DD 0x0b0d090e,0x0b0d090e + DD 0xadc78bf2,0xadc78bf2 + DD 0xb9a8b62d,0xb9a8b62d + DD 0xc8a91e14,0xc8a91e14 + DD 0x8519f157,0x8519f157 + DD 0x4c0775af,0x4c0775af + DD 0xbbdd99ee,0xbbdd99ee + DD 0xfd607fa3,0xfd607fa3 + DD 0x9f2601f7,0x9f2601f7 + DD 0xbcf5725c,0xbcf5725c + DD 0xc53b6644,0xc53b6644 + DD 0x347efb5b,0x347efb5b + DD 0x7629438b,0x7629438b + DD 0xdcc623cb,0xdcc623cb + DD 0x68fcedb6,0x68fcedb6 + DD 0x63f1e4b8,0x63f1e4b8 + DD 0xcadc31d7,0xcadc31d7 + DD 0x10856342,0x10856342 + DD 0x40229713,0x40229713 + DD 0x2011c684,0x2011c684 + DD 0x7d244a85,0x7d244a85 + DD 0xf83dbbd2,0xf83dbbd2 + DD 0x1132f9ae,0x1132f9ae + DD 0x6da129c7,0x6da129c7 + DD 0x4b2f9e1d,0x4b2f9e1d + DD 0xf330b2dc,0xf330b2dc + DD 0xec52860d,0xec52860d + DD 0xd0e3c177,0xd0e3c177 + DD 0x6c16b32b,0x6c16b32b + DD 0x99b970a9,0x99b970a9 + DD 0xfa489411,0xfa489411 + DD 0x2264e947,0x2264e947 + DD 0xc48cfca8,0xc48cfca8 + DD 0x1a3ff0a0,0x1a3ff0a0 + DD 0xd82c7d56,0xd82c7d56 + DD 0xef903322,0xef903322 + DD 0xc74e4987,0xc74e4987 + DD 0xc1d138d9,0xc1d138d9 + DD 0xfea2ca8c,0xfea2ca8c + DD 0x360bd498,0x360bd498 + DD 0xcf81f5a6,0xcf81f5a6 + DD 0x28de7aa5,0x28de7aa5 + DD 0x268eb7da,0x268eb7da + DD 0xa4bfad3f,0xa4bfad3f + DD 0xe49d3a2c,0xe49d3a2c + DD 0x0d927850,0x0d927850 + DD 0x9bcc5f6a,0x9bcc5f6a + DD 0x62467e54,0x62467e54 + DD 0xc2138df6,0xc2138df6 + DD 0xe8b8d890,0xe8b8d890 + DD 0x5ef7392e,0x5ef7392e + DD 0xf5afc382,0xf5afc382 + DD 0xbe805d9f,0xbe805d9f + DD 0x7c93d069,0x7c93d069 + DD 0xa92dd56f,0xa92dd56f + DD 0xb31225cf,0xb31225cf + DD 0x3b99acc8,0x3b99acc8 + DD 0xa77d1810,0xa77d1810 + DD 0x6e639ce8,0x6e639ce8 + DD 0x7bbb3bdb,0x7bbb3bdb + DD 0x097826cd,0x097826cd + DD 0xf418596e,0xf418596e + DD 0x01b79aec,0x01b79aec + DD 0xa89a4f83,0xa89a4f83 + DD 0x656e95e6,0x656e95e6 + DD 0x7ee6ffaa,0x7ee6ffaa + DD 0x08cfbc21,0x08cfbc21 + DD 0xe6e815ef,0xe6e815ef + DD 0xd99be7ba,0xd99be7ba + DD 0xce366f4a,0xce366f4a + DD 0xd4099fea,0xd4099fea + DD 0xd67cb029,0xd67cb029 + DD 0xafb2a431,0xafb2a431 + DD 0x31233f2a,0x31233f2a + DD 0x3094a5c6,0x3094a5c6 + DD 0xc066a235,0xc066a235 + DD 0x37bc4e74,0x37bc4e74 + DD 0xa6ca82fc,0xa6ca82fc + DD 0xb0d090e0,0xb0d090e0 + DD 0x15d8a733,0x15d8a733 + DD 0x4a9804f1,0x4a9804f1 + DD 0xf7daec41,0xf7daec41 + DD 0x0e50cd7f,0x0e50cd7f + DD 0x2ff69117,0x2ff69117 + DD 0x8dd64d76,0x8dd64d76 + DD 0x4db0ef43,0x4db0ef43 + DD 0x544daacc,0x544daacc + DD 0xdf0496e4,0xdf0496e4 + DD 0xe3b5d19e,0xe3b5d19e + DD 0x1b886a4c,0x1b886a4c + DD 0xb81f2cc1,0xb81f2cc1 + DD 0x7f516546,0x7f516546 + DD 0x04ea5e9d,0x04ea5e9d + DD 0x5d358c01,0x5d358c01 + DD 0x737487fa,0x737487fa + DD 0x2e410bfb,0x2e410bfb + DD 0x5a1d67b3,0x5a1d67b3 + DD 0x52d2db92,0x52d2db92 + DD 0x335610e9,0x335610e9 + DD 0x1347d66d,0x1347d66d + DD 0x8c61d79a,0x8c61d79a + DD 0x7a0ca137,0x7a0ca137 + DD 0x8e14f859,0x8e14f859 + DD 0x893c13eb,0x893c13eb + DD 0xee27a9ce,0xee27a9ce + DD 0x35c961b7,0x35c961b7 + DD 0xede51ce1,0xede51ce1 + DD 0x3cb1477a,0x3cb1477a + DD 0x59dfd29c,0x59dfd29c + DD 0x3f73f255,0x3f73f255 + DD 0x79ce1418,0x79ce1418 + DD 0xbf37c773,0xbf37c773 + DD 0xeacdf753,0xeacdf753 + DD 0x5baafd5f,0x5baafd5f + DD 0x146f3ddf,0x146f3ddf + DD 0x86db4478,0x86db4478 + DD 0x81f3afca,0x81f3afca + DD 0x3ec468b9,0x3ec468b9 + DD 0x2c342438,0x2c342438 + DD 0x5f40a3c2,0x5f40a3c2 + DD 0x72c31d16,0x72c31d16 + DD 0x0c25e2bc,0x0c25e2bc + DD 0x8b493c28,0x8b493c28 + DD 0x41950dff,0x41950dff + DD 0x7101a839,0x7101a839 + DD 0xdeb30c08,0xdeb30c08 + DD 0x9ce4b4d8,0x9ce4b4d8 + DD 0x90c15664,0x90c15664 + DD 0x6184cb7b,0x6184cb7b + DD 0x70b632d5,0x70b632d5 + DD 0x745c6c48,0x745c6c48 + DD 0x4257b8d0,0x4257b8d0 +DB 0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38 +DB 0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb +DB 0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87 +DB 0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb +DB 0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d +DB 0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e +DB 0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2 +DB 0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25 +DB 0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16 +DB 0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92 +DB 0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda +DB 0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84 +DB 0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a +DB 0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06 +DB 0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02 +DB 0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b +DB 0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea +DB 0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73 +DB 0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85 +DB 0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e +DB 0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89 +DB 0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b +DB 0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20 +DB 0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4 +DB 0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31 +DB 0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f +DB 0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d +DB 0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef +DB 0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0 +DB 0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61 +DB 0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26 +DB 0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d + DD 0x80808080,0x80808080,0xfefefefe,0xfefefefe + DD 0x1b1b1b1b,0x1b1b1b1b,0,0 +DB 0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38 +DB 0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb +DB 0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87 +DB 0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb +DB 0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d +DB 0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e +DB 0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2 +DB 0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25 +DB 0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16 +DB 0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92 +DB 0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda +DB 0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84 +DB 0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a +DB 0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06 +DB 0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02 +DB 0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b +DB 0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea +DB 0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73 +DB 0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85 +DB 0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e +DB 0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89 +DB 0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b +DB 0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20 +DB 0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4 +DB 0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31 +DB 0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f +DB 0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d +DB 0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef +DB 0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0 +DB 0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61 +DB 0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26 +DB 0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d + DD 0x80808080,0x80808080,0xfefefefe,0xfefefefe + DD 0x1b1b1b1b,0x1b1b1b1b,0,0 +DB 0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38 +DB 0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb +DB 0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87 +DB 0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb +DB 0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d +DB 0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e +DB 0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2 +DB 0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25 +DB 0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16 +DB 0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92 +DB 0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda +DB 0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84 +DB 0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a +DB 0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06 +DB 0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02 +DB 0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b +DB 0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea +DB 0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73 +DB 0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85 +DB 0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e +DB 0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89 +DB 0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b +DB 0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20 +DB 0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4 +DB 0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31 +DB 0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f +DB 0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d +DB 0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef +DB 0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0 +DB 0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61 +DB 0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26 +DB 0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d + DD 0x80808080,0x80808080,0xfefefefe,0xfefefefe + DD 0x1b1b1b1b,0x1b1b1b1b,0,0 +DB 0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38 +DB 0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb +DB 0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87 +DB 0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb +DB 0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d +DB 0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e +DB 0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2 +DB 0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25 +DB 0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16 +DB 0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92 +DB 0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda +DB 0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84 +DB 0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a +DB 0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06 +DB 0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02 +DB 0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b +DB 0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea +DB 0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73 +DB 0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85 +DB 0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e +DB 0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89 +DB 0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b +DB 0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20 +DB 0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4 +DB 0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31 +DB 0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f +DB 0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d +DB 0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef +DB 0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0 +DB 0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61 +DB 0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26 +DB 0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d + DD 0x80808080,0x80808080,0xfefefefe,0xfefefefe + DD 0x1b1b1b1b,0x1b1b1b1b,0,0 DB 65,69,83,32,102,111,114,32,120,56,54,95,54,52,44,32 DB 67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97 DB 112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103 DB 62,0 ALIGN 64 -EXTERN __imp_RtlVirtualUnwind:NEAR +EXTERN __imp_RtlVirtualUnwind ALIGN 16 -block_se_handler PROC PRIVATE +block_se_handler: push rsi push rdi push rbx @@ -2608,53 +2607,53 @@ block_se_handler PROC PRIVATE pushfq sub rsp,64 - mov rax,QWORD PTR[120+r8] - mov rbx,QWORD PTR[248+r8] + mov rax,QWORD[120+r8] + mov rbx,QWORD[248+r8] - mov rsi,QWORD PTR[8+r9] - mov r11,QWORD PTR[56+r9] + mov rsi,QWORD[8+r9] + mov r11,QWORD[56+r9] - mov r10d,DWORD PTR[r11] - lea r10,QWORD PTR[r10*1+rsi] + mov r10d,DWORD[r11] + lea r10,[r10*1+rsi] cmp rbx,r10 - jb $L$in_block_prologue + jb NEAR $L$in_block_prologue - mov rax,QWORD PTR[152+r8] + mov rax,QWORD[152+r8] - mov r10d,DWORD PTR[4+r11] - lea r10,QWORD PTR[r10*1+rsi] + mov r10d,DWORD[4+r11] + lea r10,[r10*1+rsi] cmp rbx,r10 - jae $L$in_block_prologue - - mov rax,QWORD PTR[24+rax] - lea rax,QWORD PTR[48+rax] - - mov rbx,QWORD PTR[((-8))+rax] - mov rbp,QWORD PTR[((-16))+rax] - mov r12,QWORD PTR[((-24))+rax] - mov r13,QWORD PTR[((-32))+rax] - mov r14,QWORD PTR[((-40))+rax] - mov r15,QWORD PTR[((-48))+rax] - mov QWORD PTR[144+r8],rbx - mov QWORD PTR[160+r8],rbp - mov QWORD PTR[216+r8],r12 - mov QWORD PTR[224+r8],r13 - mov QWORD PTR[232+r8],r14 - mov QWORD PTR[240+r8],r15 - -$L$in_block_prologue:: - mov rdi,QWORD PTR[8+rax] - mov rsi,QWORD PTR[16+rax] - mov QWORD PTR[152+r8],rax - mov QWORD PTR[168+r8],rsi - mov QWORD PTR[176+r8],rdi - - jmp $L$common_seh_exit -block_se_handler ENDP + jae NEAR $L$in_block_prologue + + mov rax,QWORD[24+rax] + lea rax,[48+rax] + + mov rbx,QWORD[((-8))+rax] + mov rbp,QWORD[((-16))+rax] + mov r12,QWORD[((-24))+rax] + mov r13,QWORD[((-32))+rax] + mov r14,QWORD[((-40))+rax] + mov r15,QWORD[((-48))+rax] + mov QWORD[144+r8],rbx + mov QWORD[160+r8],rbp + mov QWORD[216+r8],r12 + mov QWORD[224+r8],r13 + mov QWORD[232+r8],r14 + mov QWORD[240+r8],r15 + +$L$in_block_prologue: + mov rdi,QWORD[8+rax] + mov rsi,QWORD[16+rax] + mov QWORD[152+r8],rax + mov QWORD[168+r8],rsi + mov QWORD[176+r8],rdi + + jmp NEAR $L$common_seh_exit + ALIGN 16 -key_se_handler PROC PRIVATE +key_se_handler: push rsi push rdi push rbx @@ -2666,52 +2665,52 @@ key_se_handler PROC PRIVATE pushfq sub rsp,64 - mov rax,QWORD PTR[120+r8] - mov rbx,QWORD PTR[248+r8] + mov rax,QWORD[120+r8] + mov rbx,QWORD[248+r8] - mov rsi,QWORD PTR[8+r9] - mov r11,QWORD PTR[56+r9] + mov rsi,QWORD[8+r9] + mov r11,QWORD[56+r9] - mov r10d,DWORD PTR[r11] - lea r10,QWORD PTR[r10*1+rsi] + mov r10d,DWORD[r11] + lea r10,[r10*1+rsi] cmp rbx,r10 - jb $L$in_key_prologue + jb NEAR $L$in_key_prologue - mov rax,QWORD PTR[152+r8] + mov rax,QWORD[152+r8] - mov r10d,DWORD PTR[4+r11] - lea r10,QWORD PTR[r10*1+rsi] + mov r10d,DWORD[4+r11] + lea r10,[r10*1+rsi] cmp rbx,r10 - jae $L$in_key_prologue - - lea rax,QWORD PTR[56+rax] - - mov rbx,QWORD PTR[((-8))+rax] - mov rbp,QWORD PTR[((-16))+rax] - mov r12,QWORD PTR[((-24))+rax] - mov r13,QWORD PTR[((-32))+rax] - mov r14,QWORD PTR[((-40))+rax] - mov r15,QWORD PTR[((-48))+rax] - mov QWORD PTR[144+r8],rbx - mov QWORD PTR[160+r8],rbp - mov QWORD PTR[216+r8],r12 - mov QWORD PTR[224+r8],r13 - mov QWORD PTR[232+r8],r14 - mov QWORD PTR[240+r8],r15 - -$L$in_key_prologue:: - mov rdi,QWORD PTR[8+rax] - mov rsi,QWORD PTR[16+rax] - mov QWORD PTR[152+r8],rax - mov QWORD PTR[168+r8],rsi - mov QWORD PTR[176+r8],rdi - - jmp $L$common_seh_exit -key_se_handler ENDP + jae NEAR $L$in_key_prologue + + lea rax,[56+rax] + + mov rbx,QWORD[((-8))+rax] + mov rbp,QWORD[((-16))+rax] + mov r12,QWORD[((-24))+rax] + mov r13,QWORD[((-32))+rax] + mov r14,QWORD[((-40))+rax] + mov r15,QWORD[((-48))+rax] + mov QWORD[144+r8],rbx + mov QWORD[160+r8],rbp + mov QWORD[216+r8],r12 + mov QWORD[224+r8],r13 + mov QWORD[232+r8],r14 + mov QWORD[240+r8],r15 + +$L$in_key_prologue: + mov rdi,QWORD[8+rax] + mov rsi,QWORD[16+rax] + mov QWORD[152+r8],rax + mov QWORD[168+r8],rsi + mov QWORD[176+r8],rdi + + jmp NEAR $L$common_seh_exit + ALIGN 16 -cbc_se_handler PROC PRIVATE +cbc_se_handler: push rsi push rdi push rbx @@ -2723,82 +2722,82 @@ cbc_se_handler PROC PRIVATE pushfq sub rsp,64 - mov rax,QWORD PTR[120+r8] - mov rbx,QWORD PTR[248+r8] + mov rax,QWORD[120+r8] + mov rbx,QWORD[248+r8] - lea r10,QWORD PTR[$L$cbc_prologue] + lea r10,[$L$cbc_prologue] cmp rbx,r10 - jb $L$in_cbc_prologue + jb NEAR $L$in_cbc_prologue - lea r10,QWORD PTR[$L$cbc_fast_body] + lea r10,[$L$cbc_fast_body] cmp rbx,r10 - jb $L$in_cbc_frame_setup + jb NEAR $L$in_cbc_frame_setup - lea r10,QWORD PTR[$L$cbc_slow_prologue] + lea r10,[$L$cbc_slow_prologue] cmp rbx,r10 - jb $L$in_cbc_body + jb NEAR $L$in_cbc_body - lea r10,QWORD PTR[$L$cbc_slow_body] + lea r10,[$L$cbc_slow_body] cmp rbx,r10 - jb $L$in_cbc_frame_setup + jb NEAR $L$in_cbc_frame_setup -$L$in_cbc_body:: - mov rax,QWORD PTR[152+r8] +$L$in_cbc_body: + mov rax,QWORD[152+r8] - lea r10,QWORD PTR[$L$cbc_epilogue] + lea r10,[$L$cbc_epilogue] cmp rbx,r10 - jae $L$in_cbc_prologue + jae NEAR $L$in_cbc_prologue - lea rax,QWORD PTR[8+rax] + lea rax,[8+rax] - lea r10,QWORD PTR[$L$cbc_popfq] + lea r10,[$L$cbc_popfq] cmp rbx,r10 - jae $L$in_cbc_prologue - - mov rax,QWORD PTR[8+rax] - lea rax,QWORD PTR[56+rax] - -$L$in_cbc_frame_setup:: - mov rbx,QWORD PTR[((-16))+rax] - mov rbp,QWORD PTR[((-24))+rax] - mov r12,QWORD PTR[((-32))+rax] - mov r13,QWORD PTR[((-40))+rax] - mov r14,QWORD PTR[((-48))+rax] - mov r15,QWORD PTR[((-56))+rax] - mov QWORD PTR[144+r8],rbx - mov QWORD PTR[160+r8],rbp - mov QWORD PTR[216+r8],r12 - mov QWORD PTR[224+r8],r13 - mov QWORD PTR[232+r8],r14 - mov QWORD PTR[240+r8],r15 - -$L$in_cbc_prologue:: - mov rdi,QWORD PTR[8+rax] - mov rsi,QWORD PTR[16+rax] - mov QWORD PTR[152+r8],rax - mov QWORD PTR[168+r8],rsi - mov QWORD PTR[176+r8],rdi - -$L$common_seh_exit:: - - mov rdi,QWORD PTR[40+r9] + jae NEAR $L$in_cbc_prologue + + mov rax,QWORD[8+rax] + lea rax,[56+rax] + +$L$in_cbc_frame_setup: + mov rbx,QWORD[((-16))+rax] + mov rbp,QWORD[((-24))+rax] + mov r12,QWORD[((-32))+rax] + mov r13,QWORD[((-40))+rax] + mov r14,QWORD[((-48))+rax] + mov r15,QWORD[((-56))+rax] + mov QWORD[144+r8],rbx + mov QWORD[160+r8],rbp + mov QWORD[216+r8],r12 + mov QWORD[224+r8],r13 + mov QWORD[232+r8],r14 + mov QWORD[240+r8],r15 + +$L$in_cbc_prologue: + mov rdi,QWORD[8+rax] + mov rsi,QWORD[16+rax] + mov QWORD[152+r8],rax + mov QWORD[168+r8],rsi + mov QWORD[176+r8],rdi + +$L$common_seh_exit: + + mov rdi,QWORD[40+r9] mov rsi,r8 mov ecx,154 - DD 0a548f3fch + DD 0xa548f3fc mov rsi,r9 xor rcx,rcx - mov rdx,QWORD PTR[8+rsi] - mov r8,QWORD PTR[rsi] - mov r9,QWORD PTR[16+rsi] - mov r10,QWORD PTR[40+rsi] - lea r11,QWORD PTR[56+rsi] - lea r12,QWORD PTR[24+rsi] - mov QWORD PTR[32+rsp],r10 - mov QWORD PTR[40+rsp],r11 - mov QWORD PTR[48+rsp],r12 - mov QWORD PTR[56+rsp],rcx - call QWORD PTR[__imp_RtlVirtualUnwind] + mov rdx,QWORD[8+rsi] + mov r8,QWORD[rsi] + mov r9,QWORD[16+rsi] + mov r10,QWORD[40+rsi] + lea r11,[56+rsi] + lea r12,[24+rsi] + mov QWORD[32+rsp],r10 + mov QWORD[40+rsp],r11 + mov QWORD[48+rsp],r12 + mov QWORD[56+rsp],rcx + call QWORD[__imp_RtlVirtualUnwind] mov eax,1 add rsp,64 @@ -2812,53 +2811,48 @@ $L$common_seh_exit:: pop rdi pop rsi DB 0F3h,0C3h ;repret -cbc_se_handler ENDP -.text$ ENDS -.pdata SEGMENT READONLY ALIGN(4) + +section .pdata rdata align=4 ALIGN 4 - DD imagerel $L$SEH_begin_asm_AES_encrypt - DD imagerel $L$SEH_end_asm_AES_encrypt - DD imagerel $L$SEH_info_asm_AES_encrypt + DD $L$SEH_begin_asm_AES_encrypt wrt ..imagebase + DD $L$SEH_end_asm_AES_encrypt wrt ..imagebase + DD $L$SEH_info_asm_AES_encrypt wrt ..imagebase - DD imagerel $L$SEH_begin_asm_AES_decrypt - DD imagerel $L$SEH_end_asm_AES_decrypt - DD imagerel $L$SEH_info_asm_AES_decrypt + DD $L$SEH_begin_asm_AES_decrypt wrt ..imagebase + DD $L$SEH_end_asm_AES_decrypt wrt ..imagebase + DD $L$SEH_info_asm_AES_decrypt wrt ..imagebase - DD imagerel $L$SEH_begin_asm_AES_set_encrypt_key - DD imagerel $L$SEH_end_asm_AES_set_encrypt_key - DD imagerel $L$SEH_info_asm_AES_set_encrypt_key + DD $L$SEH_begin_asm_AES_set_encrypt_key wrt ..imagebase + DD $L$SEH_end_asm_AES_set_encrypt_key wrt ..imagebase + DD $L$SEH_info_asm_AES_set_encrypt_key wrt ..imagebase - DD imagerel $L$SEH_begin_asm_AES_set_decrypt_key - DD imagerel $L$SEH_end_asm_AES_set_decrypt_key - DD imagerel $L$SEH_info_asm_AES_set_decrypt_key + DD $L$SEH_begin_asm_AES_set_decrypt_key wrt ..imagebase + DD $L$SEH_end_asm_AES_set_decrypt_key wrt ..imagebase + DD $L$SEH_info_asm_AES_set_decrypt_key wrt ..imagebase - DD imagerel $L$SEH_begin_asm_AES_cbc_encrypt - DD imagerel $L$SEH_end_asm_AES_cbc_encrypt - DD imagerel $L$SEH_info_asm_AES_cbc_encrypt + DD $L$SEH_begin_asm_AES_cbc_encrypt wrt ..imagebase + DD $L$SEH_end_asm_AES_cbc_encrypt wrt ..imagebase + DD $L$SEH_info_asm_AES_cbc_encrypt wrt ..imagebase -.pdata ENDS -.xdata SEGMENT READONLY ALIGN(8) +section .xdata rdata align=8 ALIGN 8 -$L$SEH_info_asm_AES_encrypt:: +$L$SEH_info_asm_AES_encrypt: DB 9,0,0,0 - DD imagerel block_se_handler - DD imagerel $L$enc_prologue,imagerel $L$enc_epilogue -$L$SEH_info_asm_AES_decrypt:: + DD block_se_handler wrt ..imagebase + DD $L$enc_prologue wrt ..imagebase,$L$enc_epilogue wrt ..imagebase +$L$SEH_info_asm_AES_decrypt: DB 9,0,0,0 - DD imagerel block_se_handler - DD imagerel $L$dec_prologue,imagerel $L$dec_epilogue -$L$SEH_info_asm_AES_set_encrypt_key:: + DD block_se_handler wrt ..imagebase + DD $L$dec_prologue wrt ..imagebase,$L$dec_epilogue wrt ..imagebase +$L$SEH_info_asm_AES_set_encrypt_key: DB 9,0,0,0 - DD imagerel key_se_handler - DD imagerel $L$enc_key_prologue,imagerel $L$enc_key_epilogue -$L$SEH_info_asm_AES_set_decrypt_key:: + DD key_se_handler wrt ..imagebase + DD $L$enc_key_prologue wrt ..imagebase,$L$enc_key_epilogue wrt ..imagebase +$L$SEH_info_asm_AES_set_decrypt_key: DB 9,0,0,0 - DD imagerel key_se_handler - DD imagerel $L$dec_key_prologue,imagerel $L$dec_key_epilogue -$L$SEH_info_asm_AES_cbc_encrypt:: + DD key_se_handler wrt ..imagebase + DD $L$dec_key_prologue wrt ..imagebase,$L$dec_key_epilogue wrt ..imagebase +$L$SEH_info_asm_AES_cbc_encrypt: DB 9,0,0,0 - DD imagerel cbc_se_handler - -.xdata ENDS -END + DD cbc_se_handler wrt ..imagebase diff --git a/win-x86_64/crypto/aes/aesni-x86_64.asm b/win-x86_64/crypto/aes/aesni-x86_64.asm index 53d8afc..cf313d1 100644 --- a/win-x86_64/crypto/aes/aesni-x86_64.asm +++ b/win-x86_64/crypto/aes/aesni-x86_64.asm @@ -1,130 +1,140 @@ -OPTION DOTNAME -.text$ SEGMENT ALIGN(256) 'CODE' -EXTERN OPENSSL_ia32cap_P:NEAR -PUBLIC aesni_encrypt - -ALIGN 16 -aesni_encrypt PROC PUBLIC - movups xmm2,XMMWORD PTR[rcx] - mov eax,DWORD PTR[240+r8] - movups xmm0,XMMWORD PTR[r8] - movups xmm1,XMMWORD PTR[16+r8] - lea r8,QWORD PTR[32+r8] +default rel +%define XMMWORD +%define YMMWORD +%define ZMMWORD +section .text code align=64 + +EXTERN OPENSSL_ia32cap_P +global aesni_encrypt + +ALIGN 16 +aesni_encrypt: + movups xmm2,XMMWORD[rcx] + mov eax,DWORD[240+r8] + movups xmm0,XMMWORD[r8] + movups xmm1,XMMWORD[16+r8] + lea r8,[32+r8] xorps xmm2,xmm0 -$L$oop_enc1_1:: +$L$oop_enc1_1: DB 102,15,56,220,209 dec eax - movups xmm1,XMMWORD PTR[r8] - lea r8,QWORD PTR[16+r8] - jnz $L$oop_enc1_1 + movups xmm1,XMMWORD[r8] + lea r8,[16+r8] + jnz NEAR $L$oop_enc1_1 DB 102,15,56,221,209 - movups XMMWORD PTR[rdx],xmm2 + pxor xmm0,xmm0 + pxor xmm1,xmm1 + movups XMMWORD[rdx],xmm2 + pxor xmm2,xmm2 DB 0F3h,0C3h ;repret -aesni_encrypt ENDP -PUBLIC aesni_decrypt + +global aesni_decrypt ALIGN 16 -aesni_decrypt PROC PUBLIC - movups xmm2,XMMWORD PTR[rcx] - mov eax,DWORD PTR[240+r8] - movups xmm0,XMMWORD PTR[r8] - movups xmm1,XMMWORD PTR[16+r8] - lea r8,QWORD PTR[32+r8] +aesni_decrypt: + movups xmm2,XMMWORD[rcx] + mov eax,DWORD[240+r8] + movups xmm0,XMMWORD[r8] + movups xmm1,XMMWORD[16+r8] + lea r8,[32+r8] xorps xmm2,xmm0 -$L$oop_dec1_2:: +$L$oop_dec1_2: DB 102,15,56,222,209 dec eax - movups xmm1,XMMWORD PTR[r8] - lea r8,QWORD PTR[16+r8] - jnz $L$oop_dec1_2 + movups xmm1,XMMWORD[r8] + lea r8,[16+r8] + jnz NEAR $L$oop_dec1_2 DB 102,15,56,223,209 - movups XMMWORD PTR[rdx],xmm2 + pxor xmm0,xmm0 + pxor xmm1,xmm1 + movups XMMWORD[rdx],xmm2 + pxor xmm2,xmm2 DB 0F3h,0C3h ;repret -aesni_decrypt ENDP + ALIGN 16 -_aesni_encrypt2 PROC PRIVATE - movups xmm0,XMMWORD PTR[rcx] +_aesni_encrypt2: + movups xmm0,XMMWORD[rcx] shl eax,4 - movups xmm1,XMMWORD PTR[16+rcx] + movups xmm1,XMMWORD[16+rcx] xorps xmm2,xmm0 xorps xmm3,xmm0 - movups xmm0,XMMWORD PTR[32+rcx] - lea rcx,QWORD PTR[32+rax*1+rcx] + movups xmm0,XMMWORD[32+rcx] + lea rcx,[32+rax*1+rcx] neg rax add rax,16 -$L$enc_loop2:: +$L$enc_loop2: DB 102,15,56,220,209 DB 102,15,56,220,217 - movups xmm1,XMMWORD PTR[rax*1+rcx] + movups xmm1,XMMWORD[rax*1+rcx] add rax,32 DB 102,15,56,220,208 DB 102,15,56,220,216 - movups xmm0,XMMWORD PTR[((-16))+rax*1+rcx] - jnz $L$enc_loop2 + movups xmm0,XMMWORD[((-16))+rax*1+rcx] + jnz NEAR $L$enc_loop2 DB 102,15,56,220,209 DB 102,15,56,220,217 DB 102,15,56,221,208 DB 102,15,56,221,216 DB 0F3h,0C3h ;repret -_aesni_encrypt2 ENDP + ALIGN 16 -_aesni_decrypt2 PROC PRIVATE - movups xmm0,XMMWORD PTR[rcx] +_aesni_decrypt2: + movups xmm0,XMMWORD[rcx] shl eax,4 - movups xmm1,XMMWORD PTR[16+rcx] + movups xmm1,XMMWORD[16+rcx] xorps xmm2,xmm0 xorps xmm3,xmm0 - movups xmm0,XMMWORD PTR[32+rcx] - lea rcx,QWORD PTR[32+rax*1+rcx] + movups xmm0,XMMWORD[32+rcx] + lea rcx,[32+rax*1+rcx] neg rax add rax,16 -$L$dec_loop2:: +$L$dec_loop2: DB 102,15,56,222,209 DB 102,15,56,222,217 - movups xmm1,XMMWORD PTR[rax*1+rcx] + movups xmm1,XMMWORD[rax*1+rcx] add rax,32 DB 102,15,56,222,208 DB 102,15,56,222,216 - movups xmm0,XMMWORD PTR[((-16))+rax*1+rcx] - jnz $L$dec_loop2 + movups xmm0,XMMWORD[((-16))+rax*1+rcx] + jnz NEAR $L$dec_loop2 DB 102,15,56,222,209 DB 102,15,56,222,217 DB 102,15,56,223,208 DB 102,15,56,223,216 DB 0F3h,0C3h ;repret -_aesni_decrypt2 ENDP + ALIGN 16 -_aesni_encrypt3 PROC PRIVATE - movups xmm0,XMMWORD PTR[rcx] +_aesni_encrypt3: + movups xmm0,XMMWORD[rcx] shl eax,4 - movups xmm1,XMMWORD PTR[16+rcx] + movups xmm1,XMMWORD[16+rcx] xorps xmm2,xmm0 xorps xmm3,xmm0 xorps xmm4,xmm0 - movups xmm0,XMMWORD PTR[32+rcx] - lea rcx,QWORD PTR[32+rax*1+rcx] + movups xmm0,XMMWORD[32+rcx] + lea rcx,[32+rax*1+rcx] neg rax add rax,16 -$L$enc_loop3:: +$L$enc_loop3: DB 102,15,56,220,209 DB 102,15,56,220,217 DB 102,15,56,220,225 - movups xmm1,XMMWORD PTR[rax*1+rcx] + movups xmm1,XMMWORD[rax*1+rcx] add rax,32 DB 102,15,56,220,208 DB 102,15,56,220,216 DB 102,15,56,220,224 - movups xmm0,XMMWORD PTR[((-16))+rax*1+rcx] - jnz $L$enc_loop3 + movups xmm0,XMMWORD[((-16))+rax*1+rcx] + jnz NEAR $L$enc_loop3 DB 102,15,56,220,209 DB 102,15,56,220,217 @@ -133,32 +143,32 @@ DB 102,15,56,221,208 DB 102,15,56,221,216 DB 102,15,56,221,224 DB 0F3h,0C3h ;repret -_aesni_encrypt3 ENDP + ALIGN 16 -_aesni_decrypt3 PROC PRIVATE - movups xmm0,XMMWORD PTR[rcx] +_aesni_decrypt3: + movups xmm0,XMMWORD[rcx] shl eax,4 - movups xmm1,XMMWORD PTR[16+rcx] + movups xmm1,XMMWORD[16+rcx] xorps xmm2,xmm0 xorps xmm3,xmm0 xorps xmm4,xmm0 - movups xmm0,XMMWORD PTR[32+rcx] - lea rcx,QWORD PTR[32+rax*1+rcx] + movups xmm0,XMMWORD[32+rcx] + lea rcx,[32+rax*1+rcx] neg rax add rax,16 -$L$dec_loop3:: +$L$dec_loop3: DB 102,15,56,222,209 DB 102,15,56,222,217 DB 102,15,56,222,225 - movups xmm1,XMMWORD PTR[rax*1+rcx] + movups xmm1,XMMWORD[rax*1+rcx] add rax,32 DB 102,15,56,222,208 DB 102,15,56,222,216 DB 102,15,56,222,224 - movups xmm0,XMMWORD PTR[((-16))+rax*1+rcx] - jnz $L$dec_loop3 + movups xmm0,XMMWORD[((-16))+rax*1+rcx] + jnz NEAR $L$dec_loop3 DB 102,15,56,222,209 DB 102,15,56,222,217 @@ -167,36 +177,36 @@ DB 102,15,56,223,208 DB 102,15,56,223,216 DB 102,15,56,223,224 DB 0F3h,0C3h ;repret -_aesni_decrypt3 ENDP + ALIGN 16 -_aesni_encrypt4 PROC PRIVATE - movups xmm0,XMMWORD PTR[rcx] +_aesni_encrypt4: + movups xmm0,XMMWORD[rcx] shl eax,4 - movups xmm1,XMMWORD PTR[16+rcx] + movups xmm1,XMMWORD[16+rcx] xorps xmm2,xmm0 xorps xmm3,xmm0 xorps xmm4,xmm0 xorps xmm5,xmm0 - movups xmm0,XMMWORD PTR[32+rcx] - lea rcx,QWORD PTR[32+rax*1+rcx] + movups xmm0,XMMWORD[32+rcx] + lea rcx,[32+rax*1+rcx] neg rax -DB 00fh,01fh,000h +DB 0x0f,0x1f,0x00 add rax,16 -$L$enc_loop4:: +$L$enc_loop4: DB 102,15,56,220,209 DB 102,15,56,220,217 DB 102,15,56,220,225 DB 102,15,56,220,233 - movups xmm1,XMMWORD PTR[rax*1+rcx] + movups xmm1,XMMWORD[rax*1+rcx] add rax,32 DB 102,15,56,220,208 DB 102,15,56,220,216 DB 102,15,56,220,224 DB 102,15,56,220,232 - movups xmm0,XMMWORD PTR[((-16))+rax*1+rcx] - jnz $L$enc_loop4 + movups xmm0,XMMWORD[((-16))+rax*1+rcx] + jnz NEAR $L$enc_loop4 DB 102,15,56,220,209 DB 102,15,56,220,217 @@ -207,36 +217,36 @@ DB 102,15,56,221,216 DB 102,15,56,221,224 DB 102,15,56,221,232 DB 0F3h,0C3h ;repret -_aesni_encrypt4 ENDP + ALIGN 16 -_aesni_decrypt4 PROC PRIVATE - movups xmm0,XMMWORD PTR[rcx] +_aesni_decrypt4: + movups xmm0,XMMWORD[rcx] shl eax,4 - movups xmm1,XMMWORD PTR[16+rcx] + movups xmm1,XMMWORD[16+rcx] xorps xmm2,xmm0 xorps xmm3,xmm0 xorps xmm4,xmm0 xorps xmm5,xmm0 - movups xmm0,XMMWORD PTR[32+rcx] - lea rcx,QWORD PTR[32+rax*1+rcx] + movups xmm0,XMMWORD[32+rcx] + lea rcx,[32+rax*1+rcx] neg rax -DB 00fh,01fh,000h +DB 0x0f,0x1f,0x00 add rax,16 -$L$dec_loop4:: +$L$dec_loop4: DB 102,15,56,222,209 DB 102,15,56,222,217 DB 102,15,56,222,225 DB 102,15,56,222,233 - movups xmm1,XMMWORD PTR[rax*1+rcx] + movups xmm1,XMMWORD[rax*1+rcx] add rax,32 DB 102,15,56,222,208 DB 102,15,56,222,216 DB 102,15,56,222,224 DB 102,15,56,222,232 - movups xmm0,XMMWORD PTR[((-16))+rax*1+rcx] - jnz $L$dec_loop4 + movups xmm0,XMMWORD[((-16))+rax*1+rcx] + jnz NEAR $L$dec_loop4 DB 102,15,56,222,209 DB 102,15,56,222,217 @@ -247,40 +257,37 @@ DB 102,15,56,223,216 DB 102,15,56,223,224 DB 102,15,56,223,232 DB 0F3h,0C3h ;repret -_aesni_decrypt4 ENDP + ALIGN 16 -_aesni_encrypt6 PROC PRIVATE - movups xmm0,XMMWORD PTR[rcx] +_aesni_encrypt6: + movups xmm0,XMMWORD[rcx] shl eax,4 - movups xmm1,XMMWORD PTR[16+rcx] + movups xmm1,XMMWORD[16+rcx] xorps xmm2,xmm0 pxor xmm3,xmm0 pxor xmm4,xmm0 DB 102,15,56,220,209 - lea rcx,QWORD PTR[32+rax*1+rcx] + lea rcx,[32+rax*1+rcx] neg rax DB 102,15,56,220,217 pxor xmm5,xmm0 pxor xmm6,xmm0 DB 102,15,56,220,225 pxor xmm7,xmm0 + movups xmm0,XMMWORD[rax*1+rcx] add rax,16 -DB 102,15,56,220,233 -DB 102,15,56,220,241 -DB 102,15,56,220,249 - movups xmm0,XMMWORD PTR[((-16))+rax*1+rcx] - jmp $L$enc_loop6_enter + jmp NEAR $L$enc_loop6_enter ALIGN 16 -$L$enc_loop6:: +$L$enc_loop6: DB 102,15,56,220,209 DB 102,15,56,220,217 DB 102,15,56,220,225 +$L$enc_loop6_enter: DB 102,15,56,220,233 DB 102,15,56,220,241 DB 102,15,56,220,249 -$L$enc_loop6_enter:: - movups xmm1,XMMWORD PTR[rax*1+rcx] + movups xmm1,XMMWORD[rax*1+rcx] add rax,32 DB 102,15,56,220,208 DB 102,15,56,220,216 @@ -288,8 +295,8 @@ DB 102,15,56,220,224 DB 102,15,56,220,232 DB 102,15,56,220,240 DB 102,15,56,220,248 - movups xmm0,XMMWORD PTR[((-16))+rax*1+rcx] - jnz $L$enc_loop6 + movups xmm0,XMMWORD[((-16))+rax*1+rcx] + jnz NEAR $L$enc_loop6 DB 102,15,56,220,209 DB 102,15,56,220,217 @@ -304,40 +311,37 @@ DB 102,15,56,221,232 DB 102,15,56,221,240 DB 102,15,56,221,248 DB 0F3h,0C3h ;repret -_aesni_encrypt6 ENDP + ALIGN 16 -_aesni_decrypt6 PROC PRIVATE - movups xmm0,XMMWORD PTR[rcx] +_aesni_decrypt6: + movups xmm0,XMMWORD[rcx] shl eax,4 - movups xmm1,XMMWORD PTR[16+rcx] + movups xmm1,XMMWORD[16+rcx] xorps xmm2,xmm0 pxor xmm3,xmm0 pxor xmm4,xmm0 DB 102,15,56,222,209 - lea rcx,QWORD PTR[32+rax*1+rcx] + lea rcx,[32+rax*1+rcx] neg rax DB 102,15,56,222,217 pxor xmm5,xmm0 pxor xmm6,xmm0 DB 102,15,56,222,225 pxor xmm7,xmm0 + movups xmm0,XMMWORD[rax*1+rcx] add rax,16 -DB 102,15,56,222,233 -DB 102,15,56,222,241 -DB 102,15,56,222,249 - movups xmm0,XMMWORD PTR[((-16))+rax*1+rcx] - jmp $L$dec_loop6_enter + jmp NEAR $L$dec_loop6_enter ALIGN 16 -$L$dec_loop6:: +$L$dec_loop6: DB 102,15,56,222,209 DB 102,15,56,222,217 DB 102,15,56,222,225 +$L$dec_loop6_enter: DB 102,15,56,222,233 DB 102,15,56,222,241 DB 102,15,56,222,249 -$L$dec_loop6_enter:: - movups xmm1,XMMWORD PTR[rax*1+rcx] + movups xmm1,XMMWORD[rax*1+rcx] add rax,32 DB 102,15,56,222,208 DB 102,15,56,222,216 @@ -345,8 +349,8 @@ DB 102,15,56,222,224 DB 102,15,56,222,232 DB 102,15,56,222,240 DB 102,15,56,222,248 - movups xmm0,XMMWORD PTR[((-16))+rax*1+rcx] - jnz $L$dec_loop6 + movups xmm0,XMMWORD[((-16))+rax*1+rcx] + jnz NEAR $L$dec_loop6 DB 102,15,56,222,209 DB 102,15,56,222,217 @@ -361,46 +365,41 @@ DB 102,15,56,223,232 DB 102,15,56,223,240 DB 102,15,56,223,248 DB 0F3h,0C3h ;repret -_aesni_decrypt6 ENDP + ALIGN 16 -_aesni_encrypt8 PROC PRIVATE - movups xmm0,XMMWORD PTR[rcx] +_aesni_encrypt8: + movups xmm0,XMMWORD[rcx] shl eax,4 - movups xmm1,XMMWORD PTR[16+rcx] + movups xmm1,XMMWORD[16+rcx] xorps xmm2,xmm0 xorps xmm3,xmm0 pxor xmm4,xmm0 pxor xmm5,xmm0 pxor xmm6,xmm0 - lea rcx,QWORD PTR[32+rax*1+rcx] + lea rcx,[32+rax*1+rcx] neg rax DB 102,15,56,220,209 - add rax,16 pxor xmm7,xmm0 -DB 102,15,56,220,217 pxor xmm8,xmm0 +DB 102,15,56,220,217 pxor xmm9,xmm0 -DB 102,15,56,220,225 -DB 102,15,56,220,233 -DB 102,15,56,220,241 -DB 102,15,56,220,249 -DB 102,68,15,56,220,193 -DB 102,68,15,56,220,201 - movups xmm0,XMMWORD PTR[((-16))+rax*1+rcx] - jmp $L$enc_loop8_enter + movups xmm0,XMMWORD[rax*1+rcx] + add rax,16 + jmp NEAR $L$enc_loop8_inner ALIGN 16 -$L$enc_loop8:: +$L$enc_loop8: DB 102,15,56,220,209 DB 102,15,56,220,217 +$L$enc_loop8_inner: DB 102,15,56,220,225 DB 102,15,56,220,233 DB 102,15,56,220,241 DB 102,15,56,220,249 DB 102,68,15,56,220,193 DB 102,68,15,56,220,201 -$L$enc_loop8_enter:: - movups xmm1,XMMWORD PTR[rax*1+rcx] +$L$enc_loop8_enter: + movups xmm1,XMMWORD[rax*1+rcx] add rax,32 DB 102,15,56,220,208 DB 102,15,56,220,216 @@ -410,8 +409,8 @@ DB 102,15,56,220,240 DB 102,15,56,220,248 DB 102,68,15,56,220,192 DB 102,68,15,56,220,200 - movups xmm0,XMMWORD PTR[((-16))+rax*1+rcx] - jnz $L$enc_loop8 + movups xmm0,XMMWORD[((-16))+rax*1+rcx] + jnz NEAR $L$enc_loop8 DB 102,15,56,220,209 DB 102,15,56,220,217 @@ -430,46 +429,41 @@ DB 102,15,56,221,248 DB 102,68,15,56,221,192 DB 102,68,15,56,221,200 DB 0F3h,0C3h ;repret -_aesni_encrypt8 ENDP + ALIGN 16 -_aesni_decrypt8 PROC PRIVATE - movups xmm0,XMMWORD PTR[rcx] +_aesni_decrypt8: + movups xmm0,XMMWORD[rcx] shl eax,4 - movups xmm1,XMMWORD PTR[16+rcx] + movups xmm1,XMMWORD[16+rcx] xorps xmm2,xmm0 xorps xmm3,xmm0 pxor xmm4,xmm0 pxor xmm5,xmm0 pxor xmm6,xmm0 - lea rcx,QWORD PTR[32+rax*1+rcx] + lea rcx,[32+rax*1+rcx] neg rax DB 102,15,56,222,209 - add rax,16 pxor xmm7,xmm0 -DB 102,15,56,222,217 pxor xmm8,xmm0 +DB 102,15,56,222,217 pxor xmm9,xmm0 -DB 102,15,56,222,225 -DB 102,15,56,222,233 -DB 102,15,56,222,241 -DB 102,15,56,222,249 -DB 102,68,15,56,222,193 -DB 102,68,15,56,222,201 - movups xmm0,XMMWORD PTR[((-16))+rax*1+rcx] - jmp $L$dec_loop8_enter + movups xmm0,XMMWORD[rax*1+rcx] + add rax,16 + jmp NEAR $L$dec_loop8_inner ALIGN 16 -$L$dec_loop8:: +$L$dec_loop8: DB 102,15,56,222,209 DB 102,15,56,222,217 +$L$dec_loop8_inner: DB 102,15,56,222,225 DB 102,15,56,222,233 DB 102,15,56,222,241 DB 102,15,56,222,249 DB 102,68,15,56,222,193 DB 102,68,15,56,222,201 -$L$dec_loop8_enter:: - movups xmm1,XMMWORD PTR[rax*1+rcx] +$L$dec_loop8_enter: + movups xmm1,XMMWORD[rax*1+rcx] add rax,32 DB 102,15,56,222,208 DB 102,15,56,222,216 @@ -479,8 +473,8 @@ DB 102,15,56,222,240 DB 102,15,56,222,248 DB 102,68,15,56,222,192 DB 102,68,15,56,222,200 - movups xmm0,XMMWORD PTR[((-16))+rax*1+rcx] - jnz $L$dec_loop8 + movups xmm0,XMMWORD[((-16))+rax*1+rcx] + jnz NEAR $L$dec_loop8 DB 102,15,56,222,209 DB 102,15,56,222,217 @@ -499,390 +493,435 @@ DB 102,15,56,223,248 DB 102,68,15,56,223,192 DB 102,68,15,56,223,200 DB 0F3h,0C3h ;repret -_aesni_decrypt8 ENDP -PUBLIC aesni_ecb_encrypt + +global aesni_ecb_encrypt ALIGN 16 -aesni_ecb_encrypt PROC PUBLIC - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +aesni_ecb_encrypt: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_aesni_ecb_encrypt:: +$L$SEH_begin_aesni_ecb_encrypt: mov rdi,rcx mov rsi,rdx mov rdx,r8 mov rcx,r9 - mov r8,QWORD PTR[40+rsp] + mov r8,QWORD[40+rsp] - lea rsp,QWORD PTR[((-88))+rsp] - movaps XMMWORD PTR[rsp],xmm6 - movaps XMMWORD PTR[16+rsp],xmm7 - movaps XMMWORD PTR[32+rsp],xmm8 - movaps XMMWORD PTR[48+rsp],xmm9 -$L$ecb_enc_body:: + lea rsp,[((-88))+rsp] + movaps XMMWORD[rsp],xmm6 + movaps XMMWORD[16+rsp],xmm7 + movaps XMMWORD[32+rsp],xmm8 + movaps XMMWORD[48+rsp],xmm9 +$L$ecb_enc_body: and rdx,-16 - jz $L$ecb_ret + jz NEAR $L$ecb_ret - mov eax,DWORD PTR[240+rcx] - movups xmm0,XMMWORD PTR[rcx] + mov eax,DWORD[240+rcx] + movups xmm0,XMMWORD[rcx] mov r11,rcx mov r10d,eax test r8d,r8d - jz $L$ecb_decrypt - - cmp rdx,080h - jb $L$ecb_enc_tail - - movdqu xmm2,XMMWORD PTR[rdi] - movdqu xmm3,XMMWORD PTR[16+rdi] - movdqu xmm4,XMMWORD PTR[32+rdi] - movdqu xmm5,XMMWORD PTR[48+rdi] - movdqu xmm6,XMMWORD PTR[64+rdi] - movdqu xmm7,XMMWORD PTR[80+rdi] - movdqu xmm8,XMMWORD PTR[96+rdi] - movdqu xmm9,XMMWORD PTR[112+rdi] - lea rdi,QWORD PTR[128+rdi] - sub rdx,080h - jmp $L$ecb_enc_loop8_enter -ALIGN 16 -$L$ecb_enc_loop8:: - movups XMMWORD PTR[rsi],xmm2 + jz NEAR $L$ecb_decrypt + + cmp rdx,0x80 + jb NEAR $L$ecb_enc_tail + + movdqu xmm2,XMMWORD[rdi] + movdqu xmm3,XMMWORD[16+rdi] + movdqu xmm4,XMMWORD[32+rdi] + movdqu xmm5,XMMWORD[48+rdi] + movdqu xmm6,XMMWORD[64+rdi] + movdqu xmm7,XMMWORD[80+rdi] + movdqu xmm8,XMMWORD[96+rdi] + movdqu xmm9,XMMWORD[112+rdi] + lea rdi,[128+rdi] + sub rdx,0x80 + jmp NEAR $L$ecb_enc_loop8_enter +ALIGN 16 +$L$ecb_enc_loop8: + movups XMMWORD[rsi],xmm2 mov rcx,r11 - movdqu xmm2,XMMWORD PTR[rdi] + movdqu xmm2,XMMWORD[rdi] mov eax,r10d - movups XMMWORD PTR[16+rsi],xmm3 - movdqu xmm3,XMMWORD PTR[16+rdi] - movups XMMWORD PTR[32+rsi],xmm4 - movdqu xmm4,XMMWORD PTR[32+rdi] - movups XMMWORD PTR[48+rsi],xmm5 - movdqu xmm5,XMMWORD PTR[48+rdi] - movups XMMWORD PTR[64+rsi],xmm6 - movdqu xmm6,XMMWORD PTR[64+rdi] - movups XMMWORD PTR[80+rsi],xmm7 - movdqu xmm7,XMMWORD PTR[80+rdi] - movups XMMWORD PTR[96+rsi],xmm8 - movdqu xmm8,XMMWORD PTR[96+rdi] - movups XMMWORD PTR[112+rsi],xmm9 - lea rsi,QWORD PTR[128+rsi] - movdqu xmm9,XMMWORD PTR[112+rdi] - lea rdi,QWORD PTR[128+rdi] -$L$ecb_enc_loop8_enter:: + movups XMMWORD[16+rsi],xmm3 + movdqu xmm3,XMMWORD[16+rdi] + movups XMMWORD[32+rsi],xmm4 + movdqu xmm4,XMMWORD[32+rdi] + movups XMMWORD[48+rsi],xmm5 + movdqu xmm5,XMMWORD[48+rdi] + movups XMMWORD[64+rsi],xmm6 + movdqu xmm6,XMMWORD[64+rdi] + movups XMMWORD[80+rsi],xmm7 + movdqu xmm7,XMMWORD[80+rdi] + movups XMMWORD[96+rsi],xmm8 + movdqu xmm8,XMMWORD[96+rdi] + movups XMMWORD[112+rsi],xmm9 + lea rsi,[128+rsi] + movdqu xmm9,XMMWORD[112+rdi] + lea rdi,[128+rdi] +$L$ecb_enc_loop8_enter: call _aesni_encrypt8 - sub rdx,080h - jnc $L$ecb_enc_loop8 + sub rdx,0x80 + jnc NEAR $L$ecb_enc_loop8 - movups XMMWORD PTR[rsi],xmm2 + movups XMMWORD[rsi],xmm2 mov rcx,r11 - movups XMMWORD PTR[16+rsi],xmm3 + movups XMMWORD[16+rsi],xmm3 mov eax,r10d - movups XMMWORD PTR[32+rsi],xmm4 - movups XMMWORD PTR[48+rsi],xmm5 - movups XMMWORD PTR[64+rsi],xmm6 - movups XMMWORD PTR[80+rsi],xmm7 - movups XMMWORD PTR[96+rsi],xmm8 - movups XMMWORD PTR[112+rsi],xmm9 - lea rsi,QWORD PTR[128+rsi] - add rdx,080h - jz $L$ecb_ret - -$L$ecb_enc_tail:: - movups xmm2,XMMWORD PTR[rdi] - cmp rdx,020h - jb $L$ecb_enc_one - movups xmm3,XMMWORD PTR[16+rdi] - je $L$ecb_enc_two - movups xmm4,XMMWORD PTR[32+rdi] - cmp rdx,040h - jb $L$ecb_enc_three - movups xmm5,XMMWORD PTR[48+rdi] - je $L$ecb_enc_four - movups xmm6,XMMWORD PTR[64+rdi] - cmp rdx,060h - jb $L$ecb_enc_five - movups xmm7,XMMWORD PTR[80+rdi] - je $L$ecb_enc_six - movdqu xmm8,XMMWORD PTR[96+rdi] + movups XMMWORD[32+rsi],xmm4 + movups XMMWORD[48+rsi],xmm5 + movups XMMWORD[64+rsi],xmm6 + movups XMMWORD[80+rsi],xmm7 + movups XMMWORD[96+rsi],xmm8 + movups XMMWORD[112+rsi],xmm9 + lea rsi,[128+rsi] + add rdx,0x80 + jz NEAR $L$ecb_ret + +$L$ecb_enc_tail: + movups xmm2,XMMWORD[rdi] + cmp rdx,0x20 + jb NEAR $L$ecb_enc_one + movups xmm3,XMMWORD[16+rdi] + je NEAR $L$ecb_enc_two + movups xmm4,XMMWORD[32+rdi] + cmp rdx,0x40 + jb NEAR $L$ecb_enc_three + movups xmm5,XMMWORD[48+rdi] + je NEAR $L$ecb_enc_four + movups xmm6,XMMWORD[64+rdi] + cmp rdx,0x60 + jb NEAR $L$ecb_enc_five + movups xmm7,XMMWORD[80+rdi] + je NEAR $L$ecb_enc_six + movdqu xmm8,XMMWORD[96+rdi] + xorps xmm9,xmm9 call _aesni_encrypt8 - movups XMMWORD PTR[rsi],xmm2 - movups XMMWORD PTR[16+rsi],xmm3 - movups XMMWORD PTR[32+rsi],xmm4 - movups XMMWORD PTR[48+rsi],xmm5 - movups XMMWORD PTR[64+rsi],xmm6 - movups XMMWORD PTR[80+rsi],xmm7 - movups XMMWORD PTR[96+rsi],xmm8 - jmp $L$ecb_ret -ALIGN 16 -$L$ecb_enc_one:: - movups xmm0,XMMWORD PTR[rcx] - movups xmm1,XMMWORD PTR[16+rcx] - lea rcx,QWORD PTR[32+rcx] + movups XMMWORD[rsi],xmm2 + movups XMMWORD[16+rsi],xmm3 + movups XMMWORD[32+rsi],xmm4 + movups XMMWORD[48+rsi],xmm5 + movups XMMWORD[64+rsi],xmm6 + movups XMMWORD[80+rsi],xmm7 + movups XMMWORD[96+rsi],xmm8 + jmp NEAR $L$ecb_ret +ALIGN 16 +$L$ecb_enc_one: + movups xmm0,XMMWORD[rcx] + movups xmm1,XMMWORD[16+rcx] + lea rcx,[32+rcx] xorps xmm2,xmm0 -$L$oop_enc1_3:: +$L$oop_enc1_3: DB 102,15,56,220,209 dec eax - movups xmm1,XMMWORD PTR[rcx] - lea rcx,QWORD PTR[16+rcx] - jnz $L$oop_enc1_3 + movups xmm1,XMMWORD[rcx] + lea rcx,[16+rcx] + jnz NEAR $L$oop_enc1_3 DB 102,15,56,221,209 - movups XMMWORD PTR[rsi],xmm2 - jmp $L$ecb_ret + movups XMMWORD[rsi],xmm2 + jmp NEAR $L$ecb_ret ALIGN 16 -$L$ecb_enc_two:: +$L$ecb_enc_two: call _aesni_encrypt2 - movups XMMWORD PTR[rsi],xmm2 - movups XMMWORD PTR[16+rsi],xmm3 - jmp $L$ecb_ret + movups XMMWORD[rsi],xmm2 + movups XMMWORD[16+rsi],xmm3 + jmp NEAR $L$ecb_ret ALIGN 16 -$L$ecb_enc_three:: +$L$ecb_enc_three: call _aesni_encrypt3 - movups XMMWORD PTR[rsi],xmm2 - movups XMMWORD PTR[16+rsi],xmm3 - movups XMMWORD PTR[32+rsi],xmm4 - jmp $L$ecb_ret + movups XMMWORD[rsi],xmm2 + movups XMMWORD[16+rsi],xmm3 + movups XMMWORD[32+rsi],xmm4 + jmp NEAR $L$ecb_ret ALIGN 16 -$L$ecb_enc_four:: +$L$ecb_enc_four: call _aesni_encrypt4 - movups XMMWORD PTR[rsi],xmm2 - movups XMMWORD PTR[16+rsi],xmm3 - movups XMMWORD PTR[32+rsi],xmm4 - movups XMMWORD PTR[48+rsi],xmm5 - jmp $L$ecb_ret + movups XMMWORD[rsi],xmm2 + movups XMMWORD[16+rsi],xmm3 + movups XMMWORD[32+rsi],xmm4 + movups XMMWORD[48+rsi],xmm5 + jmp NEAR $L$ecb_ret ALIGN 16 -$L$ecb_enc_five:: +$L$ecb_enc_five: xorps xmm7,xmm7 call _aesni_encrypt6 - movups XMMWORD PTR[rsi],xmm2 - movups XMMWORD PTR[16+rsi],xmm3 - movups XMMWORD PTR[32+rsi],xmm4 - movups XMMWORD PTR[48+rsi],xmm5 - movups XMMWORD PTR[64+rsi],xmm6 - jmp $L$ecb_ret -ALIGN 16 -$L$ecb_enc_six:: + movups XMMWORD[rsi],xmm2 + movups XMMWORD[16+rsi],xmm3 + movups XMMWORD[32+rsi],xmm4 + movups XMMWORD[48+rsi],xmm5 + movups XMMWORD[64+rsi],xmm6 + jmp NEAR $L$ecb_ret +ALIGN 16 +$L$ecb_enc_six: call _aesni_encrypt6 - movups XMMWORD PTR[rsi],xmm2 - movups XMMWORD PTR[16+rsi],xmm3 - movups XMMWORD PTR[32+rsi],xmm4 - movups XMMWORD PTR[48+rsi],xmm5 - movups XMMWORD PTR[64+rsi],xmm6 - movups XMMWORD PTR[80+rsi],xmm7 - jmp $L$ecb_ret - -ALIGN 16 -$L$ecb_decrypt:: - cmp rdx,080h - jb $L$ecb_dec_tail - - movdqu xmm2,XMMWORD PTR[rdi] - movdqu xmm3,XMMWORD PTR[16+rdi] - movdqu xmm4,XMMWORD PTR[32+rdi] - movdqu xmm5,XMMWORD PTR[48+rdi] - movdqu xmm6,XMMWORD PTR[64+rdi] - movdqu xmm7,XMMWORD PTR[80+rdi] - movdqu xmm8,XMMWORD PTR[96+rdi] - movdqu xmm9,XMMWORD PTR[112+rdi] - lea rdi,QWORD PTR[128+rdi] - sub rdx,080h - jmp $L$ecb_dec_loop8_enter -ALIGN 16 -$L$ecb_dec_loop8:: - movups XMMWORD PTR[rsi],xmm2 + movups XMMWORD[rsi],xmm2 + movups XMMWORD[16+rsi],xmm3 + movups XMMWORD[32+rsi],xmm4 + movups XMMWORD[48+rsi],xmm5 + movups XMMWORD[64+rsi],xmm6 + movups XMMWORD[80+rsi],xmm7 + jmp NEAR $L$ecb_ret + +ALIGN 16 +$L$ecb_decrypt: + cmp rdx,0x80 + jb NEAR $L$ecb_dec_tail + + movdqu xmm2,XMMWORD[rdi] + movdqu xmm3,XMMWORD[16+rdi] + movdqu xmm4,XMMWORD[32+rdi] + movdqu xmm5,XMMWORD[48+rdi] + movdqu xmm6,XMMWORD[64+rdi] + movdqu xmm7,XMMWORD[80+rdi] + movdqu xmm8,XMMWORD[96+rdi] + movdqu xmm9,XMMWORD[112+rdi] + lea rdi,[128+rdi] + sub rdx,0x80 + jmp NEAR $L$ecb_dec_loop8_enter +ALIGN 16 +$L$ecb_dec_loop8: + movups XMMWORD[rsi],xmm2 mov rcx,r11 - movdqu xmm2,XMMWORD PTR[rdi] + movdqu xmm2,XMMWORD[rdi] mov eax,r10d - movups XMMWORD PTR[16+rsi],xmm3 - movdqu xmm3,XMMWORD PTR[16+rdi] - movups XMMWORD PTR[32+rsi],xmm4 - movdqu xmm4,XMMWORD PTR[32+rdi] - movups XMMWORD PTR[48+rsi],xmm5 - movdqu xmm5,XMMWORD PTR[48+rdi] - movups XMMWORD PTR[64+rsi],xmm6 - movdqu xmm6,XMMWORD PTR[64+rdi] - movups XMMWORD PTR[80+rsi],xmm7 - movdqu xmm7,XMMWORD PTR[80+rdi] - movups XMMWORD PTR[96+rsi],xmm8 - movdqu xmm8,XMMWORD PTR[96+rdi] - movups XMMWORD PTR[112+rsi],xmm9 - lea rsi,QWORD PTR[128+rsi] - movdqu xmm9,XMMWORD PTR[112+rdi] - lea rdi,QWORD PTR[128+rdi] -$L$ecb_dec_loop8_enter:: + movups XMMWORD[16+rsi],xmm3 + movdqu xmm3,XMMWORD[16+rdi] + movups XMMWORD[32+rsi],xmm4 + movdqu xmm4,XMMWORD[32+rdi] + movups XMMWORD[48+rsi],xmm5 + movdqu xmm5,XMMWORD[48+rdi] + movups XMMWORD[64+rsi],xmm6 + movdqu xmm6,XMMWORD[64+rdi] + movups XMMWORD[80+rsi],xmm7 + movdqu xmm7,XMMWORD[80+rdi] + movups XMMWORD[96+rsi],xmm8 + movdqu xmm8,XMMWORD[96+rdi] + movups XMMWORD[112+rsi],xmm9 + lea rsi,[128+rsi] + movdqu xmm9,XMMWORD[112+rdi] + lea rdi,[128+rdi] +$L$ecb_dec_loop8_enter: call _aesni_decrypt8 - movups xmm0,XMMWORD PTR[r11] - sub rdx,080h - jnc $L$ecb_dec_loop8 + movups xmm0,XMMWORD[r11] + sub rdx,0x80 + jnc NEAR $L$ecb_dec_loop8 - movups XMMWORD PTR[rsi],xmm2 + movups XMMWORD[rsi],xmm2 + pxor xmm2,xmm2 mov rcx,r11 - movups XMMWORD PTR[16+rsi],xmm3 + movups XMMWORD[16+rsi],xmm3 + pxor xmm3,xmm3 mov eax,r10d - movups XMMWORD PTR[32+rsi],xmm4 - movups XMMWORD PTR[48+rsi],xmm5 - movups XMMWORD PTR[64+rsi],xmm6 - movups XMMWORD PTR[80+rsi],xmm7 - movups XMMWORD PTR[96+rsi],xmm8 - movups XMMWORD PTR[112+rsi],xmm9 - lea rsi,QWORD PTR[128+rsi] - add rdx,080h - jz $L$ecb_ret - -$L$ecb_dec_tail:: - movups xmm2,XMMWORD PTR[rdi] - cmp rdx,020h - jb $L$ecb_dec_one - movups xmm3,XMMWORD PTR[16+rdi] - je $L$ecb_dec_two - movups xmm4,XMMWORD PTR[32+rdi] - cmp rdx,040h - jb $L$ecb_dec_three - movups xmm5,XMMWORD PTR[48+rdi] - je $L$ecb_dec_four - movups xmm6,XMMWORD PTR[64+rdi] - cmp rdx,060h - jb $L$ecb_dec_five - movups xmm7,XMMWORD PTR[80+rdi] - je $L$ecb_dec_six - movups xmm8,XMMWORD PTR[96+rdi] - movups xmm0,XMMWORD PTR[rcx] + movups XMMWORD[32+rsi],xmm4 + pxor xmm4,xmm4 + movups XMMWORD[48+rsi],xmm5 + pxor xmm5,xmm5 + movups XMMWORD[64+rsi],xmm6 + pxor xmm6,xmm6 + movups XMMWORD[80+rsi],xmm7 + pxor xmm7,xmm7 + movups XMMWORD[96+rsi],xmm8 + pxor xmm8,xmm8 + movups XMMWORD[112+rsi],xmm9 + pxor xmm9,xmm9 + lea rsi,[128+rsi] + add rdx,0x80 + jz NEAR $L$ecb_ret + +$L$ecb_dec_tail: + movups xmm2,XMMWORD[rdi] + cmp rdx,0x20 + jb NEAR $L$ecb_dec_one + movups xmm3,XMMWORD[16+rdi] + je NEAR $L$ecb_dec_two + movups xmm4,XMMWORD[32+rdi] + cmp rdx,0x40 + jb NEAR $L$ecb_dec_three + movups xmm5,XMMWORD[48+rdi] + je NEAR $L$ecb_dec_four + movups xmm6,XMMWORD[64+rdi] + cmp rdx,0x60 + jb NEAR $L$ecb_dec_five + movups xmm7,XMMWORD[80+rdi] + je NEAR $L$ecb_dec_six + movups xmm8,XMMWORD[96+rdi] + movups xmm0,XMMWORD[rcx] + xorps xmm9,xmm9 call _aesni_decrypt8 - movups XMMWORD PTR[rsi],xmm2 - movups XMMWORD PTR[16+rsi],xmm3 - movups XMMWORD PTR[32+rsi],xmm4 - movups XMMWORD PTR[48+rsi],xmm5 - movups XMMWORD PTR[64+rsi],xmm6 - movups XMMWORD PTR[80+rsi],xmm7 - movups XMMWORD PTR[96+rsi],xmm8 - jmp $L$ecb_ret -ALIGN 16 -$L$ecb_dec_one:: - movups xmm0,XMMWORD PTR[rcx] - movups xmm1,XMMWORD PTR[16+rcx] - lea rcx,QWORD PTR[32+rcx] + movups XMMWORD[rsi],xmm2 + pxor xmm2,xmm2 + movups XMMWORD[16+rsi],xmm3 + pxor xmm3,xmm3 + movups XMMWORD[32+rsi],xmm4 + pxor xmm4,xmm4 + movups XMMWORD[48+rsi],xmm5 + pxor xmm5,xmm5 + movups XMMWORD[64+rsi],xmm6 + pxor xmm6,xmm6 + movups XMMWORD[80+rsi],xmm7 + pxor xmm7,xmm7 + movups XMMWORD[96+rsi],xmm8 + pxor xmm8,xmm8 + pxor xmm9,xmm9 + jmp NEAR $L$ecb_ret +ALIGN 16 +$L$ecb_dec_one: + movups xmm0,XMMWORD[rcx] + movups xmm1,XMMWORD[16+rcx] + lea rcx,[32+rcx] xorps xmm2,xmm0 -$L$oop_dec1_4:: +$L$oop_dec1_4: DB 102,15,56,222,209 dec eax - movups xmm1,XMMWORD PTR[rcx] - lea rcx,QWORD PTR[16+rcx] - jnz $L$oop_dec1_4 + movups xmm1,XMMWORD[rcx] + lea rcx,[16+rcx] + jnz NEAR $L$oop_dec1_4 DB 102,15,56,223,209 - movups XMMWORD PTR[rsi],xmm2 - jmp $L$ecb_ret + movups XMMWORD[rsi],xmm2 + pxor xmm2,xmm2 + jmp NEAR $L$ecb_ret ALIGN 16 -$L$ecb_dec_two:: +$L$ecb_dec_two: call _aesni_decrypt2 - movups XMMWORD PTR[rsi],xmm2 - movups XMMWORD PTR[16+rsi],xmm3 - jmp $L$ecb_ret + movups XMMWORD[rsi],xmm2 + pxor xmm2,xmm2 + movups XMMWORD[16+rsi],xmm3 + pxor xmm3,xmm3 + jmp NEAR $L$ecb_ret ALIGN 16 -$L$ecb_dec_three:: +$L$ecb_dec_three: call _aesni_decrypt3 - movups XMMWORD PTR[rsi],xmm2 - movups XMMWORD PTR[16+rsi],xmm3 - movups XMMWORD PTR[32+rsi],xmm4 - jmp $L$ecb_ret -ALIGN 16 -$L$ecb_dec_four:: + movups XMMWORD[rsi],xmm2 + pxor xmm2,xmm2 + movups XMMWORD[16+rsi],xmm3 + pxor xmm3,xmm3 + movups XMMWORD[32+rsi],xmm4 + pxor xmm4,xmm4 + jmp NEAR $L$ecb_ret +ALIGN 16 +$L$ecb_dec_four: call _aesni_decrypt4 - movups XMMWORD PTR[rsi],xmm2 - movups XMMWORD PTR[16+rsi],xmm3 - movups XMMWORD PTR[32+rsi],xmm4 - movups XMMWORD PTR[48+rsi],xmm5 - jmp $L$ecb_ret -ALIGN 16 -$L$ecb_dec_five:: + movups XMMWORD[rsi],xmm2 + pxor xmm2,xmm2 + movups XMMWORD[16+rsi],xmm3 + pxor xmm3,xmm3 + movups XMMWORD[32+rsi],xmm4 + pxor xmm4,xmm4 + movups XMMWORD[48+rsi],xmm5 + pxor xmm5,xmm5 + jmp NEAR $L$ecb_ret +ALIGN 16 +$L$ecb_dec_five: xorps xmm7,xmm7 call _aesni_decrypt6 - movups XMMWORD PTR[rsi],xmm2 - movups XMMWORD PTR[16+rsi],xmm3 - movups XMMWORD PTR[32+rsi],xmm4 - movups XMMWORD PTR[48+rsi],xmm5 - movups XMMWORD PTR[64+rsi],xmm6 - jmp $L$ecb_ret -ALIGN 16 -$L$ecb_dec_six:: + movups XMMWORD[rsi],xmm2 + pxor xmm2,xmm2 + movups XMMWORD[16+rsi],xmm3 + pxor xmm3,xmm3 + movups XMMWORD[32+rsi],xmm4 + pxor xmm4,xmm4 + movups XMMWORD[48+rsi],xmm5 + pxor xmm5,xmm5 + movups XMMWORD[64+rsi],xmm6 + pxor xmm6,xmm6 + pxor xmm7,xmm7 + jmp NEAR $L$ecb_ret +ALIGN 16 +$L$ecb_dec_six: call _aesni_decrypt6 - movups XMMWORD PTR[rsi],xmm2 - movups XMMWORD PTR[16+rsi],xmm3 - movups XMMWORD PTR[32+rsi],xmm4 - movups XMMWORD PTR[48+rsi],xmm5 - movups XMMWORD PTR[64+rsi],xmm6 - movups XMMWORD PTR[80+rsi],xmm7 - -$L$ecb_ret:: - movaps xmm6,XMMWORD PTR[rsp] - movaps xmm7,XMMWORD PTR[16+rsp] - movaps xmm8,XMMWORD PTR[32+rsp] - movaps xmm9,XMMWORD PTR[48+rsp] - lea rsp,QWORD PTR[88+rsp] -$L$ecb_enc_ret:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] + movups XMMWORD[rsi],xmm2 + pxor xmm2,xmm2 + movups XMMWORD[16+rsi],xmm3 + pxor xmm3,xmm3 + movups XMMWORD[32+rsi],xmm4 + pxor xmm4,xmm4 + movups XMMWORD[48+rsi],xmm5 + pxor xmm5,xmm5 + movups XMMWORD[64+rsi],xmm6 + pxor xmm6,xmm6 + movups XMMWORD[80+rsi],xmm7 + pxor xmm7,xmm7 + +$L$ecb_ret: + xorps xmm0,xmm0 + pxor xmm1,xmm1 + movaps xmm6,XMMWORD[rsp] + movaps XMMWORD[rsp],xmm0 + movaps xmm7,XMMWORD[16+rsp] + movaps XMMWORD[16+rsp],xmm0 + movaps xmm8,XMMWORD[32+rsp] + movaps XMMWORD[32+rsp],xmm0 + movaps xmm9,XMMWORD[48+rsp] + movaps XMMWORD[48+rsp],xmm0 + lea rsp,[88+rsp] +$L$ecb_enc_ret: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_aesni_ecb_encrypt:: -aesni_ecb_encrypt ENDP -PUBLIC aesni_ccm64_encrypt_blocks +$L$SEH_end_aesni_ecb_encrypt: +global aesni_ccm64_encrypt_blocks ALIGN 16 -aesni_ccm64_encrypt_blocks PROC PUBLIC - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +aesni_ccm64_encrypt_blocks: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_aesni_ccm64_encrypt_blocks:: +$L$SEH_begin_aesni_ccm64_encrypt_blocks: mov rdi,rcx mov rsi,rdx mov rdx,r8 mov rcx,r9 - mov r8,QWORD PTR[40+rsp] - mov r9,QWORD PTR[48+rsp] + mov r8,QWORD[40+rsp] + mov r9,QWORD[48+rsp] - lea rsp,QWORD PTR[((-88))+rsp] - movaps XMMWORD PTR[rsp],xmm6 - movaps XMMWORD PTR[16+rsp],xmm7 - movaps XMMWORD PTR[32+rsp],xmm8 - movaps XMMWORD PTR[48+rsp],xmm9 -$L$ccm64_enc_body:: - mov eax,DWORD PTR[240+rcx] - movdqu xmm6,XMMWORD PTR[r8] - movdqa xmm9,XMMWORD PTR[$L$increment64] - movdqa xmm7,XMMWORD PTR[$L$bswap_mask] + lea rsp,[((-88))+rsp] + movaps XMMWORD[rsp],xmm6 + movaps XMMWORD[16+rsp],xmm7 + movaps XMMWORD[32+rsp],xmm8 + movaps XMMWORD[48+rsp],xmm9 +$L$ccm64_enc_body: + mov eax,DWORD[240+rcx] + movdqu xmm6,XMMWORD[r8] + movdqa xmm9,XMMWORD[$L$increment64] + movdqa xmm7,XMMWORD[$L$bswap_mask] shl eax,4 mov r10d,16 - lea r11,QWORD PTR[rcx] - movdqu xmm3,XMMWORD PTR[r9] + lea r11,[rcx] + movdqu xmm3,XMMWORD[r9] movdqa xmm2,xmm6 - lea rcx,QWORD PTR[32+rax*1+rcx] + lea rcx,[32+rax*1+rcx] DB 102,15,56,0,247 sub r10,rax - jmp $L$ccm64_enc_outer + jmp NEAR $L$ccm64_enc_outer ALIGN 16 -$L$ccm64_enc_outer:: - movups xmm0,XMMWORD PTR[r11] +$L$ccm64_enc_outer: + movups xmm0,XMMWORD[r11] mov rax,r10 - movups xmm8,XMMWORD PTR[rdi] + movups xmm8,XMMWORD[rdi] xorps xmm2,xmm0 - movups xmm1,XMMWORD PTR[16+r11] + movups xmm1,XMMWORD[16+r11] xorps xmm0,xmm8 xorps xmm3,xmm0 - movups xmm0,XMMWORD PTR[32+r11] + movups xmm0,XMMWORD[32+r11] -$L$ccm64_enc2_loop:: +$L$ccm64_enc2_loop: DB 102,15,56,220,209 DB 102,15,56,220,217 - movups xmm1,XMMWORD PTR[rax*1+rcx] + movups xmm1,XMMWORD[rax*1+rcx] add rax,32 DB 102,15,56,220,208 DB 102,15,56,220,216 - movups xmm0,XMMWORD PTR[((-16))+rax*1+rcx] - jnz $L$ccm64_enc2_loop + movups xmm0,XMMWORD[((-16))+rax*1+rcx] + jnz NEAR $L$ccm64_enc2_loop DB 102,15,56,220,209 DB 102,15,56,220,217 paddq xmm6,xmm9 @@ -890,458 +929,505 @@ DB 102,15,56,220,217 DB 102,15,56,221,208 DB 102,15,56,221,216 - lea rdi,QWORD PTR[16+rdi] + lea rdi,[16+rdi] xorps xmm8,xmm2 movdqa xmm2,xmm6 - movups XMMWORD PTR[rsi],xmm8 + movups XMMWORD[rsi],xmm8 DB 102,15,56,0,215 - lea rsi,QWORD PTR[16+rsi] - jnz $L$ccm64_enc_outer - - movups XMMWORD PTR[r9],xmm3 - movaps xmm6,XMMWORD PTR[rsp] - movaps xmm7,XMMWORD PTR[16+rsp] - movaps xmm8,XMMWORD PTR[32+rsp] - movaps xmm9,XMMWORD PTR[48+rsp] - lea rsp,QWORD PTR[88+rsp] -$L$ccm64_enc_ret:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] + lea rsi,[16+rsi] + jnz NEAR $L$ccm64_enc_outer + + pxor xmm0,xmm0 + pxor xmm1,xmm1 + pxor xmm2,xmm2 + movups XMMWORD[r9],xmm3 + pxor xmm3,xmm3 + pxor xmm8,xmm8 + pxor xmm6,xmm6 + movaps xmm6,XMMWORD[rsp] + movaps XMMWORD[rsp],xmm0 + movaps xmm7,XMMWORD[16+rsp] + movaps XMMWORD[16+rsp],xmm0 + movaps xmm8,XMMWORD[32+rsp] + movaps XMMWORD[32+rsp],xmm0 + movaps xmm9,XMMWORD[48+rsp] + movaps XMMWORD[48+rsp],xmm0 + lea rsp,[88+rsp] +$L$ccm64_enc_ret: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_aesni_ccm64_encrypt_blocks:: -aesni_ccm64_encrypt_blocks ENDP -PUBLIC aesni_ccm64_decrypt_blocks +$L$SEH_end_aesni_ccm64_encrypt_blocks: +global aesni_ccm64_decrypt_blocks ALIGN 16 -aesni_ccm64_decrypt_blocks PROC PUBLIC - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +aesni_ccm64_decrypt_blocks: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_aesni_ccm64_decrypt_blocks:: +$L$SEH_begin_aesni_ccm64_decrypt_blocks: mov rdi,rcx mov rsi,rdx mov rdx,r8 mov rcx,r9 - mov r8,QWORD PTR[40+rsp] - mov r9,QWORD PTR[48+rsp] - - - lea rsp,QWORD PTR[((-88))+rsp] - movaps XMMWORD PTR[rsp],xmm6 - movaps XMMWORD PTR[16+rsp],xmm7 - movaps XMMWORD PTR[32+rsp],xmm8 - movaps XMMWORD PTR[48+rsp],xmm9 -$L$ccm64_dec_body:: - mov eax,DWORD PTR[240+rcx] - movups xmm6,XMMWORD PTR[r8] - movdqu xmm3,XMMWORD PTR[r9] - movdqa xmm9,XMMWORD PTR[$L$increment64] - movdqa xmm7,XMMWORD PTR[$L$bswap_mask] + mov r8,QWORD[40+rsp] + mov r9,QWORD[48+rsp] + + + lea rsp,[((-88))+rsp] + movaps XMMWORD[rsp],xmm6 + movaps XMMWORD[16+rsp],xmm7 + movaps XMMWORD[32+rsp],xmm8 + movaps XMMWORD[48+rsp],xmm9 +$L$ccm64_dec_body: + mov eax,DWORD[240+rcx] + movups xmm6,XMMWORD[r8] + movdqu xmm3,XMMWORD[r9] + movdqa xmm9,XMMWORD[$L$increment64] + movdqa xmm7,XMMWORD[$L$bswap_mask] movaps xmm2,xmm6 mov r10d,eax mov r11,rcx DB 102,15,56,0,247 - movups xmm0,XMMWORD PTR[rcx] - movups xmm1,XMMWORD PTR[16+rcx] - lea rcx,QWORD PTR[32+rcx] + movups xmm0,XMMWORD[rcx] + movups xmm1,XMMWORD[16+rcx] + lea rcx,[32+rcx] xorps xmm2,xmm0 -$L$oop_enc1_5:: +$L$oop_enc1_5: DB 102,15,56,220,209 dec eax - movups xmm1,XMMWORD PTR[rcx] - lea rcx,QWORD PTR[16+rcx] - jnz $L$oop_enc1_5 + movups xmm1,XMMWORD[rcx] + lea rcx,[16+rcx] + jnz NEAR $L$oop_enc1_5 DB 102,15,56,221,209 shl r10d,4 mov eax,16 - movups xmm8,XMMWORD PTR[rdi] + movups xmm8,XMMWORD[rdi] paddq xmm6,xmm9 - lea rdi,QWORD PTR[16+rdi] + lea rdi,[16+rdi] sub rax,r10 - lea rcx,QWORD PTR[32+r10*1+r11] + lea rcx,[32+r10*1+r11] mov r10,rax - jmp $L$ccm64_dec_outer + jmp NEAR $L$ccm64_dec_outer ALIGN 16 -$L$ccm64_dec_outer:: +$L$ccm64_dec_outer: xorps xmm8,xmm2 movdqa xmm2,xmm6 - movups XMMWORD PTR[rsi],xmm8 - lea rsi,QWORD PTR[16+rsi] + movups XMMWORD[rsi],xmm8 + lea rsi,[16+rsi] DB 102,15,56,0,215 sub rdx,1 - jz $L$ccm64_dec_break + jz NEAR $L$ccm64_dec_break - movups xmm0,XMMWORD PTR[r11] + movups xmm0,XMMWORD[r11] mov rax,r10 - movups xmm1,XMMWORD PTR[16+r11] + movups xmm1,XMMWORD[16+r11] xorps xmm8,xmm0 xorps xmm2,xmm0 xorps xmm3,xmm8 - movups xmm0,XMMWORD PTR[32+r11] - jmp $L$ccm64_dec2_loop + movups xmm0,XMMWORD[32+r11] + jmp NEAR $L$ccm64_dec2_loop ALIGN 16 -$L$ccm64_dec2_loop:: +$L$ccm64_dec2_loop: DB 102,15,56,220,209 DB 102,15,56,220,217 - movups xmm1,XMMWORD PTR[rax*1+rcx] + movups xmm1,XMMWORD[rax*1+rcx] add rax,32 DB 102,15,56,220,208 DB 102,15,56,220,216 - movups xmm0,XMMWORD PTR[((-16))+rax*1+rcx] - jnz $L$ccm64_dec2_loop - movups xmm8,XMMWORD PTR[rdi] + movups xmm0,XMMWORD[((-16))+rax*1+rcx] + jnz NEAR $L$ccm64_dec2_loop + movups xmm8,XMMWORD[rdi] paddq xmm6,xmm9 DB 102,15,56,220,209 DB 102,15,56,220,217 DB 102,15,56,221,208 DB 102,15,56,221,216 - lea rdi,QWORD PTR[16+rdi] - jmp $L$ccm64_dec_outer + lea rdi,[16+rdi] + jmp NEAR $L$ccm64_dec_outer ALIGN 16 -$L$ccm64_dec_break:: +$L$ccm64_dec_break: - mov eax,DWORD PTR[240+r11] - movups xmm0,XMMWORD PTR[r11] - movups xmm1,XMMWORD PTR[16+r11] + mov eax,DWORD[240+r11] + movups xmm0,XMMWORD[r11] + movups xmm1,XMMWORD[16+r11] xorps xmm8,xmm0 - lea r11,QWORD PTR[32+r11] + lea r11,[32+r11] xorps xmm3,xmm8 -$L$oop_enc1_6:: +$L$oop_enc1_6: DB 102,15,56,220,217 dec eax - movups xmm1,XMMWORD PTR[r11] - lea r11,QWORD PTR[16+r11] - jnz $L$oop_enc1_6 + movups xmm1,XMMWORD[r11] + lea r11,[16+r11] + jnz NEAR $L$oop_enc1_6 DB 102,15,56,221,217 - movups XMMWORD PTR[r9],xmm3 - movaps xmm6,XMMWORD PTR[rsp] - movaps xmm7,XMMWORD PTR[16+rsp] - movaps xmm8,XMMWORD PTR[32+rsp] - movaps xmm9,XMMWORD PTR[48+rsp] - lea rsp,QWORD PTR[88+rsp] -$L$ccm64_dec_ret:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] + pxor xmm0,xmm0 + pxor xmm1,xmm1 + pxor xmm2,xmm2 + movups XMMWORD[r9],xmm3 + pxor xmm3,xmm3 + pxor xmm8,xmm8 + pxor xmm6,xmm6 + movaps xmm6,XMMWORD[rsp] + movaps XMMWORD[rsp],xmm0 + movaps xmm7,XMMWORD[16+rsp] + movaps XMMWORD[16+rsp],xmm0 + movaps xmm8,XMMWORD[32+rsp] + movaps XMMWORD[32+rsp],xmm0 + movaps xmm9,XMMWORD[48+rsp] + movaps XMMWORD[48+rsp],xmm0 + lea rsp,[88+rsp] +$L$ccm64_dec_ret: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_aesni_ccm64_decrypt_blocks:: -aesni_ccm64_decrypt_blocks ENDP -PUBLIC aesni_ctr32_encrypt_blocks +$L$SEH_end_aesni_ccm64_decrypt_blocks: +global aesni_ctr32_encrypt_blocks ALIGN 16 -aesni_ctr32_encrypt_blocks PROC PUBLIC - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +aesni_ctr32_encrypt_blocks: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_aesni_ctr32_encrypt_blocks:: +$L$SEH_begin_aesni_ctr32_encrypt_blocks: mov rdi,rcx mov rsi,rdx mov rdx,r8 mov rcx,r9 - mov r8,QWORD PTR[40+rsp] + mov r8,QWORD[40+rsp] - lea rax,QWORD PTR[rsp] + cmp rdx,1 + jne NEAR $L$ctr32_bulk + + + + movups xmm2,XMMWORD[r8] + movups xmm3,XMMWORD[rdi] + mov edx,DWORD[240+rcx] + movups xmm0,XMMWORD[rcx] + movups xmm1,XMMWORD[16+rcx] + lea rcx,[32+rcx] + xorps xmm2,xmm0 +$L$oop_enc1_7: +DB 102,15,56,220,209 + dec edx + movups xmm1,XMMWORD[rcx] + lea rcx,[16+rcx] + jnz NEAR $L$oop_enc1_7 +DB 102,15,56,221,209 + pxor xmm0,xmm0 + pxor xmm1,xmm1 + xorps xmm2,xmm3 + pxor xmm3,xmm3 + movups XMMWORD[rsi],xmm2 + xorps xmm2,xmm2 + jmp NEAR $L$ctr32_epilogue + +ALIGN 16 +$L$ctr32_bulk: + lea rax,[rsp] push rbp sub rsp,288 and rsp,-16 - movaps XMMWORD PTR[(-168)+rax],xmm6 - movaps XMMWORD PTR[(-152)+rax],xmm7 - movaps XMMWORD PTR[(-136)+rax],xmm8 - movaps XMMWORD PTR[(-120)+rax],xmm9 - movaps XMMWORD PTR[(-104)+rax],xmm10 - movaps XMMWORD PTR[(-88)+rax],xmm11 - movaps XMMWORD PTR[(-72)+rax],xmm12 - movaps XMMWORD PTR[(-56)+rax],xmm13 - movaps XMMWORD PTR[(-40)+rax],xmm14 - movaps XMMWORD PTR[(-24)+rax],xmm15 -$L$ctr32_body:: - lea rbp,QWORD PTR[((-8))+rax] + movaps XMMWORD[(-168)+rax],xmm6 + movaps XMMWORD[(-152)+rax],xmm7 + movaps XMMWORD[(-136)+rax],xmm8 + movaps XMMWORD[(-120)+rax],xmm9 + movaps XMMWORD[(-104)+rax],xmm10 + movaps XMMWORD[(-88)+rax],xmm11 + movaps XMMWORD[(-72)+rax],xmm12 + movaps XMMWORD[(-56)+rax],xmm13 + movaps XMMWORD[(-40)+rax],xmm14 + movaps XMMWORD[(-24)+rax],xmm15 +$L$ctr32_body: + lea rbp,[((-8))+rax] + - cmp rdx,1 - je $L$ctr32_one_shortcut - movdqu xmm2,XMMWORD PTR[r8] - movdqu xmm0,XMMWORD PTR[rcx] - mov r8d,DWORD PTR[12+r8] + + movdqu xmm2,XMMWORD[r8] + movdqu xmm0,XMMWORD[rcx] + mov r8d,DWORD[12+r8] pxor xmm2,xmm0 - mov r11d,DWORD PTR[12+rcx] - movdqa XMMWORD PTR[rsp],xmm2 + mov r11d,DWORD[12+rcx] + movdqa XMMWORD[rsp],xmm2 bswap r8d movdqa xmm3,xmm2 movdqa xmm4,xmm2 movdqa xmm5,xmm2 - movdqa XMMWORD PTR[64+rsp],xmm2 - movdqa XMMWORD PTR[80+rsp],xmm2 - movdqa XMMWORD PTR[96+rsp],xmm2 + movdqa XMMWORD[64+rsp],xmm2 + movdqa XMMWORD[80+rsp],xmm2 + movdqa XMMWORD[96+rsp],xmm2 mov r10,rdx - movdqa XMMWORD PTR[112+rsp],xmm2 + movdqa XMMWORD[112+rsp],xmm2 - lea rax,QWORD PTR[1+r8] - lea rdx,QWORD PTR[2+r8] + lea rax,[1+r8] + lea rdx,[2+r8] bswap eax bswap edx xor eax,r11d xor edx,r11d DB 102,15,58,34,216,3 - lea rax,QWORD PTR[3+r8] - movdqa XMMWORD PTR[16+rsp],xmm3 + lea rax,[3+r8] + movdqa XMMWORD[16+rsp],xmm3 DB 102,15,58,34,226,3 bswap eax mov rdx,r10 - lea r10,QWORD PTR[4+r8] - movdqa XMMWORD PTR[32+rsp],xmm4 + lea r10,[4+r8] + movdqa XMMWORD[32+rsp],xmm4 xor eax,r11d bswap r10d DB 102,15,58,34,232,3 xor r10d,r11d - movdqa XMMWORD PTR[48+rsp],xmm5 - lea r9,QWORD PTR[5+r8] - mov DWORD PTR[((64+12))+rsp],r10d + movdqa XMMWORD[48+rsp],xmm5 + lea r9,[5+r8] + mov DWORD[((64+12))+rsp],r10d bswap r9d - lea r10,QWORD PTR[6+r8] - mov eax,DWORD PTR[240+rcx] + lea r10,[6+r8] + mov eax,DWORD[240+rcx] xor r9d,r11d bswap r10d - mov DWORD PTR[((80+12))+rsp],r9d + mov DWORD[((80+12))+rsp],r9d xor r10d,r11d - lea r9,QWORD PTR[7+r8] - mov DWORD PTR[((96+12))+rsp],r10d + lea r9,[7+r8] + mov DWORD[((96+12))+rsp],r10d bswap r9d - mov r10d,DWORD PTR[((OPENSSL_ia32cap_P+4))] + mov r10d,DWORD[((OPENSSL_ia32cap_P+4))] xor r9d,r11d and r10d,71303168 - mov DWORD PTR[((112+12))+rsp],r9d + mov DWORD[((112+12))+rsp],r9d - movups xmm1,XMMWORD PTR[16+rcx] + movups xmm1,XMMWORD[16+rcx] - movdqa xmm6,XMMWORD PTR[64+rsp] - movdqa xmm7,XMMWORD PTR[80+rsp] + movdqa xmm6,XMMWORD[64+rsp] + movdqa xmm7,XMMWORD[80+rsp] cmp rdx,8 - jb $L$ctr32_tail + jb NEAR $L$ctr32_tail sub rdx,6 cmp r10d,4194304 - je $L$ctr32_6x + je NEAR $L$ctr32_6x - lea rcx,QWORD PTR[128+rcx] + lea rcx,[128+rcx] sub rdx,2 - jmp $L$ctr32_loop8 + jmp NEAR $L$ctr32_loop8 ALIGN 16 -$L$ctr32_6x:: +$L$ctr32_6x: shl eax,4 mov r10d,48 bswap r11d - lea rcx,QWORD PTR[32+rax*1+rcx] + lea rcx,[32+rax*1+rcx] sub r10,rax - jmp $L$ctr32_loop6 + jmp NEAR $L$ctr32_loop6 ALIGN 16 -$L$ctr32_loop6:: +$L$ctr32_loop6: add r8d,6 - movups xmm0,XMMWORD PTR[((-48))+r10*1+rcx] + movups xmm0,XMMWORD[((-48))+r10*1+rcx] DB 102,15,56,220,209 mov eax,r8d xor eax,r11d DB 102,15,56,220,217 -DB 00fh,038h,0f1h,044h,024h,12 - lea eax,DWORD PTR[1+r8] +DB 0x0f,0x38,0xf1,0x44,0x24,12 + lea eax,[1+r8] DB 102,15,56,220,225 xor eax,r11d -DB 00fh,038h,0f1h,044h,024h,28 +DB 0x0f,0x38,0xf1,0x44,0x24,28 DB 102,15,56,220,233 - lea eax,DWORD PTR[2+r8] + lea eax,[2+r8] xor eax,r11d DB 102,15,56,220,241 -DB 00fh,038h,0f1h,044h,024h,44 - lea eax,DWORD PTR[3+r8] +DB 0x0f,0x38,0xf1,0x44,0x24,44 + lea eax,[3+r8] DB 102,15,56,220,249 - movups xmm1,XMMWORD PTR[((-32))+r10*1+rcx] + movups xmm1,XMMWORD[((-32))+r10*1+rcx] xor eax,r11d DB 102,15,56,220,208 -DB 00fh,038h,0f1h,044h,024h,60 - lea eax,DWORD PTR[4+r8] +DB 0x0f,0x38,0xf1,0x44,0x24,60 + lea eax,[4+r8] DB 102,15,56,220,216 xor eax,r11d -DB 00fh,038h,0f1h,044h,024h,76 +DB 0x0f,0x38,0xf1,0x44,0x24,76 DB 102,15,56,220,224 - lea eax,DWORD PTR[5+r8] + lea eax,[5+r8] xor eax,r11d DB 102,15,56,220,232 -DB 00fh,038h,0f1h,044h,024h,92 +DB 0x0f,0x38,0xf1,0x44,0x24,92 mov rax,r10 DB 102,15,56,220,240 DB 102,15,56,220,248 - movups xmm0,XMMWORD PTR[((-16))+r10*1+rcx] + movups xmm0,XMMWORD[((-16))+r10*1+rcx] call $L$enc_loop6 - movdqu xmm8,XMMWORD PTR[rdi] - movdqu xmm9,XMMWORD PTR[16+rdi] - movdqu xmm10,XMMWORD PTR[32+rdi] - movdqu xmm11,XMMWORD PTR[48+rdi] - movdqu xmm12,XMMWORD PTR[64+rdi] - movdqu xmm13,XMMWORD PTR[80+rdi] - lea rdi,QWORD PTR[96+rdi] - movups xmm1,XMMWORD PTR[((-64))+r10*1+rcx] + movdqu xmm8,XMMWORD[rdi] + movdqu xmm9,XMMWORD[16+rdi] + movdqu xmm10,XMMWORD[32+rdi] + movdqu xmm11,XMMWORD[48+rdi] + movdqu xmm12,XMMWORD[64+rdi] + movdqu xmm13,XMMWORD[80+rdi] + lea rdi,[96+rdi] + movups xmm1,XMMWORD[((-64))+r10*1+rcx] pxor xmm8,xmm2 - movaps xmm2,XMMWORD PTR[rsp] + movaps xmm2,XMMWORD[rsp] pxor xmm9,xmm3 - movaps xmm3,XMMWORD PTR[16+rsp] + movaps xmm3,XMMWORD[16+rsp] pxor xmm10,xmm4 - movaps xmm4,XMMWORD PTR[32+rsp] + movaps xmm4,XMMWORD[32+rsp] pxor xmm11,xmm5 - movaps xmm5,XMMWORD PTR[48+rsp] + movaps xmm5,XMMWORD[48+rsp] pxor xmm12,xmm6 - movaps xmm6,XMMWORD PTR[64+rsp] + movaps xmm6,XMMWORD[64+rsp] pxor xmm13,xmm7 - movaps xmm7,XMMWORD PTR[80+rsp] - movdqu XMMWORD PTR[rsi],xmm8 - movdqu XMMWORD PTR[16+rsi],xmm9 - movdqu XMMWORD PTR[32+rsi],xmm10 - movdqu XMMWORD PTR[48+rsi],xmm11 - movdqu XMMWORD PTR[64+rsi],xmm12 - movdqu XMMWORD PTR[80+rsi],xmm13 - lea rsi,QWORD PTR[96+rsi] + movaps xmm7,XMMWORD[80+rsp] + movdqu XMMWORD[rsi],xmm8 + movdqu XMMWORD[16+rsi],xmm9 + movdqu XMMWORD[32+rsi],xmm10 + movdqu XMMWORD[48+rsi],xmm11 + movdqu XMMWORD[64+rsi],xmm12 + movdqu XMMWORD[80+rsi],xmm13 + lea rsi,[96+rsi] sub rdx,6 - jnc $L$ctr32_loop6 + jnc NEAR $L$ctr32_loop6 add rdx,6 - jz $L$ctr32_done + jz NEAR $L$ctr32_done - lea eax,DWORD PTR[((-48))+r10] - lea rcx,QWORD PTR[((-80))+r10*1+rcx] + lea eax,[((-48))+r10] + lea rcx,[((-80))+r10*1+rcx] neg eax shr eax,4 - jmp $L$ctr32_tail + jmp NEAR $L$ctr32_tail ALIGN 32 -$L$ctr32_loop8:: +$L$ctr32_loop8: add r8d,8 - movdqa xmm8,XMMWORD PTR[96+rsp] + movdqa xmm8,XMMWORD[96+rsp] DB 102,15,56,220,209 mov r9d,r8d - movdqa xmm9,XMMWORD PTR[112+rsp] + movdqa xmm9,XMMWORD[112+rsp] DB 102,15,56,220,217 bswap r9d - movups xmm0,XMMWORD PTR[((32-128))+rcx] + movups xmm0,XMMWORD[((32-128))+rcx] DB 102,15,56,220,225 xor r9d,r11d nop DB 102,15,56,220,233 - mov DWORD PTR[((0+12))+rsp],r9d - lea r9,QWORD PTR[1+r8] + mov DWORD[((0+12))+rsp],r9d + lea r9,[1+r8] DB 102,15,56,220,241 DB 102,15,56,220,249 DB 102,68,15,56,220,193 DB 102,68,15,56,220,201 - movups xmm1,XMMWORD PTR[((48-128))+rcx] + movups xmm1,XMMWORD[((48-128))+rcx] bswap r9d DB 102,15,56,220,208 DB 102,15,56,220,216 xor r9d,r11d -DB 066h,090h +DB 0x66,0x90 DB 102,15,56,220,224 DB 102,15,56,220,232 - mov DWORD PTR[((16+12))+rsp],r9d - lea r9,QWORD PTR[2+r8] + mov DWORD[((16+12))+rsp],r9d + lea r9,[2+r8] DB 102,15,56,220,240 DB 102,15,56,220,248 DB 102,68,15,56,220,192 DB 102,68,15,56,220,200 - movups xmm0,XMMWORD PTR[((64-128))+rcx] + movups xmm0,XMMWORD[((64-128))+rcx] bswap r9d DB 102,15,56,220,209 DB 102,15,56,220,217 xor r9d,r11d -DB 066h,090h +DB 0x66,0x90 DB 102,15,56,220,225 DB 102,15,56,220,233 - mov DWORD PTR[((32+12))+rsp],r9d - lea r9,QWORD PTR[3+r8] + mov DWORD[((32+12))+rsp],r9d + lea r9,[3+r8] DB 102,15,56,220,241 DB 102,15,56,220,249 DB 102,68,15,56,220,193 DB 102,68,15,56,220,201 - movups xmm1,XMMWORD PTR[((80-128))+rcx] + movups xmm1,XMMWORD[((80-128))+rcx] bswap r9d DB 102,15,56,220,208 DB 102,15,56,220,216 xor r9d,r11d -DB 066h,090h +DB 0x66,0x90 DB 102,15,56,220,224 DB 102,15,56,220,232 - mov DWORD PTR[((48+12))+rsp],r9d - lea r9,QWORD PTR[4+r8] + mov DWORD[((48+12))+rsp],r9d + lea r9,[4+r8] DB 102,15,56,220,240 DB 102,15,56,220,248 DB 102,68,15,56,220,192 DB 102,68,15,56,220,200 - movups xmm0,XMMWORD PTR[((96-128))+rcx] + movups xmm0,XMMWORD[((96-128))+rcx] bswap r9d DB 102,15,56,220,209 DB 102,15,56,220,217 xor r9d,r11d -DB 066h,090h +DB 0x66,0x90 DB 102,15,56,220,225 DB 102,15,56,220,233 - mov DWORD PTR[((64+12))+rsp],r9d - lea r9,QWORD PTR[5+r8] + mov DWORD[((64+12))+rsp],r9d + lea r9,[5+r8] DB 102,15,56,220,241 DB 102,15,56,220,249 DB 102,68,15,56,220,193 DB 102,68,15,56,220,201 - movups xmm1,XMMWORD PTR[((112-128))+rcx] + movups xmm1,XMMWORD[((112-128))+rcx] bswap r9d DB 102,15,56,220,208 DB 102,15,56,220,216 xor r9d,r11d -DB 066h,090h +DB 0x66,0x90 DB 102,15,56,220,224 DB 102,15,56,220,232 - mov DWORD PTR[((80+12))+rsp],r9d - lea r9,QWORD PTR[6+r8] + mov DWORD[((80+12))+rsp],r9d + lea r9,[6+r8] DB 102,15,56,220,240 DB 102,15,56,220,248 DB 102,68,15,56,220,192 DB 102,68,15,56,220,200 - movups xmm0,XMMWORD PTR[((128-128))+rcx] + movups xmm0,XMMWORD[((128-128))+rcx] bswap r9d DB 102,15,56,220,209 DB 102,15,56,220,217 xor r9d,r11d -DB 066h,090h +DB 0x66,0x90 DB 102,15,56,220,225 DB 102,15,56,220,233 - mov DWORD PTR[((96+12))+rsp],r9d - lea r9,QWORD PTR[7+r8] + mov DWORD[((96+12))+rsp],r9d + lea r9,[7+r8] DB 102,15,56,220,241 DB 102,15,56,220,249 DB 102,68,15,56,220,193 DB 102,68,15,56,220,201 - movups xmm1,XMMWORD PTR[((144-128))+rcx] + movups xmm1,XMMWORD[((144-128))+rcx] bswap r9d DB 102,15,56,220,208 DB 102,15,56,220,216 DB 102,15,56,220,224 xor r9d,r11d - movdqu xmm10,XMMWORD PTR[rdi] + movdqu xmm10,XMMWORD[rdi] DB 102,15,56,220,232 - mov DWORD PTR[((112+12))+rsp],r9d + mov DWORD[((112+12))+rsp],r9d cmp eax,11 DB 102,15,56,220,240 DB 102,15,56,220,248 DB 102,68,15,56,220,192 DB 102,68,15,56,220,200 - movups xmm0,XMMWORD PTR[((160-128))+rcx] + movups xmm0,XMMWORD[((160-128))+rcx] - jb $L$ctr32_enc_done + jb NEAR $L$ctr32_enc_done DB 102,15,56,220,209 DB 102,15,56,220,217 @@ -1351,7 +1437,7 @@ DB 102,15,56,220,241 DB 102,15,56,220,249 DB 102,68,15,56,220,193 DB 102,68,15,56,220,201 - movups xmm1,XMMWORD PTR[((176-128))+rcx] + movups xmm1,XMMWORD[((176-128))+rcx] DB 102,15,56,220,208 DB 102,15,56,220,216 @@ -1361,8 +1447,8 @@ DB 102,15,56,220,240 DB 102,15,56,220,248 DB 102,68,15,56,220,192 DB 102,68,15,56,220,200 - movups xmm0,XMMWORD PTR[((192-128))+rcx] - je $L$ctr32_enc_done + movups xmm0,XMMWORD[((192-128))+rcx] + je NEAR $L$ctr32_enc_done DB 102,15,56,220,209 DB 102,15,56,220,217 @@ -1372,7 +1458,7 @@ DB 102,15,56,220,241 DB 102,15,56,220,249 DB 102,68,15,56,220,193 DB 102,68,15,56,220,201 - movups xmm1,XMMWORD PTR[((208-128))+rcx] + movups xmm1,XMMWORD[((208-128))+rcx] DB 102,15,56,220,208 DB 102,15,56,220,216 @@ -1382,20 +1468,20 @@ DB 102,15,56,220,240 DB 102,15,56,220,248 DB 102,68,15,56,220,192 DB 102,68,15,56,220,200 - movups xmm0,XMMWORD PTR[((224-128))+rcx] - jmp $L$ctr32_enc_done + movups xmm0,XMMWORD[((224-128))+rcx] + jmp NEAR $L$ctr32_enc_done ALIGN 16 -$L$ctr32_enc_done:: - movdqu xmm11,XMMWORD PTR[16+rdi] +$L$ctr32_enc_done: + movdqu xmm11,XMMWORD[16+rdi] pxor xmm10,xmm0 - movdqu xmm12,XMMWORD PTR[32+rdi] + movdqu xmm12,XMMWORD[32+rdi] pxor xmm11,xmm0 - movdqu xmm13,XMMWORD PTR[48+rdi] + movdqu xmm13,XMMWORD[48+rdi] pxor xmm12,xmm0 - movdqu xmm14,XMMWORD PTR[64+rdi] + movdqu xmm14,XMMWORD[64+rdi] pxor xmm13,xmm0 - movdqu xmm15,XMMWORD PTR[80+rdi] + movdqu xmm15,XMMWORD[80+rdi] pxor xmm14,xmm0 pxor xmm15,xmm0 DB 102,15,56,220,209 @@ -1406,259 +1492,264 @@ DB 102,15,56,220,241 DB 102,15,56,220,249 DB 102,68,15,56,220,193 DB 102,68,15,56,220,201 - movdqu xmm1,XMMWORD PTR[96+rdi] - lea rdi,QWORD PTR[128+rdi] + movdqu xmm1,XMMWORD[96+rdi] + lea rdi,[128+rdi] DB 102,65,15,56,221,210 pxor xmm1,xmm0 - movdqu xmm10,XMMWORD PTR[((112-128))+rdi] + movdqu xmm10,XMMWORD[((112-128))+rdi] DB 102,65,15,56,221,219 pxor xmm10,xmm0 - movdqa xmm11,XMMWORD PTR[rsp] + movdqa xmm11,XMMWORD[rsp] DB 102,65,15,56,221,228 DB 102,65,15,56,221,237 - movdqa xmm12,XMMWORD PTR[16+rsp] - movdqa xmm13,XMMWORD PTR[32+rsp] + movdqa xmm12,XMMWORD[16+rsp] + movdqa xmm13,XMMWORD[32+rsp] DB 102,65,15,56,221,246 DB 102,65,15,56,221,255 - movdqa xmm14,XMMWORD PTR[48+rsp] - movdqa xmm15,XMMWORD PTR[64+rsp] + movdqa xmm14,XMMWORD[48+rsp] + movdqa xmm15,XMMWORD[64+rsp] DB 102,68,15,56,221,193 - movdqa xmm0,XMMWORD PTR[80+rsp] - movups xmm1,XMMWORD PTR[((16-128))+rcx] + movdqa xmm0,XMMWORD[80+rsp] + movups xmm1,XMMWORD[((16-128))+rcx] DB 102,69,15,56,221,202 - movups XMMWORD PTR[rsi],xmm2 + movups XMMWORD[rsi],xmm2 movdqa xmm2,xmm11 - movups XMMWORD PTR[16+rsi],xmm3 + movups XMMWORD[16+rsi],xmm3 movdqa xmm3,xmm12 - movups XMMWORD PTR[32+rsi],xmm4 + movups XMMWORD[32+rsi],xmm4 movdqa xmm4,xmm13 - movups XMMWORD PTR[48+rsi],xmm5 + movups XMMWORD[48+rsi],xmm5 movdqa xmm5,xmm14 - movups XMMWORD PTR[64+rsi],xmm6 + movups XMMWORD[64+rsi],xmm6 movdqa xmm6,xmm15 - movups XMMWORD PTR[80+rsi],xmm7 + movups XMMWORD[80+rsi],xmm7 movdqa xmm7,xmm0 - movups XMMWORD PTR[96+rsi],xmm8 - movups XMMWORD PTR[112+rsi],xmm9 - lea rsi,QWORD PTR[128+rsi] + movups XMMWORD[96+rsi],xmm8 + movups XMMWORD[112+rsi],xmm9 + lea rsi,[128+rsi] sub rdx,8 - jnc $L$ctr32_loop8 + jnc NEAR $L$ctr32_loop8 add rdx,8 - jz $L$ctr32_done - lea rcx,QWORD PTR[((-128))+rcx] + jz NEAR $L$ctr32_done + lea rcx,[((-128))+rcx] + +$L$ctr32_tail: -$L$ctr32_tail:: - lea rcx,QWORD PTR[16+rcx] + + lea rcx,[16+rcx] cmp rdx,4 - jb $L$ctr32_loop3 - je $L$ctr32_loop4 + jb NEAR $L$ctr32_loop3 + je NEAR $L$ctr32_loop4 + shl eax,4 - movdqa xmm8,XMMWORD PTR[96+rsp] + movdqa xmm8,XMMWORD[96+rsp] pxor xmm9,xmm9 - movups xmm0,XMMWORD PTR[16+rcx] + movups xmm0,XMMWORD[16+rcx] DB 102,15,56,220,209 DB 102,15,56,220,217 - lea rcx,QWORD PTR[((32-16))+rax*1+rcx] + lea rcx,[((32-16))+rax*1+rcx] neg rax DB 102,15,56,220,225 add rax,16 - movups xmm10,XMMWORD PTR[rdi] + movups xmm10,XMMWORD[rdi] DB 102,15,56,220,233 DB 102,15,56,220,241 - movups xmm11,XMMWORD PTR[16+rdi] - movups xmm12,XMMWORD PTR[32+rdi] + movups xmm11,XMMWORD[16+rdi] + movups xmm12,XMMWORD[32+rdi] DB 102,15,56,220,249 DB 102,68,15,56,220,193 call $L$enc_loop8_enter - movdqu xmm13,XMMWORD PTR[48+rdi] + movdqu xmm13,XMMWORD[48+rdi] pxor xmm2,xmm10 - movdqu xmm10,XMMWORD PTR[64+rdi] + movdqu xmm10,XMMWORD[64+rdi] pxor xmm3,xmm11 - movdqu XMMWORD PTR[rsi],xmm2 + movdqu XMMWORD[rsi],xmm2 pxor xmm4,xmm12 - movdqu XMMWORD PTR[16+rsi],xmm3 + movdqu XMMWORD[16+rsi],xmm3 pxor xmm5,xmm13 - movdqu XMMWORD PTR[32+rsi],xmm4 + movdqu XMMWORD[32+rsi],xmm4 pxor xmm6,xmm10 - movdqu XMMWORD PTR[48+rsi],xmm5 - movdqu XMMWORD PTR[64+rsi],xmm6 + movdqu XMMWORD[48+rsi],xmm5 + movdqu XMMWORD[64+rsi],xmm6 cmp rdx,6 - jb $L$ctr32_done + jb NEAR $L$ctr32_done - movups xmm11,XMMWORD PTR[80+rdi] + movups xmm11,XMMWORD[80+rdi] xorps xmm7,xmm11 - movups XMMWORD PTR[80+rsi],xmm7 - je $L$ctr32_done + movups XMMWORD[80+rsi],xmm7 + je NEAR $L$ctr32_done - movups xmm12,XMMWORD PTR[96+rdi] + movups xmm12,XMMWORD[96+rdi] xorps xmm8,xmm12 - movups XMMWORD PTR[96+rsi],xmm8 - jmp $L$ctr32_done + movups XMMWORD[96+rsi],xmm8 + jmp NEAR $L$ctr32_done ALIGN 32 -$L$ctr32_loop4:: +$L$ctr32_loop4: DB 102,15,56,220,209 - lea rcx,QWORD PTR[16+rcx] + lea rcx,[16+rcx] dec eax DB 102,15,56,220,217 DB 102,15,56,220,225 DB 102,15,56,220,233 - movups xmm1,XMMWORD PTR[rcx] - jnz $L$ctr32_loop4 + movups xmm1,XMMWORD[rcx] + jnz NEAR $L$ctr32_loop4 DB 102,15,56,221,209 DB 102,15,56,221,217 - movups xmm10,XMMWORD PTR[rdi] - movups xmm11,XMMWORD PTR[16+rdi] + movups xmm10,XMMWORD[rdi] + movups xmm11,XMMWORD[16+rdi] DB 102,15,56,221,225 DB 102,15,56,221,233 - movups xmm12,XMMWORD PTR[32+rdi] - movups xmm13,XMMWORD PTR[48+rdi] + movups xmm12,XMMWORD[32+rdi] + movups xmm13,XMMWORD[48+rdi] xorps xmm2,xmm10 - movups XMMWORD PTR[rsi],xmm2 + movups XMMWORD[rsi],xmm2 xorps xmm3,xmm11 - movups XMMWORD PTR[16+rsi],xmm3 + movups XMMWORD[16+rsi],xmm3 pxor xmm4,xmm12 - movdqu XMMWORD PTR[32+rsi],xmm4 + movdqu XMMWORD[32+rsi],xmm4 pxor xmm5,xmm13 - movdqu XMMWORD PTR[48+rsi],xmm5 - jmp $L$ctr32_done + movdqu XMMWORD[48+rsi],xmm5 + jmp NEAR $L$ctr32_done ALIGN 32 -$L$ctr32_loop3:: +$L$ctr32_loop3: DB 102,15,56,220,209 - lea rcx,QWORD PTR[16+rcx] + lea rcx,[16+rcx] dec eax DB 102,15,56,220,217 DB 102,15,56,220,225 - movups xmm1,XMMWORD PTR[rcx] - jnz $L$ctr32_loop3 + movups xmm1,XMMWORD[rcx] + jnz NEAR $L$ctr32_loop3 DB 102,15,56,221,209 DB 102,15,56,221,217 DB 102,15,56,221,225 - movups xmm10,XMMWORD PTR[rdi] + movups xmm10,XMMWORD[rdi] xorps xmm2,xmm10 - movups XMMWORD PTR[rsi],xmm2 + movups XMMWORD[rsi],xmm2 cmp rdx,2 - jb $L$ctr32_done + jb NEAR $L$ctr32_done - movups xmm11,XMMWORD PTR[16+rdi] + movups xmm11,XMMWORD[16+rdi] xorps xmm3,xmm11 - movups XMMWORD PTR[16+rsi],xmm3 - je $L$ctr32_done + movups XMMWORD[16+rsi],xmm3 + je NEAR $L$ctr32_done - movups xmm12,XMMWORD PTR[32+rdi] + movups xmm12,XMMWORD[32+rdi] xorps xmm4,xmm12 - movups XMMWORD PTR[32+rsi],xmm4 - jmp $L$ctr32_done - -ALIGN 16 -$L$ctr32_one_shortcut:: - movups xmm2,XMMWORD PTR[r8] - movups xmm10,XMMWORD PTR[rdi] - mov eax,DWORD PTR[240+rcx] - movups xmm0,XMMWORD PTR[rcx] - movups xmm1,XMMWORD PTR[16+rcx] - lea rcx,QWORD PTR[32+rcx] - xorps xmm2,xmm0 -$L$oop_enc1_7:: -DB 102,15,56,220,209 - dec eax - movups xmm1,XMMWORD PTR[rcx] - lea rcx,QWORD PTR[16+rcx] - jnz $L$oop_enc1_7 -DB 102,15,56,221,209 - xorps xmm2,xmm10 - movups XMMWORD PTR[rsi],xmm2 - jmp $L$ctr32_done - -ALIGN 16 -$L$ctr32_done:: - movaps xmm6,XMMWORD PTR[((-160))+rbp] - movaps xmm7,XMMWORD PTR[((-144))+rbp] - movaps xmm8,XMMWORD PTR[((-128))+rbp] - movaps xmm9,XMMWORD PTR[((-112))+rbp] - movaps xmm10,XMMWORD PTR[((-96))+rbp] - movaps xmm11,XMMWORD PTR[((-80))+rbp] - movaps xmm12,XMMWORD PTR[((-64))+rbp] - movaps xmm13,XMMWORD PTR[((-48))+rbp] - movaps xmm14,XMMWORD PTR[((-32))+rbp] - movaps xmm15,XMMWORD PTR[((-16))+rbp] - lea rsp,QWORD PTR[rbp] + movups XMMWORD[32+rsi],xmm4 + +$L$ctr32_done: + xorps xmm0,xmm0 + xor r11d,r11d + pxor xmm1,xmm1 + pxor xmm2,xmm2 + pxor xmm3,xmm3 + pxor xmm4,xmm4 + pxor xmm5,xmm5 + movaps xmm6,XMMWORD[((-160))+rbp] + movaps XMMWORD[(-160)+rbp],xmm0 + movaps xmm7,XMMWORD[((-144))+rbp] + movaps XMMWORD[(-144)+rbp],xmm0 + movaps xmm8,XMMWORD[((-128))+rbp] + movaps XMMWORD[(-128)+rbp],xmm0 + movaps xmm9,XMMWORD[((-112))+rbp] + movaps XMMWORD[(-112)+rbp],xmm0 + movaps xmm10,XMMWORD[((-96))+rbp] + movaps XMMWORD[(-96)+rbp],xmm0 + movaps xmm11,XMMWORD[((-80))+rbp] + movaps XMMWORD[(-80)+rbp],xmm0 + movaps xmm12,XMMWORD[((-64))+rbp] + movaps XMMWORD[(-64)+rbp],xmm0 + movaps xmm13,XMMWORD[((-48))+rbp] + movaps XMMWORD[(-48)+rbp],xmm0 + movaps xmm14,XMMWORD[((-32))+rbp] + movaps XMMWORD[(-32)+rbp],xmm0 + movaps xmm15,XMMWORD[((-16))+rbp] + movaps XMMWORD[(-16)+rbp],xmm0 + movaps XMMWORD[rsp],xmm0 + movaps XMMWORD[16+rsp],xmm0 + movaps XMMWORD[32+rsp],xmm0 + movaps XMMWORD[48+rsp],xmm0 + movaps XMMWORD[64+rsp],xmm0 + movaps XMMWORD[80+rsp],xmm0 + movaps XMMWORD[96+rsp],xmm0 + movaps XMMWORD[112+rsp],xmm0 + lea rsp,[rbp] pop rbp -$L$ctr32_epilogue:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] +$L$ctr32_epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_aesni_ctr32_encrypt_blocks:: -aesni_ctr32_encrypt_blocks ENDP -PUBLIC aesni_xts_encrypt +$L$SEH_end_aesni_ctr32_encrypt_blocks: +global aesni_xts_encrypt ALIGN 16 -aesni_xts_encrypt PROC PUBLIC - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +aesni_xts_encrypt: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_aesni_xts_encrypt:: +$L$SEH_begin_aesni_xts_encrypt: mov rdi,rcx mov rsi,rdx mov rdx,r8 mov rcx,r9 - mov r8,QWORD PTR[40+rsp] - mov r9,QWORD PTR[48+rsp] + mov r8,QWORD[40+rsp] + mov r9,QWORD[48+rsp] - lea rax,QWORD PTR[rsp] + lea rax,[rsp] push rbp sub rsp,272 and rsp,-16 - movaps XMMWORD PTR[(-168)+rax],xmm6 - movaps XMMWORD PTR[(-152)+rax],xmm7 - movaps XMMWORD PTR[(-136)+rax],xmm8 - movaps XMMWORD PTR[(-120)+rax],xmm9 - movaps XMMWORD PTR[(-104)+rax],xmm10 - movaps XMMWORD PTR[(-88)+rax],xmm11 - movaps XMMWORD PTR[(-72)+rax],xmm12 - movaps XMMWORD PTR[(-56)+rax],xmm13 - movaps XMMWORD PTR[(-40)+rax],xmm14 - movaps XMMWORD PTR[(-24)+rax],xmm15 -$L$xts_enc_body:: - lea rbp,QWORD PTR[((-8))+rax] - movups xmm2,XMMWORD PTR[r9] - mov eax,DWORD PTR[240+r8] - mov r10d,DWORD PTR[240+rcx] - movups xmm0,XMMWORD PTR[r8] - movups xmm1,XMMWORD PTR[16+r8] - lea r8,QWORD PTR[32+r8] + movaps XMMWORD[(-168)+rax],xmm6 + movaps XMMWORD[(-152)+rax],xmm7 + movaps XMMWORD[(-136)+rax],xmm8 + movaps XMMWORD[(-120)+rax],xmm9 + movaps XMMWORD[(-104)+rax],xmm10 + movaps XMMWORD[(-88)+rax],xmm11 + movaps XMMWORD[(-72)+rax],xmm12 + movaps XMMWORD[(-56)+rax],xmm13 + movaps XMMWORD[(-40)+rax],xmm14 + movaps XMMWORD[(-24)+rax],xmm15 +$L$xts_enc_body: + lea rbp,[((-8))+rax] + movups xmm2,XMMWORD[r9] + mov eax,DWORD[240+r8] + mov r10d,DWORD[240+rcx] + movups xmm0,XMMWORD[r8] + movups xmm1,XMMWORD[16+r8] + lea r8,[32+r8] xorps xmm2,xmm0 -$L$oop_enc1_8:: +$L$oop_enc1_8: DB 102,15,56,220,209 dec eax - movups xmm1,XMMWORD PTR[r8] - lea r8,QWORD PTR[16+r8] - jnz $L$oop_enc1_8 + movups xmm1,XMMWORD[r8] + lea r8,[16+r8] + jnz NEAR $L$oop_enc1_8 DB 102,15,56,221,209 - movups xmm0,XMMWORD PTR[rcx] + movups xmm0,XMMWORD[rcx] mov r11,rcx mov eax,r10d shl r10d,4 mov r9,rdx and rdx,-16 - movups xmm1,XMMWORD PTR[16+r10*1+rcx] + movups xmm1,XMMWORD[16+r10*1+rcx] - movdqa xmm8,XMMWORD PTR[$L$xts_magic] + movdqa xmm8,XMMWORD[$L$xts_magic] movdqa xmm15,xmm2 - pshufd xmm9,xmm2,05fh + pshufd xmm9,xmm2,0x5f pxor xmm1,xmm0 movdqa xmm14,xmm9 paddd xmm9,xmm9 @@ -1698,76 +1789,76 @@ DB 102,15,56,221,209 pand xmm9,xmm8 pxor xmm14,xmm0 pxor xmm15,xmm9 - movaps XMMWORD PTR[96+rsp],xmm1 + movaps XMMWORD[96+rsp],xmm1 sub rdx,16*6 - jc $L$xts_enc_short + jc NEAR $L$xts_enc_short mov eax,16+96 - lea rcx,QWORD PTR[32+r10*1+r11] + lea rcx,[32+r10*1+r11] sub rax,r10 - movups xmm1,XMMWORD PTR[16+r11] + movups xmm1,XMMWORD[16+r11] mov r10,rax - lea r8,QWORD PTR[$L$xts_magic] - jmp $L$xts_enc_grandloop + lea r8,[$L$xts_magic] + jmp NEAR $L$xts_enc_grandloop ALIGN 32 -$L$xts_enc_grandloop:: - movdqu xmm2,XMMWORD PTR[rdi] +$L$xts_enc_grandloop: + movdqu xmm2,XMMWORD[rdi] movdqa xmm8,xmm0 - movdqu xmm3,XMMWORD PTR[16+rdi] + movdqu xmm3,XMMWORD[16+rdi] pxor xmm2,xmm10 - movdqu xmm4,XMMWORD PTR[32+rdi] + movdqu xmm4,XMMWORD[32+rdi] pxor xmm3,xmm11 DB 102,15,56,220,209 - movdqu xmm5,XMMWORD PTR[48+rdi] + movdqu xmm5,XMMWORD[48+rdi] pxor xmm4,xmm12 DB 102,15,56,220,217 - movdqu xmm6,XMMWORD PTR[64+rdi] + movdqu xmm6,XMMWORD[64+rdi] pxor xmm5,xmm13 DB 102,15,56,220,225 - movdqu xmm7,XMMWORD PTR[80+rdi] + movdqu xmm7,XMMWORD[80+rdi] pxor xmm8,xmm15 - movdqa xmm9,XMMWORD PTR[96+rsp] + movdqa xmm9,XMMWORD[96+rsp] pxor xmm6,xmm14 DB 102,15,56,220,233 - movups xmm0,XMMWORD PTR[32+r11] - lea rdi,QWORD PTR[96+rdi] + movups xmm0,XMMWORD[32+r11] + lea rdi,[96+rdi] pxor xmm7,xmm8 pxor xmm10,xmm9 DB 102,15,56,220,241 pxor xmm11,xmm9 - movdqa XMMWORD PTR[rsp],xmm10 + movdqa XMMWORD[rsp],xmm10 DB 102,15,56,220,249 - movups xmm1,XMMWORD PTR[48+r11] + movups xmm1,XMMWORD[48+r11] pxor xmm12,xmm9 DB 102,15,56,220,208 pxor xmm13,xmm9 - movdqa XMMWORD PTR[16+rsp],xmm11 + movdqa XMMWORD[16+rsp],xmm11 DB 102,15,56,220,216 pxor xmm14,xmm9 - movdqa XMMWORD PTR[32+rsp],xmm12 + movdqa XMMWORD[32+rsp],xmm12 DB 102,15,56,220,224 DB 102,15,56,220,232 pxor xmm8,xmm9 - movdqa XMMWORD PTR[64+rsp],xmm14 + movdqa XMMWORD[64+rsp],xmm14 DB 102,15,56,220,240 DB 102,15,56,220,248 - movups xmm0,XMMWORD PTR[64+r11] - movdqa XMMWORD PTR[80+rsp],xmm8 - pshufd xmm9,xmm15,05fh - jmp $L$xts_enc_loop6 + movups xmm0,XMMWORD[64+r11] + movdqa XMMWORD[80+rsp],xmm8 + pshufd xmm9,xmm15,0x5f + jmp NEAR $L$xts_enc_loop6 ALIGN 32 -$L$xts_enc_loop6:: +$L$xts_enc_loop6: DB 102,15,56,220,209 DB 102,15,56,220,217 DB 102,15,56,220,225 DB 102,15,56,220,233 DB 102,15,56,220,241 DB 102,15,56,220,249 - movups xmm1,XMMWORD PTR[((-64))+rax*1+rcx] + movups xmm1,XMMWORD[((-64))+rax*1+rcx] add rax,32 DB 102,15,56,220,208 @@ -1776,10 +1867,10 @@ DB 102,15,56,220,224 DB 102,15,56,220,232 DB 102,15,56,220,240 DB 102,15,56,220,248 - movups xmm0,XMMWORD PTR[((-80))+rax*1+rcx] - jnz $L$xts_enc_loop6 + movups xmm0,XMMWORD[((-80))+rax*1+rcx] + jnz NEAR $L$xts_enc_loop6 - movdqa xmm8,XMMWORD PTR[r8] + movdqa xmm8,XMMWORD[r8] movdqa xmm14,xmm9 paddd xmm9,xmm9 DB 102,15,56,220,209 @@ -1787,14 +1878,14 @@ DB 102,15,56,220,209 psrad xmm14,31 DB 102,15,56,220,217 pand xmm14,xmm8 - movups xmm10,XMMWORD PTR[r11] + movups xmm10,XMMWORD[r11] DB 102,15,56,220,225 DB 102,15,56,220,233 DB 102,15,56,220,241 pxor xmm15,xmm14 movaps xmm11,xmm10 DB 102,15,56,220,249 - movups xmm1,XMMWORD PTR[((-64))+rcx] + movups xmm1,XMMWORD[((-64))+rcx] movdqa xmm14,xmm9 DB 102,15,56,220,208 @@ -1811,7 +1902,7 @@ DB 102,15,56,220,240 pxor xmm15,xmm14 movdqa xmm14,xmm9 DB 102,15,56,220,248 - movups xmm0,XMMWORD PTR[((-48))+rcx] + movups xmm0,XMMWORD[((-48))+rcx] paddd xmm9,xmm9 DB 102,15,56,220,209 @@ -1822,13 +1913,13 @@ DB 102,15,56,220,217 pand xmm14,xmm8 DB 102,15,56,220,225 DB 102,15,56,220,233 - movdqa XMMWORD PTR[48+rsp],xmm13 + movdqa XMMWORD[48+rsp],xmm13 pxor xmm15,xmm14 DB 102,15,56,220,241 movaps xmm13,xmm12 movdqa xmm14,xmm9 DB 102,15,56,220,249 - movups xmm1,XMMWORD PTR[((-32))+rcx] + movups xmm1,XMMWORD[((-32))+rcx] paddd xmm9,xmm9 DB 102,15,56,220,208 @@ -1855,10 +1946,10 @@ DB 102,15,56,220,217 DB 102,15,56,220,225 DB 102,15,56,220,233 pxor xmm15,xmm0 - movups xmm0,XMMWORD PTR[r11] + movups xmm0,XMMWORD[r11] DB 102,15,56,220,241 DB 102,15,56,220,249 - movups xmm1,XMMWORD PTR[16+r11] + movups xmm1,XMMWORD[16+r11] pxor xmm14,xmm15 DB 102,15,56,221,84,36,0 @@ -1873,50 +1964,52 @@ DB 102,15,56,221,116,36,64 DB 102,15,56,221,124,36,80 pxor xmm15,xmm9 - lea rsi,QWORD PTR[96+rsi] - movups XMMWORD PTR[(-96)+rsi],xmm2 - movups XMMWORD PTR[(-80)+rsi],xmm3 - movups XMMWORD PTR[(-64)+rsi],xmm4 - movups XMMWORD PTR[(-48)+rsi],xmm5 - movups XMMWORD PTR[(-32)+rsi],xmm6 - movups XMMWORD PTR[(-16)+rsi],xmm7 + lea rsi,[96+rsi] + movups XMMWORD[(-96)+rsi],xmm2 + movups XMMWORD[(-80)+rsi],xmm3 + movups XMMWORD[(-64)+rsi],xmm4 + movups XMMWORD[(-48)+rsi],xmm5 + movups XMMWORD[(-32)+rsi],xmm6 + movups XMMWORD[(-16)+rsi],xmm7 sub rdx,16*6 - jnc $L$xts_enc_grandloop + jnc NEAR $L$xts_enc_grandloop mov eax,16+96 sub eax,r10d mov rcx,r11 shr eax,4 -$L$xts_enc_short:: +$L$xts_enc_short: + mov r10d,eax pxor xmm10,xmm0 add rdx,16*6 - jz $L$xts_enc_done + jz NEAR $L$xts_enc_done pxor xmm11,xmm0 - cmp rdx,020h - jb $L$xts_enc_one + cmp rdx,0x20 + jb NEAR $L$xts_enc_one pxor xmm12,xmm0 - je $L$xts_enc_two + je NEAR $L$xts_enc_two pxor xmm13,xmm0 - cmp rdx,040h - jb $L$xts_enc_three + cmp rdx,0x40 + jb NEAR $L$xts_enc_three pxor xmm14,xmm0 - je $L$xts_enc_four + je NEAR $L$xts_enc_four - movdqu xmm2,XMMWORD PTR[rdi] - movdqu xmm3,XMMWORD PTR[16+rdi] - movdqu xmm4,XMMWORD PTR[32+rdi] + movdqu xmm2,XMMWORD[rdi] + movdqu xmm3,XMMWORD[16+rdi] + movdqu xmm4,XMMWORD[32+rdi] pxor xmm2,xmm10 - movdqu xmm5,XMMWORD PTR[48+rdi] + movdqu xmm5,XMMWORD[48+rdi] pxor xmm3,xmm11 - movdqu xmm6,XMMWORD PTR[64+rdi] - lea rdi,QWORD PTR[80+rdi] + movdqu xmm6,XMMWORD[64+rdi] + lea rdi,[80+rdi] pxor xmm4,xmm12 pxor xmm5,xmm13 pxor xmm6,xmm14 + pxor xmm7,xmm7 call _aesni_encrypt6 @@ -1924,43 +2017,43 @@ $L$xts_enc_short:: movdqa xmm10,xmm15 xorps xmm3,xmm11 xorps xmm4,xmm12 - movdqu XMMWORD PTR[rsi],xmm2 + movdqu XMMWORD[rsi],xmm2 xorps xmm5,xmm13 - movdqu XMMWORD PTR[16+rsi],xmm3 + movdqu XMMWORD[16+rsi],xmm3 xorps xmm6,xmm14 - movdqu XMMWORD PTR[32+rsi],xmm4 - movdqu XMMWORD PTR[48+rsi],xmm5 - movdqu XMMWORD PTR[64+rsi],xmm6 - lea rsi,QWORD PTR[80+rsi] - jmp $L$xts_enc_done + movdqu XMMWORD[32+rsi],xmm4 + movdqu XMMWORD[48+rsi],xmm5 + movdqu XMMWORD[64+rsi],xmm6 + lea rsi,[80+rsi] + jmp NEAR $L$xts_enc_done ALIGN 16 -$L$xts_enc_one:: - movups xmm2,XMMWORD PTR[rdi] - lea rdi,QWORD PTR[16+rdi] +$L$xts_enc_one: + movups xmm2,XMMWORD[rdi] + lea rdi,[16+rdi] xorps xmm2,xmm10 - movups xmm0,XMMWORD PTR[rcx] - movups xmm1,XMMWORD PTR[16+rcx] - lea rcx,QWORD PTR[32+rcx] + movups xmm0,XMMWORD[rcx] + movups xmm1,XMMWORD[16+rcx] + lea rcx,[32+rcx] xorps xmm2,xmm0 -$L$oop_enc1_9:: +$L$oop_enc1_9: DB 102,15,56,220,209 dec eax - movups xmm1,XMMWORD PTR[rcx] - lea rcx,QWORD PTR[16+rcx] - jnz $L$oop_enc1_9 + movups xmm1,XMMWORD[rcx] + lea rcx,[16+rcx] + jnz NEAR $L$oop_enc1_9 DB 102,15,56,221,209 xorps xmm2,xmm10 movdqa xmm10,xmm11 - movups XMMWORD PTR[rsi],xmm2 - lea rsi,QWORD PTR[16+rsi] - jmp $L$xts_enc_done + movups XMMWORD[rsi],xmm2 + lea rsi,[16+rsi] + jmp NEAR $L$xts_enc_done ALIGN 16 -$L$xts_enc_two:: - movups xmm2,XMMWORD PTR[rdi] - movups xmm3,XMMWORD PTR[16+rdi] - lea rdi,QWORD PTR[32+rdi] +$L$xts_enc_two: + movups xmm2,XMMWORD[rdi] + movups xmm3,XMMWORD[16+rdi] + lea rdi,[32+rdi] xorps xmm2,xmm10 xorps xmm3,xmm11 @@ -1969,17 +2062,17 @@ $L$xts_enc_two:: xorps xmm2,xmm10 movdqa xmm10,xmm12 xorps xmm3,xmm11 - movups XMMWORD PTR[rsi],xmm2 - movups XMMWORD PTR[16+rsi],xmm3 - lea rsi,QWORD PTR[32+rsi] - jmp $L$xts_enc_done + movups XMMWORD[rsi],xmm2 + movups XMMWORD[16+rsi],xmm3 + lea rsi,[32+rsi] + jmp NEAR $L$xts_enc_done ALIGN 16 -$L$xts_enc_three:: - movups xmm2,XMMWORD PTR[rdi] - movups xmm3,XMMWORD PTR[16+rdi] - movups xmm4,XMMWORD PTR[32+rdi] - lea rdi,QWORD PTR[48+rdi] +$L$xts_enc_three: + movups xmm2,XMMWORD[rdi] + movups xmm3,XMMWORD[16+rdi] + movups xmm4,XMMWORD[32+rdi] + lea rdi,[48+rdi] xorps xmm2,xmm10 xorps xmm3,xmm11 xorps xmm4,xmm12 @@ -1990,20 +2083,20 @@ $L$xts_enc_three:: movdqa xmm10,xmm13 xorps xmm3,xmm11 xorps xmm4,xmm12 - movups XMMWORD PTR[rsi],xmm2 - movups XMMWORD PTR[16+rsi],xmm3 - movups XMMWORD PTR[32+rsi],xmm4 - lea rsi,QWORD PTR[48+rsi] - jmp $L$xts_enc_done + movups XMMWORD[rsi],xmm2 + movups XMMWORD[16+rsi],xmm3 + movups XMMWORD[32+rsi],xmm4 + lea rsi,[48+rsi] + jmp NEAR $L$xts_enc_done ALIGN 16 -$L$xts_enc_four:: - movups xmm2,XMMWORD PTR[rdi] - movups xmm3,XMMWORD PTR[16+rdi] - movups xmm4,XMMWORD PTR[32+rdi] +$L$xts_enc_four: + movups xmm2,XMMWORD[rdi] + movups xmm3,XMMWORD[16+rdi] + movups xmm4,XMMWORD[32+rdi] xorps xmm2,xmm10 - movups xmm5,XMMWORD PTR[48+rdi] - lea rdi,QWORD PTR[64+rdi] + movups xmm5,XMMWORD[48+rdi] + lea rdi,[64+rdi] xorps xmm3,xmm11 xorps xmm4,xmm12 xorps xmm5,xmm13 @@ -2014,114 +2107,136 @@ $L$xts_enc_four:: movdqa xmm10,xmm14 pxor xmm3,xmm11 pxor xmm4,xmm12 - movdqu XMMWORD PTR[rsi],xmm2 + movdqu XMMWORD[rsi],xmm2 pxor xmm5,xmm13 - movdqu XMMWORD PTR[16+rsi],xmm3 - movdqu XMMWORD PTR[32+rsi],xmm4 - movdqu XMMWORD PTR[48+rsi],xmm5 - lea rsi,QWORD PTR[64+rsi] - jmp $L$xts_enc_done + movdqu XMMWORD[16+rsi],xmm3 + movdqu XMMWORD[32+rsi],xmm4 + movdqu XMMWORD[48+rsi],xmm5 + lea rsi,[64+rsi] + jmp NEAR $L$xts_enc_done ALIGN 16 -$L$xts_enc_done:: +$L$xts_enc_done: and r9,15 - jz $L$xts_enc_ret + jz NEAR $L$xts_enc_ret mov rdx,r9 -$L$xts_enc_steal:: - movzx eax,BYTE PTR[rdi] - movzx ecx,BYTE PTR[((-16))+rsi] - lea rdi,QWORD PTR[1+rdi] - mov BYTE PTR[((-16))+rsi],al - mov BYTE PTR[rsi],cl - lea rsi,QWORD PTR[1+rsi] +$L$xts_enc_steal: + movzx eax,BYTE[rdi] + movzx ecx,BYTE[((-16))+rsi] + lea rdi,[1+rdi] + mov BYTE[((-16))+rsi],al + mov BYTE[rsi],cl + lea rsi,[1+rsi] sub rdx,1 - jnz $L$xts_enc_steal + jnz NEAR $L$xts_enc_steal sub rsi,r9 mov rcx,r11 mov eax,r10d - movups xmm2,XMMWORD PTR[((-16))+rsi] + movups xmm2,XMMWORD[((-16))+rsi] xorps xmm2,xmm10 - movups xmm0,XMMWORD PTR[rcx] - movups xmm1,XMMWORD PTR[16+rcx] - lea rcx,QWORD PTR[32+rcx] + movups xmm0,XMMWORD[rcx] + movups xmm1,XMMWORD[16+rcx] + lea rcx,[32+rcx] xorps xmm2,xmm0 -$L$oop_enc1_10:: +$L$oop_enc1_10: DB 102,15,56,220,209 dec eax - movups xmm1,XMMWORD PTR[rcx] - lea rcx,QWORD PTR[16+rcx] - jnz $L$oop_enc1_10 + movups xmm1,XMMWORD[rcx] + lea rcx,[16+rcx] + jnz NEAR $L$oop_enc1_10 DB 102,15,56,221,209 xorps xmm2,xmm10 - movups XMMWORD PTR[(-16)+rsi],xmm2 - -$L$xts_enc_ret:: - movaps xmm6,XMMWORD PTR[((-160))+rbp] - movaps xmm7,XMMWORD PTR[((-144))+rbp] - movaps xmm8,XMMWORD PTR[((-128))+rbp] - movaps xmm9,XMMWORD PTR[((-112))+rbp] - movaps xmm10,XMMWORD PTR[((-96))+rbp] - movaps xmm11,XMMWORD PTR[((-80))+rbp] - movaps xmm12,XMMWORD PTR[((-64))+rbp] - movaps xmm13,XMMWORD PTR[((-48))+rbp] - movaps xmm14,XMMWORD PTR[((-32))+rbp] - movaps xmm15,XMMWORD PTR[((-16))+rbp] - lea rsp,QWORD PTR[rbp] + movups XMMWORD[(-16)+rsi],xmm2 + +$L$xts_enc_ret: + xorps xmm0,xmm0 + pxor xmm1,xmm1 + pxor xmm2,xmm2 + pxor xmm3,xmm3 + pxor xmm4,xmm4 + pxor xmm5,xmm5 + movaps xmm6,XMMWORD[((-160))+rbp] + movaps XMMWORD[(-160)+rbp],xmm0 + movaps xmm7,XMMWORD[((-144))+rbp] + movaps XMMWORD[(-144)+rbp],xmm0 + movaps xmm8,XMMWORD[((-128))+rbp] + movaps XMMWORD[(-128)+rbp],xmm0 + movaps xmm9,XMMWORD[((-112))+rbp] + movaps XMMWORD[(-112)+rbp],xmm0 + movaps xmm10,XMMWORD[((-96))+rbp] + movaps XMMWORD[(-96)+rbp],xmm0 + movaps xmm11,XMMWORD[((-80))+rbp] + movaps XMMWORD[(-80)+rbp],xmm0 + movaps xmm12,XMMWORD[((-64))+rbp] + movaps XMMWORD[(-64)+rbp],xmm0 + movaps xmm13,XMMWORD[((-48))+rbp] + movaps XMMWORD[(-48)+rbp],xmm0 + movaps xmm14,XMMWORD[((-32))+rbp] + movaps XMMWORD[(-32)+rbp],xmm0 + movaps xmm15,XMMWORD[((-16))+rbp] + movaps XMMWORD[(-16)+rbp],xmm0 + movaps XMMWORD[rsp],xmm0 + movaps XMMWORD[16+rsp],xmm0 + movaps XMMWORD[32+rsp],xmm0 + movaps XMMWORD[48+rsp],xmm0 + movaps XMMWORD[64+rsp],xmm0 + movaps XMMWORD[80+rsp],xmm0 + movaps XMMWORD[96+rsp],xmm0 + lea rsp,[rbp] pop rbp -$L$xts_enc_epilogue:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] +$L$xts_enc_epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_aesni_xts_encrypt:: -aesni_xts_encrypt ENDP -PUBLIC aesni_xts_decrypt +$L$SEH_end_aesni_xts_encrypt: +global aesni_xts_decrypt ALIGN 16 -aesni_xts_decrypt PROC PUBLIC - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +aesni_xts_decrypt: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_aesni_xts_decrypt:: +$L$SEH_begin_aesni_xts_decrypt: mov rdi,rcx mov rsi,rdx mov rdx,r8 mov rcx,r9 - mov r8,QWORD PTR[40+rsp] - mov r9,QWORD PTR[48+rsp] + mov r8,QWORD[40+rsp] + mov r9,QWORD[48+rsp] - lea rax,QWORD PTR[rsp] + lea rax,[rsp] push rbp sub rsp,272 and rsp,-16 - movaps XMMWORD PTR[(-168)+rax],xmm6 - movaps XMMWORD PTR[(-152)+rax],xmm7 - movaps XMMWORD PTR[(-136)+rax],xmm8 - movaps XMMWORD PTR[(-120)+rax],xmm9 - movaps XMMWORD PTR[(-104)+rax],xmm10 - movaps XMMWORD PTR[(-88)+rax],xmm11 - movaps XMMWORD PTR[(-72)+rax],xmm12 - movaps XMMWORD PTR[(-56)+rax],xmm13 - movaps XMMWORD PTR[(-40)+rax],xmm14 - movaps XMMWORD PTR[(-24)+rax],xmm15 -$L$xts_dec_body:: - lea rbp,QWORD PTR[((-8))+rax] - movups xmm2,XMMWORD PTR[r9] - mov eax,DWORD PTR[240+r8] - mov r10d,DWORD PTR[240+rcx] - movups xmm0,XMMWORD PTR[r8] - movups xmm1,XMMWORD PTR[16+r8] - lea r8,QWORD PTR[32+r8] + movaps XMMWORD[(-168)+rax],xmm6 + movaps XMMWORD[(-152)+rax],xmm7 + movaps XMMWORD[(-136)+rax],xmm8 + movaps XMMWORD[(-120)+rax],xmm9 + movaps XMMWORD[(-104)+rax],xmm10 + movaps XMMWORD[(-88)+rax],xmm11 + movaps XMMWORD[(-72)+rax],xmm12 + movaps XMMWORD[(-56)+rax],xmm13 + movaps XMMWORD[(-40)+rax],xmm14 + movaps XMMWORD[(-24)+rax],xmm15 +$L$xts_dec_body: + lea rbp,[((-8))+rax] + movups xmm2,XMMWORD[r9] + mov eax,DWORD[240+r8] + mov r10d,DWORD[240+rcx] + movups xmm0,XMMWORD[r8] + movups xmm1,XMMWORD[16+r8] + lea r8,[32+r8] xorps xmm2,xmm0 -$L$oop_enc1_11:: +$L$oop_enc1_11: DB 102,15,56,220,209 dec eax - movups xmm1,XMMWORD PTR[r8] - lea r8,QWORD PTR[16+r8] - jnz $L$oop_enc1_11 + movups xmm1,XMMWORD[r8] + lea r8,[16+r8] + jnz NEAR $L$oop_enc1_11 DB 102,15,56,221,209 xor eax,eax test rdx,15 @@ -2129,18 +2244,18 @@ DB 102,15,56,221,209 shl rax,4 sub rdx,rax - movups xmm0,XMMWORD PTR[rcx] + movups xmm0,XMMWORD[rcx] mov r11,rcx mov eax,r10d shl r10d,4 mov r9,rdx and rdx,-16 - movups xmm1,XMMWORD PTR[16+r10*1+rcx] + movups xmm1,XMMWORD[16+r10*1+rcx] - movdqa xmm8,XMMWORD PTR[$L$xts_magic] + movdqa xmm8,XMMWORD[$L$xts_magic] movdqa xmm15,xmm2 - pshufd xmm9,xmm2,05fh + pshufd xmm9,xmm2,0x5f pxor xmm1,xmm0 movdqa xmm14,xmm9 paddd xmm9,xmm9 @@ -2180,76 +2295,76 @@ DB 102,15,56,221,209 pand xmm9,xmm8 pxor xmm14,xmm0 pxor xmm15,xmm9 - movaps XMMWORD PTR[96+rsp],xmm1 + movaps XMMWORD[96+rsp],xmm1 sub rdx,16*6 - jc $L$xts_dec_short + jc NEAR $L$xts_dec_short mov eax,16+96 - lea rcx,QWORD PTR[32+r10*1+r11] + lea rcx,[32+r10*1+r11] sub rax,r10 - movups xmm1,XMMWORD PTR[16+r11] + movups xmm1,XMMWORD[16+r11] mov r10,rax - lea r8,QWORD PTR[$L$xts_magic] - jmp $L$xts_dec_grandloop + lea r8,[$L$xts_magic] + jmp NEAR $L$xts_dec_grandloop ALIGN 32 -$L$xts_dec_grandloop:: - movdqu xmm2,XMMWORD PTR[rdi] +$L$xts_dec_grandloop: + movdqu xmm2,XMMWORD[rdi] movdqa xmm8,xmm0 - movdqu xmm3,XMMWORD PTR[16+rdi] + movdqu xmm3,XMMWORD[16+rdi] pxor xmm2,xmm10 - movdqu xmm4,XMMWORD PTR[32+rdi] + movdqu xmm4,XMMWORD[32+rdi] pxor xmm3,xmm11 DB 102,15,56,222,209 - movdqu xmm5,XMMWORD PTR[48+rdi] + movdqu xmm5,XMMWORD[48+rdi] pxor xmm4,xmm12 DB 102,15,56,222,217 - movdqu xmm6,XMMWORD PTR[64+rdi] + movdqu xmm6,XMMWORD[64+rdi] pxor xmm5,xmm13 DB 102,15,56,222,225 - movdqu xmm7,XMMWORD PTR[80+rdi] + movdqu xmm7,XMMWORD[80+rdi] pxor xmm8,xmm15 - movdqa xmm9,XMMWORD PTR[96+rsp] + movdqa xmm9,XMMWORD[96+rsp] pxor xmm6,xmm14 DB 102,15,56,222,233 - movups xmm0,XMMWORD PTR[32+r11] - lea rdi,QWORD PTR[96+rdi] + movups xmm0,XMMWORD[32+r11] + lea rdi,[96+rdi] pxor xmm7,xmm8 pxor xmm10,xmm9 DB 102,15,56,222,241 pxor xmm11,xmm9 - movdqa XMMWORD PTR[rsp],xmm10 + movdqa XMMWORD[rsp],xmm10 DB 102,15,56,222,249 - movups xmm1,XMMWORD PTR[48+r11] + movups xmm1,XMMWORD[48+r11] pxor xmm12,xmm9 DB 102,15,56,222,208 pxor xmm13,xmm9 - movdqa XMMWORD PTR[16+rsp],xmm11 + movdqa XMMWORD[16+rsp],xmm11 DB 102,15,56,222,216 pxor xmm14,xmm9 - movdqa XMMWORD PTR[32+rsp],xmm12 + movdqa XMMWORD[32+rsp],xmm12 DB 102,15,56,222,224 DB 102,15,56,222,232 pxor xmm8,xmm9 - movdqa XMMWORD PTR[64+rsp],xmm14 + movdqa XMMWORD[64+rsp],xmm14 DB 102,15,56,222,240 DB 102,15,56,222,248 - movups xmm0,XMMWORD PTR[64+r11] - movdqa XMMWORD PTR[80+rsp],xmm8 - pshufd xmm9,xmm15,05fh - jmp $L$xts_dec_loop6 + movups xmm0,XMMWORD[64+r11] + movdqa XMMWORD[80+rsp],xmm8 + pshufd xmm9,xmm15,0x5f + jmp NEAR $L$xts_dec_loop6 ALIGN 32 -$L$xts_dec_loop6:: +$L$xts_dec_loop6: DB 102,15,56,222,209 DB 102,15,56,222,217 DB 102,15,56,222,225 DB 102,15,56,222,233 DB 102,15,56,222,241 DB 102,15,56,222,249 - movups xmm1,XMMWORD PTR[((-64))+rax*1+rcx] + movups xmm1,XMMWORD[((-64))+rax*1+rcx] add rax,32 DB 102,15,56,222,208 @@ -2258,10 +2373,10 @@ DB 102,15,56,222,224 DB 102,15,56,222,232 DB 102,15,56,222,240 DB 102,15,56,222,248 - movups xmm0,XMMWORD PTR[((-80))+rax*1+rcx] - jnz $L$xts_dec_loop6 + movups xmm0,XMMWORD[((-80))+rax*1+rcx] + jnz NEAR $L$xts_dec_loop6 - movdqa xmm8,XMMWORD PTR[r8] + movdqa xmm8,XMMWORD[r8] movdqa xmm14,xmm9 paddd xmm9,xmm9 DB 102,15,56,222,209 @@ -2269,14 +2384,14 @@ DB 102,15,56,222,209 psrad xmm14,31 DB 102,15,56,222,217 pand xmm14,xmm8 - movups xmm10,XMMWORD PTR[r11] + movups xmm10,XMMWORD[r11] DB 102,15,56,222,225 DB 102,15,56,222,233 DB 102,15,56,222,241 pxor xmm15,xmm14 movaps xmm11,xmm10 DB 102,15,56,222,249 - movups xmm1,XMMWORD PTR[((-64))+rcx] + movups xmm1,XMMWORD[((-64))+rcx] movdqa xmm14,xmm9 DB 102,15,56,222,208 @@ -2293,7 +2408,7 @@ DB 102,15,56,222,240 pxor xmm15,xmm14 movdqa xmm14,xmm9 DB 102,15,56,222,248 - movups xmm0,XMMWORD PTR[((-48))+rcx] + movups xmm0,XMMWORD[((-48))+rcx] paddd xmm9,xmm9 DB 102,15,56,222,209 @@ -2304,13 +2419,13 @@ DB 102,15,56,222,217 pand xmm14,xmm8 DB 102,15,56,222,225 DB 102,15,56,222,233 - movdqa XMMWORD PTR[48+rsp],xmm13 + movdqa XMMWORD[48+rsp],xmm13 pxor xmm15,xmm14 DB 102,15,56,222,241 movaps xmm13,xmm12 movdqa xmm14,xmm9 DB 102,15,56,222,249 - movups xmm1,XMMWORD PTR[((-32))+rcx] + movups xmm1,XMMWORD[((-32))+rcx] paddd xmm9,xmm9 DB 102,15,56,222,208 @@ -2337,10 +2452,10 @@ DB 102,15,56,222,217 DB 102,15,56,222,225 DB 102,15,56,222,233 pxor xmm15,xmm0 - movups xmm0,XMMWORD PTR[r11] + movups xmm0,XMMWORD[r11] DB 102,15,56,222,241 DB 102,15,56,222,249 - movups xmm1,XMMWORD PTR[16+r11] + movups xmm1,XMMWORD[16+r11] pxor xmm14,xmm15 DB 102,15,56,223,84,36,0 @@ -2355,47 +2470,48 @@ DB 102,15,56,223,116,36,64 DB 102,15,56,223,124,36,80 pxor xmm15,xmm9 - lea rsi,QWORD PTR[96+rsi] - movups XMMWORD PTR[(-96)+rsi],xmm2 - movups XMMWORD PTR[(-80)+rsi],xmm3 - movups XMMWORD PTR[(-64)+rsi],xmm4 - movups XMMWORD PTR[(-48)+rsi],xmm5 - movups XMMWORD PTR[(-32)+rsi],xmm6 - movups XMMWORD PTR[(-16)+rsi],xmm7 + lea rsi,[96+rsi] + movups XMMWORD[(-96)+rsi],xmm2 + movups XMMWORD[(-80)+rsi],xmm3 + movups XMMWORD[(-64)+rsi],xmm4 + movups XMMWORD[(-48)+rsi],xmm5 + movups XMMWORD[(-32)+rsi],xmm6 + movups XMMWORD[(-16)+rsi],xmm7 sub rdx,16*6 - jnc $L$xts_dec_grandloop + jnc NEAR $L$xts_dec_grandloop mov eax,16+96 sub eax,r10d mov rcx,r11 shr eax,4 -$L$xts_dec_short:: +$L$xts_dec_short: + mov r10d,eax pxor xmm10,xmm0 pxor xmm11,xmm0 add rdx,16*6 - jz $L$xts_dec_done + jz NEAR $L$xts_dec_done pxor xmm12,xmm0 - cmp rdx,020h - jb $L$xts_dec_one + cmp rdx,0x20 + jb NEAR $L$xts_dec_one pxor xmm13,xmm0 - je $L$xts_dec_two + je NEAR $L$xts_dec_two pxor xmm14,xmm0 - cmp rdx,040h - jb $L$xts_dec_three - je $L$xts_dec_four + cmp rdx,0x40 + jb NEAR $L$xts_dec_three + je NEAR $L$xts_dec_four - movdqu xmm2,XMMWORD PTR[rdi] - movdqu xmm3,XMMWORD PTR[16+rdi] - movdqu xmm4,XMMWORD PTR[32+rdi] + movdqu xmm2,XMMWORD[rdi] + movdqu xmm3,XMMWORD[16+rdi] + movdqu xmm4,XMMWORD[32+rdi] pxor xmm2,xmm10 - movdqu xmm5,XMMWORD PTR[48+rdi] + movdqu xmm5,XMMWORD[48+rdi] pxor xmm3,xmm11 - movdqu xmm6,XMMWORD PTR[64+rdi] - lea rdi,QWORD PTR[80+rdi] + movdqu xmm6,XMMWORD[64+rdi] + lea rdi,[80+rdi] pxor xmm4,xmm12 pxor xmm5,xmm13 pxor xmm6,xmm14 @@ -2405,54 +2521,54 @@ $L$xts_dec_short:: xorps xmm2,xmm10 xorps xmm3,xmm11 xorps xmm4,xmm12 - movdqu XMMWORD PTR[rsi],xmm2 + movdqu XMMWORD[rsi],xmm2 xorps xmm5,xmm13 - movdqu XMMWORD PTR[16+rsi],xmm3 + movdqu XMMWORD[16+rsi],xmm3 xorps xmm6,xmm14 - movdqu XMMWORD PTR[32+rsi],xmm4 + movdqu XMMWORD[32+rsi],xmm4 pxor xmm14,xmm14 - movdqu XMMWORD PTR[48+rsi],xmm5 + movdqu XMMWORD[48+rsi],xmm5 pcmpgtd xmm14,xmm15 - movdqu XMMWORD PTR[64+rsi],xmm6 - lea rsi,QWORD PTR[80+rsi] - pshufd xmm11,xmm14,013h + movdqu XMMWORD[64+rsi],xmm6 + lea rsi,[80+rsi] + pshufd xmm11,xmm14,0x13 and r9,15 - jz $L$xts_dec_ret + jz NEAR $L$xts_dec_ret movdqa xmm10,xmm15 paddq xmm15,xmm15 pand xmm11,xmm8 pxor xmm11,xmm15 - jmp $L$xts_dec_done2 + jmp NEAR $L$xts_dec_done2 ALIGN 16 -$L$xts_dec_one:: - movups xmm2,XMMWORD PTR[rdi] - lea rdi,QWORD PTR[16+rdi] +$L$xts_dec_one: + movups xmm2,XMMWORD[rdi] + lea rdi,[16+rdi] xorps xmm2,xmm10 - movups xmm0,XMMWORD PTR[rcx] - movups xmm1,XMMWORD PTR[16+rcx] - lea rcx,QWORD PTR[32+rcx] + movups xmm0,XMMWORD[rcx] + movups xmm1,XMMWORD[16+rcx] + lea rcx,[32+rcx] xorps xmm2,xmm0 -$L$oop_dec1_12:: +$L$oop_dec1_12: DB 102,15,56,222,209 dec eax - movups xmm1,XMMWORD PTR[rcx] - lea rcx,QWORD PTR[16+rcx] - jnz $L$oop_dec1_12 + movups xmm1,XMMWORD[rcx] + lea rcx,[16+rcx] + jnz NEAR $L$oop_dec1_12 DB 102,15,56,223,209 xorps xmm2,xmm10 movdqa xmm10,xmm11 - movups XMMWORD PTR[rsi],xmm2 + movups XMMWORD[rsi],xmm2 movdqa xmm11,xmm12 - lea rsi,QWORD PTR[16+rsi] - jmp $L$xts_dec_done + lea rsi,[16+rsi] + jmp NEAR $L$xts_dec_done ALIGN 16 -$L$xts_dec_two:: - movups xmm2,XMMWORD PTR[rdi] - movups xmm3,XMMWORD PTR[16+rdi] - lea rdi,QWORD PTR[32+rdi] +$L$xts_dec_two: + movups xmm2,XMMWORD[rdi] + movups xmm3,XMMWORD[16+rdi] + lea rdi,[32+rdi] xorps xmm2,xmm10 xorps xmm3,xmm11 @@ -2462,17 +2578,17 @@ $L$xts_dec_two:: movdqa xmm10,xmm12 xorps xmm3,xmm11 movdqa xmm11,xmm13 - movups XMMWORD PTR[rsi],xmm2 - movups XMMWORD PTR[16+rsi],xmm3 - lea rsi,QWORD PTR[32+rsi] - jmp $L$xts_dec_done + movups XMMWORD[rsi],xmm2 + movups XMMWORD[16+rsi],xmm3 + lea rsi,[32+rsi] + jmp NEAR $L$xts_dec_done ALIGN 16 -$L$xts_dec_three:: - movups xmm2,XMMWORD PTR[rdi] - movups xmm3,XMMWORD PTR[16+rdi] - movups xmm4,XMMWORD PTR[32+rdi] - lea rdi,QWORD PTR[48+rdi] +$L$xts_dec_three: + movups xmm2,XMMWORD[rdi] + movups xmm3,XMMWORD[16+rdi] + movups xmm4,XMMWORD[32+rdi] + lea rdi,[48+rdi] xorps xmm2,xmm10 xorps xmm3,xmm11 xorps xmm4,xmm12 @@ -2484,20 +2600,20 @@ $L$xts_dec_three:: xorps xmm3,xmm11 movdqa xmm11,xmm14 xorps xmm4,xmm12 - movups XMMWORD PTR[rsi],xmm2 - movups XMMWORD PTR[16+rsi],xmm3 - movups XMMWORD PTR[32+rsi],xmm4 - lea rsi,QWORD PTR[48+rsi] - jmp $L$xts_dec_done + movups XMMWORD[rsi],xmm2 + movups XMMWORD[16+rsi],xmm3 + movups XMMWORD[32+rsi],xmm4 + lea rsi,[48+rsi] + jmp NEAR $L$xts_dec_done ALIGN 16 -$L$xts_dec_four:: - movups xmm2,XMMWORD PTR[rdi] - movups xmm3,XMMWORD PTR[16+rdi] - movups xmm4,XMMWORD PTR[32+rdi] +$L$xts_dec_four: + movups xmm2,XMMWORD[rdi] + movups xmm3,XMMWORD[16+rdi] + movups xmm4,XMMWORD[32+rdi] xorps xmm2,xmm10 - movups xmm5,XMMWORD PTR[48+rdi] - lea rdi,QWORD PTR[64+rdi] + movups xmm5,XMMWORD[48+rdi] + lea rdi,[64+rdi] xorps xmm3,xmm11 xorps xmm4,xmm12 xorps xmm5,xmm13 @@ -2509,220 +2625,275 @@ $L$xts_dec_four:: pxor xmm3,xmm11 movdqa xmm11,xmm15 pxor xmm4,xmm12 - movdqu XMMWORD PTR[rsi],xmm2 + movdqu XMMWORD[rsi],xmm2 pxor xmm5,xmm13 - movdqu XMMWORD PTR[16+rsi],xmm3 - movdqu XMMWORD PTR[32+rsi],xmm4 - movdqu XMMWORD PTR[48+rsi],xmm5 - lea rsi,QWORD PTR[64+rsi] - jmp $L$xts_dec_done + movdqu XMMWORD[16+rsi],xmm3 + movdqu XMMWORD[32+rsi],xmm4 + movdqu XMMWORD[48+rsi],xmm5 + lea rsi,[64+rsi] + jmp NEAR $L$xts_dec_done ALIGN 16 -$L$xts_dec_done:: +$L$xts_dec_done: and r9,15 - jz $L$xts_dec_ret -$L$xts_dec_done2:: + jz NEAR $L$xts_dec_ret +$L$xts_dec_done2: mov rdx,r9 mov rcx,r11 mov eax,r10d - movups xmm2,XMMWORD PTR[rdi] + movups xmm2,XMMWORD[rdi] xorps xmm2,xmm11 - movups xmm0,XMMWORD PTR[rcx] - movups xmm1,XMMWORD PTR[16+rcx] - lea rcx,QWORD PTR[32+rcx] + movups xmm0,XMMWORD[rcx] + movups xmm1,XMMWORD[16+rcx] + lea rcx,[32+rcx] xorps xmm2,xmm0 -$L$oop_dec1_13:: +$L$oop_dec1_13: DB 102,15,56,222,209 dec eax - movups xmm1,XMMWORD PTR[rcx] - lea rcx,QWORD PTR[16+rcx] - jnz $L$oop_dec1_13 + movups xmm1,XMMWORD[rcx] + lea rcx,[16+rcx] + jnz NEAR $L$oop_dec1_13 DB 102,15,56,223,209 xorps xmm2,xmm11 - movups XMMWORD PTR[rsi],xmm2 - -$L$xts_dec_steal:: - movzx eax,BYTE PTR[16+rdi] - movzx ecx,BYTE PTR[rsi] - lea rdi,QWORD PTR[1+rdi] - mov BYTE PTR[rsi],al - mov BYTE PTR[16+rsi],cl - lea rsi,QWORD PTR[1+rsi] + movups XMMWORD[rsi],xmm2 + +$L$xts_dec_steal: + movzx eax,BYTE[16+rdi] + movzx ecx,BYTE[rsi] + lea rdi,[1+rdi] + mov BYTE[rsi],al + mov BYTE[16+rsi],cl + lea rsi,[1+rsi] sub rdx,1 - jnz $L$xts_dec_steal + jnz NEAR $L$xts_dec_steal sub rsi,r9 mov rcx,r11 mov eax,r10d - movups xmm2,XMMWORD PTR[rsi] + movups xmm2,XMMWORD[rsi] xorps xmm2,xmm10 - movups xmm0,XMMWORD PTR[rcx] - movups xmm1,XMMWORD PTR[16+rcx] - lea rcx,QWORD PTR[32+rcx] + movups xmm0,XMMWORD[rcx] + movups xmm1,XMMWORD[16+rcx] + lea rcx,[32+rcx] xorps xmm2,xmm0 -$L$oop_dec1_14:: +$L$oop_dec1_14: DB 102,15,56,222,209 dec eax - movups xmm1,XMMWORD PTR[rcx] - lea rcx,QWORD PTR[16+rcx] - jnz $L$oop_dec1_14 + movups xmm1,XMMWORD[rcx] + lea rcx,[16+rcx] + jnz NEAR $L$oop_dec1_14 DB 102,15,56,223,209 xorps xmm2,xmm10 - movups XMMWORD PTR[rsi],xmm2 - -$L$xts_dec_ret:: - movaps xmm6,XMMWORD PTR[((-160))+rbp] - movaps xmm7,XMMWORD PTR[((-144))+rbp] - movaps xmm8,XMMWORD PTR[((-128))+rbp] - movaps xmm9,XMMWORD PTR[((-112))+rbp] - movaps xmm10,XMMWORD PTR[((-96))+rbp] - movaps xmm11,XMMWORD PTR[((-80))+rbp] - movaps xmm12,XMMWORD PTR[((-64))+rbp] - movaps xmm13,XMMWORD PTR[((-48))+rbp] - movaps xmm14,XMMWORD PTR[((-32))+rbp] - movaps xmm15,XMMWORD PTR[((-16))+rbp] - lea rsp,QWORD PTR[rbp] + movups XMMWORD[rsi],xmm2 + +$L$xts_dec_ret: + xorps xmm0,xmm0 + pxor xmm1,xmm1 + pxor xmm2,xmm2 + pxor xmm3,xmm3 + pxor xmm4,xmm4 + pxor xmm5,xmm5 + movaps xmm6,XMMWORD[((-160))+rbp] + movaps XMMWORD[(-160)+rbp],xmm0 + movaps xmm7,XMMWORD[((-144))+rbp] + movaps XMMWORD[(-144)+rbp],xmm0 + movaps xmm8,XMMWORD[((-128))+rbp] + movaps XMMWORD[(-128)+rbp],xmm0 + movaps xmm9,XMMWORD[((-112))+rbp] + movaps XMMWORD[(-112)+rbp],xmm0 + movaps xmm10,XMMWORD[((-96))+rbp] + movaps XMMWORD[(-96)+rbp],xmm0 + movaps xmm11,XMMWORD[((-80))+rbp] + movaps XMMWORD[(-80)+rbp],xmm0 + movaps xmm12,XMMWORD[((-64))+rbp] + movaps XMMWORD[(-64)+rbp],xmm0 + movaps xmm13,XMMWORD[((-48))+rbp] + movaps XMMWORD[(-48)+rbp],xmm0 + movaps xmm14,XMMWORD[((-32))+rbp] + movaps XMMWORD[(-32)+rbp],xmm0 + movaps xmm15,XMMWORD[((-16))+rbp] + movaps XMMWORD[(-16)+rbp],xmm0 + movaps XMMWORD[rsp],xmm0 + movaps XMMWORD[16+rsp],xmm0 + movaps XMMWORD[32+rsp],xmm0 + movaps XMMWORD[48+rsp],xmm0 + movaps XMMWORD[64+rsp],xmm0 + movaps XMMWORD[80+rsp],xmm0 + movaps XMMWORD[96+rsp],xmm0 + lea rsp,[rbp] pop rbp -$L$xts_dec_epilogue:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] +$L$xts_dec_epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_aesni_xts_decrypt:: -aesni_xts_decrypt ENDP -PUBLIC aesni_cbc_encrypt +$L$SEH_end_aesni_xts_decrypt: +global aesni_cbc_encrypt ALIGN 16 -aesni_cbc_encrypt PROC PUBLIC - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +aesni_cbc_encrypt: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_aesni_cbc_encrypt:: +$L$SEH_begin_aesni_cbc_encrypt: mov rdi,rcx mov rsi,rdx mov rdx,r8 mov rcx,r9 - mov r8,QWORD PTR[40+rsp] - mov r9,QWORD PTR[48+rsp] + mov r8,QWORD[40+rsp] + mov r9,QWORD[48+rsp] test rdx,rdx - jz $L$cbc_ret + jz NEAR $L$cbc_ret - mov r10d,DWORD PTR[240+rcx] + mov r10d,DWORD[240+rcx] mov r11,rcx test r9d,r9d - jz $L$cbc_decrypt + jz NEAR $L$cbc_decrypt - movups xmm2,XMMWORD PTR[r8] + movups xmm2,XMMWORD[r8] mov eax,r10d cmp rdx,16 - jb $L$cbc_enc_tail + jb NEAR $L$cbc_enc_tail sub rdx,16 - jmp $L$cbc_enc_loop + jmp NEAR $L$cbc_enc_loop ALIGN 16 -$L$cbc_enc_loop:: - movups xmm3,XMMWORD PTR[rdi] - lea rdi,QWORD PTR[16+rdi] +$L$cbc_enc_loop: + movups xmm3,XMMWORD[rdi] + lea rdi,[16+rdi] - movups xmm0,XMMWORD PTR[rcx] - movups xmm1,XMMWORD PTR[16+rcx] + movups xmm0,XMMWORD[rcx] + movups xmm1,XMMWORD[16+rcx] xorps xmm3,xmm0 - lea rcx,QWORD PTR[32+rcx] + lea rcx,[32+rcx] xorps xmm2,xmm3 -$L$oop_enc1_15:: +$L$oop_enc1_15: DB 102,15,56,220,209 dec eax - movups xmm1,XMMWORD PTR[rcx] - lea rcx,QWORD PTR[16+rcx] - jnz $L$oop_enc1_15 + movups xmm1,XMMWORD[rcx] + lea rcx,[16+rcx] + jnz NEAR $L$oop_enc1_15 DB 102,15,56,221,209 mov eax,r10d mov rcx,r11 - movups XMMWORD PTR[rsi],xmm2 - lea rsi,QWORD PTR[16+rsi] + movups XMMWORD[rsi],xmm2 + lea rsi,[16+rsi] sub rdx,16 - jnc $L$cbc_enc_loop + jnc NEAR $L$cbc_enc_loop add rdx,16 - jnz $L$cbc_enc_tail - movups XMMWORD PTR[r8],xmm2 - jmp $L$cbc_ret - -$L$cbc_enc_tail:: + jnz NEAR $L$cbc_enc_tail + pxor xmm0,xmm0 + pxor xmm1,xmm1 + movups XMMWORD[r8],xmm2 + pxor xmm2,xmm2 + pxor xmm3,xmm3 + jmp NEAR $L$cbc_ret + +$L$cbc_enc_tail: mov rcx,rdx xchg rsi,rdi - DD 09066A4F3h + DD 0x9066A4F3 mov ecx,16 sub rcx,rdx xor eax,eax - DD 09066AAF3h - lea rdi,QWORD PTR[((-16))+rdi] + DD 0x9066AAF3 + lea rdi,[((-16))+rdi] mov eax,r10d mov rsi,rdi mov rcx,r11 xor rdx,rdx - jmp $L$cbc_enc_loop + jmp NEAR $L$cbc_enc_loop ALIGN 16 -$L$cbc_decrypt:: - lea rax,QWORD PTR[rsp] +$L$cbc_decrypt: + cmp rdx,16 + jne NEAR $L$cbc_decrypt_bulk + + + + movdqu xmm2,XMMWORD[rdi] + movdqu xmm3,XMMWORD[r8] + movdqa xmm4,xmm2 + movups xmm0,XMMWORD[rcx] + movups xmm1,XMMWORD[16+rcx] + lea rcx,[32+rcx] + xorps xmm2,xmm0 +$L$oop_dec1_16: +DB 102,15,56,222,209 + dec r10d + movups xmm1,XMMWORD[rcx] + lea rcx,[16+rcx] + jnz NEAR $L$oop_dec1_16 +DB 102,15,56,223,209 + pxor xmm0,xmm0 + pxor xmm1,xmm1 + movdqu XMMWORD[r8],xmm4 + xorps xmm2,xmm3 + pxor xmm3,xmm3 + movups XMMWORD[rsi],xmm2 + pxor xmm2,xmm2 + jmp NEAR $L$cbc_ret +ALIGN 16 +$L$cbc_decrypt_bulk: + lea rax,[rsp] push rbp sub rsp,176 and rsp,-16 - movaps XMMWORD PTR[16+rsp],xmm6 - movaps XMMWORD PTR[32+rsp],xmm7 - movaps XMMWORD PTR[48+rsp],xmm8 - movaps XMMWORD PTR[64+rsp],xmm9 - movaps XMMWORD PTR[80+rsp],xmm10 - movaps XMMWORD PTR[96+rsp],xmm11 - movaps XMMWORD PTR[112+rsp],xmm12 - movaps XMMWORD PTR[128+rsp],xmm13 - movaps XMMWORD PTR[144+rsp],xmm14 - movaps XMMWORD PTR[160+rsp],xmm15 -$L$cbc_decrypt_body:: - lea rbp,QWORD PTR[((-8))+rax] - movups xmm10,XMMWORD PTR[r8] + movaps XMMWORD[16+rsp],xmm6 + movaps XMMWORD[32+rsp],xmm7 + movaps XMMWORD[48+rsp],xmm8 + movaps XMMWORD[64+rsp],xmm9 + movaps XMMWORD[80+rsp],xmm10 + movaps XMMWORD[96+rsp],xmm11 + movaps XMMWORD[112+rsp],xmm12 + movaps XMMWORD[128+rsp],xmm13 + movaps XMMWORD[144+rsp],xmm14 + movaps XMMWORD[160+rsp],xmm15 +$L$cbc_decrypt_body: + lea rbp,[((-8))+rax] + movups xmm10,XMMWORD[r8] mov eax,r10d - cmp rdx,050h - jbe $L$cbc_dec_tail + cmp rdx,0x50 + jbe NEAR $L$cbc_dec_tail - movups xmm0,XMMWORD PTR[rcx] - movdqu xmm2,XMMWORD PTR[rdi] - movdqu xmm3,XMMWORD PTR[16+rdi] + movups xmm0,XMMWORD[rcx] + movdqu xmm2,XMMWORD[rdi] + movdqu xmm3,XMMWORD[16+rdi] movdqa xmm11,xmm2 - movdqu xmm4,XMMWORD PTR[32+rdi] + movdqu xmm4,XMMWORD[32+rdi] movdqa xmm12,xmm3 - movdqu xmm5,XMMWORD PTR[48+rdi] + movdqu xmm5,XMMWORD[48+rdi] movdqa xmm13,xmm4 - movdqu xmm6,XMMWORD PTR[64+rdi] + movdqu xmm6,XMMWORD[64+rdi] movdqa xmm14,xmm5 - movdqu xmm7,XMMWORD PTR[80+rdi] + movdqu xmm7,XMMWORD[80+rdi] movdqa xmm15,xmm6 - mov r9d,DWORD PTR[((OPENSSL_ia32cap_P+4))] - cmp rdx,070h - jbe $L$cbc_dec_six_or_seven + mov r9d,DWORD[((OPENSSL_ia32cap_P+4))] + cmp rdx,0x70 + jbe NEAR $L$cbc_dec_six_or_seven and r9d,71303168 - sub rdx,050h + sub rdx,0x50 cmp r9d,4194304 - je $L$cbc_dec_loop6_enter - sub rdx,020h - lea rcx,QWORD PTR[112+rcx] - jmp $L$cbc_dec_loop8_enter -ALIGN 16 -$L$cbc_dec_loop8:: - movups XMMWORD PTR[rsi],xmm9 - lea rsi,QWORD PTR[16+rsi] -$L$cbc_dec_loop8_enter:: - movdqu xmm8,XMMWORD PTR[96+rdi] + je NEAR $L$cbc_dec_loop6_enter + sub rdx,0x20 + lea rcx,[112+rcx] + jmp NEAR $L$cbc_dec_loop8_enter +ALIGN 16 +$L$cbc_dec_loop8: + movups XMMWORD[rsi],xmm9 + lea rsi,[16+rsi] +$L$cbc_dec_loop8_enter: + movdqu xmm8,XMMWORD[96+rdi] pxor xmm2,xmm0 - movdqu xmm9,XMMWORD PTR[112+rdi] + movdqu xmm9,XMMWORD[112+rdi] pxor xmm3,xmm0 - movups xmm1,XMMWORD PTR[((16-112))+rcx] + movups xmm1,XMMWORD[((16-112))+rcx] pxor xmm4,xmm0 xor r11,r11 - cmp rdx,070h + cmp rdx,0x70 pxor xmm5,xmm0 pxor xmm6,xmm0 pxor xmm7,xmm0 @@ -2730,7 +2901,7 @@ $L$cbc_dec_loop8_enter:: DB 102,15,56,222,209 pxor xmm9,xmm0 - movups xmm0,XMMWORD PTR[((32-112))+rcx] + movups xmm0,XMMWORD[((32-112))+rcx] DB 102,15,56,222,217 DB 102,15,56,222,225 DB 102,15,56,222,233 @@ -2741,7 +2912,7 @@ DB 102,68,15,56,222,193 shl r11,7 DB 102,68,15,56,222,201 add r11,rdi - movups xmm1,XMMWORD PTR[((48-112))+rcx] + movups xmm1,XMMWORD[((48-112))+rcx] DB 102,15,56,222,208 DB 102,15,56,222,216 DB 102,15,56,222,224 @@ -2750,7 +2921,7 @@ DB 102,15,56,222,240 DB 102,15,56,222,248 DB 102,68,15,56,222,192 DB 102,68,15,56,222,200 - movups xmm0,XMMWORD PTR[((64-112))+rcx] + movups xmm0,XMMWORD[((64-112))+rcx] nop DB 102,15,56,222,209 DB 102,15,56,222,217 @@ -2760,7 +2931,7 @@ DB 102,15,56,222,241 DB 102,15,56,222,249 DB 102,68,15,56,222,193 DB 102,68,15,56,222,201 - movups xmm1,XMMWORD PTR[((80-112))+rcx] + movups xmm1,XMMWORD[((80-112))+rcx] nop DB 102,15,56,222,208 DB 102,15,56,222,216 @@ -2770,7 +2941,7 @@ DB 102,15,56,222,240 DB 102,15,56,222,248 DB 102,68,15,56,222,192 DB 102,68,15,56,222,200 - movups xmm0,XMMWORD PTR[((96-112))+rcx] + movups xmm0,XMMWORD[((96-112))+rcx] nop DB 102,15,56,222,209 DB 102,15,56,222,217 @@ -2780,7 +2951,7 @@ DB 102,15,56,222,241 DB 102,15,56,222,249 DB 102,68,15,56,222,193 DB 102,68,15,56,222,201 - movups xmm1,XMMWORD PTR[((112-112))+rcx] + movups xmm1,XMMWORD[((112-112))+rcx] nop DB 102,15,56,222,208 DB 102,15,56,222,216 @@ -2790,7 +2961,7 @@ DB 102,15,56,222,240 DB 102,15,56,222,248 DB 102,68,15,56,222,192 DB 102,68,15,56,222,200 - movups xmm0,XMMWORD PTR[((128-112))+rcx] + movups xmm0,XMMWORD[((128-112))+rcx] nop DB 102,15,56,222,209 DB 102,15,56,222,217 @@ -2800,7 +2971,7 @@ DB 102,15,56,222,241 DB 102,15,56,222,249 DB 102,68,15,56,222,193 DB 102,68,15,56,222,201 - movups xmm1,XMMWORD PTR[((144-112))+rcx] + movups xmm1,XMMWORD[((144-112))+rcx] cmp eax,11 DB 102,15,56,222,208 DB 102,15,56,222,216 @@ -2810,8 +2981,8 @@ DB 102,15,56,222,240 DB 102,15,56,222,248 DB 102,68,15,56,222,192 DB 102,68,15,56,222,200 - movups xmm0,XMMWORD PTR[((160-112))+rcx] - jb $L$cbc_dec_done + movups xmm0,XMMWORD[((160-112))+rcx] + jb NEAR $L$cbc_dec_done DB 102,15,56,222,209 DB 102,15,56,222,217 DB 102,15,56,222,225 @@ -2820,7 +2991,7 @@ DB 102,15,56,222,241 DB 102,15,56,222,249 DB 102,68,15,56,222,193 DB 102,68,15,56,222,201 - movups xmm1,XMMWORD PTR[((176-112))+rcx] + movups xmm1,XMMWORD[((176-112))+rcx] nop DB 102,15,56,222,208 DB 102,15,56,222,216 @@ -2830,8 +3001,8 @@ DB 102,15,56,222,240 DB 102,15,56,222,248 DB 102,68,15,56,222,192 DB 102,68,15,56,222,200 - movups xmm0,XMMWORD PTR[((192-112))+rcx] - je $L$cbc_dec_done + movups xmm0,XMMWORD[((192-112))+rcx] + je NEAR $L$cbc_dec_done DB 102,15,56,222,209 DB 102,15,56,222,217 DB 102,15,56,222,225 @@ -2840,7 +3011,7 @@ DB 102,15,56,222,241 DB 102,15,56,222,249 DB 102,68,15,56,222,193 DB 102,68,15,56,222,201 - movups xmm1,XMMWORD PTR[((208-112))+rcx] + movups xmm1,XMMWORD[((208-112))+rcx] nop DB 102,15,56,222,208 DB 102,15,56,222,216 @@ -2850,10 +3021,10 @@ DB 102,15,56,222,240 DB 102,15,56,222,248 DB 102,68,15,56,222,192 DB 102,68,15,56,222,200 - movups xmm0,XMMWORD PTR[((224-112))+rcx] - jmp $L$cbc_dec_done + movups xmm0,XMMWORD[((224-112))+rcx] + jmp NEAR $L$cbc_dec_done ALIGN 16 -$L$cbc_dec_done:: +$L$cbc_dec_done: DB 102,15,56,222,209 DB 102,15,56,222,217 pxor xmm10,xmm0 @@ -2868,121 +3039,133 @@ DB 102,15,56,222,249 pxor xmm15,xmm0 DB 102,68,15,56,222,193 DB 102,68,15,56,222,201 - movdqu xmm1,XMMWORD PTR[80+rdi] + movdqu xmm1,XMMWORD[80+rdi] DB 102,65,15,56,223,210 - movdqu xmm10,XMMWORD PTR[96+rdi] + movdqu xmm10,XMMWORD[96+rdi] pxor xmm1,xmm0 DB 102,65,15,56,223,219 pxor xmm10,xmm0 - movdqu xmm0,XMMWORD PTR[112+rdi] + movdqu xmm0,XMMWORD[112+rdi] DB 102,65,15,56,223,228 - lea rdi,QWORD PTR[128+rdi] - movdqu xmm11,XMMWORD PTR[r11] + lea rdi,[128+rdi] + movdqu xmm11,XMMWORD[r11] DB 102,65,15,56,223,237 DB 102,65,15,56,223,246 - movdqu xmm12,XMMWORD PTR[16+r11] - movdqu xmm13,XMMWORD PTR[32+r11] + movdqu xmm12,XMMWORD[16+r11] + movdqu xmm13,XMMWORD[32+r11] DB 102,65,15,56,223,255 DB 102,68,15,56,223,193 - movdqu xmm14,XMMWORD PTR[48+r11] - movdqu xmm15,XMMWORD PTR[64+r11] + movdqu xmm14,XMMWORD[48+r11] + movdqu xmm15,XMMWORD[64+r11] DB 102,69,15,56,223,202 movdqa xmm10,xmm0 - movdqu xmm1,XMMWORD PTR[80+r11] - movups xmm0,XMMWORD PTR[((-112))+rcx] + movdqu xmm1,XMMWORD[80+r11] + movups xmm0,XMMWORD[((-112))+rcx] - movups XMMWORD PTR[rsi],xmm2 + movups XMMWORD[rsi],xmm2 movdqa xmm2,xmm11 - movups XMMWORD PTR[16+rsi],xmm3 + movups XMMWORD[16+rsi],xmm3 movdqa xmm3,xmm12 - movups XMMWORD PTR[32+rsi],xmm4 + movups XMMWORD[32+rsi],xmm4 movdqa xmm4,xmm13 - movups XMMWORD PTR[48+rsi],xmm5 + movups XMMWORD[48+rsi],xmm5 movdqa xmm5,xmm14 - movups XMMWORD PTR[64+rsi],xmm6 + movups XMMWORD[64+rsi],xmm6 movdqa xmm6,xmm15 - movups XMMWORD PTR[80+rsi],xmm7 + movups XMMWORD[80+rsi],xmm7 movdqa xmm7,xmm1 - movups XMMWORD PTR[96+rsi],xmm8 - lea rsi,QWORD PTR[112+rsi] + movups XMMWORD[96+rsi],xmm8 + lea rsi,[112+rsi] - sub rdx,080h - ja $L$cbc_dec_loop8 + sub rdx,0x80 + ja NEAR $L$cbc_dec_loop8 movaps xmm2,xmm9 - lea rcx,QWORD PTR[((-112))+rcx] - add rdx,070h - jle $L$cbc_dec_tail_collected - movups XMMWORD PTR[rsi],xmm9 - lea rsi,QWORD PTR[16+rsi] - cmp rdx,050h - jbe $L$cbc_dec_tail + lea rcx,[((-112))+rcx] + add rdx,0x70 + jle NEAR $L$cbc_dec_clear_tail_collected + movups XMMWORD[rsi],xmm9 + lea rsi,[16+rsi] + cmp rdx,0x50 + jbe NEAR $L$cbc_dec_tail movaps xmm2,xmm11 -$L$cbc_dec_six_or_seven:: - cmp rdx,060h - ja $L$cbc_dec_seven +$L$cbc_dec_six_or_seven: + cmp rdx,0x60 + ja NEAR $L$cbc_dec_seven movaps xmm8,xmm7 call _aesni_decrypt6 pxor xmm2,xmm10 movaps xmm10,xmm8 pxor xmm3,xmm11 - movdqu XMMWORD PTR[rsi],xmm2 + movdqu XMMWORD[rsi],xmm2 pxor xmm4,xmm12 - movdqu XMMWORD PTR[16+rsi],xmm3 + movdqu XMMWORD[16+rsi],xmm3 + pxor xmm3,xmm3 pxor xmm5,xmm13 - movdqu XMMWORD PTR[32+rsi],xmm4 + movdqu XMMWORD[32+rsi],xmm4 + pxor xmm4,xmm4 pxor xmm6,xmm14 - movdqu XMMWORD PTR[48+rsi],xmm5 + movdqu XMMWORD[48+rsi],xmm5 + pxor xmm5,xmm5 pxor xmm7,xmm15 - movdqu XMMWORD PTR[64+rsi],xmm6 - lea rsi,QWORD PTR[80+rsi] + movdqu XMMWORD[64+rsi],xmm6 + pxor xmm6,xmm6 + lea rsi,[80+rsi] movdqa xmm2,xmm7 - jmp $L$cbc_dec_tail_collected + pxor xmm7,xmm7 + jmp NEAR $L$cbc_dec_tail_collected ALIGN 16 -$L$cbc_dec_seven:: - movups xmm8,XMMWORD PTR[96+rdi] +$L$cbc_dec_seven: + movups xmm8,XMMWORD[96+rdi] xorps xmm9,xmm9 call _aesni_decrypt8 - movups xmm9,XMMWORD PTR[80+rdi] + movups xmm9,XMMWORD[80+rdi] pxor xmm2,xmm10 - movups xmm10,XMMWORD PTR[96+rdi] + movups xmm10,XMMWORD[96+rdi] pxor xmm3,xmm11 - movdqu XMMWORD PTR[rsi],xmm2 + movdqu XMMWORD[rsi],xmm2 pxor xmm4,xmm12 - movdqu XMMWORD PTR[16+rsi],xmm3 + movdqu XMMWORD[16+rsi],xmm3 + pxor xmm3,xmm3 pxor xmm5,xmm13 - movdqu XMMWORD PTR[32+rsi],xmm4 + movdqu XMMWORD[32+rsi],xmm4 + pxor xmm4,xmm4 pxor xmm6,xmm14 - movdqu XMMWORD PTR[48+rsi],xmm5 + movdqu XMMWORD[48+rsi],xmm5 + pxor xmm5,xmm5 pxor xmm7,xmm15 - movdqu XMMWORD PTR[64+rsi],xmm6 + movdqu XMMWORD[64+rsi],xmm6 + pxor xmm6,xmm6 pxor xmm8,xmm9 - movdqu XMMWORD PTR[80+rsi],xmm7 - lea rsi,QWORD PTR[96+rsi] + movdqu XMMWORD[80+rsi],xmm7 + pxor xmm7,xmm7 + lea rsi,[96+rsi] movdqa xmm2,xmm8 - jmp $L$cbc_dec_tail_collected + pxor xmm8,xmm8 + pxor xmm9,xmm9 + jmp NEAR $L$cbc_dec_tail_collected ALIGN 16 -$L$cbc_dec_loop6:: - movups XMMWORD PTR[rsi],xmm7 - lea rsi,QWORD PTR[16+rsi] - movdqu xmm2,XMMWORD PTR[rdi] - movdqu xmm3,XMMWORD PTR[16+rdi] +$L$cbc_dec_loop6: + movups XMMWORD[rsi],xmm7 + lea rsi,[16+rsi] + movdqu xmm2,XMMWORD[rdi] + movdqu xmm3,XMMWORD[16+rdi] movdqa xmm11,xmm2 - movdqu xmm4,XMMWORD PTR[32+rdi] + movdqu xmm4,XMMWORD[32+rdi] movdqa xmm12,xmm3 - movdqu xmm5,XMMWORD PTR[48+rdi] + movdqu xmm5,XMMWORD[48+rdi] movdqa xmm13,xmm4 - movdqu xmm6,XMMWORD PTR[64+rdi] + movdqu xmm6,XMMWORD[64+rdi] movdqa xmm14,xmm5 - movdqu xmm7,XMMWORD PTR[80+rdi] + movdqu xmm7,XMMWORD[80+rdi] movdqa xmm15,xmm6 -$L$cbc_dec_loop6_enter:: - lea rdi,QWORD PTR[96+rdi] +$L$cbc_dec_loop6_enter: + lea rdi,[96+rdi] movdqa xmm8,xmm7 call _aesni_decrypt6 @@ -2990,48 +3173,48 @@ $L$cbc_dec_loop6_enter:: pxor xmm2,xmm10 movdqa xmm10,xmm8 pxor xmm3,xmm11 - movdqu XMMWORD PTR[rsi],xmm2 + movdqu XMMWORD[rsi],xmm2 pxor xmm4,xmm12 - movdqu XMMWORD PTR[16+rsi],xmm3 + movdqu XMMWORD[16+rsi],xmm3 pxor xmm5,xmm13 - movdqu XMMWORD PTR[32+rsi],xmm4 + movdqu XMMWORD[32+rsi],xmm4 pxor xmm6,xmm14 mov rcx,r11 - movdqu XMMWORD PTR[48+rsi],xmm5 + movdqu XMMWORD[48+rsi],xmm5 pxor xmm7,xmm15 mov eax,r10d - movdqu XMMWORD PTR[64+rsi],xmm6 - lea rsi,QWORD PTR[80+rsi] - sub rdx,060h - ja $L$cbc_dec_loop6 + movdqu XMMWORD[64+rsi],xmm6 + lea rsi,[80+rsi] + sub rdx,0x60 + ja NEAR $L$cbc_dec_loop6 movdqa xmm2,xmm7 - add rdx,050h - jle $L$cbc_dec_tail_collected - movups XMMWORD PTR[rsi],xmm7 - lea rsi,QWORD PTR[16+rsi] + add rdx,0x50 + jle NEAR $L$cbc_dec_clear_tail_collected + movups XMMWORD[rsi],xmm7 + lea rsi,[16+rsi] -$L$cbc_dec_tail:: - movups xmm2,XMMWORD PTR[rdi] - sub rdx,010h - jbe $L$cbc_dec_one +$L$cbc_dec_tail: + movups xmm2,XMMWORD[rdi] + sub rdx,0x10 + jbe NEAR $L$cbc_dec_one - movups xmm3,XMMWORD PTR[16+rdi] + movups xmm3,XMMWORD[16+rdi] movaps xmm11,xmm2 - sub rdx,010h - jbe $L$cbc_dec_two + sub rdx,0x10 + jbe NEAR $L$cbc_dec_two - movups xmm4,XMMWORD PTR[32+rdi] + movups xmm4,XMMWORD[32+rdi] movaps xmm12,xmm3 - sub rdx,010h - jbe $L$cbc_dec_three + sub rdx,0x10 + jbe NEAR $L$cbc_dec_three - movups xmm5,XMMWORD PTR[48+rdi] + movups xmm5,XMMWORD[48+rdi] movaps xmm13,xmm4 - sub rdx,010h - jbe $L$cbc_dec_four + sub rdx,0x10 + jbe NEAR $L$cbc_dec_four - movups xmm6,XMMWORD PTR[64+rdi] + movups xmm6,XMMWORD[64+rdi] movaps xmm14,xmm5 movaps xmm15,xmm6 xorps xmm7,xmm7 @@ -3039,173 +3222,209 @@ $L$cbc_dec_tail:: pxor xmm2,xmm10 movaps xmm10,xmm15 pxor xmm3,xmm11 - movdqu XMMWORD PTR[rsi],xmm2 + movdqu XMMWORD[rsi],xmm2 pxor xmm4,xmm12 - movdqu XMMWORD PTR[16+rsi],xmm3 + movdqu XMMWORD[16+rsi],xmm3 + pxor xmm3,xmm3 pxor xmm5,xmm13 - movdqu XMMWORD PTR[32+rsi],xmm4 + movdqu XMMWORD[32+rsi],xmm4 + pxor xmm4,xmm4 pxor xmm6,xmm14 - movdqu XMMWORD PTR[48+rsi],xmm5 - lea rsi,QWORD PTR[64+rsi] + movdqu XMMWORD[48+rsi],xmm5 + pxor xmm5,xmm5 + lea rsi,[64+rsi] movdqa xmm2,xmm6 - sub rdx,010h - jmp $L$cbc_dec_tail_collected + pxor xmm6,xmm6 + pxor xmm7,xmm7 + sub rdx,0x10 + jmp NEAR $L$cbc_dec_tail_collected ALIGN 16 -$L$cbc_dec_one:: +$L$cbc_dec_one: movaps xmm11,xmm2 - movups xmm0,XMMWORD PTR[rcx] - movups xmm1,XMMWORD PTR[16+rcx] - lea rcx,QWORD PTR[32+rcx] + movups xmm0,XMMWORD[rcx] + movups xmm1,XMMWORD[16+rcx] + lea rcx,[32+rcx] xorps xmm2,xmm0 -$L$oop_dec1_16:: +$L$oop_dec1_17: DB 102,15,56,222,209 dec eax - movups xmm1,XMMWORD PTR[rcx] - lea rcx,QWORD PTR[16+rcx] - jnz $L$oop_dec1_16 + movups xmm1,XMMWORD[rcx] + lea rcx,[16+rcx] + jnz NEAR $L$oop_dec1_17 DB 102,15,56,223,209 xorps xmm2,xmm10 movaps xmm10,xmm11 - jmp $L$cbc_dec_tail_collected + jmp NEAR $L$cbc_dec_tail_collected ALIGN 16 -$L$cbc_dec_two:: +$L$cbc_dec_two: movaps xmm12,xmm3 call _aesni_decrypt2 pxor xmm2,xmm10 movaps xmm10,xmm12 pxor xmm3,xmm11 - movdqu XMMWORD PTR[rsi],xmm2 + movdqu XMMWORD[rsi],xmm2 movdqa xmm2,xmm3 - lea rsi,QWORD PTR[16+rsi] - jmp $L$cbc_dec_tail_collected + pxor xmm3,xmm3 + lea rsi,[16+rsi] + jmp NEAR $L$cbc_dec_tail_collected ALIGN 16 -$L$cbc_dec_three:: +$L$cbc_dec_three: movaps xmm13,xmm4 call _aesni_decrypt3 pxor xmm2,xmm10 movaps xmm10,xmm13 pxor xmm3,xmm11 - movdqu XMMWORD PTR[rsi],xmm2 + movdqu XMMWORD[rsi],xmm2 pxor xmm4,xmm12 - movdqu XMMWORD PTR[16+rsi],xmm3 + movdqu XMMWORD[16+rsi],xmm3 + pxor xmm3,xmm3 movdqa xmm2,xmm4 - lea rsi,QWORD PTR[32+rsi] - jmp $L$cbc_dec_tail_collected + pxor xmm4,xmm4 + lea rsi,[32+rsi] + jmp NEAR $L$cbc_dec_tail_collected ALIGN 16 -$L$cbc_dec_four:: +$L$cbc_dec_four: movaps xmm14,xmm5 call _aesni_decrypt4 pxor xmm2,xmm10 movaps xmm10,xmm14 pxor xmm3,xmm11 - movdqu XMMWORD PTR[rsi],xmm2 + movdqu XMMWORD[rsi],xmm2 pxor xmm4,xmm12 - movdqu XMMWORD PTR[16+rsi],xmm3 + movdqu XMMWORD[16+rsi],xmm3 + pxor xmm3,xmm3 pxor xmm5,xmm13 - movdqu XMMWORD PTR[32+rsi],xmm4 + movdqu XMMWORD[32+rsi],xmm4 + pxor xmm4,xmm4 movdqa xmm2,xmm5 - lea rsi,QWORD PTR[48+rsi] - jmp $L$cbc_dec_tail_collected + pxor xmm5,xmm5 + lea rsi,[48+rsi] + jmp NEAR $L$cbc_dec_tail_collected ALIGN 16 -$L$cbc_dec_tail_collected:: - movups XMMWORD PTR[r8],xmm10 +$L$cbc_dec_clear_tail_collected: + pxor xmm3,xmm3 + pxor xmm4,xmm4 + pxor xmm5,xmm5 +$L$cbc_dec_tail_collected: + movups XMMWORD[r8],xmm10 and rdx,15 - jnz $L$cbc_dec_tail_partial - movups XMMWORD PTR[rsi],xmm2 - jmp $L$cbc_dec_ret -ALIGN 16 -$L$cbc_dec_tail_partial:: - movaps XMMWORD PTR[rsp],xmm2 + jnz NEAR $L$cbc_dec_tail_partial + movups XMMWORD[rsi],xmm2 + pxor xmm2,xmm2 + jmp NEAR $L$cbc_dec_ret +ALIGN 16 +$L$cbc_dec_tail_partial: + movaps XMMWORD[rsp],xmm2 + pxor xmm2,xmm2 mov rcx,16 mov rdi,rsi sub rcx,rdx - lea rsi,QWORD PTR[rsp] - DD 09066A4F3h - -$L$cbc_dec_ret:: - movaps xmm6,XMMWORD PTR[16+rsp] - movaps xmm7,XMMWORD PTR[32+rsp] - movaps xmm8,XMMWORD PTR[48+rsp] - movaps xmm9,XMMWORD PTR[64+rsp] - movaps xmm10,XMMWORD PTR[80+rsp] - movaps xmm11,XMMWORD PTR[96+rsp] - movaps xmm12,XMMWORD PTR[112+rsp] - movaps xmm13,XMMWORD PTR[128+rsp] - movaps xmm14,XMMWORD PTR[144+rsp] - movaps xmm15,XMMWORD PTR[160+rsp] - lea rsp,QWORD PTR[rbp] + lea rsi,[rsp] + DD 0x9066A4F3 + movdqa XMMWORD[rsp],xmm2 + +$L$cbc_dec_ret: + xorps xmm0,xmm0 + pxor xmm1,xmm1 + movaps xmm6,XMMWORD[16+rsp] + movaps XMMWORD[16+rsp],xmm0 + movaps xmm7,XMMWORD[32+rsp] + movaps XMMWORD[32+rsp],xmm0 + movaps xmm8,XMMWORD[48+rsp] + movaps XMMWORD[48+rsp],xmm0 + movaps xmm9,XMMWORD[64+rsp] + movaps XMMWORD[64+rsp],xmm0 + movaps xmm10,XMMWORD[80+rsp] + movaps XMMWORD[80+rsp],xmm0 + movaps xmm11,XMMWORD[96+rsp] + movaps XMMWORD[96+rsp],xmm0 + movaps xmm12,XMMWORD[112+rsp] + movaps XMMWORD[112+rsp],xmm0 + movaps xmm13,XMMWORD[128+rsp] + movaps XMMWORD[128+rsp],xmm0 + movaps xmm14,XMMWORD[144+rsp] + movaps XMMWORD[144+rsp],xmm0 + movaps xmm15,XMMWORD[160+rsp] + movaps XMMWORD[160+rsp],xmm0 + lea rsp,[rbp] pop rbp -$L$cbc_ret:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] +$L$cbc_ret: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_aesni_cbc_encrypt:: -aesni_cbc_encrypt ENDP -PUBLIC aesni_set_decrypt_key +$L$SEH_end_aesni_cbc_encrypt: +global aesni_set_decrypt_key ALIGN 16 -aesni_set_decrypt_key PROC PUBLIC -DB 048h,083h,0ECh,008h +aesni_set_decrypt_key: +DB 0x48,0x83,0xEC,0x08 call __aesni_set_encrypt_key shl edx,4 test eax,eax - jnz $L$dec_key_ret - lea rcx,QWORD PTR[16+rdx*1+r8] - - movups xmm0,XMMWORD PTR[r8] - movups xmm1,XMMWORD PTR[rcx] - movups XMMWORD PTR[rcx],xmm0 - movups XMMWORD PTR[r8],xmm1 - lea r8,QWORD PTR[16+r8] - lea rcx,QWORD PTR[((-16))+rcx] - -$L$dec_key_inverse:: - movups xmm0,XMMWORD PTR[r8] - movups xmm1,XMMWORD PTR[rcx] + jnz NEAR $L$dec_key_ret + lea rcx,[16+rdx*1+r8] + + movups xmm0,XMMWORD[r8] + movups xmm1,XMMWORD[rcx] + movups XMMWORD[rcx],xmm0 + movups XMMWORD[r8],xmm1 + lea r8,[16+r8] + lea rcx,[((-16))+rcx] + +$L$dec_key_inverse: + movups xmm0,XMMWORD[r8] + movups xmm1,XMMWORD[rcx] DB 102,15,56,219,192 DB 102,15,56,219,201 - lea r8,QWORD PTR[16+r8] - lea rcx,QWORD PTR[((-16))+rcx] - movups XMMWORD PTR[16+rcx],xmm0 - movups XMMWORD PTR[(-16)+r8],xmm1 + lea r8,[16+r8] + lea rcx,[((-16))+rcx] + movups XMMWORD[16+rcx],xmm0 + movups XMMWORD[(-16)+r8],xmm1 cmp rcx,r8 - ja $L$dec_key_inverse + ja NEAR $L$dec_key_inverse - movups xmm0,XMMWORD PTR[r8] + movups xmm0,XMMWORD[r8] DB 102,15,56,219,192 - movups XMMWORD PTR[rcx],xmm0 -$L$dec_key_ret:: + pxor xmm1,xmm1 + movups XMMWORD[rcx],xmm0 + pxor xmm0,xmm0 +$L$dec_key_ret: add rsp,8 DB 0F3h,0C3h ;repret -$L$SEH_end_set_decrypt_key:: -aesni_set_decrypt_key ENDP -PUBLIC aesni_set_encrypt_key +$L$SEH_end_set_decrypt_key: + +global aesni_set_encrypt_key ALIGN 16 -aesni_set_encrypt_key PROC PUBLIC -__aesni_set_encrypt_key:: -DB 048h,083h,0ECh,008h +aesni_set_encrypt_key: +__aesni_set_encrypt_key: +DB 0x48,0x83,0xEC,0x08 mov rax,-1 test rcx,rcx - jz $L$enc_key_ret + jz NEAR $L$enc_key_ret test r8,r8 - jz $L$enc_key_ret + jz NEAR $L$enc_key_ret - movups xmm0,XMMWORD PTR[rcx] + mov r10d,268437504 + movups xmm0,XMMWORD[rcx] xorps xmm4,xmm4 - lea rax,QWORD PTR[16+r8] + and r10d,DWORD[((OPENSSL_ia32cap_P+4))] + lea rax,[16+r8] cmp edx,256 - je $L$14rounds + je NEAR $L$14rounds cmp edx,192 - je $L$12rounds + je NEAR $L$12rounds cmp edx,128 - jne $L$bad_keybits + jne NEAR $L$bad_keybits -$L$10rounds:: +$L$10rounds: mov edx,9 - movups XMMWORD PTR[r8],xmm0 + cmp r10d,268435456 + je NEAR $L$10rounds_alt + + movups XMMWORD[r8],xmm0 DB 102,15,58,223,200,1 call $L$key_expansion_128_cold DB 102,15,58,223,200,2 @@ -3226,16 +3445,86 @@ DB 102,15,58,223,200,27 call $L$key_expansion_128 DB 102,15,58,223,200,54 call $L$key_expansion_128 - movups XMMWORD PTR[rax],xmm0 - mov DWORD PTR[80+rax],edx + movups XMMWORD[rax],xmm0 + mov DWORD[80+rax],edx + xor eax,eax + jmp NEAR $L$enc_key_ret + +ALIGN 16 +$L$10rounds_alt: + movdqa xmm5,XMMWORD[$L$key_rotate] + mov r10d,8 + movdqa xmm4,XMMWORD[$L$key_rcon1] + movdqa xmm2,xmm0 + movdqu XMMWORD[r8],xmm0 + jmp NEAR $L$oop_key128 + +ALIGN 16 +$L$oop_key128: +DB 102,15,56,0,197 +DB 102,15,56,221,196 + pslld xmm4,1 + lea rax,[16+rax] + + movdqa xmm3,xmm2 + pslldq xmm2,4 + pxor xmm3,xmm2 + pslldq xmm2,4 + pxor xmm3,xmm2 + pslldq xmm2,4 + pxor xmm2,xmm3 + + pxor xmm0,xmm2 + movdqu XMMWORD[(-16)+rax],xmm0 + movdqa xmm2,xmm0 + + dec r10d + jnz NEAR $L$oop_key128 + + movdqa xmm4,XMMWORD[$L$key_rcon1b] + +DB 102,15,56,0,197 +DB 102,15,56,221,196 + pslld xmm4,1 + + movdqa xmm3,xmm2 + pslldq xmm2,4 + pxor xmm3,xmm2 + pslldq xmm2,4 + pxor xmm3,xmm2 + pslldq xmm2,4 + pxor xmm2,xmm3 + + pxor xmm0,xmm2 + movdqu XMMWORD[rax],xmm0 + + movdqa xmm2,xmm0 +DB 102,15,56,0,197 +DB 102,15,56,221,196 + + movdqa xmm3,xmm2 + pslldq xmm2,4 + pxor xmm3,xmm2 + pslldq xmm2,4 + pxor xmm3,xmm2 + pslldq xmm2,4 + pxor xmm2,xmm3 + + pxor xmm0,xmm2 + movdqu XMMWORD[16+rax],xmm0 + + mov DWORD[96+rax],edx xor eax,eax - jmp $L$enc_key_ret + jmp NEAR $L$enc_key_ret ALIGN 16 -$L$12rounds:: - movq xmm2,QWORD PTR[16+rcx] +$L$12rounds: + movq xmm2,QWORD[16+rcx] mov edx,11 - movups XMMWORD PTR[r8],xmm0 + cmp r10d,268435456 + je NEAR $L$12rounds_alt + + movups XMMWORD[r8],xmm0 DB 102,15,58,223,202,1 call $L$key_expansion_192a_cold DB 102,15,58,223,202,2 @@ -3252,18 +3541,62 @@ DB 102,15,58,223,202,64 call $L$key_expansion_192a DB 102,15,58,223,202,128 call $L$key_expansion_192b - movups XMMWORD PTR[rax],xmm0 - mov DWORD PTR[48+rax],edx + movups XMMWORD[rax],xmm0 + mov DWORD[48+rax],edx xor rax,rax - jmp $L$enc_key_ret + jmp NEAR $L$enc_key_ret + +ALIGN 16 +$L$12rounds_alt: + movdqa xmm5,XMMWORD[$L$key_rotate192] + movdqa xmm4,XMMWORD[$L$key_rcon1] + mov r10d,8 + movdqu XMMWORD[r8],xmm0 + jmp NEAR $L$oop_key192 + +ALIGN 16 +$L$oop_key192: + movq QWORD[rax],xmm2 + movdqa xmm1,xmm2 +DB 102,15,56,0,213 +DB 102,15,56,221,212 + pslld xmm4,1 + lea rax,[24+rax] + + movdqa xmm3,xmm0 + pslldq xmm0,4 + pxor xmm3,xmm0 + pslldq xmm0,4 + pxor xmm3,xmm0 + pslldq xmm0,4 + pxor xmm0,xmm3 + + pshufd xmm3,xmm0,0xff + pxor xmm3,xmm1 + pslldq xmm1,4 + pxor xmm3,xmm1 + + pxor xmm0,xmm2 + pxor xmm2,xmm3 + movdqu XMMWORD[(-16)+rax],xmm0 + + dec r10d + jnz NEAR $L$oop_key192 + + mov DWORD[32+rax],edx + xor eax,eax + jmp NEAR $L$enc_key_ret ALIGN 16 -$L$14rounds:: - movups xmm2,XMMWORD PTR[16+rcx] +$L$14rounds: + movups xmm2,XMMWORD[16+rcx] mov edx,13 - lea rax,QWORD PTR[16+rax] - movups XMMWORD PTR[r8],xmm0 - movups XMMWORD PTR[16+r8],xmm2 + lea rax,[16+rax] + cmp r10d,268435456 + je NEAR $L$14rounds_alt + + movups XMMWORD[r8],xmm0 + movups XMMWORD[16+r8],xmm2 DB 102,15,58,223,202,1 call $L$key_expansion_256a_cold DB 102,15,58,223,200,1 @@ -3290,24 +3623,84 @@ DB 102,15,58,223,200,32 call $L$key_expansion_256b DB 102,15,58,223,202,64 call $L$key_expansion_256a - movups XMMWORD PTR[rax],xmm0 - mov DWORD PTR[16+rax],edx + movups XMMWORD[rax],xmm0 + mov DWORD[16+rax],edx xor rax,rax - jmp $L$enc_key_ret + jmp NEAR $L$enc_key_ret + +ALIGN 16 +$L$14rounds_alt: + movdqa xmm5,XMMWORD[$L$key_rotate] + movdqa xmm4,XMMWORD[$L$key_rcon1] + mov r10d,7 + movdqu XMMWORD[r8],xmm0 + movdqa xmm1,xmm2 + movdqu XMMWORD[16+r8],xmm2 + jmp NEAR $L$oop_key256 ALIGN 16 -$L$bad_keybits:: +$L$oop_key256: +DB 102,15,56,0,213 +DB 102,15,56,221,212 + + movdqa xmm3,xmm0 + pslldq xmm0,4 + pxor xmm3,xmm0 + pslldq xmm0,4 + pxor xmm3,xmm0 + pslldq xmm0,4 + pxor xmm0,xmm3 + pslld xmm4,1 + + pxor xmm0,xmm2 + movdqu XMMWORD[rax],xmm0 + + dec r10d + jz NEAR $L$done_key256 + + pshufd xmm2,xmm0,0xff + pxor xmm3,xmm3 +DB 102,15,56,221,211 + + movdqa xmm3,xmm1 + pslldq xmm1,4 + pxor xmm3,xmm1 + pslldq xmm1,4 + pxor xmm3,xmm1 + pslldq xmm1,4 + pxor xmm1,xmm3 + + pxor xmm2,xmm1 + movdqu XMMWORD[16+rax],xmm2 + lea rax,[32+rax] + movdqa xmm1,xmm2 + + jmp NEAR $L$oop_key256 + +$L$done_key256: + mov DWORD[16+rax],edx + xor eax,eax + jmp NEAR $L$enc_key_ret + +ALIGN 16 +$L$bad_keybits: mov rax,-2 -$L$enc_key_ret:: +$L$enc_key_ret: + pxor xmm0,xmm0 + pxor xmm1,xmm1 + pxor xmm2,xmm2 + pxor xmm3,xmm3 + pxor xmm4,xmm4 + pxor xmm5,xmm5 add rsp,8 DB 0F3h,0C3h ;repret -$L$SEH_end_set_encrypt_key:: +$L$SEH_end_set_encrypt_key: ALIGN 16 -$L$key_expansion_128:: - movups XMMWORD PTR[rax],xmm0 - lea rax,QWORD PTR[16+rax] -$L$key_expansion_128_cold:: +$L$key_expansion_128: + movups XMMWORD[rax],xmm0 + lea rax,[16+rax] +$L$key_expansion_128_cold: shufps xmm4,xmm0,16 xorps xmm0,xmm4 shufps xmm4,xmm0,140 @@ -3317,12 +3710,12 @@ $L$key_expansion_128_cold:: DB 0F3h,0C3h ;repret ALIGN 16 -$L$key_expansion_192a:: - movups XMMWORD PTR[rax],xmm0 - lea rax,QWORD PTR[16+rax] -$L$key_expansion_192a_cold:: +$L$key_expansion_192a: + movups XMMWORD[rax],xmm0 + lea rax,[16+rax] +$L$key_expansion_192a_cold: movaps xmm5,xmm2 -$L$key_expansion_192b_warm:: +$L$key_expansion_192b_warm: shufps xmm4,xmm0,16 movdqa xmm3,xmm2 xorps xmm0,xmm4 @@ -3337,20 +3730,20 @@ $L$key_expansion_192b_warm:: DB 0F3h,0C3h ;repret ALIGN 16 -$L$key_expansion_192b:: +$L$key_expansion_192b: movaps xmm3,xmm0 shufps xmm5,xmm0,68 - movups XMMWORD PTR[rax],xmm5 + movups XMMWORD[rax],xmm5 shufps xmm3,xmm2,78 - movups XMMWORD PTR[16+rax],xmm3 - lea rax,QWORD PTR[32+rax] - jmp $L$key_expansion_192b_warm + movups XMMWORD[16+rax],xmm3 + lea rax,[32+rax] + jmp NEAR $L$key_expansion_192b_warm ALIGN 16 -$L$key_expansion_256a:: - movups XMMWORD PTR[rax],xmm2 - lea rax,QWORD PTR[16+rax] -$L$key_expansion_256a_cold:: +$L$key_expansion_256a: + movups XMMWORD[rax],xmm2 + lea rax,[16+rax] +$L$key_expansion_256a_cold: shufps xmm4,xmm0,16 xorps xmm0,xmm4 shufps xmm4,xmm0,140 @@ -3360,9 +3753,9 @@ $L$key_expansion_256a_cold:: DB 0F3h,0C3h ;repret ALIGN 16 -$L$key_expansion_256b:: - movups XMMWORD PTR[rax],xmm0 - lea rax,QWORD PTR[16+rax] +$L$key_expansion_256b: + movups XMMWORD[rax],xmm0 + lea rax,[16+rax] shufps xmm4,xmm2,16 xorps xmm2,xmm4 @@ -3371,29 +3764,37 @@ $L$key_expansion_256b:: shufps xmm1,xmm1,170 xorps xmm2,xmm1 DB 0F3h,0C3h ;repret -aesni_set_encrypt_key ENDP + ALIGN 64 -$L$bswap_mask:: +$L$bswap_mask: DB 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 -$L$increment32:: +$L$increment32: DD 6,6,6,0 -$L$increment64:: +$L$increment64: DD 1,0,0,0 -$L$xts_magic:: - DD 087h,0,1,0 -$L$increment1:: +$L$xts_magic: + DD 0x87,0,1,0 +$L$increment1: DB 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1 +$L$key_rotate: + DD 0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d +$L$key_rotate192: + DD 0x04070605,0x04070605,0x04070605,0x04070605 +$L$key_rcon1: + DD 1,1,1,1 +$L$key_rcon1b: + DD 0x1b,0x1b,0x1b,0x1b DB 65,69,83,32,102,111,114,32,73,110,116,101,108,32,65,69 DB 83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83 DB 32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115 DB 115,108,46,111,114,103,62,0 ALIGN 64 -EXTERN __imp_RtlVirtualUnwind:NEAR +EXTERN __imp_RtlVirtualUnwind ALIGN 16 -ecb_ccm64_se_handler PROC PRIVATE +ecb_ccm64_se_handler: push rsi push rdi push rbx @@ -3405,36 +3806,36 @@ ecb_ccm64_se_handler PROC PRIVATE pushfq sub rsp,64 - mov rax,QWORD PTR[120+r8] - mov rbx,QWORD PTR[248+r8] + mov rax,QWORD[120+r8] + mov rbx,QWORD[248+r8] - mov rsi,QWORD PTR[8+r9] - mov r11,QWORD PTR[56+r9] + mov rsi,QWORD[8+r9] + mov r11,QWORD[56+r9] - mov r10d,DWORD PTR[r11] - lea r10,QWORD PTR[r10*1+rsi] + mov r10d,DWORD[r11] + lea r10,[r10*1+rsi] cmp rbx,r10 - jb $L$common_seh_tail + jb NEAR $L$common_seh_tail - mov rax,QWORD PTR[152+r8] + mov rax,QWORD[152+r8] - mov r10d,DWORD PTR[4+r11] - lea r10,QWORD PTR[r10*1+rsi] + mov r10d,DWORD[4+r11] + lea r10,[r10*1+rsi] cmp rbx,r10 - jae $L$common_seh_tail + jae NEAR $L$common_seh_tail - lea rsi,QWORD PTR[rax] - lea rdi,QWORD PTR[512+r8] + lea rsi,[rax] + lea rdi,[512+r8] mov ecx,8 - DD 0a548f3fch - lea rax,QWORD PTR[88+rax] + DD 0xa548f3fc + lea rax,[88+rax] + + jmp NEAR $L$common_seh_tail - jmp $L$common_seh_tail -ecb_ccm64_se_handler ENDP ALIGN 16 -ctr_xts_se_handler PROC PRIVATE +ctr_xts_se_handler: push rsi push rdi push rbx @@ -3446,35 +3847,35 @@ ctr_xts_se_handler PROC PRIVATE pushfq sub rsp,64 - mov rax,QWORD PTR[120+r8] - mov rbx,QWORD PTR[248+r8] + mov rax,QWORD[120+r8] + mov rbx,QWORD[248+r8] - mov rsi,QWORD PTR[8+r9] - mov r11,QWORD PTR[56+r9] + mov rsi,QWORD[8+r9] + mov r11,QWORD[56+r9] - mov r10d,DWORD PTR[r11] - lea r10,QWORD PTR[r10*1+rsi] + mov r10d,DWORD[r11] + lea r10,[r10*1+rsi] cmp rbx,r10 - jb $L$common_seh_tail + jb NEAR $L$common_seh_tail - mov rax,QWORD PTR[152+r8] + mov rax,QWORD[152+r8] - mov r10d,DWORD PTR[4+r11] - lea r10,QWORD PTR[r10*1+rsi] + mov r10d,DWORD[4+r11] + lea r10,[r10*1+rsi] cmp rbx,r10 - jae $L$common_seh_tail + jae NEAR $L$common_seh_tail - mov rax,QWORD PTR[160+r8] - lea rsi,QWORD PTR[((-160))+rax] - lea rdi,QWORD PTR[512+r8] + mov rax,QWORD[160+r8] + lea rsi,[((-160))+rax] + lea rdi,[512+r8] mov ecx,20 - DD 0a548f3fch + DD 0xa548f3fc + + jmp NEAR $L$common_rbp_tail - jmp $L$common_rbp_tail -ctr_xts_se_handler ENDP ALIGN 16 -cbc_se_handler PROC PRIVATE +cbc_se_handler: push rsi push rdi push rbx @@ -3486,61 +3887,61 @@ cbc_se_handler PROC PRIVATE pushfq sub rsp,64 - mov rax,QWORD PTR[152+r8] - mov rbx,QWORD PTR[248+r8] + mov rax,QWORD[152+r8] + mov rbx,QWORD[248+r8] - lea r10,QWORD PTR[$L$cbc_decrypt] + lea r10,[$L$cbc_decrypt_bulk] cmp rbx,r10 - jb $L$common_seh_tail + jb NEAR $L$common_seh_tail - lea r10,QWORD PTR[$L$cbc_decrypt_body] + lea r10,[$L$cbc_decrypt_body] cmp rbx,r10 - jb $L$restore_cbc_rax + jb NEAR $L$restore_cbc_rax - lea r10,QWORD PTR[$L$cbc_ret] + lea r10,[$L$cbc_ret] cmp rbx,r10 - jae $L$common_seh_tail + jae NEAR $L$common_seh_tail - lea rsi,QWORD PTR[16+rax] - lea rdi,QWORD PTR[512+r8] + lea rsi,[16+rax] + lea rdi,[512+r8] mov ecx,20 - DD 0a548f3fch - -$L$common_rbp_tail:: - mov rax,QWORD PTR[160+r8] - mov rbp,QWORD PTR[rax] - lea rax,QWORD PTR[8+rax] - mov QWORD PTR[160+r8],rbp - jmp $L$common_seh_tail - -$L$restore_cbc_rax:: - mov rax,QWORD PTR[120+r8] - -$L$common_seh_tail:: - mov rdi,QWORD PTR[8+rax] - mov rsi,QWORD PTR[16+rax] - mov QWORD PTR[152+r8],rax - mov QWORD PTR[168+r8],rsi - mov QWORD PTR[176+r8],rdi - - mov rdi,QWORD PTR[40+r9] + DD 0xa548f3fc + +$L$common_rbp_tail: + mov rax,QWORD[160+r8] + mov rbp,QWORD[rax] + lea rax,[8+rax] + mov QWORD[160+r8],rbp + jmp NEAR $L$common_seh_tail + +$L$restore_cbc_rax: + mov rax,QWORD[120+r8] + +$L$common_seh_tail: + mov rdi,QWORD[8+rax] + mov rsi,QWORD[16+rax] + mov QWORD[152+r8],rax + mov QWORD[168+r8],rsi + mov QWORD[176+r8],rdi + + mov rdi,QWORD[40+r9] mov rsi,r8 mov ecx,154 - DD 0a548f3fch + DD 0xa548f3fc mov rsi,r9 xor rcx,rcx - mov rdx,QWORD PTR[8+rsi] - mov r8,QWORD PTR[rsi] - mov r9,QWORD PTR[16+rsi] - mov r10,QWORD PTR[40+rsi] - lea r11,QWORD PTR[56+rsi] - lea r12,QWORD PTR[24+rsi] - mov QWORD PTR[32+rsp],r10 - mov QWORD PTR[40+rsp],r11 - mov QWORD PTR[48+rsp],r12 - mov QWORD PTR[56+rsp],rcx - call QWORD PTR[__imp_RtlVirtualUnwind] + mov rdx,QWORD[8+rsi] + mov r8,QWORD[rsi] + mov r9,QWORD[16+rsi] + mov r10,QWORD[40+rsi] + lea r11,[56+rsi] + lea r12,[24+rsi] + mov QWORD[32+rsp],r10 + mov QWORD[40+rsp],r11 + mov QWORD[48+rsp],r12 + mov QWORD[56+rsp],rcx + call QWORD[__imp_RtlVirtualUnwind] mov eax,1 add rsp,64 @@ -3554,78 +3955,73 @@ $L$common_seh_tail:: pop rdi pop rsi DB 0F3h,0C3h ;repret -cbc_se_handler ENDP -.text$ ENDS -.pdata SEGMENT READONLY ALIGN(4) + +section .pdata rdata align=4 ALIGN 4 - DD imagerel $L$SEH_begin_aesni_ecb_encrypt - DD imagerel $L$SEH_end_aesni_ecb_encrypt - DD imagerel $L$SEH_info_ecb - - DD imagerel $L$SEH_begin_aesni_ccm64_encrypt_blocks - DD imagerel $L$SEH_end_aesni_ccm64_encrypt_blocks - DD imagerel $L$SEH_info_ccm64_enc - - DD imagerel $L$SEH_begin_aesni_ccm64_decrypt_blocks - DD imagerel $L$SEH_end_aesni_ccm64_decrypt_blocks - DD imagerel $L$SEH_info_ccm64_dec - - DD imagerel $L$SEH_begin_aesni_ctr32_encrypt_blocks - DD imagerel $L$SEH_end_aesni_ctr32_encrypt_blocks - DD imagerel $L$SEH_info_ctr32 - - DD imagerel $L$SEH_begin_aesni_xts_encrypt - DD imagerel $L$SEH_end_aesni_xts_encrypt - DD imagerel $L$SEH_info_xts_enc - - DD imagerel $L$SEH_begin_aesni_xts_decrypt - DD imagerel $L$SEH_end_aesni_xts_decrypt - DD imagerel $L$SEH_info_xts_dec - DD imagerel $L$SEH_begin_aesni_cbc_encrypt - DD imagerel $L$SEH_end_aesni_cbc_encrypt - DD imagerel $L$SEH_info_cbc - - DD imagerel aesni_set_decrypt_key - DD imagerel $L$SEH_end_set_decrypt_key - DD imagerel $L$SEH_info_key - - DD imagerel aesni_set_encrypt_key - DD imagerel $L$SEH_end_set_encrypt_key - DD imagerel $L$SEH_info_key -.pdata ENDS -.xdata SEGMENT READONLY ALIGN(8) + DD $L$SEH_begin_aesni_ecb_encrypt wrt ..imagebase + DD $L$SEH_end_aesni_ecb_encrypt wrt ..imagebase + DD $L$SEH_info_ecb wrt ..imagebase + + DD $L$SEH_begin_aesni_ccm64_encrypt_blocks wrt ..imagebase + DD $L$SEH_end_aesni_ccm64_encrypt_blocks wrt ..imagebase + DD $L$SEH_info_ccm64_enc wrt ..imagebase + + DD $L$SEH_begin_aesni_ccm64_decrypt_blocks wrt ..imagebase + DD $L$SEH_end_aesni_ccm64_decrypt_blocks wrt ..imagebase + DD $L$SEH_info_ccm64_dec wrt ..imagebase + + DD $L$SEH_begin_aesni_ctr32_encrypt_blocks wrt ..imagebase + DD $L$SEH_end_aesni_ctr32_encrypt_blocks wrt ..imagebase + DD $L$SEH_info_ctr32 wrt ..imagebase + + DD $L$SEH_begin_aesni_xts_encrypt wrt ..imagebase + DD $L$SEH_end_aesni_xts_encrypt wrt ..imagebase + DD $L$SEH_info_xts_enc wrt ..imagebase + + DD $L$SEH_begin_aesni_xts_decrypt wrt ..imagebase + DD $L$SEH_end_aesni_xts_decrypt wrt ..imagebase + DD $L$SEH_info_xts_dec wrt ..imagebase + DD $L$SEH_begin_aesni_cbc_encrypt wrt ..imagebase + DD $L$SEH_end_aesni_cbc_encrypt wrt ..imagebase + DD $L$SEH_info_cbc wrt ..imagebase + + DD aesni_set_decrypt_key wrt ..imagebase + DD $L$SEH_end_set_decrypt_key wrt ..imagebase + DD $L$SEH_info_key wrt ..imagebase + + DD aesni_set_encrypt_key wrt ..imagebase + DD $L$SEH_end_set_encrypt_key wrt ..imagebase + DD $L$SEH_info_key wrt ..imagebase +section .xdata rdata align=8 ALIGN 8 -$L$SEH_info_ecb:: +$L$SEH_info_ecb: DB 9,0,0,0 - DD imagerel ecb_ccm64_se_handler - DD imagerel $L$ecb_enc_body,imagerel $L$ecb_enc_ret -$L$SEH_info_ccm64_enc:: + DD ecb_ccm64_se_handler wrt ..imagebase + DD $L$ecb_enc_body wrt ..imagebase,$L$ecb_enc_ret wrt ..imagebase +$L$SEH_info_ccm64_enc: DB 9,0,0,0 - DD imagerel ecb_ccm64_se_handler - DD imagerel $L$ccm64_enc_body,imagerel $L$ccm64_enc_ret -$L$SEH_info_ccm64_dec:: + DD ecb_ccm64_se_handler wrt ..imagebase + DD $L$ccm64_enc_body wrt ..imagebase,$L$ccm64_enc_ret wrt ..imagebase +$L$SEH_info_ccm64_dec: DB 9,0,0,0 - DD imagerel ecb_ccm64_se_handler - DD imagerel $L$ccm64_dec_body,imagerel $L$ccm64_dec_ret -$L$SEH_info_ctr32:: + DD ecb_ccm64_se_handler wrt ..imagebase + DD $L$ccm64_dec_body wrt ..imagebase,$L$ccm64_dec_ret wrt ..imagebase +$L$SEH_info_ctr32: DB 9,0,0,0 - DD imagerel ctr_xts_se_handler - DD imagerel $L$ctr32_body,imagerel $L$ctr32_epilogue -$L$SEH_info_xts_enc:: + DD ctr_xts_se_handler wrt ..imagebase + DD $L$ctr32_body wrt ..imagebase,$L$ctr32_epilogue wrt ..imagebase +$L$SEH_info_xts_enc: DB 9,0,0,0 - DD imagerel ctr_xts_se_handler - DD imagerel $L$xts_enc_body,imagerel $L$xts_enc_epilogue -$L$SEH_info_xts_dec:: + DD ctr_xts_se_handler wrt ..imagebase + DD $L$xts_enc_body wrt ..imagebase,$L$xts_enc_epilogue wrt ..imagebase +$L$SEH_info_xts_dec: DB 9,0,0,0 - DD imagerel ctr_xts_se_handler - DD imagerel $L$xts_dec_body,imagerel $L$xts_dec_epilogue -$L$SEH_info_cbc:: + DD ctr_xts_se_handler wrt ..imagebase + DD $L$xts_dec_body wrt ..imagebase,$L$xts_dec_epilogue wrt ..imagebase +$L$SEH_info_cbc: DB 9,0,0,0 - DD imagerel cbc_se_handler -$L$SEH_info_key:: -DB 001h,004h,001h,000h -DB 004h,002h,000h,000h - -.xdata ENDS -END + DD cbc_se_handler wrt ..imagebase +$L$SEH_info_key: +DB 0x01,0x04,0x01,0x00 +DB 0x04,0x02,0x00,0x00 diff --git a/win-x86_64/crypto/aes/bsaes-x86_64.asm b/win-x86_64/crypto/aes/bsaes-x86_64.asm index 3346a7e..6d75248 100644 --- a/win-x86_64/crypto/aes/bsaes-x86_64.asm +++ b/win-x86_64/crypto/aes/bsaes-x86_64.asm @@ -1,17 +1,21 @@ -OPTION DOTNAME -.text$ SEGMENT ALIGN(256) 'CODE' +default rel +%define XMMWORD +%define YMMWORD +%define ZMMWORD +section .text code align=64 -EXTERN asm_AES_encrypt:NEAR -EXTERN asm_AES_decrypt:NEAR + +EXTERN asm_AES_encrypt +EXTERN asm_AES_decrypt ALIGN 64 -_bsaes_encrypt8 PROC PRIVATE - lea r11,QWORD PTR[$L$BS0] +_bsaes_encrypt8: + lea r11,[$L$BS0] - movdqa xmm8,XMMWORD PTR[rax] - lea rax,QWORD PTR[16+rax] - movdqa xmm7,XMMWORD PTR[80+r11] + movdqa xmm8,XMMWORD[rax] + lea rax,[16+rax] + movdqa xmm7,XMMWORD[80+r11] pxor xmm15,xmm8 pxor xmm0,xmm8 pxor xmm1,xmm8 @@ -28,9 +32,9 @@ DB 102,15,56,0,223 DB 102,15,56,0,231 DB 102,15,56,0,239 DB 102,15,56,0,247 -_bsaes_encrypt8_bitslice:: - movdqa xmm7,XMMWORD PTR[r11] - movdqa xmm8,XMMWORD PTR[16+r11] +_bsaes_encrypt8_bitslice: + movdqa xmm7,XMMWORD[r11] + movdqa xmm8,XMMWORD[16+r11] movdqa xmm9,xmm5 psrlq xmm5,1 movdqa xmm10,xmm3 @@ -59,7 +63,7 @@ _bsaes_encrypt8_bitslice:: psllq xmm15,1 pxor xmm1,xmm9 pxor xmm15,xmm10 - movdqa xmm7,XMMWORD PTR[32+r11] + movdqa xmm7,XMMWORD[32+r11] movdqa xmm9,xmm4 psrlq xmm4,2 movdqa xmm10,xmm3 @@ -117,27 +121,27 @@ _bsaes_encrypt8_bitslice:: pxor xmm0,xmm9 pxor xmm15,xmm10 dec r10d - jmp $L$enc_sbox + jmp NEAR $L$enc_sbox ALIGN 16 -$L$enc_loop:: - pxor xmm15,XMMWORD PTR[rax] - pxor xmm0,XMMWORD PTR[16+rax] - pxor xmm1,XMMWORD PTR[32+rax] - pxor xmm2,XMMWORD PTR[48+rax] +$L$enc_loop: + pxor xmm15,XMMWORD[rax] + pxor xmm0,XMMWORD[16+rax] + pxor xmm1,XMMWORD[32+rax] + pxor xmm2,XMMWORD[48+rax] DB 102,68,15,56,0,255 DB 102,15,56,0,199 - pxor xmm3,XMMWORD PTR[64+rax] - pxor xmm4,XMMWORD PTR[80+rax] + pxor xmm3,XMMWORD[64+rax] + pxor xmm4,XMMWORD[80+rax] DB 102,15,56,0,207 DB 102,15,56,0,215 - pxor xmm5,XMMWORD PTR[96+rax] - pxor xmm6,XMMWORD PTR[112+rax] + pxor xmm5,XMMWORD[96+rax] + pxor xmm6,XMMWORD[112+rax] DB 102,15,56,0,223 DB 102,15,56,0,231 DB 102,15,56,0,239 DB 102,15,56,0,247 - lea rax,QWORD PTR[128+rax] -$L$enc_sbox:: + lea rax,[128+rax] +$L$enc_sbox: pxor xmm4,xmm5 pxor xmm1,xmm0 pxor xmm2,xmm15 @@ -324,46 +328,46 @@ $L$enc_sbox:: pxor xmm5,xmm2 dec r10d - jl $L$enc_done - pshufd xmm7,xmm15,093h - pshufd xmm8,xmm0,093h + jl NEAR $L$enc_done + pshufd xmm7,xmm15,0x93 + pshufd xmm8,xmm0,0x93 pxor xmm15,xmm7 - pshufd xmm9,xmm3,093h + pshufd xmm9,xmm3,0x93 pxor xmm0,xmm8 - pshufd xmm10,xmm5,093h + pshufd xmm10,xmm5,0x93 pxor xmm3,xmm9 - pshufd xmm11,xmm2,093h + pshufd xmm11,xmm2,0x93 pxor xmm5,xmm10 - pshufd xmm12,xmm6,093h + pshufd xmm12,xmm6,0x93 pxor xmm2,xmm11 - pshufd xmm13,xmm1,093h + pshufd xmm13,xmm1,0x93 pxor xmm6,xmm12 - pshufd xmm14,xmm4,093h + pshufd xmm14,xmm4,0x93 pxor xmm1,xmm13 pxor xmm4,xmm14 pxor xmm8,xmm15 pxor xmm7,xmm4 pxor xmm8,xmm4 - pshufd xmm15,xmm15,04Eh + pshufd xmm15,xmm15,0x4E pxor xmm9,xmm0 - pshufd xmm0,xmm0,04Eh + pshufd xmm0,xmm0,0x4E pxor xmm12,xmm2 pxor xmm15,xmm7 pxor xmm13,xmm6 pxor xmm0,xmm8 pxor xmm11,xmm5 - pshufd xmm7,xmm2,04Eh + pshufd xmm7,xmm2,0x4E pxor xmm14,xmm1 - pshufd xmm8,xmm6,04Eh + pshufd xmm8,xmm6,0x4E pxor xmm10,xmm3 - pshufd xmm2,xmm5,04Eh + pshufd xmm2,xmm5,0x4E pxor xmm10,xmm4 - pshufd xmm6,xmm4,04Eh + pshufd xmm6,xmm4,0x4E pxor xmm11,xmm4 - pshufd xmm5,xmm1,04Eh + pshufd xmm5,xmm1,0x4E pxor xmm7,xmm11 - pshufd xmm1,xmm3,04Eh + pshufd xmm1,xmm3,0x4E pxor xmm8,xmm12 pxor xmm2,xmm10 pxor xmm6,xmm14 @@ -371,14 +375,14 @@ $L$enc_sbox:: movdqa xmm3,xmm7 pxor xmm1,xmm9 movdqa xmm4,xmm8 - movdqa xmm7,XMMWORD PTR[48+r11] - jnz $L$enc_loop - movdqa xmm7,XMMWORD PTR[64+r11] - jmp $L$enc_loop + movdqa xmm7,XMMWORD[48+r11] + jnz NEAR $L$enc_loop + movdqa xmm7,XMMWORD[64+r11] + jmp NEAR $L$enc_loop ALIGN 16 -$L$enc_done:: - movdqa xmm7,XMMWORD PTR[r11] - movdqa xmm8,XMMWORD PTR[16+r11] +$L$enc_done: + movdqa xmm7,XMMWORD[r11] + movdqa xmm8,XMMWORD[16+r11] movdqa xmm9,xmm1 psrlq xmm1,1 movdqa xmm10,xmm2 @@ -407,7 +411,7 @@ $L$enc_done:: psllq xmm15,1 pxor xmm3,xmm9 pxor xmm15,xmm10 - movdqa xmm7,XMMWORD PTR[32+r11] + movdqa xmm7,XMMWORD[32+r11] movdqa xmm9,xmm6 psrlq xmm6,2 movdqa xmm10,xmm2 @@ -464,7 +468,7 @@ $L$enc_done:: psllq xmm15,4 pxor xmm0,xmm9 pxor xmm15,xmm10 - movdqa xmm7,XMMWORD PTR[rax] + movdqa xmm7,XMMWORD[rax] pxor xmm3,xmm7 pxor xmm5,xmm7 pxor xmm2,xmm7 @@ -474,16 +478,16 @@ $L$enc_done:: pxor xmm15,xmm7 pxor xmm0,xmm7 DB 0F3h,0C3h ;repret -_bsaes_encrypt8 ENDP + ALIGN 64 -_bsaes_decrypt8 PROC PRIVATE - lea r11,QWORD PTR[$L$BS0] +_bsaes_decrypt8: + lea r11,[$L$BS0] - movdqa xmm8,XMMWORD PTR[rax] - lea rax,QWORD PTR[16+rax] - movdqa xmm7,XMMWORD PTR[((-48))+r11] + movdqa xmm8,XMMWORD[rax] + lea rax,[16+rax] + movdqa xmm7,XMMWORD[((-48))+r11] pxor xmm15,xmm8 pxor xmm0,xmm8 pxor xmm1,xmm8 @@ -500,8 +504,8 @@ DB 102,15,56,0,223 DB 102,15,56,0,231 DB 102,15,56,0,239 DB 102,15,56,0,247 - movdqa xmm7,XMMWORD PTR[r11] - movdqa xmm8,XMMWORD PTR[16+r11] + movdqa xmm7,XMMWORD[r11] + movdqa xmm8,XMMWORD[16+r11] movdqa xmm9,xmm5 psrlq xmm5,1 movdqa xmm10,xmm3 @@ -530,7 +534,7 @@ DB 102,15,56,0,247 psllq xmm15,1 pxor xmm1,xmm9 pxor xmm15,xmm10 - movdqa xmm7,XMMWORD PTR[32+r11] + movdqa xmm7,XMMWORD[32+r11] movdqa xmm9,xmm4 psrlq xmm4,2 movdqa xmm10,xmm3 @@ -588,27 +592,27 @@ DB 102,15,56,0,247 pxor xmm0,xmm9 pxor xmm15,xmm10 dec r10d - jmp $L$dec_sbox + jmp NEAR $L$dec_sbox ALIGN 16 -$L$dec_loop:: - pxor xmm15,XMMWORD PTR[rax] - pxor xmm0,XMMWORD PTR[16+rax] - pxor xmm1,XMMWORD PTR[32+rax] - pxor xmm2,XMMWORD PTR[48+rax] +$L$dec_loop: + pxor xmm15,XMMWORD[rax] + pxor xmm0,XMMWORD[16+rax] + pxor xmm1,XMMWORD[32+rax] + pxor xmm2,XMMWORD[48+rax] DB 102,68,15,56,0,255 DB 102,15,56,0,199 - pxor xmm3,XMMWORD PTR[64+rax] - pxor xmm4,XMMWORD PTR[80+rax] + pxor xmm3,XMMWORD[64+rax] + pxor xmm4,XMMWORD[80+rax] DB 102,15,56,0,207 DB 102,15,56,0,215 - pxor xmm5,XMMWORD PTR[96+rax] - pxor xmm6,XMMWORD PTR[112+rax] + pxor xmm5,XMMWORD[96+rax] + pxor xmm6,XMMWORD[112+rax] DB 102,15,56,0,223 DB 102,15,56,0,231 DB 102,15,56,0,239 DB 102,15,56,0,247 - lea rax,QWORD PTR[128+rax] -$L$dec_sbox:: + lea rax,[128+rax] +$L$dec_sbox: pxor xmm2,xmm3 pxor xmm3,xmm6 @@ -795,26 +799,26 @@ $L$dec_sbox:: pxor xmm3,xmm15 pxor xmm6,xmm2 dec r10d - jl $L$dec_done + jl NEAR $L$dec_done - pshufd xmm7,xmm15,04Eh - pshufd xmm13,xmm2,04Eh + pshufd xmm7,xmm15,0x4E + pshufd xmm13,xmm2,0x4E pxor xmm7,xmm15 - pshufd xmm14,xmm4,04Eh + pshufd xmm14,xmm4,0x4E pxor xmm13,xmm2 - pshufd xmm8,xmm0,04Eh + pshufd xmm8,xmm0,0x4E pxor xmm14,xmm4 - pshufd xmm9,xmm5,04Eh + pshufd xmm9,xmm5,0x4E pxor xmm8,xmm0 - pshufd xmm10,xmm3,04Eh + pshufd xmm10,xmm3,0x4E pxor xmm9,xmm5 pxor xmm15,xmm13 pxor xmm0,xmm13 - pshufd xmm11,xmm1,04Eh + pshufd xmm11,xmm1,0x4E pxor xmm10,xmm3 pxor xmm5,xmm7 pxor xmm3,xmm8 - pshufd xmm12,xmm6,04Eh + pshufd xmm12,xmm6,0x4E pxor xmm11,xmm1 pxor xmm0,xmm14 pxor xmm1,xmm9 @@ -828,45 +832,45 @@ $L$dec_sbox:: pxor xmm1,xmm14 pxor xmm6,xmm14 pxor xmm4,xmm12 - pshufd xmm7,xmm15,093h - pshufd xmm8,xmm0,093h + pshufd xmm7,xmm15,0x93 + pshufd xmm8,xmm0,0x93 pxor xmm15,xmm7 - pshufd xmm9,xmm5,093h + pshufd xmm9,xmm5,0x93 pxor xmm0,xmm8 - pshufd xmm10,xmm3,093h + pshufd xmm10,xmm3,0x93 pxor xmm5,xmm9 - pshufd xmm11,xmm1,093h + pshufd xmm11,xmm1,0x93 pxor xmm3,xmm10 - pshufd xmm12,xmm6,093h + pshufd xmm12,xmm6,0x93 pxor xmm1,xmm11 - pshufd xmm13,xmm2,093h + pshufd xmm13,xmm2,0x93 pxor xmm6,xmm12 - pshufd xmm14,xmm4,093h + pshufd xmm14,xmm4,0x93 pxor xmm2,xmm13 pxor xmm4,xmm14 pxor xmm8,xmm15 pxor xmm7,xmm4 pxor xmm8,xmm4 - pshufd xmm15,xmm15,04Eh + pshufd xmm15,xmm15,0x4E pxor xmm9,xmm0 - pshufd xmm0,xmm0,04Eh + pshufd xmm0,xmm0,0x4E pxor xmm12,xmm1 pxor xmm15,xmm7 pxor xmm13,xmm6 pxor xmm0,xmm8 pxor xmm11,xmm3 - pshufd xmm7,xmm1,04Eh + pshufd xmm7,xmm1,0x4E pxor xmm14,xmm2 - pshufd xmm8,xmm6,04Eh + pshufd xmm8,xmm6,0x4E pxor xmm10,xmm5 - pshufd xmm1,xmm3,04Eh + pshufd xmm1,xmm3,0x4E pxor xmm10,xmm4 - pshufd xmm6,xmm4,04Eh + pshufd xmm6,xmm4,0x4E pxor xmm11,xmm4 - pshufd xmm3,xmm2,04Eh + pshufd xmm3,xmm2,0x4E pxor xmm7,xmm11 - pshufd xmm2,xmm5,04Eh + pshufd xmm2,xmm5,0x4E pxor xmm8,xmm12 pxor xmm10,xmm1 pxor xmm6,xmm14 @@ -877,14 +881,14 @@ $L$dec_sbox:: movdqa xmm4,xmm8 movdqa xmm1,xmm2 movdqa xmm2,xmm10 - movdqa xmm7,XMMWORD PTR[((-16))+r11] - jnz $L$dec_loop - movdqa xmm7,XMMWORD PTR[((-32))+r11] - jmp $L$dec_loop + movdqa xmm7,XMMWORD[((-16))+r11] + jnz NEAR $L$dec_loop + movdqa xmm7,XMMWORD[((-32))+r11] + jmp NEAR $L$dec_loop ALIGN 16 -$L$dec_done:: - movdqa xmm7,XMMWORD PTR[r11] - movdqa xmm8,XMMWORD PTR[16+r11] +$L$dec_done: + movdqa xmm7,XMMWORD[r11] + movdqa xmm8,XMMWORD[16+r11] movdqa xmm9,xmm2 psrlq xmm2,1 movdqa xmm10,xmm1 @@ -913,7 +917,7 @@ $L$dec_done:: psllq xmm15,1 pxor xmm5,xmm9 pxor xmm15,xmm10 - movdqa xmm7,XMMWORD PTR[32+r11] + movdqa xmm7,XMMWORD[32+r11] movdqa xmm9,xmm6 psrlq xmm6,2 movdqa xmm10,xmm1 @@ -970,7 +974,7 @@ $L$dec_done:: psllq xmm15,4 pxor xmm0,xmm9 pxor xmm15,xmm10 - movdqa xmm7,XMMWORD PTR[rax] + movdqa xmm7,XMMWORD[rax] pxor xmm5,xmm7 pxor xmm3,xmm7 pxor xmm1,xmm7 @@ -980,27 +984,27 @@ $L$dec_done:: pxor xmm15,xmm7 pxor xmm0,xmm7 DB 0F3h,0C3h ;repret -_bsaes_decrypt8 ENDP + ALIGN 16 -_bsaes_key_convert PROC PRIVATE - lea r11,QWORD PTR[$L$masks] - movdqu xmm7,XMMWORD PTR[rcx] - lea rcx,QWORD PTR[16+rcx] - movdqa xmm0,XMMWORD PTR[r11] - movdqa xmm1,XMMWORD PTR[16+r11] - movdqa xmm2,XMMWORD PTR[32+r11] - movdqa xmm3,XMMWORD PTR[48+r11] - movdqa xmm4,XMMWORD PTR[64+r11] +_bsaes_key_convert: + lea r11,[$L$masks] + movdqu xmm7,XMMWORD[rcx] + lea rcx,[16+rcx] + movdqa xmm0,XMMWORD[r11] + movdqa xmm1,XMMWORD[16+r11] + movdqa xmm2,XMMWORD[32+r11] + movdqa xmm3,XMMWORD[48+r11] + movdqa xmm4,XMMWORD[64+r11] pcmpeqd xmm5,xmm5 - movdqu xmm6,XMMWORD PTR[rcx] - movdqa XMMWORD PTR[rax],xmm7 - lea rax,QWORD PTR[16+rax] + movdqu xmm6,XMMWORD[rcx] + movdqa XMMWORD[rax],xmm7 + lea rax,[16+rax] dec r10d - jmp $L$key_loop + jmp NEAR $L$key_loop ALIGN 16 -$L$key_loop:: +$L$key_loop: DB 102,15,56,0,244 movdqa xmm8,xmm0 @@ -1031,73 +1035,73 @@ DB 102,15,56,0,244 pand xmm12,xmm6 pand xmm13,xmm6 - movdqa XMMWORD PTR[rax],xmm8 + movdqa XMMWORD[rax],xmm8 pcmpeqb xmm12,xmm0 psrlq xmm0,4 - movdqa XMMWORD PTR[16+rax],xmm9 + movdqa XMMWORD[16+rax],xmm9 pcmpeqb xmm13,xmm1 psrlq xmm1,4 - lea rcx,QWORD PTR[16+rcx] + lea rcx,[16+rcx] pand xmm14,xmm6 pand xmm15,xmm6 - movdqa XMMWORD PTR[32+rax],xmm10 + movdqa XMMWORD[32+rax],xmm10 pcmpeqb xmm14,xmm2 psrlq xmm2,4 - movdqa XMMWORD PTR[48+rax],xmm11 + movdqa XMMWORD[48+rax],xmm11 pcmpeqb xmm15,xmm3 psrlq xmm3,4 - movdqu xmm6,XMMWORD PTR[rcx] + movdqu xmm6,XMMWORD[rcx] pxor xmm13,xmm5 pxor xmm14,xmm5 - movdqa XMMWORD PTR[64+rax],xmm12 - movdqa XMMWORD PTR[80+rax],xmm13 - movdqa XMMWORD PTR[96+rax],xmm14 - movdqa XMMWORD PTR[112+rax],xmm15 - lea rax,QWORD PTR[128+rax] + movdqa XMMWORD[64+rax],xmm12 + movdqa XMMWORD[80+rax],xmm13 + movdqa XMMWORD[96+rax],xmm14 + movdqa XMMWORD[112+rax],xmm15 + lea rax,[128+rax] dec r10d - jnz $L$key_loop + jnz NEAR $L$key_loop - movdqa xmm7,XMMWORD PTR[80+r11] + movdqa xmm7,XMMWORD[80+r11] DB 0F3h,0C3h ;repret -_bsaes_key_convert ENDP -EXTERN asm_AES_cbc_encrypt:NEAR -PUBLIC bsaes_cbc_encrypt + +EXTERN asm_AES_cbc_encrypt +global bsaes_cbc_encrypt ALIGN 16 -bsaes_cbc_encrypt PROC PUBLIC - mov r11d,DWORD PTR[48+rsp] +bsaes_cbc_encrypt: + mov r11d,DWORD[48+rsp] cmp r11d,0 - jne asm_AES_cbc_encrypt + jne NEAR asm_AES_cbc_encrypt cmp r8,128 - jb asm_AES_cbc_encrypt + jb NEAR asm_AES_cbc_encrypt mov rax,rsp -$L$cbc_dec_prologue:: +$L$cbc_dec_prologue: push rbp push rbx push r12 push r13 push r14 push r15 - lea rsp,QWORD PTR[((-72))+rsp] - mov r10,QWORD PTR[160+rsp] - lea rsp,QWORD PTR[((-160))+rsp] - movaps XMMWORD PTR[64+rsp],xmm6 - movaps XMMWORD PTR[80+rsp],xmm7 - movaps XMMWORD PTR[96+rsp],xmm8 - movaps XMMWORD PTR[112+rsp],xmm9 - movaps XMMWORD PTR[128+rsp],xmm10 - movaps XMMWORD PTR[144+rsp],xmm11 - movaps XMMWORD PTR[160+rsp],xmm12 - movaps XMMWORD PTR[176+rsp],xmm13 - movaps XMMWORD PTR[192+rsp],xmm14 - movaps XMMWORD PTR[208+rsp],xmm15 -$L$cbc_dec_body:: + lea rsp,[((-72))+rsp] + mov r10,QWORD[160+rsp] + lea rsp,[((-160))+rsp] + movaps XMMWORD[64+rsp],xmm6 + movaps XMMWORD[80+rsp],xmm7 + movaps XMMWORD[96+rsp],xmm8 + movaps XMMWORD[112+rsp],xmm9 + movaps XMMWORD[128+rsp],xmm10 + movaps XMMWORD[144+rsp],xmm11 + movaps XMMWORD[160+rsp],xmm12 + movaps XMMWORD[176+rsp],xmm13 + movaps XMMWORD[192+rsp],xmm14 + movaps XMMWORD[208+rsp],xmm15 +$L$cbc_dec_body: mov rbp,rsp - mov eax,DWORD PTR[240+r9] + mov eax,DWORD[240+r9] mov r12,rcx mov r13,rdx mov r14,r8 @@ -1114,267 +1118,267 @@ $L$cbc_dec_body:: mov rcx,r15 mov r10d,edx call _bsaes_key_convert - pxor xmm7,XMMWORD PTR[rsp] - movdqa XMMWORD PTR[rax],xmm6 - movdqa XMMWORD PTR[rsp],xmm7 + pxor xmm7,XMMWORD[rsp] + movdqa XMMWORD[rax],xmm6 + movdqa XMMWORD[rsp],xmm7 - movdqu xmm14,XMMWORD PTR[rbx] + movdqu xmm14,XMMWORD[rbx] sub r14,8 -$L$cbc_dec_loop:: - movdqu xmm15,XMMWORD PTR[r12] - movdqu xmm0,XMMWORD PTR[16+r12] - movdqu xmm1,XMMWORD PTR[32+r12] - movdqu xmm2,XMMWORD PTR[48+r12] - movdqu xmm3,XMMWORD PTR[64+r12] - movdqu xmm4,XMMWORD PTR[80+r12] +$L$cbc_dec_loop: + movdqu xmm15,XMMWORD[r12] + movdqu xmm0,XMMWORD[16+r12] + movdqu xmm1,XMMWORD[32+r12] + movdqu xmm2,XMMWORD[48+r12] + movdqu xmm3,XMMWORD[64+r12] + movdqu xmm4,XMMWORD[80+r12] mov rax,rsp - movdqu xmm5,XMMWORD PTR[96+r12] + movdqu xmm5,XMMWORD[96+r12] mov r10d,edx - movdqu xmm6,XMMWORD PTR[112+r12] - movdqa XMMWORD PTR[32+rbp],xmm14 + movdqu xmm6,XMMWORD[112+r12] + movdqa XMMWORD[32+rbp],xmm14 call _bsaes_decrypt8 - pxor xmm15,XMMWORD PTR[32+rbp] - movdqu xmm7,XMMWORD PTR[r12] - movdqu xmm8,XMMWORD PTR[16+r12] + pxor xmm15,XMMWORD[32+rbp] + movdqu xmm7,XMMWORD[r12] + movdqu xmm8,XMMWORD[16+r12] pxor xmm0,xmm7 - movdqu xmm9,XMMWORD PTR[32+r12] + movdqu xmm9,XMMWORD[32+r12] pxor xmm5,xmm8 - movdqu xmm10,XMMWORD PTR[48+r12] + movdqu xmm10,XMMWORD[48+r12] pxor xmm3,xmm9 - movdqu xmm11,XMMWORD PTR[64+r12] + movdqu xmm11,XMMWORD[64+r12] pxor xmm1,xmm10 - movdqu xmm12,XMMWORD PTR[80+r12] + movdqu xmm12,XMMWORD[80+r12] pxor xmm6,xmm11 - movdqu xmm13,XMMWORD PTR[96+r12] + movdqu xmm13,XMMWORD[96+r12] pxor xmm2,xmm12 - movdqu xmm14,XMMWORD PTR[112+r12] + movdqu xmm14,XMMWORD[112+r12] pxor xmm4,xmm13 - movdqu XMMWORD PTR[r13],xmm15 - lea r12,QWORD PTR[128+r12] - movdqu XMMWORD PTR[16+r13],xmm0 - movdqu XMMWORD PTR[32+r13],xmm5 - movdqu XMMWORD PTR[48+r13],xmm3 - movdqu XMMWORD PTR[64+r13],xmm1 - movdqu XMMWORD PTR[80+r13],xmm6 - movdqu XMMWORD PTR[96+r13],xmm2 - movdqu XMMWORD PTR[112+r13],xmm4 - lea r13,QWORD PTR[128+r13] + movdqu XMMWORD[r13],xmm15 + lea r12,[128+r12] + movdqu XMMWORD[16+r13],xmm0 + movdqu XMMWORD[32+r13],xmm5 + movdqu XMMWORD[48+r13],xmm3 + movdqu XMMWORD[64+r13],xmm1 + movdqu XMMWORD[80+r13],xmm6 + movdqu XMMWORD[96+r13],xmm2 + movdqu XMMWORD[112+r13],xmm4 + lea r13,[128+r13] sub r14,8 - jnc $L$cbc_dec_loop + jnc NEAR $L$cbc_dec_loop add r14,8 - jz $L$cbc_dec_done + jz NEAR $L$cbc_dec_done - movdqu xmm15,XMMWORD PTR[r12] + movdqu xmm15,XMMWORD[r12] mov rax,rsp mov r10d,edx cmp r14,2 - jb $L$cbc_dec_one - movdqu xmm0,XMMWORD PTR[16+r12] - je $L$cbc_dec_two - movdqu xmm1,XMMWORD PTR[32+r12] + jb NEAR $L$cbc_dec_one + movdqu xmm0,XMMWORD[16+r12] + je NEAR $L$cbc_dec_two + movdqu xmm1,XMMWORD[32+r12] cmp r14,4 - jb $L$cbc_dec_three - movdqu xmm2,XMMWORD PTR[48+r12] - je $L$cbc_dec_four - movdqu xmm3,XMMWORD PTR[64+r12] + jb NEAR $L$cbc_dec_three + movdqu xmm2,XMMWORD[48+r12] + je NEAR $L$cbc_dec_four + movdqu xmm3,XMMWORD[64+r12] cmp r14,6 - jb $L$cbc_dec_five - movdqu xmm4,XMMWORD PTR[80+r12] - je $L$cbc_dec_six - movdqu xmm5,XMMWORD PTR[96+r12] - movdqa XMMWORD PTR[32+rbp],xmm14 + jb NEAR $L$cbc_dec_five + movdqu xmm4,XMMWORD[80+r12] + je NEAR $L$cbc_dec_six + movdqu xmm5,XMMWORD[96+r12] + movdqa XMMWORD[32+rbp],xmm14 call _bsaes_decrypt8 - pxor xmm15,XMMWORD PTR[32+rbp] - movdqu xmm7,XMMWORD PTR[r12] - movdqu xmm8,XMMWORD PTR[16+r12] + pxor xmm15,XMMWORD[32+rbp] + movdqu xmm7,XMMWORD[r12] + movdqu xmm8,XMMWORD[16+r12] pxor xmm0,xmm7 - movdqu xmm9,XMMWORD PTR[32+r12] + movdqu xmm9,XMMWORD[32+r12] pxor xmm5,xmm8 - movdqu xmm10,XMMWORD PTR[48+r12] + movdqu xmm10,XMMWORD[48+r12] pxor xmm3,xmm9 - movdqu xmm11,XMMWORD PTR[64+r12] + movdqu xmm11,XMMWORD[64+r12] pxor xmm1,xmm10 - movdqu xmm12,XMMWORD PTR[80+r12] + movdqu xmm12,XMMWORD[80+r12] pxor xmm6,xmm11 - movdqu xmm14,XMMWORD PTR[96+r12] + movdqu xmm14,XMMWORD[96+r12] pxor xmm2,xmm12 - movdqu XMMWORD PTR[r13],xmm15 - movdqu XMMWORD PTR[16+r13],xmm0 - movdqu XMMWORD PTR[32+r13],xmm5 - movdqu XMMWORD PTR[48+r13],xmm3 - movdqu XMMWORD PTR[64+r13],xmm1 - movdqu XMMWORD PTR[80+r13],xmm6 - movdqu XMMWORD PTR[96+r13],xmm2 - jmp $L$cbc_dec_done + movdqu XMMWORD[r13],xmm15 + movdqu XMMWORD[16+r13],xmm0 + movdqu XMMWORD[32+r13],xmm5 + movdqu XMMWORD[48+r13],xmm3 + movdqu XMMWORD[64+r13],xmm1 + movdqu XMMWORD[80+r13],xmm6 + movdqu XMMWORD[96+r13],xmm2 + jmp NEAR $L$cbc_dec_done ALIGN 16 -$L$cbc_dec_six:: - movdqa XMMWORD PTR[32+rbp],xmm14 +$L$cbc_dec_six: + movdqa XMMWORD[32+rbp],xmm14 call _bsaes_decrypt8 - pxor xmm15,XMMWORD PTR[32+rbp] - movdqu xmm7,XMMWORD PTR[r12] - movdqu xmm8,XMMWORD PTR[16+r12] + pxor xmm15,XMMWORD[32+rbp] + movdqu xmm7,XMMWORD[r12] + movdqu xmm8,XMMWORD[16+r12] pxor xmm0,xmm7 - movdqu xmm9,XMMWORD PTR[32+r12] + movdqu xmm9,XMMWORD[32+r12] pxor xmm5,xmm8 - movdqu xmm10,XMMWORD PTR[48+r12] + movdqu xmm10,XMMWORD[48+r12] pxor xmm3,xmm9 - movdqu xmm11,XMMWORD PTR[64+r12] + movdqu xmm11,XMMWORD[64+r12] pxor xmm1,xmm10 - movdqu xmm14,XMMWORD PTR[80+r12] + movdqu xmm14,XMMWORD[80+r12] pxor xmm6,xmm11 - movdqu XMMWORD PTR[r13],xmm15 - movdqu XMMWORD PTR[16+r13],xmm0 - movdqu XMMWORD PTR[32+r13],xmm5 - movdqu XMMWORD PTR[48+r13],xmm3 - movdqu XMMWORD PTR[64+r13],xmm1 - movdqu XMMWORD PTR[80+r13],xmm6 - jmp $L$cbc_dec_done + movdqu XMMWORD[r13],xmm15 + movdqu XMMWORD[16+r13],xmm0 + movdqu XMMWORD[32+r13],xmm5 + movdqu XMMWORD[48+r13],xmm3 + movdqu XMMWORD[64+r13],xmm1 + movdqu XMMWORD[80+r13],xmm6 + jmp NEAR $L$cbc_dec_done ALIGN 16 -$L$cbc_dec_five:: - movdqa XMMWORD PTR[32+rbp],xmm14 +$L$cbc_dec_five: + movdqa XMMWORD[32+rbp],xmm14 call _bsaes_decrypt8 - pxor xmm15,XMMWORD PTR[32+rbp] - movdqu xmm7,XMMWORD PTR[r12] - movdqu xmm8,XMMWORD PTR[16+r12] + pxor xmm15,XMMWORD[32+rbp] + movdqu xmm7,XMMWORD[r12] + movdqu xmm8,XMMWORD[16+r12] pxor xmm0,xmm7 - movdqu xmm9,XMMWORD PTR[32+r12] + movdqu xmm9,XMMWORD[32+r12] pxor xmm5,xmm8 - movdqu xmm10,XMMWORD PTR[48+r12] + movdqu xmm10,XMMWORD[48+r12] pxor xmm3,xmm9 - movdqu xmm14,XMMWORD PTR[64+r12] + movdqu xmm14,XMMWORD[64+r12] pxor xmm1,xmm10 - movdqu XMMWORD PTR[r13],xmm15 - movdqu XMMWORD PTR[16+r13],xmm0 - movdqu XMMWORD PTR[32+r13],xmm5 - movdqu XMMWORD PTR[48+r13],xmm3 - movdqu XMMWORD PTR[64+r13],xmm1 - jmp $L$cbc_dec_done + movdqu XMMWORD[r13],xmm15 + movdqu XMMWORD[16+r13],xmm0 + movdqu XMMWORD[32+r13],xmm5 + movdqu XMMWORD[48+r13],xmm3 + movdqu XMMWORD[64+r13],xmm1 + jmp NEAR $L$cbc_dec_done ALIGN 16 -$L$cbc_dec_four:: - movdqa XMMWORD PTR[32+rbp],xmm14 +$L$cbc_dec_four: + movdqa XMMWORD[32+rbp],xmm14 call _bsaes_decrypt8 - pxor xmm15,XMMWORD PTR[32+rbp] - movdqu xmm7,XMMWORD PTR[r12] - movdqu xmm8,XMMWORD PTR[16+r12] + pxor xmm15,XMMWORD[32+rbp] + movdqu xmm7,XMMWORD[r12] + movdqu xmm8,XMMWORD[16+r12] pxor xmm0,xmm7 - movdqu xmm9,XMMWORD PTR[32+r12] + movdqu xmm9,XMMWORD[32+r12] pxor xmm5,xmm8 - movdqu xmm14,XMMWORD PTR[48+r12] + movdqu xmm14,XMMWORD[48+r12] pxor xmm3,xmm9 - movdqu XMMWORD PTR[r13],xmm15 - movdqu XMMWORD PTR[16+r13],xmm0 - movdqu XMMWORD PTR[32+r13],xmm5 - movdqu XMMWORD PTR[48+r13],xmm3 - jmp $L$cbc_dec_done + movdqu XMMWORD[r13],xmm15 + movdqu XMMWORD[16+r13],xmm0 + movdqu XMMWORD[32+r13],xmm5 + movdqu XMMWORD[48+r13],xmm3 + jmp NEAR $L$cbc_dec_done ALIGN 16 -$L$cbc_dec_three:: - movdqa XMMWORD PTR[32+rbp],xmm14 +$L$cbc_dec_three: + movdqa XMMWORD[32+rbp],xmm14 call _bsaes_decrypt8 - pxor xmm15,XMMWORD PTR[32+rbp] - movdqu xmm7,XMMWORD PTR[r12] - movdqu xmm8,XMMWORD PTR[16+r12] + pxor xmm15,XMMWORD[32+rbp] + movdqu xmm7,XMMWORD[r12] + movdqu xmm8,XMMWORD[16+r12] pxor xmm0,xmm7 - movdqu xmm14,XMMWORD PTR[32+r12] + movdqu xmm14,XMMWORD[32+r12] pxor xmm5,xmm8 - movdqu XMMWORD PTR[r13],xmm15 - movdqu XMMWORD PTR[16+r13],xmm0 - movdqu XMMWORD PTR[32+r13],xmm5 - jmp $L$cbc_dec_done + movdqu XMMWORD[r13],xmm15 + movdqu XMMWORD[16+r13],xmm0 + movdqu XMMWORD[32+r13],xmm5 + jmp NEAR $L$cbc_dec_done ALIGN 16 -$L$cbc_dec_two:: - movdqa XMMWORD PTR[32+rbp],xmm14 +$L$cbc_dec_two: + movdqa XMMWORD[32+rbp],xmm14 call _bsaes_decrypt8 - pxor xmm15,XMMWORD PTR[32+rbp] - movdqu xmm7,XMMWORD PTR[r12] - movdqu xmm14,XMMWORD PTR[16+r12] + pxor xmm15,XMMWORD[32+rbp] + movdqu xmm7,XMMWORD[r12] + movdqu xmm14,XMMWORD[16+r12] pxor xmm0,xmm7 - movdqu XMMWORD PTR[r13],xmm15 - movdqu XMMWORD PTR[16+r13],xmm0 - jmp $L$cbc_dec_done + movdqu XMMWORD[r13],xmm15 + movdqu XMMWORD[16+r13],xmm0 + jmp NEAR $L$cbc_dec_done ALIGN 16 -$L$cbc_dec_one:: - lea rcx,QWORD PTR[r12] - lea rdx,QWORD PTR[32+rbp] - lea r8,QWORD PTR[r15] +$L$cbc_dec_one: + lea rcx,[r12] + lea rdx,[32+rbp] + lea r8,[r15] call asm_AES_decrypt - pxor xmm14,XMMWORD PTR[32+rbp] - movdqu XMMWORD PTR[r13],xmm14 + pxor xmm14,XMMWORD[32+rbp] + movdqu XMMWORD[r13],xmm14 movdqa xmm14,xmm15 -$L$cbc_dec_done:: - movdqu XMMWORD PTR[rbx],xmm14 - lea rax,QWORD PTR[rsp] +$L$cbc_dec_done: + movdqu XMMWORD[rbx],xmm14 + lea rax,[rsp] pxor xmm0,xmm0 -$L$cbc_dec_bzero:: - movdqa XMMWORD PTR[rax],xmm0 - movdqa XMMWORD PTR[16+rax],xmm0 - lea rax,QWORD PTR[32+rax] +$L$cbc_dec_bzero: + movdqa XMMWORD[rax],xmm0 + movdqa XMMWORD[16+rax],xmm0 + lea rax,[32+rax] cmp rbp,rax - ja $L$cbc_dec_bzero - - lea rsp,QWORD PTR[rbp] - movaps xmm6,XMMWORD PTR[64+rbp] - movaps xmm7,XMMWORD PTR[80+rbp] - movaps xmm8,XMMWORD PTR[96+rbp] - movaps xmm9,XMMWORD PTR[112+rbp] - movaps xmm10,XMMWORD PTR[128+rbp] - movaps xmm11,XMMWORD PTR[144+rbp] - movaps xmm12,XMMWORD PTR[160+rbp] - movaps xmm13,XMMWORD PTR[176+rbp] - movaps xmm14,XMMWORD PTR[192+rbp] - movaps xmm15,XMMWORD PTR[208+rbp] - lea rsp,QWORD PTR[160+rbp] - mov r15,QWORD PTR[72+rsp] - mov r14,QWORD PTR[80+rsp] - mov r13,QWORD PTR[88+rsp] - mov r12,QWORD PTR[96+rsp] - mov rbx,QWORD PTR[104+rsp] - mov rax,QWORD PTR[112+rsp] - lea rsp,QWORD PTR[120+rsp] + ja NEAR $L$cbc_dec_bzero + + lea rsp,[rbp] + movaps xmm6,XMMWORD[64+rbp] + movaps xmm7,XMMWORD[80+rbp] + movaps xmm8,XMMWORD[96+rbp] + movaps xmm9,XMMWORD[112+rbp] + movaps xmm10,XMMWORD[128+rbp] + movaps xmm11,XMMWORD[144+rbp] + movaps xmm12,XMMWORD[160+rbp] + movaps xmm13,XMMWORD[176+rbp] + movaps xmm14,XMMWORD[192+rbp] + movaps xmm15,XMMWORD[208+rbp] + lea rsp,[160+rbp] + mov r15,QWORD[72+rsp] + mov r14,QWORD[80+rsp] + mov r13,QWORD[88+rsp] + mov r12,QWORD[96+rsp] + mov rbx,QWORD[104+rsp] + mov rax,QWORD[112+rsp] + lea rsp,[120+rsp] mov rbp,rax -$L$cbc_dec_epilogue:: +$L$cbc_dec_epilogue: DB 0F3h,0C3h ;repret -bsaes_cbc_encrypt ENDP -PUBLIC bsaes_ctr32_encrypt_blocks + +global bsaes_ctr32_encrypt_blocks ALIGN 16 -bsaes_ctr32_encrypt_blocks PROC PUBLIC +bsaes_ctr32_encrypt_blocks: mov rax,rsp -$L$ctr_enc_prologue:: +$L$ctr_enc_prologue: push rbp push rbx push r12 push r13 push r14 push r15 - lea rsp,QWORD PTR[((-72))+rsp] - mov r10,QWORD PTR[160+rsp] - lea rsp,QWORD PTR[((-160))+rsp] - movaps XMMWORD PTR[64+rsp],xmm6 - movaps XMMWORD PTR[80+rsp],xmm7 - movaps XMMWORD PTR[96+rsp],xmm8 - movaps XMMWORD PTR[112+rsp],xmm9 - movaps XMMWORD PTR[128+rsp],xmm10 - movaps XMMWORD PTR[144+rsp],xmm11 - movaps XMMWORD PTR[160+rsp],xmm12 - movaps XMMWORD PTR[176+rsp],xmm13 - movaps XMMWORD PTR[192+rsp],xmm14 - movaps XMMWORD PTR[208+rsp],xmm15 -$L$ctr_enc_body:: + lea rsp,[((-72))+rsp] + mov r10,QWORD[160+rsp] + lea rsp,[((-160))+rsp] + movaps XMMWORD[64+rsp],xmm6 + movaps XMMWORD[80+rsp],xmm7 + movaps XMMWORD[96+rsp],xmm8 + movaps XMMWORD[112+rsp],xmm9 + movaps XMMWORD[128+rsp],xmm10 + movaps XMMWORD[144+rsp],xmm11 + movaps XMMWORD[160+rsp],xmm12 + movaps XMMWORD[176+rsp],xmm13 + movaps XMMWORD[192+rsp],xmm14 + movaps XMMWORD[208+rsp],xmm15 +$L$ctr_enc_body: mov rbp,rsp - movdqu xmm0,XMMWORD PTR[r10] - mov eax,DWORD PTR[240+r9] + movdqu xmm0,XMMWORD[r10] + mov eax,DWORD[240+r9] mov r12,rcx mov r13,rdx mov r14,r8 mov r15,r9 - movdqa XMMWORD PTR[32+rbp],xmm0 + movdqa XMMWORD[32+rbp],xmm0 cmp r8,8 - jb $L$ctr_enc_short + jb NEAR $L$ctr_enc_short mov ebx,eax shl rax,7 @@ -1386,39 +1390,39 @@ $L$ctr_enc_body:: mov r10d,ebx call _bsaes_key_convert pxor xmm7,xmm6 - movdqa XMMWORD PTR[rax],xmm7 + movdqa XMMWORD[rax],xmm7 - movdqa xmm8,XMMWORD PTR[rsp] - lea r11,QWORD PTR[$L$ADD1] - movdqa xmm15,XMMWORD PTR[32+rbp] - movdqa xmm7,XMMWORD PTR[((-32))+r11] + movdqa xmm8,XMMWORD[rsp] + lea r11,[$L$ADD1] + movdqa xmm15,XMMWORD[32+rbp] + movdqa xmm7,XMMWORD[((-32))+r11] DB 102,68,15,56,0,199 DB 102,68,15,56,0,255 - movdqa XMMWORD PTR[rsp],xmm8 - jmp $L$ctr_enc_loop + movdqa XMMWORD[rsp],xmm8 + jmp NEAR $L$ctr_enc_loop ALIGN 16 -$L$ctr_enc_loop:: - movdqa XMMWORD PTR[32+rbp],xmm15 +$L$ctr_enc_loop: + movdqa XMMWORD[32+rbp],xmm15 movdqa xmm0,xmm15 movdqa xmm1,xmm15 - paddd xmm0,XMMWORD PTR[r11] + paddd xmm0,XMMWORD[r11] movdqa xmm2,xmm15 - paddd xmm1,XMMWORD PTR[16+r11] + paddd xmm1,XMMWORD[16+r11] movdqa xmm3,xmm15 - paddd xmm2,XMMWORD PTR[32+r11] + paddd xmm2,XMMWORD[32+r11] movdqa xmm4,xmm15 - paddd xmm3,XMMWORD PTR[48+r11] + paddd xmm3,XMMWORD[48+r11] movdqa xmm5,xmm15 - paddd xmm4,XMMWORD PTR[64+r11] + paddd xmm4,XMMWORD[64+r11] movdqa xmm6,xmm15 - paddd xmm5,XMMWORD PTR[80+r11] - paddd xmm6,XMMWORD PTR[96+r11] + paddd xmm5,XMMWORD[80+r11] + paddd xmm6,XMMWORD[96+r11] - movdqa xmm8,XMMWORD PTR[rsp] - lea rax,QWORD PTR[16+rsp] - movdqa xmm7,XMMWORD PTR[((-16))+r11] + movdqa xmm8,XMMWORD[rsp] + lea rax,[16+rsp] + movdqa xmm7,XMMWORD[((-16))+r11] pxor xmm15,xmm8 pxor xmm0,xmm8 pxor xmm1,xmm8 @@ -1435,172 +1439,172 @@ DB 102,15,56,0,223 DB 102,15,56,0,231 DB 102,15,56,0,239 DB 102,15,56,0,247 - lea r11,QWORD PTR[$L$BS0] + lea r11,[$L$BS0] mov r10d,ebx call _bsaes_encrypt8_bitslice sub r14,8 - jc $L$ctr_enc_loop_done - - movdqu xmm7,XMMWORD PTR[r12] - movdqu xmm8,XMMWORD PTR[16+r12] - movdqu xmm9,XMMWORD PTR[32+r12] - movdqu xmm10,XMMWORD PTR[48+r12] - movdqu xmm11,XMMWORD PTR[64+r12] - movdqu xmm12,XMMWORD PTR[80+r12] - movdqu xmm13,XMMWORD PTR[96+r12] - movdqu xmm14,XMMWORD PTR[112+r12] - lea r12,QWORD PTR[128+r12] + jc NEAR $L$ctr_enc_loop_done + + movdqu xmm7,XMMWORD[r12] + movdqu xmm8,XMMWORD[16+r12] + movdqu xmm9,XMMWORD[32+r12] + movdqu xmm10,XMMWORD[48+r12] + movdqu xmm11,XMMWORD[64+r12] + movdqu xmm12,XMMWORD[80+r12] + movdqu xmm13,XMMWORD[96+r12] + movdqu xmm14,XMMWORD[112+r12] + lea r12,[128+r12] pxor xmm7,xmm15 - movdqa xmm15,XMMWORD PTR[32+rbp] + movdqa xmm15,XMMWORD[32+rbp] pxor xmm0,xmm8 - movdqu XMMWORD PTR[r13],xmm7 + movdqu XMMWORD[r13],xmm7 pxor xmm3,xmm9 - movdqu XMMWORD PTR[16+r13],xmm0 + movdqu XMMWORD[16+r13],xmm0 pxor xmm5,xmm10 - movdqu XMMWORD PTR[32+r13],xmm3 + movdqu XMMWORD[32+r13],xmm3 pxor xmm2,xmm11 - movdqu XMMWORD PTR[48+r13],xmm5 + movdqu XMMWORD[48+r13],xmm5 pxor xmm6,xmm12 - movdqu XMMWORD PTR[64+r13],xmm2 + movdqu XMMWORD[64+r13],xmm2 pxor xmm1,xmm13 - movdqu XMMWORD PTR[80+r13],xmm6 + movdqu XMMWORD[80+r13],xmm6 pxor xmm4,xmm14 - movdqu XMMWORD PTR[96+r13],xmm1 - lea r11,QWORD PTR[$L$ADD1] - movdqu XMMWORD PTR[112+r13],xmm4 - lea r13,QWORD PTR[128+r13] - paddd xmm15,XMMWORD PTR[112+r11] - jnz $L$ctr_enc_loop - - jmp $L$ctr_enc_done + movdqu XMMWORD[96+r13],xmm1 + lea r11,[$L$ADD1] + movdqu XMMWORD[112+r13],xmm4 + lea r13,[128+r13] + paddd xmm15,XMMWORD[112+r11] + jnz NEAR $L$ctr_enc_loop + + jmp NEAR $L$ctr_enc_done ALIGN 16 -$L$ctr_enc_loop_done:: +$L$ctr_enc_loop_done: add r14,8 - movdqu xmm7,XMMWORD PTR[r12] + movdqu xmm7,XMMWORD[r12] pxor xmm15,xmm7 - movdqu XMMWORD PTR[r13],xmm15 + movdqu XMMWORD[r13],xmm15 cmp r14,2 - jb $L$ctr_enc_done - movdqu xmm8,XMMWORD PTR[16+r12] + jb NEAR $L$ctr_enc_done + movdqu xmm8,XMMWORD[16+r12] pxor xmm0,xmm8 - movdqu XMMWORD PTR[16+r13],xmm0 - je $L$ctr_enc_done - movdqu xmm9,XMMWORD PTR[32+r12] + movdqu XMMWORD[16+r13],xmm0 + je NEAR $L$ctr_enc_done + movdqu xmm9,XMMWORD[32+r12] pxor xmm3,xmm9 - movdqu XMMWORD PTR[32+r13],xmm3 + movdqu XMMWORD[32+r13],xmm3 cmp r14,4 - jb $L$ctr_enc_done - movdqu xmm10,XMMWORD PTR[48+r12] + jb NEAR $L$ctr_enc_done + movdqu xmm10,XMMWORD[48+r12] pxor xmm5,xmm10 - movdqu XMMWORD PTR[48+r13],xmm5 - je $L$ctr_enc_done - movdqu xmm11,XMMWORD PTR[64+r12] + movdqu XMMWORD[48+r13],xmm5 + je NEAR $L$ctr_enc_done + movdqu xmm11,XMMWORD[64+r12] pxor xmm2,xmm11 - movdqu XMMWORD PTR[64+r13],xmm2 + movdqu XMMWORD[64+r13],xmm2 cmp r14,6 - jb $L$ctr_enc_done - movdqu xmm12,XMMWORD PTR[80+r12] + jb NEAR $L$ctr_enc_done + movdqu xmm12,XMMWORD[80+r12] pxor xmm6,xmm12 - movdqu XMMWORD PTR[80+r13],xmm6 - je $L$ctr_enc_done - movdqu xmm13,XMMWORD PTR[96+r12] + movdqu XMMWORD[80+r13],xmm6 + je NEAR $L$ctr_enc_done + movdqu xmm13,XMMWORD[96+r12] pxor xmm1,xmm13 - movdqu XMMWORD PTR[96+r13],xmm1 - jmp $L$ctr_enc_done + movdqu XMMWORD[96+r13],xmm1 + jmp NEAR $L$ctr_enc_done ALIGN 16 -$L$ctr_enc_short:: - lea rcx,QWORD PTR[32+rbp] - lea rdx,QWORD PTR[48+rbp] - lea r8,QWORD PTR[r15] +$L$ctr_enc_short: + lea rcx,[32+rbp] + lea rdx,[48+rbp] + lea r8,[r15] call asm_AES_encrypt - movdqu xmm0,XMMWORD PTR[r12] - lea r12,QWORD PTR[16+r12] - mov eax,DWORD PTR[44+rbp] + movdqu xmm0,XMMWORD[r12] + lea r12,[16+r12] + mov eax,DWORD[44+rbp] bswap eax - pxor xmm0,XMMWORD PTR[48+rbp] + pxor xmm0,XMMWORD[48+rbp] inc eax - movdqu XMMWORD PTR[r13],xmm0 + movdqu XMMWORD[r13],xmm0 bswap eax - lea r13,QWORD PTR[16+r13] - mov DWORD PTR[44+rsp],eax + lea r13,[16+r13] + mov DWORD[44+rsp],eax dec r14 - jnz $L$ctr_enc_short + jnz NEAR $L$ctr_enc_short -$L$ctr_enc_done:: - lea rax,QWORD PTR[rsp] +$L$ctr_enc_done: + lea rax,[rsp] pxor xmm0,xmm0 -$L$ctr_enc_bzero:: - movdqa XMMWORD PTR[rax],xmm0 - movdqa XMMWORD PTR[16+rax],xmm0 - lea rax,QWORD PTR[32+rax] +$L$ctr_enc_bzero: + movdqa XMMWORD[rax],xmm0 + movdqa XMMWORD[16+rax],xmm0 + lea rax,[32+rax] cmp rbp,rax - ja $L$ctr_enc_bzero - - lea rsp,QWORD PTR[rbp] - movaps xmm6,XMMWORD PTR[64+rbp] - movaps xmm7,XMMWORD PTR[80+rbp] - movaps xmm8,XMMWORD PTR[96+rbp] - movaps xmm9,XMMWORD PTR[112+rbp] - movaps xmm10,XMMWORD PTR[128+rbp] - movaps xmm11,XMMWORD PTR[144+rbp] - movaps xmm12,XMMWORD PTR[160+rbp] - movaps xmm13,XMMWORD PTR[176+rbp] - movaps xmm14,XMMWORD PTR[192+rbp] - movaps xmm15,XMMWORD PTR[208+rbp] - lea rsp,QWORD PTR[160+rbp] - mov r15,QWORD PTR[72+rsp] - mov r14,QWORD PTR[80+rsp] - mov r13,QWORD PTR[88+rsp] - mov r12,QWORD PTR[96+rsp] - mov rbx,QWORD PTR[104+rsp] - mov rax,QWORD PTR[112+rsp] - lea rsp,QWORD PTR[120+rsp] + ja NEAR $L$ctr_enc_bzero + + lea rsp,[rbp] + movaps xmm6,XMMWORD[64+rbp] + movaps xmm7,XMMWORD[80+rbp] + movaps xmm8,XMMWORD[96+rbp] + movaps xmm9,XMMWORD[112+rbp] + movaps xmm10,XMMWORD[128+rbp] + movaps xmm11,XMMWORD[144+rbp] + movaps xmm12,XMMWORD[160+rbp] + movaps xmm13,XMMWORD[176+rbp] + movaps xmm14,XMMWORD[192+rbp] + movaps xmm15,XMMWORD[208+rbp] + lea rsp,[160+rbp] + mov r15,QWORD[72+rsp] + mov r14,QWORD[80+rsp] + mov r13,QWORD[88+rsp] + mov r12,QWORD[96+rsp] + mov rbx,QWORD[104+rsp] + mov rax,QWORD[112+rsp] + lea rsp,[120+rsp] mov rbp,rax -$L$ctr_enc_epilogue:: +$L$ctr_enc_epilogue: DB 0F3h,0C3h ;repret -bsaes_ctr32_encrypt_blocks ENDP -PUBLIC bsaes_xts_encrypt + +global bsaes_xts_encrypt ALIGN 16 -bsaes_xts_encrypt PROC PUBLIC +bsaes_xts_encrypt: mov rax,rsp -$L$xts_enc_prologue:: +$L$xts_enc_prologue: push rbp push rbx push r12 push r13 push r14 push r15 - lea rsp,QWORD PTR[((-72))+rsp] - mov r10,QWORD PTR[160+rsp] - mov r11,QWORD PTR[168+rsp] - lea rsp,QWORD PTR[((-160))+rsp] - movaps XMMWORD PTR[64+rsp],xmm6 - movaps XMMWORD PTR[80+rsp],xmm7 - movaps XMMWORD PTR[96+rsp],xmm8 - movaps XMMWORD PTR[112+rsp],xmm9 - movaps XMMWORD PTR[128+rsp],xmm10 - movaps XMMWORD PTR[144+rsp],xmm11 - movaps XMMWORD PTR[160+rsp],xmm12 - movaps XMMWORD PTR[176+rsp],xmm13 - movaps XMMWORD PTR[192+rsp],xmm14 - movaps XMMWORD PTR[208+rsp],xmm15 -$L$xts_enc_body:: + lea rsp,[((-72))+rsp] + mov r10,QWORD[160+rsp] + mov r11,QWORD[168+rsp] + lea rsp,[((-160))+rsp] + movaps XMMWORD[64+rsp],xmm6 + movaps XMMWORD[80+rsp],xmm7 + movaps XMMWORD[96+rsp],xmm8 + movaps XMMWORD[112+rsp],xmm9 + movaps XMMWORD[128+rsp],xmm10 + movaps XMMWORD[144+rsp],xmm11 + movaps XMMWORD[160+rsp],xmm12 + movaps XMMWORD[176+rsp],xmm13 + movaps XMMWORD[192+rsp],xmm14 + movaps XMMWORD[208+rsp],xmm15 +$L$xts_enc_body: mov rbp,rsp mov r12,rcx mov r13,rdx mov r14,r8 mov r15,r9 - lea rcx,QWORD PTR[r11] - lea rdx,QWORD PTR[32+rbp] - lea r8,QWORD PTR[r10] + lea rcx,[r11] + lea rdx,[32+rbp] + lea r8,[r10] call asm_AES_encrypt - mov eax,DWORD PTR[240+r15] + mov eax,DWORD[240+r15] mov rbx,r14 mov edx,eax @@ -1613,471 +1617,471 @@ $L$xts_enc_body:: mov r10d,edx call _bsaes_key_convert pxor xmm7,xmm6 - movdqa XMMWORD PTR[rax],xmm7 + movdqa XMMWORD[rax],xmm7 and r14,-16 - sub rsp,080h - movdqa xmm6,XMMWORD PTR[32+rbp] + sub rsp,0x80 + movdqa xmm6,XMMWORD[32+rbp] pxor xmm14,xmm14 - movdqa xmm12,XMMWORD PTR[$L$xts_magic] + movdqa xmm12,XMMWORD[$L$xts_magic] pcmpgtd xmm14,xmm6 - sub r14,080h - jc $L$xts_enc_short - jmp $L$xts_enc_loop + sub r14,0x80 + jc NEAR $L$xts_enc_short + jmp NEAR $L$xts_enc_loop ALIGN 16 -$L$xts_enc_loop:: - pshufd xmm13,xmm14,013h +$L$xts_enc_loop: + pshufd xmm13,xmm14,0x13 pxor xmm14,xmm14 movdqa xmm15,xmm6 - movdqa XMMWORD PTR[rsp],xmm6 + movdqa XMMWORD[rsp],xmm6 paddq xmm6,xmm6 pand xmm13,xmm12 pcmpgtd xmm14,xmm6 pxor xmm6,xmm13 - pshufd xmm13,xmm14,013h + pshufd xmm13,xmm14,0x13 pxor xmm14,xmm14 movdqa xmm0,xmm6 - movdqa XMMWORD PTR[16+rsp],xmm6 + movdqa XMMWORD[16+rsp],xmm6 paddq xmm6,xmm6 pand xmm13,xmm12 pcmpgtd xmm14,xmm6 pxor xmm6,xmm13 - movdqu xmm7,XMMWORD PTR[r12] - pshufd xmm13,xmm14,013h + movdqu xmm7,XMMWORD[r12] + pshufd xmm13,xmm14,0x13 pxor xmm14,xmm14 movdqa xmm1,xmm6 - movdqa XMMWORD PTR[32+rsp],xmm6 + movdqa XMMWORD[32+rsp],xmm6 paddq xmm6,xmm6 pand xmm13,xmm12 pcmpgtd xmm14,xmm6 pxor xmm6,xmm13 - movdqu xmm8,XMMWORD PTR[16+r12] + movdqu xmm8,XMMWORD[16+r12] pxor xmm15,xmm7 - pshufd xmm13,xmm14,013h + pshufd xmm13,xmm14,0x13 pxor xmm14,xmm14 movdqa xmm2,xmm6 - movdqa XMMWORD PTR[48+rsp],xmm6 + movdqa XMMWORD[48+rsp],xmm6 paddq xmm6,xmm6 pand xmm13,xmm12 pcmpgtd xmm14,xmm6 pxor xmm6,xmm13 - movdqu xmm9,XMMWORD PTR[32+r12] + movdqu xmm9,XMMWORD[32+r12] pxor xmm0,xmm8 - pshufd xmm13,xmm14,013h + pshufd xmm13,xmm14,0x13 pxor xmm14,xmm14 movdqa xmm3,xmm6 - movdqa XMMWORD PTR[64+rsp],xmm6 + movdqa XMMWORD[64+rsp],xmm6 paddq xmm6,xmm6 pand xmm13,xmm12 pcmpgtd xmm14,xmm6 pxor xmm6,xmm13 - movdqu xmm10,XMMWORD PTR[48+r12] + movdqu xmm10,XMMWORD[48+r12] pxor xmm1,xmm9 - pshufd xmm13,xmm14,013h + pshufd xmm13,xmm14,0x13 pxor xmm14,xmm14 movdqa xmm4,xmm6 - movdqa XMMWORD PTR[80+rsp],xmm6 + movdqa XMMWORD[80+rsp],xmm6 paddq xmm6,xmm6 pand xmm13,xmm12 pcmpgtd xmm14,xmm6 pxor xmm6,xmm13 - movdqu xmm11,XMMWORD PTR[64+r12] + movdqu xmm11,XMMWORD[64+r12] pxor xmm2,xmm10 - pshufd xmm13,xmm14,013h + pshufd xmm13,xmm14,0x13 pxor xmm14,xmm14 movdqa xmm5,xmm6 - movdqa XMMWORD PTR[96+rsp],xmm6 + movdqa XMMWORD[96+rsp],xmm6 paddq xmm6,xmm6 pand xmm13,xmm12 pcmpgtd xmm14,xmm6 pxor xmm6,xmm13 - movdqu xmm12,XMMWORD PTR[80+r12] + movdqu xmm12,XMMWORD[80+r12] pxor xmm3,xmm11 - movdqu xmm13,XMMWORD PTR[96+r12] + movdqu xmm13,XMMWORD[96+r12] pxor xmm4,xmm12 - movdqu xmm14,XMMWORD PTR[112+r12] - lea r12,QWORD PTR[128+r12] - movdqa XMMWORD PTR[112+rsp],xmm6 + movdqu xmm14,XMMWORD[112+r12] + lea r12,[128+r12] + movdqa XMMWORD[112+rsp],xmm6 pxor xmm5,xmm13 - lea rax,QWORD PTR[128+rsp] + lea rax,[128+rsp] pxor xmm6,xmm14 mov r10d,edx call _bsaes_encrypt8 - pxor xmm15,XMMWORD PTR[rsp] - pxor xmm0,XMMWORD PTR[16+rsp] - movdqu XMMWORD PTR[r13],xmm15 - pxor xmm3,XMMWORD PTR[32+rsp] - movdqu XMMWORD PTR[16+r13],xmm0 - pxor xmm5,XMMWORD PTR[48+rsp] - movdqu XMMWORD PTR[32+r13],xmm3 - pxor xmm2,XMMWORD PTR[64+rsp] - movdqu XMMWORD PTR[48+r13],xmm5 - pxor xmm6,XMMWORD PTR[80+rsp] - movdqu XMMWORD PTR[64+r13],xmm2 - pxor xmm1,XMMWORD PTR[96+rsp] - movdqu XMMWORD PTR[80+r13],xmm6 - pxor xmm4,XMMWORD PTR[112+rsp] - movdqu XMMWORD PTR[96+r13],xmm1 - movdqu XMMWORD PTR[112+r13],xmm4 - lea r13,QWORD PTR[128+r13] - - movdqa xmm6,XMMWORD PTR[112+rsp] + pxor xmm15,XMMWORD[rsp] + pxor xmm0,XMMWORD[16+rsp] + movdqu XMMWORD[r13],xmm15 + pxor xmm3,XMMWORD[32+rsp] + movdqu XMMWORD[16+r13],xmm0 + pxor xmm5,XMMWORD[48+rsp] + movdqu XMMWORD[32+r13],xmm3 + pxor xmm2,XMMWORD[64+rsp] + movdqu XMMWORD[48+r13],xmm5 + pxor xmm6,XMMWORD[80+rsp] + movdqu XMMWORD[64+r13],xmm2 + pxor xmm1,XMMWORD[96+rsp] + movdqu XMMWORD[80+r13],xmm6 + pxor xmm4,XMMWORD[112+rsp] + movdqu XMMWORD[96+r13],xmm1 + movdqu XMMWORD[112+r13],xmm4 + lea r13,[128+r13] + + movdqa xmm6,XMMWORD[112+rsp] pxor xmm14,xmm14 - movdqa xmm12,XMMWORD PTR[$L$xts_magic] + movdqa xmm12,XMMWORD[$L$xts_magic] pcmpgtd xmm14,xmm6 - pshufd xmm13,xmm14,013h + pshufd xmm13,xmm14,0x13 pxor xmm14,xmm14 paddq xmm6,xmm6 pand xmm13,xmm12 pcmpgtd xmm14,xmm6 pxor xmm6,xmm13 - sub r14,080h - jnc $L$xts_enc_loop + sub r14,0x80 + jnc NEAR $L$xts_enc_loop -$L$xts_enc_short:: - add r14,080h - jz $L$xts_enc_done - pshufd xmm13,xmm14,013h +$L$xts_enc_short: + add r14,0x80 + jz NEAR $L$xts_enc_done + pshufd xmm13,xmm14,0x13 pxor xmm14,xmm14 movdqa xmm15,xmm6 - movdqa XMMWORD PTR[rsp],xmm6 + movdqa XMMWORD[rsp],xmm6 paddq xmm6,xmm6 pand xmm13,xmm12 pcmpgtd xmm14,xmm6 pxor xmm6,xmm13 - pshufd xmm13,xmm14,013h + pshufd xmm13,xmm14,0x13 pxor xmm14,xmm14 movdqa xmm0,xmm6 - movdqa XMMWORD PTR[16+rsp],xmm6 + movdqa XMMWORD[16+rsp],xmm6 paddq xmm6,xmm6 pand xmm13,xmm12 pcmpgtd xmm14,xmm6 pxor xmm6,xmm13 - movdqu xmm7,XMMWORD PTR[r12] + movdqu xmm7,XMMWORD[r12] cmp r14,16 - je $L$xts_enc_1 - pshufd xmm13,xmm14,013h + je NEAR $L$xts_enc_1 + pshufd xmm13,xmm14,0x13 pxor xmm14,xmm14 movdqa xmm1,xmm6 - movdqa XMMWORD PTR[32+rsp],xmm6 + movdqa XMMWORD[32+rsp],xmm6 paddq xmm6,xmm6 pand xmm13,xmm12 pcmpgtd xmm14,xmm6 pxor xmm6,xmm13 - movdqu xmm8,XMMWORD PTR[16+r12] + movdqu xmm8,XMMWORD[16+r12] cmp r14,32 - je $L$xts_enc_2 + je NEAR $L$xts_enc_2 pxor xmm15,xmm7 - pshufd xmm13,xmm14,013h + pshufd xmm13,xmm14,0x13 pxor xmm14,xmm14 movdqa xmm2,xmm6 - movdqa XMMWORD PTR[48+rsp],xmm6 + movdqa XMMWORD[48+rsp],xmm6 paddq xmm6,xmm6 pand xmm13,xmm12 pcmpgtd xmm14,xmm6 pxor xmm6,xmm13 - movdqu xmm9,XMMWORD PTR[32+r12] + movdqu xmm9,XMMWORD[32+r12] cmp r14,48 - je $L$xts_enc_3 + je NEAR $L$xts_enc_3 pxor xmm0,xmm8 - pshufd xmm13,xmm14,013h + pshufd xmm13,xmm14,0x13 pxor xmm14,xmm14 movdqa xmm3,xmm6 - movdqa XMMWORD PTR[64+rsp],xmm6 + movdqa XMMWORD[64+rsp],xmm6 paddq xmm6,xmm6 pand xmm13,xmm12 pcmpgtd xmm14,xmm6 pxor xmm6,xmm13 - movdqu xmm10,XMMWORD PTR[48+r12] + movdqu xmm10,XMMWORD[48+r12] cmp r14,64 - je $L$xts_enc_4 + je NEAR $L$xts_enc_4 pxor xmm1,xmm9 - pshufd xmm13,xmm14,013h + pshufd xmm13,xmm14,0x13 pxor xmm14,xmm14 movdqa xmm4,xmm6 - movdqa XMMWORD PTR[80+rsp],xmm6 + movdqa XMMWORD[80+rsp],xmm6 paddq xmm6,xmm6 pand xmm13,xmm12 pcmpgtd xmm14,xmm6 pxor xmm6,xmm13 - movdqu xmm11,XMMWORD PTR[64+r12] + movdqu xmm11,XMMWORD[64+r12] cmp r14,80 - je $L$xts_enc_5 + je NEAR $L$xts_enc_5 pxor xmm2,xmm10 - pshufd xmm13,xmm14,013h + pshufd xmm13,xmm14,0x13 pxor xmm14,xmm14 movdqa xmm5,xmm6 - movdqa XMMWORD PTR[96+rsp],xmm6 + movdqa XMMWORD[96+rsp],xmm6 paddq xmm6,xmm6 pand xmm13,xmm12 pcmpgtd xmm14,xmm6 pxor xmm6,xmm13 - movdqu xmm12,XMMWORD PTR[80+r12] + movdqu xmm12,XMMWORD[80+r12] cmp r14,96 - je $L$xts_enc_6 + je NEAR $L$xts_enc_6 pxor xmm3,xmm11 - movdqu xmm13,XMMWORD PTR[96+r12] + movdqu xmm13,XMMWORD[96+r12] pxor xmm4,xmm12 - movdqa XMMWORD PTR[112+rsp],xmm6 - lea r12,QWORD PTR[112+r12] + movdqa XMMWORD[112+rsp],xmm6 + lea r12,[112+r12] pxor xmm5,xmm13 - lea rax,QWORD PTR[128+rsp] + lea rax,[128+rsp] mov r10d,edx call _bsaes_encrypt8 - pxor xmm15,XMMWORD PTR[rsp] - pxor xmm0,XMMWORD PTR[16+rsp] - movdqu XMMWORD PTR[r13],xmm15 - pxor xmm3,XMMWORD PTR[32+rsp] - movdqu XMMWORD PTR[16+r13],xmm0 - pxor xmm5,XMMWORD PTR[48+rsp] - movdqu XMMWORD PTR[32+r13],xmm3 - pxor xmm2,XMMWORD PTR[64+rsp] - movdqu XMMWORD PTR[48+r13],xmm5 - pxor xmm6,XMMWORD PTR[80+rsp] - movdqu XMMWORD PTR[64+r13],xmm2 - pxor xmm1,XMMWORD PTR[96+rsp] - movdqu XMMWORD PTR[80+r13],xmm6 - movdqu XMMWORD PTR[96+r13],xmm1 - lea r13,QWORD PTR[112+r13] - - movdqa xmm6,XMMWORD PTR[112+rsp] - jmp $L$xts_enc_done + pxor xmm15,XMMWORD[rsp] + pxor xmm0,XMMWORD[16+rsp] + movdqu XMMWORD[r13],xmm15 + pxor xmm3,XMMWORD[32+rsp] + movdqu XMMWORD[16+r13],xmm0 + pxor xmm5,XMMWORD[48+rsp] + movdqu XMMWORD[32+r13],xmm3 + pxor xmm2,XMMWORD[64+rsp] + movdqu XMMWORD[48+r13],xmm5 + pxor xmm6,XMMWORD[80+rsp] + movdqu XMMWORD[64+r13],xmm2 + pxor xmm1,XMMWORD[96+rsp] + movdqu XMMWORD[80+r13],xmm6 + movdqu XMMWORD[96+r13],xmm1 + lea r13,[112+r13] + + movdqa xmm6,XMMWORD[112+rsp] + jmp NEAR $L$xts_enc_done ALIGN 16 -$L$xts_enc_6:: +$L$xts_enc_6: pxor xmm3,xmm11 - lea r12,QWORD PTR[96+r12] + lea r12,[96+r12] pxor xmm4,xmm12 - lea rax,QWORD PTR[128+rsp] + lea rax,[128+rsp] mov r10d,edx call _bsaes_encrypt8 - pxor xmm15,XMMWORD PTR[rsp] - pxor xmm0,XMMWORD PTR[16+rsp] - movdqu XMMWORD PTR[r13],xmm15 - pxor xmm3,XMMWORD PTR[32+rsp] - movdqu XMMWORD PTR[16+r13],xmm0 - pxor xmm5,XMMWORD PTR[48+rsp] - movdqu XMMWORD PTR[32+r13],xmm3 - pxor xmm2,XMMWORD PTR[64+rsp] - movdqu XMMWORD PTR[48+r13],xmm5 - pxor xmm6,XMMWORD PTR[80+rsp] - movdqu XMMWORD PTR[64+r13],xmm2 - movdqu XMMWORD PTR[80+r13],xmm6 - lea r13,QWORD PTR[96+r13] - - movdqa xmm6,XMMWORD PTR[96+rsp] - jmp $L$xts_enc_done + pxor xmm15,XMMWORD[rsp] + pxor xmm0,XMMWORD[16+rsp] + movdqu XMMWORD[r13],xmm15 + pxor xmm3,XMMWORD[32+rsp] + movdqu XMMWORD[16+r13],xmm0 + pxor xmm5,XMMWORD[48+rsp] + movdqu XMMWORD[32+r13],xmm3 + pxor xmm2,XMMWORD[64+rsp] + movdqu XMMWORD[48+r13],xmm5 + pxor xmm6,XMMWORD[80+rsp] + movdqu XMMWORD[64+r13],xmm2 + movdqu XMMWORD[80+r13],xmm6 + lea r13,[96+r13] + + movdqa xmm6,XMMWORD[96+rsp] + jmp NEAR $L$xts_enc_done ALIGN 16 -$L$xts_enc_5:: +$L$xts_enc_5: pxor xmm2,xmm10 - lea r12,QWORD PTR[80+r12] + lea r12,[80+r12] pxor xmm3,xmm11 - lea rax,QWORD PTR[128+rsp] + lea rax,[128+rsp] mov r10d,edx call _bsaes_encrypt8 - pxor xmm15,XMMWORD PTR[rsp] - pxor xmm0,XMMWORD PTR[16+rsp] - movdqu XMMWORD PTR[r13],xmm15 - pxor xmm3,XMMWORD PTR[32+rsp] - movdqu XMMWORD PTR[16+r13],xmm0 - pxor xmm5,XMMWORD PTR[48+rsp] - movdqu XMMWORD PTR[32+r13],xmm3 - pxor xmm2,XMMWORD PTR[64+rsp] - movdqu XMMWORD PTR[48+r13],xmm5 - movdqu XMMWORD PTR[64+r13],xmm2 - lea r13,QWORD PTR[80+r13] - - movdqa xmm6,XMMWORD PTR[80+rsp] - jmp $L$xts_enc_done + pxor xmm15,XMMWORD[rsp] + pxor xmm0,XMMWORD[16+rsp] + movdqu XMMWORD[r13],xmm15 + pxor xmm3,XMMWORD[32+rsp] + movdqu XMMWORD[16+r13],xmm0 + pxor xmm5,XMMWORD[48+rsp] + movdqu XMMWORD[32+r13],xmm3 + pxor xmm2,XMMWORD[64+rsp] + movdqu XMMWORD[48+r13],xmm5 + movdqu XMMWORD[64+r13],xmm2 + lea r13,[80+r13] + + movdqa xmm6,XMMWORD[80+rsp] + jmp NEAR $L$xts_enc_done ALIGN 16 -$L$xts_enc_4:: +$L$xts_enc_4: pxor xmm1,xmm9 - lea r12,QWORD PTR[64+r12] + lea r12,[64+r12] pxor xmm2,xmm10 - lea rax,QWORD PTR[128+rsp] + lea rax,[128+rsp] mov r10d,edx call _bsaes_encrypt8 - pxor xmm15,XMMWORD PTR[rsp] - pxor xmm0,XMMWORD PTR[16+rsp] - movdqu XMMWORD PTR[r13],xmm15 - pxor xmm3,XMMWORD PTR[32+rsp] - movdqu XMMWORD PTR[16+r13],xmm0 - pxor xmm5,XMMWORD PTR[48+rsp] - movdqu XMMWORD PTR[32+r13],xmm3 - movdqu XMMWORD PTR[48+r13],xmm5 - lea r13,QWORD PTR[64+r13] - - movdqa xmm6,XMMWORD PTR[64+rsp] - jmp $L$xts_enc_done + pxor xmm15,XMMWORD[rsp] + pxor xmm0,XMMWORD[16+rsp] + movdqu XMMWORD[r13],xmm15 + pxor xmm3,XMMWORD[32+rsp] + movdqu XMMWORD[16+r13],xmm0 + pxor xmm5,XMMWORD[48+rsp] + movdqu XMMWORD[32+r13],xmm3 + movdqu XMMWORD[48+r13],xmm5 + lea r13,[64+r13] + + movdqa xmm6,XMMWORD[64+rsp] + jmp NEAR $L$xts_enc_done ALIGN 16 -$L$xts_enc_3:: +$L$xts_enc_3: pxor xmm0,xmm8 - lea r12,QWORD PTR[48+r12] + lea r12,[48+r12] pxor xmm1,xmm9 - lea rax,QWORD PTR[128+rsp] + lea rax,[128+rsp] mov r10d,edx call _bsaes_encrypt8 - pxor xmm15,XMMWORD PTR[rsp] - pxor xmm0,XMMWORD PTR[16+rsp] - movdqu XMMWORD PTR[r13],xmm15 - pxor xmm3,XMMWORD PTR[32+rsp] - movdqu XMMWORD PTR[16+r13],xmm0 - movdqu XMMWORD PTR[32+r13],xmm3 - lea r13,QWORD PTR[48+r13] + pxor xmm15,XMMWORD[rsp] + pxor xmm0,XMMWORD[16+rsp] + movdqu XMMWORD[r13],xmm15 + pxor xmm3,XMMWORD[32+rsp] + movdqu XMMWORD[16+r13],xmm0 + movdqu XMMWORD[32+r13],xmm3 + lea r13,[48+r13] - movdqa xmm6,XMMWORD PTR[48+rsp] - jmp $L$xts_enc_done + movdqa xmm6,XMMWORD[48+rsp] + jmp NEAR $L$xts_enc_done ALIGN 16 -$L$xts_enc_2:: +$L$xts_enc_2: pxor xmm15,xmm7 - lea r12,QWORD PTR[32+r12] + lea r12,[32+r12] pxor xmm0,xmm8 - lea rax,QWORD PTR[128+rsp] + lea rax,[128+rsp] mov r10d,edx call _bsaes_encrypt8 - pxor xmm15,XMMWORD PTR[rsp] - pxor xmm0,XMMWORD PTR[16+rsp] - movdqu XMMWORD PTR[r13],xmm15 - movdqu XMMWORD PTR[16+r13],xmm0 - lea r13,QWORD PTR[32+r13] + pxor xmm15,XMMWORD[rsp] + pxor xmm0,XMMWORD[16+rsp] + movdqu XMMWORD[r13],xmm15 + movdqu XMMWORD[16+r13],xmm0 + lea r13,[32+r13] - movdqa xmm6,XMMWORD PTR[32+rsp] - jmp $L$xts_enc_done + movdqa xmm6,XMMWORD[32+rsp] + jmp NEAR $L$xts_enc_done ALIGN 16 -$L$xts_enc_1:: +$L$xts_enc_1: pxor xmm7,xmm15 - lea r12,QWORD PTR[16+r12] - movdqa XMMWORD PTR[32+rbp],xmm7 - lea rcx,QWORD PTR[32+rbp] - lea rdx,QWORD PTR[32+rbp] - lea r8,QWORD PTR[r15] + lea r12,[16+r12] + movdqa XMMWORD[32+rbp],xmm7 + lea rcx,[32+rbp] + lea rdx,[32+rbp] + lea r8,[r15] call asm_AES_encrypt - pxor xmm15,XMMWORD PTR[32+rbp] + pxor xmm15,XMMWORD[32+rbp] - movdqu XMMWORD PTR[r13],xmm15 - lea r13,QWORD PTR[16+r13] + movdqu XMMWORD[r13],xmm15 + lea r13,[16+r13] - movdqa xmm6,XMMWORD PTR[16+rsp] + movdqa xmm6,XMMWORD[16+rsp] -$L$xts_enc_done:: +$L$xts_enc_done: and ebx,15 - jz $L$xts_enc_ret + jz NEAR $L$xts_enc_ret mov rdx,r13 -$L$xts_enc_steal:: - movzx eax,BYTE PTR[r12] - movzx ecx,BYTE PTR[((-16))+rdx] - lea r12,QWORD PTR[1+r12] - mov BYTE PTR[((-16))+rdx],al - mov BYTE PTR[rdx],cl - lea rdx,QWORD PTR[1+rdx] +$L$xts_enc_steal: + movzx eax,BYTE[r12] + movzx ecx,BYTE[((-16))+rdx] + lea r12,[1+r12] + mov BYTE[((-16))+rdx],al + mov BYTE[rdx],cl + lea rdx,[1+rdx] sub ebx,1 - jnz $L$xts_enc_steal + jnz NEAR $L$xts_enc_steal - movdqu xmm15,XMMWORD PTR[((-16))+r13] - lea rcx,QWORD PTR[32+rbp] + movdqu xmm15,XMMWORD[((-16))+r13] + lea rcx,[32+rbp] pxor xmm15,xmm6 - lea rdx,QWORD PTR[32+rbp] - movdqa XMMWORD PTR[32+rbp],xmm15 - lea r8,QWORD PTR[r15] + lea rdx,[32+rbp] + movdqa XMMWORD[32+rbp],xmm15 + lea r8,[r15] call asm_AES_encrypt - pxor xmm6,XMMWORD PTR[32+rbp] - movdqu XMMWORD PTR[(-16)+r13],xmm6 + pxor xmm6,XMMWORD[32+rbp] + movdqu XMMWORD[(-16)+r13],xmm6 -$L$xts_enc_ret:: - lea rax,QWORD PTR[rsp] +$L$xts_enc_ret: + lea rax,[rsp] pxor xmm0,xmm0 -$L$xts_enc_bzero:: - movdqa XMMWORD PTR[rax],xmm0 - movdqa XMMWORD PTR[16+rax],xmm0 - lea rax,QWORD PTR[32+rax] +$L$xts_enc_bzero: + movdqa XMMWORD[rax],xmm0 + movdqa XMMWORD[16+rax],xmm0 + lea rax,[32+rax] cmp rbp,rax - ja $L$xts_enc_bzero - - lea rsp,QWORD PTR[rbp] - movaps xmm6,XMMWORD PTR[64+rbp] - movaps xmm7,XMMWORD PTR[80+rbp] - movaps xmm8,XMMWORD PTR[96+rbp] - movaps xmm9,XMMWORD PTR[112+rbp] - movaps xmm10,XMMWORD PTR[128+rbp] - movaps xmm11,XMMWORD PTR[144+rbp] - movaps xmm12,XMMWORD PTR[160+rbp] - movaps xmm13,XMMWORD PTR[176+rbp] - movaps xmm14,XMMWORD PTR[192+rbp] - movaps xmm15,XMMWORD PTR[208+rbp] - lea rsp,QWORD PTR[160+rbp] - mov r15,QWORD PTR[72+rsp] - mov r14,QWORD PTR[80+rsp] - mov r13,QWORD PTR[88+rsp] - mov r12,QWORD PTR[96+rsp] - mov rbx,QWORD PTR[104+rsp] - mov rax,QWORD PTR[112+rsp] - lea rsp,QWORD PTR[120+rsp] + ja NEAR $L$xts_enc_bzero + + lea rsp,[rbp] + movaps xmm6,XMMWORD[64+rbp] + movaps xmm7,XMMWORD[80+rbp] + movaps xmm8,XMMWORD[96+rbp] + movaps xmm9,XMMWORD[112+rbp] + movaps xmm10,XMMWORD[128+rbp] + movaps xmm11,XMMWORD[144+rbp] + movaps xmm12,XMMWORD[160+rbp] + movaps xmm13,XMMWORD[176+rbp] + movaps xmm14,XMMWORD[192+rbp] + movaps xmm15,XMMWORD[208+rbp] + lea rsp,[160+rbp] + mov r15,QWORD[72+rsp] + mov r14,QWORD[80+rsp] + mov r13,QWORD[88+rsp] + mov r12,QWORD[96+rsp] + mov rbx,QWORD[104+rsp] + mov rax,QWORD[112+rsp] + lea rsp,[120+rsp] mov rbp,rax -$L$xts_enc_epilogue:: +$L$xts_enc_epilogue: DB 0F3h,0C3h ;repret -bsaes_xts_encrypt ENDP -PUBLIC bsaes_xts_decrypt + +global bsaes_xts_decrypt ALIGN 16 -bsaes_xts_decrypt PROC PUBLIC +bsaes_xts_decrypt: mov rax,rsp -$L$xts_dec_prologue:: +$L$xts_dec_prologue: push rbp push rbx push r12 push r13 push r14 push r15 - lea rsp,QWORD PTR[((-72))+rsp] - mov r10,QWORD PTR[160+rsp] - mov r11,QWORD PTR[168+rsp] - lea rsp,QWORD PTR[((-160))+rsp] - movaps XMMWORD PTR[64+rsp],xmm6 - movaps XMMWORD PTR[80+rsp],xmm7 - movaps XMMWORD PTR[96+rsp],xmm8 - movaps XMMWORD PTR[112+rsp],xmm9 - movaps XMMWORD PTR[128+rsp],xmm10 - movaps XMMWORD PTR[144+rsp],xmm11 - movaps XMMWORD PTR[160+rsp],xmm12 - movaps XMMWORD PTR[176+rsp],xmm13 - movaps XMMWORD PTR[192+rsp],xmm14 - movaps XMMWORD PTR[208+rsp],xmm15 -$L$xts_dec_body:: + lea rsp,[((-72))+rsp] + mov r10,QWORD[160+rsp] + mov r11,QWORD[168+rsp] + lea rsp,[((-160))+rsp] + movaps XMMWORD[64+rsp],xmm6 + movaps XMMWORD[80+rsp],xmm7 + movaps XMMWORD[96+rsp],xmm8 + movaps XMMWORD[112+rsp],xmm9 + movaps XMMWORD[128+rsp],xmm10 + movaps XMMWORD[144+rsp],xmm11 + movaps XMMWORD[160+rsp],xmm12 + movaps XMMWORD[176+rsp],xmm13 + movaps XMMWORD[192+rsp],xmm14 + movaps XMMWORD[208+rsp],xmm15 +$L$xts_dec_body: mov rbp,rsp mov r12,rcx mov r13,rdx mov r14,r8 mov r15,r9 - lea rcx,QWORD PTR[r11] - lea rdx,QWORD PTR[32+rbp] - lea r8,QWORD PTR[r10] + lea rcx,[r11] + lea rdx,[32+rbp] + lea r8,[r10] call asm_AES_encrypt - mov eax,DWORD PTR[240+r15] + mov eax,DWORD[240+r15] mov rbx,r14 mov edx,eax @@ -2089,9 +2093,9 @@ $L$xts_dec_body:: mov rcx,r15 mov r10d,edx call _bsaes_key_convert - pxor xmm7,XMMWORD PTR[rsp] - movdqa XMMWORD PTR[rax],xmm6 - movdqa XMMWORD PTR[rsp],xmm7 + pxor xmm7,XMMWORD[rsp] + movdqa XMMWORD[rax],xmm6 + movdqa XMMWORD[rsp],xmm7 xor eax,eax and r14,-16 @@ -2100,499 +2104,499 @@ $L$xts_dec_body:: shl rax,4 sub r14,rax - sub rsp,080h - movdqa xmm6,XMMWORD PTR[32+rbp] + sub rsp,0x80 + movdqa xmm6,XMMWORD[32+rbp] pxor xmm14,xmm14 - movdqa xmm12,XMMWORD PTR[$L$xts_magic] + movdqa xmm12,XMMWORD[$L$xts_magic] pcmpgtd xmm14,xmm6 - sub r14,080h - jc $L$xts_dec_short - jmp $L$xts_dec_loop + sub r14,0x80 + jc NEAR $L$xts_dec_short + jmp NEAR $L$xts_dec_loop ALIGN 16 -$L$xts_dec_loop:: - pshufd xmm13,xmm14,013h +$L$xts_dec_loop: + pshufd xmm13,xmm14,0x13 pxor xmm14,xmm14 movdqa xmm15,xmm6 - movdqa XMMWORD PTR[rsp],xmm6 + movdqa XMMWORD[rsp],xmm6 paddq xmm6,xmm6 pand xmm13,xmm12 pcmpgtd xmm14,xmm6 pxor xmm6,xmm13 - pshufd xmm13,xmm14,013h + pshufd xmm13,xmm14,0x13 pxor xmm14,xmm14 movdqa xmm0,xmm6 - movdqa XMMWORD PTR[16+rsp],xmm6 + movdqa XMMWORD[16+rsp],xmm6 paddq xmm6,xmm6 pand xmm13,xmm12 pcmpgtd xmm14,xmm6 pxor xmm6,xmm13 - movdqu xmm7,XMMWORD PTR[r12] - pshufd xmm13,xmm14,013h + movdqu xmm7,XMMWORD[r12] + pshufd xmm13,xmm14,0x13 pxor xmm14,xmm14 movdqa xmm1,xmm6 - movdqa XMMWORD PTR[32+rsp],xmm6 + movdqa XMMWORD[32+rsp],xmm6 paddq xmm6,xmm6 pand xmm13,xmm12 pcmpgtd xmm14,xmm6 pxor xmm6,xmm13 - movdqu xmm8,XMMWORD PTR[16+r12] + movdqu xmm8,XMMWORD[16+r12] pxor xmm15,xmm7 - pshufd xmm13,xmm14,013h + pshufd xmm13,xmm14,0x13 pxor xmm14,xmm14 movdqa xmm2,xmm6 - movdqa XMMWORD PTR[48+rsp],xmm6 + movdqa XMMWORD[48+rsp],xmm6 paddq xmm6,xmm6 pand xmm13,xmm12 pcmpgtd xmm14,xmm6 pxor xmm6,xmm13 - movdqu xmm9,XMMWORD PTR[32+r12] + movdqu xmm9,XMMWORD[32+r12] pxor xmm0,xmm8 - pshufd xmm13,xmm14,013h + pshufd xmm13,xmm14,0x13 pxor xmm14,xmm14 movdqa xmm3,xmm6 - movdqa XMMWORD PTR[64+rsp],xmm6 + movdqa XMMWORD[64+rsp],xmm6 paddq xmm6,xmm6 pand xmm13,xmm12 pcmpgtd xmm14,xmm6 pxor xmm6,xmm13 - movdqu xmm10,XMMWORD PTR[48+r12] + movdqu xmm10,XMMWORD[48+r12] pxor xmm1,xmm9 - pshufd xmm13,xmm14,013h + pshufd xmm13,xmm14,0x13 pxor xmm14,xmm14 movdqa xmm4,xmm6 - movdqa XMMWORD PTR[80+rsp],xmm6 + movdqa XMMWORD[80+rsp],xmm6 paddq xmm6,xmm6 pand xmm13,xmm12 pcmpgtd xmm14,xmm6 pxor xmm6,xmm13 - movdqu xmm11,XMMWORD PTR[64+r12] + movdqu xmm11,XMMWORD[64+r12] pxor xmm2,xmm10 - pshufd xmm13,xmm14,013h + pshufd xmm13,xmm14,0x13 pxor xmm14,xmm14 movdqa xmm5,xmm6 - movdqa XMMWORD PTR[96+rsp],xmm6 + movdqa XMMWORD[96+rsp],xmm6 paddq xmm6,xmm6 pand xmm13,xmm12 pcmpgtd xmm14,xmm6 pxor xmm6,xmm13 - movdqu xmm12,XMMWORD PTR[80+r12] + movdqu xmm12,XMMWORD[80+r12] pxor xmm3,xmm11 - movdqu xmm13,XMMWORD PTR[96+r12] + movdqu xmm13,XMMWORD[96+r12] pxor xmm4,xmm12 - movdqu xmm14,XMMWORD PTR[112+r12] - lea r12,QWORD PTR[128+r12] - movdqa XMMWORD PTR[112+rsp],xmm6 + movdqu xmm14,XMMWORD[112+r12] + lea r12,[128+r12] + movdqa XMMWORD[112+rsp],xmm6 pxor xmm5,xmm13 - lea rax,QWORD PTR[128+rsp] + lea rax,[128+rsp] pxor xmm6,xmm14 mov r10d,edx call _bsaes_decrypt8 - pxor xmm15,XMMWORD PTR[rsp] - pxor xmm0,XMMWORD PTR[16+rsp] - movdqu XMMWORD PTR[r13],xmm15 - pxor xmm5,XMMWORD PTR[32+rsp] - movdqu XMMWORD PTR[16+r13],xmm0 - pxor xmm3,XMMWORD PTR[48+rsp] - movdqu XMMWORD PTR[32+r13],xmm5 - pxor xmm1,XMMWORD PTR[64+rsp] - movdqu XMMWORD PTR[48+r13],xmm3 - pxor xmm6,XMMWORD PTR[80+rsp] - movdqu XMMWORD PTR[64+r13],xmm1 - pxor xmm2,XMMWORD PTR[96+rsp] - movdqu XMMWORD PTR[80+r13],xmm6 - pxor xmm4,XMMWORD PTR[112+rsp] - movdqu XMMWORD PTR[96+r13],xmm2 - movdqu XMMWORD PTR[112+r13],xmm4 - lea r13,QWORD PTR[128+r13] - - movdqa xmm6,XMMWORD PTR[112+rsp] + pxor xmm15,XMMWORD[rsp] + pxor xmm0,XMMWORD[16+rsp] + movdqu XMMWORD[r13],xmm15 + pxor xmm5,XMMWORD[32+rsp] + movdqu XMMWORD[16+r13],xmm0 + pxor xmm3,XMMWORD[48+rsp] + movdqu XMMWORD[32+r13],xmm5 + pxor xmm1,XMMWORD[64+rsp] + movdqu XMMWORD[48+r13],xmm3 + pxor xmm6,XMMWORD[80+rsp] + movdqu XMMWORD[64+r13],xmm1 + pxor xmm2,XMMWORD[96+rsp] + movdqu XMMWORD[80+r13],xmm6 + pxor xmm4,XMMWORD[112+rsp] + movdqu XMMWORD[96+r13],xmm2 + movdqu XMMWORD[112+r13],xmm4 + lea r13,[128+r13] + + movdqa xmm6,XMMWORD[112+rsp] pxor xmm14,xmm14 - movdqa xmm12,XMMWORD PTR[$L$xts_magic] + movdqa xmm12,XMMWORD[$L$xts_magic] pcmpgtd xmm14,xmm6 - pshufd xmm13,xmm14,013h + pshufd xmm13,xmm14,0x13 pxor xmm14,xmm14 paddq xmm6,xmm6 pand xmm13,xmm12 pcmpgtd xmm14,xmm6 pxor xmm6,xmm13 - sub r14,080h - jnc $L$xts_dec_loop + sub r14,0x80 + jnc NEAR $L$xts_dec_loop -$L$xts_dec_short:: - add r14,080h - jz $L$xts_dec_done - pshufd xmm13,xmm14,013h +$L$xts_dec_short: + add r14,0x80 + jz NEAR $L$xts_dec_done + pshufd xmm13,xmm14,0x13 pxor xmm14,xmm14 movdqa xmm15,xmm6 - movdqa XMMWORD PTR[rsp],xmm6 + movdqa XMMWORD[rsp],xmm6 paddq xmm6,xmm6 pand xmm13,xmm12 pcmpgtd xmm14,xmm6 pxor xmm6,xmm13 - pshufd xmm13,xmm14,013h + pshufd xmm13,xmm14,0x13 pxor xmm14,xmm14 movdqa xmm0,xmm6 - movdqa XMMWORD PTR[16+rsp],xmm6 + movdqa XMMWORD[16+rsp],xmm6 paddq xmm6,xmm6 pand xmm13,xmm12 pcmpgtd xmm14,xmm6 pxor xmm6,xmm13 - movdqu xmm7,XMMWORD PTR[r12] + movdqu xmm7,XMMWORD[r12] cmp r14,16 - je $L$xts_dec_1 - pshufd xmm13,xmm14,013h + je NEAR $L$xts_dec_1 + pshufd xmm13,xmm14,0x13 pxor xmm14,xmm14 movdqa xmm1,xmm6 - movdqa XMMWORD PTR[32+rsp],xmm6 + movdqa XMMWORD[32+rsp],xmm6 paddq xmm6,xmm6 pand xmm13,xmm12 pcmpgtd xmm14,xmm6 pxor xmm6,xmm13 - movdqu xmm8,XMMWORD PTR[16+r12] + movdqu xmm8,XMMWORD[16+r12] cmp r14,32 - je $L$xts_dec_2 + je NEAR $L$xts_dec_2 pxor xmm15,xmm7 - pshufd xmm13,xmm14,013h + pshufd xmm13,xmm14,0x13 pxor xmm14,xmm14 movdqa xmm2,xmm6 - movdqa XMMWORD PTR[48+rsp],xmm6 + movdqa XMMWORD[48+rsp],xmm6 paddq xmm6,xmm6 pand xmm13,xmm12 pcmpgtd xmm14,xmm6 pxor xmm6,xmm13 - movdqu xmm9,XMMWORD PTR[32+r12] + movdqu xmm9,XMMWORD[32+r12] cmp r14,48 - je $L$xts_dec_3 + je NEAR $L$xts_dec_3 pxor xmm0,xmm8 - pshufd xmm13,xmm14,013h + pshufd xmm13,xmm14,0x13 pxor xmm14,xmm14 movdqa xmm3,xmm6 - movdqa XMMWORD PTR[64+rsp],xmm6 + movdqa XMMWORD[64+rsp],xmm6 paddq xmm6,xmm6 pand xmm13,xmm12 pcmpgtd xmm14,xmm6 pxor xmm6,xmm13 - movdqu xmm10,XMMWORD PTR[48+r12] + movdqu xmm10,XMMWORD[48+r12] cmp r14,64 - je $L$xts_dec_4 + je NEAR $L$xts_dec_4 pxor xmm1,xmm9 - pshufd xmm13,xmm14,013h + pshufd xmm13,xmm14,0x13 pxor xmm14,xmm14 movdqa xmm4,xmm6 - movdqa XMMWORD PTR[80+rsp],xmm6 + movdqa XMMWORD[80+rsp],xmm6 paddq xmm6,xmm6 pand xmm13,xmm12 pcmpgtd xmm14,xmm6 pxor xmm6,xmm13 - movdqu xmm11,XMMWORD PTR[64+r12] + movdqu xmm11,XMMWORD[64+r12] cmp r14,80 - je $L$xts_dec_5 + je NEAR $L$xts_dec_5 pxor xmm2,xmm10 - pshufd xmm13,xmm14,013h + pshufd xmm13,xmm14,0x13 pxor xmm14,xmm14 movdqa xmm5,xmm6 - movdqa XMMWORD PTR[96+rsp],xmm6 + movdqa XMMWORD[96+rsp],xmm6 paddq xmm6,xmm6 pand xmm13,xmm12 pcmpgtd xmm14,xmm6 pxor xmm6,xmm13 - movdqu xmm12,XMMWORD PTR[80+r12] + movdqu xmm12,XMMWORD[80+r12] cmp r14,96 - je $L$xts_dec_6 + je NEAR $L$xts_dec_6 pxor xmm3,xmm11 - movdqu xmm13,XMMWORD PTR[96+r12] + movdqu xmm13,XMMWORD[96+r12] pxor xmm4,xmm12 - movdqa XMMWORD PTR[112+rsp],xmm6 - lea r12,QWORD PTR[112+r12] + movdqa XMMWORD[112+rsp],xmm6 + lea r12,[112+r12] pxor xmm5,xmm13 - lea rax,QWORD PTR[128+rsp] + lea rax,[128+rsp] mov r10d,edx call _bsaes_decrypt8 - pxor xmm15,XMMWORD PTR[rsp] - pxor xmm0,XMMWORD PTR[16+rsp] - movdqu XMMWORD PTR[r13],xmm15 - pxor xmm5,XMMWORD PTR[32+rsp] - movdqu XMMWORD PTR[16+r13],xmm0 - pxor xmm3,XMMWORD PTR[48+rsp] - movdqu XMMWORD PTR[32+r13],xmm5 - pxor xmm1,XMMWORD PTR[64+rsp] - movdqu XMMWORD PTR[48+r13],xmm3 - pxor xmm6,XMMWORD PTR[80+rsp] - movdqu XMMWORD PTR[64+r13],xmm1 - pxor xmm2,XMMWORD PTR[96+rsp] - movdqu XMMWORD PTR[80+r13],xmm6 - movdqu XMMWORD PTR[96+r13],xmm2 - lea r13,QWORD PTR[112+r13] - - movdqa xmm6,XMMWORD PTR[112+rsp] - jmp $L$xts_dec_done + pxor xmm15,XMMWORD[rsp] + pxor xmm0,XMMWORD[16+rsp] + movdqu XMMWORD[r13],xmm15 + pxor xmm5,XMMWORD[32+rsp] + movdqu XMMWORD[16+r13],xmm0 + pxor xmm3,XMMWORD[48+rsp] + movdqu XMMWORD[32+r13],xmm5 + pxor xmm1,XMMWORD[64+rsp] + movdqu XMMWORD[48+r13],xmm3 + pxor xmm6,XMMWORD[80+rsp] + movdqu XMMWORD[64+r13],xmm1 + pxor xmm2,XMMWORD[96+rsp] + movdqu XMMWORD[80+r13],xmm6 + movdqu XMMWORD[96+r13],xmm2 + lea r13,[112+r13] + + movdqa xmm6,XMMWORD[112+rsp] + jmp NEAR $L$xts_dec_done ALIGN 16 -$L$xts_dec_6:: +$L$xts_dec_6: pxor xmm3,xmm11 - lea r12,QWORD PTR[96+r12] + lea r12,[96+r12] pxor xmm4,xmm12 - lea rax,QWORD PTR[128+rsp] + lea rax,[128+rsp] mov r10d,edx call _bsaes_decrypt8 - pxor xmm15,XMMWORD PTR[rsp] - pxor xmm0,XMMWORD PTR[16+rsp] - movdqu XMMWORD PTR[r13],xmm15 - pxor xmm5,XMMWORD PTR[32+rsp] - movdqu XMMWORD PTR[16+r13],xmm0 - pxor xmm3,XMMWORD PTR[48+rsp] - movdqu XMMWORD PTR[32+r13],xmm5 - pxor xmm1,XMMWORD PTR[64+rsp] - movdqu XMMWORD PTR[48+r13],xmm3 - pxor xmm6,XMMWORD PTR[80+rsp] - movdqu XMMWORD PTR[64+r13],xmm1 - movdqu XMMWORD PTR[80+r13],xmm6 - lea r13,QWORD PTR[96+r13] - - movdqa xmm6,XMMWORD PTR[96+rsp] - jmp $L$xts_dec_done + pxor xmm15,XMMWORD[rsp] + pxor xmm0,XMMWORD[16+rsp] + movdqu XMMWORD[r13],xmm15 + pxor xmm5,XMMWORD[32+rsp] + movdqu XMMWORD[16+r13],xmm0 + pxor xmm3,XMMWORD[48+rsp] + movdqu XMMWORD[32+r13],xmm5 + pxor xmm1,XMMWORD[64+rsp] + movdqu XMMWORD[48+r13],xmm3 + pxor xmm6,XMMWORD[80+rsp] + movdqu XMMWORD[64+r13],xmm1 + movdqu XMMWORD[80+r13],xmm6 + lea r13,[96+r13] + + movdqa xmm6,XMMWORD[96+rsp] + jmp NEAR $L$xts_dec_done ALIGN 16 -$L$xts_dec_5:: +$L$xts_dec_5: pxor xmm2,xmm10 - lea r12,QWORD PTR[80+r12] + lea r12,[80+r12] pxor xmm3,xmm11 - lea rax,QWORD PTR[128+rsp] + lea rax,[128+rsp] mov r10d,edx call _bsaes_decrypt8 - pxor xmm15,XMMWORD PTR[rsp] - pxor xmm0,XMMWORD PTR[16+rsp] - movdqu XMMWORD PTR[r13],xmm15 - pxor xmm5,XMMWORD PTR[32+rsp] - movdqu XMMWORD PTR[16+r13],xmm0 - pxor xmm3,XMMWORD PTR[48+rsp] - movdqu XMMWORD PTR[32+r13],xmm5 - pxor xmm1,XMMWORD PTR[64+rsp] - movdqu XMMWORD PTR[48+r13],xmm3 - movdqu XMMWORD PTR[64+r13],xmm1 - lea r13,QWORD PTR[80+r13] - - movdqa xmm6,XMMWORD PTR[80+rsp] - jmp $L$xts_dec_done + pxor xmm15,XMMWORD[rsp] + pxor xmm0,XMMWORD[16+rsp] + movdqu XMMWORD[r13],xmm15 + pxor xmm5,XMMWORD[32+rsp] + movdqu XMMWORD[16+r13],xmm0 + pxor xmm3,XMMWORD[48+rsp] + movdqu XMMWORD[32+r13],xmm5 + pxor xmm1,XMMWORD[64+rsp] + movdqu XMMWORD[48+r13],xmm3 + movdqu XMMWORD[64+r13],xmm1 + lea r13,[80+r13] + + movdqa xmm6,XMMWORD[80+rsp] + jmp NEAR $L$xts_dec_done ALIGN 16 -$L$xts_dec_4:: +$L$xts_dec_4: pxor xmm1,xmm9 - lea r12,QWORD PTR[64+r12] + lea r12,[64+r12] pxor xmm2,xmm10 - lea rax,QWORD PTR[128+rsp] + lea rax,[128+rsp] mov r10d,edx call _bsaes_decrypt8 - pxor xmm15,XMMWORD PTR[rsp] - pxor xmm0,XMMWORD PTR[16+rsp] - movdqu XMMWORD PTR[r13],xmm15 - pxor xmm5,XMMWORD PTR[32+rsp] - movdqu XMMWORD PTR[16+r13],xmm0 - pxor xmm3,XMMWORD PTR[48+rsp] - movdqu XMMWORD PTR[32+r13],xmm5 - movdqu XMMWORD PTR[48+r13],xmm3 - lea r13,QWORD PTR[64+r13] - - movdqa xmm6,XMMWORD PTR[64+rsp] - jmp $L$xts_dec_done + pxor xmm15,XMMWORD[rsp] + pxor xmm0,XMMWORD[16+rsp] + movdqu XMMWORD[r13],xmm15 + pxor xmm5,XMMWORD[32+rsp] + movdqu XMMWORD[16+r13],xmm0 + pxor xmm3,XMMWORD[48+rsp] + movdqu XMMWORD[32+r13],xmm5 + movdqu XMMWORD[48+r13],xmm3 + lea r13,[64+r13] + + movdqa xmm6,XMMWORD[64+rsp] + jmp NEAR $L$xts_dec_done ALIGN 16 -$L$xts_dec_3:: +$L$xts_dec_3: pxor xmm0,xmm8 - lea r12,QWORD PTR[48+r12] + lea r12,[48+r12] pxor xmm1,xmm9 - lea rax,QWORD PTR[128+rsp] + lea rax,[128+rsp] mov r10d,edx call _bsaes_decrypt8 - pxor xmm15,XMMWORD PTR[rsp] - pxor xmm0,XMMWORD PTR[16+rsp] - movdqu XMMWORD PTR[r13],xmm15 - pxor xmm5,XMMWORD PTR[32+rsp] - movdqu XMMWORD PTR[16+r13],xmm0 - movdqu XMMWORD PTR[32+r13],xmm5 - lea r13,QWORD PTR[48+r13] + pxor xmm15,XMMWORD[rsp] + pxor xmm0,XMMWORD[16+rsp] + movdqu XMMWORD[r13],xmm15 + pxor xmm5,XMMWORD[32+rsp] + movdqu XMMWORD[16+r13],xmm0 + movdqu XMMWORD[32+r13],xmm5 + lea r13,[48+r13] - movdqa xmm6,XMMWORD PTR[48+rsp] - jmp $L$xts_dec_done + movdqa xmm6,XMMWORD[48+rsp] + jmp NEAR $L$xts_dec_done ALIGN 16 -$L$xts_dec_2:: +$L$xts_dec_2: pxor xmm15,xmm7 - lea r12,QWORD PTR[32+r12] + lea r12,[32+r12] pxor xmm0,xmm8 - lea rax,QWORD PTR[128+rsp] + lea rax,[128+rsp] mov r10d,edx call _bsaes_decrypt8 - pxor xmm15,XMMWORD PTR[rsp] - pxor xmm0,XMMWORD PTR[16+rsp] - movdqu XMMWORD PTR[r13],xmm15 - movdqu XMMWORD PTR[16+r13],xmm0 - lea r13,QWORD PTR[32+r13] + pxor xmm15,XMMWORD[rsp] + pxor xmm0,XMMWORD[16+rsp] + movdqu XMMWORD[r13],xmm15 + movdqu XMMWORD[16+r13],xmm0 + lea r13,[32+r13] - movdqa xmm6,XMMWORD PTR[32+rsp] - jmp $L$xts_dec_done + movdqa xmm6,XMMWORD[32+rsp] + jmp NEAR $L$xts_dec_done ALIGN 16 -$L$xts_dec_1:: +$L$xts_dec_1: pxor xmm7,xmm15 - lea r12,QWORD PTR[16+r12] - movdqa XMMWORD PTR[32+rbp],xmm7 - lea rcx,QWORD PTR[32+rbp] - lea rdx,QWORD PTR[32+rbp] - lea r8,QWORD PTR[r15] + lea r12,[16+r12] + movdqa XMMWORD[32+rbp],xmm7 + lea rcx,[32+rbp] + lea rdx,[32+rbp] + lea r8,[r15] call asm_AES_decrypt - pxor xmm15,XMMWORD PTR[32+rbp] + pxor xmm15,XMMWORD[32+rbp] - movdqu XMMWORD PTR[r13],xmm15 - lea r13,QWORD PTR[16+r13] + movdqu XMMWORD[r13],xmm15 + lea r13,[16+r13] - movdqa xmm6,XMMWORD PTR[16+rsp] + movdqa xmm6,XMMWORD[16+rsp] -$L$xts_dec_done:: +$L$xts_dec_done: and ebx,15 - jz $L$xts_dec_ret + jz NEAR $L$xts_dec_ret pxor xmm14,xmm14 - movdqa xmm12,XMMWORD PTR[$L$xts_magic] + movdqa xmm12,XMMWORD[$L$xts_magic] pcmpgtd xmm14,xmm6 - pshufd xmm13,xmm14,013h + pshufd xmm13,xmm14,0x13 movdqa xmm5,xmm6 paddq xmm6,xmm6 pand xmm13,xmm12 - movdqu xmm15,XMMWORD PTR[r12] + movdqu xmm15,XMMWORD[r12] pxor xmm6,xmm13 - lea rcx,QWORD PTR[32+rbp] + lea rcx,[32+rbp] pxor xmm15,xmm6 - lea rdx,QWORD PTR[32+rbp] - movdqa XMMWORD PTR[32+rbp],xmm15 - lea r8,QWORD PTR[r15] + lea rdx,[32+rbp] + movdqa XMMWORD[32+rbp],xmm15 + lea r8,[r15] call asm_AES_decrypt - pxor xmm6,XMMWORD PTR[32+rbp] + pxor xmm6,XMMWORD[32+rbp] mov rdx,r13 - movdqu XMMWORD PTR[r13],xmm6 - -$L$xts_dec_steal:: - movzx eax,BYTE PTR[16+r12] - movzx ecx,BYTE PTR[rdx] - lea r12,QWORD PTR[1+r12] - mov BYTE PTR[rdx],al - mov BYTE PTR[16+rdx],cl - lea rdx,QWORD PTR[1+rdx] + movdqu XMMWORD[r13],xmm6 + +$L$xts_dec_steal: + movzx eax,BYTE[16+r12] + movzx ecx,BYTE[rdx] + lea r12,[1+r12] + mov BYTE[rdx],al + mov BYTE[16+rdx],cl + lea rdx,[1+rdx] sub ebx,1 - jnz $L$xts_dec_steal + jnz NEAR $L$xts_dec_steal - movdqu xmm15,XMMWORD PTR[r13] - lea rcx,QWORD PTR[32+rbp] + movdqu xmm15,XMMWORD[r13] + lea rcx,[32+rbp] pxor xmm15,xmm5 - lea rdx,QWORD PTR[32+rbp] - movdqa XMMWORD PTR[32+rbp],xmm15 - lea r8,QWORD PTR[r15] + lea rdx,[32+rbp] + movdqa XMMWORD[32+rbp],xmm15 + lea r8,[r15] call asm_AES_decrypt - pxor xmm5,XMMWORD PTR[32+rbp] - movdqu XMMWORD PTR[r13],xmm5 + pxor xmm5,XMMWORD[32+rbp] + movdqu XMMWORD[r13],xmm5 -$L$xts_dec_ret:: - lea rax,QWORD PTR[rsp] +$L$xts_dec_ret: + lea rax,[rsp] pxor xmm0,xmm0 -$L$xts_dec_bzero:: - movdqa XMMWORD PTR[rax],xmm0 - movdqa XMMWORD PTR[16+rax],xmm0 - lea rax,QWORD PTR[32+rax] +$L$xts_dec_bzero: + movdqa XMMWORD[rax],xmm0 + movdqa XMMWORD[16+rax],xmm0 + lea rax,[32+rax] cmp rbp,rax - ja $L$xts_dec_bzero - - lea rsp,QWORD PTR[rbp] - movaps xmm6,XMMWORD PTR[64+rbp] - movaps xmm7,XMMWORD PTR[80+rbp] - movaps xmm8,XMMWORD PTR[96+rbp] - movaps xmm9,XMMWORD PTR[112+rbp] - movaps xmm10,XMMWORD PTR[128+rbp] - movaps xmm11,XMMWORD PTR[144+rbp] - movaps xmm12,XMMWORD PTR[160+rbp] - movaps xmm13,XMMWORD PTR[176+rbp] - movaps xmm14,XMMWORD PTR[192+rbp] - movaps xmm15,XMMWORD PTR[208+rbp] - lea rsp,QWORD PTR[160+rbp] - mov r15,QWORD PTR[72+rsp] - mov r14,QWORD PTR[80+rsp] - mov r13,QWORD PTR[88+rsp] - mov r12,QWORD PTR[96+rsp] - mov rbx,QWORD PTR[104+rsp] - mov rax,QWORD PTR[112+rsp] - lea rsp,QWORD PTR[120+rsp] + ja NEAR $L$xts_dec_bzero + + lea rsp,[rbp] + movaps xmm6,XMMWORD[64+rbp] + movaps xmm7,XMMWORD[80+rbp] + movaps xmm8,XMMWORD[96+rbp] + movaps xmm9,XMMWORD[112+rbp] + movaps xmm10,XMMWORD[128+rbp] + movaps xmm11,XMMWORD[144+rbp] + movaps xmm12,XMMWORD[160+rbp] + movaps xmm13,XMMWORD[176+rbp] + movaps xmm14,XMMWORD[192+rbp] + movaps xmm15,XMMWORD[208+rbp] + lea rsp,[160+rbp] + mov r15,QWORD[72+rsp] + mov r14,QWORD[80+rsp] + mov r13,QWORD[88+rsp] + mov r12,QWORD[96+rsp] + mov rbx,QWORD[104+rsp] + mov rax,QWORD[112+rsp] + lea rsp,[120+rsp] mov rbp,rax -$L$xts_dec_epilogue:: +$L$xts_dec_epilogue: DB 0F3h,0C3h ;repret -bsaes_xts_decrypt ENDP + ALIGN 64 -_bsaes_const:: -$L$M0ISR:: - DQ 00a0e0206070b0f03h,00004080c0d010509h -$L$ISRM0:: - DQ 001040b0e0205080fh,00306090c00070a0dh -$L$ISR:: - DQ 00504070602010003h,00f0e0d0c080b0a09h -$L$BS0:: - DQ 05555555555555555h,05555555555555555h -$L$BS1:: - DQ 03333333333333333h,03333333333333333h -$L$BS2:: - DQ 00f0f0f0f0f0f0f0fh,00f0f0f0f0f0f0f0fh -$L$SR:: - DQ 00504070600030201h,00f0e0d0c0a09080bh -$L$SRM0:: - DQ 00304090e00050a0fh,001060b0c0207080dh -$L$M0SR:: - DQ 00a0e02060f03070bh,00004080c05090d01h -$L$SWPUP:: - DQ 00706050403020100h,00c0d0e0f0b0a0908h -$L$SWPUPM0SR:: - DQ 00a0d02060c03070bh,00004080f05090e01h -$L$ADD1:: - DQ 00000000000000000h,00000000100000000h -$L$ADD2:: - DQ 00000000000000000h,00000000200000000h -$L$ADD3:: - DQ 00000000000000000h,00000000300000000h -$L$ADD4:: - DQ 00000000000000000h,00000000400000000h -$L$ADD5:: - DQ 00000000000000000h,00000000500000000h -$L$ADD6:: - DQ 00000000000000000h,00000000600000000h -$L$ADD7:: - DQ 00000000000000000h,00000000700000000h -$L$ADD8:: - DQ 00000000000000000h,00000000800000000h -$L$xts_magic:: - DD 087h,0,1,0 -$L$masks:: - DQ 00101010101010101h,00101010101010101h - DQ 00202020202020202h,00202020202020202h - DQ 00404040404040404h,00404040404040404h - DQ 00808080808080808h,00808080808080808h -$L$M0:: - DQ 002060a0e03070b0fh,00004080c0105090dh -$L$63:: - DQ 06363636363636363h,06363636363636363h +_bsaes_const: +$L$M0ISR: + DQ 0x0a0e0206070b0f03,0x0004080c0d010509 +$L$ISRM0: + DQ 0x01040b0e0205080f,0x0306090c00070a0d +$L$ISR: + DQ 0x0504070602010003,0x0f0e0d0c080b0a09 +$L$BS0: + DQ 0x5555555555555555,0x5555555555555555 +$L$BS1: + DQ 0x3333333333333333,0x3333333333333333 +$L$BS2: + DQ 0x0f0f0f0f0f0f0f0f,0x0f0f0f0f0f0f0f0f +$L$SR: + DQ 0x0504070600030201,0x0f0e0d0c0a09080b +$L$SRM0: + DQ 0x0304090e00050a0f,0x01060b0c0207080d +$L$M0SR: + DQ 0x0a0e02060f03070b,0x0004080c05090d01 +$L$SWPUP: + DQ 0x0706050403020100,0x0c0d0e0f0b0a0908 +$L$SWPUPM0SR: + DQ 0x0a0d02060c03070b,0x0004080f05090e01 +$L$ADD1: + DQ 0x0000000000000000,0x0000000100000000 +$L$ADD2: + DQ 0x0000000000000000,0x0000000200000000 +$L$ADD3: + DQ 0x0000000000000000,0x0000000300000000 +$L$ADD4: + DQ 0x0000000000000000,0x0000000400000000 +$L$ADD5: + DQ 0x0000000000000000,0x0000000500000000 +$L$ADD6: + DQ 0x0000000000000000,0x0000000600000000 +$L$ADD7: + DQ 0x0000000000000000,0x0000000700000000 +$L$ADD8: + DQ 0x0000000000000000,0x0000000800000000 +$L$xts_magic: + DD 0x87,0,1,0 +$L$masks: + DQ 0x0101010101010101,0x0101010101010101 + DQ 0x0202020202020202,0x0202020202020202 + DQ 0x0404040404040404,0x0404040404040404 + DQ 0x0808080808080808,0x0808080808080808 +$L$M0: + DQ 0x02060a0e03070b0f,0x0004080c0105090d +$L$63: + DQ 0x6363636363636363,0x6363636363636363 DB 66,105,116,45,115,108,105,99,101,100,32,65,69,83,32,102 DB 111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44 DB 32,69,109,105,108,105,97,32,75,195,164,115,112,101,114,44 @@ -2600,10 +2604,10 @@ DB 32,80,101,116,101,114,32,83,99,104,119,97,98,101,44,32 DB 65,110,100,121,32,80,111,108,121,97,107,111,118,0 ALIGN 64 -EXTERN __imp_RtlVirtualUnwind:NEAR +EXTERN __imp_RtlVirtualUnwind ALIGN 16 -se_handler PROC PRIVATE +se_handler: push rsi push rdi push rbx @@ -2615,67 +2619,67 @@ se_handler PROC PRIVATE pushfq sub rsp,64 - mov rax,QWORD PTR[120+r8] - mov rbx,QWORD PTR[248+r8] + mov rax,QWORD[120+r8] + mov rbx,QWORD[248+r8] - mov rsi,QWORD PTR[8+r9] - mov r11,QWORD PTR[56+r9] + mov rsi,QWORD[8+r9] + mov r11,QWORD[56+r9] - mov r10d,DWORD PTR[r11] - lea r10,QWORD PTR[r10*1+rsi] + mov r10d,DWORD[r11] + lea r10,[r10*1+rsi] cmp rbx,r10 - jb $L$in_prologue + jb NEAR $L$in_prologue - mov rax,QWORD PTR[152+r8] + mov rax,QWORD[152+r8] - mov r10d,DWORD PTR[4+r11] - lea r10,QWORD PTR[r10*1+rsi] + mov r10d,DWORD[4+r11] + lea r10,[r10*1+rsi] cmp rbx,r10 - jae $L$in_prologue + jae NEAR $L$in_prologue - mov rax,QWORD PTR[160+r8] + mov rax,QWORD[160+r8] - lea rsi,QWORD PTR[64+rax] - lea rdi,QWORD PTR[512+r8] + lea rsi,[64+rax] + lea rdi,[512+r8] mov ecx,20 - DD 0a548f3fch - lea rax,QWORD PTR[160+rax] - - mov rbp,QWORD PTR[112+rax] - mov rbx,QWORD PTR[104+rax] - mov r12,QWORD PTR[96+rax] - mov r13,QWORD PTR[88+rax] - mov r14,QWORD PTR[80+rax] - mov r15,QWORD PTR[72+rax] - lea rax,QWORD PTR[120+rax] - mov QWORD PTR[144+r8],rbx - mov QWORD PTR[160+r8],rbp - mov QWORD PTR[216+r8],r12 - mov QWORD PTR[224+r8],r13 - mov QWORD PTR[232+r8],r14 - mov QWORD PTR[240+r8],r15 - -$L$in_prologue:: - mov QWORD PTR[152+r8],rax - - mov rdi,QWORD PTR[40+r9] + DD 0xa548f3fc + lea rax,[160+rax] + + mov rbp,QWORD[112+rax] + mov rbx,QWORD[104+rax] + mov r12,QWORD[96+rax] + mov r13,QWORD[88+rax] + mov r14,QWORD[80+rax] + mov r15,QWORD[72+rax] + lea rax,[120+rax] + mov QWORD[144+r8],rbx + mov QWORD[160+r8],rbp + mov QWORD[216+r8],r12 + mov QWORD[224+r8],r13 + mov QWORD[232+r8],r14 + mov QWORD[240+r8],r15 + +$L$in_prologue: + mov QWORD[152+r8],rax + + mov rdi,QWORD[40+r9] mov rsi,r8 mov ecx,154 - DD 0a548f3fch + DD 0xa548f3fc mov rsi,r9 xor rcx,rcx - mov rdx,QWORD PTR[8+rsi] - mov r8,QWORD PTR[rsi] - mov r9,QWORD PTR[16+rsi] - mov r10,QWORD PTR[40+rsi] - lea r11,QWORD PTR[56+rsi] - lea r12,QWORD PTR[24+rsi] - mov QWORD PTR[32+rsp],r10 - mov QWORD PTR[40+rsp],r11 - mov QWORD PTR[48+rsp],r12 - mov QWORD PTR[56+rsp],rcx - call QWORD PTR[__imp_RtlVirtualUnwind] + mov rdx,QWORD[8+rsi] + mov r8,QWORD[rsi] + mov r9,QWORD[16+rsi] + mov r10,QWORD[40+rsi] + lea r11,[56+rsi] + lea r12,[24+rsi] + mov QWORD[32+rsp],r10 + mov QWORD[40+rsp],r11 + mov QWORD[48+rsp],r12 + mov QWORD[56+rsp],rcx + call QWORD[__imp_RtlVirtualUnwind] mov eax,1 add rsp,64 @@ -2689,46 +2693,41 @@ $L$in_prologue:: pop rdi pop rsi DB 0F3h,0C3h ;repret -se_handler ENDP -.text$ ENDS -.pdata SEGMENT READONLY ALIGN(4) + +section .pdata rdata align=4 ALIGN 4 - DD imagerel $L$cbc_dec_prologue - DD imagerel $L$cbc_dec_epilogue - DD imagerel $L$cbc_dec_info + DD $L$cbc_dec_prologue wrt ..imagebase + DD $L$cbc_dec_epilogue wrt ..imagebase + DD $L$cbc_dec_info wrt ..imagebase - DD imagerel $L$ctr_enc_prologue - DD imagerel $L$ctr_enc_epilogue - DD imagerel $L$ctr_enc_info + DD $L$ctr_enc_prologue wrt ..imagebase + DD $L$ctr_enc_epilogue wrt ..imagebase + DD $L$ctr_enc_info wrt ..imagebase - DD imagerel $L$xts_enc_prologue - DD imagerel $L$xts_enc_epilogue - DD imagerel $L$xts_enc_info + DD $L$xts_enc_prologue wrt ..imagebase + DD $L$xts_enc_epilogue wrt ..imagebase + DD $L$xts_enc_info wrt ..imagebase - DD imagerel $L$xts_dec_prologue - DD imagerel $L$xts_dec_epilogue - DD imagerel $L$xts_dec_info + DD $L$xts_dec_prologue wrt ..imagebase + DD $L$xts_dec_epilogue wrt ..imagebase + DD $L$xts_dec_info wrt ..imagebase -.pdata ENDS -.xdata SEGMENT READONLY ALIGN(8) +section .xdata rdata align=8 ALIGN 8 -$L$cbc_dec_info:: +$L$cbc_dec_info: DB 9,0,0,0 - DD imagerel se_handler - DD imagerel $L$cbc_dec_body,imagerel $L$cbc_dec_epilogue -$L$ctr_enc_info:: + DD se_handler wrt ..imagebase + DD $L$cbc_dec_body wrt ..imagebase,$L$cbc_dec_epilogue wrt ..imagebase +$L$ctr_enc_info: DB 9,0,0,0 - DD imagerel se_handler - DD imagerel $L$ctr_enc_body,imagerel $L$ctr_enc_epilogue -$L$xts_enc_info:: + DD se_handler wrt ..imagebase + DD $L$ctr_enc_body wrt ..imagebase,$L$ctr_enc_epilogue wrt ..imagebase +$L$xts_enc_info: DB 9,0,0,0 - DD imagerel se_handler - DD imagerel $L$xts_enc_body,imagerel $L$xts_enc_epilogue -$L$xts_dec_info:: + DD se_handler wrt ..imagebase + DD $L$xts_enc_body wrt ..imagebase,$L$xts_enc_epilogue wrt ..imagebase +$L$xts_dec_info: DB 9,0,0,0 - DD imagerel se_handler - DD imagerel $L$xts_dec_body,imagerel $L$xts_dec_epilogue - -.xdata ENDS -END + DD se_handler wrt ..imagebase + DD $L$xts_dec_body wrt ..imagebase,$L$xts_dec_epilogue wrt ..imagebase diff --git a/win-x86_64/crypto/aes/vpaes-x86_64.asm b/win-x86_64/crypto/aes/vpaes-x86_64.asm index 292f64d..3edde9f 100644 --- a/win-x86_64/crypto/aes/vpaes-x86_64.asm +++ b/win-x86_64/crypto/aes/vpaes-x86_64.asm @@ -1,5 +1,9 @@ -OPTION DOTNAME -.text$ SEGMENT ALIGN(256) 'CODE' +default rel +%define XMMWORD +%define YMMWORD +%define ZMMWORD +section .text code align=64 + @@ -18,27 +22,27 @@ OPTION DOTNAME ALIGN 16 -_vpaes_encrypt_core PROC PRIVATE +_vpaes_encrypt_core: mov r9,rdx mov r11,16 - mov eax,DWORD PTR[240+rdx] + mov eax,DWORD[240+rdx] movdqa xmm1,xmm9 - movdqa xmm2,XMMWORD PTR[$L$k_ipt] + movdqa xmm2,XMMWORD[$L$k_ipt] pandn xmm1,xmm0 - movdqu xmm5,XMMWORD PTR[r9] + movdqu xmm5,XMMWORD[r9] psrld xmm1,4 pand xmm0,xmm9 DB 102,15,56,0,208 - movdqa xmm0,XMMWORD PTR[(($L$k_ipt+16))] + movdqa xmm0,XMMWORD[(($L$k_ipt+16))] DB 102,15,56,0,193 pxor xmm2,xmm5 add r9,16 pxor xmm0,xmm2 - lea r10,QWORD PTR[$L$k_mc_backward] - jmp $L$enc_entry + lea r10,[$L$k_mc_backward] + jmp NEAR $L$enc_entry ALIGN 16 -$L$enc_loop:: +$L$enc_loop: movdqa xmm4,xmm13 movdqa xmm0,xmm12 @@ -47,9 +51,9 @@ DB 102,15,56,0,195 pxor xmm4,xmm5 movdqa xmm5,xmm15 pxor xmm0,xmm4 - movdqa xmm1,XMMWORD PTR[((-64))+r10*1+r11] + movdqa xmm1,XMMWORD[((-64))+r10*1+r11] DB 102,15,56,0,234 - movdqa xmm4,XMMWORD PTR[r10*1+r11] + movdqa xmm4,XMMWORD[r10*1+r11] movdqa xmm2,xmm14 DB 102,15,56,0,211 movdqa xmm3,xmm0 @@ -61,11 +65,11 @@ DB 102,15,56,0,220 add r11,16 pxor xmm3,xmm0 DB 102,15,56,0,193 - and r11,030h + and r11,0x30 sub rax,1 pxor xmm0,xmm3 -$L$enc_entry:: +$L$enc_entry: movdqa xmm1,xmm9 movdqa xmm5,xmm11 @@ -85,21 +89,21 @@ DB 102,15,56,0,211 movdqa xmm3,xmm10 pxor xmm2,xmm0 DB 102,15,56,0,220 - movdqu xmm5,XMMWORD PTR[r9] + movdqu xmm5,XMMWORD[r9] pxor xmm3,xmm1 - jnz $L$enc_loop + jnz NEAR $L$enc_loop - movdqa xmm4,XMMWORD PTR[((-96))+r10] - movdqa xmm0,XMMWORD PTR[((-80))+r10] + movdqa xmm4,XMMWORD[((-96))+r10] + movdqa xmm0,XMMWORD[((-80))+r10] DB 102,15,56,0,226 pxor xmm4,xmm5 DB 102,15,56,0,195 - movdqa xmm1,XMMWORD PTR[64+r10*1+r11] + movdqa xmm1,XMMWORD[64+r10*1+r11] pxor xmm0,xmm4 DB 102,15,56,0,193 DB 0F3h,0C3h ;repret -_vpaes_encrypt_core ENDP + @@ -108,59 +112,59 @@ _vpaes_encrypt_core ENDP ALIGN 16 -_vpaes_decrypt_core PROC PRIVATE +_vpaes_decrypt_core: mov r9,rdx - mov eax,DWORD PTR[240+rdx] + mov eax,DWORD[240+rdx] movdqa xmm1,xmm9 - movdqa xmm2,XMMWORD PTR[$L$k_dipt] + movdqa xmm2,XMMWORD[$L$k_dipt] pandn xmm1,xmm0 mov r11,rax psrld xmm1,4 - movdqu xmm5,XMMWORD PTR[r9] + movdqu xmm5,XMMWORD[r9] shl r11,4 pand xmm0,xmm9 DB 102,15,56,0,208 - movdqa xmm0,XMMWORD PTR[(($L$k_dipt+16))] - xor r11,030h - lea r10,QWORD PTR[$L$k_dsbd] + movdqa xmm0,XMMWORD[(($L$k_dipt+16))] + xor r11,0x30 + lea r10,[$L$k_dsbd] DB 102,15,56,0,193 - and r11,030h + and r11,0x30 pxor xmm2,xmm5 - movdqa xmm5,XMMWORD PTR[(($L$k_mc_forward+48))] + movdqa xmm5,XMMWORD[(($L$k_mc_forward+48))] pxor xmm0,xmm2 add r9,16 add r11,r10 - jmp $L$dec_entry + jmp NEAR $L$dec_entry ALIGN 16 -$L$dec_loop:: +$L$dec_loop: - movdqa xmm4,XMMWORD PTR[((-32))+r10] - movdqa xmm1,XMMWORD PTR[((-16))+r10] + movdqa xmm4,XMMWORD[((-32))+r10] + movdqa xmm1,XMMWORD[((-16))+r10] DB 102,15,56,0,226 DB 102,15,56,0,203 pxor xmm0,xmm4 - movdqa xmm4,XMMWORD PTR[r10] + movdqa xmm4,XMMWORD[r10] pxor xmm0,xmm1 - movdqa xmm1,XMMWORD PTR[16+r10] + movdqa xmm1,XMMWORD[16+r10] DB 102,15,56,0,226 DB 102,15,56,0,197 DB 102,15,56,0,203 pxor xmm0,xmm4 - movdqa xmm4,XMMWORD PTR[32+r10] + movdqa xmm4,XMMWORD[32+r10] pxor xmm0,xmm1 - movdqa xmm1,XMMWORD PTR[48+r10] + movdqa xmm1,XMMWORD[48+r10] DB 102,15,56,0,226 DB 102,15,56,0,197 DB 102,15,56,0,203 pxor xmm0,xmm4 - movdqa xmm4,XMMWORD PTR[64+r10] + movdqa xmm4,XMMWORD[64+r10] pxor xmm0,xmm1 - movdqa xmm1,XMMWORD PTR[80+r10] + movdqa xmm1,XMMWORD[80+r10] DB 102,15,56,0,226 DB 102,15,56,0,197 @@ -171,7 +175,7 @@ DB 102,15,58,15,237,12 pxor xmm0,xmm1 sub rax,1 -$L$dec_entry:: +$L$dec_entry: movdqa xmm1,xmm9 pandn xmm1,xmm0 @@ -191,21 +195,21 @@ DB 102,15,56,0,211 movdqa xmm3,xmm10 pxor xmm2,xmm0 DB 102,15,56,0,220 - movdqu xmm0,XMMWORD PTR[r9] + movdqu xmm0,XMMWORD[r9] pxor xmm3,xmm1 - jnz $L$dec_loop + jnz NEAR $L$dec_loop - movdqa xmm4,XMMWORD PTR[96+r10] + movdqa xmm4,XMMWORD[96+r10] DB 102,15,56,0,226 pxor xmm4,xmm0 - movdqa xmm0,XMMWORD PTR[112+r10] - movdqa xmm2,XMMWORD PTR[((-352))+r11] + movdqa xmm0,XMMWORD[112+r10] + movdqa xmm2,XMMWORD[((-352))+r11] DB 102,15,56,0,195 pxor xmm0,xmm4 DB 102,15,56,0,194 DB 0F3h,0C3h ;repret -_vpaes_decrypt_core ENDP + @@ -214,41 +218,41 @@ _vpaes_decrypt_core ENDP ALIGN 16 -_vpaes_schedule_core PROC PRIVATE +_vpaes_schedule_core: call _vpaes_preheat - movdqa xmm8,XMMWORD PTR[$L$k_rcon] - movdqu xmm0,XMMWORD PTR[rdi] + movdqa xmm8,XMMWORD[$L$k_rcon] + movdqu xmm0,XMMWORD[rdi] movdqa xmm3,xmm0 - lea r11,QWORD PTR[$L$k_ipt] + lea r11,[$L$k_ipt] call _vpaes_schedule_transform movdqa xmm7,xmm0 - lea r10,QWORD PTR[$L$k_sr] + lea r10,[$L$k_sr] test rcx,rcx - jnz $L$schedule_am_decrypting + jnz NEAR $L$schedule_am_decrypting - movdqu XMMWORD PTR[rdx],xmm0 - jmp $L$schedule_go + movdqu XMMWORD[rdx],xmm0 + jmp NEAR $L$schedule_go -$L$schedule_am_decrypting:: +$L$schedule_am_decrypting: - movdqa xmm1,XMMWORD PTR[r10*1+r8] + movdqa xmm1,XMMWORD[r10*1+r8] DB 102,15,56,0,217 - movdqu XMMWORD PTR[rdx],xmm3 - xor r8,030h + movdqu XMMWORD[rdx],xmm3 + xor r8,0x30 -$L$schedule_go:: +$L$schedule_go: cmp esi,192 - ja $L$schedule_256 - je $L$schedule_192 + ja NEAR $L$schedule_256 + je NEAR $L$schedule_192 @@ -259,15 +263,15 @@ $L$schedule_go:: -$L$schedule_128:: +$L$schedule_128: mov esi,10 -$L$oop_schedule_128:: +$L$oop_schedule_128: call _vpaes_schedule_round dec rsi - jz $L$schedule_mangle_last + jz NEAR $L$schedule_mangle_last call _vpaes_schedule_mangle - jmp $L$oop_schedule_128 + jmp NEAR $L$oop_schedule_128 @@ -285,15 +289,15 @@ $L$oop_schedule_128:: ALIGN 16 -$L$schedule_192:: - movdqu xmm0,XMMWORD PTR[8+rdi] +$L$schedule_192: + movdqu xmm0,XMMWORD[8+rdi] call _vpaes_schedule_transform movdqa xmm6,xmm0 pxor xmm4,xmm4 movhlps xmm6,xmm4 mov esi,4 -$L$oop_schedule_192:: +$L$oop_schedule_192: call _vpaes_schedule_round DB 102,15,58,15,198,8 call _vpaes_schedule_mangle @@ -301,10 +305,10 @@ DB 102,15,58,15,198,8 call _vpaes_schedule_mangle call _vpaes_schedule_round dec rsi - jz $L$schedule_mangle_last + jz NEAR $L$schedule_mangle_last call _vpaes_schedule_mangle call _vpaes_schedule_192_smear - jmp $L$oop_schedule_192 + jmp NEAR $L$oop_schedule_192 @@ -317,29 +321,29 @@ DB 102,15,58,15,198,8 ALIGN 16 -$L$schedule_256:: - movdqu xmm0,XMMWORD PTR[16+rdi] +$L$schedule_256: + movdqu xmm0,XMMWORD[16+rdi] call _vpaes_schedule_transform mov esi,7 -$L$oop_schedule_256:: +$L$oop_schedule_256: call _vpaes_schedule_mangle movdqa xmm6,xmm0 call _vpaes_schedule_round dec rsi - jz $L$schedule_mangle_last + jz NEAR $L$schedule_mangle_last call _vpaes_schedule_mangle - pshufd xmm0,xmm0,0FFh + pshufd xmm0,xmm0,0xFF movdqa xmm5,xmm7 movdqa xmm7,xmm6 call _vpaes_schedule_low_round movdqa xmm7,xmm5 - jmp $L$oop_schedule_256 + jmp NEAR $L$oop_schedule_256 @@ -353,23 +357,23 @@ $L$oop_schedule_256:: ALIGN 16 -$L$schedule_mangle_last:: +$L$schedule_mangle_last: - lea r11,QWORD PTR[$L$k_deskew] + lea r11,[$L$k_deskew] test rcx,rcx - jnz $L$schedule_mangle_last_dec + jnz NEAR $L$schedule_mangle_last_dec - movdqa xmm1,XMMWORD PTR[r10*1+r8] + movdqa xmm1,XMMWORD[r10*1+r8] DB 102,15,56,0,193 - lea r11,QWORD PTR[$L$k_opt] + lea r11,[$L$k_opt] add rdx,32 -$L$schedule_mangle_last_dec:: +$L$schedule_mangle_last_dec: add rdx,-16 - pxor xmm0,XMMWORD PTR[$L$k_s63] + pxor xmm0,XMMWORD[$L$k_s63] call _vpaes_schedule_transform - movdqu XMMWORD PTR[rdx],xmm0 + movdqu XMMWORD[rdx],xmm0 pxor xmm0,xmm0 @@ -381,7 +385,7 @@ $L$schedule_mangle_last_dec:: pxor xmm6,xmm6 pxor xmm7,xmm7 DB 0F3h,0C3h ;repret -_vpaes_schedule_core ENDP + @@ -399,16 +403,16 @@ _vpaes_schedule_core ENDP ALIGN 16 -_vpaes_schedule_192_smear PROC PRIVATE - pshufd xmm1,xmm6,080h - pshufd xmm0,xmm7,0FEh +_vpaes_schedule_192_smear: + pshufd xmm1,xmm6,0x80 + pshufd xmm0,xmm7,0xFE pxor xmm6,xmm1 pxor xmm1,xmm1 pxor xmm6,xmm0 movdqa xmm0,xmm6 movhlps xmm6,xmm1 DB 0F3h,0C3h ;repret -_vpaes_schedule_192_smear ENDP + @@ -430,7 +434,7 @@ _vpaes_schedule_192_smear ENDP ALIGN 16 -_vpaes_schedule_round PROC PRIVATE +_vpaes_schedule_round: pxor xmm1,xmm1 DB 102,65,15,58,15,200,15 @@ -438,13 +442,13 @@ DB 102,69,15,58,15,192,15 pxor xmm7,xmm1 - pshufd xmm0,xmm0,0FFh + pshufd xmm0,xmm0,0xFF DB 102,15,58,15,192,1 -_vpaes_schedule_low_round:: +_vpaes_schedule_low_round: movdqa xmm1,xmm7 pslldq xmm7,4 @@ -452,7 +456,7 @@ _vpaes_schedule_low_round:: movdqa xmm1,xmm7 pslldq xmm7,8 pxor xmm7,xmm1 - pxor xmm7,XMMWORD PTR[$L$k_s63] + pxor xmm7,XMMWORD[$L$k_s63] movdqa xmm1,xmm9 @@ -484,7 +488,7 @@ DB 102,15,56,0,195 pxor xmm0,xmm7 movdqa xmm7,xmm0 DB 0F3h,0C3h ;repret -_vpaes_schedule_round ENDP + @@ -497,18 +501,18 @@ _vpaes_schedule_round ENDP ALIGN 16 -_vpaes_schedule_transform PROC PRIVATE +_vpaes_schedule_transform: movdqa xmm1,xmm9 pandn xmm1,xmm0 psrld xmm1,4 pand xmm0,xmm9 - movdqa xmm2,XMMWORD PTR[r11] + movdqa xmm2,XMMWORD[r11] DB 102,15,56,0,208 - movdqa xmm0,XMMWORD PTR[16+r11] + movdqa xmm0,XMMWORD[16+r11] DB 102,15,56,0,193 pxor xmm0,xmm2 DB 0F3h,0C3h ;repret -_vpaes_schedule_transform ENDP + @@ -535,15 +539,15 @@ _vpaes_schedule_transform ENDP ALIGN 16 -_vpaes_schedule_mangle PROC PRIVATE +_vpaes_schedule_mangle: movdqa xmm4,xmm0 - movdqa xmm5,XMMWORD PTR[$L$k_mc_forward] + movdqa xmm5,XMMWORD[$L$k_mc_forward] test rcx,rcx - jnz $L$schedule_mangle_dec + jnz NEAR $L$schedule_mangle_dec add rdx,16 - pxor xmm4,XMMWORD PTR[$L$k_s63] + pxor xmm4,XMMWORD[$L$k_s63] DB 102,15,56,0,229 movdqa xmm3,xmm4 DB 102,15,56,0,229 @@ -551,143 +555,142 @@ DB 102,15,56,0,229 DB 102,15,56,0,229 pxor xmm3,xmm4 - jmp $L$schedule_mangle_both + jmp NEAR $L$schedule_mangle_both ALIGN 16 -$L$schedule_mangle_dec:: +$L$schedule_mangle_dec: - lea r11,QWORD PTR[$L$k_dksd] + lea r11,[$L$k_dksd] movdqa xmm1,xmm9 pandn xmm1,xmm4 psrld xmm1,4 pand xmm4,xmm9 - movdqa xmm2,XMMWORD PTR[r11] + movdqa xmm2,XMMWORD[r11] DB 102,15,56,0,212 - movdqa xmm3,XMMWORD PTR[16+r11] + movdqa xmm3,XMMWORD[16+r11] DB 102,15,56,0,217 pxor xmm3,xmm2 DB 102,15,56,0,221 - movdqa xmm2,XMMWORD PTR[32+r11] + movdqa xmm2,XMMWORD[32+r11] DB 102,15,56,0,212 pxor xmm2,xmm3 - movdqa xmm3,XMMWORD PTR[48+r11] + movdqa xmm3,XMMWORD[48+r11] DB 102,15,56,0,217 pxor xmm3,xmm2 DB 102,15,56,0,221 - movdqa xmm2,XMMWORD PTR[64+r11] + movdqa xmm2,XMMWORD[64+r11] DB 102,15,56,0,212 pxor xmm2,xmm3 - movdqa xmm3,XMMWORD PTR[80+r11] + movdqa xmm3,XMMWORD[80+r11] DB 102,15,56,0,217 pxor xmm3,xmm2 DB 102,15,56,0,221 - movdqa xmm2,XMMWORD PTR[96+r11] + movdqa xmm2,XMMWORD[96+r11] DB 102,15,56,0,212 pxor xmm2,xmm3 - movdqa xmm3,XMMWORD PTR[112+r11] + movdqa xmm3,XMMWORD[112+r11] DB 102,15,56,0,217 pxor xmm3,xmm2 add rdx,-16 -$L$schedule_mangle_both:: - movdqa xmm1,XMMWORD PTR[r10*1+r8] +$L$schedule_mangle_both: + movdqa xmm1,XMMWORD[r10*1+r8] DB 102,15,56,0,217 add r8,-16 - and r8,030h - movdqu XMMWORD PTR[rdx],xmm3 + and r8,0x30 + movdqu XMMWORD[rdx],xmm3 DB 0F3h,0C3h ;repret -_vpaes_schedule_mangle ENDP -PUBLIC vpaes_set_encrypt_key + +global vpaes_set_encrypt_key ALIGN 16 -vpaes_set_encrypt_key PROC PUBLIC - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +vpaes_set_encrypt_key: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_vpaes_set_encrypt_key:: +$L$SEH_begin_vpaes_set_encrypt_key: mov rdi,rcx mov rsi,rdx mov rdx,r8 - lea rsp,QWORD PTR[((-184))+rsp] - movaps XMMWORD PTR[16+rsp],xmm6 - movaps XMMWORD PTR[32+rsp],xmm7 - movaps XMMWORD PTR[48+rsp],xmm8 - movaps XMMWORD PTR[64+rsp],xmm9 - movaps XMMWORD PTR[80+rsp],xmm10 - movaps XMMWORD PTR[96+rsp],xmm11 - movaps XMMWORD PTR[112+rsp],xmm12 - movaps XMMWORD PTR[128+rsp],xmm13 - movaps XMMWORD PTR[144+rsp],xmm14 - movaps XMMWORD PTR[160+rsp],xmm15 -$L$enc_key_body:: + lea rsp,[((-184))+rsp] + movaps XMMWORD[16+rsp],xmm6 + movaps XMMWORD[32+rsp],xmm7 + movaps XMMWORD[48+rsp],xmm8 + movaps XMMWORD[64+rsp],xmm9 + movaps XMMWORD[80+rsp],xmm10 + movaps XMMWORD[96+rsp],xmm11 + movaps XMMWORD[112+rsp],xmm12 + movaps XMMWORD[128+rsp],xmm13 + movaps XMMWORD[144+rsp],xmm14 + movaps XMMWORD[160+rsp],xmm15 +$L$enc_key_body: mov eax,esi shr eax,5 add eax,5 - mov DWORD PTR[240+rdx],eax + mov DWORD[240+rdx],eax mov ecx,0 - mov r8d,030h + mov r8d,0x30 call _vpaes_schedule_core - movaps xmm6,XMMWORD PTR[16+rsp] - movaps xmm7,XMMWORD PTR[32+rsp] - movaps xmm8,XMMWORD PTR[48+rsp] - movaps xmm9,XMMWORD PTR[64+rsp] - movaps xmm10,XMMWORD PTR[80+rsp] - movaps xmm11,XMMWORD PTR[96+rsp] - movaps xmm12,XMMWORD PTR[112+rsp] - movaps xmm13,XMMWORD PTR[128+rsp] - movaps xmm14,XMMWORD PTR[144+rsp] - movaps xmm15,XMMWORD PTR[160+rsp] - lea rsp,QWORD PTR[184+rsp] -$L$enc_key_epilogue:: + movaps xmm6,XMMWORD[16+rsp] + movaps xmm7,XMMWORD[32+rsp] + movaps xmm8,XMMWORD[48+rsp] + movaps xmm9,XMMWORD[64+rsp] + movaps xmm10,XMMWORD[80+rsp] + movaps xmm11,XMMWORD[96+rsp] + movaps xmm12,XMMWORD[112+rsp] + movaps xmm13,XMMWORD[128+rsp] + movaps xmm14,XMMWORD[144+rsp] + movaps xmm15,XMMWORD[160+rsp] + lea rsp,[184+rsp] +$L$enc_key_epilogue: xor eax,eax - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_vpaes_set_encrypt_key:: -vpaes_set_encrypt_key ENDP +$L$SEH_end_vpaes_set_encrypt_key: -PUBLIC vpaes_set_decrypt_key +global vpaes_set_decrypt_key ALIGN 16 -vpaes_set_decrypt_key PROC PUBLIC - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +vpaes_set_decrypt_key: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_vpaes_set_decrypt_key:: +$L$SEH_begin_vpaes_set_decrypt_key: mov rdi,rcx mov rsi,rdx mov rdx,r8 - lea rsp,QWORD PTR[((-184))+rsp] - movaps XMMWORD PTR[16+rsp],xmm6 - movaps XMMWORD PTR[32+rsp],xmm7 - movaps XMMWORD PTR[48+rsp],xmm8 - movaps XMMWORD PTR[64+rsp],xmm9 - movaps XMMWORD PTR[80+rsp],xmm10 - movaps XMMWORD PTR[96+rsp],xmm11 - movaps XMMWORD PTR[112+rsp],xmm12 - movaps XMMWORD PTR[128+rsp],xmm13 - movaps XMMWORD PTR[144+rsp],xmm14 - movaps XMMWORD PTR[160+rsp],xmm15 -$L$dec_key_body:: + lea rsp,[((-184))+rsp] + movaps XMMWORD[16+rsp],xmm6 + movaps XMMWORD[32+rsp],xmm7 + movaps XMMWORD[48+rsp],xmm8 + movaps XMMWORD[64+rsp],xmm9 + movaps XMMWORD[80+rsp],xmm10 + movaps XMMWORD[96+rsp],xmm11 + movaps XMMWORD[112+rsp],xmm12 + movaps XMMWORD[128+rsp],xmm13 + movaps XMMWORD[144+rsp],xmm14 + movaps XMMWORD[160+rsp],xmm15 +$L$dec_key_body: mov eax,esi shr eax,5 add eax,5 - mov DWORD PTR[240+rdx],eax + mov DWORD[240+rdx],eax shl eax,4 - lea rdx,QWORD PTR[16+rax*1+rdx] + lea rdx,[16+rax*1+rdx] mov ecx,1 mov r8d,esi @@ -695,197 +698,193 @@ $L$dec_key_body:: and r8d,32 xor r8d,32 call _vpaes_schedule_core - movaps xmm6,XMMWORD PTR[16+rsp] - movaps xmm7,XMMWORD PTR[32+rsp] - movaps xmm8,XMMWORD PTR[48+rsp] - movaps xmm9,XMMWORD PTR[64+rsp] - movaps xmm10,XMMWORD PTR[80+rsp] - movaps xmm11,XMMWORD PTR[96+rsp] - movaps xmm12,XMMWORD PTR[112+rsp] - movaps xmm13,XMMWORD PTR[128+rsp] - movaps xmm14,XMMWORD PTR[144+rsp] - movaps xmm15,XMMWORD PTR[160+rsp] - lea rsp,QWORD PTR[184+rsp] -$L$dec_key_epilogue:: + movaps xmm6,XMMWORD[16+rsp] + movaps xmm7,XMMWORD[32+rsp] + movaps xmm8,XMMWORD[48+rsp] + movaps xmm9,XMMWORD[64+rsp] + movaps xmm10,XMMWORD[80+rsp] + movaps xmm11,XMMWORD[96+rsp] + movaps xmm12,XMMWORD[112+rsp] + movaps xmm13,XMMWORD[128+rsp] + movaps xmm14,XMMWORD[144+rsp] + movaps xmm15,XMMWORD[160+rsp] + lea rsp,[184+rsp] +$L$dec_key_epilogue: xor eax,eax - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_vpaes_set_decrypt_key:: -vpaes_set_decrypt_key ENDP +$L$SEH_end_vpaes_set_decrypt_key: -PUBLIC vpaes_encrypt +global vpaes_encrypt ALIGN 16 -vpaes_encrypt PROC PUBLIC - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +vpaes_encrypt: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_vpaes_encrypt:: +$L$SEH_begin_vpaes_encrypt: mov rdi,rcx mov rsi,rdx mov rdx,r8 - lea rsp,QWORD PTR[((-184))+rsp] - movaps XMMWORD PTR[16+rsp],xmm6 - movaps XMMWORD PTR[32+rsp],xmm7 - movaps XMMWORD PTR[48+rsp],xmm8 - movaps XMMWORD PTR[64+rsp],xmm9 - movaps XMMWORD PTR[80+rsp],xmm10 - movaps XMMWORD PTR[96+rsp],xmm11 - movaps XMMWORD PTR[112+rsp],xmm12 - movaps XMMWORD PTR[128+rsp],xmm13 - movaps XMMWORD PTR[144+rsp],xmm14 - movaps XMMWORD PTR[160+rsp],xmm15 -$L$enc_body:: - movdqu xmm0,XMMWORD PTR[rdi] + lea rsp,[((-184))+rsp] + movaps XMMWORD[16+rsp],xmm6 + movaps XMMWORD[32+rsp],xmm7 + movaps XMMWORD[48+rsp],xmm8 + movaps XMMWORD[64+rsp],xmm9 + movaps XMMWORD[80+rsp],xmm10 + movaps XMMWORD[96+rsp],xmm11 + movaps XMMWORD[112+rsp],xmm12 + movaps XMMWORD[128+rsp],xmm13 + movaps XMMWORD[144+rsp],xmm14 + movaps XMMWORD[160+rsp],xmm15 +$L$enc_body: + movdqu xmm0,XMMWORD[rdi] call _vpaes_preheat call _vpaes_encrypt_core - movdqu XMMWORD PTR[rsi],xmm0 - movaps xmm6,XMMWORD PTR[16+rsp] - movaps xmm7,XMMWORD PTR[32+rsp] - movaps xmm8,XMMWORD PTR[48+rsp] - movaps xmm9,XMMWORD PTR[64+rsp] - movaps xmm10,XMMWORD PTR[80+rsp] - movaps xmm11,XMMWORD PTR[96+rsp] - movaps xmm12,XMMWORD PTR[112+rsp] - movaps xmm13,XMMWORD PTR[128+rsp] - movaps xmm14,XMMWORD PTR[144+rsp] - movaps xmm15,XMMWORD PTR[160+rsp] - lea rsp,QWORD PTR[184+rsp] -$L$enc_epilogue:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] + movdqu XMMWORD[rsi],xmm0 + movaps xmm6,XMMWORD[16+rsp] + movaps xmm7,XMMWORD[32+rsp] + movaps xmm8,XMMWORD[48+rsp] + movaps xmm9,XMMWORD[64+rsp] + movaps xmm10,XMMWORD[80+rsp] + movaps xmm11,XMMWORD[96+rsp] + movaps xmm12,XMMWORD[112+rsp] + movaps xmm13,XMMWORD[128+rsp] + movaps xmm14,XMMWORD[144+rsp] + movaps xmm15,XMMWORD[160+rsp] + lea rsp,[184+rsp] +$L$enc_epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_vpaes_encrypt:: -vpaes_encrypt ENDP +$L$SEH_end_vpaes_encrypt: -PUBLIC vpaes_decrypt +global vpaes_decrypt ALIGN 16 -vpaes_decrypt PROC PUBLIC - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +vpaes_decrypt: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_vpaes_decrypt:: +$L$SEH_begin_vpaes_decrypt: mov rdi,rcx mov rsi,rdx mov rdx,r8 - lea rsp,QWORD PTR[((-184))+rsp] - movaps XMMWORD PTR[16+rsp],xmm6 - movaps XMMWORD PTR[32+rsp],xmm7 - movaps XMMWORD PTR[48+rsp],xmm8 - movaps XMMWORD PTR[64+rsp],xmm9 - movaps XMMWORD PTR[80+rsp],xmm10 - movaps XMMWORD PTR[96+rsp],xmm11 - movaps XMMWORD PTR[112+rsp],xmm12 - movaps XMMWORD PTR[128+rsp],xmm13 - movaps XMMWORD PTR[144+rsp],xmm14 - movaps XMMWORD PTR[160+rsp],xmm15 -$L$dec_body:: - movdqu xmm0,XMMWORD PTR[rdi] + lea rsp,[((-184))+rsp] + movaps XMMWORD[16+rsp],xmm6 + movaps XMMWORD[32+rsp],xmm7 + movaps XMMWORD[48+rsp],xmm8 + movaps XMMWORD[64+rsp],xmm9 + movaps XMMWORD[80+rsp],xmm10 + movaps XMMWORD[96+rsp],xmm11 + movaps XMMWORD[112+rsp],xmm12 + movaps XMMWORD[128+rsp],xmm13 + movaps XMMWORD[144+rsp],xmm14 + movaps XMMWORD[160+rsp],xmm15 +$L$dec_body: + movdqu xmm0,XMMWORD[rdi] call _vpaes_preheat call _vpaes_decrypt_core - movdqu XMMWORD PTR[rsi],xmm0 - movaps xmm6,XMMWORD PTR[16+rsp] - movaps xmm7,XMMWORD PTR[32+rsp] - movaps xmm8,XMMWORD PTR[48+rsp] - movaps xmm9,XMMWORD PTR[64+rsp] - movaps xmm10,XMMWORD PTR[80+rsp] - movaps xmm11,XMMWORD PTR[96+rsp] - movaps xmm12,XMMWORD PTR[112+rsp] - movaps xmm13,XMMWORD PTR[128+rsp] - movaps xmm14,XMMWORD PTR[144+rsp] - movaps xmm15,XMMWORD PTR[160+rsp] - lea rsp,QWORD PTR[184+rsp] -$L$dec_epilogue:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] + movdqu XMMWORD[rsi],xmm0 + movaps xmm6,XMMWORD[16+rsp] + movaps xmm7,XMMWORD[32+rsp] + movaps xmm8,XMMWORD[48+rsp] + movaps xmm9,XMMWORD[64+rsp] + movaps xmm10,XMMWORD[80+rsp] + movaps xmm11,XMMWORD[96+rsp] + movaps xmm12,XMMWORD[112+rsp] + movaps xmm13,XMMWORD[128+rsp] + movaps xmm14,XMMWORD[144+rsp] + movaps xmm15,XMMWORD[160+rsp] + lea rsp,[184+rsp] +$L$dec_epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_vpaes_decrypt:: -vpaes_decrypt ENDP -PUBLIC vpaes_cbc_encrypt +$L$SEH_end_vpaes_decrypt: +global vpaes_cbc_encrypt ALIGN 16 -vpaes_cbc_encrypt PROC PUBLIC - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +vpaes_cbc_encrypt: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_vpaes_cbc_encrypt:: +$L$SEH_begin_vpaes_cbc_encrypt: mov rdi,rcx mov rsi,rdx mov rdx,r8 mov rcx,r9 - mov r8,QWORD PTR[40+rsp] - mov r9,QWORD PTR[48+rsp] + mov r8,QWORD[40+rsp] + mov r9,QWORD[48+rsp] xchg rdx,rcx sub rcx,16 - jc $L$cbc_abort - lea rsp,QWORD PTR[((-184))+rsp] - movaps XMMWORD PTR[16+rsp],xmm6 - movaps XMMWORD PTR[32+rsp],xmm7 - movaps XMMWORD PTR[48+rsp],xmm8 - movaps XMMWORD PTR[64+rsp],xmm9 - movaps XMMWORD PTR[80+rsp],xmm10 - movaps XMMWORD PTR[96+rsp],xmm11 - movaps XMMWORD PTR[112+rsp],xmm12 - movaps XMMWORD PTR[128+rsp],xmm13 - movaps XMMWORD PTR[144+rsp],xmm14 - movaps XMMWORD PTR[160+rsp],xmm15 -$L$cbc_body:: - movdqu xmm6,XMMWORD PTR[r8] + jc NEAR $L$cbc_abort + lea rsp,[((-184))+rsp] + movaps XMMWORD[16+rsp],xmm6 + movaps XMMWORD[32+rsp],xmm7 + movaps XMMWORD[48+rsp],xmm8 + movaps XMMWORD[64+rsp],xmm9 + movaps XMMWORD[80+rsp],xmm10 + movaps XMMWORD[96+rsp],xmm11 + movaps XMMWORD[112+rsp],xmm12 + movaps XMMWORD[128+rsp],xmm13 + movaps XMMWORD[144+rsp],xmm14 + movaps XMMWORD[160+rsp],xmm15 +$L$cbc_body: + movdqu xmm6,XMMWORD[r8] sub rsi,rdi call _vpaes_preheat cmp r9d,0 - je $L$cbc_dec_loop - jmp $L$cbc_enc_loop + je NEAR $L$cbc_dec_loop + jmp NEAR $L$cbc_enc_loop ALIGN 16 -$L$cbc_enc_loop:: - movdqu xmm0,XMMWORD PTR[rdi] +$L$cbc_enc_loop: + movdqu xmm0,XMMWORD[rdi] pxor xmm0,xmm6 call _vpaes_encrypt_core movdqa xmm6,xmm0 - movdqu XMMWORD PTR[rdi*1+rsi],xmm0 - lea rdi,QWORD PTR[16+rdi] + movdqu XMMWORD[rdi*1+rsi],xmm0 + lea rdi,[16+rdi] sub rcx,16 - jnc $L$cbc_enc_loop - jmp $L$cbc_done + jnc NEAR $L$cbc_enc_loop + jmp NEAR $L$cbc_done ALIGN 16 -$L$cbc_dec_loop:: - movdqu xmm0,XMMWORD PTR[rdi] +$L$cbc_dec_loop: + movdqu xmm0,XMMWORD[rdi] movdqa xmm7,xmm0 call _vpaes_decrypt_core pxor xmm0,xmm6 movdqa xmm6,xmm7 - movdqu XMMWORD PTR[rdi*1+rsi],xmm0 - lea rdi,QWORD PTR[16+rdi] + movdqu XMMWORD[rdi*1+rsi],xmm0 + lea rdi,[16+rdi] sub rcx,16 - jnc $L$cbc_dec_loop -$L$cbc_done:: - movdqu XMMWORD PTR[r8],xmm6 - movaps xmm6,XMMWORD PTR[16+rsp] - movaps xmm7,XMMWORD PTR[32+rsp] - movaps xmm8,XMMWORD PTR[48+rsp] - movaps xmm9,XMMWORD PTR[64+rsp] - movaps xmm10,XMMWORD PTR[80+rsp] - movaps xmm11,XMMWORD PTR[96+rsp] - movaps xmm12,XMMWORD PTR[112+rsp] - movaps xmm13,XMMWORD PTR[128+rsp] - movaps xmm14,XMMWORD PTR[144+rsp] - movaps xmm15,XMMWORD PTR[160+rsp] - lea rsp,QWORD PTR[184+rsp] -$L$cbc_epilogue:: -$L$cbc_abort:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] + jnc NEAR $L$cbc_dec_loop +$L$cbc_done: + movdqu XMMWORD[r8],xmm6 + movaps xmm6,XMMWORD[16+rsp] + movaps xmm7,XMMWORD[32+rsp] + movaps xmm8,XMMWORD[48+rsp] + movaps xmm9,XMMWORD[64+rsp] + movaps xmm10,XMMWORD[80+rsp] + movaps xmm11,XMMWORD[96+rsp] + movaps xmm12,XMMWORD[112+rsp] + movaps xmm13,XMMWORD[128+rsp] + movaps xmm14,XMMWORD[144+rsp] + movaps xmm15,XMMWORD[160+rsp] + lea rsp,[184+rsp] +$L$cbc_epilogue: +$L$cbc_abort: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_vpaes_cbc_encrypt:: -vpaes_cbc_encrypt ENDP +$L$SEH_end_vpaes_cbc_encrypt: @@ -894,17 +893,17 @@ vpaes_cbc_encrypt ENDP ALIGN 16 -_vpaes_preheat PROC PRIVATE - lea r10,QWORD PTR[$L$k_s0F] - movdqa xmm10,XMMWORD PTR[((-32))+r10] - movdqa xmm11,XMMWORD PTR[((-16))+r10] - movdqa xmm9,XMMWORD PTR[r10] - movdqa xmm13,XMMWORD PTR[48+r10] - movdqa xmm12,XMMWORD PTR[64+r10] - movdqa xmm15,XMMWORD PTR[80+r10] - movdqa xmm14,XMMWORD PTR[96+r10] +_vpaes_preheat: + lea r10,[$L$k_s0F] + movdqa xmm10,XMMWORD[((-32))+r10] + movdqa xmm11,XMMWORD[((-16))+r10] + movdqa xmm9,XMMWORD[r10] + movdqa xmm13,XMMWORD[48+r10] + movdqa xmm12,XMMWORD[64+r10] + movdqa xmm15,XMMWORD[80+r10] + movdqa xmm14,XMMWORD[96+r10] DB 0F3h,0C3h ;repret -_vpaes_preheat ENDP + @@ -912,100 +911,100 @@ _vpaes_preheat ENDP ALIGN 64 -_vpaes_consts:: -$L$k_inv:: - DQ 00E05060F0D080180h,0040703090A0B0C02h - DQ 001040A060F0B0780h,0030D0E0C02050809h - -$L$k_s0F:: - DQ 00F0F0F0F0F0F0F0Fh,00F0F0F0F0F0F0F0Fh - -$L$k_ipt:: - DQ 0C2B2E8985A2A7000h,0CABAE09052227808h - DQ 04C01307D317C4D00h,0CD80B1FCB0FDCC81h - -$L$k_sb1:: - DQ 0B19BE18FCB503E00h,0A5DF7A6E142AF544h - DQ 03618D415FAE22300h,03BF7CCC10D2ED9EFh -$L$k_sb2:: - DQ 0E27A93C60B712400h,05EB7E955BC982FCDh - DQ 069EB88400AE12900h,0C2A163C8AB82234Ah -$L$k_sbo:: - DQ 0D0D26D176FBDC700h,015AABF7AC502A878h - DQ 0CFE474A55FBB6A00h,08E1E90D1412B35FAh - -$L$k_mc_forward:: - DQ 00407060500030201h,00C0F0E0D080B0A09h - DQ 0080B0A0904070605h,0000302010C0F0E0Dh - DQ 00C0F0E0D080B0A09h,00407060500030201h - DQ 0000302010C0F0E0Dh,0080B0A0904070605h - -$L$k_mc_backward:: - DQ 00605040702010003h,00E0D0C0F0A09080Bh - DQ 0020100030E0D0C0Fh,00A09080B06050407h - DQ 00E0D0C0F0A09080Bh,00605040702010003h - DQ 00A09080B06050407h,0020100030E0D0C0Fh - -$L$k_sr:: - DQ 00706050403020100h,00F0E0D0C0B0A0908h - DQ 0030E09040F0A0500h,00B06010C07020D08h - DQ 00F060D040B020900h,0070E050C030A0108h - DQ 00B0E0104070A0D00h,00306090C0F020508h - -$L$k_rcon:: - DQ 01F8391B9AF9DEEB6h,0702A98084D7C7D81h - -$L$k_s63:: - DQ 05B5B5B5B5B5B5B5Bh,05B5B5B5B5B5B5B5Bh - -$L$k_opt:: - DQ 0FF9F4929D6B66000h,0F7974121DEBE6808h - DQ 001EDBD5150BCEC00h,0E10D5DB1B05C0CE0h - -$L$k_deskew:: - DQ 007E4A34047A4E300h,01DFEB95A5DBEF91Ah - DQ 05F36B5DC83EA6900h,02841C2ABF49D1E77h - - - - - -$L$k_dksd:: - DQ 0FEB91A5DA3E44700h,00740E3A45A1DBEF9h - DQ 041C277F4B5368300h,05FDC69EAAB289D1Eh -$L$k_dksb:: - DQ 09A4FCA1F8550D500h,003D653861CC94C99h - DQ 0115BEDA7B6FC4A00h,0D993256F7E3482C8h -$L$k_dkse:: - DQ 0D5031CCA1FC9D600h,053859A4C994F5086h - DQ 0A23196054FDC7BE8h,0CD5EF96A20B31487h -$L$k_dks9:: - DQ 0B6116FC87ED9A700h,04AED933482255BFCh - DQ 04576516227143300h,08BB89FACE9DAFDCEh - - - - - -$L$k_dipt:: - DQ 00F505B040B545F00h,0154A411E114E451Ah - DQ 086E383E660056500h,012771772F491F194h - -$L$k_dsb9:: - DQ 0851C03539A86D600h,0CAD51F504F994CC9h - DQ 0C03B1789ECD74900h,0725E2C9EB2FBA565h -$L$k_dsbd:: - DQ 07D57CCDFE6B1A200h,0F56E9B13882A4439h - DQ 03CE2FAF724C6CB00h,02931180D15DEEFD3h -$L$k_dsbb:: - DQ 0D022649296B44200h,0602646F6B0F2D404h - DQ 0C19498A6CD596700h,0F3FF0C3E3255AA6Bh -$L$k_dsbe:: - DQ 046F2929626D4D000h,02242600464B4F6B0h - DQ 00C55A6CDFFAAC100h,09467F36B98593E32h -$L$k_dsbo:: - DQ 01387EA537EF94000h,0C7AA6DB9D4943E2Dh - DQ 012D7560F93441D00h,0CA4B8159D8C58E9Ch +_vpaes_consts: +$L$k_inv: + DQ 0x0E05060F0D080180,0x040703090A0B0C02 + DQ 0x01040A060F0B0780,0x030D0E0C02050809 + +$L$k_s0F: + DQ 0x0F0F0F0F0F0F0F0F,0x0F0F0F0F0F0F0F0F + +$L$k_ipt: + DQ 0xC2B2E8985A2A7000,0xCABAE09052227808 + DQ 0x4C01307D317C4D00,0xCD80B1FCB0FDCC81 + +$L$k_sb1: + DQ 0xB19BE18FCB503E00,0xA5DF7A6E142AF544 + DQ 0x3618D415FAE22300,0x3BF7CCC10D2ED9EF +$L$k_sb2: + DQ 0xE27A93C60B712400,0x5EB7E955BC982FCD + DQ 0x69EB88400AE12900,0xC2A163C8AB82234A +$L$k_sbo: + DQ 0xD0D26D176FBDC700,0x15AABF7AC502A878 + DQ 0xCFE474A55FBB6A00,0x8E1E90D1412B35FA + +$L$k_mc_forward: + DQ 0x0407060500030201,0x0C0F0E0D080B0A09 + DQ 0x080B0A0904070605,0x000302010C0F0E0D + DQ 0x0C0F0E0D080B0A09,0x0407060500030201 + DQ 0x000302010C0F0E0D,0x080B0A0904070605 + +$L$k_mc_backward: + DQ 0x0605040702010003,0x0E0D0C0F0A09080B + DQ 0x020100030E0D0C0F,0x0A09080B06050407 + DQ 0x0E0D0C0F0A09080B,0x0605040702010003 + DQ 0x0A09080B06050407,0x020100030E0D0C0F + +$L$k_sr: + DQ 0x0706050403020100,0x0F0E0D0C0B0A0908 + DQ 0x030E09040F0A0500,0x0B06010C07020D08 + DQ 0x0F060D040B020900,0x070E050C030A0108 + DQ 0x0B0E0104070A0D00,0x0306090C0F020508 + +$L$k_rcon: + DQ 0x1F8391B9AF9DEEB6,0x702A98084D7C7D81 + +$L$k_s63: + DQ 0x5B5B5B5B5B5B5B5B,0x5B5B5B5B5B5B5B5B + +$L$k_opt: + DQ 0xFF9F4929D6B66000,0xF7974121DEBE6808 + DQ 0x01EDBD5150BCEC00,0xE10D5DB1B05C0CE0 + +$L$k_deskew: + DQ 0x07E4A34047A4E300,0x1DFEB95A5DBEF91A + DQ 0x5F36B5DC83EA6900,0x2841C2ABF49D1E77 + + + + + +$L$k_dksd: + DQ 0xFEB91A5DA3E44700,0x0740E3A45A1DBEF9 + DQ 0x41C277F4B5368300,0x5FDC69EAAB289D1E +$L$k_dksb: + DQ 0x9A4FCA1F8550D500,0x03D653861CC94C99 + DQ 0x115BEDA7B6FC4A00,0xD993256F7E3482C8 +$L$k_dkse: + DQ 0xD5031CCA1FC9D600,0x53859A4C994F5086 + DQ 0xA23196054FDC7BE8,0xCD5EF96A20B31487 +$L$k_dks9: + DQ 0xB6116FC87ED9A700,0x4AED933482255BFC + DQ 0x4576516227143300,0x8BB89FACE9DAFDCE + + + + + +$L$k_dipt: + DQ 0x0F505B040B545F00,0x154A411E114E451A + DQ 0x86E383E660056500,0x12771772F491F194 + +$L$k_dsb9: + DQ 0x851C03539A86D600,0xCAD51F504F994CC9 + DQ 0xC03B1789ECD74900,0x725E2C9EB2FBA565 +$L$k_dsbd: + DQ 0x7D57CCDFE6B1A200,0xF56E9B13882A4439 + DQ 0x3CE2FAF724C6CB00,0x2931180D15DEEFD3 +$L$k_dsbb: + DQ 0xD022649296B44200,0x602646F6B0F2D404 + DQ 0xC19498A6CD596700,0xF3FF0C3E3255AA6B +$L$k_dsbe: + DQ 0x46F2929626D4D000,0x2242600464B4F6B0 + DQ 0x0C55A6CDFFAAC100,0x9467F36B98593E32 +$L$k_dsbo: + DQ 0x1387EA537EF94000,0xC7AA6DB9D4943E2D + DQ 0x12D7560F93441D00,0xCA4B8159D8C58E9C DB 86,101,99,116,111,114,32,80,101,114,109,117,116,97,116,105 DB 111,110,32,65,69,83,32,102,111,114,32,120,56,54,95,54 DB 52,47,83,83,83,69,51,44,32,77,105,107,101,32,72,97 @@ -1013,10 +1012,10 @@ DB 109,98,117,114,103,32,40,83,116,97,110,102,111,114,100,32 DB 85,110,105,118,101,114,115,105,116,121,41,0 ALIGN 64 -EXTERN __imp_RtlVirtualUnwind:NEAR +EXTERN __imp_RtlVirtualUnwind ALIGN 16 -se_handler PROC PRIVATE +se_handler: push rsi push rdi push rbx @@ -1028,55 +1027,55 @@ se_handler PROC PRIVATE pushfq sub rsp,64 - mov rax,QWORD PTR[120+r8] - mov rbx,QWORD PTR[248+r8] + mov rax,QWORD[120+r8] + mov rbx,QWORD[248+r8] - mov rsi,QWORD PTR[8+r9] - mov r11,QWORD PTR[56+r9] + mov rsi,QWORD[8+r9] + mov r11,QWORD[56+r9] - mov r10d,DWORD PTR[r11] - lea r10,QWORD PTR[r10*1+rsi] + mov r10d,DWORD[r11] + lea r10,[r10*1+rsi] cmp rbx,r10 - jb $L$in_prologue + jb NEAR $L$in_prologue - mov rax,QWORD PTR[152+r8] + mov rax,QWORD[152+r8] - mov r10d,DWORD PTR[4+r11] - lea r10,QWORD PTR[r10*1+rsi] + mov r10d,DWORD[4+r11] + lea r10,[r10*1+rsi] cmp rbx,r10 - jae $L$in_prologue + jae NEAR $L$in_prologue - lea rsi,QWORD PTR[16+rax] - lea rdi,QWORD PTR[512+r8] + lea rsi,[16+rax] + lea rdi,[512+r8] mov ecx,20 - DD 0a548f3fch - lea rax,QWORD PTR[184+rax] + DD 0xa548f3fc + lea rax,[184+rax] -$L$in_prologue:: - mov rdi,QWORD PTR[8+rax] - mov rsi,QWORD PTR[16+rax] - mov QWORD PTR[152+r8],rax - mov QWORD PTR[168+r8],rsi - mov QWORD PTR[176+r8],rdi +$L$in_prologue: + mov rdi,QWORD[8+rax] + mov rsi,QWORD[16+rax] + mov QWORD[152+r8],rax + mov QWORD[168+r8],rsi + mov QWORD[176+r8],rdi - mov rdi,QWORD PTR[40+r9] + mov rdi,QWORD[40+r9] mov rsi,r8 mov ecx,154 - DD 0a548f3fch + DD 0xa548f3fc mov rsi,r9 xor rcx,rcx - mov rdx,QWORD PTR[8+rsi] - mov r8,QWORD PTR[rsi] - mov r9,QWORD PTR[16+rsi] - mov r10,QWORD PTR[40+rsi] - lea r11,QWORD PTR[56+rsi] - lea r12,QWORD PTR[24+rsi] - mov QWORD PTR[32+rsp],r10 - mov QWORD PTR[40+rsp],r11 - mov QWORD PTR[48+rsp],r12 - mov QWORD PTR[56+rsp],rcx - call QWORD PTR[__imp_RtlVirtualUnwind] + mov rdx,QWORD[8+rsi] + mov r8,QWORD[rsi] + mov r9,QWORD[16+rsi] + mov r10,QWORD[40+rsi] + lea r11,[56+rsi] + lea r12,[24+rsi] + mov QWORD[32+rsp],r10 + mov QWORD[40+rsp],r11 + mov QWORD[48+rsp],r12 + mov QWORD[56+rsp],rcx + call QWORD[__imp_RtlVirtualUnwind] mov eax,1 add rsp,64 @@ -1090,54 +1089,49 @@ $L$in_prologue:: pop rdi pop rsi DB 0F3h,0C3h ;repret -se_handler ENDP -.text$ ENDS -.pdata SEGMENT READONLY ALIGN(4) + +section .pdata rdata align=4 ALIGN 4 - DD imagerel $L$SEH_begin_vpaes_set_encrypt_key - DD imagerel $L$SEH_end_vpaes_set_encrypt_key - DD imagerel $L$SEH_info_vpaes_set_encrypt_key + DD $L$SEH_begin_vpaes_set_encrypt_key wrt ..imagebase + DD $L$SEH_end_vpaes_set_encrypt_key wrt ..imagebase + DD $L$SEH_info_vpaes_set_encrypt_key wrt ..imagebase - DD imagerel $L$SEH_begin_vpaes_set_decrypt_key - DD imagerel $L$SEH_end_vpaes_set_decrypt_key - DD imagerel $L$SEH_info_vpaes_set_decrypt_key + DD $L$SEH_begin_vpaes_set_decrypt_key wrt ..imagebase + DD $L$SEH_end_vpaes_set_decrypt_key wrt ..imagebase + DD $L$SEH_info_vpaes_set_decrypt_key wrt ..imagebase - DD imagerel $L$SEH_begin_vpaes_encrypt - DD imagerel $L$SEH_end_vpaes_encrypt - DD imagerel $L$SEH_info_vpaes_encrypt + DD $L$SEH_begin_vpaes_encrypt wrt ..imagebase + DD $L$SEH_end_vpaes_encrypt wrt ..imagebase + DD $L$SEH_info_vpaes_encrypt wrt ..imagebase - DD imagerel $L$SEH_begin_vpaes_decrypt - DD imagerel $L$SEH_end_vpaes_decrypt - DD imagerel $L$SEH_info_vpaes_decrypt + DD $L$SEH_begin_vpaes_decrypt wrt ..imagebase + DD $L$SEH_end_vpaes_decrypt wrt ..imagebase + DD $L$SEH_info_vpaes_decrypt wrt ..imagebase - DD imagerel $L$SEH_begin_vpaes_cbc_encrypt - DD imagerel $L$SEH_end_vpaes_cbc_encrypt - DD imagerel $L$SEH_info_vpaes_cbc_encrypt + DD $L$SEH_begin_vpaes_cbc_encrypt wrt ..imagebase + DD $L$SEH_end_vpaes_cbc_encrypt wrt ..imagebase + DD $L$SEH_info_vpaes_cbc_encrypt wrt ..imagebase -.pdata ENDS -.xdata SEGMENT READONLY ALIGN(8) +section .xdata rdata align=8 ALIGN 8 -$L$SEH_info_vpaes_set_encrypt_key:: +$L$SEH_info_vpaes_set_encrypt_key: DB 9,0,0,0 - DD imagerel se_handler - DD imagerel $L$enc_key_body,imagerel $L$enc_key_epilogue -$L$SEH_info_vpaes_set_decrypt_key:: + DD se_handler wrt ..imagebase + DD $L$enc_key_body wrt ..imagebase,$L$enc_key_epilogue wrt ..imagebase +$L$SEH_info_vpaes_set_decrypt_key: DB 9,0,0,0 - DD imagerel se_handler - DD imagerel $L$dec_key_body,imagerel $L$dec_key_epilogue -$L$SEH_info_vpaes_encrypt:: + DD se_handler wrt ..imagebase + DD $L$dec_key_body wrt ..imagebase,$L$dec_key_epilogue wrt ..imagebase +$L$SEH_info_vpaes_encrypt: DB 9,0,0,0 - DD imagerel se_handler - DD imagerel $L$enc_body,imagerel $L$enc_epilogue -$L$SEH_info_vpaes_decrypt:: + DD se_handler wrt ..imagebase + DD $L$enc_body wrt ..imagebase,$L$enc_epilogue wrt ..imagebase +$L$SEH_info_vpaes_decrypt: DB 9,0,0,0 - DD imagerel se_handler - DD imagerel $L$dec_body,imagerel $L$dec_epilogue -$L$SEH_info_vpaes_cbc_encrypt:: + DD se_handler wrt ..imagebase + DD $L$dec_body wrt ..imagebase,$L$dec_epilogue wrt ..imagebase +$L$SEH_info_vpaes_cbc_encrypt: DB 9,0,0,0 - DD imagerel se_handler - DD imagerel $L$cbc_body,imagerel $L$cbc_epilogue - -.xdata ENDS -END + DD se_handler wrt ..imagebase + DD $L$cbc_body wrt ..imagebase,$L$cbc_epilogue wrt ..imagebase diff --git a/win-x86_64/crypto/bn/rsaz-avx2.asm b/win-x86_64/crypto/bn/rsaz-avx2.asm index f9188f5..45d0fd4 100644 --- a/win-x86_64/crypto/bn/rsaz-avx2.asm +++ b/win-x86_64/crypto/bn/rsaz-avx2.asm @@ -1,29 +1,30 @@ -OPTION DOTNAME -.text$ SEGMENT ALIGN(256) 'CODE' +default rel +%define XMMWORD +%define YMMWORD +%define ZMMWORD +section .text code align=64 -PUBLIC rsaz_avx2_eligible -rsaz_avx2_eligible PROC PUBLIC +global rsaz_avx2_eligible + +rsaz_avx2_eligible: xor eax,eax DB 0F3h,0C3h ;repret -rsaz_avx2_eligible ENDP -PUBLIC rsaz_1024_sqr_avx2 -PUBLIC rsaz_1024_mul_avx2 -PUBLIC rsaz_1024_norm2red_avx2 -PUBLIC rsaz_1024_red2norm_avx2 -PUBLIC rsaz_1024_scatter5_avx2 -PUBLIC rsaz_1024_gather5_avx2 -rsaz_1024_sqr_avx2 PROC PUBLIC -rsaz_1024_mul_avx2:: -rsaz_1024_norm2red_avx2:: -rsaz_1024_red2norm_avx2:: -rsaz_1024_scatter5_avx2:: -rsaz_1024_gather5_avx2:: -DB 00fh,00bh +global rsaz_1024_sqr_avx2 +global rsaz_1024_mul_avx2 +global rsaz_1024_norm2red_avx2 +global rsaz_1024_red2norm_avx2 +global rsaz_1024_scatter5_avx2 +global rsaz_1024_gather5_avx2 + +rsaz_1024_sqr_avx2: +rsaz_1024_mul_avx2: +rsaz_1024_norm2red_avx2: +rsaz_1024_red2norm_avx2: +rsaz_1024_scatter5_avx2: +rsaz_1024_gather5_avx2: +DB 0x0f,0x0b DB 0F3h,0C3h ;repret -rsaz_1024_sqr_avx2 ENDP -.text$ ENDS -END diff --git a/win-x86_64/crypto/bn/rsaz-x86_64.asm b/win-x86_64/crypto/bn/rsaz-x86_64.asm index 86e828d..04d5e39 100644 --- a/win-x86_64/crypto/bn/rsaz-x86_64.asm +++ b/win-x86_64/crypto/bn/rsaz-x86_64.asm @@ -1,21 +1,25 @@ -OPTION DOTNAME -.text$ SEGMENT ALIGN(256) 'CODE' +default rel +%define XMMWORD +%define YMMWORD +%define ZMMWORD +section .text code align=64 -EXTERN OPENSSL_ia32cap_P:NEAR -PUBLIC rsaz_512_sqr +EXTERN OPENSSL_ia32cap_P + +global rsaz_512_sqr ALIGN 32 -rsaz_512_sqr PROC PUBLIC - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +rsaz_512_sqr: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_rsaz_512_sqr:: +$L$SEH_begin_rsaz_512_sqr: mov rdi,rcx mov rsi,rdx mov rdx,r8 mov rcx,r9 - mov r8,QWORD PTR[40+rsp] + mov r8,QWORD[40+rsp] push rbx @@ -26,50 +30,50 @@ $L$SEH_begin_rsaz_512_sqr:: push r15 sub rsp,128+24 -$L$sqr_body:: +$L$sqr_body: mov rbp,rdx - mov rdx,QWORD PTR[rsi] - mov rax,QWORD PTR[8+rsi] - mov QWORD PTR[128+rsp],rcx - jmp $L$oop_sqr + mov rdx,QWORD[rsi] + mov rax,QWORD[8+rsi] + mov QWORD[128+rsp],rcx + jmp NEAR $L$oop_sqr ALIGN 32 -$L$oop_sqr:: - mov DWORD PTR[((128+8))+rsp],r8d +$L$oop_sqr: + mov DWORD[((128+8))+rsp],r8d mov rbx,rdx mul rdx mov r8,rax - mov rax,QWORD PTR[16+rsi] + mov rax,QWORD[16+rsi] mov r9,rdx mul rbx add r9,rax - mov rax,QWORD PTR[24+rsi] + mov rax,QWORD[24+rsi] mov r10,rdx adc r10,0 mul rbx add r10,rax - mov rax,QWORD PTR[32+rsi] + mov rax,QWORD[32+rsi] mov r11,rdx adc r11,0 mul rbx add r11,rax - mov rax,QWORD PTR[40+rsi] + mov rax,QWORD[40+rsi] mov r12,rdx adc r12,0 mul rbx add r12,rax - mov rax,QWORD PTR[48+rsi] + mov rax,QWORD[48+rsi] mov r13,rdx adc r13,0 mul rbx add r13,rax - mov rax,QWORD PTR[56+rsi] + mov rax,QWORD[56+rsi] mov r14,rdx adc r14,0 @@ -84,25 +88,25 @@ $L$oop_sqr:: adc r9,r9 mul rax - mov QWORD PTR[rsp],rax + mov QWORD[rsp],rax add r8,rdx adc r9,0 - mov QWORD PTR[8+rsp],r8 + mov QWORD[8+rsp],r8 shr rcx,63 - mov r8,QWORD PTR[8+rsi] - mov rax,QWORD PTR[16+rsi] + mov r8,QWORD[8+rsi] + mov rax,QWORD[16+rsi] mul r8 add r10,rax - mov rax,QWORD PTR[24+rsi] + mov rax,QWORD[24+rsi] mov rbx,rdx adc rbx,0 mul r8 add r11,rax - mov rax,QWORD PTR[32+rsi] + mov rax,QWORD[32+rsi] adc rdx,0 add r11,rbx mov rbx,rdx @@ -110,7 +114,7 @@ $L$oop_sqr:: mul r8 add r12,rax - mov rax,QWORD PTR[40+rsi] + mov rax,QWORD[40+rsi] adc rdx,0 add r12,rbx mov rbx,rdx @@ -118,7 +122,7 @@ $L$oop_sqr:: mul r8 add r13,rax - mov rax,QWORD PTR[48+rsi] + mov rax,QWORD[48+rsi] adc rdx,0 add r13,rbx mov rbx,rdx @@ -126,7 +130,7 @@ $L$oop_sqr:: mul r8 add r14,rax - mov rax,QWORD PTR[56+rsi] + mov rax,QWORD[56+rsi] adc rdx,0 add r14,rbx mov rbx,rdx @@ -142,7 +146,7 @@ $L$oop_sqr:: adc r8,0 add rdx,rdx - lea r10,QWORD PTR[r10*2+rcx] + lea r10,[r10*2+rcx] mov rbx,r11 adc r11,r11 @@ -151,22 +155,22 @@ $L$oop_sqr:: adc r10,rdx adc r11,0 - mov QWORD PTR[16+rsp],r9 - mov QWORD PTR[24+rsp],r10 + mov QWORD[16+rsp],r9 + mov QWORD[24+rsp],r10 shr rbx,63 - mov r9,QWORD PTR[16+rsi] - mov rax,QWORD PTR[24+rsi] + mov r9,QWORD[16+rsi] + mov rax,QWORD[24+rsi] mul r9 add r12,rax - mov rax,QWORD PTR[32+rsi] + mov rax,QWORD[32+rsi] mov rcx,rdx adc rcx,0 mul r9 add r13,rax - mov rax,QWORD PTR[40+rsi] + mov rax,QWORD[40+rsi] adc rdx,0 add r13,rcx mov rcx,rdx @@ -174,7 +178,7 @@ $L$oop_sqr:: mul r9 add r14,rax - mov rax,QWORD PTR[48+rsi] + mov rax,QWORD[48+rsi] adc rdx,0 add r14,rcx mov rcx,rdx @@ -182,9 +186,9 @@ $L$oop_sqr:: mul r9 mov r10,r12 - lea r12,QWORD PTR[r12*2+rbx] + lea r12,[r12*2+rbx] add r15,rax - mov rax,QWORD PTR[56+rsi] + mov rax,QWORD[56+rsi] adc rdx,0 add r15,rcx mov rcx,rdx @@ -200,29 +204,29 @@ $L$oop_sqr:: adc r9,0 mov rcx,r13 - lea r13,QWORD PTR[r13*2+r10] + lea r13,[r13*2+r10] mul rax add r11,rax adc r12,rdx adc r13,0 - mov QWORD PTR[32+rsp],r11 - mov QWORD PTR[40+rsp],r12 + mov QWORD[32+rsp],r11 + mov QWORD[40+rsp],r12 shr rcx,63 - mov r10,QWORD PTR[24+rsi] - mov rax,QWORD PTR[32+rsi] + mov r10,QWORD[24+rsi] + mov rax,QWORD[32+rsi] mul r10 add r14,rax - mov rax,QWORD PTR[40+rsi] + mov rax,QWORD[40+rsi] mov rbx,rdx adc rbx,0 mul r10 add r15,rax - mov rax,QWORD PTR[48+rsi] + mov rax,QWORD[48+rsi] adc rdx,0 add r15,rbx mov rbx,rdx @@ -230,9 +234,9 @@ $L$oop_sqr:: mul r10 mov r12,r14 - lea r14,QWORD PTR[r14*2+rcx] + lea r14,[r14*2+rcx] add r8,rax - mov rax,QWORD PTR[56+rsi] + mov rax,QWORD[56+rsi] adc rdx,0 add r8,rbx mov rbx,rdx @@ -248,32 +252,32 @@ $L$oop_sqr:: adc r10,0 mov rbx,r15 - lea r15,QWORD PTR[r15*2+r12] + lea r15,[r15*2+r12] mul rax add r13,rax adc r14,rdx adc r15,0 - mov QWORD PTR[48+rsp],r13 - mov QWORD PTR[56+rsp],r14 + mov QWORD[48+rsp],r13 + mov QWORD[56+rsp],r14 shr rbx,63 - mov r11,QWORD PTR[32+rsi] - mov rax,QWORD PTR[40+rsi] + mov r11,QWORD[32+rsi] + mov rax,QWORD[40+rsi] mul r11 add r8,rax - mov rax,QWORD PTR[48+rsi] + mov rax,QWORD[48+rsi] mov rcx,rdx adc rcx,0 mul r11 add r9,rax - mov rax,QWORD PTR[56+rsi] + mov rax,QWORD[56+rsi] adc rdx,0 mov r12,r8 - lea r8,QWORD PTR[r8*2+rbx] + lea r8,[r8*2+rbx] add r9,rcx mov rcx,rdx adc rcx,0 @@ -288,23 +292,23 @@ $L$oop_sqr:: adc r11,0 mov rcx,r9 - lea r9,QWORD PTR[r9*2+r12] + lea r9,[r9*2+r12] mul rax add r15,rax adc r8,rdx adc r9,0 - mov QWORD PTR[64+rsp],r15 - mov QWORD PTR[72+rsp],r8 + mov QWORD[64+rsp],r15 + mov QWORD[72+rsp],r8 shr rcx,63 - mov r12,QWORD PTR[40+rsi] - mov rax,QWORD PTR[48+rsi] + mov r12,QWORD[40+rsi] + mov rax,QWORD[48+rsi] mul r12 add r10,rax - mov rax,QWORD PTR[56+rsi] + mov rax,QWORD[56+rsi] mov rbx,rdx adc rbx,0 @@ -312,7 +316,7 @@ $L$oop_sqr:: add r11,rax mov rax,r12 mov r15,r10 - lea r10,QWORD PTR[r10*2+rcx] + lea r10,[r10*2+rcx] adc rdx,0 shr r15,63 add r11,rbx @@ -320,19 +324,19 @@ $L$oop_sqr:: adc r12,0 mov rbx,r11 - lea r11,QWORD PTR[r11*2+r15] + lea r11,[r11*2+r15] mul rax add r9,rax adc r10,rdx adc r11,0 - mov QWORD PTR[80+rsp],r9 - mov QWORD PTR[88+rsp],r10 + mov QWORD[80+rsp],r9 + mov QWORD[88+rsp],r10 - mov r13,QWORD PTR[48+rsi] - mov rax,QWORD PTR[56+rsi] + mov r13,QWORD[48+rsi] + mov rax,QWORD[56+rsi] mul r13 add r12,rax mov rax,r13 @@ -350,78 +354,77 @@ $L$oop_sqr:: adc r12,rdx adc r13,0 - mov QWORD PTR[96+rsp],r11 - mov QWORD PTR[104+rsp],r12 + mov QWORD[96+rsp],r11 + mov QWORD[104+rsp],r12 - mov rax,QWORD PTR[56+rsi] + mov rax,QWORD[56+rsi] mul rax add r13,rax adc rdx,0 add r14,rdx - mov QWORD PTR[112+rsp],r13 - mov QWORD PTR[120+rsp],r14 + mov QWORD[112+rsp],r13 + mov QWORD[120+rsp],r14 - mov r8,QWORD PTR[rsp] - mov r9,QWORD PTR[8+rsp] - mov r10,QWORD PTR[16+rsp] - mov r11,QWORD PTR[24+rsp] - mov r12,QWORD PTR[32+rsp] - mov r13,QWORD PTR[40+rsp] - mov r14,QWORD PTR[48+rsp] - mov r15,QWORD PTR[56+rsp] + mov r8,QWORD[rsp] + mov r9,QWORD[8+rsp] + mov r10,QWORD[16+rsp] + mov r11,QWORD[24+rsp] + mov r12,QWORD[32+rsp] + mov r13,QWORD[40+rsp] + mov r14,QWORD[48+rsp] + mov r15,QWORD[56+rsp] call __rsaz_512_reduce - add r8,QWORD PTR[64+rsp] - adc r9,QWORD PTR[72+rsp] - adc r10,QWORD PTR[80+rsp] - adc r11,QWORD PTR[88+rsp] - adc r12,QWORD PTR[96+rsp] - adc r13,QWORD PTR[104+rsp] - adc r14,QWORD PTR[112+rsp] - adc r15,QWORD PTR[120+rsp] + add r8,QWORD[64+rsp] + adc r9,QWORD[72+rsp] + adc r10,QWORD[80+rsp] + adc r11,QWORD[88+rsp] + adc r12,QWORD[96+rsp] + adc r13,QWORD[104+rsp] + adc r14,QWORD[112+rsp] + adc r15,QWORD[120+rsp] sbb rcx,rcx call __rsaz_512_subtract mov rdx,r8 mov rax,r9 - mov r8d,DWORD PTR[((128+8))+rsp] + mov r8d,DWORD[((128+8))+rsp] mov rsi,rdi dec r8d - jnz $L$oop_sqr - - lea rax,QWORD PTR[((128+24+48))+rsp] - mov r15,QWORD PTR[((-48))+rax] - mov r14,QWORD PTR[((-40))+rax] - mov r13,QWORD PTR[((-32))+rax] - mov r12,QWORD PTR[((-24))+rax] - mov rbp,QWORD PTR[((-16))+rax] - mov rbx,QWORD PTR[((-8))+rax] - lea rsp,QWORD PTR[rax] -$L$sqr_epilogue:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] + jnz NEAR $L$oop_sqr + + lea rax,[((128+24+48))+rsp] + mov r15,QWORD[((-48))+rax] + mov r14,QWORD[((-40))+rax] + mov r13,QWORD[((-32))+rax] + mov r12,QWORD[((-24))+rax] + mov rbp,QWORD[((-16))+rax] + mov rbx,QWORD[((-8))+rax] + lea rsp,[rax] +$L$sqr_epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_rsaz_512_sqr:: -rsaz_512_sqr ENDP -PUBLIC rsaz_512_mul +$L$SEH_end_rsaz_512_sqr: +global rsaz_512_mul ALIGN 32 -rsaz_512_mul PROC PUBLIC - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +rsaz_512_mul: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_rsaz_512_mul:: +$L$SEH_begin_rsaz_512_mul: mov rdi,rcx mov rsi,rdx mov rdx,r8 mov rcx,r9 - mov r8,QWORD PTR[40+rsp] + mov r8,QWORD[40+rsp] push rbx @@ -432,67 +435,66 @@ $L$SEH_begin_rsaz_512_mul:: push r15 sub rsp,128+24 -$L$mul_body:: +$L$mul_body: DB 102,72,15,110,199 DB 102,72,15,110,201 - mov QWORD PTR[128+rsp],r8 - mov rbx,QWORD PTR[rdx] + mov QWORD[128+rsp],r8 + mov rbx,QWORD[rdx] mov rbp,rdx call __rsaz_512_mul DB 102,72,15,126,199 DB 102,72,15,126,205 - mov r8,QWORD PTR[rsp] - mov r9,QWORD PTR[8+rsp] - mov r10,QWORD PTR[16+rsp] - mov r11,QWORD PTR[24+rsp] - mov r12,QWORD PTR[32+rsp] - mov r13,QWORD PTR[40+rsp] - mov r14,QWORD PTR[48+rsp] - mov r15,QWORD PTR[56+rsp] + mov r8,QWORD[rsp] + mov r9,QWORD[8+rsp] + mov r10,QWORD[16+rsp] + mov r11,QWORD[24+rsp] + mov r12,QWORD[32+rsp] + mov r13,QWORD[40+rsp] + mov r14,QWORD[48+rsp] + mov r15,QWORD[56+rsp] call __rsaz_512_reduce - add r8,QWORD PTR[64+rsp] - adc r9,QWORD PTR[72+rsp] - adc r10,QWORD PTR[80+rsp] - adc r11,QWORD PTR[88+rsp] - adc r12,QWORD PTR[96+rsp] - adc r13,QWORD PTR[104+rsp] - adc r14,QWORD PTR[112+rsp] - adc r15,QWORD PTR[120+rsp] + add r8,QWORD[64+rsp] + adc r9,QWORD[72+rsp] + adc r10,QWORD[80+rsp] + adc r11,QWORD[88+rsp] + adc r12,QWORD[96+rsp] + adc r13,QWORD[104+rsp] + adc r14,QWORD[112+rsp] + adc r15,QWORD[120+rsp] sbb rcx,rcx call __rsaz_512_subtract - lea rax,QWORD PTR[((128+24+48))+rsp] - mov r15,QWORD PTR[((-48))+rax] - mov r14,QWORD PTR[((-40))+rax] - mov r13,QWORD PTR[((-32))+rax] - mov r12,QWORD PTR[((-24))+rax] - mov rbp,QWORD PTR[((-16))+rax] - mov rbx,QWORD PTR[((-8))+rax] - lea rsp,QWORD PTR[rax] -$L$mul_epilogue:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] + lea rax,[((128+24+48))+rsp] + mov r15,QWORD[((-48))+rax] + mov r14,QWORD[((-40))+rax] + mov r13,QWORD[((-32))+rax] + mov r12,QWORD[((-24))+rax] + mov rbp,QWORD[((-16))+rax] + mov rbx,QWORD[((-8))+rax] + lea rsp,[rax] +$L$mul_epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_rsaz_512_mul:: -rsaz_512_mul ENDP -PUBLIC rsaz_512_mul_gather4 +$L$SEH_end_rsaz_512_mul: +global rsaz_512_mul_gather4 ALIGN 32 -rsaz_512_mul_gather4 PROC PUBLIC - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +rsaz_512_mul_gather4: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_rsaz_512_mul_gather4:: +$L$SEH_begin_rsaz_512_mul_gather4: mov rdi,rcx mov rsi,rdx mov rdx,r8 mov rcx,r9 - mov r8,QWORD PTR[40+rsp] - mov r9,QWORD PTR[48+rsp] + mov r8,QWORD[40+rsp] + mov r9,QWORD[48+rsp] push rbx @@ -504,97 +506,97 @@ $L$SEH_begin_rsaz_512_mul_gather4:: mov r9d,r9d sub rsp,128+24 -$L$mul_gather4_body:: - mov eax,DWORD PTR[64+r9*4+rdx] +$L$mul_gather4_body: + mov eax,DWORD[64+r9*4+rdx] DB 102,72,15,110,199 - mov ebx,DWORD PTR[r9*4+rdx] + mov ebx,DWORD[r9*4+rdx] DB 102,72,15,110,201 - mov QWORD PTR[128+rsp],r8 + mov QWORD[128+rsp],r8 shl rax,32 or rbx,rax - mov rax,QWORD PTR[rsi] - mov rcx,QWORD PTR[8+rsi] - lea rbp,QWORD PTR[128+r9*4+rdx] + mov rax,QWORD[rsi] + mov rcx,QWORD[8+rsi] + lea rbp,[128+r9*4+rdx] mul rbx - mov QWORD PTR[rsp],rax + mov QWORD[rsp],rax mov rax,rcx mov r8,rdx mul rbx - movd xmm4,DWORD PTR[rbp] + movd xmm4,DWORD[rbp] add r8,rax - mov rax,QWORD PTR[16+rsi] + mov rax,QWORD[16+rsi] mov r9,rdx adc r9,0 mul rbx - movd xmm5,DWORD PTR[64+rbp] + movd xmm5,DWORD[64+rbp] add r9,rax - mov rax,QWORD PTR[24+rsi] + mov rax,QWORD[24+rsi] mov r10,rdx adc r10,0 mul rbx pslldq xmm5,4 add r10,rax - mov rax,QWORD PTR[32+rsi] + mov rax,QWORD[32+rsi] mov r11,rdx adc r11,0 mul rbx por xmm4,xmm5 add r11,rax - mov rax,QWORD PTR[40+rsi] + mov rax,QWORD[40+rsi] mov r12,rdx adc r12,0 mul rbx add r12,rax - mov rax,QWORD PTR[48+rsi] + mov rax,QWORD[48+rsi] mov r13,rdx adc r13,0 mul rbx - lea rbp,QWORD PTR[128+rbp] + lea rbp,[128+rbp] add r13,rax - mov rax,QWORD PTR[56+rsi] + mov rax,QWORD[56+rsi] mov r14,rdx adc r14,0 mul rbx DB 102,72,15,126,227 add r14,rax - mov rax,QWORD PTR[rsi] + mov rax,QWORD[rsi] mov r15,rdx adc r15,0 - lea rdi,QWORD PTR[8+rsp] + lea rdi,[8+rsp] mov ecx,7 - jmp $L$oop_mul_gather + jmp NEAR $L$oop_mul_gather ALIGN 32 -$L$oop_mul_gather:: +$L$oop_mul_gather: mul rbx add r8,rax - mov rax,QWORD PTR[8+rsi] - mov QWORD PTR[rdi],r8 + mov rax,QWORD[8+rsi] + mov QWORD[rdi],r8 mov r8,rdx adc r8,0 mul rbx - movd xmm4,DWORD PTR[rbp] + movd xmm4,DWORD[rbp] add r9,rax - mov rax,QWORD PTR[16+rsi] + mov rax,QWORD[16+rsi] adc rdx,0 add r8,r9 mov r9,rdx adc r9,0 mul rbx - movd xmm5,DWORD PTR[64+rbp] + movd xmm5,DWORD[64+rbp] add r10,rax - mov rax,QWORD PTR[24+rsi] + mov rax,QWORD[24+rsi] adc rdx,0 add r9,r10 mov r10,rdx @@ -603,7 +605,7 @@ $L$oop_mul_gather:: mul rbx pslldq xmm5,4 add r11,rax - mov rax,QWORD PTR[32+rsi] + mov rax,QWORD[32+rsi] adc rdx,0 add r10,r11 mov r11,rdx @@ -612,7 +614,7 @@ $L$oop_mul_gather:: mul rbx por xmm4,xmm5 add r12,rax - mov rax,QWORD PTR[40+rsi] + mov rax,QWORD[40+rsi] adc rdx,0 add r11,r12 mov r12,rdx @@ -620,7 +622,7 @@ $L$oop_mul_gather:: mul rbx add r13,rax - mov rax,QWORD PTR[48+rsi] + mov rax,QWORD[48+rsi] adc rdx,0 add r12,r13 mov r13,rdx @@ -628,7 +630,7 @@ $L$oop_mul_gather:: mul rbx add r14,rax - mov rax,QWORD PTR[56+rsi] + mov rax,QWORD[56+rsi] adc rdx,0 add r13,r14 mov r14,rdx @@ -637,80 +639,79 @@ $L$oop_mul_gather:: mul rbx DB 102,72,15,126,227 add r15,rax - mov rax,QWORD PTR[rsi] + mov rax,QWORD[rsi] adc rdx,0 add r14,r15 mov r15,rdx adc r15,0 - lea rbp,QWORD PTR[128+rbp] - lea rdi,QWORD PTR[8+rdi] + lea rbp,[128+rbp] + lea rdi,[8+rdi] dec ecx - jnz $L$oop_mul_gather + jnz NEAR $L$oop_mul_gather - mov QWORD PTR[rdi],r8 - mov QWORD PTR[8+rdi],r9 - mov QWORD PTR[16+rdi],r10 - mov QWORD PTR[24+rdi],r11 - mov QWORD PTR[32+rdi],r12 - mov QWORD PTR[40+rdi],r13 - mov QWORD PTR[48+rdi],r14 - mov QWORD PTR[56+rdi],r15 + mov QWORD[rdi],r8 + mov QWORD[8+rdi],r9 + mov QWORD[16+rdi],r10 + mov QWORD[24+rdi],r11 + mov QWORD[32+rdi],r12 + mov QWORD[40+rdi],r13 + mov QWORD[48+rdi],r14 + mov QWORD[56+rdi],r15 DB 102,72,15,126,199 DB 102,72,15,126,205 - mov r8,QWORD PTR[rsp] - mov r9,QWORD PTR[8+rsp] - mov r10,QWORD PTR[16+rsp] - mov r11,QWORD PTR[24+rsp] - mov r12,QWORD PTR[32+rsp] - mov r13,QWORD PTR[40+rsp] - mov r14,QWORD PTR[48+rsp] - mov r15,QWORD PTR[56+rsp] + mov r8,QWORD[rsp] + mov r9,QWORD[8+rsp] + mov r10,QWORD[16+rsp] + mov r11,QWORD[24+rsp] + mov r12,QWORD[32+rsp] + mov r13,QWORD[40+rsp] + mov r14,QWORD[48+rsp] + mov r15,QWORD[56+rsp] call __rsaz_512_reduce - add r8,QWORD PTR[64+rsp] - adc r9,QWORD PTR[72+rsp] - adc r10,QWORD PTR[80+rsp] - adc r11,QWORD PTR[88+rsp] - adc r12,QWORD PTR[96+rsp] - adc r13,QWORD PTR[104+rsp] - adc r14,QWORD PTR[112+rsp] - adc r15,QWORD PTR[120+rsp] + add r8,QWORD[64+rsp] + adc r9,QWORD[72+rsp] + adc r10,QWORD[80+rsp] + adc r11,QWORD[88+rsp] + adc r12,QWORD[96+rsp] + adc r13,QWORD[104+rsp] + adc r14,QWORD[112+rsp] + adc r15,QWORD[120+rsp] sbb rcx,rcx call __rsaz_512_subtract - lea rax,QWORD PTR[((128+24+48))+rsp] - mov r15,QWORD PTR[((-48))+rax] - mov r14,QWORD PTR[((-40))+rax] - mov r13,QWORD PTR[((-32))+rax] - mov r12,QWORD PTR[((-24))+rax] - mov rbp,QWORD PTR[((-16))+rax] - mov rbx,QWORD PTR[((-8))+rax] - lea rsp,QWORD PTR[rax] -$L$mul_gather4_epilogue:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] + lea rax,[((128+24+48))+rsp] + mov r15,QWORD[((-48))+rax] + mov r14,QWORD[((-40))+rax] + mov r13,QWORD[((-32))+rax] + mov r12,QWORD[((-24))+rax] + mov rbp,QWORD[((-16))+rax] + mov rbx,QWORD[((-8))+rax] + lea rsp,[rax] +$L$mul_gather4_epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_rsaz_512_mul_gather4:: -rsaz_512_mul_gather4 ENDP -PUBLIC rsaz_512_mul_scatter4 +$L$SEH_end_rsaz_512_mul_gather4: +global rsaz_512_mul_scatter4 ALIGN 32 -rsaz_512_mul_scatter4 PROC PUBLIC - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +rsaz_512_mul_scatter4: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_rsaz_512_mul_scatter4:: +$L$SEH_begin_rsaz_512_mul_scatter4: mov rdi,rcx mov rsi,rdx mov rdx,r8 mov rcx,r9 - mov r8,QWORD PTR[40+rsp] - mov r9,QWORD PTR[48+rsp] + mov r8,QWORD[40+rsp] + mov r9,QWORD[48+rsp] push rbx @@ -722,90 +723,89 @@ $L$SEH_begin_rsaz_512_mul_scatter4:: mov r9d,r9d sub rsp,128+24 -$L$mul_scatter4_body:: - lea r8,QWORD PTR[r9*4+r8] +$L$mul_scatter4_body: + lea r8,[r9*4+r8] DB 102,72,15,110,199 DB 102,72,15,110,202 DB 102,73,15,110,208 - mov QWORD PTR[128+rsp],rcx + mov QWORD[128+rsp],rcx mov rbp,rdi - mov rbx,QWORD PTR[rdi] + mov rbx,QWORD[rdi] call __rsaz_512_mul DB 102,72,15,126,199 DB 102,72,15,126,205 - mov r8,QWORD PTR[rsp] - mov r9,QWORD PTR[8+rsp] - mov r10,QWORD PTR[16+rsp] - mov r11,QWORD PTR[24+rsp] - mov r12,QWORD PTR[32+rsp] - mov r13,QWORD PTR[40+rsp] - mov r14,QWORD PTR[48+rsp] - mov r15,QWORD PTR[56+rsp] + mov r8,QWORD[rsp] + mov r9,QWORD[8+rsp] + mov r10,QWORD[16+rsp] + mov r11,QWORD[24+rsp] + mov r12,QWORD[32+rsp] + mov r13,QWORD[40+rsp] + mov r14,QWORD[48+rsp] + mov r15,QWORD[56+rsp] call __rsaz_512_reduce - add r8,QWORD PTR[64+rsp] - adc r9,QWORD PTR[72+rsp] - adc r10,QWORD PTR[80+rsp] - adc r11,QWORD PTR[88+rsp] - adc r12,QWORD PTR[96+rsp] - adc r13,QWORD PTR[104+rsp] - adc r14,QWORD PTR[112+rsp] - adc r15,QWORD PTR[120+rsp] + add r8,QWORD[64+rsp] + adc r9,QWORD[72+rsp] + adc r10,QWORD[80+rsp] + adc r11,QWORD[88+rsp] + adc r12,QWORD[96+rsp] + adc r13,QWORD[104+rsp] + adc r14,QWORD[112+rsp] + adc r15,QWORD[120+rsp] DB 102,72,15,126,214 sbb rcx,rcx call __rsaz_512_subtract - mov DWORD PTR[rsi],r8d + mov DWORD[rsi],r8d shr r8,32 - mov DWORD PTR[128+rsi],r9d + mov DWORD[128+rsi],r9d shr r9,32 - mov DWORD PTR[256+rsi],r10d + mov DWORD[256+rsi],r10d shr r10,32 - mov DWORD PTR[384+rsi],r11d + mov DWORD[384+rsi],r11d shr r11,32 - mov DWORD PTR[512+rsi],r12d + mov DWORD[512+rsi],r12d shr r12,32 - mov DWORD PTR[640+rsi],r13d + mov DWORD[640+rsi],r13d shr r13,32 - mov DWORD PTR[768+rsi],r14d + mov DWORD[768+rsi],r14d shr r14,32 - mov DWORD PTR[896+rsi],r15d + mov DWORD[896+rsi],r15d shr r15,32 - mov DWORD PTR[64+rsi],r8d - mov DWORD PTR[192+rsi],r9d - mov DWORD PTR[320+rsi],r10d - mov DWORD PTR[448+rsi],r11d - mov DWORD PTR[576+rsi],r12d - mov DWORD PTR[704+rsi],r13d - mov DWORD PTR[832+rsi],r14d - mov DWORD PTR[960+rsi],r15d - - lea rax,QWORD PTR[((128+24+48))+rsp] - mov r15,QWORD PTR[((-48))+rax] - mov r14,QWORD PTR[((-40))+rax] - mov r13,QWORD PTR[((-32))+rax] - mov r12,QWORD PTR[((-24))+rax] - mov rbp,QWORD PTR[((-16))+rax] - mov rbx,QWORD PTR[((-8))+rax] - lea rsp,QWORD PTR[rax] -$L$mul_scatter4_epilogue:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] + mov DWORD[64+rsi],r8d + mov DWORD[192+rsi],r9d + mov DWORD[320+rsi],r10d + mov DWORD[448+rsi],r11d + mov DWORD[576+rsi],r12d + mov DWORD[704+rsi],r13d + mov DWORD[832+rsi],r14d + mov DWORD[960+rsi],r15d + + lea rax,[((128+24+48))+rsp] + mov r15,QWORD[((-48))+rax] + mov r14,QWORD[((-40))+rax] + mov r13,QWORD[((-32))+rax] + mov r12,QWORD[((-24))+rax] + mov rbp,QWORD[((-16))+rax] + mov rbx,QWORD[((-8))+rax] + lea rsp,[rax] +$L$mul_scatter4_epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_rsaz_512_mul_scatter4:: -rsaz_512_mul_scatter4 ENDP -PUBLIC rsaz_512_mul_by_one +$L$SEH_end_rsaz_512_mul_scatter4: +global rsaz_512_mul_by_one ALIGN 32 -rsaz_512_mul_by_one PROC PUBLIC - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +rsaz_512_mul_by_one: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_rsaz_512_mul_by_one:: +$L$SEH_begin_rsaz_512_mul_by_one: mov rdi,rcx mov rsi,rdx mov rdx,r8 @@ -820,71 +820,70 @@ $L$SEH_begin_rsaz_512_mul_by_one:: push r15 sub rsp,128+24 -$L$mul_by_one_body:: +$L$mul_by_one_body: mov rbp,rdx - mov QWORD PTR[128+rsp],rcx + mov QWORD[128+rsp],rcx - mov r8,QWORD PTR[rsi] + mov r8,QWORD[rsi] pxor xmm0,xmm0 - mov r9,QWORD PTR[8+rsi] - mov r10,QWORD PTR[16+rsi] - mov r11,QWORD PTR[24+rsi] - mov r12,QWORD PTR[32+rsi] - mov r13,QWORD PTR[40+rsi] - mov r14,QWORD PTR[48+rsi] - mov r15,QWORD PTR[56+rsi] - - movdqa XMMWORD PTR[rsp],xmm0 - movdqa XMMWORD PTR[16+rsp],xmm0 - movdqa XMMWORD PTR[32+rsp],xmm0 - movdqa XMMWORD PTR[48+rsp],xmm0 - movdqa XMMWORD PTR[64+rsp],xmm0 - movdqa XMMWORD PTR[80+rsp],xmm0 - movdqa XMMWORD PTR[96+rsp],xmm0 + mov r9,QWORD[8+rsi] + mov r10,QWORD[16+rsi] + mov r11,QWORD[24+rsi] + mov r12,QWORD[32+rsi] + mov r13,QWORD[40+rsi] + mov r14,QWORD[48+rsi] + mov r15,QWORD[56+rsi] + + movdqa XMMWORD[rsp],xmm0 + movdqa XMMWORD[16+rsp],xmm0 + movdqa XMMWORD[32+rsp],xmm0 + movdqa XMMWORD[48+rsp],xmm0 + movdqa XMMWORD[64+rsp],xmm0 + movdqa XMMWORD[80+rsp],xmm0 + movdqa XMMWORD[96+rsp],xmm0 call __rsaz_512_reduce - mov QWORD PTR[rdi],r8 - mov QWORD PTR[8+rdi],r9 - mov QWORD PTR[16+rdi],r10 - mov QWORD PTR[24+rdi],r11 - mov QWORD PTR[32+rdi],r12 - mov QWORD PTR[40+rdi],r13 - mov QWORD PTR[48+rdi],r14 - mov QWORD PTR[56+rdi],r15 - - lea rax,QWORD PTR[((128+24+48))+rsp] - mov r15,QWORD PTR[((-48))+rax] - mov r14,QWORD PTR[((-40))+rax] - mov r13,QWORD PTR[((-32))+rax] - mov r12,QWORD PTR[((-24))+rax] - mov rbp,QWORD PTR[((-16))+rax] - mov rbx,QWORD PTR[((-8))+rax] - lea rsp,QWORD PTR[rax] -$L$mul_by_one_epilogue:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] + mov QWORD[rdi],r8 + mov QWORD[8+rdi],r9 + mov QWORD[16+rdi],r10 + mov QWORD[24+rdi],r11 + mov QWORD[32+rdi],r12 + mov QWORD[40+rdi],r13 + mov QWORD[48+rdi],r14 + mov QWORD[56+rdi],r15 + + lea rax,[((128+24+48))+rsp] + mov r15,QWORD[((-48))+rax] + mov r14,QWORD[((-40))+rax] + mov r13,QWORD[((-32))+rax] + mov r12,QWORD[((-24))+rax] + mov rbp,QWORD[((-16))+rax] + mov rbx,QWORD[((-8))+rax] + lea rsp,[rax] +$L$mul_by_one_epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_rsaz_512_mul_by_one:: -rsaz_512_mul_by_one ENDP +$L$SEH_end_rsaz_512_mul_by_one: ALIGN 32 -__rsaz_512_reduce PROC PRIVATE +__rsaz_512_reduce: mov rbx,r8 - imul rbx,QWORD PTR[((128+8))+rsp] - mov rax,QWORD PTR[rbp] + imul rbx,QWORD[((128+8))+rsp] + mov rax,QWORD[rbp] mov ecx,8 - jmp $L$reduction_loop + jmp NEAR $L$reduction_loop ALIGN 32 -$L$reduction_loop:: +$L$reduction_loop: mul rbx - mov rax,QWORD PTR[8+rbp] + mov rax,QWORD[8+rbp] neg r8 mov r8,rdx adc r8,0 mul rbx add r9,rax - mov rax,QWORD PTR[16+rbp] + mov rax,QWORD[16+rbp] adc rdx,0 add r8,r9 mov r9,rdx @@ -892,7 +891,7 @@ $L$reduction_loop:: mul rbx add r10,rax - mov rax,QWORD PTR[24+rbp] + mov rax,QWORD[24+rbp] adc rdx,0 add r9,r10 mov r10,rdx @@ -900,10 +899,10 @@ $L$reduction_loop:: mul rbx add r11,rax - mov rax,QWORD PTR[32+rbp] + mov rax,QWORD[32+rbp] adc rdx,0 add r10,r11 - mov rsi,QWORD PTR[((128+8))+rsp] + mov rsi,QWORD[((128+8))+rsp] adc rdx,0 @@ -911,7 +910,7 @@ $L$reduction_loop:: mul rbx add r12,rax - mov rax,QWORD PTR[40+rbp] + mov rax,QWORD[40+rbp] adc rdx,0 imul rsi,r8 add r11,r12 @@ -920,7 +919,7 @@ $L$reduction_loop:: mul rbx add r13,rax - mov rax,QWORD PTR[48+rbp] + mov rax,QWORD[48+rbp] adc rdx,0 add r12,r13 mov r13,rdx @@ -928,7 +927,7 @@ $L$reduction_loop:: mul rbx add r14,rax - mov rax,QWORD PTR[56+rbp] + mov rax,QWORD[56+rbp] adc rdx,0 add r13,r14 mov r14,rdx @@ -937,146 +936,146 @@ $L$reduction_loop:: mul rbx mov rbx,rsi add r15,rax - mov rax,QWORD PTR[rbp] + mov rax,QWORD[rbp] adc rdx,0 add r14,r15 mov r15,rdx adc r15,0 dec ecx - jne $L$reduction_loop + jne NEAR $L$reduction_loop DB 0F3h,0C3h ;repret -__rsaz_512_reduce ENDP + ALIGN 32 -__rsaz_512_subtract PROC PRIVATE - mov QWORD PTR[rdi],r8 - mov QWORD PTR[8+rdi],r9 - mov QWORD PTR[16+rdi],r10 - mov QWORD PTR[24+rdi],r11 - mov QWORD PTR[32+rdi],r12 - mov QWORD PTR[40+rdi],r13 - mov QWORD PTR[48+rdi],r14 - mov QWORD PTR[56+rdi],r15 - - mov r8,QWORD PTR[rbp] - mov r9,QWORD PTR[8+rbp] +__rsaz_512_subtract: + mov QWORD[rdi],r8 + mov QWORD[8+rdi],r9 + mov QWORD[16+rdi],r10 + mov QWORD[24+rdi],r11 + mov QWORD[32+rdi],r12 + mov QWORD[40+rdi],r13 + mov QWORD[48+rdi],r14 + mov QWORD[56+rdi],r15 + + mov r8,QWORD[rbp] + mov r9,QWORD[8+rbp] neg r8 not r9 and r8,rcx - mov r10,QWORD PTR[16+rbp] + mov r10,QWORD[16+rbp] and r9,rcx not r10 - mov r11,QWORD PTR[24+rbp] + mov r11,QWORD[24+rbp] and r10,rcx not r11 - mov r12,QWORD PTR[32+rbp] + mov r12,QWORD[32+rbp] and r11,rcx not r12 - mov r13,QWORD PTR[40+rbp] + mov r13,QWORD[40+rbp] and r12,rcx not r13 - mov r14,QWORD PTR[48+rbp] + mov r14,QWORD[48+rbp] and r13,rcx not r14 - mov r15,QWORD PTR[56+rbp] + mov r15,QWORD[56+rbp] and r14,rcx not r15 and r15,rcx - add r8,QWORD PTR[rdi] - adc r9,QWORD PTR[8+rdi] - adc r10,QWORD PTR[16+rdi] - adc r11,QWORD PTR[24+rdi] - adc r12,QWORD PTR[32+rdi] - adc r13,QWORD PTR[40+rdi] - adc r14,QWORD PTR[48+rdi] - adc r15,QWORD PTR[56+rdi] - - mov QWORD PTR[rdi],r8 - mov QWORD PTR[8+rdi],r9 - mov QWORD PTR[16+rdi],r10 - mov QWORD PTR[24+rdi],r11 - mov QWORD PTR[32+rdi],r12 - mov QWORD PTR[40+rdi],r13 - mov QWORD PTR[48+rdi],r14 - mov QWORD PTR[56+rdi],r15 + add r8,QWORD[rdi] + adc r9,QWORD[8+rdi] + adc r10,QWORD[16+rdi] + adc r11,QWORD[24+rdi] + adc r12,QWORD[32+rdi] + adc r13,QWORD[40+rdi] + adc r14,QWORD[48+rdi] + adc r15,QWORD[56+rdi] + + mov QWORD[rdi],r8 + mov QWORD[8+rdi],r9 + mov QWORD[16+rdi],r10 + mov QWORD[24+rdi],r11 + mov QWORD[32+rdi],r12 + mov QWORD[40+rdi],r13 + mov QWORD[48+rdi],r14 + mov QWORD[56+rdi],r15 DB 0F3h,0C3h ;repret -__rsaz_512_subtract ENDP + ALIGN 32 -__rsaz_512_mul PROC PRIVATE - lea rdi,QWORD PTR[8+rsp] +__rsaz_512_mul: + lea rdi,[8+rsp] - mov rax,QWORD PTR[rsi] + mov rax,QWORD[rsi] mul rbx - mov QWORD PTR[rdi],rax - mov rax,QWORD PTR[8+rsi] + mov QWORD[rdi],rax + mov rax,QWORD[8+rsi] mov r8,rdx mul rbx add r8,rax - mov rax,QWORD PTR[16+rsi] + mov rax,QWORD[16+rsi] mov r9,rdx adc r9,0 mul rbx add r9,rax - mov rax,QWORD PTR[24+rsi] + mov rax,QWORD[24+rsi] mov r10,rdx adc r10,0 mul rbx add r10,rax - mov rax,QWORD PTR[32+rsi] + mov rax,QWORD[32+rsi] mov r11,rdx adc r11,0 mul rbx add r11,rax - mov rax,QWORD PTR[40+rsi] + mov rax,QWORD[40+rsi] mov r12,rdx adc r12,0 mul rbx add r12,rax - mov rax,QWORD PTR[48+rsi] + mov rax,QWORD[48+rsi] mov r13,rdx adc r13,0 mul rbx add r13,rax - mov rax,QWORD PTR[56+rsi] + mov rax,QWORD[56+rsi] mov r14,rdx adc r14,0 mul rbx add r14,rax - mov rax,QWORD PTR[rsi] + mov rax,QWORD[rsi] mov r15,rdx adc r15,0 - lea rbp,QWORD PTR[8+rbp] - lea rdi,QWORD PTR[8+rdi] + lea rbp,[8+rbp] + lea rdi,[8+rdi] mov ecx,7 - jmp $L$oop_mul + jmp NEAR $L$oop_mul ALIGN 32 -$L$oop_mul:: - mov rbx,QWORD PTR[rbp] +$L$oop_mul: + mov rbx,QWORD[rbp] mul rbx add r8,rax - mov rax,QWORD PTR[8+rsi] - mov QWORD PTR[rdi],r8 + mov rax,QWORD[8+rsi] + mov QWORD[rdi],r8 mov r8,rdx adc r8,0 mul rbx add r9,rax - mov rax,QWORD PTR[16+rsi] + mov rax,QWORD[16+rsi] adc rdx,0 add r8,r9 mov r9,rdx @@ -1084,7 +1083,7 @@ $L$oop_mul:: mul rbx add r10,rax - mov rax,QWORD PTR[24+rsi] + mov rax,QWORD[24+rsi] adc rdx,0 add r9,r10 mov r10,rdx @@ -1092,7 +1091,7 @@ $L$oop_mul:: mul rbx add r11,rax - mov rax,QWORD PTR[32+rsi] + mov rax,QWORD[32+rsi] adc rdx,0 add r10,r11 mov r11,rdx @@ -1100,7 +1099,7 @@ $L$oop_mul:: mul rbx add r12,rax - mov rax,QWORD PTR[40+rsi] + mov rax,QWORD[40+rsi] adc rdx,0 add r11,r12 mov r12,rdx @@ -1108,7 +1107,7 @@ $L$oop_mul:: mul rbx add r13,rax - mov rax,QWORD PTR[48+rsi] + mov rax,QWORD[48+rsi] adc rdx,0 add r12,r13 mov r13,rdx @@ -1116,81 +1115,81 @@ $L$oop_mul:: mul rbx add r14,rax - mov rax,QWORD PTR[56+rsi] + mov rax,QWORD[56+rsi] adc rdx,0 add r13,r14 mov r14,rdx - lea rbp,QWORD PTR[8+rbp] + lea rbp,[8+rbp] adc r14,0 mul rbx add r15,rax - mov rax,QWORD PTR[rsi] + mov rax,QWORD[rsi] adc rdx,0 add r14,r15 mov r15,rdx adc r15,0 - lea rdi,QWORD PTR[8+rdi] + lea rdi,[8+rdi] dec ecx - jnz $L$oop_mul + jnz NEAR $L$oop_mul - mov QWORD PTR[rdi],r8 - mov QWORD PTR[8+rdi],r9 - mov QWORD PTR[16+rdi],r10 - mov QWORD PTR[24+rdi],r11 - mov QWORD PTR[32+rdi],r12 - mov QWORD PTR[40+rdi],r13 - mov QWORD PTR[48+rdi],r14 - mov QWORD PTR[56+rdi],r15 + mov QWORD[rdi],r8 + mov QWORD[8+rdi],r9 + mov QWORD[16+rdi],r10 + mov QWORD[24+rdi],r11 + mov QWORD[32+rdi],r12 + mov QWORD[40+rdi],r13 + mov QWORD[48+rdi],r14 + mov QWORD[56+rdi],r15 DB 0F3h,0C3h ;repret -__rsaz_512_mul ENDP -PUBLIC rsaz_512_scatter4 + +global rsaz_512_scatter4 ALIGN 16 -rsaz_512_scatter4 PROC PUBLIC - lea rcx,QWORD PTR[r8*4+rcx] +rsaz_512_scatter4: + lea rcx,[r8*4+rcx] mov r9d,8 - jmp $L$oop_scatter + jmp NEAR $L$oop_scatter ALIGN 16 -$L$oop_scatter:: - mov rax,QWORD PTR[rdx] - lea rdx,QWORD PTR[8+rdx] - mov DWORD PTR[rcx],eax +$L$oop_scatter: + mov rax,QWORD[rdx] + lea rdx,[8+rdx] + mov DWORD[rcx],eax shr rax,32 - mov DWORD PTR[64+rcx],eax - lea rcx,QWORD PTR[128+rcx] + mov DWORD[64+rcx],eax + lea rcx,[128+rcx] dec r9d - jnz $L$oop_scatter + jnz NEAR $L$oop_scatter DB 0F3h,0C3h ;repret -rsaz_512_scatter4 ENDP -PUBLIC rsaz_512_gather4 + +global rsaz_512_gather4 ALIGN 16 -rsaz_512_gather4 PROC PUBLIC - lea rdx,QWORD PTR[r8*4+rdx] +rsaz_512_gather4: + lea rdx,[r8*4+rdx] mov r9d,8 - jmp $L$oop_gather + jmp NEAR $L$oop_gather ALIGN 16 -$L$oop_gather:: - mov eax,DWORD PTR[rdx] - mov r8d,DWORD PTR[64+rdx] - lea rdx,QWORD PTR[128+rdx] +$L$oop_gather: + mov eax,DWORD[rdx] + mov r8d,DWORD[64+rdx] + lea rdx,[128+rdx] shl r8,32 or rax,r8 - mov QWORD PTR[rcx],rax - lea rcx,QWORD PTR[8+rcx] + mov QWORD[rcx],rax + lea rcx,[8+rcx] dec r9d - jnz $L$oop_gather + jnz NEAR $L$oop_gather DB 0F3h,0C3h ;repret -rsaz_512_gather4 ENDP -EXTERN __imp_RtlVirtualUnwind:NEAR + +EXTERN __imp_RtlVirtualUnwind ALIGN 16 -se_handler PROC PRIVATE +se_handler: push rsi push rdi push rbx @@ -1202,64 +1201,64 @@ se_handler PROC PRIVATE pushfq sub rsp,64 - mov rax,QWORD PTR[120+r8] - mov rbx,QWORD PTR[248+r8] + mov rax,QWORD[120+r8] + mov rbx,QWORD[248+r8] - mov rsi,QWORD PTR[8+r9] - mov r11,QWORD PTR[56+r9] + mov rsi,QWORD[8+r9] + mov r11,QWORD[56+r9] - mov r10d,DWORD PTR[r11] - lea r10,QWORD PTR[r10*1+rsi] + mov r10d,DWORD[r11] + lea r10,[r10*1+rsi] cmp rbx,r10 - jb $L$common_seh_tail + jb NEAR $L$common_seh_tail - mov rax,QWORD PTR[152+r8] + mov rax,QWORD[152+r8] - mov r10d,DWORD PTR[4+r11] - lea r10,QWORD PTR[r10*1+rsi] + mov r10d,DWORD[4+r11] + lea r10,[r10*1+rsi] cmp rbx,r10 - jae $L$common_seh_tail - - lea rax,QWORD PTR[((128+24+48))+rax] - - mov rbx,QWORD PTR[((-8))+rax] - mov rbp,QWORD PTR[((-16))+rax] - mov r12,QWORD PTR[((-24))+rax] - mov r13,QWORD PTR[((-32))+rax] - mov r14,QWORD PTR[((-40))+rax] - mov r15,QWORD PTR[((-48))+rax] - mov QWORD PTR[144+r8],rbx - mov QWORD PTR[160+r8],rbp - mov QWORD PTR[216+r8],r12 - mov QWORD PTR[224+r8],r13 - mov QWORD PTR[232+r8],r14 - mov QWORD PTR[240+r8],r15 - -$L$common_seh_tail:: - mov rdi,QWORD PTR[8+rax] - mov rsi,QWORD PTR[16+rax] - mov QWORD PTR[152+r8],rax - mov QWORD PTR[168+r8],rsi - mov QWORD PTR[176+r8],rdi - - mov rdi,QWORD PTR[40+r9] + jae NEAR $L$common_seh_tail + + lea rax,[((128+24+48))+rax] + + mov rbx,QWORD[((-8))+rax] + mov rbp,QWORD[((-16))+rax] + mov r12,QWORD[((-24))+rax] + mov r13,QWORD[((-32))+rax] + mov r14,QWORD[((-40))+rax] + mov r15,QWORD[((-48))+rax] + mov QWORD[144+r8],rbx + mov QWORD[160+r8],rbp + mov QWORD[216+r8],r12 + mov QWORD[224+r8],r13 + mov QWORD[232+r8],r14 + mov QWORD[240+r8],r15 + +$L$common_seh_tail: + mov rdi,QWORD[8+rax] + mov rsi,QWORD[16+rax] + mov QWORD[152+r8],rax + mov QWORD[168+r8],rsi + mov QWORD[176+r8],rdi + + mov rdi,QWORD[40+r9] mov rsi,r8 mov ecx,154 - DD 0a548f3fch + DD 0xa548f3fc mov rsi,r9 xor rcx,rcx - mov rdx,QWORD PTR[8+rsi] - mov r8,QWORD PTR[rsi] - mov r9,QWORD PTR[16+rsi] - mov r10,QWORD PTR[40+rsi] - lea r11,QWORD PTR[56+rsi] - lea r12,QWORD PTR[24+rsi] - mov QWORD PTR[32+rsp],r10 - mov QWORD PTR[40+rsp],r11 - mov QWORD PTR[48+rsp],r12 - mov QWORD PTR[56+rsp],rcx - call QWORD PTR[__imp_RtlVirtualUnwind] + mov rdx,QWORD[8+rsi] + mov r8,QWORD[rsi] + mov r9,QWORD[16+rsi] + mov r10,QWORD[40+rsi] + lea r11,[56+rsi] + lea r12,[24+rsi] + mov QWORD[32+rsp],r10 + mov QWORD[40+rsp],r11 + mov QWORD[48+rsp],r12 + mov QWORD[56+rsp],rcx + call QWORD[__imp_RtlVirtualUnwind] mov eax,1 add rsp,64 @@ -1273,54 +1272,49 @@ $L$common_seh_tail:: pop rdi pop rsi DB 0F3h,0C3h ;repret -se_handler ENDP -.text$ ENDS -.pdata SEGMENT READONLY ALIGN(4) + +section .pdata rdata align=4 ALIGN 4 - DD imagerel $L$SEH_begin_rsaz_512_sqr - DD imagerel $L$SEH_end_rsaz_512_sqr - DD imagerel $L$SEH_info_rsaz_512_sqr + DD $L$SEH_begin_rsaz_512_sqr wrt ..imagebase + DD $L$SEH_end_rsaz_512_sqr wrt ..imagebase + DD $L$SEH_info_rsaz_512_sqr wrt ..imagebase - DD imagerel $L$SEH_begin_rsaz_512_mul - DD imagerel $L$SEH_end_rsaz_512_mul - DD imagerel $L$SEH_info_rsaz_512_mul + DD $L$SEH_begin_rsaz_512_mul wrt ..imagebase + DD $L$SEH_end_rsaz_512_mul wrt ..imagebase + DD $L$SEH_info_rsaz_512_mul wrt ..imagebase - DD imagerel $L$SEH_begin_rsaz_512_mul_gather4 - DD imagerel $L$SEH_end_rsaz_512_mul_gather4 - DD imagerel $L$SEH_info_rsaz_512_mul_gather4 + DD $L$SEH_begin_rsaz_512_mul_gather4 wrt ..imagebase + DD $L$SEH_end_rsaz_512_mul_gather4 wrt ..imagebase + DD $L$SEH_info_rsaz_512_mul_gather4 wrt ..imagebase - DD imagerel $L$SEH_begin_rsaz_512_mul_scatter4 - DD imagerel $L$SEH_end_rsaz_512_mul_scatter4 - DD imagerel $L$SEH_info_rsaz_512_mul_scatter4 + DD $L$SEH_begin_rsaz_512_mul_scatter4 wrt ..imagebase + DD $L$SEH_end_rsaz_512_mul_scatter4 wrt ..imagebase + DD $L$SEH_info_rsaz_512_mul_scatter4 wrt ..imagebase - DD imagerel $L$SEH_begin_rsaz_512_mul_by_one - DD imagerel $L$SEH_end_rsaz_512_mul_by_one - DD imagerel $L$SEH_info_rsaz_512_mul_by_one + DD $L$SEH_begin_rsaz_512_mul_by_one wrt ..imagebase + DD $L$SEH_end_rsaz_512_mul_by_one wrt ..imagebase + DD $L$SEH_info_rsaz_512_mul_by_one wrt ..imagebase -.pdata ENDS -.xdata SEGMENT READONLY ALIGN(8) +section .xdata rdata align=8 ALIGN 8 -$L$SEH_info_rsaz_512_sqr:: +$L$SEH_info_rsaz_512_sqr: DB 9,0,0,0 - DD imagerel se_handler - DD imagerel $L$sqr_body,imagerel $L$sqr_epilogue -$L$SEH_info_rsaz_512_mul:: + DD se_handler wrt ..imagebase + DD $L$sqr_body wrt ..imagebase,$L$sqr_epilogue wrt ..imagebase +$L$SEH_info_rsaz_512_mul: DB 9,0,0,0 - DD imagerel se_handler - DD imagerel $L$mul_body,imagerel $L$mul_epilogue -$L$SEH_info_rsaz_512_mul_gather4:: + DD se_handler wrt ..imagebase + DD $L$mul_body wrt ..imagebase,$L$mul_epilogue wrt ..imagebase +$L$SEH_info_rsaz_512_mul_gather4: DB 9,0,0,0 - DD imagerel se_handler - DD imagerel $L$mul_gather4_body,imagerel $L$mul_gather4_epilogue -$L$SEH_info_rsaz_512_mul_scatter4:: + DD se_handler wrt ..imagebase + DD $L$mul_gather4_body wrt ..imagebase,$L$mul_gather4_epilogue wrt ..imagebase +$L$SEH_info_rsaz_512_mul_scatter4: DB 9,0,0,0 - DD imagerel se_handler - DD imagerel $L$mul_scatter4_body,imagerel $L$mul_scatter4_epilogue -$L$SEH_info_rsaz_512_mul_by_one:: + DD se_handler wrt ..imagebase + DD $L$mul_scatter4_body wrt ..imagebase,$L$mul_scatter4_epilogue wrt ..imagebase +$L$SEH_info_rsaz_512_mul_by_one: DB 9,0,0,0 - DD imagerel se_handler - DD imagerel $L$mul_by_one_body,imagerel $L$mul_by_one_epilogue - -.xdata ENDS -END + DD se_handler wrt ..imagebase + DD $L$mul_by_one_body wrt ..imagebase,$L$mul_by_one_epilogue wrt ..imagebase diff --git a/win-x86_64/crypto/bn/x86_64-mont.asm b/win-x86_64/crypto/bn/x86_64-mont.asm index a409325..db0d1b9 100644 --- a/win-x86_64/crypto/bn/x86_64-mont.asm +++ b/win-x86_64/crypto/bn/x86_64-mont.asm @@ -1,36 +1,40 @@ -OPTION DOTNAME -.text$ SEGMENT ALIGN(256) 'CODE' +default rel +%define XMMWORD +%define YMMWORD +%define ZMMWORD +section .text code align=64 -EXTERN OPENSSL_ia32cap_P:NEAR -PUBLIC bn_mul_mont +EXTERN OPENSSL_ia32cap_P + +global bn_mul_mont ALIGN 16 -bn_mul_mont PROC PUBLIC - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +bn_mul_mont: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_bn_mul_mont:: +$L$SEH_begin_bn_mul_mont: mov rdi,rcx mov rsi,rdx mov rdx,r8 mov rcx,r9 - mov r8,QWORD PTR[40+rsp] - mov r9,QWORD PTR[48+rsp] + mov r8,QWORD[40+rsp] + mov r9,QWORD[48+rsp] test r9d,3 - jnz $L$mul_enter + jnz NEAR $L$mul_enter cmp r9d,8 - jb $L$mul_enter + jb NEAR $L$mul_enter cmp rdx,rsi - jne $L$mul4x_enter + jne NEAR $L$mul4x_enter test r9d,7 - jz $L$sqr8x_enter - jmp $L$mul4x_enter + jz NEAR $L$sqr8x_enter + jmp NEAR $L$mul4x_enter ALIGN 16 -$L$mul_enter:: +$L$mul_enter: push rbx push rbp push r12 @@ -39,18 +43,18 @@ $L$mul_enter:: push r15 mov r9d,r9d - lea r10,QWORD PTR[2+r9] + lea r10,[2+r9] mov r11,rsp neg r10 - lea rsp,QWORD PTR[r10*8+rsp] + lea rsp,[r10*8+rsp] and rsp,-1024 - mov QWORD PTR[8+r9*8+rsp],r11 -$L$mul_body:: + mov QWORD[8+r9*8+rsp],r11 +$L$mul_body: mov r12,rdx - mov r8,QWORD PTR[r8] - mov rbx,QWORD PTR[r12] - mov rax,QWORD PTR[rsi] + mov r8,QWORD[r8] + mov rbx,QWORD[r12] + mov rax,QWORD[rsi] xor r14,r14 xor r15,r15 @@ -58,69 +62,69 @@ $L$mul_body:: mov rbp,r8 mul rbx mov r10,rax - mov rax,QWORD PTR[rcx] + mov rax,QWORD[rcx] imul rbp,r10 mov r11,rdx mul rbp add r10,rax - mov rax,QWORD PTR[8+rsi] + mov rax,QWORD[8+rsi] adc rdx,0 mov r13,rdx - lea r15,QWORD PTR[1+r15] - jmp $L$1st_enter + lea r15,[1+r15] + jmp NEAR $L$1st_enter ALIGN 16 -$L$1st:: +$L$1st: add r13,rax - mov rax,QWORD PTR[r15*8+rsi] + mov rax,QWORD[r15*8+rsi] adc rdx,0 add r13,r11 mov r11,r10 adc rdx,0 - mov QWORD PTR[((-16))+r15*8+rsp],r13 + mov QWORD[((-16))+r15*8+rsp],r13 mov r13,rdx -$L$1st_enter:: +$L$1st_enter: mul rbx add r11,rax - mov rax,QWORD PTR[r15*8+rcx] + mov rax,QWORD[r15*8+rcx] adc rdx,0 - lea r15,QWORD PTR[1+r15] + lea r15,[1+r15] mov r10,rdx mul rbp cmp r15,r9 - jne $L$1st + jne NEAR $L$1st add r13,rax - mov rax,QWORD PTR[rsi] + mov rax,QWORD[rsi] adc rdx,0 add r13,r11 adc rdx,0 - mov QWORD PTR[((-16))+r15*8+rsp],r13 + mov QWORD[((-16))+r15*8+rsp],r13 mov r13,rdx mov r11,r10 xor rdx,rdx add r13,r11 adc rdx,0 - mov QWORD PTR[((-8))+r9*8+rsp],r13 - mov QWORD PTR[r9*8+rsp],rdx + mov QWORD[((-8))+r9*8+rsp],r13 + mov QWORD[r9*8+rsp],rdx - lea r14,QWORD PTR[1+r14] - jmp $L$outer + lea r14,[1+r14] + jmp NEAR $L$outer ALIGN 16 -$L$outer:: - mov rbx,QWORD PTR[r14*8+r12] +$L$outer: + mov rbx,QWORD[r14*8+r12] xor r15,r15 mov rbp,r8 - mov r10,QWORD PTR[rsp] + mov r10,QWORD[rsp] mul rbx add r10,rax - mov rax,QWORD PTR[rcx] + mov rax,QWORD[rcx] adc rdx,0 imul rbp,r10 @@ -128,46 +132,46 @@ $L$outer:: mul rbp add r10,rax - mov rax,QWORD PTR[8+rsi] + mov rax,QWORD[8+rsi] adc rdx,0 - mov r10,QWORD PTR[8+rsp] + mov r10,QWORD[8+rsp] mov r13,rdx - lea r15,QWORD PTR[1+r15] - jmp $L$inner_enter + lea r15,[1+r15] + jmp NEAR $L$inner_enter ALIGN 16 -$L$inner:: +$L$inner: add r13,rax - mov rax,QWORD PTR[r15*8+rsi] + mov rax,QWORD[r15*8+rsi] adc rdx,0 add r13,r10 - mov r10,QWORD PTR[r15*8+rsp] + mov r10,QWORD[r15*8+rsp] adc rdx,0 - mov QWORD PTR[((-16))+r15*8+rsp],r13 + mov QWORD[((-16))+r15*8+rsp],r13 mov r13,rdx -$L$inner_enter:: +$L$inner_enter: mul rbx add r11,rax - mov rax,QWORD PTR[r15*8+rcx] + mov rax,QWORD[r15*8+rcx] adc rdx,0 add r10,r11 mov r11,rdx adc r11,0 - lea r15,QWORD PTR[1+r15] + lea r15,[1+r15] mul rbp cmp r15,r9 - jne $L$inner + jne NEAR $L$inner add r13,rax - mov rax,QWORD PTR[rsi] + mov rax,QWORD[rsi] adc rdx,0 add r13,r10 - mov r10,QWORD PTR[r15*8+rsp] + mov r10,QWORD[r15*8+rsp] adc rdx,0 - mov QWORD PTR[((-16))+r15*8+rsp],r13 + mov QWORD[((-16))+r15*8+rsp],r13 mov r13,rdx xor rdx,rdx @@ -175,73 +179,72 @@ $L$inner_enter:: adc rdx,0 add r13,r10 adc rdx,0 - mov QWORD PTR[((-8))+r9*8+rsp],r13 - mov QWORD PTR[r9*8+rsp],rdx + mov QWORD[((-8))+r9*8+rsp],r13 + mov QWORD[r9*8+rsp],rdx - lea r14,QWORD PTR[1+r14] + lea r14,[1+r14] cmp r14,r9 - jb $L$outer + jb NEAR $L$outer xor r14,r14 - mov rax,QWORD PTR[rsp] - lea rsi,QWORD PTR[rsp] + mov rax,QWORD[rsp] + lea rsi,[rsp] mov r15,r9 - jmp $L$sub + jmp NEAR $L$sub ALIGN 16 -$L$sub:: sbb rax,QWORD PTR[r14*8+rcx] - mov QWORD PTR[r14*8+rdi],rax - mov rax,QWORD PTR[8+r14*8+rsi] - lea r14,QWORD PTR[1+r14] +$L$sub: sbb rax,QWORD[r14*8+rcx] + mov QWORD[r14*8+rdi],rax + mov rax,QWORD[8+r14*8+rsi] + lea r14,[1+r14] dec r15 - jnz $L$sub + jnz NEAR $L$sub sbb rax,0 xor r14,r14 mov r15,r9 ALIGN 16 -$L$copy:: - mov rsi,QWORD PTR[r14*8+rsp] - mov rcx,QWORD PTR[r14*8+rdi] +$L$copy: + mov rsi,QWORD[r14*8+rsp] + mov rcx,QWORD[r14*8+rdi] xor rsi,rcx and rsi,rax xor rsi,rcx - mov QWORD PTR[r14*8+rsp],r14 - mov QWORD PTR[r14*8+rdi],rsi - lea r14,QWORD PTR[1+r14] + mov QWORD[r14*8+rsp],r14 + mov QWORD[r14*8+rdi],rsi + lea r14,[1+r14] sub r15,1 - jnz $L$copy + jnz NEAR $L$copy - mov rsi,QWORD PTR[8+r9*8+rsp] + mov rsi,QWORD[8+r9*8+rsp] mov rax,1 - mov r15,QWORD PTR[rsi] - mov r14,QWORD PTR[8+rsi] - mov r13,QWORD PTR[16+rsi] - mov r12,QWORD PTR[24+rsi] - mov rbp,QWORD PTR[32+rsi] - mov rbx,QWORD PTR[40+rsi] - lea rsp,QWORD PTR[48+rsi] -$L$mul_epilogue:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] + mov r15,QWORD[rsi] + mov r14,QWORD[8+rsi] + mov r13,QWORD[16+rsi] + mov r12,QWORD[24+rsi] + mov rbp,QWORD[32+rsi] + mov rbx,QWORD[40+rsi] + lea rsp,[48+rsi] +$L$mul_epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_bn_mul_mont:: -bn_mul_mont ENDP +$L$SEH_end_bn_mul_mont: ALIGN 16 -bn_mul4x_mont PROC PRIVATE - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +bn_mul4x_mont: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_bn_mul4x_mont:: +$L$SEH_begin_bn_mul4x_mont: mov rdi,rcx mov rsi,rdx mov rdx,r8 mov rcx,r9 - mov r8,QWORD PTR[40+rsp] - mov r9,QWORD PTR[48+rsp] + mov r8,QWORD[40+rsp] + mov r9,QWORD[48+rsp] -$L$mul4x_enter:: +$L$mul4x_enter: push rbx push rbp push r12 @@ -250,19 +253,19 @@ $L$mul4x_enter:: push r15 mov r9d,r9d - lea r10,QWORD PTR[4+r9] + lea r10,[4+r9] mov r11,rsp neg r10 - lea rsp,QWORD PTR[r10*8+rsp] + lea rsp,[r10*8+rsp] and rsp,-1024 - mov QWORD PTR[8+r9*8+rsp],r11 -$L$mul4x_body:: - mov QWORD PTR[16+r9*8+rsp],rdi + mov QWORD[8+r9*8+rsp],r11 +$L$mul4x_body: + mov QWORD[16+r9*8+rsp],rdi mov r12,rdx - mov r8,QWORD PTR[r8] - mov rbx,QWORD PTR[r12] - mov rax,QWORD PTR[rsi] + mov r8,QWORD[r8] + mov rbx,QWORD[r12] + mov rax,QWORD[rsi] xor r14,r14 xor r15,r15 @@ -270,144 +273,144 @@ $L$mul4x_body:: mov rbp,r8 mul rbx mov r10,rax - mov rax,QWORD PTR[rcx] + mov rax,QWORD[rcx] imul rbp,r10 mov r11,rdx mul rbp add r10,rax - mov rax,QWORD PTR[8+rsi] + mov rax,QWORD[8+rsi] adc rdx,0 mov rdi,rdx mul rbx add r11,rax - mov rax,QWORD PTR[8+rcx] + mov rax,QWORD[8+rcx] adc rdx,0 mov r10,rdx mul rbp add rdi,rax - mov rax,QWORD PTR[16+rsi] + mov rax,QWORD[16+rsi] adc rdx,0 add rdi,r11 - lea r15,QWORD PTR[4+r15] + lea r15,[4+r15] adc rdx,0 - mov QWORD PTR[rsp],rdi + mov QWORD[rsp],rdi mov r13,rdx - jmp $L$1st4x + jmp NEAR $L$1st4x ALIGN 16 -$L$1st4x:: +$L$1st4x: mul rbx add r10,rax - mov rax,QWORD PTR[((-16))+r15*8+rcx] + mov rax,QWORD[((-16))+r15*8+rcx] adc rdx,0 mov r11,rdx mul rbp add r13,rax - mov rax,QWORD PTR[((-8))+r15*8+rsi] + mov rax,QWORD[((-8))+r15*8+rsi] adc rdx,0 add r13,r10 adc rdx,0 - mov QWORD PTR[((-24))+r15*8+rsp],r13 + mov QWORD[((-24))+r15*8+rsp],r13 mov rdi,rdx mul rbx add r11,rax - mov rax,QWORD PTR[((-8))+r15*8+rcx] + mov rax,QWORD[((-8))+r15*8+rcx] adc rdx,0 mov r10,rdx mul rbp add rdi,rax - mov rax,QWORD PTR[r15*8+rsi] + mov rax,QWORD[r15*8+rsi] adc rdx,0 add rdi,r11 adc rdx,0 - mov QWORD PTR[((-16))+r15*8+rsp],rdi + mov QWORD[((-16))+r15*8+rsp],rdi mov r13,rdx mul rbx add r10,rax - mov rax,QWORD PTR[r15*8+rcx] + mov rax,QWORD[r15*8+rcx] adc rdx,0 mov r11,rdx mul rbp add r13,rax - mov rax,QWORD PTR[8+r15*8+rsi] + mov rax,QWORD[8+r15*8+rsi] adc rdx,0 add r13,r10 adc rdx,0 - mov QWORD PTR[((-8))+r15*8+rsp],r13 + mov QWORD[((-8))+r15*8+rsp],r13 mov rdi,rdx mul rbx add r11,rax - mov rax,QWORD PTR[8+r15*8+rcx] + mov rax,QWORD[8+r15*8+rcx] adc rdx,0 - lea r15,QWORD PTR[4+r15] + lea r15,[4+r15] mov r10,rdx mul rbp add rdi,rax - mov rax,QWORD PTR[((-16))+r15*8+rsi] + mov rax,QWORD[((-16))+r15*8+rsi] adc rdx,0 add rdi,r11 adc rdx,0 - mov QWORD PTR[((-32))+r15*8+rsp],rdi + mov QWORD[((-32))+r15*8+rsp],rdi mov r13,rdx cmp r15,r9 - jb $L$1st4x + jb NEAR $L$1st4x mul rbx add r10,rax - mov rax,QWORD PTR[((-16))+r15*8+rcx] + mov rax,QWORD[((-16))+r15*8+rcx] adc rdx,0 mov r11,rdx mul rbp add r13,rax - mov rax,QWORD PTR[((-8))+r15*8+rsi] + mov rax,QWORD[((-8))+r15*8+rsi] adc rdx,0 add r13,r10 adc rdx,0 - mov QWORD PTR[((-24))+r15*8+rsp],r13 + mov QWORD[((-24))+r15*8+rsp],r13 mov rdi,rdx mul rbx add r11,rax - mov rax,QWORD PTR[((-8))+r15*8+rcx] + mov rax,QWORD[((-8))+r15*8+rcx] adc rdx,0 mov r10,rdx mul rbp add rdi,rax - mov rax,QWORD PTR[rsi] + mov rax,QWORD[rsi] adc rdx,0 add rdi,r11 adc rdx,0 - mov QWORD PTR[((-16))+r15*8+rsp],rdi + mov QWORD[((-16))+r15*8+rsp],rdi mov r13,rdx xor rdi,rdi add r13,r10 adc rdi,0 - mov QWORD PTR[((-8))+r15*8+rsp],r13 - mov QWORD PTR[r15*8+rsp],rdi + mov QWORD[((-8))+r15*8+rsp],r13 + mov QWORD[r15*8+rsp],rdi - lea r14,QWORD PTR[1+r14] + lea r14,[1+r14] ALIGN 4 -$L$outer4x:: - mov rbx,QWORD PTR[r14*8+r12] +$L$outer4x: + mov rbx,QWORD[r14*8+r12] xor r15,r15 - mov r10,QWORD PTR[rsp] + mov r10,QWORD[rsp] mov rbp,r8 mul rbx add r10,rax - mov rax,QWORD PTR[rcx] + mov rax,QWORD[rcx] adc rdx,0 imul rbp,r10 @@ -415,248 +418,247 @@ $L$outer4x:: mul rbp add r10,rax - mov rax,QWORD PTR[8+rsi] + mov rax,QWORD[8+rsi] adc rdx,0 mov rdi,rdx mul rbx add r11,rax - mov rax,QWORD PTR[8+rcx] + mov rax,QWORD[8+rcx] adc rdx,0 - add r11,QWORD PTR[8+rsp] + add r11,QWORD[8+rsp] adc rdx,0 mov r10,rdx mul rbp add rdi,rax - mov rax,QWORD PTR[16+rsi] + mov rax,QWORD[16+rsi] adc rdx,0 add rdi,r11 - lea r15,QWORD PTR[4+r15] + lea r15,[4+r15] adc rdx,0 - mov QWORD PTR[rsp],rdi + mov QWORD[rsp],rdi mov r13,rdx - jmp $L$inner4x + jmp NEAR $L$inner4x ALIGN 16 -$L$inner4x:: +$L$inner4x: mul rbx add r10,rax - mov rax,QWORD PTR[((-16))+r15*8+rcx] + mov rax,QWORD[((-16))+r15*8+rcx] adc rdx,0 - add r10,QWORD PTR[((-16))+r15*8+rsp] + add r10,QWORD[((-16))+r15*8+rsp] adc rdx,0 mov r11,rdx mul rbp add r13,rax - mov rax,QWORD PTR[((-8))+r15*8+rsi] + mov rax,QWORD[((-8))+r15*8+rsi] adc rdx,0 add r13,r10 adc rdx,0 - mov QWORD PTR[((-24))+r15*8+rsp],r13 + mov QWORD[((-24))+r15*8+rsp],r13 mov rdi,rdx mul rbx add r11,rax - mov rax,QWORD PTR[((-8))+r15*8+rcx] + mov rax,QWORD[((-8))+r15*8+rcx] adc rdx,0 - add r11,QWORD PTR[((-8))+r15*8+rsp] + add r11,QWORD[((-8))+r15*8+rsp] adc rdx,0 mov r10,rdx mul rbp add rdi,rax - mov rax,QWORD PTR[r15*8+rsi] + mov rax,QWORD[r15*8+rsi] adc rdx,0 add rdi,r11 adc rdx,0 - mov QWORD PTR[((-16))+r15*8+rsp],rdi + mov QWORD[((-16))+r15*8+rsp],rdi mov r13,rdx mul rbx add r10,rax - mov rax,QWORD PTR[r15*8+rcx] + mov rax,QWORD[r15*8+rcx] adc rdx,0 - add r10,QWORD PTR[r15*8+rsp] + add r10,QWORD[r15*8+rsp] adc rdx,0 mov r11,rdx mul rbp add r13,rax - mov rax,QWORD PTR[8+r15*8+rsi] + mov rax,QWORD[8+r15*8+rsi] adc rdx,0 add r13,r10 adc rdx,0 - mov QWORD PTR[((-8))+r15*8+rsp],r13 + mov QWORD[((-8))+r15*8+rsp],r13 mov rdi,rdx mul rbx add r11,rax - mov rax,QWORD PTR[8+r15*8+rcx] + mov rax,QWORD[8+r15*8+rcx] adc rdx,0 - add r11,QWORD PTR[8+r15*8+rsp] + add r11,QWORD[8+r15*8+rsp] adc rdx,0 - lea r15,QWORD PTR[4+r15] + lea r15,[4+r15] mov r10,rdx mul rbp add rdi,rax - mov rax,QWORD PTR[((-16))+r15*8+rsi] + mov rax,QWORD[((-16))+r15*8+rsi] adc rdx,0 add rdi,r11 adc rdx,0 - mov QWORD PTR[((-32))+r15*8+rsp],rdi + mov QWORD[((-32))+r15*8+rsp],rdi mov r13,rdx cmp r15,r9 - jb $L$inner4x + jb NEAR $L$inner4x mul rbx add r10,rax - mov rax,QWORD PTR[((-16))+r15*8+rcx] + mov rax,QWORD[((-16))+r15*8+rcx] adc rdx,0 - add r10,QWORD PTR[((-16))+r15*8+rsp] + add r10,QWORD[((-16))+r15*8+rsp] adc rdx,0 mov r11,rdx mul rbp add r13,rax - mov rax,QWORD PTR[((-8))+r15*8+rsi] + mov rax,QWORD[((-8))+r15*8+rsi] adc rdx,0 add r13,r10 adc rdx,0 - mov QWORD PTR[((-24))+r15*8+rsp],r13 + mov QWORD[((-24))+r15*8+rsp],r13 mov rdi,rdx mul rbx add r11,rax - mov rax,QWORD PTR[((-8))+r15*8+rcx] + mov rax,QWORD[((-8))+r15*8+rcx] adc rdx,0 - add r11,QWORD PTR[((-8))+r15*8+rsp] + add r11,QWORD[((-8))+r15*8+rsp] adc rdx,0 - lea r14,QWORD PTR[1+r14] + lea r14,[1+r14] mov r10,rdx mul rbp add rdi,rax - mov rax,QWORD PTR[rsi] + mov rax,QWORD[rsi] adc rdx,0 add rdi,r11 adc rdx,0 - mov QWORD PTR[((-16))+r15*8+rsp],rdi + mov QWORD[((-16))+r15*8+rsp],rdi mov r13,rdx xor rdi,rdi add r13,r10 adc rdi,0 - add r13,QWORD PTR[r9*8+rsp] + add r13,QWORD[r9*8+rsp] adc rdi,0 - mov QWORD PTR[((-8))+r15*8+rsp],r13 - mov QWORD PTR[r15*8+rsp],rdi + mov QWORD[((-8))+r15*8+rsp],r13 + mov QWORD[r15*8+rsp],rdi cmp r14,r9 - jb $L$outer4x - mov rdi,QWORD PTR[16+r9*8+rsp] - mov rax,QWORD PTR[rsp] - mov rdx,QWORD PTR[8+rsp] + jb NEAR $L$outer4x + mov rdi,QWORD[16+r9*8+rsp] + mov rax,QWORD[rsp] + mov rdx,QWORD[8+rsp] shr r9,2 - lea rsi,QWORD PTR[rsp] + lea rsi,[rsp] xor r14,r14 - sub rax,QWORD PTR[rcx] - mov rbx,QWORD PTR[16+rsi] - mov rbp,QWORD PTR[24+rsi] - sbb rdx,QWORD PTR[8+rcx] - lea r15,QWORD PTR[((-1))+r9] - jmp $L$sub4x + sub rax,QWORD[rcx] + mov rbx,QWORD[16+rsi] + mov rbp,QWORD[24+rsi] + sbb rdx,QWORD[8+rcx] + lea r15,[((-1))+r9] + jmp NEAR $L$sub4x ALIGN 16 -$L$sub4x:: - mov QWORD PTR[r14*8+rdi],rax - mov QWORD PTR[8+r14*8+rdi],rdx - sbb rbx,QWORD PTR[16+r14*8+rcx] - mov rax,QWORD PTR[32+r14*8+rsi] - mov rdx,QWORD PTR[40+r14*8+rsi] - sbb rbp,QWORD PTR[24+r14*8+rcx] - mov QWORD PTR[16+r14*8+rdi],rbx - mov QWORD PTR[24+r14*8+rdi],rbp - sbb rax,QWORD PTR[32+r14*8+rcx] - mov rbx,QWORD PTR[48+r14*8+rsi] - mov rbp,QWORD PTR[56+r14*8+rsi] - sbb rdx,QWORD PTR[40+r14*8+rcx] - lea r14,QWORD PTR[4+r14] +$L$sub4x: + mov QWORD[r14*8+rdi],rax + mov QWORD[8+r14*8+rdi],rdx + sbb rbx,QWORD[16+r14*8+rcx] + mov rax,QWORD[32+r14*8+rsi] + mov rdx,QWORD[40+r14*8+rsi] + sbb rbp,QWORD[24+r14*8+rcx] + mov QWORD[16+r14*8+rdi],rbx + mov QWORD[24+r14*8+rdi],rbp + sbb rax,QWORD[32+r14*8+rcx] + mov rbx,QWORD[48+r14*8+rsi] + mov rbp,QWORD[56+r14*8+rsi] + sbb rdx,QWORD[40+r14*8+rcx] + lea r14,[4+r14] dec r15 - jnz $L$sub4x + jnz NEAR $L$sub4x - mov QWORD PTR[r14*8+rdi],rax - mov rax,QWORD PTR[32+r14*8+rsi] - sbb rbx,QWORD PTR[16+r14*8+rcx] - mov QWORD PTR[8+r14*8+rdi],rdx - sbb rbp,QWORD PTR[24+r14*8+rcx] - mov QWORD PTR[16+r14*8+rdi],rbx + mov QWORD[r14*8+rdi],rax + mov rax,QWORD[32+r14*8+rsi] + sbb rbx,QWORD[16+r14*8+rcx] + mov QWORD[8+r14*8+rdi],rdx + sbb rbp,QWORD[24+r14*8+rcx] + mov QWORD[16+r14*8+rdi],rbx sbb rax,0 DB 66h, 48h, 0fh, 6eh, 0c0h punpcklqdq xmm0,xmm0 - mov QWORD PTR[24+r14*8+rdi],rbp + mov QWORD[24+r14*8+rdi],rbp xor r14,r14 mov r15,r9 pxor xmm5,xmm5 - jmp $L$copy4x + jmp NEAR $L$copy4x ALIGN 16 -$L$copy4x:: - movdqu xmm2,XMMWORD PTR[r14*1+rsp] - movdqu xmm4,XMMWORD PTR[16+r14*1+rsp] - movdqu xmm1,XMMWORD PTR[r14*1+rdi] - movdqu xmm3,XMMWORD PTR[16+r14*1+rdi] +$L$copy4x: + movdqu xmm2,XMMWORD[r14*1+rsp] + movdqu xmm4,XMMWORD[16+r14*1+rsp] + movdqu xmm1,XMMWORD[r14*1+rdi] + movdqu xmm3,XMMWORD[16+r14*1+rdi] pxor xmm2,xmm1 pxor xmm4,xmm3 pand xmm2,xmm0 pand xmm4,xmm0 pxor xmm2,xmm1 pxor xmm4,xmm3 - movdqu XMMWORD PTR[r14*1+rdi],xmm2 - movdqu XMMWORD PTR[16+r14*1+rdi],xmm4 - movdqa XMMWORD PTR[r14*1+rsp],xmm5 - movdqa XMMWORD PTR[16+r14*1+rsp],xmm5 + movdqu XMMWORD[r14*1+rdi],xmm2 + movdqu XMMWORD[16+r14*1+rdi],xmm4 + movdqa XMMWORD[r14*1+rsp],xmm5 + movdqa XMMWORD[16+r14*1+rsp],xmm5 - lea r14,QWORD PTR[32+r14] + lea r14,[32+r14] dec r15 - jnz $L$copy4x + jnz NEAR $L$copy4x shl r9,2 - mov rsi,QWORD PTR[8+r9*8+rsp] + mov rsi,QWORD[8+r9*8+rsp] mov rax,1 - mov r15,QWORD PTR[rsi] - mov r14,QWORD PTR[8+rsi] - mov r13,QWORD PTR[16+rsi] - mov r12,QWORD PTR[24+rsi] - mov rbp,QWORD PTR[32+rsi] - mov rbx,QWORD PTR[40+rsi] - lea rsp,QWORD PTR[48+rsi] -$L$mul4x_epilogue:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] + mov r15,QWORD[rsi] + mov r14,QWORD[8+rsi] + mov r13,QWORD[16+rsi] + mov r12,QWORD[24+rsi] + mov rbp,QWORD[32+rsi] + mov rbx,QWORD[40+rsi] + lea rsp,[48+rsi] +$L$mul4x_epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_bn_mul4x_mont:: -bn_mul4x_mont ENDP -EXTERN bn_sqr8x_internal:NEAR +$L$SEH_end_bn_mul4x_mont: +EXTERN bn_sqr8x_internal ALIGN 32 -bn_sqr8x_mont PROC PRIVATE - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +bn_sqr8x_mont: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_bn_sqr8x_mont:: +$L$SEH_begin_bn_sqr8x_mont: mov rdi,rcx mov rsi,rdx mov rdx,r8 mov rcx,r9 - mov r8,QWORD PTR[40+rsp] - mov r9,QWORD PTR[48+rsp] + mov r8,QWORD[40+rsp] + mov r9,QWORD[48+rsp] -$L$sqr8x_enter:: +$L$sqr8x_enter: mov rax,rsp push rbx push rbp @@ -675,54 +677,54 @@ $L$sqr8x_enter:: - lea r11,QWORD PTR[((-64))+r9*4+rsp] - mov r8,QWORD PTR[r8] + lea r11,[((-64))+r9*4+rsp] + mov r8,QWORD[r8] sub r11,rsi and r11,4095 cmp r10,r11 - jb $L$sqr8x_sp_alt + jb NEAR $L$sqr8x_sp_alt sub rsp,r11 - lea rsp,QWORD PTR[((-64))+r9*4+rsp] - jmp $L$sqr8x_sp_done + lea rsp,[((-64))+r9*4+rsp] + jmp NEAR $L$sqr8x_sp_done ALIGN 32 -$L$sqr8x_sp_alt:: - lea r10,QWORD PTR[((4096-64))+r9*4] - lea rsp,QWORD PTR[((-64))+r9*4+rsp] +$L$sqr8x_sp_alt: + lea r10,[((4096-64))+r9*4] + lea rsp,[((-64))+r9*4+rsp] sub r11,r10 mov r10,0 cmovc r11,r10 sub rsp,r11 -$L$sqr8x_sp_done:: +$L$sqr8x_sp_done: and rsp,-64 mov r10,r9 neg r9 - lea r11,QWORD PTR[64+r9*2+rsp] - mov QWORD PTR[32+rsp],r8 - mov QWORD PTR[40+rsp],rax -$L$sqr8x_body:: + lea r11,[64+r9*2+rsp] + mov QWORD[32+rsp],r8 + mov QWORD[40+rsp],rax +$L$sqr8x_body: mov rbp,r9 DB 102,73,15,110,211 shr rbp,3+2 - mov eax,DWORD PTR[((OPENSSL_ia32cap_P+8))] - jmp $L$sqr8x_copy_n + mov eax,DWORD[((OPENSSL_ia32cap_P+8))] + jmp NEAR $L$sqr8x_copy_n ALIGN 32 -$L$sqr8x_copy_n:: - movq xmm0,QWORD PTR[rcx] - movq xmm1,QWORD PTR[8+rcx] - movq xmm3,QWORD PTR[16+rcx] - movq xmm4,QWORD PTR[24+rcx] - lea rcx,QWORD PTR[32+rcx] - movdqa XMMWORD PTR[r11],xmm0 - movdqa XMMWORD PTR[16+r11],xmm1 - movdqa XMMWORD PTR[32+r11],xmm3 - movdqa XMMWORD PTR[48+r11],xmm4 - lea r11,QWORD PTR[64+r11] +$L$sqr8x_copy_n: + movq xmm0,QWORD[rcx] + movq xmm1,QWORD[8+rcx] + movq xmm3,QWORD[16+rcx] + movq xmm4,QWORD[24+rcx] + lea rcx,[32+rcx] + movdqa XMMWORD[r11],xmm0 + movdqa XMMWORD[16+r11],xmm1 + movdqa XMMWORD[32+r11],xmm3 + movdqa XMMWORD[48+r11],xmm4 + lea r11,[64+r11] dec rbp - jnz $L$sqr8x_copy_n + jnz NEAR $L$sqr8x_copy_n pxor xmm0,xmm0 DB 102,72,15,110,207 @@ -730,51 +732,50 @@ DB 102,73,15,110,218 call bn_sqr8x_internal pxor xmm0,xmm0 - lea rax,QWORD PTR[48+rsp] - lea rdx,QWORD PTR[64+r9*2+rsp] + lea rax,[48+rsp] + lea rdx,[64+r9*2+rsp] shr r9,3+2 - mov rsi,QWORD PTR[40+rsp] - jmp $L$sqr8x_zero + mov rsi,QWORD[40+rsp] + jmp NEAR $L$sqr8x_zero ALIGN 32 -$L$sqr8x_zero:: - movdqa XMMWORD PTR[rax],xmm0 - movdqa XMMWORD PTR[16+rax],xmm0 - movdqa XMMWORD PTR[32+rax],xmm0 - movdqa XMMWORD PTR[48+rax],xmm0 - lea rax,QWORD PTR[64+rax] - movdqa XMMWORD PTR[rdx],xmm0 - movdqa XMMWORD PTR[16+rdx],xmm0 - movdqa XMMWORD PTR[32+rdx],xmm0 - movdqa XMMWORD PTR[48+rdx],xmm0 - lea rdx,QWORD PTR[64+rdx] +$L$sqr8x_zero: + movdqa XMMWORD[rax],xmm0 + movdqa XMMWORD[16+rax],xmm0 + movdqa XMMWORD[32+rax],xmm0 + movdqa XMMWORD[48+rax],xmm0 + lea rax,[64+rax] + movdqa XMMWORD[rdx],xmm0 + movdqa XMMWORD[16+rdx],xmm0 + movdqa XMMWORD[32+rdx],xmm0 + movdqa XMMWORD[48+rdx],xmm0 + lea rdx,[64+rdx] dec r9 - jnz $L$sqr8x_zero + jnz NEAR $L$sqr8x_zero mov rax,1 - mov r15,QWORD PTR[((-48))+rsi] - mov r14,QWORD PTR[((-40))+rsi] - mov r13,QWORD PTR[((-32))+rsi] - mov r12,QWORD PTR[((-24))+rsi] - mov rbp,QWORD PTR[((-16))+rsi] - mov rbx,QWORD PTR[((-8))+rsi] - lea rsp,QWORD PTR[rsi] -$L$sqr8x_epilogue:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] + mov r15,QWORD[((-48))+rsi] + mov r14,QWORD[((-40))+rsi] + mov r13,QWORD[((-32))+rsi] + mov r12,QWORD[((-24))+rsi] + mov rbp,QWORD[((-16))+rsi] + mov rbx,QWORD[((-8))+rsi] + lea rsp,[rsi] +$L$sqr8x_epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_bn_sqr8x_mont:: -bn_sqr8x_mont ENDP +$L$SEH_end_bn_sqr8x_mont: DB 77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105 DB 112,108,105,99,97,116,105,111,110,32,102,111,114,32,120,56 DB 54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83 DB 32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115 DB 115,108,46,111,114,103,62,0 ALIGN 16 -EXTERN __imp_RtlVirtualUnwind:NEAR +EXTERN __imp_RtlVirtualUnwind ALIGN 16 -mul_handler PROC PRIVATE +mul_handler: push rsi push rdi push rbx @@ -786,47 +787,47 @@ mul_handler PROC PRIVATE pushfq sub rsp,64 - mov rax,QWORD PTR[120+r8] - mov rbx,QWORD PTR[248+r8] + mov rax,QWORD[120+r8] + mov rbx,QWORD[248+r8] - mov rsi,QWORD PTR[8+r9] - mov r11,QWORD PTR[56+r9] + mov rsi,QWORD[8+r9] + mov r11,QWORD[56+r9] - mov r10d,DWORD PTR[r11] - lea r10,QWORD PTR[r10*1+rsi] + mov r10d,DWORD[r11] + lea r10,[r10*1+rsi] cmp rbx,r10 - jb $L$common_seh_tail + jb NEAR $L$common_seh_tail - mov rax,QWORD PTR[152+r8] + mov rax,QWORD[152+r8] - mov r10d,DWORD PTR[4+r11] - lea r10,QWORD PTR[r10*1+rsi] + mov r10d,DWORD[4+r11] + lea r10,[r10*1+rsi] cmp rbx,r10 - jae $L$common_seh_tail + jae NEAR $L$common_seh_tail + + mov r10,QWORD[192+r8] + mov rax,QWORD[8+r10*8+rax] + lea rax,[48+rax] - mov r10,QWORD PTR[192+r8] - mov rax,QWORD PTR[8+r10*8+rax] - lea rax,QWORD PTR[48+rax] + mov rbx,QWORD[((-8))+rax] + mov rbp,QWORD[((-16))+rax] + mov r12,QWORD[((-24))+rax] + mov r13,QWORD[((-32))+rax] + mov r14,QWORD[((-40))+rax] + mov r15,QWORD[((-48))+rax] + mov QWORD[144+r8],rbx + mov QWORD[160+r8],rbp + mov QWORD[216+r8],r12 + mov QWORD[224+r8],r13 + mov QWORD[232+r8],r14 + mov QWORD[240+r8],r15 - mov rbx,QWORD PTR[((-8))+rax] - mov rbp,QWORD PTR[((-16))+rax] - mov r12,QWORD PTR[((-24))+rax] - mov r13,QWORD PTR[((-32))+rax] - mov r14,QWORD PTR[((-40))+rax] - mov r15,QWORD PTR[((-48))+rax] - mov QWORD PTR[144+r8],rbx - mov QWORD PTR[160+r8],rbp - mov QWORD PTR[216+r8],r12 - mov QWORD PTR[224+r8],r13 - mov QWORD PTR[232+r8],r14 - mov QWORD PTR[240+r8],r15 + jmp NEAR $L$common_seh_tail - jmp $L$common_seh_tail -mul_handler ENDP ALIGN 16 -sqr_handler PROC PRIVATE +sqr_handler: push rsi push rdi push rbx @@ -838,64 +839,64 @@ sqr_handler PROC PRIVATE pushfq sub rsp,64 - mov rax,QWORD PTR[120+r8] - mov rbx,QWORD PTR[248+r8] + mov rax,QWORD[120+r8] + mov rbx,QWORD[248+r8] - mov rsi,QWORD PTR[8+r9] - mov r11,QWORD PTR[56+r9] + mov rsi,QWORD[8+r9] + mov r11,QWORD[56+r9] - mov r10d,DWORD PTR[r11] - lea r10,QWORD PTR[r10*1+rsi] + mov r10d,DWORD[r11] + lea r10,[r10*1+rsi] cmp rbx,r10 - jb $L$common_seh_tail + jb NEAR $L$common_seh_tail - mov rax,QWORD PTR[152+r8] + mov rax,QWORD[152+r8] - mov r10d,DWORD PTR[4+r11] - lea r10,QWORD PTR[r10*1+rsi] + mov r10d,DWORD[4+r11] + lea r10,[r10*1+rsi] cmp rbx,r10 - jae $L$common_seh_tail - - mov rax,QWORD PTR[40+rax] - - mov rbx,QWORD PTR[((-8))+rax] - mov rbp,QWORD PTR[((-16))+rax] - mov r12,QWORD PTR[((-24))+rax] - mov r13,QWORD PTR[((-32))+rax] - mov r14,QWORD PTR[((-40))+rax] - mov r15,QWORD PTR[((-48))+rax] - mov QWORD PTR[144+r8],rbx - mov QWORD PTR[160+r8],rbp - mov QWORD PTR[216+r8],r12 - mov QWORD PTR[224+r8],r13 - mov QWORD PTR[232+r8],r14 - mov QWORD PTR[240+r8],r15 - -$L$common_seh_tail:: - mov rdi,QWORD PTR[8+rax] - mov rsi,QWORD PTR[16+rax] - mov QWORD PTR[152+r8],rax - mov QWORD PTR[168+r8],rsi - mov QWORD PTR[176+r8],rdi - - mov rdi,QWORD PTR[40+r9] + jae NEAR $L$common_seh_tail + + mov rax,QWORD[40+rax] + + mov rbx,QWORD[((-8))+rax] + mov rbp,QWORD[((-16))+rax] + mov r12,QWORD[((-24))+rax] + mov r13,QWORD[((-32))+rax] + mov r14,QWORD[((-40))+rax] + mov r15,QWORD[((-48))+rax] + mov QWORD[144+r8],rbx + mov QWORD[160+r8],rbp + mov QWORD[216+r8],r12 + mov QWORD[224+r8],r13 + mov QWORD[232+r8],r14 + mov QWORD[240+r8],r15 + +$L$common_seh_tail: + mov rdi,QWORD[8+rax] + mov rsi,QWORD[16+rax] + mov QWORD[152+r8],rax + mov QWORD[168+r8],rsi + mov QWORD[176+r8],rdi + + mov rdi,QWORD[40+r9] mov rsi,r8 mov ecx,154 - DD 0a548f3fch + DD 0xa548f3fc mov rsi,r9 xor rcx,rcx - mov rdx,QWORD PTR[8+rsi] - mov r8,QWORD PTR[rsi] - mov r9,QWORD PTR[16+rsi] - mov r10,QWORD PTR[40+rsi] - lea r11,QWORD PTR[56+rsi] - lea r12,QWORD PTR[24+rsi] - mov QWORD PTR[32+rsp],r10 - mov QWORD PTR[40+rsp],r11 - mov QWORD PTR[48+rsp],r12 - mov QWORD PTR[56+rsp],rcx - call QWORD PTR[__imp_RtlVirtualUnwind] + mov rdx,QWORD[8+rsi] + mov r8,QWORD[rsi] + mov r9,QWORD[16+rsi] + mov r10,QWORD[40+rsi] + lea r11,[56+rsi] + lea r12,[24+rsi] + mov QWORD[32+rsp],r10 + mov QWORD[40+rsp],r11 + mov QWORD[48+rsp],r12 + mov QWORD[56+rsp],rcx + call QWORD[__imp_RtlVirtualUnwind] mov eax,1 add rsp,64 @@ -909,37 +910,32 @@ $L$common_seh_tail:: pop rdi pop rsi DB 0F3h,0C3h ;repret -sqr_handler ENDP -.text$ ENDS -.pdata SEGMENT READONLY ALIGN(4) + +section .pdata rdata align=4 ALIGN 4 - DD imagerel $L$SEH_begin_bn_mul_mont - DD imagerel $L$SEH_end_bn_mul_mont - DD imagerel $L$SEH_info_bn_mul_mont - - DD imagerel $L$SEH_begin_bn_mul4x_mont - DD imagerel $L$SEH_end_bn_mul4x_mont - DD imagerel $L$SEH_info_bn_mul4x_mont - - DD imagerel $L$SEH_begin_bn_sqr8x_mont - DD imagerel $L$SEH_end_bn_sqr8x_mont - DD imagerel $L$SEH_info_bn_sqr8x_mont -.pdata ENDS -.xdata SEGMENT READONLY ALIGN(8) + DD $L$SEH_begin_bn_mul_mont wrt ..imagebase + DD $L$SEH_end_bn_mul_mont wrt ..imagebase + DD $L$SEH_info_bn_mul_mont wrt ..imagebase + + DD $L$SEH_begin_bn_mul4x_mont wrt ..imagebase + DD $L$SEH_end_bn_mul4x_mont wrt ..imagebase + DD $L$SEH_info_bn_mul4x_mont wrt ..imagebase + + DD $L$SEH_begin_bn_sqr8x_mont wrt ..imagebase + DD $L$SEH_end_bn_sqr8x_mont wrt ..imagebase + DD $L$SEH_info_bn_sqr8x_mont wrt ..imagebase +section .xdata rdata align=8 ALIGN 8 -$L$SEH_info_bn_mul_mont:: +$L$SEH_info_bn_mul_mont: DB 9,0,0,0 - DD imagerel mul_handler - DD imagerel $L$mul_body,imagerel $L$mul_epilogue -$L$SEH_info_bn_mul4x_mont:: + DD mul_handler wrt ..imagebase + DD $L$mul_body wrt ..imagebase,$L$mul_epilogue wrt ..imagebase +$L$SEH_info_bn_mul4x_mont: DB 9,0,0,0 - DD imagerel mul_handler - DD imagerel $L$mul4x_body,imagerel $L$mul4x_epilogue -$L$SEH_info_bn_sqr8x_mont:: + DD mul_handler wrt ..imagebase + DD $L$mul4x_body wrt ..imagebase,$L$mul4x_epilogue wrt ..imagebase +$L$SEH_info_bn_sqr8x_mont: DB 9,0,0,0 - DD imagerel sqr_handler - DD imagerel $L$sqr8x_body,imagerel $L$sqr8x_epilogue - -.xdata ENDS -END + DD sqr_handler wrt ..imagebase + DD $L$sqr8x_body wrt ..imagebase,$L$sqr8x_epilogue wrt ..imagebase diff --git a/win-x86_64/crypto/bn/x86_64-mont5.asm b/win-x86_64/crypto/bn/x86_64-mont5.asm index 90c6100..284318a 100644 --- a/win-x86_64/crypto/bn/x86_64-mont5.asm +++ b/win-x86_64/crypto/bn/x86_64-mont5.asm @@ -1,95 +1,99 @@ -OPTION DOTNAME -.text$ SEGMENT ALIGN(256) 'CODE' +default rel +%define XMMWORD +%define YMMWORD +%define ZMMWORD +section .text code align=64 -EXTERN OPENSSL_ia32cap_P:NEAR -PUBLIC bn_mul_mont_gather5 +EXTERN OPENSSL_ia32cap_P + +global bn_mul_mont_gather5 ALIGN 64 -bn_mul_mont_gather5 PROC PUBLIC - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +bn_mul_mont_gather5: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_bn_mul_mont_gather5:: +$L$SEH_begin_bn_mul_mont_gather5: mov rdi,rcx mov rsi,rdx mov rdx,r8 mov rcx,r9 - mov r8,QWORD PTR[40+rsp] - mov r9,QWORD PTR[48+rsp] + mov r8,QWORD[40+rsp] + mov r9,QWORD[48+rsp] test r9d,7 - jnz $L$mul_enter - jmp $L$mul4x_enter + jnz NEAR $L$mul_enter + jmp NEAR $L$mul4x_enter ALIGN 16 -$L$mul_enter:: +$L$mul_enter: mov r9d,r9d mov rax,rsp - mov r10d,DWORD PTR[56+rsp] + mov r10d,DWORD[56+rsp] push rbx push rbp push r12 push r13 push r14 push r15 - lea rsp,QWORD PTR[((-40))+rsp] - movaps XMMWORD PTR[rsp],xmm6 - movaps XMMWORD PTR[16+rsp],xmm7 - lea r11,QWORD PTR[2+r9] + lea rsp,[((-40))+rsp] + movaps XMMWORD[rsp],xmm6 + movaps XMMWORD[16+rsp],xmm7 + lea r11,[2+r9] neg r11 - lea rsp,QWORD PTR[r11*8+rsp] + lea rsp,[r11*8+rsp] and rsp,-1024 - mov QWORD PTR[8+r9*8+rsp],rax -$L$mul_body:: + mov QWORD[8+r9*8+rsp],rax +$L$mul_body: mov r12,rdx mov r11,r10 shr r10,3 and r11,7 not r10 - lea rax,QWORD PTR[$L$magic_masks] + lea rax,[$L$magic_masks] and r10,3 - lea r12,QWORD PTR[96+r11*8+r12] - movq xmm4,QWORD PTR[r10*8+rax] - movq xmm5,QWORD PTR[8+r10*8+rax] - movq xmm6,QWORD PTR[16+r10*8+rax] - movq xmm7,QWORD PTR[24+r10*8+rax] - - movq xmm0,QWORD PTR[(((-96)))+r12] - movq xmm1,QWORD PTR[((-32))+r12] + lea r12,[96+r11*8+r12] + movq xmm4,QWORD[r10*8+rax] + movq xmm5,QWORD[8+r10*8+rax] + movq xmm6,QWORD[16+r10*8+rax] + movq xmm7,QWORD[24+r10*8+rax] + + movq xmm0,QWORD[(((-96)))+r12] + movq xmm1,QWORD[((-32))+r12] pand xmm0,xmm4 - movq xmm2,QWORD PTR[32+r12] + movq xmm2,QWORD[32+r12] pand xmm1,xmm5 - movq xmm3,QWORD PTR[96+r12] + movq xmm3,QWORD[96+r12] pand xmm2,xmm6 por xmm0,xmm1 pand xmm3,xmm7 por xmm0,xmm2 - lea r12,QWORD PTR[256+r12] + lea r12,[256+r12] por xmm0,xmm3 DB 102,72,15,126,195 - mov r8,QWORD PTR[r8] - mov rax,QWORD PTR[rsi] + mov r8,QWORD[r8] + mov rax,QWORD[rsi] xor r14,r14 xor r15,r15 - movq xmm0,QWORD PTR[(((-96)))+r12] - movq xmm1,QWORD PTR[((-32))+r12] + movq xmm0,QWORD[(((-96)))+r12] + movq xmm1,QWORD[((-32))+r12] pand xmm0,xmm4 - movq xmm2,QWORD PTR[32+r12] + movq xmm2,QWORD[32+r12] pand xmm1,xmm5 mov rbp,r8 mul rbx mov r10,rax - mov rax,QWORD PTR[rcx] + mov rax,QWORD[rcx] - movq xmm3,QWORD PTR[96+r12] + movq xmm3,QWORD[96+r12] pand xmm2,xmm6 por xmm0,xmm1 pand xmm3,xmm7 @@ -98,78 +102,78 @@ DB 102,72,15,126,195 mov r11,rdx por xmm0,xmm2 - lea r12,QWORD PTR[256+r12] + lea r12,[256+r12] por xmm0,xmm3 mul rbp add r10,rax - mov rax,QWORD PTR[8+rsi] + mov rax,QWORD[8+rsi] adc rdx,0 mov r13,rdx - lea r15,QWORD PTR[1+r15] - jmp $L$1st_enter + lea r15,[1+r15] + jmp NEAR $L$1st_enter ALIGN 16 -$L$1st:: +$L$1st: add r13,rax - mov rax,QWORD PTR[r15*8+rsi] + mov rax,QWORD[r15*8+rsi] adc rdx,0 add r13,r11 mov r11,r10 adc rdx,0 - mov QWORD PTR[((-16))+r15*8+rsp],r13 + mov QWORD[((-16))+r15*8+rsp],r13 mov r13,rdx -$L$1st_enter:: +$L$1st_enter: mul rbx add r11,rax - mov rax,QWORD PTR[r15*8+rcx] + mov rax,QWORD[r15*8+rcx] adc rdx,0 - lea r15,QWORD PTR[1+r15] + lea r15,[1+r15] mov r10,rdx mul rbp cmp r15,r9 - jne $L$1st + jne NEAR $L$1st DB 102,72,15,126,195 add r13,rax - mov rax,QWORD PTR[rsi] + mov rax,QWORD[rsi] adc rdx,0 add r13,r11 adc rdx,0 - mov QWORD PTR[((-16))+r15*8+rsp],r13 + mov QWORD[((-16))+r15*8+rsp],r13 mov r13,rdx mov r11,r10 xor rdx,rdx add r13,r11 adc rdx,0 - mov QWORD PTR[((-8))+r9*8+rsp],r13 - mov QWORD PTR[r9*8+rsp],rdx + mov QWORD[((-8))+r9*8+rsp],r13 + mov QWORD[r9*8+rsp],rdx - lea r14,QWORD PTR[1+r14] - jmp $L$outer + lea r14,[1+r14] + jmp NEAR $L$outer ALIGN 16 -$L$outer:: +$L$outer: xor r15,r15 mov rbp,r8 - mov r10,QWORD PTR[rsp] + mov r10,QWORD[rsp] - movq xmm0,QWORD PTR[(((-96)))+r12] - movq xmm1,QWORD PTR[((-32))+r12] + movq xmm0,QWORD[(((-96)))+r12] + movq xmm1,QWORD[((-32))+r12] pand xmm0,xmm4 - movq xmm2,QWORD PTR[32+r12] + movq xmm2,QWORD[32+r12] pand xmm1,xmm5 mul rbx add r10,rax - mov rax,QWORD PTR[rcx] + mov rax,QWORD[rcx] adc rdx,0 - movq xmm3,QWORD PTR[96+r12] + movq xmm3,QWORD[96+r12] pand xmm2,xmm6 por xmm0,xmm1 pand xmm3,xmm7 @@ -178,53 +182,53 @@ $L$outer:: mov r11,rdx por xmm0,xmm2 - lea r12,QWORD PTR[256+r12] + lea r12,[256+r12] por xmm0,xmm3 mul rbp add r10,rax - mov rax,QWORD PTR[8+rsi] + mov rax,QWORD[8+rsi] adc rdx,0 - mov r10,QWORD PTR[8+rsp] + mov r10,QWORD[8+rsp] mov r13,rdx - lea r15,QWORD PTR[1+r15] - jmp $L$inner_enter + lea r15,[1+r15] + jmp NEAR $L$inner_enter ALIGN 16 -$L$inner:: +$L$inner: add r13,rax - mov rax,QWORD PTR[r15*8+rsi] + mov rax,QWORD[r15*8+rsi] adc rdx,0 add r13,r10 - mov r10,QWORD PTR[r15*8+rsp] + mov r10,QWORD[r15*8+rsp] adc rdx,0 - mov QWORD PTR[((-16))+r15*8+rsp],r13 + mov QWORD[((-16))+r15*8+rsp],r13 mov r13,rdx -$L$inner_enter:: +$L$inner_enter: mul rbx add r11,rax - mov rax,QWORD PTR[r15*8+rcx] + mov rax,QWORD[r15*8+rcx] adc rdx,0 add r10,r11 mov r11,rdx adc r11,0 - lea r15,QWORD PTR[1+r15] + lea r15,[1+r15] mul rbp cmp r15,r9 - jne $L$inner + jne NEAR $L$inner DB 102,72,15,126,195 add r13,rax - mov rax,QWORD PTR[rsi] + mov rax,QWORD[rsi] adc rdx,0 add r13,r10 - mov r10,QWORD PTR[r15*8+rsp] + mov r10,QWORD[r15*8+rsp] adc rdx,0 - mov QWORD PTR[((-16))+r15*8+rsp],r13 + mov QWORD[((-16))+r15*8+rsp],r13 mov r13,rdx xor rdx,rdx @@ -232,76 +236,75 @@ DB 102,72,15,126,195 adc rdx,0 add r13,r10 adc rdx,0 - mov QWORD PTR[((-8))+r9*8+rsp],r13 - mov QWORD PTR[r9*8+rsp],rdx + mov QWORD[((-8))+r9*8+rsp],r13 + mov QWORD[r9*8+rsp],rdx - lea r14,QWORD PTR[1+r14] + lea r14,[1+r14] cmp r14,r9 - jb $L$outer + jb NEAR $L$outer xor r14,r14 - mov rax,QWORD PTR[rsp] - lea rsi,QWORD PTR[rsp] + mov rax,QWORD[rsp] + lea rsi,[rsp] mov r15,r9 - jmp $L$sub + jmp NEAR $L$sub ALIGN 16 -$L$sub:: sbb rax,QWORD PTR[r14*8+rcx] - mov QWORD PTR[r14*8+rdi],rax - mov rax,QWORD PTR[8+r14*8+rsi] - lea r14,QWORD PTR[1+r14] +$L$sub: sbb rax,QWORD[r14*8+rcx] + mov QWORD[r14*8+rdi],rax + mov rax,QWORD[8+r14*8+rsi] + lea r14,[1+r14] dec r15 - jnz $L$sub + jnz NEAR $L$sub sbb rax,0 xor r14,r14 mov r15,r9 ALIGN 16 -$L$copy:: - mov rsi,QWORD PTR[r14*8+rsp] - mov rcx,QWORD PTR[r14*8+rdi] +$L$copy: + mov rsi,QWORD[r14*8+rsp] + mov rcx,QWORD[r14*8+rdi] xor rsi,rcx and rsi,rax xor rsi,rcx - mov QWORD PTR[r14*8+rsp],r14 - mov QWORD PTR[r14*8+rdi],rsi - lea r14,QWORD PTR[1+r14] + mov QWORD[r14*8+rsp],r14 + mov QWORD[r14*8+rdi],rsi + lea r14,[1+r14] sub r15,1 - jnz $L$copy + jnz NEAR $L$copy - mov rsi,QWORD PTR[8+r9*8+rsp] + mov rsi,QWORD[8+r9*8+rsp] mov rax,1 - movaps xmm6,XMMWORD PTR[((-88))+rsi] - movaps xmm7,XMMWORD PTR[((-72))+rsi] - mov r15,QWORD PTR[((-48))+rsi] - mov r14,QWORD PTR[((-40))+rsi] - mov r13,QWORD PTR[((-32))+rsi] - mov r12,QWORD PTR[((-24))+rsi] - mov rbp,QWORD PTR[((-16))+rsi] - mov rbx,QWORD PTR[((-8))+rsi] - lea rsp,QWORD PTR[rsi] -$L$mul_epilogue:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] + movaps xmm6,XMMWORD[((-88))+rsi] + movaps xmm7,XMMWORD[((-72))+rsi] + mov r15,QWORD[((-48))+rsi] + mov r14,QWORD[((-40))+rsi] + mov r13,QWORD[((-32))+rsi] + mov r12,QWORD[((-24))+rsi] + mov rbp,QWORD[((-16))+rsi] + mov rbx,QWORD[((-8))+rsi] + lea rsp,[rsi] +$L$mul_epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_bn_mul_mont_gather5:: -bn_mul_mont_gather5 ENDP +$L$SEH_end_bn_mul_mont_gather5: ALIGN 32 -bn_mul4x_mont_gather5 PROC PRIVATE - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +bn_mul4x_mont_gather5: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_bn_mul4x_mont_gather5:: +$L$SEH_begin_bn_mul4x_mont_gather5: mov rdi,rcx mov rsi,rdx mov rdx,r8 mov rcx,r9 - mov r8,QWORD PTR[40+rsp] - mov r9,QWORD PTR[48+rsp] + mov r8,QWORD[40+rsp] + mov r9,QWORD[48+rsp] -$L$mul4x_enter:: -DB 067h +$L$mul4x_enter: +DB 0x67 mov rax,rsp push rbx push rbp @@ -309,10 +312,10 @@ DB 067h push r13 push r14 push r15 - lea rsp,QWORD PTR[((-40))+rsp] - movaps XMMWORD PTR[rsp],xmm6 - movaps XMMWORD PTR[16+rsp],xmm7 -DB 067h + lea rsp,[((-40))+rsp] + movaps XMMWORD[rsp],xmm6 + movaps XMMWORD[16+rsp],xmm7 +DB 0x67 mov r10d,r9d shl r9d,3 shl r10d,3+2 @@ -325,107 +328,106 @@ DB 067h - lea r11,QWORD PTR[((-64))+r9*2+rsp] + lea r11,[((-64))+r9*2+rsp] sub r11,rsi and r11,4095 cmp r10,r11 - jb $L$mul4xsp_alt + jb NEAR $L$mul4xsp_alt sub rsp,r11 - lea rsp,QWORD PTR[((-64))+r9*2+rsp] - jmp $L$mul4xsp_done + lea rsp,[((-64))+r9*2+rsp] + jmp NEAR $L$mul4xsp_done ALIGN 32 -$L$mul4xsp_alt:: - lea r10,QWORD PTR[((4096-64))+r9*2] - lea rsp,QWORD PTR[((-64))+r9*2+rsp] +$L$mul4xsp_alt: + lea r10,[((4096-64))+r9*2] + lea rsp,[((-64))+r9*2+rsp] sub r11,r10 mov r10,0 cmovc r11,r10 sub rsp,r11 -$L$mul4xsp_done:: +$L$mul4xsp_done: and rsp,-64 neg r9 - mov QWORD PTR[40+rsp],rax -$L$mul4x_body:: + mov QWORD[40+rsp],rax +$L$mul4x_body: call mul4x_internal - mov rsi,QWORD PTR[40+rsp] + mov rsi,QWORD[40+rsp] mov rax,1 - movaps xmm6,XMMWORD PTR[((-88))+rsi] - movaps xmm7,XMMWORD PTR[((-72))+rsi] - mov r15,QWORD PTR[((-48))+rsi] - mov r14,QWORD PTR[((-40))+rsi] - mov r13,QWORD PTR[((-32))+rsi] - mov r12,QWORD PTR[((-24))+rsi] - mov rbp,QWORD PTR[((-16))+rsi] - mov rbx,QWORD PTR[((-8))+rsi] - lea rsp,QWORD PTR[rsi] -$L$mul4x_epilogue:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] + movaps xmm6,XMMWORD[((-88))+rsi] + movaps xmm7,XMMWORD[((-72))+rsi] + mov r15,QWORD[((-48))+rsi] + mov r14,QWORD[((-40))+rsi] + mov r13,QWORD[((-32))+rsi] + mov r12,QWORD[((-24))+rsi] + mov rbp,QWORD[((-16))+rsi] + mov rbx,QWORD[((-8))+rsi] + lea rsp,[rsi] +$L$mul4x_epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_bn_mul4x_mont_gather5:: -bn_mul4x_mont_gather5 ENDP +$L$SEH_end_bn_mul4x_mont_gather5: ALIGN 32 -mul4x_internal PROC PRIVATE +mul4x_internal: shl r9,5 - mov r10d,DWORD PTR[56+rax] - lea r13,QWORD PTR[256+r9*1+rdx] + mov r10d,DWORD[56+rax] + lea r13,[256+r9*1+rdx] shr r9,5 mov r11,r10 shr r10,3 and r11,7 not r10 - lea rax,QWORD PTR[$L$magic_masks] + lea rax,[$L$magic_masks] and r10,3 - lea r12,QWORD PTR[96+r11*8+rdx] - movq xmm4,QWORD PTR[r10*8+rax] - movq xmm5,QWORD PTR[8+r10*8+rax] + lea r12,[96+r11*8+rdx] + movq xmm4,QWORD[r10*8+rax] + movq xmm5,QWORD[8+r10*8+rax] add r11,7 - movq xmm6,QWORD PTR[16+r10*8+rax] - movq xmm7,QWORD PTR[24+r10*8+rax] + movq xmm6,QWORD[16+r10*8+rax] + movq xmm7,QWORD[24+r10*8+rax] and r11,7 - movq xmm0,QWORD PTR[(((-96)))+r12] - lea r14,QWORD PTR[256+r12] - movq xmm1,QWORD PTR[((-32))+r12] + movq xmm0,QWORD[(((-96)))+r12] + lea r14,[256+r12] + movq xmm1,QWORD[((-32))+r12] pand xmm0,xmm4 - movq xmm2,QWORD PTR[32+r12] + movq xmm2,QWORD[32+r12] pand xmm1,xmm5 - movq xmm3,QWORD PTR[96+r12] + movq xmm3,QWORD[96+r12] pand xmm2,xmm6 -DB 067h +DB 0x67 por xmm0,xmm1 - movq xmm1,QWORD PTR[((-96))+r14] -DB 067h + movq xmm1,QWORD[((-96))+r14] +DB 0x67 pand xmm3,xmm7 -DB 067h +DB 0x67 por xmm0,xmm2 - movq xmm2,QWORD PTR[((-32))+r14] -DB 067h + movq xmm2,QWORD[((-32))+r14] +DB 0x67 pand xmm1,xmm4 -DB 067h +DB 0x67 por xmm0,xmm3 - movq xmm3,QWORD PTR[32+r14] + movq xmm3,QWORD[32+r14] DB 102,72,15,126,195 - movq xmm0,QWORD PTR[96+r14] - mov QWORD PTR[((16+8))+rsp],r13 - mov QWORD PTR[((56+8))+rsp],rdi + movq xmm0,QWORD[96+r14] + mov QWORD[((16+8))+rsp],r13 + mov QWORD[((56+8))+rsp],rdi - mov r8,QWORD PTR[r8] - mov rax,QWORD PTR[rsi] - lea rsi,QWORD PTR[r9*1+rsi] + mov r8,QWORD[r8] + mov rax,QWORD[rsi] + lea rsi,[r9*1+rsi] neg r9 mov rbp,r8 mul rbx mov r10,rax - mov rax,QWORD PTR[rcx] + mov rax,QWORD[rcx] pand xmm2,xmm5 pand xmm3,xmm6 @@ -439,349 +441,349 @@ DB 102,72,15,126,195 - lea r14,QWORD PTR[((64+8))+r11*8+rsp] + lea r14,[((64+8))+r11*8+rsp] mov r11,rdx pand xmm0,xmm7 por xmm1,xmm3 - lea r12,QWORD PTR[512+r12] + lea r12,[512+r12] por xmm0,xmm1 mul rbp add r10,rax - mov rax,QWORD PTR[8+r9*1+rsi] + mov rax,QWORD[8+r9*1+rsi] adc rdx,0 mov rdi,rdx mul rbx add r11,rax - mov rax,QWORD PTR[16+rcx] + mov rax,QWORD[16+rcx] adc rdx,0 mov r10,rdx mul rbp add rdi,rax - mov rax,QWORD PTR[16+r9*1+rsi] + mov rax,QWORD[16+r9*1+rsi] adc rdx,0 add rdi,r11 - lea r15,QWORD PTR[32+r9] - lea rcx,QWORD PTR[64+rcx] + lea r15,[32+r9] + lea rcx,[64+rcx] adc rdx,0 - mov QWORD PTR[r14],rdi + mov QWORD[r14],rdi mov r13,rdx - jmp $L$1st4x + jmp NEAR $L$1st4x ALIGN 32 -$L$1st4x:: +$L$1st4x: mul rbx add r10,rax - mov rax,QWORD PTR[((-32))+rcx] - lea r14,QWORD PTR[32+r14] + mov rax,QWORD[((-32))+rcx] + lea r14,[32+r14] adc rdx,0 mov r11,rdx mul rbp add r13,rax - mov rax,QWORD PTR[((-8))+r15*1+rsi] + mov rax,QWORD[((-8))+r15*1+rsi] adc rdx,0 add r13,r10 adc rdx,0 - mov QWORD PTR[((-24))+r14],r13 + mov QWORD[((-24))+r14],r13 mov rdi,rdx mul rbx add r11,rax - mov rax,QWORD PTR[((-16))+rcx] + mov rax,QWORD[((-16))+rcx] adc rdx,0 mov r10,rdx mul rbp add rdi,rax - mov rax,QWORD PTR[r15*1+rsi] + mov rax,QWORD[r15*1+rsi] adc rdx,0 add rdi,r11 adc rdx,0 - mov QWORD PTR[((-16))+r14],rdi + mov QWORD[((-16))+r14],rdi mov r13,rdx mul rbx add r10,rax - mov rax,QWORD PTR[rcx] + mov rax,QWORD[rcx] adc rdx,0 mov r11,rdx mul rbp add r13,rax - mov rax,QWORD PTR[8+r15*1+rsi] + mov rax,QWORD[8+r15*1+rsi] adc rdx,0 add r13,r10 adc rdx,0 - mov QWORD PTR[((-8))+r14],r13 + mov QWORD[((-8))+r14],r13 mov rdi,rdx mul rbx add r11,rax - mov rax,QWORD PTR[16+rcx] + mov rax,QWORD[16+rcx] adc rdx,0 mov r10,rdx mul rbp add rdi,rax - mov rax,QWORD PTR[16+r15*1+rsi] + mov rax,QWORD[16+r15*1+rsi] adc rdx,0 add rdi,r11 - lea rcx,QWORD PTR[64+rcx] + lea rcx,[64+rcx] adc rdx,0 - mov QWORD PTR[r14],rdi + mov QWORD[r14],rdi mov r13,rdx add r15,32 - jnz $L$1st4x + jnz NEAR $L$1st4x mul rbx add r10,rax - mov rax,QWORD PTR[((-32))+rcx] - lea r14,QWORD PTR[32+r14] + mov rax,QWORD[((-32))+rcx] + lea r14,[32+r14] adc rdx,0 mov r11,rdx mul rbp add r13,rax - mov rax,QWORD PTR[((-8))+rsi] + mov rax,QWORD[((-8))+rsi] adc rdx,0 add r13,r10 adc rdx,0 - mov QWORD PTR[((-24))+r14],r13 + mov QWORD[((-24))+r14],r13 mov rdi,rdx mul rbx add r11,rax - mov rax,QWORD PTR[((-16))+rcx] + mov rax,QWORD[((-16))+rcx] adc rdx,0 mov r10,rdx mul rbp add rdi,rax - mov rax,QWORD PTR[r9*1+rsi] + mov rax,QWORD[r9*1+rsi] adc rdx,0 add rdi,r11 adc rdx,0 - mov QWORD PTR[((-16))+r14],rdi + mov QWORD[((-16))+r14],rdi mov r13,rdx DB 102,72,15,126,195 - lea rcx,QWORD PTR[r9*2+rcx] + lea rcx,[r9*2+rcx] xor rdi,rdi add r13,r10 adc rdi,0 - mov QWORD PTR[((-8))+r14],r13 + mov QWORD[((-8))+r14],r13 - jmp $L$outer4x + jmp NEAR $L$outer4x ALIGN 32 -$L$outer4x:: - mov r10,QWORD PTR[r9*1+r14] +$L$outer4x: + mov r10,QWORD[r9*1+r14] mov rbp,r8 mul rbx add r10,rax - mov rax,QWORD PTR[rcx] + mov rax,QWORD[rcx] adc rdx,0 - movq xmm0,QWORD PTR[(((-96)))+r12] - movq xmm1,QWORD PTR[((-32))+r12] + movq xmm0,QWORD[(((-96)))+r12] + movq xmm1,QWORD[((-32))+r12] pand xmm0,xmm4 - movq xmm2,QWORD PTR[32+r12] + movq xmm2,QWORD[32+r12] pand xmm1,xmm5 - movq xmm3,QWORD PTR[96+r12] + movq xmm3,QWORD[96+r12] imul rbp,r10 -DB 067h +DB 0x67 mov r11,rdx - mov QWORD PTR[r14],rdi + mov QWORD[r14],rdi pand xmm2,xmm6 por xmm0,xmm1 pand xmm3,xmm7 por xmm0,xmm2 - lea r14,QWORD PTR[r9*1+r14] - lea r12,QWORD PTR[256+r12] + lea r14,[r9*1+r14] + lea r12,[256+r12] por xmm0,xmm3 mul rbp add r10,rax - mov rax,QWORD PTR[8+r9*1+rsi] + mov rax,QWORD[8+r9*1+rsi] adc rdx,0 mov rdi,rdx mul rbx add r11,rax - mov rax,QWORD PTR[16+rcx] + mov rax,QWORD[16+rcx] adc rdx,0 - add r11,QWORD PTR[8+r14] + add r11,QWORD[8+r14] adc rdx,0 mov r10,rdx mul rbp add rdi,rax - mov rax,QWORD PTR[16+r9*1+rsi] + mov rax,QWORD[16+r9*1+rsi] adc rdx,0 add rdi,r11 - lea r15,QWORD PTR[32+r9] - lea rcx,QWORD PTR[64+rcx] + lea r15,[32+r9] + lea rcx,[64+rcx] adc rdx,0 mov r13,rdx - jmp $L$inner4x + jmp NEAR $L$inner4x ALIGN 32 -$L$inner4x:: +$L$inner4x: mul rbx add r10,rax - mov rax,QWORD PTR[((-32))+rcx] + mov rax,QWORD[((-32))+rcx] adc rdx,0 - add r10,QWORD PTR[16+r14] - lea r14,QWORD PTR[32+r14] + add r10,QWORD[16+r14] + lea r14,[32+r14] adc rdx,0 mov r11,rdx mul rbp add r13,rax - mov rax,QWORD PTR[((-8))+r15*1+rsi] + mov rax,QWORD[((-8))+r15*1+rsi] adc rdx,0 add r13,r10 adc rdx,0 - mov QWORD PTR[((-32))+r14],rdi + mov QWORD[((-32))+r14],rdi mov rdi,rdx mul rbx add r11,rax - mov rax,QWORD PTR[((-16))+rcx] + mov rax,QWORD[((-16))+rcx] adc rdx,0 - add r11,QWORD PTR[((-8))+r14] + add r11,QWORD[((-8))+r14] adc rdx,0 mov r10,rdx mul rbp add rdi,rax - mov rax,QWORD PTR[r15*1+rsi] + mov rax,QWORD[r15*1+rsi] adc rdx,0 add rdi,r11 adc rdx,0 - mov QWORD PTR[((-24))+r14],r13 + mov QWORD[((-24))+r14],r13 mov r13,rdx mul rbx add r10,rax - mov rax,QWORD PTR[rcx] + mov rax,QWORD[rcx] adc rdx,0 - add r10,QWORD PTR[r14] + add r10,QWORD[r14] adc rdx,0 mov r11,rdx mul rbp add r13,rax - mov rax,QWORD PTR[8+r15*1+rsi] + mov rax,QWORD[8+r15*1+rsi] adc rdx,0 add r13,r10 adc rdx,0 - mov QWORD PTR[((-16))+r14],rdi + mov QWORD[((-16))+r14],rdi mov rdi,rdx mul rbx add r11,rax - mov rax,QWORD PTR[16+rcx] + mov rax,QWORD[16+rcx] adc rdx,0 - add r11,QWORD PTR[8+r14] + add r11,QWORD[8+r14] adc rdx,0 mov r10,rdx mul rbp add rdi,rax - mov rax,QWORD PTR[16+r15*1+rsi] + mov rax,QWORD[16+r15*1+rsi] adc rdx,0 add rdi,r11 - lea rcx,QWORD PTR[64+rcx] + lea rcx,[64+rcx] adc rdx,0 - mov QWORD PTR[((-8))+r14],r13 + mov QWORD[((-8))+r14],r13 mov r13,rdx add r15,32 - jnz $L$inner4x + jnz NEAR $L$inner4x mul rbx add r10,rax - mov rax,QWORD PTR[((-32))+rcx] + mov rax,QWORD[((-32))+rcx] adc rdx,0 - add r10,QWORD PTR[16+r14] - lea r14,QWORD PTR[32+r14] + add r10,QWORD[16+r14] + lea r14,[32+r14] adc rdx,0 mov r11,rdx mul rbp add r13,rax - mov rax,QWORD PTR[((-8))+rsi] + mov rax,QWORD[((-8))+rsi] adc rdx,0 add r13,r10 adc rdx,0 - mov QWORD PTR[((-32))+r14],rdi + mov QWORD[((-32))+r14],rdi mov rdi,rdx mul rbx add r11,rax mov rax,rbp - mov rbp,QWORD PTR[((-16))+rcx] + mov rbp,QWORD[((-16))+rcx] adc rdx,0 - add r11,QWORD PTR[((-8))+r14] + add r11,QWORD[((-8))+r14] adc rdx,0 mov r10,rdx mul rbp add rdi,rax - mov rax,QWORD PTR[r9*1+rsi] + mov rax,QWORD[r9*1+rsi] adc rdx,0 add rdi,r11 adc rdx,0 - mov QWORD PTR[((-24))+r14],r13 + mov QWORD[((-24))+r14],r13 mov r13,rdx DB 102,72,15,126,195 - mov QWORD PTR[((-16))+r14],rdi - lea rcx,QWORD PTR[r9*2+rcx] + mov QWORD[((-16))+r14],rdi + lea rcx,[r9*2+rcx] xor rdi,rdi add r13,r10 adc rdi,0 - add r13,QWORD PTR[r14] + add r13,QWORD[r14] adc rdi,0 - mov QWORD PTR[((-8))+r14],r13 + mov QWORD[((-8))+r14],r13 - cmp r12,QWORD PTR[((16+8))+rsp] - jb $L$outer4x + cmp r12,QWORD[((16+8))+rsp] + jb NEAR $L$outer4x sub rbp,r13 adc r15,r15 or rdi,r15 xor rdi,1 - lea rbx,QWORD PTR[r9*1+r14] - lea rbp,QWORD PTR[rdi*8+rcx] + lea rbx,[r9*1+r14] + lea rbp,[rdi*8+rcx] mov rcx,r9 sar rcx,3+2 - mov rdi,QWORD PTR[((56+8))+rsp] - jmp $L$sqr4x_sub -mul4x_internal ENDP -PUBLIC bn_power5 + mov rdi,QWORD[((56+8))+rsp] + jmp NEAR $L$sqr4x_sub + +global bn_power5 ALIGN 32 -bn_power5 PROC PUBLIC - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +bn_power5: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_bn_power5:: +$L$SEH_begin_bn_power5: mov rdi,rcx mov rsi,rdx mov rdx,r8 mov rcx,r9 - mov r8,QWORD PTR[40+rsp] - mov r9,QWORD PTR[48+rsp] + mov r8,QWORD[40+rsp] + mov r9,QWORD[48+rsp] mov rax,rsp @@ -791,14 +793,14 @@ $L$SEH_begin_bn_power5:: push r13 push r14 push r15 - lea rsp,QWORD PTR[((-40))+rsp] - movaps XMMWORD PTR[rsp],xmm6 - movaps XMMWORD PTR[16+rsp],xmm7 + lea rsp,[((-40))+rsp] + movaps XMMWORD[rsp],xmm6 + movaps XMMWORD[16+rsp],xmm7 mov r10d,r9d shl r9d,3 shl r10d,3+2 neg r9 - mov r8,QWORD PTR[r8] + mov r8,QWORD[r8] @@ -806,24 +808,24 @@ $L$SEH_begin_bn_power5:: - lea r11,QWORD PTR[((-64))+r9*2+rsp] + lea r11,[((-64))+r9*2+rsp] sub r11,rsi and r11,4095 cmp r10,r11 - jb $L$pwr_sp_alt + jb NEAR $L$pwr_sp_alt sub rsp,r11 - lea rsp,QWORD PTR[((-64))+r9*2+rsp] - jmp $L$pwr_sp_done + lea rsp,[((-64))+r9*2+rsp] + jmp NEAR $L$pwr_sp_done ALIGN 32 -$L$pwr_sp_alt:: - lea r10,QWORD PTR[((4096-64))+r9*2] - lea rsp,QWORD PTR[((-64))+r9*2+rsp] +$L$pwr_sp_alt: + lea r10,[((4096-64))+r9*2] + lea rsp,[((-64))+r9*2+rsp] sub r11,r10 mov r10,0 cmovc r11,r10 sub rsp,r11 -$L$pwr_sp_done:: +$L$pwr_sp_done: and rsp,-64 mov r10,r9 neg r9 @@ -837,9 +839,9 @@ $L$pwr_sp_done:: - mov QWORD PTR[32+rsp],r8 - mov QWORD PTR[40+rsp],rax -$L$power5_body:: + mov QWORD[32+rsp],r8 + mov QWORD[40+rsp],rax +$L$power5_body: DB 102,72,15,110,207 DB 102,72,15,110,209 DB 102,73,15,110,218 @@ -854,33 +856,32 @@ DB 102,72,15,110,226 DB 102,72,15,126,209 DB 102,72,15,126,226 mov rdi,rsi - mov rax,QWORD PTR[40+rsp] - lea r8,QWORD PTR[32+rsp] + mov rax,QWORD[40+rsp] + lea r8,[32+rsp] call mul4x_internal - mov rsi,QWORD PTR[40+rsp] + mov rsi,QWORD[40+rsp] mov rax,1 - mov r15,QWORD PTR[((-48))+rsi] - mov r14,QWORD PTR[((-40))+rsi] - mov r13,QWORD PTR[((-32))+rsi] - mov r12,QWORD PTR[((-24))+rsi] - mov rbp,QWORD PTR[((-16))+rsi] - mov rbx,QWORD PTR[((-8))+rsi] - lea rsp,QWORD PTR[rsi] -$L$power5_epilogue:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] + mov r15,QWORD[((-48))+rsi] + mov r14,QWORD[((-40))+rsi] + mov r13,QWORD[((-32))+rsi] + mov r12,QWORD[((-24))+rsi] + mov rbp,QWORD[((-16))+rsi] + mov rbx,QWORD[((-8))+rsi] + lea rsp,[rsi] +$L$power5_epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_bn_power5:: -bn_power5 ENDP +$L$SEH_end_bn_power5: -PUBLIC bn_sqr8x_internal +global bn_sqr8x_internal ALIGN 32 -bn_sqr8x_internal PROC PUBLIC -__bn_sqr8x_internal:: +bn_sqr8x_internal: +__bn_sqr8x_internal: @@ -954,40 +955,40 @@ __bn_sqr8x_internal:: - lea rbp,QWORD PTR[32+r10] - lea rsi,QWORD PTR[r9*1+rsi] + lea rbp,[32+r10] + lea rsi,[r9*1+rsi] mov rcx,r9 - mov r14,QWORD PTR[((-32))+rbp*1+rsi] - lea rdi,QWORD PTR[((48+8))+r9*2+rsp] - mov rax,QWORD PTR[((-24))+rbp*1+rsi] - lea rdi,QWORD PTR[((-32))+rbp*1+rdi] - mov rbx,QWORD PTR[((-16))+rbp*1+rsi] + mov r14,QWORD[((-32))+rbp*1+rsi] + lea rdi,[((48+8))+r9*2+rsp] + mov rax,QWORD[((-24))+rbp*1+rsi] + lea rdi,[((-32))+rbp*1+rdi] + mov rbx,QWORD[((-16))+rbp*1+rsi] mov r15,rax mul r14 mov r10,rax mov rax,rbx mov r11,rdx - mov QWORD PTR[((-24))+rbp*1+rdi],r10 + mov QWORD[((-24))+rbp*1+rdi],r10 mul r14 add r11,rax mov rax,rbx adc rdx,0 - mov QWORD PTR[((-16))+rbp*1+rdi],r11 + mov QWORD[((-16))+rbp*1+rdi],r11 mov r10,rdx - mov rbx,QWORD PTR[((-8))+rbp*1+rsi] + mov rbx,QWORD[((-8))+rbp*1+rsi] mul r15 mov r12,rax mov rax,rbx mov r13,rdx - lea rcx,QWORD PTR[rbp] + lea rcx,[rbp] mul r14 add r10,rax mov rax,rbx @@ -995,12 +996,12 @@ __bn_sqr8x_internal:: adc r11,0 add r10,r12 adc r11,0 - mov QWORD PTR[((-8))+rcx*1+rdi],r10 - jmp $L$sqr4x_1st + mov QWORD[((-8))+rcx*1+rdi],r10 + jmp NEAR $L$sqr4x_1st ALIGN 32 -$L$sqr4x_1st:: - mov rbx,QWORD PTR[rcx*1+rsi] +$L$sqr4x_1st: + mov rbx,QWORD[rcx*1+rsi] mul r15 add r13,rax mov rax,rbx @@ -1010,7 +1011,7 @@ $L$sqr4x_1st:: mul r14 add r11,rax mov rax,rbx - mov rbx,QWORD PTR[8+rcx*1+rsi] + mov rbx,QWORD[8+rcx*1+rsi] mov r10,rdx adc r10,0 add r11,r13 @@ -1020,14 +1021,14 @@ $L$sqr4x_1st:: mul r15 add r12,rax mov rax,rbx - mov QWORD PTR[rcx*1+rdi],r11 + mov QWORD[rcx*1+rdi],r11 mov r13,rdx adc r13,0 mul r14 add r10,rax mov rax,rbx - mov rbx,QWORD PTR[16+rcx*1+rsi] + mov rbx,QWORD[16+rcx*1+rsi] mov r11,rdx adc r11,0 add r10,r12 @@ -1036,14 +1037,14 @@ $L$sqr4x_1st:: mul r15 add r13,rax mov rax,rbx - mov QWORD PTR[8+rcx*1+rdi],r10 + mov QWORD[8+rcx*1+rdi],r10 mov r12,rdx adc r12,0 mul r14 add r11,rax mov rax,rbx - mov rbx,QWORD PTR[24+rcx*1+rsi] + mov rbx,QWORD[24+rcx*1+rsi] mov r10,rdx adc r10,0 add r11,r13 @@ -1053,10 +1054,10 @@ $L$sqr4x_1st:: mul r15 add r12,rax mov rax,rbx - mov QWORD PTR[16+rcx*1+rdi],r11 + mov QWORD[16+rcx*1+rdi],r11 mov r13,rdx adc r13,0 - lea rcx,QWORD PTR[32+rcx] + lea rcx,[32+rcx] mul r14 add r10,rax @@ -1065,57 +1066,57 @@ $L$sqr4x_1st:: adc r11,0 add r10,r12 adc r11,0 - mov QWORD PTR[((-8))+rcx*1+rdi],r10 + mov QWORD[((-8))+rcx*1+rdi],r10 cmp rcx,0 - jne $L$sqr4x_1st + jne NEAR $L$sqr4x_1st mul r15 add r13,rax - lea rbp,QWORD PTR[16+rbp] + lea rbp,[16+rbp] adc rdx,0 add r13,r11 adc rdx,0 - mov QWORD PTR[rdi],r13 + mov QWORD[rdi],r13 mov r12,rdx - mov QWORD PTR[8+rdi],rdx - jmp $L$sqr4x_outer + mov QWORD[8+rdi],rdx + jmp NEAR $L$sqr4x_outer ALIGN 32 -$L$sqr4x_outer:: - mov r14,QWORD PTR[((-32))+rbp*1+rsi] - lea rdi,QWORD PTR[((48+8))+r9*2+rsp] - mov rax,QWORD PTR[((-24))+rbp*1+rsi] - lea rdi,QWORD PTR[((-32))+rbp*1+rdi] - mov rbx,QWORD PTR[((-16))+rbp*1+rsi] +$L$sqr4x_outer: + mov r14,QWORD[((-32))+rbp*1+rsi] + lea rdi,[((48+8))+r9*2+rsp] + mov rax,QWORD[((-24))+rbp*1+rsi] + lea rdi,[((-32))+rbp*1+rdi] + mov rbx,QWORD[((-16))+rbp*1+rsi] mov r15,rax mul r14 - mov r10,QWORD PTR[((-24))+rbp*1+rdi] + mov r10,QWORD[((-24))+rbp*1+rdi] add r10,rax mov rax,rbx adc rdx,0 - mov QWORD PTR[((-24))+rbp*1+rdi],r10 + mov QWORD[((-24))+rbp*1+rdi],r10 mov r11,rdx mul r14 add r11,rax mov rax,rbx adc rdx,0 - add r11,QWORD PTR[((-16))+rbp*1+rdi] + add r11,QWORD[((-16))+rbp*1+rdi] mov r10,rdx adc r10,0 - mov QWORD PTR[((-16))+rbp*1+rdi],r11 + mov QWORD[((-16))+rbp*1+rdi],r11 xor r12,r12 - mov rbx,QWORD PTR[((-8))+rbp*1+rsi] + mov rbx,QWORD[((-8))+rbp*1+rsi] mul r15 add r12,rax mov rax,rbx adc rdx,0 - add r12,QWORD PTR[((-8))+rbp*1+rdi] + add r12,QWORD[((-8))+rbp*1+rdi] mov r13,rdx adc r13,0 @@ -1126,27 +1127,27 @@ $L$sqr4x_outer:: add r10,r12 mov r11,rdx adc r11,0 - mov QWORD PTR[((-8))+rbp*1+rdi],r10 + mov QWORD[((-8))+rbp*1+rdi],r10 - lea rcx,QWORD PTR[rbp] - jmp $L$sqr4x_inner + lea rcx,[rbp] + jmp NEAR $L$sqr4x_inner ALIGN 32 -$L$sqr4x_inner:: - mov rbx,QWORD PTR[rcx*1+rsi] +$L$sqr4x_inner: + mov rbx,QWORD[rcx*1+rsi] mul r15 add r13,rax mov rax,rbx mov r12,rdx adc r12,0 - add r13,QWORD PTR[rcx*1+rdi] + add r13,QWORD[rcx*1+rdi] adc r12,0 -DB 067h +DB 0x67 mul r14 add r11,rax mov rax,rbx - mov rbx,QWORD PTR[8+rcx*1+rsi] + mov rbx,QWORD[8+rcx*1+rsi] mov r10,rdx adc r10,0 add r11,r13 @@ -1154,12 +1155,12 @@ DB 067h mul r15 add r12,rax - mov QWORD PTR[rcx*1+rdi],r11 + mov QWORD[rcx*1+rdi],r11 mov rax,rbx mov r13,rdx adc r13,0 - add r12,QWORD PTR[8+rcx*1+rdi] - lea rcx,QWORD PTR[16+rcx] + add r12,QWORD[8+rcx*1+rdi] + lea rcx,[16+rcx] adc r13,0 mul r14 @@ -1169,31 +1170,31 @@ DB 067h add r10,r12 mov r11,rdx adc r11,0 - mov QWORD PTR[((-8))+rcx*1+rdi],r10 + mov QWORD[((-8))+rcx*1+rdi],r10 cmp rcx,0 - jne $L$sqr4x_inner + jne NEAR $L$sqr4x_inner -DB 067h +DB 0x67 mul r15 add r13,rax adc rdx,0 add r13,r11 adc rdx,0 - mov QWORD PTR[rdi],r13 + mov QWORD[rdi],r13 mov r12,rdx - mov QWORD PTR[8+rdi],rdx + mov QWORD[8+rdi],rdx add rbp,16 - jnz $L$sqr4x_outer + jnz NEAR $L$sqr4x_outer - mov r14,QWORD PTR[((-32))+rsi] - lea rdi,QWORD PTR[((48+8))+r9*2+rsp] - mov rax,QWORD PTR[((-24))+rsi] - lea rdi,QWORD PTR[((-32))+rbp*1+rdi] - mov rbx,QWORD PTR[((-16))+rsi] + mov r14,QWORD[((-32))+rsi] + lea rdi,[((48+8))+r9*2+rsp] + mov rax,QWORD[((-24))+rsi] + lea rdi,[((-32))+rbp*1+rdi] + mov rbx,QWORD[((-16))+rsi] mov r15,rax mul r14 @@ -1205,17 +1206,17 @@ DB 067h mul r14 add r11,rax mov rax,rbx - mov QWORD PTR[((-24))+rdi],r10 + mov QWORD[((-24))+rdi],r10 mov r10,rdx adc r10,0 add r11,r13 - mov rbx,QWORD PTR[((-8))+rsi] + mov rbx,QWORD[((-8))+rsi] adc r10,0 mul r15 add r12,rax mov rax,rbx - mov QWORD PTR[((-16))+rdi],r11 + mov QWORD[((-16))+rdi],r11 mov r13,rdx adc r13,0 @@ -1226,18 +1227,18 @@ DB 067h adc r11,0 add r10,r12 adc r11,0 - mov QWORD PTR[((-8))+rdi],r10 + mov QWORD[((-8))+rdi],r10 mul r15 add r13,rax - mov rax,QWORD PTR[((-16))+rsi] + mov rax,QWORD[((-16))+rsi] adc rdx,0 add r13,r11 adc rdx,0 - mov QWORD PTR[rdi],r13 + mov QWORD[rdi],r13 mov r12,rdx - mov QWORD PTR[8+rdi],rdx + mov QWORD[8+rdi],rdx mul rbx add rbp,16 @@ -1247,216 +1248,216 @@ DB 067h add rax,r12 adc rdx,0 - mov QWORD PTR[8+rdi],rax - mov QWORD PTR[16+rdi],rdx - mov QWORD PTR[24+rdi],r15 + mov QWORD[8+rdi],rax + mov QWORD[16+rdi],rdx + mov QWORD[24+rdi],r15 - mov rax,QWORD PTR[((-16))+rbp*1+rsi] - lea rdi,QWORD PTR[((48+8))+rsp] + mov rax,QWORD[((-16))+rbp*1+rsi] + lea rdi,[((48+8))+rsp] xor r10,r10 - mov r11,QWORD PTR[8+rdi] + mov r11,QWORD[8+rdi] - lea r12,QWORD PTR[r10*2+r14] + lea r12,[r10*2+r14] shr r10,63 - lea r13,QWORD PTR[r11*2+rcx] + lea r13,[r11*2+rcx] shr r11,63 or r13,r10 - mov r10,QWORD PTR[16+rdi] + mov r10,QWORD[16+rdi] mov r14,r11 mul rax neg r15 - mov r11,QWORD PTR[24+rdi] + mov r11,QWORD[24+rdi] adc r12,rax - mov rax,QWORD PTR[((-8))+rbp*1+rsi] - mov QWORD PTR[rdi],r12 + mov rax,QWORD[((-8))+rbp*1+rsi] + mov QWORD[rdi],r12 adc r13,rdx - lea rbx,QWORD PTR[r10*2+r14] - mov QWORD PTR[8+rdi],r13 + lea rbx,[r10*2+r14] + mov QWORD[8+rdi],r13 sbb r15,r15 shr r10,63 - lea r8,QWORD PTR[r11*2+rcx] + lea r8,[r11*2+rcx] shr r11,63 or r8,r10 - mov r10,QWORD PTR[32+rdi] + mov r10,QWORD[32+rdi] mov r14,r11 mul rax neg r15 - mov r11,QWORD PTR[40+rdi] + mov r11,QWORD[40+rdi] adc rbx,rax - mov rax,QWORD PTR[rbp*1+rsi] - mov QWORD PTR[16+rdi],rbx + mov rax,QWORD[rbp*1+rsi] + mov QWORD[16+rdi],rbx adc r8,rdx - lea rbp,QWORD PTR[16+rbp] - mov QWORD PTR[24+rdi],r8 + lea rbp,[16+rbp] + mov QWORD[24+rdi],r8 sbb r15,r15 - lea rdi,QWORD PTR[64+rdi] - jmp $L$sqr4x_shift_n_add + lea rdi,[64+rdi] + jmp NEAR $L$sqr4x_shift_n_add ALIGN 32 -$L$sqr4x_shift_n_add:: - lea r12,QWORD PTR[r10*2+r14] +$L$sqr4x_shift_n_add: + lea r12,[r10*2+r14] shr r10,63 - lea r13,QWORD PTR[r11*2+rcx] + lea r13,[r11*2+rcx] shr r11,63 or r13,r10 - mov r10,QWORD PTR[((-16))+rdi] + mov r10,QWORD[((-16))+rdi] mov r14,r11 mul rax neg r15 - mov r11,QWORD PTR[((-8))+rdi] + mov r11,QWORD[((-8))+rdi] adc r12,rax - mov rax,QWORD PTR[((-8))+rbp*1+rsi] - mov QWORD PTR[((-32))+rdi],r12 + mov rax,QWORD[((-8))+rbp*1+rsi] + mov QWORD[((-32))+rdi],r12 adc r13,rdx - lea rbx,QWORD PTR[r10*2+r14] - mov QWORD PTR[((-24))+rdi],r13 + lea rbx,[r10*2+r14] + mov QWORD[((-24))+rdi],r13 sbb r15,r15 shr r10,63 - lea r8,QWORD PTR[r11*2+rcx] + lea r8,[r11*2+rcx] shr r11,63 or r8,r10 - mov r10,QWORD PTR[rdi] + mov r10,QWORD[rdi] mov r14,r11 mul rax neg r15 - mov r11,QWORD PTR[8+rdi] + mov r11,QWORD[8+rdi] adc rbx,rax - mov rax,QWORD PTR[rbp*1+rsi] - mov QWORD PTR[((-16))+rdi],rbx + mov rax,QWORD[rbp*1+rsi] + mov QWORD[((-16))+rdi],rbx adc r8,rdx - lea r12,QWORD PTR[r10*2+r14] - mov QWORD PTR[((-8))+rdi],r8 + lea r12,[r10*2+r14] + mov QWORD[((-8))+rdi],r8 sbb r15,r15 shr r10,63 - lea r13,QWORD PTR[r11*2+rcx] + lea r13,[r11*2+rcx] shr r11,63 or r13,r10 - mov r10,QWORD PTR[16+rdi] + mov r10,QWORD[16+rdi] mov r14,r11 mul rax neg r15 - mov r11,QWORD PTR[24+rdi] + mov r11,QWORD[24+rdi] adc r12,rax - mov rax,QWORD PTR[8+rbp*1+rsi] - mov QWORD PTR[rdi],r12 + mov rax,QWORD[8+rbp*1+rsi] + mov QWORD[rdi],r12 adc r13,rdx - lea rbx,QWORD PTR[r10*2+r14] - mov QWORD PTR[8+rdi],r13 + lea rbx,[r10*2+r14] + mov QWORD[8+rdi],r13 sbb r15,r15 shr r10,63 - lea r8,QWORD PTR[r11*2+rcx] + lea r8,[r11*2+rcx] shr r11,63 or r8,r10 - mov r10,QWORD PTR[32+rdi] + mov r10,QWORD[32+rdi] mov r14,r11 mul rax neg r15 - mov r11,QWORD PTR[40+rdi] + mov r11,QWORD[40+rdi] adc rbx,rax - mov rax,QWORD PTR[16+rbp*1+rsi] - mov QWORD PTR[16+rdi],rbx + mov rax,QWORD[16+rbp*1+rsi] + mov QWORD[16+rdi],rbx adc r8,rdx - mov QWORD PTR[24+rdi],r8 + mov QWORD[24+rdi],r8 sbb r15,r15 - lea rdi,QWORD PTR[64+rdi] + lea rdi,[64+rdi] add rbp,32 - jnz $L$sqr4x_shift_n_add + jnz NEAR $L$sqr4x_shift_n_add - lea r12,QWORD PTR[r10*2+r14] -DB 067h + lea r12,[r10*2+r14] +DB 0x67 shr r10,63 - lea r13,QWORD PTR[r11*2+rcx] + lea r13,[r11*2+rcx] shr r11,63 or r13,r10 - mov r10,QWORD PTR[((-16))+rdi] + mov r10,QWORD[((-16))+rdi] mov r14,r11 mul rax neg r15 - mov r11,QWORD PTR[((-8))+rdi] + mov r11,QWORD[((-8))+rdi] adc r12,rax - mov rax,QWORD PTR[((-8))+rsi] - mov QWORD PTR[((-32))+rdi],r12 + mov rax,QWORD[((-8))+rsi] + mov QWORD[((-32))+rdi],r12 adc r13,rdx - lea rbx,QWORD PTR[r10*2+r14] - mov QWORD PTR[((-24))+rdi],r13 + lea rbx,[r10*2+r14] + mov QWORD[((-24))+rdi],r13 sbb r15,r15 shr r10,63 - lea r8,QWORD PTR[r11*2+rcx] + lea r8,[r11*2+rcx] shr r11,63 or r8,r10 mul rax neg r15 adc rbx,rax adc r8,rdx - mov QWORD PTR[((-16))+rdi],rbx - mov QWORD PTR[((-8))+rdi],r8 + mov QWORD[((-16))+rdi],rbx + mov QWORD[((-8))+rdi],r8 DB 102,72,15,126,213 -sqr8x_reduction:: +sqr8x_reduction: xor rax,rax - lea rcx,QWORD PTR[r9*2+rbp] - lea rdx,QWORD PTR[((48+8))+r9*2+rsp] - mov QWORD PTR[((0+8))+rsp],rcx - lea rdi,QWORD PTR[((48+8))+r9*1+rsp] - mov QWORD PTR[((8+8))+rsp],rdx + lea rcx,[r9*2+rbp] + lea rdx,[((48+8))+r9*2+rsp] + mov QWORD[((0+8))+rsp],rcx + lea rdi,[((48+8))+r9*1+rsp] + mov QWORD[((8+8))+rsp],rdx neg r9 - jmp $L$8x_reduction_loop + jmp NEAR $L$8x_reduction_loop ALIGN 32 -$L$8x_reduction_loop:: - lea rdi,QWORD PTR[r9*1+rdi] -DB 066h - mov rbx,QWORD PTR[rdi] - mov r9,QWORD PTR[8+rdi] - mov r10,QWORD PTR[16+rdi] - mov r11,QWORD PTR[24+rdi] - mov r12,QWORD PTR[32+rdi] - mov r13,QWORD PTR[40+rdi] - mov r14,QWORD PTR[48+rdi] - mov r15,QWORD PTR[56+rdi] - mov QWORD PTR[rdx],rax - lea rdi,QWORD PTR[64+rdi] - -DB 067h +$L$8x_reduction_loop: + lea rdi,[r9*1+rdi] +DB 0x66 + mov rbx,QWORD[rdi] + mov r9,QWORD[8+rdi] + mov r10,QWORD[16+rdi] + mov r11,QWORD[24+rdi] + mov r12,QWORD[32+rdi] + mov r13,QWORD[40+rdi] + mov r14,QWORD[48+rdi] + mov r15,QWORD[56+rdi] + mov QWORD[rdx],rax + lea rdi,[64+rdi] + +DB 0x67 mov r8,rbx - imul rbx,QWORD PTR[((32+8))+rsp] - mov rax,QWORD PTR[rbp] + imul rbx,QWORD[((32+8))+rsp] + mov rax,QWORD[rbp] mov ecx,8 - jmp $L$8x_reduce + jmp NEAR $L$8x_reduce ALIGN 32 -$L$8x_reduce:: +$L$8x_reduce: mul rbx - mov rax,QWORD PTR[16+rbp] + mov rax,QWORD[16+rbp] neg r8 mov r8,rdx adc r8,0 mul rbx add r9,rax - mov rax,QWORD PTR[32+rbp] + mov rax,QWORD[32+rbp] adc rdx,0 add r8,r9 - mov QWORD PTR[((48-8+8))+rcx*8+rsp],rbx + mov QWORD[((48-8+8))+rcx*8+rsp],rbx mov r9,rdx adc r9,0 mul rbx add r10,rax - mov rax,QWORD PTR[48+rbp] + mov rax,QWORD[48+rbp] adc rdx,0 add r9,r10 - mov rsi,QWORD PTR[((32+8))+rsp] + mov rsi,QWORD[((32+8))+rsp] mov r10,rdx adc r10,0 mul rbx add r11,rax - mov rax,QWORD PTR[64+rbp] + mov rax,QWORD[64+rbp] adc rdx,0 imul rsi,r8 add r10,r11 @@ -1465,7 +1466,7 @@ $L$8x_reduce:: mul rbx add r12,rax - mov rax,QWORD PTR[80+rbp] + mov rax,QWORD[80+rbp] adc rdx,0 add r11,r12 mov r12,rdx @@ -1473,7 +1474,7 @@ $L$8x_reduce:: mul rbx add r13,rax - mov rax,QWORD PTR[96+rbp] + mov rax,QWORD[96+rbp] adc rdx,0 add r12,r13 mov r13,rdx @@ -1481,7 +1482,7 @@ $L$8x_reduce:: mul rbx add r14,rax - mov rax,QWORD PTR[112+rbp] + mov rax,QWORD[112+rbp] adc rdx,0 add r13,r14 mov r14,rdx @@ -1490,58 +1491,58 @@ $L$8x_reduce:: mul rbx mov rbx,rsi add r15,rax - mov rax,QWORD PTR[rbp] + mov rax,QWORD[rbp] adc rdx,0 add r14,r15 mov r15,rdx adc r15,0 dec ecx - jnz $L$8x_reduce + jnz NEAR $L$8x_reduce - lea rbp,QWORD PTR[128+rbp] + lea rbp,[128+rbp] xor rax,rax - mov rdx,QWORD PTR[((8+8))+rsp] - cmp rbp,QWORD PTR[((0+8))+rsp] - jae $L$8x_no_tail - -DB 066h - add r8,QWORD PTR[rdi] - adc r9,QWORD PTR[8+rdi] - adc r10,QWORD PTR[16+rdi] - adc r11,QWORD PTR[24+rdi] - adc r12,QWORD PTR[32+rdi] - adc r13,QWORD PTR[40+rdi] - adc r14,QWORD PTR[48+rdi] - adc r15,QWORD PTR[56+rdi] + mov rdx,QWORD[((8+8))+rsp] + cmp rbp,QWORD[((0+8))+rsp] + jae NEAR $L$8x_no_tail + +DB 0x66 + add r8,QWORD[rdi] + adc r9,QWORD[8+rdi] + adc r10,QWORD[16+rdi] + adc r11,QWORD[24+rdi] + adc r12,QWORD[32+rdi] + adc r13,QWORD[40+rdi] + adc r14,QWORD[48+rdi] + adc r15,QWORD[56+rdi] sbb rsi,rsi - mov rbx,QWORD PTR[((48+56+8))+rsp] + mov rbx,QWORD[((48+56+8))+rsp] mov ecx,8 - mov rax,QWORD PTR[rbp] - jmp $L$8x_tail + mov rax,QWORD[rbp] + jmp NEAR $L$8x_tail ALIGN 32 -$L$8x_tail:: +$L$8x_tail: mul rbx add r8,rax - mov rax,QWORD PTR[16+rbp] - mov QWORD PTR[rdi],r8 + mov rax,QWORD[16+rbp] + mov QWORD[rdi],r8 mov r8,rdx adc r8,0 mul rbx add r9,rax - mov rax,QWORD PTR[32+rbp] + mov rax,QWORD[32+rbp] adc rdx,0 add r8,r9 - lea rdi,QWORD PTR[8+rdi] + lea rdi,[8+rdi] mov r9,rdx adc r9,0 mul rbx add r10,rax - mov rax,QWORD PTR[48+rbp] + mov rax,QWORD[48+rbp] adc rdx,0 add r9,r10 mov r10,rdx @@ -1549,7 +1550,7 @@ $L$8x_tail:: mul rbx add r11,rax - mov rax,QWORD PTR[64+rbp] + mov rax,QWORD[64+rbp] adc rdx,0 add r10,r11 mov r11,rdx @@ -1557,7 +1558,7 @@ $L$8x_tail:: mul rbx add r12,rax - mov rax,QWORD PTR[80+rbp] + mov rax,QWORD[80+rbp] adc rdx,0 add r11,r12 mov r12,rdx @@ -1565,7 +1566,7 @@ $L$8x_tail:: mul rbx add r13,rax - mov rax,QWORD PTR[96+rbp] + mov rax,QWORD[96+rbp] adc rdx,0 add r12,r13 mov r13,rdx @@ -1573,143 +1574,143 @@ $L$8x_tail:: mul rbx add r14,rax - mov rax,QWORD PTR[112+rbp] + mov rax,QWORD[112+rbp] adc rdx,0 add r13,r14 mov r14,rdx adc r14,0 mul rbx - mov rbx,QWORD PTR[((48-16+8))+rcx*8+rsp] + mov rbx,QWORD[((48-16+8))+rcx*8+rsp] add r15,rax adc rdx,0 add r14,r15 - mov rax,QWORD PTR[rbp] + mov rax,QWORD[rbp] mov r15,rdx adc r15,0 dec ecx - jnz $L$8x_tail + jnz NEAR $L$8x_tail - lea rbp,QWORD PTR[128+rbp] - mov rdx,QWORD PTR[((8+8))+rsp] - cmp rbp,QWORD PTR[((0+8))+rsp] - jae $L$8x_tail_done + lea rbp,[128+rbp] + mov rdx,QWORD[((8+8))+rsp] + cmp rbp,QWORD[((0+8))+rsp] + jae NEAR $L$8x_tail_done - mov rbx,QWORD PTR[((48+56+8))+rsp] + mov rbx,QWORD[((48+56+8))+rsp] neg rsi - mov rax,QWORD PTR[rbp] - adc r8,QWORD PTR[rdi] - adc r9,QWORD PTR[8+rdi] - adc r10,QWORD PTR[16+rdi] - adc r11,QWORD PTR[24+rdi] - adc r12,QWORD PTR[32+rdi] - adc r13,QWORD PTR[40+rdi] - adc r14,QWORD PTR[48+rdi] - adc r15,QWORD PTR[56+rdi] + mov rax,QWORD[rbp] + adc r8,QWORD[rdi] + adc r9,QWORD[8+rdi] + adc r10,QWORD[16+rdi] + adc r11,QWORD[24+rdi] + adc r12,QWORD[32+rdi] + adc r13,QWORD[40+rdi] + adc r14,QWORD[48+rdi] + adc r15,QWORD[56+rdi] sbb rsi,rsi mov ecx,8 - jmp $L$8x_tail + jmp NEAR $L$8x_tail ALIGN 32 -$L$8x_tail_done:: - add r8,QWORD PTR[rdx] +$L$8x_tail_done: + add r8,QWORD[rdx] xor rax,rax neg rsi -$L$8x_no_tail:: - adc r8,QWORD PTR[rdi] - adc r9,QWORD PTR[8+rdi] - adc r10,QWORD PTR[16+rdi] - adc r11,QWORD PTR[24+rdi] - adc r12,QWORD PTR[32+rdi] - adc r13,QWORD PTR[40+rdi] - adc r14,QWORD PTR[48+rdi] - adc r15,QWORD PTR[56+rdi] +$L$8x_no_tail: + adc r8,QWORD[rdi] + adc r9,QWORD[8+rdi] + adc r10,QWORD[16+rdi] + adc r11,QWORD[24+rdi] + adc r12,QWORD[32+rdi] + adc r13,QWORD[40+rdi] + adc r14,QWORD[48+rdi] + adc r15,QWORD[56+rdi] adc rax,0 - mov rcx,QWORD PTR[((-16))+rbp] + mov rcx,QWORD[((-16))+rbp] xor rsi,rsi DB 102,72,15,126,213 - mov QWORD PTR[rdi],r8 - mov QWORD PTR[8+rdi],r9 + mov QWORD[rdi],r8 + mov QWORD[8+rdi],r9 DB 102,73,15,126,217 - mov QWORD PTR[16+rdi],r10 - mov QWORD PTR[24+rdi],r11 - mov QWORD PTR[32+rdi],r12 - mov QWORD PTR[40+rdi],r13 - mov QWORD PTR[48+rdi],r14 - mov QWORD PTR[56+rdi],r15 - lea rdi,QWORD PTR[64+rdi] + mov QWORD[16+rdi],r10 + mov QWORD[24+rdi],r11 + mov QWORD[32+rdi],r12 + mov QWORD[40+rdi],r13 + mov QWORD[48+rdi],r14 + mov QWORD[56+rdi],r15 + lea rdi,[64+rdi] cmp rdi,rdx - jb $L$8x_reduction_loop + jb NEAR $L$8x_reduction_loop sub rcx,r15 - lea rbx,QWORD PTR[r9*1+rdi] + lea rbx,[r9*1+rdi] adc rsi,rsi mov rcx,r9 or rax,rsi DB 102,72,15,126,207 xor rax,1 DB 102,72,15,126,206 - lea rbp,QWORD PTR[rax*8+rbp] + lea rbp,[rax*8+rbp] sar rcx,3+2 - jmp $L$sqr4x_sub + jmp NEAR $L$sqr4x_sub ALIGN 32 -$L$sqr4x_sub:: -DB 066h - mov r12,QWORD PTR[rbx] - mov r13,QWORD PTR[8+rbx] - sbb r12,QWORD PTR[rbp] - mov r14,QWORD PTR[16+rbx] - sbb r13,QWORD PTR[16+rbp] - mov r15,QWORD PTR[24+rbx] - lea rbx,QWORD PTR[32+rbx] - sbb r14,QWORD PTR[32+rbp] - mov QWORD PTR[rdi],r12 - sbb r15,QWORD PTR[48+rbp] - lea rbp,QWORD PTR[64+rbp] - mov QWORD PTR[8+rdi],r13 - mov QWORD PTR[16+rdi],r14 - mov QWORD PTR[24+rdi],r15 - lea rdi,QWORD PTR[32+rdi] +$L$sqr4x_sub: +DB 0x66 + mov r12,QWORD[rbx] + mov r13,QWORD[8+rbx] + sbb r12,QWORD[rbp] + mov r14,QWORD[16+rbx] + sbb r13,QWORD[16+rbp] + mov r15,QWORD[24+rbx] + lea rbx,[32+rbx] + sbb r14,QWORD[32+rbp] + mov QWORD[rdi],r12 + sbb r15,QWORD[48+rbp] + lea rbp,[64+rbp] + mov QWORD[8+rdi],r13 + mov QWORD[16+rdi],r14 + mov QWORD[24+rdi],r15 + lea rdi,[32+rdi] inc rcx - jnz $L$sqr4x_sub + jnz NEAR $L$sqr4x_sub mov r10,r9 neg r9 DB 0F3h,0C3h ;repret -bn_sqr8x_internal ENDP -PUBLIC bn_from_montgomery + +global bn_from_montgomery ALIGN 32 -bn_from_montgomery PROC PUBLIC - test DWORD PTR[48+rsp],7 - jz bn_from_mont8x +bn_from_montgomery: + test DWORD[48+rsp],7 + jz NEAR bn_from_mont8x xor eax,eax DB 0F3h,0C3h ;repret -bn_from_montgomery ENDP + ALIGN 32 -bn_from_mont8x PROC PRIVATE - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +bn_from_mont8x: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_bn_from_mont8x:: +$L$SEH_begin_bn_from_mont8x: mov rdi,rcx mov rsi,rdx mov rdx,r8 mov rcx,r9 - mov r8,QWORD PTR[40+rsp] - mov r9,QWORD PTR[48+rsp] + mov r8,QWORD[40+rsp] + mov r9,QWORD[48+rsp] -DB 067h +DB 0x67 mov rax,rsp push rbx push rbp @@ -1717,15 +1718,15 @@ DB 067h push r13 push r14 push r15 - lea rsp,QWORD PTR[((-40))+rsp] - movaps XMMWORD PTR[rsp],xmm6 - movaps XMMWORD PTR[16+rsp],xmm7 -DB 067h + lea rsp,[((-40))+rsp] + movaps XMMWORD[rsp],xmm6 + movaps XMMWORD[16+rsp],xmm7 +DB 0x67 mov r10d,r9d shl r9d,3 shl r10d,3+2 neg r9 - mov r8,QWORD PTR[r8] + mov r8,QWORD[r8] @@ -1733,24 +1734,24 @@ DB 067h - lea r11,QWORD PTR[((-64))+r9*2+rsp] + lea r11,[((-64))+r9*2+rsp] sub r11,rsi and r11,4095 cmp r10,r11 - jb $L$from_sp_alt + jb NEAR $L$from_sp_alt sub rsp,r11 - lea rsp,QWORD PTR[((-64))+r9*2+rsp] - jmp $L$from_sp_done + lea rsp,[((-64))+r9*2+rsp] + jmp NEAR $L$from_sp_done ALIGN 32 -$L$from_sp_alt:: - lea r10,QWORD PTR[((4096-64))+r9*2] - lea rsp,QWORD PTR[((-64))+r9*2+rsp] +$L$from_sp_alt: + lea r10,[((4096-64))+r9*2] + lea rsp,[((-64))+r9*2+rsp] sub r11,r10 mov r10,0 cmovc r11,r10 sub rsp,r11 -$L$from_sp_done:: +$L$from_sp_done: and rsp,-64 mov r10,r9 neg r9 @@ -1764,136 +1765,135 @@ $L$from_sp_done:: - mov QWORD PTR[32+rsp],r8 - mov QWORD PTR[40+rsp],rax -$L$from_body:: + mov QWORD[32+rsp],r8 + mov QWORD[40+rsp],rax +$L$from_body: mov r11,r9 - lea rax,QWORD PTR[48+rsp] + lea rax,[48+rsp] pxor xmm0,xmm0 - jmp $L$mul_by_1 + jmp NEAR $L$mul_by_1 ALIGN 32 -$L$mul_by_1:: - movdqu xmm1,XMMWORD PTR[rsi] - movdqu xmm2,XMMWORD PTR[16+rsi] - movdqu xmm3,XMMWORD PTR[32+rsi] - movdqa XMMWORD PTR[r9*1+rax],xmm0 - movdqu xmm4,XMMWORD PTR[48+rsi] - movdqa XMMWORD PTR[16+r9*1+rax],xmm0 -DB 048h,08dh,0b6h,040h,000h,000h,000h - movdqa XMMWORD PTR[rax],xmm1 - movdqa XMMWORD PTR[32+r9*1+rax],xmm0 - movdqa XMMWORD PTR[16+rax],xmm2 - movdqa XMMWORD PTR[48+r9*1+rax],xmm0 - movdqa XMMWORD PTR[32+rax],xmm3 - movdqa XMMWORD PTR[48+rax],xmm4 - lea rax,QWORD PTR[64+rax] +$L$mul_by_1: + movdqu xmm1,XMMWORD[rsi] + movdqu xmm2,XMMWORD[16+rsi] + movdqu xmm3,XMMWORD[32+rsi] + movdqa XMMWORD[r9*1+rax],xmm0 + movdqu xmm4,XMMWORD[48+rsi] + movdqa XMMWORD[16+r9*1+rax],xmm0 +DB 0x48,0x8d,0xb6,0x40,0x00,0x00,0x00 + movdqa XMMWORD[rax],xmm1 + movdqa XMMWORD[32+r9*1+rax],xmm0 + movdqa XMMWORD[16+rax],xmm2 + movdqa XMMWORD[48+r9*1+rax],xmm0 + movdqa XMMWORD[32+rax],xmm3 + movdqa XMMWORD[48+rax],xmm4 + lea rax,[64+rax] sub r11,64 - jnz $L$mul_by_1 + jnz NEAR $L$mul_by_1 DB 102,72,15,110,207 DB 102,72,15,110,209 -DB 067h +DB 0x67 mov rbp,rcx DB 102,73,15,110,218 call sqr8x_reduction pxor xmm0,xmm0 - lea rax,QWORD PTR[48+rsp] - mov rsi,QWORD PTR[40+rsp] - jmp $L$from_mont_zero + lea rax,[48+rsp] + mov rsi,QWORD[40+rsp] + jmp NEAR $L$from_mont_zero ALIGN 32 -$L$from_mont_zero:: - movdqa XMMWORD PTR[rax],xmm0 - movdqa XMMWORD PTR[16+rax],xmm0 - movdqa XMMWORD PTR[32+rax],xmm0 - movdqa XMMWORD PTR[48+rax],xmm0 - lea rax,QWORD PTR[64+rax] +$L$from_mont_zero: + movdqa XMMWORD[rax],xmm0 + movdqa XMMWORD[16+rax],xmm0 + movdqa XMMWORD[32+rax],xmm0 + movdqa XMMWORD[48+rax],xmm0 + lea rax,[64+rax] sub r9,32 - jnz $L$from_mont_zero + jnz NEAR $L$from_mont_zero mov rax,1 - mov r15,QWORD PTR[((-48))+rsi] - mov r14,QWORD PTR[((-40))+rsi] - mov r13,QWORD PTR[((-32))+rsi] - mov r12,QWORD PTR[((-24))+rsi] - mov rbp,QWORD PTR[((-16))+rsi] - mov rbx,QWORD PTR[((-8))+rsi] - lea rsp,QWORD PTR[rsi] -$L$from_epilogue:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] + mov r15,QWORD[((-48))+rsi] + mov r14,QWORD[((-40))+rsi] + mov r13,QWORD[((-32))+rsi] + mov r12,QWORD[((-24))+rsi] + mov rbp,QWORD[((-16))+rsi] + mov rbx,QWORD[((-8))+rsi] + lea rsp,[rsi] +$L$from_epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_bn_from_mont8x:: -bn_from_mont8x ENDP -PUBLIC bn_scatter5 +$L$SEH_end_bn_from_mont8x: +global bn_scatter5 ALIGN 16 -bn_scatter5 PROC PUBLIC +bn_scatter5: cmp edx,0 - jz $L$scatter_epilogue - lea r8,QWORD PTR[r9*8+r8] -$L$scatter:: - mov rax,QWORD PTR[rcx] - lea rcx,QWORD PTR[8+rcx] - mov QWORD PTR[r8],rax - lea r8,QWORD PTR[256+r8] + jz NEAR $L$scatter_epilogue + lea r8,[r9*8+r8] +$L$scatter: + mov rax,QWORD[rcx] + lea rcx,[8+rcx] + mov QWORD[r8],rax + lea r8,[256+r8] sub edx,1 - jnz $L$scatter -$L$scatter_epilogue:: + jnz NEAR $L$scatter +$L$scatter_epilogue: DB 0F3h,0C3h ;repret -bn_scatter5 ENDP -PUBLIC bn_gather5 + +global bn_gather5 ALIGN 16 -bn_gather5 PROC PUBLIC -$L$SEH_begin_bn_gather5:: +bn_gather5: +$L$SEH_begin_bn_gather5: -DB 048h,083h,0ech,028h -DB 00fh,029h,034h,024h -DB 00fh,029h,07ch,024h,010h +DB 0x48,0x83,0xec,0x28 +DB 0x0f,0x29,0x34,0x24 +DB 0x0f,0x29,0x7c,0x24,0x10 mov r11d,r9d shr r9d,3 and r11,7 not r9d - lea rax,QWORD PTR[$L$magic_masks] + lea rax,[$L$magic_masks] and r9d,3 - lea r8,QWORD PTR[128+r11*8+r8] - movq xmm4,QWORD PTR[r9*8+rax] - movq xmm5,QWORD PTR[8+r9*8+rax] - movq xmm6,QWORD PTR[16+r9*8+rax] - movq xmm7,QWORD PTR[24+r9*8+rax] - jmp $L$gather + lea r8,[128+r11*8+r8] + movq xmm4,QWORD[r9*8+rax] + movq xmm5,QWORD[8+r9*8+rax] + movq xmm6,QWORD[16+r9*8+rax] + movq xmm7,QWORD[24+r9*8+rax] + jmp NEAR $L$gather ALIGN 16 -$L$gather:: - movq xmm0,QWORD PTR[(((-128)))+r8] - movq xmm1,QWORD PTR[((-64))+r8] +$L$gather: + movq xmm0,QWORD[(((-128)))+r8] + movq xmm1,QWORD[((-64))+r8] pand xmm0,xmm4 - movq xmm2,QWORD PTR[r8] + movq xmm2,QWORD[r8] pand xmm1,xmm5 - movq xmm3,QWORD PTR[64+r8] + movq xmm3,QWORD[64+r8] pand xmm2,xmm6 por xmm0,xmm1 pand xmm3,xmm7 -DB 067h,067h +DB 0x67,0x67 por xmm0,xmm2 - lea r8,QWORD PTR[256+r8] + lea r8,[256+r8] por xmm0,xmm3 - movq QWORD PTR[rcx],xmm0 - lea rcx,QWORD PTR[8+rcx] + movq QWORD[rcx],xmm0 + lea rcx,[8+rcx] sub edx,1 - jnz $L$gather - movaps xmm6,XMMWORD PTR[rsp] - movaps xmm7,XMMWORD PTR[16+rsp] - lea rsp,QWORD PTR[40+rsp] + jnz NEAR $L$gather + movaps xmm6,XMMWORD[rsp] + movaps xmm7,XMMWORD[16+rsp] + lea rsp,[40+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_bn_gather5:: -bn_gather5 ENDP +$L$SEH_end_bn_gather5: + ALIGN 64 -$L$magic_masks:: +$L$magic_masks: DD 0,0,0,0,0,0,-1,-1 DD 0,0,0,0,0,0,0,0 DB 77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105 @@ -1902,10 +1902,10 @@ DB 99,97,116,116,101,114,47,103,97,116,104,101,114,32,102,111 DB 114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79 DB 71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111 DB 112,101,110,115,115,108,46,111,114,103,62,0 -EXTERN __imp_RtlVirtualUnwind:NEAR +EXTERN __imp_RtlVirtualUnwind ALIGN 16 -mul_handler PROC PRIVATE +mul_handler: push rsi push rdi push rbx @@ -1917,79 +1917,79 @@ mul_handler PROC PRIVATE pushfq sub rsp,64 - mov rax,QWORD PTR[120+r8] - mov rbx,QWORD PTR[248+r8] + mov rax,QWORD[120+r8] + mov rbx,QWORD[248+r8] - mov rsi,QWORD PTR[8+r9] - mov r11,QWORD PTR[56+r9] + mov rsi,QWORD[8+r9] + mov r11,QWORD[56+r9] - mov r10d,DWORD PTR[r11] - lea r10,QWORD PTR[r10*1+rsi] + mov r10d,DWORD[r11] + lea r10,[r10*1+rsi] cmp rbx,r10 - jb $L$common_seh_tail + jb NEAR $L$common_seh_tail - mov rax,QWORD PTR[152+r8] + mov rax,QWORD[152+r8] - mov r10d,DWORD PTR[4+r11] - lea r10,QWORD PTR[r10*1+rsi] + mov r10d,DWORD[4+r11] + lea r10,[r10*1+rsi] cmp rbx,r10 - jae $L$common_seh_tail + jae NEAR $L$common_seh_tail - lea r10,QWORD PTR[$L$mul_epilogue] + lea r10,[$L$mul_epilogue] cmp rbx,r10 - jb $L$body_40 - - mov r10,QWORD PTR[192+r8] - mov rax,QWORD PTR[8+r10*8+rax] - jmp $L$body_proceed - -$L$body_40:: - mov rax,QWORD PTR[40+rax] -$L$body_proceed:: - - movaps xmm0,XMMWORD PTR[((-88))+rax] - movaps xmm1,XMMWORD PTR[((-72))+rax] - - mov rbx,QWORD PTR[((-8))+rax] - mov rbp,QWORD PTR[((-16))+rax] - mov r12,QWORD PTR[((-24))+rax] - mov r13,QWORD PTR[((-32))+rax] - mov r14,QWORD PTR[((-40))+rax] - mov r15,QWORD PTR[((-48))+rax] - mov QWORD PTR[144+r8],rbx - mov QWORD PTR[160+r8],rbp - mov QWORD PTR[216+r8],r12 - mov QWORD PTR[224+r8],r13 - mov QWORD PTR[232+r8],r14 - mov QWORD PTR[240+r8],r15 - movups XMMWORD PTR[512+r8],xmm0 - movups XMMWORD PTR[528+r8],xmm1 - -$L$common_seh_tail:: - mov rdi,QWORD PTR[8+rax] - mov rsi,QWORD PTR[16+rax] - mov QWORD PTR[152+r8],rax - mov QWORD PTR[168+r8],rsi - mov QWORD PTR[176+r8],rdi - - mov rdi,QWORD PTR[40+r9] + jb NEAR $L$body_40 + + mov r10,QWORD[192+r8] + mov rax,QWORD[8+r10*8+rax] + jmp NEAR $L$body_proceed + +$L$body_40: + mov rax,QWORD[40+rax] +$L$body_proceed: + + movaps xmm0,XMMWORD[((-88))+rax] + movaps xmm1,XMMWORD[((-72))+rax] + + mov rbx,QWORD[((-8))+rax] + mov rbp,QWORD[((-16))+rax] + mov r12,QWORD[((-24))+rax] + mov r13,QWORD[((-32))+rax] + mov r14,QWORD[((-40))+rax] + mov r15,QWORD[((-48))+rax] + mov QWORD[144+r8],rbx + mov QWORD[160+r8],rbp + mov QWORD[216+r8],r12 + mov QWORD[224+r8],r13 + mov QWORD[232+r8],r14 + mov QWORD[240+r8],r15 + movups XMMWORD[512+r8],xmm0 + movups XMMWORD[528+r8],xmm1 + +$L$common_seh_tail: + mov rdi,QWORD[8+rax] + mov rsi,QWORD[16+rax] + mov QWORD[152+r8],rax + mov QWORD[168+r8],rsi + mov QWORD[176+r8],rdi + + mov rdi,QWORD[40+r9] mov rsi,r8 mov ecx,154 - DD 0a548f3fch + DD 0xa548f3fc mov rsi,r9 xor rcx,rcx - mov rdx,QWORD PTR[8+rsi] - mov r8,QWORD PTR[rsi] - mov r9,QWORD PTR[16+rsi] - mov r10,QWORD PTR[40+rsi] - lea r11,QWORD PTR[56+rsi] - lea r12,QWORD PTR[24+rsi] - mov QWORD PTR[32+rsp],r10 - mov QWORD PTR[40+rsp],r11 - mov QWORD PTR[48+rsp],r12 - mov QWORD PTR[56+rsp],rcx - call QWORD PTR[__imp_RtlVirtualUnwind] + mov rdx,QWORD[8+rsi] + mov r8,QWORD[rsi] + mov r9,QWORD[16+rsi] + mov r10,QWORD[40+rsi] + lea r11,[56+rsi] + lea r12,[24+rsi] + mov QWORD[32+rsp],r10 + mov QWORD[40+rsp],r11 + mov QWORD[48+rsp],r12 + mov QWORD[56+rsp],rcx + call QWORD[__imp_RtlVirtualUnwind] mov eax,1 add rsp,64 @@ -2003,59 +2003,54 @@ $L$common_seh_tail:: pop rdi pop rsi DB 0F3h,0C3h ;repret -mul_handler ENDP -.text$ ENDS -.pdata SEGMENT READONLY ALIGN(4) + +section .pdata rdata align=4 ALIGN 4 - DD imagerel $L$SEH_begin_bn_mul_mont_gather5 - DD imagerel $L$SEH_end_bn_mul_mont_gather5 - DD imagerel $L$SEH_info_bn_mul_mont_gather5 - - DD imagerel $L$SEH_begin_bn_mul4x_mont_gather5 - DD imagerel $L$SEH_end_bn_mul4x_mont_gather5 - DD imagerel $L$SEH_info_bn_mul4x_mont_gather5 - - DD imagerel $L$SEH_begin_bn_power5 - DD imagerel $L$SEH_end_bn_power5 - DD imagerel $L$SEH_info_bn_power5 - - DD imagerel $L$SEH_begin_bn_from_mont8x - DD imagerel $L$SEH_end_bn_from_mont8x - DD imagerel $L$SEH_info_bn_from_mont8x - DD imagerel $L$SEH_begin_bn_gather5 - DD imagerel $L$SEH_end_bn_gather5 - DD imagerel $L$SEH_info_bn_gather5 - -.pdata ENDS -.xdata SEGMENT READONLY ALIGN(8) + DD $L$SEH_begin_bn_mul_mont_gather5 wrt ..imagebase + DD $L$SEH_end_bn_mul_mont_gather5 wrt ..imagebase + DD $L$SEH_info_bn_mul_mont_gather5 wrt ..imagebase + + DD $L$SEH_begin_bn_mul4x_mont_gather5 wrt ..imagebase + DD $L$SEH_end_bn_mul4x_mont_gather5 wrt ..imagebase + DD $L$SEH_info_bn_mul4x_mont_gather5 wrt ..imagebase + + DD $L$SEH_begin_bn_power5 wrt ..imagebase + DD $L$SEH_end_bn_power5 wrt ..imagebase + DD $L$SEH_info_bn_power5 wrt ..imagebase + + DD $L$SEH_begin_bn_from_mont8x wrt ..imagebase + DD $L$SEH_end_bn_from_mont8x wrt ..imagebase + DD $L$SEH_info_bn_from_mont8x wrt ..imagebase + DD $L$SEH_begin_bn_gather5 wrt ..imagebase + DD $L$SEH_end_bn_gather5 wrt ..imagebase + DD $L$SEH_info_bn_gather5 wrt ..imagebase + +section .xdata rdata align=8 ALIGN 8 -$L$SEH_info_bn_mul_mont_gather5:: +$L$SEH_info_bn_mul_mont_gather5: DB 9,0,0,0 - DD imagerel mul_handler - DD imagerel $L$mul_body,imagerel $L$mul_epilogue + DD mul_handler wrt ..imagebase + DD $L$mul_body wrt ..imagebase,$L$mul_epilogue wrt ..imagebase ALIGN 8 -$L$SEH_info_bn_mul4x_mont_gather5:: +$L$SEH_info_bn_mul4x_mont_gather5: DB 9,0,0,0 - DD imagerel mul_handler - DD imagerel $L$mul4x_body,imagerel $L$mul4x_epilogue + DD mul_handler wrt ..imagebase + DD $L$mul4x_body wrt ..imagebase,$L$mul4x_epilogue wrt ..imagebase ALIGN 8 -$L$SEH_info_bn_power5:: +$L$SEH_info_bn_power5: DB 9,0,0,0 - DD imagerel mul_handler - DD imagerel $L$power5_body,imagerel $L$power5_epilogue + DD mul_handler wrt ..imagebase + DD $L$power5_body wrt ..imagebase,$L$power5_epilogue wrt ..imagebase ALIGN 8 -$L$SEH_info_bn_from_mont8x:: +$L$SEH_info_bn_from_mont8x: DB 9,0,0,0 - DD imagerel mul_handler - DD imagerel $L$from_body,imagerel $L$from_epilogue + DD mul_handler wrt ..imagebase + DD $L$from_body wrt ..imagebase,$L$from_epilogue wrt ..imagebase ALIGN 8 -$L$SEH_info_bn_gather5:: -DB 001h,00dh,005h,000h -DB 00dh,078h,001h,000h -DB 008h,068h,000h,000h -DB 004h,042h,000h,000h +$L$SEH_info_bn_gather5: +DB 0x01,0x0d,0x05,0x00 +DB 0x0d,0x78,0x01,0x00 +DB 0x08,0x68,0x00,0x00 +DB 0x04,0x42,0x00,0x00 ALIGN 8 - -.xdata ENDS -END diff --git a/win-x86_64/crypto/cpu-x86_64-asm.asm b/win-x86_64/crypto/cpu-x86_64-asm.asm index dca66f5..c92d7bb 100644 --- a/win-x86_64/crypto/cpu-x86_64-asm.asm +++ b/win-x86_64/crypto/cpu-x86_64-asm.asm @@ -1,14 +1,18 @@ -OPTION DOTNAME -.text$ SEGMENT ALIGN(256) 'CODE' +default rel +%define XMMWORD +%define YMMWORD +%define ZMMWORD +section .text code align=64 -PUBLIC OPENSSL_ia32_cpuid + +global OPENSSL_ia32_cpuid ALIGN 16 -OPENSSL_ia32_cpuid PROC PUBLIC - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +OPENSSL_ia32_cpuid: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_OPENSSL_ia32_cpuid:: +$L$SEH_begin_OPENSSL_ia32_cpuid: mov rdi,rcx @@ -18,54 +22,54 @@ $L$SEH_begin_OPENSSL_ia32_cpuid:: mov r8,rbx xor eax,eax - mov DWORD PTR[8+rdi],eax + mov DWORD[8+rdi],eax cpuid mov r11d,eax xor eax,eax - cmp ebx,0756e6547h + cmp ebx,0x756e6547 setne al mov r9d,eax - cmp edx,049656e69h + cmp edx,0x49656e69 setne al or r9d,eax - cmp ecx,06c65746eh + cmp ecx,0x6c65746e setne al or r9d,eax - jz $L$intel + jz NEAR $L$intel - cmp ebx,068747541h + cmp ebx,0x68747541 setne al mov r10d,eax - cmp edx,069746E65h + cmp edx,0x69746E65 setne al or r10d,eax - cmp ecx,0444D4163h + cmp ecx,0x444D4163 setne al or r10d,eax - jnz $L$intel + jnz NEAR $L$intel - mov eax,080000000h + mov eax,0x80000000 cpuid - cmp eax,080000001h - jb $L$intel + cmp eax,0x80000001 + jb NEAR $L$intel mov r10d,eax - mov eax,080000001h + mov eax,0x80000001 cpuid or r9d,ecx - and r9d,000000801h + and r9d,0x00000801 - cmp r10d,080000008h - jb $L$intel + cmp r10d,0x80000008 + jb NEAR $L$intel - mov eax,080000008h + mov eax,0x80000008 cpuid movzx r10,cl @@ -75,84 +79,76 @@ $L$SEH_begin_OPENSSL_ia32_cpuid:: cpuid bt edx,28 - jnc $L$generic + jnc NEAR $L$generic shr ebx,16 cmp bl,r10b - ja $L$generic - and edx,0efffffffh - jmp $L$generic + ja NEAR $L$generic + and edx,0xefffffff + jmp NEAR $L$generic -$L$intel:: +$L$intel: cmp r11d,4 mov r10d,-1 - jb $L$nocacheinfo + jb NEAR $L$nocacheinfo mov eax,4 mov ecx,0 cpuid mov r10d,eax shr r10d,14 - and r10d,0fffh + and r10d,0xfff cmp r11d,7 - jb $L$nocacheinfo + jb NEAR $L$nocacheinfo mov eax,7 xor ecx,ecx cpuid - mov DWORD PTR[8+rdi],ebx + mov DWORD[8+rdi],ebx -$L$nocacheinfo:: +$L$nocacheinfo: mov eax,1 cpuid - and edx,0bfefffffh + and edx,0xbfefffff cmp r9d,0 - jne $L$notintel - or edx,040000000h - and ah,15 - cmp ah,15 - jne $L$notintel - or edx,000100000h -$L$notintel:: + jne NEAR $L$notintel + or edx,0x40000000 +$L$notintel: bt edx,28 - jnc $L$generic - and edx,0efffffffh + jnc NEAR $L$generic + and edx,0xefffffff cmp r10d,0 - je $L$generic + je NEAR $L$generic - or edx,010000000h + or edx,0x10000000 shr ebx,16 cmp bl,1 - ja $L$generic - and edx,0efffffffh -$L$generic:: - and r9d,000000800h - and ecx,0fffff7ffh + ja NEAR $L$generic + and edx,0xefffffff +$L$generic: + and r9d,0x00000800 + and ecx,0xfffff7ff or r9d,ecx mov r10d,edx bt r9d,27 - jnc $L$clear_avx + jnc NEAR $L$clear_avx xor ecx,ecx -DB 00fh,001h,0d0h +DB 0x0f,0x01,0xd0 and eax,6 cmp eax,6 - je $L$done -$L$clear_avx:: - mov eax,0efffe7ffh + je NEAR $L$done +$L$clear_avx: + mov eax,0xefffe7ff and r9d,eax - and DWORD PTR[8+rdi],0ffffffdfh -$L$done:: - mov DWORD PTR[4+rdi],r9d - mov DWORD PTR[rdi],r10d + and DWORD[8+rdi],0xffffffdf +$L$done: + mov DWORD[4+rdi],r9d + mov DWORD[rdi],r10d mov rbx,r8 - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_OPENSSL_ia32_cpuid:: -OPENSSL_ia32_cpuid ENDP - +$L$SEH_end_OPENSSL_ia32_cpuid: -.text$ ENDS -END diff --git a/win-x86_64/crypto/md5/md5-x86_64.asm b/win-x86_64/crypto/md5/md5-x86_64.asm index d2faa88..0e9d2c6 100644 --- a/win-x86_64/crypto/md5/md5-x86_64.asm +++ b/win-x86_64/crypto/md5/md5-x86_64.asm @@ -1,14 +1,18 @@ -OPTION DOTNAME -.text$ SEGMENT ALIGN(256) 'CODE' +default rel +%define XMMWORD +%define YMMWORD +%define ZMMWORD +section .text code align=64 + ALIGN 16 -PUBLIC md5_block_asm_data_order +global md5_block_asm_data_order -md5_block_asm_data_order PROC PUBLIC - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +md5_block_asm_data_order: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_md5_block_asm_data_order:: +$L$SEH_begin_md5_block_asm_data_order: mov rdi,rcx mov rsi,rdx mov rdx,r8 @@ -19,18 +23,18 @@ $L$SEH_begin_md5_block_asm_data_order:: push r12 push r14 push r15 -$L$prologue:: +$L$prologue: mov rbp,rdi shl rdx,6 - lea rdi,QWORD PTR[rdx*1+rsi] - mov eax,DWORD PTR[rbp] - mov ebx,DWORD PTR[4+rbp] - mov ecx,DWORD PTR[8+rbp] - mov edx,DWORD PTR[12+rbp] + lea rdi,[rdx*1+rsi] + mov eax,DWORD[rbp] + mov ebx,DWORD[4+rbp] + mov ecx,DWORD[8+rbp] + mov edx,DWORD[12+rbp] @@ -39,168 +43,168 @@ $L$prologue:: cmp rsi,rdi - je $L$end + je NEAR $L$end -$L$loop:: +$L$loop: mov r8d,eax mov r9d,ebx mov r14d,ecx mov r15d,edx - mov r10d,DWORD PTR[rsi] + mov r10d,DWORD[rsi] mov r11d,edx xor r11d,ecx - lea eax,DWORD PTR[((-680876936))+r10*1+rax] + lea eax,[((-680876936))+r10*1+rax] and r11d,ebx xor r11d,edx - mov r10d,DWORD PTR[4+rsi] + mov r10d,DWORD[4+rsi] add eax,r11d rol eax,7 mov r11d,ecx add eax,ebx xor r11d,ebx - lea edx,DWORD PTR[((-389564586))+r10*1+rdx] + lea edx,[((-389564586))+r10*1+rdx] and r11d,eax xor r11d,ecx - mov r10d,DWORD PTR[8+rsi] + mov r10d,DWORD[8+rsi] add edx,r11d rol edx,12 mov r11d,ebx add edx,eax xor r11d,eax - lea ecx,DWORD PTR[606105819+r10*1+rcx] + lea ecx,[606105819+r10*1+rcx] and r11d,edx xor r11d,ebx - mov r10d,DWORD PTR[12+rsi] + mov r10d,DWORD[12+rsi] add ecx,r11d rol ecx,17 mov r11d,eax add ecx,edx xor r11d,edx - lea ebx,DWORD PTR[((-1044525330))+r10*1+rbx] + lea ebx,[((-1044525330))+r10*1+rbx] and r11d,ecx xor r11d,eax - mov r10d,DWORD PTR[16+rsi] + mov r10d,DWORD[16+rsi] add ebx,r11d rol ebx,22 mov r11d,edx add ebx,ecx xor r11d,ecx - lea eax,DWORD PTR[((-176418897))+r10*1+rax] + lea eax,[((-176418897))+r10*1+rax] and r11d,ebx xor r11d,edx - mov r10d,DWORD PTR[20+rsi] + mov r10d,DWORD[20+rsi] add eax,r11d rol eax,7 mov r11d,ecx add eax,ebx xor r11d,ebx - lea edx,DWORD PTR[1200080426+r10*1+rdx] + lea edx,[1200080426+r10*1+rdx] and r11d,eax xor r11d,ecx - mov r10d,DWORD PTR[24+rsi] + mov r10d,DWORD[24+rsi] add edx,r11d rol edx,12 mov r11d,ebx add edx,eax xor r11d,eax - lea ecx,DWORD PTR[((-1473231341))+r10*1+rcx] + lea ecx,[((-1473231341))+r10*1+rcx] and r11d,edx xor r11d,ebx - mov r10d,DWORD PTR[28+rsi] + mov r10d,DWORD[28+rsi] add ecx,r11d rol ecx,17 mov r11d,eax add ecx,edx xor r11d,edx - lea ebx,DWORD PTR[((-45705983))+r10*1+rbx] + lea ebx,[((-45705983))+r10*1+rbx] and r11d,ecx xor r11d,eax - mov r10d,DWORD PTR[32+rsi] + mov r10d,DWORD[32+rsi] add ebx,r11d rol ebx,22 mov r11d,edx add ebx,ecx xor r11d,ecx - lea eax,DWORD PTR[1770035416+r10*1+rax] + lea eax,[1770035416+r10*1+rax] and r11d,ebx xor r11d,edx - mov r10d,DWORD PTR[36+rsi] + mov r10d,DWORD[36+rsi] add eax,r11d rol eax,7 mov r11d,ecx add eax,ebx xor r11d,ebx - lea edx,DWORD PTR[((-1958414417))+r10*1+rdx] + lea edx,[((-1958414417))+r10*1+rdx] and r11d,eax xor r11d,ecx - mov r10d,DWORD PTR[40+rsi] + mov r10d,DWORD[40+rsi] add edx,r11d rol edx,12 mov r11d,ebx add edx,eax xor r11d,eax - lea ecx,DWORD PTR[((-42063))+r10*1+rcx] + lea ecx,[((-42063))+r10*1+rcx] and r11d,edx xor r11d,ebx - mov r10d,DWORD PTR[44+rsi] + mov r10d,DWORD[44+rsi] add ecx,r11d rol ecx,17 mov r11d,eax add ecx,edx xor r11d,edx - lea ebx,DWORD PTR[((-1990404162))+r10*1+rbx] + lea ebx,[((-1990404162))+r10*1+rbx] and r11d,ecx xor r11d,eax - mov r10d,DWORD PTR[48+rsi] + mov r10d,DWORD[48+rsi] add ebx,r11d rol ebx,22 mov r11d,edx add ebx,ecx xor r11d,ecx - lea eax,DWORD PTR[1804603682+r10*1+rax] + lea eax,[1804603682+r10*1+rax] and r11d,ebx xor r11d,edx - mov r10d,DWORD PTR[52+rsi] + mov r10d,DWORD[52+rsi] add eax,r11d rol eax,7 mov r11d,ecx add eax,ebx xor r11d,ebx - lea edx,DWORD PTR[((-40341101))+r10*1+rdx] + lea edx,[((-40341101))+r10*1+rdx] and r11d,eax xor r11d,ecx - mov r10d,DWORD PTR[56+rsi] + mov r10d,DWORD[56+rsi] add edx,r11d rol edx,12 mov r11d,ebx add edx,eax xor r11d,eax - lea ecx,DWORD PTR[((-1502002290))+r10*1+rcx] + lea ecx,[((-1502002290))+r10*1+rcx] and r11d,edx xor r11d,ebx - mov r10d,DWORD PTR[60+rsi] + mov r10d,DWORD[60+rsi] add ecx,r11d rol ecx,17 mov r11d,eax add ecx,edx xor r11d,edx - lea ebx,DWORD PTR[1236535329+r10*1+rbx] + lea ebx,[1236535329+r10*1+rbx] and r11d,ecx xor r11d,eax - mov r10d,DWORD PTR[rsi] + mov r10d,DWORD[rsi] add ebx,r11d rol ebx,22 mov r11d,edx add ebx,ecx - mov r10d,DWORD PTR[4+rsi] + mov r10d,DWORD[4+rsi] mov r11d,edx mov r12d,edx not r11d - lea eax,DWORD PTR[((-165796510))+r10*1+rax] + lea eax,[((-165796510))+r10*1+rax] and r12d,ebx and r11d,ecx - mov r10d,DWORD PTR[24+rsi] + mov r10d,DWORD[24+rsi] or r12d,r11d mov r11d,ecx add eax,r12d @@ -208,10 +212,10 @@ $L$loop:: rol eax,5 add eax,ebx not r11d - lea edx,DWORD PTR[((-1069501632))+r10*1+rdx] + lea edx,[((-1069501632))+r10*1+rdx] and r12d,eax and r11d,ebx - mov r10d,DWORD PTR[44+rsi] + mov r10d,DWORD[44+rsi] or r12d,r11d mov r11d,ebx add edx,r12d @@ -219,10 +223,10 @@ $L$loop:: rol edx,9 add edx,eax not r11d - lea ecx,DWORD PTR[643717713+r10*1+rcx] + lea ecx,[643717713+r10*1+rcx] and r12d,edx and r11d,eax - mov r10d,DWORD PTR[rsi] + mov r10d,DWORD[rsi] or r12d,r11d mov r11d,eax add ecx,r12d @@ -230,10 +234,10 @@ $L$loop:: rol ecx,14 add ecx,edx not r11d - lea ebx,DWORD PTR[((-373897302))+r10*1+rbx] + lea ebx,[((-373897302))+r10*1+rbx] and r12d,ecx and r11d,edx - mov r10d,DWORD PTR[20+rsi] + mov r10d,DWORD[20+rsi] or r12d,r11d mov r11d,edx add ebx,r12d @@ -241,10 +245,10 @@ $L$loop:: rol ebx,20 add ebx,ecx not r11d - lea eax,DWORD PTR[((-701558691))+r10*1+rax] + lea eax,[((-701558691))+r10*1+rax] and r12d,ebx and r11d,ecx - mov r10d,DWORD PTR[40+rsi] + mov r10d,DWORD[40+rsi] or r12d,r11d mov r11d,ecx add eax,r12d @@ -252,10 +256,10 @@ $L$loop:: rol eax,5 add eax,ebx not r11d - lea edx,DWORD PTR[38016083+r10*1+rdx] + lea edx,[38016083+r10*1+rdx] and r12d,eax and r11d,ebx - mov r10d,DWORD PTR[60+rsi] + mov r10d,DWORD[60+rsi] or r12d,r11d mov r11d,ebx add edx,r12d @@ -263,10 +267,10 @@ $L$loop:: rol edx,9 add edx,eax not r11d - lea ecx,DWORD PTR[((-660478335))+r10*1+rcx] + lea ecx,[((-660478335))+r10*1+rcx] and r12d,edx and r11d,eax - mov r10d,DWORD PTR[16+rsi] + mov r10d,DWORD[16+rsi] or r12d,r11d mov r11d,eax add ecx,r12d @@ -274,10 +278,10 @@ $L$loop:: rol ecx,14 add ecx,edx not r11d - lea ebx,DWORD PTR[((-405537848))+r10*1+rbx] + lea ebx,[((-405537848))+r10*1+rbx] and r12d,ecx and r11d,edx - mov r10d,DWORD PTR[36+rsi] + mov r10d,DWORD[36+rsi] or r12d,r11d mov r11d,edx add ebx,r12d @@ -285,10 +289,10 @@ $L$loop:: rol ebx,20 add ebx,ecx not r11d - lea eax,DWORD PTR[568446438+r10*1+rax] + lea eax,[568446438+r10*1+rax] and r12d,ebx and r11d,ecx - mov r10d,DWORD PTR[56+rsi] + mov r10d,DWORD[56+rsi] or r12d,r11d mov r11d,ecx add eax,r12d @@ -296,10 +300,10 @@ $L$loop:: rol eax,5 add eax,ebx not r11d - lea edx,DWORD PTR[((-1019803690))+r10*1+rdx] + lea edx,[((-1019803690))+r10*1+rdx] and r12d,eax and r11d,ebx - mov r10d,DWORD PTR[12+rsi] + mov r10d,DWORD[12+rsi] or r12d,r11d mov r11d,ebx add edx,r12d @@ -307,10 +311,10 @@ $L$loop:: rol edx,9 add edx,eax not r11d - lea ecx,DWORD PTR[((-187363961))+r10*1+rcx] + lea ecx,[((-187363961))+r10*1+rcx] and r12d,edx and r11d,eax - mov r10d,DWORD PTR[32+rsi] + mov r10d,DWORD[32+rsi] or r12d,r11d mov r11d,eax add ecx,r12d @@ -318,10 +322,10 @@ $L$loop:: rol ecx,14 add ecx,edx not r11d - lea ebx,DWORD PTR[1163531501+r10*1+rbx] + lea ebx,[1163531501+r10*1+rbx] and r12d,ecx and r11d,edx - mov r10d,DWORD PTR[52+rsi] + mov r10d,DWORD[52+rsi] or r12d,r11d mov r11d,edx add ebx,r12d @@ -329,10 +333,10 @@ $L$loop:: rol ebx,20 add ebx,ecx not r11d - lea eax,DWORD PTR[((-1444681467))+r10*1+rax] + lea eax,[((-1444681467))+r10*1+rax] and r12d,ebx and r11d,ecx - mov r10d,DWORD PTR[8+rsi] + mov r10d,DWORD[8+rsi] or r12d,r11d mov r11d,ecx add eax,r12d @@ -340,10 +344,10 @@ $L$loop:: rol eax,5 add eax,ebx not r11d - lea edx,DWORD PTR[((-51403784))+r10*1+rdx] + lea edx,[((-51403784))+r10*1+rdx] and r12d,eax and r11d,ebx - mov r10d,DWORD PTR[28+rsi] + mov r10d,DWORD[28+rsi] or r12d,r11d mov r11d,ebx add edx,r12d @@ -351,10 +355,10 @@ $L$loop:: rol edx,9 add edx,eax not r11d - lea ecx,DWORD PTR[1735328473+r10*1+rcx] + lea ecx,[1735328473+r10*1+rcx] and r12d,edx and r11d,eax - mov r10d,DWORD PTR[48+rsi] + mov r10d,DWORD[48+rsi] or r12d,r11d mov r11d,eax add ecx,r12d @@ -362,290 +366,290 @@ $L$loop:: rol ecx,14 add ecx,edx not r11d - lea ebx,DWORD PTR[((-1926607734))+r10*1+rbx] + lea ebx,[((-1926607734))+r10*1+rbx] and r12d,ecx and r11d,edx - mov r10d,DWORD PTR[rsi] + mov r10d,DWORD[rsi] or r12d,r11d mov r11d,edx add ebx,r12d mov r12d,edx rol ebx,20 add ebx,ecx - mov r10d,DWORD PTR[20+rsi] + mov r10d,DWORD[20+rsi] mov r11d,ecx - lea eax,DWORD PTR[((-378558))+r10*1+rax] - mov r10d,DWORD PTR[32+rsi] + lea eax,[((-378558))+r10*1+rax] + mov r10d,DWORD[32+rsi] xor r11d,edx xor r11d,ebx add eax,r11d rol eax,4 mov r11d,ebx add eax,ebx - lea edx,DWORD PTR[((-2022574463))+r10*1+rdx] - mov r10d,DWORD PTR[44+rsi] + lea edx,[((-2022574463))+r10*1+rdx] + mov r10d,DWORD[44+rsi] xor r11d,ecx xor r11d,eax add edx,r11d rol edx,11 mov r11d,eax add edx,eax - lea ecx,DWORD PTR[1839030562+r10*1+rcx] - mov r10d,DWORD PTR[56+rsi] + lea ecx,[1839030562+r10*1+rcx] + mov r10d,DWORD[56+rsi] xor r11d,ebx xor r11d,edx add ecx,r11d rol ecx,16 mov r11d,edx add ecx,edx - lea ebx,DWORD PTR[((-35309556))+r10*1+rbx] - mov r10d,DWORD PTR[4+rsi] + lea ebx,[((-35309556))+r10*1+rbx] + mov r10d,DWORD[4+rsi] xor r11d,eax xor r11d,ecx add ebx,r11d rol ebx,23 mov r11d,ecx add ebx,ecx - lea eax,DWORD PTR[((-1530992060))+r10*1+rax] - mov r10d,DWORD PTR[16+rsi] + lea eax,[((-1530992060))+r10*1+rax] + mov r10d,DWORD[16+rsi] xor r11d,edx xor r11d,ebx add eax,r11d rol eax,4 mov r11d,ebx add eax,ebx - lea edx,DWORD PTR[1272893353+r10*1+rdx] - mov r10d,DWORD PTR[28+rsi] + lea edx,[1272893353+r10*1+rdx] + mov r10d,DWORD[28+rsi] xor r11d,ecx xor r11d,eax add edx,r11d rol edx,11 mov r11d,eax add edx,eax - lea ecx,DWORD PTR[((-155497632))+r10*1+rcx] - mov r10d,DWORD PTR[40+rsi] + lea ecx,[((-155497632))+r10*1+rcx] + mov r10d,DWORD[40+rsi] xor r11d,ebx xor r11d,edx add ecx,r11d rol ecx,16 mov r11d,edx add ecx,edx - lea ebx,DWORD PTR[((-1094730640))+r10*1+rbx] - mov r10d,DWORD PTR[52+rsi] + lea ebx,[((-1094730640))+r10*1+rbx] + mov r10d,DWORD[52+rsi] xor r11d,eax xor r11d,ecx add ebx,r11d rol ebx,23 mov r11d,ecx add ebx,ecx - lea eax,DWORD PTR[681279174+r10*1+rax] - mov r10d,DWORD PTR[rsi] + lea eax,[681279174+r10*1+rax] + mov r10d,DWORD[rsi] xor r11d,edx xor r11d,ebx add eax,r11d rol eax,4 mov r11d,ebx add eax,ebx - lea edx,DWORD PTR[((-358537222))+r10*1+rdx] - mov r10d,DWORD PTR[12+rsi] + lea edx,[((-358537222))+r10*1+rdx] + mov r10d,DWORD[12+rsi] xor r11d,ecx xor r11d,eax add edx,r11d rol edx,11 mov r11d,eax add edx,eax - lea ecx,DWORD PTR[((-722521979))+r10*1+rcx] - mov r10d,DWORD PTR[24+rsi] + lea ecx,[((-722521979))+r10*1+rcx] + mov r10d,DWORD[24+rsi] xor r11d,ebx xor r11d,edx add ecx,r11d rol ecx,16 mov r11d,edx add ecx,edx - lea ebx,DWORD PTR[76029189+r10*1+rbx] - mov r10d,DWORD PTR[36+rsi] + lea ebx,[76029189+r10*1+rbx] + mov r10d,DWORD[36+rsi] xor r11d,eax xor r11d,ecx add ebx,r11d rol ebx,23 mov r11d,ecx add ebx,ecx - lea eax,DWORD PTR[((-640364487))+r10*1+rax] - mov r10d,DWORD PTR[48+rsi] + lea eax,[((-640364487))+r10*1+rax] + mov r10d,DWORD[48+rsi] xor r11d,edx xor r11d,ebx add eax,r11d rol eax,4 mov r11d,ebx add eax,ebx - lea edx,DWORD PTR[((-421815835))+r10*1+rdx] - mov r10d,DWORD PTR[60+rsi] + lea edx,[((-421815835))+r10*1+rdx] + mov r10d,DWORD[60+rsi] xor r11d,ecx xor r11d,eax add edx,r11d rol edx,11 mov r11d,eax add edx,eax - lea ecx,DWORD PTR[530742520+r10*1+rcx] - mov r10d,DWORD PTR[8+rsi] + lea ecx,[530742520+r10*1+rcx] + mov r10d,DWORD[8+rsi] xor r11d,ebx xor r11d,edx add ecx,r11d rol ecx,16 mov r11d,edx add ecx,edx - lea ebx,DWORD PTR[((-995338651))+r10*1+rbx] - mov r10d,DWORD PTR[rsi] + lea ebx,[((-995338651))+r10*1+rbx] + mov r10d,DWORD[rsi] xor r11d,eax xor r11d,ecx add ebx,r11d rol ebx,23 mov r11d,ecx add ebx,ecx - mov r10d,DWORD PTR[rsi] - mov r11d,0ffffffffh + mov r10d,DWORD[rsi] + mov r11d,0xffffffff xor r11d,edx - lea eax,DWORD PTR[((-198630844))+r10*1+rax] + lea eax,[((-198630844))+r10*1+rax] or r11d,ebx xor r11d,ecx add eax,r11d - mov r10d,DWORD PTR[28+rsi] - mov r11d,0ffffffffh + mov r10d,DWORD[28+rsi] + mov r11d,0xffffffff rol eax,6 xor r11d,ecx add eax,ebx - lea edx,DWORD PTR[1126891415+r10*1+rdx] + lea edx,[1126891415+r10*1+rdx] or r11d,eax xor r11d,ebx add edx,r11d - mov r10d,DWORD PTR[56+rsi] - mov r11d,0ffffffffh + mov r10d,DWORD[56+rsi] + mov r11d,0xffffffff rol edx,10 xor r11d,ebx add edx,eax - lea ecx,DWORD PTR[((-1416354905))+r10*1+rcx] + lea ecx,[((-1416354905))+r10*1+rcx] or r11d,edx xor r11d,eax add ecx,r11d - mov r10d,DWORD PTR[20+rsi] - mov r11d,0ffffffffh + mov r10d,DWORD[20+rsi] + mov r11d,0xffffffff rol ecx,15 xor r11d,eax add ecx,edx - lea ebx,DWORD PTR[((-57434055))+r10*1+rbx] + lea ebx,[((-57434055))+r10*1+rbx] or r11d,ecx xor r11d,edx add ebx,r11d - mov r10d,DWORD PTR[48+rsi] - mov r11d,0ffffffffh + mov r10d,DWORD[48+rsi] + mov r11d,0xffffffff rol ebx,21 xor r11d,edx add ebx,ecx - lea eax,DWORD PTR[1700485571+r10*1+rax] + lea eax,[1700485571+r10*1+rax] or r11d,ebx xor r11d,ecx add eax,r11d - mov r10d,DWORD PTR[12+rsi] - mov r11d,0ffffffffh + mov r10d,DWORD[12+rsi] + mov r11d,0xffffffff rol eax,6 xor r11d,ecx add eax,ebx - lea edx,DWORD PTR[((-1894986606))+r10*1+rdx] + lea edx,[((-1894986606))+r10*1+rdx] or r11d,eax xor r11d,ebx add edx,r11d - mov r10d,DWORD PTR[40+rsi] - mov r11d,0ffffffffh + mov r10d,DWORD[40+rsi] + mov r11d,0xffffffff rol edx,10 xor r11d,ebx add edx,eax - lea ecx,DWORD PTR[((-1051523))+r10*1+rcx] + lea ecx,[((-1051523))+r10*1+rcx] or r11d,edx xor r11d,eax add ecx,r11d - mov r10d,DWORD PTR[4+rsi] - mov r11d,0ffffffffh + mov r10d,DWORD[4+rsi] + mov r11d,0xffffffff rol ecx,15 xor r11d,eax add ecx,edx - lea ebx,DWORD PTR[((-2054922799))+r10*1+rbx] + lea ebx,[((-2054922799))+r10*1+rbx] or r11d,ecx xor r11d,edx add ebx,r11d - mov r10d,DWORD PTR[32+rsi] - mov r11d,0ffffffffh + mov r10d,DWORD[32+rsi] + mov r11d,0xffffffff rol ebx,21 xor r11d,edx add ebx,ecx - lea eax,DWORD PTR[1873313359+r10*1+rax] + lea eax,[1873313359+r10*1+rax] or r11d,ebx xor r11d,ecx add eax,r11d - mov r10d,DWORD PTR[60+rsi] - mov r11d,0ffffffffh + mov r10d,DWORD[60+rsi] + mov r11d,0xffffffff rol eax,6 xor r11d,ecx add eax,ebx - lea edx,DWORD PTR[((-30611744))+r10*1+rdx] + lea edx,[((-30611744))+r10*1+rdx] or r11d,eax xor r11d,ebx add edx,r11d - mov r10d,DWORD PTR[24+rsi] - mov r11d,0ffffffffh + mov r10d,DWORD[24+rsi] + mov r11d,0xffffffff rol edx,10 xor r11d,ebx add edx,eax - lea ecx,DWORD PTR[((-1560198380))+r10*1+rcx] + lea ecx,[((-1560198380))+r10*1+rcx] or r11d,edx xor r11d,eax add ecx,r11d - mov r10d,DWORD PTR[52+rsi] - mov r11d,0ffffffffh + mov r10d,DWORD[52+rsi] + mov r11d,0xffffffff rol ecx,15 xor r11d,eax add ecx,edx - lea ebx,DWORD PTR[1309151649+r10*1+rbx] + lea ebx,[1309151649+r10*1+rbx] or r11d,ecx xor r11d,edx add ebx,r11d - mov r10d,DWORD PTR[16+rsi] - mov r11d,0ffffffffh + mov r10d,DWORD[16+rsi] + mov r11d,0xffffffff rol ebx,21 xor r11d,edx add ebx,ecx - lea eax,DWORD PTR[((-145523070))+r10*1+rax] + lea eax,[((-145523070))+r10*1+rax] or r11d,ebx xor r11d,ecx add eax,r11d - mov r10d,DWORD PTR[44+rsi] - mov r11d,0ffffffffh + mov r10d,DWORD[44+rsi] + mov r11d,0xffffffff rol eax,6 xor r11d,ecx add eax,ebx - lea edx,DWORD PTR[((-1120210379))+r10*1+rdx] + lea edx,[((-1120210379))+r10*1+rdx] or r11d,eax xor r11d,ebx add edx,r11d - mov r10d,DWORD PTR[8+rsi] - mov r11d,0ffffffffh + mov r10d,DWORD[8+rsi] + mov r11d,0xffffffff rol edx,10 xor r11d,ebx add edx,eax - lea ecx,DWORD PTR[718787259+r10*1+rcx] + lea ecx,[718787259+r10*1+rcx] or r11d,edx xor r11d,eax add ecx,r11d - mov r10d,DWORD PTR[36+rsi] - mov r11d,0ffffffffh + mov r10d,DWORD[36+rsi] + mov r11d,0xffffffff rol ecx,15 xor r11d,eax add ecx,edx - lea ebx,DWORD PTR[((-343485551))+r10*1+rbx] + lea ebx,[((-343485551))+r10*1+rbx] or r11d,ecx xor r11d,edx add ebx,r11d - mov r10d,DWORD PTR[rsi] - mov r11d,0ffffffffh + mov r10d,DWORD[rsi] + mov r11d,0xffffffff rol ebx,21 xor r11d,edx add ebx,ecx @@ -658,31 +662,30 @@ $L$loop:: add rsi,64 cmp rsi,rdi - jb $L$loop + jb NEAR $L$loop -$L$end:: - mov DWORD PTR[rbp],eax - mov DWORD PTR[4+rbp],ebx - mov DWORD PTR[8+rbp],ecx - mov DWORD PTR[12+rbp],edx +$L$end: + mov DWORD[rbp],eax + mov DWORD[4+rbp],ebx + mov DWORD[8+rbp],ecx + mov DWORD[12+rbp],edx - mov r15,QWORD PTR[rsp] - mov r14,QWORD PTR[8+rsp] - mov r12,QWORD PTR[16+rsp] - mov rbx,QWORD PTR[24+rsp] - mov rbp,QWORD PTR[32+rsp] + mov r15,QWORD[rsp] + mov r14,QWORD[8+rsp] + mov r12,QWORD[16+rsp] + mov rbx,QWORD[24+rsp] + mov rbp,QWORD[32+rsp] add rsp,40 -$L$epilogue:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] +$L$epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_md5_block_asm_data_order:: -md5_block_asm_data_order ENDP -EXTERN __imp_RtlVirtualUnwind:NEAR +$L$SEH_end_md5_block_asm_data_order: +EXTERN __imp_RtlVirtualUnwind ALIGN 16 -se_handler PROC PRIVATE +se_handler: push rsi push rdi push rbx @@ -694,57 +697,57 @@ se_handler PROC PRIVATE pushfq sub rsp,64 - mov rax,QWORD PTR[120+r8] - mov rbx,QWORD PTR[248+r8] + mov rax,QWORD[120+r8] + mov rbx,QWORD[248+r8] - lea r10,QWORD PTR[$L$prologue] + lea r10,[$L$prologue] cmp rbx,r10 - jb $L$in_prologue + jb NEAR $L$in_prologue - mov rax,QWORD PTR[152+r8] + mov rax,QWORD[152+r8] - lea r10,QWORD PTR[$L$epilogue] + lea r10,[$L$epilogue] cmp rbx,r10 - jae $L$in_prologue - - lea rax,QWORD PTR[40+rax] - - mov rbp,QWORD PTR[((-8))+rax] - mov rbx,QWORD PTR[((-16))+rax] - mov r12,QWORD PTR[((-24))+rax] - mov r14,QWORD PTR[((-32))+rax] - mov r15,QWORD PTR[((-40))+rax] - mov QWORD PTR[144+r8],rbx - mov QWORD PTR[160+r8],rbp - mov QWORD PTR[216+r8],r12 - mov QWORD PTR[232+r8],r14 - mov QWORD PTR[240+r8],r15 - -$L$in_prologue:: - mov rdi,QWORD PTR[8+rax] - mov rsi,QWORD PTR[16+rax] - mov QWORD PTR[152+r8],rax - mov QWORD PTR[168+r8],rsi - mov QWORD PTR[176+r8],rdi - - mov rdi,QWORD PTR[40+r9] + jae NEAR $L$in_prologue + + lea rax,[40+rax] + + mov rbp,QWORD[((-8))+rax] + mov rbx,QWORD[((-16))+rax] + mov r12,QWORD[((-24))+rax] + mov r14,QWORD[((-32))+rax] + mov r15,QWORD[((-40))+rax] + mov QWORD[144+r8],rbx + mov QWORD[160+r8],rbp + mov QWORD[216+r8],r12 + mov QWORD[232+r8],r14 + mov QWORD[240+r8],r15 + +$L$in_prologue: + mov rdi,QWORD[8+rax] + mov rsi,QWORD[16+rax] + mov QWORD[152+r8],rax + mov QWORD[168+r8],rsi + mov QWORD[176+r8],rdi + + mov rdi,QWORD[40+r9] mov rsi,r8 mov ecx,154 - DD 0a548f3fch + DD 0xa548f3fc mov rsi,r9 xor rcx,rcx - mov rdx,QWORD PTR[8+rsi] - mov r8,QWORD PTR[rsi] - mov r9,QWORD PTR[16+rsi] - mov r10,QWORD PTR[40+rsi] - lea r11,QWORD PTR[56+rsi] - lea r12,QWORD PTR[24+rsi] - mov QWORD PTR[32+rsp],r10 - mov QWORD PTR[40+rsp],r11 - mov QWORD PTR[48+rsp],r12 - mov QWORD PTR[56+rsp],rcx - call QWORD PTR[__imp_RtlVirtualUnwind] + mov rdx,QWORD[8+rsi] + mov r8,QWORD[rsi] + mov r9,QWORD[16+rsi] + mov r10,QWORD[40+rsi] + lea r11,[56+rsi] + lea r12,[24+rsi] + mov QWORD[32+rsp],r10 + mov QWORD[40+rsp],r11 + mov QWORD[48+rsp],r12 + mov QWORD[56+rsp],rcx + call QWORD[__imp_RtlVirtualUnwind] mov eax,1 add rsp,64 @@ -758,21 +761,16 @@ $L$in_prologue:: pop rdi pop rsi DB 0F3h,0C3h ;repret -se_handler ENDP -.text$ ENDS -.pdata SEGMENT READONLY ALIGN(4) + +section .pdata rdata align=4 ALIGN 4 - DD imagerel $L$SEH_begin_md5_block_asm_data_order - DD imagerel $L$SEH_end_md5_block_asm_data_order - DD imagerel $L$SEH_info_md5_block_asm_data_order + DD $L$SEH_begin_md5_block_asm_data_order wrt ..imagebase + DD $L$SEH_end_md5_block_asm_data_order wrt ..imagebase + DD $L$SEH_info_md5_block_asm_data_order wrt ..imagebase -.pdata ENDS -.xdata SEGMENT READONLY ALIGN(8) +section .xdata rdata align=8 ALIGN 8 -$L$SEH_info_md5_block_asm_data_order:: +$L$SEH_info_md5_block_asm_data_order: DB 9,0,0,0 - DD imagerel se_handler - -.xdata ENDS -END + DD se_handler wrt ..imagebase diff --git a/win-x86_64/crypto/modes/aesni-gcm-x86_64.asm b/win-x86_64/crypto/modes/aesni-gcm-x86_64.asm index 828be8d..d7fff6a 100644 --- a/win-x86_64/crypto/modes/aesni-gcm-x86_64.asm +++ b/win-x86_64/crypto/modes/aesni-gcm-x86_64.asm @@ -1,19 +1,20 @@ -OPTION DOTNAME -.text$ SEGMENT ALIGN(256) 'CODE' +default rel +%define XMMWORD +%define YMMWORD +%define ZMMWORD +section .text code align=64 -PUBLIC aesni_gcm_encrypt -aesni_gcm_encrypt PROC PUBLIC +global aesni_gcm_encrypt + +aesni_gcm_encrypt: xor eax,eax DB 0F3h,0C3h ;repret -aesni_gcm_encrypt ENDP -PUBLIC aesni_gcm_decrypt -aesni_gcm_decrypt PROC PUBLIC +global aesni_gcm_decrypt + +aesni_gcm_decrypt: xor eax,eax DB 0F3h,0C3h ;repret -aesni_gcm_decrypt ENDP -.text$ ENDS -END diff --git a/win-x86_64/crypto/modes/ghash-x86_64.asm b/win-x86_64/crypto/modes/ghash-x86_64.asm index 9993d75..5d8fadc 100644 --- a/win-x86_64/crypto/modes/ghash-x86_64.asm +++ b/win-x86_64/crypto/modes/ghash-x86_64.asm @@ -1,15 +1,19 @@ -OPTION DOTNAME -.text$ SEGMENT ALIGN(256) 'CODE' -EXTERN OPENSSL_ia32cap_P:NEAR +default rel +%define XMMWORD +%define YMMWORD +%define ZMMWORD +section .text code align=64 -PUBLIC gcm_gmult_4bit +EXTERN OPENSSL_ia32cap_P + +global gcm_gmult_4bit ALIGN 16 -gcm_gmult_4bit PROC PUBLIC - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +gcm_gmult_4bit: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_gcm_gmult_4bit:: +$L$SEH_begin_gcm_gmult_4bit: mov rdi,rcx mov rsi,rdx @@ -17,98 +21,97 @@ $L$SEH_begin_gcm_gmult_4bit:: push rbx push rbp push r12 -$L$gmult_prologue:: +$L$gmult_prologue: - movzx r8,BYTE PTR[15+rdi] - lea r11,QWORD PTR[$L$rem_4bit] + movzx r8,BYTE[15+rdi] + lea r11,[$L$rem_4bit] xor rax,rax xor rbx,rbx mov al,r8b mov bl,r8b shl al,4 mov rcx,14 - mov r8,QWORD PTR[8+rax*1+rsi] - mov r9,QWORD PTR[rax*1+rsi] - and bl,0f0h + mov r8,QWORD[8+rax*1+rsi] + mov r9,QWORD[rax*1+rsi] + and bl,0xf0 mov rdx,r8 - jmp $L$oop1 + jmp NEAR $L$oop1 ALIGN 16 -$L$oop1:: +$L$oop1: shr r8,4 - and rdx,0fh + and rdx,0xf mov r10,r9 - mov al,BYTE PTR[rcx*1+rdi] + mov al,BYTE[rcx*1+rdi] shr r9,4 - xor r8,QWORD PTR[8+rbx*1+rsi] + xor r8,QWORD[8+rbx*1+rsi] shl r10,60 - xor r9,QWORD PTR[rbx*1+rsi] + xor r9,QWORD[rbx*1+rsi] mov bl,al - xor r9,QWORD PTR[rdx*8+r11] + xor r9,QWORD[rdx*8+r11] mov rdx,r8 shl al,4 xor r8,r10 dec rcx - js $L$break1 + js NEAR $L$break1 shr r8,4 - and rdx,0fh + and rdx,0xf mov r10,r9 shr r9,4 - xor r8,QWORD PTR[8+rax*1+rsi] + xor r8,QWORD[8+rax*1+rsi] shl r10,60 - xor r9,QWORD PTR[rax*1+rsi] - and bl,0f0h - xor r9,QWORD PTR[rdx*8+r11] + xor r9,QWORD[rax*1+rsi] + and bl,0xf0 + xor r9,QWORD[rdx*8+r11] mov rdx,r8 xor r8,r10 - jmp $L$oop1 + jmp NEAR $L$oop1 ALIGN 16 -$L$break1:: +$L$break1: shr r8,4 - and rdx,0fh + and rdx,0xf mov r10,r9 shr r9,4 - xor r8,QWORD PTR[8+rax*1+rsi] + xor r8,QWORD[8+rax*1+rsi] shl r10,60 - xor r9,QWORD PTR[rax*1+rsi] - and bl,0f0h - xor r9,QWORD PTR[rdx*8+r11] + xor r9,QWORD[rax*1+rsi] + and bl,0xf0 + xor r9,QWORD[rdx*8+r11] mov rdx,r8 xor r8,r10 shr r8,4 - and rdx,0fh + and rdx,0xf mov r10,r9 shr r9,4 - xor r8,QWORD PTR[8+rbx*1+rsi] + xor r8,QWORD[8+rbx*1+rsi] shl r10,60 - xor r9,QWORD PTR[rbx*1+rsi] + xor r9,QWORD[rbx*1+rsi] xor r8,r10 - xor r9,QWORD PTR[rdx*8+r11] + xor r9,QWORD[rdx*8+r11] bswap r8 bswap r9 - mov QWORD PTR[8+rdi],r8 - mov QWORD PTR[rdi],r9 - - mov rbx,QWORD PTR[16+rsp] - lea rsp,QWORD PTR[24+rsp] -$L$gmult_epilogue:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] + mov QWORD[8+rdi],r8 + mov QWORD[rdi],r9 + + mov rbx,QWORD[16+rsp] + lea rsp,[24+rsp] +$L$gmult_epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_gcm_gmult_4bit:: -gcm_gmult_4bit ENDP -PUBLIC gcm_ghash_4bit +$L$SEH_end_gcm_gmult_4bit: +global gcm_ghash_4bit ALIGN 16 -gcm_ghash_4bit PROC PUBLIC - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +gcm_ghash_4bit: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_gcm_ghash_4bit:: +$L$SEH_begin_gcm_ghash_4bit: mov rdi,rcx mov rsi,rdx mov rdx,r8 @@ -122,218 +125,218 @@ $L$SEH_begin_gcm_ghash_4bit:: push r14 push r15 sub rsp,280 -$L$ghash_prologue:: +$L$ghash_prologue: mov r14,rdx mov r15,rcx sub rsi,-128 - lea rbp,QWORD PTR[((16+128))+rsp] + lea rbp,[((16+128))+rsp] xor edx,edx - mov r8,QWORD PTR[((0+0-128))+rsi] - mov rax,QWORD PTR[((0+8-128))+rsi] + mov r8,QWORD[((0+0-128))+rsi] + mov rax,QWORD[((0+8-128))+rsi] mov dl,al shr rax,4 mov r10,r8 shr r8,4 - mov r9,QWORD PTR[((16+0-128))+rsi] + mov r9,QWORD[((16+0-128))+rsi] shl dl,4 - mov rbx,QWORD PTR[((16+8-128))+rsi] + mov rbx,QWORD[((16+8-128))+rsi] shl r10,60 - mov BYTE PTR[rsp],dl + mov BYTE[rsp],dl or rax,r10 mov dl,bl shr rbx,4 mov r10,r9 shr r9,4 - mov QWORD PTR[rbp],r8 - mov r8,QWORD PTR[((32+0-128))+rsi] + mov QWORD[rbp],r8 + mov r8,QWORD[((32+0-128))+rsi] shl dl,4 - mov QWORD PTR[((0-128))+rbp],rax - mov rax,QWORD PTR[((32+8-128))+rsi] + mov QWORD[((0-128))+rbp],rax + mov rax,QWORD[((32+8-128))+rsi] shl r10,60 - mov BYTE PTR[1+rsp],dl + mov BYTE[1+rsp],dl or rbx,r10 mov dl,al shr rax,4 mov r10,r8 shr r8,4 - mov QWORD PTR[8+rbp],r9 - mov r9,QWORD PTR[((48+0-128))+rsi] + mov QWORD[8+rbp],r9 + mov r9,QWORD[((48+0-128))+rsi] shl dl,4 - mov QWORD PTR[((8-128))+rbp],rbx - mov rbx,QWORD PTR[((48+8-128))+rsi] + mov QWORD[((8-128))+rbp],rbx + mov rbx,QWORD[((48+8-128))+rsi] shl r10,60 - mov BYTE PTR[2+rsp],dl + mov BYTE[2+rsp],dl or rax,r10 mov dl,bl shr rbx,4 mov r10,r9 shr r9,4 - mov QWORD PTR[16+rbp],r8 - mov r8,QWORD PTR[((64+0-128))+rsi] + mov QWORD[16+rbp],r8 + mov r8,QWORD[((64+0-128))+rsi] shl dl,4 - mov QWORD PTR[((16-128))+rbp],rax - mov rax,QWORD PTR[((64+8-128))+rsi] + mov QWORD[((16-128))+rbp],rax + mov rax,QWORD[((64+8-128))+rsi] shl r10,60 - mov BYTE PTR[3+rsp],dl + mov BYTE[3+rsp],dl or rbx,r10 mov dl,al shr rax,4 mov r10,r8 shr r8,4 - mov QWORD PTR[24+rbp],r9 - mov r9,QWORD PTR[((80+0-128))+rsi] + mov QWORD[24+rbp],r9 + mov r9,QWORD[((80+0-128))+rsi] shl dl,4 - mov QWORD PTR[((24-128))+rbp],rbx - mov rbx,QWORD PTR[((80+8-128))+rsi] + mov QWORD[((24-128))+rbp],rbx + mov rbx,QWORD[((80+8-128))+rsi] shl r10,60 - mov BYTE PTR[4+rsp],dl + mov BYTE[4+rsp],dl or rax,r10 mov dl,bl shr rbx,4 mov r10,r9 shr r9,4 - mov QWORD PTR[32+rbp],r8 - mov r8,QWORD PTR[((96+0-128))+rsi] + mov QWORD[32+rbp],r8 + mov r8,QWORD[((96+0-128))+rsi] shl dl,4 - mov QWORD PTR[((32-128))+rbp],rax - mov rax,QWORD PTR[((96+8-128))+rsi] + mov QWORD[((32-128))+rbp],rax + mov rax,QWORD[((96+8-128))+rsi] shl r10,60 - mov BYTE PTR[5+rsp],dl + mov BYTE[5+rsp],dl or rbx,r10 mov dl,al shr rax,4 mov r10,r8 shr r8,4 - mov QWORD PTR[40+rbp],r9 - mov r9,QWORD PTR[((112+0-128))+rsi] + mov QWORD[40+rbp],r9 + mov r9,QWORD[((112+0-128))+rsi] shl dl,4 - mov QWORD PTR[((40-128))+rbp],rbx - mov rbx,QWORD PTR[((112+8-128))+rsi] + mov QWORD[((40-128))+rbp],rbx + mov rbx,QWORD[((112+8-128))+rsi] shl r10,60 - mov BYTE PTR[6+rsp],dl + mov BYTE[6+rsp],dl or rax,r10 mov dl,bl shr rbx,4 mov r10,r9 shr r9,4 - mov QWORD PTR[48+rbp],r8 - mov r8,QWORD PTR[((128+0-128))+rsi] + mov QWORD[48+rbp],r8 + mov r8,QWORD[((128+0-128))+rsi] shl dl,4 - mov QWORD PTR[((48-128))+rbp],rax - mov rax,QWORD PTR[((128+8-128))+rsi] + mov QWORD[((48-128))+rbp],rax + mov rax,QWORD[((128+8-128))+rsi] shl r10,60 - mov BYTE PTR[7+rsp],dl + mov BYTE[7+rsp],dl or rbx,r10 mov dl,al shr rax,4 mov r10,r8 shr r8,4 - mov QWORD PTR[56+rbp],r9 - mov r9,QWORD PTR[((144+0-128))+rsi] + mov QWORD[56+rbp],r9 + mov r9,QWORD[((144+0-128))+rsi] shl dl,4 - mov QWORD PTR[((56-128))+rbp],rbx - mov rbx,QWORD PTR[((144+8-128))+rsi] + mov QWORD[((56-128))+rbp],rbx + mov rbx,QWORD[((144+8-128))+rsi] shl r10,60 - mov BYTE PTR[8+rsp],dl + mov BYTE[8+rsp],dl or rax,r10 mov dl,bl shr rbx,4 mov r10,r9 shr r9,4 - mov QWORD PTR[64+rbp],r8 - mov r8,QWORD PTR[((160+0-128))+rsi] + mov QWORD[64+rbp],r8 + mov r8,QWORD[((160+0-128))+rsi] shl dl,4 - mov QWORD PTR[((64-128))+rbp],rax - mov rax,QWORD PTR[((160+8-128))+rsi] + mov QWORD[((64-128))+rbp],rax + mov rax,QWORD[((160+8-128))+rsi] shl r10,60 - mov BYTE PTR[9+rsp],dl + mov BYTE[9+rsp],dl or rbx,r10 mov dl,al shr rax,4 mov r10,r8 shr r8,4 - mov QWORD PTR[72+rbp],r9 - mov r9,QWORD PTR[((176+0-128))+rsi] + mov QWORD[72+rbp],r9 + mov r9,QWORD[((176+0-128))+rsi] shl dl,4 - mov QWORD PTR[((72-128))+rbp],rbx - mov rbx,QWORD PTR[((176+8-128))+rsi] + mov QWORD[((72-128))+rbp],rbx + mov rbx,QWORD[((176+8-128))+rsi] shl r10,60 - mov BYTE PTR[10+rsp],dl + mov BYTE[10+rsp],dl or rax,r10 mov dl,bl shr rbx,4 mov r10,r9 shr r9,4 - mov QWORD PTR[80+rbp],r8 - mov r8,QWORD PTR[((192+0-128))+rsi] + mov QWORD[80+rbp],r8 + mov r8,QWORD[((192+0-128))+rsi] shl dl,4 - mov QWORD PTR[((80-128))+rbp],rax - mov rax,QWORD PTR[((192+8-128))+rsi] + mov QWORD[((80-128))+rbp],rax + mov rax,QWORD[((192+8-128))+rsi] shl r10,60 - mov BYTE PTR[11+rsp],dl + mov BYTE[11+rsp],dl or rbx,r10 mov dl,al shr rax,4 mov r10,r8 shr r8,4 - mov QWORD PTR[88+rbp],r9 - mov r9,QWORD PTR[((208+0-128))+rsi] + mov QWORD[88+rbp],r9 + mov r9,QWORD[((208+0-128))+rsi] shl dl,4 - mov QWORD PTR[((88-128))+rbp],rbx - mov rbx,QWORD PTR[((208+8-128))+rsi] + mov QWORD[((88-128))+rbp],rbx + mov rbx,QWORD[((208+8-128))+rsi] shl r10,60 - mov BYTE PTR[12+rsp],dl + mov BYTE[12+rsp],dl or rax,r10 mov dl,bl shr rbx,4 mov r10,r9 shr r9,4 - mov QWORD PTR[96+rbp],r8 - mov r8,QWORD PTR[((224+0-128))+rsi] + mov QWORD[96+rbp],r8 + mov r8,QWORD[((224+0-128))+rsi] shl dl,4 - mov QWORD PTR[((96-128))+rbp],rax - mov rax,QWORD PTR[((224+8-128))+rsi] + mov QWORD[((96-128))+rbp],rax + mov rax,QWORD[((224+8-128))+rsi] shl r10,60 - mov BYTE PTR[13+rsp],dl + mov BYTE[13+rsp],dl or rbx,r10 mov dl,al shr rax,4 mov r10,r8 shr r8,4 - mov QWORD PTR[104+rbp],r9 - mov r9,QWORD PTR[((240+0-128))+rsi] + mov QWORD[104+rbp],r9 + mov r9,QWORD[((240+0-128))+rsi] shl dl,4 - mov QWORD PTR[((104-128))+rbp],rbx - mov rbx,QWORD PTR[((240+8-128))+rsi] + mov QWORD[((104-128))+rbp],rbx + mov rbx,QWORD[((240+8-128))+rsi] shl r10,60 - mov BYTE PTR[14+rsp],dl + mov BYTE[14+rsp],dl or rax,r10 mov dl,bl shr rbx,4 mov r10,r9 shr r9,4 - mov QWORD PTR[112+rbp],r8 + mov QWORD[112+rbp],r8 shl dl,4 - mov QWORD PTR[((112-128))+rbp],rax + mov QWORD[((112-128))+rbp],rax shl r10,60 - mov BYTE PTR[15+rsp],dl + mov BYTE[15+rsp],dl or rbx,r10 - mov QWORD PTR[120+rbp],r9 - mov QWORD PTR[((120-128))+rbp],rbx + mov QWORD[120+rbp],r9 + mov QWORD[((120-128))+rbp],rbx add rsi,-128 - mov r8,QWORD PTR[8+rdi] - mov r9,QWORD PTR[rdi] + mov r8,QWORD[8+rdi] + mov r9,QWORD[rdi] add r15,r14 - lea r11,QWORD PTR[$L$rem_8bit] - jmp $L$outer_loop + lea r11,[$L$rem_8bit] + jmp NEAR $L$outer_loop ALIGN 16 -$L$outer_loop:: - xor r9,QWORD PTR[r14] - mov rdx,QWORD PTR[8+r14] - lea r14,QWORD PTR[16+r14] +$L$outer_loop: + xor r9,QWORD[r14] + mov rdx,QWORD[8+r14] + lea r14,[16+r14] xor rdx,r8 - mov QWORD PTR[rdi],r9 - mov QWORD PTR[8+rdi],rdx + mov QWORD[rdi],r9 + mov QWORD[8+rdi],rdx shr rdx,32 xor rax,rax rol edx,8 @@ -342,30 +345,30 @@ $L$outer_loop:: shl al,4 shr ebx,4 rol edx,8 - mov r8,QWORD PTR[8+rax*1+rsi] - mov r9,QWORD PTR[rax*1+rsi] + mov r8,QWORD[8+rax*1+rsi] + mov r9,QWORD[rax*1+rsi] mov al,dl movzx ecx,dl shl al,4 - movzx r12,BYTE PTR[rbx*1+rsp] + movzx r12,BYTE[rbx*1+rsp] shr ecx,4 xor r12,r8 mov r10,r9 shr r8,8 movzx r12,r12b shr r9,8 - xor r8,QWORD PTR[((-128))+rbx*8+rbp] + xor r8,QWORD[((-128))+rbx*8+rbp] shl r10,56 - xor r9,QWORD PTR[rbx*8+rbp] + xor r9,QWORD[rbx*8+rbp] rol edx,8 - xor r8,QWORD PTR[8+rax*1+rsi] - xor r9,QWORD PTR[rax*1+rsi] + xor r8,QWORD[8+rax*1+rsi] + xor r9,QWORD[rax*1+rsi] mov al,dl xor r8,r10 - movzx r12,WORD PTR[r12*2+r11] + movzx r12,WORD[r12*2+r11] movzx ebx,dl shl al,4 - movzx r13,BYTE PTR[rcx*1+rsp] + movzx r13,BYTE[rcx*1+rsp] shr ebx,4 shl r12,48 xor r13,r8 @@ -374,18 +377,18 @@ $L$outer_loop:: shr r8,8 movzx r13,r13b shr r9,8 - xor r8,QWORD PTR[((-128))+rcx*8+rbp] + xor r8,QWORD[((-128))+rcx*8+rbp] shl r10,56 - xor r9,QWORD PTR[rcx*8+rbp] + xor r9,QWORD[rcx*8+rbp] rol edx,8 - xor r8,QWORD PTR[8+rax*1+rsi] - xor r9,QWORD PTR[rax*1+rsi] + xor r8,QWORD[8+rax*1+rsi] + xor r9,QWORD[rax*1+rsi] mov al,dl xor r8,r10 - movzx r13,WORD PTR[r13*2+r11] + movzx r13,WORD[r13*2+r11] movzx ecx,dl shl al,4 - movzx r12,BYTE PTR[rbx*1+rsp] + movzx r12,BYTE[rbx*1+rsp] shr ecx,4 shl r13,48 xor r12,r8 @@ -393,20 +396,20 @@ $L$outer_loop:: xor r9,r13 shr r8,8 movzx r12,r12b - mov edx,DWORD PTR[8+rdi] + mov edx,DWORD[8+rdi] shr r9,8 - xor r8,QWORD PTR[((-128))+rbx*8+rbp] + xor r8,QWORD[((-128))+rbx*8+rbp] shl r10,56 - xor r9,QWORD PTR[rbx*8+rbp] + xor r9,QWORD[rbx*8+rbp] rol edx,8 - xor r8,QWORD PTR[8+rax*1+rsi] - xor r9,QWORD PTR[rax*1+rsi] + xor r8,QWORD[8+rax*1+rsi] + xor r9,QWORD[rax*1+rsi] mov al,dl xor r8,r10 - movzx r12,WORD PTR[r12*2+r11] + movzx r12,WORD[r12*2+r11] movzx ebx,dl shl al,4 - movzx r13,BYTE PTR[rcx*1+rsp] + movzx r13,BYTE[rcx*1+rsp] shr ebx,4 shl r12,48 xor r13,r8 @@ -415,18 +418,18 @@ $L$outer_loop:: shr r8,8 movzx r13,r13b shr r9,8 - xor r8,QWORD PTR[((-128))+rcx*8+rbp] + xor r8,QWORD[((-128))+rcx*8+rbp] shl r10,56 - xor r9,QWORD PTR[rcx*8+rbp] + xor r9,QWORD[rcx*8+rbp] rol edx,8 - xor r8,QWORD PTR[8+rax*1+rsi] - xor r9,QWORD PTR[rax*1+rsi] + xor r8,QWORD[8+rax*1+rsi] + xor r9,QWORD[rax*1+rsi] mov al,dl xor r8,r10 - movzx r13,WORD PTR[r13*2+r11] + movzx r13,WORD[r13*2+r11] movzx ecx,dl shl al,4 - movzx r12,BYTE PTR[rbx*1+rsp] + movzx r12,BYTE[rbx*1+rsp] shr ecx,4 shl r13,48 xor r12,r8 @@ -435,18 +438,18 @@ $L$outer_loop:: shr r8,8 movzx r12,r12b shr r9,8 - xor r8,QWORD PTR[((-128))+rbx*8+rbp] + xor r8,QWORD[((-128))+rbx*8+rbp] shl r10,56 - xor r9,QWORD PTR[rbx*8+rbp] + xor r9,QWORD[rbx*8+rbp] rol edx,8 - xor r8,QWORD PTR[8+rax*1+rsi] - xor r9,QWORD PTR[rax*1+rsi] + xor r8,QWORD[8+rax*1+rsi] + xor r9,QWORD[rax*1+rsi] mov al,dl xor r8,r10 - movzx r12,WORD PTR[r12*2+r11] + movzx r12,WORD[r12*2+r11] movzx ebx,dl shl al,4 - movzx r13,BYTE PTR[rcx*1+rsp] + movzx r13,BYTE[rcx*1+rsp] shr ebx,4 shl r12,48 xor r13,r8 @@ -455,18 +458,18 @@ $L$outer_loop:: shr r8,8 movzx r13,r13b shr r9,8 - xor r8,QWORD PTR[((-128))+rcx*8+rbp] + xor r8,QWORD[((-128))+rcx*8+rbp] shl r10,56 - xor r9,QWORD PTR[rcx*8+rbp] + xor r9,QWORD[rcx*8+rbp] rol edx,8 - xor r8,QWORD PTR[8+rax*1+rsi] - xor r9,QWORD PTR[rax*1+rsi] + xor r8,QWORD[8+rax*1+rsi] + xor r9,QWORD[rax*1+rsi] mov al,dl xor r8,r10 - movzx r13,WORD PTR[r13*2+r11] + movzx r13,WORD[r13*2+r11] movzx ecx,dl shl al,4 - movzx r12,BYTE PTR[rbx*1+rsp] + movzx r12,BYTE[rbx*1+rsp] shr ecx,4 shl r13,48 xor r12,r8 @@ -474,20 +477,20 @@ $L$outer_loop:: xor r9,r13 shr r8,8 movzx r12,r12b - mov edx,DWORD PTR[4+rdi] + mov edx,DWORD[4+rdi] shr r9,8 - xor r8,QWORD PTR[((-128))+rbx*8+rbp] + xor r8,QWORD[((-128))+rbx*8+rbp] shl r10,56 - xor r9,QWORD PTR[rbx*8+rbp] + xor r9,QWORD[rbx*8+rbp] rol edx,8 - xor r8,QWORD PTR[8+rax*1+rsi] - xor r9,QWORD PTR[rax*1+rsi] + xor r8,QWORD[8+rax*1+rsi] + xor r9,QWORD[rax*1+rsi] mov al,dl xor r8,r10 - movzx r12,WORD PTR[r12*2+r11] + movzx r12,WORD[r12*2+r11] movzx ebx,dl shl al,4 - movzx r13,BYTE PTR[rcx*1+rsp] + movzx r13,BYTE[rcx*1+rsp] shr ebx,4 shl r12,48 xor r13,r8 @@ -496,18 +499,18 @@ $L$outer_loop:: shr r8,8 movzx r13,r13b shr r9,8 - xor r8,QWORD PTR[((-128))+rcx*8+rbp] + xor r8,QWORD[((-128))+rcx*8+rbp] shl r10,56 - xor r9,QWORD PTR[rcx*8+rbp] + xor r9,QWORD[rcx*8+rbp] rol edx,8 - xor r8,QWORD PTR[8+rax*1+rsi] - xor r9,QWORD PTR[rax*1+rsi] + xor r8,QWORD[8+rax*1+rsi] + xor r9,QWORD[rax*1+rsi] mov al,dl xor r8,r10 - movzx r13,WORD PTR[r13*2+r11] + movzx r13,WORD[r13*2+r11] movzx ecx,dl shl al,4 - movzx r12,BYTE PTR[rbx*1+rsp] + movzx r12,BYTE[rbx*1+rsp] shr ecx,4 shl r13,48 xor r12,r8 @@ -516,18 +519,18 @@ $L$outer_loop:: shr r8,8 movzx r12,r12b shr r9,8 - xor r8,QWORD PTR[((-128))+rbx*8+rbp] + xor r8,QWORD[((-128))+rbx*8+rbp] shl r10,56 - xor r9,QWORD PTR[rbx*8+rbp] + xor r9,QWORD[rbx*8+rbp] rol edx,8 - xor r8,QWORD PTR[8+rax*1+rsi] - xor r9,QWORD PTR[rax*1+rsi] + xor r8,QWORD[8+rax*1+rsi] + xor r9,QWORD[rax*1+rsi] mov al,dl xor r8,r10 - movzx r12,WORD PTR[r12*2+r11] + movzx r12,WORD[r12*2+r11] movzx ebx,dl shl al,4 - movzx r13,BYTE PTR[rcx*1+rsp] + movzx r13,BYTE[rcx*1+rsp] shr ebx,4 shl r12,48 xor r13,r8 @@ -536,18 +539,18 @@ $L$outer_loop:: shr r8,8 movzx r13,r13b shr r9,8 - xor r8,QWORD PTR[((-128))+rcx*8+rbp] + xor r8,QWORD[((-128))+rcx*8+rbp] shl r10,56 - xor r9,QWORD PTR[rcx*8+rbp] + xor r9,QWORD[rcx*8+rbp] rol edx,8 - xor r8,QWORD PTR[8+rax*1+rsi] - xor r9,QWORD PTR[rax*1+rsi] + xor r8,QWORD[8+rax*1+rsi] + xor r9,QWORD[rax*1+rsi] mov al,dl xor r8,r10 - movzx r13,WORD PTR[r13*2+r11] + movzx r13,WORD[r13*2+r11] movzx ecx,dl shl al,4 - movzx r12,BYTE PTR[rbx*1+rsp] + movzx r12,BYTE[rbx*1+rsp] shr ecx,4 shl r13,48 xor r12,r8 @@ -555,20 +558,20 @@ $L$outer_loop:: xor r9,r13 shr r8,8 movzx r12,r12b - mov edx,DWORD PTR[rdi] + mov edx,DWORD[rdi] shr r9,8 - xor r8,QWORD PTR[((-128))+rbx*8+rbp] + xor r8,QWORD[((-128))+rbx*8+rbp] shl r10,56 - xor r9,QWORD PTR[rbx*8+rbp] + xor r9,QWORD[rbx*8+rbp] rol edx,8 - xor r8,QWORD PTR[8+rax*1+rsi] - xor r9,QWORD PTR[rax*1+rsi] + xor r8,QWORD[8+rax*1+rsi] + xor r9,QWORD[rax*1+rsi] mov al,dl xor r8,r10 - movzx r12,WORD PTR[r12*2+r11] + movzx r12,WORD[r12*2+r11] movzx ebx,dl shl al,4 - movzx r13,BYTE PTR[rcx*1+rsp] + movzx r13,BYTE[rcx*1+rsp] shr ebx,4 shl r12,48 xor r13,r8 @@ -577,18 +580,18 @@ $L$outer_loop:: shr r8,8 movzx r13,r13b shr r9,8 - xor r8,QWORD PTR[((-128))+rcx*8+rbp] + xor r8,QWORD[((-128))+rcx*8+rbp] shl r10,56 - xor r9,QWORD PTR[rcx*8+rbp] + xor r9,QWORD[rcx*8+rbp] rol edx,8 - xor r8,QWORD PTR[8+rax*1+rsi] - xor r9,QWORD PTR[rax*1+rsi] + xor r8,QWORD[8+rax*1+rsi] + xor r9,QWORD[rax*1+rsi] mov al,dl xor r8,r10 - movzx r13,WORD PTR[r13*2+r11] + movzx r13,WORD[r13*2+r11] movzx ecx,dl shl al,4 - movzx r12,BYTE PTR[rbx*1+rsp] + movzx r12,BYTE[rbx*1+rsp] shr ecx,4 shl r13,48 xor r12,r8 @@ -597,18 +600,18 @@ $L$outer_loop:: shr r8,8 movzx r12,r12b shr r9,8 - xor r8,QWORD PTR[((-128))+rbx*8+rbp] + xor r8,QWORD[((-128))+rbx*8+rbp] shl r10,56 - xor r9,QWORD PTR[rbx*8+rbp] + xor r9,QWORD[rbx*8+rbp] rol edx,8 - xor r8,QWORD PTR[8+rax*1+rsi] - xor r9,QWORD PTR[rax*1+rsi] + xor r8,QWORD[8+rax*1+rsi] + xor r9,QWORD[rax*1+rsi] mov al,dl xor r8,r10 - movzx r12,WORD PTR[r12*2+r11] + movzx r12,WORD[r12*2+r11] movzx ebx,dl shl al,4 - movzx r13,BYTE PTR[rcx*1+rsp] + movzx r13,BYTE[rcx*1+rsp] shr ebx,4 shl r12,48 xor r13,r8 @@ -617,18 +620,18 @@ $L$outer_loop:: shr r8,8 movzx r13,r13b shr r9,8 - xor r8,QWORD PTR[((-128))+rcx*8+rbp] + xor r8,QWORD[((-128))+rcx*8+rbp] shl r10,56 - xor r9,QWORD PTR[rcx*8+rbp] + xor r9,QWORD[rcx*8+rbp] rol edx,8 - xor r8,QWORD PTR[8+rax*1+rsi] - xor r9,QWORD PTR[rax*1+rsi] + xor r8,QWORD[8+rax*1+rsi] + xor r9,QWORD[rax*1+rsi] mov al,dl xor r8,r10 - movzx r13,WORD PTR[r13*2+r11] + movzx r13,WORD[r13*2+r11] movzx ecx,dl shl al,4 - movzx r12,BYTE PTR[rbx*1+rsp] + movzx r12,BYTE[rbx*1+rsp] and ecx,240 shl r13,48 xor r12,r8 @@ -636,14 +639,14 @@ $L$outer_loop:: xor r9,r13 shr r8,8 movzx r12,r12b - mov edx,DWORD PTR[((-4))+rdi] + mov edx,DWORD[((-4))+rdi] shr r9,8 - xor r8,QWORD PTR[((-128))+rbx*8+rbp] + xor r8,QWORD[((-128))+rbx*8+rbp] shl r10,56 - xor r9,QWORD PTR[rbx*8+rbp] - movzx r12,WORD PTR[r12*2+r11] - xor r8,QWORD PTR[8+rax*1+rsi] - xor r9,QWORD PTR[rax*1+rsi] + xor r9,QWORD[rbx*8+rbp] + movzx r12,WORD[r12*2+r11] + xor r8,QWORD[8+rax*1+rsi] + xor r9,QWORD[rax*1+rsi] shl r12,48 xor r8,r10 xor r9,r12 @@ -652,44 +655,43 @@ $L$outer_loop:: mov r10,r9 shl r13b,4 shr r9,4 - xor r8,QWORD PTR[8+rcx*1+rsi] - movzx r13,WORD PTR[r13*2+r11] + xor r8,QWORD[8+rcx*1+rsi] + movzx r13,WORD[r13*2+r11] shl r10,60 - xor r9,QWORD PTR[rcx*1+rsi] + xor r9,QWORD[rcx*1+rsi] xor r8,r10 shl r13,48 bswap r8 xor r9,r13 bswap r9 cmp r14,r15 - jb $L$outer_loop - mov QWORD PTR[8+rdi],r8 - mov QWORD PTR[rdi],r9 - - lea rsi,QWORD PTR[280+rsp] - mov r15,QWORD PTR[rsi] - mov r14,QWORD PTR[8+rsi] - mov r13,QWORD PTR[16+rsi] - mov r12,QWORD PTR[24+rsi] - mov rbp,QWORD PTR[32+rsi] - mov rbx,QWORD PTR[40+rsi] - lea rsp,QWORD PTR[48+rsi] -$L$ghash_epilogue:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] + jb NEAR $L$outer_loop + mov QWORD[8+rdi],r8 + mov QWORD[rdi],r9 + + lea rsi,[280+rsp] + mov r15,QWORD[rsi] + mov r14,QWORD[8+rsi] + mov r13,QWORD[16+rsi] + mov r12,QWORD[24+rsi] + mov rbp,QWORD[32+rsi] + mov rbx,QWORD[40+rsi] + lea rsp,[48+rsi] +$L$ghash_epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_gcm_ghash_4bit:: -gcm_ghash_4bit ENDP -PUBLIC gcm_init_clmul +$L$SEH_end_gcm_ghash_4bit: +global gcm_init_clmul ALIGN 16 -gcm_init_clmul PROC PUBLIC -$L$_init_clmul:: -$L$SEH_begin_gcm_init_clmul:: +gcm_init_clmul: +$L$_init_clmul: +$L$SEH_begin_gcm_init_clmul: -DB 048h,083h,0ech,018h -DB 00fh,029h,034h,024h - movdqu xmm2,XMMWORD PTR[rdx] +DB 0x48,0x83,0xec,0x18 +DB 0x0f,0x29,0x34,0x24 + movdqu xmm2,XMMWORD[rdx] pshufd xmm2,xmm2,78 @@ -703,7 +705,7 @@ DB 00fh,029h,034h,024h por xmm2,xmm3 - pand xmm5,XMMWORD PTR[$L$0x1c2_polynomial] + pand xmm5,XMMWORD[$L$0x1c2_polynomial] pxor xmm2,xmm5 @@ -750,11 +752,11 @@ DB 102,15,58,68,222,0 pshufd xmm3,xmm2,78 pshufd xmm4,xmm0,78 pxor xmm3,xmm2 - movdqu XMMWORD PTR[rcx],xmm2 + movdqu XMMWORD[rcx],xmm2 pxor xmm4,xmm0 - movdqu XMMWORD PTR[16+rcx],xmm0 + movdqu XMMWORD[16+rcx],xmm0 DB 102,15,58,15,227,8 - movdqu XMMWORD PTR[32+rcx],xmm4 + movdqu XMMWORD[32+rcx],xmm4 movdqa xmm1,xmm0 pshufd xmm3,xmm0,78 pxor xmm3,xmm0 @@ -833,25 +835,25 @@ DB 102,15,58,68,222,0 pshufd xmm3,xmm5,78 pshufd xmm4,xmm0,78 pxor xmm3,xmm5 - movdqu XMMWORD PTR[48+rcx],xmm5 + movdqu XMMWORD[48+rcx],xmm5 pxor xmm4,xmm0 - movdqu XMMWORD PTR[64+rcx],xmm0 + movdqu XMMWORD[64+rcx],xmm0 DB 102,15,58,15,227,8 - movdqu XMMWORD PTR[80+rcx],xmm4 - movaps xmm6,XMMWORD PTR[rsp] - lea rsp,QWORD PTR[24+rsp] -$L$SEH_end_gcm_init_clmul:: + movdqu XMMWORD[80+rcx],xmm4 + movaps xmm6,XMMWORD[rsp] + lea rsp,[24+rsp] +$L$SEH_end_gcm_init_clmul: DB 0F3h,0C3h ;repret -gcm_init_clmul ENDP -PUBLIC gcm_gmult_clmul + +global gcm_gmult_clmul ALIGN 16 -gcm_gmult_clmul PROC PUBLIC -$L$_gmult_clmul:: - movdqu xmm0,XMMWORD PTR[rcx] - movdqa xmm5,XMMWORD PTR[$L$bswap_mask] - movdqu xmm2,XMMWORD PTR[rdx] - movdqu xmm4,XMMWORD PTR[32+rdx] +gcm_gmult_clmul: +$L$_gmult_clmul: + movdqu xmm0,XMMWORD[rcx] + movdqa xmm5,XMMWORD[$L$bswap_mask] + movdqu xmm2,XMMWORD[rdx] + movdqu xmm4,XMMWORD[32+rdx] DB 102,15,56,0,197 movdqa xmm1,xmm0 pshufd xmm3,xmm0,78 @@ -891,57 +893,57 @@ DB 102,15,58,68,220,0 psrlq xmm0,1 pxor xmm0,xmm1 DB 102,15,56,0,197 - movdqu XMMWORD PTR[rcx],xmm0 + movdqu XMMWORD[rcx],xmm0 DB 0F3h,0C3h ;repret -gcm_gmult_clmul ENDP -PUBLIC gcm_ghash_clmul + +global gcm_ghash_clmul ALIGN 32 -gcm_ghash_clmul PROC PUBLIC -$L$_ghash_clmul:: - lea rax,QWORD PTR[((-136))+rsp] -$L$SEH_begin_gcm_ghash_clmul:: - -DB 048h,08dh,060h,0e0h -DB 00fh,029h,070h,0e0h -DB 00fh,029h,078h,0f0h -DB 044h,00fh,029h,000h -DB 044h,00fh,029h,048h,010h -DB 044h,00fh,029h,050h,020h -DB 044h,00fh,029h,058h,030h -DB 044h,00fh,029h,060h,040h -DB 044h,00fh,029h,068h,050h -DB 044h,00fh,029h,070h,060h -DB 044h,00fh,029h,078h,070h - movdqa xmm10,XMMWORD PTR[$L$bswap_mask] - - movdqu xmm0,XMMWORD PTR[rcx] - movdqu xmm2,XMMWORD PTR[rdx] - movdqu xmm7,XMMWORD PTR[32+rdx] +gcm_ghash_clmul: +$L$_ghash_clmul: + lea rax,[((-136))+rsp] +$L$SEH_begin_gcm_ghash_clmul: + +DB 0x48,0x8d,0x60,0xe0 +DB 0x0f,0x29,0x70,0xe0 +DB 0x0f,0x29,0x78,0xf0 +DB 0x44,0x0f,0x29,0x00 +DB 0x44,0x0f,0x29,0x48,0x10 +DB 0x44,0x0f,0x29,0x50,0x20 +DB 0x44,0x0f,0x29,0x58,0x30 +DB 0x44,0x0f,0x29,0x60,0x40 +DB 0x44,0x0f,0x29,0x68,0x50 +DB 0x44,0x0f,0x29,0x70,0x60 +DB 0x44,0x0f,0x29,0x78,0x70 + movdqa xmm10,XMMWORD[$L$bswap_mask] + + movdqu xmm0,XMMWORD[rcx] + movdqu xmm2,XMMWORD[rdx] + movdqu xmm7,XMMWORD[32+rdx] DB 102,65,15,56,0,194 - sub r9,010h - jz $L$odd_tail + sub r9,0x10 + jz NEAR $L$odd_tail - movdqu xmm6,XMMWORD PTR[16+rdx] - mov eax,DWORD PTR[((OPENSSL_ia32cap_P+4))] - cmp r9,030h - jb $L$skip4x + movdqu xmm6,XMMWORD[16+rdx] + mov eax,DWORD[((OPENSSL_ia32cap_P+4))] + cmp r9,0x30 + jb NEAR $L$skip4x and eax,71303168 cmp eax,4194304 - je $L$skip4x + je NEAR $L$skip4x - sub r9,030h - mov rax,0A040608020C0E000h - movdqu xmm14,XMMWORD PTR[48+rdx] - movdqu xmm15,XMMWORD PTR[64+rdx] + sub r9,0x30 + mov rax,0xA040608020C0E000 + movdqu xmm14,XMMWORD[48+rdx] + movdqu xmm15,XMMWORD[64+rdx] - movdqu xmm3,XMMWORD PTR[48+r8] - movdqu xmm11,XMMWORD PTR[32+r8] + movdqu xmm3,XMMWORD[48+r8] + movdqu xmm11,XMMWORD[32+r8] DB 102,65,15,56,0,218 DB 102,69,15,56,0,218 movdqa xmm5,xmm3 @@ -959,11 +961,11 @@ DB 102,68,15,58,68,238,17 DB 102,68,15,58,68,231,16 xorps xmm3,xmm11 xorps xmm5,xmm13 - movups xmm7,XMMWORD PTR[80+rdx] + movups xmm7,XMMWORD[80+rdx] xorps xmm4,xmm12 - movdqu xmm11,XMMWORD PTR[16+r8] - movdqu xmm8,XMMWORD PTR[r8] + movdqu xmm11,XMMWORD[16+r8] + movdqu xmm8,XMMWORD[r8] DB 102,69,15,56,0,218 DB 102,69,15,56,0,194 movdqa xmm13,xmm11 @@ -979,27 +981,27 @@ DB 102,68,15,58,68,231,0 xorps xmm3,xmm11 xorps xmm5,xmm13 - lea r8,QWORD PTR[64+r8] - sub r9,040h - jc $L$tail4x + lea r8,[64+r8] + sub r9,0x40 + jc NEAR $L$tail4x - jmp $L$mod4_loop + jmp NEAR $L$mod4_loop ALIGN 32 -$L$mod4_loop:: +$L$mod4_loop: DB 102,65,15,58,68,199,0 xorps xmm4,xmm12 - movdqu xmm11,XMMWORD PTR[48+r8] + movdqu xmm11,XMMWORD[48+r8] DB 102,69,15,56,0,218 DB 102,65,15,58,68,207,17 xorps xmm0,xmm3 - movdqu xmm3,XMMWORD PTR[32+r8] + movdqu xmm3,XMMWORD[32+r8] movdqa xmm13,xmm11 DB 102,68,15,58,68,199,16 pshufd xmm12,xmm11,78 xorps xmm1,xmm5 pxor xmm12,xmm11 DB 102,65,15,56,0,218 - movups xmm7,XMMWORD PTR[32+rdx] + movups xmm7,XMMWORD[32+rdx] xorps xmm8,xmm4 DB 102,68,15,58,68,218,0 pshufd xmm4,xmm3,78 @@ -1013,7 +1015,7 @@ DB 102,68,15,58,68,234,17 pslldq xmm8,8 psrldq xmm9,8 pxor xmm0,xmm8 - movdqa xmm8,XMMWORD PTR[$L$7_mask] + movdqa xmm8,XMMWORD[$L$7_mask] pxor xmm1,xmm9 DB 102,76,15,110,200 @@ -1028,17 +1030,17 @@ DB 102,15,58,68,222,0 psrldq xmm8,8 pxor xmm0,xmm9 pxor xmm1,xmm8 - movdqu xmm8,XMMWORD PTR[r8] + movdqu xmm8,XMMWORD[r8] movdqa xmm9,xmm0 psrlq xmm0,1 DB 102,15,58,68,238,17 xorps xmm3,xmm11 - movdqu xmm11,XMMWORD PTR[16+r8] + movdqu xmm11,XMMWORD[16+r8] DB 102,69,15,56,0,218 DB 102,15,58,68,231,16 xorps xmm5,xmm13 - movups xmm7,XMMWORD PTR[80+rdx] + movups xmm7,XMMWORD[80+rdx] DB 102,69,15,56,0,194 pxor xmm1,xmm9 pxor xmm9,xmm0 @@ -1062,11 +1064,11 @@ DB 102,69,15,58,68,238,17 DB 102,68,15,58,68,231,0 xorps xmm5,xmm13 - lea r8,QWORD PTR[64+r8] - sub r9,040h - jnc $L$mod4_loop + lea r8,[64+r8] + sub r9,0x40 + jnc NEAR $L$mod4_loop -$L$tail4x:: +$L$tail4x: DB 102,65,15,58,68,199,0 DB 102,65,15,58,68,207,17 DB 102,68,15,58,68,199,16 @@ -1107,19 +1109,19 @@ DB 102,68,15,58,68,199,16 pxor xmm0,xmm4 psrlq xmm0,1 pxor xmm0,xmm1 - add r9,040h - jz $L$done - movdqu xmm7,XMMWORD PTR[32+rdx] - sub r9,010h - jz $L$odd_tail -$L$skip4x:: + add r9,0x40 + jz NEAR $L$done + movdqu xmm7,XMMWORD[32+rdx] + sub r9,0x10 + jz NEAR $L$odd_tail +$L$skip4x: - movdqu xmm8,XMMWORD PTR[r8] - movdqu xmm3,XMMWORD PTR[16+r8] + movdqu xmm8,XMMWORD[r8] + movdqu xmm3,XMMWORD[16+r8] DB 102,69,15,56,0,194 DB 102,65,15,56,0,218 pxor xmm0,xmm8 @@ -1131,15 +1133,15 @@ DB 102,15,58,68,218,0 DB 102,15,58,68,234,17 DB 102,15,58,68,231,0 - lea r8,QWORD PTR[32+r8] + lea r8,[32+r8] nop - sub r9,020h - jbe $L$even_tail + sub r9,0x20 + jbe NEAR $L$even_tail nop - jmp $L$mod_loop + jmp NEAR $L$mod_loop ALIGN 32 -$L$mod_loop:: +$L$mod_loop: movdqa xmm1,xmm0 movdqa xmm8,xmm4 pshufd xmm4,xmm0,78 @@ -1151,10 +1153,10 @@ DB 102,15,58,68,231,16 pxor xmm0,xmm3 pxor xmm1,xmm5 - movdqu xmm9,XMMWORD PTR[r8] + movdqu xmm9,XMMWORD[r8] pxor xmm8,xmm0 DB 102,69,15,56,0,202 - movdqu xmm3,XMMWORD PTR[16+r8] + movdqu xmm3,XMMWORD[16+r8] pxor xmm8,xmm1 pxor xmm1,xmm9 @@ -1191,15 +1193,15 @@ DB 102,15,58,68,234,17 pxor xmm9,xmm0 psrlq xmm0,5 pxor xmm0,xmm9 - lea r8,QWORD PTR[32+r8] + lea r8,[32+r8] psrlq xmm0,1 DB 102,15,58,68,231,0 pxor xmm0,xmm1 - sub r9,020h - ja $L$mod_loop + sub r9,0x20 + ja NEAR $L$mod_loop -$L$even_tail:: +$L$even_tail: movdqa xmm1,xmm0 movdqa xmm8,xmm4 pshufd xmm4,xmm0,78 @@ -1243,10 +1245,10 @@ DB 102,15,58,68,231,16 psrlq xmm0,1 pxor xmm0,xmm1 test r9,r9 - jnz $L$done + jnz NEAR $L$done -$L$odd_tail:: - movdqu xmm8,XMMWORD PTR[r8] +$L$odd_tail: + movdqu xmm8,XMMWORD[r8] DB 102,69,15,56,0,194 pxor xmm0,xmm8 movdqa xmm1,xmm0 @@ -1286,101 +1288,101 @@ DB 102,15,58,68,223,0 pxor xmm0,xmm4 psrlq xmm0,1 pxor xmm0,xmm1 -$L$done:: +$L$done: DB 102,65,15,56,0,194 - movdqu XMMWORD PTR[rcx],xmm0 - movaps xmm6,XMMWORD PTR[rsp] - movaps xmm7,XMMWORD PTR[16+rsp] - movaps xmm8,XMMWORD PTR[32+rsp] - movaps xmm9,XMMWORD PTR[48+rsp] - movaps xmm10,XMMWORD PTR[64+rsp] - movaps xmm11,XMMWORD PTR[80+rsp] - movaps xmm12,XMMWORD PTR[96+rsp] - movaps xmm13,XMMWORD PTR[112+rsp] - movaps xmm14,XMMWORD PTR[128+rsp] - movaps xmm15,XMMWORD PTR[144+rsp] - lea rsp,QWORD PTR[168+rsp] -$L$SEH_end_gcm_ghash_clmul:: + movdqu XMMWORD[rcx],xmm0 + movaps xmm6,XMMWORD[rsp] + movaps xmm7,XMMWORD[16+rsp] + movaps xmm8,XMMWORD[32+rsp] + movaps xmm9,XMMWORD[48+rsp] + movaps xmm10,XMMWORD[64+rsp] + movaps xmm11,XMMWORD[80+rsp] + movaps xmm12,XMMWORD[96+rsp] + movaps xmm13,XMMWORD[112+rsp] + movaps xmm14,XMMWORD[128+rsp] + movaps xmm15,XMMWORD[144+rsp] + lea rsp,[168+rsp] +$L$SEH_end_gcm_ghash_clmul: DB 0F3h,0C3h ;repret -gcm_ghash_clmul ENDP -PUBLIC gcm_init_avx + +global gcm_init_avx ALIGN 32 -gcm_init_avx PROC PUBLIC - jmp $L$_init_clmul -gcm_init_avx ENDP -PUBLIC gcm_gmult_avx +gcm_init_avx: + jmp NEAR $L$_init_clmul + +global gcm_gmult_avx ALIGN 32 -gcm_gmult_avx PROC PUBLIC - jmp $L$_gmult_clmul -gcm_gmult_avx ENDP -PUBLIC gcm_ghash_avx +gcm_gmult_avx: + jmp NEAR $L$_gmult_clmul + +global gcm_ghash_avx ALIGN 32 -gcm_ghash_avx PROC PUBLIC - jmp $L$_ghash_clmul -gcm_ghash_avx ENDP +gcm_ghash_avx: + jmp NEAR $L$_ghash_clmul + ALIGN 64 -$L$bswap_mask:: +$L$bswap_mask: DB 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 -$L$0x1c2_polynomial:: -DB 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0c2h -$L$7_mask:: +$L$0x1c2_polynomial: +DB 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0xc2 +$L$7_mask: DD 7,0,7,0 -$L$7_mask_poly:: +$L$7_mask_poly: DD 7,0,450,0 ALIGN 64 -$L$rem_4bit:: +$L$rem_4bit: DD 0,0,0,471859200,0,943718400,0,610271232 DD 0,1887436800,0,1822425088,0,1220542464,0,1423966208 DD 0,3774873600,0,4246732800,0,3644850176,0,3311403008 DD 0,2441084928,0,2376073216,0,2847932416,0,3051356160 -$L$rem_8bit:: - DW 00000h,001C2h,00384h,00246h,00708h,006CAh,0048Ch,0054Eh - DW 00E10h,00FD2h,00D94h,00C56h,00918h,008DAh,00A9Ch,00B5Eh - DW 01C20h,01DE2h,01FA4h,01E66h,01B28h,01AEAh,018ACh,0196Eh - DW 01230h,013F2h,011B4h,01076h,01538h,014FAh,016BCh,0177Eh - DW 03840h,03982h,03BC4h,03A06h,03F48h,03E8Ah,03CCCh,03D0Eh - DW 03650h,03792h,035D4h,03416h,03158h,0309Ah,032DCh,0331Eh - DW 02460h,025A2h,027E4h,02626h,02368h,022AAh,020ECh,0212Eh - DW 02A70h,02BB2h,029F4h,02836h,02D78h,02CBAh,02EFCh,02F3Eh - DW 07080h,07142h,07304h,072C6h,07788h,0764Ah,0740Ch,075CEh - DW 07E90h,07F52h,07D14h,07CD6h,07998h,0785Ah,07A1Ch,07BDEh - DW 06CA0h,06D62h,06F24h,06EE6h,06BA8h,06A6Ah,0682Ch,069EEh - DW 062B0h,06372h,06134h,060F6h,065B8h,0647Ah,0663Ch,067FEh - DW 048C0h,04902h,04B44h,04A86h,04FC8h,04E0Ah,04C4Ch,04D8Eh - DW 046D0h,04712h,04554h,04496h,041D8h,0401Ah,0425Ch,0439Eh - DW 054E0h,05522h,05764h,056A6h,053E8h,0522Ah,0506Ch,051AEh - DW 05AF0h,05B32h,05974h,058B6h,05DF8h,05C3Ah,05E7Ch,05FBEh - DW 0E100h,0E0C2h,0E284h,0E346h,0E608h,0E7CAh,0E58Ch,0E44Eh - DW 0EF10h,0EED2h,0EC94h,0ED56h,0E818h,0E9DAh,0EB9Ch,0EA5Eh - DW 0FD20h,0FCE2h,0FEA4h,0FF66h,0FA28h,0FBEAh,0F9ACh,0F86Eh - DW 0F330h,0F2F2h,0F0B4h,0F176h,0F438h,0F5FAh,0F7BCh,0F67Eh - DW 0D940h,0D882h,0DAC4h,0DB06h,0DE48h,0DF8Ah,0DDCCh,0DC0Eh - DW 0D750h,0D692h,0D4D4h,0D516h,0D058h,0D19Ah,0D3DCh,0D21Eh - DW 0C560h,0C4A2h,0C6E4h,0C726h,0C268h,0C3AAh,0C1ECh,0C02Eh - DW 0CB70h,0CAB2h,0C8F4h,0C936h,0CC78h,0CDBAh,0CFFCh,0CE3Eh - DW 09180h,09042h,09204h,093C6h,09688h,0974Ah,0950Ch,094CEh - DW 09F90h,09E52h,09C14h,09DD6h,09898h,0995Ah,09B1Ch,09ADEh - DW 08DA0h,08C62h,08E24h,08FE6h,08AA8h,08B6Ah,0892Ch,088EEh - DW 083B0h,08272h,08034h,081F6h,084B8h,0857Ah,0873Ch,086FEh - DW 0A9C0h,0A802h,0AA44h,0AB86h,0AEC8h,0AF0Ah,0AD4Ch,0AC8Eh - DW 0A7D0h,0A612h,0A454h,0A596h,0A0D8h,0A11Ah,0A35Ch,0A29Eh - DW 0B5E0h,0B422h,0B664h,0B7A6h,0B2E8h,0B32Ah,0B16Ch,0B0AEh - DW 0BBF0h,0BA32h,0B874h,0B9B6h,0BCF8h,0BD3Ah,0BF7Ch,0BEBEh +$L$rem_8bit: + DW 0x0000,0x01C2,0x0384,0x0246,0x0708,0x06CA,0x048C,0x054E + DW 0x0E10,0x0FD2,0x0D94,0x0C56,0x0918,0x08DA,0x0A9C,0x0B5E + DW 0x1C20,0x1DE2,0x1FA4,0x1E66,0x1B28,0x1AEA,0x18AC,0x196E + DW 0x1230,0x13F2,0x11B4,0x1076,0x1538,0x14FA,0x16BC,0x177E + DW 0x3840,0x3982,0x3BC4,0x3A06,0x3F48,0x3E8A,0x3CCC,0x3D0E + DW 0x3650,0x3792,0x35D4,0x3416,0x3158,0x309A,0x32DC,0x331E + DW 0x2460,0x25A2,0x27E4,0x2626,0x2368,0x22AA,0x20EC,0x212E + DW 0x2A70,0x2BB2,0x29F4,0x2836,0x2D78,0x2CBA,0x2EFC,0x2F3E + DW 0x7080,0x7142,0x7304,0x72C6,0x7788,0x764A,0x740C,0x75CE + DW 0x7E90,0x7F52,0x7D14,0x7CD6,0x7998,0x785A,0x7A1C,0x7BDE + DW 0x6CA0,0x6D62,0x6F24,0x6EE6,0x6BA8,0x6A6A,0x682C,0x69EE + DW 0x62B0,0x6372,0x6134,0x60F6,0x65B8,0x647A,0x663C,0x67FE + DW 0x48C0,0x4902,0x4B44,0x4A86,0x4FC8,0x4E0A,0x4C4C,0x4D8E + DW 0x46D0,0x4712,0x4554,0x4496,0x41D8,0x401A,0x425C,0x439E + DW 0x54E0,0x5522,0x5764,0x56A6,0x53E8,0x522A,0x506C,0x51AE + DW 0x5AF0,0x5B32,0x5974,0x58B6,0x5DF8,0x5C3A,0x5E7C,0x5FBE + DW 0xE100,0xE0C2,0xE284,0xE346,0xE608,0xE7CA,0xE58C,0xE44E + DW 0xEF10,0xEED2,0xEC94,0xED56,0xE818,0xE9DA,0xEB9C,0xEA5E + DW 0xFD20,0xFCE2,0xFEA4,0xFF66,0xFA28,0xFBEA,0xF9AC,0xF86E + DW 0xF330,0xF2F2,0xF0B4,0xF176,0xF438,0xF5FA,0xF7BC,0xF67E + DW 0xD940,0xD882,0xDAC4,0xDB06,0xDE48,0xDF8A,0xDDCC,0xDC0E + DW 0xD750,0xD692,0xD4D4,0xD516,0xD058,0xD19A,0xD3DC,0xD21E + DW 0xC560,0xC4A2,0xC6E4,0xC726,0xC268,0xC3AA,0xC1EC,0xC02E + DW 0xCB70,0xCAB2,0xC8F4,0xC936,0xCC78,0xCDBA,0xCFFC,0xCE3E + DW 0x9180,0x9042,0x9204,0x93C6,0x9688,0x974A,0x950C,0x94CE + DW 0x9F90,0x9E52,0x9C14,0x9DD6,0x9898,0x995A,0x9B1C,0x9ADE + DW 0x8DA0,0x8C62,0x8E24,0x8FE6,0x8AA8,0x8B6A,0x892C,0x88EE + DW 0x83B0,0x8272,0x8034,0x81F6,0x84B8,0x857A,0x873C,0x86FE + DW 0xA9C0,0xA802,0xAA44,0xAB86,0xAEC8,0xAF0A,0xAD4C,0xAC8E + DW 0xA7D0,0xA612,0xA454,0xA596,0xA0D8,0xA11A,0xA35C,0xA29E + DW 0xB5E0,0xB422,0xB664,0xB7A6,0xB2E8,0xB32A,0xB16C,0xB0AE + DW 0xBBF0,0xBA32,0xB874,0xB9B6,0xBCF8,0xBD3A,0xBF7C,0xBEBE DB 71,72,65,83,72,32,102,111,114,32,120,56,54,95,54,52 DB 44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32 DB 60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111 DB 114,103,62,0 ALIGN 64 -EXTERN __imp_RtlVirtualUnwind:NEAR +EXTERN __imp_RtlVirtualUnwind ALIGN 16 -se_handler PROC PRIVATE +se_handler: push rsi push rdi push rbx @@ -1392,58 +1394,58 @@ se_handler PROC PRIVATE pushfq sub rsp,64 - mov rax,QWORD PTR[120+r8] - mov rbx,QWORD PTR[248+r8] + mov rax,QWORD[120+r8] + mov rbx,QWORD[248+r8] - mov rsi,QWORD PTR[8+r9] - mov r11,QWORD PTR[56+r9] + mov rsi,QWORD[8+r9] + mov r11,QWORD[56+r9] - mov r10d,DWORD PTR[r11] - lea r10,QWORD PTR[r10*1+rsi] + mov r10d,DWORD[r11] + lea r10,[r10*1+rsi] cmp rbx,r10 - jb $L$in_prologue + jb NEAR $L$in_prologue - mov rax,QWORD PTR[152+r8] + mov rax,QWORD[152+r8] - mov r10d,DWORD PTR[4+r11] - lea r10,QWORD PTR[r10*1+rsi] + mov r10d,DWORD[4+r11] + lea r10,[r10*1+rsi] cmp rbx,r10 - jae $L$in_prologue + jae NEAR $L$in_prologue - lea rax,QWORD PTR[24+rax] + lea rax,[24+rax] - mov rbx,QWORD PTR[((-8))+rax] - mov rbp,QWORD PTR[((-16))+rax] - mov r12,QWORD PTR[((-24))+rax] - mov QWORD PTR[144+r8],rbx - mov QWORD PTR[160+r8],rbp - mov QWORD PTR[216+r8],r12 + mov rbx,QWORD[((-8))+rax] + mov rbp,QWORD[((-16))+rax] + mov r12,QWORD[((-24))+rax] + mov QWORD[144+r8],rbx + mov QWORD[160+r8],rbp + mov QWORD[216+r8],r12 -$L$in_prologue:: - mov rdi,QWORD PTR[8+rax] - mov rsi,QWORD PTR[16+rax] - mov QWORD PTR[152+r8],rax - mov QWORD PTR[168+r8],rsi - mov QWORD PTR[176+r8],rdi +$L$in_prologue: + mov rdi,QWORD[8+rax] + mov rsi,QWORD[16+rax] + mov QWORD[152+r8],rax + mov QWORD[168+r8],rsi + mov QWORD[176+r8],rdi - mov rdi,QWORD PTR[40+r9] + mov rdi,QWORD[40+r9] mov rsi,r8 mov ecx,154 - DD 0a548f3fch + DD 0xa548f3fc mov rsi,r9 xor rcx,rcx - mov rdx,QWORD PTR[8+rsi] - mov r8,QWORD PTR[rsi] - mov r9,QWORD PTR[16+rsi] - mov r10,QWORD PTR[40+rsi] - lea r11,QWORD PTR[56+rsi] - lea r12,QWORD PTR[24+rsi] - mov QWORD PTR[32+rsp],r10 - mov QWORD PTR[40+rsp],r11 - mov QWORD PTR[48+rsp],r12 - mov QWORD PTR[56+rsp],rcx - call QWORD PTR[__imp_RtlVirtualUnwind] + mov rdx,QWORD[8+rsi] + mov r8,QWORD[rsi] + mov r9,QWORD[16+rsi] + mov r10,QWORD[40+rsi] + lea r11,[56+rsi] + lea r12,[24+rsi] + mov QWORD[32+rsp],r10 + mov QWORD[40+rsp],r11 + mov QWORD[48+rsp],r12 + mov QWORD[56+rsp],rcx + call QWORD[__imp_RtlVirtualUnwind] mov eax,1 add rsp,64 @@ -1457,54 +1459,49 @@ $L$in_prologue:: pop rdi pop rsi DB 0F3h,0C3h ;repret -se_handler ENDP -.text$ ENDS -.pdata SEGMENT READONLY ALIGN(4) + +section .pdata rdata align=4 ALIGN 4 - DD imagerel $L$SEH_begin_gcm_gmult_4bit - DD imagerel $L$SEH_end_gcm_gmult_4bit - DD imagerel $L$SEH_info_gcm_gmult_4bit - - DD imagerel $L$SEH_begin_gcm_ghash_4bit - DD imagerel $L$SEH_end_gcm_ghash_4bit - DD imagerel $L$SEH_info_gcm_ghash_4bit - - DD imagerel $L$SEH_begin_gcm_init_clmul - DD imagerel $L$SEH_end_gcm_init_clmul - DD imagerel $L$SEH_info_gcm_init_clmul - - DD imagerel $L$SEH_begin_gcm_ghash_clmul - DD imagerel $L$SEH_end_gcm_ghash_clmul - DD imagerel $L$SEH_info_gcm_ghash_clmul -.pdata ENDS -.xdata SEGMENT READONLY ALIGN(8) + DD $L$SEH_begin_gcm_gmult_4bit wrt ..imagebase + DD $L$SEH_end_gcm_gmult_4bit wrt ..imagebase + DD $L$SEH_info_gcm_gmult_4bit wrt ..imagebase + + DD $L$SEH_begin_gcm_ghash_4bit wrt ..imagebase + DD $L$SEH_end_gcm_ghash_4bit wrt ..imagebase + DD $L$SEH_info_gcm_ghash_4bit wrt ..imagebase + + DD $L$SEH_begin_gcm_init_clmul wrt ..imagebase + DD $L$SEH_end_gcm_init_clmul wrt ..imagebase + DD $L$SEH_info_gcm_init_clmul wrt ..imagebase + + DD $L$SEH_begin_gcm_ghash_clmul wrt ..imagebase + DD $L$SEH_end_gcm_ghash_clmul wrt ..imagebase + DD $L$SEH_info_gcm_ghash_clmul wrt ..imagebase +section .xdata rdata align=8 ALIGN 8 -$L$SEH_info_gcm_gmult_4bit:: +$L$SEH_info_gcm_gmult_4bit: DB 9,0,0,0 - DD imagerel se_handler - DD imagerel $L$gmult_prologue,imagerel $L$gmult_epilogue -$L$SEH_info_gcm_ghash_4bit:: + DD se_handler wrt ..imagebase + DD $L$gmult_prologue wrt ..imagebase,$L$gmult_epilogue wrt ..imagebase +$L$SEH_info_gcm_ghash_4bit: DB 9,0,0,0 - DD imagerel se_handler - DD imagerel $L$ghash_prologue,imagerel $L$ghash_epilogue -$L$SEH_info_gcm_init_clmul:: -DB 001h,008h,003h,000h -DB 008h,068h,000h,000h -DB 004h,022h,000h,000h -$L$SEH_info_gcm_ghash_clmul:: -DB 001h,033h,016h,000h -DB 033h,0f8h,009h,000h -DB 02eh,0e8h,008h,000h -DB 029h,0d8h,007h,000h -DB 024h,0c8h,006h,000h -DB 01fh,0b8h,005h,000h -DB 01ah,0a8h,004h,000h -DB 015h,098h,003h,000h -DB 010h,088h,002h,000h -DB 00ch,078h,001h,000h -DB 008h,068h,000h,000h -DB 004h,001h,015h,000h - -.xdata ENDS -END + DD se_handler wrt ..imagebase + DD $L$ghash_prologue wrt ..imagebase,$L$ghash_epilogue wrt ..imagebase +$L$SEH_info_gcm_init_clmul: +DB 0x01,0x08,0x03,0x00 +DB 0x08,0x68,0x00,0x00 +DB 0x04,0x22,0x00,0x00 +$L$SEH_info_gcm_ghash_clmul: +DB 0x01,0x33,0x16,0x00 +DB 0x33,0xf8,0x09,0x00 +DB 0x2e,0xe8,0x08,0x00 +DB 0x29,0xd8,0x07,0x00 +DB 0x24,0xc8,0x06,0x00 +DB 0x1f,0xb8,0x05,0x00 +DB 0x1a,0xa8,0x04,0x00 +DB 0x15,0x98,0x03,0x00 +DB 0x10,0x88,0x02,0x00 +DB 0x0c,0x78,0x01,0x00 +DB 0x08,0x68,0x00,0x00 +DB 0x04,0x01,0x15,0x00 diff --git a/win-x86_64/crypto/rand/rdrand-x86_64.asm b/win-x86_64/crypto/rand/rdrand-x86_64.asm new file mode 100644 index 0000000..a63ea69 --- /dev/null +++ b/win-x86_64/crypto/rand/rdrand-x86_64.asm @@ -0,0 +1,22 @@ +default rel +%define XMMWORD +%define YMMWORD +%define ZMMWORD +section .text code align=64 + + +global CRYPTO_rdrand + +ALIGN 16 +CRYPTO_rdrand: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi + mov rax,rsp +$L$SEH_begin_CRYPTO_rdrand: + mov rdi,rcx + + +DB 0x48,0x0f,0xc7,0xf0 + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] + DB 0F3h,0C3h ;repret diff --git a/win-x86_64/crypto/rc4/rc4-md5-x86_64.asm b/win-x86_64/crypto/rc4/rc4-md5-x86_64.asm index 9d823ae..f1ea965 100644 --- a/win-x86_64/crypto/rc4/rc4-md5-x86_64.asm +++ b/win-x86_64/crypto/rc4/rc4-md5-x86_64.asm @@ -1,24 +1,28 @@ -OPTION DOTNAME -.text$ SEGMENT ALIGN(256) 'CODE' +default rel +%define XMMWORD +%define YMMWORD +%define ZMMWORD +section .text code align=64 + ALIGN 16 -PUBLIC rc4_md5_enc +global rc4_md5_enc -rc4_md5_enc PROC PUBLIC - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +rc4_md5_enc: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_rc4_md5_enc:: +$L$SEH_begin_rc4_md5_enc: mov rdi,rcx mov rsi,rdx mov rdx,r8 mov rcx,r9 - mov r8,QWORD PTR[40+rsp] - mov r9,QWORD PTR[48+rsp] + mov r8,QWORD[40+rsp] + mov r9,QWORD[48+rsp] cmp r9,0 - je $L$abort + je NEAR $L$abort push rbx push rbp push r12 @@ -26,7 +30,7 @@ $L$SEH_begin_rc4_md5_enc:: push r14 push r15 sub rsp,40 -$L$body:: +$L$body: mov r11,rcx mov r12,r9 mov r13,rsi @@ -35,1194 +39,1194 @@ $L$body:: xor rbp,rbp xor rcx,rcx - lea rdi,QWORD PTR[8+rdi] - mov bpl,BYTE PTR[((-8))+rdi] - mov cl,BYTE PTR[((-4))+rdi] + lea rdi,[8+rdi] + mov bpl,BYTE[((-8))+rdi] + mov cl,BYTE[((-4))+rdi] inc bpl sub r14,r13 - mov eax,DWORD PTR[rbp*4+rdi] + mov eax,DWORD[rbp*4+rdi] add cl,al - lea rsi,QWORD PTR[rbp*4+rdi] + lea rsi,[rbp*4+rdi] shl r12,6 add r12,r15 - mov QWORD PTR[16+rsp],r12 + mov QWORD[16+rsp],r12 - mov QWORD PTR[24+rsp],r11 - mov r8d,DWORD PTR[r11] - mov r9d,DWORD PTR[4+r11] - mov r10d,DWORD PTR[8+r11] - mov r11d,DWORD PTR[12+r11] - jmp $L$oop + mov QWORD[24+rsp],r11 + mov r8d,DWORD[r11] + mov r9d,DWORD[4+r11] + mov r10d,DWORD[8+r11] + mov r11d,DWORD[12+r11] + jmp NEAR $L$oop ALIGN 16 -$L$oop:: - mov DWORD PTR[rsp],r8d - mov DWORD PTR[4+rsp],r9d - mov DWORD PTR[8+rsp],r10d +$L$oop: + mov DWORD[rsp],r8d + mov DWORD[4+rsp],r9d + mov DWORD[8+rsp],r10d mov r12d,r11d - mov DWORD PTR[12+rsp],r11d + mov DWORD[12+rsp],r11d pxor xmm0,xmm0 - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r10d - mov DWORD PTR[rcx*4+rdi],eax + mov DWORD[rcx*4+rdi],eax and r12d,r9d - add r8d,DWORD PTR[r15] + add r8d,DWORD[r15] add al,dl - mov ebx,DWORD PTR[4+rsi] + mov ebx,DWORD[4+rsi] add r8d,3614090360 xor r12d,r11d movzx eax,al - mov DWORD PTR[rsi],edx + mov DWORD[rsi],edx add r8d,r12d add cl,bl rol r8d,7 mov r12d,r10d - movd xmm0,DWORD PTR[rax*4+rdi] + movd xmm0,DWORD[rax*4+rdi] add r8d,r9d pxor xmm1,xmm1 - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r9d - mov DWORD PTR[rcx*4+rdi],ebx + mov DWORD[rcx*4+rdi],ebx and r12d,r8d - add r11d,DWORD PTR[4+r15] + add r11d,DWORD[4+r15] add bl,dl - mov eax,DWORD PTR[8+rsi] + mov eax,DWORD[8+rsi] add r11d,3905402710 xor r12d,r10d movzx ebx,bl - mov DWORD PTR[4+rsi],edx + mov DWORD[4+rsi],edx add r11d,r12d add cl,al rol r11d,12 mov r12d,r9d - movd xmm1,DWORD PTR[rbx*4+rdi] + movd xmm1,DWORD[rbx*4+rdi] add r11d,r8d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r8d - mov DWORD PTR[rcx*4+rdi],eax + mov DWORD[rcx*4+rdi],eax and r12d,r11d - add r10d,DWORD PTR[8+r15] + add r10d,DWORD[8+r15] add al,dl - mov ebx,DWORD PTR[12+rsi] + mov ebx,DWORD[12+rsi] add r10d,606105819 xor r12d,r9d movzx eax,al - mov DWORD PTR[8+rsi],edx + mov DWORD[8+rsi],edx add r10d,r12d add cl,bl rol r10d,17 mov r12d,r8d - pinsrw xmm0,WORD PTR[rax*4+rdi],1 + pinsrw xmm0,WORD[rax*4+rdi],1 add r10d,r11d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r11d - mov DWORD PTR[rcx*4+rdi],ebx + mov DWORD[rcx*4+rdi],ebx and r12d,r10d - add r9d,DWORD PTR[12+r15] + add r9d,DWORD[12+r15] add bl,dl - mov eax,DWORD PTR[16+rsi] + mov eax,DWORD[16+rsi] add r9d,3250441966 xor r12d,r8d movzx ebx,bl - mov DWORD PTR[12+rsi],edx + mov DWORD[12+rsi],edx add r9d,r12d add cl,al rol r9d,22 mov r12d,r11d - pinsrw xmm1,WORD PTR[rbx*4+rdi],1 + pinsrw xmm1,WORD[rbx*4+rdi],1 add r9d,r10d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r10d - mov DWORD PTR[rcx*4+rdi],eax + mov DWORD[rcx*4+rdi],eax and r12d,r9d - add r8d,DWORD PTR[16+r15] + add r8d,DWORD[16+r15] add al,dl - mov ebx,DWORD PTR[20+rsi] + mov ebx,DWORD[20+rsi] add r8d,4118548399 xor r12d,r11d movzx eax,al - mov DWORD PTR[16+rsi],edx + mov DWORD[16+rsi],edx add r8d,r12d add cl,bl rol r8d,7 mov r12d,r10d - pinsrw xmm0,WORD PTR[rax*4+rdi],2 + pinsrw xmm0,WORD[rax*4+rdi],2 add r8d,r9d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r9d - mov DWORD PTR[rcx*4+rdi],ebx + mov DWORD[rcx*4+rdi],ebx and r12d,r8d - add r11d,DWORD PTR[20+r15] + add r11d,DWORD[20+r15] add bl,dl - mov eax,DWORD PTR[24+rsi] + mov eax,DWORD[24+rsi] add r11d,1200080426 xor r12d,r10d movzx ebx,bl - mov DWORD PTR[20+rsi],edx + mov DWORD[20+rsi],edx add r11d,r12d add cl,al rol r11d,12 mov r12d,r9d - pinsrw xmm1,WORD PTR[rbx*4+rdi],2 + pinsrw xmm1,WORD[rbx*4+rdi],2 add r11d,r8d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r8d - mov DWORD PTR[rcx*4+rdi],eax + mov DWORD[rcx*4+rdi],eax and r12d,r11d - add r10d,DWORD PTR[24+r15] + add r10d,DWORD[24+r15] add al,dl - mov ebx,DWORD PTR[28+rsi] + mov ebx,DWORD[28+rsi] add r10d,2821735955 xor r12d,r9d movzx eax,al - mov DWORD PTR[24+rsi],edx + mov DWORD[24+rsi],edx add r10d,r12d add cl,bl rol r10d,17 mov r12d,r8d - pinsrw xmm0,WORD PTR[rax*4+rdi],3 + pinsrw xmm0,WORD[rax*4+rdi],3 add r10d,r11d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r11d - mov DWORD PTR[rcx*4+rdi],ebx + mov DWORD[rcx*4+rdi],ebx and r12d,r10d - add r9d,DWORD PTR[28+r15] + add r9d,DWORD[28+r15] add bl,dl - mov eax,DWORD PTR[32+rsi] + mov eax,DWORD[32+rsi] add r9d,4249261313 xor r12d,r8d movzx ebx,bl - mov DWORD PTR[28+rsi],edx + mov DWORD[28+rsi],edx add r9d,r12d add cl,al rol r9d,22 mov r12d,r11d - pinsrw xmm1,WORD PTR[rbx*4+rdi],3 + pinsrw xmm1,WORD[rbx*4+rdi],3 add r9d,r10d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r10d - mov DWORD PTR[rcx*4+rdi],eax + mov DWORD[rcx*4+rdi],eax and r12d,r9d - add r8d,DWORD PTR[32+r15] + add r8d,DWORD[32+r15] add al,dl - mov ebx,DWORD PTR[36+rsi] + mov ebx,DWORD[36+rsi] add r8d,1770035416 xor r12d,r11d movzx eax,al - mov DWORD PTR[32+rsi],edx + mov DWORD[32+rsi],edx add r8d,r12d add cl,bl rol r8d,7 mov r12d,r10d - pinsrw xmm0,WORD PTR[rax*4+rdi],4 + pinsrw xmm0,WORD[rax*4+rdi],4 add r8d,r9d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r9d - mov DWORD PTR[rcx*4+rdi],ebx + mov DWORD[rcx*4+rdi],ebx and r12d,r8d - add r11d,DWORD PTR[36+r15] + add r11d,DWORD[36+r15] add bl,dl - mov eax,DWORD PTR[40+rsi] + mov eax,DWORD[40+rsi] add r11d,2336552879 xor r12d,r10d movzx ebx,bl - mov DWORD PTR[36+rsi],edx + mov DWORD[36+rsi],edx add r11d,r12d add cl,al rol r11d,12 mov r12d,r9d - pinsrw xmm1,WORD PTR[rbx*4+rdi],4 + pinsrw xmm1,WORD[rbx*4+rdi],4 add r11d,r8d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r8d - mov DWORD PTR[rcx*4+rdi],eax + mov DWORD[rcx*4+rdi],eax and r12d,r11d - add r10d,DWORD PTR[40+r15] + add r10d,DWORD[40+r15] add al,dl - mov ebx,DWORD PTR[44+rsi] + mov ebx,DWORD[44+rsi] add r10d,4294925233 xor r12d,r9d movzx eax,al - mov DWORD PTR[40+rsi],edx + mov DWORD[40+rsi],edx add r10d,r12d add cl,bl rol r10d,17 mov r12d,r8d - pinsrw xmm0,WORD PTR[rax*4+rdi],5 + pinsrw xmm0,WORD[rax*4+rdi],5 add r10d,r11d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r11d - mov DWORD PTR[rcx*4+rdi],ebx + mov DWORD[rcx*4+rdi],ebx and r12d,r10d - add r9d,DWORD PTR[44+r15] + add r9d,DWORD[44+r15] add bl,dl - mov eax,DWORD PTR[48+rsi] + mov eax,DWORD[48+rsi] add r9d,2304563134 xor r12d,r8d movzx ebx,bl - mov DWORD PTR[44+rsi],edx + mov DWORD[44+rsi],edx add r9d,r12d add cl,al rol r9d,22 mov r12d,r11d - pinsrw xmm1,WORD PTR[rbx*4+rdi],5 + pinsrw xmm1,WORD[rbx*4+rdi],5 add r9d,r10d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r10d - mov DWORD PTR[rcx*4+rdi],eax + mov DWORD[rcx*4+rdi],eax and r12d,r9d - add r8d,DWORD PTR[48+r15] + add r8d,DWORD[48+r15] add al,dl - mov ebx,DWORD PTR[52+rsi] + mov ebx,DWORD[52+rsi] add r8d,1804603682 xor r12d,r11d movzx eax,al - mov DWORD PTR[48+rsi],edx + mov DWORD[48+rsi],edx add r8d,r12d add cl,bl rol r8d,7 mov r12d,r10d - pinsrw xmm0,WORD PTR[rax*4+rdi],6 + pinsrw xmm0,WORD[rax*4+rdi],6 add r8d,r9d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r9d - mov DWORD PTR[rcx*4+rdi],ebx + mov DWORD[rcx*4+rdi],ebx and r12d,r8d - add r11d,DWORD PTR[52+r15] + add r11d,DWORD[52+r15] add bl,dl - mov eax,DWORD PTR[56+rsi] + mov eax,DWORD[56+rsi] add r11d,4254626195 xor r12d,r10d movzx ebx,bl - mov DWORD PTR[52+rsi],edx + mov DWORD[52+rsi],edx add r11d,r12d add cl,al rol r11d,12 mov r12d,r9d - pinsrw xmm1,WORD PTR[rbx*4+rdi],6 + pinsrw xmm1,WORD[rbx*4+rdi],6 add r11d,r8d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r8d - mov DWORD PTR[rcx*4+rdi],eax + mov DWORD[rcx*4+rdi],eax and r12d,r11d - add r10d,DWORD PTR[56+r15] + add r10d,DWORD[56+r15] add al,dl - mov ebx,DWORD PTR[60+rsi] + mov ebx,DWORD[60+rsi] add r10d,2792965006 xor r12d,r9d movzx eax,al - mov DWORD PTR[56+rsi],edx + mov DWORD[56+rsi],edx add r10d,r12d add cl,bl rol r10d,17 mov r12d,r8d - pinsrw xmm0,WORD PTR[rax*4+rdi],7 + pinsrw xmm0,WORD[rax*4+rdi],7 add r10d,r11d - movdqu xmm2,XMMWORD PTR[r13] - mov edx,DWORD PTR[rcx*4+rdi] + movdqu xmm2,XMMWORD[r13] + mov edx,DWORD[rcx*4+rdi] xor r12d,r11d - mov DWORD PTR[rcx*4+rdi],ebx + mov DWORD[rcx*4+rdi],ebx and r12d,r10d - add r9d,DWORD PTR[60+r15] + add r9d,DWORD[60+r15] add bl,dl - mov eax,DWORD PTR[64+rsi] + mov eax,DWORD[64+rsi] add r9d,1236535329 xor r12d,r8d movzx ebx,bl - mov DWORD PTR[60+rsi],edx + mov DWORD[60+rsi],edx add r9d,r12d add cl,al rol r9d,22 mov r12d,r10d - pinsrw xmm1,WORD PTR[rbx*4+rdi],7 + pinsrw xmm1,WORD[rbx*4+rdi],7 add r9d,r10d psllq xmm1,8 pxor xmm2,xmm0 pxor xmm2,xmm1 pxor xmm0,xmm0 - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r9d - mov DWORD PTR[rcx*4+rdi],eax + mov DWORD[rcx*4+rdi],eax and r12d,r11d - add r8d,DWORD PTR[4+r15] + add r8d,DWORD[4+r15] add al,dl - mov ebx,DWORD PTR[68+rsi] + mov ebx,DWORD[68+rsi] add r8d,4129170786 xor r12d,r10d movzx eax,al - mov DWORD PTR[64+rsi],edx + mov DWORD[64+rsi],edx add r8d,r12d add cl,bl rol r8d,5 mov r12d,r9d - movd xmm0,DWORD PTR[rax*4+rdi] + movd xmm0,DWORD[rax*4+rdi] add r8d,r9d pxor xmm1,xmm1 - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r8d - mov DWORD PTR[rcx*4+rdi],ebx + mov DWORD[rcx*4+rdi],ebx and r12d,r10d - add r11d,DWORD PTR[24+r15] + add r11d,DWORD[24+r15] add bl,dl - mov eax,DWORD PTR[72+rsi] + mov eax,DWORD[72+rsi] add r11d,3225465664 xor r12d,r9d movzx ebx,bl - mov DWORD PTR[68+rsi],edx + mov DWORD[68+rsi],edx add r11d,r12d add cl,al rol r11d,9 mov r12d,r8d - movd xmm1,DWORD PTR[rbx*4+rdi] + movd xmm1,DWORD[rbx*4+rdi] add r11d,r8d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r11d - mov DWORD PTR[rcx*4+rdi],eax + mov DWORD[rcx*4+rdi],eax and r12d,r9d - add r10d,DWORD PTR[44+r15] + add r10d,DWORD[44+r15] add al,dl - mov ebx,DWORD PTR[76+rsi] + mov ebx,DWORD[76+rsi] add r10d,643717713 xor r12d,r8d movzx eax,al - mov DWORD PTR[72+rsi],edx + mov DWORD[72+rsi],edx add r10d,r12d add cl,bl rol r10d,14 mov r12d,r11d - pinsrw xmm0,WORD PTR[rax*4+rdi],1 + pinsrw xmm0,WORD[rax*4+rdi],1 add r10d,r11d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r10d - mov DWORD PTR[rcx*4+rdi],ebx + mov DWORD[rcx*4+rdi],ebx and r12d,r8d - add r9d,DWORD PTR[r15] + add r9d,DWORD[r15] add bl,dl - mov eax,DWORD PTR[80+rsi] + mov eax,DWORD[80+rsi] add r9d,3921069994 xor r12d,r11d movzx ebx,bl - mov DWORD PTR[76+rsi],edx + mov DWORD[76+rsi],edx add r9d,r12d add cl,al rol r9d,20 mov r12d,r10d - pinsrw xmm1,WORD PTR[rbx*4+rdi],1 + pinsrw xmm1,WORD[rbx*4+rdi],1 add r9d,r10d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r9d - mov DWORD PTR[rcx*4+rdi],eax + mov DWORD[rcx*4+rdi],eax and r12d,r11d - add r8d,DWORD PTR[20+r15] + add r8d,DWORD[20+r15] add al,dl - mov ebx,DWORD PTR[84+rsi] + mov ebx,DWORD[84+rsi] add r8d,3593408605 xor r12d,r10d movzx eax,al - mov DWORD PTR[80+rsi],edx + mov DWORD[80+rsi],edx add r8d,r12d add cl,bl rol r8d,5 mov r12d,r9d - pinsrw xmm0,WORD PTR[rax*4+rdi],2 + pinsrw xmm0,WORD[rax*4+rdi],2 add r8d,r9d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r8d - mov DWORD PTR[rcx*4+rdi],ebx + mov DWORD[rcx*4+rdi],ebx and r12d,r10d - add r11d,DWORD PTR[40+r15] + add r11d,DWORD[40+r15] add bl,dl - mov eax,DWORD PTR[88+rsi] + mov eax,DWORD[88+rsi] add r11d,38016083 xor r12d,r9d movzx ebx,bl - mov DWORD PTR[84+rsi],edx + mov DWORD[84+rsi],edx add r11d,r12d add cl,al rol r11d,9 mov r12d,r8d - pinsrw xmm1,WORD PTR[rbx*4+rdi],2 + pinsrw xmm1,WORD[rbx*4+rdi],2 add r11d,r8d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r11d - mov DWORD PTR[rcx*4+rdi],eax + mov DWORD[rcx*4+rdi],eax and r12d,r9d - add r10d,DWORD PTR[60+r15] + add r10d,DWORD[60+r15] add al,dl - mov ebx,DWORD PTR[92+rsi] + mov ebx,DWORD[92+rsi] add r10d,3634488961 xor r12d,r8d movzx eax,al - mov DWORD PTR[88+rsi],edx + mov DWORD[88+rsi],edx add r10d,r12d add cl,bl rol r10d,14 mov r12d,r11d - pinsrw xmm0,WORD PTR[rax*4+rdi],3 + pinsrw xmm0,WORD[rax*4+rdi],3 add r10d,r11d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r10d - mov DWORD PTR[rcx*4+rdi],ebx + mov DWORD[rcx*4+rdi],ebx and r12d,r8d - add r9d,DWORD PTR[16+r15] + add r9d,DWORD[16+r15] add bl,dl - mov eax,DWORD PTR[96+rsi] + mov eax,DWORD[96+rsi] add r9d,3889429448 xor r12d,r11d movzx ebx,bl - mov DWORD PTR[92+rsi],edx + mov DWORD[92+rsi],edx add r9d,r12d add cl,al rol r9d,20 mov r12d,r10d - pinsrw xmm1,WORD PTR[rbx*4+rdi],3 + pinsrw xmm1,WORD[rbx*4+rdi],3 add r9d,r10d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r9d - mov DWORD PTR[rcx*4+rdi],eax + mov DWORD[rcx*4+rdi],eax and r12d,r11d - add r8d,DWORD PTR[36+r15] + add r8d,DWORD[36+r15] add al,dl - mov ebx,DWORD PTR[100+rsi] + mov ebx,DWORD[100+rsi] add r8d,568446438 xor r12d,r10d movzx eax,al - mov DWORD PTR[96+rsi],edx + mov DWORD[96+rsi],edx add r8d,r12d add cl,bl rol r8d,5 mov r12d,r9d - pinsrw xmm0,WORD PTR[rax*4+rdi],4 + pinsrw xmm0,WORD[rax*4+rdi],4 add r8d,r9d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r8d - mov DWORD PTR[rcx*4+rdi],ebx + mov DWORD[rcx*4+rdi],ebx and r12d,r10d - add r11d,DWORD PTR[56+r15] + add r11d,DWORD[56+r15] add bl,dl - mov eax,DWORD PTR[104+rsi] + mov eax,DWORD[104+rsi] add r11d,3275163606 xor r12d,r9d movzx ebx,bl - mov DWORD PTR[100+rsi],edx + mov DWORD[100+rsi],edx add r11d,r12d add cl,al rol r11d,9 mov r12d,r8d - pinsrw xmm1,WORD PTR[rbx*4+rdi],4 + pinsrw xmm1,WORD[rbx*4+rdi],4 add r11d,r8d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r11d - mov DWORD PTR[rcx*4+rdi],eax + mov DWORD[rcx*4+rdi],eax and r12d,r9d - add r10d,DWORD PTR[12+r15] + add r10d,DWORD[12+r15] add al,dl - mov ebx,DWORD PTR[108+rsi] + mov ebx,DWORD[108+rsi] add r10d,4107603335 xor r12d,r8d movzx eax,al - mov DWORD PTR[104+rsi],edx + mov DWORD[104+rsi],edx add r10d,r12d add cl,bl rol r10d,14 mov r12d,r11d - pinsrw xmm0,WORD PTR[rax*4+rdi],5 + pinsrw xmm0,WORD[rax*4+rdi],5 add r10d,r11d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r10d - mov DWORD PTR[rcx*4+rdi],ebx + mov DWORD[rcx*4+rdi],ebx and r12d,r8d - add r9d,DWORD PTR[32+r15] + add r9d,DWORD[32+r15] add bl,dl - mov eax,DWORD PTR[112+rsi] + mov eax,DWORD[112+rsi] add r9d,1163531501 xor r12d,r11d movzx ebx,bl - mov DWORD PTR[108+rsi],edx + mov DWORD[108+rsi],edx add r9d,r12d add cl,al rol r9d,20 mov r12d,r10d - pinsrw xmm1,WORD PTR[rbx*4+rdi],5 + pinsrw xmm1,WORD[rbx*4+rdi],5 add r9d,r10d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r9d - mov DWORD PTR[rcx*4+rdi],eax + mov DWORD[rcx*4+rdi],eax and r12d,r11d - add r8d,DWORD PTR[52+r15] + add r8d,DWORD[52+r15] add al,dl - mov ebx,DWORD PTR[116+rsi] + mov ebx,DWORD[116+rsi] add r8d,2850285829 xor r12d,r10d movzx eax,al - mov DWORD PTR[112+rsi],edx + mov DWORD[112+rsi],edx add r8d,r12d add cl,bl rol r8d,5 mov r12d,r9d - pinsrw xmm0,WORD PTR[rax*4+rdi],6 + pinsrw xmm0,WORD[rax*4+rdi],6 add r8d,r9d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r8d - mov DWORD PTR[rcx*4+rdi],ebx + mov DWORD[rcx*4+rdi],ebx and r12d,r10d - add r11d,DWORD PTR[8+r15] + add r11d,DWORD[8+r15] add bl,dl - mov eax,DWORD PTR[120+rsi] + mov eax,DWORD[120+rsi] add r11d,4243563512 xor r12d,r9d movzx ebx,bl - mov DWORD PTR[116+rsi],edx + mov DWORD[116+rsi],edx add r11d,r12d add cl,al rol r11d,9 mov r12d,r8d - pinsrw xmm1,WORD PTR[rbx*4+rdi],6 + pinsrw xmm1,WORD[rbx*4+rdi],6 add r11d,r8d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r11d - mov DWORD PTR[rcx*4+rdi],eax + mov DWORD[rcx*4+rdi],eax and r12d,r9d - add r10d,DWORD PTR[28+r15] + add r10d,DWORD[28+r15] add al,dl - mov ebx,DWORD PTR[124+rsi] + mov ebx,DWORD[124+rsi] add r10d,1735328473 xor r12d,r8d movzx eax,al - mov DWORD PTR[120+rsi],edx + mov DWORD[120+rsi],edx add r10d,r12d add cl,bl rol r10d,14 mov r12d,r11d - pinsrw xmm0,WORD PTR[rax*4+rdi],7 + pinsrw xmm0,WORD[rax*4+rdi],7 add r10d,r11d - movdqu xmm3,XMMWORD PTR[16+r13] + movdqu xmm3,XMMWORD[16+r13] add bpl,32 - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r10d - mov DWORD PTR[rcx*4+rdi],ebx + mov DWORD[rcx*4+rdi],ebx and r12d,r8d - add r9d,DWORD PTR[48+r15] + add r9d,DWORD[48+r15] add bl,dl - mov eax,DWORD PTR[rbp*4+rdi] + mov eax,DWORD[rbp*4+rdi] add r9d,2368359562 xor r12d,r11d movzx ebx,bl - mov DWORD PTR[124+rsi],edx + mov DWORD[124+rsi],edx add r9d,r12d add cl,al rol r9d,20 mov r12d,r11d - pinsrw xmm1,WORD PTR[rbx*4+rdi],7 + pinsrw xmm1,WORD[rbx*4+rdi],7 add r9d,r10d mov rsi,rcx xor rcx,rcx mov cl,sil - lea rsi,QWORD PTR[rbp*4+rdi] + lea rsi,[rbp*4+rdi] psllq xmm1,8 pxor xmm3,xmm0 pxor xmm3,xmm1 pxor xmm0,xmm0 - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r10d - mov DWORD PTR[rcx*4+rdi],eax + mov DWORD[rcx*4+rdi],eax xor r12d,r9d - add r8d,DWORD PTR[20+r15] + add r8d,DWORD[20+r15] add al,dl - mov ebx,DWORD PTR[4+rsi] + mov ebx,DWORD[4+rsi] add r8d,4294588738 movzx eax,al add r8d,r12d - mov DWORD PTR[rsi],edx + mov DWORD[rsi],edx add cl,bl rol r8d,4 mov r12d,r10d - movd xmm0,DWORD PTR[rax*4+rdi] + movd xmm0,DWORD[rax*4+rdi] add r8d,r9d pxor xmm1,xmm1 - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r9d - mov DWORD PTR[rcx*4+rdi],ebx + mov DWORD[rcx*4+rdi],ebx xor r12d,r8d - add r11d,DWORD PTR[32+r15] + add r11d,DWORD[32+r15] add bl,dl - mov eax,DWORD PTR[8+rsi] + mov eax,DWORD[8+rsi] add r11d,2272392833 movzx ebx,bl add r11d,r12d - mov DWORD PTR[4+rsi],edx + mov DWORD[4+rsi],edx add cl,al rol r11d,11 mov r12d,r9d - movd xmm1,DWORD PTR[rbx*4+rdi] + movd xmm1,DWORD[rbx*4+rdi] add r11d,r8d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r8d - mov DWORD PTR[rcx*4+rdi],eax + mov DWORD[rcx*4+rdi],eax xor r12d,r11d - add r10d,DWORD PTR[44+r15] + add r10d,DWORD[44+r15] add al,dl - mov ebx,DWORD PTR[12+rsi] + mov ebx,DWORD[12+rsi] add r10d,1839030562 movzx eax,al add r10d,r12d - mov DWORD PTR[8+rsi],edx + mov DWORD[8+rsi],edx add cl,bl rol r10d,16 mov r12d,r8d - pinsrw xmm0,WORD PTR[rax*4+rdi],1 + pinsrw xmm0,WORD[rax*4+rdi],1 add r10d,r11d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r11d - mov DWORD PTR[rcx*4+rdi],ebx + mov DWORD[rcx*4+rdi],ebx xor r12d,r10d - add r9d,DWORD PTR[56+r15] + add r9d,DWORD[56+r15] add bl,dl - mov eax,DWORD PTR[16+rsi] + mov eax,DWORD[16+rsi] add r9d,4259657740 movzx ebx,bl add r9d,r12d - mov DWORD PTR[12+rsi],edx + mov DWORD[12+rsi],edx add cl,al rol r9d,23 mov r12d,r11d - pinsrw xmm1,WORD PTR[rbx*4+rdi],1 + pinsrw xmm1,WORD[rbx*4+rdi],1 add r9d,r10d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r10d - mov DWORD PTR[rcx*4+rdi],eax + mov DWORD[rcx*4+rdi],eax xor r12d,r9d - add r8d,DWORD PTR[4+r15] + add r8d,DWORD[4+r15] add al,dl - mov ebx,DWORD PTR[20+rsi] + mov ebx,DWORD[20+rsi] add r8d,2763975236 movzx eax,al add r8d,r12d - mov DWORD PTR[16+rsi],edx + mov DWORD[16+rsi],edx add cl,bl rol r8d,4 mov r12d,r10d - pinsrw xmm0,WORD PTR[rax*4+rdi],2 + pinsrw xmm0,WORD[rax*4+rdi],2 add r8d,r9d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r9d - mov DWORD PTR[rcx*4+rdi],ebx + mov DWORD[rcx*4+rdi],ebx xor r12d,r8d - add r11d,DWORD PTR[16+r15] + add r11d,DWORD[16+r15] add bl,dl - mov eax,DWORD PTR[24+rsi] + mov eax,DWORD[24+rsi] add r11d,1272893353 movzx ebx,bl add r11d,r12d - mov DWORD PTR[20+rsi],edx + mov DWORD[20+rsi],edx add cl,al rol r11d,11 mov r12d,r9d - pinsrw xmm1,WORD PTR[rbx*4+rdi],2 + pinsrw xmm1,WORD[rbx*4+rdi],2 add r11d,r8d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r8d - mov DWORD PTR[rcx*4+rdi],eax + mov DWORD[rcx*4+rdi],eax xor r12d,r11d - add r10d,DWORD PTR[28+r15] + add r10d,DWORD[28+r15] add al,dl - mov ebx,DWORD PTR[28+rsi] + mov ebx,DWORD[28+rsi] add r10d,4139469664 movzx eax,al add r10d,r12d - mov DWORD PTR[24+rsi],edx + mov DWORD[24+rsi],edx add cl,bl rol r10d,16 mov r12d,r8d - pinsrw xmm0,WORD PTR[rax*4+rdi],3 + pinsrw xmm0,WORD[rax*4+rdi],3 add r10d,r11d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r11d - mov DWORD PTR[rcx*4+rdi],ebx + mov DWORD[rcx*4+rdi],ebx xor r12d,r10d - add r9d,DWORD PTR[40+r15] + add r9d,DWORD[40+r15] add bl,dl - mov eax,DWORD PTR[32+rsi] + mov eax,DWORD[32+rsi] add r9d,3200236656 movzx ebx,bl add r9d,r12d - mov DWORD PTR[28+rsi],edx + mov DWORD[28+rsi],edx add cl,al rol r9d,23 mov r12d,r11d - pinsrw xmm1,WORD PTR[rbx*4+rdi],3 + pinsrw xmm1,WORD[rbx*4+rdi],3 add r9d,r10d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r10d - mov DWORD PTR[rcx*4+rdi],eax + mov DWORD[rcx*4+rdi],eax xor r12d,r9d - add r8d,DWORD PTR[52+r15] + add r8d,DWORD[52+r15] add al,dl - mov ebx,DWORD PTR[36+rsi] + mov ebx,DWORD[36+rsi] add r8d,681279174 movzx eax,al add r8d,r12d - mov DWORD PTR[32+rsi],edx + mov DWORD[32+rsi],edx add cl,bl rol r8d,4 mov r12d,r10d - pinsrw xmm0,WORD PTR[rax*4+rdi],4 + pinsrw xmm0,WORD[rax*4+rdi],4 add r8d,r9d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r9d - mov DWORD PTR[rcx*4+rdi],ebx + mov DWORD[rcx*4+rdi],ebx xor r12d,r8d - add r11d,DWORD PTR[r15] + add r11d,DWORD[r15] add bl,dl - mov eax,DWORD PTR[40+rsi] + mov eax,DWORD[40+rsi] add r11d,3936430074 movzx ebx,bl add r11d,r12d - mov DWORD PTR[36+rsi],edx + mov DWORD[36+rsi],edx add cl,al rol r11d,11 mov r12d,r9d - pinsrw xmm1,WORD PTR[rbx*4+rdi],4 + pinsrw xmm1,WORD[rbx*4+rdi],4 add r11d,r8d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r8d - mov DWORD PTR[rcx*4+rdi],eax + mov DWORD[rcx*4+rdi],eax xor r12d,r11d - add r10d,DWORD PTR[12+r15] + add r10d,DWORD[12+r15] add al,dl - mov ebx,DWORD PTR[44+rsi] + mov ebx,DWORD[44+rsi] add r10d,3572445317 movzx eax,al add r10d,r12d - mov DWORD PTR[40+rsi],edx + mov DWORD[40+rsi],edx add cl,bl rol r10d,16 mov r12d,r8d - pinsrw xmm0,WORD PTR[rax*4+rdi],5 + pinsrw xmm0,WORD[rax*4+rdi],5 add r10d,r11d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r11d - mov DWORD PTR[rcx*4+rdi],ebx + mov DWORD[rcx*4+rdi],ebx xor r12d,r10d - add r9d,DWORD PTR[24+r15] + add r9d,DWORD[24+r15] add bl,dl - mov eax,DWORD PTR[48+rsi] + mov eax,DWORD[48+rsi] add r9d,76029189 movzx ebx,bl add r9d,r12d - mov DWORD PTR[44+rsi],edx + mov DWORD[44+rsi],edx add cl,al rol r9d,23 mov r12d,r11d - pinsrw xmm1,WORD PTR[rbx*4+rdi],5 + pinsrw xmm1,WORD[rbx*4+rdi],5 add r9d,r10d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r10d - mov DWORD PTR[rcx*4+rdi],eax + mov DWORD[rcx*4+rdi],eax xor r12d,r9d - add r8d,DWORD PTR[36+r15] + add r8d,DWORD[36+r15] add al,dl - mov ebx,DWORD PTR[52+rsi] + mov ebx,DWORD[52+rsi] add r8d,3654602809 movzx eax,al add r8d,r12d - mov DWORD PTR[48+rsi],edx + mov DWORD[48+rsi],edx add cl,bl rol r8d,4 mov r12d,r10d - pinsrw xmm0,WORD PTR[rax*4+rdi],6 + pinsrw xmm0,WORD[rax*4+rdi],6 add r8d,r9d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r9d - mov DWORD PTR[rcx*4+rdi],ebx + mov DWORD[rcx*4+rdi],ebx xor r12d,r8d - add r11d,DWORD PTR[48+r15] + add r11d,DWORD[48+r15] add bl,dl - mov eax,DWORD PTR[56+rsi] + mov eax,DWORD[56+rsi] add r11d,3873151461 movzx ebx,bl add r11d,r12d - mov DWORD PTR[52+rsi],edx + mov DWORD[52+rsi],edx add cl,al rol r11d,11 mov r12d,r9d - pinsrw xmm1,WORD PTR[rbx*4+rdi],6 + pinsrw xmm1,WORD[rbx*4+rdi],6 add r11d,r8d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r8d - mov DWORD PTR[rcx*4+rdi],eax + mov DWORD[rcx*4+rdi],eax xor r12d,r11d - add r10d,DWORD PTR[60+r15] + add r10d,DWORD[60+r15] add al,dl - mov ebx,DWORD PTR[60+rsi] + mov ebx,DWORD[60+rsi] add r10d,530742520 movzx eax,al add r10d,r12d - mov DWORD PTR[56+rsi],edx + mov DWORD[56+rsi],edx add cl,bl rol r10d,16 mov r12d,r8d - pinsrw xmm0,WORD PTR[rax*4+rdi],7 + pinsrw xmm0,WORD[rax*4+rdi],7 add r10d,r11d - movdqu xmm4,XMMWORD PTR[32+r13] - mov edx,DWORD PTR[rcx*4+rdi] + movdqu xmm4,XMMWORD[32+r13] + mov edx,DWORD[rcx*4+rdi] xor r12d,r11d - mov DWORD PTR[rcx*4+rdi],ebx + mov DWORD[rcx*4+rdi],ebx xor r12d,r10d - add r9d,DWORD PTR[8+r15] + add r9d,DWORD[8+r15] add bl,dl - mov eax,DWORD PTR[64+rsi] + mov eax,DWORD[64+rsi] add r9d,3299628645 movzx ebx,bl add r9d,r12d - mov DWORD PTR[60+rsi],edx + mov DWORD[60+rsi],edx add cl,al rol r9d,23 mov r12d,-1 - pinsrw xmm1,WORD PTR[rbx*4+rdi],7 + pinsrw xmm1,WORD[rbx*4+rdi],7 add r9d,r10d psllq xmm1,8 pxor xmm4,xmm0 pxor xmm4,xmm1 pxor xmm0,xmm0 - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r11d - mov DWORD PTR[rcx*4+rdi],eax + mov DWORD[rcx*4+rdi],eax or r12d,r9d - add r8d,DWORD PTR[r15] + add r8d,DWORD[r15] add al,dl - mov ebx,DWORD PTR[68+rsi] + mov ebx,DWORD[68+rsi] add r8d,4096336452 movzx eax,al xor r12d,r10d - mov DWORD PTR[64+rsi],edx + mov DWORD[64+rsi],edx add r8d,r12d add cl,bl rol r8d,6 mov r12d,-1 - movd xmm0,DWORD PTR[rax*4+rdi] + movd xmm0,DWORD[rax*4+rdi] add r8d,r9d pxor xmm1,xmm1 - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r10d - mov DWORD PTR[rcx*4+rdi],ebx + mov DWORD[rcx*4+rdi],ebx or r12d,r8d - add r11d,DWORD PTR[28+r15] + add r11d,DWORD[28+r15] add bl,dl - mov eax,DWORD PTR[72+rsi] + mov eax,DWORD[72+rsi] add r11d,1126891415 movzx ebx,bl xor r12d,r9d - mov DWORD PTR[68+rsi],edx + mov DWORD[68+rsi],edx add r11d,r12d add cl,al rol r11d,10 mov r12d,-1 - movd xmm1,DWORD PTR[rbx*4+rdi] + movd xmm1,DWORD[rbx*4+rdi] add r11d,r8d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r9d - mov DWORD PTR[rcx*4+rdi],eax + mov DWORD[rcx*4+rdi],eax or r12d,r11d - add r10d,DWORD PTR[56+r15] + add r10d,DWORD[56+r15] add al,dl - mov ebx,DWORD PTR[76+rsi] + mov ebx,DWORD[76+rsi] add r10d,2878612391 movzx eax,al xor r12d,r8d - mov DWORD PTR[72+rsi],edx + mov DWORD[72+rsi],edx add r10d,r12d add cl,bl rol r10d,15 mov r12d,-1 - pinsrw xmm0,WORD PTR[rax*4+rdi],1 + pinsrw xmm0,WORD[rax*4+rdi],1 add r10d,r11d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r8d - mov DWORD PTR[rcx*4+rdi],ebx + mov DWORD[rcx*4+rdi],ebx or r12d,r10d - add r9d,DWORD PTR[20+r15] + add r9d,DWORD[20+r15] add bl,dl - mov eax,DWORD PTR[80+rsi] + mov eax,DWORD[80+rsi] add r9d,4237533241 movzx ebx,bl xor r12d,r11d - mov DWORD PTR[76+rsi],edx + mov DWORD[76+rsi],edx add r9d,r12d add cl,al rol r9d,21 mov r12d,-1 - pinsrw xmm1,WORD PTR[rbx*4+rdi],1 + pinsrw xmm1,WORD[rbx*4+rdi],1 add r9d,r10d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r11d - mov DWORD PTR[rcx*4+rdi],eax + mov DWORD[rcx*4+rdi],eax or r12d,r9d - add r8d,DWORD PTR[48+r15] + add r8d,DWORD[48+r15] add al,dl - mov ebx,DWORD PTR[84+rsi] + mov ebx,DWORD[84+rsi] add r8d,1700485571 movzx eax,al xor r12d,r10d - mov DWORD PTR[80+rsi],edx + mov DWORD[80+rsi],edx add r8d,r12d add cl,bl rol r8d,6 mov r12d,-1 - pinsrw xmm0,WORD PTR[rax*4+rdi],2 + pinsrw xmm0,WORD[rax*4+rdi],2 add r8d,r9d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r10d - mov DWORD PTR[rcx*4+rdi],ebx + mov DWORD[rcx*4+rdi],ebx or r12d,r8d - add r11d,DWORD PTR[12+r15] + add r11d,DWORD[12+r15] add bl,dl - mov eax,DWORD PTR[88+rsi] + mov eax,DWORD[88+rsi] add r11d,2399980690 movzx ebx,bl xor r12d,r9d - mov DWORD PTR[84+rsi],edx + mov DWORD[84+rsi],edx add r11d,r12d add cl,al rol r11d,10 mov r12d,-1 - pinsrw xmm1,WORD PTR[rbx*4+rdi],2 + pinsrw xmm1,WORD[rbx*4+rdi],2 add r11d,r8d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r9d - mov DWORD PTR[rcx*4+rdi],eax + mov DWORD[rcx*4+rdi],eax or r12d,r11d - add r10d,DWORD PTR[40+r15] + add r10d,DWORD[40+r15] add al,dl - mov ebx,DWORD PTR[92+rsi] + mov ebx,DWORD[92+rsi] add r10d,4293915773 movzx eax,al xor r12d,r8d - mov DWORD PTR[88+rsi],edx + mov DWORD[88+rsi],edx add r10d,r12d add cl,bl rol r10d,15 mov r12d,-1 - pinsrw xmm0,WORD PTR[rax*4+rdi],3 + pinsrw xmm0,WORD[rax*4+rdi],3 add r10d,r11d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r8d - mov DWORD PTR[rcx*4+rdi],ebx + mov DWORD[rcx*4+rdi],ebx or r12d,r10d - add r9d,DWORD PTR[4+r15] + add r9d,DWORD[4+r15] add bl,dl - mov eax,DWORD PTR[96+rsi] + mov eax,DWORD[96+rsi] add r9d,2240044497 movzx ebx,bl xor r12d,r11d - mov DWORD PTR[92+rsi],edx + mov DWORD[92+rsi],edx add r9d,r12d add cl,al rol r9d,21 mov r12d,-1 - pinsrw xmm1,WORD PTR[rbx*4+rdi],3 + pinsrw xmm1,WORD[rbx*4+rdi],3 add r9d,r10d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r11d - mov DWORD PTR[rcx*4+rdi],eax + mov DWORD[rcx*4+rdi],eax or r12d,r9d - add r8d,DWORD PTR[32+r15] + add r8d,DWORD[32+r15] add al,dl - mov ebx,DWORD PTR[100+rsi] + mov ebx,DWORD[100+rsi] add r8d,1873313359 movzx eax,al xor r12d,r10d - mov DWORD PTR[96+rsi],edx + mov DWORD[96+rsi],edx add r8d,r12d add cl,bl rol r8d,6 mov r12d,-1 - pinsrw xmm0,WORD PTR[rax*4+rdi],4 + pinsrw xmm0,WORD[rax*4+rdi],4 add r8d,r9d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r10d - mov DWORD PTR[rcx*4+rdi],ebx + mov DWORD[rcx*4+rdi],ebx or r12d,r8d - add r11d,DWORD PTR[60+r15] + add r11d,DWORD[60+r15] add bl,dl - mov eax,DWORD PTR[104+rsi] + mov eax,DWORD[104+rsi] add r11d,4264355552 movzx ebx,bl xor r12d,r9d - mov DWORD PTR[100+rsi],edx + mov DWORD[100+rsi],edx add r11d,r12d add cl,al rol r11d,10 mov r12d,-1 - pinsrw xmm1,WORD PTR[rbx*4+rdi],4 + pinsrw xmm1,WORD[rbx*4+rdi],4 add r11d,r8d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r9d - mov DWORD PTR[rcx*4+rdi],eax + mov DWORD[rcx*4+rdi],eax or r12d,r11d - add r10d,DWORD PTR[24+r15] + add r10d,DWORD[24+r15] add al,dl - mov ebx,DWORD PTR[108+rsi] + mov ebx,DWORD[108+rsi] add r10d,2734768916 movzx eax,al xor r12d,r8d - mov DWORD PTR[104+rsi],edx + mov DWORD[104+rsi],edx add r10d,r12d add cl,bl rol r10d,15 mov r12d,-1 - pinsrw xmm0,WORD PTR[rax*4+rdi],5 + pinsrw xmm0,WORD[rax*4+rdi],5 add r10d,r11d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r8d - mov DWORD PTR[rcx*4+rdi],ebx + mov DWORD[rcx*4+rdi],ebx or r12d,r10d - add r9d,DWORD PTR[52+r15] + add r9d,DWORD[52+r15] add bl,dl - mov eax,DWORD PTR[112+rsi] + mov eax,DWORD[112+rsi] add r9d,1309151649 movzx ebx,bl xor r12d,r11d - mov DWORD PTR[108+rsi],edx + mov DWORD[108+rsi],edx add r9d,r12d add cl,al rol r9d,21 mov r12d,-1 - pinsrw xmm1,WORD PTR[rbx*4+rdi],5 + pinsrw xmm1,WORD[rbx*4+rdi],5 add r9d,r10d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r11d - mov DWORD PTR[rcx*4+rdi],eax + mov DWORD[rcx*4+rdi],eax or r12d,r9d - add r8d,DWORD PTR[16+r15] + add r8d,DWORD[16+r15] add al,dl - mov ebx,DWORD PTR[116+rsi] + mov ebx,DWORD[116+rsi] add r8d,4149444226 movzx eax,al xor r12d,r10d - mov DWORD PTR[112+rsi],edx + mov DWORD[112+rsi],edx add r8d,r12d add cl,bl rol r8d,6 mov r12d,-1 - pinsrw xmm0,WORD PTR[rax*4+rdi],6 + pinsrw xmm0,WORD[rax*4+rdi],6 add r8d,r9d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r10d - mov DWORD PTR[rcx*4+rdi],ebx + mov DWORD[rcx*4+rdi],ebx or r12d,r8d - add r11d,DWORD PTR[44+r15] + add r11d,DWORD[44+r15] add bl,dl - mov eax,DWORD PTR[120+rsi] + mov eax,DWORD[120+rsi] add r11d,3174756917 movzx ebx,bl xor r12d,r9d - mov DWORD PTR[116+rsi],edx + mov DWORD[116+rsi],edx add r11d,r12d add cl,al rol r11d,10 mov r12d,-1 - pinsrw xmm1,WORD PTR[rbx*4+rdi],6 + pinsrw xmm1,WORD[rbx*4+rdi],6 add r11d,r8d - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r9d - mov DWORD PTR[rcx*4+rdi],eax + mov DWORD[rcx*4+rdi],eax or r12d,r11d - add r10d,DWORD PTR[8+r15] + add r10d,DWORD[8+r15] add al,dl - mov ebx,DWORD PTR[124+rsi] + mov ebx,DWORD[124+rsi] add r10d,718787259 movzx eax,al xor r12d,r8d - mov DWORD PTR[120+rsi],edx + mov DWORD[120+rsi],edx add r10d,r12d add cl,bl rol r10d,15 mov r12d,-1 - pinsrw xmm0,WORD PTR[rax*4+rdi],7 + pinsrw xmm0,WORD[rax*4+rdi],7 add r10d,r11d - movdqu xmm5,XMMWORD PTR[48+r13] + movdqu xmm5,XMMWORD[48+r13] add bpl,32 - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] xor r12d,r8d - mov DWORD PTR[rcx*4+rdi],ebx + mov DWORD[rcx*4+rdi],ebx or r12d,r10d - add r9d,DWORD PTR[36+r15] + add r9d,DWORD[36+r15] add bl,dl - mov eax,DWORD PTR[rbp*4+rdi] + mov eax,DWORD[rbp*4+rdi] add r9d,3951481745 movzx ebx,bl xor r12d,r11d - mov DWORD PTR[124+rsi],edx + mov DWORD[124+rsi],edx add r9d,r12d add cl,al rol r9d,21 mov r12d,-1 - pinsrw xmm1,WORD PTR[rbx*4+rdi],7 + pinsrw xmm1,WORD[rbx*4+rdi],7 add r9d,r10d mov rsi,rbp @@ -1231,52 +1235,51 @@ $L$oop:: mov rsi,rcx xor rcx,rcx mov cl,sil - lea rsi,QWORD PTR[rbp*4+rdi] + lea rsi,[rbp*4+rdi] psllq xmm1,8 pxor xmm5,xmm0 pxor xmm5,xmm1 - add r8d,DWORD PTR[rsp] - add r9d,DWORD PTR[4+rsp] - add r10d,DWORD PTR[8+rsp] - add r11d,DWORD PTR[12+rsp] - - movdqu XMMWORD PTR[r13*1+r14],xmm2 - movdqu XMMWORD PTR[16+r13*1+r14],xmm3 - movdqu XMMWORD PTR[32+r13*1+r14],xmm4 - movdqu XMMWORD PTR[48+r13*1+r14],xmm5 - lea r15,QWORD PTR[64+r15] - lea r13,QWORD PTR[64+r13] - cmp r15,QWORD PTR[16+rsp] - jb $L$oop - - mov r12,QWORD PTR[24+rsp] + add r8d,DWORD[rsp] + add r9d,DWORD[4+rsp] + add r10d,DWORD[8+rsp] + add r11d,DWORD[12+rsp] + + movdqu XMMWORD[r13*1+r14],xmm2 + movdqu XMMWORD[16+r13*1+r14],xmm3 + movdqu XMMWORD[32+r13*1+r14],xmm4 + movdqu XMMWORD[48+r13*1+r14],xmm5 + lea r15,[64+r15] + lea r13,[64+r13] + cmp r15,QWORD[16+rsp] + jb NEAR $L$oop + + mov r12,QWORD[24+rsp] sub cl,al - mov DWORD PTR[r12],r8d - mov DWORD PTR[4+r12],r9d - mov DWORD PTR[8+r12],r10d - mov DWORD PTR[12+r12],r11d + mov DWORD[r12],r8d + mov DWORD[4+r12],r9d + mov DWORD[8+r12],r10d + mov DWORD[12+r12],r11d sub bpl,1 - mov DWORD PTR[((-8))+rdi],ebp - mov DWORD PTR[((-4))+rdi],ecx - - mov r15,QWORD PTR[40+rsp] - mov r14,QWORD PTR[48+rsp] - mov r13,QWORD PTR[56+rsp] - mov r12,QWORD PTR[64+rsp] - mov rbp,QWORD PTR[72+rsp] - mov rbx,QWORD PTR[80+rsp] - lea rsp,QWORD PTR[88+rsp] -$L$epilogue:: -$L$abort:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] + mov DWORD[((-8))+rdi],ebp + mov DWORD[((-4))+rdi],ecx + + mov r15,QWORD[40+rsp] + mov r14,QWORD[48+rsp] + mov r13,QWORD[56+rsp] + mov r12,QWORD[64+rsp] + mov rbp,QWORD[72+rsp] + mov rbx,QWORD[80+rsp] + lea rsp,[88+rsp] +$L$epilogue: +$L$abort: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_rc4_md5_enc:: -rc4_md5_enc ENDP -EXTERN __imp_RtlVirtualUnwind:NEAR +$L$SEH_end_rc4_md5_enc: +EXTERN __imp_RtlVirtualUnwind ALIGN 16 -se_handler PROC PRIVATE +se_handler: push rsi push rdi push rbx @@ -1288,59 +1291,59 @@ se_handler PROC PRIVATE pushfq sub rsp,64 - mov rax,QWORD PTR[120+r8] - mov rbx,QWORD PTR[248+r8] + mov rax,QWORD[120+r8] + mov rbx,QWORD[248+r8] - lea r10,QWORD PTR[$L$body] + lea r10,[$L$body] cmp rbx,r10 - jb $L$in_prologue + jb NEAR $L$in_prologue - mov rax,QWORD PTR[152+r8] + mov rax,QWORD[152+r8] - lea r10,QWORD PTR[$L$epilogue] + lea r10,[$L$epilogue] cmp rbx,r10 - jae $L$in_prologue - - mov r15,QWORD PTR[40+rax] - mov r14,QWORD PTR[48+rax] - mov r13,QWORD PTR[56+rax] - mov r12,QWORD PTR[64+rax] - mov rbp,QWORD PTR[72+rax] - mov rbx,QWORD PTR[80+rax] - lea rax,QWORD PTR[88+rax] - - mov QWORD PTR[144+r8],rbx - mov QWORD PTR[160+r8],rbp - mov QWORD PTR[216+r8],r12 - mov QWORD PTR[224+r8],r13 - mov QWORD PTR[232+r8],r14 - mov QWORD PTR[240+r8],r15 - -$L$in_prologue:: - mov rdi,QWORD PTR[8+rax] - mov rsi,QWORD PTR[16+rax] - mov QWORD PTR[152+r8],rax - mov QWORD PTR[168+r8],rsi - mov QWORD PTR[176+r8],rdi - - mov rdi,QWORD PTR[40+r9] + jae NEAR $L$in_prologue + + mov r15,QWORD[40+rax] + mov r14,QWORD[48+rax] + mov r13,QWORD[56+rax] + mov r12,QWORD[64+rax] + mov rbp,QWORD[72+rax] + mov rbx,QWORD[80+rax] + lea rax,[88+rax] + + mov QWORD[144+r8],rbx + mov QWORD[160+r8],rbp + mov QWORD[216+r8],r12 + mov QWORD[224+r8],r13 + mov QWORD[232+r8],r14 + mov QWORD[240+r8],r15 + +$L$in_prologue: + mov rdi,QWORD[8+rax] + mov rsi,QWORD[16+rax] + mov QWORD[152+r8],rax + mov QWORD[168+r8],rsi + mov QWORD[176+r8],rdi + + mov rdi,QWORD[40+r9] mov rsi,r8 mov ecx,154 - DD 0a548f3fch + DD 0xa548f3fc mov rsi,r9 xor rcx,rcx - mov rdx,QWORD PTR[8+rsi] - mov r8,QWORD PTR[rsi] - mov r9,QWORD PTR[16+rsi] - mov r10,QWORD PTR[40+rsi] - lea r11,QWORD PTR[56+rsi] - lea r12,QWORD PTR[24+rsi] - mov QWORD PTR[32+rsp],r10 - mov QWORD PTR[40+rsp],r11 - mov QWORD PTR[48+rsp],r12 - mov QWORD PTR[56+rsp],rcx - call QWORD PTR[__imp_RtlVirtualUnwind] + mov rdx,QWORD[8+rsi] + mov r8,QWORD[rsi] + mov r9,QWORD[16+rsi] + mov r10,QWORD[40+rsi] + lea r11,[56+rsi] + lea r12,[24+rsi] + mov QWORD[32+rsp],r10 + mov QWORD[40+rsp],r11 + mov QWORD[48+rsp],r12 + mov QWORD[56+rsp],rcx + call QWORD[__imp_RtlVirtualUnwind] mov eax,1 add rsp,64 @@ -1354,21 +1357,16 @@ $L$in_prologue:: pop rdi pop rsi DB 0F3h,0C3h ;repret -se_handler ENDP -.text$ ENDS -.pdata SEGMENT READONLY ALIGN(4) + +section .pdata rdata align=4 ALIGN 4 - DD imagerel $L$SEH_begin_rc4_md5_enc - DD imagerel $L$SEH_end_rc4_md5_enc - DD imagerel $L$SEH_info_rc4_md5_enc + DD $L$SEH_begin_rc4_md5_enc wrt ..imagebase + DD $L$SEH_end_rc4_md5_enc wrt ..imagebase + DD $L$SEH_info_rc4_md5_enc wrt ..imagebase -.pdata ENDS -.xdata SEGMENT READONLY ALIGN(8) +section .xdata rdata align=8 ALIGN 8 -$L$SEH_info_rc4_md5_enc:: +$L$SEH_info_rc4_md5_enc: DB 9,0,0,0 - DD imagerel se_handler - -.xdata ENDS -END + DD se_handler wrt ..imagebase diff --git a/win-x86_64/crypto/rc4/rc4-x86_64.asm b/win-x86_64/crypto/rc4/rc4-x86_64.asm index c183cac..c7c3b7b 100644 --- a/win-x86_64/crypto/rc4/rc4-x86_64.asm +++ b/win-x86_64/crypto/rc4/rc4-x86_64.asm @@ -1,15 +1,19 @@ -OPTION DOTNAME -.text$ SEGMENT ALIGN(256) 'CODE' -EXTERN OPENSSL_ia32cap_P:NEAR +default rel +%define XMMWORD +%define YMMWORD +%define ZMMWORD +section .text code align=64 -PUBLIC asm_RC4 +EXTERN OPENSSL_ia32cap_P + +global asm_RC4 ALIGN 16 -asm_RC4 PROC PUBLIC - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +asm_RC4: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_asm_RC4:: +$L$SEH_begin_asm_RC4: mov rdi,rcx mov rsi,rdx mov rdx,r8 @@ -17,538 +21,537 @@ $L$SEH_begin_asm_RC4:: or rsi,rsi - jne $L$entry - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] + jne NEAR $L$entry + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$entry:: +$L$entry: push rbx push r12 push r13 -$L$prologue:: +$L$prologue: mov r11,rsi mov r12,rdx mov r13,rcx xor r10,r10 xor rcx,rcx - lea rdi,QWORD PTR[8+rdi] - mov r10b,BYTE PTR[((-8))+rdi] - mov cl,BYTE PTR[((-4))+rdi] - cmp DWORD PTR[256+rdi],-1 - je $L$RC4_CHAR - mov r8d,DWORD PTR[OPENSSL_ia32cap_P] + lea rdi,[8+rdi] + mov r10b,BYTE[((-8))+rdi] + mov cl,BYTE[((-4))+rdi] + cmp DWORD[256+rdi],-1 + je NEAR $L$RC4_CHAR + mov r8d,DWORD[OPENSSL_ia32cap_P] xor rbx,rbx inc r10b sub rbx,r10 sub r13,r12 - mov eax,DWORD PTR[r10*4+rdi] + mov eax,DWORD[r10*4+rdi] test r11,-16 - jz $L$loop1 + jz NEAR $L$loop1 bt r8d,30 - jc $L$intel + jc NEAR $L$intel and rbx,7 - lea rsi,QWORD PTR[1+r10] - jz $L$oop8 + lea rsi,[1+r10] + jz NEAR $L$oop8 sub r11,rbx -$L$oop8_warmup:: +$L$oop8_warmup: add cl,al - mov edx,DWORD PTR[rcx*4+rdi] - mov DWORD PTR[rcx*4+rdi],eax - mov DWORD PTR[r10*4+rdi],edx + mov edx,DWORD[rcx*4+rdi] + mov DWORD[rcx*4+rdi],eax + mov DWORD[r10*4+rdi],edx add al,dl inc r10b - mov edx,DWORD PTR[rax*4+rdi] - mov eax,DWORD PTR[r10*4+rdi] - xor dl,BYTE PTR[r12] - mov BYTE PTR[r13*1+r12],dl - lea r12,QWORD PTR[1+r12] + mov edx,DWORD[rax*4+rdi] + mov eax,DWORD[r10*4+rdi] + xor dl,BYTE[r12] + mov BYTE[r13*1+r12],dl + lea r12,[1+r12] dec rbx - jnz $L$oop8_warmup + jnz NEAR $L$oop8_warmup - lea rsi,QWORD PTR[1+r10] - jmp $L$oop8 + lea rsi,[1+r10] + jmp NEAR $L$oop8 ALIGN 16 -$L$oop8:: +$L$oop8: add cl,al - mov edx,DWORD PTR[rcx*4+rdi] - mov DWORD PTR[rcx*4+rdi],eax - mov ebx,DWORD PTR[rsi*4+rdi] + mov edx,DWORD[rcx*4+rdi] + mov DWORD[rcx*4+rdi],eax + mov ebx,DWORD[rsi*4+rdi] ror r8,8 - mov DWORD PTR[r10*4+rdi],edx + mov DWORD[r10*4+rdi],edx add dl,al - mov r8b,BYTE PTR[rdx*4+rdi] + mov r8b,BYTE[rdx*4+rdi] add cl,bl - mov edx,DWORD PTR[rcx*4+rdi] - mov DWORD PTR[rcx*4+rdi],ebx - mov eax,DWORD PTR[4+rsi*4+rdi] + mov edx,DWORD[rcx*4+rdi] + mov DWORD[rcx*4+rdi],ebx + mov eax,DWORD[4+rsi*4+rdi] ror r8,8 - mov DWORD PTR[4+r10*4+rdi],edx + mov DWORD[4+r10*4+rdi],edx add dl,bl - mov r8b,BYTE PTR[rdx*4+rdi] + mov r8b,BYTE[rdx*4+rdi] add cl,al - mov edx,DWORD PTR[rcx*4+rdi] - mov DWORD PTR[rcx*4+rdi],eax - mov ebx,DWORD PTR[8+rsi*4+rdi] + mov edx,DWORD[rcx*4+rdi] + mov DWORD[rcx*4+rdi],eax + mov ebx,DWORD[8+rsi*4+rdi] ror r8,8 - mov DWORD PTR[8+r10*4+rdi],edx + mov DWORD[8+r10*4+rdi],edx add dl,al - mov r8b,BYTE PTR[rdx*4+rdi] + mov r8b,BYTE[rdx*4+rdi] add cl,bl - mov edx,DWORD PTR[rcx*4+rdi] - mov DWORD PTR[rcx*4+rdi],ebx - mov eax,DWORD PTR[12+rsi*4+rdi] + mov edx,DWORD[rcx*4+rdi] + mov DWORD[rcx*4+rdi],ebx + mov eax,DWORD[12+rsi*4+rdi] ror r8,8 - mov DWORD PTR[12+r10*4+rdi],edx + mov DWORD[12+r10*4+rdi],edx add dl,bl - mov r8b,BYTE PTR[rdx*4+rdi] + mov r8b,BYTE[rdx*4+rdi] add cl,al - mov edx,DWORD PTR[rcx*4+rdi] - mov DWORD PTR[rcx*4+rdi],eax - mov ebx,DWORD PTR[16+rsi*4+rdi] + mov edx,DWORD[rcx*4+rdi] + mov DWORD[rcx*4+rdi],eax + mov ebx,DWORD[16+rsi*4+rdi] ror r8,8 - mov DWORD PTR[16+r10*4+rdi],edx + mov DWORD[16+r10*4+rdi],edx add dl,al - mov r8b,BYTE PTR[rdx*4+rdi] + mov r8b,BYTE[rdx*4+rdi] add cl,bl - mov edx,DWORD PTR[rcx*4+rdi] - mov DWORD PTR[rcx*4+rdi],ebx - mov eax,DWORD PTR[20+rsi*4+rdi] + mov edx,DWORD[rcx*4+rdi] + mov DWORD[rcx*4+rdi],ebx + mov eax,DWORD[20+rsi*4+rdi] ror r8,8 - mov DWORD PTR[20+r10*4+rdi],edx + mov DWORD[20+r10*4+rdi],edx add dl,bl - mov r8b,BYTE PTR[rdx*4+rdi] + mov r8b,BYTE[rdx*4+rdi] add cl,al - mov edx,DWORD PTR[rcx*4+rdi] - mov DWORD PTR[rcx*4+rdi],eax - mov ebx,DWORD PTR[24+rsi*4+rdi] + mov edx,DWORD[rcx*4+rdi] + mov DWORD[rcx*4+rdi],eax + mov ebx,DWORD[24+rsi*4+rdi] ror r8,8 - mov DWORD PTR[24+r10*4+rdi],edx + mov DWORD[24+r10*4+rdi],edx add dl,al - mov r8b,BYTE PTR[rdx*4+rdi] + mov r8b,BYTE[rdx*4+rdi] add sil,8 add cl,bl - mov edx,DWORD PTR[rcx*4+rdi] - mov DWORD PTR[rcx*4+rdi],ebx - mov eax,DWORD PTR[((-4))+rsi*4+rdi] + mov edx,DWORD[rcx*4+rdi] + mov DWORD[rcx*4+rdi],ebx + mov eax,DWORD[((-4))+rsi*4+rdi] ror r8,8 - mov DWORD PTR[28+r10*4+rdi],edx + mov DWORD[28+r10*4+rdi],edx add dl,bl - mov r8b,BYTE PTR[rdx*4+rdi] + mov r8b,BYTE[rdx*4+rdi] add r10b,8 ror r8,8 sub r11,8 - xor r8,QWORD PTR[r12] - mov QWORD PTR[r13*1+r12],r8 - lea r12,QWORD PTR[8+r12] + xor r8,QWORD[r12] + mov QWORD[r13*1+r12],r8 + lea r12,[8+r12] test r11,-8 - jnz $L$oop8 + jnz NEAR $L$oop8 cmp r11,0 - jne $L$loop1 - jmp $L$exit + jne NEAR $L$loop1 + jmp NEAR $L$exit ALIGN 16 -$L$intel:: +$L$intel: test r11,-32 - jz $L$loop1 + jz NEAR $L$loop1 and rbx,15 - jz $L$oop16_is_hot + jz NEAR $L$oop16_is_hot sub r11,rbx -$L$oop16_warmup:: +$L$oop16_warmup: add cl,al - mov edx,DWORD PTR[rcx*4+rdi] - mov DWORD PTR[rcx*4+rdi],eax - mov DWORD PTR[r10*4+rdi],edx + mov edx,DWORD[rcx*4+rdi] + mov DWORD[rcx*4+rdi],eax + mov DWORD[r10*4+rdi],edx add al,dl inc r10b - mov edx,DWORD PTR[rax*4+rdi] - mov eax,DWORD PTR[r10*4+rdi] - xor dl,BYTE PTR[r12] - mov BYTE PTR[r13*1+r12],dl - lea r12,QWORD PTR[1+r12] + mov edx,DWORD[rax*4+rdi] + mov eax,DWORD[r10*4+rdi] + xor dl,BYTE[r12] + mov BYTE[r13*1+r12],dl + lea r12,[1+r12] dec rbx - jnz $L$oop16_warmup + jnz NEAR $L$oop16_warmup mov rbx,rcx xor rcx,rcx mov cl,bl -$L$oop16_is_hot:: - lea rsi,QWORD PTR[r10*4+rdi] +$L$oop16_is_hot: + lea rsi,[r10*4+rdi] add cl,al - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] pxor xmm0,xmm0 - mov DWORD PTR[rcx*4+rdi],eax + mov DWORD[rcx*4+rdi],eax add al,dl - mov ebx,DWORD PTR[4+rsi] + mov ebx,DWORD[4+rsi] movzx eax,al - mov DWORD PTR[rsi],edx + mov DWORD[rsi],edx add cl,bl - pinsrw xmm0,WORD PTR[rax*4+rdi],0 - jmp $L$oop16_enter + pinsrw xmm0,WORD[rax*4+rdi],0 + jmp NEAR $L$oop16_enter ALIGN 16 -$L$oop16:: +$L$oop16: add cl,al - mov edx,DWORD PTR[rcx*4+rdi] + mov edx,DWORD[rcx*4+rdi] pxor xmm2,xmm0 psllq xmm1,8 pxor xmm0,xmm0 - mov DWORD PTR[rcx*4+rdi],eax + mov DWORD[rcx*4+rdi],eax add al,dl - mov ebx,DWORD PTR[4+rsi] + mov ebx,DWORD[4+rsi] movzx eax,al - mov DWORD PTR[rsi],edx + mov DWORD[rsi],edx pxor xmm2,xmm1 add cl,bl - pinsrw xmm0,WORD PTR[rax*4+rdi],0 - movdqu XMMWORD PTR[r13*1+r12],xmm2 - lea r12,QWORD PTR[16+r12] -$L$oop16_enter:: - mov edx,DWORD PTR[rcx*4+rdi] + pinsrw xmm0,WORD[rax*4+rdi],0 + movdqu XMMWORD[r13*1+r12],xmm2 + lea r12,[16+r12] +$L$oop16_enter: + mov edx,DWORD[rcx*4+rdi] pxor xmm1,xmm1 - mov DWORD PTR[rcx*4+rdi],ebx + mov DWORD[rcx*4+rdi],ebx add bl,dl - mov eax,DWORD PTR[8+rsi] + mov eax,DWORD[8+rsi] movzx ebx,bl - mov DWORD PTR[4+rsi],edx + mov DWORD[4+rsi],edx add cl,al - pinsrw xmm1,WORD PTR[rbx*4+rdi],0 - mov edx,DWORD PTR[rcx*4+rdi] - mov DWORD PTR[rcx*4+rdi],eax + pinsrw xmm1,WORD[rbx*4+rdi],0 + mov edx,DWORD[rcx*4+rdi] + mov DWORD[rcx*4+rdi],eax add al,dl - mov ebx,DWORD PTR[12+rsi] + mov ebx,DWORD[12+rsi] movzx eax,al - mov DWORD PTR[8+rsi],edx + mov DWORD[8+rsi],edx add cl,bl - pinsrw xmm0,WORD PTR[rax*4+rdi],1 - mov edx,DWORD PTR[rcx*4+rdi] - mov DWORD PTR[rcx*4+rdi],ebx + pinsrw xmm0,WORD[rax*4+rdi],1 + mov edx,DWORD[rcx*4+rdi] + mov DWORD[rcx*4+rdi],ebx add bl,dl - mov eax,DWORD PTR[16+rsi] + mov eax,DWORD[16+rsi] movzx ebx,bl - mov DWORD PTR[12+rsi],edx + mov DWORD[12+rsi],edx add cl,al - pinsrw xmm1,WORD PTR[rbx*4+rdi],1 - mov edx,DWORD PTR[rcx*4+rdi] - mov DWORD PTR[rcx*4+rdi],eax + pinsrw xmm1,WORD[rbx*4+rdi],1 + mov edx,DWORD[rcx*4+rdi] + mov DWORD[rcx*4+rdi],eax add al,dl - mov ebx,DWORD PTR[20+rsi] + mov ebx,DWORD[20+rsi] movzx eax,al - mov DWORD PTR[16+rsi],edx + mov DWORD[16+rsi],edx add cl,bl - pinsrw xmm0,WORD PTR[rax*4+rdi],2 - mov edx,DWORD PTR[rcx*4+rdi] - mov DWORD PTR[rcx*4+rdi],ebx + pinsrw xmm0,WORD[rax*4+rdi],2 + mov edx,DWORD[rcx*4+rdi] + mov DWORD[rcx*4+rdi],ebx add bl,dl - mov eax,DWORD PTR[24+rsi] + mov eax,DWORD[24+rsi] movzx ebx,bl - mov DWORD PTR[20+rsi],edx + mov DWORD[20+rsi],edx add cl,al - pinsrw xmm1,WORD PTR[rbx*4+rdi],2 - mov edx,DWORD PTR[rcx*4+rdi] - mov DWORD PTR[rcx*4+rdi],eax + pinsrw xmm1,WORD[rbx*4+rdi],2 + mov edx,DWORD[rcx*4+rdi] + mov DWORD[rcx*4+rdi],eax add al,dl - mov ebx,DWORD PTR[28+rsi] + mov ebx,DWORD[28+rsi] movzx eax,al - mov DWORD PTR[24+rsi],edx + mov DWORD[24+rsi],edx add cl,bl - pinsrw xmm0,WORD PTR[rax*4+rdi],3 - mov edx,DWORD PTR[rcx*4+rdi] - mov DWORD PTR[rcx*4+rdi],ebx + pinsrw xmm0,WORD[rax*4+rdi],3 + mov edx,DWORD[rcx*4+rdi] + mov DWORD[rcx*4+rdi],ebx add bl,dl - mov eax,DWORD PTR[32+rsi] + mov eax,DWORD[32+rsi] movzx ebx,bl - mov DWORD PTR[28+rsi],edx + mov DWORD[28+rsi],edx add cl,al - pinsrw xmm1,WORD PTR[rbx*4+rdi],3 - mov edx,DWORD PTR[rcx*4+rdi] - mov DWORD PTR[rcx*4+rdi],eax + pinsrw xmm1,WORD[rbx*4+rdi],3 + mov edx,DWORD[rcx*4+rdi] + mov DWORD[rcx*4+rdi],eax add al,dl - mov ebx,DWORD PTR[36+rsi] + mov ebx,DWORD[36+rsi] movzx eax,al - mov DWORD PTR[32+rsi],edx + mov DWORD[32+rsi],edx add cl,bl - pinsrw xmm0,WORD PTR[rax*4+rdi],4 - mov edx,DWORD PTR[rcx*4+rdi] - mov DWORD PTR[rcx*4+rdi],ebx + pinsrw xmm0,WORD[rax*4+rdi],4 + mov edx,DWORD[rcx*4+rdi] + mov DWORD[rcx*4+rdi],ebx add bl,dl - mov eax,DWORD PTR[40+rsi] + mov eax,DWORD[40+rsi] movzx ebx,bl - mov DWORD PTR[36+rsi],edx + mov DWORD[36+rsi],edx add cl,al - pinsrw xmm1,WORD PTR[rbx*4+rdi],4 - mov edx,DWORD PTR[rcx*4+rdi] - mov DWORD PTR[rcx*4+rdi],eax + pinsrw xmm1,WORD[rbx*4+rdi],4 + mov edx,DWORD[rcx*4+rdi] + mov DWORD[rcx*4+rdi],eax add al,dl - mov ebx,DWORD PTR[44+rsi] + mov ebx,DWORD[44+rsi] movzx eax,al - mov DWORD PTR[40+rsi],edx + mov DWORD[40+rsi],edx add cl,bl - pinsrw xmm0,WORD PTR[rax*4+rdi],5 - mov edx,DWORD PTR[rcx*4+rdi] - mov DWORD PTR[rcx*4+rdi],ebx + pinsrw xmm0,WORD[rax*4+rdi],5 + mov edx,DWORD[rcx*4+rdi] + mov DWORD[rcx*4+rdi],ebx add bl,dl - mov eax,DWORD PTR[48+rsi] + mov eax,DWORD[48+rsi] movzx ebx,bl - mov DWORD PTR[44+rsi],edx + mov DWORD[44+rsi],edx add cl,al - pinsrw xmm1,WORD PTR[rbx*4+rdi],5 - mov edx,DWORD PTR[rcx*4+rdi] - mov DWORD PTR[rcx*4+rdi],eax + pinsrw xmm1,WORD[rbx*4+rdi],5 + mov edx,DWORD[rcx*4+rdi] + mov DWORD[rcx*4+rdi],eax add al,dl - mov ebx,DWORD PTR[52+rsi] + mov ebx,DWORD[52+rsi] movzx eax,al - mov DWORD PTR[48+rsi],edx + mov DWORD[48+rsi],edx add cl,bl - pinsrw xmm0,WORD PTR[rax*4+rdi],6 - mov edx,DWORD PTR[rcx*4+rdi] - mov DWORD PTR[rcx*4+rdi],ebx + pinsrw xmm0,WORD[rax*4+rdi],6 + mov edx,DWORD[rcx*4+rdi] + mov DWORD[rcx*4+rdi],ebx add bl,dl - mov eax,DWORD PTR[56+rsi] + mov eax,DWORD[56+rsi] movzx ebx,bl - mov DWORD PTR[52+rsi],edx + mov DWORD[52+rsi],edx add cl,al - pinsrw xmm1,WORD PTR[rbx*4+rdi],6 - mov edx,DWORD PTR[rcx*4+rdi] - mov DWORD PTR[rcx*4+rdi],eax + pinsrw xmm1,WORD[rbx*4+rdi],6 + mov edx,DWORD[rcx*4+rdi] + mov DWORD[rcx*4+rdi],eax add al,dl - mov ebx,DWORD PTR[60+rsi] + mov ebx,DWORD[60+rsi] movzx eax,al - mov DWORD PTR[56+rsi],edx + mov DWORD[56+rsi],edx add cl,bl - pinsrw xmm0,WORD PTR[rax*4+rdi],7 + pinsrw xmm0,WORD[rax*4+rdi],7 add r10b,16 - movdqu xmm2,XMMWORD PTR[r12] - mov edx,DWORD PTR[rcx*4+rdi] - mov DWORD PTR[rcx*4+rdi],ebx + movdqu xmm2,XMMWORD[r12] + mov edx,DWORD[rcx*4+rdi] + mov DWORD[rcx*4+rdi],ebx add bl,dl movzx ebx,bl - mov DWORD PTR[60+rsi],edx - lea rsi,QWORD PTR[r10*4+rdi] - pinsrw xmm1,WORD PTR[rbx*4+rdi],7 - mov eax,DWORD PTR[rsi] + mov DWORD[60+rsi],edx + lea rsi,[r10*4+rdi] + pinsrw xmm1,WORD[rbx*4+rdi],7 + mov eax,DWORD[rsi] mov rbx,rcx xor rcx,rcx sub r11,16 mov cl,bl test r11,-16 - jnz $L$oop16 + jnz NEAR $L$oop16 psllq xmm1,8 pxor xmm2,xmm0 pxor xmm2,xmm1 - movdqu XMMWORD PTR[r13*1+r12],xmm2 - lea r12,QWORD PTR[16+r12] + movdqu XMMWORD[r13*1+r12],xmm2 + lea r12,[16+r12] cmp r11,0 - jne $L$loop1 - jmp $L$exit + jne NEAR $L$loop1 + jmp NEAR $L$exit ALIGN 16 -$L$loop1:: +$L$loop1: add cl,al - mov edx,DWORD PTR[rcx*4+rdi] - mov DWORD PTR[rcx*4+rdi],eax - mov DWORD PTR[r10*4+rdi],edx + mov edx,DWORD[rcx*4+rdi] + mov DWORD[rcx*4+rdi],eax + mov DWORD[r10*4+rdi],edx add al,dl inc r10b - mov edx,DWORD PTR[rax*4+rdi] - mov eax,DWORD PTR[r10*4+rdi] - xor dl,BYTE PTR[r12] - mov BYTE PTR[r13*1+r12],dl - lea r12,QWORD PTR[1+r12] + mov edx,DWORD[rax*4+rdi] + mov eax,DWORD[r10*4+rdi] + xor dl,BYTE[r12] + mov BYTE[r13*1+r12],dl + lea r12,[1+r12] dec r11 - jnz $L$loop1 - jmp $L$exit + jnz NEAR $L$loop1 + jmp NEAR $L$exit ALIGN 16 -$L$RC4_CHAR:: +$L$RC4_CHAR: add r10b,1 - movzx eax,BYTE PTR[r10*1+rdi] + movzx eax,BYTE[r10*1+rdi] test r11,-8 - jz $L$cloop1 - jmp $L$cloop8 + jz NEAR $L$cloop1 + jmp NEAR $L$cloop8 ALIGN 16 -$L$cloop8:: - mov r8d,DWORD PTR[r12] - mov r9d,DWORD PTR[4+r12] +$L$cloop8: + mov r8d,DWORD[r12] + mov r9d,DWORD[4+r12] add cl,al - lea rsi,QWORD PTR[1+r10] - movzx edx,BYTE PTR[rcx*1+rdi] + lea rsi,[1+r10] + movzx edx,BYTE[rcx*1+rdi] movzx esi,sil - movzx ebx,BYTE PTR[rsi*1+rdi] - mov BYTE PTR[rcx*1+rdi],al + movzx ebx,BYTE[rsi*1+rdi] + mov BYTE[rcx*1+rdi],al cmp rcx,rsi - mov BYTE PTR[r10*1+rdi],dl - jne $L$cmov0 + mov BYTE[r10*1+rdi],dl + jne NEAR $L$cmov0 mov rbx,rax -$L$cmov0:: +$L$cmov0: add dl,al - xor r8b,BYTE PTR[rdx*1+rdi] + xor r8b,BYTE[rdx*1+rdi] ror r8d,8 add cl,bl - lea r10,QWORD PTR[1+rsi] - movzx edx,BYTE PTR[rcx*1+rdi] + lea r10,[1+rsi] + movzx edx,BYTE[rcx*1+rdi] movzx r10d,r10b - movzx eax,BYTE PTR[r10*1+rdi] - mov BYTE PTR[rcx*1+rdi],bl + movzx eax,BYTE[r10*1+rdi] + mov BYTE[rcx*1+rdi],bl cmp rcx,r10 - mov BYTE PTR[rsi*1+rdi],dl - jne $L$cmov1 + mov BYTE[rsi*1+rdi],dl + jne NEAR $L$cmov1 mov rax,rbx -$L$cmov1:: +$L$cmov1: add dl,bl - xor r8b,BYTE PTR[rdx*1+rdi] + xor r8b,BYTE[rdx*1+rdi] ror r8d,8 add cl,al - lea rsi,QWORD PTR[1+r10] - movzx edx,BYTE PTR[rcx*1+rdi] + lea rsi,[1+r10] + movzx edx,BYTE[rcx*1+rdi] movzx esi,sil - movzx ebx,BYTE PTR[rsi*1+rdi] - mov BYTE PTR[rcx*1+rdi],al + movzx ebx,BYTE[rsi*1+rdi] + mov BYTE[rcx*1+rdi],al cmp rcx,rsi - mov BYTE PTR[r10*1+rdi],dl - jne $L$cmov2 + mov BYTE[r10*1+rdi],dl + jne NEAR $L$cmov2 mov rbx,rax -$L$cmov2:: +$L$cmov2: add dl,al - xor r8b,BYTE PTR[rdx*1+rdi] + xor r8b,BYTE[rdx*1+rdi] ror r8d,8 add cl,bl - lea r10,QWORD PTR[1+rsi] - movzx edx,BYTE PTR[rcx*1+rdi] + lea r10,[1+rsi] + movzx edx,BYTE[rcx*1+rdi] movzx r10d,r10b - movzx eax,BYTE PTR[r10*1+rdi] - mov BYTE PTR[rcx*1+rdi],bl + movzx eax,BYTE[r10*1+rdi] + mov BYTE[rcx*1+rdi],bl cmp rcx,r10 - mov BYTE PTR[rsi*1+rdi],dl - jne $L$cmov3 + mov BYTE[rsi*1+rdi],dl + jne NEAR $L$cmov3 mov rax,rbx -$L$cmov3:: +$L$cmov3: add dl,bl - xor r8b,BYTE PTR[rdx*1+rdi] + xor r8b,BYTE[rdx*1+rdi] ror r8d,8 add cl,al - lea rsi,QWORD PTR[1+r10] - movzx edx,BYTE PTR[rcx*1+rdi] + lea rsi,[1+r10] + movzx edx,BYTE[rcx*1+rdi] movzx esi,sil - movzx ebx,BYTE PTR[rsi*1+rdi] - mov BYTE PTR[rcx*1+rdi],al + movzx ebx,BYTE[rsi*1+rdi] + mov BYTE[rcx*1+rdi],al cmp rcx,rsi - mov BYTE PTR[r10*1+rdi],dl - jne $L$cmov4 + mov BYTE[r10*1+rdi],dl + jne NEAR $L$cmov4 mov rbx,rax -$L$cmov4:: +$L$cmov4: add dl,al - xor r9b,BYTE PTR[rdx*1+rdi] + xor r9b,BYTE[rdx*1+rdi] ror r9d,8 add cl,bl - lea r10,QWORD PTR[1+rsi] - movzx edx,BYTE PTR[rcx*1+rdi] + lea r10,[1+rsi] + movzx edx,BYTE[rcx*1+rdi] movzx r10d,r10b - movzx eax,BYTE PTR[r10*1+rdi] - mov BYTE PTR[rcx*1+rdi],bl + movzx eax,BYTE[r10*1+rdi] + mov BYTE[rcx*1+rdi],bl cmp rcx,r10 - mov BYTE PTR[rsi*1+rdi],dl - jne $L$cmov5 + mov BYTE[rsi*1+rdi],dl + jne NEAR $L$cmov5 mov rax,rbx -$L$cmov5:: +$L$cmov5: add dl,bl - xor r9b,BYTE PTR[rdx*1+rdi] + xor r9b,BYTE[rdx*1+rdi] ror r9d,8 add cl,al - lea rsi,QWORD PTR[1+r10] - movzx edx,BYTE PTR[rcx*1+rdi] + lea rsi,[1+r10] + movzx edx,BYTE[rcx*1+rdi] movzx esi,sil - movzx ebx,BYTE PTR[rsi*1+rdi] - mov BYTE PTR[rcx*1+rdi],al + movzx ebx,BYTE[rsi*1+rdi] + mov BYTE[rcx*1+rdi],al cmp rcx,rsi - mov BYTE PTR[r10*1+rdi],dl - jne $L$cmov6 + mov BYTE[r10*1+rdi],dl + jne NEAR $L$cmov6 mov rbx,rax -$L$cmov6:: +$L$cmov6: add dl,al - xor r9b,BYTE PTR[rdx*1+rdi] + xor r9b,BYTE[rdx*1+rdi] ror r9d,8 add cl,bl - lea r10,QWORD PTR[1+rsi] - movzx edx,BYTE PTR[rcx*1+rdi] + lea r10,[1+rsi] + movzx edx,BYTE[rcx*1+rdi] movzx r10d,r10b - movzx eax,BYTE PTR[r10*1+rdi] - mov BYTE PTR[rcx*1+rdi],bl + movzx eax,BYTE[r10*1+rdi] + mov BYTE[rcx*1+rdi],bl cmp rcx,r10 - mov BYTE PTR[rsi*1+rdi],dl - jne $L$cmov7 + mov BYTE[rsi*1+rdi],dl + jne NEAR $L$cmov7 mov rax,rbx -$L$cmov7:: +$L$cmov7: add dl,bl - xor r9b,BYTE PTR[rdx*1+rdi] + xor r9b,BYTE[rdx*1+rdi] ror r9d,8 - lea r11,QWORD PTR[((-8))+r11] - mov DWORD PTR[r13],r8d - lea r12,QWORD PTR[8+r12] - mov DWORD PTR[4+r13],r9d - lea r13,QWORD PTR[8+r13] + lea r11,[((-8))+r11] + mov DWORD[r13],r8d + lea r12,[8+r12] + mov DWORD[4+r13],r9d + lea r13,[8+r13] test r11,-8 - jnz $L$cloop8 + jnz NEAR $L$cloop8 cmp r11,0 - jne $L$cloop1 - jmp $L$exit + jne NEAR $L$cloop1 + jmp NEAR $L$exit ALIGN 16 -$L$cloop1:: +$L$cloop1: add cl,al movzx ecx,cl - movzx edx,BYTE PTR[rcx*1+rdi] - mov BYTE PTR[rcx*1+rdi],al - mov BYTE PTR[r10*1+rdi],dl + movzx edx,BYTE[rcx*1+rdi] + mov BYTE[rcx*1+rdi],al + mov BYTE[r10*1+rdi],dl add dl,al add r10b,1 movzx edx,dl movzx r10d,r10b - movzx edx,BYTE PTR[rdx*1+rdi] - movzx eax,BYTE PTR[r10*1+rdi] - xor dl,BYTE PTR[r12] - lea r12,QWORD PTR[1+r12] - mov BYTE PTR[r13],dl - lea r13,QWORD PTR[1+r13] + movzx edx,BYTE[rdx*1+rdi] + movzx eax,BYTE[r10*1+rdi] + xor dl,BYTE[r12] + lea r12,[1+r12] + mov BYTE[r13],dl + lea r13,[1+r13] sub r11,1 - jnz $L$cloop1 - jmp $L$exit + jnz NEAR $L$cloop1 + jmp NEAR $L$exit ALIGN 16 -$L$exit:: +$L$exit: sub r10b,1 - mov DWORD PTR[((-8))+rdi],r10d - mov DWORD PTR[((-4))+rdi],ecx + mov DWORD[((-8))+rdi],r10d + mov DWORD[((-4))+rdi],ecx - mov r13,QWORD PTR[rsp] - mov r12,QWORD PTR[8+rsp] - mov rbx,QWORD PTR[16+rsp] + mov r13,QWORD[rsp] + mov r12,QWORD[8+rsp] + mov rbx,QWORD[16+rsp] add rsp,24 -$L$epilogue:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] +$L$epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_asm_RC4:: -asm_RC4 ENDP -PUBLIC asm_RC4_set_key +$L$SEH_end_asm_RC4: +global asm_RC4_set_key ALIGN 16 -asm_RC4_set_key PROC PUBLIC - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +asm_RC4_set_key: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_asm_RC4_set_key:: +$L$SEH_begin_asm_RC4_set_key: mov rdi,rcx mov rsi,rdx mov rdx,r8 - lea rdi,QWORD PTR[8+rdi] - lea rdx,QWORD PTR[rsi*1+rdx] + lea rdi,[8+rdi] + lea rdx,[rsi*1+rdx] neg rsi mov rcx,rsi xor eax,eax @@ -556,100 +559,70 @@ $L$SEH_begin_asm_RC4_set_key:: xor r10,r10 xor r11,r11 - mov r8d,DWORD PTR[OPENSSL_ia32cap_P] + mov r8d,DWORD[OPENSSL_ia32cap_P] bt r8d,20 - jc $L$c1stloop - jmp $L$w1stloop + jc NEAR $L$c1stloop + jmp NEAR $L$w1stloop ALIGN 16 -$L$w1stloop:: - mov DWORD PTR[rax*4+rdi],eax +$L$w1stloop: + mov DWORD[rax*4+rdi],eax add al,1 - jnc $L$w1stloop + jnc NEAR $L$w1stloop xor r9,r9 xor r8,r8 ALIGN 16 -$L$w2ndloop:: - mov r10d,DWORD PTR[r9*4+rdi] - add r8b,BYTE PTR[rsi*1+rdx] +$L$w2ndloop: + mov r10d,DWORD[r9*4+rdi] + add r8b,BYTE[rsi*1+rdx] add r8b,r10b add rsi,1 - mov r11d,DWORD PTR[r8*4+rdi] + mov r11d,DWORD[r8*4+rdi] cmovz rsi,rcx - mov DWORD PTR[r8*4+rdi],r10d - mov DWORD PTR[r9*4+rdi],r11d + mov DWORD[r8*4+rdi],r10d + mov DWORD[r9*4+rdi],r11d add r9b,1 - jnc $L$w2ndloop - jmp $L$exit_key + jnc NEAR $L$w2ndloop + jmp NEAR $L$exit_key ALIGN 16 -$L$c1stloop:: - mov BYTE PTR[rax*1+rdi],al +$L$c1stloop: + mov BYTE[rax*1+rdi],al add al,1 - jnc $L$c1stloop + jnc NEAR $L$c1stloop xor r9,r9 xor r8,r8 ALIGN 16 -$L$c2ndloop:: - mov r10b,BYTE PTR[r9*1+rdi] - add r8b,BYTE PTR[rsi*1+rdx] +$L$c2ndloop: + mov r10b,BYTE[r9*1+rdi] + add r8b,BYTE[rsi*1+rdx] add r8b,r10b add rsi,1 - mov r11b,BYTE PTR[r8*1+rdi] - jnz $L$cnowrap + mov r11b,BYTE[r8*1+rdi] + jnz NEAR $L$cnowrap mov rsi,rcx -$L$cnowrap:: - mov BYTE PTR[r8*1+rdi],r10b - mov BYTE PTR[r9*1+rdi],r11b +$L$cnowrap: + mov BYTE[r8*1+rdi],r10b + mov BYTE[r9*1+rdi],r11b add r9b,1 - jnc $L$c2ndloop - mov DWORD PTR[256+rdi],-1 + jnc NEAR $L$c2ndloop + mov DWORD[256+rdi],-1 ALIGN 16 -$L$exit_key:: +$L$exit_key: xor eax,eax - mov DWORD PTR[((-8))+rdi],eax - mov DWORD PTR[((-4))+rdi],eax - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] + mov DWORD[((-8))+rdi],eax + mov DWORD[((-4))+rdi],eax + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_asm_RC4_set_key:: -asm_RC4_set_key ENDP - -PUBLIC RC4_options +$L$SEH_end_asm_RC4_set_key: +EXTERN __imp_RtlVirtualUnwind ALIGN 16 -RC4_options PROC PUBLIC - lea rax,QWORD PTR[$L$opts] - mov rdx,QWORD PTR[OPENSSL_ia32cap_P] - mov edx,DWORD PTR[rdx] - bt edx,20 - jc $L$8xchar - bt edx,30 - jnc $L$done - add rax,25 - DB 0F3h,0C3h ;repret -$L$8xchar:: - add rax,12 -$L$done:: - DB 0F3h,0C3h ;repret -ALIGN 64 -$L$opts:: -DB 114,99,52,40,56,120,44,105,110,116,41,0 -DB 114,99,52,40,56,120,44,99,104,97,114,41,0 -DB 114,99,52,40,49,54,120,44,105,110,116,41,0 -DB 82,67,52,32,102,111,114,32,120,56,54,95,54,52,44,32 -DB 67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97 -DB 112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103 -DB 62,0 -ALIGN 64 -RC4_options ENDP -EXTERN __imp_RtlVirtualUnwind:NEAR - -ALIGN 16 -stream_se_handler PROC PRIVATE +stream_se_handler: push rsi push rdi push rbx @@ -661,41 +634,41 @@ stream_se_handler PROC PRIVATE pushfq sub rsp,64 - mov rax,QWORD PTR[120+r8] - mov rbx,QWORD PTR[248+r8] + mov rax,QWORD[120+r8] + mov rbx,QWORD[248+r8] - lea r10,QWORD PTR[$L$prologue] + lea r10,[$L$prologue] cmp rbx,r10 - jb $L$in_prologue + jb NEAR $L$in_prologue - mov rax,QWORD PTR[152+r8] + mov rax,QWORD[152+r8] - lea r10,QWORD PTR[$L$epilogue] + lea r10,[$L$epilogue] cmp rbx,r10 - jae $L$in_prologue + jae NEAR $L$in_prologue + + lea rax,[24+rax] - lea rax,QWORD PTR[24+rax] + mov rbx,QWORD[((-8))+rax] + mov r12,QWORD[((-16))+rax] + mov r13,QWORD[((-24))+rax] + mov QWORD[144+r8],rbx + mov QWORD[216+r8],r12 + mov QWORD[224+r8],r13 - mov rbx,QWORD PTR[((-8))+rax] - mov r12,QWORD PTR[((-16))+rax] - mov r13,QWORD PTR[((-24))+rax] - mov QWORD PTR[144+r8],rbx - mov QWORD PTR[216+r8],r12 - mov QWORD PTR[224+r8],r13 +$L$in_prologue: + mov rdi,QWORD[8+rax] + mov rsi,QWORD[16+rax] + mov QWORD[152+r8],rax + mov QWORD[168+r8],rsi + mov QWORD[176+r8],rdi -$L$in_prologue:: - mov rdi,QWORD PTR[8+rax] - mov rsi,QWORD PTR[16+rax] - mov QWORD PTR[152+r8],rax - mov QWORD PTR[168+r8],rsi - mov QWORD PTR[176+r8],rdi + jmp NEAR $L$common_seh_exit - jmp $L$common_seh_exit -stream_se_handler ENDP ALIGN 16 -key_se_handler PROC PRIVATE +key_se_handler: push rsi push rdi push rbx @@ -707,32 +680,32 @@ key_se_handler PROC PRIVATE pushfq sub rsp,64 - mov rax,QWORD PTR[152+r8] - mov rdi,QWORD PTR[8+rax] - mov rsi,QWORD PTR[16+rax] - mov QWORD PTR[168+r8],rsi - mov QWORD PTR[176+r8],rdi + mov rax,QWORD[152+r8] + mov rdi,QWORD[8+rax] + mov rsi,QWORD[16+rax] + mov QWORD[168+r8],rsi + mov QWORD[176+r8],rdi -$L$common_seh_exit:: +$L$common_seh_exit: - mov rdi,QWORD PTR[40+r9] + mov rdi,QWORD[40+r9] mov rsi,r8 mov ecx,154 - DD 0a548f3fch + DD 0xa548f3fc mov rsi,r9 xor rcx,rcx - mov rdx,QWORD PTR[8+rsi] - mov r8,QWORD PTR[rsi] - mov r9,QWORD PTR[16+rsi] - mov r10,QWORD PTR[40+rsi] - lea r11,QWORD PTR[56+rsi] - lea r12,QWORD PTR[24+rsi] - mov QWORD PTR[32+rsp],r10 - mov QWORD PTR[40+rsp],r11 - mov QWORD PTR[48+rsp],r12 - mov QWORD PTR[56+rsp],rcx - call QWORD PTR[__imp_RtlVirtualUnwind] + mov rdx,QWORD[8+rsi] + mov r8,QWORD[rsi] + mov r9,QWORD[16+rsi] + mov r10,QWORD[40+rsi] + lea r11,[56+rsi] + lea r12,[24+rsi] + mov QWORD[32+rsp],r10 + mov QWORD[40+rsp],r11 + mov QWORD[48+rsp],r12 + mov QWORD[56+rsp],rcx + call QWORD[__imp_RtlVirtualUnwind] mov eax,1 add rsp,64 @@ -746,28 +719,23 @@ $L$common_seh_exit:: pop rdi pop rsi DB 0F3h,0C3h ;repret -key_se_handler ENDP -.text$ ENDS -.pdata SEGMENT READONLY ALIGN(4) + +section .pdata rdata align=4 ALIGN 4 - DD imagerel $L$SEH_begin_asm_RC4 - DD imagerel $L$SEH_end_asm_RC4 - DD imagerel $L$SEH_info_asm_RC4 + DD $L$SEH_begin_asm_RC4 wrt ..imagebase + DD $L$SEH_end_asm_RC4 wrt ..imagebase + DD $L$SEH_info_asm_RC4 wrt ..imagebase - DD imagerel $L$SEH_begin_asm_RC4_set_key - DD imagerel $L$SEH_end_asm_RC4_set_key - DD imagerel $L$SEH_info_asm_RC4_set_key + DD $L$SEH_begin_asm_RC4_set_key wrt ..imagebase + DD $L$SEH_end_asm_RC4_set_key wrt ..imagebase + DD $L$SEH_info_asm_RC4_set_key wrt ..imagebase -.pdata ENDS -.xdata SEGMENT READONLY ALIGN(8) +section .xdata rdata align=8 ALIGN 8 -$L$SEH_info_asm_RC4:: +$L$SEH_info_asm_RC4: DB 9,0,0,0 - DD imagerel stream_se_handler -$L$SEH_info_asm_RC4_set_key:: + DD stream_se_handler wrt ..imagebase +$L$SEH_info_asm_RC4_set_key: DB 9,0,0,0 - DD imagerel key_se_handler - -.xdata ENDS -END + DD key_se_handler wrt ..imagebase diff --git a/win-x86_64/crypto/sha/sha1-x86_64.asm b/win-x86_64/crypto/sha/sha1-x86_64.asm index ecda6dc..0f5361a 100644 --- a/win-x86_64/crypto/sha/sha1-x86_64.asm +++ b/win-x86_64/crypto/sha/sha1-x86_64.asm @@ -1,29 +1,33 @@ -OPTION DOTNAME -.text$ SEGMENT ALIGN(256) 'CODE' -EXTERN OPENSSL_ia32cap_P:NEAR +default rel +%define XMMWORD +%define YMMWORD +%define ZMMWORD +section .text code align=64 -PUBLIC sha1_block_data_order +EXTERN OPENSSL_ia32cap_P + +global sha1_block_data_order ALIGN 16 -sha1_block_data_order PROC PUBLIC - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +sha1_block_data_order: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_sha1_block_data_order:: +$L$SEH_begin_sha1_block_data_order: mov rdi,rcx mov rsi,rdx mov rdx,r8 - mov r9d,DWORD PTR[((OPENSSL_ia32cap_P+0))] - mov r8d,DWORD PTR[((OPENSSL_ia32cap_P+4))] - mov r10d,DWORD PTR[((OPENSSL_ia32cap_P+8))] + mov r9d,DWORD[((OPENSSL_ia32cap_P+0))] + mov r8d,DWORD[((OPENSSL_ia32cap_P+4))] + mov r10d,DWORD[((OPENSSL_ia32cap_P+8))] test r8d,512 - jz $L$ialu - jmp _ssse3_shortcut + jz NEAR $L$ialu + jmp NEAR _ssse3_shortcut ALIGN 16 -$L$ialu:: +$L$ialu: mov rax,rsp push rbx push rbp @@ -35,579 +39,579 @@ $L$ialu:: mov r9,rsi and rsp,-64 mov r10,rdx - mov QWORD PTR[64+rsp],rax -$L$prologue:: + mov QWORD[64+rsp],rax +$L$prologue: - mov esi,DWORD PTR[r8] - mov edi,DWORD PTR[4+r8] - mov r11d,DWORD PTR[8+r8] - mov r12d,DWORD PTR[12+r8] - mov r13d,DWORD PTR[16+r8] - jmp $L$loop + mov esi,DWORD[r8] + mov edi,DWORD[4+r8] + mov r11d,DWORD[8+r8] + mov r12d,DWORD[12+r8] + mov r13d,DWORD[16+r8] + jmp NEAR $L$loop ALIGN 16 -$L$loop:: - mov edx,DWORD PTR[r9] +$L$loop: + mov edx,DWORD[r9] bswap edx - mov ebp,DWORD PTR[4+r9] + mov ebp,DWORD[4+r9] mov eax,r12d - mov DWORD PTR[rsp],edx + mov DWORD[rsp],edx mov ecx,esi bswap ebp xor eax,r11d rol ecx,5 and eax,edi - lea r13d,DWORD PTR[1518500249+r13*1+rdx] + lea r13d,[1518500249+r13*1+rdx] add r13d,ecx xor eax,r12d rol edi,30 add r13d,eax - mov r14d,DWORD PTR[8+r9] + mov r14d,DWORD[8+r9] mov eax,r11d - mov DWORD PTR[4+rsp],ebp + mov DWORD[4+rsp],ebp mov ecx,r13d bswap r14d xor eax,edi rol ecx,5 and eax,esi - lea r12d,DWORD PTR[1518500249+r12*1+rbp] + lea r12d,[1518500249+r12*1+rbp] add r12d,ecx xor eax,r11d rol esi,30 add r12d,eax - mov edx,DWORD PTR[12+r9] + mov edx,DWORD[12+r9] mov eax,edi - mov DWORD PTR[8+rsp],r14d + mov DWORD[8+rsp],r14d mov ecx,r12d bswap edx xor eax,esi rol ecx,5 and eax,r13d - lea r11d,DWORD PTR[1518500249+r11*1+r14] + lea r11d,[1518500249+r11*1+r14] add r11d,ecx xor eax,edi rol r13d,30 add r11d,eax - mov ebp,DWORD PTR[16+r9] + mov ebp,DWORD[16+r9] mov eax,esi - mov DWORD PTR[12+rsp],edx + mov DWORD[12+rsp],edx mov ecx,r11d bswap ebp xor eax,r13d rol ecx,5 and eax,r12d - lea edi,DWORD PTR[1518500249+rdi*1+rdx] + lea edi,[1518500249+rdi*1+rdx] add edi,ecx xor eax,esi rol r12d,30 add edi,eax - mov r14d,DWORD PTR[20+r9] + mov r14d,DWORD[20+r9] mov eax,r13d - mov DWORD PTR[16+rsp],ebp + mov DWORD[16+rsp],ebp mov ecx,edi bswap r14d xor eax,r12d rol ecx,5 and eax,r11d - lea esi,DWORD PTR[1518500249+rsi*1+rbp] + lea esi,[1518500249+rsi*1+rbp] add esi,ecx xor eax,r13d rol r11d,30 add esi,eax - mov edx,DWORD PTR[24+r9] + mov edx,DWORD[24+r9] mov eax,r12d - mov DWORD PTR[20+rsp],r14d + mov DWORD[20+rsp],r14d mov ecx,esi bswap edx xor eax,r11d rol ecx,5 and eax,edi - lea r13d,DWORD PTR[1518500249+r13*1+r14] + lea r13d,[1518500249+r13*1+r14] add r13d,ecx xor eax,r12d rol edi,30 add r13d,eax - mov ebp,DWORD PTR[28+r9] + mov ebp,DWORD[28+r9] mov eax,r11d - mov DWORD PTR[24+rsp],edx + mov DWORD[24+rsp],edx mov ecx,r13d bswap ebp xor eax,edi rol ecx,5 and eax,esi - lea r12d,DWORD PTR[1518500249+r12*1+rdx] + lea r12d,[1518500249+r12*1+rdx] add r12d,ecx xor eax,r11d rol esi,30 add r12d,eax - mov r14d,DWORD PTR[32+r9] + mov r14d,DWORD[32+r9] mov eax,edi - mov DWORD PTR[28+rsp],ebp + mov DWORD[28+rsp],ebp mov ecx,r12d bswap r14d xor eax,esi rol ecx,5 and eax,r13d - lea r11d,DWORD PTR[1518500249+r11*1+rbp] + lea r11d,[1518500249+r11*1+rbp] add r11d,ecx xor eax,edi rol r13d,30 add r11d,eax - mov edx,DWORD PTR[36+r9] + mov edx,DWORD[36+r9] mov eax,esi - mov DWORD PTR[32+rsp],r14d + mov DWORD[32+rsp],r14d mov ecx,r11d bswap edx xor eax,r13d rol ecx,5 and eax,r12d - lea edi,DWORD PTR[1518500249+rdi*1+r14] + lea edi,[1518500249+rdi*1+r14] add edi,ecx xor eax,esi rol r12d,30 add edi,eax - mov ebp,DWORD PTR[40+r9] + mov ebp,DWORD[40+r9] mov eax,r13d - mov DWORD PTR[36+rsp],edx + mov DWORD[36+rsp],edx mov ecx,edi bswap ebp xor eax,r12d rol ecx,5 and eax,r11d - lea esi,DWORD PTR[1518500249+rsi*1+rdx] + lea esi,[1518500249+rsi*1+rdx] add esi,ecx xor eax,r13d rol r11d,30 add esi,eax - mov r14d,DWORD PTR[44+r9] + mov r14d,DWORD[44+r9] mov eax,r12d - mov DWORD PTR[40+rsp],ebp + mov DWORD[40+rsp],ebp mov ecx,esi bswap r14d xor eax,r11d rol ecx,5 and eax,edi - lea r13d,DWORD PTR[1518500249+r13*1+rbp] + lea r13d,[1518500249+r13*1+rbp] add r13d,ecx xor eax,r12d rol edi,30 add r13d,eax - mov edx,DWORD PTR[48+r9] + mov edx,DWORD[48+r9] mov eax,r11d - mov DWORD PTR[44+rsp],r14d + mov DWORD[44+rsp],r14d mov ecx,r13d bswap edx xor eax,edi rol ecx,5 and eax,esi - lea r12d,DWORD PTR[1518500249+r12*1+r14] + lea r12d,[1518500249+r12*1+r14] add r12d,ecx xor eax,r11d rol esi,30 add r12d,eax - mov ebp,DWORD PTR[52+r9] + mov ebp,DWORD[52+r9] mov eax,edi - mov DWORD PTR[48+rsp],edx + mov DWORD[48+rsp],edx mov ecx,r12d bswap ebp xor eax,esi rol ecx,5 and eax,r13d - lea r11d,DWORD PTR[1518500249+r11*1+rdx] + lea r11d,[1518500249+r11*1+rdx] add r11d,ecx xor eax,edi rol r13d,30 add r11d,eax - mov r14d,DWORD PTR[56+r9] + mov r14d,DWORD[56+r9] mov eax,esi - mov DWORD PTR[52+rsp],ebp + mov DWORD[52+rsp],ebp mov ecx,r11d bswap r14d xor eax,r13d rol ecx,5 and eax,r12d - lea edi,DWORD PTR[1518500249+rdi*1+rbp] + lea edi,[1518500249+rdi*1+rbp] add edi,ecx xor eax,esi rol r12d,30 add edi,eax - mov edx,DWORD PTR[60+r9] + mov edx,DWORD[60+r9] mov eax,r13d - mov DWORD PTR[56+rsp],r14d + mov DWORD[56+rsp],r14d mov ecx,edi bswap edx xor eax,r12d rol ecx,5 and eax,r11d - lea esi,DWORD PTR[1518500249+rsi*1+r14] + lea esi,[1518500249+rsi*1+r14] add esi,ecx xor eax,r13d rol r11d,30 add esi,eax - xor ebp,DWORD PTR[rsp] + xor ebp,DWORD[rsp] mov eax,r12d - mov DWORD PTR[60+rsp],edx + mov DWORD[60+rsp],edx mov ecx,esi - xor ebp,DWORD PTR[8+rsp] + xor ebp,DWORD[8+rsp] xor eax,r11d rol ecx,5 - xor ebp,DWORD PTR[32+rsp] + xor ebp,DWORD[32+rsp] and eax,edi - lea r13d,DWORD PTR[1518500249+r13*1+rdx] + lea r13d,[1518500249+r13*1+rdx] rol edi,30 xor eax,r12d add r13d,ecx rol ebp,1 add r13d,eax - xor r14d,DWORD PTR[4+rsp] + xor r14d,DWORD[4+rsp] mov eax,r11d - mov DWORD PTR[rsp],ebp + mov DWORD[rsp],ebp mov ecx,r13d - xor r14d,DWORD PTR[12+rsp] + xor r14d,DWORD[12+rsp] xor eax,edi rol ecx,5 - xor r14d,DWORD PTR[36+rsp] + xor r14d,DWORD[36+rsp] and eax,esi - lea r12d,DWORD PTR[1518500249+r12*1+rbp] + lea r12d,[1518500249+r12*1+rbp] rol esi,30 xor eax,r11d add r12d,ecx rol r14d,1 add r12d,eax - xor edx,DWORD PTR[8+rsp] + xor edx,DWORD[8+rsp] mov eax,edi - mov DWORD PTR[4+rsp],r14d + mov DWORD[4+rsp],r14d mov ecx,r12d - xor edx,DWORD PTR[16+rsp] + xor edx,DWORD[16+rsp] xor eax,esi rol ecx,5 - xor edx,DWORD PTR[40+rsp] + xor edx,DWORD[40+rsp] and eax,r13d - lea r11d,DWORD PTR[1518500249+r11*1+r14] + lea r11d,[1518500249+r11*1+r14] rol r13d,30 xor eax,edi add r11d,ecx rol edx,1 add r11d,eax - xor ebp,DWORD PTR[12+rsp] + xor ebp,DWORD[12+rsp] mov eax,esi - mov DWORD PTR[8+rsp],edx + mov DWORD[8+rsp],edx mov ecx,r11d - xor ebp,DWORD PTR[20+rsp] + xor ebp,DWORD[20+rsp] xor eax,r13d rol ecx,5 - xor ebp,DWORD PTR[44+rsp] + xor ebp,DWORD[44+rsp] and eax,r12d - lea edi,DWORD PTR[1518500249+rdi*1+rdx] + lea edi,[1518500249+rdi*1+rdx] rol r12d,30 xor eax,esi add edi,ecx rol ebp,1 add edi,eax - xor r14d,DWORD PTR[16+rsp] + xor r14d,DWORD[16+rsp] mov eax,r13d - mov DWORD PTR[12+rsp],ebp + mov DWORD[12+rsp],ebp mov ecx,edi - xor r14d,DWORD PTR[24+rsp] + xor r14d,DWORD[24+rsp] xor eax,r12d rol ecx,5 - xor r14d,DWORD PTR[48+rsp] + xor r14d,DWORD[48+rsp] and eax,r11d - lea esi,DWORD PTR[1518500249+rsi*1+rbp] + lea esi,[1518500249+rsi*1+rbp] rol r11d,30 xor eax,r13d add esi,ecx rol r14d,1 add esi,eax - xor edx,DWORD PTR[20+rsp] + xor edx,DWORD[20+rsp] mov eax,edi - mov DWORD PTR[16+rsp],r14d + mov DWORD[16+rsp],r14d mov ecx,esi - xor edx,DWORD PTR[28+rsp] + xor edx,DWORD[28+rsp] xor eax,r12d rol ecx,5 - xor edx,DWORD PTR[52+rsp] - lea r13d,DWORD PTR[1859775393+r13*1+r14] + xor edx,DWORD[52+rsp] + lea r13d,[1859775393+r13*1+r14] xor eax,r11d add r13d,ecx rol edi,30 add r13d,eax rol edx,1 - xor ebp,DWORD PTR[24+rsp] + xor ebp,DWORD[24+rsp] mov eax,esi - mov DWORD PTR[20+rsp],edx + mov DWORD[20+rsp],edx mov ecx,r13d - xor ebp,DWORD PTR[32+rsp] + xor ebp,DWORD[32+rsp] xor eax,r11d rol ecx,5 - xor ebp,DWORD PTR[56+rsp] - lea r12d,DWORD PTR[1859775393+r12*1+rdx] + xor ebp,DWORD[56+rsp] + lea r12d,[1859775393+r12*1+rdx] xor eax,edi add r12d,ecx rol esi,30 add r12d,eax rol ebp,1 - xor r14d,DWORD PTR[28+rsp] + xor r14d,DWORD[28+rsp] mov eax,r13d - mov DWORD PTR[24+rsp],ebp + mov DWORD[24+rsp],ebp mov ecx,r12d - xor r14d,DWORD PTR[36+rsp] + xor r14d,DWORD[36+rsp] xor eax,edi rol ecx,5 - xor r14d,DWORD PTR[60+rsp] - lea r11d,DWORD PTR[1859775393+r11*1+rbp] + xor r14d,DWORD[60+rsp] + lea r11d,[1859775393+r11*1+rbp] xor eax,esi add r11d,ecx rol r13d,30 add r11d,eax rol r14d,1 - xor edx,DWORD PTR[32+rsp] + xor edx,DWORD[32+rsp] mov eax,r12d - mov DWORD PTR[28+rsp],r14d + mov DWORD[28+rsp],r14d mov ecx,r11d - xor edx,DWORD PTR[40+rsp] + xor edx,DWORD[40+rsp] xor eax,esi rol ecx,5 - xor edx,DWORD PTR[rsp] - lea edi,DWORD PTR[1859775393+rdi*1+r14] + xor edx,DWORD[rsp] + lea edi,[1859775393+rdi*1+r14] xor eax,r13d add edi,ecx rol r12d,30 add edi,eax rol edx,1 - xor ebp,DWORD PTR[36+rsp] + xor ebp,DWORD[36+rsp] mov eax,r11d - mov DWORD PTR[32+rsp],edx + mov DWORD[32+rsp],edx mov ecx,edi - xor ebp,DWORD PTR[44+rsp] + xor ebp,DWORD[44+rsp] xor eax,r13d rol ecx,5 - xor ebp,DWORD PTR[4+rsp] - lea esi,DWORD PTR[1859775393+rsi*1+rdx] + xor ebp,DWORD[4+rsp] + lea esi,[1859775393+rsi*1+rdx] xor eax,r12d add esi,ecx rol r11d,30 add esi,eax rol ebp,1 - xor r14d,DWORD PTR[40+rsp] + xor r14d,DWORD[40+rsp] mov eax,edi - mov DWORD PTR[36+rsp],ebp + mov DWORD[36+rsp],ebp mov ecx,esi - xor r14d,DWORD PTR[48+rsp] + xor r14d,DWORD[48+rsp] xor eax,r12d rol ecx,5 - xor r14d,DWORD PTR[8+rsp] - lea r13d,DWORD PTR[1859775393+r13*1+rbp] + xor r14d,DWORD[8+rsp] + lea r13d,[1859775393+r13*1+rbp] xor eax,r11d add r13d,ecx rol edi,30 add r13d,eax rol r14d,1 - xor edx,DWORD PTR[44+rsp] + xor edx,DWORD[44+rsp] mov eax,esi - mov DWORD PTR[40+rsp],r14d + mov DWORD[40+rsp],r14d mov ecx,r13d - xor edx,DWORD PTR[52+rsp] + xor edx,DWORD[52+rsp] xor eax,r11d rol ecx,5 - xor edx,DWORD PTR[12+rsp] - lea r12d,DWORD PTR[1859775393+r12*1+r14] + xor edx,DWORD[12+rsp] + lea r12d,[1859775393+r12*1+r14] xor eax,edi add r12d,ecx rol esi,30 add r12d,eax rol edx,1 - xor ebp,DWORD PTR[48+rsp] + xor ebp,DWORD[48+rsp] mov eax,r13d - mov DWORD PTR[44+rsp],edx + mov DWORD[44+rsp],edx mov ecx,r12d - xor ebp,DWORD PTR[56+rsp] + xor ebp,DWORD[56+rsp] xor eax,edi rol ecx,5 - xor ebp,DWORD PTR[16+rsp] - lea r11d,DWORD PTR[1859775393+r11*1+rdx] + xor ebp,DWORD[16+rsp] + lea r11d,[1859775393+r11*1+rdx] xor eax,esi add r11d,ecx rol r13d,30 add r11d,eax rol ebp,1 - xor r14d,DWORD PTR[52+rsp] + xor r14d,DWORD[52+rsp] mov eax,r12d - mov DWORD PTR[48+rsp],ebp + mov DWORD[48+rsp],ebp mov ecx,r11d - xor r14d,DWORD PTR[60+rsp] + xor r14d,DWORD[60+rsp] xor eax,esi rol ecx,5 - xor r14d,DWORD PTR[20+rsp] - lea edi,DWORD PTR[1859775393+rdi*1+rbp] + xor r14d,DWORD[20+rsp] + lea edi,[1859775393+rdi*1+rbp] xor eax,r13d add edi,ecx rol r12d,30 add edi,eax rol r14d,1 - xor edx,DWORD PTR[56+rsp] + xor edx,DWORD[56+rsp] mov eax,r11d - mov DWORD PTR[52+rsp],r14d + mov DWORD[52+rsp],r14d mov ecx,edi - xor edx,DWORD PTR[rsp] + xor edx,DWORD[rsp] xor eax,r13d rol ecx,5 - xor edx,DWORD PTR[24+rsp] - lea esi,DWORD PTR[1859775393+rsi*1+r14] + xor edx,DWORD[24+rsp] + lea esi,[1859775393+rsi*1+r14] xor eax,r12d add esi,ecx rol r11d,30 add esi,eax rol edx,1 - xor ebp,DWORD PTR[60+rsp] + xor ebp,DWORD[60+rsp] mov eax,edi - mov DWORD PTR[56+rsp],edx + mov DWORD[56+rsp],edx mov ecx,esi - xor ebp,DWORD PTR[4+rsp] + xor ebp,DWORD[4+rsp] xor eax,r12d rol ecx,5 - xor ebp,DWORD PTR[28+rsp] - lea r13d,DWORD PTR[1859775393+r13*1+rdx] + xor ebp,DWORD[28+rsp] + lea r13d,[1859775393+r13*1+rdx] xor eax,r11d add r13d,ecx rol edi,30 add r13d,eax rol ebp,1 - xor r14d,DWORD PTR[rsp] + xor r14d,DWORD[rsp] mov eax,esi - mov DWORD PTR[60+rsp],ebp + mov DWORD[60+rsp],ebp mov ecx,r13d - xor r14d,DWORD PTR[8+rsp] + xor r14d,DWORD[8+rsp] xor eax,r11d rol ecx,5 - xor r14d,DWORD PTR[32+rsp] - lea r12d,DWORD PTR[1859775393+r12*1+rbp] + xor r14d,DWORD[32+rsp] + lea r12d,[1859775393+r12*1+rbp] xor eax,edi add r12d,ecx rol esi,30 add r12d,eax rol r14d,1 - xor edx,DWORD PTR[4+rsp] + xor edx,DWORD[4+rsp] mov eax,r13d - mov DWORD PTR[rsp],r14d + mov DWORD[rsp],r14d mov ecx,r12d - xor edx,DWORD PTR[12+rsp] + xor edx,DWORD[12+rsp] xor eax,edi rol ecx,5 - xor edx,DWORD PTR[36+rsp] - lea r11d,DWORD PTR[1859775393+r11*1+r14] + xor edx,DWORD[36+rsp] + lea r11d,[1859775393+r11*1+r14] xor eax,esi add r11d,ecx rol r13d,30 add r11d,eax rol edx,1 - xor ebp,DWORD PTR[8+rsp] + xor ebp,DWORD[8+rsp] mov eax,r12d - mov DWORD PTR[4+rsp],edx + mov DWORD[4+rsp],edx mov ecx,r11d - xor ebp,DWORD PTR[16+rsp] + xor ebp,DWORD[16+rsp] xor eax,esi rol ecx,5 - xor ebp,DWORD PTR[40+rsp] - lea edi,DWORD PTR[1859775393+rdi*1+rdx] + xor ebp,DWORD[40+rsp] + lea edi,[1859775393+rdi*1+rdx] xor eax,r13d add edi,ecx rol r12d,30 add edi,eax rol ebp,1 - xor r14d,DWORD PTR[12+rsp] + xor r14d,DWORD[12+rsp] mov eax,r11d - mov DWORD PTR[8+rsp],ebp + mov DWORD[8+rsp],ebp mov ecx,edi - xor r14d,DWORD PTR[20+rsp] + xor r14d,DWORD[20+rsp] xor eax,r13d rol ecx,5 - xor r14d,DWORD PTR[44+rsp] - lea esi,DWORD PTR[1859775393+rsi*1+rbp] + xor r14d,DWORD[44+rsp] + lea esi,[1859775393+rsi*1+rbp] xor eax,r12d add esi,ecx rol r11d,30 add esi,eax rol r14d,1 - xor edx,DWORD PTR[16+rsp] + xor edx,DWORD[16+rsp] mov eax,edi - mov DWORD PTR[12+rsp],r14d + mov DWORD[12+rsp],r14d mov ecx,esi - xor edx,DWORD PTR[24+rsp] + xor edx,DWORD[24+rsp] xor eax,r12d rol ecx,5 - xor edx,DWORD PTR[48+rsp] - lea r13d,DWORD PTR[1859775393+r13*1+r14] + xor edx,DWORD[48+rsp] + lea r13d,[1859775393+r13*1+r14] xor eax,r11d add r13d,ecx rol edi,30 add r13d,eax rol edx,1 - xor ebp,DWORD PTR[20+rsp] + xor ebp,DWORD[20+rsp] mov eax,esi - mov DWORD PTR[16+rsp],edx + mov DWORD[16+rsp],edx mov ecx,r13d - xor ebp,DWORD PTR[28+rsp] + xor ebp,DWORD[28+rsp] xor eax,r11d rol ecx,5 - xor ebp,DWORD PTR[52+rsp] - lea r12d,DWORD PTR[1859775393+r12*1+rdx] + xor ebp,DWORD[52+rsp] + lea r12d,[1859775393+r12*1+rdx] xor eax,edi add r12d,ecx rol esi,30 add r12d,eax rol ebp,1 - xor r14d,DWORD PTR[24+rsp] + xor r14d,DWORD[24+rsp] mov eax,r13d - mov DWORD PTR[20+rsp],ebp + mov DWORD[20+rsp],ebp mov ecx,r12d - xor r14d,DWORD PTR[32+rsp] + xor r14d,DWORD[32+rsp] xor eax,edi rol ecx,5 - xor r14d,DWORD PTR[56+rsp] - lea r11d,DWORD PTR[1859775393+r11*1+rbp] + xor r14d,DWORD[56+rsp] + lea r11d,[1859775393+r11*1+rbp] xor eax,esi add r11d,ecx rol r13d,30 add r11d,eax rol r14d,1 - xor edx,DWORD PTR[28+rsp] + xor edx,DWORD[28+rsp] mov eax,r12d - mov DWORD PTR[24+rsp],r14d + mov DWORD[24+rsp],r14d mov ecx,r11d - xor edx,DWORD PTR[36+rsp] + xor edx,DWORD[36+rsp] xor eax,esi rol ecx,5 - xor edx,DWORD PTR[60+rsp] - lea edi,DWORD PTR[1859775393+rdi*1+r14] + xor edx,DWORD[60+rsp] + lea edi,[1859775393+rdi*1+r14] xor eax,r13d add edi,ecx rol r12d,30 add edi,eax rol edx,1 - xor ebp,DWORD PTR[32+rsp] + xor ebp,DWORD[32+rsp] mov eax,r11d - mov DWORD PTR[28+rsp],edx + mov DWORD[28+rsp],edx mov ecx,edi - xor ebp,DWORD PTR[40+rsp] + xor ebp,DWORD[40+rsp] xor eax,r13d rol ecx,5 - xor ebp,DWORD PTR[rsp] - lea esi,DWORD PTR[1859775393+rsi*1+rdx] + xor ebp,DWORD[rsp] + lea esi,[1859775393+rsi*1+rdx] xor eax,r12d add esi,ecx rol r11d,30 add esi,eax rol ebp,1 - xor r14d,DWORD PTR[36+rsp] + xor r14d,DWORD[36+rsp] mov eax,r12d - mov DWORD PTR[32+rsp],ebp + mov DWORD[32+rsp],ebp mov ebx,r12d - xor r14d,DWORD PTR[44+rsp] + xor r14d,DWORD[44+rsp] and eax,r11d mov ecx,esi - xor r14d,DWORD PTR[4+rsp] - lea r13d,DWORD PTR[((-1894007588))+r13*1+rbp] + xor r14d,DWORD[4+rsp] + lea r13d,[((-1894007588))+r13*1+rbp] xor ebx,r11d rol ecx,5 add r13d,eax @@ -616,15 +620,15 @@ $L$loop:: add r13d,ecx rol edi,30 add r13d,ebx - xor edx,DWORD PTR[40+rsp] + xor edx,DWORD[40+rsp] mov eax,r11d - mov DWORD PTR[36+rsp],r14d + mov DWORD[36+rsp],r14d mov ebx,r11d - xor edx,DWORD PTR[48+rsp] + xor edx,DWORD[48+rsp] and eax,edi mov ecx,r13d - xor edx,DWORD PTR[8+rsp] - lea r12d,DWORD PTR[((-1894007588))+r12*1+r14] + xor edx,DWORD[8+rsp] + lea r12d,[((-1894007588))+r12*1+r14] xor ebx,edi rol ecx,5 add r12d,eax @@ -633,15 +637,15 @@ $L$loop:: add r12d,ecx rol esi,30 add r12d,ebx - xor ebp,DWORD PTR[44+rsp] + xor ebp,DWORD[44+rsp] mov eax,edi - mov DWORD PTR[40+rsp],edx + mov DWORD[40+rsp],edx mov ebx,edi - xor ebp,DWORD PTR[52+rsp] + xor ebp,DWORD[52+rsp] and eax,esi mov ecx,r12d - xor ebp,DWORD PTR[12+rsp] - lea r11d,DWORD PTR[((-1894007588))+r11*1+rdx] + xor ebp,DWORD[12+rsp] + lea r11d,[((-1894007588))+r11*1+rdx] xor ebx,esi rol ecx,5 add r11d,eax @@ -650,15 +654,15 @@ $L$loop:: add r11d,ecx rol r13d,30 add r11d,ebx - xor r14d,DWORD PTR[48+rsp] + xor r14d,DWORD[48+rsp] mov eax,esi - mov DWORD PTR[44+rsp],ebp + mov DWORD[44+rsp],ebp mov ebx,esi - xor r14d,DWORD PTR[56+rsp] + xor r14d,DWORD[56+rsp] and eax,r13d mov ecx,r11d - xor r14d,DWORD PTR[16+rsp] - lea edi,DWORD PTR[((-1894007588))+rdi*1+rbp] + xor r14d,DWORD[16+rsp] + lea edi,[((-1894007588))+rdi*1+rbp] xor ebx,r13d rol ecx,5 add edi,eax @@ -667,15 +671,15 @@ $L$loop:: add edi,ecx rol r12d,30 add edi,ebx - xor edx,DWORD PTR[52+rsp] + xor edx,DWORD[52+rsp] mov eax,r13d - mov DWORD PTR[48+rsp],r14d + mov DWORD[48+rsp],r14d mov ebx,r13d - xor edx,DWORD PTR[60+rsp] + xor edx,DWORD[60+rsp] and eax,r12d mov ecx,edi - xor edx,DWORD PTR[20+rsp] - lea esi,DWORD PTR[((-1894007588))+rsi*1+r14] + xor edx,DWORD[20+rsp] + lea esi,[((-1894007588))+rsi*1+r14] xor ebx,r12d rol ecx,5 add esi,eax @@ -684,15 +688,15 @@ $L$loop:: add esi,ecx rol r11d,30 add esi,ebx - xor ebp,DWORD PTR[56+rsp] + xor ebp,DWORD[56+rsp] mov eax,r12d - mov DWORD PTR[52+rsp],edx + mov DWORD[52+rsp],edx mov ebx,r12d - xor ebp,DWORD PTR[rsp] + xor ebp,DWORD[rsp] and eax,r11d mov ecx,esi - xor ebp,DWORD PTR[24+rsp] - lea r13d,DWORD PTR[((-1894007588))+r13*1+rdx] + xor ebp,DWORD[24+rsp] + lea r13d,[((-1894007588))+r13*1+rdx] xor ebx,r11d rol ecx,5 add r13d,eax @@ -701,15 +705,15 @@ $L$loop:: add r13d,ecx rol edi,30 add r13d,ebx - xor r14d,DWORD PTR[60+rsp] + xor r14d,DWORD[60+rsp] mov eax,r11d - mov DWORD PTR[56+rsp],ebp + mov DWORD[56+rsp],ebp mov ebx,r11d - xor r14d,DWORD PTR[4+rsp] + xor r14d,DWORD[4+rsp] and eax,edi mov ecx,r13d - xor r14d,DWORD PTR[28+rsp] - lea r12d,DWORD PTR[((-1894007588))+r12*1+rbp] + xor r14d,DWORD[28+rsp] + lea r12d,[((-1894007588))+r12*1+rbp] xor ebx,edi rol ecx,5 add r12d,eax @@ -718,15 +722,15 @@ $L$loop:: add r12d,ecx rol esi,30 add r12d,ebx - xor edx,DWORD PTR[rsp] + xor edx,DWORD[rsp] mov eax,edi - mov DWORD PTR[60+rsp],r14d + mov DWORD[60+rsp],r14d mov ebx,edi - xor edx,DWORD PTR[8+rsp] + xor edx,DWORD[8+rsp] and eax,esi mov ecx,r12d - xor edx,DWORD PTR[32+rsp] - lea r11d,DWORD PTR[((-1894007588))+r11*1+r14] + xor edx,DWORD[32+rsp] + lea r11d,[((-1894007588))+r11*1+r14] xor ebx,esi rol ecx,5 add r11d,eax @@ -735,15 +739,15 @@ $L$loop:: add r11d,ecx rol r13d,30 add r11d,ebx - xor ebp,DWORD PTR[4+rsp] + xor ebp,DWORD[4+rsp] mov eax,esi - mov DWORD PTR[rsp],edx + mov DWORD[rsp],edx mov ebx,esi - xor ebp,DWORD PTR[12+rsp] + xor ebp,DWORD[12+rsp] and eax,r13d mov ecx,r11d - xor ebp,DWORD PTR[36+rsp] - lea edi,DWORD PTR[((-1894007588))+rdi*1+rdx] + xor ebp,DWORD[36+rsp] + lea edi,[((-1894007588))+rdi*1+rdx] xor ebx,r13d rol ecx,5 add edi,eax @@ -752,15 +756,15 @@ $L$loop:: add edi,ecx rol r12d,30 add edi,ebx - xor r14d,DWORD PTR[8+rsp] + xor r14d,DWORD[8+rsp] mov eax,r13d - mov DWORD PTR[4+rsp],ebp + mov DWORD[4+rsp],ebp mov ebx,r13d - xor r14d,DWORD PTR[16+rsp] + xor r14d,DWORD[16+rsp] and eax,r12d mov ecx,edi - xor r14d,DWORD PTR[40+rsp] - lea esi,DWORD PTR[((-1894007588))+rsi*1+rbp] + xor r14d,DWORD[40+rsp] + lea esi,[((-1894007588))+rsi*1+rbp] xor ebx,r12d rol ecx,5 add esi,eax @@ -769,15 +773,15 @@ $L$loop:: add esi,ecx rol r11d,30 add esi,ebx - xor edx,DWORD PTR[12+rsp] + xor edx,DWORD[12+rsp] mov eax,r12d - mov DWORD PTR[8+rsp],r14d + mov DWORD[8+rsp],r14d mov ebx,r12d - xor edx,DWORD PTR[20+rsp] + xor edx,DWORD[20+rsp] and eax,r11d mov ecx,esi - xor edx,DWORD PTR[44+rsp] - lea r13d,DWORD PTR[((-1894007588))+r13*1+r14] + xor edx,DWORD[44+rsp] + lea r13d,[((-1894007588))+r13*1+r14] xor ebx,r11d rol ecx,5 add r13d,eax @@ -786,15 +790,15 @@ $L$loop:: add r13d,ecx rol edi,30 add r13d,ebx - xor ebp,DWORD PTR[16+rsp] + xor ebp,DWORD[16+rsp] mov eax,r11d - mov DWORD PTR[12+rsp],edx + mov DWORD[12+rsp],edx mov ebx,r11d - xor ebp,DWORD PTR[24+rsp] + xor ebp,DWORD[24+rsp] and eax,edi mov ecx,r13d - xor ebp,DWORD PTR[48+rsp] - lea r12d,DWORD PTR[((-1894007588))+r12*1+rdx] + xor ebp,DWORD[48+rsp] + lea r12d,[((-1894007588))+r12*1+rdx] xor ebx,edi rol ecx,5 add r12d,eax @@ -803,15 +807,15 @@ $L$loop:: add r12d,ecx rol esi,30 add r12d,ebx - xor r14d,DWORD PTR[20+rsp] + xor r14d,DWORD[20+rsp] mov eax,edi - mov DWORD PTR[16+rsp],ebp + mov DWORD[16+rsp],ebp mov ebx,edi - xor r14d,DWORD PTR[28+rsp] + xor r14d,DWORD[28+rsp] and eax,esi mov ecx,r12d - xor r14d,DWORD PTR[52+rsp] - lea r11d,DWORD PTR[((-1894007588))+r11*1+rbp] + xor r14d,DWORD[52+rsp] + lea r11d,[((-1894007588))+r11*1+rbp] xor ebx,esi rol ecx,5 add r11d,eax @@ -820,15 +824,15 @@ $L$loop:: add r11d,ecx rol r13d,30 add r11d,ebx - xor edx,DWORD PTR[24+rsp] + xor edx,DWORD[24+rsp] mov eax,esi - mov DWORD PTR[20+rsp],r14d + mov DWORD[20+rsp],r14d mov ebx,esi - xor edx,DWORD PTR[32+rsp] + xor edx,DWORD[32+rsp] and eax,r13d mov ecx,r11d - xor edx,DWORD PTR[56+rsp] - lea edi,DWORD PTR[((-1894007588))+rdi*1+r14] + xor edx,DWORD[56+rsp] + lea edi,[((-1894007588))+rdi*1+r14] xor ebx,r13d rol ecx,5 add edi,eax @@ -837,15 +841,15 @@ $L$loop:: add edi,ecx rol r12d,30 add edi,ebx - xor ebp,DWORD PTR[28+rsp] + xor ebp,DWORD[28+rsp] mov eax,r13d - mov DWORD PTR[24+rsp],edx + mov DWORD[24+rsp],edx mov ebx,r13d - xor ebp,DWORD PTR[36+rsp] + xor ebp,DWORD[36+rsp] and eax,r12d mov ecx,edi - xor ebp,DWORD PTR[60+rsp] - lea esi,DWORD PTR[((-1894007588))+rsi*1+rdx] + xor ebp,DWORD[60+rsp] + lea esi,[((-1894007588))+rsi*1+rdx] xor ebx,r12d rol ecx,5 add esi,eax @@ -854,15 +858,15 @@ $L$loop:: add esi,ecx rol r11d,30 add esi,ebx - xor r14d,DWORD PTR[32+rsp] + xor r14d,DWORD[32+rsp] mov eax,r12d - mov DWORD PTR[28+rsp],ebp + mov DWORD[28+rsp],ebp mov ebx,r12d - xor r14d,DWORD PTR[40+rsp] + xor r14d,DWORD[40+rsp] and eax,r11d mov ecx,esi - xor r14d,DWORD PTR[rsp] - lea r13d,DWORD PTR[((-1894007588))+r13*1+rbp] + xor r14d,DWORD[rsp] + lea r13d,[((-1894007588))+r13*1+rbp] xor ebx,r11d rol ecx,5 add r13d,eax @@ -871,15 +875,15 @@ $L$loop:: add r13d,ecx rol edi,30 add r13d,ebx - xor edx,DWORD PTR[36+rsp] + xor edx,DWORD[36+rsp] mov eax,r11d - mov DWORD PTR[32+rsp],r14d + mov DWORD[32+rsp],r14d mov ebx,r11d - xor edx,DWORD PTR[44+rsp] + xor edx,DWORD[44+rsp] and eax,edi mov ecx,r13d - xor edx,DWORD PTR[4+rsp] - lea r12d,DWORD PTR[((-1894007588))+r12*1+r14] + xor edx,DWORD[4+rsp] + lea r12d,[((-1894007588))+r12*1+r14] xor ebx,edi rol ecx,5 add r12d,eax @@ -888,15 +892,15 @@ $L$loop:: add r12d,ecx rol esi,30 add r12d,ebx - xor ebp,DWORD PTR[40+rsp] + xor ebp,DWORD[40+rsp] mov eax,edi - mov DWORD PTR[36+rsp],edx + mov DWORD[36+rsp],edx mov ebx,edi - xor ebp,DWORD PTR[48+rsp] + xor ebp,DWORD[48+rsp] and eax,esi mov ecx,r12d - xor ebp,DWORD PTR[8+rsp] - lea r11d,DWORD PTR[((-1894007588))+r11*1+rdx] + xor ebp,DWORD[8+rsp] + lea r11d,[((-1894007588))+r11*1+rdx] xor ebx,esi rol ecx,5 add r11d,eax @@ -905,15 +909,15 @@ $L$loop:: add r11d,ecx rol r13d,30 add r11d,ebx - xor r14d,DWORD PTR[44+rsp] + xor r14d,DWORD[44+rsp] mov eax,esi - mov DWORD PTR[40+rsp],ebp + mov DWORD[40+rsp],ebp mov ebx,esi - xor r14d,DWORD PTR[52+rsp] + xor r14d,DWORD[52+rsp] and eax,r13d mov ecx,r11d - xor r14d,DWORD PTR[12+rsp] - lea edi,DWORD PTR[((-1894007588))+rdi*1+rbp] + xor r14d,DWORD[12+rsp] + lea edi,[((-1894007588))+rdi*1+rbp] xor ebx,r13d rol ecx,5 add edi,eax @@ -922,15 +926,15 @@ $L$loop:: add edi,ecx rol r12d,30 add edi,ebx - xor edx,DWORD PTR[48+rsp] + xor edx,DWORD[48+rsp] mov eax,r13d - mov DWORD PTR[44+rsp],r14d + mov DWORD[44+rsp],r14d mov ebx,r13d - xor edx,DWORD PTR[56+rsp] + xor edx,DWORD[56+rsp] and eax,r12d mov ecx,edi - xor edx,DWORD PTR[16+rsp] - lea esi,DWORD PTR[((-1894007588))+rsi*1+r14] + xor edx,DWORD[16+rsp] + lea esi,[((-1894007588))+rsi*1+r14] xor ebx,r12d rol ecx,5 add esi,eax @@ -939,267 +943,267 @@ $L$loop:: add esi,ecx rol r11d,30 add esi,ebx - xor ebp,DWORD PTR[52+rsp] + xor ebp,DWORD[52+rsp] mov eax,edi - mov DWORD PTR[48+rsp],edx + mov DWORD[48+rsp],edx mov ecx,esi - xor ebp,DWORD PTR[60+rsp] + xor ebp,DWORD[60+rsp] xor eax,r12d rol ecx,5 - xor ebp,DWORD PTR[20+rsp] - lea r13d,DWORD PTR[((-899497514))+r13*1+rdx] + xor ebp,DWORD[20+rsp] + lea r13d,[((-899497514))+r13*1+rdx] xor eax,r11d add r13d,ecx rol edi,30 add r13d,eax rol ebp,1 - xor r14d,DWORD PTR[56+rsp] + xor r14d,DWORD[56+rsp] mov eax,esi - mov DWORD PTR[52+rsp],ebp + mov DWORD[52+rsp],ebp mov ecx,r13d - xor r14d,DWORD PTR[rsp] + xor r14d,DWORD[rsp] xor eax,r11d rol ecx,5 - xor r14d,DWORD PTR[24+rsp] - lea r12d,DWORD PTR[((-899497514))+r12*1+rbp] + xor r14d,DWORD[24+rsp] + lea r12d,[((-899497514))+r12*1+rbp] xor eax,edi add r12d,ecx rol esi,30 add r12d,eax rol r14d,1 - xor edx,DWORD PTR[60+rsp] + xor edx,DWORD[60+rsp] mov eax,r13d - mov DWORD PTR[56+rsp],r14d + mov DWORD[56+rsp],r14d mov ecx,r12d - xor edx,DWORD PTR[4+rsp] + xor edx,DWORD[4+rsp] xor eax,edi rol ecx,5 - xor edx,DWORD PTR[28+rsp] - lea r11d,DWORD PTR[((-899497514))+r11*1+r14] + xor edx,DWORD[28+rsp] + lea r11d,[((-899497514))+r11*1+r14] xor eax,esi add r11d,ecx rol r13d,30 add r11d,eax rol edx,1 - xor ebp,DWORD PTR[rsp] + xor ebp,DWORD[rsp] mov eax,r12d - mov DWORD PTR[60+rsp],edx + mov DWORD[60+rsp],edx mov ecx,r11d - xor ebp,DWORD PTR[8+rsp] + xor ebp,DWORD[8+rsp] xor eax,esi rol ecx,5 - xor ebp,DWORD PTR[32+rsp] - lea edi,DWORD PTR[((-899497514))+rdi*1+rdx] + xor ebp,DWORD[32+rsp] + lea edi,[((-899497514))+rdi*1+rdx] xor eax,r13d add edi,ecx rol r12d,30 add edi,eax rol ebp,1 - xor r14d,DWORD PTR[4+rsp] + xor r14d,DWORD[4+rsp] mov eax,r11d - mov DWORD PTR[rsp],ebp + mov DWORD[rsp],ebp mov ecx,edi - xor r14d,DWORD PTR[12+rsp] + xor r14d,DWORD[12+rsp] xor eax,r13d rol ecx,5 - xor r14d,DWORD PTR[36+rsp] - lea esi,DWORD PTR[((-899497514))+rsi*1+rbp] + xor r14d,DWORD[36+rsp] + lea esi,[((-899497514))+rsi*1+rbp] xor eax,r12d add esi,ecx rol r11d,30 add esi,eax rol r14d,1 - xor edx,DWORD PTR[8+rsp] + xor edx,DWORD[8+rsp] mov eax,edi - mov DWORD PTR[4+rsp],r14d + mov DWORD[4+rsp],r14d mov ecx,esi - xor edx,DWORD PTR[16+rsp] + xor edx,DWORD[16+rsp] xor eax,r12d rol ecx,5 - xor edx,DWORD PTR[40+rsp] - lea r13d,DWORD PTR[((-899497514))+r13*1+r14] + xor edx,DWORD[40+rsp] + lea r13d,[((-899497514))+r13*1+r14] xor eax,r11d add r13d,ecx rol edi,30 add r13d,eax rol edx,1 - xor ebp,DWORD PTR[12+rsp] + xor ebp,DWORD[12+rsp] mov eax,esi - mov DWORD PTR[8+rsp],edx + mov DWORD[8+rsp],edx mov ecx,r13d - xor ebp,DWORD PTR[20+rsp] + xor ebp,DWORD[20+rsp] xor eax,r11d rol ecx,5 - xor ebp,DWORD PTR[44+rsp] - lea r12d,DWORD PTR[((-899497514))+r12*1+rdx] + xor ebp,DWORD[44+rsp] + lea r12d,[((-899497514))+r12*1+rdx] xor eax,edi add r12d,ecx rol esi,30 add r12d,eax rol ebp,1 - xor r14d,DWORD PTR[16+rsp] + xor r14d,DWORD[16+rsp] mov eax,r13d - mov DWORD PTR[12+rsp],ebp + mov DWORD[12+rsp],ebp mov ecx,r12d - xor r14d,DWORD PTR[24+rsp] + xor r14d,DWORD[24+rsp] xor eax,edi rol ecx,5 - xor r14d,DWORD PTR[48+rsp] - lea r11d,DWORD PTR[((-899497514))+r11*1+rbp] + xor r14d,DWORD[48+rsp] + lea r11d,[((-899497514))+r11*1+rbp] xor eax,esi add r11d,ecx rol r13d,30 add r11d,eax rol r14d,1 - xor edx,DWORD PTR[20+rsp] + xor edx,DWORD[20+rsp] mov eax,r12d - mov DWORD PTR[16+rsp],r14d + mov DWORD[16+rsp],r14d mov ecx,r11d - xor edx,DWORD PTR[28+rsp] + xor edx,DWORD[28+rsp] xor eax,esi rol ecx,5 - xor edx,DWORD PTR[52+rsp] - lea edi,DWORD PTR[((-899497514))+rdi*1+r14] + xor edx,DWORD[52+rsp] + lea edi,[((-899497514))+rdi*1+r14] xor eax,r13d add edi,ecx rol r12d,30 add edi,eax rol edx,1 - xor ebp,DWORD PTR[24+rsp] + xor ebp,DWORD[24+rsp] mov eax,r11d - mov DWORD PTR[20+rsp],edx + mov DWORD[20+rsp],edx mov ecx,edi - xor ebp,DWORD PTR[32+rsp] + xor ebp,DWORD[32+rsp] xor eax,r13d rol ecx,5 - xor ebp,DWORD PTR[56+rsp] - lea esi,DWORD PTR[((-899497514))+rsi*1+rdx] + xor ebp,DWORD[56+rsp] + lea esi,[((-899497514))+rsi*1+rdx] xor eax,r12d add esi,ecx rol r11d,30 add esi,eax rol ebp,1 - xor r14d,DWORD PTR[28+rsp] + xor r14d,DWORD[28+rsp] mov eax,edi - mov DWORD PTR[24+rsp],ebp + mov DWORD[24+rsp],ebp mov ecx,esi - xor r14d,DWORD PTR[36+rsp] + xor r14d,DWORD[36+rsp] xor eax,r12d rol ecx,5 - xor r14d,DWORD PTR[60+rsp] - lea r13d,DWORD PTR[((-899497514))+r13*1+rbp] + xor r14d,DWORD[60+rsp] + lea r13d,[((-899497514))+r13*1+rbp] xor eax,r11d add r13d,ecx rol edi,30 add r13d,eax rol r14d,1 - xor edx,DWORD PTR[32+rsp] + xor edx,DWORD[32+rsp] mov eax,esi - mov DWORD PTR[28+rsp],r14d + mov DWORD[28+rsp],r14d mov ecx,r13d - xor edx,DWORD PTR[40+rsp] + xor edx,DWORD[40+rsp] xor eax,r11d rol ecx,5 - xor edx,DWORD PTR[rsp] - lea r12d,DWORD PTR[((-899497514))+r12*1+r14] + xor edx,DWORD[rsp] + lea r12d,[((-899497514))+r12*1+r14] xor eax,edi add r12d,ecx rol esi,30 add r12d,eax rol edx,1 - xor ebp,DWORD PTR[36+rsp] + xor ebp,DWORD[36+rsp] mov eax,r13d mov ecx,r12d - xor ebp,DWORD PTR[44+rsp] + xor ebp,DWORD[44+rsp] xor eax,edi rol ecx,5 - xor ebp,DWORD PTR[4+rsp] - lea r11d,DWORD PTR[((-899497514))+r11*1+rdx] + xor ebp,DWORD[4+rsp] + lea r11d,[((-899497514))+r11*1+rdx] xor eax,esi add r11d,ecx rol r13d,30 add r11d,eax rol ebp,1 - xor r14d,DWORD PTR[40+rsp] + xor r14d,DWORD[40+rsp] mov eax,r12d mov ecx,r11d - xor r14d,DWORD PTR[48+rsp] + xor r14d,DWORD[48+rsp] xor eax,esi rol ecx,5 - xor r14d,DWORD PTR[8+rsp] - lea edi,DWORD PTR[((-899497514))+rdi*1+rbp] + xor r14d,DWORD[8+rsp] + lea edi,[((-899497514))+rdi*1+rbp] xor eax,r13d add edi,ecx rol r12d,30 add edi,eax rol r14d,1 - xor edx,DWORD PTR[44+rsp] + xor edx,DWORD[44+rsp] mov eax,r11d mov ecx,edi - xor edx,DWORD PTR[52+rsp] + xor edx,DWORD[52+rsp] xor eax,r13d rol ecx,5 - xor edx,DWORD PTR[12+rsp] - lea esi,DWORD PTR[((-899497514))+rsi*1+r14] + xor edx,DWORD[12+rsp] + lea esi,[((-899497514))+rsi*1+r14] xor eax,r12d add esi,ecx rol r11d,30 add esi,eax rol edx,1 - xor ebp,DWORD PTR[48+rsp] + xor ebp,DWORD[48+rsp] mov eax,edi mov ecx,esi - xor ebp,DWORD PTR[56+rsp] + xor ebp,DWORD[56+rsp] xor eax,r12d rol ecx,5 - xor ebp,DWORD PTR[16+rsp] - lea r13d,DWORD PTR[((-899497514))+r13*1+rdx] + xor ebp,DWORD[16+rsp] + lea r13d,[((-899497514))+r13*1+rdx] xor eax,r11d add r13d,ecx rol edi,30 add r13d,eax rol ebp,1 - xor r14d,DWORD PTR[52+rsp] + xor r14d,DWORD[52+rsp] mov eax,esi mov ecx,r13d - xor r14d,DWORD PTR[60+rsp] + xor r14d,DWORD[60+rsp] xor eax,r11d rol ecx,5 - xor r14d,DWORD PTR[20+rsp] - lea r12d,DWORD PTR[((-899497514))+r12*1+rbp] + xor r14d,DWORD[20+rsp] + lea r12d,[((-899497514))+r12*1+rbp] xor eax,edi add r12d,ecx rol esi,30 add r12d,eax rol r14d,1 - xor edx,DWORD PTR[56+rsp] + xor edx,DWORD[56+rsp] mov eax,r13d mov ecx,r12d - xor edx,DWORD PTR[rsp] + xor edx,DWORD[rsp] xor eax,edi rol ecx,5 - xor edx,DWORD PTR[24+rsp] - lea r11d,DWORD PTR[((-899497514))+r11*1+r14] + xor edx,DWORD[24+rsp] + lea r11d,[((-899497514))+r11*1+r14] xor eax,esi add r11d,ecx rol r13d,30 add r11d,eax rol edx,1 - xor ebp,DWORD PTR[60+rsp] + xor ebp,DWORD[60+rsp] mov eax,r12d mov ecx,r11d - xor ebp,DWORD PTR[4+rsp] + xor ebp,DWORD[4+rsp] xor eax,esi rol ecx,5 - xor ebp,DWORD PTR[28+rsp] - lea edi,DWORD PTR[((-899497514))+rdi*1+rdx] + xor ebp,DWORD[28+rsp] + lea edi,[((-899497514))+rdi*1+rdx] xor eax,r13d add edi,ecx rol r12d,30 @@ -1208,67 +1212,66 @@ $L$loop:: mov eax,r11d mov ecx,edi xor eax,r13d - lea esi,DWORD PTR[((-899497514))+rsi*1+rbp] + lea esi,[((-899497514))+rsi*1+rbp] rol ecx,5 xor eax,r12d add esi,ecx rol r11d,30 add esi,eax - add esi,DWORD PTR[r8] - add edi,DWORD PTR[4+r8] - add r11d,DWORD PTR[8+r8] - add r12d,DWORD PTR[12+r8] - add r13d,DWORD PTR[16+r8] - mov DWORD PTR[r8],esi - mov DWORD PTR[4+r8],edi - mov DWORD PTR[8+r8],r11d - mov DWORD PTR[12+r8],r12d - mov DWORD PTR[16+r8],r13d + add esi,DWORD[r8] + add edi,DWORD[4+r8] + add r11d,DWORD[8+r8] + add r12d,DWORD[12+r8] + add r13d,DWORD[16+r8] + mov DWORD[r8],esi + mov DWORD[4+r8],edi + mov DWORD[8+r8],r11d + mov DWORD[12+r8],r12d + mov DWORD[16+r8],r13d sub r10,1 - lea r9,QWORD PTR[64+r9] - jnz $L$loop + lea r9,[64+r9] + jnz NEAR $L$loop - mov rsi,QWORD PTR[64+rsp] - mov r14,QWORD PTR[((-40))+rsi] - mov r13,QWORD PTR[((-32))+rsi] - mov r12,QWORD PTR[((-24))+rsi] - mov rbp,QWORD PTR[((-16))+rsi] - mov rbx,QWORD PTR[((-8))+rsi] - lea rsp,QWORD PTR[rsi] -$L$epilogue:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] + mov rsi,QWORD[64+rsp] + mov r14,QWORD[((-40))+rsi] + mov r13,QWORD[((-32))+rsi] + mov r12,QWORD[((-24))+rsi] + mov rbp,QWORD[((-16))+rsi] + mov rbx,QWORD[((-8))+rsi] + lea rsp,[rsi] +$L$epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_sha1_block_data_order:: -sha1_block_data_order ENDP +$L$SEH_end_sha1_block_data_order: ALIGN 16 -sha1_block_data_order_ssse3 PROC PRIVATE - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +sha1_block_data_order_ssse3: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_sha1_block_data_order_ssse3:: +$L$SEH_begin_sha1_block_data_order_ssse3: mov rdi,rcx mov rsi,rdx mov rdx,r8 -_ssse3_shortcut:: +_ssse3_shortcut: mov rax,rsp push rbx push rbp push r12 push r13 push r14 - lea rsp,QWORD PTR[((-160))+rsp] - movaps XMMWORD PTR[(-40-96)+rax],xmm6 - movaps XMMWORD PTR[(-40-80)+rax],xmm7 - movaps XMMWORD PTR[(-40-64)+rax],xmm8 - movaps XMMWORD PTR[(-40-48)+rax],xmm9 - movaps XMMWORD PTR[(-40-32)+rax],xmm10 - movaps XMMWORD PTR[(-40-16)+rax],xmm11 -$L$prologue_ssse3:: + lea rsp,[((-160))+rsp] + movaps XMMWORD[(-40-96)+rax],xmm6 + movaps XMMWORD[(-40-80)+rax],xmm7 + movaps XMMWORD[(-40-64)+rax],xmm8 + movaps XMMWORD[(-40-48)+rax],xmm9 + movaps XMMWORD[(-40-32)+rax],xmm10 + movaps XMMWORD[(-40-16)+rax],xmm11 +$L$prologue_ssse3: mov r14,rax and rsp,-64 mov r8,rdi @@ -1277,24 +1280,24 @@ $L$prologue_ssse3:: shl r10,6 add r10,r9 - lea r11,QWORD PTR[((K_XX_XX+64))] + lea r11,[((K_XX_XX+64))] - mov eax,DWORD PTR[r8] - mov ebx,DWORD PTR[4+r8] - mov ecx,DWORD PTR[8+r8] - mov edx,DWORD PTR[12+r8] + mov eax,DWORD[r8] + mov ebx,DWORD[4+r8] + mov ecx,DWORD[8+r8] + mov edx,DWORD[12+r8] mov esi,ebx - mov ebp,DWORD PTR[16+r8] + mov ebp,DWORD[16+r8] mov edi,ecx xor edi,edx and esi,edi - movdqa xmm6,XMMWORD PTR[64+r11] - movdqa xmm9,XMMWORD PTR[((-64))+r11] - movdqu xmm0,XMMWORD PTR[r9] - movdqu xmm1,XMMWORD PTR[16+r9] - movdqu xmm2,XMMWORD PTR[32+r9] - movdqu xmm3,XMMWORD PTR[48+r9] + movdqa xmm6,XMMWORD[64+r11] + movdqa xmm9,XMMWORD[((-64))+r11] + movdqu xmm0,XMMWORD[r9] + movdqu xmm1,XMMWORD[16+r9] + movdqu xmm2,XMMWORD[32+r9] + movdqu xmm3,XMMWORD[48+r9] DB 102,15,56,0,198 DB 102,15,56,0,206 DB 102,15,56,0,214 @@ -1303,22 +1306,22 @@ DB 102,15,56,0,214 DB 102,15,56,0,222 paddd xmm1,xmm9 paddd xmm2,xmm9 - movdqa XMMWORD PTR[rsp],xmm0 + movdqa XMMWORD[rsp],xmm0 psubd xmm0,xmm9 - movdqa XMMWORD PTR[16+rsp],xmm1 + movdqa XMMWORD[16+rsp],xmm1 psubd xmm1,xmm9 - movdqa XMMWORD PTR[32+rsp],xmm2 + movdqa XMMWORD[32+rsp],xmm2 psubd xmm2,xmm9 - jmp $L$oop_ssse3 + jmp NEAR $L$oop_ssse3 ALIGN 16 -$L$oop_ssse3:: +$L$oop_ssse3: ror ebx,2 pshufd xmm4,xmm0,238 xor esi,edx movdqa xmm8,xmm3 paddd xmm9,xmm3 mov edi,eax - add ebp,DWORD PTR[rsp] + add ebp,DWORD[rsp] punpcklqdq xmm4,xmm1 xor ebx,ecx rol eax,5 @@ -1332,11 +1335,11 @@ $L$oop_ssse3:: pxor xmm8,xmm2 xor edi,ecx mov esi,ebp - add edx,DWORD PTR[4+rsp] + add edx,DWORD[4+rsp] pxor xmm4,xmm8 xor eax,ebx rol ebp,5 - movdqa XMMWORD PTR[48+rsp],xmm9 + movdqa XMMWORD[48+rsp],xmm9 add edx,edi and esi,eax movdqa xmm10,xmm4 @@ -1348,7 +1351,7 @@ $L$oop_ssse3:: pslldq xmm10,12 paddd xmm4,xmm4 mov edi,edx - add ecx,DWORD PTR[8+rsp] + add ecx,DWORD[8+rsp] psrld xmm8,31 xor ebp,eax rol edx,5 @@ -1362,11 +1365,11 @@ $L$oop_ssse3:: por xmm4,xmm8 xor edi,eax mov esi,ecx - add ebx,DWORD PTR[12+rsp] + add ebx,DWORD[12+rsp] pslld xmm9,2 pxor xmm4,xmm10 xor edx,ebp - movdqa xmm10,XMMWORD PTR[((-64))+r11] + movdqa xmm10,XMMWORD[((-64))+r11] rol ecx,5 add ebx,edi and esi,edx @@ -1379,7 +1382,7 @@ $L$oop_ssse3:: movdqa xmm9,xmm4 paddd xmm10,xmm4 mov edi,ebx - add eax,DWORD PTR[16+rsp] + add eax,DWORD[16+rsp] punpcklqdq xmm5,xmm2 xor ecx,edx rol ebx,5 @@ -1393,11 +1396,11 @@ $L$oop_ssse3:: pxor xmm9,xmm3 xor edi,edx mov esi,eax - add ebp,DWORD PTR[20+rsp] + add ebp,DWORD[20+rsp] pxor xmm5,xmm9 xor ebx,ecx rol eax,5 - movdqa XMMWORD PTR[rsp],xmm10 + movdqa XMMWORD[rsp],xmm10 add ebp,edi and esi,ebx movdqa xmm8,xmm5 @@ -1409,7 +1412,7 @@ $L$oop_ssse3:: pslldq xmm8,12 paddd xmm5,xmm5 mov edi,ebp - add edx,DWORD PTR[24+rsp] + add edx,DWORD[24+rsp] psrld xmm9,31 xor eax,ebx rol ebp,5 @@ -1423,11 +1426,11 @@ $L$oop_ssse3:: por xmm5,xmm9 xor edi,ebx mov esi,edx - add ecx,DWORD PTR[28+rsp] + add ecx,DWORD[28+rsp] pslld xmm10,2 pxor xmm5,xmm8 xor ebp,eax - movdqa xmm8,XMMWORD PTR[((-32))+r11] + movdqa xmm8,XMMWORD[((-32))+r11] rol edx,5 add ecx,edi and esi,ebp @@ -1440,7 +1443,7 @@ $L$oop_ssse3:: movdqa xmm10,xmm5 paddd xmm8,xmm5 mov edi,ecx - add ebx,DWORD PTR[32+rsp] + add ebx,DWORD[32+rsp] punpcklqdq xmm6,xmm3 xor edx,ebp rol ecx,5 @@ -1454,11 +1457,11 @@ $L$oop_ssse3:: pxor xmm10,xmm4 xor edi,ebp mov esi,ebx - add eax,DWORD PTR[36+rsp] + add eax,DWORD[36+rsp] pxor xmm6,xmm10 xor ecx,edx rol ebx,5 - movdqa XMMWORD PTR[16+rsp],xmm8 + movdqa XMMWORD[16+rsp],xmm8 add eax,edi and esi,ecx movdqa xmm9,xmm6 @@ -1470,7 +1473,7 @@ $L$oop_ssse3:: pslldq xmm9,12 paddd xmm6,xmm6 mov edi,eax - add ebp,DWORD PTR[40+rsp] + add ebp,DWORD[40+rsp] psrld xmm10,31 xor ebx,ecx rol eax,5 @@ -1484,11 +1487,11 @@ $L$oop_ssse3:: por xmm6,xmm10 xor edi,ecx mov esi,ebp - add edx,DWORD PTR[44+rsp] + add edx,DWORD[44+rsp] pslld xmm8,2 pxor xmm6,xmm9 xor eax,ebx - movdqa xmm9,XMMWORD PTR[((-32))+r11] + movdqa xmm9,XMMWORD[((-32))+r11] rol ebp,5 add edx,edi and esi,eax @@ -1501,7 +1504,7 @@ $L$oop_ssse3:: movdqa xmm8,xmm6 paddd xmm9,xmm6 mov edi,edx - add ecx,DWORD PTR[48+rsp] + add ecx,DWORD[48+rsp] punpcklqdq xmm7,xmm4 xor ebp,eax rol edx,5 @@ -1515,11 +1518,11 @@ $L$oop_ssse3:: pxor xmm8,xmm5 xor edi,eax mov esi,ecx - add ebx,DWORD PTR[52+rsp] + add ebx,DWORD[52+rsp] pxor xmm7,xmm8 xor edx,ebp rol ecx,5 - movdqa XMMWORD PTR[32+rsp],xmm9 + movdqa XMMWORD[32+rsp],xmm9 add ebx,edi and esi,edx movdqa xmm10,xmm7 @@ -1531,7 +1534,7 @@ $L$oop_ssse3:: pslldq xmm10,12 paddd xmm7,xmm7 mov edi,ebx - add eax,DWORD PTR[56+rsp] + add eax,DWORD[56+rsp] psrld xmm8,31 xor ecx,edx rol ebx,5 @@ -1545,11 +1548,11 @@ $L$oop_ssse3:: por xmm7,xmm8 xor edi,edx mov esi,eax - add ebp,DWORD PTR[60+rsp] + add ebp,DWORD[60+rsp] pslld xmm9,2 pxor xmm7,xmm10 xor ebx,ecx - movdqa xmm10,XMMWORD PTR[((-32))+r11] + movdqa xmm10,XMMWORD[((-32))+r11] rol eax,5 add ebp,edi and esi,ebx @@ -1561,7 +1564,7 @@ $L$oop_ssse3:: pxor xmm0,xmm4 xor esi,ecx mov edi,ebp - add edx,DWORD PTR[rsp] + add edx,DWORD[rsp] punpcklqdq xmm9,xmm7 xor eax,ebx rol ebp,5 @@ -1576,11 +1579,11 @@ $L$oop_ssse3:: ror ebp,7 xor edi,ebx mov esi,edx - add ecx,DWORD PTR[4+rsp] + add ecx,DWORD[4+rsp] movdqa xmm9,xmm0 xor ebp,eax rol edx,5 - movdqa XMMWORD PTR[48+rsp],xmm10 + movdqa XMMWORD[48+rsp],xmm10 add ecx,edi and esi,ebp xor ebp,eax @@ -1590,7 +1593,7 @@ $L$oop_ssse3:: psrld xmm9,30 xor esi,eax mov edi,ecx - add ebx,DWORD PTR[8+rsp] + add ebx,DWORD[8+rsp] por xmm0,xmm9 xor edx,ebp rol ecx,5 @@ -1599,7 +1602,7 @@ $L$oop_ssse3:: and edi,edx xor edx,ebp add ebx,ecx - add eax,DWORD PTR[12+rsp] + add eax,DWORD[12+rsp] xor edi,ebp mov esi,ebx rol ebx,5 @@ -1608,7 +1611,7 @@ $L$oop_ssse3:: ror ecx,7 add eax,ebx pxor xmm1,xmm5 - add ebp,DWORD PTR[16+rsp] + add ebp,DWORD[16+rsp] xor esi,ecx punpcklqdq xmm10,xmm0 mov edi,eax @@ -1621,17 +1624,17 @@ $L$oop_ssse3:: paddd xmm8,xmm0 add ebp,eax pxor xmm1,xmm10 - add edx,DWORD PTR[20+rsp] + add edx,DWORD[20+rsp] xor edi,ebx mov esi,ebp rol ebp,5 movdqa xmm10,xmm1 add edx,edi xor esi,ebx - movdqa XMMWORD PTR[rsp],xmm8 + movdqa XMMWORD[rsp],xmm8 ror eax,7 add edx,ebp - add ecx,DWORD PTR[24+rsp] + add ecx,DWORD[24+rsp] pslld xmm1,2 xor esi,eax mov edi,edx @@ -1642,7 +1645,7 @@ $L$oop_ssse3:: ror ebp,7 por xmm1,xmm10 add ecx,edx - add ebx,DWORD PTR[28+rsp] + add ebx,DWORD[28+rsp] pshufd xmm8,xmm0,238 xor edi,ebp mov esi,ecx @@ -1652,7 +1655,7 @@ $L$oop_ssse3:: ror edx,7 add ebx,ecx pxor xmm2,xmm6 - add eax,DWORD PTR[32+rsp] + add eax,DWORD[32+rsp] xor esi,edx punpcklqdq xmm8,xmm1 mov edi,ebx @@ -1660,22 +1663,22 @@ $L$oop_ssse3:: pxor xmm2,xmm3 add eax,esi xor edi,edx - movdqa xmm10,XMMWORD PTR[r11] + movdqa xmm10,XMMWORD[r11] ror ecx,7 paddd xmm9,xmm1 add eax,ebx pxor xmm2,xmm8 - add ebp,DWORD PTR[36+rsp] + add ebp,DWORD[36+rsp] xor edi,ecx mov esi,eax rol eax,5 movdqa xmm8,xmm2 add ebp,edi xor esi,ecx - movdqa XMMWORD PTR[16+rsp],xmm9 + movdqa XMMWORD[16+rsp],xmm9 ror ebx,7 add ebp,eax - add edx,DWORD PTR[40+rsp] + add edx,DWORD[40+rsp] pslld xmm2,2 xor esi,ebx mov edi,ebp @@ -1686,7 +1689,7 @@ $L$oop_ssse3:: ror eax,7 por xmm2,xmm8 add edx,ebp - add ecx,DWORD PTR[44+rsp] + add ecx,DWORD[44+rsp] pshufd xmm9,xmm1,238 xor edi,eax mov esi,edx @@ -1696,7 +1699,7 @@ $L$oop_ssse3:: ror ebp,7 add ecx,edx pxor xmm3,xmm7 - add ebx,DWORD PTR[48+rsp] + add ebx,DWORD[48+rsp] xor esi,ebp punpcklqdq xmm9,xmm2 mov edi,ecx @@ -1709,17 +1712,17 @@ $L$oop_ssse3:: paddd xmm10,xmm2 add ebx,ecx pxor xmm3,xmm9 - add eax,DWORD PTR[52+rsp] + add eax,DWORD[52+rsp] xor edi,edx mov esi,ebx rol ebx,5 movdqa xmm9,xmm3 add eax,edi xor esi,edx - movdqa XMMWORD PTR[32+rsp],xmm10 + movdqa XMMWORD[32+rsp],xmm10 ror ecx,7 add eax,ebx - add ebp,DWORD PTR[56+rsp] + add ebp,DWORD[56+rsp] pslld xmm3,2 xor esi,ecx mov edi,eax @@ -1730,7 +1733,7 @@ $L$oop_ssse3:: ror ebx,7 por xmm3,xmm9 add ebp,eax - add edx,DWORD PTR[60+rsp] + add edx,DWORD[60+rsp] pshufd xmm10,xmm2,238 xor edi,ebx mov esi,ebp @@ -1740,7 +1743,7 @@ $L$oop_ssse3:: ror eax,7 add edx,ebp pxor xmm4,xmm0 - add ecx,DWORD PTR[rsp] + add ecx,DWORD[rsp] xor esi,eax punpcklqdq xmm10,xmm3 mov edi,edx @@ -1753,17 +1756,17 @@ $L$oop_ssse3:: paddd xmm8,xmm3 add ecx,edx pxor xmm4,xmm10 - add ebx,DWORD PTR[4+rsp] + add ebx,DWORD[4+rsp] xor edi,ebp mov esi,ecx rol ecx,5 movdqa xmm10,xmm4 add ebx,edi xor esi,ebp - movdqa XMMWORD PTR[48+rsp],xmm8 + movdqa XMMWORD[48+rsp],xmm8 ror edx,7 add ebx,ecx - add eax,DWORD PTR[8+rsp] + add eax,DWORD[8+rsp] pslld xmm4,2 xor esi,edx mov edi,ebx @@ -1774,7 +1777,7 @@ $L$oop_ssse3:: ror ecx,7 por xmm4,xmm10 add eax,ebx - add ebp,DWORD PTR[12+rsp] + add ebp,DWORD[12+rsp] pshufd xmm8,xmm3,238 xor edi,ecx mov esi,eax @@ -1784,7 +1787,7 @@ $L$oop_ssse3:: ror ebx,7 add ebp,eax pxor xmm5,xmm1 - add edx,DWORD PTR[16+rsp] + add edx,DWORD[16+rsp] xor esi,ebx punpcklqdq xmm8,xmm4 mov edi,ebp @@ -1797,17 +1800,17 @@ $L$oop_ssse3:: paddd xmm9,xmm4 add edx,ebp pxor xmm5,xmm8 - add ecx,DWORD PTR[20+rsp] + add ecx,DWORD[20+rsp] xor edi,eax mov esi,edx rol edx,5 movdqa xmm8,xmm5 add ecx,edi xor esi,eax - movdqa XMMWORD PTR[rsp],xmm9 + movdqa XMMWORD[rsp],xmm9 ror ebp,7 add ecx,edx - add ebx,DWORD PTR[24+rsp] + add ebx,DWORD[24+rsp] pslld xmm5,2 xor esi,ebp mov edi,ecx @@ -1818,7 +1821,7 @@ $L$oop_ssse3:: ror edx,7 por xmm5,xmm8 add ebx,ecx - add eax,DWORD PTR[28+rsp] + add eax,DWORD[28+rsp] pshufd xmm9,xmm4,238 ror ecx,7 mov esi,ebx @@ -1829,7 +1832,7 @@ $L$oop_ssse3:: xor ecx,edx add eax,ebx pxor xmm6,xmm2 - add ebp,DWORD PTR[32+rsp] + add ebp,DWORD[32+rsp] and esi,ecx xor ecx,edx ror ebx,7 @@ -1845,14 +1848,14 @@ $L$oop_ssse3:: xor ebx,ecx pxor xmm6,xmm9 add ebp,eax - add edx,DWORD PTR[36+rsp] + add edx,DWORD[36+rsp] and edi,ebx xor ebx,ecx ror eax,7 movdqa xmm9,xmm6 mov esi,ebp xor edi,ebx - movdqa XMMWORD PTR[16+rsp],xmm10 + movdqa XMMWORD[16+rsp],xmm10 rol ebp,5 add edx,edi xor esi,eax @@ -1860,7 +1863,7 @@ $L$oop_ssse3:: xor eax,ebx add edx,ebp psrld xmm9,30 - add ecx,DWORD PTR[40+rsp] + add ecx,DWORD[40+rsp] and esi,eax xor eax,ebx por xmm6,xmm9 @@ -1873,7 +1876,7 @@ $L$oop_ssse3:: xor edi,ebp xor ebp,eax add ecx,edx - add ebx,DWORD PTR[44+rsp] + add ebx,DWORD[44+rsp] and edi,ebp xor ebp,eax ror edx,7 @@ -1885,7 +1888,7 @@ $L$oop_ssse3:: xor edx,ebp add ebx,ecx pxor xmm7,xmm3 - add eax,DWORD PTR[48+rsp] + add eax,DWORD[48+rsp] and esi,edx xor edx,ebp ror ecx,7 @@ -1895,20 +1898,20 @@ $L$oop_ssse3:: pxor xmm7,xmm0 rol ebx,5 add eax,esi - movdqa xmm9,XMMWORD PTR[32+r11] + movdqa xmm9,XMMWORD[32+r11] xor edi,ecx paddd xmm8,xmm6 xor ecx,edx pxor xmm7,xmm10 add eax,ebx - add ebp,DWORD PTR[52+rsp] + add ebp,DWORD[52+rsp] and edi,ecx xor ecx,edx ror ebx,7 movdqa xmm10,xmm7 mov esi,eax xor edi,ecx - movdqa XMMWORD PTR[32+rsp],xmm8 + movdqa XMMWORD[32+rsp],xmm8 rol eax,5 add ebp,edi xor esi,ebx @@ -1916,7 +1919,7 @@ $L$oop_ssse3:: xor ebx,ecx add ebp,eax psrld xmm10,30 - add edx,DWORD PTR[56+rsp] + add edx,DWORD[56+rsp] and esi,ebx xor ebx,ecx por xmm7,xmm10 @@ -1929,7 +1932,7 @@ $L$oop_ssse3:: xor edi,eax xor eax,ebx add edx,ebp - add ecx,DWORD PTR[60+rsp] + add ecx,DWORD[60+rsp] and edi,eax xor eax,ebx ror ebp,7 @@ -1941,7 +1944,7 @@ $L$oop_ssse3:: xor ebp,eax add ecx,edx pxor xmm0,xmm4 - add ebx,DWORD PTR[rsp] + add ebx,DWORD[rsp] and esi,ebp xor ebp,eax ror edx,7 @@ -1957,14 +1960,14 @@ $L$oop_ssse3:: xor edx,ebp pxor xmm0,xmm8 add ebx,ecx - add eax,DWORD PTR[4+rsp] + add eax,DWORD[4+rsp] and edi,edx xor edx,ebp ror ecx,7 movdqa xmm8,xmm0 mov esi,ebx xor edi,edx - movdqa XMMWORD PTR[48+rsp],xmm9 + movdqa XMMWORD[48+rsp],xmm9 rol ebx,5 add eax,edi xor esi,ecx @@ -1972,7 +1975,7 @@ $L$oop_ssse3:: xor ecx,edx add eax,ebx psrld xmm8,30 - add ebp,DWORD PTR[8+rsp] + add ebp,DWORD[8+rsp] and esi,ecx xor ecx,edx por xmm0,xmm8 @@ -1985,7 +1988,7 @@ $L$oop_ssse3:: xor edi,ebx xor ebx,ecx add ebp,eax - add edx,DWORD PTR[12+rsp] + add edx,DWORD[12+rsp] and edi,ebx xor ebx,ecx ror eax,7 @@ -1997,7 +2000,7 @@ $L$oop_ssse3:: xor eax,ebx add edx,ebp pxor xmm1,xmm5 - add ecx,DWORD PTR[16+rsp] + add ecx,DWORD[16+rsp] and esi,eax xor eax,ebx ror ebp,7 @@ -2013,14 +2016,14 @@ $L$oop_ssse3:: xor ebp,eax pxor xmm1,xmm9 add ecx,edx - add ebx,DWORD PTR[20+rsp] + add ebx,DWORD[20+rsp] and edi,ebp xor ebp,eax ror edx,7 movdqa xmm9,xmm1 mov esi,ecx xor edi,ebp - movdqa XMMWORD PTR[rsp],xmm10 + movdqa XMMWORD[rsp],xmm10 rol ecx,5 add ebx,edi xor esi,edx @@ -2028,7 +2031,7 @@ $L$oop_ssse3:: xor edx,ebp add ebx,ecx psrld xmm9,30 - add eax,DWORD PTR[24+rsp] + add eax,DWORD[24+rsp] and esi,edx xor edx,ebp por xmm1,xmm9 @@ -2041,7 +2044,7 @@ $L$oop_ssse3:: xor edi,ecx xor ecx,edx add eax,ebx - add ebp,DWORD PTR[28+rsp] + add ebp,DWORD[28+rsp] and edi,ecx xor ecx,edx ror ebx,7 @@ -2053,7 +2056,7 @@ $L$oop_ssse3:: xor ebx,ecx add ebp,eax pxor xmm2,xmm6 - add edx,DWORD PTR[32+rsp] + add edx,DWORD[32+rsp] and esi,ebx xor ebx,ecx ror eax,7 @@ -2069,14 +2072,14 @@ $L$oop_ssse3:: xor eax,ebx pxor xmm2,xmm10 add edx,ebp - add ecx,DWORD PTR[36+rsp] + add ecx,DWORD[36+rsp] and edi,eax xor eax,ebx ror ebp,7 movdqa xmm10,xmm2 mov esi,edx xor edi,eax - movdqa XMMWORD PTR[16+rsp],xmm8 + movdqa XMMWORD[16+rsp],xmm8 rol edx,5 add ecx,edi xor esi,ebp @@ -2084,7 +2087,7 @@ $L$oop_ssse3:: xor ebp,eax add ecx,edx psrld xmm10,30 - add ebx,DWORD PTR[40+rsp] + add ebx,DWORD[40+rsp] and esi,ebp xor ebp,eax por xmm2,xmm10 @@ -2097,7 +2100,7 @@ $L$oop_ssse3:: xor edi,edx xor edx,ebp add ebx,ecx - add eax,DWORD PTR[44+rsp] + add eax,DWORD[44+rsp] and edi,edx xor edx,ebp ror ecx,7 @@ -2108,7 +2111,7 @@ $L$oop_ssse3:: xor esi,edx add eax,ebx pxor xmm3,xmm7 - add ebp,DWORD PTR[48+rsp] + add ebp,DWORD[48+rsp] xor esi,ecx punpcklqdq xmm8,xmm2 mov edi,eax @@ -2121,17 +2124,17 @@ $L$oop_ssse3:: paddd xmm9,xmm2 add ebp,eax pxor xmm3,xmm8 - add edx,DWORD PTR[52+rsp] + add edx,DWORD[52+rsp] xor edi,ebx mov esi,ebp rol ebp,5 movdqa xmm8,xmm3 add edx,edi xor esi,ebx - movdqa XMMWORD PTR[32+rsp],xmm9 + movdqa XMMWORD[32+rsp],xmm9 ror eax,7 add edx,ebp - add ecx,DWORD PTR[56+rsp] + add ecx,DWORD[56+rsp] pslld xmm3,2 xor esi,eax mov edi,edx @@ -2142,7 +2145,7 @@ $L$oop_ssse3:: ror ebp,7 por xmm3,xmm8 add ecx,edx - add ebx,DWORD PTR[60+rsp] + add ebx,DWORD[60+rsp] xor edi,ebp mov esi,ecx rol ecx,5 @@ -2150,17 +2153,17 @@ $L$oop_ssse3:: xor esi,ebp ror edx,7 add ebx,ecx - add eax,DWORD PTR[rsp] + add eax,DWORD[rsp] xor esi,edx mov edi,ebx rol ebx,5 paddd xmm10,xmm3 add eax,esi xor edi,edx - movdqa XMMWORD PTR[48+rsp],xmm10 + movdqa XMMWORD[48+rsp],xmm10 ror ecx,7 add eax,ebx - add ebp,DWORD PTR[4+rsp] + add ebp,DWORD[4+rsp] xor edi,ecx mov esi,eax rol eax,5 @@ -2168,7 +2171,7 @@ $L$oop_ssse3:: xor esi,ecx ror ebx,7 add ebp,eax - add edx,DWORD PTR[8+rsp] + add edx,DWORD[8+rsp] xor esi,ebx mov edi,ebp rol ebp,5 @@ -2176,7 +2179,7 @@ $L$oop_ssse3:: xor edi,ebx ror eax,7 add edx,ebp - add ecx,DWORD PTR[12+rsp] + add ecx,DWORD[12+rsp] xor edi,eax mov esi,edx rol edx,5 @@ -2185,16 +2188,16 @@ $L$oop_ssse3:: ror ebp,7 add ecx,edx cmp r9,r10 - je $L$done_ssse3 - movdqa xmm6,XMMWORD PTR[64+r11] - movdqa xmm9,XMMWORD PTR[((-64))+r11] - movdqu xmm0,XMMWORD PTR[r9] - movdqu xmm1,XMMWORD PTR[16+r9] - movdqu xmm2,XMMWORD PTR[32+r9] - movdqu xmm3,XMMWORD PTR[48+r9] + je NEAR $L$done_ssse3 + movdqa xmm6,XMMWORD[64+r11] + movdqa xmm9,XMMWORD[((-64))+r11] + movdqu xmm0,XMMWORD[r9] + movdqu xmm1,XMMWORD[16+r9] + movdqu xmm2,XMMWORD[32+r9] + movdqu xmm3,XMMWORD[48+r9] DB 102,15,56,0,198 add r9,64 - add ebx,DWORD PTR[16+rsp] + add ebx,DWORD[16+rsp] xor esi,ebp mov edi,ecx DB 102,15,56,0,206 @@ -2204,17 +2207,17 @@ DB 102,15,56,0,206 ror edx,7 paddd xmm0,xmm9 add ebx,ecx - add eax,DWORD PTR[20+rsp] + add eax,DWORD[20+rsp] xor edi,edx mov esi,ebx - movdqa XMMWORD PTR[rsp],xmm0 + movdqa XMMWORD[rsp],xmm0 rol ebx,5 add eax,edi xor esi,edx ror ecx,7 psubd xmm0,xmm9 add eax,ebx - add ebp,DWORD PTR[24+rsp] + add ebp,DWORD[24+rsp] xor esi,ecx mov edi,eax rol eax,5 @@ -2222,7 +2225,7 @@ DB 102,15,56,0,206 xor edi,ecx ror ebx,7 add ebp,eax - add edx,DWORD PTR[28+rsp] + add edx,DWORD[28+rsp] xor edi,ebx mov esi,ebp rol ebp,5 @@ -2230,7 +2233,7 @@ DB 102,15,56,0,206 xor esi,ebx ror eax,7 add edx,ebp - add ecx,DWORD PTR[32+rsp] + add ecx,DWORD[32+rsp] xor esi,eax mov edi,edx DB 102,15,56,0,214 @@ -2240,17 +2243,17 @@ DB 102,15,56,0,214 ror ebp,7 paddd xmm1,xmm9 add ecx,edx - add ebx,DWORD PTR[36+rsp] + add ebx,DWORD[36+rsp] xor edi,ebp mov esi,ecx - movdqa XMMWORD PTR[16+rsp],xmm1 + movdqa XMMWORD[16+rsp],xmm1 rol ecx,5 add ebx,edi xor esi,ebp ror edx,7 psubd xmm1,xmm9 add ebx,ecx - add eax,DWORD PTR[40+rsp] + add eax,DWORD[40+rsp] xor esi,edx mov edi,ebx rol ebx,5 @@ -2258,7 +2261,7 @@ DB 102,15,56,0,214 xor edi,edx ror ecx,7 add eax,ebx - add ebp,DWORD PTR[44+rsp] + add ebp,DWORD[44+rsp] xor edi,ecx mov esi,eax rol eax,5 @@ -2266,7 +2269,7 @@ DB 102,15,56,0,214 xor esi,ecx ror ebx,7 add ebp,eax - add edx,DWORD PTR[48+rsp] + add edx,DWORD[48+rsp] xor esi,ebx mov edi,ebp DB 102,15,56,0,222 @@ -2276,17 +2279,17 @@ DB 102,15,56,0,222 ror eax,7 paddd xmm2,xmm9 add edx,ebp - add ecx,DWORD PTR[52+rsp] + add ecx,DWORD[52+rsp] xor edi,eax mov esi,edx - movdqa XMMWORD PTR[32+rsp],xmm2 + movdqa XMMWORD[32+rsp],xmm2 rol edx,5 add ecx,edi xor esi,eax ror ebp,7 psubd xmm2,xmm9 add ecx,edx - add ebx,DWORD PTR[56+rsp] + add ebx,DWORD[56+rsp] xor esi,ebp mov edi,ecx rol ecx,5 @@ -2294,32 +2297,32 @@ DB 102,15,56,0,222 xor edi,ebp ror edx,7 add ebx,ecx - add eax,DWORD PTR[60+rsp] + add eax,DWORD[60+rsp] xor edi,edx mov esi,ebx rol ebx,5 add eax,edi ror ecx,7 add eax,ebx - add eax,DWORD PTR[r8] - add esi,DWORD PTR[4+r8] - add ecx,DWORD PTR[8+r8] - add edx,DWORD PTR[12+r8] - mov DWORD PTR[r8],eax - add ebp,DWORD PTR[16+r8] - mov DWORD PTR[4+r8],esi + add eax,DWORD[r8] + add esi,DWORD[4+r8] + add ecx,DWORD[8+r8] + add edx,DWORD[12+r8] + mov DWORD[r8],eax + add ebp,DWORD[16+r8] + mov DWORD[4+r8],esi mov ebx,esi - mov DWORD PTR[8+r8],ecx + mov DWORD[8+r8],ecx mov edi,ecx - mov DWORD PTR[12+r8],edx + mov DWORD[12+r8],edx xor edi,edx - mov DWORD PTR[16+r8],ebp + mov DWORD[16+r8],ebp and esi,edi - jmp $L$oop_ssse3 + jmp NEAR $L$oop_ssse3 ALIGN 16 -$L$done_ssse3:: - add ebx,DWORD PTR[16+rsp] +$L$done_ssse3: + add ebx,DWORD[16+rsp] xor esi,ebp mov edi,ecx rol ecx,5 @@ -2327,7 +2330,7 @@ $L$done_ssse3:: xor edi,ebp ror edx,7 add ebx,ecx - add eax,DWORD PTR[20+rsp] + add eax,DWORD[20+rsp] xor edi,edx mov esi,ebx rol ebx,5 @@ -2335,7 +2338,7 @@ $L$done_ssse3:: xor esi,edx ror ecx,7 add eax,ebx - add ebp,DWORD PTR[24+rsp] + add ebp,DWORD[24+rsp] xor esi,ecx mov edi,eax rol eax,5 @@ -2343,7 +2346,7 @@ $L$done_ssse3:: xor edi,ecx ror ebx,7 add ebp,eax - add edx,DWORD PTR[28+rsp] + add edx,DWORD[28+rsp] xor edi,ebx mov esi,ebp rol ebp,5 @@ -2351,7 +2354,7 @@ $L$done_ssse3:: xor esi,ebx ror eax,7 add edx,ebp - add ecx,DWORD PTR[32+rsp] + add ecx,DWORD[32+rsp] xor esi,eax mov edi,edx rol edx,5 @@ -2359,7 +2362,7 @@ $L$done_ssse3:: xor edi,eax ror ebp,7 add ecx,edx - add ebx,DWORD PTR[36+rsp] + add ebx,DWORD[36+rsp] xor edi,ebp mov esi,ecx rol ecx,5 @@ -2367,7 +2370,7 @@ $L$done_ssse3:: xor esi,ebp ror edx,7 add ebx,ecx - add eax,DWORD PTR[40+rsp] + add eax,DWORD[40+rsp] xor esi,edx mov edi,ebx rol ebx,5 @@ -2375,7 +2378,7 @@ $L$done_ssse3:: xor edi,edx ror ecx,7 add eax,ebx - add ebp,DWORD PTR[44+rsp] + add ebp,DWORD[44+rsp] xor edi,ecx mov esi,eax rol eax,5 @@ -2383,7 +2386,7 @@ $L$done_ssse3:: xor esi,ecx ror ebx,7 add ebp,eax - add edx,DWORD PTR[48+rsp] + add edx,DWORD[48+rsp] xor esi,ebx mov edi,ebp rol ebp,5 @@ -2391,7 +2394,7 @@ $L$done_ssse3:: xor edi,ebx ror eax,7 add edx,ebp - add ecx,DWORD PTR[52+rsp] + add ecx,DWORD[52+rsp] xor edi,eax mov esi,edx rol edx,5 @@ -2399,7 +2402,7 @@ $L$done_ssse3:: xor esi,eax ror ebp,7 add ecx,edx - add ebx,DWORD PTR[56+rsp] + add ebx,DWORD[56+rsp] xor esi,ebp mov edi,ecx rol ecx,5 @@ -2407,65 +2410,64 @@ $L$done_ssse3:: xor edi,ebp ror edx,7 add ebx,ecx - add eax,DWORD PTR[60+rsp] + add eax,DWORD[60+rsp] xor edi,edx mov esi,ebx rol ebx,5 add eax,edi ror ecx,7 add eax,ebx - add eax,DWORD PTR[r8] - add esi,DWORD PTR[4+r8] - add ecx,DWORD PTR[8+r8] - mov DWORD PTR[r8],eax - add edx,DWORD PTR[12+r8] - mov DWORD PTR[4+r8],esi - add ebp,DWORD PTR[16+r8] - mov DWORD PTR[8+r8],ecx - mov DWORD PTR[12+r8],edx - mov DWORD PTR[16+r8],ebp - movaps xmm6,XMMWORD PTR[((-40-96))+r14] - movaps xmm7,XMMWORD PTR[((-40-80))+r14] - movaps xmm8,XMMWORD PTR[((-40-64))+r14] - movaps xmm9,XMMWORD PTR[((-40-48))+r14] - movaps xmm10,XMMWORD PTR[((-40-32))+r14] - movaps xmm11,XMMWORD PTR[((-40-16))+r14] - lea rsi,QWORD PTR[r14] - mov r14,QWORD PTR[((-40))+rsi] - mov r13,QWORD PTR[((-32))+rsi] - mov r12,QWORD PTR[((-24))+rsi] - mov rbp,QWORD PTR[((-16))+rsi] - mov rbx,QWORD PTR[((-8))+rsi] - lea rsp,QWORD PTR[rsi] -$L$epilogue_ssse3:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] + add eax,DWORD[r8] + add esi,DWORD[4+r8] + add ecx,DWORD[8+r8] + mov DWORD[r8],eax + add edx,DWORD[12+r8] + mov DWORD[4+r8],esi + add ebp,DWORD[16+r8] + mov DWORD[8+r8],ecx + mov DWORD[12+r8],edx + mov DWORD[16+r8],ebp + movaps xmm6,XMMWORD[((-40-96))+r14] + movaps xmm7,XMMWORD[((-40-80))+r14] + movaps xmm8,XMMWORD[((-40-64))+r14] + movaps xmm9,XMMWORD[((-40-48))+r14] + movaps xmm10,XMMWORD[((-40-32))+r14] + movaps xmm11,XMMWORD[((-40-16))+r14] + lea rsi,[r14] + mov r14,QWORD[((-40))+rsi] + mov r13,QWORD[((-32))+rsi] + mov r12,QWORD[((-24))+rsi] + mov rbp,QWORD[((-16))+rsi] + mov rbx,QWORD[((-8))+rsi] + lea rsp,[rsi] +$L$epilogue_ssse3: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_sha1_block_data_order_ssse3:: -sha1_block_data_order_ssse3 ENDP +$L$SEH_end_sha1_block_data_order_ssse3: ALIGN 64 -K_XX_XX:: - DD 05a827999h,05a827999h,05a827999h,05a827999h - DD 05a827999h,05a827999h,05a827999h,05a827999h - DD 06ed9eba1h,06ed9eba1h,06ed9eba1h,06ed9eba1h - DD 06ed9eba1h,06ed9eba1h,06ed9eba1h,06ed9eba1h - DD 08f1bbcdch,08f1bbcdch,08f1bbcdch,08f1bbcdch - DD 08f1bbcdch,08f1bbcdch,08f1bbcdch,08f1bbcdch - DD 0ca62c1d6h,0ca62c1d6h,0ca62c1d6h,0ca62c1d6h - DD 0ca62c1d6h,0ca62c1d6h,0ca62c1d6h,0ca62c1d6h - DD 000010203h,004050607h,008090a0bh,00c0d0e0fh - DD 000010203h,004050607h,008090a0bh,00c0d0e0fh -DB 0fh,0eh,0dh,0ch,0bh,0ah,09h,08h,07h,06h,05h,04h,03h,02h,01h,00h +K_XX_XX: + DD 0x5a827999,0x5a827999,0x5a827999,0x5a827999 + DD 0x5a827999,0x5a827999,0x5a827999,0x5a827999 + DD 0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1 + DD 0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1 + DD 0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc + DD 0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc + DD 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 + DD 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 + DD 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f + DD 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f +DB 0xf,0xe,0xd,0xc,0xb,0xa,0x9,0x8,0x7,0x6,0x5,0x4,0x3,0x2,0x1,0x0 DB 83,72,65,49,32,98,108,111,99,107,32,116,114,97,110,115 DB 102,111,114,109,32,102,111,114,32,120,56,54,95,54,52,44 DB 32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60 DB 97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114 DB 103,62,0 ALIGN 64 -EXTERN __imp_RtlVirtualUnwind:NEAR +EXTERN __imp_RtlVirtualUnwind ALIGN 16 -se_handler PROC PRIVATE +se_handler: push rsi push rdi push rbx @@ -2477,37 +2479,37 @@ se_handler PROC PRIVATE pushfq sub rsp,64 - mov rax,QWORD PTR[120+r8] - mov rbx,QWORD PTR[248+r8] + mov rax,QWORD[120+r8] + mov rbx,QWORD[248+r8] - lea r10,QWORD PTR[$L$prologue] + lea r10,[$L$prologue] cmp rbx,r10 - jb $L$common_seh_tail + jb NEAR $L$common_seh_tail - mov rax,QWORD PTR[152+r8] + mov rax,QWORD[152+r8] - lea r10,QWORD PTR[$L$epilogue] + lea r10,[$L$epilogue] cmp rbx,r10 - jae $L$common_seh_tail + jae NEAR $L$common_seh_tail + + mov rax,QWORD[64+rax] - mov rax,QWORD PTR[64+rax] + mov rbx,QWORD[((-8))+rax] + mov rbp,QWORD[((-16))+rax] + mov r12,QWORD[((-24))+rax] + mov r13,QWORD[((-32))+rax] + mov r14,QWORD[((-40))+rax] + mov QWORD[144+r8],rbx + mov QWORD[160+r8],rbp + mov QWORD[216+r8],r12 + mov QWORD[224+r8],r13 + mov QWORD[232+r8],r14 - mov rbx,QWORD PTR[((-8))+rax] - mov rbp,QWORD PTR[((-16))+rax] - mov r12,QWORD PTR[((-24))+rax] - mov r13,QWORD PTR[((-32))+rax] - mov r14,QWORD PTR[((-40))+rax] - mov QWORD PTR[144+r8],rbx - mov QWORD PTR[160+r8],rbp - mov QWORD PTR[216+r8],r12 - mov QWORD PTR[224+r8],r13 - mov QWORD PTR[232+r8],r14 + jmp NEAR $L$common_seh_tail - jmp $L$common_seh_tail -se_handler ENDP ALIGN 16 -ssse3_handler PROC PRIVATE +ssse3_handler: push rsi push rdi push rbx @@ -2519,67 +2521,67 @@ ssse3_handler PROC PRIVATE pushfq sub rsp,64 - mov rax,QWORD PTR[120+r8] - mov rbx,QWORD PTR[248+r8] + mov rax,QWORD[120+r8] + mov rbx,QWORD[248+r8] - mov rsi,QWORD PTR[8+r9] - mov r11,QWORD PTR[56+r9] + mov rsi,QWORD[8+r9] + mov r11,QWORD[56+r9] - mov r10d,DWORD PTR[r11] - lea r10,QWORD PTR[r10*1+rsi] + mov r10d,DWORD[r11] + lea r10,[r10*1+rsi] cmp rbx,r10 - jb $L$common_seh_tail + jb NEAR $L$common_seh_tail - mov rax,QWORD PTR[152+r8] + mov rax,QWORD[152+r8] - mov r10d,DWORD PTR[4+r11] - lea r10,QWORD PTR[r10*1+rsi] + mov r10d,DWORD[4+r11] + lea r10,[r10*1+rsi] cmp rbx,r10 - jae $L$common_seh_tail + jae NEAR $L$common_seh_tail - mov rax,QWORD PTR[232+r8] + mov rax,QWORD[232+r8] - lea rsi,QWORD PTR[((-40-96))+rax] - lea rdi,QWORD PTR[512+r8] + lea rsi,[((-40-96))+rax] + lea rdi,[512+r8] mov ecx,12 - DD 0a548f3fch + DD 0xa548f3fc - mov rbx,QWORD PTR[((-8))+rax] - mov rbp,QWORD PTR[((-16))+rax] - mov r12,QWORD PTR[((-24))+rax] - mov r13,QWORD PTR[((-32))+rax] - mov r14,QWORD PTR[((-40))+rax] - mov QWORD PTR[144+r8],rbx - mov QWORD PTR[160+r8],rbp - mov QWORD PTR[216+r8],r12 - mov QWORD PTR[224+r8],r13 - mov QWORD PTR[232+r8],r14 + mov rbx,QWORD[((-8))+rax] + mov rbp,QWORD[((-16))+rax] + mov r12,QWORD[((-24))+rax] + mov r13,QWORD[((-32))+rax] + mov r14,QWORD[((-40))+rax] + mov QWORD[144+r8],rbx + mov QWORD[160+r8],rbp + mov QWORD[216+r8],r12 + mov QWORD[224+r8],r13 + mov QWORD[232+r8],r14 -$L$common_seh_tail:: - mov rdi,QWORD PTR[8+rax] - mov rsi,QWORD PTR[16+rax] - mov QWORD PTR[152+r8],rax - mov QWORD PTR[168+r8],rsi - mov QWORD PTR[176+r8],rdi +$L$common_seh_tail: + mov rdi,QWORD[8+rax] + mov rsi,QWORD[16+rax] + mov QWORD[152+r8],rax + mov QWORD[168+r8],rsi + mov QWORD[176+r8],rdi - mov rdi,QWORD PTR[40+r9] + mov rdi,QWORD[40+r9] mov rsi,r8 mov ecx,154 - DD 0a548f3fch + DD 0xa548f3fc mov rsi,r9 xor rcx,rcx - mov rdx,QWORD PTR[8+rsi] - mov r8,QWORD PTR[rsi] - mov r9,QWORD PTR[16+rsi] - mov r10,QWORD PTR[40+rsi] - lea r11,QWORD PTR[56+rsi] - lea r12,QWORD PTR[24+rsi] - mov QWORD PTR[32+rsp],r10 - mov QWORD PTR[40+rsp],r11 - mov QWORD PTR[48+rsp],r12 - mov QWORD PTR[56+rsp],rcx - call QWORD PTR[__imp_RtlVirtualUnwind] + mov rdx,QWORD[8+rsi] + mov r8,QWORD[rsi] + mov r9,QWORD[16+rsi] + mov r10,QWORD[40+rsi] + lea r11,[56+rsi] + lea r12,[24+rsi] + mov QWORD[32+rsp],r10 + mov QWORD[40+rsp],r11 + mov QWORD[48+rsp],r12 + mov QWORD[56+rsp],rcx + call QWORD[__imp_RtlVirtualUnwind] mov eax,1 add rsp,64 @@ -2593,27 +2595,22 @@ $L$common_seh_tail:: pop rdi pop rsi DB 0F3h,0C3h ;repret -ssse3_handler ENDP -.text$ ENDS -.pdata SEGMENT READONLY ALIGN(4) + +section .pdata rdata align=4 ALIGN 4 - DD imagerel $L$SEH_begin_sha1_block_data_order - DD imagerel $L$SEH_end_sha1_block_data_order - DD imagerel $L$SEH_info_sha1_block_data_order - DD imagerel $L$SEH_begin_sha1_block_data_order_ssse3 - DD imagerel $L$SEH_end_sha1_block_data_order_ssse3 - DD imagerel $L$SEH_info_sha1_block_data_order_ssse3 -.pdata ENDS -.xdata SEGMENT READONLY ALIGN(8) + DD $L$SEH_begin_sha1_block_data_order wrt ..imagebase + DD $L$SEH_end_sha1_block_data_order wrt ..imagebase + DD $L$SEH_info_sha1_block_data_order wrt ..imagebase + DD $L$SEH_begin_sha1_block_data_order_ssse3 wrt ..imagebase + DD $L$SEH_end_sha1_block_data_order_ssse3 wrt ..imagebase + DD $L$SEH_info_sha1_block_data_order_ssse3 wrt ..imagebase +section .xdata rdata align=8 ALIGN 8 -$L$SEH_info_sha1_block_data_order:: +$L$SEH_info_sha1_block_data_order: DB 9,0,0,0 - DD imagerel se_handler -$L$SEH_info_sha1_block_data_order_ssse3:: + DD se_handler wrt ..imagebase +$L$SEH_info_sha1_block_data_order_ssse3: DB 9,0,0,0 - DD imagerel ssse3_handler - DD imagerel $L$prologue_ssse3,imagerel $L$epilogue_ssse3 - -.xdata ENDS -END + DD ssse3_handler wrt ..imagebase + DD $L$prologue_ssse3 wrt ..imagebase,$L$epilogue_ssse3 wrt ..imagebase diff --git a/win-x86_64/crypto/sha/sha256-x86_64.asm b/win-x86_64/crypto/sha/sha256-x86_64.asm index 41f2edd..e6193c5 100644 --- a/win-x86_64/crypto/sha/sha256-x86_64.asm +++ b/win-x86_64/crypto/sha/sha256-x86_64.asm @@ -1,26 +1,30 @@ -OPTION DOTNAME -.text$ SEGMENT ALIGN(256) 'CODE' +default rel +%define XMMWORD +%define YMMWORD +%define ZMMWORD +section .text code align=64 -EXTERN OPENSSL_ia32cap_P:NEAR -PUBLIC sha256_block_data_order + +EXTERN OPENSSL_ia32cap_P +global sha256_block_data_order ALIGN 16 -sha256_block_data_order PROC PUBLIC - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +sha256_block_data_order: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_sha256_block_data_order:: +$L$SEH_begin_sha256_block_data_order: mov rdi,rcx mov rsi,rdx mov rdx,r8 - lea r11,QWORD PTR[OPENSSL_ia32cap_P] - mov r9d,DWORD PTR[r11] - mov r10d,DWORD PTR[4+r11] - mov r11d,DWORD PTR[8+r11] + lea r11,[OPENSSL_ia32cap_P] + mov r9d,DWORD[r11] + mov r10d,DWORD[4+r11] + mov r11d,DWORD[8+r11] test r10d,512 - jnz $L$ssse3_shortcut + jnz NEAR $L$ssse3_shortcut push rbx push rbp push r12 @@ -30,30 +34,30 @@ $L$SEH_begin_sha256_block_data_order:: mov r11,rsp shl rdx,4 sub rsp,16*4+4*8 - lea rdx,QWORD PTR[rdx*4+rsi] + lea rdx,[rdx*4+rsi] and rsp,-64 - mov QWORD PTR[((64+0))+rsp],rdi - mov QWORD PTR[((64+8))+rsp],rsi - mov QWORD PTR[((64+16))+rsp],rdx - mov QWORD PTR[((64+24))+rsp],r11 -$L$prologue:: - - mov eax,DWORD PTR[rdi] - mov ebx,DWORD PTR[4+rdi] - mov ecx,DWORD PTR[8+rdi] - mov edx,DWORD PTR[12+rdi] - mov r8d,DWORD PTR[16+rdi] - mov r9d,DWORD PTR[20+rdi] - mov r10d,DWORD PTR[24+rdi] - mov r11d,DWORD PTR[28+rdi] - jmp $L$loop + mov QWORD[((64+0))+rsp],rdi + mov QWORD[((64+8))+rsp],rsi + mov QWORD[((64+16))+rsp],rdx + mov QWORD[((64+24))+rsp],r11 +$L$prologue: + + mov eax,DWORD[rdi] + mov ebx,DWORD[4+rdi] + mov ecx,DWORD[8+rdi] + mov edx,DWORD[12+rdi] + mov r8d,DWORD[16+rdi] + mov r9d,DWORD[20+rdi] + mov r10d,DWORD[24+rdi] + mov r11d,DWORD[28+rdi] + jmp NEAR $L$loop ALIGN 16 -$L$loop:: +$L$loop: mov edi,ebx - lea rbp,QWORD PTR[K256] + lea rbp,[K256] xor edi,ecx - mov r12d,DWORD PTR[rsi] + mov r12d,DWORD[rsi] mov r13d,r8d mov r14d,eax bswap r12d @@ -64,7 +68,7 @@ $L$loop:: ror r14d,9 xor r15d,r10d - mov DWORD PTR[rsp],r12d + mov DWORD[rsp],r12d xor r14d,eax and r15d,r8d @@ -77,7 +81,7 @@ $L$loop:: add r12d,r15d mov r15d,eax - add r12d,DWORD PTR[rbp] + add r12d,DWORD[rbp] xor r14d,eax xor r15d,ebx @@ -92,9 +96,9 @@ $L$loop:: add edx,r12d add r11d,r12d - lea rbp,QWORD PTR[4+rbp] + lea rbp,[4+rbp] add r11d,r14d - mov r12d,DWORD PTR[4+rsi] + mov r12d,DWORD[4+rsi] mov r13d,edx mov r14d,r11d bswap r12d @@ -105,7 +109,7 @@ $L$loop:: ror r14d,9 xor edi,r9d - mov DWORD PTR[4+rsp],r12d + mov DWORD[4+rsp],r12d xor r14d,r11d and edi,edx @@ -118,7 +122,7 @@ $L$loop:: add r12d,edi mov edi,r11d - add r12d,DWORD PTR[rbp] + add r12d,DWORD[rbp] xor r14d,r11d xor edi,eax @@ -133,9 +137,9 @@ $L$loop:: add ecx,r12d add r10d,r12d - lea rbp,QWORD PTR[4+rbp] + lea rbp,[4+rbp] add r10d,r14d - mov r12d,DWORD PTR[8+rsi] + mov r12d,DWORD[8+rsi] mov r13d,ecx mov r14d,r10d bswap r12d @@ -146,7 +150,7 @@ $L$loop:: ror r14d,9 xor r15d,r8d - mov DWORD PTR[8+rsp],r12d + mov DWORD[8+rsp],r12d xor r14d,r10d and r15d,ecx @@ -159,7 +163,7 @@ $L$loop:: add r12d,r15d mov r15d,r10d - add r12d,DWORD PTR[rbp] + add r12d,DWORD[rbp] xor r14d,r10d xor r15d,r11d @@ -174,9 +178,9 @@ $L$loop:: add ebx,r12d add r9d,r12d - lea rbp,QWORD PTR[4+rbp] + lea rbp,[4+rbp] add r9d,r14d - mov r12d,DWORD PTR[12+rsi] + mov r12d,DWORD[12+rsi] mov r13d,ebx mov r14d,r9d bswap r12d @@ -187,7 +191,7 @@ $L$loop:: ror r14d,9 xor edi,edx - mov DWORD PTR[12+rsp],r12d + mov DWORD[12+rsp],r12d xor r14d,r9d and edi,ebx @@ -200,7 +204,7 @@ $L$loop:: add r12d,edi mov edi,r9d - add r12d,DWORD PTR[rbp] + add r12d,DWORD[rbp] xor r14d,r9d xor edi,r10d @@ -215,9 +219,9 @@ $L$loop:: add eax,r12d add r8d,r12d - lea rbp,QWORD PTR[20+rbp] + lea rbp,[20+rbp] add r8d,r14d - mov r12d,DWORD PTR[16+rsi] + mov r12d,DWORD[16+rsi] mov r13d,eax mov r14d,r8d bswap r12d @@ -228,7 +232,7 @@ $L$loop:: ror r14d,9 xor r15d,ecx - mov DWORD PTR[16+rsp],r12d + mov DWORD[16+rsp],r12d xor r14d,r8d and r15d,eax @@ -241,7 +245,7 @@ $L$loop:: add r12d,r15d mov r15d,r8d - add r12d,DWORD PTR[rbp] + add r12d,DWORD[rbp] xor r14d,r8d xor r15d,r9d @@ -256,9 +260,9 @@ $L$loop:: add r11d,r12d add edx,r12d - lea rbp,QWORD PTR[4+rbp] + lea rbp,[4+rbp] add edx,r14d - mov r12d,DWORD PTR[20+rsi] + mov r12d,DWORD[20+rsi] mov r13d,r11d mov r14d,edx bswap r12d @@ -269,7 +273,7 @@ $L$loop:: ror r14d,9 xor edi,ebx - mov DWORD PTR[20+rsp],r12d + mov DWORD[20+rsp],r12d xor r14d,edx and edi,r11d @@ -282,7 +286,7 @@ $L$loop:: add r12d,edi mov edi,edx - add r12d,DWORD PTR[rbp] + add r12d,DWORD[rbp] xor r14d,edx xor edi,r8d @@ -297,9 +301,9 @@ $L$loop:: add r10d,r12d add ecx,r12d - lea rbp,QWORD PTR[4+rbp] + lea rbp,[4+rbp] add ecx,r14d - mov r12d,DWORD PTR[24+rsi] + mov r12d,DWORD[24+rsi] mov r13d,r10d mov r14d,ecx bswap r12d @@ -310,7 +314,7 @@ $L$loop:: ror r14d,9 xor r15d,eax - mov DWORD PTR[24+rsp],r12d + mov DWORD[24+rsp],r12d xor r14d,ecx and r15d,r10d @@ -323,7 +327,7 @@ $L$loop:: add r12d,r15d mov r15d,ecx - add r12d,DWORD PTR[rbp] + add r12d,DWORD[rbp] xor r14d,ecx xor r15d,edx @@ -338,9 +342,9 @@ $L$loop:: add r9d,r12d add ebx,r12d - lea rbp,QWORD PTR[4+rbp] + lea rbp,[4+rbp] add ebx,r14d - mov r12d,DWORD PTR[28+rsi] + mov r12d,DWORD[28+rsi] mov r13d,r9d mov r14d,ebx bswap r12d @@ -351,7 +355,7 @@ $L$loop:: ror r14d,9 xor edi,r11d - mov DWORD PTR[28+rsp],r12d + mov DWORD[28+rsp],r12d xor r14d,ebx and edi,r9d @@ -364,7 +368,7 @@ $L$loop:: add r12d,edi mov edi,ebx - add r12d,DWORD PTR[rbp] + add r12d,DWORD[rbp] xor r14d,ebx xor edi,ecx @@ -379,9 +383,9 @@ $L$loop:: add r8d,r12d add eax,r12d - lea rbp,QWORD PTR[20+rbp] + lea rbp,[20+rbp] add eax,r14d - mov r12d,DWORD PTR[32+rsi] + mov r12d,DWORD[32+rsi] mov r13d,r8d mov r14d,eax bswap r12d @@ -392,7 +396,7 @@ $L$loop:: ror r14d,9 xor r15d,r10d - mov DWORD PTR[32+rsp],r12d + mov DWORD[32+rsp],r12d xor r14d,eax and r15d,r8d @@ -405,7 +409,7 @@ $L$loop:: add r12d,r15d mov r15d,eax - add r12d,DWORD PTR[rbp] + add r12d,DWORD[rbp] xor r14d,eax xor r15d,ebx @@ -420,9 +424,9 @@ $L$loop:: add edx,r12d add r11d,r12d - lea rbp,QWORD PTR[4+rbp] + lea rbp,[4+rbp] add r11d,r14d - mov r12d,DWORD PTR[36+rsi] + mov r12d,DWORD[36+rsi] mov r13d,edx mov r14d,r11d bswap r12d @@ -433,7 +437,7 @@ $L$loop:: ror r14d,9 xor edi,r9d - mov DWORD PTR[36+rsp],r12d + mov DWORD[36+rsp],r12d xor r14d,r11d and edi,edx @@ -446,7 +450,7 @@ $L$loop:: add r12d,edi mov edi,r11d - add r12d,DWORD PTR[rbp] + add r12d,DWORD[rbp] xor r14d,r11d xor edi,eax @@ -461,9 +465,9 @@ $L$loop:: add ecx,r12d add r10d,r12d - lea rbp,QWORD PTR[4+rbp] + lea rbp,[4+rbp] add r10d,r14d - mov r12d,DWORD PTR[40+rsi] + mov r12d,DWORD[40+rsi] mov r13d,ecx mov r14d,r10d bswap r12d @@ -474,7 +478,7 @@ $L$loop:: ror r14d,9 xor r15d,r8d - mov DWORD PTR[40+rsp],r12d + mov DWORD[40+rsp],r12d xor r14d,r10d and r15d,ecx @@ -487,7 +491,7 @@ $L$loop:: add r12d,r15d mov r15d,r10d - add r12d,DWORD PTR[rbp] + add r12d,DWORD[rbp] xor r14d,r10d xor r15d,r11d @@ -502,9 +506,9 @@ $L$loop:: add ebx,r12d add r9d,r12d - lea rbp,QWORD PTR[4+rbp] + lea rbp,[4+rbp] add r9d,r14d - mov r12d,DWORD PTR[44+rsi] + mov r12d,DWORD[44+rsi] mov r13d,ebx mov r14d,r9d bswap r12d @@ -515,7 +519,7 @@ $L$loop:: ror r14d,9 xor edi,edx - mov DWORD PTR[44+rsp],r12d + mov DWORD[44+rsp],r12d xor r14d,r9d and edi,ebx @@ -528,7 +532,7 @@ $L$loop:: add r12d,edi mov edi,r9d - add r12d,DWORD PTR[rbp] + add r12d,DWORD[rbp] xor r14d,r9d xor edi,r10d @@ -543,9 +547,9 @@ $L$loop:: add eax,r12d add r8d,r12d - lea rbp,QWORD PTR[20+rbp] + lea rbp,[20+rbp] add r8d,r14d - mov r12d,DWORD PTR[48+rsi] + mov r12d,DWORD[48+rsi] mov r13d,eax mov r14d,r8d bswap r12d @@ -556,7 +560,7 @@ $L$loop:: ror r14d,9 xor r15d,ecx - mov DWORD PTR[48+rsp],r12d + mov DWORD[48+rsp],r12d xor r14d,r8d and r15d,eax @@ -569,7 +573,7 @@ $L$loop:: add r12d,r15d mov r15d,r8d - add r12d,DWORD PTR[rbp] + add r12d,DWORD[rbp] xor r14d,r8d xor r15d,r9d @@ -584,9 +588,9 @@ $L$loop:: add r11d,r12d add edx,r12d - lea rbp,QWORD PTR[4+rbp] + lea rbp,[4+rbp] add edx,r14d - mov r12d,DWORD PTR[52+rsi] + mov r12d,DWORD[52+rsi] mov r13d,r11d mov r14d,edx bswap r12d @@ -597,7 +601,7 @@ $L$loop:: ror r14d,9 xor edi,ebx - mov DWORD PTR[52+rsp],r12d + mov DWORD[52+rsp],r12d xor r14d,edx and edi,r11d @@ -610,7 +614,7 @@ $L$loop:: add r12d,edi mov edi,edx - add r12d,DWORD PTR[rbp] + add r12d,DWORD[rbp] xor r14d,edx xor edi,r8d @@ -625,9 +629,9 @@ $L$loop:: add r10d,r12d add ecx,r12d - lea rbp,QWORD PTR[4+rbp] + lea rbp,[4+rbp] add ecx,r14d - mov r12d,DWORD PTR[56+rsi] + mov r12d,DWORD[56+rsi] mov r13d,r10d mov r14d,ecx bswap r12d @@ -638,7 +642,7 @@ $L$loop:: ror r14d,9 xor r15d,eax - mov DWORD PTR[56+rsp],r12d + mov DWORD[56+rsp],r12d xor r14d,ecx and r15d,r10d @@ -651,7 +655,7 @@ $L$loop:: add r12d,r15d mov r15d,ecx - add r12d,DWORD PTR[rbp] + add r12d,DWORD[rbp] xor r14d,ecx xor r15d,edx @@ -666,9 +670,9 @@ $L$loop:: add r9d,r12d add ebx,r12d - lea rbp,QWORD PTR[4+rbp] + lea rbp,[4+rbp] add ebx,r14d - mov r12d,DWORD PTR[60+rsi] + mov r12d,DWORD[60+rsi] mov r13d,r9d mov r14d,ebx bswap r12d @@ -679,7 +683,7 @@ $L$loop:: ror r14d,9 xor edi,r11d - mov DWORD PTR[60+rsp],r12d + mov DWORD[60+rsp],r12d xor r14d,ebx and edi,r9d @@ -692,7 +696,7 @@ $L$loop:: add r12d,edi mov edi,ebx - add r12d,DWORD PTR[rbp] + add r12d,DWORD[rbp] xor r14d,ebx xor edi,ecx @@ -707,12 +711,12 @@ $L$loop:: add r8d,r12d add eax,r12d - lea rbp,QWORD PTR[20+rbp] - jmp $L$rounds_16_xx + lea rbp,[20+rbp] + jmp NEAR $L$rounds_16_xx ALIGN 16 -$L$rounds_16_xx:: - mov r13d,DWORD PTR[4+rsp] - mov r15d,DWORD PTR[56+rsp] +$L$rounds_16_xx: + mov r13d,DWORD[4+rsp] + mov r15d,DWORD[56+rsp] mov r12d,r13d ror r13d,11 @@ -729,9 +733,9 @@ $L$rounds_16_xx:: ror r15d,17 xor r12d,r13d xor r15d,r14d - add r12d,DWORD PTR[36+rsp] + add r12d,DWORD[36+rsp] - add r12d,DWORD PTR[rsp] + add r12d,DWORD[rsp] mov r13d,r8d add r12d,r15d mov r14d,eax @@ -742,7 +746,7 @@ $L$rounds_16_xx:: ror r14d,9 xor r15d,r10d - mov DWORD PTR[rsp],r12d + mov DWORD[rsp],r12d xor r14d,eax and r15d,r8d @@ -755,7 +759,7 @@ $L$rounds_16_xx:: add r12d,r15d mov r15d,eax - add r12d,DWORD PTR[rbp] + add r12d,DWORD[rbp] xor r14d,eax xor r15d,ebx @@ -770,9 +774,9 @@ $L$rounds_16_xx:: add edx,r12d add r11d,r12d - lea rbp,QWORD PTR[4+rbp] - mov r13d,DWORD PTR[8+rsp] - mov edi,DWORD PTR[60+rsp] + lea rbp,[4+rbp] + mov r13d,DWORD[8+rsp] + mov edi,DWORD[60+rsp] mov r12d,r13d ror r13d,11 @@ -789,9 +793,9 @@ $L$rounds_16_xx:: ror edi,17 xor r12d,r13d xor edi,r14d - add r12d,DWORD PTR[40+rsp] + add r12d,DWORD[40+rsp] - add r12d,DWORD PTR[4+rsp] + add r12d,DWORD[4+rsp] mov r13d,edx add r12d,edi mov r14d,r11d @@ -802,7 +806,7 @@ $L$rounds_16_xx:: ror r14d,9 xor edi,r9d - mov DWORD PTR[4+rsp],r12d + mov DWORD[4+rsp],r12d xor r14d,r11d and edi,edx @@ -815,7 +819,7 @@ $L$rounds_16_xx:: add r12d,edi mov edi,r11d - add r12d,DWORD PTR[rbp] + add r12d,DWORD[rbp] xor r14d,r11d xor edi,eax @@ -830,9 +834,9 @@ $L$rounds_16_xx:: add ecx,r12d add r10d,r12d - lea rbp,QWORD PTR[4+rbp] - mov r13d,DWORD PTR[12+rsp] - mov r15d,DWORD PTR[rsp] + lea rbp,[4+rbp] + mov r13d,DWORD[12+rsp] + mov r15d,DWORD[rsp] mov r12d,r13d ror r13d,11 @@ -849,9 +853,9 @@ $L$rounds_16_xx:: ror r15d,17 xor r12d,r13d xor r15d,r14d - add r12d,DWORD PTR[44+rsp] + add r12d,DWORD[44+rsp] - add r12d,DWORD PTR[8+rsp] + add r12d,DWORD[8+rsp] mov r13d,ecx add r12d,r15d mov r14d,r10d @@ -862,7 +866,7 @@ $L$rounds_16_xx:: ror r14d,9 xor r15d,r8d - mov DWORD PTR[8+rsp],r12d + mov DWORD[8+rsp],r12d xor r14d,r10d and r15d,ecx @@ -875,7 +879,7 @@ $L$rounds_16_xx:: add r12d,r15d mov r15d,r10d - add r12d,DWORD PTR[rbp] + add r12d,DWORD[rbp] xor r14d,r10d xor r15d,r11d @@ -890,9 +894,9 @@ $L$rounds_16_xx:: add ebx,r12d add r9d,r12d - lea rbp,QWORD PTR[4+rbp] - mov r13d,DWORD PTR[16+rsp] - mov edi,DWORD PTR[4+rsp] + lea rbp,[4+rbp] + mov r13d,DWORD[16+rsp] + mov edi,DWORD[4+rsp] mov r12d,r13d ror r13d,11 @@ -909,9 +913,9 @@ $L$rounds_16_xx:: ror edi,17 xor r12d,r13d xor edi,r14d - add r12d,DWORD PTR[48+rsp] + add r12d,DWORD[48+rsp] - add r12d,DWORD PTR[12+rsp] + add r12d,DWORD[12+rsp] mov r13d,ebx add r12d,edi mov r14d,r9d @@ -922,7 +926,7 @@ $L$rounds_16_xx:: ror r14d,9 xor edi,edx - mov DWORD PTR[12+rsp],r12d + mov DWORD[12+rsp],r12d xor r14d,r9d and edi,ebx @@ -935,7 +939,7 @@ $L$rounds_16_xx:: add r12d,edi mov edi,r9d - add r12d,DWORD PTR[rbp] + add r12d,DWORD[rbp] xor r14d,r9d xor edi,r10d @@ -950,9 +954,9 @@ $L$rounds_16_xx:: add eax,r12d add r8d,r12d - lea rbp,QWORD PTR[20+rbp] - mov r13d,DWORD PTR[20+rsp] - mov r15d,DWORD PTR[8+rsp] + lea rbp,[20+rbp] + mov r13d,DWORD[20+rsp] + mov r15d,DWORD[8+rsp] mov r12d,r13d ror r13d,11 @@ -969,9 +973,9 @@ $L$rounds_16_xx:: ror r15d,17 xor r12d,r13d xor r15d,r14d - add r12d,DWORD PTR[52+rsp] + add r12d,DWORD[52+rsp] - add r12d,DWORD PTR[16+rsp] + add r12d,DWORD[16+rsp] mov r13d,eax add r12d,r15d mov r14d,r8d @@ -982,7 +986,7 @@ $L$rounds_16_xx:: ror r14d,9 xor r15d,ecx - mov DWORD PTR[16+rsp],r12d + mov DWORD[16+rsp],r12d xor r14d,r8d and r15d,eax @@ -995,7 +999,7 @@ $L$rounds_16_xx:: add r12d,r15d mov r15d,r8d - add r12d,DWORD PTR[rbp] + add r12d,DWORD[rbp] xor r14d,r8d xor r15d,r9d @@ -1010,9 +1014,9 @@ $L$rounds_16_xx:: add r11d,r12d add edx,r12d - lea rbp,QWORD PTR[4+rbp] - mov r13d,DWORD PTR[24+rsp] - mov edi,DWORD PTR[12+rsp] + lea rbp,[4+rbp] + mov r13d,DWORD[24+rsp] + mov edi,DWORD[12+rsp] mov r12d,r13d ror r13d,11 @@ -1029,9 +1033,9 @@ $L$rounds_16_xx:: ror edi,17 xor r12d,r13d xor edi,r14d - add r12d,DWORD PTR[56+rsp] + add r12d,DWORD[56+rsp] - add r12d,DWORD PTR[20+rsp] + add r12d,DWORD[20+rsp] mov r13d,r11d add r12d,edi mov r14d,edx @@ -1042,7 +1046,7 @@ $L$rounds_16_xx:: ror r14d,9 xor edi,ebx - mov DWORD PTR[20+rsp],r12d + mov DWORD[20+rsp],r12d xor r14d,edx and edi,r11d @@ -1055,7 +1059,7 @@ $L$rounds_16_xx:: add r12d,edi mov edi,edx - add r12d,DWORD PTR[rbp] + add r12d,DWORD[rbp] xor r14d,edx xor edi,r8d @@ -1070,9 +1074,9 @@ $L$rounds_16_xx:: add r10d,r12d add ecx,r12d - lea rbp,QWORD PTR[4+rbp] - mov r13d,DWORD PTR[28+rsp] - mov r15d,DWORD PTR[16+rsp] + lea rbp,[4+rbp] + mov r13d,DWORD[28+rsp] + mov r15d,DWORD[16+rsp] mov r12d,r13d ror r13d,11 @@ -1089,9 +1093,9 @@ $L$rounds_16_xx:: ror r15d,17 xor r12d,r13d xor r15d,r14d - add r12d,DWORD PTR[60+rsp] + add r12d,DWORD[60+rsp] - add r12d,DWORD PTR[24+rsp] + add r12d,DWORD[24+rsp] mov r13d,r10d add r12d,r15d mov r14d,ecx @@ -1102,7 +1106,7 @@ $L$rounds_16_xx:: ror r14d,9 xor r15d,eax - mov DWORD PTR[24+rsp],r12d + mov DWORD[24+rsp],r12d xor r14d,ecx and r15d,r10d @@ -1115,7 +1119,7 @@ $L$rounds_16_xx:: add r12d,r15d mov r15d,ecx - add r12d,DWORD PTR[rbp] + add r12d,DWORD[rbp] xor r14d,ecx xor r15d,edx @@ -1130,9 +1134,9 @@ $L$rounds_16_xx:: add r9d,r12d add ebx,r12d - lea rbp,QWORD PTR[4+rbp] - mov r13d,DWORD PTR[32+rsp] - mov edi,DWORD PTR[20+rsp] + lea rbp,[4+rbp] + mov r13d,DWORD[32+rsp] + mov edi,DWORD[20+rsp] mov r12d,r13d ror r13d,11 @@ -1149,9 +1153,9 @@ $L$rounds_16_xx:: ror edi,17 xor r12d,r13d xor edi,r14d - add r12d,DWORD PTR[rsp] + add r12d,DWORD[rsp] - add r12d,DWORD PTR[28+rsp] + add r12d,DWORD[28+rsp] mov r13d,r9d add r12d,edi mov r14d,ebx @@ -1162,7 +1166,7 @@ $L$rounds_16_xx:: ror r14d,9 xor edi,r11d - mov DWORD PTR[28+rsp],r12d + mov DWORD[28+rsp],r12d xor r14d,ebx and edi,r9d @@ -1175,7 +1179,7 @@ $L$rounds_16_xx:: add r12d,edi mov edi,ebx - add r12d,DWORD PTR[rbp] + add r12d,DWORD[rbp] xor r14d,ebx xor edi,ecx @@ -1190,9 +1194,9 @@ $L$rounds_16_xx:: add r8d,r12d add eax,r12d - lea rbp,QWORD PTR[20+rbp] - mov r13d,DWORD PTR[36+rsp] - mov r15d,DWORD PTR[24+rsp] + lea rbp,[20+rbp] + mov r13d,DWORD[36+rsp] + mov r15d,DWORD[24+rsp] mov r12d,r13d ror r13d,11 @@ -1209,9 +1213,9 @@ $L$rounds_16_xx:: ror r15d,17 xor r12d,r13d xor r15d,r14d - add r12d,DWORD PTR[4+rsp] + add r12d,DWORD[4+rsp] - add r12d,DWORD PTR[32+rsp] + add r12d,DWORD[32+rsp] mov r13d,r8d add r12d,r15d mov r14d,eax @@ -1222,7 +1226,7 @@ $L$rounds_16_xx:: ror r14d,9 xor r15d,r10d - mov DWORD PTR[32+rsp],r12d + mov DWORD[32+rsp],r12d xor r14d,eax and r15d,r8d @@ -1235,7 +1239,7 @@ $L$rounds_16_xx:: add r12d,r15d mov r15d,eax - add r12d,DWORD PTR[rbp] + add r12d,DWORD[rbp] xor r14d,eax xor r15d,ebx @@ -1250,9 +1254,9 @@ $L$rounds_16_xx:: add edx,r12d add r11d,r12d - lea rbp,QWORD PTR[4+rbp] - mov r13d,DWORD PTR[40+rsp] - mov edi,DWORD PTR[28+rsp] + lea rbp,[4+rbp] + mov r13d,DWORD[40+rsp] + mov edi,DWORD[28+rsp] mov r12d,r13d ror r13d,11 @@ -1269,9 +1273,9 @@ $L$rounds_16_xx:: ror edi,17 xor r12d,r13d xor edi,r14d - add r12d,DWORD PTR[8+rsp] + add r12d,DWORD[8+rsp] - add r12d,DWORD PTR[36+rsp] + add r12d,DWORD[36+rsp] mov r13d,edx add r12d,edi mov r14d,r11d @@ -1282,7 +1286,7 @@ $L$rounds_16_xx:: ror r14d,9 xor edi,r9d - mov DWORD PTR[36+rsp],r12d + mov DWORD[36+rsp],r12d xor r14d,r11d and edi,edx @@ -1295,7 +1299,7 @@ $L$rounds_16_xx:: add r12d,edi mov edi,r11d - add r12d,DWORD PTR[rbp] + add r12d,DWORD[rbp] xor r14d,r11d xor edi,eax @@ -1310,9 +1314,9 @@ $L$rounds_16_xx:: add ecx,r12d add r10d,r12d - lea rbp,QWORD PTR[4+rbp] - mov r13d,DWORD PTR[44+rsp] - mov r15d,DWORD PTR[32+rsp] + lea rbp,[4+rbp] + mov r13d,DWORD[44+rsp] + mov r15d,DWORD[32+rsp] mov r12d,r13d ror r13d,11 @@ -1329,9 +1333,9 @@ $L$rounds_16_xx:: ror r15d,17 xor r12d,r13d xor r15d,r14d - add r12d,DWORD PTR[12+rsp] + add r12d,DWORD[12+rsp] - add r12d,DWORD PTR[40+rsp] + add r12d,DWORD[40+rsp] mov r13d,ecx add r12d,r15d mov r14d,r10d @@ -1342,7 +1346,7 @@ $L$rounds_16_xx:: ror r14d,9 xor r15d,r8d - mov DWORD PTR[40+rsp],r12d + mov DWORD[40+rsp],r12d xor r14d,r10d and r15d,ecx @@ -1355,7 +1359,7 @@ $L$rounds_16_xx:: add r12d,r15d mov r15d,r10d - add r12d,DWORD PTR[rbp] + add r12d,DWORD[rbp] xor r14d,r10d xor r15d,r11d @@ -1370,9 +1374,9 @@ $L$rounds_16_xx:: add ebx,r12d add r9d,r12d - lea rbp,QWORD PTR[4+rbp] - mov r13d,DWORD PTR[48+rsp] - mov edi,DWORD PTR[36+rsp] + lea rbp,[4+rbp] + mov r13d,DWORD[48+rsp] + mov edi,DWORD[36+rsp] mov r12d,r13d ror r13d,11 @@ -1389,9 +1393,9 @@ $L$rounds_16_xx:: ror edi,17 xor r12d,r13d xor edi,r14d - add r12d,DWORD PTR[16+rsp] + add r12d,DWORD[16+rsp] - add r12d,DWORD PTR[44+rsp] + add r12d,DWORD[44+rsp] mov r13d,ebx add r12d,edi mov r14d,r9d @@ -1402,7 +1406,7 @@ $L$rounds_16_xx:: ror r14d,9 xor edi,edx - mov DWORD PTR[44+rsp],r12d + mov DWORD[44+rsp],r12d xor r14d,r9d and edi,ebx @@ -1415,7 +1419,7 @@ $L$rounds_16_xx:: add r12d,edi mov edi,r9d - add r12d,DWORD PTR[rbp] + add r12d,DWORD[rbp] xor r14d,r9d xor edi,r10d @@ -1430,9 +1434,9 @@ $L$rounds_16_xx:: add eax,r12d add r8d,r12d - lea rbp,QWORD PTR[20+rbp] - mov r13d,DWORD PTR[52+rsp] - mov r15d,DWORD PTR[40+rsp] + lea rbp,[20+rbp] + mov r13d,DWORD[52+rsp] + mov r15d,DWORD[40+rsp] mov r12d,r13d ror r13d,11 @@ -1449,9 +1453,9 @@ $L$rounds_16_xx:: ror r15d,17 xor r12d,r13d xor r15d,r14d - add r12d,DWORD PTR[20+rsp] + add r12d,DWORD[20+rsp] - add r12d,DWORD PTR[48+rsp] + add r12d,DWORD[48+rsp] mov r13d,eax add r12d,r15d mov r14d,r8d @@ -1462,7 +1466,7 @@ $L$rounds_16_xx:: ror r14d,9 xor r15d,ecx - mov DWORD PTR[48+rsp],r12d + mov DWORD[48+rsp],r12d xor r14d,r8d and r15d,eax @@ -1475,7 +1479,7 @@ $L$rounds_16_xx:: add r12d,r15d mov r15d,r8d - add r12d,DWORD PTR[rbp] + add r12d,DWORD[rbp] xor r14d,r8d xor r15d,r9d @@ -1490,9 +1494,9 @@ $L$rounds_16_xx:: add r11d,r12d add edx,r12d - lea rbp,QWORD PTR[4+rbp] - mov r13d,DWORD PTR[56+rsp] - mov edi,DWORD PTR[44+rsp] + lea rbp,[4+rbp] + mov r13d,DWORD[56+rsp] + mov edi,DWORD[44+rsp] mov r12d,r13d ror r13d,11 @@ -1509,9 +1513,9 @@ $L$rounds_16_xx:: ror edi,17 xor r12d,r13d xor edi,r14d - add r12d,DWORD PTR[24+rsp] + add r12d,DWORD[24+rsp] - add r12d,DWORD PTR[52+rsp] + add r12d,DWORD[52+rsp] mov r13d,r11d add r12d,edi mov r14d,edx @@ -1522,7 +1526,7 @@ $L$rounds_16_xx:: ror r14d,9 xor edi,ebx - mov DWORD PTR[52+rsp],r12d + mov DWORD[52+rsp],r12d xor r14d,edx and edi,r11d @@ -1535,7 +1539,7 @@ $L$rounds_16_xx:: add r12d,edi mov edi,edx - add r12d,DWORD PTR[rbp] + add r12d,DWORD[rbp] xor r14d,edx xor edi,r8d @@ -1550,9 +1554,9 @@ $L$rounds_16_xx:: add r10d,r12d add ecx,r12d - lea rbp,QWORD PTR[4+rbp] - mov r13d,DWORD PTR[60+rsp] - mov r15d,DWORD PTR[48+rsp] + lea rbp,[4+rbp] + mov r13d,DWORD[60+rsp] + mov r15d,DWORD[48+rsp] mov r12d,r13d ror r13d,11 @@ -1569,9 +1573,9 @@ $L$rounds_16_xx:: ror r15d,17 xor r12d,r13d xor r15d,r14d - add r12d,DWORD PTR[28+rsp] + add r12d,DWORD[28+rsp] - add r12d,DWORD PTR[56+rsp] + add r12d,DWORD[56+rsp] mov r13d,r10d add r12d,r15d mov r14d,ecx @@ -1582,7 +1586,7 @@ $L$rounds_16_xx:: ror r14d,9 xor r15d,eax - mov DWORD PTR[56+rsp],r12d + mov DWORD[56+rsp],r12d xor r14d,ecx and r15d,r10d @@ -1595,7 +1599,7 @@ $L$rounds_16_xx:: add r12d,r15d mov r15d,ecx - add r12d,DWORD PTR[rbp] + add r12d,DWORD[rbp] xor r14d,ecx xor r15d,edx @@ -1610,9 +1614,9 @@ $L$rounds_16_xx:: add r9d,r12d add ebx,r12d - lea rbp,QWORD PTR[4+rbp] - mov r13d,DWORD PTR[rsp] - mov edi,DWORD PTR[52+rsp] + lea rbp,[4+rbp] + mov r13d,DWORD[rsp] + mov edi,DWORD[52+rsp] mov r12d,r13d ror r13d,11 @@ -1629,9 +1633,9 @@ $L$rounds_16_xx:: ror edi,17 xor r12d,r13d xor edi,r14d - add r12d,DWORD PTR[32+rsp] + add r12d,DWORD[32+rsp] - add r12d,DWORD PTR[60+rsp] + add r12d,DWORD[60+rsp] mov r13d,r9d add r12d,edi mov r14d,ebx @@ -1642,7 +1646,7 @@ $L$rounds_16_xx:: ror r14d,9 xor edi,r11d - mov DWORD PTR[60+rsp],r12d + mov DWORD[60+rsp],r12d xor r14d,ebx and edi,r9d @@ -1655,7 +1659,7 @@ $L$rounds_16_xx:: add r12d,edi mov edi,ebx - add r12d,DWORD PTR[rbp] + add r12d,DWORD[rbp] xor r14d,ebx xor edi,ecx @@ -1670,91 +1674,90 @@ $L$rounds_16_xx:: add r8d,r12d add eax,r12d - lea rbp,QWORD PTR[20+rbp] - cmp BYTE PTR[3+rbp],0 - jnz $L$rounds_16_xx + lea rbp,[20+rbp] + cmp BYTE[3+rbp],0 + jnz NEAR $L$rounds_16_xx - mov rdi,QWORD PTR[((64+0))+rsp] + mov rdi,QWORD[((64+0))+rsp] add eax,r14d - lea rsi,QWORD PTR[64+rsi] - - add eax,DWORD PTR[rdi] - add ebx,DWORD PTR[4+rdi] - add ecx,DWORD PTR[8+rdi] - add edx,DWORD PTR[12+rdi] - add r8d,DWORD PTR[16+rdi] - add r9d,DWORD PTR[20+rdi] - add r10d,DWORD PTR[24+rdi] - add r11d,DWORD PTR[28+rdi] - - cmp rsi,QWORD PTR[((64+16))+rsp] - - mov DWORD PTR[rdi],eax - mov DWORD PTR[4+rdi],ebx - mov DWORD PTR[8+rdi],ecx - mov DWORD PTR[12+rdi],edx - mov DWORD PTR[16+rdi],r8d - mov DWORD PTR[20+rdi],r9d - mov DWORD PTR[24+rdi],r10d - mov DWORD PTR[28+rdi],r11d - jb $L$loop - - mov rsi,QWORD PTR[((64+24))+rsp] - mov r15,QWORD PTR[rsi] - mov r14,QWORD PTR[8+rsi] - mov r13,QWORD PTR[16+rsi] - mov r12,QWORD PTR[24+rsi] - mov rbp,QWORD PTR[32+rsi] - mov rbx,QWORD PTR[40+rsi] - lea rsp,QWORD PTR[48+rsi] -$L$epilogue:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] + lea rsi,[64+rsi] + + add eax,DWORD[rdi] + add ebx,DWORD[4+rdi] + add ecx,DWORD[8+rdi] + add edx,DWORD[12+rdi] + add r8d,DWORD[16+rdi] + add r9d,DWORD[20+rdi] + add r10d,DWORD[24+rdi] + add r11d,DWORD[28+rdi] + + cmp rsi,QWORD[((64+16))+rsp] + + mov DWORD[rdi],eax + mov DWORD[4+rdi],ebx + mov DWORD[8+rdi],ecx + mov DWORD[12+rdi],edx + mov DWORD[16+rdi],r8d + mov DWORD[20+rdi],r9d + mov DWORD[24+rdi],r10d + mov DWORD[28+rdi],r11d + jb NEAR $L$loop + + mov rsi,QWORD[((64+24))+rsp] + mov r15,QWORD[rsi] + mov r14,QWORD[8+rsi] + mov r13,QWORD[16+rsi] + mov r12,QWORD[24+rsi] + mov rbp,QWORD[32+rsi] + mov rbx,QWORD[40+rsi] + lea rsp,[48+rsi] +$L$epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_sha256_block_data_order:: -sha256_block_data_order ENDP +$L$SEH_end_sha256_block_data_order: ALIGN 64 -K256:: - DD 0428a2f98h,071374491h,0b5c0fbcfh,0e9b5dba5h - DD 0428a2f98h,071374491h,0b5c0fbcfh,0e9b5dba5h - DD 03956c25bh,059f111f1h,0923f82a4h,0ab1c5ed5h - DD 03956c25bh,059f111f1h,0923f82a4h,0ab1c5ed5h - DD 0d807aa98h,012835b01h,0243185beh,0550c7dc3h - DD 0d807aa98h,012835b01h,0243185beh,0550c7dc3h - DD 072be5d74h,080deb1feh,09bdc06a7h,0c19bf174h - DD 072be5d74h,080deb1feh,09bdc06a7h,0c19bf174h - DD 0e49b69c1h,0efbe4786h,00fc19dc6h,0240ca1cch - DD 0e49b69c1h,0efbe4786h,00fc19dc6h,0240ca1cch - DD 02de92c6fh,04a7484aah,05cb0a9dch,076f988dah - DD 02de92c6fh,04a7484aah,05cb0a9dch,076f988dah - DD 0983e5152h,0a831c66dh,0b00327c8h,0bf597fc7h - DD 0983e5152h,0a831c66dh,0b00327c8h,0bf597fc7h - DD 0c6e00bf3h,0d5a79147h,006ca6351h,014292967h - DD 0c6e00bf3h,0d5a79147h,006ca6351h,014292967h - DD 027b70a85h,02e1b2138h,04d2c6dfch,053380d13h - DD 027b70a85h,02e1b2138h,04d2c6dfch,053380d13h - DD 0650a7354h,0766a0abbh,081c2c92eh,092722c85h - DD 0650a7354h,0766a0abbh,081c2c92eh,092722c85h - DD 0a2bfe8a1h,0a81a664bh,0c24b8b70h,0c76c51a3h - DD 0a2bfe8a1h,0a81a664bh,0c24b8b70h,0c76c51a3h - DD 0d192e819h,0d6990624h,0f40e3585h,0106aa070h - DD 0d192e819h,0d6990624h,0f40e3585h,0106aa070h - DD 019a4c116h,01e376c08h,02748774ch,034b0bcb5h - DD 019a4c116h,01e376c08h,02748774ch,034b0bcb5h - DD 0391c0cb3h,04ed8aa4ah,05b9cca4fh,0682e6ff3h - DD 0391c0cb3h,04ed8aa4ah,05b9cca4fh,0682e6ff3h - DD 0748f82eeh,078a5636fh,084c87814h,08cc70208h - DD 0748f82eeh,078a5636fh,084c87814h,08cc70208h - DD 090befffah,0a4506cebh,0bef9a3f7h,0c67178f2h - DD 090befffah,0a4506cebh,0bef9a3f7h,0c67178f2h - - DD 000010203h,004050607h,008090a0bh,00c0d0e0fh - DD 000010203h,004050607h,008090a0bh,00c0d0e0fh - DD 003020100h,00b0a0908h,0ffffffffh,0ffffffffh - DD 003020100h,00b0a0908h,0ffffffffh,0ffffffffh - DD 0ffffffffh,0ffffffffh,003020100h,00b0a0908h - DD 0ffffffffh,0ffffffffh,003020100h,00b0a0908h +K256: + DD 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5 + DD 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5 + DD 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5 + DD 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5 + DD 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3 + DD 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3 + DD 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174 + DD 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174 + DD 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc + DD 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc + DD 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da + DD 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da + DD 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7 + DD 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7 + DD 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967 + DD 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967 + DD 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13 + DD 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13 + DD 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85 + DD 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85 + DD 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3 + DD 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3 + DD 0xd192e819,0xd6990624,0xf40e3585,0x106aa070 + DD 0xd192e819,0xd6990624,0xf40e3585,0x106aa070 + DD 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5 + DD 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5 + DD 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3 + DD 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3 + DD 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 + DD 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 + DD 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 + DD 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 + + DD 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f + DD 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f + DD 0x03020100,0x0b0a0908,0xffffffff,0xffffffff + DD 0x03020100,0x0b0a0908,0xffffffff,0xffffffff + DD 0xffffffff,0xffffffff,0x03020100,0x0b0a0908 + DD 0xffffffff,0xffffffff,0x03020100,0x0b0a0908 DB 83,72,65,50,53,54,32,98,108,111,99,107,32,116,114,97 DB 110,115,102,111,114,109,32,102,111,114,32,120,56,54,95,54 DB 52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121 @@ -1762,17 +1765,17 @@ DB 32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46 DB 111,114,103,62,0 ALIGN 64 -sha256_block_data_order_ssse3 PROC PRIVATE - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +sha256_block_data_order_ssse3: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_sha256_block_data_order_ssse3:: +$L$SEH_begin_sha256_block_data_order_ssse3: mov rdi,rcx mov rsi,rdx mov rdx,r8 -$L$ssse3_shortcut:: +$L$ssse3_shortcut: push rbx push rbp push r12 @@ -1782,61 +1785,61 @@ $L$ssse3_shortcut:: mov r11,rsp shl rdx,4 sub rsp,160 - lea rdx,QWORD PTR[rdx*4+rsi] + lea rdx,[rdx*4+rsi] and rsp,-64 - mov QWORD PTR[((64+0))+rsp],rdi - mov QWORD PTR[((64+8))+rsp],rsi - mov QWORD PTR[((64+16))+rsp],rdx - mov QWORD PTR[((64+24))+rsp],r11 - movaps XMMWORD PTR[(64+32)+rsp],xmm6 - movaps XMMWORD PTR[(64+48)+rsp],xmm7 - movaps XMMWORD PTR[(64+64)+rsp],xmm8 - movaps XMMWORD PTR[(64+80)+rsp],xmm9 -$L$prologue_ssse3:: - - mov eax,DWORD PTR[rdi] - mov ebx,DWORD PTR[4+rdi] - mov ecx,DWORD PTR[8+rdi] - mov edx,DWORD PTR[12+rdi] - mov r8d,DWORD PTR[16+rdi] - mov r9d,DWORD PTR[20+rdi] - mov r10d,DWORD PTR[24+rdi] - mov r11d,DWORD PTR[28+rdi] - - - jmp $L$loop_ssse3 + mov QWORD[((64+0))+rsp],rdi + mov QWORD[((64+8))+rsp],rsi + mov QWORD[((64+16))+rsp],rdx + mov QWORD[((64+24))+rsp],r11 + movaps XMMWORD[(64+32)+rsp],xmm6 + movaps XMMWORD[(64+48)+rsp],xmm7 + movaps XMMWORD[(64+64)+rsp],xmm8 + movaps XMMWORD[(64+80)+rsp],xmm9 +$L$prologue_ssse3: + + mov eax,DWORD[rdi] + mov ebx,DWORD[4+rdi] + mov ecx,DWORD[8+rdi] + mov edx,DWORD[12+rdi] + mov r8d,DWORD[16+rdi] + mov r9d,DWORD[20+rdi] + mov r10d,DWORD[24+rdi] + mov r11d,DWORD[28+rdi] + + + jmp NEAR $L$loop_ssse3 ALIGN 16 -$L$loop_ssse3:: - movdqa xmm7,XMMWORD PTR[((K256+512))] - movdqu xmm0,XMMWORD PTR[rsi] - movdqu xmm1,XMMWORD PTR[16+rsi] - movdqu xmm2,XMMWORD PTR[32+rsi] +$L$loop_ssse3: + movdqa xmm7,XMMWORD[((K256+512))] + movdqu xmm0,XMMWORD[rsi] + movdqu xmm1,XMMWORD[16+rsi] + movdqu xmm2,XMMWORD[32+rsi] DB 102,15,56,0,199 - movdqu xmm3,XMMWORD PTR[48+rsi] - lea rbp,QWORD PTR[K256] + movdqu xmm3,XMMWORD[48+rsi] + lea rbp,[K256] DB 102,15,56,0,207 - movdqa xmm4,XMMWORD PTR[rbp] - movdqa xmm5,XMMWORD PTR[32+rbp] + movdqa xmm4,XMMWORD[rbp] + movdqa xmm5,XMMWORD[32+rbp] DB 102,15,56,0,215 paddd xmm4,xmm0 - movdqa xmm6,XMMWORD PTR[64+rbp] + movdqa xmm6,XMMWORD[64+rbp] DB 102,15,56,0,223 - movdqa xmm7,XMMWORD PTR[96+rbp] + movdqa xmm7,XMMWORD[96+rbp] paddd xmm5,xmm1 paddd xmm6,xmm2 paddd xmm7,xmm3 - movdqa XMMWORD PTR[rsp],xmm4 + movdqa XMMWORD[rsp],xmm4 mov r14d,eax - movdqa XMMWORD PTR[16+rsp],xmm5 + movdqa XMMWORD[16+rsp],xmm5 mov edi,ebx - movdqa XMMWORD PTR[32+rsp],xmm6 + movdqa XMMWORD[32+rsp],xmm6 xor edi,ecx - movdqa XMMWORD PTR[48+rsp],xmm7 + movdqa XMMWORD[48+rsp],xmm7 mov r13d,r8d - jmp $L$ssse3_00_47 + jmp NEAR $L$ssse3_00_47 ALIGN 16 -$L$ssse3_00_47:: +$L$ssse3_00_47: sub rbp,-128 ror r13d,14 movdqa xmm4,xmm1 @@ -1852,7 +1855,7 @@ DB 102,15,58,15,224,4 and r12d,r8d xor r13d,r8d DB 102,15,58,15,250,4 - add r11d,DWORD PTR[rsp] + add r11d,DWORD[rsp] mov r15d,eax xor r12d,r10d ror r14d,11 @@ -1889,7 +1892,7 @@ DB 102,15,58,15,250,4 and r12d,edx xor r13d,edx pslld xmm5,11 - add r10d,DWORD PTR[4+rsp] + add r10d,DWORD[4+rsp] mov edi,r11d pxor xmm4,xmm6 xor r12d,r9d @@ -1925,7 +1928,7 @@ DB 102,15,58,15,250,4 and r12d,ecx pshufd xmm7,xmm7,128 xor r13d,ecx - add r9d,DWORD PTR[8+rsp] + add r9d,DWORD[8+rsp] mov r15d,r10d psrldq xmm7,8 xor r12d,r8d @@ -1959,7 +1962,7 @@ DB 102,15,58,15,250,4 psrlq xmm6,2 and r12d,ebx xor r13d,ebx - add r8d,DWORD PTR[12+rsp] + add r8d,DWORD[12+rsp] pxor xmm7,xmm6 mov edi,r9d xor r12d,edx @@ -1967,7 +1970,7 @@ DB 102,15,58,15,250,4 pshufd xmm7,xmm7,8 xor edi,r10d add r8d,r12d - movdqa xmm6,XMMWORD PTR[rbp] + movdqa xmm6,XMMWORD[rbp] ror r13d,6 and r15d,edi pslldq xmm7,8 @@ -1981,7 +1984,7 @@ DB 102,15,58,15,250,4 paddd xmm6,xmm0 mov r13d,eax add r14d,r8d - movdqa XMMWORD PTR[rsp],xmm6 + movdqa XMMWORD[rsp],xmm6 ror r13d,14 movdqa xmm4,xmm2 mov r8d,r14d @@ -1996,7 +1999,7 @@ DB 102,15,58,15,225,4 and r12d,eax xor r13d,eax DB 102,15,58,15,251,4 - add edx,DWORD PTR[16+rsp] + add edx,DWORD[16+rsp] mov r15d,r8d xor r12d,ecx ror r14d,11 @@ -2033,7 +2036,7 @@ DB 102,15,58,15,251,4 and r12d,r11d xor r13d,r11d pslld xmm5,11 - add ecx,DWORD PTR[20+rsp] + add ecx,DWORD[20+rsp] mov edi,edx pxor xmm4,xmm6 xor r12d,ebx @@ -2069,7 +2072,7 @@ DB 102,15,58,15,251,4 and r12d,r10d pshufd xmm7,xmm7,128 xor r13d,r10d - add ebx,DWORD PTR[24+rsp] + add ebx,DWORD[24+rsp] mov r15d,ecx psrldq xmm7,8 xor r12d,eax @@ -2103,7 +2106,7 @@ DB 102,15,58,15,251,4 psrlq xmm6,2 and r12d,r9d xor r13d,r9d - add eax,DWORD PTR[28+rsp] + add eax,DWORD[28+rsp] pxor xmm7,xmm6 mov edi,ebx xor r12d,r11d @@ -2111,7 +2114,7 @@ DB 102,15,58,15,251,4 pshufd xmm7,xmm7,8 xor edi,ecx add eax,r12d - movdqa xmm6,XMMWORD PTR[32+rbp] + movdqa xmm6,XMMWORD[32+rbp] ror r13d,6 and r15d,edi pslldq xmm7,8 @@ -2125,7 +2128,7 @@ DB 102,15,58,15,251,4 paddd xmm6,xmm1 mov r13d,r8d add r14d,eax - movdqa XMMWORD PTR[16+rsp],xmm6 + movdqa XMMWORD[16+rsp],xmm6 ror r13d,14 movdqa xmm4,xmm3 mov eax,r14d @@ -2140,7 +2143,7 @@ DB 102,15,58,15,226,4 and r12d,r8d xor r13d,r8d DB 102,15,58,15,248,4 - add r11d,DWORD PTR[32+rsp] + add r11d,DWORD[32+rsp] mov r15d,eax xor r12d,r10d ror r14d,11 @@ -2177,7 +2180,7 @@ DB 102,15,58,15,248,4 and r12d,edx xor r13d,edx pslld xmm5,11 - add r10d,DWORD PTR[36+rsp] + add r10d,DWORD[36+rsp] mov edi,r11d pxor xmm4,xmm6 xor r12d,r9d @@ -2213,7 +2216,7 @@ DB 102,15,58,15,248,4 and r12d,ecx pshufd xmm7,xmm7,128 xor r13d,ecx - add r9d,DWORD PTR[40+rsp] + add r9d,DWORD[40+rsp] mov r15d,r10d psrldq xmm7,8 xor r12d,r8d @@ -2247,7 +2250,7 @@ DB 102,15,58,15,248,4 psrlq xmm6,2 and r12d,ebx xor r13d,ebx - add r8d,DWORD PTR[44+rsp] + add r8d,DWORD[44+rsp] pxor xmm7,xmm6 mov edi,r9d xor r12d,edx @@ -2255,7 +2258,7 @@ DB 102,15,58,15,248,4 pshufd xmm7,xmm7,8 xor edi,r10d add r8d,r12d - movdqa xmm6,XMMWORD PTR[64+rbp] + movdqa xmm6,XMMWORD[64+rbp] ror r13d,6 and r15d,edi pslldq xmm7,8 @@ -2269,7 +2272,7 @@ DB 102,15,58,15,248,4 paddd xmm6,xmm2 mov r13d,eax add r14d,r8d - movdqa XMMWORD PTR[32+rsp],xmm6 + movdqa XMMWORD[32+rsp],xmm6 ror r13d,14 movdqa xmm4,xmm0 mov r8d,r14d @@ -2284,7 +2287,7 @@ DB 102,15,58,15,227,4 and r12d,eax xor r13d,eax DB 102,15,58,15,249,4 - add edx,DWORD PTR[48+rsp] + add edx,DWORD[48+rsp] mov r15d,r8d xor r12d,ecx ror r14d,11 @@ -2321,7 +2324,7 @@ DB 102,15,58,15,249,4 and r12d,r11d xor r13d,r11d pslld xmm5,11 - add ecx,DWORD PTR[52+rsp] + add ecx,DWORD[52+rsp] mov edi,edx pxor xmm4,xmm6 xor r12d,ebx @@ -2357,7 +2360,7 @@ DB 102,15,58,15,249,4 and r12d,r10d pshufd xmm7,xmm7,128 xor r13d,r10d - add ebx,DWORD PTR[56+rsp] + add ebx,DWORD[56+rsp] mov r15d,ecx psrldq xmm7,8 xor r12d,eax @@ -2391,7 +2394,7 @@ DB 102,15,58,15,249,4 psrlq xmm6,2 and r12d,r9d xor r13d,r9d - add eax,DWORD PTR[60+rsp] + add eax,DWORD[60+rsp] pxor xmm7,xmm6 mov edi,ebx xor r12d,r11d @@ -2399,7 +2402,7 @@ DB 102,15,58,15,249,4 pshufd xmm7,xmm7,8 xor edi,ecx add eax,r12d - movdqa xmm6,XMMWORD PTR[96+rbp] + movdqa xmm6,XMMWORD[96+rbp] ror r13d,6 and r15d,edi pslldq xmm7,8 @@ -2413,9 +2416,9 @@ DB 102,15,58,15,249,4 paddd xmm6,xmm3 mov r13d,r8d add r14d,eax - movdqa XMMWORD PTR[48+rsp],xmm6 - cmp BYTE PTR[131+rbp],0 - jne $L$ssse3_00_47 + movdqa XMMWORD[48+rsp],xmm6 + cmp BYTE[131+rbp],0 + jne NEAR $L$ssse3_00_47 ror r13d,14 mov eax,r14d mov r12d,r9d @@ -2426,7 +2429,7 @@ DB 102,15,58,15,249,4 xor r14d,eax and r12d,r8d xor r13d,r8d - add r11d,DWORD PTR[rsp] + add r11d,DWORD[rsp] mov r15d,eax xor r12d,r10d ror r14d,11 @@ -2452,7 +2455,7 @@ DB 102,15,58,15,249,4 xor r14d,r11d and r12d,edx xor r13d,edx - add r10d,DWORD PTR[4+rsp] + add r10d,DWORD[4+rsp] mov edi,r11d xor r12d,r9d ror r14d,11 @@ -2478,7 +2481,7 @@ DB 102,15,58,15,249,4 xor r14d,r10d and r12d,ecx xor r13d,ecx - add r9d,DWORD PTR[8+rsp] + add r9d,DWORD[8+rsp] mov r15d,r10d xor r12d,r8d ror r14d,11 @@ -2504,7 +2507,7 @@ DB 102,15,58,15,249,4 xor r14d,r9d and r12d,ebx xor r13d,ebx - add r8d,DWORD PTR[12+rsp] + add r8d,DWORD[12+rsp] mov edi,r9d xor r12d,edx ror r14d,11 @@ -2530,7 +2533,7 @@ DB 102,15,58,15,249,4 xor r14d,r8d and r12d,eax xor r13d,eax - add edx,DWORD PTR[16+rsp] + add edx,DWORD[16+rsp] mov r15d,r8d xor r12d,ecx ror r14d,11 @@ -2556,7 +2559,7 @@ DB 102,15,58,15,249,4 xor r14d,edx and r12d,r11d xor r13d,r11d - add ecx,DWORD PTR[20+rsp] + add ecx,DWORD[20+rsp] mov edi,edx xor r12d,ebx ror r14d,11 @@ -2582,7 +2585,7 @@ DB 102,15,58,15,249,4 xor r14d,ecx and r12d,r10d xor r13d,r10d - add ebx,DWORD PTR[24+rsp] + add ebx,DWORD[24+rsp] mov r15d,ecx xor r12d,eax ror r14d,11 @@ -2608,7 +2611,7 @@ DB 102,15,58,15,249,4 xor r14d,ebx and r12d,r9d xor r13d,r9d - add eax,DWORD PTR[28+rsp] + add eax,DWORD[28+rsp] mov edi,ebx xor r12d,r11d ror r14d,11 @@ -2634,7 +2637,7 @@ DB 102,15,58,15,249,4 xor r14d,eax and r12d,r8d xor r13d,r8d - add r11d,DWORD PTR[32+rsp] + add r11d,DWORD[32+rsp] mov r15d,eax xor r12d,r10d ror r14d,11 @@ -2660,7 +2663,7 @@ DB 102,15,58,15,249,4 xor r14d,r11d and r12d,edx xor r13d,edx - add r10d,DWORD PTR[36+rsp] + add r10d,DWORD[36+rsp] mov edi,r11d xor r12d,r9d ror r14d,11 @@ -2686,7 +2689,7 @@ DB 102,15,58,15,249,4 xor r14d,r10d and r12d,ecx xor r13d,ecx - add r9d,DWORD PTR[40+rsp] + add r9d,DWORD[40+rsp] mov r15d,r10d xor r12d,r8d ror r14d,11 @@ -2712,7 +2715,7 @@ DB 102,15,58,15,249,4 xor r14d,r9d and r12d,ebx xor r13d,ebx - add r8d,DWORD PTR[44+rsp] + add r8d,DWORD[44+rsp] mov edi,r9d xor r12d,edx ror r14d,11 @@ -2738,7 +2741,7 @@ DB 102,15,58,15,249,4 xor r14d,r8d and r12d,eax xor r13d,eax - add edx,DWORD PTR[48+rsp] + add edx,DWORD[48+rsp] mov r15d,r8d xor r12d,ecx ror r14d,11 @@ -2764,7 +2767,7 @@ DB 102,15,58,15,249,4 xor r14d,edx and r12d,r11d xor r13d,r11d - add ecx,DWORD PTR[52+rsp] + add ecx,DWORD[52+rsp] mov edi,edx xor r12d,ebx ror r14d,11 @@ -2790,7 +2793,7 @@ DB 102,15,58,15,249,4 xor r14d,ecx and r12d,r10d xor r13d,r10d - add ebx,DWORD PTR[56+rsp] + add ebx,DWORD[56+rsp] mov r15d,ecx xor r12d,eax ror r14d,11 @@ -2816,7 +2819,7 @@ DB 102,15,58,15,249,4 xor r14d,ebx and r12d,r9d xor r13d,r9d - add eax,DWORD PTR[60+rsp] + add eax,DWORD[60+rsp] mov edi,ebx xor r12d,r11d ror r14d,11 @@ -2832,53 +2835,52 @@ DB 102,15,58,15,249,4 add eax,r15d mov r13d,r8d add r14d,eax - mov rdi,QWORD PTR[((64+0))+rsp] + mov rdi,QWORD[((64+0))+rsp] mov eax,r14d - add eax,DWORD PTR[rdi] - lea rsi,QWORD PTR[64+rsi] - add ebx,DWORD PTR[4+rdi] - add ecx,DWORD PTR[8+rdi] - add edx,DWORD PTR[12+rdi] - add r8d,DWORD PTR[16+rdi] - add r9d,DWORD PTR[20+rdi] - add r10d,DWORD PTR[24+rdi] - add r11d,DWORD PTR[28+rdi] - - cmp rsi,QWORD PTR[((64+16))+rsp] - - mov DWORD PTR[rdi],eax - mov DWORD PTR[4+rdi],ebx - mov DWORD PTR[8+rdi],ecx - mov DWORD PTR[12+rdi],edx - mov DWORD PTR[16+rdi],r8d - mov DWORD PTR[20+rdi],r9d - mov DWORD PTR[24+rdi],r10d - mov DWORD PTR[28+rdi],r11d - jb $L$loop_ssse3 - - mov rsi,QWORD PTR[((64+24))+rsp] - movaps xmm6,XMMWORD PTR[((64+32))+rsp] - movaps xmm7,XMMWORD PTR[((64+48))+rsp] - movaps xmm8,XMMWORD PTR[((64+64))+rsp] - movaps xmm9,XMMWORD PTR[((64+80))+rsp] - mov r15,QWORD PTR[rsi] - mov r14,QWORD PTR[8+rsi] - mov r13,QWORD PTR[16+rsi] - mov r12,QWORD PTR[24+rsi] - mov rbp,QWORD PTR[32+rsi] - mov rbx,QWORD PTR[40+rsi] - lea rsp,QWORD PTR[48+rsi] -$L$epilogue_ssse3:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] + add eax,DWORD[rdi] + lea rsi,[64+rsi] + add ebx,DWORD[4+rdi] + add ecx,DWORD[8+rdi] + add edx,DWORD[12+rdi] + add r8d,DWORD[16+rdi] + add r9d,DWORD[20+rdi] + add r10d,DWORD[24+rdi] + add r11d,DWORD[28+rdi] + + cmp rsi,QWORD[((64+16))+rsp] + + mov DWORD[rdi],eax + mov DWORD[4+rdi],ebx + mov DWORD[8+rdi],ecx + mov DWORD[12+rdi],edx + mov DWORD[16+rdi],r8d + mov DWORD[20+rdi],r9d + mov DWORD[24+rdi],r10d + mov DWORD[28+rdi],r11d + jb NEAR $L$loop_ssse3 + + mov rsi,QWORD[((64+24))+rsp] + movaps xmm6,XMMWORD[((64+32))+rsp] + movaps xmm7,XMMWORD[((64+48))+rsp] + movaps xmm8,XMMWORD[((64+64))+rsp] + movaps xmm9,XMMWORD[((64+80))+rsp] + mov r15,QWORD[rsi] + mov r14,QWORD[8+rsi] + mov r13,QWORD[16+rsi] + mov r12,QWORD[24+rsi] + mov rbp,QWORD[32+rsi] + mov rbx,QWORD[40+rsi] + lea rsp,[48+rsi] +$L$epilogue_ssse3: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_sha256_block_data_order_ssse3:: -sha256_block_data_order_ssse3 ENDP -EXTERN __imp_RtlVirtualUnwind:NEAR +$L$SEH_end_sha256_block_data_order_ssse3: +EXTERN __imp_RtlVirtualUnwind ALIGN 16 -se_handler PROC PRIVATE +se_handler: push rsi push rdi push rbx @@ -2890,74 +2892,74 @@ se_handler PROC PRIVATE pushfq sub rsp,64 - mov rax,QWORD PTR[120+r8] - mov rbx,QWORD PTR[248+r8] + mov rax,QWORD[120+r8] + mov rbx,QWORD[248+r8] - mov rsi,QWORD PTR[8+r9] - mov r11,QWORD PTR[56+r9] + mov rsi,QWORD[8+r9] + mov r11,QWORD[56+r9] - mov r10d,DWORD PTR[r11] - lea r10,QWORD PTR[r10*1+rsi] + mov r10d,DWORD[r11] + lea r10,[r10*1+rsi] cmp rbx,r10 - jb $L$in_prologue + jb NEAR $L$in_prologue - mov rax,QWORD PTR[152+r8] + mov rax,QWORD[152+r8] - mov r10d,DWORD PTR[4+r11] - lea r10,QWORD PTR[r10*1+rsi] + mov r10d,DWORD[4+r11] + lea r10,[r10*1+rsi] cmp rbx,r10 - jae $L$in_prologue + jae NEAR $L$in_prologue mov rsi,rax - mov rax,QWORD PTR[((64+24))+rax] - lea rax,QWORD PTR[48+rax] - - mov rbx,QWORD PTR[((-8))+rax] - mov rbp,QWORD PTR[((-16))+rax] - mov r12,QWORD PTR[((-24))+rax] - mov r13,QWORD PTR[((-32))+rax] - mov r14,QWORD PTR[((-40))+rax] - mov r15,QWORD PTR[((-48))+rax] - mov QWORD PTR[144+r8],rbx - mov QWORD PTR[160+r8],rbp - mov QWORD PTR[216+r8],r12 - mov QWORD PTR[224+r8],r13 - mov QWORD PTR[232+r8],r14 - mov QWORD PTR[240+r8],r15 - - lea r10,QWORD PTR[$L$epilogue] + mov rax,QWORD[((64+24))+rax] + lea rax,[48+rax] + + mov rbx,QWORD[((-8))+rax] + mov rbp,QWORD[((-16))+rax] + mov r12,QWORD[((-24))+rax] + mov r13,QWORD[((-32))+rax] + mov r14,QWORD[((-40))+rax] + mov r15,QWORD[((-48))+rax] + mov QWORD[144+r8],rbx + mov QWORD[160+r8],rbp + mov QWORD[216+r8],r12 + mov QWORD[224+r8],r13 + mov QWORD[232+r8],r14 + mov QWORD[240+r8],r15 + + lea r10,[$L$epilogue] cmp rbx,r10 - jb $L$in_prologue + jb NEAR $L$in_prologue - lea rsi,QWORD PTR[((64+32))+rsi] - lea rdi,QWORD PTR[512+r8] + lea rsi,[((64+32))+rsi] + lea rdi,[512+r8] mov ecx,8 - DD 0a548f3fch + DD 0xa548f3fc -$L$in_prologue:: - mov rdi,QWORD PTR[8+rax] - mov rsi,QWORD PTR[16+rax] - mov QWORD PTR[152+r8],rax - mov QWORD PTR[168+r8],rsi - mov QWORD PTR[176+r8],rdi +$L$in_prologue: + mov rdi,QWORD[8+rax] + mov rsi,QWORD[16+rax] + mov QWORD[152+r8],rax + mov QWORD[168+r8],rsi + mov QWORD[176+r8],rdi - mov rdi,QWORD PTR[40+r9] + mov rdi,QWORD[40+r9] mov rsi,r8 mov ecx,154 - DD 0a548f3fch + DD 0xa548f3fc mov rsi,r9 xor rcx,rcx - mov rdx,QWORD PTR[8+rsi] - mov r8,QWORD PTR[rsi] - mov r9,QWORD PTR[16+rsi] - mov r10,QWORD PTR[40+rsi] - lea r11,QWORD PTR[56+rsi] - lea r12,QWORD PTR[24+rsi] - mov QWORD PTR[32+rsp],r10 - mov QWORD PTR[40+rsp],r11 - mov QWORD PTR[48+rsp],r12 - mov QWORD PTR[56+rsp],rcx - call QWORD PTR[__imp_RtlVirtualUnwind] + mov rdx,QWORD[8+rsi] + mov r8,QWORD[rsi] + mov r9,QWORD[16+rsi] + mov r10,QWORD[40+rsi] + lea r11,[56+rsi] + lea r12,[24+rsi] + mov QWORD[32+rsp],r10 + mov QWORD[40+rsp],r11 + mov QWORD[48+rsp],r12 + mov QWORD[56+rsp],rcx + call QWORD[__imp_RtlVirtualUnwind] mov eax,1 add rsp,64 @@ -2971,27 +2973,22 @@ $L$in_prologue:: pop rdi pop rsi DB 0F3h,0C3h ;repret -se_handler ENDP -.text$ ENDS -.pdata SEGMENT READONLY ALIGN(4) + +section .pdata rdata align=4 ALIGN 4 - DD imagerel $L$SEH_begin_sha256_block_data_order - DD imagerel $L$SEH_end_sha256_block_data_order - DD imagerel $L$SEH_info_sha256_block_data_order - DD imagerel $L$SEH_begin_sha256_block_data_order_ssse3 - DD imagerel $L$SEH_end_sha256_block_data_order_ssse3 - DD imagerel $L$SEH_info_sha256_block_data_order_ssse3 -.pdata ENDS -.xdata SEGMENT READONLY ALIGN(8) + DD $L$SEH_begin_sha256_block_data_order wrt ..imagebase + DD $L$SEH_end_sha256_block_data_order wrt ..imagebase + DD $L$SEH_info_sha256_block_data_order wrt ..imagebase + DD $L$SEH_begin_sha256_block_data_order_ssse3 wrt ..imagebase + DD $L$SEH_end_sha256_block_data_order_ssse3 wrt ..imagebase + DD $L$SEH_info_sha256_block_data_order_ssse3 wrt ..imagebase +section .xdata rdata align=8 ALIGN 8 -$L$SEH_info_sha256_block_data_order:: +$L$SEH_info_sha256_block_data_order: DB 9,0,0,0 - DD imagerel se_handler - DD imagerel $L$prologue,imagerel $L$epilogue -$L$SEH_info_sha256_block_data_order_ssse3:: + DD se_handler wrt ..imagebase + DD $L$prologue wrt ..imagebase,$L$epilogue wrt ..imagebase +$L$SEH_info_sha256_block_data_order_ssse3: DB 9,0,0,0 - DD imagerel se_handler - DD imagerel $L$prologue_ssse3,imagerel $L$epilogue_ssse3 - -.xdata ENDS -END + DD se_handler wrt ..imagebase + DD $L$prologue_ssse3 wrt ..imagebase,$L$epilogue_ssse3 wrt ..imagebase diff --git a/win-x86_64/crypto/sha/sha512-x86_64.asm b/win-x86_64/crypto/sha/sha512-x86_64.asm index e993c3c..b76cc0e 100644 --- a/win-x86_64/crypto/sha/sha512-x86_64.asm +++ b/win-x86_64/crypto/sha/sha512-x86_64.asm @@ -1,15 +1,19 @@ -OPTION DOTNAME -.text$ SEGMENT ALIGN(256) 'CODE' +default rel +%define XMMWORD +%define YMMWORD +%define ZMMWORD +section .text code align=64 -EXTERN OPENSSL_ia32cap_P:NEAR -PUBLIC sha512_block_data_order + +EXTERN OPENSSL_ia32cap_P +global sha512_block_data_order ALIGN 16 -sha512_block_data_order PROC PUBLIC - mov QWORD PTR[8+rsp],rdi ;WIN64 prologue - mov QWORD PTR[16+rsp],rsi +sha512_block_data_order: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_sha512_block_data_order:: +$L$SEH_begin_sha512_block_data_order: mov rdi,rcx mov rsi,rdx mov rdx,r8 @@ -24,30 +28,30 @@ $L$SEH_begin_sha512_block_data_order:: mov r11,rsp shl rdx,4 sub rsp,16*8+4*8 - lea rdx,QWORD PTR[rdx*8+rsi] + lea rdx,[rdx*8+rsi] and rsp,-64 - mov QWORD PTR[((128+0))+rsp],rdi - mov QWORD PTR[((128+8))+rsp],rsi - mov QWORD PTR[((128+16))+rsp],rdx - mov QWORD PTR[((128+24))+rsp],r11 -$L$prologue:: - - mov rax,QWORD PTR[rdi] - mov rbx,QWORD PTR[8+rdi] - mov rcx,QWORD PTR[16+rdi] - mov rdx,QWORD PTR[24+rdi] - mov r8,QWORD PTR[32+rdi] - mov r9,QWORD PTR[40+rdi] - mov r10,QWORD PTR[48+rdi] - mov r11,QWORD PTR[56+rdi] - jmp $L$loop + mov QWORD[((128+0))+rsp],rdi + mov QWORD[((128+8))+rsp],rsi + mov QWORD[((128+16))+rsp],rdx + mov QWORD[((128+24))+rsp],r11 +$L$prologue: + + mov rax,QWORD[rdi] + mov rbx,QWORD[8+rdi] + mov rcx,QWORD[16+rdi] + mov rdx,QWORD[24+rdi] + mov r8,QWORD[32+rdi] + mov r9,QWORD[40+rdi] + mov r10,QWORD[48+rdi] + mov r11,QWORD[56+rdi] + jmp NEAR $L$loop ALIGN 16 -$L$loop:: +$L$loop: mov rdi,rbx - lea rbp,QWORD PTR[K512] + lea rbp,[K512] xor rdi,rcx - mov r12,QWORD PTR[rsi] + mov r12,QWORD[rsi] mov r13,r8 mov r14,rax bswap r12 @@ -58,7 +62,7 @@ $L$loop:: ror r14,5 xor r15,r10 - mov QWORD PTR[rsp],r12 + mov QWORD[rsp],r12 xor r14,rax and r15,r8 @@ -71,7 +75,7 @@ $L$loop:: add r12,r15 mov r15,rax - add r12,QWORD PTR[rbp] + add r12,QWORD[rbp] xor r14,rax xor r15,rbx @@ -86,9 +90,9 @@ $L$loop:: add rdx,r12 add r11,r12 - lea rbp,QWORD PTR[8+rbp] + lea rbp,[8+rbp] add r11,r14 - mov r12,QWORD PTR[8+rsi] + mov r12,QWORD[8+rsi] mov r13,rdx mov r14,r11 bswap r12 @@ -99,7 +103,7 @@ $L$loop:: ror r14,5 xor rdi,r9 - mov QWORD PTR[8+rsp],r12 + mov QWORD[8+rsp],r12 xor r14,r11 and rdi,rdx @@ -112,7 +116,7 @@ $L$loop:: add r12,rdi mov rdi,r11 - add r12,QWORD PTR[rbp] + add r12,QWORD[rbp] xor r14,r11 xor rdi,rax @@ -127,9 +131,9 @@ $L$loop:: add rcx,r12 add r10,r12 - lea rbp,QWORD PTR[24+rbp] + lea rbp,[24+rbp] add r10,r14 - mov r12,QWORD PTR[16+rsi] + mov r12,QWORD[16+rsi] mov r13,rcx mov r14,r10 bswap r12 @@ -140,7 +144,7 @@ $L$loop:: ror r14,5 xor r15,r8 - mov QWORD PTR[16+rsp],r12 + mov QWORD[16+rsp],r12 xor r14,r10 and r15,rcx @@ -153,7 +157,7 @@ $L$loop:: add r12,r15 mov r15,r10 - add r12,QWORD PTR[rbp] + add r12,QWORD[rbp] xor r14,r10 xor r15,r11 @@ -168,9 +172,9 @@ $L$loop:: add rbx,r12 add r9,r12 - lea rbp,QWORD PTR[8+rbp] + lea rbp,[8+rbp] add r9,r14 - mov r12,QWORD PTR[24+rsi] + mov r12,QWORD[24+rsi] mov r13,rbx mov r14,r9 bswap r12 @@ -181,7 +185,7 @@ $L$loop:: ror r14,5 xor rdi,rdx - mov QWORD PTR[24+rsp],r12 + mov QWORD[24+rsp],r12 xor r14,r9 and rdi,rbx @@ -194,7 +198,7 @@ $L$loop:: add r12,rdi mov rdi,r9 - add r12,QWORD PTR[rbp] + add r12,QWORD[rbp] xor r14,r9 xor rdi,r10 @@ -209,9 +213,9 @@ $L$loop:: add rax,r12 add r8,r12 - lea rbp,QWORD PTR[24+rbp] + lea rbp,[24+rbp] add r8,r14 - mov r12,QWORD PTR[32+rsi] + mov r12,QWORD[32+rsi] mov r13,rax mov r14,r8 bswap r12 @@ -222,7 +226,7 @@ $L$loop:: ror r14,5 xor r15,rcx - mov QWORD PTR[32+rsp],r12 + mov QWORD[32+rsp],r12 xor r14,r8 and r15,rax @@ -235,7 +239,7 @@ $L$loop:: add r12,r15 mov r15,r8 - add r12,QWORD PTR[rbp] + add r12,QWORD[rbp] xor r14,r8 xor r15,r9 @@ -250,9 +254,9 @@ $L$loop:: add r11,r12 add rdx,r12 - lea rbp,QWORD PTR[8+rbp] + lea rbp,[8+rbp] add rdx,r14 - mov r12,QWORD PTR[40+rsi] + mov r12,QWORD[40+rsi] mov r13,r11 mov r14,rdx bswap r12 @@ -263,7 +267,7 @@ $L$loop:: ror r14,5 xor rdi,rbx - mov QWORD PTR[40+rsp],r12 + mov QWORD[40+rsp],r12 xor r14,rdx and rdi,r11 @@ -276,7 +280,7 @@ $L$loop:: add r12,rdi mov rdi,rdx - add r12,QWORD PTR[rbp] + add r12,QWORD[rbp] xor r14,rdx xor rdi,r8 @@ -291,9 +295,9 @@ $L$loop:: add r10,r12 add rcx,r12 - lea rbp,QWORD PTR[24+rbp] + lea rbp,[24+rbp] add rcx,r14 - mov r12,QWORD PTR[48+rsi] + mov r12,QWORD[48+rsi] mov r13,r10 mov r14,rcx bswap r12 @@ -304,7 +308,7 @@ $L$loop:: ror r14,5 xor r15,rax - mov QWORD PTR[48+rsp],r12 + mov QWORD[48+rsp],r12 xor r14,rcx and r15,r10 @@ -317,7 +321,7 @@ $L$loop:: add r12,r15 mov r15,rcx - add r12,QWORD PTR[rbp] + add r12,QWORD[rbp] xor r14,rcx xor r15,rdx @@ -332,9 +336,9 @@ $L$loop:: add r9,r12 add rbx,r12 - lea rbp,QWORD PTR[8+rbp] + lea rbp,[8+rbp] add rbx,r14 - mov r12,QWORD PTR[56+rsi] + mov r12,QWORD[56+rsi] mov r13,r9 mov r14,rbx bswap r12 @@ -345,7 +349,7 @@ $L$loop:: ror r14,5 xor rdi,r11 - mov QWORD PTR[56+rsp],r12 + mov QWORD[56+rsp],r12 xor r14,rbx and rdi,r9 @@ -358,7 +362,7 @@ $L$loop:: add r12,rdi mov rdi,rbx - add r12,QWORD PTR[rbp] + add r12,QWORD[rbp] xor r14,rbx xor rdi,rcx @@ -373,9 +377,9 @@ $L$loop:: add r8,r12 add rax,r12 - lea rbp,QWORD PTR[24+rbp] + lea rbp,[24+rbp] add rax,r14 - mov r12,QWORD PTR[64+rsi] + mov r12,QWORD[64+rsi] mov r13,r8 mov r14,rax bswap r12 @@ -386,7 +390,7 @@ $L$loop:: ror r14,5 xor r15,r10 - mov QWORD PTR[64+rsp],r12 + mov QWORD[64+rsp],r12 xor r14,rax and r15,r8 @@ -399,7 +403,7 @@ $L$loop:: add r12,r15 mov r15,rax - add r12,QWORD PTR[rbp] + add r12,QWORD[rbp] xor r14,rax xor r15,rbx @@ -414,9 +418,9 @@ $L$loop:: add rdx,r12 add r11,r12 - lea rbp,QWORD PTR[8+rbp] + lea rbp,[8+rbp] add r11,r14 - mov r12,QWORD PTR[72+rsi] + mov r12,QWORD[72+rsi] mov r13,rdx mov r14,r11 bswap r12 @@ -427,7 +431,7 @@ $L$loop:: ror r14,5 xor rdi,r9 - mov QWORD PTR[72+rsp],r12 + mov QWORD[72+rsp],r12 xor r14,r11 and rdi,rdx @@ -440,7 +444,7 @@ $L$loop:: add r12,rdi mov rdi,r11 - add r12,QWORD PTR[rbp] + add r12,QWORD[rbp] xor r14,r11 xor rdi,rax @@ -455,9 +459,9 @@ $L$loop:: add rcx,r12 add r10,r12 - lea rbp,QWORD PTR[24+rbp] + lea rbp,[24+rbp] add r10,r14 - mov r12,QWORD PTR[80+rsi] + mov r12,QWORD[80+rsi] mov r13,rcx mov r14,r10 bswap r12 @@ -468,7 +472,7 @@ $L$loop:: ror r14,5 xor r15,r8 - mov QWORD PTR[80+rsp],r12 + mov QWORD[80+rsp],r12 xor r14,r10 and r15,rcx @@ -481,7 +485,7 @@ $L$loop:: add r12,r15 mov r15,r10 - add r12,QWORD PTR[rbp] + add r12,QWORD[rbp] xor r14,r10 xor r15,r11 @@ -496,9 +500,9 @@ $L$loop:: add rbx,r12 add r9,r12 - lea rbp,QWORD PTR[8+rbp] + lea rbp,[8+rbp] add r9,r14 - mov r12,QWORD PTR[88+rsi] + mov r12,QWORD[88+rsi] mov r13,rbx mov r14,r9 bswap r12 @@ -509,7 +513,7 @@ $L$loop:: ror r14,5 xor rdi,rdx - mov QWORD PTR[88+rsp],r12 + mov QWORD[88+rsp],r12 xor r14,r9 and rdi,rbx @@ -522,7 +526,7 @@ $L$loop:: add r12,rdi mov rdi,r9 - add r12,QWORD PTR[rbp] + add r12,QWORD[rbp] xor r14,r9 xor rdi,r10 @@ -537,9 +541,9 @@ $L$loop:: add rax,r12 add r8,r12 - lea rbp,QWORD PTR[24+rbp] + lea rbp,[24+rbp] add r8,r14 - mov r12,QWORD PTR[96+rsi] + mov r12,QWORD[96+rsi] mov r13,rax mov r14,r8 bswap r12 @@ -550,7 +554,7 @@ $L$loop:: ror r14,5 xor r15,rcx - mov QWORD PTR[96+rsp],r12 + mov QWORD[96+rsp],r12 xor r14,r8 and r15,rax @@ -563,7 +567,7 @@ $L$loop:: add r12,r15 mov r15,r8 - add r12,QWORD PTR[rbp] + add r12,QWORD[rbp] xor r14,r8 xor r15,r9 @@ -578,9 +582,9 @@ $L$loop:: add r11,r12 add rdx,r12 - lea rbp,QWORD PTR[8+rbp] + lea rbp,[8+rbp] add rdx,r14 - mov r12,QWORD PTR[104+rsi] + mov r12,QWORD[104+rsi] mov r13,r11 mov r14,rdx bswap r12 @@ -591,7 +595,7 @@ $L$loop:: ror r14,5 xor rdi,rbx - mov QWORD PTR[104+rsp],r12 + mov QWORD[104+rsp],r12 xor r14,rdx and rdi,r11 @@ -604,7 +608,7 @@ $L$loop:: add r12,rdi mov rdi,rdx - add r12,QWORD PTR[rbp] + add r12,QWORD[rbp] xor r14,rdx xor rdi,r8 @@ -619,9 +623,9 @@ $L$loop:: add r10,r12 add rcx,r12 - lea rbp,QWORD PTR[24+rbp] + lea rbp,[24+rbp] add rcx,r14 - mov r12,QWORD PTR[112+rsi] + mov r12,QWORD[112+rsi] mov r13,r10 mov r14,rcx bswap r12 @@ -632,7 +636,7 @@ $L$loop:: ror r14,5 xor r15,rax - mov QWORD PTR[112+rsp],r12 + mov QWORD[112+rsp],r12 xor r14,rcx and r15,r10 @@ -645,7 +649,7 @@ $L$loop:: add r12,r15 mov r15,rcx - add r12,QWORD PTR[rbp] + add r12,QWORD[rbp] xor r14,rcx xor r15,rdx @@ -660,9 +664,9 @@ $L$loop:: add r9,r12 add rbx,r12 - lea rbp,QWORD PTR[8+rbp] + lea rbp,[8+rbp] add rbx,r14 - mov r12,QWORD PTR[120+rsi] + mov r12,QWORD[120+rsi] mov r13,r9 mov r14,rbx bswap r12 @@ -673,7 +677,7 @@ $L$loop:: ror r14,5 xor rdi,r11 - mov QWORD PTR[120+rsp],r12 + mov QWORD[120+rsp],r12 xor r14,rbx and rdi,r9 @@ -686,7 +690,7 @@ $L$loop:: add r12,rdi mov rdi,rbx - add r12,QWORD PTR[rbp] + add r12,QWORD[rbp] xor r14,rbx xor rdi,rcx @@ -701,12 +705,12 @@ $L$loop:: add r8,r12 add rax,r12 - lea rbp,QWORD PTR[24+rbp] - jmp $L$rounds_16_xx + lea rbp,[24+rbp] + jmp NEAR $L$rounds_16_xx ALIGN 16 -$L$rounds_16_xx:: - mov r13,QWORD PTR[8+rsp] - mov r15,QWORD PTR[112+rsp] +$L$rounds_16_xx: + mov r13,QWORD[8+rsp] + mov r15,QWORD[112+rsp] mov r12,r13 ror r13,7 @@ -723,9 +727,9 @@ $L$rounds_16_xx:: ror r15,19 xor r12,r13 xor r15,r14 - add r12,QWORD PTR[72+rsp] + add r12,QWORD[72+rsp] - add r12,QWORD PTR[rsp] + add r12,QWORD[rsp] mov r13,r8 add r12,r15 mov r14,rax @@ -736,7 +740,7 @@ $L$rounds_16_xx:: ror r14,5 xor r15,r10 - mov QWORD PTR[rsp],r12 + mov QWORD[rsp],r12 xor r14,rax and r15,r8 @@ -749,7 +753,7 @@ $L$rounds_16_xx:: add r12,r15 mov r15,rax - add r12,QWORD PTR[rbp] + add r12,QWORD[rbp] xor r14,rax xor r15,rbx @@ -764,9 +768,9 @@ $L$rounds_16_xx:: add rdx,r12 add r11,r12 - lea rbp,QWORD PTR[8+rbp] - mov r13,QWORD PTR[16+rsp] - mov rdi,QWORD PTR[120+rsp] + lea rbp,[8+rbp] + mov r13,QWORD[16+rsp] + mov rdi,QWORD[120+rsp] mov r12,r13 ror r13,7 @@ -783,9 +787,9 @@ $L$rounds_16_xx:: ror rdi,19 xor r12,r13 xor rdi,r14 - add r12,QWORD PTR[80+rsp] + add r12,QWORD[80+rsp] - add r12,QWORD PTR[8+rsp] + add r12,QWORD[8+rsp] mov r13,rdx add r12,rdi mov r14,r11 @@ -796,7 +800,7 @@ $L$rounds_16_xx:: ror r14,5 xor rdi,r9 - mov QWORD PTR[8+rsp],r12 + mov QWORD[8+rsp],r12 xor r14,r11 and rdi,rdx @@ -809,7 +813,7 @@ $L$rounds_16_xx:: add r12,rdi mov rdi,r11 - add r12,QWORD PTR[rbp] + add r12,QWORD[rbp] xor r14,r11 xor rdi,rax @@ -824,9 +828,9 @@ $L$rounds_16_xx:: add rcx,r12 add r10,r12 - lea rbp,QWORD PTR[24+rbp] - mov r13,QWORD PTR[24+rsp] - mov r15,QWORD PTR[rsp] + lea rbp,[24+rbp] + mov r13,QWORD[24+rsp] + mov r15,QWORD[rsp] mov r12,r13 ror r13,7 @@ -843,9 +847,9 @@ $L$rounds_16_xx:: ror r15,19 xor r12,r13 xor r15,r14 - add r12,QWORD PTR[88+rsp] + add r12,QWORD[88+rsp] - add r12,QWORD PTR[16+rsp] + add r12,QWORD[16+rsp] mov r13,rcx add r12,r15 mov r14,r10 @@ -856,7 +860,7 @@ $L$rounds_16_xx:: ror r14,5 xor r15,r8 - mov QWORD PTR[16+rsp],r12 + mov QWORD[16+rsp],r12 xor r14,r10 and r15,rcx @@ -869,7 +873,7 @@ $L$rounds_16_xx:: add r12,r15 mov r15,r10 - add r12,QWORD PTR[rbp] + add r12,QWORD[rbp] xor r14,r10 xor r15,r11 @@ -884,9 +888,9 @@ $L$rounds_16_xx:: add rbx,r12 add r9,r12 - lea rbp,QWORD PTR[8+rbp] - mov r13,QWORD PTR[32+rsp] - mov rdi,QWORD PTR[8+rsp] + lea rbp,[8+rbp] + mov r13,QWORD[32+rsp] + mov rdi,QWORD[8+rsp] mov r12,r13 ror r13,7 @@ -903,9 +907,9 @@ $L$rounds_16_xx:: ror rdi,19 xor r12,r13 xor rdi,r14 - add r12,QWORD PTR[96+rsp] + add r12,QWORD[96+rsp] - add r12,QWORD PTR[24+rsp] + add r12,QWORD[24+rsp] mov r13,rbx add r12,rdi mov r14,r9 @@ -916,7 +920,7 @@ $L$rounds_16_xx:: ror r14,5 xor rdi,rdx - mov QWORD PTR[24+rsp],r12 + mov QWORD[24+rsp],r12 xor r14,r9 and rdi,rbx @@ -929,7 +933,7 @@ $L$rounds_16_xx:: add r12,rdi mov rdi,r9 - add r12,QWORD PTR[rbp] + add r12,QWORD[rbp] xor r14,r9 xor rdi,r10 @@ -944,9 +948,9 @@ $L$rounds_16_xx:: add rax,r12 add r8,r12 - lea rbp,QWORD PTR[24+rbp] - mov r13,QWORD PTR[40+rsp] - mov r15,QWORD PTR[16+rsp] + lea rbp,[24+rbp] + mov r13,QWORD[40+rsp] + mov r15,QWORD[16+rsp] mov r12,r13 ror r13,7 @@ -963,9 +967,9 @@ $L$rounds_16_xx:: ror r15,19 xor r12,r13 xor r15,r14 - add r12,QWORD PTR[104+rsp] + add r12,QWORD[104+rsp] - add r12,QWORD PTR[32+rsp] + add r12,QWORD[32+rsp] mov r13,rax add r12,r15 mov r14,r8 @@ -976,7 +980,7 @@ $L$rounds_16_xx:: ror r14,5 xor r15,rcx - mov QWORD PTR[32+rsp],r12 + mov QWORD[32+rsp],r12 xor r14,r8 and r15,rax @@ -989,7 +993,7 @@ $L$rounds_16_xx:: add r12,r15 mov r15,r8 - add r12,QWORD PTR[rbp] + add r12,QWORD[rbp] xor r14,r8 xor r15,r9 @@ -1004,9 +1008,9 @@ $L$rounds_16_xx:: add r11,r12 add rdx,r12 - lea rbp,QWORD PTR[8+rbp] - mov r13,QWORD PTR[48+rsp] - mov rdi,QWORD PTR[24+rsp] + lea rbp,[8+rbp] + mov r13,QWORD[48+rsp] + mov rdi,QWORD[24+rsp] mov r12,r13 ror r13,7 @@ -1023,9 +1027,9 @@ $L$rounds_16_xx:: ror rdi,19 xor r12,r13 xor rdi,r14 - add r12,QWORD PTR[112+rsp] + add r12,QWORD[112+rsp] - add r12,QWORD PTR[40+rsp] + add r12,QWORD[40+rsp] mov r13,r11 add r12,rdi mov r14,rdx @@ -1036,7 +1040,7 @@ $L$rounds_16_xx:: ror r14,5 xor rdi,rbx - mov QWORD PTR[40+rsp],r12 + mov QWORD[40+rsp],r12 xor r14,rdx and rdi,r11 @@ -1049,7 +1053,7 @@ $L$rounds_16_xx:: add r12,rdi mov rdi,rdx - add r12,QWORD PTR[rbp] + add r12,QWORD[rbp] xor r14,rdx xor rdi,r8 @@ -1064,9 +1068,9 @@ $L$rounds_16_xx:: add r10,r12 add rcx,r12 - lea rbp,QWORD PTR[24+rbp] - mov r13,QWORD PTR[56+rsp] - mov r15,QWORD PTR[32+rsp] + lea rbp,[24+rbp] + mov r13,QWORD[56+rsp] + mov r15,QWORD[32+rsp] mov r12,r13 ror r13,7 @@ -1083,9 +1087,9 @@ $L$rounds_16_xx:: ror r15,19 xor r12,r13 xor r15,r14 - add r12,QWORD PTR[120+rsp] + add r12,QWORD[120+rsp] - add r12,QWORD PTR[48+rsp] + add r12,QWORD[48+rsp] mov r13,r10 add r12,r15 mov r14,rcx @@ -1096,7 +1100,7 @@ $L$rounds_16_xx:: ror r14,5 xor r15,rax - mov QWORD PTR[48+rsp],r12 + mov QWORD[48+rsp],r12 xor r14,rcx and r15,r10 @@ -1109,7 +1113,7 @@ $L$rounds_16_xx:: add r12,r15 mov r15,rcx - add r12,QWORD PTR[rbp] + add r12,QWORD[rbp] xor r14,rcx xor r15,rdx @@ -1124,9 +1128,9 @@ $L$rounds_16_xx:: add r9,r12 add rbx,r12 - lea rbp,QWORD PTR[8+rbp] - mov r13,QWORD PTR[64+rsp] - mov rdi,QWORD PTR[40+rsp] + lea rbp,[8+rbp] + mov r13,QWORD[64+rsp] + mov rdi,QWORD[40+rsp] mov r12,r13 ror r13,7 @@ -1143,9 +1147,9 @@ $L$rounds_16_xx:: ror rdi,19 xor r12,r13 xor rdi,r14 - add r12,QWORD PTR[rsp] + add r12,QWORD[rsp] - add r12,QWORD PTR[56+rsp] + add r12,QWORD[56+rsp] mov r13,r9 add r12,rdi mov r14,rbx @@ -1156,7 +1160,7 @@ $L$rounds_16_xx:: ror r14,5 xor rdi,r11 - mov QWORD PTR[56+rsp],r12 + mov QWORD[56+rsp],r12 xor r14,rbx and rdi,r9 @@ -1169,7 +1173,7 @@ $L$rounds_16_xx:: add r12,rdi mov rdi,rbx - add r12,QWORD PTR[rbp] + add r12,QWORD[rbp] xor r14,rbx xor rdi,rcx @@ -1184,9 +1188,9 @@ $L$rounds_16_xx:: add r8,r12 add rax,r12 - lea rbp,QWORD PTR[24+rbp] - mov r13,QWORD PTR[72+rsp] - mov r15,QWORD PTR[48+rsp] + lea rbp,[24+rbp] + mov r13,QWORD[72+rsp] + mov r15,QWORD[48+rsp] mov r12,r13 ror r13,7 @@ -1203,9 +1207,9 @@ $L$rounds_16_xx:: ror r15,19 xor r12,r13 xor r15,r14 - add r12,QWORD PTR[8+rsp] + add r12,QWORD[8+rsp] - add r12,QWORD PTR[64+rsp] + add r12,QWORD[64+rsp] mov r13,r8 add r12,r15 mov r14,rax @@ -1216,7 +1220,7 @@ $L$rounds_16_xx:: ror r14,5 xor r15,r10 - mov QWORD PTR[64+rsp],r12 + mov QWORD[64+rsp],r12 xor r14,rax and r15,r8 @@ -1229,7 +1233,7 @@ $L$rounds_16_xx:: add r12,r15 mov r15,rax - add r12,QWORD PTR[rbp] + add r12,QWORD[rbp] xor r14,rax xor r15,rbx @@ -1244,9 +1248,9 @@ $L$rounds_16_xx:: add rdx,r12 add r11,r12 - lea rbp,QWORD PTR[8+rbp] - mov r13,QWORD PTR[80+rsp] - mov rdi,QWORD PTR[56+rsp] + lea rbp,[8+rbp] + mov r13,QWORD[80+rsp] + mov rdi,QWORD[56+rsp] mov r12,r13 ror r13,7 @@ -1263,9 +1267,9 @@ $L$rounds_16_xx:: ror rdi,19 xor r12,r13 xor rdi,r14 - add r12,QWORD PTR[16+rsp] + add r12,QWORD[16+rsp] - add r12,QWORD PTR[72+rsp] + add r12,QWORD[72+rsp] mov r13,rdx add r12,rdi mov r14,r11 @@ -1276,7 +1280,7 @@ $L$rounds_16_xx:: ror r14,5 xor rdi,r9 - mov QWORD PTR[72+rsp],r12 + mov QWORD[72+rsp],r12 xor r14,r11 and rdi,rdx @@ -1289,7 +1293,7 @@ $L$rounds_16_xx:: add r12,rdi mov rdi,r11 - add r12,QWORD PTR[rbp] + add r12,QWORD[rbp] xor r14,r11 xor rdi,rax @@ -1304,9 +1308,9 @@ $L$rounds_16_xx:: add rcx,r12 add r10,r12 - lea rbp,QWORD PTR[24+rbp] - mov r13,QWORD PTR[88+rsp] - mov r15,QWORD PTR[64+rsp] + lea rbp,[24+rbp] + mov r13,QWORD[88+rsp] + mov r15,QWORD[64+rsp] mov r12,r13 ror r13,7 @@ -1323,9 +1327,9 @@ $L$rounds_16_xx:: ror r15,19 xor r12,r13 xor r15,r14 - add r12,QWORD PTR[24+rsp] + add r12,QWORD[24+rsp] - add r12,QWORD PTR[80+rsp] + add r12,QWORD[80+rsp] mov r13,rcx add r12,r15 mov r14,r10 @@ -1336,7 +1340,7 @@ $L$rounds_16_xx:: ror r14,5 xor r15,r8 - mov QWORD PTR[80+rsp],r12 + mov QWORD[80+rsp],r12 xor r14,r10 and r15,rcx @@ -1349,7 +1353,7 @@ $L$rounds_16_xx:: add r12,r15 mov r15,r10 - add r12,QWORD PTR[rbp] + add r12,QWORD[rbp] xor r14,r10 xor r15,r11 @@ -1364,9 +1368,9 @@ $L$rounds_16_xx:: add rbx,r12 add r9,r12 - lea rbp,QWORD PTR[8+rbp] - mov r13,QWORD PTR[96+rsp] - mov rdi,QWORD PTR[72+rsp] + lea rbp,[8+rbp] + mov r13,QWORD[96+rsp] + mov rdi,QWORD[72+rsp] mov r12,r13 ror r13,7 @@ -1383,9 +1387,9 @@ $L$rounds_16_xx:: ror rdi,19 xor r12,r13 xor rdi,r14 - add r12,QWORD PTR[32+rsp] + add r12,QWORD[32+rsp] - add r12,QWORD PTR[88+rsp] + add r12,QWORD[88+rsp] mov r13,rbx add r12,rdi mov r14,r9 @@ -1396,7 +1400,7 @@ $L$rounds_16_xx:: ror r14,5 xor rdi,rdx - mov QWORD PTR[88+rsp],r12 + mov QWORD[88+rsp],r12 xor r14,r9 and rdi,rbx @@ -1409,7 +1413,7 @@ $L$rounds_16_xx:: add r12,rdi mov rdi,r9 - add r12,QWORD PTR[rbp] + add r12,QWORD[rbp] xor r14,r9 xor rdi,r10 @@ -1424,9 +1428,9 @@ $L$rounds_16_xx:: add rax,r12 add r8,r12 - lea rbp,QWORD PTR[24+rbp] - mov r13,QWORD PTR[104+rsp] - mov r15,QWORD PTR[80+rsp] + lea rbp,[24+rbp] + mov r13,QWORD[104+rsp] + mov r15,QWORD[80+rsp] mov r12,r13 ror r13,7 @@ -1443,9 +1447,9 @@ $L$rounds_16_xx:: ror r15,19 xor r12,r13 xor r15,r14 - add r12,QWORD PTR[40+rsp] + add r12,QWORD[40+rsp] - add r12,QWORD PTR[96+rsp] + add r12,QWORD[96+rsp] mov r13,rax add r12,r15 mov r14,r8 @@ -1456,7 +1460,7 @@ $L$rounds_16_xx:: ror r14,5 xor r15,rcx - mov QWORD PTR[96+rsp],r12 + mov QWORD[96+rsp],r12 xor r14,r8 and r15,rax @@ -1469,7 +1473,7 @@ $L$rounds_16_xx:: add r12,r15 mov r15,r8 - add r12,QWORD PTR[rbp] + add r12,QWORD[rbp] xor r14,r8 xor r15,r9 @@ -1484,9 +1488,9 @@ $L$rounds_16_xx:: add r11,r12 add rdx,r12 - lea rbp,QWORD PTR[8+rbp] - mov r13,QWORD PTR[112+rsp] - mov rdi,QWORD PTR[88+rsp] + lea rbp,[8+rbp] + mov r13,QWORD[112+rsp] + mov rdi,QWORD[88+rsp] mov r12,r13 ror r13,7 @@ -1503,9 +1507,9 @@ $L$rounds_16_xx:: ror rdi,19 xor r12,r13 xor rdi,r14 - add r12,QWORD PTR[48+rsp] + add r12,QWORD[48+rsp] - add r12,QWORD PTR[104+rsp] + add r12,QWORD[104+rsp] mov r13,r11 add r12,rdi mov r14,rdx @@ -1516,7 +1520,7 @@ $L$rounds_16_xx:: ror r14,5 xor rdi,rbx - mov QWORD PTR[104+rsp],r12 + mov QWORD[104+rsp],r12 xor r14,rdx and rdi,r11 @@ -1529,7 +1533,7 @@ $L$rounds_16_xx:: add r12,rdi mov rdi,rdx - add r12,QWORD PTR[rbp] + add r12,QWORD[rbp] xor r14,rdx xor rdi,r8 @@ -1544,9 +1548,9 @@ $L$rounds_16_xx:: add r10,r12 add rcx,r12 - lea rbp,QWORD PTR[24+rbp] - mov r13,QWORD PTR[120+rsp] - mov r15,QWORD PTR[96+rsp] + lea rbp,[24+rbp] + mov r13,QWORD[120+rsp] + mov r15,QWORD[96+rsp] mov r12,r13 ror r13,7 @@ -1563,9 +1567,9 @@ $L$rounds_16_xx:: ror r15,19 xor r12,r13 xor r15,r14 - add r12,QWORD PTR[56+rsp] + add r12,QWORD[56+rsp] - add r12,QWORD PTR[112+rsp] + add r12,QWORD[112+rsp] mov r13,r10 add r12,r15 mov r14,rcx @@ -1576,7 +1580,7 @@ $L$rounds_16_xx:: ror r14,5 xor r15,rax - mov QWORD PTR[112+rsp],r12 + mov QWORD[112+rsp],r12 xor r14,rcx and r15,r10 @@ -1589,7 +1593,7 @@ $L$rounds_16_xx:: add r12,r15 mov r15,rcx - add r12,QWORD PTR[rbp] + add r12,QWORD[rbp] xor r14,rcx xor r15,rdx @@ -1604,9 +1608,9 @@ $L$rounds_16_xx:: add r9,r12 add rbx,r12 - lea rbp,QWORD PTR[8+rbp] - mov r13,QWORD PTR[rsp] - mov rdi,QWORD PTR[104+rsp] + lea rbp,[8+rbp] + mov r13,QWORD[rsp] + mov rdi,QWORD[104+rsp] mov r12,r13 ror r13,7 @@ -1623,9 +1627,9 @@ $L$rounds_16_xx:: ror rdi,19 xor r12,r13 xor rdi,r14 - add r12,QWORD PTR[64+rsp] + add r12,QWORD[64+rsp] - add r12,QWORD PTR[120+rsp] + add r12,QWORD[120+rsp] mov r13,r9 add r12,rdi mov r14,rbx @@ -1636,7 +1640,7 @@ $L$rounds_16_xx:: ror r14,5 xor rdi,r11 - mov QWORD PTR[120+rsp],r12 + mov QWORD[120+rsp],r12 xor r14,rbx and rdi,r9 @@ -1649,7 +1653,7 @@ $L$rounds_16_xx:: add r12,rdi mov rdi,rbx - add r12,QWORD PTR[rbp] + add r12,QWORD[rbp] xor r14,rbx xor rdi,rcx @@ -1664,144 +1668,143 @@ $L$rounds_16_xx:: add r8,r12 add rax,r12 - lea rbp,QWORD PTR[24+rbp] - cmp BYTE PTR[7+rbp],0 - jnz $L$rounds_16_xx + lea rbp,[24+rbp] + cmp BYTE[7+rbp],0 + jnz NEAR $L$rounds_16_xx - mov rdi,QWORD PTR[((128+0))+rsp] + mov rdi,QWORD[((128+0))+rsp] add rax,r14 - lea rsi,QWORD PTR[128+rsi] - - add rax,QWORD PTR[rdi] - add rbx,QWORD PTR[8+rdi] - add rcx,QWORD PTR[16+rdi] - add rdx,QWORD PTR[24+rdi] - add r8,QWORD PTR[32+rdi] - add r9,QWORD PTR[40+rdi] - add r10,QWORD PTR[48+rdi] - add r11,QWORD PTR[56+rdi] - - cmp rsi,QWORD PTR[((128+16))+rsp] - - mov QWORD PTR[rdi],rax - mov QWORD PTR[8+rdi],rbx - mov QWORD PTR[16+rdi],rcx - mov QWORD PTR[24+rdi],rdx - mov QWORD PTR[32+rdi],r8 - mov QWORD PTR[40+rdi],r9 - mov QWORD PTR[48+rdi],r10 - mov QWORD PTR[56+rdi],r11 - jb $L$loop - - mov rsi,QWORD PTR[((128+24))+rsp] - mov r15,QWORD PTR[rsi] - mov r14,QWORD PTR[8+rsi] - mov r13,QWORD PTR[16+rsi] - mov r12,QWORD PTR[24+rsi] - mov rbp,QWORD PTR[32+rsi] - mov rbx,QWORD PTR[40+rsi] - lea rsp,QWORD PTR[48+rsi] -$L$epilogue:: - mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue - mov rsi,QWORD PTR[16+rsp] + lea rsi,[128+rsi] + + add rax,QWORD[rdi] + add rbx,QWORD[8+rdi] + add rcx,QWORD[16+rdi] + add rdx,QWORD[24+rdi] + add r8,QWORD[32+rdi] + add r9,QWORD[40+rdi] + add r10,QWORD[48+rdi] + add r11,QWORD[56+rdi] + + cmp rsi,QWORD[((128+16))+rsp] + + mov QWORD[rdi],rax + mov QWORD[8+rdi],rbx + mov QWORD[16+rdi],rcx + mov QWORD[24+rdi],rdx + mov QWORD[32+rdi],r8 + mov QWORD[40+rdi],r9 + mov QWORD[48+rdi],r10 + mov QWORD[56+rdi],r11 + jb NEAR $L$loop + + mov rsi,QWORD[((128+24))+rsp] + mov r15,QWORD[rsi] + mov r14,QWORD[8+rsi] + mov r13,QWORD[16+rsi] + mov r12,QWORD[24+rsi] + mov rbp,QWORD[32+rsi] + mov rbx,QWORD[40+rsi] + lea rsp,[48+rsi] +$L$epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_sha512_block_data_order:: -sha512_block_data_order ENDP +$L$SEH_end_sha512_block_data_order: ALIGN 64 -K512:: - DQ 0428a2f98d728ae22h,07137449123ef65cdh - DQ 0428a2f98d728ae22h,07137449123ef65cdh - DQ 0b5c0fbcfec4d3b2fh,0e9b5dba58189dbbch - DQ 0b5c0fbcfec4d3b2fh,0e9b5dba58189dbbch - DQ 03956c25bf348b538h,059f111f1b605d019h - DQ 03956c25bf348b538h,059f111f1b605d019h - DQ 0923f82a4af194f9bh,0ab1c5ed5da6d8118h - DQ 0923f82a4af194f9bh,0ab1c5ed5da6d8118h - DQ 0d807aa98a3030242h,012835b0145706fbeh - DQ 0d807aa98a3030242h,012835b0145706fbeh - DQ 0243185be4ee4b28ch,0550c7dc3d5ffb4e2h - DQ 0243185be4ee4b28ch,0550c7dc3d5ffb4e2h - DQ 072be5d74f27b896fh,080deb1fe3b1696b1h - DQ 072be5d74f27b896fh,080deb1fe3b1696b1h - DQ 09bdc06a725c71235h,0c19bf174cf692694h - DQ 09bdc06a725c71235h,0c19bf174cf692694h - DQ 0e49b69c19ef14ad2h,0efbe4786384f25e3h - DQ 0e49b69c19ef14ad2h,0efbe4786384f25e3h - DQ 00fc19dc68b8cd5b5h,0240ca1cc77ac9c65h - DQ 00fc19dc68b8cd5b5h,0240ca1cc77ac9c65h - DQ 02de92c6f592b0275h,04a7484aa6ea6e483h - DQ 02de92c6f592b0275h,04a7484aa6ea6e483h - DQ 05cb0a9dcbd41fbd4h,076f988da831153b5h - DQ 05cb0a9dcbd41fbd4h,076f988da831153b5h - DQ 0983e5152ee66dfabh,0a831c66d2db43210h - DQ 0983e5152ee66dfabh,0a831c66d2db43210h - DQ 0b00327c898fb213fh,0bf597fc7beef0ee4h - DQ 0b00327c898fb213fh,0bf597fc7beef0ee4h - DQ 0c6e00bf33da88fc2h,0d5a79147930aa725h - DQ 0c6e00bf33da88fc2h,0d5a79147930aa725h - DQ 006ca6351e003826fh,0142929670a0e6e70h - DQ 006ca6351e003826fh,0142929670a0e6e70h - DQ 027b70a8546d22ffch,02e1b21385c26c926h - DQ 027b70a8546d22ffch,02e1b21385c26c926h - DQ 04d2c6dfc5ac42aedh,053380d139d95b3dfh - DQ 04d2c6dfc5ac42aedh,053380d139d95b3dfh - DQ 0650a73548baf63deh,0766a0abb3c77b2a8h - DQ 0650a73548baf63deh,0766a0abb3c77b2a8h - DQ 081c2c92e47edaee6h,092722c851482353bh - DQ 081c2c92e47edaee6h,092722c851482353bh - DQ 0a2bfe8a14cf10364h,0a81a664bbc423001h - DQ 0a2bfe8a14cf10364h,0a81a664bbc423001h - DQ 0c24b8b70d0f89791h,0c76c51a30654be30h - DQ 0c24b8b70d0f89791h,0c76c51a30654be30h - DQ 0d192e819d6ef5218h,0d69906245565a910h - DQ 0d192e819d6ef5218h,0d69906245565a910h - DQ 0f40e35855771202ah,0106aa07032bbd1b8h - DQ 0f40e35855771202ah,0106aa07032bbd1b8h - DQ 019a4c116b8d2d0c8h,01e376c085141ab53h - DQ 019a4c116b8d2d0c8h,01e376c085141ab53h - DQ 02748774cdf8eeb99h,034b0bcb5e19b48a8h - DQ 02748774cdf8eeb99h,034b0bcb5e19b48a8h - DQ 0391c0cb3c5c95a63h,04ed8aa4ae3418acbh - DQ 0391c0cb3c5c95a63h,04ed8aa4ae3418acbh - DQ 05b9cca4f7763e373h,0682e6ff3d6b2b8a3h - DQ 05b9cca4f7763e373h,0682e6ff3d6b2b8a3h - DQ 0748f82ee5defb2fch,078a5636f43172f60h - DQ 0748f82ee5defb2fch,078a5636f43172f60h - DQ 084c87814a1f0ab72h,08cc702081a6439ech - DQ 084c87814a1f0ab72h,08cc702081a6439ech - DQ 090befffa23631e28h,0a4506cebde82bde9h - DQ 090befffa23631e28h,0a4506cebde82bde9h - DQ 0bef9a3f7b2c67915h,0c67178f2e372532bh - DQ 0bef9a3f7b2c67915h,0c67178f2e372532bh - DQ 0ca273eceea26619ch,0d186b8c721c0c207h - DQ 0ca273eceea26619ch,0d186b8c721c0c207h - DQ 0eada7dd6cde0eb1eh,0f57d4f7fee6ed178h - DQ 0eada7dd6cde0eb1eh,0f57d4f7fee6ed178h - DQ 006f067aa72176fbah,00a637dc5a2c898a6h - DQ 006f067aa72176fbah,00a637dc5a2c898a6h - DQ 0113f9804bef90daeh,01b710b35131c471bh - DQ 0113f9804bef90daeh,01b710b35131c471bh - DQ 028db77f523047d84h,032caab7b40c72493h - DQ 028db77f523047d84h,032caab7b40c72493h - DQ 03c9ebe0a15c9bebch,0431d67c49c100d4ch - DQ 03c9ebe0a15c9bebch,0431d67c49c100d4ch - DQ 04cc5d4becb3e42b6h,0597f299cfc657e2ah - DQ 04cc5d4becb3e42b6h,0597f299cfc657e2ah - DQ 05fcb6fab3ad6faech,06c44198c4a475817h - DQ 05fcb6fab3ad6faech,06c44198c4a475817h - - DQ 00001020304050607h,008090a0b0c0d0e0fh - DQ 00001020304050607h,008090a0b0c0d0e0fh +K512: + DQ 0x428a2f98d728ae22,0x7137449123ef65cd + DQ 0x428a2f98d728ae22,0x7137449123ef65cd + DQ 0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc + DQ 0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc + DQ 0x3956c25bf348b538,0x59f111f1b605d019 + DQ 0x3956c25bf348b538,0x59f111f1b605d019 + DQ 0x923f82a4af194f9b,0xab1c5ed5da6d8118 + DQ 0x923f82a4af194f9b,0xab1c5ed5da6d8118 + DQ 0xd807aa98a3030242,0x12835b0145706fbe + DQ 0xd807aa98a3030242,0x12835b0145706fbe + DQ 0x243185be4ee4b28c,0x550c7dc3d5ffb4e2 + DQ 0x243185be4ee4b28c,0x550c7dc3d5ffb4e2 + DQ 0x72be5d74f27b896f,0x80deb1fe3b1696b1 + DQ 0x72be5d74f27b896f,0x80deb1fe3b1696b1 + DQ 0x9bdc06a725c71235,0xc19bf174cf692694 + DQ 0x9bdc06a725c71235,0xc19bf174cf692694 + DQ 0xe49b69c19ef14ad2,0xefbe4786384f25e3 + DQ 0xe49b69c19ef14ad2,0xefbe4786384f25e3 + DQ 0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65 + DQ 0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65 + DQ 0x2de92c6f592b0275,0x4a7484aa6ea6e483 + DQ 0x2de92c6f592b0275,0x4a7484aa6ea6e483 + DQ 0x5cb0a9dcbd41fbd4,0x76f988da831153b5 + DQ 0x5cb0a9dcbd41fbd4,0x76f988da831153b5 + DQ 0x983e5152ee66dfab,0xa831c66d2db43210 + DQ 0x983e5152ee66dfab,0xa831c66d2db43210 + DQ 0xb00327c898fb213f,0xbf597fc7beef0ee4 + DQ 0xb00327c898fb213f,0xbf597fc7beef0ee4 + DQ 0xc6e00bf33da88fc2,0xd5a79147930aa725 + DQ 0xc6e00bf33da88fc2,0xd5a79147930aa725 + DQ 0x06ca6351e003826f,0x142929670a0e6e70 + DQ 0x06ca6351e003826f,0x142929670a0e6e70 + DQ 0x27b70a8546d22ffc,0x2e1b21385c26c926 + DQ 0x27b70a8546d22ffc,0x2e1b21385c26c926 + DQ 0x4d2c6dfc5ac42aed,0x53380d139d95b3df + DQ 0x4d2c6dfc5ac42aed,0x53380d139d95b3df + DQ 0x650a73548baf63de,0x766a0abb3c77b2a8 + DQ 0x650a73548baf63de,0x766a0abb3c77b2a8 + DQ 0x81c2c92e47edaee6,0x92722c851482353b + DQ 0x81c2c92e47edaee6,0x92722c851482353b + DQ 0xa2bfe8a14cf10364,0xa81a664bbc423001 + DQ 0xa2bfe8a14cf10364,0xa81a664bbc423001 + DQ 0xc24b8b70d0f89791,0xc76c51a30654be30 + DQ 0xc24b8b70d0f89791,0xc76c51a30654be30 + DQ 0xd192e819d6ef5218,0xd69906245565a910 + DQ 0xd192e819d6ef5218,0xd69906245565a910 + DQ 0xf40e35855771202a,0x106aa07032bbd1b8 + DQ 0xf40e35855771202a,0x106aa07032bbd1b8 + DQ 0x19a4c116b8d2d0c8,0x1e376c085141ab53 + DQ 0x19a4c116b8d2d0c8,0x1e376c085141ab53 + DQ 0x2748774cdf8eeb99,0x34b0bcb5e19b48a8 + DQ 0x2748774cdf8eeb99,0x34b0bcb5e19b48a8 + DQ 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb + DQ 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb + DQ 0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3 + DQ 0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3 + DQ 0x748f82ee5defb2fc,0x78a5636f43172f60 + DQ 0x748f82ee5defb2fc,0x78a5636f43172f60 + DQ 0x84c87814a1f0ab72,0x8cc702081a6439ec + DQ 0x84c87814a1f0ab72,0x8cc702081a6439ec + DQ 0x90befffa23631e28,0xa4506cebde82bde9 + DQ 0x90befffa23631e28,0xa4506cebde82bde9 + DQ 0xbef9a3f7b2c67915,0xc67178f2e372532b + DQ 0xbef9a3f7b2c67915,0xc67178f2e372532b + DQ 0xca273eceea26619c,0xd186b8c721c0c207 + DQ 0xca273eceea26619c,0xd186b8c721c0c207 + DQ 0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178 + DQ 0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178 + DQ 0x06f067aa72176fba,0x0a637dc5a2c898a6 + DQ 0x06f067aa72176fba,0x0a637dc5a2c898a6 + DQ 0x113f9804bef90dae,0x1b710b35131c471b + DQ 0x113f9804bef90dae,0x1b710b35131c471b + DQ 0x28db77f523047d84,0x32caab7b40c72493 + DQ 0x28db77f523047d84,0x32caab7b40c72493 + DQ 0x3c9ebe0a15c9bebc,0x431d67c49c100d4c + DQ 0x3c9ebe0a15c9bebc,0x431d67c49c100d4c + DQ 0x4cc5d4becb3e42b6,0x597f299cfc657e2a + DQ 0x4cc5d4becb3e42b6,0x597f299cfc657e2a + DQ 0x5fcb6fab3ad6faec,0x6c44198c4a475817 + DQ 0x5fcb6fab3ad6faec,0x6c44198c4a475817 + + DQ 0x0001020304050607,0x08090a0b0c0d0e0f + DQ 0x0001020304050607,0x08090a0b0c0d0e0f DB 83,72,65,53,49,50,32,98,108,111,99,107,32,116,114,97 DB 110,115,102,111,114,109,32,102,111,114,32,120,56,54,95,54 DB 52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121 DB 32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46 DB 111,114,103,62,0 -EXTERN __imp_RtlVirtualUnwind:NEAR +EXTERN __imp_RtlVirtualUnwind ALIGN 16 -se_handler PROC PRIVATE +se_handler: push rsi push rdi push rbx @@ -1813,74 +1816,74 @@ se_handler PROC PRIVATE pushfq sub rsp,64 - mov rax,QWORD PTR[120+r8] - mov rbx,QWORD PTR[248+r8] + mov rax,QWORD[120+r8] + mov rbx,QWORD[248+r8] - mov rsi,QWORD PTR[8+r9] - mov r11,QWORD PTR[56+r9] + mov rsi,QWORD[8+r9] + mov r11,QWORD[56+r9] - mov r10d,DWORD PTR[r11] - lea r10,QWORD PTR[r10*1+rsi] + mov r10d,DWORD[r11] + lea r10,[r10*1+rsi] cmp rbx,r10 - jb $L$in_prologue + jb NEAR $L$in_prologue - mov rax,QWORD PTR[152+r8] + mov rax,QWORD[152+r8] - mov r10d,DWORD PTR[4+r11] - lea r10,QWORD PTR[r10*1+rsi] + mov r10d,DWORD[4+r11] + lea r10,[r10*1+rsi] cmp rbx,r10 - jae $L$in_prologue + jae NEAR $L$in_prologue mov rsi,rax - mov rax,QWORD PTR[((128+24))+rax] - lea rax,QWORD PTR[48+rax] - - mov rbx,QWORD PTR[((-8))+rax] - mov rbp,QWORD PTR[((-16))+rax] - mov r12,QWORD PTR[((-24))+rax] - mov r13,QWORD PTR[((-32))+rax] - mov r14,QWORD PTR[((-40))+rax] - mov r15,QWORD PTR[((-48))+rax] - mov QWORD PTR[144+r8],rbx - mov QWORD PTR[160+r8],rbp - mov QWORD PTR[216+r8],r12 - mov QWORD PTR[224+r8],r13 - mov QWORD PTR[232+r8],r14 - mov QWORD PTR[240+r8],r15 - - lea r10,QWORD PTR[$L$epilogue] + mov rax,QWORD[((128+24))+rax] + lea rax,[48+rax] + + mov rbx,QWORD[((-8))+rax] + mov rbp,QWORD[((-16))+rax] + mov r12,QWORD[((-24))+rax] + mov r13,QWORD[((-32))+rax] + mov r14,QWORD[((-40))+rax] + mov r15,QWORD[((-48))+rax] + mov QWORD[144+r8],rbx + mov QWORD[160+r8],rbp + mov QWORD[216+r8],r12 + mov QWORD[224+r8],r13 + mov QWORD[232+r8],r14 + mov QWORD[240+r8],r15 + + lea r10,[$L$epilogue] cmp rbx,r10 - jb $L$in_prologue + jb NEAR $L$in_prologue - lea rsi,QWORD PTR[((128+32))+rsi] - lea rdi,QWORD PTR[512+r8] + lea rsi,[((128+32))+rsi] + lea rdi,[512+r8] mov ecx,12 - DD 0a548f3fch + DD 0xa548f3fc -$L$in_prologue:: - mov rdi,QWORD PTR[8+rax] - mov rsi,QWORD PTR[16+rax] - mov QWORD PTR[152+r8],rax - mov QWORD PTR[168+r8],rsi - mov QWORD PTR[176+r8],rdi +$L$in_prologue: + mov rdi,QWORD[8+rax] + mov rsi,QWORD[16+rax] + mov QWORD[152+r8],rax + mov QWORD[168+r8],rsi + mov QWORD[176+r8],rdi - mov rdi,QWORD PTR[40+r9] + mov rdi,QWORD[40+r9] mov rsi,r8 mov ecx,154 - DD 0a548f3fch + DD 0xa548f3fc mov rsi,r9 xor rcx,rcx - mov rdx,QWORD PTR[8+rsi] - mov r8,QWORD PTR[rsi] - mov r9,QWORD PTR[16+rsi] - mov r10,QWORD PTR[40+rsi] - lea r11,QWORD PTR[56+rsi] - lea r12,QWORD PTR[24+rsi] - mov QWORD PTR[32+rsp],r10 - mov QWORD PTR[40+rsp],r11 - mov QWORD PTR[48+rsp],r12 - mov QWORD PTR[56+rsp],rcx - call QWORD PTR[__imp_RtlVirtualUnwind] + mov rdx,QWORD[8+rsi] + mov r8,QWORD[rsi] + mov r9,QWORD[16+rsi] + mov r10,QWORD[40+rsi] + lea r11,[56+rsi] + lea r12,[24+rsi] + mov QWORD[32+rsp],r10 + mov QWORD[40+rsp],r11 + mov QWORD[48+rsp],r12 + mov QWORD[56+rsp],rcx + call QWORD[__imp_RtlVirtualUnwind] mov eax,1 add rsp,64 @@ -1894,20 +1897,15 @@ $L$in_prologue:: pop rdi pop rsi DB 0F3h,0C3h ;repret -se_handler ENDP -.text$ ENDS -.pdata SEGMENT READONLY ALIGN(4) + +section .pdata rdata align=4 ALIGN 4 - DD imagerel $L$SEH_begin_sha512_block_data_order - DD imagerel $L$SEH_end_sha512_block_data_order - DD imagerel $L$SEH_info_sha512_block_data_order -.pdata ENDS -.xdata SEGMENT READONLY ALIGN(8) + DD $L$SEH_begin_sha512_block_data_order wrt ..imagebase + DD $L$SEH_end_sha512_block_data_order wrt ..imagebase + DD $L$SEH_info_sha512_block_data_order wrt ..imagebase +section .xdata rdata align=8 ALIGN 8 -$L$SEH_info_sha512_block_data_order:: +$L$SEH_info_sha512_block_data_order: DB 9,0,0,0 - DD imagerel se_handler - DD imagerel $L$prologue,imagerel $L$epilogue - -.xdata ENDS -END + DD se_handler wrt ..imagebase + DD $L$prologue wrt ..imagebase,$L$epilogue wrt ..imagebase -- cgit v1.1