Compare commits
No commits in common. "main" and "OpenSSL_1_0_1q" have entirely different histories.
main
...
OpenSSL_1_
@ -1,10 +0,0 @@
|
||||
#! /bin/sh
|
||||
|
||||
# $1 is expected to be $TRAVIS_OS_NAME
|
||||
|
||||
if [ "$1" == osx ]; then
|
||||
make -f Makefile.org \
|
||||
DISTTARVARS="NAME=_srcdist TAR_COMMAND='\$\$(TAR) \$\$(TARFLAGS) -s \"|^|\$\$(NAME)/|\" -T \$\$(TARFILE).list -cvf -' TARFLAGS='-n' TARFILE=_srcdist.tar" SHELL='sh -vx' dist
|
||||
else
|
||||
make -f Makefile.org DISTTARVARS='TARFILE=_srcdist.tar NAME=_srcdist' SHELL='sh -v' dist
|
||||
fi
|
||||
@ -32,9 +32,6 @@ matrix:
|
||||
env: CONFIG_OPTS="-d --strict-warnings"
|
||||
|
||||
before_script:
|
||||
- sh .travis-create-release.sh $TRAVIS_OS_NAME
|
||||
- tar -xvzf _srcdist.tar.gz
|
||||
- cd _srcdist
|
||||
- if [ "$CC" == i686-w64-mingw32-gcc ]; then
|
||||
export CROSS_COMPILE=${CC%%gcc}; unset CC;
|
||||
./Configure mingw $CONFIG_OPTS;
|
||||
@ -44,13 +41,10 @@ before_script:
|
||||
else
|
||||
./config $CONFIG_OPTS;
|
||||
fi
|
||||
- cd ..
|
||||
|
||||
script:
|
||||
- cd _srcdist
|
||||
- make
|
||||
- if [ -z "$CROSS_COMPILE" ]; then make test; fi
|
||||
- cd ..
|
||||
|
||||
notifications:
|
||||
recipient:
|
||||
|
||||
@ -1,2 +1,30 @@
|
||||
Please https://www.openssl.org/community/thanks.html for the current
|
||||
acknowledgements.
|
||||
The OpenSSL project depends on volunteer efforts and financial support from
|
||||
the end user community. That support comes in the form of donations and paid
|
||||
sponsorships, software support contracts, paid consulting services
|
||||
and commissioned software development.
|
||||
|
||||
Since all these activities support the continued development and improvement
|
||||
of OpenSSL we consider all these clients and customers as sponsors of the
|
||||
OpenSSL project.
|
||||
|
||||
We would like to identify and thank the following such sponsors for their past
|
||||
or current significant support of the OpenSSL project:
|
||||
|
||||
Major support:
|
||||
|
||||
Qualys http://www.qualys.com/
|
||||
|
||||
Very significant support:
|
||||
|
||||
OpenGear: http://www.opengear.com/
|
||||
|
||||
Significant support:
|
||||
|
||||
PSW Group: http://www.psw.net/
|
||||
Acano Ltd. http://acano.com/
|
||||
|
||||
Please note that we ask permission to identify sponsors and that some sponsors
|
||||
we consider eligible for inclusion here have requested to remain anonymous.
|
||||
|
||||
Additional sponsorship or financial support is always welcome: for more
|
||||
information please contact the OpenSSL Software Foundation.
|
||||
|
||||
168
CHANGES
168
CHANGES
@ -2,172 +2,6 @@
|
||||
OpenSSL CHANGES
|
||||
_______________
|
||||
|
||||
Changes between 1.0.1s and 1.0.1t [xx XXX xxxx]
|
||||
|
||||
*) Remove LOW from the DEFAULT cipher list. This removes singles DES from the
|
||||
default.
|
||||
[Kurt Roeckx]
|
||||
|
||||
*) Only remove the SSLv2 methods with the no-ssl2-method option. When the
|
||||
methods are enabled and ssl2 is disabled the methods return NULL.
|
||||
[Kurt Roeckx]
|
||||
|
||||
Changes between 1.0.1r and 1.0.1s [1 Mar 2016]
|
||||
|
||||
* Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
|
||||
Builds that are not configured with "enable-weak-ssl-ciphers" will not
|
||||
provide any "EXPORT" or "LOW" strength ciphers.
|
||||
[Viktor Dukhovni]
|
||||
|
||||
* Disable SSLv2 default build, default negotiation and weak ciphers. SSLv2
|
||||
is by default disabled at build-time. Builds that are not configured with
|
||||
"enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used,
|
||||
users who want to negotiate SSLv2 via the version-flexible SSLv23_method()
|
||||
will need to explicitly call either of:
|
||||
|
||||
SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2);
|
||||
or
|
||||
SSL_clear_options(ssl, SSL_OP_NO_SSLv2);
|
||||
|
||||
as appropriate. Even if either of those is used, or the application
|
||||
explicitly uses the version-specific SSLv2_method() or its client and
|
||||
server variants, SSLv2 ciphers vulnerable to exhaustive search key
|
||||
recovery have been removed. Specifically, the SSLv2 40-bit EXPORT
|
||||
ciphers, and SSLv2 56-bit DES are no longer available.
|
||||
(CVE-2016-0800)
|
||||
[Viktor Dukhovni]
|
||||
|
||||
*) Fix a double-free in DSA code
|
||||
|
||||
A double free bug was discovered when OpenSSL parses malformed DSA private
|
||||
keys and could lead to a DoS attack or memory corruption for applications
|
||||
that receive DSA private keys from untrusted sources. This scenario is
|
||||
considered rare.
|
||||
|
||||
This issue was reported to OpenSSL by Adam Langley(Google/BoringSSL) using
|
||||
libFuzzer.
|
||||
(CVE-2016-0705)
|
||||
[Stephen Henson]
|
||||
|
||||
*) Disable SRP fake user seed to address a server memory leak.
|
||||
|
||||
Add a new method SRP_VBASE_get1_by_user that handles the seed properly.
|
||||
|
||||
SRP_VBASE_get_by_user had inconsistent memory management behaviour.
|
||||
In order to fix an unavoidable memory leak, SRP_VBASE_get_by_user
|
||||
was changed to ignore the "fake user" SRP seed, even if the seed
|
||||
is configured.
|
||||
|
||||
Users should use SRP_VBASE_get1_by_user instead. Note that in
|
||||
SRP_VBASE_get1_by_user, caller must free the returned value. Note
|
||||
also that even though configuring the SRP seed attempts to hide
|
||||
invalid usernames by continuing the handshake with fake
|
||||
credentials, this behaviour is not constant time and no strong
|
||||
guarantees are made that the handshake is indistinguishable from
|
||||
that of a valid user.
|
||||
(CVE-2016-0798)
|
||||
[Emilia Käsper]
|
||||
|
||||
*) Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
|
||||
|
||||
In the BN_hex2bn function the number of hex digits is calculated using an
|
||||
int value |i|. Later |bn_expand| is called with a value of |i * 4|. For
|
||||
large values of |i| this can result in |bn_expand| not allocating any
|
||||
memory because |i * 4| is negative. This can leave the internal BIGNUM data
|
||||
field as NULL leading to a subsequent NULL ptr deref. For very large values
|
||||
of |i|, the calculation |i * 4| could be a positive value smaller than |i|.
|
||||
In this case memory is allocated to the internal BIGNUM data field, but it
|
||||
is insufficiently sized leading to heap corruption. A similar issue exists
|
||||
in BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn
|
||||
is ever called by user applications with very large untrusted hex/dec data.
|
||||
This is anticipated to be a rare occurrence.
|
||||
|
||||
All OpenSSL internal usage of these functions use data that is not expected
|
||||
to be untrusted, e.g. config file data or application command line
|
||||
arguments. If user developed applications generate config file data based
|
||||
on untrusted data then it is possible that this could also lead to security
|
||||
consequences. This is also anticipated to be rare.
|
||||
|
||||
This issue was reported to OpenSSL by Guido Vranken.
|
||||
(CVE-2016-0797)
|
||||
[Matt Caswell]
|
||||
|
||||
*) Fix memory issues in BIO_*printf functions
|
||||
|
||||
The internal |fmtstr| function used in processing a "%s" format string in
|
||||
the BIO_*printf functions could overflow while calculating the length of a
|
||||
string and cause an OOB read when printing very long strings.
|
||||
|
||||
Additionally the internal |doapr_outch| function can attempt to write to an
|
||||
OOB memory location (at an offset from the NULL pointer) in the event of a
|
||||
memory allocation failure. In 1.0.2 and below this could be caused where
|
||||
the size of a buffer to be allocated is greater than INT_MAX. E.g. this
|
||||
could be in processing a very long "%s" format string. Memory leaks can
|
||||
also occur.
|
||||
|
||||
The first issue may mask the second issue dependent on compiler behaviour.
|
||||
These problems could enable attacks where large amounts of untrusted data
|
||||
is passed to the BIO_*printf functions. If applications use these functions
|
||||
in this way then they could be vulnerable. OpenSSL itself uses these
|
||||
functions when printing out human-readable dumps of ASN.1 data. Therefore
|
||||
applications that print this data could be vulnerable if the data is from
|
||||
untrusted sources. OpenSSL command line applications could also be
|
||||
vulnerable where they print out ASN.1 data, or if untrusted data is passed
|
||||
as command line arguments.
|
||||
|
||||
Libssl is not considered directly vulnerable. Additionally certificates etc
|
||||
received via remote connections via libssl are also unlikely to be able to
|
||||
trigger these issues because of message size limits enforced within libssl.
|
||||
|
||||
This issue was reported to OpenSSL Guido Vranken.
|
||||
(CVE-2016-0799)
|
||||
[Matt Caswell]
|
||||
|
||||
*) Side channel attack on modular exponentiation
|
||||
|
||||
A side-channel attack was found which makes use of cache-bank conflicts on
|
||||
the Intel Sandy-Bridge microarchitecture which could lead to the recovery
|
||||
of RSA keys. The ability to exploit this issue is limited as it relies on
|
||||
an attacker who has control of code in a thread running on the same
|
||||
hyper-threaded core as the victim thread which is performing decryptions.
|
||||
|
||||
This issue was reported to OpenSSL by Yuval Yarom, The University of
|
||||
Adelaide and NICTA, Daniel Genkin, Technion and Tel Aviv University, and
|
||||
Nadia Heninger, University of Pennsylvania with more information at
|
||||
http://cachebleed.info.
|
||||
(CVE-2016-0702)
|
||||
[Andy Polyakov]
|
||||
|
||||
*) Change the req app to generate a 2048-bit RSA/DSA key by default,
|
||||
if no keysize is specified with default_bits. This fixes an
|
||||
omission in an earlier change that changed all RSA/DSA key generation
|
||||
apps to use 2048 bits by default.
|
||||
[Emilia Käsper]
|
||||
|
||||
Changes between 1.0.1q and 1.0.1r [28 Jan 2016]
|
||||
|
||||
*) Protection for DH small subgroup attacks
|
||||
|
||||
As a precautionary measure the SSL_OP_SINGLE_DH_USE option has been
|
||||
switched on by default and cannot be disabled. This could have some
|
||||
performance impact.
|
||||
[Matt Caswell]
|
||||
|
||||
*) SSLv2 doesn't block disabled ciphers
|
||||
|
||||
A malicious client can negotiate SSLv2 ciphers that have been disabled on
|
||||
the server and complete SSLv2 handshakes even if all SSLv2 ciphers have
|
||||
been disabled, provided that the SSLv2 protocol was not also disabled via
|
||||
SSL_OP_NO_SSLv2.
|
||||
|
||||
This issue was reported to OpenSSL on 26th December 2015 by Nimrod Aviram
|
||||
and Sebastian Schinzel.
|
||||
(CVE-2015-3197)
|
||||
[Viktor Dukhovni]
|
||||
|
||||
*) Reject DH handshakes with parameters shorter than 1024 bits.
|
||||
[Kurt Roeckx]
|
||||
|
||||
Changes between 1.0.1p and 1.0.1q [3 Dec 2015]
|
||||
|
||||
*) Certificate verify crash with missing PSS parameter
|
||||
@ -204,7 +38,7 @@
|
||||
[Emilia Käsper]
|
||||
|
||||
*) In DSA_generate_parameters_ex, if the provided seed is too short,
|
||||
use a random seed, as already documented.
|
||||
return an error
|
||||
[Rich Salz and Ismo Puustinen <ismo.puustinen@intel.com>]
|
||||
|
||||
Changes between 1.0.1o and 1.0.1p [9 Jul 2015]
|
||||
|
||||
41
Configure
41
Configure
@ -58,10 +58,6 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta
|
||||
# library and will be loaded in run-time by the OpenSSL library.
|
||||
# sctp include SCTP support
|
||||
# 386 generate 80386 code
|
||||
# enable-weak-ssl-ciphers
|
||||
# Enable EXPORT and LOW SSLv3 ciphers that are disabled by
|
||||
# default. Note, weak SSLv2 ciphers are unconditionally
|
||||
# disabled.
|
||||
# no-sse2 disables IA-32 SSE2 code, above option implies no-sse2
|
||||
# no-<cipher> build without specified algorithm (rsa, idea, rc5, ...)
|
||||
# -<xxx> +<xxx> compiler options are passed through
|
||||
@ -109,9 +105,6 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta
|
||||
|
||||
my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
|
||||
|
||||
# Warn that "make depend" should be run?
|
||||
my $warn_make_depend = 0;
|
||||
|
||||
my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments";
|
||||
|
||||
my $strict_warnings = 0;
|
||||
@ -728,12 +721,10 @@ my %disabled = ( # "what" => "comment" [or special keyword "experimental
|
||||
"md2" => "default",
|
||||
"rc5" => "default",
|
||||
"rfc3779" => "default",
|
||||
"sctp" => "default",
|
||||
"sctp" => "default",
|
||||
"shared" => "default",
|
||||
"ssl2" => "default",
|
||||
"store" => "experimental",
|
||||
"unit-test" => "default",
|
||||
"weak-ssl-ciphers" => "default",
|
||||
"zlib" => "default",
|
||||
"zlib-dynamic" => "default"
|
||||
);
|
||||
@ -1455,7 +1446,7 @@ if ($target =~ /\-icc$/) # Intel C compiler
|
||||
# linker only when --prefix is not /usr.
|
||||
if ($target =~ /^BSD\-/)
|
||||
{
|
||||
$shared_ldflag.=" -Wl,-rpath,\$\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
|
||||
$shared_ldflag.=" -Wl,-rpath,\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
|
||||
}
|
||||
|
||||
if ($sys_id ne "")
|
||||
@ -1962,8 +1953,14 @@ EOF
|
||||
&dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
|
||||
}
|
||||
if ($depflags ne $default_depflags && !$make_depend) {
|
||||
$warn_make_depend++;
|
||||
}
|
||||
print <<EOF;
|
||||
|
||||
Since you've disabled or enabled at least one algorithm, you need to do
|
||||
the following before building:
|
||||
|
||||
make depend
|
||||
EOF
|
||||
}
|
||||
}
|
||||
|
||||
# create the ms/version32.rc file if needed
|
||||
@ -2042,18 +2039,12 @@ EOF
|
||||
|
||||
print <<\EOF if ($no_shared_warn);
|
||||
|
||||
You gave the option 'shared', which is not supported on this platform, so
|
||||
we will pretend you gave the option 'no-shared'. If you know how to implement
|
||||
shared libraries, please let us know (but please first make sure you have
|
||||
tried with a current version of OpenSSL).
|
||||
EOF
|
||||
|
||||
print <<EOF if ($warn_make_depend);
|
||||
|
||||
*** Because of configuration changes, you MUST do the following before
|
||||
*** building:
|
||||
|
||||
make depend
|
||||
You gave the option 'shared'. Normally, that would give you shared libraries.
|
||||
Unfortunately, the OpenSSL configuration doesn't include shared library support
|
||||
for this platform yet, so it will pretend you gave the option 'no-shared'. If
|
||||
you can inform the developpers (openssl-dev\@openssl.org) how to support shared
|
||||
libraries on this platform, they will at least look at it and try their best
|
||||
(but please first make sure you have tried with a current version of OpenSSL).
|
||||
EOF
|
||||
|
||||
exit(0);
|
||||
|
||||
8
INSTALL
8
INSTALL
@ -164,10 +164,10 @@
|
||||
standard headers). If it is a problem with OpenSSL itself, please
|
||||
report the problem to <openssl-bugs@openssl.org> (note that your
|
||||
message will be recorded in the request tracker publicly readable
|
||||
at https://www.openssl.org/community/index.html#bugs and will be
|
||||
forwarded to a public mailing list). Include the output of "make
|
||||
report" in your message. Please check out the request tracker. Maybe
|
||||
the bug was already reported or has already been fixed.
|
||||
via http://www.openssl.org/support/rt.html and will be forwarded to a
|
||||
public mailing list). Include the output of "make report" in your message.
|
||||
Please check out the request tracker. Maybe the bug was already
|
||||
reported or has already been fixed.
|
||||
|
||||
[If you encounter assembler error messages, try the "no-asm"
|
||||
configuration option as an immediate fix.]
|
||||
|
||||
2
LICENSE
2
LICENSE
@ -12,7 +12,7 @@
|
||||
---------------
|
||||
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2016 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
|
||||
38
Makefile.org
38
Makefile.org
@ -179,7 +179,8 @@ SHARED_LDFLAGS=
|
||||
GENERAL= Makefile
|
||||
BASENAME= openssl
|
||||
NAME= $(BASENAME)-$(VERSION)
|
||||
TARFILE= ../$(NAME).tar
|
||||
TARFILE= $(NAME).tar
|
||||
WTARFILE= $(NAME)-win.tar
|
||||
EXHEADER= e_os2.h
|
||||
HEADER= e_os.h
|
||||
|
||||
@ -498,35 +499,38 @@ TABLE: Configure
|
||||
# would occur. Therefore the list of files is temporarily stored into a file
|
||||
# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
|
||||
# tar does not support the --files-from option.
|
||||
TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \
|
||||
--owner 0 --group 0 \
|
||||
--transform 's|^|$(NAME)/|' \
|
||||
TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \
|
||||
--owner openssl:0 --group openssl:0 \
|
||||
--transform 's|^|openssl-$(VERSION)/|' \
|
||||
-cvf -
|
||||
|
||||
$(TARFILE).list:
|
||||
../$(TARFILE).list:
|
||||
find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
|
||||
\! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \
|
||||
\( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
|
||||
\! -name '.#*' \! -name '*~' \! -type l \
|
||||
| sort > $(TARFILE).list
|
||||
\! -name '*test' \! -name '.#*' \! -name '*~' \
|
||||
| sort > ../$(TARFILE).list
|
||||
|
||||
tar: $(TARFILE).list
|
||||
tar: ../$(TARFILE).list
|
||||
find . -type d -print | xargs chmod 755
|
||||
find . -type f -print | xargs chmod a+r
|
||||
find . -type f -perm -0100 -print | xargs chmod a+x
|
||||
$(TAR_COMMAND) | gzip --best > $(TARFILE).gz
|
||||
rm -f $(TARFILE).list
|
||||
ls -l $(TARFILE).gz
|
||||
$(TAR_COMMAND) | gzip --best >../$(TARFILE).gz
|
||||
rm -f ../$(TARFILE).list
|
||||
ls -l ../$(TARFILE).gz
|
||||
|
||||
tar-snap: $(TARFILE).list
|
||||
$(TAR_COMMAND) > $(TARFILE)
|
||||
rm -f $(TARFILE).list
|
||||
ls -l $(TARFILE)
|
||||
tar-snap: ../$(TARFILE).list
|
||||
$(TAR_COMMAND) > ../$(TARFILE)
|
||||
rm -f ../$(TARFILE).list
|
||||
ls -l ../$(TARFILE)
|
||||
|
||||
dist:
|
||||
$(PERL) Configure dist
|
||||
@$(MAKE) dist_pem_h
|
||||
@$(MAKE) SDIRS='$(SDIRS)' clean
|
||||
@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
|
||||
@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar
|
||||
|
||||
dist_pem_h:
|
||||
(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
|
||||
|
||||
install: all install_docs install_sw
|
||||
|
||||
|
||||
22
NEWS
22
NEWS
@ -5,28 +5,6 @@
|
||||
This file gives a brief overview of the major changes between each OpenSSL
|
||||
release. For more details please read the CHANGES file.
|
||||
|
||||
Major changes between OpenSSL 1.0.1s and OpenSSL 1.0.1t [under development]
|
||||
|
||||
o
|
||||
|
||||
Major changes between OpenSSL 1.0.1r and OpenSSL 1.0.1s [1 Mar 2016]
|
||||
|
||||
o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
|
||||
o Disable SSLv2 default build, default negotiation and weak ciphers
|
||||
(CVE-2016-0800)
|
||||
o Fix a double-free in DSA code (CVE-2016-0705)
|
||||
o Disable SRP fake user seed to address a server memory leak
|
||||
(CVE-2016-0798)
|
||||
o Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
|
||||
(CVE-2016-0797)
|
||||
o Fix memory issues in BIO_*printf functions (CVE-2016-0799)
|
||||
o Fix side channel attack on modular exponentiation (CVE-2016-0702)
|
||||
|
||||
Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [28 Jan 2016]
|
||||
|
||||
o Protection for DH small subgroup attacks
|
||||
o SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
|
||||
|
||||
Major changes between OpenSSL 1.0.1p and OpenSSL 1.0.1q [3 Dec 2015]
|
||||
|
||||
o Certificate verify crash with missing PSS parameter (CVE-2015-3194)
|
||||
|
||||
13
README
13
README
@ -1,5 +1,5 @@
|
||||
|
||||
OpenSSL 1.0.1t-dev
|
||||
OpenSSL 1.0.1q 3 Dec 2015
|
||||
|
||||
Copyright (c) 1998-2015 The OpenSSL Project
|
||||
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
||||
@ -90,12 +90,11 @@
|
||||
|
||||
In order to avoid spam, this is a moderated mailing list, and it might
|
||||
take a day for the ticket to show up. (We also scan posts to make sure
|
||||
that security disclosures aren't publically posted by mistake.) Mail
|
||||
to this address is recorded in the public RT (request tracker) database
|
||||
(see https://www.openssl.org/community/index.html#bugs for details) and
|
||||
also forwarded the public openssl-dev mailing list. Confidential mail
|
||||
may be sent to openssl-security@openssl.org (PGP key available from the
|
||||
key servers).
|
||||
that security disclosures aren't publically posted by mistake.) Mail to
|
||||
this address is recorded in the public RT (request tracker) database (see
|
||||
https://www.openssl.org/support/rt.html for details) and also forwarded
|
||||
the public openssl-dev mailing list. Confidential mail may be sent to
|
||||
openssl-security@openssl.org (PGP key available from the key servers).
|
||||
|
||||
Please do NOT use this for general assistance or support queries.
|
||||
Just because something doesn't work the way you expect does not mean it
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* apps/engine.c */
|
||||
/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */
|
||||
/*
|
||||
* Written by Richard Levitte <richard@levitte.org> for the OpenSSL project
|
||||
* 2000.
|
||||
|
||||
@ -1003,7 +1003,7 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req,
|
||||
bs = OCSP_BASICRESP_new();
|
||||
thisupd = X509_gmtime_adj(NULL, 0);
|
||||
if (ndays != -1)
|
||||
nextupd = X509_time_adj_ex(NULL, ndays, nmin * 60, NULL);
|
||||
nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24);
|
||||
|
||||
/* Examine each certificate id in the request */
|
||||
for (i = 0; i < id_count; i++) {
|
||||
|
||||
@ -79,8 +79,7 @@ const EVP_CIPHER *enc;
|
||||
# define CLCERTS 0x8
|
||||
# define CACERTS 0x10
|
||||
|
||||
static int get_cert_chain(X509 *cert, X509_STORE *store,
|
||||
STACK_OF(X509) **chain);
|
||||
int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain);
|
||||
int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen,
|
||||
int options, char *pempass);
|
||||
int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
|
||||
@ -595,7 +594,7 @@ int MAIN(int argc, char **argv)
|
||||
vret = get_cert_chain(ucert, store, &chain2);
|
||||
X509_STORE_free(store);
|
||||
|
||||
if (vret == X509_V_OK) {
|
||||
if (!vret) {
|
||||
/* Exclude verified certificate */
|
||||
for (i = 1; i < sk_X509_num(chain2); i++)
|
||||
sk_X509_push(certs, sk_X509_value(chain2, i));
|
||||
@ -603,7 +602,7 @@ int MAIN(int argc, char **argv)
|
||||
X509_free(sk_X509_value(chain2, 0));
|
||||
sk_X509_free(chain2);
|
||||
} else {
|
||||
if (vret != X509_V_ERR_UNSPECIFIED)
|
||||
if (vret >= 0)
|
||||
BIO_printf(bio_err, "Error %s getting chain.\n",
|
||||
X509_verify_cert_error_string(vret));
|
||||
else
|
||||
@ -907,25 +906,36 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
|
||||
|
||||
/* Given a single certificate return a verified chain or NULL if error */
|
||||
|
||||
static int get_cert_chain(X509 *cert, X509_STORE *store,
|
||||
STACK_OF(X509) **chain)
|
||||
/* Hope this is OK .... */
|
||||
|
||||
int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
|
||||
{
|
||||
X509_STORE_CTX store_ctx;
|
||||
STACK_OF(X509) *chn = NULL;
|
||||
STACK_OF(X509) *chn;
|
||||
int i = 0;
|
||||
|
||||
if (!X509_STORE_CTX_init(&store_ctx, store, cert, NULL)) {
|
||||
*chain = NULL;
|
||||
return X509_V_ERR_UNSPECIFIED;
|
||||
}
|
||||
|
||||
if (X509_verify_cert(&store_ctx) > 0)
|
||||
/*
|
||||
* FIXME: Should really check the return status of X509_STORE_CTX_init
|
||||
* for an error, but how that fits into the return value of this function
|
||||
* is less obvious.
|
||||
*/
|
||||
X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
|
||||
if (X509_verify_cert(&store_ctx) <= 0) {
|
||||
i = X509_STORE_CTX_get_error(&store_ctx);
|
||||
if (i == 0)
|
||||
/*
|
||||
* avoid returning 0 if X509_verify_cert() did not set an
|
||||
* appropriate error value in the context
|
||||
*/
|
||||
i = -1;
|
||||
chn = NULL;
|
||||
goto err;
|
||||
} else
|
||||
chn = X509_STORE_CTX_get1_chain(&store_ctx);
|
||||
else if ((i = X509_STORE_CTX_get_error(&store_ctx)) == 0)
|
||||
i = X509_V_ERR_UNSPECIFIED;
|
||||
|
||||
err:
|
||||
X509_STORE_CTX_cleanup(&store_ctx);
|
||||
*chain = chn;
|
||||
|
||||
return i;
|
||||
}
|
||||
|
||||
|
||||
12
apps/pkcs7.c
12
apps/pkcs7.c
@ -235,16 +235,12 @@ int MAIN(int argc, char **argv)
|
||||
i = OBJ_obj2nid(p7->type);
|
||||
switch (i) {
|
||||
case NID_pkcs7_signed:
|
||||
if (p7->d.sign != NULL) {
|
||||
certs = p7->d.sign->cert;
|
||||
crls = p7->d.sign->crl;
|
||||
}
|
||||
certs = p7->d.sign->cert;
|
||||
crls = p7->d.sign->crl;
|
||||
break;
|
||||
case NID_pkcs7_signedAndEnveloped:
|
||||
if (p7->d.signed_and_enveloped != NULL) {
|
||||
certs = p7->d.signed_and_enveloped->cert;
|
||||
crls = p7->d.signed_and_enveloped->crl;
|
||||
}
|
||||
certs = p7->d.signed_and_enveloped->cert;
|
||||
crls = p7->d.signed_and_enveloped->crl;
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
|
||||
@ -416,8 +416,6 @@ typedef struct srpsrvparm_st {
|
||||
static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
|
||||
{
|
||||
srpsrvparm *p = (srpsrvparm *) arg;
|
||||
int ret = SSL3_AL_FATAL;
|
||||
|
||||
if (p->login == NULL && p->user == NULL) {
|
||||
p->login = SSL_get_srp_username(s);
|
||||
BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login);
|
||||
@ -426,25 +424,21 @@ static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
|
||||
|
||||
if (p->user == NULL) {
|
||||
BIO_printf(bio_err, "User %s doesn't exist\n", p->login);
|
||||
goto err;
|
||||
return SSL3_AL_FATAL;
|
||||
}
|
||||
|
||||
if (SSL_set_srp_server_param
|
||||
(s, p->user->N, p->user->g, p->user->s, p->user->v,
|
||||
p->user->info) < 0) {
|
||||
*ad = SSL_AD_INTERNAL_ERROR;
|
||||
goto err;
|
||||
return SSL3_AL_FATAL;
|
||||
}
|
||||
BIO_printf(bio_err,
|
||||
"SRP parameters set: username = \"%s\" info=\"%s\" \n",
|
||||
p->login, p->user->info);
|
||||
ret = SSL_ERROR_NONE;
|
||||
|
||||
err:
|
||||
SRP_user_pwd_free(p->user);
|
||||
/* need to check whether there are memory leaks */
|
||||
p->user = NULL;
|
||||
p->login = NULL;
|
||||
return ret;
|
||||
return SSL_ERROR_NONE;
|
||||
}
|
||||
|
||||
#endif
|
||||
@ -2250,10 +2244,9 @@ static int sv_body(char *hostname, int s, unsigned char *context)
|
||||
#ifndef OPENSSL_NO_SRP
|
||||
while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) {
|
||||
BIO_printf(bio_s_out, "LOOKUP renego during write\n");
|
||||
SRP_user_pwd_free(srp_callback_parm.user);
|
||||
srp_callback_parm.user =
|
||||
SRP_VBASE_get1_by_user(srp_callback_parm.vb,
|
||||
srp_callback_parm.login);
|
||||
SRP_VBASE_get_by_user(srp_callback_parm.vb,
|
||||
srp_callback_parm.login);
|
||||
if (srp_callback_parm.user)
|
||||
BIO_printf(bio_s_out, "LOOKUP done %s\n",
|
||||
srp_callback_parm.user->info);
|
||||
@ -2307,10 +2300,9 @@ static int sv_body(char *hostname, int s, unsigned char *context)
|
||||
#ifndef OPENSSL_NO_SRP
|
||||
while (SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
|
||||
BIO_printf(bio_s_out, "LOOKUP renego during read\n");
|
||||
SRP_user_pwd_free(srp_callback_parm.user);
|
||||
srp_callback_parm.user =
|
||||
SRP_VBASE_get1_by_user(srp_callback_parm.vb,
|
||||
srp_callback_parm.login);
|
||||
SRP_VBASE_get_by_user(srp_callback_parm.vb,
|
||||
srp_callback_parm.login);
|
||||
if (srp_callback_parm.user)
|
||||
BIO_printf(bio_s_out, "LOOKUP done %s\n",
|
||||
srp_callback_parm.user->info);
|
||||
@ -2395,10 +2387,9 @@ static int init_ssl_connection(SSL *con)
|
||||
while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
|
||||
BIO_printf(bio_s_out, "LOOKUP during accept %s\n",
|
||||
srp_callback_parm.login);
|
||||
SRP_user_pwd_free(srp_callback_parm.user);
|
||||
srp_callback_parm.user =
|
||||
SRP_VBASE_get1_by_user(srp_callback_parm.vb,
|
||||
srp_callback_parm.login);
|
||||
SRP_VBASE_get_by_user(srp_callback_parm.vb,
|
||||
srp_callback_parm.login);
|
||||
if (srp_callback_parm.user)
|
||||
BIO_printf(bio_s_out, "LOOKUP done %s\n",
|
||||
srp_callback_parm.user->info);
|
||||
@ -2625,10 +2616,9 @@ static int www_body(char *hostname, int s, unsigned char *context)
|
||||
&& SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
|
||||
BIO_printf(bio_s_out, "LOOKUP during accept %s\n",
|
||||
srp_callback_parm.login);
|
||||
SRP_user_pwd_free(srp_callback_parm.user);
|
||||
srp_callback_parm.user =
|
||||
SRP_VBASE_get1_by_user(srp_callback_parm.vb,
|
||||
srp_callback_parm.login);
|
||||
SRP_VBASE_get_by_user(srp_callback_parm.vb,
|
||||
srp_callback_parm.login);
|
||||
if (srp_callback_parm.user)
|
||||
BIO_printf(bio_s_out, "LOOKUP done %s\n",
|
||||
srp_callback_parm.user->info);
|
||||
@ -2668,10 +2658,9 @@ static int www_body(char *hostname, int s, unsigned char *context)
|
||||
if (BIO_should_io_special(io)
|
||||
&& BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
|
||||
BIO_printf(bio_s_out, "LOOKUP renego during read\n");
|
||||
SRP_user_pwd_free(srp_callback_parm.user);
|
||||
srp_callback_parm.user =
|
||||
SRP_VBASE_get1_by_user(srp_callback_parm.vb,
|
||||
srp_callback_parm.login);
|
||||
SRP_VBASE_get_by_user(srp_callback_parm.vb,
|
||||
srp_callback_parm.login);
|
||||
if (srp_callback_parm.user)
|
||||
BIO_printf(bio_s_out, "LOOKUP done %s\n",
|
||||
srp_callback_parm.user->info);
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* apps/speed.c */
|
||||
/* apps/speed.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
|
||||
@ -1170,7 +1170,12 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
|
||||
if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL)
|
||||
goto err;
|
||||
|
||||
if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL)
|
||||
/* Lets just make it 12:00am GMT, Jan 1 1970 */
|
||||
/* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */
|
||||
/* 28 days to be certified */
|
||||
|
||||
if (X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days) ==
|
||||
NULL)
|
||||
goto err;
|
||||
|
||||
if (!X509_set_pubkey(x, pkey))
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/aes/aes.h */
|
||||
/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/aes/aes_cbc.c */
|
||||
/* crypto/aes/aes_cbc.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/aes/aes_cfb.c */
|
||||
/* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/aes/aes_core.c */
|
||||
/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/**
|
||||
* rijndael-alg-fst.c
|
||||
*
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/aes/aes_ctr.c */
|
||||
/* crypto/aes/aes_ctr.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/aes/aes_ecb.c */
|
||||
/* crypto/aes/aes_ecb.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/aes/aes_ige.c */
|
||||
/* crypto/aes/aes_ige.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/aes/aes.h */
|
||||
/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/aes/aes_misc.c */
|
||||
/* crypto/aes/aes_misc.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/aes/aes_ofb.c */
|
||||
/* crypto/aes/aes_ofb.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/aes/aes_core.c */
|
||||
/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/**
|
||||
* rijndael-alg-fst.c
|
||||
*
|
||||
|
||||
@ -200,13 +200,13 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
|
||||
} else {
|
||||
if (len != 0) {
|
||||
if ((ret->length < len) || (ret->data == NULL)) {
|
||||
if (ret->data != NULL)
|
||||
OPENSSL_free(ret->data);
|
||||
s = (unsigned char *)OPENSSL_malloc((int)len + 1);
|
||||
if (s == NULL) {
|
||||
i = ERR_R_MALLOC_FAILURE;
|
||||
goto err;
|
||||
}
|
||||
if (ret->data != NULL)
|
||||
OPENSSL_free(ret->data);
|
||||
} else
|
||||
s = ret->data;
|
||||
memcpy(s, p, (int)len);
|
||||
|
||||
@ -141,7 +141,6 @@ void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
|
||||
#endif
|
||||
|
||||
#define HEADER_SIZE 8
|
||||
#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
|
||||
static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
|
||||
{
|
||||
BUF_MEM *b;
|
||||
@ -218,44 +217,29 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
|
||||
/* suck in c.slen bytes of data */
|
||||
want = c.slen;
|
||||
if (want > (len - off)) {
|
||||
size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
|
||||
|
||||
want -= (len - off);
|
||||
if (want > INT_MAX /* BIO_read takes an int length */ ||
|
||||
len + want < len) {
|
||||
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
|
||||
goto err;
|
||||
}
|
||||
if (!BUF_MEM_grow_clean(b, len + want)) {
|
||||
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
while (want > 0) {
|
||||
/*
|
||||
* Read content in chunks of increasing size
|
||||
* so we can return an error for EOF without
|
||||
* having to allocate the entire content length
|
||||
* in one go.
|
||||
*/
|
||||
size_t chunk = want > chunk_max ? chunk_max : want;
|
||||
|
||||
if (!BUF_MEM_grow_clean(b, len + chunk)) {
|
||||
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
|
||||
i = BIO_read(in, &(b->data[len]), want);
|
||||
if (i <= 0) {
|
||||
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
|
||||
ASN1_R_NOT_ENOUGH_DATA);
|
||||
goto err;
|
||||
}
|
||||
want -= chunk;
|
||||
while (chunk > 0) {
|
||||
i = BIO_read(in, &(b->data[len]), chunk);
|
||||
if (i <= 0) {
|
||||
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
|
||||
ASN1_R_NOT_ENOUGH_DATA);
|
||||
goto err;
|
||||
}
|
||||
/*
|
||||
* This can't overflow because |len+want| didn't
|
||||
* overflow.
|
||||
*/
|
||||
len += i;
|
||||
chunk -= i;
|
||||
}
|
||||
if (chunk_max < INT_MAX/2)
|
||||
chunk_max *= 2;
|
||||
len += i;
|
||||
want -= i;
|
||||
}
|
||||
}
|
||||
if (off + c.slen < off) {
|
||||
|
||||
@ -63,7 +63,7 @@
|
||||
#include <openssl/asn1_mac.h>
|
||||
|
||||
static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
|
||||
long max);
|
||||
int max);
|
||||
static void asn1_put_length(unsigned char **pp, int length);
|
||||
const char ASN1_version[] = "ASN.1" OPENSSL_VERSION_PTEXT;
|
||||
|
||||
@ -131,7 +131,7 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
|
||||
}
|
||||
*ptag = tag;
|
||||
*pclass = xclass;
|
||||
if (!asn1_get_length(&p, &inf, plength, max))
|
||||
if (!asn1_get_length(&p, &inf, plength, (int)max))
|
||||
goto err;
|
||||
|
||||
if (inf && !(ret & V_ASN1_CONSTRUCTED))
|
||||
@ -159,14 +159,14 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
|
||||
}
|
||||
|
||||
static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
|
||||
long max)
|
||||
int max)
|
||||
{
|
||||
const unsigned char *p = *pp;
|
||||
unsigned long ret = 0;
|
||||
unsigned long i;
|
||||
unsigned int i;
|
||||
|
||||
if (max-- < 1)
|
||||
return 0;
|
||||
return (0);
|
||||
if (*p == 0x80) {
|
||||
*inf = 1;
|
||||
ret = 0;
|
||||
@ -175,11 +175,15 @@ static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
|
||||
*inf = 0;
|
||||
i = *p & 0x7f;
|
||||
if (*(p++) & 0x80) {
|
||||
if (i > sizeof(ret) || max < (long)i)
|
||||
if (i > sizeof(long))
|
||||
return 0;
|
||||
if (max-- == 0)
|
||||
return (0);
|
||||
while (i-- > 0) {
|
||||
ret <<= 8L;
|
||||
ret |= *(p++);
|
||||
if (max-- == 0)
|
||||
return (0);
|
||||
}
|
||||
} else
|
||||
ret = i;
|
||||
@ -188,7 +192,7 @@ static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
|
||||
return 0;
|
||||
*pp = p;
|
||||
*rl = (long)ret;
|
||||
return 1;
|
||||
return (1);
|
||||
}
|
||||
|
||||
/*
|
||||
|
||||
@ -173,8 +173,6 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
|
||||
if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0))
|
||||
goto end;
|
||||
if (j & V_ASN1_CONSTRUCTED) {
|
||||
const unsigned char *sp;
|
||||
|
||||
ep = p + len;
|
||||
if (BIO_write(bp, "\n", 1) <= 0)
|
||||
goto end;
|
||||
@ -184,7 +182,6 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
|
||||
goto end;
|
||||
}
|
||||
if ((j == 0x21) && (len == 0)) {
|
||||
sp = p;
|
||||
for (;;) {
|
||||
r = asn1_parse2(bp, &p, (long)(tot - p),
|
||||
offset + (p - *pp), depth + 1,
|
||||
@ -193,25 +190,19 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
|
||||
ret = 0;
|
||||
goto end;
|
||||
}
|
||||
if ((r == 2) || (p >= tot)) {
|
||||
len = p - sp;
|
||||
if ((r == 2) || (p >= tot))
|
||||
break;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
long tmp = len;
|
||||
|
||||
} else
|
||||
while (p < ep) {
|
||||
sp = p;
|
||||
r = asn1_parse2(bp, &p, tmp, offset + (p - *pp), depth + 1,
|
||||
r = asn1_parse2(bp, &p, (long)len,
|
||||
offset + (p - *pp), depth + 1,
|
||||
indent, dump);
|
||||
if (r == 0) {
|
||||
ret = 0;
|
||||
goto end;
|
||||
}
|
||||
tmp -= p - sp;
|
||||
}
|
||||
}
|
||||
} else if (xclass != 0) {
|
||||
p += len;
|
||||
if (BIO_write(bp, "\n", 1) <= 0)
|
||||
|
||||
@ -140,8 +140,7 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
|
||||
goto err;
|
||||
|
||||
bs = X509_get_serialNumber(x);
|
||||
if (bs->length < (int)sizeof(long)
|
||||
|| (bs->length == sizeof(long) && (bs->data[0] & 0x80) == 0)) {
|
||||
if (bs->length <= (int)sizeof(long)) {
|
||||
l = ASN1_INTEGER_get(bs);
|
||||
if (bs->type == V_ASN1_NEG_INTEGER) {
|
||||
l = -l;
|
||||
|
||||
@ -66,13 +66,6 @@
|
||||
typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
|
||||
DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
|
||||
|
||||
/*
|
||||
* Maximum length of X509_NAME: much larger than anything we should
|
||||
* ever see in practice.
|
||||
*/
|
||||
|
||||
#define X509_NAME_MAX (1024 * 1024)
|
||||
|
||||
static int x509_name_ex_d2i(ASN1_VALUE **val,
|
||||
const unsigned char **in, long len,
|
||||
const ASN1_ITEM *it,
|
||||
@ -199,10 +192,6 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
|
||||
int i, j, ret;
|
||||
STACK_OF(X509_NAME_ENTRY) *entries;
|
||||
X509_NAME_ENTRY *entry;
|
||||
if (len > X509_NAME_MAX) {
|
||||
ASN1err(ASN1_F_X509_NAME_EX_D2I, ASN1_R_TOO_LONG);
|
||||
return 0;
|
||||
}
|
||||
q = p;
|
||||
|
||||
/* Get internal representation of Name */
|
||||
|
||||
@ -201,19 +201,9 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
|
||||
|
||||
int i2d_X509_AUX(X509 *a, unsigned char **pp)
|
||||
{
|
||||
int length, tmplen;
|
||||
unsigned char *start = pp != NULL ? *pp : NULL;
|
||||
int length;
|
||||
length = i2d_X509(a, pp);
|
||||
if (length < 0 || a == NULL)
|
||||
return length;
|
||||
|
||||
tmplen = i2d_X509_CERT_AUX(a->aux, pp);
|
||||
if (tmplen < 0) {
|
||||
if (start != NULL)
|
||||
*pp = start;
|
||||
return tmplen;
|
||||
}
|
||||
length += tmplen;
|
||||
|
||||
if (a)
|
||||
length += i2d_X509_CERT_AUX(a->aux, pp);
|
||||
return length;
|
||||
}
|
||||
|
||||
@ -125,16 +125,16 @@
|
||||
# define LLONG long
|
||||
#endif
|
||||
|
||||
static int fmtstr(char **, char **, size_t *, size_t *,
|
||||
const char *, int, int, int);
|
||||
static int fmtint(char **, char **, size_t *, size_t *,
|
||||
LLONG, int, int, int, int);
|
||||
static int fmtfp(char **, char **, size_t *, size_t *,
|
||||
LDOUBLE, int, int, int);
|
||||
static int doapr_outch(char **, char **, size_t *, size_t *, int);
|
||||
static int _dopr(char **sbuffer, char **buffer,
|
||||
size_t *maxlen, size_t *retlen, int *truncated,
|
||||
const char *format, va_list args);
|
||||
static void fmtstr(char **, char **, size_t *, size_t *,
|
||||
const char *, int, int, int);
|
||||
static void fmtint(char **, char **, size_t *, size_t *,
|
||||
LLONG, int, int, int, int);
|
||||
static void fmtfp(char **, char **, size_t *, size_t *,
|
||||
LDOUBLE, int, int, int);
|
||||
static void doapr_outch(char **, char **, size_t *, size_t *, int);
|
||||
static void _dopr(char **sbuffer, char **buffer,
|
||||
size_t *maxlen, size_t *retlen, int *truncated,
|
||||
const char *format, va_list args);
|
||||
|
||||
/* format read states */
|
||||
#define DP_S_DEFAULT 0
|
||||
@ -165,7 +165,7 @@ static int _dopr(char **sbuffer, char **buffer,
|
||||
#define char_to_int(p) (p - '0')
|
||||
#define OSSL_MAX(p,q) ((p >= q) ? p : q)
|
||||
|
||||
static int
|
||||
static void
|
||||
_dopr(char **sbuffer,
|
||||
char **buffer,
|
||||
size_t *maxlen,
|
||||
@ -196,8 +196,7 @@ _dopr(char **sbuffer,
|
||||
if (ch == '%')
|
||||
state = DP_S_FLAGS;
|
||||
else
|
||||
if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
|
||||
return 0;
|
||||
doapr_outch(sbuffer, buffer, &currlen, maxlen, ch);
|
||||
ch = *format++;
|
||||
break;
|
||||
case DP_S_FLAGS:
|
||||
@ -303,9 +302,8 @@ _dopr(char **sbuffer,
|
||||
value = va_arg(args, int);
|
||||
break;
|
||||
}
|
||||
if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, 10, min,
|
||||
max, flags))
|
||||
return 0;
|
||||
fmtint(sbuffer, buffer, &currlen, maxlen,
|
||||
value, 10, min, max, flags);
|
||||
break;
|
||||
case 'X':
|
||||
flags |= DP_F_UP;
|
||||
@ -328,19 +326,17 @@ _dopr(char **sbuffer,
|
||||
value = (LLONG) va_arg(args, unsigned int);
|
||||
break;
|
||||
}
|
||||
if (!fmtint(sbuffer, buffer, &currlen, maxlen, value,
|
||||
ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
|
||||
min, max, flags))
|
||||
return 0;
|
||||
fmtint(sbuffer, buffer, &currlen, maxlen, value,
|
||||
ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
|
||||
min, max, flags);
|
||||
break;
|
||||
case 'f':
|
||||
if (cflags == DP_C_LDOUBLE)
|
||||
fvalue = va_arg(args, LDOUBLE);
|
||||
else
|
||||
fvalue = va_arg(args, double);
|
||||
if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
|
||||
flags))
|
||||
return 0;
|
||||
fmtfp(sbuffer, buffer, &currlen, maxlen,
|
||||
fvalue, min, max, flags);
|
||||
break;
|
||||
case 'E':
|
||||
flags |= DP_F_UP;
|
||||
@ -359,9 +355,8 @@ _dopr(char **sbuffer,
|
||||
fvalue = va_arg(args, double);
|
||||
break;
|
||||
case 'c':
|
||||
if(!doapr_outch(sbuffer, buffer, &currlen, maxlen,
|
||||
va_arg(args, int)))
|
||||
return 0;
|
||||
doapr_outch(sbuffer, buffer, &currlen, maxlen,
|
||||
va_arg(args, int));
|
||||
break;
|
||||
case 's':
|
||||
strvalue = va_arg(args, char *);
|
||||
@ -371,15 +366,13 @@ _dopr(char **sbuffer,
|
||||
else
|
||||
max = *maxlen;
|
||||
}
|
||||
if (!fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
|
||||
flags, min, max))
|
||||
return 0;
|
||||
fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
|
||||
flags, min, max);
|
||||
break;
|
||||
case 'p':
|
||||
value = (long)va_arg(args, void *);
|
||||
if (!fmtint(sbuffer, buffer, &currlen, maxlen,
|
||||
value, 16, min, max, flags | DP_F_NUM))
|
||||
return 0;
|
||||
fmtint(sbuffer, buffer, &currlen, maxlen,
|
||||
value, 16, min, max, flags | DP_F_NUM);
|
||||
break;
|
||||
case 'n': /* XXX */
|
||||
if (cflags == DP_C_SHORT) {
|
||||
@ -401,8 +394,7 @@ _dopr(char **sbuffer,
|
||||
}
|
||||
break;
|
||||
case '%':
|
||||
if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
|
||||
return 0;
|
||||
doapr_outch(sbuffer, buffer, &currlen, maxlen, ch);
|
||||
break;
|
||||
case 'w':
|
||||
/* not supported yet, treat as next char */
|
||||
@ -426,56 +418,46 @@ _dopr(char **sbuffer,
|
||||
*truncated = (currlen > *maxlen - 1);
|
||||
if (*truncated)
|
||||
currlen = *maxlen - 1;
|
||||
if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'))
|
||||
return 0;
|
||||
doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0');
|
||||
*retlen = currlen - 1;
|
||||
return 1;
|
||||
return;
|
||||
}
|
||||
|
||||
static int
|
||||
static void
|
||||
fmtstr(char **sbuffer,
|
||||
char **buffer,
|
||||
size_t *currlen,
|
||||
size_t *maxlen, const char *value, int flags, int min, int max)
|
||||
{
|
||||
int padlen;
|
||||
size_t strln;
|
||||
int padlen, strln;
|
||||
int cnt = 0;
|
||||
|
||||
if (value == 0)
|
||||
value = "<NULL>";
|
||||
|
||||
strln = strlen(value);
|
||||
if (strln > INT_MAX)
|
||||
strln = INT_MAX;
|
||||
|
||||
for (strln = 0; value[strln]; ++strln) ;
|
||||
padlen = min - strln;
|
||||
if (min < 0 || padlen < 0)
|
||||
if (padlen < 0)
|
||||
padlen = 0;
|
||||
if (flags & DP_F_MINUS)
|
||||
padlen = -padlen;
|
||||
|
||||
while ((padlen > 0) && (cnt < max)) {
|
||||
if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
|
||||
return 0;
|
||||
doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
|
||||
--padlen;
|
||||
++cnt;
|
||||
}
|
||||
while (*value && (cnt < max)) {
|
||||
if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *value++))
|
||||
return 0;
|
||||
doapr_outch(sbuffer, buffer, currlen, maxlen, *value++);
|
||||
++cnt;
|
||||
}
|
||||
while ((padlen < 0) && (cnt < max)) {
|
||||
if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
|
||||
return 0;
|
||||
doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
|
||||
++padlen;
|
||||
++cnt;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int
|
||||
static void
|
||||
fmtint(char **sbuffer,
|
||||
char **buffer,
|
||||
size_t *currlen,
|
||||
@ -535,44 +517,37 @@ fmtint(char **sbuffer,
|
||||
|
||||
/* spaces */
|
||||
while (spadlen > 0) {
|
||||
if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
|
||||
return 0;
|
||||
doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
|
||||
--spadlen;
|
||||
}
|
||||
|
||||
/* sign */
|
||||
if (signvalue)
|
||||
if(!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
|
||||
return 0;
|
||||
doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
|
||||
|
||||
/* prefix */
|
||||
while (*prefix) {
|
||||
if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix))
|
||||
return 0;
|
||||
doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix);
|
||||
prefix++;
|
||||
}
|
||||
|
||||
/* zeros */
|
||||
if (zpadlen > 0) {
|
||||
while (zpadlen > 0) {
|
||||
if(!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
|
||||
return 0;
|
||||
doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
|
||||
--zpadlen;
|
||||
}
|
||||
}
|
||||
/* digits */
|
||||
while (place > 0) {
|
||||
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]))
|
||||
return 0;
|
||||
}
|
||||
while (place > 0)
|
||||
doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]);
|
||||
|
||||
/* left justified spaces */
|
||||
while (spadlen < 0) {
|
||||
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
|
||||
return 0;
|
||||
doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
|
||||
++spadlen;
|
||||
}
|
||||
return 1;
|
||||
return;
|
||||
}
|
||||
|
||||
static LDOUBLE abs_val(LDOUBLE value)
|
||||
@ -603,7 +578,7 @@ static long roundv(LDOUBLE value)
|
||||
return intpart;
|
||||
}
|
||||
|
||||
static int
|
||||
static void
|
||||
fmtfp(char **sbuffer,
|
||||
char **buffer,
|
||||
size_t *currlen,
|
||||
@ -682,61 +657,47 @@ fmtfp(char **sbuffer,
|
||||
|
||||
if ((flags & DP_F_ZERO) && (padlen > 0)) {
|
||||
if (signvalue) {
|
||||
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
|
||||
return 0;
|
||||
doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
|
||||
--padlen;
|
||||
signvalue = 0;
|
||||
}
|
||||
while (padlen > 0) {
|
||||
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
|
||||
return 0;
|
||||
doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
|
||||
--padlen;
|
||||
}
|
||||
}
|
||||
while (padlen > 0) {
|
||||
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
|
||||
return 0;
|
||||
doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
|
||||
--padlen;
|
||||
}
|
||||
if (signvalue && !doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
|
||||
return 0;
|
||||
if (signvalue)
|
||||
doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
|
||||
|
||||
while (iplace > 0) {
|
||||
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]))
|
||||
return 0;
|
||||
}
|
||||
while (iplace > 0)
|
||||
doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]);
|
||||
|
||||
/*
|
||||
* Decimal point. This should probably use locale to find the correct
|
||||
* char to print out.
|
||||
*/
|
||||
if (max > 0 || (flags & DP_F_NUM)) {
|
||||
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '.'))
|
||||
return 0;
|
||||
doapr_outch(sbuffer, buffer, currlen, maxlen, '.');
|
||||
|
||||
while (fplace > 0) {
|
||||
if(!doapr_outch(sbuffer, buffer, currlen, maxlen,
|
||||
fconvert[--fplace]))
|
||||
return 0;
|
||||
}
|
||||
while (fplace > 0)
|
||||
doapr_outch(sbuffer, buffer, currlen, maxlen, fconvert[--fplace]);
|
||||
}
|
||||
while (zpadlen > 0) {
|
||||
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
|
||||
return 0;
|
||||
doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
|
||||
--zpadlen;
|
||||
}
|
||||
|
||||
while (padlen < 0) {
|
||||
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
|
||||
return 0;
|
||||
doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
|
||||
++padlen;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
#define BUFFER_INC 1024
|
||||
|
||||
static int
|
||||
static void
|
||||
doapr_outch(char **sbuffer,
|
||||
char **buffer, size_t *currlen, size_t *maxlen, int c)
|
||||
{
|
||||
@ -747,25 +708,24 @@ doapr_outch(char **sbuffer,
|
||||
assert(*currlen <= *maxlen);
|
||||
|
||||
if (buffer && *currlen == *maxlen) {
|
||||
if (*maxlen > INT_MAX - BUFFER_INC)
|
||||
return 0;
|
||||
|
||||
*maxlen += BUFFER_INC;
|
||||
*maxlen += 1024;
|
||||
if (*buffer == NULL) {
|
||||
*buffer = OPENSSL_malloc(*maxlen);
|
||||
if (*buffer == NULL)
|
||||
return 0;
|
||||
if (!*buffer) {
|
||||
/* Panic! Can't really do anything sensible. Just return */
|
||||
return;
|
||||
}
|
||||
if (*currlen > 0) {
|
||||
assert(*sbuffer != NULL);
|
||||
memcpy(*buffer, *sbuffer, *currlen);
|
||||
}
|
||||
*sbuffer = NULL;
|
||||
} else {
|
||||
char *tmpbuf;
|
||||
tmpbuf = OPENSSL_realloc(*buffer, *maxlen);
|
||||
if (tmpbuf == NULL)
|
||||
return 0;
|
||||
*buffer = tmpbuf;
|
||||
*buffer = OPENSSL_realloc(*buffer, *maxlen);
|
||||
if (!*buffer) {
|
||||
/* Panic! Can't really do anything sensible. Just return */
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -776,7 +736,7 @@ doapr_outch(char **sbuffer,
|
||||
(*buffer)[(*currlen)++] = (char)c;
|
||||
}
|
||||
|
||||
return 1;
|
||||
return;
|
||||
}
|
||||
|
||||
/***************************************************************************/
|
||||
@ -808,11 +768,7 @@ int BIO_vprintf(BIO *bio, const char *format, va_list args)
|
||||
|
||||
dynbuf = NULL;
|
||||
CRYPTO_push_info("doapr()");
|
||||
if (!_dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format,
|
||||
args)) {
|
||||
OPENSSL_free(dynbuf);
|
||||
return -1;
|
||||
}
|
||||
_dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format, args);
|
||||
if (dynbuf) {
|
||||
ret = BIO_write(bio, dynbuf, (int)retlen);
|
||||
OPENSSL_free(dynbuf);
|
||||
@ -847,8 +803,7 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
|
||||
size_t retlen;
|
||||
int truncated;
|
||||
|
||||
if(!_dopr(&buf, NULL, &n, &retlen, &truncated, format, args))
|
||||
return -1;
|
||||
_dopr(&buf, NULL, &n, &retlen, &truncated, format, args);
|
||||
|
||||
if (truncated)
|
||||
/*
|
||||
|
||||
@ -478,11 +478,11 @@ struct bio_dgram_sctp_prinfo {
|
||||
# define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
|
||||
# define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
|
||||
# define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
|
||||
# define BIO_get_conn_int_port(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
|
||||
# define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0)
|
||||
|
||||
# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
|
||||
|
||||
/* BIO_s_accept() */
|
||||
/* BIO_s_accept_socket() */
|
||||
# define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
|
||||
# define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)
|
||||
/* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
|
||||
@ -495,7 +495,6 @@ struct bio_dgram_sctp_prinfo {
|
||||
# define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
|
||||
# define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
|
||||
|
||||
/* BIO_s_accept() and BIO_s_connect() */
|
||||
# define BIO_do_connect(b) BIO_do_handshake(b)
|
||||
# define BIO_do_accept(b) BIO_do_handshake(b)
|
||||
# define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
|
||||
@ -515,15 +514,12 @@ struct bio_dgram_sctp_prinfo {
|
||||
# define BIO_get_url(b,url) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url))
|
||||
# define BIO_get_no_connect_return(b) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL)
|
||||
|
||||
/* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */
|
||||
# define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
|
||||
# define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
|
||||
|
||||
/* BIO_s_file() */
|
||||
# define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp)
|
||||
# define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp)
|
||||
|
||||
/* BIO_s_fd() and BIO_s_file() */
|
||||
# define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL)
|
||||
# define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)
|
||||
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/bio/bss_bio.c */
|
||||
/* crypto/bio/bss_bio.c -*- Mode: C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
||||
@ -419,7 +419,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
|
||||
{
|
||||
BIO *dbio;
|
||||
int *ip;
|
||||
const char **pptr = NULL;
|
||||
const char **pptr;
|
||||
long ret = 1;
|
||||
BIO_CONNECT *data;
|
||||
|
||||
@ -442,28 +442,19 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
|
||||
case BIO_C_GET_CONNECT:
|
||||
if (ptr != NULL) {
|
||||
pptr = (const char **)ptr;
|
||||
}
|
||||
if (num == 0) {
|
||||
*pptr = data->param_hostname;
|
||||
|
||||
if (b->init) {
|
||||
if (pptr != NULL) {
|
||||
ret = 1;
|
||||
if (num == 0) {
|
||||
*pptr = data->param_hostname;
|
||||
} else if (num == 1) {
|
||||
*pptr = data->param_port;
|
||||
} else if (num == 2) {
|
||||
*pptr = (char *)&(data->ip[0]);
|
||||
} else {
|
||||
ret = 0;
|
||||
}
|
||||
} else if (num == 1) {
|
||||
*pptr = data->param_port;
|
||||
} else if (num == 2) {
|
||||
*pptr = (char *)&(data->ip[0]);
|
||||
} else if (num == 3) {
|
||||
*((int *)ptr) = data->port;
|
||||
}
|
||||
if (num == 3) {
|
||||
ret = data->port;
|
||||
}
|
||||
} else {
|
||||
if (pptr != NULL)
|
||||
if ((!b->init) || (ptr == NULL))
|
||||
*pptr = "not initialized";
|
||||
ret = 0;
|
||||
ret = 1;
|
||||
}
|
||||
break;
|
||||
case BIO_C_SET_CONNECT:
|
||||
|
||||
@ -515,8 +515,10 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
|
||||
switch (cmd) {
|
||||
case BIO_CTRL_RESET:
|
||||
num = 0;
|
||||
case BIO_C_FILE_SEEK:
|
||||
ret = 0;
|
||||
break;
|
||||
case BIO_C_FILE_TELL:
|
||||
case BIO_CTRL_INFO:
|
||||
ret = 0;
|
||||
break;
|
||||
|
||||
@ -243,8 +243,7 @@ bn_exp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
||||
bn_exp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
||||
bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
bn_exp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||
bn_exp.o: ../../include/openssl/symhacks.h ../constant_time_locl.h
|
||||
bn_exp.o: ../cryptlib.h bn_exp.c bn_lcl.h
|
||||
bn_exp.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_exp.c bn_lcl.h
|
||||
bn_exp2.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
||||
bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
||||
bn_exp2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
||||
|
||||
@ -85,21 +85,6 @@ $frame=32; # size of above frame rounded up to 16n
|
||||
|
||||
&and ("esp",-64); # align to cache line
|
||||
|
||||
# Some OSes, *cough*-dows, insist on stack being "wired" to
|
||||
# physical memory in strictly sequential manner, i.e. if stack
|
||||
# allocation spans two pages, then reference to farmost one can
|
||||
# be punishable by SEGV. But page walking can do good even on
|
||||
# other OSes, because it guarantees that villain thread hits
|
||||
# the guard page before it can make damage to innocent one...
|
||||
&mov ("eax","ebp");
|
||||
&sub ("eax","esp");
|
||||
&and ("eax",-4096);
|
||||
&set_label("page_walk");
|
||||
&mov ("edx",&DWP(0,"esp","eax"));
|
||||
&sub ("eax",4096);
|
||||
&data_byte(0x2e);
|
||||
&jnc (&label("page_walk"));
|
||||
|
||||
################################# load argument block...
|
||||
&mov ("eax",&DWP(0*4,"esi"));# BN_ULONG *rp
|
||||
&mov ("ebx",&DWP(1*4,"esi"));# const BN_ULONG *ap
|
||||
|
||||
@ -91,20 +91,6 @@ bn_mul_mont:
|
||||
|
||||
mov %r11,8(%rsp,$num,8) # tp[num+1]=%rsp
|
||||
.Lmul_body:
|
||||
# Some OSes, *cough*-dows, insist on stack being "wired" to
|
||||
# physical memory in strictly sequential manner, i.e. if stack
|
||||
# allocation spans two pages, then reference to farmost one can
|
||||
# be punishable by SEGV. But page walking can do good even on
|
||||
# other OSes, because it guarantees that villain thread hits
|
||||
# the guard page before it can make damage to innocent one...
|
||||
sub %rsp,%r11
|
||||
and \$-4096,%r11
|
||||
.Lmul_page_walk:
|
||||
mov (%rsp,%r11),%r10
|
||||
sub \$4096,%r11
|
||||
.byte 0x66,0x2e # predict non-taken
|
||||
jnc .Lmul_page_walk
|
||||
|
||||
mov $bp,%r12 # reassign $bp
|
||||
___
|
||||
$bp="%r12";
|
||||
@ -310,14 +296,6 @@ bn_mul4x_mont:
|
||||
|
||||
mov %r11,8(%rsp,$num,8) # tp[num+1]=%rsp
|
||||
.Lmul4x_body:
|
||||
sub %rsp,%r11
|
||||
and \$-4096,%r11
|
||||
.Lmul4x_page_walk:
|
||||
mov (%rsp,%r11),%r10
|
||||
sub \$4096,%r11
|
||||
.byte 0x2e # predict non-taken
|
||||
jnc .Lmul4x_page_walk
|
||||
|
||||
mov $rp,16(%rsp,$num,8) # tp[num+2]=$rp
|
||||
mov %rdx,%r12 # reassign $bp
|
||||
___
|
||||
@ -729,7 +707,6 @@ $code.=<<___;
|
||||
.align 16
|
||||
bn_sqr4x_mont:
|
||||
.Lsqr4x_enter:
|
||||
mov %rsp,%rax
|
||||
push %rbx
|
||||
push %rbp
|
||||
push %r12
|
||||
@ -738,23 +715,12 @@ bn_sqr4x_mont:
|
||||
push %r15
|
||||
|
||||
shl \$3,${num}d # convert $num to bytes
|
||||
xor %r10,%r10
|
||||
mov %rsp,%r11 # put aside %rsp
|
||||
neg $num # -$num
|
||||
sub $num,%r10 # -$num
|
||||
mov ($n0),$n0 # *n0
|
||||
lea -72(%rsp,$num,2),%rsp # alloca(frame+2*$num)
|
||||
lea -72(%rsp,%r10,2),%rsp # alloca(frame+2*$num)
|
||||
and \$-1024,%rsp # minimize TLB usage
|
||||
|
||||
sub %rsp,%r11
|
||||
and \$-4096,%r11
|
||||
.Lsqr4x_page_walk:
|
||||
mov (%rsp,%r11),%r10
|
||||
sub \$4096,%r11
|
||||
.byte 0x2e # predict non-taken
|
||||
jnc .Lsqr4x_page_walk
|
||||
|
||||
mov $num,%r10
|
||||
neg $num # restore $num
|
||||
lea -48(%rax),%r11 # restore saved %rsp
|
||||
##############################################################
|
||||
# Stack layout
|
||||
#
|
||||
|
||||
@ -66,127 +66,60 @@ bn_mul_mont_gather5:
|
||||
.align 16
|
||||
.Lmul_enter:
|
||||
mov ${num}d,${num}d
|
||||
movd `($win64?56:8)`(%rsp),%xmm5 # load 7th argument
|
||||
lea .Linc(%rip),%r10
|
||||
mov `($win64?56:8)`(%rsp),%r10d # load 7th argument
|
||||
push %rbx
|
||||
push %rbp
|
||||
push %r12
|
||||
push %r13
|
||||
push %r14
|
||||
push %r15
|
||||
|
||||
___
|
||||
$code.=<<___ if ($win64);
|
||||
lea -0x28(%rsp),%rsp
|
||||
movaps %xmm6,(%rsp)
|
||||
movaps %xmm7,0x10(%rsp)
|
||||
.Lmul_alloca:
|
||||
___
|
||||
$code.=<<___;
|
||||
mov %rsp,%rax
|
||||
lea 2($num),%r11
|
||||
neg %r11
|
||||
lea -264(%rsp,%r11,8),%rsp # tp=alloca(8*(num+2)+256+8)
|
||||
lea (%rsp,%r11,8),%rsp # tp=alloca(8*(num+2))
|
||||
and \$-1024,%rsp # minimize TLB usage
|
||||
|
||||
mov %rax,8(%rsp,$num,8) # tp[num+1]=%rsp
|
||||
.Lmul_body:
|
||||
# Some OSes, *cough*-dows, insist on stack being "wired" to
|
||||
# physical memory in strictly sequential manner, i.e. if stack
|
||||
# allocation spans two pages, then reference to farmost one can
|
||||
# be punishable by SEGV. But page walking can do good even on
|
||||
# other OSes, because it guarantees that villain thread hits
|
||||
# the guard page before it can make damage to innocent one...
|
||||
sub %rsp,%rax
|
||||
and \$-4096,%rax
|
||||
.Lmul_page_walk:
|
||||
mov (%rsp,%rax),%r11
|
||||
sub \$4096,%rax
|
||||
.byte 0x2e # predict non-taken
|
||||
jnc .Lmul_page_walk
|
||||
|
||||
lea 128($bp),%r12 # reassign $bp (+size optimization)
|
||||
mov $bp,%r12 # reassign $bp
|
||||
___
|
||||
$bp="%r12";
|
||||
$STRIDE=2**5*8; # 5 is "window size"
|
||||
$N=$STRIDE/4; # should match cache line size
|
||||
$code.=<<___;
|
||||
movdqa 0(%r10),%xmm0 # 00000001000000010000000000000000
|
||||
movdqa 16(%r10),%xmm1 # 00000002000000020000000200000002
|
||||
lea 24-112(%rsp,$num,8),%r10# place the mask after tp[num+3] (+ICache optimization)
|
||||
and \$-16,%r10
|
||||
mov %r10,%r11
|
||||
shr \$`log($N/8)/log(2)`,%r10
|
||||
and \$`$N/8-1`,%r11
|
||||
not %r10
|
||||
lea .Lmagic_masks(%rip),%rax
|
||||
and \$`2**5/($N/8)-1`,%r10 # 5 is "window size"
|
||||
lea 96($bp,%r11,8),$bp # pointer within 1st cache line
|
||||
movq 0(%rax,%r10,8),%xmm4 # set of masks denoting which
|
||||
movq 8(%rax,%r10,8),%xmm5 # cache line contains element
|
||||
movq 16(%rax,%r10,8),%xmm6 # denoted by 7th argument
|
||||
movq 24(%rax,%r10,8),%xmm7
|
||||
|
||||
pshufd \$0,%xmm5,%xmm5 # broadcast index
|
||||
movdqa %xmm1,%xmm4
|
||||
movdqa %xmm1,%xmm2
|
||||
___
|
||||
########################################################################
|
||||
# calculate mask by comparing 0..31 to index and save result to stack
|
||||
#
|
||||
$code.=<<___;
|
||||
paddd %xmm0,%xmm1
|
||||
pcmpeqd %xmm5,%xmm0 # compare to 1,0
|
||||
.byte 0x67
|
||||
movdqa %xmm4,%xmm3
|
||||
___
|
||||
for($k=0;$k<$STRIDE/16-4;$k+=4) {
|
||||
$code.=<<___;
|
||||
paddd %xmm1,%xmm2
|
||||
pcmpeqd %xmm5,%xmm1 # compare to 3,2
|
||||
movdqa %xmm0,`16*($k+0)+112`(%r10)
|
||||
movdqa %xmm4,%xmm0
|
||||
|
||||
paddd %xmm2,%xmm3
|
||||
pcmpeqd %xmm5,%xmm2 # compare to 5,4
|
||||
movdqa %xmm1,`16*($k+1)+112`(%r10)
|
||||
movdqa %xmm4,%xmm1
|
||||
|
||||
paddd %xmm3,%xmm0
|
||||
pcmpeqd %xmm5,%xmm3 # compare to 7,6
|
||||
movdqa %xmm2,`16*($k+2)+112`(%r10)
|
||||
movdqa %xmm4,%xmm2
|
||||
|
||||
paddd %xmm0,%xmm1
|
||||
pcmpeqd %xmm5,%xmm0
|
||||
movdqa %xmm3,`16*($k+3)+112`(%r10)
|
||||
movdqa %xmm4,%xmm3
|
||||
___
|
||||
}
|
||||
$code.=<<___; # last iteration can be optimized
|
||||
paddd %xmm1,%xmm2
|
||||
pcmpeqd %xmm5,%xmm1
|
||||
movdqa %xmm0,`16*($k+0)+112`(%r10)
|
||||
|
||||
paddd %xmm2,%xmm3
|
||||
.byte 0x67
|
||||
pcmpeqd %xmm5,%xmm2
|
||||
movdqa %xmm1,`16*($k+1)+112`(%r10)
|
||||
|
||||
pcmpeqd %xmm5,%xmm3
|
||||
movdqa %xmm2,`16*($k+2)+112`(%r10)
|
||||
pand `16*($k+0)-128`($bp),%xmm0 # while it's still in register
|
||||
|
||||
pand `16*($k+1)-128`($bp),%xmm1
|
||||
pand `16*($k+2)-128`($bp),%xmm2
|
||||
movdqa %xmm3,`16*($k+3)+112`(%r10)
|
||||
pand `16*($k+3)-128`($bp),%xmm3
|
||||
por %xmm2,%xmm0
|
||||
por %xmm3,%xmm1
|
||||
___
|
||||
for($k=0;$k<$STRIDE/16-4;$k+=4) {
|
||||
$code.=<<___;
|
||||
movdqa `16*($k+0)-128`($bp),%xmm4
|
||||
movdqa `16*($k+1)-128`($bp),%xmm5
|
||||
movdqa `16*($k+2)-128`($bp),%xmm2
|
||||
pand `16*($k+0)+112`(%r10),%xmm4
|
||||
movdqa `16*($k+3)-128`($bp),%xmm3
|
||||
pand `16*($k+1)+112`(%r10),%xmm5
|
||||
por %xmm4,%xmm0
|
||||
pand `16*($k+2)+112`(%r10),%xmm2
|
||||
por %xmm5,%xmm1
|
||||
pand `16*($k+3)+112`(%r10),%xmm3
|
||||
por %xmm2,%xmm0
|
||||
por %xmm3,%xmm1
|
||||
___
|
||||
}
|
||||
$code.=<<___;
|
||||
por %xmm1,%xmm0
|
||||
pshufd \$0x4e,%xmm0,%xmm1
|
||||
movq `0*$STRIDE/4-96`($bp),%xmm0
|
||||
movq `1*$STRIDE/4-96`($bp),%xmm1
|
||||
pand %xmm4,%xmm0
|
||||
movq `2*$STRIDE/4-96`($bp),%xmm2
|
||||
pand %xmm5,%xmm1
|
||||
movq `3*$STRIDE/4-96`($bp),%xmm3
|
||||
pand %xmm6,%xmm2
|
||||
por %xmm1,%xmm0
|
||||
pand %xmm7,%xmm3
|
||||
por %xmm2,%xmm0
|
||||
lea $STRIDE($bp),$bp
|
||||
por %xmm3,%xmm0
|
||||
|
||||
movq %xmm0,$m0 # m0=bp[0]
|
||||
|
||||
mov ($n0),$n0 # pull n0[0] value
|
||||
@ -195,14 +128,29 @@ $code.=<<___;
|
||||
xor $i,$i # i=0
|
||||
xor $j,$j # j=0
|
||||
|
||||
movq `0*$STRIDE/4-96`($bp),%xmm0
|
||||
movq `1*$STRIDE/4-96`($bp),%xmm1
|
||||
pand %xmm4,%xmm0
|
||||
movq `2*$STRIDE/4-96`($bp),%xmm2
|
||||
pand %xmm5,%xmm1
|
||||
|
||||
mov $n0,$m1
|
||||
mulq $m0 # ap[0]*bp[0]
|
||||
mov %rax,$lo0
|
||||
mov ($np),%rax
|
||||
|
||||
movq `3*$STRIDE/4-96`($bp),%xmm3
|
||||
pand %xmm6,%xmm2
|
||||
por %xmm1,%xmm0
|
||||
pand %xmm7,%xmm3
|
||||
|
||||
imulq $lo0,$m1 # "tp[0]"*n0
|
||||
mov %rdx,$hi0
|
||||
|
||||
por %xmm2,%xmm0
|
||||
lea $STRIDE($bp),$bp
|
||||
por %xmm3,%xmm0
|
||||
|
||||
mulq $m1 # np[0]*m1
|
||||
add %rax,$lo0 # discarded
|
||||
mov 8($ap),%rax
|
||||
@ -235,6 +183,8 @@ $code.=<<___;
|
||||
cmp $num,$j
|
||||
jne .L1st
|
||||
|
||||
movq %xmm0,$m0 # bp[1]
|
||||
|
||||
add %rax,$hi1
|
||||
mov ($ap),%rax # ap[0]
|
||||
adc \$0,%rdx
|
||||
@ -254,46 +204,33 @@ $code.=<<___;
|
||||
jmp .Louter
|
||||
.align 16
|
||||
.Louter:
|
||||
lea 24+128(%rsp,$num,8),%rdx # where 256-byte mask is (+size optimization)
|
||||
and \$-16,%rdx
|
||||
pxor %xmm4,%xmm4
|
||||
pxor %xmm5,%xmm5
|
||||
___
|
||||
for($k=0;$k<$STRIDE/16;$k+=4) {
|
||||
$code.=<<___;
|
||||
movdqa `16*($k+0)-128`($bp),%xmm0
|
||||
movdqa `16*($k+1)-128`($bp),%xmm1
|
||||
movdqa `16*($k+2)-128`($bp),%xmm2
|
||||
movdqa `16*($k+3)-128`($bp),%xmm3
|
||||
pand `16*($k+0)-128`(%rdx),%xmm0
|
||||
pand `16*($k+1)-128`(%rdx),%xmm1
|
||||
por %xmm0,%xmm4
|
||||
pand `16*($k+2)-128`(%rdx),%xmm2
|
||||
por %xmm1,%xmm5
|
||||
pand `16*($k+3)-128`(%rdx),%xmm3
|
||||
por %xmm2,%xmm4
|
||||
por %xmm3,%xmm5
|
||||
___
|
||||
}
|
||||
$code.=<<___;
|
||||
por %xmm5,%xmm4
|
||||
pshufd \$0x4e,%xmm4,%xmm0
|
||||
por %xmm4,%xmm0
|
||||
lea $STRIDE($bp),$bp
|
||||
movq %xmm0,$m0 # m0=bp[i]
|
||||
|
||||
xor $j,$j # j=0
|
||||
mov $n0,$m1
|
||||
mov (%rsp),$lo0
|
||||
|
||||
movq `0*$STRIDE/4-96`($bp),%xmm0
|
||||
movq `1*$STRIDE/4-96`($bp),%xmm1
|
||||
pand %xmm4,%xmm0
|
||||
movq `2*$STRIDE/4-96`($bp),%xmm2
|
||||
pand %xmm5,%xmm1
|
||||
|
||||
mulq $m0 # ap[0]*bp[i]
|
||||
add %rax,$lo0 # ap[0]*bp[i]+tp[0]
|
||||
mov ($np),%rax
|
||||
adc \$0,%rdx
|
||||
|
||||
movq `3*$STRIDE/4-96`($bp),%xmm3
|
||||
pand %xmm6,%xmm2
|
||||
por %xmm1,%xmm0
|
||||
pand %xmm7,%xmm3
|
||||
|
||||
imulq $lo0,$m1 # tp[0]*n0
|
||||
mov %rdx,$hi0
|
||||
|
||||
por %xmm2,%xmm0
|
||||
lea $STRIDE($bp),$bp
|
||||
por %xmm3,%xmm0
|
||||
|
||||
mulq $m1 # np[0]*m1
|
||||
add %rax,$lo0 # discarded
|
||||
mov 8($ap),%rax
|
||||
@ -329,6 +266,8 @@ $code.=<<___;
|
||||
cmp $num,$j
|
||||
jne .Linner
|
||||
|
||||
movq %xmm0,$m0 # bp[i+1]
|
||||
|
||||
add %rax,$hi1
|
||||
mov ($ap),%rax # ap[0]
|
||||
adc \$0,%rdx
|
||||
@ -382,7 +321,13 @@ $code.=<<___;
|
||||
|
||||
mov 8(%rsp,$num,8),%rsi # restore %rsp
|
||||
mov \$1,%rax
|
||||
|
||||
___
|
||||
$code.=<<___ if ($win64);
|
||||
movaps (%rsi),%xmm6
|
||||
movaps 0x10(%rsi),%xmm7
|
||||
lea 0x28(%rsi),%rsi
|
||||
___
|
||||
$code.=<<___;
|
||||
mov (%rsi),%r15
|
||||
mov 8(%rsi),%r14
|
||||
mov 16(%rsi),%r13
|
||||
@ -403,138 +348,91 @@ $code.=<<___;
|
||||
bn_mul4x_mont_gather5:
|
||||
.Lmul4x_enter:
|
||||
mov ${num}d,${num}d
|
||||
movd `($win64?56:8)`(%rsp),%xmm5 # load 7th argument
|
||||
lea .Linc(%rip),%r10
|
||||
mov `($win64?56:8)`(%rsp),%r10d # load 7th argument
|
||||
push %rbx
|
||||
push %rbp
|
||||
push %r12
|
||||
push %r13
|
||||
push %r14
|
||||
push %r15
|
||||
|
||||
___
|
||||
$code.=<<___ if ($win64);
|
||||
lea -0x28(%rsp),%rsp
|
||||
movaps %xmm6,(%rsp)
|
||||
movaps %xmm7,0x10(%rsp)
|
||||
.Lmul4x_alloca:
|
||||
___
|
||||
$code.=<<___;
|
||||
mov %rsp,%rax
|
||||
lea 4($num),%r11
|
||||
neg %r11
|
||||
lea -256(%rsp,%r11,8),%rsp # tp=alloca(8*(num+4)+256)
|
||||
lea (%rsp,%r11,8),%rsp # tp=alloca(8*(num+4))
|
||||
and \$-1024,%rsp # minimize TLB usage
|
||||
|
||||
mov %rax,8(%rsp,$num,8) # tp[num+1]=%rsp
|
||||
.Lmul4x_body:
|
||||
sub %rsp,%rax
|
||||
and \$-4096,%rax
|
||||
.Lmul4x_page_walk:
|
||||
mov (%rsp,%rax),%r11
|
||||
sub \$4096,%rax
|
||||
.byte 0x2e # predict non-taken
|
||||
jnc .Lmul4x_page_walk
|
||||
|
||||
mov $rp,16(%rsp,$num,8) # tp[num+2]=$rp
|
||||
lea 128(%rdx),%r12 # reassign $bp (+size optimization)
|
||||
mov %rdx,%r12 # reassign $bp
|
||||
___
|
||||
$bp="%r12";
|
||||
$STRIDE=2**5*8; # 5 is "window size"
|
||||
$N=$STRIDE/4; # should match cache line size
|
||||
$code.=<<___;
|
||||
movdqa 0(%r10),%xmm0 # 00000001000000010000000000000000
|
||||
movdqa 16(%r10),%xmm1 # 00000002000000020000000200000002
|
||||
lea 32-112(%rsp,$num,8),%r10# place the mask after tp[num+4] (+ICache optimization)
|
||||
mov %r10,%r11
|
||||
shr \$`log($N/8)/log(2)`,%r10
|
||||
and \$`$N/8-1`,%r11
|
||||
not %r10
|
||||
lea .Lmagic_masks(%rip),%rax
|
||||
and \$`2**5/($N/8)-1`,%r10 # 5 is "window size"
|
||||
lea 96($bp,%r11,8),$bp # pointer within 1st cache line
|
||||
movq 0(%rax,%r10,8),%xmm4 # set of masks denoting which
|
||||
movq 8(%rax,%r10,8),%xmm5 # cache line contains element
|
||||
movq 16(%rax,%r10,8),%xmm6 # denoted by 7th argument
|
||||
movq 24(%rax,%r10,8),%xmm7
|
||||
|
||||
pshufd \$0,%xmm5,%xmm5 # broadcast index
|
||||
movdqa %xmm1,%xmm4
|
||||
.byte 0x67,0x67
|
||||
movdqa %xmm1,%xmm2
|
||||
___
|
||||
########################################################################
|
||||
# calculate mask by comparing 0..31 to index and save result to stack
|
||||
#
|
||||
$code.=<<___;
|
||||
paddd %xmm0,%xmm1
|
||||
pcmpeqd %xmm5,%xmm0 # compare to 1,0
|
||||
.byte 0x67
|
||||
movdqa %xmm4,%xmm3
|
||||
___
|
||||
for($k=0;$k<$STRIDE/16-4;$k+=4) {
|
||||
$code.=<<___;
|
||||
paddd %xmm1,%xmm2
|
||||
pcmpeqd %xmm5,%xmm1 # compare to 3,2
|
||||
movdqa %xmm0,`16*($k+0)+112`(%r10)
|
||||
movdqa %xmm4,%xmm0
|
||||
|
||||
paddd %xmm2,%xmm3
|
||||
pcmpeqd %xmm5,%xmm2 # compare to 5,4
|
||||
movdqa %xmm1,`16*($k+1)+112`(%r10)
|
||||
movdqa %xmm4,%xmm1
|
||||
|
||||
paddd %xmm3,%xmm0
|
||||
pcmpeqd %xmm5,%xmm3 # compare to 7,6
|
||||
movdqa %xmm2,`16*($k+2)+112`(%r10)
|
||||
movdqa %xmm4,%xmm2
|
||||
|
||||
paddd %xmm0,%xmm1
|
||||
pcmpeqd %xmm5,%xmm0
|
||||
movdqa %xmm3,`16*($k+3)+112`(%r10)
|
||||
movdqa %xmm4,%xmm3
|
||||
___
|
||||
}
|
||||
$code.=<<___; # last iteration can be optimized
|
||||
paddd %xmm1,%xmm2
|
||||
pcmpeqd %xmm5,%xmm1
|
||||
movdqa %xmm0,`16*($k+0)+112`(%r10)
|
||||
|
||||
paddd %xmm2,%xmm3
|
||||
.byte 0x67
|
||||
pcmpeqd %xmm5,%xmm2
|
||||
movdqa %xmm1,`16*($k+1)+112`(%r10)
|
||||
|
||||
pcmpeqd %xmm5,%xmm3
|
||||
movdqa %xmm2,`16*($k+2)+112`(%r10)
|
||||
pand `16*($k+0)-128`($bp),%xmm0 # while it's still in register
|
||||
|
||||
pand `16*($k+1)-128`($bp),%xmm1
|
||||
pand `16*($k+2)-128`($bp),%xmm2
|
||||
movdqa %xmm3,`16*($k+3)+112`(%r10)
|
||||
pand `16*($k+3)-128`($bp),%xmm3
|
||||
por %xmm2,%xmm0
|
||||
por %xmm3,%xmm1
|
||||
___
|
||||
for($k=0;$k<$STRIDE/16-4;$k+=4) {
|
||||
$code.=<<___;
|
||||
movdqa `16*($k+0)-128`($bp),%xmm4
|
||||
movdqa `16*($k+1)-128`($bp),%xmm5
|
||||
movdqa `16*($k+2)-128`($bp),%xmm2
|
||||
pand `16*($k+0)+112`(%r10),%xmm4
|
||||
movdqa `16*($k+3)-128`($bp),%xmm3
|
||||
pand `16*($k+1)+112`(%r10),%xmm5
|
||||
por %xmm4,%xmm0
|
||||
pand `16*($k+2)+112`(%r10),%xmm2
|
||||
por %xmm5,%xmm1
|
||||
pand `16*($k+3)+112`(%r10),%xmm3
|
||||
por %xmm2,%xmm0
|
||||
por %xmm3,%xmm1
|
||||
___
|
||||
}
|
||||
$code.=<<___;
|
||||
por %xmm1,%xmm0
|
||||
pshufd \$0x4e,%xmm0,%xmm1
|
||||
movq `0*$STRIDE/4-96`($bp),%xmm0
|
||||
movq `1*$STRIDE/4-96`($bp),%xmm1
|
||||
pand %xmm4,%xmm0
|
||||
movq `2*$STRIDE/4-96`($bp),%xmm2
|
||||
pand %xmm5,%xmm1
|
||||
movq `3*$STRIDE/4-96`($bp),%xmm3
|
||||
pand %xmm6,%xmm2
|
||||
por %xmm1,%xmm0
|
||||
pand %xmm7,%xmm3
|
||||
por %xmm2,%xmm0
|
||||
lea $STRIDE($bp),$bp
|
||||
movq %xmm0,$m0 # m0=bp[0]
|
||||
por %xmm3,%xmm0
|
||||
|
||||
movq %xmm0,$m0 # m0=bp[0]
|
||||
mov ($n0),$n0 # pull n0[0] value
|
||||
mov ($ap),%rax
|
||||
|
||||
xor $i,$i # i=0
|
||||
xor $j,$j # j=0
|
||||
|
||||
movq `0*$STRIDE/4-96`($bp),%xmm0
|
||||
movq `1*$STRIDE/4-96`($bp),%xmm1
|
||||
pand %xmm4,%xmm0
|
||||
movq `2*$STRIDE/4-96`($bp),%xmm2
|
||||
pand %xmm5,%xmm1
|
||||
|
||||
mov $n0,$m1
|
||||
mulq $m0 # ap[0]*bp[0]
|
||||
mov %rax,$A[0]
|
||||
mov ($np),%rax
|
||||
|
||||
movq `3*$STRIDE/4-96`($bp),%xmm3
|
||||
pand %xmm6,%xmm2
|
||||
por %xmm1,%xmm0
|
||||
pand %xmm7,%xmm3
|
||||
|
||||
imulq $A[0],$m1 # "tp[0]"*n0
|
||||
mov %rdx,$A[1]
|
||||
|
||||
por %xmm2,%xmm0
|
||||
lea $STRIDE($bp),$bp
|
||||
por %xmm3,%xmm0
|
||||
|
||||
mulq $m1 # np[0]*m1
|
||||
add %rax,$A[0] # discarded
|
||||
mov 8($ap),%rax
|
||||
@ -652,6 +550,8 @@ $code.=<<___;
|
||||
mov $N[1],-16(%rsp,$j,8) # tp[j-1]
|
||||
mov %rdx,$N[0]
|
||||
|
||||
movq %xmm0,$m0 # bp[1]
|
||||
|
||||
xor $N[1],$N[1]
|
||||
add $A[0],$N[0]
|
||||
adc \$0,$N[1]
|
||||
@ -661,34 +561,12 @@ $code.=<<___;
|
||||
lea 1($i),$i # i++
|
||||
.align 4
|
||||
.Louter4x:
|
||||
lea 32+128(%rsp,$num,8),%rdx # where 256-byte mask is (+size optimization)
|
||||
pxor %xmm4,%xmm4
|
||||
pxor %xmm5,%xmm5
|
||||
___
|
||||
for($k=0;$k<$STRIDE/16;$k+=4) {
|
||||
$code.=<<___;
|
||||
movdqa `16*($k+0)-128`($bp),%xmm0
|
||||
movdqa `16*($k+1)-128`($bp),%xmm1
|
||||
movdqa `16*($k+2)-128`($bp),%xmm2
|
||||
movdqa `16*($k+3)-128`($bp),%xmm3
|
||||
pand `16*($k+0)-128`(%rdx),%xmm0
|
||||
pand `16*($k+1)-128`(%rdx),%xmm1
|
||||
por %xmm0,%xmm4
|
||||
pand `16*($k+2)-128`(%rdx),%xmm2
|
||||
por %xmm1,%xmm5
|
||||
pand `16*($k+3)-128`(%rdx),%xmm3
|
||||
por %xmm2,%xmm4
|
||||
por %xmm3,%xmm5
|
||||
___
|
||||
}
|
||||
$code.=<<___;
|
||||
por %xmm5,%xmm4
|
||||
pshufd \$0x4e,%xmm4,%xmm0
|
||||
por %xmm4,%xmm0
|
||||
lea $STRIDE($bp),$bp
|
||||
movq %xmm0,$m0 # m0=bp[i]
|
||||
|
||||
xor $j,$j # j=0
|
||||
movq `0*$STRIDE/4-96`($bp),%xmm0
|
||||
movq `1*$STRIDE/4-96`($bp),%xmm1
|
||||
pand %xmm4,%xmm0
|
||||
movq `2*$STRIDE/4-96`($bp),%xmm2
|
||||
pand %xmm5,%xmm1
|
||||
|
||||
mov (%rsp),$A[0]
|
||||
mov $n0,$m1
|
||||
@ -697,9 +575,18 @@ $code.=<<___;
|
||||
mov ($np),%rax
|
||||
adc \$0,%rdx
|
||||
|
||||
movq `3*$STRIDE/4-96`($bp),%xmm3
|
||||
pand %xmm6,%xmm2
|
||||
por %xmm1,%xmm0
|
||||
pand %xmm7,%xmm3
|
||||
|
||||
imulq $A[0],$m1 # tp[0]*n0
|
||||
mov %rdx,$A[1]
|
||||
|
||||
por %xmm2,%xmm0
|
||||
lea $STRIDE($bp),$bp
|
||||
por %xmm3,%xmm0
|
||||
|
||||
mulq $m1 # np[0]*m1
|
||||
add %rax,$A[0] # "$N[0]", discarded
|
||||
mov 8($ap),%rax
|
||||
@ -831,6 +718,7 @@ $code.=<<___;
|
||||
mov $N[0],-24(%rsp,$j,8) # tp[j-1]
|
||||
mov %rdx,$N[0]
|
||||
|
||||
movq %xmm0,$m0 # bp[i+1]
|
||||
mov $N[1],-16(%rsp,$j,8) # tp[j-1]
|
||||
|
||||
xor $N[1],$N[1]
|
||||
@ -921,7 +809,13 @@ ___
|
||||
$code.=<<___;
|
||||
mov 8(%rsp,$num,8),%rsi # restore %rsp
|
||||
mov \$1,%rax
|
||||
|
||||
___
|
||||
$code.=<<___ if ($win64);
|
||||
movaps (%rsi),%xmm6
|
||||
movaps 0x10(%rsi),%xmm7
|
||||
lea 0x28(%rsi),%rsi
|
||||
___
|
||||
$code.=<<___;
|
||||
mov (%rsi),%r15
|
||||
mov 8(%rsi),%r14
|
||||
mov 16(%rsi),%r13
|
||||
@ -936,8 +830,8 @@ ___
|
||||
}}}
|
||||
|
||||
{
|
||||
my ($inp,$num,$tbl,$idx)=$win64?("%rcx","%rdx","%r8", "%r9d") : # Win64 order
|
||||
("%rdi","%rsi","%rdx","%ecx"); # Unix order
|
||||
my ($inp,$num,$tbl,$idx)=$win64?("%rcx","%rdx","%r8", "%r9") : # Win64 order
|
||||
("%rdi","%rsi","%rdx","%rcx"); # Unix order
|
||||
my $out=$inp;
|
||||
my $STRIDE=2**5*8;
|
||||
my $N=$STRIDE/4;
|
||||
@ -965,89 +859,53 @@ bn_scatter5:
|
||||
.type bn_gather5,\@abi-omnipotent
|
||||
.align 16
|
||||
bn_gather5:
|
||||
.LSEH_begin_bn_gather5: # Win64 thing, but harmless in other cases
|
||||
___
|
||||
$code.=<<___ if ($win64);
|
||||
.LSEH_begin_bn_gather5:
|
||||
# I can't trust assembler to use specific encoding:-(
|
||||
.byte 0x4c,0x8d,0x14,0x24 # lea (%rsp),%r10
|
||||
.byte 0x48,0x81,0xec,0x08,0x01,0x00,0x00 # sub $0x108,%rsp
|
||||
lea .Linc(%rip),%rax
|
||||
and \$-16,%rsp # shouldn't be formally required
|
||||
|
||||
movd $idx,%xmm5
|
||||
movdqa 0(%rax),%xmm0 # 00000001000000010000000000000000
|
||||
movdqa 16(%rax),%xmm1 # 00000002000000020000000200000002
|
||||
lea 128($tbl),%r11 # size optimization
|
||||
lea 128(%rsp),%rax # size optimization
|
||||
|
||||
pshufd \$0,%xmm5,%xmm5 # broadcast $idx
|
||||
movdqa %xmm1,%xmm4
|
||||
movdqa %xmm1,%xmm2
|
||||
___
|
||||
########################################################################
|
||||
# calculate mask by comparing 0..31 to $idx and save result to stack
|
||||
#
|
||||
for($i=0;$i<$STRIDE/16;$i+=4) {
|
||||
$code.=<<___;
|
||||
paddd %xmm0,%xmm1
|
||||
pcmpeqd %xmm5,%xmm0 # compare to 1,0
|
||||
___
|
||||
$code.=<<___ if ($i);
|
||||
movdqa %xmm3,`16*($i-1)-128`(%rax)
|
||||
.byte 0x48,0x83,0xec,0x28 #sub \$0x28,%rsp
|
||||
.byte 0x0f,0x29,0x34,0x24 #movaps %xmm6,(%rsp)
|
||||
.byte 0x0f,0x29,0x7c,0x24,0x10 #movdqa %xmm7,0x10(%rsp)
|
||||
___
|
||||
$code.=<<___;
|
||||
movdqa %xmm4,%xmm3
|
||||
|
||||
paddd %xmm1,%xmm2
|
||||
pcmpeqd %xmm5,%xmm1 # compare to 3,2
|
||||
movdqa %xmm0,`16*($i+0)-128`(%rax)
|
||||
movdqa %xmm4,%xmm0
|
||||
|
||||
paddd %xmm2,%xmm3
|
||||
pcmpeqd %xmm5,%xmm2 # compare to 5,4
|
||||
movdqa %xmm1,`16*($i+1)-128`(%rax)
|
||||
movdqa %xmm4,%xmm1
|
||||
|
||||
paddd %xmm3,%xmm0
|
||||
pcmpeqd %xmm5,%xmm3 # compare to 7,6
|
||||
movdqa %xmm2,`16*($i+2)-128`(%rax)
|
||||
movdqa %xmm4,%xmm2
|
||||
___
|
||||
}
|
||||
$code.=<<___;
|
||||
movdqa %xmm3,`16*($i-1)-128`(%rax)
|
||||
mov $idx,%r11
|
||||
shr \$`log($N/8)/log(2)`,$idx
|
||||
and \$`$N/8-1`,%r11
|
||||
not $idx
|
||||
lea .Lmagic_masks(%rip),%rax
|
||||
and \$`2**5/($N/8)-1`,$idx # 5 is "window size"
|
||||
lea 96($tbl,%r11,8),$tbl # pointer within 1st cache line
|
||||
movq 0(%rax,$idx,8),%xmm4 # set of masks denoting which
|
||||
movq 8(%rax,$idx,8),%xmm5 # cache line contains element
|
||||
movq 16(%rax,$idx,8),%xmm6 # denoted by 7th argument
|
||||
movq 24(%rax,$idx,8),%xmm7
|
||||
jmp .Lgather
|
||||
|
||||
.align 32
|
||||
.align 16
|
||||
.Lgather:
|
||||
pxor %xmm4,%xmm4
|
||||
pxor %xmm5,%xmm5
|
||||
___
|
||||
for($i=0;$i<$STRIDE/16;$i+=4) {
|
||||
$code.=<<___;
|
||||
movdqa `16*($i+0)-128`(%r11),%xmm0
|
||||
movdqa `16*($i+1)-128`(%r11),%xmm1
|
||||
movdqa `16*($i+2)-128`(%r11),%xmm2
|
||||
pand `16*($i+0)-128`(%rax),%xmm0
|
||||
movdqa `16*($i+3)-128`(%r11),%xmm3
|
||||
pand `16*($i+1)-128`(%rax),%xmm1
|
||||
por %xmm0,%xmm4
|
||||
pand `16*($i+2)-128`(%rax),%xmm2
|
||||
por %xmm1,%xmm5
|
||||
pand `16*($i+3)-128`(%rax),%xmm3
|
||||
por %xmm2,%xmm4
|
||||
por %xmm3,%xmm5
|
||||
___
|
||||
}
|
||||
$code.=<<___;
|
||||
por %xmm5,%xmm4
|
||||
lea $STRIDE(%r11),%r11
|
||||
pshufd \$0x4e,%xmm4,%xmm0
|
||||
por %xmm4,%xmm0
|
||||
movq `0*$STRIDE/4-96`($tbl),%xmm0
|
||||
movq `1*$STRIDE/4-96`($tbl),%xmm1
|
||||
pand %xmm4,%xmm0
|
||||
movq `2*$STRIDE/4-96`($tbl),%xmm2
|
||||
pand %xmm5,%xmm1
|
||||
movq `3*$STRIDE/4-96`($tbl),%xmm3
|
||||
pand %xmm6,%xmm2
|
||||
por %xmm1,%xmm0
|
||||
pand %xmm7,%xmm3
|
||||
por %xmm2,%xmm0
|
||||
lea $STRIDE($tbl),$tbl
|
||||
por %xmm3,%xmm0
|
||||
|
||||
movq %xmm0,($out) # m0=bp[0]
|
||||
lea 8($out),$out
|
||||
sub \$1,$num
|
||||
jnz .Lgather
|
||||
|
||||
lea (%r10),%rsp
|
||||
___
|
||||
$code.=<<___ if ($win64);
|
||||
movaps (%rsp),%xmm6
|
||||
movaps 0x10(%rsp),%xmm7
|
||||
lea 0x28(%rsp),%rsp
|
||||
___
|
||||
$code.=<<___;
|
||||
ret
|
||||
.LSEH_end_bn_gather5:
|
||||
.size bn_gather5,.-bn_gather5
|
||||
@ -1055,9 +913,9 @@ ___
|
||||
}
|
||||
$code.=<<___;
|
||||
.align 64
|
||||
.Linc:
|
||||
.long 0,0, 1,1
|
||||
.long 2,2, 2,2
|
||||
.Lmagic_masks:
|
||||
.long 0,0, 0,0, 0,0, -1,-1
|
||||
.long 0,0, 0,0, 0,0, 0,0
|
||||
.asciz "Montgomery Multiplication with scatter/gather for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
|
||||
___
|
||||
|
||||
@ -1096,7 +954,7 @@ mul_handler:
|
||||
cmp %r10,%rbx # context->Rip<end of prologue label
|
||||
jb .Lcommon_seh_tail
|
||||
|
||||
lea 48(%rax),%rax
|
||||
lea `40+48`(%rax),%rax
|
||||
|
||||
mov 4(%r11),%r10d # HandlerData[1]
|
||||
lea (%rsi,%r10),%r10 # end of alloca label
|
||||
@ -1113,7 +971,9 @@ mul_handler:
|
||||
mov 192($context),%r10 # pull $num
|
||||
mov 8(%rax,%r10,8),%rax # pull saved stack pointer
|
||||
|
||||
lea 48(%rax),%rax
|
||||
movaps (%rax),%xmm0
|
||||
movaps 16(%rax),%xmm1
|
||||
lea `40+48`(%rax),%rax
|
||||
|
||||
mov -8(%rax),%rbx
|
||||
mov -16(%rax),%rbp
|
||||
@ -1127,6 +987,8 @@ mul_handler:
|
||||
mov %r13,224($context) # restore context->R13
|
||||
mov %r14,232($context) # restore context->R14
|
||||
mov %r15,240($context) # restore context->R15
|
||||
movups %xmm0,512($context) # restore context->Xmm6
|
||||
movups %xmm1,528($context) # restore context->Xmm7
|
||||
|
||||
.Lcommon_seh_tail:
|
||||
mov 8(%rax),%rdi
|
||||
@ -1195,9 +1057,10 @@ mul_handler:
|
||||
.rva .Lmul4x_alloca,.Lmul4x_body,.Lmul4x_epilogue # HandlerData[]
|
||||
.align 8
|
||||
.LSEH_info_bn_gather5:
|
||||
.byte 0x01,0x0b,0x03,0x0a
|
||||
.byte 0x0b,0x01,0x21,0x00 # sub rsp,0x108
|
||||
.byte 0x04,0xa3,0x00,0x00 # lea r10,(rsp), set_frame r10
|
||||
.byte 0x01,0x0d,0x05,0x00
|
||||
.byte 0x0d,0x78,0x01,0x00 #movaps 0x10(rsp),xmm7
|
||||
.byte 0x08,0x68,0x00,0x00 #movaps (rsp),xmm6
|
||||
.byte 0x04,0x42,0x00,0x00 #sub rsp,0x28
|
||||
.align 8
|
||||
___
|
||||
}
|
||||
|
||||
@ -125,7 +125,6 @@
|
||||
#ifndef HEADER_BN_H
|
||||
# define HEADER_BN_H
|
||||
|
||||
# include <limits.h>
|
||||
# include <openssl/e_os2.h>
|
||||
# ifndef OPENSSL_NO_FP_API
|
||||
# include <stdio.h> /* FILE */
|
||||
@ -740,17 +739,8 @@ const BIGNUM *BN_get0_nist_prime_521(void);
|
||||
|
||||
/* library internal functions */
|
||||
|
||||
# define bn_expand(a,bits) \
|
||||
( \
|
||||
bits > (INT_MAX - BN_BITS2 + 1) ? \
|
||||
NULL \
|
||||
: \
|
||||
(((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) ? \
|
||||
(a) \
|
||||
: \
|
||||
bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2) \
|
||||
)
|
||||
|
||||
# define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
|
||||
(a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2))
|
||||
# define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
|
||||
BIGNUM *bn_expand2(BIGNUM *a, int words);
|
||||
# ifndef OPENSSL_NO_DEPRECATED
|
||||
|
||||
@ -110,7 +110,6 @@
|
||||
*/
|
||||
|
||||
#include "cryptlib.h"
|
||||
#include "constant_time_locl.h"
|
||||
#include "bn_lcl.h"
|
||||
|
||||
#include <stdlib.h>
|
||||
@ -272,14 +271,9 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|
||||
}
|
||||
|
||||
bits = BN_num_bits(p);
|
||||
|
||||
if (bits == 0) {
|
||||
/* x**0 mod 1 is still zero. */
|
||||
if (BN_is_one(m)) {
|
||||
ret = 1;
|
||||
BN_zero(r);
|
||||
} else {
|
||||
ret = BN_one(r);
|
||||
}
|
||||
ret = BN_one(r);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -413,13 +407,7 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
||||
}
|
||||
bits = BN_num_bits(p);
|
||||
if (bits == 0) {
|
||||
/* x**0 mod 1 is still zero. */
|
||||
if (BN_is_one(m)) {
|
||||
ret = 1;
|
||||
BN_zero(rr);
|
||||
} else {
|
||||
ret = BN_one(rr);
|
||||
}
|
||||
ret = BN_one(rr);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -547,17 +535,15 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
||||
|
||||
static int MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top,
|
||||
unsigned char *buf, int idx,
|
||||
int window)
|
||||
int width)
|
||||
{
|
||||
int i, j;
|
||||
int width = 1 << window;
|
||||
BN_ULONG *table = (BN_ULONG *)buf;
|
||||
size_t i, j;
|
||||
|
||||
if (top > b->top)
|
||||
top = b->top; /* this works because 'buf' is explicitly
|
||||
* zeroed */
|
||||
for (i = 0, j = idx; i < top; i++, j += width) {
|
||||
table[j] = b->d[i];
|
||||
for (i = 0, j = idx; i < top * sizeof b->d[0]; i++, j += width) {
|
||||
buf[j] = ((unsigned char *)b->d)[i];
|
||||
}
|
||||
|
||||
return 1;
|
||||
@ -565,51 +551,15 @@ static int MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top,
|
||||
|
||||
static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
|
||||
unsigned char *buf, int idx,
|
||||
int window)
|
||||
int width)
|
||||
{
|
||||
int i, j;
|
||||
int width = 1 << window;
|
||||
volatile BN_ULONG *table = (volatile BN_ULONG *)buf;
|
||||
size_t i, j;
|
||||
|
||||
if (bn_wexpand(b, top) == NULL)
|
||||
return 0;
|
||||
|
||||
if (window <= 3) {
|
||||
for (i = 0; i < top; i++, table += width) {
|
||||
BN_ULONG acc = 0;
|
||||
|
||||
for (j = 0; j < width; j++) {
|
||||
acc |= table[j] &
|
||||
((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
|
||||
}
|
||||
|
||||
b->d[i] = acc;
|
||||
}
|
||||
} else {
|
||||
int xstride = 1 << (window - 2);
|
||||
BN_ULONG y0, y1, y2, y3;
|
||||
|
||||
i = idx >> (window - 2); /* equivalent of idx / xstride */
|
||||
idx &= xstride - 1; /* equivalent of idx % xstride */
|
||||
|
||||
y0 = (BN_ULONG)0 - (constant_time_eq_int(i,0)&1);
|
||||
y1 = (BN_ULONG)0 - (constant_time_eq_int(i,1)&1);
|
||||
y2 = (BN_ULONG)0 - (constant_time_eq_int(i,2)&1);
|
||||
y3 = (BN_ULONG)0 - (constant_time_eq_int(i,3)&1);
|
||||
|
||||
for (i = 0; i < top; i++, table += width) {
|
||||
BN_ULONG acc = 0;
|
||||
|
||||
for (j = 0; j < xstride; j++) {
|
||||
acc |= ( (table[j + 0 * xstride] & y0) |
|
||||
(table[j + 1 * xstride] & y1) |
|
||||
(table[j + 2 * xstride] & y2) |
|
||||
(table[j + 3 * xstride] & y3) )
|
||||
& ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
|
||||
}
|
||||
|
||||
b->d[i] = acc;
|
||||
}
|
||||
for (i = 0, j = idx; i < top * sizeof b->d[0]; i++, j += width) {
|
||||
((unsigned char *)b->d)[i] = buf[j];
|
||||
}
|
||||
|
||||
b->top = top;
|
||||
@ -629,7 +579,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
|
||||
* precomputation memory layout to limit data-dependency to a minimum to
|
||||
* protect secret exponents (cf. the hyper-threading timing attacks pointed
|
||||
* out by Colin Percival,
|
||||
* http://www.daemonology.net/hyperthreading-considered-harmful/)
|
||||
* http://www.daemong-consideredperthreading-considered-harmful/)
|
||||
*/
|
||||
int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
||||
const BIGNUM *m, BN_CTX *ctx,
|
||||
@ -658,13 +608,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
||||
|
||||
bits = BN_num_bits(p);
|
||||
if (bits == 0) {
|
||||
/* x**0 mod 1 is still zero. */
|
||||
if (BN_is_one(m)) {
|
||||
ret = 1;
|
||||
BN_zero(rr);
|
||||
} else {
|
||||
ret = BN_one(rr);
|
||||
}
|
||||
ret = BN_one(rr);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -839,9 +783,9 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
||||
} else
|
||||
#endif
|
||||
{
|
||||
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, window))
|
||||
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, numPowers))
|
||||
goto err;
|
||||
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, window))
|
||||
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, numPowers))
|
||||
goto err;
|
||||
|
||||
/*
|
||||
@ -853,15 +797,15 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
||||
if (window > 1) {
|
||||
if (!BN_mod_mul_montgomery(&tmp, &am, &am, mont, ctx))
|
||||
goto err;
|
||||
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 2,
|
||||
window))
|
||||
if (!MOD_EXP_CTIME_COPY_TO_PREBUF
|
||||
(&tmp, top, powerbuf, 2, numPowers))
|
||||
goto err;
|
||||
for (i = 3; i < numPowers; i++) {
|
||||
/* Calculate a^i = a^(i-1) * a */
|
||||
if (!BN_mod_mul_montgomery(&tmp, &am, &tmp, mont, ctx))
|
||||
goto err;
|
||||
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, i,
|
||||
window))
|
||||
if (!MOD_EXP_CTIME_COPY_TO_PREBUF
|
||||
(&tmp, top, powerbuf, i, numPowers))
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
@ -869,8 +813,8 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
||||
bits--;
|
||||
for (wvalue = 0, i = bits % window; i >= 0; i--, bits--)
|
||||
wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
|
||||
if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&tmp, top, powerbuf, wvalue,
|
||||
window))
|
||||
if (!MOD_EXP_CTIME_COPY_FROM_PREBUF
|
||||
(&tmp, top, powerbuf, wvalue, numPowers))
|
||||
goto err;
|
||||
|
||||
/*
|
||||
@ -890,8 +834,8 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
||||
/*
|
||||
* Fetch the appropriate pre-computed value from the pre-buf
|
||||
*/
|
||||
if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&am, top, powerbuf, wvalue,
|
||||
window))
|
||||
if (!MOD_EXP_CTIME_COPY_FROM_PREBUF
|
||||
(&am, top, powerbuf, wvalue, numPowers))
|
||||
goto err;
|
||||
|
||||
/* Multiply the result into the intermediate result */
|
||||
@ -964,9 +908,8 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
|
||||
if (BN_is_one(m)) {
|
||||
ret = 1;
|
||||
BN_zero(rr);
|
||||
} else {
|
||||
} else
|
||||
ret = BN_one(rr);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
if (a == 0) {
|
||||
@ -1080,14 +1023,9 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|
||||
}
|
||||
|
||||
bits = BN_num_bits(p);
|
||||
if (bits == 0) {
|
||||
/* x**0 mod 1 is still zero. */
|
||||
if (BN_is_one(m)) {
|
||||
ret = 1;
|
||||
BN_zero(r);
|
||||
} else {
|
||||
ret = BN_one(r);
|
||||
}
|
||||
|
||||
if (bits == 0) {
|
||||
ret = BN_one(r);
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
@ -58,7 +58,6 @@
|
||||
|
||||
#include <stdio.h>
|
||||
#include <ctype.h>
|
||||
#include <limits.h>
|
||||
#include "cryptlib.h"
|
||||
#include <openssl/buffer.h>
|
||||
#include "bn_lcl.h"
|
||||
@ -190,11 +189,7 @@ int BN_hex2bn(BIGNUM **bn, const char *a)
|
||||
a++;
|
||||
}
|
||||
|
||||
for (i = 0; i <= (INT_MAX/4) && isxdigit((unsigned char)a[i]); i++)
|
||||
continue;
|
||||
|
||||
if (i > INT_MAX/4)
|
||||
goto err;
|
||||
for (i = 0; isxdigit((unsigned char)a[i]); i++) ;
|
||||
|
||||
num = i + neg;
|
||||
if (bn == NULL)
|
||||
@ -209,7 +204,7 @@ int BN_hex2bn(BIGNUM **bn, const char *a)
|
||||
BN_zero(ret);
|
||||
}
|
||||
|
||||
/* i is the number of hex digits */
|
||||
/* i is the number of hex digests; */
|
||||
if (bn_expand(ret, i * 4) == NULL)
|
||||
goto err;
|
||||
|
||||
@ -265,11 +260,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
|
||||
a++;
|
||||
}
|
||||
|
||||
for (i = 0; i <= (INT_MAX/4) && isdigit((unsigned char)a[i]); i++)
|
||||
continue;
|
||||
|
||||
if (i > INT_MAX/4)
|
||||
goto err;
|
||||
for (i = 0; isdigit((unsigned char)a[i]); i++) ;
|
||||
|
||||
num = i + neg;
|
||||
if (bn == NULL)
|
||||
@ -287,7 +278,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
|
||||
BN_zero(ret);
|
||||
}
|
||||
|
||||
/* i is the number of digits, a bit of an over expand */
|
||||
/* i is the number of digests, a bit of an over expand; */
|
||||
if (bn_expand(ret, i * 4) == NULL)
|
||||
goto err;
|
||||
|
||||
|
||||
@ -65,7 +65,6 @@ void BN_RECP_CTX_init(BN_RECP_CTX *recp)
|
||||
BN_init(&(recp->N));
|
||||
BN_init(&(recp->Nr));
|
||||
recp->num_bits = 0;
|
||||
recp->shift = 0;
|
||||
recp->flags = 0;
|
||||
}
|
||||
|
||||
|
||||
@ -72,25 +72,6 @@
|
||||
static const char rnd_seed[] =
|
||||
"string to make the random number generator think it has entropy";
|
||||
|
||||
/*
|
||||
* Test that r == 0 in test_exp_mod_zero(). Returns one on success,
|
||||
* returns zero and prints debug output otherwise.
|
||||
*/
|
||||
static int a_is_zero_mod_one(const char *method, const BIGNUM *r,
|
||||
const BIGNUM *a) {
|
||||
if (!BN_is_zero(r)) {
|
||||
fprintf(stderr, "%s failed:\n", method);
|
||||
fprintf(stderr, "a ** 0 mod 1 = r (should be 0)\n");
|
||||
fprintf(stderr, "a = ");
|
||||
BN_print_fp(stderr, a);
|
||||
fprintf(stderr, "\nr = ");
|
||||
BN_print_fp(stderr, r);
|
||||
fprintf(stderr, "\n");
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success.
|
||||
*/
|
||||
@ -98,9 +79,8 @@ static int test_exp_mod_zero()
|
||||
{
|
||||
BIGNUM a, p, m;
|
||||
BIGNUM r;
|
||||
BN_ULONG one_word = 1;
|
||||
BN_CTX *ctx = BN_CTX_new();
|
||||
int ret = 1, failed = 0;
|
||||
int ret = 1;
|
||||
|
||||
BN_init(&m);
|
||||
BN_one(&m);
|
||||
@ -112,65 +92,21 @@ static int test_exp_mod_zero()
|
||||
BN_zero(&p);
|
||||
|
||||
BN_init(&r);
|
||||
BN_mod_exp(&r, &a, &p, &m, ctx);
|
||||
BN_CTX_free(ctx);
|
||||
|
||||
if (!BN_rand(&a, 1024, 0, 0))
|
||||
goto err;
|
||||
|
||||
if (!BN_mod_exp(&r, &a, &p, &m, ctx))
|
||||
goto err;
|
||||
|
||||
if (!a_is_zero_mod_one("BN_mod_exp", &r, &a))
|
||||
failed = 1;
|
||||
|
||||
if (!BN_mod_exp_recp(&r, &a, &p, &m, ctx))
|
||||
goto err;
|
||||
|
||||
if (!a_is_zero_mod_one("BN_mod_exp_recp", &r, &a))
|
||||
failed = 1;
|
||||
|
||||
if (!BN_mod_exp_simple(&r, &a, &p, &m, ctx))
|
||||
goto err;
|
||||
|
||||
if (!a_is_zero_mod_one("BN_mod_exp_simple", &r, &a))
|
||||
failed = 1;
|
||||
|
||||
if (!BN_mod_exp_mont(&r, &a, &p, &m, ctx, NULL))
|
||||
goto err;
|
||||
|
||||
if (!a_is_zero_mod_one("BN_mod_exp_mont", &r, &a))
|
||||
failed = 1;
|
||||
|
||||
if (!BN_mod_exp_mont_consttime(&r, &a, &p, &m, ctx, NULL)) {
|
||||
goto err;
|
||||
if (BN_is_zero(&r))
|
||||
ret = 0;
|
||||
else {
|
||||
printf("1**0 mod 1 = ");
|
||||
BN_print_fp(stdout, &r);
|
||||
printf(", should be 0\n");
|
||||
}
|
||||
|
||||
if (!a_is_zero_mod_one("BN_mod_exp_mont_consttime", &r, &a))
|
||||
failed = 1;
|
||||
|
||||
/*
|
||||
* A different codepath exists for single word multiplication
|
||||
* in non-constant-time only.
|
||||
*/
|
||||
if (!BN_mod_exp_mont_word(&r, one_word, &p, &m, ctx, NULL))
|
||||
goto err;
|
||||
|
||||
if (!BN_is_zero(&r)) {
|
||||
fprintf(stderr, "BN_mod_exp_mont_word failed:\n");
|
||||
fprintf(stderr, "1 ** 0 mod 1 = r (should be 0)\n");
|
||||
fprintf(stderr, "r = ");
|
||||
BN_print_fp(stderr, &r);
|
||||
fprintf(stderr, "\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
ret = failed;
|
||||
|
||||
err:
|
||||
BN_free(&r);
|
||||
BN_free(&a);
|
||||
BN_free(&p);
|
||||
BN_free(&m);
|
||||
BN_CTX_free(ctx);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/camellia/camellia.c */
|
||||
/* crypto/camellia/camellia.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
|
||||
* ALL RIGHTS RESERVED.
|
||||
@ -67,7 +67,7 @@
|
||||
|
||||
/*
|
||||
* Algorithm Specification
|
||||
* http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
|
||||
* http://info.isl.llia/specicrypt/eng/camellia/specifications.html
|
||||
*/
|
||||
|
||||
/*
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/camellia/camellia.h */
|
||||
/* crypto/camellia/camellia.h -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/camellia/camellia_cbc.c */
|
||||
/* crypto/camellia/camellia_cbc.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/camellia/camellia_cfb.c */
|
||||
/* crypto/camellia/camellia_cfb.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/camellia/camellia_ctr.c */
|
||||
/* crypto/camellia/camellia_ctr.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/camellia/camellia_ecb.c */
|
||||
/* crypto/camellia/camellia_ecb.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/camellia/camellia_locl.h */
|
||||
/* crypto/camellia/camellia_locl.h -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
|
||||
* ALL RIGHTS RESERVED.
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/camellia/camellia_misc.c */
|
||||
/* crypto/camellia/camellia_misc.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/camellia/camellia_ofb.c */
|
||||
/* crypto/camellia/camellia_ofb.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/camellia/cmll_utl.c */
|
||||
/* crypto/camellia/cmll_utl.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
||||
@ -4,10 +4,6 @@
|
||||
|
||||
# include <openssl/crypto.h>
|
||||
|
||||
# ifdef OPENSSL_NO_COMP
|
||||
# error COMP is disabled.
|
||||
# endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/des/des_old.c */
|
||||
/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
|
||||
/*-
|
||||
* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/des/des_old.h */
|
||||
/* crypto/des/des_old.h -*- mode:C; c-file-style: "eay" -*- */
|
||||
|
||||
/*-
|
||||
* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/des/des_old.c */
|
||||
/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
|
||||
/*
|
||||
* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING The
|
||||
|
||||
@ -191,8 +191,6 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
|
||||
STACK_OF(ASN1_TYPE) *ndsa = NULL;
|
||||
DSA *dsa = NULL;
|
||||
|
||||
int ret = 0;
|
||||
|
||||
if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
|
||||
return 0;
|
||||
X509_ALGOR_get0(NULL, &ptype, &pval, palg);
|
||||
@ -264,21 +262,23 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
|
||||
}
|
||||
|
||||
EVP_PKEY_assign_DSA(pkey, dsa);
|
||||
|
||||
ret = 1;
|
||||
goto done;
|
||||
|
||||
decerr:
|
||||
DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR);
|
||||
dsaerr:
|
||||
DSA_free(dsa);
|
||||
done:
|
||||
BN_CTX_free(ctx);
|
||||
if (ndsa)
|
||||
sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
|
||||
else
|
||||
ASN1_STRING_clear_free(privkey);
|
||||
return ret;
|
||||
|
||||
return 1;
|
||||
|
||||
decerr:
|
||||
DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR);
|
||||
dsaerr:
|
||||
BN_CTX_free(ctx);
|
||||
if (privkey)
|
||||
ASN1_STRING_clear_free(privkey);
|
||||
sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
|
||||
DSA_free(dsa);
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
|
||||
|
||||
@ -187,6 +187,9 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
|
||||
if (!BN_mod_mul(s, s, kinv, dsa->q, ctx))
|
||||
goto err;
|
||||
|
||||
ret = DSA_SIG_new();
|
||||
if (ret == NULL)
|
||||
goto err;
|
||||
/*
|
||||
* Redo if r or s is zero as required by FIPS 186-3: this is very
|
||||
* unlikely.
|
||||
@ -198,14 +201,11 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
|
||||
}
|
||||
goto redo;
|
||||
}
|
||||
ret = DSA_SIG_new();
|
||||
if (ret == NULL)
|
||||
goto err;
|
||||
ret->r = r;
|
||||
ret->s = s;
|
||||
|
||||
err:
|
||||
if (ret == NULL) {
|
||||
if (!ret) {
|
||||
DSAerr(DSA_F_DSA_DO_SIGN, reason);
|
||||
BN_free(r);
|
||||
BN_free(s);
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* dso.h */
|
||||
/* dso.h -*- mode:C; c-file-style: "eay" -*- */
|
||||
/*
|
||||
* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
|
||||
* 2000.
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* dso_dl.c */
|
||||
/* dso_dl.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/*
|
||||
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
|
||||
* 2000.
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* dso_dlfcn.c */
|
||||
/* dso_dlfcn.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/*
|
||||
* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
|
||||
* 2000.
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* dso_lib.c */
|
||||
/* dso_lib.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/*
|
||||
* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
|
||||
* 2000.
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* dso_vms.c */
|
||||
/* dso_vms.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/*
|
||||
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
|
||||
* 2000.
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* dso_win32.c */
|
||||
/* dso_win32.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/*
|
||||
* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
|
||||
* 2000.
|
||||
|
||||
@ -1591,7 +1591,7 @@ struct nistp_test_params {
|
||||
int degree;
|
||||
/*
|
||||
* Qx, Qy and D are taken from
|
||||
* http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf
|
||||
* http://csrcdocut.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf
|
||||
* Otherwise, values are standard curve parameters from FIPS 180-3
|
||||
*/
|
||||
const char *p, *a, *b, *Qx, *Qy, *Gx, *Gy, *order, *d;
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/engine/eng_all.c */
|
||||
/* crypto/engine/eng_all.c -*- mode: C; c-file-style: "eay" -*- */
|
||||
/*
|
||||
* Written by Richard Levitte <richard@levitte.org> for the OpenSSL project
|
||||
* 2000.
|
||||
|
||||
@ -200,10 +200,8 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
|
||||
}
|
||||
#endif
|
||||
if (ctx->digest != type) {
|
||||
if (ctx->digest && ctx->digest->ctx_size) {
|
||||
if (ctx->digest && ctx->digest->ctx_size)
|
||||
OPENSSL_free(ctx->md_data);
|
||||
ctx->md_data = NULL;
|
||||
}
|
||||
ctx->digest = type;
|
||||
if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) {
|
||||
ctx->update = type->update;
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/evp/e_camellia.c */
|
||||
/* crypto/evp/e_camellia.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/evp/e_old.c */
|
||||
/* crypto/evp/e_old.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/*
|
||||
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
|
||||
* 2004.
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/evp/e_seed.c */
|
||||
/* crypto/evp/e_seed.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2007 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
||||
@ -57,7 +57,6 @@
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <limits.h>
|
||||
#include "cryptlib.h"
|
||||
#include <openssl/evp.h>
|
||||
|
||||
@ -152,13 +151,13 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
|
||||
const unsigned char *in, int inl)
|
||||
{
|
||||
int i, j;
|
||||
size_t total = 0;
|
||||
unsigned int total = 0;
|
||||
|
||||
*outl = 0;
|
||||
if (inl <= 0)
|
||||
return;
|
||||
OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
|
||||
if (ctx->length - ctx->num > inl) {
|
||||
if ((ctx->num + inl) < ctx->length) {
|
||||
memcpy(&(ctx->enc_data[ctx->num]), in, inl);
|
||||
ctx->num += inl;
|
||||
return;
|
||||
@ -175,7 +174,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
|
||||
*out = '\0';
|
||||
total = j + 1;
|
||||
}
|
||||
while (inl >= ctx->length && total <= INT_MAX) {
|
||||
while (inl >= ctx->length) {
|
||||
j = EVP_EncodeBlock(out, in, ctx->length);
|
||||
in += ctx->length;
|
||||
inl -= ctx->length;
|
||||
@ -184,11 +183,6 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
|
||||
*out = '\0';
|
||||
total += j + 1;
|
||||
}
|
||||
if (total > INT_MAX) {
|
||||
/* Too much output data! */
|
||||
*outl = 0;
|
||||
return;
|
||||
}
|
||||
if (inl != 0)
|
||||
memcpy(&(ctx->enc_data[0]), in, inl);
|
||||
ctx->num = inl;
|
||||
|
||||
@ -334,7 +334,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
|
||||
bl = ctx->cipher->block_size;
|
||||
OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
|
||||
if (i != 0) {
|
||||
if (bl - i > inl) {
|
||||
if (i + inl < bl) {
|
||||
memcpy(&(ctx->buf[i]), in, inl);
|
||||
ctx->buf_len += inl;
|
||||
*outl = 0;
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/mem_clr.c */
|
||||
/* crypto/mem_clr.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/*
|
||||
* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
|
||||
* 2002.
|
||||
|
||||
@ -67,20 +67,23 @@
|
||||
/* increment counter (128-bit int) by 1 */
|
||||
static void ctr128_inc(unsigned char *counter)
|
||||
{
|
||||
u32 n = 16, c = 1;
|
||||
u32 n = 16;
|
||||
u8 c;
|
||||
|
||||
do {
|
||||
--n;
|
||||
c += counter[n];
|
||||
counter[n] = (u8)c;
|
||||
c >>= 8;
|
||||
c = counter[n];
|
||||
++c;
|
||||
counter[n] = c;
|
||||
if (c)
|
||||
return;
|
||||
} while (n);
|
||||
}
|
||||
|
||||
#if !defined(OPENSSL_SMALL_FOOTPRINT)
|
||||
static void ctr128_inc_aligned(unsigned char *counter)
|
||||
{
|
||||
size_t *data, c, d, n;
|
||||
size_t *data, c, n;
|
||||
const union {
|
||||
long one;
|
||||
char little;
|
||||
@ -88,19 +91,20 @@ static void ctr128_inc_aligned(unsigned char *counter)
|
||||
1
|
||||
};
|
||||
|
||||
if (is_endian.little || ((size_t)counter % sizeof(size_t)) != 0) {
|
||||
if (is_endian.little) {
|
||||
ctr128_inc(counter);
|
||||
return;
|
||||
}
|
||||
|
||||
data = (size_t *)counter;
|
||||
c = 1;
|
||||
n = 16 / sizeof(size_t);
|
||||
do {
|
||||
--n;
|
||||
d = data[n] += c;
|
||||
/* did addition carry? */
|
||||
c = ((d - c) ^ d) >> (sizeof(size_t) * 8 - 1);
|
||||
c = data[n];
|
||||
++c;
|
||||
data[n] = c;
|
||||
if (c)
|
||||
return;
|
||||
} while (n);
|
||||
}
|
||||
#endif
|
||||
@ -140,14 +144,14 @@ void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
|
||||
}
|
||||
|
||||
# if defined(STRICT_ALIGNMENT)
|
||||
if (((size_t)in | (size_t)out | (size_t)ecount_buf)
|
||||
% sizeof(size_t) != 0)
|
||||
if (((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) !=
|
||||
0)
|
||||
break;
|
||||
# endif
|
||||
while (len >= 16) {
|
||||
(*block) (ivec, ecount_buf, key);
|
||||
ctr128_inc_aligned(ivec);
|
||||
for (n = 0; n < 16; n += sizeof(size_t))
|
||||
for (; n < 16; n += sizeof(size_t))
|
||||
*(size_t *)(out + n) =
|
||||
*(size_t *)(in + n) ^ *(size_t *)(ecount_buf + n);
|
||||
len -= 16;
|
||||
@ -185,13 +189,16 @@ void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
|
||||
/* increment upper 96 bits of 128-bit counter by 1 */
|
||||
static void ctr96_inc(unsigned char *counter)
|
||||
{
|
||||
u32 n = 12, c = 1;
|
||||
u32 n = 12;
|
||||
u8 c;
|
||||
|
||||
do {
|
||||
--n;
|
||||
c += counter[n];
|
||||
counter[n] = (u8)c;
|
||||
c >>= 8;
|
||||
c = counter[n];
|
||||
++c;
|
||||
counter[n] = c;
|
||||
if (c)
|
||||
return;
|
||||
} while (n);
|
||||
}
|
||||
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/o_dir.c */
|
||||
/* crypto/o_dir.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/*
|
||||
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
|
||||
* 2004.
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/o_dir.h */
|
||||
/* crypto/o_dir.h -*- mode:C; c-file-style: "eay" -*- */
|
||||
/*
|
||||
* Copied from Richard Levitte's (richard@levitte.org) LP library. All
|
||||
* symbol names have been changed, with permission from the author.
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/o_dir.h */
|
||||
/* crypto/o_dir.h -*- mode:C; c-file-style: "eay" -*- */
|
||||
/*
|
||||
* Copied from Richard Levitte's (richard@levitte.org) LP library. All
|
||||
* symbol names have been changed, with permission from the author.
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/o_str.c */
|
||||
/* crypto/o_str.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/*
|
||||
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
|
||||
* 2003.
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/o_str.h */
|
||||
/* crypto/o_str.h -*- mode:C; c-file-style: "eay" -*- */
|
||||
/*
|
||||
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
|
||||
* 2003.
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/o_time.c */
|
||||
/* crypto/o_time.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/*
|
||||
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
|
||||
* 2001.
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/o_time.h */
|
||||
/* crypto/o_time.h -*- mode:C; c-file-style: "eay" -*- */
|
||||
/*
|
||||
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
|
||||
* 2001.
|
||||
|
||||
@ -30,11 +30,11 @@ extern "C" {
|
||||
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
|
||||
* major minor fix final patch/beta)
|
||||
*/
|
||||
# define OPENSSL_VERSION_NUMBER 0x10001140L
|
||||
# define OPENSSL_VERSION_NUMBER 0x1000111fL
|
||||
# ifdef OPENSSL_FIPS
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1t-fips-dev xx XXX xxxx"
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1q-fips 3 Dec 2015"
|
||||
# else
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1t-dev xx XXX xxxx"
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1q 3 Dec 2015"
|
||||
# endif
|
||||
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
|
||||
|
||||
|
||||
@ -344,7 +344,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
|
||||
|
||||
if (enc != NULL) {
|
||||
objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
|
||||
if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0) {
|
||||
if (objstr == NULL) {
|
||||
PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
|
||||
goto err;
|
||||
}
|
||||
|
||||
@ -131,10 +131,6 @@ static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r)
|
||||
# define MS_PVKMAGIC 0xb0b5f11eL
|
||||
/* Salt length for PVK files */
|
||||
# define PVK_SALTLEN 0x10
|
||||
/* Maximum length in PVK header */
|
||||
# define PVK_MAX_KEYLEN 102400
|
||||
/* Maximum salt length */
|
||||
# define PVK_MAX_SALTLEN 10240
|
||||
|
||||
static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
|
||||
unsigned int bitlen, int ispub);
|
||||
@ -648,9 +644,6 @@ static int do_PVK_header(const unsigned char **in, unsigned int length,
|
||||
*psaltlen = read_ledword(&p);
|
||||
*pkeylen = read_ledword(&p);
|
||||
|
||||
if (*pkeylen > PVK_MAX_KEYLEN || *psaltlen > PVK_MAX_SALTLEN)
|
||||
return 0;
|
||||
|
||||
if (is_encrypted && !*psaltlen) {
|
||||
PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER);
|
||||
return 0;
|
||||
|
||||
@ -121,7 +121,7 @@ my %globals;
|
||||
$self->{sz} = "";
|
||||
} elsif ($self->{op} =~ /^v/) { # VEX
|
||||
$self->{sz} = "";
|
||||
} elsif ($self->{op} =~ /mov[dq]/ && $line =~ /%xmm/) {
|
||||
} elsif ($self->{op} =~ /movq/ && $line =~ /%xmm/) {
|
||||
$self->{sz} = "";
|
||||
} elsif ($self->{op} =~ /([a-z]{3,})([qlwb])$/) {
|
||||
$self->{op} = $1;
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/rand/rand_vms.c */
|
||||
/* crypto/rand/rand_vms.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/*
|
||||
* Written by Richard Levitte <richard@levitte.org> for the OpenSSL project
|
||||
* 2000.
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/rc4/rc4_utl.c */
|
||||
/* crypto/rc4/rc4_utl.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/rsa/rsa_chk.c */
|
||||
/* crypto/rsa/rsa_chk.c -*- Mode: C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/seed/seed_cbc.c */
|
||||
/* crypto/seed/seed_cbc.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/seed/seed_cfb.c */
|
||||
/* crypto/seed/seed_cfb.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/seed/seed_ecb.c */
|
||||
/* crypto/seed/seed_ecb.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2007 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* crypto/seed/seed_ofb.c */
|
||||
/* crypto/seed/seed_ofb.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
||||
@ -157,8 +157,8 @@ int main(int argc, char *argv[])
|
||||
if (err)
|
||||
printf("ERROR: %d\n", err);
|
||||
# endif
|
||||
EVP_MD_CTX_cleanup(&c);
|
||||
EXIT(err);
|
||||
EVP_MD_CTX_cleanup(&c);
|
||||
return (0);
|
||||
}
|
||||
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user