mirror of
https://github.com/TelegramMessenger/Telegram-iOS.git
synced 2026-07-05 19:28:46 +02:00
Support BoringSSL
This commit is contained in:
parent
c969f2556d
commit
94313057a8
1480 changed files with 1593209 additions and 26 deletions
|
|
@ -169,6 +169,7 @@ swift_library(
|
|||
],
|
||||
deps = [
|
||||
"//submodules/TelegramUI:TelegramUI",
|
||||
"//third-party/boringssl:crypto",
|
||||
],
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -66,7 +66,7 @@ swift_library(
|
|||
"//submodules/AlertUI:AlertUI",
|
||||
"//submodules/ActivityIndicator:ActivityIndicator",
|
||||
"//submodules/OverlayStatusController:OverlayStatusController",
|
||||
"//submodules/openssl:openssl",
|
||||
"//third-party/boringssl:crypto",
|
||||
"//submodules/OpenSSLEncryptionProvider:OpenSSLEncryptionProvider",
|
||||
"//submodules/WalletCore:WalletCore",
|
||||
"//submodules/BuildConfig:BuildConfig",
|
||||
|
|
|
|||
|
|
@ -13,9 +13,12 @@ objc_library(
|
|||
includes = [
|
||||
"PublicHeaders",
|
||||
],
|
||||
copts = [
|
||||
"-DTELEGRAM_USE_BORINGSSL=1",
|
||||
],
|
||||
deps = [
|
||||
"//submodules/EncryptionProvider:EncryptionProvider",
|
||||
"//submodules/openssl:openssl",
|
||||
"//third-party/boringssl:crypto",
|
||||
],
|
||||
sdk_frameworks = [
|
||||
"Foundation",
|
||||
|
|
|
|||
|
|
@ -97,7 +97,9 @@ NS_ASSUME_NONNULL_BEGIN
|
|||
- (void)setConstantTime:(id<MTBignum>)other {
|
||||
assert([other isKindOfClass:[MTBignumImpl class]]);
|
||||
MTBignumImpl *otherImpl = other;
|
||||
#ifndef TELEGRAM_USE_BORINGSSL
|
||||
BN_set_flags(otherImpl->_value, BN_FLG_CONSTTIME);
|
||||
#endif
|
||||
}
|
||||
|
||||
- (void)assignWordTo:(id<MTBignum>)bignum value:(unsigned long)value {
|
||||
|
|
|
|||
|
|
@ -13,8 +13,11 @@ objc_library(
|
|||
includes = [
|
||||
"PublicHeaders",
|
||||
],
|
||||
copts = [
|
||||
"-DTELEGRAM_USE_BORINGSSL=1",
|
||||
],
|
||||
deps = [
|
||||
"//submodules/openssl:openssl",
|
||||
"//third-party/boringssl:crypto",
|
||||
],
|
||||
sdk_frameworks = [
|
||||
"Foundation",
|
||||
|
|
|
|||
|
|
@ -38,6 +38,40 @@ static NSData * _Nullable readPublicKey(EVP_PKEY *subject) {
|
|||
|
||||
+ (MTPKCS * _Nullable)parse:(const unsigned char *)buffer size:(int)size {
|
||||
#if TARGET_OS_IOS
|
||||
#ifdef TELEGRAM_USE_BORINGSSL
|
||||
BIO *pkcsBio = BIO_new(BIO_s_mem());
|
||||
BIO_write(pkcsBio, buffer, size);
|
||||
STACK_OF(X509) *signers = NULL;
|
||||
PKCS7_get_PEM_certificates(signers, pkcsBio);
|
||||
if (signers == NULL) {
|
||||
BIO_free(pkcsBio);
|
||||
return nil;
|
||||
}
|
||||
|
||||
const X509* cert = sk_X509_pop(signers);
|
||||
if (cert == NULL) {
|
||||
if (signers) {
|
||||
sk_X509_free(signers);
|
||||
}
|
||||
BIO_free(pkcsBio);
|
||||
return nil;
|
||||
}
|
||||
|
||||
X509_NAME *issuerName = X509_get_issuer_name(cert);
|
||||
X509_NAME *subjectName = X509_get_subject_name(cert);
|
||||
|
||||
NSString *issuerNameString = readName(issuerName);
|
||||
NSString *subjectNameString = readName(subjectName);
|
||||
|
||||
EVP_PKEY *publicKey = X509_get_pubkey(cert);
|
||||
NSData *data = readPublicKey(publicKey);
|
||||
|
||||
MTPKCS *result = [[MTPKCS alloc] initWithIssuerName:issuerNameString subjectName:subjectNameString data:data];
|
||||
|
||||
BIO_free(pkcsBio);
|
||||
|
||||
return result;
|
||||
#else
|
||||
MTPKCS * _Nullable result = nil;
|
||||
PKCS7 *pkcs7 = NULL;
|
||||
STACK_OF(X509) *signers = NULL;
|
||||
|
|
@ -86,6 +120,7 @@ static NSData * _Nullable readPublicKey(EVP_PKEY *subject) {
|
|||
result = [[MTPKCS alloc] initWithIssuerName:issuerNameString subjectName:subjectNameString data:data];
|
||||
|
||||
return result;
|
||||
#endif
|
||||
#else
|
||||
return nil;
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ objc_library(
|
|||
],
|
||||
deps = [
|
||||
"//submodules/SSignalKit/SSignalKit:SSignalKit",
|
||||
"//submodules/openssl:openssl",
|
||||
"//third-party/boringssl:crypto",
|
||||
"//submodules/ton:ton",
|
||||
],
|
||||
visibility = [
|
||||
|
|
|
|||
|
|
@ -42,14 +42,15 @@ filegroup(
|
|||
]),
|
||||
)
|
||||
|
||||
libcrypto_location = "//third-party/boringssl:libcrypto"
|
||||
|
||||
genrule(
|
||||
name = "ton_build",
|
||||
srcs = [
|
||||
"build-ton-bazel.sh",
|
||||
"iOS-bazel.cmake",
|
||||
":TonSources",
|
||||
"//submodules/openssl:openssl_include",
|
||||
"//submodules/openssl:libcrypto.a",
|
||||
libcrypto_location,
|
||||
],
|
||||
cmd_bash =
|
||||
"""
|
||||
|
|
@ -84,14 +85,16 @@ genrule(
|
|||
|
||||
mkdir -p "$$BUILD_DIR/openssl_headers/include/openssl"
|
||||
mkdir -p "$$BUILD_DIR/openssl_headers/lib"
|
||||
cp -f "$(location //submodules/openssl:libcrypto.a)" "$$BUILD_DIR/openssl_headers/lib/"
|
||||
for f in $(locations //submodules/openssl:openssl_include); do
|
||||
cp -f "$(location {libcrypto_location})" "$$BUILD_DIR/openssl_headers/lib/"
|
||||
for f in third-party/boringssl/src/include/openssl/*.h; do
|
||||
cp -f "$$f" "$$BUILD_DIR/openssl_headers/include/openssl/"
|
||||
done
|
||||
mkdir -p "$$BUILD_DIR/Public/ton"
|
||||
|
||||
PATH="$$PATH:$$CMAKE_DIR/bin" sh $$BUILD_DIR/build-ton-bazel.sh "$$BUILD_DIR" "$$BUILD_DIR" "$$BUILD_DIR/openssl_headers" $$BUILD_ARCH
|
||||
""" +
|
||||
""".format(
|
||||
libcrypto_location = libcrypto_location
|
||||
) +
|
||||
"\n".join([
|
||||
"cp -f \"$$BUILD_DIR/build/out/include/{}\" \"$(location Public/ton/include/{})\"".format(header, header) for header in ton_headers
|
||||
]) +
|
||||
|
|
|
|||
|
|
@ -55,7 +55,7 @@ set(TON_CRYPTO_SOURCE
|
|||
ellcurve/TwEdwards.h
|
||||
|
||||
openssl/bignum.h
|
||||
openssl/digest.h
|
||||
openssl/digest_ex.h
|
||||
openssl/rand.hpp
|
||||
openssl/residue.h
|
||||
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@
|
|||
|
||||
#include <openssl/opensslv.h>
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10101000L && OPENSSL_VERSION_NUMBER != 0x20000000L
|
||||
#if 1 //OPENSSL_VERSION_NUMBER >= 0x10101000L && OPENSSL_VERSION_NUMBER != 0x20000000L
|
||||
|
||||
#include "td/utils/base64.h"
|
||||
#include "td/utils/BigNum.h"
|
||||
|
|
@ -57,7 +57,7 @@ SecureString Ed25519::PrivateKey::as_octet_string() const {
|
|||
return octet_string_.copy();
|
||||
}
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10101000L && OPENSSL_VERSION_NUMBER != 0x20000000L
|
||||
#if 1 //OPENSSL_VERSION_NUMBER >= 0x10101000L && OPENSSL_VERSION_NUMBER != 0x20000000L
|
||||
|
||||
namespace detail {
|
||||
|
||||
|
|
|
|||
|
|
@ -26,6 +26,7 @@
|
|||
|
||||
#include "vm/cells/MerkleProof.h"
|
||||
#include "openssl/digest.h"
|
||||
#include "crypto/openssl/digest_ex.h"
|
||||
#include "Ed25519.h"
|
||||
|
||||
namespace block {
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@
|
|||
#include "td/utils/uint128.h"
|
||||
#include "ton/ton-types.h"
|
||||
#include "ton/ton-shard.h"
|
||||
#include "crypto/openssl/digest.h"
|
||||
#include "crypto/openssl/digest_ex.h"
|
||||
#include <stack>
|
||||
#include <algorithm>
|
||||
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@
|
|||
#include "td/utils/as.h"
|
||||
#include "td/utils/bits.h"
|
||||
#include "td/utils/misc.h"
|
||||
#include "crypto/openssl/digest.h"
|
||||
#include "crypto/openssl/digest_ex.h"
|
||||
|
||||
namespace td {
|
||||
|
||||
|
|
|
|||
|
|
@ -20,6 +20,8 @@
|
|||
|
||||
#include "td/utils/Random.h"
|
||||
|
||||
#include "crypto/openssl/digest_ex.h"
|
||||
|
||||
namespace crypto {
|
||||
namespace Ed25519 {
|
||||
|
||||
|
|
|
|||
|
|
@ -52,6 +52,8 @@
|
|||
#include "td/utils/tl_helpers.h"
|
||||
#include "td/utils/crypto.h"
|
||||
|
||||
#include "crypto/openssl/digest_ex.h"
|
||||
|
||||
#include <ctime>
|
||||
|
||||
namespace fift {
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@
|
|||
Copyright 2017-2019 Telegram Systems LLP
|
||||
*/
|
||||
#include "openssl/bignum.h"
|
||||
|
||||
#include <openssl/mem.h>
|
||||
// impl only
|
||||
#include <cstring>
|
||||
|
||||
|
|
|
|||
|
|
@ -101,10 +101,10 @@ class Bignum {
|
|||
BN_copy(val, x.val);
|
||||
return *this;
|
||||
}
|
||||
Bignum& operator=(Bignum&& x) {
|
||||
swap(x);
|
||||
return *this;
|
||||
}
|
||||
//Bignum& operator=(Bignum&& x) {
|
||||
// swap(x);
|
||||
// return *this;
|
||||
//}
|
||||
Bignum& operator=(long x) {
|
||||
return set_long(x);
|
||||
}
|
||||
|
|
@ -114,10 +114,10 @@ class Bignum {
|
|||
Bignum& operator=(const hex_string& hs) {
|
||||
return set_hex_str(hs.str);
|
||||
}
|
||||
Bignum& swap(Bignum& x) {
|
||||
BN_swap(val, x.val);
|
||||
return *this;
|
||||
}
|
||||
//Bignum& swap(Bignum& x) {
|
||||
// BN_swap(val, x.val);
|
||||
// return *this;
|
||||
//}
|
||||
BIGNUM* bn_ptr() {
|
||||
return val;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,6 +22,8 @@
|
|||
#include <openssl/evp.h>
|
||||
#include <openssl/opensslv.h>
|
||||
|
||||
#include <openssl/digest.h>
|
||||
|
||||
#include "td/utils/Slice.h"
|
||||
|
||||
namespace digest {
|
||||
|
|
@ -25,6 +25,7 @@
|
|||
#include "td/utils/format.h"
|
||||
|
||||
#include "openssl/digest.h"
|
||||
#include "crypto/openssl/digest_ex.h"
|
||||
|
||||
namespace vm {
|
||||
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@
|
|||
#include "vm/cells/DataCell.h"
|
||||
|
||||
#include "openssl/digest.h"
|
||||
#include "crypto/openssl/digest_ex.h"
|
||||
|
||||
#include "td/utils/ScopeGuard.h"
|
||||
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@
|
|||
#include "vm/vm.h"
|
||||
#include "vm/dict.h"
|
||||
#include "Ed25519.h"
|
||||
#include "crypto/openssl/digest_ex.h"
|
||||
|
||||
namespace vm {
|
||||
|
||||
|
|
|
|||
|
|
@ -99,7 +99,7 @@ BigNum BigNum::from_binary(Slice str) {
|
|||
|
||||
BigNum BigNum::from_le_binary(Slice str) {
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
return BigNum(make_unique<Impl>(BN_lebin2bn(str.ubegin(), narrow_cast<int>(str.size()), nullptr)));
|
||||
return BigNum(make_unique<Impl>(BN_le2bn(str.ubegin(), narrow_cast<int>(str.size()), nullptr)));
|
||||
#else
|
||||
LOG(FATAL) << "Unsupported from_le_binary";
|
||||
return BigNum();
|
||||
|
|
@ -132,7 +132,7 @@ BigNum::BigNum(unique_ptr<Impl> &&impl) : impl_(std::move(impl)) {
|
|||
}
|
||||
|
||||
void BigNum::ensure_const_time() {
|
||||
BN_set_flags(impl_->big_num, BN_FLG_CONSTTIME);
|
||||
//BN_set_flags(impl_->big_num, BN_FLG_CONSTTIME);
|
||||
}
|
||||
|
||||
int BigNum::get_num_bits() const {
|
||||
|
|
@ -225,7 +225,7 @@ string BigNum::to_le_binary(int exact_size) const {
|
|||
CHECK(exact_size >= num_size);
|
||||
}
|
||||
string res(exact_size, '\0');
|
||||
BN_bn2lebinpad(impl_->big_num, MutableSlice(res).ubegin(), exact_size);
|
||||
BN_bn2le_padded(MutableSlice(res).ubegin(), exact_size, impl_->big_num);
|
||||
return res;
|
||||
#else
|
||||
LOG(FATAL) << "Unsupported to_le_binary";
|
||||
|
|
|
|||
|
|
@ -253,6 +253,12 @@ int pq_factorize(Slice pq_str, string *p_str, string *q_str) {
|
|||
return 0;
|
||||
}
|
||||
|
||||
extern "C" {
|
||||
void AES_ige_encrypt(const unsigned char *in_ptr, unsigned char *out,
|
||||
size_t length, const AES_KEY *key,
|
||||
unsigned char *ivec, const int enc);
|
||||
}
|
||||
|
||||
static void aes_ige_xcrypt(Slice aes_key, MutableSlice aes_iv, Slice from, MutableSlice to, bool encrypt_flag) {
|
||||
CHECK(aes_key.size() == 32);
|
||||
CHECK(aes_iv.size() == 16);
|
||||
|
|
|
|||
124
third-party/boringssl/BUILD
vendored
Normal file
124
third-party/boringssl/BUILD
vendored
Normal file
|
|
@ -0,0 +1,124 @@
|
|||
# Copyright (c) 2016, Google Inc.
|
||||
#
|
||||
# Permission to use, copy, modify, and/or distribute this software for any
|
||||
# purpose with or without fee is hereby granted, provided that the above
|
||||
# copyright notice and this permission notice appear in all copies.
|
||||
#
|
||||
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
||||
# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
||||
# OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
||||
# CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
||||
|
||||
licenses(["notice"])
|
||||
|
||||
exports_files(["LICENSE"])
|
||||
|
||||
#load("@rules_cc//cc:defs.bzl", "cc_binary", "cc_library")
|
||||
|
||||
load(
|
||||
":BUILD.generated.bzl",
|
||||
"crypto_headers",
|
||||
"crypto_internal_headers",
|
||||
"crypto_sources",
|
||||
"crypto_sources_mac_x86_64",
|
||||
"crypto_sources_ios_aarch64",
|
||||
"crypto_sources_ios_arm",
|
||||
"fips_fragments",
|
||||
"ssl_headers",
|
||||
"ssl_internal_headers",
|
||||
"ssl_sources",
|
||||
"tool_sources",
|
||||
"tool_headers",
|
||||
)
|
||||
|
||||
posix_copts = [
|
||||
# Assembler option --noexecstack adds .note.GNU-stack to each object to
|
||||
# ensure that binaries can be built with non-executable stack.
|
||||
"-Wa,--noexecstack",
|
||||
|
||||
# This is needed on Linux systems (at least) to get rwlock in pthread.
|
||||
"-D_XOPEN_SOURCE=700",
|
||||
|
||||
# This list of warnings should match those in the top-level CMakeLists.txt.
|
||||
"-Wall",
|
||||
"-Werror",
|
||||
"-Wformat=2",
|
||||
"-Wsign-compare",
|
||||
"-Wmissing-field-initializers",
|
||||
"-Wwrite-strings",
|
||||
"-Wshadow",
|
||||
"-fno-common",
|
||||
|
||||
# Modern build environments should be able to set this to use atomic
|
||||
# operations for reference counting rather than locks. However, it's
|
||||
# known not to work on some Android builds.
|
||||
# "-DOPENSSL_C11_ATOMIC",
|
||||
]
|
||||
|
||||
boringssl_copts = select({
|
||||
"@build_bazel_rules_apple//apple:ios_armv7": posix_copts,
|
||||
"@build_bazel_rules_apple//apple:ios_arm64": posix_copts,
|
||||
"@build_bazel_rules_apple//apple:ios_x86_64": posix_copts,
|
||||
"//conditions:default": ["-DOPENSSL_NO_ASM"],
|
||||
})
|
||||
|
||||
crypto_sources_asm = select({
|
||||
"@build_bazel_rules_apple//apple:ios_armv7": crypto_sources_ios_arm,
|
||||
"@build_bazel_rules_apple//apple:ios_arm64": crypto_sources_ios_aarch64,
|
||||
"@build_bazel_rules_apple//apple:ios_x86_64": crypto_sources_mac_x86_64,
|
||||
"//conditions:default": [],
|
||||
})
|
||||
|
||||
# For C targets only (not C++), compile with C11 support.
|
||||
posix_copts_c11 = [
|
||||
"-std=c11",
|
||||
"-Wmissing-prototypes",
|
||||
"-Wold-style-definition",
|
||||
"-Wstrict-prototypes",
|
||||
]
|
||||
|
||||
boringssl_copts_c11 = boringssl_copts + select({
|
||||
"@build_bazel_rules_apple//apple:ios_armv7": posix_copts_c11,
|
||||
"@build_bazel_rules_apple//apple:ios_arm64": posix_copts_c11,
|
||||
"@build_bazel_rules_apple//apple:ios_x86_64": posix_copts_c11,
|
||||
"//conditions:default": [],
|
||||
})
|
||||
|
||||
# For C++ targets only (not C), compile with C++11 support.
|
||||
posix_copts_cxx = [
|
||||
"-std=c++11",
|
||||
"-Wmissing-declarations",
|
||||
]
|
||||
|
||||
boringssl_copts_cxx = boringssl_copts + select({
|
||||
"@build_bazel_rules_apple//apple:ios_armv7": posix_copts_cxx,
|
||||
"@build_bazel_rules_apple//apple:ios_arm64": posix_copts_cxx,
|
||||
"@build_bazel_rules_apple//apple:ios_x86_64": posix_copts_cxx,
|
||||
"//conditions:default": [],
|
||||
})
|
||||
|
||||
cc_library(
|
||||
name = "crypto",
|
||||
srcs = crypto_sources + crypto_internal_headers + crypto_sources_asm + ["aes_ige.c"],
|
||||
hdrs = crypto_headers + fips_fragments,
|
||||
copts = boringssl_copts_c11,
|
||||
includes = ["src/include"],
|
||||
linkopts = select({
|
||||
"@build_bazel_rules_apple//apple:ios_armv7": [],
|
||||
"@build_bazel_rules_apple//apple:ios_arm64": [],
|
||||
"@build_bazel_rules_apple//apple:ios_x86_64": [],
|
||||
"//conditions:default": ["-lpthread"],
|
||||
}),
|
||||
linkstatic = 1,
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
filegroup(
|
||||
name='libcrypto',
|
||||
srcs=[':crypto'],
|
||||
#output_group = 'library',
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
679
third-party/boringssl/BUILD.generated.bzl
vendored
Normal file
679
third-party/boringssl/BUILD.generated.bzl
vendored
Normal file
|
|
@ -0,0 +1,679 @@
|
|||
# This file is created by generate_build_files.py. Do not edit manually.
|
||||
|
||||
ssl_headers = [
|
||||
"src/include/openssl/dtls1.h",
|
||||
"src/include/openssl/srtp.h",
|
||||
"src/include/openssl/ssl.h",
|
||||
"src/include/openssl/ssl3.h",
|
||||
"src/include/openssl/tls1.h",
|
||||
]
|
||||
|
||||
fips_fragments = [
|
||||
"src/crypto/fipsmodule/aes/aes.c",
|
||||
"src/crypto/fipsmodule/aes/aes_nohw.c",
|
||||
"src/crypto/fipsmodule/aes/key_wrap.c",
|
||||
"src/crypto/fipsmodule/aes/mode_wrappers.c",
|
||||
"src/crypto/fipsmodule/bn/add.c",
|
||||
"src/crypto/fipsmodule/bn/asm/x86_64-gcc.c",
|
||||
"src/crypto/fipsmodule/bn/bn.c",
|
||||
"src/crypto/fipsmodule/bn/bytes.c",
|
||||
"src/crypto/fipsmodule/bn/cmp.c",
|
||||
"src/crypto/fipsmodule/bn/ctx.c",
|
||||
"src/crypto/fipsmodule/bn/div.c",
|
||||
"src/crypto/fipsmodule/bn/div_extra.c",
|
||||
"src/crypto/fipsmodule/bn/exponentiation.c",
|
||||
"src/crypto/fipsmodule/bn/gcd.c",
|
||||
"src/crypto/fipsmodule/bn/gcd_extra.c",
|
||||
"src/crypto/fipsmodule/bn/generic.c",
|
||||
"src/crypto/fipsmodule/bn/jacobi.c",
|
||||
"src/crypto/fipsmodule/bn/montgomery.c",
|
||||
"src/crypto/fipsmodule/bn/montgomery_inv.c",
|
||||
"src/crypto/fipsmodule/bn/mul.c",
|
||||
"src/crypto/fipsmodule/bn/prime.c",
|
||||
"src/crypto/fipsmodule/bn/random.c",
|
||||
"src/crypto/fipsmodule/bn/rsaz_exp.c",
|
||||
"src/crypto/fipsmodule/bn/shift.c",
|
||||
"src/crypto/fipsmodule/bn/sqrt.c",
|
||||
"src/crypto/fipsmodule/cipher/aead.c",
|
||||
"src/crypto/fipsmodule/cipher/cipher.c",
|
||||
"src/crypto/fipsmodule/cipher/e_aes.c",
|
||||
"src/crypto/fipsmodule/cipher/e_des.c",
|
||||
"src/crypto/fipsmodule/des/des.c",
|
||||
"src/crypto/fipsmodule/digest/digest.c",
|
||||
"src/crypto/fipsmodule/digest/digests.c",
|
||||
"src/crypto/fipsmodule/ec/ec.c",
|
||||
"src/crypto/fipsmodule/ec/ec_key.c",
|
||||
"src/crypto/fipsmodule/ec/ec_montgomery.c",
|
||||
"src/crypto/fipsmodule/ec/felem.c",
|
||||
"src/crypto/fipsmodule/ec/oct.c",
|
||||
"src/crypto/fipsmodule/ec/p224-64.c",
|
||||
"src/crypto/fipsmodule/ec/p256-x86_64.c",
|
||||
"src/crypto/fipsmodule/ec/scalar.c",
|
||||
"src/crypto/fipsmodule/ec/simple.c",
|
||||
"src/crypto/fipsmodule/ec/simple_mul.c",
|
||||
"src/crypto/fipsmodule/ec/util.c",
|
||||
"src/crypto/fipsmodule/ec/wnaf.c",
|
||||
"src/crypto/fipsmodule/ecdh/ecdh.c",
|
||||
"src/crypto/fipsmodule/ecdsa/ecdsa.c",
|
||||
"src/crypto/fipsmodule/hmac/hmac.c",
|
||||
"src/crypto/fipsmodule/md4/md4.c",
|
||||
"src/crypto/fipsmodule/md5/md5.c",
|
||||
"src/crypto/fipsmodule/modes/cbc.c",
|
||||
"src/crypto/fipsmodule/modes/cfb.c",
|
||||
"src/crypto/fipsmodule/modes/ctr.c",
|
||||
"src/crypto/fipsmodule/modes/gcm.c",
|
||||
"src/crypto/fipsmodule/modes/gcm_nohw.c",
|
||||
"src/crypto/fipsmodule/modes/ofb.c",
|
||||
"src/crypto/fipsmodule/modes/polyval.c",
|
||||
"src/crypto/fipsmodule/rand/ctrdrbg.c",
|
||||
"src/crypto/fipsmodule/rand/rand.c",
|
||||
"src/crypto/fipsmodule/rand/urandom.c",
|
||||
"src/crypto/fipsmodule/rsa/blinding.c",
|
||||
"src/crypto/fipsmodule/rsa/padding.c",
|
||||
"src/crypto/fipsmodule/rsa/rsa.c",
|
||||
"src/crypto/fipsmodule/rsa/rsa_impl.c",
|
||||
"src/crypto/fipsmodule/self_check/self_check.c",
|
||||
"src/crypto/fipsmodule/sha/sha1-altivec.c",
|
||||
"src/crypto/fipsmodule/sha/sha1.c",
|
||||
"src/crypto/fipsmodule/sha/sha256.c",
|
||||
"src/crypto/fipsmodule/sha/sha512.c",
|
||||
"src/crypto/fipsmodule/tls/kdf.c",
|
||||
"src/third_party/fiat/p256.c",
|
||||
]
|
||||
|
||||
ssl_internal_headers = [
|
||||
"src/ssl/internal.h",
|
||||
]
|
||||
|
||||
ssl_sources = [
|
||||
"src/ssl/bio_ssl.cc",
|
||||
"src/ssl/d1_both.cc",
|
||||
"src/ssl/d1_lib.cc",
|
||||
"src/ssl/d1_pkt.cc",
|
||||
"src/ssl/d1_srtp.cc",
|
||||
"src/ssl/dtls_method.cc",
|
||||
"src/ssl/dtls_record.cc",
|
||||
"src/ssl/handoff.cc",
|
||||
"src/ssl/handshake.cc",
|
||||
"src/ssl/handshake_client.cc",
|
||||
"src/ssl/handshake_server.cc",
|
||||
"src/ssl/s3_both.cc",
|
||||
"src/ssl/s3_lib.cc",
|
||||
"src/ssl/s3_pkt.cc",
|
||||
"src/ssl/ssl_aead_ctx.cc",
|
||||
"src/ssl/ssl_asn1.cc",
|
||||
"src/ssl/ssl_buffer.cc",
|
||||
"src/ssl/ssl_cert.cc",
|
||||
"src/ssl/ssl_cipher.cc",
|
||||
"src/ssl/ssl_file.cc",
|
||||
"src/ssl/ssl_key_share.cc",
|
||||
"src/ssl/ssl_lib.cc",
|
||||
"src/ssl/ssl_privkey.cc",
|
||||
"src/ssl/ssl_session.cc",
|
||||
"src/ssl/ssl_stat.cc",
|
||||
"src/ssl/ssl_transcript.cc",
|
||||
"src/ssl/ssl_versions.cc",
|
||||
"src/ssl/ssl_x509.cc",
|
||||
"src/ssl/t1_enc.cc",
|
||||
"src/ssl/t1_lib.cc",
|
||||
"src/ssl/tls13_both.cc",
|
||||
"src/ssl/tls13_client.cc",
|
||||
"src/ssl/tls13_enc.cc",
|
||||
"src/ssl/tls13_server.cc",
|
||||
"src/ssl/tls_method.cc",
|
||||
"src/ssl/tls_record.cc",
|
||||
]
|
||||
|
||||
crypto_headers = [
|
||||
"src/include/openssl/aead.h",
|
||||
"src/include/openssl/aes.h",
|
||||
"src/include/openssl/arm_arch.h",
|
||||
"src/include/openssl/asn1.h",
|
||||
"src/include/openssl/asn1_mac.h",
|
||||
"src/include/openssl/asn1t.h",
|
||||
"src/include/openssl/base.h",
|
||||
"src/include/openssl/base64.h",
|
||||
"src/include/openssl/bio.h",
|
||||
"src/include/openssl/blowfish.h",
|
||||
"src/include/openssl/bn.h",
|
||||
"src/include/openssl/buf.h",
|
||||
"src/include/openssl/buffer.h",
|
||||
"src/include/openssl/bytestring.h",
|
||||
"src/include/openssl/cast.h",
|
||||
"src/include/openssl/chacha.h",
|
||||
"src/include/openssl/cipher.h",
|
||||
"src/include/openssl/cmac.h",
|
||||
"src/include/openssl/conf.h",
|
||||
"src/include/openssl/cpu.h",
|
||||
"src/include/openssl/crypto.h",
|
||||
"src/include/openssl/curve25519.h",
|
||||
"src/include/openssl/des.h",
|
||||
"src/include/openssl/dh.h",
|
||||
"src/include/openssl/digest.h",
|
||||
"src/include/openssl/dsa.h",
|
||||
"src/include/openssl/e_os2.h",
|
||||
"src/include/openssl/ec.h",
|
||||
"src/include/openssl/ec_key.h",
|
||||
"src/include/openssl/ecdh.h",
|
||||
"src/include/openssl/ecdsa.h",
|
||||
"src/include/openssl/engine.h",
|
||||
"src/include/openssl/err.h",
|
||||
"src/include/openssl/evp.h",
|
||||
"src/include/openssl/ex_data.h",
|
||||
"src/include/openssl/hkdf.h",
|
||||
"src/include/openssl/hmac.h",
|
||||
"src/include/openssl/hrss.h",
|
||||
"src/include/openssl/is_boringssl.h",
|
||||
"src/include/openssl/lhash.h",
|
||||
"src/include/openssl/md4.h",
|
||||
"src/include/openssl/md5.h",
|
||||
"src/include/openssl/mem.h",
|
||||
"src/include/openssl/nid.h",
|
||||
"src/include/openssl/obj.h",
|
||||
"src/include/openssl/obj_mac.h",
|
||||
"src/include/openssl/objects.h",
|
||||
"src/include/openssl/opensslconf.h",
|
||||
"src/include/openssl/opensslv.h",
|
||||
"src/include/openssl/ossl_typ.h",
|
||||
"src/include/openssl/pem.h",
|
||||
"src/include/openssl/pkcs12.h",
|
||||
"src/include/openssl/pkcs7.h",
|
||||
"src/include/openssl/pkcs8.h",
|
||||
"src/include/openssl/poly1305.h",
|
||||
"src/include/openssl/pool.h",
|
||||
"src/include/openssl/rand.h",
|
||||
"src/include/openssl/rc4.h",
|
||||
"src/include/openssl/ripemd.h",
|
||||
"src/include/openssl/rsa.h",
|
||||
"src/include/openssl/safestack.h",
|
||||
"src/include/openssl/sha.h",
|
||||
"src/include/openssl/siphash.h",
|
||||
"src/include/openssl/span.h",
|
||||
"src/include/openssl/stack.h",
|
||||
"src/include/openssl/thread.h",
|
||||
"src/include/openssl/type_check.h",
|
||||
"src/include/openssl/x509.h",
|
||||
"src/include/openssl/x509_vfy.h",
|
||||
"src/include/openssl/x509v3.h",
|
||||
]
|
||||
|
||||
crypto_internal_headers = [
|
||||
"src/crypto/asn1/asn1_locl.h",
|
||||
"src/crypto/bio/internal.h",
|
||||
"src/crypto/bytestring/internal.h",
|
||||
"src/crypto/chacha/internal.h",
|
||||
"src/crypto/cipher_extra/internal.h",
|
||||
"src/crypto/conf/conf_def.h",
|
||||
"src/crypto/conf/internal.h",
|
||||
"src/crypto/cpu-arm-linux.h",
|
||||
"src/crypto/err/internal.h",
|
||||
"src/crypto/evp/internal.h",
|
||||
"src/crypto/fipsmodule/aes/internal.h",
|
||||
"src/crypto/fipsmodule/bn/internal.h",
|
||||
"src/crypto/fipsmodule/bn/rsaz_exp.h",
|
||||
"src/crypto/fipsmodule/cipher/internal.h",
|
||||
"src/crypto/fipsmodule/delocate.h",
|
||||
"src/crypto/fipsmodule/des/internal.h",
|
||||
"src/crypto/fipsmodule/digest/internal.h",
|
||||
"src/crypto/fipsmodule/digest/md32_common.h",
|
||||
"src/crypto/fipsmodule/ec/internal.h",
|
||||
"src/crypto/fipsmodule/ec/p256-x86_64-table.h",
|
||||
"src/crypto/fipsmodule/ec/p256-x86_64.h",
|
||||
"src/crypto/fipsmodule/md5/internal.h",
|
||||
"src/crypto/fipsmodule/modes/internal.h",
|
||||
"src/crypto/fipsmodule/rand/getrandom_fillin.h",
|
||||
"src/crypto/fipsmodule/rand/internal.h",
|
||||
"src/crypto/fipsmodule/rsa/internal.h",
|
||||
"src/crypto/fipsmodule/sha/internal.h",
|
||||
"src/crypto/fipsmodule/tls/internal.h",
|
||||
"src/crypto/hrss/internal.h",
|
||||
"src/crypto/internal.h",
|
||||
"src/crypto/obj/obj_dat.h",
|
||||
"src/crypto/pkcs7/internal.h",
|
||||
"src/crypto/pkcs8/internal.h",
|
||||
"src/crypto/poly1305/internal.h",
|
||||
"src/crypto/pool/internal.h",
|
||||
"src/crypto/x509/charmap.h",
|
||||
"src/crypto/x509/internal.h",
|
||||
"src/crypto/x509/vpm_int.h",
|
||||
"src/crypto/x509v3/ext_dat.h",
|
||||
"src/crypto/x509v3/internal.h",
|
||||
"src/crypto/x509v3/pcy_int.h",
|
||||
"src/third_party/fiat/curve25519_32.h",
|
||||
"src/third_party/fiat/curve25519_64.h",
|
||||
"src/third_party/fiat/curve25519_tables.h",
|
||||
"src/third_party/fiat/internal.h",
|
||||
"src/third_party/fiat/p256_32.h",
|
||||
"src/third_party/fiat/p256_64.h",
|
||||
]
|
||||
|
||||
crypto_sources = [
|
||||
"err_data.c",
|
||||
"src/crypto/asn1/a_bitstr.c",
|
||||
"src/crypto/asn1/a_bool.c",
|
||||
"src/crypto/asn1/a_d2i_fp.c",
|
||||
"src/crypto/asn1/a_dup.c",
|
||||
"src/crypto/asn1/a_enum.c",
|
||||
"src/crypto/asn1/a_gentm.c",
|
||||
"src/crypto/asn1/a_i2d_fp.c",
|
||||
"src/crypto/asn1/a_int.c",
|
||||
"src/crypto/asn1/a_mbstr.c",
|
||||
"src/crypto/asn1/a_object.c",
|
||||
"src/crypto/asn1/a_octet.c",
|
||||
"src/crypto/asn1/a_print.c",
|
||||
"src/crypto/asn1/a_strnid.c",
|
||||
"src/crypto/asn1/a_time.c",
|
||||
"src/crypto/asn1/a_type.c",
|
||||
"src/crypto/asn1/a_utctm.c",
|
||||
"src/crypto/asn1/a_utf8.c",
|
||||
"src/crypto/asn1/asn1_lib.c",
|
||||
"src/crypto/asn1/asn1_par.c",
|
||||
"src/crypto/asn1/asn_pack.c",
|
||||
"src/crypto/asn1/f_enum.c",
|
||||
"src/crypto/asn1/f_int.c",
|
||||
"src/crypto/asn1/f_string.c",
|
||||
"src/crypto/asn1/tasn_dec.c",
|
||||
"src/crypto/asn1/tasn_enc.c",
|
||||
"src/crypto/asn1/tasn_fre.c",
|
||||
"src/crypto/asn1/tasn_new.c",
|
||||
"src/crypto/asn1/tasn_typ.c",
|
||||
"src/crypto/asn1/tasn_utl.c",
|
||||
"src/crypto/asn1/time_support.c",
|
||||
"src/crypto/base64/base64.c",
|
||||
"src/crypto/bio/bio.c",
|
||||
"src/crypto/bio/bio_mem.c",
|
||||
"src/crypto/bio/connect.c",
|
||||
"src/crypto/bio/fd.c",
|
||||
"src/crypto/bio/file.c",
|
||||
"src/crypto/bio/hexdump.c",
|
||||
"src/crypto/bio/pair.c",
|
||||
"src/crypto/bio/printf.c",
|
||||
"src/crypto/bio/socket.c",
|
||||
"src/crypto/bio/socket_helper.c",
|
||||
"src/crypto/bn_extra/bn_asn1.c",
|
||||
"src/crypto/bn_extra/convert.c",
|
||||
"src/crypto/buf/buf.c",
|
||||
"src/crypto/bytestring/asn1_compat.c",
|
||||
"src/crypto/bytestring/ber.c",
|
||||
"src/crypto/bytestring/cbb.c",
|
||||
"src/crypto/bytestring/cbs.c",
|
||||
"src/crypto/bytestring/unicode.c",
|
||||
"src/crypto/chacha/chacha.c",
|
||||
"src/crypto/cipher_extra/cipher_extra.c",
|
||||
"src/crypto/cipher_extra/derive_key.c",
|
||||
"src/crypto/cipher_extra/e_aesccm.c",
|
||||
"src/crypto/cipher_extra/e_aesctrhmac.c",
|
||||
"src/crypto/cipher_extra/e_aesgcmsiv.c",
|
||||
"src/crypto/cipher_extra/e_chacha20poly1305.c",
|
||||
"src/crypto/cipher_extra/e_null.c",
|
||||
"src/crypto/cipher_extra/e_rc2.c",
|
||||
"src/crypto/cipher_extra/e_rc4.c",
|
||||
"src/crypto/cipher_extra/e_tls.c",
|
||||
"src/crypto/cipher_extra/tls_cbc.c",
|
||||
"src/crypto/cmac/cmac.c",
|
||||
"src/crypto/conf/conf.c",
|
||||
"src/crypto/cpu-aarch64-fuchsia.c",
|
||||
"src/crypto/cpu-aarch64-linux.c",
|
||||
"src/crypto/cpu-arm-linux.c",
|
||||
"src/crypto/cpu-arm.c",
|
||||
"src/crypto/cpu-intel.c",
|
||||
"src/crypto/cpu-ppc64le.c",
|
||||
"src/crypto/crypto.c",
|
||||
"src/crypto/curve25519/spake25519.c",
|
||||
"src/crypto/dh/check.c",
|
||||
"src/crypto/dh/dh.c",
|
||||
"src/crypto/dh/dh_asn1.c",
|
||||
"src/crypto/dh/params.c",
|
||||
"src/crypto/digest_extra/digest_extra.c",
|
||||
"src/crypto/dsa/dsa.c",
|
||||
"src/crypto/dsa/dsa_asn1.c",
|
||||
"src/crypto/ec_extra/ec_asn1.c",
|
||||
"src/crypto/ec_extra/ec_derive.c",
|
||||
"src/crypto/ecdh_extra/ecdh_extra.c",
|
||||
"src/crypto/ecdsa_extra/ecdsa_asn1.c",
|
||||
"src/crypto/engine/engine.c",
|
||||
"src/crypto/err/err.c",
|
||||
"src/crypto/evp/digestsign.c",
|
||||
"src/crypto/evp/evp.c",
|
||||
"src/crypto/evp/evp_asn1.c",
|
||||
"src/crypto/evp/evp_ctx.c",
|
||||
"src/crypto/evp/p_dsa_asn1.c",
|
||||
"src/crypto/evp/p_ec.c",
|
||||
"src/crypto/evp/p_ec_asn1.c",
|
||||
"src/crypto/evp/p_ed25519.c",
|
||||
"src/crypto/evp/p_ed25519_asn1.c",
|
||||
"src/crypto/evp/p_rsa.c",
|
||||
"src/crypto/evp/p_rsa_asn1.c",
|
||||
"src/crypto/evp/p_x25519.c",
|
||||
"src/crypto/evp/p_x25519_asn1.c",
|
||||
"src/crypto/evp/pbkdf.c",
|
||||
"src/crypto/evp/print.c",
|
||||
"src/crypto/evp/scrypt.c",
|
||||
"src/crypto/evp/sign.c",
|
||||
"src/crypto/ex_data.c",
|
||||
"src/crypto/fipsmodule/bcm.c",
|
||||
"src/crypto/fipsmodule/fips_shared_support.c",
|
||||
"src/crypto/fipsmodule/is_fips.c",
|
||||
"src/crypto/hkdf/hkdf.c",
|
||||
"src/crypto/hrss/hrss.c",
|
||||
"src/crypto/lhash/lhash.c",
|
||||
"src/crypto/mem.c",
|
||||
"src/crypto/obj/obj.c",
|
||||
"src/crypto/obj/obj_xref.c",
|
||||
"src/crypto/pem/pem_all.c",
|
||||
"src/crypto/pem/pem_info.c",
|
||||
"src/crypto/pem/pem_lib.c",
|
||||
"src/crypto/pem/pem_oth.c",
|
||||
"src/crypto/pem/pem_pk8.c",
|
||||
"src/crypto/pem/pem_pkey.c",
|
||||
"src/crypto/pem/pem_x509.c",
|
||||
"src/crypto/pem/pem_xaux.c",
|
||||
"src/crypto/pkcs7/pkcs7.c",
|
||||
"src/crypto/pkcs7/pkcs7_x509.c",
|
||||
"src/crypto/pkcs8/p5_pbev2.c",
|
||||
"src/crypto/pkcs8/pkcs8.c",
|
||||
"src/crypto/pkcs8/pkcs8_x509.c",
|
||||
"src/crypto/poly1305/poly1305.c",
|
||||
"src/crypto/poly1305/poly1305_arm.c",
|
||||
"src/crypto/poly1305/poly1305_vec.c",
|
||||
"src/crypto/pool/pool.c",
|
||||
"src/crypto/rand_extra/deterministic.c",
|
||||
"src/crypto/rand_extra/forkunsafe.c",
|
||||
"src/crypto/rand_extra/fuchsia.c",
|
||||
"src/crypto/rand_extra/rand_extra.c",
|
||||
"src/crypto/rand_extra/windows.c",
|
||||
"src/crypto/rc4/rc4.c",
|
||||
"src/crypto/refcount_c11.c",
|
||||
"src/crypto/refcount_lock.c",
|
||||
"src/crypto/rsa_extra/rsa_asn1.c",
|
||||
"src/crypto/rsa_extra/rsa_print.c",
|
||||
"src/crypto/siphash/siphash.c",
|
||||
"src/crypto/stack/stack.c",
|
||||
"src/crypto/thread.c",
|
||||
"src/crypto/thread_none.c",
|
||||
"src/crypto/thread_pthread.c",
|
||||
"src/crypto/thread_win.c",
|
||||
"src/crypto/x509/a_digest.c",
|
||||
"src/crypto/x509/a_sign.c",
|
||||
"src/crypto/x509/a_strex.c",
|
||||
"src/crypto/x509/a_verify.c",
|
||||
"src/crypto/x509/algorithm.c",
|
||||
"src/crypto/x509/asn1_gen.c",
|
||||
"src/crypto/x509/by_dir.c",
|
||||
"src/crypto/x509/by_file.c",
|
||||
"src/crypto/x509/i2d_pr.c",
|
||||
"src/crypto/x509/rsa_pss.c",
|
||||
"src/crypto/x509/t_crl.c",
|
||||
"src/crypto/x509/t_req.c",
|
||||
"src/crypto/x509/t_x509.c",
|
||||
"src/crypto/x509/t_x509a.c",
|
||||
"src/crypto/x509/x509.c",
|
||||
"src/crypto/x509/x509_att.c",
|
||||
"src/crypto/x509/x509_cmp.c",
|
||||
"src/crypto/x509/x509_d2.c",
|
||||
"src/crypto/x509/x509_def.c",
|
||||
"src/crypto/x509/x509_ext.c",
|
||||
"src/crypto/x509/x509_lu.c",
|
||||
"src/crypto/x509/x509_obj.c",
|
||||
"src/crypto/x509/x509_r2x.c",
|
||||
"src/crypto/x509/x509_req.c",
|
||||
"src/crypto/x509/x509_set.c",
|
||||
"src/crypto/x509/x509_trs.c",
|
||||
"src/crypto/x509/x509_txt.c",
|
||||
"src/crypto/x509/x509_v3.c",
|
||||
"src/crypto/x509/x509_vfy.c",
|
||||
"src/crypto/x509/x509_vpm.c",
|
||||
"src/crypto/x509/x509cset.c",
|
||||
"src/crypto/x509/x509name.c",
|
||||
"src/crypto/x509/x509rset.c",
|
||||
"src/crypto/x509/x509spki.c",
|
||||
"src/crypto/x509/x_algor.c",
|
||||
"src/crypto/x509/x_all.c",
|
||||
"src/crypto/x509/x_attrib.c",
|
||||
"src/crypto/x509/x_crl.c",
|
||||
"src/crypto/x509/x_exten.c",
|
||||
"src/crypto/x509/x_info.c",
|
||||
"src/crypto/x509/x_name.c",
|
||||
"src/crypto/x509/x_pkey.c",
|
||||
"src/crypto/x509/x_pubkey.c",
|
||||
"src/crypto/x509/x_req.c",
|
||||
"src/crypto/x509/x_sig.c",
|
||||
"src/crypto/x509/x_spki.c",
|
||||
"src/crypto/x509/x_val.c",
|
||||
"src/crypto/x509/x_x509.c",
|
||||
"src/crypto/x509/x_x509a.c",
|
||||
"src/crypto/x509v3/pcy_cache.c",
|
||||
"src/crypto/x509v3/pcy_data.c",
|
||||
"src/crypto/x509v3/pcy_lib.c",
|
||||
"src/crypto/x509v3/pcy_map.c",
|
||||
"src/crypto/x509v3/pcy_node.c",
|
||||
"src/crypto/x509v3/pcy_tree.c",
|
||||
"src/crypto/x509v3/v3_akey.c",
|
||||
"src/crypto/x509v3/v3_akeya.c",
|
||||
"src/crypto/x509v3/v3_alt.c",
|
||||
"src/crypto/x509v3/v3_bcons.c",
|
||||
"src/crypto/x509v3/v3_bitst.c",
|
||||
"src/crypto/x509v3/v3_conf.c",
|
||||
"src/crypto/x509v3/v3_cpols.c",
|
||||
"src/crypto/x509v3/v3_crld.c",
|
||||
"src/crypto/x509v3/v3_enum.c",
|
||||
"src/crypto/x509v3/v3_extku.c",
|
||||
"src/crypto/x509v3/v3_genn.c",
|
||||
"src/crypto/x509v3/v3_ia5.c",
|
||||
"src/crypto/x509v3/v3_info.c",
|
||||
"src/crypto/x509v3/v3_int.c",
|
||||
"src/crypto/x509v3/v3_lib.c",
|
||||
"src/crypto/x509v3/v3_ncons.c",
|
||||
"src/crypto/x509v3/v3_ocsp.c",
|
||||
"src/crypto/x509v3/v3_pci.c",
|
||||
"src/crypto/x509v3/v3_pcia.c",
|
||||
"src/crypto/x509v3/v3_pcons.c",
|
||||
"src/crypto/x509v3/v3_pku.c",
|
||||
"src/crypto/x509v3/v3_pmaps.c",
|
||||
"src/crypto/x509v3/v3_prn.c",
|
||||
"src/crypto/x509v3/v3_purp.c",
|
||||
"src/crypto/x509v3/v3_skey.c",
|
||||
"src/crypto/x509v3/v3_sxnet.c",
|
||||
"src/crypto/x509v3/v3_utl.c",
|
||||
"src/third_party/fiat/curve25519.c",
|
||||
]
|
||||
|
||||
tool_sources = [
|
||||
"src/tool/args.cc",
|
||||
"src/tool/ciphers.cc",
|
||||
"src/tool/client.cc",
|
||||
"src/tool/const.cc",
|
||||
"src/tool/digest.cc",
|
||||
"src/tool/file.cc",
|
||||
"src/tool/generate_ed25519.cc",
|
||||
"src/tool/genrsa.cc",
|
||||
"src/tool/pkcs12.cc",
|
||||
"src/tool/rand.cc",
|
||||
"src/tool/server.cc",
|
||||
"src/tool/sign.cc",
|
||||
"src/tool/speed.cc",
|
||||
"src/tool/tool.cc",
|
||||
"src/tool/transport_common.cc",
|
||||
]
|
||||
|
||||
tool_headers = [
|
||||
"src/tool/internal.h",
|
||||
"src/tool/transport_common.h",
|
||||
]
|
||||
|
||||
crypto_sources_ios_aarch64 = [
|
||||
"ios-aarch64/crypto/chacha/chacha-armv8.S",
|
||||
"ios-aarch64/crypto/fipsmodule/aesv8-armx64.S",
|
||||
"ios-aarch64/crypto/fipsmodule/armv8-mont.S",
|
||||
"ios-aarch64/crypto/fipsmodule/ghash-neon-armv8.S",
|
||||
"ios-aarch64/crypto/fipsmodule/ghashv8-armx64.S",
|
||||
"ios-aarch64/crypto/fipsmodule/sha1-armv8.S",
|
||||
"ios-aarch64/crypto/fipsmodule/sha256-armv8.S",
|
||||
"ios-aarch64/crypto/fipsmodule/sha512-armv8.S",
|
||||
"ios-aarch64/crypto/fipsmodule/vpaes-armv8.S",
|
||||
"ios-aarch64/crypto/test/trampoline-armv8.S",
|
||||
]
|
||||
|
||||
crypto_sources_ios_arm = [
|
||||
"ios-arm/crypto/chacha/chacha-armv4.S",
|
||||
"ios-arm/crypto/fipsmodule/aesv8-armx32.S",
|
||||
"ios-arm/crypto/fipsmodule/armv4-mont.S",
|
||||
"ios-arm/crypto/fipsmodule/bsaes-armv7.S",
|
||||
"ios-arm/crypto/fipsmodule/ghash-armv4.S",
|
||||
"ios-arm/crypto/fipsmodule/ghashv8-armx32.S",
|
||||
"ios-arm/crypto/fipsmodule/sha1-armv4-large.S",
|
||||
"ios-arm/crypto/fipsmodule/sha256-armv4.S",
|
||||
"ios-arm/crypto/fipsmodule/sha512-armv4.S",
|
||||
"ios-arm/crypto/fipsmodule/vpaes-armv7.S",
|
||||
"ios-arm/crypto/test/trampoline-armv4.S",
|
||||
]
|
||||
|
||||
crypto_sources_linux_aarch64 = [
|
||||
"linux-aarch64/crypto/chacha/chacha-armv8.S",
|
||||
"linux-aarch64/crypto/fipsmodule/aesv8-armx64.S",
|
||||
"linux-aarch64/crypto/fipsmodule/armv8-mont.S",
|
||||
"linux-aarch64/crypto/fipsmodule/ghash-neon-armv8.S",
|
||||
"linux-aarch64/crypto/fipsmodule/ghashv8-armx64.S",
|
||||
"linux-aarch64/crypto/fipsmodule/sha1-armv8.S",
|
||||
"linux-aarch64/crypto/fipsmodule/sha256-armv8.S",
|
||||
"linux-aarch64/crypto/fipsmodule/sha512-armv8.S",
|
||||
"linux-aarch64/crypto/fipsmodule/vpaes-armv8.S",
|
||||
"linux-aarch64/crypto/test/trampoline-armv8.S",
|
||||
]
|
||||
|
||||
crypto_sources_linux_arm = [
|
||||
"linux-arm/crypto/chacha/chacha-armv4.S",
|
||||
"linux-arm/crypto/fipsmodule/aesv8-armx32.S",
|
||||
"linux-arm/crypto/fipsmodule/armv4-mont.S",
|
||||
"linux-arm/crypto/fipsmodule/bsaes-armv7.S",
|
||||
"linux-arm/crypto/fipsmodule/ghash-armv4.S",
|
||||
"linux-arm/crypto/fipsmodule/ghashv8-armx32.S",
|
||||
"linux-arm/crypto/fipsmodule/sha1-armv4-large.S",
|
||||
"linux-arm/crypto/fipsmodule/sha256-armv4.S",
|
||||
"linux-arm/crypto/fipsmodule/sha512-armv4.S",
|
||||
"linux-arm/crypto/fipsmodule/vpaes-armv7.S",
|
||||
"linux-arm/crypto/test/trampoline-armv4.S",
|
||||
"src/crypto/curve25519/asm/x25519-asm-arm.S",
|
||||
"src/crypto/poly1305/poly1305_arm_asm.S",
|
||||
]
|
||||
|
||||
crypto_sources_linux_ppc64le = [
|
||||
"linux-ppc64le/crypto/fipsmodule/aesp8-ppc.S",
|
||||
"linux-ppc64le/crypto/fipsmodule/ghashp8-ppc.S",
|
||||
"linux-ppc64le/crypto/test/trampoline-ppc.S",
|
||||
]
|
||||
|
||||
crypto_sources_linux_x86 = [
|
||||
"linux-x86/crypto/chacha/chacha-x86.S",
|
||||
"linux-x86/crypto/fipsmodule/aesni-x86.S",
|
||||
"linux-x86/crypto/fipsmodule/bn-586.S",
|
||||
"linux-x86/crypto/fipsmodule/co-586.S",
|
||||
"linux-x86/crypto/fipsmodule/ghash-ssse3-x86.S",
|
||||
"linux-x86/crypto/fipsmodule/ghash-x86.S",
|
||||
"linux-x86/crypto/fipsmodule/md5-586.S",
|
||||
"linux-x86/crypto/fipsmodule/sha1-586.S",
|
||||
"linux-x86/crypto/fipsmodule/sha256-586.S",
|
||||
"linux-x86/crypto/fipsmodule/sha512-586.S",
|
||||
"linux-x86/crypto/fipsmodule/vpaes-x86.S",
|
||||
"linux-x86/crypto/fipsmodule/x86-mont.S",
|
||||
"linux-x86/crypto/test/trampoline-x86.S",
|
||||
]
|
||||
|
||||
crypto_sources_linux_x86_64 = [
|
||||
"linux-x86_64/crypto/chacha/chacha-x86_64.S",
|
||||
"linux-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.S",
|
||||
"linux-x86_64/crypto/cipher_extra/chacha20_poly1305_x86_64.S",
|
||||
"linux-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S",
|
||||
"linux-x86_64/crypto/fipsmodule/aesni-x86_64.S",
|
||||
"linux-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.S",
|
||||
"linux-x86_64/crypto/fipsmodule/ghash-x86_64.S",
|
||||
"linux-x86_64/crypto/fipsmodule/md5-x86_64.S",
|
||||
"linux-x86_64/crypto/fipsmodule/p256-x86_64-asm.S",
|
||||
"linux-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S",
|
||||
"linux-x86_64/crypto/fipsmodule/rdrand-x86_64.S",
|
||||
"linux-x86_64/crypto/fipsmodule/rsaz-avx2.S",
|
||||
"linux-x86_64/crypto/fipsmodule/sha1-x86_64.S",
|
||||
"linux-x86_64/crypto/fipsmodule/sha256-x86_64.S",
|
||||
"linux-x86_64/crypto/fipsmodule/sha512-x86_64.S",
|
||||
"linux-x86_64/crypto/fipsmodule/vpaes-x86_64.S",
|
||||
"linux-x86_64/crypto/fipsmodule/x86_64-mont.S",
|
||||
"linux-x86_64/crypto/fipsmodule/x86_64-mont5.S",
|
||||
"linux-x86_64/crypto/test/trampoline-x86_64.S",
|
||||
"src/crypto/hrss/asm/poly_rq_mul.S",
|
||||
]
|
||||
|
||||
crypto_sources_mac_x86 = [
|
||||
"mac-x86/crypto/chacha/chacha-x86.S",
|
||||
"mac-x86/crypto/fipsmodule/aesni-x86.S",
|
||||
"mac-x86/crypto/fipsmodule/bn-586.S",
|
||||
"mac-x86/crypto/fipsmodule/co-586.S",
|
||||
"mac-x86/crypto/fipsmodule/ghash-ssse3-x86.S",
|
||||
"mac-x86/crypto/fipsmodule/ghash-x86.S",
|
||||
"mac-x86/crypto/fipsmodule/md5-586.S",
|
||||
"mac-x86/crypto/fipsmodule/sha1-586.S",
|
||||
"mac-x86/crypto/fipsmodule/sha256-586.S",
|
||||
"mac-x86/crypto/fipsmodule/sha512-586.S",
|
||||
"mac-x86/crypto/fipsmodule/vpaes-x86.S",
|
||||
"mac-x86/crypto/fipsmodule/x86-mont.S",
|
||||
"mac-x86/crypto/test/trampoline-x86.S",
|
||||
]
|
||||
|
||||
crypto_sources_mac_x86_64 = [
|
||||
"mac-x86_64/crypto/chacha/chacha-x86_64.S",
|
||||
"mac-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.S",
|
||||
"mac-x86_64/crypto/cipher_extra/chacha20_poly1305_x86_64.S",
|
||||
"mac-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S",
|
||||
"mac-x86_64/crypto/fipsmodule/aesni-x86_64.S",
|
||||
"mac-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.S",
|
||||
"mac-x86_64/crypto/fipsmodule/ghash-x86_64.S",
|
||||
"mac-x86_64/crypto/fipsmodule/md5-x86_64.S",
|
||||
"mac-x86_64/crypto/fipsmodule/p256-x86_64-asm.S",
|
||||
"mac-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S",
|
||||
"mac-x86_64/crypto/fipsmodule/rdrand-x86_64.S",
|
||||
"mac-x86_64/crypto/fipsmodule/rsaz-avx2.S",
|
||||
"mac-x86_64/crypto/fipsmodule/sha1-x86_64.S",
|
||||
"mac-x86_64/crypto/fipsmodule/sha256-x86_64.S",
|
||||
"mac-x86_64/crypto/fipsmodule/sha512-x86_64.S",
|
||||
"mac-x86_64/crypto/fipsmodule/vpaes-x86_64.S",
|
||||
"mac-x86_64/crypto/fipsmodule/x86_64-mont.S",
|
||||
"mac-x86_64/crypto/fipsmodule/x86_64-mont5.S",
|
||||
"mac-x86_64/crypto/test/trampoline-x86_64.S",
|
||||
]
|
||||
|
||||
crypto_sources_win_x86 = [
|
||||
"win-x86/crypto/chacha/chacha-x86.asm",
|
||||
"win-x86/crypto/fipsmodule/aesni-x86.asm",
|
||||
"win-x86/crypto/fipsmodule/bn-586.asm",
|
||||
"win-x86/crypto/fipsmodule/co-586.asm",
|
||||
"win-x86/crypto/fipsmodule/ghash-ssse3-x86.asm",
|
||||
"win-x86/crypto/fipsmodule/ghash-x86.asm",
|
||||
"win-x86/crypto/fipsmodule/md5-586.asm",
|
||||
"win-x86/crypto/fipsmodule/sha1-586.asm",
|
||||
"win-x86/crypto/fipsmodule/sha256-586.asm",
|
||||
"win-x86/crypto/fipsmodule/sha512-586.asm",
|
||||
"win-x86/crypto/fipsmodule/vpaes-x86.asm",
|
||||
"win-x86/crypto/fipsmodule/x86-mont.asm",
|
||||
"win-x86/crypto/test/trampoline-x86.asm",
|
||||
]
|
||||
|
||||
crypto_sources_win_x86_64 = [
|
||||
"win-x86_64/crypto/chacha/chacha-x86_64.asm",
|
||||
"win-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.asm",
|
||||
"win-x86_64/crypto/cipher_extra/chacha20_poly1305_x86_64.asm",
|
||||
"win-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.asm",
|
||||
"win-x86_64/crypto/fipsmodule/aesni-x86_64.asm",
|
||||
"win-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.asm",
|
||||
"win-x86_64/crypto/fipsmodule/ghash-x86_64.asm",
|
||||
"win-x86_64/crypto/fipsmodule/md5-x86_64.asm",
|
||||
"win-x86_64/crypto/fipsmodule/p256-x86_64-asm.asm",
|
||||
"win-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.asm",
|
||||
"win-x86_64/crypto/fipsmodule/rdrand-x86_64.asm",
|
||||
"win-x86_64/crypto/fipsmodule/rsaz-avx2.asm",
|
||||
"win-x86_64/crypto/fipsmodule/sha1-x86_64.asm",
|
||||
"win-x86_64/crypto/fipsmodule/sha256-x86_64.asm",
|
||||
"win-x86_64/crypto/fipsmodule/sha512-x86_64.asm",
|
||||
"win-x86_64/crypto/fipsmodule/vpaes-x86_64.asm",
|
||||
"win-x86_64/crypto/fipsmodule/x86_64-mont.asm",
|
||||
"win-x86_64/crypto/fipsmodule/x86_64-mont5.asm",
|
||||
"win-x86_64/crypto/test/trampoline-x86_64.asm",
|
||||
]
|
||||
323
third-party/boringssl/aes_ige.c
vendored
Normal file
323
third-party/boringssl/aes_ige.c
vendored
Normal file
|
|
@ -0,0 +1,323 @@
|
|||
/* crypto/aes/aes_ige.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
*/
|
||||
|
||||
#include <openssl/aes.h>
|
||||
#include <assert.h>
|
||||
#include <memory.h>
|
||||
#include <string.h>
|
||||
|
||||
#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long))
|
||||
typedef struct {
|
||||
unsigned long data[N_WORDS];
|
||||
} aes_block_t;
|
||||
|
||||
/* XXX: probably some better way to do this */
|
||||
#if defined(__i386__) || defined(__x86_64__)
|
||||
#define UNALIGNED_MEMOPS_ARE_FAST 1
|
||||
#else
|
||||
#define UNALIGNED_MEMOPS_ARE_FAST 0
|
||||
#endif
|
||||
|
||||
#if UNALIGNED_MEMOPS_ARE_FAST
|
||||
#define load_block(d, s) (d) = *(const aes_block_t *)(s)
|
||||
#define store_block(d, s) *(aes_block_t *)(d) = (s)
|
||||
#else
|
||||
#define load_block(d, s) memcpy((d).data, (s), AES_BLOCK_SIZE)
|
||||
#define store_block(d, s) memcpy((d), (s).data, AES_BLOCK_SIZE)
|
||||
#endif
|
||||
|
||||
/* N.B. The IV for this mode is _twice_ the block size */
|
||||
|
||||
void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
|
||||
size_t length, const AES_KEY *key,
|
||||
unsigned char *ivec, const int enc)
|
||||
{
|
||||
size_t n;
|
||||
size_t len = length;
|
||||
|
||||
assert(in && out && key && ivec);
|
||||
assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
|
||||
assert((length%AES_BLOCK_SIZE) == 0);
|
||||
|
||||
len = length / AES_BLOCK_SIZE;
|
||||
|
||||
if (AES_ENCRYPT == enc)
|
||||
{
|
||||
if (in != out &&
|
||||
(UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(long)==0))
|
||||
{
|
||||
aes_block_t *ivp = (aes_block_t *)ivec;
|
||||
aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE);
|
||||
|
||||
while (len)
|
||||
{
|
||||
aes_block_t *inp = (aes_block_t *)in;
|
||||
aes_block_t *outp = (aes_block_t *)out;
|
||||
|
||||
for(n=0 ; n < N_WORDS; ++n)
|
||||
outp->data[n] = inp->data[n] ^ ivp->data[n];
|
||||
AES_encrypt((unsigned char *)outp->data, (unsigned char *)outp->data, key);
|
||||
for(n=0 ; n < N_WORDS; ++n)
|
||||
outp->data[n] ^= iv2p->data[n];
|
||||
ivp = outp;
|
||||
iv2p = inp;
|
||||
--len;
|
||||
in += AES_BLOCK_SIZE;
|
||||
out += AES_BLOCK_SIZE;
|
||||
}
|
||||
memcpy(ivec, ivp->data, AES_BLOCK_SIZE);
|
||||
memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
|
||||
}
|
||||
else
|
||||
{
|
||||
aes_block_t tmp, tmp2;
|
||||
aes_block_t iv;
|
||||
aes_block_t iv2;
|
||||
|
||||
load_block(iv, ivec);
|
||||
load_block(iv2, ivec + AES_BLOCK_SIZE);
|
||||
|
||||
while (len)
|
||||
{
|
||||
load_block(tmp, in);
|
||||
for(n=0 ; n < N_WORDS; ++n)
|
||||
tmp2.data[n] = tmp.data[n] ^ iv.data[n];
|
||||
AES_encrypt((unsigned char *)tmp2.data, (unsigned char *)tmp2.data, key);
|
||||
for(n=0 ; n < N_WORDS; ++n)
|
||||
tmp2.data[n] ^= iv2.data[n];
|
||||
store_block(out, tmp2);
|
||||
iv = tmp2;
|
||||
iv2 = tmp;
|
||||
--len;
|
||||
in += AES_BLOCK_SIZE;
|
||||
out += AES_BLOCK_SIZE;
|
||||
}
|
||||
memcpy(ivec, iv.data, AES_BLOCK_SIZE);
|
||||
memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if (in != out &&
|
||||
(UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(long)==0))
|
||||
{
|
||||
aes_block_t *ivp = (aes_block_t *)ivec;
|
||||
aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE);
|
||||
|
||||
while (len)
|
||||
{
|
||||
aes_block_t tmp;
|
||||
aes_block_t *inp = (aes_block_t *)in;
|
||||
aes_block_t *outp = (aes_block_t *)out;
|
||||
|
||||
for(n=0 ; n < N_WORDS; ++n)
|
||||
tmp.data[n] = inp->data[n] ^ iv2p->data[n];
|
||||
AES_decrypt((unsigned char *)tmp.data, (unsigned char *)outp->data, key);
|
||||
for(n=0 ; n < N_WORDS; ++n)
|
||||
outp->data[n] ^= ivp->data[n];
|
||||
ivp = inp;
|
||||
iv2p = outp;
|
||||
--len;
|
||||
in += AES_BLOCK_SIZE;
|
||||
out += AES_BLOCK_SIZE;
|
||||
}
|
||||
memcpy(ivec, ivp->data, AES_BLOCK_SIZE);
|
||||
memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
|
||||
}
|
||||
else
|
||||
{
|
||||
aes_block_t tmp, tmp2;
|
||||
aes_block_t iv;
|
||||
aes_block_t iv2;
|
||||
|
||||
load_block(iv, ivec);
|
||||
load_block(iv2, ivec + AES_BLOCK_SIZE);
|
||||
|
||||
while (len)
|
||||
{
|
||||
load_block(tmp, in);
|
||||
tmp2 = tmp;
|
||||
for(n=0 ; n < N_WORDS; ++n)
|
||||
tmp.data[n] ^= iv2.data[n];
|
||||
AES_decrypt((unsigned char *)tmp.data, (unsigned char *)tmp.data, key);
|
||||
for(n=0 ; n < N_WORDS; ++n)
|
||||
tmp.data[n] ^= iv.data[n];
|
||||
store_block(out, tmp);
|
||||
iv = tmp2;
|
||||
iv2 = tmp;
|
||||
--len;
|
||||
in += AES_BLOCK_SIZE;
|
||||
out += AES_BLOCK_SIZE;
|
||||
}
|
||||
memcpy(ivec, iv.data, AES_BLOCK_SIZE);
|
||||
memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Note that its effectively impossible to do biIGE in anything other
|
||||
* than a single pass, so no provision is made for chaining.
|
||||
*/
|
||||
|
||||
/* N.B. The IV for this mode is _four times_ the block size */
|
||||
|
||||
void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
|
||||
size_t length, const AES_KEY *key,
|
||||
const AES_KEY *key2, const unsigned char *ivec,
|
||||
const int enc)
|
||||
{
|
||||
size_t n;
|
||||
size_t len = length;
|
||||
unsigned char tmp[AES_BLOCK_SIZE];
|
||||
unsigned char tmp2[AES_BLOCK_SIZE];
|
||||
unsigned char tmp3[AES_BLOCK_SIZE];
|
||||
unsigned char prev[AES_BLOCK_SIZE];
|
||||
const unsigned char *iv;
|
||||
const unsigned char *iv2;
|
||||
|
||||
assert(in && out && key && ivec);
|
||||
assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
|
||||
assert((length%AES_BLOCK_SIZE) == 0);
|
||||
|
||||
if (AES_ENCRYPT == enc)
|
||||
{
|
||||
/* XXX: Do a separate case for when in != out (strictly should
|
||||
check for overlap, too) */
|
||||
|
||||
/* First the forward pass */
|
||||
iv = ivec;
|
||||
iv2 = ivec + AES_BLOCK_SIZE;
|
||||
while (len >= AES_BLOCK_SIZE)
|
||||
{
|
||||
for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
|
||||
out[n] = in[n] ^ iv[n];
|
||||
AES_encrypt(out, out, key);
|
||||
for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
|
||||
out[n] ^= iv2[n];
|
||||
iv = out;
|
||||
memcpy(prev, in, AES_BLOCK_SIZE);
|
||||
iv2 = prev;
|
||||
len -= AES_BLOCK_SIZE;
|
||||
in += AES_BLOCK_SIZE;
|
||||
out += AES_BLOCK_SIZE;
|
||||
}
|
||||
|
||||
/* And now backwards */
|
||||
iv = ivec + AES_BLOCK_SIZE*2;
|
||||
iv2 = ivec + AES_BLOCK_SIZE*3;
|
||||
len = length;
|
||||
while(len >= AES_BLOCK_SIZE)
|
||||
{
|
||||
out -= AES_BLOCK_SIZE;
|
||||
/* XXX: reduce copies by alternating between buffers */
|
||||
memcpy(tmp, out, AES_BLOCK_SIZE);
|
||||
for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
|
||||
out[n] ^= iv[n];
|
||||
/* hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE); */
|
||||
AES_encrypt(out, out, key);
|
||||
/* hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */
|
||||
/* hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */
|
||||
for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
|
||||
out[n] ^= iv2[n];
|
||||
/* hexdump(stdout,"out", out, AES_BLOCK_SIZE); */
|
||||
iv = out;
|
||||
memcpy(prev, tmp, AES_BLOCK_SIZE);
|
||||
iv2 = prev;
|
||||
len -= AES_BLOCK_SIZE;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
/* First backwards */
|
||||
iv = ivec + AES_BLOCK_SIZE*2;
|
||||
iv2 = ivec + AES_BLOCK_SIZE*3;
|
||||
in += length;
|
||||
out += length;
|
||||
while (len >= AES_BLOCK_SIZE)
|
||||
{
|
||||
in -= AES_BLOCK_SIZE;
|
||||
out -= AES_BLOCK_SIZE;
|
||||
memcpy(tmp, in, AES_BLOCK_SIZE);
|
||||
memcpy(tmp2, in, AES_BLOCK_SIZE);
|
||||
for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
|
||||
tmp[n] ^= iv2[n];
|
||||
AES_decrypt(tmp, out, key);
|
||||
for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
|
||||
out[n] ^= iv[n];
|
||||
memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
|
||||
iv = tmp3;
|
||||
iv2 = out;
|
||||
len -= AES_BLOCK_SIZE;
|
||||
}
|
||||
|
||||
/* And now forwards */
|
||||
iv = ivec;
|
||||
iv2 = ivec + AES_BLOCK_SIZE;
|
||||
len = length;
|
||||
while (len >= AES_BLOCK_SIZE)
|
||||
{
|
||||
memcpy(tmp, out, AES_BLOCK_SIZE);
|
||||
memcpy(tmp2, out, AES_BLOCK_SIZE);
|
||||
for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
|
||||
tmp[n] ^= iv2[n];
|
||||
AES_decrypt(tmp, out, key);
|
||||
for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
|
||||
out[n] ^= iv[n];
|
||||
memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
|
||||
iv = tmp3;
|
||||
iv2 = out;
|
||||
len -= AES_BLOCK_SIZE;
|
||||
in += AES_BLOCK_SIZE;
|
||||
out += AES_BLOCK_SIZE;
|
||||
}
|
||||
}
|
||||
}
|
||||
1409
third-party/boringssl/err_data.c
vendored
Normal file
1409
third-party/boringssl/err_data.c
vendored
Normal file
File diff suppressed because it is too large
Load diff
1982
third-party/boringssl/ios-aarch64/crypto/chacha/chacha-armv8.S
vendored
Normal file
1982
third-party/boringssl/ios-aarch64/crypto/chacha/chacha-armv8.S
vendored
Normal file
File diff suppressed because it is too large
Load diff
772
third-party/boringssl/ios-aarch64/crypto/fipsmodule/aesv8-armx64.S
vendored
Normal file
772
third-party/boringssl/ios-aarch64/crypto/fipsmodule/aesv8-armx64.S
vendored
Normal file
|
|
@ -0,0 +1,772 @@
|
|||
// This file is generated from a similarly-named Perl script in the BoringSSL
|
||||
// source tree. Do not edit by hand.
|
||||
|
||||
#if !defined(__has_feature)
|
||||
#define __has_feature(x) 0
|
||||
#endif
|
||||
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
|
||||
#define OPENSSL_NO_ASM
|
||||
#endif
|
||||
|
||||
#if !defined(OPENSSL_NO_ASM)
|
||||
#if defined(BORINGSSL_PREFIX)
|
||||
#include <boringssl_prefix_symbols_asm.h>
|
||||
#endif
|
||||
#include <openssl/arm_arch.h>
|
||||
|
||||
#if __ARM_MAX_ARCH__>=7
|
||||
.text
|
||||
|
||||
.section __TEXT,__const
|
||||
.align 5
|
||||
Lrcon:
|
||||
.long 0x01,0x01,0x01,0x01
|
||||
.long 0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d // rotate-n-splat
|
||||
.long 0x1b,0x1b,0x1b,0x1b
|
||||
|
||||
.text
|
||||
|
||||
.globl _aes_hw_set_encrypt_key
|
||||
.private_extern _aes_hw_set_encrypt_key
|
||||
|
||||
.align 5
|
||||
_aes_hw_set_encrypt_key:
|
||||
Lenc_key:
|
||||
stp x29,x30,[sp,#-16]!
|
||||
add x29,sp,#0
|
||||
mov x3,#-1
|
||||
cmp x0,#0
|
||||
b.eq Lenc_key_abort
|
||||
cmp x2,#0
|
||||
b.eq Lenc_key_abort
|
||||
mov x3,#-2
|
||||
cmp w1,#128
|
||||
b.lt Lenc_key_abort
|
||||
cmp w1,#256
|
||||
b.gt Lenc_key_abort
|
||||
tst w1,#0x3f
|
||||
b.ne Lenc_key_abort
|
||||
|
||||
adrp x3,Lrcon@PAGE
|
||||
add x3,x3,Lrcon@PAGEOFF
|
||||
cmp w1,#192
|
||||
|
||||
eor v0.16b,v0.16b,v0.16b
|
||||
ld1 {v3.16b},[x0],#16
|
||||
mov w1,#8 // reuse w1
|
||||
ld1 {v1.4s,v2.4s},[x3],#32
|
||||
|
||||
b.lt Loop128
|
||||
b.eq L192
|
||||
b L256
|
||||
|
||||
.align 4
|
||||
Loop128:
|
||||
tbl v6.16b,{v3.16b},v2.16b
|
||||
ext v5.16b,v0.16b,v3.16b,#12
|
||||
st1 {v3.4s},[x2],#16
|
||||
aese v6.16b,v0.16b
|
||||
subs w1,w1,#1
|
||||
|
||||
eor v3.16b,v3.16b,v5.16b
|
||||
ext v5.16b,v0.16b,v5.16b,#12
|
||||
eor v3.16b,v3.16b,v5.16b
|
||||
ext v5.16b,v0.16b,v5.16b,#12
|
||||
eor v6.16b,v6.16b,v1.16b
|
||||
eor v3.16b,v3.16b,v5.16b
|
||||
shl v1.16b,v1.16b,#1
|
||||
eor v3.16b,v3.16b,v6.16b
|
||||
b.ne Loop128
|
||||
|
||||
ld1 {v1.4s},[x3]
|
||||
|
||||
tbl v6.16b,{v3.16b},v2.16b
|
||||
ext v5.16b,v0.16b,v3.16b,#12
|
||||
st1 {v3.4s},[x2],#16
|
||||
aese v6.16b,v0.16b
|
||||
|
||||
eor v3.16b,v3.16b,v5.16b
|
||||
ext v5.16b,v0.16b,v5.16b,#12
|
||||
eor v3.16b,v3.16b,v5.16b
|
||||
ext v5.16b,v0.16b,v5.16b,#12
|
||||
eor v6.16b,v6.16b,v1.16b
|
||||
eor v3.16b,v3.16b,v5.16b
|
||||
shl v1.16b,v1.16b,#1
|
||||
eor v3.16b,v3.16b,v6.16b
|
||||
|
||||
tbl v6.16b,{v3.16b},v2.16b
|
||||
ext v5.16b,v0.16b,v3.16b,#12
|
||||
st1 {v3.4s},[x2],#16
|
||||
aese v6.16b,v0.16b
|
||||
|
||||
eor v3.16b,v3.16b,v5.16b
|
||||
ext v5.16b,v0.16b,v5.16b,#12
|
||||
eor v3.16b,v3.16b,v5.16b
|
||||
ext v5.16b,v0.16b,v5.16b,#12
|
||||
eor v6.16b,v6.16b,v1.16b
|
||||
eor v3.16b,v3.16b,v5.16b
|
||||
eor v3.16b,v3.16b,v6.16b
|
||||
st1 {v3.4s},[x2]
|
||||
add x2,x2,#0x50
|
||||
|
||||
mov w12,#10
|
||||
b Ldone
|
||||
|
||||
.align 4
|
||||
L192:
|
||||
ld1 {v4.8b},[x0],#8
|
||||
movi v6.16b,#8 // borrow v6.16b
|
||||
st1 {v3.4s},[x2],#16
|
||||
sub v2.16b,v2.16b,v6.16b // adjust the mask
|
||||
|
||||
Loop192:
|
||||
tbl v6.16b,{v4.16b},v2.16b
|
||||
ext v5.16b,v0.16b,v3.16b,#12
|
||||
st1 {v4.8b},[x2],#8
|
||||
aese v6.16b,v0.16b
|
||||
subs w1,w1,#1
|
||||
|
||||
eor v3.16b,v3.16b,v5.16b
|
||||
ext v5.16b,v0.16b,v5.16b,#12
|
||||
eor v3.16b,v3.16b,v5.16b
|
||||
ext v5.16b,v0.16b,v5.16b,#12
|
||||
eor v3.16b,v3.16b,v5.16b
|
||||
|
||||
dup v5.4s,v3.s[3]
|
||||
eor v5.16b,v5.16b,v4.16b
|
||||
eor v6.16b,v6.16b,v1.16b
|
||||
ext v4.16b,v0.16b,v4.16b,#12
|
||||
shl v1.16b,v1.16b,#1
|
||||
eor v4.16b,v4.16b,v5.16b
|
||||
eor v3.16b,v3.16b,v6.16b
|
||||
eor v4.16b,v4.16b,v6.16b
|
||||
st1 {v3.4s},[x2],#16
|
||||
b.ne Loop192
|
||||
|
||||
mov w12,#12
|
||||
add x2,x2,#0x20
|
||||
b Ldone
|
||||
|
||||
.align 4
|
||||
L256:
|
||||
ld1 {v4.16b},[x0]
|
||||
mov w1,#7
|
||||
mov w12,#14
|
||||
st1 {v3.4s},[x2],#16
|
||||
|
||||
Loop256:
|
||||
tbl v6.16b,{v4.16b},v2.16b
|
||||
ext v5.16b,v0.16b,v3.16b,#12
|
||||
st1 {v4.4s},[x2],#16
|
||||
aese v6.16b,v0.16b
|
||||
subs w1,w1,#1
|
||||
|
||||
eor v3.16b,v3.16b,v5.16b
|
||||
ext v5.16b,v0.16b,v5.16b,#12
|
||||
eor v3.16b,v3.16b,v5.16b
|
||||
ext v5.16b,v0.16b,v5.16b,#12
|
||||
eor v6.16b,v6.16b,v1.16b
|
||||
eor v3.16b,v3.16b,v5.16b
|
||||
shl v1.16b,v1.16b,#1
|
||||
eor v3.16b,v3.16b,v6.16b
|
||||
st1 {v3.4s},[x2],#16
|
||||
b.eq Ldone
|
||||
|
||||
dup v6.4s,v3.s[3] // just splat
|
||||
ext v5.16b,v0.16b,v4.16b,#12
|
||||
aese v6.16b,v0.16b
|
||||
|
||||
eor v4.16b,v4.16b,v5.16b
|
||||
ext v5.16b,v0.16b,v5.16b,#12
|
||||
eor v4.16b,v4.16b,v5.16b
|
||||
ext v5.16b,v0.16b,v5.16b,#12
|
||||
eor v4.16b,v4.16b,v5.16b
|
||||
|
||||
eor v4.16b,v4.16b,v6.16b
|
||||
b Loop256
|
||||
|
||||
Ldone:
|
||||
str w12,[x2]
|
||||
mov x3,#0
|
||||
|
||||
Lenc_key_abort:
|
||||
mov x0,x3 // return value
|
||||
ldr x29,[sp],#16
|
||||
ret
|
||||
|
||||
|
||||
.globl _aes_hw_set_decrypt_key
|
||||
.private_extern _aes_hw_set_decrypt_key
|
||||
|
||||
.align 5
|
||||
_aes_hw_set_decrypt_key:
|
||||
stp x29,x30,[sp,#-16]!
|
||||
add x29,sp,#0
|
||||
bl Lenc_key
|
||||
|
||||
cmp x0,#0
|
||||
b.ne Ldec_key_abort
|
||||
|
||||
sub x2,x2,#240 // restore original x2
|
||||
mov x4,#-16
|
||||
add x0,x2,x12,lsl#4 // end of key schedule
|
||||
|
||||
ld1 {v0.4s},[x2]
|
||||
ld1 {v1.4s},[x0]
|
||||
st1 {v0.4s},[x0],x4
|
||||
st1 {v1.4s},[x2],#16
|
||||
|
||||
Loop_imc:
|
||||
ld1 {v0.4s},[x2]
|
||||
ld1 {v1.4s},[x0]
|
||||
aesimc v0.16b,v0.16b
|
||||
aesimc v1.16b,v1.16b
|
||||
st1 {v0.4s},[x0],x4
|
||||
st1 {v1.4s},[x2],#16
|
||||
cmp x0,x2
|
||||
b.hi Loop_imc
|
||||
|
||||
ld1 {v0.4s},[x2]
|
||||
aesimc v0.16b,v0.16b
|
||||
st1 {v0.4s},[x0]
|
||||
|
||||
eor x0,x0,x0 // return value
|
||||
Ldec_key_abort:
|
||||
ldp x29,x30,[sp],#16
|
||||
ret
|
||||
|
||||
.globl _aes_hw_encrypt
|
||||
.private_extern _aes_hw_encrypt
|
||||
|
||||
.align 5
|
||||
_aes_hw_encrypt:
|
||||
ldr w3,[x2,#240]
|
||||
ld1 {v0.4s},[x2],#16
|
||||
ld1 {v2.16b},[x0]
|
||||
sub w3,w3,#2
|
||||
ld1 {v1.4s},[x2],#16
|
||||
|
||||
Loop_enc:
|
||||
aese v2.16b,v0.16b
|
||||
aesmc v2.16b,v2.16b
|
||||
ld1 {v0.4s},[x2],#16
|
||||
subs w3,w3,#2
|
||||
aese v2.16b,v1.16b
|
||||
aesmc v2.16b,v2.16b
|
||||
ld1 {v1.4s},[x2],#16
|
||||
b.gt Loop_enc
|
||||
|
||||
aese v2.16b,v0.16b
|
||||
aesmc v2.16b,v2.16b
|
||||
ld1 {v0.4s},[x2]
|
||||
aese v2.16b,v1.16b
|
||||
eor v2.16b,v2.16b,v0.16b
|
||||
|
||||
st1 {v2.16b},[x1]
|
||||
ret
|
||||
|
||||
.globl _aes_hw_decrypt
|
||||
.private_extern _aes_hw_decrypt
|
||||
|
||||
.align 5
|
||||
_aes_hw_decrypt:
|
||||
ldr w3,[x2,#240]
|
||||
ld1 {v0.4s},[x2],#16
|
||||
ld1 {v2.16b},[x0]
|
||||
sub w3,w3,#2
|
||||
ld1 {v1.4s},[x2],#16
|
||||
|
||||
Loop_dec:
|
||||
aesd v2.16b,v0.16b
|
||||
aesimc v2.16b,v2.16b
|
||||
ld1 {v0.4s},[x2],#16
|
||||
subs w3,w3,#2
|
||||
aesd v2.16b,v1.16b
|
||||
aesimc v2.16b,v2.16b
|
||||
ld1 {v1.4s},[x2],#16
|
||||
b.gt Loop_dec
|
||||
|
||||
aesd v2.16b,v0.16b
|
||||
aesimc v2.16b,v2.16b
|
||||
ld1 {v0.4s},[x2]
|
||||
aesd v2.16b,v1.16b
|
||||
eor v2.16b,v2.16b,v0.16b
|
||||
|
||||
st1 {v2.16b},[x1]
|
||||
ret
|
||||
|
||||
.globl _aes_hw_cbc_encrypt
|
||||
.private_extern _aes_hw_cbc_encrypt
|
||||
|
||||
.align 5
|
||||
_aes_hw_cbc_encrypt:
|
||||
stp x29,x30,[sp,#-16]!
|
||||
add x29,sp,#0
|
||||
subs x2,x2,#16
|
||||
mov x8,#16
|
||||
b.lo Lcbc_abort
|
||||
csel x8,xzr,x8,eq
|
||||
|
||||
cmp w5,#0 // en- or decrypting?
|
||||
ldr w5,[x3,#240]
|
||||
and x2,x2,#-16
|
||||
ld1 {v6.16b},[x4]
|
||||
ld1 {v0.16b},[x0],x8
|
||||
|
||||
ld1 {v16.4s,v17.4s},[x3] // load key schedule...
|
||||
sub w5,w5,#6
|
||||
add x7,x3,x5,lsl#4 // pointer to last 7 round keys
|
||||
sub w5,w5,#2
|
||||
ld1 {v18.4s,v19.4s},[x7],#32
|
||||
ld1 {v20.4s,v21.4s},[x7],#32
|
||||
ld1 {v22.4s,v23.4s},[x7],#32
|
||||
ld1 {v7.4s},[x7]
|
||||
|
||||
add x7,x3,#32
|
||||
mov w6,w5
|
||||
b.eq Lcbc_dec
|
||||
|
||||
cmp w5,#2
|
||||
eor v0.16b,v0.16b,v6.16b
|
||||
eor v5.16b,v16.16b,v7.16b
|
||||
b.eq Lcbc_enc128
|
||||
|
||||
ld1 {v2.4s,v3.4s},[x7]
|
||||
add x7,x3,#16
|
||||
add x6,x3,#16*4
|
||||
add x12,x3,#16*5
|
||||
aese v0.16b,v16.16b
|
||||
aesmc v0.16b,v0.16b
|
||||
add x14,x3,#16*6
|
||||
add x3,x3,#16*7
|
||||
b Lenter_cbc_enc
|
||||
|
||||
.align 4
|
||||
Loop_cbc_enc:
|
||||
aese v0.16b,v16.16b
|
||||
aesmc v0.16b,v0.16b
|
||||
st1 {v6.16b},[x1],#16
|
||||
Lenter_cbc_enc:
|
||||
aese v0.16b,v17.16b
|
||||
aesmc v0.16b,v0.16b
|
||||
aese v0.16b,v2.16b
|
||||
aesmc v0.16b,v0.16b
|
||||
ld1 {v16.4s},[x6]
|
||||
cmp w5,#4
|
||||
aese v0.16b,v3.16b
|
||||
aesmc v0.16b,v0.16b
|
||||
ld1 {v17.4s},[x12]
|
||||
b.eq Lcbc_enc192
|
||||
|
||||
aese v0.16b,v16.16b
|
||||
aesmc v0.16b,v0.16b
|
||||
ld1 {v16.4s},[x14]
|
||||
aese v0.16b,v17.16b
|
||||
aesmc v0.16b,v0.16b
|
||||
ld1 {v17.4s},[x3]
|
||||
nop
|
||||
|
||||
Lcbc_enc192:
|
||||
aese v0.16b,v16.16b
|
||||
aesmc v0.16b,v0.16b
|
||||
subs x2,x2,#16
|
||||
aese v0.16b,v17.16b
|
||||
aesmc v0.16b,v0.16b
|
||||
csel x8,xzr,x8,eq
|
||||
aese v0.16b,v18.16b
|
||||
aesmc v0.16b,v0.16b
|
||||
aese v0.16b,v19.16b
|
||||
aesmc v0.16b,v0.16b
|
||||
ld1 {v16.16b},[x0],x8
|
||||
aese v0.16b,v20.16b
|
||||
aesmc v0.16b,v0.16b
|
||||
eor v16.16b,v16.16b,v5.16b
|
||||
aese v0.16b,v21.16b
|
||||
aesmc v0.16b,v0.16b
|
||||
ld1 {v17.4s},[x7] // re-pre-load rndkey[1]
|
||||
aese v0.16b,v22.16b
|
||||
aesmc v0.16b,v0.16b
|
||||
aese v0.16b,v23.16b
|
||||
eor v6.16b,v0.16b,v7.16b
|
||||
b.hs Loop_cbc_enc
|
||||
|
||||
st1 {v6.16b},[x1],#16
|
||||
b Lcbc_done
|
||||
|
||||
.align 5
|
||||
Lcbc_enc128:
|
||||
ld1 {v2.4s,v3.4s},[x7]
|
||||
aese v0.16b,v16.16b
|
||||
aesmc v0.16b,v0.16b
|
||||
b Lenter_cbc_enc128
|
||||
Loop_cbc_enc128:
|
||||
aese v0.16b,v16.16b
|
||||
aesmc v0.16b,v0.16b
|
||||
st1 {v6.16b},[x1],#16
|
||||
Lenter_cbc_enc128:
|
||||
aese v0.16b,v17.16b
|
||||
aesmc v0.16b,v0.16b
|
||||
subs x2,x2,#16
|
||||
aese v0.16b,v2.16b
|
||||
aesmc v0.16b,v0.16b
|
||||
csel x8,xzr,x8,eq
|
||||
aese v0.16b,v3.16b
|
||||
aesmc v0.16b,v0.16b
|
||||
aese v0.16b,v18.16b
|
||||
aesmc v0.16b,v0.16b
|
||||
aese v0.16b,v19.16b
|
||||
aesmc v0.16b,v0.16b
|
||||
ld1 {v16.16b},[x0],x8
|
||||
aese v0.16b,v20.16b
|
||||
aesmc v0.16b,v0.16b
|
||||
aese v0.16b,v21.16b
|
||||
aesmc v0.16b,v0.16b
|
||||
aese v0.16b,v22.16b
|
||||
aesmc v0.16b,v0.16b
|
||||
eor v16.16b,v16.16b,v5.16b
|
||||
aese v0.16b,v23.16b
|
||||
eor v6.16b,v0.16b,v7.16b
|
||||
b.hs Loop_cbc_enc128
|
||||
|
||||
st1 {v6.16b},[x1],#16
|
||||
b Lcbc_done
|
||||
.align 5
|
||||
Lcbc_dec:
|
||||
ld1 {v18.16b},[x0],#16
|
||||
subs x2,x2,#32 // bias
|
||||
add w6,w5,#2
|
||||
orr v3.16b,v0.16b,v0.16b
|
||||
orr v1.16b,v0.16b,v0.16b
|
||||
orr v19.16b,v18.16b,v18.16b
|
||||
b.lo Lcbc_dec_tail
|
||||
|
||||
orr v1.16b,v18.16b,v18.16b
|
||||
ld1 {v18.16b},[x0],#16
|
||||
orr v2.16b,v0.16b,v0.16b
|
||||
orr v3.16b,v1.16b,v1.16b
|
||||
orr v19.16b,v18.16b,v18.16b
|
||||
|
||||
Loop3x_cbc_dec:
|
||||
aesd v0.16b,v16.16b
|
||||
aesimc v0.16b,v0.16b
|
||||
aesd v1.16b,v16.16b
|
||||
aesimc v1.16b,v1.16b
|
||||
aesd v18.16b,v16.16b
|
||||
aesimc v18.16b,v18.16b
|
||||
ld1 {v16.4s},[x7],#16
|
||||
subs w6,w6,#2
|
||||
aesd v0.16b,v17.16b
|
||||
aesimc v0.16b,v0.16b
|
||||
aesd v1.16b,v17.16b
|
||||
aesimc v1.16b,v1.16b
|
||||
aesd v18.16b,v17.16b
|
||||
aesimc v18.16b,v18.16b
|
||||
ld1 {v17.4s},[x7],#16
|
||||
b.gt Loop3x_cbc_dec
|
||||
|
||||
aesd v0.16b,v16.16b
|
||||
aesimc v0.16b,v0.16b
|
||||
aesd v1.16b,v16.16b
|
||||
aesimc v1.16b,v1.16b
|
||||
aesd v18.16b,v16.16b
|
||||
aesimc v18.16b,v18.16b
|
||||
eor v4.16b,v6.16b,v7.16b
|
||||
subs x2,x2,#0x30
|
||||
eor v5.16b,v2.16b,v7.16b
|
||||
csel x6,x2,x6,lo // x6, w6, is zero at this point
|
||||
aesd v0.16b,v17.16b
|
||||
aesimc v0.16b,v0.16b
|
||||
aesd v1.16b,v17.16b
|
||||
aesimc v1.16b,v1.16b
|
||||
aesd v18.16b,v17.16b
|
||||
aesimc v18.16b,v18.16b
|
||||
eor v17.16b,v3.16b,v7.16b
|
||||
add x0,x0,x6 // x0 is adjusted in such way that
|
||||
// at exit from the loop v1.16b-v18.16b
|
||||
// are loaded with last "words"
|
||||
orr v6.16b,v19.16b,v19.16b
|
||||
mov x7,x3
|
||||
aesd v0.16b,v20.16b
|
||||
aesimc v0.16b,v0.16b
|
||||
aesd v1.16b,v20.16b
|
||||
aesimc v1.16b,v1.16b
|
||||
aesd v18.16b,v20.16b
|
||||
aesimc v18.16b,v18.16b
|
||||
ld1 {v2.16b},[x0],#16
|
||||
aesd v0.16b,v21.16b
|
||||
aesimc v0.16b,v0.16b
|
||||
aesd v1.16b,v21.16b
|
||||
aesimc v1.16b,v1.16b
|
||||
aesd v18.16b,v21.16b
|
||||
aesimc v18.16b,v18.16b
|
||||
ld1 {v3.16b},[x0],#16
|
||||
aesd v0.16b,v22.16b
|
||||
aesimc v0.16b,v0.16b
|
||||
aesd v1.16b,v22.16b
|
||||
aesimc v1.16b,v1.16b
|
||||
aesd v18.16b,v22.16b
|
||||
aesimc v18.16b,v18.16b
|
||||
ld1 {v19.16b},[x0],#16
|
||||
aesd v0.16b,v23.16b
|
||||
aesd v1.16b,v23.16b
|
||||
aesd v18.16b,v23.16b
|
||||
ld1 {v16.4s},[x7],#16 // re-pre-load rndkey[0]
|
||||
add w6,w5,#2
|
||||
eor v4.16b,v4.16b,v0.16b
|
||||
eor v5.16b,v5.16b,v1.16b
|
||||
eor v18.16b,v18.16b,v17.16b
|
||||
ld1 {v17.4s},[x7],#16 // re-pre-load rndkey[1]
|
||||
st1 {v4.16b},[x1],#16
|
||||
orr v0.16b,v2.16b,v2.16b
|
||||
st1 {v5.16b},[x1],#16
|
||||
orr v1.16b,v3.16b,v3.16b
|
||||
st1 {v18.16b},[x1],#16
|
||||
orr v18.16b,v19.16b,v19.16b
|
||||
b.hs Loop3x_cbc_dec
|
||||
|
||||
cmn x2,#0x30
|
||||
b.eq Lcbc_done
|
||||
nop
|
||||
|
||||
Lcbc_dec_tail:
|
||||
aesd v1.16b,v16.16b
|
||||
aesimc v1.16b,v1.16b
|
||||
aesd v18.16b,v16.16b
|
||||
aesimc v18.16b,v18.16b
|
||||
ld1 {v16.4s},[x7],#16
|
||||
subs w6,w6,#2
|
||||
aesd v1.16b,v17.16b
|
||||
aesimc v1.16b,v1.16b
|
||||
aesd v18.16b,v17.16b
|
||||
aesimc v18.16b,v18.16b
|
||||
ld1 {v17.4s},[x7],#16
|
||||
b.gt Lcbc_dec_tail
|
||||
|
||||
aesd v1.16b,v16.16b
|
||||
aesimc v1.16b,v1.16b
|
||||
aesd v18.16b,v16.16b
|
||||
aesimc v18.16b,v18.16b
|
||||
aesd v1.16b,v17.16b
|
||||
aesimc v1.16b,v1.16b
|
||||
aesd v18.16b,v17.16b
|
||||
aesimc v18.16b,v18.16b
|
||||
aesd v1.16b,v20.16b
|
||||
aesimc v1.16b,v1.16b
|
||||
aesd v18.16b,v20.16b
|
||||
aesimc v18.16b,v18.16b
|
||||
cmn x2,#0x20
|
||||
aesd v1.16b,v21.16b
|
||||
aesimc v1.16b,v1.16b
|
||||
aesd v18.16b,v21.16b
|
||||
aesimc v18.16b,v18.16b
|
||||
eor v5.16b,v6.16b,v7.16b
|
||||
aesd v1.16b,v22.16b
|
||||
aesimc v1.16b,v1.16b
|
||||
aesd v18.16b,v22.16b
|
||||
aesimc v18.16b,v18.16b
|
||||
eor v17.16b,v3.16b,v7.16b
|
||||
aesd v1.16b,v23.16b
|
||||
aesd v18.16b,v23.16b
|
||||
b.eq Lcbc_dec_one
|
||||
eor v5.16b,v5.16b,v1.16b
|
||||
eor v17.16b,v17.16b,v18.16b
|
||||
orr v6.16b,v19.16b,v19.16b
|
||||
st1 {v5.16b},[x1],#16
|
||||
st1 {v17.16b},[x1],#16
|
||||
b Lcbc_done
|
||||
|
||||
Lcbc_dec_one:
|
||||
eor v5.16b,v5.16b,v18.16b
|
||||
orr v6.16b,v19.16b,v19.16b
|
||||
st1 {v5.16b},[x1],#16
|
||||
|
||||
Lcbc_done:
|
||||
st1 {v6.16b},[x4]
|
||||
Lcbc_abort:
|
||||
ldr x29,[sp],#16
|
||||
ret
|
||||
|
||||
.globl _aes_hw_ctr32_encrypt_blocks
|
||||
.private_extern _aes_hw_ctr32_encrypt_blocks
|
||||
|
||||
.align 5
|
||||
_aes_hw_ctr32_encrypt_blocks:
|
||||
stp x29,x30,[sp,#-16]!
|
||||
add x29,sp,#0
|
||||
ldr w5,[x3,#240]
|
||||
|
||||
ldr w8, [x4, #12]
|
||||
ld1 {v0.4s},[x4]
|
||||
|
||||
ld1 {v16.4s,v17.4s},[x3] // load key schedule...
|
||||
sub w5,w5,#4
|
||||
mov x12,#16
|
||||
cmp x2,#2
|
||||
add x7,x3,x5,lsl#4 // pointer to last 5 round keys
|
||||
sub w5,w5,#2
|
||||
ld1 {v20.4s,v21.4s},[x7],#32
|
||||
ld1 {v22.4s,v23.4s},[x7],#32
|
||||
ld1 {v7.4s},[x7]
|
||||
add x7,x3,#32
|
||||
mov w6,w5
|
||||
csel x12,xzr,x12,lo
|
||||
#ifndef __ARMEB__
|
||||
rev w8, w8
|
||||
#endif
|
||||
orr v1.16b,v0.16b,v0.16b
|
||||
add w10, w8, #1
|
||||
orr v18.16b,v0.16b,v0.16b
|
||||
add w8, w8, #2
|
||||
orr v6.16b,v0.16b,v0.16b
|
||||
rev w10, w10
|
||||
mov v1.s[3],w10
|
||||
b.ls Lctr32_tail
|
||||
rev w12, w8
|
||||
sub x2,x2,#3 // bias
|
||||
mov v18.s[3],w12
|
||||
b Loop3x_ctr32
|
||||
|
||||
.align 4
|
||||
Loop3x_ctr32:
|
||||
aese v0.16b,v16.16b
|
||||
aesmc v0.16b,v0.16b
|
||||
aese v1.16b,v16.16b
|
||||
aesmc v1.16b,v1.16b
|
||||
aese v18.16b,v16.16b
|
||||
aesmc v18.16b,v18.16b
|
||||
ld1 {v16.4s},[x7],#16
|
||||
subs w6,w6,#2
|
||||
aese v0.16b,v17.16b
|
||||
aesmc v0.16b,v0.16b
|
||||
aese v1.16b,v17.16b
|
||||
aesmc v1.16b,v1.16b
|
||||
aese v18.16b,v17.16b
|
||||
aesmc v18.16b,v18.16b
|
||||
ld1 {v17.4s},[x7],#16
|
||||
b.gt Loop3x_ctr32
|
||||
|
||||
aese v0.16b,v16.16b
|
||||
aesmc v4.16b,v0.16b
|
||||
aese v1.16b,v16.16b
|
||||
aesmc v5.16b,v1.16b
|
||||
ld1 {v2.16b},[x0],#16
|
||||
orr v0.16b,v6.16b,v6.16b
|
||||
aese v18.16b,v16.16b
|
||||
aesmc v18.16b,v18.16b
|
||||
ld1 {v3.16b},[x0],#16
|
||||
orr v1.16b,v6.16b,v6.16b
|
||||
aese v4.16b,v17.16b
|
||||
aesmc v4.16b,v4.16b
|
||||
aese v5.16b,v17.16b
|
||||
aesmc v5.16b,v5.16b
|
||||
ld1 {v19.16b},[x0],#16
|
||||
mov x7,x3
|
||||
aese v18.16b,v17.16b
|
||||
aesmc v17.16b,v18.16b
|
||||
orr v18.16b,v6.16b,v6.16b
|
||||
add w9,w8,#1
|
||||
aese v4.16b,v20.16b
|
||||
aesmc v4.16b,v4.16b
|
||||
aese v5.16b,v20.16b
|
||||
aesmc v5.16b,v5.16b
|
||||
eor v2.16b,v2.16b,v7.16b
|
||||
add w10,w8,#2
|
||||
aese v17.16b,v20.16b
|
||||
aesmc v17.16b,v17.16b
|
||||
eor v3.16b,v3.16b,v7.16b
|
||||
add w8,w8,#3
|
||||
aese v4.16b,v21.16b
|
||||
aesmc v4.16b,v4.16b
|
||||
aese v5.16b,v21.16b
|
||||
aesmc v5.16b,v5.16b
|
||||
eor v19.16b,v19.16b,v7.16b
|
||||
rev w9,w9
|
||||
aese v17.16b,v21.16b
|
||||
aesmc v17.16b,v17.16b
|
||||
mov v0.s[3], w9
|
||||
rev w10,w10
|
||||
aese v4.16b,v22.16b
|
||||
aesmc v4.16b,v4.16b
|
||||
aese v5.16b,v22.16b
|
||||
aesmc v5.16b,v5.16b
|
||||
mov v1.s[3], w10
|
||||
rev w12,w8
|
||||
aese v17.16b,v22.16b
|
||||
aesmc v17.16b,v17.16b
|
||||
mov v18.s[3], w12
|
||||
subs x2,x2,#3
|
||||
aese v4.16b,v23.16b
|
||||
aese v5.16b,v23.16b
|
||||
aese v17.16b,v23.16b
|
||||
|
||||
eor v2.16b,v2.16b,v4.16b
|
||||
ld1 {v16.4s},[x7],#16 // re-pre-load rndkey[0]
|
||||
st1 {v2.16b},[x1],#16
|
||||
eor v3.16b,v3.16b,v5.16b
|
||||
mov w6,w5
|
||||
st1 {v3.16b},[x1],#16
|
||||
eor v19.16b,v19.16b,v17.16b
|
||||
ld1 {v17.4s},[x7],#16 // re-pre-load rndkey[1]
|
||||
st1 {v19.16b},[x1],#16
|
||||
b.hs Loop3x_ctr32
|
||||
|
||||
adds x2,x2,#3
|
||||
b.eq Lctr32_done
|
||||
cmp x2,#1
|
||||
mov x12,#16
|
||||
csel x12,xzr,x12,eq
|
||||
|
||||
Lctr32_tail:
|
||||
aese v0.16b,v16.16b
|
||||
aesmc v0.16b,v0.16b
|
||||
aese v1.16b,v16.16b
|
||||
aesmc v1.16b,v1.16b
|
||||
ld1 {v16.4s},[x7],#16
|
||||
subs w6,w6,#2
|
||||
aese v0.16b,v17.16b
|
||||
aesmc v0.16b,v0.16b
|
||||
aese v1.16b,v17.16b
|
||||
aesmc v1.16b,v1.16b
|
||||
ld1 {v17.4s},[x7],#16
|
||||
b.gt Lctr32_tail
|
||||
|
||||
aese v0.16b,v16.16b
|
||||
aesmc v0.16b,v0.16b
|
||||
aese v1.16b,v16.16b
|
||||
aesmc v1.16b,v1.16b
|
||||
aese v0.16b,v17.16b
|
||||
aesmc v0.16b,v0.16b
|
||||
aese v1.16b,v17.16b
|
||||
aesmc v1.16b,v1.16b
|
||||
ld1 {v2.16b},[x0],x12
|
||||
aese v0.16b,v20.16b
|
||||
aesmc v0.16b,v0.16b
|
||||
aese v1.16b,v20.16b
|
||||
aesmc v1.16b,v1.16b
|
||||
ld1 {v3.16b},[x0]
|
||||
aese v0.16b,v21.16b
|
||||
aesmc v0.16b,v0.16b
|
||||
aese v1.16b,v21.16b
|
||||
aesmc v1.16b,v1.16b
|
||||
eor v2.16b,v2.16b,v7.16b
|
||||
aese v0.16b,v22.16b
|
||||
aesmc v0.16b,v0.16b
|
||||
aese v1.16b,v22.16b
|
||||
aesmc v1.16b,v1.16b
|
||||
eor v3.16b,v3.16b,v7.16b
|
||||
aese v0.16b,v23.16b
|
||||
aese v1.16b,v23.16b
|
||||
|
||||
cmp x2,#1
|
||||
eor v2.16b,v2.16b,v0.16b
|
||||
eor v3.16b,v3.16b,v1.16b
|
||||
st1 {v2.16b},[x1],#16
|
||||
b.eq Lctr32_done
|
||||
st1 {v3.16b},[x1]
|
||||
|
||||
Lctr32_done:
|
||||
ldr x29,[sp],#16
|
||||
ret
|
||||
|
||||
#endif
|
||||
#endif // !OPENSSL_NO_ASM
|
||||
1420
third-party/boringssl/ios-aarch64/crypto/fipsmodule/armv8-mont.S
vendored
Normal file
1420
third-party/boringssl/ios-aarch64/crypto/fipsmodule/armv8-mont.S
vendored
Normal file
File diff suppressed because it is too large
Load diff
338
third-party/boringssl/ios-aarch64/crypto/fipsmodule/ghash-neon-armv8.S
vendored
Normal file
338
third-party/boringssl/ios-aarch64/crypto/fipsmodule/ghash-neon-armv8.S
vendored
Normal file
|
|
@ -0,0 +1,338 @@
|
|||
// This file is generated from a similarly-named Perl script in the BoringSSL
|
||||
// source tree. Do not edit by hand.
|
||||
|
||||
#if !defined(__has_feature)
|
||||
#define __has_feature(x) 0
|
||||
#endif
|
||||
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
|
||||
#define OPENSSL_NO_ASM
|
||||
#endif
|
||||
|
||||
#if !defined(OPENSSL_NO_ASM)
|
||||
#if defined(BORINGSSL_PREFIX)
|
||||
#include <boringssl_prefix_symbols_asm.h>
|
||||
#endif
|
||||
.text
|
||||
|
||||
.globl _gcm_init_neon
|
||||
.private_extern _gcm_init_neon
|
||||
|
||||
.align 4
|
||||
_gcm_init_neon:
|
||||
// This function is adapted from gcm_init_v8. xC2 is t3.
|
||||
ld1 {v17.2d}, [x1] // load H
|
||||
movi v19.16b, #0xe1
|
||||
shl v19.2d, v19.2d, #57 // 0xc2.0
|
||||
ext v3.16b, v17.16b, v17.16b, #8
|
||||
ushr v18.2d, v19.2d, #63
|
||||
dup v17.4s, v17.s[1]
|
||||
ext v16.16b, v18.16b, v19.16b, #8 // t0=0xc2....01
|
||||
ushr v18.2d, v3.2d, #63
|
||||
sshr v17.4s, v17.4s, #31 // broadcast carry bit
|
||||
and v18.16b, v18.16b, v16.16b
|
||||
shl v3.2d, v3.2d, #1
|
||||
ext v18.16b, v18.16b, v18.16b, #8
|
||||
and v16.16b, v16.16b, v17.16b
|
||||
orr v3.16b, v3.16b, v18.16b // H<<<=1
|
||||
eor v5.16b, v3.16b, v16.16b // twisted H
|
||||
st1 {v5.2d}, [x0] // store Htable[0]
|
||||
ret
|
||||
|
||||
|
||||
.globl _gcm_gmult_neon
|
||||
.private_extern _gcm_gmult_neon
|
||||
|
||||
.align 4
|
||||
_gcm_gmult_neon:
|
||||
ld1 {v3.16b}, [x0] // load Xi
|
||||
ld1 {v5.1d}, [x1], #8 // load twisted H
|
||||
ld1 {v6.1d}, [x1]
|
||||
adrp x9, Lmasks@PAGE // load constants
|
||||
add x9, x9, Lmasks@PAGEOFF
|
||||
ld1 {v24.2d, v25.2d}, [x9]
|
||||
rev64 v3.16b, v3.16b // byteswap Xi
|
||||
ext v3.16b, v3.16b, v3.16b, #8
|
||||
eor v7.8b, v5.8b, v6.8b // Karatsuba pre-processing
|
||||
|
||||
mov x3, #16
|
||||
b Lgmult_neon
|
||||
|
||||
|
||||
.globl _gcm_ghash_neon
|
||||
.private_extern _gcm_ghash_neon
|
||||
|
||||
.align 4
|
||||
_gcm_ghash_neon:
|
||||
ld1 {v0.16b}, [x0] // load Xi
|
||||
ld1 {v5.1d}, [x1], #8 // load twisted H
|
||||
ld1 {v6.1d}, [x1]
|
||||
adrp x9, Lmasks@PAGE // load constants
|
||||
add x9, x9, Lmasks@PAGEOFF
|
||||
ld1 {v24.2d, v25.2d}, [x9]
|
||||
rev64 v0.16b, v0.16b // byteswap Xi
|
||||
ext v0.16b, v0.16b, v0.16b, #8
|
||||
eor v7.8b, v5.8b, v6.8b // Karatsuba pre-processing
|
||||
|
||||
Loop_neon:
|
||||
ld1 {v3.16b}, [x2], #16 // load inp
|
||||
rev64 v3.16b, v3.16b // byteswap inp
|
||||
ext v3.16b, v3.16b, v3.16b, #8
|
||||
eor v3.16b, v3.16b, v0.16b // inp ^= Xi
|
||||
|
||||
Lgmult_neon:
|
||||
// Split the input into v3 and v4. (The upper halves are unused,
|
||||
// so it is okay to leave them alone.)
|
||||
ins v4.d[0], v3.d[1]
|
||||
ext v16.8b, v5.8b, v5.8b, #1 // A1
|
||||
pmull v16.8h, v16.8b, v3.8b // F = A1*B
|
||||
ext v0.8b, v3.8b, v3.8b, #1 // B1
|
||||
pmull v0.8h, v5.8b, v0.8b // E = A*B1
|
||||
ext v17.8b, v5.8b, v5.8b, #2 // A2
|
||||
pmull v17.8h, v17.8b, v3.8b // H = A2*B
|
||||
ext v19.8b, v3.8b, v3.8b, #2 // B2
|
||||
pmull v19.8h, v5.8b, v19.8b // G = A*B2
|
||||
ext v18.8b, v5.8b, v5.8b, #3 // A3
|
||||
eor v16.16b, v16.16b, v0.16b // L = E + F
|
||||
pmull v18.8h, v18.8b, v3.8b // J = A3*B
|
||||
ext v0.8b, v3.8b, v3.8b, #3 // B3
|
||||
eor v17.16b, v17.16b, v19.16b // M = G + H
|
||||
pmull v0.8h, v5.8b, v0.8b // I = A*B3
|
||||
|
||||
// Here we diverge from the 32-bit version. It computes the following
|
||||
// (instructions reordered for clarity):
|
||||
//
|
||||
// veor $t0#lo, $t0#lo, $t0#hi @ t0 = P0 + P1 (L)
|
||||
// vand $t0#hi, $t0#hi, $k48
|
||||
// veor $t0#lo, $t0#lo, $t0#hi
|
||||
//
|
||||
// veor $t1#lo, $t1#lo, $t1#hi @ t1 = P2 + P3 (M)
|
||||
// vand $t1#hi, $t1#hi, $k32
|
||||
// veor $t1#lo, $t1#lo, $t1#hi
|
||||
//
|
||||
// veor $t2#lo, $t2#lo, $t2#hi @ t2 = P4 + P5 (N)
|
||||
// vand $t2#hi, $t2#hi, $k16
|
||||
// veor $t2#lo, $t2#lo, $t2#hi
|
||||
//
|
||||
// veor $t3#lo, $t3#lo, $t3#hi @ t3 = P6 + P7 (K)
|
||||
// vmov.i64 $t3#hi, #0
|
||||
//
|
||||
// $kN is a mask with the bottom N bits set. AArch64 cannot compute on
|
||||
// upper halves of SIMD registers, so we must split each half into
|
||||
// separate registers. To compensate, we pair computations up and
|
||||
// parallelize.
|
||||
|
||||
ext v19.8b, v3.8b, v3.8b, #4 // B4
|
||||
eor v18.16b, v18.16b, v0.16b // N = I + J
|
||||
pmull v19.8h, v5.8b, v19.8b // K = A*B4
|
||||
|
||||
// This can probably be scheduled more efficiently. For now, we just
|
||||
// pair up independent instructions.
|
||||
zip1 v20.2d, v16.2d, v17.2d
|
||||
zip1 v22.2d, v18.2d, v19.2d
|
||||
zip2 v21.2d, v16.2d, v17.2d
|
||||
zip2 v23.2d, v18.2d, v19.2d
|
||||
eor v20.16b, v20.16b, v21.16b
|
||||
eor v22.16b, v22.16b, v23.16b
|
||||
and v21.16b, v21.16b, v24.16b
|
||||
and v23.16b, v23.16b, v25.16b
|
||||
eor v20.16b, v20.16b, v21.16b
|
||||
eor v22.16b, v22.16b, v23.16b
|
||||
zip1 v16.2d, v20.2d, v21.2d
|
||||
zip1 v18.2d, v22.2d, v23.2d
|
||||
zip2 v17.2d, v20.2d, v21.2d
|
||||
zip2 v19.2d, v22.2d, v23.2d
|
||||
|
||||
ext v16.16b, v16.16b, v16.16b, #15 // t0 = t0 << 8
|
||||
ext v17.16b, v17.16b, v17.16b, #14 // t1 = t1 << 16
|
||||
pmull v0.8h, v5.8b, v3.8b // D = A*B
|
||||
ext v19.16b, v19.16b, v19.16b, #12 // t3 = t3 << 32
|
||||
ext v18.16b, v18.16b, v18.16b, #13 // t2 = t2 << 24
|
||||
eor v16.16b, v16.16b, v17.16b
|
||||
eor v18.16b, v18.16b, v19.16b
|
||||
eor v0.16b, v0.16b, v16.16b
|
||||
eor v0.16b, v0.16b, v18.16b
|
||||
eor v3.8b, v3.8b, v4.8b // Karatsuba pre-processing
|
||||
ext v16.8b, v7.8b, v7.8b, #1 // A1
|
||||
pmull v16.8h, v16.8b, v3.8b // F = A1*B
|
||||
ext v1.8b, v3.8b, v3.8b, #1 // B1
|
||||
pmull v1.8h, v7.8b, v1.8b // E = A*B1
|
||||
ext v17.8b, v7.8b, v7.8b, #2 // A2
|
||||
pmull v17.8h, v17.8b, v3.8b // H = A2*B
|
||||
ext v19.8b, v3.8b, v3.8b, #2 // B2
|
||||
pmull v19.8h, v7.8b, v19.8b // G = A*B2
|
||||
ext v18.8b, v7.8b, v7.8b, #3 // A3
|
||||
eor v16.16b, v16.16b, v1.16b // L = E + F
|
||||
pmull v18.8h, v18.8b, v3.8b // J = A3*B
|
||||
ext v1.8b, v3.8b, v3.8b, #3 // B3
|
||||
eor v17.16b, v17.16b, v19.16b // M = G + H
|
||||
pmull v1.8h, v7.8b, v1.8b // I = A*B3
|
||||
|
||||
// Here we diverge from the 32-bit version. It computes the following
|
||||
// (instructions reordered for clarity):
|
||||
//
|
||||
// veor $t0#lo, $t0#lo, $t0#hi @ t0 = P0 + P1 (L)
|
||||
// vand $t0#hi, $t0#hi, $k48
|
||||
// veor $t0#lo, $t0#lo, $t0#hi
|
||||
//
|
||||
// veor $t1#lo, $t1#lo, $t1#hi @ t1 = P2 + P3 (M)
|
||||
// vand $t1#hi, $t1#hi, $k32
|
||||
// veor $t1#lo, $t1#lo, $t1#hi
|
||||
//
|
||||
// veor $t2#lo, $t2#lo, $t2#hi @ t2 = P4 + P5 (N)
|
||||
// vand $t2#hi, $t2#hi, $k16
|
||||
// veor $t2#lo, $t2#lo, $t2#hi
|
||||
//
|
||||
// veor $t3#lo, $t3#lo, $t3#hi @ t3 = P6 + P7 (K)
|
||||
// vmov.i64 $t3#hi, #0
|
||||
//
|
||||
// $kN is a mask with the bottom N bits set. AArch64 cannot compute on
|
||||
// upper halves of SIMD registers, so we must split each half into
|
||||
// separate registers. To compensate, we pair computations up and
|
||||
// parallelize.
|
||||
|
||||
ext v19.8b, v3.8b, v3.8b, #4 // B4
|
||||
eor v18.16b, v18.16b, v1.16b // N = I + J
|
||||
pmull v19.8h, v7.8b, v19.8b // K = A*B4
|
||||
|
||||
// This can probably be scheduled more efficiently. For now, we just
|
||||
// pair up independent instructions.
|
||||
zip1 v20.2d, v16.2d, v17.2d
|
||||
zip1 v22.2d, v18.2d, v19.2d
|
||||
zip2 v21.2d, v16.2d, v17.2d
|
||||
zip2 v23.2d, v18.2d, v19.2d
|
||||
eor v20.16b, v20.16b, v21.16b
|
||||
eor v22.16b, v22.16b, v23.16b
|
||||
and v21.16b, v21.16b, v24.16b
|
||||
and v23.16b, v23.16b, v25.16b
|
||||
eor v20.16b, v20.16b, v21.16b
|
||||
eor v22.16b, v22.16b, v23.16b
|
||||
zip1 v16.2d, v20.2d, v21.2d
|
||||
zip1 v18.2d, v22.2d, v23.2d
|
||||
zip2 v17.2d, v20.2d, v21.2d
|
||||
zip2 v19.2d, v22.2d, v23.2d
|
||||
|
||||
ext v16.16b, v16.16b, v16.16b, #15 // t0 = t0 << 8
|
||||
ext v17.16b, v17.16b, v17.16b, #14 // t1 = t1 << 16
|
||||
pmull v1.8h, v7.8b, v3.8b // D = A*B
|
||||
ext v19.16b, v19.16b, v19.16b, #12 // t3 = t3 << 32
|
||||
ext v18.16b, v18.16b, v18.16b, #13 // t2 = t2 << 24
|
||||
eor v16.16b, v16.16b, v17.16b
|
||||
eor v18.16b, v18.16b, v19.16b
|
||||
eor v1.16b, v1.16b, v16.16b
|
||||
eor v1.16b, v1.16b, v18.16b
|
||||
ext v16.8b, v6.8b, v6.8b, #1 // A1
|
||||
pmull v16.8h, v16.8b, v4.8b // F = A1*B
|
||||
ext v2.8b, v4.8b, v4.8b, #1 // B1
|
||||
pmull v2.8h, v6.8b, v2.8b // E = A*B1
|
||||
ext v17.8b, v6.8b, v6.8b, #2 // A2
|
||||
pmull v17.8h, v17.8b, v4.8b // H = A2*B
|
||||
ext v19.8b, v4.8b, v4.8b, #2 // B2
|
||||
pmull v19.8h, v6.8b, v19.8b // G = A*B2
|
||||
ext v18.8b, v6.8b, v6.8b, #3 // A3
|
||||
eor v16.16b, v16.16b, v2.16b // L = E + F
|
||||
pmull v18.8h, v18.8b, v4.8b // J = A3*B
|
||||
ext v2.8b, v4.8b, v4.8b, #3 // B3
|
||||
eor v17.16b, v17.16b, v19.16b // M = G + H
|
||||
pmull v2.8h, v6.8b, v2.8b // I = A*B3
|
||||
|
||||
// Here we diverge from the 32-bit version. It computes the following
|
||||
// (instructions reordered for clarity):
|
||||
//
|
||||
// veor $t0#lo, $t0#lo, $t0#hi @ t0 = P0 + P1 (L)
|
||||
// vand $t0#hi, $t0#hi, $k48
|
||||
// veor $t0#lo, $t0#lo, $t0#hi
|
||||
//
|
||||
// veor $t1#lo, $t1#lo, $t1#hi @ t1 = P2 + P3 (M)
|
||||
// vand $t1#hi, $t1#hi, $k32
|
||||
// veor $t1#lo, $t1#lo, $t1#hi
|
||||
//
|
||||
// veor $t2#lo, $t2#lo, $t2#hi @ t2 = P4 + P5 (N)
|
||||
// vand $t2#hi, $t2#hi, $k16
|
||||
// veor $t2#lo, $t2#lo, $t2#hi
|
||||
//
|
||||
// veor $t3#lo, $t3#lo, $t3#hi @ t3 = P6 + P7 (K)
|
||||
// vmov.i64 $t3#hi, #0
|
||||
//
|
||||
// $kN is a mask with the bottom N bits set. AArch64 cannot compute on
|
||||
// upper halves of SIMD registers, so we must split each half into
|
||||
// separate registers. To compensate, we pair computations up and
|
||||
// parallelize.
|
||||
|
||||
ext v19.8b, v4.8b, v4.8b, #4 // B4
|
||||
eor v18.16b, v18.16b, v2.16b // N = I + J
|
||||
pmull v19.8h, v6.8b, v19.8b // K = A*B4
|
||||
|
||||
// This can probably be scheduled more efficiently. For now, we just
|
||||
// pair up independent instructions.
|
||||
zip1 v20.2d, v16.2d, v17.2d
|
||||
zip1 v22.2d, v18.2d, v19.2d
|
||||
zip2 v21.2d, v16.2d, v17.2d
|
||||
zip2 v23.2d, v18.2d, v19.2d
|
||||
eor v20.16b, v20.16b, v21.16b
|
||||
eor v22.16b, v22.16b, v23.16b
|
||||
and v21.16b, v21.16b, v24.16b
|
||||
and v23.16b, v23.16b, v25.16b
|
||||
eor v20.16b, v20.16b, v21.16b
|
||||
eor v22.16b, v22.16b, v23.16b
|
||||
zip1 v16.2d, v20.2d, v21.2d
|
||||
zip1 v18.2d, v22.2d, v23.2d
|
||||
zip2 v17.2d, v20.2d, v21.2d
|
||||
zip2 v19.2d, v22.2d, v23.2d
|
||||
|
||||
ext v16.16b, v16.16b, v16.16b, #15 // t0 = t0 << 8
|
||||
ext v17.16b, v17.16b, v17.16b, #14 // t1 = t1 << 16
|
||||
pmull v2.8h, v6.8b, v4.8b // D = A*B
|
||||
ext v19.16b, v19.16b, v19.16b, #12 // t3 = t3 << 32
|
||||
ext v18.16b, v18.16b, v18.16b, #13 // t2 = t2 << 24
|
||||
eor v16.16b, v16.16b, v17.16b
|
||||
eor v18.16b, v18.16b, v19.16b
|
||||
eor v2.16b, v2.16b, v16.16b
|
||||
eor v2.16b, v2.16b, v18.16b
|
||||
ext v16.16b, v0.16b, v2.16b, #8
|
||||
eor v1.16b, v1.16b, v0.16b // Karatsuba post-processing
|
||||
eor v1.16b, v1.16b, v2.16b
|
||||
eor v1.16b, v1.16b, v16.16b // Xm overlaps Xh.lo and Xl.hi
|
||||
ins v0.d[1], v1.d[0] // Xh|Xl - 256-bit result
|
||||
// This is a no-op due to the ins instruction below.
|
||||
// ins v2.d[0], v1.d[1]
|
||||
|
||||
// equivalent of reduction_avx from ghash-x86_64.pl
|
||||
shl v17.2d, v0.2d, #57 // 1st phase
|
||||
shl v18.2d, v0.2d, #62
|
||||
eor v18.16b, v18.16b, v17.16b //
|
||||
shl v17.2d, v0.2d, #63
|
||||
eor v18.16b, v18.16b, v17.16b //
|
||||
// Note Xm contains {Xl.d[1], Xh.d[0]}.
|
||||
eor v18.16b, v18.16b, v1.16b
|
||||
ins v0.d[1], v18.d[0] // Xl.d[1] ^= t2.d[0]
|
||||
ins v2.d[0], v18.d[1] // Xh.d[0] ^= t2.d[1]
|
||||
|
||||
ushr v18.2d, v0.2d, #1 // 2nd phase
|
||||
eor v2.16b, v2.16b,v0.16b
|
||||
eor v0.16b, v0.16b,v18.16b //
|
||||
ushr v18.2d, v18.2d, #6
|
||||
ushr v0.2d, v0.2d, #1 //
|
||||
eor v0.16b, v0.16b, v2.16b //
|
||||
eor v0.16b, v0.16b, v18.16b //
|
||||
|
||||
subs x3, x3, #16
|
||||
bne Loop_neon
|
||||
|
||||
rev64 v0.16b, v0.16b // byteswap Xi and write
|
||||
ext v0.16b, v0.16b, v0.16b, #8
|
||||
st1 {v0.16b}, [x0]
|
||||
|
||||
ret
|
||||
|
||||
|
||||
.section __TEXT,__const
|
||||
.align 4
|
||||
Lmasks:
|
||||
.quad 0x0000ffffffffffff // k48
|
||||
.quad 0x00000000ffffffff // k32
|
||||
.quad 0x000000000000ffff // k16
|
||||
.quad 0x0000000000000000 // k0
|
||||
.byte 71,72,65,83,72,32,102,111,114,32,65,82,77,118,56,44,32,100,101,114,105,118,101,100,32,102,114,111,109,32,65,82,77,118,52,32,118,101,114,115,105,111,110,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
|
||||
.align 2
|
||||
.align 2
|
||||
#endif // !OPENSSL_NO_ASM
|
||||
246
third-party/boringssl/ios-aarch64/crypto/fipsmodule/ghashv8-armx64.S
vendored
Normal file
246
third-party/boringssl/ios-aarch64/crypto/fipsmodule/ghashv8-armx64.S
vendored
Normal file
|
|
@ -0,0 +1,246 @@
|
|||
// This file is generated from a similarly-named Perl script in the BoringSSL
|
||||
// source tree. Do not edit by hand.
|
||||
|
||||
#if !defined(__has_feature)
|
||||
#define __has_feature(x) 0
|
||||
#endif
|
||||
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
|
||||
#define OPENSSL_NO_ASM
|
||||
#endif
|
||||
|
||||
#if !defined(OPENSSL_NO_ASM)
|
||||
#if defined(BORINGSSL_PREFIX)
|
||||
#include <boringssl_prefix_symbols_asm.h>
|
||||
#endif
|
||||
#include <openssl/arm_arch.h>
|
||||
|
||||
.text
|
||||
|
||||
.globl _gcm_init_v8
|
||||
.private_extern _gcm_init_v8
|
||||
|
||||
.align 4
|
||||
_gcm_init_v8:
|
||||
ld1 {v17.2d},[x1] //load input H
|
||||
movi v19.16b,#0xe1
|
||||
shl v19.2d,v19.2d,#57 //0xc2.0
|
||||
ext v3.16b,v17.16b,v17.16b,#8
|
||||
ushr v18.2d,v19.2d,#63
|
||||
dup v17.4s,v17.s[1]
|
||||
ext v16.16b,v18.16b,v19.16b,#8 //t0=0xc2....01
|
||||
ushr v18.2d,v3.2d,#63
|
||||
sshr v17.4s,v17.4s,#31 //broadcast carry bit
|
||||
and v18.16b,v18.16b,v16.16b
|
||||
shl v3.2d,v3.2d,#1
|
||||
ext v18.16b,v18.16b,v18.16b,#8
|
||||
and v16.16b,v16.16b,v17.16b
|
||||
orr v3.16b,v3.16b,v18.16b //H<<<=1
|
||||
eor v20.16b,v3.16b,v16.16b //twisted H
|
||||
st1 {v20.2d},[x0],#16 //store Htable[0]
|
||||
|
||||
//calculate H^2
|
||||
ext v16.16b,v20.16b,v20.16b,#8 //Karatsuba pre-processing
|
||||
pmull v0.1q,v20.1d,v20.1d
|
||||
eor v16.16b,v16.16b,v20.16b
|
||||
pmull2 v2.1q,v20.2d,v20.2d
|
||||
pmull v1.1q,v16.1d,v16.1d
|
||||
|
||||
ext v17.16b,v0.16b,v2.16b,#8 //Karatsuba post-processing
|
||||
eor v18.16b,v0.16b,v2.16b
|
||||
eor v1.16b,v1.16b,v17.16b
|
||||
eor v1.16b,v1.16b,v18.16b
|
||||
pmull v18.1q,v0.1d,v19.1d //1st phase
|
||||
|
||||
ins v2.d[0],v1.d[1]
|
||||
ins v1.d[1],v0.d[0]
|
||||
eor v0.16b,v1.16b,v18.16b
|
||||
|
||||
ext v18.16b,v0.16b,v0.16b,#8 //2nd phase
|
||||
pmull v0.1q,v0.1d,v19.1d
|
||||
eor v18.16b,v18.16b,v2.16b
|
||||
eor v22.16b,v0.16b,v18.16b
|
||||
|
||||
ext v17.16b,v22.16b,v22.16b,#8 //Karatsuba pre-processing
|
||||
eor v17.16b,v17.16b,v22.16b
|
||||
ext v21.16b,v16.16b,v17.16b,#8 //pack Karatsuba pre-processed
|
||||
st1 {v21.2d,v22.2d},[x0] //store Htable[1..2]
|
||||
|
||||
ret
|
||||
|
||||
.globl _gcm_gmult_v8
|
||||
.private_extern _gcm_gmult_v8
|
||||
|
||||
.align 4
|
||||
_gcm_gmult_v8:
|
||||
ld1 {v17.2d},[x0] //load Xi
|
||||
movi v19.16b,#0xe1
|
||||
ld1 {v20.2d,v21.2d},[x1] //load twisted H, ...
|
||||
shl v19.2d,v19.2d,#57
|
||||
#ifndef __ARMEB__
|
||||
rev64 v17.16b,v17.16b
|
||||
#endif
|
||||
ext v3.16b,v17.16b,v17.16b,#8
|
||||
|
||||
pmull v0.1q,v20.1d,v3.1d //H.lo·Xi.lo
|
||||
eor v17.16b,v17.16b,v3.16b //Karatsuba pre-processing
|
||||
pmull2 v2.1q,v20.2d,v3.2d //H.hi·Xi.hi
|
||||
pmull v1.1q,v21.1d,v17.1d //(H.lo+H.hi)·(Xi.lo+Xi.hi)
|
||||
|
||||
ext v17.16b,v0.16b,v2.16b,#8 //Karatsuba post-processing
|
||||
eor v18.16b,v0.16b,v2.16b
|
||||
eor v1.16b,v1.16b,v17.16b
|
||||
eor v1.16b,v1.16b,v18.16b
|
||||
pmull v18.1q,v0.1d,v19.1d //1st phase of reduction
|
||||
|
||||
ins v2.d[0],v1.d[1]
|
||||
ins v1.d[1],v0.d[0]
|
||||
eor v0.16b,v1.16b,v18.16b
|
||||
|
||||
ext v18.16b,v0.16b,v0.16b,#8 //2nd phase of reduction
|
||||
pmull v0.1q,v0.1d,v19.1d
|
||||
eor v18.16b,v18.16b,v2.16b
|
||||
eor v0.16b,v0.16b,v18.16b
|
||||
|
||||
#ifndef __ARMEB__
|
||||
rev64 v0.16b,v0.16b
|
||||
#endif
|
||||
ext v0.16b,v0.16b,v0.16b,#8
|
||||
st1 {v0.2d},[x0] //write out Xi
|
||||
|
||||
ret
|
||||
|
||||
.globl _gcm_ghash_v8
|
||||
.private_extern _gcm_ghash_v8
|
||||
|
||||
.align 4
|
||||
_gcm_ghash_v8:
|
||||
ld1 {v0.2d},[x0] //load [rotated] Xi
|
||||
//"[rotated]" means that
|
||||
//loaded value would have
|
||||
//to be rotated in order to
|
||||
//make it appear as in
|
||||
//algorithm specification
|
||||
subs x3,x3,#32 //see if x3 is 32 or larger
|
||||
mov x12,#16 //x12 is used as post-
|
||||
//increment for input pointer;
|
||||
//as loop is modulo-scheduled
|
||||
//x12 is zeroed just in time
|
||||
//to preclude overstepping
|
||||
//inp[len], which means that
|
||||
//last block[s] are actually
|
||||
//loaded twice, but last
|
||||
//copy is not processed
|
||||
ld1 {v20.2d,v21.2d},[x1],#32 //load twisted H, ..., H^2
|
||||
movi v19.16b,#0xe1
|
||||
ld1 {v22.2d},[x1]
|
||||
csel x12,xzr,x12,eq //is it time to zero x12?
|
||||
ext v0.16b,v0.16b,v0.16b,#8 //rotate Xi
|
||||
ld1 {v16.2d},[x2],#16 //load [rotated] I[0]
|
||||
shl v19.2d,v19.2d,#57 //compose 0xc2.0 constant
|
||||
#ifndef __ARMEB__
|
||||
rev64 v16.16b,v16.16b
|
||||
rev64 v0.16b,v0.16b
|
||||
#endif
|
||||
ext v3.16b,v16.16b,v16.16b,#8 //rotate I[0]
|
||||
b.lo Lodd_tail_v8 //x3 was less than 32
|
||||
ld1 {v17.2d},[x2],x12 //load [rotated] I[1]
|
||||
#ifndef __ARMEB__
|
||||
rev64 v17.16b,v17.16b
|
||||
#endif
|
||||
ext v7.16b,v17.16b,v17.16b,#8
|
||||
eor v3.16b,v3.16b,v0.16b //I[i]^=Xi
|
||||
pmull v4.1q,v20.1d,v7.1d //H·Ii+1
|
||||
eor v17.16b,v17.16b,v7.16b //Karatsuba pre-processing
|
||||
pmull2 v6.1q,v20.2d,v7.2d
|
||||
b Loop_mod2x_v8
|
||||
|
||||
.align 4
|
||||
Loop_mod2x_v8:
|
||||
ext v18.16b,v3.16b,v3.16b,#8
|
||||
subs x3,x3,#32 //is there more data?
|
||||
pmull v0.1q,v22.1d,v3.1d //H^2.lo·Xi.lo
|
||||
csel x12,xzr,x12,lo //is it time to zero x12?
|
||||
|
||||
pmull v5.1q,v21.1d,v17.1d
|
||||
eor v18.16b,v18.16b,v3.16b //Karatsuba pre-processing
|
||||
pmull2 v2.1q,v22.2d,v3.2d //H^2.hi·Xi.hi
|
||||
eor v0.16b,v0.16b,v4.16b //accumulate
|
||||
pmull2 v1.1q,v21.2d,v18.2d //(H^2.lo+H^2.hi)·(Xi.lo+Xi.hi)
|
||||
ld1 {v16.2d},[x2],x12 //load [rotated] I[i+2]
|
||||
|
||||
eor v2.16b,v2.16b,v6.16b
|
||||
csel x12,xzr,x12,eq //is it time to zero x12?
|
||||
eor v1.16b,v1.16b,v5.16b
|
||||
|
||||
ext v17.16b,v0.16b,v2.16b,#8 //Karatsuba post-processing
|
||||
eor v18.16b,v0.16b,v2.16b
|
||||
eor v1.16b,v1.16b,v17.16b
|
||||
ld1 {v17.2d},[x2],x12 //load [rotated] I[i+3]
|
||||
#ifndef __ARMEB__
|
||||
rev64 v16.16b,v16.16b
|
||||
#endif
|
||||
eor v1.16b,v1.16b,v18.16b
|
||||
pmull v18.1q,v0.1d,v19.1d //1st phase of reduction
|
||||
|
||||
#ifndef __ARMEB__
|
||||
rev64 v17.16b,v17.16b
|
||||
#endif
|
||||
ins v2.d[0],v1.d[1]
|
||||
ins v1.d[1],v0.d[0]
|
||||
ext v7.16b,v17.16b,v17.16b,#8
|
||||
ext v3.16b,v16.16b,v16.16b,#8
|
||||
eor v0.16b,v1.16b,v18.16b
|
||||
pmull v4.1q,v20.1d,v7.1d //H·Ii+1
|
||||
eor v3.16b,v3.16b,v2.16b //accumulate v3.16b early
|
||||
|
||||
ext v18.16b,v0.16b,v0.16b,#8 //2nd phase of reduction
|
||||
pmull v0.1q,v0.1d,v19.1d
|
||||
eor v3.16b,v3.16b,v18.16b
|
||||
eor v17.16b,v17.16b,v7.16b //Karatsuba pre-processing
|
||||
eor v3.16b,v3.16b,v0.16b
|
||||
pmull2 v6.1q,v20.2d,v7.2d
|
||||
b.hs Loop_mod2x_v8 //there was at least 32 more bytes
|
||||
|
||||
eor v2.16b,v2.16b,v18.16b
|
||||
ext v3.16b,v16.16b,v16.16b,#8 //re-construct v3.16b
|
||||
adds x3,x3,#32 //re-construct x3
|
||||
eor v0.16b,v0.16b,v2.16b //re-construct v0.16b
|
||||
b.eq Ldone_v8 //is x3 zero?
|
||||
Lodd_tail_v8:
|
||||
ext v18.16b,v0.16b,v0.16b,#8
|
||||
eor v3.16b,v3.16b,v0.16b //inp^=Xi
|
||||
eor v17.16b,v16.16b,v18.16b //v17.16b is rotated inp^Xi
|
||||
|
||||
pmull v0.1q,v20.1d,v3.1d //H.lo·Xi.lo
|
||||
eor v17.16b,v17.16b,v3.16b //Karatsuba pre-processing
|
||||
pmull2 v2.1q,v20.2d,v3.2d //H.hi·Xi.hi
|
||||
pmull v1.1q,v21.1d,v17.1d //(H.lo+H.hi)·(Xi.lo+Xi.hi)
|
||||
|
||||
ext v17.16b,v0.16b,v2.16b,#8 //Karatsuba post-processing
|
||||
eor v18.16b,v0.16b,v2.16b
|
||||
eor v1.16b,v1.16b,v17.16b
|
||||
eor v1.16b,v1.16b,v18.16b
|
||||
pmull v18.1q,v0.1d,v19.1d //1st phase of reduction
|
||||
|
||||
ins v2.d[0],v1.d[1]
|
||||
ins v1.d[1],v0.d[0]
|
||||
eor v0.16b,v1.16b,v18.16b
|
||||
|
||||
ext v18.16b,v0.16b,v0.16b,#8 //2nd phase of reduction
|
||||
pmull v0.1q,v0.1d,v19.1d
|
||||
eor v18.16b,v18.16b,v2.16b
|
||||
eor v0.16b,v0.16b,v18.16b
|
||||
|
||||
Ldone_v8:
|
||||
#ifndef __ARMEB__
|
||||
rev64 v0.16b,v0.16b
|
||||
#endif
|
||||
ext v0.16b,v0.16b,v0.16b,#8
|
||||
st1 {v0.2d},[x0] //write out Xi
|
||||
|
||||
ret
|
||||
|
||||
.byte 71,72,65,83,72,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
|
||||
.align 2
|
||||
.align 2
|
||||
#endif // !OPENSSL_NO_ASM
|
||||
1232
third-party/boringssl/ios-aarch64/crypto/fipsmodule/sha1-armv8.S
vendored
Normal file
1232
third-party/boringssl/ios-aarch64/crypto/fipsmodule/sha1-armv8.S
vendored
Normal file
File diff suppressed because it is too large
Load diff
1210
third-party/boringssl/ios-aarch64/crypto/fipsmodule/sha256-armv8.S
vendored
Normal file
1210
third-party/boringssl/ios-aarch64/crypto/fipsmodule/sha256-armv8.S
vendored
Normal file
File diff suppressed because it is too large
Load diff
1082
third-party/boringssl/ios-aarch64/crypto/fipsmodule/sha512-armv8.S
vendored
Normal file
1082
third-party/boringssl/ios-aarch64/crypto/fipsmodule/sha512-armv8.S
vendored
Normal file
File diff suppressed because it is too large
Load diff
1213
third-party/boringssl/ios-aarch64/crypto/fipsmodule/vpaes-armv8.S
vendored
Normal file
1213
third-party/boringssl/ios-aarch64/crypto/fipsmodule/vpaes-armv8.S
vendored
Normal file
File diff suppressed because it is too large
Load diff
684
third-party/boringssl/ios-aarch64/crypto/test/trampoline-armv8.S
vendored
Normal file
684
third-party/boringssl/ios-aarch64/crypto/test/trampoline-armv8.S
vendored
Normal file
|
|
@ -0,0 +1,684 @@
|
|||
// This file is generated from a similarly-named Perl script in the BoringSSL
|
||||
// source tree. Do not edit by hand.
|
||||
|
||||
#if !defined(__has_feature)
|
||||
#define __has_feature(x) 0
|
||||
#endif
|
||||
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
|
||||
#define OPENSSL_NO_ASM
|
||||
#endif
|
||||
|
||||
#if !defined(OPENSSL_NO_ASM)
|
||||
#if defined(BORINGSSL_PREFIX)
|
||||
#include <boringssl_prefix_symbols_asm.h>
|
||||
#endif
|
||||
.text
|
||||
|
||||
// abi_test_trampoline loads callee-saved registers from |state|, calls |func|
|
||||
// with |argv|, then saves the callee-saved registers into |state|. It returns
|
||||
// the result of |func|. The |unwind| argument is unused.
|
||||
// uint64_t abi_test_trampoline(void (*func)(...), CallerState *state,
|
||||
// const uint64_t *argv, size_t argc,
|
||||
// uint64_t unwind);
|
||||
|
||||
.globl _abi_test_trampoline
|
||||
.private_extern _abi_test_trampoline
|
||||
.align 4
|
||||
_abi_test_trampoline:
|
||||
// Stack layout (low to high addresses)
|
||||
// x29,x30 (16 bytes)
|
||||
// d8-d15 (64 bytes)
|
||||
// x19-x28 (80 bytes)
|
||||
// x1 (8 bytes)
|
||||
// padding (8 bytes)
|
||||
stp x29, x30, [sp, #-176]!
|
||||
mov x29, sp
|
||||
|
||||
// Saved callee-saved registers and |state|.
|
||||
stp d8, d9, [sp, #16]
|
||||
stp d10, d11, [sp, #32]
|
||||
stp d12, d13, [sp, #48]
|
||||
stp d14, d15, [sp, #64]
|
||||
stp x19, x20, [sp, #80]
|
||||
stp x21, x22, [sp, #96]
|
||||
stp x23, x24, [sp, #112]
|
||||
stp x25, x26, [sp, #128]
|
||||
stp x27, x28, [sp, #144]
|
||||
str x1, [sp, #160]
|
||||
|
||||
// Load registers from |state|, with the exception of x29. x29 is the
|
||||
// frame pointer and also callee-saved, but AAPCS64 allows platforms to
|
||||
// mandate that x29 always point to a frame. iOS64 does so, which means
|
||||
// we cannot fill x29 with entropy without violating ABI rules
|
||||
// ourselves. x29 is tested separately below.
|
||||
ldp d8, d9, [x1], #16
|
||||
ldp d10, d11, [x1], #16
|
||||
ldp d12, d13, [x1], #16
|
||||
ldp d14, d15, [x1], #16
|
||||
ldp x19, x20, [x1], #16
|
||||
ldp x21, x22, [x1], #16
|
||||
ldp x23, x24, [x1], #16
|
||||
ldp x25, x26, [x1], #16
|
||||
ldp x27, x28, [x1], #16
|
||||
|
||||
// Move parameters into temporary registers.
|
||||
mov x9, x0
|
||||
mov x10, x2
|
||||
mov x11, x3
|
||||
|
||||
// Load parameters into registers.
|
||||
cbz x11, Largs_done
|
||||
ldr x0, [x10], #8
|
||||
subs x11, x11, #1
|
||||
b.eq Largs_done
|
||||
ldr x1, [x10], #8
|
||||
subs x11, x11, #1
|
||||
b.eq Largs_done
|
||||
ldr x2, [x10], #8
|
||||
subs x11, x11, #1
|
||||
b.eq Largs_done
|
||||
ldr x3, [x10], #8
|
||||
subs x11, x11, #1
|
||||
b.eq Largs_done
|
||||
ldr x4, [x10], #8
|
||||
subs x11, x11, #1
|
||||
b.eq Largs_done
|
||||
ldr x5, [x10], #8
|
||||
subs x11, x11, #1
|
||||
b.eq Largs_done
|
||||
ldr x6, [x10], #8
|
||||
subs x11, x11, #1
|
||||
b.eq Largs_done
|
||||
ldr x7, [x10], #8
|
||||
|
||||
Largs_done:
|
||||
blr x9
|
||||
|
||||
// Reload |state| and store registers.
|
||||
ldr x1, [sp, #160]
|
||||
stp d8, d9, [x1], #16
|
||||
stp d10, d11, [x1], #16
|
||||
stp d12, d13, [x1], #16
|
||||
stp d14, d15, [x1], #16
|
||||
stp x19, x20, [x1], #16
|
||||
stp x21, x22, [x1], #16
|
||||
stp x23, x24, [x1], #16
|
||||
stp x25, x26, [x1], #16
|
||||
stp x27, x28, [x1], #16
|
||||
|
||||
// |func| is required to preserve x29, the frame pointer. We cannot load
|
||||
// random values into x29 (see comment above), so compare it against the
|
||||
// expected value and zero the field of |state| if corrupted.
|
||||
mov x9, sp
|
||||
cmp x29, x9
|
||||
b.eq Lx29_ok
|
||||
str xzr, [x1]
|
||||
|
||||
Lx29_ok:
|
||||
// Restore callee-saved registers.
|
||||
ldp d8, d9, [sp, #16]
|
||||
ldp d10, d11, [sp, #32]
|
||||
ldp d12, d13, [sp, #48]
|
||||
ldp d14, d15, [sp, #64]
|
||||
ldp x19, x20, [sp, #80]
|
||||
ldp x21, x22, [sp, #96]
|
||||
ldp x23, x24, [sp, #112]
|
||||
ldp x25, x26, [sp, #128]
|
||||
ldp x27, x28, [sp, #144]
|
||||
|
||||
ldp x29, x30, [sp], #176
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_x0
|
||||
.private_extern _abi_test_clobber_x0
|
||||
.align 4
|
||||
_abi_test_clobber_x0:
|
||||
mov x0, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_x1
|
||||
.private_extern _abi_test_clobber_x1
|
||||
.align 4
|
||||
_abi_test_clobber_x1:
|
||||
mov x1, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_x2
|
||||
.private_extern _abi_test_clobber_x2
|
||||
.align 4
|
||||
_abi_test_clobber_x2:
|
||||
mov x2, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_x3
|
||||
.private_extern _abi_test_clobber_x3
|
||||
.align 4
|
||||
_abi_test_clobber_x3:
|
||||
mov x3, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_x4
|
||||
.private_extern _abi_test_clobber_x4
|
||||
.align 4
|
||||
_abi_test_clobber_x4:
|
||||
mov x4, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_x5
|
||||
.private_extern _abi_test_clobber_x5
|
||||
.align 4
|
||||
_abi_test_clobber_x5:
|
||||
mov x5, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_x6
|
||||
.private_extern _abi_test_clobber_x6
|
||||
.align 4
|
||||
_abi_test_clobber_x6:
|
||||
mov x6, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_x7
|
||||
.private_extern _abi_test_clobber_x7
|
||||
.align 4
|
||||
_abi_test_clobber_x7:
|
||||
mov x7, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_x8
|
||||
.private_extern _abi_test_clobber_x8
|
||||
.align 4
|
||||
_abi_test_clobber_x8:
|
||||
mov x8, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_x9
|
||||
.private_extern _abi_test_clobber_x9
|
||||
.align 4
|
||||
_abi_test_clobber_x9:
|
||||
mov x9, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_x10
|
||||
.private_extern _abi_test_clobber_x10
|
||||
.align 4
|
||||
_abi_test_clobber_x10:
|
||||
mov x10, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_x11
|
||||
.private_extern _abi_test_clobber_x11
|
||||
.align 4
|
||||
_abi_test_clobber_x11:
|
||||
mov x11, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_x12
|
||||
.private_extern _abi_test_clobber_x12
|
||||
.align 4
|
||||
_abi_test_clobber_x12:
|
||||
mov x12, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_x13
|
||||
.private_extern _abi_test_clobber_x13
|
||||
.align 4
|
||||
_abi_test_clobber_x13:
|
||||
mov x13, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_x14
|
||||
.private_extern _abi_test_clobber_x14
|
||||
.align 4
|
||||
_abi_test_clobber_x14:
|
||||
mov x14, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_x15
|
||||
.private_extern _abi_test_clobber_x15
|
||||
.align 4
|
||||
_abi_test_clobber_x15:
|
||||
mov x15, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_x16
|
||||
.private_extern _abi_test_clobber_x16
|
||||
.align 4
|
||||
_abi_test_clobber_x16:
|
||||
mov x16, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_x17
|
||||
.private_extern _abi_test_clobber_x17
|
||||
.align 4
|
||||
_abi_test_clobber_x17:
|
||||
mov x17, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_x19
|
||||
.private_extern _abi_test_clobber_x19
|
||||
.align 4
|
||||
_abi_test_clobber_x19:
|
||||
mov x19, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_x20
|
||||
.private_extern _abi_test_clobber_x20
|
||||
.align 4
|
||||
_abi_test_clobber_x20:
|
||||
mov x20, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_x21
|
||||
.private_extern _abi_test_clobber_x21
|
||||
.align 4
|
||||
_abi_test_clobber_x21:
|
||||
mov x21, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_x22
|
||||
.private_extern _abi_test_clobber_x22
|
||||
.align 4
|
||||
_abi_test_clobber_x22:
|
||||
mov x22, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_x23
|
||||
.private_extern _abi_test_clobber_x23
|
||||
.align 4
|
||||
_abi_test_clobber_x23:
|
||||
mov x23, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_x24
|
||||
.private_extern _abi_test_clobber_x24
|
||||
.align 4
|
||||
_abi_test_clobber_x24:
|
||||
mov x24, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_x25
|
||||
.private_extern _abi_test_clobber_x25
|
||||
.align 4
|
||||
_abi_test_clobber_x25:
|
||||
mov x25, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_x26
|
||||
.private_extern _abi_test_clobber_x26
|
||||
.align 4
|
||||
_abi_test_clobber_x26:
|
||||
mov x26, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_x27
|
||||
.private_extern _abi_test_clobber_x27
|
||||
.align 4
|
||||
_abi_test_clobber_x27:
|
||||
mov x27, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_x28
|
||||
.private_extern _abi_test_clobber_x28
|
||||
.align 4
|
||||
_abi_test_clobber_x28:
|
||||
mov x28, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_x29
|
||||
.private_extern _abi_test_clobber_x29
|
||||
.align 4
|
||||
_abi_test_clobber_x29:
|
||||
mov x29, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d0
|
||||
.private_extern _abi_test_clobber_d0
|
||||
.align 4
|
||||
_abi_test_clobber_d0:
|
||||
fmov d0, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d1
|
||||
.private_extern _abi_test_clobber_d1
|
||||
.align 4
|
||||
_abi_test_clobber_d1:
|
||||
fmov d1, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d2
|
||||
.private_extern _abi_test_clobber_d2
|
||||
.align 4
|
||||
_abi_test_clobber_d2:
|
||||
fmov d2, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d3
|
||||
.private_extern _abi_test_clobber_d3
|
||||
.align 4
|
||||
_abi_test_clobber_d3:
|
||||
fmov d3, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d4
|
||||
.private_extern _abi_test_clobber_d4
|
||||
.align 4
|
||||
_abi_test_clobber_d4:
|
||||
fmov d4, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d5
|
||||
.private_extern _abi_test_clobber_d5
|
||||
.align 4
|
||||
_abi_test_clobber_d5:
|
||||
fmov d5, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d6
|
||||
.private_extern _abi_test_clobber_d6
|
||||
.align 4
|
||||
_abi_test_clobber_d6:
|
||||
fmov d6, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d7
|
||||
.private_extern _abi_test_clobber_d7
|
||||
.align 4
|
||||
_abi_test_clobber_d7:
|
||||
fmov d7, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d8
|
||||
.private_extern _abi_test_clobber_d8
|
||||
.align 4
|
||||
_abi_test_clobber_d8:
|
||||
fmov d8, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d9
|
||||
.private_extern _abi_test_clobber_d9
|
||||
.align 4
|
||||
_abi_test_clobber_d9:
|
||||
fmov d9, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d10
|
||||
.private_extern _abi_test_clobber_d10
|
||||
.align 4
|
||||
_abi_test_clobber_d10:
|
||||
fmov d10, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d11
|
||||
.private_extern _abi_test_clobber_d11
|
||||
.align 4
|
||||
_abi_test_clobber_d11:
|
||||
fmov d11, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d12
|
||||
.private_extern _abi_test_clobber_d12
|
||||
.align 4
|
||||
_abi_test_clobber_d12:
|
||||
fmov d12, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d13
|
||||
.private_extern _abi_test_clobber_d13
|
||||
.align 4
|
||||
_abi_test_clobber_d13:
|
||||
fmov d13, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d14
|
||||
.private_extern _abi_test_clobber_d14
|
||||
.align 4
|
||||
_abi_test_clobber_d14:
|
||||
fmov d14, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d15
|
||||
.private_extern _abi_test_clobber_d15
|
||||
.align 4
|
||||
_abi_test_clobber_d15:
|
||||
fmov d15, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d16
|
||||
.private_extern _abi_test_clobber_d16
|
||||
.align 4
|
||||
_abi_test_clobber_d16:
|
||||
fmov d16, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d17
|
||||
.private_extern _abi_test_clobber_d17
|
||||
.align 4
|
||||
_abi_test_clobber_d17:
|
||||
fmov d17, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d18
|
||||
.private_extern _abi_test_clobber_d18
|
||||
.align 4
|
||||
_abi_test_clobber_d18:
|
||||
fmov d18, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d19
|
||||
.private_extern _abi_test_clobber_d19
|
||||
.align 4
|
||||
_abi_test_clobber_d19:
|
||||
fmov d19, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d20
|
||||
.private_extern _abi_test_clobber_d20
|
||||
.align 4
|
||||
_abi_test_clobber_d20:
|
||||
fmov d20, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d21
|
||||
.private_extern _abi_test_clobber_d21
|
||||
.align 4
|
||||
_abi_test_clobber_d21:
|
||||
fmov d21, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d22
|
||||
.private_extern _abi_test_clobber_d22
|
||||
.align 4
|
||||
_abi_test_clobber_d22:
|
||||
fmov d22, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d23
|
||||
.private_extern _abi_test_clobber_d23
|
||||
.align 4
|
||||
_abi_test_clobber_d23:
|
||||
fmov d23, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d24
|
||||
.private_extern _abi_test_clobber_d24
|
||||
.align 4
|
||||
_abi_test_clobber_d24:
|
||||
fmov d24, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d25
|
||||
.private_extern _abi_test_clobber_d25
|
||||
.align 4
|
||||
_abi_test_clobber_d25:
|
||||
fmov d25, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d26
|
||||
.private_extern _abi_test_clobber_d26
|
||||
.align 4
|
||||
_abi_test_clobber_d26:
|
||||
fmov d26, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d27
|
||||
.private_extern _abi_test_clobber_d27
|
||||
.align 4
|
||||
_abi_test_clobber_d27:
|
||||
fmov d27, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d28
|
||||
.private_extern _abi_test_clobber_d28
|
||||
.align 4
|
||||
_abi_test_clobber_d28:
|
||||
fmov d28, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d29
|
||||
.private_extern _abi_test_clobber_d29
|
||||
.align 4
|
||||
_abi_test_clobber_d29:
|
||||
fmov d29, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d30
|
||||
.private_extern _abi_test_clobber_d30
|
||||
.align 4
|
||||
_abi_test_clobber_d30:
|
||||
fmov d30, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d31
|
||||
.private_extern _abi_test_clobber_d31
|
||||
.align 4
|
||||
_abi_test_clobber_d31:
|
||||
fmov d31, xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_v8_upper
|
||||
.private_extern _abi_test_clobber_v8_upper
|
||||
.align 4
|
||||
_abi_test_clobber_v8_upper:
|
||||
fmov v8.d[1], xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_v9_upper
|
||||
.private_extern _abi_test_clobber_v9_upper
|
||||
.align 4
|
||||
_abi_test_clobber_v9_upper:
|
||||
fmov v9.d[1], xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_v10_upper
|
||||
.private_extern _abi_test_clobber_v10_upper
|
||||
.align 4
|
||||
_abi_test_clobber_v10_upper:
|
||||
fmov v10.d[1], xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_v11_upper
|
||||
.private_extern _abi_test_clobber_v11_upper
|
||||
.align 4
|
||||
_abi_test_clobber_v11_upper:
|
||||
fmov v11.d[1], xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_v12_upper
|
||||
.private_extern _abi_test_clobber_v12_upper
|
||||
.align 4
|
||||
_abi_test_clobber_v12_upper:
|
||||
fmov v12.d[1], xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_v13_upper
|
||||
.private_extern _abi_test_clobber_v13_upper
|
||||
.align 4
|
||||
_abi_test_clobber_v13_upper:
|
||||
fmov v13.d[1], xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_v14_upper
|
||||
.private_extern _abi_test_clobber_v14_upper
|
||||
.align 4
|
||||
_abi_test_clobber_v14_upper:
|
||||
fmov v14.d[1], xzr
|
||||
ret
|
||||
|
||||
|
||||
.globl _abi_test_clobber_v15_upper
|
||||
.private_extern _abi_test_clobber_v15_upper
|
||||
.align 4
|
||||
_abi_test_clobber_v15_upper:
|
||||
fmov v15.d[1], xzr
|
||||
ret
|
||||
|
||||
#endif // !OPENSSL_NO_ASM
|
||||
1498
third-party/boringssl/ios-arm/crypto/chacha/chacha-armv4.S
vendored
Normal file
1498
third-party/boringssl/ios-arm/crypto/chacha/chacha-armv4.S
vendored
Normal file
File diff suppressed because it is too large
Load diff
790
third-party/boringssl/ios-arm/crypto/fipsmodule/aesv8-armx32.S
vendored
Normal file
790
third-party/boringssl/ios-arm/crypto/fipsmodule/aesv8-armx32.S
vendored
Normal file
|
|
@ -0,0 +1,790 @@
|
|||
// This file is generated from a similarly-named Perl script in the BoringSSL
|
||||
// source tree. Do not edit by hand.
|
||||
|
||||
#if !defined(__has_feature)
|
||||
#define __has_feature(x) 0
|
||||
#endif
|
||||
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
|
||||
#define OPENSSL_NO_ASM
|
||||
#endif
|
||||
|
||||
#if !defined(OPENSSL_NO_ASM)
|
||||
#if defined(BORINGSSL_PREFIX)
|
||||
#include <boringssl_prefix_symbols_asm.h>
|
||||
#endif
|
||||
#include <openssl/arm_arch.h>
|
||||
|
||||
#if __ARM_MAX_ARCH__>=7
|
||||
.text
|
||||
|
||||
|
||||
.code 32
|
||||
#undef __thumb2__
|
||||
.align 5
|
||||
Lrcon:
|
||||
.long 0x01,0x01,0x01,0x01
|
||||
.long 0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d @ rotate-n-splat
|
||||
.long 0x1b,0x1b,0x1b,0x1b
|
||||
|
||||
.text
|
||||
|
||||
.globl _aes_hw_set_encrypt_key
|
||||
.private_extern _aes_hw_set_encrypt_key
|
||||
#ifdef __thumb2__
|
||||
.thumb_func _aes_hw_set_encrypt_key
|
||||
#endif
|
||||
.align 5
|
||||
_aes_hw_set_encrypt_key:
|
||||
Lenc_key:
|
||||
mov r3,#-1
|
||||
cmp r0,#0
|
||||
beq Lenc_key_abort
|
||||
cmp r2,#0
|
||||
beq Lenc_key_abort
|
||||
mov r3,#-2
|
||||
cmp r1,#128
|
||||
blt Lenc_key_abort
|
||||
cmp r1,#256
|
||||
bgt Lenc_key_abort
|
||||
tst r1,#0x3f
|
||||
bne Lenc_key_abort
|
||||
|
||||
adr r3,Lrcon
|
||||
cmp r1,#192
|
||||
|
||||
veor q0,q0,q0
|
||||
vld1.8 {q3},[r0]!
|
||||
mov r1,#8 @ reuse r1
|
||||
vld1.32 {q1,q2},[r3]!
|
||||
|
||||
blt Loop128
|
||||
beq L192
|
||||
b L256
|
||||
|
||||
.align 4
|
||||
Loop128:
|
||||
vtbl.8 d20,{q3},d4
|
||||
vtbl.8 d21,{q3},d5
|
||||
vext.8 q9,q0,q3,#12
|
||||
vst1.32 {q3},[r2]!
|
||||
.byte 0x00,0x43,0xf0,0xf3 @ aese q10,q0
|
||||
subs r1,r1,#1
|
||||
|
||||
veor q3,q3,q9
|
||||
vext.8 q9,q0,q9,#12
|
||||
veor q3,q3,q9
|
||||
vext.8 q9,q0,q9,#12
|
||||
veor q10,q10,q1
|
||||
veor q3,q3,q9
|
||||
vshl.u8 q1,q1,#1
|
||||
veor q3,q3,q10
|
||||
bne Loop128
|
||||
|
||||
vld1.32 {q1},[r3]
|
||||
|
||||
vtbl.8 d20,{q3},d4
|
||||
vtbl.8 d21,{q3},d5
|
||||
vext.8 q9,q0,q3,#12
|
||||
vst1.32 {q3},[r2]!
|
||||
.byte 0x00,0x43,0xf0,0xf3 @ aese q10,q0
|
||||
|
||||
veor q3,q3,q9
|
||||
vext.8 q9,q0,q9,#12
|
||||
veor q3,q3,q9
|
||||
vext.8 q9,q0,q9,#12
|
||||
veor q10,q10,q1
|
||||
veor q3,q3,q9
|
||||
vshl.u8 q1,q1,#1
|
||||
veor q3,q3,q10
|
||||
|
||||
vtbl.8 d20,{q3},d4
|
||||
vtbl.8 d21,{q3},d5
|
||||
vext.8 q9,q0,q3,#12
|
||||
vst1.32 {q3},[r2]!
|
||||
.byte 0x00,0x43,0xf0,0xf3 @ aese q10,q0
|
||||
|
||||
veor q3,q3,q9
|
||||
vext.8 q9,q0,q9,#12
|
||||
veor q3,q3,q9
|
||||
vext.8 q9,q0,q9,#12
|
||||
veor q10,q10,q1
|
||||
veor q3,q3,q9
|
||||
veor q3,q3,q10
|
||||
vst1.32 {q3},[r2]
|
||||
add r2,r2,#0x50
|
||||
|
||||
mov r12,#10
|
||||
b Ldone
|
||||
|
||||
.align 4
|
||||
L192:
|
||||
vld1.8 {d16},[r0]!
|
||||
vmov.i8 q10,#8 @ borrow q10
|
||||
vst1.32 {q3},[r2]!
|
||||
vsub.i8 q2,q2,q10 @ adjust the mask
|
||||
|
||||
Loop192:
|
||||
vtbl.8 d20,{q8},d4
|
||||
vtbl.8 d21,{q8},d5
|
||||
vext.8 q9,q0,q3,#12
|
||||
vst1.32 {d16},[r2]!
|
||||
.byte 0x00,0x43,0xf0,0xf3 @ aese q10,q0
|
||||
subs r1,r1,#1
|
||||
|
||||
veor q3,q3,q9
|
||||
vext.8 q9,q0,q9,#12
|
||||
veor q3,q3,q9
|
||||
vext.8 q9,q0,q9,#12
|
||||
veor q3,q3,q9
|
||||
|
||||
vdup.32 q9,d7[1]
|
||||
veor q9,q9,q8
|
||||
veor q10,q10,q1
|
||||
vext.8 q8,q0,q8,#12
|
||||
vshl.u8 q1,q1,#1
|
||||
veor q8,q8,q9
|
||||
veor q3,q3,q10
|
||||
veor q8,q8,q10
|
||||
vst1.32 {q3},[r2]!
|
||||
bne Loop192
|
||||
|
||||
mov r12,#12
|
||||
add r2,r2,#0x20
|
||||
b Ldone
|
||||
|
||||
.align 4
|
||||
L256:
|
||||
vld1.8 {q8},[r0]
|
||||
mov r1,#7
|
||||
mov r12,#14
|
||||
vst1.32 {q3},[r2]!
|
||||
|
||||
Loop256:
|
||||
vtbl.8 d20,{q8},d4
|
||||
vtbl.8 d21,{q8},d5
|
||||
vext.8 q9,q0,q3,#12
|
||||
vst1.32 {q8},[r2]!
|
||||
.byte 0x00,0x43,0xf0,0xf3 @ aese q10,q0
|
||||
subs r1,r1,#1
|
||||
|
||||
veor q3,q3,q9
|
||||
vext.8 q9,q0,q9,#12
|
||||
veor q3,q3,q9
|
||||
vext.8 q9,q0,q9,#12
|
||||
veor q10,q10,q1
|
||||
veor q3,q3,q9
|
||||
vshl.u8 q1,q1,#1
|
||||
veor q3,q3,q10
|
||||
vst1.32 {q3},[r2]!
|
||||
beq Ldone
|
||||
|
||||
vdup.32 q10,d7[1]
|
||||
vext.8 q9,q0,q8,#12
|
||||
.byte 0x00,0x43,0xf0,0xf3 @ aese q10,q0
|
||||
|
||||
veor q8,q8,q9
|
||||
vext.8 q9,q0,q9,#12
|
||||
veor q8,q8,q9
|
||||
vext.8 q9,q0,q9,#12
|
||||
veor q8,q8,q9
|
||||
|
||||
veor q8,q8,q10
|
||||
b Loop256
|
||||
|
||||
Ldone:
|
||||
str r12,[r2]
|
||||
mov r3,#0
|
||||
|
||||
Lenc_key_abort:
|
||||
mov r0,r3 @ return value
|
||||
|
||||
bx lr
|
||||
|
||||
|
||||
.globl _aes_hw_set_decrypt_key
|
||||
.private_extern _aes_hw_set_decrypt_key
|
||||
#ifdef __thumb2__
|
||||
.thumb_func _aes_hw_set_decrypt_key
|
||||
#endif
|
||||
.align 5
|
||||
_aes_hw_set_decrypt_key:
|
||||
stmdb sp!,{r4,lr}
|
||||
bl Lenc_key
|
||||
|
||||
cmp r0,#0
|
||||
bne Ldec_key_abort
|
||||
|
||||
sub r2,r2,#240 @ restore original r2
|
||||
mov r4,#-16
|
||||
add r0,r2,r12,lsl#4 @ end of key schedule
|
||||
|
||||
vld1.32 {q0},[r2]
|
||||
vld1.32 {q1},[r0]
|
||||
vst1.32 {q0},[r0],r4
|
||||
vst1.32 {q1},[r2]!
|
||||
|
||||
Loop_imc:
|
||||
vld1.32 {q0},[r2]
|
||||
vld1.32 {q1},[r0]
|
||||
.byte 0xc0,0x03,0xb0,0xf3 @ aesimc q0,q0
|
||||
.byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1
|
||||
vst1.32 {q0},[r0],r4
|
||||
vst1.32 {q1},[r2]!
|
||||
cmp r0,r2
|
||||
bhi Loop_imc
|
||||
|
||||
vld1.32 {q0},[r2]
|
||||
.byte 0xc0,0x03,0xb0,0xf3 @ aesimc q0,q0
|
||||
vst1.32 {q0},[r0]
|
||||
|
||||
eor r0,r0,r0 @ return value
|
||||
Ldec_key_abort:
|
||||
ldmia sp!,{r4,pc}
|
||||
|
||||
.globl _aes_hw_encrypt
|
||||
.private_extern _aes_hw_encrypt
|
||||
#ifdef __thumb2__
|
||||
.thumb_func _aes_hw_encrypt
|
||||
#endif
|
||||
.align 5
|
||||
_aes_hw_encrypt:
|
||||
ldr r3,[r2,#240]
|
||||
vld1.32 {q0},[r2]!
|
||||
vld1.8 {q2},[r0]
|
||||
sub r3,r3,#2
|
||||
vld1.32 {q1},[r2]!
|
||||
|
||||
Loop_enc:
|
||||
.byte 0x00,0x43,0xb0,0xf3 @ aese q2,q0
|
||||
.byte 0x84,0x43,0xb0,0xf3 @ aesmc q2,q2
|
||||
vld1.32 {q0},[r2]!
|
||||
subs r3,r3,#2
|
||||
.byte 0x02,0x43,0xb0,0xf3 @ aese q2,q1
|
||||
.byte 0x84,0x43,0xb0,0xf3 @ aesmc q2,q2
|
||||
vld1.32 {q1},[r2]!
|
||||
bgt Loop_enc
|
||||
|
||||
.byte 0x00,0x43,0xb0,0xf3 @ aese q2,q0
|
||||
.byte 0x84,0x43,0xb0,0xf3 @ aesmc q2,q2
|
||||
vld1.32 {q0},[r2]
|
||||
.byte 0x02,0x43,0xb0,0xf3 @ aese q2,q1
|
||||
veor q2,q2,q0
|
||||
|
||||
vst1.8 {q2},[r1]
|
||||
bx lr
|
||||
|
||||
.globl _aes_hw_decrypt
|
||||
.private_extern _aes_hw_decrypt
|
||||
#ifdef __thumb2__
|
||||
.thumb_func _aes_hw_decrypt
|
||||
#endif
|
||||
.align 5
|
||||
_aes_hw_decrypt:
|
||||
ldr r3,[r2,#240]
|
||||
vld1.32 {q0},[r2]!
|
||||
vld1.8 {q2},[r0]
|
||||
sub r3,r3,#2
|
||||
vld1.32 {q1},[r2]!
|
||||
|
||||
Loop_dec:
|
||||
.byte 0x40,0x43,0xb0,0xf3 @ aesd q2,q0
|
||||
.byte 0xc4,0x43,0xb0,0xf3 @ aesimc q2,q2
|
||||
vld1.32 {q0},[r2]!
|
||||
subs r3,r3,#2
|
||||
.byte 0x42,0x43,0xb0,0xf3 @ aesd q2,q1
|
||||
.byte 0xc4,0x43,0xb0,0xf3 @ aesimc q2,q2
|
||||
vld1.32 {q1},[r2]!
|
||||
bgt Loop_dec
|
||||
|
||||
.byte 0x40,0x43,0xb0,0xf3 @ aesd q2,q0
|
||||
.byte 0xc4,0x43,0xb0,0xf3 @ aesimc q2,q2
|
||||
vld1.32 {q0},[r2]
|
||||
.byte 0x42,0x43,0xb0,0xf3 @ aesd q2,q1
|
||||
veor q2,q2,q0
|
||||
|
||||
vst1.8 {q2},[r1]
|
||||
bx lr
|
||||
|
||||
.globl _aes_hw_cbc_encrypt
|
||||
.private_extern _aes_hw_cbc_encrypt
|
||||
#ifdef __thumb2__
|
||||
.thumb_func _aes_hw_cbc_encrypt
|
||||
#endif
|
||||
.align 5
|
||||
_aes_hw_cbc_encrypt:
|
||||
mov ip,sp
|
||||
stmdb sp!,{r4,r5,r6,r7,r8,lr}
|
||||
vstmdb sp!,{d8,d9,d10,d11,d12,d13,d14,d15} @ ABI specification says so
|
||||
ldmia ip,{r4,r5} @ load remaining args
|
||||
subs r2,r2,#16
|
||||
mov r8,#16
|
||||
blo Lcbc_abort
|
||||
moveq r8,#0
|
||||
|
||||
cmp r5,#0 @ en- or decrypting?
|
||||
ldr r5,[r3,#240]
|
||||
and r2,r2,#-16
|
||||
vld1.8 {q6},[r4]
|
||||
vld1.8 {q0},[r0],r8
|
||||
|
||||
vld1.32 {q8,q9},[r3] @ load key schedule...
|
||||
sub r5,r5,#6
|
||||
add r7,r3,r5,lsl#4 @ pointer to last 7 round keys
|
||||
sub r5,r5,#2
|
||||
vld1.32 {q10,q11},[r7]!
|
||||
vld1.32 {q12,q13},[r7]!
|
||||
vld1.32 {q14,q15},[r7]!
|
||||
vld1.32 {q7},[r7]
|
||||
|
||||
add r7,r3,#32
|
||||
mov r6,r5
|
||||
beq Lcbc_dec
|
||||
|
||||
cmp r5,#2
|
||||
veor q0,q0,q6
|
||||
veor q5,q8,q7
|
||||
beq Lcbc_enc128
|
||||
|
||||
vld1.32 {q2,q3},[r7]
|
||||
add r7,r3,#16
|
||||
add r6,r3,#16*4
|
||||
add r12,r3,#16*5
|
||||
.byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8
|
||||
.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
|
||||
add r14,r3,#16*6
|
||||
add r3,r3,#16*7
|
||||
b Lenter_cbc_enc
|
||||
|
||||
.align 4
|
||||
Loop_cbc_enc:
|
||||
.byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8
|
||||
.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
|
||||
vst1.8 {q6},[r1]!
|
||||
Lenter_cbc_enc:
|
||||
.byte 0x22,0x03,0xb0,0xf3 @ aese q0,q9
|
||||
.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
|
||||
.byte 0x04,0x03,0xb0,0xf3 @ aese q0,q2
|
||||
.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
|
||||
vld1.32 {q8},[r6]
|
||||
cmp r5,#4
|
||||
.byte 0x06,0x03,0xb0,0xf3 @ aese q0,q3
|
||||
.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
|
||||
vld1.32 {q9},[r12]
|
||||
beq Lcbc_enc192
|
||||
|
||||
.byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8
|
||||
.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
|
||||
vld1.32 {q8},[r14]
|
||||
.byte 0x22,0x03,0xb0,0xf3 @ aese q0,q9
|
||||
.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
|
||||
vld1.32 {q9},[r3]
|
||||
nop
|
||||
|
||||
Lcbc_enc192:
|
||||
.byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8
|
||||
.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
|
||||
subs r2,r2,#16
|
||||
.byte 0x22,0x03,0xb0,0xf3 @ aese q0,q9
|
||||
.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
|
||||
moveq r8,#0
|
||||
.byte 0x24,0x03,0xb0,0xf3 @ aese q0,q10
|
||||
.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
|
||||
.byte 0x26,0x03,0xb0,0xf3 @ aese q0,q11
|
||||
.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
|
||||
vld1.8 {q8},[r0],r8
|
||||
.byte 0x28,0x03,0xb0,0xf3 @ aese q0,q12
|
||||
.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
|
||||
veor q8,q8,q5
|
||||
.byte 0x2a,0x03,0xb0,0xf3 @ aese q0,q13
|
||||
.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
|
||||
vld1.32 {q9},[r7] @ re-pre-load rndkey[1]
|
||||
.byte 0x2c,0x03,0xb0,0xf3 @ aese q0,q14
|
||||
.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
|
||||
.byte 0x2e,0x03,0xb0,0xf3 @ aese q0,q15
|
||||
veor q6,q0,q7
|
||||
bhs Loop_cbc_enc
|
||||
|
||||
vst1.8 {q6},[r1]!
|
||||
b Lcbc_done
|
||||
|
||||
.align 5
|
||||
Lcbc_enc128:
|
||||
vld1.32 {q2,q3},[r7]
|
||||
.byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8
|
||||
.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
|
||||
b Lenter_cbc_enc128
|
||||
Loop_cbc_enc128:
|
||||
.byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8
|
||||
.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
|
||||
vst1.8 {q6},[r1]!
|
||||
Lenter_cbc_enc128:
|
||||
.byte 0x22,0x03,0xb0,0xf3 @ aese q0,q9
|
||||
.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
|
||||
subs r2,r2,#16
|
||||
.byte 0x04,0x03,0xb0,0xf3 @ aese q0,q2
|
||||
.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
|
||||
moveq r8,#0
|
||||
.byte 0x06,0x03,0xb0,0xf3 @ aese q0,q3
|
||||
.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
|
||||
.byte 0x24,0x03,0xb0,0xf3 @ aese q0,q10
|
||||
.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
|
||||
.byte 0x26,0x03,0xb0,0xf3 @ aese q0,q11
|
||||
.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
|
||||
vld1.8 {q8},[r0],r8
|
||||
.byte 0x28,0x03,0xb0,0xf3 @ aese q0,q12
|
||||
.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
|
||||
.byte 0x2a,0x03,0xb0,0xf3 @ aese q0,q13
|
||||
.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
|
||||
.byte 0x2c,0x03,0xb0,0xf3 @ aese q0,q14
|
||||
.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
|
||||
veor q8,q8,q5
|
||||
.byte 0x2e,0x03,0xb0,0xf3 @ aese q0,q15
|
||||
veor q6,q0,q7
|
||||
bhs Loop_cbc_enc128
|
||||
|
||||
vst1.8 {q6},[r1]!
|
||||
b Lcbc_done
|
||||
.align 5
|
||||
Lcbc_dec:
|
||||
vld1.8 {q10},[r0]!
|
||||
subs r2,r2,#32 @ bias
|
||||
add r6,r5,#2
|
||||
vorr q3,q0,q0
|
||||
vorr q1,q0,q0
|
||||
vorr q11,q10,q10
|
||||
blo Lcbc_dec_tail
|
||||
|
||||
vorr q1,q10,q10
|
||||
vld1.8 {q10},[r0]!
|
||||
vorr q2,q0,q0
|
||||
vorr q3,q1,q1
|
||||
vorr q11,q10,q10
|
||||
|
||||
Loop3x_cbc_dec:
|
||||
.byte 0x60,0x03,0xb0,0xf3 @ aesd q0,q8
|
||||
.byte 0xc0,0x03,0xb0,0xf3 @ aesimc q0,q0
|
||||
.byte 0x60,0x23,0xb0,0xf3 @ aesd q1,q8
|
||||
.byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1
|
||||
.byte 0x60,0x43,0xf0,0xf3 @ aesd q10,q8
|
||||
.byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10
|
||||
vld1.32 {q8},[r7]!
|
||||
subs r6,r6,#2
|
||||
.byte 0x62,0x03,0xb0,0xf3 @ aesd q0,q9
|
||||
.byte 0xc0,0x03,0xb0,0xf3 @ aesimc q0,q0
|
||||
.byte 0x62,0x23,0xb0,0xf3 @ aesd q1,q9
|
||||
.byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1
|
||||
.byte 0x62,0x43,0xf0,0xf3 @ aesd q10,q9
|
||||
.byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10
|
||||
vld1.32 {q9},[r7]!
|
||||
bgt Loop3x_cbc_dec
|
||||
|
||||
.byte 0x60,0x03,0xb0,0xf3 @ aesd q0,q8
|
||||
.byte 0xc0,0x03,0xb0,0xf3 @ aesimc q0,q0
|
||||
.byte 0x60,0x23,0xb0,0xf3 @ aesd q1,q8
|
||||
.byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1
|
||||
.byte 0x60,0x43,0xf0,0xf3 @ aesd q10,q8
|
||||
.byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10
|
||||
veor q4,q6,q7
|
||||
subs r2,r2,#0x30
|
||||
veor q5,q2,q7
|
||||
movlo r6,r2 @ r6, r6, is zero at this point
|
||||
.byte 0x62,0x03,0xb0,0xf3 @ aesd q0,q9
|
||||
.byte 0xc0,0x03,0xb0,0xf3 @ aesimc q0,q0
|
||||
.byte 0x62,0x23,0xb0,0xf3 @ aesd q1,q9
|
||||
.byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1
|
||||
.byte 0x62,0x43,0xf0,0xf3 @ aesd q10,q9
|
||||
.byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10
|
||||
veor q9,q3,q7
|
||||
add r0,r0,r6 @ r0 is adjusted in such way that
|
||||
@ at exit from the loop q1-q10
|
||||
@ are loaded with last "words"
|
||||
vorr q6,q11,q11
|
||||
mov r7,r3
|
||||
.byte 0x68,0x03,0xb0,0xf3 @ aesd q0,q12
|
||||
.byte 0xc0,0x03,0xb0,0xf3 @ aesimc q0,q0
|
||||
.byte 0x68,0x23,0xb0,0xf3 @ aesd q1,q12
|
||||
.byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1
|
||||
.byte 0x68,0x43,0xf0,0xf3 @ aesd q10,q12
|
||||
.byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10
|
||||
vld1.8 {q2},[r0]!
|
||||
.byte 0x6a,0x03,0xb0,0xf3 @ aesd q0,q13
|
||||
.byte 0xc0,0x03,0xb0,0xf3 @ aesimc q0,q0
|
||||
.byte 0x6a,0x23,0xb0,0xf3 @ aesd q1,q13
|
||||
.byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1
|
||||
.byte 0x6a,0x43,0xf0,0xf3 @ aesd q10,q13
|
||||
.byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10
|
||||
vld1.8 {q3},[r0]!
|
||||
.byte 0x6c,0x03,0xb0,0xf3 @ aesd q0,q14
|
||||
.byte 0xc0,0x03,0xb0,0xf3 @ aesimc q0,q0
|
||||
.byte 0x6c,0x23,0xb0,0xf3 @ aesd q1,q14
|
||||
.byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1
|
||||
.byte 0x6c,0x43,0xf0,0xf3 @ aesd q10,q14
|
||||
.byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10
|
||||
vld1.8 {q11},[r0]!
|
||||
.byte 0x6e,0x03,0xb0,0xf3 @ aesd q0,q15
|
||||
.byte 0x6e,0x23,0xb0,0xf3 @ aesd q1,q15
|
||||
.byte 0x6e,0x43,0xf0,0xf3 @ aesd q10,q15
|
||||
vld1.32 {q8},[r7]! @ re-pre-load rndkey[0]
|
||||
add r6,r5,#2
|
||||
veor q4,q4,q0
|
||||
veor q5,q5,q1
|
||||
veor q10,q10,q9
|
||||
vld1.32 {q9},[r7]! @ re-pre-load rndkey[1]
|
||||
vst1.8 {q4},[r1]!
|
||||
vorr q0,q2,q2
|
||||
vst1.8 {q5},[r1]!
|
||||
vorr q1,q3,q3
|
||||
vst1.8 {q10},[r1]!
|
||||
vorr q10,q11,q11
|
||||
bhs Loop3x_cbc_dec
|
||||
|
||||
cmn r2,#0x30
|
||||
beq Lcbc_done
|
||||
nop
|
||||
|
||||
Lcbc_dec_tail:
|
||||
.byte 0x60,0x23,0xb0,0xf3 @ aesd q1,q8
|
||||
.byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1
|
||||
.byte 0x60,0x43,0xf0,0xf3 @ aesd q10,q8
|
||||
.byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10
|
||||
vld1.32 {q8},[r7]!
|
||||
subs r6,r6,#2
|
||||
.byte 0x62,0x23,0xb0,0xf3 @ aesd q1,q9
|
||||
.byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1
|
||||
.byte 0x62,0x43,0xf0,0xf3 @ aesd q10,q9
|
||||
.byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10
|
||||
vld1.32 {q9},[r7]!
|
||||
bgt Lcbc_dec_tail
|
||||
|
||||
.byte 0x60,0x23,0xb0,0xf3 @ aesd q1,q8
|
||||
.byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1
|
||||
.byte 0x60,0x43,0xf0,0xf3 @ aesd q10,q8
|
||||
.byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10
|
||||
.byte 0x62,0x23,0xb0,0xf3 @ aesd q1,q9
|
||||
.byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1
|
||||
.byte 0x62,0x43,0xf0,0xf3 @ aesd q10,q9
|
||||
.byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10
|
||||
.byte 0x68,0x23,0xb0,0xf3 @ aesd q1,q12
|
||||
.byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1
|
||||
.byte 0x68,0x43,0xf0,0xf3 @ aesd q10,q12
|
||||
.byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10
|
||||
cmn r2,#0x20
|
||||
.byte 0x6a,0x23,0xb0,0xf3 @ aesd q1,q13
|
||||
.byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1
|
||||
.byte 0x6a,0x43,0xf0,0xf3 @ aesd q10,q13
|
||||
.byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10
|
||||
veor q5,q6,q7
|
||||
.byte 0x6c,0x23,0xb0,0xf3 @ aesd q1,q14
|
||||
.byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1
|
||||
.byte 0x6c,0x43,0xf0,0xf3 @ aesd q10,q14
|
||||
.byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10
|
||||
veor q9,q3,q7
|
||||
.byte 0x6e,0x23,0xb0,0xf3 @ aesd q1,q15
|
||||
.byte 0x6e,0x43,0xf0,0xf3 @ aesd q10,q15
|
||||
beq Lcbc_dec_one
|
||||
veor q5,q5,q1
|
||||
veor q9,q9,q10
|
||||
vorr q6,q11,q11
|
||||
vst1.8 {q5},[r1]!
|
||||
vst1.8 {q9},[r1]!
|
||||
b Lcbc_done
|
||||
|
||||
Lcbc_dec_one:
|
||||
veor q5,q5,q10
|
||||
vorr q6,q11,q11
|
||||
vst1.8 {q5},[r1]!
|
||||
|
||||
Lcbc_done:
|
||||
vst1.8 {q6},[r4]
|
||||
Lcbc_abort:
|
||||
vldmia sp!,{d8,d9,d10,d11,d12,d13,d14,d15}
|
||||
ldmia sp!,{r4,r5,r6,r7,r8,pc}
|
||||
|
||||
.globl _aes_hw_ctr32_encrypt_blocks
|
||||
.private_extern _aes_hw_ctr32_encrypt_blocks
|
||||
#ifdef __thumb2__
|
||||
.thumb_func _aes_hw_ctr32_encrypt_blocks
|
||||
#endif
|
||||
.align 5
|
||||
_aes_hw_ctr32_encrypt_blocks:
|
||||
mov ip,sp
|
||||
stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,lr}
|
||||
vstmdb sp!,{d8,d9,d10,d11,d12,d13,d14,d15} @ ABI specification says so
|
||||
ldr r4, [ip] @ load remaining arg
|
||||
ldr r5,[r3,#240]
|
||||
|
||||
ldr r8, [r4, #12]
|
||||
vld1.32 {q0},[r4]
|
||||
|
||||
vld1.32 {q8,q9},[r3] @ load key schedule...
|
||||
sub r5,r5,#4
|
||||
mov r12,#16
|
||||
cmp r2,#2
|
||||
add r7,r3,r5,lsl#4 @ pointer to last 5 round keys
|
||||
sub r5,r5,#2
|
||||
vld1.32 {q12,q13},[r7]!
|
||||
vld1.32 {q14,q15},[r7]!
|
||||
vld1.32 {q7},[r7]
|
||||
add r7,r3,#32
|
||||
mov r6,r5
|
||||
movlo r12,#0
|
||||
#ifndef __ARMEB__
|
||||
rev r8, r8
|
||||
#endif
|
||||
vorr q1,q0,q0
|
||||
add r10, r8, #1
|
||||
vorr q10,q0,q0
|
||||
add r8, r8, #2
|
||||
vorr q6,q0,q0
|
||||
rev r10, r10
|
||||
vmov.32 d3[1],r10
|
||||
bls Lctr32_tail
|
||||
rev r12, r8
|
||||
sub r2,r2,#3 @ bias
|
||||
vmov.32 d21[1],r12
|
||||
b Loop3x_ctr32
|
||||
|
||||
.align 4
|
||||
Loop3x_ctr32:
|
||||
.byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8
|
||||
.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
|
||||
.byte 0x20,0x23,0xb0,0xf3 @ aese q1,q8
|
||||
.byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1
|
||||
.byte 0x20,0x43,0xf0,0xf3 @ aese q10,q8
|
||||
.byte 0xa4,0x43,0xf0,0xf3 @ aesmc q10,q10
|
||||
vld1.32 {q8},[r7]!
|
||||
subs r6,r6,#2
|
||||
.byte 0x22,0x03,0xb0,0xf3 @ aese q0,q9
|
||||
.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
|
||||
.byte 0x22,0x23,0xb0,0xf3 @ aese q1,q9
|
||||
.byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1
|
||||
.byte 0x22,0x43,0xf0,0xf3 @ aese q10,q9
|
||||
.byte 0xa4,0x43,0xf0,0xf3 @ aesmc q10,q10
|
||||
vld1.32 {q9},[r7]!
|
||||
bgt Loop3x_ctr32
|
||||
|
||||
.byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8
|
||||
.byte 0x80,0x83,0xb0,0xf3 @ aesmc q4,q0
|
||||
.byte 0x20,0x23,0xb0,0xf3 @ aese q1,q8
|
||||
.byte 0x82,0xa3,0xb0,0xf3 @ aesmc q5,q1
|
||||
vld1.8 {q2},[r0]!
|
||||
vorr q0,q6,q6
|
||||
.byte 0x20,0x43,0xf0,0xf3 @ aese q10,q8
|
||||
.byte 0xa4,0x43,0xf0,0xf3 @ aesmc q10,q10
|
||||
vld1.8 {q3},[r0]!
|
||||
vorr q1,q6,q6
|
||||
.byte 0x22,0x83,0xb0,0xf3 @ aese q4,q9
|
||||
.byte 0x88,0x83,0xb0,0xf3 @ aesmc q4,q4
|
||||
.byte 0x22,0xa3,0xb0,0xf3 @ aese q5,q9
|
||||
.byte 0x8a,0xa3,0xb0,0xf3 @ aesmc q5,q5
|
||||
vld1.8 {q11},[r0]!
|
||||
mov r7,r3
|
||||
.byte 0x22,0x43,0xf0,0xf3 @ aese q10,q9
|
||||
.byte 0xa4,0x23,0xf0,0xf3 @ aesmc q9,q10
|
||||
vorr q10,q6,q6
|
||||
add r9,r8,#1
|
||||
.byte 0x28,0x83,0xb0,0xf3 @ aese q4,q12
|
||||
.byte 0x88,0x83,0xb0,0xf3 @ aesmc q4,q4
|
||||
.byte 0x28,0xa3,0xb0,0xf3 @ aese q5,q12
|
||||
.byte 0x8a,0xa3,0xb0,0xf3 @ aesmc q5,q5
|
||||
veor q2,q2,q7
|
||||
add r10,r8,#2
|
||||
.byte 0x28,0x23,0xf0,0xf3 @ aese q9,q12
|
||||
.byte 0xa2,0x23,0xf0,0xf3 @ aesmc q9,q9
|
||||
veor q3,q3,q7
|
||||
add r8,r8,#3
|
||||
.byte 0x2a,0x83,0xb0,0xf3 @ aese q4,q13
|
||||
.byte 0x88,0x83,0xb0,0xf3 @ aesmc q4,q4
|
||||
.byte 0x2a,0xa3,0xb0,0xf3 @ aese q5,q13
|
||||
.byte 0x8a,0xa3,0xb0,0xf3 @ aesmc q5,q5
|
||||
veor q11,q11,q7
|
||||
rev r9,r9
|
||||
.byte 0x2a,0x23,0xf0,0xf3 @ aese q9,q13
|
||||
.byte 0xa2,0x23,0xf0,0xf3 @ aesmc q9,q9
|
||||
vmov.32 d1[1], r9
|
||||
rev r10,r10
|
||||
.byte 0x2c,0x83,0xb0,0xf3 @ aese q4,q14
|
||||
.byte 0x88,0x83,0xb0,0xf3 @ aesmc q4,q4
|
||||
.byte 0x2c,0xa3,0xb0,0xf3 @ aese q5,q14
|
||||
.byte 0x8a,0xa3,0xb0,0xf3 @ aesmc q5,q5
|
||||
vmov.32 d3[1], r10
|
||||
rev r12,r8
|
||||
.byte 0x2c,0x23,0xf0,0xf3 @ aese q9,q14
|
||||
.byte 0xa2,0x23,0xf0,0xf3 @ aesmc q9,q9
|
||||
vmov.32 d21[1], r12
|
||||
subs r2,r2,#3
|
||||
.byte 0x2e,0x83,0xb0,0xf3 @ aese q4,q15
|
||||
.byte 0x2e,0xa3,0xb0,0xf3 @ aese q5,q15
|
||||
.byte 0x2e,0x23,0xf0,0xf3 @ aese q9,q15
|
||||
|
||||
veor q2,q2,q4
|
||||
vld1.32 {q8},[r7]! @ re-pre-load rndkey[0]
|
||||
vst1.8 {q2},[r1]!
|
||||
veor q3,q3,q5
|
||||
mov r6,r5
|
||||
vst1.8 {q3},[r1]!
|
||||
veor q11,q11,q9
|
||||
vld1.32 {q9},[r7]! @ re-pre-load rndkey[1]
|
||||
vst1.8 {q11},[r1]!
|
||||
bhs Loop3x_ctr32
|
||||
|
||||
adds r2,r2,#3
|
||||
beq Lctr32_done
|
||||
cmp r2,#1
|
||||
mov r12,#16
|
||||
moveq r12,#0
|
||||
|
||||
Lctr32_tail:
|
||||
.byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8
|
||||
.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
|
||||
.byte 0x20,0x23,0xb0,0xf3 @ aese q1,q8
|
||||
.byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1
|
||||
vld1.32 {q8},[r7]!
|
||||
subs r6,r6,#2
|
||||
.byte 0x22,0x03,0xb0,0xf3 @ aese q0,q9
|
||||
.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
|
||||
.byte 0x22,0x23,0xb0,0xf3 @ aese q1,q9
|
||||
.byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1
|
||||
vld1.32 {q9},[r7]!
|
||||
bgt Lctr32_tail
|
||||
|
||||
.byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8
|
||||
.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
|
||||
.byte 0x20,0x23,0xb0,0xf3 @ aese q1,q8
|
||||
.byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1
|
||||
.byte 0x22,0x03,0xb0,0xf3 @ aese q0,q9
|
||||
.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
|
||||
.byte 0x22,0x23,0xb0,0xf3 @ aese q1,q9
|
||||
.byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1
|
||||
vld1.8 {q2},[r0],r12
|
||||
.byte 0x28,0x03,0xb0,0xf3 @ aese q0,q12
|
||||
.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
|
||||
.byte 0x28,0x23,0xb0,0xf3 @ aese q1,q12
|
||||
.byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1
|
||||
vld1.8 {q3},[r0]
|
||||
.byte 0x2a,0x03,0xb0,0xf3 @ aese q0,q13
|
||||
.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
|
||||
.byte 0x2a,0x23,0xb0,0xf3 @ aese q1,q13
|
||||
.byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1
|
||||
veor q2,q2,q7
|
||||
.byte 0x2c,0x03,0xb0,0xf3 @ aese q0,q14
|
||||
.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
|
||||
.byte 0x2c,0x23,0xb0,0xf3 @ aese q1,q14
|
||||
.byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1
|
||||
veor q3,q3,q7
|
||||
.byte 0x2e,0x03,0xb0,0xf3 @ aese q0,q15
|
||||
.byte 0x2e,0x23,0xb0,0xf3 @ aese q1,q15
|
||||
|
||||
cmp r2,#1
|
||||
veor q2,q2,q0
|
||||
veor q3,q3,q1
|
||||
vst1.8 {q2},[r1]!
|
||||
beq Lctr32_done
|
||||
vst1.8 {q3},[r1]
|
||||
|
||||
Lctr32_done:
|
||||
vldmia sp!,{d8,d9,d10,d11,d12,d13,d14,d15}
|
||||
ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,pc}
|
||||
|
||||
#endif
|
||||
#endif // !OPENSSL_NO_ASM
|
||||
982
third-party/boringssl/ios-arm/crypto/fipsmodule/armv4-mont.S
vendored
Normal file
982
third-party/boringssl/ios-arm/crypto/fipsmodule/armv4-mont.S
vendored
Normal file
|
|
@ -0,0 +1,982 @@
|
|||
// This file is generated from a similarly-named Perl script in the BoringSSL
|
||||
// source tree. Do not edit by hand.
|
||||
|
||||
#if !defined(__has_feature)
|
||||
#define __has_feature(x) 0
|
||||
#endif
|
||||
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
|
||||
#define OPENSSL_NO_ASM
|
||||
#endif
|
||||
|
||||
#if !defined(OPENSSL_NO_ASM)
|
||||
#if defined(BORINGSSL_PREFIX)
|
||||
#include <boringssl_prefix_symbols_asm.h>
|
||||
#endif
|
||||
#include <openssl/arm_arch.h>
|
||||
|
||||
@ Silence ARMv8 deprecated IT instruction warnings. This file is used by both
|
||||
@ ARMv7 and ARMv8 processors and does not use ARMv8 instructions.
|
||||
|
||||
|
||||
.text
|
||||
#if defined(__thumb2__)
|
||||
.syntax unified
|
||||
.thumb
|
||||
#else
|
||||
.code 32
|
||||
#endif
|
||||
|
||||
#if __ARM_MAX_ARCH__>=7
|
||||
.align 5
|
||||
LOPENSSL_armcap:
|
||||
.word OPENSSL_armcap_P-Lbn_mul_mont
|
||||
#endif
|
||||
|
||||
.globl _bn_mul_mont
|
||||
.private_extern _bn_mul_mont
|
||||
#ifdef __thumb2__
|
||||
.thumb_func _bn_mul_mont
|
||||
#endif
|
||||
|
||||
.align 5
|
||||
_bn_mul_mont:
|
||||
Lbn_mul_mont:
|
||||
ldr ip,[sp,#4] @ load num
|
||||
stmdb sp!,{r0,r2} @ sp points at argument block
|
||||
#if __ARM_MAX_ARCH__>=7
|
||||
tst ip,#7
|
||||
bne Lialu
|
||||
adr r0,Lbn_mul_mont
|
||||
ldr r2,LOPENSSL_armcap
|
||||
ldr r0,[r0,r2]
|
||||
#ifdef __APPLE__
|
||||
ldr r0,[r0]
|
||||
#endif
|
||||
tst r0,#ARMV7_NEON @ NEON available?
|
||||
ldmia sp, {r0,r2}
|
||||
beq Lialu
|
||||
add sp,sp,#8
|
||||
b bn_mul8x_mont_neon
|
||||
.align 4
|
||||
Lialu:
|
||||
#endif
|
||||
cmp ip,#2
|
||||
mov r0,ip @ load num
|
||||
#ifdef __thumb2__
|
||||
ittt lt
|
||||
#endif
|
||||
movlt r0,#0
|
||||
addlt sp,sp,#2*4
|
||||
blt Labrt
|
||||
|
||||
stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} @ save 10 registers
|
||||
|
||||
mov r0,r0,lsl#2 @ rescale r0 for byte count
|
||||
sub sp,sp,r0 @ alloca(4*num)
|
||||
sub sp,sp,#4 @ +extra dword
|
||||
sub r0,r0,#4 @ "num=num-1"
|
||||
add r4,r2,r0 @ &bp[num-1]
|
||||
|
||||
add r0,sp,r0 @ r0 to point at &tp[num-1]
|
||||
ldr r8,[r0,#14*4] @ &n0
|
||||
ldr r2,[r2] @ bp[0]
|
||||
ldr r5,[r1],#4 @ ap[0],ap++
|
||||
ldr r6,[r3],#4 @ np[0],np++
|
||||
ldr r8,[r8] @ *n0
|
||||
str r4,[r0,#15*4] @ save &bp[num]
|
||||
|
||||
umull r10,r11,r5,r2 @ ap[0]*bp[0]
|
||||
str r8,[r0,#14*4] @ save n0 value
|
||||
mul r8,r10,r8 @ "tp[0]"*n0
|
||||
mov r12,#0
|
||||
umlal r10,r12,r6,r8 @ np[0]*n0+"t[0]"
|
||||
mov r4,sp
|
||||
|
||||
L1st:
|
||||
ldr r5,[r1],#4 @ ap[j],ap++
|
||||
mov r10,r11
|
||||
ldr r6,[r3],#4 @ np[j],np++
|
||||
mov r11,#0
|
||||
umlal r10,r11,r5,r2 @ ap[j]*bp[0]
|
||||
mov r14,#0
|
||||
umlal r12,r14,r6,r8 @ np[j]*n0
|
||||
adds r12,r12,r10
|
||||
str r12,[r4],#4 @ tp[j-1]=,tp++
|
||||
adc r12,r14,#0
|
||||
cmp r4,r0
|
||||
bne L1st
|
||||
|
||||
adds r12,r12,r11
|
||||
ldr r4,[r0,#13*4] @ restore bp
|
||||
mov r14,#0
|
||||
ldr r8,[r0,#14*4] @ restore n0
|
||||
adc r14,r14,#0
|
||||
str r12,[r0] @ tp[num-1]=
|
||||
mov r7,sp
|
||||
str r14,[r0,#4] @ tp[num]=
|
||||
|
||||
Louter:
|
||||
sub r7,r0,r7 @ "original" r0-1 value
|
||||
sub r1,r1,r7 @ "rewind" ap to &ap[1]
|
||||
ldr r2,[r4,#4]! @ *(++bp)
|
||||
sub r3,r3,r7 @ "rewind" np to &np[1]
|
||||
ldr r5,[r1,#-4] @ ap[0]
|
||||
ldr r10,[sp] @ tp[0]
|
||||
ldr r6,[r3,#-4] @ np[0]
|
||||
ldr r7,[sp,#4] @ tp[1]
|
||||
|
||||
mov r11,#0
|
||||
umlal r10,r11,r5,r2 @ ap[0]*bp[i]+tp[0]
|
||||
str r4,[r0,#13*4] @ save bp
|
||||
mul r8,r10,r8
|
||||
mov r12,#0
|
||||
umlal r10,r12,r6,r8 @ np[0]*n0+"tp[0]"
|
||||
mov r4,sp
|
||||
|
||||
Linner:
|
||||
ldr r5,[r1],#4 @ ap[j],ap++
|
||||
adds r10,r11,r7 @ +=tp[j]
|
||||
ldr r6,[r3],#4 @ np[j],np++
|
||||
mov r11,#0
|
||||
umlal r10,r11,r5,r2 @ ap[j]*bp[i]
|
||||
mov r14,#0
|
||||
umlal r12,r14,r6,r8 @ np[j]*n0
|
||||
adc r11,r11,#0
|
||||
ldr r7,[r4,#8] @ tp[j+1]
|
||||
adds r12,r12,r10
|
||||
str r12,[r4],#4 @ tp[j-1]=,tp++
|
||||
adc r12,r14,#0
|
||||
cmp r4,r0
|
||||
bne Linner
|
||||
|
||||
adds r12,r12,r11
|
||||
mov r14,#0
|
||||
ldr r4,[r0,#13*4] @ restore bp
|
||||
adc r14,r14,#0
|
||||
ldr r8,[r0,#14*4] @ restore n0
|
||||
adds r12,r12,r7
|
||||
ldr r7,[r0,#15*4] @ restore &bp[num]
|
||||
adc r14,r14,#0
|
||||
str r12,[r0] @ tp[num-1]=
|
||||
str r14,[r0,#4] @ tp[num]=
|
||||
|
||||
cmp r4,r7
|
||||
#ifdef __thumb2__
|
||||
itt ne
|
||||
#endif
|
||||
movne r7,sp
|
||||
bne Louter
|
||||
|
||||
ldr r2,[r0,#12*4] @ pull rp
|
||||
mov r5,sp
|
||||
add r0,r0,#4 @ r0 to point at &tp[num]
|
||||
sub r5,r0,r5 @ "original" num value
|
||||
mov r4,sp @ "rewind" r4
|
||||
mov r1,r4 @ "borrow" r1
|
||||
sub r3,r3,r5 @ "rewind" r3 to &np[0]
|
||||
|
||||
subs r7,r7,r7 @ "clear" carry flag
|
||||
Lsub: ldr r7,[r4],#4
|
||||
ldr r6,[r3],#4
|
||||
sbcs r7,r7,r6 @ tp[j]-np[j]
|
||||
str r7,[r2],#4 @ rp[j]=
|
||||
teq r4,r0 @ preserve carry
|
||||
bne Lsub
|
||||
sbcs r14,r14,#0 @ upmost carry
|
||||
mov r4,sp @ "rewind" r4
|
||||
sub r2,r2,r5 @ "rewind" r2
|
||||
|
||||
Lcopy: ldr r7,[r4] @ conditional copy
|
||||
ldr r5,[r2]
|
||||
str sp,[r4],#4 @ zap tp
|
||||
#ifdef __thumb2__
|
||||
it cc
|
||||
#endif
|
||||
movcc r5,r7
|
||||
str r5,[r2],#4
|
||||
teq r4,r0 @ preserve carry
|
||||
bne Lcopy
|
||||
|
||||
mov sp,r0
|
||||
add sp,sp,#4 @ skip over tp[num+1]
|
||||
ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} @ restore registers
|
||||
add sp,sp,#2*4 @ skip over {r0,r2}
|
||||
mov r0,#1
|
||||
Labrt:
|
||||
#if __ARM_ARCH__>=5
|
||||
bx lr @ bx lr
|
||||
#else
|
||||
tst lr,#1
|
||||
moveq pc,lr @ be binary compatible with V4, yet
|
||||
.word 0xe12fff1e @ interoperable with Thumb ISA:-)
|
||||
#endif
|
||||
|
||||
#if __ARM_MAX_ARCH__>=7
|
||||
|
||||
|
||||
|
||||
#ifdef __thumb2__
|
||||
.thumb_func bn_mul8x_mont_neon
|
||||
#endif
|
||||
.align 5
|
||||
bn_mul8x_mont_neon:
|
||||
mov ip,sp
|
||||
stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,r11}
|
||||
vstmdb sp!,{d8,d9,d10,d11,d12,d13,d14,d15} @ ABI specification says so
|
||||
ldmia ip,{r4,r5} @ load rest of parameter block
|
||||
mov ip,sp
|
||||
|
||||
cmp r5,#8
|
||||
bhi LNEON_8n
|
||||
|
||||
@ special case for r5==8, everything is in register bank...
|
||||
|
||||
vld1.32 {d28[0]}, [r2,:32]!
|
||||
veor d8,d8,d8
|
||||
sub r7,sp,r5,lsl#4
|
||||
vld1.32 {d0,d1,d2,d3}, [r1]! @ can't specify :32 :-(
|
||||
and r7,r7,#-64
|
||||
vld1.32 {d30[0]}, [r4,:32]
|
||||
mov sp,r7 @ alloca
|
||||
vzip.16 d28,d8
|
||||
|
||||
vmull.u32 q6,d28,d0[0]
|
||||
vmull.u32 q7,d28,d0[1]
|
||||
vmull.u32 q8,d28,d1[0]
|
||||
vshl.i64 d29,d13,#16
|
||||
vmull.u32 q9,d28,d1[1]
|
||||
|
||||
vadd.u64 d29,d29,d12
|
||||
veor d8,d8,d8
|
||||
vmul.u32 d29,d29,d30
|
||||
|
||||
vmull.u32 q10,d28,d2[0]
|
||||
vld1.32 {d4,d5,d6,d7}, [r3]!
|
||||
vmull.u32 q11,d28,d2[1]
|
||||
vmull.u32 q12,d28,d3[0]
|
||||
vzip.16 d29,d8
|
||||
vmull.u32 q13,d28,d3[1]
|
||||
|
||||
vmlal.u32 q6,d29,d4[0]
|
||||
sub r9,r5,#1
|
||||
vmlal.u32 q7,d29,d4[1]
|
||||
vmlal.u32 q8,d29,d5[0]
|
||||
vmlal.u32 q9,d29,d5[1]
|
||||
|
||||
vmlal.u32 q10,d29,d6[0]
|
||||
vmov q5,q6
|
||||
vmlal.u32 q11,d29,d6[1]
|
||||
vmov q6,q7
|
||||
vmlal.u32 q12,d29,d7[0]
|
||||
vmov q7,q8
|
||||
vmlal.u32 q13,d29,d7[1]
|
||||
vmov q8,q9
|
||||
vmov q9,q10
|
||||
vshr.u64 d10,d10,#16
|
||||
vmov q10,q11
|
||||
vmov q11,q12
|
||||
vadd.u64 d10,d10,d11
|
||||
vmov q12,q13
|
||||
veor q13,q13
|
||||
vshr.u64 d10,d10,#16
|
||||
|
||||
b LNEON_outer8
|
||||
|
||||
.align 4
|
||||
LNEON_outer8:
|
||||
vld1.32 {d28[0]}, [r2,:32]!
|
||||
veor d8,d8,d8
|
||||
vzip.16 d28,d8
|
||||
vadd.u64 d12,d12,d10
|
||||
|
||||
vmlal.u32 q6,d28,d0[0]
|
||||
vmlal.u32 q7,d28,d0[1]
|
||||
vmlal.u32 q8,d28,d1[0]
|
||||
vshl.i64 d29,d13,#16
|
||||
vmlal.u32 q9,d28,d1[1]
|
||||
|
||||
vadd.u64 d29,d29,d12
|
||||
veor d8,d8,d8
|
||||
subs r9,r9,#1
|
||||
vmul.u32 d29,d29,d30
|
||||
|
||||
vmlal.u32 q10,d28,d2[0]
|
||||
vmlal.u32 q11,d28,d2[1]
|
||||
vmlal.u32 q12,d28,d3[0]
|
||||
vzip.16 d29,d8
|
||||
vmlal.u32 q13,d28,d3[1]
|
||||
|
||||
vmlal.u32 q6,d29,d4[0]
|
||||
vmlal.u32 q7,d29,d4[1]
|
||||
vmlal.u32 q8,d29,d5[0]
|
||||
vmlal.u32 q9,d29,d5[1]
|
||||
|
||||
vmlal.u32 q10,d29,d6[0]
|
||||
vmov q5,q6
|
||||
vmlal.u32 q11,d29,d6[1]
|
||||
vmov q6,q7
|
||||
vmlal.u32 q12,d29,d7[0]
|
||||
vmov q7,q8
|
||||
vmlal.u32 q13,d29,d7[1]
|
||||
vmov q8,q9
|
||||
vmov q9,q10
|
||||
vshr.u64 d10,d10,#16
|
||||
vmov q10,q11
|
||||
vmov q11,q12
|
||||
vadd.u64 d10,d10,d11
|
||||
vmov q12,q13
|
||||
veor q13,q13
|
||||
vshr.u64 d10,d10,#16
|
||||
|
||||
bne LNEON_outer8
|
||||
|
||||
vadd.u64 d12,d12,d10
|
||||
mov r7,sp
|
||||
vshr.u64 d10,d12,#16
|
||||
mov r8,r5
|
||||
vadd.u64 d13,d13,d10
|
||||
add r6,sp,#96
|
||||
vshr.u64 d10,d13,#16
|
||||
vzip.16 d12,d13
|
||||
|
||||
b LNEON_tail_entry
|
||||
|
||||
.align 4
|
||||
LNEON_8n:
|
||||
veor q6,q6,q6
|
||||
sub r7,sp,#128
|
||||
veor q7,q7,q7
|
||||
sub r7,r7,r5,lsl#4
|
||||
veor q8,q8,q8
|
||||
and r7,r7,#-64
|
||||
veor q9,q9,q9
|
||||
mov sp,r7 @ alloca
|
||||
veor q10,q10,q10
|
||||
add r7,r7,#256
|
||||
veor q11,q11,q11
|
||||
sub r8,r5,#8
|
||||
veor q12,q12,q12
|
||||
veor q13,q13,q13
|
||||
|
||||
LNEON_8n_init:
|
||||
vst1.64 {q6,q7},[r7,:256]!
|
||||
subs r8,r8,#8
|
||||
vst1.64 {q8,q9},[r7,:256]!
|
||||
vst1.64 {q10,q11},[r7,:256]!
|
||||
vst1.64 {q12,q13},[r7,:256]!
|
||||
bne LNEON_8n_init
|
||||
|
||||
add r6,sp,#256
|
||||
vld1.32 {d0,d1,d2,d3},[r1]!
|
||||
add r10,sp,#8
|
||||
vld1.32 {d30[0]},[r4,:32]
|
||||
mov r9,r5
|
||||
b LNEON_8n_outer
|
||||
|
||||
.align 4
|
||||
LNEON_8n_outer:
|
||||
vld1.32 {d28[0]},[r2,:32]! @ *b++
|
||||
veor d8,d8,d8
|
||||
vzip.16 d28,d8
|
||||
add r7,sp,#128
|
||||
vld1.32 {d4,d5,d6,d7},[r3]!
|
||||
|
||||
vmlal.u32 q6,d28,d0[0]
|
||||
vmlal.u32 q7,d28,d0[1]
|
||||
veor d8,d8,d8
|
||||
vmlal.u32 q8,d28,d1[0]
|
||||
vshl.i64 d29,d13,#16
|
||||
vmlal.u32 q9,d28,d1[1]
|
||||
vadd.u64 d29,d29,d12
|
||||
vmlal.u32 q10,d28,d2[0]
|
||||
vmul.u32 d29,d29,d30
|
||||
vmlal.u32 q11,d28,d2[1]
|
||||
vst1.32 {d28},[sp,:64] @ put aside smashed b[8*i+0]
|
||||
vmlal.u32 q12,d28,d3[0]
|
||||
vzip.16 d29,d8
|
||||
vmlal.u32 q13,d28,d3[1]
|
||||
vld1.32 {d28[0]},[r2,:32]! @ *b++
|
||||
vmlal.u32 q6,d29,d4[0]
|
||||
veor d10,d10,d10
|
||||
vmlal.u32 q7,d29,d4[1]
|
||||
vzip.16 d28,d10
|
||||
vmlal.u32 q8,d29,d5[0]
|
||||
vshr.u64 d12,d12,#16
|
||||
vmlal.u32 q9,d29,d5[1]
|
||||
vmlal.u32 q10,d29,d6[0]
|
||||
vadd.u64 d12,d12,d13
|
||||
vmlal.u32 q11,d29,d6[1]
|
||||
vshr.u64 d12,d12,#16
|
||||
vmlal.u32 q12,d29,d7[0]
|
||||
vmlal.u32 q13,d29,d7[1]
|
||||
vadd.u64 d14,d14,d12
|
||||
vst1.32 {d29},[r10,:64]! @ put aside smashed m[8*i+0]
|
||||
vmlal.u32 q7,d28,d0[0]
|
||||
vld1.64 {q6},[r6,:128]!
|
||||
vmlal.u32 q8,d28,d0[1]
|
||||
veor d8,d8,d8
|
||||
vmlal.u32 q9,d28,d1[0]
|
||||
vshl.i64 d29,d15,#16
|
||||
vmlal.u32 q10,d28,d1[1]
|
||||
vadd.u64 d29,d29,d14
|
||||
vmlal.u32 q11,d28,d2[0]
|
||||
vmul.u32 d29,d29,d30
|
||||
vmlal.u32 q12,d28,d2[1]
|
||||
vst1.32 {d28},[r10,:64]! @ put aside smashed b[8*i+1]
|
||||
vmlal.u32 q13,d28,d3[0]
|
||||
vzip.16 d29,d8
|
||||
vmlal.u32 q6,d28,d3[1]
|
||||
vld1.32 {d28[0]},[r2,:32]! @ *b++
|
||||
vmlal.u32 q7,d29,d4[0]
|
||||
veor d10,d10,d10
|
||||
vmlal.u32 q8,d29,d4[1]
|
||||
vzip.16 d28,d10
|
||||
vmlal.u32 q9,d29,d5[0]
|
||||
vshr.u64 d14,d14,#16
|
||||
vmlal.u32 q10,d29,d5[1]
|
||||
vmlal.u32 q11,d29,d6[0]
|
||||
vadd.u64 d14,d14,d15
|
||||
vmlal.u32 q12,d29,d6[1]
|
||||
vshr.u64 d14,d14,#16
|
||||
vmlal.u32 q13,d29,d7[0]
|
||||
vmlal.u32 q6,d29,d7[1]
|
||||
vadd.u64 d16,d16,d14
|
||||
vst1.32 {d29},[r10,:64]! @ put aside smashed m[8*i+1]
|
||||
vmlal.u32 q8,d28,d0[0]
|
||||
vld1.64 {q7},[r6,:128]!
|
||||
vmlal.u32 q9,d28,d0[1]
|
||||
veor d8,d8,d8
|
||||
vmlal.u32 q10,d28,d1[0]
|
||||
vshl.i64 d29,d17,#16
|
||||
vmlal.u32 q11,d28,d1[1]
|
||||
vadd.u64 d29,d29,d16
|
||||
vmlal.u32 q12,d28,d2[0]
|
||||
vmul.u32 d29,d29,d30
|
||||
vmlal.u32 q13,d28,d2[1]
|
||||
vst1.32 {d28},[r10,:64]! @ put aside smashed b[8*i+2]
|
||||
vmlal.u32 q6,d28,d3[0]
|
||||
vzip.16 d29,d8
|
||||
vmlal.u32 q7,d28,d3[1]
|
||||
vld1.32 {d28[0]},[r2,:32]! @ *b++
|
||||
vmlal.u32 q8,d29,d4[0]
|
||||
veor d10,d10,d10
|
||||
vmlal.u32 q9,d29,d4[1]
|
||||
vzip.16 d28,d10
|
||||
vmlal.u32 q10,d29,d5[0]
|
||||
vshr.u64 d16,d16,#16
|
||||
vmlal.u32 q11,d29,d5[1]
|
||||
vmlal.u32 q12,d29,d6[0]
|
||||
vadd.u64 d16,d16,d17
|
||||
vmlal.u32 q13,d29,d6[1]
|
||||
vshr.u64 d16,d16,#16
|
||||
vmlal.u32 q6,d29,d7[0]
|
||||
vmlal.u32 q7,d29,d7[1]
|
||||
vadd.u64 d18,d18,d16
|
||||
vst1.32 {d29},[r10,:64]! @ put aside smashed m[8*i+2]
|
||||
vmlal.u32 q9,d28,d0[0]
|
||||
vld1.64 {q8},[r6,:128]!
|
||||
vmlal.u32 q10,d28,d0[1]
|
||||
veor d8,d8,d8
|
||||
vmlal.u32 q11,d28,d1[0]
|
||||
vshl.i64 d29,d19,#16
|
||||
vmlal.u32 q12,d28,d1[1]
|
||||
vadd.u64 d29,d29,d18
|
||||
vmlal.u32 q13,d28,d2[0]
|
||||
vmul.u32 d29,d29,d30
|
||||
vmlal.u32 q6,d28,d2[1]
|
||||
vst1.32 {d28},[r10,:64]! @ put aside smashed b[8*i+3]
|
||||
vmlal.u32 q7,d28,d3[0]
|
||||
vzip.16 d29,d8
|
||||
vmlal.u32 q8,d28,d3[1]
|
||||
vld1.32 {d28[0]},[r2,:32]! @ *b++
|
||||
vmlal.u32 q9,d29,d4[0]
|
||||
veor d10,d10,d10
|
||||
vmlal.u32 q10,d29,d4[1]
|
||||
vzip.16 d28,d10
|
||||
vmlal.u32 q11,d29,d5[0]
|
||||
vshr.u64 d18,d18,#16
|
||||
vmlal.u32 q12,d29,d5[1]
|
||||
vmlal.u32 q13,d29,d6[0]
|
||||
vadd.u64 d18,d18,d19
|
||||
vmlal.u32 q6,d29,d6[1]
|
||||
vshr.u64 d18,d18,#16
|
||||
vmlal.u32 q7,d29,d7[0]
|
||||
vmlal.u32 q8,d29,d7[1]
|
||||
vadd.u64 d20,d20,d18
|
||||
vst1.32 {d29},[r10,:64]! @ put aside smashed m[8*i+3]
|
||||
vmlal.u32 q10,d28,d0[0]
|
||||
vld1.64 {q9},[r6,:128]!
|
||||
vmlal.u32 q11,d28,d0[1]
|
||||
veor d8,d8,d8
|
||||
vmlal.u32 q12,d28,d1[0]
|
||||
vshl.i64 d29,d21,#16
|
||||
vmlal.u32 q13,d28,d1[1]
|
||||
vadd.u64 d29,d29,d20
|
||||
vmlal.u32 q6,d28,d2[0]
|
||||
vmul.u32 d29,d29,d30
|
||||
vmlal.u32 q7,d28,d2[1]
|
||||
vst1.32 {d28},[r10,:64]! @ put aside smashed b[8*i+4]
|
||||
vmlal.u32 q8,d28,d3[0]
|
||||
vzip.16 d29,d8
|
||||
vmlal.u32 q9,d28,d3[1]
|
||||
vld1.32 {d28[0]},[r2,:32]! @ *b++
|
||||
vmlal.u32 q10,d29,d4[0]
|
||||
veor d10,d10,d10
|
||||
vmlal.u32 q11,d29,d4[1]
|
||||
vzip.16 d28,d10
|
||||
vmlal.u32 q12,d29,d5[0]
|
||||
vshr.u64 d20,d20,#16
|
||||
vmlal.u32 q13,d29,d5[1]
|
||||
vmlal.u32 q6,d29,d6[0]
|
||||
vadd.u64 d20,d20,d21
|
||||
vmlal.u32 q7,d29,d6[1]
|
||||
vshr.u64 d20,d20,#16
|
||||
vmlal.u32 q8,d29,d7[0]
|
||||
vmlal.u32 q9,d29,d7[1]
|
||||
vadd.u64 d22,d22,d20
|
||||
vst1.32 {d29},[r10,:64]! @ put aside smashed m[8*i+4]
|
||||
vmlal.u32 q11,d28,d0[0]
|
||||
vld1.64 {q10},[r6,:128]!
|
||||
vmlal.u32 q12,d28,d0[1]
|
||||
veor d8,d8,d8
|
||||
vmlal.u32 q13,d28,d1[0]
|
||||
vshl.i64 d29,d23,#16
|
||||
vmlal.u32 q6,d28,d1[1]
|
||||
vadd.u64 d29,d29,d22
|
||||
vmlal.u32 q7,d28,d2[0]
|
||||
vmul.u32 d29,d29,d30
|
||||
vmlal.u32 q8,d28,d2[1]
|
||||
vst1.32 {d28},[r10,:64]! @ put aside smashed b[8*i+5]
|
||||
vmlal.u32 q9,d28,d3[0]
|
||||
vzip.16 d29,d8
|
||||
vmlal.u32 q10,d28,d3[1]
|
||||
vld1.32 {d28[0]},[r2,:32]! @ *b++
|
||||
vmlal.u32 q11,d29,d4[0]
|
||||
veor d10,d10,d10
|
||||
vmlal.u32 q12,d29,d4[1]
|
||||
vzip.16 d28,d10
|
||||
vmlal.u32 q13,d29,d5[0]
|
||||
vshr.u64 d22,d22,#16
|
||||
vmlal.u32 q6,d29,d5[1]
|
||||
vmlal.u32 q7,d29,d6[0]
|
||||
vadd.u64 d22,d22,d23
|
||||
vmlal.u32 q8,d29,d6[1]
|
||||
vshr.u64 d22,d22,#16
|
||||
vmlal.u32 q9,d29,d7[0]
|
||||
vmlal.u32 q10,d29,d7[1]
|
||||
vadd.u64 d24,d24,d22
|
||||
vst1.32 {d29},[r10,:64]! @ put aside smashed m[8*i+5]
|
||||
vmlal.u32 q12,d28,d0[0]
|
||||
vld1.64 {q11},[r6,:128]!
|
||||
vmlal.u32 q13,d28,d0[1]
|
||||
veor d8,d8,d8
|
||||
vmlal.u32 q6,d28,d1[0]
|
||||
vshl.i64 d29,d25,#16
|
||||
vmlal.u32 q7,d28,d1[1]
|
||||
vadd.u64 d29,d29,d24
|
||||
vmlal.u32 q8,d28,d2[0]
|
||||
vmul.u32 d29,d29,d30
|
||||
vmlal.u32 q9,d28,d2[1]
|
||||
vst1.32 {d28},[r10,:64]! @ put aside smashed b[8*i+6]
|
||||
vmlal.u32 q10,d28,d3[0]
|
||||
vzip.16 d29,d8
|
||||
vmlal.u32 q11,d28,d3[1]
|
||||
vld1.32 {d28[0]},[r2,:32]! @ *b++
|
||||
vmlal.u32 q12,d29,d4[0]
|
||||
veor d10,d10,d10
|
||||
vmlal.u32 q13,d29,d4[1]
|
||||
vzip.16 d28,d10
|
||||
vmlal.u32 q6,d29,d5[0]
|
||||
vshr.u64 d24,d24,#16
|
||||
vmlal.u32 q7,d29,d5[1]
|
||||
vmlal.u32 q8,d29,d6[0]
|
||||
vadd.u64 d24,d24,d25
|
||||
vmlal.u32 q9,d29,d6[1]
|
||||
vshr.u64 d24,d24,#16
|
||||
vmlal.u32 q10,d29,d7[0]
|
||||
vmlal.u32 q11,d29,d7[1]
|
||||
vadd.u64 d26,d26,d24
|
||||
vst1.32 {d29},[r10,:64]! @ put aside smashed m[8*i+6]
|
||||
vmlal.u32 q13,d28,d0[0]
|
||||
vld1.64 {q12},[r6,:128]!
|
||||
vmlal.u32 q6,d28,d0[1]
|
||||
veor d8,d8,d8
|
||||
vmlal.u32 q7,d28,d1[0]
|
||||
vshl.i64 d29,d27,#16
|
||||
vmlal.u32 q8,d28,d1[1]
|
||||
vadd.u64 d29,d29,d26
|
||||
vmlal.u32 q9,d28,d2[0]
|
||||
vmul.u32 d29,d29,d30
|
||||
vmlal.u32 q10,d28,d2[1]
|
||||
vst1.32 {d28},[r10,:64]! @ put aside smashed b[8*i+7]
|
||||
vmlal.u32 q11,d28,d3[0]
|
||||
vzip.16 d29,d8
|
||||
vmlal.u32 q12,d28,d3[1]
|
||||
vld1.32 {d28},[sp,:64] @ pull smashed b[8*i+0]
|
||||
vmlal.u32 q13,d29,d4[0]
|
||||
vld1.32 {d0,d1,d2,d3},[r1]!
|
||||
vmlal.u32 q6,d29,d4[1]
|
||||
vmlal.u32 q7,d29,d5[0]
|
||||
vshr.u64 d26,d26,#16
|
||||
vmlal.u32 q8,d29,d5[1]
|
||||
vmlal.u32 q9,d29,d6[0]
|
||||
vadd.u64 d26,d26,d27
|
||||
vmlal.u32 q10,d29,d6[1]
|
||||
vshr.u64 d26,d26,#16
|
||||
vmlal.u32 q11,d29,d7[0]
|
||||
vmlal.u32 q12,d29,d7[1]
|
||||
vadd.u64 d12,d12,d26
|
||||
vst1.32 {d29},[r10,:64] @ put aside smashed m[8*i+7]
|
||||
add r10,sp,#8 @ rewind
|
||||
sub r8,r5,#8
|
||||
b LNEON_8n_inner
|
||||
|
||||
.align 4
|
||||
LNEON_8n_inner:
|
||||
subs r8,r8,#8
|
||||
vmlal.u32 q6,d28,d0[0]
|
||||
vld1.64 {q13},[r6,:128]
|
||||
vmlal.u32 q7,d28,d0[1]
|
||||
vld1.32 {d29},[r10,:64]! @ pull smashed m[8*i+0]
|
||||
vmlal.u32 q8,d28,d1[0]
|
||||
vld1.32 {d4,d5,d6,d7},[r3]!
|
||||
vmlal.u32 q9,d28,d1[1]
|
||||
it ne
|
||||
addne r6,r6,#16 @ don't advance in last iteration
|
||||
vmlal.u32 q10,d28,d2[0]
|
||||
vmlal.u32 q11,d28,d2[1]
|
||||
vmlal.u32 q12,d28,d3[0]
|
||||
vmlal.u32 q13,d28,d3[1]
|
||||
vld1.32 {d28},[r10,:64]! @ pull smashed b[8*i+1]
|
||||
vmlal.u32 q6,d29,d4[0]
|
||||
vmlal.u32 q7,d29,d4[1]
|
||||
vmlal.u32 q8,d29,d5[0]
|
||||
vmlal.u32 q9,d29,d5[1]
|
||||
vmlal.u32 q10,d29,d6[0]
|
||||
vmlal.u32 q11,d29,d6[1]
|
||||
vmlal.u32 q12,d29,d7[0]
|
||||
vmlal.u32 q13,d29,d7[1]
|
||||
vst1.64 {q6},[r7,:128]!
|
||||
vmlal.u32 q7,d28,d0[0]
|
||||
vld1.64 {q6},[r6,:128]
|
||||
vmlal.u32 q8,d28,d0[1]
|
||||
vld1.32 {d29},[r10,:64]! @ pull smashed m[8*i+1]
|
||||
vmlal.u32 q9,d28,d1[0]
|
||||
it ne
|
||||
addne r6,r6,#16 @ don't advance in last iteration
|
||||
vmlal.u32 q10,d28,d1[1]
|
||||
vmlal.u32 q11,d28,d2[0]
|
||||
vmlal.u32 q12,d28,d2[1]
|
||||
vmlal.u32 q13,d28,d3[0]
|
||||
vmlal.u32 q6,d28,d3[1]
|
||||
vld1.32 {d28},[r10,:64]! @ pull smashed b[8*i+2]
|
||||
vmlal.u32 q7,d29,d4[0]
|
||||
vmlal.u32 q8,d29,d4[1]
|
||||
vmlal.u32 q9,d29,d5[0]
|
||||
vmlal.u32 q10,d29,d5[1]
|
||||
vmlal.u32 q11,d29,d6[0]
|
||||
vmlal.u32 q12,d29,d6[1]
|
||||
vmlal.u32 q13,d29,d7[0]
|
||||
vmlal.u32 q6,d29,d7[1]
|
||||
vst1.64 {q7},[r7,:128]!
|
||||
vmlal.u32 q8,d28,d0[0]
|
||||
vld1.64 {q7},[r6,:128]
|
||||
vmlal.u32 q9,d28,d0[1]
|
||||
vld1.32 {d29},[r10,:64]! @ pull smashed m[8*i+2]
|
||||
vmlal.u32 q10,d28,d1[0]
|
||||
it ne
|
||||
addne r6,r6,#16 @ don't advance in last iteration
|
||||
vmlal.u32 q11,d28,d1[1]
|
||||
vmlal.u32 q12,d28,d2[0]
|
||||
vmlal.u32 q13,d28,d2[1]
|
||||
vmlal.u32 q6,d28,d3[0]
|
||||
vmlal.u32 q7,d28,d3[1]
|
||||
vld1.32 {d28},[r10,:64]! @ pull smashed b[8*i+3]
|
||||
vmlal.u32 q8,d29,d4[0]
|
||||
vmlal.u32 q9,d29,d4[1]
|
||||
vmlal.u32 q10,d29,d5[0]
|
||||
vmlal.u32 q11,d29,d5[1]
|
||||
vmlal.u32 q12,d29,d6[0]
|
||||
vmlal.u32 q13,d29,d6[1]
|
||||
vmlal.u32 q6,d29,d7[0]
|
||||
vmlal.u32 q7,d29,d7[1]
|
||||
vst1.64 {q8},[r7,:128]!
|
||||
vmlal.u32 q9,d28,d0[0]
|
||||
vld1.64 {q8},[r6,:128]
|
||||
vmlal.u32 q10,d28,d0[1]
|
||||
vld1.32 {d29},[r10,:64]! @ pull smashed m[8*i+3]
|
||||
vmlal.u32 q11,d28,d1[0]
|
||||
it ne
|
||||
addne r6,r6,#16 @ don't advance in last iteration
|
||||
vmlal.u32 q12,d28,d1[1]
|
||||
vmlal.u32 q13,d28,d2[0]
|
||||
vmlal.u32 q6,d28,d2[1]
|
||||
vmlal.u32 q7,d28,d3[0]
|
||||
vmlal.u32 q8,d28,d3[1]
|
||||
vld1.32 {d28},[r10,:64]! @ pull smashed b[8*i+4]
|
||||
vmlal.u32 q9,d29,d4[0]
|
||||
vmlal.u32 q10,d29,d4[1]
|
||||
vmlal.u32 q11,d29,d5[0]
|
||||
vmlal.u32 q12,d29,d5[1]
|
||||
vmlal.u32 q13,d29,d6[0]
|
||||
vmlal.u32 q6,d29,d6[1]
|
||||
vmlal.u32 q7,d29,d7[0]
|
||||
vmlal.u32 q8,d29,d7[1]
|
||||
vst1.64 {q9},[r7,:128]!
|
||||
vmlal.u32 q10,d28,d0[0]
|
||||
vld1.64 {q9},[r6,:128]
|
||||
vmlal.u32 q11,d28,d0[1]
|
||||
vld1.32 {d29},[r10,:64]! @ pull smashed m[8*i+4]
|
||||
vmlal.u32 q12,d28,d1[0]
|
||||
it ne
|
||||
addne r6,r6,#16 @ don't advance in last iteration
|
||||
vmlal.u32 q13,d28,d1[1]
|
||||
vmlal.u32 q6,d28,d2[0]
|
||||
vmlal.u32 q7,d28,d2[1]
|
||||
vmlal.u32 q8,d28,d3[0]
|
||||
vmlal.u32 q9,d28,d3[1]
|
||||
vld1.32 {d28},[r10,:64]! @ pull smashed b[8*i+5]
|
||||
vmlal.u32 q10,d29,d4[0]
|
||||
vmlal.u32 q11,d29,d4[1]
|
||||
vmlal.u32 q12,d29,d5[0]
|
||||
vmlal.u32 q13,d29,d5[1]
|
||||
vmlal.u32 q6,d29,d6[0]
|
||||
vmlal.u32 q7,d29,d6[1]
|
||||
vmlal.u32 q8,d29,d7[0]
|
||||
vmlal.u32 q9,d29,d7[1]
|
||||
vst1.64 {q10},[r7,:128]!
|
||||
vmlal.u32 q11,d28,d0[0]
|
||||
vld1.64 {q10},[r6,:128]
|
||||
vmlal.u32 q12,d28,d0[1]
|
||||
vld1.32 {d29},[r10,:64]! @ pull smashed m[8*i+5]
|
||||
vmlal.u32 q13,d28,d1[0]
|
||||
it ne
|
||||
addne r6,r6,#16 @ don't advance in last iteration
|
||||
vmlal.u32 q6,d28,d1[1]
|
||||
vmlal.u32 q7,d28,d2[0]
|
||||
vmlal.u32 q8,d28,d2[1]
|
||||
vmlal.u32 q9,d28,d3[0]
|
||||
vmlal.u32 q10,d28,d3[1]
|
||||
vld1.32 {d28},[r10,:64]! @ pull smashed b[8*i+6]
|
||||
vmlal.u32 q11,d29,d4[0]
|
||||
vmlal.u32 q12,d29,d4[1]
|
||||
vmlal.u32 q13,d29,d5[0]
|
||||
vmlal.u32 q6,d29,d5[1]
|
||||
vmlal.u32 q7,d29,d6[0]
|
||||
vmlal.u32 q8,d29,d6[1]
|
||||
vmlal.u32 q9,d29,d7[0]
|
||||
vmlal.u32 q10,d29,d7[1]
|
||||
vst1.64 {q11},[r7,:128]!
|
||||
vmlal.u32 q12,d28,d0[0]
|
||||
vld1.64 {q11},[r6,:128]
|
||||
vmlal.u32 q13,d28,d0[1]
|
||||
vld1.32 {d29},[r10,:64]! @ pull smashed m[8*i+6]
|
||||
vmlal.u32 q6,d28,d1[0]
|
||||
it ne
|
||||
addne r6,r6,#16 @ don't advance in last iteration
|
||||
vmlal.u32 q7,d28,d1[1]
|
||||
vmlal.u32 q8,d28,d2[0]
|
||||
vmlal.u32 q9,d28,d2[1]
|
||||
vmlal.u32 q10,d28,d3[0]
|
||||
vmlal.u32 q11,d28,d3[1]
|
||||
vld1.32 {d28},[r10,:64]! @ pull smashed b[8*i+7]
|
||||
vmlal.u32 q12,d29,d4[0]
|
||||
vmlal.u32 q13,d29,d4[1]
|
||||
vmlal.u32 q6,d29,d5[0]
|
||||
vmlal.u32 q7,d29,d5[1]
|
||||
vmlal.u32 q8,d29,d6[0]
|
||||
vmlal.u32 q9,d29,d6[1]
|
||||
vmlal.u32 q10,d29,d7[0]
|
||||
vmlal.u32 q11,d29,d7[1]
|
||||
vst1.64 {q12},[r7,:128]!
|
||||
vmlal.u32 q13,d28,d0[0]
|
||||
vld1.64 {q12},[r6,:128]
|
||||
vmlal.u32 q6,d28,d0[1]
|
||||
vld1.32 {d29},[r10,:64]! @ pull smashed m[8*i+7]
|
||||
vmlal.u32 q7,d28,d1[0]
|
||||
it ne
|
||||
addne r6,r6,#16 @ don't advance in last iteration
|
||||
vmlal.u32 q8,d28,d1[1]
|
||||
vmlal.u32 q9,d28,d2[0]
|
||||
vmlal.u32 q10,d28,d2[1]
|
||||
vmlal.u32 q11,d28,d3[0]
|
||||
vmlal.u32 q12,d28,d3[1]
|
||||
it eq
|
||||
subeq r1,r1,r5,lsl#2 @ rewind
|
||||
vmlal.u32 q13,d29,d4[0]
|
||||
vld1.32 {d28},[sp,:64] @ pull smashed b[8*i+0]
|
||||
vmlal.u32 q6,d29,d4[1]
|
||||
vld1.32 {d0,d1,d2,d3},[r1]!
|
||||
vmlal.u32 q7,d29,d5[0]
|
||||
add r10,sp,#8 @ rewind
|
||||
vmlal.u32 q8,d29,d5[1]
|
||||
vmlal.u32 q9,d29,d6[0]
|
||||
vmlal.u32 q10,d29,d6[1]
|
||||
vmlal.u32 q11,d29,d7[0]
|
||||
vst1.64 {q13},[r7,:128]!
|
||||
vmlal.u32 q12,d29,d7[1]
|
||||
|
||||
bne LNEON_8n_inner
|
||||
add r6,sp,#128
|
||||
vst1.64 {q6,q7},[r7,:256]!
|
||||
veor q2,q2,q2 @ d4-d5
|
||||
vst1.64 {q8,q9},[r7,:256]!
|
||||
veor q3,q3,q3 @ d6-d7
|
||||
vst1.64 {q10,q11},[r7,:256]!
|
||||
vst1.64 {q12},[r7,:128]
|
||||
|
||||
subs r9,r9,#8
|
||||
vld1.64 {q6,q7},[r6,:256]!
|
||||
vld1.64 {q8,q9},[r6,:256]!
|
||||
vld1.64 {q10,q11},[r6,:256]!
|
||||
vld1.64 {q12,q13},[r6,:256]!
|
||||
|
||||
itt ne
|
||||
subne r3,r3,r5,lsl#2 @ rewind
|
||||
bne LNEON_8n_outer
|
||||
|
||||
add r7,sp,#128
|
||||
vst1.64 {q2,q3}, [sp,:256]! @ start wiping stack frame
|
||||
vshr.u64 d10,d12,#16
|
||||
vst1.64 {q2,q3},[sp,:256]!
|
||||
vadd.u64 d13,d13,d10
|
||||
vst1.64 {q2,q3}, [sp,:256]!
|
||||
vshr.u64 d10,d13,#16
|
||||
vst1.64 {q2,q3}, [sp,:256]!
|
||||
vzip.16 d12,d13
|
||||
|
||||
mov r8,r5
|
||||
b LNEON_tail_entry
|
||||
|
||||
.align 4
|
||||
LNEON_tail:
|
||||
vadd.u64 d12,d12,d10
|
||||
vshr.u64 d10,d12,#16
|
||||
vld1.64 {q8,q9}, [r6, :256]!
|
||||
vadd.u64 d13,d13,d10
|
||||
vld1.64 {q10,q11}, [r6, :256]!
|
||||
vshr.u64 d10,d13,#16
|
||||
vld1.64 {q12,q13}, [r6, :256]!
|
||||
vzip.16 d12,d13
|
||||
|
||||
LNEON_tail_entry:
|
||||
vadd.u64 d14,d14,d10
|
||||
vst1.32 {d12[0]}, [r7, :32]!
|
||||
vshr.u64 d10,d14,#16
|
||||
vadd.u64 d15,d15,d10
|
||||
vshr.u64 d10,d15,#16
|
||||
vzip.16 d14,d15
|
||||
vadd.u64 d16,d16,d10
|
||||
vst1.32 {d14[0]}, [r7, :32]!
|
||||
vshr.u64 d10,d16,#16
|
||||
vadd.u64 d17,d17,d10
|
||||
vshr.u64 d10,d17,#16
|
||||
vzip.16 d16,d17
|
||||
vadd.u64 d18,d18,d10
|
||||
vst1.32 {d16[0]}, [r7, :32]!
|
||||
vshr.u64 d10,d18,#16
|
||||
vadd.u64 d19,d19,d10
|
||||
vshr.u64 d10,d19,#16
|
||||
vzip.16 d18,d19
|
||||
vadd.u64 d20,d20,d10
|
||||
vst1.32 {d18[0]}, [r7, :32]!
|
||||
vshr.u64 d10,d20,#16
|
||||
vadd.u64 d21,d21,d10
|
||||
vshr.u64 d10,d21,#16
|
||||
vzip.16 d20,d21
|
||||
vadd.u64 d22,d22,d10
|
||||
vst1.32 {d20[0]}, [r7, :32]!
|
||||
vshr.u64 d10,d22,#16
|
||||
vadd.u64 d23,d23,d10
|
||||
vshr.u64 d10,d23,#16
|
||||
vzip.16 d22,d23
|
||||
vadd.u64 d24,d24,d10
|
||||
vst1.32 {d22[0]}, [r7, :32]!
|
||||
vshr.u64 d10,d24,#16
|
||||
vadd.u64 d25,d25,d10
|
||||
vshr.u64 d10,d25,#16
|
||||
vzip.16 d24,d25
|
||||
vadd.u64 d26,d26,d10
|
||||
vst1.32 {d24[0]}, [r7, :32]!
|
||||
vshr.u64 d10,d26,#16
|
||||
vadd.u64 d27,d27,d10
|
||||
vshr.u64 d10,d27,#16
|
||||
vzip.16 d26,d27
|
||||
vld1.64 {q6,q7}, [r6, :256]!
|
||||
subs r8,r8,#8
|
||||
vst1.32 {d26[0]}, [r7, :32]!
|
||||
bne LNEON_tail
|
||||
|
||||
vst1.32 {d10[0]}, [r7, :32] @ top-most bit
|
||||
sub r3,r3,r5,lsl#2 @ rewind r3
|
||||
subs r1,sp,#0 @ clear carry flag
|
||||
add r2,sp,r5,lsl#2
|
||||
|
||||
LNEON_sub:
|
||||
ldmia r1!, {r4,r5,r6,r7}
|
||||
ldmia r3!, {r8,r9,r10,r11}
|
||||
sbcs r8, r4,r8
|
||||
sbcs r9, r5,r9
|
||||
sbcs r10,r6,r10
|
||||
sbcs r11,r7,r11
|
||||
teq r1,r2 @ preserves carry
|
||||
stmia r0!, {r8,r9,r10,r11}
|
||||
bne LNEON_sub
|
||||
|
||||
ldr r10, [r1] @ load top-most bit
|
||||
mov r11,sp
|
||||
veor q0,q0,q0
|
||||
sub r11,r2,r11 @ this is num*4
|
||||
veor q1,q1,q1
|
||||
mov r1,sp
|
||||
sub r0,r0,r11 @ rewind r0
|
||||
mov r3,r2 @ second 3/4th of frame
|
||||
sbcs r10,r10,#0 @ result is carry flag
|
||||
|
||||
LNEON_copy_n_zap:
|
||||
ldmia r1!, {r4,r5,r6,r7}
|
||||
ldmia r0, {r8,r9,r10,r11}
|
||||
it cc
|
||||
movcc r8, r4
|
||||
vst1.64 {q0,q1}, [r3,:256]! @ wipe
|
||||
itt cc
|
||||
movcc r9, r5
|
||||
movcc r10,r6
|
||||
vst1.64 {q0,q1}, [r3,:256]! @ wipe
|
||||
it cc
|
||||
movcc r11,r7
|
||||
ldmia r1, {r4,r5,r6,r7}
|
||||
stmia r0!, {r8,r9,r10,r11}
|
||||
sub r1,r1,#16
|
||||
ldmia r0, {r8,r9,r10,r11}
|
||||
it cc
|
||||
movcc r8, r4
|
||||
vst1.64 {q0,q1}, [r1,:256]! @ wipe
|
||||
itt cc
|
||||
movcc r9, r5
|
||||
movcc r10,r6
|
||||
vst1.64 {q0,q1}, [r3,:256]! @ wipe
|
||||
it cc
|
||||
movcc r11,r7
|
||||
teq r1,r2 @ preserves carry
|
||||
stmia r0!, {r8,r9,r10,r11}
|
||||
bne LNEON_copy_n_zap
|
||||
|
||||
mov sp,ip
|
||||
vldmia sp!,{d8,d9,d10,d11,d12,d13,d14,d15}
|
||||
ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11}
|
||||
bx lr @ bx lr
|
||||
|
||||
#endif
|
||||
.byte 77,111,110,116,103,111,109,101,114,121,32,109,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,65,82,77,118,52,47,78,69,79,78,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
|
||||
.align 2
|
||||
.align 2
|
||||
#if __ARM_MAX_ARCH__>=7
|
||||
.comm _OPENSSL_armcap_P,4
|
||||
.non_lazy_symbol_pointer
|
||||
OPENSSL_armcap_P:
|
||||
.indirect_symbol _OPENSSL_armcap_P
|
||||
.long 0
|
||||
.private_extern _OPENSSL_armcap_P
|
||||
#endif
|
||||
#endif // !OPENSSL_NO_ASM
|
||||
1536
third-party/boringssl/ios-arm/crypto/fipsmodule/bsaes-armv7.S
vendored
Normal file
1536
third-party/boringssl/ios-arm/crypto/fipsmodule/bsaes-armv7.S
vendored
Normal file
File diff suppressed because it is too large
Load diff
258
third-party/boringssl/ios-arm/crypto/fipsmodule/ghash-armv4.S
vendored
Normal file
258
third-party/boringssl/ios-arm/crypto/fipsmodule/ghash-armv4.S
vendored
Normal file
|
|
@ -0,0 +1,258 @@
|
|||
// This file is generated from a similarly-named Perl script in the BoringSSL
|
||||
// source tree. Do not edit by hand.
|
||||
|
||||
#if !defined(__has_feature)
|
||||
#define __has_feature(x) 0
|
||||
#endif
|
||||
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
|
||||
#define OPENSSL_NO_ASM
|
||||
#endif
|
||||
|
||||
#if !defined(OPENSSL_NO_ASM)
|
||||
#if defined(BORINGSSL_PREFIX)
|
||||
#include <boringssl_prefix_symbols_asm.h>
|
||||
#endif
|
||||
#include <openssl/arm_arch.h>
|
||||
|
||||
@ Silence ARMv8 deprecated IT instruction warnings. This file is used by both
|
||||
@ ARMv7 and ARMv8 processors and does not use ARMv8 instructions. (ARMv8 PMULL
|
||||
@ instructions are in aesv8-armx.pl.)
|
||||
|
||||
|
||||
.text
|
||||
#if defined(__thumb2__) || defined(__clang__)
|
||||
.syntax unified
|
||||
#define ldrplb ldrbpl
|
||||
#define ldrneb ldrbne
|
||||
#endif
|
||||
#if defined(__thumb2__)
|
||||
.thumb
|
||||
#else
|
||||
.code 32
|
||||
#endif
|
||||
#if __ARM_MAX_ARCH__>=7
|
||||
|
||||
|
||||
|
||||
.globl _gcm_init_neon
|
||||
.private_extern _gcm_init_neon
|
||||
#ifdef __thumb2__
|
||||
.thumb_func _gcm_init_neon
|
||||
#endif
|
||||
.align 4
|
||||
_gcm_init_neon:
|
||||
vld1.64 d7,[r1]! @ load H
|
||||
vmov.i8 q8,#0xe1
|
||||
vld1.64 d6,[r1]
|
||||
vshl.i64 d17,#57
|
||||
vshr.u64 d16,#63 @ t0=0xc2....01
|
||||
vdup.8 q9,d7[7]
|
||||
vshr.u64 d26,d6,#63
|
||||
vshr.s8 q9,#7 @ broadcast carry bit
|
||||
vshl.i64 q3,q3,#1
|
||||
vand q8,q8,q9
|
||||
vorr d7,d26 @ H<<<=1
|
||||
veor q3,q3,q8 @ twisted H
|
||||
vstmia r0,{q3}
|
||||
|
||||
bx lr @ bx lr
|
||||
|
||||
|
||||
.globl _gcm_gmult_neon
|
||||
.private_extern _gcm_gmult_neon
|
||||
#ifdef __thumb2__
|
||||
.thumb_func _gcm_gmult_neon
|
||||
#endif
|
||||
.align 4
|
||||
_gcm_gmult_neon:
|
||||
vld1.64 d7,[r0]! @ load Xi
|
||||
vld1.64 d6,[r0]!
|
||||
vmov.i64 d29,#0x0000ffffffffffff
|
||||
vldmia r1,{d26,d27} @ load twisted H
|
||||
vmov.i64 d30,#0x00000000ffffffff
|
||||
#ifdef __ARMEL__
|
||||
vrev64.8 q3,q3
|
||||
#endif
|
||||
vmov.i64 d31,#0x000000000000ffff
|
||||
veor d28,d26,d27 @ Karatsuba pre-processing
|
||||
mov r3,#16
|
||||
b Lgmult_neon
|
||||
|
||||
|
||||
.globl _gcm_ghash_neon
|
||||
.private_extern _gcm_ghash_neon
|
||||
#ifdef __thumb2__
|
||||
.thumb_func _gcm_ghash_neon
|
||||
#endif
|
||||
.align 4
|
||||
_gcm_ghash_neon:
|
||||
vld1.64 d1,[r0]! @ load Xi
|
||||
vld1.64 d0,[r0]!
|
||||
vmov.i64 d29,#0x0000ffffffffffff
|
||||
vldmia r1,{d26,d27} @ load twisted H
|
||||
vmov.i64 d30,#0x00000000ffffffff
|
||||
#ifdef __ARMEL__
|
||||
vrev64.8 q0,q0
|
||||
#endif
|
||||
vmov.i64 d31,#0x000000000000ffff
|
||||
veor d28,d26,d27 @ Karatsuba pre-processing
|
||||
|
||||
Loop_neon:
|
||||
vld1.64 d7,[r2]! @ load inp
|
||||
vld1.64 d6,[r2]!
|
||||
#ifdef __ARMEL__
|
||||
vrev64.8 q3,q3
|
||||
#endif
|
||||
veor q3,q0 @ inp^=Xi
|
||||
Lgmult_neon:
|
||||
vext.8 d16, d26, d26, #1 @ A1
|
||||
vmull.p8 q8, d16, d6 @ F = A1*B
|
||||
vext.8 d0, d6, d6, #1 @ B1
|
||||
vmull.p8 q0, d26, d0 @ E = A*B1
|
||||
vext.8 d18, d26, d26, #2 @ A2
|
||||
vmull.p8 q9, d18, d6 @ H = A2*B
|
||||
vext.8 d22, d6, d6, #2 @ B2
|
||||
vmull.p8 q11, d26, d22 @ G = A*B2
|
||||
vext.8 d20, d26, d26, #3 @ A3
|
||||
veor q8, q8, q0 @ L = E + F
|
||||
vmull.p8 q10, d20, d6 @ J = A3*B
|
||||
vext.8 d0, d6, d6, #3 @ B3
|
||||
veor q9, q9, q11 @ M = G + H
|
||||
vmull.p8 q0, d26, d0 @ I = A*B3
|
||||
veor d16, d16, d17 @ t0 = (L) (P0 + P1) << 8
|
||||
vand d17, d17, d29
|
||||
vext.8 d22, d6, d6, #4 @ B4
|
||||
veor d18, d18, d19 @ t1 = (M) (P2 + P3) << 16
|
||||
vand d19, d19, d30
|
||||
vmull.p8 q11, d26, d22 @ K = A*B4
|
||||
veor q10, q10, q0 @ N = I + J
|
||||
veor d16, d16, d17
|
||||
veor d18, d18, d19
|
||||
veor d20, d20, d21 @ t2 = (N) (P4 + P5) << 24
|
||||
vand d21, d21, d31
|
||||
vext.8 q8, q8, q8, #15
|
||||
veor d22, d22, d23 @ t3 = (K) (P6 + P7) << 32
|
||||
vmov.i64 d23, #0
|
||||
vext.8 q9, q9, q9, #14
|
||||
veor d20, d20, d21
|
||||
vmull.p8 q0, d26, d6 @ D = A*B
|
||||
vext.8 q11, q11, q11, #12
|
||||
vext.8 q10, q10, q10, #13
|
||||
veor q8, q8, q9
|
||||
veor q10, q10, q11
|
||||
veor q0, q0, q8
|
||||
veor q0, q0, q10
|
||||
veor d6,d6,d7 @ Karatsuba pre-processing
|
||||
vext.8 d16, d28, d28, #1 @ A1
|
||||
vmull.p8 q8, d16, d6 @ F = A1*B
|
||||
vext.8 d2, d6, d6, #1 @ B1
|
||||
vmull.p8 q1, d28, d2 @ E = A*B1
|
||||
vext.8 d18, d28, d28, #2 @ A2
|
||||
vmull.p8 q9, d18, d6 @ H = A2*B
|
||||
vext.8 d22, d6, d6, #2 @ B2
|
||||
vmull.p8 q11, d28, d22 @ G = A*B2
|
||||
vext.8 d20, d28, d28, #3 @ A3
|
||||
veor q8, q8, q1 @ L = E + F
|
||||
vmull.p8 q10, d20, d6 @ J = A3*B
|
||||
vext.8 d2, d6, d6, #3 @ B3
|
||||
veor q9, q9, q11 @ M = G + H
|
||||
vmull.p8 q1, d28, d2 @ I = A*B3
|
||||
veor d16, d16, d17 @ t0 = (L) (P0 + P1) << 8
|
||||
vand d17, d17, d29
|
||||
vext.8 d22, d6, d6, #4 @ B4
|
||||
veor d18, d18, d19 @ t1 = (M) (P2 + P3) << 16
|
||||
vand d19, d19, d30
|
||||
vmull.p8 q11, d28, d22 @ K = A*B4
|
||||
veor q10, q10, q1 @ N = I + J
|
||||
veor d16, d16, d17
|
||||
veor d18, d18, d19
|
||||
veor d20, d20, d21 @ t2 = (N) (P4 + P5) << 24
|
||||
vand d21, d21, d31
|
||||
vext.8 q8, q8, q8, #15
|
||||
veor d22, d22, d23 @ t3 = (K) (P6 + P7) << 32
|
||||
vmov.i64 d23, #0
|
||||
vext.8 q9, q9, q9, #14
|
||||
veor d20, d20, d21
|
||||
vmull.p8 q1, d28, d6 @ D = A*B
|
||||
vext.8 q11, q11, q11, #12
|
||||
vext.8 q10, q10, q10, #13
|
||||
veor q8, q8, q9
|
||||
veor q10, q10, q11
|
||||
veor q1, q1, q8
|
||||
veor q1, q1, q10
|
||||
vext.8 d16, d27, d27, #1 @ A1
|
||||
vmull.p8 q8, d16, d7 @ F = A1*B
|
||||
vext.8 d4, d7, d7, #1 @ B1
|
||||
vmull.p8 q2, d27, d4 @ E = A*B1
|
||||
vext.8 d18, d27, d27, #2 @ A2
|
||||
vmull.p8 q9, d18, d7 @ H = A2*B
|
||||
vext.8 d22, d7, d7, #2 @ B2
|
||||
vmull.p8 q11, d27, d22 @ G = A*B2
|
||||
vext.8 d20, d27, d27, #3 @ A3
|
||||
veor q8, q8, q2 @ L = E + F
|
||||
vmull.p8 q10, d20, d7 @ J = A3*B
|
||||
vext.8 d4, d7, d7, #3 @ B3
|
||||
veor q9, q9, q11 @ M = G + H
|
||||
vmull.p8 q2, d27, d4 @ I = A*B3
|
||||
veor d16, d16, d17 @ t0 = (L) (P0 + P1) << 8
|
||||
vand d17, d17, d29
|
||||
vext.8 d22, d7, d7, #4 @ B4
|
||||
veor d18, d18, d19 @ t1 = (M) (P2 + P3) << 16
|
||||
vand d19, d19, d30
|
||||
vmull.p8 q11, d27, d22 @ K = A*B4
|
||||
veor q10, q10, q2 @ N = I + J
|
||||
veor d16, d16, d17
|
||||
veor d18, d18, d19
|
||||
veor d20, d20, d21 @ t2 = (N) (P4 + P5) << 24
|
||||
vand d21, d21, d31
|
||||
vext.8 q8, q8, q8, #15
|
||||
veor d22, d22, d23 @ t3 = (K) (P6 + P7) << 32
|
||||
vmov.i64 d23, #0
|
||||
vext.8 q9, q9, q9, #14
|
||||
veor d20, d20, d21
|
||||
vmull.p8 q2, d27, d7 @ D = A*B
|
||||
vext.8 q11, q11, q11, #12
|
||||
vext.8 q10, q10, q10, #13
|
||||
veor q8, q8, q9
|
||||
veor q10, q10, q11
|
||||
veor q2, q2, q8
|
||||
veor q2, q2, q10
|
||||
veor q1,q1,q0 @ Karatsuba post-processing
|
||||
veor q1,q1,q2
|
||||
veor d1,d1,d2
|
||||
veor d4,d4,d3 @ Xh|Xl - 256-bit result
|
||||
|
||||
@ equivalent of reduction_avx from ghash-x86_64.pl
|
||||
vshl.i64 q9,q0,#57 @ 1st phase
|
||||
vshl.i64 q10,q0,#62
|
||||
veor q10,q10,q9 @
|
||||
vshl.i64 q9,q0,#63
|
||||
veor q10, q10, q9 @
|
||||
veor d1,d1,d20 @
|
||||
veor d4,d4,d21
|
||||
|
||||
vshr.u64 q10,q0,#1 @ 2nd phase
|
||||
veor q2,q2,q0
|
||||
veor q0,q0,q10 @
|
||||
vshr.u64 q10,q10,#6
|
||||
vshr.u64 q0,q0,#1 @
|
||||
veor q0,q0,q2 @
|
||||
veor q0,q0,q10 @
|
||||
|
||||
subs r3,#16
|
||||
bne Loop_neon
|
||||
|
||||
#ifdef __ARMEL__
|
||||
vrev64.8 q0,q0
|
||||
#endif
|
||||
sub r0,#16
|
||||
vst1.64 d1,[r0]! @ write out Xi
|
||||
vst1.64 d0,[r0]
|
||||
|
||||
bx lr @ bx lr
|
||||
|
||||
#endif
|
||||
.byte 71,72,65,83,72,32,102,111,114,32,65,82,77,118,52,47,78,69,79,78,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
|
||||
.align 2
|
||||
.align 2
|
||||
#endif // !OPENSSL_NO_ASM
|
||||
256
third-party/boringssl/ios-arm/crypto/fipsmodule/ghashv8-armx32.S
vendored
Normal file
256
third-party/boringssl/ios-arm/crypto/fipsmodule/ghashv8-armx32.S
vendored
Normal file
|
|
@ -0,0 +1,256 @@
|
|||
// This file is generated from a similarly-named Perl script in the BoringSSL
|
||||
// source tree. Do not edit by hand.
|
||||
|
||||
#if !defined(__has_feature)
|
||||
#define __has_feature(x) 0
|
||||
#endif
|
||||
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
|
||||
#define OPENSSL_NO_ASM
|
||||
#endif
|
||||
|
||||
#if !defined(OPENSSL_NO_ASM)
|
||||
#if defined(BORINGSSL_PREFIX)
|
||||
#include <boringssl_prefix_symbols_asm.h>
|
||||
#endif
|
||||
#include <openssl/arm_arch.h>
|
||||
|
||||
.text
|
||||
|
||||
.code 32
|
||||
#undef __thumb2__
|
||||
.globl _gcm_init_v8
|
||||
.private_extern _gcm_init_v8
|
||||
#ifdef __thumb2__
|
||||
.thumb_func _gcm_init_v8
|
||||
#endif
|
||||
.align 4
|
||||
_gcm_init_v8:
|
||||
vld1.64 {q9},[r1] @ load input H
|
||||
vmov.i8 q11,#0xe1
|
||||
vshl.i64 q11,q11,#57 @ 0xc2.0
|
||||
vext.8 q3,q9,q9,#8
|
||||
vshr.u64 q10,q11,#63
|
||||
vdup.32 q9,d18[1]
|
||||
vext.8 q8,q10,q11,#8 @ t0=0xc2....01
|
||||
vshr.u64 q10,q3,#63
|
||||
vshr.s32 q9,q9,#31 @ broadcast carry bit
|
||||
vand q10,q10,q8
|
||||
vshl.i64 q3,q3,#1
|
||||
vext.8 q10,q10,q10,#8
|
||||
vand q8,q8,q9
|
||||
vorr q3,q3,q10 @ H<<<=1
|
||||
veor q12,q3,q8 @ twisted H
|
||||
vst1.64 {q12},[r0]! @ store Htable[0]
|
||||
|
||||
@ calculate H^2
|
||||
vext.8 q8,q12,q12,#8 @ Karatsuba pre-processing
|
||||
.byte 0xa8,0x0e,0xa8,0xf2 @ pmull q0,q12,q12
|
||||
veor q8,q8,q12
|
||||
.byte 0xa9,0x4e,0xa9,0xf2 @ pmull2 q2,q12,q12
|
||||
.byte 0xa0,0x2e,0xa0,0xf2 @ pmull q1,q8,q8
|
||||
|
||||
vext.8 q9,q0,q2,#8 @ Karatsuba post-processing
|
||||
veor q10,q0,q2
|
||||
veor q1,q1,q9
|
||||
veor q1,q1,q10
|
||||
.byte 0x26,0x4e,0xe0,0xf2 @ pmull q10,q0,q11 @ 1st phase
|
||||
|
||||
vmov d4,d3 @ Xh|Xm - 256-bit result
|
||||
vmov d3,d0 @ Xm is rotated Xl
|
||||
veor q0,q1,q10
|
||||
|
||||
vext.8 q10,q0,q0,#8 @ 2nd phase
|
||||
.byte 0x26,0x0e,0xa0,0xf2 @ pmull q0,q0,q11
|
||||
veor q10,q10,q2
|
||||
veor q14,q0,q10
|
||||
|
||||
vext.8 q9,q14,q14,#8 @ Karatsuba pre-processing
|
||||
veor q9,q9,q14
|
||||
vext.8 q13,q8,q9,#8 @ pack Karatsuba pre-processed
|
||||
vst1.64 {q13,q14},[r0] @ store Htable[1..2]
|
||||
|
||||
bx lr
|
||||
|
||||
.globl _gcm_gmult_v8
|
||||
.private_extern _gcm_gmult_v8
|
||||
#ifdef __thumb2__
|
||||
.thumb_func _gcm_gmult_v8
|
||||
#endif
|
||||
.align 4
|
||||
_gcm_gmult_v8:
|
||||
vld1.64 {q9},[r0] @ load Xi
|
||||
vmov.i8 q11,#0xe1
|
||||
vld1.64 {q12,q13},[r1] @ load twisted H, ...
|
||||
vshl.u64 q11,q11,#57
|
||||
#ifndef __ARMEB__
|
||||
vrev64.8 q9,q9
|
||||
#endif
|
||||
vext.8 q3,q9,q9,#8
|
||||
|
||||
.byte 0x86,0x0e,0xa8,0xf2 @ pmull q0,q12,q3 @ H.lo·Xi.lo
|
||||
veor q9,q9,q3 @ Karatsuba pre-processing
|
||||
.byte 0x87,0x4e,0xa9,0xf2 @ pmull2 q2,q12,q3 @ H.hi·Xi.hi
|
||||
.byte 0xa2,0x2e,0xaa,0xf2 @ pmull q1,q13,q9 @ (H.lo+H.hi)·(Xi.lo+Xi.hi)
|
||||
|
||||
vext.8 q9,q0,q2,#8 @ Karatsuba post-processing
|
||||
veor q10,q0,q2
|
||||
veor q1,q1,q9
|
||||
veor q1,q1,q10
|
||||
.byte 0x26,0x4e,0xe0,0xf2 @ pmull q10,q0,q11 @ 1st phase of reduction
|
||||
|
||||
vmov d4,d3 @ Xh|Xm - 256-bit result
|
||||
vmov d3,d0 @ Xm is rotated Xl
|
||||
veor q0,q1,q10
|
||||
|
||||
vext.8 q10,q0,q0,#8 @ 2nd phase of reduction
|
||||
.byte 0x26,0x0e,0xa0,0xf2 @ pmull q0,q0,q11
|
||||
veor q10,q10,q2
|
||||
veor q0,q0,q10
|
||||
|
||||
#ifndef __ARMEB__
|
||||
vrev64.8 q0,q0
|
||||
#endif
|
||||
vext.8 q0,q0,q0,#8
|
||||
vst1.64 {q0},[r0] @ write out Xi
|
||||
|
||||
bx lr
|
||||
|
||||
.globl _gcm_ghash_v8
|
||||
.private_extern _gcm_ghash_v8
|
||||
#ifdef __thumb2__
|
||||
.thumb_func _gcm_ghash_v8
|
||||
#endif
|
||||
.align 4
|
||||
_gcm_ghash_v8:
|
||||
vstmdb sp!,{d8,d9,d10,d11,d12,d13,d14,d15} @ 32-bit ABI says so
|
||||
vld1.64 {q0},[r0] @ load [rotated] Xi
|
||||
@ "[rotated]" means that
|
||||
@ loaded value would have
|
||||
@ to be rotated in order to
|
||||
@ make it appear as in
|
||||
@ algorithm specification
|
||||
subs r3,r3,#32 @ see if r3 is 32 or larger
|
||||
mov r12,#16 @ r12 is used as post-
|
||||
@ increment for input pointer;
|
||||
@ as loop is modulo-scheduled
|
||||
@ r12 is zeroed just in time
|
||||
@ to preclude overstepping
|
||||
@ inp[len], which means that
|
||||
@ last block[s] are actually
|
||||
@ loaded twice, but last
|
||||
@ copy is not processed
|
||||
vld1.64 {q12,q13},[r1]! @ load twisted H, ..., H^2
|
||||
vmov.i8 q11,#0xe1
|
||||
vld1.64 {q14},[r1]
|
||||
moveq r12,#0 @ is it time to zero r12?
|
||||
vext.8 q0,q0,q0,#8 @ rotate Xi
|
||||
vld1.64 {q8},[r2]! @ load [rotated] I[0]
|
||||
vshl.u64 q11,q11,#57 @ compose 0xc2.0 constant
|
||||
#ifndef __ARMEB__
|
||||
vrev64.8 q8,q8
|
||||
vrev64.8 q0,q0
|
||||
#endif
|
||||
vext.8 q3,q8,q8,#8 @ rotate I[0]
|
||||
blo Lodd_tail_v8 @ r3 was less than 32
|
||||
vld1.64 {q9},[r2],r12 @ load [rotated] I[1]
|
||||
#ifndef __ARMEB__
|
||||
vrev64.8 q9,q9
|
||||
#endif
|
||||
vext.8 q7,q9,q9,#8
|
||||
veor q3,q3,q0 @ I[i]^=Xi
|
||||
.byte 0x8e,0x8e,0xa8,0xf2 @ pmull q4,q12,q7 @ H·Ii+1
|
||||
veor q9,q9,q7 @ Karatsuba pre-processing
|
||||
.byte 0x8f,0xce,0xa9,0xf2 @ pmull2 q6,q12,q7
|
||||
b Loop_mod2x_v8
|
||||
|
||||
.align 4
|
||||
Loop_mod2x_v8:
|
||||
vext.8 q10,q3,q3,#8
|
||||
subs r3,r3,#32 @ is there more data?
|
||||
.byte 0x86,0x0e,0xac,0xf2 @ pmull q0,q14,q3 @ H^2.lo·Xi.lo
|
||||
movlo r12,#0 @ is it time to zero r12?
|
||||
|
||||
.byte 0xa2,0xae,0xaa,0xf2 @ pmull q5,q13,q9
|
||||
veor q10,q10,q3 @ Karatsuba pre-processing
|
||||
.byte 0x87,0x4e,0xad,0xf2 @ pmull2 q2,q14,q3 @ H^2.hi·Xi.hi
|
||||
veor q0,q0,q4 @ accumulate
|
||||
.byte 0xa5,0x2e,0xab,0xf2 @ pmull2 q1,q13,q10 @ (H^2.lo+H^2.hi)·(Xi.lo+Xi.hi)
|
||||
vld1.64 {q8},[r2],r12 @ load [rotated] I[i+2]
|
||||
|
||||
veor q2,q2,q6
|
||||
moveq r12,#0 @ is it time to zero r12?
|
||||
veor q1,q1,q5
|
||||
|
||||
vext.8 q9,q0,q2,#8 @ Karatsuba post-processing
|
||||
veor q10,q0,q2
|
||||
veor q1,q1,q9
|
||||
vld1.64 {q9},[r2],r12 @ load [rotated] I[i+3]
|
||||
#ifndef __ARMEB__
|
||||
vrev64.8 q8,q8
|
||||
#endif
|
||||
veor q1,q1,q10
|
||||
.byte 0x26,0x4e,0xe0,0xf2 @ pmull q10,q0,q11 @ 1st phase of reduction
|
||||
|
||||
#ifndef __ARMEB__
|
||||
vrev64.8 q9,q9
|
||||
#endif
|
||||
vmov d4,d3 @ Xh|Xm - 256-bit result
|
||||
vmov d3,d0 @ Xm is rotated Xl
|
||||
vext.8 q7,q9,q9,#8
|
||||
vext.8 q3,q8,q8,#8
|
||||
veor q0,q1,q10
|
||||
.byte 0x8e,0x8e,0xa8,0xf2 @ pmull q4,q12,q7 @ H·Ii+1
|
||||
veor q3,q3,q2 @ accumulate q3 early
|
||||
|
||||
vext.8 q10,q0,q0,#8 @ 2nd phase of reduction
|
||||
.byte 0x26,0x0e,0xa0,0xf2 @ pmull q0,q0,q11
|
||||
veor q3,q3,q10
|
||||
veor q9,q9,q7 @ Karatsuba pre-processing
|
||||
veor q3,q3,q0
|
||||
.byte 0x8f,0xce,0xa9,0xf2 @ pmull2 q6,q12,q7
|
||||
bhs Loop_mod2x_v8 @ there was at least 32 more bytes
|
||||
|
||||
veor q2,q2,q10
|
||||
vext.8 q3,q8,q8,#8 @ re-construct q3
|
||||
adds r3,r3,#32 @ re-construct r3
|
||||
veor q0,q0,q2 @ re-construct q0
|
||||
beq Ldone_v8 @ is r3 zero?
|
||||
Lodd_tail_v8:
|
||||
vext.8 q10,q0,q0,#8
|
||||
veor q3,q3,q0 @ inp^=Xi
|
||||
veor q9,q8,q10 @ q9 is rotated inp^Xi
|
||||
|
||||
.byte 0x86,0x0e,0xa8,0xf2 @ pmull q0,q12,q3 @ H.lo·Xi.lo
|
||||
veor q9,q9,q3 @ Karatsuba pre-processing
|
||||
.byte 0x87,0x4e,0xa9,0xf2 @ pmull2 q2,q12,q3 @ H.hi·Xi.hi
|
||||
.byte 0xa2,0x2e,0xaa,0xf2 @ pmull q1,q13,q9 @ (H.lo+H.hi)·(Xi.lo+Xi.hi)
|
||||
|
||||
vext.8 q9,q0,q2,#8 @ Karatsuba post-processing
|
||||
veor q10,q0,q2
|
||||
veor q1,q1,q9
|
||||
veor q1,q1,q10
|
||||
.byte 0x26,0x4e,0xe0,0xf2 @ pmull q10,q0,q11 @ 1st phase of reduction
|
||||
|
||||
vmov d4,d3 @ Xh|Xm - 256-bit result
|
||||
vmov d3,d0 @ Xm is rotated Xl
|
||||
veor q0,q1,q10
|
||||
|
||||
vext.8 q10,q0,q0,#8 @ 2nd phase of reduction
|
||||
.byte 0x26,0x0e,0xa0,0xf2 @ pmull q0,q0,q11
|
||||
veor q10,q10,q2
|
||||
veor q0,q0,q10
|
||||
|
||||
Ldone_v8:
|
||||
#ifndef __ARMEB__
|
||||
vrev64.8 q0,q0
|
||||
#endif
|
||||
vext.8 q0,q0,q0,#8
|
||||
vst1.64 {q0},[r0] @ write out Xi
|
||||
|
||||
vldmia sp!,{d8,d9,d10,d11,d12,d13,d14,d15} @ 32-bit ABI says so
|
||||
bx lr
|
||||
|
||||
.byte 71,72,65,83,72,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
|
||||
.align 2
|
||||
.align 2
|
||||
#endif // !OPENSSL_NO_ASM
|
||||
1518
third-party/boringssl/ios-arm/crypto/fipsmodule/sha1-armv4-large.S
vendored
Normal file
1518
third-party/boringssl/ios-arm/crypto/fipsmodule/sha1-armv4-large.S
vendored
Normal file
File diff suppressed because it is too large
Load diff
2846
third-party/boringssl/ios-arm/crypto/fipsmodule/sha256-armv4.S
vendored
Normal file
2846
third-party/boringssl/ios-arm/crypto/fipsmodule/sha256-armv4.S
vendored
Normal file
File diff suppressed because it is too large
Load diff
1899
third-party/boringssl/ios-arm/crypto/fipsmodule/sha512-armv4.S
vendored
Normal file
1899
third-party/boringssl/ios-arm/crypto/fipsmodule/sha512-armv4.S
vendored
Normal file
File diff suppressed because it is too large
Load diff
1265
third-party/boringssl/ios-arm/crypto/fipsmodule/vpaes-armv7.S
vendored
Normal file
1265
third-party/boringssl/ios-arm/crypto/fipsmodule/vpaes-armv7.S
vendored
Normal file
File diff suppressed because it is too large
Load diff
376
third-party/boringssl/ios-arm/crypto/test/trampoline-armv4.S
vendored
Normal file
376
third-party/boringssl/ios-arm/crypto/test/trampoline-armv4.S
vendored
Normal file
|
|
@ -0,0 +1,376 @@
|
|||
// This file is generated from a similarly-named Perl script in the BoringSSL
|
||||
// source tree. Do not edit by hand.
|
||||
|
||||
#if !defined(__has_feature)
|
||||
#define __has_feature(x) 0
|
||||
#endif
|
||||
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
|
||||
#define OPENSSL_NO_ASM
|
||||
#endif
|
||||
|
||||
#if !defined(OPENSSL_NO_ASM)
|
||||
#if defined(BORINGSSL_PREFIX)
|
||||
#include <boringssl_prefix_symbols_asm.h>
|
||||
#endif
|
||||
.syntax unified
|
||||
|
||||
|
||||
|
||||
|
||||
.text
|
||||
|
||||
@ abi_test_trampoline loads callee-saved registers from |state|, calls |func|
|
||||
@ with |argv|, then saves the callee-saved registers into |state|. It returns
|
||||
@ the result of |func|. The |unwind| argument is unused.
|
||||
@ uint32_t abi_test_trampoline(void (*func)(...), CallerState *state,
|
||||
@ const uint32_t *argv, size_t argc,
|
||||
@ int unwind);
|
||||
|
||||
.globl _abi_test_trampoline
|
||||
.private_extern _abi_test_trampoline
|
||||
.align 4
|
||||
_abi_test_trampoline:
|
||||
@ Save parameters and all callee-saved registers. For convenience, we
|
||||
@ save r9 on iOS even though it's volatile.
|
||||
vstmdb sp!, {d8,d9,d10,d11,d12,d13,d14,d15}
|
||||
stmdb sp!, {r0,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,r11,lr}
|
||||
|
||||
@ Reserve stack space for six (10-4) stack parameters, plus an extra 4
|
||||
@ bytes to keep it 8-byte-aligned (see AAPCS, section 5.3).
|
||||
sub sp, sp, #28
|
||||
|
||||
@ Every register in AAPCS is either non-volatile or a parameter (except
|
||||
@ r9 on iOS), so this code, by the actual call, loses all its scratch
|
||||
@ registers. First fill in stack parameters while there are registers
|
||||
@ to spare.
|
||||
cmp r3, #4
|
||||
bls Lstack_args_done
|
||||
mov r4, sp @ r4 is the output pointer.
|
||||
add r5, r2, r3, lsl #2 @ Set r5 to the end of argv.
|
||||
add r2, r2, #16 @ Skip four arguments.
|
||||
Lstack_args_loop:
|
||||
ldr r6, [r2], #4
|
||||
cmp r2, r5
|
||||
str r6, [r4], #4
|
||||
bne Lstack_args_loop
|
||||
|
||||
Lstack_args_done:
|
||||
@ Load registers from |r1|.
|
||||
vldmia r1!, {d8,d9,d10,d11,d12,d13,d14,d15}
|
||||
#if defined(__APPLE__)
|
||||
@ r9 is not volatile on iOS.
|
||||
ldmia r1!, {r4,r5,r6,r7,r8,r10-r11}
|
||||
#else
|
||||
ldmia r1!, {r4,r5,r6,r7,r8,r9,r10,r11}
|
||||
#endif
|
||||
|
||||
@ Load register parameters. This uses up our remaining registers, so we
|
||||
@ repurpose lr as scratch space.
|
||||
ldr r3, [sp, #40] @ Reload argc.
|
||||
ldr lr, [sp, #36] @ Load argv into lr.
|
||||
cmp r3, #3
|
||||
bhi Larg_r3
|
||||
beq Larg_r2
|
||||
cmp r3, #1
|
||||
bhi Larg_r1
|
||||
beq Larg_r0
|
||||
b Largs_done
|
||||
|
||||
Larg_r3:
|
||||
ldr r3, [lr, #12] @ argv[3]
|
||||
Larg_r2:
|
||||
ldr r2, [lr, #8] @ argv[2]
|
||||
Larg_r1:
|
||||
ldr r1, [lr, #4] @ argv[1]
|
||||
Larg_r0:
|
||||
ldr r0, [lr] @ argv[0]
|
||||
Largs_done:
|
||||
|
||||
@ With every other register in use, load the function pointer into lr
|
||||
@ and call the function.
|
||||
ldr lr, [sp, #28]
|
||||
blx lr
|
||||
|
||||
@ r1-r3 are free for use again. The trampoline only supports
|
||||
@ single-return functions. Pass r4-r11 to the caller.
|
||||
ldr r1, [sp, #32]
|
||||
vstmia r1!, {d8,d9,d10,d11,d12,d13,d14,d15}
|
||||
#if defined(__APPLE__)
|
||||
@ r9 is not volatile on iOS.
|
||||
stmia r1!, {r4,r5,r6,r7,r8,r10-r11}
|
||||
#else
|
||||
stmia r1!, {r4,r5,r6,r7,r8,r9,r10,r11}
|
||||
#endif
|
||||
|
||||
@ Unwind the stack and restore registers.
|
||||
add sp, sp, #44 @ 44 = 28+16
|
||||
ldmia sp!, {r4,r5,r6,r7,r8,r9,r10,r11,lr} @ Skip r0-r3 (see +16 above).
|
||||
vldmia sp!, {d8,d9,d10,d11,d12,d13,d14,d15}
|
||||
|
||||
bx lr
|
||||
|
||||
|
||||
.globl _abi_test_clobber_r0
|
||||
.private_extern _abi_test_clobber_r0
|
||||
.align 4
|
||||
_abi_test_clobber_r0:
|
||||
mov r0, #0
|
||||
bx lr
|
||||
|
||||
|
||||
.globl _abi_test_clobber_r1
|
||||
.private_extern _abi_test_clobber_r1
|
||||
.align 4
|
||||
_abi_test_clobber_r1:
|
||||
mov r1, #0
|
||||
bx lr
|
||||
|
||||
|
||||
.globl _abi_test_clobber_r2
|
||||
.private_extern _abi_test_clobber_r2
|
||||
.align 4
|
||||
_abi_test_clobber_r2:
|
||||
mov r2, #0
|
||||
bx lr
|
||||
|
||||
|
||||
.globl _abi_test_clobber_r3
|
||||
.private_extern _abi_test_clobber_r3
|
||||
.align 4
|
||||
_abi_test_clobber_r3:
|
||||
mov r3, #0
|
||||
bx lr
|
||||
|
||||
|
||||
.globl _abi_test_clobber_r4
|
||||
.private_extern _abi_test_clobber_r4
|
||||
.align 4
|
||||
_abi_test_clobber_r4:
|
||||
mov r4, #0
|
||||
bx lr
|
||||
|
||||
|
||||
.globl _abi_test_clobber_r5
|
||||
.private_extern _abi_test_clobber_r5
|
||||
.align 4
|
||||
_abi_test_clobber_r5:
|
||||
mov r5, #0
|
||||
bx lr
|
||||
|
||||
|
||||
.globl _abi_test_clobber_r6
|
||||
.private_extern _abi_test_clobber_r6
|
||||
.align 4
|
||||
_abi_test_clobber_r6:
|
||||
mov r6, #0
|
||||
bx lr
|
||||
|
||||
|
||||
.globl _abi_test_clobber_r7
|
||||
.private_extern _abi_test_clobber_r7
|
||||
.align 4
|
||||
_abi_test_clobber_r7:
|
||||
mov r7, #0
|
||||
bx lr
|
||||
|
||||
|
||||
.globl _abi_test_clobber_r8
|
||||
.private_extern _abi_test_clobber_r8
|
||||
.align 4
|
||||
_abi_test_clobber_r8:
|
||||
mov r8, #0
|
||||
bx lr
|
||||
|
||||
|
||||
.globl _abi_test_clobber_r9
|
||||
.private_extern _abi_test_clobber_r9
|
||||
.align 4
|
||||
_abi_test_clobber_r9:
|
||||
mov r9, #0
|
||||
bx lr
|
||||
|
||||
|
||||
.globl _abi_test_clobber_r10
|
||||
.private_extern _abi_test_clobber_r10
|
||||
.align 4
|
||||
_abi_test_clobber_r10:
|
||||
mov r10, #0
|
||||
bx lr
|
||||
|
||||
|
||||
.globl _abi_test_clobber_r11
|
||||
.private_extern _abi_test_clobber_r11
|
||||
.align 4
|
||||
_abi_test_clobber_r11:
|
||||
mov r11, #0
|
||||
bx lr
|
||||
|
||||
|
||||
.globl _abi_test_clobber_r12
|
||||
.private_extern _abi_test_clobber_r12
|
||||
.align 4
|
||||
_abi_test_clobber_r12:
|
||||
mov r12, #0
|
||||
bx lr
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d0
|
||||
.private_extern _abi_test_clobber_d0
|
||||
.align 4
|
||||
_abi_test_clobber_d0:
|
||||
mov r0, #0
|
||||
vmov s0, r0
|
||||
vmov s1, r0
|
||||
bx lr
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d1
|
||||
.private_extern _abi_test_clobber_d1
|
||||
.align 4
|
||||
_abi_test_clobber_d1:
|
||||
mov r0, #0
|
||||
vmov s2, r0
|
||||
vmov s3, r0
|
||||
bx lr
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d2
|
||||
.private_extern _abi_test_clobber_d2
|
||||
.align 4
|
||||
_abi_test_clobber_d2:
|
||||
mov r0, #0
|
||||
vmov s4, r0
|
||||
vmov s5, r0
|
||||
bx lr
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d3
|
||||
.private_extern _abi_test_clobber_d3
|
||||
.align 4
|
||||
_abi_test_clobber_d3:
|
||||
mov r0, #0
|
||||
vmov s6, r0
|
||||
vmov s7, r0
|
||||
bx lr
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d4
|
||||
.private_extern _abi_test_clobber_d4
|
||||
.align 4
|
||||
_abi_test_clobber_d4:
|
||||
mov r0, #0
|
||||
vmov s8, r0
|
||||
vmov s9, r0
|
||||
bx lr
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d5
|
||||
.private_extern _abi_test_clobber_d5
|
||||
.align 4
|
||||
_abi_test_clobber_d5:
|
||||
mov r0, #0
|
||||
vmov s10, r0
|
||||
vmov s11, r0
|
||||
bx lr
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d6
|
||||
.private_extern _abi_test_clobber_d6
|
||||
.align 4
|
||||
_abi_test_clobber_d6:
|
||||
mov r0, #0
|
||||
vmov s12, r0
|
||||
vmov s13, r0
|
||||
bx lr
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d7
|
||||
.private_extern _abi_test_clobber_d7
|
||||
.align 4
|
||||
_abi_test_clobber_d7:
|
||||
mov r0, #0
|
||||
vmov s14, r0
|
||||
vmov s15, r0
|
||||
bx lr
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d8
|
||||
.private_extern _abi_test_clobber_d8
|
||||
.align 4
|
||||
_abi_test_clobber_d8:
|
||||
mov r0, #0
|
||||
vmov s16, r0
|
||||
vmov s17, r0
|
||||
bx lr
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d9
|
||||
.private_extern _abi_test_clobber_d9
|
||||
.align 4
|
||||
_abi_test_clobber_d9:
|
||||
mov r0, #0
|
||||
vmov s18, r0
|
||||
vmov s19, r0
|
||||
bx lr
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d10
|
||||
.private_extern _abi_test_clobber_d10
|
||||
.align 4
|
||||
_abi_test_clobber_d10:
|
||||
mov r0, #0
|
||||
vmov s20, r0
|
||||
vmov s21, r0
|
||||
bx lr
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d11
|
||||
.private_extern _abi_test_clobber_d11
|
||||
.align 4
|
||||
_abi_test_clobber_d11:
|
||||
mov r0, #0
|
||||
vmov s22, r0
|
||||
vmov s23, r0
|
||||
bx lr
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d12
|
||||
.private_extern _abi_test_clobber_d12
|
||||
.align 4
|
||||
_abi_test_clobber_d12:
|
||||
mov r0, #0
|
||||
vmov s24, r0
|
||||
vmov s25, r0
|
||||
bx lr
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d13
|
||||
.private_extern _abi_test_clobber_d13
|
||||
.align 4
|
||||
_abi_test_clobber_d13:
|
||||
mov r0, #0
|
||||
vmov s26, r0
|
||||
vmov s27, r0
|
||||
bx lr
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d14
|
||||
.private_extern _abi_test_clobber_d14
|
||||
.align 4
|
||||
_abi_test_clobber_d14:
|
||||
mov r0, #0
|
||||
vmov s28, r0
|
||||
vmov s29, r0
|
||||
bx lr
|
||||
|
||||
|
||||
.globl _abi_test_clobber_d15
|
||||
.private_extern _abi_test_clobber_d15
|
||||
.align 4
|
||||
_abi_test_clobber_d15:
|
||||
mov r0, #0
|
||||
vmov s30, r0
|
||||
vmov s31, r0
|
||||
bx lr
|
||||
|
||||
#endif // !OPENSSL_NO_ASM
|
||||
1625
third-party/boringssl/mac-x86_64/crypto/chacha/chacha-x86_64.S
vendored
Normal file
1625
third-party/boringssl/mac-x86_64/crypto/chacha/chacha-x86_64.S
vendored
Normal file
File diff suppressed because it is too large
Load diff
3068
third-party/boringssl/mac-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.S
vendored
Normal file
3068
third-party/boringssl/mac-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.S
vendored
Normal file
File diff suppressed because it is too large
Load diff
8985
third-party/boringssl/mac-x86_64/crypto/cipher_extra/chacha20_poly1305_x86_64.S
vendored
Normal file
8985
third-party/boringssl/mac-x86_64/crypto/cipher_extra/chacha20_poly1305_x86_64.S
vendored
Normal file
File diff suppressed because it is too large
Load diff
850
third-party/boringssl/mac-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S
vendored
Normal file
850
third-party/boringssl/mac-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S
vendored
Normal file
|
|
@ -0,0 +1,850 @@
|
|||
# This file is generated from a similarly-named Perl script in the BoringSSL
|
||||
# source tree. Do not edit by hand.
|
||||
|
||||
#if defined(__has_feature)
|
||||
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
|
||||
#define OPENSSL_NO_ASM
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(__x86_64__) && !defined(OPENSSL_NO_ASM)
|
||||
#if defined(BORINGSSL_PREFIX)
|
||||
#include <boringssl_prefix_symbols_asm.h>
|
||||
#endif
|
||||
.text
|
||||
|
||||
|
||||
.p2align 5
|
||||
_aesni_ctr32_ghash_6x:
|
||||
|
||||
vmovdqu 32(%r11),%xmm2
|
||||
subq $6,%rdx
|
||||
vpxor %xmm4,%xmm4,%xmm4
|
||||
vmovdqu 0-128(%rcx),%xmm15
|
||||
vpaddb %xmm2,%xmm1,%xmm10
|
||||
vpaddb %xmm2,%xmm10,%xmm11
|
||||
vpaddb %xmm2,%xmm11,%xmm12
|
||||
vpaddb %xmm2,%xmm12,%xmm13
|
||||
vpaddb %xmm2,%xmm13,%xmm14
|
||||
vpxor %xmm15,%xmm1,%xmm9
|
||||
vmovdqu %xmm4,16+8(%rsp)
|
||||
jmp L$oop6x
|
||||
|
||||
.p2align 5
|
||||
L$oop6x:
|
||||
addl $100663296,%ebx
|
||||
jc L$handle_ctr32
|
||||
vmovdqu 0-32(%r9),%xmm3
|
||||
vpaddb %xmm2,%xmm14,%xmm1
|
||||
vpxor %xmm15,%xmm10,%xmm10
|
||||
vpxor %xmm15,%xmm11,%xmm11
|
||||
|
||||
L$resume_ctr32:
|
||||
vmovdqu %xmm1,(%r8)
|
||||
vpclmulqdq $0x10,%xmm3,%xmm7,%xmm5
|
||||
vpxor %xmm15,%xmm12,%xmm12
|
||||
vmovups 16-128(%rcx),%xmm2
|
||||
vpclmulqdq $0x01,%xmm3,%xmm7,%xmm6
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
xorq %r12,%r12
|
||||
cmpq %r14,%r15
|
||||
|
||||
vaesenc %xmm2,%xmm9,%xmm9
|
||||
vmovdqu 48+8(%rsp),%xmm0
|
||||
vpxor %xmm15,%xmm13,%xmm13
|
||||
vpclmulqdq $0x00,%xmm3,%xmm7,%xmm1
|
||||
vaesenc %xmm2,%xmm10,%xmm10
|
||||
vpxor %xmm15,%xmm14,%xmm14
|
||||
setnc %r12b
|
||||
vpclmulqdq $0x11,%xmm3,%xmm7,%xmm7
|
||||
vaesenc %xmm2,%xmm11,%xmm11
|
||||
vmovdqu 16-32(%r9),%xmm3
|
||||
negq %r12
|
||||
vaesenc %xmm2,%xmm12,%xmm12
|
||||
vpxor %xmm5,%xmm6,%xmm6
|
||||
vpclmulqdq $0x00,%xmm3,%xmm0,%xmm5
|
||||
vpxor %xmm4,%xmm8,%xmm8
|
||||
vaesenc %xmm2,%xmm13,%xmm13
|
||||
vpxor %xmm5,%xmm1,%xmm4
|
||||
andq $0x60,%r12
|
||||
vmovups 32-128(%rcx),%xmm15
|
||||
vpclmulqdq $0x10,%xmm3,%xmm0,%xmm1
|
||||
vaesenc %xmm2,%xmm14,%xmm14
|
||||
|
||||
vpclmulqdq $0x01,%xmm3,%xmm0,%xmm2
|
||||
leaq (%r14,%r12,1),%r14
|
||||
vaesenc %xmm15,%xmm9,%xmm9
|
||||
vpxor 16+8(%rsp),%xmm8,%xmm8
|
||||
vpclmulqdq $0x11,%xmm3,%xmm0,%xmm3
|
||||
vmovdqu 64+8(%rsp),%xmm0
|
||||
vaesenc %xmm15,%xmm10,%xmm10
|
||||
movbeq 88(%r14),%r13
|
||||
vaesenc %xmm15,%xmm11,%xmm11
|
||||
movbeq 80(%r14),%r12
|
||||
vaesenc %xmm15,%xmm12,%xmm12
|
||||
movq %r13,32+8(%rsp)
|
||||
vaesenc %xmm15,%xmm13,%xmm13
|
||||
movq %r12,40+8(%rsp)
|
||||
vmovdqu 48-32(%r9),%xmm5
|
||||
vaesenc %xmm15,%xmm14,%xmm14
|
||||
|
||||
vmovups 48-128(%rcx),%xmm15
|
||||
vpxor %xmm1,%xmm6,%xmm6
|
||||
vpclmulqdq $0x00,%xmm5,%xmm0,%xmm1
|
||||
vaesenc %xmm15,%xmm9,%xmm9
|
||||
vpxor %xmm2,%xmm6,%xmm6
|
||||
vpclmulqdq $0x10,%xmm5,%xmm0,%xmm2
|
||||
vaesenc %xmm15,%xmm10,%xmm10
|
||||
vpxor %xmm3,%xmm7,%xmm7
|
||||
vpclmulqdq $0x01,%xmm5,%xmm0,%xmm3
|
||||
vaesenc %xmm15,%xmm11,%xmm11
|
||||
vpclmulqdq $0x11,%xmm5,%xmm0,%xmm5
|
||||
vmovdqu 80+8(%rsp),%xmm0
|
||||
vaesenc %xmm15,%xmm12,%xmm12
|
||||
vaesenc %xmm15,%xmm13,%xmm13
|
||||
vpxor %xmm1,%xmm4,%xmm4
|
||||
vmovdqu 64-32(%r9),%xmm1
|
||||
vaesenc %xmm15,%xmm14,%xmm14
|
||||
|
||||
vmovups 64-128(%rcx),%xmm15
|
||||
vpxor %xmm2,%xmm6,%xmm6
|
||||
vpclmulqdq $0x00,%xmm1,%xmm0,%xmm2
|
||||
vaesenc %xmm15,%xmm9,%xmm9
|
||||
vpxor %xmm3,%xmm6,%xmm6
|
||||
vpclmulqdq $0x10,%xmm1,%xmm0,%xmm3
|
||||
vaesenc %xmm15,%xmm10,%xmm10
|
||||
movbeq 72(%r14),%r13
|
||||
vpxor %xmm5,%xmm7,%xmm7
|
||||
vpclmulqdq $0x01,%xmm1,%xmm0,%xmm5
|
||||
vaesenc %xmm15,%xmm11,%xmm11
|
||||
movbeq 64(%r14),%r12
|
||||
vpclmulqdq $0x11,%xmm1,%xmm0,%xmm1
|
||||
vmovdqu 96+8(%rsp),%xmm0
|
||||
vaesenc %xmm15,%xmm12,%xmm12
|
||||
movq %r13,48+8(%rsp)
|
||||
vaesenc %xmm15,%xmm13,%xmm13
|
||||
movq %r12,56+8(%rsp)
|
||||
vpxor %xmm2,%xmm4,%xmm4
|
||||
vmovdqu 96-32(%r9),%xmm2
|
||||
vaesenc %xmm15,%xmm14,%xmm14
|
||||
|
||||
vmovups 80-128(%rcx),%xmm15
|
||||
vpxor %xmm3,%xmm6,%xmm6
|
||||
vpclmulqdq $0x00,%xmm2,%xmm0,%xmm3
|
||||
vaesenc %xmm15,%xmm9,%xmm9
|
||||
vpxor %xmm5,%xmm6,%xmm6
|
||||
vpclmulqdq $0x10,%xmm2,%xmm0,%xmm5
|
||||
vaesenc %xmm15,%xmm10,%xmm10
|
||||
movbeq 56(%r14),%r13
|
||||
vpxor %xmm1,%xmm7,%xmm7
|
||||
vpclmulqdq $0x01,%xmm2,%xmm0,%xmm1
|
||||
vpxor 112+8(%rsp),%xmm8,%xmm8
|
||||
vaesenc %xmm15,%xmm11,%xmm11
|
||||
movbeq 48(%r14),%r12
|
||||
vpclmulqdq $0x11,%xmm2,%xmm0,%xmm2
|
||||
vaesenc %xmm15,%xmm12,%xmm12
|
||||
movq %r13,64+8(%rsp)
|
||||
vaesenc %xmm15,%xmm13,%xmm13
|
||||
movq %r12,72+8(%rsp)
|
||||
vpxor %xmm3,%xmm4,%xmm4
|
||||
vmovdqu 112-32(%r9),%xmm3
|
||||
vaesenc %xmm15,%xmm14,%xmm14
|
||||
|
||||
vmovups 96-128(%rcx),%xmm15
|
||||
vpxor %xmm5,%xmm6,%xmm6
|
||||
vpclmulqdq $0x10,%xmm3,%xmm8,%xmm5
|
||||
vaesenc %xmm15,%xmm9,%xmm9
|
||||
vpxor %xmm1,%xmm6,%xmm6
|
||||
vpclmulqdq $0x01,%xmm3,%xmm8,%xmm1
|
||||
vaesenc %xmm15,%xmm10,%xmm10
|
||||
movbeq 40(%r14),%r13
|
||||
vpxor %xmm2,%xmm7,%xmm7
|
||||
vpclmulqdq $0x00,%xmm3,%xmm8,%xmm2
|
||||
vaesenc %xmm15,%xmm11,%xmm11
|
||||
movbeq 32(%r14),%r12
|
||||
vpclmulqdq $0x11,%xmm3,%xmm8,%xmm8
|
||||
vaesenc %xmm15,%xmm12,%xmm12
|
||||
movq %r13,80+8(%rsp)
|
||||
vaesenc %xmm15,%xmm13,%xmm13
|
||||
movq %r12,88+8(%rsp)
|
||||
vpxor %xmm5,%xmm6,%xmm6
|
||||
vaesenc %xmm15,%xmm14,%xmm14
|
||||
vpxor %xmm1,%xmm6,%xmm6
|
||||
|
||||
vmovups 112-128(%rcx),%xmm15
|
||||
vpslldq $8,%xmm6,%xmm5
|
||||
vpxor %xmm2,%xmm4,%xmm4
|
||||
vmovdqu 16(%r11),%xmm3
|
||||
|
||||
vaesenc %xmm15,%xmm9,%xmm9
|
||||
vpxor %xmm8,%xmm7,%xmm7
|
||||
vaesenc %xmm15,%xmm10,%xmm10
|
||||
vpxor %xmm5,%xmm4,%xmm4
|
||||
movbeq 24(%r14),%r13
|
||||
vaesenc %xmm15,%xmm11,%xmm11
|
||||
movbeq 16(%r14),%r12
|
||||
vpalignr $8,%xmm4,%xmm4,%xmm0
|
||||
vpclmulqdq $0x10,%xmm3,%xmm4,%xmm4
|
||||
movq %r13,96+8(%rsp)
|
||||
vaesenc %xmm15,%xmm12,%xmm12
|
||||
movq %r12,104+8(%rsp)
|
||||
vaesenc %xmm15,%xmm13,%xmm13
|
||||
vmovups 128-128(%rcx),%xmm1
|
||||
vaesenc %xmm15,%xmm14,%xmm14
|
||||
|
||||
vaesenc %xmm1,%xmm9,%xmm9
|
||||
vmovups 144-128(%rcx),%xmm15
|
||||
vaesenc %xmm1,%xmm10,%xmm10
|
||||
vpsrldq $8,%xmm6,%xmm6
|
||||
vaesenc %xmm1,%xmm11,%xmm11
|
||||
vpxor %xmm6,%xmm7,%xmm7
|
||||
vaesenc %xmm1,%xmm12,%xmm12
|
||||
vpxor %xmm0,%xmm4,%xmm4
|
||||
movbeq 8(%r14),%r13
|
||||
vaesenc %xmm1,%xmm13,%xmm13
|
||||
movbeq 0(%r14),%r12
|
||||
vaesenc %xmm1,%xmm14,%xmm14
|
||||
vmovups 160-128(%rcx),%xmm1
|
||||
cmpl $11,%ebp
|
||||
jb L$enc_tail
|
||||
|
||||
vaesenc %xmm15,%xmm9,%xmm9
|
||||
vaesenc %xmm15,%xmm10,%xmm10
|
||||
vaesenc %xmm15,%xmm11,%xmm11
|
||||
vaesenc %xmm15,%xmm12,%xmm12
|
||||
vaesenc %xmm15,%xmm13,%xmm13
|
||||
vaesenc %xmm15,%xmm14,%xmm14
|
||||
|
||||
vaesenc %xmm1,%xmm9,%xmm9
|
||||
vaesenc %xmm1,%xmm10,%xmm10
|
||||
vaesenc %xmm1,%xmm11,%xmm11
|
||||
vaesenc %xmm1,%xmm12,%xmm12
|
||||
vaesenc %xmm1,%xmm13,%xmm13
|
||||
vmovups 176-128(%rcx),%xmm15
|
||||
vaesenc %xmm1,%xmm14,%xmm14
|
||||
vmovups 192-128(%rcx),%xmm1
|
||||
je L$enc_tail
|
||||
|
||||
vaesenc %xmm15,%xmm9,%xmm9
|
||||
vaesenc %xmm15,%xmm10,%xmm10
|
||||
vaesenc %xmm15,%xmm11,%xmm11
|
||||
vaesenc %xmm15,%xmm12,%xmm12
|
||||
vaesenc %xmm15,%xmm13,%xmm13
|
||||
vaesenc %xmm15,%xmm14,%xmm14
|
||||
|
||||
vaesenc %xmm1,%xmm9,%xmm9
|
||||
vaesenc %xmm1,%xmm10,%xmm10
|
||||
vaesenc %xmm1,%xmm11,%xmm11
|
||||
vaesenc %xmm1,%xmm12,%xmm12
|
||||
vaesenc %xmm1,%xmm13,%xmm13
|
||||
vmovups 208-128(%rcx),%xmm15
|
||||
vaesenc %xmm1,%xmm14,%xmm14
|
||||
vmovups 224-128(%rcx),%xmm1
|
||||
jmp L$enc_tail
|
||||
|
||||
.p2align 5
|
||||
L$handle_ctr32:
|
||||
vmovdqu (%r11),%xmm0
|
||||
vpshufb %xmm0,%xmm1,%xmm6
|
||||
vmovdqu 48(%r11),%xmm5
|
||||
vpaddd 64(%r11),%xmm6,%xmm10
|
||||
vpaddd %xmm5,%xmm6,%xmm11
|
||||
vmovdqu 0-32(%r9),%xmm3
|
||||
vpaddd %xmm5,%xmm10,%xmm12
|
||||
vpshufb %xmm0,%xmm10,%xmm10
|
||||
vpaddd %xmm5,%xmm11,%xmm13
|
||||
vpshufb %xmm0,%xmm11,%xmm11
|
||||
vpxor %xmm15,%xmm10,%xmm10
|
||||
vpaddd %xmm5,%xmm12,%xmm14
|
||||
vpshufb %xmm0,%xmm12,%xmm12
|
||||
vpxor %xmm15,%xmm11,%xmm11
|
||||
vpaddd %xmm5,%xmm13,%xmm1
|
||||
vpshufb %xmm0,%xmm13,%xmm13
|
||||
vpshufb %xmm0,%xmm14,%xmm14
|
||||
vpshufb %xmm0,%xmm1,%xmm1
|
||||
jmp L$resume_ctr32
|
||||
|
||||
.p2align 5
|
||||
L$enc_tail:
|
||||
vaesenc %xmm15,%xmm9,%xmm9
|
||||
vmovdqu %xmm7,16+8(%rsp)
|
||||
vpalignr $8,%xmm4,%xmm4,%xmm8
|
||||
vaesenc %xmm15,%xmm10,%xmm10
|
||||
vpclmulqdq $0x10,%xmm3,%xmm4,%xmm4
|
||||
vpxor 0(%rdi),%xmm1,%xmm2
|
||||
vaesenc %xmm15,%xmm11,%xmm11
|
||||
vpxor 16(%rdi),%xmm1,%xmm0
|
||||
vaesenc %xmm15,%xmm12,%xmm12
|
||||
vpxor 32(%rdi),%xmm1,%xmm5
|
||||
vaesenc %xmm15,%xmm13,%xmm13
|
||||
vpxor 48(%rdi),%xmm1,%xmm6
|
||||
vaesenc %xmm15,%xmm14,%xmm14
|
||||
vpxor 64(%rdi),%xmm1,%xmm7
|
||||
vpxor 80(%rdi),%xmm1,%xmm3
|
||||
vmovdqu (%r8),%xmm1
|
||||
|
||||
vaesenclast %xmm2,%xmm9,%xmm9
|
||||
vmovdqu 32(%r11),%xmm2
|
||||
vaesenclast %xmm0,%xmm10,%xmm10
|
||||
vpaddb %xmm2,%xmm1,%xmm0
|
||||
movq %r13,112+8(%rsp)
|
||||
leaq 96(%rdi),%rdi
|
||||
vaesenclast %xmm5,%xmm11,%xmm11
|
||||
vpaddb %xmm2,%xmm0,%xmm5
|
||||
movq %r12,120+8(%rsp)
|
||||
leaq 96(%rsi),%rsi
|
||||
vmovdqu 0-128(%rcx),%xmm15
|
||||
vaesenclast %xmm6,%xmm12,%xmm12
|
||||
vpaddb %xmm2,%xmm5,%xmm6
|
||||
vaesenclast %xmm7,%xmm13,%xmm13
|
||||
vpaddb %xmm2,%xmm6,%xmm7
|
||||
vaesenclast %xmm3,%xmm14,%xmm14
|
||||
vpaddb %xmm2,%xmm7,%xmm3
|
||||
|
||||
addq $0x60,%r10
|
||||
subq $0x6,%rdx
|
||||
jc L$6x_done
|
||||
|
||||
vmovups %xmm9,-96(%rsi)
|
||||
vpxor %xmm15,%xmm1,%xmm9
|
||||
vmovups %xmm10,-80(%rsi)
|
||||
vmovdqa %xmm0,%xmm10
|
||||
vmovups %xmm11,-64(%rsi)
|
||||
vmovdqa %xmm5,%xmm11
|
||||
vmovups %xmm12,-48(%rsi)
|
||||
vmovdqa %xmm6,%xmm12
|
||||
vmovups %xmm13,-32(%rsi)
|
||||
vmovdqa %xmm7,%xmm13
|
||||
vmovups %xmm14,-16(%rsi)
|
||||
vmovdqa %xmm3,%xmm14
|
||||
vmovdqu 32+8(%rsp),%xmm7
|
||||
jmp L$oop6x
|
||||
|
||||
L$6x_done:
|
||||
vpxor 16+8(%rsp),%xmm8,%xmm8
|
||||
vpxor %xmm4,%xmm8,%xmm8
|
||||
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
.globl _aesni_gcm_decrypt
|
||||
.private_extern _aesni_gcm_decrypt
|
||||
|
||||
.p2align 5
|
||||
_aesni_gcm_decrypt:
|
||||
|
||||
xorq %r10,%r10
|
||||
|
||||
|
||||
|
||||
cmpq $0x60,%rdx
|
||||
jb L$gcm_dec_abort
|
||||
|
||||
leaq (%rsp),%rax
|
||||
|
||||
pushq %rbx
|
||||
|
||||
pushq %rbp
|
||||
|
||||
pushq %r12
|
||||
|
||||
pushq %r13
|
||||
|
||||
pushq %r14
|
||||
|
||||
pushq %r15
|
||||
|
||||
vzeroupper
|
||||
|
||||
vmovdqu (%r8),%xmm1
|
||||
addq $-128,%rsp
|
||||
movl 12(%r8),%ebx
|
||||
leaq L$bswap_mask(%rip),%r11
|
||||
leaq -128(%rcx),%r14
|
||||
movq $0xf80,%r15
|
||||
vmovdqu (%r9),%xmm8
|
||||
andq $-128,%rsp
|
||||
vmovdqu (%r11),%xmm0
|
||||
leaq 128(%rcx),%rcx
|
||||
leaq 32+32(%r9),%r9
|
||||
movl 240-128(%rcx),%ebp
|
||||
vpshufb %xmm0,%xmm8,%xmm8
|
||||
|
||||
andq %r15,%r14
|
||||
andq %rsp,%r15
|
||||
subq %r14,%r15
|
||||
jc L$dec_no_key_aliasing
|
||||
cmpq $768,%r15
|
||||
jnc L$dec_no_key_aliasing
|
||||
subq %r15,%rsp
|
||||
L$dec_no_key_aliasing:
|
||||
|
||||
vmovdqu 80(%rdi),%xmm7
|
||||
leaq (%rdi),%r14
|
||||
vmovdqu 64(%rdi),%xmm4
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
leaq -192(%rdi,%rdx,1),%r15
|
||||
|
||||
vmovdqu 48(%rdi),%xmm5
|
||||
shrq $4,%rdx
|
||||
xorq %r10,%r10
|
||||
vmovdqu 32(%rdi),%xmm6
|
||||
vpshufb %xmm0,%xmm7,%xmm7
|
||||
vmovdqu 16(%rdi),%xmm2
|
||||
vpshufb %xmm0,%xmm4,%xmm4
|
||||
vmovdqu (%rdi),%xmm3
|
||||
vpshufb %xmm0,%xmm5,%xmm5
|
||||
vmovdqu %xmm4,48(%rsp)
|
||||
vpshufb %xmm0,%xmm6,%xmm6
|
||||
vmovdqu %xmm5,64(%rsp)
|
||||
vpshufb %xmm0,%xmm2,%xmm2
|
||||
vmovdqu %xmm6,80(%rsp)
|
||||
vpshufb %xmm0,%xmm3,%xmm3
|
||||
vmovdqu %xmm2,96(%rsp)
|
||||
vmovdqu %xmm3,112(%rsp)
|
||||
|
||||
call _aesni_ctr32_ghash_6x
|
||||
|
||||
vmovups %xmm9,-96(%rsi)
|
||||
vmovups %xmm10,-80(%rsi)
|
||||
vmovups %xmm11,-64(%rsi)
|
||||
vmovups %xmm12,-48(%rsi)
|
||||
vmovups %xmm13,-32(%rsi)
|
||||
vmovups %xmm14,-16(%rsi)
|
||||
|
||||
vpshufb (%r11),%xmm8,%xmm8
|
||||
vmovdqu %xmm8,-64(%r9)
|
||||
|
||||
vzeroupper
|
||||
movq -48(%rax),%r15
|
||||
|
||||
movq -40(%rax),%r14
|
||||
|
||||
movq -32(%rax),%r13
|
||||
|
||||
movq -24(%rax),%r12
|
||||
|
||||
movq -16(%rax),%rbp
|
||||
|
||||
movq -8(%rax),%rbx
|
||||
|
||||
leaq (%rax),%rsp
|
||||
|
||||
L$gcm_dec_abort:
|
||||
movq %r10,%rax
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
|
||||
.p2align 5
|
||||
_aesni_ctr32_6x:
|
||||
|
||||
vmovdqu 0-128(%rcx),%xmm4
|
||||
vmovdqu 32(%r11),%xmm2
|
||||
leaq -1(%rbp),%r13
|
||||
vmovups 16-128(%rcx),%xmm15
|
||||
leaq 32-128(%rcx),%r12
|
||||
vpxor %xmm4,%xmm1,%xmm9
|
||||
addl $100663296,%ebx
|
||||
jc L$handle_ctr32_2
|
||||
vpaddb %xmm2,%xmm1,%xmm10
|
||||
vpaddb %xmm2,%xmm10,%xmm11
|
||||
vpxor %xmm4,%xmm10,%xmm10
|
||||
vpaddb %xmm2,%xmm11,%xmm12
|
||||
vpxor %xmm4,%xmm11,%xmm11
|
||||
vpaddb %xmm2,%xmm12,%xmm13
|
||||
vpxor %xmm4,%xmm12,%xmm12
|
||||
vpaddb %xmm2,%xmm13,%xmm14
|
||||
vpxor %xmm4,%xmm13,%xmm13
|
||||
vpaddb %xmm2,%xmm14,%xmm1
|
||||
vpxor %xmm4,%xmm14,%xmm14
|
||||
jmp L$oop_ctr32
|
||||
|
||||
.p2align 4
|
||||
L$oop_ctr32:
|
||||
vaesenc %xmm15,%xmm9,%xmm9
|
||||
vaesenc %xmm15,%xmm10,%xmm10
|
||||
vaesenc %xmm15,%xmm11,%xmm11
|
||||
vaesenc %xmm15,%xmm12,%xmm12
|
||||
vaesenc %xmm15,%xmm13,%xmm13
|
||||
vaesenc %xmm15,%xmm14,%xmm14
|
||||
vmovups (%r12),%xmm15
|
||||
leaq 16(%r12),%r12
|
||||
decl %r13d
|
||||
jnz L$oop_ctr32
|
||||
|
||||
vmovdqu (%r12),%xmm3
|
||||
vaesenc %xmm15,%xmm9,%xmm9
|
||||
vpxor 0(%rdi),%xmm3,%xmm4
|
||||
vaesenc %xmm15,%xmm10,%xmm10
|
||||
vpxor 16(%rdi),%xmm3,%xmm5
|
||||
vaesenc %xmm15,%xmm11,%xmm11
|
||||
vpxor 32(%rdi),%xmm3,%xmm6
|
||||
vaesenc %xmm15,%xmm12,%xmm12
|
||||
vpxor 48(%rdi),%xmm3,%xmm8
|
||||
vaesenc %xmm15,%xmm13,%xmm13
|
||||
vpxor 64(%rdi),%xmm3,%xmm2
|
||||
vaesenc %xmm15,%xmm14,%xmm14
|
||||
vpxor 80(%rdi),%xmm3,%xmm3
|
||||
leaq 96(%rdi),%rdi
|
||||
|
||||
vaesenclast %xmm4,%xmm9,%xmm9
|
||||
vaesenclast %xmm5,%xmm10,%xmm10
|
||||
vaesenclast %xmm6,%xmm11,%xmm11
|
||||
vaesenclast %xmm8,%xmm12,%xmm12
|
||||
vaesenclast %xmm2,%xmm13,%xmm13
|
||||
vaesenclast %xmm3,%xmm14,%xmm14
|
||||
vmovups %xmm9,0(%rsi)
|
||||
vmovups %xmm10,16(%rsi)
|
||||
vmovups %xmm11,32(%rsi)
|
||||
vmovups %xmm12,48(%rsi)
|
||||
vmovups %xmm13,64(%rsi)
|
||||
vmovups %xmm14,80(%rsi)
|
||||
leaq 96(%rsi),%rsi
|
||||
|
||||
.byte 0xf3,0xc3
|
||||
.p2align 5
|
||||
L$handle_ctr32_2:
|
||||
vpshufb %xmm0,%xmm1,%xmm6
|
||||
vmovdqu 48(%r11),%xmm5
|
||||
vpaddd 64(%r11),%xmm6,%xmm10
|
||||
vpaddd %xmm5,%xmm6,%xmm11
|
||||
vpaddd %xmm5,%xmm10,%xmm12
|
||||
vpshufb %xmm0,%xmm10,%xmm10
|
||||
vpaddd %xmm5,%xmm11,%xmm13
|
||||
vpshufb %xmm0,%xmm11,%xmm11
|
||||
vpxor %xmm4,%xmm10,%xmm10
|
||||
vpaddd %xmm5,%xmm12,%xmm14
|
||||
vpshufb %xmm0,%xmm12,%xmm12
|
||||
vpxor %xmm4,%xmm11,%xmm11
|
||||
vpaddd %xmm5,%xmm13,%xmm1
|
||||
vpshufb %xmm0,%xmm13,%xmm13
|
||||
vpxor %xmm4,%xmm12,%xmm12
|
||||
vpshufb %xmm0,%xmm14,%xmm14
|
||||
vpxor %xmm4,%xmm13,%xmm13
|
||||
vpshufb %xmm0,%xmm1,%xmm1
|
||||
vpxor %xmm4,%xmm14,%xmm14
|
||||
jmp L$oop_ctr32
|
||||
|
||||
|
||||
|
||||
.globl _aesni_gcm_encrypt
|
||||
.private_extern _aesni_gcm_encrypt
|
||||
|
||||
.p2align 5
|
||||
_aesni_gcm_encrypt:
|
||||
|
||||
#ifdef BORINGSSL_DISPATCH_TEST
|
||||
|
||||
movb $1,_BORINGSSL_function_hit+2(%rip)
|
||||
#endif
|
||||
xorq %r10,%r10
|
||||
|
||||
|
||||
|
||||
|
||||
cmpq $288,%rdx
|
||||
jb L$gcm_enc_abort
|
||||
|
||||
leaq (%rsp),%rax
|
||||
|
||||
pushq %rbx
|
||||
|
||||
pushq %rbp
|
||||
|
||||
pushq %r12
|
||||
|
||||
pushq %r13
|
||||
|
||||
pushq %r14
|
||||
|
||||
pushq %r15
|
||||
|
||||
vzeroupper
|
||||
|
||||
vmovdqu (%r8),%xmm1
|
||||
addq $-128,%rsp
|
||||
movl 12(%r8),%ebx
|
||||
leaq L$bswap_mask(%rip),%r11
|
||||
leaq -128(%rcx),%r14
|
||||
movq $0xf80,%r15
|
||||
leaq 128(%rcx),%rcx
|
||||
vmovdqu (%r11),%xmm0
|
||||
andq $-128,%rsp
|
||||
movl 240-128(%rcx),%ebp
|
||||
|
||||
andq %r15,%r14
|
||||
andq %rsp,%r15
|
||||
subq %r14,%r15
|
||||
jc L$enc_no_key_aliasing
|
||||
cmpq $768,%r15
|
||||
jnc L$enc_no_key_aliasing
|
||||
subq %r15,%rsp
|
||||
L$enc_no_key_aliasing:
|
||||
|
||||
leaq (%rsi),%r14
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
leaq -192(%rsi,%rdx,1),%r15
|
||||
|
||||
shrq $4,%rdx
|
||||
|
||||
call _aesni_ctr32_6x
|
||||
vpshufb %xmm0,%xmm9,%xmm8
|
||||
vpshufb %xmm0,%xmm10,%xmm2
|
||||
vmovdqu %xmm8,112(%rsp)
|
||||
vpshufb %xmm0,%xmm11,%xmm4
|
||||
vmovdqu %xmm2,96(%rsp)
|
||||
vpshufb %xmm0,%xmm12,%xmm5
|
||||
vmovdqu %xmm4,80(%rsp)
|
||||
vpshufb %xmm0,%xmm13,%xmm6
|
||||
vmovdqu %xmm5,64(%rsp)
|
||||
vpshufb %xmm0,%xmm14,%xmm7
|
||||
vmovdqu %xmm6,48(%rsp)
|
||||
|
||||
call _aesni_ctr32_6x
|
||||
|
||||
vmovdqu (%r9),%xmm8
|
||||
leaq 32+32(%r9),%r9
|
||||
subq $12,%rdx
|
||||
movq $192,%r10
|
||||
vpshufb %xmm0,%xmm8,%xmm8
|
||||
|
||||
call _aesni_ctr32_ghash_6x
|
||||
vmovdqu 32(%rsp),%xmm7
|
||||
vmovdqu (%r11),%xmm0
|
||||
vmovdqu 0-32(%r9),%xmm3
|
||||
vpunpckhqdq %xmm7,%xmm7,%xmm1
|
||||
vmovdqu 32-32(%r9),%xmm15
|
||||
vmovups %xmm9,-96(%rsi)
|
||||
vpshufb %xmm0,%xmm9,%xmm9
|
||||
vpxor %xmm7,%xmm1,%xmm1
|
||||
vmovups %xmm10,-80(%rsi)
|
||||
vpshufb %xmm0,%xmm10,%xmm10
|
||||
vmovups %xmm11,-64(%rsi)
|
||||
vpshufb %xmm0,%xmm11,%xmm11
|
||||
vmovups %xmm12,-48(%rsi)
|
||||
vpshufb %xmm0,%xmm12,%xmm12
|
||||
vmovups %xmm13,-32(%rsi)
|
||||
vpshufb %xmm0,%xmm13,%xmm13
|
||||
vmovups %xmm14,-16(%rsi)
|
||||
vpshufb %xmm0,%xmm14,%xmm14
|
||||
vmovdqu %xmm9,16(%rsp)
|
||||
vmovdqu 48(%rsp),%xmm6
|
||||
vmovdqu 16-32(%r9),%xmm0
|
||||
vpunpckhqdq %xmm6,%xmm6,%xmm2
|
||||
vpclmulqdq $0x00,%xmm3,%xmm7,%xmm5
|
||||
vpxor %xmm6,%xmm2,%xmm2
|
||||
vpclmulqdq $0x11,%xmm3,%xmm7,%xmm7
|
||||
vpclmulqdq $0x00,%xmm15,%xmm1,%xmm1
|
||||
|
||||
vmovdqu 64(%rsp),%xmm9
|
||||
vpclmulqdq $0x00,%xmm0,%xmm6,%xmm4
|
||||
vmovdqu 48-32(%r9),%xmm3
|
||||
vpxor %xmm5,%xmm4,%xmm4
|
||||
vpunpckhqdq %xmm9,%xmm9,%xmm5
|
||||
vpclmulqdq $0x11,%xmm0,%xmm6,%xmm6
|
||||
vpxor %xmm9,%xmm5,%xmm5
|
||||
vpxor %xmm7,%xmm6,%xmm6
|
||||
vpclmulqdq $0x10,%xmm15,%xmm2,%xmm2
|
||||
vmovdqu 80-32(%r9),%xmm15
|
||||
vpxor %xmm1,%xmm2,%xmm2
|
||||
|
||||
vmovdqu 80(%rsp),%xmm1
|
||||
vpclmulqdq $0x00,%xmm3,%xmm9,%xmm7
|
||||
vmovdqu 64-32(%r9),%xmm0
|
||||
vpxor %xmm4,%xmm7,%xmm7
|
||||
vpunpckhqdq %xmm1,%xmm1,%xmm4
|
||||
vpclmulqdq $0x11,%xmm3,%xmm9,%xmm9
|
||||
vpxor %xmm1,%xmm4,%xmm4
|
||||
vpxor %xmm6,%xmm9,%xmm9
|
||||
vpclmulqdq $0x00,%xmm15,%xmm5,%xmm5
|
||||
vpxor %xmm2,%xmm5,%xmm5
|
||||
|
||||
vmovdqu 96(%rsp),%xmm2
|
||||
vpclmulqdq $0x00,%xmm0,%xmm1,%xmm6
|
||||
vmovdqu 96-32(%r9),%xmm3
|
||||
vpxor %xmm7,%xmm6,%xmm6
|
||||
vpunpckhqdq %xmm2,%xmm2,%xmm7
|
||||
vpclmulqdq $0x11,%xmm0,%xmm1,%xmm1
|
||||
vpxor %xmm2,%xmm7,%xmm7
|
||||
vpxor %xmm9,%xmm1,%xmm1
|
||||
vpclmulqdq $0x10,%xmm15,%xmm4,%xmm4
|
||||
vmovdqu 128-32(%r9),%xmm15
|
||||
vpxor %xmm5,%xmm4,%xmm4
|
||||
|
||||
vpxor 112(%rsp),%xmm8,%xmm8
|
||||
vpclmulqdq $0x00,%xmm3,%xmm2,%xmm5
|
||||
vmovdqu 112-32(%r9),%xmm0
|
||||
vpunpckhqdq %xmm8,%xmm8,%xmm9
|
||||
vpxor %xmm6,%xmm5,%xmm5
|
||||
vpclmulqdq $0x11,%xmm3,%xmm2,%xmm2
|
||||
vpxor %xmm8,%xmm9,%xmm9
|
||||
vpxor %xmm1,%xmm2,%xmm2
|
||||
vpclmulqdq $0x00,%xmm15,%xmm7,%xmm7
|
||||
vpxor %xmm4,%xmm7,%xmm4
|
||||
|
||||
vpclmulqdq $0x00,%xmm0,%xmm8,%xmm6
|
||||
vmovdqu 0-32(%r9),%xmm3
|
||||
vpunpckhqdq %xmm14,%xmm14,%xmm1
|
||||
vpclmulqdq $0x11,%xmm0,%xmm8,%xmm8
|
||||
vpxor %xmm14,%xmm1,%xmm1
|
||||
vpxor %xmm5,%xmm6,%xmm5
|
||||
vpclmulqdq $0x10,%xmm15,%xmm9,%xmm9
|
||||
vmovdqu 32-32(%r9),%xmm15
|
||||
vpxor %xmm2,%xmm8,%xmm7
|
||||
vpxor %xmm4,%xmm9,%xmm6
|
||||
|
||||
vmovdqu 16-32(%r9),%xmm0
|
||||
vpxor %xmm5,%xmm7,%xmm9
|
||||
vpclmulqdq $0x00,%xmm3,%xmm14,%xmm4
|
||||
vpxor %xmm9,%xmm6,%xmm6
|
||||
vpunpckhqdq %xmm13,%xmm13,%xmm2
|
||||
vpclmulqdq $0x11,%xmm3,%xmm14,%xmm14
|
||||
vpxor %xmm13,%xmm2,%xmm2
|
||||
vpslldq $8,%xmm6,%xmm9
|
||||
vpclmulqdq $0x00,%xmm15,%xmm1,%xmm1
|
||||
vpxor %xmm9,%xmm5,%xmm8
|
||||
vpsrldq $8,%xmm6,%xmm6
|
||||
vpxor %xmm6,%xmm7,%xmm7
|
||||
|
||||
vpclmulqdq $0x00,%xmm0,%xmm13,%xmm5
|
||||
vmovdqu 48-32(%r9),%xmm3
|
||||
vpxor %xmm4,%xmm5,%xmm5
|
||||
vpunpckhqdq %xmm12,%xmm12,%xmm9
|
||||
vpclmulqdq $0x11,%xmm0,%xmm13,%xmm13
|
||||
vpxor %xmm12,%xmm9,%xmm9
|
||||
vpxor %xmm14,%xmm13,%xmm13
|
||||
vpalignr $8,%xmm8,%xmm8,%xmm14
|
||||
vpclmulqdq $0x10,%xmm15,%xmm2,%xmm2
|
||||
vmovdqu 80-32(%r9),%xmm15
|
||||
vpxor %xmm1,%xmm2,%xmm2
|
||||
|
||||
vpclmulqdq $0x00,%xmm3,%xmm12,%xmm4
|
||||
vmovdqu 64-32(%r9),%xmm0
|
||||
vpxor %xmm5,%xmm4,%xmm4
|
||||
vpunpckhqdq %xmm11,%xmm11,%xmm1
|
||||
vpclmulqdq $0x11,%xmm3,%xmm12,%xmm12
|
||||
vpxor %xmm11,%xmm1,%xmm1
|
||||
vpxor %xmm13,%xmm12,%xmm12
|
||||
vxorps 16(%rsp),%xmm7,%xmm7
|
||||
vpclmulqdq $0x00,%xmm15,%xmm9,%xmm9
|
||||
vpxor %xmm2,%xmm9,%xmm9
|
||||
|
||||
vpclmulqdq $0x10,16(%r11),%xmm8,%xmm8
|
||||
vxorps %xmm14,%xmm8,%xmm8
|
||||
|
||||
vpclmulqdq $0x00,%xmm0,%xmm11,%xmm5
|
||||
vmovdqu 96-32(%r9),%xmm3
|
||||
vpxor %xmm4,%xmm5,%xmm5
|
||||
vpunpckhqdq %xmm10,%xmm10,%xmm2
|
||||
vpclmulqdq $0x11,%xmm0,%xmm11,%xmm11
|
||||
vpxor %xmm10,%xmm2,%xmm2
|
||||
vpalignr $8,%xmm8,%xmm8,%xmm14
|
||||
vpxor %xmm12,%xmm11,%xmm11
|
||||
vpclmulqdq $0x10,%xmm15,%xmm1,%xmm1
|
||||
vmovdqu 128-32(%r9),%xmm15
|
||||
vpxor %xmm9,%xmm1,%xmm1
|
||||
|
||||
vxorps %xmm7,%xmm14,%xmm14
|
||||
vpclmulqdq $0x10,16(%r11),%xmm8,%xmm8
|
||||
vxorps %xmm14,%xmm8,%xmm8
|
||||
|
||||
vpclmulqdq $0x00,%xmm3,%xmm10,%xmm4
|
||||
vmovdqu 112-32(%r9),%xmm0
|
||||
vpxor %xmm5,%xmm4,%xmm4
|
||||
vpunpckhqdq %xmm8,%xmm8,%xmm9
|
||||
vpclmulqdq $0x11,%xmm3,%xmm10,%xmm10
|
||||
vpxor %xmm8,%xmm9,%xmm9
|
||||
vpxor %xmm11,%xmm10,%xmm10
|
||||
vpclmulqdq $0x00,%xmm15,%xmm2,%xmm2
|
||||
vpxor %xmm1,%xmm2,%xmm2
|
||||
|
||||
vpclmulqdq $0x00,%xmm0,%xmm8,%xmm5
|
||||
vpclmulqdq $0x11,%xmm0,%xmm8,%xmm7
|
||||
vpxor %xmm4,%xmm5,%xmm5
|
||||
vpclmulqdq $0x10,%xmm15,%xmm9,%xmm6
|
||||
vpxor %xmm10,%xmm7,%xmm7
|
||||
vpxor %xmm2,%xmm6,%xmm6
|
||||
|
||||
vpxor %xmm5,%xmm7,%xmm4
|
||||
vpxor %xmm4,%xmm6,%xmm6
|
||||
vpslldq $8,%xmm6,%xmm1
|
||||
vmovdqu 16(%r11),%xmm3
|
||||
vpsrldq $8,%xmm6,%xmm6
|
||||
vpxor %xmm1,%xmm5,%xmm8
|
||||
vpxor %xmm6,%xmm7,%xmm7
|
||||
|
||||
vpalignr $8,%xmm8,%xmm8,%xmm2
|
||||
vpclmulqdq $0x10,%xmm3,%xmm8,%xmm8
|
||||
vpxor %xmm2,%xmm8,%xmm8
|
||||
|
||||
vpalignr $8,%xmm8,%xmm8,%xmm2
|
||||
vpclmulqdq $0x10,%xmm3,%xmm8,%xmm8
|
||||
vpxor %xmm7,%xmm2,%xmm2
|
||||
vpxor %xmm2,%xmm8,%xmm8
|
||||
vpshufb (%r11),%xmm8,%xmm8
|
||||
vmovdqu %xmm8,-64(%r9)
|
||||
|
||||
vzeroupper
|
||||
movq -48(%rax),%r15
|
||||
|
||||
movq -40(%rax),%r14
|
||||
|
||||
movq -32(%rax),%r13
|
||||
|
||||
movq -24(%rax),%r12
|
||||
|
||||
movq -16(%rax),%rbp
|
||||
|
||||
movq -8(%rax),%rbx
|
||||
|
||||
leaq (%rax),%rsp
|
||||
|
||||
L$gcm_enc_abort:
|
||||
movq %r10,%rax
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
.p2align 6
|
||||
L$bswap_mask:
|
||||
.byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
|
||||
L$poly:
|
||||
.byte 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0xc2
|
||||
L$one_msb:
|
||||
.byte 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1
|
||||
L$two_lsb:
|
||||
.byte 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
|
||||
L$one_lsb:
|
||||
.byte 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
|
||||
.byte 65,69,83,45,78,73,32,71,67,77,32,109,111,100,117,108,101,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
|
||||
.p2align 6
|
||||
#endif
|
||||
2503
third-party/boringssl/mac-x86_64/crypto/fipsmodule/aesni-x86_64.S
vendored
Normal file
2503
third-party/boringssl/mac-x86_64/crypto/fipsmodule/aesni-x86_64.S
vendored
Normal file
File diff suppressed because it is too large
Load diff
426
third-party/boringssl/mac-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.S
vendored
Normal file
426
third-party/boringssl/mac-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.S
vendored
Normal file
|
|
@ -0,0 +1,426 @@
|
|||
# This file is generated from a similarly-named Perl script in the BoringSSL
|
||||
# source tree. Do not edit by hand.
|
||||
|
||||
#if defined(__has_feature)
|
||||
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
|
||||
#define OPENSSL_NO_ASM
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(__x86_64__) && !defined(OPENSSL_NO_ASM)
|
||||
#if defined(BORINGSSL_PREFIX)
|
||||
#include <boringssl_prefix_symbols_asm.h>
|
||||
#endif
|
||||
.text
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
.globl _gcm_gmult_ssse3
|
||||
.private_extern _gcm_gmult_ssse3
|
||||
.p2align 4
|
||||
_gcm_gmult_ssse3:
|
||||
|
||||
L$gmult_seh_begin:
|
||||
movdqu (%rdi),%xmm0
|
||||
movdqa L$reverse_bytes(%rip),%xmm10
|
||||
movdqa L$low4_mask(%rip),%xmm2
|
||||
|
||||
|
||||
.byte 102,65,15,56,0,194
|
||||
|
||||
|
||||
movdqa %xmm2,%xmm1
|
||||
pandn %xmm0,%xmm1
|
||||
psrld $4,%xmm1
|
||||
pand %xmm2,%xmm0
|
||||
|
||||
|
||||
|
||||
|
||||
pxor %xmm2,%xmm2
|
||||
pxor %xmm3,%xmm3
|
||||
movq $5,%rax
|
||||
L$oop_row_1:
|
||||
movdqa (%rsi),%xmm4
|
||||
leaq 16(%rsi),%rsi
|
||||
|
||||
|
||||
movdqa %xmm2,%xmm6
|
||||
.byte 102,15,58,15,243,1
|
||||
movdqa %xmm6,%xmm3
|
||||
psrldq $1,%xmm2
|
||||
|
||||
|
||||
|
||||
|
||||
movdqa %xmm4,%xmm5
|
||||
.byte 102,15,56,0,224
|
||||
.byte 102,15,56,0,233
|
||||
|
||||
|
||||
pxor %xmm5,%xmm2
|
||||
|
||||
|
||||
|
||||
movdqa %xmm4,%xmm5
|
||||
psllq $60,%xmm5
|
||||
movdqa %xmm5,%xmm6
|
||||
pslldq $8,%xmm6
|
||||
pxor %xmm6,%xmm3
|
||||
|
||||
|
||||
psrldq $8,%xmm5
|
||||
pxor %xmm5,%xmm2
|
||||
psrlq $4,%xmm4
|
||||
pxor %xmm4,%xmm2
|
||||
|
||||
subq $1,%rax
|
||||
jnz L$oop_row_1
|
||||
|
||||
|
||||
|
||||
pxor %xmm3,%xmm2
|
||||
psrlq $1,%xmm3
|
||||
pxor %xmm3,%xmm2
|
||||
psrlq $1,%xmm3
|
||||
pxor %xmm3,%xmm2
|
||||
psrlq $5,%xmm3
|
||||
pxor %xmm3,%xmm2
|
||||
pxor %xmm3,%xmm3
|
||||
movq $5,%rax
|
||||
L$oop_row_2:
|
||||
movdqa (%rsi),%xmm4
|
||||
leaq 16(%rsi),%rsi
|
||||
|
||||
|
||||
movdqa %xmm2,%xmm6
|
||||
.byte 102,15,58,15,243,1
|
||||
movdqa %xmm6,%xmm3
|
||||
psrldq $1,%xmm2
|
||||
|
||||
|
||||
|
||||
|
||||
movdqa %xmm4,%xmm5
|
||||
.byte 102,15,56,0,224
|
||||
.byte 102,15,56,0,233
|
||||
|
||||
|
||||
pxor %xmm5,%xmm2
|
||||
|
||||
|
||||
|
||||
movdqa %xmm4,%xmm5
|
||||
psllq $60,%xmm5
|
||||
movdqa %xmm5,%xmm6
|
||||
pslldq $8,%xmm6
|
||||
pxor %xmm6,%xmm3
|
||||
|
||||
|
||||
psrldq $8,%xmm5
|
||||
pxor %xmm5,%xmm2
|
||||
psrlq $4,%xmm4
|
||||
pxor %xmm4,%xmm2
|
||||
|
||||
subq $1,%rax
|
||||
jnz L$oop_row_2
|
||||
|
||||
|
||||
|
||||
pxor %xmm3,%xmm2
|
||||
psrlq $1,%xmm3
|
||||
pxor %xmm3,%xmm2
|
||||
psrlq $1,%xmm3
|
||||
pxor %xmm3,%xmm2
|
||||
psrlq $5,%xmm3
|
||||
pxor %xmm3,%xmm2
|
||||
pxor %xmm3,%xmm3
|
||||
movq $6,%rax
|
||||
L$oop_row_3:
|
||||
movdqa (%rsi),%xmm4
|
||||
leaq 16(%rsi),%rsi
|
||||
|
||||
|
||||
movdqa %xmm2,%xmm6
|
||||
.byte 102,15,58,15,243,1
|
||||
movdqa %xmm6,%xmm3
|
||||
psrldq $1,%xmm2
|
||||
|
||||
|
||||
|
||||
|
||||
movdqa %xmm4,%xmm5
|
||||
.byte 102,15,56,0,224
|
||||
.byte 102,15,56,0,233
|
||||
|
||||
|
||||
pxor %xmm5,%xmm2
|
||||
|
||||
|
||||
|
||||
movdqa %xmm4,%xmm5
|
||||
psllq $60,%xmm5
|
||||
movdqa %xmm5,%xmm6
|
||||
pslldq $8,%xmm6
|
||||
pxor %xmm6,%xmm3
|
||||
|
||||
|
||||
psrldq $8,%xmm5
|
||||
pxor %xmm5,%xmm2
|
||||
psrlq $4,%xmm4
|
||||
pxor %xmm4,%xmm2
|
||||
|
||||
subq $1,%rax
|
||||
jnz L$oop_row_3
|
||||
|
||||
|
||||
|
||||
pxor %xmm3,%xmm2
|
||||
psrlq $1,%xmm3
|
||||
pxor %xmm3,%xmm2
|
||||
psrlq $1,%xmm3
|
||||
pxor %xmm3,%xmm2
|
||||
psrlq $5,%xmm3
|
||||
pxor %xmm3,%xmm2
|
||||
pxor %xmm3,%xmm3
|
||||
|
||||
.byte 102,65,15,56,0,210
|
||||
movdqu %xmm2,(%rdi)
|
||||
|
||||
|
||||
pxor %xmm0,%xmm0
|
||||
pxor %xmm1,%xmm1
|
||||
pxor %xmm2,%xmm2
|
||||
pxor %xmm3,%xmm3
|
||||
pxor %xmm4,%xmm4
|
||||
pxor %xmm5,%xmm5
|
||||
pxor %xmm6,%xmm6
|
||||
.byte 0xf3,0xc3
|
||||
L$gmult_seh_end:
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
.globl _gcm_ghash_ssse3
|
||||
.private_extern _gcm_ghash_ssse3
|
||||
.p2align 4
|
||||
_gcm_ghash_ssse3:
|
||||
L$ghash_seh_begin:
|
||||
|
||||
movdqu (%rdi),%xmm0
|
||||
movdqa L$reverse_bytes(%rip),%xmm10
|
||||
movdqa L$low4_mask(%rip),%xmm11
|
||||
|
||||
|
||||
andq $-16,%rcx
|
||||
|
||||
|
||||
|
||||
.byte 102,65,15,56,0,194
|
||||
|
||||
|
||||
pxor %xmm3,%xmm3
|
||||
L$oop_ghash:
|
||||
|
||||
movdqu (%rdx),%xmm1
|
||||
.byte 102,65,15,56,0,202
|
||||
pxor %xmm1,%xmm0
|
||||
|
||||
|
||||
movdqa %xmm11,%xmm1
|
||||
pandn %xmm0,%xmm1
|
||||
psrld $4,%xmm1
|
||||
pand %xmm11,%xmm0
|
||||
|
||||
|
||||
|
||||
|
||||
pxor %xmm2,%xmm2
|
||||
|
||||
movq $5,%rax
|
||||
L$oop_row_4:
|
||||
movdqa (%rsi),%xmm4
|
||||
leaq 16(%rsi),%rsi
|
||||
|
||||
|
||||
movdqa %xmm2,%xmm6
|
||||
.byte 102,15,58,15,243,1
|
||||
movdqa %xmm6,%xmm3
|
||||
psrldq $1,%xmm2
|
||||
|
||||
|
||||
|
||||
|
||||
movdqa %xmm4,%xmm5
|
||||
.byte 102,15,56,0,224
|
||||
.byte 102,15,56,0,233
|
||||
|
||||
|
||||
pxor %xmm5,%xmm2
|
||||
|
||||
|
||||
|
||||
movdqa %xmm4,%xmm5
|
||||
psllq $60,%xmm5
|
||||
movdqa %xmm5,%xmm6
|
||||
pslldq $8,%xmm6
|
||||
pxor %xmm6,%xmm3
|
||||
|
||||
|
||||
psrldq $8,%xmm5
|
||||
pxor %xmm5,%xmm2
|
||||
psrlq $4,%xmm4
|
||||
pxor %xmm4,%xmm2
|
||||
|
||||
subq $1,%rax
|
||||
jnz L$oop_row_4
|
||||
|
||||
|
||||
|
||||
pxor %xmm3,%xmm2
|
||||
psrlq $1,%xmm3
|
||||
pxor %xmm3,%xmm2
|
||||
psrlq $1,%xmm3
|
||||
pxor %xmm3,%xmm2
|
||||
psrlq $5,%xmm3
|
||||
pxor %xmm3,%xmm2
|
||||
pxor %xmm3,%xmm3
|
||||
movq $5,%rax
|
||||
L$oop_row_5:
|
||||
movdqa (%rsi),%xmm4
|
||||
leaq 16(%rsi),%rsi
|
||||
|
||||
|
||||
movdqa %xmm2,%xmm6
|
||||
.byte 102,15,58,15,243,1
|
||||
movdqa %xmm6,%xmm3
|
||||
psrldq $1,%xmm2
|
||||
|
||||
|
||||
|
||||
|
||||
movdqa %xmm4,%xmm5
|
||||
.byte 102,15,56,0,224
|
||||
.byte 102,15,56,0,233
|
||||
|
||||
|
||||
pxor %xmm5,%xmm2
|
||||
|
||||
|
||||
|
||||
movdqa %xmm4,%xmm5
|
||||
psllq $60,%xmm5
|
||||
movdqa %xmm5,%xmm6
|
||||
pslldq $8,%xmm6
|
||||
pxor %xmm6,%xmm3
|
||||
|
||||
|
||||
psrldq $8,%xmm5
|
||||
pxor %xmm5,%xmm2
|
||||
psrlq $4,%xmm4
|
||||
pxor %xmm4,%xmm2
|
||||
|
||||
subq $1,%rax
|
||||
jnz L$oop_row_5
|
||||
|
||||
|
||||
|
||||
pxor %xmm3,%xmm2
|
||||
psrlq $1,%xmm3
|
||||
pxor %xmm3,%xmm2
|
||||
psrlq $1,%xmm3
|
||||
pxor %xmm3,%xmm2
|
||||
psrlq $5,%xmm3
|
||||
pxor %xmm3,%xmm2
|
||||
pxor %xmm3,%xmm3
|
||||
movq $6,%rax
|
||||
L$oop_row_6:
|
||||
movdqa (%rsi),%xmm4
|
||||
leaq 16(%rsi),%rsi
|
||||
|
||||
|
||||
movdqa %xmm2,%xmm6
|
||||
.byte 102,15,58,15,243,1
|
||||
movdqa %xmm6,%xmm3
|
||||
psrldq $1,%xmm2
|
||||
|
||||
|
||||
|
||||
|
||||
movdqa %xmm4,%xmm5
|
||||
.byte 102,15,56,0,224
|
||||
.byte 102,15,56,0,233
|
||||
|
||||
|
||||
pxor %xmm5,%xmm2
|
||||
|
||||
|
||||
|
||||
movdqa %xmm4,%xmm5
|
||||
psllq $60,%xmm5
|
||||
movdqa %xmm5,%xmm6
|
||||
pslldq $8,%xmm6
|
||||
pxor %xmm6,%xmm3
|
||||
|
||||
|
||||
psrldq $8,%xmm5
|
||||
pxor %xmm5,%xmm2
|
||||
psrlq $4,%xmm4
|
||||
pxor %xmm4,%xmm2
|
||||
|
||||
subq $1,%rax
|
||||
jnz L$oop_row_6
|
||||
|
||||
|
||||
|
||||
pxor %xmm3,%xmm2
|
||||
psrlq $1,%xmm3
|
||||
pxor %xmm3,%xmm2
|
||||
psrlq $1,%xmm3
|
||||
pxor %xmm3,%xmm2
|
||||
psrlq $5,%xmm3
|
||||
pxor %xmm3,%xmm2
|
||||
pxor %xmm3,%xmm3
|
||||
movdqa %xmm2,%xmm0
|
||||
|
||||
|
||||
leaq -256(%rsi),%rsi
|
||||
|
||||
|
||||
leaq 16(%rdx),%rdx
|
||||
subq $16,%rcx
|
||||
jnz L$oop_ghash
|
||||
|
||||
|
||||
.byte 102,65,15,56,0,194
|
||||
movdqu %xmm0,(%rdi)
|
||||
|
||||
|
||||
pxor %xmm0,%xmm0
|
||||
pxor %xmm1,%xmm1
|
||||
pxor %xmm2,%xmm2
|
||||
pxor %xmm3,%xmm3
|
||||
pxor %xmm4,%xmm4
|
||||
pxor %xmm5,%xmm5
|
||||
pxor %xmm6,%xmm6
|
||||
.byte 0xf3,0xc3
|
||||
L$ghash_seh_end:
|
||||
|
||||
|
||||
|
||||
.p2align 4
|
||||
|
||||
|
||||
L$reverse_bytes:
|
||||
.byte 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0
|
||||
|
||||
L$low4_mask:
|
||||
.quad 0x0f0f0f0f0f0f0f0f, 0x0f0f0f0f0f0f0f0f
|
||||
#endif
|
||||
1127
third-party/boringssl/mac-x86_64/crypto/fipsmodule/ghash-x86_64.S
vendored
Normal file
1127
third-party/boringssl/mac-x86_64/crypto/fipsmodule/ghash-x86_64.S
vendored
Normal file
File diff suppressed because it is too large
Load diff
696
third-party/boringssl/mac-x86_64/crypto/fipsmodule/md5-x86_64.S
vendored
Normal file
696
third-party/boringssl/mac-x86_64/crypto/fipsmodule/md5-x86_64.S
vendored
Normal file
|
|
@ -0,0 +1,696 @@
|
|||
# This file is generated from a similarly-named Perl script in the BoringSSL
|
||||
# source tree. Do not edit by hand.
|
||||
|
||||
#if defined(__has_feature)
|
||||
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
|
||||
#define OPENSSL_NO_ASM
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(__x86_64__) && !defined(OPENSSL_NO_ASM)
|
||||
#if defined(BORINGSSL_PREFIX)
|
||||
#include <boringssl_prefix_symbols_asm.h>
|
||||
#endif
|
||||
.text
|
||||
.p2align 4
|
||||
|
||||
.globl _md5_block_asm_data_order
|
||||
.private_extern _md5_block_asm_data_order
|
||||
|
||||
_md5_block_asm_data_order:
|
||||
|
||||
pushq %rbp
|
||||
|
||||
pushq %rbx
|
||||
|
||||
pushq %r12
|
||||
|
||||
pushq %r14
|
||||
|
||||
pushq %r15
|
||||
|
||||
L$prologue:
|
||||
|
||||
|
||||
|
||||
|
||||
movq %rdi,%rbp
|
||||
shlq $6,%rdx
|
||||
leaq (%rsi,%rdx,1),%rdi
|
||||
movl 0(%rbp),%eax
|
||||
movl 4(%rbp),%ebx
|
||||
movl 8(%rbp),%ecx
|
||||
movl 12(%rbp),%edx
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
cmpq %rdi,%rsi
|
||||
je L$end
|
||||
|
||||
|
||||
L$loop:
|
||||
movl %eax,%r8d
|
||||
movl %ebx,%r9d
|
||||
movl %ecx,%r14d
|
||||
movl %edx,%r15d
|
||||
movl 0(%rsi),%r10d
|
||||
movl %edx,%r11d
|
||||
xorl %ecx,%r11d
|
||||
leal -680876936(%rax,%r10,1),%eax
|
||||
andl %ebx,%r11d
|
||||
xorl %edx,%r11d
|
||||
movl 4(%rsi),%r10d
|
||||
addl %r11d,%eax
|
||||
roll $7,%eax
|
||||
movl %ecx,%r11d
|
||||
addl %ebx,%eax
|
||||
xorl %ebx,%r11d
|
||||
leal -389564586(%rdx,%r10,1),%edx
|
||||
andl %eax,%r11d
|
||||
xorl %ecx,%r11d
|
||||
movl 8(%rsi),%r10d
|
||||
addl %r11d,%edx
|
||||
roll $12,%edx
|
||||
movl %ebx,%r11d
|
||||
addl %eax,%edx
|
||||
xorl %eax,%r11d
|
||||
leal 606105819(%rcx,%r10,1),%ecx
|
||||
andl %edx,%r11d
|
||||
xorl %ebx,%r11d
|
||||
movl 12(%rsi),%r10d
|
||||
addl %r11d,%ecx
|
||||
roll $17,%ecx
|
||||
movl %eax,%r11d
|
||||
addl %edx,%ecx
|
||||
xorl %edx,%r11d
|
||||
leal -1044525330(%rbx,%r10,1),%ebx
|
||||
andl %ecx,%r11d
|
||||
xorl %eax,%r11d
|
||||
movl 16(%rsi),%r10d
|
||||
addl %r11d,%ebx
|
||||
roll $22,%ebx
|
||||
movl %edx,%r11d
|
||||
addl %ecx,%ebx
|
||||
xorl %ecx,%r11d
|
||||
leal -176418897(%rax,%r10,1),%eax
|
||||
andl %ebx,%r11d
|
||||
xorl %edx,%r11d
|
||||
movl 20(%rsi),%r10d
|
||||
addl %r11d,%eax
|
||||
roll $7,%eax
|
||||
movl %ecx,%r11d
|
||||
addl %ebx,%eax
|
||||
xorl %ebx,%r11d
|
||||
leal 1200080426(%rdx,%r10,1),%edx
|
||||
andl %eax,%r11d
|
||||
xorl %ecx,%r11d
|
||||
movl 24(%rsi),%r10d
|
||||
addl %r11d,%edx
|
||||
roll $12,%edx
|
||||
movl %ebx,%r11d
|
||||
addl %eax,%edx
|
||||
xorl %eax,%r11d
|
||||
leal -1473231341(%rcx,%r10,1),%ecx
|
||||
andl %edx,%r11d
|
||||
xorl %ebx,%r11d
|
||||
movl 28(%rsi),%r10d
|
||||
addl %r11d,%ecx
|
||||
roll $17,%ecx
|
||||
movl %eax,%r11d
|
||||
addl %edx,%ecx
|
||||
xorl %edx,%r11d
|
||||
leal -45705983(%rbx,%r10,1),%ebx
|
||||
andl %ecx,%r11d
|
||||
xorl %eax,%r11d
|
||||
movl 32(%rsi),%r10d
|
||||
addl %r11d,%ebx
|
||||
roll $22,%ebx
|
||||
movl %edx,%r11d
|
||||
addl %ecx,%ebx
|
||||
xorl %ecx,%r11d
|
||||
leal 1770035416(%rax,%r10,1),%eax
|
||||
andl %ebx,%r11d
|
||||
xorl %edx,%r11d
|
||||
movl 36(%rsi),%r10d
|
||||
addl %r11d,%eax
|
||||
roll $7,%eax
|
||||
movl %ecx,%r11d
|
||||
addl %ebx,%eax
|
||||
xorl %ebx,%r11d
|
||||
leal -1958414417(%rdx,%r10,1),%edx
|
||||
andl %eax,%r11d
|
||||
xorl %ecx,%r11d
|
||||
movl 40(%rsi),%r10d
|
||||
addl %r11d,%edx
|
||||
roll $12,%edx
|
||||
movl %ebx,%r11d
|
||||
addl %eax,%edx
|
||||
xorl %eax,%r11d
|
||||
leal -42063(%rcx,%r10,1),%ecx
|
||||
andl %edx,%r11d
|
||||
xorl %ebx,%r11d
|
||||
movl 44(%rsi),%r10d
|
||||
addl %r11d,%ecx
|
||||
roll $17,%ecx
|
||||
movl %eax,%r11d
|
||||
addl %edx,%ecx
|
||||
xorl %edx,%r11d
|
||||
leal -1990404162(%rbx,%r10,1),%ebx
|
||||
andl %ecx,%r11d
|
||||
xorl %eax,%r11d
|
||||
movl 48(%rsi),%r10d
|
||||
addl %r11d,%ebx
|
||||
roll $22,%ebx
|
||||
movl %edx,%r11d
|
||||
addl %ecx,%ebx
|
||||
xorl %ecx,%r11d
|
||||
leal 1804603682(%rax,%r10,1),%eax
|
||||
andl %ebx,%r11d
|
||||
xorl %edx,%r11d
|
||||
movl 52(%rsi),%r10d
|
||||
addl %r11d,%eax
|
||||
roll $7,%eax
|
||||
movl %ecx,%r11d
|
||||
addl %ebx,%eax
|
||||
xorl %ebx,%r11d
|
||||
leal -40341101(%rdx,%r10,1),%edx
|
||||
andl %eax,%r11d
|
||||
xorl %ecx,%r11d
|
||||
movl 56(%rsi),%r10d
|
||||
addl %r11d,%edx
|
||||
roll $12,%edx
|
||||
movl %ebx,%r11d
|
||||
addl %eax,%edx
|
||||
xorl %eax,%r11d
|
||||
leal -1502002290(%rcx,%r10,1),%ecx
|
||||
andl %edx,%r11d
|
||||
xorl %ebx,%r11d
|
||||
movl 60(%rsi),%r10d
|
||||
addl %r11d,%ecx
|
||||
roll $17,%ecx
|
||||
movl %eax,%r11d
|
||||
addl %edx,%ecx
|
||||
xorl %edx,%r11d
|
||||
leal 1236535329(%rbx,%r10,1),%ebx
|
||||
andl %ecx,%r11d
|
||||
xorl %eax,%r11d
|
||||
movl 0(%rsi),%r10d
|
||||
addl %r11d,%ebx
|
||||
roll $22,%ebx
|
||||
movl %edx,%r11d
|
||||
addl %ecx,%ebx
|
||||
movl 4(%rsi),%r10d
|
||||
movl %edx,%r11d
|
||||
movl %edx,%r12d
|
||||
notl %r11d
|
||||
leal -165796510(%rax,%r10,1),%eax
|
||||
andl %ebx,%r12d
|
||||
andl %ecx,%r11d
|
||||
movl 24(%rsi),%r10d
|
||||
orl %r11d,%r12d
|
||||
movl %ecx,%r11d
|
||||
addl %r12d,%eax
|
||||
movl %ecx,%r12d
|
||||
roll $5,%eax
|
||||
addl %ebx,%eax
|
||||
notl %r11d
|
||||
leal -1069501632(%rdx,%r10,1),%edx
|
||||
andl %eax,%r12d
|
||||
andl %ebx,%r11d
|
||||
movl 44(%rsi),%r10d
|
||||
orl %r11d,%r12d
|
||||
movl %ebx,%r11d
|
||||
addl %r12d,%edx
|
||||
movl %ebx,%r12d
|
||||
roll $9,%edx
|
||||
addl %eax,%edx
|
||||
notl %r11d
|
||||
leal 643717713(%rcx,%r10,1),%ecx
|
||||
andl %edx,%r12d
|
||||
andl %eax,%r11d
|
||||
movl 0(%rsi),%r10d
|
||||
orl %r11d,%r12d
|
||||
movl %eax,%r11d
|
||||
addl %r12d,%ecx
|
||||
movl %eax,%r12d
|
||||
roll $14,%ecx
|
||||
addl %edx,%ecx
|
||||
notl %r11d
|
||||
leal -373897302(%rbx,%r10,1),%ebx
|
||||
andl %ecx,%r12d
|
||||
andl %edx,%r11d
|
||||
movl 20(%rsi),%r10d
|
||||
orl %r11d,%r12d
|
||||
movl %edx,%r11d
|
||||
addl %r12d,%ebx
|
||||
movl %edx,%r12d
|
||||
roll $20,%ebx
|
||||
addl %ecx,%ebx
|
||||
notl %r11d
|
||||
leal -701558691(%rax,%r10,1),%eax
|
||||
andl %ebx,%r12d
|
||||
andl %ecx,%r11d
|
||||
movl 40(%rsi),%r10d
|
||||
orl %r11d,%r12d
|
||||
movl %ecx,%r11d
|
||||
addl %r12d,%eax
|
||||
movl %ecx,%r12d
|
||||
roll $5,%eax
|
||||
addl %ebx,%eax
|
||||
notl %r11d
|
||||
leal 38016083(%rdx,%r10,1),%edx
|
||||
andl %eax,%r12d
|
||||
andl %ebx,%r11d
|
||||
movl 60(%rsi),%r10d
|
||||
orl %r11d,%r12d
|
||||
movl %ebx,%r11d
|
||||
addl %r12d,%edx
|
||||
movl %ebx,%r12d
|
||||
roll $9,%edx
|
||||
addl %eax,%edx
|
||||
notl %r11d
|
||||
leal -660478335(%rcx,%r10,1),%ecx
|
||||
andl %edx,%r12d
|
||||
andl %eax,%r11d
|
||||
movl 16(%rsi),%r10d
|
||||
orl %r11d,%r12d
|
||||
movl %eax,%r11d
|
||||
addl %r12d,%ecx
|
||||
movl %eax,%r12d
|
||||
roll $14,%ecx
|
||||
addl %edx,%ecx
|
||||
notl %r11d
|
||||
leal -405537848(%rbx,%r10,1),%ebx
|
||||
andl %ecx,%r12d
|
||||
andl %edx,%r11d
|
||||
movl 36(%rsi),%r10d
|
||||
orl %r11d,%r12d
|
||||
movl %edx,%r11d
|
||||
addl %r12d,%ebx
|
||||
movl %edx,%r12d
|
||||
roll $20,%ebx
|
||||
addl %ecx,%ebx
|
||||
notl %r11d
|
||||
leal 568446438(%rax,%r10,1),%eax
|
||||
andl %ebx,%r12d
|
||||
andl %ecx,%r11d
|
||||
movl 56(%rsi),%r10d
|
||||
orl %r11d,%r12d
|
||||
movl %ecx,%r11d
|
||||
addl %r12d,%eax
|
||||
movl %ecx,%r12d
|
||||
roll $5,%eax
|
||||
addl %ebx,%eax
|
||||
notl %r11d
|
||||
leal -1019803690(%rdx,%r10,1),%edx
|
||||
andl %eax,%r12d
|
||||
andl %ebx,%r11d
|
||||
movl 12(%rsi),%r10d
|
||||
orl %r11d,%r12d
|
||||
movl %ebx,%r11d
|
||||
addl %r12d,%edx
|
||||
movl %ebx,%r12d
|
||||
roll $9,%edx
|
||||
addl %eax,%edx
|
||||
notl %r11d
|
||||
leal -187363961(%rcx,%r10,1),%ecx
|
||||
andl %edx,%r12d
|
||||
andl %eax,%r11d
|
||||
movl 32(%rsi),%r10d
|
||||
orl %r11d,%r12d
|
||||
movl %eax,%r11d
|
||||
addl %r12d,%ecx
|
||||
movl %eax,%r12d
|
||||
roll $14,%ecx
|
||||
addl %edx,%ecx
|
||||
notl %r11d
|
||||
leal 1163531501(%rbx,%r10,1),%ebx
|
||||
andl %ecx,%r12d
|
||||
andl %edx,%r11d
|
||||
movl 52(%rsi),%r10d
|
||||
orl %r11d,%r12d
|
||||
movl %edx,%r11d
|
||||
addl %r12d,%ebx
|
||||
movl %edx,%r12d
|
||||
roll $20,%ebx
|
||||
addl %ecx,%ebx
|
||||
notl %r11d
|
||||
leal -1444681467(%rax,%r10,1),%eax
|
||||
andl %ebx,%r12d
|
||||
andl %ecx,%r11d
|
||||
movl 8(%rsi),%r10d
|
||||
orl %r11d,%r12d
|
||||
movl %ecx,%r11d
|
||||
addl %r12d,%eax
|
||||
movl %ecx,%r12d
|
||||
roll $5,%eax
|
||||
addl %ebx,%eax
|
||||
notl %r11d
|
||||
leal -51403784(%rdx,%r10,1),%edx
|
||||
andl %eax,%r12d
|
||||
andl %ebx,%r11d
|
||||
movl 28(%rsi),%r10d
|
||||
orl %r11d,%r12d
|
||||
movl %ebx,%r11d
|
||||
addl %r12d,%edx
|
||||
movl %ebx,%r12d
|
||||
roll $9,%edx
|
||||
addl %eax,%edx
|
||||
notl %r11d
|
||||
leal 1735328473(%rcx,%r10,1),%ecx
|
||||
andl %edx,%r12d
|
||||
andl %eax,%r11d
|
||||
movl 48(%rsi),%r10d
|
||||
orl %r11d,%r12d
|
||||
movl %eax,%r11d
|
||||
addl %r12d,%ecx
|
||||
movl %eax,%r12d
|
||||
roll $14,%ecx
|
||||
addl %edx,%ecx
|
||||
notl %r11d
|
||||
leal -1926607734(%rbx,%r10,1),%ebx
|
||||
andl %ecx,%r12d
|
||||
andl %edx,%r11d
|
||||
movl 0(%rsi),%r10d
|
||||
orl %r11d,%r12d
|
||||
movl %edx,%r11d
|
||||
addl %r12d,%ebx
|
||||
movl %edx,%r12d
|
||||
roll $20,%ebx
|
||||
addl %ecx,%ebx
|
||||
movl 20(%rsi),%r10d
|
||||
movl %ecx,%r11d
|
||||
leal -378558(%rax,%r10,1),%eax
|
||||
movl 32(%rsi),%r10d
|
||||
xorl %edx,%r11d
|
||||
xorl %ebx,%r11d
|
||||
addl %r11d,%eax
|
||||
roll $4,%eax
|
||||
movl %ebx,%r11d
|
||||
addl %ebx,%eax
|
||||
leal -2022574463(%rdx,%r10,1),%edx
|
||||
movl 44(%rsi),%r10d
|
||||
xorl %ecx,%r11d
|
||||
xorl %eax,%r11d
|
||||
addl %r11d,%edx
|
||||
roll $11,%edx
|
||||
movl %eax,%r11d
|
||||
addl %eax,%edx
|
||||
leal 1839030562(%rcx,%r10,1),%ecx
|
||||
movl 56(%rsi),%r10d
|
||||
xorl %ebx,%r11d
|
||||
xorl %edx,%r11d
|
||||
addl %r11d,%ecx
|
||||
roll $16,%ecx
|
||||
movl %edx,%r11d
|
||||
addl %edx,%ecx
|
||||
leal -35309556(%rbx,%r10,1),%ebx
|
||||
movl 4(%rsi),%r10d
|
||||
xorl %eax,%r11d
|
||||
xorl %ecx,%r11d
|
||||
addl %r11d,%ebx
|
||||
roll $23,%ebx
|
||||
movl %ecx,%r11d
|
||||
addl %ecx,%ebx
|
||||
leal -1530992060(%rax,%r10,1),%eax
|
||||
movl 16(%rsi),%r10d
|
||||
xorl %edx,%r11d
|
||||
xorl %ebx,%r11d
|
||||
addl %r11d,%eax
|
||||
roll $4,%eax
|
||||
movl %ebx,%r11d
|
||||
addl %ebx,%eax
|
||||
leal 1272893353(%rdx,%r10,1),%edx
|
||||
movl 28(%rsi),%r10d
|
||||
xorl %ecx,%r11d
|
||||
xorl %eax,%r11d
|
||||
addl %r11d,%edx
|
||||
roll $11,%edx
|
||||
movl %eax,%r11d
|
||||
addl %eax,%edx
|
||||
leal -155497632(%rcx,%r10,1),%ecx
|
||||
movl 40(%rsi),%r10d
|
||||
xorl %ebx,%r11d
|
||||
xorl %edx,%r11d
|
||||
addl %r11d,%ecx
|
||||
roll $16,%ecx
|
||||
movl %edx,%r11d
|
||||
addl %edx,%ecx
|
||||
leal -1094730640(%rbx,%r10,1),%ebx
|
||||
movl 52(%rsi),%r10d
|
||||
xorl %eax,%r11d
|
||||
xorl %ecx,%r11d
|
||||
addl %r11d,%ebx
|
||||
roll $23,%ebx
|
||||
movl %ecx,%r11d
|
||||
addl %ecx,%ebx
|
||||
leal 681279174(%rax,%r10,1),%eax
|
||||
movl 0(%rsi),%r10d
|
||||
xorl %edx,%r11d
|
||||
xorl %ebx,%r11d
|
||||
addl %r11d,%eax
|
||||
roll $4,%eax
|
||||
movl %ebx,%r11d
|
||||
addl %ebx,%eax
|
||||
leal -358537222(%rdx,%r10,1),%edx
|
||||
movl 12(%rsi),%r10d
|
||||
xorl %ecx,%r11d
|
||||
xorl %eax,%r11d
|
||||
addl %r11d,%edx
|
||||
roll $11,%edx
|
||||
movl %eax,%r11d
|
||||
addl %eax,%edx
|
||||
leal -722521979(%rcx,%r10,1),%ecx
|
||||
movl 24(%rsi),%r10d
|
||||
xorl %ebx,%r11d
|
||||
xorl %edx,%r11d
|
||||
addl %r11d,%ecx
|
||||
roll $16,%ecx
|
||||
movl %edx,%r11d
|
||||
addl %edx,%ecx
|
||||
leal 76029189(%rbx,%r10,1),%ebx
|
||||
movl 36(%rsi),%r10d
|
||||
xorl %eax,%r11d
|
||||
xorl %ecx,%r11d
|
||||
addl %r11d,%ebx
|
||||
roll $23,%ebx
|
||||
movl %ecx,%r11d
|
||||
addl %ecx,%ebx
|
||||
leal -640364487(%rax,%r10,1),%eax
|
||||
movl 48(%rsi),%r10d
|
||||
xorl %edx,%r11d
|
||||
xorl %ebx,%r11d
|
||||
addl %r11d,%eax
|
||||
roll $4,%eax
|
||||
movl %ebx,%r11d
|
||||
addl %ebx,%eax
|
||||
leal -421815835(%rdx,%r10,1),%edx
|
||||
movl 60(%rsi),%r10d
|
||||
xorl %ecx,%r11d
|
||||
xorl %eax,%r11d
|
||||
addl %r11d,%edx
|
||||
roll $11,%edx
|
||||
movl %eax,%r11d
|
||||
addl %eax,%edx
|
||||
leal 530742520(%rcx,%r10,1),%ecx
|
||||
movl 8(%rsi),%r10d
|
||||
xorl %ebx,%r11d
|
||||
xorl %edx,%r11d
|
||||
addl %r11d,%ecx
|
||||
roll $16,%ecx
|
||||
movl %edx,%r11d
|
||||
addl %edx,%ecx
|
||||
leal -995338651(%rbx,%r10,1),%ebx
|
||||
movl 0(%rsi),%r10d
|
||||
xorl %eax,%r11d
|
||||
xorl %ecx,%r11d
|
||||
addl %r11d,%ebx
|
||||
roll $23,%ebx
|
||||
movl %ecx,%r11d
|
||||
addl %ecx,%ebx
|
||||
movl 0(%rsi),%r10d
|
||||
movl $0xffffffff,%r11d
|
||||
xorl %edx,%r11d
|
||||
leal -198630844(%rax,%r10,1),%eax
|
||||
orl %ebx,%r11d
|
||||
xorl %ecx,%r11d
|
||||
addl %r11d,%eax
|
||||
movl 28(%rsi),%r10d
|
||||
movl $0xffffffff,%r11d
|
||||
roll $6,%eax
|
||||
xorl %ecx,%r11d
|
||||
addl %ebx,%eax
|
||||
leal 1126891415(%rdx,%r10,1),%edx
|
||||
orl %eax,%r11d
|
||||
xorl %ebx,%r11d
|
||||
addl %r11d,%edx
|
||||
movl 56(%rsi),%r10d
|
||||
movl $0xffffffff,%r11d
|
||||
roll $10,%edx
|
||||
xorl %ebx,%r11d
|
||||
addl %eax,%edx
|
||||
leal -1416354905(%rcx,%r10,1),%ecx
|
||||
orl %edx,%r11d
|
||||
xorl %eax,%r11d
|
||||
addl %r11d,%ecx
|
||||
movl 20(%rsi),%r10d
|
||||
movl $0xffffffff,%r11d
|
||||
roll $15,%ecx
|
||||
xorl %eax,%r11d
|
||||
addl %edx,%ecx
|
||||
leal -57434055(%rbx,%r10,1),%ebx
|
||||
orl %ecx,%r11d
|
||||
xorl %edx,%r11d
|
||||
addl %r11d,%ebx
|
||||
movl 48(%rsi),%r10d
|
||||
movl $0xffffffff,%r11d
|
||||
roll $21,%ebx
|
||||
xorl %edx,%r11d
|
||||
addl %ecx,%ebx
|
||||
leal 1700485571(%rax,%r10,1),%eax
|
||||
orl %ebx,%r11d
|
||||
xorl %ecx,%r11d
|
||||
addl %r11d,%eax
|
||||
movl 12(%rsi),%r10d
|
||||
movl $0xffffffff,%r11d
|
||||
roll $6,%eax
|
||||
xorl %ecx,%r11d
|
||||
addl %ebx,%eax
|
||||
leal -1894986606(%rdx,%r10,1),%edx
|
||||
orl %eax,%r11d
|
||||
xorl %ebx,%r11d
|
||||
addl %r11d,%edx
|
||||
movl 40(%rsi),%r10d
|
||||
movl $0xffffffff,%r11d
|
||||
roll $10,%edx
|
||||
xorl %ebx,%r11d
|
||||
addl %eax,%edx
|
||||
leal -1051523(%rcx,%r10,1),%ecx
|
||||
orl %edx,%r11d
|
||||
xorl %eax,%r11d
|
||||
addl %r11d,%ecx
|
||||
movl 4(%rsi),%r10d
|
||||
movl $0xffffffff,%r11d
|
||||
roll $15,%ecx
|
||||
xorl %eax,%r11d
|
||||
addl %edx,%ecx
|
||||
leal -2054922799(%rbx,%r10,1),%ebx
|
||||
orl %ecx,%r11d
|
||||
xorl %edx,%r11d
|
||||
addl %r11d,%ebx
|
||||
movl 32(%rsi),%r10d
|
||||
movl $0xffffffff,%r11d
|
||||
roll $21,%ebx
|
||||
xorl %edx,%r11d
|
||||
addl %ecx,%ebx
|
||||
leal 1873313359(%rax,%r10,1),%eax
|
||||
orl %ebx,%r11d
|
||||
xorl %ecx,%r11d
|
||||
addl %r11d,%eax
|
||||
movl 60(%rsi),%r10d
|
||||
movl $0xffffffff,%r11d
|
||||
roll $6,%eax
|
||||
xorl %ecx,%r11d
|
||||
addl %ebx,%eax
|
||||
leal -30611744(%rdx,%r10,1),%edx
|
||||
orl %eax,%r11d
|
||||
xorl %ebx,%r11d
|
||||
addl %r11d,%edx
|
||||
movl 24(%rsi),%r10d
|
||||
movl $0xffffffff,%r11d
|
||||
roll $10,%edx
|
||||
xorl %ebx,%r11d
|
||||
addl %eax,%edx
|
||||
leal -1560198380(%rcx,%r10,1),%ecx
|
||||
orl %edx,%r11d
|
||||
xorl %eax,%r11d
|
||||
addl %r11d,%ecx
|
||||
movl 52(%rsi),%r10d
|
||||
movl $0xffffffff,%r11d
|
||||
roll $15,%ecx
|
||||
xorl %eax,%r11d
|
||||
addl %edx,%ecx
|
||||
leal 1309151649(%rbx,%r10,1),%ebx
|
||||
orl %ecx,%r11d
|
||||
xorl %edx,%r11d
|
||||
addl %r11d,%ebx
|
||||
movl 16(%rsi),%r10d
|
||||
movl $0xffffffff,%r11d
|
||||
roll $21,%ebx
|
||||
xorl %edx,%r11d
|
||||
addl %ecx,%ebx
|
||||
leal -145523070(%rax,%r10,1),%eax
|
||||
orl %ebx,%r11d
|
||||
xorl %ecx,%r11d
|
||||
addl %r11d,%eax
|
||||
movl 44(%rsi),%r10d
|
||||
movl $0xffffffff,%r11d
|
||||
roll $6,%eax
|
||||
xorl %ecx,%r11d
|
||||
addl %ebx,%eax
|
||||
leal -1120210379(%rdx,%r10,1),%edx
|
||||
orl %eax,%r11d
|
||||
xorl %ebx,%r11d
|
||||
addl %r11d,%edx
|
||||
movl 8(%rsi),%r10d
|
||||
movl $0xffffffff,%r11d
|
||||
roll $10,%edx
|
||||
xorl %ebx,%r11d
|
||||
addl %eax,%edx
|
||||
leal 718787259(%rcx,%r10,1),%ecx
|
||||
orl %edx,%r11d
|
||||
xorl %eax,%r11d
|
||||
addl %r11d,%ecx
|
||||
movl 36(%rsi),%r10d
|
||||
movl $0xffffffff,%r11d
|
||||
roll $15,%ecx
|
||||
xorl %eax,%r11d
|
||||
addl %edx,%ecx
|
||||
leal -343485551(%rbx,%r10,1),%ebx
|
||||
orl %ecx,%r11d
|
||||
xorl %edx,%r11d
|
||||
addl %r11d,%ebx
|
||||
movl 0(%rsi),%r10d
|
||||
movl $0xffffffff,%r11d
|
||||
roll $21,%ebx
|
||||
xorl %edx,%r11d
|
||||
addl %ecx,%ebx
|
||||
|
||||
addl %r8d,%eax
|
||||
addl %r9d,%ebx
|
||||
addl %r14d,%ecx
|
||||
addl %r15d,%edx
|
||||
|
||||
|
||||
addq $64,%rsi
|
||||
cmpq %rdi,%rsi
|
||||
jb L$loop
|
||||
|
||||
|
||||
L$end:
|
||||
movl %eax,0(%rbp)
|
||||
movl %ebx,4(%rbp)
|
||||
movl %ecx,8(%rbp)
|
||||
movl %edx,12(%rbp)
|
||||
|
||||
movq (%rsp),%r15
|
||||
|
||||
movq 8(%rsp),%r14
|
||||
|
||||
movq 16(%rsp),%r12
|
||||
|
||||
movq 24(%rsp),%rbx
|
||||
|
||||
movq 32(%rsp),%rbp
|
||||
|
||||
addq $40,%rsp
|
||||
|
||||
L$epilogue:
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
#endif
|
||||
4467
third-party/boringssl/mac-x86_64/crypto/fipsmodule/p256-x86_64-asm.S
vendored
Normal file
4467
third-party/boringssl/mac-x86_64/crypto/fipsmodule/p256-x86_64-asm.S
vendored
Normal file
File diff suppressed because it is too large
Load diff
328
third-party/boringssl/mac-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S
vendored
Normal file
328
third-party/boringssl/mac-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S
vendored
Normal file
|
|
@ -0,0 +1,328 @@
|
|||
# This file is generated from a similarly-named Perl script in the BoringSSL
|
||||
# source tree. Do not edit by hand.
|
||||
|
||||
#if defined(__has_feature)
|
||||
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
|
||||
#define OPENSSL_NO_ASM
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(__x86_64__) && !defined(OPENSSL_NO_ASM)
|
||||
#if defined(BORINGSSL_PREFIX)
|
||||
#include <boringssl_prefix_symbols_asm.h>
|
||||
#endif
|
||||
.text
|
||||
|
||||
|
||||
.private_extern _beeu_mod_inverse_vartime
|
||||
.globl _beeu_mod_inverse_vartime
|
||||
.private_extern _beeu_mod_inverse_vartime
|
||||
.p2align 5
|
||||
_beeu_mod_inverse_vartime:
|
||||
|
||||
pushq %rbp
|
||||
|
||||
pushq %r12
|
||||
|
||||
pushq %r13
|
||||
|
||||
pushq %r14
|
||||
|
||||
pushq %r15
|
||||
|
||||
pushq %rbx
|
||||
|
||||
pushq %rsi
|
||||
|
||||
|
||||
subq $80,%rsp
|
||||
|
||||
movq %rdi,0(%rsp)
|
||||
|
||||
|
||||
movq $1,%r8
|
||||
xorq %r9,%r9
|
||||
xorq %r10,%r10
|
||||
xorq %r11,%r11
|
||||
xorq %rdi,%rdi
|
||||
|
||||
xorq %r12,%r12
|
||||
xorq %r13,%r13
|
||||
xorq %r14,%r14
|
||||
xorq %r15,%r15
|
||||
xorq %rbp,%rbp
|
||||
|
||||
|
||||
vmovdqu 0(%rsi),%xmm0
|
||||
vmovdqu 16(%rsi),%xmm1
|
||||
vmovdqu %xmm0,48(%rsp)
|
||||
vmovdqu %xmm1,64(%rsp)
|
||||
|
||||
vmovdqu 0(%rdx),%xmm0
|
||||
vmovdqu 16(%rdx),%xmm1
|
||||
vmovdqu %xmm0,16(%rsp)
|
||||
vmovdqu %xmm1,32(%rsp)
|
||||
|
||||
L$beeu_loop:
|
||||
xorq %rbx,%rbx
|
||||
orq 48(%rsp),%rbx
|
||||
orq 56(%rsp),%rbx
|
||||
orq 64(%rsp),%rbx
|
||||
orq 72(%rsp),%rbx
|
||||
jz L$beeu_loop_end
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
movq $1,%rcx
|
||||
|
||||
|
||||
L$beeu_shift_loop_XB:
|
||||
movq %rcx,%rbx
|
||||
andq 48(%rsp),%rbx
|
||||
jnz L$beeu_shift_loop_end_XB
|
||||
|
||||
|
||||
movq $1,%rbx
|
||||
andq %r8,%rbx
|
||||
jz L$shift1_0
|
||||
addq 0(%rdx),%r8
|
||||
adcq 8(%rdx),%r9
|
||||
adcq 16(%rdx),%r10
|
||||
adcq 24(%rdx),%r11
|
||||
adcq $0,%rdi
|
||||
|
||||
L$shift1_0:
|
||||
shrdq $1,%r9,%r8
|
||||
shrdq $1,%r10,%r9
|
||||
shrdq $1,%r11,%r10
|
||||
shrdq $1,%rdi,%r11
|
||||
shrq $1,%rdi
|
||||
|
||||
shlq $1,%rcx
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
cmpq $0x8000000,%rcx
|
||||
jne L$beeu_shift_loop_XB
|
||||
|
||||
L$beeu_shift_loop_end_XB:
|
||||
bsfq %rcx,%rcx
|
||||
testq %rcx,%rcx
|
||||
jz L$beeu_no_shift_XB
|
||||
|
||||
|
||||
|
||||
movq 8+48(%rsp),%rax
|
||||
movq 16+48(%rsp),%rbx
|
||||
movq 24+48(%rsp),%rsi
|
||||
|
||||
shrdq %cl,%rax,0+48(%rsp)
|
||||
shrdq %cl,%rbx,8+48(%rsp)
|
||||
shrdq %cl,%rsi,16+48(%rsp)
|
||||
|
||||
shrq %cl,%rsi
|
||||
movq %rsi,24+48(%rsp)
|
||||
|
||||
|
||||
L$beeu_no_shift_XB:
|
||||
|
||||
movq $1,%rcx
|
||||
|
||||
|
||||
L$beeu_shift_loop_YA:
|
||||
movq %rcx,%rbx
|
||||
andq 16(%rsp),%rbx
|
||||
jnz L$beeu_shift_loop_end_YA
|
||||
|
||||
|
||||
movq $1,%rbx
|
||||
andq %r12,%rbx
|
||||
jz L$shift1_1
|
||||
addq 0(%rdx),%r12
|
||||
adcq 8(%rdx),%r13
|
||||
adcq 16(%rdx),%r14
|
||||
adcq 24(%rdx),%r15
|
||||
adcq $0,%rbp
|
||||
|
||||
L$shift1_1:
|
||||
shrdq $1,%r13,%r12
|
||||
shrdq $1,%r14,%r13
|
||||
shrdq $1,%r15,%r14
|
||||
shrdq $1,%rbp,%r15
|
||||
shrq $1,%rbp
|
||||
|
||||
shlq $1,%rcx
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
cmpq $0x8000000,%rcx
|
||||
jne L$beeu_shift_loop_YA
|
||||
|
||||
L$beeu_shift_loop_end_YA:
|
||||
bsfq %rcx,%rcx
|
||||
testq %rcx,%rcx
|
||||
jz L$beeu_no_shift_YA
|
||||
|
||||
|
||||
|
||||
movq 8+16(%rsp),%rax
|
||||
movq 16+16(%rsp),%rbx
|
||||
movq 24+16(%rsp),%rsi
|
||||
|
||||
shrdq %cl,%rax,0+16(%rsp)
|
||||
shrdq %cl,%rbx,8+16(%rsp)
|
||||
shrdq %cl,%rsi,16+16(%rsp)
|
||||
|
||||
shrq %cl,%rsi
|
||||
movq %rsi,24+16(%rsp)
|
||||
|
||||
|
||||
L$beeu_no_shift_YA:
|
||||
|
||||
movq 48(%rsp),%rax
|
||||
movq 56(%rsp),%rbx
|
||||
movq 64(%rsp),%rsi
|
||||
movq 72(%rsp),%rcx
|
||||
subq 16(%rsp),%rax
|
||||
sbbq 24(%rsp),%rbx
|
||||
sbbq 32(%rsp),%rsi
|
||||
sbbq 40(%rsp),%rcx
|
||||
jnc L$beeu_B_bigger_than_A
|
||||
|
||||
|
||||
movq 16(%rsp),%rax
|
||||
movq 24(%rsp),%rbx
|
||||
movq 32(%rsp),%rsi
|
||||
movq 40(%rsp),%rcx
|
||||
subq 48(%rsp),%rax
|
||||
sbbq 56(%rsp),%rbx
|
||||
sbbq 64(%rsp),%rsi
|
||||
sbbq 72(%rsp),%rcx
|
||||
movq %rax,16(%rsp)
|
||||
movq %rbx,24(%rsp)
|
||||
movq %rsi,32(%rsp)
|
||||
movq %rcx,40(%rsp)
|
||||
|
||||
|
||||
addq %r8,%r12
|
||||
adcq %r9,%r13
|
||||
adcq %r10,%r14
|
||||
adcq %r11,%r15
|
||||
adcq %rdi,%rbp
|
||||
jmp L$beeu_loop
|
||||
|
||||
L$beeu_B_bigger_than_A:
|
||||
|
||||
movq %rax,48(%rsp)
|
||||
movq %rbx,56(%rsp)
|
||||
movq %rsi,64(%rsp)
|
||||
movq %rcx,72(%rsp)
|
||||
|
||||
|
||||
addq %r12,%r8
|
||||
adcq %r13,%r9
|
||||
adcq %r14,%r10
|
||||
adcq %r15,%r11
|
||||
adcq %rbp,%rdi
|
||||
|
||||
jmp L$beeu_loop
|
||||
|
||||
L$beeu_loop_end:
|
||||
|
||||
|
||||
|
||||
|
||||
movq 16(%rsp),%rbx
|
||||
subq $1,%rbx
|
||||
orq 24(%rsp),%rbx
|
||||
orq 32(%rsp),%rbx
|
||||
orq 40(%rsp),%rbx
|
||||
|
||||
jnz L$beeu_err
|
||||
|
||||
|
||||
|
||||
|
||||
movq 0(%rdx),%r8
|
||||
movq 8(%rdx),%r9
|
||||
movq 16(%rdx),%r10
|
||||
movq 24(%rdx),%r11
|
||||
xorq %rdi,%rdi
|
||||
|
||||
L$beeu_reduction_loop:
|
||||
movq %r12,16(%rsp)
|
||||
movq %r13,24(%rsp)
|
||||
movq %r14,32(%rsp)
|
||||
movq %r15,40(%rsp)
|
||||
movq %rbp,48(%rsp)
|
||||
|
||||
|
||||
subq %r8,%r12
|
||||
sbbq %r9,%r13
|
||||
sbbq %r10,%r14
|
||||
sbbq %r11,%r15
|
||||
sbbq $0,%rbp
|
||||
|
||||
|
||||
cmovcq 16(%rsp),%r12
|
||||
cmovcq 24(%rsp),%r13
|
||||
cmovcq 32(%rsp),%r14
|
||||
cmovcq 40(%rsp),%r15
|
||||
jnc L$beeu_reduction_loop
|
||||
|
||||
|
||||
subq %r12,%r8
|
||||
sbbq %r13,%r9
|
||||
sbbq %r14,%r10
|
||||
sbbq %r15,%r11
|
||||
|
||||
L$beeu_save:
|
||||
|
||||
movq 0(%rsp),%rdi
|
||||
|
||||
movq %r8,0(%rdi)
|
||||
movq %r9,8(%rdi)
|
||||
movq %r10,16(%rdi)
|
||||
movq %r11,24(%rdi)
|
||||
|
||||
|
||||
movq $1,%rax
|
||||
jmp L$beeu_finish
|
||||
|
||||
L$beeu_err:
|
||||
|
||||
xorq %rax,%rax
|
||||
|
||||
L$beeu_finish:
|
||||
addq $80,%rsp
|
||||
|
||||
popq %rsi
|
||||
|
||||
popq %rbx
|
||||
|
||||
popq %r15
|
||||
|
||||
popq %r14
|
||||
|
||||
popq %r13
|
||||
|
||||
popq %r12
|
||||
|
||||
popq %rbp
|
||||
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
|
||||
#endif
|
||||
62
third-party/boringssl/mac-x86_64/crypto/fipsmodule/rdrand-x86_64.S
vendored
Normal file
62
third-party/boringssl/mac-x86_64/crypto/fipsmodule/rdrand-x86_64.S
vendored
Normal file
|
|
@ -0,0 +1,62 @@
|
|||
# This file is generated from a similarly-named Perl script in the BoringSSL
|
||||
# source tree. Do not edit by hand.
|
||||
|
||||
#if defined(__has_feature)
|
||||
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
|
||||
#define OPENSSL_NO_ASM
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(__x86_64__) && !defined(OPENSSL_NO_ASM)
|
||||
#if defined(BORINGSSL_PREFIX)
|
||||
#include <boringssl_prefix_symbols_asm.h>
|
||||
#endif
|
||||
.text
|
||||
|
||||
|
||||
|
||||
|
||||
.globl _CRYPTO_rdrand
|
||||
.private_extern _CRYPTO_rdrand
|
||||
|
||||
.p2align 4
|
||||
_CRYPTO_rdrand:
|
||||
|
||||
xorq %rax,%rax
|
||||
.byte 72,15,199,242
|
||||
|
||||
adcq %rax,%rax
|
||||
movq %rdx,0(%rdi)
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
.globl _CRYPTO_rdrand_multiple8_buf
|
||||
.private_extern _CRYPTO_rdrand_multiple8_buf
|
||||
|
||||
.p2align 4
|
||||
_CRYPTO_rdrand_multiple8_buf:
|
||||
|
||||
testq %rsi,%rsi
|
||||
jz L$out
|
||||
movq $8,%rdx
|
||||
L$loop:
|
||||
.byte 72,15,199,241
|
||||
jnc L$err
|
||||
movq %rcx,0(%rdi)
|
||||
addq %rdx,%rdi
|
||||
subq %rdx,%rsi
|
||||
jnz L$loop
|
||||
L$out:
|
||||
movq $1,%rax
|
||||
.byte 0xf3,0xc3
|
||||
L$err:
|
||||
xorq %rax,%rax
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
#endif
|
||||
1748
third-party/boringssl/mac-x86_64/crypto/fipsmodule/rsaz-avx2.S
vendored
Normal file
1748
third-party/boringssl/mac-x86_64/crypto/fipsmodule/rsaz-avx2.S
vendored
Normal file
File diff suppressed because it is too large
Load diff
3599
third-party/boringssl/mac-x86_64/crypto/fipsmodule/sha1-x86_64.S
vendored
Normal file
3599
third-party/boringssl/mac-x86_64/crypto/fipsmodule/sha1-x86_64.S
vendored
Normal file
File diff suppressed because it is too large
Load diff
3971
third-party/boringssl/mac-x86_64/crypto/fipsmodule/sha256-x86_64.S
vendored
Normal file
3971
third-party/boringssl/mac-x86_64/crypto/fipsmodule/sha256-x86_64.S
vendored
Normal file
File diff suppressed because it is too large
Load diff
2990
third-party/boringssl/mac-x86_64/crypto/fipsmodule/sha512-x86_64.S
vendored
Normal file
2990
third-party/boringssl/mac-x86_64/crypto/fipsmodule/sha512-x86_64.S
vendored
Normal file
File diff suppressed because it is too large
Load diff
1130
third-party/boringssl/mac-x86_64/crypto/fipsmodule/vpaes-x86_64.S
vendored
Normal file
1130
third-party/boringssl/mac-x86_64/crypto/fipsmodule/vpaes-x86_64.S
vendored
Normal file
File diff suppressed because it is too large
Load diff
1256
third-party/boringssl/mac-x86_64/crypto/fipsmodule/x86_64-mont.S
vendored
Normal file
1256
third-party/boringssl/mac-x86_64/crypto/fipsmodule/x86_64-mont.S
vendored
Normal file
File diff suppressed because it is too large
Load diff
3788
third-party/boringssl/mac-x86_64/crypto/fipsmodule/x86_64-mont5.S
vendored
Normal file
3788
third-party/boringssl/mac-x86_64/crypto/fipsmodule/x86_64-mont5.S
vendored
Normal file
File diff suppressed because it is too large
Load diff
513
third-party/boringssl/mac-x86_64/crypto/test/trampoline-x86_64.S
vendored
Normal file
513
third-party/boringssl/mac-x86_64/crypto/test/trampoline-x86_64.S
vendored
Normal file
|
|
@ -0,0 +1,513 @@
|
|||
# This file is generated from a similarly-named Perl script in the BoringSSL
|
||||
# source tree. Do not edit by hand.
|
||||
|
||||
#if defined(__has_feature)
|
||||
#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
|
||||
#define OPENSSL_NO_ASM
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(__x86_64__) && !defined(OPENSSL_NO_ASM)
|
||||
#if defined(BORINGSSL_PREFIX)
|
||||
#include <boringssl_prefix_symbols_asm.h>
|
||||
#endif
|
||||
.text
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
.globl _abi_test_trampoline
|
||||
.private_extern _abi_test_trampoline
|
||||
.p2align 4
|
||||
_abi_test_trampoline:
|
||||
L$abi_test_trampoline_seh_begin:
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
subq $120,%rsp
|
||||
|
||||
L$abi_test_trampoline_seh_prolog_alloc:
|
||||
movq %r8,48(%rsp)
|
||||
movq %rbx,64(%rsp)
|
||||
|
||||
L$abi_test_trampoline_seh_prolog_rbx:
|
||||
movq %rbp,72(%rsp)
|
||||
|
||||
L$abi_test_trampoline_seh_prolog_rbp:
|
||||
movq %r12,80(%rsp)
|
||||
|
||||
L$abi_test_trampoline_seh_prolog_r12:
|
||||
movq %r13,88(%rsp)
|
||||
|
||||
L$abi_test_trampoline_seh_prolog_r13:
|
||||
movq %r14,96(%rsp)
|
||||
|
||||
L$abi_test_trampoline_seh_prolog_r14:
|
||||
movq %r15,104(%rsp)
|
||||
|
||||
L$abi_test_trampoline_seh_prolog_r15:
|
||||
L$abi_test_trampoline_seh_prolog_end:
|
||||
movq 0(%rsi),%rbx
|
||||
movq 8(%rsi),%rbp
|
||||
movq 16(%rsi),%r12
|
||||
movq 24(%rsi),%r13
|
||||
movq 32(%rsi),%r14
|
||||
movq 40(%rsi),%r15
|
||||
|
||||
movq %rdi,32(%rsp)
|
||||
movq %rsi,40(%rsp)
|
||||
|
||||
|
||||
|
||||
|
||||
movq %rdx,%r10
|
||||
movq %rcx,%r11
|
||||
decq %r11
|
||||
js L$args_done
|
||||
movq (%r10),%rdi
|
||||
addq $8,%r10
|
||||
decq %r11
|
||||
js L$args_done
|
||||
movq (%r10),%rsi
|
||||
addq $8,%r10
|
||||
decq %r11
|
||||
js L$args_done
|
||||
movq (%r10),%rdx
|
||||
addq $8,%r10
|
||||
decq %r11
|
||||
js L$args_done
|
||||
movq (%r10),%rcx
|
||||
addq $8,%r10
|
||||
decq %r11
|
||||
js L$args_done
|
||||
movq (%r10),%r8
|
||||
addq $8,%r10
|
||||
decq %r11
|
||||
js L$args_done
|
||||
movq (%r10),%r9
|
||||
addq $8,%r10
|
||||
leaq 0(%rsp),%rax
|
||||
L$args_loop:
|
||||
decq %r11
|
||||
js L$args_done
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
movq %r11,56(%rsp)
|
||||
movq (%r10),%r11
|
||||
movq %r11,(%rax)
|
||||
movq 56(%rsp),%r11
|
||||
|
||||
addq $8,%r10
|
||||
addq $8,%rax
|
||||
jmp L$args_loop
|
||||
|
||||
L$args_done:
|
||||
movq 32(%rsp),%rax
|
||||
movq 48(%rsp),%r10
|
||||
testq %r10,%r10
|
||||
jz L$no_unwind
|
||||
|
||||
|
||||
pushfq
|
||||
orq $0x100,0(%rsp)
|
||||
popfq
|
||||
|
||||
|
||||
|
||||
nop
|
||||
.globl _abi_test_unwind_start
|
||||
.private_extern _abi_test_unwind_start
|
||||
_abi_test_unwind_start:
|
||||
|
||||
call *%rax
|
||||
.globl _abi_test_unwind_return
|
||||
.private_extern _abi_test_unwind_return
|
||||
_abi_test_unwind_return:
|
||||
|
||||
|
||||
|
||||
|
||||
pushfq
|
||||
andq $-0x101,0(%rsp)
|
||||
popfq
|
||||
.globl _abi_test_unwind_stop
|
||||
.private_extern _abi_test_unwind_stop
|
||||
_abi_test_unwind_stop:
|
||||
|
||||
jmp L$call_done
|
||||
|
||||
L$no_unwind:
|
||||
call *%rax
|
||||
|
||||
L$call_done:
|
||||
|
||||
movq 40(%rsp),%rsi
|
||||
movq %rbx,0(%rsi)
|
||||
movq %rbp,8(%rsi)
|
||||
movq %r12,16(%rsi)
|
||||
movq %r13,24(%rsi)
|
||||
movq %r14,32(%rsi)
|
||||
movq %r15,40(%rsi)
|
||||
movq 64(%rsp),%rbx
|
||||
|
||||
movq 72(%rsp),%rbp
|
||||
|
||||
movq 80(%rsp),%r12
|
||||
|
||||
movq 88(%rsp),%r13
|
||||
|
||||
movq 96(%rsp),%r14
|
||||
|
||||
movq 104(%rsp),%r15
|
||||
|
||||
addq $120,%rsp
|
||||
|
||||
|
||||
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
L$abi_test_trampoline_seh_end:
|
||||
|
||||
|
||||
.globl _abi_test_clobber_rax
|
||||
.private_extern _abi_test_clobber_rax
|
||||
.p2align 4
|
||||
_abi_test_clobber_rax:
|
||||
xorq %rax,%rax
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
.globl _abi_test_clobber_rbx
|
||||
.private_extern _abi_test_clobber_rbx
|
||||
.p2align 4
|
||||
_abi_test_clobber_rbx:
|
||||
xorq %rbx,%rbx
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
.globl _abi_test_clobber_rcx
|
||||
.private_extern _abi_test_clobber_rcx
|
||||
.p2align 4
|
||||
_abi_test_clobber_rcx:
|
||||
xorq %rcx,%rcx
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
.globl _abi_test_clobber_rdx
|
||||
.private_extern _abi_test_clobber_rdx
|
||||
.p2align 4
|
||||
_abi_test_clobber_rdx:
|
||||
xorq %rdx,%rdx
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
.globl _abi_test_clobber_rdi
|
||||
.private_extern _abi_test_clobber_rdi
|
||||
.p2align 4
|
||||
_abi_test_clobber_rdi:
|
||||
xorq %rdi,%rdi
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
.globl _abi_test_clobber_rsi
|
||||
.private_extern _abi_test_clobber_rsi
|
||||
.p2align 4
|
||||
_abi_test_clobber_rsi:
|
||||
xorq %rsi,%rsi
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
.globl _abi_test_clobber_rbp
|
||||
.private_extern _abi_test_clobber_rbp
|
||||
.p2align 4
|
||||
_abi_test_clobber_rbp:
|
||||
xorq %rbp,%rbp
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
.globl _abi_test_clobber_r8
|
||||
.private_extern _abi_test_clobber_r8
|
||||
.p2align 4
|
||||
_abi_test_clobber_r8:
|
||||
xorq %r8,%r8
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
.globl _abi_test_clobber_r9
|
||||
.private_extern _abi_test_clobber_r9
|
||||
.p2align 4
|
||||
_abi_test_clobber_r9:
|
||||
xorq %r9,%r9
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
.globl _abi_test_clobber_r10
|
||||
.private_extern _abi_test_clobber_r10
|
||||
.p2align 4
|
||||
_abi_test_clobber_r10:
|
||||
xorq %r10,%r10
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
.globl _abi_test_clobber_r11
|
||||
.private_extern _abi_test_clobber_r11
|
||||
.p2align 4
|
||||
_abi_test_clobber_r11:
|
||||
xorq %r11,%r11
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
.globl _abi_test_clobber_r12
|
||||
.private_extern _abi_test_clobber_r12
|
||||
.p2align 4
|
||||
_abi_test_clobber_r12:
|
||||
xorq %r12,%r12
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
.globl _abi_test_clobber_r13
|
||||
.private_extern _abi_test_clobber_r13
|
||||
.p2align 4
|
||||
_abi_test_clobber_r13:
|
||||
xorq %r13,%r13
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
.globl _abi_test_clobber_r14
|
||||
.private_extern _abi_test_clobber_r14
|
||||
.p2align 4
|
||||
_abi_test_clobber_r14:
|
||||
xorq %r14,%r14
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
.globl _abi_test_clobber_r15
|
||||
.private_extern _abi_test_clobber_r15
|
||||
.p2align 4
|
||||
_abi_test_clobber_r15:
|
||||
xorq %r15,%r15
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
.globl _abi_test_clobber_xmm0
|
||||
.private_extern _abi_test_clobber_xmm0
|
||||
.p2align 4
|
||||
_abi_test_clobber_xmm0:
|
||||
pxor %xmm0,%xmm0
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
.globl _abi_test_clobber_xmm1
|
||||
.private_extern _abi_test_clobber_xmm1
|
||||
.p2align 4
|
||||
_abi_test_clobber_xmm1:
|
||||
pxor %xmm1,%xmm1
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
.globl _abi_test_clobber_xmm2
|
||||
.private_extern _abi_test_clobber_xmm2
|
||||
.p2align 4
|
||||
_abi_test_clobber_xmm2:
|
||||
pxor %xmm2,%xmm2
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
.globl _abi_test_clobber_xmm3
|
||||
.private_extern _abi_test_clobber_xmm3
|
||||
.p2align 4
|
||||
_abi_test_clobber_xmm3:
|
||||
pxor %xmm3,%xmm3
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
.globl _abi_test_clobber_xmm4
|
||||
.private_extern _abi_test_clobber_xmm4
|
||||
.p2align 4
|
||||
_abi_test_clobber_xmm4:
|
||||
pxor %xmm4,%xmm4
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
.globl _abi_test_clobber_xmm5
|
||||
.private_extern _abi_test_clobber_xmm5
|
||||
.p2align 4
|
||||
_abi_test_clobber_xmm5:
|
||||
pxor %xmm5,%xmm5
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
.globl _abi_test_clobber_xmm6
|
||||
.private_extern _abi_test_clobber_xmm6
|
||||
.p2align 4
|
||||
_abi_test_clobber_xmm6:
|
||||
pxor %xmm6,%xmm6
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
.globl _abi_test_clobber_xmm7
|
||||
.private_extern _abi_test_clobber_xmm7
|
||||
.p2align 4
|
||||
_abi_test_clobber_xmm7:
|
||||
pxor %xmm7,%xmm7
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
.globl _abi_test_clobber_xmm8
|
||||
.private_extern _abi_test_clobber_xmm8
|
||||
.p2align 4
|
||||
_abi_test_clobber_xmm8:
|
||||
pxor %xmm8,%xmm8
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
.globl _abi_test_clobber_xmm9
|
||||
.private_extern _abi_test_clobber_xmm9
|
||||
.p2align 4
|
||||
_abi_test_clobber_xmm9:
|
||||
pxor %xmm9,%xmm9
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
.globl _abi_test_clobber_xmm10
|
||||
.private_extern _abi_test_clobber_xmm10
|
||||
.p2align 4
|
||||
_abi_test_clobber_xmm10:
|
||||
pxor %xmm10,%xmm10
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
.globl _abi_test_clobber_xmm11
|
||||
.private_extern _abi_test_clobber_xmm11
|
||||
.p2align 4
|
||||
_abi_test_clobber_xmm11:
|
||||
pxor %xmm11,%xmm11
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
.globl _abi_test_clobber_xmm12
|
||||
.private_extern _abi_test_clobber_xmm12
|
||||
.p2align 4
|
||||
_abi_test_clobber_xmm12:
|
||||
pxor %xmm12,%xmm12
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
.globl _abi_test_clobber_xmm13
|
||||
.private_extern _abi_test_clobber_xmm13
|
||||
.p2align 4
|
||||
_abi_test_clobber_xmm13:
|
||||
pxor %xmm13,%xmm13
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
.globl _abi_test_clobber_xmm14
|
||||
.private_extern _abi_test_clobber_xmm14
|
||||
.p2align 4
|
||||
_abi_test_clobber_xmm14:
|
||||
pxor %xmm14,%xmm14
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
.globl _abi_test_clobber_xmm15
|
||||
.private_extern _abi_test_clobber_xmm15
|
||||
.p2align 4
|
||||
_abi_test_clobber_xmm15:
|
||||
pxor %xmm15,%xmm15
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
.globl _abi_test_bad_unwind_wrong_register
|
||||
.private_extern _abi_test_bad_unwind_wrong_register
|
||||
.p2align 4
|
||||
_abi_test_bad_unwind_wrong_register:
|
||||
|
||||
L$abi_test_bad_unwind_wrong_register_seh_begin:
|
||||
pushq %r12
|
||||
|
||||
L$abi_test_bad_unwind_wrong_register_seh_push_r13:
|
||||
|
||||
|
||||
|
||||
nop
|
||||
popq %r12
|
||||
|
||||
.byte 0xf3,0xc3
|
||||
L$abi_test_bad_unwind_wrong_register_seh_end:
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
.globl _abi_test_bad_unwind_temporary
|
||||
.private_extern _abi_test_bad_unwind_temporary
|
||||
.p2align 4
|
||||
_abi_test_bad_unwind_temporary:
|
||||
|
||||
L$abi_test_bad_unwind_temporary_seh_begin:
|
||||
pushq %r12
|
||||
|
||||
L$abi_test_bad_unwind_temporary_seh_push_r12:
|
||||
|
||||
movq %r12,%rax
|
||||
incq %rax
|
||||
movq %rax,(%rsp)
|
||||
|
||||
|
||||
|
||||
movq %r12,(%rsp)
|
||||
|
||||
|
||||
popq %r12
|
||||
|
||||
.byte 0xf3,0xc3
|
||||
L$abi_test_bad_unwind_temporary_seh_end:
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
.globl _abi_test_get_and_clear_direction_flag
|
||||
.private_extern _abi_test_get_and_clear_direction_flag
|
||||
_abi_test_get_and_clear_direction_flag:
|
||||
pushfq
|
||||
popq %rax
|
||||
andq $0x400,%rax
|
||||
shrq $10,%rax
|
||||
cld
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
.globl _abi_test_set_direction_flag
|
||||
.private_extern _abi_test_set_direction_flag
|
||||
_abi_test_set_direction_flag:
|
||||
std
|
||||
.byte 0xf3,0xc3
|
||||
|
||||
#endif
|
||||
7
third-party/boringssl/src/.clang-format
vendored
Normal file
7
third-party/boringssl/src/.clang-format
vendored
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
BasedOnStyle: Google
|
||||
MaxEmptyLinesToKeep: 3
|
||||
AllowShortIfStatementsOnASingleLine: false
|
||||
AllowShortLoopsOnASingleLine: false
|
||||
DerivePointerAlignment: false
|
||||
PointerAlignment: Right
|
||||
|
||||
7
third-party/boringssl/src/.github/PULL_REQUEST_TEMPLATE
vendored
Normal file
7
third-party/boringssl/src/.github/PULL_REQUEST_TEMPLATE
vendored
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
Please do not send pull requests to the BoringSSL repository.
|
||||
|
||||
We do, however, take contributions gladly.
|
||||
|
||||
See https://boringssl.googlesource.com/boringssl/+/master/CONTRIBUTING.md
|
||||
|
||||
Thanks!
|
||||
32
third-party/boringssl/src/.gitignore
vendored
Normal file
32
third-party/boringssl/src/.gitignore
vendored
Normal file
|
|
@ -0,0 +1,32 @@
|
|||
build/
|
||||
build32/
|
||||
build64/
|
||||
ssl/test/runner/runner
|
||||
*.pyc
|
||||
*.swp
|
||||
*.swo
|
||||
doc/*.html
|
||||
doc/doc.css
|
||||
|
||||
util/bot/android_ndk
|
||||
util/bot/android_sdk/public
|
||||
util/bot/cmake-linux64
|
||||
util/bot/cmake-linux64.tar.gz
|
||||
util/bot/cmake-mac
|
||||
util/bot/cmake-mac.tar.gz
|
||||
util/bot/cmake-win32
|
||||
util/bot/cmake-win32.zip
|
||||
util/bot/golang
|
||||
util/bot/gyp
|
||||
util/bot/libcxx
|
||||
util/bot/libcxxabi
|
||||
util/bot/llvm-build
|
||||
util/bot/nasm-win32.exe
|
||||
util/bot/perl-win32
|
||||
util/bot/perl-win32.zip
|
||||
util/bot/sde-linux64
|
||||
util/bot/sde-linux64.tar.bz2
|
||||
util/bot/sde-win32
|
||||
util/bot/sde-win32.tar.bz2
|
||||
util/bot/win_toolchain.json
|
||||
util/bot/yasm-win32.exe
|
||||
248
third-party/boringssl/src/API-CONVENTIONS.md
vendored
Normal file
248
third-party/boringssl/src/API-CONVENTIONS.md
vendored
Normal file
|
|
@ -0,0 +1,248 @@
|
|||
# BoringSSL API Conventions
|
||||
|
||||
This document describes conventions for BoringSSL APIs. The [style
|
||||
guide](/STYLE.md) also includes guidelines, but this document is targeted at
|
||||
both API consumers and developers.
|
||||
|
||||
|
||||
## Documentation
|
||||
|
||||
All supported public APIs are documented in the public header files, found in
|
||||
`include/openssl`. The API documentation is also available
|
||||
[online](https://commondatastorage.googleapis.com/chromium-boringssl-docs/headers.html).
|
||||
|
||||
Some headers lack documention comments. These are functions and structures from
|
||||
OpenSSL's legacy ASN.1, X.509, and PEM implementation. If possible, avoid using
|
||||
them. These are left largely unmodified from upstream and are retained only for
|
||||
compatibility with existing OpenSSL consumers.
|
||||
|
||||
|
||||
## Forward declarations
|
||||
|
||||
Do not write `typedef struct foo_st FOO` or try otherwise to define BoringSSL's
|
||||
types. Including `openssl/base.h` (or `openssl/ossl_typ.h` for consumers who
|
||||
wish to be OpenSSL-compatible) will forward-declare each type without importing
|
||||
the rest of the library or invasive macros.
|
||||
|
||||
|
||||
## Error-handling
|
||||
|
||||
Most functions in BoringSSL may fail, either due to allocation failures or input
|
||||
errors. Functions which return an `int` typically return one on success and zero
|
||||
on failure. Functions which return a pointer typically return `NULL` on failure.
|
||||
However, due to legacy constraints, some functions are more complex. Consult the
|
||||
API documentation before using a function.
|
||||
|
||||
On error, most functions also push errors on the error queue, an `errno`-like
|
||||
mechanism. See the documentation for
|
||||
[err.h](https://commondatastorage.googleapis.com/chromium-boringssl-docs/err.h.html)
|
||||
for more details.
|
||||
|
||||
As with `errno`, callers must test the function's return value, not the error
|
||||
queue to determine whether an operation failed. Some codepaths may not interact
|
||||
with the error queue, and the error queue may have state from a previous failed
|
||||
operation.
|
||||
|
||||
When ignoring a failed operation, it is recommended to call `ERR_clear_error` to
|
||||
avoid the state interacting with future operations. Failing to do so should not
|
||||
affect the actual behavior of any functions, but may result in errors from both
|
||||
operations being mixed in error logging. We hope to
|
||||
[improve](https://bugs.chromium.org/p/boringssl/issues/detail?id=38) this
|
||||
situation in the future.
|
||||
|
||||
Where possible, avoid conditioning on specific reason codes and limit usage to
|
||||
logging. The reason codes are very specific and may change over time.
|
||||
|
||||
|
||||
## Memory allocation
|
||||
|
||||
BoringSSL allocates memory via `OPENSSL_malloc`, found in `mem.h`. Use
|
||||
`OPENSSL_free`, found in the same header file, to release it. BoringSSL
|
||||
functions will fail gracefully on allocation error, but it is recommended to use
|
||||
a `malloc` implementation that `abort`s on failure.
|
||||
|
||||
|
||||
## Object initialization and cleanup
|
||||
|
||||
BoringSSL defines a number of structs for use in its APIs. It is a C library,
|
||||
so the caller is responsible for ensuring these structs are properly
|
||||
initialized and released. Consult the documentation for a module for the
|
||||
proper use of its types. Some general conventions are listed below.
|
||||
|
||||
|
||||
### Heap-allocated types
|
||||
|
||||
Some types, such as `RSA`, are heap-allocated. All instances will be allocated
|
||||
and returned from BoringSSL's APIs. It is an error to instantiate a heap-
|
||||
allocated type on the stack or embedded within another object.
|
||||
|
||||
Heap-allocated types may have functioned named like `RSA_new` which allocates a
|
||||
fresh blank `RSA`. Other functions may also return newly-allocated instances.
|
||||
For example, `RSA_parse_public_key` is documented to return a newly-allocated
|
||||
`RSA` object.
|
||||
|
||||
Heap-allocated objects must be released by the corresponding free function,
|
||||
named like `RSA_free`. Like C's `free` and C++'s `delete`, all free functions
|
||||
internally check for `NULL`. Consumers are not required to check for `NULL`
|
||||
before calling.
|
||||
|
||||
A heap-allocated type may be reference-counted. In this case, a function named
|
||||
like `RSA_up_ref` will be available to take an additional reference count. The
|
||||
free function must be called to decrement the reference count. It will only
|
||||
release resources when the final reference is released. For OpenSSL
|
||||
compatibility, these functions return `int`, but callers may assume they always
|
||||
successfully return one because reference counts use saturating arithmetic.
|
||||
|
||||
C++ consumers are recommended to use `bssl::UniquePtr` to manage heap-allocated
|
||||
objects. `bssl::UniquePtr<T>`, like other types, is forward-declared in
|
||||
`openssl/base.h`. Code that needs access to the free functions, such as code
|
||||
which destroys a `bssl::UniquePtr`, must include the corresponding module's
|
||||
header. (This matches `std::unique_ptr`'s relationship with forward
|
||||
declarations.) Note, despite the name, `bssl::UniquePtr` is also used with
|
||||
reference-counted types. It owns a single reference to the object. To take an
|
||||
additional reference, use the `bssl::UpRef` function, which will return a
|
||||
separate `bssl::UniquePtr`.
|
||||
|
||||
|
||||
### Stack-allocated types
|
||||
|
||||
Other types in BoringSSL are stack-allocated, such as `EVP_MD_CTX`. These
|
||||
types may be allocated on the stack or embedded within another object.
|
||||
However, they must still be initialized before use.
|
||||
|
||||
Every stack-allocated object in BoringSSL has a *zero state*, analogous to
|
||||
initializing a pointer to `NULL`. In this state, the object may not be
|
||||
completely initialized, but it is safe to call cleanup functions. Entering the
|
||||
zero state cannot fail. (It is usually `memset(0)`.)
|
||||
|
||||
The function to enter the zero state is named like `EVP_MD_CTX_init` or
|
||||
`CBB_zero` and will always return `void`. To release resources associated with
|
||||
the type, call the cleanup function, named like `EVP_MD_CTX_cleanup`. The
|
||||
cleanup function must be called on all codepaths, regardless of success or
|
||||
failure. For example:
|
||||
|
||||
uint8_t md[EVP_MAX_MD_SIZE];
|
||||
unsigned md_len;
|
||||
EVP_MD_CTX ctx;
|
||||
EVP_MD_CTX_init(&ctx); /* Enter the zero state. */
|
||||
int ok = EVP_DigestInit_ex(&ctx, EVP_sha256(), NULL) &&
|
||||
EVP_DigestUpdate(&ctx, "hello ", 6) &&
|
||||
EVP_DigestUpdate(&ctx, "world", 5) &&
|
||||
EVP_DigestFinal_ex(&ctx, md, &md_len);
|
||||
EVP_MD_CTX_cleanup(&ctx); /* Release |ctx|. */
|
||||
|
||||
Note that `EVP_MD_CTX_cleanup` is called whether or not the `EVP_Digest*`
|
||||
operations succeeded. More complex C functions may use the `goto err` pattern:
|
||||
|
||||
int ret = 0;
|
||||
EVP_MD_CTX ctx;
|
||||
EVP_MD_CTX_init(&ctx);
|
||||
|
||||
if (!some_other_operation()) {
|
||||
goto err;
|
||||
}
|
||||
|
||||
uint8_t md[EVP_MAX_MD_SIZE];
|
||||
unsigned md_len;
|
||||
if (!EVP_DigestInit_ex(&ctx, EVP_sha256(), NULL) ||
|
||||
!EVP_DigestUpdate(&ctx, "hello ", 6) ||
|
||||
!EVP_DigestUpdate(&ctx, "world", 5) ||
|
||||
!EVP_DigestFinal_ex(&ctx, md, &md_len) {
|
||||
goto err;
|
||||
}
|
||||
|
||||
ret = 1;
|
||||
|
||||
err:
|
||||
EVP_MD_CTX_cleanup(&ctx);
|
||||
return ret;
|
||||
|
||||
Note that, because `ctx` is set to the zero state before any failures,
|
||||
`EVP_MD_CTX_cleanup` is safe to call even if the first operation fails before
|
||||
`EVP_DigestInit_ex`. However, it would be illegal to move the `EVP_MD_CTX_init`
|
||||
below the `some_other_operation` call.
|
||||
|
||||
As a rule of thumb, enter the zero state of stack-allocated structs in the
|
||||
same place they are declared.
|
||||
|
||||
C++ consumers are recommended to use the wrappers named like
|
||||
`bssl::ScopedEVP_MD_CTX`, defined in the corresponding module's header. These
|
||||
wrappers are automatically initialized to the zero state and are automatically
|
||||
cleaned up.
|
||||
|
||||
|
||||
### Data-only types
|
||||
|
||||
A few types, such as `SHA_CTX`, are data-only types and do not require cleanup.
|
||||
These are usually for low-level cryptographic operations. These types may be
|
||||
used freely without special cleanup conventions.
|
||||
|
||||
|
||||
### Ownership and lifetime
|
||||
|
||||
When working with allocated objects, it is important to think about *ownership*
|
||||
of each object, or what code is responsible for releasing it. This matches the
|
||||
corresponding notion in higher-level languages like C++ and Rust.
|
||||
|
||||
Ownership applies to both uniquely-owned types and reference-counted types. For
|
||||
the latter, ownership means the code is responsible for releasing one
|
||||
reference. Note a *reference* in BoringSSL refers to an increment (and eventual
|
||||
decrement) of an object's reference count, not `T&` in C++. Thus, to "take a
|
||||
reference" means to increment the reference count and take ownership of
|
||||
decrementing it.
|
||||
|
||||
As BoringSSL's APIs are primarily in C, ownership and lifetime obligations are
|
||||
not rigorously annotated in the type signatures or checked at compile-time.
|
||||
Instead, they are described in
|
||||
[API documentation](https://commondatastorage.googleapis.com/chromium-boringssl-docs/headers.html).
|
||||
This section describes some conventions.
|
||||
|
||||
Unless otherwise documented, functions do not take ownership of pointer
|
||||
arguments. The pointer typically must remain valid for the duration of the
|
||||
function call. The function may internally copy information from the argument or
|
||||
take a reference, but the caller is free to release its copy or reference at any
|
||||
point after the call completes.
|
||||
|
||||
A function may instead be documented to *take* or *transfer* ownership of a
|
||||
pointer. The caller must own the object before the function call and, after
|
||||
transfer, no longer owns it. As a corollary, the caller may no longer reference
|
||||
the object without a separate guarantee on the lifetime. The function may even
|
||||
release the object before returning. Callers that wish to independently retain a
|
||||
transfered object must therefore take a reference or make a copy before
|
||||
transferring. Callers should also take note of whether the function is
|
||||
documented to transfer pointers unconditionally or only on success. Unlike C++
|
||||
and Rust, functions in BoringSSL typically only transfer on success.
|
||||
|
||||
Likewise, output pointers may be owning or non-owning. Unless otherwise
|
||||
documented, functions output non-owning pointers. The caller is not responsible
|
||||
for releasing the output pointer, but it must not use the pointer beyond its
|
||||
lifetime. The pointer may be released when the parent object is released or even
|
||||
sooner on state change in the parent object.
|
||||
|
||||
If documented to output a *newly-allocated* object or a *reference* or *copy* of
|
||||
one, the caller is responsible for releasing the object when it is done.
|
||||
|
||||
By convention, functions named `get0` return non-owning pointers. Functions
|
||||
named `new` or `get1` return owning pointers. Functions named `set0` take
|
||||
ownership of arguments. Functions named `set1` do not. They typically take a
|
||||
reference or make a copy internally. These names originally referred to the
|
||||
effect on a reference count, but the convention applies equally to
|
||||
non-reference-counted types.
|
||||
|
||||
API documentation may also describe more complex obligations. For instance, an
|
||||
object may borrow a pointer for longer than the duration of a single function
|
||||
call, in which case the caller must ensure the lifetime extends accordingly.
|
||||
|
||||
Memory errors are one of the most common and dangerous bugs in C and C++, so
|
||||
callers are encouraged to make use of tools such as
|
||||
[AddressSanitizer](https://clang.llvm.org/docs/AddressSanitizer.html) and
|
||||
higher-level languages.
|
||||
|
||||
|
||||
## Thread safety
|
||||
|
||||
BoringSSL is internally aware of the platform threading library and calls into
|
||||
it as needed. Consult the API documentation for the threading guarantees of
|
||||
particular objects. In general, stateless reference-counted objects like `RSA`
|
||||
or `EVP_PKEY` which represent keys may typically be used from multiple threads
|
||||
simultaneously, provided no thread mutates the key.
|
||||
88
third-party/boringssl/src/BREAKING-CHANGES.md
vendored
Normal file
88
third-party/boringssl/src/BREAKING-CHANGES.md
vendored
Normal file
|
|
@ -0,0 +1,88 @@
|
|||
# How to change BoringSSL's API
|
||||
|
||||
BoringSSL has more flexibility in changing things than many other library projects because we have a reasonable idea of who our users are. Still, breaking changes require some care. We depend on tight feedback loops with our consumers so that we can learn about mistakes and fix them. For that to work, updating BoringSSL must be smooth.
|
||||
|
||||
Ultimately, the strategy for each breaking change is decided on a case-by-case basis. This document provides guidelines and techniques to help with a smooth transition.
|
||||
|
||||
## Breakage risk
|
||||
|
||||
Traditionally, breaking changes are defined in terms of API or ABI surface. Exposed symbols and type signatures cannot change, etc. But this is a poor approximation of the true impact. Removing an API may not a breaking change if no one is using it. Conversely, [Hyrum's Law](http://www.hyrumslaw.com/) applies. Fixing a bug may be a breaking change for some consumer which was depending on that bug.
|
||||
|
||||
Thus, we do not think about whether a change is formally a breaking change, but about the *risk* of it breaking someone.
|
||||
|
||||
Some changes, such as internal cleanups or bug-fixes, are low risk and do not need special measures. Any problems can be handled when the affected consumer updates BoringSSL and notices.
|
||||
|
||||
Other changes, such as removing an API, forbidding some edge case, or adjusting some behavior, are more likely to break things. To help the consumer triage any resulting failures, include some text in the commit message, prefixed by `Update-Note: `. This can include what this change may break and instructions on how to fix the issue.
|
||||
|
||||
## Code Search
|
||||
|
||||
The vast majority of BoringSSL consumers are conveniently indexed in various Code Search instances. This can predict the impact of a risky change and identify code to fix ahead of time. The document “How to Code Search” in the (Google-only) [go/boringssl-folder](https://goto.google.com/boringssl-folder) includes notes on this.
|
||||
|
||||
## Evaluate a change's cost
|
||||
|
||||
If some change has high cost (from having to fix consumers) and relatively little benefit to BoringSSL, it may not be worth the trouble. For instance, it is likely not worth removing a small compatibility function in the corner of the library that is easily dropped by the static linker.
|
||||
|
||||
Conversely, a change that leads to a major improvement to all BoringSSL consumers, at the cost of fixing one or two consumers, is typically worth it.
|
||||
|
||||
## Fixing consumers
|
||||
|
||||
If code search reveals call sites that are definitely going to break, prefer to handle these before making the change. While unexpected breakage is always possible, we generally consider it the responsibility of the developer or group making a change to handle impact of that change. Teams are generally unhappy to be surprised by new migration work but happy to have migration work done for them.
|
||||
|
||||
In most cases, this is straightforward:
|
||||
|
||||
1. Add the replacement API.
|
||||
2. As the replacement API enters each consuming repository, migrate callers to it.
|
||||
3. Remove the original API once all consumers have been migrated.
|
||||
|
||||
The removal should still include an `Update-Note` tag, in case some were missed.
|
||||
|
||||
In some cases, this kind of staged approach is not feasible: perhaps the same code cannot simultaneously work before and after the change, or perhaps there are too many different versions in play. For instance, [Conscrypt](https://github.com/google/conscrypt) feeds into three different repositories. The GitHub repository consumes BoringSSL's `master` branch directly. It is pushed into Android, where it consumes Android's `external/boringssl`. Yet another copy is pushed into the internal repository, where it consumes that copy of BoringSSL. As each of these Conscrypts are updated independently from their corresponding BoringSSLs, Conscrypt upstream cannot rely on a new BoringSSL API until it is present in all copies of BoringSSL its downstreams rely on.
|
||||
|
||||
In that case, a multi-sided change may be more appropriate:
|
||||
|
||||
1. Upload the breaking change to Gerrit, but do not submit it yet. Increment the `BORINGSSL_API_VERSION` symbol.
|
||||
2. Update the consuming repository with `#if BORINGSSL_API_VERSION < N` preprocessor logic. Leave a comment to remove this later, linking to your BoringSSL change.
|
||||
3. When the `BORINGSSL_API_VERSION` check has propagated to relevant copies of the consuming repository, submit the BoringSSL change.
|
||||
4. When the BoringSSL change has propagated to relevant copies of BoringSSL, remove the staging logic from the consumer.
|
||||
|
||||
Finally, in some cases, the consumer's change may be committed atomically with the BoringSSL update. This can only be done for code which only consumes one instance of BoringSSL (so the Conscrypt example above is not eligible). Check with that project's maintainer first or, better, be that project's maintainer.
|
||||
|
||||
If more complex changes are needed in some consumer, communicate with the relevant maintainers to plan the transition.
|
||||
|
||||
## Fail early, fail closed
|
||||
|
||||
When breaking changes do occur, they should fail as early and as detectably as possible.
|
||||
|
||||
Ideally, problematic consumers fail to compile. Prefer to remove functions completely over leaving an always failing stub function. Sometimes this is not possible due to other consumers, particularly bindings libraries. Alternatively, if a stub function can be reasonably justified as still satisfying the API constraints, consider adding one to improve compatibility. For example, BoringSSL has many no-op stubs corresponding to OpenSSL's many initialization functions.
|
||||
|
||||
If some parameter now must be `NULL`, change the type to an opaque struct pointer. Consumers passing non-`NULL` pointers will then fail to compile.
|
||||
|
||||
If breaking the compile is not feasible, break at runtime, in the hope that consumers have some amount of test coverage. When doing so, try to fail on the common case. In particular, do not rely on consumers adequately testing or even checking for failure cases. One strategy is to bring the object into a “poison” state: if an illegal operation occurs, set a flag to fail all subsequent ones.
|
||||
|
||||
In other functions, it may be appropriate to simply call `abort()`.
|
||||
|
||||
## Unexpected breakage
|
||||
|
||||
While we try to avoid breaking things, sometimes things unexpectedly break. Depending on the impact, we may fix the consumer, make a small fix to BoringSSL, or revert the change to either try again later or revise the approach.
|
||||
|
||||
If we do not ultimately fix the consumer, add a test in BoringSSL to capture the unexpected API contract, so future regressions are caught quickly.
|
||||
|
||||
## Canary changes and bake time
|
||||
|
||||
When planning a large project that depends on a breaking change, prefer to make the breaking change first—before committing larger changes. Or, when changing toolchain or language requirements, add a small instance of the dependency somewhere first then wait a couple of weeks for the change to appear in consumers. This ensures that reverting the change is still feasible if necessary.
|
||||
|
||||
While we rely on a tight feedback loop with our consumers, there are a few consumers which update less frequently. For extremely risky changes, such as introducing C++ to a target, it may be prudent to wait much longer.
|
||||
|
||||
## Third-party code
|
||||
|
||||
In many cases, we are interested in changing behavior which came from OpenSSL. OpenSSL's API surface is huge, but only a small subset is actually used. So we can and occasionally do change these behaviors. This is more complex than changing BoringSSL-only behavior due to third-party code.
|
||||
|
||||
We use BoringSSL with many third-party projects that normally use OpenSSL. Generally, we consider this our burden to make this work and do not encourage external projects to depend on BoringSSL. While we can and do maintain patches for this as necessary, it has overhead and so the cost of breaking third-party code is higher.
|
||||
|
||||
We lean fairly strongly towards making changes to BoringSSL over patching third-party code, unless the third-party change fixes a security problem.
|
||||
|
||||
Additionally, changing an OpenSSL API will not only affect third-party code we use today, but also any third-party code we use in the future. Thus Code Search is less useful as an absolute predictor, and the various other considerations in this document are more important.
|
||||
|
||||
If the patch to support a BoringSSL change can be generally useful to the third-party project, send it upstream. For instance, it may use the APIs better, clean up code, or help support newer versions of OpenSSL. In general, we try to target compatibility with “most” “well-behaved” OpenSSL consumers.
|
||||
|
||||
Finally, if some particular OpenSSL API or pattern is problematic to BoringSSL, it is likely problematic to OpenSSL too. Consider filing a bug with them to suggest a change, either in new code going forward or for the next API break. OpenSSL's release cycles and feedback loops are much longer than BoringSSL's, so this is usually not immediately useful, but it keeps the ecosystem moving in the right direction.
|
||||
213
third-party/boringssl/src/BUILDING.md
vendored
Normal file
213
third-party/boringssl/src/BUILDING.md
vendored
Normal file
|
|
@ -0,0 +1,213 @@
|
|||
# Building BoringSSL
|
||||
|
||||
## Build Prerequisites
|
||||
|
||||
The standalone CMake build is primarily intended for developers. If embedding
|
||||
BoringSSL into another project with a pre-existing build system, see
|
||||
[INCORPORATING.md](/INCORPORATING.md).
|
||||
|
||||
Unless otherwise noted, build tools must at most five years old, matching
|
||||
[Abseil guidelines](https://abseil.io/about/compatibility). If in doubt, use the
|
||||
most recent stable version of each tool.
|
||||
|
||||
* [CMake](https://cmake.org/download/) 3.0 or later is required.
|
||||
|
||||
* A recent version of Perl is required. On Windows,
|
||||
[Active State Perl](http://www.activestate.com/activeperl/) has been
|
||||
reported to work, as has MSYS Perl.
|
||||
[Strawberry Perl](http://strawberryperl.com/) also works but it adds GCC
|
||||
to `PATH`, which can confuse some build tools when identifying the compiler
|
||||
(removing `C:\Strawberry\c\bin` from `PATH` should resolve any problems).
|
||||
If Perl is not found by CMake, it may be configured explicitly by setting
|
||||
`PERL_EXECUTABLE`.
|
||||
|
||||
* Building with [Ninja](https://ninja-build.org/) instead of Make is
|
||||
recommended, because it makes builds faster. On Windows, CMake's Visual
|
||||
Studio generator may also work, but it not tested regularly and requires
|
||||
recent versions of CMake for assembly support.
|
||||
|
||||
* On Windows only, [NASM](https://www.nasm.us/) is required. If not found
|
||||
by CMake, it may be configured explicitly by setting
|
||||
`CMAKE_ASM_NASM_COMPILER`.
|
||||
|
||||
* C and C++ compilers with C++11 support are required. On Windows, MSVC 14
|
||||
(Visual Studio 2015) or later with Platform SDK 8.1 or later are supported.
|
||||
Recent versions of GCC (4.8+) and Clang should work on non-Windows
|
||||
platforms, and maybe on Windows too.
|
||||
|
||||
* The most recent stable version of [Go](https://golang.org/dl/) is required.
|
||||
Note Go is exempt from the five year support window. If not found by CMake,
|
||||
the go executable may be configured explicitly by setting `GO_EXECUTABLE`.
|
||||
|
||||
* On x86_64 Linux, the tests have an optional
|
||||
[libunwind](https://www.nongnu.org/libunwind/) dependency to test the
|
||||
assembly more thoroughly.
|
||||
|
||||
## Building
|
||||
|
||||
Using Ninja (note the 'N' is capitalized in the cmake invocation):
|
||||
|
||||
mkdir build
|
||||
cd build
|
||||
cmake -GNinja ..
|
||||
ninja
|
||||
|
||||
Using Make (does not work on Windows):
|
||||
|
||||
mkdir build
|
||||
cd build
|
||||
cmake ..
|
||||
make
|
||||
|
||||
You usually don't need to run `cmake` again after changing `CMakeLists.txt`
|
||||
files because the build scripts will detect changes to them and rebuild
|
||||
themselves automatically.
|
||||
|
||||
Note that the default build flags in the top-level `CMakeLists.txt` are for
|
||||
debugging—optimisation isn't enabled. Pass `-DCMAKE_BUILD_TYPE=Release` to
|
||||
`cmake` to configure a release build.
|
||||
|
||||
If you want to cross-compile then there is an example toolchain file for 32-bit
|
||||
Intel in `util/`. Wipe out the build directory, recreate it and run `cmake` like
|
||||
this:
|
||||
|
||||
cmake -DCMAKE_TOOLCHAIN_FILE=../util/32-bit-toolchain.cmake -GNinja ..
|
||||
|
||||
If you want to build as a shared library, pass `-DBUILD_SHARED_LIBS=1`. On
|
||||
Windows, where functions need to be tagged with `dllimport` when coming from a
|
||||
shared library, define `BORINGSSL_SHARED_LIBRARY` in any code which `#include`s
|
||||
the BoringSSL headers.
|
||||
|
||||
In order to serve environments where code-size is important as well as those
|
||||
where performance is the overriding concern, `OPENSSL_SMALL` can be defined to
|
||||
remove some code that is especially large.
|
||||
|
||||
See [CMake's documentation](https://cmake.org/cmake/help/v3.4/manual/cmake-variables.7.html)
|
||||
for other variables which may be used to configure the build.
|
||||
|
||||
### Building for Android
|
||||
|
||||
It's possible to build BoringSSL with the Android NDK using CMake. Recent
|
||||
versions of the NDK include a CMake toolchain file which works with CMake 3.6.0
|
||||
or later. This has been tested with version r16b of the NDK.
|
||||
|
||||
Unpack the Android NDK somewhere and export `ANDROID_NDK` to point to the
|
||||
directory. Then make a build directory as above and run CMake like this:
|
||||
|
||||
cmake -DANDROID_ABI=armeabi-v7a \
|
||||
-DCMAKE_TOOLCHAIN_FILE=${ANDROID_NDK}/build/cmake/android.toolchain.cmake \
|
||||
-DANDROID_NATIVE_API_LEVEL=16 \
|
||||
-GNinja ..
|
||||
|
||||
Once you've run that, Ninja should produce Android-compatible binaries. You
|
||||
can replace `armeabi-v7a` in the above with `arm64-v8a` and use API level 21 or
|
||||
higher to build aarch64 binaries.
|
||||
|
||||
For other options, see the documentation in the toolchain file.
|
||||
|
||||
To debug the resulting binaries on an Android device with `gdb`, run the
|
||||
commands below. Replace `ARCH` with the architecture of the target device, e.g.
|
||||
`arm` or `arm64`.
|
||||
|
||||
adb push ${ANDROID_NDK}/prebuilt/android-ARCH/gdbserver/gdbserver \
|
||||
/data/local/tmp
|
||||
adb forward tcp:5039 tcp:5039
|
||||
adb shell /data/local/tmp/gdbserver :5039 /path/on/device/to/binary
|
||||
|
||||
Then run the following in a separate shell. Replace `HOST` with the OS and
|
||||
architecture of the host machine, e.g. `linux-x86_64`.
|
||||
|
||||
${ANDROID_NDK}/prebuilt/HOST/bin/gdb
|
||||
target remote :5039 # in gdb
|
||||
|
||||
### Building for iOS
|
||||
|
||||
To build for iOS, pass `-DCMAKE_OSX_SYSROOT=iphoneos` and
|
||||
`-DCMAKE_OSX_ARCHITECTURES=ARCH` to CMake, where `ARCH` is the desired
|
||||
architecture, matching values used in the `-arch` flag in Apple's toolchain.
|
||||
|
||||
Passing multiple architectures for a multiple-architecture build is not
|
||||
supported.
|
||||
|
||||
### Building with Prefixed Symbols
|
||||
|
||||
BoringSSL's build system has experimental support for adding a custom prefix to
|
||||
all symbols. This can be useful when linking multiple versions of BoringSSL in
|
||||
the same project to avoid symbol conflicts.
|
||||
|
||||
In order to build with prefixed symbols, the `BORINGSSL_PREFIX` CMake variable
|
||||
should specify the prefix to add to all symbols, and the
|
||||
`BORINGSSL_PREFIX_SYMBOLS` CMake variable should specify the path to a file
|
||||
which contains a list of symbols which should be prefixed (one per line;
|
||||
comments are supported with `#`). In other words, `cmake ..
|
||||
-DBORINGSSL_PREFIX=MY_CUSTOM_PREFIX
|
||||
-DBORINGSSL_PREFIX_SYMBOLS=/path/to/symbols.txt` will configure the build to add
|
||||
the prefix `MY_CUSTOM_PREFIX` to all of the symbols listed in
|
||||
`/path/to/symbols.txt`.
|
||||
|
||||
It is currently the caller's responsibility to create and maintain the list of
|
||||
symbols to be prefixed. Alternatively, `util/read_symbols.go` reads the list of
|
||||
exported symbols from a `.a` file, and can be used in a build script to generate
|
||||
the symbol list on the fly (by building without prefixing, using
|
||||
`read_symbols.go` to construct a symbol list, and then building again with
|
||||
prefixing).
|
||||
|
||||
This mechanism is under development and may change over time. Please contact the
|
||||
BoringSSL maintainers if making use of it.
|
||||
|
||||
## Known Limitations on Windows
|
||||
|
||||
* Versions of CMake since 3.0.2 have a bug in its Ninja generator that causes
|
||||
yasm to output warnings
|
||||
|
||||
yasm: warning: can open only one input file, only the last file will be processed
|
||||
|
||||
These warnings can be safely ignored. The cmake bug is
|
||||
http://www.cmake.org/Bug/view.php?id=15253.
|
||||
|
||||
* CMake can generate Visual Studio projects, but the generated project files
|
||||
don't have steps for assembling the assembly language source files, so they
|
||||
currently cannot be used to build BoringSSL.
|
||||
|
||||
## Embedded ARM
|
||||
|
||||
ARM, unlike Intel, does not have an instruction that allows applications to
|
||||
discover the capabilities of the processor. Instead, the capability information
|
||||
has to be provided by the operating system somehow.
|
||||
|
||||
By default, on Linux-based systems, BoringSSL will try to use `getauxval` and
|
||||
`/proc` to discover the capabilities. But some environments don't support that
|
||||
sort of thing and, for them, it's possible to configure the CPU capabilities at
|
||||
compile time.
|
||||
|
||||
On iOS or builds which define `OPENSSL_STATIC_ARMCAP`, features will be
|
||||
determined based on the `__ARM_NEON__` and `__ARM_FEATURE_CRYPTO` preprocessor
|
||||
symbols reported by the compiler. These values are usually controlled by the
|
||||
`-march` flag. You can also define any of the following to enable the
|
||||
corresponding ARM feature.
|
||||
|
||||
* `OPENSSL_STATIC_ARMCAP_NEON`
|
||||
* `OPENSSL_STATIC_ARMCAP_AES`
|
||||
* `OPENSSL_STATIC_ARMCAP_SHA1`
|
||||
* `OPENSSL_STATIC_ARMCAP_SHA256`
|
||||
* `OPENSSL_STATIC_ARMCAP_PMULL`
|
||||
|
||||
Note that if a feature is enabled in this way, but not actually supported at
|
||||
run-time, BoringSSL will likely crash.
|
||||
|
||||
## Binary Size
|
||||
|
||||
The implementations of some algorithms require a trade-off between binary size
|
||||
and performance. For instance, BoringSSL's fastest P-256 implementation uses a
|
||||
148 KiB pre-computed table. To optimize instead for binary size, pass
|
||||
`-DOPENSSL_SMALL=1` to CMake or define the `OPENSSL_SMALL` preprocessor symbol.
|
||||
|
||||
# Running Tests
|
||||
|
||||
There are two sets of tests: the C/C++ tests and the blackbox tests. For former
|
||||
are built by Ninja and can be run from the top-level directory with `go run
|
||||
util/all_tests.go`. The latter have to be run separately by running `go test`
|
||||
from within `ssl/test/runner`.
|
||||
|
||||
Both sets of tests may also be run with `ninja -C build run_tests`, but CMake
|
||||
3.2 or later is required to avoid Ninja's output buffering.
|
||||
623
third-party/boringssl/src/CMakeLists.txt
vendored
Normal file
623
third-party/boringssl/src/CMakeLists.txt
vendored
Normal file
|
|
@ -0,0 +1,623 @@
|
|||
cmake_minimum_required(VERSION 3.0)
|
||||
|
||||
# Defer enabling C and CXX languages.
|
||||
project(BoringSSL NONE)
|
||||
|
||||
if(WIN32)
|
||||
# On Windows, prefer cl over gcc if both are available. By default most of
|
||||
# the CMake generators prefer gcc, even on Windows.
|
||||
set(CMAKE_GENERATOR_CC cl)
|
||||
endif()
|
||||
|
||||
include(sources.cmake)
|
||||
|
||||
enable_language(C)
|
||||
enable_language(CXX)
|
||||
|
||||
# This is a dummy target which all other targets depend on (manually - see other
|
||||
# CMakeLists.txt files). This gives us a hook to add any targets which need to
|
||||
# run before all other targets.
|
||||
add_custom_target(global_target)
|
||||
|
||||
if(ANDROID)
|
||||
# Android-NDK CMake files reconfigure the path and so Go and Perl won't be
|
||||
# found. However, ninja will still find them in $PATH if we just name them.
|
||||
if(NOT PERL_EXECUTABLE)
|
||||
set(PERL_EXECUTABLE "perl")
|
||||
endif()
|
||||
if(NOT GO_EXECUTABLE)
|
||||
set(GO_EXECUTABLE "go")
|
||||
endif()
|
||||
else()
|
||||
find_package(Perl REQUIRED)
|
||||
find_program(GO_EXECUTABLE go)
|
||||
endif()
|
||||
|
||||
if(CMAKE_SYSTEM_NAME STREQUAL "Linux" AND NOT CMAKE_CROSSCOMPILING)
|
||||
find_package(PkgConfig QUIET)
|
||||
if (PkgConfig_FOUND)
|
||||
pkg_check_modules(LIBUNWIND libunwind-generic)
|
||||
if(LIBUNWIND_FOUND)
|
||||
add_definitions(-DBORINGSSL_HAVE_LIBUNWIND)
|
||||
else()
|
||||
message("libunwind not found. Disabling unwind tests.")
|
||||
endif()
|
||||
else()
|
||||
message("pkgconfig not found. Disabling unwind tests.")
|
||||
endif()
|
||||
endif()
|
||||
|
||||
if(NOT GO_EXECUTABLE)
|
||||
message(FATAL_ERROR "Could not find Go")
|
||||
endif()
|
||||
|
||||
if(USE_CUSTOM_LIBCXX)
|
||||
set(BORINGSSL_ALLOW_CXX_RUNTIME 1)
|
||||
endif()
|
||||
|
||||
if(BORINGSSL_ALLOW_CXX_RUNTIME)
|
||||
add_definitions(-DBORINGSSL_ALLOW_CXX_RUNTIME)
|
||||
endif()
|
||||
|
||||
string(TOLOWER "${CMAKE_BUILD_TYPE}" CMAKE_BUILD_TYPE_LOWER)
|
||||
if(NOT FIPS)
|
||||
if(CMAKE_BUILD_TYPE_LOWER STREQUAL "relwithassert" OR
|
||||
NOT CMAKE_BUILD_TYPE_LOWER MATCHES "rel")
|
||||
add_definitions(-DBORINGSSL_DISPATCH_TEST)
|
||||
# CMake automatically connects include_directories to the NASM
|
||||
# command-line, but not add_definitions.
|
||||
set(CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} -DBORINGSSL_DISPATCH_TEST")
|
||||
endif()
|
||||
endif()
|
||||
|
||||
# Add a RelWithAsserts build configuration. It is the same as Release, except it
|
||||
# does not define NDEBUG, so asserts run.
|
||||
foreach(VAR CMAKE_C_FLAGS CMAKE_CXX_FLAGS CMAKE_ASM_FLAGS)
|
||||
string(REGEX REPLACE "(^| )[/-]DNDEBUG( |$)" " " "${VAR}_RELWITHASSERTS"
|
||||
"${${VAR}_RELEASE}")
|
||||
endforeach()
|
||||
|
||||
if(BORINGSSL_PREFIX AND BORINGSSL_PREFIX_SYMBOLS)
|
||||
add_definitions(-DBORINGSSL_PREFIX=${BORINGSSL_PREFIX})
|
||||
# CMake automatically connects include_directories to the NASM command-line,
|
||||
# but not add_definitions.
|
||||
set(CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} -DBORINGSSL_PREFIX=${BORINGSSL_PREFIX}")
|
||||
|
||||
# Use "symbol_prefix_include" to store generated header files
|
||||
include_directories(${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include)
|
||||
add_custom_command(
|
||||
OUTPUT symbol_prefix_include/boringssl_prefix_symbols.h
|
||||
symbol_prefix_include/boringssl_prefix_symbols_asm.h
|
||||
symbol_prefix_include/boringssl_prefix_symbols_nasm.inc
|
||||
COMMAND ${CMAKE_COMMAND} -E make_directory ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include
|
||||
COMMAND ${GO_EXECUTABLE} run ${CMAKE_CURRENT_SOURCE_DIR}/util/make_prefix_headers.go -out ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include ${BORINGSSL_PREFIX_SYMBOLS}
|
||||
DEPENDS util/make_prefix_headers.go
|
||||
${CMAKE_BINARY_DIR}/${BORINGSSL_PREFIX_SYMBOLS})
|
||||
|
||||
# add_dependencies needs a target, not a file, so we add an intermediate
|
||||
# target.
|
||||
add_custom_target(
|
||||
boringssl_prefix_symbols
|
||||
DEPENDS symbol_prefix_include/boringssl_prefix_symbols.h
|
||||
symbol_prefix_include/boringssl_prefix_symbols_asm.h
|
||||
symbol_prefix_include/boringssl_prefix_symbols_nasm.inc)
|
||||
add_dependencies(global_target boringssl_prefix_symbols)
|
||||
elseif(BORINGSSL_PREFIX OR BORINGSSL_PREFIX_SYMBOLS)
|
||||
message(FATAL_ERROR "Must specify both or neither of BORINGSSL_PREFIX and BORINGSSL_PREFIX_SYMBOLS")
|
||||
endif()
|
||||
|
||||
if(CMAKE_CXX_COMPILER_ID MATCHES "Clang")
|
||||
set(CLANG 1)
|
||||
endif()
|
||||
|
||||
if(CMAKE_SYSTEM_NAME STREQUAL "Emscripten")
|
||||
set(EMSCRIPTEN 1)
|
||||
endif()
|
||||
|
||||
if(CMAKE_COMPILER_IS_GNUCXX OR CLANG)
|
||||
# Note clang-cl is odd and sets both CLANG and MSVC. We base our configuration
|
||||
# primarily on our normal Clang one.
|
||||
set(C_CXX_FLAGS "-Werror -Wformat=2 -Wsign-compare -Wmissing-field-initializers -Wwrite-strings -Wvla")
|
||||
if(MSVC)
|
||||
# clang-cl sets different default warnings than clang. It also treats -Wall
|
||||
# as -Weverything, to match MSVC. Instead -W3 is the alias for -Wall.
|
||||
# See http://llvm.org/viewvc/llvm-project?view=revision&revision=319116
|
||||
set(C_CXX_FLAGS "${C_CXX_FLAGS} -W3 -Wno-unused-parameter -fmsc-version=1900")
|
||||
# googletest suppresses warning C4996 via a pragma, but clang-cl does not
|
||||
# honor it. Suppress it here to compensate. See https://crbug.com/772117.
|
||||
set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wno-deprecated-declarations")
|
||||
else()
|
||||
if(EMSCRIPTEN)
|
||||
# emscripten's emcc/clang does not accept the "-ggdb" flag.
|
||||
set(C_CXX_FLAGS "${C_CXX_FLAGS} -g")
|
||||
else()
|
||||
set(C_CXX_FLAGS "${C_CXX_FLAGS} -ggdb")
|
||||
endif()
|
||||
|
||||
set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wall -fvisibility=hidden -fno-common")
|
||||
endif()
|
||||
|
||||
if(CLANG)
|
||||
set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wnewline-eof -fcolor-diagnostics")
|
||||
else()
|
||||
# GCC (at least 4.8.4) has a bug where it'll find unreachable free() calls
|
||||
# and declare that the code is trying to free a stack pointer.
|
||||
set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wno-free-nonheap-object")
|
||||
endif()
|
||||
|
||||
if(CLANG OR NOT "7.0.0" VERSION_GREATER CMAKE_C_COMPILER_VERSION)
|
||||
set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wimplicit-fallthrough")
|
||||
endif()
|
||||
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${C_CXX_FLAGS} -Wmissing-prototypes -Wold-style-definition -Wstrict-prototypes")
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${C_CXX_FLAGS} -Wmissing-declarations")
|
||||
|
||||
if(NOT MSVC)
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11")
|
||||
if(APPLE)
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -stdlib=libc++")
|
||||
endif()
|
||||
if(NOT BORINGSSL_ALLOW_CXX_RUNTIME)
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fno-exceptions -fno-rtti")
|
||||
endif()
|
||||
endif()
|
||||
|
||||
# In GCC, -Wmissing-declarations is the C++ spelling of -Wmissing-prototypes
|
||||
# and using the wrong one is an error. In Clang, -Wmissing-prototypes is the
|
||||
# spelling for both and -Wmissing-declarations is some other warning.
|
||||
#
|
||||
# https://gcc.gnu.org/onlinedocs/gcc-7.1.0/gcc/Warning-Options.html#Warning-Options
|
||||
# https://clang.llvm.org/docs/DiagnosticsReference.html#wmissing-prototypes
|
||||
# https://clang.llvm.org/docs/DiagnosticsReference.html#wmissing-declarations
|
||||
if(CLANG)
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wmissing-prototypes")
|
||||
endif()
|
||||
|
||||
if(CMAKE_COMPILER_IS_GNUCXX AND "4.8" VERSION_GREATER CMAKE_C_COMPILER_VERSION)
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-array-bounds")
|
||||
endif()
|
||||
|
||||
elseif(MSVC)
|
||||
set(MSVC_DISABLED_WARNINGS_LIST
|
||||
"C4061" # enumerator 'identifier' in switch of enum 'enumeration' is not
|
||||
# explicitly handled by a case label
|
||||
# Disable this because it flags even when there is a default.
|
||||
"C4100" # 'exarg' : unreferenced formal parameter
|
||||
"C4127" # conditional expression is constant
|
||||
"C4200" # nonstandard extension used : zero-sized array in
|
||||
# struct/union.
|
||||
"C4204" # nonstandard extension used: non-constant aggregate initializer
|
||||
"C4221" # nonstandard extension used : 'identifier' : cannot be
|
||||
# initialized using address of automatic variable
|
||||
"C4242" # 'function' : conversion from 'int' to 'uint8_t',
|
||||
# possible loss of data
|
||||
"C4244" # 'function' : conversion from 'int' to 'uint8_t',
|
||||
# possible loss of data
|
||||
"C4267" # conversion from 'size_t' to 'int', possible loss of data
|
||||
"C4371" # layout of class may have changed from a previous version of the
|
||||
# compiler due to better packing of member '...'
|
||||
"C4388" # signed/unsigned mismatch
|
||||
"C4296" # '>=' : expression is always true
|
||||
"C4350" # behavior change: 'std::_Wrap_alloc...'
|
||||
"C4365" # '=' : conversion from 'size_t' to 'int',
|
||||
# signed/unsigned mismatch
|
||||
"C4389" # '!=' : signed/unsigned mismatch
|
||||
"C4464" # relative include path contains '..'
|
||||
"C4510" # 'argument' : default constructor could not be generated
|
||||
"C4512" # 'argument' : assignment operator could not be generated
|
||||
"C4514" # 'function': unreferenced inline function has been removed
|
||||
"C4548" # expression before comma has no effect; expected expression with
|
||||
# side-effect" caused by FD_* macros.
|
||||
"C4610" # struct 'argument' can never be instantiated - user defined
|
||||
# constructor required.
|
||||
"C4623" # default constructor was implicitly defined as deleted
|
||||
"C4625" # copy constructor could not be generated because a base class
|
||||
# copy constructor is inaccessible or deleted
|
||||
"C4626" # assignment operator could not be generated because a base class
|
||||
# assignment operator is inaccessible or deleted
|
||||
"C4628" # digraphs not supported with -Ze
|
||||
"C4668" # 'symbol' is not defined as a preprocessor macro, replacing with
|
||||
# '0' for 'directives'
|
||||
# Disable this because GTest uses it everywhere.
|
||||
"C4706" # assignment within conditional expression
|
||||
"C4710" # 'function': function not inlined
|
||||
"C4711" # function 'function' selected for inline expansion
|
||||
"C4800" # 'int' : forcing value to bool 'true' or 'false'
|
||||
# (performance warning)
|
||||
"C4820" # 'bytes' bytes padding added after construct 'member_name'
|
||||
"C5026" # move constructor was implicitly defined as deleted
|
||||
"C5027" # move assignment operator was implicitly defined as deleted
|
||||
"C5045" # Compiler will insert Spectre mitigation for memory load if
|
||||
# /Qspectre switch specified
|
||||
)
|
||||
set(MSVC_LEVEL4_WARNINGS_LIST
|
||||
# See https://connect.microsoft.com/VisualStudio/feedback/details/1217660/warning-c4265-when-using-functional-header
|
||||
"C4265" # class has virtual functions, but destructor is not virtual
|
||||
)
|
||||
string(REPLACE "C" " -wd" MSVC_DISABLED_WARNINGS_STR
|
||||
${MSVC_DISABLED_WARNINGS_LIST})
|
||||
string(REPLACE "C" " -w4" MSVC_LEVEL4_WARNINGS_STR
|
||||
${MSVC_LEVEL4_WARNINGS_LIST})
|
||||
set(CMAKE_C_FLAGS "-utf-8 -Wall -WX ${MSVC_DISABLED_WARNINGS_STR} ${MSVC_LEVEL4_WARNINGS_STR}")
|
||||
set(CMAKE_CXX_FLAGS "-utf-8 -Wall -WX ${MSVC_DISABLED_WARNINGS_STR} ${MSVC_LEVEL4_WARNINGS_STR}")
|
||||
endif()
|
||||
|
||||
if(WIN32)
|
||||
add_definitions(-D_HAS_EXCEPTIONS=0)
|
||||
add_definitions(-DWIN32_LEAN_AND_MEAN)
|
||||
add_definitions(-DNOMINMAX)
|
||||
# Allow use of fopen.
|
||||
add_definitions(-D_CRT_SECURE_NO_WARNINGS)
|
||||
# VS 2017 and higher supports STL-only warning suppressions.
|
||||
# A bug in CMake < 3.13.0 may cause the space in this value to
|
||||
# cause issues when building with NASM. In that case, update CMake.
|
||||
add_definitions("-D_STL_EXTRA_DISABLED_WARNINGS=4774 4987")
|
||||
endif()
|
||||
|
||||
if((CMAKE_COMPILER_IS_GNUCXX AND CMAKE_C_COMPILER_VERSION VERSION_GREATER "4.7.99") OR
|
||||
CLANG)
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshadow")
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wshadow")
|
||||
endif()
|
||||
|
||||
if(CMAKE_COMPILER_IS_GNUCXX)
|
||||
if((CMAKE_C_COMPILER_VERSION VERSION_GREATER "4.8.99") OR CLANG)
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=c11")
|
||||
else()
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=c99")
|
||||
endif()
|
||||
endif()
|
||||
|
||||
# pthread_rwlock_t requires a feature flag.
|
||||
if(NOT WIN32)
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_XOPEN_SOURCE=700")
|
||||
endif()
|
||||
|
||||
if(FUZZ)
|
||||
if(NOT CLANG)
|
||||
message(FATAL_ERROR "You need to build with Clang for fuzzing to work")
|
||||
endif()
|
||||
|
||||
if(CMAKE_C_COMPILER_VERSION VERSION_LESS "6.0.0")
|
||||
message(FATAL_ERROR "You need Clang ≥ 6.0.0")
|
||||
endif()
|
||||
|
||||
add_definitions(-DBORINGSSL_UNSAFE_DETERMINISTIC_MODE)
|
||||
set(RUNNER_ARGS "-deterministic")
|
||||
|
||||
if(NOT NO_FUZZER_MODE)
|
||||
add_definitions(-DBORINGSSL_UNSAFE_FUZZER_MODE)
|
||||
set(RUNNER_ARGS ${RUNNER_ARGS} "-fuzzer" "-shim-config" "fuzzer_mode.json")
|
||||
endif()
|
||||
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=address,fuzzer-no-link -fsanitize-coverage=edge,indirect-calls")
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address,fuzzer-no-link -fsanitize-coverage=edge,indirect-calls")
|
||||
endif()
|
||||
|
||||
add_definitions(-DBORINGSSL_IMPLEMENTATION)
|
||||
|
||||
if(BUILD_SHARED_LIBS)
|
||||
add_definitions(-DBORINGSSL_SHARED_LIBRARY)
|
||||
# Enable position-independent code globally. This is needed because
|
||||
# some library targets are OBJECT libraries.
|
||||
set(CMAKE_POSITION_INDEPENDENT_CODE TRUE)
|
||||
endif()
|
||||
|
||||
if(MSAN)
|
||||
if(NOT CLANG)
|
||||
message(FATAL_ERROR "Cannot enable MSAN unless using Clang")
|
||||
endif()
|
||||
|
||||
if(ASAN)
|
||||
message(FATAL_ERROR "ASAN and MSAN are mutually exclusive")
|
||||
endif()
|
||||
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer")
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer")
|
||||
set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer")
|
||||
endif()
|
||||
|
||||
if(ASAN)
|
||||
if(NOT CLANG)
|
||||
message(FATAL_ERROR "Cannot enable ASAN unless using Clang")
|
||||
endif()
|
||||
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=address -fsanitize-address-use-after-scope -fno-omit-frame-pointer")
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address -fsanitize-address-use-after-scope -fno-omit-frame-pointer")
|
||||
endif()
|
||||
|
||||
if(CFI)
|
||||
if(NOT CLANG)
|
||||
message(FATAL_ERROR "Cannot enable CFI unless using Clang")
|
||||
endif()
|
||||
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=cfi -fno-sanitize-trap=cfi -flto=thin")
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=cfi -fno-sanitize-trap=cfi -flto=thin")
|
||||
# We use Chromium's copy of clang, which requires -fuse-ld=lld if building
|
||||
# with -flto. That, in turn, can't handle -ggdb.
|
||||
set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fuse-ld=lld")
|
||||
string(REPLACE "-ggdb" "-g" CMAKE_C_FLAGS "${CMAKE_C_FLAGS}")
|
||||
string(REPLACE "-ggdb" "-g" CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS}")
|
||||
# -flto causes object files to contain LLVM bitcode. Mixing those with
|
||||
# assembly output in the same static library breaks the linker.
|
||||
set(OPENSSL_NO_ASM "1")
|
||||
endif()
|
||||
|
||||
if(TSAN)
|
||||
if(NOT CLANG)
|
||||
message(FATAL_ERROR "Cannot enable TSAN unless using Clang")
|
||||
endif()
|
||||
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=thread")
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=thread")
|
||||
set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fsanitize=thread")
|
||||
endif()
|
||||
|
||||
if(UBSAN)
|
||||
if(NOT CLANG)
|
||||
message(FATAL_ERROR "Cannot enable UBSAN unless using Clang")
|
||||
endif()
|
||||
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=undefined")
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=undefined")
|
||||
set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fsanitize=undefined")
|
||||
|
||||
if(NOT UBSAN_RECOVER)
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fno-sanitize-recover=undefined")
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fno-sanitize-recover=undefined")
|
||||
set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fno-sanitize-recover=undefined")
|
||||
endif()
|
||||
endif()
|
||||
|
||||
if(GCOV)
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fprofile-arcs -ftest-coverage")
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fprofile-arcs -ftest-coverage")
|
||||
endif()
|
||||
|
||||
if(FIPS)
|
||||
add_definitions(-DBORINGSSL_FIPS)
|
||||
if(FIPS_BREAK_TEST)
|
||||
add_definitions("-DBORINGSSL_FIPS_BREAK_${FIPS_BREAK_TEST}=1")
|
||||
endif()
|
||||
# The FIPS integrity check does not work for ASan and MSan builds.
|
||||
if(NOT ASAN AND NOT MSAN)
|
||||
if(BUILD_SHARED_LIBS)
|
||||
set(FIPS_SHARED "1")
|
||||
else()
|
||||
set(FIPS_DELOCATE "1")
|
||||
endif()
|
||||
endif()
|
||||
if(FIPS_SHARED)
|
||||
# The Android CMake files set -ffunction-sections and -fdata-sections,
|
||||
# which is incompatible with FIPS_SHARED.
|
||||
set(CMAKE_C_FLAGS
|
||||
"${CMAKE_C_FLAGS} -fno-function-sections -fno-data-sections")
|
||||
set(CMAKE_CXX_FLAGS
|
||||
"${CMAKE_CXX_FLAGS} -fno-function-sections -fno-data-sections")
|
||||
endif()
|
||||
endif()
|
||||
|
||||
if(OPENSSL_SMALL)
|
||||
add_definitions(-DOPENSSL_SMALL)
|
||||
endif()
|
||||
|
||||
if(CONSTANT_TIME_VALIDATION)
|
||||
add_definitions(-DBORINGSSL_CONSTANT_TIME_VALIDATION)
|
||||
# Asserts will often test secret data.
|
||||
add_definitions(-DNDEBUG)
|
||||
endif()
|
||||
|
||||
function(go_executable dest package)
|
||||
set(godeps "${CMAKE_SOURCE_DIR}/util/godeps.go")
|
||||
if(${CMAKE_VERSION} VERSION_LESS "3.7" OR
|
||||
NOT ${CMAKE_GENERATOR} STREQUAL "Ninja")
|
||||
# The DEPFILE parameter to add_custom_command is new as of CMake 3.7 and
|
||||
# only works with Ninja. Query the sources at configure time. Additionally,
|
||||
# everything depends on go.mod. That affects what external packages to use.
|
||||
execute_process(COMMAND ${GO_EXECUTABLE} run ${godeps} -format cmake
|
||||
-pkg ${package}
|
||||
WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}
|
||||
OUTPUT_VARIABLE sources
|
||||
RESULT_VARIABLE godeps_result)
|
||||
add_custom_command(OUTPUT ${dest}
|
||||
COMMAND ${GO_EXECUTABLE} build
|
||||
-o ${CMAKE_CURRENT_BINARY_DIR}/${dest} ${package}
|
||||
WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}
|
||||
DEPENDS ${sources} ${CMAKE_SOURCE_DIR}/go.mod)
|
||||
else()
|
||||
# Ninja expects the target in the depfile to match the output. This is a
|
||||
# relative path from the build directory.
|
||||
string(LENGTH "${CMAKE_BINARY_DIR}" root_dir_length)
|
||||
math(EXPR root_dir_length "${root_dir_length} + 1")
|
||||
string(SUBSTRING "${CMAKE_CURRENT_BINARY_DIR}" ${root_dir_length} -1 target)
|
||||
set(target "${target}/${dest}")
|
||||
|
||||
set(depfile "${CMAKE_CURRENT_BINARY_DIR}/${dest}.d")
|
||||
add_custom_command(OUTPUT ${dest}
|
||||
COMMAND ${GO_EXECUTABLE} build
|
||||
-o ${CMAKE_CURRENT_BINARY_DIR}/${dest} ${package}
|
||||
COMMAND ${GO_EXECUTABLE} run ${godeps} -format depfile
|
||||
-target ${target} -pkg ${package} -out ${depfile}
|
||||
WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}
|
||||
DEPENDS ${godeps} ${CMAKE_SOURCE_DIR}/go.mod
|
||||
DEPFILE ${depfile})
|
||||
endif()
|
||||
endfunction()
|
||||
|
||||
# CMake's iOS support uses Apple's multiple-architecture toolchain. It takes an
|
||||
# architecture list from CMAKE_OSX_ARCHITECTURES, leaves CMAKE_SYSTEM_PROCESSOR
|
||||
# alone, and expects all architecture-specific logic to be conditioned within
|
||||
# the source files rather than the build. This does not work for our assembly
|
||||
# files, so we fix CMAKE_SYSTEM_PROCESSOR and only support single-architecture
|
||||
# builds.
|
||||
if(NOT OPENSSL_NO_ASM AND CMAKE_OSX_ARCHITECTURES)
|
||||
list(LENGTH CMAKE_OSX_ARCHITECTURES NUM_ARCHES)
|
||||
if(NOT ${NUM_ARCHES} EQUAL 1)
|
||||
message(FATAL_ERROR "Universal binaries not supported.")
|
||||
endif()
|
||||
list(GET CMAKE_OSX_ARCHITECTURES 0 CMAKE_SYSTEM_PROCESSOR)
|
||||
endif()
|
||||
|
||||
if(OPENSSL_NO_SSE2_FOR_TESTING)
|
||||
add_definitions(-DOPENSSL_NO_SSE2_FOR_TESTING)
|
||||
endif()
|
||||
|
||||
if(OPENSSL_NO_ASM)
|
||||
add_definitions(-DOPENSSL_NO_ASM)
|
||||
set(ARCH "generic")
|
||||
elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "x86_64")
|
||||
set(ARCH "x86_64")
|
||||
elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "amd64")
|
||||
set(ARCH "x86_64")
|
||||
elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "AMD64")
|
||||
# cmake reports AMD64 on Windows, but we might be building for 32-bit.
|
||||
if(CMAKE_CL_64)
|
||||
set(ARCH "x86_64")
|
||||
else()
|
||||
set(ARCH "x86")
|
||||
endif()
|
||||
elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "x86")
|
||||
set(ARCH "x86")
|
||||
elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "i386")
|
||||
set(ARCH "x86")
|
||||
elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "i686")
|
||||
set(ARCH "x86")
|
||||
elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "aarch64")
|
||||
set(ARCH "aarch64")
|
||||
elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "arm64")
|
||||
set(ARCH "aarch64")
|
||||
# Apple A12 Bionic chipset which is added in iPhone XS/XS Max/XR uses arm64e architecture.
|
||||
elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "arm64e")
|
||||
set(ARCH "aarch64")
|
||||
elseif(${CMAKE_SYSTEM_PROCESSOR} MATCHES "^arm*")
|
||||
set(ARCH "arm")
|
||||
elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "mips")
|
||||
# Just to avoid the “unknown processor” error.
|
||||
set(ARCH "generic")
|
||||
elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "ppc64le")
|
||||
set(ARCH "ppc64le")
|
||||
else()
|
||||
message(FATAL_ERROR "Unknown processor:" ${CMAKE_SYSTEM_PROCESSOR})
|
||||
endif()
|
||||
|
||||
if(ANDROID AND NOT ANDROID_NDK_REVISION AND ${ARCH} STREQUAL "arm")
|
||||
# The third-party Android-NDK CMake files somehow fail to set the -march flag
|
||||
# for assembly files. Without this flag, the compiler believes that it's
|
||||
# building for ARMv5.
|
||||
set(CMAKE_ASM_FLAGS "-march=${CMAKE_SYSTEM_PROCESSOR} ${CMAKE_ASM_FLAGS}")
|
||||
endif()
|
||||
|
||||
if(USE_CUSTOM_LIBCXX)
|
||||
if(NOT CLANG)
|
||||
message(FATAL_ERROR "USE_CUSTOM_LIBCXX only supported with Clang")
|
||||
endif()
|
||||
|
||||
# CMAKE_CXX_FLAGS ends up in the linker flags as well, so use
|
||||
# add_compile_options. There does not appear to be a way to set
|
||||
# language-specific compile-only flags.
|
||||
add_compile_options("-nostdinc++")
|
||||
set(CMAKE_CXX_LINK_FLAGS "${CMAKE_CXX_LINK_FLAGS} -nostdlib++")
|
||||
include_directories(
|
||||
SYSTEM
|
||||
util/bot/libcxx/include
|
||||
util/bot/libcxxabi/include
|
||||
)
|
||||
|
||||
# This is patterned after buildtools/third_party/libc++/BUILD.gn and
|
||||
# buildtools/third_party/libc++abi/BUILD.gn in Chromium.
|
||||
|
||||
file(GLOB LIBCXX_SOURCES "util/bot/libcxx/src/*.cpp")
|
||||
file(GLOB LIBCXXABI_SOURCES "util/bot/libcxxabi/src/*.cpp")
|
||||
|
||||
# This file is meant for exception-less builds.
|
||||
list(REMOVE_ITEM LIBCXXABI_SOURCES "trunk/src/cxa_noexception.cpp")
|
||||
# libc++ also defines new and delete.
|
||||
list(REMOVE_ITEM LIBCXXABI_SOURCES "trunk/src/stdlib_new_delete.cpp")
|
||||
if(TSAN)
|
||||
# ThreadSanitizer tries to intercept these symbols. Skip them to avoid
|
||||
# symbol conflicts.
|
||||
list(REMOVE_ITEM LIBCXXABI_SOURCES "trunk/src/cxa_guard.cpp")
|
||||
endif()
|
||||
|
||||
add_library(libcxxabi ${LIBCXXABI_SOURCES})
|
||||
target_compile_definitions(
|
||||
libcxxabi PRIVATE
|
||||
-D_LIBCPP_ENABLE_CXX17_REMOVED_UNEXPECTED_FUNCTIONS
|
||||
)
|
||||
set_target_properties(libcxxabi PROPERTIES COMPILE_FLAGS "-Wno-missing-prototypes -Wno-implicit-fallthrough")
|
||||
|
||||
add_library(libcxx ${LIBCXX_SOURCES})
|
||||
if(ASAN OR MSAN OR TSAN)
|
||||
# Sanitizers try to intercept new and delete.
|
||||
target_compile_definitions(
|
||||
libcxx PRIVATE
|
||||
-D_LIBCPP_DISABLE_NEW_DELETE_DEFINITIONS
|
||||
)
|
||||
endif()
|
||||
target_compile_definitions(
|
||||
libcxx PRIVATE
|
||||
-D_LIBCPP_BUILDING_LIBRARY
|
||||
-DLIBCXX_BUILDING_LIBCXXABI
|
||||
)
|
||||
target_link_libraries(libcxx libcxxabi)
|
||||
endif()
|
||||
|
||||
# Add minimal googletest targets. The provided one has many side-effects, and
|
||||
# googletest has a very straightforward build.
|
||||
add_library(boringssl_gtest third_party/googletest/src/gtest-all.cc)
|
||||
target_include_directories(boringssl_gtest PRIVATE third_party/googletest)
|
||||
|
||||
include_directories(third_party/googletest/include)
|
||||
|
||||
# Declare a dummy target to build all unit tests. Test targets should inject
|
||||
# themselves as dependencies next to the target definition.
|
||||
add_custom_target(all_tests)
|
||||
|
||||
add_custom_command(
|
||||
OUTPUT crypto_test_data.cc
|
||||
COMMAND ${GO_EXECUTABLE} run util/embed_test_data.go ${CRYPTO_TEST_DATA} >
|
||||
${CMAKE_CURRENT_BINARY_DIR}/crypto_test_data.cc
|
||||
DEPENDS util/embed_test_data.go ${CRYPTO_TEST_DATA}
|
||||
WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
|
||||
|
||||
add_library(crypto_test_data OBJECT crypto_test_data.cc)
|
||||
|
||||
add_subdirectory(crypto)
|
||||
add_subdirectory(ssl)
|
||||
add_subdirectory(ssl/test)
|
||||
add_subdirectory(tool)
|
||||
add_subdirectory(util/fipstools/cavp)
|
||||
add_subdirectory(util/fipstools/acvp/modulewrapper)
|
||||
add_subdirectory(decrepit)
|
||||
|
||||
if(FUZZ)
|
||||
if(LIBFUZZER_FROM_DEPS)
|
||||
file(GLOB LIBFUZZER_SOURCES "util/bot/libFuzzer/*.cpp")
|
||||
add_library(Fuzzer STATIC ${LIBFUZZER_SOURCES})
|
||||
# libFuzzer does not pass our aggressive warnings. It also must be built
|
||||
# without -fsanitize-coverage options or clang crashes.
|
||||
set_target_properties(Fuzzer PROPERTIES COMPILE_FLAGS "-Wno-shadow -Wno-format-nonliteral -Wno-missing-prototypes -fsanitize-coverage=0")
|
||||
endif()
|
||||
|
||||
add_subdirectory(fuzz)
|
||||
endif()
|
||||
|
||||
if(NOT ${CMAKE_VERSION} VERSION_LESS "3.2")
|
||||
# USES_TERMINAL is only available in CMake 3.2 or later.
|
||||
set(MAYBE_USES_TERMINAL USES_TERMINAL)
|
||||
endif()
|
||||
|
||||
if(UNIX AND NOT APPLE AND NOT ANDROID)
|
||||
set(HANDSHAKER_ARGS "-handshaker-path" $<TARGET_FILE:handshaker>)
|
||||
endif()
|
||||
|
||||
add_custom_target(
|
||||
run_tests
|
||||
COMMAND ${GO_EXECUTABLE} run util/all_tests.go -build-dir
|
||||
${CMAKE_BINARY_DIR}
|
||||
COMMAND cd ssl/test/runner &&
|
||||
${GO_EXECUTABLE} test -shim-path $<TARGET_FILE:bssl_shim>
|
||||
${HANDSHAKER_ARGS} ${RUNNER_ARGS}
|
||||
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
|
||||
DEPENDS all_tests bssl_shim handshaker
|
||||
${MAYBE_USES_TERMINAL})
|
||||
49
third-party/boringssl/src/CONTRIBUTING.md
vendored
Normal file
49
third-party/boringssl/src/CONTRIBUTING.md
vendored
Normal file
|
|
@ -0,0 +1,49 @@
|
|||
Want to contribute? Great! First, read this page (including the small print at the end).
|
||||
|
||||
### Before you contribute
|
||||
Before we can use your code, you must sign the
|
||||
[Google Individual Contributor License Agreement](https://cla.developers.google.com/about/google-individual)
|
||||
(CLA), which you can do online. The CLA is necessary mainly because you own the
|
||||
copyright to your changes, even after your contribution becomes part of our
|
||||
codebase, so we need your permission to use and distribute your code. We also
|
||||
need to be sure of various other things—for instance that you'll tell us if you
|
||||
know that your code infringes on other people's patents. You don't have to sign
|
||||
the CLA until after you've submitted your code for review and a member has
|
||||
approved it, but you must do it before we can put your code into our codebase.
|
||||
Before you start working on a larger contribution, you should get in touch with
|
||||
us first via email with your idea so that we can help out and possibly guide
|
||||
you. Coordinating up front makes it much easier to avoid frustration later on.
|
||||
|
||||
### Code reviews
|
||||
All submissions, including submissions by project members, require review. We
|
||||
use [Gerrit](https://boringssl-review.googlesource.com) for this purpose.
|
||||
|
||||
#### Setup
|
||||
If you have not done so on this machine, you will need to set up a password for
|
||||
Gerrit. Sign in with a Google account, visit
|
||||
[this link](https://boringssl.googlesource.com/), and click the "Generate
|
||||
Password" link in the top right. You will also need to prepare your checkout to
|
||||
[add Change-Ids](https://gerrit-review.googlesource.com/Documentation/cmd-hook-commit-msg.html)
|
||||
on commit. Run:
|
||||
|
||||
curl -Lo .git/hooks/commit-msg https://boringssl-review.googlesource.com/tools/hooks/commit-msg
|
||||
chmod u+x .git/hooks/commit-msg
|
||||
|
||||
#### Uploading changes
|
||||
To upload a change, push it to the special `refs/for/master` target:
|
||||
|
||||
git push origin HEAD:refs/for/master
|
||||
|
||||
The output will then give you a link to the change. Add `agl@google.com` and
|
||||
`davidben@google.com` as reviewers.
|
||||
|
||||
Pushing a commit with the same Change-Id as an existing change will upload a new
|
||||
version of it. (Use the `git rebase` or `git commit --amend` commands.)
|
||||
|
||||
For more detailed instructions, see the
|
||||
[Gerrit User Guide](https://gerrit-review.googlesource.com/Documentation/intro-user.html).
|
||||
|
||||
### The small print
|
||||
Contributions made by corporations are covered by a different agreement than
|
||||
the one above, the
|
||||
[Software Grant and Corporate Contributor License Agreement](https://cla.developers.google.com/about/google-corporate).
|
||||
82
third-party/boringssl/src/FUZZING.md
vendored
Normal file
82
third-party/boringssl/src/FUZZING.md
vendored
Normal file
|
|
@ -0,0 +1,82 @@
|
|||
# Fuzz testing
|
||||
|
||||
Modern fuzz testers are very effective and we wish to use them to ensure that no silly bugs creep into BoringSSL.
|
||||
|
||||
We use Clang's [libFuzzer](http://llvm.org/docs/LibFuzzer.html) for fuzz testing and there are a number of fuzz testing functions in `fuzz/`. They are not built by default because they require that the rest of BoringSSL be built with some changes that make fuzzing much more effective, but are completely unsafe for real use.
|
||||
|
||||
In order to build the fuzz tests you will need at least Clang 6.0. Pass `-DFUZZ=1` on the CMake command line to enable building BoringSSL with coverage and AddressSanitizer, and to build the fuzz test binaries. You'll probably need to set the `CC` and `CXX` environment variables too, like this:
|
||||
|
||||
```
|
||||
mkdir build
|
||||
cd build
|
||||
CC=clang CXX=clang++ cmake -GNinja -DFUZZ=1 ..
|
||||
ninja
|
||||
```
|
||||
|
||||
|
||||
From the `build/` directory, you can then run the fuzzers. For example:
|
||||
|
||||
```
|
||||
./fuzz/cert -max_len=10000 -jobs=32 -workers=32 ../fuzz/cert_corpus/
|
||||
```
|
||||
|
||||
The arguments to `jobs` and `workers` should be the number of cores that you wish to dedicate to fuzzing. By default, libFuzzer uses the largest test in the corpus (or 64 if empty) as the maximum test case length. The `max_len` argument overrides this.
|
||||
|
||||
The recommended values of `max_len` for each test are:
|
||||
|
||||
| Test | `max_len` value |
|
||||
|---------------|-----------------|
|
||||
| `bn_div` | 384 |
|
||||
| `bn_mod_exp` | 4096 |
|
||||
| `cert` | 10000 |
|
||||
| `client` | 20000 |
|
||||
| `pkcs8` | 2048 |
|
||||
| `privkey` | 2048 |
|
||||
| `server` | 4096 |
|
||||
| `session` | 8192 |
|
||||
| `spki` | 1024 |
|
||||
| `read_pem` | 512 |
|
||||
| `ssl_ctx_api` | 256 |
|
||||
|
||||
These were determined by rounding up the length of the largest case in the corpus.
|
||||
|
||||
There are directories in `fuzz/` for each of the fuzzing tests which contain seed files for fuzzing. Some of the seed files were generated manually but many of them are “interesting” results generated by the fuzzing itself. (Where “interesting” means that it triggered a previously unknown path in the code.)
|
||||
|
||||
## Minimising the corpuses
|
||||
|
||||
When a large number of new seeds are available, it's a good idea to minimise the corpus so that different seeds that trigger the same code paths can be deduplicated.
|
||||
|
||||
In order to minimise all the corpuses, build for fuzzing and run `./fuzz/minimise_corpuses.sh`. Note that minimisation is, oddly, often not idempotent for unknown reasons.
|
||||
|
||||
## Fuzzer mode
|
||||
|
||||
When `-DFUZZ=1` is passed into CMake, BoringSSL builds with `BORINGSSL_UNSAFE_FUZZER_MODE` and `BORINGSSL_UNSAFE_DETERMINISTIC_MODE` defined. This modifies the library to be more friendly to fuzzers. If `BORINGSSL_UNSAFE_DETERMINISTIC_MODE` is set, BoringSSL will:
|
||||
|
||||
* Replace `RAND_bytes` with a deterministic PRNG. Call `RAND_reset_for_fuzzing()` at the start of fuzzers which use `RAND_bytes` to reset the PRNG state.
|
||||
|
||||
* Use a hard-coded time instead of the actual time.
|
||||
|
||||
Additionally, if `BORINGSSL_UNSAFE_FUZZER_MODE` is set, BoringSSL will:
|
||||
|
||||
* Modify the TLS stack to perform all signature checks (CertificateVerify and ServerKeyExchange) and the Finished check, but always act as if the check succeeded.
|
||||
|
||||
* Treat every cipher as the NULL cipher.
|
||||
|
||||
* Tickets are unencrypted and the MAC check is performed but ignored.
|
||||
|
||||
* renegotiation\_info checks are ignored.
|
||||
|
||||
This is to prevent the fuzzer from getting stuck at a cryptographic invariant in the protocol.
|
||||
|
||||
## TLS transcripts
|
||||
|
||||
The `client` and `server` corpora are seeded from the test suite. The test suite has a `-fuzzer` flag which mirrors the fuzzer mode changes above and a `-deterministic` flag which removes all non-determinism on the Go side. Not all tests pass, so `ssl/test/runner/fuzzer_mode.json` contains the necessary suppressions. The `run_tests` target will pass appropriate command-line flags.
|
||||
|
||||
There are separate corpora, `client_corpus_no_fuzzer_mode` and `server_corpus_no_fuzzer_mode`. These are transcripts for fuzzers with only `BORINGSSL_UNSAFE_DETERMINISTIC_MODE` defined. To build in this mode, pass `-DNO_FUZZER_MODE=1` into CMake. This configuration is run in the same way but without `-fuzzer` and `-shim-config` flags.
|
||||
|
||||
If both sets of tests pass, refresh the fuzzer corpora with `refresh_ssl_corpora.sh`:
|
||||
|
||||
```
|
||||
cd fuzz
|
||||
./refresh_ssl_corpora.sh /path/to/fuzzer/mode/build /path/to/non/fuzzer/mode/build
|
||||
```
|
||||
108
third-party/boringssl/src/INCORPORATING.md
vendored
Normal file
108
third-party/boringssl/src/INCORPORATING.md
vendored
Normal file
|
|
@ -0,0 +1,108 @@
|
|||
# Incorporating BoringSSL into a project
|
||||
|
||||
**Note**: if your target project is not a Google project then first read the
|
||||
[main README](/README.md) about the purpose of BoringSSL.
|
||||
|
||||
## Bazel
|
||||
|
||||
If you are using [Bazel](https://bazel.build) then you can incorporate
|
||||
BoringSSL as an external repository by using a commit from the
|
||||
`master-with-bazel` branch. That branch is maintained by a bot from `master`
|
||||
and includes the needed generated files and a top-level BUILD file.
|
||||
|
||||
For example:
|
||||
|
||||
git_repository(
|
||||
name = "boringssl",
|
||||
commit = "_some commit_",
|
||||
remote = "https://boringssl.googlesource.com/boringssl",
|
||||
)
|
||||
|
||||
You would still need to keep the referenced commit up to date if a specific
|
||||
commit is referred to.
|
||||
|
||||
## Directory layout
|
||||
|
||||
Typically projects create a `third_party/boringssl` directory to put
|
||||
BoringSSL-specific files into. The source code of BoringSSL itself goes into
|
||||
`third_party/boringssl/src`, either by copying or as a
|
||||
[submodule](https://git-scm.com/docs/git-submodule).
|
||||
|
||||
It's generally a mistake to put BoringSSL's source code into
|
||||
`third_party/boringssl` directly because pre-built files and custom build files
|
||||
need to go somewhere and merging these with the BoringSSL source code makes
|
||||
updating things more complex.
|
||||
|
||||
## Build support
|
||||
|
||||
BoringSSL is designed to work with many different build systems. Currently,
|
||||
different projects use [GYP](https://gyp.gsrc.io/),
|
||||
[GN](https://gn.googlesource.com/gn/+/master/docs/quick_start.md),
|
||||
[Bazel](https://bazel.build/) and [Make](https://www.gnu.org/software/make/) to
|
||||
build BoringSSL, without too much pain.
|
||||
|
||||
The development build system is CMake and the CMake build knows how to
|
||||
automatically generate the intermediate files that BoringSSL needs. However,
|
||||
outside of the CMake environment, these intermediates are generated once and
|
||||
checked into the incorporating project's source repository. This avoids
|
||||
incorporating projects needing to support Perl and Go in their build systems.
|
||||
|
||||
The script [`util/generate_build_files.py`](/util/generate_build_files.py)
|
||||
expects to be run from the `third_party/boringssl` directory and to find the
|
||||
BoringSSL source code in `src/`. You should pass it a single argument: the name
|
||||
of the build system that you're using. If you don't use any of the supported
|
||||
build systems then you should augment `generate_build_files.py` with support
|
||||
for it.
|
||||
|
||||
The script will pregenerate the intermediate files (see
|
||||
[BUILDING.md](/BUILDING.md) for details about which tools will need to be
|
||||
installed) and output helper files for that build system. It doesn't generate a
|
||||
complete build script, just file and test lists, which change often. For
|
||||
example, see the
|
||||
[file](https://code.google.com/p/chromium/codesearch#chromium/src/third_party/boringssl/BUILD.generated.gni)
|
||||
and
|
||||
[test](https://code.google.com/p/chromium/codesearch#chromium/src/third_party/boringssl/BUILD.generated_tests.gni)
|
||||
lists generated for GN in Chromium.
|
||||
|
||||
Generally one checks in these generated files alongside the hand-written build
|
||||
files. Periodically an engineer updates the BoringSSL revision, regenerates
|
||||
these files and checks in the updated result. As an example, see how this is
|
||||
done [in Chromium](https://code.google.com/p/chromium/codesearch#chromium/src/third_party/boringssl/).
|
||||
|
||||
## Defines
|
||||
|
||||
BoringSSL does not present a lot of configurability in order to reduce the
|
||||
number of configurations that need to be tested. But there are a couple of
|
||||
\#defines that you may wish to set:
|
||||
|
||||
`OPENSSL_NO_ASM` prevents the use of assembly code (although it's up to you to
|
||||
ensure that the build system doesn't link it in if you wish to reduce binary
|
||||
size). This will have a significant performance impact but can be useful if you
|
||||
wish to use tools like
|
||||
[AddressSanitizer](http://clang.llvm.org/docs/AddressSanitizer.html) that
|
||||
interact poorly with assembly code.
|
||||
|
||||
`OPENSSL_SMALL` removes some code that is especially large at some performance
|
||||
cost.
|
||||
|
||||
## Symbols
|
||||
|
||||
You cannot link multiple versions of BoringSSL or OpenSSL into a single binary
|
||||
without dealing with symbol conflicts. If you are statically linking multiple
|
||||
versions together, there's not a lot that can be done because C doesn't have a
|
||||
module system.
|
||||
|
||||
If you are using multiple versions in a single binary, in different shared
|
||||
objects, ensure you build BoringSSL with `-fvisibility=hidden` and do not
|
||||
export any of BoringSSL's symbols. This will prevent any collisions with other
|
||||
verisons that may be included in other shared objects. Note that this requires
|
||||
that all callers of BoringSSL APIs live in the same shared object as BoringSSL.
|
||||
|
||||
If you require that BoringSSL APIs be used across shared object boundaries,
|
||||
continue to build with `-fvisibility=hidden` but define
|
||||
`BORINGSSL_SHARED_LIBRARY` in both BoringSSL and consumers. BoringSSL's own
|
||||
source files (but *not* consumers' source files) must also build with
|
||||
`BORINGSSL_IMPLEMENTATION` defined. This will export BoringSSL's public symbols
|
||||
in the resulting shared object while hiding private symbols. However note that,
|
||||
as with a static link, this precludes dynamically linking with another version
|
||||
of BoringSSL or OpenSSL.
|
||||
251
third-party/boringssl/src/LICENSE
vendored
Normal file
251
third-party/boringssl/src/LICENSE
vendored
Normal file
|
|
@ -0,0 +1,251 @@
|
|||
BoringSSL is a fork of OpenSSL. As such, large parts of it fall under OpenSSL
|
||||
licensing. Files that are completely new have a Google copyright and an ISC
|
||||
license. This license is reproduced at the bottom of this file.
|
||||
|
||||
Contributors to BoringSSL are required to follow the CLA rules for Chromium:
|
||||
https://cla.developers.google.com/clas
|
||||
|
||||
Files in third_party/ have their own licenses, as described therein. The MIT
|
||||
license, for third_party/fiat, which, unlike other third_party directories, is
|
||||
compiled into non-test libraries, is included below.
|
||||
|
||||
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the
|
||||
OpenSSL License and the original SSLeay license apply to the toolkit. See below
|
||||
for the actual license texts. Actually both licenses are BSD-style Open Source
|
||||
licenses. In case of any license issues related to OpenSSL please contact
|
||||
openssl-core@openssl.org.
|
||||
|
||||
The following are Google-internal bug numbers where explicit permission from
|
||||
some authors is recorded for use of their work. (This is purely for our own
|
||||
record keeping.)
|
||||
27287199
|
||||
27287880
|
||||
27287883
|
||||
|
||||
OpenSSL License
|
||||
---------------
|
||||
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
|
||||
Original SSLeay License
|
||||
-----------------------
|
||||
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
|
||||
ISC license used for completely new code in BoringSSL:
|
||||
|
||||
/* Copyright (c) 2015, Google Inc.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
||||
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
||||
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
||||
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
||||
|
||||
|
||||
The code in third_party/fiat carries the MIT license:
|
||||
|
||||
Copyright (c) 2015-2016 the fiat-crypto authors (see
|
||||
https://github.com/mit-plv/fiat-crypto/blob/master/AUTHORS).
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
|
||||
|
||||
Licenses for support code
|
||||
-------------------------
|
||||
|
||||
Parts of the TLS test suite are under the Go license. This code is not included
|
||||
in BoringSSL (i.e. libcrypto and libssl) when compiled, however, so
|
||||
distributing code linked against BoringSSL does not trigger this license:
|
||||
|
||||
Copyright (c) 2009 The Go Authors. All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions are
|
||||
met:
|
||||
|
||||
* Redistributions of source code must retain the above copyright
|
||||
notice, this list of conditions and the following disclaimer.
|
||||
* Redistributions in binary form must reproduce the above
|
||||
copyright notice, this list of conditions and the following disclaimer
|
||||
in the documentation and/or other materials provided with the
|
||||
distribution.
|
||||
* Neither the name of Google Inc. nor the names of its
|
||||
contributors may be used to endorse or promote products derived from
|
||||
this software without specific prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
|
||||
BoringSSL uses the Chromium test infrastructure to run a continuous build,
|
||||
trybots etc. The scripts which manage this, and the script for generating build
|
||||
metadata, are under the Chromium license. Distributing code linked against
|
||||
BoringSSL does not trigger this license.
|
||||
|
||||
Copyright 2015 The Chromium Authors. All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions are
|
||||
met:
|
||||
|
||||
* Redistributions of source code must retain the above copyright
|
||||
notice, this list of conditions and the following disclaimer.
|
||||
* Redistributions in binary form must reproduce the above
|
||||
copyright notice, this list of conditions and the following disclaimer
|
||||
in the documentation and/or other materials provided with the
|
||||
distribution.
|
||||
* Neither the name of Google Inc. nor the names of its
|
||||
contributors may be used to endorse or promote products derived from
|
||||
this software without specific prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
311
third-party/boringssl/src/PORTING.md
vendored
Normal file
311
third-party/boringssl/src/PORTING.md
vendored
Normal file
|
|
@ -0,0 +1,311 @@
|
|||
# Porting from OpenSSL to BoringSSL
|
||||
|
||||
BoringSSL is an OpenSSL derivative and is mostly source-compatible, for the
|
||||
subset of OpenSSL retained. Libraries ideally need little to no changes for
|
||||
BoringSSL support, provided they do not use removed APIs. In general, see if the
|
||||
library compiles and, on failure, consult the documentation in the header files
|
||||
and see if problematic features can be removed.
|
||||
|
||||
BoringSSL's `OPENSSL_VERSION_NUMBER` matches the OpenSSL version it targets.
|
||||
Version checks for OpenSSL should ideally work as-is in BoringSSL. BoringSSL
|
||||
also defines upstream's `OPENSSL_NO_*` feature macros corresponding to removed
|
||||
features. If the preprocessor is needed, use these version checks or feature
|
||||
macros where possible, especially when patching third-party projects. Such
|
||||
patches are more generally useful to OpenSSL consumers and thus more
|
||||
appropriate to send upstream.
|
||||
|
||||
In some cases, BoringSSL-specific code may be necessary. Use the
|
||||
`OPENSSL_IS_BORINGSSL` preprocessor macro in `#ifdef`s. However, first contact
|
||||
the BoringSSL maintainers about the missing APIs. We will typically add
|
||||
compatibility functions for convenience. In particular, *contact BoringSSL
|
||||
maintainers before working around missing OpenSSL 1.1.0 accessors*. BoringSSL
|
||||
was originally derived from OpenSSL 1.0.2 but now targets OpenSSL 1.1.0. Some
|
||||
newer APIs may be missing but can be added on request. (Not all projects have
|
||||
been ported to OpenSSL 1.1.0, so BoringSSL also remains largely compatible with
|
||||
OpenSSL 1.0.2.)
|
||||
|
||||
The `OPENSSL_IS_BORINGSSL` macro may also be used to distinguish OpenSSL from
|
||||
BoringSSL in configure scripts. Do not use the presence or absence of particular
|
||||
symbols to detect BoringSSL.
|
||||
|
||||
Note: BoringSSL does *not* have a stable API or ABI. It must be updated with its
|
||||
consumers. It is not suitable for, say, a system library in a traditional Linux
|
||||
distribution. For instance, Chromium statically links the specific revision of
|
||||
BoringSSL it was built against. Likewise, Android's system-internal copy of
|
||||
BoringSSL is not exposed by the NDK and must not be used by third-party
|
||||
applications.
|
||||
|
||||
|
||||
## Major API changes
|
||||
|
||||
### Integer types
|
||||
|
||||
Some APIs have been converted to use `size_t` for consistency and to avoid
|
||||
integer overflows at the API boundary. (Existing logic uses a mismash of `int`,
|
||||
`long`, and `unsigned`.) For the most part, implicit casts mean that existing
|
||||
code continues to compile. In some cases, this may require BoringSSL-specific
|
||||
code, particularly to avoid compiler warnings.
|
||||
|
||||
Most notably, the `STACK_OF(T)` types have all been converted to use `size_t`
|
||||
instead of `int` for indices and lengths.
|
||||
|
||||
### Reference counts and opaque types
|
||||
|
||||
Some external consumers increment reference counts directly by calling
|
||||
`CRYPTO_add` with the corresponding `CRYPTO_LOCK_*` value. These APIs no longer
|
||||
exist in BoringSSL. Instead, code which increments reference counts should call
|
||||
the corresponding `FOO_up_ref` function, such as `EVP_PKEY_up_ref`.
|
||||
|
||||
BoringSSL also hides some structs which were previously exposed in OpenSSL
|
||||
1.0.2, particularly in libssl. Use the relevant accessors instead.
|
||||
|
||||
Note that some of these APIs were added in OpenSSL 1.1.0, so projects which do
|
||||
not yet support 1.1.0 may need additional `#ifdef`s. Projects supporting OpenSSL
|
||||
1.1.0 should not require modification.
|
||||
|
||||
### Error codes
|
||||
|
||||
OpenSSL's errors are extremely specific, leaking internals of the library,
|
||||
including even a function code for the function which emitted the error! As some
|
||||
logic in BoringSSL has been rewritten, code which conditions on the error may
|
||||
break (grep for `ERR_GET_REASON` and `ERR_GET_FUNC`). This danger also exists
|
||||
when upgrading OpenSSL versions.
|
||||
|
||||
Where possible, avoid conditioning on the exact error reason. Otherwise, a
|
||||
BoringSSL `#ifdef` may be necessary. Exactly how best to resolve this issue is
|
||||
still being determined. It's possible some new APIs will be added in the future.
|
||||
|
||||
Function codes have been completely removed. Remove code which conditions on
|
||||
these as it will break with the slightest change in the library, OpenSSL or
|
||||
BoringSSL.
|
||||
|
||||
### `*_ctrl` functions
|
||||
|
||||
Some OpenSSL APIs are implemented with `ioctl`-style functions such as
|
||||
`SSL_ctrl` and `EVP_PKEY_CTX_ctrl`, combined with convenience macros, such as
|
||||
|
||||
# define SSL_CTX_set_mode(ctx,op) \
|
||||
SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
|
||||
|
||||
In BoringSSL, these macros have been replaced with proper functions. The
|
||||
underlying `_ctrl` functions have been removed.
|
||||
|
||||
For convenience, `SSL_CTRL_*` values are retained as macros to `doesnt_exist` so
|
||||
existing code which uses them (or the wrapper macros) in `#ifdef` expressions
|
||||
will continue to function. However, the macros themselves will not work.
|
||||
|
||||
Switch any `*_ctrl` callers to the macro/function versions. This works in both
|
||||
OpenSSL and BoringSSL. Note that BoringSSL's function versions will be
|
||||
type-checked and may require more care with types. See the end of this
|
||||
document for a table of functions to use.
|
||||
|
||||
### HMAC `EVP_PKEY`s
|
||||
|
||||
`EVP_PKEY_HMAC` is removed. Use the `HMAC_*` functions in `hmac.h` instead. This
|
||||
is compatible with OpenSSL.
|
||||
|
||||
### DSA `EVP_PKEY`s
|
||||
|
||||
`EVP_PKEY_DSA` is deprecated. It is currently still possible to parse DER into a
|
||||
DSA `EVP_PKEY`, but signing or verifying with those objects will not work.
|
||||
|
||||
### DES
|
||||
|
||||
The `DES_cblock` type has been switched from an array to a struct to avoid the
|
||||
pitfalls around array types in C. Where features which require DES cannot be
|
||||
disabled, BoringSSL-specific codepaths may be necessary.
|
||||
|
||||
### TLS renegotiation
|
||||
|
||||
OpenSSL enables TLS renegotiation by default and accepts renegotiation requests
|
||||
from the peer transparently. Renegotiation is an extremely problematic protocol
|
||||
feature, so BoringSSL rejects peer renegotiations by default.
|
||||
|
||||
To enable renegotiation, call `SSL_set_renegotiate_mode` and set it to
|
||||
`ssl_renegotiate_once` or `ssl_renegotiate_freely`. Renegotiation is only
|
||||
supported as a client in TLS and the HelloRequest must be received at a
|
||||
quiet point in the application protocol. This is sufficient to support the
|
||||
common use of requesting a new client certificate between an HTTP request and
|
||||
response in (unpipelined) HTTP/1.1.
|
||||
|
||||
Things which do not work:
|
||||
|
||||
* There is no support for renegotiation as a server. (Attempts by clients will
|
||||
result in a fatal alert so that ClientHello messages cannot be used to flood
|
||||
a server and escape higher-level limits.)
|
||||
|
||||
* There is no support for renegotiation in DTLS.
|
||||
|
||||
* There is no support for initiating renegotiation; `SSL_renegotiate` always
|
||||
fails and `SSL_set_state` does nothing.
|
||||
|
||||
* Interleaving application data with the new handshake is forbidden.
|
||||
|
||||
* If a HelloRequest is received while `SSL_write` has unsent application data,
|
||||
the renegotiation is rejected.
|
||||
|
||||
* Renegotiation does not participate in session resumption. The client will
|
||||
not offer a session on renegotiation or resume any session established by a
|
||||
renegotiation handshake.
|
||||
|
||||
* The server may not change its certificate in the renegotiation. This mitigates
|
||||
the [triple handshake attack](https://mitls.org/pages/attacks/3SHAKE). Any new
|
||||
stapled OCSP response and SCT list will be ignored. As no authentication state
|
||||
may change, BoringSSL will not re-verify the certificate on a renegotiation.
|
||||
Callbacks such as `SSL_CTX_set_custom_verify` will only run on the initial
|
||||
handshake.
|
||||
|
||||
### Lowercase hexadecimal
|
||||
|
||||
BoringSSL's `BN_bn2hex` function uses lowercase hexadecimal digits instead of
|
||||
uppercase. Some code may require changes to avoid being sensitive to this
|
||||
difference.
|
||||
|
||||
### Legacy ASN.1 functions
|
||||
|
||||
OpenSSL's ASN.1 stack uses `d2i` functions for parsing. They have the form:
|
||||
|
||||
RSA *d2i_RSAPrivateKey(RSA **out, const uint8_t **inp, long len);
|
||||
|
||||
In addition to returning the result, OpenSSL places it in `*out` if `out` is
|
||||
not `NULL`. On input, if `*out` is not `NULL`, OpenSSL will usually (but not
|
||||
always) reuse that object rather than allocating a new one. In BoringSSL, these
|
||||
functions are compatibility wrappers over a newer ASN.1 stack. Even if `*out`
|
||||
is not `NULL`, these wrappers will always allocate a new object and free the
|
||||
previous one.
|
||||
|
||||
Ensure that callers do not rely on this object reuse behavior. It is
|
||||
recommended to avoid the `out` parameter completely and always pass in `NULL`.
|
||||
Note that less error-prone APIs are available for BoringSSL-specific code (see
|
||||
below).
|
||||
|
||||
### Memory allocation
|
||||
|
||||
OpenSSL provides wrappers `OPENSSL_malloc` and `OPENSSL_free` over the standard
|
||||
`malloc` and `free`. Memory allocated by OpenSSL should be released with
|
||||
`OPENSSL_free`, not the standard `free`. However, by default, they are
|
||||
implemented directly using `malloc` and `free`, so code which mixes them up
|
||||
usually works.
|
||||
|
||||
In BoringSSL, these functions maintain additional book-keeping to zero memory
|
||||
on `OPENSSL_free`, so any mixups must be fixed.
|
||||
|
||||
## Optional BoringSSL-specific simplifications
|
||||
|
||||
BoringSSL makes some changes to OpenSSL which simplify the API but remain
|
||||
compatible with OpenSSL consumers. In general, consult the BoringSSL
|
||||
documentation for any functions in new BoringSSL-only code.
|
||||
|
||||
### Return values
|
||||
|
||||
Most OpenSSL APIs return 1 on success and either 0 or -1 on failure. BoringSSL
|
||||
has narrowed most of these to 1 on success and 0 on failure. BoringSSL-specific
|
||||
code may take advantage of the less error-prone APIs and use `!` to check for
|
||||
errors.
|
||||
|
||||
### Initialization
|
||||
|
||||
OpenSSL has a number of different initialization functions for setting up error
|
||||
strings and loading algorithms, etc. All of these functions still exist in
|
||||
BoringSSL for convenience, but they do nothing and are not necessary.
|
||||
|
||||
The one exception is `CRYPTO_library_init`. In `BORINGSSL_NO_STATIC_INITIALIZER`
|
||||
builds, it must be called to query CPU capabilities before the rest of the
|
||||
library. In the default configuration, this is done with a static initializer
|
||||
and is also unnecessary.
|
||||
|
||||
### Threading
|
||||
|
||||
OpenSSL provides a number of APIs to configure threading callbacks and set up
|
||||
locks. Without initializing these, the library is not thread-safe. Configuring
|
||||
these does nothing in BoringSSL. Instead, BoringSSL calls pthreads and the
|
||||
corresponding Windows APIs internally and is always thread-safe where the API
|
||||
guarantees it.
|
||||
|
||||
### ASN.1
|
||||
|
||||
BoringSSL is in the process of deprecating OpenSSL's `d2i` and `i2d` in favor of
|
||||
new functions using the much less error-prone `CBS` and `CBB` types.
|
||||
BoringSSL-only code should use those functions where available.
|
||||
|
||||
|
||||
## Replacements for `CTRL` values
|
||||
|
||||
When porting code which uses `SSL_CTX_ctrl` or `SSL_ctrl`, use the replacement
|
||||
functions below. If a function has both `SSL_CTX` and `SSL` variants, only the
|
||||
`SSL_CTX` version is listed.
|
||||
|
||||
Note some values correspond to multiple functions depending on the `larg`
|
||||
parameter.
|
||||
|
||||
`CTRL` value | Replacement function(s)
|
||||
-------------|-------------------------
|
||||
`DTLS_CTRL_GET_TIMEOUT` | `DTLSv1_get_timeout`
|
||||
`DTLS_CTRL_HANDLE_TIMEOUT` | `DTLSv1_handle_timeout`
|
||||
`SSL_CTRL_CHAIN` | `SSL_CTX_set0_chain` or `SSL_CTX_set1_chain`
|
||||
`SSL_CTRL_CHAIN_CERT` | `SSL_add0_chain_cert` or `SSL_add1_chain_cert`
|
||||
`SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS` | `SSL_CTX_clear_extra_chain_certs`
|
||||
`SSL_CTRL_CLEAR_MODE` | `SSL_CTX_clear_mode`
|
||||
`SSL_CTRL_CLEAR_OPTIONS` | `SSL_CTX_clear_options`
|
||||
`SSL_CTRL_EXTRA_CHAIN_CERT` | `SSL_CTX_add_extra_chain_cert`
|
||||
`SSL_CTRL_GET_CHAIN_CERTS` | `SSL_CTX_get0_chain_certs`
|
||||
`SSL_CTRL_GET_CLIENT_CERT_TYPES` | `SSL_get0_certificate_types`
|
||||
`SSL_CTRL_GET_EXTRA_CHAIN_CERTS` | `SSL_CTX_get_extra_chain_certs` or `SSL_CTX_get_extra_chain_certs_only`
|
||||
`SSL_CTRL_GET_MAX_CERT_LIST` | `SSL_CTX_get_max_cert_list`
|
||||
`SSL_CTRL_GET_NUM_RENEGOTIATIONS` | `SSL_num_renegotiations`
|
||||
`SSL_CTRL_GET_READ_AHEAD` | `SSL_CTX_get_read_ahead`
|
||||
`SSL_CTRL_GET_RI_SUPPORT` | `SSL_get_secure_renegotiation_support`
|
||||
`SSL_CTRL_GET_SESSION_REUSED` | `SSL_session_reused`
|
||||
`SSL_CTRL_GET_SESS_CACHE_MODE` | `SSL_CTX_get_session_cache_mode`
|
||||
`SSL_CTRL_GET_SESS_CACHE_SIZE` | `SSL_CTX_sess_get_cache_size`
|
||||
`SSL_CTRL_GET_TLSEXT_TICKET_KEYS` | `SSL_CTX_get_tlsext_ticket_keys`
|
||||
`SSL_CTRL_GET_TOTAL_RENEGOTIATIONS` | `SSL_total_renegotiations`
|
||||
`SSL_CTRL_MODE` | `SSL_CTX_get_mode` or `SSL_CTX_set_mode`
|
||||
`SSL_CTRL_NEED_TMP_RSA` | `SSL_CTX_need_tmp_RSA` is equivalent, but [*do not use this function*](https://freakattack.com/). (It is a no-op in BoringSSL.)
|
||||
`SSL_CTRL_OPTIONS` | `SSL_CTX_get_options` or `SSL_CTX_set_options`
|
||||
`SSL_CTRL_SESS_NUMBER` | `SSL_CTX_sess_number`
|
||||
`SSL_CTRL_SET_CURVES` | `SSL_CTX_set1_curves`
|
||||
`SSL_CTRL_SET_ECDH_AUTO` | `SSL_CTX_set_ecdh_auto`
|
||||
`SSL_CTRL_SET_MAX_CERT_LIST` | `SSL_CTX_set_max_cert_list`
|
||||
`SSL_CTRL_SET_MAX_SEND_FRAGMENT` | `SSL_CTX_set_max_send_fragment`
|
||||
`SSL_CTRL_SET_MSG_CALLBACK` | `SSL_set_msg_callback`
|
||||
`SSL_CTRL_SET_MSG_CALLBACK_ARG` | `SSL_set_msg_callback_arg`
|
||||
`SSL_CTRL_SET_MTU` | `SSL_set_mtu`
|
||||
`SSL_CTRL_SET_READ_AHEAD` | `SSL_CTX_set_read_ahead`
|
||||
`SSL_CTRL_SET_SESS_CACHE_MODE` | `SSL_CTX_set_session_cache_mode`
|
||||
`SSL_CTRL_SET_SESS_CACHE_SIZE` | `SSL_CTX_sess_set_cache_size`
|
||||
`SSL_CTRL_SET_TLSEXT_HOSTNAME` | `SSL_set_tlsext_host_name`
|
||||
`SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG` | `SSL_CTX_set_tlsext_servername_arg`
|
||||
`SSL_CTRL_SET_TLSEXT_SERVERNAME_CB` | `SSL_CTX_set_tlsext_servername_callback`
|
||||
`SSL_CTRL_SET_TLSEXT_TICKET_KEYS` | `SSL_CTX_set_tlsext_ticket_keys`
|
||||
`SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB` | `SSL_CTX_set_tlsext_ticket_key_cb`
|
||||
`SSL_CTRL_SET_TMP_DH` | `SSL_CTX_set_tmp_dh`
|
||||
`SSL_CTRL_SET_TMP_DH_CB` | `SSL_CTX_set_tmp_dh_callback`
|
||||
`SSL_CTRL_SET_TMP_ECDH` | `SSL_CTX_set_tmp_ecdh`
|
||||
`SSL_CTRL_SET_TMP_ECDH_CB` | `SSL_CTX_set_tmp_ecdh_callback`
|
||||
`SSL_CTRL_SET_TMP_RSA` | `SSL_CTX_set_tmp_rsa` is equivalent, but [*do not use this function*](https://freakattack.com/). (It is a no-op in BoringSSL.)
|
||||
`SSL_CTRL_SET_TMP_RSA_CB` | `SSL_CTX_set_tmp_rsa_callback` is equivalent, but [*do not use this function*](https://freakattack.com/). (It is a no-op in BoringSSL.)
|
||||
|
||||
## Significant API additions
|
||||
|
||||
In some places, BoringSSL has added significant APIs. Use of these APIs goes beyound “porting” and means giving up on OpenSSL compatibility.
|
||||
|
||||
One example of this has already been mentioned: the [CBS and CBB](https://commondatastorage.googleapis.com/chromium-boringssl-docs/bytestring.h.html) functions should be used whenever parsing or serialising data.
|
||||
|
||||
### CRYPTO\_BUFFER
|
||||
|
||||
With the standard OpenSSL APIs, when making many TLS connections, the certificate data for each connection is retained in memory in an expensive `X509` structure. Additionally, common certificates often appear in the chains for multiple connections and are needlessly duplicated in memory.
|
||||
|
||||
A [`CRYPTO_BUFFER`](https://commondatastorage.googleapis.com/chromium-boringssl-docs/pool.h.html) is just an opaque byte string. A `CRYPTO_BUFFER_POOL` is an intern table for these buffers, i.e. it ensures that only a single copy of any given byte string is kept for each pool.
|
||||
|
||||
The function `TLS_with_buffers_method` returns an `SSL_METHOD` that avoids creating `X509` objects for certificates. Additionally, `SSL_CTX_set0_buffer_pool` can be used to install a pool on an `SSL_CTX` so that certificates can be deduplicated across connections and across `SSL_CTX`s.
|
||||
|
||||
When using these functions, the application also needs to ensure that it doesn't call other functions that deal with `X509` or `X509_NAME` objects. For example, `SSL_get_peer_certificate` or `SSL_get_peer_cert_chain`. Doing so will trigger an assert in debug mode and will result in NULLs in release mode. Instead, call the buffer-based alternatives such as `SSL_get0_peer_certificates`. (See [ssl.h](https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html) for functions taking or returning `CRYPTO_BUFFER`.) The buffer-based alternative functions will work even when not using `TLS_with_buffers_method`, thus application code can transition gradually.
|
||||
|
||||
In order to use buffers, the application code also needs to implement its own certificate verification using `SSL_[CTX_]set_custom_verify`. Otherwise all connections will fail with a verification error. Auto-chaining is also disabled when using buffers.
|
||||
|
||||
Once those changes have been completed, the whole of the OpenSSL X.509 and ASN.1 code should be eliminated by the linker if BoringSSL is linked statically.
|
||||
|
||||
### Asynchronous and opaque private keys
|
||||
|
||||
OpenSSL offers the ENGINE API for implementing opaque private keys (i.e. private keys where software only has oracle access because the secrets are held in special hardware or on another machine). While the ENGINE API has been mostly removed from BoringSSL, it is still possible to support opaque keys in this way. However, when using such keys with TLS and BoringSSL, you should strongly prefer using `SSL_PRIVATE_KEY_METHOD` via `SSL[_CTX]_set_private_key_method`. This allows a handshake to be suspended while the private operation is in progress. It also supports more forms of opaque key as it exposes higher-level information about the operation to be performed.
|
||||
41
third-party/boringssl/src/README.md
vendored
Normal file
41
third-party/boringssl/src/README.md
vendored
Normal file
|
|
@ -0,0 +1,41 @@
|
|||
# BoringSSL
|
||||
|
||||
BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.
|
||||
|
||||
Although BoringSSL is an open source project, it is not intended for general
|
||||
use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing
|
||||
so is likely to be frustrating because there are no guarantees of API or ABI
|
||||
stability.
|
||||
|
||||
Programs ship their own copies of BoringSSL when they use it and we update
|
||||
everything as needed when deciding to make API changes. This allows us to
|
||||
mostly avoid compromises in the name of compatibility. It works for us, but it
|
||||
may not work for you.
|
||||
|
||||
BoringSSL arose because Google used OpenSSL for many years in various ways and,
|
||||
over time, built up a large number of patches that were maintained while
|
||||
tracking upstream OpenSSL. As Google's product portfolio became more complex,
|
||||
more copies of OpenSSL sprung up and the effort involved in maintaining all
|
||||
these patches in multiple places was growing steadily.
|
||||
|
||||
Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's
|
||||
not part of the NDK) and a number of other apps/programs.
|
||||
|
||||
Project links:
|
||||
|
||||
* [API documentation](https://commondatastorage.googleapis.com/chromium-boringssl-docs/headers.html)
|
||||
* [Bug tracker](https://bugs.chromium.org/p/boringssl/issues/list)
|
||||
* [CI](https://ci.chromium.org/p/boringssl/g/main/console)
|
||||
* [Code review](https://boringssl-review.googlesource.com)
|
||||
|
||||
There are other files in this directory which might be helpful:
|
||||
|
||||
* [PORTING.md](/PORTING.md): how to port OpenSSL-using code to BoringSSL.
|
||||
* [BUILDING.md](/BUILDING.md): how to build BoringSSL
|
||||
* [INCORPORATING.md](/INCORPORATING.md): how to incorporate BoringSSL into a project.
|
||||
* [API-CONVENTIONS.md](/API-CONVENTIONS.md): general API conventions for BoringSSL consumers and developers.
|
||||
* [STYLE.md](/STYLE.md): rules and guidelines for coding style.
|
||||
* include/openssl: public headers with API documentation in comments. Also [available online](https://commondatastorage.googleapis.com/chromium-boringssl-docs/headers.html).
|
||||
* [FUZZING.md](/FUZZING.md): information about fuzzing BoringSSL.
|
||||
* [CONTRIBUTING.md](/CONTRIBUTING.md): how to contribute to BoringSSL.
|
||||
* [BREAKING-CHANGES.md](/BREAKING-CHANGES.md): notes on potentially-breaking changes.
|
||||
233
third-party/boringssl/src/STYLE.md
vendored
Normal file
233
third-party/boringssl/src/STYLE.md
vendored
Normal file
|
|
@ -0,0 +1,233 @@
|
|||
# BoringSSL Style Guide
|
||||
|
||||
BoringSSL usually follows the
|
||||
[Google C++ style guide](https://google.github.io/styleguide/cppguide.html),
|
||||
The rest of this document describes differences and clarifications on
|
||||
top of the base guide.
|
||||
|
||||
|
||||
## Legacy code
|
||||
|
||||
As a derivative of OpenSSL, BoringSSL contains a lot of legacy code that
|
||||
does not follow this style guide. Particularly where public API is
|
||||
concerned, balance consistency within a module with the benefits of a
|
||||
given rule. Module-wide deviations on naming should be respected while
|
||||
integer and return value conventions take precedence over consistency.
|
||||
|
||||
Modules from OpenSSL's legacy ASN.1 and X.509 stack are retained for
|
||||
compatibility and left largely unmodified. To ease importing patches from
|
||||
upstream, they match OpenSSL's new indentation style. For Emacs,
|
||||
`doc/openssl-c-indent.el` from OpenSSL may be helpful in this.
|
||||
|
||||
|
||||
## Language
|
||||
|
||||
The majority of the project is in C, so C++-specific rules in the
|
||||
Google style guide do not apply. Support for C99 features depends on
|
||||
our target platforms. Typically, Chromium's target MSVC is the most
|
||||
restrictive.
|
||||
|
||||
Variable declarations in the middle of a function or inside a `for` loop are
|
||||
allowed and preferred where possible. Note that the common `goto err` cleanup
|
||||
pattern requires lifting some variable declarations.
|
||||
|
||||
Comments should be `// C99-style` for consistency with C++.
|
||||
|
||||
When declaring pointer types, `*` should be placed next to the variable name,
|
||||
not the type. So
|
||||
|
||||
uint8_t *ptr;
|
||||
|
||||
not
|
||||
|
||||
uint8_t* ptr;
|
||||
|
||||
Rather than `malloc()` and `free()`, use the wrappers `OPENSSL_malloc()`
|
||||
and `OPENSSL_free()`. Use the standard C `assert()` function freely.
|
||||
|
||||
Use the following wrappers, found in `crypto/internal.h` instead of the
|
||||
corresponding C standard library functions. They behave the same but avoid
|
||||
confusing undefined behavior.
|
||||
|
||||
* `OPENSSL_memchr`
|
||||
* `OPENSSL_memcmp`
|
||||
* `OPENSSL_memcpy`
|
||||
* `OPENSSL_memmove`
|
||||
* `OPENSSL_memset`
|
||||
|
||||
For new constants, prefer enums when the values are sequential and typed
|
||||
constants for flags. If adding values to an existing set of `#define`s,
|
||||
continue with `#define`.
|
||||
|
||||
|
||||
## libssl
|
||||
|
||||
libssl was originally written in C but is being incrementally rewritten in
|
||||
C++11. As of writing, much of the style matches our C conventions rather than
|
||||
Google C++. Additionally, libssl on Linux currently may not depend on the C++
|
||||
runtime. See the C++ utilities in `ssl/internal.h` for replacements for
|
||||
problematic C++ constructs. The `util/check_imported_libraries.go` script may be
|
||||
used with a shared library build to check if a new construct is okay.
|
||||
|
||||
If unsure, match surrounding code. Discrepancies between it and Google C++ style
|
||||
will be fixed over time.
|
||||
|
||||
|
||||
## Formatting
|
||||
|
||||
Single-statement blocks are not allowed. All conditions and loops must
|
||||
use braces:
|
||||
|
||||
if (foo) {
|
||||
do_something();
|
||||
}
|
||||
|
||||
not
|
||||
|
||||
if (foo)
|
||||
do_something();
|
||||
|
||||
|
||||
## Integers
|
||||
|
||||
Prefer using explicitly-sized integers where appropriate rather than
|
||||
generic C ones. For instance, to represent a byte, use `uint8_t`, not
|
||||
`unsigned char`. Likewise, represent a two-byte field as `uint16_t`, not
|
||||
`unsigned short`.
|
||||
|
||||
Sizes are represented as `size_t`.
|
||||
|
||||
Within a struct that is retained across the lifetime of an SSL
|
||||
connection, if bounds of a size are known and it's easy, use a smaller
|
||||
integer type like `uint8_t`. This is a "free" connection footprint
|
||||
optimization for servers. Don't make code significantly more complex for
|
||||
it, and do still check the bounds when passing in and out of the
|
||||
struct. This narrowing should not propagate to local variables and
|
||||
function parameters.
|
||||
|
||||
When doing arithmetic, account for overflow conditions.
|
||||
|
||||
Except with platform APIs, do not use `ssize_t`. MSVC lacks it, and
|
||||
prefer out-of-band error signaling for `size_t` (see Return values).
|
||||
|
||||
|
||||
## Naming
|
||||
|
||||
Follow Google naming conventions in C++ files. In C files, use the
|
||||
following naming conventions for consistency with existing OpenSSL and C
|
||||
styles:
|
||||
|
||||
Define structs with typedef named `TYPE_NAME`. The corresponding struct
|
||||
should be named `struct type_name_st`.
|
||||
|
||||
Name public functions as `MODULE_function_name`, unless the module
|
||||
already uses a different naming scheme for legacy reasons. The module
|
||||
name should be a type name if the function is a method of a particular
|
||||
type.
|
||||
|
||||
Some types are allocated within the library while others are initialized
|
||||
into a struct allocated by the caller, often on the stack. Name these
|
||||
functions `TYPE_NAME_new`/`TYPE_NAME_free` and
|
||||
`TYPE_NAME_init`/`TYPE_NAME_cleanup`, respectively. All `TYPE_NAME_free`
|
||||
functions must do nothing on `NULL` input.
|
||||
|
||||
If a variable is the length of a pointer value, it has the suffix
|
||||
`_len`. An output parameter is named `out` or has an `out_` prefix. For
|
||||
instance, For instance:
|
||||
|
||||
uint8_t *out,
|
||||
size_t *out_len,
|
||||
const uint8_t *in,
|
||||
size_t in_len,
|
||||
|
||||
Name public headers like `include/openssl/evp.h` with header guards like
|
||||
`OPENSSL_HEADER_EVP_H`. Name internal headers like
|
||||
`crypto/ec/internal.h` with header guards like
|
||||
`OPENSSL_HEADER_EC_INTERNAL_H`.
|
||||
|
||||
Name enums like `enum unix_hacker_t`. For instance:
|
||||
|
||||
enum should_free_handshake_buffer_t {
|
||||
free_handshake_buffer,
|
||||
dont_free_handshake_buffer,
|
||||
};
|
||||
|
||||
|
||||
## Return values
|
||||
|
||||
As even `malloc` may fail in BoringSSL, the vast majority of functions
|
||||
will have a failure case. Functions should return `int` with one on
|
||||
success and zero on error. Do not overload the return value to both
|
||||
signal success/failure and output an integer. For example:
|
||||
|
||||
OPENSSL_EXPORT int CBS_get_u16(CBS *cbs, uint16_t *out);
|
||||
|
||||
If a function needs more than a true/false result code, define an enum
|
||||
rather than arbitrarily assigning meaning to int values.
|
||||
|
||||
If a function outputs a pointer to an object on success and there are no
|
||||
other outputs, return the pointer directly and `NULL` on error.
|
||||
|
||||
|
||||
## Parameters
|
||||
|
||||
Where not constrained by legacy code, parameter order should be:
|
||||
|
||||
1. context parameters
|
||||
2. output parameters
|
||||
3. input parameters
|
||||
|
||||
For example,
|
||||
|
||||
/* CBB_add_asn sets |*out_contents| to a |CBB| into which the contents of an
|
||||
* ASN.1 object can be written. The |tag| argument will be used as the tag for
|
||||
* the object. It returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int CBB_add_asn1(CBB *cbb, CBB *out_contents, unsigned tag);
|
||||
|
||||
|
||||
## Documentation
|
||||
|
||||
All public symbols must have a documentation comment in their header
|
||||
file. The style is based on that of Go. The first sentence begins with
|
||||
the symbol name, optionally prefixed with "A" or "An". Apart from the
|
||||
initial mention of symbol, references to other symbols or parameter
|
||||
names should be surrounded by |pipes|.
|
||||
|
||||
Documentation should be concise but completely describe the exposed
|
||||
behavior of the function. Pay special note to success/failure behaviors
|
||||
and caller obligations on object lifetimes. If this sacrifices
|
||||
conciseness, consider simplifying the function's behavior.
|
||||
|
||||
// EVP_DigestVerifyUpdate appends |len| bytes from |data| to the data which
|
||||
// will be verified by |EVP_DigestVerifyFinal|. It returns one on success and
|
||||
// zero otherwise.
|
||||
OPENSSL_EXPORT int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data,
|
||||
size_t len);
|
||||
|
||||
Explicitly mention any surprising edge cases or deviations from common
|
||||
return value patterns in legacy functions.
|
||||
|
||||
// RSA_private_encrypt encrypts |flen| bytes from |from| with the private key in
|
||||
// |rsa| and writes the encrypted data to |to|. The |to| buffer must have at
|
||||
// least |RSA_size| bytes of space. It returns the number of bytes written, or
|
||||
// -1 on error. The |padding| argument must be one of the |RSA_*_PADDING|
|
||||
// values. If in doubt, |RSA_PKCS1_PADDING| is the most common.
|
||||
//
|
||||
// WARNING: this function is dangerous because it breaks the usual return value
|
||||
// convention. Use |RSA_sign_raw| instead.
|
||||
OPENSSL_EXPORT int RSA_private_encrypt(int flen, const uint8_t *from,
|
||||
uint8_t *to, RSA *rsa, int padding);
|
||||
|
||||
Document private functions in their `internal.h` header or, if static,
|
||||
where defined.
|
||||
|
||||
|
||||
## Build logic
|
||||
|
||||
BoringSSL is used by many projects with many different build tools.
|
||||
Reimplementing and maintaining build logic in each downstream build is
|
||||
cumbersome, so build logic should be avoided where possible. Platform-specific
|
||||
files should be excluded by wrapping the contents in `#ifdef`s, rather than
|
||||
computing platform-specific file lists. Generated source files such as perlasm
|
||||
and `err_data.c` may be used in the standalone CMake build but, for downstream
|
||||
builds, they should be pre-generated in `generate_build_files.py`.
|
||||
4
third-party/boringssl/src/codereview.settings
vendored
Normal file
4
third-party/boringssl/src/codereview.settings
vendored
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
# This file is used by "git cl" to get repository specific information.
|
||||
GERRIT_HOST: True
|
||||
GERRIT_PORT: True
|
||||
CODE_REVIEW_SERVER: https://boringssl-review.googlesource.com
|
||||
551
third-party/boringssl/src/crypto/CMakeLists.txt
vendored
Normal file
551
third-party/boringssl/src/crypto/CMakeLists.txt
vendored
Normal file
|
|
@ -0,0 +1,551 @@
|
|||
include_directories(../include)
|
||||
|
||||
if(NOT OPENSSL_NO_ASM)
|
||||
if(UNIX)
|
||||
if(${ARCH} STREQUAL "aarch64")
|
||||
# The "armx" Perl scripts look for "64" in the style argument
|
||||
# in order to decide whether to generate 32- or 64-bit asm.
|
||||
if(APPLE)
|
||||
set(PERLASM_STYLE ios64)
|
||||
else()
|
||||
set(PERLASM_STYLE linux64)
|
||||
endif()
|
||||
elseif(${ARCH} STREQUAL "arm")
|
||||
if(APPLE)
|
||||
set(PERLASM_STYLE ios32)
|
||||
else()
|
||||
set(PERLASM_STYLE linux32)
|
||||
endif()
|
||||
elseif(${ARCH} STREQUAL "ppc64le")
|
||||
set(PERLASM_STYLE linux64le)
|
||||
else()
|
||||
if(${ARCH} STREQUAL "x86")
|
||||
set(PERLASM_FLAGS "-fPIC -DOPENSSL_IA32_SSE2")
|
||||
endif()
|
||||
if(APPLE)
|
||||
set(PERLASM_STYLE macosx)
|
||||
else()
|
||||
set(PERLASM_STYLE elf)
|
||||
endif()
|
||||
endif()
|
||||
set(ASM_EXT S)
|
||||
enable_language(ASM)
|
||||
set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -Wa,--noexecstack")
|
||||
|
||||
# Clang's integerated assembler does not support debug symbols.
|
||||
if(NOT CMAKE_ASM_COMPILER_ID MATCHES "Clang")
|
||||
set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -Wa,-g")
|
||||
endif()
|
||||
|
||||
# CMake does not add -isysroot and -arch flags to assembly.
|
||||
if(APPLE)
|
||||
if(CMAKE_OSX_SYSROOT)
|
||||
set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -isysroot \"${CMAKE_OSX_SYSROOT}\"")
|
||||
endif()
|
||||
foreach(arch ${CMAKE_OSX_ARCHITECTURES})
|
||||
set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -arch ${arch}")
|
||||
endforeach()
|
||||
endif()
|
||||
else()
|
||||
if(${ARCH} STREQUAL "x86_64")
|
||||
set(PERLASM_STYLE nasm)
|
||||
else()
|
||||
set(PERLASM_STYLE win32n)
|
||||
set(PERLASM_FLAGS "-DOPENSSL_IA32_SSE2")
|
||||
endif()
|
||||
set(CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} -gcv8")
|
||||
|
||||
# On Windows, we use the NASM output, specifically built with Yasm.
|
||||
set(ASM_EXT asm)
|
||||
enable_language(ASM_NASM)
|
||||
endif()
|
||||
endif()
|
||||
|
||||
function(perlasm dest src)
|
||||
get_filename_component(dir ${dest} DIRECTORY)
|
||||
if ("${dir}" STREQUAL "")
|
||||
set(dir ".")
|
||||
endif()
|
||||
|
||||
add_custom_command(
|
||||
OUTPUT ${dest}
|
||||
COMMAND ${CMAKE_COMMAND} -E make_directory ${dir}
|
||||
COMMAND ${PERL_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/${src} ${PERLASM_STYLE} ${PERLASM_FLAGS} ${ARGN} ${dest}
|
||||
DEPENDS
|
||||
${src}
|
||||
${PROJECT_SOURCE_DIR}/crypto/perlasm/arm-xlate.pl
|
||||
${PROJECT_SOURCE_DIR}/crypto/perlasm/ppc-xlate.pl
|
||||
${PROJECT_SOURCE_DIR}/crypto/perlasm/x86_64-xlate.pl
|
||||
${PROJECT_SOURCE_DIR}/crypto/perlasm/x86asm.pl
|
||||
${PROJECT_SOURCE_DIR}/crypto/perlasm/x86gas.pl
|
||||
${PROJECT_SOURCE_DIR}/crypto/perlasm/x86masm.pl
|
||||
${PROJECT_SOURCE_DIR}/crypto/perlasm/x86nasm.pl
|
||||
WORKING_DIRECTORY .
|
||||
)
|
||||
endfunction()
|
||||
|
||||
add_subdirectory(fipsmodule)
|
||||
add_subdirectory(test)
|
||||
|
||||
if(FIPS_DELOCATE OR FIPS_SHARED)
|
||||
SET_SOURCE_FILES_PROPERTIES(fipsmodule/bcm.o PROPERTIES EXTERNAL_OBJECT true)
|
||||
SET_SOURCE_FILES_PROPERTIES(fipsmodule/bcm.o PROPERTIES GENERATED true)
|
||||
|
||||
set(
|
||||
CRYPTO_FIPS_OBJECTS
|
||||
|
||||
fipsmodule/bcm.o
|
||||
)
|
||||
endif()
|
||||
|
||||
if(${ARCH} STREQUAL "arm")
|
||||
set(
|
||||
CRYPTO_ARCH_SOURCES
|
||||
|
||||
chacha/chacha-armv4.${ASM_EXT}
|
||||
curve25519/asm/x25519-asm-arm.S
|
||||
poly1305/poly1305_arm_asm.S
|
||||
test/trampoline-armv4.${ASM_EXT}
|
||||
)
|
||||
endif()
|
||||
|
||||
if(${ARCH} STREQUAL "aarch64")
|
||||
set(
|
||||
CRYPTO_ARCH_SOURCES
|
||||
|
||||
chacha/chacha-armv8.${ASM_EXT}
|
||||
test/trampoline-armv8.${ASM_EXT}
|
||||
)
|
||||
endif()
|
||||
|
||||
if(${ARCH} STREQUAL "ppc64le")
|
||||
set(
|
||||
CRYPTO_ARCH_SOURCES
|
||||
|
||||
test/trampoline-ppc.${ASM_EXT}
|
||||
)
|
||||
endif()
|
||||
|
||||
if(${ARCH} STREQUAL "x86")
|
||||
set(
|
||||
CRYPTO_ARCH_SOURCES
|
||||
|
||||
chacha/chacha-x86.${ASM_EXT}
|
||||
test/trampoline-x86.${ASM_EXT}
|
||||
)
|
||||
endif()
|
||||
|
||||
if(${ARCH} STREQUAL "x86_64")
|
||||
set(
|
||||
CRYPTO_ARCH_SOURCES
|
||||
|
||||
chacha/chacha-x86_64.${ASM_EXT}
|
||||
cipher_extra/aes128gcmsiv-x86_64.${ASM_EXT}
|
||||
cipher_extra/chacha20_poly1305_x86_64.${ASM_EXT}
|
||||
hrss/asm/poly_rq_mul.S
|
||||
test/trampoline-x86_64.${ASM_EXT}
|
||||
)
|
||||
endif()
|
||||
|
||||
perlasm(chacha/chacha-armv4.${ASM_EXT} chacha/asm/chacha-armv4.pl)
|
||||
perlasm(chacha/chacha-armv8.${ASM_EXT} chacha/asm/chacha-armv8.pl)
|
||||
perlasm(chacha/chacha-x86.${ASM_EXT} chacha/asm/chacha-x86.pl)
|
||||
perlasm(chacha/chacha-x86_64.${ASM_EXT} chacha/asm/chacha-x86_64.pl)
|
||||
perlasm(cipher_extra/aes128gcmsiv-x86_64.${ASM_EXT} cipher_extra/asm/aes128gcmsiv-x86_64.pl)
|
||||
perlasm(cipher_extra/chacha20_poly1305_x86_64.${ASM_EXT} cipher_extra/asm/chacha20_poly1305_x86_64.pl)
|
||||
perlasm(test/trampoline-armv4.${ASM_EXT} test/asm/trampoline-armv4.pl)
|
||||
perlasm(test/trampoline-armv8.${ASM_EXT} test/asm/trampoline-armv8.pl)
|
||||
perlasm(test/trampoline-ppc.${ASM_EXT} test/asm/trampoline-ppc.pl)
|
||||
perlasm(test/trampoline-x86.${ASM_EXT} test/asm/trampoline-x86.pl)
|
||||
perlasm(test/trampoline-x86_64.${ASM_EXT} test/asm/trampoline-x86_64.pl)
|
||||
|
||||
add_custom_command(
|
||||
OUTPUT err_data.c
|
||||
COMMAND ${GO_EXECUTABLE} run err_data_generate.go > ${CMAKE_CURRENT_BINARY_DIR}/err_data.c
|
||||
DEPENDS
|
||||
err/err_data_generate.go
|
||||
err/asn1.errordata
|
||||
err/bio.errordata
|
||||
err/bn.errordata
|
||||
err/cipher.errordata
|
||||
err/conf.errordata
|
||||
err/dh.errordata
|
||||
err/digest.errordata
|
||||
err/dsa.errordata
|
||||
err/ecdh.errordata
|
||||
err/ecdsa.errordata
|
||||
err/ec.errordata
|
||||
err/engine.errordata
|
||||
err/evp.errordata
|
||||
err/hkdf.errordata
|
||||
err/obj.errordata
|
||||
err/pem.errordata
|
||||
err/pkcs7.errordata
|
||||
err/pkcs8.errordata
|
||||
err/rsa.errordata
|
||||
err/ssl.errordata
|
||||
err/x509.errordata
|
||||
err/x509v3.errordata
|
||||
WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/err
|
||||
)
|
||||
|
||||
add_library(
|
||||
crypto
|
||||
|
||||
asn1/a_bitstr.c
|
||||
asn1/a_bool.c
|
||||
asn1/a_d2i_fp.c
|
||||
asn1/a_dup.c
|
||||
asn1/a_enum.c
|
||||
asn1/a_gentm.c
|
||||
asn1/a_i2d_fp.c
|
||||
asn1/a_int.c
|
||||
asn1/a_mbstr.c
|
||||
asn1/a_object.c
|
||||
asn1/a_octet.c
|
||||
asn1/a_print.c
|
||||
asn1/a_strnid.c
|
||||
asn1/a_time.c
|
||||
asn1/a_type.c
|
||||
asn1/a_utctm.c
|
||||
asn1/a_utf8.c
|
||||
asn1/asn1_lib.c
|
||||
asn1/asn1_par.c
|
||||
asn1/asn_pack.c
|
||||
asn1/f_enum.c
|
||||
asn1/f_int.c
|
||||
asn1/f_string.c
|
||||
asn1/tasn_dec.c
|
||||
asn1/tasn_enc.c
|
||||
asn1/tasn_fre.c
|
||||
asn1/tasn_new.c
|
||||
asn1/tasn_typ.c
|
||||
asn1/tasn_utl.c
|
||||
asn1/time_support.c
|
||||
base64/base64.c
|
||||
bio/bio.c
|
||||
bio/bio_mem.c
|
||||
bio/connect.c
|
||||
bio/fd.c
|
||||
bio/file.c
|
||||
bio/hexdump.c
|
||||
bio/pair.c
|
||||
bio/printf.c
|
||||
bio/socket.c
|
||||
bio/socket_helper.c
|
||||
bn_extra/bn_asn1.c
|
||||
bn_extra/convert.c
|
||||
buf/buf.c
|
||||
bytestring/asn1_compat.c
|
||||
bytestring/ber.c
|
||||
bytestring/cbb.c
|
||||
bytestring/cbs.c
|
||||
bytestring/unicode.c
|
||||
chacha/chacha.c
|
||||
cipher_extra/cipher_extra.c
|
||||
cipher_extra/derive_key.c
|
||||
cipher_extra/e_aesccm.c
|
||||
cipher_extra/e_aesctrhmac.c
|
||||
cipher_extra/e_aesgcmsiv.c
|
||||
cipher_extra/e_chacha20poly1305.c
|
||||
cipher_extra/e_null.c
|
||||
cipher_extra/e_rc2.c
|
||||
cipher_extra/e_rc4.c
|
||||
cipher_extra/e_tls.c
|
||||
cipher_extra/tls_cbc.c
|
||||
cmac/cmac.c
|
||||
conf/conf.c
|
||||
cpu-aarch64-fuchsia.c
|
||||
cpu-aarch64-linux.c
|
||||
cpu-arm-linux.c
|
||||
cpu-arm.c
|
||||
cpu-intel.c
|
||||
cpu-ppc64le.c
|
||||
crypto.c
|
||||
curve25519/spake25519.c
|
||||
dh/dh.c
|
||||
dh/params.c
|
||||
dh/check.c
|
||||
dh/dh_asn1.c
|
||||
digest_extra/digest_extra.c
|
||||
dsa/dsa.c
|
||||
dsa/dsa_asn1.c
|
||||
ecdh_extra/ecdh_extra.c
|
||||
ecdsa_extra/ecdsa_asn1.c
|
||||
ec_extra/ec_asn1.c
|
||||
ec_extra/ec_derive.c
|
||||
err/err.c
|
||||
err_data.c
|
||||
engine/engine.c
|
||||
evp/digestsign.c
|
||||
evp/evp.c
|
||||
evp/evp_asn1.c
|
||||
evp/evp_ctx.c
|
||||
evp/p_dsa_asn1.c
|
||||
evp/p_ec.c
|
||||
evp/p_ec_asn1.c
|
||||
evp/p_ed25519.c
|
||||
evp/p_ed25519_asn1.c
|
||||
evp/p_rsa.c
|
||||
evp/p_rsa_asn1.c
|
||||
evp/p_x25519.c
|
||||
evp/p_x25519_asn1.c
|
||||
evp/pbkdf.c
|
||||
evp/print.c
|
||||
evp/scrypt.c
|
||||
evp/sign.c
|
||||
ex_data.c
|
||||
hkdf/hkdf.c
|
||||
hrss/hrss.c
|
||||
lhash/lhash.c
|
||||
mem.c
|
||||
obj/obj.c
|
||||
obj/obj_xref.c
|
||||
pem/pem_all.c
|
||||
pem/pem_info.c
|
||||
pem/pem_lib.c
|
||||
pem/pem_oth.c
|
||||
pem/pem_pk8.c
|
||||
pem/pem_pkey.c
|
||||
pem/pem_x509.c
|
||||
pem/pem_xaux.c
|
||||
pkcs7/pkcs7.c
|
||||
pkcs7/pkcs7_x509.c
|
||||
pkcs8/pkcs8.c
|
||||
pkcs8/pkcs8_x509.c
|
||||
pkcs8/p5_pbev2.c
|
||||
poly1305/poly1305.c
|
||||
poly1305/poly1305_arm.c
|
||||
poly1305/poly1305_vec.c
|
||||
pool/pool.c
|
||||
rand_extra/deterministic.c
|
||||
rand_extra/forkunsafe.c
|
||||
rand_extra/fuchsia.c
|
||||
rand_extra/rand_extra.c
|
||||
rand_extra/windows.c
|
||||
rc4/rc4.c
|
||||
refcount_c11.c
|
||||
refcount_lock.c
|
||||
rsa_extra/rsa_asn1.c
|
||||
rsa_extra/rsa_print.c
|
||||
stack/stack.c
|
||||
siphash/siphash.c
|
||||
thread.c
|
||||
thread_none.c
|
||||
thread_pthread.c
|
||||
thread_win.c
|
||||
x509/a_digest.c
|
||||
x509/a_sign.c
|
||||
x509/a_strex.c
|
||||
x509/a_verify.c
|
||||
x509/algorithm.c
|
||||
x509/asn1_gen.c
|
||||
x509/by_dir.c
|
||||
x509/by_file.c
|
||||
x509/i2d_pr.c
|
||||
x509/rsa_pss.c
|
||||
x509/t_crl.c
|
||||
x509/t_req.c
|
||||
x509/t_x509.c
|
||||
x509/t_x509a.c
|
||||
x509/x509.c
|
||||
x509/x509_att.c
|
||||
x509/x509_cmp.c
|
||||
x509/x509_d2.c
|
||||
x509/x509_def.c
|
||||
x509/x509_ext.c
|
||||
x509/x509_lu.c
|
||||
x509/x509_obj.c
|
||||
x509/x509_r2x.c
|
||||
x509/x509_req.c
|
||||
x509/x509_set.c
|
||||
x509/x509_trs.c
|
||||
x509/x509_txt.c
|
||||
x509/x509_v3.c
|
||||
x509/x509_vfy.c
|
||||
x509/x509_vpm.c
|
||||
x509/x509cset.c
|
||||
x509/x509name.c
|
||||
x509/x509rset.c
|
||||
x509/x509spki.c
|
||||
x509/x_algor.c
|
||||
x509/x_all.c
|
||||
x509/x_attrib.c
|
||||
x509/x_crl.c
|
||||
x509/x_exten.c
|
||||
x509/x_info.c
|
||||
x509/x_name.c
|
||||
x509/x_pkey.c
|
||||
x509/x_pubkey.c
|
||||
x509/x_req.c
|
||||
x509/x_sig.c
|
||||
x509/x_spki.c
|
||||
x509/x_val.c
|
||||
x509/x_x509.c
|
||||
x509/x_x509a.c
|
||||
x509v3/pcy_cache.c
|
||||
x509v3/pcy_data.c
|
||||
x509v3/pcy_lib.c
|
||||
x509v3/pcy_map.c
|
||||
x509v3/pcy_node.c
|
||||
x509v3/pcy_tree.c
|
||||
x509v3/v3_akey.c
|
||||
x509v3/v3_akeya.c
|
||||
x509v3/v3_alt.c
|
||||
x509v3/v3_bcons.c
|
||||
x509v3/v3_bitst.c
|
||||
x509v3/v3_conf.c
|
||||
x509v3/v3_cpols.c
|
||||
x509v3/v3_crld.c
|
||||
x509v3/v3_enum.c
|
||||
x509v3/v3_extku.c
|
||||
x509v3/v3_genn.c
|
||||
x509v3/v3_ia5.c
|
||||
x509v3/v3_info.c
|
||||
x509v3/v3_int.c
|
||||
x509v3/v3_lib.c
|
||||
x509v3/v3_ncons.c
|
||||
x509v3/v3_ocsp.c
|
||||
x509v3/v3_pci.c
|
||||
x509v3/v3_pcia.c
|
||||
x509v3/v3_pcons.c
|
||||
x509v3/v3_pku.c
|
||||
x509v3/v3_pmaps.c
|
||||
x509v3/v3_prn.c
|
||||
x509v3/v3_purp.c
|
||||
x509v3/v3_skey.c
|
||||
x509v3/v3_sxnet.c
|
||||
x509v3/v3_utl.c
|
||||
../third_party/fiat/curve25519.c
|
||||
|
||||
$<TARGET_OBJECTS:fipsmodule>
|
||||
|
||||
${CRYPTO_ARCH_SOURCES}
|
||||
${CRYPTO_FIPS_OBJECTS}
|
||||
)
|
||||
|
||||
if(FIPS_SHARED)
|
||||
set(EXTRA_INJECT_HASH_ARGS)
|
||||
if(ANDROID)
|
||||
set(EXTRA_INJECT_HASH_ARGS "-sha256")
|
||||
endif()
|
||||
# Rewrite libcrypto.so to inject the correct module hash value. This assumes
|
||||
# UNIX-style library naming, but we only support FIPS mode on Linux anyway.
|
||||
add_custom_command(
|
||||
TARGET crypto POST_BUILD
|
||||
COMMAND ${GO_EXECUTABLE} run
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/../util/fipstools/inject_hash/inject_hash.go
|
||||
-o libcrypto.so -in-object libcrypto.so ${EXTRA_INJECT_HASH_ARGS}
|
||||
# The DEPENDS argument to a POST_BUILD rule appears to be ignored. Thus
|
||||
# go_executable isn't used (as it doesn't get built), but we list this
|
||||
# dependency anyway in case it starts working in some CMake version.
|
||||
DEPENDS ../util/fipstools/inject_hash/inject_hash.go
|
||||
WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
|
||||
)
|
||||
endif()
|
||||
|
||||
add_dependencies(crypto global_target)
|
||||
|
||||
if(FIPS_DELOCATE OR FIPS_SHARED)
|
||||
add_dependencies(crypto bcm_o_target)
|
||||
endif()
|
||||
|
||||
SET_TARGET_PROPERTIES(crypto PROPERTIES LINKER_LANGUAGE C)
|
||||
|
||||
if(NOT MSVC AND NOT ANDROID)
|
||||
target_link_libraries(crypto pthread)
|
||||
endif()
|
||||
|
||||
# Every target depends on crypto, so we add libcxx as a dependency here to
|
||||
# simplify injecting it everywhere.
|
||||
if(USE_CUSTOM_LIBCXX)
|
||||
target_link_libraries(crypto libcxx)
|
||||
endif()
|
||||
|
||||
# urandom_test is a separate binary because it needs to be able to observe the
|
||||
# PRNG initialisation, which means that it can't have other tests running before
|
||||
# it does.
|
||||
add_executable(
|
||||
urandom_test
|
||||
|
||||
fipsmodule/rand/urandom_test.cc
|
||||
)
|
||||
|
||||
target_link_libraries(urandom_test test_support_lib boringssl_gtest crypto)
|
||||
|
||||
add_dependencies(urandom_test global_target)
|
||||
add_dependencies(all_tests urandom_test)
|
||||
|
||||
add_executable(
|
||||
crypto_test
|
||||
|
||||
abi_self_test.cc
|
||||
asn1/asn1_test.cc
|
||||
base64/base64_test.cc
|
||||
buf/buf_test.cc
|
||||
bio/bio_test.cc
|
||||
bytestring/bytestring_test.cc
|
||||
chacha/chacha_test.cc
|
||||
cipher_extra/aead_test.cc
|
||||
cipher_extra/cipher_test.cc
|
||||
cmac/cmac_test.cc
|
||||
compiler_test.cc
|
||||
constant_time_test.cc
|
||||
cpu-arm-linux_test.cc
|
||||
curve25519/ed25519_test.cc
|
||||
curve25519/spake25519_test.cc
|
||||
curve25519/x25519_test.cc
|
||||
ecdh_extra/ecdh_test.cc
|
||||
dh/dh_test.cc
|
||||
digest_extra/digest_test.cc
|
||||
dsa/dsa_test.cc
|
||||
err/err_test.cc
|
||||
evp/evp_extra_test.cc
|
||||
evp/evp_test.cc
|
||||
evp/pbkdf_test.cc
|
||||
evp/scrypt_test.cc
|
||||
fipsmodule/aes/aes_test.cc
|
||||
fipsmodule/bn/bn_test.cc
|
||||
fipsmodule/ec/ec_test.cc
|
||||
fipsmodule/ec/p256-x86_64_test.cc
|
||||
fipsmodule/ecdsa/ecdsa_test.cc
|
||||
fipsmodule/md5/md5_test.cc
|
||||
fipsmodule/modes/gcm_test.cc
|
||||
fipsmodule/rand/ctrdrbg_test.cc
|
||||
fipsmodule/sha/sha_test.cc
|
||||
hkdf/hkdf_test.cc
|
||||
hmac_extra/hmac_test.cc
|
||||
hrss/hrss_test.cc
|
||||
impl_dispatch_test.cc
|
||||
lhash/lhash_test.cc
|
||||
obj/obj_test.cc
|
||||
pem/pem_test.cc
|
||||
pkcs7/pkcs7_test.cc
|
||||
pkcs8/pkcs8_test.cc
|
||||
pkcs8/pkcs12_test.cc
|
||||
poly1305/poly1305_test.cc
|
||||
pool/pool_test.cc
|
||||
rand_extra/rand_test.cc
|
||||
refcount_test.cc
|
||||
rsa_extra/rsa_test.cc
|
||||
self_test.cc
|
||||
stack/stack_test.cc
|
||||
siphash/siphash_test.cc
|
||||
test/file_test_gtest.cc
|
||||
thread_test.cc
|
||||
x509/x509_test.cc
|
||||
x509/x509_time_test.cc
|
||||
x509v3/tab_test.cc
|
||||
x509v3/v3name_test.cc
|
||||
|
||||
$<TARGET_OBJECTS:crypto_test_data>
|
||||
$<TARGET_OBJECTS:boringssl_gtest_main>
|
||||
)
|
||||
|
||||
add_dependencies(crypto_test global_target)
|
||||
|
||||
target_link_libraries(crypto_test test_support_lib boringssl_gtest crypto)
|
||||
if(WIN32)
|
||||
target_link_libraries(crypto_test ws2_32)
|
||||
endif()
|
||||
add_dependencies(all_tests crypto_test)
|
||||
808
third-party/boringssl/src/crypto/abi_self_test.cc
vendored
Normal file
808
third-party/boringssl/src/crypto/abi_self_test.cc
vendored
Normal file
|
|
@ -0,0 +1,808 @@
|
|||
/* Copyright (c) 2018, Google Inc.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
||||
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
||||
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
||||
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
||||
|
||||
#include <gtest/gtest.h>
|
||||
#include <gtest/gtest-spi.h>
|
||||
|
||||
#include <openssl/rand.h>
|
||||
|
||||
#include "test/abi_test.h"
|
||||
|
||||
|
||||
static bool test_function_ok;
|
||||
static int TestFunction(int a1, int a2, int a3, int a4, int a5, int a6, int a7,
|
||||
int a8) {
|
||||
test_function_ok = a1 == 1 || a2 == 2 || a3 == 3 || a4 == 4 || a5 == 5 ||
|
||||
a6 == 6 || a7 == 7 || a8 == 8;
|
||||
return 42;
|
||||
}
|
||||
|
||||
TEST(ABITest, SanityCheck) {
|
||||
EXPECT_NE(0, CHECK_ABI_NO_UNWIND(strcmp, "hello", "world"));
|
||||
|
||||
test_function_ok = false;
|
||||
EXPECT_EQ(42, CHECK_ABI_SEH(TestFunction, 1, 2, 3, 4, 5, 6, 7, 8));
|
||||
EXPECT_TRUE(test_function_ok);
|
||||
|
||||
#if defined(SUPPORTS_ABI_TEST)
|
||||
abi_test::internal::CallerState state;
|
||||
RAND_bytes(reinterpret_cast<uint8_t *>(&state), sizeof(state));
|
||||
crypto_word_t argv[] = {
|
||||
1, 2, 3, 4, 5, 6, 7, 8,
|
||||
};
|
||||
CHECK_ABI_SEH(abi_test_trampoline,
|
||||
reinterpret_cast<crypto_word_t>(TestFunction), &state, argv, 8,
|
||||
0 /* no breakpoint */);
|
||||
|
||||
#if defined(OPENSSL_X86_64)
|
||||
if (abi_test::UnwindTestsEnabled()) {
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_SEH(abi_test_bad_unwind_wrong_register),
|
||||
"was not recovered");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_SEH(abi_test_bad_unwind_temporary),
|
||||
"was not recovered");
|
||||
|
||||
CHECK_ABI_NO_UNWIND(abi_test_bad_unwind_wrong_register);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_bad_unwind_temporary);
|
||||
|
||||
#if defined(OPENSSL_WINDOWS)
|
||||
// The invalid epilog makes Windows believe the epilog starts later than it
|
||||
// actually does. As a result, immediately after the popq, it does not
|
||||
// realize the stack has been unwound and repeats the work.
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_SEH(abi_test_bad_unwind_epilog),
|
||||
"unwound past starting frame");
|
||||
CHECK_ABI_NO_UNWIND(abi_test_bad_unwind_epilog);
|
||||
#endif // OPENSSL_WINDOWS
|
||||
}
|
||||
#endif // OPENSSL_X86_64
|
||||
#endif // SUPPORTS_ABI_TEST
|
||||
}
|
||||
|
||||
#if defined(OPENSSL_X86_64) && defined(SUPPORTS_ABI_TEST)
|
||||
extern "C" {
|
||||
void abi_test_clobber_rax(void);
|
||||
void abi_test_clobber_rbx(void);
|
||||
void abi_test_clobber_rcx(void);
|
||||
void abi_test_clobber_rdx(void);
|
||||
void abi_test_clobber_rsi(void);
|
||||
void abi_test_clobber_rdi(void);
|
||||
void abi_test_clobber_rbp(void);
|
||||
void abi_test_clobber_r8(void);
|
||||
void abi_test_clobber_r9(void);
|
||||
void abi_test_clobber_r10(void);
|
||||
void abi_test_clobber_r11(void);
|
||||
void abi_test_clobber_r12(void);
|
||||
void abi_test_clobber_r13(void);
|
||||
void abi_test_clobber_r14(void);
|
||||
void abi_test_clobber_r15(void);
|
||||
void abi_test_clobber_xmm0(void);
|
||||
void abi_test_clobber_xmm1(void);
|
||||
void abi_test_clobber_xmm2(void);
|
||||
void abi_test_clobber_xmm3(void);
|
||||
void abi_test_clobber_xmm4(void);
|
||||
void abi_test_clobber_xmm5(void);
|
||||
void abi_test_clobber_xmm6(void);
|
||||
void abi_test_clobber_xmm7(void);
|
||||
void abi_test_clobber_xmm8(void);
|
||||
void abi_test_clobber_xmm9(void);
|
||||
void abi_test_clobber_xmm10(void);
|
||||
void abi_test_clobber_xmm11(void);
|
||||
void abi_test_clobber_xmm12(void);
|
||||
void abi_test_clobber_xmm13(void);
|
||||
void abi_test_clobber_xmm14(void);
|
||||
void abi_test_clobber_xmm15(void);
|
||||
} // extern "C"
|
||||
|
||||
TEST(ABITest, X86_64) {
|
||||
// abi_test_trampoline hides unsaved registers from the caller, so we can
|
||||
// safely call the abi_test_clobber_* functions below.
|
||||
abi_test::internal::CallerState state;
|
||||
RAND_bytes(reinterpret_cast<uint8_t *>(&state), sizeof(state));
|
||||
CHECK_ABI_NO_UNWIND(abi_test_trampoline,
|
||||
reinterpret_cast<crypto_word_t>(abi_test_clobber_rbx),
|
||||
&state, nullptr, 0, 0 /* no breakpoint */);
|
||||
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_rax);
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_rbx),
|
||||
"rbx was not restored after return");
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_rcx);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_rdx);
|
||||
#if defined(OPENSSL_WINDOWS)
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_rdi),
|
||||
"rdi was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_rsi),
|
||||
"rsi was not restored after return");
|
||||
#else
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_rdi);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_rsi);
|
||||
#endif
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_rbp),
|
||||
"rbp was not restored after return");
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_r8);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_r9);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_r10);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_r11);
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r12),
|
||||
"r12 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r13),
|
||||
"r13 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r14),
|
||||
"r14 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r15),
|
||||
"r15 was not restored after return");
|
||||
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm0);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm1);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm2);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm3);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm4);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm5);
|
||||
#if defined(OPENSSL_WINDOWS)
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm6),
|
||||
"xmm6 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm7),
|
||||
"xmm7 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm8),
|
||||
"xmm8 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm9),
|
||||
"xmm9 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm10),
|
||||
"xmm10 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm11),
|
||||
"xmm11 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm12),
|
||||
"xmm12 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm13),
|
||||
"xmm13 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm14),
|
||||
"xmm14 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm15),
|
||||
"xmm15 was not restored after return");
|
||||
#else
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm6);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm7);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm8);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm9);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm10);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm11);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm12);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm13);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm14);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm15);
|
||||
#endif
|
||||
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_set_direction_flag),
|
||||
"Direction flag set after return");
|
||||
EXPECT_EQ(0, abi_test_get_and_clear_direction_flag())
|
||||
<< "CHECK_ABI did not insulate the caller from direction flag errors";
|
||||
}
|
||||
#endif // OPENSSL_X86_64 && SUPPORTS_ABI_TEST
|
||||
|
||||
#if defined(OPENSSL_X86) && defined(SUPPORTS_ABI_TEST)
|
||||
extern "C" {
|
||||
void abi_test_clobber_eax(void);
|
||||
void abi_test_clobber_ebx(void);
|
||||
void abi_test_clobber_ecx(void);
|
||||
void abi_test_clobber_edx(void);
|
||||
void abi_test_clobber_esi(void);
|
||||
void abi_test_clobber_edi(void);
|
||||
void abi_test_clobber_ebp(void);
|
||||
void abi_test_clobber_xmm0(void);
|
||||
void abi_test_clobber_xmm1(void);
|
||||
void abi_test_clobber_xmm2(void);
|
||||
void abi_test_clobber_xmm3(void);
|
||||
void abi_test_clobber_xmm4(void);
|
||||
void abi_test_clobber_xmm5(void);
|
||||
void abi_test_clobber_xmm6(void);
|
||||
void abi_test_clobber_xmm7(void);
|
||||
} // extern "C"
|
||||
|
||||
TEST(ABITest, X86) {
|
||||
// abi_test_trampoline hides unsaved registers from the caller, so we can
|
||||
// safely call the abi_test_clobber_* functions below.
|
||||
abi_test::internal::CallerState state;
|
||||
RAND_bytes(reinterpret_cast<uint8_t *>(&state), sizeof(state));
|
||||
CHECK_ABI_NO_UNWIND(abi_test_trampoline,
|
||||
reinterpret_cast<crypto_word_t>(abi_test_clobber_ebx),
|
||||
&state, nullptr, 0, 0 /* no breakpoint */);
|
||||
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_eax);
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_ebx),
|
||||
"ebx was not restored after return");
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_ecx);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_edx);
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_edi),
|
||||
"edi was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_esi),
|
||||
"esi was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_ebp),
|
||||
"ebp was not restored after return");
|
||||
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm0);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm1);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm2);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm3);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm4);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm5);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm6);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm7);
|
||||
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_set_direction_flag),
|
||||
"Direction flag set after return");
|
||||
EXPECT_EQ(0, abi_test_get_and_clear_direction_flag())
|
||||
<< "CHECK_ABI did not insulate the caller from direction flag errors";
|
||||
}
|
||||
#endif // OPENSSL_X86 && SUPPORTS_ABI_TEST
|
||||
|
||||
#if defined(OPENSSL_ARM) && defined(SUPPORTS_ABI_TEST)
|
||||
extern "C" {
|
||||
void abi_test_clobber_r0(void);
|
||||
void abi_test_clobber_r1(void);
|
||||
void abi_test_clobber_r2(void);
|
||||
void abi_test_clobber_r3(void);
|
||||
void abi_test_clobber_r4(void);
|
||||
void abi_test_clobber_r5(void);
|
||||
void abi_test_clobber_r6(void);
|
||||
void abi_test_clobber_r7(void);
|
||||
void abi_test_clobber_r8(void);
|
||||
void abi_test_clobber_r9(void);
|
||||
void abi_test_clobber_r10(void);
|
||||
void abi_test_clobber_r11(void);
|
||||
void abi_test_clobber_r12(void);
|
||||
// r13, r14, and r15, are sp, lr, and pc, respectively.
|
||||
|
||||
void abi_test_clobber_d0(void);
|
||||
void abi_test_clobber_d1(void);
|
||||
void abi_test_clobber_d2(void);
|
||||
void abi_test_clobber_d3(void);
|
||||
void abi_test_clobber_d4(void);
|
||||
void abi_test_clobber_d5(void);
|
||||
void abi_test_clobber_d6(void);
|
||||
void abi_test_clobber_d7(void);
|
||||
void abi_test_clobber_d8(void);
|
||||
void abi_test_clobber_d9(void);
|
||||
void abi_test_clobber_d10(void);
|
||||
void abi_test_clobber_d11(void);
|
||||
void abi_test_clobber_d12(void);
|
||||
void abi_test_clobber_d13(void);
|
||||
void abi_test_clobber_d14(void);
|
||||
void abi_test_clobber_d15(void);
|
||||
} // extern "C"
|
||||
|
||||
TEST(ABITest, ARM) {
|
||||
// abi_test_trampoline hides unsaved registers from the caller, so we can
|
||||
// safely call the abi_test_clobber_* functions below.
|
||||
abi_test::internal::CallerState state;
|
||||
RAND_bytes(reinterpret_cast<uint8_t *>(&state), sizeof(state));
|
||||
CHECK_ABI_NO_UNWIND(abi_test_trampoline,
|
||||
reinterpret_cast<crypto_word_t>(abi_test_clobber_r4),
|
||||
&state, nullptr, 0, 0 /* no breakpoint */);
|
||||
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_r0);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_r1);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_r2);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_r3);
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r4),
|
||||
"r4 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r5),
|
||||
"r5 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r6),
|
||||
"r6 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r7),
|
||||
"r7 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r8),
|
||||
"r8 was not restored after return");
|
||||
#if defined(OPENSSL_APPLE)
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_r9);
|
||||
#else
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r9),
|
||||
"r9 was not restored after return");
|
||||
#endif
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r10),
|
||||
"r10 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r11),
|
||||
"r11 was not restored after return");
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_r12);
|
||||
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_d0);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_d1);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_d2);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_d3);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_d4);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_d5);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_d6);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_d7);
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d8),
|
||||
"d8 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d9),
|
||||
"d9 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d10),
|
||||
"d10 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d11),
|
||||
"d11 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d12),
|
||||
"d12 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d13),
|
||||
"d13 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d14),
|
||||
"d14 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d15),
|
||||
"d15 was not restored after return");
|
||||
}
|
||||
#endif // OPENSSL_ARM && SUPPORTS_ABI_TEST
|
||||
|
||||
#if defined(OPENSSL_AARCH64) && defined(SUPPORTS_ABI_TEST)
|
||||
extern "C" {
|
||||
void abi_test_clobber_x0(void);
|
||||
void abi_test_clobber_x1(void);
|
||||
void abi_test_clobber_x2(void);
|
||||
void abi_test_clobber_x3(void);
|
||||
void abi_test_clobber_x4(void);
|
||||
void abi_test_clobber_x5(void);
|
||||
void abi_test_clobber_x6(void);
|
||||
void abi_test_clobber_x7(void);
|
||||
void abi_test_clobber_x8(void);
|
||||
void abi_test_clobber_x9(void);
|
||||
void abi_test_clobber_x10(void);
|
||||
void abi_test_clobber_x11(void);
|
||||
void abi_test_clobber_x12(void);
|
||||
void abi_test_clobber_x13(void);
|
||||
void abi_test_clobber_x14(void);
|
||||
void abi_test_clobber_x15(void);
|
||||
void abi_test_clobber_x16(void);
|
||||
void abi_test_clobber_x17(void);
|
||||
// x18 is the platform register and off limits.
|
||||
void abi_test_clobber_x19(void);
|
||||
void abi_test_clobber_x20(void);
|
||||
void abi_test_clobber_x21(void);
|
||||
void abi_test_clobber_x22(void);
|
||||
void abi_test_clobber_x23(void);
|
||||
void abi_test_clobber_x24(void);
|
||||
void abi_test_clobber_x25(void);
|
||||
void abi_test_clobber_x26(void);
|
||||
void abi_test_clobber_x27(void);
|
||||
void abi_test_clobber_x28(void);
|
||||
void abi_test_clobber_x29(void);
|
||||
|
||||
void abi_test_clobber_d0(void);
|
||||
void abi_test_clobber_d1(void);
|
||||
void abi_test_clobber_d2(void);
|
||||
void abi_test_clobber_d3(void);
|
||||
void abi_test_clobber_d4(void);
|
||||
void abi_test_clobber_d5(void);
|
||||
void abi_test_clobber_d6(void);
|
||||
void abi_test_clobber_d7(void);
|
||||
void abi_test_clobber_d8(void);
|
||||
void abi_test_clobber_d9(void);
|
||||
void abi_test_clobber_d10(void);
|
||||
void abi_test_clobber_d11(void);
|
||||
void abi_test_clobber_d12(void);
|
||||
void abi_test_clobber_d13(void);
|
||||
void abi_test_clobber_d14(void);
|
||||
void abi_test_clobber_d15(void);
|
||||
void abi_test_clobber_d16(void);
|
||||
void abi_test_clobber_d17(void);
|
||||
void abi_test_clobber_d18(void);
|
||||
void abi_test_clobber_d19(void);
|
||||
void abi_test_clobber_d20(void);
|
||||
void abi_test_clobber_d21(void);
|
||||
void abi_test_clobber_d22(void);
|
||||
void abi_test_clobber_d23(void);
|
||||
void abi_test_clobber_d24(void);
|
||||
void abi_test_clobber_d25(void);
|
||||
void abi_test_clobber_d26(void);
|
||||
void abi_test_clobber_d27(void);
|
||||
void abi_test_clobber_d28(void);
|
||||
void abi_test_clobber_d29(void);
|
||||
void abi_test_clobber_d30(void);
|
||||
void abi_test_clobber_d31(void);
|
||||
|
||||
void abi_test_clobber_v8_upper(void);
|
||||
void abi_test_clobber_v9_upper(void);
|
||||
void abi_test_clobber_v10_upper(void);
|
||||
void abi_test_clobber_v11_upper(void);
|
||||
void abi_test_clobber_v12_upper(void);
|
||||
void abi_test_clobber_v13_upper(void);
|
||||
void abi_test_clobber_v14_upper(void);
|
||||
void abi_test_clobber_v15_upper(void);
|
||||
} // extern "C"
|
||||
|
||||
TEST(ABITest, AArch64) {
|
||||
// abi_test_trampoline hides unsaved registers from the caller, so we can
|
||||
// safely call the abi_test_clobber_* functions below.
|
||||
abi_test::internal::CallerState state;
|
||||
RAND_bytes(reinterpret_cast<uint8_t *>(&state), sizeof(state));
|
||||
CHECK_ABI_NO_UNWIND(abi_test_trampoline,
|
||||
reinterpret_cast<crypto_word_t>(abi_test_clobber_x19),
|
||||
&state, nullptr, 0, 0 /* no breakpoint */);
|
||||
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_x0);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_x1);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_x2);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_x3);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_x4);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_x5);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_x6);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_x7);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_x8);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_x9);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_x10);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_x11);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_x12);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_x13);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_x14);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_x15);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_x16);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_x17);
|
||||
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_x19),
|
||||
"x19 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_x20),
|
||||
"x20 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_x21),
|
||||
"x21 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_x22),
|
||||
"x22 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_x23),
|
||||
"x23 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_x24),
|
||||
"x24 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_x25),
|
||||
"x25 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_x26),
|
||||
"x26 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_x27),
|
||||
"x27 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_x28),
|
||||
"x28 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_x29),
|
||||
"x29 was not restored after return");
|
||||
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_d0);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_d1);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_d2);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_d3);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_d4);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_d5);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_d6);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_d7);
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d8),
|
||||
"d8 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d9),
|
||||
"d9 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d10),
|
||||
"d10 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d11),
|
||||
"d11 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d12),
|
||||
"d12 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d13),
|
||||
"d13 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d14),
|
||||
"d14 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d15),
|
||||
"d15 was not restored after return");
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_d16);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_d18);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_d19);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_d20);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_d21);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_d22);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_d23);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_d24);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_d25);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_d26);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_d27);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_d28);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_d29);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_d30);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_d31);
|
||||
|
||||
// The lower halves of v8-v15 (accessed as d8-d15) must be preserved, but not
|
||||
// the upper halves.
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_v8_upper);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_v9_upper);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_v10_upper);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_v11_upper);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_v12_upper);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_v13_upper);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_v14_upper);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_v15_upper);
|
||||
}
|
||||
#endif // OPENSSL_AARCH64 && SUPPORTS_ABI_TEST
|
||||
|
||||
#if defined(OPENSSL_PPC64LE) && defined(SUPPORTS_ABI_TEST)
|
||||
extern "C" {
|
||||
void abi_test_clobber_r0(void);
|
||||
// r1 is the stack pointer.
|
||||
void abi_test_clobber_r2(void);
|
||||
void abi_test_clobber_r3(void);
|
||||
void abi_test_clobber_r4(void);
|
||||
void abi_test_clobber_r5(void);
|
||||
void abi_test_clobber_r6(void);
|
||||
void abi_test_clobber_r7(void);
|
||||
void abi_test_clobber_r8(void);
|
||||
void abi_test_clobber_r9(void);
|
||||
void abi_test_clobber_r10(void);
|
||||
void abi_test_clobber_r11(void);
|
||||
void abi_test_clobber_r12(void);
|
||||
// r13 is the thread pointer.
|
||||
void abi_test_clobber_r14(void);
|
||||
void abi_test_clobber_r15(void);
|
||||
void abi_test_clobber_r16(void);
|
||||
void abi_test_clobber_r17(void);
|
||||
void abi_test_clobber_r18(void);
|
||||
void abi_test_clobber_r19(void);
|
||||
void abi_test_clobber_r20(void);
|
||||
void abi_test_clobber_r21(void);
|
||||
void abi_test_clobber_r22(void);
|
||||
void abi_test_clobber_r23(void);
|
||||
void abi_test_clobber_r24(void);
|
||||
void abi_test_clobber_r25(void);
|
||||
void abi_test_clobber_r26(void);
|
||||
void abi_test_clobber_r27(void);
|
||||
void abi_test_clobber_r28(void);
|
||||
void abi_test_clobber_r29(void);
|
||||
void abi_test_clobber_r30(void);
|
||||
void abi_test_clobber_r31(void);
|
||||
|
||||
void abi_test_clobber_f0(void);
|
||||
void abi_test_clobber_f1(void);
|
||||
void abi_test_clobber_f2(void);
|
||||
void abi_test_clobber_f3(void);
|
||||
void abi_test_clobber_f4(void);
|
||||
void abi_test_clobber_f5(void);
|
||||
void abi_test_clobber_f6(void);
|
||||
void abi_test_clobber_f7(void);
|
||||
void abi_test_clobber_f8(void);
|
||||
void abi_test_clobber_f9(void);
|
||||
void abi_test_clobber_f10(void);
|
||||
void abi_test_clobber_f11(void);
|
||||
void abi_test_clobber_f12(void);
|
||||
void abi_test_clobber_f13(void);
|
||||
void abi_test_clobber_f14(void);
|
||||
void abi_test_clobber_f15(void);
|
||||
void abi_test_clobber_f16(void);
|
||||
void abi_test_clobber_f17(void);
|
||||
void abi_test_clobber_f18(void);
|
||||
void abi_test_clobber_f19(void);
|
||||
void abi_test_clobber_f20(void);
|
||||
void abi_test_clobber_f21(void);
|
||||
void abi_test_clobber_f22(void);
|
||||
void abi_test_clobber_f23(void);
|
||||
void abi_test_clobber_f24(void);
|
||||
void abi_test_clobber_f25(void);
|
||||
void abi_test_clobber_f26(void);
|
||||
void abi_test_clobber_f27(void);
|
||||
void abi_test_clobber_f28(void);
|
||||
void abi_test_clobber_f29(void);
|
||||
void abi_test_clobber_f30(void);
|
||||
void abi_test_clobber_f31(void);
|
||||
|
||||
void abi_test_clobber_v0(void);
|
||||
void abi_test_clobber_v1(void);
|
||||
void abi_test_clobber_v2(void);
|
||||
void abi_test_clobber_v3(void);
|
||||
void abi_test_clobber_v4(void);
|
||||
void abi_test_clobber_v5(void);
|
||||
void abi_test_clobber_v6(void);
|
||||
void abi_test_clobber_v7(void);
|
||||
void abi_test_clobber_v8(void);
|
||||
void abi_test_clobber_v9(void);
|
||||
void abi_test_clobber_v10(void);
|
||||
void abi_test_clobber_v11(void);
|
||||
void abi_test_clobber_v12(void);
|
||||
void abi_test_clobber_v13(void);
|
||||
void abi_test_clobber_v14(void);
|
||||
void abi_test_clobber_v15(void);
|
||||
void abi_test_clobber_v16(void);
|
||||
void abi_test_clobber_v17(void);
|
||||
void abi_test_clobber_v18(void);
|
||||
void abi_test_clobber_v19(void);
|
||||
void abi_test_clobber_v20(void);
|
||||
void abi_test_clobber_v21(void);
|
||||
void abi_test_clobber_v22(void);
|
||||
void abi_test_clobber_v23(void);
|
||||
void abi_test_clobber_v24(void);
|
||||
void abi_test_clobber_v25(void);
|
||||
void abi_test_clobber_v26(void);
|
||||
void abi_test_clobber_v27(void);
|
||||
void abi_test_clobber_v28(void);
|
||||
void abi_test_clobber_v29(void);
|
||||
void abi_test_clobber_v30(void);
|
||||
void abi_test_clobber_v31(void);
|
||||
|
||||
void abi_test_clobber_cr0(void);
|
||||
void abi_test_clobber_cr1(void);
|
||||
void abi_test_clobber_cr2(void);
|
||||
void abi_test_clobber_cr3(void);
|
||||
void abi_test_clobber_cr4(void);
|
||||
void abi_test_clobber_cr5(void);
|
||||
void abi_test_clobber_cr6(void);
|
||||
void abi_test_clobber_cr7(void);
|
||||
|
||||
void abi_test_clobber_ctr(void);
|
||||
void abi_test_clobber_lr(void);
|
||||
|
||||
} // extern "C"
|
||||
|
||||
TEST(ABITest, PPC64LE) {
|
||||
// abi_test_trampoline hides unsaved registers from the caller, so we can
|
||||
// safely call the abi_test_clobber_* functions below.
|
||||
abi_test::internal::CallerState state;
|
||||
RAND_bytes(reinterpret_cast<uint8_t *>(&state), sizeof(state));
|
||||
CHECK_ABI_NO_UNWIND(abi_test_trampoline,
|
||||
reinterpret_cast<crypto_word_t>(abi_test_clobber_r14),
|
||||
&state, nullptr, 0, 0 /* no breakpoint */);
|
||||
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_r0);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_r2);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_r3);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_r4);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_r5);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_r6);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_r7);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_r8);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_r9);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_r10);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_r11);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_r12);
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r14),
|
||||
"r14 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r15),
|
||||
"r15 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r16),
|
||||
"r16 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r17),
|
||||
"r17 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r18),
|
||||
"r18 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r19),
|
||||
"r19 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r20),
|
||||
"r20 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r21),
|
||||
"r21 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r22),
|
||||
"r22 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r23),
|
||||
"r23 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r24),
|
||||
"r24 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r25),
|
||||
"r25 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r26),
|
||||
"r26 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r27),
|
||||
"r27 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r28),
|
||||
"r28 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r29),
|
||||
"r29 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r30),
|
||||
"r30 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r31),
|
||||
"r31 was not restored after return");
|
||||
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_f0);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_f1);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_f2);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_f3);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_f4);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_f5);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_f6);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_f7);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_f8);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_f9);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_f10);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_f11);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_f12);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_f13);
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_f14),
|
||||
"f14 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_f15),
|
||||
"f15 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_f16),
|
||||
"f16 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_f17),
|
||||
"f17 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_f18),
|
||||
"f18 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_f19),
|
||||
"f19 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_f20),
|
||||
"f20 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_f21),
|
||||
"f21 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_f22),
|
||||
"f22 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_f23),
|
||||
"f23 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_f24),
|
||||
"f24 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_f25),
|
||||
"f25 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_f26),
|
||||
"f26 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_f27),
|
||||
"f27 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_f28),
|
||||
"f28 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_f29),
|
||||
"f29 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_f30),
|
||||
"f30 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_f31),
|
||||
"f31 was not restored after return");
|
||||
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_v0);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_v1);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_v2);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_v3);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_v4);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_v5);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_v6);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_v7);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_v8);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_v9);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_v10);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_v11);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_v12);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_v13);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_v14);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_v15);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_v16);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_v17);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_v18);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_v19);
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_v20),
|
||||
"v20 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_v21),
|
||||
"v21 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_v22),
|
||||
"v22 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_v23),
|
||||
"v23 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_v24),
|
||||
"v24 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_v25),
|
||||
"v25 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_v26),
|
||||
"v26 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_v27),
|
||||
"v27 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_v28),
|
||||
"v28 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_v29),
|
||||
"v29 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_v30),
|
||||
"v30 was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_v31),
|
||||
"v31 was not restored after return");
|
||||
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_cr0);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_cr1);
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_cr2),
|
||||
"cr was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_cr3),
|
||||
"cr was not restored after return");
|
||||
EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_cr4),
|
||||
"cr was not restored after return");
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_cr5);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_cr6);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_cr7);
|
||||
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_ctr);
|
||||
CHECK_ABI_NO_UNWIND(abi_test_clobber_lr);
|
||||
}
|
||||
#endif // OPENSSL_PPC64LE && SUPPORTS_ABI_TEST
|
||||
271
third-party/boringssl/src/crypto/asn1/a_bitstr.c
vendored
Normal file
271
third-party/boringssl/src/crypto/asn1/a_bitstr.c
vendored
Normal file
|
|
@ -0,0 +1,271 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
#include <limits.h>
|
||||
#include <string.h>
|
||||
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/mem.h>
|
||||
|
||||
#include "../internal.h"
|
||||
|
||||
|
||||
int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
|
||||
{
|
||||
return M_ASN1_BIT_STRING_set(x, d, len);
|
||||
}
|
||||
|
||||
int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
|
||||
{
|
||||
int ret, j, bits, len;
|
||||
unsigned char *p, *d;
|
||||
|
||||
if (a == NULL)
|
||||
return (0);
|
||||
|
||||
len = a->length;
|
||||
|
||||
if (len > 0) {
|
||||
if (a->flags & ASN1_STRING_FLAG_BITS_LEFT) {
|
||||
bits = (int)a->flags & 0x07;
|
||||
} else {
|
||||
for (; len > 0; len--) {
|
||||
if (a->data[len - 1])
|
||||
break;
|
||||
}
|
||||
j = a->data[len - 1];
|
||||
if (j & 0x01)
|
||||
bits = 0;
|
||||
else if (j & 0x02)
|
||||
bits = 1;
|
||||
else if (j & 0x04)
|
||||
bits = 2;
|
||||
else if (j & 0x08)
|
||||
bits = 3;
|
||||
else if (j & 0x10)
|
||||
bits = 4;
|
||||
else if (j & 0x20)
|
||||
bits = 5;
|
||||
else if (j & 0x40)
|
||||
bits = 6;
|
||||
else if (j & 0x80)
|
||||
bits = 7;
|
||||
else
|
||||
bits = 0; /* should not happen */
|
||||
}
|
||||
} else
|
||||
bits = 0;
|
||||
|
||||
ret = 1 + len;
|
||||
if (pp == NULL)
|
||||
return (ret);
|
||||
|
||||
p = *pp;
|
||||
|
||||
*(p++) = (unsigned char)bits;
|
||||
d = a->data;
|
||||
OPENSSL_memcpy(p, d, len);
|
||||
p += len;
|
||||
if (len > 0)
|
||||
p[-1] &= (0xff << bits);
|
||||
*pp = p;
|
||||
return (ret);
|
||||
}
|
||||
|
||||
ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
|
||||
const unsigned char **pp, long len)
|
||||
{
|
||||
ASN1_BIT_STRING *ret = NULL;
|
||||
const unsigned char *p;
|
||||
unsigned char *s;
|
||||
int padding;
|
||||
|
||||
if (len < 1) {
|
||||
OPENSSL_PUT_ERROR(ASN1, ASN1_R_STRING_TOO_SHORT);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (len > INT_MAX) {
|
||||
OPENSSL_PUT_ERROR(ASN1, ASN1_R_STRING_TOO_LONG);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if ((a == NULL) || ((*a) == NULL)) {
|
||||
if ((ret = M_ASN1_BIT_STRING_new()) == NULL)
|
||||
return (NULL);
|
||||
} else
|
||||
ret = (*a);
|
||||
|
||||
p = *pp;
|
||||
padding = *(p++);
|
||||
if (padding > 7) {
|
||||
OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
|
||||
goto err;
|
||||
}
|
||||
|
||||
/*
|
||||
* We do this to preserve the settings. If we modify the settings, via
|
||||
* the _set_bit function, we will recalculate on output
|
||||
*/
|
||||
ret->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear */
|
||||
ret->flags |= (ASN1_STRING_FLAG_BITS_LEFT | padding); /* set */
|
||||
|
||||
if (len-- > 1) { /* using one because of the bits left byte */
|
||||
s = (unsigned char *)OPENSSL_malloc((int)len);
|
||||
if (s == NULL) {
|
||||
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
OPENSSL_memcpy(s, p, (int)len);
|
||||
s[len - 1] &= (0xff << padding);
|
||||
p += len;
|
||||
} else
|
||||
s = NULL;
|
||||
|
||||
ret->length = (int)len;
|
||||
if (ret->data != NULL)
|
||||
OPENSSL_free(ret->data);
|
||||
ret->data = s;
|
||||
ret->type = V_ASN1_BIT_STRING;
|
||||
if (a != NULL)
|
||||
(*a) = ret;
|
||||
*pp = p;
|
||||
return (ret);
|
||||
err:
|
||||
if ((ret != NULL) && ((a == NULL) || (*a != ret)))
|
||||
M_ASN1_BIT_STRING_free(ret);
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
/*
|
||||
* These next 2 functions from Goetz Babin-Ebell <babinebell@trustcenter.de>
|
||||
*/
|
||||
int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
|
||||
{
|
||||
int w, v, iv;
|
||||
unsigned char *c;
|
||||
|
||||
w = n / 8;
|
||||
v = 1 << (7 - (n & 0x07));
|
||||
iv = ~v;
|
||||
if (!value)
|
||||
v = 0;
|
||||
|
||||
if (a == NULL)
|
||||
return 0;
|
||||
|
||||
a->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear, set on write */
|
||||
|
||||
if ((a->length < (w + 1)) || (a->data == NULL)) {
|
||||
if (!value)
|
||||
return (1); /* Don't need to set */
|
||||
if (a->data == NULL)
|
||||
c = (unsigned char *)OPENSSL_malloc(w + 1);
|
||||
else
|
||||
c = (unsigned char *)OPENSSL_realloc(a->data, w + 1);
|
||||
if (c == NULL) {
|
||||
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
|
||||
return 0;
|
||||
}
|
||||
if (w + 1 - a->length > 0)
|
||||
OPENSSL_memset(c + a->length, 0, w + 1 - a->length);
|
||||
a->data = c;
|
||||
a->length = w + 1;
|
||||
}
|
||||
a->data[w] = ((a->data[w]) & iv) | v;
|
||||
while ((a->length > 0) && (a->data[a->length - 1] == 0))
|
||||
a->length--;
|
||||
return (1);
|
||||
}
|
||||
|
||||
int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n)
|
||||
{
|
||||
int w, v;
|
||||
|
||||
w = n / 8;
|
||||
v = 1 << (7 - (n & 0x07));
|
||||
if ((a == NULL) || (a->length < (w + 1)) || (a->data == NULL))
|
||||
return (0);
|
||||
return ((a->data[w] & v) != 0);
|
||||
}
|
||||
|
||||
/*
|
||||
* Checks if the given bit string contains only bits specified by
|
||||
* the flags vector. Returns 0 if there is at least one bit set in 'a'
|
||||
* which is not specified in 'flags', 1 otherwise.
|
||||
* 'len' is the length of 'flags'.
|
||||
*/
|
||||
int ASN1_BIT_STRING_check(ASN1_BIT_STRING *a,
|
||||
unsigned char *flags, int flags_len)
|
||||
{
|
||||
int i, ok;
|
||||
/* Check if there is one bit set at all. */
|
||||
if (!a || !a->data)
|
||||
return 1;
|
||||
|
||||
/*
|
||||
* Check each byte of the internal representation of the bit string.
|
||||
*/
|
||||
ok = 1;
|
||||
for (i = 0; i < a->length && ok; ++i) {
|
||||
unsigned char mask = i < flags_len ? ~flags[i] : 0xff;
|
||||
/* We are done if there is an unneeded bit set. */
|
||||
ok = (a->data[i] & mask) == 0;
|
||||
}
|
||||
return ok;
|
||||
}
|
||||
123
third-party/boringssl/src/crypto/asn1/a_bool.c
vendored
Normal file
123
third-party/boringssl/src/crypto/asn1/a_bool.c
vendored
Normal file
|
|
@ -0,0 +1,123 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/mem.h>
|
||||
|
||||
int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
|
||||
{
|
||||
int r;
|
||||
unsigned char *p, *allocated = NULL;
|
||||
|
||||
r = ASN1_object_size(0, 1, V_ASN1_BOOLEAN);
|
||||
if (pp == NULL)
|
||||
return (r);
|
||||
|
||||
if (*pp == NULL) {
|
||||
if ((p = allocated = OPENSSL_malloc(r)) == NULL) {
|
||||
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
|
||||
return 0;
|
||||
}
|
||||
} else {
|
||||
p = *pp;
|
||||
}
|
||||
|
||||
ASN1_put_object(&p, 0, 1, V_ASN1_BOOLEAN, V_ASN1_UNIVERSAL);
|
||||
*p = (unsigned char)a;
|
||||
|
||||
/*
|
||||
* If a new buffer was allocated, just return it back.
|
||||
* If not, return the incremented buffer pointer.
|
||||
*/
|
||||
*pp = allocated != NULL ? allocated : p + 1;
|
||||
return r;
|
||||
}
|
||||
|
||||
int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length)
|
||||
{
|
||||
int ret = -1;
|
||||
const unsigned char *p;
|
||||
long len;
|
||||
int inf, tag, xclass;
|
||||
int i = 0;
|
||||
|
||||
p = *pp;
|
||||
inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
|
||||
if (inf & 0x80) {
|
||||
i = ASN1_R_BAD_OBJECT_HEADER;
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (tag != V_ASN1_BOOLEAN) {
|
||||
i = ASN1_R_EXPECTING_A_BOOLEAN;
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (len != 1) {
|
||||
i = ASN1_R_BOOLEAN_IS_WRONG_LENGTH;
|
||||
goto err;
|
||||
}
|
||||
ret = (int)*(p++);
|
||||
if (a != NULL)
|
||||
(*a) = ret;
|
||||
*pp = p;
|
||||
return (ret);
|
||||
err:
|
||||
OPENSSL_PUT_ERROR(ASN1, i);
|
||||
return (ret);
|
||||
}
|
||||
93
third-party/boringssl/src/crypto/asn1/a_d2i_fp.c
vendored
Normal file
93
third-party/boringssl/src/crypto/asn1/a_d2i_fp.c
vendored
Normal file
|
|
@ -0,0 +1,93 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
#include <limits.h>
|
||||
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/mem.h>
|
||||
|
||||
|
||||
void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
|
||||
{
|
||||
uint8_t *data;
|
||||
size_t len;
|
||||
// Historically, this function did not impose a limit in OpenSSL and is used
|
||||
// to read CRLs, so we leave this without an external bound.
|
||||
if (!BIO_read_asn1(in, &data, &len, INT_MAX)) {
|
||||
return NULL;
|
||||
}
|
||||
const uint8_t *ptr = data;
|
||||
void *ret = ASN1_item_d2i(x, &ptr, len, it);
|
||||
OPENSSL_free(data);
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_FP_API
|
||||
void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
|
||||
{
|
||||
BIO *b = BIO_new_fp(in, BIO_NOCLOSE);
|
||||
if (b == NULL) {
|
||||
OPENSSL_PUT_ERROR(ASN1, ERR_R_BUF_LIB);
|
||||
return NULL;
|
||||
}
|
||||
void *ret = ASN1_item_d2i_bio(it, b, x);
|
||||
BIO_free(b);
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
87
third-party/boringssl/src/crypto/asn1/a_dup.c
vendored
Normal file
87
third-party/boringssl/src/crypto/asn1/a_dup.c
vendored
Normal file
|
|
@ -0,0 +1,87 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/mem.h>
|
||||
|
||||
/*
|
||||
* ASN1_ITEM version of dup: this follows the model above except we don't
|
||||
* need to allocate the buffer. At some point this could be rewritten to
|
||||
* directly dup the underlying structure instead of doing and encode and
|
||||
* decode.
|
||||
*/
|
||||
void *ASN1_item_dup(const ASN1_ITEM *it, void *x)
|
||||
{
|
||||
unsigned char *b = NULL;
|
||||
const unsigned char *p;
|
||||
long i;
|
||||
void *ret;
|
||||
|
||||
if (x == NULL)
|
||||
return (NULL);
|
||||
|
||||
i = ASN1_item_i2d(x, &b, it);
|
||||
if (b == NULL) {
|
||||
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
|
||||
return (NULL);
|
||||
}
|
||||
p = b;
|
||||
ret = ASN1_item_d2i(NULL, &p, i, it);
|
||||
OPENSSL_free(b);
|
||||
return (ret);
|
||||
}
|
||||
195
third-party/boringssl/src/crypto/asn1/a_enum.c
vendored
Normal file
195
third-party/boringssl/src/crypto/asn1/a_enum.c
vendored
Normal file
|
|
@ -0,0 +1,195 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
#include <limits.h>
|
||||
#include <string.h>
|
||||
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/mem.h>
|
||||
|
||||
#include "../internal.h"
|
||||
|
||||
|
||||
/*
|
||||
* Code for ENUMERATED type: identical to INTEGER apart from a different tag.
|
||||
* for comments on encoding see a_int.c
|
||||
*/
|
||||
|
||||
int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
|
||||
{
|
||||
int j, k;
|
||||
unsigned int i;
|
||||
unsigned char buf[sizeof(long) + 1];
|
||||
long d;
|
||||
|
||||
a->type = V_ASN1_ENUMERATED;
|
||||
if (a->length < (int)(sizeof(long) + 1)) {
|
||||
if (a->data != NULL)
|
||||
OPENSSL_free(a->data);
|
||||
if ((a->data =
|
||||
(unsigned char *)OPENSSL_malloc(sizeof(long) + 1)) != NULL)
|
||||
OPENSSL_memset((char *)a->data, 0, sizeof(long) + 1);
|
||||
}
|
||||
if (a->data == NULL) {
|
||||
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
|
||||
return (0);
|
||||
}
|
||||
d = v;
|
||||
if (d < 0) {
|
||||
d = -d;
|
||||
a->type = V_ASN1_NEG_ENUMERATED;
|
||||
}
|
||||
|
||||
for (i = 0; i < sizeof(long); i++) {
|
||||
if (d == 0)
|
||||
break;
|
||||
buf[i] = (int)d & 0xff;
|
||||
d >>= 8;
|
||||
}
|
||||
j = 0;
|
||||
for (k = i - 1; k >= 0; k--)
|
||||
a->data[j++] = buf[k];
|
||||
a->length = j;
|
||||
return (1);
|
||||
}
|
||||
|
||||
long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
|
||||
{
|
||||
int neg = 0, i;
|
||||
|
||||
if (a == NULL)
|
||||
return (0L);
|
||||
i = a->type;
|
||||
if (i == V_ASN1_NEG_ENUMERATED)
|
||||
neg = 1;
|
||||
else if (i != V_ASN1_ENUMERATED)
|
||||
return -1;
|
||||
|
||||
OPENSSL_STATIC_ASSERT(sizeof(uint64_t) >= sizeof(long),
|
||||
"long larger than uint64_t");
|
||||
|
||||
if (a->length > (int)sizeof(uint64_t)) {
|
||||
/* hmm... a bit ugly */
|
||||
return -1;
|
||||
}
|
||||
|
||||
uint64_t r64 = 0;
|
||||
if (a->data != NULL) {
|
||||
for (i = 0; i < a->length; i++) {
|
||||
r64 <<= 8;
|
||||
r64 |= (unsigned char)a->data[i];
|
||||
}
|
||||
|
||||
if (r64 > LONG_MAX) {
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
long r = (long) r64;
|
||||
if (neg)
|
||||
r = -r;
|
||||
|
||||
return r;
|
||||
}
|
||||
|
||||
ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
|
||||
{
|
||||
ASN1_ENUMERATED *ret;
|
||||
int len, j;
|
||||
|
||||
if (ai == NULL)
|
||||
ret = M_ASN1_ENUMERATED_new();
|
||||
else
|
||||
ret = ai;
|
||||
if (ret == NULL) {
|
||||
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
|
||||
goto err;
|
||||
}
|
||||
if (BN_is_negative(bn))
|
||||
ret->type = V_ASN1_NEG_ENUMERATED;
|
||||
else
|
||||
ret->type = V_ASN1_ENUMERATED;
|
||||
j = BN_num_bits(bn);
|
||||
len = ((j == 0) ? 0 : ((j / 8) + 1));
|
||||
if (ret->length < len + 4) {
|
||||
unsigned char *new_data = OPENSSL_realloc(ret->data, len + 4);
|
||||
if (!new_data) {
|
||||
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
ret->data = new_data;
|
||||
}
|
||||
|
||||
ret->length = BN_bn2bin(bn, ret->data);
|
||||
return (ret);
|
||||
err:
|
||||
if (ret != ai)
|
||||
M_ASN1_ENUMERATED_free(ret);
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn)
|
||||
{
|
||||
BIGNUM *ret;
|
||||
|
||||
if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL)
|
||||
OPENSSL_PUT_ERROR(ASN1, ASN1_R_BN_LIB);
|
||||
else if (ai->type == V_ASN1_NEG_ENUMERATED)
|
||||
BN_set_negative(ret, 1);
|
||||
return (ret);
|
||||
}
|
||||
261
third-party/boringssl/src/crypto/asn1/a_gentm.c
vendored
Normal file
261
third-party/boringssl/src/crypto/asn1/a_gentm.c
vendored
Normal file
|
|
@ -0,0 +1,261 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
#include <string.h>
|
||||
#include <time.h>
|
||||
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/mem.h>
|
||||
|
||||
#include "asn1_locl.h"
|
||||
|
||||
int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d)
|
||||
{
|
||||
static const int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 };
|
||||
static const int max[9] = { 99, 99, 12, 31, 23, 59, 59, 12, 59 };
|
||||
char *a;
|
||||
int n, i, l, o;
|
||||
|
||||
if (d->type != V_ASN1_GENERALIZEDTIME)
|
||||
return (0);
|
||||
l = d->length;
|
||||
a = (char *)d->data;
|
||||
o = 0;
|
||||
/*
|
||||
* GENERALIZEDTIME is similar to UTCTIME except the year is represented
|
||||
* as YYYY. This stuff treats everything as a two digit field so make
|
||||
* first two fields 00 to 99
|
||||
*/
|
||||
if (l < 13)
|
||||
goto err;
|
||||
for (i = 0; i < 7; i++) {
|
||||
if ((i == 6) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) {
|
||||
i++;
|
||||
if (tm)
|
||||
tm->tm_sec = 0;
|
||||
break;
|
||||
}
|
||||
if ((a[o] < '0') || (a[o] > '9'))
|
||||
goto err;
|
||||
n = a[o] - '0';
|
||||
if (++o > l)
|
||||
goto err;
|
||||
|
||||
if ((a[o] < '0') || (a[o] > '9'))
|
||||
goto err;
|
||||
n = (n * 10) + a[o] - '0';
|
||||
if (++o > l)
|
||||
goto err;
|
||||
|
||||
if ((n < min[i]) || (n > max[i]))
|
||||
goto err;
|
||||
if (tm) {
|
||||
switch (i) {
|
||||
case 0:
|
||||
tm->tm_year = n * 100 - 1900;
|
||||
break;
|
||||
case 1:
|
||||
tm->tm_year += n;
|
||||
break;
|
||||
case 2:
|
||||
tm->tm_mon = n - 1;
|
||||
break;
|
||||
case 3:
|
||||
tm->tm_mday = n;
|
||||
break;
|
||||
case 4:
|
||||
tm->tm_hour = n;
|
||||
break;
|
||||
case 5:
|
||||
tm->tm_min = n;
|
||||
break;
|
||||
case 6:
|
||||
tm->tm_sec = n;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
/*
|
||||
* Optional fractional seconds: decimal point followed by one or more
|
||||
* digits.
|
||||
*/
|
||||
if (a[o] == '.') {
|
||||
if (++o > l)
|
||||
goto err;
|
||||
i = o;
|
||||
while ((a[o] >= '0') && (a[o] <= '9') && (o <= l))
|
||||
o++;
|
||||
/* Must have at least one digit after decimal point */
|
||||
if (i == o)
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (a[o] == 'Z')
|
||||
o++;
|
||||
else if ((a[o] == '+') || (a[o] == '-')) {
|
||||
int offsign = a[o] == '-' ? 1 : -1, offset = 0;
|
||||
o++;
|
||||
if (o + 4 > l)
|
||||
goto err;
|
||||
for (i = 7; i < 9; i++) {
|
||||
if ((a[o] < '0') || (a[o] > '9'))
|
||||
goto err;
|
||||
n = a[o] - '0';
|
||||
o++;
|
||||
if ((a[o] < '0') || (a[o] > '9'))
|
||||
goto err;
|
||||
n = (n * 10) + a[o] - '0';
|
||||
if ((n < min[i]) || (n > max[i]))
|
||||
goto err;
|
||||
if (tm) {
|
||||
if (i == 7)
|
||||
offset = n * 3600;
|
||||
else if (i == 8)
|
||||
offset += n * 60;
|
||||
}
|
||||
o++;
|
||||
}
|
||||
if (offset && !OPENSSL_gmtime_adj(tm, 0, offset * offsign))
|
||||
return 0;
|
||||
} else if (a[o]) {
|
||||
/* Missing time zone information. */
|
||||
goto err;
|
||||
}
|
||||
return (o == l);
|
||||
err:
|
||||
return (0);
|
||||
}
|
||||
|
||||
int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *d)
|
||||
{
|
||||
return asn1_generalizedtime_to_tm(NULL, d);
|
||||
}
|
||||
|
||||
int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str)
|
||||
{
|
||||
ASN1_GENERALIZEDTIME t;
|
||||
|
||||
t.type = V_ASN1_GENERALIZEDTIME;
|
||||
t.length = strlen(str);
|
||||
t.data = (unsigned char *)str;
|
||||
if (ASN1_GENERALIZEDTIME_check(&t)) {
|
||||
if (s != NULL) {
|
||||
if (!ASN1_STRING_set((ASN1_STRING *)s,
|
||||
(unsigned char *)str, t.length))
|
||||
return 0;
|
||||
s->type = V_ASN1_GENERALIZEDTIME;
|
||||
}
|
||||
return (1);
|
||||
} else
|
||||
return (0);
|
||||
}
|
||||
|
||||
ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
|
||||
time_t t)
|
||||
{
|
||||
return ASN1_GENERALIZEDTIME_adj(s, t, 0, 0);
|
||||
}
|
||||
|
||||
ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
|
||||
time_t t, int offset_day,
|
||||
long offset_sec)
|
||||
{
|
||||
char *p;
|
||||
struct tm *ts;
|
||||
struct tm data;
|
||||
size_t len = 20;
|
||||
ASN1_GENERALIZEDTIME *tmps = NULL;
|
||||
|
||||
if (s == NULL)
|
||||
tmps = ASN1_GENERALIZEDTIME_new();
|
||||
else
|
||||
tmps = s;
|
||||
if (tmps == NULL)
|
||||
return NULL;
|
||||
|
||||
ts = OPENSSL_gmtime(&t, &data);
|
||||
if (ts == NULL)
|
||||
goto err;
|
||||
|
||||
if (offset_day || offset_sec) {
|
||||
if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
|
||||
goto err;
|
||||
}
|
||||
|
||||
p = (char *)tmps->data;
|
||||
if ((p == NULL) || ((size_t)tmps->length < len)) {
|
||||
p = OPENSSL_malloc(len);
|
||||
if (p == NULL) {
|
||||
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
OPENSSL_free(tmps->data);
|
||||
tmps->data = (unsigned char *)p;
|
||||
}
|
||||
|
||||
BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ", ts->tm_year + 1900,
|
||||
ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min,
|
||||
ts->tm_sec);
|
||||
tmps->length = strlen(p);
|
||||
tmps->type = V_ASN1_GENERALIZEDTIME;
|
||||
return tmps;
|
||||
err:
|
||||
if (s == NULL)
|
||||
ASN1_GENERALIZEDTIME_free(tmps);
|
||||
return NULL;
|
||||
}
|
||||
88
third-party/boringssl/src/crypto/asn1/a_i2d_fp.c
vendored
Normal file
88
third-party/boringssl/src/crypto/asn1/a_i2d_fp.c
vendored
Normal file
|
|
@ -0,0 +1,88 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/mem.h>
|
||||
|
||||
|
||||
int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x)
|
||||
{
|
||||
BIO *b = BIO_new_fp(out, BIO_NOCLOSE);
|
||||
if (b == NULL) {
|
||||
OPENSSL_PUT_ERROR(ASN1, ERR_R_BUF_LIB);
|
||||
return 0;
|
||||
}
|
||||
int ret = ASN1_item_i2d_bio(it, b, x);
|
||||
BIO_free(b);
|
||||
return ret;
|
||||
}
|
||||
|
||||
int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x)
|
||||
{
|
||||
unsigned char *b = NULL;
|
||||
int n = ASN1_item_i2d(x, &b, it);
|
||||
if (b == NULL) {
|
||||
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
|
||||
return 0;
|
||||
}
|
||||
|
||||
int ret = BIO_write_all(out, b, n);
|
||||
OPENSSL_free(b);
|
||||
return ret;
|
||||
}
|
||||
420
third-party/boringssl/src/crypto/asn1/a_int.c
vendored
Normal file
420
third-party/boringssl/src/crypto/asn1/a_int.c
vendored
Normal file
|
|
@ -0,0 +1,420 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
#include <string.h>
|
||||
#include <limits.h>
|
||||
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/mem.h>
|
||||
|
||||
#include "../internal.h"
|
||||
|
||||
|
||||
ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x)
|
||||
{
|
||||
return M_ASN1_INTEGER_dup(x);
|
||||
}
|
||||
|
||||
int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y)
|
||||
{
|
||||
int neg, ret;
|
||||
/* Compare signs */
|
||||
neg = x->type & V_ASN1_NEG;
|
||||
if (neg != (y->type & V_ASN1_NEG)) {
|
||||
if (neg)
|
||||
return -1;
|
||||
else
|
||||
return 1;
|
||||
}
|
||||
|
||||
ret = ASN1_STRING_cmp(x, y);
|
||||
|
||||
if (neg)
|
||||
return -ret;
|
||||
else
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
* This converts an ASN1 INTEGER into its content encoding.
|
||||
* The internal representation is an ASN1_STRING whose data is a big endian
|
||||
* representation of the value, ignoring the sign. The sign is determined by
|
||||
* the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative.
|
||||
*
|
||||
* Positive integers are no problem: they are almost the same as the DER
|
||||
* encoding, except if the first byte is >= 0x80 we need to add a zero pad.
|
||||
*
|
||||
* Negative integers are a bit trickier...
|
||||
* The DER representation of negative integers is in 2s complement form.
|
||||
* The internal form is converted by complementing each octet and finally
|
||||
* adding one to the result. This can be done less messily with a little trick.
|
||||
* If the internal form has trailing zeroes then they will become FF by the
|
||||
* complement and 0 by the add one (due to carry) so just copy as many trailing
|
||||
* zeros to the destination as there are in the source. The carry will add one
|
||||
* to the last none zero octet: so complement this octet and add one and finally
|
||||
* complement any left over until you get to the start of the string.
|
||||
*
|
||||
* Padding is a little trickier too. If the first bytes is > 0x80 then we pad
|
||||
* with 0xff. However if the first byte is 0x80 and one of the following bytes
|
||||
* is non-zero we pad with 0xff. The reason for this distinction is that 0x80
|
||||
* followed by optional zeros isn't padded.
|
||||
*/
|
||||
|
||||
int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
|
||||
{
|
||||
int pad = 0, ret, i, neg;
|
||||
unsigned char *p, *n, pb = 0;
|
||||
|
||||
if (a == NULL)
|
||||
return (0);
|
||||
neg = a->type & V_ASN1_NEG;
|
||||
if (a->length == 0)
|
||||
ret = 1;
|
||||
else {
|
||||
ret = a->length;
|
||||
i = a->data[0];
|
||||
if (ret == 1 && i == 0)
|
||||
neg = 0;
|
||||
if (!neg && (i > 127)) {
|
||||
pad = 1;
|
||||
pb = 0;
|
||||
} else if (neg) {
|
||||
if (i > 128) {
|
||||
pad = 1;
|
||||
pb = 0xFF;
|
||||
} else if (i == 128) {
|
||||
/*
|
||||
* Special case: if any other bytes non zero we pad:
|
||||
* otherwise we don't.
|
||||
*/
|
||||
for (i = 1; i < a->length; i++)
|
||||
if (a->data[i]) {
|
||||
pad = 1;
|
||||
pb = 0xFF;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
ret += pad;
|
||||
}
|
||||
if (pp == NULL)
|
||||
return (ret);
|
||||
p = *pp;
|
||||
|
||||
if (pad)
|
||||
*(p++) = pb;
|
||||
if (a->length == 0)
|
||||
*(p++) = 0;
|
||||
else if (!neg)
|
||||
OPENSSL_memcpy(p, a->data, (unsigned int)a->length);
|
||||
else {
|
||||
/* Begin at the end of the encoding */
|
||||
n = a->data + a->length - 1;
|
||||
p += a->length - 1;
|
||||
i = a->length;
|
||||
/* Copy zeros to destination as long as source is zero */
|
||||
while (!*n && i > 1) {
|
||||
*(p--) = 0;
|
||||
n--;
|
||||
i--;
|
||||
}
|
||||
/* Complement and increment next octet */
|
||||
*(p--) = ((*(n--)) ^ 0xff) + 1;
|
||||
i--;
|
||||
/* Complement any octets left */
|
||||
for (; i > 0; i--)
|
||||
*(p--) = *(n--) ^ 0xff;
|
||||
}
|
||||
|
||||
*pp += ret;
|
||||
return (ret);
|
||||
}
|
||||
|
||||
/* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */
|
||||
|
||||
ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
|
||||
long len)
|
||||
{
|
||||
ASN1_INTEGER *ret = NULL;
|
||||
const unsigned char *p, *pend;
|
||||
unsigned char *to, *s;
|
||||
int i;
|
||||
|
||||
/*
|
||||
* This function can handle lengths up to INT_MAX - 1, but the rest of the
|
||||
* legacy ASN.1 code mixes integer types, so avoid exposing it to
|
||||
* ASN1_INTEGERS with larger lengths.
|
||||
*/
|
||||
if (len < 0 || len > INT_MAX / 2) {
|
||||
OPENSSL_PUT_ERROR(ASN1, ASN1_R_TOO_LONG);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if ((a == NULL) || ((*a) == NULL)) {
|
||||
if ((ret = M_ASN1_INTEGER_new()) == NULL)
|
||||
return (NULL);
|
||||
ret->type = V_ASN1_INTEGER;
|
||||
} else
|
||||
ret = (*a);
|
||||
|
||||
p = *pp;
|
||||
pend = p + len;
|
||||
|
||||
/*
|
||||
* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies
|
||||
* a missing NULL parameter.
|
||||
*/
|
||||
s = (unsigned char *)OPENSSL_malloc((int)len + 1);
|
||||
if (s == NULL) {
|
||||
i = ERR_R_MALLOC_FAILURE;
|
||||
goto err;
|
||||
}
|
||||
to = s;
|
||||
if (!len) {
|
||||
/*
|
||||
* Strictly speaking this is an illegal INTEGER but we tolerate it.
|
||||
*/
|
||||
ret->type = V_ASN1_INTEGER;
|
||||
} else if (*p & 0x80) { /* a negative number */
|
||||
ret->type = V_ASN1_NEG_INTEGER;
|
||||
if ((*p == 0xff) && (len != 1)) {
|
||||
p++;
|
||||
len--;
|
||||
}
|
||||
i = len;
|
||||
p += i - 1;
|
||||
to += i - 1;
|
||||
while ((!*p) && i) {
|
||||
*(to--) = 0;
|
||||
i--;
|
||||
p--;
|
||||
}
|
||||
/*
|
||||
* Special case: if all zeros then the number will be of the form FF
|
||||
* followed by n zero bytes: this corresponds to 1 followed by n zero
|
||||
* bytes. We've already written n zeros so we just append an extra
|
||||
* one and set the first byte to a 1. This is treated separately
|
||||
* because it is the only case where the number of bytes is larger
|
||||
* than len.
|
||||
*/
|
||||
if (!i) {
|
||||
*s = 1;
|
||||
s[len] = 0;
|
||||
len++;
|
||||
} else {
|
||||
*(to--) = (*(p--) ^ 0xff) + 1;
|
||||
i--;
|
||||
for (; i > 0; i--)
|
||||
*(to--) = *(p--) ^ 0xff;
|
||||
}
|
||||
} else {
|
||||
ret->type = V_ASN1_INTEGER;
|
||||
if ((*p == 0) && (len != 1)) {
|
||||
p++;
|
||||
len--;
|
||||
}
|
||||
OPENSSL_memcpy(s, p, (int)len);
|
||||
}
|
||||
|
||||
if (ret->data != NULL)
|
||||
OPENSSL_free(ret->data);
|
||||
ret->data = s;
|
||||
ret->length = (int)len;
|
||||
if (a != NULL)
|
||||
(*a) = ret;
|
||||
*pp = pend;
|
||||
return (ret);
|
||||
err:
|
||||
OPENSSL_PUT_ERROR(ASN1, i);
|
||||
if ((ret != NULL) && ((a == NULL) || (*a != ret)))
|
||||
M_ASN1_INTEGER_free(ret);
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
|
||||
{
|
||||
if (v >= 0) {
|
||||
return ASN1_INTEGER_set_uint64(a, (uint64_t) v);
|
||||
}
|
||||
|
||||
if (!ASN1_INTEGER_set_uint64(a, 0 - (uint64_t) v)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
a->type = V_ASN1_NEG_INTEGER;
|
||||
return 1;
|
||||
}
|
||||
|
||||
int ASN1_INTEGER_set_uint64(ASN1_INTEGER *out, uint64_t v)
|
||||
{
|
||||
uint8_t *const newdata = OPENSSL_malloc(sizeof(uint64_t));
|
||||
if (newdata == NULL) {
|
||||
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
|
||||
return 0;
|
||||
}
|
||||
|
||||
OPENSSL_free(out->data);
|
||||
out->data = newdata;
|
||||
v = CRYPTO_bswap8(v);
|
||||
memcpy(out->data, &v, sizeof(v));
|
||||
|
||||
out->type = V_ASN1_INTEGER;
|
||||
|
||||
size_t leading_zeros;
|
||||
for (leading_zeros = 0; leading_zeros < sizeof(uint64_t) - 1;
|
||||
leading_zeros++) {
|
||||
if (out->data[leading_zeros] != 0) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
out->length = sizeof(uint64_t) - leading_zeros;
|
||||
OPENSSL_memmove(out->data, out->data + leading_zeros, out->length);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
long ASN1_INTEGER_get(const ASN1_INTEGER *a)
|
||||
{
|
||||
int neg = 0, i;
|
||||
|
||||
if (a == NULL)
|
||||
return (0L);
|
||||
i = a->type;
|
||||
if (i == V_ASN1_NEG_INTEGER)
|
||||
neg = 1;
|
||||
else if (i != V_ASN1_INTEGER)
|
||||
return -1;
|
||||
|
||||
OPENSSL_STATIC_ASSERT(sizeof(uint64_t) >= sizeof(long),
|
||||
"long larger than uint64_t");
|
||||
|
||||
if (a->length > (int)sizeof(uint64_t)) {
|
||||
/* hmm... a bit ugly, return all ones */
|
||||
return -1;
|
||||
}
|
||||
|
||||
uint64_t r64 = 0;
|
||||
if (a->data != NULL) {
|
||||
for (i = 0; i < a->length; i++) {
|
||||
r64 <<= 8;
|
||||
r64 |= (unsigned char)a->data[i];
|
||||
}
|
||||
|
||||
if (r64 > LONG_MAX) {
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
long r = (long) r64;
|
||||
if (neg)
|
||||
r = -r;
|
||||
|
||||
return r;
|
||||
}
|
||||
|
||||
ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
|
||||
{
|
||||
ASN1_INTEGER *ret;
|
||||
int len, j;
|
||||
|
||||
if (ai == NULL)
|
||||
ret = M_ASN1_INTEGER_new();
|
||||
else
|
||||
ret = ai;
|
||||
if (ret == NULL) {
|
||||
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
|
||||
goto err;
|
||||
}
|
||||
if (BN_is_negative(bn) && !BN_is_zero(bn))
|
||||
ret->type = V_ASN1_NEG_INTEGER;
|
||||
else
|
||||
ret->type = V_ASN1_INTEGER;
|
||||
j = BN_num_bits(bn);
|
||||
len = ((j == 0) ? 0 : ((j / 8) + 1));
|
||||
if (ret->length < len + 4) {
|
||||
unsigned char *new_data = OPENSSL_realloc(ret->data, len + 4);
|
||||
if (!new_data) {
|
||||
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
ret->data = new_data;
|
||||
}
|
||||
ret->length = BN_bn2bin(bn, ret->data);
|
||||
/* Correct zero case */
|
||||
if (!ret->length) {
|
||||
ret->data[0] = 0;
|
||||
ret->length = 1;
|
||||
}
|
||||
return (ret);
|
||||
err:
|
||||
if (ret != ai)
|
||||
M_ASN1_INTEGER_free(ret);
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn)
|
||||
{
|
||||
BIGNUM *ret;
|
||||
|
||||
if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL)
|
||||
OPENSSL_PUT_ERROR(ASN1, ASN1_R_BN_LIB);
|
||||
else if (ai->type == V_ASN1_NEG_INTEGER)
|
||||
BN_set_negative(ret, 1);
|
||||
return (ret);
|
||||
}
|
||||
305
third-party/boringssl/src/crypto/asn1/a_mbstr.c
vendored
Normal file
305
third-party/boringssl/src/crypto/asn1/a_mbstr.c
vendored
Normal file
|
|
@ -0,0 +1,305 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
#include <limits.h>
|
||||
#include <string.h>
|
||||
|
||||
#include <openssl/bytestring.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/mem.h>
|
||||
|
||||
#include "asn1_locl.h"
|
||||
#include "../bytestring/internal.h"
|
||||
|
||||
static int is_printable(uint32_t value);
|
||||
|
||||
/*
|
||||
* These functions take a string in UTF8, ASCII or multibyte form and a mask
|
||||
* of permissible ASN1 string types. It then works out the minimal type
|
||||
* (using the order Printable < IA5 < T61 < BMP < Universal < UTF8) and
|
||||
* creates a string of the correct type with the supplied data. Yes this is
|
||||
* horrible: it has to be :-( The 'ncopy' form checks minimum and maximum
|
||||
* size limits too.
|
||||
*/
|
||||
|
||||
int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
|
||||
int inform, unsigned long mask)
|
||||
{
|
||||
return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0);
|
||||
}
|
||||
|
||||
OPENSSL_DECLARE_ERROR_REASON(ASN1, INVALID_BMPSTRING)
|
||||
OPENSSL_DECLARE_ERROR_REASON(ASN1, INVALID_UNIVERSALSTRING)
|
||||
OPENSSL_DECLARE_ERROR_REASON(ASN1, INVALID_UTF8STRING)
|
||||
|
||||
int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
|
||||
int inform, unsigned long mask,
|
||||
long minsize, long maxsize)
|
||||
{
|
||||
int str_type;
|
||||
char free_out;
|
||||
ASN1_STRING *dest;
|
||||
size_t nchar = 0;
|
||||
char strbuf[32];
|
||||
if (len == -1)
|
||||
len = strlen((const char *)in);
|
||||
if (!mask)
|
||||
mask = DIRSTRING_TYPE;
|
||||
|
||||
int (*decode_func)(CBS *, uint32_t*);
|
||||
int error;
|
||||
switch (inform) {
|
||||
case MBSTRING_BMP:
|
||||
decode_func = cbs_get_ucs2_be;
|
||||
error = ASN1_R_INVALID_BMPSTRING;
|
||||
break;
|
||||
|
||||
case MBSTRING_UNIV:
|
||||
decode_func = cbs_get_utf32_be;
|
||||
error = ASN1_R_INVALID_UNIVERSALSTRING;
|
||||
break;
|
||||
|
||||
case MBSTRING_UTF8:
|
||||
decode_func = cbs_get_utf8;
|
||||
error = ASN1_R_INVALID_UTF8STRING;
|
||||
break;
|
||||
|
||||
case MBSTRING_ASC:
|
||||
decode_func = cbs_get_latin1;
|
||||
error = ERR_R_INTERNAL_ERROR; // Latin-1 inputs are never invalid.
|
||||
break;
|
||||
|
||||
default:
|
||||
OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_FORMAT);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Check |minsize| and |maxsize| and work out the minimal type, if any. */
|
||||
CBS cbs;
|
||||
CBS_init(&cbs, in, len);
|
||||
size_t utf8_len = 0;
|
||||
while (CBS_len(&cbs) != 0) {
|
||||
uint32_t c;
|
||||
if (!decode_func(&cbs, &c)) {
|
||||
OPENSSL_PUT_ERROR(ASN1, error);
|
||||
return -1;
|
||||
}
|
||||
if (nchar == 0 &&
|
||||
(inform == MBSTRING_BMP || inform == MBSTRING_UNIV) &&
|
||||
c == 0xfeff) {
|
||||
/* Reject byte-order mark. We could drop it but that would mean
|
||||
* adding ambiguity around whether a BOM was included or not when
|
||||
* matching strings.
|
||||
*
|
||||
* For a little-endian UCS-2 string, the BOM will appear as 0xfffe
|
||||
* and will be rejected as noncharacter, below. */
|
||||
OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_CHARACTERS);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Update which output formats are still possible. */
|
||||
if ((mask & B_ASN1_PRINTABLESTRING) && !is_printable(c)) {
|
||||
mask &= ~B_ASN1_PRINTABLESTRING;
|
||||
}
|
||||
if ((mask & B_ASN1_IA5STRING) && (c > 127)) {
|
||||
mask &= ~B_ASN1_IA5STRING;
|
||||
}
|
||||
if ((mask & B_ASN1_T61STRING) && (c > 0xff)) {
|
||||
mask &= ~B_ASN1_T61STRING;
|
||||
}
|
||||
if ((mask & B_ASN1_BMPSTRING) && (c > 0xffff)) {
|
||||
mask &= ~B_ASN1_BMPSTRING;
|
||||
}
|
||||
if (!mask) {
|
||||
OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_CHARACTERS);
|
||||
return -1;
|
||||
}
|
||||
|
||||
nchar++;
|
||||
utf8_len += cbb_get_utf8_len(c);
|
||||
}
|
||||
|
||||
if (minsize > 0 && nchar < (size_t)minsize) {
|
||||
OPENSSL_PUT_ERROR(ASN1, ASN1_R_STRING_TOO_SHORT);
|
||||
BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize);
|
||||
ERR_add_error_data(2, "minsize=", strbuf);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (maxsize > 0 && nchar > (size_t)maxsize) {
|
||||
OPENSSL_PUT_ERROR(ASN1, ASN1_R_STRING_TOO_LONG);
|
||||
BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize);
|
||||
ERR_add_error_data(2, "maxsize=", strbuf);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Now work out output format and string type */
|
||||
int (*encode_func)(CBB *, uint32_t) = cbb_add_latin1;
|
||||
size_t size_estimate = nchar;
|
||||
int outform = MBSTRING_ASC;
|
||||
if (mask & B_ASN1_PRINTABLESTRING) {
|
||||
str_type = V_ASN1_PRINTABLESTRING;
|
||||
} else if (mask & B_ASN1_IA5STRING) {
|
||||
str_type = V_ASN1_IA5STRING;
|
||||
} else if (mask & B_ASN1_T61STRING) {
|
||||
str_type = V_ASN1_T61STRING;
|
||||
} else if (mask & B_ASN1_BMPSTRING) {
|
||||
str_type = V_ASN1_BMPSTRING;
|
||||
outform = MBSTRING_BMP;
|
||||
encode_func = cbb_add_ucs2_be;
|
||||
size_estimate = 2 * nchar;
|
||||
} else if (mask & B_ASN1_UNIVERSALSTRING) {
|
||||
str_type = V_ASN1_UNIVERSALSTRING;
|
||||
encode_func = cbb_add_utf32_be;
|
||||
size_estimate = 4 * nchar;
|
||||
outform = MBSTRING_UNIV;
|
||||
} else {
|
||||
str_type = V_ASN1_UTF8STRING;
|
||||
outform = MBSTRING_UTF8;
|
||||
encode_func = cbb_add_utf8;
|
||||
size_estimate = utf8_len;
|
||||
}
|
||||
|
||||
if (!out)
|
||||
return str_type;
|
||||
if (*out) {
|
||||
free_out = 0;
|
||||
dest = *out;
|
||||
if (dest->data) {
|
||||
dest->length = 0;
|
||||
OPENSSL_free(dest->data);
|
||||
dest->data = NULL;
|
||||
}
|
||||
dest->type = str_type;
|
||||
} else {
|
||||
free_out = 1;
|
||||
dest = ASN1_STRING_type_new(str_type);
|
||||
if (!dest) {
|
||||
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
|
||||
return -1;
|
||||
}
|
||||
*out = dest;
|
||||
}
|
||||
|
||||
/* If both the same type just copy across */
|
||||
if (inform == outform) {
|
||||
if (!ASN1_STRING_set(dest, in, len)) {
|
||||
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
|
||||
return -1;
|
||||
}
|
||||
return str_type;
|
||||
}
|
||||
|
||||
CBB cbb;
|
||||
if (!CBB_init(&cbb, size_estimate + 1)) {
|
||||
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
CBS_init(&cbs, in, len);
|
||||
while (CBS_len(&cbs) != 0) {
|
||||
uint32_t c;
|
||||
if (!decode_func(&cbs, &c) ||
|
||||
!encode_func(&cbb, c)) {
|
||||
OPENSSL_PUT_ERROR(ASN1, ERR_R_INTERNAL_ERROR);
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
uint8_t *data = NULL;
|
||||
size_t data_len;
|
||||
if (/* OpenSSL historically NUL-terminated this value with a single byte,
|
||||
* even for |MBSTRING_BMP| and |MBSTRING_UNIV|. */
|
||||
!CBB_add_u8(&cbb, 0) ||
|
||||
!CBB_finish(&cbb, &data, &data_len) ||
|
||||
data_len < 1 ||
|
||||
data_len > INT_MAX) {
|
||||
OPENSSL_PUT_ERROR(ASN1, ERR_R_INTERNAL_ERROR);
|
||||
OPENSSL_free(data);
|
||||
goto err;
|
||||
}
|
||||
dest->length = (int)(data_len - 1);
|
||||
dest->data = data;
|
||||
return str_type;
|
||||
|
||||
err:
|
||||
if (free_out)
|
||||
ASN1_STRING_free(dest);
|
||||
CBB_cleanup(&cbb);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Return 1 if the character is permitted in a PrintableString */
|
||||
static int is_printable(uint32_t value)
|
||||
{
|
||||
int ch;
|
||||
if (value > 0x7f)
|
||||
return 0;
|
||||
ch = (int)value;
|
||||
/*
|
||||
* Note: we can't use 'isalnum' because certain accented characters may
|
||||
* count as alphanumeric in some environments.
|
||||
*/
|
||||
if ((ch >= 'a') && (ch <= 'z'))
|
||||
return 1;
|
||||
if ((ch >= 'A') && (ch <= 'Z'))
|
||||
return 1;
|
||||
if ((ch >= '0') && (ch <= '9'))
|
||||
return 1;
|
||||
if ((ch == ' ') || strchr("'()+,-./:=?", ch))
|
||||
return 1;
|
||||
return 0;
|
||||
}
|
||||
286
third-party/boringssl/src/crypto/asn1/a_object.c
vendored
Normal file
286
third-party/boringssl/src/crypto/asn1/a_object.c
vendored
Normal file
|
|
@ -0,0 +1,286 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
#include <limits.h>
|
||||
#include <string.h>
|
||||
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/mem.h>
|
||||
#include <openssl/obj.h>
|
||||
|
||||
#include "../internal.h"
|
||||
|
||||
|
||||
int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
|
||||
{
|
||||
unsigned char *p, *allocated = NULL;
|
||||
int objsize;
|
||||
|
||||
if ((a == NULL) || (a->data == NULL))
|
||||
return (0);
|
||||
|
||||
objsize = ASN1_object_size(0, a->length, V_ASN1_OBJECT);
|
||||
if (pp == NULL || objsize == -1)
|
||||
return objsize;
|
||||
|
||||
if (*pp == NULL) {
|
||||
if ((p = allocated = OPENSSL_malloc(objsize)) == NULL) {
|
||||
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
|
||||
return 0;
|
||||
}
|
||||
} else {
|
||||
p = *pp;
|
||||
}
|
||||
|
||||
ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL);
|
||||
OPENSSL_memcpy(p, a->data, a->length);
|
||||
|
||||
/*
|
||||
* If a new buffer was allocated, just return it back.
|
||||
* If not, return the incremented buffer pointer.
|
||||
*/
|
||||
*pp = allocated != NULL ? allocated : p + a->length;
|
||||
return objsize;
|
||||
}
|
||||
|
||||
int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a)
|
||||
{
|
||||
return OBJ_obj2txt(buf, buf_len, a, 0);
|
||||
}
|
||||
|
||||
int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
|
||||
{
|
||||
char buf[80], *p = buf;
|
||||
int i;
|
||||
|
||||
if ((a == NULL) || (a->data == NULL))
|
||||
return (BIO_write(bp, "NULL", 4));
|
||||
i = i2t_ASN1_OBJECT(buf, sizeof buf, a);
|
||||
if (i > (int)(sizeof(buf) - 1)) {
|
||||
p = OPENSSL_malloc(i + 1);
|
||||
if (!p)
|
||||
return -1;
|
||||
i2t_ASN1_OBJECT(p, i + 1, a);
|
||||
}
|
||||
if (i <= 0)
|
||||
return BIO_write(bp, "<INVALID>", 9);
|
||||
BIO_write(bp, p, i);
|
||||
if (p != buf)
|
||||
OPENSSL_free(p);
|
||||
return (i);
|
||||
}
|
||||
|
||||
ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
|
||||
long length)
|
||||
{
|
||||
const unsigned char *p;
|
||||
long len;
|
||||
int tag, xclass;
|
||||
int inf, i;
|
||||
ASN1_OBJECT *ret = NULL;
|
||||
p = *pp;
|
||||
inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
|
||||
if (inf & 0x80) {
|
||||
i = ASN1_R_BAD_OBJECT_HEADER;
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (tag != V_ASN1_OBJECT) {
|
||||
i = ASN1_R_EXPECTING_AN_OBJECT;
|
||||
goto err;
|
||||
}
|
||||
ret = c2i_ASN1_OBJECT(a, &p, len);
|
||||
if (ret)
|
||||
*pp = p;
|
||||
return ret;
|
||||
err:
|
||||
OPENSSL_PUT_ERROR(ASN1, i);
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
|
||||
long len)
|
||||
{
|
||||
ASN1_OBJECT *ret = NULL;
|
||||
const unsigned char *p;
|
||||
unsigned char *data;
|
||||
int i, length;
|
||||
|
||||
/*
|
||||
* Sanity check OID encoding. Need at least one content octet. MSB must
|
||||
* be clear in the last octet. can't have leading 0x80 in subidentifiers,
|
||||
* see: X.690 8.19.2
|
||||
*/
|
||||
if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL ||
|
||||
p[len - 1] & 0x80) {
|
||||
OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_OBJECT_ENCODING);
|
||||
return NULL;
|
||||
}
|
||||
/* Now 0 < len <= INT_MAX, so the cast is safe. */
|
||||
length = (int)len;
|
||||
for (i = 0; i < length; i++, p++) {
|
||||
if (*p == 0x80 && (!i || !(p[-1] & 0x80))) {
|
||||
OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_OBJECT_ENCODING);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* only the ASN1_OBJECTs from the 'table' will have values for ->sn or
|
||||
* ->ln
|
||||
*/
|
||||
if ((a == NULL) || ((*a) == NULL) ||
|
||||
!((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) {
|
||||
if ((ret = ASN1_OBJECT_new()) == NULL)
|
||||
return (NULL);
|
||||
} else
|
||||
ret = (*a);
|
||||
|
||||
p = *pp;
|
||||
/* detach data from object */
|
||||
data = (unsigned char *)ret->data;
|
||||
ret->data = NULL;
|
||||
/* once detached we can change it */
|
||||
if ((data == NULL) || (ret->length < length)) {
|
||||
ret->length = 0;
|
||||
if (data != NULL)
|
||||
OPENSSL_free(data);
|
||||
data = (unsigned char *)OPENSSL_malloc(length);
|
||||
if (data == NULL) {
|
||||
i = ERR_R_MALLOC_FAILURE;
|
||||
goto err;
|
||||
}
|
||||
ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA;
|
||||
}
|
||||
OPENSSL_memcpy(data, p, length);
|
||||
/* reattach data to object, after which it remains const */
|
||||
ret->data = data;
|
||||
ret->length = length;
|
||||
ret->sn = NULL;
|
||||
ret->ln = NULL;
|
||||
/* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */
|
||||
p += length;
|
||||
|
||||
if (a != NULL)
|
||||
(*a) = ret;
|
||||
*pp = p;
|
||||
return (ret);
|
||||
err:
|
||||
OPENSSL_PUT_ERROR(ASN1, i);
|
||||
if ((ret != NULL) && ((a == NULL) || (*a != ret)))
|
||||
ASN1_OBJECT_free(ret);
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
ASN1_OBJECT *ASN1_OBJECT_new(void)
|
||||
{
|
||||
ASN1_OBJECT *ret;
|
||||
|
||||
ret = (ASN1_OBJECT *)OPENSSL_malloc(sizeof(ASN1_OBJECT));
|
||||
if (ret == NULL) {
|
||||
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
|
||||
return (NULL);
|
||||
}
|
||||
ret->length = 0;
|
||||
ret->data = NULL;
|
||||
ret->nid = 0;
|
||||
ret->sn = NULL;
|
||||
ret->ln = NULL;
|
||||
ret->flags = ASN1_OBJECT_FLAG_DYNAMIC;
|
||||
return (ret);
|
||||
}
|
||||
|
||||
void ASN1_OBJECT_free(ASN1_OBJECT *a)
|
||||
{
|
||||
if (a == NULL)
|
||||
return;
|
||||
if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) {
|
||||
#ifndef CONST_STRICT /* disable purely for compile-time strict
|
||||
* const checking. Doing this on a "real"
|
||||
* compile will cause memory leaks */
|
||||
if (a->sn != NULL)
|
||||
OPENSSL_free((void *)a->sn);
|
||||
if (a->ln != NULL)
|
||||
OPENSSL_free((void *)a->ln);
|
||||
#endif
|
||||
a->sn = a->ln = NULL;
|
||||
}
|
||||
if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) {
|
||||
if (a->data != NULL)
|
||||
OPENSSL_free((void *)a->data);
|
||||
a->data = NULL;
|
||||
a->length = 0;
|
||||
}
|
||||
if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC)
|
||||
OPENSSL_free(a);
|
||||
}
|
||||
|
||||
ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
|
||||
const char *sn, const char *ln)
|
||||
{
|
||||
ASN1_OBJECT o;
|
||||
|
||||
o.sn = sn;
|
||||
o.ln = ln;
|
||||
o.data = data;
|
||||
o.nid = nid;
|
||||
o.length = len;
|
||||
o.flags = ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS |
|
||||
ASN1_OBJECT_FLAG_DYNAMIC_DATA;
|
||||
return (OBJ_dup(&o));
|
||||
}
|
||||
77
third-party/boringssl/src/crypto/asn1/a_octet.c
vendored
Normal file
77
third-party/boringssl/src/crypto/asn1/a_octet.c
vendored
Normal file
|
|
@ -0,0 +1,77 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/mem.h>
|
||||
|
||||
ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *x)
|
||||
{
|
||||
return M_ASN1_OCTET_STRING_dup(x);
|
||||
}
|
||||
|
||||
int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a,
|
||||
const ASN1_OCTET_STRING *b)
|
||||
{
|
||||
return M_ASN1_OCTET_STRING_cmp(a, b);
|
||||
}
|
||||
|
||||
int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d,
|
||||
int len)
|
||||
{
|
||||
return M_ASN1_OCTET_STRING_set(x, d, len);
|
||||
}
|
||||
93
third-party/boringssl/src/crypto/asn1/a_print.c
vendored
Normal file
93
third-party/boringssl/src/crypto/asn1/a_print.c
vendored
Normal file
|
|
@ -0,0 +1,93 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/mem.h>
|
||||
|
||||
int ASN1_PRINTABLE_type(const unsigned char *s, int len)
|
||||
{
|
||||
int c;
|
||||
int ia5 = 0;
|
||||
int t61 = 0;
|
||||
|
||||
if (len <= 0)
|
||||
len = -1;
|
||||
if (s == NULL)
|
||||
return (V_ASN1_PRINTABLESTRING);
|
||||
|
||||
while ((*s) && (len-- != 0)) {
|
||||
c = *(s++);
|
||||
if (!(((c >= 'a') && (c <= 'z')) ||
|
||||
((c >= 'A') && (c <= 'Z')) ||
|
||||
(c == ' ') ||
|
||||
((c >= '0') && (c <= '9')) ||
|
||||
(c == ' ') || (c == '\'') ||
|
||||
(c == '(') || (c == ')') ||
|
||||
(c == '+') || (c == ',') ||
|
||||
(c == '-') || (c == '.') ||
|
||||
(c == '/') || (c == ':') || (c == '=') || (c == '?')))
|
||||
ia5 = 1;
|
||||
if (c & 0x80)
|
||||
t61 = 1;
|
||||
}
|
||||
if (t61)
|
||||
return (V_ASN1_T61STRING);
|
||||
if (ia5)
|
||||
return (V_ASN1_IA5STRING);
|
||||
return (V_ASN1_PRINTABLESTRING);
|
||||
}
|
||||
313
third-party/boringssl/src/crypto/asn1/a_strnid.c
vendored
Normal file
313
third-party/boringssl/src/crypto/asn1/a_strnid.c
vendored
Normal file
|
|
@ -0,0 +1,313 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
#include <stdlib.h> /* For bsearch */
|
||||
#include <string.h>
|
||||
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/mem.h>
|
||||
#include <openssl/obj.h>
|
||||
#include <openssl/stack.h>
|
||||
|
||||
DEFINE_STACK_OF(ASN1_STRING_TABLE)
|
||||
|
||||
static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
|
||||
static void st_free(ASN1_STRING_TABLE *tbl);
|
||||
|
||||
/*
|
||||
* This is the global mask for the mbstring functions: this is use to mask
|
||||
* out certain types (such as BMPString and UTF8String) because certain
|
||||
* software (e.g. Netscape) has problems with them.
|
||||
*/
|
||||
|
||||
static unsigned long global_mask = B_ASN1_UTF8STRING;
|
||||
|
||||
void ASN1_STRING_set_default_mask(unsigned long mask)
|
||||
{
|
||||
global_mask = mask;
|
||||
}
|
||||
|
||||
unsigned long ASN1_STRING_get_default_mask(void)
|
||||
{
|
||||
return global_mask;
|
||||
}
|
||||
|
||||
/*
|
||||
* This function sets the default to various "flavours" of configuration.
|
||||
* based on an ASCII string. Currently this is: MASK:XXXX : a numerical mask
|
||||
* value. nobmp : Don't use BMPStrings (just Printable, T61). pkix : PKIX
|
||||
* recommendation in RFC2459. utf8only : only use UTF8Strings (RFC2459
|
||||
* recommendation for 2004). default: the default value, Printable, T61, BMP.
|
||||
*/
|
||||
|
||||
int ASN1_STRING_set_default_mask_asc(const char *p)
|
||||
{
|
||||
unsigned long mask;
|
||||
char *end;
|
||||
if (!strncmp(p, "MASK:", 5)) {
|
||||
if (!p[5])
|
||||
return 0;
|
||||
mask = strtoul(p + 5, &end, 0);
|
||||
if (*end)
|
||||
return 0;
|
||||
} else if (!strcmp(p, "nombstr"))
|
||||
mask = ~((unsigned long)(B_ASN1_BMPSTRING | B_ASN1_UTF8STRING));
|
||||
else if (!strcmp(p, "pkix"))
|
||||
mask = ~((unsigned long)B_ASN1_T61STRING);
|
||||
else if (!strcmp(p, "utf8only"))
|
||||
mask = B_ASN1_UTF8STRING;
|
||||
else if (!strcmp(p, "default"))
|
||||
mask = 0xFFFFFFFFL;
|
||||
else
|
||||
return 0;
|
||||
ASN1_STRING_set_default_mask(mask);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* The following function generates an ASN1_STRING based on limits in a
|
||||
* table. Frequently the types and length of an ASN1_STRING are restricted by
|
||||
* a corresponding OID. For example certificates and certificate requests.
|
||||
*/
|
||||
|
||||
ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,
|
||||
const unsigned char *in, int inlen,
|
||||
int inform, int nid)
|
||||
{
|
||||
ASN1_STRING_TABLE *tbl;
|
||||
ASN1_STRING *str = NULL;
|
||||
unsigned long mask;
|
||||
int ret;
|
||||
if (!out)
|
||||
out = &str;
|
||||
tbl = ASN1_STRING_TABLE_get(nid);
|
||||
if (tbl) {
|
||||
mask = tbl->mask;
|
||||
if (!(tbl->flags & STABLE_NO_MASK))
|
||||
mask &= global_mask;
|
||||
ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask,
|
||||
tbl->minsize, tbl->maxsize);
|
||||
} else
|
||||
ret =
|
||||
ASN1_mbstring_copy(out, in, inlen, inform,
|
||||
DIRSTRING_TYPE & global_mask);
|
||||
if (ret <= 0)
|
||||
return NULL;
|
||||
return *out;
|
||||
}
|
||||
|
||||
/*
|
||||
* Now the tables and helper functions for the string table:
|
||||
*/
|
||||
|
||||
/* size limits: this stuff is taken straight from RFC3280 */
|
||||
|
||||
#define ub_name 32768
|
||||
#define ub_common_name 64
|
||||
#define ub_locality_name 128
|
||||
#define ub_state_name 128
|
||||
#define ub_organization_name 64
|
||||
#define ub_organization_unit_name 64
|
||||
#define ub_title 64
|
||||
#define ub_email_address 128
|
||||
#define ub_serial_number 64
|
||||
|
||||
/* This table must be kept in NID order */
|
||||
|
||||
static const ASN1_STRING_TABLE tbl_standard[] = {
|
||||
{NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0},
|
||||
{NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
|
||||
{NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0},
|
||||
{NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0},
|
||||
{NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0},
|
||||
{NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE,
|
||||
0},
|
||||
{NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING,
|
||||
STABLE_NO_MASK},
|
||||
{NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0},
|
||||
{NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0},
|
||||
{NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0},
|
||||
{NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0},
|
||||
{NID_surname, 1, ub_name, DIRSTRING_TYPE, 0},
|
||||
{NID_initials, 1, ub_name, DIRSTRING_TYPE, 0},
|
||||
{NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING,
|
||||
STABLE_NO_MASK},
|
||||
{NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
|
||||
{NID_name, 1, ub_name, DIRSTRING_TYPE, 0},
|
||||
{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
|
||||
{NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
|
||||
{NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}
|
||||
};
|
||||
|
||||
static int sk_table_cmp(const ASN1_STRING_TABLE **a,
|
||||
const ASN1_STRING_TABLE **b)
|
||||
{
|
||||
return (*a)->nid - (*b)->nid;
|
||||
}
|
||||
|
||||
static int table_cmp(const void *in_a, const void *in_b)
|
||||
{
|
||||
const ASN1_STRING_TABLE *a = in_a;
|
||||
const ASN1_STRING_TABLE *b = in_b;
|
||||
return a->nid - b->nid;
|
||||
}
|
||||
|
||||
ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
|
||||
{
|
||||
int found;
|
||||
size_t idx;
|
||||
ASN1_STRING_TABLE *ttmp;
|
||||
ASN1_STRING_TABLE fnd;
|
||||
fnd.nid = nid;
|
||||
|
||||
ttmp =
|
||||
bsearch(&fnd, tbl_standard,
|
||||
sizeof(tbl_standard) / sizeof(ASN1_STRING_TABLE),
|
||||
sizeof(ASN1_STRING_TABLE), table_cmp);
|
||||
if (ttmp)
|
||||
return ttmp;
|
||||
if (!stable)
|
||||
return NULL;
|
||||
sk_ASN1_STRING_TABLE_sort(stable);
|
||||
found = sk_ASN1_STRING_TABLE_find(stable, &idx, &fnd);
|
||||
if (!found)
|
||||
return NULL;
|
||||
return sk_ASN1_STRING_TABLE_value(stable, idx);
|
||||
}
|
||||
|
||||
int ASN1_STRING_TABLE_add(int nid,
|
||||
long minsize, long maxsize, unsigned long mask,
|
||||
unsigned long flags)
|
||||
{
|
||||
ASN1_STRING_TABLE *tmp;
|
||||
char new_nid = 0;
|
||||
flags &= ~STABLE_FLAGS_MALLOC;
|
||||
if (!stable)
|
||||
stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp);
|
||||
if (!stable) {
|
||||
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
|
||||
return 0;
|
||||
}
|
||||
if (!(tmp = ASN1_STRING_TABLE_get(nid))) {
|
||||
tmp = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE));
|
||||
if (!tmp) {
|
||||
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
|
||||
return 0;
|
||||
}
|
||||
tmp->flags = flags | STABLE_FLAGS_MALLOC;
|
||||
tmp->nid = nid;
|
||||
tmp->minsize = tmp->maxsize = -1;
|
||||
new_nid = 1;
|
||||
} else
|
||||
tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags;
|
||||
if (minsize != -1)
|
||||
tmp->minsize = minsize;
|
||||
if (maxsize != -1)
|
||||
tmp->maxsize = maxsize;
|
||||
tmp->mask = mask;
|
||||
if (new_nid)
|
||||
sk_ASN1_STRING_TABLE_push(stable, tmp);
|
||||
return 1;
|
||||
}
|
||||
|
||||
void ASN1_STRING_TABLE_cleanup(void)
|
||||
{
|
||||
STACK_OF(ASN1_STRING_TABLE) *tmp;
|
||||
tmp = stable;
|
||||
if (!tmp)
|
||||
return;
|
||||
stable = NULL;
|
||||
sk_ASN1_STRING_TABLE_pop_free(tmp, st_free);
|
||||
}
|
||||
|
||||
static void st_free(ASN1_STRING_TABLE *tbl)
|
||||
{
|
||||
if (tbl->flags & STABLE_FLAGS_MALLOC)
|
||||
OPENSSL_free(tbl);
|
||||
}
|
||||
|
||||
#ifdef STRING_TABLE_TEST
|
||||
|
||||
int main(void)
|
||||
{
|
||||
ASN1_STRING_TABLE *tmp;
|
||||
int i, last_nid = -1;
|
||||
|
||||
for (tmp = tbl_standard, i = 0;
|
||||
i < sizeof(tbl_standard) / sizeof(ASN1_STRING_TABLE); i++, tmp++) {
|
||||
if (tmp->nid < last_nid) {
|
||||
last_nid = 0;
|
||||
break;
|
||||
}
|
||||
last_nid = tmp->nid;
|
||||
}
|
||||
|
||||
if (last_nid != 0) {
|
||||
printf("Table order OK\n");
|
||||
exit(0);
|
||||
}
|
||||
|
||||
for (tmp = tbl_standard, i = 0;
|
||||
i < sizeof(tbl_standard) / sizeof(ASN1_STRING_TABLE); i++, tmp++)
|
||||
printf("Index %d, NID %d, Name=%s\n", i, tmp->nid,
|
||||
OBJ_nid2ln(tmp->nid));
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif
|
||||
212
third-party/boringssl/src/crypto/asn1/a_time.c
vendored
Normal file
212
third-party/boringssl/src/crypto/asn1/a_time.c
vendored
Normal file
|
|
@ -0,0 +1,212 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
#include <string.h>
|
||||
#include <time.h>
|
||||
|
||||
#include <openssl/asn1t.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/mem.h>
|
||||
|
||||
#include "asn1_locl.h"
|
||||
|
||||
/*
|
||||
* This is an implementation of the ASN1 Time structure which is: Time ::=
|
||||
* CHOICE { utcTime UTCTime, generalTime GeneralizedTime } written by Steve
|
||||
* Henson.
|
||||
*/
|
||||
|
||||
IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)
|
||||
|
||||
IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME)
|
||||
|
||||
ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
|
||||
{
|
||||
return ASN1_TIME_adj(s, t, 0, 0);
|
||||
}
|
||||
|
||||
ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t,
|
||||
int offset_day, long offset_sec)
|
||||
{
|
||||
struct tm *ts;
|
||||
struct tm data;
|
||||
|
||||
ts = OPENSSL_gmtime(&t, &data);
|
||||
if (ts == NULL) {
|
||||
OPENSSL_PUT_ERROR(ASN1, ASN1_R_ERROR_GETTING_TIME);
|
||||
return NULL;
|
||||
}
|
||||
if (offset_day || offset_sec) {
|
||||
if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
|
||||
return NULL;
|
||||
}
|
||||
if ((ts->tm_year >= 50) && (ts->tm_year < 150))
|
||||
return ASN1_UTCTIME_adj(s, t, offset_day, offset_sec);
|
||||
return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec);
|
||||
}
|
||||
|
||||
int ASN1_TIME_check(ASN1_TIME *t)
|
||||
{
|
||||
if (t->type == V_ASN1_GENERALIZEDTIME)
|
||||
return ASN1_GENERALIZEDTIME_check(t);
|
||||
else if (t->type == V_ASN1_UTCTIME)
|
||||
return ASN1_UTCTIME_check(t);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Convert an ASN1_TIME structure to GeneralizedTime */
|
||||
ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t,
|
||||
ASN1_GENERALIZEDTIME **out)
|
||||
{
|
||||
ASN1_GENERALIZEDTIME *ret = NULL;
|
||||
char *str;
|
||||
int newlen;
|
||||
|
||||
if (!ASN1_TIME_check(t))
|
||||
return NULL;
|
||||
|
||||
if (!out || !*out) {
|
||||
if (!(ret = ASN1_GENERALIZEDTIME_new()))
|
||||
goto err;
|
||||
} else {
|
||||
ret = *out;
|
||||
}
|
||||
|
||||
/* If already GeneralizedTime just copy across */
|
||||
if (t->type == V_ASN1_GENERALIZEDTIME) {
|
||||
if (!ASN1_STRING_set(ret, t->data, t->length))
|
||||
goto err;
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* grow the string */
|
||||
if (!ASN1_STRING_set(ret, NULL, t->length + 2))
|
||||
goto err;
|
||||
/* ASN1_STRING_set() allocated 'len + 1' bytes. */
|
||||
newlen = t->length + 2 + 1;
|
||||
str = (char *)ret->data;
|
||||
/* Work out the century and prepend */
|
||||
if (t->data[0] >= '5')
|
||||
OPENSSL_strlcpy(str, "19", newlen);
|
||||
else
|
||||
OPENSSL_strlcpy(str, "20", newlen);
|
||||
|
||||
OPENSSL_strlcat(str, (char *)t->data, newlen);
|
||||
|
||||
done:
|
||||
if (out != NULL && *out == NULL)
|
||||
*out = ret;
|
||||
return ret;
|
||||
|
||||
err:
|
||||
if (out == NULL || *out != ret)
|
||||
ASN1_GENERALIZEDTIME_free(ret);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
int ASN1_TIME_set_string(ASN1_TIME *s, const char *str)
|
||||
{
|
||||
ASN1_TIME t;
|
||||
|
||||
t.length = strlen(str);
|
||||
t.data = (unsigned char *)str;
|
||||
t.flags = 0;
|
||||
|
||||
t.type = V_ASN1_UTCTIME;
|
||||
|
||||
if (!ASN1_TIME_check(&t)) {
|
||||
t.type = V_ASN1_GENERALIZEDTIME;
|
||||
if (!ASN1_TIME_check(&t))
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (s && !ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t))
|
||||
return 0;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *t)
|
||||
{
|
||||
if (t == NULL) {
|
||||
time_t now_t;
|
||||
time(&now_t);
|
||||
if (OPENSSL_gmtime(&now_t, tm))
|
||||
return 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (t->type == V_ASN1_UTCTIME)
|
||||
return asn1_utctime_to_tm(tm, t);
|
||||
else if (t->type == V_ASN1_GENERALIZEDTIME)
|
||||
return asn1_generalizedtime_to_tm(tm, t);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int ASN1_TIME_diff(int *pday, int *psec,
|
||||
const ASN1_TIME *from, const ASN1_TIME *to)
|
||||
{
|
||||
struct tm tm_from, tm_to;
|
||||
if (!asn1_time_to_tm(&tm_from, from))
|
||||
return 0;
|
||||
if (!asn1_time_to_tm(&tm_to, to))
|
||||
return 0;
|
||||
return OPENSSL_gmtime_diff(pday, psec, &tm_from, &tm_to);
|
||||
}
|
||||
151
third-party/boringssl/src/crypto/asn1/a_type.c
vendored
Normal file
151
third-party/boringssl/src/crypto/asn1/a_type.c
vendored
Normal file
|
|
@ -0,0 +1,151 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
#include <openssl/asn1t.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/mem.h>
|
||||
#include <openssl/obj.h>
|
||||
|
||||
int ASN1_TYPE_get(ASN1_TYPE *a)
|
||||
{
|
||||
if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL))
|
||||
return (a->type);
|
||||
else
|
||||
return (0);
|
||||
}
|
||||
|
||||
void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
|
||||
{
|
||||
if (a->value.ptr != NULL) {
|
||||
ASN1_TYPE **tmp_a = &a;
|
||||
ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL);
|
||||
}
|
||||
a->type = type;
|
||||
if (type == V_ASN1_BOOLEAN)
|
||||
a->value.boolean = value ? 0xff : 0;
|
||||
else
|
||||
a->value.ptr = value;
|
||||
}
|
||||
|
||||
int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value)
|
||||
{
|
||||
if (!value || (type == V_ASN1_BOOLEAN)) {
|
||||
void *p = (void *)value;
|
||||
ASN1_TYPE_set(a, type, p);
|
||||
} else if (type == V_ASN1_OBJECT) {
|
||||
ASN1_OBJECT *odup;
|
||||
odup = OBJ_dup(value);
|
||||
if (!odup)
|
||||
return 0;
|
||||
ASN1_TYPE_set(a, type, odup);
|
||||
} else {
|
||||
ASN1_STRING *sdup;
|
||||
sdup = ASN1_STRING_dup(value);
|
||||
if (!sdup)
|
||||
return 0;
|
||||
ASN1_TYPE_set(a, type, sdup);
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* Returns 0 if they are equal, != 0 otherwise. */
|
||||
int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b)
|
||||
{
|
||||
int result = -1;
|
||||
|
||||
if (!a || !b || a->type != b->type)
|
||||
return -1;
|
||||
|
||||
switch (a->type) {
|
||||
case V_ASN1_OBJECT:
|
||||
result = OBJ_cmp(a->value.object, b->value.object);
|
||||
break;
|
||||
case V_ASN1_NULL:
|
||||
result = 0; /* They do not have content. */
|
||||
break;
|
||||
case V_ASN1_BOOLEAN:
|
||||
result = a->value.boolean - b->value.boolean;
|
||||
break;
|
||||
case V_ASN1_INTEGER:
|
||||
case V_ASN1_ENUMERATED:
|
||||
case V_ASN1_BIT_STRING:
|
||||
case V_ASN1_OCTET_STRING:
|
||||
case V_ASN1_SEQUENCE:
|
||||
case V_ASN1_SET:
|
||||
case V_ASN1_NUMERICSTRING:
|
||||
case V_ASN1_PRINTABLESTRING:
|
||||
case V_ASN1_T61STRING:
|
||||
case V_ASN1_VIDEOTEXSTRING:
|
||||
case V_ASN1_IA5STRING:
|
||||
case V_ASN1_UTCTIME:
|
||||
case V_ASN1_GENERALIZEDTIME:
|
||||
case V_ASN1_GRAPHICSTRING:
|
||||
case V_ASN1_VISIBLESTRING:
|
||||
case V_ASN1_GENERALSTRING:
|
||||
case V_ASN1_UNIVERSALSTRING:
|
||||
case V_ASN1_BMPSTRING:
|
||||
case V_ASN1_UTF8STRING:
|
||||
case V_ASN1_OTHER:
|
||||
default:
|
||||
result = ASN1_STRING_cmp((ASN1_STRING *)a->value.ptr,
|
||||
(ASN1_STRING *)b->value.ptr);
|
||||
break;
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
303
third-party/boringssl/src/crypto/asn1/a_utctm.c
vendored
Normal file
303
third-party/boringssl/src/crypto/asn1/a_utctm.c
vendored
Normal file
|
|
@ -0,0 +1,303 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
#include <string.h>
|
||||
#include <time.h>
|
||||
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/mem.h>
|
||||
|
||||
#include "asn1_locl.h"
|
||||
|
||||
|
||||
int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d)
|
||||
{
|
||||
static const int min[8] = { 0, 1, 1, 0, 0, 0, 0, 0 };
|
||||
static const int max[8] = { 99, 12, 31, 23, 59, 59, 12, 59 };
|
||||
char *a;
|
||||
int n, i, l, o;
|
||||
|
||||
if (d->type != V_ASN1_UTCTIME)
|
||||
return (0);
|
||||
l = d->length;
|
||||
a = (char *)d->data;
|
||||
o = 0;
|
||||
|
||||
if (l < 11)
|
||||
goto err;
|
||||
for (i = 0; i < 6; i++) {
|
||||
if ((i == 5) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) {
|
||||
i++;
|
||||
if (tm)
|
||||
tm->tm_sec = 0;
|
||||
break;
|
||||
}
|
||||
if ((a[o] < '0') || (a[o] > '9'))
|
||||
goto err;
|
||||
n = a[o] - '0';
|
||||
if (++o > l)
|
||||
goto err;
|
||||
|
||||
if ((a[o] < '0') || (a[o] > '9'))
|
||||
goto err;
|
||||
n = (n * 10) + a[o] - '0';
|
||||
if (++o > l)
|
||||
goto err;
|
||||
|
||||
if ((n < min[i]) || (n > max[i]))
|
||||
goto err;
|
||||
if (tm) {
|
||||
switch (i) {
|
||||
case 0:
|
||||
tm->tm_year = n < 50 ? n + 100 : n;
|
||||
break;
|
||||
case 1:
|
||||
tm->tm_mon = n - 1;
|
||||
break;
|
||||
case 2:
|
||||
tm->tm_mday = n;
|
||||
break;
|
||||
case 3:
|
||||
tm->tm_hour = n;
|
||||
break;
|
||||
case 4:
|
||||
tm->tm_min = n;
|
||||
break;
|
||||
case 5:
|
||||
tm->tm_sec = n;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (a[o] == 'Z')
|
||||
o++;
|
||||
else if ((a[o] == '+') || (a[o] == '-')) {
|
||||
int offsign = a[o] == '-' ? 1 : -1, offset = 0;
|
||||
o++;
|
||||
if (o + 4 > l)
|
||||
goto err;
|
||||
for (i = 6; i < 8; i++) {
|
||||
if ((a[o] < '0') || (a[o] > '9'))
|
||||
goto err;
|
||||
n = a[o] - '0';
|
||||
o++;
|
||||
if ((a[o] < '0') || (a[o] > '9'))
|
||||
goto err;
|
||||
n = (n * 10) + a[o] - '0';
|
||||
if ((n < min[i]) || (n > max[i]))
|
||||
goto err;
|
||||
if (tm) {
|
||||
if (i == 6)
|
||||
offset = n * 3600;
|
||||
else if (i == 7)
|
||||
offset += n * 60;
|
||||
}
|
||||
o++;
|
||||
}
|
||||
if (offset && !OPENSSL_gmtime_adj(tm, 0, offset * offsign))
|
||||
return 0;
|
||||
}
|
||||
return o == l;
|
||||
err:
|
||||
return 0;
|
||||
}
|
||||
|
||||
int ASN1_UTCTIME_check(const ASN1_UTCTIME *d)
|
||||
{
|
||||
return asn1_utctime_to_tm(NULL, d);
|
||||
}
|
||||
|
||||
int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str)
|
||||
{
|
||||
ASN1_UTCTIME t;
|
||||
|
||||
t.type = V_ASN1_UTCTIME;
|
||||
t.length = strlen(str);
|
||||
t.data = (unsigned char *)str;
|
||||
if (ASN1_UTCTIME_check(&t)) {
|
||||
if (s != NULL) {
|
||||
if (!ASN1_STRING_set((ASN1_STRING *)s,
|
||||
(unsigned char *)str, t.length))
|
||||
return 0;
|
||||
s->type = V_ASN1_UTCTIME;
|
||||
}
|
||||
return (1);
|
||||
} else
|
||||
return (0);
|
||||
}
|
||||
|
||||
ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
|
||||
{
|
||||
return ASN1_UTCTIME_adj(s, t, 0, 0);
|
||||
}
|
||||
|
||||
ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
|
||||
int offset_day, long offset_sec)
|
||||
{
|
||||
char *p;
|
||||
struct tm *ts;
|
||||
struct tm data;
|
||||
size_t len = 20;
|
||||
int free_s = 0;
|
||||
|
||||
if (s == NULL) {
|
||||
free_s = 1;
|
||||
s = M_ASN1_UTCTIME_new();
|
||||
}
|
||||
if (s == NULL)
|
||||
goto err;
|
||||
|
||||
ts = OPENSSL_gmtime(&t, &data);
|
||||
if (ts == NULL)
|
||||
goto err;
|
||||
|
||||
if (offset_day || offset_sec) {
|
||||
if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
|
||||
goto err;
|
||||
}
|
||||
|
||||
if ((ts->tm_year < 50) || (ts->tm_year >= 150))
|
||||
goto err;
|
||||
|
||||
p = (char *)s->data;
|
||||
if ((p == NULL) || ((size_t)s->length < len)) {
|
||||
p = OPENSSL_malloc(len);
|
||||
if (p == NULL) {
|
||||
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
if (s->data != NULL)
|
||||
OPENSSL_free(s->data);
|
||||
s->data = (unsigned char *)p;
|
||||
}
|
||||
|
||||
BIO_snprintf(p, len, "%02d%02d%02d%02d%02d%02dZ", ts->tm_year % 100,
|
||||
ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min,
|
||||
ts->tm_sec);
|
||||
s->length = strlen(p);
|
||||
s->type = V_ASN1_UTCTIME;
|
||||
return (s);
|
||||
err:
|
||||
if (free_s && s)
|
||||
M_ASN1_UTCTIME_free(s);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
|
||||
{
|
||||
struct tm stm, ttm;
|
||||
int day, sec;
|
||||
|
||||
if (!asn1_utctime_to_tm(&stm, s))
|
||||
return -2;
|
||||
|
||||
if (!OPENSSL_gmtime(&t, &ttm))
|
||||
return -2;
|
||||
|
||||
if (!OPENSSL_gmtime_diff(&day, &sec, &ttm, &stm))
|
||||
return -2;
|
||||
|
||||
if (day > 0)
|
||||
return 1;
|
||||
if (day < 0)
|
||||
return -1;
|
||||
if (sec > 0)
|
||||
return 1;
|
||||
if (sec < 0)
|
||||
return -1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
#if 0
|
||||
time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s)
|
||||
{
|
||||
struct tm tm;
|
||||
int offset;
|
||||
|
||||
OPENSSL_memset(&tm, '\0', sizeof tm);
|
||||
|
||||
# define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
|
||||
tm.tm_year = g2(s->data);
|
||||
if (tm.tm_year < 50)
|
||||
tm.tm_year += 100;
|
||||
tm.tm_mon = g2(s->data + 2) - 1;
|
||||
tm.tm_mday = g2(s->data + 4);
|
||||
tm.tm_hour = g2(s->data + 6);
|
||||
tm.tm_min = g2(s->data + 8);
|
||||
tm.tm_sec = g2(s->data + 10);
|
||||
if (s->data[12] == 'Z')
|
||||
offset = 0;
|
||||
else {
|
||||
offset = g2(s->data + 13) * 60 + g2(s->data + 15);
|
||||
if (s->data[12] == '-')
|
||||
offset = -offset;
|
||||
}
|
||||
# undef g2
|
||||
|
||||
return mktime(&tm) - offset * 60; /* FIXME: mktime assumes the current
|
||||
* timezone instead of UTC, and unless
|
||||
* we rewrite OpenSSL in Lisp we cannot
|
||||
* locally change the timezone without
|
||||
* possibly interfering with other
|
||||
* parts of the program. timegm, which
|
||||
* uses UTC, is non-standard. Also
|
||||
* time_t is inappropriate for general
|
||||
* UTC times because it may a 32 bit
|
||||
* type. */
|
||||
}
|
||||
#endif
|
||||
Some files were not shown because too many files have changed in this diff Show more
Loading…
Add table
Add a link
Reference in a new issue