SecBSD/src
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sync with OpenBSD -current

Browse source
This commit is contained in:
purplerain 2024-03-29 19:36:15 +00:00
parent 6278c437f5
commit 784d5aeff3
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
93 changed files with 1817 additions and 10181 deletions
Download patch file Download diff file Expand all files Collapse all files

1
distrib/sets/lists/comp/mi
View file

@ -1690,7 +1690,6 @@
./usr/share/man/man2/msgrcv.2
./usr/share/man/man2/msgsnd.2
./usr/share/man/man2/msync.2
./usr/share/man/man2/msyscall.2
./usr/share/man/man2/munmap.2
./usr/share/man/man2/nanosleep.2
./usr/share/man/man2/nfssvc.2

3
gnu/usr.bin/cc/Makefile
View file

@ -1,5 +1,5 @@
# $FreeBSD: src/gnu/usr.bin/cc/Makefile,v 1.41.8.1 2009/04/15 03:14:26 kensmith Exp $
# $OpenBSD: Makefile,v 1.3 2017/07/24 19:23:57 robert Exp $
# $OpenBSD: Makefile,v 1.4 2024/03/29 06:52:50 miod Exp $
.include <bsd.own.mk>
@ -13,7 +13,6 @@ SUBDIR+= cpp
.endif
SUBDIR+= cc1plus c++ c++filt
SUBDIR+= cc1obj
SUBDIR+= gcov
SUBDIR+= libgcc
SUBDIR+= libgcov

32
gnu/usr.bin/cc/cc1obj/Makefile
View file

@ -1,32 +0,0 @@
# $FreeBSD: src/gnu/usr.bin/cc/cc1obj/Makefile,v 1.28.8.1 2009/04/15 03:14:26 kensmith Exp $
# $OpenBSD: Makefile,v 1.2 2010/05/06 20:58:10 naddy Exp $
.include <bsd.own.mk>
.include "${.CURDIR}/../Makefile.inc"
.include "${.CURDIR}/../Makefile.ver"
.PATH: ${GCCDIR}/objc ${GCCDIR}
PROG= cc1obj
SRCS= main.c c-parser.c objc-act.c objc-lang.c c-decl.c
BINDIR= /usr/lib/gcc-lib/${GCC_TARGET}/${BASEVER}
NOMAN= Yes
NO_PIC= Yes
CFLAGS+= -I${GCCDIR}/objc -I.
OBJS+= ${PROG}-checksum.o
DPADD= ${LIBBACKEND} ${LIBCPP} ${LIBDECNUMBER} ${LIBIBERTY}
LDADD= ${LIBBACKEND} ${LIBCPP} ${LIBDECNUMBER} ${LIBIBERTY}
DOBJS+= ${SRCS:N*.h:R:S/$/.o/g}
${PROG}-dummy: ${DOBJS}
${CC} ${CFLAGS} ${LDFLAGS} -o ${.TARGET} ${DOBJS} ${LDADD}
CLEANFILES+= ${PROG}-dummy
${PROG}-checksum.c: ${PROG}-dummy
../cc_tools/genchecksum ${PROG}-dummy > ${.TARGET}
CLEANFILES+= ${PROG}-checksum.c
.include <bsd.prog.mk>

6
gnu/usr.bin/gcc/Makefile.bsd-wrapper
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile.bsd-wrapper,v 1.68 2017/10/29 12:42:11 aoyama Exp $
# $OpenBSD: Makefile.bsd-wrapper,v 1.69 2024/03/29 06:52:50 miod Exp $
MAN= gcc.1 cpp.1 gcov.1
@ -6,7 +6,7 @@ BINDIR=/usr/bin
.if defined(BOOTSTRAP)
LANGUAGES=--enable-languages=c
.else
LANGUAGES=--enable-languages='c,c++,objc'
LANGUAGES=--enable-languages='c,c++'
.endif
V=3.3.6
@ -29,7 +29,7 @@ MAKE_FLAGS= CFLAGS="${GNUCFLAGS}" \
GXX_INCDIR= /usr/include/g++
CLEANFILES= .gdbinit */.gdbinit *.info* \
c-parse.c c-parse.h c-parse.y cexp.c cp/parse.c cp/parse.h \
f/*.info* objc/objc-parse.c objc/objc-parse.y target_path \
target_path \
print-rtl1.c gengtype-lex.c gengtype-yacc.c gengtype-yacc.h \
genrtl.c genrtl.h fixinc.sh fixinc/Makefile \
po/Makefile po/Makefile.in po/POTFILES

4
lib/libc/sys/Makefile.inc
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile.inc,v 1.177 2024/01/19 14:15:51 deraadt Exp $
# $OpenBSD: Makefile.inc,v 1.178 2024/03/29 06:48:04 deraadt Exp $
# $NetBSD: Makefile.inc,v 1.35 1995/10/16 23:49:07 jtc Exp $
# @(#)Makefile.inc 8.1 (Berkeley) 6/17/93
@ -189,7 +189,7 @@ MAN+= __get_tcb.2 __thrsigdivert.2 __thrsleep.2 _exit.2 accept.2 \
intro.2 ioctl.2 issetugid.2 \
kbind.2 kill.2 kqueue.2 ktrace.2 link.2 listen.2 lseek.2 madvise.2 \
mimmutable.2 minherit.2 mkdir.2 mkfifo.2 mknod.2 mlock.2 \
mlockall.2 mmap.2 mount.2 mprotect.2 mquery.2 msyscall.2 msgctl.2 \
mlockall.2 mmap.2 mount.2 mprotect.2 mquery.2 msgctl.2 \
msgget.2 msgrcv.2 msgsnd.2 msync.2 munmap.2 nanosleep.2 \
nfssvc.2 open.2 pathconf.2 pinsyscalls.2 pipe.2 pledge.2 \
poll.2 profil.2 ptrace.2 quotactl.2 read.2 readlink.2 reboot.2 recv.2 \

72
lib/libc/sys/msyscall.2
View file

@ -1,72 +0,0 @@
.\" $OpenBSD: msyscall.2,v 1.3 2023/09/14 19:59:12 jmc Exp $
.\"
.\" Copyright (c) 2019 Theo de Raadt <deraadt@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: September 14 2023 $
.Dt MSYSCALL 2
.Os
.Sh NAME
.Nm msyscall
.Nd permit syscalls from a region of pages
.Sh SYNOPSIS
.In sys/mman.h
.Ft int
.Fn msyscall "void *addr" "size_t len"
.Sh DESCRIPTION
The
.Fn msyscall
system call permits system call entry from the pages that contain
the address range
.Fa addr
through
.Fa addr
\&+
.Fa len
\- 1
(inclusive).
If
.Fa len
is 0, no action is taken on the page that contains
.Fa addr .
.Pp
.Fn msyscall
is currently intended for use by
.Xr ld.so 1
only, and may be called only once to indicate the location of
the loaded
.Pa libc.so
library.
.Sh RETURN VALUES
.Rv -std
.Sh ERRORS
.Fn msyscall
will fail if:
.Bl -tag -width Er
.It Bq Er EINVAL
The specified address range would wrap around.
.It Bq Er EPERM
Attempt to call
.Fn msyscall
after
.Xr ld.so 1
has called it.
.El
.Sh SEE ALSO
.Xr mmap 2
.Sh HISTORY
The
.Fn msyscall
function first appeared in
.Ox 6.7 .

11
lib/libc/sys/sigaltstack.2
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: sigaltstack.2,v 1.26 2022/10/19 18:29:36 deraadt Exp $
.\" $OpenBSD: sigaltstack.2,v 1.27 2024/03/29 06:48:04 deraadt Exp $
.\" $NetBSD: sigaltstack.2,v 1.3 1995/02/27 10:41:52 cgd Exp $
.\"
.\" Copyright (c) 1983, 1991, 1992, 1993
@ -30,7 +30,7 @@
.\"
.\" @(#)sigaltstack.2 8.1 (Berkeley) 6/4/93
.\"
.Dd $Mdocdate: October 19 2022 $
.Dd $Mdocdate: March 29 2024 $
.Dt SIGALTSTACK 2
.Os
.Sh NAME
@ -132,11 +132,8 @@ On
some additional restrictions prevent dangerous address space modifications.
The proposed space at
.Fa ss_sp
is verified to be contiguously mapped for read-write permissions
(no execute)
and incapable of syscall entry
(see
.Xr msyscall 2 ) .
is verified to be contiguously mapped for read-write permissions without
execute.
If those conditions are met, a page-aligned inner region will be freshly mapped
(all zero) with
.Dv MAP_STACK

27
lib/libcrypto/Makefile
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.185 2024/03/28 12:52:58 jsing Exp $
# $OpenBSD: Makefile,v 1.192 2024/03/29 07:36:38 jsing Exp $
LIB= crypto
LIBREBUILD=y
@ -73,6 +73,7 @@ SRCS+= o_str.c
# aes/
SRCS+= aes.c
SRCS+= aes_core.c
SRCS+= aes_ige.c
# asn1/
@ -200,17 +201,10 @@ SRCS+= bs_cbb.c
SRCS+= bs_cbs.c
# camellia/
SRCS+= cmll_cfb.c
SRCS+= cmll_ctr.c
SRCS+= cmll_ecb.c
SRCS+= cmll_ofb.c
SRCS+= camellia.c
# cast/
SRCS+= c_cfb64.c
SRCS+= c_ecb.c
SRCS+= c_enc.c
SRCS+= c_ofb64.c
SRCS+= c_skey.c
SRCS+= cast.c
# chacha/
SRCS+= chacha.c
@ -393,11 +387,7 @@ SRCS+= hm_pmeth.c
SRCS+= hmac.c
# idea/
SRCS+= i_cbc.c
SRCS+= i_cfb64.c
SRCS+= i_ecb.c
SRCS+= i_ofb64.c
SRCS+= i_skey.c
SRCS+= idea.c
# kdf/
SRCS+= hkdf_evp.c
@ -557,7 +547,7 @@ SRCS+= ui_openssl.c
SRCS+= ui_util.c
# whrlpool/
SRCS+= wp_dgst.c
SRCS+= whirlpool.c
# x509/
SRCS+= by_dir.c
@ -788,11 +778,6 @@ obj_dat.h: obj_mac.h ${SSL_OBJECTS}/obj_dat.pl
.include "${.CURDIR}/arch/${MACHINE_CPU}/Makefile.inc"
.else
CFLAGS+=-DOPENSSL_NO_ASM
SRCS+= aes_core.c
SRCS+= camellia.c
SRCS+= cmll_cbc.c
SRCS+= cmll_misc.c
SRCS+= wp_block.c
.endif
BUILDFIRST = ${GENERATED}

7
lib/libcrypto/Symbols.namespace
View file

@ -2584,3 +2584,10 @@ _libre_DES_string_to_key
_libre_DES_string_to_2keys
_libre_DES_cfb64_encrypt
_libre_DES_ofb64_encrypt
_libre_BF_set_key
_libre_BF_encrypt
_libre_BF_decrypt
_libre_BF_ecb_encrypt
_libre_BF_cbc_encrypt
_libre_BF_cfb64_encrypt
_libre_BF_ofb64_encrypt

98
lib/libcrypto/aes/aes_core.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: aes_core.c,v 1.19 2024/03/27 11:15:44 jsing Exp $ */
/* $OpenBSD: aes_core.c,v 1.22 2024/03/29 11:19:01 jsing Exp $ */
/**
* rijndael-alg-fst.c
*
@ -50,6 +50,10 @@ Td3[x] = Si[x].[09, 0d, 0b, 0e];
Td4[x] = Si[x].[01];
*/
#if !defined(HAVE_AES_SET_ENCRYPT_KEY_INTERNAL) || \
!defined(HAVE_AES_SET_DECRYPT_KEY_INTERNAL) || \
!defined(HAVE_AES_ENCRYPT_INTERNAL) || \
!defined(HAVE_AES_DECRYPT_INTERNAL)
static const u32 Te0[256] = {
0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
@ -579,6 +583,10 @@ static const u32 Td3[256] = {
0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
};
#endif
#if !defined(HAVE_AES_ENCRYPT_INTERNAL) || \
!defined(HAVE_AES_DECRYPT_INTERNAL)
static const u8 Td4[256] = {
0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
@ -613,17 +621,29 @@ static const u8 Td4[256] = {
0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U,
0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU,
};
#endif
#if !defined(HAVE_AES_SET_ENCRYPT_KEY_INTERNAL) || \
!defined(HAVE_AES_SET_DECRYPT_KEY_INTERNAL)
static const u32 rcon[] = {
0x01000000, 0x02000000, 0x04000000, 0x08000000,
0x10000000, 0x20000000, 0x40000000, 0x80000000,
0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
};
#endif
/**
#ifdef HAVE_AES_SET_ENCRYPT_KEY_INTERNAL
int aes_set_encrypt_key_internal(const unsigned char *userKey, const int bits,
AES_KEY *key);
#else
/*
* Expand the cipher key into the encryption key schedule.
*/
int
AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key)
static inline int
aes_set_encrypt_key_internal(const unsigned char *userKey, const int bits,
AES_KEY *key)
{
u32 *rk;
int i = 0;
@ -719,12 +739,25 @@ AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key)
}
return 0;
}
#endif
/**
int
AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key)
{
return aes_set_encrypt_key_internal(userKey, bits, key);
}
#ifdef HAVE_AES_SET_DECRYPT_KEY_INTERNAL
int aes_set_decrypt_key_internal(const unsigned char *userKey, const int bits,
AES_KEY *key);
#else
/*
* Expand the cipher key into the decryption key schedule.
*/
int
AES_set_decrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key)
static inline int
aes_set_decrypt_key_internal(const unsigned char *userKey, const int bits,
AES_KEY *key)
{
u32 *rk;
int i, j, status;
@ -778,14 +811,25 @@ AES_set_decrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key)
}
return 0;
}
#endif
#ifndef AES_ASM
int
AES_set_decrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key)
{
return aes_set_decrypt_key_internal(userKey, bits, key);
}
#ifdef HAVE_AES_ENCRYPT_INTERNAL
void aes_encrypt_internal(const unsigned char *in, unsigned char *out,
const AES_KEY *key);
#else
/*
* Encrypt a single block
* in and out can overlap
* Encrypt a single block - in and out can overlap.
*/
void
AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key)
static inline void
aes_encrypt_internal(const unsigned char *in, unsigned char *out,
const AES_KEY *key)
{
const u32 *rk;
u32 s0, s1, s2, s3, t0, t1, t2, t3;
@ -969,13 +1013,25 @@ AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key)
rk[3];
crypto_store_htobe32(&out[3 * 4], s3);
}
#endif
/*
* Decrypt a single block
* in and out can overlap
*/
void
AES_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key)
AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key)
{
return aes_encrypt_internal(in, out, key);
}
#ifdef HAVE_AES_DECRYPT_INTERNAL
void aes_decrypt_internal(const unsigned char *in, unsigned char *out,
const AES_KEY *key);
#else
/*
* Decrypt a single block - in and out can overlap.
*/
static inline void
aes_decrypt_internal(const unsigned char *in, unsigned char *out,
const AES_KEY *key)
{
const u32 *rk;
u32 s0, s1, s2, s3, t0, t1, t2, t3;
@ -1159,4 +1215,10 @@ AES_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key)
rk[3];
crypto_store_htobe32(&out[3 * 4], s3);
}
#endif /* AES_ASM */
#endif
void
AES_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key)
{
return aes_decrypt_internal(in, out, key);
}

28
lib/libcrypto/aes/asm/aes-586.pl
View file

@ -1158,8 +1158,8 @@ sub enclast()
&data_word(0x00000000, 0x00000000, 0x00000000, 0x00000000);
&previous();
# void AES_encrypt (const void *inp,void *out,const AES_KEY *key);
&function_begin("AES_encrypt");
# void aes_encrypt_internal(const void *inp, void *out, const AES_KEY *key);
&function_begin("aes_encrypt_internal");
&mov ($acc,&wparam(0)); # load inp
&mov ($key,&wparam(2)); # load key
@ -1213,7 +1213,7 @@ sub enclast()
&mov (&DWP(4,$acc),$s1);
&mov (&DWP(8,$acc),$s2);
&mov (&DWP(12,$acc),$s3);
&function_end("AES_encrypt");
&function_end("aes_encrypt_internal");
#--------------------------------------------------------------------#
@ -1947,8 +1947,8 @@ sub declast()
&data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
&previous();
# void AES_decrypt (const void *inp,void *out,const AES_KEY *key);
&function_begin("AES_decrypt");
# void aes_decrypt_internal(const void *inp, void *out, const AES_KEY *key);
&function_begin("aes_decrypt_internal");
&mov ($acc,&wparam(0)); # load inp
&mov ($key,&wparam(2)); # load key
@ -2002,7 +2002,7 @@ sub declast()
&mov (&DWP(4,$acc),$s1);
&mov (&DWP(8,$acc),$s2);
&mov (&DWP(12,$acc),$s3);
&function_end("AES_decrypt");
&function_end("aes_decrypt_internal");
# void aes_cbc_encrypt_internal(const void char *inp, unsigned char *out,
# size_t length, const AES_KEY *key, unsigned char *ivp,const int enc);
@ -2849,12 +2849,12 @@ sub enckey()
&set_label("exit");
&function_end("_x86_AES_set_encrypt_key");
# int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
# AES_KEY *key)
&function_begin_B("AES_set_encrypt_key");
# int aes_set_encrypt_key_internal(const unsigned char *userKey, const int bits,
# AES_KEY *key)
&function_begin_B("aes_set_encrypt_key_internal");
&call ("_x86_AES_set_encrypt_key");
&ret ();
&function_end_B("AES_set_encrypt_key");
&function_end_B("aes_set_encrypt_key_internal");
sub deckey()
{ my ($i,$key,$tp1,$tp2,$tp4,$tp8) = @_;
@ -2911,9 +2911,9 @@ sub deckey()
&mov (&DWP(4*$i,$key),$tp1);
}
# int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
# AES_KEY *key)
&function_begin_B("AES_set_decrypt_key");
# int aes_set_decrypt_key_internal(const unsigned char *userKey, const int bits,
# AES_KEY *key)
&function_begin_B("aes_set_decrypt_key_internal");
&call ("_x86_AES_set_encrypt_key");
&cmp ("eax",0);
&je (&label("proceed"));
@ -2969,6 +2969,6 @@ sub deckey()
&jb (&label("permute"));
&xor ("eax","eax"); # return success
&function_end("AES_set_decrypt_key");
&function_end("aes_set_decrypt_key_internal");
&asm_finish();

50
lib/libcrypto/aes/asm/aes-armv4.pl
View file

@ -161,17 +161,17 @@ AES_Te:
.word 0x1B000000, 0x36000000, 0, 0, 0, 0, 0, 0
.size AES_Te,.-AES_Te
@ void AES_encrypt(const unsigned char *in, unsigned char *out,
@ const AES_KEY *key) {
.global AES_encrypt
.type AES_encrypt,%function
@ void aes_encrypt_internal(const unsigned char *in, unsigned char *out,
@ const AES_KEY *key) {
.global aes_encrypt_internal
.type aes_encrypt_internal,%function
.align 5
AES_encrypt:
sub r3,pc,#8 @ AES_encrypt
aes_encrypt_internal:
sub r3,pc,#8 @ aes_encrypt_internal
stmdb sp!,{r1,r4-r12,lr}
mov $rounds,r0 @ inp
mov $key,r2
sub $tbl,r3,#AES_encrypt-AES_Te @ Te
sub $tbl,r3,#aes_encrypt_internal-AES_Te @ Te
#if __ARM_ARCH__<7 || defined(__STRICT_ALIGNMENT)
ldrb $s0,[$rounds,#3] @ load input data in endian-neutral
ldrb $t1,[$rounds,#2] @ manner...
@ -265,7 +265,7 @@ AES_encrypt:
moveq pc,lr @ be binary compatible with V4, yet
bx lr @ interoperable with Thumb ISA:-)
#endif
.size AES_encrypt,.-AES_encrypt
.size aes_encrypt_internal,.-aes_encrypt_internal
.type _armv4_AES_encrypt,%function
.align 2
@ -404,12 +404,12 @@ _armv4_AES_encrypt:
ldr pc,[sp],#4 @ pop and return
.size _armv4_AES_encrypt,.-_armv4_AES_encrypt
.global AES_set_encrypt_key
.type AES_set_encrypt_key,%function
.global aes_set_encrypt_key_internal
.type aes_set_encrypt_key_internal,%function
.align 5
AES_set_encrypt_key:
aes_set_encrypt_key_internal:
_armv4_AES_set_encrypt_key:
sub r3,pc,#8 @ AES_set_encrypt_key
sub r3,pc,#8 @ aes_set_encrypt_key_internal
teq r0,#0
moveq r0,#-1
beq .Labrt
@ -679,12 +679,12 @@ _armv4_AES_set_encrypt_key:
.Labrt: tst lr,#1
moveq pc,lr @ be binary compatible with V4, yet
bx lr @ interoperable with Thumb ISA:-)
.size AES_set_encrypt_key,.-AES_set_encrypt_key
.size aes_set_encrypt_key_internal,.-aes_set_encrypt_key_internal
.global AES_set_decrypt_key
.type AES_set_decrypt_key,%function
.global aes_set_decrypt_key_internal
.type aes_set_decrypt_key_internal,%function
.align 5
AES_set_decrypt_key:
aes_set_decrypt_key_internal:
str lr,[sp,#-4]! @ push lr
bl _armv4_AES_set_encrypt_key
teq r0,#0
@ -773,7 +773,7 @@ $code.=<<___;
moveq pc,lr @ be binary compatible with V4, yet
bx lr @ interoperable with Thumb ISA:-)
#endif
.size AES_set_decrypt_key,.-AES_set_decrypt_key
.size aes_set_decrypt_key_internal,.-aes_set_decrypt_key_internal
.type AES_Td,%object
.align 5
@ -877,17 +877,17 @@ AES_Td:
.byte 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
.size AES_Td,.-AES_Td
@ void AES_decrypt(const unsigned char *in, unsigned char *out,
@ const AES_KEY *key) {
.global AES_decrypt
.type AES_decrypt,%function
@ void aes_decrypt_internal(const unsigned char *in, unsigned char *out,
@ const AES_KEY *key) {
.global aes_decrypt_internal
.type aes_decrypt_internal,%function
.align 5
AES_decrypt:
sub r3,pc,#8 @ AES_decrypt
aes_decrypt_internal:
sub r3,pc,#8 @ aes_decrypt_internal
stmdb sp!,{r1,r4-r12,lr}
mov $rounds,r0 @ inp
mov $key,r2
sub $tbl,r3,#AES_decrypt-AES_Td @ Td
sub $tbl,r3,#aes_decrypt_internal-AES_Td @ Td
#if __ARM_ARCH__<7 || defined(__STRICT_ALIGNMENT)
ldrb $s0,[$rounds,#3] @ load input data in endian-neutral
ldrb $t1,[$rounds,#2] @ manner...
@ -981,7 +981,7 @@ AES_decrypt:
moveq pc,lr @ be binary compatible with V4, yet
bx lr @ interoperable with Thumb ISA:-)
#endif
.size AES_decrypt,.-AES_decrypt
.size aes_decrypt_internal,.-aes_decrypt_internal
.type _armv4_AES_decrypt,%function
.align 2

40
lib/libcrypto/aes/asm/aes-mips.pl
View file

@ -355,9 +355,9 @@ _mips_AES_encrypt:
.end _mips_AES_encrypt
.align 5
.globl AES_encrypt
.ent AES_encrypt
AES_encrypt:
.globl aes_encrypt_internal
.ent aes_encrypt_internal
aes_encrypt_internal:
.frame $sp,$FRAMESIZE,$ra
.mask $SAVED_REGS_MASK,-$SZREG
.set noreorder
@ -387,7 +387,7 @@ $code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi prologue
___
$code.=<<___ if ($flavour !~ /o32/i); # non-o32 PIC-ification
.cplocal $Tbl
.cpsetup $pf,$zero,AES_encrypt
.cpsetup $pf,$zero,aes_encrypt_internal
___
$code.=<<___;
.set reorder
@ -435,7 +435,7 @@ ___
$code.=<<___;
jr $ra
$PTR_ADD $sp,$FRAMESIZE
.end AES_encrypt
.end aes_encrypt_internal
___
$code.=<<___;
@ -691,9 +691,9 @@ _mips_AES_decrypt:
.end _mips_AES_decrypt
.align 5
.globl AES_decrypt
.ent AES_decrypt
AES_decrypt:
.globl aes_decrypt_internal
.ent aes_decrypt_internal
aes_decrypt_internal:
.frame $sp,$FRAMESIZE,$ra
.mask $SAVED_REGS_MASK,-$SZREG
.set noreorder
@ -723,7 +723,7 @@ $code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi prologue
___
$code.=<<___ if ($flavour !~ /o32/i); # non-o32 PIC-ification
.cplocal $Tbl
.cpsetup $pf,$zero,AES_decrypt
.cpsetup $pf,$zero,aes_decrypt_internal
___
$code.=<<___;
.set reorder
@ -771,7 +771,7 @@ ___
$code.=<<___;
jr $ra
$PTR_ADD $sp,$FRAMESIZE
.end AES_decrypt
.end aes_decrypt_internal
___
}}}
@ -1038,9 +1038,9 @@ _mips_AES_set_encrypt_key:
nop
.end _mips_AES_set_encrypt_key
.globl AES_set_encrypt_key
.ent AES_set_encrypt_key
AES_set_encrypt_key:
.globl aes_set_encrypt_key_internal
.ent aes_set_encrypt_key_internal
aes_set_encrypt_key_internal:
.frame $sp,$FRAMESIZE,$ra
.mask $SAVED_REGS_MASK,-$SZREG
.set noreorder
@ -1062,7 +1062,7 @@ $code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi prologue
___
$code.=<<___ if ($flavour !~ /o32/i); # non-o32 PIC-ification
.cplocal $Tbl
.cpsetup $pf,$zero,AES_set_encrypt_key
.cpsetup $pf,$zero,aes_set_encrypt_key_internal
___
$code.=<<___;
.set reorder
@ -1085,7 +1085,7 @@ ___
$code.=<<___;
jr $ra
$PTR_ADD $sp,$FRAMESIZE
.end AES_set_encrypt_key
.end aes_set_encrypt_key_internal
___
my ($head,$tail)=($inp,$bits);
@ -1093,9 +1093,9 @@ my ($tp1,$tp2,$tp4,$tp8,$tp9,$tpb,$tpd,$tpe)=($a4,$a5,$a6,$a7,$s0,$s1,$s2,$s3);
my ($m,$x80808080,$x7f7f7f7f,$x1b1b1b1b)=($at,$t0,$t1,$t2);
$code.=<<___;
.align 5
.globl AES_set_decrypt_key
.ent AES_set_decrypt_key
AES_set_decrypt_key:
.globl aes_set_decrypt_key_internal
.ent aes_set_decrypt_key_internal
aes_set_decrypt_key_internal:
.frame $sp,$FRAMESIZE,$ra
.mask $SAVED_REGS_MASK,-$SZREG
.set noreorder
@ -1117,7 +1117,7 @@ $code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi prologue
___
$code.=<<___ if ($flavour !~ /o32/i); # non-o32 PIC-ification
.cplocal $Tbl
.cpsetup $pf,$zero,AES_set_decrypt_key
.cpsetup $pf,$zero,aes_set_decrypt_key_internal
___
$code.=<<___;
.set reorder
@ -1228,7 +1228,7 @@ ___
$code.=<<___;
jr $ra
$PTR_ADD $sp,$FRAMESIZE
.end AES_set_decrypt_key
.end aes_set_decrypt_key_internal
___
}}}

8
lib/libcrypto/aes/asm/aes-parisc.pl
View file

@ -66,9 +66,9 @@ $code=<<___;
.LEVEL $LEVEL
.text
.EXPORT AES_encrypt,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR
.EXPORT aes_encrypt_internal,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR
.ALIGN 64
AES_encrypt
aes_encrypt_internal
.PROC
.CALLINFO FRAME=`$FRAME-16*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=18
.ENTRY
@ -540,9 +540,9 @@ L\$AES_Te
___
$code.=<<___;
.EXPORT AES_decrypt,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR
.EXPORT aes_decrypt_internal,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR
.ALIGN 16
AES_decrypt
aes_decrypt_internal
.PROC
.CALLINFO FRAME=`$FRAME-16*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=18
.ENTRY

8
lib/libcrypto/aes/asm/aes-ppc.pl
View file

@ -327,9 +327,9 @@ $code.=<<___;
.byte 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
.globl .AES_encrypt
.globl .aes_encrypt_internal
.align 7
.AES_encrypt:
.aes_encrypt_internal:
$STU $sp,-$FRAME($sp)
mflr r0
@ -754,9 +754,9 @@ Lenc_compact_done:
xor $s3,$s3,$t3
blr
.globl .AES_decrypt
.globl .aes_decrypt_internal
.align 7
.AES_decrypt:
.aes_decrypt_internal:
$STU $sp,-$FRAME($sp)
mflr r0

16
lib/libcrypto/aes/asm/aes-sparcv9.pl
View file

@ -511,8 +511,8 @@ _sparcv9_AES_encrypt:
.size _sparcv9_AES_encrypt,(.-_sparcv9_AES_encrypt)
.align 32
.globl AES_encrypt
AES_encrypt:
.globl aes_encrypt_internal
aes_encrypt_internal:
save %sp,-$frame,%sp
#ifdef __PIC__
sethi %hi(_GLOBAL_OFFSET_TABLE_-4), %o5
@ -638,8 +638,8 @@ AES_encrypt:
ret
restore
.type AES_encrypt,#function
.size AES_encrypt,(.-AES_encrypt)
.type aes_encrypt_internal,#function
.size aes_encrypt_internal,(.-aes_encrypt_internal)
___
@ -1075,8 +1075,8 @@ _sparcv9_AES_decrypt:
.size _sparcv9_AES_decrypt,(.-_sparcv9_AES_decrypt)
.align 32
.globl AES_decrypt
AES_decrypt:
.globl aes_decrypt_internal
aes_decrypt_internal:
save %sp,-$frame,%sp
#ifdef __PIC__
sethi %hi(_GLOBAL_OFFSET_TABLE_-4), %o5
@ -1202,8 +1202,8 @@ AES_decrypt:
ret
restore
.type AES_decrypt,#function
.size AES_decrypt,(.-AES_decrypt)
.type aes_decrypt_internal,#function
.size aes_decrypt_internal,(.-aes_decrypt_internal)
___
# fmovs instructions substituting for FP nops were originally added

76
lib/libcrypto/aes/asm/aes-x86_64.pl
View file

@ -586,15 +586,15 @@ $code.=<<___;
.size _x86_64_AES_encrypt_compact,.-_x86_64_AES_encrypt_compact
___
# void AES_encrypt (const void *inp,void *out,const AES_KEY *key);
# void aes_encrypt_internal(const void *inp, void *out, const AES_KEY *key);
$code.=<<___;
.globl AES_encrypt
.type AES_encrypt,\@function,3
.globl aes_encrypt_internal
.type aes_encrypt_internal,\@function,3
.align 16
.globl asm_AES_encrypt
.hidden asm_AES_encrypt
asm_AES_encrypt:
AES_encrypt:
aes_encrypt_internal:
_CET_ENDBR
push %rbx
push %rbp
@ -655,7 +655,7 @@ AES_encrypt:
lea 48(%rsi),%rsp
.Lenc_epilogue:
ret
.size AES_encrypt,.-AES_encrypt
.size aes_encrypt_internal,.-aes_encrypt_internal
___
#------------------------------------------------------------------#
@ -1188,15 +1188,15 @@ $code.=<<___;
.size _x86_64_AES_decrypt_compact,.-_x86_64_AES_decrypt_compact
___
# void AES_decrypt (const void *inp,void *out,const AES_KEY *key);
# void aes_decrypt_internal(const void *inp, void *out, const AES_KEY *key);
$code.=<<___;
.globl AES_decrypt
.type AES_decrypt,\@function,3
.globl aes_decrypt_internal
.type aes_decrypt_internal,\@function,3
.align 16
.globl asm_AES_decrypt
.hidden asm_AES_decrypt
asm_AES_decrypt:
AES_decrypt:
aes_decrypt_internal:
_CET_ENDBR
push %rbx
push %rbp
@ -1259,7 +1259,7 @@ AES_decrypt:
lea 48(%rsi),%rsp
.Ldec_epilogue:
ret
.size AES_decrypt,.-AES_decrypt
.size aes_decrypt_internal,.-aes_decrypt_internal
___
#------------------------------------------------------------------#
@ -1290,13 +1290,13 @@ $code.=<<___;
___
}
# int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
# AES_KEY *key)
# int aes_set_encrypt_key_internal(const unsigned char *userKey, const int bits,
# AES_KEY *key)
$code.=<<___;
.globl AES_set_encrypt_key
.type AES_set_encrypt_key,\@function,3
.globl aes_set_encrypt_key_internal
.type aes_set_encrypt_key_internal,\@function,3
.align 16
AES_set_encrypt_key:
aes_set_encrypt_key_internal:
_CET_ENDBR
push %rbx
push %rbp
@ -1318,7 +1318,7 @@ AES_set_encrypt_key:
add \$56,%rsp
.Lenc_key_epilogue:
ret
.size AES_set_encrypt_key,.-AES_set_encrypt_key
.size aes_set_encrypt_key_internal,.-aes_set_encrypt_key_internal
.type _x86_64_AES_set_encrypt_key,\@abi-omnipotent
.align 16
@ -1562,13 +1562,13 @@ $code.=<<___;
___
}
# int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
# AES_KEY *key)
# int aes_set_decrypt_key_internal(const unsigned char *userKey, const int bits,
# AES_KEY *key)
$code.=<<___;
.globl AES_set_decrypt_key
.type AES_set_decrypt_key,\@function,3
.globl aes_set_decrypt_key_internal
.type aes_set_decrypt_key_internal,\@function,3
.align 16
AES_set_decrypt_key:
aes_set_decrypt_key_internal:
_CET_ENDBR
push %rbx
push %rbp
@ -1638,7 +1638,7 @@ $code.=<<___;
add \$56,%rsp
.Ldec_key_epilogue:
ret
.size AES_set_decrypt_key,.-AES_set_decrypt_key
.size aes_set_decrypt_key_internal,.-aes_set_decrypt_key_internal
___
# void aes_cbc_encrypt_internal(const void char *inp, unsigned char *out,
@ -2782,21 +2782,21 @@ cbc_se_handler:
.section .pdata
.align 4
.rva .LSEH_begin_AES_encrypt
.rva .LSEH_end_AES_encrypt
.rva .LSEH_info_AES_encrypt
.rva .LSEH_begin_aes_encrypt_internal
.rva .LSEH_end_aes_encrypt_internal
.rva .LSEH_info_aes_encrypt_internal
.rva .LSEH_begin_AES_decrypt
.rva .LSEH_end_AES_decrypt
.rva .LSEH_info_AES_decrypt
.rva .LSEH_begin_aes_decrypt_internal
.rva .LSEH_end_aes_decrypt_internal
.rva .LSEH_info_aes_decrypt_internal
.rva .LSEH_begin_AES_set_encrypt_key
.rva .LSEH_end_AES_set_encrypt_key
.rva .LSEH_info_AES_set_encrypt_key
.rva .LSEH_begin_aes_set_encrypt_key_internal
.rva .LSEH_end_aes_set_encrypt_key_internal
.rva .LSEH_info_aes_set_encrypt_key_internal
.rva .LSEH_begin_AES_set_decrypt_key
.rva .LSEH_end_AES_set_decrypt_key
.rva .LSEH_info_AES_set_decrypt_key
.rva .LSEH_begin_aes_set_decrypt_key_internal
.rva .LSEH_end_aes_set_decrypt_key_internal
.rva .LSEH_info_aes_set_decrypt_key_internal
.rva .LSEH_begin_aes_cbc_encrypt_internal
.rva .LSEH_end_aes_cbc_encrypt_internal
@ -2804,19 +2804,19 @@ cbc_se_handler:
.section .xdata
.align 8
.LSEH_info_AES_encrypt:
.LSEH_info_aes_encrypt_internal:
.byte 9,0,0,0
.rva block_se_handler
.rva .Lenc_prologue,.Lenc_epilogue # HandlerData[]
.LSEH_info_AES_decrypt:
.LSEH_info_aes_decrypt_internal:
.byte 9,0,0,0
.rva block_se_handler
.rva .Ldec_prologue,.Ldec_epilogue # HandlerData[]
.LSEH_info_AES_set_encrypt_key:
.LSEH_info_aes_set_encrypt_key_internal:
.byte 9,0,0,0
.rva key_se_handler
.rva .Lenc_key_prologue,.Lenc_key_epilogue # HandlerData[]
.LSEH_info_AES_set_decrypt_key:
.LSEH_info_aes_set_decrypt_key_internal:
.byte 9,0,0,0
.rva key_se_handler
.rva .Ldec_key_prologue,.Ldec_key_epilogue # HandlerData[]

12
lib/libcrypto/arch/aarch64/Makefile.inc
View file

@ -1,17 +1,7 @@
# $OpenBSD: Makefile.inc,v 1.10 2024/03/28 12:52:58 jsing Exp $
# $OpenBSD: Makefile.inc,v 1.13 2024/03/29 07:24:09 jsing Exp $
# aarch64-specific libcrypto build rules
# aes
SRCS+= aes_core.c
# bn
# camellia
SRCS+= camellia.c cmll_cbc.c cmll_misc.c
# modes
# sha
# whrlpool
SRCS+= wp_block.c
.for dir f in ${SSLASM}
SRCS+= ${f}.S
GENERATED+=${f}.S

8
lib/libcrypto/arch/alpha/Makefile.inc
View file

@ -1,22 +1,16 @@
# $OpenBSD: Makefile.inc,v 1.11 2024/03/28 12:52:58 jsing Exp $
# $OpenBSD: Makefile.inc,v 1.14 2024/03/29 07:24:09 jsing Exp $
# alpha-specific libcrypto build rules
# aes
SRCS+= aes_core.c
# bn
SSLASM+= bn alpha-mont
CFLAGS+= -DOPENSSL_BN_ASM_MONT
# camellia
SRCS+= camellia.c cmll_cbc.c cmll_misc.c
# modes
CFLAGS+= -DGHASH_ASM
SSLASM+= modes ghash-alpha
# sha
CFLAGS+= -DSHA1_ASM
SSLASM+= sha sha1-alpha
# whrlpool
SRCS+= wp_block.c
.for dir f in ${SSLASM}
SRCS+= ${f}.S

11
lib/libcrypto/arch/amd64/Makefile.inc
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile.inc,v 1.21 2024/03/29 01:24:07 jsing Exp $
# $OpenBSD: Makefile.inc,v 1.27 2024/03/29 11:00:57 jsing Exp $
# amd64-specific libcrypto build rules
@ -14,6 +14,10 @@ CFLAGS+= -DVPAES_ASM
SSLASM+= aes vpaes-x86_64
SSLASM+= aes aesni-x86_64
CFLAGS+= -DHAVE_AES_CBC_ENCRYPT_INTERNAL
CFLAGS+= -DHAVE_AES_SET_ENCRYPT_KEY_INTERNAL
CFLAGS+= -DHAVE_AES_SET_DECRYPT_KEY_INTERNAL
CFLAGS+= -DHAVE_AES_ENCRYPT_INTERNAL
CFLAGS+= -DHAVE_AES_DECRYPT_INTERNAL
# bn
CFLAGS+= -DOPENSSL_IA32_SSE2
CFLAGS+= -DRSA_ASM
@ -37,9 +41,6 @@ SRCS += bignum_sqr_8_16_alt.S
SRCS += bignum_sub.S
SRCS += word_clz.S
# camellia
SRCS+= cmll_misc.c
SSLASM+= camellia cmll-x86_64
# md5
CFLAGS+= -DMD5_ASM
SSLASM+= md5 md5-x86_64
@ -66,8 +67,6 @@ GENERATED+= sha512-x86_64.S
sha512-x86_64.S: ${LCRYPTO_SRC}/sha/asm/sha512-x86_64.pl ${EXTRA_PL}
cd ${LCRYPTO_SRC}/sha/asm ; \
/usr/bin/perl ./sha512-x86_64.pl ${.OBJDIR}/${.TARGET}
# whrlpool
SRCS+= wp_block.c
.for dir f in ${SSLASM}
SRCS+= ${f}.S

8
lib/libcrypto/arch/arm/Makefile.inc
View file

@ -5,11 +5,13 @@
# aes
CFLAGS+= -DAES_ASM
SSLASM+= aes aes-armv4
CFLAGS+= -DHAVE_AES_SET_ENCRYPT_KEY_INTERNAL
CFLAGS+= -DHAVE_AES_SET_DECRYPT_KEY_INTERNAL
CFLAGS+= -DHAVE_AES_ENCRYPT_INTERNAL
CFLAGS+= -DHAVE_AES_DECRYPT_INTERNAL
# bn
CFLAGS+= -DOPENSSL_BN_ASM_MONT
SSLASM+= bn armv4-mont
# camellia
SRCS+= camellia.c cmll_cbc.c cmll_misc.c
# modes
CFLAGS+= -DGHASH_ASM
SSLASM+= modes ghash-armv4
@ -20,8 +22,6 @@ CFLAGS+= -DSHA256_ASM
SSLASM+= sha sha256-armv4
CFLAGS+= -DSHA512_ASM
SSLASM+= sha sha512-armv4
# whrlpool
SRCS+= wp_block.c
.for dir f in ${SSLASM}
SRCS+= ${f}.S

9
lib/libcrypto/arch/hppa/Makefile.inc
View file

@ -1,16 +1,15 @@
# $OpenBSD: Makefile.inc,v 1.20 2024/03/28 12:52:58 jsing Exp $
# $OpenBSD: Makefile.inc,v 1.24 2024/03/29 11:00:57 jsing Exp $
# hppa-specific libcrypto build rules
# aes
SRCS+= aes_core.c
CFLAGS+= -DAES_ASM
SSLASM+= aes aes-parisc aes-parisc
CFLAGS+= -DHAVE_AES_ENCRYPT_INTERNAL
CFLAGS+= -DHAVE_AES_DECRYPT_INTERNAL
# bn
SSLASM+= bn parisc-mont parisc-mont
CFLAGS+= -DOPENSSL_BN_ASM_MONT -DBN_DIV2W
# camellia
SRCS+= camellia.c cmll_cbc.c cmll_misc.c
# modes
CFLAGS+= -DGHASH_ASM
SSLASM+= modes ghash-parisc ghash-parisc
@ -19,8 +18,6 @@ CFLAGS+= -DSHA1_ASM
SSLASM+= sha sha1-parisc sha1-parisc
CFLAGS+= -DSHA256_ASM
SSLASM+= sha sha512-parisc sha256-parisc
# whrlpool
SRCS+= wp_block.c
.for dir src dst in ${SSLASM}
SRCS+= ${dst}.S

10
lib/libcrypto/arch/i386/Makefile.inc
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile.inc,v 1.18 2024/03/29 01:24:07 jsing Exp $
# $OpenBSD: Makefile.inc,v 1.24 2024/03/29 11:00:57 jsing Exp $
# i386-specific libcrypto build rules
@ -12,14 +12,16 @@ CFLAGS+= -DVPAES_ASM
SSLASM+= aes vpaes-x86
SSLASM+= aes aesni-x86
CFLAGS+= -DHAVE_AES_CBC_ENCRYPT_INTERNAL
CFLAGS+= -DHAVE_AES_SET_ENCRYPT_KEY_INTERNAL
CFLAGS+= -DHAVE_AES_SET_DECRYPT_KEY_INTERNAL
CFLAGS+= -DHAVE_AES_ENCRYPT_INTERNAL
CFLAGS+= -DHAVE_AES_DECRYPT_INTERNAL
# bn
CFLAGS+= -DOPENSSL_IA32_SSE2
SSLASM+= bn bn-586
SSLASM+= bn co-586
CFLAGS+= -DOPENSSL_BN_ASM_MONT
SSLASM+= bn x86-mont
# camellia
SSLASM+= camellia cmll-x86
# md5
CFLAGS+= -DMD5_ASM
SSLASM+= md5 md5-586
@ -37,8 +39,6 @@ CFLAGS+= -DSHA256_ASM
SSLASM+= sha sha256-586
CFLAGS+= -DSHA512_ASM
SSLASM+= sha sha512-586
# whrlpool
SRCS+= wp_block.c
.for dir f in ${SSLASM}
SRCS+= ${f}.S

10
lib/libcrypto/arch/mips64/Makefile.inc
View file

@ -1,16 +1,18 @@
# $OpenBSD: Makefile.inc,v 1.12 2024/03/28 12:52:58 jsing Exp $
# $OpenBSD: Makefile.inc,v 1.17 2024/03/29 11:00:57 jsing Exp $
# mips64-specific libcrypto build rules
# aes
CFLAGS+= -DAES_ASM
SSLASM+= aes aes-mips aes-mips
CFLAGS+= -DHAVE_AES_SET_ENCRYPT_KEY_INTERNAL
CFLAGS+= -DHAVE_AES_SET_DECRYPT_KEY_INTERNAL
CFLAGS+= -DHAVE_AES_ENCRYPT_INTERNAL
CFLAGS+= -DHAVE_AES_DECRYPT_INTERNAL
# bn
SSLASM+= bn mips bn-mips
SSLASM+= bn mips-mont mips-mont
CFLAGS+= -DOPENSSL_BN_ASM_MONT
# camellia
SRCS+= camellia.c cmll_cbc.c cmll_misc.c
# sha
SSLASM+= sha sha1-mips sha1-mips
CFLAGS+= -DSHA1_ASM
@ -18,8 +20,6 @@ SSLASM+= sha sha512-mips sha256-mips
CFLAGS+= -DSHA256_ASM
SSLASM+= sha sha512-mips sha512-mips
CFLAGS+= -DSHA512_ASM
# whrlpool
SRCS+= wp_block.c
.for dir src dst in ${SSLASM}
SRCS+= ${dst}.S

8
lib/libcrypto/arch/powerpc/Makefile.inc
View file

@ -1,9 +1,7 @@
# $OpenBSD: Makefile.inc,v 1.9 2024/03/28 12:52:58 jsing Exp $
# $OpenBSD: Makefile.inc,v 1.12 2024/03/29 07:24:09 jsing Exp $
# powerpc-specific libcrypto build rules
# aes
SRCS+= aes_core.c
# slower than C code
#CFLAGS+= -DAES_ASM
#SSLASM+= aes aes-ppc aes-ppc
@ -12,15 +10,11 @@ SSLASM+= bn ppc bn-ppc
SSLASM+= bn ppc-mont ppc-mont # bn_mul_mont_int
#SSLASM+= bn ppc64-mont ppc64-mont # bn_mul_mont_fpu64
CFLAGS+= -DOPENSSL_BN_ASM_MONT
# camellia
SRCS+= camellia.c cmll_cbc.c cmll_misc.c
# sha
CFLAGS+= -DSHA1_ASM
SSLASM+= sha sha1-ppc sha1-ppc
CFLAGS+= -DSHA256_ASM
SSLASM+= sha sha512-ppc sha256-ppc
# whrlpool
SRCS+= wp_block.c
.for dir src dst in ${SSLASM}
SRCS+= ${dst}.S

8
lib/libcrypto/arch/powerpc64/Makefile.inc
View file

@ -1,9 +1,7 @@
# $OpenBSD: Makefile.inc,v 1.11 2024/03/28 12:52:58 jsing Exp $
# $OpenBSD: Makefile.inc,v 1.14 2024/03/29 07:24:09 jsing Exp $
# powerpc-specific libcrypto build rules
# aes
SRCS+= aes_core.c
# slower than C code
#CFLAGS+= -DAES_ASM
#SSLASM+= aes aes-ppc aes-ppc
@ -12,15 +10,11 @@ SRCS+= aes_core.c
#SSLASM+= bn ppc-mont ppc-mont # bn_mul_mont_int
#SSLASM+= bn ppc64-mont ppc64-mont # bn_mul_mont_fpu64
#CFLAGS+= -DOPENSSL_BN_ASM_MONT
# camellia
SRCS+= camellia.c cmll_cbc.c cmll_misc.c
# sha
#CFLAGS+= -DSHA1_ASM
#SSLASM+= sha sha1-ppc sha1-ppc
#CFLAGS+= -DSHA256_ASM
#SSLASM+= sha sha512-ppc sha256-ppc
# whrlpool
SRCS+= wp_block.c
.for dir src dst in ${SSLASM}
SRCS+= ${dst}.S

13
lib/libcrypto/arch/riscv64/Makefile.inc
View file

@ -1,14 +1,3 @@
# $OpenBSD: Makefile.inc,v 1.7 2024/03/28 12:52:58 jsing Exp $
# $OpenBSD: Makefile.inc,v 1.10 2024/03/29 07:24:09 jsing Exp $
# riscv64 libcrypto build rules
# aes
SRCS+= aes_core.c
# camellia
SRCS+= camellia.c
SRCS+= cmll_cbc.c
SRCS+= cmll_misc.c
# whrlpool
SRCS+= wp_block.c

9
lib/libcrypto/arch/sparc64/Makefile.inc
View file

@ -1,14 +1,13 @@
# $OpenBSD: Makefile.inc,v 1.14 2024/03/28 12:52:58 jsing Exp $
# $OpenBSD: Makefile.inc,v 1.18 2024/03/29 11:00:57 jsing Exp $
# sparc64-specific libcrypto build rules
# aes
SRCS+= aes_core.c
CFLAGS+= -DAES_ASM
SSLASM+= aes aes-sparcv9 aes-sparcv9
CFLAGS+= -DHAVE_AES_ENCRYPT_INTERNAL
CFLAGS+= -DHAVE_AES_DECRYPT_INTERNAL
# bn
# camellia
SRCS+= camellia.c cmll_cbc.c cmll_misc.c
# modes
CFLAGS+= -DGHASH_ASM
SSLASM+= modes ghash-sparcv9 ghash-sparcv9
@ -19,8 +18,6 @@ SSLASM+= sha sha512-sparcv9 sha256-sparcv9
CFLAGS+= -DSHA256_ASM
SSLASM+= sha sha512-sparcv9 sha512-sparcv9
CFLAGS+= -DSHA512_ASM
# whrlpool
SRCS+= wp_block.c
.for dir src dst in ${SSLASM}
SRCS+= ${dst}.S

51
lib/libcrypto/asn1/asn_mime.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: asn_mime.c,v 1.32 2023/07/05 21:23:36 beck Exp $ */
/* $OpenBSD: asn_mime.c,v 1.34 2024/03/29 04:35:42 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
@ -110,7 +110,6 @@ static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
static void mime_hdr_free(MIME_HEADER *hdr);
#define MAX_SMLEN 1024
#define mime_debug(x) /* x */
/* Output an ASN1 structure in BER format streaming if necessary */
@ -118,29 +117,30 @@ int
i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
const ASN1_ITEM *it)
{
/* If streaming create stream BIO and copy all content through it */
if (flags & SMIME_STREAM) {
BIO *bio, *tbio;
bio = BIO_new_NDEF(out, val, it);
if (!bio) {
ASN1error(ERR_R_MALLOC_FAILURE);
return 0;
}
SMIME_crlf_copy(in, bio, flags);
(void)BIO_flush(bio);
/* Free up successive BIOs until we hit the old output BIO */
do {
tbio = BIO_pop(bio);
BIO_free(bio);
bio = tbio;
} while (bio != out);
BIO *bio, *tbio;
int ret;
/* Without streaming, write out the ASN.1 structure's content. */
if ((flags & SMIME_STREAM) == 0)
return ASN1_item_i2d_bio(it, out, val);
/* If streaming, create a stream BIO and copy all content through it. */
if ((bio = BIO_new_NDEF(out, val, it)) == NULL) {
ASN1error(ERR_R_MALLOC_FAILURE);
return 0;
}
/* else just write out ASN1 structure which will have all content
* stored internally
*/
else
ASN1_item_i2d_bio(it, out, val);
return 1;
ret = SMIME_crlf_copy(in, bio, flags);
(void)BIO_flush(bio);
/* Free up successive BIOs until we hit the old output BIO. */
do {
tbio = BIO_pop(bio);
BIO_free(bio);
bio = tbio;
} while (bio != out);
return ret;
}
/* Base 64 read and write of ASN1 structure */
@ -706,7 +706,6 @@ mime_parse_hdr(BIO *bio)
case MIME_TYPE:
if (c == ';') {
mime_debug("Found End Value\n");
*p = 0;
mhdr = mime_hdr_new(ntmp,
strip_ends(q));
@ -748,7 +747,6 @@ mime_parse_hdr(BIO *bio)
ntmp = NULL;
q = p + 1;
} else if (c == '"') {
mime_debug("Found Quote\n");
state = MIME_QUOTE;
} else if (c == '(') {
save_state = state;
@ -758,7 +756,6 @@ mime_parse_hdr(BIO *bio)
case MIME_QUOTE:
if (c == '"') {
mime_debug("Found Match Quote\n");
state = MIME_VALUE;
}
break;

9
lib/libcrypto/bf/blowfish.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: blowfish.c,v 1.2 2024/03/27 11:54:29 jsing Exp $ */
/* $OpenBSD: blowfish.c,v 1.3 2024/03/29 02:37:20 joshua Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -380,6 +380,7 @@ BF_encrypt(BF_LONG *data, const BF_KEY *key)
data[1] = l&0xffffffffL;
data[0] = r&0xffffffffL;
}
LCRYPTO_ALIAS(BF_encrypt);
#ifndef BF_DEFAULT_OPTIONS
@ -422,6 +423,7 @@ BF_decrypt(BF_LONG *data, const BF_KEY *key)
data[1] = l&0xffffffffL;
data[0] = r&0xffffffffL;
}
LCRYPTO_ALIAS(BF_decrypt);
void
BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
@ -498,6 +500,7 @@ BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
tin[0] = tin[1] = 0;
}
LCRYPTO_ALIAS(BF_cbc_encrypt);
/*
* The input and output encrypted as though 64bit cfb mode is being
@ -561,6 +564,7 @@ BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length,
v0 = v1 = ti[0] = ti[1] = t=c = cc = 0;
*num = n;
}
LCRYPTO_ALIAS(BF_cfb64_encrypt);
void
BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
@ -582,6 +586,7 @@ BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
l2n(l, out);
l = d[0] = d[1] = 0;
}
LCRYPTO_ALIAS(BF_ecb_encrypt);
/*
* The input and output encrypted as though 64bit ofb mode is being
@ -632,6 +637,7 @@ BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length,
t = v0 = v1 = ti[0] = ti[1] = 0;
*num = n;
}
LCRYPTO_ALIAS(BF_ofb64_encrypt);
void
BF_set_key(BF_KEY *key, int len, const unsigned char *data)
@ -686,4 +692,5 @@ BF_set_key(BF_KEY *key, int len, const unsigned char *data)
p[i + 1] = in[1];
}
}
LCRYPTO_ALIAS(BF_set_key);
#endif

1126
lib/libcrypto/camellia/asm/cmll-x86.pl
View file

File diff suppressed because it is too large Load diff

875
lib/libcrypto/camellia/asm/cmll-x86_64.pl
View file

@ -1,875 +0,0 @@
#!/usr/bin/env perl
# ====================================================================
# Copyright (c) 2008 Andy Polyakov <appro@openssl.org>
#
# This module may be used under the terms of either the GNU General
# Public License version 2 or later, the GNU Lesser General Public
# License version 2.1 or later, the Mozilla Public License version
# 1.1 or the BSD License. The exact terms of either license are
# distributed along with this module. For further details see
# http://www.openssl.org/~appro/camellia/.
# ====================================================================
# Performance in cycles per processed byte (less is better) in
# 'openssl speed ...' benchmark:
#
# AMD64 Core2 EM64T
# -evp camellia-128-ecb 16.7 21.0 22.7
# + over gcc 3.4.6 +25% +5% 0%
#
# camellia-128-cbc 15.7 20.4 21.1
#
# 128-bit key setup 128 216 205 cycles/key
# + over gcc 3.4.6 +54% +39% +15%
#
# Numbers in "+" rows represent performance improvement over compiler
# generated code. Key setup timings are impressive on AMD and Core2
# thanks to 64-bit operations being covertly deployed. Improvement on
# EM64T, pre-Core2 Intel x86_64 CPU, is not as impressive, because it
# apparently emulates some of 64-bit operations in [32-bit] microcode.
$flavour = shift;
$output = shift;
if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
open OUT,"| \"$^X\" $xlate $flavour $output";
*STDOUT=*OUT;
sub hi() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1h/; $r; }
sub lo() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1l/;
$r =~ s/%[er]([sd]i)/%\1l/;
$r =~ s/%(r[0-9]+)[d]?/%\1b/; $r; }
$t0="%eax";$t1="%ebx";$t2="%ecx";$t3="%edx";
@S=("%r8d","%r9d","%r10d","%r11d");
$i0="%esi";
$i1="%edi";
$Tbl="%rbp"; # size optimization
$inp="%r12";
$out="%r13";
$key="%r14";
$keyend="%r15";
$arg0d="%edi";
# const unsigned int Camellia_SBOX[4][256];
# Well, sort of... Camellia_SBOX[0][] is interleaved with [1][],
# and [2][] - with [3][]. This is done to minimize code size.
$SBOX1_1110=0; # Camellia_SBOX[0]
$SBOX4_4404=4; # Camellia_SBOX[1]
$SBOX2_0222=2048; # Camellia_SBOX[2]
$SBOX3_3033=2052; # Camellia_SBOX[3]
sub Camellia_Feistel {
my $i=@_[0];
my $seed=defined(@_[1])?@_[1]:0;
my $scale=$seed<0?-8:8;
my $j=($i&1)*2;
my $s0=@S[($j)%4],$s1=@S[($j+1)%4],$s2=@S[($j+2)%4],$s3=@S[($j+3)%4];
$code.=<<___;
xor $s0,$t0 # t0^=key[0]
xor $s1,$t1 # t1^=key[1]
movz `&hi("$t0")`,$i0 # (t0>>8)&0xff
movz `&lo("$t1")`,$i1 # (t1>>0)&0xff
mov $SBOX3_3033($Tbl,$i0,8),$t3 # t3=SBOX3_3033[0]
mov $SBOX1_1110($Tbl,$i1,8),$t2 # t2=SBOX1_1110[1]
movz `&lo("$t0")`,$i0 # (t0>>0)&0xff
shr \$16,$t0
movz `&hi("$t1")`,$i1 # (t1>>8)&0xff
xor $SBOX4_4404($Tbl,$i0,8),$t3 # t3^=SBOX4_4404[0]
shr \$16,$t1
xor $SBOX4_4404($Tbl,$i1,8),$t2 # t2^=SBOX4_4404[1]
movz `&hi("$t0")`,$i0 # (t0>>24)&0xff
movz `&lo("$t1")`,$i1 # (t1>>16)&0xff
xor $SBOX1_1110($Tbl,$i0,8),$t3 # t3^=SBOX1_1110[0]
xor $SBOX3_3033($Tbl,$i1,8),$t2 # t2^=SBOX3_3033[1]
movz `&lo("$t0")`,$i0 # (t0>>16)&0xff
movz `&hi("$t1")`,$i1 # (t1>>24)&0xff
xor $SBOX2_0222($Tbl,$i0,8),$t3 # t3^=SBOX2_0222[0]
xor $SBOX2_0222($Tbl,$i1,8),$t2 # t2^=SBOX2_0222[1]
mov `$seed+($i+1)*$scale`($key),$t1 # prefetch key[i+1]
mov `$seed+($i+1)*$scale+4`($key),$t0
xor $t3,$t2 # t2^=t3
ror \$8,$t3 # t3=RightRotate(t3,8)
xor $t2,$s2
xor $t2,$s3
xor $t3,$s3
___
}
# void Camellia_EncryptBlock_Rounds(
# int grandRounds,
# const Byte plaintext[],
# const KEY_TABLE_TYPE keyTable,
# Byte ciphertext[])
$code=<<___;
.text
# V1.x API
.globl Camellia_EncryptBlock
.type Camellia_EncryptBlock,\@abi-omnipotent
.align 16
Camellia_EncryptBlock:
_CET_ENDBR
movl \$128,%eax
subl $arg0d,%eax
movl \$3,$arg0d
adcl \$0,$arg0d # keyBitLength==128?3:4
jmp .Lenc_rounds
.size Camellia_EncryptBlock,.-Camellia_EncryptBlock
# V2
.globl Camellia_EncryptBlock_Rounds
.type Camellia_EncryptBlock_Rounds,\@function,4
.align 16
.Lenc_rounds:
Camellia_EncryptBlock_Rounds:
_CET_ENDBR
push %rbx
push %rbp
push %r13
push %r14
push %r15
.Lenc_prologue:
#mov %rsi,$inp # put away arguments
mov %rcx,$out
mov %rdx,$key
shl \$6,%edi # process grandRounds
lea .LCamellia_SBOX(%rip),$Tbl
lea ($key,%rdi),$keyend
mov 0(%rsi),@S[0] # load plaintext
mov 4(%rsi),@S[1]
mov 8(%rsi),@S[2]
bswap @S[0]
mov 12(%rsi),@S[3]
bswap @S[1]
bswap @S[2]
bswap @S[3]
call _x86_64_Camellia_encrypt
bswap @S[0]
bswap @S[1]
bswap @S[2]
mov @S[0],0($out)
bswap @S[3]
mov @S[1],4($out)
mov @S[2],8($out)
mov @S[3],12($out)
mov 0(%rsp),%r15
mov 8(%rsp),%r14
mov 16(%rsp),%r13
mov 24(%rsp),%rbp
mov 32(%rsp),%rbx
lea 40(%rsp),%rsp
.Lenc_epilogue:
ret
.size Camellia_EncryptBlock_Rounds,.-Camellia_EncryptBlock_Rounds
.type _x86_64_Camellia_encrypt,\@abi-omnipotent
.align 16
_x86_64_Camellia_encrypt:
_CET_ENDBR
xor 0($key),@S[1]
xor 4($key),@S[0] # ^=key[0-3]
xor 8($key),@S[3]
xor 12($key),@S[2]
.align 16
.Leloop:
mov 16($key),$t1 # prefetch key[4-5]
mov 20($key),$t0
___
for ($i=0;$i<6;$i++) { Camellia_Feistel($i,16); }
$code.=<<___;
lea 16*4($key),$key
cmp $keyend,$key
mov 8($key),$t3 # prefetch key[2-3]
mov 12($key),$t2
je .Ledone
and @S[0],$t0
or @S[3],$t3
rol \$1,$t0
xor $t3,@S[2] # s2^=s3|key[3];
xor $t0,@S[1] # s1^=LeftRotate(s0&key[0],1);
and @S[2],$t2
or @S[1],$t1
rol \$1,$t2
xor $t1,@S[0] # s0^=s1|key[1];
xor $t2,@S[3] # s3^=LeftRotate(s2&key[2],1);
jmp .Leloop
.align 16
.Ledone:
xor @S[2],$t0 # SwapHalf
xor @S[3],$t1
xor @S[0],$t2
xor @S[1],$t3
mov $t0,@S[0]
mov $t1,@S[1]
mov $t2,@S[2]
mov $t3,@S[3]
retq
.size _x86_64_Camellia_encrypt,.-_x86_64_Camellia_encrypt
# V1.x API
.globl Camellia_DecryptBlock
.type Camellia_DecryptBlock,\@abi-omnipotent
.align 16
Camellia_DecryptBlock:
_CET_ENDBR
movl \$128,%eax
subl $arg0d,%eax
movl \$3,$arg0d
adcl \$0,$arg0d # keyBitLength==128?3:4
jmp .Ldec_rounds
.size Camellia_DecryptBlock,.-Camellia_DecryptBlock
# V2
.globl Camellia_DecryptBlock_Rounds
.type Camellia_DecryptBlock_Rounds,\@function,4
.align 16
.Ldec_rounds:
Camellia_DecryptBlock_Rounds:
_CET_ENDBR
push %rbx
push %rbp
push %r13
push %r14
push %r15
.Ldec_prologue:
#mov %rsi,$inp # put away arguments
mov %rcx,$out
mov %rdx,$keyend
shl \$6,%edi # process grandRounds
lea .LCamellia_SBOX(%rip),$Tbl
lea ($keyend,%rdi),$key
mov 0(%rsi),@S[0] # load plaintext
mov 4(%rsi),@S[1]
mov 8(%rsi),@S[2]
bswap @S[0]
mov 12(%rsi),@S[3]
bswap @S[1]
bswap @S[2]
bswap @S[3]
call _x86_64_Camellia_decrypt
bswap @S[0]
bswap @S[1]
bswap @S[2]
mov @S[0],0($out)
bswap @S[3]
mov @S[1],4($out)
mov @S[2],8($out)
mov @S[3],12($out)
mov 0(%rsp),%r15
mov 8(%rsp),%r14
mov 16(%rsp),%r13
mov 24(%rsp),%rbp
mov 32(%rsp),%rbx
lea 40(%rsp),%rsp
.Ldec_epilogue:
ret
.size Camellia_DecryptBlock_Rounds,.-Camellia_DecryptBlock_Rounds
.type _x86_64_Camellia_decrypt,\@abi-omnipotent
.align 16
_x86_64_Camellia_decrypt:
_CET_ENDBR
xor 0($key),@S[1]
xor 4($key),@S[0] # ^=key[0-3]
xor 8($key),@S[3]
xor 12($key),@S[2]
.align 16
.Ldloop:
mov -8($key),$t1 # prefetch key[4-5]
mov -4($key),$t0
___
for ($i=0;$i<6;$i++) { Camellia_Feistel($i,-8); }
$code.=<<___;
lea -16*4($key),$key
cmp $keyend,$key
mov 0($key),$t3 # prefetch key[2-3]
mov 4($key),$t2
je .Lddone
and @S[0],$t0
or @S[3],$t3
rol \$1,$t0
xor $t3,@S[2] # s2^=s3|key[3];
xor $t0,@S[1] # s1^=LeftRotate(s0&key[0],1);
and @S[2],$t2
or @S[1],$t1
rol \$1,$t2
xor $t1,@S[0] # s0^=s1|key[1];
xor $t2,@S[3] # s3^=LeftRotate(s2&key[2],1);
jmp .Ldloop
.align 16
.Lddone:
xor @S[2],$t2
xor @S[3],$t3
xor @S[0],$t0
xor @S[1],$t1
mov $t2,@S[0] # SwapHalf
mov $t3,@S[1]
mov $t0,@S[2]
mov $t1,@S[3]
retq
.size _x86_64_Camellia_decrypt,.-_x86_64_Camellia_decrypt
___
sub _saveround {
my ($rnd,$key,@T)=@_;
my $bias=int(@T[0])?shift(@T):0;
if ($#T==3) {
$code.=<<___;
mov @T[1],`$bias+$rnd*8+0`($key)
mov @T[0],`$bias+$rnd*8+4`($key)
mov @T[3],`$bias+$rnd*8+8`($key)
mov @T[2],`$bias+$rnd*8+12`($key)
___
} else {
$code.=" mov @T[0],`$bias+$rnd*8+0`($key)\n";
$code.=" mov @T[1],`$bias+$rnd*8+8`($key)\n" if ($#T>=1);
}
}
sub _loadround {
my ($rnd,$key,@T)=@_;
my $bias=int(@T[0])?shift(@T):0;
$code.=" mov `$bias+$rnd*8+0`($key),@T[0]\n";
$code.=" mov `$bias+$rnd*8+8`($key),@T[1]\n" if ($#T>=1);
}
# shld is very slow on Intel EM64T family. Even on AMD it limits
# instruction decode rate [because it's VectorPath] and consequently
# performance...
sub __rotl128 {
my ($i0,$i1,$rot)=@_;
if ($rot) {
$code.=<<___;
mov $i0,%r11
shld \$$rot,$i1,$i0
shld \$$rot,%r11,$i1
___
}
}
# ... Implementing 128-bit rotate without shld gives 80% better
# performance EM64T, +15% on AMD64 and only ~7% degradation on
# Core2. This is therefore preferred.
sub _rotl128 {
my ($i0,$i1,$rot)=@_;
if ($rot) {
$code.=<<___;
mov $i0,%r11
shl \$$rot,$i0
mov $i1,%r9
shr \$`64-$rot`,%r9
shr \$`64-$rot`,%r11
or %r9,$i0
shl \$$rot,$i1
or %r11,$i1
___
}
}
{ my $step=0;
$code.=<<___;
.globl Camellia_Ekeygen
.type Camellia_Ekeygen,\@function,3
.align 16
Camellia_Ekeygen:
_CET_ENDBR
push %rbx
push %rbp
push %r13
push %r14
push %r15
.Lkey_prologue:
mov %rdi,$keyend # put away arguments, keyBitLength
mov %rdx,$out # keyTable
mov 0(%rsi),@S[0] # load 0-127 bits
mov 4(%rsi),@S[1]
mov 8(%rsi),@S[2]
mov 12(%rsi),@S[3]
bswap @S[0]
bswap @S[1]
bswap @S[2]
bswap @S[3]
___
&_saveround (0,$out,@S); # KL<<<0
$code.=<<___;
cmp \$128,$keyend # check keyBitLength
je .L1st128
mov 16(%rsi),@S[0] # load 128-191 bits
mov 20(%rsi),@S[1]
cmp \$192,$keyend
je .L1st192
mov 24(%rsi),@S[2] # load 192-255 bits
mov 28(%rsi),@S[3]
jmp .L1st256
.L1st192:
mov @S[0],@S[2]
mov @S[1],@S[3]
not @S[2]
not @S[3]
.L1st256:
bswap @S[0]
bswap @S[1]
bswap @S[2]
bswap @S[3]
___
&_saveround (4,$out,@S); # temp storage for KR!
$code.=<<___;
xor 0($out),@S[1] # KR^KL
xor 4($out),@S[0]
xor 8($out),@S[3]
xor 12($out),@S[2]
.L1st128:
lea .LCamellia_SIGMA(%rip),$key
lea .LCamellia_SBOX(%rip),$Tbl
mov 0($key),$t1
mov 4($key),$t0
___
&Camellia_Feistel($step++);
&Camellia_Feistel($step++);
$code.=<<___;
xor 0($out),@S[1] # ^KL
xor 4($out),@S[0]
xor 8($out),@S[3]
xor 12($out),@S[2]
___
&Camellia_Feistel($step++);
&Camellia_Feistel($step++);
$code.=<<___;
cmp \$128,$keyend
jne .L2nd256
lea 128($out),$out # size optimization
shl \$32,%r8 # @S[0]||
shl \$32,%r10 # @S[2]||
or %r9,%r8 # ||@S[1]
or %r11,%r10 # ||@S[3]
___
&_loadround (0,$out,-128,"%rax","%rbx"); # KL
&_saveround (2,$out,-128,"%r8","%r10"); # KA<<<0
&_rotl128 ("%rax","%rbx",15);
&_saveround (4,$out,-128,"%rax","%rbx"); # KL<<<15
&_rotl128 ("%r8","%r10",15);
&_saveround (6,$out,-128,"%r8","%r10"); # KA<<<15
&_rotl128 ("%r8","%r10",15); # 15+15=30
&_saveround (8,$out,-128,"%r8","%r10"); # KA<<<30
&_rotl128 ("%rax","%rbx",30); # 15+30=45
&_saveround (10,$out,-128,"%rax","%rbx"); # KL<<<45
&_rotl128 ("%r8","%r10",15); # 30+15=45
&_saveround (12,$out,-128,"%r8"); # KA<<<45
&_rotl128 ("%rax","%rbx",15); # 45+15=60
&_saveround (13,$out,-128,"%rbx"); # KL<<<60
&_rotl128 ("%r8","%r10",15); # 45+15=60
&_saveround (14,$out,-128,"%r8","%r10"); # KA<<<60
&_rotl128 ("%rax","%rbx",17); # 60+17=77
&_saveround (16,$out,-128,"%rax","%rbx"); # KL<<<77
&_rotl128 ("%rax","%rbx",17); # 77+17=94
&_saveround (18,$out,-128,"%rax","%rbx"); # KL<<<94
&_rotl128 ("%r8","%r10",34); # 60+34=94
&_saveround (20,$out,-128,"%r8","%r10"); # KA<<<94
&_rotl128 ("%rax","%rbx",17); # 94+17=111
&_saveround (22,$out,-128,"%rax","%rbx"); # KL<<<111
&_rotl128 ("%r8","%r10",17); # 94+17=111
&_saveround (24,$out,-128,"%r8","%r10"); # KA<<<111
$code.=<<___;
mov \$3,%eax
jmp .Ldone
.align 16
.L2nd256:
___
&_saveround (6,$out,@S); # temp storage for KA!
$code.=<<___;
xor `4*8+0`($out),@S[1] # KA^KR
xor `4*8+4`($out),@S[0]
xor `5*8+0`($out),@S[3]
xor `5*8+4`($out),@S[2]
___
&Camellia_Feistel($step++);
&Camellia_Feistel($step++);
&_loadround (0,$out,"%rax","%rbx"); # KL
&_loadround (4,$out,"%rcx","%rdx"); # KR
&_loadround (6,$out,"%r14","%r15"); # KA
$code.=<<___;
lea 128($out),$out # size optimization
shl \$32,%r8 # @S[0]||
shl \$32,%r10 # @S[2]||
or %r9,%r8 # ||@S[1]
or %r11,%r10 # ||@S[3]
___
&_saveround (2,$out,-128,"%r8","%r10"); # KB<<<0
&_rotl128 ("%rcx","%rdx",15);
&_saveround (4,$out,-128,"%rcx","%rdx"); # KR<<<15
&_rotl128 ("%r14","%r15",15);
&_saveround (6,$out,-128,"%r14","%r15"); # KA<<<15
&_rotl128 ("%rcx","%rdx",15); # 15+15=30
&_saveround (8,$out,-128,"%rcx","%rdx"); # KR<<<30
&_rotl128 ("%r8","%r10",30);
&_saveround (10,$out,-128,"%r8","%r10"); # KB<<<30
&_rotl128 ("%rax","%rbx",45);
&_saveround (12,$out,-128,"%rax","%rbx"); # KL<<<45
&_rotl128 ("%r14","%r15",30); # 15+30=45
&_saveround (14,$out,-128,"%r14","%r15"); # KA<<<45
&_rotl128 ("%rax","%rbx",15); # 45+15=60
&_saveround (16,$out,-128,"%rax","%rbx"); # KL<<<60
&_rotl128 ("%rcx","%rdx",30); # 30+30=60
&_saveround (18,$out,-128,"%rcx","%rdx"); # KR<<<60
&_rotl128 ("%r8","%r10",30); # 30+30=60
&_saveround (20,$out,-128,"%r8","%r10"); # KB<<<60
&_rotl128 ("%rax","%rbx",17); # 60+17=77
&_saveround (22,$out,-128,"%rax","%rbx"); # KL<<<77
&_rotl128 ("%r14","%r15",32); # 45+32=77
&_saveround (24,$out,-128,"%r14","%r15"); # KA<<<77
&_rotl128 ("%rcx","%rdx",34); # 60+34=94
&_saveround (26,$out,-128,"%rcx","%rdx"); # KR<<<94
&_rotl128 ("%r14","%r15",17); # 77+17=94
&_saveround (28,$out,-128,"%r14","%r15"); # KA<<<77
&_rotl128 ("%rax","%rbx",34); # 77+34=111
&_saveround (30,$out,-128,"%rax","%rbx"); # KL<<<111
&_rotl128 ("%r8","%r10",51); # 60+51=111
&_saveround (32,$out,-128,"%r8","%r10"); # KB<<<111
$code.=<<___;
mov \$4,%eax
.Ldone:
mov 0(%rsp),%r15
mov 8(%rsp),%r14
mov 16(%rsp),%r13
mov 24(%rsp),%rbp
mov 32(%rsp),%rbx
lea 40(%rsp),%rsp
.Lkey_epilogue:
ret
.size Camellia_Ekeygen,.-Camellia_Ekeygen
___
}
@SBOX=(
112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77,
139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215,
20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80,
170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148,
135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226,
82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158);
sub S1110 { my $i=shift; $i=@SBOX[$i]; $i=$i<<24|$i<<16|$i<<8; sprintf("0x%08x",$i); }
sub S4404 { my $i=shift; $i=($i<<1|$i>>7)&0xff; $i=@SBOX[$i]; $i=$i<<24|$i<<16|$i; sprintf("0x%08x",$i); }
sub S0222 { my $i=shift; $i=@SBOX[$i]; $i=($i<<1|$i>>7)&0xff; $i=$i<<16|$i<<8|$i; sprintf("0x%08x",$i); }
sub S3033 { my $i=shift; $i=@SBOX[$i]; $i=($i>>1|$i<<7)&0xff; $i=$i<<24|$i<<8|$i; sprintf("0x%08x",$i); }
$code.=<<___;
.section .rodata
.align 64
.LCamellia_SIGMA:
.long 0x3bcc908b, 0xa09e667f, 0x4caa73b2, 0xb67ae858
.long 0xe94f82be, 0xc6ef372f, 0xf1d36f1c, 0x54ff53a5
.long 0xde682d1d, 0x10e527fa, 0xb3e6c1fd, 0xb05688c2
.long 0, 0, 0, 0
.LCamellia_SBOX:
___
# tables are interleaved, remember?
sub data_word { $code.=".long\t".join(',',@_)."\n"; }
for ($i=0;$i<256;$i++) { &data_word(&S1110($i),&S4404($i)); }
for ($i=0;$i<256;$i++) { &data_word(&S0222($i),&S3033($i)); }
# void Camellia_cbc_encrypt (const void char *inp, unsigned char *out,
# size_t length, const CAMELLIA_KEY *key,
# unsigned char *ivp,const int enc);
{
$_key="0(%rsp)";
$_end="8(%rsp)"; # inp+len&~15
$_res="16(%rsp)"; # len&15
$ivec="24(%rsp)";
$_ivp="40(%rsp)";
$_rsp="48(%rsp)";
$code.=<<___;
.text
.globl Camellia_cbc_encrypt
.type Camellia_cbc_encrypt,\@function,6
.align 16
Camellia_cbc_encrypt:
_CET_ENDBR
cmp \$0,%rdx
je .Lcbc_abort
push %rbx
push %rbp
push %r12
push %r13
push %r14
push %r15
.Lcbc_prologue:
mov %rsp,%rbp
sub \$64,%rsp
and \$-64,%rsp
# place stack frame just "above mod 1024" the key schedule,
# this ensures that cache associativity suffices
lea -64-63(%rcx),%r10
sub %rsp,%r10
neg %r10
and \$0x3C0,%r10
sub %r10,%rsp
#add \$8,%rsp # 8 is reserved for callee's ra
mov %rdi,$inp # inp argument
mov %rsi,$out # out argument
mov %r8,%rbx # ivp argument
mov %rcx,$key # key argument
mov 272(%rcx),${keyend}d # grandRounds
mov %r8,$_ivp
mov %rbp,$_rsp
.Lcbc_body:
lea .LCamellia_SBOX(%rip),$Tbl
mov \$32,%ecx
.align 4
.Lcbc_prefetch_sbox:
mov 0($Tbl),%rax
mov 32($Tbl),%rsi
mov 64($Tbl),%rdi
mov 96($Tbl),%r11
lea 128($Tbl),$Tbl
loop .Lcbc_prefetch_sbox
sub \$4096,$Tbl
shl \$6,$keyend
mov %rdx,%rcx # len argument
lea ($key,$keyend),$keyend
cmp \$0,%r9d # enc argument
je .LCBC_DECRYPT
and \$-16,%rdx
and \$15,%rcx # length residue
lea ($inp,%rdx),%rdx
mov $key,$_key
mov %rdx,$_end
mov %rcx,$_res
cmp $inp,%rdx
mov 0(%rbx),@S[0] # load IV
mov 4(%rbx),@S[1]
mov 8(%rbx),@S[2]
mov 12(%rbx),@S[3]
je .Lcbc_enc_tail
jmp .Lcbc_eloop
.align 16
.Lcbc_eloop:
xor 0($inp),@S[0]
xor 4($inp),@S[1]
xor 8($inp),@S[2]
bswap @S[0]
xor 12($inp),@S[3]
bswap @S[1]
bswap @S[2]
bswap @S[3]
call _x86_64_Camellia_encrypt
mov $_key,$key # "rewind" the key
bswap @S[0]
mov $_end,%rdx
bswap @S[1]
mov $_res,%rcx
bswap @S[2]
mov @S[0],0($out)
bswap @S[3]
mov @S[1],4($out)
mov @S[2],8($out)
lea 16($inp),$inp
mov @S[3],12($out)
cmp %rdx,$inp
lea 16($out),$out
jne .Lcbc_eloop
cmp \$0,%rcx
jne .Lcbc_enc_tail
mov $_ivp,$out
mov @S[0],0($out) # write out IV residue
mov @S[1],4($out)
mov @S[2],8($out)
mov @S[3],12($out)
jmp .Lcbc_done
.align 16
.Lcbc_enc_tail:
xor %rax,%rax
mov %rax,0+$ivec
mov %rax,8+$ivec
mov %rax,$_res
.Lcbc_enc_pushf:
pushfq
cld
mov $inp,%rsi
lea 8+$ivec,%rdi
.long 0x9066A4F3 # rep movsb
popfq
.Lcbc_enc_popf:
lea $ivec,$inp
lea 16+$ivec,%rax
mov %rax,$_end
jmp .Lcbc_eloop # one more time
.align 16
.LCBC_DECRYPT:
xchg $key,$keyend
add \$15,%rdx
and \$15,%rcx # length residue
and \$-16,%rdx
mov $key,$_key
lea ($inp,%rdx),%rdx
mov %rdx,$_end
mov %rcx,$_res
mov (%rbx),%rax # load IV
mov 8(%rbx),%rbx
jmp .Lcbc_dloop
.align 16
.Lcbc_dloop:
mov 0($inp),@S[0]
mov 4($inp),@S[1]
mov 8($inp),@S[2]
bswap @S[0]
mov 12($inp),@S[3]
bswap @S[1]
mov %rax,0+$ivec # save IV to temporary storage
bswap @S[2]
mov %rbx,8+$ivec
bswap @S[3]
call _x86_64_Camellia_decrypt
mov $_key,$key # "rewind" the key
mov $_end,%rdx
mov $_res,%rcx
bswap @S[0]
mov ($inp),%rax # load IV for next iteration
bswap @S[1]
mov 8($inp),%rbx
bswap @S[2]
xor 0+$ivec,@S[0]
bswap @S[3]
xor 4+$ivec,@S[1]
xor 8+$ivec,@S[2]
lea 16($inp),$inp
xor 12+$ivec,@S[3]
cmp %rdx,$inp
je .Lcbc_ddone
mov @S[0],0($out)
mov @S[1],4($out)
mov @S[2],8($out)
mov @S[3],12($out)
lea 16($out),$out
jmp .Lcbc_dloop
.align 16
.Lcbc_ddone:
mov $_ivp,%rdx
cmp \$0,%rcx
jne .Lcbc_dec_tail
mov @S[0],0($out)
mov @S[1],4($out)
mov @S[2],8($out)
mov @S[3],12($out)
mov %rax,(%rdx) # write out IV residue
mov %rbx,8(%rdx)
jmp .Lcbc_done
.align 16
.Lcbc_dec_tail:
mov @S[0],0+$ivec
mov @S[1],4+$ivec
mov @S[2],8+$ivec
mov @S[3],12+$ivec
.Lcbc_dec_pushf:
pushfq
cld
lea 8+$ivec,%rsi
lea ($out),%rdi
.long 0x9066A4F3 # rep movsb
popfq
.Lcbc_dec_popf:
mov %rax,(%rdx) # write out IV residue
mov %rbx,8(%rdx)
jmp .Lcbc_done
.align 16
.Lcbc_done:
mov $_rsp,%rcx
mov 0(%rcx),%r15
mov 8(%rcx),%r14
mov 16(%rcx),%r13
mov 24(%rcx),%r12
mov 32(%rcx),%rbp
mov 40(%rcx),%rbx
lea 48(%rcx),%rsp
.Lcbc_abort:
ret
.size Camellia_cbc_encrypt,.-Camellia_cbc_encrypt
___
}
$code =~ s/\`([^\`]*)\`/eval $1/gem;
print $code;
close STDOUT;

126
lib/libcrypto/camellia/camellia.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: camellia.c,v 1.12 2022/11/26 16:08:51 tb Exp $ */
/* $OpenBSD: camellia.c,v 1.13 2024/03/29 07:26:21 jsing Exp $ */
/* ====================================================================
* Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
* ALL RIGHTS RESERVED.
@ -84,10 +84,25 @@
#include <stdlib.h>
#include <string.h>
#include <openssl/camellia.h>
#include <openssl/opensslconf.h>
#include "cmll_local.h"
#include <openssl/camellia.h>
#include <openssl/modes.h>
typedef unsigned int u32;
typedef unsigned char u8;
int Camellia_Ekeygen(int keyBitLength, const u8 *rawKey,
KEY_TABLE_TYPE keyTable);
void Camellia_EncryptBlock_Rounds(int grandRounds, const u8 plaintext[],
const KEY_TABLE_TYPE keyTable, u8 ciphertext[]);
void Camellia_DecryptBlock_Rounds(int grandRounds, const u8 ciphertext[],
const KEY_TABLE_TYPE keyTable, u8 plaintext[]);
void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[],
const KEY_TABLE_TYPE keyTable, u8 ciphertext[]);
void Camellia_DecryptBlock(int keyBitLength, const u8 ciphertext[],
const KEY_TABLE_TYPE keyTable, u8 plaintext[]);
/* 32-bit rotations */
#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
@ -564,3 +579,108 @@ Camellia_DecryptBlock(int keyBitLength, const u8 plaintext[],
Camellia_DecryptBlock_Rounds(keyBitLength == 128 ? 3 : 4,
plaintext, keyTable, ciphertext);
}
int
Camellia_set_key(const unsigned char *userKey, const int bits,
CAMELLIA_KEY *key)
{
if (userKey == NULL || key == NULL)
return -1;
if (bits != 128 && bits != 192 && bits != 256)
return -2;
key->grand_rounds = Camellia_Ekeygen(bits, userKey, key->u.rd_key);
return 0;
}
void
Camellia_encrypt(const unsigned char *in, unsigned char *out,
const CAMELLIA_KEY *key)
{
Camellia_EncryptBlock_Rounds(key->grand_rounds, in, key->u.rd_key, out);
}
void
Camellia_decrypt(const unsigned char *in, unsigned char *out,
const CAMELLIA_KEY *key)
{
Camellia_DecryptBlock_Rounds(key->grand_rounds, in, key->u.rd_key, out);
}
void
Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len,
const CAMELLIA_KEY *key, unsigned char *ivec, const int enc)
{
if (enc)
CRYPTO_cbc128_encrypt(in, out, len, key, ivec,
(block128_f)Camellia_encrypt);
else
CRYPTO_cbc128_decrypt(in, out, len, key, ivec,
(block128_f)Camellia_decrypt);
}
/*
* The input and output encrypted as though 128bit cfb mode is being
* used. The extra state information to record how much of the
* 128bit block we have used is contained in *num;
*/
void
Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num,
const int enc)
{
CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
(block128_f)Camellia_encrypt);
}
/* N.B. This expects the input to be packed, MS bit first */
void
Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num,
const int enc)
{
CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc,
(block128_f)Camellia_encrypt);
}
void
Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num,
const int enc)
{
CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc,
(block128_f)Camellia_encrypt);
}
void
Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const CAMELLIA_KEY *key,
unsigned char ivec[CAMELLIA_BLOCK_SIZE],
unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE], unsigned int *num)
{
CRYPTO_ctr128_encrypt(in, out, length, key, ivec, ecount_buf, num,
(block128_f)Camellia_encrypt);
}
void
Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
const CAMELLIA_KEY *key, const int enc)
{
if (CAMELLIA_ENCRYPT == enc)
Camellia_encrypt(in, out, key);
else
Camellia_decrypt(in, out, key);
}
/*
* The input and output encrypted as though 128bit ofb mode is being
* used. The extra state information to record how much of the
* 128bit block we have used is contained in *num;
*/
void
Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num)
{
CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num,
(block128_f)Camellia_encrypt);
}

65
lib/libcrypto/camellia/cmll_cbc.c
View file

@ -1,65 +0,0 @@
/* $OpenBSD: cmll_cbc.c,v 1.4 2014/11/13 20:01:58 miod Exp $ */
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#include <openssl/camellia.h>
#include <openssl/modes.h>
void
Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len,
const CAMELLIA_KEY *key, unsigned char *ivec, const int enc)
{
if (enc)
CRYPTO_cbc128_encrypt(in, out, len, key, ivec,
(block128_f)Camellia_encrypt);
else
CRYPTO_cbc128_decrypt(in, out, len, key, ivec,
(block128_f)Camellia_decrypt);
}

144
lib/libcrypto/camellia/cmll_cfb.c
View file

@ -1,144 +0,0 @@
/* $OpenBSD: cmll_cfb.c,v 1.4 2014/11/13 20:01:58 miod Exp $ */
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <openssl/camellia.h>
#include <openssl/modes.h>
/*
* The input and output encrypted as though 128bit cfb mode is being
* used. The extra state information to record how much of the
* 128bit block we have used is contained in *num;
*/
void
Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num,
const int enc)
{
CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
(block128_f)Camellia_encrypt);
}
/* N.B. This expects the input to be packed, MS bit first */
void
Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num,
const int enc)
{
CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc,
(block128_f)Camellia_encrypt);
}
void
Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num,
const int enc)
{
CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc,
(block128_f)Camellia_encrypt);
}

63
lib/libcrypto/camellia/cmll_ctr.c
View file

@ -1,63 +0,0 @@
/* $OpenBSD: cmll_ctr.c,v 1.4 2014/11/13 20:01:58 miod Exp $ */
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#include <openssl/camellia.h>
#include <openssl/modes.h>
void
Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const CAMELLIA_KEY *key,
unsigned char ivec[CAMELLIA_BLOCK_SIZE],
unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE], unsigned int *num)
{
CRYPTO_ctr128_encrypt(in, out, length, key, ivec, ecount_buf, num,
(block128_f)Camellia_encrypt);
}

64
lib/libcrypto/camellia/cmll_ecb.c
View file

@ -1,64 +0,0 @@
/* $OpenBSD: cmll_ecb.c,v 1.7 2023/09/04 08:43:41 tb Exp $ */
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#include <openssl/camellia.h>
#include "cmll_local.h"
void
Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
const CAMELLIA_KEY *key, const int enc)
{
if (CAMELLIA_ENCRYPT == enc)
Camellia_encrypt(in, out, key);
else
Camellia_decrypt(in, out, key);
}

91
lib/libcrypto/camellia/cmll_local.h
View file

@ -1,91 +0,0 @@
/* $OpenBSD: cmll_local.h,v 1.3 2023/09/04 08:43:41 tb Exp $ */
/* ====================================================================
* Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
* ALL RIGHTS RESERVED.
*
* Intellectual Property information for Camellia:
* http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
*
* News Release for Announcement of Camellia open source:
* http://www.ntt.co.jp/news/news06e/0604/060413a.html
*
* The Camellia Code included herein is developed by
* NTT (Nippon Telegraph and Telephone Corporation), and is contributed
* to the OpenSSL project.
*
* The Camellia Code is licensed pursuant to the OpenSSL open source
* license provided below.
*/
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#ifndef HEADER_CAMELLIA_LOCAL_H
#define HEADER_CAMELLIA_LOCAL_H
#include <sys/types.h>
__BEGIN_HIDDEN_DECLS
typedef unsigned int u32;
typedef unsigned char u8;
int Camellia_Ekeygen(int keyBitLength, const u8 *rawKey,
KEY_TABLE_TYPE keyTable);
void Camellia_EncryptBlock_Rounds(int grandRounds, const u8 plaintext[],
const KEY_TABLE_TYPE keyTable, u8 ciphertext[]);
void Camellia_DecryptBlock_Rounds(int grandRounds, const u8 ciphertext[],
const KEY_TABLE_TYPE keyTable, u8 plaintext[]);
void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[],
const KEY_TABLE_TYPE keyTable, u8 ciphertext[]);
void Camellia_DecryptBlock(int keyBitLength, const u8 ciphertext[],
const KEY_TABLE_TYPE keyTable, u8 plaintext[]);
__END_HIDDEN_DECLS
#endif /* !HEADER_CAMELLIA_LOCAL_H */

81
lib/libcrypto/camellia/cmll_misc.c
View file

@ -1,81 +0,0 @@
/* $OpenBSD: cmll_misc.c,v 1.7 2022/11/26 16:08:51 tb Exp $ */
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#include <openssl/opensslv.h>
#include <openssl/crypto.h>
#include <openssl/camellia.h>
#include "cmll_local.h"
int
Camellia_set_key(const unsigned char *userKey, const int bits,
CAMELLIA_KEY *key)
{
if (userKey == NULL || key == NULL)
return -1;
if (bits != 128 && bits != 192 && bits != 256)
return -2;
key->grand_rounds = Camellia_Ekeygen(bits, userKey, key->u.rd_key);
return 0;
}
void
Camellia_encrypt(const unsigned char *in, unsigned char *out,
const CAMELLIA_KEY *key)
{
Camellia_EncryptBlock_Rounds(key->grand_rounds, in, key->u.rd_key, out);
}
void
Camellia_decrypt(const unsigned char *in, unsigned char *out,
const CAMELLIA_KEY *key)
{
Camellia_DecryptBlock_Rounds(key->grand_rounds, in, key->u.rd_key, out);
}

122
lib/libcrypto/camellia/cmll_ofb.c
View file

@ -1,122 +0,0 @@
/* $OpenBSD: cmll_ofb.c,v 1.4 2014/11/13 20:01:58 miod Exp $ */
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <openssl/camellia.h>
#include <openssl/modes.h>
/*
* The input and output encrypted as though 128bit ofb mode is being
* used. The extra state information to record how much of the
* 128bit block we have used is contained in *num;
*/
void
Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num)
{
CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num,
(block128_f)Camellia_encrypt);
}

124
lib/libcrypto/cast/c_cfb64.c
View file

@ -1,124 +0,0 @@
/* $OpenBSD: c_cfb64.c,v 1.8 2023/07/08 10:43:59 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <openssl/cast.h>
#include "cast_local.h"
/* The input and output encrypted as though 64bit cfb mode is being
* used. The extra state information to record how much of the
* 64bit block we have used is contained in *num;
*/
void
CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
long length, const CAST_KEY *schedule, unsigned char *ivec,
int *num, int enc)
{
CAST_LONG v0, v1, t;
int n= *num;
long l = length;
CAST_LONG ti[2];
unsigned char *iv, c, cc;
iv = ivec;
if (enc) {
while (l--) {
if (n == 0) {
n2l(iv, v0);
ti[0] = v0;
n2l(iv, v1);
ti[1] = v1;
CAST_encrypt((CAST_LONG *)ti, schedule);
iv = ivec;
t = ti[0];
l2n(t, iv);
t = ti[1];
l2n(t, iv);
iv = ivec;
}
c= *(in++)^iv[n];
*(out++) = c;
iv[n] = c;
n = (n + 1)&0x07;
}
} else {
while (l--) {
if (n == 0) {
n2l(iv, v0);
ti[0] = v0;
n2l(iv, v1);
ti[1] = v1;
CAST_encrypt((CAST_LONG *)ti, schedule);
iv = ivec;
t = ti[0];
l2n(t, iv);
t = ti[1];
l2n(t, iv);
iv = ivec;
}
cc= *(in++);
c = iv[n];
iv[n] = cc;
*(out++) = c^cc;
n = (n + 1)&0x07;
}
}
v0 = v1 = ti[0] = ti[1] = t=c = cc = 0;
*num = n;
}
LCRYPTO_ALIAS(CAST_cfb64_encrypt);

83
lib/libcrypto/cast/c_ecb.c
View file

@ -1,83 +0,0 @@
/* $OpenBSD: c_ecb.c,v 1.10 2023/07/08 10:43:59 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <openssl/cast.h>
#include "cast_local.h"
#include <openssl/opensslv.h>
void
CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
const CAST_KEY *ks, int enc)
{
CAST_LONG l, d[2];
n2l(in, l);
d[0] = l;
n2l(in, l);
d[1] = l;
if (enc)
CAST_encrypt(d, ks);
else
CAST_decrypt(d, ks);
l = d[0];
l2n(l, out);
l = d[1];
l2n(l, out);
l = d[0] = d[1] = 0;
}
LCRYPTO_ALIAS(CAST_ecb_encrypt);

207
lib/libcrypto/cast/c_enc.c
View file

@ -1,207 +0,0 @@
/* $OpenBSD: c_enc.c,v 1.10 2023/07/08 10:43:59 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <openssl/cast.h>
#include "cast_local.h"
#ifndef OPENBSD_CAST_ASM
void
CAST_encrypt(CAST_LONG *data, const CAST_KEY *key)
{
CAST_LONG l, r, t;
const CAST_LONG *k;
k = &(key->data[0]);
l = data[0];
r = data[1];
E_CAST( 0, k,l, r,+,^, -);
E_CAST( 1, k,r, l,^, -,+);
E_CAST( 2, k,l, r, -,+,^);
E_CAST( 3, k,r, l,+,^, -);
E_CAST( 4, k,l, r,^, -,+);
E_CAST( 5, k,r, l, -,+,^);
E_CAST( 6, k,l, r,+,^, -);
E_CAST( 7, k,r, l,^, -,+);
E_CAST( 8, k,l, r, -,+,^);
E_CAST( 9, k,r, l,+,^, -);
E_CAST(10, k,l, r,^, -,+);
E_CAST(11, k,r, l, -,+,^);
if (!key->short_key) {
E_CAST(12, k,l, r,+,^, -);
E_CAST(13, k,r, l,^, -,+);
E_CAST(14, k,l, r, -,+,^);
E_CAST(15, k,r, l,+,^, -);
}
data[1] = l&0xffffffffL;
data[0] = r&0xffffffffL;
}
LCRYPTO_ALIAS(CAST_encrypt);
void
CAST_decrypt(CAST_LONG *data, const CAST_KEY *key)
{
CAST_LONG l, r, t;
const CAST_LONG *k;
k = &(key->data[0]);
l = data[0];
r = data[1];
if (!key->short_key) {
E_CAST(15, k,l, r,+,^, -);
E_CAST(14, k,r, l, -,+,^);
E_CAST(13, k,l, r,^, -,+);
E_CAST(12, k,r, l,+,^, -);
}
E_CAST(11, k,l, r, -,+,^);
E_CAST(10, k,r, l,^, -,+);
E_CAST( 9, k,l, r,+,^, -);
E_CAST( 8, k,r, l, -,+,^);
E_CAST( 7, k,l, r,^, -,+);
E_CAST( 6, k,r, l,+,^, -);
E_CAST( 5, k,l, r, -,+,^);
E_CAST( 4, k,r, l,^, -,+);
E_CAST( 3, k,l, r,+,^, -);
E_CAST( 2, k,r, l, -,+,^);
E_CAST( 1, k,l, r,^, -,+);
E_CAST( 0, k,r, l,+,^, -);
data[1] = l&0xffffffffL;
data[0] = r&0xffffffffL;
}
LCRYPTO_ALIAS(CAST_decrypt);
#endif
void
CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
const CAST_KEY *ks, unsigned char *iv, int enc)
{
CAST_LONG tin0, tin1;
CAST_LONG tout0, tout1, xor0, xor1;
long l = length;
CAST_LONG tin[2];
if (enc) {
n2l(iv, tout0);
n2l(iv, tout1);
iv -= 8;
for (l -= 8; l >= 0; l -= 8) {
n2l(in, tin0);
n2l(in, tin1);
tin0 ^= tout0;
tin1 ^= tout1;
tin[0] = tin0;
tin[1] = tin1;
CAST_encrypt(tin, ks);
tout0 = tin[0];
tout1 = tin[1];
l2n(tout0, out);
l2n(tout1, out);
}
if (l != -8) {
n2ln(in, tin0, tin1, l + 8);
tin0 ^= tout0;
tin1 ^= tout1;
tin[0] = tin0;
tin[1] = tin1;
CAST_encrypt(tin, ks);
tout0 = tin[0];
tout1 = tin[1];
l2n(tout0, out);
l2n(tout1, out);
}
l2n(tout0, iv);
l2n(tout1, iv);
} else {
n2l(iv, xor0);
n2l(iv, xor1);
iv -= 8;
for (l -= 8; l >= 0; l -= 8) {
n2l(in, tin0);
n2l(in, tin1);
tin[0] = tin0;
tin[1] = tin1;
CAST_decrypt(tin, ks);
tout0 = tin[0]^xor0;
tout1 = tin[1]^xor1;
l2n(tout0, out);
l2n(tout1, out);
xor0 = tin0;
xor1 = tin1;
}
if (l != -8) {
n2l(in, tin0);
n2l(in, tin1);
tin[0] = tin0;
tin[1] = tin1;
CAST_decrypt(tin, ks);
tout0 = tin[0]^xor0;
tout1 = tin[1]^xor1;
l2nn(tout0, tout1, out, l + 8);
xor0 = tin0;
xor1 = tin1;
}
l2n(xor0, iv);
l2n(xor1, iv);
}
tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
tin[0] = tin[1] = 0;
}
LCRYPTO_ALIAS(CAST_cbc_encrypt);

111
lib/libcrypto/cast/c_ofb64.c
View file

@ -1,111 +0,0 @@
/* $OpenBSD: c_ofb64.c,v 1.8 2023/07/08 10:43:59 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <openssl/cast.h>
#include "cast_local.h"
/* The input and output encrypted as though 64bit ofb mode is being
* used. The extra state information to record how much of the
* 64bit block we have used is contained in *num;
*/
void
CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
long length, const CAST_KEY *schedule, unsigned char *ivec,
int *num)
{
CAST_LONG v0, v1, t;
int n= *num;
long l = length;
unsigned char d[8];
char *dp;
CAST_LONG ti[2];
unsigned char *iv;
int save = 0;
iv = ivec;
n2l(iv, v0);
n2l(iv, v1);
ti[0] = v0;
ti[1] = v1;
dp = (char *)d;
l2n(v0, dp);
l2n(v1, dp);
while (l--) {
if (n == 0) {
CAST_encrypt((CAST_LONG *)ti, schedule);
dp = (char *)d;
t = ti[0];
l2n(t, dp);
t = ti[1];
l2n(t, dp);
save++;
}
*(out++)= *(in++)^d[n];
n = (n + 1)&0x07;
}
if (save) {
v0 = ti[0];
v1 = ti[1];
iv = ivec;
l2n(v0, iv);
l2n(v1, iv);
}
t = v0 = v1 = ti[0] = ti[1] = 0;
*num = n;
}
LCRYPTO_ALIAS(CAST_ofb64_encrypt);

169
lib/libcrypto/cast/c_skey.c
View file

@ -1,169 +0,0 @@
/* $OpenBSD: c_skey.c,v 1.14 2023/07/08 10:43:59 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <openssl/crypto.h>
#include <openssl/cast.h>
#include "cast_local.h"
#include "cast_s.h"
#define CAST_exp(l,A,a,n) \
A[n/4]=l; \
a[n+3]=(l )&0xff; \
a[n+2]=(l>> 8)&0xff; \
a[n+1]=(l>>16)&0xff; \
a[n+0]=(l>>24)&0xff;
#define S4 CAST_S_table4
#define S5 CAST_S_table5
#define S6 CAST_S_table6
#define S7 CAST_S_table7
void
CAST_set_key(CAST_KEY *key, int len, const unsigned char *data)
{
CAST_LONG x[16];
CAST_LONG z[16];
CAST_LONG k[32];
CAST_LONG X[4], Z[4];
CAST_LONG l, *K;
int i;
for (i = 0;
i < 16;
i++) x[i] = 0;
if (len > 16)
len = 16;
for (i = 0; i < len; i++)
x[i] = data[i];
if (len <= 10)
key->short_key = 1;
else
key->short_key = 0;
K = &k[0];
X[0] = ((x[ 0]<<24)|(x[ 1]<<16)|(x[ 2]<<8)|x[ 3])&0xffffffffL;
X[1] = ((x[ 4]<<24)|(x[ 5]<<16)|(x[ 6]<<8)|x[ 7])&0xffffffffL;
X[2] = ((x[ 8]<<24)|(x[ 9]<<16)|(x[10]<<8)|x[11])&0xffffffffL;
X[3] = ((x[12]<<24)|(x[13]<<16)|(x[14]<<8)|x[15])&0xffffffffL;
for (;;) {
l = X[0]^S4[x[13]]^S5[x[15]]^S6[x[12]]^S7[x[14]]^S6[x[ 8]];
CAST_exp(l, Z, z, 0);
l = X[2]^S4[z[ 0]]^S5[z[ 2]]^S6[z[ 1]]^S7[z[ 3]]^S7[x[10]];
CAST_exp(l, Z, z, 4);
l = X[3]^S4[z[ 7]]^S5[z[ 6]]^S6[z[ 5]]^S7[z[ 4]]^S4[x[ 9]];
CAST_exp(l, Z, z, 8);
l = X[1]^S4[z[10]]^S5[z[ 9]]^S6[z[11]]^S7[z[ 8]]^S5[x[11]];
CAST_exp(l, Z,z, 12);
K[0] = S4[z[ 8]]^S5[z[ 9]]^S6[z[ 7]]^S7[z[ 6]]^S4[z[ 2]];
K[1] = S4[z[10]]^S5[z[11]]^S6[z[ 5]]^S7[z[ 4]]^S5[z[ 6]];
K[2] = S4[z[12]]^S5[z[13]]^S6[z[ 3]]^S7[z[ 2]]^S6[z[ 9]];
K[3] = S4[z[14]]^S5[z[15]]^S6[z[ 1]]^S7[z[ 0]]^S7[z[12]];
l = Z[2]^S4[z[ 5]]^S5[z[ 7]]^S6[z[ 4]]^S7[z[ 6]]^S6[z[ 0]];
CAST_exp(l, X, x, 0);
l = Z[0]^S4[x[ 0]]^S5[x[ 2]]^S6[x[ 1]]^S7[x[ 3]]^S7[z[ 2]];
CAST_exp(l, X, x, 4);
l = Z[1]^S4[x[ 7]]^S5[x[ 6]]^S6[x[ 5]]^S7[x[ 4]]^S4[z[ 1]];
CAST_exp(l, X, x, 8);
l = Z[3]^S4[x[10]]^S5[x[ 9]]^S6[x[11]]^S7[x[ 8]]^S5[z[ 3]];
CAST_exp(l, X,x, 12);
K[4] = S4[x[ 3]]^S5[x[ 2]]^S6[x[12]]^S7[x[13]]^S4[x[ 8]];
K[5] = S4[x[ 1]]^S5[x[ 0]]^S6[x[14]]^S7[x[15]]^S5[x[13]];
K[6] = S4[x[ 7]]^S5[x[ 6]]^S6[x[ 8]]^S7[x[ 9]]^S6[x[ 3]];
K[7] = S4[x[ 5]]^S5[x[ 4]]^S6[x[10]]^S7[x[11]]^S7[x[ 7]];
l = X[0]^S4[x[13]]^S5[x[15]]^S6[x[12]]^S7[x[14]]^S6[x[ 8]];
CAST_exp(l, Z, z, 0);
l = X[2]^S4[z[ 0]]^S5[z[ 2]]^S6[z[ 1]]^S7[z[ 3]]^S7[x[10]];
CAST_exp(l, Z, z, 4);
l = X[3]^S4[z[ 7]]^S5[z[ 6]]^S6[z[ 5]]^S7[z[ 4]]^S4[x[ 9]];
CAST_exp(l, Z, z, 8);
l = X[1]^S4[z[10]]^S5[z[ 9]]^S6[z[11]]^S7[z[ 8]]^S5[x[11]];
CAST_exp(l, Z,z, 12);
K[8] = S4[z[ 3]]^S5[z[ 2]]^S6[z[12]]^S7[z[13]]^S4[z[ 9]];
K[9] = S4[z[ 1]]^S5[z[ 0]]^S6[z[14]]^S7[z[15]]^S5[z[12]];
K[10] = S4[z[ 7]]^S5[z[ 6]]^S6[z[ 8]]^S7[z[ 9]]^S6[z[ 2]];
K[11] = S4[z[ 5]]^S5[z[ 4]]^S6[z[10]]^S7[z[11]]^S7[z[ 6]];
l = Z[2]^S4[z[ 5]]^S5[z[ 7]]^S6[z[ 4]]^S7[z[ 6]]^S6[z[ 0]];
CAST_exp(l, X, x, 0);
l = Z[0]^S4[x[ 0]]^S5[x[ 2]]^S6[x[ 1]]^S7[x[ 3]]^S7[z[ 2]];
CAST_exp(l, X, x, 4);
l = Z[1]^S4[x[ 7]]^S5[x[ 6]]^S6[x[ 5]]^S7[x[ 4]]^S4[z[ 1]];
CAST_exp(l, X, x, 8);
l = Z[3]^S4[x[10]]^S5[x[ 9]]^S6[x[11]]^S7[x[ 8]]^S5[z[ 3]];
CAST_exp(l, X,x, 12);
K[12] = S4[x[ 8]]^S5[x[ 9]]^S6[x[ 7]]^S7[x[ 6]]^S4[x[ 3]];
K[13] = S4[x[10]]^S5[x[11]]^S6[x[ 5]]^S7[x[ 4]]^S5[x[ 7]];
K[14] = S4[x[12]]^S5[x[13]]^S6[x[ 3]]^S7[x[ 2]]^S6[x[ 8]];
K[15] = S4[x[14]]^S5[x[15]]^S6[x[ 1]]^S7[x[ 0]]^S7[x[13]];
if (K != k)
break;
K += 16;
}
for (i = 0; i < 16; i++) {
key->data[i*2] = k[i];
key->data[i*2 + 1] = ((k[i + 16]) + 16)&0x1f;
}
}
LCRYPTO_ALIAS(CAST_set_key);

399
lib/libcrypto/cast/cast_s.h → lib/libcrypto/cast/cast.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: cast_s.h,v 1.7 2023/07/08 07:25:43 jsing Exp $ */
/* $OpenBSD: cast.c,v 1.1 2024/03/29 07:36:38 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -56,7 +56,9 @@
* [including the GNU Public Licence.]
*/
__BEGIN_HIDDEN_DECLS
#include <openssl/cast.h>
#include "cast_local.h"
const CAST_LONG CAST_S_table0[256] = {
0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a,
@ -587,4 +589,395 @@ const CAST_LONG CAST_S_table7[256] = {
0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e,
};
__END_HIDDEN_DECLS
#ifndef OPENBSD_CAST_ASM
void
CAST_encrypt(CAST_LONG *data, const CAST_KEY *key)
{
CAST_LONG l, r, t;
const CAST_LONG *k;
k = &(key->data[0]);
l = data[0];
r = data[1];
E_CAST( 0, k,l, r,+,^, -);
E_CAST( 1, k,r, l,^, -,+);
E_CAST( 2, k,l, r, -,+,^);
E_CAST( 3, k,r, l,+,^, -);
E_CAST( 4, k,l, r,^, -,+);
E_CAST( 5, k,r, l, -,+,^);
E_CAST( 6, k,l, r,+,^, -);
E_CAST( 7, k,r, l,^, -,+);
E_CAST( 8, k,l, r, -,+,^);
E_CAST( 9, k,r, l,+,^, -);
E_CAST(10, k,l, r,^, -,+);
E_CAST(11, k,r, l, -,+,^);
if (!key->short_key) {
E_CAST(12, k,l, r,+,^, -);
E_CAST(13, k,r, l,^, -,+);
E_CAST(14, k,l, r, -,+,^);
E_CAST(15, k,r, l,+,^, -);
}
data[1] = l&0xffffffffL;
data[0] = r&0xffffffffL;
}
LCRYPTO_ALIAS(CAST_encrypt);
void
CAST_decrypt(CAST_LONG *data, const CAST_KEY *key)
{
CAST_LONG l, r, t;
const CAST_LONG *k;
k = &(key->data[0]);
l = data[0];
r = data[1];
if (!key->short_key) {
E_CAST(15, k,l, r,+,^, -);
E_CAST(14, k,r, l, -,+,^);
E_CAST(13, k,l, r,^, -,+);
E_CAST(12, k,r, l,+,^, -);
}
E_CAST(11, k,l, r, -,+,^);
E_CAST(10, k,r, l,^, -,+);
E_CAST( 9, k,l, r,+,^, -);
E_CAST( 8, k,r, l, -,+,^);
E_CAST( 7, k,l, r,^, -,+);
E_CAST( 6, k,r, l,+,^, -);
E_CAST( 5, k,l, r, -,+,^);
E_CAST( 4, k,r, l,^, -,+);
E_CAST( 3, k,l, r,+,^, -);
E_CAST( 2, k,r, l, -,+,^);
E_CAST( 1, k,l, r,^, -,+);
E_CAST( 0, k,r, l,+,^, -);
data[1] = l&0xffffffffL;
data[0] = r&0xffffffffL;
}
LCRYPTO_ALIAS(CAST_decrypt);
#endif
#define CAST_exp(l,A,a,n) \
A[n/4]=l; \
a[n+3]=(l )&0xff; \
a[n+2]=(l>> 8)&0xff; \
a[n+1]=(l>>16)&0xff; \
a[n+0]=(l>>24)&0xff;
#define S4 CAST_S_table4
#define S5 CAST_S_table5
#define S6 CAST_S_table6
#define S7 CAST_S_table7
void
CAST_set_key(CAST_KEY *key, int len, const unsigned char *data)
{
CAST_LONG x[16];
CAST_LONG z[16];
CAST_LONG k[32];
CAST_LONG X[4], Z[4];
CAST_LONG l, *K;
int i;
for (i = 0;
i < 16;
i++) x[i] = 0;
if (len > 16)
len = 16;
for (i = 0; i < len; i++)
x[i] = data[i];
if (len <= 10)
key->short_key = 1;
else
key->short_key = 0;
K = &k[0];
X[0] = ((x[ 0]<<24)|(x[ 1]<<16)|(x[ 2]<<8)|x[ 3])&0xffffffffL;
X[1] = ((x[ 4]<<24)|(x[ 5]<<16)|(x[ 6]<<8)|x[ 7])&0xffffffffL;
X[2] = ((x[ 8]<<24)|(x[ 9]<<16)|(x[10]<<8)|x[11])&0xffffffffL;
X[3] = ((x[12]<<24)|(x[13]<<16)|(x[14]<<8)|x[15])&0xffffffffL;
for (;;) {
l = X[0]^S4[x[13]]^S5[x[15]]^S6[x[12]]^S7[x[14]]^S6[x[ 8]];
CAST_exp(l, Z, z, 0);
l = X[2]^S4[z[ 0]]^S5[z[ 2]]^S6[z[ 1]]^S7[z[ 3]]^S7[x[10]];
CAST_exp(l, Z, z, 4);
l = X[3]^S4[z[ 7]]^S5[z[ 6]]^S6[z[ 5]]^S7[z[ 4]]^S4[x[ 9]];
CAST_exp(l, Z, z, 8);
l = X[1]^S4[z[10]]^S5[z[ 9]]^S6[z[11]]^S7[z[ 8]]^S5[x[11]];
CAST_exp(l, Z,z, 12);
K[0] = S4[z[ 8]]^S5[z[ 9]]^S6[z[ 7]]^S7[z[ 6]]^S4[z[ 2]];
K[1] = S4[z[10]]^S5[z[11]]^S6[z[ 5]]^S7[z[ 4]]^S5[z[ 6]];
K[2] = S4[z[12]]^S5[z[13]]^S6[z[ 3]]^S7[z[ 2]]^S6[z[ 9]];
K[3] = S4[z[14]]^S5[z[15]]^S6[z[ 1]]^S7[z[ 0]]^S7[z[12]];
l = Z[2]^S4[z[ 5]]^S5[z[ 7]]^S6[z[ 4]]^S7[z[ 6]]^S6[z[ 0]];
CAST_exp(l, X, x, 0);
l = Z[0]^S4[x[ 0]]^S5[x[ 2]]^S6[x[ 1]]^S7[x[ 3]]^S7[z[ 2]];
CAST_exp(l, X, x, 4);
l = Z[1]^S4[x[ 7]]^S5[x[ 6]]^S6[x[ 5]]^S7[x[ 4]]^S4[z[ 1]];
CAST_exp(l, X, x, 8);
l = Z[3]^S4[x[10]]^S5[x[ 9]]^S6[x[11]]^S7[x[ 8]]^S5[z[ 3]];
CAST_exp(l, X,x, 12);
K[4] = S4[x[ 3]]^S5[x[ 2]]^S6[x[12]]^S7[x[13]]^S4[x[ 8]];
K[5] = S4[x[ 1]]^S5[x[ 0]]^S6[x[14]]^S7[x[15]]^S5[x[13]];
K[6] = S4[x[ 7]]^S5[x[ 6]]^S6[x[ 8]]^S7[x[ 9]]^S6[x[ 3]];
K[7] = S4[x[ 5]]^S5[x[ 4]]^S6[x[10]]^S7[x[11]]^S7[x[ 7]];
l = X[0]^S4[x[13]]^S5[x[15]]^S6[x[12]]^S7[x[14]]^S6[x[ 8]];
CAST_exp(l, Z, z, 0);
l = X[2]^S4[z[ 0]]^S5[z[ 2]]^S6[z[ 1]]^S7[z[ 3]]^S7[x[10]];
CAST_exp(l, Z, z, 4);
l = X[3]^S4[z[ 7]]^S5[z[ 6]]^S6[z[ 5]]^S7[z[ 4]]^S4[x[ 9]];
CAST_exp(l, Z, z, 8);
l = X[1]^S4[z[10]]^S5[z[ 9]]^S6[z[11]]^S7[z[ 8]]^S5[x[11]];
CAST_exp(l, Z,z, 12);
K[8] = S4[z[ 3]]^S5[z[ 2]]^S6[z[12]]^S7[z[13]]^S4[z[ 9]];
K[9] = S4[z[ 1]]^S5[z[ 0]]^S6[z[14]]^S7[z[15]]^S5[z[12]];
K[10] = S4[z[ 7]]^S5[z[ 6]]^S6[z[ 8]]^S7[z[ 9]]^S6[z[ 2]];
K[11] = S4[z[ 5]]^S5[z[ 4]]^S6[z[10]]^S7[z[11]]^S7[z[ 6]];
l = Z[2]^S4[z[ 5]]^S5[z[ 7]]^S6[z[ 4]]^S7[z[ 6]]^S6[z[ 0]];
CAST_exp(l, X, x, 0);
l = Z[0]^S4[x[ 0]]^S5[x[ 2]]^S6[x[ 1]]^S7[x[ 3]]^S7[z[ 2]];
CAST_exp(l, X, x, 4);
l = Z[1]^S4[x[ 7]]^S5[x[ 6]]^S6[x[ 5]]^S7[x[ 4]]^S4[z[ 1]];
CAST_exp(l, X, x, 8);
l = Z[3]^S4[x[10]]^S5[x[ 9]]^S6[x[11]]^S7[x[ 8]]^S5[z[ 3]];
CAST_exp(l, X,x, 12);
K[12] = S4[x[ 8]]^S5[x[ 9]]^S6[x[ 7]]^S7[x[ 6]]^S4[x[ 3]];
K[13] = S4[x[10]]^S5[x[11]]^S6[x[ 5]]^S7[x[ 4]]^S5[x[ 7]];
K[14] = S4[x[12]]^S5[x[13]]^S6[x[ 3]]^S7[x[ 2]]^S6[x[ 8]];
K[15] = S4[x[14]]^S5[x[15]]^S6[x[ 1]]^S7[x[ 0]]^S7[x[13]];
if (K != k)
break;
K += 16;
}
for (i = 0; i < 16; i++) {
key->data[i*2] = k[i];
key->data[i*2 + 1] = ((k[i + 16]) + 16)&0x1f;
}
}
LCRYPTO_ALIAS(CAST_set_key);
void
CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
const CAST_KEY *ks, unsigned char *iv, int enc)
{
CAST_LONG tin0, tin1;
CAST_LONG tout0, tout1, xor0, xor1;
long l = length;
CAST_LONG tin[2];
if (enc) {
n2l(iv, tout0);
n2l(iv, tout1);
iv -= 8;
for (l -= 8; l >= 0; l -= 8) {
n2l(in, tin0);
n2l(in, tin1);
tin0 ^= tout0;
tin1 ^= tout1;
tin[0] = tin0;
tin[1] = tin1;
CAST_encrypt(tin, ks);
tout0 = tin[0];
tout1 = tin[1];
l2n(tout0, out);
l2n(tout1, out);
}
if (l != -8) {
n2ln(in, tin0, tin1, l + 8);
tin0 ^= tout0;
tin1 ^= tout1;
tin[0] = tin0;
tin[1] = tin1;
CAST_encrypt(tin, ks);
tout0 = tin[0];
tout1 = tin[1];
l2n(tout0, out);
l2n(tout1, out);
}
l2n(tout0, iv);
l2n(tout1, iv);
} else {
n2l(iv, xor0);
n2l(iv, xor1);
iv -= 8;
for (l -= 8; l >= 0; l -= 8) {
n2l(in, tin0);
n2l(in, tin1);
tin[0] = tin0;
tin[1] = tin1;
CAST_decrypt(tin, ks);
tout0 = tin[0]^xor0;
tout1 = tin[1]^xor1;
l2n(tout0, out);
l2n(tout1, out);
xor0 = tin0;
xor1 = tin1;
}
if (l != -8) {
n2l(in, tin0);
n2l(in, tin1);
tin[0] = tin0;
tin[1] = tin1;
CAST_decrypt(tin, ks);
tout0 = tin[0]^xor0;
tout1 = tin[1]^xor1;
l2nn(tout0, tout1, out, l + 8);
xor0 = tin0;
xor1 = tin1;
}
l2n(xor0, iv);
l2n(xor1, iv);
}
tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
tin[0] = tin[1] = 0;
}
LCRYPTO_ALIAS(CAST_cbc_encrypt);
/*
* The input and output encrypted as though 64bit cfb mode is being
* used. The extra state information to record how much of the
* 64bit block we have used is contained in *num;
*/
void
CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
long length, const CAST_KEY *schedule, unsigned char *ivec,
int *num, int enc)
{
CAST_LONG v0, v1, t;
int n= *num;
long l = length;
CAST_LONG ti[2];
unsigned char *iv, c, cc;
iv = ivec;
if (enc) {
while (l--) {
if (n == 0) {
n2l(iv, v0);
ti[0] = v0;
n2l(iv, v1);
ti[1] = v1;
CAST_encrypt((CAST_LONG *)ti, schedule);
iv = ivec;
t = ti[0];
l2n(t, iv);
t = ti[1];
l2n(t, iv);
iv = ivec;
}
c= *(in++)^iv[n];
*(out++) = c;
iv[n] = c;
n = (n + 1)&0x07;
}
} else {
while (l--) {
if (n == 0) {
n2l(iv, v0);
ti[0] = v0;
n2l(iv, v1);
ti[1] = v1;
CAST_encrypt((CAST_LONG *)ti, schedule);
iv = ivec;
t = ti[0];
l2n(t, iv);
t = ti[1];
l2n(t, iv);
iv = ivec;
}
cc= *(in++);
c = iv[n];
iv[n] = cc;
*(out++) = c^cc;
n = (n + 1)&0x07;
}
}
v0 = v1 = ti[0] = ti[1] = t=c = cc = 0;
*num = n;
}
LCRYPTO_ALIAS(CAST_cfb64_encrypt);
void
CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
const CAST_KEY *ks, int enc)
{
CAST_LONG l, d[2];
n2l(in, l);
d[0] = l;
n2l(in, l);
d[1] = l;
if (enc)
CAST_encrypt(d, ks);
else
CAST_decrypt(d, ks);
l = d[0];
l2n(l, out);
l = d[1];
l2n(l, out);
l = d[0] = d[1] = 0;
}
LCRYPTO_ALIAS(CAST_ecb_encrypt);
/*
* The input and output encrypted as though 64bit ofb mode is being
* used. The extra state information to record how much of the
* 64bit block we have used is contained in *num;
*/
void
CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
long length, const CAST_KEY *schedule, unsigned char *ivec,
int *num)
{
CAST_LONG v0, v1, t;
int n= *num;
long l = length;
unsigned char d[8];
char *dp;
CAST_LONG ti[2];
unsigned char *iv;
int save = 0;
iv = ivec;
n2l(iv, v0);
n2l(iv, v1);
ti[0] = v0;
ti[1] = v1;
dp = (char *)d;
l2n(v0, dp);
l2n(v1, dp);
while (l--) {
if (n == 0) {
CAST_encrypt((CAST_LONG *)ti, schedule);
dp = (char *)d;
t = ti[0];
l2n(t, dp);
t = ti[1];
l2n(t, dp);
save++;
}
*(out++)= *(in++)^d[n];
n = (n + 1)&0x07;
}
if (save) {
v0 = ti[0];
v1 = ti[1];
iv = ivec;
l2n(v0, iv);
l2n(v1, iv);
}
t = v0 = v1 = ti[0] = ti[1] = 0;
*num = n;
}
LCRYPTO_ALIAS(CAST_ofb64_encrypt);

7
lib/libcrypto/cms/cms.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: cms.h,v 1.16 2023/07/28 10:28:02 tb Exp $ */
/* $OpenBSD: cms.h,v 1.17 2024/03/29 02:28:50 jsing Exp $ */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
@ -58,8 +58,11 @@
#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_CMS
#include <openssl/pem.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#ifdef __cplusplus
extern "C" {
#endif
@ -138,14 +141,12 @@ ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms);
int CMS_is_detached(CMS_ContentInfo *cms);
int CMS_set_detached(CMS_ContentInfo *cms, int detached);
#ifdef HEADER_PEM_H
CMS_ContentInfo *PEM_read_bio_CMS(BIO *bp, CMS_ContentInfo **x,
pem_password_cb *cb, void *u);
CMS_ContentInfo *PEM_read_CMS(FILE *fp, CMS_ContentInfo **x,
pem_password_cb *cb, void *u);
int PEM_write_bio_CMS(BIO *bp, const CMS_ContentInfo *x);
int PEM_write_CMS(FILE *fp, const CMS_ContentInfo *x);
#endif
int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms);
CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms);
int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms);

84
lib/libcrypto/cms/cms_sd.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: cms_sd.c,v 1.30 2024/02/02 14:13:11 tb Exp $ */
/* $OpenBSD: cms_sd.c,v 1.31 2024/03/29 06:41:58 tb Exp $ */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
@ -277,6 +277,64 @@ cms_sd_asn1_ctrl(CMS_SignerInfo *si, int cmd)
return 1;
}
static const EVP_MD *
cms_SignerInfo_default_digest_md(const CMS_SignerInfo *si)
{
int rv, nid;
if (si->pkey == NULL) {
CMSerror(CMS_R_NO_PUBLIC_KEY);
return NULL;
}
/* On failure or unsupported operation, give up. */
if ((rv = EVP_PKEY_get_default_digest_nid(si->pkey, &nid)) <= 0)
return NULL;
if (rv > 2)
return NULL;
/*
* XXX - we need to identify EdDSA in a better way. Figure out where
* and how. This mimics EdDSA checks in openssl/ca.c and openssl/req.c.
*/
/* The digest md is required to be EVP_sha512() (EdDSA). */
if (rv == 2 && nid == NID_undef)
return EVP_sha512();
/* Use mandatory or default digest. */
return EVP_get_digestbynid(nid);
}
static const EVP_MD *
cms_SignerInfo_signature_md(const CMS_SignerInfo *si)
{
int rv, nid;
if (si->pkey == NULL) {
CMSerror(CMS_R_NO_PUBLIC_KEY);
return NULL;
}
/* Fall back to digestAlgorithm unless pkey has a mandatory digest. */
if ((rv = EVP_PKEY_get_default_digest_nid(si->pkey, &nid)) <= 1)
return EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
if (rv > 2)
return NULL;
/*
* XXX - we need to identify EdDSA in a better way. Figure out where
* and how. This mimics EdDSA checks in openssl/ca.c and openssl/req.c.
*/
/* The signature md is required to be EVP_md_null() (EdDSA). */
if (nid == NID_undef)
return EVP_md_null();
/* Use mandatory digest. */
return EVP_get_digestbynid(nid);
}
CMS_SignerInfo *
CMS_add1_signer(CMS_ContentInfo *cms, X509 *signer, EVP_PKEY *pk,
const EVP_MD *md, unsigned int flags)
@ -325,19 +383,10 @@ CMS_add1_signer(CMS_ContentInfo *cms, X509 *signer, EVP_PKEY *pk,
if (!cms_set1_SignerIdentifier(si->sid, signer, type))
goto err;
if (md == NULL)
md = cms_SignerInfo_default_digest_md(si);
if (md == NULL) {
int def_nid;
if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0)
goto err;
md = EVP_get_digestbynid(def_nid);
if (md == NULL) {
CMSerror(CMS_R_NO_DEFAULT_DIGEST);
goto err;
}
}
if (!md) {
CMSerror(CMS_R_NO_DIGEST_SET);
CMSerror(CMS_R_NO_DEFAULT_DIGEST);
goto err;
}
@ -735,7 +784,7 @@ CMS_SignerInfo_sign(CMS_SignerInfo *si)
size_t sig_len = 0;
int ret = 0;
if ((md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm)) == NULL)
if ((md = cms_SignerInfo_signature_md(si)) == NULL)
goto err;
if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) {
@ -795,14 +844,9 @@ CMS_SignerInfo_verify(CMS_SignerInfo *si)
int buf_len = 0;
int ret = -1;
if ((md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm)) == NULL)
if ((md = cms_SignerInfo_signature_md(si)) == NULL)
goto err;
if (si->pkey == NULL) {
CMSerror(CMS_R_NO_PUBLIC_KEY);
goto err;
}
if (si->mctx == NULL)
si->mctx = EVP_MD_CTX_new();
if (si->mctx == NULL) {

452
lib/libcrypto/des/asm/des-586.pl
View file

@ -1,452 +0,0 @@
#!/usr/local/bin/perl
#
# The inner loop instruction sequence and the IP/FP modifications are from
# Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>
#
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
push(@INC,"${dir}","${dir}../../perlasm");
require "x86asm.pl";
require "cbc.pl";
require "desboth.pl";
# base code is in microsft
# op dest, source
# format.
#
&asm_init($ARGV[0],"des-586.pl");
$L="edi";
$R="esi";
$trans="ebp";
$small_footprint=1 if (grep(/\-DOPENSSL_SMALL_FOOTPRINT/,@ARGV));
# one can discuss setting this variable to 1 unconditionally, as
# the folded loop is only 3% slower than unrolled, but >7 times smaller
&public_label("DES_SPtrans");
&DES_encrypt_internal();
&DES_decrypt_internal();
&DES_encrypt("DES_encrypt1",1);
&DES_encrypt("DES_encrypt2",0);
&DES_encrypt3("DES_encrypt3",1);
&DES_encrypt3("DES_decrypt3",0);
&cbc("DES_ncbc_encrypt","DES_encrypt1","DES_encrypt1",0,4,5,3,5,-1);
&cbc("DES_ede3_cbc_encrypt","DES_encrypt3","DES_decrypt3",0,6,7,3,4,5);
&DES_SPtrans();
&asm_finish();
sub DES_encrypt_internal()
{
&function_begin_B("_x86_DES_encrypt");
if ($small_footprint)
{
&lea("edx",&DWP(128,"ecx"));
&push("edx");
&push("ecx");
&set_label("eloop");
&D_ENCRYPT(0,$L,$R,0,$trans,"eax","ebx","ecx","edx",&swtmp(0));
&comment("");
&D_ENCRYPT(1,$R,$L,2,$trans,"eax","ebx","ecx","edx",&swtmp(0));
&comment("");
&add("ecx",16);
&cmp("ecx",&swtmp(1));
&mov(&swtmp(0),"ecx");
&jb(&label("eloop"));
&add("esp",8);
}
else
{
&push("ecx");
for ($i=0; $i<16; $i+=2)
{
&comment("Round $i");
&D_ENCRYPT($i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx",&swtmp(0));
&comment("Round ".sprintf("%d",$i+1));
&D_ENCRYPT($i+1,$R,$L,($i+1)*2,$trans,"eax","ebx","ecx","edx",&swtmp(0));
}
&add("esp",4);
}
&ret();
&function_end_B("_x86_DES_encrypt");
}
sub DES_decrypt_internal()
{
&function_begin_B("_x86_DES_decrypt");
if ($small_footprint)
{
&push("ecx");
&lea("ecx",&DWP(128,"ecx"));
&push("ecx");
&set_label("dloop");
&D_ENCRYPT(0,$L,$R,-2,$trans,"eax","ebx","ecx","edx",&swtmp(0));
&comment("");
&D_ENCRYPT(1,$R,$L,-4,$trans,"eax","ebx","ecx","edx",&swtmp(0));
&comment("");
&sub("ecx",16);
&cmp("ecx",&swtmp(1));
&mov(&swtmp(0),"ecx");
&ja(&label("dloop"));
&add("esp",8);
}
else
{
&push("ecx");
for ($i=15; $i>0; $i-=2)
{
&comment("Round $i");
&D_ENCRYPT(15-$i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx",&swtmp(0));
&comment("Round ".sprintf("%d",$i-1));
&D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$trans,"eax","ebx","ecx","edx",&swtmp(0));
}
&add("esp",4);
}
&ret();
&function_end_B("_x86_DES_decrypt");
}
sub DES_encrypt
{
local($name,$do_ip)=@_;
&function_begin_B($name);
&push("esi");
&push("edi");
&comment("");
&comment("Load the 2 words");
if ($do_ip)
{
&mov($R,&wparam(0));
&xor( "ecx", "ecx" );
&push("ebx");
&push("ebp");
&mov("eax",&DWP(0,$R,"",0));
&mov("ebx",&wparam(2)); # get encrypt flag
&mov($L,&DWP(4,$R,"",0));
&comment("");
&comment("IP");
&IP_new("eax",$L,$R,3);
}
else
{
&mov("eax",&wparam(0));
&xor( "ecx", "ecx" );
&push("ebx");
&push("ebp");
&mov($R,&DWP(0,"eax","",0));
&mov("ebx",&wparam(2)); # get encrypt flag
&rotl($R,3);
&mov($L,&DWP(4,"eax","",0));
&rotl($L,3);
}
&picsetup($trans);
&picsymbol($trans, &label("DES_SPtrans"), $trans);
&mov( "ecx", &wparam(1) );
&cmp("ebx","0");
&je(&label("decrypt"));
&call("_x86_DES_encrypt");
&jmp(&label("done"));
&set_label("decrypt");
&call("_x86_DES_decrypt");
&set_label("done");
if ($do_ip)
{
&comment("");
&comment("FP");
&mov("edx",&wparam(0));
&FP_new($L,$R,"eax",3);
&mov(&DWP(0,"edx","",0),"eax");
&mov(&DWP(4,"edx","",0),$R);
}
else
{
&comment("");
&comment("Fixup");
&rotr($L,3); # r
&mov("eax",&wparam(0));
&rotr($R,3); # l
&mov(&DWP(0,"eax","",0),$L);
&mov(&DWP(4,"eax","",0),$R);
}
&pop("ebp");
&pop("ebx");
&pop("edi");
&pop("esi");
&ret();
&function_end_B($name);
}
sub D_ENCRYPT
{
local($r,$L,$R,$S,$trans,$u,$tmp1,$tmp2,$t,$wp1)=@_;
&mov( $u, &DWP(&n2a($S*4),$tmp2,"",0));
&xor( $tmp1, $tmp1);
&mov( $t, &DWP(&n2a(($S+1)*4),$tmp2,"",0));
&xor( $u, $R);
&xor( $tmp2, $tmp2);
&xor( $t, $R);
&and( $u, "0xfcfcfcfc" );
&and( $t, "0xcfcfcfcf" );
&movb( &LB($tmp1), &LB($u) );
&movb( &LB($tmp2), &HB($u) );
&rotr( $t, 4 );
&xor( $L, &DWP(" ",$trans,$tmp1,0));
&movb( &LB($tmp1), &LB($t) );
&xor( $L, &DWP("0x200",$trans,$tmp2,0));
&movb( &LB($tmp2), &HB($t) );
&shr( $u, 16);
&xor( $L, &DWP("0x100",$trans,$tmp1,0));
&movb( &LB($tmp1), &HB($u) );
&shr( $t, 16);
&xor( $L, &DWP("0x300",$trans,$tmp2,0));
&movb( &LB($tmp2), &HB($t) );
&and( $u, "0xff" );
&and( $t, "0xff" );
&xor( $L, &DWP("0x600",$trans,$tmp1,0));
&xor( $L, &DWP("0x700",$trans,$tmp2,0));
&mov( $tmp2, $wp1 );
&xor( $L, &DWP("0x400",$trans,$u,0));
&xor( $L, &DWP("0x500",$trans,$t,0));
}
sub n2a
{
sprintf("%d",$_[0]);
}
# now has a side affect of rotating $a by $shift
sub R_PERM_OP
{
local($a,$b,$tt,$shift,$mask,$last)=@_;
&rotl( $a, $shift ) if ($shift != 0);
&mov( $tt, $a );
&xor( $a, $b );
&and( $a, $mask );
# This can never succeed, and besides it is difficult to see what the
# idea was - Ben 13 Feb 99
if (!$last eq $b)
{
&xor( $b, $a );
&xor( $tt, $a );
}
else
{
&xor( $tt, $a );
&xor( $b, $a );
}
&comment("");
}
sub IP_new
{
local($l,$r,$tt,$lr)=@_;
&R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l);
&R_PERM_OP($r,$tt,$l,20,"0xfff0000f",$l);
&R_PERM_OP($l,$tt,$r,14,"0x33333333",$r);
&R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r);
&R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r);
if ($lr != 3)
{
if (($lr-3) < 0)
{ &rotr($tt, 3-$lr); }
else { &rotl($tt, $lr-3); }
}
if ($lr != 2)
{
if (($lr-2) < 0)
{ &rotr($r, 2-$lr); }
else { &rotl($r, $lr-2); }
}
}
sub FP_new
{
local($l,$r,$tt,$lr)=@_;
if ($lr != 2)
{
if (($lr-2) < 0)
{ &rotl($r, 2-$lr); }
else { &rotr($r, $lr-2); }
}
if ($lr != 3)
{
if (($lr-3) < 0)
{ &rotl($l, 3-$lr); }
else { &rotr($l, $lr-3); }
}
&R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r);
&R_PERM_OP($tt,$r,$l,23,"0x03fc03fc",$r);
&R_PERM_OP($l,$r,$tt,10,"0x33333333",$l);
&R_PERM_OP($r,$tt,$l,18,"0xfff0000f",$l);
&R_PERM_OP($l,$tt,$r,12,"0xf0f0f0f0",$r);
&rotr($tt , 4);
}
sub DES_SPtrans
{
&rodataseg();
&set_label("DES_SPtrans",64);
&data_word(0x02080800, 0x00080000, 0x02000002, 0x02080802);
&data_word(0x02000000, 0x00080802, 0x00080002, 0x02000002);
&data_word(0x00080802, 0x02080800, 0x02080000, 0x00000802);
&data_word(0x02000802, 0x02000000, 0x00000000, 0x00080002);
&data_word(0x00080000, 0x00000002, 0x02000800, 0x00080800);
&data_word(0x02080802, 0x02080000, 0x00000802, 0x02000800);
&data_word(0x00000002, 0x00000800, 0x00080800, 0x02080002);
&data_word(0x00000800, 0x02000802, 0x02080002, 0x00000000);
&data_word(0x00000000, 0x02080802, 0x02000800, 0x00080002);
&data_word(0x02080800, 0x00080000, 0x00000802, 0x02000800);
&data_word(0x02080002, 0x00000800, 0x00080800, 0x02000002);
&data_word(0x00080802, 0x00000002, 0x02000002, 0x02080000);
&data_word(0x02080802, 0x00080800, 0x02080000, 0x02000802);
&data_word(0x02000000, 0x00000802, 0x00080002, 0x00000000);
&data_word(0x00080000, 0x02000000, 0x02000802, 0x02080800);
&data_word(0x00000002, 0x02080002, 0x00000800, 0x00080802);
# nibble 1
&data_word(0x40108010, 0x00000000, 0x00108000, 0x40100000);
&data_word(0x40000010, 0x00008010, 0x40008000, 0x00108000);
&data_word(0x00008000, 0x40100010, 0x00000010, 0x40008000);
&data_word(0x00100010, 0x40108000, 0x40100000, 0x00000010);
&data_word(0x00100000, 0x40008010, 0x40100010, 0x00008000);
&data_word(0x00108010, 0x40000000, 0x00000000, 0x00100010);
&data_word(0x40008010, 0x00108010, 0x40108000, 0x40000010);
&data_word(0x40000000, 0x00100000, 0x00008010, 0x40108010);
&data_word(0x00100010, 0x40108000, 0x40008000, 0x00108010);
&data_word(0x40108010, 0x00100010, 0x40000010, 0x00000000);
&data_word(0x40000000, 0x00008010, 0x00100000, 0x40100010);
&data_word(0x00008000, 0x40000000, 0x00108010, 0x40008010);
&data_word(0x40108000, 0x00008000, 0x00000000, 0x40000010);
&data_word(0x00000010, 0x40108010, 0x00108000, 0x40100000);
&data_word(0x40100010, 0x00100000, 0x00008010, 0x40008000);
&data_word(0x40008010, 0x00000010, 0x40100000, 0x00108000);
# nibble 2
&data_word(0x04000001, 0x04040100, 0x00000100, 0x04000101);
&data_word(0x00040001, 0x04000000, 0x04000101, 0x00040100);
&data_word(0x04000100, 0x00040000, 0x04040000, 0x00000001);
&data_word(0x04040101, 0x00000101, 0x00000001, 0x04040001);
&data_word(0x00000000, 0x00040001, 0x04040100, 0x00000100);
&data_word(0x00000101, 0x04040101, 0x00040000, 0x04000001);
&data_word(0x04040001, 0x04000100, 0x00040101, 0x04040000);
&data_word(0x00040100, 0x00000000, 0x04000000, 0x00040101);
&data_word(0x04040100, 0x00000100, 0x00000001, 0x00040000);
&data_word(0x00000101, 0x00040001, 0x04040000, 0x04000101);
&data_word(0x00000000, 0x04040100, 0x00040100, 0x04040001);
&data_word(0x00040001, 0x04000000, 0x04040101, 0x00000001);
&data_word(0x00040101, 0x04000001, 0x04000000, 0x04040101);
&data_word(0x00040000, 0x04000100, 0x04000101, 0x00040100);
&data_word(0x04000100, 0x00000000, 0x04040001, 0x00000101);
&data_word(0x04000001, 0x00040101, 0x00000100, 0x04040000);
# nibble 3
&data_word(0x00401008, 0x10001000, 0x00000008, 0x10401008);
&data_word(0x00000000, 0x10400000, 0x10001008, 0x00400008);
&data_word(0x10401000, 0x10000008, 0x10000000, 0x00001008);
&data_word(0x10000008, 0x00401008, 0x00400000, 0x10000000);
&data_word(0x10400008, 0x00401000, 0x00001000, 0x00000008);
&data_word(0x00401000, 0x10001008, 0x10400000, 0x00001000);
&data_word(0x00001008, 0x00000000, 0x00400008, 0x10401000);
&data_word(0x10001000, 0x10400008, 0x10401008, 0x00400000);
&data_word(0x10400008, 0x00001008, 0x00400000, 0x10000008);
&data_word(0x00401000, 0x10001000, 0x00000008, 0x10400000);
&data_word(0x10001008, 0x00000000, 0x00001000, 0x00400008);
&data_word(0x00000000, 0x10400008, 0x10401000, 0x00001000);
&data_word(0x10000000, 0x10401008, 0x00401008, 0x00400000);
&data_word(0x10401008, 0x00000008, 0x10001000, 0x00401008);
&data_word(0x00400008, 0x00401000, 0x10400000, 0x10001008);
&data_word(0x00001008, 0x10000000, 0x10000008, 0x10401000);
# nibble 4
&data_word(0x08000000, 0x00010000, 0x00000400, 0x08010420);
&data_word(0x08010020, 0x08000400, 0x00010420, 0x08010000);
&data_word(0x00010000, 0x00000020, 0x08000020, 0x00010400);
&data_word(0x08000420, 0x08010020, 0x08010400, 0x00000000);
&data_word(0x00010400, 0x08000000, 0x00010020, 0x00000420);
&data_word(0x08000400, 0x00010420, 0x00000000, 0x08000020);
&data_word(0x00000020, 0x08000420, 0x08010420, 0x00010020);
&data_word(0x08010000, 0x00000400, 0x00000420, 0x08010400);
&data_word(0x08010400, 0x08000420, 0x00010020, 0x08010000);
&data_word(0x00010000, 0x00000020, 0x08000020, 0x08000400);
&data_word(0x08000000, 0x00010400, 0x08010420, 0x00000000);
&data_word(0x00010420, 0x08000000, 0x00000400, 0x00010020);
&data_word(0x08000420, 0x00000400, 0x00000000, 0x08010420);
&data_word(0x08010020, 0x08010400, 0x00000420, 0x00010000);
&data_word(0x00010400, 0x08010020, 0x08000400, 0x00000420);
&data_word(0x00000020, 0x00010420, 0x08010000, 0x08000020);
# nibble 5
&data_word(0x80000040, 0x00200040, 0x00000000, 0x80202000);
&data_word(0x00200040, 0x00002000, 0x80002040, 0x00200000);
&data_word(0x00002040, 0x80202040, 0x00202000, 0x80000000);
&data_word(0x80002000, 0x80000040, 0x80200000, 0x00202040);
&data_word(0x00200000, 0x80002040, 0x80200040, 0x00000000);
&data_word(0x00002000, 0x00000040, 0x80202000, 0x80200040);
&data_word(0x80202040, 0x80200000, 0x80000000, 0x00002040);
&data_word(0x00000040, 0x00202000, 0x00202040, 0x80002000);
&data_word(0x00002040, 0x80000000, 0x80002000, 0x00202040);
&data_word(0x80202000, 0x00200040, 0x00000000, 0x80002000);
&data_word(0x80000000, 0x00002000, 0x80200040, 0x00200000);
&data_word(0x00200040, 0x80202040, 0x00202000, 0x00000040);
&data_word(0x80202040, 0x00202000, 0x00200000, 0x80002040);
&data_word(0x80000040, 0x80200000, 0x00202040, 0x00000000);
&data_word(0x00002000, 0x80000040, 0x80002040, 0x80202000);
&data_word(0x80200000, 0x00002040, 0x00000040, 0x80200040);
# nibble 6
&data_word(0x00004000, 0x00000200, 0x01000200, 0x01000004);
&data_word(0x01004204, 0x00004004, 0x00004200, 0x00000000);
&data_word(0x01000000, 0x01000204, 0x00000204, 0x01004000);
&data_word(0x00000004, 0x01004200, 0x01004000, 0x00000204);
&data_word(0x01000204, 0x00004000, 0x00004004, 0x01004204);
&data_word(0x00000000, 0x01000200, 0x01000004, 0x00004200);
&data_word(0x01004004, 0x00004204, 0x01004200, 0x00000004);
&data_word(0x00004204, 0x01004004, 0x00000200, 0x01000000);
&data_word(0x00004204, 0x01004000, 0x01004004, 0x00000204);
&data_word(0x00004000, 0x00000200, 0x01000000, 0x01004004);
&data_word(0x01000204, 0x00004204, 0x00004200, 0x00000000);
&data_word(0x00000200, 0x01000004, 0x00000004, 0x01000200);
&data_word(0x00000000, 0x01000204, 0x01000200, 0x00004200);
&data_word(0x00000204, 0x00004000, 0x01004204, 0x01000000);
&data_word(0x01004200, 0x00000004, 0x00004004, 0x01004204);
&data_word(0x01000004, 0x01004200, 0x01004000, 0x00004004);
# nibble 7
&data_word(0x20800080, 0x20820000, 0x00020080, 0x00000000);
&data_word(0x20020000, 0x00800080, 0x20800000, 0x20820080);
&data_word(0x00000080, 0x20000000, 0x00820000, 0x00020080);
&data_word(0x00820080, 0x20020080, 0x20000080, 0x20800000);
&data_word(0x00020000, 0x00820080, 0x00800080, 0x20020000);
&data_word(0x20820080, 0x20000080, 0x00000000, 0x00820000);
&data_word(0x20000000, 0x00800000, 0x20020080, 0x20800080);
&data_word(0x00800000, 0x00020000, 0x20820000, 0x00000080);
&data_word(0x00800000, 0x00020000, 0x20000080, 0x20820080);
&data_word(0x00020080, 0x20000000, 0x00000000, 0x00820000);
&data_word(0x20800080, 0x20020080, 0x20020000, 0x00800080);
&data_word(0x20820000, 0x00000080, 0x00800080, 0x20020000);
&data_word(0x20820080, 0x00800000, 0x20800000, 0x20000080);
&data_word(0x00820000, 0x00020080, 0x20020080, 0x20800000);
&data_word(0x00000080, 0x20820000, 0x00820080, 0x00000000);
&data_word(0x20000000, 0x20800080, 0x00020000, 0x00820080);
&previous();
}

2099
lib/libcrypto/des/asm/des_enc.m4
View file

File diff suppressed because it is too large Load diff

79
lib/libcrypto/des/asm/desboth.pl
View file

@ -1,79 +0,0 @@
#!/usr/local/bin/perl
$L="edi";
$R="esi";
sub DES_encrypt3
{
local($name,$enc)=@_;
&function_begin_B($name,"");
&push("ebx");
&mov("ebx",&wparam(0));
&push("ebp");
&push("esi");
&push("edi");
&comment("");
&comment("Load the data words");
&mov($L,&DWP(0,"ebx","",0));
&mov($R,&DWP(4,"ebx","",0));
&stack_push(3);
&comment("");
&comment("IP");
&IP_new($L,$R,"edx",0);
# put them back
if ($enc)
{
&mov(&DWP(4,"ebx","",0),$R);
&mov("eax",&wparam(1));
&mov(&DWP(0,"ebx","",0),"edx");
&mov("edi",&wparam(2));
&mov("esi",&wparam(3));
}
else
{
&mov(&DWP(4,"ebx","",0),$R);
&mov("esi",&wparam(1));
&mov(&DWP(0,"ebx","",0),"edx");
&mov("edi",&wparam(2));
&mov("eax",&wparam(3));
}
&mov(&swtmp(2), (DWC(($enc)?"1":"0")));
&mov(&swtmp(1), "eax");
&mov(&swtmp(0), "ebx");
&call("DES_encrypt2");
&mov(&swtmp(2), (DWC(($enc)?"0":"1")));
&mov(&swtmp(1), "edi");
&mov(&swtmp(0), "ebx");
&call("DES_encrypt2");
&mov(&swtmp(2), (DWC(($enc)?"1":"0")));
&mov(&swtmp(1), "esi");
&mov(&swtmp(0), "ebx");
&call("DES_encrypt2");
&stack_pop(3);
&mov($L,&DWP(0,"ebx","",0));
&mov($R,&DWP(4,"ebx","",0));
&comment("");
&comment("FP");
&FP_new($L,$R,"eax",0);
&mov(&DWP(0,"ebx","",0),"eax");
&mov(&DWP(4,"ebx","",0),$R);
&pop("edi");
&pop("esi");
&pop("ebp");
&pop("ebx");
&ret();
&function_end_B($name);
}

63
lib/libcrypto/ec/ecx_methods.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ecx_methods.c,v 1.11 2024/01/04 17:01:26 tb Exp $ */
/* $OpenBSD: ecx_methods.c,v 1.12 2024/03/29 06:41:58 tb Exp $ */
/*
* Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
*
@ -17,6 +17,7 @@
#include <string.h>
#include <openssl/cms.h>
#include <openssl/curve25519.h>
#include <openssl/ec.h>
#include <openssl/err.h>
@ -530,10 +531,67 @@ ecx_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
return -2;
}
#ifndef OPENSSL_NO_CMS
static int
ecx_cms_sign_or_verify(EVP_PKEY *pkey, long verify, CMS_SignerInfo *si)
{
X509_ALGOR *digestAlgorithm, *signatureAlgorithm;
ASN1_OBJECT *aobj;
if (verify != 0 && verify != 1)
return -1;
/* Check that we have an Ed25519 public key. */
if (EVP_PKEY_id(pkey) != NID_ED25519)
return -1;
CMS_SignerInfo_get0_algs(si, NULL, NULL, &digestAlgorithm,
&signatureAlgorithm);
/* RFC 8419, section 2.3: digestAlgorithm MUST be SHA-512. */
if (digestAlgorithm == NULL)
return -1;
if (OBJ_obj2nid(digestAlgorithm->algorithm) != NID_sha512)
return -1;
/*
* RFC 8419, section 2.4: signatureAlgorithm MUST be Ed25519, and the
* parameters MUST be absent. For verification check that this is the
* case, for signing set the signatureAlgorithm accordingly.
*/
if (verify) {
const ASN1_OBJECT *obj;
int param_type;
if (signatureAlgorithm == NULL)
return -1;
X509_ALGOR_get0(&obj, &param_type, NULL, signatureAlgorithm);
if (OBJ_obj2nid(obj) != NID_ED25519)
return -1;
if (param_type != V_ASN1_UNDEF)
return -1;
return 1;
}
if ((aobj = OBJ_nid2obj(NID_ED25519)) == NULL)
return -1;
if (!X509_ALGOR_set0(signatureAlgorithm, aobj, V_ASN1_UNDEF, NULL))
return -1;
return 1;
}
#endif
static int
ecx_sign_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
{
switch (op) {
#ifndef OPENSSL_NO_CMS
case ASN1_PKEY_CTRL_CMS_SIGN:
return ecx_cms_sign_or_verify(pkey, arg1, arg2);
#endif
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
/* PureEdDSA does its own hashing. */
*(int *)arg2 = NID_undef;
@ -806,6 +864,9 @@ pkey_ecx_ed_ctrl(EVP_PKEY_CTX *pkey_ctx, int op, int arg1, void *arg2)
}
return 1;
#ifndef OPENSSL_NO_CMS
case EVP_PKEY_CTRL_CMS_SIGN:
#endif
case EVP_PKEY_CTRL_DIGESTINIT:
return 1;
}

4
lib/libcrypto/err/err_all.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: err_all.c,v 1.35 2024/03/24 06:05:41 tb Exp $ */
/* $OpenBSD: err_all.c,v 1.36 2024/03/29 02:22:18 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -74,7 +74,7 @@
#include <openssl/kdf.h>
#include <openssl/objects.h>
#include <openssl/ocsp.h>
#include <openssl/pem2.h>
#include <openssl/pem.h>
#include <openssl/pkcs12.h>
#include <openssl/rand.h>
#include <openssl/ts.h>

106
lib/libcrypto/gost/gost_err.c
View file

@ -1,106 +0,0 @@
/* crypto/gost/gost_err.c */
/* ====================================================================
* Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/gost.h>
#ifndef OPENSSL_NO_ERR
#define ERR_FUNC(func) ERR_PACK(ERR_LIB_GOST,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_GOST,0,reason)
static ERR_STRING_DATA GOST_str_functs[]= {
{ERR_FUNC(0xfff), "CRYPTO_internal"},
{0, NULL}
};
static ERR_STRING_DATA GOST_str_reasons[] = {
{ERR_REASON(GOST_R_BAD_KEY_PARAMETERS_FORMAT),"bad key parameters format"},
{ERR_REASON(GOST_R_BAD_PKEY_PARAMETERS_FORMAT),"bad pkey parameters format"},
{ERR_REASON(GOST_R_CANNOT_PACK_EPHEMERAL_KEY),"cannot pack ephemeral key"},
{ERR_REASON(GOST_R_CTRL_CALL_FAILED) ,"ctrl call failed"},
{ERR_REASON(GOST_R_ERROR_COMPUTING_SHARED_KEY),"error computing shared key"},
{ERR_REASON(GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO),"error parsing key transport info"},
{ERR_REASON(GOST_R_INCOMPATIBLE_ALGORITHMS),"incompatible algorithms"},
{ERR_REASON(GOST_R_INCOMPATIBLE_PEER_KEY),"incompatible peer key"},
{ERR_REASON(GOST_R_INVALID_DIGEST_TYPE) ,"invalid digest type"},
{ERR_REASON(GOST_R_INVALID_IV_LENGTH) ,"invalid iv length"},
{ERR_REASON(GOST_R_INVALID_MAC_KEY_LENGTH),"invalid mac key length"},
{ERR_REASON(GOST_R_KEY_IS_NOT_INITIALIZED),"key is not initialized"},
{ERR_REASON(GOST_R_KEY_PARAMETERS_MISSING),"key parameters missing"},
{ERR_REASON(GOST_R_MAC_KEY_NOT_SET) ,"mac key not set"},
{ERR_REASON(GOST_R_NO_PARAMETERS_SET) ,"no parameters set"},
{ERR_REASON(GOST_R_NO_PEER_KEY) ,"no peer key"},
{ERR_REASON(GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR),"no private part of non ephemeral keypair"},
{ERR_REASON(GOST_R_PUBLIC_KEY_UNDEFINED) ,"public key undefined"},
{ERR_REASON(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED),"random number generator failed"},
{ERR_REASON(GOST_R_SIGNATURE_MISMATCH) ,"signature mismatch"},
{ERR_REASON(GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q),"signature parts greater than q"},
{ERR_REASON(GOST_R_UKM_NOT_SET) ,"ukm not set"},
{0, NULL}
};
#endif
void
ERR_load_GOST_strings(void) {
#ifndef OPENSSL_NO_ERR
if (ERR_func_error_string(GOST_str_functs[0].error) == NULL) {
ERR_load_strings(0,GOST_str_functs);
ERR_load_strings(0,GOST_str_reasons);
}
#endif
}
LCRYPTO_ALIAS(ERR_load_GOST_strings);

116
lib/libcrypto/gost/gost_local.h
View file

@ -1,116 +0,0 @@
/* $OpenBSD: gost_local.h,v 1.3 2023/07/28 15:50:33 tb Exp $ */
/*
* Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* Copyright (c) 2005-2006 Cryptocom LTD
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#ifndef HEADER_GOST_LOCAL_H
#define HEADER_GOST_LOCAL_H
#include <openssl/ec.h>
__BEGIN_HIDDEN_DECLS
/* Internal representation of GOST substitution blocks */
typedef struct {
unsigned char k8[16];
unsigned char k7[16];
unsigned char k6[16];
unsigned char k5[16];
unsigned char k4[16];
unsigned char k3[16];
unsigned char k2[16];
unsigned char k1[16];
} gost_subst_block;
#if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
# define c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4)
# define l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4)
#else
#define c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \
l|=(((unsigned long)(*((c)++)))<< 8), \
l|=(((unsigned long)(*((c)++)))<<16), \
l|=(((unsigned long)(*((c)++)))<<24))
#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
*((c)++)=(unsigned char)(((l)>> 8)&0xff), \
*((c)++)=(unsigned char)(((l)>>16)&0xff), \
*((c)++)=(unsigned char)(((l)>>24)&0xff))
#endif
extern void Gost2814789_encrypt(const unsigned char *in, unsigned char *out,
const GOST2814789_KEY *key);
extern void Gost2814789_decrypt(const unsigned char *in, unsigned char *out,
const GOST2814789_KEY *key);
extern void Gost2814789_cryptopro_key_mesh(GOST2814789_KEY *key);
/* GOST 28147-89 key wrapping */
extern int gost_key_unwrap_crypto_pro(int nid,
const unsigned char *keyExchangeKey, const unsigned char *wrappedKey,
unsigned char *sessionKey);
extern int gost_key_wrap_crypto_pro(int nid,
const unsigned char *keyExchangeKey, const unsigned char *ukm,
const unsigned char *sessionKey, unsigned char *wrappedKey);
/* Pkey part */
extern int gost2001_compute_public(GOST_KEY *ec);
extern ECDSA_SIG *gost2001_do_sign(BIGNUM *md, GOST_KEY *eckey);
extern int gost2001_do_verify(BIGNUM *md, ECDSA_SIG *sig, GOST_KEY *ec);
extern int gost2001_keygen(GOST_KEY *ec);
extern int VKO_compute_key(BIGNUM *X, BIGNUM *Y, const GOST_KEY *pkey,
GOST_KEY *priv_key, const BIGNUM *ukm);
extern BIGNUM *GOST_le2bn(const unsigned char *buf, size_t len, BIGNUM *bn);
extern int GOST_bn2le(BIGNUM *bn, unsigned char *buf, int len);
/* GOST R 34.10 parameters */
extern int GostR3410_get_md_digest(int nid);
extern int GostR3410_get_pk_digest(int nid);
extern int GostR3410_256_param_id(const char *value);
extern int GostR3410_512_param_id(const char *value);
__END_HIDDEN_DECLS
#endif /* !HEADER_GOST_LOCAL_H */

278
lib/libcrypto/gost/gostr341194.c
View file

@ -1,278 +0,0 @@
/* $OpenBSD: gostr341194.c,v 1.7 2023/07/08 14:30:44 beck Exp $ */
/*
* Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* Copyright (c) 2005-2006 Cryptocom LTD
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <string.h>
#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_GOST
#include <openssl/crypto.h>
#include <openssl/objects.h>
#include <openssl/gost.h>
#include "gost_local.h"
/* Following functions are various bit meshing routines used in
* GOST R 34.11-94 algorithms */
static void
swap_bytes(unsigned char *w, unsigned char *k)
{
int i, j;
for (i = 0; i < 4; i++)
for (j = 0; j < 8; j++)
k[i + 4 * j] = w[8 * i + j];
}
/* was A_A */
static void
circle_xor8(const unsigned char *w, unsigned char *k)
{
unsigned char buf[8];
int i;
memcpy(buf, w, 8);
memmove(k, w + 8, 24);
for (i = 0; i < 8; i++)
k[i + 24] = buf[i] ^ k[i];
}
/* was R_R */
static void
transform_3(unsigned char *data)
{
unsigned short int acc;
acc = (data[0] ^ data[2] ^ data[4] ^ data[6] ^ data[24] ^ data[30]) |
((data[1] ^ data[3] ^ data[5] ^ data[7] ^ data[25] ^ data[31]) << 8);
memmove(data, data + 2, 30);
data[30] = acc & 0xff;
data[31] = acc >> 8;
}
/* Adds blocks of N bytes modulo 2**(8*n). Returns carry*/
static int
add_blocks(int n, unsigned char *left, const unsigned char *right)
{
int i;
int carry = 0;
int sum;
for (i = 0; i < n; i++) {
sum = (int)left[i] + (int)right[i] + carry;
left[i] = sum & 0xff;
carry = sum >> 8;
}
return carry;
}
/* Xor two sequences of bytes */
static void
xor_blocks(unsigned char *result, const unsigned char *a,
const unsigned char *b, size_t len)
{
size_t i;
for (i = 0; i < len; i++)
result[i] = a[i] ^ b[i];
}
/*
* Calculate H(i+1) = Hash(Hi,Mi)
* Where H and M are 32 bytes long
*/
static int
hash_step(GOSTR341194_CTX *c, unsigned char *H, const unsigned char *M)
{
unsigned char U[32], W[32], V[32], S[32], Key[32];
int i;
/* Compute first key */
xor_blocks(W, H, M, 32);
swap_bytes(W, Key);
/* Encrypt first 8 bytes of H with first key */
Gost2814789_set_key(&c->cipher, Key, 256);
Gost2814789_encrypt(H, S, &c->cipher);
/* Compute second key */
circle_xor8(H, U);
circle_xor8(M, V);
circle_xor8(V, V);
xor_blocks(W, U, V, 32);
swap_bytes(W, Key);
/* encrypt second 8 bytes of H with second key */
Gost2814789_set_key(&c->cipher, Key, 256);
Gost2814789_encrypt(H+8, S+8, &c->cipher);
/* compute third key */
circle_xor8(U, U);
U[31] = ~U[31];
U[29] = ~U[29];
U[28] = ~U[28];
U[24] = ~U[24];
U[23] = ~U[23];
U[20] = ~U[20];
U[18] = ~U[18];
U[17] = ~U[17];
U[14] = ~U[14];
U[12] = ~U[12];
U[10] = ~U[10];
U[8] = ~U[8];
U[7] = ~U[7];
U[5] = ~U[5];
U[3] = ~U[3];
U[1] = ~U[1];
circle_xor8(V, V);
circle_xor8(V, V);
xor_blocks(W, U, V, 32);
swap_bytes(W, Key);
/* encrypt third 8 bytes of H with third key */
Gost2814789_set_key(&c->cipher, Key, 256);
Gost2814789_encrypt(H+16, S+16, &c->cipher);
/* Compute fourth key */
circle_xor8(U, U);
circle_xor8(V, V);
circle_xor8(V, V);
xor_blocks(W, U, V, 32);
swap_bytes(W, Key);
/* Encrypt last 8 bytes with fourth key */
Gost2814789_set_key(&c->cipher, Key, 256);
Gost2814789_encrypt(H+24, S+24, &c->cipher);
for (i = 0; i < 12; i++)
transform_3(S);
xor_blocks(S, S, M, 32);
transform_3(S);
xor_blocks(S, S, H, 32);
for (i = 0; i < 61; i++)
transform_3(S);
memcpy(H, S, 32);
return 1;
}
int
GOSTR341194_Init(GOSTR341194_CTX *c, int nid)
{
memset(c, 0, sizeof(*c));
return Gost2814789_set_sbox(&c->cipher, nid);
}
LCRYPTO_ALIAS(GOSTR341194_Init);
static void
GOSTR341194_block_data_order(GOSTR341194_CTX *ctx, const unsigned char *p,
size_t num)
{
int i;
for (i = 0; i < num; i++) {
hash_step(ctx, ctx->H, p);
add_blocks(32, ctx->S, p);
p += 32;
}
}
#define DATA_ORDER_IS_LITTLE_ENDIAN
#define HASH_CBLOCK GOSTR341194_CBLOCK
#define HASH_LONG GOSTR341194_LONG
#define HASH_CTX GOSTR341194_CTX
#define HASH_UPDATE GOSTR341194_Update
#define HASH_TRANSFORM GOSTR341194_Transform
#define HASH_NO_FINAL 1
#define HASH_BLOCK_DATA_ORDER GOSTR341194_block_data_order
#include "md32_common.h"
LCRYPTO_ALIAS(GOSTR341194_Update);
LCRYPTO_ALIAS(GOSTR341194_Transform);
int
GOSTR341194_Final(unsigned char *md, GOSTR341194_CTX * c)
{
unsigned char *p = (unsigned char *)c->data;
unsigned char T[32];
if (c->num > 0) {
memset(p + c->num, 0, 32 - c->num);
hash_step(c, c->H, p);
add_blocks(32, c->S, p);
}
p = T;
HOST_l2c(c->Nl, p);
HOST_l2c(c->Nh, p);
memset(p, 0, 32 - 8);
hash_step(c, c->H, T);
hash_step(c, c->H, c->S);
memcpy(md, c->H, 32);
return 1;
}
LCRYPTO_ALIAS(GOSTR341194_Final);
unsigned char *
GOSTR341194(const unsigned char *d, size_t n, unsigned char *md, int nid)
{
GOSTR341194_CTX c;
static unsigned char m[GOSTR341194_LENGTH];
if (md == NULL)
md = m;
if (!GOSTR341194_Init(&c, nid))
return 0;
GOSTR341194_Update(&c, d, n);
GOSTR341194_Final(md, &c);
explicit_bzero(&c, sizeof(c));
return (md);
}
LCRYPTO_ALIAS(GOSTR341194);
#endif

36
lib/libcrypto/hidden/openssl/blowfish.h Normal file
View file

@ -0,0 +1,36 @@
/* $OpenBSD: blowfish.h,v 1.1 2024/03/29 02:37:20 joshua Exp $ */
/*
* Copyright (c) 2024 Joshua Sing <joshua@joshuasing.dev>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef _LIBCRYPTO_BLOWFISH_H
#define _LIBCRYPTO_BLOWFISH_H
#ifndef _MSC_VER
#include_next <openssl/blowfish.h>
#else
#include "../include/openssl/blowfish.h"
#endif
#include "crypto_namespace.h"
LCRYPTO_USED(BF_set_key);
LCRYPTO_USED(BF_encrypt);
LCRYPTO_USED(BF_decrypt);
LCRYPTO_USED(BF_ecb_encrypt);
LCRYPTO_USED(BF_cbc_encrypt);
LCRYPTO_USED(BF_cfb64_encrypt);
LCRYPTO_USED(BF_ofb64_encrypt);
#endif /* _LIBCRYPTO_BLOWFISH_H */

124
lib/libcrypto/idea/i_cfb64.c
View file

@ -1,124 +0,0 @@
/* $OpenBSD: i_cfb64.c,v 1.6 2023/07/08 10:44:00 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <openssl/idea.h>
#include "idea_local.h"
/* The input and output encrypted as though 64bit cfb mode is being
* used. The extra state information to record how much of the
* 64bit block we have used is contained in *num;
*/
void
idea_cfb64_encrypt(const unsigned char *in, unsigned char *out,
long length, IDEA_KEY_SCHEDULE *schedule,
unsigned char *ivec, int *num, int encrypt)
{
unsigned long v0, v1, t;
int n = *num;
long l = length;
unsigned long ti[2];
unsigned char *iv, c, cc;
iv = (unsigned char *)ivec;
if (encrypt) {
while (l--) {
if (n == 0) {
n2l(iv, v0);
ti[0] = v0;
n2l(iv, v1);
ti[1] = v1;
idea_encrypt((unsigned long *)ti, schedule);
iv = (unsigned char *)ivec;
t = ti[0];
l2n(t, iv);
t = ti[1];
l2n(t, iv);
iv = (unsigned char *)ivec;
}
c = *(in++) ^ iv[n];
*(out++) = c;
iv[n] = c;
n = (n + 1) & 0x07;
}
} else {
while (l--) {
if (n == 0) {
n2l(iv, v0);
ti[0] = v0;
n2l(iv, v1);
ti[1] = v1;
idea_encrypt((unsigned long *)ti, schedule);
iv = (unsigned char *)ivec;
t = ti[0];
l2n(t, iv);
t = ti[1];
l2n(t, iv);
iv = (unsigned char *)ivec;
}
cc = *(in++);
c = iv[n];
iv[n] = cc;
*(out++) = c ^ cc;
n = (n + 1) & 0x07;
}
}
v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
*num = n;
}
LCRYPTO_ALIAS(idea_cfb64_encrypt);

80
lib/libcrypto/idea/i_ecb.c
View file

@ -1,80 +0,0 @@
/* $OpenBSD: i_ecb.c,v 1.7 2023/07/28 10:35:14 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <openssl/idea.h>
#include "idea_local.h"
#include <openssl/opensslv.h>
void
idea_ecb_encrypt(const unsigned char *in, unsigned char *out,
IDEA_KEY_SCHEDULE *ks)
{
unsigned long l0, l1, d[2];
n2l(in, l0);
d[0] = l0;
n2l(in, l1);
d[1] = l1;
idea_encrypt(d, ks);
l0 = d[0];
l2n(l0, out);
l1 = d[1];
l2n(l1, out);
l0 = l1 = d[0] = d[1] = 0;
}
LCRYPTO_ALIAS(idea_ecb_encrypt);

111
lib/libcrypto/idea/i_ofb64.c
View file

@ -1,111 +0,0 @@
/* $OpenBSD: i_ofb64.c,v 1.6 2023/07/08 10:44:00 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <openssl/idea.h>
#include "idea_local.h"
/* The input and output encrypted as though 64bit ofb mode is being
* used. The extra state information to record how much of the
* 64bit block we have used is contained in *num;
*/
void
idea_ofb64_encrypt(const unsigned char *in, unsigned char *out,
long length, IDEA_KEY_SCHEDULE *schedule,
unsigned char *ivec, int *num)
{
unsigned long v0, v1, t;
int n = *num;
long l = length;
unsigned char d[8];
char *dp;
unsigned long ti[2];
unsigned char *iv;
int save = 0;
iv = (unsigned char *)ivec;
n2l(iv, v0);
n2l(iv, v1);
ti[0] = v0;
ti[1] = v1;
dp = (char *)d;
l2n(v0, dp);
l2n(v1, dp);
while (l--) {
if (n == 0) {
idea_encrypt((unsigned long *)ti, schedule);
dp = (char *)d;
t = ti[0];
l2n(t, dp);
t = ti[1];
l2n(t, dp);
save++;
}
*(out++) = *(in++) ^ d[n];
n = (n + 1) & 0x07;
}
if (save) {
v0 = ti[0];
v1 = ti[1];
iv = (unsigned char *)ivec;
l2n(v0, iv);
l2n(v1, iv);
}
t = v0 = v1 = ti[0] = ti[1] = 0;
*num = n;
}
LCRYPTO_ALIAS(idea_ofb64_encrypt);

169
lib/libcrypto/idea/i_skey.c
View file

@ -1,169 +0,0 @@
/* $OpenBSD: i_skey.c,v 1.7 2023/07/08 10:44:00 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <openssl/crypto.h>
#include <openssl/idea.h>
#include "idea_local.h"
static IDEA_INT inverse(unsigned int xin);
void
idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks)
{
int i;
IDEA_INT *kt, *kf, r0, r1, r2;
kt = &(ks->data[0][0]);
n2s(key, kt[0]);
n2s(key, kt[1]);
n2s(key, kt[2]);
n2s(key, kt[3]);
n2s(key, kt[4]);
n2s(key, kt[5]);
n2s(key, kt[6]);
n2s(key, kt[7]);
kf = kt;
kt += 8;
for (i = 0; i < 6; i++)
{
r2 = kf[1];
r1 = kf[2];
*(kt++) = ((r2 << 9) | (r1 >> 7)) & 0xffff;
r0 = kf[3];
*(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff;
r1 = kf[4];
*(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff;
r0 = kf[5];
*(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff;
r1 = kf[6];
*(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff;
r0 = kf[7];
*(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff;
r1 = kf[0];
if (i >= 5)
break;
*(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff;
*(kt++) = ((r1 << 9) | (r2 >> 7)) & 0xffff;
kf += 8;
}
}
LCRYPTO_ALIAS(idea_set_encrypt_key);
void
idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk)
{
int r;
IDEA_INT *fp, *tp, t;
tp = &(dk->data[0][0]);
fp = &(ek->data[8][0]);
for (r = 0; r < 9; r++)
{
*(tp++) = inverse(fp[0]);
*(tp++) = ((int)(0x10000L - fp[2]) & 0xffff);
*(tp++) = ((int)(0x10000L - fp[1]) & 0xffff);
*(tp++) = inverse(fp[3]);
if (r == 8)
break;
fp -= 6;
*(tp++) = fp[4];
*(tp++) = fp[5];
}
tp = &(dk->data[0][0]);
t = tp[1];
tp[1] = tp[2];
tp[2] = t;
t = tp[49];
tp[49] = tp[50];
tp[50] = t;
}
LCRYPTO_ALIAS(idea_set_decrypt_key);
/* taken directly from the 'paper' I'll have a look at it later */
static IDEA_INT
inverse(unsigned int xin)
{
long n1, n2, q, r, b1, b2, t;
if (xin == 0)
b2 = 0;
else {
n1 = 0x10001;
n2 = xin;
b2 = 1;
b1 = 0;
do {
r = (n1 % n2);
q = (n1 - r)/n2;
if (r == 0) {
if (b2 < 0)
b2 = 0x10001 + b2;
} else {
n1 = n2;
n2 = r;
t = b2;
b2 = b1 - q*b2;
b1 = t;
}
} while (r != 0);
}
return ((IDEA_INT)b2);
}

244
lib/libcrypto/idea/i_cbc.c → lib/libcrypto/idea/idea.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: i_cbc.c,v 1.6 2023/07/08 10:44:00 beck Exp $ */
/* $OpenBSD: idea.c,v 1.1 2024/03/29 05:23:50 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -174,3 +174,245 @@ idea_encrypt(unsigned long *d, IDEA_KEY_SCHEDULE *key)
d[1] = (x4 & 0xffff)|((t1 & 0xffff) << 16);
}
LCRYPTO_ALIAS(idea_encrypt);
/* The input and output encrypted as though 64bit cfb mode is being
* used. The extra state information to record how much of the
* 64bit block we have used is contained in *num;
*/
void
idea_cfb64_encrypt(const unsigned char *in, unsigned char *out,
long length, IDEA_KEY_SCHEDULE *schedule,
unsigned char *ivec, int *num, int encrypt)
{
unsigned long v0, v1, t;
int n = *num;
long l = length;
unsigned long ti[2];
unsigned char *iv, c, cc;
iv = (unsigned char *)ivec;
if (encrypt) {
while (l--) {
if (n == 0) {
n2l(iv, v0);
ti[0] = v0;
n2l(iv, v1);
ti[1] = v1;
idea_encrypt((unsigned long *)ti, schedule);
iv = (unsigned char *)ivec;
t = ti[0];
l2n(t, iv);
t = ti[1];
l2n(t, iv);
iv = (unsigned char *)ivec;
}
c = *(in++) ^ iv[n];
*(out++) = c;
iv[n] = c;
n = (n + 1) & 0x07;
}
} else {
while (l--) {
if (n == 0) {
n2l(iv, v0);
ti[0] = v0;
n2l(iv, v1);
ti[1] = v1;
idea_encrypt((unsigned long *)ti, schedule);
iv = (unsigned char *)ivec;
t = ti[0];
l2n(t, iv);
t = ti[1];
l2n(t, iv);
iv = (unsigned char *)ivec;
}
cc = *(in++);
c = iv[n];
iv[n] = cc;
*(out++) = c ^ cc;
n = (n + 1) & 0x07;
}
}
v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
*num = n;
}
LCRYPTO_ALIAS(idea_cfb64_encrypt);
void
idea_ecb_encrypt(const unsigned char *in, unsigned char *out,
IDEA_KEY_SCHEDULE *ks)
{
unsigned long l0, l1, d[2];
n2l(in, l0);
d[0] = l0;
n2l(in, l1);
d[1] = l1;
idea_encrypt(d, ks);
l0 = d[0];
l2n(l0, out);
l1 = d[1];
l2n(l1, out);
l0 = l1 = d[0] = d[1] = 0;
}
LCRYPTO_ALIAS(idea_ecb_encrypt);
/*
* The input and output encrypted as though 64bit ofb mode is being
* used. The extra state information to record how much of the
* 64bit block we have used is contained in *num;
*/
void
idea_ofb64_encrypt(const unsigned char *in, unsigned char *out,
long length, IDEA_KEY_SCHEDULE *schedule,
unsigned char *ivec, int *num)
{
unsigned long v0, v1, t;
int n = *num;
long l = length;
unsigned char d[8];
char *dp;
unsigned long ti[2];
unsigned char *iv;
int save = 0;
iv = (unsigned char *)ivec;
n2l(iv, v0);
n2l(iv, v1);
ti[0] = v0;
ti[1] = v1;
dp = (char *)d;
l2n(v0, dp);
l2n(v1, dp);
while (l--) {
if (n == 0) {
idea_encrypt((unsigned long *)ti, schedule);
dp = (char *)d;
t = ti[0];
l2n(t, dp);
t = ti[1];
l2n(t, dp);
save++;
}
*(out++) = *(in++) ^ d[n];
n = (n + 1) & 0x07;
}
if (save) {
v0 = ti[0];
v1 = ti[1];
iv = (unsigned char *)ivec;
l2n(v0, iv);
l2n(v1, iv);
}
t = v0 = v1 = ti[0] = ti[1] = 0;
*num = n;
}
LCRYPTO_ALIAS(idea_ofb64_encrypt);
/* taken directly from the 'paper' I'll have a look at it later */
static IDEA_INT
inverse(unsigned int xin)
{
long n1, n2, q, r, b1, b2, t;
if (xin == 0)
b2 = 0;
else {
n1 = 0x10001;
n2 = xin;
b2 = 1;
b1 = 0;
do {
r = (n1 % n2);
q = (n1 - r)/n2;
if (r == 0) {
if (b2 < 0)
b2 = 0x10001 + b2;
} else {
n1 = n2;
n2 = r;
t = b2;
b2 = b1 - q*b2;
b1 = t;
}
} while (r != 0);
}
return ((IDEA_INT)b2);
}
void
idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks)
{
int i;
IDEA_INT *kt, *kf, r0, r1, r2;
kt = &(ks->data[0][0]);
n2s(key, kt[0]);
n2s(key, kt[1]);
n2s(key, kt[2]);
n2s(key, kt[3]);
n2s(key, kt[4]);
n2s(key, kt[5]);
n2s(key, kt[6]);
n2s(key, kt[7]);
kf = kt;
kt += 8;
for (i = 0; i < 6; i++)
{
r2 = kf[1];
r1 = kf[2];
*(kt++) = ((r2 << 9) | (r1 >> 7)) & 0xffff;
r0 = kf[3];
*(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff;
r1 = kf[4];
*(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff;
r0 = kf[5];
*(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff;
r1 = kf[6];
*(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff;
r0 = kf[7];
*(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff;
r1 = kf[0];
if (i >= 5)
break;
*(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff;
*(kt++) = ((r1 << 9) | (r2 >> 7)) & 0xffff;
kf += 8;
}
}
LCRYPTO_ALIAS(idea_set_encrypt_key);
void
idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk)
{
int r;
IDEA_INT *fp, *tp, t;
tp = &(dk->data[0][0]);
fp = &(ek->data[8][0]);
for (r = 0; r < 9; r++)
{
*(tp++) = inverse(fp[0]);
*(tp++) = ((int)(0x10000L - fp[2]) & 0xffff);
*(tp++) = ((int)(0x10000L - fp[1]) & 0xffff);
*(tp++) = inverse(fp[3]);
if (r == 8)
break;
fp -= 6;
*(tp++) = fp[4];
*(tp++) = fp[5];
}
tp = &(dk->data[0][0]);
t = tp[1];
tp[1] = tp[2];
tp[2] = t;
t = tp[49];
tp[49] = tp[50];
tp[50] = t;
}
LCRYPTO_ALIAS(idea_set_decrypt_key);

7
lib/libcrypto/man/CMS_add1_signer.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: CMS_add1_signer.3,v 1.8 2020/06/24 18:15:00 jmc Exp $
.\" $OpenBSD: CMS_add1_signer.3,v 1.9 2024/03/29 06:43:12 tb Exp $
.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
.\"
.\" This file is a derived work.
@ -65,7 +65,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: June 24 2020 $
.Dd $Mdocdate: March 29 2024 $
.Dt CMS_ADD1_SIGNER 3
.Os
.Sh NAME
@ -229,6 +229,9 @@ if an error occurs.
.Sh STANDARDS
RFC 5652: Cryptographic Message Syntax, section 5.1: SignedData Type
.Pp
RFC 8419: Use of Edwards-Curve Digital Signature Algorithm (EdDSA) Signatures
in the Cryptographic Message Syntax (CMS)
.Pp
RFC 8551: Secure/Multipurpose Internet Mail Extensions (S/MIME)
Version\ 4.0 Message Specification
.Bl -dash -compact -offset indent

7
lib/libcrypto/man/CMS_sign.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: CMS_sign.3,v 1.9 2020/06/24 18:15:00 jmc Exp $
.\" $OpenBSD: CMS_sign.3,v 1.10 2024/03/29 06:43:12 tb Exp $
.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@ -48,7 +48,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: June 24 2020 $
.Dd $Mdocdate: March 29 2024 $
.Dt CMS_SIGN 3
.Os
.Sh NAME
@ -231,6 +231,9 @@ section 5.1: SignedData Type
section 5.3: SignerInfo Type
.El
.Pp
RFC 8419: Use of Edwards-Curve Digital Signature Algorithm (EdDSA) Signatures
in the Cryptographic Message Syntax (CMS)
.Pp
RFC 8551: Secure/Multipurpose Internet Mail Extensions (S/MIME)
Version\ 4.0 Message Specification,
section 2.5.2: SMIMECapabilities Attribute

7
lib/libcrypto/man/CMS_verify.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: CMS_verify.3,v 1.9 2023/06/05 17:17:23 job Exp $
.\" $OpenBSD: CMS_verify.3,v 1.10 2024/03/29 06:43:12 tb Exp $
.\" full merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@ -48,7 +48,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: June 5 2023 $
.Dd $Mdocdate: March 29 2024 $
.Dt CMS_VERIFY 3
.Os
.Sh NAME
@ -213,6 +213,9 @@ The error can be obtained from
.Sh STANDARDS
RFC 5652: Cryptographic Message Syntax (CMS),
section 5.1: SignedData Type
.Pp
RFC 8419: Use of Edwards-Curve Digital Signature Algorithm (EdDSA) Signatures
in the Cryptographic Message Syntax (CMS)
.Sh HISTORY
These functions first appeared in OpenSSL 0.9.8h
and have been available since

3
lib/libcrypto/pem/pem.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: pem.h,v 1.26 2023/04/25 17:51:36 tb Exp $ */
/* $OpenBSD: pem.h,v 1.27 2024/03/29 02:22:18 jsing Exp $ */
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -69,7 +69,6 @@
#endif
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem2.h>
#ifdef __cplusplus
extern "C" {

45
lib/libcrypto/rc2/rc2_local.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: rc2_local.h,v 1.2 2023/07/07 08:29:37 beck Exp $ */
/* $OpenBSD: rc2_local.h,v 1.3 2024/03/29 05:03:48 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -101,49 +101,6 @@
} \
}
/* NOTE - c is not incremented as per n2l */
#define n2ln(c,l1,l2,n) { \
c+=n; \
l1=l2=0; \
switch (n) { \
case 8: l2 =((unsigned long)(*(--(c)))) ; \
case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
case 6: l2|=((unsigned long)(*(--(c))))<<16; \
case 5: l2|=((unsigned long)(*(--(c))))<<24; \
case 4: l1 =((unsigned long)(*(--(c)))) ; \
case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
case 2: l1|=((unsigned long)(*(--(c))))<<16; \
case 1: l1|=((unsigned long)(*(--(c))))<<24; \
} \
}
/* NOTE - c is not incremented as per l2n */
#define l2nn(l1,l2,c,n) { \
c+=n; \
switch (n) { \
case 8: *(--(c))=(unsigned char)(((l2) )&0xff);\
case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff);\
case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff);\
case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff);\
case 4: *(--(c))=(unsigned char)(((l1) )&0xff);\
case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff);\
case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff);\
case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff);\
} \
}
#undef n2l
#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \
l|=((unsigned long)(*((c)++)))<<16L, \
l|=((unsigned long)(*((c)++)))<< 8L, \
l|=((unsigned long)(*((c)++))))
#undef l2n
#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
*((c)++)=(unsigned char)(((l)>>16L)&0xff), \
*((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
*((c)++)=(unsigned char)(((l) )&0xff))
#define C_RC2(n) \
t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff; \
x0=(t<<1)|(t>>15); \

515
lib/libcrypto/rc4/asm/rc4-md5-x86_64.pl
View file

@ -1,515 +0,0 @@
#!/usr/bin/env perl
#
# ====================================================================
# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
# project. The module is, however, dual licensed under OpenSSL and
# CRYPTOGAMS licenses depending on where you obtain it. For further
# details see http://www.openssl.org/~appro/cryptogams/.
# ====================================================================
# June 2011
#
# This is RC4+MD5 "stitch" implementation. The idea, as spelled in
# http://download.intel.com/design/intarch/papers/323686.pdf, is that
# since both algorithms exhibit instruction-level parallelism, ILP,
# below theoretical maximum, interleaving them would allow to utilize
# processor resources better and achieve better performance. RC4
# instruction sequence is virtually identical to rc4-x86_64.pl, which
# is heavily based on submission by Maxim Perminov, Maxim Locktyukhin
# and Jim Guilford of Intel. MD5 is fresh implementation aiming to
# minimize register usage, which was used as "main thread" with RC4
# weaved into it, one RC4 round per one MD5 round. In addition to the
# stiched subroutine the script can generate standalone replacement
# md5_block_asm_data_order and RC4. Below are performance numbers in
# cycles per processed byte, less is better, for these the standalone
# subroutines, sum of them, and stitched one:
#
# RC4 MD5 RC4+MD5 stitch gain
# Opteron 6.5(*) 5.4 11.9 7.0 +70%(*)
# Core2 6.5 5.8 12.3 7.7 +60%
# Westmere 4.3 5.2 9.5 7.0 +36%
# Sandy Bridge 4.2 5.5 9.7 6.8 +43%
# Atom 9.3 6.5 15.8 11.1 +42%
#
# (*) rc4-x86_64.pl delivers 5.3 on Opteron, so real improvement
# is +53%...
my ($rc4,$md5)=(1,1); # what to generate?
my $D="#" if (!$md5); # if set to "#", MD5 is stitched into RC4(),
# but its result is discarded. Idea here is
# to be able to use 'openssl speed rc4' for
# benchmarking the stitched subroutine...
my $flavour = shift;
my $output = shift;
if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
$0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate;
( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
open OUT,"| \"$^X\" $xlate $flavour $output";
*STDOUT=*OUT;
my ($dat,$in0,$out,$ctx,$inp,$len, $func,$nargs);
if ($rc4 && !$md5) {
($dat,$len,$in0,$out) = ("%rdi","%rsi","%rdx","%rcx");
$func="RC4"; $nargs=4;
} elsif ($md5 && !$rc4) {
($ctx,$inp,$len) = ("%rdi","%rsi","%rdx");
$func="md5_block_asm_data_order"; $nargs=3;
} else {
($dat,$in0,$out,$ctx,$inp,$len) = ("%rdi","%rsi","%rdx","%rcx","%r8","%r9");
$func="rc4_md5_enc"; $nargs=6;
# void rc4_md5_enc(
# RC4_KEY *key, #
# const void *in0, # RC4 input
# void *out, # RC4 output
# MD5_CTX *ctx, #
# const void *inp, # MD5 input
# size_t len); # number of 64-byte blocks
}
my @K=( 0xd76aa478,0xe8c7b756,0x242070db,0xc1bdceee,
0xf57c0faf,0x4787c62a,0xa8304613,0xfd469501,
0x698098d8,0x8b44f7af,0xffff5bb1,0x895cd7be,
0x6b901122,0xfd987193,0xa679438e,0x49b40821,
0xf61e2562,0xc040b340,0x265e5a51,0xe9b6c7aa,
0xd62f105d,0x02441453,0xd8a1e681,0xe7d3fbc8,
0x21e1cde6,0xc33707d6,0xf4d50d87,0x455a14ed,
0xa9e3e905,0xfcefa3f8,0x676f02d9,0x8d2a4c8a,
0xfffa3942,0x8771f681,0x6d9d6122,0xfde5380c,
0xa4beea44,0x4bdecfa9,0xf6bb4b60,0xbebfbc70,
0x289b7ec6,0xeaa127fa,0xd4ef3085,0x04881d05,
0xd9d4d039,0xe6db99e5,0x1fa27cf8,0xc4ac5665,
0xf4292244,0x432aff97,0xab9423a7,0xfc93a039,
0x655b59c3,0x8f0ccc92,0xffeff47d,0x85845dd1,
0x6fa87e4f,0xfe2ce6e0,0xa3014314,0x4e0811a1,
0xf7537e82,0xbd3af235,0x2ad7d2bb,0xeb86d391 );
my @V=("%r8d","%r9d","%r10d","%r11d"); # MD5 registers
my $tmp="%r12d";
my @XX=("%rbp","%rsi"); # RC4 registers
my @TX=("%rax","%rbx");
my $YY="%rcx";
my $TY="%rdx";
my $MOD=32; # 16, 32 or 64
$code.=<<___;
.text
.align 16
.globl $func
.type $func,\@function,$nargs
$func:
_CET_ENDBR
cmp \$0,$len
je .Labort
push %rbx
push %rbp
push %r12
push %r13
push %r14
push %r15
sub \$40,%rsp
.Lbody:
___
if ($rc4) {
$code.=<<___;
$D#md5# mov $ctx,%r11 # reassign arguments
mov $len,%r12
mov $in0,%r13
mov $out,%r14
$D#md5# mov $inp,%r15
___
$ctx="%r11" if ($md5); # reassign arguments
$len="%r12";
$in0="%r13";
$out="%r14";
$inp="%r15" if ($md5);
$inp=$in0 if (!$md5);
$code.=<<___;
xor $XX[0],$XX[0]
xor $YY,$YY
lea 8($dat),$dat
mov -8($dat),$XX[0]#b
mov -4($dat),$YY#b
inc $XX[0]#b
sub $in0,$out
movl ($dat,$XX[0],4),$TX[0]#d
___
$code.=<<___ if (!$md5);
xor $TX[1],$TX[1]
test \$-128,$len
jz .Loop1
sub $XX[0],$TX[1]
and \$`$MOD-1`,$TX[1]
jz .Loop${MOD}_is_hot
sub $TX[1],$len
.Loop${MOD}_warmup:
add $TX[0]#b,$YY#b
movl ($dat,$YY,4),$TY#d
movl $TX[0]#d,($dat,$YY,4)
movl $TY#d,($dat,$XX[0],4)
add $TY#b,$TX[0]#b
inc $XX[0]#b
movl ($dat,$TX[0],4),$TY#d
movl ($dat,$XX[0],4),$TX[0]#d
xorb ($in0),$TY#b
movb $TY#b,($out,$in0)
lea 1($in0),$in0
dec $TX[1]
jnz .Loop${MOD}_warmup
mov $YY,$TX[1]
xor $YY,$YY
mov $TX[1]#b,$YY#b
.Loop${MOD}_is_hot:
mov $len,32(%rsp) # save original $len
shr \$6,$len # number of 64-byte blocks
___
if ($D && !$md5) { # stitch in dummy MD5
$md5=1;
$ctx="%r11";
$inp="%r15";
$code.=<<___;
mov %rsp,$ctx
mov $in0,$inp
___
}
}
$code.=<<___;
#rc4# add $TX[0]#b,$YY#b
#rc4# lea ($dat,$XX[0],4),$XX[1]
shl \$6,$len
add $inp,$len # pointer to the end of input
mov $len,16(%rsp)
#md5# mov $ctx,24(%rsp) # save pointer to MD5_CTX
#md5# mov 0*4($ctx),$V[0] # load current hash value from MD5_CTX
#md5# mov 1*4($ctx),$V[1]
#md5# mov 2*4($ctx),$V[2]
#md5# mov 3*4($ctx),$V[3]
jmp .Loop
.align 16
.Loop:
#md5# mov $V[0],0*4(%rsp) # put aside current hash value
#md5# mov $V[1],1*4(%rsp)
#md5# mov $V[2],2*4(%rsp)
#md5# mov $V[3],$tmp # forward reference
#md5# mov $V[3],3*4(%rsp)
___
sub R0 {
my ($i,$a,$b,$c,$d)=@_;
my @rot0=(7,12,17,22);
my $j=$i%16;
my $k=$i%$MOD;
my $xmm="%xmm".($j&1);
$code.=" movdqu ($in0),%xmm2\n" if ($rc4 && $j==15);
$code.=" add \$$MOD,$XX[0]#b\n" if ($rc4 && $j==15 && $k==$MOD-1);
$code.=" pxor $xmm,$xmm\n" if ($rc4 && $j<=1);
$code.=<<___;
#rc4# movl ($dat,$YY,4),$TY#d
#md5# xor $c,$tmp
#rc4# movl $TX[0]#d,($dat,$YY,4)
#md5# and $b,$tmp
#md5# add 4*`$j`($inp),$a
#rc4# add $TY#b,$TX[0]#b
#rc4# movl `4*(($k+1)%$MOD)`(`$k==$MOD-1?"$dat,$XX[0],4":"$XX[1]"`),$TX[1]#d
#md5# add \$$K[$i],$a
#md5# xor $d,$tmp
#rc4# movz $TX[0]#b,$TX[0]#d
#rc4# movl $TY#d,4*$k($XX[1])
#md5# add $tmp,$a
#rc4# add $TX[1]#b,$YY#b
#md5# rol \$$rot0[$j%4],$a
#md5# mov `$j==15?"$b":"$c"`,$tmp # forward reference
#rc4# pinsrw \$`($j>>1)&7`,($dat,$TX[0],4),$xmm\n
#md5# add $b,$a
___
$code.=<<___ if ($rc4 && $j==15 && $k==$MOD-1);
mov $YY,$XX[1]
xor $YY,$YY # keyword to partial register
mov $XX[1]#b,$YY#b
lea ($dat,$XX[0],4),$XX[1]
___
$code.=<<___ if ($rc4 && $j==15);
psllq \$8,%xmm1
pxor %xmm0,%xmm2
pxor %xmm1,%xmm2
___
}
sub R1 {
my ($i,$a,$b,$c,$d)=@_;
my @rot1=(5,9,14,20);
my $j=$i%16;
my $k=$i%$MOD;
my $xmm="%xmm".($j&1);
$code.=" movdqu 16($in0),%xmm3\n" if ($rc4 && $j==15);
$code.=" add \$$MOD,$XX[0]#b\n" if ($rc4 && $j==15 && $k==$MOD-1);
$code.=" pxor $xmm,$xmm\n" if ($rc4 && $j<=1);
$code.=<<___;
#rc4# movl ($dat,$YY,4),$TY#d
#md5# xor $b,$tmp
#rc4# movl $TX[0]#d,($dat,$YY,4)
#md5# and $d,$tmp
#md5# add 4*`((1+5*$j)%16)`($inp),$a
#rc4# add $TY#b,$TX[0]#b
#rc4# movl `4*(($k+1)%$MOD)`(`$k==$MOD-1?"$dat,$XX[0],4":"$XX[1]"`),$TX[1]#d
#md5# add \$$K[$i],$a
#md5# xor $c,$tmp
#rc4# movz $TX[0]#b,$TX[0]#d
#rc4# movl $TY#d,4*$k($XX[1])
#md5# add $tmp,$a
#rc4# add $TX[1]#b,$YY#b
#md5# rol \$$rot1[$j%4],$a
#md5# mov `$j==15?"$c":"$b"`,$tmp # forward reference
#rc4# pinsrw \$`($j>>1)&7`,($dat,$TX[0],4),$xmm\n
#md5# add $b,$a
___
$code.=<<___ if ($rc4 && $j==15 && $k==$MOD-1);
mov $YY,$XX[1]
xor $YY,$YY # keyword to partial register
mov $XX[1]#b,$YY#b
lea ($dat,$XX[0],4),$XX[1]
___
$code.=<<___ if ($rc4 && $j==15);
psllq \$8,%xmm1
pxor %xmm0,%xmm3
pxor %xmm1,%xmm3
___
}
sub R2 {
my ($i,$a,$b,$c,$d)=@_;
my @rot2=(4,11,16,23);
my $j=$i%16;
my $k=$i%$MOD;
my $xmm="%xmm".($j&1);
$code.=" movdqu 32($in0),%xmm4\n" if ($rc4 && $j==15);
$code.=" add \$$MOD,$XX[0]#b\n" if ($rc4 && $j==15 && $k==$MOD-1);
$code.=" pxor $xmm,$xmm\n" if ($rc4 && $j<=1);
$code.=<<___;
#rc4# movl ($dat,$YY,4),$TY#d
#md5# xor $c,$tmp
#rc4# movl $TX[0]#d,($dat,$YY,4)
#md5# xor $b,$tmp
#md5# add 4*`((5+3*$j)%16)`($inp),$a
#rc4# add $TY#b,$TX[0]#b
#rc4# movl `4*(($k+1)%$MOD)`(`$k==$MOD-1?"$dat,$XX[0],4":"$XX[1]"`),$TX[1]#d
#md5# add \$$K[$i],$a
#rc4# movz $TX[0]#b,$TX[0]#d
#md5# add $tmp,$a
#rc4# movl $TY#d,4*$k($XX[1])
#rc4# add $TX[1]#b,$YY#b
#md5# rol \$$rot2[$j%4],$a
#md5# mov `$j==15?"\\\$-1":"$c"`,$tmp # forward reference
#rc4# pinsrw \$`($j>>1)&7`,($dat,$TX[0],4),$xmm\n
#md5# add $b,$a
___
$code.=<<___ if ($rc4 && $j==15 && $k==$MOD-1);
mov $YY,$XX[1]
xor $YY,$YY # keyword to partial register
mov $XX[1]#b,$YY#b
lea ($dat,$XX[0],4),$XX[1]
___
$code.=<<___ if ($rc4 && $j==15);
psllq \$8,%xmm1
pxor %xmm0,%xmm4
pxor %xmm1,%xmm4
___
}
sub R3 {
my ($i,$a,$b,$c,$d)=@_;
my @rot3=(6,10,15,21);
my $j=$i%16;
my $k=$i%$MOD;
my $xmm="%xmm".($j&1);
$code.=" movdqu 48($in0),%xmm5\n" if ($rc4 && $j==15);
$code.=" add \$$MOD,$XX[0]#b\n" if ($rc4 && $j==15 && $k==$MOD-1);
$code.=" pxor $xmm,$xmm\n" if ($rc4 && $j<=1);
$code.=<<___;
#rc4# movl ($dat,$YY,4),$TY#d
#md5# xor $d,$tmp
#rc4# movl $TX[0]#d,($dat,$YY,4)
#md5# or $b,$tmp
#md5# add 4*`((7*$j)%16)`($inp),$a
#rc4# add $TY#b,$TX[0]#b
#rc4# movl `4*(($k+1)%$MOD)`(`$k==$MOD-1?"$dat,$XX[0],4":"$XX[1]"`),$TX[1]#d
#md5# add \$$K[$i],$a
#rc4# movz $TX[0]#b,$TX[0]#d
#md5# xor $c,$tmp
#rc4# movl $TY#d,4*$k($XX[1])
#md5# add $tmp,$a
#rc4# add $TX[1]#b,$YY#b
#md5# rol \$$rot3[$j%4],$a
#md5# mov \$-1,$tmp # forward reference
#rc4# pinsrw \$`($j>>1)&7`,($dat,$TX[0],4),$xmm\n
#md5# add $b,$a
___
$code.=<<___ if ($rc4 && $j==15);
mov $XX[0],$XX[1]
xor $XX[0],$XX[0] # keyword to partial register
mov $XX[1]#b,$XX[0]#b
mov $YY,$XX[1]
xor $YY,$YY # keyword to partial register
mov $XX[1]#b,$YY#b
lea ($dat,$XX[0],4),$XX[1]
psllq \$8,%xmm1
pxor %xmm0,%xmm5
pxor %xmm1,%xmm5
___
}
my $i=0;
for(;$i<16;$i++) { R0($i,@V); unshift(@V,pop(@V)); push(@TX,shift(@TX)); }
for(;$i<32;$i++) { R1($i,@V); unshift(@V,pop(@V)); push(@TX,shift(@TX)); }
for(;$i<48;$i++) { R2($i,@V); unshift(@V,pop(@V)); push(@TX,shift(@TX)); }
for(;$i<64;$i++) { R3($i,@V); unshift(@V,pop(@V)); push(@TX,shift(@TX)); }
$code.=<<___;
#md5# add 0*4(%rsp),$V[0] # accumulate hash value
#md5# add 1*4(%rsp),$V[1]
#md5# add 2*4(%rsp),$V[2]
#md5# add 3*4(%rsp),$V[3]
#rc4# movdqu %xmm2,($out,$in0) # write RC4 output
#rc4# movdqu %xmm3,16($out,$in0)
#rc4# movdqu %xmm4,32($out,$in0)
#rc4# movdqu %xmm5,48($out,$in0)
#md5# lea 64($inp),$inp
#rc4# lea 64($in0),$in0
cmp 16(%rsp),$inp # are we done?
jb .Loop
#md5# mov 24(%rsp),$len # restore pointer to MD5_CTX
#rc4# sub $TX[0]#b,$YY#b # correct $YY
#md5# mov $V[0],0*4($len) # write MD5_CTX
#md5# mov $V[1],1*4($len)
#md5# mov $V[2],2*4($len)
#md5# mov $V[3],3*4($len)
___
$code.=<<___ if ($rc4 && (!$md5 || $D));
mov 32(%rsp),$len # restore original $len
and \$63,$len # remaining bytes
jnz .Loop1
jmp .Ldone
.align 16
.Loop1:
add $TX[0]#b,$YY#b
movl ($dat,$YY,4),$TY#d
movl $TX[0]#d,($dat,$YY,4)
movl $TY#d,($dat,$XX[0],4)
add $TY#b,$TX[0]#b
inc $XX[0]#b
movl ($dat,$TX[0],4),$TY#d
movl ($dat,$XX[0],4),$TX[0]#d
xorb ($in0),$TY#b
movb $TY#b,($out,$in0)
lea 1($in0),$in0
dec $len
jnz .Loop1
.Ldone:
___
$code.=<<___;
#rc4# sub \$1,$XX[0]#b
#rc4# movl $XX[0]#d,-8($dat)
#rc4# movl $YY#d,-4($dat)
mov 40(%rsp),%r15
mov 48(%rsp),%r14
mov 56(%rsp),%r13
mov 64(%rsp),%r12
mov 72(%rsp),%rbp
mov 80(%rsp),%rbx
lea 88(%rsp),%rsp
.Lepilogue:
.Labort:
ret
.size $func,.-$func
___
if ($rc4 && $D) { # sole purpose of this section is to provide
# option to use the generated module as drop-in
# replacement for rc4-x86_64.pl for debugging
# and testing purposes...
my ($idx,$ido)=("%r8","%r9");
my ($dat,$len,$inp)=("%rdi","%rsi","%rdx");
$code.=<<___;
.globl RC4_set_key
.type RC4_set_key,\@function,3
.align 16
RC4_set_key:
_CET_ENDBR
lea 8($dat),$dat
lea ($inp,$len),$inp
neg $len
mov $len,%rcx
xor %eax,%eax
xor $ido,$ido
xor %r10,%r10
xor %r11,%r11
jmp .Lw1stloop
.align 16
.Lw1stloop:
mov %eax,($dat,%rax,4)
add \$1,%al
jnc .Lw1stloop
xor $ido,$ido
xor $idx,$idx
.align 16
.Lw2ndloop:
mov ($dat,$ido,4),%r10d
add ($inp,$len,1),$idx#b
add %r10b,$idx#b
add \$1,$len
mov ($dat,$idx,4),%r11d
cmovz %rcx,$len
mov %r10d,($dat,$idx,4)
mov %r11d,($dat,$ido,4)
add \$1,$ido#b
jnc .Lw2ndloop
xor %eax,%eax
mov %eax,-8($dat)
mov %eax,-4($dat)
ret
.size RC4_set_key,.-RC4_set_key
___
}
sub reg_part {
my ($reg,$conv)=@_;
if ($reg =~ /%r[0-9]+/) { $reg .= $conv; }
elsif ($conv eq "b") { $reg =~ s/%[er]([^x]+)x?/%$1l/; }
elsif ($conv eq "w") { $reg =~ s/%[er](.+)/%$1/; }
elsif ($conv eq "d") { $reg =~ s/%[er](.+)/%e$1/; }
return $reg;
}
$code =~ s/(%[a-z0-9]+)#([bwd])/reg_part($1,$2)/gem;
$code =~ s/\`([^\`]*)\`/eval $1/gem;
$code =~ s/pinsrw\s+\$0,/movd /gm;
$code =~ s/#md5#//gm if ($md5);
$code =~ s/#rc4#//gm if ($rc4);
print $code;
close STDOUT;

294
lib/libcrypto/rc4/asm/rc4-parisc.pl
View file

@ -1,294 +0,0 @@
#!/usr/bin/env perl
# ====================================================================
# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
# project. The module is, however, dual licensed under OpenSSL and
# CRYPTOGAMS licenses depending on where you obtain it. For further
# details see http://www.openssl.org/~appro/cryptogams/.
# ====================================================================
# RC4 for PA-RISC.
# June 2009.
#
# Performance is 33% better than gcc 3.2 generated code on PA-7100LC.
# For reference, [4x] unrolled loop is >40% faster than folded one.
# It's possible to unroll loop 8 times on PA-RISC 2.0, but improvement
# is believed to be not sufficient to justify the effort...
#
# Special thanks to polarhome.com for providing HP-UX account.
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
$flavour = shift;
$output = shift;
open STDOUT,">$output";
if ($flavour =~ /64/) {
$LEVEL ="2.0W";
$SIZE_T =8;
$FRAME_MARKER =80;
$SAVED_RP =16;
$PUSH ="std";
$PUSHMA ="std,ma";
$POP ="ldd";
$POPMB ="ldd,mb";
} else {
$LEVEL ="1.0";
$SIZE_T =4;
$FRAME_MARKER =48;
$SAVED_RP =20;
$PUSH ="stw";
$PUSHMA ="stwm";
$POP ="ldw";
$POPMB ="ldwm";
}
$FRAME=4*$SIZE_T+$FRAME_MARKER; # 4 saved regs + frame marker
# [+ argument transfer]
$SZ=1; # defaults to RC4_CHAR
if (open CONF,"<${dir}../../opensslconf.h") {
while(<CONF>) {
if (m/#\s*define\s+RC4_INT\s+(.*)/) {
$SZ = ($1=~/char$/) ? 1 : 4;
last;
}
}
close CONF;
}
if ($SZ==1) { # RC4_CHAR
$LD="ldb";
$LDX="ldbx";
$MKX="addl";
$ST="stb";
} else { # RC4_INT (~5% faster than RC4_CHAR on PA-7100LC)
$LD="ldw";
$LDX="ldwx,s";
$MKX="sh2addl";
$ST="stw";
}
$key="%r26";
$len="%r25";
$inp="%r24";
$out="%r23";
@XX=("%r19","%r20");
@TX=("%r21","%r22");
$YY="%r28";
$TY="%r29";
$acc="%r1";
$ix="%r2";
$iy="%r3";
$dat0="%r4";
$dat1="%r5";
$rem="%r6";
$mask="%r31";
sub unrolledloopbody {
for ($i=0;$i<4;$i++) {
$code.=<<___;
ldo 1($XX[0]),$XX[1]
`sprintf("$LDX %$TY(%$key),%$dat1") if ($i>0)`
and $mask,$XX[1],$XX[1]
$LDX $YY($key),$TY
$MKX $YY,$key,$ix
$LDX $XX[1]($key),$TX[1]
$MKX $XX[0],$key,$iy
$ST $TX[0],0($ix)
comclr,<> $XX[1],$YY,%r0 ; conditional
copy $TX[0],$TX[1] ; move
`sprintf("%sdep %$dat1,%d,8,%$acc",$i==1?"z":"",8*($i-1)+7) if ($i>0)`
$ST $TY,0($iy)
addl $TX[0],$TY,$TY
addl $TX[1],$YY,$YY
and $mask,$TY,$TY
and $mask,$YY,$YY
___
push(@TX,shift(@TX)); push(@XX,shift(@XX)); # "rotate" registers
} }
sub foldedloop {
my ($label,$count)=@_;
$code.=<<___;
$label
$MKX $YY,$key,$iy
$LDX $YY($key),$TY
$MKX $XX[0],$key,$ix
$ST $TX[0],0($iy)
ldo 1($XX[0]),$XX[0]
$ST $TY,0($ix)
addl $TX[0],$TY,$TY
ldbx $inp($out),$dat1
and $mask,$TY,$TY
and $mask,$XX[0],$XX[0]
$LDX $TY($key),$acc
$LDX $XX[0]($key),$TX[0]
ldo 1($out),$out
xor $dat1,$acc,$acc
addl $TX[0],$YY,$YY
stb $acc,-1($out)
addib,<> -1,$count,$label ; $count is always small
and $mask,$YY,$YY
___
}
$code=<<___;
.LEVEL $LEVEL
.text
.EXPORT RC4,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR
RC4
.PROC
.CALLINFO FRAME=`$FRAME-4*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=6
.ENTRY
$PUSH %r2,-$SAVED_RP(%sp) ; standard prologue
$PUSHMA %r3,$FRAME(%sp)
$PUSH %r4,`-$FRAME+1*$SIZE_T`(%sp)
$PUSH %r5,`-$FRAME+2*$SIZE_T`(%sp)
$PUSH %r6,`-$FRAME+3*$SIZE_T`(%sp)
cmpib,*= 0,$len,L\$abort
sub $inp,$out,$inp ; distance between $inp and $out
$LD `0*$SZ`($key),$XX[0]
$LD `1*$SZ`($key),$YY
ldo `2*$SZ`($key),$key
ldi 0xff,$mask
ldi 3,$dat0
ldo 1($XX[0]),$XX[0] ; warm up loop
and $mask,$XX[0],$XX[0]
$LDX $XX[0]($key),$TX[0]
addl $TX[0],$YY,$YY
cmpib,*>>= 6,$len,L\$oop1 ; is $len large enough to bother?
and $mask,$YY,$YY
and,<> $out,$dat0,$rem ; is $out aligned?
b L\$alignedout
subi 4,$rem,$rem
sub $len,$rem,$len
___
&foldedloop("L\$alignout",$rem); # process till $out is aligned
$code.=<<___;
L\$alignedout ; $len is at least 4 here
and,<> $inp,$dat0,$acc ; is $inp aligned?
b L\$oop4
sub $inp,$acc,$rem ; align $inp
sh3addl $acc,%r0,$acc
subi 32,$acc,$acc
mtctl $acc,%cr11 ; load %sar with vshd align factor
ldwx $rem($out),$dat0
ldo 4($rem),$rem
L\$oop4misalignedinp
___
&unrolledloopbody();
$code.=<<___;
$LDX $TY($key),$ix
ldwx $rem($out),$dat1
ldo -4($len),$len
or $ix,$acc,$acc ; last piece, no need to dep
vshd $dat0,$dat1,$iy ; align data
copy $dat1,$dat0
xor $iy,$acc,$acc
stw $acc,0($out)
cmpib,*<< 3,$len,L\$oop4misalignedinp
ldo 4($out),$out
cmpib,*= 0,$len,L\$done
nop
b L\$oop1
nop
.ALIGN 8
L\$oop4
___
&unrolledloopbody();
$code.=<<___;
$LDX $TY($key),$ix
ldwx $inp($out),$dat0
ldo -4($len),$len
or $ix,$acc,$acc ; last piece, no need to dep
xor $dat0,$acc,$acc
stw $acc,0($out)
cmpib,*<< 3,$len,L\$oop4
ldo 4($out),$out
cmpib,*= 0,$len,L\$done
nop
___
&foldedloop("L\$oop1",$len);
$code.=<<___;
L\$done
$POP `-$FRAME-$SAVED_RP`(%sp),%r2
ldo -1($XX[0]),$XX[0] ; chill out loop
sub $YY,$TX[0],$YY
and $mask,$XX[0],$XX[0]
and $mask,$YY,$YY
$ST $XX[0],`-2*$SZ`($key)
$ST $YY,`-1*$SZ`($key)
$POP `-$FRAME+1*$SIZE_T`(%sp),%r4
$POP `-$FRAME+2*$SIZE_T`(%sp),%r5
$POP `-$FRAME+3*$SIZE_T`(%sp),%r6
L\$abort
bv (%r2)
.EXIT
$POPMB -$FRAME(%sp),%r3
.PROCEND
___
$code.=<<___;
.EXPORT RC4_set_key,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR
.ALIGN 8
RC4_set_key
.PROC
.CALLINFO NO_CALLS
.ENTRY
$ST %r0,`0*$SZ`($key)
$ST %r0,`1*$SZ`($key)
ldo `2*$SZ`($key),$key
copy %r0,@XX[0]
L\$1st
$ST @XX[0],0($key)
ldo 1(@XX[0]),@XX[0]
bb,>= @XX[0],`31-8`,L\$1st ; @XX[0]<256
ldo $SZ($key),$key
ldo `-256*$SZ`($key),$key ; rewind $key
addl $len,$inp,$inp ; $inp to point at the end
sub %r0,$len,%r23 ; inverse index
copy %r0,@XX[0]
copy %r0,@XX[1]
ldi 0xff,$mask
L\$2nd
$LDX @XX[0]($key),@TX[0]
ldbx %r23($inp),@TX[1]
addi,nuv 1,%r23,%r23 ; increment and conditional
sub %r0,$len,%r23 ; inverse index
addl @TX[0],@XX[1],@XX[1]
addl @TX[1],@XX[1],@XX[1]
and $mask,@XX[1],@XX[1]
$MKX @XX[0],$key,$TY
$LDX @XX[1]($key),@TX[1]
$MKX @XX[1],$key,$YY
ldo 1(@XX[0]),@XX[0]
$ST @TX[0],0($YY)
bb,>= @XX[0],`31-8`,L\$2nd ; @XX[0]<256
$ST @TX[1],0($TY)
bv,n (%r2)
.EXIT
nop
.PROCEND
___
$code =~ s/\`([^\`]*)\`/eval $1/gem;
$code =~ s/cmpib,\*/comib,/gm if ($SIZE_T==4);
$code =~ s/\bbv\b/bve/gm if ($SIZE_T==8);
print $code;
close STDOUT;

591
lib/libcrypto/ripemd/asm/rmd-586.pl
View file

@ -1,591 +0,0 @@
#!/usr/local/bin/perl
# Normal is the
# ripemd160_block_asm_data_order(RIPEMD160_CTX *c, ULONG *X,int blocks);
$normal=0;
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
push(@INC,"${dir}","${dir}../../perlasm");
require "x86asm.pl";
&asm_init($ARGV[0],$0);
$A="ecx";
$B="esi";
$C="edi";
$D="ebx";
$E="ebp";
$tmp1="eax";
$tmp2="edx";
$KL1=0x5A827999;
$KL2=0x6ED9EBA1;
$KL3=0x8F1BBCDC;
$KL4=0xA953FD4E;
$KR0=0x50A28BE6;
$KR1=0x5C4DD124;
$KR2=0x6D703EF3;
$KR3=0x7A6D76E9;
@wl=( 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,10,11,12,13,14,15,
7, 4,13, 1,10, 6,15, 3,12, 0, 9, 5, 2,14,11, 8,
3,10,14, 4, 9,15, 8, 1, 2, 7, 0, 6,13,11, 5,12,
1, 9,11,10, 0, 8,12, 4,13, 3, 7,15,14, 5, 6, 2,
4, 0, 5, 9, 7,12, 2,10,14, 1, 3, 8,11, 6,15,13,
);
@wr=( 5,14, 7, 0, 9, 2,11, 4,13, 6,15, 8, 1,10, 3,12,
6,11, 3, 7, 0,13, 5,10,14,15, 8,12, 4, 9, 1, 2,
15, 5, 1, 3, 7,14, 6, 9,11, 8,12, 2,10, 0, 4,13,
8, 6, 4, 1, 3,11,15, 0, 5,12, 2,13, 9, 7,10,14,
12,15,10, 4, 1, 5, 8, 7, 6, 2,13,14, 0, 3, 9,11,
);
@sl=( 11,14,15,12, 5, 8, 7, 9,11,13,14,15, 6, 7, 9, 8,
7, 6, 8,13,11, 9, 7,15, 7,12,15, 9,11, 7,13,12,
11,13, 6, 7,14, 9,13,15,14, 8,13, 6, 5,12, 7, 5,
11,12,14,15,14,15, 9, 8, 9,14, 5, 6, 8, 6, 5,12,
9,15, 5,11, 6, 8,13,12, 5,12,13,14,11, 8, 5, 6,
);
@sr=( 8, 9, 9,11,13,15,15, 5, 7, 7, 8,11,14,14,12, 6,
9,13,15, 7,12, 8, 9,11, 7, 7,12, 7, 6,15,13,11,
9, 7,15,11, 8, 6, 6,14,12,13, 5,14,13,13, 7, 5,
15, 5, 8,11,14,14, 6,14, 6, 9,12, 9,12, 5,15, 8,
8, 5,12, 9,12, 5,14, 6, 8,13, 6, 5,15,13,11,11,
);
&ripemd160_block("ripemd160_block_asm_data_order");
&asm_finish();
sub Xv
{
local($n)=@_;
return(&swtmp($n));
# tmp on stack
}
sub Np
{
local($p)=@_;
local(%n)=($A,$E,$B,$A,$C,$B,$D,$C,$E,$D);
return($n{$p});
}
sub RIP1
{
local($a,$b,$c,$d,$e,$pos,$s,$o,$pos2)=@_;
&comment($p++);
if ($p & 1)
{
#&mov($tmp1, $c) if $o == -1;
&xor($tmp1, $d) if $o == -1;
&mov($tmp2, &Xv($pos));
&xor($tmp1, $b);
&add($a, $tmp2);
&rotl($c, 10);
&add($a, $tmp1);
&mov($tmp1, &Np($c)); # NEXT
# XXX
&rotl($a, $s);
&add($a, $e);
}
else
{
&xor($tmp1, $d);
&mov($tmp2, &Xv($pos));
&xor($tmp1, $b);
&add($a, $tmp1);
&mov($tmp1, &Np($c)) if $o <= 0;
&mov($tmp1, -1) if $o == 1;
# XXX if $o == 2;
&rotl($c, 10);
&add($a, $tmp2);
&xor($tmp1, &Np($d)) if $o <= 0;
&mov($tmp2, &Xv($pos2)) if $o == 1;
&mov($tmp2, &wparam(0)) if $o == 2;
&rotl($a, $s);
&add($a, $e);
}
}
sub RIP2
{
local($a,$b,$c,$d,$e,$pos,$pos2,$s,$K,$o)=@_;
# XXXXXX
&comment($p++);
if ($p & 1)
{
# &mov($tmp2, &Xv($pos)) if $o < -1;
# &mov($tmp1, -1) if $o < -1;
&add($a, $tmp2);
&mov($tmp2, $c);
&sub($tmp1, $b);
&and($tmp2, $b);
&and($tmp1, $d);
&or($tmp2, $tmp1);
&mov($tmp1, &Xv($pos2)) if $o <= 0; # XXXXXXXXXXXXXX
# XXX
&rotl($c, 10);
&lea($a, &DWP($K,$a,$tmp2,1));
&mov($tmp2, -1) if $o <= 0;
# XXX
&rotl($a, $s);
&add($a, $e);
}
else
{
# XXX
&add($a, $tmp1);
&mov($tmp1, $c);
&sub($tmp2, $b);
&and($tmp1, $b);
&and($tmp2, $d);
if ($o != 2)
{
&or($tmp1, $tmp2);
&mov($tmp2, &Xv($pos2)) if $o <= 0;
&mov($tmp2, -1) if $o == 1;
&rotl($c, 10);
&lea($a, &DWP($K,$a,$tmp1,1));
&mov($tmp1, -1) if $o <= 0;
&sub($tmp2, &Np($c)) if $o == 1;
} else {
&or($tmp2, $tmp1);
&mov($tmp1, &Np($c));
&rotl($c, 10);
&lea($a, &DWP($K,$a,$tmp2,1));
&xor($tmp1, &Np($d));
}
&rotl($a, $s);
&add($a, $e);
}
}
sub RIP3
{
local($a,$b,$c,$d,$e,$pos,$s,$K,$o,$pos2)=@_;
&comment($p++);
if ($p & 1)
{
# &mov($tmp2, -1) if $o < -1;
# &sub($tmp2, $c) if $o < -1;
&mov($tmp1, &Xv($pos));
&or($tmp2, $b);
&add($a, $tmp1);
&xor($tmp2, $d);
&mov($tmp1, -1) if $o <= 0; # NEXT
# XXX
&rotl($c, 10);
&lea($a, &DWP($K,$a,$tmp2,1));
&sub($tmp1, &Np($c)) if $o <= 0; # NEXT
# XXX
&rotl($a, $s);
&add($a, $e);
}
else
{
&mov($tmp2, &Xv($pos));
&or($tmp1, $b);
&add($a, $tmp2);
&xor($tmp1, $d);
&mov($tmp2, -1) if $o <= 0; # NEXT
&mov($tmp2, -1) if $o == 1;
&mov($tmp2, &Xv($pos2)) if $o == 2;
&rotl($c, 10);
&lea($a, &DWP($K,$a,$tmp1,1));
&sub($tmp2, &Np($c)) if $o <= 0; # NEXT
&mov($tmp1, &Np($d)) if $o == 1;
&mov($tmp1, -1) if $o == 2;
&rotl($a, $s);
&add($a, $e);
}
}
sub RIP4
{
local($a,$b,$c,$d,$e,$pos,$s,$K,$o)=@_;
&comment($p++);
if ($p & 1)
{
# &mov($tmp2, -1) if $o == -2;
# &mov($tmp1, $d) if $o == -2;
&sub($tmp2, $d);
&and($tmp1, $b);
&and($tmp2, $c);
&or($tmp2, $tmp1);
&mov($tmp1, &Xv($pos));
&rotl($c, 10);
&lea($a, &DWP($K,$a,$tmp2));
&mov($tmp2, -1) unless $o > 0; # NEXT
# XXX
&add($a, $tmp1);
&mov($tmp1, &Np($d)) unless $o > 0; # NEXT
# XXX
&rotl($a, $s);
&add($a, $e);
}
else
{
&sub($tmp2, $d);
&and($tmp1, $b);
&and($tmp2, $c);
&or($tmp2, $tmp1);
&mov($tmp1, &Xv($pos));
&rotl($c, 10);
&lea($a, &DWP($K,$a,$tmp2));
&mov($tmp2, -1) if $o == 0; # NEXT
&mov($tmp2, -1) if $o == 1;
&mov($tmp2, -1) if $o == 2;
# XXX
&add($a, $tmp1);
&mov($tmp1, &Np($d)) if $o == 0; # NEXT
&sub($tmp2, &Np($d)) if $o == 1;
&sub($tmp2, &Np($c)) if $o == 2;
# XXX
&rotl($a, $s);
&add($a, $e);
}
}
sub RIP5
{
local($a,$b,$c,$d,$e,$pos,$s,$K,$o)=@_;
&comment($p++);
if ($p & 1)
{
&mov($tmp2, -1) if $o == -2;
&sub($tmp2, $d) if $o == -2;
&mov($tmp1, &Xv($pos));
&or($tmp2, $c);
&add($a, $tmp1);
&xor($tmp2, $b);
&mov($tmp1, -1) if $o <= 0;
# XXX
&rotl($c, 10);
&lea($a, &DWP($K,$a,$tmp2,1));
&sub($tmp1, &Np($d)) if $o <= 0;
# XXX
&rotl($a, $s);
&add($a, $e);
}
else
{
&mov($tmp2, &Xv($pos));
&or($tmp1, $c);
&add($a, $tmp2);
&xor($tmp1, $b);
&mov($tmp2, -1) if $o <= 0;
&mov($tmp2, &wparam(0)) if $o == 1; # Middle code
&mov($tmp2, -1) if $o == 2;
&rotl($c, 10);
&lea($a, &DWP($K,$a,$tmp1,1));
&sub($tmp2, &Np($d)) if $o <= 0;
&mov(&swtmp(16), $A) if $o == 1;
&mov($tmp1, &Np($d)) if $o == 2;
&rotl($a, $s);
&add($a, $e);
}
}
sub ripemd160_block
{
local($name)=@_;
&function_begin_B($name,"",3);
# parameter 1 is the RIPEMD160_CTX structure.
# A 0
# B 4
# C 8
# D 12
# E 16
&mov($tmp2, &wparam(0));
&mov($tmp1, &wparam(1));
&push("esi");
&mov($A, &DWP( 0,$tmp2,"",0));
&push("edi");
&mov($B, &DWP( 4,$tmp2,"",0));
&push("ebp");
&mov($C, &DWP( 8,$tmp2,"",0));
&push("ebx");
&stack_push(16+5+6);
# Special comment about the figure of 6.
# Idea is to pad the current frame so
# that the top of the stack gets fairly
# aligned. Well, as you realize it would
# always depend on how the frame below is
# aligned. The good news are that gcc-2.95
# and later does keep first argument at
# least double-wise aligned.
# <appro@fy.chalmers.se>
&set_label("start") unless $normal;
&comment("");
# &mov($tmp1, &wparam(1)); # Done at end of loop
# &mov($tmp2, &wparam(0)); # Done at end of loop
for ($z=0; $z<16; $z+=2)
{
&mov($D, &DWP( $z*4,$tmp1,"",0));
&mov($E, &DWP( ($z+1)*4,$tmp1,"",0));
&mov(&swtmp($z), $D);
&mov(&swtmp($z+1), $E);
}
&mov($tmp1, $C);
&mov($D, &DWP(12,$tmp2,"",0));
&mov($E, &DWP(16,$tmp2,"",0));
&RIP1($A,$B,$C,$D,$E,$wl[ 0],$sl[ 0],-1);
&RIP1($E,$A,$B,$C,$D,$wl[ 1],$sl[ 1],0);
&RIP1($D,$E,$A,$B,$C,$wl[ 2],$sl[ 2],0);
&RIP1($C,$D,$E,$A,$B,$wl[ 3],$sl[ 3],0);
&RIP1($B,$C,$D,$E,$A,$wl[ 4],$sl[ 4],0);
&RIP1($A,$B,$C,$D,$E,$wl[ 5],$sl[ 5],0);
&RIP1($E,$A,$B,$C,$D,$wl[ 6],$sl[ 6],0);
&RIP1($D,$E,$A,$B,$C,$wl[ 7],$sl[ 7],0);
&RIP1($C,$D,$E,$A,$B,$wl[ 8],$sl[ 8],0);
&RIP1($B,$C,$D,$E,$A,$wl[ 9],$sl[ 9],0);
&RIP1($A,$B,$C,$D,$E,$wl[10],$sl[10],0);
&RIP1($E,$A,$B,$C,$D,$wl[11],$sl[11],0);
&RIP1($D,$E,$A,$B,$C,$wl[12],$sl[12],0);
&RIP1($C,$D,$E,$A,$B,$wl[13],$sl[13],0);
&RIP1($B,$C,$D,$E,$A,$wl[14],$sl[14],0);
&RIP1($A,$B,$C,$D,$E,$wl[15],$sl[15],1,$wl[16]);
&RIP2($E,$A,$B,$C,$D,$wl[16],$wl[17],$sl[16],$KL1,-1);
&RIP2($D,$E,$A,$B,$C,$wl[17],$wl[18],$sl[17],$KL1,0);
&RIP2($C,$D,$E,$A,$B,$wl[18],$wl[19],$sl[18],$KL1,0);
&RIP2($B,$C,$D,$E,$A,$wl[19],$wl[20],$sl[19],$KL1,0);
&RIP2($A,$B,$C,$D,$E,$wl[20],$wl[21],$sl[20],$KL1,0);
&RIP2($E,$A,$B,$C,$D,$wl[21],$wl[22],$sl[21],$KL1,0);
&RIP2($D,$E,$A,$B,$C,$wl[22],$wl[23],$sl[22],$KL1,0);
&RIP2($C,$D,$E,$A,$B,$wl[23],$wl[24],$sl[23],$KL1,0);
&RIP2($B,$C,$D,$E,$A,$wl[24],$wl[25],$sl[24],$KL1,0);
&RIP2($A,$B,$C,$D,$E,$wl[25],$wl[26],$sl[25],$KL1,0);
&RIP2($E,$A,$B,$C,$D,$wl[26],$wl[27],$sl[26],$KL1,0);
&RIP2($D,$E,$A,$B,$C,$wl[27],$wl[28],$sl[27],$KL1,0);
&RIP2($C,$D,$E,$A,$B,$wl[28],$wl[29],$sl[28],$KL1,0);
&RIP2($B,$C,$D,$E,$A,$wl[29],$wl[30],$sl[29],$KL1,0);
&RIP2($A,$B,$C,$D,$E,$wl[30],$wl[31],$sl[30],$KL1,0);
&RIP2($E,$A,$B,$C,$D,$wl[31],$wl[32],$sl[31],$KL1,1);
&RIP3($D,$E,$A,$B,$C,$wl[32],$sl[32],$KL2,-1);
&RIP3($C,$D,$E,$A,$B,$wl[33],$sl[33],$KL2,0);
&RIP3($B,$C,$D,$E,$A,$wl[34],$sl[34],$KL2,0);
&RIP3($A,$B,$C,$D,$E,$wl[35],$sl[35],$KL2,0);
&RIP3($E,$A,$B,$C,$D,$wl[36],$sl[36],$KL2,0);
&RIP3($D,$E,$A,$B,$C,$wl[37],$sl[37],$KL2,0);
&RIP3($C,$D,$E,$A,$B,$wl[38],$sl[38],$KL2,0);
&RIP3($B,$C,$D,$E,$A,$wl[39],$sl[39],$KL2,0);
&RIP3($A,$B,$C,$D,$E,$wl[40],$sl[40],$KL2,0);
&RIP3($E,$A,$B,$C,$D,$wl[41],$sl[41],$KL2,0);
&RIP3($D,$E,$A,$B,$C,$wl[42],$sl[42],$KL2,0);
&RIP3($C,$D,$E,$A,$B,$wl[43],$sl[43],$KL2,0);
&RIP3($B,$C,$D,$E,$A,$wl[44],$sl[44],$KL2,0);
&RIP3($A,$B,$C,$D,$E,$wl[45],$sl[45],$KL2,0);
&RIP3($E,$A,$B,$C,$D,$wl[46],$sl[46],$KL2,0);
&RIP3($D,$E,$A,$B,$C,$wl[47],$sl[47],$KL2,1);
&RIP4($C,$D,$E,$A,$B,$wl[48],$sl[48],$KL3,-1);
&RIP4($B,$C,$D,$E,$A,$wl[49],$sl[49],$KL3,0);
&RIP4($A,$B,$C,$D,$E,$wl[50],$sl[50],$KL3,0);
&RIP4($E,$A,$B,$C,$D,$wl[51],$sl[51],$KL3,0);
&RIP4($D,$E,$A,$B,$C,$wl[52],$sl[52],$KL3,0);
&RIP4($C,$D,$E,$A,$B,$wl[53],$sl[53],$KL3,0);
&RIP4($B,$C,$D,$E,$A,$wl[54],$sl[54],$KL3,0);
&RIP4($A,$B,$C,$D,$E,$wl[55],$sl[55],$KL3,0);
&RIP4($E,$A,$B,$C,$D,$wl[56],$sl[56],$KL3,0);
&RIP4($D,$E,$A,$B,$C,$wl[57],$sl[57],$KL3,0);
&RIP4($C,$D,$E,$A,$B,$wl[58],$sl[58],$KL3,0);
&RIP4($B,$C,$D,$E,$A,$wl[59],$sl[59],$KL3,0);
&RIP4($A,$B,$C,$D,$E,$wl[60],$sl[60],$KL3,0);
&RIP4($E,$A,$B,$C,$D,$wl[61],$sl[61],$KL3,0);
&RIP4($D,$E,$A,$B,$C,$wl[62],$sl[62],$KL3,0);
&RIP4($C,$D,$E,$A,$B,$wl[63],$sl[63],$KL3,1);
&RIP5($B,$C,$D,$E,$A,$wl[64],$sl[64],$KL4,-1);
&RIP5($A,$B,$C,$D,$E,$wl[65],$sl[65],$KL4,0);
&RIP5($E,$A,$B,$C,$D,$wl[66],$sl[66],$KL4,0);
&RIP5($D,$E,$A,$B,$C,$wl[67],$sl[67],$KL4,0);
&RIP5($C,$D,$E,$A,$B,$wl[68],$sl[68],$KL4,0);
&RIP5($B,$C,$D,$E,$A,$wl[69],$sl[69],$KL4,0);
&RIP5($A,$B,$C,$D,$E,$wl[70],$sl[70],$KL4,0);
&RIP5($E,$A,$B,$C,$D,$wl[71],$sl[71],$KL4,0);
&RIP5($D,$E,$A,$B,$C,$wl[72],$sl[72],$KL4,0);
&RIP5($C,$D,$E,$A,$B,$wl[73],$sl[73],$KL4,0);
&RIP5($B,$C,$D,$E,$A,$wl[74],$sl[74],$KL4,0);
&RIP5($A,$B,$C,$D,$E,$wl[75],$sl[75],$KL4,0);
&RIP5($E,$A,$B,$C,$D,$wl[76],$sl[76],$KL4,0);
&RIP5($D,$E,$A,$B,$C,$wl[77],$sl[77],$KL4,0);
&RIP5($C,$D,$E,$A,$B,$wl[78],$sl[78],$KL4,0);
&RIP5($B,$C,$D,$E,$A,$wl[79],$sl[79],$KL4,1);
# &mov($tmp2, &wparam(0)); # moved into last RIP5
# &mov(&swtmp(16), $A);
&mov($A, &DWP( 0,$tmp2,"",0));
&mov(&swtmp(16+1), $B);
&mov(&swtmp(16+2), $C);
&mov($B, &DWP( 4,$tmp2,"",0));
&mov(&swtmp(16+3), $D);
&mov($C, &DWP( 8,$tmp2,"",0));
&mov(&swtmp(16+4), $E);
&mov($D, &DWP(12,$tmp2,"",0));
&mov($E, &DWP(16,$tmp2,"",0));
&RIP5($A,$B,$C,$D,$E,$wr[ 0],$sr[ 0],$KR0,-2);
&RIP5($E,$A,$B,$C,$D,$wr[ 1],$sr[ 1],$KR0,0);
&RIP5($D,$E,$A,$B,$C,$wr[ 2],$sr[ 2],$KR0,0);
&RIP5($C,$D,$E,$A,$B,$wr[ 3],$sr[ 3],$KR0,0);
&RIP5($B,$C,$D,$E,$A,$wr[ 4],$sr[ 4],$KR0,0);
&RIP5($A,$B,$C,$D,$E,$wr[ 5],$sr[ 5],$KR0,0);
&RIP5($E,$A,$B,$C,$D,$wr[ 6],$sr[ 6],$KR0,0);
&RIP5($D,$E,$A,$B,$C,$wr[ 7],$sr[ 7],$KR0,0);
&RIP5($C,$D,$E,$A,$B,$wr[ 8],$sr[ 8],$KR0,0);
&RIP5($B,$C,$D,$E,$A,$wr[ 9],$sr[ 9],$KR0,0);
&RIP5($A,$B,$C,$D,$E,$wr[10],$sr[10],$KR0,0);
&RIP5($E,$A,$B,$C,$D,$wr[11],$sr[11],$KR0,0);
&RIP5($D,$E,$A,$B,$C,$wr[12],$sr[12],$KR0,0);
&RIP5($C,$D,$E,$A,$B,$wr[13],$sr[13],$KR0,0);
&RIP5($B,$C,$D,$E,$A,$wr[14],$sr[14],$KR0,0);
&RIP5($A,$B,$C,$D,$E,$wr[15],$sr[15],$KR0,2);
&RIP4($E,$A,$B,$C,$D,$wr[16],$sr[16],$KR1,-2);
&RIP4($D,$E,$A,$B,$C,$wr[17],$sr[17],$KR1,0);
&RIP4($C,$D,$E,$A,$B,$wr[18],$sr[18],$KR1,0);
&RIP4($B,$C,$D,$E,$A,$wr[19],$sr[19],$KR1,0);
&RIP4($A,$B,$C,$D,$E,$wr[20],$sr[20],$KR1,0);
&RIP4($E,$A,$B,$C,$D,$wr[21],$sr[21],$KR1,0);
&RIP4($D,$E,$A,$B,$C,$wr[22],$sr[22],$KR1,0);
&RIP4($C,$D,$E,$A,$B,$wr[23],$sr[23],$KR1,0);
&RIP4($B,$C,$D,$E,$A,$wr[24],$sr[24],$KR1,0);
&RIP4($A,$B,$C,$D,$E,$wr[25],$sr[25],$KR1,0);
&RIP4($E,$A,$B,$C,$D,$wr[26],$sr[26],$KR1,0);
&RIP4($D,$E,$A,$B,$C,$wr[27],$sr[27],$KR1,0);
&RIP4($C,$D,$E,$A,$B,$wr[28],$sr[28],$KR1,0);
&RIP4($B,$C,$D,$E,$A,$wr[29],$sr[29],$KR1,0);
&RIP4($A,$B,$C,$D,$E,$wr[30],$sr[30],$KR1,0);
&RIP4($E,$A,$B,$C,$D,$wr[31],$sr[31],$KR1,2);
&RIP3($D,$E,$A,$B,$C,$wr[32],$sr[32],$KR2,-2);
&RIP3($C,$D,$E,$A,$B,$wr[33],$sr[33],$KR2,0);
&RIP3($B,$C,$D,$E,$A,$wr[34],$sr[34],$KR2,0);
&RIP3($A,$B,$C,$D,$E,$wr[35],$sr[35],$KR2,0);
&RIP3($E,$A,$B,$C,$D,$wr[36],$sr[36],$KR2,0);
&RIP3($D,$E,$A,$B,$C,$wr[37],$sr[37],$KR2,0);
&RIP3($C,$D,$E,$A,$B,$wr[38],$sr[38],$KR2,0);
&RIP3($B,$C,$D,$E,$A,$wr[39],$sr[39],$KR2,0);
&RIP3($A,$B,$C,$D,$E,$wr[40],$sr[40],$KR2,0);
&RIP3($E,$A,$B,$C,$D,$wr[41],$sr[41],$KR2,0);
&RIP3($D,$E,$A,$B,$C,$wr[42],$sr[42],$KR2,0);
&RIP3($C,$D,$E,$A,$B,$wr[43],$sr[43],$KR2,0);
&RIP3($B,$C,$D,$E,$A,$wr[44],$sr[44],$KR2,0);
&RIP3($A,$B,$C,$D,$E,$wr[45],$sr[45],$KR2,0);
&RIP3($E,$A,$B,$C,$D,$wr[46],$sr[46],$KR2,0);
&RIP3($D,$E,$A,$B,$C,$wr[47],$sr[47],$KR2,2,$wr[48]);
&RIP2($C,$D,$E,$A,$B,$wr[48],$wr[49],$sr[48],$KR3,-2);
&RIP2($B,$C,$D,$E,$A,$wr[49],$wr[50],$sr[49],$KR3,0);
&RIP2($A,$B,$C,$D,$E,$wr[50],$wr[51],$sr[50],$KR3,0);
&RIP2($E,$A,$B,$C,$D,$wr[51],$wr[52],$sr[51],$KR3,0);
&RIP2($D,$E,$A,$B,$C,$wr[52],$wr[53],$sr[52],$KR3,0);
&RIP2($C,$D,$E,$A,$B,$wr[53],$wr[54],$sr[53],$KR3,0);
&RIP2($B,$C,$D,$E,$A,$wr[54],$wr[55],$sr[54],$KR3,0);
&RIP2($A,$B,$C,$D,$E,$wr[55],$wr[56],$sr[55],$KR3,0);
&RIP2($E,$A,$B,$C,$D,$wr[56],$wr[57],$sr[56],$KR3,0);
&RIP2($D,$E,$A,$B,$C,$wr[57],$wr[58],$sr[57],$KR3,0);
&RIP2($C,$D,$E,$A,$B,$wr[58],$wr[59],$sr[58],$KR3,0);
&RIP2($B,$C,$D,$E,$A,$wr[59],$wr[60],$sr[59],$KR3,0);
&RIP2($A,$B,$C,$D,$E,$wr[60],$wr[61],$sr[60],$KR3,0);
&RIP2($E,$A,$B,$C,$D,$wr[61],$wr[62],$sr[61],$KR3,0);
&RIP2($D,$E,$A,$B,$C,$wr[62],$wr[63],$sr[62],$KR3,0);
&RIP2($C,$D,$E,$A,$B,$wr[63],$wr[64],$sr[63],$KR3,2);
&RIP1($B,$C,$D,$E,$A,$wr[64],$sr[64],-2);
&RIP1($A,$B,$C,$D,$E,$wr[65],$sr[65],0);
&RIP1($E,$A,$B,$C,$D,$wr[66],$sr[66],0);
&RIP1($D,$E,$A,$B,$C,$wr[67],$sr[67],0);
&RIP1($C,$D,$E,$A,$B,$wr[68],$sr[68],0);
&RIP1($B,$C,$D,$E,$A,$wr[69],$sr[69],0);
&RIP1($A,$B,$C,$D,$E,$wr[70],$sr[70],0);
&RIP1($E,$A,$B,$C,$D,$wr[71],$sr[71],0);
&RIP1($D,$E,$A,$B,$C,$wr[72],$sr[72],0);
&RIP1($C,$D,$E,$A,$B,$wr[73],$sr[73],0);
&RIP1($B,$C,$D,$E,$A,$wr[74],$sr[74],0);
&RIP1($A,$B,$C,$D,$E,$wr[75],$sr[75],0);
&RIP1($E,$A,$B,$C,$D,$wr[76],$sr[76],0);
&RIP1($D,$E,$A,$B,$C,$wr[77],$sr[77],0);
&RIP1($C,$D,$E,$A,$B,$wr[78],$sr[78],0);
&RIP1($B,$C,$D,$E,$A,$wr[79],$sr[79],2);
# &mov($tmp2, &wparam(0)); # Moved into last round
&mov($tmp1, &DWP( 4,$tmp2,"",0)); # ctx->B
&add($D, $tmp1);
&mov($tmp1, &swtmp(16+2)); # $c
&add($D, $tmp1);
&mov($tmp1, &DWP( 8,$tmp2,"",0)); # ctx->C
&add($E, $tmp1);
&mov($tmp1, &swtmp(16+3)); # $d
&add($E, $tmp1);
&mov($tmp1, &DWP(12,$tmp2,"",0)); # ctx->D
&add($A, $tmp1);
&mov($tmp1, &swtmp(16+4)); # $e
&add($A, $tmp1);
&mov($tmp1, &DWP(16,$tmp2,"",0)); # ctx->E
&add($B, $tmp1);
&mov($tmp1, &swtmp(16+0)); # $a
&add($B, $tmp1);
&mov($tmp1, &DWP( 0,$tmp2,"",0)); # ctx->A
&add($C, $tmp1);
&mov($tmp1, &swtmp(16+1)); # $b
&add($C, $tmp1);
&mov($tmp1, &wparam(2));
&mov(&DWP( 0,$tmp2,"",0), $D);
&mov(&DWP( 4,$tmp2,"",0), $E);
&mov(&DWP( 8,$tmp2,"",0), $A);
&sub($tmp1,1);
&mov(&DWP(12,$tmp2,"",0), $B);
&mov(&DWP(16,$tmp2,"",0), $C);
&jle(&label("get_out"));
&mov(&wparam(2),$tmp1);
&mov($C, $A);
&mov($tmp1, &wparam(1));
&mov($A, $D);
&add($tmp1, 64);
&mov($B, $E);
&mov(&wparam(1),$tmp1);
&jmp(&label("start"));
&set_label("get_out");
&stack_pop(16+5+6);
&pop("ebx");
&pop("ebp");
&pop("edi");
&pop("esi");
&ret();
&function_end_B($name);
}

495
lib/libcrypto/whrlpool/asm/wp-mmx.pl
View file

@ -1,495 +0,0 @@
#!/usr/bin/env perl
#
# ====================================================================
# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
# project. Rights for redistribution and usage in source and binary
# forms are granted according to the OpenSSL license.
# ====================================================================
#
# whirlpool_block_mmx implementation.
#
*SCALE=\(2); # 2 or 8, that is the question:-) Value of 8 results
# in 16KB large table, which is tough on L1 cache, but eliminates
# unaligned references to it. Value of 2 results in 4KB table, but
# 7/8 of references to it are unaligned. AMD cores seem to be
# allergic to the latter, while Intel ones - to former [see the
# table]. I stick to value of 2 for two reasons: 1. smaller table
# minimizes cache trashing and thus mitigates the hazard of side-
# channel leakage similar to AES cache-timing one; 2. performance
# gap among different µ-archs is smaller.
#
# Performance table lists rounded amounts of CPU cycles spent by
# whirlpool_block_mmx routine on single 64 byte input block, i.e.
# smaller is better and asymptotic throughput can be estimated by
# multiplying 64 by CPU clock frequency and dividing by relevant
# value from the given table:
#
# $SCALE=2/8 icc8 gcc3
# Intel P4 3200/4600 4600(*) 6400
# Intel PIII 2900/3000 4900 5400
# AMD K[78] 2500/1800 9900 8200(**)
#
# (*) I've sketched even non-MMX assembler, but for the record
# I've failed to beat the Intel compiler on P4, without using
# MMX that is...
# (**) ... on AMD on the other hand non-MMX assembler was observed
# to perform significantly better, but I figured this MMX
# implementation is even faster anyway, so why bother? As for
# pre-MMX AMD core[s], the improvement coefficient is more
# than likely to vary anyway and I don't know how. But the
# least I know is that gcc-generated code compiled with
# -DL_ENDIAN and -DOPENSSL_SMALL_FOOTPRINT [see C module for
# details] and optimized for Pentium was observed to perform
# *better* on Pentium 100 than unrolled non-MMX assembler
# loop... So we just say that I don't know if maintaining
# non-MMX implementation would actually pay off, but till
# opposite is proved "unlikely" is assumed.
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
push(@INC,"${dir}","${dir}../../perlasm");
require "x86asm.pl";
&asm_init($ARGV[0],"wp-mmx.pl");
sub L() { &data_byte(@_); }
sub LL()
{ if ($SCALE==2) { &data_byte(@_); &data_byte(@_); }
elsif ($SCALE==8) { for ($i=0;$i<8;$i++) {
&data_byte(@_);
unshift(@_,pop(@_));
}
}
else { die "invalid SCALE value"; }
}
sub scale()
{ if ($SCALE==2) { &lea(@_[0],&DWP(0,@_[1],@_[1])); }
elsif ($SCALE==8) { &lea(@_[0],&DWP(0,"",@_[1],8)); }
else { die "invalid SCALE value"; }
}
sub row()
{ if ($SCALE==2) { ((8-shift)&7); }
elsif ($SCALE==8) { (8*shift); }
else { die "invalid SCALE value"; }
}
$tbl="ebp";
@mm=("mm0","mm1","mm2","mm3","mm4","mm5","mm6","mm7");
&static_label("table");
&function_begin_B("whirlpool_block_mmx");
&push ("ebp");
&push ("ebx");
&push ("esi");
&push ("edi");
&mov ("esi",&wparam(0)); # hash value
&mov ("edi",&wparam(1)); # input data stream
&mov ("ebp",&wparam(2)); # number of chunks in input
&mov ("eax","esp"); # copy stack pointer
&sub ("esp",128+20); # allocate frame
&and ("esp",-64); # align for cache-line
&lea ("ebx",&DWP(128,"esp"));
&mov (&DWP(0,"ebx"),"esi"); # save parameter block
&mov (&DWP(4,"ebx"),"edi");
&mov (&DWP(8,"ebx"),"ebp");
&mov (&DWP(16,"ebx"),"eax"); # saved stack pointer
&picsetup($tbl);
&picsymbol($tbl, &label("table"), $tbl);
&xor ("ecx","ecx");
&xor ("edx","edx");
for($i=0;$i<8;$i++) { &movq(@mm[$i],&QWP($i*8,"esi")); } # L=H
&set_label("outerloop");
for($i=0;$i<8;$i++) { &movq(&QWP($i*8,"esp"),@mm[$i]); } # K=L
for($i=0;$i<8;$i++) { &pxor(@mm[$i],&QWP($i*8,"edi")); } # L^=inp
for($i=0;$i<8;$i++) { &movq(&QWP(64+$i*8,"esp"),@mm[$i]); } # S=L
&xor ("esi","esi");
&mov (&DWP(12,"ebx"),"esi"); # zero round counter
&set_label("round",16);
&movq (@mm[0],&QWP(2048*$SCALE,$tbl,"esi",8)); # rc[r]
&mov ("eax",&DWP(0,"esp"));
&mov ("ebx",&DWP(4,"esp"));
for($i=0;$i<8;$i++) {
my $func = ($i==0)? \&movq : \&pxor;
&movb (&LB("ecx"),&LB("eax"));
&movb (&LB("edx"),&HB("eax"));
&scale ("esi","ecx");
&scale ("edi","edx");
&shr ("eax",16);
&pxor (@mm[0],&QWP(&row(0),$tbl,"esi",8));
&$func (@mm[1],&QWP(&row(1),$tbl,"edi",8));
&movb (&LB("ecx"),&LB("eax"));
&movb (&LB("edx"),&HB("eax"));
&mov ("eax",&DWP(($i+1)*8,"esp"));
&scale ("esi","ecx");
&scale ("edi","edx");
&$func (@mm[2],&QWP(&row(2),$tbl,"esi",8));
&$func (@mm[3],&QWP(&row(3),$tbl,"edi",8));
&movb (&LB("ecx"),&LB("ebx"));
&movb (&LB("edx"),&HB("ebx"));
&scale ("esi","ecx");
&scale ("edi","edx");
&shr ("ebx",16);
&$func (@mm[4],&QWP(&row(4),$tbl,"esi",8));
&$func (@mm[5],&QWP(&row(5),$tbl,"edi",8));
&movb (&LB("ecx"),&LB("ebx"));
&movb (&LB("edx"),&HB("ebx"));
&mov ("ebx",&DWP(($i+1)*8+4,"esp"));
&scale ("esi","ecx");
&scale ("edi","edx");
&$func (@mm[6],&QWP(&row(6),$tbl,"esi",8));
&$func (@mm[7],&QWP(&row(7),$tbl,"edi",8));
push(@mm,shift(@mm));
}
for($i=0;$i<8;$i++) { &movq(&QWP($i*8,"esp"),@mm[$i]); } # K=L
for($i=0;$i<8;$i++) {
&movb (&LB("ecx"),&LB("eax"));
&movb (&LB("edx"),&HB("eax"));
&scale ("esi","ecx");
&scale ("edi","edx");
&shr ("eax",16);
&pxor (@mm[0],&QWP(&row(0),$tbl,"esi",8));
&pxor (@mm[1],&QWP(&row(1),$tbl,"edi",8));
&movb (&LB("ecx"),&LB("eax"));
&movb (&LB("edx"),&HB("eax"));
&mov ("eax",&DWP(64+($i+1)*8,"esp")) if ($i<7);
&scale ("esi","ecx");
&scale ("edi","edx");
&pxor (@mm[2],&QWP(&row(2),$tbl,"esi",8));
&pxor (@mm[3],&QWP(&row(3),$tbl,"edi",8));
&movb (&LB("ecx"),&LB("ebx"));
&movb (&LB("edx"),&HB("ebx"));
&scale ("esi","ecx");
&scale ("edi","edx");
&shr ("ebx",16);
&pxor (@mm[4],&QWP(&row(4),$tbl,"esi",8));
&pxor (@mm[5],&QWP(&row(5),$tbl,"edi",8));
&movb (&LB("ecx"),&LB("ebx"));
&movb (&LB("edx"),&HB("ebx"));
&mov ("ebx",&DWP(64+($i+1)*8+4,"esp")) if ($i<7);
&scale ("esi","ecx");
&scale ("edi","edx");
&pxor (@mm[6],&QWP(&row(6),$tbl,"esi",8));
&pxor (@mm[7],&QWP(&row(7),$tbl,"edi",8));
push(@mm,shift(@mm));
}
&lea ("ebx",&DWP(128,"esp"));
&mov ("esi",&DWP(12,"ebx")); # pull round counter
&add ("esi",1);
&cmp ("esi",10);
&je (&label("roundsdone"));
&mov (&DWP(12,"ebx"),"esi"); # update round counter
for($i=0;$i<8;$i++) { &movq(&QWP(64+$i*8,"esp"),@mm[$i]); } # S=L
&jmp (&label("round"));
&set_label("roundsdone",16);
&mov ("esi",&DWP(0,"ebx")); # reload argument block
&mov ("edi",&DWP(4,"ebx"));
&mov ("eax",&DWP(8,"ebx"));
for($i=0;$i<8;$i++) { &pxor(@mm[$i],&QWP($i*8,"edi")); } # L^=inp
for($i=0;$i<8;$i++) { &pxor(@mm[$i],&QWP($i*8,"esi")); } # L^=H
for($i=0;$i<8;$i++) { &movq(&QWP($i*8,"esi"),@mm[$i]); } # H=L
&lea ("edi",&DWP(64,"edi")); # inp+=64
&sub ("eax",1); # num--
&jz (&label("alldone"));
&mov (&DWP(4,"ebx"),"edi"); # update argument block
&mov (&DWP(8,"ebx"),"eax");
&jmp (&label("outerloop"));
&set_label("alldone");
&emms ();
&mov ("esp",&DWP(16,"ebx")); # restore saved stack pointer
&pop ("edi");
&pop ("esi");
&pop ("ebx");
&pop ("ebp");
&ret ();
&function_end_B("whirlpool_block_mmx");
&rodataseg();
&align(64);
&set_label("table");
&LL(0x18,0x18,0x60,0x18,0xc0,0x78,0x30,0xd8);
&LL(0x23,0x23,0x8c,0x23,0x05,0xaf,0x46,0x26);
&LL(0xc6,0xc6,0x3f,0xc6,0x7e,0xf9,0x91,0xb8);
&LL(0xe8,0xe8,0x87,0xe8,0x13,0x6f,0xcd,0xfb);
&LL(0x87,0x87,0x26,0x87,0x4c,0xa1,0x13,0xcb);
&LL(0xb8,0xb8,0xda,0xb8,0xa9,0x62,0x6d,0x11);
&LL(0x01,0x01,0x04,0x01,0x08,0x05,0x02,0x09);
&LL(0x4f,0x4f,0x21,0x4f,0x42,0x6e,0x9e,0x0d);
&LL(0x36,0x36,0xd8,0x36,0xad,0xee,0x6c,0x9b);
&LL(0xa6,0xa6,0xa2,0xa6,0x59,0x04,0x51,0xff);
&LL(0xd2,0xd2,0x6f,0xd2,0xde,0xbd,0xb9,0x0c);
&LL(0xf5,0xf5,0xf3,0xf5,0xfb,0x06,0xf7,0x0e);
&LL(0x79,0x79,0xf9,0x79,0xef,0x80,0xf2,0x96);
&LL(0x6f,0x6f,0xa1,0x6f,0x5f,0xce,0xde,0x30);
&LL(0x91,0x91,0x7e,0x91,0xfc,0xef,0x3f,0x6d);
&LL(0x52,0x52,0x55,0x52,0xaa,0x07,0xa4,0xf8);
&LL(0x60,0x60,0x9d,0x60,0x27,0xfd,0xc0,0x47);
&LL(0xbc,0xbc,0xca,0xbc,0x89,0x76,0x65,0x35);
&LL(0x9b,0x9b,0x56,0x9b,0xac,0xcd,0x2b,0x37);
&LL(0x8e,0x8e,0x02,0x8e,0x04,0x8c,0x01,0x8a);
&LL(0xa3,0xa3,0xb6,0xa3,0x71,0x15,0x5b,0xd2);
&LL(0x0c,0x0c,0x30,0x0c,0x60,0x3c,0x18,0x6c);
&LL(0x7b,0x7b,0xf1,0x7b,0xff,0x8a,0xf6,0x84);
&LL(0x35,0x35,0xd4,0x35,0xb5,0xe1,0x6a,0x80);
&LL(0x1d,0x1d,0x74,0x1d,0xe8,0x69,0x3a,0xf5);
&LL(0xe0,0xe0,0xa7,0xe0,0x53,0x47,0xdd,0xb3);
&LL(0xd7,0xd7,0x7b,0xd7,0xf6,0xac,0xb3,0x21);
&LL(0xc2,0xc2,0x2f,0xc2,0x5e,0xed,0x99,0x9c);
&LL(0x2e,0x2e,0xb8,0x2e,0x6d,0x96,0x5c,0x43);
&LL(0x4b,0x4b,0x31,0x4b,0x62,0x7a,0x96,0x29);
&LL(0xfe,0xfe,0xdf,0xfe,0xa3,0x21,0xe1,0x5d);
&LL(0x57,0x57,0x41,0x57,0x82,0x16,0xae,0xd5);
&LL(0x15,0x15,0x54,0x15,0xa8,0x41,0x2a,0xbd);
&LL(0x77,0x77,0xc1,0x77,0x9f,0xb6,0xee,0xe8);
&LL(0x37,0x37,0xdc,0x37,0xa5,0xeb,0x6e,0x92);
&LL(0xe5,0xe5,0xb3,0xe5,0x7b,0x56,0xd7,0x9e);
&LL(0x9f,0x9f,0x46,0x9f,0x8c,0xd9,0x23,0x13);
&LL(0xf0,0xf0,0xe7,0xf0,0xd3,0x17,0xfd,0x23);
&LL(0x4a,0x4a,0x35,0x4a,0x6a,0x7f,0x94,0x20);
&LL(0xda,0xda,0x4f,0xda,0x9e,0x95,0xa9,0x44);
&LL(0x58,0x58,0x7d,0x58,0xfa,0x25,0xb0,0xa2);
&LL(0xc9,0xc9,0x03,0xc9,0x06,0xca,0x8f,0xcf);
&LL(0x29,0x29,0xa4,0x29,0x55,0x8d,0x52,0x7c);
&LL(0x0a,0x0a,0x28,0x0a,0x50,0x22,0x14,0x5a);
&LL(0xb1,0xb1,0xfe,0xb1,0xe1,0x4f,0x7f,0x50);
&LL(0xa0,0xa0,0xba,0xa0,0x69,0x1a,0x5d,0xc9);
&LL(0x6b,0x6b,0xb1,0x6b,0x7f,0xda,0xd6,0x14);
&LL(0x85,0x85,0x2e,0x85,0x5c,0xab,0x17,0xd9);
&LL(0xbd,0xbd,0xce,0xbd,0x81,0x73,0x67,0x3c);
&LL(0x5d,0x5d,0x69,0x5d,0xd2,0x34,0xba,0x8f);
&LL(0x10,0x10,0x40,0x10,0x80,0x50,0x20,0x90);
&LL(0xf4,0xf4,0xf7,0xf4,0xf3,0x03,0xf5,0x07);
&LL(0xcb,0xcb,0x0b,0xcb,0x16,0xc0,0x8b,0xdd);
&LL(0x3e,0x3e,0xf8,0x3e,0xed,0xc6,0x7c,0xd3);
&LL(0x05,0x05,0x14,0x05,0x28,0x11,0x0a,0x2d);
&LL(0x67,0x67,0x81,0x67,0x1f,0xe6,0xce,0x78);
&LL(0xe4,0xe4,0xb7,0xe4,0x73,0x53,0xd5,0x97);
&LL(0x27,0x27,0x9c,0x27,0x25,0xbb,0x4e,0x02);
&LL(0x41,0x41,0x19,0x41,0x32,0x58,0x82,0x73);
&LL(0x8b,0x8b,0x16,0x8b,0x2c,0x9d,0x0b,0xa7);
&LL(0xa7,0xa7,0xa6,0xa7,0x51,0x01,0x53,0xf6);
&LL(0x7d,0x7d,0xe9,0x7d,0xcf,0x94,0xfa,0xb2);
&LL(0x95,0x95,0x6e,0x95,0xdc,0xfb,0x37,0x49);
&LL(0xd8,0xd8,0x47,0xd8,0x8e,0x9f,0xad,0x56);
&LL(0xfb,0xfb,0xcb,0xfb,0x8b,0x30,0xeb,0x70);
&LL(0xee,0xee,0x9f,0xee,0x23,0x71,0xc1,0xcd);
&LL(0x7c,0x7c,0xed,0x7c,0xc7,0x91,0xf8,0xbb);
&LL(0x66,0x66,0x85,0x66,0x17,0xe3,0xcc,0x71);
&LL(0xdd,0xdd,0x53,0xdd,0xa6,0x8e,0xa7,0x7b);
&LL(0x17,0x17,0x5c,0x17,0xb8,0x4b,0x2e,0xaf);
&LL(0x47,0x47,0x01,0x47,0x02,0x46,0x8e,0x45);
&LL(0x9e,0x9e,0x42,0x9e,0x84,0xdc,0x21,0x1a);
&LL(0xca,0xca,0x0f,0xca,0x1e,0xc5,0x89,0xd4);
&LL(0x2d,0x2d,0xb4,0x2d,0x75,0x99,0x5a,0x58);
&LL(0xbf,0xbf,0xc6,0xbf,0x91,0x79,0x63,0x2e);
&LL(0x07,0x07,0x1c,0x07,0x38,0x1b,0x0e,0x3f);
&LL(0xad,0xad,0x8e,0xad,0x01,0x23,0x47,0xac);
&LL(0x5a,0x5a,0x75,0x5a,0xea,0x2f,0xb4,0xb0);
&LL(0x83,0x83,0x36,0x83,0x6c,0xb5,0x1b,0xef);
&LL(0x33,0x33,0xcc,0x33,0x85,0xff,0x66,0xb6);
&LL(0x63,0x63,0x91,0x63,0x3f,0xf2,0xc6,0x5c);
&LL(0x02,0x02,0x08,0x02,0x10,0x0a,0x04,0x12);
&LL(0xaa,0xaa,0x92,0xaa,0x39,0x38,0x49,0x93);
&LL(0x71,0x71,0xd9,0x71,0xaf,0xa8,0xe2,0xde);
&LL(0xc8,0xc8,0x07,0xc8,0x0e,0xcf,0x8d,0xc6);
&LL(0x19,0x19,0x64,0x19,0xc8,0x7d,0x32,0xd1);
&LL(0x49,0x49,0x39,0x49,0x72,0x70,0x92,0x3b);
&LL(0xd9,0xd9,0x43,0xd9,0x86,0x9a,0xaf,0x5f);
&LL(0xf2,0xf2,0xef,0xf2,0xc3,0x1d,0xf9,0x31);
&LL(0xe3,0xe3,0xab,0xe3,0x4b,0x48,0xdb,0xa8);
&LL(0x5b,0x5b,0x71,0x5b,0xe2,0x2a,0xb6,0xb9);
&LL(0x88,0x88,0x1a,0x88,0x34,0x92,0x0d,0xbc);
&LL(0x9a,0x9a,0x52,0x9a,0xa4,0xc8,0x29,0x3e);
&LL(0x26,0x26,0x98,0x26,0x2d,0xbe,0x4c,0x0b);
&LL(0x32,0x32,0xc8,0x32,0x8d,0xfa,0x64,0xbf);
&LL(0xb0,0xb0,0xfa,0xb0,0xe9,0x4a,0x7d,0x59);
&LL(0xe9,0xe9,0x83,0xe9,0x1b,0x6a,0xcf,0xf2);
&LL(0x0f,0x0f,0x3c,0x0f,0x78,0x33,0x1e,0x77);
&LL(0xd5,0xd5,0x73,0xd5,0xe6,0xa6,0xb7,0x33);
&LL(0x80,0x80,0x3a,0x80,0x74,0xba,0x1d,0xf4);
&LL(0xbe,0xbe,0xc2,0xbe,0x99,0x7c,0x61,0x27);
&LL(0xcd,0xcd,0x13,0xcd,0x26,0xde,0x87,0xeb);
&LL(0x34,0x34,0xd0,0x34,0xbd,0xe4,0x68,0x89);
&LL(0x48,0x48,0x3d,0x48,0x7a,0x75,0x90,0x32);
&LL(0xff,0xff,0xdb,0xff,0xab,0x24,0xe3,0x54);
&LL(0x7a,0x7a,0xf5,0x7a,0xf7,0x8f,0xf4,0x8d);
&LL(0x90,0x90,0x7a,0x90,0xf4,0xea,0x3d,0x64);
&LL(0x5f,0x5f,0x61,0x5f,0xc2,0x3e,0xbe,0x9d);
&LL(0x20,0x20,0x80,0x20,0x1d,0xa0,0x40,0x3d);
&LL(0x68,0x68,0xbd,0x68,0x67,0xd5,0xd0,0x0f);
&LL(0x1a,0x1a,0x68,0x1a,0xd0,0x72,0x34,0xca);
&LL(0xae,0xae,0x82,0xae,0x19,0x2c,0x41,0xb7);
&LL(0xb4,0xb4,0xea,0xb4,0xc9,0x5e,0x75,0x7d);
&LL(0x54,0x54,0x4d,0x54,0x9a,0x19,0xa8,0xce);
&LL(0x93,0x93,0x76,0x93,0xec,0xe5,0x3b,0x7f);
&LL(0x22,0x22,0x88,0x22,0x0d,0xaa,0x44,0x2f);
&LL(0x64,0x64,0x8d,0x64,0x07,0xe9,0xc8,0x63);
&LL(0xf1,0xf1,0xe3,0xf1,0xdb,0x12,0xff,0x2a);
&LL(0x73,0x73,0xd1,0x73,0xbf,0xa2,0xe6,0xcc);
&LL(0x12,0x12,0x48,0x12,0x90,0x5a,0x24,0x82);
&LL(0x40,0x40,0x1d,0x40,0x3a,0x5d,0x80,0x7a);
&LL(0x08,0x08,0x20,0x08,0x40,0x28,0x10,0x48);
&LL(0xc3,0xc3,0x2b,0xc3,0x56,0xe8,0x9b,0x95);
&LL(0xec,0xec,0x97,0xec,0x33,0x7b,0xc5,0xdf);
&LL(0xdb,0xdb,0x4b,0xdb,0x96,0x90,0xab,0x4d);
&LL(0xa1,0xa1,0xbe,0xa1,0x61,0x1f,0x5f,0xc0);
&LL(0x8d,0x8d,0x0e,0x8d,0x1c,0x83,0x07,0x91);
&LL(0x3d,0x3d,0xf4,0x3d,0xf5,0xc9,0x7a,0xc8);
&LL(0x97,0x97,0x66,0x97,0xcc,0xf1,0x33,0x5b);
&LL(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00);
&LL(0xcf,0xcf,0x1b,0xcf,0x36,0xd4,0x83,0xf9);
&LL(0x2b,0x2b,0xac,0x2b,0x45,0x87,0x56,0x6e);
&LL(0x76,0x76,0xc5,0x76,0x97,0xb3,0xec,0xe1);
&LL(0x82,0x82,0x32,0x82,0x64,0xb0,0x19,0xe6);
&LL(0xd6,0xd6,0x7f,0xd6,0xfe,0xa9,0xb1,0x28);
&LL(0x1b,0x1b,0x6c,0x1b,0xd8,0x77,0x36,0xc3);
&LL(0xb5,0xb5,0xee,0xb5,0xc1,0x5b,0x77,0x74);
&LL(0xaf,0xaf,0x86,0xaf,0x11,0x29,0x43,0xbe);
&LL(0x6a,0x6a,0xb5,0x6a,0x77,0xdf,0xd4,0x1d);
&LL(0x50,0x50,0x5d,0x50,0xba,0x0d,0xa0,0xea);
&LL(0x45,0x45,0x09,0x45,0x12,0x4c,0x8a,0x57);
&LL(0xf3,0xf3,0xeb,0xf3,0xcb,0x18,0xfb,0x38);
&LL(0x30,0x30,0xc0,0x30,0x9d,0xf0,0x60,0xad);
&LL(0xef,0xef,0x9b,0xef,0x2b,0x74,0xc3,0xc4);
&LL(0x3f,0x3f,0xfc,0x3f,0xe5,0xc3,0x7e,0xda);
&LL(0x55,0x55,0x49,0x55,0x92,0x1c,0xaa,0xc7);
&LL(0xa2,0xa2,0xb2,0xa2,0x79,0x10,0x59,0xdb);
&LL(0xea,0xea,0x8f,0xea,0x03,0x65,0xc9,0xe9);
&LL(0x65,0x65,0x89,0x65,0x0f,0xec,0xca,0x6a);
&LL(0xba,0xba,0xd2,0xba,0xb9,0x68,0x69,0x03);
&LL(0x2f,0x2f,0xbc,0x2f,0x65,0x93,0x5e,0x4a);
&LL(0xc0,0xc0,0x27,0xc0,0x4e,0xe7,0x9d,0x8e);
&LL(0xde,0xde,0x5f,0xde,0xbe,0x81,0xa1,0x60);
&LL(0x1c,0x1c,0x70,0x1c,0xe0,0x6c,0x38,0xfc);
&LL(0xfd,0xfd,0xd3,0xfd,0xbb,0x2e,0xe7,0x46);
&LL(0x4d,0x4d,0x29,0x4d,0x52,0x64,0x9a,0x1f);
&LL(0x92,0x92,0x72,0x92,0xe4,0xe0,0x39,0x76);
&LL(0x75,0x75,0xc9,0x75,0x8f,0xbc,0xea,0xfa);
&LL(0x06,0x06,0x18,0x06,0x30,0x1e,0x0c,0x36);
&LL(0x8a,0x8a,0x12,0x8a,0x24,0x98,0x09,0xae);
&LL(0xb2,0xb2,0xf2,0xb2,0xf9,0x40,0x79,0x4b);
&LL(0xe6,0xe6,0xbf,0xe6,0x63,0x59,0xd1,0x85);
&LL(0x0e,0x0e,0x38,0x0e,0x70,0x36,0x1c,0x7e);
&LL(0x1f,0x1f,0x7c,0x1f,0xf8,0x63,0x3e,0xe7);
&LL(0x62,0x62,0x95,0x62,0x37,0xf7,0xc4,0x55);
&LL(0xd4,0xd4,0x77,0xd4,0xee,0xa3,0xb5,0x3a);
&LL(0xa8,0xa8,0x9a,0xa8,0x29,0x32,0x4d,0x81);
&LL(0x96,0x96,0x62,0x96,0xc4,0xf4,0x31,0x52);
&LL(0xf9,0xf9,0xc3,0xf9,0x9b,0x3a,0xef,0x62);
&LL(0xc5,0xc5,0x33,0xc5,0x66,0xf6,0x97,0xa3);
&LL(0x25,0x25,0x94,0x25,0x35,0xb1,0x4a,0x10);
&LL(0x59,0x59,0x79,0x59,0xf2,0x20,0xb2,0xab);
&LL(0x84,0x84,0x2a,0x84,0x54,0xae,0x15,0xd0);
&LL(0x72,0x72,0xd5,0x72,0xb7,0xa7,0xe4,0xc5);
&LL(0x39,0x39,0xe4,0x39,0xd5,0xdd,0x72,0xec);
&LL(0x4c,0x4c,0x2d,0x4c,0x5a,0x61,0x98,0x16);
&LL(0x5e,0x5e,0x65,0x5e,0xca,0x3b,0xbc,0x94);
&LL(0x78,0x78,0xfd,0x78,0xe7,0x85,0xf0,0x9f);
&LL(0x38,0x38,0xe0,0x38,0xdd,0xd8,0x70,0xe5);
&LL(0x8c,0x8c,0x0a,0x8c,0x14,0x86,0x05,0x98);
&LL(0xd1,0xd1,0x63,0xd1,0xc6,0xb2,0xbf,0x17);
&LL(0xa5,0xa5,0xae,0xa5,0x41,0x0b,0x57,0xe4);
&LL(0xe2,0xe2,0xaf,0xe2,0x43,0x4d,0xd9,0xa1);
&LL(0x61,0x61,0x99,0x61,0x2f,0xf8,0xc2,0x4e);
&LL(0xb3,0xb3,0xf6,0xb3,0xf1,0x45,0x7b,0x42);
&LL(0x21,0x21,0x84,0x21,0x15,0xa5,0x42,0x34);
&LL(0x9c,0x9c,0x4a,0x9c,0x94,0xd6,0x25,0x08);
&LL(0x1e,0x1e,0x78,0x1e,0xf0,0x66,0x3c,0xee);
&LL(0x43,0x43,0x11,0x43,0x22,0x52,0x86,0x61);
&LL(0xc7,0xc7,0x3b,0xc7,0x76,0xfc,0x93,0xb1);
&LL(0xfc,0xfc,0xd7,0xfc,0xb3,0x2b,0xe5,0x4f);
&LL(0x04,0x04,0x10,0x04,0x20,0x14,0x08,0x24);
&LL(0x51,0x51,0x59,0x51,0xb2,0x08,0xa2,0xe3);
&LL(0x99,0x99,0x5e,0x99,0xbc,0xc7,0x2f,0x25);
&LL(0x6d,0x6d,0xa9,0x6d,0x4f,0xc4,0xda,0x22);
&LL(0x0d,0x0d,0x34,0x0d,0x68,0x39,0x1a,0x65);
&LL(0xfa,0xfa,0xcf,0xfa,0x83,0x35,0xe9,0x79);
&LL(0xdf,0xdf,0x5b,0xdf,0xb6,0x84,0xa3,0x69);
&LL(0x7e,0x7e,0xe5,0x7e,0xd7,0x9b,0xfc,0xa9);
&LL(0x24,0x24,0x90,0x24,0x3d,0xb4,0x48,0x19);
&LL(0x3b,0x3b,0xec,0x3b,0xc5,0xd7,0x76,0xfe);
&LL(0xab,0xab,0x96,0xab,0x31,0x3d,0x4b,0x9a);
&LL(0xce,0xce,0x1f,0xce,0x3e,0xd1,0x81,0xf0);
&LL(0x11,0x11,0x44,0x11,0x88,0x55,0x22,0x99);
&LL(0x8f,0x8f,0x06,0x8f,0x0c,0x89,0x03,0x83);
&LL(0x4e,0x4e,0x25,0x4e,0x4a,0x6b,0x9c,0x04);
&LL(0xb7,0xb7,0xe6,0xb7,0xd1,0x51,0x73,0x66);
&LL(0xeb,0xeb,0x8b,0xeb,0x0b,0x60,0xcb,0xe0);
&LL(0x3c,0x3c,0xf0,0x3c,0xfd,0xcc,0x78,0xc1);
&LL(0x81,0x81,0x3e,0x81,0x7c,0xbf,0x1f,0xfd);
&LL(0x94,0x94,0x6a,0x94,0xd4,0xfe,0x35,0x40);
&LL(0xf7,0xf7,0xfb,0xf7,0xeb,0x0c,0xf3,0x1c);
&LL(0xb9,0xb9,0xde,0xb9,0xa1,0x67,0x6f,0x18);
&LL(0x13,0x13,0x4c,0x13,0x98,0x5f,0x26,0x8b);
&LL(0x2c,0x2c,0xb0,0x2c,0x7d,0x9c,0x58,0x51);
&LL(0xd3,0xd3,0x6b,0xd3,0xd6,0xb8,0xbb,0x05);
&LL(0xe7,0xe7,0xbb,0xe7,0x6b,0x5c,0xd3,0x8c);
&LL(0x6e,0x6e,0xa5,0x6e,0x57,0xcb,0xdc,0x39);
&LL(0xc4,0xc4,0x37,0xc4,0x6e,0xf3,0x95,0xaa);
&LL(0x03,0x03,0x0c,0x03,0x18,0x0f,0x06,0x1b);
&LL(0x56,0x56,0x45,0x56,0x8a,0x13,0xac,0xdc);
&LL(0x44,0x44,0x0d,0x44,0x1a,0x49,0x88,0x5e);
&LL(0x7f,0x7f,0xe1,0x7f,0xdf,0x9e,0xfe,0xa0);
&LL(0xa9,0xa9,0x9e,0xa9,0x21,0x37,0x4f,0x88);
&LL(0x2a,0x2a,0xa8,0x2a,0x4d,0x82,0x54,0x67);
&LL(0xbb,0xbb,0xd6,0xbb,0xb1,0x6d,0x6b,0x0a);
&LL(0xc1,0xc1,0x23,0xc1,0x46,0xe2,0x9f,0x87);
&LL(0x53,0x53,0x51,0x53,0xa2,0x02,0xa6,0xf1);
&LL(0xdc,0xdc,0x57,0xdc,0xae,0x8b,0xa5,0x72);
&LL(0x0b,0x0b,0x2c,0x0b,0x58,0x27,0x16,0x53);
&LL(0x9d,0x9d,0x4e,0x9d,0x9c,0xd3,0x27,0x01);
&LL(0x6c,0x6c,0xad,0x6c,0x47,0xc1,0xd8,0x2b);
&LL(0x31,0x31,0xc4,0x31,0x95,0xf5,0x62,0xa4);
&LL(0x74,0x74,0xcd,0x74,0x87,0xb9,0xe8,0xf3);
&LL(0xf6,0xf6,0xff,0xf6,0xe3,0x09,0xf1,0x15);
&LL(0x46,0x46,0x05,0x46,0x0a,0x43,0x8c,0x4c);
&LL(0xac,0xac,0x8a,0xac,0x09,0x26,0x45,0xa5);
&LL(0x89,0x89,0x1e,0x89,0x3c,0x97,0x0f,0xb5);
&LL(0x14,0x14,0x50,0x14,0xa0,0x44,0x28,0xb4);
&LL(0xe1,0xe1,0xa3,0xe1,0x5b,0x42,0xdf,0xba);
&LL(0x16,0x16,0x58,0x16,0xb0,0x4e,0x2c,0xa6);
&LL(0x3a,0x3a,0xe8,0x3a,0xcd,0xd2,0x74,0xf7);
&LL(0x69,0x69,0xb9,0x69,0x6f,0xd0,0xd2,0x06);
&LL(0x09,0x09,0x24,0x09,0x48,0x2d,0x12,0x41);
&LL(0x70,0x70,0xdd,0x70,0xa7,0xad,0xe0,0xd7);
&LL(0xb6,0xb6,0xe2,0xb6,0xd9,0x54,0x71,0x6f);
&LL(0xd0,0xd0,0x67,0xd0,0xce,0xb7,0xbd,0x1e);
&LL(0xed,0xed,0x93,0xed,0x3b,0x7e,0xc7,0xd6);
&LL(0xcc,0xcc,0x17,0xcc,0x2e,0xdb,0x85,0xe2);
&LL(0x42,0x42,0x15,0x42,0x2a,0x57,0x84,0x68);
&LL(0x98,0x98,0x5a,0x98,0xb4,0xc2,0x2d,0x2c);
&LL(0xa4,0xa4,0xaa,0xa4,0x49,0x0e,0x55,0xed);
&LL(0x28,0x28,0xa0,0x28,0x5d,0x88,0x50,0x75);
&LL(0x5c,0x5c,0x6d,0x5c,0xda,0x31,0xb8,0x86);
&LL(0xf8,0xf8,0xc7,0xf8,0x93,0x3f,0xed,0x6b);
&LL(0x86,0x86,0x22,0x86,0x44,0xa4,0x11,0xc2);
&L(0x18,0x23,0xc6,0xe8,0x87,0xb8,0x01,0x4f); # rc[ROUNDS]
&L(0x36,0xa6,0xd2,0xf5,0x79,0x6f,0x91,0x52);
&L(0x60,0xbc,0x9b,0x8e,0xa3,0x0c,0x7b,0x35);
&L(0x1d,0xe0,0xd7,0xc2,0x2e,0x4b,0xfe,0x57);
&L(0x15,0x77,0x37,0xe5,0x9f,0xf0,0x4a,0xda);
&L(0x58,0xc9,0x29,0x0a,0xb1,0xa0,0x6b,0x85);
&L(0xbd,0x5d,0x10,0xf4,0xcb,0x3e,0x05,0x67);
&L(0xe4,0x27,0x41,0x8b,0xa7,0x7d,0x95,0xd8);
&L(0xfb,0xee,0x7c,0x66,0xdd,0x17,0x47,0x9e);
&L(0xca,0x2d,0xbf,0x07,0xad,0x5a,0x83,0x33);
&previous();
&asm_finish();

483
lib/libcrypto/whrlpool/asm/wp-x86_64.pl
View file

@ -1,483 +0,0 @@
#!/usr/bin/env perl
#
# ====================================================================
# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
# project. Rights for redistribution and usage in source and binary
# forms are granted according to the OpenSSL license.
# ====================================================================
#
# whirlpool_block for x86_64.
#
# 2500 cycles per 64-byte input block on AMD64, which is *identical*
# to 32-bit MMX version executed on same CPU. So why did I bother?
# Well, it's faster than gcc 3.3.2 generated code by over 50%, and
# over 80% faster than PathScale 1.4, an "ambitious" commercial
# compiler. Furthermore it surpasses gcc 3.4.3 by 170% and Sun Studio
# 10 - by 360%[!]... What is it with x86_64 compilers? It's not the
# first example when they fail to generate more optimal code, when
# I believe they had *all* chances to...
#
# Note that register and stack frame layout are virtually identical
# to 32-bit MMX version, except that %r8-15 are used instead of
# %mm0-8. You can even notice that K[i] and S[i] are loaded to
# %eax:%ebx as pair of 32-bit values and not as single 64-bit one.
# This is done in order to avoid 64-bit shift penalties on Intel
# EM64T core. Speaking of which! I bet it's possible to improve
# Opteron performance by compressing the table to 2KB and replacing
# unaligned references with complementary rotations [which would
# incidentally replace lea instructions], but it would definitely
# just "kill" EM64T, because it has only 1 shifter/rotator [against
# 3 on Opteron] and which is *unacceptably* slow with 64-bit
# operand.
$flavour = shift;
$output = shift;
if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
$0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate;
( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
open OUT,"| \"$^X\" $xlate $flavour $output";
*STDOUT=*OUT;
sub L() { $code.=".byte ".join(',',@_)."\n"; }
sub LL(){ $code.=".byte ".join(',',@_).",".join(',',@_)."\n"; }
@mm=("%r8","%r9","%r10","%r11","%r12","%r13","%r14","%r15");
$func="whirlpool_block";
$table=".Ltable";
$code=<<___;
.text
.globl $func
.type $func,\@function,3
.align 16
$func:
_CET_ENDBR
push %rbx
push %rbp
push %r12
push %r13
push %r14
push %r15
mov %rsp,%r11
sub \$128+40,%rsp
and \$-64,%rsp
lea 128(%rsp),%r10
mov %rdi,0(%r10) # save parameter block
mov %rsi,8(%r10)
mov %rdx,16(%r10)
mov %r11,32(%r10) # saved stack pointer
.Lprologue:
mov %r10,%rbx
lea $table(%rip),%rbp
xor %rcx,%rcx
xor %rdx,%rdx
___
for($i=0;$i<8;$i++) { $code.="mov $i*8(%rdi),@mm[$i]\n"; } # L=H
$code.=".Louterloop:\n";
for($i=0;$i<8;$i++) { $code.="mov @mm[$i],$i*8(%rsp)\n"; } # K=L
for($i=0;$i<8;$i++) { $code.="xor $i*8(%rsi),@mm[$i]\n"; } # L^=inp
for($i=0;$i<8;$i++) { $code.="mov @mm[$i],64+$i*8(%rsp)\n"; } # S=L
$code.=<<___;
xor %rsi,%rsi
mov %rsi,24(%rbx) # zero round counter
.align 16
.Lround:
mov 4096(%rbp,%rsi,8),@mm[0] # rc[r]
mov 0(%rsp),%eax
mov 4(%rsp),%ebx
___
for($i=0;$i<8;$i++) {
my $func = ($i==0)? "mov" : "xor";
$code.=<<___;
mov %al,%cl
mov %ah,%dl
lea (%rcx,%rcx),%rsi
lea (%rdx,%rdx),%rdi
shr \$16,%eax
xor 0(%rbp,%rsi,8),@mm[0]
$func 7(%rbp,%rdi,8),@mm[1]
mov %al,%cl
mov %ah,%dl
mov $i*8+8(%rsp),%eax # ($i+1)*8
lea (%rcx,%rcx),%rsi
lea (%rdx,%rdx),%rdi
$func 6(%rbp,%rsi,8),@mm[2]
$func 5(%rbp,%rdi,8),@mm[3]
mov %bl,%cl
mov %bh,%dl
lea (%rcx,%rcx),%rsi
lea (%rdx,%rdx),%rdi
shr \$16,%ebx
$func 4(%rbp,%rsi,8),@mm[4]
$func 3(%rbp,%rdi,8),@mm[5]
mov %bl,%cl
mov %bh,%dl
mov $i*8+8+4(%rsp),%ebx # ($i+1)*8+4
lea (%rcx,%rcx),%rsi
lea (%rdx,%rdx),%rdi
$func 2(%rbp,%rsi,8),@mm[6]
$func 1(%rbp,%rdi,8),@mm[7]
___
push(@mm,shift(@mm));
}
for($i=0;$i<8;$i++) { $code.="mov @mm[$i],$i*8(%rsp)\n"; } # K=L
for($i=0;$i<8;$i++) {
$code.=<<___;
mov %al,%cl
mov %ah,%dl
lea (%rcx,%rcx),%rsi
lea (%rdx,%rdx),%rdi
shr \$16,%eax
xor 0(%rbp,%rsi,8),@mm[0]
xor 7(%rbp,%rdi,8),@mm[1]
mov %al,%cl
mov %ah,%dl
`"mov 64+$i*8+8(%rsp),%eax" if($i<7);` # 64+($i+1)*8
lea (%rcx,%rcx),%rsi
lea (%rdx,%rdx),%rdi
xor 6(%rbp,%rsi,8),@mm[2]
xor 5(%rbp,%rdi,8),@mm[3]
mov %bl,%cl
mov %bh,%dl
lea (%rcx,%rcx),%rsi
lea (%rdx,%rdx),%rdi
shr \$16,%ebx
xor 4(%rbp,%rsi,8),@mm[4]
xor 3(%rbp,%rdi,8),@mm[5]
mov %bl,%cl
mov %bh,%dl
`"mov 64+$i*8+8+4(%rsp),%ebx" if($i<7);` # 64+($i+1)*8+4
lea (%rcx,%rcx),%rsi
lea (%rdx,%rdx),%rdi
xor 2(%rbp,%rsi,8),@mm[6]
xor 1(%rbp,%rdi,8),@mm[7]
___
push(@mm,shift(@mm));
}
$code.=<<___;
lea 128(%rsp),%rbx
mov 24(%rbx),%rsi # pull round counter
add \$1,%rsi
cmp \$10,%rsi
je .Lroundsdone
mov %rsi,24(%rbx) # update round counter
___
for($i=0;$i<8;$i++) { $code.="mov @mm[$i],64+$i*8(%rsp)\n"; } # S=L
$code.=<<___;
jmp .Lround
.align 16
.Lroundsdone:
mov 0(%rbx),%rdi # reload argument block
mov 8(%rbx),%rsi
mov 16(%rbx),%rax
___
for($i=0;$i<8;$i++) { $code.="xor $i*8(%rsi),@mm[$i]\n"; } # L^=inp
for($i=0;$i<8;$i++) { $code.="xor $i*8(%rdi),@mm[$i]\n"; } # L^=H
for($i=0;$i<8;$i++) { $code.="mov @mm[$i],$i*8(%rdi)\n"; } # H=L
$code.=<<___;
lea 64(%rsi),%rsi # inp+=64
sub \$1,%rax # num--
jz .Lalldone
mov %rsi,8(%rbx) # update parameter block
mov %rax,16(%rbx)
jmp .Louterloop
.Lalldone:
mov 32(%rbx),%rsi # restore saved pointer
mov (%rsi),%r15
mov 8(%rsi),%r14
mov 16(%rsi),%r13
mov 24(%rsi),%r12
mov 32(%rsi),%rbp
mov 40(%rsi),%rbx
lea 48(%rsi),%rsp
.Lepilogue:
ret
.size $func,.-$func
.section .rodata
.align 64
.type $table,\@object
$table:
___
&LL(0x18,0x18,0x60,0x18,0xc0,0x78,0x30,0xd8);
&LL(0x23,0x23,0x8c,0x23,0x05,0xaf,0x46,0x26);
&LL(0xc6,0xc6,0x3f,0xc6,0x7e,0xf9,0x91,0xb8);
&LL(0xe8,0xe8,0x87,0xe8,0x13,0x6f,0xcd,0xfb);
&LL(0x87,0x87,0x26,0x87,0x4c,0xa1,0x13,0xcb);
&LL(0xb8,0xb8,0xda,0xb8,0xa9,0x62,0x6d,0x11);
&LL(0x01,0x01,0x04,0x01,0x08,0x05,0x02,0x09);
&LL(0x4f,0x4f,0x21,0x4f,0x42,0x6e,0x9e,0x0d);
&LL(0x36,0x36,0xd8,0x36,0xad,0xee,0x6c,0x9b);
&LL(0xa6,0xa6,0xa2,0xa6,0x59,0x04,0x51,0xff);
&LL(0xd2,0xd2,0x6f,0xd2,0xde,0xbd,0xb9,0x0c);
&LL(0xf5,0xf5,0xf3,0xf5,0xfb,0x06,0xf7,0x0e);
&LL(0x79,0x79,0xf9,0x79,0xef,0x80,0xf2,0x96);
&LL(0x6f,0x6f,0xa1,0x6f,0x5f,0xce,0xde,0x30);
&LL(0x91,0x91,0x7e,0x91,0xfc,0xef,0x3f,0x6d);
&LL(0x52,0x52,0x55,0x52,0xaa,0x07,0xa4,0xf8);
&LL(0x60,0x60,0x9d,0x60,0x27,0xfd,0xc0,0x47);
&LL(0xbc,0xbc,0xca,0xbc,0x89,0x76,0x65,0x35);
&LL(0x9b,0x9b,0x56,0x9b,0xac,0xcd,0x2b,0x37);
&LL(0x8e,0x8e,0x02,0x8e,0x04,0x8c,0x01,0x8a);
&LL(0xa3,0xa3,0xb6,0xa3,0x71,0x15,0x5b,0xd2);
&LL(0x0c,0x0c,0x30,0x0c,0x60,0x3c,0x18,0x6c);
&LL(0x7b,0x7b,0xf1,0x7b,0xff,0x8a,0xf6,0x84);
&LL(0x35,0x35,0xd4,0x35,0xb5,0xe1,0x6a,0x80);
&LL(0x1d,0x1d,0x74,0x1d,0xe8,0x69,0x3a,0xf5);
&LL(0xe0,0xe0,0xa7,0xe0,0x53,0x47,0xdd,0xb3);
&LL(0xd7,0xd7,0x7b,0xd7,0xf6,0xac,0xb3,0x21);
&LL(0xc2,0xc2,0x2f,0xc2,0x5e,0xed,0x99,0x9c);
&LL(0x2e,0x2e,0xb8,0x2e,0x6d,0x96,0x5c,0x43);
&LL(0x4b,0x4b,0x31,0x4b,0x62,0x7a,0x96,0x29);
&LL(0xfe,0xfe,0xdf,0xfe,0xa3,0x21,0xe1,0x5d);
&LL(0x57,0x57,0x41,0x57,0x82,0x16,0xae,0xd5);
&LL(0x15,0x15,0x54,0x15,0xa8,0x41,0x2a,0xbd);
&LL(0x77,0x77,0xc1,0x77,0x9f,0xb6,0xee,0xe8);
&LL(0x37,0x37,0xdc,0x37,0xa5,0xeb,0x6e,0x92);
&LL(0xe5,0xe5,0xb3,0xe5,0x7b,0x56,0xd7,0x9e);
&LL(0x9f,0x9f,0x46,0x9f,0x8c,0xd9,0x23,0x13);
&LL(0xf0,0xf0,0xe7,0xf0,0xd3,0x17,0xfd,0x23);
&LL(0x4a,0x4a,0x35,0x4a,0x6a,0x7f,0x94,0x20);
&LL(0xda,0xda,0x4f,0xda,0x9e,0x95,0xa9,0x44);
&LL(0x58,0x58,0x7d,0x58,0xfa,0x25,0xb0,0xa2);
&LL(0xc9,0xc9,0x03,0xc9,0x06,0xca,0x8f,0xcf);
&LL(0x29,0x29,0xa4,0x29,0x55,0x8d,0x52,0x7c);
&LL(0x0a,0x0a,0x28,0x0a,0x50,0x22,0x14,0x5a);
&LL(0xb1,0xb1,0xfe,0xb1,0xe1,0x4f,0x7f,0x50);
&LL(0xa0,0xa0,0xba,0xa0,0x69,0x1a,0x5d,0xc9);
&LL(0x6b,0x6b,0xb1,0x6b,0x7f,0xda,0xd6,0x14);
&LL(0x85,0x85,0x2e,0x85,0x5c,0xab,0x17,0xd9);
&LL(0xbd,0xbd,0xce,0xbd,0x81,0x73,0x67,0x3c);
&LL(0x5d,0x5d,0x69,0x5d,0xd2,0x34,0xba,0x8f);
&LL(0x10,0x10,0x40,0x10,0x80,0x50,0x20,0x90);
&LL(0xf4,0xf4,0xf7,0xf4,0xf3,0x03,0xf5,0x07);
&LL(0xcb,0xcb,0x0b,0xcb,0x16,0xc0,0x8b,0xdd);
&LL(0x3e,0x3e,0xf8,0x3e,0xed,0xc6,0x7c,0xd3);
&LL(0x05,0x05,0x14,0x05,0x28,0x11,0x0a,0x2d);
&LL(0x67,0x67,0x81,0x67,0x1f,0xe6,0xce,0x78);
&LL(0xe4,0xe4,0xb7,0xe4,0x73,0x53,0xd5,0x97);
&LL(0x27,0x27,0x9c,0x27,0x25,0xbb,0x4e,0x02);
&LL(0x41,0x41,0x19,0x41,0x32,0x58,0x82,0x73);
&LL(0x8b,0x8b,0x16,0x8b,0x2c,0x9d,0x0b,0xa7);
&LL(0xa7,0xa7,0xa6,0xa7,0x51,0x01,0x53,0xf6);
&LL(0x7d,0x7d,0xe9,0x7d,0xcf,0x94,0xfa,0xb2);
&LL(0x95,0x95,0x6e,0x95,0xdc,0xfb,0x37,0x49);
&LL(0xd8,0xd8,0x47,0xd8,0x8e,0x9f,0xad,0x56);
&LL(0xfb,0xfb,0xcb,0xfb,0x8b,0x30,0xeb,0x70);
&LL(0xee,0xee,0x9f,0xee,0x23,0x71,0xc1,0xcd);
&LL(0x7c,0x7c,0xed,0x7c,0xc7,0x91,0xf8,0xbb);
&LL(0x66,0x66,0x85,0x66,0x17,0xe3,0xcc,0x71);
&LL(0xdd,0xdd,0x53,0xdd,0xa6,0x8e,0xa7,0x7b);
&LL(0x17,0x17,0x5c,0x17,0xb8,0x4b,0x2e,0xaf);
&LL(0x47,0x47,0x01,0x47,0x02,0x46,0x8e,0x45);
&LL(0x9e,0x9e,0x42,0x9e,0x84,0xdc,0x21,0x1a);
&LL(0xca,0xca,0x0f,0xca,0x1e,0xc5,0x89,0xd4);
&LL(0x2d,0x2d,0xb4,0x2d,0x75,0x99,0x5a,0x58);
&LL(0xbf,0xbf,0xc6,0xbf,0x91,0x79,0x63,0x2e);
&LL(0x07,0x07,0x1c,0x07,0x38,0x1b,0x0e,0x3f);
&LL(0xad,0xad,0x8e,0xad,0x01,0x23,0x47,0xac);
&LL(0x5a,0x5a,0x75,0x5a,0xea,0x2f,0xb4,0xb0);
&LL(0x83,0x83,0x36,0x83,0x6c,0xb5,0x1b,0xef);
&LL(0x33,0x33,0xcc,0x33,0x85,0xff,0x66,0xb6);
&LL(0x63,0x63,0x91,0x63,0x3f,0xf2,0xc6,0x5c);
&LL(0x02,0x02,0x08,0x02,0x10,0x0a,0x04,0x12);
&LL(0xaa,0xaa,0x92,0xaa,0x39,0x38,0x49,0x93);
&LL(0x71,0x71,0xd9,0x71,0xaf,0xa8,0xe2,0xde);
&LL(0xc8,0xc8,0x07,0xc8,0x0e,0xcf,0x8d,0xc6);
&LL(0x19,0x19,0x64,0x19,0xc8,0x7d,0x32,0xd1);
&LL(0x49,0x49,0x39,0x49,0x72,0x70,0x92,0x3b);
&LL(0xd9,0xd9,0x43,0xd9,0x86,0x9a,0xaf,0x5f);
&LL(0xf2,0xf2,0xef,0xf2,0xc3,0x1d,0xf9,0x31);
&LL(0xe3,0xe3,0xab,0xe3,0x4b,0x48,0xdb,0xa8);
&LL(0x5b,0x5b,0x71,0x5b,0xe2,0x2a,0xb6,0xb9);
&LL(0x88,0x88,0x1a,0x88,0x34,0x92,0x0d,0xbc);
&LL(0x9a,0x9a,0x52,0x9a,0xa4,0xc8,0x29,0x3e);
&LL(0x26,0x26,0x98,0x26,0x2d,0xbe,0x4c,0x0b);
&LL(0x32,0x32,0xc8,0x32,0x8d,0xfa,0x64,0xbf);
&LL(0xb0,0xb0,0xfa,0xb0,0xe9,0x4a,0x7d,0x59);
&LL(0xe9,0xe9,0x83,0xe9,0x1b,0x6a,0xcf,0xf2);
&LL(0x0f,0x0f,0x3c,0x0f,0x78,0x33,0x1e,0x77);
&LL(0xd5,0xd5,0x73,0xd5,0xe6,0xa6,0xb7,0x33);
&LL(0x80,0x80,0x3a,0x80,0x74,0xba,0x1d,0xf4);
&LL(0xbe,0xbe,0xc2,0xbe,0x99,0x7c,0x61,0x27);
&LL(0xcd,0xcd,0x13,0xcd,0x26,0xde,0x87,0xeb);
&LL(0x34,0x34,0xd0,0x34,0xbd,0xe4,0x68,0x89);
&LL(0x48,0x48,0x3d,0x48,0x7a,0x75,0x90,0x32);
&LL(0xff,0xff,0xdb,0xff,0xab,0x24,0xe3,0x54);
&LL(0x7a,0x7a,0xf5,0x7a,0xf7,0x8f,0xf4,0x8d);
&LL(0x90,0x90,0x7a,0x90,0xf4,0xea,0x3d,0x64);
&LL(0x5f,0x5f,0x61,0x5f,0xc2,0x3e,0xbe,0x9d);
&LL(0x20,0x20,0x80,0x20,0x1d,0xa0,0x40,0x3d);
&LL(0x68,0x68,0xbd,0x68,0x67,0xd5,0xd0,0x0f);
&LL(0x1a,0x1a,0x68,0x1a,0xd0,0x72,0x34,0xca);
&LL(0xae,0xae,0x82,0xae,0x19,0x2c,0x41,0xb7);
&LL(0xb4,0xb4,0xea,0xb4,0xc9,0x5e,0x75,0x7d);
&LL(0x54,0x54,0x4d,0x54,0x9a,0x19,0xa8,0xce);
&LL(0x93,0x93,0x76,0x93,0xec,0xe5,0x3b,0x7f);
&LL(0x22,0x22,0x88,0x22,0x0d,0xaa,0x44,0x2f);
&LL(0x64,0x64,0x8d,0x64,0x07,0xe9,0xc8,0x63);
&LL(0xf1,0xf1,0xe3,0xf1,0xdb,0x12,0xff,0x2a);
&LL(0x73,0x73,0xd1,0x73,0xbf,0xa2,0xe6,0xcc);
&LL(0x12,0x12,0x48,0x12,0x90,0x5a,0x24,0x82);
&LL(0x40,0x40,0x1d,0x40,0x3a,0x5d,0x80,0x7a);
&LL(0x08,0x08,0x20,0x08,0x40,0x28,0x10,0x48);
&LL(0xc3,0xc3,0x2b,0xc3,0x56,0xe8,0x9b,0x95);
&LL(0xec,0xec,0x97,0xec,0x33,0x7b,0xc5,0xdf);
&LL(0xdb,0xdb,0x4b,0xdb,0x96,0x90,0xab,0x4d);
&LL(0xa1,0xa1,0xbe,0xa1,0x61,0x1f,0x5f,0xc0);
&LL(0x8d,0x8d,0x0e,0x8d,0x1c,0x83,0x07,0x91);
&LL(0x3d,0x3d,0xf4,0x3d,0xf5,0xc9,0x7a,0xc8);
&LL(0x97,0x97,0x66,0x97,0xcc,0xf1,0x33,0x5b);
&LL(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00);
&LL(0xcf,0xcf,0x1b,0xcf,0x36,0xd4,0x83,0xf9);
&LL(0x2b,0x2b,0xac,0x2b,0x45,0x87,0x56,0x6e);
&LL(0x76,0x76,0xc5,0x76,0x97,0xb3,0xec,0xe1);
&LL(0x82,0x82,0x32,0x82,0x64,0xb0,0x19,0xe6);
&LL(0xd6,0xd6,0x7f,0xd6,0xfe,0xa9,0xb1,0x28);
&LL(0x1b,0x1b,0x6c,0x1b,0xd8,0x77,0x36,0xc3);
&LL(0xb5,0xb5,0xee,0xb5,0xc1,0x5b,0x77,0x74);
&LL(0xaf,0xaf,0x86,0xaf,0x11,0x29,0x43,0xbe);
&LL(0x6a,0x6a,0xb5,0x6a,0x77,0xdf,0xd4,0x1d);
&LL(0x50,0x50,0x5d,0x50,0xba,0x0d,0xa0,0xea);
&LL(0x45,0x45,0x09,0x45,0x12,0x4c,0x8a,0x57);
&LL(0xf3,0xf3,0xeb,0xf3,0xcb,0x18,0xfb,0x38);
&LL(0x30,0x30,0xc0,0x30,0x9d,0xf0,0x60,0xad);
&LL(0xef,0xef,0x9b,0xef,0x2b,0x74,0xc3,0xc4);
&LL(0x3f,0x3f,0xfc,0x3f,0xe5,0xc3,0x7e,0xda);
&LL(0x55,0x55,0x49,0x55,0x92,0x1c,0xaa,0xc7);
&LL(0xa2,0xa2,0xb2,0xa2,0x79,0x10,0x59,0xdb);
&LL(0xea,0xea,0x8f,0xea,0x03,0x65,0xc9,0xe9);
&LL(0x65,0x65,0x89,0x65,0x0f,0xec,0xca,0x6a);
&LL(0xba,0xba,0xd2,0xba,0xb9,0x68,0x69,0x03);
&LL(0x2f,0x2f,0xbc,0x2f,0x65,0x93,0x5e,0x4a);
&LL(0xc0,0xc0,0x27,0xc0,0x4e,0xe7,0x9d,0x8e);
&LL(0xde,0xde,0x5f,0xde,0xbe,0x81,0xa1,0x60);
&LL(0x1c,0x1c,0x70,0x1c,0xe0,0x6c,0x38,0xfc);
&LL(0xfd,0xfd,0xd3,0xfd,0xbb,0x2e,0xe7,0x46);
&LL(0x4d,0x4d,0x29,0x4d,0x52,0x64,0x9a,0x1f);
&LL(0x92,0x92,0x72,0x92,0xe4,0xe0,0x39,0x76);
&LL(0x75,0x75,0xc9,0x75,0x8f,0xbc,0xea,0xfa);
&LL(0x06,0x06,0x18,0x06,0x30,0x1e,0x0c,0x36);
&LL(0x8a,0x8a,0x12,0x8a,0x24,0x98,0x09,0xae);
&LL(0xb2,0xb2,0xf2,0xb2,0xf9,0x40,0x79,0x4b);
&LL(0xe6,0xe6,0xbf,0xe6,0x63,0x59,0xd1,0x85);
&LL(0x0e,0x0e,0x38,0x0e,0x70,0x36,0x1c,0x7e);
&LL(0x1f,0x1f,0x7c,0x1f,0xf8,0x63,0x3e,0xe7);
&LL(0x62,0x62,0x95,0x62,0x37,0xf7,0xc4,0x55);
&LL(0xd4,0xd4,0x77,0xd4,0xee,0xa3,0xb5,0x3a);
&LL(0xa8,0xa8,0x9a,0xa8,0x29,0x32,0x4d,0x81);
&LL(0x96,0x96,0x62,0x96,0xc4,0xf4,0x31,0x52);
&LL(0xf9,0xf9,0xc3,0xf9,0x9b,0x3a,0xef,0x62);
&LL(0xc5,0xc5,0x33,0xc5,0x66,0xf6,0x97,0xa3);
&LL(0x25,0x25,0x94,0x25,0x35,0xb1,0x4a,0x10);
&LL(0x59,0x59,0x79,0x59,0xf2,0x20,0xb2,0xab);
&LL(0x84,0x84,0x2a,0x84,0x54,0xae,0x15,0xd0);
&LL(0x72,0x72,0xd5,0x72,0xb7,0xa7,0xe4,0xc5);
&LL(0x39,0x39,0xe4,0x39,0xd5,0xdd,0x72,0xec);
&LL(0x4c,0x4c,0x2d,0x4c,0x5a,0x61,0x98,0x16);
&LL(0x5e,0x5e,0x65,0x5e,0xca,0x3b,0xbc,0x94);
&LL(0x78,0x78,0xfd,0x78,0xe7,0x85,0xf0,0x9f);
&LL(0x38,0x38,0xe0,0x38,0xdd,0xd8,0x70,0xe5);
&LL(0x8c,0x8c,0x0a,0x8c,0x14,0x86,0x05,0x98);
&LL(0xd1,0xd1,0x63,0xd1,0xc6,0xb2,0xbf,0x17);
&LL(0xa5,0xa5,0xae,0xa5,0x41,0x0b,0x57,0xe4);
&LL(0xe2,0xe2,0xaf,0xe2,0x43,0x4d,0xd9,0xa1);
&LL(0x61,0x61,0x99,0x61,0x2f,0xf8,0xc2,0x4e);
&LL(0xb3,0xb3,0xf6,0xb3,0xf1,0x45,0x7b,0x42);
&LL(0x21,0x21,0x84,0x21,0x15,0xa5,0x42,0x34);
&LL(0x9c,0x9c,0x4a,0x9c,0x94,0xd6,0x25,0x08);
&LL(0x1e,0x1e,0x78,0x1e,0xf0,0x66,0x3c,0xee);
&LL(0x43,0x43,0x11,0x43,0x22,0x52,0x86,0x61);
&LL(0xc7,0xc7,0x3b,0xc7,0x76,0xfc,0x93,0xb1);
&LL(0xfc,0xfc,0xd7,0xfc,0xb3,0x2b,0xe5,0x4f);
&LL(0x04,0x04,0x10,0x04,0x20,0x14,0x08,0x24);
&LL(0x51,0x51,0x59,0x51,0xb2,0x08,0xa2,0xe3);
&LL(0x99,0x99,0x5e,0x99,0xbc,0xc7,0x2f,0x25);
&LL(0x6d,0x6d,0xa9,0x6d,0x4f,0xc4,0xda,0x22);
&LL(0x0d,0x0d,0x34,0x0d,0x68,0x39,0x1a,0x65);
&LL(0xfa,0xfa,0xcf,0xfa,0x83,0x35,0xe9,0x79);
&LL(0xdf,0xdf,0x5b,0xdf,0xb6,0x84,0xa3,0x69);
&LL(0x7e,0x7e,0xe5,0x7e,0xd7,0x9b,0xfc,0xa9);
&LL(0x24,0x24,0x90,0x24,0x3d,0xb4,0x48,0x19);
&LL(0x3b,0x3b,0xec,0x3b,0xc5,0xd7,0x76,0xfe);
&LL(0xab,0xab,0x96,0xab,0x31,0x3d,0x4b,0x9a);
&LL(0xce,0xce,0x1f,0xce,0x3e,0xd1,0x81,0xf0);
&LL(0x11,0x11,0x44,0x11,0x88,0x55,0x22,0x99);
&LL(0x8f,0x8f,0x06,0x8f,0x0c,0x89,0x03,0x83);
&LL(0x4e,0x4e,0x25,0x4e,0x4a,0x6b,0x9c,0x04);
&LL(0xb7,0xb7,0xe6,0xb7,0xd1,0x51,0x73,0x66);
&LL(0xeb,0xeb,0x8b,0xeb,0x0b,0x60,0xcb,0xe0);
&LL(0x3c,0x3c,0xf0,0x3c,0xfd,0xcc,0x78,0xc1);
&LL(0x81,0x81,0x3e,0x81,0x7c,0xbf,0x1f,0xfd);
&LL(0x94,0x94,0x6a,0x94,0xd4,0xfe,0x35,0x40);
&LL(0xf7,0xf7,0xfb,0xf7,0xeb,0x0c,0xf3,0x1c);
&LL(0xb9,0xb9,0xde,0xb9,0xa1,0x67,0x6f,0x18);
&LL(0x13,0x13,0x4c,0x13,0x98,0x5f,0x26,0x8b);
&LL(0x2c,0x2c,0xb0,0x2c,0x7d,0x9c,0x58,0x51);
&LL(0xd3,0xd3,0x6b,0xd3,0xd6,0xb8,0xbb,0x05);
&LL(0xe7,0xe7,0xbb,0xe7,0x6b,0x5c,0xd3,0x8c);
&LL(0x6e,0x6e,0xa5,0x6e,0x57,0xcb,0xdc,0x39);
&LL(0xc4,0xc4,0x37,0xc4,0x6e,0xf3,0x95,0xaa);
&LL(0x03,0x03,0x0c,0x03,0x18,0x0f,0x06,0x1b);
&LL(0x56,0x56,0x45,0x56,0x8a,0x13,0xac,0xdc);
&LL(0x44,0x44,0x0d,0x44,0x1a,0x49,0x88,0x5e);
&LL(0x7f,0x7f,0xe1,0x7f,0xdf,0x9e,0xfe,0xa0);
&LL(0xa9,0xa9,0x9e,0xa9,0x21,0x37,0x4f,0x88);
&LL(0x2a,0x2a,0xa8,0x2a,0x4d,0x82,0x54,0x67);
&LL(0xbb,0xbb,0xd6,0xbb,0xb1,0x6d,0x6b,0x0a);
&LL(0xc1,0xc1,0x23,0xc1,0x46,0xe2,0x9f,0x87);
&LL(0x53,0x53,0x51,0x53,0xa2,0x02,0xa6,0xf1);
&LL(0xdc,0xdc,0x57,0xdc,0xae,0x8b,0xa5,0x72);
&LL(0x0b,0x0b,0x2c,0x0b,0x58,0x27,0x16,0x53);
&LL(0x9d,0x9d,0x4e,0x9d,0x9c,0xd3,0x27,0x01);
&LL(0x6c,0x6c,0xad,0x6c,0x47,0xc1,0xd8,0x2b);
&LL(0x31,0x31,0xc4,0x31,0x95,0xf5,0x62,0xa4);
&LL(0x74,0x74,0xcd,0x74,0x87,0xb9,0xe8,0xf3);
&LL(0xf6,0xf6,0xff,0xf6,0xe3,0x09,0xf1,0x15);
&LL(0x46,0x46,0x05,0x46,0x0a,0x43,0x8c,0x4c);
&LL(0xac,0xac,0x8a,0xac,0x09,0x26,0x45,0xa5);
&LL(0x89,0x89,0x1e,0x89,0x3c,0x97,0x0f,0xb5);
&LL(0x14,0x14,0x50,0x14,0xa0,0x44,0x28,0xb4);
&LL(0xe1,0xe1,0xa3,0xe1,0x5b,0x42,0xdf,0xba);
&LL(0x16,0x16,0x58,0x16,0xb0,0x4e,0x2c,0xa6);
&LL(0x3a,0x3a,0xe8,0x3a,0xcd,0xd2,0x74,0xf7);
&LL(0x69,0x69,0xb9,0x69,0x6f,0xd0,0xd2,0x06);
&LL(0x09,0x09,0x24,0x09,0x48,0x2d,0x12,0x41);
&LL(0x70,0x70,0xdd,0x70,0xa7,0xad,0xe0,0xd7);
&LL(0xb6,0xb6,0xe2,0xb6,0xd9,0x54,0x71,0x6f);
&LL(0xd0,0xd0,0x67,0xd0,0xce,0xb7,0xbd,0x1e);
&LL(0xed,0xed,0x93,0xed,0x3b,0x7e,0xc7,0xd6);
&LL(0xcc,0xcc,0x17,0xcc,0x2e,0xdb,0x85,0xe2);
&LL(0x42,0x42,0x15,0x42,0x2a,0x57,0x84,0x68);
&LL(0x98,0x98,0x5a,0x98,0xb4,0xc2,0x2d,0x2c);
&LL(0xa4,0xa4,0xaa,0xa4,0x49,0x0e,0x55,0xed);
&LL(0x28,0x28,0xa0,0x28,0x5d,0x88,0x50,0x75);
&LL(0x5c,0x5c,0x6d,0x5c,0xda,0x31,0xb8,0x86);
&LL(0xf8,0xf8,0xc7,0xf8,0x93,0x3f,0xed,0x6b);
&LL(0x86,0x86,0x22,0x86,0x44,0xa4,0x11,0xc2);
&L(0x18,0x23,0xc6,0xe8,0x87,0xb8,0x01,0x4f); # rc[ROUNDS]
&L(0x36,0xa6,0xd2,0xf5,0x79,0x6f,0x91,0x52);
&L(0x60,0xbc,0x9b,0x8e,0xa3,0x0c,0x7b,0x35);
&L(0x1d,0xe0,0xd7,0xc2,0x2e,0x4b,0xfe,0x57);
&L(0x15,0x77,0x37,0xe5,0x9f,0xf0,0x4a,0xda);
&L(0x58,0xc9,0x29,0x0a,0xb1,0xa0,0x6b,0x85);
&L(0xbd,0x5d,0x10,0xf4,0xcb,0x3e,0x05,0x67);
&L(0xe4,0x27,0x41,0x8b,0xa7,0x7d,0x95,0xd8);
&L(0xfb,0xee,0x7c,0x66,0xdd,0x17,0x47,0x9e);
&L(0xca,0x2d,0xbf,0x07,0xad,0x5a,0x83,0x33);
$code =~ s/\`([^\`]*)\`/eval $1/gem;
print $code;
close STDOUT;

230
lib/libcrypto/whrlpool/wp_block.c → lib/libcrypto/whrlpool/whirlpool.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: wp_block.c,v 1.15 2022/11/26 16:08:54 tb Exp $ */
/* $OpenBSD: whirlpool.c,v 1.1 2024/03/29 02:41:49 jsing Exp $ */
/**
* The Whirlpool hashing function.
*
@ -36,11 +36,27 @@
*
*/
/*
* OpenSSL-specific implementation notes.
*
* WHIRLPOOL_Update as well as one-stroke WHIRLPOOL both expect
* number of *bytes* as input length argument. Bit-oriented routine
* as specified by authors is called WHIRLPOOL_BitUpdate[!] and
* does not have one-stroke counterpart.
*
* WHIRLPOOL_BitUpdate implements byte-oriented loop, essentially
* to serve WHIRLPOOL_Update. This is done for performance.
*
* Unlike authors' reference implementation, block processing
* routine whirlpool_block is designed to operate on multi-block
* input. This is done for performance.
*/
#include <endian.h>
#include <string.h>
#include <openssl/crypto.h>
#include "wp_local.h"
#include <openssl/crypto.h>
#include <openssl/whrlpool.h>
typedef unsigned char u8;
#if defined(_LP64)
@ -627,3 +643,211 @@ void whirlpool_block(WHIRLPOOL_CTX *ctx,const void *inp,size_t n)
p += 64;
} while(--n);
}
int
WHIRLPOOL_Init(WHIRLPOOL_CTX *c)
{
memset (c, 0, sizeof(*c));
return (1);
}
int
WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *_inp, size_t bytes)
{
/* Well, largest suitable chunk size actually is
* (1<<(sizeof(size_t)*8-3))-64, but below number
* is large enough for not to care about excessive
* calls to WHIRLPOOL_BitUpdate... */
size_t chunk = ((size_t)1) << (sizeof(size_t)*8 - 4);
const unsigned char *inp = _inp;
while (bytes >= chunk) {
WHIRLPOOL_BitUpdate(c, inp, chunk*8);
bytes -= chunk;
inp += chunk;
}
if (bytes)
WHIRLPOOL_BitUpdate(c, inp, bytes*8);
return (1);
}
void
WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits)
{
size_t n;
unsigned int bitoff = c->bitoff,
bitrem = bitoff % 8,
inpgap = (8 - (unsigned int)bits % 8)&7;
const unsigned char *inp = _inp;
/* This 256-bit increment procedure relies on the size_t
* being natural size of CPU register, so that we don't
* have to mask the value in order to detect overflows. */
c->bitlen[0] += bits;
if (c->bitlen[0] < bits) /* overflow */
{
n = 1;
do {
c->bitlen[n]++;
} while (c->bitlen[n]==0 &&
++n < (WHIRLPOOL_COUNTER/sizeof(size_t)));
}
#ifndef OPENSSL_SMALL_FOOTPRINT
reconsider:
if (inpgap==0 && bitrem==0) /* byte-oriented loop */
{
while (bits) {
if (bitoff == 0 && (n = bits/WHIRLPOOL_BBLOCK)) {
whirlpool_block(c, inp, n);
inp += n*WHIRLPOOL_BBLOCK/8;
bits %= WHIRLPOOL_BBLOCK;
} else {
unsigned int byteoff = bitoff/8;
bitrem = WHIRLPOOL_BBLOCK - bitoff;/* re-use bitrem */
if (bits >= bitrem) {
bits -= bitrem;
bitrem /= 8;
memcpy(c->data + byteoff, inp, bitrem);
inp += bitrem;
whirlpool_block(c, c->data, 1);
bitoff = 0;
} else {
memcpy(c->data + byteoff, inp, bits/8);
bitoff += (unsigned int)bits;
bits = 0;
}
c->bitoff = bitoff;
}
}
}
else /* bit-oriented loop */
#endif
{
/*
inp
|
+-------+-------+-------
|||||||||||||||||||||
+-------+-------+-------
+-------+-------+-------+-------+-------
|||||||||||||| c->data
+-------+-------+-------+-------+-------
|
c->bitoff/8
*/
while (bits) {
unsigned int byteoff = bitoff/8;
unsigned char b;
#ifndef OPENSSL_SMALL_FOOTPRINT
if (bitrem == inpgap) {
c->data[byteoff++] |= inp[0] & (0xff >> inpgap);
inpgap = 8 - inpgap;
bitoff += inpgap; bitrem = 0; /* bitoff%8 */
bits -= inpgap; inpgap = 0; /* bits%8 */
inp++;
if (bitoff == WHIRLPOOL_BBLOCK) {
whirlpool_block(c, c->data, 1);
bitoff = 0;
}
c->bitoff = bitoff;
goto reconsider;
} else
#endif
if (bits >= 8) {
b = ((inp[0]<<inpgap) | (inp[1]>>(8 - inpgap)));
b &= 0xff;
if (bitrem)
c->data[byteoff++] |= b >> bitrem;
else
c->data[byteoff++] = b;
bitoff += 8;
bits -= 8;
inp++;
if (bitoff >= WHIRLPOOL_BBLOCK) {
whirlpool_block(c, c->data, 1);
byteoff = 0;
bitoff %= WHIRLPOOL_BBLOCK;
}
if (bitrem)
c->data[byteoff] = b << (8 - bitrem);
}
else /* remaining less than 8 bits */
{
b = (inp[0]<<inpgap)&0xff;
if (bitrem)
c->data[byteoff++] |= b >> bitrem;
else
c->data[byteoff++] = b;
bitoff += (unsigned int)bits;
if (bitoff == WHIRLPOOL_BBLOCK) {
whirlpool_block(c, c->data, 1);
byteoff = 0;
bitoff %= WHIRLPOOL_BBLOCK;
}
if (bitrem)
c->data[byteoff] = b << (8 - bitrem);
bits = 0;
}
c->bitoff = bitoff;
}
}
}
int
WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c)
{
unsigned int bitoff = c->bitoff,
byteoff = bitoff/8;
size_t i, j, v;
unsigned char *p;
bitoff %= 8;
if (bitoff)
c->data[byteoff] |= 0x80 >> bitoff;
else
c->data[byteoff] = 0x80;
byteoff++;
/* pad with zeros */
if (byteoff > (WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER)) {
if (byteoff < WHIRLPOOL_BBLOCK/8)
memset(&c->data[byteoff], 0, WHIRLPOOL_BBLOCK/8 - byteoff);
whirlpool_block(c, c->data, 1);
byteoff = 0;
}
if (byteoff < (WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER))
memset(&c->data[byteoff], 0,
(WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER) - byteoff);
/* smash 256-bit c->bitlen in big-endian order */
p = &c->data[WHIRLPOOL_BBLOCK/8-1]; /* last byte in c->data */
for (i = 0; i < WHIRLPOOL_COUNTER/sizeof(size_t); i++)
for (v = c->bitlen[i], j = 0; j < sizeof(size_t); j++, v >>= 8)
*p-- = (unsigned char)(v&0xff);
whirlpool_block(c, c->data, 1);
if (md) {
memcpy(md, c->H.c, WHIRLPOOL_DIGEST_LENGTH);
memset(c, 0, sizeof(*c));
return (1);
}
return (0);
}
unsigned char *
WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md)
{
WHIRLPOOL_CTX ctx;
static unsigned char m[WHIRLPOOL_DIGEST_LENGTH];
if (md == NULL)
md = m;
WHIRLPOOL_Init(&ctx);
WHIRLPOOL_Update(&ctx, inp, bytes);
WHIRLPOOL_Final(md, &ctx);
return (md);
}

267
lib/libcrypto/whrlpool/wp_dgst.c
View file

@ -1,267 +0,0 @@
/* $OpenBSD: wp_dgst.c,v 1.8 2024/03/29 00:16:22 jsing Exp $ */
/**
* The Whirlpool hashing function.
*
* <P>
* <b>References</b>
*
* <P>
* The Whirlpool algorithm was developed by
* <a href="mailto:pbarreto@scopus.com.br">Paulo S. L. M. Barreto</a> and
* <a href="mailto:vincent.rijmen@cryptomathic.com">Vincent Rijmen</a>.
*
* See
* P.S.L.M. Barreto, V. Rijmen,
* ``The Whirlpool hashing function,''
* NESSIE submission, 2000 (tweaked version, 2001),
* <https://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/whirlpool.zip>
*
* Based on "@version 3.0 (2003.03.12)" by Paulo S.L.M. Barreto and
* Vincent Rijmen. Lookup "reference implementations" on
* <http://planeta.terra.com.br/informatica/paulobarreto/>
*
* =============================================================================
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
* EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/*
* OpenSSL-specific implementation notes.
*
* WHIRLPOOL_Update as well as one-stroke WHIRLPOOL both expect
* number of *bytes* as input length argument. Bit-oriented routine
* as specified by authors is called WHIRLPOOL_BitUpdate[!] and
* does not have one-stroke counterpart.
*
* WHIRLPOOL_BitUpdate implements byte-oriented loop, essentially
* to serve WHIRLPOOL_Update. This is done for performance.
*
* Unlike authors' reference implementation, block processing
* routine whirlpool_block is designed to operate on multi-block
* input. This is done for performance.
*/
#include <string.h>
#include <openssl/crypto.h>
#include "wp_local.h"
int
WHIRLPOOL_Init(WHIRLPOOL_CTX *c)
{
memset (c, 0, sizeof(*c));
return (1);
}
int
WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *_inp, size_t bytes)
{
/* Well, largest suitable chunk size actually is
* (1<<(sizeof(size_t)*8-3))-64, but below number
* is large enough for not to care about excessive
* calls to WHIRLPOOL_BitUpdate... */
size_t chunk = ((size_t)1) << (sizeof(size_t)*8 - 4);
const unsigned char *inp = _inp;
while (bytes >= chunk) {
WHIRLPOOL_BitUpdate(c, inp, chunk*8);
bytes -= chunk;
inp += chunk;
}
if (bytes)
WHIRLPOOL_BitUpdate(c, inp, bytes*8);
return (1);
}
void
WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits)
{
size_t n;
unsigned int bitoff = c->bitoff,
bitrem = bitoff % 8,
inpgap = (8 - (unsigned int)bits % 8)&7;
const unsigned char *inp = _inp;
/* This 256-bit increment procedure relies on the size_t
* being natural size of CPU register, so that we don't
* have to mask the value in order to detect overflows. */
c->bitlen[0] += bits;
if (c->bitlen[0] < bits) /* overflow */
{
n = 1;
do {
c->bitlen[n]++;
} while (c->bitlen[n]==0 &&
++n < (WHIRLPOOL_COUNTER/sizeof(size_t)));
}
#ifndef OPENSSL_SMALL_FOOTPRINT
reconsider:
if (inpgap==0 && bitrem==0) /* byte-oriented loop */
{
while (bits) {
if (bitoff == 0 && (n = bits/WHIRLPOOL_BBLOCK)) {
whirlpool_block(c, inp, n);
inp += n*WHIRLPOOL_BBLOCK/8;
bits %= WHIRLPOOL_BBLOCK;
} else {
unsigned int byteoff = bitoff/8;
bitrem = WHIRLPOOL_BBLOCK - bitoff;/* re-use bitrem */
if (bits >= bitrem) {
bits -= bitrem;
bitrem /= 8;
memcpy(c->data + byteoff, inp, bitrem);
inp += bitrem;
whirlpool_block(c, c->data, 1);
bitoff = 0;
} else {
memcpy(c->data + byteoff, inp, bits/8);
bitoff += (unsigned int)bits;
bits = 0;
}
c->bitoff = bitoff;
}
}
}
else /* bit-oriented loop */
#endif
{
/*
inp
|
+-------+-------+-------
|||||||||||||||||||||
+-------+-------+-------
+-------+-------+-------+-------+-------
|||||||||||||| c->data
+-------+-------+-------+-------+-------
|
c->bitoff/8
*/
while (bits) {
unsigned int byteoff = bitoff/8;
unsigned char b;
#ifndef OPENSSL_SMALL_FOOTPRINT
if (bitrem == inpgap) {
c->data[byteoff++] |= inp[0] & (0xff >> inpgap);
inpgap = 8 - inpgap;
bitoff += inpgap; bitrem = 0; /* bitoff%8 */
bits -= inpgap; inpgap = 0; /* bits%8 */
inp++;
if (bitoff == WHIRLPOOL_BBLOCK) {
whirlpool_block(c, c->data, 1);
bitoff = 0;
}
c->bitoff = bitoff;
goto reconsider;
} else
#endif
if (bits >= 8) {
b = ((inp[0]<<inpgap) | (inp[1]>>(8 - inpgap)));
b &= 0xff;
if (bitrem)
c->data[byteoff++] |= b >> bitrem;
else
c->data[byteoff++] = b;
bitoff += 8;
bits -= 8;
inp++;
if (bitoff >= WHIRLPOOL_BBLOCK) {
whirlpool_block(c, c->data, 1);
byteoff = 0;
bitoff %= WHIRLPOOL_BBLOCK;
}
if (bitrem)
c->data[byteoff] = b << (8 - bitrem);
}
else /* remaining less than 8 bits */
{
b = (inp[0]<<inpgap)&0xff;
if (bitrem)
c->data[byteoff++] |= b >> bitrem;
else
c->data[byteoff++] = b;
bitoff += (unsigned int)bits;
if (bitoff == WHIRLPOOL_BBLOCK) {
whirlpool_block(c, c->data, 1);
byteoff = 0;
bitoff %= WHIRLPOOL_BBLOCK;
}
if (bitrem)
c->data[byteoff] = b << (8 - bitrem);
bits = 0;
}
c->bitoff = bitoff;
}
}
}
int
WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c)
{
unsigned int bitoff = c->bitoff,
byteoff = bitoff/8;
size_t i, j, v;
unsigned char *p;
bitoff %= 8;
if (bitoff)
c->data[byteoff] |= 0x80 >> bitoff;
else
c->data[byteoff] = 0x80;
byteoff++;
/* pad with zeros */
if (byteoff > (WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER)) {
if (byteoff < WHIRLPOOL_BBLOCK/8)
memset(&c->data[byteoff], 0, WHIRLPOOL_BBLOCK/8 - byteoff);
whirlpool_block(c, c->data, 1);
byteoff = 0;
}
if (byteoff < (WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER))
memset(&c->data[byteoff], 0,
(WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER) - byteoff);
/* smash 256-bit c->bitlen in big-endian order */
p = &c->data[WHIRLPOOL_BBLOCK/8-1]; /* last byte in c->data */
for (i = 0; i < WHIRLPOOL_COUNTER/sizeof(size_t); i++)
for (v = c->bitlen[i], j = 0; j < sizeof(size_t); j++, v >>= 8)
*p-- = (unsigned char)(v&0xff);
whirlpool_block(c, c->data, 1);
if (md) {
memcpy(md, c->H.c, WHIRLPOOL_DIGEST_LENGTH);
memset(c, 0, sizeof(*c));
return (1);
}
return (0);
}
unsigned char *
WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md)
{
WHIRLPOOL_CTX ctx;
static unsigned char m[WHIRLPOOL_DIGEST_LENGTH];
if (md == NULL)
md = m;
WHIRLPOOL_Init(&ctx);
WHIRLPOOL_Update(&ctx, inp, bytes);
WHIRLPOOL_Final(md, &ctx);
return (md);
}

11
lib/libcrypto/whrlpool/wp_local.h
View file

@ -1,11 +0,0 @@
/* $OpenBSD: wp_local.h,v 1.2 2023/09/04 08:43:41 tb Exp $ */
#include <sys/types.h>
#include <openssl/whrlpool.h>
__BEGIN_HIDDEN_DECLS
void whirlpool_block(WHIRLPOOL_CTX *,const void *,size_t);
__END_HIDDEN_DECLS

65
lib/libcrypto/x509/x509_vpm.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: x509_vpm.c,v 1.43 2024/03/29 00:25:32 tb Exp $ */
/* $OpenBSD: x509_vpm.c,v 1.45 2024/03/29 04:50:11 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2004.
*/
@ -464,48 +464,59 @@ LCRYPTO_ALIAS(X509_VERIFY_PARAM_set_time);
int
X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, ASN1_OBJECT *policy)
{
if (!param->policies) {
if (param->policies == NULL)
param->policies = sk_ASN1_OBJECT_new_null();
if (!param->policies)
return 0;
}
if (!sk_ASN1_OBJECT_push(param->policies, policy))
if (param->policies == NULL)
return 0;
if (sk_ASN1_OBJECT_push(param->policies, policy) <= 0)
return 0;
return 1;
}
LCRYPTO_ALIAS(X509_VERIFY_PARAM_add0_policy);
static STACK_OF(ASN1_OBJECT) *
sk_ASN1_OBJECT_deep_copy(const STACK_OF(ASN1_OBJECT) *sk)
{
STACK_OF(ASN1_OBJECT) *objs;
ASN1_OBJECT *obj = NULL;
int i;
if ((objs = sk_ASN1_OBJECT_new_null()) == NULL)
goto err;
for (i = 0; i < sk_ASN1_OBJECT_num(sk); i++) {
if ((obj = OBJ_dup(sk_ASN1_OBJECT_value(sk, i))) == NULL)
goto err;
if (sk_ASN1_OBJECT_push(objs, obj) <= 0)
goto err;
obj = NULL;
}
return objs;
err:
sk_ASN1_OBJECT_pop_free(objs, ASN1_OBJECT_free);
ASN1_OBJECT_free(obj);
return NULL;
}
int
X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
STACK_OF(ASN1_OBJECT) *policies)
{
int i;
ASN1_OBJECT *oid, *doid;
if (!param)
if (param == NULL)
return 0;
if (param->policies)
sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
if (!policies) {
param->policies = NULL;
sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
param->policies = NULL;
if (policies == NULL)
return 1;
}
param->policies = sk_ASN1_OBJECT_new_null();
if (!param->policies)
if ((param->policies = sk_ASN1_OBJECT_deep_copy(policies)) == NULL)
return 0;
for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++) {
oid = sk_ASN1_OBJECT_value(policies, i);
doid = OBJ_dup(oid);
if (!doid)
return 0;
if (!sk_ASN1_OBJECT_push(param->policies, doid)) {
ASN1_OBJECT_free(doid);
return 0;
}
}
return 1;
}
LCRYPTO_ALIAS(X509_VERIFY_PARAM_set1_policies);

24
lib/libfido2/src/rs1.c
View file

@ -9,32 +9,17 @@
#include "fido.h"
#if OPENSSL_VERSION_NUMBER >= 0x30000000
static EVP_MD *
rs1_get_EVP_MD(void)
{
return (EVP_MD_fetch(NULL, "SHA-1", NULL));
}
#define PRAGMA(s)
static void
rs1_free_EVP_MD(EVP_MD *md)
{
EVP_MD_free(md);
}
#else
static EVP_MD *
rs1_get_EVP_MD(void)
{
PRAGMA("GCC diagnostic push");
PRAGMA("GCC diagnostic ignored \"-Wcast-qual\"");
return ((EVP_MD *)EVP_sha1());
PRAGMA("GCC diagnostic pop");
}
static void
rs1_free_EVP_MD(EVP_MD *md)
{
(void)md;
}
#endif /* OPENSSL_VERSION_NUMBER */
int
rs1_verify_sig(const fido_blob_t *dgst, EVP_PKEY *pkey,
const fido_blob_t *sig)
@ -70,7 +55,6 @@ rs1_verify_sig(const fido_blob_t *dgst, EVP_PKEY *pkey,
ok = 0;
fail:
EVP_PKEY_CTX_free(pctx);
rs1_free_EVP_MD(md);
return (ok);
}

24
lib/libfido2/src/rs256.c
View file

@ -17,32 +17,17 @@
#define get0_RSA(x) EVP_PKEY_get0((x))
#endif
#if OPENSSL_VERSION_NUMBER >= 0x30000000
static EVP_MD *
rs256_get_EVP_MD(void)
{
return (EVP_MD_fetch(NULL, "SHA2-256", NULL));
}
#define PRAGMA(s)
static void
rs256_free_EVP_MD(EVP_MD *md)
{
EVP_MD_free(md);
}
#else
static EVP_MD *
rs256_get_EVP_MD(void)
{
PRAGMA("GCC diagnostic push");
PRAGMA("GCC diagnostic ignored \"-Wcast-qual\"");
return ((EVP_MD *)EVP_sha256());
PRAGMA("GCC diagnostic pop");
}
static void
rs256_free_EVP_MD(EVP_MD *md)
{
(void)md;
}
#endif /* OPENSSL_VERSION_NUMBER */
static int
decode_bignum(const cbor_item_t *item, void *ptr, size_t len)
{
@ -266,7 +251,6 @@ rs256_verify_sig(const fido_blob_t *dgst, EVP_PKEY *pkey,
ok = 0;
fail:
EVP_PKEY_CTX_free(pctx);
rs256_free_EVP_MD(md);
return (ok);
}

18
lib/libm/Makefile
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.123 2022/01/21 03:12:55 gnezdo Exp $
# $OpenBSD: Makefile,v 1.124 2024/03/29 06:49:00 miod Exp $
# $NetBSD: Makefile,v 1.28 1995/11/20 22:06:19 jtc Exp $
#
# @(#)Makefile 5.1beta 93/09/24
@ -47,25 +47,13 @@ ARCH_SRCS = e_sqrt.c e_sqrtf.c e_remainder.c e_remainderf.c \
.elif (${MACHINE_ARCH} == "sh")
.PATH: ${.CURDIR}/arch/sh
ARCH_SRCS = e_sqrt.c e_sqrtf.c s_fabsf.c
.elif (${MACHINE_ARCH} == "aarch64")
.PATH: ${.CURDIR}/arch/aarch64
.elif (${MACHINE_ARCH} == "arm")
.PATH: ${.CURDIR}/arch/arm
.elif (${MACHINE_ARCH} == "m88k")
.PATH: ${.CURDIR}/arch/m88k
.elif (${MACHINE_ARCH} == "mips64")
.PATH: ${.CURDIR}/arch/mips64
.elif (${MACHINE_ARCH} == "mips64el")
.PATH: ${.CURDIR}/arch/mips64
.elif (${MACHINE_ARCH} == "powerpc")
.PATH: ${.CURDIR}/arch/powerpc
.elif (${MACHINE_ARCH} == "powerpc64")
.PATH: ${.CURDIR}/arch/powerpc64
.elif (${MACHINE_ARCH} == "riscv64")
.PATH: ${.CURDIR}/arch/riscv64
.elif (${MACHINE_ARCH} == "sparc64")
.PATH: ${.CURDIR}/arch/sparc64
ARCH_SRCS = e_sqrtl.c
.else
.PATH: ${.CURDIR}/arch/${MACHINE_ARCH}
.endif
.PATH: ${.CURDIR}/man

3
regress/lib/libcrypto/Makefile
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.55 2024/03/28 06:45:36 beck Exp $
# $OpenBSD: Makefile,v 1.56 2024/03/29 07:13:38 joshua Exp $
SUBDIR += aead
SUBDIR += aes
@ -48,6 +48,7 @@ SUBDIR += sm3
SUBDIR += sm4
SUBDIR += symbols
SUBDIR += utf8
SUBDIR += whirlpool
SUBDIR += wycheproof
SUBDIR += x509

48
regress/lib/libcrypto/cms/cmstest.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: cmstest.c,v 1.7 2023/03/02 21:08:14 tb Exp $ */
/* $OpenBSD: cmstest.c,v 1.8 2024/03/29 06:42:42 tb Exp $ */
/*
* Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
*
@ -97,6 +97,40 @@ static const char cms_key_1[] =
"pFtLoXoGoVXRjAtpNvX7fh/G\n"
"-----END PRIVATE KEY-----\n";
const char cms_ca_2[] =
"-----BEGIN CERTIFICATE-----\n"
"MIIBvTCCAW+gAwIBAgIQHioe49U1R3LcahmTCOUmoTAFBgMrZXAwXTEUMBIGA1UE\n"
"ChMLQ01TIFRlc3QgQ0ExHTAbBgNVBAsMFGNtc3Rlc3RAbGlicmVzc2wub3JnMSYw\n"
"JAYDVQQDDB1DTVMgVGVzdCBjbXN0ZXN0QGxpYnJlc3NsLm9yZzAeFw0yMzEwMDkw\n"
"OTAzNDhaFw0zMzEwMDkwOTAzNDhaMF0xFDASBgNVBAoTC0NNUyBUZXN0IENBMR0w\n"
"GwYDVQQLDBRjbXN0ZXN0QGxpYnJlc3NsLm9yZzEmMCQGA1UEAwwdQ01TIFRlc3Qg\n"
"Y21zdGVzdEBsaWJyZXNzbC5vcmcwKjAFBgMrZXADIQAYj6pY7cN0DnwmsYHVDLqJ\n"
"7/Futy5p4QJDKA/FSZ6+6KNFMEMwDgYDVR0PAQH/BAQDAgIEMBIGA1UdEwEB/wQI\n"
"MAYBAf8CAQAwHQYDVR0OBBYEFE7G7c7O2Vj79+Q786M7ssMd/lflMAUGAytlcANB\n"
"AOk+RHgs8D82saBM1nQMgIwEsNhYwbj3HhrRFDezYcnZeorBgiZTV3uQd2EndFdU\n"
"hcs4OYMCRorxqpUXX6EMtwQ=\n"
"-----END CERTIFICATE-----\n";
const char cms_cert_2[] =
"-----BEGIN CERTIFICATE-----\n"
"MIIB5DCCAZagAwIBAgIQevuGe7FBHIc2pnQ4b4dsIzAFBgMrZXAwXTEUMBIGA1UE\n"
"ChMLQ01TIFRlc3QgQ0ExHTAbBgNVBAsMFGNtc3Rlc3RAbGlicmVzc2wub3JnMSYw\n"
"JAYDVQQDDB1DTVMgVGVzdCBjbXN0ZXN0QGxpYnJlc3NsLm9yZzAeFw0yMzEwMDkw\n"
"OTAzNDhaFw0zMzEwMDkwOTAzNDhaMD4xHTAbBgNVBAoTFENNUyB0ZXN0IGNlcnRp\n"
"ZmljYXRlMR0wGwYDVQQLDBRjbXN0ZXN0QGxpYnJlc3NsLm9yZzAqMAUGAytlcAMh\n"
"AFH47Z54SuXMN+i5CCvMVUZJZzSYsDcRY+lPtc+J8h2ko4GKMIGHMA4GA1UdDwEB\n"
"/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwQwHwYDVR0jBBgw\n"
"FoAUTsbtzs7ZWPv35Dvzozuywx3+V+UwNQYDVR0RBC4wLIIUY21zdGVzdC5saWJy\n"
"ZXNzbC5vcmeBFGNtc3Rlc3RAbGlicmVzc2wub3JnMAUGAytlcANBAAEqYppowFjF\n"
"fTZhNM3cIyFfmQthJV/+krEE2VTSoKgCokll+fXz1K9P+R3asgrVDoHjnBtvksIE\n"
"wup36c05XQA=\n"
"-----END CERTIFICATE-----\n";
const char cms_key_2[] =
"-----BEGIN PRIVATE KEY-----\n"
"MC4CAQAwBQYDK2VwBCIEIO88YApnGRDewzSwtxAnBvhlTPz9MjSz51mEpE2oi+9g\n"
"-----END PRIVATE KEY-----\n";
static void
hexdump(const unsigned char *buf, size_t len)
{
@ -204,7 +238,8 @@ test_cms_encrypt_decrypt(void)
}
static int
test_cms_sign_verify(void)
test_cms_sign_verify(const char *ca_pem, const char *cert_pem,
const char *key_pem)
{
STACK_OF(X509) *certs = NULL;
CMS_ContentInfo *ci = NULL;
@ -224,7 +259,7 @@ test_cms_sign_verify(void)
if ((certs = sk_X509_new_null()) == NULL)
errx(1, "failed to create certs");
if ((bio_mem = BIO_new_mem_buf(cms_cert_1, -1)) == NULL)
if ((bio_mem = BIO_new_mem_buf(cert_pem, -1)) == NULL)
errx(1, "failed to create BIO for cert");
if ((cert = PEM_read_bio_X509(bio_mem, NULL, NULL, NULL)) == NULL)
errx(1, "failed to read cert");
@ -232,7 +267,7 @@ test_cms_sign_verify(void)
errx(1, "failed to push cert");
BIO_free(bio_mem);
if ((bio_mem = BIO_new_mem_buf(cms_ca_1, -1)) == NULL)
if ((bio_mem = BIO_new_mem_buf(ca_pem, -1)) == NULL)
errx(1, "failed to create BIO for cert");
if ((ca = PEM_read_bio_X509(bio_mem, NULL, NULL, NULL)) == NULL)
errx(1, "failed to read cert");
@ -242,7 +277,7 @@ test_cms_sign_verify(void)
errx(1, "failed to add cert to store");
BIO_free(bio_mem);
if ((bio_mem = BIO_new_mem_buf(cms_key_1, -1)) == NULL)
if ((bio_mem = BIO_new_mem_buf(key_pem, -1)) == NULL)
errx(1, "failed to create BIO for key");
if ((pkey = PEM_read_bio_PrivateKey(bio_mem, NULL, NULL, NULL)) == NULL)
errx(1, "failed to read key");
@ -320,7 +355,8 @@ main(int argc, char **argv)
ERR_load_crypto_strings();
failed |= test_cms_encrypt_decrypt();
failed |= test_cms_sign_verify();
failed |= test_cms_sign_verify(cms_ca_1, cms_cert_1, cms_key_1);
failed |= test_cms_sign_verify(cms_ca_2, cms_cert_2, cms_key_2);
return failed;
}

3
regress/lib/libcrypto/symbols/symbols.awk
View file

@ -1,4 +1,4 @@
# $OpenBSD: symbols.awk,v 1.8 2023/05/04 20:15:27 tb Exp $
# $OpenBSD: symbols.awk,v 1.9 2024/03/29 02:30:25 jsing Exp $
# Copyright (c) 2018,2020 Theo Buehler <tb@openbsd.org>
#
@ -17,7 +17,6 @@
# usage: awk -f symbols.awk < Symbols.list > symbols.c
BEGIN {
printf("#include <openssl/pem.h> /* CMS special */\n\n")
printf("#include \"include_headers.c\"\n\n")
}

9
regress/lib/libcrypto/whirlpool/Makefile Normal file
View file

@ -0,0 +1,9 @@
# $OpenBSD: Makefile,v 1.1 2024/03/29 07:13:38 joshua Exp $
PROG = whirlpool_test
LDADD = -lcrypto
DPADD = ${LIBCRYPTO}
WARNINGS = Yes
CFLAGS += -DLIBRESSL_INTERNAL -Werror
.include <bsd.regress.mk>

240
regress/lib/libcrypto/whirlpool/whirlpool_test.c Normal file
View file

@ -0,0 +1,240 @@
/* $OpenBSD: whirlpool_test.c,v 1.1 2024/03/29 07:13:38 joshua Exp $ */
/*
* Copyright (c) 2024 Joshua Sing <joshua@joshuasing.dev>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <openssl/evp.h>
#include <openssl/whrlpool.h>
#include <stdint.h>
#include <string.h>
struct whirlpool_test {
const uint8_t in[128];
const size_t in_len;
const uint8_t out[EVP_MAX_MD_SIZE];
};
static const struct whirlpool_test whirlpool_tests[] = {
{
.in = "",
.in_len = 0,
.out = {
0x19, 0xfa, 0x61, 0xd7, 0x55, 0x22, 0xa4, 0x66,
0x9b, 0x44, 0xe3, 0x9c, 0x1d, 0x2e, 0x17, 0x26,
0xc5, 0x30, 0x23, 0x21, 0x30, 0xd4, 0x07, 0xf8,
0x9a, 0xfe, 0xe0, 0x96, 0x49, 0x97, 0xf7, 0xa7,
0x3e, 0x83, 0xbe, 0x69, 0x8b, 0x28, 0x8f, 0xeb,
0xcf, 0x88, 0xe3, 0xe0, 0x3c, 0x4f, 0x07, 0x57,
0xea, 0x89, 0x64, 0xe5, 0x9b, 0x63, 0xd9, 0x37,
0x08, 0xb1, 0x38, 0xcc, 0x42, 0xa6, 0x6e, 0xb3,
},
},
{
.in = "a",
.in_len = 1,
.out = {
0x8a, 0xca, 0x26, 0x02, 0x79, 0x2a, 0xec, 0x6f,
0x11, 0xa6, 0x72, 0x06, 0x53, 0x1f, 0xb7, 0xd7,
0xf0, 0xdf, 0xf5, 0x94, 0x13, 0x14, 0x5e, 0x69,
0x73, 0xc4, 0x50, 0x01, 0xd0, 0x08, 0x7b, 0x42,
0xd1, 0x1b, 0xc6, 0x45, 0x41, 0x3a, 0xef, 0xf6,
0x3a, 0x42, 0x39, 0x1a, 0x39, 0x14, 0x5a, 0x59,
0x1a, 0x92, 0x20, 0x0d, 0x56, 0x01, 0x95, 0xe5,
0x3b, 0x47, 0x85, 0x84, 0xfd, 0xae, 0x23, 0x1a,
},
},
{
.in = "abc",
.in_len = 3,
.out = {
0x4e, 0x24, 0x48, 0xa4, 0xc6, 0xf4, 0x86, 0xbb,
0x16, 0xb6, 0x56, 0x2c, 0x73, 0xb4, 0x02, 0x0b,
0xf3, 0x04, 0x3e, 0x3a, 0x73, 0x1b, 0xce, 0x72,
0x1a, 0xe1, 0xb3, 0x03, 0xd9, 0x7e, 0x6d, 0x4c,
0x71, 0x81, 0xee, 0xbd, 0xb6, 0xc5, 0x7e, 0x27,
0x7d, 0x0e, 0x34, 0x95, 0x71, 0x14, 0xcb, 0xd6,
0xc7, 0x97, 0xfc, 0x9d, 0x95, 0xd8, 0xb5, 0x82,
0xd2, 0x25, 0x29, 0x20, 0x76, 0xd4, 0xee, 0xf5,
},
},
{
.in = "message digest",
.in_len = 14,
.out = {
0x37, 0x8c, 0x84, 0xa4, 0x12, 0x6e, 0x2d, 0xc6,
0xe5, 0x6d, 0xcc, 0x74, 0x58, 0x37, 0x7a, 0xac,
0x83, 0x8d, 0x00, 0x03, 0x22, 0x30, 0xf5, 0x3c,
0xe1, 0xf5, 0x70, 0x0c, 0x0f, 0xfb, 0x4d, 0x3b,
0x84, 0x21, 0x55, 0x76, 0x59, 0xef, 0x55, 0xc1,
0x06, 0xb4, 0xb5, 0x2a, 0xc5, 0xa4, 0xaa, 0xa6,
0x92, 0xed, 0x92, 0x00, 0x52, 0x83, 0x8f, 0x33,
0x62, 0xe8, 0x6d, 0xbd, 0x37, 0xa8, 0x90, 0x3e,
},
},
{
.in = "abcdefghijklmnopqrstuvwxyz",
.in_len = 26,
.out = {
0xf1, 0xd7, 0x54, 0x66, 0x26, 0x36, 0xff, 0xe9,
0x2c, 0x82, 0xeb, 0xb9, 0x21, 0x2a, 0x48, 0x4a,
0x8d, 0x38, 0x63, 0x1e, 0xad, 0x42, 0x38, 0xf5,
0x44, 0x2e, 0xe1, 0x3b, 0x80, 0x54, 0xe4, 0x1b,
0x08, 0xbf, 0x2a, 0x92, 0x51, 0xc3, 0x0b, 0x6a,
0x0b, 0x8a, 0xae, 0x86, 0x17, 0x7a, 0xb4, 0xa6,
0xf6, 0x8f, 0x67, 0x3e, 0x72, 0x07, 0x86, 0x5d,
0x5d, 0x98, 0x19, 0xa3, 0xdb, 0xa4, 0xeb, 0x3b,
},
},
{
.in = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
.in_len = 62,
.out = {
0xdc, 0x37, 0xe0, 0x08, 0xcf, 0x9e, 0xe6, 0x9b,
0xf1, 0x1f, 0x00, 0xed, 0x9a, 0xba, 0x26, 0x90,
0x1d, 0xd7, 0xc2, 0x8c, 0xde, 0xc0, 0x66, 0xcc,
0x6a, 0xf4, 0x2e, 0x40, 0xf8, 0x2f, 0x3a, 0x1e,
0x08, 0xeb, 0xa2, 0x66, 0x29, 0x12, 0x9d, 0x8f,
0xb7, 0xcb, 0x57, 0x21, 0x1b, 0x92, 0x81, 0xa6,
0x55, 0x17, 0xcc, 0x87, 0x9d, 0x7b, 0x96, 0x21,
0x42, 0xc6, 0x5f, 0x5a, 0x7a, 0xf0, 0x14, 0x67,
},
},
{
.in = "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
.in_len = 80,
.out = {
0x46, 0x6e, 0xf1, 0x8b, 0xab, 0xb0, 0x15, 0x4d,
0x25, 0xb9, 0xd3, 0x8a, 0x64, 0x14, 0xf5, 0xc0,
0x87, 0x84, 0x37, 0x2b, 0xcc, 0xb2, 0x04, 0xd6,
0x54, 0x9c, 0x4a, 0xfa, 0xdb, 0x60, 0x14, 0x29,
0x4d, 0x5b, 0xd8, 0xdf, 0x2a, 0x6c, 0x44, 0xe5,
0x38, 0xcd, 0x04, 0x7b, 0x26, 0x81, 0xa5, 0x1a,
0x2c, 0x60, 0x48, 0x1e, 0x88, 0xc5, 0xa2, 0x0b,
0x2c, 0X2A, 0X80, 0XCF, 0X3A, 0X9A, 0X08, 0X3B,
},
},
{
.in = "abcdbcdecdefdefgefghfghighijhijk",
.in_len = 32,
.out = {
0x2a, 0x98, 0x7e, 0xa4, 0x0f, 0x91, 0x70, 0x61,
0xf5, 0xd6, 0xf0, 0xa0, 0xe4, 0x64, 0x4f, 0x48,
0x8a, 0x7a, 0x5a, 0x52, 0xde, 0xee, 0x65, 0x62,
0x07, 0xc5, 0x62, 0xf9, 0x88, 0xe9, 0x5c, 0x69,
0x16, 0xbd, 0xc8, 0x03, 0x1b, 0xc5, 0xbe, 0x1b,
0x7b, 0x94, 0x76, 0x39, 0xfe, 0x05, 0x0b, 0x56,
0x93, 0x9b, 0xaa, 0xa0, 0xad, 0xff, 0x9a, 0xe6,
0x74, 0x5b, 0x7b, 0x18, 0x1c, 0x3b, 0xe3, 0xfd,
},
},
};
#define N_WHIRLPOOL_TESTS (sizeof(whirlpool_tests) / sizeof(whirlpool_tests[0]))
static int
whirlpool_test(void)
{
const struct whirlpool_test *wt;
EVP_MD_CTX *md_ctx = NULL;
const EVP_MD *md = EVP_whirlpool();
uint8_t out[EVP_MAX_MD_SIZE];
size_t i, l, in_len;
int failed = 1;
if ((md_ctx = EVP_MD_CTX_new()) == NULL) {
fprintf(stderr, "FAIL: EVP_MD_CTX_new() failed\n");
goto failed;
}
for (i = 0; i < N_WHIRLPOOL_TESTS; i++) {
wt = &whirlpool_tests[i];
/* Digest */
memset(out, 0, sizeof(out));
WHIRLPOOL(wt->in, wt->in_len, out);
if (memcmp(wt->out, out, WHIRLPOOL_DIGEST_LENGTH) != 0) {
fprintf(stderr, "FAIL (%zu): digest mismatch\n", i);
goto failed;
}
/* EVP single-shot digest */
memset(out, 0, sizeof(out));
if (!EVP_Digest(wt->in, wt->in_len, out, NULL, md, NULL)) {
fprintf(stderr, "FAIL (%zu): EVP_Digest failed\n", i);
goto failed;
}
if (memcmp(wt->out, out, WHIRLPOOL_DIGEST_LENGTH) != 0) {
fprintf(stderr,
"FAIL (%zu): EVP single-shot mismatch\n", i);
goto failed;
}
/* EVP digest */
memset(out, 0, sizeof(out));
if (!EVP_DigestInit_ex(md_ctx, md, NULL)) {
fprintf(stderr,
"FAIL (%zu): EVP_DigestInit_ex failed\n", i);
goto failed;
}
for (l = 0; l < wt->in_len;) {
in_len = arc4random_uniform(wt->in_len / 2);
if (in_len < 1)
in_len = 1;
if (in_len > wt->in_len - l)
in_len = wt->in_len - l;
if (!EVP_DigestUpdate(md_ctx, wt->in + l, in_len)) {
fprintf(stderr,
"FAIL(%zu, %zu): EVP_DigestUpdate failed\n",
i, l);
goto failed;
}
l += in_len;
}
if (!EVP_DigestFinal_ex(md_ctx, out, NULL)) {
fprintf(stderr,
"FAIL (%zu): EVP_DigestFinal_ex failed\n",
i);
goto failed;
}
if (memcmp(wt->out, out, WHIRLPOOL_DIGEST_LENGTH) != 0) {
fprintf(stderr, "FAIL (%zu): EVP mismatch\n", i);
goto failed;
}
}
failed = 0;
failed:
EVP_MD_CTX_free(md_ctx);
return failed;
}
int
main(int argc, char **argv)
{
int failed = 0;
failed |= whirlpool_test();
return failed;
}

4
regress/usr.bin/ssh/sftp-cmds.sh
View file

@ -1,4 +1,4 @@
# $OpenBSD: sftp-cmds.sh,v 1.18 2024/03/26 08:09:16 dtucker Exp $
# $OpenBSD: sftp-cmds.sh,v 1.19 2024/03/29 10:40:07 dtucker Exp $
# Placed in the Public Domain.
# XXX - TODO:
@ -36,7 +36,7 @@ echo "ls ${OBJ}" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \
verbose "$tid: shell"
echo "!echo hi there" | ${SFTP} -D ${SFTPSERVER} 2>&1 | \
grep -E '^hi there$' >/dev/null || fail "shell failed"
egrep '^hi there$' >/dev/null || fail "shell failed"
verbose "$tid: pwd"
echo "pwd" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \

4
sys/dev/fdt/dwpcie.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: dwpcie.c,v 1.52 2024/02/26 21:41:24 kettenis Exp $ */
/* $OpenBSD: dwpcie.c,v 1.53 2024/03/29 12:45:13 kettenis Exp $ */
/*
* Copyright (c) 2018 Mark Kettenis <kettenis@openbsd.org>
*
@ -676,7 +676,7 @@ dwpcie_attach_deferred(struct device *self)
pmembase = sc->sc_pmem_bus_addr;
pmemlimit = pmembase + sc->sc_pmem_size - 1;
blr = pmemlimit & PPB_MEM_MASK;
blr |= (pmembase >> PPB_MEM_SHIFT);
blr |= ((pmembase & PPB_MEM_MASK) >> PPB_MEM_SHIFT);
HWRITE4(sc, PPB_REG_PREFMEM, blr);
HWRITE4(sc, PPB_REG_PREFBASE_HI32, pmembase >> 32);
HWRITE4(sc, PPB_REG_PREFLIM_HI32, pmemlimit >> 32);

5
sys/dev/ic/dwqe.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: dwqe.c,v 1.17 2024/03/04 23:50:20 bluhm Exp $ */
/* $OpenBSD: dwqe.c,v 1.18 2024/03/29 08:19:40 stsp Exp $ */
/*
* Copyright (c) 2008, 2019 Mark Kettenis <kettenis@openbsd.org>
* Copyright (c) 2017, 2022 Patrick Wildt <patrick@blueri.se>
@ -593,6 +593,9 @@ dwqe_tx_proc(struct dwqe_softc *sc)
struct dwqe_buf *txb;
int idx, txfree;
if ((ifp->if_flags & IFF_RUNNING) == 0)
return;
bus_dmamap_sync(sc->sc_dmat, DWQE_DMA_MAP(sc->sc_txring), 0,
DWQE_DMA_LEN(sc->sc_txring),
BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE);

3
sys/dev/pci/sdhc_pci.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: sdhc_pci.c,v 1.25 2024/03/28 23:38:54 jsg Exp $ */
/* $OpenBSD: sdhc_pci.c,v 1.26 2024/03/29 02:36:49 jsg Exp $ */
/*
* Copyright (c) 2006 Uwe Stuehler <uwe@openbsd.org>
@ -132,6 +132,7 @@ sdhc_pci_attach(struct device *parent, struct device *self, void *aux)
PCI_PRODUCT(pa->pa_id) == PCI_PRODUCT_INTEL_APOLLOLAKE_EMMC ||
PCI_PRODUCT(pa->pa_id) == PCI_PRODUCT_INTEL_GLK_EMMC ||
PCI_PRODUCT(pa->pa_id) == PCI_PRODUCT_INTEL_JSL_EMMC ||
PCI_PRODUCT(pa->pa_id) == PCI_PRODUCT_INTEL_EHL_EMMC ||
PCI_PRODUCT(pa->pa_id) == PCI_PRODUCT_INTEL_ADL_N_EMMC))
sc->sc.sc_flags |= SDHC_F_NOPWR0;

5
sys/kern/kern_sysctl.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: kern_sysctl.c,v 1.425 2024/02/10 15:28:16 deraadt Exp $ */
/* $OpenBSD: kern_sysctl.c,v 1.426 2024/03/29 06:50:06 miod Exp $ */
/* $NetBSD: kern_sysctl.c,v 1.17 1996/05/20 17:49:05 mrg Exp $ */
/*-
@ -666,13 +666,12 @@ int hw_power = 1;
/* morally const values reported by sysctl_bounded_arr */
static int byte_order = BYTE_ORDER;
static int page_size = PAGE_SIZE;
const struct sysctl_bounded_args hw_vars[] = {
{HW_NCPU, &ncpus, SYSCTL_INT_READONLY},
{HW_NCPUFOUND, &ncpusfound, SYSCTL_INT_READONLY},
{HW_BYTEORDER, &byte_order, SYSCTL_INT_READONLY},
{HW_PAGESIZE, &page_size, SYSCTL_INT_READONLY},
{HW_PAGESIZE, &uvmexp.pagesize, SYSCTL_INT_READONLY},
{HW_DISKCOUNT, &disk_count, SYSCTL_INT_READONLY},
{HW_POWER, &hw_power, SYSCTL_INT_READONLY},
};

8
sys/sys/syscall_mi.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: syscall_mi.h,v 1.31 2024/01/22 04:38:32 deraadt Exp $ */
/* $OpenBSD: syscall_mi.h,v 1.32 2024/03/29 06:47:05 deraadt Exp $ */
/*
* Copyright (c) 1982, 1986, 1989, 1993
@ -162,12 +162,6 @@ mi_syscall(struct proc *p, register_t code, const struct sysent *callp,
uvm_map_inentry_sp, p->p_vmspace->vm_map.sserial))
return (EPERM);
/* PC must be in un-writeable permitted text (sigtramp, libc, ld.so) */
if (!uvm_map_inentry(p, &p->p_pcinentry, PROC_PC(p),
"[%s]%d/%d pc=%lx inside %lx-%lx: bogus syscall\n",
uvm_map_inentry_pc, p->p_vmspace->vm_map.wserial))
return (EPERM);
if ((error = pin_check(p, code)))
return (error);

3
usr.bin/kdump/kdump.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: kdump.c,v 1.161 2023/12/15 15:12:08 deraadt Exp $ */
/* $OpenBSD: kdump.c,v 1.162 2024/03/29 07:53:32 deraadt Exp $ */
/*-
* Copyright (c) 1988, 1993
@ -754,7 +754,6 @@ static const formatter scargs[][8] = {
[SYS_access] = { Ppath, Accessmodename },
[SYS_chflags] = { Ppath, Chflagsname },
[SYS_fchflags] = { Pfd, Chflagsname },
[SYS_msyscall] = { Pptr, Pbigsize },
[SYS_stat] = { Ppath, Pptr },
[SYS_lstat] = { Ppath, Pptr },
[SYS_dup] = { Pfd },

8
usr.sbin/procmap/procmap.1
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: procmap.1,v 1.26 2022/11/10 08:17:53 deraadt Exp $
.\" $OpenBSD: procmap.1,v 1.27 2024/03/29 06:54:13 deraadt Exp $
.\" $NetBSD: pmap.1,v 1.6 2003/01/19 21:25:43 atatat Exp $
.\"
.\" Copyright (c) 2002 The NetBSD Foundation, Inc.
@ -28,7 +28,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 10 2022 $
.Dd $Mdocdate: March 29 2024 $
.Dt PROCMAP 1
.Os
.Sh NAME
@ -222,7 +222,7 @@ MAP 0xcf7cac84: [0x0-\*(Gt0xbfbfe000]
#ent=8, sz=34041856, ref=1, version=20, flags=0x21
pmap=0xcf44cee0(resident=\*(Ltunknown\*(Gt)
- 0xcfa3a358: 0x8048000-\*(Gt0x80b1000: obj=0xcf45a8e8/0x0, amap=0x0/0
submap=F, cow=T, nc=T, stack=F, syscall=F, immutable=F, prot(max)=5/7, inh=1, wc=0, adv=0
submap=F, cow=T, nc=T, stack=F, immutable=F, prot(max)=5/7, inh=1, wc=0, adv=0
\&...
.Ed
.Pp
@ -332,8 +332,6 @@ comprises:
permissions for the mapping
.It S
mapping is marked stack
.It e
mapping is allowed system call entry points
.It I
mapping is immutable (rwx protection may not be changed)
.It p

14
usr.sbin/procmap/procmap.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: procmap.c,v 1.71 2022/11/10 08:17:53 deraadt Exp $ */
/* $OpenBSD: procmap.c,v 1.72 2024/03/29 06:54:13 deraadt Exp $ */
/* $NetBSD: pmap.c,v 1.1 2002/09/01 20:32:44 atatat Exp $ */
/*
@ -719,14 +719,13 @@ dump_vm_map_entry(kvm_t *kd, struct kbit *vmspace,
name = findname(kd, vmspace, vme, vp, vfs, uvm_obj);
if (print_map) {
printf("0x%-*lx 0x%-*lx %c%c%c%c%c%c %c%c%c %s %s %d %d %d",
printf("0x%-*lx 0x%-*lx %c%c%c%c%c %c%c%c %s %s %d %d %d",
(int)sizeof(long) * 2 + 0, vme->start,
(int)sizeof(long) * 2 + 0, vme->end,
(vme->protection & PROT_READ) ? 'r' : '-',
(vme->protection & PROT_WRITE) ? 'w' : '-',
(vme->protection & PROT_EXEC) ? 'x' : '-',
(vme->etype & UVM_ET_STACK) ? 'S' : '-',
(vme->etype & UVM_ET_SYSCALL) ? 'e' : '-',
(vme->etype & UVM_ET_IMMUTABLE) ? 'I' : '-',
(vme->max_protection & PROT_READ) ? 'r' : '-',
(vme->max_protection & PROT_WRITE) ? 'w' : '-',
@ -747,14 +746,13 @@ dump_vm_map_entry(kvm_t *kd, struct kbit *vmspace,
}
if (print_maps)
printf("0x%-*lx 0x%-*lx %c%c%c%c%c%c%c %0*lx %02x:%02x %llu %s\n",
printf("0x%-*lx 0x%-*lx %c%c%c%c%c%c %0*lx %02x:%02x %llu %s\n",
(int)sizeof(void *) * 2, vme->start,
(int)sizeof(void *) * 2, vme->end,
(vme->protection & PROT_READ) ? 'r' : '-',
(vme->protection & PROT_WRITE) ? 'w' : '-',
(vme->protection & PROT_EXEC) ? 'x' : '-',
(vme->etype & UVM_ET_STACK) ? 'S' : '-',
(vme->etype & UVM_ET_SYSCALL) ? 'e' : '-',
(vme->etype & UVM_ET_IMMUTABLE) ? 'I' : '-',
(vme->etype & UVM_ET_COPYONWRITE) ? 'p' : 's',
(int)sizeof(void *) * 2,
@ -769,13 +767,12 @@ dump_vm_map_entry(kvm_t *kd, struct kbit *vmspace,
vme->object.uvm_obj, (unsigned long)vme->offset,
vme->aref.ar_amap, vme->aref.ar_pageoff);
printf("\tsubmap=%c, cow=%c, nc=%c, stack=%c, "
"syscall=%c, immutable=%c, prot(max)=%d/%d, inh=%d, "
"immutable=%c, prot(max)=%d/%d, inh=%d, "
"wc=%d, adv=%d\n",
(vme->etype & UVM_ET_SUBMAP) ? 'T' : 'F',
(vme->etype & UVM_ET_COPYONWRITE) ? 'T' : 'F',
(vme->etype & UVM_ET_NEEDSCOPY) ? 'T' : 'F',
(vme->etype & UVM_ET_STACK) ? 'T' : 'F',
(vme->etype & UVM_ET_SYSCALL) ? 'T' : 'F',
(vme->etype & UVM_ET_IMMUTABLE) ? 'T' : 'F',
vme->protection, vme->max_protection,
vme->inheritance, vme->wired_count, vme->advice);
@ -816,7 +813,7 @@ dump_vm_map_entry(kvm_t *kd, struct kbit *vmspace,
}
sz = (size_t)((vme->end - vme->start) / 1024);
printf("%0*lx-%0*lx %7luk %0*lx %c%c%c%c%c%c%c%c (%c%c%c) %d/%d/%d %02u:%02u %7llu - %s",
printf("%0*lx-%0*lx %7luk %0*lx %c%c%c%c%c%c%c (%c%c%c) %d/%d/%d %02u:%02u %7llu - %s",
(int)sizeof(void *) * 2, vme->start, (int)sizeof(void *) * 2,
vme->end - (vme->start != vme->end ? 1 : 0), (unsigned long)sz,
(int)sizeof(void *) * 2, (unsigned long)vme->offset,
@ -824,7 +821,6 @@ dump_vm_map_entry(kvm_t *kd, struct kbit *vmspace,
(vme->protection & PROT_WRITE) ? 'w' : '-',
(vme->protection & PROT_EXEC) ? 'x' : '-',
(vme->etype & UVM_ET_STACK) ? 'S' : '-',
(vme->etype & UVM_ET_SYSCALL) ? 'e' : '-',
(vme->etype & UVM_ET_IMMUTABLE) ? 'I' : '-',
(vme->etype & UVM_ET_COPYONWRITE) ? 'p' : 's',
(vme->etype & UVM_ET_NEEDSCOPY) ? '+' : '-',