diff --git a/distrib/sets/lists/comp/mi b/distrib/sets/lists/comp/mi index f0fae99b0..70901e3cc 100644 --- a/distrib/sets/lists/comp/mi +++ b/distrib/sets/lists/comp/mi @@ -1690,7 +1690,6 @@ ./usr/share/man/man2/msgrcv.2 ./usr/share/man/man2/msgsnd.2 ./usr/share/man/man2/msync.2 -./usr/share/man/man2/msyscall.2 ./usr/share/man/man2/munmap.2 ./usr/share/man/man2/nanosleep.2 ./usr/share/man/man2/nfssvc.2 diff --git a/gnu/usr.bin/cc/Makefile b/gnu/usr.bin/cc/Makefile index 170ad2f12..008284a54 100644 --- a/gnu/usr.bin/cc/Makefile +++ b/gnu/usr.bin/cc/Makefile @@ -1,5 +1,5 @@ # $FreeBSD: src/gnu/usr.bin/cc/Makefile,v 1.41.8.1 2009/04/15 03:14:26 kensmith Exp $ -# $OpenBSD: Makefile,v 1.3 2017/07/24 19:23:57 robert Exp $ +# $OpenBSD: Makefile,v 1.4 2024/03/29 06:52:50 miod Exp $ .include @@ -13,7 +13,6 @@ SUBDIR+= cpp .endif SUBDIR+= cc1plus c++ c++filt -SUBDIR+= cc1obj SUBDIR+= gcov SUBDIR+= libgcc SUBDIR+= libgcov diff --git a/gnu/usr.bin/cc/cc1obj/Makefile b/gnu/usr.bin/cc/cc1obj/Makefile deleted file mode 100644 index 8b6d97a45..000000000 --- a/gnu/usr.bin/cc/cc1obj/Makefile +++ /dev/null @@ -1,32 +0,0 @@ -# $FreeBSD: src/gnu/usr.bin/cc/cc1obj/Makefile,v 1.28.8.1 2009/04/15 03:14:26 kensmith Exp $ -# $OpenBSD: Makefile,v 1.2 2010/05/06 20:58:10 naddy Exp $ - -.include - -.include "${.CURDIR}/../Makefile.inc" -.include "${.CURDIR}/../Makefile.ver" - -.PATH: ${GCCDIR}/objc ${GCCDIR} - -PROG= cc1obj -SRCS= main.c c-parser.c objc-act.c objc-lang.c c-decl.c -BINDIR= /usr/lib/gcc-lib/${GCC_TARGET}/${BASEVER} -NOMAN= Yes -NO_PIC= Yes - -CFLAGS+= -I${GCCDIR}/objc -I. - -OBJS+= ${PROG}-checksum.o -DPADD= ${LIBBACKEND} ${LIBCPP} ${LIBDECNUMBER} ${LIBIBERTY} -LDADD= ${LIBBACKEND} ${LIBCPP} ${LIBDECNUMBER} ${LIBIBERTY} - -DOBJS+= ${SRCS:N*.h:R:S/$/.o/g} -${PROG}-dummy: ${DOBJS} - ${CC} ${CFLAGS} ${LDFLAGS} -o ${.TARGET} ${DOBJS} ${LDADD} -CLEANFILES+= ${PROG}-dummy - -${PROG}-checksum.c: ${PROG}-dummy - ../cc_tools/genchecksum ${PROG}-dummy > ${.TARGET} -CLEANFILES+= ${PROG}-checksum.c - -.include diff --git a/gnu/usr.bin/gcc/Makefile.bsd-wrapper b/gnu/usr.bin/gcc/Makefile.bsd-wrapper index 3978260f3..2ea8f940a 100644 --- a/gnu/usr.bin/gcc/Makefile.bsd-wrapper +++ b/gnu/usr.bin/gcc/Makefile.bsd-wrapper @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.bsd-wrapper,v 1.68 2017/10/29 12:42:11 aoyama Exp $ +# $OpenBSD: Makefile.bsd-wrapper,v 1.69 2024/03/29 06:52:50 miod Exp $ MAN= gcc.1 cpp.1 gcov.1 @@ -6,7 +6,7 @@ BINDIR=/usr/bin .if defined(BOOTSTRAP) LANGUAGES=--enable-languages=c .else -LANGUAGES=--enable-languages='c,c++,objc' +LANGUAGES=--enable-languages='c,c++' .endif V=3.3.6 @@ -29,7 +29,7 @@ MAKE_FLAGS= CFLAGS="${GNUCFLAGS}" \ GXX_INCDIR= /usr/include/g++ CLEANFILES= .gdbinit */.gdbinit *.info* \ c-parse.c c-parse.h c-parse.y cexp.c cp/parse.c cp/parse.h \ - f/*.info* objc/objc-parse.c objc/objc-parse.y target_path \ + target_path \ print-rtl1.c gengtype-lex.c gengtype-yacc.c gengtype-yacc.h \ genrtl.c genrtl.h fixinc.sh fixinc/Makefile \ po/Makefile po/Makefile.in po/POTFILES diff --git a/lib/libc/sys/Makefile.inc b/lib/libc/sys/Makefile.inc index b2617a8f5..07ca0a485 100644 --- a/lib/libc/sys/Makefile.inc +++ b/lib/libc/sys/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.177 2024/01/19 14:15:51 deraadt Exp $ +# $OpenBSD: Makefile.inc,v 1.178 2024/03/29 06:48:04 deraadt Exp $ # $NetBSD: Makefile.inc,v 1.35 1995/10/16 23:49:07 jtc Exp $ # @(#)Makefile.inc 8.1 (Berkeley) 6/17/93 @@ -189,7 +189,7 @@ MAN+= __get_tcb.2 __thrsigdivert.2 __thrsleep.2 _exit.2 accept.2 \ intro.2 ioctl.2 issetugid.2 \ kbind.2 kill.2 kqueue.2 ktrace.2 link.2 listen.2 lseek.2 madvise.2 \ mimmutable.2 minherit.2 mkdir.2 mkfifo.2 mknod.2 mlock.2 \ - mlockall.2 mmap.2 mount.2 mprotect.2 mquery.2 msyscall.2 msgctl.2 \ + mlockall.2 mmap.2 mount.2 mprotect.2 mquery.2 msgctl.2 \ msgget.2 msgrcv.2 msgsnd.2 msync.2 munmap.2 nanosleep.2 \ nfssvc.2 open.2 pathconf.2 pinsyscalls.2 pipe.2 pledge.2 \ poll.2 profil.2 ptrace.2 quotactl.2 read.2 readlink.2 reboot.2 recv.2 \ diff --git a/lib/libc/sys/msyscall.2 b/lib/libc/sys/msyscall.2 deleted file mode 100644 index 451402a30..000000000 --- a/lib/libc/sys/msyscall.2 +++ /dev/null @@ -1,72 +0,0 @@ -.\" $OpenBSD: msyscall.2,v 1.3 2023/09/14 19:59:12 jmc Exp $ -.\" -.\" Copyright (c) 2019 Theo de Raadt -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: September 14 2023 $ -.Dt MSYSCALL 2 -.Os -.Sh NAME -.Nm msyscall -.Nd permit syscalls from a region of pages -.Sh SYNOPSIS -.In sys/mman.h -.Ft int -.Fn msyscall "void *addr" "size_t len" -.Sh DESCRIPTION -The -.Fn msyscall -system call permits system call entry from the pages that contain -the address range -.Fa addr -through -.Fa addr -\&+ -.Fa len -\- 1 -(inclusive). -If -.Fa len -is 0, no action is taken on the page that contains -.Fa addr . -.Pp -.Fn msyscall -is currently intended for use by -.Xr ld.so 1 -only, and may be called only once to indicate the location of -the loaded -.Pa libc.so -library. -.Sh RETURN VALUES -.Rv -std -.Sh ERRORS -.Fn msyscall -will fail if: -.Bl -tag -width Er -.It Bq Er EINVAL -The specified address range would wrap around. -.It Bq Er EPERM -Attempt to call -.Fn msyscall -after -.Xr ld.so 1 -has called it. -.El -.Sh SEE ALSO -.Xr mmap 2 -.Sh HISTORY -The -.Fn msyscall -function first appeared in -.Ox 6.7 . diff --git a/lib/libc/sys/sigaltstack.2 b/lib/libc/sys/sigaltstack.2 index 99819c206..cb042c49f 100644 --- a/lib/libc/sys/sigaltstack.2 +++ b/lib/libc/sys/sigaltstack.2 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sigaltstack.2,v 1.26 2022/10/19 18:29:36 deraadt Exp $ +.\" $OpenBSD: sigaltstack.2,v 1.27 2024/03/29 06:48:04 deraadt Exp $ .\" $NetBSD: sigaltstack.2,v 1.3 1995/02/27 10:41:52 cgd Exp $ .\" .\" Copyright (c) 1983, 1991, 1992, 1993 @@ -30,7 +30,7 @@ .\" .\" @(#)sigaltstack.2 8.1 (Berkeley) 6/4/93 .\" -.Dd $Mdocdate: October 19 2022 $ +.Dd $Mdocdate: March 29 2024 $ .Dt SIGALTSTACK 2 .Os .Sh NAME @@ -132,11 +132,8 @@ On some additional restrictions prevent dangerous address space modifications. The proposed space at .Fa ss_sp -is verified to be contiguously mapped for read-write permissions -(no execute) -and incapable of syscall entry -(see -.Xr msyscall 2 ) . +is verified to be contiguously mapped for read-write permissions without +execute. If those conditions are met, a page-aligned inner region will be freshly mapped (all zero) with .Dv MAP_STACK diff --git a/lib/libcrypto/Makefile b/lib/libcrypto/Makefile index 918454e7a..7ed583fe4 100644 --- a/lib/libcrypto/Makefile +++ b/lib/libcrypto/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.185 2024/03/28 12:52:58 jsing Exp $ +# $OpenBSD: Makefile,v 1.192 2024/03/29 07:36:38 jsing Exp $ LIB= crypto LIBREBUILD=y @@ -73,6 +73,7 @@ SRCS+= o_str.c # aes/ SRCS+= aes.c +SRCS+= aes_core.c SRCS+= aes_ige.c # asn1/ @@ -200,17 +201,10 @@ SRCS+= bs_cbb.c SRCS+= bs_cbs.c # camellia/ -SRCS+= cmll_cfb.c -SRCS+= cmll_ctr.c -SRCS+= cmll_ecb.c -SRCS+= cmll_ofb.c +SRCS+= camellia.c # cast/ -SRCS+= c_cfb64.c -SRCS+= c_ecb.c -SRCS+= c_enc.c -SRCS+= c_ofb64.c -SRCS+= c_skey.c +SRCS+= cast.c # chacha/ SRCS+= chacha.c @@ -393,11 +387,7 @@ SRCS+= hm_pmeth.c SRCS+= hmac.c # idea/ -SRCS+= i_cbc.c -SRCS+= i_cfb64.c -SRCS+= i_ecb.c -SRCS+= i_ofb64.c -SRCS+= i_skey.c +SRCS+= idea.c # kdf/ SRCS+= hkdf_evp.c @@ -557,7 +547,7 @@ SRCS+= ui_openssl.c SRCS+= ui_util.c # whrlpool/ -SRCS+= wp_dgst.c +SRCS+= whirlpool.c # x509/ SRCS+= by_dir.c @@ -788,11 +778,6 @@ obj_dat.h: obj_mac.h ${SSL_OBJECTS}/obj_dat.pl .include "${.CURDIR}/arch/${MACHINE_CPU}/Makefile.inc" .else CFLAGS+=-DOPENSSL_NO_ASM -SRCS+= aes_core.c -SRCS+= camellia.c -SRCS+= cmll_cbc.c -SRCS+= cmll_misc.c -SRCS+= wp_block.c .endif BUILDFIRST = ${GENERATED} diff --git a/lib/libcrypto/Symbols.namespace b/lib/libcrypto/Symbols.namespace index 336989e98..511cd626b 100644 --- a/lib/libcrypto/Symbols.namespace +++ b/lib/libcrypto/Symbols.namespace @@ -2584,3 +2584,10 @@ _libre_DES_string_to_key _libre_DES_string_to_2keys _libre_DES_cfb64_encrypt _libre_DES_ofb64_encrypt +_libre_BF_set_key +_libre_BF_encrypt +_libre_BF_decrypt +_libre_BF_ecb_encrypt +_libre_BF_cbc_encrypt +_libre_BF_cfb64_encrypt +_libre_BF_ofb64_encrypt diff --git a/lib/libcrypto/aes/aes_core.c b/lib/libcrypto/aes/aes_core.c index bb1006acf..23211dfcd 100644 --- a/lib/libcrypto/aes/aes_core.c +++ b/lib/libcrypto/aes/aes_core.c @@ -1,4 +1,4 @@ -/* $OpenBSD: aes_core.c,v 1.19 2024/03/27 11:15:44 jsing Exp $ */ +/* $OpenBSD: aes_core.c,v 1.22 2024/03/29 11:19:01 jsing Exp $ */ /** * rijndael-alg-fst.c * @@ -50,6 +50,10 @@ Td3[x] = Si[x].[09, 0d, 0b, 0e]; Td4[x] = Si[x].[01]; */ +#if !defined(HAVE_AES_SET_ENCRYPT_KEY_INTERNAL) || \ + !defined(HAVE_AES_SET_DECRYPT_KEY_INTERNAL) || \ + !defined(HAVE_AES_ENCRYPT_INTERNAL) || \ + !defined(HAVE_AES_DECRYPT_INTERNAL) static const u32 Te0[256] = { 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U, @@ -579,6 +583,10 @@ static const u32 Td3[256] = { 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U, 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U, }; +#endif + +#if !defined(HAVE_AES_ENCRYPT_INTERNAL) || \ + !defined(HAVE_AES_DECRYPT_INTERNAL) static const u8 Td4[256] = { 0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U, 0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU, @@ -613,17 +621,29 @@ static const u8 Td4[256] = { 0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U, 0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU, }; +#endif + +#if !defined(HAVE_AES_SET_ENCRYPT_KEY_INTERNAL) || \ + !defined(HAVE_AES_SET_DECRYPT_KEY_INTERNAL) static const u32 rcon[] = { 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, 0x20000000, 0x40000000, 0x80000000, 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ }; +#endif -/** +#ifdef HAVE_AES_SET_ENCRYPT_KEY_INTERNAL +int aes_set_encrypt_key_internal(const unsigned char *userKey, const int bits, + AES_KEY *key); + +#else + +/* * Expand the cipher key into the encryption key schedule. */ -int -AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) +static inline int +aes_set_encrypt_key_internal(const unsigned char *userKey, const int bits, + AES_KEY *key) { u32 *rk; int i = 0; @@ -719,12 +739,25 @@ AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) } return 0; } +#endif -/** +int +AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) +{ + return aes_set_encrypt_key_internal(userKey, bits, key); +} + +#ifdef HAVE_AES_SET_DECRYPT_KEY_INTERNAL +int aes_set_decrypt_key_internal(const unsigned char *userKey, const int bits, + AES_KEY *key); + +#else +/* * Expand the cipher key into the decryption key schedule. */ -int -AES_set_decrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) +static inline int +aes_set_decrypt_key_internal(const unsigned char *userKey, const int bits, + AES_KEY *key) { u32 *rk; int i, j, status; @@ -778,14 +811,25 @@ AES_set_decrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) } return 0; } +#endif -#ifndef AES_ASM +int +AES_set_decrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) +{ + return aes_set_decrypt_key_internal(userKey, bits, key); +} + +#ifdef HAVE_AES_ENCRYPT_INTERNAL +void aes_encrypt_internal(const unsigned char *in, unsigned char *out, + const AES_KEY *key); + +#else /* - * Encrypt a single block - * in and out can overlap + * Encrypt a single block - in and out can overlap. */ -void -AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key) +static inline void +aes_encrypt_internal(const unsigned char *in, unsigned char *out, + const AES_KEY *key) { const u32 *rk; u32 s0, s1, s2, s3, t0, t1, t2, t3; @@ -969,13 +1013,25 @@ AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key) rk[3]; crypto_store_htobe32(&out[3 * 4], s3); } +#endif -/* - * Decrypt a single block - * in and out can overlap - */ void -AES_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key) +AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key) +{ + return aes_encrypt_internal(in, out, key); +} + +#ifdef HAVE_AES_DECRYPT_INTERNAL +void aes_decrypt_internal(const unsigned char *in, unsigned char *out, + const AES_KEY *key); + +#else +/* + * Decrypt a single block - in and out can overlap. + */ +static inline void +aes_decrypt_internal(const unsigned char *in, unsigned char *out, + const AES_KEY *key) { const u32 *rk; u32 s0, s1, s2, s3, t0, t1, t2, t3; @@ -1159,4 +1215,10 @@ AES_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key) rk[3]; crypto_store_htobe32(&out[3 * 4], s3); } -#endif /* AES_ASM */ +#endif + +void +AES_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key) +{ + return aes_decrypt_internal(in, out, key); +} diff --git a/lib/libcrypto/aes/asm/aes-586.pl b/lib/libcrypto/aes/asm/aes-586.pl index c7fd0cc78..160686f69 100644 --- a/lib/libcrypto/aes/asm/aes-586.pl +++ b/lib/libcrypto/aes/asm/aes-586.pl @@ -1158,8 +1158,8 @@ sub enclast() &data_word(0x00000000, 0x00000000, 0x00000000, 0x00000000); &previous(); -# void AES_encrypt (const void *inp,void *out,const AES_KEY *key); -&function_begin("AES_encrypt"); +# void aes_encrypt_internal(const void *inp, void *out, const AES_KEY *key); +&function_begin("aes_encrypt_internal"); &mov ($acc,&wparam(0)); # load inp &mov ($key,&wparam(2)); # load key @@ -1213,7 +1213,7 @@ sub enclast() &mov (&DWP(4,$acc),$s1); &mov (&DWP(8,$acc),$s2); &mov (&DWP(12,$acc),$s3); -&function_end("AES_encrypt"); +&function_end("aes_encrypt_internal"); #--------------------------------------------------------------------# @@ -1947,8 +1947,8 @@ sub declast() &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); &previous(); -# void AES_decrypt (const void *inp,void *out,const AES_KEY *key); -&function_begin("AES_decrypt"); +# void aes_decrypt_internal(const void *inp, void *out, const AES_KEY *key); +&function_begin("aes_decrypt_internal"); &mov ($acc,&wparam(0)); # load inp &mov ($key,&wparam(2)); # load key @@ -2002,7 +2002,7 @@ sub declast() &mov (&DWP(4,$acc),$s1); &mov (&DWP(8,$acc),$s2); &mov (&DWP(12,$acc),$s3); -&function_end("AES_decrypt"); +&function_end("aes_decrypt_internal"); # void aes_cbc_encrypt_internal(const void char *inp, unsigned char *out, # size_t length, const AES_KEY *key, unsigned char *ivp,const int enc); @@ -2849,12 +2849,12 @@ sub enckey() &set_label("exit"); &function_end("_x86_AES_set_encrypt_key"); -# int AES_set_encrypt_key(const unsigned char *userKey, const int bits, -# AES_KEY *key) -&function_begin_B("AES_set_encrypt_key"); +# int aes_set_encrypt_key_internal(const unsigned char *userKey, const int bits, +# AES_KEY *key) +&function_begin_B("aes_set_encrypt_key_internal"); &call ("_x86_AES_set_encrypt_key"); &ret (); -&function_end_B("AES_set_encrypt_key"); +&function_end_B("aes_set_encrypt_key_internal"); sub deckey() { my ($i,$key,$tp1,$tp2,$tp4,$tp8) = @_; @@ -2911,9 +2911,9 @@ sub deckey() &mov (&DWP(4*$i,$key),$tp1); } -# int AES_set_decrypt_key(const unsigned char *userKey, const int bits, -# AES_KEY *key) -&function_begin_B("AES_set_decrypt_key"); +# int aes_set_decrypt_key_internal(const unsigned char *userKey, const int bits, +# AES_KEY *key) +&function_begin_B("aes_set_decrypt_key_internal"); &call ("_x86_AES_set_encrypt_key"); &cmp ("eax",0); &je (&label("proceed")); @@ -2969,6 +2969,6 @@ sub deckey() &jb (&label("permute")); &xor ("eax","eax"); # return success -&function_end("AES_set_decrypt_key"); +&function_end("aes_set_decrypt_key_internal"); &asm_finish(); diff --git a/lib/libcrypto/aes/asm/aes-armv4.pl b/lib/libcrypto/aes/asm/aes-armv4.pl index 1cb9586d4..0048ee5b2 100644 --- a/lib/libcrypto/aes/asm/aes-armv4.pl +++ b/lib/libcrypto/aes/asm/aes-armv4.pl @@ -161,17 +161,17 @@ AES_Te: .word 0x1B000000, 0x36000000, 0, 0, 0, 0, 0, 0 .size AES_Te,.-AES_Te -@ void AES_encrypt(const unsigned char *in, unsigned char *out, -@ const AES_KEY *key) { -.global AES_encrypt -.type AES_encrypt,%function +@ void aes_encrypt_internal(const unsigned char *in, unsigned char *out, +@ const AES_KEY *key) { +.global aes_encrypt_internal +.type aes_encrypt_internal,%function .align 5 -AES_encrypt: - sub r3,pc,#8 @ AES_encrypt +aes_encrypt_internal: + sub r3,pc,#8 @ aes_encrypt_internal stmdb sp!,{r1,r4-r12,lr} mov $rounds,r0 @ inp mov $key,r2 - sub $tbl,r3,#AES_encrypt-AES_Te @ Te + sub $tbl,r3,#aes_encrypt_internal-AES_Te @ Te #if __ARM_ARCH__<7 || defined(__STRICT_ALIGNMENT) ldrb $s0,[$rounds,#3] @ load input data in endian-neutral ldrb $t1,[$rounds,#2] @ manner... @@ -265,7 +265,7 @@ AES_encrypt: moveq pc,lr @ be binary compatible with V4, yet bx lr @ interoperable with Thumb ISA:-) #endif -.size AES_encrypt,.-AES_encrypt +.size aes_encrypt_internal,.-aes_encrypt_internal .type _armv4_AES_encrypt,%function .align 2 @@ -404,12 +404,12 @@ _armv4_AES_encrypt: ldr pc,[sp],#4 @ pop and return .size _armv4_AES_encrypt,.-_armv4_AES_encrypt -.global AES_set_encrypt_key -.type AES_set_encrypt_key,%function +.global aes_set_encrypt_key_internal +.type aes_set_encrypt_key_internal,%function .align 5 -AES_set_encrypt_key: +aes_set_encrypt_key_internal: _armv4_AES_set_encrypt_key: - sub r3,pc,#8 @ AES_set_encrypt_key + sub r3,pc,#8 @ aes_set_encrypt_key_internal teq r0,#0 moveq r0,#-1 beq .Labrt @@ -679,12 +679,12 @@ _armv4_AES_set_encrypt_key: .Labrt: tst lr,#1 moveq pc,lr @ be binary compatible with V4, yet bx lr @ interoperable with Thumb ISA:-) -.size AES_set_encrypt_key,.-AES_set_encrypt_key +.size aes_set_encrypt_key_internal,.-aes_set_encrypt_key_internal -.global AES_set_decrypt_key -.type AES_set_decrypt_key,%function +.global aes_set_decrypt_key_internal +.type aes_set_decrypt_key_internal,%function .align 5 -AES_set_decrypt_key: +aes_set_decrypt_key_internal: str lr,[sp,#-4]! @ push lr bl _armv4_AES_set_encrypt_key teq r0,#0 @@ -773,7 +773,7 @@ $code.=<<___; moveq pc,lr @ be binary compatible with V4, yet bx lr @ interoperable with Thumb ISA:-) #endif -.size AES_set_decrypt_key,.-AES_set_decrypt_key +.size aes_set_decrypt_key_internal,.-aes_set_decrypt_key_internal .type AES_Td,%object .align 5 @@ -877,17 +877,17 @@ AES_Td: .byte 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d .size AES_Td,.-AES_Td -@ void AES_decrypt(const unsigned char *in, unsigned char *out, -@ const AES_KEY *key) { -.global AES_decrypt -.type AES_decrypt,%function +@ void aes_decrypt_internal(const unsigned char *in, unsigned char *out, +@ const AES_KEY *key) { +.global aes_decrypt_internal +.type aes_decrypt_internal,%function .align 5 -AES_decrypt: - sub r3,pc,#8 @ AES_decrypt +aes_decrypt_internal: + sub r3,pc,#8 @ aes_decrypt_internal stmdb sp!,{r1,r4-r12,lr} mov $rounds,r0 @ inp mov $key,r2 - sub $tbl,r3,#AES_decrypt-AES_Td @ Td + sub $tbl,r3,#aes_decrypt_internal-AES_Td @ Td #if __ARM_ARCH__<7 || defined(__STRICT_ALIGNMENT) ldrb $s0,[$rounds,#3] @ load input data in endian-neutral ldrb $t1,[$rounds,#2] @ manner... @@ -981,7 +981,7 @@ AES_decrypt: moveq pc,lr @ be binary compatible with V4, yet bx lr @ interoperable with Thumb ISA:-) #endif -.size AES_decrypt,.-AES_decrypt +.size aes_decrypt_internal,.-aes_decrypt_internal .type _armv4_AES_decrypt,%function .align 2 diff --git a/lib/libcrypto/aes/asm/aes-mips.pl b/lib/libcrypto/aes/asm/aes-mips.pl index 598811c64..6688e120c 100644 --- a/lib/libcrypto/aes/asm/aes-mips.pl +++ b/lib/libcrypto/aes/asm/aes-mips.pl @@ -355,9 +355,9 @@ _mips_AES_encrypt: .end _mips_AES_encrypt .align 5 -.globl AES_encrypt -.ent AES_encrypt -AES_encrypt: +.globl aes_encrypt_internal +.ent aes_encrypt_internal +aes_encrypt_internal: .frame $sp,$FRAMESIZE,$ra .mask $SAVED_REGS_MASK,-$SZREG .set noreorder @@ -387,7 +387,7 @@ $code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi prologue ___ $code.=<<___ if ($flavour !~ /o32/i); # non-o32 PIC-ification .cplocal $Tbl - .cpsetup $pf,$zero,AES_encrypt + .cpsetup $pf,$zero,aes_encrypt_internal ___ $code.=<<___; .set reorder @@ -435,7 +435,7 @@ ___ $code.=<<___; jr $ra $PTR_ADD $sp,$FRAMESIZE -.end AES_encrypt +.end aes_encrypt_internal ___ $code.=<<___; @@ -691,9 +691,9 @@ _mips_AES_decrypt: .end _mips_AES_decrypt .align 5 -.globl AES_decrypt -.ent AES_decrypt -AES_decrypt: +.globl aes_decrypt_internal +.ent aes_decrypt_internal +aes_decrypt_internal: .frame $sp,$FRAMESIZE,$ra .mask $SAVED_REGS_MASK,-$SZREG .set noreorder @@ -723,7 +723,7 @@ $code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi prologue ___ $code.=<<___ if ($flavour !~ /o32/i); # non-o32 PIC-ification .cplocal $Tbl - .cpsetup $pf,$zero,AES_decrypt + .cpsetup $pf,$zero,aes_decrypt_internal ___ $code.=<<___; .set reorder @@ -771,7 +771,7 @@ ___ $code.=<<___; jr $ra $PTR_ADD $sp,$FRAMESIZE -.end AES_decrypt +.end aes_decrypt_internal ___ }}} @@ -1038,9 +1038,9 @@ _mips_AES_set_encrypt_key: nop .end _mips_AES_set_encrypt_key -.globl AES_set_encrypt_key -.ent AES_set_encrypt_key -AES_set_encrypt_key: +.globl aes_set_encrypt_key_internal +.ent aes_set_encrypt_key_internal +aes_set_encrypt_key_internal: .frame $sp,$FRAMESIZE,$ra .mask $SAVED_REGS_MASK,-$SZREG .set noreorder @@ -1062,7 +1062,7 @@ $code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi prologue ___ $code.=<<___ if ($flavour !~ /o32/i); # non-o32 PIC-ification .cplocal $Tbl - .cpsetup $pf,$zero,AES_set_encrypt_key + .cpsetup $pf,$zero,aes_set_encrypt_key_internal ___ $code.=<<___; .set reorder @@ -1085,7 +1085,7 @@ ___ $code.=<<___; jr $ra $PTR_ADD $sp,$FRAMESIZE -.end AES_set_encrypt_key +.end aes_set_encrypt_key_internal ___ my ($head,$tail)=($inp,$bits); @@ -1093,9 +1093,9 @@ my ($tp1,$tp2,$tp4,$tp8,$tp9,$tpb,$tpd,$tpe)=($a4,$a5,$a6,$a7,$s0,$s1,$s2,$s3); my ($m,$x80808080,$x7f7f7f7f,$x1b1b1b1b)=($at,$t0,$t1,$t2); $code.=<<___; .align 5 -.globl AES_set_decrypt_key -.ent AES_set_decrypt_key -AES_set_decrypt_key: +.globl aes_set_decrypt_key_internal +.ent aes_set_decrypt_key_internal +aes_set_decrypt_key_internal: .frame $sp,$FRAMESIZE,$ra .mask $SAVED_REGS_MASK,-$SZREG .set noreorder @@ -1117,7 +1117,7 @@ $code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi prologue ___ $code.=<<___ if ($flavour !~ /o32/i); # non-o32 PIC-ification .cplocal $Tbl - .cpsetup $pf,$zero,AES_set_decrypt_key + .cpsetup $pf,$zero,aes_set_decrypt_key_internal ___ $code.=<<___; .set reorder @@ -1228,7 +1228,7 @@ ___ $code.=<<___; jr $ra $PTR_ADD $sp,$FRAMESIZE -.end AES_set_decrypt_key +.end aes_set_decrypt_key_internal ___ }}} diff --git a/lib/libcrypto/aes/asm/aes-parisc.pl b/lib/libcrypto/aes/asm/aes-parisc.pl index 43dbfc108..4e4592b56 100644 --- a/lib/libcrypto/aes/asm/aes-parisc.pl +++ b/lib/libcrypto/aes/asm/aes-parisc.pl @@ -66,9 +66,9 @@ $code=<<___; .LEVEL $LEVEL .text - .EXPORT AES_encrypt,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR + .EXPORT aes_encrypt_internal,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR .ALIGN 64 -AES_encrypt +aes_encrypt_internal .PROC .CALLINFO FRAME=`$FRAME-16*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=18 .ENTRY @@ -540,9 +540,9 @@ L\$AES_Te ___ $code.=<<___; - .EXPORT AES_decrypt,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR + .EXPORT aes_decrypt_internal,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR .ALIGN 16 -AES_decrypt +aes_decrypt_internal .PROC .CALLINFO FRAME=`$FRAME-16*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=18 .ENTRY diff --git a/lib/libcrypto/aes/asm/aes-ppc.pl b/lib/libcrypto/aes/asm/aes-ppc.pl index 9c366af61..1ae303bfa 100644 --- a/lib/libcrypto/aes/asm/aes-ppc.pl +++ b/lib/libcrypto/aes/asm/aes-ppc.pl @@ -327,9 +327,9 @@ $code.=<<___; .byte 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d -.globl .AES_encrypt +.globl .aes_encrypt_internal .align 7 -.AES_encrypt: +.aes_encrypt_internal: $STU $sp,-$FRAME($sp) mflr r0 @@ -754,9 +754,9 @@ Lenc_compact_done: xor $s3,$s3,$t3 blr -.globl .AES_decrypt +.globl .aes_decrypt_internal .align 7 -.AES_decrypt: +.aes_decrypt_internal: $STU $sp,-$FRAME($sp) mflr r0 diff --git a/lib/libcrypto/aes/asm/aes-sparcv9.pl b/lib/libcrypto/aes/asm/aes-sparcv9.pl index 08ac9830f..1348d0959 100755 --- a/lib/libcrypto/aes/asm/aes-sparcv9.pl +++ b/lib/libcrypto/aes/asm/aes-sparcv9.pl @@ -511,8 +511,8 @@ _sparcv9_AES_encrypt: .size _sparcv9_AES_encrypt,(.-_sparcv9_AES_encrypt) .align 32 -.globl AES_encrypt -AES_encrypt: +.globl aes_encrypt_internal +aes_encrypt_internal: save %sp,-$frame,%sp #ifdef __PIC__ sethi %hi(_GLOBAL_OFFSET_TABLE_-4), %o5 @@ -638,8 +638,8 @@ AES_encrypt: ret restore -.type AES_encrypt,#function -.size AES_encrypt,(.-AES_encrypt) +.type aes_encrypt_internal,#function +.size aes_encrypt_internal,(.-aes_encrypt_internal) ___ @@ -1075,8 +1075,8 @@ _sparcv9_AES_decrypt: .size _sparcv9_AES_decrypt,(.-_sparcv9_AES_decrypt) .align 32 -.globl AES_decrypt -AES_decrypt: +.globl aes_decrypt_internal +aes_decrypt_internal: save %sp,-$frame,%sp #ifdef __PIC__ sethi %hi(_GLOBAL_OFFSET_TABLE_-4), %o5 @@ -1202,8 +1202,8 @@ AES_decrypt: ret restore -.type AES_decrypt,#function -.size AES_decrypt,(.-AES_decrypt) +.type aes_decrypt_internal,#function +.size aes_decrypt_internal,(.-aes_decrypt_internal) ___ # fmovs instructions substituting for FP nops were originally added diff --git a/lib/libcrypto/aes/asm/aes-x86_64.pl b/lib/libcrypto/aes/asm/aes-x86_64.pl index 9f51bac24..3d37f3c98 100755 --- a/lib/libcrypto/aes/asm/aes-x86_64.pl +++ b/lib/libcrypto/aes/asm/aes-x86_64.pl @@ -586,15 +586,15 @@ $code.=<<___; .size _x86_64_AES_encrypt_compact,.-_x86_64_AES_encrypt_compact ___ -# void AES_encrypt (const void *inp,void *out,const AES_KEY *key); +# void aes_encrypt_internal(const void *inp, void *out, const AES_KEY *key); $code.=<<___; -.globl AES_encrypt -.type AES_encrypt,\@function,3 +.globl aes_encrypt_internal +.type aes_encrypt_internal,\@function,3 .align 16 .globl asm_AES_encrypt .hidden asm_AES_encrypt asm_AES_encrypt: -AES_encrypt: +aes_encrypt_internal: _CET_ENDBR push %rbx push %rbp @@ -655,7 +655,7 @@ AES_encrypt: lea 48(%rsi),%rsp .Lenc_epilogue: ret -.size AES_encrypt,.-AES_encrypt +.size aes_encrypt_internal,.-aes_encrypt_internal ___ #------------------------------------------------------------------# @@ -1188,15 +1188,15 @@ $code.=<<___; .size _x86_64_AES_decrypt_compact,.-_x86_64_AES_decrypt_compact ___ -# void AES_decrypt (const void *inp,void *out,const AES_KEY *key); +# void aes_decrypt_internal(const void *inp, void *out, const AES_KEY *key); $code.=<<___; -.globl AES_decrypt -.type AES_decrypt,\@function,3 +.globl aes_decrypt_internal +.type aes_decrypt_internal,\@function,3 .align 16 .globl asm_AES_decrypt .hidden asm_AES_decrypt asm_AES_decrypt: -AES_decrypt: +aes_decrypt_internal: _CET_ENDBR push %rbx push %rbp @@ -1259,7 +1259,7 @@ AES_decrypt: lea 48(%rsi),%rsp .Ldec_epilogue: ret -.size AES_decrypt,.-AES_decrypt +.size aes_decrypt_internal,.-aes_decrypt_internal ___ #------------------------------------------------------------------# @@ -1290,13 +1290,13 @@ $code.=<<___; ___ } -# int AES_set_encrypt_key(const unsigned char *userKey, const int bits, -# AES_KEY *key) +# int aes_set_encrypt_key_internal(const unsigned char *userKey, const int bits, +# AES_KEY *key) $code.=<<___; -.globl AES_set_encrypt_key -.type AES_set_encrypt_key,\@function,3 +.globl aes_set_encrypt_key_internal +.type aes_set_encrypt_key_internal,\@function,3 .align 16 -AES_set_encrypt_key: +aes_set_encrypt_key_internal: _CET_ENDBR push %rbx push %rbp @@ -1318,7 +1318,7 @@ AES_set_encrypt_key: add \$56,%rsp .Lenc_key_epilogue: ret -.size AES_set_encrypt_key,.-AES_set_encrypt_key +.size aes_set_encrypt_key_internal,.-aes_set_encrypt_key_internal .type _x86_64_AES_set_encrypt_key,\@abi-omnipotent .align 16 @@ -1562,13 +1562,13 @@ $code.=<<___; ___ } -# int AES_set_decrypt_key(const unsigned char *userKey, const int bits, -# AES_KEY *key) +# int aes_set_decrypt_key_internal(const unsigned char *userKey, const int bits, +# AES_KEY *key) $code.=<<___; -.globl AES_set_decrypt_key -.type AES_set_decrypt_key,\@function,3 +.globl aes_set_decrypt_key_internal +.type aes_set_decrypt_key_internal,\@function,3 .align 16 -AES_set_decrypt_key: +aes_set_decrypt_key_internal: _CET_ENDBR push %rbx push %rbp @@ -1638,7 +1638,7 @@ $code.=<<___; add \$56,%rsp .Ldec_key_epilogue: ret -.size AES_set_decrypt_key,.-AES_set_decrypt_key +.size aes_set_decrypt_key_internal,.-aes_set_decrypt_key_internal ___ # void aes_cbc_encrypt_internal(const void char *inp, unsigned char *out, @@ -2782,21 +2782,21 @@ cbc_se_handler: .section .pdata .align 4 - .rva .LSEH_begin_AES_encrypt - .rva .LSEH_end_AES_encrypt - .rva .LSEH_info_AES_encrypt + .rva .LSEH_begin_aes_encrypt_internal + .rva .LSEH_end_aes_encrypt_internal + .rva .LSEH_info_aes_encrypt_internal - .rva .LSEH_begin_AES_decrypt - .rva .LSEH_end_AES_decrypt - .rva .LSEH_info_AES_decrypt + .rva .LSEH_begin_aes_decrypt_internal + .rva .LSEH_end_aes_decrypt_internal + .rva .LSEH_info_aes_decrypt_internal - .rva .LSEH_begin_AES_set_encrypt_key - .rva .LSEH_end_AES_set_encrypt_key - .rva .LSEH_info_AES_set_encrypt_key + .rva .LSEH_begin_aes_set_encrypt_key_internal + .rva .LSEH_end_aes_set_encrypt_key_internal + .rva .LSEH_info_aes_set_encrypt_key_internal - .rva .LSEH_begin_AES_set_decrypt_key - .rva .LSEH_end_AES_set_decrypt_key - .rva .LSEH_info_AES_set_decrypt_key + .rva .LSEH_begin_aes_set_decrypt_key_internal + .rva .LSEH_end_aes_set_decrypt_key_internal + .rva .LSEH_info_aes_set_decrypt_key_internal .rva .LSEH_begin_aes_cbc_encrypt_internal .rva .LSEH_end_aes_cbc_encrypt_internal @@ -2804,19 +2804,19 @@ cbc_se_handler: .section .xdata .align 8 -.LSEH_info_AES_encrypt: +.LSEH_info_aes_encrypt_internal: .byte 9,0,0,0 .rva block_se_handler .rva .Lenc_prologue,.Lenc_epilogue # HandlerData[] -.LSEH_info_AES_decrypt: +.LSEH_info_aes_decrypt_internal: .byte 9,0,0,0 .rva block_se_handler .rva .Ldec_prologue,.Ldec_epilogue # HandlerData[] -.LSEH_info_AES_set_encrypt_key: +.LSEH_info_aes_set_encrypt_key_internal: .byte 9,0,0,0 .rva key_se_handler .rva .Lenc_key_prologue,.Lenc_key_epilogue # HandlerData[] -.LSEH_info_AES_set_decrypt_key: +.LSEH_info_aes_set_decrypt_key_internal: .byte 9,0,0,0 .rva key_se_handler .rva .Ldec_key_prologue,.Ldec_key_epilogue # HandlerData[] diff --git a/lib/libcrypto/arch/aarch64/Makefile.inc b/lib/libcrypto/arch/aarch64/Makefile.inc index 6f57fa230..a17ef7f5a 100644 --- a/lib/libcrypto/arch/aarch64/Makefile.inc +++ b/lib/libcrypto/arch/aarch64/Makefile.inc @@ -1,17 +1,7 @@ -# $OpenBSD: Makefile.inc,v 1.10 2024/03/28 12:52:58 jsing Exp $ +# $OpenBSD: Makefile.inc,v 1.13 2024/03/29 07:24:09 jsing Exp $ # aarch64-specific libcrypto build rules -# aes -SRCS+= aes_core.c -# bn -# camellia -SRCS+= camellia.c cmll_cbc.c cmll_misc.c -# modes -# sha -# whrlpool -SRCS+= wp_block.c - .for dir f in ${SSLASM} SRCS+= ${f}.S GENERATED+=${f}.S diff --git a/lib/libcrypto/arch/alpha/Makefile.inc b/lib/libcrypto/arch/alpha/Makefile.inc index ac8314563..3e42c42f5 100644 --- a/lib/libcrypto/arch/alpha/Makefile.inc +++ b/lib/libcrypto/arch/alpha/Makefile.inc @@ -1,22 +1,16 @@ -# $OpenBSD: Makefile.inc,v 1.11 2024/03/28 12:52:58 jsing Exp $ +# $OpenBSD: Makefile.inc,v 1.14 2024/03/29 07:24:09 jsing Exp $ # alpha-specific libcrypto build rules -# aes -SRCS+= aes_core.c # bn SSLASM+= bn alpha-mont CFLAGS+= -DOPENSSL_BN_ASM_MONT -# camellia -SRCS+= camellia.c cmll_cbc.c cmll_misc.c # modes CFLAGS+= -DGHASH_ASM SSLASM+= modes ghash-alpha # sha CFLAGS+= -DSHA1_ASM SSLASM+= sha sha1-alpha -# whrlpool -SRCS+= wp_block.c .for dir f in ${SSLASM} SRCS+= ${f}.S diff --git a/lib/libcrypto/arch/amd64/Makefile.inc b/lib/libcrypto/arch/amd64/Makefile.inc index 8ae28f16e..a35410582 100644 --- a/lib/libcrypto/arch/amd64/Makefile.inc +++ b/lib/libcrypto/arch/amd64/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.21 2024/03/29 01:24:07 jsing Exp $ +# $OpenBSD: Makefile.inc,v 1.27 2024/03/29 11:00:57 jsing Exp $ # amd64-specific libcrypto build rules @@ -14,6 +14,10 @@ CFLAGS+= -DVPAES_ASM SSLASM+= aes vpaes-x86_64 SSLASM+= aes aesni-x86_64 CFLAGS+= -DHAVE_AES_CBC_ENCRYPT_INTERNAL +CFLAGS+= -DHAVE_AES_SET_ENCRYPT_KEY_INTERNAL +CFLAGS+= -DHAVE_AES_SET_DECRYPT_KEY_INTERNAL +CFLAGS+= -DHAVE_AES_ENCRYPT_INTERNAL +CFLAGS+= -DHAVE_AES_DECRYPT_INTERNAL # bn CFLAGS+= -DOPENSSL_IA32_SSE2 CFLAGS+= -DRSA_ASM @@ -37,9 +41,6 @@ SRCS += bignum_sqr_8_16_alt.S SRCS += bignum_sub.S SRCS += word_clz.S -# camellia -SRCS+= cmll_misc.c -SSLASM+= camellia cmll-x86_64 # md5 CFLAGS+= -DMD5_ASM SSLASM+= md5 md5-x86_64 @@ -66,8 +67,6 @@ GENERATED+= sha512-x86_64.S sha512-x86_64.S: ${LCRYPTO_SRC}/sha/asm/sha512-x86_64.pl ${EXTRA_PL} cd ${LCRYPTO_SRC}/sha/asm ; \ /usr/bin/perl ./sha512-x86_64.pl ${.OBJDIR}/${.TARGET} -# whrlpool -SRCS+= wp_block.c .for dir f in ${SSLASM} SRCS+= ${f}.S diff --git a/lib/libcrypto/arch/arm/Makefile.inc b/lib/libcrypto/arch/arm/Makefile.inc index b0d125572..43c0589eb 100644 --- a/lib/libcrypto/arch/arm/Makefile.inc +++ b/lib/libcrypto/arch/arm/Makefile.inc @@ -5,11 +5,13 @@ # aes CFLAGS+= -DAES_ASM SSLASM+= aes aes-armv4 +CFLAGS+= -DHAVE_AES_SET_ENCRYPT_KEY_INTERNAL +CFLAGS+= -DHAVE_AES_SET_DECRYPT_KEY_INTERNAL +CFLAGS+= -DHAVE_AES_ENCRYPT_INTERNAL +CFLAGS+= -DHAVE_AES_DECRYPT_INTERNAL # bn CFLAGS+= -DOPENSSL_BN_ASM_MONT SSLASM+= bn armv4-mont -# camellia -SRCS+= camellia.c cmll_cbc.c cmll_misc.c # modes CFLAGS+= -DGHASH_ASM SSLASM+= modes ghash-armv4 @@ -20,8 +22,6 @@ CFLAGS+= -DSHA256_ASM SSLASM+= sha sha256-armv4 CFLAGS+= -DSHA512_ASM SSLASM+= sha sha512-armv4 -# whrlpool -SRCS+= wp_block.c .for dir f in ${SSLASM} SRCS+= ${f}.S diff --git a/lib/libcrypto/arch/hppa/Makefile.inc b/lib/libcrypto/arch/hppa/Makefile.inc index bbe4c9ac1..9796d3a86 100644 --- a/lib/libcrypto/arch/hppa/Makefile.inc +++ b/lib/libcrypto/arch/hppa/Makefile.inc @@ -1,16 +1,15 @@ -# $OpenBSD: Makefile.inc,v 1.20 2024/03/28 12:52:58 jsing Exp $ +# $OpenBSD: Makefile.inc,v 1.24 2024/03/29 11:00:57 jsing Exp $ # hppa-specific libcrypto build rules # aes -SRCS+= aes_core.c CFLAGS+= -DAES_ASM SSLASM+= aes aes-parisc aes-parisc +CFLAGS+= -DHAVE_AES_ENCRYPT_INTERNAL +CFLAGS+= -DHAVE_AES_DECRYPT_INTERNAL # bn SSLASM+= bn parisc-mont parisc-mont CFLAGS+= -DOPENSSL_BN_ASM_MONT -DBN_DIV2W -# camellia -SRCS+= camellia.c cmll_cbc.c cmll_misc.c # modes CFLAGS+= -DGHASH_ASM SSLASM+= modes ghash-parisc ghash-parisc @@ -19,8 +18,6 @@ CFLAGS+= -DSHA1_ASM SSLASM+= sha sha1-parisc sha1-parisc CFLAGS+= -DSHA256_ASM SSLASM+= sha sha512-parisc sha256-parisc -# whrlpool -SRCS+= wp_block.c .for dir src dst in ${SSLASM} SRCS+= ${dst}.S diff --git a/lib/libcrypto/arch/i386/Makefile.inc b/lib/libcrypto/arch/i386/Makefile.inc index 9da377a3c..37f6ba32b 100644 --- a/lib/libcrypto/arch/i386/Makefile.inc +++ b/lib/libcrypto/arch/i386/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.18 2024/03/29 01:24:07 jsing Exp $ +# $OpenBSD: Makefile.inc,v 1.24 2024/03/29 11:00:57 jsing Exp $ # i386-specific libcrypto build rules @@ -12,14 +12,16 @@ CFLAGS+= -DVPAES_ASM SSLASM+= aes vpaes-x86 SSLASM+= aes aesni-x86 CFLAGS+= -DHAVE_AES_CBC_ENCRYPT_INTERNAL +CFLAGS+= -DHAVE_AES_SET_ENCRYPT_KEY_INTERNAL +CFLAGS+= -DHAVE_AES_SET_DECRYPT_KEY_INTERNAL +CFLAGS+= -DHAVE_AES_ENCRYPT_INTERNAL +CFLAGS+= -DHAVE_AES_DECRYPT_INTERNAL # bn CFLAGS+= -DOPENSSL_IA32_SSE2 SSLASM+= bn bn-586 SSLASM+= bn co-586 CFLAGS+= -DOPENSSL_BN_ASM_MONT SSLASM+= bn x86-mont -# camellia -SSLASM+= camellia cmll-x86 # md5 CFLAGS+= -DMD5_ASM SSLASM+= md5 md5-586 @@ -37,8 +39,6 @@ CFLAGS+= -DSHA256_ASM SSLASM+= sha sha256-586 CFLAGS+= -DSHA512_ASM SSLASM+= sha sha512-586 -# whrlpool -SRCS+= wp_block.c .for dir f in ${SSLASM} SRCS+= ${f}.S diff --git a/lib/libcrypto/arch/mips64/Makefile.inc b/lib/libcrypto/arch/mips64/Makefile.inc index d40bbdf00..41d6b0e88 100644 --- a/lib/libcrypto/arch/mips64/Makefile.inc +++ b/lib/libcrypto/arch/mips64/Makefile.inc @@ -1,16 +1,18 @@ -# $OpenBSD: Makefile.inc,v 1.12 2024/03/28 12:52:58 jsing Exp $ +# $OpenBSD: Makefile.inc,v 1.17 2024/03/29 11:00:57 jsing Exp $ # mips64-specific libcrypto build rules # aes CFLAGS+= -DAES_ASM SSLASM+= aes aes-mips aes-mips +CFLAGS+= -DHAVE_AES_SET_ENCRYPT_KEY_INTERNAL +CFLAGS+= -DHAVE_AES_SET_DECRYPT_KEY_INTERNAL +CFLAGS+= -DHAVE_AES_ENCRYPT_INTERNAL +CFLAGS+= -DHAVE_AES_DECRYPT_INTERNAL # bn SSLASM+= bn mips bn-mips SSLASM+= bn mips-mont mips-mont CFLAGS+= -DOPENSSL_BN_ASM_MONT -# camellia -SRCS+= camellia.c cmll_cbc.c cmll_misc.c # sha SSLASM+= sha sha1-mips sha1-mips CFLAGS+= -DSHA1_ASM @@ -18,8 +20,6 @@ SSLASM+= sha sha512-mips sha256-mips CFLAGS+= -DSHA256_ASM SSLASM+= sha sha512-mips sha512-mips CFLAGS+= -DSHA512_ASM -# whrlpool -SRCS+= wp_block.c .for dir src dst in ${SSLASM} SRCS+= ${dst}.S diff --git a/lib/libcrypto/arch/powerpc/Makefile.inc b/lib/libcrypto/arch/powerpc/Makefile.inc index 9e3a2f728..0d40e5ac3 100644 --- a/lib/libcrypto/arch/powerpc/Makefile.inc +++ b/lib/libcrypto/arch/powerpc/Makefile.inc @@ -1,9 +1,7 @@ -# $OpenBSD: Makefile.inc,v 1.9 2024/03/28 12:52:58 jsing Exp $ +# $OpenBSD: Makefile.inc,v 1.12 2024/03/29 07:24:09 jsing Exp $ # powerpc-specific libcrypto build rules -# aes -SRCS+= aes_core.c # slower than C code #CFLAGS+= -DAES_ASM #SSLASM+= aes aes-ppc aes-ppc @@ -12,15 +10,11 @@ SSLASM+= bn ppc bn-ppc SSLASM+= bn ppc-mont ppc-mont # bn_mul_mont_int #SSLASM+= bn ppc64-mont ppc64-mont # bn_mul_mont_fpu64 CFLAGS+= -DOPENSSL_BN_ASM_MONT -# camellia -SRCS+= camellia.c cmll_cbc.c cmll_misc.c # sha CFLAGS+= -DSHA1_ASM SSLASM+= sha sha1-ppc sha1-ppc CFLAGS+= -DSHA256_ASM SSLASM+= sha sha512-ppc sha256-ppc -# whrlpool -SRCS+= wp_block.c .for dir src dst in ${SSLASM} SRCS+= ${dst}.S diff --git a/lib/libcrypto/arch/powerpc64/Makefile.inc b/lib/libcrypto/arch/powerpc64/Makefile.inc index ea466bb8a..07c9de3d0 100644 --- a/lib/libcrypto/arch/powerpc64/Makefile.inc +++ b/lib/libcrypto/arch/powerpc64/Makefile.inc @@ -1,9 +1,7 @@ -# $OpenBSD: Makefile.inc,v 1.11 2024/03/28 12:52:58 jsing Exp $ +# $OpenBSD: Makefile.inc,v 1.14 2024/03/29 07:24:09 jsing Exp $ # powerpc-specific libcrypto build rules -# aes -SRCS+= aes_core.c # slower than C code #CFLAGS+= -DAES_ASM #SSLASM+= aes aes-ppc aes-ppc @@ -12,15 +10,11 @@ SRCS+= aes_core.c #SSLASM+= bn ppc-mont ppc-mont # bn_mul_mont_int #SSLASM+= bn ppc64-mont ppc64-mont # bn_mul_mont_fpu64 #CFLAGS+= -DOPENSSL_BN_ASM_MONT -# camellia -SRCS+= camellia.c cmll_cbc.c cmll_misc.c # sha #CFLAGS+= -DSHA1_ASM #SSLASM+= sha sha1-ppc sha1-ppc #CFLAGS+= -DSHA256_ASM #SSLASM+= sha sha512-ppc sha256-ppc -# whrlpool -SRCS+= wp_block.c .for dir src dst in ${SSLASM} SRCS+= ${dst}.S diff --git a/lib/libcrypto/arch/riscv64/Makefile.inc b/lib/libcrypto/arch/riscv64/Makefile.inc index 0737d3ce1..94cc03ed7 100644 --- a/lib/libcrypto/arch/riscv64/Makefile.inc +++ b/lib/libcrypto/arch/riscv64/Makefile.inc @@ -1,14 +1,3 @@ -# $OpenBSD: Makefile.inc,v 1.7 2024/03/28 12:52:58 jsing Exp $ +# $OpenBSD: Makefile.inc,v 1.10 2024/03/29 07:24:09 jsing Exp $ # riscv64 libcrypto build rules - -# aes -SRCS+= aes_core.c - -# camellia -SRCS+= camellia.c -SRCS+= cmll_cbc.c -SRCS+= cmll_misc.c - -# whrlpool -SRCS+= wp_block.c diff --git a/lib/libcrypto/arch/sparc64/Makefile.inc b/lib/libcrypto/arch/sparc64/Makefile.inc index e540fcbbb..c4b303f44 100644 --- a/lib/libcrypto/arch/sparc64/Makefile.inc +++ b/lib/libcrypto/arch/sparc64/Makefile.inc @@ -1,14 +1,13 @@ -# $OpenBSD: Makefile.inc,v 1.14 2024/03/28 12:52:58 jsing Exp $ +# $OpenBSD: Makefile.inc,v 1.18 2024/03/29 11:00:57 jsing Exp $ # sparc64-specific libcrypto build rules # aes -SRCS+= aes_core.c CFLAGS+= -DAES_ASM SSLASM+= aes aes-sparcv9 aes-sparcv9 +CFLAGS+= -DHAVE_AES_ENCRYPT_INTERNAL +CFLAGS+= -DHAVE_AES_DECRYPT_INTERNAL # bn -# camellia -SRCS+= camellia.c cmll_cbc.c cmll_misc.c # modes CFLAGS+= -DGHASH_ASM SSLASM+= modes ghash-sparcv9 ghash-sparcv9 @@ -19,8 +18,6 @@ SSLASM+= sha sha512-sparcv9 sha256-sparcv9 CFLAGS+= -DSHA256_ASM SSLASM+= sha sha512-sparcv9 sha512-sparcv9 CFLAGS+= -DSHA512_ASM -# whrlpool -SRCS+= wp_block.c .for dir src dst in ${SSLASM} SRCS+= ${dst}.S diff --git a/lib/libcrypto/asn1/asn_mime.c b/lib/libcrypto/asn1/asn_mime.c index 56a428aec..261067366 100644 --- a/lib/libcrypto/asn1/asn_mime.c +++ b/lib/libcrypto/asn1/asn_mime.c @@ -1,4 +1,4 @@ -/* $OpenBSD: asn_mime.c,v 1.32 2023/07/05 21:23:36 beck Exp $ */ +/* $OpenBSD: asn_mime.c,v 1.34 2024/03/29 04:35:42 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -110,7 +110,6 @@ static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name); static void mime_hdr_free(MIME_HEADER *hdr); #define MAX_SMLEN 1024 -#define mime_debug(x) /* x */ /* Output an ASN1 structure in BER format streaming if necessary */ @@ -118,29 +117,30 @@ int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, const ASN1_ITEM *it) { - /* If streaming create stream BIO and copy all content through it */ - if (flags & SMIME_STREAM) { - BIO *bio, *tbio; - bio = BIO_new_NDEF(out, val, it); - if (!bio) { - ASN1error(ERR_R_MALLOC_FAILURE); - return 0; - } - SMIME_crlf_copy(in, bio, flags); - (void)BIO_flush(bio); - /* Free up successive BIOs until we hit the old output BIO */ - do { - tbio = BIO_pop(bio); - BIO_free(bio); - bio = tbio; - } while (bio != out); + BIO *bio, *tbio; + int ret; + + /* Without streaming, write out the ASN.1 structure's content. */ + if ((flags & SMIME_STREAM) == 0) + return ASN1_item_i2d_bio(it, out, val); + + /* If streaming, create a stream BIO and copy all content through it. */ + if ((bio = BIO_new_NDEF(out, val, it)) == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + return 0; } - /* else just write out ASN1 structure which will have all content - * stored internally - */ - else - ASN1_item_i2d_bio(it, out, val); - return 1; + + ret = SMIME_crlf_copy(in, bio, flags); + (void)BIO_flush(bio); + + /* Free up successive BIOs until we hit the old output BIO. */ + do { + tbio = BIO_pop(bio); + BIO_free(bio); + bio = tbio; + } while (bio != out); + + return ret; } /* Base 64 read and write of ASN1 structure */ @@ -706,7 +706,6 @@ mime_parse_hdr(BIO *bio) case MIME_TYPE: if (c == ';') { - mime_debug("Found End Value\n"); *p = 0; mhdr = mime_hdr_new(ntmp, strip_ends(q)); @@ -748,7 +747,6 @@ mime_parse_hdr(BIO *bio) ntmp = NULL; q = p + 1; } else if (c == '"') { - mime_debug("Found Quote\n"); state = MIME_QUOTE; } else if (c == '(') { save_state = state; @@ -758,7 +756,6 @@ mime_parse_hdr(BIO *bio) case MIME_QUOTE: if (c == '"') { - mime_debug("Found Match Quote\n"); state = MIME_VALUE; } break; diff --git a/lib/libcrypto/bf/blowfish.c b/lib/libcrypto/bf/blowfish.c index fa6d66fce..330d7a8e0 100644 --- a/lib/libcrypto/bf/blowfish.c +++ b/lib/libcrypto/bf/blowfish.c @@ -1,4 +1,4 @@ -/* $OpenBSD: blowfish.c,v 1.2 2024/03/27 11:54:29 jsing Exp $ */ +/* $OpenBSD: blowfish.c,v 1.3 2024/03/29 02:37:20 joshua Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -380,6 +380,7 @@ BF_encrypt(BF_LONG *data, const BF_KEY *key) data[1] = l&0xffffffffL; data[0] = r&0xffffffffL; } +LCRYPTO_ALIAS(BF_encrypt); #ifndef BF_DEFAULT_OPTIONS @@ -422,6 +423,7 @@ BF_decrypt(BF_LONG *data, const BF_KEY *key) data[1] = l&0xffffffffL; data[0] = r&0xffffffffL; } +LCRYPTO_ALIAS(BF_decrypt); void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, @@ -498,6 +500,7 @@ BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; tin[0] = tin[1] = 0; } +LCRYPTO_ALIAS(BF_cbc_encrypt); /* * The input and output encrypted as though 64bit cfb mode is being @@ -561,6 +564,7 @@ BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length, v0 = v1 = ti[0] = ti[1] = t=c = cc = 0; *num = n; } +LCRYPTO_ALIAS(BF_cfb64_encrypt); void BF_ecb_encrypt(const unsigned char *in, unsigned char *out, @@ -582,6 +586,7 @@ BF_ecb_encrypt(const unsigned char *in, unsigned char *out, l2n(l, out); l = d[0] = d[1] = 0; } +LCRYPTO_ALIAS(BF_ecb_encrypt); /* * The input and output encrypted as though 64bit ofb mode is being @@ -632,6 +637,7 @@ BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length, t = v0 = v1 = ti[0] = ti[1] = 0; *num = n; } +LCRYPTO_ALIAS(BF_ofb64_encrypt); void BF_set_key(BF_KEY *key, int len, const unsigned char *data) @@ -686,4 +692,5 @@ BF_set_key(BF_KEY *key, int len, const unsigned char *data) p[i + 1] = in[1]; } } +LCRYPTO_ALIAS(BF_set_key); #endif diff --git a/lib/libcrypto/camellia/asm/cmll-x86.pl b/lib/libcrypto/camellia/asm/cmll-x86.pl deleted file mode 100644 index 7880913da..000000000 --- a/lib/libcrypto/camellia/asm/cmll-x86.pl +++ /dev/null @@ -1,1126 +0,0 @@ -#!/usr/bin/env perl - -# ==================================================================== -# Copyright (c) 2008 Andy Polyakov -# -# This module may be used under the terms of either the GNU General -# Public License version 2 or later, the GNU Lesser General Public -# License version 2.1 or later, the Mozilla Public License version -# 1.1 or the BSD License. The exact terms of either license are -# distributed along with this module. For further details see -# http://www.openssl.org/~appro/camellia/. -# ==================================================================== - -# Performance in cycles per processed byte (less is better) in -# 'openssl speed ...' benchmark: -# -# AMD K8 Core2 PIII P4 -# -evp camellia-128-ecb 21.5 22.8 27.0 28.9 -# + over gcc 3.4.6 +90/11% +70/10% +53/4% +160/64% -# + over icc 8.0 +48/19% +21/15% +21/17% +55/37% -# -# camellia-128-cbc 17.3 21.1 23.9 25.9 -# -# 128-bit key setup 196 280 256 240 cycles/key -# + over gcc 3.4.6 +30/0% +17/11% +11/0% +63/40% -# + over icc 8.0 +18/3% +10/0% +10/3% +21/10% -# -# Pairs of numbers in "+" rows represent performance improvement over -# compiler generated position-independent code, PIC, and non-PIC -# respectively. PIC results are of greater relevance, as this module -# is position-independent, i.e. suitable for a shared library or PIE. -# Position independence "costs" one register, which is why compilers -# are so close with non-PIC results, they have an extra register to -# spare. CBC results are better than ECB ones thanks to "zero-copy" -# private _x86_* interface, and are ~30-40% better than with compiler -# generated cmll_cbc.o, and reach ~80-90% of x86_64 performance on -# same CPU (where applicable). - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86asm.pl"; - -$OPENSSL=1; - -&asm_init($ARGV[0],"cmll-586.pl",$ARGV[$#ARGV] eq "386"); - -@T=("eax","ebx","ecx","edx"); -$idx="esi"; -$key="edi"; -$Tbl="ebp"; - -# stack frame layout in _x86_Camellia_* routines, frame is allocated -# by caller -$__ra=&DWP(0,"esp"); # return address -$__s0=&DWP(4,"esp"); # s0 backing store -$__s1=&DWP(8,"esp"); # s1 backing store -$__s2=&DWP(12,"esp"); # s2 backing store -$__s3=&DWP(16,"esp"); # s3 backing store -$__end=&DWP(20,"esp"); # pointer to end/start of key schedule - -# stack frame layout in Camellia_[en|crypt] routines, which differs from -# above by 4 and overlaps by pointer to end/start of key schedule -$_end=&DWP(16,"esp"); -$_esp=&DWP(20,"esp"); - -# const unsigned int Camellia_SBOX[4][256]; -# Well, sort of... Camellia_SBOX[0][] is interleaved with [1][], -# and [2][] - with [3][]. This is done to optimize code size. -$SBOX1_1110=0; # Camellia_SBOX[0] -$SBOX4_4404=4; # Camellia_SBOX[1] -$SBOX2_0222=2048; # Camellia_SBOX[2] -$SBOX3_3033=2052; # Camellia_SBOX[3] -&static_label("Camellia_SIGMA"); -&static_label("Camellia_SBOX"); - -sub Camellia_Feistel { -my $i=@_[0]; -my $seed=defined(@_[1])?@_[1]:0; -my $scale=$seed<0?-8:8; -my $frame=defined(@_[2])?@_[2]:0; -my $j=($i&1)*2; -my $t0=@T[($j)%4],$t1=@T[($j+1)%4],$t2=@T[($j+2)%4],$t3=@T[($j+3)%4]; - - &xor ($t0,$idx); # t0^=key[0] - &xor ($t1,&DWP($seed+$i*$scale+4,$key)); # t1^=key[1] - &movz ($idx,&HB($t0)); # (t0>>8)&0xff - &mov ($t3,&DWP($SBOX3_3033,$Tbl,$idx,8)); # t3=SBOX3_3033[0] - &movz ($idx,&LB($t0)); # (t0>>0)&0xff - &xor ($t3,&DWP($SBOX4_4404,$Tbl,$idx,8)); # t3^=SBOX4_4404[0] - &shr ($t0,16); - &movz ($idx,&LB($t1)); # (t1>>0)&0xff - &mov ($t2,&DWP($SBOX1_1110,$Tbl,$idx,8)); # t2=SBOX1_1110[1] - &movz ($idx,&HB($t0)); # (t0>>24)&0xff - &xor ($t3,&DWP($SBOX1_1110,$Tbl,$idx,8)); # t3^=SBOX1_1110[0] - &movz ($idx,&HB($t1)); # (t1>>8)&0xff - &xor ($t2,&DWP($SBOX4_4404,$Tbl,$idx,8)); # t2^=SBOX4_4404[1] - &shr ($t1,16); - &movz ($t0,&LB($t0)); # (t0>>16)&0xff - &xor ($t3,&DWP($SBOX2_0222,$Tbl,$t0,8)); # t3^=SBOX2_0222[0] - &movz ($idx,&HB($t1)); # (t1>>24)&0xff - &mov ($t0,&DWP($frame+4*(($j+3)%4),"esp")); # prefetch "s3" - &xor ($t2,$t3); # t2^=t3 - &rotr ($t3,8); # t3=RightRotate(t3,8) - &xor ($t2,&DWP($SBOX2_0222,$Tbl,$idx,8)); # t2^=SBOX2_0222[1] - &movz ($idx,&LB($t1)); # (t1>>16)&0xff - &mov ($t1,&DWP($frame+4*(($j+2)%4),"esp")); # prefetch "s2" - &xor ($t3,$t0); # t3^=s3 - &xor ($t2,&DWP($SBOX3_3033,$Tbl,$idx,8)); # t2^=SBOX3_3033[1] - &mov ($idx,&DWP($seed+($i+1)*$scale,$key)); # prefetch key[i+1] - &xor ($t3,$t2); # t3^=t2 - &mov (&DWP($frame+4*(($j+3)%4),"esp"),$t3); # s3=t3 - &xor ($t2,$t1); # t2^=s2 - &mov (&DWP($frame+4*(($j+2)%4),"esp"),$t2); # s2=t2 -} - -# void Camellia_EncryptBlock_Rounds( -# int grandRounds, -# const Byte plaintext[], -# const KEY_TABLE_TYPE keyTable, -# Byte ciphertext[]) -&function_begin("Camellia_EncryptBlock_Rounds"); - &mov ("eax",&wparam(0)); # load grandRounds - &mov ($idx,&wparam(1)); # load plaintext pointer - &mov ($key,&wparam(2)); # load key schedule pointer - - &mov ("ebx","esp"); - &sub ("esp",7*4); # place for s[0-3],keyEnd,esp and ra - &and ("esp",-64); - - # place stack frame just "above mod 1024" the key schedule - # this ensures that cache associativity of 2 suffices - &lea ("ecx",&DWP(-64-63,$key)); - &sub ("ecx","esp"); - &neg ("ecx"); - &and ("ecx",0x3C0); # modulo 1024, but aligned to cache-line - &sub ("esp","ecx"); - &add ("esp",4); # 4 is reserved for callee's return address - - &shl ("eax",6); - &lea ("eax",&DWP(0,$key,"eax")); - &mov ($_esp,"ebx"); # save %esp - &mov ($_end,"eax"); # save keyEnd - - &picsetup($Tbl); - &picsymbol($Tbl, &label("Camellia_SBOX"), $Tbl); - - &mov (@T[0],&DWP(0,$idx)); # load plaintext - &mov (@T[1],&DWP(4,$idx)); - &mov (@T[2],&DWP(8,$idx)); - &bswap (@T[0]); - &mov (@T[3],&DWP(12,$idx)); - &bswap (@T[1]); - &bswap (@T[2]); - &bswap (@T[3]); - - &call ("_x86_Camellia_encrypt"); - - &mov ("esp",$_esp); - &bswap (@T[0]); - &mov ($idx,&wparam(3)); # load ciphertext pointer - &bswap (@T[1]); - &bswap (@T[2]); - &bswap (@T[3]); - &mov (&DWP(0,$idx),@T[0]); # write ciphertext - &mov (&DWP(4,$idx),@T[1]); - &mov (&DWP(8,$idx),@T[2]); - &mov (&DWP(12,$idx),@T[3]); -&function_end("Camellia_EncryptBlock_Rounds"); -# V1.x API -&function_begin_B("Camellia_EncryptBlock"); - &mov ("eax",128); - &sub ("eax",&wparam(0)); # load keyBitLength - &mov ("eax",3); - &adc ("eax",0); # keyBitLength==128?3:4 - &mov (&wparam(0),"eax"); - &jmp (&label("Camellia_EncryptBlock_Rounds")); -&function_end_B("Camellia_EncryptBlock"); - -if ($OPENSSL) { -# void Camellia_encrypt( -# const unsigned char *in, -# unsigned char *out, -# const CAMELLIA_KEY *key) -&function_begin("Camellia_encrypt"); - &mov ($idx,&wparam(0)); # load plaintext pointer - &mov ($key,&wparam(2)); # load key schedule pointer - - &mov ("ebx","esp"); - &sub ("esp",7*4); # place for s[0-3],keyEnd,esp and ra - &and ("esp",-64); - &mov ("eax",&DWP(272,$key)); # load grandRounds counter - - # place stack frame just "above mod 1024" the key schedule - # this ensures that cache associativity of 2 suffices - &lea ("ecx",&DWP(-64-63,$key)); - &sub ("ecx","esp"); - &neg ("ecx"); - &and ("ecx",0x3C0); # modulo 1024, but aligned to cache-line - &sub ("esp","ecx"); - &add ("esp",4); # 4 is reserved for callee's return address - - &shl ("eax",6); - &lea ("eax",&DWP(0,$key,"eax")); - &mov ($_esp,"ebx"); # save %esp - &mov ($_end,"eax"); # save keyEnd - - &picsetup($Tbl); - &picsymbol($Tbl, &label("Camellia_SBOX"), $Tbl); - - &mov (@T[0],&DWP(0,$idx)); # load plaintext - &mov (@T[1],&DWP(4,$idx)); - &mov (@T[2],&DWP(8,$idx)); - &bswap (@T[0]); - &mov (@T[3],&DWP(12,$idx)); - &bswap (@T[1]); - &bswap (@T[2]); - &bswap (@T[3]); - - &call ("_x86_Camellia_encrypt"); - - &mov ("esp",$_esp); - &bswap (@T[0]); - &mov ($idx,&wparam(1)); # load ciphertext pointer - &bswap (@T[1]); - &bswap (@T[2]); - &bswap (@T[3]); - &mov (&DWP(0,$idx),@T[0]); # write ciphertext - &mov (&DWP(4,$idx),@T[1]); - &mov (&DWP(8,$idx),@T[2]); - &mov (&DWP(12,$idx),@T[3]); -&function_end("Camellia_encrypt"); -} - -&function_begin_B("_x86_Camellia_encrypt"); - &xor (@T[0],&DWP(0,$key)); # ^=key[0-3] - &xor (@T[1],&DWP(4,$key)); - &xor (@T[2],&DWP(8,$key)); - &xor (@T[3],&DWP(12,$key)); - &mov ($idx,&DWP(16,$key)); # prefetch key[4] - - &mov ($__s0,@T[0]); # save s[0-3] - &mov ($__s1,@T[1]); - &mov ($__s2,@T[2]); - &mov ($__s3,@T[3]); - -&set_label("loop",16); - for ($i=0;$i<6;$i++) { Camellia_Feistel($i,16,4); } - - &add ($key,16*4); - &cmp ($key,$__end); - &je (&label("done")); - - # @T[0-1] are preloaded, $idx is preloaded with key[0] - &and ($idx,@T[0]); - &mov (@T[3],$__s3); - &rotl ($idx,1); - &mov (@T[2],@T[3]); - &xor (@T[1],$idx); - &or (@T[2],&DWP(12,$key)); - &mov ($__s1,@T[1]); # s1^=LeftRotate(s0&key[0],1); - &xor (@T[2],$__s2); - - &mov ($idx,&DWP(4,$key)); - &mov ($__s2,@T[2]); # s2^=s3|key[3]; - &or ($idx,@T[1]); - &and (@T[2],&DWP(8,$key)); - &xor (@T[0],$idx); - &rotl (@T[2],1); - &mov ($__s0,@T[0]); # s0^=s1|key[1]; - &xor (@T[3],@T[2]); - &mov ($idx,&DWP(16,$key)); # prefetch key[4] - &mov ($__s3,@T[3]); # s3^=LeftRotate(s2&key[2],1); - &jmp (&label("loop")); - -&set_label("done",8); - &mov (@T[2],@T[0]); # SwapHalf - &mov (@T[3],@T[1]); - &mov (@T[0],$__s2); - &mov (@T[1],$__s3); - &xor (@T[0],$idx); # $idx is preloaded with key[0] - &xor (@T[1],&DWP(4,$key)); - &xor (@T[2],&DWP(8,$key)); - &xor (@T[3],&DWP(12,$key)); - &ret (); -&function_end_B("_x86_Camellia_encrypt"); - -# void Camellia_DecryptBlock_Rounds( -# int grandRounds, -# const Byte ciphertext[], -# const KEY_TABLE_TYPE keyTable, -# Byte plaintext[]) -&function_begin("Camellia_DecryptBlock_Rounds"); - &mov ("eax",&wparam(0)); # load grandRounds - &mov ($idx,&wparam(1)); # load ciphertext pointer - &mov ($key,&wparam(2)); # load key schedule pointer - - &mov ("ebx","esp"); - &sub ("esp",7*4); # place for s[0-3],keyEnd,esp and ra - &and ("esp",-64); - - # place stack frame just "above mod 1024" the key schedule - # this ensures that cache associativity of 2 suffices - &lea ("ecx",&DWP(-64-63,$key)); - &sub ("ecx","esp"); - &neg ("ecx"); - &and ("ecx",0x3C0); # modulo 1024, but aligned to cache-line - &sub ("esp","ecx"); - &add ("esp",4); # 4 is reserved for callee's return address - - &shl ("eax",6); - &mov (&DWP(4*4,"esp"),$key); # save keyStart - &lea ($key,&DWP(0,$key,"eax")); - &mov (&DWP(5*4,"esp"),"ebx");# save %esp - - &picsetup($Tbl); - &picsymbol($Tbl, &label("Camellia_SBOX"), $Tbl); - - &mov (@T[0],&DWP(0,$idx)); # load ciphertext - &mov (@T[1],&DWP(4,$idx)); - &mov (@T[2],&DWP(8,$idx)); - &bswap (@T[0]); - &mov (@T[3],&DWP(12,$idx)); - &bswap (@T[1]); - &bswap (@T[2]); - &bswap (@T[3]); - - &call ("_x86_Camellia_decrypt"); - - &mov ("esp",&DWP(5*4,"esp")); - &bswap (@T[0]); - &mov ($idx,&wparam(3)); # load plaintext pointer - &bswap (@T[1]); - &bswap (@T[2]); - &bswap (@T[3]); - &mov (&DWP(0,$idx),@T[0]); # write plaintext - &mov (&DWP(4,$idx),@T[1]); - &mov (&DWP(8,$idx),@T[2]); - &mov (&DWP(12,$idx),@T[3]); -&function_end("Camellia_DecryptBlock_Rounds"); -# V1.x API -&function_begin_B("Camellia_DecryptBlock"); - &mov ("eax",128); - &sub ("eax",&wparam(0)); # load keyBitLength - &mov ("eax",3); - &adc ("eax",0); # keyBitLength==128?3:4 - &mov (&wparam(0),"eax"); - &jmp (&label("Camellia_DecryptBlock_Rounds")); -&function_end_B("Camellia_DecryptBlock"); - -if ($OPENSSL) { -# void Camellia_decrypt( -# const unsigned char *in, -# unsigned char *out, -# const CAMELLIA_KEY *key) -&function_begin("Camellia_decrypt"); - &mov ($idx,&wparam(0)); # load ciphertext pointer - &mov ($key,&wparam(2)); # load key schedule pointer - - &mov ("ebx","esp"); - &sub ("esp",7*4); # place for s[0-3],keyEnd,esp and ra - &and ("esp",-64); - &mov ("eax",&DWP(272,$key)); # load grandRounds counter - - # place stack frame just "above mod 1024" the key schedule - # this ensures that cache associativity of 2 suffices - &lea ("ecx",&DWP(-64-63,$key)); - &sub ("ecx","esp"); - &neg ("ecx"); - &and ("ecx",0x3C0); # modulo 1024, but aligned to cache-line - &sub ("esp","ecx"); - &add ("esp",4); # 4 is reserved for callee's return address - - &shl ("eax",6); - &mov (&DWP(4*4,"esp"),$key); # save keyStart - &lea ($key,&DWP(0,$key,"eax")); - &mov (&DWP(5*4,"esp"),"ebx");# save %esp - - &picsetup($Tbl); - &picsymbol($Tbl, &label("Camellia_SBOX"), $Tbl); - - &mov (@T[0],&DWP(0,$idx)); # load ciphertext - &mov (@T[1],&DWP(4,$idx)); - &mov (@T[2],&DWP(8,$idx)); - &bswap (@T[0]); - &mov (@T[3],&DWP(12,$idx)); - &bswap (@T[1]); - &bswap (@T[2]); - &bswap (@T[3]); - - &call ("_x86_Camellia_decrypt"); - - &mov ("esp",&DWP(5*4,"esp")); - &bswap (@T[0]); - &mov ($idx,&wparam(1)); # load plaintext pointer - &bswap (@T[1]); - &bswap (@T[2]); - &bswap (@T[3]); - &mov (&DWP(0,$idx),@T[0]); # write plaintext - &mov (&DWP(4,$idx),@T[1]); - &mov (&DWP(8,$idx),@T[2]); - &mov (&DWP(12,$idx),@T[3]); -&function_end("Camellia_decrypt"); -} - -&function_begin_B("_x86_Camellia_decrypt"); - &xor (@T[0],&DWP(0,$key)); # ^=key[0-3] - &xor (@T[1],&DWP(4,$key)); - &xor (@T[2],&DWP(8,$key)); - &xor (@T[3],&DWP(12,$key)); - &mov ($idx,&DWP(-8,$key)); # prefetch key[-2] - - &mov ($__s0,@T[0]); # save s[0-3] - &mov ($__s1,@T[1]); - &mov ($__s2,@T[2]); - &mov ($__s3,@T[3]); - -&set_label("loop",16); - for ($i=0;$i<6;$i++) { Camellia_Feistel($i,-8,4); } - - &sub ($key,16*4); - &cmp ($key,$__end); - &je (&label("done")); - - # @T[0-1] are preloaded, $idx is preloaded with key[2] - &and ($idx,@T[0]); - &mov (@T[3],$__s3); - &rotl ($idx,1); - &mov (@T[2],@T[3]); - &xor (@T[1],$idx); - &or (@T[2],&DWP(4,$key)); - &mov ($__s1,@T[1]); # s1^=LeftRotate(s0&key[0],1); - &xor (@T[2],$__s2); - - &mov ($idx,&DWP(12,$key)); - &mov ($__s2,@T[2]); # s2^=s3|key[3]; - &or ($idx,@T[1]); - &and (@T[2],&DWP(0,$key)); - &xor (@T[0],$idx); - &rotl (@T[2],1); - &mov ($__s0,@T[0]); # s0^=s1|key[1]; - &xor (@T[3],@T[2]); - &mov ($idx,&DWP(-8,$key)); # prefetch key[4] - &mov ($__s3,@T[3]); # s3^=LeftRotate(s2&key[2],1); - &jmp (&label("loop")); - -&set_label("done",8); - &mov (@T[2],@T[0]); # SwapHalf - &mov (@T[3],@T[1]); - &mov (@T[0],$__s2); - &mov (@T[1],$__s3); - &xor (@T[2],$idx); # $idx is preloaded with key[2] - &xor (@T[3],&DWP(12,$key)); - &xor (@T[0],&DWP(0,$key)); - &xor (@T[1],&DWP(4,$key)); - &ret (); -&function_end_B("_x86_Camellia_decrypt"); - -# shld is very slow on Intel P4 family. Even on AMD it limits -# instruction decode rate [because it's VectorPath] and consequently -# performance. PIII, PM and Core[2] seem to be the only ones which -# execute this code ~7% faster... -sub __rotl128 { - my ($i0,$i1,$i2,$i3,$rot,$rnd,@T)=@_; - - $rnd *= 2; - if ($rot) { - &mov ($idx,$i0); - &shld ($i0,$i1,$rot); - &shld ($i1,$i2,$rot); - &shld ($i2,$i3,$rot); - &shld ($i3,$idx,$rot); - } - &mov (&DWP(-128+4*$rnd++,$key),shift(@T)) if ($i0 eq @T[0]); - &mov (&DWP(-128+4*$rnd++,$key),shift(@T)) if ($i1 eq @T[0]); - &mov (&DWP(-128+4*$rnd++,$key),shift(@T)) if ($i2 eq @T[0]); - &mov (&DWP(-128+4*$rnd++,$key),shift(@T)) if ($i3 eq @T[0]); -} - -# ... Implementing 128-bit rotate without shld gives >3x performance -# improvement on P4, only ~7% degradation on other Intel CPUs and -# not worse performance on AMD. This is therefore preferred. -sub _rotl128 { - my ($i0,$i1,$i2,$i3,$rot,$rnd,@T)=@_; - - $rnd *= 2; - if ($rot) { - &mov ($Tbl,$i0); - &shl ($i0,$rot); - &mov ($idx,$i1); - &shr ($idx,32-$rot); - &shl ($i1,$rot); - &or ($i0,$idx); - &mov ($idx,$i2); - &shl ($i2,$rot); - &mov (&DWP(-128+4*$rnd++,$key),shift(@T)) if ($i0 eq @T[0]); - &shr ($idx,32-$rot); - &or ($i1,$idx); - &shr ($Tbl,32-$rot); - &mov ($idx,$i3); - &shr ($idx,32-$rot); - &mov (&DWP(-128+4*$rnd++,$key),shift(@T)) if ($i1 eq @T[0]); - &shl ($i3,$rot); - &or ($i2,$idx); - &or ($i3,$Tbl); - &mov (&DWP(-128+4*$rnd++,$key),shift(@T)) if ($i2 eq @T[0]); - &mov (&DWP(-128+4*$rnd++,$key),shift(@T)) if ($i3 eq @T[0]); - } else { - &mov (&DWP(-128+4*$rnd++,$key),shift(@T)) if ($i0 eq @T[0]); - &mov (&DWP(-128+4*$rnd++,$key),shift(@T)) if ($i1 eq @T[0]); - &mov (&DWP(-128+4*$rnd++,$key),shift(@T)) if ($i2 eq @T[0]); - &mov (&DWP(-128+4*$rnd++,$key),shift(@T)) if ($i3 eq @T[0]); - } -} - -sub _saveround { -my ($rnd,$key,@T)=@_; -my $bias=int(@T[0])?shift(@T):0; - - &mov (&DWP($bias+$rnd*8+0,$key),@T[0]); - &mov (&DWP($bias+$rnd*8+4,$key),@T[1]) if ($#T>=1); - &mov (&DWP($bias+$rnd*8+8,$key),@T[2]) if ($#T>=2); - &mov (&DWP($bias+$rnd*8+12,$key),@T[3]) if ($#T>=3); -} - -sub _loadround { -my ($rnd,$key,@T)=@_; -my $bias=int(@T[0])?shift(@T):0; - - &mov (@T[0],&DWP($bias+$rnd*8+0,$key)); - &mov (@T[1],&DWP($bias+$rnd*8+4,$key)) if ($#T>=1); - &mov (@T[2],&DWP($bias+$rnd*8+8,$key)) if ($#T>=2); - &mov (@T[3],&DWP($bias+$rnd*8+12,$key)) if ($#T>=3); -} - -# void Camellia_Ekeygen( -# const int keyBitLength, -# const Byte *rawKey, -# KEY_TABLE_TYPE keyTable) -&function_begin("Camellia_Ekeygen"); -{ my $step=0; - - &stack_push(4); # place for s[0-3] - - &mov ($Tbl,&wparam(0)); # load arguments - &mov ($idx,&wparam(1)); - &mov ($key,&wparam(2)); - - &mov (@T[0],&DWP(0,$idx)); # load 0-127 bits - &mov (@T[1],&DWP(4,$idx)); - &mov (@T[2],&DWP(8,$idx)); - &mov (@T[3],&DWP(12,$idx)); - - &bswap (@T[0]); - &bswap (@T[1]); - &bswap (@T[2]); - &bswap (@T[3]); - - &_saveround (0,$key,@T); # KL<<<0 - - &cmp ($Tbl,128); - &je (&label("1st128")); - - &mov (@T[0],&DWP(16,$idx)); # load 128-191 bits - &mov (@T[1],&DWP(20,$idx)); - &cmp ($Tbl,192); - &je (&label("1st192")); - &mov (@T[2],&DWP(24,$idx)); # load 192-255 bits - &mov (@T[3],&DWP(28,$idx)); - &jmp (&label("1st256")); -&set_label("1st192",4); - &mov (@T[2],@T[0]); - &mov (@T[3],@T[1]); - ¬ (@T[2]); - ¬ (@T[3]); -&set_label("1st256",4); - &bswap (@T[0]); - &bswap (@T[1]); - &bswap (@T[2]); - &bswap (@T[3]); - - &_saveround (4,$key,@T); # temporary storage for KR! - - &xor (@T[0],&DWP(0*8+0,$key)); # KR^KL - &xor (@T[1],&DWP(0*8+4,$key)); - &xor (@T[2],&DWP(1*8+0,$key)); - &xor (@T[3],&DWP(1*8+4,$key)); - -&set_label("1st128",4); - &picsetup($Tbl); - &picsymbol($Tbl, &label("Camellia_SBOX"), $Tbl); - &lea ($key,&DWP(&label("Camellia_SIGMA")."-".&label("Camellia_SBOX"),$Tbl)); - - &mov ($idx,&DWP($step*8,$key)); # prefetch SIGMA[0] - &mov (&swtmp(0),@T[0]); # save s[0-3] - &mov (&swtmp(1),@T[1]); - &mov (&swtmp(2),@T[2]); - &mov (&swtmp(3),@T[3]); - &Camellia_Feistel($step++); - &Camellia_Feistel($step++); - &mov (@T[2],&swtmp(2)); - &mov (@T[3],&swtmp(3)); - - &mov ($idx,&wparam(2)); - &xor (@T[0],&DWP(0*8+0,$idx)); # ^KL - &xor (@T[1],&DWP(0*8+4,$idx)); - &xor (@T[2],&DWP(1*8+0,$idx)); - &xor (@T[3],&DWP(1*8+4,$idx)); - - &mov ($idx,&DWP($step*8,$key)); # prefetch SIGMA[4] - &mov (&swtmp(0),@T[0]); # save s[0-3] - &mov (&swtmp(1),@T[1]); - &mov (&swtmp(2),@T[2]); - &mov (&swtmp(3),@T[3]); - &Camellia_Feistel($step++); - &Camellia_Feistel($step++); - &mov (@T[2],&swtmp(2)); - &mov (@T[3],&swtmp(3)); - - &mov ($idx,&wparam(0)); - &cmp ($idx,128); - &jne (&label("2nd256")); - - &mov ($key,&wparam(2)); - &lea ($key,&DWP(128,$key)); # size optimization - - ####### process KA - &_saveround (2,$key,-128,@T); # KA<<<0 - &_rotl128 (@T,15,6,@T); # KA<<<15 - &_rotl128 (@T,15,8,@T); # KA<<<(15+15=30) - &_rotl128 (@T,15,12,@T[0],@T[1]); # KA<<<(30+15=45) - &_rotl128 (@T,15,14,@T); # KA<<<(45+15=60) - push (@T,shift(@T)); # rotl128(@T,32); - &_rotl128 (@T,2,20,@T); # KA<<<(60+32+2=94) - &_rotl128 (@T,17,24,@T); # KA<<<(94+17=111) - - ####### process KL - &_loadround (0,$key,-128,@T); # load KL - &_rotl128 (@T,15,4,@T); # KL<<<15 - &_rotl128 (@T,30,10,@T); # KL<<<(15+30=45) - &_rotl128 (@T,15,13,@T[2],@T[3]); # KL<<<(45+15=60) - &_rotl128 (@T,17,16,@T); # KL<<<(60+17=77) - &_rotl128 (@T,17,18,@T); # KL<<<(77+17=94) - &_rotl128 (@T,17,22,@T); # KL<<<(94+17=111) - - while (@T[0] ne "eax") # restore order - { unshift (@T,pop(@T)); } - - &mov ("eax",3); # 3 grandRounds - &jmp (&label("done")); - -&set_label("2nd256",16); - &mov ($idx,&wparam(2)); - &_saveround (6,$idx,@T); # temporary storage for KA! - - &xor (@T[0],&DWP(4*8+0,$idx)); # KA^KR - &xor (@T[1],&DWP(4*8+4,$idx)); - &xor (@T[2],&DWP(5*8+0,$idx)); - &xor (@T[3],&DWP(5*8+4,$idx)); - - &mov ($idx,&DWP($step*8,$key)); # prefetch SIGMA[8] - &mov (&swtmp(0),@T[0]); # save s[0-3] - &mov (&swtmp(1),@T[1]); - &mov (&swtmp(2),@T[2]); - &mov (&swtmp(3),@T[3]); - &Camellia_Feistel($step++); - &Camellia_Feistel($step++); - &mov (@T[2],&swtmp(2)); - &mov (@T[3],&swtmp(3)); - - &mov ($key,&wparam(2)); - &lea ($key,&DWP(128,$key)); # size optimization - - ####### process KB - &_saveround (2,$key,-128,@T); # KB<<<0 - &_rotl128 (@T,30,10,@T); # KB<<<30 - &_rotl128 (@T,30,20,@T); # KB<<<(30+30=60) - push (@T,shift(@T)); # rotl128(@T,32); - &_rotl128 (@T,19,32,@T); # KB<<<(60+32+19=111) - - ####### process KR - &_loadround (4,$key,-128,@T); # load KR - &_rotl128 (@T,15,4,@T); # KR<<<15 - &_rotl128 (@T,15,8,@T); # KR<<<(15+15=30) - &_rotl128 (@T,30,18,@T); # KR<<<(30+30=60) - push (@T,shift(@T)); # rotl128(@T,32); - &_rotl128 (@T,2,26,@T); # KR<<<(60+32+2=94) - - ####### process KA - &_loadround (6,$key,-128,@T); # load KA - &_rotl128 (@T,15,6,@T); # KA<<<15 - &_rotl128 (@T,30,14,@T); # KA<<<(15+30=45) - push (@T,shift(@T)); # rotl128(@T,32); - &_rotl128 (@T,0,24,@T); # KA<<<(45+32+0=77) - &_rotl128 (@T,17,28,@T); # KA<<<(77+17=94) - - ####### process KL - &_loadround (0,$key,-128,@T); # load KL - push (@T,shift(@T)); # rotl128(@T,32); - &_rotl128 (@T,13,12,@T); # KL<<<(32+13=45) - &_rotl128 (@T,15,16,@T); # KL<<<(45+15=60) - &_rotl128 (@T,17,22,@T); # KL<<<(60+17=77) - push (@T,shift(@T)); # rotl128(@T,32); - &_rotl128 (@T,2,30,@T); # KL<<<(77+32+2=111) - - while (@T[0] ne "eax") # restore order - { unshift (@T,pop(@T)); } - - &mov ("eax",4); # 4 grandRounds -&set_label("done"); - &lea ("edx",&DWP(272-128,$key)); # end of key schedule - &stack_pop(4); -} -&function_end("Camellia_Ekeygen"); - -if ($OPENSSL) { -# int Camellia_set_key ( -# const unsigned char *userKey, -# int bits, -# CAMELLIA_KEY *key) -&function_begin_B("Camellia_set_key"); - &push ("ebx"); - &mov ("ecx",&wparam(0)); # pull arguments - &mov ("ebx",&wparam(1)); - &mov ("edx",&wparam(2)); - - &mov ("eax",-1); - &test ("ecx","ecx"); - &jz (&label("done")); # userKey==NULL? - &test ("edx","edx"); - &jz (&label("done")); # key==NULL? - - &mov ("eax",-2); - &cmp ("ebx",256); - &je (&label("arg_ok")); # bits==256? - &cmp ("ebx",192); - &je (&label("arg_ok")); # bits==192? - &cmp ("ebx",128); - &jne (&label("done")); # bits!=128? -&set_label("arg_ok",4); - - &push ("edx"); # push arguments - &push ("ecx"); - &push ("ebx"); - &call ("Camellia_Ekeygen"); - &stack_pop(3); - - # eax holds grandRounds and edx points at where to put it - &mov (&DWP(0,"edx"),"eax"); - &xor ("eax","eax"); -&set_label("done",4); - &pop ("ebx"); - &ret (); -&function_end_B("Camellia_set_key"); -} - -@SBOX=( -112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65, - 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189, -134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26, -166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77, -139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153, -223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215, - 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34, -254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80, -170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210, - 16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148, -135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226, - 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46, -233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89, -120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250, -114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164, - 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158); - -sub S1110 { my $i=shift; $i=@SBOX[$i]; return $i<<24|$i<<16|$i<<8; } -sub S4404 { my $i=shift; $i=($i<<1|$i>>7)&0xff; $i=@SBOX[$i]; return $i<<24|$i<<16|$i; } -sub S0222 { my $i=shift; $i=@SBOX[$i]; $i=($i<<1|$i>>7)&0xff; return $i<<16|$i<<8|$i; } -sub S3033 { my $i=shift; $i=@SBOX[$i]; $i=($i>>1|$i<<7)&0xff; return $i<<24|$i<<8|$i; } - - &rodataseg(); -&set_label("Camellia_SIGMA",64); -&data_word( - 0xa09e667f, 0x3bcc908b, 0xb67ae858, 0x4caa73b2, - 0xc6ef372f, 0xe94f82be, 0x54ff53a5, 0xf1d36f1c, - 0x10e527fa, 0xde682d1d, 0xb05688c2, 0xb3e6c1fd, - 0, 0, 0, 0); -&set_label("Camellia_SBOX",64); -# tables are interleaved, remember? -for ($i=0;$i<256;$i++) { &data_word(&S1110($i),&S4404($i)); } -for ($i=0;$i<256;$i++) { &data_word(&S0222($i),&S3033($i)); } - &previous(); - -# void Camellia_cbc_encrypt (const void char *inp, unsigned char *out, -# size_t length, const CAMELLIA_KEY *key, -# unsigned char *ivp,const int enc); -{ -# stack frame layout -# -4(%esp) # return address 0(%esp) -# 0(%esp) # s0 4(%esp) -# 4(%esp) # s1 8(%esp) -# 8(%esp) # s2 12(%esp) -# 12(%esp) # s3 16(%esp) -# 16(%esp) # end of key schedule 20(%esp) -# 20(%esp) # %esp backup -my $_inp=&DWP(24,"esp"); #copy of wparam(0) -my $_out=&DWP(28,"esp"); #copy of wparam(1) -my $_len=&DWP(32,"esp"); #copy of wparam(2) -my $_key=&DWP(36,"esp"); #copy of wparam(3) -my $_ivp=&DWP(40,"esp"); #copy of wparam(4) -my $ivec=&DWP(44,"esp"); #ivec[16] -my $_tmp=&DWP(44,"esp"); #volatile variable [yes, aliases with ivec] -my ($s0,$s1,$s2,$s3) = @T; - -&function_begin("Camellia_cbc_encrypt"); - &mov ($s2 eq "ecx"? $s2 : "",&wparam(2)); # load len - &cmp ($s2,0); - &je (&label("enc_out")); - - &pushf (); - &cld (); - - &mov ($s0,&wparam(0)); # load inp - &mov ($s1,&wparam(1)); # load out - #&mov ($s2,&wparam(2)); # load len - &mov ($s3,&wparam(3)); # load key - &mov ($Tbl,&wparam(4)); # load ivp - - # allocate aligned stack frame... - &lea ($idx,&DWP(-64,"esp")); - &and ($idx,-64); - - # place stack frame just "above mod 1024" the key schedule - # this ensures that cache associativity of 2 suffices - &lea ($key,&DWP(-64-63,$s3)); - &sub ($key,$idx); - &neg ($key); - &and ($key,0x3C0); # modulo 1024, but aligned to cache-line - &sub ($idx,$key); - - &mov ($key,&wparam(5)); # load enc - - &exch ("esp",$idx); - &add ("esp",4); # reserve for return address! - &mov ($_esp,$idx); # save %esp - - &mov ($_inp,$s0); # save copy of inp - &mov ($_out,$s1); # save copy of out - &mov ($_len,$s2); # save copy of len - &mov ($_key,$s3); # save copy of key - &mov ($_ivp,$Tbl); # save copy of ivp - - &picsetup($Tbl); - &picsymbol($Tbl, &label("Camellia_SBOX"), $Tbl); - - &mov ($idx,32); - &set_label("prefetch_sbox",4); - &mov ($s0,&DWP(0,$Tbl)); - &mov ($s1,&DWP(32,$Tbl)); - &mov ($s2,&DWP(64,$Tbl)); - &mov ($s3,&DWP(96,$Tbl)); - &lea ($Tbl,&DWP(128,$Tbl)); - &dec ($idx); - &jnz (&label("prefetch_sbox")); - &mov ($s0,$_key); - &sub ($Tbl,4096); - &mov ($idx,$_inp); - &mov ($s3,&DWP(272,$s0)); # load grandRounds - - &cmp ($key,0); - &je (&label("DECRYPT")); - - &mov ($s2,$_len); - &mov ($key,$_ivp); - &shl ($s3,6); - &lea ($s3,&DWP(0,$s0,$s3)); - &mov ($_end,$s3); - - &test ($s2,0xFFFFFFF0); - &jz (&label("enc_tail")); # short input... - - &mov ($s0,&DWP(0,$key)); # load iv - &mov ($s1,&DWP(4,$key)); - - &set_label("enc_loop",4); - &mov ($s2,&DWP(8,$key)); - &mov ($s3,&DWP(12,$key)); - - &xor ($s0,&DWP(0,$idx)); # xor input data - &xor ($s1,&DWP(4,$idx)); - &xor ($s2,&DWP(8,$idx)); - &bswap ($s0); - &xor ($s3,&DWP(12,$idx)); - &bswap ($s1); - &mov ($key,$_key); # load key - &bswap ($s2); - &bswap ($s3); - - &call ("_x86_Camellia_encrypt"); - - &mov ($idx,$_inp); # load inp - &mov ($key,$_out); # load out - - &bswap ($s0); - &bswap ($s1); - &bswap ($s2); - &mov (&DWP(0,$key),$s0); # save output data - &bswap ($s3); - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - - &mov ($s2,$_len); # load len - - &lea ($idx,&DWP(16,$idx)); - &mov ($_inp,$idx); # save inp - - &lea ($s3,&DWP(16,$key)); - &mov ($_out,$s3); # save out - - &sub ($s2,16); - &test ($s2,0xFFFFFFF0); - &mov ($_len,$s2); # save len - &jnz (&label("enc_loop")); - &test ($s2,15); - &jnz (&label("enc_tail")); - &mov ($idx,$_ivp); # load ivp - &mov ($s2,&DWP(8,$key)); # restore last dwords - &mov ($s3,&DWP(12,$key)); - &mov (&DWP(0,$idx),$s0); # save ivec - &mov (&DWP(4,$idx),$s1); - &mov (&DWP(8,$idx),$s2); - &mov (&DWP(12,$idx),$s3); - - &mov ("esp",$_esp); - &popf (); - &set_label("enc_out"); - &function_end_A(); - &pushf (); # kludge, never executed - - &set_label("enc_tail",4); - &mov ($s0,$key eq "edi" ? $key : ""); - &mov ($key,$_out); # load out - &push ($s0); # push ivp - &mov ($s1,16); - &sub ($s1,$s2); - &cmp ($key,$idx); # compare with inp - &je (&label("enc_in_place")); - &align (4); - &data_word(0xA4F3F689); # rep movsb # copy input - &jmp (&label("enc_skip_in_place")); - &set_label("enc_in_place"); - &lea ($key,&DWP(0,$key,$s2)); - &set_label("enc_skip_in_place"); - &mov ($s2,$s1); - &xor ($s0,$s0); - &align (4); - &data_word(0xAAF3F689); # rep stosb # zero tail - &pop ($key); # pop ivp - - &mov ($idx,$_out); # output as input - &mov ($s0,&DWP(0,$key)); - &mov ($s1,&DWP(4,$key)); - &mov ($_len,16); # len=16 - &jmp (&label("enc_loop")); # one more spin... - -#----------------------------- DECRYPT -----------------------------# -&set_label("DECRYPT",16); - &shl ($s3,6); - &lea ($s3,&DWP(0,$s0,$s3)); - &mov ($_end,$s0); - &mov ($_key,$s3); - - &cmp ($idx,$_out); - &je (&label("dec_in_place")); # in-place processing... - - &mov ($key,$_ivp); # load ivp - &mov ($_tmp,$key); - - &set_label("dec_loop",4); - &mov ($s0,&DWP(0,$idx)); # read input - &mov ($s1,&DWP(4,$idx)); - &mov ($s2,&DWP(8,$idx)); - &bswap ($s0); - &mov ($s3,&DWP(12,$idx)); - &bswap ($s1); - &mov ($key,$_key); # load key - &bswap ($s2); - &bswap ($s3); - - &call ("_x86_Camellia_decrypt"); - - &mov ($key,$_tmp); # load ivp - &mov ($idx,$_len); # load len - - &bswap ($s0); - &bswap ($s1); - &bswap ($s2); - &xor ($s0,&DWP(0,$key)); # xor iv - &bswap ($s3); - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &sub ($idx,16); - &jc (&label("dec_partial")); - &mov ($_len,$idx); # save len - &mov ($idx,$_inp); # load inp - &mov ($key,$_out); # load out - - &mov (&DWP(0,$key),$s0); # write output - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - - &mov ($_tmp,$idx); # save ivp - &lea ($idx,&DWP(16,$idx)); - &mov ($_inp,$idx); # save inp - - &lea ($key,&DWP(16,$key)); - &mov ($_out,$key); # save out - - &jnz (&label("dec_loop")); - &mov ($key,$_tmp); # load temp ivp - &set_label("dec_end"); - &mov ($idx,$_ivp); # load user ivp - &mov ($s0,&DWP(0,$key)); # load iv - &mov ($s1,&DWP(4,$key)); - &mov ($s2,&DWP(8,$key)); - &mov ($s3,&DWP(12,$key)); - &mov (&DWP(0,$idx),$s0); # copy back to user - &mov (&DWP(4,$idx),$s1); - &mov (&DWP(8,$idx),$s2); - &mov (&DWP(12,$idx),$s3); - &jmp (&label("dec_out")); - - &set_label("dec_partial",4); - &lea ($key,$ivec); - &mov (&DWP(0,$key),$s0); # dump output to stack - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - &lea ($s2 eq "ecx" ? $s2 : "",&DWP(16,$idx)); - &mov ($idx eq "esi" ? $idx : "",$key); - &mov ($key eq "edi" ? $key : "",$_out); # load out - &data_word(0xA4F3F689); # rep movsb # copy output - &mov ($key,$_inp); # use inp as temp ivp - &jmp (&label("dec_end")); - - &set_label("dec_in_place",4); - &set_label("dec_in_place_loop"); - &lea ($key,$ivec); - &mov ($s0,&DWP(0,$idx)); # read input - &mov ($s1,&DWP(4,$idx)); - &mov ($s2,&DWP(8,$idx)); - &mov ($s3,&DWP(12,$idx)); - - &mov (&DWP(0,$key),$s0); # copy to temp - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &bswap ($s0); - &mov (&DWP(12,$key),$s3); - &bswap ($s1); - &mov ($key,$_key); # load key - &bswap ($s2); - &bswap ($s3); - - &call ("_x86_Camellia_decrypt"); - - &mov ($key,$_ivp); # load ivp - &mov ($idx,$_out); # load out - - &bswap ($s0); - &bswap ($s1); - &bswap ($s2); - &xor ($s0,&DWP(0,$key)); # xor iv - &bswap ($s3); - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &mov (&DWP(0,$idx),$s0); # write output - &mov (&DWP(4,$idx),$s1); - &mov (&DWP(8,$idx),$s2); - &mov (&DWP(12,$idx),$s3); - - &lea ($idx,&DWP(16,$idx)); - &mov ($_out,$idx); # save out - - &lea ($idx,$ivec); - &mov ($s0,&DWP(0,$idx)); # read temp - &mov ($s1,&DWP(4,$idx)); - &mov ($s2,&DWP(8,$idx)); - &mov ($s3,&DWP(12,$idx)); - - &mov (&DWP(0,$key),$s0); # copy iv - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - - &mov ($idx,$_inp); # load inp - - &lea ($idx,&DWP(16,$idx)); - &mov ($_inp,$idx); # save inp - - &mov ($s2,$_len); # load len - &sub ($s2,16); - &jc (&label("dec_in_place_partial")); - &mov ($_len,$s2); # save len - &jnz (&label("dec_in_place_loop")); - &jmp (&label("dec_out")); - - &set_label("dec_in_place_partial",4); - # one can argue if this is actually required... - &mov ($key eq "edi" ? $key : "",$_out); - &lea ($idx eq "esi" ? $idx : "",$ivec); - &lea ($key,&DWP(0,$key,$s2)); - &lea ($idx,&DWP(16,$idx,$s2)); - &neg ($s2 eq "ecx" ? $s2 : ""); - &data_word(0xA4F3F689); # rep movsb # restore tail - - &set_label("dec_out",4); - &mov ("esp",$_esp); - &popf (); -&function_end("Camellia_cbc_encrypt"); -} - -&asm_finish(); diff --git a/lib/libcrypto/camellia/asm/cmll-x86_64.pl b/lib/libcrypto/camellia/asm/cmll-x86_64.pl deleted file mode 100644 index 187f0596d..000000000 --- a/lib/libcrypto/camellia/asm/cmll-x86_64.pl +++ /dev/null @@ -1,875 +0,0 @@ -#!/usr/bin/env perl - -# ==================================================================== -# Copyright (c) 2008 Andy Polyakov -# -# This module may be used under the terms of either the GNU General -# Public License version 2 or later, the GNU Lesser General Public -# License version 2.1 or later, the Mozilla Public License version -# 1.1 or the BSD License. The exact terms of either license are -# distributed along with this module. For further details see -# http://www.openssl.org/~appro/camellia/. -# ==================================================================== - -# Performance in cycles per processed byte (less is better) in -# 'openssl speed ...' benchmark: -# -# AMD64 Core2 EM64T -# -evp camellia-128-ecb 16.7 21.0 22.7 -# + over gcc 3.4.6 +25% +5% 0% -# -# camellia-128-cbc 15.7 20.4 21.1 -# -# 128-bit key setup 128 216 205 cycles/key -# + over gcc 3.4.6 +54% +39% +15% -# -# Numbers in "+" rows represent performance improvement over compiler -# generated code. Key setup timings are impressive on AMD and Core2 -# thanks to 64-bit operations being covertly deployed. Improvement on -# EM64T, pre-Core2 Intel x86_64 CPU, is not as impressive, because it -# apparently emulates some of 64-bit operations in [32-bit] microcode. - -$flavour = shift; -$output = shift; -if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -open OUT,"| \"$^X\" $xlate $flavour $output"; -*STDOUT=*OUT; - -sub hi() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1h/; $r; } -sub lo() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1l/; - $r =~ s/%[er]([sd]i)/%\1l/; - $r =~ s/%(r[0-9]+)[d]?/%\1b/; $r; } - -$t0="%eax";$t1="%ebx";$t2="%ecx";$t3="%edx"; -@S=("%r8d","%r9d","%r10d","%r11d"); -$i0="%esi"; -$i1="%edi"; -$Tbl="%rbp"; # size optimization -$inp="%r12"; -$out="%r13"; -$key="%r14"; -$keyend="%r15"; -$arg0d="%edi"; - -# const unsigned int Camellia_SBOX[4][256]; -# Well, sort of... Camellia_SBOX[0][] is interleaved with [1][], -# and [2][] - with [3][]. This is done to minimize code size. -$SBOX1_1110=0; # Camellia_SBOX[0] -$SBOX4_4404=4; # Camellia_SBOX[1] -$SBOX2_0222=2048; # Camellia_SBOX[2] -$SBOX3_3033=2052; # Camellia_SBOX[3] - -sub Camellia_Feistel { -my $i=@_[0]; -my $seed=defined(@_[1])?@_[1]:0; -my $scale=$seed<0?-8:8; -my $j=($i&1)*2; -my $s0=@S[($j)%4],$s1=@S[($j+1)%4],$s2=@S[($j+2)%4],$s3=@S[($j+3)%4]; - -$code.=<<___; - xor $s0,$t0 # t0^=key[0] - xor $s1,$t1 # t1^=key[1] - movz `&hi("$t0")`,$i0 # (t0>>8)&0xff - movz `&lo("$t1")`,$i1 # (t1>>0)&0xff - mov $SBOX3_3033($Tbl,$i0,8),$t3 # t3=SBOX3_3033[0] - mov $SBOX1_1110($Tbl,$i1,8),$t2 # t2=SBOX1_1110[1] - movz `&lo("$t0")`,$i0 # (t0>>0)&0xff - shr \$16,$t0 - movz `&hi("$t1")`,$i1 # (t1>>8)&0xff - xor $SBOX4_4404($Tbl,$i0,8),$t3 # t3^=SBOX4_4404[0] - shr \$16,$t1 - xor $SBOX4_4404($Tbl,$i1,8),$t2 # t2^=SBOX4_4404[1] - movz `&hi("$t0")`,$i0 # (t0>>24)&0xff - movz `&lo("$t1")`,$i1 # (t1>>16)&0xff - xor $SBOX1_1110($Tbl,$i0,8),$t3 # t3^=SBOX1_1110[0] - xor $SBOX3_3033($Tbl,$i1,8),$t2 # t2^=SBOX3_3033[1] - movz `&lo("$t0")`,$i0 # (t0>>16)&0xff - movz `&hi("$t1")`,$i1 # (t1>>24)&0xff - xor $SBOX2_0222($Tbl,$i0,8),$t3 # t3^=SBOX2_0222[0] - xor $SBOX2_0222($Tbl,$i1,8),$t2 # t2^=SBOX2_0222[1] - mov `$seed+($i+1)*$scale`($key),$t1 # prefetch key[i+1] - mov `$seed+($i+1)*$scale+4`($key),$t0 - xor $t3,$t2 # t2^=t3 - ror \$8,$t3 # t3=RightRotate(t3,8) - xor $t2,$s2 - xor $t2,$s3 - xor $t3,$s3 -___ -} - -# void Camellia_EncryptBlock_Rounds( -# int grandRounds, -# const Byte plaintext[], -# const KEY_TABLE_TYPE keyTable, -# Byte ciphertext[]) -$code=<<___; -.text - -# V1.x API -.globl Camellia_EncryptBlock -.type Camellia_EncryptBlock,\@abi-omnipotent -.align 16 -Camellia_EncryptBlock: - _CET_ENDBR - movl \$128,%eax - subl $arg0d,%eax - movl \$3,$arg0d - adcl \$0,$arg0d # keyBitLength==128?3:4 - jmp .Lenc_rounds -.size Camellia_EncryptBlock,.-Camellia_EncryptBlock -# V2 -.globl Camellia_EncryptBlock_Rounds -.type Camellia_EncryptBlock_Rounds,\@function,4 -.align 16 -.Lenc_rounds: -Camellia_EncryptBlock_Rounds: - _CET_ENDBR - push %rbx - push %rbp - push %r13 - push %r14 - push %r15 -.Lenc_prologue: - - #mov %rsi,$inp # put away arguments - mov %rcx,$out - mov %rdx,$key - - shl \$6,%edi # process grandRounds - lea .LCamellia_SBOX(%rip),$Tbl - lea ($key,%rdi),$keyend - - mov 0(%rsi),@S[0] # load plaintext - mov 4(%rsi),@S[1] - mov 8(%rsi),@S[2] - bswap @S[0] - mov 12(%rsi),@S[3] - bswap @S[1] - bswap @S[2] - bswap @S[3] - - call _x86_64_Camellia_encrypt - - bswap @S[0] - bswap @S[1] - bswap @S[2] - mov @S[0],0($out) - bswap @S[3] - mov @S[1],4($out) - mov @S[2],8($out) - mov @S[3],12($out) - - mov 0(%rsp),%r15 - mov 8(%rsp),%r14 - mov 16(%rsp),%r13 - mov 24(%rsp),%rbp - mov 32(%rsp),%rbx - lea 40(%rsp),%rsp -.Lenc_epilogue: - ret -.size Camellia_EncryptBlock_Rounds,.-Camellia_EncryptBlock_Rounds - -.type _x86_64_Camellia_encrypt,\@abi-omnipotent -.align 16 -_x86_64_Camellia_encrypt: - _CET_ENDBR - xor 0($key),@S[1] - xor 4($key),@S[0] # ^=key[0-3] - xor 8($key),@S[3] - xor 12($key),@S[2] -.align 16 -.Leloop: - mov 16($key),$t1 # prefetch key[4-5] - mov 20($key),$t0 - -___ - for ($i=0;$i<6;$i++) { Camellia_Feistel($i,16); } -$code.=<<___; - lea 16*4($key),$key - cmp $keyend,$key - mov 8($key),$t3 # prefetch key[2-3] - mov 12($key),$t2 - je .Ledone - - and @S[0],$t0 - or @S[3],$t3 - rol \$1,$t0 - xor $t3,@S[2] # s2^=s3|key[3]; - xor $t0,@S[1] # s1^=LeftRotate(s0&key[0],1); - and @S[2],$t2 - or @S[1],$t1 - rol \$1,$t2 - xor $t1,@S[0] # s0^=s1|key[1]; - xor $t2,@S[3] # s3^=LeftRotate(s2&key[2],1); - jmp .Leloop - -.align 16 -.Ledone: - xor @S[2],$t0 # SwapHalf - xor @S[3],$t1 - xor @S[0],$t2 - xor @S[1],$t3 - - mov $t0,@S[0] - mov $t1,@S[1] - mov $t2,@S[2] - mov $t3,@S[3] - - retq -.size _x86_64_Camellia_encrypt,.-_x86_64_Camellia_encrypt - -# V1.x API -.globl Camellia_DecryptBlock -.type Camellia_DecryptBlock,\@abi-omnipotent -.align 16 -Camellia_DecryptBlock: - _CET_ENDBR - movl \$128,%eax - subl $arg0d,%eax - movl \$3,$arg0d - adcl \$0,$arg0d # keyBitLength==128?3:4 - jmp .Ldec_rounds -.size Camellia_DecryptBlock,.-Camellia_DecryptBlock -# V2 -.globl Camellia_DecryptBlock_Rounds -.type Camellia_DecryptBlock_Rounds,\@function,4 -.align 16 -.Ldec_rounds: -Camellia_DecryptBlock_Rounds: - _CET_ENDBR - push %rbx - push %rbp - push %r13 - push %r14 - push %r15 -.Ldec_prologue: - - #mov %rsi,$inp # put away arguments - mov %rcx,$out - mov %rdx,$keyend - - shl \$6,%edi # process grandRounds - lea .LCamellia_SBOX(%rip),$Tbl - lea ($keyend,%rdi),$key - - mov 0(%rsi),@S[0] # load plaintext - mov 4(%rsi),@S[1] - mov 8(%rsi),@S[2] - bswap @S[0] - mov 12(%rsi),@S[3] - bswap @S[1] - bswap @S[2] - bswap @S[3] - - call _x86_64_Camellia_decrypt - - bswap @S[0] - bswap @S[1] - bswap @S[2] - mov @S[0],0($out) - bswap @S[3] - mov @S[1],4($out) - mov @S[2],8($out) - mov @S[3],12($out) - - mov 0(%rsp),%r15 - mov 8(%rsp),%r14 - mov 16(%rsp),%r13 - mov 24(%rsp),%rbp - mov 32(%rsp),%rbx - lea 40(%rsp),%rsp -.Ldec_epilogue: - ret -.size Camellia_DecryptBlock_Rounds,.-Camellia_DecryptBlock_Rounds - -.type _x86_64_Camellia_decrypt,\@abi-omnipotent -.align 16 -_x86_64_Camellia_decrypt: - _CET_ENDBR - xor 0($key),@S[1] - xor 4($key),@S[0] # ^=key[0-3] - xor 8($key),@S[3] - xor 12($key),@S[2] -.align 16 -.Ldloop: - mov -8($key),$t1 # prefetch key[4-5] - mov -4($key),$t0 - -___ - for ($i=0;$i<6;$i++) { Camellia_Feistel($i,-8); } -$code.=<<___; - lea -16*4($key),$key - cmp $keyend,$key - mov 0($key),$t3 # prefetch key[2-3] - mov 4($key),$t2 - je .Lddone - - and @S[0],$t0 - or @S[3],$t3 - rol \$1,$t0 - xor $t3,@S[2] # s2^=s3|key[3]; - xor $t0,@S[1] # s1^=LeftRotate(s0&key[0],1); - and @S[2],$t2 - or @S[1],$t1 - rol \$1,$t2 - xor $t1,@S[0] # s0^=s1|key[1]; - xor $t2,@S[3] # s3^=LeftRotate(s2&key[2],1); - - jmp .Ldloop - -.align 16 -.Lddone: - xor @S[2],$t2 - xor @S[3],$t3 - xor @S[0],$t0 - xor @S[1],$t1 - - mov $t2,@S[0] # SwapHalf - mov $t3,@S[1] - mov $t0,@S[2] - mov $t1,@S[3] - - retq -.size _x86_64_Camellia_decrypt,.-_x86_64_Camellia_decrypt -___ - -sub _saveround { -my ($rnd,$key,@T)=@_; -my $bias=int(@T[0])?shift(@T):0; - - if ($#T==3) { - $code.=<<___; - mov @T[1],`$bias+$rnd*8+0`($key) - mov @T[0],`$bias+$rnd*8+4`($key) - mov @T[3],`$bias+$rnd*8+8`($key) - mov @T[2],`$bias+$rnd*8+12`($key) -___ - } else { - $code.=" mov @T[0],`$bias+$rnd*8+0`($key)\n"; - $code.=" mov @T[1],`$bias+$rnd*8+8`($key)\n" if ($#T>=1); - } -} - -sub _loadround { -my ($rnd,$key,@T)=@_; -my $bias=int(@T[0])?shift(@T):0; - -$code.=" mov `$bias+$rnd*8+0`($key),@T[0]\n"; -$code.=" mov `$bias+$rnd*8+8`($key),@T[1]\n" if ($#T>=1); -} - -# shld is very slow on Intel EM64T family. Even on AMD it limits -# instruction decode rate [because it's VectorPath] and consequently -# performance... -sub __rotl128 { -my ($i0,$i1,$rot)=@_; - - if ($rot) { - $code.=<<___; - mov $i0,%r11 - shld \$$rot,$i1,$i0 - shld \$$rot,%r11,$i1 -___ - } -} - -# ... Implementing 128-bit rotate without shld gives 80% better -# performance EM64T, +15% on AMD64 and only ~7% degradation on -# Core2. This is therefore preferred. -sub _rotl128 { -my ($i0,$i1,$rot)=@_; - - if ($rot) { - $code.=<<___; - mov $i0,%r11 - shl \$$rot,$i0 - mov $i1,%r9 - shr \$`64-$rot`,%r9 - shr \$`64-$rot`,%r11 - or %r9,$i0 - shl \$$rot,$i1 - or %r11,$i1 -___ - } -} - -{ my $step=0; - -$code.=<<___; -.globl Camellia_Ekeygen -.type Camellia_Ekeygen,\@function,3 -.align 16 -Camellia_Ekeygen: - _CET_ENDBR - push %rbx - push %rbp - push %r13 - push %r14 - push %r15 -.Lkey_prologue: - - mov %rdi,$keyend # put away arguments, keyBitLength - mov %rdx,$out # keyTable - - mov 0(%rsi),@S[0] # load 0-127 bits - mov 4(%rsi),@S[1] - mov 8(%rsi),@S[2] - mov 12(%rsi),@S[3] - - bswap @S[0] - bswap @S[1] - bswap @S[2] - bswap @S[3] -___ - &_saveround (0,$out,@S); # KL<<<0 -$code.=<<___; - cmp \$128,$keyend # check keyBitLength - je .L1st128 - - mov 16(%rsi),@S[0] # load 128-191 bits - mov 20(%rsi),@S[1] - cmp \$192,$keyend - je .L1st192 - mov 24(%rsi),@S[2] # load 192-255 bits - mov 28(%rsi),@S[3] - jmp .L1st256 -.L1st192: - mov @S[0],@S[2] - mov @S[1],@S[3] - not @S[2] - not @S[3] -.L1st256: - bswap @S[0] - bswap @S[1] - bswap @S[2] - bswap @S[3] -___ - &_saveround (4,$out,@S); # temp storage for KR! -$code.=<<___; - xor 0($out),@S[1] # KR^KL - xor 4($out),@S[0] - xor 8($out),@S[3] - xor 12($out),@S[2] - -.L1st128: - lea .LCamellia_SIGMA(%rip),$key - lea .LCamellia_SBOX(%rip),$Tbl - - mov 0($key),$t1 - mov 4($key),$t0 -___ - &Camellia_Feistel($step++); - &Camellia_Feistel($step++); -$code.=<<___; - xor 0($out),@S[1] # ^KL - xor 4($out),@S[0] - xor 8($out),@S[3] - xor 12($out),@S[2] -___ - &Camellia_Feistel($step++); - &Camellia_Feistel($step++); -$code.=<<___; - cmp \$128,$keyend - jne .L2nd256 - - lea 128($out),$out # size optimization - shl \$32,%r8 # @S[0]|| - shl \$32,%r10 # @S[2]|| - or %r9,%r8 # ||@S[1] - or %r11,%r10 # ||@S[3] -___ - &_loadround (0,$out,-128,"%rax","%rbx"); # KL - &_saveround (2,$out,-128,"%r8","%r10"); # KA<<<0 - &_rotl128 ("%rax","%rbx",15); - &_saveround (4,$out,-128,"%rax","%rbx"); # KL<<<15 - &_rotl128 ("%r8","%r10",15); - &_saveround (6,$out,-128,"%r8","%r10"); # KA<<<15 - &_rotl128 ("%r8","%r10",15); # 15+15=30 - &_saveround (8,$out,-128,"%r8","%r10"); # KA<<<30 - &_rotl128 ("%rax","%rbx",30); # 15+30=45 - &_saveround (10,$out,-128,"%rax","%rbx"); # KL<<<45 - &_rotl128 ("%r8","%r10",15); # 30+15=45 - &_saveround (12,$out,-128,"%r8"); # KA<<<45 - &_rotl128 ("%rax","%rbx",15); # 45+15=60 - &_saveround (13,$out,-128,"%rbx"); # KL<<<60 - &_rotl128 ("%r8","%r10",15); # 45+15=60 - &_saveround (14,$out,-128,"%r8","%r10"); # KA<<<60 - &_rotl128 ("%rax","%rbx",17); # 60+17=77 - &_saveround (16,$out,-128,"%rax","%rbx"); # KL<<<77 - &_rotl128 ("%rax","%rbx",17); # 77+17=94 - &_saveround (18,$out,-128,"%rax","%rbx"); # KL<<<94 - &_rotl128 ("%r8","%r10",34); # 60+34=94 - &_saveround (20,$out,-128,"%r8","%r10"); # KA<<<94 - &_rotl128 ("%rax","%rbx",17); # 94+17=111 - &_saveround (22,$out,-128,"%rax","%rbx"); # KL<<<111 - &_rotl128 ("%r8","%r10",17); # 94+17=111 - &_saveround (24,$out,-128,"%r8","%r10"); # KA<<<111 -$code.=<<___; - mov \$3,%eax - jmp .Ldone -.align 16 -.L2nd256: -___ - &_saveround (6,$out,@S); # temp storage for KA! -$code.=<<___; - xor `4*8+0`($out),@S[1] # KA^KR - xor `4*8+4`($out),@S[0] - xor `5*8+0`($out),@S[3] - xor `5*8+4`($out),@S[2] -___ - &Camellia_Feistel($step++); - &Camellia_Feistel($step++); - - &_loadround (0,$out,"%rax","%rbx"); # KL - &_loadround (4,$out,"%rcx","%rdx"); # KR - &_loadround (6,$out,"%r14","%r15"); # KA -$code.=<<___; - lea 128($out),$out # size optimization - shl \$32,%r8 # @S[0]|| - shl \$32,%r10 # @S[2]|| - or %r9,%r8 # ||@S[1] - or %r11,%r10 # ||@S[3] -___ - &_saveround (2,$out,-128,"%r8","%r10"); # KB<<<0 - &_rotl128 ("%rcx","%rdx",15); - &_saveround (4,$out,-128,"%rcx","%rdx"); # KR<<<15 - &_rotl128 ("%r14","%r15",15); - &_saveround (6,$out,-128,"%r14","%r15"); # KA<<<15 - &_rotl128 ("%rcx","%rdx",15); # 15+15=30 - &_saveround (8,$out,-128,"%rcx","%rdx"); # KR<<<30 - &_rotl128 ("%r8","%r10",30); - &_saveround (10,$out,-128,"%r8","%r10"); # KB<<<30 - &_rotl128 ("%rax","%rbx",45); - &_saveround (12,$out,-128,"%rax","%rbx"); # KL<<<45 - &_rotl128 ("%r14","%r15",30); # 15+30=45 - &_saveround (14,$out,-128,"%r14","%r15"); # KA<<<45 - &_rotl128 ("%rax","%rbx",15); # 45+15=60 - &_saveround (16,$out,-128,"%rax","%rbx"); # KL<<<60 - &_rotl128 ("%rcx","%rdx",30); # 30+30=60 - &_saveround (18,$out,-128,"%rcx","%rdx"); # KR<<<60 - &_rotl128 ("%r8","%r10",30); # 30+30=60 - &_saveround (20,$out,-128,"%r8","%r10"); # KB<<<60 - &_rotl128 ("%rax","%rbx",17); # 60+17=77 - &_saveround (22,$out,-128,"%rax","%rbx"); # KL<<<77 - &_rotl128 ("%r14","%r15",32); # 45+32=77 - &_saveround (24,$out,-128,"%r14","%r15"); # KA<<<77 - &_rotl128 ("%rcx","%rdx",34); # 60+34=94 - &_saveround (26,$out,-128,"%rcx","%rdx"); # KR<<<94 - &_rotl128 ("%r14","%r15",17); # 77+17=94 - &_saveround (28,$out,-128,"%r14","%r15"); # KA<<<77 - &_rotl128 ("%rax","%rbx",34); # 77+34=111 - &_saveround (30,$out,-128,"%rax","%rbx"); # KL<<<111 - &_rotl128 ("%r8","%r10",51); # 60+51=111 - &_saveround (32,$out,-128,"%r8","%r10"); # KB<<<111 -$code.=<<___; - mov \$4,%eax -.Ldone: - mov 0(%rsp),%r15 - mov 8(%rsp),%r14 - mov 16(%rsp),%r13 - mov 24(%rsp),%rbp - mov 32(%rsp),%rbx - lea 40(%rsp),%rsp -.Lkey_epilogue: - ret -.size Camellia_Ekeygen,.-Camellia_Ekeygen -___ -} - -@SBOX=( -112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65, - 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189, -134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26, -166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77, -139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153, -223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215, - 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34, -254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80, -170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210, - 16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148, -135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226, - 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46, -233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89, -120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250, -114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164, - 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158); - -sub S1110 { my $i=shift; $i=@SBOX[$i]; $i=$i<<24|$i<<16|$i<<8; sprintf("0x%08x",$i); } -sub S4404 { my $i=shift; $i=($i<<1|$i>>7)&0xff; $i=@SBOX[$i]; $i=$i<<24|$i<<16|$i; sprintf("0x%08x",$i); } -sub S0222 { my $i=shift; $i=@SBOX[$i]; $i=($i<<1|$i>>7)&0xff; $i=$i<<16|$i<<8|$i; sprintf("0x%08x",$i); } -sub S3033 { my $i=shift; $i=@SBOX[$i]; $i=($i>>1|$i<<7)&0xff; $i=$i<<24|$i<<8|$i; sprintf("0x%08x",$i); } - -$code.=<<___; -.section .rodata -.align 64 -.LCamellia_SIGMA: -.long 0x3bcc908b, 0xa09e667f, 0x4caa73b2, 0xb67ae858 -.long 0xe94f82be, 0xc6ef372f, 0xf1d36f1c, 0x54ff53a5 -.long 0xde682d1d, 0x10e527fa, 0xb3e6c1fd, 0xb05688c2 -.long 0, 0, 0, 0 -.LCamellia_SBOX: -___ -# tables are interleaved, remember? -sub data_word { $code.=".long\t".join(',',@_)."\n"; } -for ($i=0;$i<256;$i++) { &data_word(&S1110($i),&S4404($i)); } -for ($i=0;$i<256;$i++) { &data_word(&S0222($i),&S3033($i)); } - -# void Camellia_cbc_encrypt (const void char *inp, unsigned char *out, -# size_t length, const CAMELLIA_KEY *key, -# unsigned char *ivp,const int enc); -{ -$_key="0(%rsp)"; -$_end="8(%rsp)"; # inp+len&~15 -$_res="16(%rsp)"; # len&15 -$ivec="24(%rsp)"; -$_ivp="40(%rsp)"; -$_rsp="48(%rsp)"; - -$code.=<<___; -.text -.globl Camellia_cbc_encrypt -.type Camellia_cbc_encrypt,\@function,6 -.align 16 -Camellia_cbc_encrypt: - _CET_ENDBR - cmp \$0,%rdx - je .Lcbc_abort - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 -.Lcbc_prologue: - - mov %rsp,%rbp - sub \$64,%rsp - and \$-64,%rsp - - # place stack frame just "above mod 1024" the key schedule, - # this ensures that cache associativity suffices - lea -64-63(%rcx),%r10 - sub %rsp,%r10 - neg %r10 - and \$0x3C0,%r10 - sub %r10,%rsp - #add \$8,%rsp # 8 is reserved for callee's ra - - mov %rdi,$inp # inp argument - mov %rsi,$out # out argument - mov %r8,%rbx # ivp argument - mov %rcx,$key # key argument - mov 272(%rcx),${keyend}d # grandRounds - - mov %r8,$_ivp - mov %rbp,$_rsp - -.Lcbc_body: - lea .LCamellia_SBOX(%rip),$Tbl - - mov \$32,%ecx -.align 4 -.Lcbc_prefetch_sbox: - mov 0($Tbl),%rax - mov 32($Tbl),%rsi - mov 64($Tbl),%rdi - mov 96($Tbl),%r11 - lea 128($Tbl),$Tbl - loop .Lcbc_prefetch_sbox - sub \$4096,$Tbl - shl \$6,$keyend - mov %rdx,%rcx # len argument - lea ($key,$keyend),$keyend - - cmp \$0,%r9d # enc argument - je .LCBC_DECRYPT - - and \$-16,%rdx - and \$15,%rcx # length residue - lea ($inp,%rdx),%rdx - mov $key,$_key - mov %rdx,$_end - mov %rcx,$_res - - cmp $inp,%rdx - mov 0(%rbx),@S[0] # load IV - mov 4(%rbx),@S[1] - mov 8(%rbx),@S[2] - mov 12(%rbx),@S[3] - je .Lcbc_enc_tail - jmp .Lcbc_eloop - -.align 16 -.Lcbc_eloop: - xor 0($inp),@S[0] - xor 4($inp),@S[1] - xor 8($inp),@S[2] - bswap @S[0] - xor 12($inp),@S[3] - bswap @S[1] - bswap @S[2] - bswap @S[3] - - call _x86_64_Camellia_encrypt - - mov $_key,$key # "rewind" the key - bswap @S[0] - mov $_end,%rdx - bswap @S[1] - mov $_res,%rcx - bswap @S[2] - mov @S[0],0($out) - bswap @S[3] - mov @S[1],4($out) - mov @S[2],8($out) - lea 16($inp),$inp - mov @S[3],12($out) - cmp %rdx,$inp - lea 16($out),$out - jne .Lcbc_eloop - - cmp \$0,%rcx - jne .Lcbc_enc_tail - - mov $_ivp,$out - mov @S[0],0($out) # write out IV residue - mov @S[1],4($out) - mov @S[2],8($out) - mov @S[3],12($out) - jmp .Lcbc_done - -.align 16 -.Lcbc_enc_tail: - xor %rax,%rax - mov %rax,0+$ivec - mov %rax,8+$ivec - mov %rax,$_res - -.Lcbc_enc_pushf: - pushfq - cld - mov $inp,%rsi - lea 8+$ivec,%rdi - .long 0x9066A4F3 # rep movsb - popfq -.Lcbc_enc_popf: - - lea $ivec,$inp - lea 16+$ivec,%rax - mov %rax,$_end - jmp .Lcbc_eloop # one more time - -.align 16 -.LCBC_DECRYPT: - xchg $key,$keyend - add \$15,%rdx - and \$15,%rcx # length residue - and \$-16,%rdx - mov $key,$_key - lea ($inp,%rdx),%rdx - mov %rdx,$_end - mov %rcx,$_res - - mov (%rbx),%rax # load IV - mov 8(%rbx),%rbx - jmp .Lcbc_dloop -.align 16 -.Lcbc_dloop: - mov 0($inp),@S[0] - mov 4($inp),@S[1] - mov 8($inp),@S[2] - bswap @S[0] - mov 12($inp),@S[3] - bswap @S[1] - mov %rax,0+$ivec # save IV to temporary storage - bswap @S[2] - mov %rbx,8+$ivec - bswap @S[3] - - call _x86_64_Camellia_decrypt - - mov $_key,$key # "rewind" the key - mov $_end,%rdx - mov $_res,%rcx - - bswap @S[0] - mov ($inp),%rax # load IV for next iteration - bswap @S[1] - mov 8($inp),%rbx - bswap @S[2] - xor 0+$ivec,@S[0] - bswap @S[3] - xor 4+$ivec,@S[1] - xor 8+$ivec,@S[2] - lea 16($inp),$inp - xor 12+$ivec,@S[3] - cmp %rdx,$inp - je .Lcbc_ddone - - mov @S[0],0($out) - mov @S[1],4($out) - mov @S[2],8($out) - mov @S[3],12($out) - - lea 16($out),$out - jmp .Lcbc_dloop - -.align 16 -.Lcbc_ddone: - mov $_ivp,%rdx - cmp \$0,%rcx - jne .Lcbc_dec_tail - - mov @S[0],0($out) - mov @S[1],4($out) - mov @S[2],8($out) - mov @S[3],12($out) - - mov %rax,(%rdx) # write out IV residue - mov %rbx,8(%rdx) - jmp .Lcbc_done -.align 16 -.Lcbc_dec_tail: - mov @S[0],0+$ivec - mov @S[1],4+$ivec - mov @S[2],8+$ivec - mov @S[3],12+$ivec - -.Lcbc_dec_pushf: - pushfq - cld - lea 8+$ivec,%rsi - lea ($out),%rdi - .long 0x9066A4F3 # rep movsb - popfq -.Lcbc_dec_popf: - - mov %rax,(%rdx) # write out IV residue - mov %rbx,8(%rdx) - jmp .Lcbc_done - -.align 16 -.Lcbc_done: - mov $_rsp,%rcx - mov 0(%rcx),%r15 - mov 8(%rcx),%r14 - mov 16(%rcx),%r13 - mov 24(%rcx),%r12 - mov 32(%rcx),%rbp - mov 40(%rcx),%rbx - lea 48(%rcx),%rsp -.Lcbc_abort: - ret -.size Camellia_cbc_encrypt,.-Camellia_cbc_encrypt -___ -} - -$code =~ s/\`([^\`]*)\`/eval $1/gem; -print $code; -close STDOUT; diff --git a/lib/libcrypto/camellia/camellia.c b/lib/libcrypto/camellia/camellia.c index 355cf6b35..625988aad 100644 --- a/lib/libcrypto/camellia/camellia.c +++ b/lib/libcrypto/camellia/camellia.c @@ -1,4 +1,4 @@ -/* $OpenBSD: camellia.c,v 1.12 2022/11/26 16:08:51 tb Exp $ */ +/* $OpenBSD: camellia.c,v 1.13 2024/03/29 07:26:21 jsing Exp $ */ /* ==================================================================== * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) . * ALL RIGHTS RESERVED. @@ -84,10 +84,25 @@ #include #include -#include + #include -#include "cmll_local.h" +#include +#include + +typedef unsigned int u32; +typedef unsigned char u8; + +int Camellia_Ekeygen(int keyBitLength, const u8 *rawKey, + KEY_TABLE_TYPE keyTable); +void Camellia_EncryptBlock_Rounds(int grandRounds, const u8 plaintext[], + const KEY_TABLE_TYPE keyTable, u8 ciphertext[]); +void Camellia_DecryptBlock_Rounds(int grandRounds, const u8 ciphertext[], + const KEY_TABLE_TYPE keyTable, u8 plaintext[]); +void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[], + const KEY_TABLE_TYPE keyTable, u8 ciphertext[]); +void Camellia_DecryptBlock(int keyBitLength, const u8 ciphertext[], + const KEY_TABLE_TYPE keyTable, u8 plaintext[]); /* 32-bit rotations */ #if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) @@ -564,3 +579,108 @@ Camellia_DecryptBlock(int keyBitLength, const u8 plaintext[], Camellia_DecryptBlock_Rounds(keyBitLength == 128 ? 3 : 4, plaintext, keyTable, ciphertext); } + +int +Camellia_set_key(const unsigned char *userKey, const int bits, + CAMELLIA_KEY *key) +{ + if (userKey == NULL || key == NULL) + return -1; + if (bits != 128 && bits != 192 && bits != 256) + return -2; + key->grand_rounds = Camellia_Ekeygen(bits, userKey, key->u.rd_key); + return 0; +} + +void +Camellia_encrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key) +{ + Camellia_EncryptBlock_Rounds(key->grand_rounds, in, key->u.rd_key, out); +} + +void +Camellia_decrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key) +{ + Camellia_DecryptBlock_Rounds(key->grand_rounds, in, key->u.rd_key, out); +} + +void +Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len, + const CAMELLIA_KEY *key, unsigned char *ivec, const int enc) +{ + if (enc) + CRYPTO_cbc128_encrypt(in, out, len, key, ivec, + (block128_f)Camellia_encrypt); + else + CRYPTO_cbc128_decrypt(in, out, len, key, ivec, + (block128_f)Camellia_decrypt); +} + +/* + * The input and output encrypted as though 128bit cfb mode is being + * used. The extra state information to record how much of the + * 128bit block we have used is contained in *num; + */ + +void +Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num, + const int enc) +{ + CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc, + (block128_f)Camellia_encrypt); +} + +/* N.B. This expects the input to be packed, MS bit first */ +void +Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num, + const int enc) +{ + CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc, + (block128_f)Camellia_encrypt); +} + +void +Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num, + const int enc) +{ + CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc, + (block128_f)Camellia_encrypt); +} + +void +Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char ivec[CAMELLIA_BLOCK_SIZE], + unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE], unsigned int *num) +{ + CRYPTO_ctr128_encrypt(in, out, length, key, ivec, ecount_buf, num, + (block128_f)Camellia_encrypt); +} + +void +Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key, const int enc) +{ + if (CAMELLIA_ENCRYPT == enc) + Camellia_encrypt(in, out, key); + else + Camellia_decrypt(in, out, key); +} + +/* + * The input and output encrypted as though 128bit ofb mode is being + * used. The extra state information to record how much of the + * 128bit block we have used is contained in *num; + */ +void +Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num) +{ + CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num, + (block128_f)Camellia_encrypt); +} diff --git a/lib/libcrypto/camellia/cmll_cbc.c b/lib/libcrypto/camellia/cmll_cbc.c deleted file mode 100644 index 9e5484ec5..000000000 --- a/lib/libcrypto/camellia/cmll_cbc.c +++ /dev/null @@ -1,65 +0,0 @@ -/* $OpenBSD: cmll_cbc.c,v 1.4 2014/11/13 20:01:58 miod Exp $ */ -/* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - */ - -#include -#include - -void -Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len, - const CAMELLIA_KEY *key, unsigned char *ivec, const int enc) -{ - if (enc) - CRYPTO_cbc128_encrypt(in, out, len, key, ivec, - (block128_f)Camellia_encrypt); - else - CRYPTO_cbc128_decrypt(in, out, len, key, ivec, - (block128_f)Camellia_decrypt); -} diff --git a/lib/libcrypto/camellia/cmll_cfb.c b/lib/libcrypto/camellia/cmll_cfb.c deleted file mode 100644 index 82ea2ec57..000000000 --- a/lib/libcrypto/camellia/cmll_cfb.c +++ /dev/null @@ -1,144 +0,0 @@ -/* $OpenBSD: cmll_cfb.c,v 1.4 2014/11/13 20:01:58 miod Exp $ */ -/* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include - - -/* - * The input and output encrypted as though 128bit cfb mode is being - * used. The extra state information to record how much of the - * 128bit block we have used is contained in *num; - */ - -void -Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num, - const int enc) -{ - CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc, - (block128_f)Camellia_encrypt); -} - -/* N.B. This expects the input to be packed, MS bit first */ -void -Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num, - const int enc) -{ - CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc, - (block128_f)Camellia_encrypt); -} - -void -Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num, - const int enc) -{ - CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc, - (block128_f)Camellia_encrypt); -} diff --git a/lib/libcrypto/camellia/cmll_ctr.c b/lib/libcrypto/camellia/cmll_ctr.c deleted file mode 100644 index 8c65a6793..000000000 --- a/lib/libcrypto/camellia/cmll_ctr.c +++ /dev/null @@ -1,63 +0,0 @@ -/* $OpenBSD: cmll_ctr.c,v 1.4 2014/11/13 20:01:58 miod Exp $ */ -/* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - */ - -#include -#include - -void -Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const CAMELLIA_KEY *key, - unsigned char ivec[CAMELLIA_BLOCK_SIZE], - unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE], unsigned int *num) -{ - CRYPTO_ctr128_encrypt(in, out, length, key, ivec, ecount_buf, num, - (block128_f)Camellia_encrypt); -} diff --git a/lib/libcrypto/camellia/cmll_ecb.c b/lib/libcrypto/camellia/cmll_ecb.c deleted file mode 100644 index 86733f37a..000000000 --- a/lib/libcrypto/camellia/cmll_ecb.c +++ /dev/null @@ -1,64 +0,0 @@ -/* $OpenBSD: cmll_ecb.c,v 1.7 2023/09/04 08:43:41 tb Exp $ */ -/* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - */ - -#include - -#include "cmll_local.h" - -void -Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out, - const CAMELLIA_KEY *key, const int enc) -{ - if (CAMELLIA_ENCRYPT == enc) - Camellia_encrypt(in, out, key); - else - Camellia_decrypt(in, out, key); -} diff --git a/lib/libcrypto/camellia/cmll_local.h b/lib/libcrypto/camellia/cmll_local.h deleted file mode 100644 index 30597737b..000000000 --- a/lib/libcrypto/camellia/cmll_local.h +++ /dev/null @@ -1,91 +0,0 @@ -/* $OpenBSD: cmll_local.h,v 1.3 2023/09/04 08:43:41 tb Exp $ */ -/* ==================================================================== - * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) . - * ALL RIGHTS RESERVED. - * - * Intellectual Property information for Camellia: - * http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html - * - * News Release for Announcement of Camellia open source: - * http://www.ntt.co.jp/news/news06e/0604/060413a.html - * - * The Camellia Code included herein is developed by - * NTT (Nippon Telegraph and Telephone Corporation), and is contributed - * to the OpenSSL project. - * - * The Camellia Code is licensed pursuant to the OpenSSL open source - * license provided below. - */ -/* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#ifndef HEADER_CAMELLIA_LOCAL_H -#define HEADER_CAMELLIA_LOCAL_H - -#include - -__BEGIN_HIDDEN_DECLS - -typedef unsigned int u32; -typedef unsigned char u8; - -int Camellia_Ekeygen(int keyBitLength, const u8 *rawKey, - KEY_TABLE_TYPE keyTable); -void Camellia_EncryptBlock_Rounds(int grandRounds, const u8 plaintext[], - const KEY_TABLE_TYPE keyTable, u8 ciphertext[]); -void Camellia_DecryptBlock_Rounds(int grandRounds, const u8 ciphertext[], - const KEY_TABLE_TYPE keyTable, u8 plaintext[]); -void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[], - const KEY_TABLE_TYPE keyTable, u8 ciphertext[]); -void Camellia_DecryptBlock(int keyBitLength, const u8 ciphertext[], - const KEY_TABLE_TYPE keyTable, u8 plaintext[]); - -__END_HIDDEN_DECLS - -#endif /* !HEADER_CAMELLIA_LOCAL_H */ diff --git a/lib/libcrypto/camellia/cmll_misc.c b/lib/libcrypto/camellia/cmll_misc.c deleted file mode 100644 index 9738f0cdc..000000000 --- a/lib/libcrypto/camellia/cmll_misc.c +++ /dev/null @@ -1,81 +0,0 @@ -/* $OpenBSD: cmll_misc.c,v 1.7 2022/11/26 16:08:51 tb Exp $ */ -/* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - */ - -#include -#include -#include -#include "cmll_local.h" - -int -Camellia_set_key(const unsigned char *userKey, const int bits, - CAMELLIA_KEY *key) -{ - if (userKey == NULL || key == NULL) - return -1; - if (bits != 128 && bits != 192 && bits != 256) - return -2; - key->grand_rounds = Camellia_Ekeygen(bits, userKey, key->u.rd_key); - return 0; -} - -void -Camellia_encrypt(const unsigned char *in, unsigned char *out, - const CAMELLIA_KEY *key) -{ - Camellia_EncryptBlock_Rounds(key->grand_rounds, in, key->u.rd_key, out); -} - -void -Camellia_decrypt(const unsigned char *in, unsigned char *out, - const CAMELLIA_KEY *key) -{ - Camellia_DecryptBlock_Rounds(key->grand_rounds, in, key->u.rd_key, out); -} diff --git a/lib/libcrypto/camellia/cmll_ofb.c b/lib/libcrypto/camellia/cmll_ofb.c deleted file mode 100644 index 86998f9f0..000000000 --- a/lib/libcrypto/camellia/cmll_ofb.c +++ /dev/null @@ -1,122 +0,0 @@ -/* $OpenBSD: cmll_ofb.c,v 1.4 2014/11/13 20:01:58 miod Exp $ */ -/* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include - -/* - * The input and output encrypted as though 128bit ofb mode is being - * used. The extra state information to record how much of the - * 128bit block we have used is contained in *num; - */ -void -Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num) -{ - CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num, - (block128_f)Camellia_encrypt); -} diff --git a/lib/libcrypto/cast/c_cfb64.c b/lib/libcrypto/cast/c_cfb64.c deleted file mode 100644 index 2acf7632e..000000000 --- a/lib/libcrypto/cast/c_cfb64.c +++ /dev/null @@ -1,124 +0,0 @@ -/* $OpenBSD: c_cfb64.c,v 1.8 2023/07/08 10:43:59 beck Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cast_local.h" - -/* The input and output encrypted as though 64bit cfb mode is being - * used. The extra state information to record how much of the - * 64bit block we have used is contained in *num; - */ - -void -CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out, - long length, const CAST_KEY *schedule, unsigned char *ivec, - int *num, int enc) -{ - CAST_LONG v0, v1, t; - int n= *num; - long l = length; - CAST_LONG ti[2]; - unsigned char *iv, c, cc; - - iv = ivec; - if (enc) { - while (l--) { - if (n == 0) { - n2l(iv, v0); - ti[0] = v0; - n2l(iv, v1); - ti[1] = v1; - CAST_encrypt((CAST_LONG *)ti, schedule); - iv = ivec; - t = ti[0]; - l2n(t, iv); - t = ti[1]; - l2n(t, iv); - iv = ivec; - } - c= *(in++)^iv[n]; - *(out++) = c; - iv[n] = c; - n = (n + 1)&0x07; - } - } else { - while (l--) { - if (n == 0) { - n2l(iv, v0); - ti[0] = v0; - n2l(iv, v1); - ti[1] = v1; - CAST_encrypt((CAST_LONG *)ti, schedule); - iv = ivec; - t = ti[0]; - l2n(t, iv); - t = ti[1]; - l2n(t, iv); - iv = ivec; - } - cc= *(in++); - c = iv[n]; - iv[n] = cc; - *(out++) = c^cc; - n = (n + 1)&0x07; - } - } - v0 = v1 = ti[0] = ti[1] = t=c = cc = 0; - *num = n; -} -LCRYPTO_ALIAS(CAST_cfb64_encrypt); diff --git a/lib/libcrypto/cast/c_ecb.c b/lib/libcrypto/cast/c_ecb.c deleted file mode 100644 index 89338a18e..000000000 --- a/lib/libcrypto/cast/c_ecb.c +++ /dev/null @@ -1,83 +0,0 @@ -/* $OpenBSD: c_ecb.c,v 1.10 2023/07/08 10:43:59 beck Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cast_local.h" -#include - -void -CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, - const CAST_KEY *ks, int enc) -{ - CAST_LONG l, d[2]; - - n2l(in, l); - d[0] = l; - n2l(in, l); - d[1] = l; - if (enc) - CAST_encrypt(d, ks); - else - CAST_decrypt(d, ks); - l = d[0]; - l2n(l, out); - l = d[1]; - l2n(l, out); - l = d[0] = d[1] = 0; -} -LCRYPTO_ALIAS(CAST_ecb_encrypt); diff --git a/lib/libcrypto/cast/c_enc.c b/lib/libcrypto/cast/c_enc.c deleted file mode 100644 index 34fe69f0a..000000000 --- a/lib/libcrypto/cast/c_enc.c +++ /dev/null @@ -1,207 +0,0 @@ -/* $OpenBSD: c_enc.c,v 1.10 2023/07/08 10:43:59 beck Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cast_local.h" - -#ifndef OPENBSD_CAST_ASM -void -CAST_encrypt(CAST_LONG *data, const CAST_KEY *key) -{ - CAST_LONG l, r, t; - const CAST_LONG *k; - - k = &(key->data[0]); - l = data[0]; - r = data[1]; - - E_CAST( 0, k,l, r,+,^, -); - E_CAST( 1, k,r, l,^, -,+); - E_CAST( 2, k,l, r, -,+,^); - E_CAST( 3, k,r, l,+,^, -); - E_CAST( 4, k,l, r,^, -,+); - E_CAST( 5, k,r, l, -,+,^); - E_CAST( 6, k,l, r,+,^, -); - E_CAST( 7, k,r, l,^, -,+); - E_CAST( 8, k,l, r, -,+,^); - E_CAST( 9, k,r, l,+,^, -); - E_CAST(10, k,l, r,^, -,+); - E_CAST(11, k,r, l, -,+,^); - if (!key->short_key) { - E_CAST(12, k,l, r,+,^, -); - E_CAST(13, k,r, l,^, -,+); - E_CAST(14, k,l, r, -,+,^); - E_CAST(15, k,r, l,+,^, -); - } - - data[1] = l&0xffffffffL; - data[0] = r&0xffffffffL; -} -LCRYPTO_ALIAS(CAST_encrypt); - -void -CAST_decrypt(CAST_LONG *data, const CAST_KEY *key) -{ - CAST_LONG l, r, t; - const CAST_LONG *k; - - k = &(key->data[0]); - l = data[0]; - r = data[1]; - - if (!key->short_key) { - E_CAST(15, k,l, r,+,^, -); - E_CAST(14, k,r, l, -,+,^); - E_CAST(13, k,l, r,^, -,+); - E_CAST(12, k,r, l,+,^, -); - } - E_CAST(11, k,l, r, -,+,^); - E_CAST(10, k,r, l,^, -,+); - E_CAST( 9, k,l, r,+,^, -); - E_CAST( 8, k,r, l, -,+,^); - E_CAST( 7, k,l, r,^, -,+); - E_CAST( 6, k,r, l,+,^, -); - E_CAST( 5, k,l, r, -,+,^); - E_CAST( 4, k,r, l,^, -,+); - E_CAST( 3, k,l, r,+,^, -); - E_CAST( 2, k,r, l, -,+,^); - E_CAST( 1, k,l, r,^, -,+); - E_CAST( 0, k,r, l,+,^, -); - - data[1] = l&0xffffffffL; - data[0] = r&0xffffffffL; -} -LCRYPTO_ALIAS(CAST_decrypt); -#endif - -void -CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, - const CAST_KEY *ks, unsigned char *iv, int enc) -{ - CAST_LONG tin0, tin1; - CAST_LONG tout0, tout1, xor0, xor1; - long l = length; - CAST_LONG tin[2]; - - if (enc) { - n2l(iv, tout0); - n2l(iv, tout1); - iv -= 8; - for (l -= 8; l >= 0; l -= 8) { - n2l(in, tin0); - n2l(in, tin1); - tin0 ^= tout0; - tin1 ^= tout1; - tin[0] = tin0; - tin[1] = tin1; - CAST_encrypt(tin, ks); - tout0 = tin[0]; - tout1 = tin[1]; - l2n(tout0, out); - l2n(tout1, out); - } - if (l != -8) { - n2ln(in, tin0, tin1, l + 8); - tin0 ^= tout0; - tin1 ^= tout1; - tin[0] = tin0; - tin[1] = tin1; - CAST_encrypt(tin, ks); - tout0 = tin[0]; - tout1 = tin[1]; - l2n(tout0, out); - l2n(tout1, out); - } - l2n(tout0, iv); - l2n(tout1, iv); - } else { - n2l(iv, xor0); - n2l(iv, xor1); - iv -= 8; - for (l -= 8; l >= 0; l -= 8) { - n2l(in, tin0); - n2l(in, tin1); - tin[0] = tin0; - tin[1] = tin1; - CAST_decrypt(tin, ks); - tout0 = tin[0]^xor0; - tout1 = tin[1]^xor1; - l2n(tout0, out); - l2n(tout1, out); - xor0 = tin0; - xor1 = tin1; - } - if (l != -8) { - n2l(in, tin0); - n2l(in, tin1); - tin[0] = tin0; - tin[1] = tin1; - CAST_decrypt(tin, ks); - tout0 = tin[0]^xor0; - tout1 = tin[1]^xor1; - l2nn(tout0, tout1, out, l + 8); - xor0 = tin0; - xor1 = tin1; - } - l2n(xor0, iv); - l2n(xor1, iv); - } - tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; - tin[0] = tin[1] = 0; -} -LCRYPTO_ALIAS(CAST_cbc_encrypt); diff --git a/lib/libcrypto/cast/c_ofb64.c b/lib/libcrypto/cast/c_ofb64.c deleted file mode 100644 index 48ebab906..000000000 --- a/lib/libcrypto/cast/c_ofb64.c +++ /dev/null @@ -1,111 +0,0 @@ -/* $OpenBSD: c_ofb64.c,v 1.8 2023/07/08 10:43:59 beck Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cast_local.h" - -/* The input and output encrypted as though 64bit ofb mode is being - * used. The extra state information to record how much of the - * 64bit block we have used is contained in *num; - */ -void -CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, - long length, const CAST_KEY *schedule, unsigned char *ivec, - int *num) -{ - CAST_LONG v0, v1, t; - int n= *num; - long l = length; - unsigned char d[8]; - char *dp; - CAST_LONG ti[2]; - unsigned char *iv; - int save = 0; - - iv = ivec; - n2l(iv, v0); - n2l(iv, v1); - ti[0] = v0; - ti[1] = v1; - dp = (char *)d; - l2n(v0, dp); - l2n(v1, dp); - while (l--) { - if (n == 0) { - CAST_encrypt((CAST_LONG *)ti, schedule); - dp = (char *)d; - t = ti[0]; - l2n(t, dp); - t = ti[1]; - l2n(t, dp); - save++; - } - *(out++)= *(in++)^d[n]; - n = (n + 1)&0x07; - } - if (save) { - v0 = ti[0]; - v1 = ti[1]; - iv = ivec; - l2n(v0, iv); - l2n(v1, iv); - } - t = v0 = v1 = ti[0] = ti[1] = 0; - *num = n; -} -LCRYPTO_ALIAS(CAST_ofb64_encrypt); diff --git a/lib/libcrypto/cast/c_skey.c b/lib/libcrypto/cast/c_skey.c deleted file mode 100644 index ecce7bad7..000000000 --- a/lib/libcrypto/cast/c_skey.c +++ /dev/null @@ -1,169 +0,0 @@ -/* $OpenBSD: c_skey.c,v 1.14 2023/07/08 10:43:59 beck Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include "cast_local.h" -#include "cast_s.h" - -#define CAST_exp(l,A,a,n) \ - A[n/4]=l; \ - a[n+3]=(l )&0xff; \ - a[n+2]=(l>> 8)&0xff; \ - a[n+1]=(l>>16)&0xff; \ - a[n+0]=(l>>24)&0xff; - -#define S4 CAST_S_table4 -#define S5 CAST_S_table5 -#define S6 CAST_S_table6 -#define S7 CAST_S_table7 -void -CAST_set_key(CAST_KEY *key, int len, const unsigned char *data) -{ - CAST_LONG x[16]; - CAST_LONG z[16]; - CAST_LONG k[32]; - CAST_LONG X[4], Z[4]; - CAST_LONG l, *K; - int i; - - for (i = 0; - i < 16; - i++) x[i] = 0; - if (len > 16) - len = 16; - for (i = 0; i < len; i++) - x[i] = data[i]; - if (len <= 10) - key->short_key = 1; - else - key->short_key = 0; - - K = &k[0]; - X[0] = ((x[ 0]<<24)|(x[ 1]<<16)|(x[ 2]<<8)|x[ 3])&0xffffffffL; - X[1] = ((x[ 4]<<24)|(x[ 5]<<16)|(x[ 6]<<8)|x[ 7])&0xffffffffL; - X[2] = ((x[ 8]<<24)|(x[ 9]<<16)|(x[10]<<8)|x[11])&0xffffffffL; - X[3] = ((x[12]<<24)|(x[13]<<16)|(x[14]<<8)|x[15])&0xffffffffL; - - for (;;) { - l = X[0]^S4[x[13]]^S5[x[15]]^S6[x[12]]^S7[x[14]]^S6[x[ 8]]; - CAST_exp(l, Z, z, 0); - l = X[2]^S4[z[ 0]]^S5[z[ 2]]^S6[z[ 1]]^S7[z[ 3]]^S7[x[10]]; - CAST_exp(l, Z, z, 4); - l = X[3]^S4[z[ 7]]^S5[z[ 6]]^S6[z[ 5]]^S7[z[ 4]]^S4[x[ 9]]; - CAST_exp(l, Z, z, 8); - l = X[1]^S4[z[10]]^S5[z[ 9]]^S6[z[11]]^S7[z[ 8]]^S5[x[11]]; - CAST_exp(l, Z,z, 12); - - K[0] = S4[z[ 8]]^S5[z[ 9]]^S6[z[ 7]]^S7[z[ 6]]^S4[z[ 2]]; - K[1] = S4[z[10]]^S5[z[11]]^S6[z[ 5]]^S7[z[ 4]]^S5[z[ 6]]; - K[2] = S4[z[12]]^S5[z[13]]^S6[z[ 3]]^S7[z[ 2]]^S6[z[ 9]]; - K[3] = S4[z[14]]^S5[z[15]]^S6[z[ 1]]^S7[z[ 0]]^S7[z[12]]; - - l = Z[2]^S4[z[ 5]]^S5[z[ 7]]^S6[z[ 4]]^S7[z[ 6]]^S6[z[ 0]]; - CAST_exp(l, X, x, 0); - l = Z[0]^S4[x[ 0]]^S5[x[ 2]]^S6[x[ 1]]^S7[x[ 3]]^S7[z[ 2]]; - CAST_exp(l, X, x, 4); - l = Z[1]^S4[x[ 7]]^S5[x[ 6]]^S6[x[ 5]]^S7[x[ 4]]^S4[z[ 1]]; - CAST_exp(l, X, x, 8); - l = Z[3]^S4[x[10]]^S5[x[ 9]]^S6[x[11]]^S7[x[ 8]]^S5[z[ 3]]; - CAST_exp(l, X,x, 12); - - K[4] = S4[x[ 3]]^S5[x[ 2]]^S6[x[12]]^S7[x[13]]^S4[x[ 8]]; - K[5] = S4[x[ 1]]^S5[x[ 0]]^S6[x[14]]^S7[x[15]]^S5[x[13]]; - K[6] = S4[x[ 7]]^S5[x[ 6]]^S6[x[ 8]]^S7[x[ 9]]^S6[x[ 3]]; - K[7] = S4[x[ 5]]^S5[x[ 4]]^S6[x[10]]^S7[x[11]]^S7[x[ 7]]; - - l = X[0]^S4[x[13]]^S5[x[15]]^S6[x[12]]^S7[x[14]]^S6[x[ 8]]; - CAST_exp(l, Z, z, 0); - l = X[2]^S4[z[ 0]]^S5[z[ 2]]^S6[z[ 1]]^S7[z[ 3]]^S7[x[10]]; - CAST_exp(l, Z, z, 4); - l = X[3]^S4[z[ 7]]^S5[z[ 6]]^S6[z[ 5]]^S7[z[ 4]]^S4[x[ 9]]; - CAST_exp(l, Z, z, 8); - l = X[1]^S4[z[10]]^S5[z[ 9]]^S6[z[11]]^S7[z[ 8]]^S5[x[11]]; - CAST_exp(l, Z,z, 12); - - K[8] = S4[z[ 3]]^S5[z[ 2]]^S6[z[12]]^S7[z[13]]^S4[z[ 9]]; - K[9] = S4[z[ 1]]^S5[z[ 0]]^S6[z[14]]^S7[z[15]]^S5[z[12]]; - K[10] = S4[z[ 7]]^S5[z[ 6]]^S6[z[ 8]]^S7[z[ 9]]^S6[z[ 2]]; - K[11] = S4[z[ 5]]^S5[z[ 4]]^S6[z[10]]^S7[z[11]]^S7[z[ 6]]; - - l = Z[2]^S4[z[ 5]]^S5[z[ 7]]^S6[z[ 4]]^S7[z[ 6]]^S6[z[ 0]]; - CAST_exp(l, X, x, 0); - l = Z[0]^S4[x[ 0]]^S5[x[ 2]]^S6[x[ 1]]^S7[x[ 3]]^S7[z[ 2]]; - CAST_exp(l, X, x, 4); - l = Z[1]^S4[x[ 7]]^S5[x[ 6]]^S6[x[ 5]]^S7[x[ 4]]^S4[z[ 1]]; - CAST_exp(l, X, x, 8); - l = Z[3]^S4[x[10]]^S5[x[ 9]]^S6[x[11]]^S7[x[ 8]]^S5[z[ 3]]; - CAST_exp(l, X,x, 12); - - K[12] = S4[x[ 8]]^S5[x[ 9]]^S6[x[ 7]]^S7[x[ 6]]^S4[x[ 3]]; - K[13] = S4[x[10]]^S5[x[11]]^S6[x[ 5]]^S7[x[ 4]]^S5[x[ 7]]; - K[14] = S4[x[12]]^S5[x[13]]^S6[x[ 3]]^S7[x[ 2]]^S6[x[ 8]]; - K[15] = S4[x[14]]^S5[x[15]]^S6[x[ 1]]^S7[x[ 0]]^S7[x[13]]; - if (K != k) - break; - K += 16; - } - - for (i = 0; i < 16; i++) { - key->data[i*2] = k[i]; - key->data[i*2 + 1] = ((k[i + 16]) + 16)&0x1f; - } -} -LCRYPTO_ALIAS(CAST_set_key); diff --git a/lib/libcrypto/cast/cast_s.h b/lib/libcrypto/cast/cast.c similarity index 76% rename from lib/libcrypto/cast/cast_s.h rename to lib/libcrypto/cast/cast.c index dc339504d..b0aeb6267 100644 --- a/lib/libcrypto/cast/cast_s.h +++ b/lib/libcrypto/cast/cast.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cast_s.h,v 1.7 2023/07/08 07:25:43 jsing Exp $ */ +/* $OpenBSD: cast.c,v 1.1 2024/03/29 07:36:38 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,7 +56,9 @@ * [including the GNU Public Licence.] */ -__BEGIN_HIDDEN_DECLS +#include + +#include "cast_local.h" const CAST_LONG CAST_S_table0[256] = { 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, @@ -587,4 +589,395 @@ const CAST_LONG CAST_S_table7[256] = { 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e, }; -__END_HIDDEN_DECLS +#ifndef OPENBSD_CAST_ASM +void +CAST_encrypt(CAST_LONG *data, const CAST_KEY *key) +{ + CAST_LONG l, r, t; + const CAST_LONG *k; + + k = &(key->data[0]); + l = data[0]; + r = data[1]; + + E_CAST( 0, k,l, r,+,^, -); + E_CAST( 1, k,r, l,^, -,+); + E_CAST( 2, k,l, r, -,+,^); + E_CAST( 3, k,r, l,+,^, -); + E_CAST( 4, k,l, r,^, -,+); + E_CAST( 5, k,r, l, -,+,^); + E_CAST( 6, k,l, r,+,^, -); + E_CAST( 7, k,r, l,^, -,+); + E_CAST( 8, k,l, r, -,+,^); + E_CAST( 9, k,r, l,+,^, -); + E_CAST(10, k,l, r,^, -,+); + E_CAST(11, k,r, l, -,+,^); + if (!key->short_key) { + E_CAST(12, k,l, r,+,^, -); + E_CAST(13, k,r, l,^, -,+); + E_CAST(14, k,l, r, -,+,^); + E_CAST(15, k,r, l,+,^, -); + } + + data[1] = l&0xffffffffL; + data[0] = r&0xffffffffL; +} +LCRYPTO_ALIAS(CAST_encrypt); + +void +CAST_decrypt(CAST_LONG *data, const CAST_KEY *key) +{ + CAST_LONG l, r, t; + const CAST_LONG *k; + + k = &(key->data[0]); + l = data[0]; + r = data[1]; + + if (!key->short_key) { + E_CAST(15, k,l, r,+,^, -); + E_CAST(14, k,r, l, -,+,^); + E_CAST(13, k,l, r,^, -,+); + E_CAST(12, k,r, l,+,^, -); + } + E_CAST(11, k,l, r, -,+,^); + E_CAST(10, k,r, l,^, -,+); + E_CAST( 9, k,l, r,+,^, -); + E_CAST( 8, k,r, l, -,+,^); + E_CAST( 7, k,l, r,^, -,+); + E_CAST( 6, k,r, l,+,^, -); + E_CAST( 5, k,l, r, -,+,^); + E_CAST( 4, k,r, l,^, -,+); + E_CAST( 3, k,l, r,+,^, -); + E_CAST( 2, k,r, l, -,+,^); + E_CAST( 1, k,l, r,^, -,+); + E_CAST( 0, k,r, l,+,^, -); + + data[1] = l&0xffffffffL; + data[0] = r&0xffffffffL; +} +LCRYPTO_ALIAS(CAST_decrypt); +#endif + +#define CAST_exp(l,A,a,n) \ + A[n/4]=l; \ + a[n+3]=(l )&0xff; \ + a[n+2]=(l>> 8)&0xff; \ + a[n+1]=(l>>16)&0xff; \ + a[n+0]=(l>>24)&0xff; + +#define S4 CAST_S_table4 +#define S5 CAST_S_table5 +#define S6 CAST_S_table6 +#define S7 CAST_S_table7 +void +CAST_set_key(CAST_KEY *key, int len, const unsigned char *data) +{ + CAST_LONG x[16]; + CAST_LONG z[16]; + CAST_LONG k[32]; + CAST_LONG X[4], Z[4]; + CAST_LONG l, *K; + int i; + + for (i = 0; + i < 16; + i++) x[i] = 0; + if (len > 16) + len = 16; + for (i = 0; i < len; i++) + x[i] = data[i]; + if (len <= 10) + key->short_key = 1; + else + key->short_key = 0; + + K = &k[0]; + X[0] = ((x[ 0]<<24)|(x[ 1]<<16)|(x[ 2]<<8)|x[ 3])&0xffffffffL; + X[1] = ((x[ 4]<<24)|(x[ 5]<<16)|(x[ 6]<<8)|x[ 7])&0xffffffffL; + X[2] = ((x[ 8]<<24)|(x[ 9]<<16)|(x[10]<<8)|x[11])&0xffffffffL; + X[3] = ((x[12]<<24)|(x[13]<<16)|(x[14]<<8)|x[15])&0xffffffffL; + + for (;;) { + l = X[0]^S4[x[13]]^S5[x[15]]^S6[x[12]]^S7[x[14]]^S6[x[ 8]]; + CAST_exp(l, Z, z, 0); + l = X[2]^S4[z[ 0]]^S5[z[ 2]]^S6[z[ 1]]^S7[z[ 3]]^S7[x[10]]; + CAST_exp(l, Z, z, 4); + l = X[3]^S4[z[ 7]]^S5[z[ 6]]^S6[z[ 5]]^S7[z[ 4]]^S4[x[ 9]]; + CAST_exp(l, Z, z, 8); + l = X[1]^S4[z[10]]^S5[z[ 9]]^S6[z[11]]^S7[z[ 8]]^S5[x[11]]; + CAST_exp(l, Z,z, 12); + + K[0] = S4[z[ 8]]^S5[z[ 9]]^S6[z[ 7]]^S7[z[ 6]]^S4[z[ 2]]; + K[1] = S4[z[10]]^S5[z[11]]^S6[z[ 5]]^S7[z[ 4]]^S5[z[ 6]]; + K[2] = S4[z[12]]^S5[z[13]]^S6[z[ 3]]^S7[z[ 2]]^S6[z[ 9]]; + K[3] = S4[z[14]]^S5[z[15]]^S6[z[ 1]]^S7[z[ 0]]^S7[z[12]]; + + l = Z[2]^S4[z[ 5]]^S5[z[ 7]]^S6[z[ 4]]^S7[z[ 6]]^S6[z[ 0]]; + CAST_exp(l, X, x, 0); + l = Z[0]^S4[x[ 0]]^S5[x[ 2]]^S6[x[ 1]]^S7[x[ 3]]^S7[z[ 2]]; + CAST_exp(l, X, x, 4); + l = Z[1]^S4[x[ 7]]^S5[x[ 6]]^S6[x[ 5]]^S7[x[ 4]]^S4[z[ 1]]; + CAST_exp(l, X, x, 8); + l = Z[3]^S4[x[10]]^S5[x[ 9]]^S6[x[11]]^S7[x[ 8]]^S5[z[ 3]]; + CAST_exp(l, X,x, 12); + + K[4] = S4[x[ 3]]^S5[x[ 2]]^S6[x[12]]^S7[x[13]]^S4[x[ 8]]; + K[5] = S4[x[ 1]]^S5[x[ 0]]^S6[x[14]]^S7[x[15]]^S5[x[13]]; + K[6] = S4[x[ 7]]^S5[x[ 6]]^S6[x[ 8]]^S7[x[ 9]]^S6[x[ 3]]; + K[7] = S4[x[ 5]]^S5[x[ 4]]^S6[x[10]]^S7[x[11]]^S7[x[ 7]]; + + l = X[0]^S4[x[13]]^S5[x[15]]^S6[x[12]]^S7[x[14]]^S6[x[ 8]]; + CAST_exp(l, Z, z, 0); + l = X[2]^S4[z[ 0]]^S5[z[ 2]]^S6[z[ 1]]^S7[z[ 3]]^S7[x[10]]; + CAST_exp(l, Z, z, 4); + l = X[3]^S4[z[ 7]]^S5[z[ 6]]^S6[z[ 5]]^S7[z[ 4]]^S4[x[ 9]]; + CAST_exp(l, Z, z, 8); + l = X[1]^S4[z[10]]^S5[z[ 9]]^S6[z[11]]^S7[z[ 8]]^S5[x[11]]; + CAST_exp(l, Z,z, 12); + + K[8] = S4[z[ 3]]^S5[z[ 2]]^S6[z[12]]^S7[z[13]]^S4[z[ 9]]; + K[9] = S4[z[ 1]]^S5[z[ 0]]^S6[z[14]]^S7[z[15]]^S5[z[12]]; + K[10] = S4[z[ 7]]^S5[z[ 6]]^S6[z[ 8]]^S7[z[ 9]]^S6[z[ 2]]; + K[11] = S4[z[ 5]]^S5[z[ 4]]^S6[z[10]]^S7[z[11]]^S7[z[ 6]]; + + l = Z[2]^S4[z[ 5]]^S5[z[ 7]]^S6[z[ 4]]^S7[z[ 6]]^S6[z[ 0]]; + CAST_exp(l, X, x, 0); + l = Z[0]^S4[x[ 0]]^S5[x[ 2]]^S6[x[ 1]]^S7[x[ 3]]^S7[z[ 2]]; + CAST_exp(l, X, x, 4); + l = Z[1]^S4[x[ 7]]^S5[x[ 6]]^S6[x[ 5]]^S7[x[ 4]]^S4[z[ 1]]; + CAST_exp(l, X, x, 8); + l = Z[3]^S4[x[10]]^S5[x[ 9]]^S6[x[11]]^S7[x[ 8]]^S5[z[ 3]]; + CAST_exp(l, X,x, 12); + + K[12] = S4[x[ 8]]^S5[x[ 9]]^S6[x[ 7]]^S7[x[ 6]]^S4[x[ 3]]; + K[13] = S4[x[10]]^S5[x[11]]^S6[x[ 5]]^S7[x[ 4]]^S5[x[ 7]]; + K[14] = S4[x[12]]^S5[x[13]]^S6[x[ 3]]^S7[x[ 2]]^S6[x[ 8]]; + K[15] = S4[x[14]]^S5[x[15]]^S6[x[ 1]]^S7[x[ 0]]^S7[x[13]]; + if (K != k) + break; + K += 16; + } + + for (i = 0; i < 16; i++) { + key->data[i*2] = k[i]; + key->data[i*2 + 1] = ((k[i + 16]) + 16)&0x1f; + } +} +LCRYPTO_ALIAS(CAST_set_key); + +void +CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, + const CAST_KEY *ks, unsigned char *iv, int enc) +{ + CAST_LONG tin0, tin1; + CAST_LONG tout0, tout1, xor0, xor1; + long l = length; + CAST_LONG tin[2]; + + if (enc) { + n2l(iv, tout0); + n2l(iv, tout1); + iv -= 8; + for (l -= 8; l >= 0; l -= 8) { + n2l(in, tin0); + n2l(in, tin1); + tin0 ^= tout0; + tin1 ^= tout1; + tin[0] = tin0; + tin[1] = tin1; + CAST_encrypt(tin, ks); + tout0 = tin[0]; + tout1 = tin[1]; + l2n(tout0, out); + l2n(tout1, out); + } + if (l != -8) { + n2ln(in, tin0, tin1, l + 8); + tin0 ^= tout0; + tin1 ^= tout1; + tin[0] = tin0; + tin[1] = tin1; + CAST_encrypt(tin, ks); + tout0 = tin[0]; + tout1 = tin[1]; + l2n(tout0, out); + l2n(tout1, out); + } + l2n(tout0, iv); + l2n(tout1, iv); + } else { + n2l(iv, xor0); + n2l(iv, xor1); + iv -= 8; + for (l -= 8; l >= 0; l -= 8) { + n2l(in, tin0); + n2l(in, tin1); + tin[0] = tin0; + tin[1] = tin1; + CAST_decrypt(tin, ks); + tout0 = tin[0]^xor0; + tout1 = tin[1]^xor1; + l2n(tout0, out); + l2n(tout1, out); + xor0 = tin0; + xor1 = tin1; + } + if (l != -8) { + n2l(in, tin0); + n2l(in, tin1); + tin[0] = tin0; + tin[1] = tin1; + CAST_decrypt(tin, ks); + tout0 = tin[0]^xor0; + tout1 = tin[1]^xor1; + l2nn(tout0, tout1, out, l + 8); + xor0 = tin0; + xor1 = tin1; + } + l2n(xor0, iv); + l2n(xor1, iv); + } + tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; + tin[0] = tin[1] = 0; +} +LCRYPTO_ALIAS(CAST_cbc_encrypt); + +/* + * The input and output encrypted as though 64bit cfb mode is being + * used. The extra state information to record how much of the + * 64bit block we have used is contained in *num; + */ + +void +CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, const CAST_KEY *schedule, unsigned char *ivec, + int *num, int enc) +{ + CAST_LONG v0, v1, t; + int n= *num; + long l = length; + CAST_LONG ti[2]; + unsigned char *iv, c, cc; + + iv = ivec; + if (enc) { + while (l--) { + if (n == 0) { + n2l(iv, v0); + ti[0] = v0; + n2l(iv, v1); + ti[1] = v1; + CAST_encrypt((CAST_LONG *)ti, schedule); + iv = ivec; + t = ti[0]; + l2n(t, iv); + t = ti[1]; + l2n(t, iv); + iv = ivec; + } + c= *(in++)^iv[n]; + *(out++) = c; + iv[n] = c; + n = (n + 1)&0x07; + } + } else { + while (l--) { + if (n == 0) { + n2l(iv, v0); + ti[0] = v0; + n2l(iv, v1); + ti[1] = v1; + CAST_encrypt((CAST_LONG *)ti, schedule); + iv = ivec; + t = ti[0]; + l2n(t, iv); + t = ti[1]; + l2n(t, iv); + iv = ivec; + } + cc= *(in++); + c = iv[n]; + iv[n] = cc; + *(out++) = c^cc; + n = (n + 1)&0x07; + } + } + v0 = v1 = ti[0] = ti[1] = t=c = cc = 0; + *num = n; +} +LCRYPTO_ALIAS(CAST_cfb64_encrypt); + +void +CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, + const CAST_KEY *ks, int enc) +{ + CAST_LONG l, d[2]; + + n2l(in, l); + d[0] = l; + n2l(in, l); + d[1] = l; + if (enc) + CAST_encrypt(d, ks); + else + CAST_decrypt(d, ks); + l = d[0]; + l2n(l, out); + l = d[1]; + l2n(l, out); + l = d[0] = d[1] = 0; +} +LCRYPTO_ALIAS(CAST_ecb_encrypt); + +/* + * The input and output encrypted as though 64bit ofb mode is being + * used. The extra state information to record how much of the + * 64bit block we have used is contained in *num; + */ +void +CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, const CAST_KEY *schedule, unsigned char *ivec, + int *num) +{ + CAST_LONG v0, v1, t; + int n= *num; + long l = length; + unsigned char d[8]; + char *dp; + CAST_LONG ti[2]; + unsigned char *iv; + int save = 0; + + iv = ivec; + n2l(iv, v0); + n2l(iv, v1); + ti[0] = v0; + ti[1] = v1; + dp = (char *)d; + l2n(v0, dp); + l2n(v1, dp); + while (l--) { + if (n == 0) { + CAST_encrypt((CAST_LONG *)ti, schedule); + dp = (char *)d; + t = ti[0]; + l2n(t, dp); + t = ti[1]; + l2n(t, dp); + save++; + } + *(out++)= *(in++)^d[n]; + n = (n + 1)&0x07; + } + if (save) { + v0 = ti[0]; + v1 = ti[1]; + iv = ivec; + l2n(v0, iv); + l2n(v1, iv); + } + t = v0 = v1 = ti[0] = ti[1] = 0; + *num = n; +} +LCRYPTO_ALIAS(CAST_ofb64_encrypt); diff --git a/lib/libcrypto/cms/cms.h b/lib/libcrypto/cms/cms.h index 76672af09..75983cee3 100644 --- a/lib/libcrypto/cms/cms.h +++ b/lib/libcrypto/cms/cms.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cms.h,v 1.16 2023/07/28 10:28:02 tb Exp $ */ +/* $OpenBSD: cms.h,v 1.17 2024/03/29 02:28:50 jsing Exp $ */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. @@ -58,8 +58,11 @@ #include #ifndef OPENSSL_NO_CMS + +#include #include #include + #ifdef __cplusplus extern "C" { #endif @@ -138,14 +141,12 @@ ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms); int CMS_is_detached(CMS_ContentInfo *cms); int CMS_set_detached(CMS_ContentInfo *cms, int detached); -#ifdef HEADER_PEM_H CMS_ContentInfo *PEM_read_bio_CMS(BIO *bp, CMS_ContentInfo **x, pem_password_cb *cb, void *u); CMS_ContentInfo *PEM_read_CMS(FILE *fp, CMS_ContentInfo **x, pem_password_cb *cb, void *u); int PEM_write_bio_CMS(BIO *bp, const CMS_ContentInfo *x); int PEM_write_CMS(FILE *fp, const CMS_ContentInfo *x); -#endif int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms); CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms); int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms); diff --git a/lib/libcrypto/cms/cms_sd.c b/lib/libcrypto/cms/cms_sd.c index b644717bb..5a38bf59a 100644 --- a/lib/libcrypto/cms/cms_sd.c +++ b/lib/libcrypto/cms/cms_sd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_sd.c,v 1.30 2024/02/02 14:13:11 tb Exp $ */ +/* $OpenBSD: cms_sd.c,v 1.31 2024/03/29 06:41:58 tb Exp $ */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. @@ -277,6 +277,64 @@ cms_sd_asn1_ctrl(CMS_SignerInfo *si, int cmd) return 1; } +static const EVP_MD * +cms_SignerInfo_default_digest_md(const CMS_SignerInfo *si) +{ + int rv, nid; + + if (si->pkey == NULL) { + CMSerror(CMS_R_NO_PUBLIC_KEY); + return NULL; + } + + /* On failure or unsupported operation, give up. */ + if ((rv = EVP_PKEY_get_default_digest_nid(si->pkey, &nid)) <= 0) + return NULL; + if (rv > 2) + return NULL; + + /* + * XXX - we need to identify EdDSA in a better way. Figure out where + * and how. This mimics EdDSA checks in openssl/ca.c and openssl/req.c. + */ + + /* The digest md is required to be EVP_sha512() (EdDSA). */ + if (rv == 2 && nid == NID_undef) + return EVP_sha512(); + + /* Use mandatory or default digest. */ + return EVP_get_digestbynid(nid); +} + +static const EVP_MD * +cms_SignerInfo_signature_md(const CMS_SignerInfo *si) +{ + int rv, nid; + + if (si->pkey == NULL) { + CMSerror(CMS_R_NO_PUBLIC_KEY); + return NULL; + } + + /* Fall back to digestAlgorithm unless pkey has a mandatory digest. */ + if ((rv = EVP_PKEY_get_default_digest_nid(si->pkey, &nid)) <= 1) + return EVP_get_digestbyobj(si->digestAlgorithm->algorithm); + if (rv > 2) + return NULL; + + /* + * XXX - we need to identify EdDSA in a better way. Figure out where + * and how. This mimics EdDSA checks in openssl/ca.c and openssl/req.c. + */ + + /* The signature md is required to be EVP_md_null() (EdDSA). */ + if (nid == NID_undef) + return EVP_md_null(); + + /* Use mandatory digest. */ + return EVP_get_digestbynid(nid); +} + CMS_SignerInfo * CMS_add1_signer(CMS_ContentInfo *cms, X509 *signer, EVP_PKEY *pk, const EVP_MD *md, unsigned int flags) @@ -325,19 +383,10 @@ CMS_add1_signer(CMS_ContentInfo *cms, X509 *signer, EVP_PKEY *pk, if (!cms_set1_SignerIdentifier(si->sid, signer, type)) goto err; + if (md == NULL) + md = cms_SignerInfo_default_digest_md(si); if (md == NULL) { - int def_nid; - if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0) - goto err; - md = EVP_get_digestbynid(def_nid); - if (md == NULL) { - CMSerror(CMS_R_NO_DEFAULT_DIGEST); - goto err; - } - } - - if (!md) { - CMSerror(CMS_R_NO_DIGEST_SET); + CMSerror(CMS_R_NO_DEFAULT_DIGEST); goto err; } @@ -735,7 +784,7 @@ CMS_SignerInfo_sign(CMS_SignerInfo *si) size_t sig_len = 0; int ret = 0; - if ((md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm)) == NULL) + if ((md = cms_SignerInfo_signature_md(si)) == NULL) goto err; if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) { @@ -795,14 +844,9 @@ CMS_SignerInfo_verify(CMS_SignerInfo *si) int buf_len = 0; int ret = -1; - if ((md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm)) == NULL) + if ((md = cms_SignerInfo_signature_md(si)) == NULL) goto err; - if (si->pkey == NULL) { - CMSerror(CMS_R_NO_PUBLIC_KEY); - goto err; - } - if (si->mctx == NULL) si->mctx = EVP_MD_CTX_new(); if (si->mctx == NULL) { diff --git a/lib/libcrypto/des/asm/des-586.pl b/lib/libcrypto/des/asm/des-586.pl deleted file mode 100644 index 3dad595b9..000000000 --- a/lib/libcrypto/des/asm/des-586.pl +++ /dev/null @@ -1,452 +0,0 @@ -#!/usr/local/bin/perl -# -# The inner loop instruction sequence and the IP/FP modifications are from -# Svend Olaf Mikkelsen -# - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86asm.pl"; -require "cbc.pl"; -require "desboth.pl"; - -# base code is in microsft -# op dest, source -# format. -# - -&asm_init($ARGV[0],"des-586.pl"); - -$L="edi"; -$R="esi"; -$trans="ebp"; -$small_footprint=1 if (grep(/\-DOPENSSL_SMALL_FOOTPRINT/,@ARGV)); -# one can discuss setting this variable to 1 unconditionally, as -# the folded loop is only 3% slower than unrolled, but >7 times smaller - -&public_label("DES_SPtrans"); - -&DES_encrypt_internal(); -&DES_decrypt_internal(); -&DES_encrypt("DES_encrypt1",1); -&DES_encrypt("DES_encrypt2",0); -&DES_encrypt3("DES_encrypt3",1); -&DES_encrypt3("DES_decrypt3",0); -&cbc("DES_ncbc_encrypt","DES_encrypt1","DES_encrypt1",0,4,5,3,5,-1); -&cbc("DES_ede3_cbc_encrypt","DES_encrypt3","DES_decrypt3",0,6,7,3,4,5); -&DES_SPtrans(); - -&asm_finish(); - -sub DES_encrypt_internal() - { - &function_begin_B("_x86_DES_encrypt"); - - if ($small_footprint) - { - &lea("edx",&DWP(128,"ecx")); - &push("edx"); - &push("ecx"); - &set_label("eloop"); - &D_ENCRYPT(0,$L,$R,0,$trans,"eax","ebx","ecx","edx",&swtmp(0)); - &comment(""); - &D_ENCRYPT(1,$R,$L,2,$trans,"eax","ebx","ecx","edx",&swtmp(0)); - &comment(""); - &add("ecx",16); - &cmp("ecx",&swtmp(1)); - &mov(&swtmp(0),"ecx"); - &jb(&label("eloop")); - &add("esp",8); - } - else - { - &push("ecx"); - for ($i=0; $i<16; $i+=2) - { - &comment("Round $i"); - &D_ENCRYPT($i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx",&swtmp(0)); - &comment("Round ".sprintf("%d",$i+1)); - &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$trans,"eax","ebx","ecx","edx",&swtmp(0)); - } - &add("esp",4); - } - &ret(); - - &function_end_B("_x86_DES_encrypt"); - } - -sub DES_decrypt_internal() - { - &function_begin_B("_x86_DES_decrypt"); - - if ($small_footprint) - { - &push("ecx"); - &lea("ecx",&DWP(128,"ecx")); - &push("ecx"); - &set_label("dloop"); - &D_ENCRYPT(0,$L,$R,-2,$trans,"eax","ebx","ecx","edx",&swtmp(0)); - &comment(""); - &D_ENCRYPT(1,$R,$L,-4,$trans,"eax","ebx","ecx","edx",&swtmp(0)); - &comment(""); - &sub("ecx",16); - &cmp("ecx",&swtmp(1)); - &mov(&swtmp(0),"ecx"); - &ja(&label("dloop")); - &add("esp",8); - } - else - { - &push("ecx"); - for ($i=15; $i>0; $i-=2) - { - &comment("Round $i"); - &D_ENCRYPT(15-$i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx",&swtmp(0)); - &comment("Round ".sprintf("%d",$i-1)); - &D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$trans,"eax","ebx","ecx","edx",&swtmp(0)); - } - &add("esp",4); - } - &ret(); - - &function_end_B("_x86_DES_decrypt"); - } - -sub DES_encrypt - { - local($name,$do_ip)=@_; - - &function_begin_B($name); - - &push("esi"); - &push("edi"); - - &comment(""); - &comment("Load the 2 words"); - - if ($do_ip) - { - &mov($R,&wparam(0)); - &xor( "ecx", "ecx" ); - - &push("ebx"); - &push("ebp"); - - &mov("eax",&DWP(0,$R,"",0)); - &mov("ebx",&wparam(2)); # get encrypt flag - &mov($L,&DWP(4,$R,"",0)); - &comment(""); - &comment("IP"); - &IP_new("eax",$L,$R,3); - } - else - { - &mov("eax",&wparam(0)); - &xor( "ecx", "ecx" ); - - &push("ebx"); - &push("ebp"); - - &mov($R,&DWP(0,"eax","",0)); - &mov("ebx",&wparam(2)); # get encrypt flag - &rotl($R,3); - &mov($L,&DWP(4,"eax","",0)); - &rotl($L,3); - } - - &picsetup($trans); - &picsymbol($trans, &label("DES_SPtrans"), $trans); - - &mov( "ecx", &wparam(1) ); - - &cmp("ebx","0"); - &je(&label("decrypt")); - &call("_x86_DES_encrypt"); - &jmp(&label("done")); - &set_label("decrypt"); - &call("_x86_DES_decrypt"); - &set_label("done"); - - if ($do_ip) - { - &comment(""); - &comment("FP"); - &mov("edx",&wparam(0)); - &FP_new($L,$R,"eax",3); - - &mov(&DWP(0,"edx","",0),"eax"); - &mov(&DWP(4,"edx","",0),$R); - } - else - { - &comment(""); - &comment("Fixup"); - &rotr($L,3); # r - &mov("eax",&wparam(0)); - &rotr($R,3); # l - &mov(&DWP(0,"eax","",0),$L); - &mov(&DWP(4,"eax","",0),$R); - } - - &pop("ebp"); - &pop("ebx"); - &pop("edi"); - &pop("esi"); - &ret(); - - &function_end_B($name); - } - -sub D_ENCRYPT - { - local($r,$L,$R,$S,$trans,$u,$tmp1,$tmp2,$t,$wp1)=@_; - - &mov( $u, &DWP(&n2a($S*4),$tmp2,"",0)); - &xor( $tmp1, $tmp1); - &mov( $t, &DWP(&n2a(($S+1)*4),$tmp2,"",0)); - &xor( $u, $R); - &xor( $tmp2, $tmp2); - &xor( $t, $R); - &and( $u, "0xfcfcfcfc" ); - &and( $t, "0xcfcfcfcf" ); - &movb( &LB($tmp1), &LB($u) ); - &movb( &LB($tmp2), &HB($u) ); - &rotr( $t, 4 ); - &xor( $L, &DWP(" ",$trans,$tmp1,0)); - &movb( &LB($tmp1), &LB($t) ); - &xor( $L, &DWP("0x200",$trans,$tmp2,0)); - &movb( &LB($tmp2), &HB($t) ); - &shr( $u, 16); - &xor( $L, &DWP("0x100",$trans,$tmp1,0)); - &movb( &LB($tmp1), &HB($u) ); - &shr( $t, 16); - &xor( $L, &DWP("0x300",$trans,$tmp2,0)); - &movb( &LB($tmp2), &HB($t) ); - &and( $u, "0xff" ); - &and( $t, "0xff" ); - &xor( $L, &DWP("0x600",$trans,$tmp1,0)); - &xor( $L, &DWP("0x700",$trans,$tmp2,0)); - &mov( $tmp2, $wp1 ); - &xor( $L, &DWP("0x400",$trans,$u,0)); - &xor( $L, &DWP("0x500",$trans,$t,0)); - } - -sub n2a - { - sprintf("%d",$_[0]); - } - -# now has a side affect of rotating $a by $shift -sub R_PERM_OP - { - local($a,$b,$tt,$shift,$mask,$last)=@_; - - &rotl( $a, $shift ) if ($shift != 0); - &mov( $tt, $a ); - &xor( $a, $b ); - &and( $a, $mask ); - # This can never succeed, and besides it is difficult to see what the - # idea was - Ben 13 Feb 99 - if (!$last eq $b) - { - &xor( $b, $a ); - &xor( $tt, $a ); - } - else - { - &xor( $tt, $a ); - &xor( $b, $a ); - } - &comment(""); - } - -sub IP_new - { - local($l,$r,$tt,$lr)=@_; - - &R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l); - &R_PERM_OP($r,$tt,$l,20,"0xfff0000f",$l); - &R_PERM_OP($l,$tt,$r,14,"0x33333333",$r); - &R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r); - &R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r); - - if ($lr != 3) - { - if (($lr-3) < 0) - { &rotr($tt, 3-$lr); } - else { &rotl($tt, $lr-3); } - } - if ($lr != 2) - { - if (($lr-2) < 0) - { &rotr($r, 2-$lr); } - else { &rotl($r, $lr-2); } - } - } - -sub FP_new - { - local($l,$r,$tt,$lr)=@_; - - if ($lr != 2) - { - if (($lr-2) < 0) - { &rotl($r, 2-$lr); } - else { &rotr($r, $lr-2); } - } - if ($lr != 3) - { - if (($lr-3) < 0) - { &rotl($l, 3-$lr); } - else { &rotr($l, $lr-3); } - } - - &R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r); - &R_PERM_OP($tt,$r,$l,23,"0x03fc03fc",$r); - &R_PERM_OP($l,$r,$tt,10,"0x33333333",$l); - &R_PERM_OP($r,$tt,$l,18,"0xfff0000f",$l); - &R_PERM_OP($l,$tt,$r,12,"0xf0f0f0f0",$r); - &rotr($tt , 4); - } - -sub DES_SPtrans - { - &rodataseg(); - &set_label("DES_SPtrans",64); - &data_word(0x02080800, 0x00080000, 0x02000002, 0x02080802); - &data_word(0x02000000, 0x00080802, 0x00080002, 0x02000002); - &data_word(0x00080802, 0x02080800, 0x02080000, 0x00000802); - &data_word(0x02000802, 0x02000000, 0x00000000, 0x00080002); - &data_word(0x00080000, 0x00000002, 0x02000800, 0x00080800); - &data_word(0x02080802, 0x02080000, 0x00000802, 0x02000800); - &data_word(0x00000002, 0x00000800, 0x00080800, 0x02080002); - &data_word(0x00000800, 0x02000802, 0x02080002, 0x00000000); - &data_word(0x00000000, 0x02080802, 0x02000800, 0x00080002); - &data_word(0x02080800, 0x00080000, 0x00000802, 0x02000800); - &data_word(0x02080002, 0x00000800, 0x00080800, 0x02000002); - &data_word(0x00080802, 0x00000002, 0x02000002, 0x02080000); - &data_word(0x02080802, 0x00080800, 0x02080000, 0x02000802); - &data_word(0x02000000, 0x00000802, 0x00080002, 0x00000000); - &data_word(0x00080000, 0x02000000, 0x02000802, 0x02080800); - &data_word(0x00000002, 0x02080002, 0x00000800, 0x00080802); - # nibble 1 - &data_word(0x40108010, 0x00000000, 0x00108000, 0x40100000); - &data_word(0x40000010, 0x00008010, 0x40008000, 0x00108000); - &data_word(0x00008000, 0x40100010, 0x00000010, 0x40008000); - &data_word(0x00100010, 0x40108000, 0x40100000, 0x00000010); - &data_word(0x00100000, 0x40008010, 0x40100010, 0x00008000); - &data_word(0x00108010, 0x40000000, 0x00000000, 0x00100010); - &data_word(0x40008010, 0x00108010, 0x40108000, 0x40000010); - &data_word(0x40000000, 0x00100000, 0x00008010, 0x40108010); - &data_word(0x00100010, 0x40108000, 0x40008000, 0x00108010); - &data_word(0x40108010, 0x00100010, 0x40000010, 0x00000000); - &data_word(0x40000000, 0x00008010, 0x00100000, 0x40100010); - &data_word(0x00008000, 0x40000000, 0x00108010, 0x40008010); - &data_word(0x40108000, 0x00008000, 0x00000000, 0x40000010); - &data_word(0x00000010, 0x40108010, 0x00108000, 0x40100000); - &data_word(0x40100010, 0x00100000, 0x00008010, 0x40008000); - &data_word(0x40008010, 0x00000010, 0x40100000, 0x00108000); - # nibble 2 - &data_word(0x04000001, 0x04040100, 0x00000100, 0x04000101); - &data_word(0x00040001, 0x04000000, 0x04000101, 0x00040100); - &data_word(0x04000100, 0x00040000, 0x04040000, 0x00000001); - &data_word(0x04040101, 0x00000101, 0x00000001, 0x04040001); - &data_word(0x00000000, 0x00040001, 0x04040100, 0x00000100); - &data_word(0x00000101, 0x04040101, 0x00040000, 0x04000001); - &data_word(0x04040001, 0x04000100, 0x00040101, 0x04040000); - &data_word(0x00040100, 0x00000000, 0x04000000, 0x00040101); - &data_word(0x04040100, 0x00000100, 0x00000001, 0x00040000); - &data_word(0x00000101, 0x00040001, 0x04040000, 0x04000101); - &data_word(0x00000000, 0x04040100, 0x00040100, 0x04040001); - &data_word(0x00040001, 0x04000000, 0x04040101, 0x00000001); - &data_word(0x00040101, 0x04000001, 0x04000000, 0x04040101); - &data_word(0x00040000, 0x04000100, 0x04000101, 0x00040100); - &data_word(0x04000100, 0x00000000, 0x04040001, 0x00000101); - &data_word(0x04000001, 0x00040101, 0x00000100, 0x04040000); - # nibble 3 - &data_word(0x00401008, 0x10001000, 0x00000008, 0x10401008); - &data_word(0x00000000, 0x10400000, 0x10001008, 0x00400008); - &data_word(0x10401000, 0x10000008, 0x10000000, 0x00001008); - &data_word(0x10000008, 0x00401008, 0x00400000, 0x10000000); - &data_word(0x10400008, 0x00401000, 0x00001000, 0x00000008); - &data_word(0x00401000, 0x10001008, 0x10400000, 0x00001000); - &data_word(0x00001008, 0x00000000, 0x00400008, 0x10401000); - &data_word(0x10001000, 0x10400008, 0x10401008, 0x00400000); - &data_word(0x10400008, 0x00001008, 0x00400000, 0x10000008); - &data_word(0x00401000, 0x10001000, 0x00000008, 0x10400000); - &data_word(0x10001008, 0x00000000, 0x00001000, 0x00400008); - &data_word(0x00000000, 0x10400008, 0x10401000, 0x00001000); - &data_word(0x10000000, 0x10401008, 0x00401008, 0x00400000); - &data_word(0x10401008, 0x00000008, 0x10001000, 0x00401008); - &data_word(0x00400008, 0x00401000, 0x10400000, 0x10001008); - &data_word(0x00001008, 0x10000000, 0x10000008, 0x10401000); - # nibble 4 - &data_word(0x08000000, 0x00010000, 0x00000400, 0x08010420); - &data_word(0x08010020, 0x08000400, 0x00010420, 0x08010000); - &data_word(0x00010000, 0x00000020, 0x08000020, 0x00010400); - &data_word(0x08000420, 0x08010020, 0x08010400, 0x00000000); - &data_word(0x00010400, 0x08000000, 0x00010020, 0x00000420); - &data_word(0x08000400, 0x00010420, 0x00000000, 0x08000020); - &data_word(0x00000020, 0x08000420, 0x08010420, 0x00010020); - &data_word(0x08010000, 0x00000400, 0x00000420, 0x08010400); - &data_word(0x08010400, 0x08000420, 0x00010020, 0x08010000); - &data_word(0x00010000, 0x00000020, 0x08000020, 0x08000400); - &data_word(0x08000000, 0x00010400, 0x08010420, 0x00000000); - &data_word(0x00010420, 0x08000000, 0x00000400, 0x00010020); - &data_word(0x08000420, 0x00000400, 0x00000000, 0x08010420); - &data_word(0x08010020, 0x08010400, 0x00000420, 0x00010000); - &data_word(0x00010400, 0x08010020, 0x08000400, 0x00000420); - &data_word(0x00000020, 0x00010420, 0x08010000, 0x08000020); - # nibble 5 - &data_word(0x80000040, 0x00200040, 0x00000000, 0x80202000); - &data_word(0x00200040, 0x00002000, 0x80002040, 0x00200000); - &data_word(0x00002040, 0x80202040, 0x00202000, 0x80000000); - &data_word(0x80002000, 0x80000040, 0x80200000, 0x00202040); - &data_word(0x00200000, 0x80002040, 0x80200040, 0x00000000); - &data_word(0x00002000, 0x00000040, 0x80202000, 0x80200040); - &data_word(0x80202040, 0x80200000, 0x80000000, 0x00002040); - &data_word(0x00000040, 0x00202000, 0x00202040, 0x80002000); - &data_word(0x00002040, 0x80000000, 0x80002000, 0x00202040); - &data_word(0x80202000, 0x00200040, 0x00000000, 0x80002000); - &data_word(0x80000000, 0x00002000, 0x80200040, 0x00200000); - &data_word(0x00200040, 0x80202040, 0x00202000, 0x00000040); - &data_word(0x80202040, 0x00202000, 0x00200000, 0x80002040); - &data_word(0x80000040, 0x80200000, 0x00202040, 0x00000000); - &data_word(0x00002000, 0x80000040, 0x80002040, 0x80202000); - &data_word(0x80200000, 0x00002040, 0x00000040, 0x80200040); - # nibble 6 - &data_word(0x00004000, 0x00000200, 0x01000200, 0x01000004); - &data_word(0x01004204, 0x00004004, 0x00004200, 0x00000000); - &data_word(0x01000000, 0x01000204, 0x00000204, 0x01004000); - &data_word(0x00000004, 0x01004200, 0x01004000, 0x00000204); - &data_word(0x01000204, 0x00004000, 0x00004004, 0x01004204); - &data_word(0x00000000, 0x01000200, 0x01000004, 0x00004200); - &data_word(0x01004004, 0x00004204, 0x01004200, 0x00000004); - &data_word(0x00004204, 0x01004004, 0x00000200, 0x01000000); - &data_word(0x00004204, 0x01004000, 0x01004004, 0x00000204); - &data_word(0x00004000, 0x00000200, 0x01000000, 0x01004004); - &data_word(0x01000204, 0x00004204, 0x00004200, 0x00000000); - &data_word(0x00000200, 0x01000004, 0x00000004, 0x01000200); - &data_word(0x00000000, 0x01000204, 0x01000200, 0x00004200); - &data_word(0x00000204, 0x00004000, 0x01004204, 0x01000000); - &data_word(0x01004200, 0x00000004, 0x00004004, 0x01004204); - &data_word(0x01000004, 0x01004200, 0x01004000, 0x00004004); - # nibble 7 - &data_word(0x20800080, 0x20820000, 0x00020080, 0x00000000); - &data_word(0x20020000, 0x00800080, 0x20800000, 0x20820080); - &data_word(0x00000080, 0x20000000, 0x00820000, 0x00020080); - &data_word(0x00820080, 0x20020080, 0x20000080, 0x20800000); - &data_word(0x00020000, 0x00820080, 0x00800080, 0x20020000); - &data_word(0x20820080, 0x20000080, 0x00000000, 0x00820000); - &data_word(0x20000000, 0x00800000, 0x20020080, 0x20800080); - &data_word(0x00800000, 0x00020000, 0x20820000, 0x00000080); - &data_word(0x00800000, 0x00020000, 0x20000080, 0x20820080); - &data_word(0x00020080, 0x20000000, 0x00000000, 0x00820000); - &data_word(0x20800080, 0x20020080, 0x20020000, 0x00800080); - &data_word(0x20820000, 0x00000080, 0x00800080, 0x20020000); - &data_word(0x20820080, 0x00800000, 0x20800000, 0x20000080); - &data_word(0x00820000, 0x00020080, 0x20020080, 0x20800000); - &data_word(0x00000080, 0x20820000, 0x00820080, 0x00000000); - &data_word(0x20000000, 0x20800080, 0x00020000, 0x00820080); - &previous(); - } diff --git a/lib/libcrypto/des/asm/des_enc.m4 b/lib/libcrypto/des/asm/des_enc.m4 deleted file mode 100644 index 268fc28c2..000000000 --- a/lib/libcrypto/des/asm/des_enc.m4 +++ /dev/null @@ -1,2099 +0,0 @@ -! des_enc.m4 -! des_enc.S (generated from des_enc.m4) -! -! UltraSPARC assembler version of the LibDES/SSLeay/OpenSSL des_enc.c file. -! -! Version 1.0. 32-bit version. -! -! June 8, 2000. -! -! Version 2.0. 32/64-bit, PIC-ification, blended CPU adaptation -! by Andy Polyakov. -! -! January 1, 2003. -! -! Assembler version: Copyright Svend Olaf Mikkelsen. -! -! Original C code: Copyright Eric A. Young. -! -! This code can be freely used by LibDES/SSLeay/OpenSSL users. -! -! The LibDES/SSLeay/OpenSSL copyright notices must be respected. -! -! This version can be redistributed. -! -! To expand the m4 macros: m4 -B 8192 des_enc.m4 > des_enc.S -! -! Global registers 1 to 5 are used. This is the same as done by the -! cc compiler. The UltraSPARC load/store little endian feature is used. -! -! Instruction grouping often refers to one CPU cycle. -! -! Assemble through gcc: gcc -c -mcpu=ultrasparc -o des_enc.o des_enc.S -! -! Assemble through cc: cc -c -xarch=v8plusa -o des_enc.o des_enc.S -! -! Performance improvement according to './apps/openssl speed des' -! -! 32-bit build: -! 23% faster than cc-5.2 -xarch=v8plus -xO5 -! 115% faster than gcc-3.2.1 -m32 -mcpu=ultrasparc -O5 -! 64-bit build: -! 50% faster than cc-5.2 -xarch=v9 -xO5 -! 100% faster than gcc-3.2.1 -m64 -mcpu=ultrasparc -O5 -! - -.ident "des_enc.m4 2.1" -.file "des_enc-sparc.S" - -#if defined(__SUNPRO_C) && defined(__sparcv9) -# define ABI64 /* They've said -xarch=v9 at command line */ -#elif defined(__GNUC__) && defined(__arch64__) -# define ABI64 /* They've said -m64 at command line */ -#endif - -#ifdef ABI64 - .register %g2,#scratch - .register %g3,#scratch -# define FRAME -192 -# define BIAS 2047 -# define LDPTR ldx -# define STPTR stx -# define ARG0 128 -# define ARGSZ 8 -# ifndef OPENSSL_SYSNAME_ULTRASPARC -# define OPENSSL_SYSNAME_ULTRASPARC -# endif -#else -# define FRAME -96 -# define BIAS 0 -# define LDPTR ld -# define STPTR st -# define ARG0 68 -# define ARGSZ 4 -#endif - -#define LOOPS 7 - -#define global0 %g0 -#define global1 %g1 -#define global2 %g2 -#define global3 %g3 -#define global4 %g4 -#define global5 %g5 - -#define local0 %l0 -#define local1 %l1 -#define local2 %l2 -#define local3 %l3 -#define local4 %l4 -#define local5 %l5 -#define local7 %l6 -#define local6 %l7 - -#define in0 %i0 -#define in1 %i1 -#define in2 %i2 -#define in3 %i3 -#define in4 %i4 -#define in5 %i5 -#define in6 %i6 -#define in7 %i7 - -#define out0 %o0 -#define out1 %o1 -#define out2 %o2 -#define out3 %o3 -#define out4 %o4 -#define out5 %o5 -#define out6 %o6 -#define out7 %o7 - -#define stub stb - -changequote({,}) - - -! Macro definitions: - - -! {ip_macro} -! -! The logic used in initial and final permutations is the same as in -! the C code. The permutations are done with a clever shift, xor, and -! technique. -! -! The macro also loads address sbox 1 to 5 to global 1 to 5, address -! sbox 6 to local6, and address sbox 8 to out3. -! -! Rotates the halfs 3 left to bring the sbox bits in convenient positions. -! -! Loads key first round from address in parameter 5 to out0, out1. -! -! After the original LibDES initial permutation, the resulting left -! is in the variable initially used for right and vice versa. The macro -! implements the possibility to keep the halfs in the original registers. -! -! parameter 1 left -! parameter 2 right -! parameter 3 result left (modify in first round) -! parameter 4 result right (use in first round) -! parameter 5 key address -! parameter 6 1/2 for include encryption/decryption -! parameter 7 1 for move in1 to in3 -! parameter 8 1 for move in3 to in4, 2 for move in4 to in3 -! parameter 9 1 for load ks3 and ks2 to in4 and in3 - -define(ip_macro, { - -! {ip_macro} -! $1 $2 $4 $3 $5 $6 $7 $8 $9 - - ld [out2+256], local1 - srl $2, 4, local4 - - xor local4, $1, local4 - ifelse($7,1,{mov in1, in3},{nop}) - - ld [out2+260], local2 - and local4, local1, local4 - ifelse($8,1,{mov in3, in4},{}) - ifelse($8,2,{mov in4, in3},{}) - - ld [out2+280], out4 ! loop counter - sll local4, 4, local1 - xor $1, local4, $1 - - ld [out2+264], local3 - srl $1, 16, local4 - xor $2, local1, $2 - - ifelse($9,1,{LDPTR KS3, in4},{}) - xor local4, $2, local4 - nop !sethi %hi(DES_SPtrans), global1 ! sbox addr - - ifelse($9,1,{LDPTR KS2, in3},{}) - and local4, local2, local4 - nop !or global1, %lo(DES_SPtrans), global1 ! sbox addr - - sll local4, 16, local1 - xor $2, local4, $2 - - srl $2, 2, local4 - xor $1, local1, $1 - - sethi %hi(16711680), local5 - xor local4, $1, local4 - - and local4, local3, local4 - or local5, 255, local5 - - sll local4, 2, local2 - xor $1, local4, $1 - - srl $1, 8, local4 - xor $2, local2, $2 - - xor local4, $2, local4 - add global1, 768, global4 - - and local4, local5, local4 - add global1, 1024, global5 - - ld [out2+272], local7 - sll local4, 8, local1 - xor $2, local4, $2 - - srl $2, 1, local4 - xor $1, local1, $1 - - ld [$5], out0 ! key 7531 - xor local4, $1, local4 - add global1, 256, global2 - - ld [$5+4], out1 ! key 8642 - and local4, local7, local4 - add global1, 512, global3 - - sll local4, 1, local1 - xor $1, local4, $1 - - sll $1, 3, local3 - xor $2, local1, $2 - - sll $2, 3, local2 - add global1, 1280, local6 ! address sbox 8 - - srl $1, 29, local4 - add global1, 1792, out3 ! address sbox 8 - - srl $2, 29, local1 - or local4, local3, $4 - - or local2, local1, $3 - - ifelse($6, 1, { - - ld [out2+284], local5 ! 0x0000FC00 used in the rounds - or local2, local1, $3 - xor $4, out0, local1 - - call .des_enc.1 - and local1, 252, local1 - - },{}) - - ifelse($6, 2, { - - ld [out2+284], local5 ! 0x0000FC00 used in the rounds - or local2, local1, $3 - xor $4, out0, local1 - - call .des_dec.1 - and local1, 252, local1 - - },{}) -}) - - -! {rounds_macro} -! -! The logic used in the DES rounds is the same as in the C code, -! except that calculations for sbox 1 and sbox 5 begin before -! the previous round is finished. -! -! In each round one half (work) is modified based on key and the -! other half (use). -! -! In this version we do two rounds in a loop repeated 7 times -! and two rounds separately. -! -! One half has the bits for the sboxes in the following positions: -! -! 777777xx555555xx333333xx111111xx -! -! 88xx666666xx444444xx222222xx8888 -! -! The bits for each sbox are xor-ed with the key bits for that box. -! The above xx bits are cleared, and the result used for lookup in -! the sbox table. Each sbox entry contains the 4 output bits permuted -! into 32 bits according to the P permutation. -! -! In the description of DES, left and right are switched after -! each round, except after last round. In this code the original -! left and right are kept in the same register in all rounds, meaning -! that after the 16 rounds the result for right is in the register -! originally used for left. -! -! parameter 1 first work (left in first round) -! parameter 2 first use (right in first round) -! parameter 3 enc/dec 1/-1 -! parameter 4 loop label -! parameter 5 key address register -! parameter 6 optional address for key next encryption/decryption -! parameter 7 not empty for include retl -! -! also compares in2 to 8 - -define(rounds_macro, { - -! {rounds_macro} -! $1 $2 $3 $4 $5 $6 $7 $8 $9 - - xor $2, out0, local1 - - ld [out2+284], local5 ! 0x0000FC00 - ba $4 - and local1, 252, local1 - - .align 32 - -$4: - ! local6 is address sbox 6 - ! out3 is address sbox 8 - ! out4 is loop counter - - ld [global1+local1], local1 - xor $2, out1, out1 ! 8642 - xor $2, out0, out0 ! 7531 - ! fmovs %f0, %f0 ! fxor used for alignment - - srl out1, 4, local0 ! rotate 4 right - and out0, local5, local3 ! 3 - ! fmovs %f0, %f0 - - ld [$5+$3*8], local7 ! key 7531 next round - srl local3, 8, local3 ! 3 - and local0, 252, local2 ! 2 - ! fmovs %f0, %f0 - - ld [global3+local3],local3 ! 3 - sll out1, 28, out1 ! rotate - xor $1, local1, $1 ! 1 finished, local1 now sbox 7 - - ld [global2+local2], local2 ! 2 - srl out0, 24, local1 ! 7 - or out1, local0, out1 ! rotate - - ldub [out2+local1], local1 ! 7 (and 0xFC) - srl out1, 24, local0 ! 8 - and out1, local5, local4 ! 4 - - ldub [out2+local0], local0 ! 8 (and 0xFC) - srl local4, 8, local4 ! 4 - xor $1, local2, $1 ! 2 finished local2 now sbox 6 - - ld [global4+local4],local4 ! 4 - srl out1, 16, local2 ! 6 - xor $1, local3, $1 ! 3 finished local3 now sbox 5 - - ld [out3+local0],local0 ! 8 - and local2, 252, local2 ! 6 - add global1, 1536, local5 ! address sbox 7 - - ld [local6+local2], local2 ! 6 - srl out0, 16, local3 ! 5 - xor $1, local4, $1 ! 4 finished - - ld [local5+local1],local1 ! 7 - and local3, 252, local3 ! 5 - xor $1, local0, $1 ! 8 finished - - ld [global5+local3],local3 ! 5 - xor $1, local2, $1 ! 6 finished - subcc out4, 1, out4 - - ld [$5+$3*8+4], out0 ! key 8642 next round - xor $1, local7, local2 ! sbox 5 next round - xor $1, local1, $1 ! 7 finished - - srl local2, 16, local2 ! sbox 5 next round - xor $1, local3, $1 ! 5 finished - - ld [$5+$3*16+4], out1 ! key 8642 next round again - and local2, 252, local2 ! sbox5 next round -! next round - xor $1, local7, local7 ! 7531 - - ld [global5+local2], local2 ! 5 - srl local7, 24, local3 ! 7 - xor $1, out0, out0 ! 8642 - - ldub [out2+local3], local3 ! 7 (and 0xFC) - srl out0, 4, local0 ! rotate 4 right - and local7, 252, local1 ! 1 - - sll out0, 28, out0 ! rotate - xor $2, local2, $2 ! 5 finished local2 used - - srl local0, 8, local4 ! 4 - and local0, 252, local2 ! 2 - ld [local5+local3], local3 ! 7 - - srl local0, 16, local5 ! 6 - or out0, local0, out0 ! rotate - ld [global2+local2], local2 ! 2 - - srl out0, 24, local0 - ld [$5+$3*16], out0 ! key 7531 next round - and local4, 252, local4 ! 4 - - and local5, 252, local5 ! 6 - ld [global4+local4], local4 ! 4 - xor $2, local3, $2 ! 7 finished local3 used - - and local0, 252, local0 ! 8 - ld [local6+local5], local5 ! 6 - xor $2, local2, $2 ! 2 finished local2 now sbox 3 - - srl local7, 8, local2 ! 3 start - ld [out3+local0], local0 ! 8 - xor $2, local4, $2 ! 4 finished - - and local2, 252, local2 ! 3 - ld [global1+local1], local1 ! 1 - xor $2, local5, $2 ! 6 finished local5 used - - ld [global3+local2], local2 ! 3 - xor $2, local0, $2 ! 8 finished - add $5, $3*16, $5 ! enc add 8, dec add -8 to key pointer - - ld [out2+284], local5 ! 0x0000FC00 - xor $2, out0, local4 ! sbox 1 next round - xor $2, local1, $2 ! 1 finished - - xor $2, local2, $2 ! 3 finished -#ifdef OPENSSL_SYSNAME_ULTRASPARC - bne,pt %icc, $4 -#else - bne $4 -#endif - and local4, 252, local1 ! sbox 1 next round - -! two rounds more: - - ld [global1+local1], local1 - xor $2, out1, out1 - xor $2, out0, out0 - - srl out1, 4, local0 ! rotate - and out0, local5, local3 - - ld [$5+$3*8], local7 ! key 7531 - srl local3, 8, local3 - and local0, 252, local2 - - ld [global3+local3],local3 - sll out1, 28, out1 ! rotate - xor $1, local1, $1 ! 1 finished, local1 now sbox 7 - - ld [global2+local2], local2 - srl out0, 24, local1 - or out1, local0, out1 ! rotate - - ldub [out2+local1], local1 - srl out1, 24, local0 - and out1, local5, local4 - - ldub [out2+local0], local0 - srl local4, 8, local4 - xor $1, local2, $1 ! 2 finished local2 now sbox 6 - - ld [global4+local4],local4 - srl out1, 16, local2 - xor $1, local3, $1 ! 3 finished local3 now sbox 5 - - ld [out3+local0],local0 - and local2, 252, local2 - add global1, 1536, local5 ! address sbox 7 - - ld [local6+local2], local2 - srl out0, 16, local3 - xor $1, local4, $1 ! 4 finished - - ld [local5+local1],local1 - and local3, 252, local3 - xor $1, local0, $1 - - ld [global5+local3],local3 - xor $1, local2, $1 ! 6 finished - cmp in2, 8 - - ifelse($6,{}, {}, {ld [out2+280], out4}) ! loop counter - xor $1, local7, local2 ! sbox 5 next round - xor $1, local1, $1 ! 7 finished - - ld [$5+$3*8+4], out0 - srl local2, 16, local2 ! sbox 5 next round - xor $1, local3, $1 ! 5 finished - - and local2, 252, local2 -! next round (two rounds more) - xor $1, local7, local7 ! 7531 - - ld [global5+local2], local2 - srl local7, 24, local3 - xor $1, out0, out0 ! 8642 - - ldub [out2+local3], local3 - srl out0, 4, local0 ! rotate - and local7, 252, local1 - - sll out0, 28, out0 ! rotate - xor $2, local2, $2 ! 5 finished local2 used - - srl local0, 8, local4 - and local0, 252, local2 - ld [local5+local3], local3 - - srl local0, 16, local5 - or out0, local0, out0 ! rotate - ld [global2+local2], local2 - - srl out0, 24, local0 - ifelse($6,{}, {}, {ld [$6], out0}) ! key next encryption/decryption - and local4, 252, local4 - - and local5, 252, local5 - ld [global4+local4], local4 - xor $2, local3, $2 ! 7 finished local3 used - - and local0, 252, local0 - ld [local6+local5], local5 - xor $2, local2, $2 ! 2 finished local2 now sbox 3 - - srl local7, 8, local2 ! 3 start - ld [out3+local0], local0 - xor $2, local4, $2 - - and local2, 252, local2 - ld [global1+local1], local1 - xor $2, local5, $2 ! 6 finished local5 used - - ld [global3+local2], local2 - srl $1, 3, local3 - xor $2, local0, $2 - - ifelse($6,{}, {}, {ld [$6+4], out1}) ! key next encryption/decryption - sll $1, 29, local4 - xor $2, local1, $2 - - ifelse($7,{}, {}, {retl}) - xor $2, local2, $2 -}) - - -! {fp_macro} -! -! parameter 1 right (original left) -! parameter 2 left (original right) -! parameter 3 1 for optional store to [in0] -! parameter 4 1 for load input/output address to local5/7 -! -! The final permutation logic switches the halfes, meaning that -! left and right ends up the the registers originally used. - -define(fp_macro, { - -! {fp_macro} -! $1 $2 $3 $4 $5 $6 $7 $8 $9 - - ! initially undo the rotate 3 left done after initial permutation - ! original left is received shifted 3 right and 29 left in local3/4 - - sll $2, 29, local1 - or local3, local4, $1 - - srl $2, 3, $2 - sethi %hi(0x55555555), local2 - - or $2, local1, $2 - or local2, %lo(0x55555555), local2 - - srl $2, 1, local3 - sethi %hi(0x00ff00ff), local1 - xor local3, $1, local3 - or local1, %lo(0x00ff00ff), local1 - and local3, local2, local3 - sethi %hi(0x33333333), local4 - sll local3, 1, local2 - - xor $1, local3, $1 - - srl $1, 8, local3 - xor $2, local2, $2 - xor local3, $2, local3 - or local4, %lo(0x33333333), local4 - and local3, local1, local3 - sethi %hi(0x0000ffff), local1 - sll local3, 8, local2 - - xor $2, local3, $2 - - srl $2, 2, local3 - xor $1, local2, $1 - xor local3, $1, local3 - or local1, %lo(0x0000ffff), local1 - and local3, local4, local3 - sethi %hi(0x0f0f0f0f), local4 - sll local3, 2, local2 - - ifelse($4,1, {LDPTR INPUT, local5}) - xor $1, local3, $1 - - ifelse($4,1, {LDPTR OUTPUT, local7}) - srl $1, 16, local3 - xor $2, local2, $2 - xor local3, $2, local3 - or local4, %lo(0x0f0f0f0f), local4 - and local3, local1, local3 - sll local3, 16, local2 - - xor $2, local3, local1 - - srl local1, 4, local3 - xor $1, local2, $1 - xor local3, $1, local3 - and local3, local4, local3 - sll local3, 4, local2 - - xor $1, local3, $1 - - ! optional store: - - ifelse($3,1, {st $1, [in0]}) - - xor local1, local2, $2 - - ifelse($3,1, {st $2, [in0+4]}) - -}) - - -! {fp_ip_macro} -! -! Does initial permutation for next block mixed with -! final permutation for current block. -! -! parameter 1 original left -! parameter 2 original right -! parameter 3 left ip -! parameter 4 right ip -! parameter 5 1: load ks1/ks2 to in3/in4, add 120 to in4 -! 2: mov in4 to in3 -! -! also adds -8 to length in2 and loads loop counter to out4 - -define(fp_ip_macro, { - -! {fp_ip_macro} -! $1 $2 $3 $4 $5 $6 $7 $8 $9 - - define({temp1},{out4}) - define({temp2},{local3}) - - define({ip1},{local1}) - define({ip2},{local2}) - define({ip4},{local4}) - define({ip5},{local5}) - - ! $1 in local3, local4 - - ld [out2+256], ip1 - sll out5, 29, temp1 - or local3, local4, $1 - - srl out5, 3, $2 - ifelse($5,2,{mov in4, in3}) - - ld [out2+272], ip5 - srl $4, 4, local0 - or $2, temp1, $2 - - srl $2, 1, temp1 - xor temp1, $1, temp1 - - and temp1, ip5, temp1 - xor local0, $3, local0 - - sll temp1, 1, temp2 - xor $1, temp1, $1 - - and local0, ip1, local0 - add in2, -8, in2 - - sll local0, 4, local7 - xor $3, local0, $3 - - ld [out2+268], ip4 - srl $1, 8, temp1 - xor $2, temp2, $2 - ld [out2+260], ip2 - srl $3, 16, local0 - xor $4, local7, $4 - xor temp1, $2, temp1 - xor local0, $4, local0 - and temp1, ip4, temp1 - and local0, ip2, local0 - sll temp1, 8, temp2 - xor $2, temp1, $2 - sll local0, 16, local7 - xor $4, local0, $4 - - srl $2, 2, temp1 - xor $1, temp2, $1 - - ld [out2+264], temp2 ! ip3 - srl $4, 2, local0 - xor $3, local7, $3 - xor temp1, $1, temp1 - xor local0, $3, local0 - and temp1, temp2, temp1 - and local0, temp2, local0 - sll temp1, 2, temp2 - xor $1, temp1, $1 - sll local0, 2, local7 - xor $3, local0, $3 - - srl $1, 16, temp1 - xor $2, temp2, $2 - srl $3, 8, local0 - xor $4, local7, $4 - xor temp1, $2, temp1 - xor local0, $4, local0 - and temp1, ip2, temp1 - and local0, ip4, local0 - sll temp1, 16, temp2 - xor $2, temp1, local4 - sll local0, 8, local7 - xor $4, local0, $4 - - srl $4, 1, local0 - xor $3, local7, $3 - - srl local4, 4, temp1 - xor local0, $3, local0 - - xor $1, temp2, $1 - and local0, ip5, local0 - - sll local0, 1, local7 - xor temp1, $1, temp1 - - xor $3, local0, $3 - xor $4, local7, $4 - - sll $3, 3, local5 - and temp1, ip1, temp1 - - sll temp1, 4, temp2 - xor $1, temp1, $1 - - ifelse($5,1,{LDPTR KS2, in4}) - sll $4, 3, local2 - xor local4, temp2, $2 - - ! reload since used as temporar: - - ld [out2+280], out4 ! loop counter - - srl $3, 29, local0 - ifelse($5,1,{add in4, 120, in4}) - - ifelse($5,1,{LDPTR KS1, in3}) - srl $4, 29, local7 - - or local0, local5, $4 - or local2, local7, $3 - -}) - - - -! {load_little_endian} -! -! parameter 1 address -! parameter 2 destination left -! parameter 3 destination right -! parameter 4 temporar -! parameter 5 label - -define(load_little_endian, { - -! {load_little_endian} -! $1 $2 $3 $4 $5 $6 $7 $8 $9 - - ! first in memory to rightmost in register - -#ifdef OPENSSL_SYSNAME_ULTRASPARC - andcc $1, 3, global0 - bne,pn %icc, $5 - nop - - lda [$1] 0x88, $2 - add $1, 4, $4 - - ba,pt %icc, $5a - lda [$4] 0x88, $3 -#endif - -$5: - ldub [$1+3], $2 - - ldub [$1+2], $4 - sll $2, 8, $2 - or $2, $4, $2 - - ldub [$1+1], $4 - sll $2, 8, $2 - or $2, $4, $2 - - ldub [$1+0], $4 - sll $2, 8, $2 - or $2, $4, $2 - - - ldub [$1+3+4], $3 - - ldub [$1+2+4], $4 - sll $3, 8, $3 - or $3, $4, $3 - - ldub [$1+1+4], $4 - sll $3, 8, $3 - or $3, $4, $3 - - ldub [$1+0+4], $4 - sll $3, 8, $3 - or $3, $4, $3 -$5a: - -}) - - -! {load_little_endian_inc} -! -! parameter 1 address -! parameter 2 destination left -! parameter 3 destination right -! parameter 4 temporar -! parameter 4 label -! -! adds 8 to address - -define(load_little_endian_inc, { - -! {load_little_endian_inc} -! $1 $2 $3 $4 $5 $6 $7 $8 $9 - - ! first in memory to rightmost in register - -#ifdef OPENSSL_SYSNAME_ULTRASPARC - andcc $1, 3, global0 - bne,pn %icc, $5 - nop - - lda [$1] 0x88, $2 - add $1, 4, $1 - - lda [$1] 0x88, $3 - ba,pt %icc, $5a - add $1, 4, $1 -#endif - -$5: - ldub [$1+3], $2 - - ldub [$1+2], $4 - sll $2, 8, $2 - or $2, $4, $2 - - ldub [$1+1], $4 - sll $2, 8, $2 - or $2, $4, $2 - - ldub [$1+0], $4 - sll $2, 8, $2 - or $2, $4, $2 - - ldub [$1+3+4], $3 - add $1, 8, $1 - - ldub [$1+2+4-8], $4 - sll $3, 8, $3 - or $3, $4, $3 - - ldub [$1+1+4-8], $4 - sll $3, 8, $3 - or $3, $4, $3 - - ldub [$1+0+4-8], $4 - sll $3, 8, $3 - or $3, $4, $3 -$5a: - -}) - - -! {load_n_bytes} -! -! Loads 1 to 7 bytes little endian -! Remaining bytes are zeroed. -! -! parameter 1 address -! parameter 2 length -! parameter 3 destination register left -! parameter 4 destination register right -! parameter 5 temp -! parameter 6 temp2 -! parameter 7 label -! parameter 8 return label - -define(load_n_bytes, { - -! {load_n_bytes} -! $1 $2 $5 $6 $7 $8 $7 $8 $9 - -$7.0: call .+8 - sll $2, 2, $6 - - add %o7,$7.jmp.table-$7.0,$5 - - add $5, $6, $5 - mov 0, $4 - - ld [$5], $5 - - jmp %o7+$5 - mov 0, $3 - -$7.7: - ldub [$1+6], $5 - sll $5, 16, $5 - or $3, $5, $3 -$7.6: - ldub [$1+5], $5 - sll $5, 8, $5 - or $3, $5, $3 -$7.5: - ldub [$1+4], $5 - or $3, $5, $3 -$7.4: - ldub [$1+3], $5 - sll $5, 24, $5 - or $4, $5, $4 -$7.3: - ldub [$1+2], $5 - sll $5, 16, $5 - or $4, $5, $4 -$7.2: - ldub [$1+1], $5 - sll $5, 8, $5 - or $4, $5, $4 -$7.1: - ldub [$1+0], $5 - ba $8 - or $4, $5, $4 - - .align 4 - -$7.jmp.table: - .word 0 - .word $7.1-$7.0 - .word $7.2-$7.0 - .word $7.3-$7.0 - .word $7.4-$7.0 - .word $7.5-$7.0 - .word $7.6-$7.0 - .word $7.7-$7.0 -}) - - -! {store_little_endian} -! -! parameter 1 address -! parameter 2 source left -! parameter 3 source right -! parameter 4 temporar - -define(store_little_endian, { - -! {store_little_endian} -! $1 $2 $3 $4 $5 $6 $7 $8 $9 - - ! rightmost in register to first in memory - -#ifdef OPENSSL_SYSNAME_ULTRASPARC - andcc $1, 3, global0 - bne,pn %icc, $5 - nop - - sta $2, [$1] 0x88 - add $1, 4, $4 - - ba,pt %icc, $5a - sta $3, [$4] 0x88 -#endif - -$5: - and $2, 255, $4 - stub $4, [$1+0] - - srl $2, 8, $4 - and $4, 255, $4 - stub $4, [$1+1] - - srl $2, 16, $4 - and $4, 255, $4 - stub $4, [$1+2] - - srl $2, 24, $4 - stub $4, [$1+3] - - - and $3, 255, $4 - stub $4, [$1+0+4] - - srl $3, 8, $4 - and $4, 255, $4 - stub $4, [$1+1+4] - - srl $3, 16, $4 - and $4, 255, $4 - stub $4, [$1+2+4] - - srl $3, 24, $4 - stub $4, [$1+3+4] - -$5a: - -}) - - -! {store_n_bytes} -! -! Stores 1 to 7 bytes little endian -! -! parameter 1 address -! parameter 2 length -! parameter 3 source register left -! parameter 4 source register right -! parameter 5 temp -! parameter 6 temp2 -! parameter 7 label -! parameter 8 return label - -define(store_n_bytes, { - -! {store_n_bytes} -! $1 $2 $5 $6 $7 $8 $7 $8 $9 - -$7.0: call .+8 - sll $2, 2, $6 - - add %o7,$7.jmp.table-$7.0,$5 - - add $5, $6, $5 - - ld [$5], $5 - - jmp %o7+$5 - nop - -$7.7: - srl $3, 16, $5 - and $5, 0xff, $5 - stub $5, [$1+6] -$7.6: - srl $3, 8, $5 - and $5, 0xff, $5 - stub $5, [$1+5] -$7.5: - and $3, 0xff, $5 - stub $5, [$1+4] -$7.4: - srl $4, 24, $5 - stub $5, [$1+3] -$7.3: - srl $4, 16, $5 - and $5, 0xff, $5 - stub $5, [$1+2] -$7.2: - srl $4, 8, $5 - and $5, 0xff, $5 - stub $5, [$1+1] -$7.1: - and $4, 0xff, $5 - - - ba $8 - stub $5, [$1] - - .align 4 - -$7.jmp.table: - - .word 0 - .word $7.1-$7.0 - .word $7.2-$7.0 - .word $7.3-$7.0 - .word $7.4-$7.0 - .word $7.5-$7.0 - .word $7.6-$7.0 - .word $7.7-$7.0 -}) - - -define(testvalue,{1}) - -define(register_init, { - -! For test purposes: - - sethi %hi(testvalue), local0 - or local0, %lo(testvalue), local0 - - ifelse($1,{},{}, {mov local0, $1}) - ifelse($2,{},{}, {mov local0, $2}) - ifelse($3,{},{}, {mov local0, $3}) - ifelse($4,{},{}, {mov local0, $4}) - ifelse($5,{},{}, {mov local0, $5}) - ifelse($6,{},{}, {mov local0, $6}) - ifelse($7,{},{}, {mov local0, $7}) - ifelse($8,{},{}, {mov local0, $8}) - - mov local0, local1 - mov local0, local2 - mov local0, local3 - mov local0, local4 - mov local0, local5 - mov local0, local7 - mov local0, local6 - mov local0, out0 - mov local0, out1 - mov local0, out2 - mov local0, out3 - mov local0, out4 - mov local0, out5 - mov local0, global1 - mov local0, global2 - mov local0, global3 - mov local0, global4 - mov local0, global5 - -}) - -.section ".text" - - .align 32 - -.des_enc: - - ! key address in3 - ! loads key next encryption/decryption first round from [in4] - - rounds_macro(in5, out5, 1, .des_enc.1, in3, in4, retl) - - - .align 32 - -.des_dec: - - ! implemented with out5 as first parameter to avoid - ! register exchange in ede modes - - ! key address in4 - ! loads key next encryption/decryption first round from [in3] - - rounds_macro(out5, in5, -1, .des_dec.1, in4, in3, retl) - - - -! void DES_encrypt1(data, ks, enc) -! ******************************* - - .align 32 - .global DES_encrypt1 - .type DES_encrypt1,#function - -DES_encrypt1: - - save %sp, FRAME, %sp - - sethi %hi(.PIC.DES_SPtrans-1f),global1 - or global1,%lo(.PIC.DES_SPtrans-1f),global1 -1: call .+8 - add %o7,global1,global1 - sub global1,.PIC.DES_SPtrans-.des_and,out2 - - ld [in0], in5 ! left - cmp in2, 0 ! enc - -#ifdef OPENSSL_SYSNAME_ULTRASPARC - be,pn %icc, .encrypt.dec ! enc/dec -#else - be .encrypt.dec -#endif - ld [in0+4], out5 ! right - - ! parameter 6 1/2 for include encryption/decryption - ! parameter 7 1 for move in1 to in3 - ! parameter 8 1 for move in3 to in4, 2 for move in4 to in3 - - ip_macro(in5, out5, in5, out5, in3, 0, 1, 1) - - rounds_macro(in5, out5, 1, .des_encrypt1.1, in3, in4) ! in4 not used - - fp_macro(in5, out5, 1) ! 1 for store to [in0] - - ret - restore - -.encrypt.dec: - - add in1, 120, in3 ! use last subkey for first round - - ! parameter 6 1/2 for include encryption/decryption - ! parameter 7 1 for move in1 to in3 - ! parameter 8 1 for move in3 to in4, 2 for move in4 to in3 - - ip_macro(in5, out5, out5, in5, in4, 2, 0, 1) ! include dec, ks in4 - - fp_macro(out5, in5, 1) ! 1 for store to [in0] - - ret - restore - -.DES_encrypt1.end: - .size DES_encrypt1,.DES_encrypt1.end-DES_encrypt1 - - -! void DES_encrypt2(data, ks, enc) -!********************************* - - ! encrypts/decrypts without initial/final permutation - - .align 32 - .global DES_encrypt2 - .type DES_encrypt2,#function - -DES_encrypt2: - - save %sp, FRAME, %sp - - sethi %hi(.PIC.DES_SPtrans-1f),global1 - or global1,%lo(.PIC.DES_SPtrans-1f),global1 -1: call .+8 - add %o7,global1,global1 - sub global1,.PIC.DES_SPtrans-.des_and,out2 - - ! Set sbox address 1 to 6 and rotate halfs 3 left - ! Errors caught by destest? Yes. Still? *NO* - - !sethi %hi(DES_SPtrans), global1 ! address sbox 1 - - !or global1, %lo(DES_SPtrans), global1 ! sbox 1 - - add global1, 256, global2 ! sbox 2 - add global1, 512, global3 ! sbox 3 - - ld [in0], out5 ! right - add global1, 768, global4 ! sbox 4 - add global1, 1024, global5 ! sbox 5 - - ld [in0+4], in5 ! left - add global1, 1280, local6 ! sbox 6 - add global1, 1792, out3 ! sbox 8 - - ! rotate - - sll in5, 3, local5 - mov in1, in3 ! key address to in3 - - sll out5, 3, local7 - srl in5, 29, in5 - - srl out5, 29, out5 - add in5, local5, in5 - - add out5, local7, out5 - cmp in2, 0 - - ! we use our own stackframe - -#ifdef OPENSSL_SYSNAME_ULTRASPARC - be,pn %icc, .encrypt2.dec ! decryption -#else - be .encrypt2.dec -#endif - STPTR in0, [%sp+BIAS+ARG0+0*ARGSZ] - - ld [in3], out0 ! key 7531 first round - mov LOOPS, out4 ! loop counter - - ld [in3+4], out1 ! key 8642 first round - sethi %hi(0x0000FC00), local5 - - call .des_enc - mov in3, in4 - - ! rotate - sll in5, 29, in0 - srl in5, 3, in5 - sll out5, 29, in1 - add in5, in0, in5 - srl out5, 3, out5 - LDPTR [%sp+BIAS+ARG0+0*ARGSZ], in0 - add out5, in1, out5 - st in5, [in0] - st out5, [in0+4] - - ret - restore - - -.encrypt2.dec: - - add in3, 120, in4 - - ld [in4], out0 ! key 7531 first round - mov LOOPS, out4 ! loop counter - - ld [in4+4], out1 ! key 8642 first round - sethi %hi(0x0000FC00), local5 - - mov in5, local1 ! left expected in out5 - mov out5, in5 - - call .des_dec - mov local1, out5 - -.encrypt2.finish: - - ! rotate - sll in5, 29, in0 - srl in5, 3, in5 - sll out5, 29, in1 - add in5, in0, in5 - srl out5, 3, out5 - LDPTR [%sp+BIAS+ARG0+0*ARGSZ], in0 - add out5, in1, out5 - st out5, [in0] - st in5, [in0+4] - - ret - restore - -.DES_encrypt2.end: - .size DES_encrypt2, .DES_encrypt2.end-DES_encrypt2 - - -! void DES_encrypt3(data, ks1, ks2, ks3) -! ************************************** - - .align 32 - .global DES_encrypt3 - .type DES_encrypt3,#function - -DES_encrypt3: - - save %sp, FRAME, %sp - - sethi %hi(.PIC.DES_SPtrans-1f),global1 - or global1,%lo(.PIC.DES_SPtrans-1f),global1 -1: call .+8 - add %o7,global1,global1 - sub global1,.PIC.DES_SPtrans-.des_and,out2 - - ld [in0], in5 ! left - add in2, 120, in4 ! ks2 - - ld [in0+4], out5 ! right - mov in3, in2 ! save ks3 - - ! parameter 6 1/2 for include encryption/decryption - ! parameter 7 1 for mov in1 to in3 - ! parameter 8 1 for mov in3 to in4 - ! parameter 9 1 for load ks3 and ks2 to in4 and in3 - - ip_macro(in5, out5, in5, out5, in3, 1, 1, 0, 0) - - call .des_dec - mov in2, in3 ! preload ks3 - - call .des_enc - nop - - fp_macro(in5, out5, 1) - - ret - restore - -.DES_encrypt3.end: - .size DES_encrypt3,.DES_encrypt3.end-DES_encrypt3 - - -! void DES_decrypt3(data, ks1, ks2, ks3) -! ************************************** - - .align 32 - .global DES_decrypt3 - .type DES_decrypt3,#function - -DES_decrypt3: - - save %sp, FRAME, %sp - - sethi %hi(.PIC.DES_SPtrans-1f),global1 - or global1,%lo(.PIC.DES_SPtrans-1f),global1 -1: call .+8 - add %o7,global1,global1 - sub global1,.PIC.DES_SPtrans-.des_and,out2 - - ld [in0], in5 ! left - add in3, 120, in4 ! ks3 - - ld [in0+4], out5 ! right - mov in2, in3 ! ks2 - - ! parameter 6 1/2 for include encryption/decryption - ! parameter 7 1 for mov in1 to in3 - ! parameter 8 1 for mov in3 to in4 - ! parameter 9 1 for load ks3 and ks2 to in4 and in3 - - ip_macro(in5, out5, out5, in5, in4, 2, 0, 0, 0) - - call .des_enc - add in1, 120, in4 ! preload ks1 - - call .des_dec - nop - - fp_macro(out5, in5, 1) - - ret - restore - -.DES_decrypt3.end: - .size DES_decrypt3,.DES_decrypt3.end-DES_decrypt3 - -! void DES_ncbc_encrypt(input, output, length, schedule, ivec, enc) -! ***************************************************************** - - - .align 32 - .global DES_ncbc_encrypt - .type DES_ncbc_encrypt,#function - -DES_ncbc_encrypt: - - save %sp, FRAME, %sp - - define({INPUT}, { [%sp+BIAS+ARG0+0*ARGSZ] }) - define({OUTPUT}, { [%sp+BIAS+ARG0+1*ARGSZ] }) - define({IVEC}, { [%sp+BIAS+ARG0+4*ARGSZ] }) - - sethi %hi(.PIC.DES_SPtrans-1f),global1 - or global1,%lo(.PIC.DES_SPtrans-1f),global1 -1: call .+8 - add %o7,global1,global1 - sub global1,.PIC.DES_SPtrans-.des_and,out2 - - cmp in5, 0 ! enc - -#ifdef OPENSSL_SYSNAME_ULTRASPARC - be,pn %icc, .ncbc.dec -#else - be .ncbc.dec -#endif - STPTR in4, IVEC - - ! addr left right temp label - load_little_endian(in4, in5, out5, local3, .LLE1) ! iv - - addcc in2, -8, in2 ! bytes missing when first block done - -#ifdef OPENSSL_SYSNAME_ULTRASPARC - bl,pn %icc, .ncbc.enc.seven.or.less -#else - bl .ncbc.enc.seven.or.less -#endif - mov in3, in4 ! schedule - -.ncbc.enc.next.block: - - load_little_endian(in0, out4, global4, local3, .LLE2) ! block - -.ncbc.enc.next.block_1: - - xor in5, out4, in5 ! iv xor - xor out5, global4, out5 ! iv xor - - ! parameter 8 1 for move in3 to in4, 2 for move in4 to in3 - ip_macro(in5, out5, in5, out5, in3, 0, 0, 2) - -.ncbc.enc.next.block_2: - -!// call .des_enc ! compares in2 to 8 -! rounds inlined for alignment purposes - - add global1, 768, global4 ! address sbox 4 since register used below - - rounds_macro(in5, out5, 1, .ncbc.enc.1, in3, in4) ! include encryption ks in3 - -#ifdef OPENSSL_SYSNAME_ULTRASPARC - bl,pn %icc, .ncbc.enc.next.block_fp -#else - bl .ncbc.enc.next.block_fp -#endif - add in0, 8, in0 ! input address - - ! If 8 or more bytes are to be encrypted after this block, - ! we combine final permutation for this block with initial - ! permutation for next block. Load next block: - - load_little_endian(in0, global3, global4, local5, .LLE12) - - ! parameter 1 original left - ! parameter 2 original right - ! parameter 3 left ip - ! parameter 4 right ip - ! parameter 5 1: load ks1/ks2 to in3/in4, add 120 to in4 - ! 2: mov in4 to in3 - ! - ! also adds -8 to length in2 and loads loop counter to out4 - - fp_ip_macro(out0, out1, global3, global4, 2) - - store_little_endian(in1, out0, out1, local3, .SLE10) ! block - - ld [in3], out0 ! key 7531 first round next block - mov in5, local1 - xor global3, out5, in5 ! iv xor next block - - ld [in3+4], out1 ! key 8642 - add global1, 512, global3 ! address sbox 3 since register used - xor global4, local1, out5 ! iv xor next block - - ba .ncbc.enc.next.block_2 - add in1, 8, in1 ! output address - -.ncbc.enc.next.block_fp: - - fp_macro(in5, out5) - - store_little_endian(in1, in5, out5, local3, .SLE1) ! block - - addcc in2, -8, in2 ! bytes missing when next block done - -#ifdef OPENSSL_SYSNAME_ULTRASPARC - bpos,pt %icc, .ncbc.enc.next.block ! also jumps if 0 -#else - bpos .ncbc.enc.next.block -#endif - add in1, 8, in1 - -.ncbc.enc.seven.or.less: - - cmp in2, -8 - -#ifdef OPENSSL_SYSNAME_ULTRASPARC - ble,pt %icc, .ncbc.enc.finish -#else - ble .ncbc.enc.finish -#endif - nop - - add in2, 8, local1 ! bytes to load - - ! addr, length, dest left, dest right, temp, temp2, label, ret label - load_n_bytes(in0, local1, global4, out4, local2, local3, .LNB1, .ncbc.enc.next.block_1) - - ! Loads 1 to 7 bytes little endian to global4, out4 - - -.ncbc.enc.finish: - - LDPTR IVEC, local4 - store_little_endian(local4, in5, out5, local5, .SLE2) ! ivec - - ret - restore - - -.ncbc.dec: - - STPTR in0, INPUT - cmp in2, 0 ! length - add in3, 120, in3 - - LDPTR IVEC, local7 ! ivec -#ifdef OPENSSL_SYSNAME_ULTRASPARC - ble,pn %icc, .ncbc.dec.finish -#else - ble .ncbc.dec.finish -#endif - mov in3, in4 ! schedule - - STPTR in1, OUTPUT - mov in0, local5 ! input - - load_little_endian(local7, in0, in1, local3, .LLE3) ! ivec - -.ncbc.dec.next.block: - - load_little_endian(local5, in5, out5, local3, .LLE4) ! block - - ! parameter 6 1/2 for include encryption/decryption - ! parameter 7 1 for mov in1 to in3 - ! parameter 8 1 for mov in3 to in4 - - ip_macro(in5, out5, out5, in5, in4, 2, 0, 1) ! include decryprion ks in4 - - fp_macro(out5, in5, 0, 1) ! 1 for input and output address to local5/7 - - ! in2 is bytes left to be stored - ! in2 is compared to 8 in the rounds - - xor out5, in0, out4 ! iv xor -#ifdef OPENSSL_SYSNAME_ULTRASPARC - bl,pn %icc, .ncbc.dec.seven.or.less -#else - bl .ncbc.dec.seven.or.less -#endif - xor in5, in1, global4 ! iv xor - - ! Load ivec next block now, since input and output address might be the same. - - load_little_endian_inc(local5, in0, in1, local3, .LLE5) ! iv - - store_little_endian(local7, out4, global4, local3, .SLE3) - - STPTR local5, INPUT - add local7, 8, local7 - addcc in2, -8, in2 - -#ifdef OPENSSL_SYSNAME_ULTRASPARC - bg,pt %icc, .ncbc.dec.next.block -#else - bg .ncbc.dec.next.block -#endif - STPTR local7, OUTPUT - - -.ncbc.dec.store.iv: - - LDPTR IVEC, local4 ! ivec - store_little_endian(local4, in0, in1, local5, .SLE4) - -.ncbc.dec.finish: - - ret - restore - -.ncbc.dec.seven.or.less: - - load_little_endian_inc(local5, in0, in1, local3, .LLE13) ! ivec - - store_n_bytes(local7, in2, global4, out4, local3, local4, .SNB1, .ncbc.dec.store.iv) - - -.DES_ncbc_encrypt.end: - .size DES_ncbc_encrypt, .DES_ncbc_encrypt.end-DES_ncbc_encrypt - - -! void DES_ede3_cbc_encrypt(input, output, length, ks1, ks2, ks3, ivec, enc) -! ************************************************************************** - - - .align 32 - .global DES_ede3_cbc_encrypt - .type DES_ede3_cbc_encrypt,#function - -DES_ede3_cbc_encrypt: - - save %sp, FRAME, %sp - - define({KS1}, { [%sp+BIAS+ARG0+3*ARGSZ] }) - define({KS2}, { [%sp+BIAS+ARG0+4*ARGSZ] }) - define({KS3}, { [%sp+BIAS+ARG0+5*ARGSZ] }) - - sethi %hi(.PIC.DES_SPtrans-1f),global1 - or global1,%lo(.PIC.DES_SPtrans-1f),global1 -1: call .+8 - add %o7,global1,global1 - sub global1,.PIC.DES_SPtrans-.des_and,out2 - - LDPTR [%fp+BIAS+ARG0+7*ARGSZ], local3 ! enc - LDPTR [%fp+BIAS+ARG0+6*ARGSZ], local4 ! ivec - cmp local3, 0 ! enc - -#ifdef OPENSSL_SYSNAME_ULTRASPARC - be,pn %icc, .ede3.dec -#else - be .ede3.dec -#endif - STPTR in4, KS2 - - STPTR in5, KS3 - - load_little_endian(local4, in5, out5, local3, .LLE6) ! ivec - - addcc in2, -8, in2 ! bytes missing after next block - -#ifdef OPENSSL_SYSNAME_ULTRASPARC - bl,pn %icc, .ede3.enc.seven.or.less -#else - bl .ede3.enc.seven.or.less -#endif - STPTR in3, KS1 - -.ede3.enc.next.block: - - load_little_endian(in0, out4, global4, local3, .LLE7) - -.ede3.enc.next.block_1: - - LDPTR KS2, in4 - xor in5, out4, in5 ! iv xor - xor out5, global4, out5 ! iv xor - - LDPTR KS1, in3 - add in4, 120, in4 ! for decryption we use last subkey first - nop - - ip_macro(in5, out5, in5, out5, in3) - -.ede3.enc.next.block_2: - - call .des_enc ! ks1 in3 - nop - - call .des_dec ! ks2 in4 - LDPTR KS3, in3 - - call .des_enc ! ks3 in3 compares in2 to 8 - nop - -#ifdef OPENSSL_SYSNAME_ULTRASPARC - bl,pn %icc, .ede3.enc.next.block_fp -#else - bl .ede3.enc.next.block_fp -#endif - add in0, 8, in0 - - ! If 8 or more bytes are to be encrypted after this block, - ! we combine final permutation for this block with initial - ! permutation for next block. Load next block: - - load_little_endian(in0, global3, global4, local5, .LLE11) - - ! parameter 1 original left - ! parameter 2 original right - ! parameter 3 left ip - ! parameter 4 right ip - ! parameter 5 1: load ks1/ks2 to in3/in4, add 120 to in4 - ! 2: mov in4 to in3 - ! - ! also adds -8 to length in2 and loads loop counter to out4 - - fp_ip_macro(out0, out1, global3, global4, 1) - - store_little_endian(in1, out0, out1, local3, .SLE9) ! block - - mov in5, local1 - xor global3, out5, in5 ! iv xor next block - - ld [in3], out0 ! key 7531 - add global1, 512, global3 ! address sbox 3 - xor global4, local1, out5 ! iv xor next block - - ld [in3+4], out1 ! key 8642 - add global1, 768, global4 ! address sbox 4 - ba .ede3.enc.next.block_2 - add in1, 8, in1 - -.ede3.enc.next.block_fp: - - fp_macro(in5, out5) - - store_little_endian(in1, in5, out5, local3, .SLE5) ! block - - addcc in2, -8, in2 ! bytes missing when next block done - -#ifdef OPENSSL_SYSNAME_ULTRASPARC - bpos,pt %icc, .ede3.enc.next.block -#else - bpos .ede3.enc.next.block -#endif - add in1, 8, in1 - -.ede3.enc.seven.or.less: - - cmp in2, -8 - -#ifdef OPENSSL_SYSNAME_ULTRASPARC - ble,pt %icc, .ede3.enc.finish -#else - ble .ede3.enc.finish -#endif - nop - - add in2, 8, local1 ! bytes to load - - ! addr, length, dest left, dest right, temp, temp2, label, ret label - load_n_bytes(in0, local1, global4, out4, local2, local3, .LNB2, .ede3.enc.next.block_1) - -.ede3.enc.finish: - - LDPTR [%fp+BIAS+ARG0+6*ARGSZ], local4 ! ivec - store_little_endian(local4, in5, out5, local5, .SLE6) ! ivec - - ret - restore - -.ede3.dec: - - STPTR in0, INPUT - add in5, 120, in5 - - STPTR in1, OUTPUT - mov in0, local5 - add in3, 120, in3 - - STPTR in3, KS1 - cmp in2, 0 - -#ifdef OPENSSL_SYSNAME_ULTRASPARC - ble %icc, .ede3.dec.finish -#else - ble .ede3.dec.finish -#endif - STPTR in5, KS3 - - LDPTR [%fp+BIAS+ARG0+6*ARGSZ], local7 ! iv - load_little_endian(local7, in0, in1, local3, .LLE8) - -.ede3.dec.next.block: - - load_little_endian(local5, in5, out5, local3, .LLE9) - - ! parameter 6 1/2 for include encryption/decryption - ! parameter 7 1 for mov in1 to in3 - ! parameter 8 1 for mov in3 to in4 - ! parameter 9 1 for load ks3 and ks2 to in4 and in3 - - ip_macro(in5, out5, out5, in5, in4, 2, 0, 0, 1) ! inc .des_dec ks3 in4 - - call .des_enc ! ks2 in3 - LDPTR KS1, in4 - - call .des_dec ! ks1 in4 - nop - - fp_macro(out5, in5, 0, 1) ! 1 for input and output address local5/7 - - ! in2 is bytes left to be stored - ! in2 is compared to 8 in the rounds - - xor out5, in0, out4 -#ifdef OPENSSL_SYSNAME_ULTRASPARC - bl,pn %icc, .ede3.dec.seven.or.less -#else - bl .ede3.dec.seven.or.less -#endif - xor in5, in1, global4 - - load_little_endian_inc(local5, in0, in1, local3, .LLE10) ! iv next block - - store_little_endian(local7, out4, global4, local3, .SLE7) ! block - - STPTR local5, INPUT - addcc in2, -8, in2 - add local7, 8, local7 - -#ifdef OPENSSL_SYSNAME_ULTRASPARC - bg,pt %icc, .ede3.dec.next.block -#else - bg .ede3.dec.next.block -#endif - STPTR local7, OUTPUT - -.ede3.dec.store.iv: - - LDPTR [%fp+BIAS+ARG0+6*ARGSZ], local4 ! ivec - store_little_endian(local4, in0, in1, local5, .SLE8) ! ivec - -.ede3.dec.finish: - - ret - restore - -.ede3.dec.seven.or.less: - - load_little_endian_inc(local5, in0, in1, local3, .LLE14) ! iv - - store_n_bytes(local7, in2, global4, out4, local3, local4, .SNB2, .ede3.dec.store.iv) - - -.DES_ede3_cbc_encrypt.end: - .size DES_ede3_cbc_encrypt,.DES_ede3_cbc_encrypt.end-DES_ede3_cbc_encrypt - - .align 256 - .type .des_and,#object - .size .des_and,284 - -.des_and: - -! This table is used for AND 0xFC when it is known that register -! bits 8-31 are zero. Makes it possible to do three arithmetic -! operations in one cycle. - - .byte 0, 0, 0, 0, 4, 4, 4, 4 - .byte 8, 8, 8, 8, 12, 12, 12, 12 - .byte 16, 16, 16, 16, 20, 20, 20, 20 - .byte 24, 24, 24, 24, 28, 28, 28, 28 - .byte 32, 32, 32, 32, 36, 36, 36, 36 - .byte 40, 40, 40, 40, 44, 44, 44, 44 - .byte 48, 48, 48, 48, 52, 52, 52, 52 - .byte 56, 56, 56, 56, 60, 60, 60, 60 - .byte 64, 64, 64, 64, 68, 68, 68, 68 - .byte 72, 72, 72, 72, 76, 76, 76, 76 - .byte 80, 80, 80, 80, 84, 84, 84, 84 - .byte 88, 88, 88, 88, 92, 92, 92, 92 - .byte 96, 96, 96, 96, 100, 100, 100, 100 - .byte 104, 104, 104, 104, 108, 108, 108, 108 - .byte 112, 112, 112, 112, 116, 116, 116, 116 - .byte 120, 120, 120, 120, 124, 124, 124, 124 - .byte 128, 128, 128, 128, 132, 132, 132, 132 - .byte 136, 136, 136, 136, 140, 140, 140, 140 - .byte 144, 144, 144, 144, 148, 148, 148, 148 - .byte 152, 152, 152, 152, 156, 156, 156, 156 - .byte 160, 160, 160, 160, 164, 164, 164, 164 - .byte 168, 168, 168, 168, 172, 172, 172, 172 - .byte 176, 176, 176, 176, 180, 180, 180, 180 - .byte 184, 184, 184, 184, 188, 188, 188, 188 - .byte 192, 192, 192, 192, 196, 196, 196, 196 - .byte 200, 200, 200, 200, 204, 204, 204, 204 - .byte 208, 208, 208, 208, 212, 212, 212, 212 - .byte 216, 216, 216, 216, 220, 220, 220, 220 - .byte 224, 224, 224, 224, 228, 228, 228, 228 - .byte 232, 232, 232, 232, 236, 236, 236, 236 - .byte 240, 240, 240, 240, 244, 244, 244, 244 - .byte 248, 248, 248, 248, 252, 252, 252, 252 - - ! 5 numbers for initil/final permutation - - .word 0x0f0f0f0f ! offset 256 - .word 0x0000ffff ! 260 - .word 0x33333333 ! 264 - .word 0x00ff00ff ! 268 - .word 0x55555555 ! 272 - - .word 0 ! 276 - .word LOOPS ! 280 - .word 0x0000FC00 ! 284 - - .global DES_SPtrans - .type DES_SPtrans,#object - .size DES_SPtrans,2048 -.align 64 -DES_SPtrans: -.PIC.DES_SPtrans: - ! nibble 0 - .word 0x02080800, 0x00080000, 0x02000002, 0x02080802 - .word 0x02000000, 0x00080802, 0x00080002, 0x02000002 - .word 0x00080802, 0x02080800, 0x02080000, 0x00000802 - .word 0x02000802, 0x02000000, 0x00000000, 0x00080002 - .word 0x00080000, 0x00000002, 0x02000800, 0x00080800 - .word 0x02080802, 0x02080000, 0x00000802, 0x02000800 - .word 0x00000002, 0x00000800, 0x00080800, 0x02080002 - .word 0x00000800, 0x02000802, 0x02080002, 0x00000000 - .word 0x00000000, 0x02080802, 0x02000800, 0x00080002 - .word 0x02080800, 0x00080000, 0x00000802, 0x02000800 - .word 0x02080002, 0x00000800, 0x00080800, 0x02000002 - .word 0x00080802, 0x00000002, 0x02000002, 0x02080000 - .word 0x02080802, 0x00080800, 0x02080000, 0x02000802 - .word 0x02000000, 0x00000802, 0x00080002, 0x00000000 - .word 0x00080000, 0x02000000, 0x02000802, 0x02080800 - .word 0x00000002, 0x02080002, 0x00000800, 0x00080802 - ! nibble 1 - .word 0x40108010, 0x00000000, 0x00108000, 0x40100000 - .word 0x40000010, 0x00008010, 0x40008000, 0x00108000 - .word 0x00008000, 0x40100010, 0x00000010, 0x40008000 - .word 0x00100010, 0x40108000, 0x40100000, 0x00000010 - .word 0x00100000, 0x40008010, 0x40100010, 0x00008000 - .word 0x00108010, 0x40000000, 0x00000000, 0x00100010 - .word 0x40008010, 0x00108010, 0x40108000, 0x40000010 - .word 0x40000000, 0x00100000, 0x00008010, 0x40108010 - .word 0x00100010, 0x40108000, 0x40008000, 0x00108010 - .word 0x40108010, 0x00100010, 0x40000010, 0x00000000 - .word 0x40000000, 0x00008010, 0x00100000, 0x40100010 - .word 0x00008000, 0x40000000, 0x00108010, 0x40008010 - .word 0x40108000, 0x00008000, 0x00000000, 0x40000010 - .word 0x00000010, 0x40108010, 0x00108000, 0x40100000 - .word 0x40100010, 0x00100000, 0x00008010, 0x40008000 - .word 0x40008010, 0x00000010, 0x40100000, 0x00108000 - ! nibble 2 - .word 0x04000001, 0x04040100, 0x00000100, 0x04000101 - .word 0x00040001, 0x04000000, 0x04000101, 0x00040100 - .word 0x04000100, 0x00040000, 0x04040000, 0x00000001 - .word 0x04040101, 0x00000101, 0x00000001, 0x04040001 - .word 0x00000000, 0x00040001, 0x04040100, 0x00000100 - .word 0x00000101, 0x04040101, 0x00040000, 0x04000001 - .word 0x04040001, 0x04000100, 0x00040101, 0x04040000 - .word 0x00040100, 0x00000000, 0x04000000, 0x00040101 - .word 0x04040100, 0x00000100, 0x00000001, 0x00040000 - .word 0x00000101, 0x00040001, 0x04040000, 0x04000101 - .word 0x00000000, 0x04040100, 0x00040100, 0x04040001 - .word 0x00040001, 0x04000000, 0x04040101, 0x00000001 - .word 0x00040101, 0x04000001, 0x04000000, 0x04040101 - .word 0x00040000, 0x04000100, 0x04000101, 0x00040100 - .word 0x04000100, 0x00000000, 0x04040001, 0x00000101 - .word 0x04000001, 0x00040101, 0x00000100, 0x04040000 - ! nibble 3 - .word 0x00401008, 0x10001000, 0x00000008, 0x10401008 - .word 0x00000000, 0x10400000, 0x10001008, 0x00400008 - .word 0x10401000, 0x10000008, 0x10000000, 0x00001008 - .word 0x10000008, 0x00401008, 0x00400000, 0x10000000 - .word 0x10400008, 0x00401000, 0x00001000, 0x00000008 - .word 0x00401000, 0x10001008, 0x10400000, 0x00001000 - .word 0x00001008, 0x00000000, 0x00400008, 0x10401000 - .word 0x10001000, 0x10400008, 0x10401008, 0x00400000 - .word 0x10400008, 0x00001008, 0x00400000, 0x10000008 - .word 0x00401000, 0x10001000, 0x00000008, 0x10400000 - .word 0x10001008, 0x00000000, 0x00001000, 0x00400008 - .word 0x00000000, 0x10400008, 0x10401000, 0x00001000 - .word 0x10000000, 0x10401008, 0x00401008, 0x00400000 - .word 0x10401008, 0x00000008, 0x10001000, 0x00401008 - .word 0x00400008, 0x00401000, 0x10400000, 0x10001008 - .word 0x00001008, 0x10000000, 0x10000008, 0x10401000 - ! nibble 4 - .word 0x08000000, 0x00010000, 0x00000400, 0x08010420 - .word 0x08010020, 0x08000400, 0x00010420, 0x08010000 - .word 0x00010000, 0x00000020, 0x08000020, 0x00010400 - .word 0x08000420, 0x08010020, 0x08010400, 0x00000000 - .word 0x00010400, 0x08000000, 0x00010020, 0x00000420 - .word 0x08000400, 0x00010420, 0x00000000, 0x08000020 - .word 0x00000020, 0x08000420, 0x08010420, 0x00010020 - .word 0x08010000, 0x00000400, 0x00000420, 0x08010400 - .word 0x08010400, 0x08000420, 0x00010020, 0x08010000 - .word 0x00010000, 0x00000020, 0x08000020, 0x08000400 - .word 0x08000000, 0x00010400, 0x08010420, 0x00000000 - .word 0x00010420, 0x08000000, 0x00000400, 0x00010020 - .word 0x08000420, 0x00000400, 0x00000000, 0x08010420 - .word 0x08010020, 0x08010400, 0x00000420, 0x00010000 - .word 0x00010400, 0x08010020, 0x08000400, 0x00000420 - .word 0x00000020, 0x00010420, 0x08010000, 0x08000020 - ! nibble 5 - .word 0x80000040, 0x00200040, 0x00000000, 0x80202000 - .word 0x00200040, 0x00002000, 0x80002040, 0x00200000 - .word 0x00002040, 0x80202040, 0x00202000, 0x80000000 - .word 0x80002000, 0x80000040, 0x80200000, 0x00202040 - .word 0x00200000, 0x80002040, 0x80200040, 0x00000000 - .word 0x00002000, 0x00000040, 0x80202000, 0x80200040 - .word 0x80202040, 0x80200000, 0x80000000, 0x00002040 - .word 0x00000040, 0x00202000, 0x00202040, 0x80002000 - .word 0x00002040, 0x80000000, 0x80002000, 0x00202040 - .word 0x80202000, 0x00200040, 0x00000000, 0x80002000 - .word 0x80000000, 0x00002000, 0x80200040, 0x00200000 - .word 0x00200040, 0x80202040, 0x00202000, 0x00000040 - .word 0x80202040, 0x00202000, 0x00200000, 0x80002040 - .word 0x80000040, 0x80200000, 0x00202040, 0x00000000 - .word 0x00002000, 0x80000040, 0x80002040, 0x80202000 - .word 0x80200000, 0x00002040, 0x00000040, 0x80200040 - ! nibble 6 - .word 0x00004000, 0x00000200, 0x01000200, 0x01000004 - .word 0x01004204, 0x00004004, 0x00004200, 0x00000000 - .word 0x01000000, 0x01000204, 0x00000204, 0x01004000 - .word 0x00000004, 0x01004200, 0x01004000, 0x00000204 - .word 0x01000204, 0x00004000, 0x00004004, 0x01004204 - .word 0x00000000, 0x01000200, 0x01000004, 0x00004200 - .word 0x01004004, 0x00004204, 0x01004200, 0x00000004 - .word 0x00004204, 0x01004004, 0x00000200, 0x01000000 - .word 0x00004204, 0x01004000, 0x01004004, 0x00000204 - .word 0x00004000, 0x00000200, 0x01000000, 0x01004004 - .word 0x01000204, 0x00004204, 0x00004200, 0x00000000 - .word 0x00000200, 0x01000004, 0x00000004, 0x01000200 - .word 0x00000000, 0x01000204, 0x01000200, 0x00004200 - .word 0x00000204, 0x00004000, 0x01004204, 0x01000000 - .word 0x01004200, 0x00000004, 0x00004004, 0x01004204 - .word 0x01000004, 0x01004200, 0x01004000, 0x00004004 - ! nibble 7 - .word 0x20800080, 0x20820000, 0x00020080, 0x00000000 - .word 0x20020000, 0x00800080, 0x20800000, 0x20820080 - .word 0x00000080, 0x20000000, 0x00820000, 0x00020080 - .word 0x00820080, 0x20020080, 0x20000080, 0x20800000 - .word 0x00020000, 0x00820080, 0x00800080, 0x20020000 - .word 0x20820080, 0x20000080, 0x00000000, 0x00820000 - .word 0x20000000, 0x00800000, 0x20020080, 0x20800080 - .word 0x00800000, 0x00020000, 0x20820000, 0x00000080 - .word 0x00800000, 0x00020000, 0x20000080, 0x20820080 - .word 0x00020080, 0x20000000, 0x00000000, 0x00820000 - .word 0x20800080, 0x20020080, 0x20020000, 0x00800080 - .word 0x20820000, 0x00000080, 0x00800080, 0x20020000 - .word 0x20820080, 0x00800000, 0x20800000, 0x20000080 - .word 0x00820000, 0x00020080, 0x20020080, 0x20800000 - .word 0x00000080, 0x20820000, 0x00820080, 0x00000000 - .word 0x20000000, 0x20800080, 0x00020000, 0x00820080 - diff --git a/lib/libcrypto/des/asm/desboth.pl b/lib/libcrypto/des/asm/desboth.pl deleted file mode 100644 index 7cfe3a7c0..000000000 --- a/lib/libcrypto/des/asm/desboth.pl +++ /dev/null @@ -1,79 +0,0 @@ -#!/usr/local/bin/perl - -$L="edi"; -$R="esi"; - -sub DES_encrypt3 - { - local($name,$enc)=@_; - - &function_begin_B($name,""); - &push("ebx"); - &mov("ebx",&wparam(0)); - - &push("ebp"); - &push("esi"); - - &push("edi"); - - &comment(""); - &comment("Load the data words"); - &mov($L,&DWP(0,"ebx","",0)); - &mov($R,&DWP(4,"ebx","",0)); - &stack_push(3); - - &comment(""); - &comment("IP"); - &IP_new($L,$R,"edx",0); - - # put them back - - if ($enc) - { - &mov(&DWP(4,"ebx","",0),$R); - &mov("eax",&wparam(1)); - &mov(&DWP(0,"ebx","",0),"edx"); - &mov("edi",&wparam(2)); - &mov("esi",&wparam(3)); - } - else - { - &mov(&DWP(4,"ebx","",0),$R); - &mov("esi",&wparam(1)); - &mov(&DWP(0,"ebx","",0),"edx"); - &mov("edi",&wparam(2)); - &mov("eax",&wparam(3)); - } - &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); - &mov(&swtmp(1), "eax"); - &mov(&swtmp(0), "ebx"); - &call("DES_encrypt2"); - &mov(&swtmp(2), (DWC(($enc)?"0":"1"))); - &mov(&swtmp(1), "edi"); - &mov(&swtmp(0), "ebx"); - &call("DES_encrypt2"); - &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); - &mov(&swtmp(1), "esi"); - &mov(&swtmp(0), "ebx"); - &call("DES_encrypt2"); - - &stack_pop(3); - &mov($L,&DWP(0,"ebx","",0)); - &mov($R,&DWP(4,"ebx","",0)); - - &comment(""); - &comment("FP"); - &FP_new($L,$R,"eax",0); - - &mov(&DWP(0,"ebx","",0),"eax"); - &mov(&DWP(4,"ebx","",0),$R); - - &pop("edi"); - &pop("esi"); - &pop("ebp"); - &pop("ebx"); - &ret(); - &function_end_B($name); - } - - diff --git a/lib/libcrypto/ec/ecx_methods.c b/lib/libcrypto/ec/ecx_methods.c index cd512a447..ab299a8d6 100644 --- a/lib/libcrypto/ec/ecx_methods.c +++ b/lib/libcrypto/ec/ecx_methods.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecx_methods.c,v 1.11 2024/01/04 17:01:26 tb Exp $ */ +/* $OpenBSD: ecx_methods.c,v 1.12 2024/03/29 06:41:58 tb Exp $ */ /* * Copyright (c) 2022 Joel Sing * @@ -17,6 +17,7 @@ #include +#include #include #include #include @@ -530,10 +531,67 @@ ecx_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) return -2; } +#ifndef OPENSSL_NO_CMS +static int +ecx_cms_sign_or_verify(EVP_PKEY *pkey, long verify, CMS_SignerInfo *si) +{ + X509_ALGOR *digestAlgorithm, *signatureAlgorithm; + ASN1_OBJECT *aobj; + + if (verify != 0 && verify != 1) + return -1; + + /* Check that we have an Ed25519 public key. */ + if (EVP_PKEY_id(pkey) != NID_ED25519) + return -1; + + CMS_SignerInfo_get0_algs(si, NULL, NULL, &digestAlgorithm, + &signatureAlgorithm); + + /* RFC 8419, section 2.3: digestAlgorithm MUST be SHA-512. */ + if (digestAlgorithm == NULL) + return -1; + if (OBJ_obj2nid(digestAlgorithm->algorithm) != NID_sha512) + return -1; + + /* + * RFC 8419, section 2.4: signatureAlgorithm MUST be Ed25519, and the + * parameters MUST be absent. For verification check that this is the + * case, for signing set the signatureAlgorithm accordingly. + */ + if (verify) { + const ASN1_OBJECT *obj; + int param_type; + + if (signatureAlgorithm == NULL) + return -1; + + X509_ALGOR_get0(&obj, ¶m_type, NULL, signatureAlgorithm); + if (OBJ_obj2nid(obj) != NID_ED25519) + return -1; + if (param_type != V_ASN1_UNDEF) + return -1; + + return 1; + } + + if ((aobj = OBJ_nid2obj(NID_ED25519)) == NULL) + return -1; + if (!X509_ALGOR_set0(signatureAlgorithm, aobj, V_ASN1_UNDEF, NULL)) + return -1; + + return 1; +} +#endif + static int ecx_sign_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) { switch (op) { +#ifndef OPENSSL_NO_CMS + case ASN1_PKEY_CTRL_CMS_SIGN: + return ecx_cms_sign_or_verify(pkey, arg1, arg2); +#endif case ASN1_PKEY_CTRL_DEFAULT_MD_NID: /* PureEdDSA does its own hashing. */ *(int *)arg2 = NID_undef; @@ -806,6 +864,9 @@ pkey_ecx_ed_ctrl(EVP_PKEY_CTX *pkey_ctx, int op, int arg1, void *arg2) } return 1; +#ifndef OPENSSL_NO_CMS + case EVP_PKEY_CTRL_CMS_SIGN: +#endif case EVP_PKEY_CTRL_DIGESTINIT: return 1; } diff --git a/lib/libcrypto/err/err_all.c b/lib/libcrypto/err/err_all.c index ea6c0af40..9f135a2f5 100644 --- a/lib/libcrypto/err/err_all.c +++ b/lib/libcrypto/err/err_all.c @@ -1,4 +1,4 @@ -/* $OpenBSD: err_all.c,v 1.35 2024/03/24 06:05:41 tb Exp $ */ +/* $OpenBSD: err_all.c,v 1.36 2024/03/29 02:22:18 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -74,7 +74,7 @@ #include #include #include -#include +#include #include #include #include diff --git a/lib/libcrypto/gost/gost_err.c b/lib/libcrypto/gost/gost_err.c deleted file mode 100644 index cb23b2f0a..000000000 --- a/lib/libcrypto/gost/gost_err.c +++ /dev/null @@ -1,106 +0,0 @@ -/* crypto/gost/gost_err.c */ -/* ==================================================================== - * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include - -#ifndef OPENSSL_NO_ERR - -#define ERR_FUNC(func) ERR_PACK(ERR_LIB_GOST,func,0) -#define ERR_REASON(reason) ERR_PACK(ERR_LIB_GOST,0,reason) - -static ERR_STRING_DATA GOST_str_functs[]= { - {ERR_FUNC(0xfff), "CRYPTO_internal"}, - {0, NULL} -}; - -static ERR_STRING_DATA GOST_str_reasons[] = { - {ERR_REASON(GOST_R_BAD_KEY_PARAMETERS_FORMAT),"bad key parameters format"}, - {ERR_REASON(GOST_R_BAD_PKEY_PARAMETERS_FORMAT),"bad pkey parameters format"}, - {ERR_REASON(GOST_R_CANNOT_PACK_EPHEMERAL_KEY),"cannot pack ephemeral key"}, - {ERR_REASON(GOST_R_CTRL_CALL_FAILED) ,"ctrl call failed"}, - {ERR_REASON(GOST_R_ERROR_COMPUTING_SHARED_KEY),"error computing shared key"}, - {ERR_REASON(GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO),"error parsing key transport info"}, - {ERR_REASON(GOST_R_INCOMPATIBLE_ALGORITHMS),"incompatible algorithms"}, - {ERR_REASON(GOST_R_INCOMPATIBLE_PEER_KEY),"incompatible peer key"}, - {ERR_REASON(GOST_R_INVALID_DIGEST_TYPE) ,"invalid digest type"}, - {ERR_REASON(GOST_R_INVALID_IV_LENGTH) ,"invalid iv length"}, - {ERR_REASON(GOST_R_INVALID_MAC_KEY_LENGTH),"invalid mac key length"}, - {ERR_REASON(GOST_R_KEY_IS_NOT_INITIALIZED),"key is not initialized"}, - {ERR_REASON(GOST_R_KEY_PARAMETERS_MISSING),"key parameters missing"}, - {ERR_REASON(GOST_R_MAC_KEY_NOT_SET) ,"mac key not set"}, - {ERR_REASON(GOST_R_NO_PARAMETERS_SET) ,"no parameters set"}, - {ERR_REASON(GOST_R_NO_PEER_KEY) ,"no peer key"}, - {ERR_REASON(GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR),"no private part of non ephemeral keypair"}, - {ERR_REASON(GOST_R_PUBLIC_KEY_UNDEFINED) ,"public key undefined"}, - {ERR_REASON(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED),"random number generator failed"}, - {ERR_REASON(GOST_R_SIGNATURE_MISMATCH) ,"signature mismatch"}, - {ERR_REASON(GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q),"signature parts greater than q"}, - {ERR_REASON(GOST_R_UKM_NOT_SET) ,"ukm not set"}, - {0, NULL} -}; -#endif - -void -ERR_load_GOST_strings(void) { -#ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(GOST_str_functs[0].error) == NULL) { - ERR_load_strings(0,GOST_str_functs); - ERR_load_strings(0,GOST_str_reasons); - } -#endif -} -LCRYPTO_ALIAS(ERR_load_GOST_strings); diff --git a/lib/libcrypto/gost/gost_local.h b/lib/libcrypto/gost/gost_local.h deleted file mode 100644 index 2059cca08..000000000 --- a/lib/libcrypto/gost/gost_local.h +++ /dev/null @@ -1,116 +0,0 @@ -/* $OpenBSD: gost_local.h,v 1.3 2023/07/28 15:50:33 tb Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#ifndef HEADER_GOST_LOCAL_H -#define HEADER_GOST_LOCAL_H - -#include - -__BEGIN_HIDDEN_DECLS - -/* Internal representation of GOST substitution blocks */ -typedef struct { - unsigned char k8[16]; - unsigned char k7[16]; - unsigned char k6[16]; - unsigned char k5[16]; - unsigned char k4[16]; - unsigned char k3[16]; - unsigned char k2[16]; - unsigned char k1[16]; -} gost_subst_block; - -#if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) -# define c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4) -# define l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4) -#else -#define c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \ - l|=(((unsigned long)(*((c)++)))<< 8), \ - l|=(((unsigned long)(*((c)++)))<<16), \ - l|=(((unsigned long)(*((c)++)))<<24)) -#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24)&0xff)) -#endif - -extern void Gost2814789_encrypt(const unsigned char *in, unsigned char *out, - const GOST2814789_KEY *key); -extern void Gost2814789_decrypt(const unsigned char *in, unsigned char *out, - const GOST2814789_KEY *key); -extern void Gost2814789_cryptopro_key_mesh(GOST2814789_KEY *key); - -/* GOST 28147-89 key wrapping */ -extern int gost_key_unwrap_crypto_pro(int nid, - const unsigned char *keyExchangeKey, const unsigned char *wrappedKey, - unsigned char *sessionKey); -extern int gost_key_wrap_crypto_pro(int nid, - const unsigned char *keyExchangeKey, const unsigned char *ukm, - const unsigned char *sessionKey, unsigned char *wrappedKey); -/* Pkey part */ -extern int gost2001_compute_public(GOST_KEY *ec); -extern ECDSA_SIG *gost2001_do_sign(BIGNUM *md, GOST_KEY *eckey); -extern int gost2001_do_verify(BIGNUM *md, ECDSA_SIG *sig, GOST_KEY *ec); -extern int gost2001_keygen(GOST_KEY *ec); -extern int VKO_compute_key(BIGNUM *X, BIGNUM *Y, const GOST_KEY *pkey, - GOST_KEY *priv_key, const BIGNUM *ukm); -extern BIGNUM *GOST_le2bn(const unsigned char *buf, size_t len, BIGNUM *bn); -extern int GOST_bn2le(BIGNUM *bn, unsigned char *buf, int len); - -/* GOST R 34.10 parameters */ -extern int GostR3410_get_md_digest(int nid); -extern int GostR3410_get_pk_digest(int nid); -extern int GostR3410_256_param_id(const char *value); -extern int GostR3410_512_param_id(const char *value); - -__END_HIDDEN_DECLS - -#endif /* !HEADER_GOST_LOCAL_H */ diff --git a/lib/libcrypto/gost/gostr341194.c b/lib/libcrypto/gost/gostr341194.c deleted file mode 100644 index f47f7d5f2..000000000 --- a/lib/libcrypto/gost/gostr341194.c +++ /dev/null @@ -1,278 +0,0 @@ -/* $OpenBSD: gostr341194.c,v 1.7 2023/07/08 14:30:44 beck Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include - -#include - -#ifndef OPENSSL_NO_GOST -#include -#include -#include - -#include "gost_local.h" - -/* Following functions are various bit meshing routines used in - * GOST R 34.11-94 algorithms */ -static void -swap_bytes(unsigned char *w, unsigned char *k) -{ - int i, j; - - for (i = 0; i < 4; i++) - for (j = 0; j < 8; j++) - k[i + 4 * j] = w[8 * i + j]; -} - -/* was A_A */ -static void -circle_xor8(const unsigned char *w, unsigned char *k) -{ - unsigned char buf[8]; - int i; - - memcpy(buf, w, 8); - memmove(k, w + 8, 24); - for (i = 0; i < 8; i++) - k[i + 24] = buf[i] ^ k[i]; -} - -/* was R_R */ -static void -transform_3(unsigned char *data) -{ - unsigned short int acc; - - acc = (data[0] ^ data[2] ^ data[4] ^ data[6] ^ data[24] ^ data[30]) | - ((data[1] ^ data[3] ^ data[5] ^ data[7] ^ data[25] ^ data[31]) << 8); - memmove(data, data + 2, 30); - data[30] = acc & 0xff; - data[31] = acc >> 8; -} - -/* Adds blocks of N bytes modulo 2**(8*n). Returns carry*/ -static int -add_blocks(int n, unsigned char *left, const unsigned char *right) -{ - int i; - int carry = 0; - int sum; - - for (i = 0; i < n; i++) { - sum = (int)left[i] + (int)right[i] + carry; - left[i] = sum & 0xff; - carry = sum >> 8; - } - return carry; -} - -/* Xor two sequences of bytes */ -static void -xor_blocks(unsigned char *result, const unsigned char *a, - const unsigned char *b, size_t len) -{ - size_t i; - - for (i = 0; i < len; i++) - result[i] = a[i] ^ b[i]; -} - -/* - * Calculate H(i+1) = Hash(Hi,Mi) - * Where H and M are 32 bytes long - */ -static int -hash_step(GOSTR341194_CTX *c, unsigned char *H, const unsigned char *M) -{ - unsigned char U[32], W[32], V[32], S[32], Key[32]; - int i; - - /* Compute first key */ - xor_blocks(W, H, M, 32); - swap_bytes(W, Key); - /* Encrypt first 8 bytes of H with first key */ - Gost2814789_set_key(&c->cipher, Key, 256); - Gost2814789_encrypt(H, S, &c->cipher); - - /* Compute second key */ - circle_xor8(H, U); - circle_xor8(M, V); - circle_xor8(V, V); - xor_blocks(W, U, V, 32); - swap_bytes(W, Key); - /* encrypt second 8 bytes of H with second key */ - Gost2814789_set_key(&c->cipher, Key, 256); - Gost2814789_encrypt(H+8, S+8, &c->cipher); - - /* compute third key */ - circle_xor8(U, U); - U[31] = ~U[31]; - U[29] = ~U[29]; - U[28] = ~U[28]; - U[24] = ~U[24]; - U[23] = ~U[23]; - U[20] = ~U[20]; - U[18] = ~U[18]; - U[17] = ~U[17]; - U[14] = ~U[14]; - U[12] = ~U[12]; - U[10] = ~U[10]; - U[8] = ~U[8]; - U[7] = ~U[7]; - U[5] = ~U[5]; - U[3] = ~U[3]; - U[1] = ~U[1]; - circle_xor8(V, V); - circle_xor8(V, V); - xor_blocks(W, U, V, 32); - swap_bytes(W, Key); - /* encrypt third 8 bytes of H with third key */ - Gost2814789_set_key(&c->cipher, Key, 256); - Gost2814789_encrypt(H+16, S+16, &c->cipher); - - /* Compute fourth key */ - circle_xor8(U, U); - circle_xor8(V, V); - circle_xor8(V, V); - xor_blocks(W, U, V, 32); - swap_bytes(W, Key); - /* Encrypt last 8 bytes with fourth key */ - Gost2814789_set_key(&c->cipher, Key, 256); - Gost2814789_encrypt(H+24, S+24, &c->cipher); - - for (i = 0; i < 12; i++) - transform_3(S); - xor_blocks(S, S, M, 32); - transform_3(S); - xor_blocks(S, S, H, 32); - for (i = 0; i < 61; i++) - transform_3(S); - memcpy(H, S, 32); - return 1; -} - -int -GOSTR341194_Init(GOSTR341194_CTX *c, int nid) -{ - memset(c, 0, sizeof(*c)); - return Gost2814789_set_sbox(&c->cipher, nid); -} -LCRYPTO_ALIAS(GOSTR341194_Init); - -static void -GOSTR341194_block_data_order(GOSTR341194_CTX *ctx, const unsigned char *p, - size_t num) -{ - int i; - - for (i = 0; i < num; i++) { - hash_step(ctx, ctx->H, p); - add_blocks(32, ctx->S, p); - p += 32; - } -} - -#define DATA_ORDER_IS_LITTLE_ENDIAN - -#define HASH_CBLOCK GOSTR341194_CBLOCK -#define HASH_LONG GOSTR341194_LONG -#define HASH_CTX GOSTR341194_CTX -#define HASH_UPDATE GOSTR341194_Update -#define HASH_TRANSFORM GOSTR341194_Transform -#define HASH_NO_FINAL 1 -#define HASH_BLOCK_DATA_ORDER GOSTR341194_block_data_order - -#include "md32_common.h" -LCRYPTO_ALIAS(GOSTR341194_Update); -LCRYPTO_ALIAS(GOSTR341194_Transform); - -int -GOSTR341194_Final(unsigned char *md, GOSTR341194_CTX * c) -{ - unsigned char *p = (unsigned char *)c->data; - unsigned char T[32]; - - if (c->num > 0) { - memset(p + c->num, 0, 32 - c->num); - hash_step(c, c->H, p); - add_blocks(32, c->S, p); - } - - p = T; - HOST_l2c(c->Nl, p); - HOST_l2c(c->Nh, p); - memset(p, 0, 32 - 8); - hash_step(c, c->H, T); - hash_step(c, c->H, c->S); - - memcpy(md, c->H, 32); - - return 1; -} -LCRYPTO_ALIAS(GOSTR341194_Final); - -unsigned char * -GOSTR341194(const unsigned char *d, size_t n, unsigned char *md, int nid) -{ - GOSTR341194_CTX c; - static unsigned char m[GOSTR341194_LENGTH]; - - if (md == NULL) - md = m; - if (!GOSTR341194_Init(&c, nid)) - return 0; - GOSTR341194_Update(&c, d, n); - GOSTR341194_Final(md, &c); - explicit_bzero(&c, sizeof(c)); - return (md); -} -LCRYPTO_ALIAS(GOSTR341194); -#endif diff --git a/lib/libcrypto/hidden/openssl/blowfish.h b/lib/libcrypto/hidden/openssl/blowfish.h new file mode 100644 index 000000000..e9a0d98fe --- /dev/null +++ b/lib/libcrypto/hidden/openssl/blowfish.h @@ -0,0 +1,36 @@ +/* $OpenBSD: blowfish.h,v 1.1 2024/03/29 02:37:20 joshua Exp $ */ +/* + * Copyright (c) 2024 Joshua Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _LIBCRYPTO_BLOWFISH_H +#define _LIBCRYPTO_BLOWFISH_H + +#ifndef _MSC_VER +#include_next +#else +#include "../include/openssl/blowfish.h" +#endif +#include "crypto_namespace.h" + +LCRYPTO_USED(BF_set_key); +LCRYPTO_USED(BF_encrypt); +LCRYPTO_USED(BF_decrypt); +LCRYPTO_USED(BF_ecb_encrypt); +LCRYPTO_USED(BF_cbc_encrypt); +LCRYPTO_USED(BF_cfb64_encrypt); +LCRYPTO_USED(BF_ofb64_encrypt); + +#endif /* _LIBCRYPTO_BLOWFISH_H */ diff --git a/lib/libcrypto/idea/i_cfb64.c b/lib/libcrypto/idea/i_cfb64.c deleted file mode 100644 index a1a543f61..000000000 --- a/lib/libcrypto/idea/i_cfb64.c +++ /dev/null @@ -1,124 +0,0 @@ -/* $OpenBSD: i_cfb64.c,v 1.6 2023/07/08 10:44:00 beck Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "idea_local.h" - -/* The input and output encrypted as though 64bit cfb mode is being - * used. The extra state information to record how much of the - * 64bit block we have used is contained in *num; - */ - -void -idea_cfb64_encrypt(const unsigned char *in, unsigned char *out, - long length, IDEA_KEY_SCHEDULE *schedule, - unsigned char *ivec, int *num, int encrypt) -{ - unsigned long v0, v1, t; - int n = *num; - long l = length; - unsigned long ti[2]; - unsigned char *iv, c, cc; - - iv = (unsigned char *)ivec; - if (encrypt) { - while (l--) { - if (n == 0) { - n2l(iv, v0); - ti[0] = v0; - n2l(iv, v1); - ti[1] = v1; - idea_encrypt((unsigned long *)ti, schedule); - iv = (unsigned char *)ivec; - t = ti[0]; - l2n(t, iv); - t = ti[1]; - l2n(t, iv); - iv = (unsigned char *)ivec; - } - c = *(in++) ^ iv[n]; - *(out++) = c; - iv[n] = c; - n = (n + 1) & 0x07; - } - } else { - while (l--) { - if (n == 0) { - n2l(iv, v0); - ti[0] = v0; - n2l(iv, v1); - ti[1] = v1; - idea_encrypt((unsigned long *)ti, schedule); - iv = (unsigned char *)ivec; - t = ti[0]; - l2n(t, iv); - t = ti[1]; - l2n(t, iv); - iv = (unsigned char *)ivec; - } - cc = *(in++); - c = iv[n]; - iv[n] = cc; - *(out++) = c ^ cc; - n = (n + 1) & 0x07; - } - } - v0 = v1 = ti[0] = ti[1] = t = c = cc = 0; - *num = n; -} -LCRYPTO_ALIAS(idea_cfb64_encrypt); diff --git a/lib/libcrypto/idea/i_ecb.c b/lib/libcrypto/idea/i_ecb.c deleted file mode 100644 index 9f7db232b..000000000 --- a/lib/libcrypto/idea/i_ecb.c +++ /dev/null @@ -1,80 +0,0 @@ -/* $OpenBSD: i_ecb.c,v 1.7 2023/07/28 10:35:14 tb Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "idea_local.h" -#include - -void -idea_ecb_encrypt(const unsigned char *in, unsigned char *out, - IDEA_KEY_SCHEDULE *ks) -{ - unsigned long l0, l1, d[2]; - - n2l(in, l0); - d[0] = l0; - n2l(in, l1); - d[1] = l1; - idea_encrypt(d, ks); - l0 = d[0]; - l2n(l0, out); - l1 = d[1]; - l2n(l1, out); - l0 = l1 = d[0] = d[1] = 0; -} -LCRYPTO_ALIAS(idea_ecb_encrypt); diff --git a/lib/libcrypto/idea/i_ofb64.c b/lib/libcrypto/idea/i_ofb64.c deleted file mode 100644 index 5af394ef7..000000000 --- a/lib/libcrypto/idea/i_ofb64.c +++ /dev/null @@ -1,111 +0,0 @@ -/* $OpenBSD: i_ofb64.c,v 1.6 2023/07/08 10:44:00 beck Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "idea_local.h" - -/* The input and output encrypted as though 64bit ofb mode is being - * used. The extra state information to record how much of the - * 64bit block we have used is contained in *num; - */ -void -idea_ofb64_encrypt(const unsigned char *in, unsigned char *out, - long length, IDEA_KEY_SCHEDULE *schedule, - unsigned char *ivec, int *num) -{ - unsigned long v0, v1, t; - int n = *num; - long l = length; - unsigned char d[8]; - char *dp; - unsigned long ti[2]; - unsigned char *iv; - int save = 0; - - iv = (unsigned char *)ivec; - n2l(iv, v0); - n2l(iv, v1); - ti[0] = v0; - ti[1] = v1; - dp = (char *)d; - l2n(v0, dp); - l2n(v1, dp); - while (l--) { - if (n == 0) { - idea_encrypt((unsigned long *)ti, schedule); - dp = (char *)d; - t = ti[0]; - l2n(t, dp); - t = ti[1]; - l2n(t, dp); - save++; - } - *(out++) = *(in++) ^ d[n]; - n = (n + 1) & 0x07; - } - if (save) { - v0 = ti[0]; - v1 = ti[1]; - iv = (unsigned char *)ivec; - l2n(v0, iv); - l2n(v1, iv); - } - t = v0 = v1 = ti[0] = ti[1] = 0; - *num = n; -} -LCRYPTO_ALIAS(idea_ofb64_encrypt); diff --git a/lib/libcrypto/idea/i_skey.c b/lib/libcrypto/idea/i_skey.c deleted file mode 100644 index ad349bba5..000000000 --- a/lib/libcrypto/idea/i_skey.c +++ /dev/null @@ -1,169 +0,0 @@ -/* $OpenBSD: i_skey.c,v 1.7 2023/07/08 10:44:00 beck Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include "idea_local.h" - -static IDEA_INT inverse(unsigned int xin); -void -idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks) -{ - int i; - IDEA_INT *kt, *kf, r0, r1, r2; - - kt = &(ks->data[0][0]); - n2s(key, kt[0]); - n2s(key, kt[1]); - n2s(key, kt[2]); - n2s(key, kt[3]); - n2s(key, kt[4]); - n2s(key, kt[5]); - n2s(key, kt[6]); - n2s(key, kt[7]); - - kf = kt; - kt += 8; - for (i = 0; i < 6; i++) - { - r2 = kf[1]; - r1 = kf[2]; - *(kt++) = ((r2 << 9) | (r1 >> 7)) & 0xffff; - r0 = kf[3]; - *(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff; - r1 = kf[4]; - *(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff; - r0 = kf[5]; - *(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff; - r1 = kf[6]; - *(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff; - r0 = kf[7]; - *(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff; - r1 = kf[0]; - if (i >= 5) - break; - *(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff; - *(kt++) = ((r1 << 9) | (r2 >> 7)) & 0xffff; - kf += 8; - } -} -LCRYPTO_ALIAS(idea_set_encrypt_key); - -void -idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk) -{ - int r; - IDEA_INT *fp, *tp, t; - - tp = &(dk->data[0][0]); - fp = &(ek->data[8][0]); - for (r = 0; r < 9; r++) - { - *(tp++) = inverse(fp[0]); - *(tp++) = ((int)(0x10000L - fp[2]) & 0xffff); - *(tp++) = ((int)(0x10000L - fp[1]) & 0xffff); - *(tp++) = inverse(fp[3]); - if (r == 8) - break; - fp -= 6; - *(tp++) = fp[4]; - *(tp++) = fp[5]; - } - - tp = &(dk->data[0][0]); - t = tp[1]; - tp[1] = tp[2]; - tp[2] = t; - - t = tp[49]; - tp[49] = tp[50]; - tp[50] = t; -} -LCRYPTO_ALIAS(idea_set_decrypt_key); - -/* taken directly from the 'paper' I'll have a look at it later */ -static IDEA_INT -inverse(unsigned int xin) -{ - long n1, n2, q, r, b1, b2, t; - - if (xin == 0) - b2 = 0; - else { - n1 = 0x10001; - n2 = xin; - b2 = 1; - b1 = 0; - - do { - r = (n1 % n2); - q = (n1 - r)/n2; - if (r == 0) { - if (b2 < 0) - b2 = 0x10001 + b2; - } else { - n1 = n2; - n2 = r; - t = b2; - b2 = b1 - q*b2; - b1 = t; - } - } while (r != 0); - } - return ((IDEA_INT)b2); -} diff --git a/lib/libcrypto/idea/i_cbc.c b/lib/libcrypto/idea/idea.c similarity index 53% rename from lib/libcrypto/idea/i_cbc.c rename to lib/libcrypto/idea/idea.c index d75134063..809283b3c 100644 --- a/lib/libcrypto/idea/i_cbc.c +++ b/lib/libcrypto/idea/idea.c @@ -1,4 +1,4 @@ -/* $OpenBSD: i_cbc.c,v 1.6 2023/07/08 10:44:00 beck Exp $ */ +/* $OpenBSD: idea.c,v 1.1 2024/03/29 05:23:50 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -174,3 +174,245 @@ idea_encrypt(unsigned long *d, IDEA_KEY_SCHEDULE *key) d[1] = (x4 & 0xffff)|((t1 & 0xffff) << 16); } LCRYPTO_ALIAS(idea_encrypt); + +/* The input and output encrypted as though 64bit cfb mode is being + * used. The extra state information to record how much of the + * 64bit block we have used is contained in *num; + */ + +void +idea_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *schedule, + unsigned char *ivec, int *num, int encrypt) +{ + unsigned long v0, v1, t; + int n = *num; + long l = length; + unsigned long ti[2]; + unsigned char *iv, c, cc; + + iv = (unsigned char *)ivec; + if (encrypt) { + while (l--) { + if (n == 0) { + n2l(iv, v0); + ti[0] = v0; + n2l(iv, v1); + ti[1] = v1; + idea_encrypt((unsigned long *)ti, schedule); + iv = (unsigned char *)ivec; + t = ti[0]; + l2n(t, iv); + t = ti[1]; + l2n(t, iv); + iv = (unsigned char *)ivec; + } + c = *(in++) ^ iv[n]; + *(out++) = c; + iv[n] = c; + n = (n + 1) & 0x07; + } + } else { + while (l--) { + if (n == 0) { + n2l(iv, v0); + ti[0] = v0; + n2l(iv, v1); + ti[1] = v1; + idea_encrypt((unsigned long *)ti, schedule); + iv = (unsigned char *)ivec; + t = ti[0]; + l2n(t, iv); + t = ti[1]; + l2n(t, iv); + iv = (unsigned char *)ivec; + } + cc = *(in++); + c = iv[n]; + iv[n] = cc; + *(out++) = c ^ cc; + n = (n + 1) & 0x07; + } + } + v0 = v1 = ti[0] = ti[1] = t = c = cc = 0; + *num = n; +} +LCRYPTO_ALIAS(idea_cfb64_encrypt); + +void +idea_ecb_encrypt(const unsigned char *in, unsigned char *out, + IDEA_KEY_SCHEDULE *ks) +{ + unsigned long l0, l1, d[2]; + + n2l(in, l0); + d[0] = l0; + n2l(in, l1); + d[1] = l1; + idea_encrypt(d, ks); + l0 = d[0]; + l2n(l0, out); + l1 = d[1]; + l2n(l1, out); + l0 = l1 = d[0] = d[1] = 0; +} +LCRYPTO_ALIAS(idea_ecb_encrypt); + +/* + * The input and output encrypted as though 64bit ofb mode is being + * used. The extra state information to record how much of the + * 64bit block we have used is contained in *num; + */ +void +idea_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *schedule, + unsigned char *ivec, int *num) +{ + unsigned long v0, v1, t; + int n = *num; + long l = length; + unsigned char d[8]; + char *dp; + unsigned long ti[2]; + unsigned char *iv; + int save = 0; + + iv = (unsigned char *)ivec; + n2l(iv, v0); + n2l(iv, v1); + ti[0] = v0; + ti[1] = v1; + dp = (char *)d; + l2n(v0, dp); + l2n(v1, dp); + while (l--) { + if (n == 0) { + idea_encrypt((unsigned long *)ti, schedule); + dp = (char *)d; + t = ti[0]; + l2n(t, dp); + t = ti[1]; + l2n(t, dp); + save++; + } + *(out++) = *(in++) ^ d[n]; + n = (n + 1) & 0x07; + } + if (save) { + v0 = ti[0]; + v1 = ti[1]; + iv = (unsigned char *)ivec; + l2n(v0, iv); + l2n(v1, iv); + } + t = v0 = v1 = ti[0] = ti[1] = 0; + *num = n; +} +LCRYPTO_ALIAS(idea_ofb64_encrypt); + +/* taken directly from the 'paper' I'll have a look at it later */ +static IDEA_INT +inverse(unsigned int xin) +{ + long n1, n2, q, r, b1, b2, t; + + if (xin == 0) + b2 = 0; + else { + n1 = 0x10001; + n2 = xin; + b2 = 1; + b1 = 0; + + do { + r = (n1 % n2); + q = (n1 - r)/n2; + if (r == 0) { + if (b2 < 0) + b2 = 0x10001 + b2; + } else { + n1 = n2; + n2 = r; + t = b2; + b2 = b1 - q*b2; + b1 = t; + } + } while (r != 0); + } + return ((IDEA_INT)b2); +} + +void +idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks) +{ + int i; + IDEA_INT *kt, *kf, r0, r1, r2; + + kt = &(ks->data[0][0]); + n2s(key, kt[0]); + n2s(key, kt[1]); + n2s(key, kt[2]); + n2s(key, kt[3]); + n2s(key, kt[4]); + n2s(key, kt[5]); + n2s(key, kt[6]); + n2s(key, kt[7]); + + kf = kt; + kt += 8; + for (i = 0; i < 6; i++) + { + r2 = kf[1]; + r1 = kf[2]; + *(kt++) = ((r2 << 9) | (r1 >> 7)) & 0xffff; + r0 = kf[3]; + *(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff; + r1 = kf[4]; + *(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff; + r0 = kf[5]; + *(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff; + r1 = kf[6]; + *(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff; + r0 = kf[7]; + *(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff; + r1 = kf[0]; + if (i >= 5) + break; + *(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff; + *(kt++) = ((r1 << 9) | (r2 >> 7)) & 0xffff; + kf += 8; + } +} +LCRYPTO_ALIAS(idea_set_encrypt_key); + +void +idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk) +{ + int r; + IDEA_INT *fp, *tp, t; + + tp = &(dk->data[0][0]); + fp = &(ek->data[8][0]); + for (r = 0; r < 9; r++) + { + *(tp++) = inverse(fp[0]); + *(tp++) = ((int)(0x10000L - fp[2]) & 0xffff); + *(tp++) = ((int)(0x10000L - fp[1]) & 0xffff); + *(tp++) = inverse(fp[3]); + if (r == 8) + break; + fp -= 6; + *(tp++) = fp[4]; + *(tp++) = fp[5]; + } + + tp = &(dk->data[0][0]); + t = tp[1]; + tp[1] = tp[2]; + tp[2] = t; + + t = tp[49]; + tp[49] = tp[50]; + tp[50] = t; +} +LCRYPTO_ALIAS(idea_set_decrypt_key); diff --git a/lib/libcrypto/man/CMS_add1_signer.3 b/lib/libcrypto/man/CMS_add1_signer.3 index 9ee97dfaf..720a27f29 100644 --- a/lib/libcrypto/man/CMS_add1_signer.3 +++ b/lib/libcrypto/man/CMS_add1_signer.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: CMS_add1_signer.3,v 1.8 2020/06/24 18:15:00 jmc Exp $ +.\" $OpenBSD: CMS_add1_signer.3,v 1.9 2024/03/29 06:43:12 tb Exp $ .\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 .\" .\" This file is a derived work. @@ -65,7 +65,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 24 2020 $ +.Dd $Mdocdate: March 29 2024 $ .Dt CMS_ADD1_SIGNER 3 .Os .Sh NAME @@ -229,6 +229,9 @@ if an error occurs. .Sh STANDARDS RFC 5652: Cryptographic Message Syntax, section 5.1: SignedData Type .Pp +RFC 8419: Use of Edwards-Curve Digital Signature Algorithm (EdDSA) Signatures +in the Cryptographic Message Syntax (CMS) +.Pp RFC 8551: Secure/Multipurpose Internet Mail Extensions (S/MIME) Version\ 4.0 Message Specification .Bl -dash -compact -offset indent diff --git a/lib/libcrypto/man/CMS_sign.3 b/lib/libcrypto/man/CMS_sign.3 index 64461959d..e2daa859d 100644 --- a/lib/libcrypto/man/CMS_sign.3 +++ b/lib/libcrypto/man/CMS_sign.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: CMS_sign.3,v 1.9 2020/06/24 18:15:00 jmc Exp $ +.\" $OpenBSD: CMS_sign.3,v 1.10 2024/03/29 06:43:12 tb Exp $ .\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 .\" .\" This file was written by Dr. Stephen Henson . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 24 2020 $ +.Dd $Mdocdate: March 29 2024 $ .Dt CMS_SIGN 3 .Os .Sh NAME @@ -231,6 +231,9 @@ section 5.1: SignedData Type section 5.3: SignerInfo Type .El .Pp +RFC 8419: Use of Edwards-Curve Digital Signature Algorithm (EdDSA) Signatures +in the Cryptographic Message Syntax (CMS) +.Pp RFC 8551: Secure/Multipurpose Internet Mail Extensions (S/MIME) Version\ 4.0 Message Specification, section 2.5.2: SMIMECapabilities Attribute diff --git a/lib/libcrypto/man/CMS_verify.3 b/lib/libcrypto/man/CMS_verify.3 index ac2386669..63f1b8bb1 100644 --- a/lib/libcrypto/man/CMS_verify.3 +++ b/lib/libcrypto/man/CMS_verify.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: CMS_verify.3,v 1.9 2023/06/05 17:17:23 job Exp $ +.\" $OpenBSD: CMS_verify.3,v 1.10 2024/03/29 06:43:12 tb Exp $ .\" full merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200 .\" .\" This file was written by Dr. Stephen Henson . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 5 2023 $ +.Dd $Mdocdate: March 29 2024 $ .Dt CMS_VERIFY 3 .Os .Sh NAME @@ -213,6 +213,9 @@ The error can be obtained from .Sh STANDARDS RFC 5652: Cryptographic Message Syntax (CMS), section 5.1: SignedData Type +.Pp +RFC 8419: Use of Edwards-Curve Digital Signature Algorithm (EdDSA) Signatures +in the Cryptographic Message Syntax (CMS) .Sh HISTORY These functions first appeared in OpenSSL 0.9.8h and have been available since diff --git a/lib/libcrypto/pem/pem.h b/lib/libcrypto/pem/pem.h index 130acbccf..af841caee 100644 --- a/lib/libcrypto/pem/pem.h +++ b/lib/libcrypto/pem/pem.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pem.h,v 1.26 2023/04/25 17:51:36 tb Exp $ */ +/* $OpenBSD: pem.h,v 1.27 2024/03/29 02:22:18 jsing Exp $ */ /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -69,7 +69,6 @@ #endif #include #include -#include #ifdef __cplusplus extern "C" { diff --git a/lib/libcrypto/rc2/rc2_local.h b/lib/libcrypto/rc2/rc2_local.h index 64c9c5388..dd5598760 100644 --- a/lib/libcrypto/rc2/rc2_local.h +++ b/lib/libcrypto/rc2/rc2_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: rc2_local.h,v 1.2 2023/07/07 08:29:37 beck Exp $ */ +/* $OpenBSD: rc2_local.h,v 1.3 2024/03/29 05:03:48 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -101,49 +101,6 @@ } \ } -/* NOTE - c is not incremented as per n2l */ -#define n2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c)))) ; \ - case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ - case 6: l2|=((unsigned long)(*(--(c))))<<16; \ - case 5: l2|=((unsigned long)(*(--(c))))<<24; \ - case 4: l1 =((unsigned long)(*(--(c)))) ; \ - case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ - case 2: l1|=((unsigned long)(*(--(c))))<<16; \ - case 1: l1|=((unsigned long)(*(--(c))))<<24; \ - } \ - } - -/* NOTE - c is not incremented as per l2n */ -#define l2nn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2) )&0xff);\ - case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff);\ - case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff);\ - case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff);\ - case 4: *(--(c))=(unsigned char)(((l1) )&0xff);\ - case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff);\ - case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff);\ - case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff);\ - } \ - } - -#undef n2l -#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))) - -#undef l2n -#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - #define C_RC2(n) \ t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff; \ x0=(t<<1)|(t>>15); \ diff --git a/lib/libcrypto/rc4/asm/rc4-md5-x86_64.pl b/lib/libcrypto/rc4/asm/rc4-md5-x86_64.pl deleted file mode 100644 index 094138cdf..000000000 --- a/lib/libcrypto/rc4/asm/rc4-md5-x86_64.pl +++ /dev/null @@ -1,515 +0,0 @@ -#!/usr/bin/env perl -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# June 2011 -# -# This is RC4+MD5 "stitch" implementation. The idea, as spelled in -# http://download.intel.com/design/intarch/papers/323686.pdf, is that -# since both algorithms exhibit instruction-level parallelism, ILP, -# below theoretical maximum, interleaving them would allow to utilize -# processor resources better and achieve better performance. RC4 -# instruction sequence is virtually identical to rc4-x86_64.pl, which -# is heavily based on submission by Maxim Perminov, Maxim Locktyukhin -# and Jim Guilford of Intel. MD5 is fresh implementation aiming to -# minimize register usage, which was used as "main thread" with RC4 -# weaved into it, one RC4 round per one MD5 round. In addition to the -# stiched subroutine the script can generate standalone replacement -# md5_block_asm_data_order and RC4. Below are performance numbers in -# cycles per processed byte, less is better, for these the standalone -# subroutines, sum of them, and stitched one: -# -# RC4 MD5 RC4+MD5 stitch gain -# Opteron 6.5(*) 5.4 11.9 7.0 +70%(*) -# Core2 6.5 5.8 12.3 7.7 +60% -# Westmere 4.3 5.2 9.5 7.0 +36% -# Sandy Bridge 4.2 5.5 9.7 6.8 +43% -# Atom 9.3 6.5 15.8 11.1 +42% -# -# (*) rc4-x86_64.pl delivers 5.3 on Opteron, so real improvement -# is +53%... - -my ($rc4,$md5)=(1,1); # what to generate? -my $D="#" if (!$md5); # if set to "#", MD5 is stitched into RC4(), - # but its result is discarded. Idea here is - # to be able to use 'openssl speed rc4' for - # benchmarking the stitched subroutine... - -my $flavour = shift; -my $output = shift; -if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -open OUT,"| \"$^X\" $xlate $flavour $output"; -*STDOUT=*OUT; - -my ($dat,$in0,$out,$ctx,$inp,$len, $func,$nargs); - -if ($rc4 && !$md5) { - ($dat,$len,$in0,$out) = ("%rdi","%rsi","%rdx","%rcx"); - $func="RC4"; $nargs=4; -} elsif ($md5 && !$rc4) { - ($ctx,$inp,$len) = ("%rdi","%rsi","%rdx"); - $func="md5_block_asm_data_order"; $nargs=3; -} else { - ($dat,$in0,$out,$ctx,$inp,$len) = ("%rdi","%rsi","%rdx","%rcx","%r8","%r9"); - $func="rc4_md5_enc"; $nargs=6; - # void rc4_md5_enc( - # RC4_KEY *key, # - # const void *in0, # RC4 input - # void *out, # RC4 output - # MD5_CTX *ctx, # - # const void *inp, # MD5 input - # size_t len); # number of 64-byte blocks -} - -my @K=( 0xd76aa478,0xe8c7b756,0x242070db,0xc1bdceee, - 0xf57c0faf,0x4787c62a,0xa8304613,0xfd469501, - 0x698098d8,0x8b44f7af,0xffff5bb1,0x895cd7be, - 0x6b901122,0xfd987193,0xa679438e,0x49b40821, - - 0xf61e2562,0xc040b340,0x265e5a51,0xe9b6c7aa, - 0xd62f105d,0x02441453,0xd8a1e681,0xe7d3fbc8, - 0x21e1cde6,0xc33707d6,0xf4d50d87,0x455a14ed, - 0xa9e3e905,0xfcefa3f8,0x676f02d9,0x8d2a4c8a, - - 0xfffa3942,0x8771f681,0x6d9d6122,0xfde5380c, - 0xa4beea44,0x4bdecfa9,0xf6bb4b60,0xbebfbc70, - 0x289b7ec6,0xeaa127fa,0xd4ef3085,0x04881d05, - 0xd9d4d039,0xe6db99e5,0x1fa27cf8,0xc4ac5665, - - 0xf4292244,0x432aff97,0xab9423a7,0xfc93a039, - 0x655b59c3,0x8f0ccc92,0xffeff47d,0x85845dd1, - 0x6fa87e4f,0xfe2ce6e0,0xa3014314,0x4e0811a1, - 0xf7537e82,0xbd3af235,0x2ad7d2bb,0xeb86d391 ); - -my @V=("%r8d","%r9d","%r10d","%r11d"); # MD5 registers -my $tmp="%r12d"; - -my @XX=("%rbp","%rsi"); # RC4 registers -my @TX=("%rax","%rbx"); -my $YY="%rcx"; -my $TY="%rdx"; - -my $MOD=32; # 16, 32 or 64 - -$code.=<<___; -.text -.align 16 - -.globl $func -.type $func,\@function,$nargs -$func: - _CET_ENDBR - cmp \$0,$len - je .Labort - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - sub \$40,%rsp -.Lbody: -___ -if ($rc4) { -$code.=<<___; -$D#md5# mov $ctx,%r11 # reassign arguments - mov $len,%r12 - mov $in0,%r13 - mov $out,%r14 -$D#md5# mov $inp,%r15 -___ - $ctx="%r11" if ($md5); # reassign arguments - $len="%r12"; - $in0="%r13"; - $out="%r14"; - $inp="%r15" if ($md5); - $inp=$in0 if (!$md5); -$code.=<<___; - xor $XX[0],$XX[0] - xor $YY,$YY - - lea 8($dat),$dat - mov -8($dat),$XX[0]#b - mov -4($dat),$YY#b - - inc $XX[0]#b - sub $in0,$out - movl ($dat,$XX[0],4),$TX[0]#d -___ -$code.=<<___ if (!$md5); - xor $TX[1],$TX[1] - test \$-128,$len - jz .Loop1 - sub $XX[0],$TX[1] - and \$`$MOD-1`,$TX[1] - jz .Loop${MOD}_is_hot - sub $TX[1],$len -.Loop${MOD}_warmup: - add $TX[0]#b,$YY#b - movl ($dat,$YY,4),$TY#d - movl $TX[0]#d,($dat,$YY,4) - movl $TY#d,($dat,$XX[0],4) - add $TY#b,$TX[0]#b - inc $XX[0]#b - movl ($dat,$TX[0],4),$TY#d - movl ($dat,$XX[0],4),$TX[0]#d - xorb ($in0),$TY#b - movb $TY#b,($out,$in0) - lea 1($in0),$in0 - dec $TX[1] - jnz .Loop${MOD}_warmup - - mov $YY,$TX[1] - xor $YY,$YY - mov $TX[1]#b,$YY#b - -.Loop${MOD}_is_hot: - mov $len,32(%rsp) # save original $len - shr \$6,$len # number of 64-byte blocks -___ - if ($D && !$md5) { # stitch in dummy MD5 - $md5=1; - $ctx="%r11"; - $inp="%r15"; - $code.=<<___; - mov %rsp,$ctx - mov $in0,$inp -___ - } -} -$code.=<<___; -#rc4# add $TX[0]#b,$YY#b -#rc4# lea ($dat,$XX[0],4),$XX[1] - shl \$6,$len - add $inp,$len # pointer to the end of input - mov $len,16(%rsp) - -#md5# mov $ctx,24(%rsp) # save pointer to MD5_CTX -#md5# mov 0*4($ctx),$V[0] # load current hash value from MD5_CTX -#md5# mov 1*4($ctx),$V[1] -#md5# mov 2*4($ctx),$V[2] -#md5# mov 3*4($ctx),$V[3] - jmp .Loop - -.align 16 -.Loop: -#md5# mov $V[0],0*4(%rsp) # put aside current hash value -#md5# mov $V[1],1*4(%rsp) -#md5# mov $V[2],2*4(%rsp) -#md5# mov $V[3],$tmp # forward reference -#md5# mov $V[3],3*4(%rsp) -___ - -sub R0 { - my ($i,$a,$b,$c,$d)=@_; - my @rot0=(7,12,17,22); - my $j=$i%16; - my $k=$i%$MOD; - my $xmm="%xmm".($j&1); - $code.=" movdqu ($in0),%xmm2\n" if ($rc4 && $j==15); - $code.=" add \$$MOD,$XX[0]#b\n" if ($rc4 && $j==15 && $k==$MOD-1); - $code.=" pxor $xmm,$xmm\n" if ($rc4 && $j<=1); - $code.=<<___; -#rc4# movl ($dat,$YY,4),$TY#d -#md5# xor $c,$tmp -#rc4# movl $TX[0]#d,($dat,$YY,4) -#md5# and $b,$tmp -#md5# add 4*`$j`($inp),$a -#rc4# add $TY#b,$TX[0]#b -#rc4# movl `4*(($k+1)%$MOD)`(`$k==$MOD-1?"$dat,$XX[0],4":"$XX[1]"`),$TX[1]#d -#md5# add \$$K[$i],$a -#md5# xor $d,$tmp -#rc4# movz $TX[0]#b,$TX[0]#d -#rc4# movl $TY#d,4*$k($XX[1]) -#md5# add $tmp,$a -#rc4# add $TX[1]#b,$YY#b -#md5# rol \$$rot0[$j%4],$a -#md5# mov `$j==15?"$b":"$c"`,$tmp # forward reference -#rc4# pinsrw \$`($j>>1)&7`,($dat,$TX[0],4),$xmm\n -#md5# add $b,$a -___ - $code.=<<___ if ($rc4 && $j==15 && $k==$MOD-1); - mov $YY,$XX[1] - xor $YY,$YY # keyword to partial register - mov $XX[1]#b,$YY#b - lea ($dat,$XX[0],4),$XX[1] -___ - $code.=<<___ if ($rc4 && $j==15); - psllq \$8,%xmm1 - pxor %xmm0,%xmm2 - pxor %xmm1,%xmm2 -___ -} -sub R1 { - my ($i,$a,$b,$c,$d)=@_; - my @rot1=(5,9,14,20); - my $j=$i%16; - my $k=$i%$MOD; - my $xmm="%xmm".($j&1); - $code.=" movdqu 16($in0),%xmm3\n" if ($rc4 && $j==15); - $code.=" add \$$MOD,$XX[0]#b\n" if ($rc4 && $j==15 && $k==$MOD-1); - $code.=" pxor $xmm,$xmm\n" if ($rc4 && $j<=1); - $code.=<<___; -#rc4# movl ($dat,$YY,4),$TY#d -#md5# xor $b,$tmp -#rc4# movl $TX[0]#d,($dat,$YY,4) -#md5# and $d,$tmp -#md5# add 4*`((1+5*$j)%16)`($inp),$a -#rc4# add $TY#b,$TX[0]#b -#rc4# movl `4*(($k+1)%$MOD)`(`$k==$MOD-1?"$dat,$XX[0],4":"$XX[1]"`),$TX[1]#d -#md5# add \$$K[$i],$a -#md5# xor $c,$tmp -#rc4# movz $TX[0]#b,$TX[0]#d -#rc4# movl $TY#d,4*$k($XX[1]) -#md5# add $tmp,$a -#rc4# add $TX[1]#b,$YY#b -#md5# rol \$$rot1[$j%4],$a -#md5# mov `$j==15?"$c":"$b"`,$tmp # forward reference -#rc4# pinsrw \$`($j>>1)&7`,($dat,$TX[0],4),$xmm\n -#md5# add $b,$a -___ - $code.=<<___ if ($rc4 && $j==15 && $k==$MOD-1); - mov $YY,$XX[1] - xor $YY,$YY # keyword to partial register - mov $XX[1]#b,$YY#b - lea ($dat,$XX[0],4),$XX[1] -___ - $code.=<<___ if ($rc4 && $j==15); - psllq \$8,%xmm1 - pxor %xmm0,%xmm3 - pxor %xmm1,%xmm3 -___ -} -sub R2 { - my ($i,$a,$b,$c,$d)=@_; - my @rot2=(4,11,16,23); - my $j=$i%16; - my $k=$i%$MOD; - my $xmm="%xmm".($j&1); - $code.=" movdqu 32($in0),%xmm4\n" if ($rc4 && $j==15); - $code.=" add \$$MOD,$XX[0]#b\n" if ($rc4 && $j==15 && $k==$MOD-1); - $code.=" pxor $xmm,$xmm\n" if ($rc4 && $j<=1); - $code.=<<___; -#rc4# movl ($dat,$YY,4),$TY#d -#md5# xor $c,$tmp -#rc4# movl $TX[0]#d,($dat,$YY,4) -#md5# xor $b,$tmp -#md5# add 4*`((5+3*$j)%16)`($inp),$a -#rc4# add $TY#b,$TX[0]#b -#rc4# movl `4*(($k+1)%$MOD)`(`$k==$MOD-1?"$dat,$XX[0],4":"$XX[1]"`),$TX[1]#d -#md5# add \$$K[$i],$a -#rc4# movz $TX[0]#b,$TX[0]#d -#md5# add $tmp,$a -#rc4# movl $TY#d,4*$k($XX[1]) -#rc4# add $TX[1]#b,$YY#b -#md5# rol \$$rot2[$j%4],$a -#md5# mov `$j==15?"\\\$-1":"$c"`,$tmp # forward reference -#rc4# pinsrw \$`($j>>1)&7`,($dat,$TX[0],4),$xmm\n -#md5# add $b,$a -___ - $code.=<<___ if ($rc4 && $j==15 && $k==$MOD-1); - mov $YY,$XX[1] - xor $YY,$YY # keyword to partial register - mov $XX[1]#b,$YY#b - lea ($dat,$XX[0],4),$XX[1] -___ - $code.=<<___ if ($rc4 && $j==15); - psllq \$8,%xmm1 - pxor %xmm0,%xmm4 - pxor %xmm1,%xmm4 -___ -} -sub R3 { - my ($i,$a,$b,$c,$d)=@_; - my @rot3=(6,10,15,21); - my $j=$i%16; - my $k=$i%$MOD; - my $xmm="%xmm".($j&1); - $code.=" movdqu 48($in0),%xmm5\n" if ($rc4 && $j==15); - $code.=" add \$$MOD,$XX[0]#b\n" if ($rc4 && $j==15 && $k==$MOD-1); - $code.=" pxor $xmm,$xmm\n" if ($rc4 && $j<=1); - $code.=<<___; -#rc4# movl ($dat,$YY,4),$TY#d -#md5# xor $d,$tmp -#rc4# movl $TX[0]#d,($dat,$YY,4) -#md5# or $b,$tmp -#md5# add 4*`((7*$j)%16)`($inp),$a -#rc4# add $TY#b,$TX[0]#b -#rc4# movl `4*(($k+1)%$MOD)`(`$k==$MOD-1?"$dat,$XX[0],4":"$XX[1]"`),$TX[1]#d -#md5# add \$$K[$i],$a -#rc4# movz $TX[0]#b,$TX[0]#d -#md5# xor $c,$tmp -#rc4# movl $TY#d,4*$k($XX[1]) -#md5# add $tmp,$a -#rc4# add $TX[1]#b,$YY#b -#md5# rol \$$rot3[$j%4],$a -#md5# mov \$-1,$tmp # forward reference -#rc4# pinsrw \$`($j>>1)&7`,($dat,$TX[0],4),$xmm\n -#md5# add $b,$a -___ - $code.=<<___ if ($rc4 && $j==15); - mov $XX[0],$XX[1] - xor $XX[0],$XX[0] # keyword to partial register - mov $XX[1]#b,$XX[0]#b - mov $YY,$XX[1] - xor $YY,$YY # keyword to partial register - mov $XX[1]#b,$YY#b - lea ($dat,$XX[0],4),$XX[1] - psllq \$8,%xmm1 - pxor %xmm0,%xmm5 - pxor %xmm1,%xmm5 -___ -} - -my $i=0; -for(;$i<16;$i++) { R0($i,@V); unshift(@V,pop(@V)); push(@TX,shift(@TX)); } -for(;$i<32;$i++) { R1($i,@V); unshift(@V,pop(@V)); push(@TX,shift(@TX)); } -for(;$i<48;$i++) { R2($i,@V); unshift(@V,pop(@V)); push(@TX,shift(@TX)); } -for(;$i<64;$i++) { R3($i,@V); unshift(@V,pop(@V)); push(@TX,shift(@TX)); } - -$code.=<<___; -#md5# add 0*4(%rsp),$V[0] # accumulate hash value -#md5# add 1*4(%rsp),$V[1] -#md5# add 2*4(%rsp),$V[2] -#md5# add 3*4(%rsp),$V[3] - -#rc4# movdqu %xmm2,($out,$in0) # write RC4 output -#rc4# movdqu %xmm3,16($out,$in0) -#rc4# movdqu %xmm4,32($out,$in0) -#rc4# movdqu %xmm5,48($out,$in0) -#md5# lea 64($inp),$inp -#rc4# lea 64($in0),$in0 - cmp 16(%rsp),$inp # are we done? - jb .Loop - -#md5# mov 24(%rsp),$len # restore pointer to MD5_CTX -#rc4# sub $TX[0]#b,$YY#b # correct $YY -#md5# mov $V[0],0*4($len) # write MD5_CTX -#md5# mov $V[1],1*4($len) -#md5# mov $V[2],2*4($len) -#md5# mov $V[3],3*4($len) -___ -$code.=<<___ if ($rc4 && (!$md5 || $D)); - mov 32(%rsp),$len # restore original $len - and \$63,$len # remaining bytes - jnz .Loop1 - jmp .Ldone - -.align 16 -.Loop1: - add $TX[0]#b,$YY#b - movl ($dat,$YY,4),$TY#d - movl $TX[0]#d,($dat,$YY,4) - movl $TY#d,($dat,$XX[0],4) - add $TY#b,$TX[0]#b - inc $XX[0]#b - movl ($dat,$TX[0],4),$TY#d - movl ($dat,$XX[0],4),$TX[0]#d - xorb ($in0),$TY#b - movb $TY#b,($out,$in0) - lea 1($in0),$in0 - dec $len - jnz .Loop1 - -.Ldone: -___ -$code.=<<___; -#rc4# sub \$1,$XX[0]#b -#rc4# movl $XX[0]#d,-8($dat) -#rc4# movl $YY#d,-4($dat) - - mov 40(%rsp),%r15 - mov 48(%rsp),%r14 - mov 56(%rsp),%r13 - mov 64(%rsp),%r12 - mov 72(%rsp),%rbp - mov 80(%rsp),%rbx - lea 88(%rsp),%rsp -.Lepilogue: -.Labort: - ret -.size $func,.-$func -___ - -if ($rc4 && $D) { # sole purpose of this section is to provide - # option to use the generated module as drop-in - # replacement for rc4-x86_64.pl for debugging - # and testing purposes... -my ($idx,$ido)=("%r8","%r9"); -my ($dat,$len,$inp)=("%rdi","%rsi","%rdx"); - -$code.=<<___; -.globl RC4_set_key -.type RC4_set_key,\@function,3 -.align 16 -RC4_set_key: - _CET_ENDBR - lea 8($dat),$dat - lea ($inp,$len),$inp - neg $len - mov $len,%rcx - xor %eax,%eax - xor $ido,$ido - xor %r10,%r10 - xor %r11,%r11 - jmp .Lw1stloop - -.align 16 -.Lw1stloop: - mov %eax,($dat,%rax,4) - add \$1,%al - jnc .Lw1stloop - - xor $ido,$ido - xor $idx,$idx -.align 16 -.Lw2ndloop: - mov ($dat,$ido,4),%r10d - add ($inp,$len,1),$idx#b - add %r10b,$idx#b - add \$1,$len - mov ($dat,$idx,4),%r11d - cmovz %rcx,$len - mov %r10d,($dat,$idx,4) - mov %r11d,($dat,$ido,4) - add \$1,$ido#b - jnc .Lw2ndloop - - xor %eax,%eax - mov %eax,-8($dat) - mov %eax,-4($dat) - ret -.size RC4_set_key,.-RC4_set_key -___ -} - -sub reg_part { -my ($reg,$conv)=@_; - if ($reg =~ /%r[0-9]+/) { $reg .= $conv; } - elsif ($conv eq "b") { $reg =~ s/%[er]([^x]+)x?/%$1l/; } - elsif ($conv eq "w") { $reg =~ s/%[er](.+)/%$1/; } - elsif ($conv eq "d") { $reg =~ s/%[er](.+)/%e$1/; } - return $reg; -} - -$code =~ s/(%[a-z0-9]+)#([bwd])/reg_part($1,$2)/gem; -$code =~ s/\`([^\`]*)\`/eval $1/gem; -$code =~ s/pinsrw\s+\$0,/movd /gm; - -$code =~ s/#md5#//gm if ($md5); -$code =~ s/#rc4#//gm if ($rc4); - -print $code; - -close STDOUT; diff --git a/lib/libcrypto/rc4/asm/rc4-parisc.pl b/lib/libcrypto/rc4/asm/rc4-parisc.pl deleted file mode 100644 index 1b4116257..000000000 --- a/lib/libcrypto/rc4/asm/rc4-parisc.pl +++ /dev/null @@ -1,294 +0,0 @@ -#!/usr/bin/env perl - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# RC4 for PA-RISC. - -# June 2009. -# -# Performance is 33% better than gcc 3.2 generated code on PA-7100LC. -# For reference, [4x] unrolled loop is >40% faster than folded one. -# It's possible to unroll loop 8 times on PA-RISC 2.0, but improvement -# is believed to be not sufficient to justify the effort... -# -# Special thanks to polarhome.com for providing HP-UX account. - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; - -$flavour = shift; -$output = shift; -open STDOUT,">$output"; - -if ($flavour =~ /64/) { - $LEVEL ="2.0W"; - $SIZE_T =8; - $FRAME_MARKER =80; - $SAVED_RP =16; - $PUSH ="std"; - $PUSHMA ="std,ma"; - $POP ="ldd"; - $POPMB ="ldd,mb"; -} else { - $LEVEL ="1.0"; - $SIZE_T =4; - $FRAME_MARKER =48; - $SAVED_RP =20; - $PUSH ="stw"; - $PUSHMA ="stwm"; - $POP ="ldw"; - $POPMB ="ldwm"; -} - -$FRAME=4*$SIZE_T+$FRAME_MARKER; # 4 saved regs + frame marker - # [+ argument transfer] -$SZ=1; # defaults to RC4_CHAR -if (open CONF,"<${dir}../../opensslconf.h") { - while() { - if (m/#\s*define\s+RC4_INT\s+(.*)/) { - $SZ = ($1=~/char$/) ? 1 : 4; - last; - } - } - close CONF; -} - -if ($SZ==1) { # RC4_CHAR - $LD="ldb"; - $LDX="ldbx"; - $MKX="addl"; - $ST="stb"; -} else { # RC4_INT (~5% faster than RC4_CHAR on PA-7100LC) - $LD="ldw"; - $LDX="ldwx,s"; - $MKX="sh2addl"; - $ST="stw"; -} - -$key="%r26"; -$len="%r25"; -$inp="%r24"; -$out="%r23"; - -@XX=("%r19","%r20"); -@TX=("%r21","%r22"); -$YY="%r28"; -$TY="%r29"; - -$acc="%r1"; -$ix="%r2"; -$iy="%r3"; -$dat0="%r4"; -$dat1="%r5"; -$rem="%r6"; -$mask="%r31"; - -sub unrolledloopbody { -for ($i=0;$i<4;$i++) { -$code.=<<___; - ldo 1($XX[0]),$XX[1] - `sprintf("$LDX %$TY(%$key),%$dat1") if ($i>0)` - and $mask,$XX[1],$XX[1] - $LDX $YY($key),$TY - $MKX $YY,$key,$ix - $LDX $XX[1]($key),$TX[1] - $MKX $XX[0],$key,$iy - $ST $TX[0],0($ix) - comclr,<> $XX[1],$YY,%r0 ; conditional - copy $TX[0],$TX[1] ; move - `sprintf("%sdep %$dat1,%d,8,%$acc",$i==1?"z":"",8*($i-1)+7) if ($i>0)` - $ST $TY,0($iy) - addl $TX[0],$TY,$TY - addl $TX[1],$YY,$YY - and $mask,$TY,$TY - and $mask,$YY,$YY -___ -push(@TX,shift(@TX)); push(@XX,shift(@XX)); # "rotate" registers -} } - -sub foldedloop { -my ($label,$count)=@_; -$code.=<<___; -$label - $MKX $YY,$key,$iy - $LDX $YY($key),$TY - $MKX $XX[0],$key,$ix - $ST $TX[0],0($iy) - ldo 1($XX[0]),$XX[0] - $ST $TY,0($ix) - addl $TX[0],$TY,$TY - ldbx $inp($out),$dat1 - and $mask,$TY,$TY - and $mask,$XX[0],$XX[0] - $LDX $TY($key),$acc - $LDX $XX[0]($key),$TX[0] - ldo 1($out),$out - xor $dat1,$acc,$acc - addl $TX[0],$YY,$YY - stb $acc,-1($out) - addib,<> -1,$count,$label ; $count is always small - and $mask,$YY,$YY -___ -} - -$code=<<___; - .LEVEL $LEVEL - .text - - .EXPORT RC4,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR -RC4 - .PROC - .CALLINFO FRAME=`$FRAME-4*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=6 - .ENTRY - $PUSH %r2,-$SAVED_RP(%sp) ; standard prologue - $PUSHMA %r3,$FRAME(%sp) - $PUSH %r4,`-$FRAME+1*$SIZE_T`(%sp) - $PUSH %r5,`-$FRAME+2*$SIZE_T`(%sp) - $PUSH %r6,`-$FRAME+3*$SIZE_T`(%sp) - - cmpib,*= 0,$len,L\$abort - sub $inp,$out,$inp ; distance between $inp and $out - - $LD `0*$SZ`($key),$XX[0] - $LD `1*$SZ`($key),$YY - ldo `2*$SZ`($key),$key - - ldi 0xff,$mask - ldi 3,$dat0 - - ldo 1($XX[0]),$XX[0] ; warm up loop - and $mask,$XX[0],$XX[0] - $LDX $XX[0]($key),$TX[0] - addl $TX[0],$YY,$YY - cmpib,*>>= 6,$len,L\$oop1 ; is $len large enough to bother? - and $mask,$YY,$YY - - and,<> $out,$dat0,$rem ; is $out aligned? - b L\$alignedout - subi 4,$rem,$rem - sub $len,$rem,$len -___ -&foldedloop("L\$alignout",$rem); # process till $out is aligned - -$code.=<<___; -L\$alignedout ; $len is at least 4 here - and,<> $inp,$dat0,$acc ; is $inp aligned? - b L\$oop4 - sub $inp,$acc,$rem ; align $inp - - sh3addl $acc,%r0,$acc - subi 32,$acc,$acc - mtctl $acc,%cr11 ; load %sar with vshd align factor - ldwx $rem($out),$dat0 - ldo 4($rem),$rem -L\$oop4misalignedinp -___ -&unrolledloopbody(); -$code.=<<___; - $LDX $TY($key),$ix - ldwx $rem($out),$dat1 - ldo -4($len),$len - or $ix,$acc,$acc ; last piece, no need to dep - vshd $dat0,$dat1,$iy ; align data - copy $dat1,$dat0 - xor $iy,$acc,$acc - stw $acc,0($out) - cmpib,*<< 3,$len,L\$oop4misalignedinp - ldo 4($out),$out - cmpib,*= 0,$len,L\$done - nop - b L\$oop1 - nop - - .ALIGN 8 -L\$oop4 -___ -&unrolledloopbody(); -$code.=<<___; - $LDX $TY($key),$ix - ldwx $inp($out),$dat0 - ldo -4($len),$len - or $ix,$acc,$acc ; last piece, no need to dep - xor $dat0,$acc,$acc - stw $acc,0($out) - cmpib,*<< 3,$len,L\$oop4 - ldo 4($out),$out - cmpib,*= 0,$len,L\$done - nop -___ -&foldedloop("L\$oop1",$len); -$code.=<<___; -L\$done - $POP `-$FRAME-$SAVED_RP`(%sp),%r2 - ldo -1($XX[0]),$XX[0] ; chill out loop - sub $YY,$TX[0],$YY - and $mask,$XX[0],$XX[0] - and $mask,$YY,$YY - $ST $XX[0],`-2*$SZ`($key) - $ST $YY,`-1*$SZ`($key) - $POP `-$FRAME+1*$SIZE_T`(%sp),%r4 - $POP `-$FRAME+2*$SIZE_T`(%sp),%r5 - $POP `-$FRAME+3*$SIZE_T`(%sp),%r6 -L\$abort - bv (%r2) - .EXIT - $POPMB -$FRAME(%sp),%r3 - .PROCEND -___ - -$code.=<<___; - - .EXPORT RC4_set_key,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR - .ALIGN 8 -RC4_set_key - .PROC - .CALLINFO NO_CALLS - .ENTRY - $ST %r0,`0*$SZ`($key) - $ST %r0,`1*$SZ`($key) - ldo `2*$SZ`($key),$key - copy %r0,@XX[0] -L\$1st - $ST @XX[0],0($key) - ldo 1(@XX[0]),@XX[0] - bb,>= @XX[0],`31-8`,L\$1st ; @XX[0]<256 - ldo $SZ($key),$key - - ldo `-256*$SZ`($key),$key ; rewind $key - addl $len,$inp,$inp ; $inp to point at the end - sub %r0,$len,%r23 ; inverse index - copy %r0,@XX[0] - copy %r0,@XX[1] - ldi 0xff,$mask - -L\$2nd - $LDX @XX[0]($key),@TX[0] - ldbx %r23($inp),@TX[1] - addi,nuv 1,%r23,%r23 ; increment and conditional - sub %r0,$len,%r23 ; inverse index - addl @TX[0],@XX[1],@XX[1] - addl @TX[1],@XX[1],@XX[1] - and $mask,@XX[1],@XX[1] - $MKX @XX[0],$key,$TY - $LDX @XX[1]($key),@TX[1] - $MKX @XX[1],$key,$YY - ldo 1(@XX[0]),@XX[0] - $ST @TX[0],0($YY) - bb,>= @XX[0],`31-8`,L\$2nd ; @XX[0]<256 - $ST @TX[1],0($TY) - - bv,n (%r2) - .EXIT - nop - .PROCEND -___ -$code =~ s/\`([^\`]*)\`/eval $1/gem; -$code =~ s/cmpib,\*/comib,/gm if ($SIZE_T==4); -$code =~ s/\bbv\b/bve/gm if ($SIZE_T==8); - -print $code; -close STDOUT; diff --git a/lib/libcrypto/ripemd/asm/rmd-586.pl b/lib/libcrypto/ripemd/asm/rmd-586.pl deleted file mode 100644 index 85f815e2b..000000000 --- a/lib/libcrypto/ripemd/asm/rmd-586.pl +++ /dev/null @@ -1,591 +0,0 @@ -#!/usr/local/bin/perl - -# Normal is the -# ripemd160_block_asm_data_order(RIPEMD160_CTX *c, ULONG *X,int blocks); - -$normal=0; - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86asm.pl"; - -&asm_init($ARGV[0],$0); - -$A="ecx"; -$B="esi"; -$C="edi"; -$D="ebx"; -$E="ebp"; -$tmp1="eax"; -$tmp2="edx"; - -$KL1=0x5A827999; -$KL2=0x6ED9EBA1; -$KL3=0x8F1BBCDC; -$KL4=0xA953FD4E; -$KR0=0x50A28BE6; -$KR1=0x5C4DD124; -$KR2=0x6D703EF3; -$KR3=0x7A6D76E9; - - -@wl=( 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,10,11,12,13,14,15, - 7, 4,13, 1,10, 6,15, 3,12, 0, 9, 5, 2,14,11, 8, - 3,10,14, 4, 9,15, 8, 1, 2, 7, 0, 6,13,11, 5,12, - 1, 9,11,10, 0, 8,12, 4,13, 3, 7,15,14, 5, 6, 2, - 4, 0, 5, 9, 7,12, 2,10,14, 1, 3, 8,11, 6,15,13, - ); - -@wr=( 5,14, 7, 0, 9, 2,11, 4,13, 6,15, 8, 1,10, 3,12, - 6,11, 3, 7, 0,13, 5,10,14,15, 8,12, 4, 9, 1, 2, - 15, 5, 1, 3, 7,14, 6, 9,11, 8,12, 2,10, 0, 4,13, - 8, 6, 4, 1, 3,11,15, 0, 5,12, 2,13, 9, 7,10,14, - 12,15,10, 4, 1, 5, 8, 7, 6, 2,13,14, 0, 3, 9,11, - ); - -@sl=( 11,14,15,12, 5, 8, 7, 9,11,13,14,15, 6, 7, 9, 8, - 7, 6, 8,13,11, 9, 7,15, 7,12,15, 9,11, 7,13,12, - 11,13, 6, 7,14, 9,13,15,14, 8,13, 6, 5,12, 7, 5, - 11,12,14,15,14,15, 9, 8, 9,14, 5, 6, 8, 6, 5,12, - 9,15, 5,11, 6, 8,13,12, 5,12,13,14,11, 8, 5, 6, - ); - -@sr=( 8, 9, 9,11,13,15,15, 5, 7, 7, 8,11,14,14,12, 6, - 9,13,15, 7,12, 8, 9,11, 7, 7,12, 7, 6,15,13,11, - 9, 7,15,11, 8, 6, 6,14,12,13, 5,14,13,13, 7, 5, - 15, 5, 8,11,14,14, 6,14, 6, 9,12, 9,12, 5,15, 8, - 8, 5,12, 9,12, 5,14, 6, 8,13, 6, 5,15,13,11,11, - ); - -&ripemd160_block("ripemd160_block_asm_data_order"); -&asm_finish(); - -sub Xv - { - local($n)=@_; - return(&swtmp($n)); - # tmp on stack - } - -sub Np - { - local($p)=@_; - local(%n)=($A,$E,$B,$A,$C,$B,$D,$C,$E,$D); - return($n{$p}); - } - -sub RIP1 - { - local($a,$b,$c,$d,$e,$pos,$s,$o,$pos2)=@_; - - &comment($p++); - if ($p & 1) - { - #&mov($tmp1, $c) if $o == -1; - &xor($tmp1, $d) if $o == -1; - &mov($tmp2, &Xv($pos)); - &xor($tmp1, $b); - &add($a, $tmp2); - &rotl($c, 10); - &add($a, $tmp1); - &mov($tmp1, &Np($c)); # NEXT - # XXX - &rotl($a, $s); - &add($a, $e); - } - else - { - &xor($tmp1, $d); - &mov($tmp2, &Xv($pos)); - &xor($tmp1, $b); - &add($a, $tmp1); - &mov($tmp1, &Np($c)) if $o <= 0; - &mov($tmp1, -1) if $o == 1; - # XXX if $o == 2; - &rotl($c, 10); - &add($a, $tmp2); - &xor($tmp1, &Np($d)) if $o <= 0; - &mov($tmp2, &Xv($pos2)) if $o == 1; - &mov($tmp2, &wparam(0)) if $o == 2; - &rotl($a, $s); - &add($a, $e); - } - } - -sub RIP2 - { - local($a,$b,$c,$d,$e,$pos,$pos2,$s,$K,$o)=@_; - -# XXXXXX - &comment($p++); - if ($p & 1) - { -# &mov($tmp2, &Xv($pos)) if $o < -1; -# &mov($tmp1, -1) if $o < -1; - - &add($a, $tmp2); - &mov($tmp2, $c); - &sub($tmp1, $b); - &and($tmp2, $b); - &and($tmp1, $d); - &or($tmp2, $tmp1); - &mov($tmp1, &Xv($pos2)) if $o <= 0; # XXXXXXXXXXXXXX - # XXX - &rotl($c, 10); - &lea($a, &DWP($K,$a,$tmp2,1)); - &mov($tmp2, -1) if $o <= 0; - # XXX - &rotl($a, $s); - &add($a, $e); - } - else - { - # XXX - &add($a, $tmp1); - &mov($tmp1, $c); - &sub($tmp2, $b); - &and($tmp1, $b); - &and($tmp2, $d); - if ($o != 2) - { - &or($tmp1, $tmp2); - &mov($tmp2, &Xv($pos2)) if $o <= 0; - &mov($tmp2, -1) if $o == 1; - &rotl($c, 10); - &lea($a, &DWP($K,$a,$tmp1,1)); - &mov($tmp1, -1) if $o <= 0; - &sub($tmp2, &Np($c)) if $o == 1; - } else { - &or($tmp2, $tmp1); - &mov($tmp1, &Np($c)); - &rotl($c, 10); - &lea($a, &DWP($K,$a,$tmp2,1)); - &xor($tmp1, &Np($d)); - } - &rotl($a, $s); - &add($a, $e); - } - } - -sub RIP3 - { - local($a,$b,$c,$d,$e,$pos,$s,$K,$o,$pos2)=@_; - - &comment($p++); - if ($p & 1) - { -# &mov($tmp2, -1) if $o < -1; -# &sub($tmp2, $c) if $o < -1; - &mov($tmp1, &Xv($pos)); - &or($tmp2, $b); - &add($a, $tmp1); - &xor($tmp2, $d); - &mov($tmp1, -1) if $o <= 0; # NEXT - # XXX - &rotl($c, 10); - &lea($a, &DWP($K,$a,$tmp2,1)); - &sub($tmp1, &Np($c)) if $o <= 0; # NEXT - # XXX - &rotl($a, $s); - &add($a, $e); - } - else - { - &mov($tmp2, &Xv($pos)); - &or($tmp1, $b); - &add($a, $tmp2); - &xor($tmp1, $d); - &mov($tmp2, -1) if $o <= 0; # NEXT - &mov($tmp2, -1) if $o == 1; - &mov($tmp2, &Xv($pos2)) if $o == 2; - &rotl($c, 10); - &lea($a, &DWP($K,$a,$tmp1,1)); - &sub($tmp2, &Np($c)) if $o <= 0; # NEXT - &mov($tmp1, &Np($d)) if $o == 1; - &mov($tmp1, -1) if $o == 2; - &rotl($a, $s); - &add($a, $e); - } - } - -sub RIP4 - { - local($a,$b,$c,$d,$e,$pos,$s,$K,$o)=@_; - - &comment($p++); - if ($p & 1) - { -# &mov($tmp2, -1) if $o == -2; -# &mov($tmp1, $d) if $o == -2; - &sub($tmp2, $d); - &and($tmp1, $b); - &and($tmp2, $c); - &or($tmp2, $tmp1); - &mov($tmp1, &Xv($pos)); - &rotl($c, 10); - &lea($a, &DWP($K,$a,$tmp2)); - &mov($tmp2, -1) unless $o > 0; # NEXT - # XXX - &add($a, $tmp1); - &mov($tmp1, &Np($d)) unless $o > 0; # NEXT - # XXX - &rotl($a, $s); - &add($a, $e); - } - else - { - &sub($tmp2, $d); - &and($tmp1, $b); - &and($tmp2, $c); - &or($tmp2, $tmp1); - &mov($tmp1, &Xv($pos)); - &rotl($c, 10); - &lea($a, &DWP($K,$a,$tmp2)); - &mov($tmp2, -1) if $o == 0; # NEXT - &mov($tmp2, -1) if $o == 1; - &mov($tmp2, -1) if $o == 2; - # XXX - &add($a, $tmp1); - &mov($tmp1, &Np($d)) if $o == 0; # NEXT - &sub($tmp2, &Np($d)) if $o == 1; - &sub($tmp2, &Np($c)) if $o == 2; - # XXX - &rotl($a, $s); - &add($a, $e); - } - } - -sub RIP5 - { - local($a,$b,$c,$d,$e,$pos,$s,$K,$o)=@_; - - &comment($p++); - if ($p & 1) - { - &mov($tmp2, -1) if $o == -2; - &sub($tmp2, $d) if $o == -2; - &mov($tmp1, &Xv($pos)); - &or($tmp2, $c); - &add($a, $tmp1); - &xor($tmp2, $b); - &mov($tmp1, -1) if $o <= 0; - # XXX - &rotl($c, 10); - &lea($a, &DWP($K,$a,$tmp2,1)); - &sub($tmp1, &Np($d)) if $o <= 0; - # XXX - &rotl($a, $s); - &add($a, $e); - } - else - { - &mov($tmp2, &Xv($pos)); - &or($tmp1, $c); - &add($a, $tmp2); - &xor($tmp1, $b); - &mov($tmp2, -1) if $o <= 0; - &mov($tmp2, &wparam(0)) if $o == 1; # Middle code - &mov($tmp2, -1) if $o == 2; - &rotl($c, 10); - &lea($a, &DWP($K,$a,$tmp1,1)); - &sub($tmp2, &Np($d)) if $o <= 0; - &mov(&swtmp(16), $A) if $o == 1; - &mov($tmp1, &Np($d)) if $o == 2; - &rotl($a, $s); - &add($a, $e); - } - } - -sub ripemd160_block - { - local($name)=@_; - - &function_begin_B($name,"",3); - - # parameter 1 is the RIPEMD160_CTX structure. - # A 0 - # B 4 - # C 8 - # D 12 - # E 16 - - &mov($tmp2, &wparam(0)); - &mov($tmp1, &wparam(1)); - &push("esi"); - &mov($A, &DWP( 0,$tmp2,"",0)); - &push("edi"); - &mov($B, &DWP( 4,$tmp2,"",0)); - &push("ebp"); - &mov($C, &DWP( 8,$tmp2,"",0)); - &push("ebx"); - &stack_push(16+5+6); - # Special comment about the figure of 6. - # Idea is to pad the current frame so - # that the top of the stack gets fairly - # aligned. Well, as you realize it would - # always depend on how the frame below is - # aligned. The good news are that gcc-2.95 - # and later does keep first argument at - # least double-wise aligned. - # - - &set_label("start") unless $normal; - &comment(""); - - # &mov($tmp1, &wparam(1)); # Done at end of loop - # &mov($tmp2, &wparam(0)); # Done at end of loop - - for ($z=0; $z<16; $z+=2) - { - &mov($D, &DWP( $z*4,$tmp1,"",0)); - &mov($E, &DWP( ($z+1)*4,$tmp1,"",0)); - &mov(&swtmp($z), $D); - &mov(&swtmp($z+1), $E); - } - &mov($tmp1, $C); - &mov($D, &DWP(12,$tmp2,"",0)); - &mov($E, &DWP(16,$tmp2,"",0)); - - &RIP1($A,$B,$C,$D,$E,$wl[ 0],$sl[ 0],-1); - &RIP1($E,$A,$B,$C,$D,$wl[ 1],$sl[ 1],0); - &RIP1($D,$E,$A,$B,$C,$wl[ 2],$sl[ 2],0); - &RIP1($C,$D,$E,$A,$B,$wl[ 3],$sl[ 3],0); - &RIP1($B,$C,$D,$E,$A,$wl[ 4],$sl[ 4],0); - &RIP1($A,$B,$C,$D,$E,$wl[ 5],$sl[ 5],0); - &RIP1($E,$A,$B,$C,$D,$wl[ 6],$sl[ 6],0); - &RIP1($D,$E,$A,$B,$C,$wl[ 7],$sl[ 7],0); - &RIP1($C,$D,$E,$A,$B,$wl[ 8],$sl[ 8],0); - &RIP1($B,$C,$D,$E,$A,$wl[ 9],$sl[ 9],0); - &RIP1($A,$B,$C,$D,$E,$wl[10],$sl[10],0); - &RIP1($E,$A,$B,$C,$D,$wl[11],$sl[11],0); - &RIP1($D,$E,$A,$B,$C,$wl[12],$sl[12],0); - &RIP1($C,$D,$E,$A,$B,$wl[13],$sl[13],0); - &RIP1($B,$C,$D,$E,$A,$wl[14],$sl[14],0); - &RIP1($A,$B,$C,$D,$E,$wl[15],$sl[15],1,$wl[16]); - - &RIP2($E,$A,$B,$C,$D,$wl[16],$wl[17],$sl[16],$KL1,-1); - &RIP2($D,$E,$A,$B,$C,$wl[17],$wl[18],$sl[17],$KL1,0); - &RIP2($C,$D,$E,$A,$B,$wl[18],$wl[19],$sl[18],$KL1,0); - &RIP2($B,$C,$D,$E,$A,$wl[19],$wl[20],$sl[19],$KL1,0); - &RIP2($A,$B,$C,$D,$E,$wl[20],$wl[21],$sl[20],$KL1,0); - &RIP2($E,$A,$B,$C,$D,$wl[21],$wl[22],$sl[21],$KL1,0); - &RIP2($D,$E,$A,$B,$C,$wl[22],$wl[23],$sl[22],$KL1,0); - &RIP2($C,$D,$E,$A,$B,$wl[23],$wl[24],$sl[23],$KL1,0); - &RIP2($B,$C,$D,$E,$A,$wl[24],$wl[25],$sl[24],$KL1,0); - &RIP2($A,$B,$C,$D,$E,$wl[25],$wl[26],$sl[25],$KL1,0); - &RIP2($E,$A,$B,$C,$D,$wl[26],$wl[27],$sl[26],$KL1,0); - &RIP2($D,$E,$A,$B,$C,$wl[27],$wl[28],$sl[27],$KL1,0); - &RIP2($C,$D,$E,$A,$B,$wl[28],$wl[29],$sl[28],$KL1,0); - &RIP2($B,$C,$D,$E,$A,$wl[29],$wl[30],$sl[29],$KL1,0); - &RIP2($A,$B,$C,$D,$E,$wl[30],$wl[31],$sl[30],$KL1,0); - &RIP2($E,$A,$B,$C,$D,$wl[31],$wl[32],$sl[31],$KL1,1); - - &RIP3($D,$E,$A,$B,$C,$wl[32],$sl[32],$KL2,-1); - &RIP3($C,$D,$E,$A,$B,$wl[33],$sl[33],$KL2,0); - &RIP3($B,$C,$D,$E,$A,$wl[34],$sl[34],$KL2,0); - &RIP3($A,$B,$C,$D,$E,$wl[35],$sl[35],$KL2,0); - &RIP3($E,$A,$B,$C,$D,$wl[36],$sl[36],$KL2,0); - &RIP3($D,$E,$A,$B,$C,$wl[37],$sl[37],$KL2,0); - &RIP3($C,$D,$E,$A,$B,$wl[38],$sl[38],$KL2,0); - &RIP3($B,$C,$D,$E,$A,$wl[39],$sl[39],$KL2,0); - &RIP3($A,$B,$C,$D,$E,$wl[40],$sl[40],$KL2,0); - &RIP3($E,$A,$B,$C,$D,$wl[41],$sl[41],$KL2,0); - &RIP3($D,$E,$A,$B,$C,$wl[42],$sl[42],$KL2,0); - &RIP3($C,$D,$E,$A,$B,$wl[43],$sl[43],$KL2,0); - &RIP3($B,$C,$D,$E,$A,$wl[44],$sl[44],$KL2,0); - &RIP3($A,$B,$C,$D,$E,$wl[45],$sl[45],$KL2,0); - &RIP3($E,$A,$B,$C,$D,$wl[46],$sl[46],$KL2,0); - &RIP3($D,$E,$A,$B,$C,$wl[47],$sl[47],$KL2,1); - - &RIP4($C,$D,$E,$A,$B,$wl[48],$sl[48],$KL3,-1); - &RIP4($B,$C,$D,$E,$A,$wl[49],$sl[49],$KL3,0); - &RIP4($A,$B,$C,$D,$E,$wl[50],$sl[50],$KL3,0); - &RIP4($E,$A,$B,$C,$D,$wl[51],$sl[51],$KL3,0); - &RIP4($D,$E,$A,$B,$C,$wl[52],$sl[52],$KL3,0); - &RIP4($C,$D,$E,$A,$B,$wl[53],$sl[53],$KL3,0); - &RIP4($B,$C,$D,$E,$A,$wl[54],$sl[54],$KL3,0); - &RIP4($A,$B,$C,$D,$E,$wl[55],$sl[55],$KL3,0); - &RIP4($E,$A,$B,$C,$D,$wl[56],$sl[56],$KL3,0); - &RIP4($D,$E,$A,$B,$C,$wl[57],$sl[57],$KL3,0); - &RIP4($C,$D,$E,$A,$B,$wl[58],$sl[58],$KL3,0); - &RIP4($B,$C,$D,$E,$A,$wl[59],$sl[59],$KL3,0); - &RIP4($A,$B,$C,$D,$E,$wl[60],$sl[60],$KL3,0); - &RIP4($E,$A,$B,$C,$D,$wl[61],$sl[61],$KL3,0); - &RIP4($D,$E,$A,$B,$C,$wl[62],$sl[62],$KL3,0); - &RIP4($C,$D,$E,$A,$B,$wl[63],$sl[63],$KL3,1); - - &RIP5($B,$C,$D,$E,$A,$wl[64],$sl[64],$KL4,-1); - &RIP5($A,$B,$C,$D,$E,$wl[65],$sl[65],$KL4,0); - &RIP5($E,$A,$B,$C,$D,$wl[66],$sl[66],$KL4,0); - &RIP5($D,$E,$A,$B,$C,$wl[67],$sl[67],$KL4,0); - &RIP5($C,$D,$E,$A,$B,$wl[68],$sl[68],$KL4,0); - &RIP5($B,$C,$D,$E,$A,$wl[69],$sl[69],$KL4,0); - &RIP5($A,$B,$C,$D,$E,$wl[70],$sl[70],$KL4,0); - &RIP5($E,$A,$B,$C,$D,$wl[71],$sl[71],$KL4,0); - &RIP5($D,$E,$A,$B,$C,$wl[72],$sl[72],$KL4,0); - &RIP5($C,$D,$E,$A,$B,$wl[73],$sl[73],$KL4,0); - &RIP5($B,$C,$D,$E,$A,$wl[74],$sl[74],$KL4,0); - &RIP5($A,$B,$C,$D,$E,$wl[75],$sl[75],$KL4,0); - &RIP5($E,$A,$B,$C,$D,$wl[76],$sl[76],$KL4,0); - &RIP5($D,$E,$A,$B,$C,$wl[77],$sl[77],$KL4,0); - &RIP5($C,$D,$E,$A,$B,$wl[78],$sl[78],$KL4,0); - &RIP5($B,$C,$D,$E,$A,$wl[79],$sl[79],$KL4,1); - - # &mov($tmp2, &wparam(0)); # moved into last RIP5 - # &mov(&swtmp(16), $A); - &mov($A, &DWP( 0,$tmp2,"",0)); - &mov(&swtmp(16+1), $B); - &mov(&swtmp(16+2), $C); - &mov($B, &DWP( 4,$tmp2,"",0)); - &mov(&swtmp(16+3), $D); - &mov($C, &DWP( 8,$tmp2,"",0)); - &mov(&swtmp(16+4), $E); - &mov($D, &DWP(12,$tmp2,"",0)); - &mov($E, &DWP(16,$tmp2,"",0)); - - &RIP5($A,$B,$C,$D,$E,$wr[ 0],$sr[ 0],$KR0,-2); - &RIP5($E,$A,$B,$C,$D,$wr[ 1],$sr[ 1],$KR0,0); - &RIP5($D,$E,$A,$B,$C,$wr[ 2],$sr[ 2],$KR0,0); - &RIP5($C,$D,$E,$A,$B,$wr[ 3],$sr[ 3],$KR0,0); - &RIP5($B,$C,$D,$E,$A,$wr[ 4],$sr[ 4],$KR0,0); - &RIP5($A,$B,$C,$D,$E,$wr[ 5],$sr[ 5],$KR0,0); - &RIP5($E,$A,$B,$C,$D,$wr[ 6],$sr[ 6],$KR0,0); - &RIP5($D,$E,$A,$B,$C,$wr[ 7],$sr[ 7],$KR0,0); - &RIP5($C,$D,$E,$A,$B,$wr[ 8],$sr[ 8],$KR0,0); - &RIP5($B,$C,$D,$E,$A,$wr[ 9],$sr[ 9],$KR0,0); - &RIP5($A,$B,$C,$D,$E,$wr[10],$sr[10],$KR0,0); - &RIP5($E,$A,$B,$C,$D,$wr[11],$sr[11],$KR0,0); - &RIP5($D,$E,$A,$B,$C,$wr[12],$sr[12],$KR0,0); - &RIP5($C,$D,$E,$A,$B,$wr[13],$sr[13],$KR0,0); - &RIP5($B,$C,$D,$E,$A,$wr[14],$sr[14],$KR0,0); - &RIP5($A,$B,$C,$D,$E,$wr[15],$sr[15],$KR0,2); - - &RIP4($E,$A,$B,$C,$D,$wr[16],$sr[16],$KR1,-2); - &RIP4($D,$E,$A,$B,$C,$wr[17],$sr[17],$KR1,0); - &RIP4($C,$D,$E,$A,$B,$wr[18],$sr[18],$KR1,0); - &RIP4($B,$C,$D,$E,$A,$wr[19],$sr[19],$KR1,0); - &RIP4($A,$B,$C,$D,$E,$wr[20],$sr[20],$KR1,0); - &RIP4($E,$A,$B,$C,$D,$wr[21],$sr[21],$KR1,0); - &RIP4($D,$E,$A,$B,$C,$wr[22],$sr[22],$KR1,0); - &RIP4($C,$D,$E,$A,$B,$wr[23],$sr[23],$KR1,0); - &RIP4($B,$C,$D,$E,$A,$wr[24],$sr[24],$KR1,0); - &RIP4($A,$B,$C,$D,$E,$wr[25],$sr[25],$KR1,0); - &RIP4($E,$A,$B,$C,$D,$wr[26],$sr[26],$KR1,0); - &RIP4($D,$E,$A,$B,$C,$wr[27],$sr[27],$KR1,0); - &RIP4($C,$D,$E,$A,$B,$wr[28],$sr[28],$KR1,0); - &RIP4($B,$C,$D,$E,$A,$wr[29],$sr[29],$KR1,0); - &RIP4($A,$B,$C,$D,$E,$wr[30],$sr[30],$KR1,0); - &RIP4($E,$A,$B,$C,$D,$wr[31],$sr[31],$KR1,2); - - &RIP3($D,$E,$A,$B,$C,$wr[32],$sr[32],$KR2,-2); - &RIP3($C,$D,$E,$A,$B,$wr[33],$sr[33],$KR2,0); - &RIP3($B,$C,$D,$E,$A,$wr[34],$sr[34],$KR2,0); - &RIP3($A,$B,$C,$D,$E,$wr[35],$sr[35],$KR2,0); - &RIP3($E,$A,$B,$C,$D,$wr[36],$sr[36],$KR2,0); - &RIP3($D,$E,$A,$B,$C,$wr[37],$sr[37],$KR2,0); - &RIP3($C,$D,$E,$A,$B,$wr[38],$sr[38],$KR2,0); - &RIP3($B,$C,$D,$E,$A,$wr[39],$sr[39],$KR2,0); - &RIP3($A,$B,$C,$D,$E,$wr[40],$sr[40],$KR2,0); - &RIP3($E,$A,$B,$C,$D,$wr[41],$sr[41],$KR2,0); - &RIP3($D,$E,$A,$B,$C,$wr[42],$sr[42],$KR2,0); - &RIP3($C,$D,$E,$A,$B,$wr[43],$sr[43],$KR2,0); - &RIP3($B,$C,$D,$E,$A,$wr[44],$sr[44],$KR2,0); - &RIP3($A,$B,$C,$D,$E,$wr[45],$sr[45],$KR2,0); - &RIP3($E,$A,$B,$C,$D,$wr[46],$sr[46],$KR2,0); - &RIP3($D,$E,$A,$B,$C,$wr[47],$sr[47],$KR2,2,$wr[48]); - - &RIP2($C,$D,$E,$A,$B,$wr[48],$wr[49],$sr[48],$KR3,-2); - &RIP2($B,$C,$D,$E,$A,$wr[49],$wr[50],$sr[49],$KR3,0); - &RIP2($A,$B,$C,$D,$E,$wr[50],$wr[51],$sr[50],$KR3,0); - &RIP2($E,$A,$B,$C,$D,$wr[51],$wr[52],$sr[51],$KR3,0); - &RIP2($D,$E,$A,$B,$C,$wr[52],$wr[53],$sr[52],$KR3,0); - &RIP2($C,$D,$E,$A,$B,$wr[53],$wr[54],$sr[53],$KR3,0); - &RIP2($B,$C,$D,$E,$A,$wr[54],$wr[55],$sr[54],$KR3,0); - &RIP2($A,$B,$C,$D,$E,$wr[55],$wr[56],$sr[55],$KR3,0); - &RIP2($E,$A,$B,$C,$D,$wr[56],$wr[57],$sr[56],$KR3,0); - &RIP2($D,$E,$A,$B,$C,$wr[57],$wr[58],$sr[57],$KR3,0); - &RIP2($C,$D,$E,$A,$B,$wr[58],$wr[59],$sr[58],$KR3,0); - &RIP2($B,$C,$D,$E,$A,$wr[59],$wr[60],$sr[59],$KR3,0); - &RIP2($A,$B,$C,$D,$E,$wr[60],$wr[61],$sr[60],$KR3,0); - &RIP2($E,$A,$B,$C,$D,$wr[61],$wr[62],$sr[61],$KR3,0); - &RIP2($D,$E,$A,$B,$C,$wr[62],$wr[63],$sr[62],$KR3,0); - &RIP2($C,$D,$E,$A,$B,$wr[63],$wr[64],$sr[63],$KR3,2); - - &RIP1($B,$C,$D,$E,$A,$wr[64],$sr[64],-2); - &RIP1($A,$B,$C,$D,$E,$wr[65],$sr[65],0); - &RIP1($E,$A,$B,$C,$D,$wr[66],$sr[66],0); - &RIP1($D,$E,$A,$B,$C,$wr[67],$sr[67],0); - &RIP1($C,$D,$E,$A,$B,$wr[68],$sr[68],0); - &RIP1($B,$C,$D,$E,$A,$wr[69],$sr[69],0); - &RIP1($A,$B,$C,$D,$E,$wr[70],$sr[70],0); - &RIP1($E,$A,$B,$C,$D,$wr[71],$sr[71],0); - &RIP1($D,$E,$A,$B,$C,$wr[72],$sr[72],0); - &RIP1($C,$D,$E,$A,$B,$wr[73],$sr[73],0); - &RIP1($B,$C,$D,$E,$A,$wr[74],$sr[74],0); - &RIP1($A,$B,$C,$D,$E,$wr[75],$sr[75],0); - &RIP1($E,$A,$B,$C,$D,$wr[76],$sr[76],0); - &RIP1($D,$E,$A,$B,$C,$wr[77],$sr[77],0); - &RIP1($C,$D,$E,$A,$B,$wr[78],$sr[78],0); - &RIP1($B,$C,$D,$E,$A,$wr[79],$sr[79],2); - - # &mov($tmp2, &wparam(0)); # Moved into last round - - &mov($tmp1, &DWP( 4,$tmp2,"",0)); # ctx->B - &add($D, $tmp1); - &mov($tmp1, &swtmp(16+2)); # $c - &add($D, $tmp1); - - &mov($tmp1, &DWP( 8,$tmp2,"",0)); # ctx->C - &add($E, $tmp1); - &mov($tmp1, &swtmp(16+3)); # $d - &add($E, $tmp1); - - &mov($tmp1, &DWP(12,$tmp2,"",0)); # ctx->D - &add($A, $tmp1); - &mov($tmp1, &swtmp(16+4)); # $e - &add($A, $tmp1); - - - &mov($tmp1, &DWP(16,$tmp2,"",0)); # ctx->E - &add($B, $tmp1); - &mov($tmp1, &swtmp(16+0)); # $a - &add($B, $tmp1); - - &mov($tmp1, &DWP( 0,$tmp2,"",0)); # ctx->A - &add($C, $tmp1); - &mov($tmp1, &swtmp(16+1)); # $b - &add($C, $tmp1); - - &mov($tmp1, &wparam(2)); - - &mov(&DWP( 0,$tmp2,"",0), $D); - &mov(&DWP( 4,$tmp2,"",0), $E); - &mov(&DWP( 8,$tmp2,"",0), $A); - &sub($tmp1,1); - &mov(&DWP(12,$tmp2,"",0), $B); - &mov(&DWP(16,$tmp2,"",0), $C); - - &jle(&label("get_out")); - - &mov(&wparam(2),$tmp1); - &mov($C, $A); - &mov($tmp1, &wparam(1)); - &mov($A, $D); - &add($tmp1, 64); - &mov($B, $E); - &mov(&wparam(1),$tmp1); - - &jmp(&label("start")); - - &set_label("get_out"); - - &stack_pop(16+5+6); - - &pop("ebx"); - &pop("ebp"); - &pop("edi"); - &pop("esi"); - &ret(); - &function_end_B($name); - } - diff --git a/lib/libcrypto/whrlpool/asm/wp-mmx.pl b/lib/libcrypto/whrlpool/asm/wp-mmx.pl deleted file mode 100644 index d948c590e..000000000 --- a/lib/libcrypto/whrlpool/asm/wp-mmx.pl +++ /dev/null @@ -1,495 +0,0 @@ -#!/usr/bin/env perl -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. Rights for redistribution and usage in source and binary -# forms are granted according to the OpenSSL license. -# ==================================================================== -# -# whirlpool_block_mmx implementation. -# -*SCALE=\(2); # 2 or 8, that is the question:-) Value of 8 results -# in 16KB large table, which is tough on L1 cache, but eliminates -# unaligned references to it. Value of 2 results in 4KB table, but -# 7/8 of references to it are unaligned. AMD cores seem to be -# allergic to the latter, while Intel ones - to former [see the -# table]. I stick to value of 2 for two reasons: 1. smaller table -# minimizes cache trashing and thus mitigates the hazard of side- -# channel leakage similar to AES cache-timing one; 2. performance -# gap among different µ-archs is smaller. -# -# Performance table lists rounded amounts of CPU cycles spent by -# whirlpool_block_mmx routine on single 64 byte input block, i.e. -# smaller is better and asymptotic throughput can be estimated by -# multiplying 64 by CPU clock frequency and dividing by relevant -# value from the given table: -# -# $SCALE=2/8 icc8 gcc3 -# Intel P4 3200/4600 4600(*) 6400 -# Intel PIII 2900/3000 4900 5400 -# AMD K[78] 2500/1800 9900 8200(**) -# -# (*) I've sketched even non-MMX assembler, but for the record -# I've failed to beat the Intel compiler on P4, without using -# MMX that is... -# (**) ... on AMD on the other hand non-MMX assembler was observed -# to perform significantly better, but I figured this MMX -# implementation is even faster anyway, so why bother? As for -# pre-MMX AMD core[s], the improvement coefficient is more -# than likely to vary anyway and I don't know how. But the -# least I know is that gcc-generated code compiled with -# -DL_ENDIAN and -DOPENSSL_SMALL_FOOTPRINT [see C module for -# details] and optimized for Pentium was observed to perform -# *better* on Pentium 100 than unrolled non-MMX assembler -# loop... So we just say that I don't know if maintaining -# non-MMX implementation would actually pay off, but till -# opposite is proved "unlikely" is assumed. - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86asm.pl"; - -&asm_init($ARGV[0],"wp-mmx.pl"); - -sub L() { &data_byte(@_); } -sub LL() -{ if ($SCALE==2) { &data_byte(@_); &data_byte(@_); } - elsif ($SCALE==8) { for ($i=0;$i<8;$i++) { - &data_byte(@_); - unshift(@_,pop(@_)); - } - } - else { die "invalid SCALE value"; } -} - -sub scale() -{ if ($SCALE==2) { &lea(@_[0],&DWP(0,@_[1],@_[1])); } - elsif ($SCALE==8) { &lea(@_[0],&DWP(0,"",@_[1],8)); } - else { die "invalid SCALE value"; } -} - -sub row() -{ if ($SCALE==2) { ((8-shift)&7); } - elsif ($SCALE==8) { (8*shift); } - else { die "invalid SCALE value"; } -} - -$tbl="ebp"; -@mm=("mm0","mm1","mm2","mm3","mm4","mm5","mm6","mm7"); - -&static_label("table"); - -&function_begin_B("whirlpool_block_mmx"); - &push ("ebp"); - &push ("ebx"); - &push ("esi"); - &push ("edi"); - - &mov ("esi",&wparam(0)); # hash value - &mov ("edi",&wparam(1)); # input data stream - &mov ("ebp",&wparam(2)); # number of chunks in input - - &mov ("eax","esp"); # copy stack pointer - &sub ("esp",128+20); # allocate frame - &and ("esp",-64); # align for cache-line - - &lea ("ebx",&DWP(128,"esp")); - &mov (&DWP(0,"ebx"),"esi"); # save parameter block - &mov (&DWP(4,"ebx"),"edi"); - &mov (&DWP(8,"ebx"),"ebp"); - &mov (&DWP(16,"ebx"),"eax"); # saved stack pointer - - &picsetup($tbl); - &picsymbol($tbl, &label("table"), $tbl); - - &xor ("ecx","ecx"); - &xor ("edx","edx"); - - for($i=0;$i<8;$i++) { &movq(@mm[$i],&QWP($i*8,"esi")); } # L=H -&set_label("outerloop"); - for($i=0;$i<8;$i++) { &movq(&QWP($i*8,"esp"),@mm[$i]); } # K=L - for($i=0;$i<8;$i++) { &pxor(@mm[$i],&QWP($i*8,"edi")); } # L^=inp - for($i=0;$i<8;$i++) { &movq(&QWP(64+$i*8,"esp"),@mm[$i]); } # S=L - - &xor ("esi","esi"); - &mov (&DWP(12,"ebx"),"esi"); # zero round counter - -&set_label("round",16); - &movq (@mm[0],&QWP(2048*$SCALE,$tbl,"esi",8)); # rc[r] - &mov ("eax",&DWP(0,"esp")); - &mov ("ebx",&DWP(4,"esp")); -for($i=0;$i<8;$i++) { - my $func = ($i==0)? \&movq : \&pxor; - &movb (&LB("ecx"),&LB("eax")); - &movb (&LB("edx"),&HB("eax")); - &scale ("esi","ecx"); - &scale ("edi","edx"); - &shr ("eax",16); - &pxor (@mm[0],&QWP(&row(0),$tbl,"esi",8)); - &$func (@mm[1],&QWP(&row(1),$tbl,"edi",8)); - &movb (&LB("ecx"),&LB("eax")); - &movb (&LB("edx"),&HB("eax")); - &mov ("eax",&DWP(($i+1)*8,"esp")); - &scale ("esi","ecx"); - &scale ("edi","edx"); - &$func (@mm[2],&QWP(&row(2),$tbl,"esi",8)); - &$func (@mm[3],&QWP(&row(3),$tbl,"edi",8)); - &movb (&LB("ecx"),&LB("ebx")); - &movb (&LB("edx"),&HB("ebx")); - &scale ("esi","ecx"); - &scale ("edi","edx"); - &shr ("ebx",16); - &$func (@mm[4],&QWP(&row(4),$tbl,"esi",8)); - &$func (@mm[5],&QWP(&row(5),$tbl,"edi",8)); - &movb (&LB("ecx"),&LB("ebx")); - &movb (&LB("edx"),&HB("ebx")); - &mov ("ebx",&DWP(($i+1)*8+4,"esp")); - &scale ("esi","ecx"); - &scale ("edi","edx"); - &$func (@mm[6],&QWP(&row(6),$tbl,"esi",8)); - &$func (@mm[7],&QWP(&row(7),$tbl,"edi",8)); - push(@mm,shift(@mm)); -} - - for($i=0;$i<8;$i++) { &movq(&QWP($i*8,"esp"),@mm[$i]); } # K=L - -for($i=0;$i<8;$i++) { - &movb (&LB("ecx"),&LB("eax")); - &movb (&LB("edx"),&HB("eax")); - &scale ("esi","ecx"); - &scale ("edi","edx"); - &shr ("eax",16); - &pxor (@mm[0],&QWP(&row(0),$tbl,"esi",8)); - &pxor (@mm[1],&QWP(&row(1),$tbl,"edi",8)); - &movb (&LB("ecx"),&LB("eax")); - &movb (&LB("edx"),&HB("eax")); - &mov ("eax",&DWP(64+($i+1)*8,"esp")) if ($i<7); - &scale ("esi","ecx"); - &scale ("edi","edx"); - &pxor (@mm[2],&QWP(&row(2),$tbl,"esi",8)); - &pxor (@mm[3],&QWP(&row(3),$tbl,"edi",8)); - &movb (&LB("ecx"),&LB("ebx")); - &movb (&LB("edx"),&HB("ebx")); - &scale ("esi","ecx"); - &scale ("edi","edx"); - &shr ("ebx",16); - &pxor (@mm[4],&QWP(&row(4),$tbl,"esi",8)); - &pxor (@mm[5],&QWP(&row(5),$tbl,"edi",8)); - &movb (&LB("ecx"),&LB("ebx")); - &movb (&LB("edx"),&HB("ebx")); - &mov ("ebx",&DWP(64+($i+1)*8+4,"esp")) if ($i<7); - &scale ("esi","ecx"); - &scale ("edi","edx"); - &pxor (@mm[6],&QWP(&row(6),$tbl,"esi",8)); - &pxor (@mm[7],&QWP(&row(7),$tbl,"edi",8)); - push(@mm,shift(@mm)); -} - &lea ("ebx",&DWP(128,"esp")); - &mov ("esi",&DWP(12,"ebx")); # pull round counter - &add ("esi",1); - &cmp ("esi",10); - &je (&label("roundsdone")); - - &mov (&DWP(12,"ebx"),"esi"); # update round counter - for($i=0;$i<8;$i++) { &movq(&QWP(64+$i*8,"esp"),@mm[$i]); } # S=L - &jmp (&label("round")); - -&set_label("roundsdone",16); - &mov ("esi",&DWP(0,"ebx")); # reload argument block - &mov ("edi",&DWP(4,"ebx")); - &mov ("eax",&DWP(8,"ebx")); - - for($i=0;$i<8;$i++) { &pxor(@mm[$i],&QWP($i*8,"edi")); } # L^=inp - for($i=0;$i<8;$i++) { &pxor(@mm[$i],&QWP($i*8,"esi")); } # L^=H - for($i=0;$i<8;$i++) { &movq(&QWP($i*8,"esi"),@mm[$i]); } # H=L - - &lea ("edi",&DWP(64,"edi")); # inp+=64 - &sub ("eax",1); # num-- - &jz (&label("alldone")); - &mov (&DWP(4,"ebx"),"edi"); # update argument block - &mov (&DWP(8,"ebx"),"eax"); - &jmp (&label("outerloop")); - -&set_label("alldone"); - &emms (); - &mov ("esp",&DWP(16,"ebx")); # restore saved stack pointer - &pop ("edi"); - &pop ("esi"); - &pop ("ebx"); - &pop ("ebp"); - &ret (); -&function_end_B("whirlpool_block_mmx"); - - &rodataseg(); -&align(64); -&set_label("table"); - &LL(0x18,0x18,0x60,0x18,0xc0,0x78,0x30,0xd8); - &LL(0x23,0x23,0x8c,0x23,0x05,0xaf,0x46,0x26); - &LL(0xc6,0xc6,0x3f,0xc6,0x7e,0xf9,0x91,0xb8); - &LL(0xe8,0xe8,0x87,0xe8,0x13,0x6f,0xcd,0xfb); - &LL(0x87,0x87,0x26,0x87,0x4c,0xa1,0x13,0xcb); - &LL(0xb8,0xb8,0xda,0xb8,0xa9,0x62,0x6d,0x11); - &LL(0x01,0x01,0x04,0x01,0x08,0x05,0x02,0x09); - &LL(0x4f,0x4f,0x21,0x4f,0x42,0x6e,0x9e,0x0d); - &LL(0x36,0x36,0xd8,0x36,0xad,0xee,0x6c,0x9b); - &LL(0xa6,0xa6,0xa2,0xa6,0x59,0x04,0x51,0xff); - &LL(0xd2,0xd2,0x6f,0xd2,0xde,0xbd,0xb9,0x0c); - &LL(0xf5,0xf5,0xf3,0xf5,0xfb,0x06,0xf7,0x0e); - &LL(0x79,0x79,0xf9,0x79,0xef,0x80,0xf2,0x96); - &LL(0x6f,0x6f,0xa1,0x6f,0x5f,0xce,0xde,0x30); - &LL(0x91,0x91,0x7e,0x91,0xfc,0xef,0x3f,0x6d); - &LL(0x52,0x52,0x55,0x52,0xaa,0x07,0xa4,0xf8); - &LL(0x60,0x60,0x9d,0x60,0x27,0xfd,0xc0,0x47); - &LL(0xbc,0xbc,0xca,0xbc,0x89,0x76,0x65,0x35); - &LL(0x9b,0x9b,0x56,0x9b,0xac,0xcd,0x2b,0x37); - &LL(0x8e,0x8e,0x02,0x8e,0x04,0x8c,0x01,0x8a); - &LL(0xa3,0xa3,0xb6,0xa3,0x71,0x15,0x5b,0xd2); - &LL(0x0c,0x0c,0x30,0x0c,0x60,0x3c,0x18,0x6c); - &LL(0x7b,0x7b,0xf1,0x7b,0xff,0x8a,0xf6,0x84); - &LL(0x35,0x35,0xd4,0x35,0xb5,0xe1,0x6a,0x80); - &LL(0x1d,0x1d,0x74,0x1d,0xe8,0x69,0x3a,0xf5); - &LL(0xe0,0xe0,0xa7,0xe0,0x53,0x47,0xdd,0xb3); - &LL(0xd7,0xd7,0x7b,0xd7,0xf6,0xac,0xb3,0x21); - &LL(0xc2,0xc2,0x2f,0xc2,0x5e,0xed,0x99,0x9c); - &LL(0x2e,0x2e,0xb8,0x2e,0x6d,0x96,0x5c,0x43); - &LL(0x4b,0x4b,0x31,0x4b,0x62,0x7a,0x96,0x29); - &LL(0xfe,0xfe,0xdf,0xfe,0xa3,0x21,0xe1,0x5d); - &LL(0x57,0x57,0x41,0x57,0x82,0x16,0xae,0xd5); - &LL(0x15,0x15,0x54,0x15,0xa8,0x41,0x2a,0xbd); - &LL(0x77,0x77,0xc1,0x77,0x9f,0xb6,0xee,0xe8); - &LL(0x37,0x37,0xdc,0x37,0xa5,0xeb,0x6e,0x92); - &LL(0xe5,0xe5,0xb3,0xe5,0x7b,0x56,0xd7,0x9e); - &LL(0x9f,0x9f,0x46,0x9f,0x8c,0xd9,0x23,0x13); - &LL(0xf0,0xf0,0xe7,0xf0,0xd3,0x17,0xfd,0x23); - &LL(0x4a,0x4a,0x35,0x4a,0x6a,0x7f,0x94,0x20); - &LL(0xda,0xda,0x4f,0xda,0x9e,0x95,0xa9,0x44); - &LL(0x58,0x58,0x7d,0x58,0xfa,0x25,0xb0,0xa2); - &LL(0xc9,0xc9,0x03,0xc9,0x06,0xca,0x8f,0xcf); - &LL(0x29,0x29,0xa4,0x29,0x55,0x8d,0x52,0x7c); - &LL(0x0a,0x0a,0x28,0x0a,0x50,0x22,0x14,0x5a); - &LL(0xb1,0xb1,0xfe,0xb1,0xe1,0x4f,0x7f,0x50); - &LL(0xa0,0xa0,0xba,0xa0,0x69,0x1a,0x5d,0xc9); - &LL(0x6b,0x6b,0xb1,0x6b,0x7f,0xda,0xd6,0x14); - &LL(0x85,0x85,0x2e,0x85,0x5c,0xab,0x17,0xd9); - &LL(0xbd,0xbd,0xce,0xbd,0x81,0x73,0x67,0x3c); - &LL(0x5d,0x5d,0x69,0x5d,0xd2,0x34,0xba,0x8f); - &LL(0x10,0x10,0x40,0x10,0x80,0x50,0x20,0x90); - &LL(0xf4,0xf4,0xf7,0xf4,0xf3,0x03,0xf5,0x07); - &LL(0xcb,0xcb,0x0b,0xcb,0x16,0xc0,0x8b,0xdd); - &LL(0x3e,0x3e,0xf8,0x3e,0xed,0xc6,0x7c,0xd3); - &LL(0x05,0x05,0x14,0x05,0x28,0x11,0x0a,0x2d); - &LL(0x67,0x67,0x81,0x67,0x1f,0xe6,0xce,0x78); - &LL(0xe4,0xe4,0xb7,0xe4,0x73,0x53,0xd5,0x97); - &LL(0x27,0x27,0x9c,0x27,0x25,0xbb,0x4e,0x02); - &LL(0x41,0x41,0x19,0x41,0x32,0x58,0x82,0x73); - &LL(0x8b,0x8b,0x16,0x8b,0x2c,0x9d,0x0b,0xa7); - &LL(0xa7,0xa7,0xa6,0xa7,0x51,0x01,0x53,0xf6); - &LL(0x7d,0x7d,0xe9,0x7d,0xcf,0x94,0xfa,0xb2); - &LL(0x95,0x95,0x6e,0x95,0xdc,0xfb,0x37,0x49); - &LL(0xd8,0xd8,0x47,0xd8,0x8e,0x9f,0xad,0x56); - &LL(0xfb,0xfb,0xcb,0xfb,0x8b,0x30,0xeb,0x70); - &LL(0xee,0xee,0x9f,0xee,0x23,0x71,0xc1,0xcd); - &LL(0x7c,0x7c,0xed,0x7c,0xc7,0x91,0xf8,0xbb); - &LL(0x66,0x66,0x85,0x66,0x17,0xe3,0xcc,0x71); - &LL(0xdd,0xdd,0x53,0xdd,0xa6,0x8e,0xa7,0x7b); - &LL(0x17,0x17,0x5c,0x17,0xb8,0x4b,0x2e,0xaf); - &LL(0x47,0x47,0x01,0x47,0x02,0x46,0x8e,0x45); - &LL(0x9e,0x9e,0x42,0x9e,0x84,0xdc,0x21,0x1a); - &LL(0xca,0xca,0x0f,0xca,0x1e,0xc5,0x89,0xd4); - &LL(0x2d,0x2d,0xb4,0x2d,0x75,0x99,0x5a,0x58); - &LL(0xbf,0xbf,0xc6,0xbf,0x91,0x79,0x63,0x2e); - &LL(0x07,0x07,0x1c,0x07,0x38,0x1b,0x0e,0x3f); - &LL(0xad,0xad,0x8e,0xad,0x01,0x23,0x47,0xac); - &LL(0x5a,0x5a,0x75,0x5a,0xea,0x2f,0xb4,0xb0); - &LL(0x83,0x83,0x36,0x83,0x6c,0xb5,0x1b,0xef); - &LL(0x33,0x33,0xcc,0x33,0x85,0xff,0x66,0xb6); - &LL(0x63,0x63,0x91,0x63,0x3f,0xf2,0xc6,0x5c); - &LL(0x02,0x02,0x08,0x02,0x10,0x0a,0x04,0x12); - &LL(0xaa,0xaa,0x92,0xaa,0x39,0x38,0x49,0x93); - &LL(0x71,0x71,0xd9,0x71,0xaf,0xa8,0xe2,0xde); - &LL(0xc8,0xc8,0x07,0xc8,0x0e,0xcf,0x8d,0xc6); - &LL(0x19,0x19,0x64,0x19,0xc8,0x7d,0x32,0xd1); - &LL(0x49,0x49,0x39,0x49,0x72,0x70,0x92,0x3b); - &LL(0xd9,0xd9,0x43,0xd9,0x86,0x9a,0xaf,0x5f); - &LL(0xf2,0xf2,0xef,0xf2,0xc3,0x1d,0xf9,0x31); - &LL(0xe3,0xe3,0xab,0xe3,0x4b,0x48,0xdb,0xa8); - &LL(0x5b,0x5b,0x71,0x5b,0xe2,0x2a,0xb6,0xb9); - &LL(0x88,0x88,0x1a,0x88,0x34,0x92,0x0d,0xbc); - &LL(0x9a,0x9a,0x52,0x9a,0xa4,0xc8,0x29,0x3e); - &LL(0x26,0x26,0x98,0x26,0x2d,0xbe,0x4c,0x0b); - &LL(0x32,0x32,0xc8,0x32,0x8d,0xfa,0x64,0xbf); - &LL(0xb0,0xb0,0xfa,0xb0,0xe9,0x4a,0x7d,0x59); - &LL(0xe9,0xe9,0x83,0xe9,0x1b,0x6a,0xcf,0xf2); - &LL(0x0f,0x0f,0x3c,0x0f,0x78,0x33,0x1e,0x77); - &LL(0xd5,0xd5,0x73,0xd5,0xe6,0xa6,0xb7,0x33); - &LL(0x80,0x80,0x3a,0x80,0x74,0xba,0x1d,0xf4); - &LL(0xbe,0xbe,0xc2,0xbe,0x99,0x7c,0x61,0x27); - &LL(0xcd,0xcd,0x13,0xcd,0x26,0xde,0x87,0xeb); - &LL(0x34,0x34,0xd0,0x34,0xbd,0xe4,0x68,0x89); - &LL(0x48,0x48,0x3d,0x48,0x7a,0x75,0x90,0x32); - &LL(0xff,0xff,0xdb,0xff,0xab,0x24,0xe3,0x54); - &LL(0x7a,0x7a,0xf5,0x7a,0xf7,0x8f,0xf4,0x8d); - &LL(0x90,0x90,0x7a,0x90,0xf4,0xea,0x3d,0x64); - &LL(0x5f,0x5f,0x61,0x5f,0xc2,0x3e,0xbe,0x9d); - &LL(0x20,0x20,0x80,0x20,0x1d,0xa0,0x40,0x3d); - &LL(0x68,0x68,0xbd,0x68,0x67,0xd5,0xd0,0x0f); - &LL(0x1a,0x1a,0x68,0x1a,0xd0,0x72,0x34,0xca); - &LL(0xae,0xae,0x82,0xae,0x19,0x2c,0x41,0xb7); - &LL(0xb4,0xb4,0xea,0xb4,0xc9,0x5e,0x75,0x7d); - &LL(0x54,0x54,0x4d,0x54,0x9a,0x19,0xa8,0xce); - &LL(0x93,0x93,0x76,0x93,0xec,0xe5,0x3b,0x7f); - &LL(0x22,0x22,0x88,0x22,0x0d,0xaa,0x44,0x2f); - &LL(0x64,0x64,0x8d,0x64,0x07,0xe9,0xc8,0x63); - &LL(0xf1,0xf1,0xe3,0xf1,0xdb,0x12,0xff,0x2a); - &LL(0x73,0x73,0xd1,0x73,0xbf,0xa2,0xe6,0xcc); - &LL(0x12,0x12,0x48,0x12,0x90,0x5a,0x24,0x82); - &LL(0x40,0x40,0x1d,0x40,0x3a,0x5d,0x80,0x7a); - &LL(0x08,0x08,0x20,0x08,0x40,0x28,0x10,0x48); - &LL(0xc3,0xc3,0x2b,0xc3,0x56,0xe8,0x9b,0x95); - &LL(0xec,0xec,0x97,0xec,0x33,0x7b,0xc5,0xdf); - &LL(0xdb,0xdb,0x4b,0xdb,0x96,0x90,0xab,0x4d); - &LL(0xa1,0xa1,0xbe,0xa1,0x61,0x1f,0x5f,0xc0); - &LL(0x8d,0x8d,0x0e,0x8d,0x1c,0x83,0x07,0x91); - &LL(0x3d,0x3d,0xf4,0x3d,0xf5,0xc9,0x7a,0xc8); - &LL(0x97,0x97,0x66,0x97,0xcc,0xf1,0x33,0x5b); - &LL(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00); - &LL(0xcf,0xcf,0x1b,0xcf,0x36,0xd4,0x83,0xf9); - &LL(0x2b,0x2b,0xac,0x2b,0x45,0x87,0x56,0x6e); - &LL(0x76,0x76,0xc5,0x76,0x97,0xb3,0xec,0xe1); - &LL(0x82,0x82,0x32,0x82,0x64,0xb0,0x19,0xe6); - &LL(0xd6,0xd6,0x7f,0xd6,0xfe,0xa9,0xb1,0x28); - &LL(0x1b,0x1b,0x6c,0x1b,0xd8,0x77,0x36,0xc3); - &LL(0xb5,0xb5,0xee,0xb5,0xc1,0x5b,0x77,0x74); - &LL(0xaf,0xaf,0x86,0xaf,0x11,0x29,0x43,0xbe); - &LL(0x6a,0x6a,0xb5,0x6a,0x77,0xdf,0xd4,0x1d); - &LL(0x50,0x50,0x5d,0x50,0xba,0x0d,0xa0,0xea); - &LL(0x45,0x45,0x09,0x45,0x12,0x4c,0x8a,0x57); - &LL(0xf3,0xf3,0xeb,0xf3,0xcb,0x18,0xfb,0x38); - &LL(0x30,0x30,0xc0,0x30,0x9d,0xf0,0x60,0xad); - &LL(0xef,0xef,0x9b,0xef,0x2b,0x74,0xc3,0xc4); - &LL(0x3f,0x3f,0xfc,0x3f,0xe5,0xc3,0x7e,0xda); - &LL(0x55,0x55,0x49,0x55,0x92,0x1c,0xaa,0xc7); - &LL(0xa2,0xa2,0xb2,0xa2,0x79,0x10,0x59,0xdb); - &LL(0xea,0xea,0x8f,0xea,0x03,0x65,0xc9,0xe9); - &LL(0x65,0x65,0x89,0x65,0x0f,0xec,0xca,0x6a); - &LL(0xba,0xba,0xd2,0xba,0xb9,0x68,0x69,0x03); - &LL(0x2f,0x2f,0xbc,0x2f,0x65,0x93,0x5e,0x4a); - &LL(0xc0,0xc0,0x27,0xc0,0x4e,0xe7,0x9d,0x8e); - &LL(0xde,0xde,0x5f,0xde,0xbe,0x81,0xa1,0x60); - &LL(0x1c,0x1c,0x70,0x1c,0xe0,0x6c,0x38,0xfc); - &LL(0xfd,0xfd,0xd3,0xfd,0xbb,0x2e,0xe7,0x46); - &LL(0x4d,0x4d,0x29,0x4d,0x52,0x64,0x9a,0x1f); - &LL(0x92,0x92,0x72,0x92,0xe4,0xe0,0x39,0x76); - &LL(0x75,0x75,0xc9,0x75,0x8f,0xbc,0xea,0xfa); - &LL(0x06,0x06,0x18,0x06,0x30,0x1e,0x0c,0x36); - &LL(0x8a,0x8a,0x12,0x8a,0x24,0x98,0x09,0xae); - &LL(0xb2,0xb2,0xf2,0xb2,0xf9,0x40,0x79,0x4b); - &LL(0xe6,0xe6,0xbf,0xe6,0x63,0x59,0xd1,0x85); - &LL(0x0e,0x0e,0x38,0x0e,0x70,0x36,0x1c,0x7e); - &LL(0x1f,0x1f,0x7c,0x1f,0xf8,0x63,0x3e,0xe7); - &LL(0x62,0x62,0x95,0x62,0x37,0xf7,0xc4,0x55); - &LL(0xd4,0xd4,0x77,0xd4,0xee,0xa3,0xb5,0x3a); - &LL(0xa8,0xa8,0x9a,0xa8,0x29,0x32,0x4d,0x81); - &LL(0x96,0x96,0x62,0x96,0xc4,0xf4,0x31,0x52); - &LL(0xf9,0xf9,0xc3,0xf9,0x9b,0x3a,0xef,0x62); - &LL(0xc5,0xc5,0x33,0xc5,0x66,0xf6,0x97,0xa3); - &LL(0x25,0x25,0x94,0x25,0x35,0xb1,0x4a,0x10); - &LL(0x59,0x59,0x79,0x59,0xf2,0x20,0xb2,0xab); - &LL(0x84,0x84,0x2a,0x84,0x54,0xae,0x15,0xd0); - &LL(0x72,0x72,0xd5,0x72,0xb7,0xa7,0xe4,0xc5); - &LL(0x39,0x39,0xe4,0x39,0xd5,0xdd,0x72,0xec); - &LL(0x4c,0x4c,0x2d,0x4c,0x5a,0x61,0x98,0x16); - &LL(0x5e,0x5e,0x65,0x5e,0xca,0x3b,0xbc,0x94); - &LL(0x78,0x78,0xfd,0x78,0xe7,0x85,0xf0,0x9f); - &LL(0x38,0x38,0xe0,0x38,0xdd,0xd8,0x70,0xe5); - &LL(0x8c,0x8c,0x0a,0x8c,0x14,0x86,0x05,0x98); - &LL(0xd1,0xd1,0x63,0xd1,0xc6,0xb2,0xbf,0x17); - &LL(0xa5,0xa5,0xae,0xa5,0x41,0x0b,0x57,0xe4); - &LL(0xe2,0xe2,0xaf,0xe2,0x43,0x4d,0xd9,0xa1); - &LL(0x61,0x61,0x99,0x61,0x2f,0xf8,0xc2,0x4e); - &LL(0xb3,0xb3,0xf6,0xb3,0xf1,0x45,0x7b,0x42); - &LL(0x21,0x21,0x84,0x21,0x15,0xa5,0x42,0x34); - &LL(0x9c,0x9c,0x4a,0x9c,0x94,0xd6,0x25,0x08); - &LL(0x1e,0x1e,0x78,0x1e,0xf0,0x66,0x3c,0xee); - &LL(0x43,0x43,0x11,0x43,0x22,0x52,0x86,0x61); - &LL(0xc7,0xc7,0x3b,0xc7,0x76,0xfc,0x93,0xb1); - &LL(0xfc,0xfc,0xd7,0xfc,0xb3,0x2b,0xe5,0x4f); - &LL(0x04,0x04,0x10,0x04,0x20,0x14,0x08,0x24); - &LL(0x51,0x51,0x59,0x51,0xb2,0x08,0xa2,0xe3); - &LL(0x99,0x99,0x5e,0x99,0xbc,0xc7,0x2f,0x25); - &LL(0x6d,0x6d,0xa9,0x6d,0x4f,0xc4,0xda,0x22); - &LL(0x0d,0x0d,0x34,0x0d,0x68,0x39,0x1a,0x65); - &LL(0xfa,0xfa,0xcf,0xfa,0x83,0x35,0xe9,0x79); - &LL(0xdf,0xdf,0x5b,0xdf,0xb6,0x84,0xa3,0x69); - &LL(0x7e,0x7e,0xe5,0x7e,0xd7,0x9b,0xfc,0xa9); - &LL(0x24,0x24,0x90,0x24,0x3d,0xb4,0x48,0x19); - &LL(0x3b,0x3b,0xec,0x3b,0xc5,0xd7,0x76,0xfe); - &LL(0xab,0xab,0x96,0xab,0x31,0x3d,0x4b,0x9a); - &LL(0xce,0xce,0x1f,0xce,0x3e,0xd1,0x81,0xf0); - &LL(0x11,0x11,0x44,0x11,0x88,0x55,0x22,0x99); - &LL(0x8f,0x8f,0x06,0x8f,0x0c,0x89,0x03,0x83); - &LL(0x4e,0x4e,0x25,0x4e,0x4a,0x6b,0x9c,0x04); - &LL(0xb7,0xb7,0xe6,0xb7,0xd1,0x51,0x73,0x66); - &LL(0xeb,0xeb,0x8b,0xeb,0x0b,0x60,0xcb,0xe0); - &LL(0x3c,0x3c,0xf0,0x3c,0xfd,0xcc,0x78,0xc1); - &LL(0x81,0x81,0x3e,0x81,0x7c,0xbf,0x1f,0xfd); - &LL(0x94,0x94,0x6a,0x94,0xd4,0xfe,0x35,0x40); - &LL(0xf7,0xf7,0xfb,0xf7,0xeb,0x0c,0xf3,0x1c); - &LL(0xb9,0xb9,0xde,0xb9,0xa1,0x67,0x6f,0x18); - &LL(0x13,0x13,0x4c,0x13,0x98,0x5f,0x26,0x8b); - &LL(0x2c,0x2c,0xb0,0x2c,0x7d,0x9c,0x58,0x51); - &LL(0xd3,0xd3,0x6b,0xd3,0xd6,0xb8,0xbb,0x05); - &LL(0xe7,0xe7,0xbb,0xe7,0x6b,0x5c,0xd3,0x8c); - &LL(0x6e,0x6e,0xa5,0x6e,0x57,0xcb,0xdc,0x39); - &LL(0xc4,0xc4,0x37,0xc4,0x6e,0xf3,0x95,0xaa); - &LL(0x03,0x03,0x0c,0x03,0x18,0x0f,0x06,0x1b); - &LL(0x56,0x56,0x45,0x56,0x8a,0x13,0xac,0xdc); - &LL(0x44,0x44,0x0d,0x44,0x1a,0x49,0x88,0x5e); - &LL(0x7f,0x7f,0xe1,0x7f,0xdf,0x9e,0xfe,0xa0); - &LL(0xa9,0xa9,0x9e,0xa9,0x21,0x37,0x4f,0x88); - &LL(0x2a,0x2a,0xa8,0x2a,0x4d,0x82,0x54,0x67); - &LL(0xbb,0xbb,0xd6,0xbb,0xb1,0x6d,0x6b,0x0a); - &LL(0xc1,0xc1,0x23,0xc1,0x46,0xe2,0x9f,0x87); - &LL(0x53,0x53,0x51,0x53,0xa2,0x02,0xa6,0xf1); - &LL(0xdc,0xdc,0x57,0xdc,0xae,0x8b,0xa5,0x72); - &LL(0x0b,0x0b,0x2c,0x0b,0x58,0x27,0x16,0x53); - &LL(0x9d,0x9d,0x4e,0x9d,0x9c,0xd3,0x27,0x01); - &LL(0x6c,0x6c,0xad,0x6c,0x47,0xc1,0xd8,0x2b); - &LL(0x31,0x31,0xc4,0x31,0x95,0xf5,0x62,0xa4); - &LL(0x74,0x74,0xcd,0x74,0x87,0xb9,0xe8,0xf3); - &LL(0xf6,0xf6,0xff,0xf6,0xe3,0x09,0xf1,0x15); - &LL(0x46,0x46,0x05,0x46,0x0a,0x43,0x8c,0x4c); - &LL(0xac,0xac,0x8a,0xac,0x09,0x26,0x45,0xa5); - &LL(0x89,0x89,0x1e,0x89,0x3c,0x97,0x0f,0xb5); - &LL(0x14,0x14,0x50,0x14,0xa0,0x44,0x28,0xb4); - &LL(0xe1,0xe1,0xa3,0xe1,0x5b,0x42,0xdf,0xba); - &LL(0x16,0x16,0x58,0x16,0xb0,0x4e,0x2c,0xa6); - &LL(0x3a,0x3a,0xe8,0x3a,0xcd,0xd2,0x74,0xf7); - &LL(0x69,0x69,0xb9,0x69,0x6f,0xd0,0xd2,0x06); - &LL(0x09,0x09,0x24,0x09,0x48,0x2d,0x12,0x41); - &LL(0x70,0x70,0xdd,0x70,0xa7,0xad,0xe0,0xd7); - &LL(0xb6,0xb6,0xe2,0xb6,0xd9,0x54,0x71,0x6f); - &LL(0xd0,0xd0,0x67,0xd0,0xce,0xb7,0xbd,0x1e); - &LL(0xed,0xed,0x93,0xed,0x3b,0x7e,0xc7,0xd6); - &LL(0xcc,0xcc,0x17,0xcc,0x2e,0xdb,0x85,0xe2); - &LL(0x42,0x42,0x15,0x42,0x2a,0x57,0x84,0x68); - &LL(0x98,0x98,0x5a,0x98,0xb4,0xc2,0x2d,0x2c); - &LL(0xa4,0xa4,0xaa,0xa4,0x49,0x0e,0x55,0xed); - &LL(0x28,0x28,0xa0,0x28,0x5d,0x88,0x50,0x75); - &LL(0x5c,0x5c,0x6d,0x5c,0xda,0x31,0xb8,0x86); - &LL(0xf8,0xf8,0xc7,0xf8,0x93,0x3f,0xed,0x6b); - &LL(0x86,0x86,0x22,0x86,0x44,0xa4,0x11,0xc2); - - &L(0x18,0x23,0xc6,0xe8,0x87,0xb8,0x01,0x4f); # rc[ROUNDS] - &L(0x36,0xa6,0xd2,0xf5,0x79,0x6f,0x91,0x52); - &L(0x60,0xbc,0x9b,0x8e,0xa3,0x0c,0x7b,0x35); - &L(0x1d,0xe0,0xd7,0xc2,0x2e,0x4b,0xfe,0x57); - &L(0x15,0x77,0x37,0xe5,0x9f,0xf0,0x4a,0xda); - &L(0x58,0xc9,0x29,0x0a,0xb1,0xa0,0x6b,0x85); - &L(0xbd,0x5d,0x10,0xf4,0xcb,0x3e,0x05,0x67); - &L(0xe4,0x27,0x41,0x8b,0xa7,0x7d,0x95,0xd8); - &L(0xfb,0xee,0x7c,0x66,0xdd,0x17,0x47,0x9e); - &L(0xca,0x2d,0xbf,0x07,0xad,0x5a,0x83,0x33); - &previous(); - -&asm_finish(); diff --git a/lib/libcrypto/whrlpool/asm/wp-x86_64.pl b/lib/libcrypto/whrlpool/asm/wp-x86_64.pl deleted file mode 100644 index 2a3902430..000000000 --- a/lib/libcrypto/whrlpool/asm/wp-x86_64.pl +++ /dev/null @@ -1,483 +0,0 @@ -#!/usr/bin/env perl -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. Rights for redistribution and usage in source and binary -# forms are granted according to the OpenSSL license. -# ==================================================================== -# -# whirlpool_block for x86_64. -# -# 2500 cycles per 64-byte input block on AMD64, which is *identical* -# to 32-bit MMX version executed on same CPU. So why did I bother? -# Well, it's faster than gcc 3.3.2 generated code by over 50%, and -# over 80% faster than PathScale 1.4, an "ambitious" commercial -# compiler. Furthermore it surpasses gcc 3.4.3 by 170% and Sun Studio -# 10 - by 360%[!]... What is it with x86_64 compilers? It's not the -# first example when they fail to generate more optimal code, when -# I believe they had *all* chances to... -# -# Note that register and stack frame layout are virtually identical -# to 32-bit MMX version, except that %r8-15 are used instead of -# %mm0-8. You can even notice that K[i] and S[i] are loaded to -# %eax:%ebx as pair of 32-bit values and not as single 64-bit one. -# This is done in order to avoid 64-bit shift penalties on Intel -# EM64T core. Speaking of which! I bet it's possible to improve -# Opteron performance by compressing the table to 2KB and replacing -# unaligned references with complementary rotations [which would -# incidentally replace lea instructions], but it would definitely -# just "kill" EM64T, because it has only 1 shifter/rotator [against -# 3 on Opteron] and which is *unacceptably* slow with 64-bit -# operand. - -$flavour = shift; -$output = shift; -if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -open OUT,"| \"$^X\" $xlate $flavour $output"; -*STDOUT=*OUT; - -sub L() { $code.=".byte ".join(',',@_)."\n"; } -sub LL(){ $code.=".byte ".join(',',@_).",".join(',',@_)."\n"; } - -@mm=("%r8","%r9","%r10","%r11","%r12","%r13","%r14","%r15"); - -$func="whirlpool_block"; -$table=".Ltable"; - -$code=<<___; -.text - -.globl $func -.type $func,\@function,3 -.align 16 -$func: - _CET_ENDBR - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - - mov %rsp,%r11 - sub \$128+40,%rsp - and \$-64,%rsp - - lea 128(%rsp),%r10 - mov %rdi,0(%r10) # save parameter block - mov %rsi,8(%r10) - mov %rdx,16(%r10) - mov %r11,32(%r10) # saved stack pointer -.Lprologue: - - mov %r10,%rbx - lea $table(%rip),%rbp - - xor %rcx,%rcx - xor %rdx,%rdx -___ -for($i=0;$i<8;$i++) { $code.="mov $i*8(%rdi),@mm[$i]\n"; } # L=H -$code.=".Louterloop:\n"; -for($i=0;$i<8;$i++) { $code.="mov @mm[$i],$i*8(%rsp)\n"; } # K=L -for($i=0;$i<8;$i++) { $code.="xor $i*8(%rsi),@mm[$i]\n"; } # L^=inp -for($i=0;$i<8;$i++) { $code.="mov @mm[$i],64+$i*8(%rsp)\n"; } # S=L -$code.=<<___; - xor %rsi,%rsi - mov %rsi,24(%rbx) # zero round counter -.align 16 -.Lround: - mov 4096(%rbp,%rsi,8),@mm[0] # rc[r] - mov 0(%rsp),%eax - mov 4(%rsp),%ebx -___ -for($i=0;$i<8;$i++) { - my $func = ($i==0)? "mov" : "xor"; - $code.=<<___; - mov %al,%cl - mov %ah,%dl - lea (%rcx,%rcx),%rsi - lea (%rdx,%rdx),%rdi - shr \$16,%eax - xor 0(%rbp,%rsi,8),@mm[0] - $func 7(%rbp,%rdi,8),@mm[1] - mov %al,%cl - mov %ah,%dl - mov $i*8+8(%rsp),%eax # ($i+1)*8 - lea (%rcx,%rcx),%rsi - lea (%rdx,%rdx),%rdi - $func 6(%rbp,%rsi,8),@mm[2] - $func 5(%rbp,%rdi,8),@mm[3] - mov %bl,%cl - mov %bh,%dl - lea (%rcx,%rcx),%rsi - lea (%rdx,%rdx),%rdi - shr \$16,%ebx - $func 4(%rbp,%rsi,8),@mm[4] - $func 3(%rbp,%rdi,8),@mm[5] - mov %bl,%cl - mov %bh,%dl - mov $i*8+8+4(%rsp),%ebx # ($i+1)*8+4 - lea (%rcx,%rcx),%rsi - lea (%rdx,%rdx),%rdi - $func 2(%rbp,%rsi,8),@mm[6] - $func 1(%rbp,%rdi,8),@mm[7] -___ - push(@mm,shift(@mm)); -} -for($i=0;$i<8;$i++) { $code.="mov @mm[$i],$i*8(%rsp)\n"; } # K=L -for($i=0;$i<8;$i++) { - $code.=<<___; - mov %al,%cl - mov %ah,%dl - lea (%rcx,%rcx),%rsi - lea (%rdx,%rdx),%rdi - shr \$16,%eax - xor 0(%rbp,%rsi,8),@mm[0] - xor 7(%rbp,%rdi,8),@mm[1] - mov %al,%cl - mov %ah,%dl - `"mov 64+$i*8+8(%rsp),%eax" if($i<7);` # 64+($i+1)*8 - lea (%rcx,%rcx),%rsi - lea (%rdx,%rdx),%rdi - xor 6(%rbp,%rsi,8),@mm[2] - xor 5(%rbp,%rdi,8),@mm[3] - mov %bl,%cl - mov %bh,%dl - lea (%rcx,%rcx),%rsi - lea (%rdx,%rdx),%rdi - shr \$16,%ebx - xor 4(%rbp,%rsi,8),@mm[4] - xor 3(%rbp,%rdi,8),@mm[5] - mov %bl,%cl - mov %bh,%dl - `"mov 64+$i*8+8+4(%rsp),%ebx" if($i<7);` # 64+($i+1)*8+4 - lea (%rcx,%rcx),%rsi - lea (%rdx,%rdx),%rdi - xor 2(%rbp,%rsi,8),@mm[6] - xor 1(%rbp,%rdi,8),@mm[7] -___ - push(@mm,shift(@mm)); -} -$code.=<<___; - lea 128(%rsp),%rbx - mov 24(%rbx),%rsi # pull round counter - add \$1,%rsi - cmp \$10,%rsi - je .Lroundsdone - - mov %rsi,24(%rbx) # update round counter -___ -for($i=0;$i<8;$i++) { $code.="mov @mm[$i],64+$i*8(%rsp)\n"; } # S=L -$code.=<<___; - jmp .Lround -.align 16 -.Lroundsdone: - mov 0(%rbx),%rdi # reload argument block - mov 8(%rbx),%rsi - mov 16(%rbx),%rax -___ -for($i=0;$i<8;$i++) { $code.="xor $i*8(%rsi),@mm[$i]\n"; } # L^=inp -for($i=0;$i<8;$i++) { $code.="xor $i*8(%rdi),@mm[$i]\n"; } # L^=H -for($i=0;$i<8;$i++) { $code.="mov @mm[$i],$i*8(%rdi)\n"; } # H=L -$code.=<<___; - lea 64(%rsi),%rsi # inp+=64 - sub \$1,%rax # num-- - jz .Lalldone - mov %rsi,8(%rbx) # update parameter block - mov %rax,16(%rbx) - jmp .Louterloop -.Lalldone: - mov 32(%rbx),%rsi # restore saved pointer - mov (%rsi),%r15 - mov 8(%rsi),%r14 - mov 16(%rsi),%r13 - mov 24(%rsi),%r12 - mov 32(%rsi),%rbp - mov 40(%rsi),%rbx - lea 48(%rsi),%rsp -.Lepilogue: - ret -.size $func,.-$func - -.section .rodata -.align 64 -.type $table,\@object -$table: -___ - &LL(0x18,0x18,0x60,0x18,0xc0,0x78,0x30,0xd8); - &LL(0x23,0x23,0x8c,0x23,0x05,0xaf,0x46,0x26); - &LL(0xc6,0xc6,0x3f,0xc6,0x7e,0xf9,0x91,0xb8); - &LL(0xe8,0xe8,0x87,0xe8,0x13,0x6f,0xcd,0xfb); - &LL(0x87,0x87,0x26,0x87,0x4c,0xa1,0x13,0xcb); - &LL(0xb8,0xb8,0xda,0xb8,0xa9,0x62,0x6d,0x11); - &LL(0x01,0x01,0x04,0x01,0x08,0x05,0x02,0x09); - &LL(0x4f,0x4f,0x21,0x4f,0x42,0x6e,0x9e,0x0d); - &LL(0x36,0x36,0xd8,0x36,0xad,0xee,0x6c,0x9b); - &LL(0xa6,0xa6,0xa2,0xa6,0x59,0x04,0x51,0xff); - &LL(0xd2,0xd2,0x6f,0xd2,0xde,0xbd,0xb9,0x0c); - &LL(0xf5,0xf5,0xf3,0xf5,0xfb,0x06,0xf7,0x0e); - &LL(0x79,0x79,0xf9,0x79,0xef,0x80,0xf2,0x96); - &LL(0x6f,0x6f,0xa1,0x6f,0x5f,0xce,0xde,0x30); - &LL(0x91,0x91,0x7e,0x91,0xfc,0xef,0x3f,0x6d); - &LL(0x52,0x52,0x55,0x52,0xaa,0x07,0xa4,0xf8); - &LL(0x60,0x60,0x9d,0x60,0x27,0xfd,0xc0,0x47); - &LL(0xbc,0xbc,0xca,0xbc,0x89,0x76,0x65,0x35); - &LL(0x9b,0x9b,0x56,0x9b,0xac,0xcd,0x2b,0x37); - &LL(0x8e,0x8e,0x02,0x8e,0x04,0x8c,0x01,0x8a); - &LL(0xa3,0xa3,0xb6,0xa3,0x71,0x15,0x5b,0xd2); - &LL(0x0c,0x0c,0x30,0x0c,0x60,0x3c,0x18,0x6c); - &LL(0x7b,0x7b,0xf1,0x7b,0xff,0x8a,0xf6,0x84); - &LL(0x35,0x35,0xd4,0x35,0xb5,0xe1,0x6a,0x80); - &LL(0x1d,0x1d,0x74,0x1d,0xe8,0x69,0x3a,0xf5); - &LL(0xe0,0xe0,0xa7,0xe0,0x53,0x47,0xdd,0xb3); - &LL(0xd7,0xd7,0x7b,0xd7,0xf6,0xac,0xb3,0x21); - &LL(0xc2,0xc2,0x2f,0xc2,0x5e,0xed,0x99,0x9c); - &LL(0x2e,0x2e,0xb8,0x2e,0x6d,0x96,0x5c,0x43); - &LL(0x4b,0x4b,0x31,0x4b,0x62,0x7a,0x96,0x29); - &LL(0xfe,0xfe,0xdf,0xfe,0xa3,0x21,0xe1,0x5d); - &LL(0x57,0x57,0x41,0x57,0x82,0x16,0xae,0xd5); - &LL(0x15,0x15,0x54,0x15,0xa8,0x41,0x2a,0xbd); - &LL(0x77,0x77,0xc1,0x77,0x9f,0xb6,0xee,0xe8); - &LL(0x37,0x37,0xdc,0x37,0xa5,0xeb,0x6e,0x92); - &LL(0xe5,0xe5,0xb3,0xe5,0x7b,0x56,0xd7,0x9e); - &LL(0x9f,0x9f,0x46,0x9f,0x8c,0xd9,0x23,0x13); - &LL(0xf0,0xf0,0xe7,0xf0,0xd3,0x17,0xfd,0x23); - &LL(0x4a,0x4a,0x35,0x4a,0x6a,0x7f,0x94,0x20); - &LL(0xda,0xda,0x4f,0xda,0x9e,0x95,0xa9,0x44); - &LL(0x58,0x58,0x7d,0x58,0xfa,0x25,0xb0,0xa2); - &LL(0xc9,0xc9,0x03,0xc9,0x06,0xca,0x8f,0xcf); - &LL(0x29,0x29,0xa4,0x29,0x55,0x8d,0x52,0x7c); - &LL(0x0a,0x0a,0x28,0x0a,0x50,0x22,0x14,0x5a); - &LL(0xb1,0xb1,0xfe,0xb1,0xe1,0x4f,0x7f,0x50); - &LL(0xa0,0xa0,0xba,0xa0,0x69,0x1a,0x5d,0xc9); - &LL(0x6b,0x6b,0xb1,0x6b,0x7f,0xda,0xd6,0x14); - &LL(0x85,0x85,0x2e,0x85,0x5c,0xab,0x17,0xd9); - &LL(0xbd,0xbd,0xce,0xbd,0x81,0x73,0x67,0x3c); - &LL(0x5d,0x5d,0x69,0x5d,0xd2,0x34,0xba,0x8f); - &LL(0x10,0x10,0x40,0x10,0x80,0x50,0x20,0x90); - &LL(0xf4,0xf4,0xf7,0xf4,0xf3,0x03,0xf5,0x07); - &LL(0xcb,0xcb,0x0b,0xcb,0x16,0xc0,0x8b,0xdd); - &LL(0x3e,0x3e,0xf8,0x3e,0xed,0xc6,0x7c,0xd3); - &LL(0x05,0x05,0x14,0x05,0x28,0x11,0x0a,0x2d); - &LL(0x67,0x67,0x81,0x67,0x1f,0xe6,0xce,0x78); - &LL(0xe4,0xe4,0xb7,0xe4,0x73,0x53,0xd5,0x97); - &LL(0x27,0x27,0x9c,0x27,0x25,0xbb,0x4e,0x02); - &LL(0x41,0x41,0x19,0x41,0x32,0x58,0x82,0x73); - &LL(0x8b,0x8b,0x16,0x8b,0x2c,0x9d,0x0b,0xa7); - &LL(0xa7,0xa7,0xa6,0xa7,0x51,0x01,0x53,0xf6); - &LL(0x7d,0x7d,0xe9,0x7d,0xcf,0x94,0xfa,0xb2); - &LL(0x95,0x95,0x6e,0x95,0xdc,0xfb,0x37,0x49); - &LL(0xd8,0xd8,0x47,0xd8,0x8e,0x9f,0xad,0x56); - &LL(0xfb,0xfb,0xcb,0xfb,0x8b,0x30,0xeb,0x70); - &LL(0xee,0xee,0x9f,0xee,0x23,0x71,0xc1,0xcd); - &LL(0x7c,0x7c,0xed,0x7c,0xc7,0x91,0xf8,0xbb); - &LL(0x66,0x66,0x85,0x66,0x17,0xe3,0xcc,0x71); - &LL(0xdd,0xdd,0x53,0xdd,0xa6,0x8e,0xa7,0x7b); - &LL(0x17,0x17,0x5c,0x17,0xb8,0x4b,0x2e,0xaf); - &LL(0x47,0x47,0x01,0x47,0x02,0x46,0x8e,0x45); - &LL(0x9e,0x9e,0x42,0x9e,0x84,0xdc,0x21,0x1a); - &LL(0xca,0xca,0x0f,0xca,0x1e,0xc5,0x89,0xd4); - &LL(0x2d,0x2d,0xb4,0x2d,0x75,0x99,0x5a,0x58); - &LL(0xbf,0xbf,0xc6,0xbf,0x91,0x79,0x63,0x2e); - &LL(0x07,0x07,0x1c,0x07,0x38,0x1b,0x0e,0x3f); - &LL(0xad,0xad,0x8e,0xad,0x01,0x23,0x47,0xac); - &LL(0x5a,0x5a,0x75,0x5a,0xea,0x2f,0xb4,0xb0); - &LL(0x83,0x83,0x36,0x83,0x6c,0xb5,0x1b,0xef); - &LL(0x33,0x33,0xcc,0x33,0x85,0xff,0x66,0xb6); - &LL(0x63,0x63,0x91,0x63,0x3f,0xf2,0xc6,0x5c); - &LL(0x02,0x02,0x08,0x02,0x10,0x0a,0x04,0x12); - &LL(0xaa,0xaa,0x92,0xaa,0x39,0x38,0x49,0x93); - &LL(0x71,0x71,0xd9,0x71,0xaf,0xa8,0xe2,0xde); - &LL(0xc8,0xc8,0x07,0xc8,0x0e,0xcf,0x8d,0xc6); - &LL(0x19,0x19,0x64,0x19,0xc8,0x7d,0x32,0xd1); - &LL(0x49,0x49,0x39,0x49,0x72,0x70,0x92,0x3b); - &LL(0xd9,0xd9,0x43,0xd9,0x86,0x9a,0xaf,0x5f); - &LL(0xf2,0xf2,0xef,0xf2,0xc3,0x1d,0xf9,0x31); - &LL(0xe3,0xe3,0xab,0xe3,0x4b,0x48,0xdb,0xa8); - &LL(0x5b,0x5b,0x71,0x5b,0xe2,0x2a,0xb6,0xb9); - &LL(0x88,0x88,0x1a,0x88,0x34,0x92,0x0d,0xbc); - &LL(0x9a,0x9a,0x52,0x9a,0xa4,0xc8,0x29,0x3e); - &LL(0x26,0x26,0x98,0x26,0x2d,0xbe,0x4c,0x0b); - &LL(0x32,0x32,0xc8,0x32,0x8d,0xfa,0x64,0xbf); - &LL(0xb0,0xb0,0xfa,0xb0,0xe9,0x4a,0x7d,0x59); - &LL(0xe9,0xe9,0x83,0xe9,0x1b,0x6a,0xcf,0xf2); - &LL(0x0f,0x0f,0x3c,0x0f,0x78,0x33,0x1e,0x77); - &LL(0xd5,0xd5,0x73,0xd5,0xe6,0xa6,0xb7,0x33); - &LL(0x80,0x80,0x3a,0x80,0x74,0xba,0x1d,0xf4); - &LL(0xbe,0xbe,0xc2,0xbe,0x99,0x7c,0x61,0x27); - &LL(0xcd,0xcd,0x13,0xcd,0x26,0xde,0x87,0xeb); - &LL(0x34,0x34,0xd0,0x34,0xbd,0xe4,0x68,0x89); - &LL(0x48,0x48,0x3d,0x48,0x7a,0x75,0x90,0x32); - &LL(0xff,0xff,0xdb,0xff,0xab,0x24,0xe3,0x54); - &LL(0x7a,0x7a,0xf5,0x7a,0xf7,0x8f,0xf4,0x8d); - &LL(0x90,0x90,0x7a,0x90,0xf4,0xea,0x3d,0x64); - &LL(0x5f,0x5f,0x61,0x5f,0xc2,0x3e,0xbe,0x9d); - &LL(0x20,0x20,0x80,0x20,0x1d,0xa0,0x40,0x3d); - &LL(0x68,0x68,0xbd,0x68,0x67,0xd5,0xd0,0x0f); - &LL(0x1a,0x1a,0x68,0x1a,0xd0,0x72,0x34,0xca); - &LL(0xae,0xae,0x82,0xae,0x19,0x2c,0x41,0xb7); - &LL(0xb4,0xb4,0xea,0xb4,0xc9,0x5e,0x75,0x7d); - &LL(0x54,0x54,0x4d,0x54,0x9a,0x19,0xa8,0xce); - &LL(0x93,0x93,0x76,0x93,0xec,0xe5,0x3b,0x7f); - &LL(0x22,0x22,0x88,0x22,0x0d,0xaa,0x44,0x2f); - &LL(0x64,0x64,0x8d,0x64,0x07,0xe9,0xc8,0x63); - &LL(0xf1,0xf1,0xe3,0xf1,0xdb,0x12,0xff,0x2a); - &LL(0x73,0x73,0xd1,0x73,0xbf,0xa2,0xe6,0xcc); - &LL(0x12,0x12,0x48,0x12,0x90,0x5a,0x24,0x82); - &LL(0x40,0x40,0x1d,0x40,0x3a,0x5d,0x80,0x7a); - &LL(0x08,0x08,0x20,0x08,0x40,0x28,0x10,0x48); - &LL(0xc3,0xc3,0x2b,0xc3,0x56,0xe8,0x9b,0x95); - &LL(0xec,0xec,0x97,0xec,0x33,0x7b,0xc5,0xdf); - &LL(0xdb,0xdb,0x4b,0xdb,0x96,0x90,0xab,0x4d); - &LL(0xa1,0xa1,0xbe,0xa1,0x61,0x1f,0x5f,0xc0); - &LL(0x8d,0x8d,0x0e,0x8d,0x1c,0x83,0x07,0x91); - &LL(0x3d,0x3d,0xf4,0x3d,0xf5,0xc9,0x7a,0xc8); - &LL(0x97,0x97,0x66,0x97,0xcc,0xf1,0x33,0x5b); - &LL(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00); - &LL(0xcf,0xcf,0x1b,0xcf,0x36,0xd4,0x83,0xf9); - &LL(0x2b,0x2b,0xac,0x2b,0x45,0x87,0x56,0x6e); - &LL(0x76,0x76,0xc5,0x76,0x97,0xb3,0xec,0xe1); - &LL(0x82,0x82,0x32,0x82,0x64,0xb0,0x19,0xe6); - &LL(0xd6,0xd6,0x7f,0xd6,0xfe,0xa9,0xb1,0x28); - &LL(0x1b,0x1b,0x6c,0x1b,0xd8,0x77,0x36,0xc3); - &LL(0xb5,0xb5,0xee,0xb5,0xc1,0x5b,0x77,0x74); - &LL(0xaf,0xaf,0x86,0xaf,0x11,0x29,0x43,0xbe); - &LL(0x6a,0x6a,0xb5,0x6a,0x77,0xdf,0xd4,0x1d); - &LL(0x50,0x50,0x5d,0x50,0xba,0x0d,0xa0,0xea); - &LL(0x45,0x45,0x09,0x45,0x12,0x4c,0x8a,0x57); - &LL(0xf3,0xf3,0xeb,0xf3,0xcb,0x18,0xfb,0x38); - &LL(0x30,0x30,0xc0,0x30,0x9d,0xf0,0x60,0xad); - &LL(0xef,0xef,0x9b,0xef,0x2b,0x74,0xc3,0xc4); - &LL(0x3f,0x3f,0xfc,0x3f,0xe5,0xc3,0x7e,0xda); - &LL(0x55,0x55,0x49,0x55,0x92,0x1c,0xaa,0xc7); - &LL(0xa2,0xa2,0xb2,0xa2,0x79,0x10,0x59,0xdb); - &LL(0xea,0xea,0x8f,0xea,0x03,0x65,0xc9,0xe9); - &LL(0x65,0x65,0x89,0x65,0x0f,0xec,0xca,0x6a); - &LL(0xba,0xba,0xd2,0xba,0xb9,0x68,0x69,0x03); - &LL(0x2f,0x2f,0xbc,0x2f,0x65,0x93,0x5e,0x4a); - &LL(0xc0,0xc0,0x27,0xc0,0x4e,0xe7,0x9d,0x8e); - &LL(0xde,0xde,0x5f,0xde,0xbe,0x81,0xa1,0x60); - &LL(0x1c,0x1c,0x70,0x1c,0xe0,0x6c,0x38,0xfc); - &LL(0xfd,0xfd,0xd3,0xfd,0xbb,0x2e,0xe7,0x46); - &LL(0x4d,0x4d,0x29,0x4d,0x52,0x64,0x9a,0x1f); - &LL(0x92,0x92,0x72,0x92,0xe4,0xe0,0x39,0x76); - &LL(0x75,0x75,0xc9,0x75,0x8f,0xbc,0xea,0xfa); - &LL(0x06,0x06,0x18,0x06,0x30,0x1e,0x0c,0x36); - &LL(0x8a,0x8a,0x12,0x8a,0x24,0x98,0x09,0xae); - &LL(0xb2,0xb2,0xf2,0xb2,0xf9,0x40,0x79,0x4b); - &LL(0xe6,0xe6,0xbf,0xe6,0x63,0x59,0xd1,0x85); - &LL(0x0e,0x0e,0x38,0x0e,0x70,0x36,0x1c,0x7e); - &LL(0x1f,0x1f,0x7c,0x1f,0xf8,0x63,0x3e,0xe7); - &LL(0x62,0x62,0x95,0x62,0x37,0xf7,0xc4,0x55); - &LL(0xd4,0xd4,0x77,0xd4,0xee,0xa3,0xb5,0x3a); - &LL(0xa8,0xa8,0x9a,0xa8,0x29,0x32,0x4d,0x81); - &LL(0x96,0x96,0x62,0x96,0xc4,0xf4,0x31,0x52); - &LL(0xf9,0xf9,0xc3,0xf9,0x9b,0x3a,0xef,0x62); - &LL(0xc5,0xc5,0x33,0xc5,0x66,0xf6,0x97,0xa3); - &LL(0x25,0x25,0x94,0x25,0x35,0xb1,0x4a,0x10); - &LL(0x59,0x59,0x79,0x59,0xf2,0x20,0xb2,0xab); - &LL(0x84,0x84,0x2a,0x84,0x54,0xae,0x15,0xd0); - &LL(0x72,0x72,0xd5,0x72,0xb7,0xa7,0xe4,0xc5); - &LL(0x39,0x39,0xe4,0x39,0xd5,0xdd,0x72,0xec); - &LL(0x4c,0x4c,0x2d,0x4c,0x5a,0x61,0x98,0x16); - &LL(0x5e,0x5e,0x65,0x5e,0xca,0x3b,0xbc,0x94); - &LL(0x78,0x78,0xfd,0x78,0xe7,0x85,0xf0,0x9f); - &LL(0x38,0x38,0xe0,0x38,0xdd,0xd8,0x70,0xe5); - &LL(0x8c,0x8c,0x0a,0x8c,0x14,0x86,0x05,0x98); - &LL(0xd1,0xd1,0x63,0xd1,0xc6,0xb2,0xbf,0x17); - &LL(0xa5,0xa5,0xae,0xa5,0x41,0x0b,0x57,0xe4); - &LL(0xe2,0xe2,0xaf,0xe2,0x43,0x4d,0xd9,0xa1); - &LL(0x61,0x61,0x99,0x61,0x2f,0xf8,0xc2,0x4e); - &LL(0xb3,0xb3,0xf6,0xb3,0xf1,0x45,0x7b,0x42); - &LL(0x21,0x21,0x84,0x21,0x15,0xa5,0x42,0x34); - &LL(0x9c,0x9c,0x4a,0x9c,0x94,0xd6,0x25,0x08); - &LL(0x1e,0x1e,0x78,0x1e,0xf0,0x66,0x3c,0xee); - &LL(0x43,0x43,0x11,0x43,0x22,0x52,0x86,0x61); - &LL(0xc7,0xc7,0x3b,0xc7,0x76,0xfc,0x93,0xb1); - &LL(0xfc,0xfc,0xd7,0xfc,0xb3,0x2b,0xe5,0x4f); - &LL(0x04,0x04,0x10,0x04,0x20,0x14,0x08,0x24); - &LL(0x51,0x51,0x59,0x51,0xb2,0x08,0xa2,0xe3); - &LL(0x99,0x99,0x5e,0x99,0xbc,0xc7,0x2f,0x25); - &LL(0x6d,0x6d,0xa9,0x6d,0x4f,0xc4,0xda,0x22); - &LL(0x0d,0x0d,0x34,0x0d,0x68,0x39,0x1a,0x65); - &LL(0xfa,0xfa,0xcf,0xfa,0x83,0x35,0xe9,0x79); - &LL(0xdf,0xdf,0x5b,0xdf,0xb6,0x84,0xa3,0x69); - &LL(0x7e,0x7e,0xe5,0x7e,0xd7,0x9b,0xfc,0xa9); - &LL(0x24,0x24,0x90,0x24,0x3d,0xb4,0x48,0x19); - &LL(0x3b,0x3b,0xec,0x3b,0xc5,0xd7,0x76,0xfe); - &LL(0xab,0xab,0x96,0xab,0x31,0x3d,0x4b,0x9a); - &LL(0xce,0xce,0x1f,0xce,0x3e,0xd1,0x81,0xf0); - &LL(0x11,0x11,0x44,0x11,0x88,0x55,0x22,0x99); - &LL(0x8f,0x8f,0x06,0x8f,0x0c,0x89,0x03,0x83); - &LL(0x4e,0x4e,0x25,0x4e,0x4a,0x6b,0x9c,0x04); - &LL(0xb7,0xb7,0xe6,0xb7,0xd1,0x51,0x73,0x66); - &LL(0xeb,0xeb,0x8b,0xeb,0x0b,0x60,0xcb,0xe0); - &LL(0x3c,0x3c,0xf0,0x3c,0xfd,0xcc,0x78,0xc1); - &LL(0x81,0x81,0x3e,0x81,0x7c,0xbf,0x1f,0xfd); - &LL(0x94,0x94,0x6a,0x94,0xd4,0xfe,0x35,0x40); - &LL(0xf7,0xf7,0xfb,0xf7,0xeb,0x0c,0xf3,0x1c); - &LL(0xb9,0xb9,0xde,0xb9,0xa1,0x67,0x6f,0x18); - &LL(0x13,0x13,0x4c,0x13,0x98,0x5f,0x26,0x8b); - &LL(0x2c,0x2c,0xb0,0x2c,0x7d,0x9c,0x58,0x51); - &LL(0xd3,0xd3,0x6b,0xd3,0xd6,0xb8,0xbb,0x05); - &LL(0xe7,0xe7,0xbb,0xe7,0x6b,0x5c,0xd3,0x8c); - &LL(0x6e,0x6e,0xa5,0x6e,0x57,0xcb,0xdc,0x39); - &LL(0xc4,0xc4,0x37,0xc4,0x6e,0xf3,0x95,0xaa); - &LL(0x03,0x03,0x0c,0x03,0x18,0x0f,0x06,0x1b); - &LL(0x56,0x56,0x45,0x56,0x8a,0x13,0xac,0xdc); - &LL(0x44,0x44,0x0d,0x44,0x1a,0x49,0x88,0x5e); - &LL(0x7f,0x7f,0xe1,0x7f,0xdf,0x9e,0xfe,0xa0); - &LL(0xa9,0xa9,0x9e,0xa9,0x21,0x37,0x4f,0x88); - &LL(0x2a,0x2a,0xa8,0x2a,0x4d,0x82,0x54,0x67); - &LL(0xbb,0xbb,0xd6,0xbb,0xb1,0x6d,0x6b,0x0a); - &LL(0xc1,0xc1,0x23,0xc1,0x46,0xe2,0x9f,0x87); - &LL(0x53,0x53,0x51,0x53,0xa2,0x02,0xa6,0xf1); - &LL(0xdc,0xdc,0x57,0xdc,0xae,0x8b,0xa5,0x72); - &LL(0x0b,0x0b,0x2c,0x0b,0x58,0x27,0x16,0x53); - &LL(0x9d,0x9d,0x4e,0x9d,0x9c,0xd3,0x27,0x01); - &LL(0x6c,0x6c,0xad,0x6c,0x47,0xc1,0xd8,0x2b); - &LL(0x31,0x31,0xc4,0x31,0x95,0xf5,0x62,0xa4); - &LL(0x74,0x74,0xcd,0x74,0x87,0xb9,0xe8,0xf3); - &LL(0xf6,0xf6,0xff,0xf6,0xe3,0x09,0xf1,0x15); - &LL(0x46,0x46,0x05,0x46,0x0a,0x43,0x8c,0x4c); - &LL(0xac,0xac,0x8a,0xac,0x09,0x26,0x45,0xa5); - &LL(0x89,0x89,0x1e,0x89,0x3c,0x97,0x0f,0xb5); - &LL(0x14,0x14,0x50,0x14,0xa0,0x44,0x28,0xb4); - &LL(0xe1,0xe1,0xa3,0xe1,0x5b,0x42,0xdf,0xba); - &LL(0x16,0x16,0x58,0x16,0xb0,0x4e,0x2c,0xa6); - &LL(0x3a,0x3a,0xe8,0x3a,0xcd,0xd2,0x74,0xf7); - &LL(0x69,0x69,0xb9,0x69,0x6f,0xd0,0xd2,0x06); - &LL(0x09,0x09,0x24,0x09,0x48,0x2d,0x12,0x41); - &LL(0x70,0x70,0xdd,0x70,0xa7,0xad,0xe0,0xd7); - &LL(0xb6,0xb6,0xe2,0xb6,0xd9,0x54,0x71,0x6f); - &LL(0xd0,0xd0,0x67,0xd0,0xce,0xb7,0xbd,0x1e); - &LL(0xed,0xed,0x93,0xed,0x3b,0x7e,0xc7,0xd6); - &LL(0xcc,0xcc,0x17,0xcc,0x2e,0xdb,0x85,0xe2); - &LL(0x42,0x42,0x15,0x42,0x2a,0x57,0x84,0x68); - &LL(0x98,0x98,0x5a,0x98,0xb4,0xc2,0x2d,0x2c); - &LL(0xa4,0xa4,0xaa,0xa4,0x49,0x0e,0x55,0xed); - &LL(0x28,0x28,0xa0,0x28,0x5d,0x88,0x50,0x75); - &LL(0x5c,0x5c,0x6d,0x5c,0xda,0x31,0xb8,0x86); - &LL(0xf8,0xf8,0xc7,0xf8,0x93,0x3f,0xed,0x6b); - &LL(0x86,0x86,0x22,0x86,0x44,0xa4,0x11,0xc2); - - &L(0x18,0x23,0xc6,0xe8,0x87,0xb8,0x01,0x4f); # rc[ROUNDS] - &L(0x36,0xa6,0xd2,0xf5,0x79,0x6f,0x91,0x52); - &L(0x60,0xbc,0x9b,0x8e,0xa3,0x0c,0x7b,0x35); - &L(0x1d,0xe0,0xd7,0xc2,0x2e,0x4b,0xfe,0x57); - &L(0x15,0x77,0x37,0xe5,0x9f,0xf0,0x4a,0xda); - &L(0x58,0xc9,0x29,0x0a,0xb1,0xa0,0x6b,0x85); - &L(0xbd,0x5d,0x10,0xf4,0xcb,0x3e,0x05,0x67); - &L(0xe4,0x27,0x41,0x8b,0xa7,0x7d,0x95,0xd8); - &L(0xfb,0xee,0x7c,0x66,0xdd,0x17,0x47,0x9e); - &L(0xca,0x2d,0xbf,0x07,0xad,0x5a,0x83,0x33); - -$code =~ s/\`([^\`]*)\`/eval $1/gem; -print $code; -close STDOUT; diff --git a/lib/libcrypto/whrlpool/wp_block.c b/lib/libcrypto/whrlpool/whirlpool.c similarity index 81% rename from lib/libcrypto/whrlpool/wp_block.c rename to lib/libcrypto/whrlpool/whirlpool.c index ad814a346..217c5a919 100644 --- a/lib/libcrypto/whrlpool/wp_block.c +++ b/lib/libcrypto/whrlpool/whirlpool.c @@ -1,4 +1,4 @@ -/* $OpenBSD: wp_block.c,v 1.15 2022/11/26 16:08:54 tb Exp $ */ +/* $OpenBSD: whirlpool.c,v 1.1 2024/03/29 02:41:49 jsing Exp $ */ /** * The Whirlpool hashing function. * @@ -36,11 +36,27 @@ * */ +/* + * OpenSSL-specific implementation notes. + * + * WHIRLPOOL_Update as well as one-stroke WHIRLPOOL both expect + * number of *bytes* as input length argument. Bit-oriented routine + * as specified by authors is called WHIRLPOOL_BitUpdate[!] and + * does not have one-stroke counterpart. + * + * WHIRLPOOL_BitUpdate implements byte-oriented loop, essentially + * to serve WHIRLPOOL_Update. This is done for performance. + * + * Unlike authors' reference implementation, block processing + * routine whirlpool_block is designed to operate on multi-block + * input. This is done for performance. + */ + #include #include -#include -#include "wp_local.h" +#include +#include typedef unsigned char u8; #if defined(_LP64) @@ -627,3 +643,211 @@ void whirlpool_block(WHIRLPOOL_CTX *ctx,const void *inp,size_t n) p += 64; } while(--n); } + +int +WHIRLPOOL_Init(WHIRLPOOL_CTX *c) +{ + memset (c, 0, sizeof(*c)); + return (1); +} + +int +WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *_inp, size_t bytes) +{ + /* Well, largest suitable chunk size actually is + * (1<<(sizeof(size_t)*8-3))-64, but below number + * is large enough for not to care about excessive + * calls to WHIRLPOOL_BitUpdate... */ + size_t chunk = ((size_t)1) << (sizeof(size_t)*8 - 4); + const unsigned char *inp = _inp; + + while (bytes >= chunk) { + WHIRLPOOL_BitUpdate(c, inp, chunk*8); + bytes -= chunk; + inp += chunk; + } + if (bytes) + WHIRLPOOL_BitUpdate(c, inp, bytes*8); + + return (1); +} + +void +WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits) +{ + size_t n; + unsigned int bitoff = c->bitoff, + bitrem = bitoff % 8, + inpgap = (8 - (unsigned int)bits % 8)&7; + const unsigned char *inp = _inp; + + /* This 256-bit increment procedure relies on the size_t + * being natural size of CPU register, so that we don't + * have to mask the value in order to detect overflows. */ + c->bitlen[0] += bits; + if (c->bitlen[0] < bits) /* overflow */ + { + n = 1; + do { + c->bitlen[n]++; + } while (c->bitlen[n]==0 && + ++n < (WHIRLPOOL_COUNTER/sizeof(size_t))); + } + +#ifndef OPENSSL_SMALL_FOOTPRINT +reconsider: + if (inpgap==0 && bitrem==0) /* byte-oriented loop */ + { + while (bits) { + if (bitoff == 0 && (n = bits/WHIRLPOOL_BBLOCK)) { + whirlpool_block(c, inp, n); + inp += n*WHIRLPOOL_BBLOCK/8; + bits %= WHIRLPOOL_BBLOCK; + } else { + unsigned int byteoff = bitoff/8; + + bitrem = WHIRLPOOL_BBLOCK - bitoff;/* re-use bitrem */ + if (bits >= bitrem) { + bits -= bitrem; + bitrem /= 8; + memcpy(c->data + byteoff, inp, bitrem); + inp += bitrem; + whirlpool_block(c, c->data, 1); + bitoff = 0; + } else { + memcpy(c->data + byteoff, inp, bits/8); + bitoff += (unsigned int)bits; + bits = 0; + } + c->bitoff = bitoff; + } + } + } + else /* bit-oriented loop */ +#endif + { + /* + inp + | + +-------+-------+------- + ||||||||||||||||||||| + +-------+-------+------- + +-------+-------+-------+-------+------- + |||||||||||||| c->data + +-------+-------+-------+-------+------- + | + c->bitoff/8 + */ + while (bits) { + unsigned int byteoff = bitoff/8; + unsigned char b; + +#ifndef OPENSSL_SMALL_FOOTPRINT + if (bitrem == inpgap) { + c->data[byteoff++] |= inp[0] & (0xff >> inpgap); + inpgap = 8 - inpgap; + bitoff += inpgap; bitrem = 0; /* bitoff%8 */ + bits -= inpgap; inpgap = 0; /* bits%8 */ + inp++; + if (bitoff == WHIRLPOOL_BBLOCK) { + whirlpool_block(c, c->data, 1); + bitoff = 0; + } + c->bitoff = bitoff; + goto reconsider; + } else +#endif + if (bits >= 8) { + b = ((inp[0]<>(8 - inpgap))); + b &= 0xff; + if (bitrem) + c->data[byteoff++] |= b >> bitrem; + else + c->data[byteoff++] = b; + bitoff += 8; + bits -= 8; + inp++; + if (bitoff >= WHIRLPOOL_BBLOCK) { + whirlpool_block(c, c->data, 1); + byteoff = 0; + bitoff %= WHIRLPOOL_BBLOCK; + } + if (bitrem) + c->data[byteoff] = b << (8 - bitrem); + } + else /* remaining less than 8 bits */ + { + b = (inp[0]<data[byteoff++] |= b >> bitrem; + else + c->data[byteoff++] = b; + bitoff += (unsigned int)bits; + if (bitoff == WHIRLPOOL_BBLOCK) { + whirlpool_block(c, c->data, 1); + byteoff = 0; + bitoff %= WHIRLPOOL_BBLOCK; + } + if (bitrem) + c->data[byteoff] = b << (8 - bitrem); + bits = 0; + } + c->bitoff = bitoff; + } + } +} + +int +WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c) +{ + unsigned int bitoff = c->bitoff, + byteoff = bitoff/8; + size_t i, j, v; + unsigned char *p; + + bitoff %= 8; + if (bitoff) + c->data[byteoff] |= 0x80 >> bitoff; + else + c->data[byteoff] = 0x80; + byteoff++; + + /* pad with zeros */ + if (byteoff > (WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER)) { + if (byteoff < WHIRLPOOL_BBLOCK/8) + memset(&c->data[byteoff], 0, WHIRLPOOL_BBLOCK/8 - byteoff); + whirlpool_block(c, c->data, 1); + byteoff = 0; + } + if (byteoff < (WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER)) + memset(&c->data[byteoff], 0, + (WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER) - byteoff); + /* smash 256-bit c->bitlen in big-endian order */ + p = &c->data[WHIRLPOOL_BBLOCK/8-1]; /* last byte in c->data */ + for (i = 0; i < WHIRLPOOL_COUNTER/sizeof(size_t); i++) + for (v = c->bitlen[i], j = 0; j < sizeof(size_t); j++, v >>= 8) + *p-- = (unsigned char)(v&0xff); + + whirlpool_block(c, c->data, 1); + + if (md) { + memcpy(md, c->H.c, WHIRLPOOL_DIGEST_LENGTH); + memset(c, 0, sizeof(*c)); + return (1); + } + return (0); +} + +unsigned char * +WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md) +{ + WHIRLPOOL_CTX ctx; + static unsigned char m[WHIRLPOOL_DIGEST_LENGTH]; + + if (md == NULL) + md = m; + WHIRLPOOL_Init(&ctx); + WHIRLPOOL_Update(&ctx, inp, bytes); + WHIRLPOOL_Final(md, &ctx); + return (md); +} diff --git a/lib/libcrypto/whrlpool/wp_dgst.c b/lib/libcrypto/whrlpool/wp_dgst.c deleted file mode 100644 index 0e7c9c56d..000000000 --- a/lib/libcrypto/whrlpool/wp_dgst.c +++ /dev/null @@ -1,267 +0,0 @@ -/* $OpenBSD: wp_dgst.c,v 1.8 2024/03/29 00:16:22 jsing Exp $ */ -/** - * The Whirlpool hashing function. - * - *

- * References - * - *

- * The Whirlpool algorithm was developed by - * Paulo S. L. M. Barreto and - * Vincent Rijmen. - * - * See - * P.S.L.M. Barreto, V. Rijmen, - * ``The Whirlpool hashing function,'' - * NESSIE submission, 2000 (tweaked version, 2001), - * - * - * Based on "@version 3.0 (2003.03.12)" by Paulo S.L.M. Barreto and - * Vincent Rijmen. Lookup "reference implementations" on - * - * - * ============================================================================= - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS - * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE - * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, - * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -/* - * OpenSSL-specific implementation notes. - * - * WHIRLPOOL_Update as well as one-stroke WHIRLPOOL both expect - * number of *bytes* as input length argument. Bit-oriented routine - * as specified by authors is called WHIRLPOOL_BitUpdate[!] and - * does not have one-stroke counterpart. - * - * WHIRLPOOL_BitUpdate implements byte-oriented loop, essentially - * to serve WHIRLPOOL_Update. This is done for performance. - * - * Unlike authors' reference implementation, block processing - * routine whirlpool_block is designed to operate on multi-block - * input. This is done for performance. - */ - -#include - -#include - -#include "wp_local.h" - -int -WHIRLPOOL_Init(WHIRLPOOL_CTX *c) -{ - memset (c, 0, sizeof(*c)); - return (1); -} - -int -WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *_inp, size_t bytes) -{ - /* Well, largest suitable chunk size actually is - * (1<<(sizeof(size_t)*8-3))-64, but below number - * is large enough for not to care about excessive - * calls to WHIRLPOOL_BitUpdate... */ - size_t chunk = ((size_t)1) << (sizeof(size_t)*8 - 4); - const unsigned char *inp = _inp; - - while (bytes >= chunk) { - WHIRLPOOL_BitUpdate(c, inp, chunk*8); - bytes -= chunk; - inp += chunk; - } - if (bytes) - WHIRLPOOL_BitUpdate(c, inp, bytes*8); - - return (1); -} - -void -WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits) -{ - size_t n; - unsigned int bitoff = c->bitoff, - bitrem = bitoff % 8, - inpgap = (8 - (unsigned int)bits % 8)&7; - const unsigned char *inp = _inp; - - /* This 256-bit increment procedure relies on the size_t - * being natural size of CPU register, so that we don't - * have to mask the value in order to detect overflows. */ - c->bitlen[0] += bits; - if (c->bitlen[0] < bits) /* overflow */ - { - n = 1; - do { - c->bitlen[n]++; - } while (c->bitlen[n]==0 && - ++n < (WHIRLPOOL_COUNTER/sizeof(size_t))); - } - -#ifndef OPENSSL_SMALL_FOOTPRINT -reconsider: - if (inpgap==0 && bitrem==0) /* byte-oriented loop */ - { - while (bits) { - if (bitoff == 0 && (n = bits/WHIRLPOOL_BBLOCK)) { - whirlpool_block(c, inp, n); - inp += n*WHIRLPOOL_BBLOCK/8; - bits %= WHIRLPOOL_BBLOCK; - } else { - unsigned int byteoff = bitoff/8; - - bitrem = WHIRLPOOL_BBLOCK - bitoff;/* re-use bitrem */ - if (bits >= bitrem) { - bits -= bitrem; - bitrem /= 8; - memcpy(c->data + byteoff, inp, bitrem); - inp += bitrem; - whirlpool_block(c, c->data, 1); - bitoff = 0; - } else { - memcpy(c->data + byteoff, inp, bits/8); - bitoff += (unsigned int)bits; - bits = 0; - } - c->bitoff = bitoff; - } - } - } - else /* bit-oriented loop */ -#endif - { - /* - inp - | - +-------+-------+------- - ||||||||||||||||||||| - +-------+-------+------- - +-------+-------+-------+-------+------- - |||||||||||||| c->data - +-------+-------+-------+-------+------- - | - c->bitoff/8 - */ - while (bits) { - unsigned int byteoff = bitoff/8; - unsigned char b; - -#ifndef OPENSSL_SMALL_FOOTPRINT - if (bitrem == inpgap) { - c->data[byteoff++] |= inp[0] & (0xff >> inpgap); - inpgap = 8 - inpgap; - bitoff += inpgap; bitrem = 0; /* bitoff%8 */ - bits -= inpgap; inpgap = 0; /* bits%8 */ - inp++; - if (bitoff == WHIRLPOOL_BBLOCK) { - whirlpool_block(c, c->data, 1); - bitoff = 0; - } - c->bitoff = bitoff; - goto reconsider; - } else -#endif - if (bits >= 8) { - b = ((inp[0]<>(8 - inpgap))); - b &= 0xff; - if (bitrem) - c->data[byteoff++] |= b >> bitrem; - else - c->data[byteoff++] = b; - bitoff += 8; - bits -= 8; - inp++; - if (bitoff >= WHIRLPOOL_BBLOCK) { - whirlpool_block(c, c->data, 1); - byteoff = 0; - bitoff %= WHIRLPOOL_BBLOCK; - } - if (bitrem) - c->data[byteoff] = b << (8 - bitrem); - } - else /* remaining less than 8 bits */ - { - b = (inp[0]<data[byteoff++] |= b >> bitrem; - else - c->data[byteoff++] = b; - bitoff += (unsigned int)bits; - if (bitoff == WHIRLPOOL_BBLOCK) { - whirlpool_block(c, c->data, 1); - byteoff = 0; - bitoff %= WHIRLPOOL_BBLOCK; - } - if (bitrem) - c->data[byteoff] = b << (8 - bitrem); - bits = 0; - } - c->bitoff = bitoff; - } - } -} - -int -WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c) -{ - unsigned int bitoff = c->bitoff, - byteoff = bitoff/8; - size_t i, j, v; - unsigned char *p; - - bitoff %= 8; - if (bitoff) - c->data[byteoff] |= 0x80 >> bitoff; - else - c->data[byteoff] = 0x80; - byteoff++; - - /* pad with zeros */ - if (byteoff > (WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER)) { - if (byteoff < WHIRLPOOL_BBLOCK/8) - memset(&c->data[byteoff], 0, WHIRLPOOL_BBLOCK/8 - byteoff); - whirlpool_block(c, c->data, 1); - byteoff = 0; - } - if (byteoff < (WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER)) - memset(&c->data[byteoff], 0, - (WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER) - byteoff); - /* smash 256-bit c->bitlen in big-endian order */ - p = &c->data[WHIRLPOOL_BBLOCK/8-1]; /* last byte in c->data */ - for (i = 0; i < WHIRLPOOL_COUNTER/sizeof(size_t); i++) - for (v = c->bitlen[i], j = 0; j < sizeof(size_t); j++, v >>= 8) - *p-- = (unsigned char)(v&0xff); - - whirlpool_block(c, c->data, 1); - - if (md) { - memcpy(md, c->H.c, WHIRLPOOL_DIGEST_LENGTH); - memset(c, 0, sizeof(*c)); - return (1); - } - return (0); -} - -unsigned char * -WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md) -{ - WHIRLPOOL_CTX ctx; - static unsigned char m[WHIRLPOOL_DIGEST_LENGTH]; - - if (md == NULL) - md = m; - WHIRLPOOL_Init(&ctx); - WHIRLPOOL_Update(&ctx, inp, bytes); - WHIRLPOOL_Final(md, &ctx); - return (md); -} diff --git a/lib/libcrypto/whrlpool/wp_local.h b/lib/libcrypto/whrlpool/wp_local.h deleted file mode 100644 index 892dce23b..000000000 --- a/lib/libcrypto/whrlpool/wp_local.h +++ /dev/null @@ -1,11 +0,0 @@ -/* $OpenBSD: wp_local.h,v 1.2 2023/09/04 08:43:41 tb Exp $ */ - -#include - -#include - -__BEGIN_HIDDEN_DECLS - -void whirlpool_block(WHIRLPOOL_CTX *,const void *,size_t); - -__END_HIDDEN_DECLS diff --git a/lib/libcrypto/x509/x509_vpm.c b/lib/libcrypto/x509/x509_vpm.c index 674c8e445..927c79716 100644 --- a/lib/libcrypto/x509/x509_vpm.c +++ b/lib/libcrypto/x509/x509_vpm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_vpm.c,v 1.43 2024/03/29 00:25:32 tb Exp $ */ +/* $OpenBSD: x509_vpm.c,v 1.45 2024/03/29 04:50:11 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2004. */ @@ -464,48 +464,59 @@ LCRYPTO_ALIAS(X509_VERIFY_PARAM_set_time); int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, ASN1_OBJECT *policy) { - if (!param->policies) { + if (param->policies == NULL) param->policies = sk_ASN1_OBJECT_new_null(); - if (!param->policies) - return 0; - } - if (!sk_ASN1_OBJECT_push(param->policies, policy)) + if (param->policies == NULL) + return 0; + if (sk_ASN1_OBJECT_push(param->policies, policy) <= 0) return 0; return 1; } LCRYPTO_ALIAS(X509_VERIFY_PARAM_add0_policy); +static STACK_OF(ASN1_OBJECT) * +sk_ASN1_OBJECT_deep_copy(const STACK_OF(ASN1_OBJECT) *sk) +{ + STACK_OF(ASN1_OBJECT) *objs; + ASN1_OBJECT *obj = NULL; + int i; + + if ((objs = sk_ASN1_OBJECT_new_null()) == NULL) + goto err; + + for (i = 0; i < sk_ASN1_OBJECT_num(sk); i++) { + if ((obj = OBJ_dup(sk_ASN1_OBJECT_value(sk, i))) == NULL) + goto err; + if (sk_ASN1_OBJECT_push(objs, obj) <= 0) + goto err; + obj = NULL; + } + + return objs; + + err: + sk_ASN1_OBJECT_pop_free(objs, ASN1_OBJECT_free); + ASN1_OBJECT_free(obj); + + return NULL; +} + int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, STACK_OF(ASN1_OBJECT) *policies) { - int i; - ASN1_OBJECT *oid, *doid; - - if (!param) + if (param == NULL) return 0; - if (param->policies) - sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); - if (!policies) { - param->policies = NULL; + sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); + param->policies = NULL; + + if (policies == NULL) return 1; - } - param->policies = sk_ASN1_OBJECT_new_null(); - if (!param->policies) + if ((param->policies = sk_ASN1_OBJECT_deep_copy(policies)) == NULL) return 0; - for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++) { - oid = sk_ASN1_OBJECT_value(policies, i); - doid = OBJ_dup(oid); - if (!doid) - return 0; - if (!sk_ASN1_OBJECT_push(param->policies, doid)) { - ASN1_OBJECT_free(doid); - return 0; - } - } return 1; } LCRYPTO_ALIAS(X509_VERIFY_PARAM_set1_policies); diff --git a/lib/libfido2/src/rs1.c b/lib/libfido2/src/rs1.c index 326c84c35..f9a36d6c8 100644 --- a/lib/libfido2/src/rs1.c +++ b/lib/libfido2/src/rs1.c @@ -9,32 +9,17 @@ #include "fido.h" -#if OPENSSL_VERSION_NUMBER >= 0x30000000 -static EVP_MD * -rs1_get_EVP_MD(void) -{ - return (EVP_MD_fetch(NULL, "SHA-1", NULL)); -} +#define PRAGMA(s) -static void -rs1_free_EVP_MD(EVP_MD *md) -{ - EVP_MD_free(md); -} -#else static EVP_MD * rs1_get_EVP_MD(void) { + PRAGMA("GCC diagnostic push"); + PRAGMA("GCC diagnostic ignored \"-Wcast-qual\""); return ((EVP_MD *)EVP_sha1()); + PRAGMA("GCC diagnostic pop"); } -static void -rs1_free_EVP_MD(EVP_MD *md) -{ - (void)md; -} -#endif /* OPENSSL_VERSION_NUMBER */ - int rs1_verify_sig(const fido_blob_t *dgst, EVP_PKEY *pkey, const fido_blob_t *sig) @@ -70,7 +55,6 @@ rs1_verify_sig(const fido_blob_t *dgst, EVP_PKEY *pkey, ok = 0; fail: EVP_PKEY_CTX_free(pctx); - rs1_free_EVP_MD(md); return (ok); } diff --git a/lib/libfido2/src/rs256.c b/lib/libfido2/src/rs256.c index 400d06313..7c4962dc9 100644 --- a/lib/libfido2/src/rs256.c +++ b/lib/libfido2/src/rs256.c @@ -17,32 +17,17 @@ #define get0_RSA(x) EVP_PKEY_get0((x)) #endif -#if OPENSSL_VERSION_NUMBER >= 0x30000000 -static EVP_MD * -rs256_get_EVP_MD(void) -{ - return (EVP_MD_fetch(NULL, "SHA2-256", NULL)); -} +#define PRAGMA(s) -static void -rs256_free_EVP_MD(EVP_MD *md) -{ - EVP_MD_free(md); -} -#else static EVP_MD * rs256_get_EVP_MD(void) { + PRAGMA("GCC diagnostic push"); + PRAGMA("GCC diagnostic ignored \"-Wcast-qual\""); return ((EVP_MD *)EVP_sha256()); + PRAGMA("GCC diagnostic pop"); } -static void -rs256_free_EVP_MD(EVP_MD *md) -{ - (void)md; -} -#endif /* OPENSSL_VERSION_NUMBER */ - static int decode_bignum(const cbor_item_t *item, void *ptr, size_t len) { @@ -266,7 +251,6 @@ rs256_verify_sig(const fido_blob_t *dgst, EVP_PKEY *pkey, ok = 0; fail: EVP_PKEY_CTX_free(pctx); - rs256_free_EVP_MD(md); return (ok); } diff --git a/lib/libm/Makefile b/lib/libm/Makefile index 052663e3c..e6cc4a839 100644 --- a/lib/libm/Makefile +++ b/lib/libm/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.123 2022/01/21 03:12:55 gnezdo Exp $ +# $OpenBSD: Makefile,v 1.124 2024/03/29 06:49:00 miod Exp $ # $NetBSD: Makefile,v 1.28 1995/11/20 22:06:19 jtc Exp $ # # @(#)Makefile 5.1beta 93/09/24 @@ -47,25 +47,13 @@ ARCH_SRCS = e_sqrt.c e_sqrtf.c e_remainder.c e_remainderf.c \ .elif (${MACHINE_ARCH} == "sh") .PATH: ${.CURDIR}/arch/sh ARCH_SRCS = e_sqrt.c e_sqrtf.c s_fabsf.c -.elif (${MACHINE_ARCH} == "aarch64") -.PATH: ${.CURDIR}/arch/aarch64 -.elif (${MACHINE_ARCH} == "arm") -.PATH: ${.CURDIR}/arch/arm -.elif (${MACHINE_ARCH} == "m88k") -.PATH: ${.CURDIR}/arch/m88k -.elif (${MACHINE_ARCH} == "mips64") -.PATH: ${.CURDIR}/arch/mips64 .elif (${MACHINE_ARCH} == "mips64el") .PATH: ${.CURDIR}/arch/mips64 -.elif (${MACHINE_ARCH} == "powerpc") -.PATH: ${.CURDIR}/arch/powerpc -.elif (${MACHINE_ARCH} == "powerpc64") -.PATH: ${.CURDIR}/arch/powerpc64 -.elif (${MACHINE_ARCH} == "riscv64") -.PATH: ${.CURDIR}/arch/riscv64 .elif (${MACHINE_ARCH} == "sparc64") .PATH: ${.CURDIR}/arch/sparc64 ARCH_SRCS = e_sqrtl.c +.else +.PATH: ${.CURDIR}/arch/${MACHINE_ARCH} .endif .PATH: ${.CURDIR}/man diff --git a/regress/lib/libcrypto/Makefile b/regress/lib/libcrypto/Makefile index 32147fd48..871ae2093 100644 --- a/regress/lib/libcrypto/Makefile +++ b/regress/lib/libcrypto/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.55 2024/03/28 06:45:36 beck Exp $ +# $OpenBSD: Makefile,v 1.56 2024/03/29 07:13:38 joshua Exp $ SUBDIR += aead SUBDIR += aes @@ -48,6 +48,7 @@ SUBDIR += sm3 SUBDIR += sm4 SUBDIR += symbols SUBDIR += utf8 +SUBDIR += whirlpool SUBDIR += wycheproof SUBDIR += x509 diff --git a/regress/lib/libcrypto/cms/cmstest.c b/regress/lib/libcrypto/cms/cmstest.c index c207b9ebd..8b2faf689 100644 --- a/regress/lib/libcrypto/cms/cmstest.c +++ b/regress/lib/libcrypto/cms/cmstest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cmstest.c,v 1.7 2023/03/02 21:08:14 tb Exp $ */ +/* $OpenBSD: cmstest.c,v 1.8 2024/03/29 06:42:42 tb Exp $ */ /* * Copyright (c) 2019 Joel Sing * @@ -97,6 +97,40 @@ static const char cms_key_1[] = "pFtLoXoGoVXRjAtpNvX7fh/G\n" "-----END PRIVATE KEY-----\n"; +const char cms_ca_2[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIBvTCCAW+gAwIBAgIQHioe49U1R3LcahmTCOUmoTAFBgMrZXAwXTEUMBIGA1UE\n" + "ChMLQ01TIFRlc3QgQ0ExHTAbBgNVBAsMFGNtc3Rlc3RAbGlicmVzc2wub3JnMSYw\n" + "JAYDVQQDDB1DTVMgVGVzdCBjbXN0ZXN0QGxpYnJlc3NsLm9yZzAeFw0yMzEwMDkw\n" + "OTAzNDhaFw0zMzEwMDkwOTAzNDhaMF0xFDASBgNVBAoTC0NNUyBUZXN0IENBMR0w\n" + "GwYDVQQLDBRjbXN0ZXN0QGxpYnJlc3NsLm9yZzEmMCQGA1UEAwwdQ01TIFRlc3Qg\n" + "Y21zdGVzdEBsaWJyZXNzbC5vcmcwKjAFBgMrZXADIQAYj6pY7cN0DnwmsYHVDLqJ\n" + "7/Futy5p4QJDKA/FSZ6+6KNFMEMwDgYDVR0PAQH/BAQDAgIEMBIGA1UdEwEB/wQI\n" + "MAYBAf8CAQAwHQYDVR0OBBYEFE7G7c7O2Vj79+Q786M7ssMd/lflMAUGAytlcANB\n" + "AOk+RHgs8D82saBM1nQMgIwEsNhYwbj3HhrRFDezYcnZeorBgiZTV3uQd2EndFdU\n" + "hcs4OYMCRorxqpUXX6EMtwQ=\n" + "-----END CERTIFICATE-----\n"; + +const char cms_cert_2[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIB5DCCAZagAwIBAgIQevuGe7FBHIc2pnQ4b4dsIzAFBgMrZXAwXTEUMBIGA1UE\n" + "ChMLQ01TIFRlc3QgQ0ExHTAbBgNVBAsMFGNtc3Rlc3RAbGlicmVzc2wub3JnMSYw\n" + "JAYDVQQDDB1DTVMgVGVzdCBjbXN0ZXN0QGxpYnJlc3NsLm9yZzAeFw0yMzEwMDkw\n" + "OTAzNDhaFw0zMzEwMDkwOTAzNDhaMD4xHTAbBgNVBAoTFENNUyB0ZXN0IGNlcnRp\n" + "ZmljYXRlMR0wGwYDVQQLDBRjbXN0ZXN0QGxpYnJlc3NsLm9yZzAqMAUGAytlcAMh\n" + "AFH47Z54SuXMN+i5CCvMVUZJZzSYsDcRY+lPtc+J8h2ko4GKMIGHMA4GA1UdDwEB\n" + "/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwQwHwYDVR0jBBgw\n" + "FoAUTsbtzs7ZWPv35Dvzozuywx3+V+UwNQYDVR0RBC4wLIIUY21zdGVzdC5saWJy\n" + "ZXNzbC5vcmeBFGNtc3Rlc3RAbGlicmVzc2wub3JnMAUGAytlcANBAAEqYppowFjF\n" + "fTZhNM3cIyFfmQthJV/+krEE2VTSoKgCokll+fXz1K9P+R3asgrVDoHjnBtvksIE\n" + "wup36c05XQA=\n" + "-----END CERTIFICATE-----\n"; + +const char cms_key_2[] = + "-----BEGIN PRIVATE KEY-----\n" + "MC4CAQAwBQYDK2VwBCIEIO88YApnGRDewzSwtxAnBvhlTPz9MjSz51mEpE2oi+9g\n" + "-----END PRIVATE KEY-----\n"; + static void hexdump(const unsigned char *buf, size_t len) { @@ -204,7 +238,8 @@ test_cms_encrypt_decrypt(void) } static int -test_cms_sign_verify(void) +test_cms_sign_verify(const char *ca_pem, const char *cert_pem, + const char *key_pem) { STACK_OF(X509) *certs = NULL; CMS_ContentInfo *ci = NULL; @@ -224,7 +259,7 @@ test_cms_sign_verify(void) if ((certs = sk_X509_new_null()) == NULL) errx(1, "failed to create certs"); - if ((bio_mem = BIO_new_mem_buf(cms_cert_1, -1)) == NULL) + if ((bio_mem = BIO_new_mem_buf(cert_pem, -1)) == NULL) errx(1, "failed to create BIO for cert"); if ((cert = PEM_read_bio_X509(bio_mem, NULL, NULL, NULL)) == NULL) errx(1, "failed to read cert"); @@ -232,7 +267,7 @@ test_cms_sign_verify(void) errx(1, "failed to push cert"); BIO_free(bio_mem); - if ((bio_mem = BIO_new_mem_buf(cms_ca_1, -1)) == NULL) + if ((bio_mem = BIO_new_mem_buf(ca_pem, -1)) == NULL) errx(1, "failed to create BIO for cert"); if ((ca = PEM_read_bio_X509(bio_mem, NULL, NULL, NULL)) == NULL) errx(1, "failed to read cert"); @@ -242,7 +277,7 @@ test_cms_sign_verify(void) errx(1, "failed to add cert to store"); BIO_free(bio_mem); - if ((bio_mem = BIO_new_mem_buf(cms_key_1, -1)) == NULL) + if ((bio_mem = BIO_new_mem_buf(key_pem, -1)) == NULL) errx(1, "failed to create BIO for key"); if ((pkey = PEM_read_bio_PrivateKey(bio_mem, NULL, NULL, NULL)) == NULL) errx(1, "failed to read key"); @@ -320,7 +355,8 @@ main(int argc, char **argv) ERR_load_crypto_strings(); failed |= test_cms_encrypt_decrypt(); - failed |= test_cms_sign_verify(); + failed |= test_cms_sign_verify(cms_ca_1, cms_cert_1, cms_key_1); + failed |= test_cms_sign_verify(cms_ca_2, cms_cert_2, cms_key_2); return failed; } diff --git a/regress/lib/libcrypto/symbols/symbols.awk b/regress/lib/libcrypto/symbols/symbols.awk index c5ae77070..de41d0529 100644 --- a/regress/lib/libcrypto/symbols/symbols.awk +++ b/regress/lib/libcrypto/symbols/symbols.awk @@ -1,4 +1,4 @@ -# $OpenBSD: symbols.awk,v 1.8 2023/05/04 20:15:27 tb Exp $ +# $OpenBSD: symbols.awk,v 1.9 2024/03/29 02:30:25 jsing Exp $ # Copyright (c) 2018,2020 Theo Buehler # @@ -17,7 +17,6 @@ # usage: awk -f symbols.awk < Symbols.list > symbols.c BEGIN { - printf("#include /* CMS special */\n\n") printf("#include \"include_headers.c\"\n\n") } diff --git a/regress/lib/libcrypto/whirlpool/Makefile b/regress/lib/libcrypto/whirlpool/Makefile new file mode 100644 index 000000000..b57edd894 --- /dev/null +++ b/regress/lib/libcrypto/whirlpool/Makefile @@ -0,0 +1,9 @@ +# $OpenBSD: Makefile,v 1.1 2024/03/29 07:13:38 joshua Exp $ + +PROG = whirlpool_test +LDADD = -lcrypto +DPADD = ${LIBCRYPTO} +WARNINGS = Yes +CFLAGS += -DLIBRESSL_INTERNAL -Werror + +.include diff --git a/regress/lib/libcrypto/whirlpool/whirlpool_test.c b/regress/lib/libcrypto/whirlpool/whirlpool_test.c new file mode 100644 index 000000000..f72f9c3bb --- /dev/null +++ b/regress/lib/libcrypto/whirlpool/whirlpool_test.c @@ -0,0 +1,240 @@ +/* $OpenBSD: whirlpool_test.c,v 1.1 2024/03/29 07:13:38 joshua Exp $ */ +/* + * Copyright (c) 2024 Joshua Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include +#include + +struct whirlpool_test { + const uint8_t in[128]; + const size_t in_len; + const uint8_t out[EVP_MAX_MD_SIZE]; +}; + +static const struct whirlpool_test whirlpool_tests[] = { + { + .in = "", + .in_len = 0, + .out = { + 0x19, 0xfa, 0x61, 0xd7, 0x55, 0x22, 0xa4, 0x66, + 0x9b, 0x44, 0xe3, 0x9c, 0x1d, 0x2e, 0x17, 0x26, + 0xc5, 0x30, 0x23, 0x21, 0x30, 0xd4, 0x07, 0xf8, + 0x9a, 0xfe, 0xe0, 0x96, 0x49, 0x97, 0xf7, 0xa7, + 0x3e, 0x83, 0xbe, 0x69, 0x8b, 0x28, 0x8f, 0xeb, + 0xcf, 0x88, 0xe3, 0xe0, 0x3c, 0x4f, 0x07, 0x57, + 0xea, 0x89, 0x64, 0xe5, 0x9b, 0x63, 0xd9, 0x37, + 0x08, 0xb1, 0x38, 0xcc, 0x42, 0xa6, 0x6e, 0xb3, + }, + }, + { + .in = "a", + .in_len = 1, + .out = { + 0x8a, 0xca, 0x26, 0x02, 0x79, 0x2a, 0xec, 0x6f, + 0x11, 0xa6, 0x72, 0x06, 0x53, 0x1f, 0xb7, 0xd7, + 0xf0, 0xdf, 0xf5, 0x94, 0x13, 0x14, 0x5e, 0x69, + 0x73, 0xc4, 0x50, 0x01, 0xd0, 0x08, 0x7b, 0x42, + 0xd1, 0x1b, 0xc6, 0x45, 0x41, 0x3a, 0xef, 0xf6, + 0x3a, 0x42, 0x39, 0x1a, 0x39, 0x14, 0x5a, 0x59, + 0x1a, 0x92, 0x20, 0x0d, 0x56, 0x01, 0x95, 0xe5, + 0x3b, 0x47, 0x85, 0x84, 0xfd, 0xae, 0x23, 0x1a, + }, + }, + { + .in = "abc", + .in_len = 3, + .out = { + 0x4e, 0x24, 0x48, 0xa4, 0xc6, 0xf4, 0x86, 0xbb, + 0x16, 0xb6, 0x56, 0x2c, 0x73, 0xb4, 0x02, 0x0b, + 0xf3, 0x04, 0x3e, 0x3a, 0x73, 0x1b, 0xce, 0x72, + 0x1a, 0xe1, 0xb3, 0x03, 0xd9, 0x7e, 0x6d, 0x4c, + 0x71, 0x81, 0xee, 0xbd, 0xb6, 0xc5, 0x7e, 0x27, + 0x7d, 0x0e, 0x34, 0x95, 0x71, 0x14, 0xcb, 0xd6, + 0xc7, 0x97, 0xfc, 0x9d, 0x95, 0xd8, 0xb5, 0x82, + 0xd2, 0x25, 0x29, 0x20, 0x76, 0xd4, 0xee, 0xf5, + }, + }, + { + .in = "message digest", + .in_len = 14, + .out = { + 0x37, 0x8c, 0x84, 0xa4, 0x12, 0x6e, 0x2d, 0xc6, + 0xe5, 0x6d, 0xcc, 0x74, 0x58, 0x37, 0x7a, 0xac, + 0x83, 0x8d, 0x00, 0x03, 0x22, 0x30, 0xf5, 0x3c, + 0xe1, 0xf5, 0x70, 0x0c, 0x0f, 0xfb, 0x4d, 0x3b, + 0x84, 0x21, 0x55, 0x76, 0x59, 0xef, 0x55, 0xc1, + 0x06, 0xb4, 0xb5, 0x2a, 0xc5, 0xa4, 0xaa, 0xa6, + 0x92, 0xed, 0x92, 0x00, 0x52, 0x83, 0x8f, 0x33, + 0x62, 0xe8, 0x6d, 0xbd, 0x37, 0xa8, 0x90, 0x3e, + }, + }, + { + .in = "abcdefghijklmnopqrstuvwxyz", + .in_len = 26, + .out = { + 0xf1, 0xd7, 0x54, 0x66, 0x26, 0x36, 0xff, 0xe9, + 0x2c, 0x82, 0xeb, 0xb9, 0x21, 0x2a, 0x48, 0x4a, + 0x8d, 0x38, 0x63, 0x1e, 0xad, 0x42, 0x38, 0xf5, + 0x44, 0x2e, 0xe1, 0x3b, 0x80, 0x54, 0xe4, 0x1b, + 0x08, 0xbf, 0x2a, 0x92, 0x51, 0xc3, 0x0b, 0x6a, + 0x0b, 0x8a, 0xae, 0x86, 0x17, 0x7a, 0xb4, 0xa6, + 0xf6, 0x8f, 0x67, 0x3e, 0x72, 0x07, 0x86, 0x5d, + 0x5d, 0x98, 0x19, 0xa3, 0xdb, 0xa4, 0xeb, 0x3b, + }, + }, + { + .in = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", + .in_len = 62, + .out = { + 0xdc, 0x37, 0xe0, 0x08, 0xcf, 0x9e, 0xe6, 0x9b, + 0xf1, 0x1f, 0x00, 0xed, 0x9a, 0xba, 0x26, 0x90, + 0x1d, 0xd7, 0xc2, 0x8c, 0xde, 0xc0, 0x66, 0xcc, + 0x6a, 0xf4, 0x2e, 0x40, 0xf8, 0x2f, 0x3a, 0x1e, + 0x08, 0xeb, 0xa2, 0x66, 0x29, 0x12, 0x9d, 0x8f, + 0xb7, 0xcb, 0x57, 0x21, 0x1b, 0x92, 0x81, 0xa6, + 0x55, 0x17, 0xcc, 0x87, 0x9d, 0x7b, 0x96, 0x21, + 0x42, 0xc6, 0x5f, 0x5a, 0x7a, 0xf0, 0x14, 0x67, + }, + }, + { + .in = "12345678901234567890123456789012345678901234567890123456789012345678901234567890", + .in_len = 80, + .out = { + 0x46, 0x6e, 0xf1, 0x8b, 0xab, 0xb0, 0x15, 0x4d, + 0x25, 0xb9, 0xd3, 0x8a, 0x64, 0x14, 0xf5, 0xc0, + 0x87, 0x84, 0x37, 0x2b, 0xcc, 0xb2, 0x04, 0xd6, + 0x54, 0x9c, 0x4a, 0xfa, 0xdb, 0x60, 0x14, 0x29, + 0x4d, 0x5b, 0xd8, 0xdf, 0x2a, 0x6c, 0x44, 0xe5, + 0x38, 0xcd, 0x04, 0x7b, 0x26, 0x81, 0xa5, 0x1a, + 0x2c, 0x60, 0x48, 0x1e, 0x88, 0xc5, 0xa2, 0x0b, + 0x2c, 0X2A, 0X80, 0XCF, 0X3A, 0X9A, 0X08, 0X3B, + }, + }, + { + .in = "abcdbcdecdefdefgefghfghighijhijk", + .in_len = 32, + .out = { + 0x2a, 0x98, 0x7e, 0xa4, 0x0f, 0x91, 0x70, 0x61, + 0xf5, 0xd6, 0xf0, 0xa0, 0xe4, 0x64, 0x4f, 0x48, + 0x8a, 0x7a, 0x5a, 0x52, 0xde, 0xee, 0x65, 0x62, + 0x07, 0xc5, 0x62, 0xf9, 0x88, 0xe9, 0x5c, 0x69, + 0x16, 0xbd, 0xc8, 0x03, 0x1b, 0xc5, 0xbe, 0x1b, + 0x7b, 0x94, 0x76, 0x39, 0xfe, 0x05, 0x0b, 0x56, + 0x93, 0x9b, 0xaa, 0xa0, 0xad, 0xff, 0x9a, 0xe6, + 0x74, 0x5b, 0x7b, 0x18, 0x1c, 0x3b, 0xe3, 0xfd, + }, + }, +}; + +#define N_WHIRLPOOL_TESTS (sizeof(whirlpool_tests) / sizeof(whirlpool_tests[0])) + +static int +whirlpool_test(void) +{ + const struct whirlpool_test *wt; + EVP_MD_CTX *md_ctx = NULL; + const EVP_MD *md = EVP_whirlpool(); + uint8_t out[EVP_MAX_MD_SIZE]; + size_t i, l, in_len; + int failed = 1; + + if ((md_ctx = EVP_MD_CTX_new()) == NULL) { + fprintf(stderr, "FAIL: EVP_MD_CTX_new() failed\n"); + goto failed; + } + + for (i = 0; i < N_WHIRLPOOL_TESTS; i++) { + wt = &whirlpool_tests[i]; + + /* Digest */ + memset(out, 0, sizeof(out)); + WHIRLPOOL(wt->in, wt->in_len, out); + if (memcmp(wt->out, out, WHIRLPOOL_DIGEST_LENGTH) != 0) { + fprintf(stderr, "FAIL (%zu): digest mismatch\n", i); + goto failed; + } + + /* EVP single-shot digest */ + memset(out, 0, sizeof(out)); + if (!EVP_Digest(wt->in, wt->in_len, out, NULL, md, NULL)) { + fprintf(stderr, "FAIL (%zu): EVP_Digest failed\n", i); + goto failed; + } + + if (memcmp(wt->out, out, WHIRLPOOL_DIGEST_LENGTH) != 0) { + fprintf(stderr, + "FAIL (%zu): EVP single-shot mismatch\n", i); + goto failed; + } + + /* EVP digest */ + memset(out, 0, sizeof(out)); + if (!EVP_DigestInit_ex(md_ctx, md, NULL)) { + fprintf(stderr, + "FAIL (%zu): EVP_DigestInit_ex failed\n", i); + goto failed; + } + + for (l = 0; l < wt->in_len;) { + in_len = arc4random_uniform(wt->in_len / 2); + if (in_len < 1) + in_len = 1; + if (in_len > wt->in_len - l) + in_len = wt->in_len - l; + + if (!EVP_DigestUpdate(md_ctx, wt->in + l, in_len)) { + fprintf(stderr, + "FAIL(%zu, %zu): EVP_DigestUpdate failed\n", + i, l); + goto failed; + } + + l += in_len; + } + + if (!EVP_DigestFinal_ex(md_ctx, out, NULL)) { + fprintf(stderr, + "FAIL (%zu): EVP_DigestFinal_ex failed\n", + i); + goto failed; + } + + if (memcmp(wt->out, out, WHIRLPOOL_DIGEST_LENGTH) != 0) { + fprintf(stderr, "FAIL (%zu): EVP mismatch\n", i); + goto failed; + } + } + + failed = 0; + + failed: + EVP_MD_CTX_free(md_ctx); + + return failed; +} + +int +main(int argc, char **argv) +{ + int failed = 0; + + failed |= whirlpool_test(); + + return failed; +} diff --git a/regress/usr.bin/ssh/sftp-cmds.sh b/regress/usr.bin/ssh/sftp-cmds.sh index 78b3c3ca5..52189287d 100644 --- a/regress/usr.bin/ssh/sftp-cmds.sh +++ b/regress/usr.bin/ssh/sftp-cmds.sh @@ -1,4 +1,4 @@ -# $OpenBSD: sftp-cmds.sh,v 1.18 2024/03/26 08:09:16 dtucker Exp $ +# $OpenBSD: sftp-cmds.sh,v 1.19 2024/03/29 10:40:07 dtucker Exp $ # Placed in the Public Domain. # XXX - TODO: @@ -36,7 +36,7 @@ echo "ls ${OBJ}" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \ verbose "$tid: shell" echo "!echo hi there" | ${SFTP} -D ${SFTPSERVER} 2>&1 | \ - grep -E '^hi there$' >/dev/null || fail "shell failed" + egrep '^hi there$' >/dev/null || fail "shell failed" verbose "$tid: pwd" echo "pwd" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \ diff --git a/sys/dev/fdt/dwpcie.c b/sys/dev/fdt/dwpcie.c index 384dc2507..ccbbc2089 100644 --- a/sys/dev/fdt/dwpcie.c +++ b/sys/dev/fdt/dwpcie.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dwpcie.c,v 1.52 2024/02/26 21:41:24 kettenis Exp $ */ +/* $OpenBSD: dwpcie.c,v 1.53 2024/03/29 12:45:13 kettenis Exp $ */ /* * Copyright (c) 2018 Mark Kettenis * @@ -676,7 +676,7 @@ dwpcie_attach_deferred(struct device *self) pmembase = sc->sc_pmem_bus_addr; pmemlimit = pmembase + sc->sc_pmem_size - 1; blr = pmemlimit & PPB_MEM_MASK; - blr |= (pmembase >> PPB_MEM_SHIFT); + blr |= ((pmembase & PPB_MEM_MASK) >> PPB_MEM_SHIFT); HWRITE4(sc, PPB_REG_PREFMEM, blr); HWRITE4(sc, PPB_REG_PREFBASE_HI32, pmembase >> 32); HWRITE4(sc, PPB_REG_PREFLIM_HI32, pmemlimit >> 32); diff --git a/sys/dev/ic/dwqe.c b/sys/dev/ic/dwqe.c index c17e4eab6..4d59f1341 100644 --- a/sys/dev/ic/dwqe.c +++ b/sys/dev/ic/dwqe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dwqe.c,v 1.17 2024/03/04 23:50:20 bluhm Exp $ */ +/* $OpenBSD: dwqe.c,v 1.18 2024/03/29 08:19:40 stsp Exp $ */ /* * Copyright (c) 2008, 2019 Mark Kettenis * Copyright (c) 2017, 2022 Patrick Wildt @@ -593,6 +593,9 @@ dwqe_tx_proc(struct dwqe_softc *sc) struct dwqe_buf *txb; int idx, txfree; + if ((ifp->if_flags & IFF_RUNNING) == 0) + return; + bus_dmamap_sync(sc->sc_dmat, DWQE_DMA_MAP(sc->sc_txring), 0, DWQE_DMA_LEN(sc->sc_txring), BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); diff --git a/sys/dev/pci/sdhc_pci.c b/sys/dev/pci/sdhc_pci.c index f42d414b0..d495d328d 100644 --- a/sys/dev/pci/sdhc_pci.c +++ b/sys/dev/pci/sdhc_pci.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sdhc_pci.c,v 1.25 2024/03/28 23:38:54 jsg Exp $ */ +/* $OpenBSD: sdhc_pci.c,v 1.26 2024/03/29 02:36:49 jsg Exp $ */ /* * Copyright (c) 2006 Uwe Stuehler @@ -132,6 +132,7 @@ sdhc_pci_attach(struct device *parent, struct device *self, void *aux) PCI_PRODUCT(pa->pa_id) == PCI_PRODUCT_INTEL_APOLLOLAKE_EMMC || PCI_PRODUCT(pa->pa_id) == PCI_PRODUCT_INTEL_GLK_EMMC || PCI_PRODUCT(pa->pa_id) == PCI_PRODUCT_INTEL_JSL_EMMC || + PCI_PRODUCT(pa->pa_id) == PCI_PRODUCT_INTEL_EHL_EMMC || PCI_PRODUCT(pa->pa_id) == PCI_PRODUCT_INTEL_ADL_N_EMMC)) sc->sc.sc_flags |= SDHC_F_NOPWR0; diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c index 49ba628c9..16a9989e4 100644 --- a/sys/kern/kern_sysctl.c +++ b/sys/kern/kern_sysctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_sysctl.c,v 1.425 2024/02/10 15:28:16 deraadt Exp $ */ +/* $OpenBSD: kern_sysctl.c,v 1.426 2024/03/29 06:50:06 miod Exp $ */ /* $NetBSD: kern_sysctl.c,v 1.17 1996/05/20 17:49:05 mrg Exp $ */ /*- @@ -666,13 +666,12 @@ int hw_power = 1; /* morally const values reported by sysctl_bounded_arr */ static int byte_order = BYTE_ORDER; -static int page_size = PAGE_SIZE; const struct sysctl_bounded_args hw_vars[] = { {HW_NCPU, &ncpus, SYSCTL_INT_READONLY}, {HW_NCPUFOUND, &ncpusfound, SYSCTL_INT_READONLY}, {HW_BYTEORDER, &byte_order, SYSCTL_INT_READONLY}, - {HW_PAGESIZE, &page_size, SYSCTL_INT_READONLY}, + {HW_PAGESIZE, &uvmexp.pagesize, SYSCTL_INT_READONLY}, {HW_DISKCOUNT, &disk_count, SYSCTL_INT_READONLY}, {HW_POWER, &hw_power, SYSCTL_INT_READONLY}, }; diff --git a/sys/sys/syscall_mi.h b/sys/sys/syscall_mi.h index 0864fa049..c79acb8e0 100644 --- a/sys/sys/syscall_mi.h +++ b/sys/sys/syscall_mi.h @@ -1,4 +1,4 @@ -/* $OpenBSD: syscall_mi.h,v 1.31 2024/01/22 04:38:32 deraadt Exp $ */ +/* $OpenBSD: syscall_mi.h,v 1.32 2024/03/29 06:47:05 deraadt Exp $ */ /* * Copyright (c) 1982, 1986, 1989, 1993 @@ -162,12 +162,6 @@ mi_syscall(struct proc *p, register_t code, const struct sysent *callp, uvm_map_inentry_sp, p->p_vmspace->vm_map.sserial)) return (EPERM); - /* PC must be in un-writeable permitted text (sigtramp, libc, ld.so) */ - if (!uvm_map_inentry(p, &p->p_pcinentry, PROC_PC(p), - "[%s]%d/%d pc=%lx inside %lx-%lx: bogus syscall\n", - uvm_map_inentry_pc, p->p_vmspace->vm_map.wserial)) - return (EPERM); - if ((error = pin_check(p, code))) return (error); diff --git a/usr.bin/kdump/kdump.c b/usr.bin/kdump/kdump.c index dc02fbe87..809193447 100644 --- a/usr.bin/kdump/kdump.c +++ b/usr.bin/kdump/kdump.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kdump.c,v 1.161 2023/12/15 15:12:08 deraadt Exp $ */ +/* $OpenBSD: kdump.c,v 1.162 2024/03/29 07:53:32 deraadt Exp $ */ /*- * Copyright (c) 1988, 1993 @@ -754,7 +754,6 @@ static const formatter scargs[][8] = { [SYS_access] = { Ppath, Accessmodename }, [SYS_chflags] = { Ppath, Chflagsname }, [SYS_fchflags] = { Pfd, Chflagsname }, - [SYS_msyscall] = { Pptr, Pbigsize }, [SYS_stat] = { Ppath, Pptr }, [SYS_lstat] = { Ppath, Pptr }, [SYS_dup] = { Pfd }, diff --git a/usr.sbin/procmap/procmap.1 b/usr.sbin/procmap/procmap.1 index 858a3cec8..bbc465b0b 100644 --- a/usr.sbin/procmap/procmap.1 +++ b/usr.sbin/procmap/procmap.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: procmap.1,v 1.26 2022/11/10 08:17:53 deraadt Exp $ +.\" $OpenBSD: procmap.1,v 1.27 2024/03/29 06:54:13 deraadt Exp $ .\" $NetBSD: pmap.1,v 1.6 2003/01/19 21:25:43 atatat Exp $ .\" .\" Copyright (c) 2002 The NetBSD Foundation, Inc. @@ -28,7 +28,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 10 2022 $ +.Dd $Mdocdate: March 29 2024 $ .Dt PROCMAP 1 .Os .Sh NAME @@ -222,7 +222,7 @@ MAP 0xcf7cac84: [0x0-\*(Gt0xbfbfe000] #ent=8, sz=34041856, ref=1, version=20, flags=0x21 pmap=0xcf44cee0(resident=\*(Ltunknown\*(Gt) - 0xcfa3a358: 0x8048000-\*(Gt0x80b1000: obj=0xcf45a8e8/0x0, amap=0x0/0 - submap=F, cow=T, nc=T, stack=F, syscall=F, immutable=F, prot(max)=5/7, inh=1, wc=0, adv=0 + submap=F, cow=T, nc=T, stack=F, immutable=F, prot(max)=5/7, inh=1, wc=0, adv=0 \&... .Ed .Pp @@ -332,8 +332,6 @@ comprises: permissions for the mapping .It S mapping is marked stack -.It e -mapping is allowed system call entry points .It I mapping is immutable (rwx protection may not be changed) .It p diff --git a/usr.sbin/procmap/procmap.c b/usr.sbin/procmap/procmap.c index 076e6e983..c9a067751 100644 --- a/usr.sbin/procmap/procmap.c +++ b/usr.sbin/procmap/procmap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: procmap.c,v 1.71 2022/11/10 08:17:53 deraadt Exp $ */ +/* $OpenBSD: procmap.c,v 1.72 2024/03/29 06:54:13 deraadt Exp $ */ /* $NetBSD: pmap.c,v 1.1 2002/09/01 20:32:44 atatat Exp $ */ /* @@ -719,14 +719,13 @@ dump_vm_map_entry(kvm_t *kd, struct kbit *vmspace, name = findname(kd, vmspace, vme, vp, vfs, uvm_obj); if (print_map) { - printf("0x%-*lx 0x%-*lx %c%c%c%c%c%c %c%c%c %s %s %d %d %d", + printf("0x%-*lx 0x%-*lx %c%c%c%c%c %c%c%c %s %s %d %d %d", (int)sizeof(long) * 2 + 0, vme->start, (int)sizeof(long) * 2 + 0, vme->end, (vme->protection & PROT_READ) ? 'r' : '-', (vme->protection & PROT_WRITE) ? 'w' : '-', (vme->protection & PROT_EXEC) ? 'x' : '-', (vme->etype & UVM_ET_STACK) ? 'S' : '-', - (vme->etype & UVM_ET_SYSCALL) ? 'e' : '-', (vme->etype & UVM_ET_IMMUTABLE) ? 'I' : '-', (vme->max_protection & PROT_READ) ? 'r' : '-', (vme->max_protection & PROT_WRITE) ? 'w' : '-', @@ -747,14 +746,13 @@ dump_vm_map_entry(kvm_t *kd, struct kbit *vmspace, } if (print_maps) - printf("0x%-*lx 0x%-*lx %c%c%c%c%c%c%c %0*lx %02x:%02x %llu %s\n", + printf("0x%-*lx 0x%-*lx %c%c%c%c%c%c %0*lx %02x:%02x %llu %s\n", (int)sizeof(void *) * 2, vme->start, (int)sizeof(void *) * 2, vme->end, (vme->protection & PROT_READ) ? 'r' : '-', (vme->protection & PROT_WRITE) ? 'w' : '-', (vme->protection & PROT_EXEC) ? 'x' : '-', (vme->etype & UVM_ET_STACK) ? 'S' : '-', - (vme->etype & UVM_ET_SYSCALL) ? 'e' : '-', (vme->etype & UVM_ET_IMMUTABLE) ? 'I' : '-', (vme->etype & UVM_ET_COPYONWRITE) ? 'p' : 's', (int)sizeof(void *) * 2, @@ -769,13 +767,12 @@ dump_vm_map_entry(kvm_t *kd, struct kbit *vmspace, vme->object.uvm_obj, (unsigned long)vme->offset, vme->aref.ar_amap, vme->aref.ar_pageoff); printf("\tsubmap=%c, cow=%c, nc=%c, stack=%c, " - "syscall=%c, immutable=%c, prot(max)=%d/%d, inh=%d, " + "immutable=%c, prot(max)=%d/%d, inh=%d, " "wc=%d, adv=%d\n", (vme->etype & UVM_ET_SUBMAP) ? 'T' : 'F', (vme->etype & UVM_ET_COPYONWRITE) ? 'T' : 'F', (vme->etype & UVM_ET_NEEDSCOPY) ? 'T' : 'F', (vme->etype & UVM_ET_STACK) ? 'T' : 'F', - (vme->etype & UVM_ET_SYSCALL) ? 'T' : 'F', (vme->etype & UVM_ET_IMMUTABLE) ? 'T' : 'F', vme->protection, vme->max_protection, vme->inheritance, vme->wired_count, vme->advice); @@ -816,7 +813,7 @@ dump_vm_map_entry(kvm_t *kd, struct kbit *vmspace, } sz = (size_t)((vme->end - vme->start) / 1024); - printf("%0*lx-%0*lx %7luk %0*lx %c%c%c%c%c%c%c%c (%c%c%c) %d/%d/%d %02u:%02u %7llu - %s", + printf("%0*lx-%0*lx %7luk %0*lx %c%c%c%c%c%c%c (%c%c%c) %d/%d/%d %02u:%02u %7llu - %s", (int)sizeof(void *) * 2, vme->start, (int)sizeof(void *) * 2, vme->end - (vme->start != vme->end ? 1 : 0), (unsigned long)sz, (int)sizeof(void *) * 2, (unsigned long)vme->offset, @@ -824,7 +821,6 @@ dump_vm_map_entry(kvm_t *kd, struct kbit *vmspace, (vme->protection & PROT_WRITE) ? 'w' : '-', (vme->protection & PROT_EXEC) ? 'x' : '-', (vme->etype & UVM_ET_STACK) ? 'S' : '-', - (vme->etype & UVM_ET_SYSCALL) ? 'e' : '-', (vme->etype & UVM_ET_IMMUTABLE) ? 'I' : '-', (vme->etype & UVM_ET_COPYONWRITE) ? 'p' : 's', (vme->etype & UVM_ET_NEEDSCOPY) ? '+' : '-',