external/srs
1
0
Fork 0
mirror of https://github.com/ossrs/srs.git synced 2025-03-09 15:49:59 +00:00
Code Issues Releases Wiki Activity

AppleM1: Update openssl to v1.1.1l

Browse source
This commit is contained in:
winlin 2022-08-14 19:05:01 +08:00
parent 1fe12b8e8c
commit b787656eea
990 changed files with 13406 additions and 18710 deletions
Download patch file Download diff file Expand all files Collapse all files

2
trunk/3rdparty/openssl-1.1-fit/crypto/bn/README.pod vendored
View file

@ -188,7 +188,7 @@ B<a> and the 2*B<n> word arrays B<tmp> and B<r>.
The implementations use the following macros which, depending on the
architecture, may use "long long" C operations or inline assembler.
They are defined in C<bn_lcl.h>.
They are defined in C<bn_local.h>.
mul(B<r>, B<a>, B<w>, B<c>) computes B<w>*B<a>+B<c> and places the
low word of the result in B<r> and the high word in B<c>.

4
trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/alpha-mont.pl vendored
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -325,4 +325,4 @@ bn_mul_mont:
___
print $code;
close STDOUT;
close STDOUT or die "error closing STDOUT: $!";

4
trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/armv4-gf2m.pl vendored
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -329,4 +329,4 @@ foreach (split("\n",$code)) {
print $_,"\n";
}
close STDOUT; # enforce flush
close STDOUT or die "error closing STDOUT: $!"; # enforce flush

4
trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/armv4-mont.pl vendored
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -754,4 +754,4 @@ foreach (split("\n",$code)) {
print $_,"\n";
}
close STDOUT;
close STDOUT or die "error closing STDOUT: $!";

4
trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/armv8-mont.pl vendored
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -1511,4 +1511,4 @@ ___
print $code;
close STDOUT;
close STDOUT or die "error closing STDOUT: $!";

4
trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/bn-586.pl vendored
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -31,7 +31,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
&asm_finish();
close STDOUT;
close STDOUT or die "error closing STDOUT: $!";
sub bn_mul_add_words
{

4
trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/c64xplus-gf2m.pl vendored
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -157,4 +157,4 @@ $code.=<<___;
___
print $code;
close STDOUT;
close STDOUT or die "error closing STDOUT: $!";

12
trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/co-586.pl vendored
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -22,7 +22,7 @@ open STDOUT,">$output";
&asm_finish();
close STDOUT;
close STDOUT or die "error closing STDOUT: $!";
sub mul_add_c
{
@ -39,17 +39,17 @@ sub mul_add_c
&mul("edx");
&add($c0,"eax");
&mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0; # laod next a
&mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0; # load next a
&mov("eax",&wparam(0)) if $pos > 0; # load r[]
###
&adc($c1,"edx");
&mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 0; # laod next b
&mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 1; # laod next b
&mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 0; # load next b
&mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 1; # load next b
###
&adc($c2,0);
# is pos > 1, it means it is the last loop
&mov(&DWP($i*4,"eax","",0),$c0) if $pos > 0; # save r[];
&mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1; # laod next a
&mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1; # load next a
}
sub sqr_add_c

4
trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/ia64-mont.pl vendored
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -857,4 +857,4 @@ ___
open STDOUT,">$output" if $output;
print $code;
close STDOUT;
close STDOUT or die "error closing STDOUT: $!";

4
trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/mips-mont.pl vendored
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -430,4 +430,4 @@ ___
$code =~ s/\`([^\`]*)\`/eval $1/gem;
print $code;
close STDOUT;
close STDOUT or die "error closing STDOUT: $!";

8
trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/mips.pl vendored
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -89,7 +89,7 @@ if ($flavour =~ /64|n32/i) {
$SZREG=4;
$REG_S="sw";
$REG_L="lw";
$code=".set mips2\n";
$code="#if !(defined (__mips_isa_rev) && (__mips_isa_rev >= 6))\n.set mips2\n#endif\n";
}
# Below is N32/64 register layout used in the original module.
@ -801,7 +801,7 @@ $code.=<<___;
#if 0
/*
* The bn_div_3_words entry point is re-used for constant-time interface.
* Implementation is retained as hystorical reference.
* Implementation is retained as historical reference.
*/
.align 5
.globl bn_div_3_words
@ -2260,4 +2260,4 @@ $code.=<<___;
.end bn_sqr_comba4
___
print $code;
close STDOUT;
close STDOUT or die "error closing STDOUT: $!";

4
trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/parisc-mont.pl vendored
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -1003,4 +1003,4 @@ foreach (split("\n",$code)) {
print $_,"\n";
}
close STDOUT;
close STDOUT or die "error closing STDOUT: $!";

4
trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/ppc-mont.pl vendored
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -1987,4 +1987,4 @@ ___
$code =~ s/\`([^\`]*)\`/eval $1/gem;
print $code;
close STDOUT;
close STDOUT or die "error closing STDOUT: $!";

5
trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/ppc.pl vendored
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -258,6 +258,7 @@ $data=<<EOF;
# .text section
.machine "any"
.text
#
# NOTE: The following label name should be changed to
@ -2008,4 +2009,4 @@ Lppcasm_maw_adios:
EOF
$data =~ s/\`([^\`]*)\`/eval $1/gem;
print $data;
close STDOUT;
close STDOUT or die "error closing STDOUT: $!";

4
trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/ppc64-mont.pl vendored
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -1649,4 +1649,4 @@ ___
$code =~ s/\`([^\`]*)\`/eval $1/gem;
print $code;
close STDOUT;
close STDOUT or die "error closing STDOUT: $!";

6
trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/rsaz-avx2.pl vendored
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2013-2019 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved.
# Copyright (c) 2012, Intel Corporation. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
@ -66,7 +66,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
$addx = ($1>=11);
}
if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) {
if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|based on LLVM) ([0-9]+)\.([0-9]+)/) {
my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10
$avx = ($ver>=3.0) + ($ver>=3.01);
$addx = ($ver>=3.03);
@ -1979,4 +1979,4 @@ rsaz_1024_gather5_avx2:
___
}}}
close STDOUT;
close STDOUT or die "error closing STDOUT: $!";

409
trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/rsaz-x86_64.pl vendored
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved.
# Copyright (c) 2012, Intel Corporation. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
@ -81,7 +81,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
$addx = ($1>=12);
}
if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) {
my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10
$addx = ($ver>=3.03);
}
@ -116,7 +116,7 @@ rsaz_512_sqr: # 25-29% faster than rsaz_512_mul
subq \$128+24, %rsp
.cfi_adjust_cfa_offset 128+24
.Lsqr_body:
movq $mod, %rbp # common argument
movq $mod, %xmm1 # common off-load
movq ($inp), %rdx
movq 8($inp), %rax
movq $n0, 128(%rsp)
@ -134,7 +134,8 @@ $code.=<<___;
.Loop_sqr:
movl $times,128+8(%rsp)
#first iteration
movq %rdx, %rbx
movq %rdx, %rbx # 0($inp)
mov %rax, %rbp # 8($inp)
mulq %rdx
movq %rax, %r8
movq 16($inp), %rax
@ -173,31 +174,29 @@ $code.=<<___;
mulq %rbx
addq %rax, %r14
movq %rbx, %rax
movq %rdx, %r15
adcq \$0, %r15
adcq \$0, %rdx
addq %r8, %r8 #shlq \$1, %r8
movq %r9, %rcx
adcq %r9, %r9 #shld \$1, %r8, %r9
xorq %rcx,%rcx # rcx:r8 = r8 << 1
addq %r8, %r8
movq %rdx, %r15
adcq \$0, %rcx
mulq %rax
movq %rax, (%rsp)
addq %rdx, %r8
adcq \$0, %r9
addq %r8, %rdx
adcq \$0, %rcx
movq %r8, 8(%rsp)
shrq \$63, %rcx
movq %rax, (%rsp)
movq %rdx, 8(%rsp)
#second iteration
movq 8($inp), %r8
movq 16($inp), %rax
mulq %r8
mulq %rbp
addq %rax, %r10
movq 24($inp), %rax
movq %rdx, %rbx
adcq \$0, %rbx
mulq %r8
mulq %rbp
addq %rax, %r11
movq 32($inp), %rax
adcq \$0, %rdx
@ -205,7 +204,7 @@ $code.=<<___;
movq %rdx, %rbx
adcq \$0, %rbx
mulq %r8
mulq %rbp
addq %rax, %r12
movq 40($inp), %rax
adcq \$0, %rdx
@ -213,7 +212,7 @@ $code.=<<___;
movq %rdx, %rbx
adcq \$0, %rbx
mulq %r8
mulq %rbp
addq %rax, %r13
movq 48($inp), %rax
adcq \$0, %rdx
@ -221,7 +220,7 @@ $code.=<<___;
movq %rdx, %rbx
adcq \$0, %rbx
mulq %r8
mulq %rbp
addq %rax, %r14
movq 56($inp), %rax
adcq \$0, %rdx
@ -229,39 +228,39 @@ $code.=<<___;
movq %rdx, %rbx
adcq \$0, %rbx
mulq %r8
mulq %rbp
addq %rax, %r15
movq %r8, %rax
movq %rbp, %rax
adcq \$0, %rdx
addq %rbx, %r15
movq %rdx, %r8
movq %r10, %rdx
adcq \$0, %r8
adcq \$0, %rdx
add %rdx, %rdx
lea (%rcx,%r10,2), %r10 #shld \$1, %rcx, %r10
movq %r11, %rbx
adcq %r11, %r11 #shld \$1, %r10, %r11
xorq %rbx, %rbx # rbx:r10:r9 = r10:r9 << 1
addq %r9, %r9
movq %rdx, %r8
adcq %r10, %r10
adcq \$0, %rbx
mulq %rax
# rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
addq %rcx, %rax
movq 16($inp), %rbp
addq %rax, %r9
movq 24($inp), %rax
adcq %rdx, %r10
adcq \$0, %r11
adcq \$0, %rbx
movq %r9, 16(%rsp)
movq %r10, 24(%rsp)
shrq \$63, %rbx
#third iteration
movq 16($inp), %r9
movq 24($inp), %rax
mulq %r9
mulq %rbp
addq %rax, %r12
movq 32($inp), %rax
movq %rdx, %rcx
adcq \$0, %rcx
mulq %r9
mulq %rbp
addq %rax, %r13
movq 40($inp), %rax
adcq \$0, %rdx
@ -269,7 +268,7 @@ $code.=<<___;
movq %rdx, %rcx
adcq \$0, %rcx
mulq %r9
mulq %rbp
addq %rax, %r14
movq 48($inp), %rax
adcq \$0, %rdx
@ -277,9 +276,7 @@ $code.=<<___;
movq %rdx, %rcx
adcq \$0, %rcx
mulq %r9
movq %r12, %r10
lea (%rbx,%r12,2), %r12 #shld \$1, %rbx, %r12
mulq %rbp
addq %rax, %r15
movq 56($inp), %rax
adcq \$0, %rdx
@ -287,36 +284,40 @@ $code.=<<___;
movq %rdx, %rcx
adcq \$0, %rcx
mulq %r9
shrq \$63, %r10
mulq %rbp
addq %rax, %r8
movq %r9, %rax
movq %rbp, %rax
adcq \$0, %rdx
addq %rcx, %r8
movq %rdx, %r9
adcq \$0, %r9
adcq \$0, %rdx
movq %r13, %rcx
leaq (%r10,%r13,2), %r13 #shld \$1, %r12, %r13
xorq %rcx, %rcx # rcx:r12:r11 = r12:r11 << 1
addq %r11, %r11
movq %rdx, %r9
adcq %r12, %r12
adcq \$0, %rcx
mulq %rax
# rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
addq %rbx, %rax
movq 24($inp), %r10
addq %rax, %r11
movq 32($inp), %rax
adcq %rdx, %r12
adcq \$0, %r13
adcq \$0, %rcx
movq %r11, 32(%rsp)
movq %r12, 40(%rsp)
shrq \$63, %rcx
#fourth iteration
movq 24($inp), %r10
movq 32($inp), %rax
mov %rax, %r11 # 32($inp)
mulq %r10
addq %rax, %r14
movq 40($inp), %rax
movq %rdx, %rbx
adcq \$0, %rbx
mov %rax, %r12 # 40($inp)
mulq %r10
addq %rax, %r15
movq 48($inp), %rax
@ -325,9 +326,8 @@ $code.=<<___;
movq %rdx, %rbx
adcq \$0, %rbx
mov %rax, %rbp # 48($inp)
mulq %r10
movq %r14, %r12
leaq (%rcx,%r14,2), %r14 #shld \$1, %rcx, %r14
addq %rax, %r8
movq 56($inp), %rax
adcq \$0, %rdx
@ -336,32 +336,33 @@ $code.=<<___;
adcq \$0, %rbx
mulq %r10
shrq \$63, %r12
addq %rax, %r9
movq %r10, %rax
adcq \$0, %rdx
addq %rbx, %r9
movq %rdx, %r10
adcq \$0, %r10
adcq \$0, %rdx
movq %r15, %rbx
leaq (%r12,%r15,2),%r15 #shld \$1, %r14, %r15
xorq %rbx, %rbx # rbx:r13:r14 = r13:r14 << 1
addq %r13, %r13
movq %rdx, %r10
adcq %r14, %r14
adcq \$0, %rbx
mulq %rax
# rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
addq %rcx, %rax
addq %rax, %r13
movq %r12, %rax # 40($inp)
adcq %rdx, %r14
adcq \$0, %r15
adcq \$0, %rbx
movq %r13, 48(%rsp)
movq %r14, 56(%rsp)
shrq \$63, %rbx
#fifth iteration
movq 32($inp), %r11
movq 40($inp), %rax
mulq %r11
addq %rax, %r8
movq 48($inp), %rax
movq %rbp, %rax # 48($inp)
movq %rdx, %rcx
adcq \$0, %rcx
@ -369,97 +370,99 @@ $code.=<<___;
addq %rax, %r9
movq 56($inp), %rax
adcq \$0, %rdx
movq %r8, %r12
leaq (%rbx,%r8,2), %r8 #shld \$1, %rbx, %r8
addq %rcx, %r9
movq %rdx, %rcx
adcq \$0, %rcx
mov %rax, %r14 # 56($inp)
mulq %r11
shrq \$63, %r12
addq %rax, %r10
movq %r11, %rax
adcq \$0, %rdx
addq %rcx, %r10
movq %rdx, %r11
adcq \$0, %r11
adcq \$0, %rdx
movq %r9, %rcx
leaq (%r12,%r9,2), %r9 #shld \$1, %r8, %r9
xorq %rcx, %rcx # rcx:r8:r15 = r8:r15 << 1
addq %r15, %r15
movq %rdx, %r11
adcq %r8, %r8
adcq \$0, %rcx
mulq %rax
# rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
addq %rbx, %rax
addq %rax, %r15
movq %rbp, %rax # 48($inp)
adcq %rdx, %r8
adcq \$0, %r9
adcq \$0, %rcx
movq %r15, 64(%rsp)
movq %r8, 72(%rsp)
shrq \$63, %rcx
#sixth iteration
movq 40($inp), %r12
movq 48($inp), %rax
mulq %r12
addq %rax, %r10
movq 56($inp), %rax
movq %r14, %rax # 56($inp)
movq %rdx, %rbx
adcq \$0, %rbx
mulq %r12
addq %rax, %r11
movq %r12, %rax
movq %r10, %r15
leaq (%rcx,%r10,2), %r10 #shld \$1, %rcx, %r10
adcq \$0, %rdx
shrq \$63, %r15
addq %rbx, %r11
movq %rdx, %r12
adcq \$0, %r12
adcq \$0, %rdx
movq %r11, %rbx
leaq (%r15,%r11,2), %r11 #shld \$1, %r10, %r11
xorq %rbx, %rbx # rbx:r10:r9 = r10:r9 << 1
addq %r9, %r9
movq %rdx, %r12
adcq %r10, %r10
adcq \$0, %rbx
mulq %rax
# rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
addq %rcx, %rax
addq %rax, %r9
movq %r14, %rax # 56($inp)
adcq %rdx, %r10
adcq \$0, %r11
adcq \$0, %rbx
movq %r9, 80(%rsp)
movq %r10, 88(%rsp)
#seventh iteration
movq 48($inp), %r13
movq 56($inp), %rax
mulq %r13
mulq %rbp
addq %rax, %r12
movq %r13, %rax
movq %rdx, %r13
adcq \$0, %r13
movq %rbp, %rax
adcq \$0, %rdx
xorq %r14, %r14
shlq \$1, %rbx
adcq %r12, %r12 #shld \$1, %rbx, %r12
adcq %r13, %r13 #shld \$1, %r12, %r13
adcq %r14, %r14 #shld \$1, %r13, %r14
xorq %rcx, %rcx # rcx:r12:r11 = r12:r11 << 1
addq %r11, %r11
movq %rdx, %r13
adcq %r12, %r12
adcq \$0, %rcx
mulq %rax
# rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
addq %rbx, %rax
addq %rax, %r11
movq %r14, %rax # 56($inp)
adcq %rdx, %r12
adcq \$0, %r13
adcq \$0, %rcx
movq %r11, 96(%rsp)
movq %r12, 104(%rsp)
#eighth iteration
movq 56($inp), %rax
xorq %rbx, %rbx # rbx:r13 = r13 << 1
addq %r13, %r13
adcq \$0, %rbx
mulq %rax
addq %rax, %r13
adcq \$0, %rdx
addq %rdx, %r14
movq %r13, 112(%rsp)
movq %r14, 120(%rsp)
# rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
addq %rcx, %rax
addq %r13, %rax
adcq %rbx, %rdx
movq (%rsp), %r8
movq 8(%rsp), %r9
@ -469,6 +472,10 @@ $code.=<<___;
movq 40(%rsp), %r13
movq 48(%rsp), %r14
movq 56(%rsp), %r15
movq %xmm1, %rbp
movq %rax, 112(%rsp)
movq %rdx, 120(%rsp)
call __rsaz_512_reduce
@ -500,9 +507,9 @@ $code.=<<___;
.Loop_sqrx:
movl $times,128+8(%rsp)
movq $out, %xmm0 # off-load
movq %rbp, %xmm1 # off-load
#first iteration
mulx %rax, %r8, %r9
mov %rax, %rbx
mulx 16($inp), %rcx, %r10
xor %rbp, %rbp # cf=0, of=0
@ -510,40 +517,39 @@ $code.=<<___;
mulx 24($inp), %rax, %r11
adcx %rcx, %r9
mulx 32($inp), %rcx, %r12
.byte 0xc4,0x62,0xf3,0xf6,0xa6,0x20,0x00,0x00,0x00 # mulx 32($inp), %rcx, %r12
adcx %rax, %r10
mulx 40($inp), %rax, %r13
.byte 0xc4,0x62,0xfb,0xf6,0xae,0x28,0x00,0x00,0x00 # mulx 40($inp), %rax, %r13
adcx %rcx, %r11
.byte 0xc4,0x62,0xf3,0xf6,0xb6,0x30,0x00,0x00,0x00 # mulx 48($inp), %rcx, %r14
mulx 48($inp), %rcx, %r14
adcx %rax, %r12
adcx %rcx, %r13
.byte 0xc4,0x62,0xfb,0xf6,0xbe,0x38,0x00,0x00,0x00 # mulx 56($inp), %rax, %r15
mulx 56($inp), %rax, %r15
adcx %rax, %r14
adcx %rbp, %r15 # %rbp is 0
mov %r9, %rcx
shld \$1, %r8, %r9
shl \$1, %r8
xor %ebp, %ebp
mulx %rdx, %rax, %rdx
adcx %rdx, %r8
mov 8($inp), %rdx
adcx %rbp, %r9
mulx %rdx, %rax, $out
mov %rbx, %rdx # 8($inp)
xor %rcx, %rcx
adox %r8, %r8
adcx $out, %r8
adox %rbp, %rcx
adcx %rbp, %rcx
mov %rax, (%rsp)
mov %r8, 8(%rsp)
#second iteration
mulx 16($inp), %rax, %rbx
.byte 0xc4,0xe2,0xfb,0xf6,0x9e,0x10,0x00,0x00,0x00 # mulx 16($inp), %rax, %rbx
adox %rax, %r10
adcx %rbx, %r11
.byte 0xc4,0x62,0xc3,0xf6,0x86,0x18,0x00,0x00,0x00 # mulx 24($inp), $out, %r8
mulx 24($inp), $out, %r8
adox $out, %r11
.byte 0x66
adcx %r8, %r12
mulx 32($inp), %rax, %rbx
@ -561,24 +567,25 @@ $code.=<<___;
.byte 0xc4,0x62,0xc3,0xf6,0x86,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r8
adox $out, %r15
adcx %rbp, %r8
mulx %rdx, %rax, $out
adox %rbp, %r8
.byte 0x48,0x8b,0x96,0x10,0x00,0x00,0x00 # mov 16($inp), %rdx
mov %r11, %rbx
shld \$1, %r10, %r11
shld \$1, %rcx, %r10
xor %ebp,%ebp
mulx %rdx, %rax, %rcx
mov 16($inp), %rdx
xor %rbx, %rbx
adox %r9, %r9
# rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
adcx %rcx, %rax
adox %r10, %r10
adcx %rax, %r9
adcx %rcx, %r10
adcx %rbp, %r11
adox %rbp, %rbx
adcx $out, %r10
adcx %rbp, %rbx
mov %r9, 16(%rsp)
.byte 0x4c,0x89,0x94,0x24,0x18,0x00,0x00,0x00 # mov %r10, 24(%rsp)
#third iteration
.byte 0xc4,0x62,0xc3,0xf6,0x8e,0x18,0x00,0x00,0x00 # mulx 24($inp), $out, %r9
mulx 24($inp), $out, %r9
adox $out, %r12
adcx %r9, %r13
@ -586,7 +593,7 @@ $code.=<<___;
adox %rax, %r13
adcx %rcx, %r14
mulx 40($inp), $out, %r9
.byte 0xc4,0x62,0xc3,0xf6,0x8e,0x28,0x00,0x00,0x00 # mulx 40($inp), $out, %r9
adox $out, %r14
adcx %r9, %r15
@ -594,27 +601,28 @@ $code.=<<___;
adox %rax, %r15
adcx %rcx, %r8
.byte 0xc4,0x62,0xc3,0xf6,0x8e,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r9
mulx 56($inp), $out, %r9
adox $out, %r8
adcx %rbp, %r9
mulx %rdx, %rax, $out
adox %rbp, %r9
mov %r13, %rcx
shld \$1, %r12, %r13
shld \$1, %rbx, %r12
xor %ebp, %ebp
mulx %rdx, %rax, %rdx
adcx %rax, %r11
adcx %rdx, %r12
mov 24($inp), %rdx
adcx %rbp, %r13
xor %rcx, %rcx
adox %r11, %r11
# rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
adcx %rbx, %rax
adox %r12, %r12
adcx %rax, %r11
adox %rbp, %rcx
adcx $out, %r12
adcx %rbp, %rcx
mov %r11, 32(%rsp)
.byte 0x4c,0x89,0xa4,0x24,0x28,0x00,0x00,0x00 # mov %r12, 40(%rsp)
mov %r12, 40(%rsp)
#fourth iteration
.byte 0xc4,0xe2,0xfb,0xf6,0x9e,0x20,0x00,0x00,0x00 # mulx 32($inp), %rax, %rbx
mulx 32($inp), %rax, %rbx
adox %rax, %r14
adcx %rbx, %r15
@ -629,25 +637,25 @@ $code.=<<___;
mulx 56($inp), $out, %r10
adox $out, %r9
adcx %rbp, %r10
mulx %rdx, %rax, $out
adox %rbp, %r10
.byte 0x66
mov %r15, %rbx
shld \$1, %r14, %r15
shld \$1, %rcx, %r14
xor %ebp, %ebp
mulx %rdx, %rax, %rdx
adcx %rax, %r13
adcx %rdx, %r14
mov 32($inp), %rdx
adcx %rbp, %r15
xor %rbx, %rbx
adox %r13, %r13
# rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
adcx %rcx, %rax
adox %r14, %r14
adcx %rax, %r13
adox %rbp, %rbx
adcx $out, %r14
adcx %rbp, %rbx
mov %r13, 48(%rsp)
mov %r14, 56(%rsp)
#fifth iteration
.byte 0xc4,0x62,0xc3,0xf6,0x9e,0x28,0x00,0x00,0x00 # mulx 40($inp), $out, %r11
mulx 40($inp), $out, %r11
adox $out, %r8
adcx %r11, %r9
@ -658,18 +666,19 @@ $code.=<<___;
mulx 56($inp), $out, %r11
adox $out, %r10
adcx %rbp, %r11
mulx %rdx, %rax, $out
mov 40($inp), %rdx
adox %rbp, %r11
mov %r9, %rcx
shld \$1, %r8, %r9
shld \$1, %rbx, %r8
xor %ebp, %ebp
mulx %rdx, %rax, %rdx
xor %rcx, %rcx
adox %r15, %r15
# rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
adcx %rbx, %rax
adox %r8, %r8
adcx %rax, %r15
adcx %rdx, %r8
mov 40($inp), %rdx
adcx %rbp, %r9
adox %rbp, %rcx
adcx $out, %r8
adcx %rbp, %rcx
mov %r15, 64(%rsp)
mov %r8, 72(%rsp)
@ -682,18 +691,19 @@ $code.=<<___;
.byte 0xc4,0x62,0xc3,0xf6,0xa6,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r12
adox $out, %r11
adcx %rbp, %r12
mulx %rdx, %rax, $out
adox %rbp, %r12
mov %r11, %rbx
shld \$1, %r10, %r11
shld \$1, %rcx, %r10
xor %ebp, %ebp
mulx %rdx, %rax, %rdx
adcx %rax, %r9
adcx %rdx, %r10
mov 48($inp), %rdx
adcx %rbp, %r11
xor %rbx, %rbx
adox %r9, %r9
# rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
adcx %rcx, %rax
adox %r10, %r10
adcx %rax, %r9
adcx $out, %r10
adox %rbp, %rbx
adcx %rbp, %rbx
mov %r9, 80(%rsp)
mov %r10, 88(%rsp)
@ -703,31 +713,31 @@ $code.=<<___;
adox %rax, %r12
adox %rbp, %r13
xor %r14, %r14
shld \$1, %r13, %r14
shld \$1, %r12, %r13
shld \$1, %rbx, %r12
xor %ebp, %ebp
mulx %rdx, %rax, %rdx
adcx %rax, %r11
adcx %rdx, %r12
mulx %rdx, %rax, $out
xor %rcx, %rcx
mov 56($inp), %rdx
adcx %rbp, %r13
adox %r11, %r11
# rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
adcx %rbx, %rax
adox %r12, %r12
adcx %rax, %r11
adox %rbp, %rcx
adcx $out, %r12
adcx %rbp, %rcx
.byte 0x4c,0x89,0x9c,0x24,0x60,0x00,0x00,0x00 # mov %r11, 96(%rsp)
.byte 0x4c,0x89,0xa4,0x24,0x68,0x00,0x00,0x00 # mov %r12, 104(%rsp)
#eighth iteration
mulx %rdx, %rax, %rdx
adox %rax, %r13
adox %rbp, %rdx
xor %rbx, %rbx
adox %r13, %r13
# rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
adcx %rcx, %rax
adox %rbp, %rbx
adcx %r13, %rax
adcx %rdx, %rbx
.byte 0x66
add %rdx, %r14
movq %r13, 112(%rsp)
movq %r14, 120(%rsp)
movq %xmm0, $out
movq %xmm1, %rbp
@ -741,6 +751,9 @@ $code.=<<___;
movq 48(%rsp), %r14
movq 56(%rsp), %r15
movq %rax, 112(%rsp)
movq %rbx, 120(%rsp)
call __rsaz_512_reducex
addq 64(%rsp), %r8
@ -1606,6 +1619,7 @@ $code.=<<___;
.type __rsaz_512_reduce,\@abi-omnipotent
.align 32
__rsaz_512_reduce:
.cfi_startproc
movq %r8, %rbx
imulq 128+8(%rsp), %rbx
movq 0(%rbp), %rax
@ -1685,6 +1699,7 @@ __rsaz_512_reduce:
jne .Lreduction_loop
ret
.cfi_endproc
.size __rsaz_512_reduce,.-__rsaz_512_reduce
___
}
@ -1698,6 +1713,7 @@ $code.=<<___;
.type __rsaz_512_reducex,\@abi-omnipotent
.align 32
__rsaz_512_reducex:
.cfi_startproc
#movq 128+8(%rsp), %rdx # pull $n0
imulq %r8, %rdx
xorq %rsi, %rsi # cf=0,of=0
@ -1750,6 +1766,7 @@ __rsaz_512_reducex:
jne .Lreduction_loopx
ret
.cfi_endproc
.size __rsaz_512_reducex,.-__rsaz_512_reducex
___
}
@ -1761,6 +1778,7 @@ $code.=<<___;
.type __rsaz_512_subtract,\@abi-omnipotent
.align 32
__rsaz_512_subtract:
.cfi_startproc
movq %r8, ($out)
movq %r9, 8($out)
movq %r10, 16($out)
@ -1814,6 +1832,7 @@ __rsaz_512_subtract:
movq %r15, 56($out)
ret
.cfi_endproc
.size __rsaz_512_subtract,.-__rsaz_512_subtract
___
}
@ -1827,6 +1846,7 @@ $code.=<<___;
.type __rsaz_512_mul,\@abi-omnipotent
.align 32
__rsaz_512_mul:
.cfi_startproc
leaq 8(%rsp), %rdi
movq ($ap), %rax
@ -1965,6 +1985,7 @@ __rsaz_512_mul:
movq %r15, 56(%rdi)
ret
.cfi_endproc
.size __rsaz_512_mul,.-__rsaz_512_mul
___
}
@ -1979,6 +2000,7 @@ $code.=<<___;
.type __rsaz_512_mulx,\@abi-omnipotent
.align 32
__rsaz_512_mulx:
.cfi_startproc
mulx ($ap), %rbx, %r8 # initial %rdx preloaded by caller
mov \$-6, %rcx
@ -2095,6 +2117,7 @@ __rsaz_512_mulx:
mov %r15, 8+64+56(%rsp)
ret
.cfi_endproc
.size __rsaz_512_mulx,.-__rsaz_512_mulx
___
}
@ -2105,6 +2128,7 @@ $code.=<<___;
.type rsaz_512_scatter4,\@abi-omnipotent
.align 16
rsaz_512_scatter4:
.cfi_startproc
leaq ($out,$power,8), $out
movl \$8, %r9d
jmp .Loop_scatter
@ -2117,12 +2141,14 @@ rsaz_512_scatter4:
decl %r9d
jnz .Loop_scatter
ret
.cfi_endproc
.size rsaz_512_scatter4,.-rsaz_512_scatter4
.globl rsaz_512_gather4
.type rsaz_512_gather4,\@abi-omnipotent
.align 16
rsaz_512_gather4:
.cfi_startproc
___
$code.=<<___ if ($win64);
.LSEH_begin_rsaz_512_gather4:
@ -2217,6 +2243,7 @@ ___
$code.=<<___;
ret
.LSEH_end_rsaz_512_gather4:
.cfi_endproc
.size rsaz_512_gather4,.-rsaz_512_gather4
.align 64
@ -2401,4 +2428,4 @@ ___
$code =~ s/\`([^\`]*)\`/eval $1/gem;
print $code;
close STDOUT;
close STDOUT or die "error closing STDOUT: $!";

4
trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/s390x-gf2m.pl vendored
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -225,4 +225,4 @@ ___
$code =~ s/\`([^\`]*)\`/eval($1)/gem;
print $code;
close STDOUT;
close STDOUT or die "error closing STDOUT: $!";

12
trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/s390x-mont.pl vendored
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -145,7 +145,7 @@ $code.=<<___;
lghi $NHI,0
alcgr $NHI,$nhi
la $j,8(%r0) # j=1
la $j,8 # j=1
lr $count,$num
.align 16
@ -197,7 +197,7 @@ $code.=<<___;
lghi $NHI,0
alcgr $NHI,$nhi
la $j,8(%r0) # j=1
la $j,8 # j=1
lr $count,$num
.align 16
@ -241,7 +241,7 @@ $code.=<<___;
la $ap,$stdframe($sp)
ahi $num,1 # restore $num, incidentally clears "borrow"
la $j,0(%r0)
la $j,0
lr $count,$num
.Lsub: lg $alo,0($j,$ap)
lg $nlo,0($j,$np)
@ -255,7 +255,7 @@ $code.=<<___;
lghi $NHI,-1
xgr $NHI,$AHI
la $j,0(%r0)
la $j,0
lgr $count,$num
.Lcopy: lg $ahi,$stdframe($j,$sp) # conditional copy
lg $alo,0($j,$rp)
@ -281,4 +281,4 @@ foreach (split("\n",$code)) {
s/_dswap\s+(%r[0-9]+)/sprintf("rllg\t%s,%s,32",$1,$1) if($SIZE_T==4)/e;
print $_,"\n";
}
close STDOUT;
close STDOUT or die "error closing STDOUT: $!";

2
trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/s390x.S vendored
View file

@ -511,7 +511,7 @@ bn_mul_comba4:
lghi zero,0
mul_add_c(0,0,c1,c2,c3);
stg c1,0*8(%r3)
stg c1,0*8(%r2)
lghi c1,0
mul_add_c(0,1,c2,c3,c1);

4
trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparct4-mont.pl vendored
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -1225,4 +1225,4 @@ ___
&emit_assembler();
close STDOUT;
close STDOUT or die "error closing STDOUT: $!";

4
trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparcv9-gf2m.pl vendored
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -197,4 +197,4 @@ ___
$code =~ s/\`([^\`]*)\`/eval($1)/gem;
print $code;
close STDOUT;
close STDOUT or die "error closing STDOUT: $!";

4
trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparcv9-mont.pl vendored
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -617,4 +617,4 @@ $code.=<<___;
___
$code =~ s/\`([^\`]*)\`/eval($1)/gem;
print $code;
close STDOUT;
close STDOUT or die "error closing STDOUT: $!";

4
trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparcv9a-mont.pl vendored
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -884,4 +884,4 @@ $code =~ s/fzeros\s+%f([0-9]+)/
print $code;
# flush
close STDOUT;
close STDOUT or die "error closing STDOUT: $!";

4
trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/via-mont.pl vendored
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -248,4 +248,4 @@ $sp=&DWP(28,"esp");
&asm_finish();
close STDOUT;
close STDOUT or die "error closing STDOUT: $!";

4
trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/vis3-mont.pl vendored
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -381,4 +381,4 @@ foreach (split("\n",$code)) {
print $_,"\n";
}
close STDOUT;
close STDOUT or die "error closing STDOUT: $!";

4
trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86-gf2m.pl vendored
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -322,4 +322,4 @@ if ($sse2) {
&asm_finish();
close STDOUT;
close STDOUT or die "error closing STDOUT: $!";

4
trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86-mont.pl vendored
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -628,4 +628,4 @@ $sbit=$num;
&asm_finish();
close STDOUT;
close STDOUT or die "error closing STDOUT: $!";

2
trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86_64-gcc.c vendored
View file

@ -7,7 +7,7 @@
* https://www.openssl.org/source/license.html
*/
#include "../bn_lcl.h"
#include "../bn_local.h"
#if !(defined(__GNUC__) && __GNUC__>=2)
# include "../bn_asm.c" /* kind of dirty hack for Sun Studio */
#else

4
trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86_64-gf2m.pl vendored
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -421,4 +421,4 @@ ___
$code =~ s/\`([^\`]*)\`/eval($1)/gem;
print $code;
close STDOUT;
close STDOUT or die "error closing STDOUT: $!";

6
trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86_64-mont.pl vendored
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -75,7 +75,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
$addx = ($1>=12);
}
if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) {
my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10
$addx = ($ver>=3.03);
}
@ -1589,4 +1589,4 @@ ___
}
print $code;
close STDOUT;
close STDOUT or die "error closing STDOUT: $!";

24
trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86_64-mont5.pl vendored
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -60,7 +60,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
$addx = ($1>=12);
}
if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) {
my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10
$addx = ($ver>=3.03);
}
@ -580,6 +580,7 @@ $code.=<<___;
.type mul4x_internal,\@abi-omnipotent
.align 32
mul4x_internal:
.cfi_startproc
shl \$5,$num # $num was in bytes
movd `($win64?56:8)`(%rax),%xmm5 # load 7th argument, index
lea .Linc(%rip),%rax
@ -1074,6 +1075,7 @@ $code.=<<___
___
}
$code.=<<___;
.cfi_endproc
.size mul4x_internal,.-mul4x_internal
___
}}}
@ -1239,6 +1241,7 @@ $code.=<<___;
.align 32
bn_sqr8x_internal:
__bn_sqr8x_internal:
.cfi_startproc
##############################################################
# Squaring part:
#
@ -2030,6 +2033,7 @@ __bn_sqr8x_reduction:
cmp %rdx,$tptr # end of t[]?
jb .L8x_reduction_loop
ret
.cfi_endproc
.size bn_sqr8x_internal,.-bn_sqr8x_internal
___
}
@ -2042,6 +2046,7 @@ $code.=<<___;
.type __bn_post4x_internal,\@abi-omnipotent
.align 32
__bn_post4x_internal:
.cfi_startproc
mov 8*0($nptr),%r12
lea (%rdi,$num),$tptr # %rdi was $tptr above
mov $num,%rcx
@ -2092,6 +2097,7 @@ __bn_post4x_internal:
mov $num,%r10 # prepare for back-to-back call
neg $num # restore $num
ret
.cfi_endproc
.size __bn_post4x_internal,.-__bn_post4x_internal
___
}
@ -2101,10 +2107,12 @@ $code.=<<___;
.type bn_from_montgomery,\@abi-omnipotent
.align 32
bn_from_montgomery:
.cfi_startproc
testl \$7,`($win64?"48(%rsp)":"%r9d")`
jz bn_from_mont8x
xor %eax,%eax
ret
.cfi_endproc
.size bn_from_montgomery,.-bn_from_montgomery
.type bn_from_mont8x,\@function,6
@ -2400,6 +2408,7 @@ bn_mulx4x_mont_gather5:
.type mulx4x_internal,\@abi-omnipotent
.align 32
mulx4x_internal:
.cfi_startproc
mov $num,8(%rsp) # save -$num (it was in bytes)
mov $num,%r10
neg $num # restore $num
@ -2750,6 +2759,7 @@ $code.=<<___;
mov 8*2(%rbp),%r14
mov 8*3(%rbp),%r15
jmp .Lsqrx4x_sub_entry # common post-condition
.cfi_endproc
.size mulx4x_internal,.-mulx4x_internal
___
} {
@ -3555,6 +3565,7 @@ my ($rptr,$nptr)=("%rdx","%rbp");
$code.=<<___;
.align 32
__bn_postx4x_internal:
.cfi_startproc
mov 8*0($nptr),%r12
mov %rcx,%r10 # -$num
mov %rcx,%r9 # -$num
@ -3602,6 +3613,7 @@ __bn_postx4x_internal:
neg %r9 # restore $num
ret
.cfi_endproc
.size __bn_postx4x_internal,.-__bn_postx4x_internal
___
}
@ -3618,6 +3630,7 @@ $code.=<<___;
.type bn_get_bits5,\@abi-omnipotent
.align 16
bn_get_bits5:
.cfi_startproc
lea 0($inp),%r10
lea 1($inp),%r11
mov $num,%ecx
@ -3631,12 +3644,14 @@ bn_get_bits5:
shrl %cl,%eax
and \$31,%eax
ret
.cfi_endproc
.size bn_get_bits5,.-bn_get_bits5
.globl bn_scatter5
.type bn_scatter5,\@abi-omnipotent
.align 16
bn_scatter5:
.cfi_startproc
cmp \$0, $num
jz .Lscatter_epilogue
lea ($tbl,$idx,8),$tbl
@ -3649,6 +3664,7 @@ bn_scatter5:
jnz .Lscatter
.Lscatter_epilogue:
ret
.cfi_endproc
.size bn_scatter5,.-bn_scatter5
.globl bn_gather5
@ -3656,6 +3672,7 @@ bn_scatter5:
.align 32
bn_gather5:
.LSEH_begin_bn_gather5: # Win64 thing, but harmless in other cases
.cfi_startproc
# I can't trust assembler to use specific encoding:-(
.byte 0x4c,0x8d,0x14,0x24 #lea (%rsp),%r10
.byte 0x48,0x81,0xec,0x08,0x01,0x00,0x00 #sub $0x108,%rsp
@ -3740,6 +3757,7 @@ $code.=<<___;
lea (%r10),%rsp
ret
.LSEH_end_bn_gather5:
.cfi_endproc
.size bn_gather5,.-bn_gather5
___
}
@ -3942,4 +3960,4 @@ ___
$code =~ s/\`([^\`]*)\`/eval($1)/gem;
print $code;
close STDOUT;
close STDOUT or die "error closing STDOUT: $!";

2
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_add.c vendored
View file

@ -8,7 +8,7 @@
*/
#include "internal/cryptlib.h"
#include "bn_lcl.h"
#include "bn_local.h"
/* signed add of b to a. */
int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)

2
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_asm.c vendored
View file

@ -10,7 +10,7 @@
#include <assert.h>
#include <openssl/crypto.h>
#include "internal/cryptlib.h"
#include "bn_lcl.h"
#include "bn_local.h"
#if defined(BN_LLONG) || defined(BN_UMULT_HIGH)

2
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_blind.c vendored
View file

@ -9,7 +9,7 @@
#include <openssl/opensslconf.h>
#include "internal/cryptlib.h"
#include "bn_lcl.h"
#include "bn_local.h"
#define BN_BLINDING_COUNTER 32

4
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_ctx.c vendored
View file

@ -8,7 +8,7 @@
*/
#include "internal/cryptlib.h"
#include "bn_lcl.h"
#include "bn_local.h"
/*-
* TODO list
@ -194,6 +194,8 @@ void BN_CTX_start(BN_CTX *ctx)
void BN_CTX_end(BN_CTX *ctx)
{
if (ctx == NULL)
return;
CTXDBG_ENTRY("BN_CTX_end", ctx);
if (ctx->err_stack)
ctx->err_stack--;

2
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_depr.c vendored
View file

@ -20,7 +20,7 @@ NON_EMPTY_TRANSLATION_UNIT
# include <stdio.h>
# include <time.h>
# include "internal/cryptlib.h"
# include "bn_lcl.h"
# include "bn_local.h"
BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
const BIGNUM *add, const BIGNUM *rem,

4
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_dh.c vendored
View file

@ -7,12 +7,12 @@
* https://www.openssl.org/source/license.html
*/
#include "bn_lcl.h"
#include "bn_local.h"
#include "internal/nelem.h"
#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
#include "internal/bn_dh.h"
#include "crypto/bn_dh.h"
/* DH parameters from RFC5114 */
# if BN_BITS2 == 64

13
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_div.c vendored
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -10,7 +10,7 @@
#include <assert.h>
#include <openssl/bn.h>
#include "internal/cryptlib.h"
#include "bn_lcl.h"
#include "bn_local.h"
/* The old slow way */
#if 0
@ -258,7 +258,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
*
* - availability of constant-time bn_div_3_words;
* - dividend is at least as "wide" as divisor, limb-wise, zero-padded
* if so requied, which shouldn't be a privacy problem, because
* if so required, which shouldn't be a privacy problem, because
* divisor's length is considered public;
*/
int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
@ -268,7 +268,7 @@ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
BIGNUM *tmp, *snum, *sdiv, *res;
BN_ULONG *resp, *wnum, *wnumtop;
BN_ULONG d0, d1;
int num_n, div_n;
int num_n, div_n, num_neg;
assert(divisor->top > 0 && divisor->d[divisor->top - 1] != 0);
@ -326,7 +326,8 @@ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
/* Setup quotient */
if (!bn_wexpand(res, loop))
goto err;
res->neg = (num->neg ^ divisor->neg);
num_neg = num->neg;
res->neg = (num_neg ^ divisor->neg);
res->top = loop;
res->flags |= BN_FLG_FIXED_TOP;
resp = &(res->d[loop]);
@ -442,7 +443,7 @@ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
*--resp = q;
}
/* snum holds remainder, it's as wide as divisor */
snum->neg = num->neg;
snum->neg = num_neg;
snum->top = div_n;
snum->flags |= BN_FLG_FIXED_TOP;
if (rm != NULL)

4
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_exp.c vendored
View file

@ -8,8 +8,8 @@
*/
#include "internal/cryptlib.h"
#include "internal/constant_time_locl.h"
#include "bn_lcl.h"
#include "internal/constant_time.h"
#include "bn_local.h"
#include <stdlib.h>
#ifdef _WIN32

2
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_exp2.c vendored
View file

@ -9,7 +9,7 @@
#include <stdio.h>
#include "internal/cryptlib.h"
#include "bn_lcl.h"
#include "bn_local.h"
#define TABLE_SIZE 32

562
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_gcd.c vendored
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -8,130 +8,191 @@
*/
#include "internal/cryptlib.h"
#include "bn_lcl.h"
#include "bn_local.h"
static BIGNUM *euclid(BIGNUM *a, BIGNUM *b);
int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
/*
* bn_mod_inverse_no_branch is a special version of BN_mod_inverse. It does
* not contain branches that may leak sensitive information.
*
* This is a static function, we ensure all callers in this file pass valid
* arguments: all passed pointers here are non-NULL.
*/
static ossl_inline
BIGNUM *bn_mod_inverse_no_branch(BIGNUM *in,
const BIGNUM *a, const BIGNUM *n,
BN_CTX *ctx, int *pnoinv)
{
BIGNUM *a, *b, *t;
int ret = 0;
BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL;
BIGNUM *ret = NULL;
int sign;
bn_check_top(in_a);
bn_check_top(in_b);
bn_check_top(a);
bn_check_top(n);
BN_CTX_start(ctx);
a = BN_CTX_get(ctx);
b = BN_CTX_get(ctx);
if (b == NULL)
A = BN_CTX_get(ctx);
B = BN_CTX_get(ctx);
X = BN_CTX_get(ctx);
D = BN_CTX_get(ctx);
M = BN_CTX_get(ctx);
Y = BN_CTX_get(ctx);
T = BN_CTX_get(ctx);
if (T == NULL)
goto err;
if (BN_copy(a, in_a) == NULL)
if (in == NULL)
R = BN_new();
else
R = in;
if (R == NULL)
goto err;
if (BN_copy(b, in_b) == NULL)
goto err;
a->neg = 0;
b->neg = 0;
if (BN_cmp(a, b) < 0) {
t = a;
a = b;
b = t;
BN_one(X);
BN_zero(Y);
if (BN_copy(B, a) == NULL)
goto err;
if (BN_copy(A, n) == NULL)
goto err;
A->neg = 0;
if (B->neg || (BN_ucmp(B, A) >= 0)) {
/*
* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
* BN_div_no_branch will be called eventually.
*/
{
BIGNUM local_B;
bn_init(&local_B);
BN_with_flags(&local_B, B, BN_FLG_CONSTTIME);
if (!BN_nnmod(B, &local_B, A, ctx))
goto err;
/* Ensure local_B goes out of scope before any further use of B */
}
}
t = euclid(a, b);
if (t == NULL)
goto err;
sign = -1;
/*-
* From B = a mod |n|, A = |n| it follows that
*
* 0 <= B < A,
* -sign*X*a == B (mod |n|),
* sign*Y*a == A (mod |n|).
*/
if (BN_copy(r, t) == NULL)
while (!BN_is_zero(B)) {
BIGNUM *tmp;
/*-
* 0 < B < A,
* (*) -sign*X*a == B (mod |n|),
* sign*Y*a == A (mod |n|)
*/
/*
* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
* BN_div_no_branch will be called eventually.
*/
{
BIGNUM local_A;
bn_init(&local_A);
BN_with_flags(&local_A, A, BN_FLG_CONSTTIME);
/* (D, M) := (A/B, A%B) ... */
if (!BN_div(D, M, &local_A, B, ctx))
goto err;
/* Ensure local_A goes out of scope before any further use of A */
}
/*-
* Now
* A = D*B + M;
* thus we have
* (**) sign*Y*a == D*B + M (mod |n|).
*/
tmp = A; /* keep the BIGNUM object, the value does not
* matter */
/* (A, B) := (B, A mod B) ... */
A = B;
B = M;
/* ... so we have 0 <= B < A again */
/*-
* Since the former M is now B and the former B is now A,
* (**) translates into
* sign*Y*a == D*A + B (mod |n|),
* i.e.
* sign*Y*a - D*A == B (mod |n|).
* Similarly, (*) translates into
* -sign*X*a == A (mod |n|).
*
* Thus,
* sign*Y*a + D*sign*X*a == B (mod |n|),
* i.e.
* sign*(Y + D*X)*a == B (mod |n|).
*
* So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at
* -sign*X*a == B (mod |n|),
* sign*Y*a == A (mod |n|).
* Note that X and Y stay non-negative all the time.
*/
if (!BN_mul(tmp, D, X, ctx))
goto err;
if (!BN_add(tmp, tmp, Y))
goto err;
M = Y; /* keep the BIGNUM object, the value does not
* matter */
Y = X;
X = tmp;
sign = -sign;
}
/*-
* The while loop (Euclid's algorithm) ends when
* A == gcd(a,n);
* we have
* sign*Y*a == A (mod |n|),
* where Y is non-negative.
*/
if (sign < 0) {
if (!BN_sub(Y, n, Y))
goto err;
}
/* Now Y*a == A (mod |n|). */
if (BN_is_one(A)) {
/* Y*a == 1 (mod |n|) */
if (!Y->neg && BN_ucmp(Y, n) < 0) {
if (!BN_copy(R, Y))
goto err;
} else {
if (!BN_nnmod(R, Y, n, ctx))
goto err;
}
} else {
*pnoinv = 1;
/* caller sets the BN_R_NO_INVERSE error */
goto err;
ret = 1;
}
ret = R;
*pnoinv = 0;
err:
if ((ret == NULL) && (in == NULL))
BN_free(R);
BN_CTX_end(ctx);
bn_check_top(r);
bn_check_top(ret);
return ret;
}
static BIGNUM *euclid(BIGNUM *a, BIGNUM *b)
{
BIGNUM *t;
int shifts = 0;
bn_check_top(a);
bn_check_top(b);
/* 0 <= b <= a */
while (!BN_is_zero(b)) {
/* 0 < b <= a */
if (BN_is_odd(a)) {
if (BN_is_odd(b)) {
if (!BN_sub(a, a, b))
goto err;
if (!BN_rshift1(a, a))
goto err;
if (BN_cmp(a, b) < 0) {
t = a;
a = b;
b = t;
}
} else { /* a odd - b even */
if (!BN_rshift1(b, b))
goto err;
if (BN_cmp(a, b) < 0) {
t = a;
a = b;
b = t;
}
}
} else { /* a is even */
if (BN_is_odd(b)) {
if (!BN_rshift1(a, a))
goto err;
if (BN_cmp(a, b) < 0) {
t = a;
a = b;
b = t;
}
} else { /* a even - b even */
if (!BN_rshift1(a, a))
goto err;
if (!BN_rshift1(b, b))
goto err;
shifts++;
}
}
/* 0 <= b <= a */
}
if (shifts) {
if (!BN_lshift(a, a, shifts))
goto err;
}
bn_check_top(a);
return a;
err:
return NULL;
}
/* solves ax == 1 (mod n) */
static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
const BIGNUM *a, const BIGNUM *n,
BN_CTX *ctx);
BIGNUM *BN_mod_inverse(BIGNUM *in,
const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
{
BIGNUM *rv;
int noinv;
rv = int_bn_mod_inverse(in, a, n, ctx, &noinv);
if (noinv)
BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE);
return rv;
}
/*
* This is an internal function, we assume all callers pass valid arguments:
* all pointers passed here are assumed non-NULL.
*/
BIGNUM *int_bn_mod_inverse(BIGNUM *in,
const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx,
int *pnoinv)
@ -142,17 +203,15 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in,
/* This is invalid input so we don't worry about constant time here */
if (BN_abs_is_word(n, 1) || BN_is_zero(n)) {
if (pnoinv != NULL)
*pnoinv = 1;
*pnoinv = 1;
return NULL;
}
if (pnoinv != NULL)
*pnoinv = 0;
*pnoinv = 0;
if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0)
|| (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)) {
return BN_mod_inverse_no_branch(in, a, n, ctx);
return bn_mod_inverse_no_branch(in, a, n, ctx, pnoinv);
}
bn_check_top(a);
@ -438,8 +497,7 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in,
goto err;
}
} else {
if (pnoinv)
*pnoinv = 1;
*pnoinv = 1;
goto err;
}
ret = R;
@ -451,173 +509,137 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in,
return ret;
}
/*
* BN_mod_inverse_no_branch is a special version of BN_mod_inverse. It does
* not contain branches that may leak sensitive information.
*/
static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
const BIGNUM *a, const BIGNUM *n,
BN_CTX *ctx)
/* solves ax == 1 (mod n) */
BIGNUM *BN_mod_inverse(BIGNUM *in,
const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
{
BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL;
BIGNUM *ret = NULL;
int sign;
BN_CTX *new_ctx = NULL;
BIGNUM *rv;
int noinv = 0;
bn_check_top(a);
bn_check_top(n);
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL) {
BNerr(BN_F_BN_MOD_INVERSE, ERR_R_MALLOC_FAILURE);
return NULL;
}
}
rv = int_bn_mod_inverse(in, a, n, ctx, &noinv);
if (noinv)
BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE);
BN_CTX_free(new_ctx);
return rv;
}
/*-
* This function is based on the constant-time GCD work by Bernstein and Yang:
* https://eprint.iacr.org/2019/266
* Generalized fast GCD function to allow even inputs.
* The algorithm first finds the shared powers of 2 between
* the inputs, and removes them, reducing at least one of the
* inputs to an odd value. Then it proceeds to calculate the GCD.
* Before returning the resulting GCD, we take care of adding
* back the powers of two removed at the beginning.
* Note 1: we assume the bit length of both inputs is public information,
* since access to top potentially leaks this information.
*/
int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
{
BIGNUM *g, *temp = NULL;
BN_ULONG mask = 0;
int i, j, top, rlen, glen, m, bit = 1, delta = 1, cond = 0, shifts = 0, ret = 0;
/* Note 2: zero input corner cases are not constant-time since they are
* handled immediately. An attacker can run an attack under this
* assumption without the need of side-channel information. */
if (BN_is_zero(in_b)) {
ret = BN_copy(r, in_a) != NULL;
r->neg = 0;
return ret;
}
if (BN_is_zero(in_a)) {
ret = BN_copy(r, in_b) != NULL;
r->neg = 0;
return ret;
}
bn_check_top(in_a);
bn_check_top(in_b);
BN_CTX_start(ctx);
A = BN_CTX_get(ctx);
B = BN_CTX_get(ctx);
X = BN_CTX_get(ctx);
D = BN_CTX_get(ctx);
M = BN_CTX_get(ctx);
Y = BN_CTX_get(ctx);
T = BN_CTX_get(ctx);
if (T == NULL)
temp = BN_CTX_get(ctx);
g = BN_CTX_get(ctx);
/* make r != 0, g != 0 even, so BN_rshift is not a potential nop */
if (g == NULL
|| !BN_lshift1(g, in_b)
|| !BN_lshift1(r, in_a))
goto err;
if (in == NULL)
R = BN_new();
else
R = in;
if (R == NULL)
goto err;
BN_one(X);
BN_zero(Y);
if (BN_copy(B, a) == NULL)
goto err;
if (BN_copy(A, n) == NULL)
goto err;
A->neg = 0;
if (B->neg || (BN_ucmp(B, A) >= 0)) {
/*
* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
* BN_div_no_branch will be called eventually.
*/
{
BIGNUM local_B;
bn_init(&local_B);
BN_with_flags(&local_B, B, BN_FLG_CONSTTIME);
if (!BN_nnmod(B, &local_B, A, ctx))
goto err;
/* Ensure local_B goes out of scope before any further use of B */
/* find shared powers of two, i.e. "shifts" >= 1 */
for (i = 0; i < r->dmax && i < g->dmax; i++) {
mask = ~(r->d[i] | g->d[i]);
for (j = 0; j < BN_BITS2; j++) {
bit &= mask;
shifts += bit;
mask >>= 1;
}
}
sign = -1;
/*-
* From B = a mod |n|, A = |n| it follows that
*
* 0 <= B < A,
* -sign*X*a == B (mod |n|),
* sign*Y*a == A (mod |n|).
*/
while (!BN_is_zero(B)) {
BIGNUM *tmp;
/*-
* 0 < B < A,
* (*) -sign*X*a == B (mod |n|),
* sign*Y*a == A (mod |n|)
*/
/*
* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
* BN_div_no_branch will be called eventually.
*/
{
BIGNUM local_A;
bn_init(&local_A);
BN_with_flags(&local_A, A, BN_FLG_CONSTTIME);
/* (D, M) := (A/B, A%B) ... */
if (!BN_div(D, M, &local_A, B, ctx))
goto err;
/* Ensure local_A goes out of scope before any further use of A */
}
/*-
* Now
* A = D*B + M;
* thus we have
* (**) sign*Y*a == D*B + M (mod |n|).
*/
tmp = A; /* keep the BIGNUM object, the value does not
* matter */
/* (A, B) := (B, A mod B) ... */
A = B;
B = M;
/* ... so we have 0 <= B < A again */
/*-
* Since the former M is now B and the former B is now A,
* (**) translates into
* sign*Y*a == D*A + B (mod |n|),
* i.e.
* sign*Y*a - D*A == B (mod |n|).
* Similarly, (*) translates into
* -sign*X*a == A (mod |n|).
*
* Thus,
* sign*Y*a + D*sign*X*a == B (mod |n|),
* i.e.
* sign*(Y + D*X)*a == B (mod |n|).
*
* So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at
* -sign*X*a == B (mod |n|),
* sign*Y*a == A (mod |n|).
* Note that X and Y stay non-negative all the time.
*/
if (!BN_mul(tmp, D, X, ctx))
goto err;
if (!BN_add(tmp, tmp, Y))
goto err;
M = Y; /* keep the BIGNUM object, the value does not
* matter */
Y = X;
X = tmp;
sign = -sign;
}
/*-
* The while loop (Euclid's algorithm) ends when
* A == gcd(a,n);
* we have
* sign*Y*a == A (mod |n|),
* where Y is non-negative.
*/
if (sign < 0) {
if (!BN_sub(Y, n, Y))
goto err;
}
/* Now Y*a == A (mod |n|). */
if (BN_is_one(A)) {
/* Y*a == 1 (mod |n|) */
if (!Y->neg && BN_ucmp(Y, n) < 0) {
if (!BN_copy(R, Y))
goto err;
} else {
if (!BN_nnmod(R, Y, n, ctx))
goto err;
}
} else {
BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH, BN_R_NO_INVERSE);
/* subtract shared powers of two; shifts >= 1 */
if (!BN_rshift(r, r, shifts)
|| !BN_rshift(g, g, shifts))
goto err;
/* expand to biggest nword, with room for a possible extra word */
top = 1 + ((r->top >= g->top) ? r->top : g->top);
if (bn_wexpand(r, top) == NULL
|| bn_wexpand(g, top) == NULL
|| bn_wexpand(temp, top) == NULL)
goto err;
/* re arrange inputs s.t. r is odd */
BN_consttime_swap((~r->d[0]) & 1, r, g, top);
/* compute the number of iterations */
rlen = BN_num_bits(r);
glen = BN_num_bits(g);
m = 4 + 3 * ((rlen >= glen) ? rlen : glen);
for (i = 0; i < m; i++) {
/* conditionally flip signs if delta is positive and g is odd */
cond = (-delta >> (8 * sizeof(delta) - 1)) & g->d[0] & 1
/* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */
& (~((g->top - 1) >> (sizeof(g->top) * 8 - 1)));
delta = (-cond & -delta) | ((cond - 1) & delta);
r->neg ^= cond;
/* swap */
BN_consttime_swap(cond, r, g, top);
/* elimination step */
delta++;
if (!BN_add(temp, g, r))
goto err;
BN_consttime_swap(g->d[0] & 1 /* g is odd */
/* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */
& (~((g->top - 1) >> (sizeof(g->top) * 8 - 1))),
g, temp, top);
if (!BN_rshift1(g, g))
goto err;
}
ret = R;
/* remove possible negative sign */
r->neg = 0;
/* add powers of 2 removed, then correct the artificial shift */
if (!BN_lshift(r, r, shifts)
|| !BN_rshift1(r, r))
goto err;
ret = 1;
err:
if ((ret == NULL) && (in == NULL))
BN_free(R);
BN_CTX_end(ctx);
bn_check_top(ret);
bn_check_top(r);
return ret;
}

2
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_gf2m.c vendored
View file

@ -12,7 +12,7 @@
#include <limits.h>
#include <stdio.h>
#include "internal/cryptlib.h"
#include "bn_lcl.h"
#include "bn_local.h"
#ifndef OPENSSL_NO_EC2M

2
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_intern.c vendored
View file

@ -8,7 +8,7 @@
*/
#include "internal/cryptlib.h"
#include "bn_lcl.h"
#include "bn_local.h"
/*
* Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.

2
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_kron.c vendored
View file

@ -8,7 +8,7 @@
*/
#include "internal/cryptlib.h"
#include "bn_lcl.h"
#include "bn_local.h"
/* least significant word */
#define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0])

129
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_lib.c vendored
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -10,9 +10,9 @@
#include <assert.h>
#include <limits.h>
#include "internal/cryptlib.h"
#include "bn_lcl.h"
#include "bn_local.h"
#include <openssl/opensslconf.h>
#include "internal/constant_time_locl.h"
#include "internal/constant_time.h"
/* This stuff appears to be completely unused, so is deprecated */
#if OPENSSL_API_COMPAT < 0x00908000L
@ -87,6 +87,15 @@ const BIGNUM *BN_value_one(void)
return &const_one;
}
/*
* Old Visual Studio ARM compiler miscompiles BN_num_bits_word()
* https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html
*/
#if defined(_MSC_VER) && defined(_ARM_) && defined(_WIN32_WCE) \
&& _MSC_VER>=1400 && _MSC_VER<1501
# define MS_BROKEN_BN_num_bits_word
# pragma optimize("", off)
#endif
int BN_num_bits_word(BN_ULONG l)
{
BN_ULONG x, mask;
@ -131,21 +140,70 @@ int BN_num_bits_word(BN_ULONG l)
return bits;
}
#ifdef MS_BROKEN_BN_num_bits_word
# pragma optimize("", on)
#endif
/*
* This function still leaks `a->dmax`: it's caller's responsibility to
* expand the input `a` in advance to a public length.
*/
static ossl_inline
int bn_num_bits_consttime(const BIGNUM *a)
{
int j, ret;
unsigned int mask, past_i;
int i = a->top - 1;
bn_check_top(a);
for (j = 0, past_i = 0, ret = 0; j < a->dmax; j++) {
mask = constant_time_eq_int(i, j); /* 0xff..ff if i==j, 0x0 otherwise */
ret += BN_BITS2 & (~mask & ~past_i);
ret += BN_num_bits_word(a->d[j]) & mask;
past_i |= mask; /* past_i will become 0xff..ff after i==j */
}
/*
* if BN_is_zero(a) => i is -1 and ret contains garbage, so we mask the
* final result.
*/
mask = ~(constant_time_eq_int(i, ((int)-1)));
return ret & mask;
}
int BN_num_bits(const BIGNUM *a)
{
int i = a->top - 1;
bn_check_top(a);
if (a->flags & BN_FLG_CONSTTIME) {
/*
* We assume that BIGNUMs flagged as CONSTTIME have also been expanded
* so that a->dmax is not leaking secret information.
*
* In other words, it's the caller's responsibility to ensure `a` has
* been preallocated in advance to a public length if we hit this
* branch.
*
*/
return bn_num_bits_consttime(a);
}
if (BN_is_zero(a))
return 0;
return ((i * BN_BITS2) + BN_num_bits_word(a->d[i]));
}
static void bn_free_d(BIGNUM *a)
static void bn_free_d(BIGNUM *a, int clear)
{
if (BN_get_flags(a, BN_FLG_SECURE))
OPENSSL_secure_free(a->d);
OPENSSL_secure_clear_free(a->d, a->dmax * sizeof(a->d[0]));
else if (clear != 0)
OPENSSL_clear_free(a->d, a->dmax * sizeof(a->d[0]));
else
OPENSSL_free(a->d);
}
@ -155,10 +213,8 @@ void BN_clear_free(BIGNUM *a)
{
if (a == NULL)
return;
if (a->d != NULL && !BN_get_flags(a, BN_FLG_STATIC_DATA)) {
OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
bn_free_d(a);
}
if (a->d != NULL && !BN_get_flags(a, BN_FLG_STATIC_DATA))
bn_free_d(a, 1);
if (BN_get_flags(a, BN_FLG_MALLOCED)) {
OPENSSL_cleanse(a, sizeof(*a));
OPENSSL_free(a);
@ -170,7 +226,7 @@ void BN_free(BIGNUM *a)
if (a == NULL)
return;
if (!BN_get_flags(a, BN_FLG_STATIC_DATA))
bn_free_d(a);
bn_free_d(a, 0);
if (a->flags & BN_FLG_MALLOCED)
OPENSSL_free(a);
}
@ -248,10 +304,8 @@ BIGNUM *bn_expand2(BIGNUM *b, int words)
BN_ULONG *a = bn_expand_internal(b, words);
if (!a)
return NULL;
if (b->d) {
OPENSSL_cleanse(b->d, b->dmax * sizeof(b->d[0]));
bn_free_d(b);
}
if (b->d != NULL)
bn_free_d(b, 1);
b->d = a;
b->dmax = words;
}
@ -280,15 +334,19 @@ BIGNUM *BN_dup(const BIGNUM *a)
BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
{
int bn_words;
bn_check_top(b);
bn_words = BN_get_flags(b, BN_FLG_CONSTTIME) ? b->dmax : b->top;
if (a == b)
return a;
if (bn_wexpand(a, b->top) == NULL)
if (bn_wexpand(a, bn_words) == NULL)
return NULL;
if (b->top > 0)
memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
memcpy(a->d, b->d, sizeof(b->d[0]) * bn_words);
a->neg = b->neg;
a->top = b->top;
@ -338,6 +396,8 @@ void BN_swap(BIGNUM *a, BIGNUM *b)
void BN_clear(BIGNUM *a)
{
if (a == NULL)
return;
bn_check_top(a);
if (a->d != NULL)
OPENSSL_cleanse(a->d, sizeof(*a->d) * a->dmax);
@ -414,8 +474,11 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
return ret;
}
typedef enum {big, little} endianess_t;
/* ignore negative */
static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
static
int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen, endianess_t endianess)
{
int n;
size_t i, lasti, j, atop, mask;
@ -447,10 +510,17 @@ static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
lasti = atop - 1;
atop = a->top * BN_BYTES;
for (i = 0, j = 0, to += tolen; j < (size_t)tolen; j++) {
if (endianess == big)
to += tolen; /* start from the end of the buffer */
for (i = 0, j = 0; j < (size_t)tolen; j++) {
unsigned char val;
l = a->d[i / BN_BYTES];
mask = 0 - ((j - atop) >> (8 * sizeof(i) - 1));
*--to = (unsigned char)(l >> (8 * (i % BN_BYTES)) & mask);
val = (unsigned char)(l >> (8 * (i % BN_BYTES)) & mask);
if (endianess == big)
*--to = val;
else
*to++ = val;
i += (i - lasti) >> (8 * sizeof(i) - 1); /* stay on last limb */
}
@ -461,12 +531,12 @@ int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
{
if (tolen < 0)
return -1;
return bn2binpad(a, to, tolen);
return bn2binpad(a, to, tolen, big);
}
int BN_bn2bin(const BIGNUM *a, unsigned char *to)
{
return bn2binpad(a, to, -1);
return bn2binpad(a, to, -1, big);
}
BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret)
@ -518,22 +588,9 @@ BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret)
int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen)
{
int i;
BN_ULONG l;
bn_check_top(a);
i = BN_num_bytes(a);
if (tolen < i)
if (tolen < 0)
return -1;
/* Add trailing zeroes if necessary */
if (tolen > i)
memset(to + i, 0, tolen - i);
to += i;
while (i--) {
l = a->d[i / BN_BYTES];
to--;
*to = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff;
}
return tolen;
return bn2binpad(a, to, tolen, little);
}
int BN_ucmp(const BIGNUM *a, const BIGNUM *b)

15
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_lcl.h → trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_local.h vendored
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -7,8 +7,8 @@
* https://www.openssl.org/source/license.html
*/
#ifndef HEADER_BN_LCL_H
# define HEADER_BN_LCL_H
#ifndef OSSL_CRYPTO_BN_LOCAL_H
# define OSSL_CRYPTO_BN_LOCAL_H
/*
* The EDK2 build doesn't use bn_conf.h; it sets THIRTY_TWO_BIT or
@ -18,10 +18,10 @@
# include <openssl/opensslconf.h>
# if !defined(OPENSSL_SYS_UEFI)
# include "internal/bn_conf.h"
# include "crypto/bn_conf.h"
# endif
# include "internal/bn_int.h"
# include "crypto/bn.h"
/*
* These preprocessor symbols control various aspects of the bignum headers
@ -295,7 +295,7 @@ struct bn_gencb_st {
(b) > 23 ? 3 : 1)
/*
* BN_mod_exp_mont_conttime is based on the assumption that the L1 data cache
* BN_mod_exp_mont_consttime is based on the assumption that the L1 data cache
* line width of the target processor is at least the following value.
*/
# define MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH ( 64 )
@ -654,9 +654,6 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in,
const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx,
int *noinv);
int bn_probable_prime_dh(BIGNUM *rnd, int bits,
const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
static ossl_inline BIGNUM *bn_expand(BIGNUM *a, int bits)
{
if (bits > (INT_MAX - BN_BITS2 + 1))

2
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_mod.c vendored
View file

@ -8,7 +8,7 @@
*/
#include "internal/cryptlib.h"
#include "bn_lcl.h"
#include "bn_local.h"
int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
{

2
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_mont.c vendored
View file

@ -15,7 +15,7 @@
*/
#include "internal/cryptlib.h"
#include "bn_lcl.h"
#include "bn_local.h"
#define MONT_WORD /* use the faster word-based algorithm */

6
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_mpi.c vendored
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -9,7 +9,7 @@
#include <stdio.h>
#include "internal/cryptlib.h"
#include "bn_lcl.h"
#include "bn_local.h"
int BN_bn2mpi(const BIGNUM *a, unsigned char *d)
{
@ -45,7 +45,7 @@ BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *ain)
int neg = 0;
BIGNUM *a = NULL;
if (n < 4) {
if (n < 4 || (d[0] & 0x80) != 0) {
BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH);
return NULL;
}

2
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_mul.c vendored
View file

@ -9,7 +9,7 @@
#include <assert.h>
#include "internal/cryptlib.h"
#include "bn_lcl.h"
#include "bn_local.h"
#if defined(OPENSSL_NO_ASM) || !defined(OPENSSL_BN_ASM_PART_WORDS)
/*

2
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_nist.c vendored
View file

@ -7,7 +7,7 @@
* https://www.openssl.org/source/license.html
*/
#include "bn_lcl.h"
#include "bn_local.h"
#include "internal/cryptlib.h"
#define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2

218
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_prime.c vendored
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -10,7 +10,7 @@
#include <stdio.h>
#include <time.h>
#include "internal/cryptlib.h"
#include "bn_lcl.h"
#include "bn_local.h"
/*
* The quick sieve algorithm approach to weeding out primes is Philip
@ -22,10 +22,12 @@
static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
const BIGNUM *a1_odd, int k, BN_CTX *ctx,
BN_MONT_CTX *mont);
static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods);
static int probable_prime_dh_safe(BIGNUM *rnd, int bits,
const BIGNUM *add, const BIGNUM *rem,
BN_CTX *ctx);
static int probable_prime(BIGNUM *rnd, int bits, int safe, prime_t *mods);
static int probable_prime_dh(BIGNUM *rnd, int bits, int safe, prime_t *mods,
const BIGNUM *add, const BIGNUM *rem,
BN_CTX *ctx);
#define square(x) ((BN_ULONG)(x) * (BN_ULONG)(x))
int BN_GENCB_call(BN_GENCB *cb, int a, int b)
{
@ -63,8 +65,12 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
/* There are no prime numbers this small. */
BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL);
return 0;
} else if (bits == 2 && safe) {
/* The smallest safe prime (7) is three bits. */
} else if (add == NULL && safe && bits < 6 && bits != 3) {
/*
* The smallest safe prime (7) is three bits.
* But the following two safe primes with less than 6 bits (11, 23)
* are unreachable for BN_rand with BN_RAND_TOP_TWO.
*/
BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL);
return 0;
}
@ -83,16 +89,11 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
loop:
/* make a random number and set the top and bottom bits */
if (add == NULL) {
if (!probable_prime(ret, bits, mods))
if (!probable_prime(ret, bits, safe, mods))
goto err;
} else {
if (safe) {
if (!probable_prime_dh_safe(ret, bits, add, rem, ctx))
goto err;
} else {
if (!bn_probable_prime_dh(ret, bits, add, rem, ctx))
goto err;
}
if (!probable_prime_dh(ret, bits, safe, mods, add, rem, ctx))
goto err;
}
if (!BN_GENCB_call(cb, 0, c1++))
@ -135,8 +136,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
found = 1;
err:
OPENSSL_free(mods);
if (ctx != NULL)
BN_CTX_end(ctx);
BN_CTX_end(ctx);
BN_CTX_free(ctx);
bn_check_top(ret);
return found;
@ -269,17 +269,18 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
return 1;
}
static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods)
static int probable_prime(BIGNUM *rnd, int bits, int safe, prime_t *mods)
{
int i;
BN_ULONG delta;
BN_ULONG maxdelta = BN_MASK2 - primes[NUMPRIMES - 1];
char is_single_word = bits <= BN_BITS2;
again:
/* TODO: Not all primes are private */
if (!BN_priv_rand(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD))
return 0;
if (safe && !BN_set_bit(rnd, 1))
return 0;
/* we now have a random number 'rnd' to test. */
for (i = 1; i < NUMPRIMES; i++) {
BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]);
@ -287,61 +288,25 @@ static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods)
return 0;
mods[i] = (prime_t) mod;
}
/*
* If bits is so small that it fits into a single word then we
* additionally don't want to exceed that many bits.
*/
if (is_single_word) {
BN_ULONG size_limit;
if (bits == BN_BITS2) {
/*
* Shifting by this much has undefined behaviour so we do it a
* different way
*/
size_limit = ~((BN_ULONG)0) - BN_get_word(rnd);
} else {
size_limit = (((BN_ULONG)1) << bits) - BN_get_word(rnd) - 1;
}
if (size_limit < maxdelta)
maxdelta = size_limit;
}
delta = 0;
loop:
if (is_single_word) {
BN_ULONG rnd_word = BN_get_word(rnd);
/*-
* In the case that the candidate prime is a single word then
* we check that:
* 1) It's greater than primes[i] because we shouldn't reject
* 3 as being a prime number because it's a multiple of
* three.
* 2) That it's not a multiple of a known prime. We don't
* check that rnd-1 is also coprime to all the known
* primes because there aren't many small primes where
* that's true.
for (i = 1; i < NUMPRIMES; i++) {
/*
* check that rnd is a prime and also that
* gcd(rnd-1,primes) == 1 (except for 2)
* do the second check only if we are interested in safe primes
* in the case that the candidate prime is a single word then
* we check only the primes up to sqrt(rnd)
*/
for (i = 1; i < NUMPRIMES && primes[i] < rnd_word; i++) {
if ((mods[i] + delta) % primes[i] == 0) {
delta += 2;
if (delta > maxdelta)
goto again;
goto loop;
}
}
} else {
for (i = 1; i < NUMPRIMES; i++) {
/*
* check that rnd is not a prime and also that gcd(rnd-1,primes)
* == 1 (except for 2)
*/
if (((mods[i] + delta) % primes[i]) <= 1) {
delta += 2;
if (delta > maxdelta)
goto again;
goto loop;
}
if (bits <= 31 && delta <= 0x7fffffff
&& square(primes[i]) > BN_get_word(rnd) + delta)
break;
if (safe ? (mods[i] + delta) % primes[i] <= 1
: (mods[i] + delta) % primes[i] == 0) {
delta += safe ? 4 : 2;
if (delta > maxdelta)
goto again;
goto loop;
}
}
if (!BN_add_word(rnd, delta))
@ -352,16 +317,23 @@ static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods)
return 1;
}
int bn_probable_prime_dh(BIGNUM *rnd, int bits,
const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx)
static int probable_prime_dh(BIGNUM *rnd, int bits, int safe, prime_t *mods,
const BIGNUM *add, const BIGNUM *rem,
BN_CTX *ctx)
{
int i, ret = 0;
BIGNUM *t1;
BN_ULONG delta;
BN_ULONG maxdelta = BN_MASK2 - primes[NUMPRIMES - 1];
BN_CTX_start(ctx);
if ((t1 = BN_CTX_get(ctx)) == NULL)
goto err;
if (maxdelta > BN_MASK2 - BN_get_word(add))
maxdelta = BN_MASK2 - BN_get_word(add);
again:
if (!BN_rand(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))
goto err;
@ -372,27 +344,44 @@ int bn_probable_prime_dh(BIGNUM *rnd, int bits,
if (!BN_sub(rnd, rnd, t1))
goto err;
if (rem == NULL) {
if (!BN_add_word(rnd, 1))
if (!BN_add_word(rnd, safe ? 3u : 1u))
goto err;
} else {
if (!BN_add(rnd, rnd, rem))
goto err;
}
/* we now have a random number 'rand' to test. */
if (BN_num_bits(rnd) < bits
|| BN_get_word(rnd) < (safe ? 5u : 3u)) {
if (!BN_add(rnd, rnd, add))
goto err;
}
loop:
/* we now have a random number 'rnd' to test. */
for (i = 1; i < NUMPRIMES; i++) {
/* check that rnd is a prime */
BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]);
if (mod == (BN_ULONG)-1)
goto err;
if (mod <= 1) {
if (!BN_add(rnd, rnd, add))
goto err;
mods[i] = (prime_t) mod;
}
delta = 0;
loop:
for (i = 1; i < NUMPRIMES; i++) {
/* check that rnd is a prime */
if (bits <= 31 && delta <= 0x7fffffff
&& square(primes[i]) > BN_get_word(rnd) + delta)
break;
/* rnd mod p == 1 implies q = (rnd-1)/2 is divisible by p */
if (safe ? (mods[i] + delta) % primes[i] <= 1
: (mods[i] + delta) % primes[i] == 0) {
delta += BN_get_word(add);
if (delta > maxdelta)
goto again;
goto loop;
}
}
if (!BN_add_word(rnd, delta))
goto err;
ret = 1;
err:
@ -400,70 +389,3 @@ int bn_probable_prime_dh(BIGNUM *rnd, int bits,
bn_check_top(rnd);
return ret;
}
static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,
const BIGNUM *rem, BN_CTX *ctx)
{
int i, ret = 0;
BIGNUM *t1, *qadd, *q;
bits--;
BN_CTX_start(ctx);
t1 = BN_CTX_get(ctx);
q = BN_CTX_get(ctx);
qadd = BN_CTX_get(ctx);
if (qadd == NULL)
goto err;
if (!BN_rshift1(qadd, padd))
goto err;
if (!BN_rand(q, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))
goto err;
/* we need ((rnd-rem) % add) == 0 */
if (!BN_mod(t1, q, qadd, ctx))
goto err;
if (!BN_sub(q, q, t1))
goto err;
if (rem == NULL) {
if (!BN_add_word(q, 1))
goto err;
} else {
if (!BN_rshift1(t1, rem))
goto err;
if (!BN_add(q, q, t1))
goto err;
}
/* we now have a random number 'rand' to test. */
if (!BN_lshift1(p, q))
goto err;
if (!BN_add_word(p, 1))
goto err;
loop:
for (i = 1; i < NUMPRIMES; i++) {
/* check that p and q are prime */
/*
* check that for p and q gcd(p-1,primes) == 1 (except for 2)
*/
BN_ULONG pmod = BN_mod_word(p, (BN_ULONG)primes[i]);
BN_ULONG qmod = BN_mod_word(q, (BN_ULONG)primes[i]);
if (pmod == (BN_ULONG)-1 || qmod == (BN_ULONG)-1)
goto err;
if (pmod == 0 || qmod == 0) {
if (!BN_add(p, p, padd))
goto err;
if (!BN_add(q, q, qadd))
goto err;
goto loop;
}
}
ret = 1;
err:
BN_CTX_end(ctx);
bn_check_top(p);
return ret;
}

2
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_prime.h vendored
View file

@ -2,7 +2,7 @@
* WARNING: do not edit!
* Generated by crypto/bn/bn_prime.pl
*
* Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy

4
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_print.c vendored
View file

@ -8,11 +8,11 @@
*/
#include <stdio.h>
#include "internal/ctype.h"
#include "crypto/ctype.h"
#include <limits.h>
#include "internal/cryptlib.h"
#include <openssl/buffer.h>
#include "bn_lcl.h"
#include "bn_local.h"
static const char Hex[] = "0123456789ABCDEF";

9
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_rand.c vendored
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -10,7 +10,7 @@
#include <stdio.h>
#include <time.h>
#include "internal/cryptlib.h"
#include "bn_lcl.h"
#include "bn_local.h"
#include <openssl/rand.h>
#include <openssl/sha.h>
@ -225,8 +225,7 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
goto err;
/* We copy |priv| into a local buffer to avoid exposing its length. */
todo = sizeof(priv->d[0]) * priv->top;
if (todo > sizeof(private_bytes)) {
if (BN_bn2binpad(priv, private_bytes, sizeof(private_bytes)) < 0) {
/*
* No reasonable DSA or ECDSA key should have a private key this
* large and we don't handle this case in order to avoid leaking the
@ -235,8 +234,6 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
BNerr(BN_F_BN_GENERATE_DSA_NONCE, BN_R_PRIVATE_KEY_TOO_LARGE);
goto err;
}
memcpy(private_bytes, priv->d, todo);
memset(private_bytes + todo, 0, sizeof(private_bytes) - todo);
for (done = 0; done < num_k_bytes;) {
if (RAND_priv_bytes(random_bytes, sizeof(random_bytes)) != 1)

2
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_recp.c vendored
View file

@ -8,7 +8,7 @@
*/
#include "internal/cryptlib.h"
#include "bn_lcl.h"
#include "bn_local.h"
void BN_RECP_CTX_init(BN_RECP_CTX *recp)
{

73
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_shift.c vendored
View file

@ -9,7 +9,7 @@
#include <assert.h>
#include "internal/cryptlib.h"
#include "bn_lcl.h"
#include "bn_local.h"
int BN_lshift1(BIGNUM *r, const BIGNUM *a)
{
@ -34,12 +34,10 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a)
for (i = 0; i < a->top; i++) {
t = *(ap++);
*(rp++) = ((t << 1) | c) & BN_MASK2;
c = (t & BN_TBIT) ? 1 : 0;
}
if (c) {
*rp = 1;
r->top++;
c = t >> (BN_BITS2 - 1);
}
*rp = c;
r->top += c;
bn_check_top(r);
return 1;
}
@ -47,7 +45,7 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a)
int BN_rshift1(BIGNUM *r, const BIGNUM *a)
{
BN_ULONG *ap, *rp, t, c;
int i, j;
int i;
bn_check_top(r);
bn_check_top(a);
@ -58,23 +56,22 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a)
}
i = a->top;
ap = a->d;
j = i - (ap[i - 1] == 1);
if (a != r) {
if (bn_wexpand(r, j) == NULL)
if (bn_wexpand(r, i) == NULL)
return 0;
r->neg = a->neg;
}
rp = r->d;
r->top = i;
t = ap[--i];
c = (t & 1) ? BN_TBIT : 0;
if (t >>= 1)
rp[i] = t;
rp[i] = t >> 1;
c = t << (BN_BITS2 - 1);
r->top -= (t == 1);
while (i > 0) {
t = ap[--i];
rp[i] = ((t >> 1) & BN_MASK2) | c;
c = (t & 1) ? BN_TBIT : 0;
c = t << (BN_BITS2 - 1);
}
r->top = j;
if (!r->top)
r->neg = 0; /* don't allow negative zero */
bn_check_top(r);
@ -152,57 +149,19 @@ int bn_lshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n)
int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
{
int i, j, nw, lb, rb;
BN_ULONG *t, *f;
BN_ULONG l, tmp;
bn_check_top(r);
bn_check_top(a);
int ret = 0;
if (n < 0) {
BNerr(BN_F_BN_RSHIFT, BN_R_INVALID_SHIFT);
return 0;
}
nw = n / BN_BITS2;
rb = n % BN_BITS2;
lb = BN_BITS2 - rb;
if (nw >= a->top || a->top == 0) {
BN_zero(r);
return 1;
}
i = (BN_num_bits(a) - n + (BN_BITS2 - 1)) / BN_BITS2;
if (r != a) {
if (bn_wexpand(r, i) == NULL)
return 0;
r->neg = a->neg;
} else {
if (n == 0)
return 1; /* or the copying loop will go berserk */
}
ret = bn_rshift_fixed_top(r, a, n);
f = &(a->d[nw]);
t = r->d;
j = a->top - nw;
r->top = i;
if (rb == 0) {
for (i = j; i != 0; i--)
*(t++) = *(f++);
} else {
l = *(f++);
for (i = j - 1; i != 0; i--) {
tmp = (l >> rb) & BN_MASK2;
l = *(f++);
*(t++) = (tmp | (l << lb)) & BN_MASK2;
}
if ((l = (l >> rb) & BN_MASK2))
*(t) = l;
}
if (!r->top)
r->neg = 0; /* don't allow negative zero */
bn_correct_top(r);
bn_check_top(r);
return 1;
return ret;
}
/*

2
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_sqr.c vendored
View file

@ -8,7 +8,7 @@
*/
#include "internal/cryptlib.h"
#include "bn_lcl.h"
#include "bn_local.h"
/* r must not be a */
/*

7
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_sqrt.c vendored
View file

@ -1,5 +1,5 @@
/*
* Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -8,7 +8,7 @@
*/
#include "internal/cryptlib.h"
#include "bn_lcl.h"
#include "bn_local.h"
BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
/*
@ -125,7 +125,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
* = a.
*
* (This is due to A.O.L. Atkin,
* <URL: http://listserv.nodak.edu/scripts/wa.exe?A2=ind9211&L=nmbrthry&O=T&P=562>,
* Subject: Square Roots and Cognate Matters modulo p=8n+5.
* URL: https://listserv.nodak.edu/cgi-bin/wa.exe?A2=ind9211&L=NMBRTHRY&P=4026
* November 1992.)
*/

4
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_srp.c vendored
View file

@ -7,13 +7,13 @@
* https://www.openssl.org/source/license.html
*/
#include "bn_lcl.h"
#include "bn_local.h"
#include "internal/nelem.h"
#ifndef OPENSSL_NO_SRP
#include <openssl/srp.h>
#include "internal/bn_srp.h"
#include "crypto/bn_srp.h"
# if (BN_BYTES == 8)
# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)

2
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_word.c vendored
View file

@ -8,7 +8,7 @@
*/
#include "internal/cryptlib.h"
#include "bn_lcl.h"
#include "bn_local.h"
BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w)
{

2
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_x931p.c vendored
View file

@ -9,7 +9,7 @@
#include <stdio.h>
#include <openssl/bn.h>
#include "bn_lcl.h"
#include "bn_local.h"
/* X9.31 routines for prime derivation */

1
trunk/3rdparty/openssl-1.1-fit/crypto/bn/build.info vendored
View file

@ -6,7 +6,6 @@ SOURCE[../../libcrypto]=\
{- $target{bn_asm_src} -} \
bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
bn_depr.c bn_const.c bn_x931p.c bn_intern.c bn_dh.c bn_srp.c
INCLUDE[../../libcrypto]=../../crypto/include
INCLUDE[bn_exp.o]=..

4
trunk/3rdparty/openssl-1.1-fit/crypto/bn/rsaz_exp.h vendored
View file

@ -12,8 +12,8 @@
* (2) University of Haifa, Israel
*/
#ifndef RSAZ_EXP_H
# define RSAZ_EXP_H
#ifndef OSSL_CRYPTO_BN_RSAZ_EXP_H
# define OSSL_CRYPTO_BN_RSAZ_EXP_H
# undef RSAZ_ENABLED
# if defined(OPENSSL_BN_ASM_MONT) && \