From cc5edceac313c012439283f6de8ec0be9ab151c3 Mon Sep 17 00:00:00 2001 From: purplerain Date: Thu, 28 Mar 2024 05:02:39 +0000 Subject: [PATCH] sync with OpenBSD -current --- bin/ls/print.c | 10 +- lib/libc/arch/sh/SYS.h | 63 +- lib/libc/arch/sh/sys/brk.S | 16 +- lib/libc/arch/sh/sys/sbrk.S | 16 +- lib/libc/arch/sh/sys/sigprocmask.S | 19 +- lib/libc/arch/sh/sys/sigsuspend.S | 19 +- lib/libc/arch/sh/sys/tfork_thread.S | 31 +- lib/libc/sys/pinsyscall.2 | 77 - lib/libcrypto/Makefile | 23 +- lib/libcrypto/Symbols.namespace | 19 + lib/libcrypto/aes/aes.c | 190 +++ lib/libcrypto/aes/aes_core.c | 282 +--- lib/libcrypto/aes/aes_local.h | 5 +- lib/libcrypto/aes/aes_x86core.c | 1081 -------------- lib/libcrypto/aes/asm/aesni-sha1-x86_64.pl | 1237 ----------------- lib/libcrypto/arch/aarch64/Makefile.inc | 8 +- lib/libcrypto/arch/alpha/Makefile.inc | 10 +- lib/libcrypto/arch/amd64/Makefile.inc | 11 +- lib/libcrypto/arch/arm/Makefile.inc | 6 - lib/libcrypto/arch/hppa/Makefile.inc | 12 +- lib/libcrypto/arch/i386/Makefile.inc | 13 +- lib/libcrypto/arch/mips64/Makefile.inc | 8 +- lib/libcrypto/arch/powerpc/Makefile.inc | 8 +- lib/libcrypto/arch/powerpc64/Makefile.inc | 8 +- lib/libcrypto/arch/riscv64/Makefile.inc | 13 +- lib/libcrypto/arch/sparc64/Makefile.inc | 12 +- lib/libcrypto/asn1/p5_pbe.c | 5 +- lib/libcrypto/bf/asm/bf-586.pl | 137 -- lib/libcrypto/bf/bf_cbc.c | 137 -- lib/libcrypto/bf/bf_cfb64.c | 124 -- lib/libcrypto/bf/bf_ecb.c | 89 -- lib/libcrypto/bf/bf_enc.c | 304 ---- lib/libcrypto/bf/bf_local.h | 71 +- lib/libcrypto/bf/bf_ofb64.c | 111 -- lib/libcrypto/bf/{bf_skey.c => blowfish.c} | 312 ++++- lib/libcrypto/engine/engine_stubs.c | 21 +- lib/libcrypto/evp/m_sigver.c | 18 +- lib/libcrypto/evp/p_legacy.c | 8 +- lib/libcrypto/hidden/openssl/engine.h | 48 + lib/libcrypto/md4/md4.c | 184 ++- lib/libcrypto/rc4/asm/rc4-586.pl | 13 +- lib/libcrypto/rc4/asm/rc4-x86_64.pl | 16 +- lib/libcrypto/rc4/{rc4_enc.c => rc4.c} | 61 +- lib/libcrypto/rc4/rc4.h | 3 +- lib/libcrypto/rc4/rc4_local.h | 5 - lib/libcrypto/rc4/rc4_skey.c | 99 -- lib/libssl/ssl_lib.c | 8 +- lib/libssl/ssl_sess.c | 5 +- lib/libssl/ssl_tlsext.c | 158 ++- lib/libtls/tls.c | 18 +- lib/libtls/tls.h | 3 +- lib/libtls/tls_config.c | 6 +- lib/libtls/tls_signer.c | 13 +- lib/libz/inflate.h | 2 +- lib/libz/zconf.h | 2 + regress/lib/libssl/tlsext/tlsexttest.c | 106 +- sys/arch/arm64/arm64/pmap.c | 3 +- sys/dev/fdt/bcm2711_pcie.c | 28 +- sys/dev/fdt/files.fdt | 4 +- sys/dev/ofw/fdt.c | 30 +- sys/dev/pci/drm/amd/amdgpu/amdgpu_atom.c | 2 +- sys/dev/pci/drm/amd/amdgpu/amdgpu_discovery.c | 6 +- sys/dev/pci/drm/amd/amdgpu/soc15.c | 45 +- .../pci/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 16 +- .../amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 2 +- .../amd/display/dc/dcn10/dcn10_hw_sequencer.c | 7 +- .../link/protocols/link_edp_panel_control.c | 3 +- .../pci/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 4 +- .../drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 4 +- .../drm/amd/pm/swsmu/smu13/smu_v13_0_6_ppt.c | 4 +- sys/dev/pci/drm/i915/gt/uc/intel_huc.c | 8 +- sys/dev/pci/drm/include/drm/drm_fixed.h | 5 +- sys/dev/pci/drm/include/linux/ktime.h | 8 +- sys/dev/pci/drm/radeon/ni.c | 2 +- sys/kern/init_sysent.c | 8 +- sys/kern/kern_pledge.c | 3 +- sys/kern/syscalls.c | 6 +- sys/kern/syscalls.master | 4 +- sys/kern/uipc_socket.c | 25 +- sys/kern/uipc_socket2.c | 33 +- sys/lib/libz/inflate.h | 2 +- sys/lib/libz/zconf.h | 2 + sys/sys/socketvar.h | 21 +- sys/sys/syscall.h | 8 +- sys/sys/syscallargs.h | 11 +- sys/uvm/uvm_km.c | 8 +- sys/uvm/uvm_mmap.c | 11 +- 87 files changed, 1329 insertions(+), 4278 deletions(-) delete mode 100644 lib/libc/sys/pinsyscall.2 create mode 100644 lib/libcrypto/aes/aes.c delete mode 100644 lib/libcrypto/aes/aes_x86core.c delete mode 100644 lib/libcrypto/aes/asm/aesni-sha1-x86_64.pl delete mode 100644 lib/libcrypto/bf/asm/bf-586.pl delete mode 100644 lib/libcrypto/bf/bf_cbc.c delete mode 100644 lib/libcrypto/bf/bf_cfb64.c delete mode 100644 lib/libcrypto/bf/bf_ecb.c delete mode 100644 lib/libcrypto/bf/bf_enc.c delete mode 100644 lib/libcrypto/bf/bf_ofb64.c rename lib/libcrypto/bf/{bf_skey.c => blowfish.c} (75%) create mode 100644 lib/libcrypto/hidden/openssl/engine.h rename lib/libcrypto/rc4/{rc4_enc.c => rc4.c} (88%) delete mode 100644 lib/libcrypto/rc4/rc4_local.h delete mode 100644 lib/libcrypto/rc4/rc4_skey.c diff --git a/bin/ls/print.c b/bin/ls/print.c index ce3b82d10..aa37dd770 100644 --- a/bin/ls/print.c +++ b/bin/ls/print.c @@ -1,4 +1,4 @@ -/* $OpenBSD: print.c,v 1.40 2023/10/07 11:51:08 schwarze Exp $ */ +/* $OpenBSD: print.c,v 1.41 2024/03/27 14:44:52 millert Exp $ */ /* $NetBSD: print.c,v 1.15 1996/12/11 03:25:39 thorpej Exp $ */ /* @@ -241,6 +241,7 @@ static void printtime(time_t ftime) { char f_date[DATELEN]; + struct tm *tm; static time_t now; static int now_set = 0; @@ -252,9 +253,14 @@ printtime(time_t ftime) /* * convert time to string, and print */ + if ((tm = localtime(&ftime)) == NULL) { + /* Invalid time stamp, just display the epoch. */ + ftime = 0; + tm = localtime(&ftime); + } if (strftime(f_date, sizeof(f_date), f_sectime ? "%b %e %H:%M:%S %Y" : (ftime <= now - SIXMONTHS || ftime > now) ? "%b %e %Y" : - "%b %e %H:%M", localtime(&ftime)) == 0) + "%b %e %H:%M", tm) == 0) f_date[0] = '\0'; printf("%s ", f_date); diff --git a/lib/libc/arch/sh/SYS.h b/lib/libc/arch/sh/SYS.h index cb3fd7ef1..684ac5233 100644 --- a/lib/libc/arch/sh/SYS.h +++ b/lib/libc/arch/sh/SYS.h @@ -1,4 +1,4 @@ -/* $OpenBSD: SYS.h,v 1.15 2023/12/11 22:24:16 kettenis Exp $ */ +/* $OpenBSD: SYS.h,v 1.16 2024/03/27 20:03:29 miod Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. * All rights reserved. @@ -78,13 +78,6 @@ #define SYSENTRY_HIDDEN(x) \ ENTRY(_thread_sys_ ## x) -#define __END_HIDDEN(x) \ - SET_ENTRY_SIZE(_thread_sys_ ## x); \ - _HIDDEN_FALIAS(x,_thread_sys_ ## x); \ - SET_ENTRY_SIZE(_HIDDEN(x)) -#define __END(x) \ - __END_HIDDEN(x); SET_ENTRY_SIZE(x) - #define PINSYSCALL(sysno, label) \ .pushsection .openbsd.syscalls,"",@progbits; \ .p2align 2; \ @@ -95,7 +88,8 @@ #ifdef __ASSEMBLER__ /* * If the system call number fits in a 8-bit signed value (i.e. fits in 7 bits), - * then we can use the #imm8 addressing mode. + * then we can use the #imm8 addressing mode. Otherwise, we'll load the number + * from memory at the end of the system call wrapper. */ .macro systrap num @@ -107,13 +101,26 @@ mov.l 903f, r0 97: trapa #0x80 PINSYSCALL(\num, 97b) - bra 904f - nop - .align 2 - 903: .long \num - 904: .endif .endm + +.macro systrap_data num +.iflt \num - 128 +.else + .text + .align 2 + 903: .long \num +.endif +.endm + +.macro syscall_error num +.ifeq \num - SYS_lseek + mov #-1, r1 +.endif + rts + mov #-1, r0 +.endm + #endif #define SYSTRAP(x) \ @@ -126,26 +133,32 @@ SYSENTRY_HIDDEN(x); \ SYSTRAP(y) -#define SET_ERRNO_AND_RETURN \ +#define SET_ERRNO_AND_RETURN(y) \ stc gbr,r1; \ mov #TCB_OFFSET_ERRNO_NEG,r2; \ sub r2,r1; \ mov.l r0,@r1; \ - mov #-1, r1; /* for lseek */ \ - rts; \ - mov #-1, r0 + syscall_error SYS_ ## y #define _SYSCALL(x,y) \ .text; \ - 911: SET_ERRNO_AND_RETURN; \ + 911: SET_ERRNO_AND_RETURN(y); \ _SYSCALL_NOERROR(x,y); \ bf 911b #define _SYSCALL_HIDDEN(x,y) \ .text; \ - 911: SET_ERRNO_AND_RETURN; \ + 911: SET_ERRNO_AND_RETURN(y); \ _SYSCALL_HIDDEN_NOERROR(x,y); \ bf 911b +#define __END_HIDDEN(x,y) \ + systrap_data SYS_ ## y; \ + SET_ENTRY_SIZE(_thread_sys_ ## x); \ + _HIDDEN_FALIAS(x,_thread_sys_ ## x); \ + SET_ENTRY_SIZE(_HIDDEN(x)) +#define __END(x,y) \ + __END_HIDDEN(x,y); SET_ENTRY_SIZE(x) + #define SYSCALL_NOERROR(x) \ _SYSCALL_NOERROR(x,x) @@ -156,22 +169,22 @@ _SYSCALL_NOERROR(x,y); \ rts; \ nop; \ - __END(x) + __END(x,y) #define PSEUDO(x,y) \ _SYSCALL(x,y); \ rts; \ nop; \ - __END(x) + __END(x,y) #define PSEUDO_HIDDEN(x,y) \ _SYSCALL_HIDDEN(x,y); \ rts; \ nop; \ - __END_HIDDEN(x) + __END_HIDDEN(x,y) #define RSYSCALL_NOERROR(x) PSEUDO_NOERROR(x,x) #define RSYSCALL(x) PSEUDO(x,x) #define RSYSCALL_HIDDEN(x) PSEUDO_HIDDEN(x,x) -#define SYSCALL_END(x) __END(x) -#define SYSCALL_END_HIDDEN(x) __END_HIDDEN(x) +#define SYSCALL_END(x) __END(x,x) +#define SYSCALL_END_HIDDEN(x) __END_HIDDEN(x,x) diff --git a/lib/libc/arch/sh/sys/brk.S b/lib/libc/arch/sh/sys/brk.S index 5a98da359..5701f48fc 100644 --- a/lib/libc/arch/sh/sys/brk.S +++ b/lib/libc/arch/sh/sys/brk.S @@ -1,4 +1,4 @@ -/* $OpenBSD: brk.S,v 1.9 2023/12/10 16:45:52 deraadt Exp $ */ +/* $OpenBSD: brk.S,v 1.10 2024/03/27 20:03:29 miod Exp $ */ /* $NetBSD: brk.S,v 1.10 2006/01/06 03:58:31 uwe Exp $ */ /*- @@ -64,13 +64,7 @@ ENTRY(brk) bf 1f mov r0, r4 1: -#if SYS_break >= 128 - mov.l LSYS_break, r0 -#else - mov #SYS_break, r0 -#endif -99: trapa #0x80 - PINSYSCALL(SYS_break, 99b) + systrap SYS_break bf 2f #ifdef __PIC__ mov.l Lcurbrk, r0 @@ -83,12 +77,10 @@ ENTRY(brk) rts mov.l r4, @r1 2: - SET_ERRNO_AND_RETURN + SET_ERRNO_AND_RETURN(break) .align 2 -#if SYS_break >= 128 -LSYS_break: .long SYS_break -#endif + systrap_data SYS_break #ifdef __PIC__ L_GOT: .long _GLOBAL_OFFSET_TABLE_ Lminbrk: .long __minbrk@GOT diff --git a/lib/libc/arch/sh/sys/sbrk.S b/lib/libc/arch/sh/sys/sbrk.S index b86d0eb75..a250c8d84 100644 --- a/lib/libc/arch/sh/sys/sbrk.S +++ b/lib/libc/arch/sh/sys/sbrk.S @@ -1,4 +1,4 @@ -/* $OpenBSD: sbrk.S,v 1.9 2023/12/10 16:45:52 deraadt Exp $ */ +/* $OpenBSD: sbrk.S,v 1.10 2024/03/27 20:03:29 miod Exp $ */ /* $NetBSD: sbrk.S,v 1.9 2006/01/06 03:58:31 uwe Exp $ */ /*- @@ -64,13 +64,7 @@ ENTRY(sbrk) #endif mov.l @r0, r0 add r0, r4 -#if SYS_break >= 128 - mov.l LSYS_break, r0 -#else - mov #SYS_break, r0 -#endif -99: trapa #0x80 - PINSYSCALL(SYS_break, 99b) + systrap SYS_break bf 1f #ifdef __PIC__ mov.l Lcurbrk, r0 @@ -83,12 +77,10 @@ ENTRY(sbrk) rts mov.l r2, @r1 1: - SET_ERRNO_AND_RETURN + SET_ERRNO_AND_RETURN(break) .align 2 -#if SYS_break >= 128 -LSYS_break: .long SYS_break -#endif + systrap_data SYS_break #ifdef __PIC__ L_GOT: .long _GLOBAL_OFFSET_TABLE_ Lcurbrk: .long __curbrk@GOT diff --git a/lib/libc/arch/sh/sys/sigprocmask.S b/lib/libc/arch/sh/sys/sigprocmask.S index 28841e600..34421e4db 100644 --- a/lib/libc/arch/sh/sys/sigprocmask.S +++ b/lib/libc/arch/sh/sys/sigprocmask.S @@ -1,4 +1,4 @@ -/* $OpenBSD: sigprocmask.S,v 1.7 2023/12/10 16:45:52 deraadt Exp $ */ +/* $OpenBSD: sigprocmask.S,v 1.8 2024/03/27 20:03:29 miod Exp $ */ /* $NetBSD: sigprocmask.S,v 1.6 2003/08/07 16:42:21 agc Exp $ */ /*- @@ -47,13 +47,7 @@ SYSENTRY_HIDDEN(sigprocmask) 1: mov.l @r2, r2 /* fetch indirect ... */ mov r2, r5 /* to new mask arg */ 2: -#if SYS_sigprocmask >= 128 - mov.l LSYS_sigprocmask, r0 -#else - mov #SYS_sigprocmask, r0 -#endif -99: trapa #0x80 - PINSYSCALL(SYS_sigprocmask, 99b) + systrap SYS_sigprocmask bf 4f mov r6, r2 /* fetch old mask requested */ tst r2, r2 /* test if old mask requested */ @@ -64,11 +58,6 @@ SYSENTRY_HIDDEN(sigprocmask) rts nop 4: - SET_ERRNO_AND_RETURN - - .align 2 -#if SYS_sigprocmask >= 128 -LSYS_sigprocmask: - .long SYS_sigprocmask -#endif + SET_ERRNO_AND_RETURN(sigprocmask) + systrap_data(SYS_sigprocmask) SYSCALL_END_HIDDEN(sigprocmask) diff --git a/lib/libc/arch/sh/sys/sigsuspend.S b/lib/libc/arch/sh/sys/sigsuspend.S index b2e2b25fc..6e2f6ad51 100644 --- a/lib/libc/arch/sh/sys/sigsuspend.S +++ b/lib/libc/arch/sh/sys/sigsuspend.S @@ -1,4 +1,4 @@ -/* $OpenBSD: sigsuspend.S,v 1.6 2023/12/10 16:45:52 deraadt Exp $ */ +/* $OpenBSD: sigsuspend.S,v 1.7 2024/03/27 20:03:29 miod Exp $ */ /* $NetBSD: sigsuspend.S,v 1.5 2003/08/07 16:42:21 agc Exp $ */ /*- @@ -41,18 +41,7 @@ SYSENTRY_HIDDEN(sigsuspend) mov r4, r0 /* fetch mask arg */ mov.l @r0, r0 /* indirect to mask arg */ mov r0, r4 -#if SYS_sigsuspend >= 128 - mov.l LSYS_sigsuspend, r0 -#else - mov #SYS_sigsuspend, r0 -#endif -99: trapa #0x80 - PINSYSCALL(SYS_sigsuspend, 99b) - SET_ERRNO_AND_RETURN - - .align 2 -#if SYS_sigsuspend >= 128 -LSYS_sigsuspend: - .long SYS_sigsuspend -#endif + systrap SYS_sigsuspend + SET_ERRNO_AND_RETURN(sigsuspend) + systrap_data SYS_sigsuspend SYSCALL_END_HIDDEN(sigsuspend) diff --git a/lib/libc/arch/sh/sys/tfork_thread.S b/lib/libc/arch/sh/sys/tfork_thread.S index b17f2cffc..fb2d9e49d 100644 --- a/lib/libc/arch/sh/sys/tfork_thread.S +++ b/lib/libc/arch/sh/sys/tfork_thread.S @@ -1,4 +1,4 @@ -/* $OpenBSD: tfork_thread.S,v 1.5 2023/12/10 16:45:52 deraadt Exp $ */ +/* $OpenBSD: tfork_thread.S,v 1.6 2024/03/27 20:03:29 miod Exp $ */ /* * Copyright (c) 2007 Miodrag Vallat. @@ -24,13 +24,7 @@ * r4 r5 r6 r7 */ ENTRY(__tfork_thread) -#if SYS___tfork >= 128 - mov.l .LSYS___tfork, r0 -#else - mov #SYS___tfork, r0 -#endif -99: trapa #0x80 - PINSYSCALL(SYS___tfork, 99b) + systrap SYS___tfork bf 9f tst r0, r0 @@ -42,6 +36,8 @@ ENTRY(__tfork_thread) rts nop + systrap_data SYS___tfork + 1: /* * In child process: invoke function, then exit. @@ -49,26 +45,13 @@ ENTRY(__tfork_thread) jsr @r6 mov r7, r4 -#if SYS___threxit >= 128 - mov.l .LSYS___threxit, r0 -#else - mov #SYS___threxit, r0 -#endif -98: trapa #0x80 - PINSYSCALL(SYS___threxit, 98b) + systrap SYS___threxit + systrap_data SYS___threxit 9: /* * System call failure. */ - SET_ERRNO_AND_RETURN - - .align 2 -#if SYS___tfork >= 128 -.LSYS___tfork: .long SYS___tfork -#endif -#if SYS___threxit >= 128 -.LSYS___threxit: .long SYS___threxit -#endif + SET_ERRNO_AND_RETURN(__tfork) SET_ENTRY_SIZE(__tfork_thread) diff --git a/lib/libc/sys/pinsyscall.2 b/lib/libc/sys/pinsyscall.2 deleted file mode 100644 index deeff401a..000000000 --- a/lib/libc/sys/pinsyscall.2 +++ /dev/null @@ -1,77 +0,0 @@ -.\" $OpenBSD: pinsyscall.2,v 1.5 2023/02/21 19:49:50 jmc Exp $ -.\" -.\" Copyright (c) 2023 Theo de Raadt -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: February 21 2023 $ -.Dt PINSYSCALL 2 -.Os -.Sh NAME -.Nm pinsyscall -.Nd specify the call stub for a specific system call -.Sh SYNOPSIS -.In sys/types.h -.In sys/syscall.h -.Ft int -.Fn pinsyscall "int syscall" "void *start" "size_t len" -.Sh DESCRIPTION -The -.Fn pinsyscall -system call specifies the -.Va start -to -.Va start + len -range in the address space where the call stub for the specified -.Va syscall -resides. -This range is typically under 80 bytes long, and varies by architecture. -.Pp -Only the -.Va SYS_execve -system call is currently supported. -The shared library linker -.Pa ld.so -automatically tells the kernel about -.Va SYS_execve -at startup. -For static binaries, libc initialization performs the same action. -.Pp -Once the kernel knows the specific location in the address space where -that system call must be entered from, any attempt to use a system-call -entry instruction to perform the specified -.Va syscall -from a different address range will deliver -.Dv SIGABRT . -.Sh RETURN VALUES -.Rv -std -.Sh ERRORS -.Fn pinsyscall -will fail if: -.Bl -tag -width Er -.It Bq Er EINVAL -Unsupported syscall. -.It Bq Er EFAULT -The range between -.Va start -and -.Va start + len -is not in the address space. -.It Bq Er EPERM -The range for the specified syscall has been previously set. -.El -.Sh HISTORY -The -.Fn pinsyscall -system call first appeared in -.Ox 7.3 . diff --git a/lib/libcrypto/Makefile b/lib/libcrypto/Makefile index 8c3d05bd4..17aaab3a9 100644 --- a/lib/libcrypto/Makefile +++ b/lib/libcrypto/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.175 2024/03/19 19:27:33 tb Exp $ +# $OpenBSD: Makefile,v 1.183 2024/03/28 02:09:28 jsing Exp $ LIB= crypto LIBREBUILD=y @@ -72,12 +72,8 @@ SRCS+= o_fips.c SRCS+= o_str.c # aes/ -SRCS+= aes_cfb.c -SRCS+= aes_ctr.c -SRCS+= aes_ecb.c +SRCS+= aes.c SRCS+= aes_ige.c -SRCS+= aes_ofb.c -SRCS+= aes_wrap.c # asn1/ SRCS+= a_bitstr.c @@ -142,10 +138,7 @@ SRCS+= x_x509.c SRCS+= x_x509a.c # bf/ -SRCS+= bf_cfb64.c -SRCS+= bf_ecb.c -SRCS+= bf_ofb64.c -SRCS+= bf_skey.c +SRCS+= blowfish.c # bio/ SRCS+= b_dump.c @@ -273,12 +266,14 @@ SRCS+= cbc_enc.c SRCS+= cfb64ede.c SRCS+= cfb64enc.c SRCS+= cfb_enc.c +SRCS+= des_enc.c SRCS+= ecb3_enc.c SRCS+= ecb_enc.c SRCS+= ede_cbcm_enc.c SRCS+= enc_read.c SRCS+= enc_writ.c SRCS+= fcrypt.c +SRCS+= fcrypt_b.c SRCS+= ofb64ede.c SRCS+= ofb64enc.c SRCS+= ofb_enc.c @@ -497,6 +492,9 @@ SRCS+= rc2_skey.c SRCS+= rc2cfb64.c SRCS+= rc2ofb64.c +# rc4/ +SRCS+= rc4.c + # ripemd/ SRCS+= ripemd.c @@ -793,14 +791,9 @@ obj_dat.h: obj_mac.h ${SSL_OBJECTS}/obj_dat.pl CFLAGS+=-DOPENSSL_NO_ASM SRCS+= aes_core.c SRCS+= aes_cbc.c -SRCS+= bf_enc.c SRCS+= camellia.c SRCS+= cmll_cbc.c SRCS+= cmll_misc.c -SRCS+= des_enc.c -SRCS+= fcrypt_b.c -SRCS+= rc4_enc.c -SRCS+= rc4_skey.c SRCS+= wp_block.c .endif diff --git a/lib/libcrypto/Symbols.namespace b/lib/libcrypto/Symbols.namespace index 95b2a3372..adb4330f0 100644 --- a/lib/libcrypto/Symbols.namespace +++ b/lib/libcrypto/Symbols.namespace @@ -2523,3 +2523,22 @@ _libre_OPENSSL_gmtime _libre_OPENSSL_timegm _libre_OPENSSL_posix_to_tm _libre_OPENSSL_tm_to_posix +_libre_ENGINE_load_builtin_engines +_libre_ENGINE_load_dynamic +_libre_ENGINE_load_openssl +_libre_ENGINE_register_all_complete +_libre_ENGINE_cleanup +_libre_ENGINE_new +_libre_ENGINE_free +_libre_ENGINE_init +_libre_ENGINE_finish +_libre_ENGINE_by_id +_libre_ENGINE_get_id +_libre_ENGINE_get_name +_libre_ENGINE_set_default +_libre_ENGINE_get_default_RSA +_libre_ENGINE_set_default_RSA +_libre_ENGINE_ctrl_cmd +_libre_ENGINE_ctrl_cmd_string +_libre_ENGINE_load_private_key +_libre_ENGINE_load_public_key diff --git a/lib/libcrypto/aes/aes.c b/lib/libcrypto/aes/aes.c new file mode 100644 index 000000000..d3bf85947 --- /dev/null +++ b/lib/libcrypto/aes/aes.c @@ -0,0 +1,190 @@ +/* $OpenBSD: aes.c,v 1.1 2024/03/28 00:57:26 jsing Exp $ */ +/* ==================================================================== + * Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include + +#include +#include +#include + +static const unsigned char aes_wrap_default_iv[] = { + 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, +}; + +/* + * The input and output encrypted as though 128bit cfb mode is being + * used. The extra state information to record how much of the + * 128bit block we have used is contained in *num; + */ + +void +AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, size_t length, + const AES_KEY *key, unsigned char *ivec, int *num, const int enc) +{ + CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc, + (block128_f)AES_encrypt); +} + +/* N.B. This expects the input to be packed, MS bit first */ +void +AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, size_t length, + const AES_KEY *key, unsigned char *ivec, int *num, const int enc) +{ + CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc, + (block128_f)AES_encrypt); +} + +void +AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, size_t length, + const AES_KEY *key, unsigned char *ivec, int *num, const int enc) +{ + CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc, + (block128_f)AES_encrypt); +} + +void +AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, unsigned char ivec[AES_BLOCK_SIZE], + unsigned char ecount_buf[AES_BLOCK_SIZE], unsigned int *num) +{ + CRYPTO_ctr128_encrypt(in, out, length, key, ivec, ecount_buf, num, + (block128_f)AES_encrypt); +} + +void +AES_ecb_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key, const int enc) +{ + if (AES_ENCRYPT == enc) + AES_encrypt(in, out, key); + else + AES_decrypt(in, out, key); +} + +void +AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, size_t length, + const AES_KEY *key, unsigned char *ivec, int *num) +{ + CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num, + (block128_f)AES_encrypt); +} + +int +AES_wrap_key(AES_KEY *key, const unsigned char *iv, unsigned char *out, + const unsigned char *in, unsigned int inlen) +{ + unsigned char *A, B[16], *R; + unsigned int i, j, t; + + if ((inlen & 0x7) || (inlen < 16)) + return -1; + A = B; + t = 1; + memmove(out + 8, in, inlen); + if (!iv) + iv = aes_wrap_default_iv; + + memcpy(A, iv, 8); + + for (j = 0; j < 6; j++) { + R = out + 8; + for (i = 0; i < inlen; i += 8, t++, R += 8) { + memcpy(B + 8, R, 8); + AES_encrypt(B, B, key); + A[7] ^= (unsigned char)(t & 0xff); + if (t > 0xff) { + A[6] ^= (unsigned char)((t >> 8) & 0xff); + A[5] ^= (unsigned char)((t >> 16) & 0xff); + A[4] ^= (unsigned char)((t >> 24) & 0xff); + } + memcpy(R, B + 8, 8); + } + } + memcpy(out, A, 8); + return inlen + 8; +} + +int +AES_unwrap_key(AES_KEY *key, const unsigned char *iv, unsigned char *out, + const unsigned char *in, unsigned int inlen) +{ + unsigned char *A, B[16], *R; + unsigned int i, j, t; + + if ((inlen & 0x7) || (inlen < 24)) + return -1; + inlen -= 8; + A = B; + t = 6 * (inlen >> 3); + memcpy(A, in, 8); + memmove(out, in + 8, inlen); + for (j = 0; j < 6; j++) { + R = out + inlen - 8; + for (i = 0; i < inlen; i += 8, t--, R -= 8) { + A[7] ^= (unsigned char)(t & 0xff); + if (t > 0xff) { + A[6] ^= (unsigned char)((t >> 8) & 0xff); + A[5] ^= (unsigned char)((t >> 16) & 0xff); + A[4] ^= (unsigned char)((t >> 24) & 0xff); + } + memcpy(B + 8, R, 8); + AES_decrypt(B, B, key); + memcpy(R, B + 8, 8); + } + } + if (!iv) + iv = aes_wrap_default_iv; + if (memcmp(A, iv, 8)) { + explicit_bzero(out, inlen); + return 0; + } + return inlen; +} diff --git a/lib/libcrypto/aes/aes_core.c b/lib/libcrypto/aes/aes_core.c index e3fdb4fd5..bb1006acf 100644 --- a/lib/libcrypto/aes/aes_core.c +++ b/lib/libcrypto/aes/aes_core.c @@ -1,4 +1,4 @@ -/* $OpenBSD: aes_core.c,v 1.14 2022/11/26 16:08:50 tb Exp $ */ +/* $OpenBSD: aes_core.c,v 1.19 2024/03/27 11:15:44 jsing Exp $ */ /** * rijndael-alg-fst.c * @@ -25,20 +25,18 @@ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* Note: rewritten a little bit to provide error control and an OpenSSL- - compatible API */ - -#ifndef AES_DEBUG -# ifndef NDEBUG -# define NDEBUG -# endif -#endif +/* + * Note: rewritten a little bit to provide error control and an OpenSSL- + * compatible API. + */ #include -#include -#include "aes_local.h" -#ifndef AES_ASM +#include + +#include "aes_local.h" +#include "crypto_internal.h" + /* Te0[x] = S [x].[02, 01, 01, 03]; Te1[x] = S [x].[03, 02, 01, 01]; @@ -645,10 +643,10 @@ AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) else key->rounds = 14; - rk[0] = GETU32(userKey); - rk[1] = GETU32(userKey + 4); - rk[2] = GETU32(userKey + 8); - rk[3] = GETU32(userKey + 12); + rk[0] = crypto_load_be32toh(&userKey[0 * 4]); + rk[1] = crypto_load_be32toh(&userKey[1 * 4]); + rk[2] = crypto_load_be32toh(&userKey[2 * 4]); + rk[3] = crypto_load_be32toh(&userKey[3 * 4]); if (bits == 128) { while (1) { temp = rk[3]; @@ -667,8 +665,8 @@ AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) rk += 4; } } - rk[4] = GETU32(userKey + 16); - rk[5] = GETU32(userKey + 20); + rk[4] = crypto_load_be32toh(&userKey[4 * 4]); + rk[5] = crypto_load_be32toh(&userKey[5 * 4]); if (bits == 192) { while (1) { temp = rk[5]; @@ -689,8 +687,8 @@ AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) rk += 6; } } - rk[6] = GETU32(userKey + 24); - rk[7] = GETU32(userKey + 28); + rk[6] = crypto_load_be32toh(&userKey[6 * 4]); + rk[7] = crypto_load_be32toh(&userKey[7 * 4]); if (bits == 256) { while (1) { temp = rk[7]; @@ -781,6 +779,7 @@ AES_set_decrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) return 0; } +#ifndef AES_ASM /* * Encrypt a single block * in and out can overlap @@ -800,10 +799,10 @@ AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key) * map byte array block to cipher state * and add initial round key: */ - s0 = GETU32(in ) ^ rk[0]; - s1 = GETU32(in + 4) ^ rk[1]; - s2 = GETU32(in + 8) ^ rk[2]; - s3 = GETU32(in + 12) ^ rk[3]; + s0 = crypto_load_be32toh(&in[0 * 4]) ^ rk[0]; + s1 = crypto_load_be32toh(&in[1 * 4]) ^ rk[1]; + s2 = crypto_load_be32toh(&in[2 * 4]) ^ rk[2]; + s3 = crypto_load_be32toh(&in[3 * 4]) ^ rk[3]; #ifdef FULL_UNROLL /* round 1: */ t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4]; @@ -947,28 +946,28 @@ AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key) (Te0[(t2 >> 8) & 0xff] & 0x0000ff00) ^ (Te1[(t3) & 0xff] & 0x000000ff) ^ rk[0]; - PUTU32(out, s0); + crypto_store_htobe32(&out[0 * 4], s0); s1 = (Te2[(t1 >> 24)] & 0xff000000) ^ (Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^ (Te0[(t3 >> 8) & 0xff] & 0x0000ff00) ^ (Te1[(t0) & 0xff] & 0x000000ff) ^ rk[1]; - PUTU32(out + 4, s1); + crypto_store_htobe32(&out[1 * 4], s1); s2 = (Te2[(t2 >> 24)] & 0xff000000) ^ (Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^ (Te0[(t0 >> 8) & 0xff] & 0x0000ff00) ^ (Te1[(t1) & 0xff] & 0x000000ff) ^ rk[2]; - PUTU32(out + 8, s2); + crypto_store_htobe32(&out[2 * 4], s2); s3 = (Te2[(t3 >> 24)] & 0xff000000) ^ (Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^ (Te0[(t1 >> 8) & 0xff] & 0x0000ff00) ^ (Te1[(t2) & 0xff] & 0x000000ff) ^ rk[3]; - PUTU32(out + 12, s3); + crypto_store_htobe32(&out[3 * 4], s3); } /* @@ -990,10 +989,10 @@ AES_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key) * map byte array block to cipher state * and add initial round key: */ - s0 = GETU32(in) ^ rk[0]; - s1 = GETU32(in + 4) ^ rk[1]; - s2 = GETU32(in + 8) ^ rk[2]; - s3 = GETU32(in + 12) ^ rk[3]; + s0 = crypto_load_be32toh(&in[0 * 4]) ^ rk[0]; + s1 = crypto_load_be32toh(&in[1 * 4]) ^ rk[1]; + s2 = crypto_load_be32toh(&in[2 * 4]) ^ rk[2]; + s3 = crypto_load_be32toh(&in[3 * 4]) ^ rk[3]; #ifdef FULL_UNROLL /* round 1: */ t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4]; @@ -1137,238 +1136,27 @@ AES_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key) (Td4[(t2 >> 8) & 0xff] << 8) ^ (Td4[(t1) & 0xff]) ^ rk[0]; - PUTU32(out, s0); + crypto_store_htobe32(&out[0 * 4], s0); s1 = (((uint32_t)Td4[(t1 >> 24)]) << 24) ^ (Td4[(t0 >> 16) & 0xff] << 16) ^ (Td4[(t3 >> 8) & 0xff] << 8) ^ (Td4[(t2) & 0xff]) ^ rk[1]; - PUTU32(out + 4, s1); + crypto_store_htobe32(&out[1 * 4], s1); s2 = (((uint32_t)Td4[(t2 >> 24)]) << 24) ^ (Td4[(t1 >> 16) & 0xff] << 16) ^ (Td4[(t0 >> 8) & 0xff] << 8) ^ (Td4[(t3) & 0xff]) ^ rk[2]; - PUTU32(out + 8, s2); + crypto_store_htobe32(&out[2 * 4], s2); s3 = (((uint32_t)Td4[(t3 >> 24)]) << 24) ^ (Td4[(t2 >> 16) & 0xff] << 16) ^ (Td4[(t1 >> 8) & 0xff] << 8) ^ (Td4[(t0) & 0xff]) ^ rk[3]; - PUTU32(out + 12, s3); + crypto_store_htobe32(&out[3 * 4], s3); } - -#else /* AES_ASM */ - -static const u8 Te4[256] = { - 0x63U, 0x7cU, 0x77U, 0x7bU, 0xf2U, 0x6bU, 0x6fU, 0xc5U, - 0x30U, 0x01U, 0x67U, 0x2bU, 0xfeU, 0xd7U, 0xabU, 0x76U, - 0xcaU, 0x82U, 0xc9U, 0x7dU, 0xfaU, 0x59U, 0x47U, 0xf0U, - 0xadU, 0xd4U, 0xa2U, 0xafU, 0x9cU, 0xa4U, 0x72U, 0xc0U, - 0xb7U, 0xfdU, 0x93U, 0x26U, 0x36U, 0x3fU, 0xf7U, 0xccU, - 0x34U, 0xa5U, 0xe5U, 0xf1U, 0x71U, 0xd8U, 0x31U, 0x15U, - 0x04U, 0xc7U, 0x23U, 0xc3U, 0x18U, 0x96U, 0x05U, 0x9aU, - 0x07U, 0x12U, 0x80U, 0xe2U, 0xebU, 0x27U, 0xb2U, 0x75U, - 0x09U, 0x83U, 0x2cU, 0x1aU, 0x1bU, 0x6eU, 0x5aU, 0xa0U, - 0x52U, 0x3bU, 0xd6U, 0xb3U, 0x29U, 0xe3U, 0x2fU, 0x84U, - 0x53U, 0xd1U, 0x00U, 0xedU, 0x20U, 0xfcU, 0xb1U, 0x5bU, - 0x6aU, 0xcbU, 0xbeU, 0x39U, 0x4aU, 0x4cU, 0x58U, 0xcfU, - 0xd0U, 0xefU, 0xaaU, 0xfbU, 0x43U, 0x4dU, 0x33U, 0x85U, - 0x45U, 0xf9U, 0x02U, 0x7fU, 0x50U, 0x3cU, 0x9fU, 0xa8U, - 0x51U, 0xa3U, 0x40U, 0x8fU, 0x92U, 0x9dU, 0x38U, 0xf5U, - 0xbcU, 0xb6U, 0xdaU, 0x21U, 0x10U, 0xffU, 0xf3U, 0xd2U, - 0xcdU, 0x0cU, 0x13U, 0xecU, 0x5fU, 0x97U, 0x44U, 0x17U, - 0xc4U, 0xa7U, 0x7eU, 0x3dU, 0x64U, 0x5dU, 0x19U, 0x73U, - 0x60U, 0x81U, 0x4fU, 0xdcU, 0x22U, 0x2aU, 0x90U, 0x88U, - 0x46U, 0xeeU, 0xb8U, 0x14U, 0xdeU, 0x5eU, 0x0bU, 0xdbU, - 0xe0U, 0x32U, 0x3aU, 0x0aU, 0x49U, 0x06U, 0x24U, 0x5cU, - 0xc2U, 0xd3U, 0xacU, 0x62U, 0x91U, 0x95U, 0xe4U, 0x79U, - 0xe7U, 0xc8U, 0x37U, 0x6dU, 0x8dU, 0xd5U, 0x4eU, 0xa9U, - 0x6cU, 0x56U, 0xf4U, 0xeaU, 0x65U, 0x7aU, 0xaeU, 0x08U, - 0xbaU, 0x78U, 0x25U, 0x2eU, 0x1cU, 0xa6U, 0xb4U, 0xc6U, - 0xe8U, 0xddU, 0x74U, 0x1fU, 0x4bU, 0xbdU, 0x8bU, 0x8aU, - 0x70U, 0x3eU, 0xb5U, 0x66U, 0x48U, 0x03U, 0xf6U, 0x0eU, - 0x61U, 0x35U, 0x57U, 0xb9U, 0x86U, 0xc1U, 0x1dU, 0x9eU, - 0xe1U, 0xf8U, 0x98U, 0x11U, 0x69U, 0xd9U, 0x8eU, 0x94U, - 0x9bU, 0x1eU, 0x87U, 0xe9U, 0xceU, 0x55U, 0x28U, 0xdfU, - 0x8cU, 0xa1U, 0x89U, 0x0dU, 0xbfU, 0xe6U, 0x42U, 0x68U, - 0x41U, 0x99U, 0x2dU, 0x0fU, 0xb0U, 0x54U, 0xbbU, 0x16U -}; -static const u32 rcon[] = { - 0x01000000, 0x02000000, 0x04000000, 0x08000000, - 0x10000000, 0x20000000, 0x40000000, 0x80000000, - 0x1B000000, 0x36000000, - /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ -}; - -/** - * Expand the cipher key into the encryption key schedule. - */ -int -AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) -{ - u32 *rk; - int i = 0; - u32 temp; - - if (!userKey || !key) - return -1; - if (bits != 128 && bits != 192 && bits != 256) - return -2; - - rk = key->rd_key; - - if (bits == 128) - key->rounds = 10; - else if (bits == 192) - key->rounds = 12; - else - key->rounds = 14; - - rk[0] = GETU32(userKey); - rk[1] = GETU32(userKey + 4); - rk[2] = GETU32(userKey + 8); - rk[3] = GETU32(userKey + 12); - if (bits == 128) { - while (1) { - temp = rk[3]; - rk[4] = rk[0] ^ - (Te4[(temp >> 16) & 0xff] << 24) ^ - (Te4[(temp >> 8) & 0xff] << 16) ^ - (Te4[(temp) & 0xff] << 8) ^ - (Te4[(temp >> 24)]) ^ - rcon[i]; - rk[5] = rk[1] ^ rk[4]; - rk[6] = rk[2] ^ rk[5]; - rk[7] = rk[3] ^ rk[6]; - if (++i == 10) { - return 0; - } - rk += 4; - } - } - rk[4] = GETU32(userKey + 16); - rk[5] = GETU32(userKey + 20); - if (bits == 192) { - while (1) { - temp = rk[5]; - rk[6] = rk[0] ^ - (Te4[(temp >> 16) & 0xff] << 24) ^ - (Te4[(temp >> 8) & 0xff] << 16) ^ - (Te4[(temp) & 0xff] << 8) ^ - (Te4[(temp >> 24)]) ^ - rcon[i]; - rk[7] = rk[1] ^ rk[6]; - rk[8] = rk[2] ^ rk[7]; - rk[9] = rk[3] ^ rk[8]; - if (++i == 8) { - return 0; - } - rk[10] = rk[4] ^ rk[9]; - rk[11] = rk[5] ^ rk[10]; - rk += 6; - } - } - rk[6] = GETU32(userKey + 24); - rk[7] = GETU32(userKey + 28); - if (bits == 256) { - while (1) { - temp = rk[7]; - rk[8] = rk[0] ^ - (Te4[(temp >> 16) & 0xff] << 24) ^ - (Te4[(temp >> 8) & 0xff] << 16) ^ - (Te4[(temp) & 0xff] << 8) ^ - (Te4[(temp >> 24)]) ^ - rcon[i]; - rk[9] = rk[1] ^ rk[8]; - rk[10] = rk[2] ^ rk[9]; - rk[11] = rk[3] ^ rk[10]; - if (++i == 7) { - return 0; - } - temp = rk[11]; - rk[12] = rk[4] ^ - (Te4[(temp >> 24)] << 24) ^ - (Te4[(temp >> 16) & 0xff] << 16) ^ - (Te4[(temp >> 8) & 0xff] << 8) ^ - (Te4[(temp) & 0xff]); - rk[13] = rk[5] ^ rk[12]; - rk[14] = rk[6] ^ rk[13]; - rk[15] = rk[7] ^ rk[14]; - - rk += 8; - } - } - return 0; -} - -/** - * Expand the cipher key into the decryption key schedule. - */ -int -AES_set_decrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) -{ - u32 *rk; - int i, j, status; - u32 temp; - - /* first, start with an encryption schedule */ - status = AES_set_encrypt_key(userKey, bits, key); - if (status < 0) - return status; - - rk = key->rd_key; - - /* invert the order of the round keys: */ - for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) { - temp = rk[i]; - rk[i] = rk[j]; - rk[j] = temp; - temp = rk[i + 1]; - rk[i + 1] = rk[j + 1]; - rk[j + 1] = temp; - temp = rk[i + 2]; - rk[i + 2] = rk[j + 2]; - rk[j + 2] = temp; - temp = rk[i + 3]; - rk[i + 3] = rk[j + 3]; - rk[j + 3] = temp; - } - /* apply the inverse MixColumn transform to all round keys but the first and the last: */ - for (i = 1; i < (key->rounds); i++) { - rk += 4; - for (j = 0; j < 4; j++) { - u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m; - - tp1 = rk[j]; - m = tp1 & 0x80808080; - tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - m = tp2 & 0x80808080; - tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - m = tp4 & 0x80808080; - tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - tp9 = tp8 ^ tp1; - tpb = tp9 ^ tp2; - tpd = tp9 ^ tp4; - tpe = tp8 ^ tp4 ^ tp2; -#if defined(ROTATE) - rk[j] = tpe ^ ROTATE(tpd, 16) ^ - ROTATE(tp9, 24) ^ ROTATE(tpb, 8); -#else - rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ - (tp9 >> 8) ^ (tp9 << 24) ^ - (tpb >> 24) ^ (tpb << 8); -#endif - } - } - return 0; -} - #endif /* AES_ASM */ diff --git a/lib/libcrypto/aes/aes_local.h b/lib/libcrypto/aes/aes_local.h index 6366b17bd..45edbae9e 100644 --- a/lib/libcrypto/aes/aes_local.h +++ b/lib/libcrypto/aes/aes_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: aes_local.h,v 1.2 2022/11/26 17:23:17 tb Exp $ */ +/* $OpenBSD: aes_local.h,v 1.3 2024/03/27 11:15:44 jsing Exp $ */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * @@ -64,9 +64,6 @@ __BEGIN_HIDDEN_DECLS -#define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3])) -#define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); } - typedef unsigned int u32; typedef unsigned short u16; typedef unsigned char u8; diff --git a/lib/libcrypto/aes/aes_x86core.c b/lib/libcrypto/aes/aes_x86core.c deleted file mode 100644 index f76004e12..000000000 --- a/lib/libcrypto/aes/aes_x86core.c +++ /dev/null @@ -1,1081 +0,0 @@ -/* $OpenBSD: aes_x86core.c,v 1.10 2022/11/26 16:08:50 tb Exp $ */ -/** - * rijndael-alg-fst.c - * - * @version 3.0 (December 2000) - * - * Optimised ANSI C code for the Rijndael cipher (now AES) - * - * @author Vincent Rijmen - * @author Antoon Bosselaers - * @author Paulo Barreto - * - * This code is hereby placed in the public domain. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS - * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE - * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, - * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * This is experimental x86[_64] derivative. It assumes little-endian - * byte order and expects CPU to sustain unaligned memory references. - * It is used as playground for cache-time attack mitigations and - * serves as reference C implementation for x86[_64] assembler. - * - * - */ - - -#ifndef AES_DEBUG -# ifndef NDEBUG -# define NDEBUG -# endif -#endif - -#include -#include -#include "aes_local.h" - -/* - * These two parameters control which table, 256-byte or 2KB, is - * referenced in outer and respectively inner rounds. - */ -#define AES_COMPACT_IN_OUTER_ROUNDS -#ifdef AES_COMPACT_IN_OUTER_ROUNDS -/* AES_COMPACT_IN_OUTER_ROUNDS costs ~30% in performance, while - * adding AES_COMPACT_IN_INNER_ROUNDS reduces benchmark *further* - * by factor of ~2. */ -# undef AES_COMPACT_IN_INNER_ROUNDS -#endif - -#if 1 -static void -prefetch256(const void *table) -{ - volatile unsigned long *t = (void *)table, ret; - unsigned long sum; - int i; - - /* 32 is common least cache-line size */ - for (sum = 0, i = 0; i < 256/sizeof(t[0]); i += 32 / sizeof(t[0])) - sum ^= t[i]; - - ret = sum; -} -#else -# define prefetch256(t) -#endif - -#undef GETU32 -#define GETU32(p) (*((u32*)(p))) - -#if defined(_LP64) -typedef unsigned long u64; -#define U64(C) C##UL -#else -typedef unsigned long long u64; -#define U64(C) C##ULL -#endif - -#undef ROTATE -#if defined(__GNUC__) && __GNUC__>=2 -# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) -# define ROTATE(a,n) ({ unsigned int ret; \ - asm ( \ - "roll %1,%0" \ - : "=r"(ret) \ - : "I"(n), "0"(a) \ - : "cc"); \ - ret; \ - }) -# endif -#endif -/* -Te [x] = S [x].[02, 01, 01, 03, 02, 01, 01, 03]; -Te0[x] = S [x].[02, 01, 01, 03]; -Te1[x] = S [x].[03, 02, 01, 01]; -Te2[x] = S [x].[01, 03, 02, 01]; -Te3[x] = S [x].[01, 01, 03, 02]; -*/ -#define Te0 (u32)((u64*)((u8*)Te+0)) -#define Te1 (u32)((u64*)((u8*)Te+3)) -#define Te2 (u32)((u64*)((u8*)Te+2)) -#define Te3 (u32)((u64*)((u8*)Te+1)) -/* -Td [x] = Si[x].[0e, 09, 0d, 0b, 0e, 09, 0d, 0b]; -Td0[x] = Si[x].[0e, 09, 0d, 0b]; -Td1[x] = Si[x].[0b, 0e, 09, 0d]; -Td2[x] = Si[x].[0d, 0b, 0e, 09]; -Td3[x] = Si[x].[09, 0d, 0b, 0e]; -Td4[x] = Si[x].[01]; -*/ -#define Td0 (u32)((u64*)((u8*)Td+0)) -#define Td1 (u32)((u64*)((u8*)Td+3)) -#define Td2 (u32)((u64*)((u8*)Td+2)) -#define Td3 (u32)((u64*)((u8*)Td+1)) - -static const u64 Te[256] = { - U64(0xa56363c6a56363c6), U64(0x847c7cf8847c7cf8), - U64(0x997777ee997777ee), U64(0x8d7b7bf68d7b7bf6), - U64(0x0df2f2ff0df2f2ff), U64(0xbd6b6bd6bd6b6bd6), - U64(0xb16f6fdeb16f6fde), U64(0x54c5c59154c5c591), - U64(0x5030306050303060), U64(0x0301010203010102), - U64(0xa96767cea96767ce), U64(0x7d2b2b567d2b2b56), - U64(0x19fefee719fefee7), U64(0x62d7d7b562d7d7b5), - U64(0xe6abab4de6abab4d), U64(0x9a7676ec9a7676ec), - U64(0x45caca8f45caca8f), U64(0x9d82821f9d82821f), - U64(0x40c9c98940c9c989), U64(0x877d7dfa877d7dfa), - U64(0x15fafaef15fafaef), U64(0xeb5959b2eb5959b2), - U64(0xc947478ec947478e), U64(0x0bf0f0fb0bf0f0fb), - U64(0xecadad41ecadad41), U64(0x67d4d4b367d4d4b3), - U64(0xfda2a25ffda2a25f), U64(0xeaafaf45eaafaf45), - U64(0xbf9c9c23bf9c9c23), U64(0xf7a4a453f7a4a453), - U64(0x967272e4967272e4), U64(0x5bc0c09b5bc0c09b), - U64(0xc2b7b775c2b7b775), U64(0x1cfdfde11cfdfde1), - U64(0xae93933dae93933d), U64(0x6a26264c6a26264c), - U64(0x5a36366c5a36366c), U64(0x413f3f7e413f3f7e), - U64(0x02f7f7f502f7f7f5), U64(0x4fcccc834fcccc83), - U64(0x5c3434685c343468), U64(0xf4a5a551f4a5a551), - U64(0x34e5e5d134e5e5d1), U64(0x08f1f1f908f1f1f9), - U64(0x937171e2937171e2), U64(0x73d8d8ab73d8d8ab), - U64(0x5331316253313162), U64(0x3f15152a3f15152a), - U64(0x0c0404080c040408), U64(0x52c7c79552c7c795), - U64(0x6523234665232346), U64(0x5ec3c39d5ec3c39d), - U64(0x2818183028181830), U64(0xa1969637a1969637), - U64(0x0f05050a0f05050a), U64(0xb59a9a2fb59a9a2f), - U64(0x0907070e0907070e), U64(0x3612122436121224), - U64(0x9b80801b9b80801b), U64(0x3de2e2df3de2e2df), - U64(0x26ebebcd26ebebcd), U64(0x6927274e6927274e), - U64(0xcdb2b27fcdb2b27f), U64(0x9f7575ea9f7575ea), - U64(0x1b0909121b090912), U64(0x9e83831d9e83831d), - U64(0x742c2c58742c2c58), U64(0x2e1a1a342e1a1a34), - U64(0x2d1b1b362d1b1b36), U64(0xb26e6edcb26e6edc), - U64(0xee5a5ab4ee5a5ab4), U64(0xfba0a05bfba0a05b), - U64(0xf65252a4f65252a4), U64(0x4d3b3b764d3b3b76), - U64(0x61d6d6b761d6d6b7), U64(0xceb3b37dceb3b37d), - U64(0x7b2929527b292952), U64(0x3ee3e3dd3ee3e3dd), - U64(0x712f2f5e712f2f5e), U64(0x9784841397848413), - U64(0xf55353a6f55353a6), U64(0x68d1d1b968d1d1b9), - U64(0x0000000000000000), U64(0x2cededc12cededc1), - U64(0x6020204060202040), U64(0x1ffcfce31ffcfce3), - U64(0xc8b1b179c8b1b179), U64(0xed5b5bb6ed5b5bb6), - U64(0xbe6a6ad4be6a6ad4), U64(0x46cbcb8d46cbcb8d), - U64(0xd9bebe67d9bebe67), U64(0x4b3939724b393972), - U64(0xde4a4a94de4a4a94), U64(0xd44c4c98d44c4c98), - U64(0xe85858b0e85858b0), U64(0x4acfcf854acfcf85), - U64(0x6bd0d0bb6bd0d0bb), U64(0x2aefefc52aefefc5), - U64(0xe5aaaa4fe5aaaa4f), U64(0x16fbfbed16fbfbed), - U64(0xc5434386c5434386), U64(0xd74d4d9ad74d4d9a), - U64(0x5533336655333366), U64(0x9485851194858511), - U64(0xcf45458acf45458a), U64(0x10f9f9e910f9f9e9), - U64(0x0602020406020204), U64(0x817f7ffe817f7ffe), - U64(0xf05050a0f05050a0), U64(0x443c3c78443c3c78), - U64(0xba9f9f25ba9f9f25), U64(0xe3a8a84be3a8a84b), - U64(0xf35151a2f35151a2), U64(0xfea3a35dfea3a35d), - U64(0xc0404080c0404080), U64(0x8a8f8f058a8f8f05), - U64(0xad92923fad92923f), U64(0xbc9d9d21bc9d9d21), - U64(0x4838387048383870), U64(0x04f5f5f104f5f5f1), - U64(0xdfbcbc63dfbcbc63), U64(0xc1b6b677c1b6b677), - U64(0x75dadaaf75dadaaf), U64(0x6321214263212142), - U64(0x3010102030101020), U64(0x1affffe51affffe5), - U64(0x0ef3f3fd0ef3f3fd), U64(0x6dd2d2bf6dd2d2bf), - U64(0x4ccdcd814ccdcd81), U64(0x140c0c18140c0c18), - U64(0x3513132635131326), U64(0x2fececc32fececc3), - U64(0xe15f5fbee15f5fbe), U64(0xa2979735a2979735), - U64(0xcc444488cc444488), U64(0x3917172e3917172e), - U64(0x57c4c49357c4c493), U64(0xf2a7a755f2a7a755), - U64(0x827e7efc827e7efc), U64(0x473d3d7a473d3d7a), - U64(0xac6464c8ac6464c8), U64(0xe75d5dbae75d5dba), - U64(0x2b1919322b191932), U64(0x957373e6957373e6), - U64(0xa06060c0a06060c0), U64(0x9881811998818119), - U64(0xd14f4f9ed14f4f9e), U64(0x7fdcdca37fdcdca3), - U64(0x6622224466222244), U64(0x7e2a2a547e2a2a54), - U64(0xab90903bab90903b), U64(0x8388880b8388880b), - U64(0xca46468cca46468c), U64(0x29eeeec729eeeec7), - U64(0xd3b8b86bd3b8b86b), U64(0x3c1414283c141428), - U64(0x79dedea779dedea7), U64(0xe25e5ebce25e5ebc), - U64(0x1d0b0b161d0b0b16), U64(0x76dbdbad76dbdbad), - U64(0x3be0e0db3be0e0db), U64(0x5632326456323264), - U64(0x4e3a3a744e3a3a74), U64(0x1e0a0a141e0a0a14), - U64(0xdb494992db494992), U64(0x0a06060c0a06060c), - U64(0x6c2424486c242448), U64(0xe45c5cb8e45c5cb8), - U64(0x5dc2c29f5dc2c29f), U64(0x6ed3d3bd6ed3d3bd), - U64(0xefacac43efacac43), U64(0xa66262c4a66262c4), - U64(0xa8919139a8919139), U64(0xa4959531a4959531), - U64(0x37e4e4d337e4e4d3), U64(0x8b7979f28b7979f2), - U64(0x32e7e7d532e7e7d5), U64(0x43c8c88b43c8c88b), - U64(0x5937376e5937376e), U64(0xb76d6ddab76d6dda), - U64(0x8c8d8d018c8d8d01), U64(0x64d5d5b164d5d5b1), - U64(0xd24e4e9cd24e4e9c), U64(0xe0a9a949e0a9a949), - U64(0xb46c6cd8b46c6cd8), U64(0xfa5656acfa5656ac), - U64(0x07f4f4f307f4f4f3), U64(0x25eaeacf25eaeacf), - U64(0xaf6565caaf6565ca), U64(0x8e7a7af48e7a7af4), - U64(0xe9aeae47e9aeae47), U64(0x1808081018080810), - U64(0xd5baba6fd5baba6f), U64(0x887878f0887878f0), - U64(0x6f25254a6f25254a), U64(0x722e2e5c722e2e5c), - U64(0x241c1c38241c1c38), U64(0xf1a6a657f1a6a657), - U64(0xc7b4b473c7b4b473), U64(0x51c6c69751c6c697), - U64(0x23e8e8cb23e8e8cb), U64(0x7cdddda17cdddda1), - U64(0x9c7474e89c7474e8), U64(0x211f1f3e211f1f3e), - U64(0xdd4b4b96dd4b4b96), U64(0xdcbdbd61dcbdbd61), - U64(0x868b8b0d868b8b0d), U64(0x858a8a0f858a8a0f), - U64(0x907070e0907070e0), U64(0x423e3e7c423e3e7c), - U64(0xc4b5b571c4b5b571), U64(0xaa6666ccaa6666cc), - U64(0xd8484890d8484890), U64(0x0503030605030306), - U64(0x01f6f6f701f6f6f7), U64(0x120e0e1c120e0e1c), - U64(0xa36161c2a36161c2), U64(0x5f35356a5f35356a), - U64(0xf95757aef95757ae), U64(0xd0b9b969d0b9b969), - U64(0x9186861791868617), U64(0x58c1c19958c1c199), - U64(0x271d1d3a271d1d3a), U64(0xb99e9e27b99e9e27), - U64(0x38e1e1d938e1e1d9), U64(0x13f8f8eb13f8f8eb), - U64(0xb398982bb398982b), U64(0x3311112233111122), - U64(0xbb6969d2bb6969d2), U64(0x70d9d9a970d9d9a9), - U64(0x898e8e07898e8e07), U64(0xa7949433a7949433), - U64(0xb69b9b2db69b9b2d), U64(0x221e1e3c221e1e3c), - U64(0x9287871592878715), U64(0x20e9e9c920e9e9c9), - U64(0x49cece8749cece87), U64(0xff5555aaff5555aa), - U64(0x7828285078282850), U64(0x7adfdfa57adfdfa5), - U64(0x8f8c8c038f8c8c03), U64(0xf8a1a159f8a1a159), - U64(0x8089890980898909), U64(0x170d0d1a170d0d1a), - U64(0xdabfbf65dabfbf65), U64(0x31e6e6d731e6e6d7), - U64(0xc6424284c6424284), U64(0xb86868d0b86868d0), - U64(0xc3414182c3414182), U64(0xb0999929b0999929), - U64(0x772d2d5a772d2d5a), U64(0x110f0f1e110f0f1e), - U64(0xcbb0b07bcbb0b07b), U64(0xfc5454a8fc5454a8), - U64(0xd6bbbb6dd6bbbb6d), U64(0x3a16162c3a16162c) -}; - -static const u8 Te4[256] = { - 0x63U, 0x7cU, 0x77U, 0x7bU, 0xf2U, 0x6bU, 0x6fU, 0xc5U, - 0x30U, 0x01U, 0x67U, 0x2bU, 0xfeU, 0xd7U, 0xabU, 0x76U, - 0xcaU, 0x82U, 0xc9U, 0x7dU, 0xfaU, 0x59U, 0x47U, 0xf0U, - 0xadU, 0xd4U, 0xa2U, 0xafU, 0x9cU, 0xa4U, 0x72U, 0xc0U, - 0xb7U, 0xfdU, 0x93U, 0x26U, 0x36U, 0x3fU, 0xf7U, 0xccU, - 0x34U, 0xa5U, 0xe5U, 0xf1U, 0x71U, 0xd8U, 0x31U, 0x15U, - 0x04U, 0xc7U, 0x23U, 0xc3U, 0x18U, 0x96U, 0x05U, 0x9aU, - 0x07U, 0x12U, 0x80U, 0xe2U, 0xebU, 0x27U, 0xb2U, 0x75U, - 0x09U, 0x83U, 0x2cU, 0x1aU, 0x1bU, 0x6eU, 0x5aU, 0xa0U, - 0x52U, 0x3bU, 0xd6U, 0xb3U, 0x29U, 0xe3U, 0x2fU, 0x84U, - 0x53U, 0xd1U, 0x00U, 0xedU, 0x20U, 0xfcU, 0xb1U, 0x5bU, - 0x6aU, 0xcbU, 0xbeU, 0x39U, 0x4aU, 0x4cU, 0x58U, 0xcfU, - 0xd0U, 0xefU, 0xaaU, 0xfbU, 0x43U, 0x4dU, 0x33U, 0x85U, - 0x45U, 0xf9U, 0x02U, 0x7fU, 0x50U, 0x3cU, 0x9fU, 0xa8U, - 0x51U, 0xa3U, 0x40U, 0x8fU, 0x92U, 0x9dU, 0x38U, 0xf5U, - 0xbcU, 0xb6U, 0xdaU, 0x21U, 0x10U, 0xffU, 0xf3U, 0xd2U, - 0xcdU, 0x0cU, 0x13U, 0xecU, 0x5fU, 0x97U, 0x44U, 0x17U, - 0xc4U, 0xa7U, 0x7eU, 0x3dU, 0x64U, 0x5dU, 0x19U, 0x73U, - 0x60U, 0x81U, 0x4fU, 0xdcU, 0x22U, 0x2aU, 0x90U, 0x88U, - 0x46U, 0xeeU, 0xb8U, 0x14U, 0xdeU, 0x5eU, 0x0bU, 0xdbU, - 0xe0U, 0x32U, 0x3aU, 0x0aU, 0x49U, 0x06U, 0x24U, 0x5cU, - 0xc2U, 0xd3U, 0xacU, 0x62U, 0x91U, 0x95U, 0xe4U, 0x79U, - 0xe7U, 0xc8U, 0x37U, 0x6dU, 0x8dU, 0xd5U, 0x4eU, 0xa9U, - 0x6cU, 0x56U, 0xf4U, 0xeaU, 0x65U, 0x7aU, 0xaeU, 0x08U, - 0xbaU, 0x78U, 0x25U, 0x2eU, 0x1cU, 0xa6U, 0xb4U, 0xc6U, - 0xe8U, 0xddU, 0x74U, 0x1fU, 0x4bU, 0xbdU, 0x8bU, 0x8aU, - 0x70U, 0x3eU, 0xb5U, 0x66U, 0x48U, 0x03U, 0xf6U, 0x0eU, - 0x61U, 0x35U, 0x57U, 0xb9U, 0x86U, 0xc1U, 0x1dU, 0x9eU, - 0xe1U, 0xf8U, 0x98U, 0x11U, 0x69U, 0xd9U, 0x8eU, 0x94U, - 0x9bU, 0x1eU, 0x87U, 0xe9U, 0xceU, 0x55U, 0x28U, 0xdfU, - 0x8cU, 0xa1U, 0x89U, 0x0dU, 0xbfU, 0xe6U, 0x42U, 0x68U, - 0x41U, 0x99U, 0x2dU, 0x0fU, 0xb0U, 0x54U, 0xbbU, 0x16U -}; - -static const u64 Td[256] = { - U64(0x50a7f45150a7f451), U64(0x5365417e5365417e), - U64(0xc3a4171ac3a4171a), U64(0x965e273a965e273a), - U64(0xcb6bab3bcb6bab3b), U64(0xf1459d1ff1459d1f), - U64(0xab58faacab58faac), U64(0x9303e34b9303e34b), - U64(0x55fa302055fa3020), U64(0xf66d76adf66d76ad), - U64(0x9176cc889176cc88), U64(0x254c02f5254c02f5), - U64(0xfcd7e54ffcd7e54f), U64(0xd7cb2ac5d7cb2ac5), - U64(0x8044352680443526), U64(0x8fa362b58fa362b5), - U64(0x495ab1de495ab1de), U64(0x671bba25671bba25), - U64(0x980eea45980eea45), U64(0xe1c0fe5de1c0fe5d), - U64(0x02752fc302752fc3), U64(0x12f04c8112f04c81), - U64(0xa397468da397468d), U64(0xc6f9d36bc6f9d36b), - U64(0xe75f8f03e75f8f03), U64(0x959c9215959c9215), - U64(0xeb7a6dbfeb7a6dbf), U64(0xda595295da595295), - U64(0x2d83bed42d83bed4), U64(0xd3217458d3217458), - U64(0x2969e0492969e049), U64(0x44c8c98e44c8c98e), - U64(0x6a89c2756a89c275), U64(0x78798ef478798ef4), - U64(0x6b3e58996b3e5899), U64(0xdd71b927dd71b927), - U64(0xb64fe1beb64fe1be), U64(0x17ad88f017ad88f0), - U64(0x66ac20c966ac20c9), U64(0xb43ace7db43ace7d), - U64(0x184adf63184adf63), U64(0x82311ae582311ae5), - U64(0x6033519760335197), U64(0x457f5362457f5362), - U64(0xe07764b1e07764b1), U64(0x84ae6bbb84ae6bbb), - U64(0x1ca081fe1ca081fe), U64(0x942b08f9942b08f9), - U64(0x5868487058684870), U64(0x19fd458f19fd458f), - U64(0x876cde94876cde94), U64(0xb7f87b52b7f87b52), - U64(0x23d373ab23d373ab), U64(0xe2024b72e2024b72), - U64(0x578f1fe3578f1fe3), U64(0x2aab55662aab5566), - U64(0x0728ebb20728ebb2), U64(0x03c2b52f03c2b52f), - U64(0x9a7bc5869a7bc586), U64(0xa50837d3a50837d3), - U64(0xf2872830f2872830), U64(0xb2a5bf23b2a5bf23), - U64(0xba6a0302ba6a0302), U64(0x5c8216ed5c8216ed), - U64(0x2b1ccf8a2b1ccf8a), U64(0x92b479a792b479a7), - U64(0xf0f207f3f0f207f3), U64(0xa1e2694ea1e2694e), - U64(0xcdf4da65cdf4da65), U64(0xd5be0506d5be0506), - U64(0x1f6234d11f6234d1), U64(0x8afea6c48afea6c4), - U64(0x9d532e349d532e34), U64(0xa055f3a2a055f3a2), - U64(0x32e18a0532e18a05), U64(0x75ebf6a475ebf6a4), - U64(0x39ec830b39ec830b), U64(0xaaef6040aaef6040), - U64(0x069f715e069f715e), U64(0x51106ebd51106ebd), - U64(0xf98a213ef98a213e), U64(0x3d06dd963d06dd96), - U64(0xae053eddae053edd), U64(0x46bde64d46bde64d), - U64(0xb58d5491b58d5491), U64(0x055dc471055dc471), - U64(0x6fd406046fd40604), U64(0xff155060ff155060), - U64(0x24fb981924fb9819), U64(0x97e9bdd697e9bdd6), - U64(0xcc434089cc434089), U64(0x779ed967779ed967), - U64(0xbd42e8b0bd42e8b0), U64(0x888b8907888b8907), - U64(0x385b19e7385b19e7), U64(0xdbeec879dbeec879), - U64(0x470a7ca1470a7ca1), U64(0xe90f427ce90f427c), - U64(0xc91e84f8c91e84f8), U64(0x0000000000000000), - U64(0x8386800983868009), U64(0x48ed2b3248ed2b32), - U64(0xac70111eac70111e), U64(0x4e725a6c4e725a6c), - U64(0xfbff0efdfbff0efd), U64(0x5638850f5638850f), - U64(0x1ed5ae3d1ed5ae3d), U64(0x27392d3627392d36), - U64(0x64d90f0a64d90f0a), U64(0x21a65c6821a65c68), - U64(0xd1545b9bd1545b9b), U64(0x3a2e36243a2e3624), - U64(0xb1670a0cb1670a0c), U64(0x0fe757930fe75793), - U64(0xd296eeb4d296eeb4), U64(0x9e919b1b9e919b1b), - U64(0x4fc5c0804fc5c080), U64(0xa220dc61a220dc61), - U64(0x694b775a694b775a), U64(0x161a121c161a121c), - U64(0x0aba93e20aba93e2), U64(0xe52aa0c0e52aa0c0), - U64(0x43e0223c43e0223c), U64(0x1d171b121d171b12), - U64(0x0b0d090e0b0d090e), U64(0xadc78bf2adc78bf2), - U64(0xb9a8b62db9a8b62d), U64(0xc8a91e14c8a91e14), - U64(0x8519f1578519f157), U64(0x4c0775af4c0775af), - U64(0xbbdd99eebbdd99ee), U64(0xfd607fa3fd607fa3), - U64(0x9f2601f79f2601f7), U64(0xbcf5725cbcf5725c), - U64(0xc53b6644c53b6644), U64(0x347efb5b347efb5b), - U64(0x7629438b7629438b), U64(0xdcc623cbdcc623cb), - U64(0x68fcedb668fcedb6), U64(0x63f1e4b863f1e4b8), - U64(0xcadc31d7cadc31d7), U64(0x1085634210856342), - U64(0x4022971340229713), U64(0x2011c6842011c684), - U64(0x7d244a857d244a85), U64(0xf83dbbd2f83dbbd2), - U64(0x1132f9ae1132f9ae), U64(0x6da129c76da129c7), - U64(0x4b2f9e1d4b2f9e1d), U64(0xf330b2dcf330b2dc), - U64(0xec52860dec52860d), U64(0xd0e3c177d0e3c177), - U64(0x6c16b32b6c16b32b), U64(0x99b970a999b970a9), - U64(0xfa489411fa489411), U64(0x2264e9472264e947), - U64(0xc48cfca8c48cfca8), U64(0x1a3ff0a01a3ff0a0), - U64(0xd82c7d56d82c7d56), U64(0xef903322ef903322), - U64(0xc74e4987c74e4987), U64(0xc1d138d9c1d138d9), - U64(0xfea2ca8cfea2ca8c), U64(0x360bd498360bd498), - U64(0xcf81f5a6cf81f5a6), U64(0x28de7aa528de7aa5), - U64(0x268eb7da268eb7da), U64(0xa4bfad3fa4bfad3f), - U64(0xe49d3a2ce49d3a2c), U64(0x0d9278500d927850), - U64(0x9bcc5f6a9bcc5f6a), U64(0x62467e5462467e54), - U64(0xc2138df6c2138df6), U64(0xe8b8d890e8b8d890), - U64(0x5ef7392e5ef7392e), U64(0xf5afc382f5afc382), - U64(0xbe805d9fbe805d9f), U64(0x7c93d0697c93d069), - U64(0xa92dd56fa92dd56f), U64(0xb31225cfb31225cf), - U64(0x3b99acc83b99acc8), U64(0xa77d1810a77d1810), - U64(0x6e639ce86e639ce8), U64(0x7bbb3bdb7bbb3bdb), - U64(0x097826cd097826cd), U64(0xf418596ef418596e), - U64(0x01b79aec01b79aec), U64(0xa89a4f83a89a4f83), - U64(0x656e95e6656e95e6), U64(0x7ee6ffaa7ee6ffaa), - U64(0x08cfbc2108cfbc21), U64(0xe6e815efe6e815ef), - U64(0xd99be7bad99be7ba), U64(0xce366f4ace366f4a), - U64(0xd4099fead4099fea), U64(0xd67cb029d67cb029), - U64(0xafb2a431afb2a431), U64(0x31233f2a31233f2a), - U64(0x3094a5c63094a5c6), U64(0xc066a235c066a235), - U64(0x37bc4e7437bc4e74), U64(0xa6ca82fca6ca82fc), - U64(0xb0d090e0b0d090e0), U64(0x15d8a73315d8a733), - U64(0x4a9804f14a9804f1), U64(0xf7daec41f7daec41), - U64(0x0e50cd7f0e50cd7f), U64(0x2ff691172ff69117), - U64(0x8dd64d768dd64d76), U64(0x4db0ef434db0ef43), - U64(0x544daacc544daacc), U64(0xdf0496e4df0496e4), - U64(0xe3b5d19ee3b5d19e), U64(0x1b886a4c1b886a4c), - U64(0xb81f2cc1b81f2cc1), U64(0x7f5165467f516546), - U64(0x04ea5e9d04ea5e9d), U64(0x5d358c015d358c01), - U64(0x737487fa737487fa), U64(0x2e410bfb2e410bfb), - U64(0x5a1d67b35a1d67b3), U64(0x52d2db9252d2db92), - U64(0x335610e9335610e9), U64(0x1347d66d1347d66d), - U64(0x8c61d79a8c61d79a), U64(0x7a0ca1377a0ca137), - U64(0x8e14f8598e14f859), U64(0x893c13eb893c13eb), - U64(0xee27a9ceee27a9ce), U64(0x35c961b735c961b7), - U64(0xede51ce1ede51ce1), U64(0x3cb1477a3cb1477a), - U64(0x59dfd29c59dfd29c), U64(0x3f73f2553f73f255), - U64(0x79ce141879ce1418), U64(0xbf37c773bf37c773), - U64(0xeacdf753eacdf753), U64(0x5baafd5f5baafd5f), - U64(0x146f3ddf146f3ddf), U64(0x86db447886db4478), - U64(0x81f3afca81f3afca), U64(0x3ec468b93ec468b9), - U64(0x2c3424382c342438), U64(0x5f40a3c25f40a3c2), - U64(0x72c31d1672c31d16), U64(0x0c25e2bc0c25e2bc), - U64(0x8b493c288b493c28), U64(0x41950dff41950dff), - U64(0x7101a8397101a839), U64(0xdeb30c08deb30c08), - U64(0x9ce4b4d89ce4b4d8), U64(0x90c1566490c15664), - U64(0x6184cb7b6184cb7b), U64(0x70b632d570b632d5), - U64(0x745c6c48745c6c48), U64(0x4257b8d04257b8d0) -}; -static const u8 Td4[256] = { - 0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U, - 0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU, - 0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U, - 0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU, - 0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU, - 0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU, - 0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U, - 0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U, - 0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U, - 0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U, - 0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU, - 0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U, - 0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU, - 0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U, - 0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U, - 0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU, - 0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU, - 0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U, - 0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U, - 0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU, - 0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U, - 0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU, - 0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U, - 0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U, - 0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U, - 0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU, - 0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU, - 0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU, - 0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U, - 0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U, - 0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U, - 0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU -}; - -static const u32 rcon[] = { - 0x00000001U, 0x00000002U, 0x00000004U, 0x00000008U, - 0x00000010U, 0x00000020U, 0x00000040U, 0x00000080U, - 0x0000001bU, 0x00000036U, - /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ -}; - -/** - * Expand the cipher key into the encryption key schedule. - */ -int -AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) -{ - u32 *rk; - int i = 0; - u32 temp; - - if (!userKey || !key) - return -1; - if (bits != 128 && bits != 192 && bits != 256) - return -2; - - rk = key->rd_key; - - if (bits == 128) - key->rounds = 10; - else if (bits == 192) - key->rounds = 12; - else - key->rounds = 14; - - rk[0] = GETU32(userKey); - rk[1] = GETU32(userKey + 4); - rk[2] = GETU32(userKey + 8); - rk[3] = GETU32(userKey + 12); - if (bits == 128) { - while (1) { - temp = rk[3]; - rk[4] = rk[0] ^ - (Te4[(temp >> 8) & 0xff]) ^ - (Te4[(temp >> 16) & 0xff] << 8) ^ - (Te4[(temp >> 24)] << 16) ^ - (Te4[(temp) & 0xff] << 24) ^ - rcon[i]; - rk[5] = rk[1] ^ rk[4]; - rk[6] = rk[2] ^ rk[5]; - rk[7] = rk[3] ^ rk[6]; - if (++i == 10) { - return 0; - } - rk += 4; - } - } - rk[4] = GETU32(userKey + 16); - rk[5] = GETU32(userKey + 20); - if (bits == 192) { - while (1) { - temp = rk[5]; - rk[6] = rk[ 0] ^ - (Te4[(temp >> 8) & 0xff]) ^ - (Te4[(temp >> 16) & 0xff] << 8) ^ - (Te4[(temp >> 24)] << 16) ^ - (Te4[(temp) & 0xff] << 24) ^ - rcon[i]; - rk[7] = rk[1] ^ rk[6]; - rk[8] = rk[2] ^ rk[7]; - rk[9] = rk[3] ^ rk[8]; - if (++i == 8) { - return 0; - } - rk[10] = rk[4] ^ rk[9]; - rk[11] = rk[5] ^ rk[10]; - rk += 6; - } - } - rk[6] = GETU32(userKey + 24); - rk[7] = GETU32(userKey + 28); - if (bits == 256) { - while (1) { - temp = rk[7]; - rk[8] = rk[0] ^ - (Te4[(temp >> 8) & 0xff]) ^ - (Te4[(temp >> 16) & 0xff] << 8) ^ - (Te4[(temp >> 24)] << 16) ^ - (Te4[(temp) & 0xff] << 24) ^ - rcon[i]; - rk[9] = rk[1] ^ rk[8]; - rk[10] = rk[2] ^ rk[9]; - rk[11] = rk[3] ^ rk[10]; - if (++i == 7) { - return 0; - } - temp = rk[11]; - rk[12] = rk[4] ^ - (Te4[(temp) & 0xff]) ^ - (Te4[(temp >> 8) & 0xff] << 8) ^ - (Te4[(temp >> 16) & 0xff] << 16) ^ - (Te4[(temp >> 24)] << 24); - rk[13] = rk[5] ^ rk[12]; - rk[14] = rk[6] ^ rk[13]; - rk[15] = rk[7] ^ rk[14]; - - rk += 8; - } - } - return 0; -} - -/** - * Expand the cipher key into the decryption key schedule. - */ -int -AES_set_decrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) -{ - u32 *rk; - int i, j, status; - u32 temp; - - /* first, start with an encryption schedule */ - status = AES_set_encrypt_key(userKey, bits, key); - if (status < 0) - return status; - - rk = key->rd_key; - - /* invert the order of the round keys: */ - for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) { - temp = rk[i]; - rk[i] = rk[j]; - rk[j] = temp; - temp = rk[i + 1]; - rk[i + 1] = rk[j + 1]; - rk[j + 1] = temp; - temp = rk[i + 2]; - rk[i + 2] = rk[j + 2]; - rk[j + 2] = temp; - temp = rk[i + 3]; - rk[i + 3] = rk[j + 3]; - rk[j + 3] = temp; - } - /* apply the inverse MixColumn transform to all round keys but the first and the last: */ - for (i = 1; i < (key->rounds); i++) { - rk += 4; -#if 1 - for (j = 0; j < 4; j++) { - u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m; - - tp1 = rk[j]; - m = tp1 & 0x80808080; - tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - m = tp2 & 0x80808080; - tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - m = tp4 & 0x80808080; - tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - tp9 = tp8 ^ tp1; - tpb = tp9 ^ tp2; - tpd = tp9 ^ tp4; - tpe = tp8 ^ tp4 ^ tp2; -#if defined(ROTATE) - rk[j] = tpe ^ ROTATE(tpd, 16) ^ - ROTATE(tp9, 8) ^ ROTATE(tpb, 24); -#else - rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ - (tp9 >> 24) ^ (tp9 << 8) ^ - (tpb >> 8) ^ (tpb << 24); -#endif - } -#else - rk[0] = - Td0[Te2[(rk[0]) & 0xff] & 0xff] ^ - Td1[Te2[(rk[0] >> 8) & 0xff] & 0xff] ^ - Td2[Te2[(rk[0] >> 16) & 0xff] & 0xff] ^ - Td3[Te2[(rk[0] >> 24)] & 0xff]; - rk[1] = - Td0[Te2[(rk[1]) & 0xff] & 0xff] ^ - Td1[Te2[(rk[1] >> 8) & 0xff] & 0xff] ^ - Td2[Te2[(rk[1] >> 16) & 0xff] & 0xff] ^ - Td3[Te2[(rk[1] >> 24)] & 0xff]; - rk[2] = - Td0[Te2[(rk[2]) & 0xff] & 0xff] ^ - Td1[Te2[(rk[2] >> 8) & 0xff] & 0xff] ^ - Td2[Te2[(rk[2] >> 16) & 0xff] & 0xff] ^ - Td3[Te2[(rk[2] >> 24)] & 0xff]; - rk[3] = - Td0[Te2[(rk[3]) & 0xff] & 0xff] ^ - Td1[Te2[(rk[3] >> 8) & 0xff] & 0xff] ^ - Td2[Te2[(rk[3] >> 16) & 0xff] & 0xff] ^ - Td3[Te2[(rk[3] >> 24)] & 0xff]; -#endif - } - return 0; -} - -/* - * Encrypt a single block - * in and out can overlap - */ -void -AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key) -{ - const u32 *rk; - u32 s0, s1, s2, s3, t[4]; - int r; - - rk = key->rd_key; - - /* - * map byte array block to cipher state - * and add initial round key: - */ - s0 = GETU32(in) ^ rk[0]; - s1 = GETU32(in + 4) ^ rk[1]; - s2 = GETU32(in + 8) ^ rk[2]; - s3 = GETU32(in + 12) ^ rk[3]; - -#if defined(AES_COMPACT_IN_OUTER_ROUNDS) - prefetch256(Te4); - - t[0] = Te4[(s0) & 0xff] ^ - Te4[(s1 >> 8) & 0xff] << 8 ^ - Te4[(s2 >> 16) & 0xff] << 16 ^ - Te4[(s3 >> 24)] << 24; - t[1] = Te4[(s1) & 0xff] ^ - Te4[(s2 >> 8) & 0xff] << 8 ^ - Te4[(s3 >> 16) & 0xff] << 16 ^ - Te4[(s0 >> 24)] << 24; - t[2] = Te4[(s2) & 0xff] ^ - Te4[(s3 >> 8) & 0xff] << 8 ^ - Te4[(s0 >> 16) & 0xff] << 16 ^ - Te4[(s1 >> 24)] << 24; - t[3] = Te4[(s3) & 0xff] ^ - Te4[(s0 >> 8) & 0xff] << 8 ^ - Te4[(s1 >> 16) & 0xff] << 16 ^ - Te4[(s2 >> 24)] << 24; - - /* now do the linear transform using words */ - { - int i; - u32 r0, r1, r2; - - for (i = 0; i < 4; i++) { - r0 = t[i]; - r1 = r0 & 0x80808080; - r2 = ((r0 & 0x7f7f7f7f) << 1) ^ - ((r1 - (r1 >> 7)) & 0x1b1b1b1b); -#if defined(ROTATE) - t[i] = r2 ^ ROTATE(r2, 24) ^ ROTATE(r0, 24) ^ - ROTATE(r0, 16) ^ ROTATE(r0, 8); -#else - t[i] = r2 ^ ((r2 ^ r0) << 24) ^ ((r2 ^ r0) >> 8) ^ - (r0 << 16) ^ (r0 >> 16) ^ (r0 << 8) ^ (r0 >> 24); -#endif - t[i] ^= rk[4 + i]; - } - } -#else - t[0] = Te0[(s0) & 0xff] ^ - Te1[(s1 >> 8) & 0xff] ^ - Te2[(s2 >> 16) & 0xff] ^ - Te3[(s3 >> 24)] ^ - rk[4]; - t[1] = Te0[(s1) & 0xff] ^ - Te1[(s2 >> 8) & 0xff] ^ - Te2[(s3 >> 16) & 0xff] ^ - Te3[(s0 >> 24)] ^ - rk[5]; - t[2] = Te0[(s2) & 0xff] ^ - Te1[(s3 >> 8) & 0xff] ^ - Te2[(s0 >> 16) & 0xff] ^ - Te3[(s1 >> 24)] ^ - rk[6]; - t[3] = Te0[(s3) & 0xff] ^ - Te1[(s0 >> 8) & 0xff] ^ - Te2[(s1 >> 16) & 0xff] ^ - Te3[(s2 >> 24)] ^ - rk[7]; -#endif - s0 = t[0]; - s1 = t[1]; - s2 = t[2]; - s3 = t[3]; - - /* - * Nr - 2 full rounds: - */ - for (rk += 8, r = key->rounds - 2; r > 0; rk += 4, r--) { -#if defined(AES_COMPACT_IN_INNER_ROUNDS) - t[0] = Te4[(s0) & 0xff] ^ - Te4[(s1 >> 8) & 0xff] << 8 ^ - Te4[(s2 >> 16) & 0xff] << 16 ^ - Te4[(s3 >> 24)] << 24; - t[1] = Te4[(s1) & 0xff] ^ - Te4[(s2 >> 8) & 0xff] << 8 ^ - Te4[(s3 >> 16) & 0xff] << 16 ^ - Te4[(s0 >> 24)] << 24; - t[2] = Te4[(s2) & 0xff] ^ - Te4[(s3 >> 8) & 0xff] << 8 ^ - Te4[(s0 >> 16) & 0xff] << 16 ^ - Te4[(s1 >> 24)] << 24; - t[3] = Te4[(s3) & 0xff] ^ - Te4[(s0 >> 8) & 0xff] << 8 ^ - Te4[(s1 >> 16) & 0xff] << 16 ^ - Te4[(s2 >> 24)] << 24; - - /* now do the linear transform using words */ - { - int i; - u32 r0, r1, r2; - - for (i = 0; i < 4; i++) { - r0 = t[i]; - r1 = r0 & 0x80808080; - r2 = ((r0 & 0x7f7f7f7f) << 1) ^ - ((r1 - (r1 >> 7)) & 0x1b1b1b1b); -#if defined(ROTATE) - t[i] = r2 ^ ROTATE(r2, 24) ^ ROTATE(r0, 24) ^ - ROTATE(r0, 16) ^ ROTATE(r0, 8); -#else - t[i] = r2 ^ ((r2 ^ r0) << 24) ^ - ((r2 ^ r0) >> 8) ^ - (r0 << 16) ^ (r0 >> 16) ^ - (r0 << 8) ^ (r0 >> 24); -#endif - t[i] ^= rk[i]; - } - } -#else - t[0] = Te0[(s0) & 0xff] ^ - Te1[(s1 >> 8) & 0xff] ^ - Te2[(s2 >> 16) & 0xff] ^ - Te3[(s3 >> 24)] ^ - rk[0]; - t[1] = Te0[(s1) & 0xff] ^ - Te1[(s2 >> 8) & 0xff] ^ - Te2[(s3 >> 16) & 0xff] ^ - Te3[(s0 >> 24)] ^ - rk[1]; - t[2] = Te0[(s2) & 0xff] ^ - Te1[(s3 >> 8) & 0xff] ^ - Te2[(s0 >> 16) & 0xff] ^ - Te3[(s1 >> 24)] ^ - rk[2]; - t[3] = Te0[(s3) & 0xff] ^ - Te1[(s0 >> 8) & 0xff] ^ - Te2[(s1 >> 16) & 0xff] ^ - Te3[(s2 >> 24)] ^ - rk[3]; -#endif - s0 = t[0]; - s1 = t[1]; - s2 = t[2]; - s3 = t[3]; - } - /* - * apply last round and - * map cipher state to byte array block: - */ -#if defined(AES_COMPACT_IN_OUTER_ROUNDS) - prefetch256(Te4); - - *(u32*)(out + 0) = - Te4[(s0) & 0xff] ^ - Te4[(s1 >> 8) & 0xff] << 8 ^ - Te4[(s2 >> 16) & 0xff] << 16 ^ - Te4[(s3 >> 24)] << 24 ^ - rk[0]; - *(u32*)(out + 4) = - Te4[(s1) & 0xff] ^ - Te4[(s2 >> 8) & 0xff] << 8 ^ - Te4[(s3 >> 16) & 0xff] << 16 ^ - Te4[(s0 >> 24)] << 24 ^ - rk[1]; - *(u32*)(out + 8) = - Te4[(s2) & 0xff] ^ - Te4[(s3 >> 8) & 0xff] << 8 ^ - Te4[(s0 >> 16) & 0xff] << 16 ^ - Te4[(s1 >> 24)] << 24 ^ - rk[2]; - *(u32*)(out + 12) = - Te4[(s3) & 0xff] ^ - Te4[(s0 >> 8) & 0xff] << 8 ^ - Te4[(s1 >> 16) & 0xff] << 16 ^ - Te4[(s2 >> 24)] << 24 ^ - rk[3]; -#else - *(u32*)(out + 0) = - (Te2[(s0) & 0xff] & 0x000000ffU) ^ - (Te3[(s1 >> 8) & 0xff] & 0x0000ff00U) ^ - (Te0[(s2 >> 16) & 0xff] & 0x00ff0000U) ^ - (Te1[(s3 >> 24)] & 0xff000000U) ^ - rk[0]; - *(u32*)(out + 4) = - (Te2[(s1) & 0xff] & 0x000000ffU) ^ - (Te3[(s2 >> 8) & 0xff] & 0x0000ff00U) ^ - (Te0[(s3 >> 16) & 0xff] & 0x00ff0000U) ^ - (Te1[(s0 >> 24)] & 0xff000000U) ^ - rk[1]; - *(u32*)(out + 8) = - (Te2[(s2) & 0xff] & 0x000000ffU) ^ - (Te3[(s3 >> 8) & 0xff] & 0x0000ff00U) ^ - (Te0[(s0 >> 16) & 0xff] & 0x00ff0000U) ^ - (Te1[(s1 >> 24)] & 0xff000000U) ^ - rk[2]; - *(u32*)(out + 12) = - (Te2[(s3) & 0xff] & 0x000000ffU) ^ - (Te3[(s0 >> 8) & 0xff] & 0x0000ff00U) ^ - (Te0[(s1 >> 16) & 0xff] & 0x00ff0000U) ^ - (Te1[(s2 >> 24)] & 0xff000000U) ^ - rk[3]; -#endif -} - -/* - * Decrypt a single block - * in and out can overlap - */ -void -AES_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key) -{ - const u32 *rk; - u32 s0, s1, s2, s3, t[4]; - int r; - - rk = key->rd_key; - - /* - * map byte array block to cipher state - * and add initial round key: - */ - s0 = GETU32(in) ^ rk[0]; - s1 = GETU32(in + 4) ^ rk[1]; - s2 = GETU32(in + 8) ^ rk[2]; - s3 = GETU32(in + 12) ^ rk[3]; - -#if defined(AES_COMPACT_IN_OUTER_ROUNDS) - prefetch256(Td4); - - t[0] = Td4[(s0) & 0xff] ^ - Td4[(s3 >> 8) & 0xff] << 8 ^ - Td4[(s2 >> 16) & 0xff] << 16 ^ - Td4[(s1 >> 24)] << 24; - t[1] = Td4[(s1) & 0xff] ^ - Td4[(s0 >> 8) & 0xff] << 8 ^ - Td4[(s3 >> 16) & 0xff] << 16 ^ - Td4[(s2 >> 24)] << 24; - t[2] = Td4[(s2) & 0xff] ^ - Td4[(s1 >> 8) & 0xff] << 8 ^ - Td4[(s0 >> 16) & 0xff] << 16 ^ - Td4[(s3 >> 24)] << 24; - t[3] = Td4[(s3) & 0xff] ^ - Td4[(s2 >> 8) & 0xff] << 8 ^ - Td4[(s1 >> 16) & 0xff] << 16 ^ - Td4[(s0 >> 24)] << 24; - - /* now do the linear transform using words */ - { - int i; - u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m; - - for (i = 0; i < 4; i++) { - tp1 = t[i]; - m = tp1 & 0x80808080; - tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - m = tp2 & 0x80808080; - tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - m = tp4 & 0x80808080; - tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - tp9 = tp8 ^ tp1; - tpb = tp9 ^ tp2; - tpd = tp9 ^ tp4; - tpe = tp8 ^ tp4 ^ tp2; -#if defined(ROTATE) - t[i] = tpe ^ ROTATE(tpd, 16) ^ - ROTATE(tp9, 8) ^ ROTATE(tpb, 24); -#else - t[i] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ - (tp9 >> 24) ^ (tp9 << 8) ^ (tpb >> 8) ^ (tpb << 24); -#endif - t[i] ^= rk[4 + i]; - } - } -#else - t[0] = Td0[(s0) & 0xff] ^ - Td1[(s3 >> 8) & 0xff] ^ - Td2[(s2 >> 16) & 0xff] ^ - Td3[(s1 >> 24)] ^ - rk[4]; - t[1] = Td0[(s1) & 0xff] ^ - Td1[(s0 >> 8) & 0xff] ^ - Td2[(s3 >> 16) & 0xff] ^ - Td3[(s2 >> 24)] ^ - rk[5]; - t[2] = Td0[(s2) & 0xff] ^ - Td1[(s1 >> 8) & 0xff] ^ - Td2[(s0 >> 16) & 0xff] ^ - Td3[(s3 >> 24)] ^ - rk[6]; - t[3] = Td0[(s3) & 0xff] ^ - Td1[(s2 >> 8) & 0xff] ^ - Td2[(s1 >> 16) & 0xff] ^ - Td3[(s0 >> 24)] ^ - rk[7]; -#endif - s0 = t[0]; - s1 = t[1]; - s2 = t[2]; - s3 = t[3]; - - /* - * Nr - 2 full rounds: - */ - for (rk += 8, r = key->rounds - 2; r > 0; rk += 4, r--) { -#if defined(AES_COMPACT_IN_INNER_ROUNDS) - t[0] = Td4[(s0) & 0xff] ^ - Td4[(s3 >> 8) & 0xff] << 8 ^ - Td4[(s2 >> 16) & 0xff] << 16 ^ - Td4[(s1 >> 24)] << 24; - t[1] = Td4[(s1) & 0xff] ^ - Td4[(s0 >> 8) & 0xff] << 8 ^ - Td4[(s3 >> 16) & 0xff] << 16 ^ - Td4[(s2 >> 24)] << 24; - t[2] = Td4[(s2) & 0xff] ^ - Td4[(s1 >> 8) & 0xff] << 8 ^ - Td4[(s0 >> 16) & 0xff] << 16 ^ - Td4[(s3 >> 24)] << 24; - t[3] = Td4[(s3) & 0xff] ^ - Td4[(s2 >> 8) & 0xff] << 8 ^ - Td4[(s1 >> 16) & 0xff] << 16 ^ - Td4[(s0 >> 24)] << 24; - - /* now do the linear transform using words */ - { - int i; - u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m; - - for (i = 0; i < 4; i++) { - tp1 = t[i]; - m = tp1 & 0x80808080; - tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - m = tp2 & 0x80808080; - tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - m = tp4 & 0x80808080; - tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - tp9 = tp8 ^ tp1; - tpb = tp9 ^ tp2; - tpd = tp9 ^ tp4; - tpe = tp8 ^ tp4 ^ tp2; -#if defined(ROTATE) - t[i] = tpe ^ ROTATE(tpd, 16) ^ - ROTATE(tp9, 8) ^ ROTATE(tpb, 24); -#else - t[i] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ - (tp9 >> 24) ^ (tp9 << 8) ^ - (tpb >> 8) ^ (tpb << 24); -#endif - t[i] ^= rk[i]; - } - } -#else - t[0] = Td0[(s0) & 0xff] ^ - Td1[(s3 >> 8) & 0xff] ^ - Td2[(s2 >> 16) & 0xff] ^ - Td3[(s1 >> 24)] ^ - rk[0]; - t[1] = Td0[(s1) & 0xff] ^ - Td1[(s0 >> 8) & 0xff] ^ - Td2[(s3 >> 16) & 0xff] ^ - Td3[(s2 >> 24)] ^ - rk[1]; - t[2] = Td0[(s2) & 0xff] ^ - Td1[(s1 >> 8) & 0xff] ^ - Td2[(s0 >> 16) & 0xff] ^ - Td3[(s3 >> 24)] ^ - rk[2]; - t[3] = Td0[(s3) & 0xff] ^ - Td1[(s2 >> 8) & 0xff] ^ - Td2[(s1 >> 16) & 0xff] ^ - Td3[(s0 >> 24)] ^ - rk[3]; -#endif - s0 = t[0]; - s1 = t[1]; - s2 = t[2]; - s3 = t[3]; - } - /* - * apply last round and - * map cipher state to byte array block: - */ - prefetch256(Td4); - - *(u32*)(out + 0) = - (Td4[(s0) & 0xff]) ^ - (Td4[(s3 >> 8) & 0xff] << 8) ^ - (Td4[(s2 >> 16) & 0xff] << 16) ^ - (Td4[(s1 >> 24)] << 24) ^ - rk[0]; - *(u32*)(out + 4) = - (Td4[(s1) & 0xff]) ^ - (Td4[(s0 >> 8) & 0xff] << 8) ^ - (Td4[(s3 >> 16) & 0xff] << 16) ^ - (Td4[(s2 >> 24)] << 24) ^ - rk[1]; - *(u32*)(out + 8) = - (Td4[(s2) & 0xff]) ^ - (Td4[(s1 >> 8) & 0xff] << 8) ^ - (Td4[(s0 >> 16) & 0xff] << 16) ^ - (Td4[(s3 >> 24)] << 24) ^ - rk[2]; - *(u32*)(out + 12) = - (Td4[(s3) & 0xff]) ^ - (Td4[(s2 >> 8) & 0xff] << 8) ^ - (Td4[(s1 >> 16) & 0xff] << 16) ^ - (Td4[(s0 >> 24)] << 24) ^ - rk[3]; -} diff --git a/lib/libcrypto/aes/asm/aesni-sha1-x86_64.pl b/lib/libcrypto/aes/asm/aesni-sha1-x86_64.pl deleted file mode 100644 index 5eb5b7bf6..000000000 --- a/lib/libcrypto/aes/asm/aesni-sha1-x86_64.pl +++ /dev/null @@ -1,1237 +0,0 @@ -#!/usr/bin/env perl -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# June 2011 -# -# This is AESNI-CBC+SHA1 "stitch" implementation. The idea, as spelled -# in http://download.intel.com/design/intarch/papers/323686.pdf, is -# that since AESNI-CBC encrypt exhibit *very* low instruction-level -# parallelism, interleaving it with another algorithm would allow to -# utilize processor resources better and achieve better performance. -# SHA1 instruction sequences(*) are taken from sha1-x86_64.pl and -# AESNI code is weaved into it. Below are performance numbers in -# cycles per processed byte, less is better, for standalone AESNI-CBC -# encrypt, sum of the latter and standalone SHA1, and "stitched" -# subroutine: -# -# AES-128-CBC +SHA1 stitch gain -# Westmere 3.77[+5.6] 9.37 6.65 +41% -# Sandy Bridge 5.05[+5.2(6.3)] 10.25(11.35) 6.16(7.08) +67%(+60%) -# -# AES-192-CBC -# Westmere 4.51 10.11 6.97 +45% -# Sandy Bridge 6.05 11.25(12.35) 6.34(7.27) +77%(+70%) -# -# AES-256-CBC -# Westmere 5.25 10.85 7.25 +50% -# Sandy Bridge 7.05 12.25(13.35) 7.06(7.70) +74%(+73%) -# -# (*) There are two code paths: SSSE3 and AVX. See sha1-568.pl for -# background information. Above numbers in parentheses are SSSE3 -# results collected on AVX-capable CPU, i.e. apply on OSes that -# don't support AVX. -# -# Needless to mention that it makes no sense to implement "stitched" -# *decrypt* subroutine. Because *both* AESNI-CBC decrypt and SHA1 -# fully utilize parallelism, so stitching would not give any gain -# anyway. Well, there might be some, e.g. because of better cache -# locality... For reference, here are performance results for -# standalone AESNI-CBC decrypt: -# -# AES-128-CBC AES-192-CBC AES-256-CBC -# Westmere 1.31 1.55 1.80 -# Sandy Bridge 0.93 1.06 1.22 - -$flavour = shift; -$output = shift; -if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -$avx=1 if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` - =~ /GNU assembler version ([2-9]\.[0-9]+)/ && - $1>=2.19); -$avx=1 if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) && - `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/ && - $1>=2.09); -$avx=1 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && - `ml64 2>&1` =~ /Version ([0-9]+)\./ && - $1>=10); - -open OUT,"| \"$^X\" $xlate $flavour $output"; -*STDOUT=*OUT; - -# void aesni_cbc_sha1_enc(const void *inp, -# void *out, -# size_t length, -# const AES_KEY *key, -# unsigned char *iv, -# SHA_CTX *ctx, -# const void *in0); - -$code.=<<___; -.text -.extern OPENSSL_ia32cap_P -.hidden OPENSSL_ia32cap_P - -.globl aesni_cbc_sha1_enc -.type aesni_cbc_sha1_enc,\@abi-omnipotent -.align 16 -aesni_cbc_sha1_enc: - _CET_ENDBR - # caller should check for SSSE3 and AES-NI bits - mov OPENSSL_ia32cap_P+0(%rip),%r10d - mov OPENSSL_ia32cap_P+4(%rip),%r11d -___ -$code.=<<___ if ($avx); - and \$IA32CAP_MASK1_AVX,%r11d # mask AVX bit - and \$IA32CAP_MASK0_INTEL,%r10d # mask "Intel CPU" bit - or %r11d,%r10d - cmp \$(IA32CAP_MASK1_AVX|IA32CAP_MASK0_INTEL),%r10d - je aesni_cbc_sha1_enc_avx -___ -$code.=<<___; - jmp aesni_cbc_sha1_enc_ssse3 - ret -.size aesni_cbc_sha1_enc,.-aesni_cbc_sha1_enc -___ - -my ($in0,$out,$len,$key,$ivp,$ctx,$inp)=("%rdi","%rsi","%rdx","%rcx","%r8","%r9","%r10"); - -my $Xi=4; -my @X=map("%xmm$_",(4..7,0..3)); -my @Tx=map("%xmm$_",(8..10)); -my @V=($A,$B,$C,$D,$E)=("%eax","%ebx","%ecx","%edx","%ebp"); # size optimization -my @T=("%esi","%edi"); -my $j=0; my $jj=0; my $r=0; my $sn=0; -my $K_XX_XX="%r11"; -my ($iv,$in,$rndkey0)=map("%xmm$_",(11..13)); -my @rndkey=("%xmm14","%xmm15"); - -sub AUTOLOAD() # thunk [simplified] 32-bit style perlasm -{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; - my $arg = pop; - $arg = "\$$arg" if ($arg*1 eq $arg); - $code .= "\t$opcode\t".join(',',$arg,reverse @_)."\n"; -} - -my $_rol=sub { &rol(@_) }; -my $_ror=sub { &ror(@_) }; - -$code.=<<___; -.type aesni_cbc_sha1_enc_ssse3,\@function,6 -.align 16 -aesni_cbc_sha1_enc_ssse3: - _CET_ENDBR - mov `($win64?56:8)`(%rsp),$inp # load 7th argument - #shr \$6,$len # debugging artefact - #jz .Lepilogue_ssse3 # debugging artefact - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - lea `-104-($win64?10*16:0)`(%rsp),%rsp - #mov $in0,$inp # debugging artefact - #lea 64(%rsp),$ctx # debugging artefact -___ -$code.=<<___ if ($win64); - movaps %xmm6,96+0(%rsp) - movaps %xmm7,96+16(%rsp) - movaps %xmm8,96+32(%rsp) - movaps %xmm9,96+48(%rsp) - movaps %xmm10,96+64(%rsp) - movaps %xmm11,96+80(%rsp) - movaps %xmm12,96+96(%rsp) - movaps %xmm13,96+112(%rsp) - movaps %xmm14,96+128(%rsp) - movaps %xmm15,96+144(%rsp) -.Lprologue_ssse3: -___ -$code.=<<___; - mov $in0,%r12 # reassign arguments - mov $out,%r13 - mov $len,%r14 - mov $key,%r15 - movdqu ($ivp),$iv # load IV - mov $ivp,88(%rsp) # save $ivp -___ -my ($in0,$out,$len,$key)=map("%r$_",(12..15)); # reassign arguments -my $rounds="${ivp}d"; -$code.=<<___; - shl \$6,$len - sub $in0,$out - mov 240($key),$rounds - add $inp,$len # end of input - - lea K_XX_XX(%rip),$K_XX_XX - mov 0($ctx),$A # load context - mov 4($ctx),$B - mov 8($ctx),$C - mov 12($ctx),$D - mov $B,@T[0] # magic seed - mov 16($ctx),$E - - movdqa 64($K_XX_XX),@X[2] # pbswap mask - movdqa 0($K_XX_XX),@Tx[1] # K_00_19 - movdqu 0($inp),@X[-4&7] # load input to %xmm[0-3] - movdqu 16($inp),@X[-3&7] - movdqu 32($inp),@X[-2&7] - movdqu 48($inp),@X[-1&7] - pshufb @X[2],@X[-4&7] # byte swap - add \$64,$inp - pshufb @X[2],@X[-3&7] - pshufb @X[2],@X[-2&7] - pshufb @X[2],@X[-1&7] - paddd @Tx[1],@X[-4&7] # add K_00_19 - paddd @Tx[1],@X[-3&7] - paddd @Tx[1],@X[-2&7] - movdqa @X[-4&7],0(%rsp) # X[]+K xfer to IALU - psubd @Tx[1],@X[-4&7] # restore X[] - movdqa @X[-3&7],16(%rsp) - psubd @Tx[1],@X[-3&7] - movdqa @X[-2&7],32(%rsp) - psubd @Tx[1],@X[-2&7] - movups ($key),$rndkey0 # $key[0] - movups 16($key),$rndkey[0] # forward reference - jmp .Loop_ssse3 -___ - -my $aesenc=sub { - use integer; - my ($n,$k)=($r/10,$r%10); - if ($k==0) { - $code.=<<___; - movups `16*$n`($in0),$in # load input - xorps $rndkey0,$in -___ - $code.=<<___ if ($n); - movups $iv,`16*($n-1)`($out,$in0) # write output -___ - $code.=<<___; - xorps $in,$iv - aesenc $rndkey[0],$iv - movups `32+16*$k`($key),$rndkey[1] -___ - } elsif ($k==9) { - $sn++; - $code.=<<___; - cmp \$11,$rounds - jb .Laesenclast$sn - movups `32+16*($k+0)`($key),$rndkey[1] - aesenc $rndkey[0],$iv - movups `32+16*($k+1)`($key),$rndkey[0] - aesenc $rndkey[1],$iv - je .Laesenclast$sn - movups `32+16*($k+2)`($key),$rndkey[1] - aesenc $rndkey[0],$iv - movups `32+16*($k+3)`($key),$rndkey[0] - aesenc $rndkey[1],$iv -.Laesenclast$sn: - aesenclast $rndkey[0],$iv - movups 16($key),$rndkey[1] # forward reference -___ - } else { - $code.=<<___; - aesenc $rndkey[0],$iv - movups `32+16*$k`($key),$rndkey[1] -___ - } - $r++; unshift(@rndkey,pop(@rndkey)); -}; - -sub Xupdate_ssse3_16_31() # recall that $Xi starts with 4 -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 40 instructions - my ($a,$b,$c,$d,$e); - - &movdqa (@X[0],@X[-3&7]); - eval(shift(@insns)); - eval(shift(@insns)); - &movdqa (@Tx[0],@X[-1&7]); - &palignr(@X[0],@X[-4&7],8); # compose "X[-14]" in "X[0]" - eval(shift(@insns)); - eval(shift(@insns)); - - &paddd (@Tx[1],@X[-1&7]); - eval(shift(@insns)); - eval(shift(@insns)); - &psrldq (@Tx[0],4); # "X[-3]", 3 dwords - eval(shift(@insns)); - eval(shift(@insns)); - &pxor (@X[0],@X[-4&7]); # "X[0]"^="X[-16]" - eval(shift(@insns)); - eval(shift(@insns)); - - &pxor (@Tx[0],@X[-2&7]); # "X[-3]"^"X[-8]" - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &pxor (@X[0],@Tx[0]); # "X[0]"^="X[-3]"^"X[-8]" - eval(shift(@insns)); - eval(shift(@insns)); - &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU - eval(shift(@insns)); - eval(shift(@insns)); - - &movdqa (@Tx[2],@X[0]); - &movdqa (@Tx[0],@X[0]); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &pslldq (@Tx[2],12); # "X[0]"<<96, extract one dword - &paddd (@X[0],@X[0]); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &psrld (@Tx[0],31); - eval(shift(@insns)); - eval(shift(@insns)); - &movdqa (@Tx[1],@Tx[2]); - eval(shift(@insns)); - eval(shift(@insns)); - - &psrld (@Tx[2],30); - &por (@X[0],@Tx[0]); # "X[0]"<<<=1 - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &pslld (@Tx[1],2); - &pxor (@X[0],@Tx[2]); - eval(shift(@insns)); - eval(shift(@insns)); - &movdqa (@Tx[2],eval(16*(($Xi)/5))."($K_XX_XX)"); # K_XX_XX - eval(shift(@insns)); - eval(shift(@insns)); - - &pxor (@X[0],@Tx[1]); # "X[0]"^=("X[0]">>96)<<<2 - - foreach (@insns) { eval; } # remaining instructions [if any] - - $Xi++; push(@X,shift(@X)); # "rotate" X[] - push(@Tx,shift(@Tx)); -} - -sub Xupdate_ssse3_32_79() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 32 to 48 instructions - my ($a,$b,$c,$d,$e); - - &movdqa (@Tx[0],@X[-1&7]) if ($Xi==8); - eval(shift(@insns)); # body_20_39 - &pxor (@X[0],@X[-4&7]); # "X[0]"="X[-32]"^"X[-16]" - &palignr(@Tx[0],@X[-2&7],8); # compose "X[-6]" - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # rol - - &pxor (@X[0],@X[-7&7]); # "X[0]"^="X[-28]" - eval(shift(@insns)); - eval(shift(@insns)) if (@insns[0] !~ /&ro[rl]/); - if ($Xi%5) { - &movdqa (@Tx[2],@Tx[1]);# "perpetuate" K_XX_XX... - } else { # ... or load next one - &movdqa (@Tx[2],eval(16*($Xi/5))."($K_XX_XX)"); - } - &paddd (@Tx[1],@X[-1&7]); - eval(shift(@insns)); # ror - eval(shift(@insns)); - - &pxor (@X[0],@Tx[0]); # "X[0]"^="X[-6]" - eval(shift(@insns)); # body_20_39 - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # rol - - &movdqa (@Tx[0],@X[0]); - &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # ror - eval(shift(@insns)); - - &pslld (@X[0],2); - eval(shift(@insns)); # body_20_39 - eval(shift(@insns)); - &psrld (@Tx[0],30); - eval(shift(@insns)); - eval(shift(@insns)); # rol - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # ror - eval(shift(@insns)); - - &por (@X[0],@Tx[0]); # "X[0]"<<<=2 - eval(shift(@insns)); # body_20_39 - eval(shift(@insns)); - &movdqa (@Tx[1],@X[0]) if ($Xi<19); - eval(shift(@insns)); - eval(shift(@insns)); # rol - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # rol - eval(shift(@insns)); - - foreach (@insns) { eval; } # remaining instructions - - $Xi++; push(@X,shift(@X)); # "rotate" X[] - push(@Tx,shift(@Tx)); -} - -sub Xuplast_ssse3_80() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 32 instructions - my ($a,$b,$c,$d,$e); - - eval(shift(@insns)); - &paddd (@Tx[1],@X[-1&7]); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer IALU - - foreach (@insns) { eval; } # remaining instructions - - &cmp ($inp,$len); - &je (".Ldone_ssse3"); - - unshift(@Tx,pop(@Tx)); - - &movdqa (@X[2],"64($K_XX_XX)"); # pbswap mask - &movdqa (@Tx[1],"0($K_XX_XX)"); # K_00_19 - &movdqu (@X[-4&7],"0($inp)"); # load input - &movdqu (@X[-3&7],"16($inp)"); - &movdqu (@X[-2&7],"32($inp)"); - &movdqu (@X[-1&7],"48($inp)"); - &pshufb (@X[-4&7],@X[2]); # byte swap - &add ($inp,64); - - $Xi=0; -} - -sub Xloop_ssse3() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 32 instructions - my ($a,$b,$c,$d,$e); - - eval(shift(@insns)); - eval(shift(@insns)); - &pshufb (@X[($Xi-3)&7],@X[2]); - eval(shift(@insns)); - eval(shift(@insns)); - &paddd (@X[($Xi-4)&7],@Tx[1]); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &movdqa (eval(16*$Xi)."(%rsp)",@X[($Xi-4)&7]); # X[]+K xfer to IALU - eval(shift(@insns)); - eval(shift(@insns)); - &psubd (@X[($Xi-4)&7],@Tx[1]); - - foreach (@insns) { eval; } - $Xi++; -} - -sub Xtail_ssse3() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 32 instructions - my ($a,$b,$c,$d,$e); - - foreach (@insns) { eval; } -} - -sub body_00_19 () { - use integer; - my ($k,$n); - my @r=( - '($a,$b,$c,$d,$e)=@V;'. - '&add ($e,eval(4*($j&15))."(%rsp)");', # X[]+K xfer - '&xor ($c,$d);', - '&mov (@T[1],$a);', # $b in next round - '&$_rol ($a,5);', - '&and (@T[0],$c);', # ($b&($c^$d)) - '&xor ($c,$d);', # restore $c - '&xor (@T[0],$d);', - '&add ($e,$a);', - '&$_ror ($b,$j?7:2);', # $b>>>2 - '&add ($e,@T[0]);' .'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));' - ); - $n = scalar(@r); - $k = (($jj+1)*12/20)*20*$n/12; # 12 aesencs per these 20 rounds - @r[$k%$n].='&$aesenc();' if ($jj==$k/$n); - $jj++; - return @r; -} - -sub body_20_39 () { - use integer; - my ($k,$n); - my @r=( - '($a,$b,$c,$d,$e)=@V;'. - '&add ($e,eval(4*($j++&15))."(%rsp)");', # X[]+K xfer - '&xor (@T[0],$d);', # ($b^$d) - '&mov (@T[1],$a);', # $b in next round - '&$_rol ($a,5);', - '&xor (@T[0],$c);', # ($b^$d^$c) - '&add ($e,$a);', - '&$_ror ($b,7);', # $b>>>2 - '&add ($e,@T[0]);' .'unshift(@V,pop(@V)); unshift(@T,pop(@T));' - ); - $n = scalar(@r); - $k = (($jj+1)*8/20)*20*$n/8; # 8 aesencs per these 20 rounds - @r[$k%$n].='&$aesenc();' if ($jj==$k/$n); - $jj++; - return @r; -} - -sub body_40_59 () { - use integer; - my ($k,$n); - my @r=( - '($a,$b,$c,$d,$e)=@V;'. - '&mov (@T[1],$c);', - '&xor ($c,$d);', - '&add ($e,eval(4*($j++&15))."(%rsp)");', # X[]+K xfer - '&and (@T[1],$d);', - '&and (@T[0],$c);', # ($b&($c^$d)) - '&$_ror ($b,7);', # $b>>>2 - '&add ($e,@T[1]);', - '&mov (@T[1],$a);', # $b in next round - '&$_rol ($a,5);', - '&add ($e,@T[0]);', - '&xor ($c,$d);', # restore $c - '&add ($e,$a);' .'unshift(@V,pop(@V)); unshift(@T,pop(@T));' - ); - $n = scalar(@r); - $k=(($jj+1)*12/20)*20*$n/12; # 12 aesencs per these 20 rounds - @r[$k%$n].='&$aesenc();' if ($jj==$k/$n); - $jj++; - return @r; -} -$code.=<<___; -.align 16 -.Loop_ssse3: -___ - &Xupdate_ssse3_16_31(\&body_00_19); - &Xupdate_ssse3_16_31(\&body_00_19); - &Xupdate_ssse3_16_31(\&body_00_19); - &Xupdate_ssse3_16_31(\&body_00_19); - &Xupdate_ssse3_32_79(\&body_00_19); - &Xupdate_ssse3_32_79(\&body_20_39); - &Xupdate_ssse3_32_79(\&body_20_39); - &Xupdate_ssse3_32_79(\&body_20_39); - &Xupdate_ssse3_32_79(\&body_20_39); - &Xupdate_ssse3_32_79(\&body_20_39); - &Xupdate_ssse3_32_79(\&body_40_59); - &Xupdate_ssse3_32_79(\&body_40_59); - &Xupdate_ssse3_32_79(\&body_40_59); - &Xupdate_ssse3_32_79(\&body_40_59); - &Xupdate_ssse3_32_79(\&body_40_59); - &Xupdate_ssse3_32_79(\&body_20_39); - &Xuplast_ssse3_80(\&body_20_39); # can jump to "done" - - $saved_j=$j; @saved_V=@V; - $saved_r=$r; @saved_rndkey=@rndkey; - - &Xloop_ssse3(\&body_20_39); - &Xloop_ssse3(\&body_20_39); - &Xloop_ssse3(\&body_20_39); - -$code.=<<___; - movups $iv,48($out,$in0) # write output - lea 64($in0),$in0 - - add 0($ctx),$A # update context - add 4($ctx),@T[0] - add 8($ctx),$C - add 12($ctx),$D - mov $A,0($ctx) - add 16($ctx),$E - mov @T[0],4($ctx) - mov @T[0],$B # magic seed - mov $C,8($ctx) - mov $D,12($ctx) - mov $E,16($ctx) - jmp .Loop_ssse3 - -.align 16 -.Ldone_ssse3: -___ - $jj=$j=$saved_j; @V=@saved_V; - $r=$saved_r; @rndkey=@saved_rndkey; - - &Xtail_ssse3(\&body_20_39); - &Xtail_ssse3(\&body_20_39); - &Xtail_ssse3(\&body_20_39); - -$code.=<<___; - movups $iv,48($out,$in0) # write output - mov 88(%rsp),$ivp # restore $ivp - - add 0($ctx),$A # update context - add 4($ctx),@T[0] - add 8($ctx),$C - mov $A,0($ctx) - add 12($ctx),$D - mov @T[0],4($ctx) - add 16($ctx),$E - mov $C,8($ctx) - mov $D,12($ctx) - mov $E,16($ctx) - movups $iv,($ivp) # write IV -___ -$code.=<<___ if ($win64); - movaps 96+0(%rsp),%xmm6 - movaps 96+16(%rsp),%xmm7 - movaps 96+32(%rsp),%xmm8 - movaps 96+48(%rsp),%xmm9 - movaps 96+64(%rsp),%xmm10 - movaps 96+80(%rsp),%xmm11 - movaps 96+96(%rsp),%xmm12 - movaps 96+112(%rsp),%xmm13 - movaps 96+128(%rsp),%xmm14 - movaps 96+144(%rsp),%xmm15 -___ -$code.=<<___; - lea `104+($win64?10*16:0)`(%rsp),%rsi - mov 0(%rsi),%r15 - mov 8(%rsi),%r14 - mov 16(%rsi),%r13 - mov 24(%rsi),%r12 - mov 32(%rsi),%rbp - mov 40(%rsi),%rbx - lea 48(%rsi),%rsp -.Lepilogue_ssse3: - ret -.size aesni_cbc_sha1_enc_ssse3,.-aesni_cbc_sha1_enc_ssse3 -___ - -$j=$jj=$r=$sn=0; - -if ($avx) { -my ($in0,$out,$len,$key,$ivp,$ctx,$inp)=("%rdi","%rsi","%rdx","%rcx","%r8","%r9","%r10"); - -my $Xi=4; -my @X=map("%xmm$_",(4..7,0..3)); -my @Tx=map("%xmm$_",(8..10)); -my @V=($A,$B,$C,$D,$E)=("%eax","%ebx","%ecx","%edx","%ebp"); # size optimization -my @T=("%esi","%edi"); - -my $_rol=sub { &shld(@_[0],@_) }; -my $_ror=sub { &shrd(@_[0],@_) }; - -$code.=<<___; -.type aesni_cbc_sha1_enc_avx,\@function,6 -.align 16 -aesni_cbc_sha1_enc_avx: - _CET_ENDBR - mov `($win64?56:8)`(%rsp),$inp # load 7th argument - #shr \$6,$len # debugging artefact - #jz .Lepilogue_avx # debugging artefact - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - lea `-104-($win64?10*16:0)`(%rsp),%rsp - #mov $in0,$inp # debugging artefact - #lea 64(%rsp),$ctx # debugging artefact -___ -$code.=<<___ if ($win64); - movaps %xmm6,96+0(%rsp) - movaps %xmm7,96+16(%rsp) - movaps %xmm8,96+32(%rsp) - movaps %xmm9,96+48(%rsp) - movaps %xmm10,96+64(%rsp) - movaps %xmm11,96+80(%rsp) - movaps %xmm12,96+96(%rsp) - movaps %xmm13,96+112(%rsp) - movaps %xmm14,96+128(%rsp) - movaps %xmm15,96+144(%rsp) -.Lprologue_avx: -___ -$code.=<<___; - vzeroall - mov $in0,%r12 # reassign arguments - mov $out,%r13 - mov $len,%r14 - mov $key,%r15 - vmovdqu ($ivp),$iv # load IV - mov $ivp,88(%rsp) # save $ivp -___ -my ($in0,$out,$len,$key)=map("%r$_",(12..15)); # reassign arguments -my $rounds="${ivp}d"; -$code.=<<___; - shl \$6,$len - sub $in0,$out - mov 240($key),$rounds - add \$112,$key # size optimization - add $inp,$len # end of input - - lea K_XX_XX(%rip),$K_XX_XX - mov 0($ctx),$A # load context - mov 4($ctx),$B - mov 8($ctx),$C - mov 12($ctx),$D - mov $B,@T[0] # magic seed - mov 16($ctx),$E - - vmovdqa 64($K_XX_XX),@X[2] # pbswap mask - vmovdqa 0($K_XX_XX),@Tx[1] # K_00_19 - vmovdqu 0($inp),@X[-4&7] # load input to %xmm[0-3] - vmovdqu 16($inp),@X[-3&7] - vmovdqu 32($inp),@X[-2&7] - vmovdqu 48($inp),@X[-1&7] - vpshufb @X[2],@X[-4&7],@X[-4&7] # byte swap - add \$64,$inp - vpshufb @X[2],@X[-3&7],@X[-3&7] - vpshufb @X[2],@X[-2&7],@X[-2&7] - vpshufb @X[2],@X[-1&7],@X[-1&7] - vpaddd @Tx[1],@X[-4&7],@X[0] # add K_00_19 - vpaddd @Tx[1],@X[-3&7],@X[1] - vpaddd @Tx[1],@X[-2&7],@X[2] - vmovdqa @X[0],0(%rsp) # X[]+K xfer to IALU - vmovdqa @X[1],16(%rsp) - vmovdqa @X[2],32(%rsp) - vmovups -112($key),$rndkey0 # $key[0] - vmovups 16-112($key),$rndkey[0] # forward reference - jmp .Loop_avx -___ - -my $aesenc=sub { - use integer; - my ($n,$k)=($r/10,$r%10); - if ($k==0) { - $code.=<<___; - vmovups `16*$n`($in0),$in # load input - vxorps $rndkey0,$in,$in -___ - $code.=<<___ if ($n); - vmovups $iv,`16*($n-1)`($out,$in0) # write output -___ - $code.=<<___; - vxorps $in,$iv,$iv - vaesenc $rndkey[0],$iv,$iv - vmovups `32+16*$k-112`($key),$rndkey[1] -___ - } elsif ($k==9) { - $sn++; - $code.=<<___; - cmp \$11,$rounds - jb .Lvaesenclast$sn - vaesenc $rndkey[0],$iv,$iv - vmovups `32+16*($k+0)-112`($key),$rndkey[1] - vaesenc $rndkey[1],$iv,$iv - vmovups `32+16*($k+1)-112`($key),$rndkey[0] - je .Lvaesenclast$sn - vaesenc $rndkey[0],$iv,$iv - vmovups `32+16*($k+2)-112`($key),$rndkey[1] - vaesenc $rndkey[1],$iv,$iv - vmovups `32+16*($k+3)-112`($key),$rndkey[0] -.Lvaesenclast$sn: - vaesenclast $rndkey[0],$iv,$iv - vmovups 16-112($key),$rndkey[1] # forward reference -___ - } else { - $code.=<<___; - vaesenc $rndkey[0],$iv,$iv - vmovups `32+16*$k-112`($key),$rndkey[1] -___ - } - $r++; unshift(@rndkey,pop(@rndkey)); -}; - -sub Xupdate_avx_16_31() # recall that $Xi starts with 4 -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 40 instructions - my ($a,$b,$c,$d,$e); - - eval(shift(@insns)); - eval(shift(@insns)); - &vpalignr(@X[0],@X[-3&7],@X[-4&7],8); # compose "X[-14]" in "X[0]" - eval(shift(@insns)); - eval(shift(@insns)); - - &vpaddd (@Tx[1],@Tx[1],@X[-1&7]); - eval(shift(@insns)); - eval(shift(@insns)); - &vpsrldq(@Tx[0],@X[-1&7],4); # "X[-3]", 3 dwords - eval(shift(@insns)); - eval(shift(@insns)); - &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"^="X[-16]" - eval(shift(@insns)); - eval(shift(@insns)); - - &vpxor (@Tx[0],@Tx[0],@X[-2&7]); # "X[-3]"^"X[-8]" - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &vpxor (@X[0],@X[0],@Tx[0]); # "X[0]"^="X[-3]"^"X[-8]" - eval(shift(@insns)); - eval(shift(@insns)); - &vmovdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU - eval(shift(@insns)); - eval(shift(@insns)); - - &vpsrld (@Tx[0],@X[0],31); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &vpslldq(@Tx[2],@X[0],12); # "X[0]"<<96, extract one dword - &vpaddd (@X[0],@X[0],@X[0]); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &vpsrld (@Tx[1],@Tx[2],30); - &vpor (@X[0],@X[0],@Tx[0]); # "X[0]"<<<=1 - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &vpslld (@Tx[2],@Tx[2],2); - &vpxor (@X[0],@X[0],@Tx[1]); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &vpxor (@X[0],@X[0],@Tx[2]); # "X[0]"^=("X[0]">>96)<<<2 - eval(shift(@insns)); - eval(shift(@insns)); - &vmovdqa (@Tx[2],eval(16*(($Xi)/5))."($K_XX_XX)"); # K_XX_XX - eval(shift(@insns)); - eval(shift(@insns)); - - - foreach (@insns) { eval; } # remaining instructions [if any] - - $Xi++; push(@X,shift(@X)); # "rotate" X[] - push(@Tx,shift(@Tx)); -} - -sub Xupdate_avx_32_79() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 32 to 48 instructions - my ($a,$b,$c,$d,$e); - - &vpalignr(@Tx[0],@X[-1&7],@X[-2&7],8); # compose "X[-6]" - &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"="X[-32]"^"X[-16]" - eval(shift(@insns)); # body_20_39 - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # rol - - &vpxor (@X[0],@X[0],@X[-7&7]); # "X[0]"^="X[-28]" - eval(shift(@insns)); - eval(shift(@insns)) if (@insns[0] !~ /&ro[rl]/); - if ($Xi%5) { - &vmovdqa (@Tx[2],@Tx[1]);# "perpetuate" K_XX_XX... - } else { # ... or load next one - &vmovdqa (@Tx[2],eval(16*($Xi/5))."($K_XX_XX)"); - } - &vpaddd (@Tx[1],@Tx[1],@X[-1&7]); - eval(shift(@insns)); # ror - eval(shift(@insns)); - - &vpxor (@X[0],@X[0],@Tx[0]); # "X[0]"^="X[-6]" - eval(shift(@insns)); # body_20_39 - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # rol - - &vpsrld (@Tx[0],@X[0],30); - &vmovdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # ror - eval(shift(@insns)); - - &vpslld (@X[0],@X[0],2); - eval(shift(@insns)); # body_20_39 - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # rol - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # ror - eval(shift(@insns)); - - &vpor (@X[0],@X[0],@Tx[0]); # "X[0]"<<<=2 - eval(shift(@insns)); # body_20_39 - eval(shift(@insns)); - &vmovdqa (@Tx[1],@X[0]) if ($Xi<19); - eval(shift(@insns)); - eval(shift(@insns)); # rol - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # rol - eval(shift(@insns)); - - foreach (@insns) { eval; } # remaining instructions - - $Xi++; push(@X,shift(@X)); # "rotate" X[] - push(@Tx,shift(@Tx)); -} - -sub Xuplast_avx_80() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 32 instructions - my ($a,$b,$c,$d,$e); - - eval(shift(@insns)); - &vpaddd (@Tx[1],@Tx[1],@X[-1&7]); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer IALU - - foreach (@insns) { eval; } # remaining instructions - - &cmp ($inp,$len); - &je (".Ldone_avx"); - - unshift(@Tx,pop(@Tx)); - - &vmovdqa(@X[2],"64($K_XX_XX)"); # pbswap mask - &vmovdqa(@Tx[1],"0($K_XX_XX)"); # K_00_19 - &vmovdqu(@X[-4&7],"0($inp)"); # load input - &vmovdqu(@X[-3&7],"16($inp)"); - &vmovdqu(@X[-2&7],"32($inp)"); - &vmovdqu(@X[-1&7],"48($inp)"); - &vpshufb(@X[-4&7],@X[-4&7],@X[2]); # byte swap - &add ($inp,64); - - $Xi=0; -} - -sub Xloop_avx() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 32 instructions - my ($a,$b,$c,$d,$e); - - eval(shift(@insns)); - eval(shift(@insns)); - &vpshufb(@X[($Xi-3)&7],@X[($Xi-3)&7],@X[2]); - eval(shift(@insns)); - eval(shift(@insns)); - &vpaddd (@X[$Xi&7],@X[($Xi-4)&7],@Tx[1]); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vmovdqa(eval(16*$Xi)."(%rsp)",@X[$Xi&7]); # X[]+K xfer to IALU - eval(shift(@insns)); - eval(shift(@insns)); - - foreach (@insns) { eval; } - $Xi++; -} - -sub Xtail_avx() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 32 instructions - my ($a,$b,$c,$d,$e); - - foreach (@insns) { eval; } -} - -$code.=<<___; -.align 16 -.Loop_avx: -___ - &Xupdate_avx_16_31(\&body_00_19); - &Xupdate_avx_16_31(\&body_00_19); - &Xupdate_avx_16_31(\&body_00_19); - &Xupdate_avx_16_31(\&body_00_19); - &Xupdate_avx_32_79(\&body_00_19); - &Xupdate_avx_32_79(\&body_20_39); - &Xupdate_avx_32_79(\&body_20_39); - &Xupdate_avx_32_79(\&body_20_39); - &Xupdate_avx_32_79(\&body_20_39); - &Xupdate_avx_32_79(\&body_20_39); - &Xupdate_avx_32_79(\&body_40_59); - &Xupdate_avx_32_79(\&body_40_59); - &Xupdate_avx_32_79(\&body_40_59); - &Xupdate_avx_32_79(\&body_40_59); - &Xupdate_avx_32_79(\&body_40_59); - &Xupdate_avx_32_79(\&body_20_39); - &Xuplast_avx_80(\&body_20_39); # can jump to "done" - - $saved_j=$j; @saved_V=@V; - $saved_r=$r; @saved_rndkey=@rndkey; - - &Xloop_avx(\&body_20_39); - &Xloop_avx(\&body_20_39); - &Xloop_avx(\&body_20_39); - -$code.=<<___; - vmovups $iv,48($out,$in0) # write output - lea 64($in0),$in0 - - add 0($ctx),$A # update context - add 4($ctx),@T[0] - add 8($ctx),$C - add 12($ctx),$D - mov $A,0($ctx) - add 16($ctx),$E - mov @T[0],4($ctx) - mov @T[0],$B # magic seed - mov $C,8($ctx) - mov $D,12($ctx) - mov $E,16($ctx) - jmp .Loop_avx - -.align 16 -.Ldone_avx: -___ - $jj=$j=$saved_j; @V=@saved_V; - $r=$saved_r; @rndkey=@saved_rndkey; - - &Xtail_avx(\&body_20_39); - &Xtail_avx(\&body_20_39); - &Xtail_avx(\&body_20_39); - -$code.=<<___; - vmovups $iv,48($out,$in0) # write output - mov 88(%rsp),$ivp # restore $ivp - - add 0($ctx),$A # update context - add 4($ctx),@T[0] - add 8($ctx),$C - mov $A,0($ctx) - add 12($ctx),$D - mov @T[0],4($ctx) - add 16($ctx),$E - mov $C,8($ctx) - mov $D,12($ctx) - mov $E,16($ctx) - vmovups $iv,($ivp) # write IV - vzeroall -___ -$code.=<<___ if ($win64); - movaps 96+0(%rsp),%xmm6 - movaps 96+16(%rsp),%xmm7 - movaps 96+32(%rsp),%xmm8 - movaps 96+48(%rsp),%xmm9 - movaps 96+64(%rsp),%xmm10 - movaps 96+80(%rsp),%xmm11 - movaps 96+96(%rsp),%xmm12 - movaps 96+112(%rsp),%xmm13 - movaps 96+128(%rsp),%xmm14 - movaps 96+144(%rsp),%xmm15 -___ -$code.=<<___; - lea `104+($win64?10*16:0)`(%rsp),%rsi - mov 0(%rsi),%r15 - mov 8(%rsi),%r14 - mov 16(%rsi),%r13 - mov 24(%rsi),%r12 - mov 32(%rsi),%rbp - mov 40(%rsi),%rbx - lea 48(%rsi),%rsp -.Lepilogue_avx: - ret -.size aesni_cbc_sha1_enc_avx,.-aesni_cbc_sha1_enc_avx -___ -} -$code.=<<___; -.section .rodata -.align 64 -K_XX_XX: -.long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 # K_00_19 -.long 0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1 # K_20_39 -.long 0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc # K_40_59 -.long 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 # K_60_79 -.long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f # pbswap mask -.align 64 -.text -___ - -# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, -# CONTEXT *context,DISPATCHER_CONTEXT *disp) -if ($win64) { -$rec="%rcx"; -$frame="%rdx"; -$context="%r8"; -$disp="%r9"; - -$code.=<<___; -.extern __imp_RtlVirtualUnwind -.type ssse3_handler,\@abi-omnipotent -.align 16 -ssse3_handler: - _CET_ENDBR - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # prologue label - cmp %r10,%rbx # context->RipRsp - - mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=epilogue label - jae .Lcommon_seh_tail - - lea 96(%rax),%rsi - lea 512($context),%rdi # &context.Xmm6 - mov \$20,%ecx - .long 0xa548f3fc # cld; rep movsq - lea `104+10*16`(%rax),%rax # adjust stack pointer - - mov 0(%rax),%r15 - mov 8(%rax),%r14 - mov 16(%rax),%r13 - mov 24(%rax),%r12 - mov 32(%rax),%rbp - mov 40(%rax),%rbx - lea 48(%rax),%rax - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R15 - -.Lcommon_seh_tail: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$154,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size ssse3_handler,.-ssse3_handler - -.section .pdata -.align 4 - .rva .LSEH_begin_aesni_cbc_sha1_enc_ssse3 - .rva .LSEH_end_aesni_cbc_sha1_enc_ssse3 - .rva .LSEH_info_aesni_cbc_sha1_enc_ssse3 -___ -$code.=<<___ if ($avx); - .rva .LSEH_begin_aesni_cbc_sha1_enc_avx - .rva .LSEH_end_aesni_cbc_sha1_enc_avx - .rva .LSEH_info_aesni_cbc_sha1_enc_avx -___ -$code.=<<___; -.section .xdata -.align 8 -.LSEH_info_aesni_cbc_sha1_enc_ssse3: - .byte 9,0,0,0 - .rva ssse3_handler - .rva .Lprologue_ssse3,.Lepilogue_ssse3 # HandlerData[] -___ -$code.=<<___ if ($avx); -.LSEH_info_aesni_cbc_sha1_enc_avx: - .byte 9,0,0,0 - .rva ssse3_handler - .rva .Lprologue_avx,.Lepilogue_avx # HandlerData[] -___ -} - -#################################################################### -sub rex { - local *opcode=shift; - my ($dst,$src)=@_; - my $rex=0; - - $rex|=0x04 if($dst>=8); - $rex|=0x01 if($src>=8); - push @opcode,$rex|0x40 if($rex); -} - -$code =~ s/\`([^\`]*)\`/eval($1)/gem; - -print $code; -close STDOUT; diff --git a/lib/libcrypto/arch/aarch64/Makefile.inc b/lib/libcrypto/arch/aarch64/Makefile.inc index 82a1e4c6e..d9ab7789b 100644 --- a/lib/libcrypto/arch/aarch64/Makefile.inc +++ b/lib/libcrypto/arch/aarch64/Makefile.inc @@ -1,19 +1,13 @@ -# $OpenBSD: Makefile.inc,v 1.5 2023/04/05 11:07:40 kettenis Exp $ +# $OpenBSD: Makefile.inc,v 1.9 2024/03/28 01:57:00 jsing Exp $ # aarch64-specific libcrypto build rules # aes SRCS+= aes_core.c aes_cbc.c -# bf -SRCS+= bf_enc.c # bn # camellia SRCS+= camellia.c cmll_cbc.c cmll_misc.c -# des -SRCS+= des_enc.c fcrypt_b.c # modes -# rc4 -SRCS+= rc4_enc.c rc4_skey.c # sha # whrlpool SRCS+= wp_block.c diff --git a/lib/libcrypto/arch/alpha/Makefile.inc b/lib/libcrypto/arch/alpha/Makefile.inc index 5e50a5233..2a3bf263b 100644 --- a/lib/libcrypto/arch/alpha/Makefile.inc +++ b/lib/libcrypto/arch/alpha/Makefile.inc @@ -1,23 +1,17 @@ -# $OpenBSD: Makefile.inc,v 1.6 2023/01/31 06:17:10 jsing Exp $ +# $OpenBSD: Makefile.inc,v 1.10 2024/03/28 01:57:00 jsing Exp $ # alpha-specific libcrypto build rules # aes -SRCS+= aes_core.c aes_cbc.c -# bf -SRCS+= bf_enc.c +SRCS+= aes_core.c aes_cbc.c # bn SSLASM+= bn alpha-mont CFLAGS+= -DOPENSSL_BN_ASM_MONT # camellia SRCS+= camellia.c cmll_cbc.c cmll_misc.c -# des -SRCS+= des_enc.c fcrypt_b.c # modes CFLAGS+= -DGHASH_ASM SSLASM+= modes ghash-alpha -# rc4 -SRCS+= rc4_enc.c rc4_skey.c # sha CFLAGS+= -DSHA1_ASM SSLASM+= sha sha1-alpha diff --git a/lib/libcrypto/arch/amd64/Makefile.inc b/lib/libcrypto/arch/amd64/Makefile.inc index a181d05d9..40ba3c063 100644 --- a/lib/libcrypto/arch/amd64/Makefile.inc +++ b/lib/libcrypto/arch/amd64/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.13 2023/04/15 18:23:54 tb Exp $ +# $OpenBSD: Makefile.inc,v 1.18 2024/03/28 01:57:00 jsing Exp $ # amd64-specific libcrypto build rules @@ -13,9 +13,6 @@ SSLASM+= aes bsaes-x86_64 CFLAGS+= -DVPAES_ASM SSLASM+= aes vpaes-x86_64 SSLASM+= aes aesni-x86_64 -SSLASM+= aes aesni-sha1-x86_64 -# bf -SRCS+= bf_enc.c # bn CFLAGS+= -DOPENSSL_IA32_SSE2 CFLAGS+= -DRSA_ASM @@ -42,8 +39,6 @@ SRCS += word_clz.S # camellia SRCS+= cmll_misc.c SSLASM+= camellia cmll-x86_64 -# des -SRCS+= des_enc.c fcrypt_b.c # md5 CFLAGS+= -DMD5_ASM SSLASM+= md5 md5-x86_64 @@ -51,9 +46,9 @@ SSLASM+= md5 md5-x86_64 CFLAGS+= -DGHASH_ASM SSLASM+= modes ghash-x86_64 # rc4 -CFLAGS+= -DRC4_MD5_ASM +CFLAGS+= -DHAVE_RC4_INTERNAL +CFLAGS+= -DHAVE_RC4_SET_KEY_INTERNAL SSLASM+= rc4 rc4-x86_64 -SSLASM+= rc4 rc4-md5-x86_64 # ripemd # sha CFLAGS+= -DSHA1_ASM diff --git a/lib/libcrypto/arch/arm/Makefile.inc b/lib/libcrypto/arch/arm/Makefile.inc index ee96f276d..e7631c99c 100644 --- a/lib/libcrypto/arch/arm/Makefile.inc +++ b/lib/libcrypto/arch/arm/Makefile.inc @@ -6,20 +6,14 @@ SRCS+= aes_cbc.c CFLAGS+= -DAES_ASM SSLASM+= aes aes-armv4 -# bf -SRCS+= bf_enc.c # bn CFLAGS+= -DOPENSSL_BN_ASM_MONT SSLASM+= bn armv4-mont # camellia SRCS+= camellia.c cmll_cbc.c cmll_misc.c -# des -SRCS+= des_enc.c fcrypt_b.c # modes CFLAGS+= -DGHASH_ASM SSLASM+= modes ghash-armv4 -# rc4 -SRCS+= rc4_enc.c rc4_skey.c # sha CFLAGS+= -DSHA1_ASM SSLASM+= sha sha1-armv4-large diff --git a/lib/libcrypto/arch/hppa/Makefile.inc b/lib/libcrypto/arch/hppa/Makefile.inc index 8449bf569..7ef95002b 100644 --- a/lib/libcrypto/arch/hppa/Makefile.inc +++ b/lib/libcrypto/arch/hppa/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.14 2023/01/31 06:17:10 jsing Exp $ +# $OpenBSD: Makefile.inc,v 1.19 2024/03/28 01:57:00 jsing Exp $ # hppa-specific libcrypto build rules @@ -6,24 +6,14 @@ SRCS+= aes_core.c aes_cbc.c CFLAGS+= -DAES_ASM SSLASM+= aes aes-parisc aes-parisc -# bf -SRCS+= bf_enc.c # bn SSLASM+= bn parisc-mont parisc-mont CFLAGS+= -DOPENSSL_BN_ASM_MONT -DBN_DIV2W # camellia SRCS+= camellia.c cmll_cbc.c cmll_misc.c -# des -SRCS+= des_enc.c fcrypt_b.c # modes CFLAGS+= -DGHASH_ASM SSLASM+= modes ghash-parisc ghash-parisc -# rc4 -.if 0 # about 35% slower than C code -SSLASM+= rc4 rc4-parisc rc4-parisc -.else -SRCS+= rc4_enc.c rc4_skey.c -.endif # sha CFLAGS+= -DSHA1_ASM SSLASM+= sha sha1-parisc sha1-parisc diff --git a/lib/libcrypto/arch/i386/Makefile.inc b/lib/libcrypto/arch/i386/Makefile.inc index 96fc2d097..aedd1d768 100644 --- a/lib/libcrypto/arch/i386/Makefile.inc +++ b/lib/libcrypto/arch/i386/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.9 2023/04/15 18:23:54 tb Exp $ +# $OpenBSD: Makefile.inc,v 1.15 2024/03/28 01:57:00 jsing Exp $ # i386-specific libcrypto build rules @@ -11,9 +11,6 @@ SSLASM+= aes aes-586 CFLAGS+= -DVPAES_ASM SSLASM+= aes vpaes-x86 SSLASM+= aes aesni-x86 -# bf -SRCS+= bf_cbc.c -SSLASM+= bf bf-586 # bn CFLAGS+= -DOPENSSL_IA32_SSE2 SSLASM+= bn bn-586 @@ -22,9 +19,6 @@ CFLAGS+= -DOPENSSL_BN_ASM_MONT SSLASM+= bn x86-mont # camellia SSLASM+= camellia cmll-x86 -# des -SRCS+= fcrypt_b.c -SSLASM+= des des-586 # md5 CFLAGS+= -DMD5_ASM SSLASM+= md5 md5-586 @@ -32,10 +26,9 @@ SSLASM+= md5 md5-586 CFLAGS+= -DGHASH_ASM SSLASM+= modes ghash-x86 # rc4 +CFLAGS+= -DHAVE_RC4_INTERNAL +CFLAGS+= -DHAVE_RC4_SET_KEY_INTERNAL SSLASM+= rc4 rc4-586 -# ripemd -CFLAGS+= -DRMD160_ASM -SSLASM+= ripemd rmd-586 # sha CFLAGS+= -DSHA1_ASM SSLASM+= sha sha1-586 diff --git a/lib/libcrypto/arch/mips64/Makefile.inc b/lib/libcrypto/arch/mips64/Makefile.inc index da9e7f479..e8f39de7d 100644 --- a/lib/libcrypto/arch/mips64/Makefile.inc +++ b/lib/libcrypto/arch/mips64/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.7 2023/01/20 10:07:52 jsing Exp $ +# $OpenBSD: Makefile.inc,v 1.11 2024/03/28 01:57:00 jsing Exp $ # mips64-specific libcrypto build rules @@ -6,18 +6,12 @@ SRCS+= aes_cbc.c CFLAGS+= -DAES_ASM SSLASM+= aes aes-mips aes-mips -# bf -SRCS+= bf_enc.c # bn SSLASM+= bn mips bn-mips SSLASM+= bn mips-mont mips-mont CFLAGS+= -DOPENSSL_BN_ASM_MONT # camellia SRCS+= camellia.c cmll_cbc.c cmll_misc.c -# des -SRCS+= des_enc.c fcrypt_b.c -# rc4 -SRCS+= rc4_enc.c rc4_skey.c # sha SSLASM+= sha sha1-mips sha1-mips CFLAGS+= -DSHA1_ASM diff --git a/lib/libcrypto/arch/powerpc/Makefile.inc b/lib/libcrypto/arch/powerpc/Makefile.inc index 3457e04c9..510b9a9c1 100644 --- a/lib/libcrypto/arch/powerpc/Makefile.inc +++ b/lib/libcrypto/arch/powerpc/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.4 2023/01/17 15:04:27 miod Exp $ +# $OpenBSD: Makefile.inc,v 1.8 2024/03/28 01:57:00 jsing Exp $ # powerpc-specific libcrypto build rules @@ -7,8 +7,6 @@ SRCS+= aes_core.c aes_cbc.c # slower than C code #CFLAGS+= -DAES_ASM #SSLASM+= aes aes-ppc aes-ppc -# bf -SRCS+= bf_enc.c # bn SSLASM+= bn ppc bn-ppc SSLASM+= bn ppc-mont ppc-mont # bn_mul_mont_int @@ -16,10 +14,6 @@ SSLASM+= bn ppc-mont ppc-mont # bn_mul_mont_int CFLAGS+= -DOPENSSL_BN_ASM_MONT # camellia SRCS+= camellia.c cmll_cbc.c cmll_misc.c -# des -SRCS+= des_enc.c fcrypt_b.c -# rc4 -SRCS+= rc4_enc.c rc4_skey.c # sha CFLAGS+= -DSHA1_ASM SSLASM+= sha sha1-ppc sha1-ppc diff --git a/lib/libcrypto/arch/powerpc64/Makefile.inc b/lib/libcrypto/arch/powerpc64/Makefile.inc index 7494e6905..f7b10d193 100644 --- a/lib/libcrypto/arch/powerpc64/Makefile.inc +++ b/lib/libcrypto/arch/powerpc64/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.6 2023/01/31 06:17:10 jsing Exp $ +# $OpenBSD: Makefile.inc,v 1.10 2024/03/28 01:57:00 jsing Exp $ # powerpc-specific libcrypto build rules @@ -7,8 +7,6 @@ SRCS+= aes_core.c aes_cbc.c # slower than C code #CFLAGS+= -DAES_ASM #SSLASM+= aes aes-ppc aes-ppc -# bf -SRCS+= bf_enc.c # bn #SSLASM+= bn ppc bn-ppc #SSLASM+= bn ppc-mont ppc-mont # bn_mul_mont_int @@ -16,10 +14,6 @@ SRCS+= bf_enc.c #CFLAGS+= -DOPENSSL_BN_ASM_MONT # camellia SRCS+= camellia.c cmll_cbc.c cmll_misc.c -# des -SRCS+= des_enc.c fcrypt_b.c -# rc4 -SRCS+= rc4_enc.c rc4_skey.c # sha #CFLAGS+= -DSHA1_ASM #SSLASM+= sha sha1-ppc sha1-ppc diff --git a/lib/libcrypto/arch/riscv64/Makefile.inc b/lib/libcrypto/arch/riscv64/Makefile.inc index 7094746b0..909cc2182 100644 --- a/lib/libcrypto/arch/riscv64/Makefile.inc +++ b/lib/libcrypto/arch/riscv64/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.2 2023/08/25 02:17:41 tb Exp $ +# $OpenBSD: Makefile.inc,v 1.6 2024/03/28 01:57:00 jsing Exp $ # riscv64 libcrypto build rules @@ -6,21 +6,10 @@ SRCS+= aes_core.c SRCS+= aes_cbc.c -# bf -SRCS+= bf_enc.c - # camellia SRCS+= camellia.c SRCS+= cmll_cbc.c SRCS+= cmll_misc.c -# des -SRCS+= des_enc.c -SRCS+= fcrypt_b.c - -# rc4 -SRCS+= rc4_enc.c -SRCS+= rc4_skey.c - # whrlpool SRCS+= wp_block.c diff --git a/lib/libcrypto/arch/sparc64/Makefile.inc b/lib/libcrypto/arch/sparc64/Makefile.inc index 17bbd02ce..3d047e4a4 100644 --- a/lib/libcrypto/arch/sparc64/Makefile.inc +++ b/lib/libcrypto/arch/sparc64/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.8 2023/01/31 06:17:10 jsing Exp $ +# $OpenBSD: Makefile.inc,v 1.13 2024/03/28 01:57:00 jsing Exp $ # sparc64-specific libcrypto build rules @@ -6,22 +6,12 @@ SRCS+= aes_core.c aes_cbc.c CFLAGS+= -DAES_ASM SSLASM+= aes aes-sparcv9 aes-sparcv9 -# bf -SRCS+= bf_enc.c # bn # camellia SRCS+= camellia.c cmll_cbc.c cmll_misc.c -# des -SRCS+= fcrypt_b.c -SRCS+= des_enc-sparc.S -GENERATED+= des_enc-sparc.S -des_enc-sparc.S: ${LCRYPTO_SRC}/des/asm/des_enc.m4 - m4 ${LCRYPTO_SRC}/des/asm/des_enc.m4 > ${.TARGET} # modes CFLAGS+= -DGHASH_ASM SSLASM+= modes ghash-sparcv9 ghash-sparcv9 -# rc4 -SRCS+= rc4_enc.c rc4_skey.c # sha SSLASM+= sha sha1-sparcv9 sha1-sparcv9 CFLAGS+= -DSHA1_ASM diff --git a/lib/libcrypto/asn1/p5_pbe.c b/lib/libcrypto/asn1/p5_pbe.c index 0b628b36d..94daf3bed 100644 --- a/lib/libcrypto/asn1/p5_pbe.c +++ b/lib/libcrypto/asn1/p5_pbe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p5_pbe.c,v 1.26 2024/03/02 10:17:37 tb Exp $ */ +/* $OpenBSD: p5_pbe.c,v 1.27 2024/03/28 00:44:26 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -127,8 +127,7 @@ PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, ASN1_STRING *pbe_str = NULL; unsigned char *sstr; - pbe = PBEPARAM_new(); - if (!pbe) { + if ((pbe = PBEPARAM_new()) == NULL) { ASN1error(ERR_R_MALLOC_FAILURE); goto err; } diff --git a/lib/libcrypto/bf/asm/bf-586.pl b/lib/libcrypto/bf/asm/bf-586.pl deleted file mode 100644 index 1f9b345ae..000000000 --- a/lib/libcrypto/bf/asm/bf-586.pl +++ /dev/null @@ -1,137 +0,0 @@ -#!/usr/local/bin/perl - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86asm.pl"; -require "cbc.pl"; - -&asm_init($ARGV[0],"bf-586.pl",$ARGV[$#ARGV] eq "386"); - -$BF_ROUNDS=16; -$BF_OFF=($BF_ROUNDS+2)*4; -$L="edi"; -$R="esi"; -$P="ebp"; -$tmp1="eax"; -$tmp2="ebx"; -$tmp3="ecx"; -$tmp4="edx"; - -&BF_encrypt("BF_encrypt",1); -&BF_encrypt("BF_decrypt",0); -&cbc("BF_cbc_encrypt","BF_encrypt","BF_decrypt",1,4,5,3,-1,-1) unless $main'openbsd; -&asm_finish(); - -sub BF_encrypt - { - local($name,$enc)=@_; - - &function_begin_B($name,""); - - &comment(""); - - &push("ebp"); - &push("ebx"); - &mov($tmp2,&wparam(0)); - &mov($P,&wparam(1)); - &push("esi"); - &push("edi"); - - &comment("Load the 2 words"); - &mov($L,&DWP(0,$tmp2,"",0)); - &mov($R,&DWP(4,$tmp2,"",0)); - - &xor( $tmp1, $tmp1); - - # encrypting part - - if ($enc) - { - &mov($tmp2,&DWP(0,$P,"",0)); - &xor( $tmp3, $tmp3); - - &xor($L,$tmp2); - for ($i=0; $i<$BF_ROUNDS; $i+=2) - { - &comment(""); - &comment("Round $i"); - &BF_ENCRYPT($i+1,$R,$L,$P,$tmp1,$tmp2,$tmp3,$tmp4,1); - - &comment(""); - &comment("Round ".sprintf("%d",$i+1)); - &BF_ENCRYPT($i+2,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,1); - } - # &mov($tmp1,&wparam(0)); In last loop - &mov($tmp4,&DWP(($BF_ROUNDS+1)*4,$P,"",0)); - } - else - { - &mov($tmp2,&DWP(($BF_ROUNDS+1)*4,$P,"",0)); - &xor( $tmp3, $tmp3); - - &xor($L,$tmp2); - for ($i=$BF_ROUNDS; $i>0; $i-=2) - { - &comment(""); - &comment("Round $i"); - &BF_ENCRYPT($i,$R,$L,$P,$tmp1,$tmp2,$tmp3,$tmp4,0); - &comment(""); - &comment("Round ".sprintf("%d",$i-1)); - &BF_ENCRYPT($i-1,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,0); - } - # &mov($tmp1,&wparam(0)); In last loop - &mov($tmp4,&DWP(0,$P,"",0)); - } - - &xor($R,$tmp4); - &mov(&DWP(4,$tmp1,"",0),$L); - - &mov(&DWP(0,$tmp1,"",0),$R); - &function_end($name); - } - -sub BF_ENCRYPT - { - local($i,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,$enc)=@_; - - &mov( $tmp4, &DWP(&n2a($i*4),$P,"",0)); # for next round - - &mov( $tmp2, $R); - &xor( $L, $tmp4); - - &shr( $tmp2, 16); - &mov( $tmp4, $R); - - &movb( &LB($tmp1), &HB($tmp2)); # A - &and( $tmp2, 0xff); # B - - &movb( &LB($tmp3), &HB($tmp4)); # C - &and( $tmp4, 0xff); # D - - &mov( $tmp1, &DWP(&n2a($BF_OFF+0x0000),$P,$tmp1,4)); - &mov( $tmp2, &DWP(&n2a($BF_OFF+0x0400),$P,$tmp2,4)); - - &add( $tmp2, $tmp1); - &mov( $tmp1, &DWP(&n2a($BF_OFF+0x0800),$P,$tmp3,4)); - - &xor( $tmp2, $tmp1); - &mov( $tmp4, &DWP(&n2a($BF_OFF+0x0C00),$P,$tmp4,4)); - - &add( $tmp2, $tmp4); - if (($enc && ($i != 16)) || ((!$enc) && ($i != 1))) - { &xor( $tmp1, $tmp1); } - else - { - &comment("Load parameter 0 ($i) enc=$enc"); - &mov($tmp1,&wparam(0)); - } # In last loop - - &xor( $L, $tmp2); - # delay - } - -sub n2a - { - sprintf("%d",$_[0]); - } - diff --git a/lib/libcrypto/bf/bf_cbc.c b/lib/libcrypto/bf/bf_cbc.c deleted file mode 100644 index 044bd19ed..000000000 --- a/lib/libcrypto/bf/bf_cbc.c +++ /dev/null @@ -1,137 +0,0 @@ -/* $OpenBSD: bf_cbc.c,v 1.8 2022/11/26 16:08:51 tb Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include "bf_local.h" - -void -BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, - const BF_KEY *schedule, unsigned char *ivec, int encrypt) -{ - BF_LONG tin0, tin1; - BF_LONG tout0, tout1, xor0, xor1; - long l = length; - BF_LONG tin[2]; - - if (encrypt) { - n2l(ivec, tout0); - n2l(ivec, tout1); - ivec -= 8; - for (l -= 8; l >= 0; l -= 8) { - n2l(in, tin0); - n2l(in, tin1); - tin0 ^= tout0; - tin1 ^= tout1; - tin[0] = tin0; - tin[1] = tin1; - BF_encrypt(tin, schedule); - tout0 = tin[0]; - tout1 = tin[1]; - l2n(tout0, out); - l2n(tout1, out); - } - if (l != -8) { - n2ln(in, tin0, tin1, l + 8); - tin0 ^= tout0; - tin1 ^= tout1; - tin[0] = tin0; - tin[1] = tin1; - BF_encrypt(tin, schedule); - tout0 = tin[0]; - tout1 = tin[1]; - l2n(tout0, out); - l2n(tout1, out); - } - l2n(tout0, ivec); - l2n(tout1, ivec); - } else { - n2l(ivec, xor0); - n2l(ivec, xor1); - ivec -= 8; - for (l -= 8; l >= 0; l -= 8) { - n2l(in, tin0); - n2l(in, tin1); - tin[0] = tin0; - tin[1] = tin1; - BF_decrypt(tin, schedule); - tout0 = tin[0]^xor0; - tout1 = tin[1]^xor1; - l2n(tout0, out); - l2n(tout1, out); - xor0 = tin0; - xor1 = tin1; - } - if (l != -8) { - n2l(in, tin0); - n2l(in, tin1); - tin[0] = tin0; - tin[1] = tin1; - BF_decrypt(tin, schedule); - tout0 = tin[0]^xor0; - tout1 = tin[1]^xor1; - l2nn(tout0, tout1, out, l + 8); - xor0 = tin0; - xor1 = tin1; - } - l2n(xor0, ivec); - l2n(xor1, ivec); - } - tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; - tin[0] = tin[1] = 0; -} diff --git a/lib/libcrypto/bf/bf_cfb64.c b/lib/libcrypto/bf/bf_cfb64.c deleted file mode 100644 index 87dccae26..000000000 --- a/lib/libcrypto/bf/bf_cfb64.c +++ /dev/null @@ -1,124 +0,0 @@ -/* $OpenBSD: bf_cfb64.c,v 1.8 2022/11/26 16:08:51 tb Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include "bf_local.h" - -/* - * The input and output encrypted as though 64bit cfb mode is being - * used. The extra state information to record how much of the - * 64bit block we have used is contained in *num; - */ - -void -BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length, - const BF_KEY *schedule, unsigned char *ivec, int *num, int encrypt) -{ - BF_LONG v0, v1, t; - int n= *num; - long l = length; - BF_LONG ti[2]; - unsigned char *iv, c, cc; - - iv = (unsigned char *)ivec; - if (encrypt) { - while (l--) { - if (n == 0) { - n2l(iv, v0); - ti[0] = v0; - n2l(iv, v1); - ti[1] = v1; - BF_encrypt((BF_LONG *)ti, schedule); - iv = (unsigned char *)ivec; - t = ti[0]; - l2n(t, iv); - t = ti[1]; - l2n(t, iv); - iv = (unsigned char *)ivec; - } - c= *(in++)^iv[n]; - *(out++) = c; - iv[n] = c; - n = (n + 1)&0x07; - } - } else { - while (l--) { - if (n == 0) { - n2l(iv, v0); - ti[0] = v0; - n2l(iv, v1); - ti[1] = v1; - BF_encrypt((BF_LONG *)ti, schedule); - iv = (unsigned char *)ivec; - t = ti[0]; - l2n(t, iv); - t = ti[1]; - l2n(t, iv); - iv = (unsigned char *)ivec; - } - cc= *(in++); - c = iv[n]; - iv[n] = cc; - *(out++) = c^cc; - n = (n + 1)&0x07; - } - } - v0 = v1 = ti[0] = ti[1] = t=c = cc = 0; - *num = n; -} diff --git a/lib/libcrypto/bf/bf_ecb.c b/lib/libcrypto/bf/bf_ecb.c deleted file mode 100644 index eda6f193b..000000000 --- a/lib/libcrypto/bf/bf_ecb.c +++ /dev/null @@ -1,89 +0,0 @@ -/* $OpenBSD: bf_ecb.c,v 1.10 2023/07/28 10:35:14 tb Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include - -#include "bf_local.h" - -/* - * Blowfish as implemented from 'Blowfish: Springer-Verlag paper' - * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, - * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993) - */ - -void -BF_ecb_encrypt(const unsigned char *in, unsigned char *out, - const BF_KEY *key, int encrypt) -{ - BF_LONG l, d[2]; - - n2l(in, l); - d[0] = l; - n2l(in, l); - d[1] = l; - if (encrypt) - BF_encrypt(d, key); - else - BF_decrypt(d, key); - l = d[0]; - l2n(l, out); - l = d[1]; - l2n(l, out); - l = d[0] = d[1] = 0; -} diff --git a/lib/libcrypto/bf/bf_enc.c b/lib/libcrypto/bf/bf_enc.c deleted file mode 100644 index bbefe7d52..000000000 --- a/lib/libcrypto/bf/bf_enc.c +++ /dev/null @@ -1,304 +0,0 @@ -/* $OpenBSD: bf_enc.c,v 1.9 2022/11/26 16:08:51 tb Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include "bf_local.h" - -/* - * Blowfish as implemented from 'Blowfish: Springer-Verlag paper' - * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, - * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993) - */ - -#if (BF_ROUNDS != 16) && (BF_ROUNDS != 20) -#error If you set BF_ROUNDS to some value other than 16 or 20, you will have \ -to modify the code. -#endif - -void -BF_encrypt(BF_LONG *data, const BF_KEY *key) -{ -#ifndef BF_PTR2 - BF_LONG l, r; - const BF_LONG *p, *s; - - p = key->P; - s = &(key->S[0]); - l = data[0]; - r = data[1]; - - l ^= p[0]; - BF_ENC(r, l,s, p[1]); - BF_ENC(l, r,s, p[2]); - BF_ENC(r, l,s, p[3]); - BF_ENC(l, r,s, p[4]); - BF_ENC(r, l,s, p[5]); - BF_ENC(l, r,s, p[6]); - BF_ENC(r, l,s, p[7]); - BF_ENC(l, r,s, p[8]); - BF_ENC(r, l,s, p[9]); - BF_ENC(l, r,s, p[10]); - BF_ENC(r, l,s, p[11]); - BF_ENC(l, r,s, p[12]); - BF_ENC(r, l,s, p[13]); - BF_ENC(l, r,s, p[14]); - BF_ENC(r, l,s, p[15]); - BF_ENC(l, r,s, p[16]); -#if BF_ROUNDS == 20 - BF_ENC(r, l,s, p[17]); - BF_ENC(l, r,s, p[18]); - BF_ENC(r, l,s, p[19]); - BF_ENC(l, r,s, p[20]); -#endif - r ^= p[BF_ROUNDS + 1]; - - data[1] = l&0xffffffffL; - data[0] = r&0xffffffffL; -#else - BF_LONG l, r,t, *k; - - l = data[0]; - r = data[1]; - k = (BF_LONG*)key; - - l ^= k[0]; - BF_ENC(r, l, k, 1); - BF_ENC(l, r, k, 2); - BF_ENC(r, l, k, 3); - BF_ENC(l, r, k, 4); - BF_ENC(r, l, k, 5); - BF_ENC(l, r, k, 6); - BF_ENC(r, l, k, 7); - BF_ENC(l, r, k, 8); - BF_ENC(r, l, k, 9); - BF_ENC(l, r,k, 10); - BF_ENC(r, l,k, 11); - BF_ENC(l, r,k, 12); - BF_ENC(r, l,k, 13); - BF_ENC(l, r,k, 14); - BF_ENC(r, l,k, 15); - BF_ENC(l, r,k, 16); -#if BF_ROUNDS == 20 - BF_ENC(r, l,k, 17); - BF_ENC(l, r,k, 18); - BF_ENC(r, l,k, 19); - BF_ENC(l, r,k, 20); -#endif - r ^= k[BF_ROUNDS + 1]; - - data[1] = l&0xffffffffL; - data[0] = r&0xffffffffL; -#endif -} - -#ifndef BF_DEFAULT_OPTIONS - -void -BF_decrypt(BF_LONG *data, const BF_KEY *key) -{ -#ifndef BF_PTR2 - BF_LONG l, r; - const BF_LONG *p, *s; - - p = key->P; - s = &(key->S[0]); - l = data[0]; - r = data[1]; - - l ^= p[BF_ROUNDS + 1]; -#if BF_ROUNDS == 20 - BF_ENC(r, l,s, p[20]); - BF_ENC(l, r,s, p[19]); - BF_ENC(r, l,s, p[18]); - BF_ENC(l, r,s, p[17]); -#endif - BF_ENC(r, l,s, p[16]); - BF_ENC(l, r,s, p[15]); - BF_ENC(r, l,s, p[14]); - BF_ENC(l, r,s, p[13]); - BF_ENC(r, l,s, p[12]); - BF_ENC(l, r,s, p[11]); - BF_ENC(r, l,s, p[10]); - BF_ENC(l, r,s, p[9]); - BF_ENC(r, l,s, p[8]); - BF_ENC(l, r,s, p[7]); - BF_ENC(r, l,s, p[6]); - BF_ENC(l, r,s, p[5]); - BF_ENC(r, l,s, p[4]); - BF_ENC(l, r,s, p[3]); - BF_ENC(r, l,s, p[2]); - BF_ENC(l, r,s, p[1]); - r ^= p[0]; - - data[1] = l&0xffffffffL; - data[0] = r&0xffffffffL; -#else - BF_LONG l, r,t, *k; - - l = data[0]; - r = data[1]; - k = (BF_LONG *)key; - - l ^= k[BF_ROUNDS + 1]; -#if BF_ROUNDS == 20 - BF_ENC(r, l,k, 20); - BF_ENC(l, r,k, 19); - BF_ENC(r, l,k, 18); - BF_ENC(l, r,k, 17); -#endif - BF_ENC(r, l,k, 16); - BF_ENC(l, r,k, 15); - BF_ENC(r, l,k, 14); - BF_ENC(l, r,k, 13); - BF_ENC(r, l,k, 12); - BF_ENC(l, r,k, 11); - BF_ENC(r, l,k, 10); - BF_ENC(l, r, k, 9); - BF_ENC(r, l, k, 8); - BF_ENC(l, r, k, 7); - BF_ENC(r, l, k, 6); - BF_ENC(l, r, k, 5); - BF_ENC(r, l, k, 4); - BF_ENC(l, r, k, 3); - BF_ENC(r, l, k, 2); - BF_ENC(l, r, k, 1); - r ^= k[0]; - - data[1] = l&0xffffffffL; - data[0] = r&0xffffffffL; -#endif -} - -void -BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, - const BF_KEY *schedule, unsigned char *ivec, int encrypt) -{ - BF_LONG tin0, tin1; - BF_LONG tout0, tout1, xor0, xor1; - long l = length; - BF_LONG tin[2]; - - if (encrypt) { - n2l(ivec, tout0); - n2l(ivec, tout1); - ivec -= 8; - for (l -= 8; l >= 0; l -= 8) { - n2l(in, tin0); - n2l(in, tin1); - tin0 ^= tout0; - tin1 ^= tout1; - tin[0] = tin0; - tin[1] = tin1; - BF_encrypt(tin, schedule); - tout0 = tin[0]; - tout1 = tin[1]; - l2n(tout0, out); - l2n(tout1, out); - } - if (l != -8) { - n2ln(in, tin0, tin1, l + 8); - tin0 ^= tout0; - tin1 ^= tout1; - tin[0] = tin0; - tin[1] = tin1; - BF_encrypt(tin, schedule); - tout0 = tin[0]; - tout1 = tin[1]; - l2n(tout0, out); - l2n(tout1, out); - } - l2n(tout0, ivec); - l2n(tout1, ivec); - } else { - n2l(ivec, xor0); - n2l(ivec, xor1); - ivec -= 8; - for (l -= 8; l >= 0; l -= 8) { - n2l(in, tin0); - n2l(in, tin1); - tin[0] = tin0; - tin[1] = tin1; - BF_decrypt(tin, schedule); - tout0 = tin[0]^xor0; - tout1 = tin[1]^xor1; - l2n(tout0, out); - l2n(tout1, out); - xor0 = tin0; - xor1 = tin1; - } - if (l != -8) { - n2l(in, tin0); - n2l(in, tin1); - tin[0] = tin0; - tin[1] = tin1; - BF_decrypt(tin, schedule); - tout0 = tin[0]^xor0; - tout1 = tin[1]^xor1; - l2nn(tout0, tout1, out, l + 8); - xor0 = tin0; - xor1 = tin1; - } - l2n(xor0, ivec); - l2n(xor1, ivec); - } - tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; - tin[0] = tin[1] = 0; -} - -#endif diff --git a/lib/libcrypto/bf/bf_local.h b/lib/libcrypto/bf/bf_local.h index 1cc29525d..8fc5a5dbd 100644 --- a/lib/libcrypto/bf/bf_local.h +++ b/lib/libcrypto/bf/bf_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bf_local.h,v 1.1 2022/11/26 16:08:51 tb Exp $ */ +/* $OpenBSD: bf_local.h,v 1.3 2024/03/27 11:54:29 jsing Exp $ */ /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,54 +56,10 @@ * [including the GNU Public Licence.] */ +#include /* BF_PTR */ + #ifndef HEADER_BF_LOCL_H #define HEADER_BF_LOCL_H -#include /* BF_PTR, BF_PTR2 */ - -#undef c2l -#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<<24L) - -/* NOTE - c is not incremented as per c2l */ -#undef c2ln -#define c2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c))))<<24L; \ - case 7: l2|=((unsigned long)(*(--(c))))<<16L; \ - case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \ - case 5: l2|=((unsigned long)(*(--(c)))); \ - case 4: l1 =((unsigned long)(*(--(c))))<<24L; \ - case 3: l1|=((unsigned long)(*(--(c))))<<16L; \ - case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \ - case 1: l1|=((unsigned long)(*(--(c)))); \ - } \ - } - -#undef l2c -#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24L)&0xff)) - -/* NOTE - c is not incremented as per l2c */ -#undef l2cn -#define l2cn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ - case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ - case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ - case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ - case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ - case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ - case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ - case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ - } \ - } /* NOTE - c is not incremented as per n2l */ #define n2ln(c,l1,l2,n) { \ @@ -151,26 +107,7 @@ /* This is actually a big endian algorithm, the most significant byte * is used to lookup array 0 */ -#if defined(BF_PTR2) - -/* - * This is basically a special Intel version. Point is that Intel - * doesn't have many registers, but offers a reach choice of addressing - * modes. So we spare some registers by directly traversing BF_KEY - * structure and hiring the most decorated addressing mode. The code - * generated by EGCS is *perfectly* competitive with assembler - * implementation! - */ -#define BF_ENC(LL,R,KEY,Pi) (\ - LL^=KEY[Pi], \ - t= KEY[BF_ROUNDS+2 + 0 + ((R>>24)&0xFF)], \ - t+= KEY[BF_ROUNDS+2 + 256 + ((R>>16)&0xFF)], \ - t^= KEY[BF_ROUNDS+2 + 512 + ((R>>8 )&0xFF)], \ - t+= KEY[BF_ROUNDS+2 + 768 + ((R )&0xFF)], \ - LL^=t \ - ) - -#elif defined(BF_PTR) +#if defined(BF_PTR) #ifndef BF_LONG_LOG2 #define BF_LONG_LOG2 2 /* default to BF_LONG being 32 bits */ diff --git a/lib/libcrypto/bf/bf_ofb64.c b/lib/libcrypto/bf/bf_ofb64.c deleted file mode 100644 index 8fe247826..000000000 --- a/lib/libcrypto/bf/bf_ofb64.c +++ /dev/null @@ -1,111 +0,0 @@ -/* $OpenBSD: bf_ofb64.c,v 1.8 2022/11/26 16:08:51 tb Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include "bf_local.h" - -/* - * The input and output encrypted as though 64bit ofb mode is being - * used. The extra state information to record how much of the - * 64bit block we have used is contained in *num; - */ -void -BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length, - const BF_KEY *schedule, unsigned char *ivec, int *num) -{ - BF_LONG v0, v1, t; - int n= *num; - long l = length; - unsigned char d[8]; - char *dp; - BF_LONG ti[2]; - unsigned char *iv; - int save = 0; - - iv = (unsigned char *)ivec; - n2l(iv, v0); - n2l(iv, v1); - ti[0] = v0; - ti[1] = v1; - dp = (char *)d; - l2n(v0, dp); - l2n(v1, dp); - while (l--) { - if (n == 0) { - BF_encrypt((BF_LONG *)ti, schedule); - dp = (char *)d; - t = ti[0]; - l2n(t, dp); - t = ti[1]; - l2n(t, dp); - save++; - } - *(out++)= *(in++)^d[n]; - n = (n + 1)&0x07; - } - if (save) { - v0 = ti[0]; - v1 = ti[1]; - iv = (unsigned char *)ivec; - l2n(v0, iv); - l2n(v1, iv); - } - t = v0 = v1 = ti[0] = ti[1] = 0; - *num = n; -} diff --git a/lib/libcrypto/bf/bf_skey.c b/lib/libcrypto/bf/blowfish.c similarity index 75% rename from lib/libcrypto/bf/bf_skey.c rename to lib/libcrypto/bf/blowfish.c index cc31034f1..fa6d66fce 100644 --- a/lib/libcrypto/bf/bf_skey.c +++ b/lib/libcrypto/bf/blowfish.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bf_skey.c,v 1.17 2022/11/26 16:08:51 tb Exp $ */ +/* $OpenBSD: blowfish.c,v 1.2 2024/03/27 11:54:29 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,14 +56,23 @@ * [including the GNU Public Licence.] */ -#include -#include - -#include #include +#include + #include "bf_local.h" +/* + * Blowfish as implemented from 'Blowfish: Springer-Verlag paper' + * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, + * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993) + */ + +#if (BF_ROUNDS != 16) && (BF_ROUNDS != 20) +#error If you set BF_ROUNDS to some value other than 16 or 20, you will have \ +to modify the code. +#endif + static const BF_KEY bf_init = { .P = { 0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L, @@ -332,6 +341,298 @@ static const BF_KEY bf_init = { } }; +void +BF_encrypt(BF_LONG *data, const BF_KEY *key) +{ + BF_LONG l, r; + const BF_LONG *p, *s; + + p = key->P; + s = &(key->S[0]); + l = data[0]; + r = data[1]; + + l ^= p[0]; + BF_ENC(r, l,s, p[1]); + BF_ENC(l, r,s, p[2]); + BF_ENC(r, l,s, p[3]); + BF_ENC(l, r,s, p[4]); + BF_ENC(r, l,s, p[5]); + BF_ENC(l, r,s, p[6]); + BF_ENC(r, l,s, p[7]); + BF_ENC(l, r,s, p[8]); + BF_ENC(r, l,s, p[9]); + BF_ENC(l, r,s, p[10]); + BF_ENC(r, l,s, p[11]); + BF_ENC(l, r,s, p[12]); + BF_ENC(r, l,s, p[13]); + BF_ENC(l, r,s, p[14]); + BF_ENC(r, l,s, p[15]); + BF_ENC(l, r,s, p[16]); +#if BF_ROUNDS == 20 + BF_ENC(r, l,s, p[17]); + BF_ENC(l, r,s, p[18]); + BF_ENC(r, l,s, p[19]); + BF_ENC(l, r,s, p[20]); +#endif + r ^= p[BF_ROUNDS + 1]; + + data[1] = l&0xffffffffL; + data[0] = r&0xffffffffL; +} + +#ifndef BF_DEFAULT_OPTIONS + +void +BF_decrypt(BF_LONG *data, const BF_KEY *key) +{ + BF_LONG l, r; + const BF_LONG *p, *s; + + p = key->P; + s = &(key->S[0]); + l = data[0]; + r = data[1]; + + l ^= p[BF_ROUNDS + 1]; +#if BF_ROUNDS == 20 + BF_ENC(r, l,s, p[20]); + BF_ENC(l, r,s, p[19]); + BF_ENC(r, l,s, p[18]); + BF_ENC(l, r,s, p[17]); +#endif + BF_ENC(r, l,s, p[16]); + BF_ENC(l, r,s, p[15]); + BF_ENC(r, l,s, p[14]); + BF_ENC(l, r,s, p[13]); + BF_ENC(r, l,s, p[12]); + BF_ENC(l, r,s, p[11]); + BF_ENC(r, l,s, p[10]); + BF_ENC(l, r,s, p[9]); + BF_ENC(r, l,s, p[8]); + BF_ENC(l, r,s, p[7]); + BF_ENC(r, l,s, p[6]); + BF_ENC(l, r,s, p[5]); + BF_ENC(r, l,s, p[4]); + BF_ENC(l, r,s, p[3]); + BF_ENC(r, l,s, p[2]); + BF_ENC(l, r,s, p[1]); + r ^= p[0]; + + data[1] = l&0xffffffffL; + data[0] = r&0xffffffffL; +} + +void +BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, + const BF_KEY *schedule, unsigned char *ivec, int encrypt) +{ + BF_LONG tin0, tin1; + BF_LONG tout0, tout1, xor0, xor1; + long l = length; + BF_LONG tin[2]; + + if (encrypt) { + n2l(ivec, tout0); + n2l(ivec, tout1); + ivec -= 8; + for (l -= 8; l >= 0; l -= 8) { + n2l(in, tin0); + n2l(in, tin1); + tin0 ^= tout0; + tin1 ^= tout1; + tin[0] = tin0; + tin[1] = tin1; + BF_encrypt(tin, schedule); + tout0 = tin[0]; + tout1 = tin[1]; + l2n(tout0, out); + l2n(tout1, out); + } + if (l != -8) { + n2ln(in, tin0, tin1, l + 8); + tin0 ^= tout0; + tin1 ^= tout1; + tin[0] = tin0; + tin[1] = tin1; + BF_encrypt(tin, schedule); + tout0 = tin[0]; + tout1 = tin[1]; + l2n(tout0, out); + l2n(tout1, out); + } + l2n(tout0, ivec); + l2n(tout1, ivec); + } else { + n2l(ivec, xor0); + n2l(ivec, xor1); + ivec -= 8; + for (l -= 8; l >= 0; l -= 8) { + n2l(in, tin0); + n2l(in, tin1); + tin[0] = tin0; + tin[1] = tin1; + BF_decrypt(tin, schedule); + tout0 = tin[0]^xor0; + tout1 = tin[1]^xor1; + l2n(tout0, out); + l2n(tout1, out); + xor0 = tin0; + xor1 = tin1; + } + if (l != -8) { + n2l(in, tin0); + n2l(in, tin1); + tin[0] = tin0; + tin[1] = tin1; + BF_decrypt(tin, schedule); + tout0 = tin[0]^xor0; + tout1 = tin[1]^xor1; + l2nn(tout0, tout1, out, l + 8); + xor0 = tin0; + xor1 = tin1; + } + l2n(xor0, ivec); + l2n(xor1, ivec); + } + tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; + tin[0] = tin[1] = 0; +} + +/* + * The input and output encrypted as though 64bit cfb mode is being + * used. The extra state information to record how much of the + * 64bit block we have used is contained in *num; + */ + +void +BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length, + const BF_KEY *schedule, unsigned char *ivec, int *num, int encrypt) +{ + BF_LONG v0, v1, t; + int n= *num; + long l = length; + BF_LONG ti[2]; + unsigned char *iv, c, cc; + + iv = (unsigned char *)ivec; + if (encrypt) { + while (l--) { + if (n == 0) { + n2l(iv, v0); + ti[0] = v0; + n2l(iv, v1); + ti[1] = v1; + BF_encrypt((BF_LONG *)ti, schedule); + iv = (unsigned char *)ivec; + t = ti[0]; + l2n(t, iv); + t = ti[1]; + l2n(t, iv); + iv = (unsigned char *)ivec; + } + c= *(in++)^iv[n]; + *(out++) = c; + iv[n] = c; + n = (n + 1)&0x07; + } + } else { + while (l--) { + if (n == 0) { + n2l(iv, v0); + ti[0] = v0; + n2l(iv, v1); + ti[1] = v1; + BF_encrypt((BF_LONG *)ti, schedule); + iv = (unsigned char *)ivec; + t = ti[0]; + l2n(t, iv); + t = ti[1]; + l2n(t, iv); + iv = (unsigned char *)ivec; + } + cc= *(in++); + c = iv[n]; + iv[n] = cc; + *(out++) = c^cc; + n = (n + 1)&0x07; + } + } + v0 = v1 = ti[0] = ti[1] = t=c = cc = 0; + *num = n; +} + +void +BF_ecb_encrypt(const unsigned char *in, unsigned char *out, + const BF_KEY *key, int encrypt) +{ + BF_LONG l, d[2]; + + n2l(in, l); + d[0] = l; + n2l(in, l); + d[1] = l; + if (encrypt) + BF_encrypt(d, key); + else + BF_decrypt(d, key); + l = d[0]; + l2n(l, out); + l = d[1]; + l2n(l, out); + l = d[0] = d[1] = 0; +} + +/* + * The input and output encrypted as though 64bit ofb mode is being + * used. The extra state information to record how much of the + * 64bit block we have used is contained in *num; + */ +void +BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length, + const BF_KEY *schedule, unsigned char *ivec, int *num) +{ + BF_LONG v0, v1, t; + int n= *num; + long l = length; + unsigned char d[8]; + char *dp; + BF_LONG ti[2]; + unsigned char *iv; + int save = 0; + + iv = (unsigned char *)ivec; + n2l(iv, v0); + n2l(iv, v1); + ti[0] = v0; + ti[1] = v1; + dp = (char *)d; + l2n(v0, dp); + l2n(v1, dp); + while (l--) { + if (n == 0) { + BF_encrypt((BF_LONG *)ti, schedule); + dp = (char *)d; + t = ti[0]; + l2n(t, dp); + t = ti[1]; + l2n(t, dp); + save++; + } + *(out++)= *(in++)^d[n]; + n = (n + 1)&0x07; + } + if (save) { + v0 = ti[0]; + v1 = ti[1]; + iv = (unsigned char *)ivec; + l2n(v0, iv); + l2n(v1, iv); + } + t = v0 = v1 = ti[0] = ti[1] = 0; + *num = n; +} + void BF_set_key(BF_KEY *key, int len, const unsigned char *data) { @@ -385,3 +686,4 @@ BF_set_key(BF_KEY *key, int len, const unsigned char *data) p[i + 1] = in[1]; } } +#endif diff --git a/lib/libcrypto/engine/engine_stubs.c b/lib/libcrypto/engine/engine_stubs.c index bd031e49f..055396fba 100644 --- a/lib/libcrypto/engine/engine_stubs.c +++ b/lib/libcrypto/engine/engine_stubs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: engine_stubs.c,v 1.3 2023/11/19 15:47:40 tb Exp $ */ +/* $OpenBSD: engine_stubs.c,v 1.4 2024/03/27 06:08:45 tb Exp $ */ /* * Written by Theo Buehler. Public domain. @@ -10,87 +10,102 @@ void ENGINE_load_builtin_engines(void) { } +LCRYPTO_ALIAS(ENGINE_load_builtin_engines); void ENGINE_load_dynamic(void) { } +LCRYPTO_ALIAS(ENGINE_load_dynamic); void ENGINE_load_openssl(void) { } +LCRYPTO_ALIAS(ENGINE_load_openssl); int ENGINE_register_all_complete(void) { return 0; } +LCRYPTO_ALIAS(ENGINE_register_all_complete); void ENGINE_cleanup(void) { } +LCRYPTO_ALIAS(ENGINE_cleanup); ENGINE * ENGINE_new(void) { return NULL; } +LCRYPTO_ALIAS(ENGINE_new); int ENGINE_free(ENGINE *engine) { return 0; } +LCRYPTO_ALIAS(ENGINE_free); int ENGINE_init(ENGINE *engine) { return 0; } +LCRYPTO_ALIAS(ENGINE_init); int ENGINE_finish(ENGINE *engine) { return 0; } +LCRYPTO_ALIAS(ENGINE_finish); ENGINE * ENGINE_by_id(const char *id) { return NULL; } +LCRYPTO_ALIAS(ENGINE_by_id); const char * ENGINE_get_id(const ENGINE *engine) { return ""; } +LCRYPTO_ALIAS(ENGINE_get_id); const char * ENGINE_get_name(const ENGINE *engine) { return ""; } +LCRYPTO_ALIAS(ENGINE_get_name); int ENGINE_set_default(ENGINE *engine, unsigned int flags) { return 0; } +LCRYPTO_ALIAS(ENGINE_set_default); ENGINE * ENGINE_get_default_RSA(void) { return NULL; } +LCRYPTO_ALIAS(ENGINE_get_default_RSA); int ENGINE_set_default_RSA(ENGINE *engine) { return 0; } +LCRYPTO_ALIAS(ENGINE_set_default_RSA); int ENGINE_ctrl_cmd(ENGINE *engine, const char *cmd_name, long i, void *p, @@ -98,6 +113,7 @@ ENGINE_ctrl_cmd(ENGINE *engine, const char *cmd_name, long i, void *p, { return 0; } +LCRYPTO_ALIAS(ENGINE_ctrl_cmd); int ENGINE_ctrl_cmd_string(ENGINE *engine, const char *cmd, const char *arg, @@ -105,6 +121,7 @@ ENGINE_ctrl_cmd_string(ENGINE *engine, const char *cmd, const char *arg, { return 0; } +LCRYPTO_ALIAS(ENGINE_ctrl_cmd_string); EVP_PKEY * ENGINE_load_private_key(ENGINE *engine, const char *key_id, @@ -112,6 +129,7 @@ ENGINE_load_private_key(ENGINE *engine, const char *key_id, { return NULL; } +LCRYPTO_ALIAS(ENGINE_load_private_key); EVP_PKEY * ENGINE_load_public_key(ENGINE *engine, const char *key_id, @@ -119,3 +137,4 @@ ENGINE_load_public_key(ENGINE *engine, const char *key_id, { return NULL; } +LCRYPTO_ALIAS(ENGINE_load_public_key); diff --git a/lib/libcrypto/evp/m_sigver.c b/lib/libcrypto/evp/m_sigver.c index eea2de49e..d427e05db 100644 --- a/lib/libcrypto/evp/m_sigver.c +++ b/lib/libcrypto/evp/m_sigver.c @@ -1,4 +1,4 @@ -/* $OpenBSD: m_sigver.c,v 1.21 2024/03/27 01:55:40 joshua Exp $ */ +/* $OpenBSD: m_sigver.c,v 1.26 2024/03/27 07:36:59 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -186,25 +186,27 @@ EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen) if ((s = EVP_MD_size(ctx->digest)) < 0) return 0; if (EVP_PKEY_sign(ctx->pctx, NULL, siglen, NULL, s) <= 0) - return 0; + return 0; return 1; } - + /* Use a copy since EVP_DigestFinal_ex() clears secrets. */ if ((md_ctx = EVP_MD_CTX_new()) == NULL) goto err; if (!EVP_MD_CTX_copy_ex(md_ctx, ctx)) goto err; if (md_ctx->pctx->pmeth->signctx != NULL) { - if(md_ctx->pctx->pmeth->signctx(md_ctx->pctx, + if (md_ctx->pctx->pmeth->signctx(md_ctx->pctx, sigret, siglen, md_ctx) <= 0) goto err; + } else { + if (!EVP_DigestFinal_ex(md_ctx, md, &mdlen)) + goto err; + /* Use the original ctx since secrets were cleared. */ + if (EVP_PKEY_sign(ctx->pctx, sigret, siglen, md, mdlen) <= 0) + goto err; } - if (!EVP_DigestFinal_ex(md_ctx, md, &mdlen)) - goto err; - if (EVP_PKEY_sign(ctx->pctx, sigret, siglen, md, mdlen) <= 0) - goto err; ret = 1; diff --git a/lib/libcrypto/evp/p_legacy.c b/lib/libcrypto/evp/p_legacy.c index a444309f1..adb6dc917 100644 --- a/lib/libcrypto/evp/p_legacy.c +++ b/lib/libcrypto/evp/p_legacy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p_legacy.c,v 1.4 2024/03/26 05:22:50 joshua Exp $ */ +/* $OpenBSD: p_legacy.c,v 1.5 2024/03/28 01:42:02 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -99,7 +99,8 @@ EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, int i, size = 0, ret = 0; if (type) { - EVP_CIPHER_CTX_reset(ctx); + if (!EVP_CIPHER_CTX_reset(ctx)) + return 0; if (!EVP_DecryptInit_ex(ctx, type, NULL, NULL, NULL)) return 0; } @@ -154,7 +155,8 @@ EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek, int i, iv_len; if (type) { - EVP_CIPHER_CTX_reset(ctx); + if (!EVP_CIPHER_CTX_reset(ctx)) + return 0; if (!EVP_EncryptInit_ex(ctx, type, NULL, NULL, NULL)) return 0; } diff --git a/lib/libcrypto/hidden/openssl/engine.h b/lib/libcrypto/hidden/openssl/engine.h new file mode 100644 index 000000000..78334779b --- /dev/null +++ b/lib/libcrypto/hidden/openssl/engine.h @@ -0,0 +1,48 @@ +/* $OpenBSD: engine.h,v 1.1 2024/03/27 06:08:45 tb Exp $ */ +/* + * Copyright (c) 2024 Theo Buehler + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _LIBCRYPTO_ENGINE_H +#define _LIBCRYPTO_ENGINE_H + +#ifndef _MSC_VER +#include_next +#else +#include "../include/openssl/engine.h" +#endif +#include "crypto_namespace.h" + +LCRYPTO_USED(ENGINE_load_builtin_engines); +LCRYPTO_USED(ENGINE_load_dynamic); +LCRYPTO_USED(ENGINE_load_openssl); +LCRYPTO_USED(ENGINE_register_all_complete); +LCRYPTO_USED(ENGINE_cleanup); +LCRYPTO_USED(ENGINE_new); +LCRYPTO_USED(ENGINE_free); +LCRYPTO_USED(ENGINE_init); +LCRYPTO_USED(ENGINE_finish); +LCRYPTO_USED(ENGINE_by_id); +LCRYPTO_USED(ENGINE_get_id); +LCRYPTO_USED(ENGINE_get_name); +LCRYPTO_USED(ENGINE_set_default); +LCRYPTO_USED(ENGINE_get_default_RSA); +LCRYPTO_USED(ENGINE_set_default_RSA); +LCRYPTO_USED(ENGINE_ctrl_cmd); +LCRYPTO_USED(ENGINE_ctrl_cmd_string); +LCRYPTO_USED(ENGINE_load_private_key); +LCRYPTO_USED(ENGINE_load_public_key); + +#endif /* _LIBCRYPTO_ENGINE_H */ diff --git a/lib/libcrypto/md4/md4.c b/lib/libcrypto/md4/md4.c index 1889c6fac..f25595c15 100644 --- a/lib/libcrypto/md4/md4.c +++ b/lib/libcrypto/md4/md4.c @@ -1,4 +1,4 @@ -/* $OpenBSD: md4.c,v 1.15 2024/03/26 12:23:02 jsing Exp $ */ +/* $OpenBSD: md4.c,v 1.16 2024/03/27 06:15:18 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -57,6 +57,7 @@ */ #include +#include #include #include @@ -69,61 +70,46 @@ /* Ensure that MD4_LONG and uint32_t are equivalent size. */ CTASSERT(sizeof(MD4_LONG) == sizeof(uint32_t)); -__BEGIN_HIDDEN_DECLS +static inline uint32_t +md4_f(uint32_t x, uint32_t y, uint32_t z) +{ + return (x & y) | (~x & z); +} -void md4_block_data_order (MD4_CTX *c, const void *p, size_t num); +static inline uint32_t +md4_g(uint32_t x, uint32_t y, uint32_t z) +{ + return (x & y) | (x & z) | (y & z); +} -__END_HIDDEN_DECLS +static inline uint32_t +md4_h(uint32_t x, uint32_t y, uint32_t z) +{ + return x ^ y ^ z; +} -#define DATA_ORDER_IS_LITTLE_ENDIAN +static inline void +md4_round1(uint32_t *a, uint32_t b, uint32_t c, uint32_t d, uint32_t x, + uint32_t s) +{ + *a = crypto_rol_u32(*a + md4_f(b, c, d) + x, s); +} -#define HASH_LONG MD4_LONG -#define HASH_CTX MD4_CTX -#define HASH_CBLOCK MD4_CBLOCK -#define HASH_UPDATE MD4_Update -#define HASH_TRANSFORM MD4_Transform -#define HASH_FINAL MD4_Final -#define HASH_BLOCK_DATA_ORDER md4_block_data_order +static inline void +md4_round2(uint32_t *a, uint32_t b, uint32_t c, uint32_t d, uint32_t x, + uint32_t s) +{ + *a = crypto_rol_u32(*a + md4_g(b, c, d) + x + 0x5a827999UL, s); +} -#define HASH_NO_UPDATE -#define HASH_NO_TRANSFORM -#define HASH_NO_FINAL +static inline void +md4_round3(uint32_t *a, uint32_t b, uint32_t c, uint32_t d, uint32_t x, + uint32_t s) +{ + *a = crypto_rol_u32(*a + md4_h(b, c, d) + x + 0x6ed9eba1UL, s); +} -#include "md32_common.h" - -/* -#define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) -#define G(x,y,z) (((x) & (y)) | ((x) & ((z))) | ((y) & ((z)))) -*/ - -/* As pointed out by Wei Dai , the above can be - * simplified to the code below. Wei attributes these optimizations - * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel. - */ -#define F(b,c,d) ((((c) ^ (d)) & (b)) ^ (d)) -#define G(b,c,d) (((b) & (c)) | ((b) & (d)) | ((c) & (d))) -#define H(b,c,d) ((b) ^ (c) ^ (d)) - -#define R0(a,b,c,d,k,s,t) { \ - a+=((k)+(t)+F((b),(c),(d))); \ - a=ROTATE(a,s); }; - -#define R1(a,b,c,d,k,s,t) { \ - a+=((k)+(t)+G((b),(c),(d))); \ - a=ROTATE(a,s); };\ - -#define R2(a,b,c,d,k,s,t) { \ - a+=((k)+(t)+H((b),(c),(d))); \ - a=ROTATE(a,s); }; - -/* Implemented from RFC1186 The MD4 Message-Digest Algorithm - */ - -#ifndef md4_block_data_order -#ifdef X -#undef X -#endif -void +static void md4_block_data_order(MD4_CTX *c, const void *_in, size_t num) { const uint8_t *in = _in; @@ -178,59 +164,58 @@ md4_block_data_order(MD4_CTX *c, const void *_in, size_t num) } in += MD4_CBLOCK; - /* Round 0 */ - R0(A, B, C, D, X0, 3, 0); - R0(D, A, B, C, X1, 7, 0); - R0(C, D, A, B, X2, 11, 0); - R0(B, C, D, A, X3, 19, 0); - R0(A, B, C, D, X4, 3, 0); - R0(D, A, B, C, X5, 7, 0); - R0(C, D, A, B, X6, 11, 0); - R0(B, C, D, A, X7, 19, 0); - R0(A, B, C, D, X8, 3, 0); - R0(D, A,B, C,X9, 7, 0); - R0(C, D,A, B,X10, 11, 0); - R0(B, C,D, A,X11, 19, 0); - R0(A, B,C, D,X12, 3, 0); - R0(D, A,B, C,X13, 7, 0); - R0(C, D,A, B,X14, 11, 0); - R0(B, C,D, A,X15, 19, 0); + md4_round1(&A, B, C, D, X0, 3); + md4_round1(&D, A, B, C, X1, 7); + md4_round1(&C, D, A, B, X2, 11); + md4_round1(&B, C, D, A, X3, 19); + md4_round1(&A, B, C, D, X4, 3); + md4_round1(&D, A, B, C, X5, 7); + md4_round1(&C, D, A, B, X6, 11); + md4_round1(&B, C, D, A, X7, 19); + md4_round1(&A, B, C, D, X8, 3); + md4_round1(&D, A, B, C, X9, 7); + md4_round1(&C, D, A, B, X10, 11); + md4_round1(&B, C, D, A, X11, 19); + md4_round1(&A, B, C, D, X12, 3); + md4_round1(&D, A, B, C, X13, 7); + md4_round1(&C, D, A, B, X14, 11); + md4_round1(&B, C, D, A, X15, 19); /* Round 1 */ - R1(A, B, C, D, X0, 3, 0x5A827999L); - R1(D, A, B, C, X4, 5, 0x5A827999L); - R1(C, D, A, B, X8, 9, 0x5A827999L); - R1(B, C, D, A, X12, 13, 0x5A827999L); - R1(A, B, C, D, X1, 3, 0x5A827999L); - R1(D, A, B, C, X5, 5, 0x5A827999L); - R1(C, D, A, B, X9, 9, 0x5A827999L); - R1(B, C, D, A, X13, 13, 0x5A827999L); - R1(A, B, C, D, X2, 3, 0x5A827999L); - R1(D, A, B, C, X6, 5, 0x5A827999L); - R1(C, D, A, B, X10, 9, 0x5A827999L); - R1(B, C, D, A, X14, 13, 0x5A827999L); - R1(A, B, C, D, X3, 3, 0x5A827999L); - R1(D, A, B, C, X7, 5, 0x5A827999L); - R1(C, D, A, B, X11, 9, 0x5A827999L); - R1(B, C, D, A, X15, 13, 0x5A827999L); + md4_round2(&A, B, C, D, X0, 3); + md4_round2(&D, A, B, C, X4, 5); + md4_round2(&C, D, A, B, X8, 9); + md4_round2(&B, C, D, A, X12, 13); + md4_round2(&A, B, C, D, X1, 3); + md4_round2(&D, A, B, C, X5, 5); + md4_round2(&C, D, A, B, X9, 9); + md4_round2(&B, C, D, A, X13, 13); + md4_round2(&A, B, C, D, X2, 3); + md4_round2(&D, A, B, C, X6, 5); + md4_round2(&C, D, A, B, X10, 9); + md4_round2(&B, C, D, A, X14, 13); + md4_round2(&A, B, C, D, X3, 3); + md4_round2(&D, A, B, C, X7, 5); + md4_round2(&C, D, A, B, X11, 9); + md4_round2(&B, C, D, A, X15, 13); /* Round 2 */ - R2(A, B, C, D, X0, 3, 0x6ED9EBA1L); - R2(D, A, B, C, X8, 9, 0x6ED9EBA1L); - R2(C, D, A, B, X4, 11, 0x6ED9EBA1L); - R2(B, C, D, A, X12, 15, 0x6ED9EBA1L); - R2(A, B, C, D, X2, 3, 0x6ED9EBA1L); - R2(D, A, B, C, X10, 9, 0x6ED9EBA1L); - R2(C, D, A, B, X6, 11, 0x6ED9EBA1L); - R2(B, C, D, A, X14, 15, 0x6ED9EBA1L); - R2(A, B, C, D, X1, 3, 0x6ED9EBA1L); - R2(D, A, B, C, X9, 9, 0x6ED9EBA1L); - R2(C, D, A, B, X5, 11, 0x6ED9EBA1L); - R2(B, C, D, A, X13, 15, 0x6ED9EBA1L); - R2(A, B, C, D, X3, 3, 0x6ED9EBA1L); - R2(D, A, B, C, X11, 9, 0x6ED9EBA1L); - R2(C, D, A, B, X7, 11, 0x6ED9EBA1L); - R2(B, C, D, A, X15, 15, 0x6ED9EBA1L); + md4_round3(&A, B, C, D, X0, 3); + md4_round3(&D, A, B, C, X8, 9); + md4_round3(&C, D, A, B, X4, 11); + md4_round3(&B, C, D, A, X12, 15); + md4_round3(&A, B, C, D, X2, 3); + md4_round3(&D, A, B, C, X10, 9); + md4_round3(&C, D, A, B, X6, 11); + md4_round3(&B, C, D, A, X14, 15); + md4_round3(&A, B, C, D, X1, 3); + md4_round3(&D, A, B, C, X9, 9); + md4_round3(&C, D, A, B, X5, 11); + md4_round3(&B, C, D, A, X13, 15); + md4_round3(&A, B, C, D, X3, 3); + md4_round3(&D, A, B, C, X11, 9); + md4_round3(&C, D, A, B, X7, 11); + md4_round3(&B, C, D, A, X15, 15); A = c->A += A; B = c->B += B; @@ -238,7 +223,6 @@ md4_block_data_order(MD4_CTX *c, const void *_in, size_t num) D = c->D += D; } } -#endif int MD4_Init(MD4_CTX *c) diff --git a/lib/libcrypto/rc4/asm/rc4-586.pl b/lib/libcrypto/rc4/asm/rc4-586.pl index bb30f9b88..8fffe91e7 100644 --- a/lib/libcrypto/rc4/asm/rc4-586.pl +++ b/lib/libcrypto/rc4/asm/rc4-586.pl @@ -152,8 +152,9 @@ if ($alt=0) { &external_label("OPENSSL_ia32cap_P"); -# void RC4(RC4_KEY *key,size_t len,const unsigned char *inp,unsigned char *out); -&function_begin("RC4"); +# void rc4_internal(RC4_KEY *key, size_t len, const unsigned char *inp, +# unsigned char *out); +&function_begin("rc4_internal"); &mov ($dat,&wparam(0)); # load key schedule pointer &mov ($ty, &wparam(1)); # load len &mov ($inp,&wparam(2)); # load inp @@ -291,7 +292,7 @@ if ($alt=0) { &mov (&DWP(-4,$dat),$yy); # save key->y &mov (&BP(-8,$dat),&LB($xx)); # save key->x &set_label("abort"); -&function_end("RC4"); +&function_end("rc4_internal"); ######################################################################## @@ -301,8 +302,8 @@ $idi="ebp"; $ido="ecx"; $idx="edx"; -# void RC4_set_key(RC4_KEY *key,int len,const unsigned char *data); -&function_begin("RC4_set_key"); +# void rc4_set_key_internal(RC4_KEY *key,int len,const unsigned char *data); +&function_begin("rc4_set_key_internal"); &mov ($out,&wparam(0)); # load key &mov ($idi,&wparam(1)); # load len &mov ($inp,&wparam(2)); # load data @@ -382,6 +383,6 @@ $idx="edx"; &xor ("eax","eax"); &mov (&DWP(-8,$out),"eax"); # key->x=0; &mov (&DWP(-4,$out),"eax"); # key->y=0; -&function_end("RC4_set_key"); +&function_end("rc4_set_key_internal"); &asm_finish(); diff --git a/lib/libcrypto/rc4/asm/rc4-x86_64.pl b/lib/libcrypto/rc4/asm/rc4-x86_64.pl index 89e46882a..a6387a386 100755 --- a/lib/libcrypto/rc4/asm/rc4-x86_64.pl +++ b/lib/libcrypto/rc4/asm/rc4-x86_64.pl @@ -124,10 +124,10 @@ $code=<<___; .extern OPENSSL_ia32cap_P .hidden OPENSSL_ia32cap_P -.globl RC4 -.type RC4,\@function,4 +.globl rc4_internal +.type rc4_internal,\@function,4 .align 16 -RC4: +rc4_internal: _CET_ENDBR or $len,$len jne .Lentry @@ -423,7 +423,7 @@ $code.=<<___; add \$24,%rsp .Lepilogue: ret -.size RC4,.-RC4 +.size rc4_internal,.-rc4_internal ___ } @@ -431,10 +431,10 @@ $idx="%r8"; $ido="%r9"; $code.=<<___; -.globl RC4_set_key -.type RC4_set_key,\@function,3 +.globl rc4_set_key_internal +.type rc4_set_key_internal,\@function,3 .align 16 -RC4_set_key: +rc4_set_key_internal: _CET_ENDBR lea 8($dat),$dat lea ($inp,$len),$inp @@ -502,7 +502,7 @@ RC4_set_key: mov %eax,-8($dat) mov %eax,-4($dat) ret -.size RC4_set_key,.-RC4_set_key +.size rc4_set_key_internal,.-rc4_set_key_internal ___ sub reg_part { diff --git a/lib/libcrypto/rc4/rc4_enc.c b/lib/libcrypto/rc4/rc4.c similarity index 88% rename from lib/libcrypto/rc4/rc4_enc.c rename to lib/libcrypto/rc4/rc4.c index 3763bfa3c..8ff8191a5 100644 --- a/lib/libcrypto/rc4/rc4_enc.c +++ b/lib/libcrypto/rc4/rc4.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rc4_enc.c,v 1.18 2022/11/26 16:08:54 tb Exp $ */ +/* $OpenBSD: rc4.c,v 1.9 2024/03/28 01:49:29 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -59,7 +59,6 @@ #include #include -#include "rc4_local.h" /* RC4 as implemented from a posting from * Newsgroups: sci.crypt @@ -69,8 +68,13 @@ * Date: Wed, 14 Sep 1994 06:35:31 GMT */ -void -RC4(RC4_KEY *key, size_t len, const unsigned char *indata, +#ifdef HAVE_RC4_INTERNAL +void rc4_internal(RC4_KEY *key, size_t len, const unsigned char *indata, + unsigned char *outdata); + +#else +static void +rc4_internal(RC4_KEY *key, size_t len, const unsigned char *indata, unsigned char *outdata) { RC4_INT *d; @@ -252,3 +256,52 @@ RC4(RC4_KEY *key, size_t len, const unsigned char *indata, key->x = x; key->y = y; } +#endif + +#ifdef HAVE_RC4_SET_KEY_INTERNAL +void rc4_set_key_internal(RC4_KEY *key, int len, const unsigned char *data); + +#else +static void +rc4_set_key_internal(RC4_KEY *key, int len, const unsigned char *data) +{ + RC4_INT tmp; + int id1, id2; + RC4_INT *d; + unsigned int i; + + d = &(key->data[0]); + key->x = 0; + key->y = 0; + id1 = id2 = 0; + +#define SK_LOOP(d,n) { \ + tmp=d[(n)]; \ + id2 = (data[id1] + tmp + id2) & 0xff; \ + if (++id1 == len) id1=0; \ + d[(n)]=d[id2]; \ + d[id2]=tmp; } + + for (i = 0; i < 256; i++) + d[i] = i; + for (i = 0; i < 256; i += 4) { + SK_LOOP(d, i + 0); + SK_LOOP(d, i + 1); + SK_LOOP(d, i + 2); + SK_LOOP(d, i + 3); + } +} +#endif + +void +RC4(RC4_KEY *key, size_t len, const unsigned char *indata, + unsigned char *outdata) +{ + rc4_internal(key, len, indata, outdata); +} + +void +RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) +{ + rc4_set_key_internal(key, len, data); +} diff --git a/lib/libcrypto/rc4/rc4.h b/lib/libcrypto/rc4/rc4.h index 7ebe23210..ff2514187 100644 --- a/lib/libcrypto/rc4/rc4.h +++ b/lib/libcrypto/rc4/rc4.h @@ -1,4 +1,4 @@ -/* $OpenBSD: rc4.h,v 1.14 2023/07/28 10:35:14 tb Exp $ */ +/* $OpenBSD: rc4.h,v 1.15 2024/03/27 12:13:08 jsing Exp $ */ /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -77,7 +77,6 @@ typedef struct rc4_key_st { } RC4_KEY; void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); -void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, unsigned char *outdata); diff --git a/lib/libcrypto/rc4/rc4_local.h b/lib/libcrypto/rc4/rc4_local.h deleted file mode 100644 index 61d08a4d9..000000000 --- a/lib/libcrypto/rc4/rc4_local.h +++ /dev/null @@ -1,5 +0,0 @@ -/* $OpenBSD: rc4_local.h,v 1.1 2022/11/26 16:08:54 tb Exp $ */ - -#ifndef HEADER_RC4_LOCL_H -#define HEADER_RC4_LOCL_H -#endif diff --git a/lib/libcrypto/rc4/rc4_skey.c b/lib/libcrypto/rc4/rc4_skey.c deleted file mode 100644 index 5833c7bd0..000000000 --- a/lib/libcrypto/rc4/rc4_skey.c +++ /dev/null @@ -1,99 +0,0 @@ -/* $OpenBSD: rc4_skey.c,v 1.16 2023/07/28 10:35:14 tb Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include "rc4_local.h" - -/* RC4 as implemented from a posting from - * Newsgroups: sci.crypt - * From: sterndark@netcom.com (David Sterndark) - * Subject: RC4 Algorithm revealed. - * Message-ID: - * Date: Wed, 14 Sep 1994 06:35:31 GMT - */ - -void -RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) -{ - RC4_INT tmp; - int id1, id2; - RC4_INT *d; - unsigned int i; - - d = &(key->data[0]); - key->x = 0; - key->y = 0; - id1 = id2 = 0; - -#define SK_LOOP(d,n) { \ - tmp=d[(n)]; \ - id2 = (data[id1] + tmp + id2) & 0xff; \ - if (++id1 == len) id1=0; \ - d[(n)]=d[id2]; \ - d[id2]=tmp; } - - for (i = 0; i < 256; i++) - d[i] = i; - for (i = 0; i < 256; i += 4) { - SK_LOOP(d, i + 0); - SK_LOOP(d, i + 1); - SK_LOOP(d, i + 2); - SK_LOOP(d, i + 3); - } -} diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index bb9779bbe..76a906f13 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.321 2024/03/02 11:48:55 tb Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.322 2024/03/27 06:47:52 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -605,8 +605,7 @@ LSSL_ALIAS(SSL_free); int SSL_up_ref(SSL *s) { - int refs = CRYPTO_add(&s->references, 1, CRYPTO_LOCK_SSL); - return (refs > 1) ? 1 : 0; + return CRYPTO_add(&s->references, 1, CRYPTO_LOCK_SSL) > 1; } LSSL_ALIAS(SSL_up_ref); @@ -2217,8 +2216,7 @@ LSSL_ALIAS(SSL_CTX_free); int SSL_CTX_up_ref(SSL_CTX *ctx) { - int refs = CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); - return ((refs > 1) ? 1 : 0); + return CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX) > 1; } LSSL_ALIAS(SSL_CTX_up_ref); diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c index 355193c47..cb985cadb 100644 --- a/lib/libssl/ssl_sess.c +++ b/lib/libssl/ssl_sess.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sess.c,v 1.124 2024/01/24 14:05:10 jsing Exp $ */ +/* $OpenBSD: ssl_sess.c,v 1.125 2024/03/27 06:47:52 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -897,8 +897,7 @@ LSSL_ALIAS(SSL_SESSION_free); int SSL_SESSION_up_ref(SSL_SESSION *ss) { - int refs = CRYPTO_add(&ss->references, 1, CRYPTO_LOCK_SSL_SESSION); - return (refs > 1) ? 1 : 0; + return CRYPTO_add(&ss->references, 1, CRYPTO_LOCK_SSL_SESSION) > 1; } LSSL_ALIAS(SSL_SESSION_up_ref); diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c index e1506e5d6..6649baf29 100644 --- a/lib/libssl/ssl_tlsext.c +++ b/lib/libssl/ssl_tlsext.c @@ -1,8 +1,8 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.143 2024/03/26 03:44:11 beck Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.146 2024/03/28 00:22:35 beck Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing * Copyright (c) 2017 Doug Hogan - * Copyright (c) 2018-2019 Bob Beck + * Copyright (c) 2018-2019, 2024 Bob Beck * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -33,6 +33,7 @@ #include "ssl_tlsext.h" #define TLSEXT_TYPE_alpn TLSEXT_TYPE_application_layer_protocol_negotiation +#define TLSEXT_MAX_SUPPORTED_GROUPS 64 /* * Supported Application-Layer Protocol Negotiation - RFC 7301 @@ -230,21 +231,25 @@ static int tlsext_supportedgroups_server_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { - CBS grouplist; - uint16_t *groups; + uint16_t *groups = NULL; size_t groups_len; - int i; + CBS grouplist; + int i, j; + int ret = 0; if (!CBS_get_u16_length_prefixed(cbs, &grouplist)) - return 0; + goto err; groups_len = CBS_len(&grouplist); if (groups_len == 0 || groups_len % 2 != 0) - return 0; + goto err; groups_len /= 2; + if (groups_len > TLSEXT_MAX_SUPPORTED_GROUPS) + goto err; + if (s->hit) - return 1; + goto done; if (s->s3->hs.tls13.hrr) { if (s->session->tlsext_supportedgroups == NULL) { @@ -257,33 +262,49 @@ tlsext_supportedgroups_server_process(SSL *s, uint16_t msg_type, CBS *cbs, * did not change its list of supported groups. */ - return 1; + goto done; } if (s->session->tlsext_supportedgroups != NULL) - return 0; /* XXX internal error? */ + goto err; /* XXX internal error? */ if ((groups = reallocarray(NULL, groups_len, sizeof(uint16_t))) == NULL) { *alert = SSL_AD_INTERNAL_ERROR; - return 0; + goto err; } for (i = 0; i < groups_len; i++) { - if (!CBS_get_u16(&grouplist, &groups[i])) { - free(groups); - return 0; + if (!CBS_get_u16(&grouplist, &groups[i])) + goto err; + /* + * Do not allow duplicate groups to be sent. This is not + * currently specified in RFC 8446 or earlier, but there is no + * legitimate justification for this to occur in TLS 1.2 or TLS + * 1.3. + */ + for (j = 0; j < i; j++) { + if (groups[i] == groups[j]) { + *alert = SSL_AD_ILLEGAL_PARAMETER; + goto err; + } } } - if (CBS_len(&grouplist) != 0) { - free(groups); - return 0; - } + if (CBS_len(&grouplist) != 0) + goto err; s->session->tlsext_supportedgroups = groups; s->session->tlsext_supportedgroups_length = groups_len; + groups = NULL; - return 1; + + done: + ret = 1; + + err: + free(groups); + + return ret; } /* This extension is never used by the server. */ @@ -303,22 +324,8 @@ static int tlsext_supportedgroups_client_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { - /* - * Servers should not send this extension per the RFC. - * - * However, certain F5 BIG-IP systems incorrectly send it. This bug is - * from at least 2014 but as of 2017, there are still large sites with - * this unpatched in production. As a result, we need to currently skip - * over the extension and ignore its content: - * - * https://support.f5.com/csp/article/K37345003 - */ - if (!CBS_skip(cbs, CBS_len(cbs))) { - *alert = SSL_AD_INTERNAL_ERROR; - return 0; - } - - return 1; + /* Servers should not send this extension per the RFC. */ + return 0; } /* @@ -1443,14 +1450,65 @@ tlsext_keyshare_client_build(SSL *s, uint16_t msg_type, CBB *cbb) static int tlsext_keyshare_server_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { - CBS client_shares, key_exchange; + const uint16_t *client_groups = NULL, *server_groups = NULL; + size_t client_groups_len = 0, server_groups_len = 0; + size_t i, j, client_groups_index; + int preferred_group_found = 0; int decode_error; - uint16_t group; + uint16_t group, client_preferred_group; + CBS client_shares, key_exchange; + + /* + * RFC 8446 section 4.2.8: + * + * Each KeyShareEntry value MUST correspond to a group offered in the + * "supported_groups" extension and MUST appear in the same order. + * However, the values MAY be a non-contiguous subset of the + * "supported_groups". + */ + + if (!tlsext_extension_seen(s, TLSEXT_TYPE_supported_groups)) { + *alert = SSL_AD_ILLEGAL_PARAMETER; + return 0; + } + if (!tlsext_extension_processed(s, TLSEXT_TYPE_supported_groups)) { + *alert = SSL_AD_INTERNAL_ERROR; + return 0; + } + + /* + * XXX similar to tls1_get_supported_group, but client pref + * only - consider deduping later. + */ + /* + * We are now assured of at least one client group. + * Get the client and server group preference orders. + */ + tls1_get_group_list(s, 0, &server_groups, &server_groups_len); + tls1_get_group_list(s, 1, &client_groups, &client_groups_len); + + /* + * Find the group that is most preferred by the client that + * we also support. + */ + for (i = 0; i < client_groups_len && !preferred_group_found; i++) { + if (!ssl_security_supported_group(s, client_groups[i])) + continue; + for (j = 0; j < server_groups_len; j++) { + if (server_groups[j] == client_groups[i]) { + client_preferred_group = client_groups[i]; + preferred_group_found = 1; + break; + } + } + } if (!CBS_get_u16_length_prefixed(cbs, &client_shares)) return 0; + client_groups_index = 0; while (CBS_len(&client_shares) > 0) { + int client_sent_group; /* Unpack client share. */ if (!CBS_get_u16(&client_shares, &group)) @@ -1459,9 +1517,21 @@ tlsext_keyshare_server_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) return 0; /* - * XXX - check key exchange against supported groups from client. - * XXX - check that groups only appear once. + * Ensure the client share group was sent in supported groups, + * and was sent in the same order as supported groups. The + * supported groups has already been checked for duplicates. */ + client_sent_group = 0; + while (client_groups_index < client_groups_len) { + if (group == client_groups[client_groups_index++]) { + client_sent_group = 1; + break; + } + } + if (!client_sent_group) { + *alert = SSL_AD_ILLEGAL_PARAMETER; + return 0; + } /* * Ignore this client share if we're using earlier than TLSv1.3 @@ -1472,8 +1542,14 @@ tlsext_keyshare_server_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) if (s->s3->hs.key_share != NULL) continue; - /* XXX - consider implementing server preference. */ - if (!tls1_check_group(s, group)) + /* + * Ignore this client share if it is not for the most client + * preferred supported group. This avoids a potential downgrade + * situation where the client sends a client share for something + * less preferred, and we choose to to use it instead of + * requesting the more preferred group. + */ + if (!preferred_group_found || group != client_preferred_group) continue; /* Decode and store the selected key share. */ diff --git a/lib/libtls/tls.c b/lib/libtls/tls.c index a8b03f0d4..c2f7f3722 100644 --- a/lib/libtls/tls.c +++ b/lib/libtls/tls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls.c,v 1.102 2024/03/26 08:54:48 joshua Exp $ */ +/* $OpenBSD: tls.c,v 1.103 2024/03/27 07:35:30 joshua Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -359,9 +359,9 @@ tls_keypair_to_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY **pke return (0); if (len > INT_MAX) { - tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, + tls_set_errorx(ctx, TLS_ERROR_INVALID_ARGUMENT, ctx->config->use_fake_private_key ? - "cert too long" : "key too long"); + "certificate too long" : "key too long"); goto err; } @@ -491,7 +491,7 @@ tls_configure_ssl_keypair(struct tls *ctx, SSL_CTX *ssl_ctx, if (keypair->cert_mem != NULL) { if (keypair->cert_len > INT_MAX) { - tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, + tls_set_errorx(ctx, TLS_ERROR_INVALID_ARGUMENT, "certificate too long"); goto err; } @@ -647,7 +647,8 @@ tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify) if (ca_mem != NULL) { if (ca_len > INT_MAX) { - tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, "ca too long"); + tls_set_errorx(ctx, TLS_ERROR_INVALID_ARGUMENT, + "ca too long"); goto err; } if (SSL_CTX_load_verify_mem(ssl_ctx, ca_mem, ca_len) != 1) { @@ -664,7 +665,8 @@ tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify) if (crl_mem != NULL) { if (crl_len > INT_MAX) { - tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, "crl too long"); + tls_set_errorx(ctx, TLS_ERROR_INVALID_ARGUMENT, + "crl too long"); goto err; } if ((bio = BIO_new_mem_buf(crl_mem, crl_len)) == NULL) { @@ -865,7 +867,7 @@ tls_read(struct tls *ctx, void *buf, size_t buflen) } if (buflen > INT_MAX) { - tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, + tls_set_errorx(ctx, TLS_ERROR_INVALID_ARGUMENT, "buflen too long"); goto out; } @@ -897,7 +899,7 @@ tls_write(struct tls *ctx, const void *buf, size_t buflen) } if (buflen > INT_MAX) { - tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, + tls_set_errorx(ctx, TLS_ERROR_INVALID_ARGUMENT, "buflen too long"); goto out; } diff --git a/lib/libtls/tls.h b/lib/libtls/tls.h index b69c4af58..67804d7cd 100644 --- a/lib/libtls/tls.h +++ b/lib/libtls/tls.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls.h,v 1.65 2024/03/26 08:54:48 joshua Exp $ */ +/* $OpenBSD: tls.h,v 1.66 2024/03/27 07:35:30 joshua Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -81,6 +81,7 @@ extern "C" { #define TLS_ERROR_UNKNOWN 0x0000 #define TLS_ERROR_OUT_OF_MEMORY 0x1000 #define TLS_ERROR_INVALID_CONTEXT 0x2000 +#define TLS_ERROR_INVALID_ARGUMENT 0x2001 #endif struct tls; diff --git a/lib/libtls/tls_config.c b/lib/libtls/tls_config.c index 449071641..645562e83 100644 --- a/lib/libtls/tls_config.c +++ b/lib/libtls/tls_config.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_config.c,v 1.68 2024/03/26 06:24:52 joshua Exp $ */ +/* $OpenBSD: tls_config.c,v 1.69 2024/03/27 07:35:30 joshua Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -321,12 +321,12 @@ tls_config_parse_alpn(struct tls_config *config, const char *alpn, q = s; while ((p = strsep(&q, ",")) != NULL) { if ((len = strlen(p)) == 0) { - tls_config_set_errorx(config, TLS_ERROR_UNKNOWN, + tls_config_set_errorx(config, TLS_ERROR_INVALID_ARGUMENT, "alpn protocol with zero length"); goto err; } if (len > 255) { - tls_config_set_errorx(config, TLS_ERROR_UNKNOWN, + tls_config_set_errorx(config, TLS_ERROR_INVALID_ARGUMENT, "alpn protocol too long"); goto err; } diff --git a/lib/libtls/tls_signer.c b/lib/libtls/tls_signer.c index 5eb370745..95a3640d7 100644 --- a/lib/libtls/tls_signer.c +++ b/lib/libtls/tls_signer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_signer.c,v 1.10 2024/03/26 06:24:52 joshua Exp $ */ +/* $OpenBSD: tls_signer.c,v 1.11 2024/03/28 02:08:24 joshua Exp $ */ /* * Copyright (c) 2021 Eric Faurot * @@ -128,8 +128,8 @@ tls_signer_add_keypair_mem(struct tls_signer *signer, const uint8_t *cert, } if ((skey = calloc(1, sizeof(*skey))) == NULL) { - tls_error_set(&signer->error, TLS_ERROR_UNKNOWN, - "failed to create key entry"); + tls_error_set(&signer->error, TLS_ERROR_OUT_OF_MEMORY, + "out of memory"); goto err; } skey->hash = hash; @@ -214,7 +214,8 @@ tls_sign_rsa(struct tls_signer *signer, struct tls_signer_key *skey, return (-1); } if ((signature = calloc(1, rsa_size)) == NULL) { - tls_error_set(&signer->error, TLS_ERROR_UNKNOWN, "RSA signature"); + tls_error_set(&signer->error, TLS_ERROR_OUT_OF_MEMORY, + "out of memory"); return (-1); } @@ -261,8 +262,8 @@ tls_sign_ecdsa(struct tls_signer *signer, struct tls_signer_key *skey, return (-1); } if ((signature = calloc(1, signature_len)) == NULL) { - tls_error_set(&signer->error, TLS_ERROR_UNKNOWN, - "ECDSA signature"); + tls_error_set(&signer->error, TLS_ERROR_OUT_OF_MEMORY, + "out of memory"); return (-1); } diff --git a/lib/libz/inflate.h b/lib/libz/inflate.h index f127b6b1f..f758e0dcc 100644 --- a/lib/libz/inflate.h +++ b/lib/libz/inflate.h @@ -100,7 +100,7 @@ struct inflate_state { unsigned char FAR *window; /* allocated sliding window, if needed */ /* bit accumulator */ unsigned long hold; /* input bit accumulator */ - unsigned bits; /* number of bits in "in" */ + unsigned bits; /* number of bits in hold */ /* for string and stored block copying */ unsigned length; /* literal or length of data to copy */ unsigned offset; /* distance back to copy string from */ diff --git a/lib/libz/zconf.h b/lib/libz/zconf.h index 0ebaabed7..7c289a500 100644 --- a/lib/libz/zconf.h +++ b/lib/libz/zconf.h @@ -509,6 +509,8 @@ typedef uLong FAR uLongf; #if !defined(_WIN32) && defined(Z_LARGE64) # define z_off64_t off64_t +#elif defined(__MINGW32__) +# define z_off64_t long long #elif defined(_WIN32) && !defined(__GNUC__) # define z_off64_t __int64 #elif defined(__GO32__) diff --git a/regress/lib/libssl/tlsext/tlsexttest.c b/regress/lib/libssl/tlsext/tlsexttest.c index c7983833d..832063dd0 100644 --- a/regress/lib/libssl/tlsext/tlsexttest.c +++ b/regress/lib/libssl/tlsext/tlsexttest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tlsexttest.c,v 1.86 2024/03/26 02:43:56 beck Exp $ */ +/* $OpenBSD: tlsexttest.c,v 1.89 2024/03/28 01:45:18 beck Exp $ */ /* * Copyright (c) 2017 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -1109,7 +1109,6 @@ test_tlsext_ecpf_client(void) goto err; } - failure = 0; err: @@ -3648,6 +3647,7 @@ test_tlsext_keyshare_client(void) const struct tls_extension_funcs *server_funcs; int failure; size_t dlen; + size_t idx; int alert; CBB cbb; CBS cbs; @@ -3701,18 +3701,112 @@ test_tlsext_keyshare_client(void) goto done; } - (ssl)->version = TLS1_3_VERSION; - CBS_init(&cbs, data, dlen); + ssl->version = TLS1_3_VERSION; - if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { - FAIL("failed to parse client keyshare\n"); + /* Fake up the ssl enough so the key share can process */ + tls_key_share_free(ssl->s3->hs.key_share); + ssl->session = SSL_SESSION_new(); + if (ssl->session == NULL) { + FAIL("malloc"); goto done; } + memset(ssl->s3, 0, sizeof(*ssl->s3)); + ssl->session->tlsext_supportedgroups = calloc(4, + sizeof(unsigned short)); + if (ssl->session->tlsext_supportedgroups == NULL) { + FAIL("malloc"); + goto done; + } + ssl->session->tlsext_supportedgroups[0] = 29; + ssl->session->tlsext_supportedgroups[1] = 23; + ssl->session->tlsext_supportedgroups[2] = 24; + ssl->session->tlsext_supportedgroups[3] = 25; + ssl->session->tlsext_supportedgroups_length = 4; + tls_extension_find(TLSEXT_TYPE_supported_groups, &idx); + ssl->s3->hs.extensions_processed |= (1 << idx); + ssl->s3->hs.extensions_seen |= (1 << idx); + ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; + /* + * We should select the key share for group 29, when group 29 + * is the most preferred group + */ + CBS_init(&cbs, data, dlen); + if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + FAIL("failed to process client keyshare\n"); + goto done; + } if (CBS_len(&cbs) != 0) { FAIL("extension data remaining\n"); goto done; } + if (ssl->s3->hs.key_share == NULL) { + FAIL("Did not select a key share"); + goto done; + } + + /* + * Pretend the client did not send the supported groups extension. We + * should fail to process. + */ + ssl->s3->hs.extensions_seen = 0; + tls_key_share_free(ssl->s3->hs.key_share); + ssl->s3->hs.key_share = NULL; + CBS_init(&cbs, data, dlen); + if (server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + FAIL("Processed key share when supported groups not provided"); + goto done; + } + ssl->s3->hs.extensions_seen |= (1 << idx); + + /* + * Pretend supported groups did not get processed. We should fail to + * process + */ + ssl->s3->hs.extensions_processed = 0; + ssl->s3->hs.key_share = NULL; + CBS_init(&cbs, data, dlen); + if (server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + FAIL("Processed key share when supported groups unprocesed"); + goto done; + } + ssl->s3->hs.extensions_processed |= (1 << idx); + + /* + * Remove group 29 by making it 0xbeef, meaning 29 has not been sent in + * supported groups. This should fail to process. + */ + ssl->session->tlsext_supportedgroups[0] = 0xbeef; + ssl->s3->hs.key_share = NULL; + CBS_init(&cbs, data, dlen); + if (server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + FAIL("Processed key share with invalid group!"); + goto done; + } + + /* + * Make 29 least preferred, while server supports both 29 and 25. + * Client key share is for 29 but it prefers 25. We should successfully + * process, but should not select this key share. + */ + ssl->session->tlsext_supportedgroups[0] = 25; + ssl->session->tlsext_supportedgroups[3] = 29; + ssl->s3->hs.key_share = NULL; + CBS_init(&cbs, data, dlen); + if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + FAIL("failed to process client keyshare\n"); + goto done; + } + if (CBS_len(&cbs) != 0) { + FAIL("extension data remaining\n"); + goto done; + } + if (ssl->s3->hs.key_share != NULL) { + FAIL("Selected a key share when I should not have!"); + goto done; + } + ssl->session->tlsext_supportedgroups[0] = 29; + ssl->session->tlsext_supportedgroups[3] = 25; failure = 0; diff --git a/sys/arch/arm64/arm64/pmap.c b/sys/arch/arm64/arm64/pmap.c index 9d145c9a4..e768344ae 100644 --- a/sys/arch/arm64/arm64/pmap.c +++ b/sys/arch/arm64/arm64/pmap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pmap.c,v 1.101 2024/01/26 19:23:03 kettenis Exp $ */ +/* $OpenBSD: pmap.c,v 1.102 2024/03/27 15:40:50 kurt Exp $ */ /* * Copyright (c) 2008-2009,2014-2016 Dale Rahn * @@ -1223,6 +1223,7 @@ pmap_bootstrap(long kvo, paddr_t lpt1, long kernelstart, long kernelend, pmap_kernel()->pm_guarded = ATTR_GP; pmap_kernel()->pm_asid = 0; + mtx_init(&pmap_tramp.pm_mtx, IPL_VM); pmap_tramp.pm_vp.l1 = (struct pmapvp1 *)va + 1; pmap_tramp.pm_privileged = 1; pmap_tramp.pm_guarded = ATTR_GP; diff --git a/sys/dev/fdt/bcm2711_pcie.c b/sys/dev/fdt/bcm2711_pcie.c index ce8f92217..e4e09a704 100644 --- a/sys/dev/fdt/bcm2711_pcie.c +++ b/sys/dev/fdt/bcm2711_pcie.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bcm2711_pcie.c,v 1.12 2024/02/03 10:37:26 kettenis Exp $ */ +/* $OpenBSD: bcm2711_pcie.c,v 1.13 2024/03/27 15:15:00 patrick Exp $ */ /* * Copyright (c) 2020 Mark Kettenis * @@ -24,6 +24,7 @@ #include #include #include +#include #include #include @@ -57,7 +58,7 @@ struct bcmpcie_range { }; struct bcmpcie_softc { - struct device sc_dev; + struct simplebus_softc sc_sbus; bus_space_tag_t sc_iot; bus_space_handle_t sc_ioh; bus_dma_tag_t sc_dmat; @@ -97,9 +98,11 @@ bcmpcie_match(struct device *parent, void *match, void *aux) { struct fdt_attach_args *faa = aux; - return OF_is_compatible(faa->fa_node, "brcm,bcm2711-pcie"); + return OF_is_compatible(faa->fa_node, "brcm,bcm2711-pcie") || + OF_is_compatible(faa->fa_node, "brcm,bcm2712-pcie"); } +int bcmpcie_submatch(struct device *, void *, void *); void bcmpcie_attach_hook(struct device *, struct device *, struct pcibus_attach_args *); int bcmpcie_bus_maxdevs(void *, int); @@ -272,8 +275,6 @@ bcmpcie_attach(struct device *parent, struct device *self, void *aux) } } - printf("\n"); - memcpy(&sc->sc_bus_iot, sc->sc_iot, sizeof(sc->sc_bus_iot)); sc->sc_bus_iot.bus_private = sc; sc->sc_bus_iot._space_map = bcmpcie_bs_iomap; @@ -314,7 +315,22 @@ bcmpcie_attach(struct device *parent, struct device *self, void *aux) pba.pba_domain = pci_ndomains++; pba.pba_bus = 0; - config_found(self, &pba, NULL); + /* Attach device tree nodes enumerating PCIe bus */ + simplebus_attach(parent, &sc->sc_sbus.sc_dev, faa); + + config_found_sm(self, &pba, NULL, bcmpcie_submatch); +} + +int +bcmpcie_submatch(struct device *self, void *match, void *aux) +{ + struct cfdata *cf = match; + struct pcibus_attach_args *pba = aux; + + if (strcmp(pba->pba_busname, cf->cf_driver->cd_name) != 0) + return 0; + + return (*cf->cf_attach->ca_match)(self, match, aux); } void diff --git a/sys/dev/fdt/files.fdt b/sys/dev/fdt/files.fdt index 722818fae..0a94d54a7 100644 --- a/sys/dev/fdt/files.fdt +++ b/sys/dev/fdt/files.fdt @@ -1,4 +1,4 @@ -# $OpenBSD: files.fdt,v 1.201 2024/03/02 19:52:41 kettenis Exp $ +# $OpenBSD: files.fdt,v 1.202 2024/03/27 15:15:00 patrick Exp $ # # Config file and device description for machine-independent FDT code. # Included by ports that need it. @@ -132,7 +132,7 @@ device bcmmbox attach bcmmbox at fdt file dev/fdt/bcm2835_mbox.c bcmmbox -device bcmpcie: pcibus +device bcmpcie: pcibus, fdt attach bcmpcie at fdt file dev/fdt/bcm2711_pcie.c bcmpcie diff --git a/sys/dev/ofw/fdt.c b/sys/dev/ofw/fdt.c index 13dbeaba0..82a4f6be1 100644 --- a/sys/dev/ofw/fdt.c +++ b/sys/dev/ofw/fdt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fdt.c,v 1.34 2023/04/26 14:39:42 kettenis Exp $ */ +/* $OpenBSD: fdt.c,v 1.35 2024/03/27 23:05:27 kettenis Exp $ */ /* * Copyright (c) 2009 Dariusz Swiderski @@ -501,6 +501,7 @@ fdt_find_node(char *name) while (*p) { void *child; const char *q; + const char *s; while (*p == '/') p++; @@ -510,18 +511,33 @@ fdt_find_node(char *name) if (q == NULL) q = p + strlen(p); + /* Check for a complete match. */ for (child = fdt_child_node(node); child; child = fdt_next_node(child)) { - if (strncmp(p, fdt_node_name(child), q - p) == 0) { - node = child; + s = fdt_node_name(child); + if (strncmp(p, s, q - p) == 0 && s[q - p] == '\0') break; - } + } + if (child) { + node = child; + p = q; + continue; } - if (child == NULL) - return NULL; /* No match found. */ + /* Check for a match without the unit name. */ + for (child = fdt_child_node(node); child; + child = fdt_next_node(child)) { + s = fdt_node_name(child); + if (strncmp(p, s, q - p) == 0 && s[q - p] == '@') + break; + } + if (child) { + node = child; + p = q; + continue; + } - p = q; + return NULL; /* No match found. */ } return node; diff --git a/sys/dev/pci/drm/amd/amdgpu/amdgpu_atom.c b/sys/dev/pci/drm/amd/amdgpu/amdgpu_atom.c index 8dc13d982..623ebac69 100644 --- a/sys/dev/pci/drm/amd/amdgpu/amdgpu_atom.c +++ b/sys/dev/pci/drm/amd/amdgpu/amdgpu_atom.c @@ -317,7 +317,7 @@ static uint32_t atom_get_src_int(atom_exec_context *ctx, uint8_t attr, DEBUG("IMM 0x%02X\n", val); return val; } - return 0; + break; case ATOM_ARG_PLL: idx = U8(*ptr); (*ptr)++; diff --git a/sys/dev/pci/drm/amd/amdgpu/amdgpu_discovery.c b/sys/dev/pci/drm/amd/amdgpu/amdgpu_discovery.c index f1500b96f..0a03218cc 100644 --- a/sys/dev/pci/drm/amd/amdgpu/amdgpu_discovery.c +++ b/sys/dev/pci/drm/amd/amdgpu/amdgpu_discovery.c @@ -1287,11 +1287,10 @@ static int amdgpu_discovery_reg_base_init(struct amdgpu_device *adev) * 0b10 : encode is disabled * 0b01 : decode is disabled */ - adev->vcn.vcn_config[adev->vcn.num_vcn_inst] = - ip->revision & 0xc0; - ip->revision &= ~0xc0; if (adev->vcn.num_vcn_inst < AMDGPU_MAX_VCN_INSTANCES) { + adev->vcn.vcn_config[adev->vcn.num_vcn_inst] = + ip->revision & 0xc0; adev->vcn.num_vcn_inst++; adev->vcn.inst_mask |= (1U << ip->instance_number); @@ -1302,6 +1301,7 @@ static int amdgpu_discovery_reg_base_init(struct amdgpu_device *adev) adev->vcn.num_vcn_inst + 1, AMDGPU_MAX_VCN_INSTANCES); } + ip->revision &= ~0xc0; } if (le16_to_cpu(ip->hw_id) == SDMA0_HWID || le16_to_cpu(ip->hw_id) == SDMA1_HWID || diff --git a/sys/dev/pci/drm/amd/amdgpu/soc15.c b/sys/dev/pci/drm/amd/amdgpu/soc15.c index 408c053a3..9ce6e30ac 100644 --- a/sys/dev/pci/drm/amd/amdgpu/soc15.c +++ b/sys/dev/pci/drm/amd/amdgpu/soc15.c @@ -574,11 +574,34 @@ soc15_asic_reset_method(struct amdgpu_device *adev) return AMD_RESET_METHOD_MODE1; } +static bool soc15_need_reset_on_resume(struct amdgpu_device *adev) +{ + u32 sol_reg; + + sol_reg = RREG32_SOC15(MP0, 0, mmMP0_SMN_C2PMSG_81); + + /* Will reset for the following suspend abort cases. + * 1) Only reset limit on APU side, dGPU hasn't checked yet. + * 2) S3 suspend abort and TOS already launched. + */ + if (adev->flags & AMD_IS_APU && adev->in_s3 && + !adev->suspend_complete && + sol_reg) + return true; + + return false; +} + static int soc15_asic_reset(struct amdgpu_device *adev) { /* original raven doesn't have full asic reset */ - if ((adev->apu_flags & AMD_APU_IS_RAVEN) || - (adev->apu_flags & AMD_APU_IS_RAVEN2)) + /* On the latest Raven, the GPU reset can be performed + * successfully. So now, temporarily enable it for the + * S3 suspend abort case. + */ + if (((adev->apu_flags & AMD_APU_IS_RAVEN) || + (adev->apu_flags & AMD_APU_IS_RAVEN2)) && + !soc15_need_reset_on_resume(adev)) return 0; switch (soc15_asic_reset_method(adev)) { @@ -1296,24 +1319,6 @@ static int soc15_common_suspend(void *handle) return soc15_common_hw_fini(adev); } -static bool soc15_need_reset_on_resume(struct amdgpu_device *adev) -{ - u32 sol_reg; - - sol_reg = RREG32_SOC15(MP0, 0, mmMP0_SMN_C2PMSG_81); - - /* Will reset for the following suspend abort cases. - * 1) Only reset limit on APU side, dGPU hasn't checked yet. - * 2) S3 suspend abort and TOS already launched. - */ - if (adev->flags & AMD_IS_APU && adev->in_s3 && - !adev->suspend_complete && - sol_reg) - return true; - - return false; -} - static int soc15_common_resume(void *handle) { struct amdgpu_device *adev = (struct amdgpu_device *)handle; diff --git a/sys/dev/pci/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/sys/dev/pci/drm/amd/display/amdgpu_dm/amdgpu_dm.c index d747b582f..055ae7210 100644 --- a/sys/dev/pci/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/sys/dev/pci/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -1906,17 +1906,15 @@ static void amdgpu_dm_fini(struct amdgpu_device *adev) adev->dm.hdcp_workqueue = NULL; } - if (adev->dm.dc) + if (adev->dm.dc) { dc_deinit_callbacks(adev->dm.dc); - - if (adev->dm.dc) dc_dmub_srv_destroy(&adev->dm.dc->ctx->dmub_srv); - - if (dc_enable_dmub_notifications(adev->dm.dc)) { - kfree(adev->dm.dmub_notify); - adev->dm.dmub_notify = NULL; - destroy_workqueue(adev->dm.delayed_hpd_wq); - adev->dm.delayed_hpd_wq = NULL; + if (dc_enable_dmub_notifications(adev->dm.dc)) { + kfree(adev->dm.dmub_notify); + adev->dm.dmub_notify = NULL; + destroy_workqueue(adev->dm.delayed_hpd_wq); + adev->dm.delayed_hpd_wq = NULL; + } } if (adev->dm.dmub_bo) diff --git a/sys/dev/pci/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c b/sys/dev/pci/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c index 2cf9d0242..045b11615 100644 --- a/sys/dev/pci/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c +++ b/sys/dev/pci/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c @@ -1453,7 +1453,7 @@ static ssize_t dp_dsc_clock_en_read(struct file *f, char __user *buf, const uint32_t rd_buf_size = 10; struct pipe_ctx *pipe_ctx; ssize_t result = 0; - int i, r, str_len = 30; + int i, r, str_len = 10; rd_buf = kcalloc(rd_buf_size, sizeof(char), GFP_KERNEL); diff --git a/sys/dev/pci/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c b/sys/dev/pci/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c index db1d7be7f..e3f4d497d 100644 --- a/sys/dev/pci/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c +++ b/sys/dev/pci/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c @@ -1832,6 +1832,9 @@ bool dcn10_set_output_transfer_func(struct dc *dc, struct pipe_ctx *pipe_ctx, { struct dpp *dpp = pipe_ctx->plane_res.dpp; + if (!stream) + return false; + if (dpp == NULL) return false; @@ -1854,8 +1857,8 @@ bool dcn10_set_output_transfer_func(struct dc *dc, struct pipe_ctx *pipe_ctx, } else dpp->funcs->dpp_program_regamma_pwl(dpp, NULL, OPP_REGAMMA_BYPASS); - if (stream != NULL && stream->ctx != NULL && - stream->out_transfer_func != NULL) { + if (stream->ctx && + stream->out_transfer_func) { log_tf(stream->ctx, stream->out_transfer_func, dpp->regamma_params.hw_points_num); diff --git a/sys/dev/pci/drm/amd/display/dc/link/protocols/link_edp_panel_control.c b/sys/dev/pci/drm/amd/display/dc/link/protocols/link_edp_panel_control.c index 6f64aab18..13104d000 100644 --- a/sys/dev/pci/drm/amd/display/dc/link/protocols/link_edp_panel_control.c +++ b/sys/dev/pci/drm/amd/display/dc/link/protocols/link_edp_panel_control.c @@ -882,7 +882,8 @@ bool edp_set_replay_allow_active(struct dc_link *link, const bool *allow_active, /* Set power optimization flag */ if (power_opts && link->replay_settings.replay_power_opt_active != *power_opts) { - if (link->replay_settings.replay_feature_enabled && replay->funcs->replay_set_power_opt) { + if (replay != NULL && link->replay_settings.replay_feature_enabled && + replay->funcs->replay_set_power_opt) { replay->funcs->replay_set_power_opt(replay, *power_opts, panel_inst); link->replay_settings.replay_power_opt_active = *power_opts; } diff --git a/sys/dev/pci/drm/amd/pm/swsmu/smu11/arcturus_ppt.c b/sys/dev/pci/drm/amd/pm/swsmu/smu11/arcturus_ppt.c index 61c9ddef2..e2e14b154 100644 --- a/sys/dev/pci/drm/amd/pm/swsmu/smu11/arcturus_ppt.c +++ b/sys/dev/pci/drm/amd/pm/swsmu/smu11/arcturus_ppt.c @@ -2358,8 +2358,8 @@ static uint16_t arcturus_get_current_pcie_link_speed(struct smu_context *smu) /* TODO: confirm this on real target */ esm_ctrl = RREG32_PCIE(smnPCIE_ESM_CTRL); - if ((esm_ctrl >> 15) & 0x1FFFF) - return (uint16_t)(((esm_ctrl >> 8) & 0x3F) + 128); + if ((esm_ctrl >> 15) & 0x1) + return (uint16_t)(((esm_ctrl >> 8) & 0x7F) + 128); return smu_v11_0_get_current_pcie_link_speed(smu); } diff --git a/sys/dev/pci/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c b/sys/dev/pci/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c index 9ca85938a..266cea9b2 100644 --- a/sys/dev/pci/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c +++ b/sys/dev/pci/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c @@ -1722,8 +1722,8 @@ static int aldebaran_get_current_pcie_link_speed(struct smu_context *smu) /* TODO: confirm this on real target */ esm_ctrl = RREG32_PCIE(smnPCIE_ESM_CTRL); - if ((esm_ctrl >> 15) & 0x1FFFF) - return (((esm_ctrl >> 8) & 0x3F) + 128); + if ((esm_ctrl >> 15) & 0x1) + return (((esm_ctrl >> 8) & 0x7F) + 128); return smu_v13_0_get_current_pcie_link_speed(smu); } diff --git a/sys/dev/pci/drm/amd/pm/swsmu/smu13/smu_v13_0_6_ppt.c b/sys/dev/pci/drm/amd/pm/swsmu/smu13/smu_v13_0_6_ppt.c index 75ebdb12f..37902e918 100644 --- a/sys/dev/pci/drm/amd/pm/swsmu/smu13/smu_v13_0_6_ppt.c +++ b/sys/dev/pci/drm/amd/pm/swsmu/smu13/smu_v13_0_6_ppt.c @@ -1943,8 +1943,8 @@ static int smu_v13_0_6_get_current_pcie_link_speed(struct smu_context *smu) /* TODO: confirm this on real target */ esm_ctrl = RREG32_PCIE(smnPCIE_ESM_CTRL); - if ((esm_ctrl >> 15) & 0x1FFFF) - return (((esm_ctrl >> 8) & 0x3F) + 128); + if ((esm_ctrl >> 15) & 0x1) + return (((esm_ctrl >> 8) & 0x7F) + 128); speed_level = (RREG32_PCIE(smnPCIE_LC_SPEED_CNTL) & PCIE_LC_SPEED_CNTL__LC_CURRENT_DATA_RATE_MASK) diff --git a/sys/dev/pci/drm/i915/gt/uc/intel_huc.c b/sys/dev/pci/drm/i915/gt/uc/intel_huc.c index 4ff193cbc..9c40964c4 100644 --- a/sys/dev/pci/drm/i915/gt/uc/intel_huc.c +++ b/sys/dev/pci/drm/i915/gt/uc/intel_huc.c @@ -136,7 +136,7 @@ static void huc_delayed_load_timer_callback(void *arg) static void huc_delayed_load_start(struct intel_huc *huc) { - int delay; + ktime_t delay; GEM_BUG_ON(intel_huc_is_authenticated(huc, INTEL_HUC_AUTH_BY_GSC)); @@ -146,10 +146,10 @@ static void huc_delayed_load_start(struct intel_huc *huc) */ switch (huc->delayed_load.status) { case INTEL_HUC_WAITING_ON_GSC: - delay = GSC_INIT_TIMEOUT_MS; + delay = ms_to_ktime(GSC_INIT_TIMEOUT_MS); break; case INTEL_HUC_WAITING_ON_PXP: - delay = PXP_INIT_TIMEOUT_MS; + delay = ms_to_ktime(PXP_INIT_TIMEOUT_MS); break; default: gsc_init_error(huc); @@ -171,7 +171,7 @@ static void huc_delayed_load_start(struct intel_huc *huc) #ifdef __linux__ hrtimer_start(&huc->delayed_load.timer, delay, HRTIMER_MODE_REL); #else - timeout_add_msec(&huc->delayed_load.timer, delay); + timeout_add_nsec(&huc->delayed_load.timer, ktime_to_ns(delay)); #endif } diff --git a/sys/dev/pci/drm/include/drm/drm_fixed.h b/sys/dev/pci/drm/include/drm/drm_fixed.h index 6ea339d5d..81572d32d 100644 --- a/sys/dev/pci/drm/include/drm/drm_fixed.h +++ b/sys/dev/pci/drm/include/drm/drm_fixed.h @@ -71,7 +71,6 @@ static inline u32 dfixed_div(fixed20_12 A, fixed20_12 B) } #define DRM_FIXED_POINT 32 -#define DRM_FIXED_POINT_HALF 16 #define DRM_FIXED_ONE (1ULL << DRM_FIXED_POINT) #define DRM_FIXED_DECIMAL_MASK (DRM_FIXED_ONE - 1) #define DRM_FIXED_DIGITS_MASK (~DRM_FIXED_DECIMAL_MASK) @@ -90,12 +89,12 @@ static inline int drm_fixp2int(s64 a) static inline int drm_fixp2int_round(s64 a) { - return drm_fixp2int(a + (1 << (DRM_FIXED_POINT_HALF - 1))); + return drm_fixp2int(a + DRM_FIXED_ONE / 2); } static inline int drm_fixp2int_ceil(s64 a) { - if (a > 0) + if (a >= 0) return drm_fixp2int(a + DRM_FIXED_ALMOST_ONE); else return drm_fixp2int(a - DRM_FIXED_ALMOST_ONE); diff --git a/sys/dev/pci/drm/include/linux/ktime.h b/sys/dev/pci/drm/include/linux/ktime.h index b3baf7a68..f1d1c721e 100644 --- a/sys/dev/pci/drm/include/linux/ktime.h +++ b/sys/dev/pci/drm/include/linux/ktime.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ktime.h,v 1.7 2023/01/01 01:34:58 jsg Exp $ */ +/* $OpenBSD: ktime.h,v 1.8 2024/03/28 02:36:38 jsg Exp $ */ /* * Copyright (c) 2013, 2014, 2015 Mark Kettenis * @@ -150,6 +150,12 @@ ns_to_ktime(uint64_t ns) return ns; } +static inline ktime_t +ms_to_ktime(uint64_t ms) +{ + return ms * NSEC_PER_MSEC; +} + static inline int64_t ktime_divns(ktime_t a, int64_t ns) { diff --git a/sys/dev/pci/drm/radeon/ni.c b/sys/dev/pci/drm/radeon/ni.c index 368ae4be0..e2e6999e8 100644 --- a/sys/dev/pci/drm/radeon/ni.c +++ b/sys/dev/pci/drm/radeon/ni.c @@ -813,7 +813,7 @@ int ni_init_microcode(struct radeon_device *rdev) err = 0; } else if (rdev->smc_fw->size != smc_req_size) { pr_err("ni_mc: Bogus length %zu in firmware \"%s\"\n", - rdev->mc_fw->size, fw_name); + rdev->smc_fw->size, fw_name); err = -EINVAL; } } diff --git a/sys/kern/init_sysent.c b/sys/kern/init_sysent.c index 79e6a776c..05a336cb6 100644 --- a/sys/kern/init_sysent.c +++ b/sys/kern/init_sysent.c @@ -1,10 +1,10 @@ -/* $OpenBSD: init_sysent.c,v 1.275 2024/03/25 17:43:10 mvs Exp $ */ +/* $OpenBSD: init_sysent.c,v 1.276 2024/03/28 02:23:31 deraadt Exp $ */ /* * System call switch table. * * DO NOT EDIT-- this file is automatically generated. - * created from; OpenBSD: syscalls.master,v 1.258 2024/03/25 17:42:34 mvs Exp + * created from; OpenBSD: syscalls.master,v 1.259 2024/03/28 02:19:57 deraadt Exp */ #include @@ -324,8 +324,8 @@ const struct sysent sysent[] = { sys_nosys }, /* 144 = obsolete ogetrlimit */ { 0, 0, 0, sys_nosys }, /* 145 = obsolete osetrlimit */ - { 3, s(struct sys_pinsyscall_args), SY_NOLOCK | 0, - sys_pinsyscall }, /* 146 = pinsyscall */ + { 0, 0, 0, + sys_nosys }, /* 146 = obsolete pinsyscall */ { 0, 0, 0, sys_setsid }, /* 147 = setsid */ { 4, s(struct sys_quotactl_args), 0, diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c index aab866f65..113d8675e 100644 --- a/sys/kern/kern_pledge.c +++ b/sys/kern/kern_pledge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_pledge.c,v 1.311 2024/03/22 05:54:25 ratchov Exp $ */ +/* $OpenBSD: kern_pledge.c,v 1.312 2024/03/28 02:19:57 deraadt Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott @@ -112,7 +112,6 @@ const uint64_t pledge_syscalls[SYS_MAXSYSCALL] = { [SYS_sendsyslog] = PLEDGE_ALWAYS, /* stack protector reporting */ [SYS_thrkill] = PLEDGE_ALWAYS, /* raise, abort, stack pro */ [SYS_utrace] = PLEDGE_ALWAYS, /* ltrace(1) from ld.so */ - [SYS_pinsyscall] = PLEDGE_ALWAYS, [SYS_pinsyscalls] = PLEDGE_ALWAYS, /* "getting" information about self is considered safe */ diff --git a/sys/kern/syscalls.c b/sys/kern/syscalls.c index 1c821d2da..874ca99d1 100644 --- a/sys/kern/syscalls.c +++ b/sys/kern/syscalls.c @@ -1,10 +1,10 @@ -/* $OpenBSD: syscalls.c,v 1.273 2024/03/25 17:43:10 mvs Exp $ */ +/* $OpenBSD: syscalls.c,v 1.274 2024/03/28 02:23:31 deraadt Exp $ */ /* * System call names. * * DO NOT EDIT-- this file is automatically generated. - * created from; OpenBSD: syscalls.master,v 1.258 2024/03/25 17:42:34 mvs Exp + * created from; OpenBSD: syscalls.master,v 1.259 2024/03/28 02:19:57 deraadt Exp */ const char *const syscallnames[] = { @@ -166,7 +166,7 @@ const char *const syscallnames[] = { "setthrname", /* 143 = setthrname */ "#144 (obsolete ogetrlimit)", /* 144 = obsolete ogetrlimit */ "#145 (obsolete osetrlimit)", /* 145 = obsolete osetrlimit */ - "pinsyscall", /* 146 = pinsyscall */ + "#146 (obsolete pinsyscall)", /* 146 = obsolete pinsyscall */ "setsid", /* 147 = setsid */ "quotactl", /* 148 = quotactl */ "#149 (obsolete oquota)", /* 149 = obsolete oquota */ diff --git a/sys/kern/syscalls.master b/sys/kern/syscalls.master index f631b55cf..d26572a70 100644 --- a/sys/kern/syscalls.master +++ b/sys/kern/syscalls.master @@ -1,4 +1,4 @@ -; $OpenBSD: syscalls.master,v 1.258 2024/03/25 17:42:34 mvs Exp $ +; $OpenBSD: syscalls.master,v 1.259 2024/03/28 02:19:57 deraadt Exp $ ; $NetBSD: syscalls.master,v 1.32 1996/04/23 10:24:21 mycroft Exp $ ; @(#)syscalls.master 8.2 (Berkeley) 1/13/94 @@ -282,7 +282,7 @@ 143 STD { int sys_setthrname(pid_t tid, const char *name); } 144 OBSOL ogetrlimit 145 OBSOL osetrlimit -146 STD NOLOCK { int sys_pinsyscall(int syscall, void *addr, size_t len); } +146 OBSOL pinsyscall 147 STD { int sys_setsid(void); } 148 STD { int sys_quotactl(const char *path, int cmd, \ int uid, char *arg); } diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c index 06313d40c..1d8a101f1 100644 --- a/sys/kern/uipc_socket.c +++ b/sys/kern/uipc_socket.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uipc_socket.c,v 1.322 2024/03/26 09:46:47 mvs Exp $ */ +/* $OpenBSD: uipc_socket.c,v 1.323 2024/03/27 22:47:53 mvs Exp $ */ /* $NetBSD: uipc_socket.c,v 1.21 1996/02/04 02:17:52 christos Exp $ */ /* @@ -161,7 +161,7 @@ soalloc(const struct protosw *prp, int wait) } break; case AF_UNIX: - so->so_rcv.sb_flags |= SB_MTXLOCK; + so->so_rcv.sb_flags |= SB_MTXLOCK | SB_OWNLOCK; break; } @@ -903,12 +903,23 @@ restart: } SBLASTRECORDCHK(&so->so_rcv, "soreceive sbwait 1"); SBLASTMBUFCHK(&so->so_rcv, "soreceive sbwait 1"); - sb_mtx_unlock(&so->so_rcv); - sbunlock(so, &so->so_rcv); - error = sbwait(so, &so->so_rcv); - if (error) { + + if (so->so_rcv.sb_flags & SB_OWNLOCK) { + sbunlock_locked(so, &so->so_rcv); sounlock_shared(so); - return (error); + error = sbwait_locked(so, &so->so_rcv); + sb_mtx_unlock(&so->so_rcv); + if (error) + return (error); + solock_shared(so); + } else { + sb_mtx_unlock(&so->so_rcv); + sbunlock(so, &so->so_rcv); + error = sbwait(so, &so->so_rcv); + if (error) { + sounlock_shared(so); + return (error); + } } goto restart; } diff --git a/sys/kern/uipc_socket2.c b/sys/kern/uipc_socket2.c index 153010a59..4a9eaae34 100644 --- a/sys/kern/uipc_socket2.c +++ b/sys/kern/uipc_socket2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uipc_socket2.c,v 1.145 2024/03/26 09:46:47 mvs Exp $ */ +/* $OpenBSD: uipc_socket2.c,v 1.146 2024/03/27 22:47:53 mvs Exp $ */ /* $NetBSD: uipc_socket2.c,v 1.11 1996/02/04 02:17:55 christos Exp $ */ /* @@ -522,6 +522,18 @@ sbmtxassertlocked(struct socket *so, struct sockbuf *sb) /* * Wait for data to arrive at/drain from a socket buffer. */ +int +sbwait_locked(struct socket *so, struct sockbuf *sb) +{ + int prio = (sb->sb_flags & SB_NOINTR) ? PSOCK : PSOCK | PCATCH; + + MUTEX_ASSERT_LOCKED(&sb->sb_mtx); + + sb->sb_flags |= SB_WAIT; + return msleep_nsec(&sb->sb_cc, &sb->sb_mtx, prio, "sbwait", + sb->sb_timeo_nsecs); +} + int sbwait(struct socket *so, struct sockbuf *sb) { @@ -573,20 +585,23 @@ out: } void -sbunlock(struct socket *so, struct sockbuf *sb) +sbunlock_locked(struct socket *so, struct sockbuf *sb) { - int dowakeup = 0; + MUTEX_ASSERT_LOCKED(&sb->sb_mtx); - mtx_enter(&sb->sb_mtx); sb->sb_flags &= ~SB_LOCK; if (sb->sb_flags & SB_WANT) { sb->sb_flags &= ~SB_WANT; - dowakeup = 1; - } - mtx_leave(&sb->sb_mtx); - - if (dowakeup) wakeup(&sb->sb_flags); + } +} + +void +sbunlock(struct socket *so, struct sockbuf *sb) +{ + mtx_enter(&sb->sb_mtx); + sbunlock_locked(so, sb); + mtx_leave(&sb->sb_mtx); } /* diff --git a/sys/lib/libz/inflate.h b/sys/lib/libz/inflate.h index f127b6b1f..f758e0dcc 100644 --- a/sys/lib/libz/inflate.h +++ b/sys/lib/libz/inflate.h @@ -100,7 +100,7 @@ struct inflate_state { unsigned char FAR *window; /* allocated sliding window, if needed */ /* bit accumulator */ unsigned long hold; /* input bit accumulator */ - unsigned bits; /* number of bits in "in" */ + unsigned bits; /* number of bits in hold */ /* for string and stored block copying */ unsigned length; /* literal or length of data to copy */ unsigned offset; /* distance back to copy string from */ diff --git a/sys/lib/libz/zconf.h b/sys/lib/libz/zconf.h index b3c057c4f..22475032d 100644 --- a/sys/lib/libz/zconf.h +++ b/sys/lib/libz/zconf.h @@ -513,6 +513,8 @@ typedef uLong FAR uLongf; #if !defined(_WIN32) && defined(Z_LARGE64) # define z_off64_t off64_t +#elif defined(__MINGW32__) +# define z_off64_t long long #elif defined(_WIN32) && !defined(__GNUC__) # define z_off64_t __int64 #elif defined(__GO32__) diff --git a/sys/sys/socketvar.h b/sys/sys/socketvar.h index 782ebce75..0169c6273 100644 --- a/sys/sys/socketvar.h +++ b/sys/sys/socketvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: socketvar.h,v 1.126 2024/03/26 09:46:47 mvs Exp $ */ +/* $OpenBSD: socketvar.h,v 1.127 2024/03/27 22:47:53 mvs Exp $ */ /* $NetBSD: socketvar.h,v 1.18 1996/02/09 18:25:38 christos Exp $ */ /*- @@ -127,14 +127,15 @@ struct socket { uint64_t sb_timeo_nsecs;/* timeout for read/write */ struct klist sb_klist; /* process selecting read/write */ } so_rcv, so_snd; -#define SB_MAX (2*1024*1024) /* default for max chars in sockbuf */ -#define SB_LOCK 0x01 /* lock on data queue */ -#define SB_WANT 0x02 /* someone is waiting to lock */ -#define SB_WAIT 0x04 /* someone is waiting for data/space */ -#define SB_ASYNC 0x10 /* ASYNC I/O, need signals */ -#define SB_SPLICE 0x20 /* buffer is splice source or drain */ -#define SB_NOINTR 0x40 /* operations not interruptible */ -#define SB_MTXLOCK 0x80 /* use sb_mtx for sockbuf protection */ +#define SB_MAX (2*1024*1024) /* default for max chars in sockbuf */ +#define SB_LOCK 0x0001 /* lock on data queue */ +#define SB_WANT 0x0002 /* someone is waiting to lock */ +#define SB_WAIT 0x0004 /* someone is waiting for data/space */ +#define SB_ASYNC 0x0010 /* ASYNC I/O, need signals */ +#define SB_SPLICE 0x0020 /* buffer is splice source or drain */ +#define SB_NOINTR 0x0040 /* operations not interruptible */ +#define SB_MTXLOCK 0x0080 /* use sb_mtx for sockbuf protection */ +#define SB_OWNLOCK 0x0100 /* sb_mtx used standalone */ void (*so_upcall)(struct socket *so, caddr_t arg, int waitf); caddr_t so_upcallarg; /* Arg for above */ @@ -320,6 +321,7 @@ int sblock(struct socket *, struct sockbuf *, int); /* release lock on sockbuf sb */ void sbunlock(struct socket *, struct sockbuf *); +void sbunlock_locked(struct socket *, struct sockbuf *); #define SB_EMPTY_FIXUP(sb) do { \ if ((sb)->sb_mb == NULL) { \ @@ -367,6 +369,7 @@ int sbcheckreserve(u_long, u_long); int sbchecklowmem(void); int sbreserve(struct socket *, struct sockbuf *, u_long); int sbwait(struct socket *, struct sockbuf *); +int sbwait_locked(struct socket *, struct sockbuf *); void soinit(void); void soabort(struct socket *); int soaccept(struct socket *, struct mbuf *); diff --git a/sys/sys/syscall.h b/sys/sys/syscall.h index cafb75582..8aae55d2a 100644 --- a/sys/sys/syscall.h +++ b/sys/sys/syscall.h @@ -1,10 +1,10 @@ -/* $OpenBSD: syscall.h,v 1.272 2024/03/25 17:43:10 mvs Exp $ */ +/* $OpenBSD: syscall.h,v 1.273 2024/03/28 02:27:14 deraadt Exp $ */ /* * System call numbers. * * DO NOT EDIT-- this file is automatically generated. - * created from; OpenBSD: syscalls.master,v 1.258 2024/03/25 17:42:34 mvs Exp + * created from; OpenBSD: syscalls.master,v 1.259 2024/03/28 02:19:57 deraadt Exp */ /* syscall: "exit" ret: "void" args: "int" */ @@ -425,9 +425,7 @@ /* 144 is obsolete ogetrlimit */ /* 145 is obsolete osetrlimit */ -/* syscall: "pinsyscall" ret: "int" args: "int" "void *" "size_t" */ -#define SYS_pinsyscall 146 - + /* 146 is obsolete pinsyscall */ /* syscall: "setsid" ret: "int" args: */ #define SYS_setsid 147 diff --git a/sys/sys/syscallargs.h b/sys/sys/syscallargs.h index cdef1a7db..a2c1d0d7e 100644 --- a/sys/sys/syscallargs.h +++ b/sys/sys/syscallargs.h @@ -1,10 +1,10 @@ -/* $OpenBSD: syscallargs.h,v 1.275 2024/03/25 17:43:10 mvs Exp $ */ +/* $OpenBSD: syscallargs.h,v 1.276 2024/03/28 02:27:14 deraadt Exp $ */ /* * System call argument lists. * * DO NOT EDIT-- this file is automatically generated. - * created from; OpenBSD: syscalls.master,v 1.258 2024/03/25 17:42:34 mvs Exp + * created from; OpenBSD: syscalls.master,v 1.259 2024/03/28 02:19:57 deraadt Exp */ #ifdef syscallarg @@ -728,12 +728,6 @@ struct sys_setthrname_args { syscallarg(const char *) name; }; -struct sys_pinsyscall_args { - syscallarg(int) syscall; - syscallarg(void *) addr; - syscallarg(size_t) len; -}; - struct sys_quotactl_args { syscallarg(const char *) path; syscallarg(int) cmd; @@ -1309,7 +1303,6 @@ int sys_adjtime(struct proc *, void *, register_t *); int sys_getlogin_r(struct proc *, void *, register_t *); int sys_getthrname(struct proc *, void *, register_t *); int sys_setthrname(struct proc *, void *, register_t *); -int sys_pinsyscall(struct proc *, void *, register_t *); int sys_setsid(struct proc *, void *, register_t *); int sys_quotactl(struct proc *, void *, register_t *); int sys_ypconnect(struct proc *, void *, register_t *); diff --git a/sys/uvm/uvm_km.c b/sys/uvm/uvm_km.c index 6c5e48da0..4cdf1de4f 100644 --- a/sys/uvm/uvm_km.c +++ b/sys/uvm/uvm_km.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uvm_km.c,v 1.151 2022/08/01 14:15:46 mpi Exp $ */ +/* $OpenBSD: uvm_km.c,v 1.152 2024/03/27 15:41:40 kurt Exp $ */ /* $NetBSD: uvm_km.c,v 1.42 2001/01/14 02:10:01 thorpej Exp $ */ /* @@ -183,6 +183,11 @@ uvm_km_init(vaddr_t base, vaddr_t start, vaddr_t end) panic("uvm_km_init: could not reserve space for kernel"); kernel_map = &kernel_map_store; + +#ifndef __HAVE_PMAP_DIRECT + /* allow km_alloc calls before uvm_km_thread starts */ + mtx_init(&uvm_km_pages.mtx, IPL_VM); +#endif } /* @@ -558,7 +563,6 @@ uvm_km_page_init(void) int len, bulk; vaddr_t addr; - mtx_init(&uvm_km_pages.mtx, IPL_VM); if (!uvm_km_pages.lowat) { /* based on physmem, calculate a good value here */ uvm_km_pages.lowat = physmem / 256; diff --git a/sys/uvm/uvm_mmap.c b/sys/uvm/uvm_mmap.c index cc76bfafb..c0205f267 100644 --- a/sys/uvm/uvm_mmap.c +++ b/sys/uvm/uvm_mmap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uvm_mmap.c,v 1.185 2024/01/19 21:20:35 deraadt Exp $ */ +/* $OpenBSD: uvm_mmap.c,v 1.186 2024/03/28 02:19:57 deraadt Exp $ */ /* $NetBSD: uvm_mmap.c,v 1.49 2001/02/18 21:19:08 chs Exp $ */ /* @@ -612,15 +612,6 @@ sys_msyscall(struct proc *p, void *v, register_t *retval) return uvm_map_syscall(&p->p_vmspace->vm_map, addr, addr+size); } -/* - * sys_pinsyscall - */ -int -sys_pinsyscall(struct proc *p, void *v, register_t *retval) -{ - return (0); -} - /* * sys_pinsyscalls. The caller is required to normalize base,len * to the minimum .text region, and adjust pintable offsets relative